dnsdist: Make dynamic rules holders static

diff --git a/pdns/dnsdistdist/dnsdist-async.cc b/pdns/dnsdistdist/dnsdist-async.cc
index 0424abe8a0d560ef82a9f7daf7747f6d50408171..b76622b84c97075d544f1e27e25e74650e44f385 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-async.cc
+++ b/pdns/dnsdistdist/dnsdist-async.cc
@@ -283,9 +283,8 @@ bool resumeQuery(std::unique_ptr<CrossProtocolQuery>&& query)
   }
 
   DNSQuestion dnsQuestion = query->getDQ();
-  LocalHolders holders;
 
-  auto result = processQueryAfterRules(dnsQuestion, holders, query->downstream);
+  auto result = processQueryAfterRules(dnsQuestion, query->downstream);
   if (result == ProcessQueryResult::Drop) {
     /* easy */
     return true;

diff --git a/pdns/dnsdistdist/dnsdist-dynblocks.cc b/pdns/dnsdistdist/dnsdist-dynblocks.cc
index 4a451efd97d5de3e03f54da1669f607bc3313b6e..1891fb9a168c509a1dff4099d03c633c7a1edc43 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-dynblocks.cc
+++ b/pdns/dnsdistdist/dnsdist-dynblocks.cc
@@ -1,10 +1,10 @@
-
 #include "dnsdist.hh"
 #include "dnsdist-dynblocks.hh"
 #include "dnsdist-metrics.hh"
+#include "sholder.hh"
 
-GlobalStateHolder<NetmaskTree<DynBlock, AddressAndPortRange>> g_dynblockNMG;
-GlobalStateHolder<SuffixMatchTree<DynBlock>> g_dynblockSMT;
+static GlobalStateHolder<ClientAddressDynamicRules> s_dynblockNMG;
+static GlobalStateHolder<SuffixDynamicRules> s_dynblockSMT;
 
 #ifndef DISABLE_DYNBLOCKS
 void DynBlockRulesGroup::apply(const timespec& now)
@@ -28,7 +28,7 @@ void DynBlockRulesGroup::apply(const timespec& now)
     return;
   }
 
-  boost::optional<NetmaskTree<DynBlock, AddressAndPortRange>> blocks;
+  boost::optional<ClientAddressDynamicRules> blocks;
   bool updated = false;
 
   for (const auto& entry : counts) {
@@ -114,7 +114,7 @@ void DynBlockRulesGroup::apply(const timespec& now)
   }
 
   if (updated && blocks) {
-    g_dynblockNMG.setState(std::move(*blocks));
+    s_dynblockNMG.setState(std::move(*blocks));
   }
 
   applySMT(now, statNodeRoot);
@@ -156,7 +156,7 @@ void DynBlockRulesGroup::applySMT(const struct timespec& now, StatNode& statNode
 
   if (!namesToBlock.empty()) {
     updated = false;
-    SuffixMatchTree<DynBlock> smtBlocks = g_dynblockSMT.getCopy();
+    auto smtBlocks = dnsdist::DynamicBlocks::getSuffixDynamicRulesCopy();
     for (auto& [name, parameters] : namesToBlock) {
       if (parameters.d_reason || parameters.d_action) {
         DynBlockRule rule(d_suffixMatchRule);
@@ -173,7 +173,7 @@ void DynBlockRulesGroup::applySMT(const struct timespec& now, StatNode& statNode
       }
     }
     if (updated) {
-      g_dynblockSMT.setState(std::move(smtBlocks));
+      s_dynblockSMT.setState(std::move(smtBlocks));
     }
   }
 }
@@ -213,7 +213,7 @@ static DNSAction::Action getActualAction(const DynBlock& block)
 
 namespace dnsdist::DynamicBlocks
 {
-bool addOrRefreshBlock(NetmaskTree<DynBlock, AddressAndPortRange>& blocks, const timespec& now, const AddressAndPortRange& requestor, DynBlock&& dblock, bool beQuiet)
+bool addOrRefreshBlock(ClientAddressDynamicRules& blocks, const timespec& now, const AddressAndPortRange& requestor, DynBlock&& dblock, bool beQuiet)
 {
   unsigned int count = 0;
   bool expired = false;
@@ -278,7 +278,7 @@ bool addOrRefreshBlock(NetmaskTree<DynBlock, AddressAndPortRange>& blocks, const
   return true;
 }
 
-bool addOrRefreshBlockSMT(SuffixMatchTree<DynBlock>& blocks, const timespec& now, DynBlock&& dblock, bool beQuiet)
+bool addOrRefreshBlockSMT(SuffixDynamicRules& blocks, const timespec& now, DynBlock&& dblock, bool beQuiet)
 {
   unsigned int count = 0;
   /* be careful, if you try to insert a longer suffix
@@ -316,7 +316,7 @@ bool addOrRefreshBlockSMT(SuffixMatchTree<DynBlock>& blocks, const timespec& now
 }
 }
 
-void DynBlockRulesGroup::addOrRefreshBlock(boost::optional<NetmaskTree<DynBlock, AddressAndPortRange>>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning)
+void DynBlockRulesGroup::addOrRefreshBlock(boost::optional<ClientAddressDynamicRules>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning)
 {
   /* network exclusions are address-based only (no port) */
   if (d_excludedSubnets.match(requestor.getNetwork())) {
@@ -332,7 +332,7 @@ void DynBlockRulesGroup::addOrRefreshBlock(boost::optional<NetmaskTree<DynBlock,
     dblock.tagSettings = rule.d_tagSettings;
   }
   if (!blocks) {
-    blocks = g_dynblockNMG.getCopy();
+    blocks = dnsdist::DynamicBlocks::getClientAddressDynamicRulesCopy();
   }
 
   updated = dnsdist::DynamicBlocks::addOrRefreshBlock(*blocks, now, requestor, std::move(dblock), d_beQuiet);
@@ -346,7 +346,7 @@ void DynBlockRulesGroup::addOrRefreshBlock(boost::optional<NetmaskTree<DynBlock,
   }
 }
 
-void DynBlockRulesGroup::addOrRefreshBlockSMT(SuffixMatchTree<DynBlock>& blocks, const struct timespec& now, const DNSName& name, const DynBlockRule& rule, bool& updated)
+void DynBlockRulesGroup::addOrRefreshBlockSMT(SuffixDynamicRules& blocks, const struct timespec& now, const DNSName& name, const DynBlockRule& rule, bool& updated)
 {
   if (d_excludedDomains.check(name)) {
     /* do not add a block for excluded domains */
@@ -493,7 +493,7 @@ void DynBlockMaintenance::purgeExpired(const struct timespec& now)
   // since the block happens in kernel space.
   uint64_t bpfBlocked = 0;
   {
-    auto blocks = g_dynblockNMG.getLocal();
+    auto blocks = s_dynblockNMG.getLocal();
     std::vector<AddressAndPortRange> toRemove;
     for (const auto& entry : *blocks) {
       if (!(now < entry.second.until)) {
@@ -516,29 +516,29 @@ void DynBlockMaintenance::purgeExpired(const struct timespec& now)
       }
     }
     if (!toRemove.empty()) {
-      auto updated = g_dynblockNMG.getCopy();
+      auto updated = dnsdist::DynamicBlocks::getClientAddressDynamicRulesCopy();
       for (const auto& entry : toRemove) {
         updated.erase(entry);
       }
-      g_dynblockNMG.setState(std::move(updated));
+      s_dynblockNMG.setState(std::move(updated));
       dnsdist::metrics::g_stats.dynBlocked += bpfBlocked;
     }
   }
 
   {
     std::vector<DNSName> toRemove;
-    auto blocks = g_dynblockSMT.getLocal();
-    blocks->visit([&toRemove, now](const SuffixMatchTree<DynBlock>& node) {
+    auto blocks = s_dynblockSMT.getLocal();
+    blocks->visit([&toRemove, now](const SuffixDynamicRules& node) {
       if (!(now < node.d_value.until)) {
         toRemove.push_back(node.d_value.domain);
       }
     });
     if (!toRemove.empty()) {
-      auto updated = g_dynblockSMT.getCopy();
+      auto updated = dnsdist::DynamicBlocks::getSuffixDynamicRulesCopy();
       for (const auto& entry : toRemove) {
         updated.remove(entry);
       }
-      g_dynblockSMT.setState(std::move(updated));
+      s_dynblockSMT.setState(std::move(updated));
     }
   }
 }
@@ -550,7 +550,7 @@ std::map<std::string, std::list<std::pair<AddressAndPortRange, unsigned int>>> D
     return results;
   }
 
-  auto blocks = g_dynblockNMG.getLocal();
+  auto blocks = s_dynblockNMG.getLocal();
   for (const auto& entry : *blocks) {
     auto& topsForReason = results[entry.second.reason];
     uint64_t value = entry.second.blocks.load();
@@ -583,8 +583,8 @@ std::map<std::string, std::list<std::pair<DNSName, unsigned int>>> DynBlockMaint
     return results;
   }
 
-  auto blocks = g_dynblockSMT.getLocal();
-  blocks->visit([&results, topN](const SuffixMatchTree<DynBlock>& node) {
+  auto blocks = s_dynblockSMT.getLocal();
+  blocks->visit([&results, topN](const SuffixDynamicRules& node) {
     auto& topsForReason = results[node.d_value.reason];
     if (topsForReason.size() < topN || topsForReason.front().second < node.d_value.blocks) {
       auto newEntry = std::pair(node.d_value.domain, node.d_value.blocks.load());
@@ -992,4 +992,52 @@ std::string DynBlockRulesGroup::DynBlockCacheMissRatioRule::toString() const
   return result.str();
 }
 
