[thirdparty/pdns.git] / pdns / dnsdist-dynbpf.hh

/*
 * This file is part of PowerDNS or dnsdist.
 * Copyright -- PowerDNS.COM B.V. and its contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * In addition, for the avoidance of any doubt, permission is granted to
 * link this program with OpenSSL and to (re)distribute the binaries
 * produced as the result of such linking.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
#pragma once
#include "config.h"

#include <mutex>

#include "bpf-filter.hh"
#include "iputils.hh"

#ifdef HAVE_EBPF

#include <boost/multi_index_container.hpp>
#include <boost/multi_index/ordered_index.hpp>

class DynBPFFilter
{
public:
  DynBPFFilter(std::shared_ptr<BPFFilter>& bpf): d_bpf(bpf)
  {
  }
  ~DynBPFFilter()
  {
  }
  void excludeRange(const Netmask& range)
  {
    d_excludedSubnets.addMask(range);
  }
  void includeRange(const Netmask& range)
  {
    d_excludedSubnets.addMask(range, false);
  }
  /* returns true if the addr wasn't already blocked, false otherwise */
  bool block(const ComboAddress& addr, const struct timespec& until);
  void purgeExpired(const struct timespec& now);
  std::vector<std::tuple<ComboAddress, uint64_t, struct timespec> > getAddrStats();
private:
  struct BlockEntry
  {
    BlockEntry(const ComboAddress& addr, const struct timespec until): d_addr(addr), d_until(until)
    {
    }
    ComboAddress d_addr;
    struct timespec d_until;
  };
  typedef multi_index_container<BlockEntry,
                                indexed_by <
                                  ordered_unique< member<BlockEntry,ComboAddress,&BlockEntry::d_addr>, ComboAddress::addressOnlyLessThan >,
                                  ordered_non_unique< member<BlockEntry,struct timespec,&BlockEntry::d_until> >
                                  >
                                > container_t;
  container_t d_entries;
  std::mutex d_mutex;
  std::shared_ptr<BPFFilter> d_bpf;
  NetmaskGroup d_excludedSubnets;
};

#endif /* HAVE_EBPF */
Commit	Line	Data
12471842 PL	1	/*
	2	* This file is part of PowerDNS or dnsdist.
	3	* Copyright -- PowerDNS.COM B.V. and its contributors
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of version 2 of the GNU General Public License as
	7	* published by the Free Software Foundation.
	8	*
	9	* In addition, for the avoidance of any doubt, permission is granted to
	10	* link this program with OpenSSL and to (re)distribute the binaries
	11	* produced as the result of such linking.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License
	19	* along with this program; if not, write to the Free Software
	20	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	21	*/
87b515ed RG	22	#pragma once
	23	#include "config.h"
	24
	25	#include <mutex>
	26
	27	#include "bpf-filter.hh"
	28	#include "iputils.hh"
	29
	30	#ifdef HAVE_EBPF
	31
	32	#include <boost/multi_index_container.hpp>
	33	#include <boost/multi_index/ordered_index.hpp>
	34
	35	class DynBPFFilter
	36	{
	37	public:
f3b1a1ef	38	DynBPFFilter(std::shared_ptr<BPFFilter>& bpf): d_bpf(bpf)
87b515ed RG	39	{
	40	}
	41	~DynBPFFilter()
	42	{
	43	}
ee38369c RS	44	void excludeRange(const Netmask& range)
	45	{
	46	d_excludedSubnets.addMask(range);
	47	}
	48	void includeRange(const Netmask& range)
	49	{
	50	d_excludedSubnets.addMask(range, false);
	51	}
4900be3f RG	52	/* returns true if the addr wasn't already blocked, false otherwise */
4900be3f RG	53	bool block(const ComboAddress& addr, const struct timespec& until);
87b515ed	54	void purgeExpired(const struct timespec& now);
8429ad04	55	std::vector<std::tuple<ComboAddress, uint64_t, struct timespec> > getAddrStats();
87b515ed RG	56	private:
	57	struct BlockEntry
	58	{
	59	BlockEntry(const ComboAddress& addr, const struct timespec until): d_addr(addr), d_until(until)
	60	{
	61	}
	62	ComboAddress d_addr;
	63	struct timespec d_until;
	64	};
	65	typedef multi_index_container<BlockEntry,
	66	indexed_by <
	67	ordered_unique< member<BlockEntry,ComboAddress,&BlockEntry::d_addr>, ComboAddress::addressOnlyLessThan >,
	68	ordered_non_unique< member<BlockEntry,struct timespec,&BlockEntry::d_until> >
	69	>
	70	> container_t;
	71	container_t d_entries;
	72	std::mutex d_mutex;
	73	std::shared_ptr<BPFFilter> d_bpf;
ee38369c	74	NetmaskGroup d_excludedSubnets;
87b515ed RG	75	};
	76
	77	#endif /* HAVE_EBPF */