]> git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/dnsdist-lua-rules.cc
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
auth: switch circleci mssql image
[thirdparty/pdns.git] / pdns / dnsdist-lua-rules.cc
1 /*
2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22 #include "dnsdist.hh"
23 #include "dnsdist-lua.hh"
24 #include "dnsdist-rules.hh"
25
26 std::shared_ptr<DNSRule> makeRule(const luadnsrule_t& var)
27 {
28 if (var.type() == typeid(std::shared_ptr<DNSRule>))
29 return *boost::get<std::shared_ptr<DNSRule>>(&var);
30
31 SuffixMatchNode smn;
32 NetmaskGroup nmg;
33 auto add=[&](string src) {
34 try {
35 nmg.addMask(src); // need to try mask first, all masks are domain names!
36 } catch(...) {
37 smn.add(DNSName(src));
38 }
39 };
40
41 if (var.type() == typeid(string))
42 add(*boost::get<string>(&var));
43
44 else if (var.type() == typeid(vector<pair<int, string>>))
45 for(const auto& a : *boost::get<vector<pair<int, string>>>(&var))
46 add(a.second);
47
48 else if (var.type() == typeid(DNSName))
49 smn.add(*boost::get<DNSName>(&var));
50
51 else if (var.type() == typeid(vector<pair<int, DNSName>>))
52 for(const auto& a : *boost::get<vector<pair<int, DNSName>>>(&var))
53 smn.add(a.second);
54
55 if(nmg.empty())
56 return std::make_shared<SuffixMatchNodeRule>(smn);
57 else
58 return std::make_shared<NetmaskGroupRule>(nmg, true);
59 }
60
61 static boost::uuids::uuid makeRuleID(std::string& id)
62 {
63 if (id.empty()) {
64 return getUniqueID();
65 }
66
67 return getUniqueID(id);
68 }
69
70 void parseRuleParams(boost::optional<luaruleparams_t> params, boost::uuids::uuid& uuid, uint64_t& creationOrder)
71 {
72 static uint64_t s_creationOrder = 0;
73
74 string uuidStr;
75
76 if (params) {
77 if (params->count("uuid")) {
78 uuidStr = boost::get<std::string>((*params)["uuid"]);
79 }
80 }
81
82 uuid = makeRuleID(uuidStr);
83 creationOrder = s_creationOrder++;
84 }
85
86 typedef std::unordered_map<std::string, boost::variant<bool, int, std::string, std::vector<std::pair<int,int> > > > ruleparams_t;
87
88 template<typename T>
89 static void showRules(GlobalStateHolder<vector<T> > *someRulActions, boost::optional<ruleparams_t> vars) {
90 setLuaNoSideEffect();
91 int num=0;
92 bool showUUIDs = false;
93 size_t truncateRuleWidth = string::npos;
94
95 if (vars) {
96 if (vars->count("showUUIDs")) {
97 showUUIDs = boost::get<bool>((*vars)["showUUIDs"]);
98 }
99 if (vars->count("truncateRuleWidth")) {
100 truncateRuleWidth = boost::get<int>((*vars)["truncateRuleWidth"]);
101 }
102 }
103
104 auto rules = someRulActions->getLocal();
105 if (showUUIDs) {
106 boost::format fmt("%-3d %-38s %9d %9d %-56s %s\n");
107 g_outputBuffer += (fmt % "#" % "UUID" % "Cr. Order" % "Matches" % "Rule" % "Action").str();
108 for(const auto& lim : *rules) {
109 string name = lim.d_rule->toString().substr(0, truncateRuleWidth);
110 g_outputBuffer += (fmt % num % boost::uuids::to_string(lim.d_id) % lim.d_creationOrder % lim.d_rule->d_matches % name % lim.d_action->toString()).str();
111 ++num;
112 }
113 }
114 else {
115 boost::format fmt("%-3d %9d %-56s %s\n");
116 g_outputBuffer += (fmt % "#" % "Matches" % "Rule" % "Action").str();
117 for(const auto& lim : *rules) {
118 string name = lim.d_rule->toString().substr(0, truncateRuleWidth);