+namespace dnsdist::DynamicBlocks
+{
+const ClientAddressDynamicRules& getClientAddressDynamicRules()
+{
+  static thread_local auto t_localRules = s_dynblockNMG.getLocal();
+  return *t_localRules;
+}
+
+ClientAddressDynamicRules getClientAddressDynamicRulesCopy()
+{
+  return s_dynblockNMG.getCopy();
+}
+
+const SuffixDynamicRules& getSuffixDynamicRules()
+{
+  static thread_local auto t_localRules = s_dynblockSMT.getLocal();
+  return *t_localRules;
+}
+
+SuffixDynamicRules getSuffixDynamicRulesCopy()
+{
+  return s_dynblockSMT.getCopy();
+}
+
+void setClientAddressDynamicRules(ClientAddressDynamicRules&& rules)
+{
+  s_dynblockNMG.setState(std::move(rules));
+}
+
+void setSuffixDynamicRules(SuffixDynamicRules&& rules)
+{
+  s_dynblockSMT.setState(std::move(rules));
+}
+
+void clearClientAddressDynamicRules()
+{
+  ClientAddressDynamicRules emptyNMG;
+  setClientAddressDynamicRules(std::move(emptyNMG));
+}
+
+void clearSuffixDynamicRules()
+{
+  SuffixDynamicRules emptySMT;
+  setSuffixDynamicRules(std::move(emptySMT));
+}
+
+}
+
 #endif /* DISABLE_DYNBLOCKS */

diff --git a/pdns/dnsdistdist/dnsdist-dynblocks.hh b/pdns/dnsdistdist/dnsdist-dynblocks.hh
index d0a75ae3c737c006a82b02461ed43cd5293a2a67..9a644b798352eb34e4f7933afa2aac6adbd1059c 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-dynblocks.hh
+++ b/pdns/dnsdistdist/dnsdist-dynblocks.hh
@@ -69,6 +69,8 @@ struct dnsdist_ffi_stat_node_t
 };
 
 using dnsdist_ffi_dynamic_block_inserted_hook = std::function<void(uint8_t type, const char* key, const char* reason, uint8_t action, uint64_t duration, bool warning)>;
+using ClientAddressDynamicRules = NetmaskTree<DynBlock, AddressAndPortRange>;
+using SuffixDynamicRules = SuffixMatchTree<DynBlock>;
 
 class DynBlockRulesGroup
 {
@@ -290,15 +292,15 @@ private:
   void applySMT(const struct timespec& now, StatNode& statNodeRoot);
   bool checkIfQueryTypeMatches(const Rings::Query& query);
   bool checkIfResponseCodeMatches(const Rings::Response& response);
-  void addOrRefreshBlock(boost::optional<NetmaskTree<DynBlock, AddressAndPortRange>>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning);
-  void addOrRefreshBlockSMT(SuffixMatchTree<DynBlock>& blocks, const struct timespec& now, const DNSName& name, const DynBlockRule& rule, bool& updated);
+  void addOrRefreshBlock(boost::optional<ClientAddressDynamicRules>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning);
+  void addOrRefreshBlockSMT(SuffixDynamicRules& blocks, const struct timespec& now, const DNSName& name, const DynBlockRule& rule, bool& updated);
 
-  void addBlock(boost::optional<NetmaskTree<DynBlock, AddressAndPortRange>>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated)
+  void addBlock(boost::optional<ClientAddressDynamicRules>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated)
   {
     addOrRefreshBlock(blocks, now, requestor, rule, updated, false);
   }
 
-  void handleWarning(boost::optional<NetmaskTree<DynBlock, AddressAndPortRange>>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated)
+  void handleWarning(boost::optional<ClientAddressDynamicRules>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated)
   {
     addOrRefreshBlock(blocks, now, requestor, rule, updated, true);
   }
@@ -383,7 +385,16 @@ private:
 
 namespace dnsdist::DynamicBlocks
 {
-bool addOrRefreshBlock(NetmaskTree<DynBlock, AddressAndPortRange>& blocks, const timespec& now, const AddressAndPortRange& requestor, DynBlock&& dblock, bool beQuiet);
-bool addOrRefreshBlockSMT(SuffixMatchTree<DynBlock>& blocks, const timespec& now, DynBlock&& dblock, bool beQuiet);
+bool addOrRefreshBlock(ClientAddressDynamicRules& blocks, const timespec& now, const AddressAndPortRange& requestor, DynBlock&& dblock, bool beQuiet);
+bool addOrRefreshBlockSMT(SuffixDynamicRules& blocks, const timespec& now, DynBlock&& dblock, bool beQuiet);
+
+const ClientAddressDynamicRules& getClientAddressDynamicRules();
+const SuffixDynamicRules& getSuffixDynamicRules();
+ClientAddressDynamicRules getClientAddressDynamicRulesCopy();
+SuffixDynamicRules getSuffixDynamicRulesCopy();
+void setClientAddressDynamicRules(ClientAddressDynamicRules&& rules);
+void setSuffixDynamicRules(SuffixDynamicRules&& rules);
+void clearClientAddressDynamicRules();
+void clearSuffixDynamicRules();
 }
 #endif /* DISABLE_DYNBLOCKS */

diff --git a/pdns/dnsdistdist/dnsdist-lua-ffi.cc b/pdns/dnsdistdist/dnsdist-lua-ffi.cc
index bb2b518f9233b401e1134f84c6b61ae2e86980ad..9d4f0e2953bc889a2ee4cc275b06f3798303046c 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-lua-ffi.cc
+++ b/pdns/dnsdistdist/dnsdist-lua-ffi.cc
@@ -1862,7 +1862,8 @@ bool dnsdist_ffi_dynamic_blocks_add(const char* address, const char* message, ui
     timespec until{now};
     until.tv_sec += duration;
     DynBlock dblock{message, until, DNSName(), static_cast<DNSAction::Action>(action)};
-    auto slow = g_dynblockNMG.getCopy();
+
+    auto dynamicRules = dnsdist::DynamicBlocks::getClientAddressDynamicRulesCopy();
     if (dblock.action == DNSAction::Action::SetTag && tagKey != nullptr) {
       dblock.tagSettings = std::make_shared<DynBlock::TagSettings>();
       dblock.tagSettings->d_name = tagKey;
@@ -1870,8 +1871,8 @@ bool dnsdist_ffi_dynamic_blocks_add(const char* address, const char* message, ui
         dblock.tagSettings->d_value = tagValue;
       }
     }
-    if (dnsdist::DynamicBlocks::addOrRefreshBlock(slow, now, target, std::move(dblock), false)) {
-      g_dynblockNMG.setState(slow);
+    if (dnsdist::DynamicBlocks::addOrRefreshBlock(dynamicRules, now, target, std::move(dblock), false)) {
+      dnsdist::DynamicBlocks::setClientAddressDynamicRules(std::move(dynamicRules));
       return true;
     }
   }
@@ -1909,7 +1910,7 @@ bool dnsdist_ffi_dynamic_blocks_smt_add(const char* suffix, const char* message,
     timespec until{now};
     until.tv_sec += duration;
     DynBlock dblock{message, until, domain, static_cast<DNSAction::Action>(action)};
-    auto slow = g_dynblockSMT.getCopy();
+    auto smtBlocks = dnsdist::DynamicBlocks::getSuffixDynamicRulesCopy();
     if (dblock.action == DNSAction::Action::SetTag && tagKey != nullptr) {
       dblock.tagSettings = std::make_shared<DynBlock::TagSettings>();
       dblock.tagSettings->d_name = tagKey;
@@ -1917,8 +1918,8 @@ bool dnsdist_ffi_dynamic_blocks_smt_add(const char* suffix, const char* message,
         dblock.tagSettings->d_value = tagValue;
       }
     }
-    if (dnsdist::DynamicBlocks::addOrRefreshBlockSMT(slow, now, std::move(dblock), false)) {
-      g_dynblockSMT.setState(slow);
+    if (dnsdist::DynamicBlocks::addOrRefreshBlockSMT(smtBlocks, now, std::move(dblock), false)) {
+      dnsdist::DynamicBlocks::setSuffixDynamicRules(std::move(smtBlocks));
       return true;
     }
   }
@@ -1947,13 +1948,11 @@ size_t dnsdist_ffi_dynamic_blocks_get_entries(dnsdist_ffi_dynamic_blocks_list_t*
 
   auto list = std::make_unique<dnsdist_ffi_dynamic_blocks_list_t>();
 
-  struct timespec now
-  {
-  };
+  timespec now{};
   gettime(&now);
 
-  auto fullCopy = g_dynblockNMG.getCopy();
-  for (const auto& entry : fullCopy) {
+  const auto& dynamicRules = dnsdist::DynamicBlocks::getClientAddressDynamicRules();
+  for (const auto& entry : dynamicRules) {
     const auto& client = entry.first;
     const auto& details = entry.second;
     if (!(now < details.until)) {
@@ -1980,14 +1979,12 @@ size_t dnsdist_ffi_dynamic_blocks_smt_get_entries(dnsdist_ffi_dynamic_blocks_lis
 
   auto list = std::make_unique<dnsdist_ffi_dynamic_blocks_list_t>();
 
