- action should be a DNSAction
- duration is the duration of the block, in seconds
- clientIPMask indicates whether the exact IP address should be blocked (32 for IPv4, 128 for IPv6) or if a range should be used instead, by indicating the number of bits of the address to consider
- - clientIPPort indicates It is also possible to take the IPv4 UDP and TCP ports into account, for CGNAT deployments, by setting the number of bits of the port to consider. For example passing 2 as the last parameter, which only makes sense if the previous parameters are respectively 32 and 128, will split a given IP address into four port ranges: 0-16383, 16384-32767, 32768-49151 and 49152-65535.
+ - clientIPPort indicates It is also possible to take the IPv4 UDP and TCP ports into account, for CGNAT deployments, by setting the number of bits of the port to consider. For example passing 2 as the last parameter, which only makes sense if the previous parameters are respectively 32 and 128, will split a given IP address into four port ranges: 0-16383, 16384-32767, 32768-49151 and 49152-65535
+ - tagKey is the name of the tag set if the action is SetTag
+ - tagValue is the value of the tag set if the action is SetTag
*/
-bool dnsdist_ffi_dynamic_blocks_add(const char* address, const char* message, uint8_t action, unsigned int duration, uint8_t clientIPMask, uint8_t clientIPPortMask) __attribute__ ((visibility ("default")));
-bool dnsdist_ffi_dynamic_blocks_smt_add(const char* suffix, const char* message, uint8_t action, unsigned int duration) __attribute__ ((visibility ("default")));
+bool dnsdist_ffi_dynamic_blocks_add(const char* address, const char* message, uint8_t action, unsigned int duration, uint8_t clientIPMask, uint8_t clientIPPortMask, const char* tagKey, const char* tagValue) __attribute__ ((visibility ("default")));
+bool dnsdist_ffi_dynamic_blocks_smt_add(const char* suffix, const char* message, uint8_t action, unsigned int duration, const char* tagKey, const char* tagValue) __attribute__ ((visibility ("default")));
typedef struct dnsdist_ffi_dynamic_block_entry {
char* key; /* Client IP for NMT blocks, domain name for SMT ones */
}
#ifndef DISABLE_DYNBLOCKS
-bool dnsdist_ffi_dynamic_blocks_add(const char* address, const char* message, uint8_t action, unsigned int duration, uint8_t clientIPMask, uint8_t clientIPPortMask)
+bool dnsdist_ffi_dynamic_blocks_add(const char* address, const char* message, uint8_t action, unsigned int duration, uint8_t clientIPMask, uint8_t clientIPPortMask, const char* tagKey, const char* tagValue)
{
try {
ComboAddress clientIPCA;
until.tv_sec += duration;
DynBlock dblock{message, until, DNSName(), static_cast<DNSAction::Action>(action)};
auto slow = g_dynblockNMG.getCopy();
-#warning FIXME: need to handle tags
+ if (dblock.action == DNSAction::Action::SetTag && tagKey != nullptr) {
+ dblock.tagSettings = std::make_shared<DynBlock::TagSettings>();
+ dblock.tagSettings->d_name = tagKey;
+ if (tagValue != nullptr) {
+ dblock.tagSettings->d_value = tagValue;
+ }
+ }
if (dnsdist::DynamicBlocks::addOrRefreshBlock(slow, now, target, std::move(dblock), false)) {
g_dynblockNMG.setState(slow);
return true;
return false;
}
-bool dnsdist_ffi_dynamic_blocks_smt_add(const char* suffix, const char* message, uint8_t action, unsigned int duration)
+bool dnsdist_ffi_dynamic_blocks_smt_add(const char* suffix, const char* message, uint8_t action, unsigned int duration, const char* tagKey, const char* tagValue)
{
try {
DNSName domain;
until.tv_sec += duration;
DynBlock dblock{message, until, domain, static_cast<DNSAction::Action>(action)};
auto slow = g_dynblockSMT.getCopy();
-#warning FIXME: need to handle tags
+ if (dblock.action == DNSAction::Action::SetTag && tagKey != nullptr) {
+ dblock.tagSettings = std::make_shared<DynBlock::TagSettings>();
+ dblock.tagSettings->d_name = tagKey;
+ if (tagValue != nullptr) {
+ dblock.tagSettings->d_value = tagValue;
+ }
+ }
if (dnsdist::DynamicBlocks::addOrRefreshBlockSMT(slow, now, std::move(dblock), false)) {
g_dynblockSMT.setState(slow);
return true;
}
DynBlock(const DynBlock& rhs) :
- reason(rhs.reason), domain(rhs.domain), until(rhs.until), action(rhs.action), warning(rhs.warning), bpf(rhs.bpf)
+ reason(rhs.reason), domain(rhs.domain), until(rhs.until), tagSettings(rhs.tagSettings), action(rhs.action), warning(rhs.warning), bpf(rhs.bpf)
{
blocks.store(rhs.blocks);
}
DynBlock(DynBlock&& rhs) :
- reason(std::move(rhs.reason)), domain(std::move(rhs.domain)), until(rhs.until), action(rhs.action), warning(rhs.warning), bpf(rhs.bpf)
+ reason(std::move(rhs.reason)), domain(std::move(rhs.domain)), until(rhs.until), tagSettings(std::move(rhs.tagSettings)), action(rhs.action), warning(rhs.warning), bpf(rhs.bpf)
{
blocks.store(rhs.blocks);
}
blocks.store(rhs.blocks);
warning = rhs.warning;
bpf = rhs.bpf;
- if (rhs.tagSettings != nullptr) {
- tagSettings = std::make_unique<TagSettings>(*rhs.tagSettings);
- }
+ tagSettings = rhs.tagSettings;
return *this;
}
projects / thirdparty / pdns.git / commitdiff