119 g_outputBuffer += (fmt % num % lim.d_rule->d_matches % name % lim.d_action->toString()).str();
120 ++num;
121 }
122 }
123 }
124
125 template<typename T>
126 static void rmRule(GlobalStateHolder<vector<T> > *someRulActions, boost::variant<unsigned int, std::string> id) {
127 setLuaSideEffect();
128 auto rules = someRulActions->getCopy();
129 if (auto str = boost::get<std::string>(&id)) {
130 const auto uuid = getUniqueID(*str);
131 if (rules.erase(std::remove_if(rules.begin(),
132 rules.end(),
133 [uuid](const T& a) { return a.d_id == uuid; }),
134 rules.end()) == rules.end()) {
135 g_outputBuffer = "Error: no rule matched\n";
136 return;
137 }
138 }
139 else if (auto pos = boost::get<unsigned int>(&id)) {
140 if (*pos >= rules.size()) {
141 g_outputBuffer = "Error: attempt to delete non-existing rule\n";
142 return;
143 }
144 rules.erase(rules.begin()+*pos);
145 }
146 someRulActions->setState(rules);
147 }
148
149 template<typename T>
150 static void topRule(GlobalStateHolder<vector<T> > *someRulActions) {
151 setLuaSideEffect();
152 auto rules = someRulActions->getCopy();
153 if(rules.empty())
154 return;
155 auto subject = *rules.rbegin();
156 rules.erase(std::prev(rules.end()));
157 rules.insert(rules.begin(), subject);
158 someRulActions->setState(rules);
159 }
160
161 template<typename T>
162 static void mvRule(GlobalStateHolder<vector<T> > *someRespRulActions, unsigned int from, unsigned int to) {
163 setLuaSideEffect();
164 auto rules = someRespRulActions->getCopy();
165 if(from >= rules.size() || to > rules.size()) {
166 g_outputBuffer = "Error: attempt to move rules from/to invalid index\n";
167 return;
168 }
169 auto subject = rules[from];
170 rules.erase(rules.begin()+from);
171 if(to > rules.size())
172 rules.push_back(subject);
173 else {
174 if(from < to)
175 --to;
176 rules.insert(rules.begin()+to, subject);
177 }
178 someRespRulActions->setState(rules);
179 }
180
181 void setupLuaRules()
182 {
183 g_lua.writeFunction("makeRule", makeRule);
184
185 g_lua.registerFunction<string(std::shared_ptr<DNSRule>::*)()>("toString", [](const std::shared_ptr<DNSRule>& rule) { return rule->toString(); });
186
187 g_lua.writeFunction("showResponseRules", [](boost::optional<ruleparams_t> vars) {
188 showRules(&g_resprulactions, vars);
189 });
190
191 g_lua.writeFunction("rmResponseRule", [](boost::variant<unsigned int, std::string> id) {
192 rmRule(&g_resprulactions, id);
193 });
194
195 g_lua.writeFunction("topResponseRule", []() {
196 topRule(&g_resprulactions);
197 });
198
199 g_lua.writeFunction("mvResponseRule", [](unsigned int from, unsigned int to) {
200 mvRule(&g_resprulactions, from, to);
201 });
202
203 g_lua.writeFunction("showCacheHitResponseRules", [](boost::optional<ruleparams_t> vars) {
204 showRules(&g_cachehitresprulactions, vars);
205 });
206
207 g_lua.writeFunction("rmCacheHitResponseRule", [](boost::variant<unsigned int, std::string> id) {
208 rmRule(&g_cachehitresprulactions, id);
209 });
210
211 g_lua.writeFunction("topCacheHitResponseRule", []() {
212 topRule(&g_cachehitresprulactions);
213 });
214
215 g_lua.writeFunction("mvCacheHitResponseRule", [](unsigned int from, unsigned int to) {
216 mvRule(&g_cachehitresprulactions, from, to);
217 });
218
219 g_lua.writeFunction("showSelfAnsweredResponseRules", [](boost::optional<ruleparams_t> vars) {