-  struct timespec now
-  {
-  };
+  timespec now{};
   gettime(&now);
 
   const auto defaultAction = dnsdist::configuration::getCurrentRuntimeConfiguration().d_dynBlockAction;
-  auto fullCopy = g_dynblockSMT.getCopy();
-  fullCopy.visit([&now, &list, defaultAction](const SuffixMatchTree<DynBlock>& node) {
+  const auto& smtBlocks = dnsdist::DynamicBlocks::getSuffixDynamicRules();
+  smtBlocks.visit([&now, &list, defaultAction](const SuffixMatchTree<DynBlock>& node) {
     if (!(now < node.d_value.until)) {
       return;
     }

diff --git a/pdns/dnsdistdist/dnsdist-lua-inspection.cc b/pdns/dnsdistdist/dnsdist-lua-inspection.cc
index 0ba7de7489d81b4dbb98a7d3f356c8f2169fa0b3..ff3ba6090927db4fa9ad619a0918903926da2a2a 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-lua-inspection.cc
+++ b/pdns/dnsdistdist/dnsdist-lua-inspection.cc
@@ -1071,7 +1071,7 @@ void setupLuaInspection(LuaContext& luaCtx)
                          parseDynamicActionOptionalParameters("addDynBlockSMT", rule, action, optionalParameters);
 
                          bool needUpdate = false;
-                         auto slow = g_dynblockSMT.getCopy();
+                         auto smtBlocks = dnsdist::DynamicBlocks::getSuffixDynamicRulesCopy();
                          for (const auto& capair : names) {
                            DNSName domain(capair.second);
                            domain.makeUsLowerCase();
@@ -1079,13 +1079,13 @@ void setupLuaInspection(LuaContext& luaCtx)
                            until.tv_sec += actualSeconds;
                            DynBlock dblock{msg, until, domain, action ? *action : DNSAction::Action::None};
                            dblock.tagSettings = rule.d_tagSettings;
-                           if (dnsdist::DynamicBlocks::addOrRefreshBlockSMT(slow, now, std::move(dblock), false)) {
+                           if (dnsdist::DynamicBlocks::addOrRefreshBlockSMT(smtBlocks, now, std::move(dblock), false)) {
                              needUpdate = true;
                            }
                          }
 
                          if (needUpdate) {
-                           g_dynblockSMT.setState(slow);
+                           dnsdist::DynamicBlocks::setSuffixDynamicRules(std::move(smtBlocks));
                          }
                        });
 
@@ -1124,9 +1124,9 @@ void setupLuaInspection(LuaContext& luaCtx)
                          DynBlock dblock{msg, until, DNSName(), action ? *action : DNSAction::Action::None};
                          dblock.tagSettings = rule.d_tagSettings;
 
-                         auto slow = g_dynblockNMG.getCopy();
-                         if (dnsdist::DynamicBlocks::addOrRefreshBlock(slow, now, target, std::move(dblock), false)) {
-                           g_dynblockNMG.setState(slow);
+                         auto dynamicRules = dnsdist::DynamicBlocks::getClientAddressDynamicRulesCopy();
+                         if (dnsdist::DynamicBlocks::addOrRefreshBlock(dynamicRules, now, target, std::move(dblock), false)) {
+                           dnsdist::DynamicBlocks::setClientAddressDynamicRules(std::move(dynamicRules));
                          }
                        });
 #endif /* DISABLE_DYNBLOCKS */

diff --git a/pdns/dnsdistdist/dnsdist-lua.cc b/pdns/dnsdistdist/dnsdist-lua.cc
index 3df251aceccbab61c7e953fdcfb632d7db1e4a7c..99d4d708fd8aeae7826617e14337733a41aed925 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-lua.cc
+++ b/pdns/dnsdistdist/dnsdist-lua.cc
@@ -1594,12 +1594,12 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
   luaCtx.writeFunction("showDynBlocks", []() {
     setLuaNoSideEffect();
     const auto dynBlockDefaultAction = dnsdist::configuration::getCurrentRuntimeConfiguration().d_dynBlockAction;
-    auto slow = g_dynblockNMG.getCopy();
+    const auto& clientAddressDynamicRules = dnsdist::DynamicBlocks::getClientAddressDynamicRules();
     timespec now{};
     gettime(&now);
     boost::format fmt("%-24s %8d %8d %-10s %-20s %-10s %s\n");
     g_outputBuffer = (fmt % "What" % "Seconds" % "Blocks" % "Warning" % "Action" % "eBPF" % "Reason").str();
-    for (const auto& entry : slow) {
+    for (const auto& entry : clientAddressDynamicRules) {
       if (now < entry.second.until) {
         uint64_t counter = entry.second.blocks;
         if (g_defaultBPFFilter && entry.second.bpf) {
@@ -1608,8 +1608,8 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
         g_outputBuffer += (fmt % entry.first.toString() % (entry.second.until.tv_sec - now.tv_sec) % counter % (entry.second.warning ? "true" : "false") % DNSAction::typeToString(entry.second.action != DNSAction::Action::None ? entry.second.action : dynBlockDefaultAction) % (g_defaultBPFFilter && entry.second.bpf ? "*" : "") % entry.second.reason).str();
       }
     }
-    auto slow2 = g_dynblockSMT.getCopy();
-    slow2.visit([&now, &fmt, dynBlockDefaultAction](const SuffixMatchTree<DynBlock>& node) {
+    const auto& suffixDynamicRules = dnsdist::DynamicBlocks::getSuffixDynamicRules();
+    suffixDynamicRules.visit([&now, &fmt, dynBlockDefaultAction](const SuffixMatchTree<DynBlock>& node) {
       if (now < node.d_value.until) {
         string dom("empty");
         if (!node.d_value.domain.empty()) {
@@ -1627,8 +1627,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
 
     LuaAssociativeTable<DynBlock> entries;
     const auto defaultAction = dnsdist::configuration::getCurrentRuntimeConfiguration().d_dynBlockAction;
-    auto fullCopy = g_dynblockNMG.getCopy();
-    for (const auto& blockPair : fullCopy) {
+    for (const auto& blockPair : dnsdist::DynamicBlocks::getClientAddressDynamicRules()) {
       const auto& requestor = blockPair.first;
       if (!(now < blockPair.second.until)) {
         continue;
@@ -1652,8 +1651,8 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
 
     LuaAssociativeTable<DynBlock> entries;
     const auto defaultAction = dnsdist::configuration::getCurrentRuntimeConfiguration().d_dynBlockAction;
-    auto fullCopy = g_dynblockSMT.getCopy();
-    fullCopy.visit([&now, &entries, defaultAction](const SuffixMatchTree<DynBlock>& node) {
+    const auto& suffixDynamicRules = dnsdist::DynamicBlocks::getSuffixDynamicRules();
+    suffixDynamicRules.visit([&now, &entries, defaultAction](const SuffixMatchTree<DynBlock>& node) {
       if (!(now < node.d_value.until)) {
         return;
       }
@@ -1672,10 +1671,8 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
 
   luaCtx.writeFunction("clearDynBlocks", []() {
     setLuaSideEffect();
-    nmts_t nmg;
-    g_dynblockNMG.setState(nmg);
-    SuffixMatchTree<DynBlock> smt;
-    g_dynblockSMT.setState(smt);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
+    dnsdist::DynamicBlocks::clearSuffixDynamicRules();
   });
 
 #ifndef DISABLE_DEPRECATED_DYNBLOCK
@@ -1685,7 +1682,8 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
                            return;
                          }
                          setLuaSideEffect();
-                         auto slow = g_dynblockNMG.getCopy();
+                         auto dynamicRules = dnsdist::DynamicBlocks::getClientAddressDynamicRulesCopy();
+
                          timespec now{};
                          gettime(&now);
                          timespec until{now};
@@ -1695,7 +1693,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
                            unsigned int count = 0;
                            /* this legacy interface does not support ranges or ports, use DynBlockRulesGroup instead */
                            AddressAndPortRange requestor(capair.first, capair.first.isIPv4() ? 32 : 128, 0);
-                           auto* got = slow.lookup(requestor);
+                           auto* got = dynamicRules.lookup(requestor);
                            bool expired = false;
                            if (got != nullptr) {
                              if (until < got->second.until) {
@@ -1715,9 +1713,9 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
                            if (got == nullptr || expired) {
                              warnlog("Inserting dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg);
                            }
-                           slow.insert(requestor).second = std::move(dblock);
+                           dynamicRules.insert(requestor).second = std::move(dblock);
                          }
-                         g_dynblockNMG.setState(slow);
+                         dnsdist::DynamicBlocks::setClientAddressDynamicRules(std::move(dynamicRules));
                        });
 
   luaCtx.writeFunction("setDynBlocksAction", [](DNSAction::Action action) {

diff --git a/pdns/dnsdistdist/dnsdist-metrics.cc b/pdns/dnsdistdist/dnsdist-metrics.cc
index d47236ea8b60aca39a96f6379ab0f8c516735985..3c8986d0568c058cd59222bb3b4489b4c5b601dd 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-metrics.cc
+++ b/pdns/dnsdistdist/dnsdist-metrics.cc
@@ -23,6 +23,7 @@
 
 #include "dnsdist-metrics.hh"
 #include "dnsdist.hh"
+#include "dnsdist-dynblocks.hh"
 #include "dnsdist-web.hh"
 
 namespace dnsdist::metrics
@@ -145,7 +146,7 @@ Stats::Stats() :
     {"cpu-user-msec", getCPUTimeUser},
     {"fd-usage", getOpenFileDescriptors},
     {"dyn-blocked", &dynBlocked},
-    {"dyn-block-nmg-size", [](const std::string&) { return g_dynblockNMG.getLocal()->size(); }},
+    {"dyn-block-nmg-size", [](const std::string&) { return dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(); }},
     {"security-status", &securityStatus},
     {"doh-query-pipe-full", &dohQueryPipeFull},
     {"doh-response-pipe-full", &dohResponsePipeFull},

diff --git a/pdns/dnsdistdist/dnsdist-snmp.cc b/pdns/dnsdistdist/dnsdist-snmp.cc
index 4da79ca72409a93405b3758cdd6aa591d90ad570..593f1045c5e4c24526a4a967b673d6a45b05f7c9 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-snmp.cc
+++ b/pdns/dnsdistdist/dnsdist-snmp.cc
@@ -1,5 +1,6 @@
 
