implement & document exceedQRate(), plus populate dnsdist.* with dns types.

author bert hubert <bert.hubert@netherlabs.nl>

Thu, 14 Jan 2016 10:45:49 +0000 (11:45 +0100)

committer bert hubert <bert.hubert@netherlabs.nl>

Thu, 14 Jan 2016 10:45:49 +0000 (11:45 +0100)
author bert hubert <bert.hubert@netherlabs.nl>
Thu, 14 Jan 2016 10:45:49 +0000 (11:45 +0100)
committer bert hubert <bert.hubert@netherlabs.nl>
Thu, 14 Jan 2016 10:45:49 +0000 (11:45 +0100)
diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md

index e7c9711ce279479786b03e3da1b9addbd6915004..cfc2116b5949cea17c347a59a1edc741f00109b5 100644 (file)
--- a/pdns/README-dnsdist.md
+++ b/pdns/README-dnsdist.md
@@ -862,6 +862,7 @@ instantiate a server with additional parameters
     * `exceedServFails(rate, seconds)`: get set of addresses that exceed `rate` servails/s over `seconds` seconds
     * `exceedNXDOMAINs(rate, seconds)`: get set of addresses that exceed `rate` NXDOMAIN/s over `seconds` seconds
     * `exceedRespByterate(rate, seconds)`: get set of addresses that exeeded `rate` bytes/s answers over `seconds` seconds
+   * `exceedQRate(rate, seconds)`: get set of address that exceed `rate` queries/s over `seconds` seconds
     * `exceedQTypeRate(type, rate, seconds)`: get set of address that exceed `rate` queries/s for queries of type `type` over `seconds` seconds
   * Advanced functions for writing your own policies and hooks
     * ComboAddress related:
diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc

index 91df22529a6930b9f74a4df9c6a0c32376003d5c..c8260f0637e6820b66d0bd3d1c681050f96fee39 100644 (file)
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -132,6 +132,11 @@ vector<std::function<void(void)>> setupLua(bool client, const std::string& confi
        {"None",(int)DNSAction::Action::None},
        {"Delay", (int)DNSAction::Action::Delay}}
      );
+
+  vector<pair<string, int> > dd;
+  for(const auto& n : QType::names)
+    dd.push_back({n.first, n.second});
+  g_lua.writeVariable("dnsdist", dd);
    
    g_lua.writeFunction("newServer", 
                       [client](boost::variant<string,newserver_t> pvars, boost::optional<int> qps)
diff --git a/pdns/dnsdist-lua2.cc b/pdns/dnsdist-lua2.cc

index 94bdd1cc3fbeedc6c0bd286cd1e4ba7bda816387..0cf7095f737ec908916b6a2a6cf2d243c1d696a0 100644 (file)
--- a/pdns/dnsdist-lua2.cc
+++ b/pdns/dnsdist-lua2.cc
@@ -164,7 +164,8 @@ void moreLua()
                            until.tv_sec += actualSeconds; 
                            for(const auto& capair : m) {
                              unsigned int count = 0;
-                            if(auto got = slow.lookup(Netmask(capair.first))) {
+                             auto got = slow.lookup(Netmask(capair.first));
+                            if(got) {
                                if(until < got->second.until) // had a longer policy
                                  continue;
                                if(now < got->second.until) // don't inherit count on expired entry
@@ -172,7 +173,8 @@ void moreLua()
                              }
                              DynBlock db{msg,until};
                              db.blocks=count;
-                             warnlog("Inserting dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg);
+                             if(!got)
+                               warnlog("Inserting dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg);
                              slow.insert(Netmask(capair.first)).second=db;
                            }
                            g_dynblockNMG.setState(slow);
@@ -204,10 +206,16 @@ void moreLua()
           if(q.qtype==type)
             counts[q.requestor]++;
         });
+    });
  
-
+  g_lua.writeFunction("exceedQRate", [](unsigned int rate, int seconds) {
+      setLuaNoSideEffect();
+      return exceedQueryGen(rate, seconds, [](counts_t& counts, const Rings::Query& q) {
+          counts[q.requestor]++;
+       });
      });
  
+
    g_lua.writeFunction("topBandwidth", [](boost::optional<unsigned int> top_) {
        setLuaNoSideEffect();
        auto top = top_.get_value_or(10);
diff --git a/pdns/dnsdistconf.lua b/pdns/dnsdistconf.lua

index dba9a8be91c09e1c164bf7da249f0da12504262c..ca2dd13411dabcc560f3e6cab7c22938dfd539ec 100644 (file)
--- a/pdns/dnsdistconf.lua
+++ b/pdns/dnsdistconf.lua
@@ -97,4 +97,9 @@ function splitSetup(servers, remote, qname, qtype, dh)
          end
  end
  
--- setServerPolicyLua("splitSetup", splitSetup)
-\ No newline at end of file
+-- setServerPolicyLua("splitSetup", splitSetup)
+
+function maintenance()
+       addDynBlocks(exceedQRate(20, 10), "Exceeded query rate", 60)
+end
+
author	bert hubert <bert.hubert@netherlabs.nl>
	Thu, 14 Jan 2016 10:45:49 +0000 (11:45 +0100)
committer	bert hubert <bert.hubert@netherlabs.nl>
	Thu, 14 Jan 2016 10:45:49 +0000 (11:45 +0100)
pdns/README-dnsdist.md		patch \| blob \| blame \| history
pdns/dnsdist-lua.cc		patch \| blob \| blame \| history
pdns/dnsdist-lua2.cc		patch \| blob \| blame \| history
pdns/dnsdistconf.lua		patch \| blob \| blame \| history