220 showRules(&g_selfansweredresprulactions, vars);
221 });
222
223 g_lua.writeFunction("rmSelfAnsweredResponseRule", [](boost::variant<unsigned int, std::string> id) {
224 rmRule(&g_selfansweredresprulactions, id);
225 });
226
227 g_lua.writeFunction("topSelfAnsweredResponseRule", []() {
228 topRule(&g_selfansweredresprulactions);
229 });
230
231 g_lua.writeFunction("mvSelfAnsweredResponseRule", [](unsigned int from, unsigned int to) {
232 mvRule(&g_selfansweredresprulactions, from, to);
233 });
234
235 g_lua.writeFunction("rmRule", [](boost::variant<unsigned int, std::string> id) {
236 rmRule(&g_rulactions, id);
237 });
238
239 g_lua.writeFunction("topRule", []() {
240 topRule(&g_rulactions);
241 });
242
243 g_lua.writeFunction("mvRule", [](unsigned int from, unsigned int to) {
244 mvRule(&g_rulactions, from, to);
245 });
246
247 g_lua.writeFunction("clearRules", []() {
248 setLuaSideEffect();
249 g_rulactions.modify([](decltype(g_rulactions)::value_type& rulactions) {
250 rulactions.clear();
251 });
252 });
253
254 g_lua.writeFunction("setRules", [](const std::vector<std::pair<int, std::shared_ptr<DNSDistRuleAction>>>& newruleactions) {
255 setLuaSideEffect();
256 g_rulactions.modify([newruleactions](decltype(g_rulactions)::value_type& gruleactions) {
257 gruleactions.clear();
258 for (const auto& pair : newruleactions) {
259 const auto& newruleaction = pair.second;
260 if (newruleaction->d_action) {
261 auto rule=makeRule(newruleaction->d_rule);
262 gruleactions.push_back({rule, newruleaction->d_action, newruleaction->d_id});
263 }
264 }
265 });
266 });
267
268 g_lua.writeFunction("MaxQPSIPRule", [](unsigned int qps, boost::optional<int> ipv4trunc, boost::optional<int> ipv6trunc, boost::optional<int> burst, boost::optional<unsigned int> expiration, boost::optional<unsigned int> cleanupDelay, boost::optional<unsigned int> scanFraction) {
269 return std::shared_ptr<DNSRule>(new MaxQPSIPRule(qps, burst.get_value_or(qps), ipv4trunc.get_value_or(32), ipv6trunc.get_value_or(64), expiration.get_value_or(300), cleanupDelay.get_value_or(60), scanFraction.get_value_or(10)));
270 });
271
272 g_lua.writeFunction("MaxQPSRule", [](unsigned int qps, boost::optional<int> burst) {
273 if(!burst)
274 return std::shared_ptr<DNSRule>(new MaxQPSRule(qps));
275 else
276 return std::shared_ptr<DNSRule>(new MaxQPSRule(qps, *burst));
277 });
278
279 g_lua.writeFunction("RegexRule", [](const std::string& str) {
280 return std::shared_ptr<DNSRule>(new RegexRule(str));
281 });
282
283 #ifdef HAVE_DNS_OVER_HTTPS
284 g_lua.writeFunction("HTTPHeaderRule", [](const std::string& header, const std::string& regex) {
285 return std::shared_ptr<DNSRule>(new HTTPHeaderRule(header, regex));
286 });
287 g_lua.writeFunction("HTTPPathRule", [](const std::string& path) {
288 return std::shared_ptr<DNSRule>(new HTTPPathRule(path));
289 });
290 #endif
291
292 #ifdef HAVE_RE2
293 g_lua.writeFunction("RE2Rule", [](const std::string& str) {
294 return std::shared_ptr<DNSRule>(new RE2Rule(str));
295 });
296 #endif
297
298 g_lua.writeFunction("SNIRule", [](const std::string& name) {
299 return std::shared_ptr<DNSRule>(new SNIRule(name));
300 });
301
302 g_lua.writeFunction("SuffixMatchNodeRule", [](const SuffixMatchNode& smn, boost::optional<bool> quiet) {