 #include "dnsdist-snmp.hh"
+#include "dnsdist-dynblocks.hh"
 #include "dnsdist-metrics.hh"
 #include "dolog.hh"
 
@@ -597,7 +598,7 @@ DNSDistSNMPAgent::DNSDistSNMPAgent(const std::string& name, const std::string& d
   registerGauge64Stat("cpuUserMSec", cpuUserMSecOID, &getCPUTimeUser);
   registerGauge64Stat("cpuSysMSec", cpuSysMSecOID, &getCPUTimeSystem);
   registerGauge64Stat("fdUsage", fdUsageOID, &getOpenFileDescriptors);
-  registerGauge64Stat("dynBlockedNMGSize", dynBlockedNMGSizeOID, [](const std::string&) { return g_dynblockNMG.getLocal()->size(); });
+  registerGauge64Stat("dynBlockedNMGSize", dynBlockedNMGSizeOID, [](const std::string&) { return dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(); });
   registerGauge64Stat("securityStatus", securityStatusOID, [](const std::string&) { return dnsdist::metrics::g_stats.securityStatus.load(); });
   registerGauge64Stat("realMemoryUsage", realMemoryUsageOID, &getRealMemoryUsage);
 

diff --git a/pdns/dnsdistdist/dnsdist-tcp-upstream.hh b/pdns/dnsdistdist/dnsdist-tcp-upstream.hh
index 44992284d01944d09147635b6fdca077edd400ff..df177c877825b7fb44507e86514209d94393abed 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-tcp-upstream.hh
+++ b/pdns/dnsdistdist/dnsdist-tcp-upstream.hh
@@ -14,7 +14,6 @@ public:
   {
   }
 
-  LocalHolders holders;
   std::unique_ptr<FDMultiplexer> mplexer{nullptr};
   pdns::channel::Receiver<ConnectionInfo> queryReceiver;
   pdns::channel::Receiver<CrossProtocolQuery> crossProtocolQueryReceiver;

diff --git a/pdns/dnsdistdist/dnsdist-tcp.cc b/pdns/dnsdistdist/dnsdist-tcp.cc
index ef695d21121469dc9a7341b70845cf85fd1e5bae..e5f9fcdb0a885ff2a4382f394bfda6fc44ccf5da 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-tcp.cc
+++ b/pdns/dnsdistdist/dnsdist-tcp.cc
@@ -735,7 +735,7 @@ IncomingTCPConnectionState::QueryProcessingResult IncomingTCPConnectionState::ha
   }
 
   std::shared_ptr<DownstreamState> backend;
-  auto result = processQuery(dnsQuestion, d_threadData.holders, backend);
+  auto result = processQuery(dnsQuestion, backend);
 
   if (result == ProcessQueryResult::Asynchronous) {
     /* we are done for now */

diff --git a/pdns/dnsdistdist/dnsdist-web.cc b/pdns/dnsdistdist/dnsdist-web.cc
index 7fcaad5f468fe2139f34c5293e06e50c0969f4e7..787c225bca3097c26989435cd54e8c86ce21b76d 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-web.cc
+++ b/pdns/dnsdistdist/dnsdist-web.cc
@@ -990,10 +990,10 @@ static void handleJSONStats(const YaHTTP::Request& req, YaHTTP::Response& resp)
   else if (command == "dynblocklist") {
     Json::object obj;
 #ifndef DISABLE_DYNBLOCKS
-    auto nmg = g_dynblockNMG.getLocal();
     timespec now{};
     gettime(&now);
-    for (const auto& entry : *nmg) {
+    const auto& dynamicClientAddressRules = dnsdist::DynamicBlocks::getClientAddressDynamicRules();
+    for (const auto& entry : dynamicClientAddressRules) {
       if (!(now < entry.second.until)) {
         continue;
       }
@@ -1011,8 +1011,8 @@ static void handleJSONStats(const YaHTTP::Request& req, YaHTTP::Response& resp)
       obj.emplace(entry.first.toString(), thing);
     }
 
-    auto smt = g_dynblockSMT.getLocal();
-    smt->visit([&now, &obj, &runtimeConfig](const SuffixMatchTree<DynBlock>& node) {
+    const auto& dynamicSuffixRules = dnsdist::DynamicBlocks::getSuffixDynamicRules();
+    dynamicSuffixRules.visit([&now, &obj, &runtimeConfig](const SuffixMatchTree<DynBlock>& node) {
       if (!(now < node.d_value.until)) {
         return;
       }
@@ -1048,8 +1048,8 @@ static void handleJSONStats(const YaHTTP::Request& req, YaHTTP::Response& resp)
       }
     }
     if (g_defaultBPFFilter) {
-      auto nmg = g_dynblockNMG.getLocal();
-      for (const auto& entry : *nmg) {
+      const auto& dynamicClientAddressRules = dnsdist::DynamicBlocks::getClientAddressDynamicRules();
+      for (const auto& entry : dynamicClientAddressRules) {
         if (!(now < entry.second.until) || !entry.second.bpf) {
           continue;
         }

diff --git a/pdns/dnsdistdist/dnsdist-xsk.cc b/pdns/dnsdistdist/dnsdist-xsk.cc
index 0099bfa04424b4caf25412795b2c7b7f85de204d..5572ce61e102d499353546948a5e74db23d265fd 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-xsk.cc
+++ b/pdns/dnsdistdist/dnsdist-xsk.cc
@@ -194,14 +194,13 @@ void XskClientThread(ClientState* clientState)
 {
   setThreadName("dnsdist/xskClient");
   auto xskInfo = clientState->xskInfo;
-  LocalHolders holders;
 
   for (;;) {
     while (!xskInfo->hasIncomingFrames()) {
       xskInfo->waitForXskSocket();
     }
     xskInfo->processIncomingFrames([&](XskPacket& packet) {
-      if (XskProcessQuery(*clientState, holders, packet)) {
+      if (XskProcessQuery(*clientState, packet)) {
         packet.updatePacket();
         xskInfo->pushToSendQueue(packet);
       }

diff --git a/pdns/dnsdistdist/dnsdist-xsk.hh b/pdns/dnsdistdist/dnsdist-xsk.hh
index bea39984b3c346e8b8d010c2f4041bd741da0913..4a08533d3a16905c7eac5c04f8a0f2ac7d94ecdc 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-xsk.hh
+++ b/pdns/dnsdistdist/dnsdist-xsk.hh
@@ -34,7 +34,7 @@ namespace dnsdist::xsk
 {
 void XskResponderThread(std::shared_ptr<DownstreamState> dss, std::shared_ptr<XskWorker> xskInfo);
 bool XskIsQueryAcceptable(const XskPacket& packet, ClientState& clientState, bool& expectProxyProtocol);
-bool XskProcessQuery(ClientState& clientState, LocalHolders& holders, XskPacket& packet);
+bool XskProcessQuery(ClientState& clientState, XskPacket& packet);
 void XskRouter(std::shared_ptr<XskSocket> xsk);
 void XskClientThread(ClientState* clientState);
 void addDestinationAddress(const ComboAddress& addr);

diff --git a/pdns/dnsdistdist/dnsdist.cc b/pdns/dnsdistdist/dnsdist.cc
index c884b90c8998fcb878b4b5dd0920c3692e342990..c2e1e4e192fc501c0edddabd89c16af96deea39a 100644 (file)
--- a/pdns/dnsdistdist/dnsdist.cc
+++ b/pdns/dnsdistdist/dnsdist.cc
@@ -1030,7 +1030,7 @@ static bool applyRulesChainToQuery(const std::vector<dnsdist::rules::RuleAction>
   return !drop;
 }
 
-static bool applyRulesToQuery(LocalHolders& holders, DNSQuestion& dnsQuestion, const timespec& now)
+static bool applyRulesToQuery(DNSQuestion& dnsQuestion, const timespec& now)
 {
   if (g_rings.shouldRecordQueries()) {
     g_rings.insertQuery(now, dnsQuestion.ids.origRemote, dnsQuestion.ids.qname, dnsQuestion.ids.qtype, dnsQuestion.getData().size(), *dnsQuestion.getHeader(), dnsQuestion.getProtocol());
@@ -1067,7 +1067,7 @@ static bool applyRulesToQuery(LocalHolders& holders, DNSQuestion& dnsQuestion, c
   };
 
   /* the Dynamic Block mechanism supports address and port ranges, so we need to pass the full address and port */
-  if (auto* got = holders.dynNMGBlock->lookup(AddressAndPortRange(dnsQuestion.ids.origRemote, dnsQuestion.ids.origRemote.isIPv4() ? 32 : 128, 16))) {
+  if (auto* got = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(dnsQuestion.ids.origRemote, dnsQuestion.ids.origRemote.isIPv4() ? 32 : 128, 16))) {
     auto updateBlockStats = [&got]() {
       ++dnsdist::metrics::g_stats.dynBlocked;
       got->second.blocks++;
@@ -1144,7 +1144,7 @@ static bool applyRulesToQuery(LocalHolders& holders, DNSQuestion& dnsQuestion, c
     }
   }
 
-  if (auto* got = holders.dynSMTBlock->lookup(dnsQuestion.ids.qname)) {
+  if (auto* got = dnsdist::DynamicBlocks::getSuffixDynamicRules().lookup(dnsQuestion.ids.qname)) {
     auto updateBlockStats = [&got]() {
       ++dnsdist::metrics::g_stats.dynBlocked;
       got->blocks++;
@@ -1262,7 +1262,7 @@ ssize_t udpClientSendRequestToBackend(const std::shared_ptr<DownstreamState>& ba
   return result;
 }
 
