[thirdparty/pdns.git] / pdns / dnsdist-dynbpf.cc

/*
 * This file is part of PowerDNS or dnsdist.
 * Copyright -- PowerDNS.COM B.V. and its contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * In addition, for the avoidance of any doubt, permission is granted to
 * link this program with OpenSSL and to (re)distribute the binaries
 * produced as the result of such linking.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
#include "dnsdist-dynbpf.hh"

#ifdef HAVE_EBPF

bool DynBPFFilter::block(const ComboAddress& addr, const struct timespec& until)
{
  bool inserted = false;
  std::unique_lock<std::mutex> lock(d_mutex);

  if (d_excludedSubnets.match(addr)) {
    /* do not add a block for excluded subnets */
    return inserted;
  }

  const container_t::iterator it = d_entries.find(addr);
  if (it != d_entries.end()) {
    if (it->d_until < until) {
      d_entries.replace(it, BlockEntry(addr, until));
    }
  }
  else {
    d_bpf->block(addr);
    d_entries.insert(BlockEntry(addr, until));
    inserted = true;
  }
  return inserted;
}

void DynBPFFilter::purgeExpired(const struct timespec& now)
{
  std::unique_lock<std::mutex> lock(d_mutex);

  typedef nth_index<container_t,1>::type ordered_until;
  ordered_until& ou = get<1>(d_entries);

  for (ordered_until::iterator it=ou.begin(); it != ou.end(); ) {
    if (it->d_until < now) {
      ComboAddress addr = it->d_addr;
      it = ou.erase(it);
      d_bpf->unblock(addr);
    }
    else {
      break;
    }
  }
}

std::vector<std::tuple<ComboAddress, uint64_t, struct timespec> > DynBPFFilter::getAddrStats()
{
  std::vector<std::tuple<ComboAddress, uint64_t, struct timespec> > result;
  if (!d_bpf) {
    return result;
  }

  const auto& stats = d_bpf->getAddrStats();
  for (const auto& stat : stats) {
    const container_t::iterator it = d_entries.find(stat.first);
    if (it != d_entries.end()) {
      result.push_back(std::make_tuple(stat.first, stat.second, it->d_until));
    }
  }
  return result;
}

#endif /* HAVE_EBPF */
Commit	Line	Data
12471842 PL	1	/*
	2	* This file is part of PowerDNS or dnsdist.
	3	* Copyright -- PowerDNS.COM B.V. and its contributors
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of version 2 of the GNU General Public License as
	7	* published by the Free Software Foundation.
	8	*
	9	* In addition, for the avoidance of any doubt, permission is granted to
	10	* link this program with OpenSSL and to (re)distribute the binaries
	11	* produced as the result of such linking.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License
	19	* along with this program; if not, write to the Free Software
	20	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	21	*/
87b515ed RG	22	#include "dnsdist-dynbpf.hh"
	23
	24	#ifdef HAVE_EBPF
	25
4900be3f	26	bool DynBPFFilter::block(const ComboAddress& addr, const struct timespec& until)
87b515ed	27	{
4900be3f	28	bool inserted = false;
87b515ed RG	29	std::unique_lock<std::mutex> lock(d_mutex);
87b515ed RG	30
ee38369c RS	31	if (d_excludedSubnets.match(addr)) {
	32	/* do not add a block for excluded subnets */
	33	return inserted;
	34	}
	35
87b515ed RG	36	const container_t::iterator it = d_entries.find(addr);
	37	if (it != d_entries.end()) {
	38	if (it->d_until < until) {
	39	d_entries.replace(it, BlockEntry(addr, until));
	40	}
	41	}
	42	else {
	43	d_bpf->block(addr);
	44	d_entries.insert(BlockEntry(addr, until));
4900be3f	45	inserted = true;
87b515ed	46	}
4900be3f	47	return inserted;
87b515ed RG	48	}
	49
	50	void DynBPFFilter::purgeExpired(const struct timespec& now)
	51	{
	52	std::unique_lock<std::mutex> lock(d_mutex);
	53
	54	typedef nth_index<container_t,1>::type ordered_until;
	55	ordered_until& ou = get<1>(d_entries);
	56
	57	for (ordered_until::iterator it=ou.begin(); it != ou.end(); ) {
	58	if (it->d_until < now) {
	59	ComboAddress addr = it->d_addr;
	60	it = ou.erase(it);
	61	d_bpf->unblock(addr);
	62	}
	63	else {
	64	break;
	65	}
	66	}
	67	}
	68
8429ad04 RG	69	std::vector<std::tuple<ComboAddress, uint64_t, struct timespec> > DynBPFFilter::getAddrStats()
	70	{
	71	std::vector<std::tuple<ComboAddress, uint64_t, struct timespec> > result;
	72	if (!d_bpf) {
	73	return result;
	74	}
	75
	76	const auto& stats = d_bpf->getAddrStats();
	77	for (const auto& stat : stats) {
	78	const container_t::iterator it = d_entries.find(stat.first);
	79	if (it != d_entries.end()) {
75eee88a	80	result.push_back(std::make_tuple(stat.first, stat.second, it->d_until));
8429ad04 RG	81	}
	82	}
	83	return result;
	84	}
	85
87b515ed	86	#endif /* HAVE_EBPF */