303 return std::shared_ptr<DNSRule>(new SuffixMatchNodeRule(smn, quiet ? *quiet : false));
304 });
305
306 g_lua.writeFunction("NetmaskGroupRule", [](const NetmaskGroup& nmg, boost::optional<bool> src) {
307 return std::shared_ptr<DNSRule>(new NetmaskGroupRule(nmg, src ? *src : true));
308 });
309
310 g_lua.writeFunction("benchRule", [](std::shared_ptr<DNSRule> rule, boost::optional<int> times_, boost::optional<string> suffix_) {
311 setLuaNoSideEffect();
312 int times = times_.get_value_or(100000);
313 DNSName suffix(suffix_.get_value_or("powerdns.com"));
314 struct item {
315 vector<uint8_t> packet;
316 ComboAddress rem;
317 DNSName qname;
318 uint16_t qtype, qclass;
319 };
320 vector<item> items;
321 items.reserve(1000);
322 for(int n=0; n < 1000; ++n) {
323 struct item i;
324 i.qname=DNSName(std::to_string(random()));
325 i.qname += suffix;
326 i.qtype = random() % 0xff;
327 i.qclass = 1;
328 i.rem=ComboAddress("127.0.0.1");
329 i.rem.sin4.sin_addr.s_addr = random();
330 DNSPacketWriter pw(i.packet, i.qname, i.qtype);
331 items.push_back(i);
332 }
333
334 int matches=0;
335 ComboAddress dummy("127.0.0.1");
336 StopWatch sw;
337 sw.start();
338 for(int n=0; n < times; ++n) {
339 const item& i = items[n % items.size()];
340 DNSQuestion dq(&i.qname, i.qtype, i.qclass, 0, &i.rem, &i.rem, (struct dnsheader*)&i.packet[0], i.packet.size(), i.packet.size(), false, &sw.d_start);
341 if(rule->matches(&dq))
342 matches++;
343 }
344 double udiff=sw.udiff();
345 g_outputBuffer=(boost::format("Had %d matches out of %d, %.1f qps, in %.1f usec\n") % matches % times % (1000000*(1.0*times/udiff)) % udiff).str();
346
347 });
348
349 g_lua.writeFunction("AllRule", []() {
350 return std::shared_ptr<DNSRule>(new AllRule());
351 });
352
353 g_lua.writeFunction("ProbaRule", [](double proba) {
354 return std::shared_ptr<DNSRule>(new ProbaRule(proba));
355 });
356
357 g_lua.writeFunction("QNameRule", [](const std::string& qname) {
358 return std::shared_ptr<DNSRule>(new QNameRule(DNSName(qname)));
359 });
360
361 g_lua.writeFunction("QTypeRule", [](boost::variant<int, std::string> str) {
362 uint16_t qtype;
363 if(auto dir = boost::get<int>(&str)) {
364 qtype = *dir;
365 }
366 else {
367 string val=boost::get<string>(str);
368 qtype = QType::chartocode(val.c_str());
369 if(!qtype)
370 throw std::runtime_error("Unable to convert '"+val+"' to a DNS type");
371 }
372 return std::shared_ptr<DNSRule>(new QTypeRule(qtype));
373 });
374
375 g_lua.writeFunction("QClassRule", [](int c) {
376 return std::shared_ptr<DNSRule>(new QClassRule(c));
377 });
378
379 g_lua.writeFunction("OpcodeRule", [](uint8_t code) {
380 return std::shared_ptr<DNSRule>(new OpcodeRule(code));
381 });
382
383 g_lua.writeFunction("AndRule", [](vector<pair<int, std::shared_ptr<DNSRule> > >a) {
384 return std::shared_ptr<DNSRule>(new AndRule(a));
385 });
386
387 g_lua.writeFunction("OrRule", [](vector<pair<int, std::shared_ptr<DNSRule> > >a) {
388 return std::shared_ptr<DNSRule>(new OrRule(a));
389 });
390
391 g_lua.writeFunction("DSTPortRule", [](uint16_t port) {
392 return std::shared_ptr<DNSRule>(new DSTPortRule(port));
393 });
394
395 g_lua.writeFunction("TCPRule", [](bool tcp) {
396 return std::shared_ptr<DNSRule>(new TCPRule(tcp));
397 });
398
399 g_lua.writeFunction("DNSSECRule", []() {