-static bool isUDPQueryAcceptable(ClientState& clientState, LocalHolders& holders, const struct msghdr* msgh, const ComboAddress& remote, ComboAddress& dest, bool& expectProxyProtocol)
+static bool isUDPQueryAcceptable(ClientState& clientState, const struct msghdr* msgh, const ComboAddress& remote, ComboAddress& dest, bool& expectProxyProtocol)
 {
   if ((msgh->msg_flags & MSG_TRUNC) != 0) {
     /* message was too large for our buffer */
@@ -1448,7 +1448,7 @@ static void selectBackendForOutgoingQuery(DNSQuestion& dnsQuestion, const std::s
   selectedBackend = policy.getSelectedBackend(*servers, dnsQuestion);
 }
 
-ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, LocalHolders& holders, std::shared_ptr<DownstreamState>& selectedBackend)
+ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, std::shared_ptr<DownstreamState>& selectedBackend)
 {
   const uint16_t queryId = ntohs(dnsQuestion.getHeader()->id);
 
@@ -1681,7 +1681,7 @@ std::unique_ptr<CrossProtocolQuery> getUDPCrossProtocolQueryFromDQ(DNSQuestion&
   return std::make_unique<UDPCrossProtocolQuery>(std::move(dnsQuestion.getMutableData()), std::move(dnsQuestion.ids), nullptr);
 }
 
-ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, LocalHolders& holders, std::shared_ptr<DownstreamState>& selectedBackend)
+ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, std::shared_ptr<DownstreamState>& selectedBackend)
 {
   const uint16_t queryId = ntohs(dnsQuestion.getHeader()->id);
 
@@ -1698,10 +1698,10 @@ ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, LocalHolders& holders,
         header.qr = true;
         return true;
       });
-      return processQueryAfterRules(dnsQuestion, holders, selectedBackend);
+      return processQueryAfterRules(dnsQuestion, selectedBackend);
     }
 
-    if (!applyRulesToQuery(holders, dnsQuestion, now)) {
+    if (!applyRulesToQuery(dnsQuestion, now)) {
       return ProcessQueryResult::Drop;
     }
 
@@ -1709,7 +1709,7 @@ ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, LocalHolders& holders,
       return ProcessQueryResult::Asynchronous;
     }
 
-    return processQueryAfterRules(dnsQuestion, holders, selectedBackend);
+    return processQueryAfterRules(dnsQuestion, selectedBackend);
   }
   catch (const std::exception& e) {
     vinfolog("Got an error while parsing a %s query from %s, id %d: %s", (dnsQuestion.overTCP() ? "TCP" : "UDP"), dnsQuestion.ids.origRemote.toStringWithPort(), queryId, e.what());
@@ -1783,7 +1783,7 @@ bool assignOutgoingUDPQueryToBackend(std::shared_ptr<DownstreamState>& downstrea
   return true;
 }
 
-static void processUDPQuery(ClientState& clientState, LocalHolders& holders, const struct msghdr* msgh, const ComboAddress& remote, ComboAddress& dest, PacketBuffer& query, std::vector<mmsghdr>* responsesVect, unsigned int* queuedResponses, struct iovec* respIOV, cmsgbuf_aligned* respCBuf)
+static void processUDPQuery(ClientState& clientState, const struct msghdr* msgh, const ComboAddress& remote, ComboAddress& dest, PacketBuffer& query, std::vector<mmsghdr>* responsesVect, unsigned int* queuedResponses, struct iovec* respIOV, cmsgbuf_aligned* respCBuf)
 {
   assert(responsesVect == nullptr || (queuedResponses != nullptr && respIOV != nullptr && respCBuf != nullptr));
   uint16_t queryId = 0;
@@ -1795,7 +1795,7 @@ static void processUDPQuery(ClientState& clientState, LocalHolders& holders, con
 
   try {
     bool expectProxyProtocol = false;
-    if (!isUDPQueryAcceptable(clientState, holders, msgh, remote, dest, expectProxyProtocol)) {
+    if (!isUDPQueryAcceptable(clientState, msgh, remote, dest, expectProxyProtocol)) {
       return;
     }
     /* dest might have been updated, if we managed to harvest the destination address */
@@ -1861,7 +1861,7 @@ static void processUDPQuery(ClientState& clientState, LocalHolders& holders, con
     }
 
     std::shared_ptr<DownstreamState> backend{nullptr};
-    auto result = processQuery(dnsQuestion, holders, backend);
+    auto result = processQuery(dnsQuestion, backend);
 
     if (result == ProcessQueryResult::Drop || result == ProcessQueryResult::Asynchronous) {
       return;
@@ -1917,7 +1917,7 @@ static void processUDPQuery(ClientState& clientState, LocalHolders& holders, con
 #ifdef HAVE_XSK
 namespace dnsdist::xsk
 {
-bool XskProcessQuery(ClientState& clientState, LocalHolders& holders, XskPacket& packet)
+bool XskProcessQuery(ClientState& clientState, XskPacket& packet)
 {
   uint16_t queryId = 0;
   const auto& remote = packet.getFromAddr();
@@ -1984,7 +1984,7 @@ bool XskProcessQuery(ClientState& clientState, LocalHolders& holders, XskPacket&
       dnsQuestion.proxyProtocolValues = make_unique<std::vector<ProxyProtocolValue>>(std::move(proxyProtocolValues));
     }
     std::shared_ptr<DownstreamState> backend{nullptr};
-    auto result = processQuery(dnsQuestion, holders, backend);
+    auto result = processQuery(dnsQuestion, backend);
 
     if (result == ProcessQueryResult::Drop) {
       return false;
@@ -2045,7 +2045,7 @@ bool XskProcessQuery(ClientState& clientState, LocalHolders& holders, XskPacket&
 
 #ifndef DISABLE_RECVMMSG
 #if defined(HAVE_RECVMMSG) && defined(HAVE_SENDMMSG) && defined(MSG_WAITFORONE)
-static void MultipleMessagesUDPClientThread(ClientState* clientState, LocalHolders& holders)
+static void MultipleMessagesUDPClientThread(ClientState* clientState)
 {
   struct MMReceiver
   {
@@ -2117,7 +2117,7 @@ static void MultipleMessagesUDPClientThread(ClientState* clientState, LocalHolde
       }
 
       recvData[msgIdx].packet.resize(got);
-      processUDPQuery(*clientState, holders, msgh, remote, recvData[msgIdx].dest, recvData[msgIdx].packet, &outMsgVec, &msgsToSend, &recvData[msgIdx].iov, &recvData[msgIdx].cbuf);
+      processUDPQuery(*clientState, msgh, remote, recvData[msgIdx].dest, recvData[msgIdx].packet, &outMsgVec, &msgsToSend, &recvData[msgIdx].iov, &recvData[msgIdx].cbuf);
     }
 
     /* immediate (not delayed or sent to a backend) responses (mostly from a rule, dynamic block
@@ -2140,11 +2140,10 @@ static void udpClientThread(std::vector<ClientState*> states)
 {
   try {
     setThreadName("dnsdist/udpClie");
-    LocalHolders holders;
 #ifndef DISABLE_RECVMMSG
 #if defined(HAVE_RECVMMSG) && defined(HAVE_SENDMMSG) && defined(MSG_WAITFORONE)
     if (dnsdist::configuration::getImmutableConfiguration().d_udpVectorSize > 1) {
-      MultipleMessagesUDPClientThread(states.at(0), holders);
+      MultipleMessagesUDPClientThread(states.at(0));
     }
     else
 #endif /* defined(HAVE_RECVMMSG) && defined(HAVE_SENDMMSG) && defined(MSG_WAITFORONE) */
@@ -2169,7 +2168,7 @@ static void udpClientThread(std::vector<ClientState*> states)
       ComboAddress remote;
       ComboAddress dest;
 
-      auto handleOnePacket = [&packet, &iov, &holders, &msgh, &remote, &dest, initialBufferSize](const UDPStateParam& param) {
+      auto handleOnePacket = [&packet, &iov, &msgh, &remote, &dest, initialBufferSize](const UDPStateParam& param) {
         packet.resize(initialBufferSize);
         iov.iov_base = &packet.at(0);
         iov.iov_len = packet.size();
@@ -2184,7 +2183,7 @@ static void udpClientThread(std::vector<ClientState*> states)
 
         packet.resize(static_cast<size_t>(got));
 
-        processUDPQuery(*param.cs, holders, &msgh, remote, dest, packet, nullptr, nullptr, nullptr, nullptr);
+        processUDPQuery(*param.cs, &msgh, remote, dest, packet, nullptr, nullptr, nullptr, nullptr);
       };
 
       std::vector<UDPStateParam> params;

diff --git a/pdns/dnsdistdist/dnsdist.hh b/pdns/dnsdistdist/dnsdist.hh
index ed528cd7ab558b3be3ea7564134f74e80967db93..f131ab8f876297cb3ec5b3db616f95398bb8f5be 100644 (file)
--- a/pdns/dnsdistdist/dnsdist.hh
+++ b/pdns/dnsdistdist/dnsdist.hh
@@ -52,7 +52,6 @@
 #include "misc.hh"
 #include "mplexer.hh"
 #include "noinitvector.hh"
-#include "sholder.hh"
 #include "tcpiohandler.hh"
 #include "uuid-utils.hh"
 #include "proxy-protocol.hh"
@@ -274,8 +273,6 @@ struct DynBlock
   bool bpf{false};
 };
 
-extern GlobalStateHolder<NetmaskTree<DynBlock, AddressAndPortRange>> g_dynblockNMG;
-
 using pdns::stat_t;
 
 class BasicQPSLimiter
@@ -1023,8 +1020,6 @@ enum ednsHeaderFlags
   EDNS_HEADER_FLAG_DO = 32768
 };
 
