From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 30 Apr 2021 13:48:26 +0000 (+0200)
Subject: dnsdist: Convert DynBPF to LockGuarded
X-Git-Tag: dnsdist-1.7.0-alpha1~62^2~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06fa8b3bfad69c6556e21509b1499a5fec315c6f;p=thirdparty%2Fpdns.git

dnsdist: Convert DynBPF to LockGuarded
---

diff --git a/pdns/dnsdist-dynbpf.cc b/pdns/dnsdist-dynbpf.cc
index e4c2c0d90b..a11c928f95 100644
--- a/pdns/dnsdist-dynbpf.cc
+++ b/pdns/dnsdist-dynbpf.cc
@@ -24,22 +24,22 @@
 bool DynBPFFilter::block(const ComboAddress& addr, const struct timespec& until)
 {
   bool inserted = false;
-  std::lock_guard<std::mutex> lock(d_mutex);
+  auto data = d_data.lock();
 
-  if (d_excludedSubnets.match(addr)) {
+  if (data->d_excludedSubnets.match(addr)) {
     /* do not add a block for excluded subnets */
     return inserted;
   }
 
-  const container_t::iterator it = d_entries.find(addr);
-  if (it != d_entries.end()) {
+  const container_t::iterator it = data->d_entries.find(addr);
+  if (it != data->d_entries.end()) {
     if (it->d_until < until) {
-      d_entries.replace(it, BlockEntry(addr, until));
+      data->d_entries.replace(it, BlockEntry(addr, until));
     }
   }
   else {
-    d_bpf->block(addr);
-    d_entries.insert(BlockEntry(addr, until));
+    data->d_bpf->block(addr);
+    data->d_entries.insert(BlockEntry(addr, until));
     inserted = true;
   }
   return inserted;
@@ -47,16 +47,16 @@ bool DynBPFFilter::block(const ComboAddress& addr, const struct timespec& until)
 
 void DynBPFFilter::purgeExpired(const struct timespec& now)
 {
-  std::lock_guard<std::mutex> lock(d_mutex);
+  auto data = d_data.lock();
 
   typedef nth_index<container_t,1>::type ordered_until;
-  ordered_until& ou = get<1>(d_entries);
+  ordered_until& ou = get<1>(data->d_entries);
 
-  for (ordered_until::iterator it=ou.begin(); it != ou.end(); ) {
+  for (ordered_until::iterator it = ou.begin(); it != ou.end(); ) {
     if (it->d_until < now) {
       ComboAddress addr = it->d_addr;
       it = ou.erase(it);
-      d_bpf->unblock(addr);
+      data->d_bpf->unblock(addr);
     }
     else {
       break;
@@ -67,18 +67,19 @@ void DynBPFFilter::purgeExpired(const struct timespec& now)
 std::vector<std::tuple<ComboAddress, uint64_t, struct timespec> > DynBPFFilter::getAddrStats()
 {
   std::vector<std::tuple<ComboAddress, uint64_t, struct timespec> > result;
-  if (!d_bpf) {
+  auto data = d_data.lock();
+
+  if (!data->d_bpf) {
     return result;
   }
 
-  const auto& stats = d_bpf->getAddrStats();
+  const auto& stats = data->d_bpf->getAddrStats();
   result.reserve(stats.size());
   for (const auto& stat : stats) {
-    const container_t::iterator it = d_entries.find(stat.first);
-    if (it != d_entries.end()) {
+    const container_t::iterator it = data->d_entries.find(stat.first);
+    if (it != data->d_entries.end()) {
       result.push_back(std::make_tuple(stat.first, stat.second, it->d_until));
     }
   }
   return result;
 }
-
diff --git a/pdns/dnsdist-dynbpf.hh b/pdns/dnsdist-dynbpf.hh
index 5cfa2e028e..42b2a418e2 100644
--- a/pdns/dnsdist-dynbpf.hh
+++ b/pdns/dnsdist-dynbpf.hh
@@ -33,21 +33,20 @@
 class DynBPFFilter
 {
 public:
-  DynBPFFilter(std::shared_ptr<BPFFilter>& bpf): d_bpf(bpf)
+  DynBPFFilter(std::shared_ptr<BPFFilter>& bpf)
   {
+    d_data.lock()->d_bpf = bpf;
   }
   ~DynBPFFilter()
   {
   }
   void excludeRange(const Netmask& range)
   {
-    std::unique_lock<std::mutex> lock(d_mutex);
-    d_excludedSubnets.addMask(range);
+    d_data.lock()->d_excludedSubnets.addMask(range);
   }
   void includeRange(const Netmask& range)
   {
-    std::unique_lock<std::mutex> lock(d_mutex);
-    d_excludedSubnets.addMask(range, false);
+    d_data.lock()->d_excludedSubnets.addMask(range, false);
   }
   /* returns true if the addr wasn't already blocked, false otherwise */
   bool block(const ComboAddress& addr, const struct timespec& until);
@@ -68,9 +67,11 @@ private:
                                   ordered_non_unique< member<BlockEntry,struct timespec,&BlockEntry::d_until> >
                                   >
                                 > container_t;
-  container_t d_entries;
-  std::mutex d_mutex;
-  std::shared_ptr<BPFFilter> d_bpf;
-  NetmaskGroup d_excludedSubnets;
+  struct Data {
+    container_t d_entries;
+    std::shared_ptr<BPFFilter> d_bpf{nullptr};
+    NetmaskGroup d_excludedSubnets;
+  };
+  LockGuarded<Data> d_data;
 };