add blockRange and unblockRange

diff --git a/pdns/bpf-filter.cc b/pdns/bpf-filter.cc
index c24155c8edadb1dfc0c66716cdbc8711f7ef4028..cc59b8eac341dc2832e3a85e8dea9e97332e2c88 100644 (file)
--- a/pdns/bpf-filter.cc
+++ b/pdns/bpf-filter.cc
@@ -359,6 +359,8 @@ BPFFilter::BPFFilter(std::unordered_map<std::string, MapConfiguration>& configs,
   maps->d_v4 = BPFFilter::Map(configs["ipv4"], d_mapFormat);
   maps->d_v6 = BPFFilter::Map(configs["ipv6"], d_mapFormat);
   maps->d_qnames = BPFFilter::Map(configs["qnames"], d_mapFormat);
+  maps->d_cidr4 = BPFFilter::Map(configs["cidr4"], d_mapFormat);
+  maps->d_cidr6 = BPFFilter::Map(configs["cidr6"], d_mapFormat);
   if (!external) {
     BPFFilter::MapConfiguration filters;
     filters.d_maxItems = 1;

diff --git a/pdns/dnsdist-lua-bindings.cc b/pdns/dnsdist-lua-bindings.cc
index 2ecae9d9abce2429bd0b0ec3fde8de097f50d6c8..f09b7a22acd70cd58d8aab459ea89ad87cf7bb24 100644 (file)
--- a/pdns/dnsdist-lua-bindings.cc
+++ b/pdns/dnsdist-lua-bindings.cc
@@ -457,6 +457,8 @@ void setupLuaBindings(LuaContext& luaCtx, bool client)
       convertParamsToConfig("ipv4", BPFFilter::MapType::IPv4);
       convertParamsToConfig("ipv6", BPFFilter::MapType::IPv6);
       convertParamsToConfig("qnames", BPFFilter::MapType::QNames);
+      convertParamsToConfig("cidr4", BPFFilter::MapType::CIDR4);
+      convertParamsToConfig("cidr6", BPFFilter::MapType::CIDR6);
 
       BPFFilter::MapFormat format = BPFFilter::MapFormat::Legacy;
       bool external = false;
@@ -498,7 +500,30 @@ void setupLuaBindings(LuaContext& luaCtx, bool client)
         }
       }
     });
+  luaCtx.registerFunction<void (std::shared_ptr<BPFFilter>::*)(const string& range, boost::optional<uint32_t> action)>("blockRange", [](std::shared_ptr<BPFFilter> bpf, const string& range, boost::optional<uint32_t> action) {
+    if (!bpf) {
+      return;
+    }
 
+    if (!action) {
+      return bpf->block(Netmask(range), BPFFilter::MatchAction::Drop);
+    }
+    BPFFilter::MatchAction match;
+    switch (*action) {
+    case 0:
+      match = BPFFilter::MatchAction::Pass;
+      break;
+    case 1:
+      match = BPFFilter::MatchAction::Drop;
+      break;
+    case 2:
+      match = BPFFilter::MatchAction::Truncate;
+      break;
+    default:
+      throw std::runtime_error("Unsupported action for BPFFilter::block");
+    }
+    return bpf->block(Netmask(range), match);
+  });
   luaCtx.registerFunction<void(std::shared_ptr<BPFFilter>::*)(const DNSName& qname, boost::optional<uint16_t> qtype, boost::optional<uint32_t> action)>("blockQName", [](std::shared_ptr<BPFFilter> bpf, const DNSName& qname, boost::optional<uint16_t> qtype, boost::optional<uint32_t> action) {
       if (bpf) {
         if (!action) {
@@ -530,7 +555,12 @@ void setupLuaBindings(LuaContext& luaCtx, bool client)
         return bpf->unblock(ca);
       }
     });
-
+  luaCtx.registerFunction<void (std::shared_ptr<BPFFilter>::*)(const string& range)>("unblockRange", [](std::shared_ptr<BPFFilter> bpf, const string& range) {
+    if (!bpf) {
+      return;
+    }
+    bpf->unblock(Netmask(range));
+  });
   luaCtx.registerFunction<void(std::shared_ptr<BPFFilter>::*)(const DNSName& qname, boost::optional<uint16_t> qtype)>("unblockQName", [](std::shared_ptr<BPFFilter> bpf, const DNSName& qname, boost::optional<uint16_t> qtype) {
       if (bpf) {
         return bpf->unblock(qname, qtype ? *qtype : 255);