-extern GlobalStateHolder<SuffixMatchTree<DynBlock>> g_dynblockSMT;
-
 extern std::vector<shared_ptr<TLSFrontend>> g_tlslocals;
 extern std::vector<shared_ptr<DOHFrontend>> g_dohlocals;
 extern std::vector<shared_ptr<DOQFrontend>> g_doqlocals;
@@ -1059,19 +1054,8 @@ enum class ProcessQueryResult : uint8_t
 
 #include "dnsdist-rule-chains.hh"
 
-struct LocalHolders
-{
-  LocalHolders() :
-    dynNMGBlock(g_dynblockNMG.getLocal()), dynSMTBlock(g_dynblockSMT.getLocal())
-  {
-  }
-
-  LocalStateHolder<NetmaskTree<DynBlock, AddressAndPortRange>> dynNMGBlock;
-  LocalStateHolder<SuffixMatchTree<DynBlock>> dynSMTBlock;
-};
-
-ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, LocalHolders& holders, std::shared_ptr<DownstreamState>& selectedBackend);
-ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, LocalHolders& holders, std::shared_ptr<DownstreamState>& selectedBackend);
+ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, std::shared_ptr<DownstreamState>& selectedBackend);
+ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, std::shared_ptr<DownstreamState>& selectedBackend);
 bool processResponse(PacketBuffer& response, DNSResponse& dnsResponse, bool muted);
 bool processRulesResult(const DNSAction::Action& action, DNSQuestion& dnsQuestion, std::string& ruleresult, bool& drop);
 bool processResponseAfterRules(PacketBuffer& response, DNSResponse& dnsResponse, bool muted);

diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc
index ef96639a708f2fb4eda672027e482e6e9c2c2164..6fb5b2939cdc2d256e34c58d5fbab6e235d1a761 100644 (file)
--- a/pdns/dnsdistdist/doh.cc
+++ b/pdns/dnsdistdist/doh.cc
@@ -207,7 +207,6 @@ struct DOHServerConfig
   DOHServerConfig& operator=(DOHServerConfig&&) = delete;
   ~DOHServerConfig() = default;
 
-  LocalHolders holders;
   std::set<std::string, std::less<>> paths;
   h2o_globalconf_t h2o_config{};
   h2o_context_t h2o_ctx{};
@@ -696,7 +695,6 @@ static void processDOHQuery(DOHUnitUniquePtr&& unit, bool inMainThread = false)
 
     remote = ids.origRemote;
     DOHServerConfig* dsc = unit->dsc;
-    auto& holders = dsc->holders;
     ClientState& clientState = *dsc->clientState;
 
     if (unit->query.size() < sizeof(dnsheader) || unit->query.size() > std::numeric_limits<uint16_t>::max()) {
@@ -757,7 +755,7 @@ static void processDOHQuery(DOHUnitUniquePtr&& unit, bool inMainThread = false)
     ids.cs = &clientState;
     dnsQuestion.sni = std::move(unit->sni);
     ids.du = std::move(unit);
-    auto result = processQuery(dnsQuestion, holders, downstream);
+    auto result = processQuery(dnsQuestion, downstream);
 
     if (result == ProcessQueryResult::Drop) {
       unit = getDUFromIDS(ids);

diff --git a/pdns/dnsdistdist/doh3.cc b/pdns/dnsdistdist/doh3.cc
index 39df3bfaae152c4b0fc3c92790f00f3ab8fe141b..661e9c61822366d885c376138cfdf3025a846000 100644 (file)
--- a/pdns/dnsdistdist/doh3.cc
+++ b/pdns/dnsdistdist/doh3.cc
@@ -96,7 +96,6 @@ struct DOH3ServerConfig
 
   using ConnectionsMap = std::map<PacketBuffer, H3Connection>;
 
-  LocalHolders holders;
   ConnectionsMap d_connections;
   QuicheConfig config;
   QuicheHTTP3Config http3config;
@@ -488,7 +487,6 @@ static void processDOH3Query(DOH3UnitUniquePtr&& doh3Unit)
 
     remote = unit->ids.origRemote;
     DOH3ServerConfig* dsc = unit->dsc;
-    auto& holders = dsc->holders;
     ClientState& clientState = *dsc->clientState;
 
     if (!dnsdist::configuration::getCurrentRuntimeConfiguration().d_ACL.match(remote)) {
@@ -559,7 +557,7 @@ static void processDOH3Query(DOH3UnitUniquePtr&& doh3Unit)
     });
     unit->ids.cs = &clientState;
 
-    auto result = processQuery(dnsQuestion, holders, downstream);
+    auto result = processQuery(dnsQuestion, downstream);
     if (result == ProcessQueryResult::Drop) {
       unit->status_code = 403;
       handleImmediateResponse(std::move(unit), "DoH3 dropped query");

diff --git a/pdns/dnsdistdist/doq.cc b/pdns/dnsdistdist/doq.cc
index f535b1c5c06307a31317539fb2d0d303f710afc2..661fe5c2b5f96885be1aa95a1e3876d3f22277f0 100644 (file)
--- a/pdns/dnsdistdist/doq.cc
+++ b/pdns/dnsdistdist/doq.cc
@@ -91,7 +91,6 @@ struct DOQServerConfig
 
   using ConnectionsMap = std::map<PacketBuffer, Connection>;
 
-  LocalHolders holders;
   ConnectionsMap d_connections;
   QuicheConfig config;
   ClientState* clientState{nullptr};
@@ -409,7 +408,6 @@ static void processDOQQuery(DOQUnitUniquePtr&& doqUnit)
 
     remote = unit->ids.origRemote;
     DOQServerConfig* dsc = unit->dsc;
-    auto& holders = dsc->holders;
     ClientState& clientState = *dsc->clientState;
 
     if (!dnsdist::configuration::getCurrentRuntimeConfiguration().d_ACL.match(remote)) {
@@ -476,7 +474,7 @@ static void processDOQQuery(DOQUnitUniquePtr&& doqUnit)
     });
     unit->ids.cs = &clientState;
 
-    auto result = processQuery(dnsQuestion, holders, downstream);
+    auto result = processQuery(dnsQuestion, downstream);
     if (result == ProcessQueryResult::Drop) {
       handleImmediateResponse(std::move(unit), "DoQ dropped query");
       return;

diff --git a/pdns/dnsdistdist/test-dnsdist_cc.cc b/pdns/dnsdistdist/test-dnsdist_cc.cc
index 233afb94499af159973f756b739dde1ddf5d88b1..0dfba46297924040d99b7f8cc904fcd182be7a81 100644 (file)
--- a/pdns/dnsdistdist/test-dnsdist_cc.cc
+++ b/pdns/dnsdistdist/test-dnsdist_cc.cc
@@ -43,7 +43,7 @@
 #include "ednscookies.hh"
 #include "ednssubnet.hh"
 
-ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, LocalHolders& holders, std::shared_ptr<DownstreamState>& selectedBackend)
+ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, std::shared_ptr<DownstreamState>& selectedBackend)
 {
   return ProcessQueryResult::Drop;
 }
@@ -85,7 +85,7 @@ bool DNSDistSNMPAgent::sendBackendStatusChangeTrap([[maybe_unused]] DownstreamSt
 #ifdef HAVE_XSK
 namespace dnsdist::xsk
 {
-bool XskProcessQuery(ClientState& clientState, LocalHolders& holders, XskPacket& packet)
+bool XskProcessQuery(ClientState& clientState, XskPacket& packet)
 {
   return false;
 }

diff --git a/pdns/dnsdistdist/test-dnsdistdynblocks_hh.cc b/pdns/dnsdistdist/test-dnsdistdynblocks_hh.cc
index 0bcbb98128957e014dbd33ca9dcf19525ee1e717..f8d46b383a4e0f755bbb9a6828ebea03e2390387 100644 (file)
--- a/pdns/dnsdistdist/test-dnsdistdynblocks_hh.cc
+++ b/pdns/dnsdistdist/test-dnsdistdynblocks_hh.cc
@@ -68,7 +68,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) {
     size_t numberOfQueries = 45 * numberOfSeconds;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol);
@@ -80,8 +80,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 
   {
@@ -90,7 +90,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) {
     size_t numberOfQueries = (50 * numberOfSeconds) + 1;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol);
@@ -99,10 +99,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr);
-    const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second;
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr);
+    const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second;
     BOOST_CHECK_EQUAL(block.reason, reason);
     BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
     BOOST_CHECK(block.domain.empty());
@@ -115,7 +115,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) {
     /* clear the rings and dynamic blocks */
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     /* Insert 100 qps from a given client in the last 10s
        this should trigger the rule */
@@ -132,10 +132,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries * numberOfSeconds);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
 
     /* now we clean up the dynamic blocks, simulating an admin removing the block */
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
     /* we apply the rules again, but as if we were 20s in the future.
        Since we have a time windows of 10s nothing should be added,
        regardless of the number of queries
@@ -143,10 +143,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) {
     struct timespec later = now;
     later.tv_sec += 20;
     dbrg.apply(later);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
 
     /* just in case */
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     /* we apply the rules again, this tile as if we were 5s in the future.
        Since we have a time windows of 10s, and 100 qps over 5s then 0 qps over 5s
@@ -155,10 +155,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) {
     later = now;
     later.tv_sec += 5;
     dbrg.apply(later);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
 
     /* clean up */
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     /* we apply the rules again, this tile as if we were 6s in the future.
        Since we have a time windows of 10s, and 100 qps over 4s then 0 qps over 6s
@@ -167,7 +167,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) {
     later = now;
     later.tv_sec += 6;
     dbrg.apply(later);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
   }
 }
 
@@ -209,7 +209,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture)
     size_t numberOfQueries = 45 * numberOfSeconds;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol);
@@ -221,8 +221,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture)
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(requestor1, 128, 16)) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(requestor1, 128, 16)) == nullptr);
   }
 
