From b2f485cb5c4baa7e7d074c5cd9bc32a4b95dcd0e Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Mon, 3 Feb 2025 12:34:06 +0100 Subject: [PATCH 1/3] dnsdist: Document that RE2 does full matching, add regression tests --- pdns/dnsdistdist/docs/reference/selectors.rst | 2 +- regression-tests.dnsdist/test_RE2.py | 50 +++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 regression-tests.dnsdist/test_RE2.py diff --git a/pdns/dnsdistdist/docs/reference/selectors.rst b/pdns/dnsdistdist/docs/reference/selectors.rst index 2830f68dd4cf..13c706de8976 100644 --- a/pdns/dnsdistdist/docs/reference/selectors.rst +++ b/pdns/dnsdistdist/docs/reference/selectors.rst @@ -331,7 +331,7 @@ Selectors can be combined via :func:`AndRule`, :func:`OrRule` and :func:`NotRule .. function:: RE2Rule(regex) - Matches the query name against the supplied regex using the RE2 engine. + Matches the query name against the supplied regex using the RE2 engine. Note that this rule requires a full match of the query name, meaning that for example the ``powerdns`` expression with match a query name of ``powerdns`` but not ``prefixpowerdns``, ``sub.powerdns``, ``powerdnssuffix`` or ``powerdns.tld``. In short, the expression is treated as if it started with a ``^`` and ended with a ``$``. For an example of usage, see :func:`RegexRule`. diff --git a/regression-tests.dnsdist/test_RE2.py b/regression-tests.dnsdist/test_RE2.py new file mode 100644 index 000000000000..4a658bfed513 --- /dev/null +++ b/regression-tests.dnsdist/test_RE2.py @@ -0,0 +1,50 @@ +#!/usr/bin/env python +import dns +from dnsdisttests import DNSDistTest + +class TestRE2(DNSDistTest): + _config_template = """ + newServer{address="127.0.0.1:%d"} + + -- keep in mind this is a FULL match, as if the expression started with + -- a '^' and ended with a '$' + addAction(RE2Rule("re2\\\\.tests\\\\.powerdns\\\\.com"), RCodeAction(DNSRCode.REFUSED)) + """ + + def testMatch(self): + """ + RE2: Match + """ + name = 're2.tests.powerdns.com.' + query = dns.message.make_query(name, 'A', 'IN') + query.flags &= ~dns.flags.RD + expectedResponse = dns.message.make_response(query) + expectedResponse.set_rcode(dns.rcode.REFUSED) + + for method in ("sendUDPQuery", "sendTCPQuery"): + sender = getattr(self, method) + (_, receivedResponse) = sender(query, response=None, useQueue=False) + self.assertEqual(receivedResponse, expectedResponse) + + def testNoMatch(self): + """ + RE2: No match + """ + name = 'sub.re2.tests.powerdns.com.' + query = dns.message.make_query(name, 'A', 'IN') + query.flags &= ~dns.flags.RD + response = dns.message.make_response(query) + rrset = dns.rrset.from_text(name, + 3600, + dns.rdataclass.IN, + dns.rdatatype.A, + '127.0.0.1') + + response.answer.append(rrset) + + for method in ("sendUDPQuery", "sendTCPQuery"): + sender = getattr(self, method) + (receivedQuery, receivedResponse) = sender(query, response=response) + receivedQuery.id = query.id + self.assertEqual(receivedQuery, query) + self.assertEqual(receivedResponse, response) From 709b1fb9247393474388bd5742144065c4961cfa Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Mon, 3 Feb 2025 13:23:34 +0100 Subject: [PATCH 2/3] dnsdist: Apply Miod's suggestions to the selectors doc Co-authored-by: Miod Vallat --- pdns/dnsdistdist/docs/reference/selectors.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pdns/dnsdistdist/docs/reference/selectors.rst b/pdns/dnsdistdist/docs/reference/selectors.rst index 13c706de8976..abae49d00614 100644 --- a/pdns/dnsdistdist/docs/reference/selectors.rst +++ b/pdns/dnsdistdist/docs/reference/selectors.rst @@ -331,7 +331,7 @@ Selectors can be combined via :func:`AndRule`, :func:`OrRule` and :func:`NotRule .. function:: RE2Rule(regex) - Matches the query name against the supplied regex using the RE2 engine. Note that this rule requires a full match of the query name, meaning that for example the ``powerdns`` expression with match a query name of ``powerdns`` but not ``prefixpowerdns``, ``sub.powerdns``, ``powerdnssuffix`` or ``powerdns.tld``. In short, the expression is treated as if it started with a ``^`` and ended with a ``$``. + Matches the query name against the supplied regex using the RE2 engine. Note that this rule requires a full match of the query name, meaning that for example the ``powerdns`` expression will match a query name of ``powerdns`` but neither``prefixpowerdns``, ``sub.powerdns``, ``powerdnssuffix`` nor ``powerdns.tld``. In short, the expression is processed as if it started with a ``^`` and ended with a ``$``. For an example of usage, see :func:`RegexRule`. From 6718461fdee3bc8a277e3c656783a7346006a860 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Mon, 3 Feb 2025 14:21:12 +0100 Subject: [PATCH 3/3] dnsdist: Add spell-checking patterns --- .github/actions/spell-check/expect.txt | 2 ++ .github/actions/spell-check/patterns.txt | 3 +++ 2 files changed, 5 insertions(+) diff --git a/.github/actions/spell-check/expect.txt b/.github/actions/spell-check/expect.txt index 2fdef92fa165..851f849ecb97 100644 --- a/.github/actions/spell-check/expect.txt +++ b/.github/actions/spell-check/expect.txt @@ -1051,9 +1051,11 @@ postinst postresolve powerdnsrecursor powerdnssec +powerdnssuffix powerldap pqpp Predota +prefixpowerdns preoutquery Preproc prepublishkeyroll diff --git a/.github/actions/spell-check/patterns.txt b/.github/actions/spell-check/patterns.txt index ef5150ce515d..b154295b075c 100644 --- a/.github/actions/spell-check/patterns.txt +++ b/.github/actions/spell-check/patterns.txt @@ -186,3 +186,6 @@ DoH # Twitter status \btwitter\.com/[^/\s"')]*(?:/status/\d+(?:\?[-_0-9a-zA-Z&=]*|)|) + +# LaTex instructions in our RST documentation +\\\w{2,}\{