400 return std::shared_ptr<DNSRule>(new DNSSECRule());
401 });
402
403 g_lua.writeFunction("NotRule", [](std::shared_ptr<DNSRule>rule) {
404 return std::shared_ptr<DNSRule>(new NotRule(rule));
405 });
406
407 g_lua.writeFunction("RecordsCountRule", [](uint8_t section, uint16_t minCount, uint16_t maxCount) {
408 return std::shared_ptr<DNSRule>(new RecordsCountRule(section, minCount, maxCount));
409 });
410
411 g_lua.writeFunction("RecordsTypeCountRule", [](uint8_t section, uint16_t type, uint16_t minCount, uint16_t maxCount) {
412 return std::shared_ptr<DNSRule>(new RecordsTypeCountRule(section, type, minCount, maxCount));
413 });
414
415 g_lua.writeFunction("TrailingDataRule", []() {
416 return std::shared_ptr<DNSRule>(new TrailingDataRule());
417 });
418
419 g_lua.writeFunction("QNameLabelsCountRule", [](unsigned int minLabelsCount, unsigned int maxLabelsCount) {
420 return std::shared_ptr<DNSRule>(new QNameLabelsCountRule(minLabelsCount, maxLabelsCount));
421 });
422
423 g_lua.writeFunction("QNameWireLengthRule", [](size_t min, size_t max) {
424 return std::shared_ptr<DNSRule>(new QNameWireLengthRule(min, max));
425 });
426
427 g_lua.writeFunction("RCodeRule", [](uint8_t rcode) {
428 return std::shared_ptr<DNSRule>(new RCodeRule(rcode));
429 });
430
431 g_lua.writeFunction("ERCodeRule", [](uint8_t rcode) {
432 return std::shared_ptr<DNSRule>(new ERCodeRule(rcode));
433 });
434
435 g_lua.writeFunction("EDNSVersionRule", [](uint8_t version) {
436 return std::shared_ptr<DNSRule>(new EDNSVersionRule(version));
437 });
438
439 g_lua.writeFunction("EDNSOptionRule", [](uint16_t optcode) {
440 return std::shared_ptr<DNSRule>(new EDNSOptionRule(optcode));
441 });
442
443 g_lua.writeFunction("showRules", [](boost::optional<ruleparams_t> vars) {
444 showRules(&g_rulactions, vars);
445 });
446
447 g_lua.writeFunction("RDRule", []() {
448 return std::shared_ptr<DNSRule>(new RDRule());
449 });
450
451 g_lua.writeFunction("TagRule", [](std::string tag, boost::optional<std::string> value) {
452 return std::shared_ptr<DNSRule>(new TagRule(tag, value));
453 });
454
455 g_lua.writeFunction("TimedIPSetRule", []() {
456 return std::shared_ptr<TimedIPSetRule>(new TimedIPSetRule());
457 });
458
459 g_lua.writeFunction("PoolAvailableRule", [](std::string poolname) {
460 return std::shared_ptr<DNSRule>(new PoolAvailableRule(poolname));
461 });
462
463 g_lua.registerFunction<void(std::shared_ptr<TimedIPSetRule>::*)()>("clear", [](std::shared_ptr<TimedIPSetRule> tisr) {
464 tisr->clear();
465 });
466
467 g_lua.registerFunction<void(std::shared_ptr<TimedIPSetRule>::*)()>("cleanup", [](std::shared_ptr<TimedIPSetRule> tisr) {
468 tisr->cleanup();
469 });
470
471 g_lua.registerFunction<void(std::shared_ptr<TimedIPSetRule>::*)(const ComboAddress& ca, int t)>("add", [](std::shared_ptr<TimedIPSetRule> tisr, const ComboAddress& ca, int t) {
472 tisr->add(ca, time(0)+t);
473 });
474
475 g_lua.registerFunction<std::shared_ptr<DNSRule>(std::shared_ptr<TimedIPSetRule>::*)()>("slice", [](std::shared_ptr<TimedIPSetRule> tisr) {
476 return std::dynamic_pointer_cast<DNSRule>(tisr);
477 });
478
479 g_lua.writeFunction("QNameSetRule", [](const DNSNameSet& names) {
480 return std::shared_ptr<DNSRule>(new QNameSetRule(names));
481 });
482 }
Unnamed repository; edit this file 'description' to name the repository.