   {
@@ -231,7 +231,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture)
     size_t numberOfQueries = (50 * numberOfSeconds) + 1;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       ComboAddress requestor("2001:db8::" + std::to_string(idx));
@@ -241,11 +241,11 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture)
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
 
     {
       /* beginning of the range should be blocked */
-      const auto& block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(requestor1, 128, 16))->second;
+      const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(requestor1, 128, 16))->second;
       BOOST_CHECK_EQUAL(block.reason, reason);
       BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
       BOOST_CHECK(block.domain.empty());
@@ -257,7 +257,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture)
     {
       /* end of the range should be blocked as well */
       ComboAddress end("2001:0db8:0000:0000:ffff:ffff:ffff:ffff");
-      const auto& block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(end, 128, 16))->second;
+      const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(end, 128, 16))->second;
       BOOST_CHECK_EQUAL(block.reason, reason);
       BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
       BOOST_CHECK(block.domain.empty());
@@ -269,7 +269,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture)
     {
       /* outside of the range should NOT */
       ComboAddress out("2001:0db8:0000:0001::0");
-      BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(out, 128, 16)) == nullptr);
+      BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(out, 128, 16)) == nullptr);
     }
   }
 }
@@ -312,7 +312,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture)
     size_t numberOfQueries = 45 * numberOfSeconds;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol);
@@ -324,8 +324,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture)
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(requestor1, 128, 16)) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(requestor1, 128, 16)) == nullptr);
   }
 
   {
@@ -334,7 +334,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture)
     size_t numberOfQueries = (50 * numberOfSeconds) + 1;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       ComboAddress requestor("192.0.2.1:" + std::to_string(idx));
@@ -344,11 +344,11 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture)
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
 
     {
       /* beginning of the port range should be blocked */
-      const auto& block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16))->second;
+      const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16))->second;
       BOOST_CHECK_EQUAL(block.reason, reason);
       BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
       BOOST_CHECK(block.domain.empty());
@@ -359,7 +359,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture)
 
     {
       /* end of the range should be blocked as well */
-      const auto& block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16383"), 32, 16))->second;
+      const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16383"), 32, 16))->second;
       BOOST_CHECK_EQUAL(block.reason, reason);
       BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
       BOOST_CHECK(block.domain.empty());
@@ -370,13 +370,13 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture)
 
     {
       /* outside of the range should not */
-      BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16384"), 32, 16)) == nullptr);
+      BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16384"), 32, 16)) == nullptr);
     }
 
     /* we (again) insert just above 50 qps from several clients the same IPv4 port range, this should update the block which will
        check by looking at the blocked counter */
     {
-      auto block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16));
+      auto block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16));
       BOOST_REQUIRE(block != nullptr);
       BOOST_CHECK_EQUAL(block->second.blocks, 0U);
       block->second.blocks = 42U;
@@ -394,16 +394,16 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture)
 
     dbrg.apply(now);
 
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
     {
       /* previous address/port should still be blocked */
-      auto block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16));
+      auto block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16));
       BOOST_REQUIRE(block != nullptr);
       BOOST_CHECK_EQUAL(block->second.blocks, 42U);
     }
 
     /* but not a different one */
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16384"), 32, 16)) == nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16384"), 32, 16)) == nullptr);
 
   }
 }
@@ -455,7 +455,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_responses, TestFixture
     size_t numberOfQueries = 45;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t timeIdx = 0; timeIdx < 100; timeIdx++) {
       struct timespec when = now;
@@ -471,8 +471,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_responses, TestFixture
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries * 100);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 }
 
@@ -509,7 +509,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) {
     size_t numberOfQueries = 45 * numberOfSeconds;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol);
@@ -517,8 +517,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 
   {
@@ -527,7 +527,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) {
     size_t numberOfQueries = 50 * numberOfSeconds + 1;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       g_rings.insertQuery(now, requestor1, qname, QType::A, size, dnsHeader, protocol);
@@ -535,8 +535,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 
   {
@@ -545,7 +545,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) {
     size_t numberOfQueries = 50 * numberOfSeconds + 1;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol);
@@ -553,10 +553,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr);
-    const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second;
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr);
+    const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second;
     BOOST_CHECK_EQUAL(block.reason, reason);
     BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
     BOOST_CHECK(block.domain.empty());
@@ -603,7 +603,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) {
     size_t numberOfResponses = 45 * numberOfSeconds;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     dnsHeader.rcode = rcode;
     for (size_t idx = 0; idx < numberOfResponses; idx++) {
@@ -612,8 +612,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), numberOfResponses);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 
   {
@@ -621,7 +621,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) {
     size_t numberOfResponses = 50 * numberOfSeconds + 1;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     dnsHeader.rcode = RCode::FormErr;
     for (size_t idx = 0; idx < numberOfResponses; idx++) {
@@ -630,8 +630,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), numberOfResponses);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 
   {
@@ -640,7 +640,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) {
     size_t numberOfResponses = 50 * numberOfSeconds + 1;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     dnsHeader.rcode = rcode;
     for (size_t idx = 0; idx < numberOfResponses; idx++) {
@@ -649,10 +649,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), numberOfResponses);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr);
-    const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second;
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr);
+    const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second;
     BOOST_CHECK_EQUAL(block.reason, reason);
     BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
     BOOST_CHECK(block.domain.empty());
@@ -698,7 +698,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) {
        this should not trigger the rule */
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     dnsHeader.rcode = rcode;
     for (size_t idx = 0; idx < 20; idx++) {
@@ -711,15 +711,15 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 100U);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 
   {
     /* insert just 50 FormErrs and nothing else, from a given client in the last 10s */
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     dnsHeader.rcode = RCode::FormErr;
     for (size_t idx = 0; idx < 50; idx++) {
@@ -728,8 +728,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 50U);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 
   {
@@ -737,7 +737,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) {
        this should trigger the rule this time */
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     dnsHeader.rcode = rcode;
     for (size_t idx = 0; idx < 21; idx++) {
@@ -750,10 +750,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 100U);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
-    BOOST_REQUIRE(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr);
-    const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second;
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
+    BOOST_REQUIRE(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr);
+    const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second;
     BOOST_CHECK_EQUAL(block.reason, reason);
     BOOST_CHECK_EQUAL(block.until.tv_sec, now.tv_sec + blockDuration);
     BOOST_CHECK(block.domain.empty());
@@ -767,7 +767,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) {
        this should NOT trigger the rule since we don't have more than 50 queries */
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     dnsHeader.rcode = rcode;
     for (size_t idx = 0; idx < 11; idx++) {
@@ -780,8 +780,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 50U);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 }
 
@@ -821,7 +821,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_ResponseByteRate, TestFixture) {
     size_t numberOfResponses = 99 * numberOfSeconds;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     dnsHeader.rcode = rcode;
     for (size_t idx = 0; idx < numberOfResponses; idx++) {
@@ -830,8 +830,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_ResponseByteRate, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), numberOfResponses);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 
   {
@@ -839,7 +839,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_ResponseByteRate, TestFixture) {
     size_t numberOfResponses = 100 * numberOfSeconds + 1;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     dnsHeader.rcode = rcode;
     for (size_t idx = 0; idx < numberOfResponses; idx++) {
@@ -848,10 +848,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_ResponseByteRate, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), numberOfResponses);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr);
-    const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second;
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr);
+    const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second;
     BOOST_CHECK_EQUAL(block.reason, reason);
     BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
     BOOST_CHECK(block.domain.empty());
@@ -900,7 +900,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) {
        this should not trigger the rule */
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < 20; idx++) {
       g_rings.insertResponse(now, requestor1, qname, qtype, responseTime, size, dnsHeader, backend, outgoingProtocol);
@@ -911,8 +911,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 100U);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 
   {
@@ -920,7 +920,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) {
        this should trigger the rule this time */
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < 51; idx++) {
       g_rings.insertResponse(now, requestor1, qname, qtype, responseTime, size, dnsHeader, backend, outgoingProtocol);
@@ -931,10 +931,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 100U);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
-    BOOST_REQUIRE(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr);
-    const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second;
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
+    BOOST_REQUIRE(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr);
+    const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second;
     BOOST_CHECK_EQUAL(block.reason, reason);
     BOOST_CHECK_EQUAL(block.until.tv_sec, now.tv_sec + blockDuration);
     BOOST_CHECK(block.domain.empty());
@@ -948,7 +948,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) {
        this should NOT trigger the rule since we don't have more than 50 queries */
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < 40; idx++) {
       g_rings.insertResponse(now, requestor1, qname, qtype, responseTime, size, dnsHeader, backend, outgoingProtocol);
@@ -959,8 +959,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 50U);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 
   /* the global cache-hit rate is too low, should not trigger */
@@ -970,7 +970,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) {
     /* insert 51 cache misses and 49 hits from a given client in the last 10s */
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < 51; idx++) {
       g_rings.insertResponse(now, requestor1, qname, qtype, responseTime, size, dnsHeader, backend, outgoingProtocol);
@@ -981,8 +981,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 100U);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_REQUIRE(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_REQUIRE(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 }
 
@@ -1019,7 +1019,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) {
     size_t numberOfQueries = 20 * numberOfSeconds;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol);
@@ -1027,8 +1027,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr);
   }
 
   {
@@ -1037,7 +1037,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) {
     size_t numberOfQueries = 20 * numberOfSeconds + 1;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol);
@@ -1045,12 +1045,12 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr);
 
     {
-      const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second;
+      const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second;
       BOOST_CHECK_EQUAL(block.reason, reason);
       BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
       BOOST_CHECK(block.domain.empty());
@@ -1073,12 +1073,12 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr);
 
     {
-      const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second;
+      const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second;
       BOOST_CHECK_EQUAL(block.reason, reason);
       BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
       BOOST_CHECK(block.domain.empty());
@@ -1102,12 +1102,12 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr);
 
     {
-      const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second;
+      const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second;
       BOOST_CHECK_EQUAL(block.reason, reason);
       /* should have been updated */
       BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
@@ -1125,7 +1125,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) {
     size_t numberOfQueries = 50 * numberOfSeconds + 1;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol);
@@ -1133,12 +1133,12 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr);
 
     {
-      const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second;
+      const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second;
       BOOST_CHECK_EQUAL(block.reason, reason);
       BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
       BOOST_CHECK(block.domain.empty());
@@ -1186,7 +1186,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Ranges, TestFixture) {
     size_t numberOfQueries = 50 * numberOfSeconds + 1;
     g_rings.clear();
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U);
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     for (size_t idx = 0; idx < numberOfQueries; idx++) {
       g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol);
@@ -1195,10 +1195,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Ranges, TestFixture) {
     BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries * 2);
 
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr);
-    BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr);
-    const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second;
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr);
+    BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr);
+    const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second;
     BOOST_CHECK_EQUAL(block.reason, reason);
     BOOST_CHECK_EQUAL(static_cast<size_t>(block.until.tv_sec), now.tv_sec + blockDuration);
     BOOST_CHECK(block.domain.empty());
@@ -1236,7 +1236,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
     DynBlockRulesGroup dbrg;
     dbrg.setQuiet(true);
     g_rings.clear();
-    g_dynblockNMG.setState(emptyNMG);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
 
     {
       /* block above 0 qps for numberOfSeconds seconds, no warning */
@@ -1253,11 +1253,11 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
 
     /* we apply the rules, all clients should be blocked */
     dbrg.apply(now);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 256U);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 256U);
 
     for (size_t idx = 0; idx < 256; idx++) {
       const ComboAddress requestor("192.0.2." + std::to_string(idx));
-      const auto& block = g_dynblockNMG.getLocal()->lookup(requestor)->second;
+      const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor)->second;
       /* simulate that:
          - .1 does 1 query
          ...
@@ -1283,7 +1283,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
     struct timespec expired = now;
     expired.tv_sec += blockDuration + 1;
     DynBlockMaintenance::purgeExpired(expired);
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
   }
 
   {
@@ -1291,8 +1291,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
     DynBlockRulesGroup dbrg;
     dbrg.setQuiet(true);
     g_rings.clear();
-    g_dynblockNMG.setState(emptyNMG);
-    g_dynblockSMT.setState(emptySMT);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
+    dnsdist::DynamicBlocks::clearSuffixDynamicRules();
 
     {
       DynBlockRulesGroup::DynBlockRule rule(reason, blockDuration, 0, 0, numberOfSeconds, action);
@@ -1315,7 +1315,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
 
     for (size_t idx = 0; idx < 256; idx++) {
       const DNSName name(DNSName(std::to_string(idx)) + qname);
-      const auto* block = g_dynblockSMT.getLocal()->lookup(name);
+      const auto* block = dnsdist::DynamicBlocks::getSuffixDynamicRules().lookup(name);
       BOOST_REQUIRE(block != nullptr);
       BOOST_REQUIRE(block->action == action);
       /* simulate that:
@@ -1343,7 +1343,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
     struct timespec expired = now;
     expired.tv_sec += blockDuration + 1;
     DynBlockMaintenance::purgeExpired(expired);
-    BOOST_CHECK(g_dynblockSMT.getLocal()->getNodes().empty());
+    BOOST_CHECK(dnsdist::DynamicBlocks::getSuffixDynamicRules().getNodes().empty());
   }
 
   {
@@ -1351,8 +1351,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
     DynBlockRulesGroup dbrg;
     dbrg.setQuiet(true);
     g_rings.clear();
-    g_dynblockNMG.setState(emptyNMG);
-    g_dynblockSMT.setState(emptySMT);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
+    dnsdist::DynamicBlocks::clearSuffixDynamicRules();
 
     {
       DynBlockRulesGroup::DynBlockRule rule(reason, blockDuration, 0, 0, numberOfSeconds, action);
@@ -1375,7 +1375,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
 
     for (size_t idx = 0; idx < 256; idx++) {
       const DNSName name(DNSName(std::to_string(idx)) + qname);
-      const auto* block = g_dynblockSMT.getLocal()->lookup(name);
+      const auto* block = dnsdist::DynamicBlocks::getSuffixDynamicRules().lookup(name);
       BOOST_REQUIRE(block != nullptr);
       BOOST_REQUIRE(block->action == DNSAction::Action::Truncate);
       /* simulate that:
@@ -1403,7 +1403,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
     struct timespec expired = now;
     expired.tv_sec += blockDuration + 1;
     DynBlockMaintenance::purgeExpired(expired);
-    BOOST_CHECK(g_dynblockSMT.getLocal()->getNodes().empty());
+    BOOST_CHECK(dnsdist::DynamicBlocks::getSuffixDynamicRules().getNodes().empty());
   }
 
 #ifdef BENCH_DYNBLOCKS
@@ -1412,8 +1412,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
     DynBlockRulesGroup dbrg;
     dbrg.setQuiet(true);
     g_rings.clear();
-    g_dynblockNMG.setState(emptyNMG);
-    g_dynblockSMT.setState(emptySMT);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
+    dnsdist::DynamicBlocks::clearSuffixDynamicRules();
 
     {
       DynBlockRulesGroup::DynBlockRule rule(reason, blockDuration, 0, 0, numberOfSeconds, action);
@@ -1457,7 +1457,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
     sw.start();
     DynBlockMaintenance::purgeExpired(expired);
     cerr<<"removed 1000000 entries in "<<std::to_string(sw.udiff()/1024)<<"ms"<<endl;
-    BOOST_CHECK_EQUAL(g_dynblockSMT.getLocal()->getNodes().size(), 0U);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getSuffixDynamicRules().getNodes().size(), 0U);
   }
 #endif
 
@@ -1467,8 +1467,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
     DynBlockRulesGroup dbrg;
     dbrg.setQuiet(true);
     g_rings.clear();
-    g_dynblockNMG.setState(emptyNMG);
-    g_dynblockSMT.setState(emptySMT);
+    dnsdist::DynamicBlocks::clearClientAddressDynamicRules();
+    dnsdist::DynamicBlocks::clearSuffixDynamicRules();
     {
       DynBlockRulesGroup::DynBlockRule rule(reason, blockDuration, 0, 0, numberOfSeconds, action);
       dbrg.setQueryRate(std::move(rule));
@@ -1492,19 +1492,19 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) {
     StopWatch sw;
     sw.start();
     dbrg.apply(now);
-    cerr<<"added "<<g_dynblockNMG.getLocal()->size()<<" entries in "<<std::to_string(sw.udiff()/1024)<<"ms"<<endl;
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1000000U);
+    cerr<<"added "<<dnsdist::DynamicBlocks::getClientAddressDynamicRules().size()<<" entries in "<<std::to_string(sw.udiff()/1024)<<"ms"<<endl;
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1000000U);
 
     sw.start();
     auto top = DynBlockMaintenance::getTopNetmasks(20);
-    cerr<<"scanned "<<g_dynblockNMG.getLocal()->size()<<" entries in "<<std::to_string(sw.udiff()/1024)<<"ms"<<endl;
+    cerr<<"scanned "<<dnsdist::DynamicBlocks::getClientAddressDynamicRules().size()<<" entries in "<<std::to_string(sw.udiff()/1024)<<"ms"<<endl;
 
     struct timespec expired = now;
     expired.tv_sec += blockDuration + 1;
     sw.start();
     DynBlockMaintenance::purgeExpired(expired);
     cerr<<"removed 1000000 entries in "<<std::to_string(sw.udiff()/1024)<<"ms"<<endl;
-    BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U);
+    BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U);
   }
 #endif
 }

diff --git a/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc b/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc
index 70f5eb5fc17400a478314b8809ad68b40c2c093b..0391f8fb4aa9f6b42192a3d05fcf3a1417d19df2 100644 (file)
--- a/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc
+++ b/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc
@@ -21,8 +21,6 @@ std::unique_ptr<DNSDistSNMPAgent> g_snmpAgent{nullptr};
 #if BENCH_POLICIES
 #include "dnsdist-rings.hh"
 Rings g_rings;
-GlobalStateHolder<NetmaskTree<DynBlock>> g_dynblockNMG;
-GlobalStateHolder<SuffixMatchTree<DynBlock>> g_dynblockSMT;
 #endif /* BENCH_POLICIES */
 
 std::vector<std::unique_ptr<ClientState>> g_frontends;

diff --git a/pdns/dnsdistdist/test-dnsdisttcp_cc.cc b/pdns/dnsdistdist/test-dnsdisttcp_cc.cc
index 9475310f96b4b80dd59a6f57ff34faf87dec9d6e..8fa4a636bf45876a17e27639b376812388ed1898 100644 (file)
--- a/pdns/dnsdistdist/test-dnsdisttcp_cc.cc
+++ b/pdns/dnsdistdist/test-dnsdisttcp_cc.cc
@@ -57,7 +57,7 @@ void handleResponseSent(const InternalQueryState& ids, double udiff, const Combo
 
 std::function<ProcessQueryResult(DNSQuestion& dq, std::shared_ptr<DownstreamState>& selectedBackend)> s_processQuery;
 
-ProcessQueryResult processQuery(DNSQuestion& dq, LocalHolders& holders, std::shared_ptr<DownstreamState>& selectedBackend)
+ProcessQueryResult processQuery(DNSQuestion& dq, std::shared_ptr<DownstreamState>& selectedBackend)
 {
   if (s_processQuery) {
     return s_processQuery(dq, selectedBackend);