From: Remi Gacogne Date: Mon, 13 Nov 2023 13:22:05 +0000 (+0100) Subject: dnsdist: Delint the dynamic blocks files X-Git-Tag: rec-5.0.0-rc1~31^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0bad7da3a8cd0c967e5fd1456a4d1880fec2669d;p=thirdparty%2Fpdns.git dnsdist: Delint the dynamic blocks files --- diff --git a/.not-formatted b/.not-formatted index b9e7246b8a..1d1912ccd3 100644 --- a/.not-formatted +++ b/.not-formatted @@ -46,7 +46,6 @@ ./pdns/dnsdist-cache.hh ./pdns/dnsdist-console.cc ./pdns/dnsdist-console.hh -./pdns/dnsdist-dynblocks.hh ./pdns/dnsdist-dynbpf.cc ./pdns/dnsdist-dynbpf.hh ./pdns/dnsdist-ecs.cc @@ -73,7 +72,6 @@ ./pdns/dnsdist.hh ./pdns/dnsdistdist/connection-management.hh ./pdns/dnsdistdist/dnsdist-backend.cc -./pdns/dnsdistdist/dnsdist-dynblocks.cc ./pdns/dnsdistdist/dnsdist-kvs.cc ./pdns/dnsdistdist/dnsdist-kvs.hh ./pdns/dnsdistdist/dnsdist-lbpolicies.cc diff --git a/pdns/dnsdist-dynblocks.hh b/pdns/dnsdist-dynblocks.hh index a8bd5ae613..65b036e9e6 100644 --- a/pdns/dnsdist-dynblocks.hh +++ b/pdns/dnsdist-dynblocks.hh @@ -28,27 +28,31 @@ #include "dnsdist-rings.hh" #include "statnode.hh" -extern "C" { +extern "C" +{ #include "dnsdist-lua-inspection-ffi.h" } // dnsdist_ffi_stat_node_t is a lightuserdata -template<> -struct LuaContext::Pusher { - static const int minSize = 1; - static const int maxSize = 1; - - static PushedObject push(lua_State* state, dnsdist_ffi_stat_node_t* ptr) noexcept { - lua_pushlightuserdata(state, ptr); - return PushedObject{state, 1}; - } +template <> +struct LuaContext::Pusher +{ + static const int minSize = 1; + static const int maxSize = 1; + + static PushedObject push(lua_State* state, dnsdist_ffi_stat_node_t* ptr) noexcept + { + lua_pushlightuserdata(state, ptr); + return PushedObject{state, 1}; + } }; using dnsdist_ffi_stat_node_visitor_t = std::function; struct dnsdist_ffi_stat_node_t { - dnsdist_ffi_stat_node_t(const StatNode& node_, const StatNode::Stat& self_, const StatNode::Stat& children_, std::optional& reason_): node(node_), self(self_), children(children_), reason(reason_) + dnsdist_ffi_stat_node_t(const StatNode& node_, const StatNode::Stat& self_, const StatNode::Stat& children_, std::optional& reason_) : + node(node_), self(self_), children(children_), reason(reason_) { } @@ -63,7 +67,6 @@ using dnsdist_ffi_dynamic_block_inserted_hook = std::function d_rcodeCounts; @@ -75,11 +78,13 @@ private: struct DynBlockRule { - DynBlockRule(): d_enabled(false) + DynBlockRule() : + d_enabled(false) { } - DynBlockRule(const std::string& blockReason, unsigned int blockDuration, unsigned int rate, unsigned int warningRate, unsigned int seconds, DNSAction::Action action): d_blockReason(blockReason), d_blockDuration(blockDuration), d_rate(rate), d_warningRate(warningRate), d_seconds(seconds), d_action(action), d_enabled(true) + DynBlockRule(const std::string& blockReason, unsigned int blockDuration, unsigned int rate, unsigned int warningRate, unsigned int seconds, DNSAction::Action action) : + d_blockReason(blockReason), d_blockDuration(blockDuration), d_rate(rate), d_warningRate(warningRate), d_seconds(seconds), d_action(action), d_enabled(true) { } @@ -160,13 +165,15 @@ private: bool d_enabled{false}; }; - struct DynBlockRatioRule: DynBlockRule + struct DynBlockRatioRule : DynBlockRule { - DynBlockRatioRule(): DynBlockRule() + DynBlockRatioRule() : + DynBlockRule() { } - DynBlockRatioRule(const std::string& blockReason, unsigned int blockDuration, double ratio, double warningRatio, unsigned int seconds, DNSAction::Action action, size_t minimumNumberOfResponses): DynBlockRule(blockReason, blockDuration, 0, 0, seconds, action), d_minimumNumberOfResponses(minimumNumberOfResponses), d_ratio(ratio), d_warningRatio(warningRatio) + DynBlockRatioRule(const std::string& blockReason, unsigned int blockDuration, double ratio, double warningRatio, unsigned int seconds, DNSAction::Action action, size_t minimumNumberOfResponses) : + DynBlockRule(blockReason, blockDuration, 0, 0, seconds, action), d_minimumNumberOfResponses(minimumNumberOfResponses), d_ratio(ratio), d_warningRatio(warningRatio) { } @@ -362,18 +369,18 @@ public: } private: - + void applySMT(const struct timespec& now, StatNode& statNodeRoot); bool checkIfQueryTypeMatches(const Rings::Query& query); bool checkIfResponseCodeMatches(const Rings::Response& response); - void addOrRefreshBlock(boost::optional >& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning); + void addOrRefreshBlock(boost::optional>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning); void addOrRefreshBlockSMT(SuffixMatchTree& blocks, const struct timespec& now, const DNSName& name, const DynBlockRule& rule, bool& updated); - void addBlock(boost::optional >& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated) + void addBlock(boost::optional>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated) { addOrRefreshBlock(blocks, now, requestor, rule, updated, false); } - void handleWarning(boost::optional >& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated) + void handleWarning(boost::optional>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated) { addOrRefreshBlock(blocks, now, requestor, rule, updated, true); } @@ -457,7 +464,8 @@ private: static size_t s_topN; }; -namespace dnsdist::DynamicBlocks { +namespace dnsdist::DynamicBlocks +{ bool addOrRefreshBlock(NetmaskTree& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const std::string& reason, unsigned int duration, DNSAction::Action action, bool warning, bool beQuiet); bool addOrRefreshBlockSMT(SuffixMatchTree& blocks, const struct timespec& now, const DNSName& name, const std::string& reason, unsigned int duration, DNSAction::Action action, bool beQuiet); } diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index f8d3076b0b..6ed9b35190 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -1420,7 +1420,9 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) luaCtx.writeFunction("getDynamicBlocks", []() { setLuaNoSideEffect(); - struct timespec now; + struct timespec now + { + }; gettime(&now); LuaAssociativeTable entries; @@ -1444,7 +1446,9 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) luaCtx.writeFunction("getSMTDynamicBlocks", []() { setLuaNoSideEffect(); - struct timespec now; + struct timespec now + { + }; gettime(&now); LuaAssociativeTable entries; @@ -1536,7 +1540,9 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) return; } setLuaSideEffect(); - struct timespec now; + struct timespec now + { + }; gettime(&now); unsigned int actualSeconds = seconds ? *seconds : 10; @@ -1581,7 +1587,9 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) AddressAndPortRange target(clientIPCA, clientIPMask ? *clientIPMask : (clientIPCA.isIPv4() ? 32 : 128), clientIPPortMask ? *clientIPPortMask : 0); unsigned int actualSeconds = seconds ? *seconds : 10; - struct timespec now; + struct timespec now + { + }; gettime(&now); auto slow = g_dynblockNMG.getCopy(); if (dnsdist::DynamicBlocks::addOrRefreshBlock(slow, now, target, msg, actualSeconds, action ? *action : DNSAction::Action::None, false, false)) { diff --git a/pdns/dnsdistdist/dnsdist-dynblocks.cc b/pdns/dnsdistdist/dnsdist-dynblocks.cc index 87ad7b4ae5..c4f998732e 100644 --- a/pdns/dnsdistdist/dnsdist-dynblocks.cc +++ b/pdns/dnsdistdist/dnsdist-dynblocks.cc @@ -8,7 +8,6 @@ GlobalStateHolder> g_dynblockSMT; DNSAction::Action g_dynBlockAction = DNSAction::Action::Drop; #ifndef DISABLE_DYNBLOCKS - void DynBlockRulesGroup::apply(const struct timespec& now) { counts_t counts; @@ -30,7 +29,7 @@ void DynBlockRulesGroup::apply(const struct timespec& now) return; } - boost::optional > blocks; + boost::optional> blocks; bool updated = false; for (const auto& entry : counts) { @@ -109,50 +108,58 @@ void DynBlockRulesGroup::apply(const struct timespec& now) g_dynblockNMG.setState(std::move(*blocks)); } - if (!statNodeRoot.empty()) { - StatNode::Stat node; - std::unordered_map> namesToBlock; - statNodeRoot.visit([this,&namesToBlock](const StatNode* node_, const StatNode::Stat& self, const StatNode::Stat& children) { - bool block = false; - std::optional reason; - - if (d_smtVisitorFFI) { - dnsdist_ffi_stat_node_t tmp(*node_, self, children, reason); - block = d_smtVisitorFFI(&tmp); - } - else { - auto ret = d_smtVisitor(*node_, self, children); - block = std::get<0>(ret); - if (block) { - if (boost::optional tmp = std::get<1>(ret)) { - reason = std::move(*tmp); - } - } - } - - if (block) { - namesToBlock.insert({DNSName(node_->fullname), std::move(reason)}); - } - }, - node); - - if (!namesToBlock.empty()) { - updated = false; - SuffixMatchTree smtBlocks = g_dynblockSMT.getCopy(); - for (auto& [name, reason] : namesToBlock) { - if (reason) { - DynBlockRule rule(d_suffixMatchRule); - rule.d_blockReason = std::move(*reason); - addOrRefreshBlockSMT(smtBlocks, now, std::move(name), std::move(rule), updated); - } - else { - addOrRefreshBlockSMT(smtBlocks, now, std::move(name), d_suffixMatchRule, updated); + applySMT(now, statNodeRoot); +} + +void DynBlockRulesGroup::applySMT(const struct timespec& now, StatNode& statNodeRoot) +{ + if (statNodeRoot.empty()) { + return; + } + + bool updated = false; + StatNode::Stat node; + std::unordered_map> namesToBlock; + statNodeRoot.visit([this, &namesToBlock](const StatNode* node_, const StatNode::Stat& self, const StatNode::Stat& children) { + bool block = false; + std::optional reason; + + if (d_smtVisitorFFI) { + dnsdist_ffi_stat_node_t tmp(*node_, self, children, reason); + block = d_smtVisitorFFI(&tmp); + } + else { + auto ret = d_smtVisitor(*node_, self, children); + block = std::get<0>(ret); + if (block) { + if (boost::optional tmp = std::get<1>(ret)) { + reason = std::move(*tmp); } } - if (updated) { - g_dynblockSMT.setState(std::move(smtBlocks)); + } + + if (block) { + namesToBlock.insert({DNSName(node_->fullname), std::move(reason)}); + } + }, + node); + + if (!namesToBlock.empty()) { + updated = false; + SuffixMatchTree smtBlocks = g_dynblockSMT.getCopy(); + for (auto& [name, reason] : namesToBlock) { + if (reason) { + DynBlockRule rule(d_suffixMatchRule); + rule.d_blockReason = std::move(*reason); + addOrRefreshBlockSMT(smtBlocks, now, name, rule, updated); + } + else { + addOrRefreshBlockSMT(smtBlocks, now, name, d_suffixMatchRule, updated); } } + if (updated) { + g_dynblockSMT.setState(std::move(smtBlocks)); + } } } @@ -174,11 +181,7 @@ bool DynBlockRulesGroup::checkIfResponseCodeMatches(const Rings::Response& respo } auto ratio = d_rcodeRatioRules.find(response.dh.rcode); - if (ratio != d_rcodeRatioRules.end() && ratio->second.matches(response.when)) { - return true; - } - - return false; + return ratio != d_rcodeRatioRules.end() && ratio->second.matches(response.when); } /* return the actual action that will be taken by that block: @@ -193,8 +196,9 @@ static DNSAction::Action getActualAction(const DynBlock& block) return g_dynBlockAction; } -namespace dnsdist::DynamicBlocks { - bool addOrRefreshBlock(NetmaskTree& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const std::string& reason, unsigned int duration, DNSAction::Action action, bool warning, bool beQuiet) +namespace dnsdist::DynamicBlocks +{ +bool addOrRefreshBlock(NetmaskTree& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const std::string& reason, unsigned int duration, DNSAction::Action action, bool warning, bool beQuiet) { unsigned int count = 0; bool expired = false; @@ -203,11 +207,11 @@ namespace dnsdist::DynamicBlocks { struct timespec until = now; until.tv_sec += duration; - DynBlock db{reason, until, DNSName(), warning ? DNSAction::Action::NoOp : action}; - db.warning = warning; + DynBlock dblock{reason, until, DNSName(), warning ? DNSAction::Action::NoOp : action}; + dblock.warning = warning; const auto& got = blocks.lookup(requestor); - if (got) { + if (got != nullptr) { bpf = got->second.bpf; if (warning && !got->second.warning) { @@ -215,7 +219,7 @@ namespace dnsdist::DynamicBlocks { don't override it */ return false; } - else if (!warning && got->second.warning) { + if (!warning && got->second.warning) { wasWarning = true; } else { @@ -234,13 +238,11 @@ namespace dnsdist::DynamicBlocks { } } - db.blocks = count; + dblock.blocks = count; - if (!got || expired || wasWarning) { - const auto actualAction = getActualAction(db); - if (g_defaultBPFFilter && - ((requestor.isIPv4() && requestor.getBits() == 32) || (requestor.isIPv6() && requestor.getBits() == 128)) && - (actualAction == DNSAction::Action::Drop || actualAction == DNSAction::Action::Truncate)) { + if (got == nullptr || expired || wasWarning) { + const auto actualAction = getActualAction(dblock); + if (g_defaultBPFFilter && ((requestor.isIPv4() && requestor.getBits() == 32) || (requestor.isIPv6() && requestor.getBits() == 128)) && (actualAction == DNSAction::Action::Drop || actualAction == DNSAction::Action::Truncate)) { try { BPFFilter::MatchAction bpfAction = actualAction == DNSAction::Action::Drop ? BPFFilter::MatchAction::Drop : BPFFilter::MatchAction::Truncate; if (g_defaultBPFFilter->supportsMatchAction(bpfAction)) { @@ -255,13 +257,13 @@ namespace dnsdist::DynamicBlocks { } if (!beQuiet) { - warnlog("Inserting %s%sdynamic block for %s for %d seconds: %s", warning ? "(warning) " :"", bpf ? "eBPF " : "", requestor.toString(), duration, reason); + warnlog("Inserting %s%sdynamic block for %s for %d seconds: %s", warning ? "(warning) " : "", bpf ? "eBPF " : "", requestor.toString(), duration, reason); } } - db.bpf = bpf; + dblock.bpf = bpf; - blocks.insert(requestor).second = std::move(db); + blocks.insert(requestor).second = std::move(dblock); return true; } @@ -271,17 +273,17 @@ bool addOrRefreshBlockSMT(SuffixMatchTree& blocks, const struct timesp struct timespec until = now; until.tv_sec += duration; unsigned int count = 0; - DynBlock db{reason, until, name.makeLowerCase(), action}; + DynBlock dblock{reason, until, name.makeLowerCase(), action}; /* be careful, if you try to insert a longer suffix lookup() might return a shorter one if it is already in the tree as a final node */ const DynBlock* got = blocks.lookup(name); - if (got && got->domain != name) { + if (got != nullptr && got->domain != name) { got = nullptr; } bool expired = false; - if (got) { + if (got != nullptr) { if (until < got->until) { // had a longer policy return false; @@ -296,17 +298,17 @@ bool addOrRefreshBlockSMT(SuffixMatchTree& blocks, const struct timesp } } - db.blocks = count; + dblock.blocks = count; - if (!beQuiet && (!got || expired)) { + if (!beQuiet && (got == nullptr || expired)) { warnlog("Inserting dynamic block for %s for %d seconds: %s", name, duration, reason); } - blocks.add(name, std::move(db)); + blocks.add(name, std::move(dblock)); return true; } } -void DynBlockRulesGroup::addOrRefreshBlock(boost::optional >& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning) +void DynBlockRulesGroup::addOrRefreshBlock(boost::optional>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning) { /* network exclusions are address-based only (no port) */ if (d_excludedSubnets.match(requestor.getNetwork())) { @@ -362,22 +364,22 @@ void DynBlockRulesGroup::processQueryRules(counts_t& counts, const struct timesp } for (const auto& shard : g_rings.d_shards) { - auto rl = shard->queryRing.lock(); - for (const auto& c : *rl) { - if (now < c.when) { + auto queryRing = shard->queryRing.lock(); + for (const auto& ringEntry : *queryRing) { + if (now < ringEntry.when) { continue; } - bool qRateMatches = d_queryRateRule.matches(c.when); - bool typeRuleMatches = checkIfQueryTypeMatches(c); + bool qRateMatches = d_queryRateRule.matches(ringEntry.when); + bool typeRuleMatches = checkIfQueryTypeMatches(ringEntry); if (qRateMatches || typeRuleMatches) { - auto& entry = counts[AddressAndPortRange(c.requestor, c.requestor.isIPv4() ? d_v4Mask : d_v6Mask, d_portMask)]; + auto& entry = counts[AddressAndPortRange(ringEntry.requestor, ringEntry.requestor.isIPv4() ? d_v4Mask : d_v6Mask, d_portMask)]; if (qRateMatches) { ++entry.queries; } if (typeRuleMatches) { - ++entry.d_qtypeCounts[c.qtype]; + ++entry.d_qtypeCounts[ringEntry.qtype]; } } } @@ -421,39 +423,39 @@ void DynBlockRulesGroup::processResponseRules(counts_t& counts, StatNode& root, } for (const auto& shard : g_rings.d_shards) { - auto rl = shard->respRing.lock(); - for(const auto& c : *rl) { - if (now < c.when) { + auto responseRing = shard->respRing.lock(); + for (const auto& ringEntry : *responseRing) { + if (now < ringEntry.when) { continue; } - if (c.when < responseCutOff) { + if (ringEntry.when < responseCutOff) { continue; } - auto& entry = counts[AddressAndPortRange(c.requestor, c.requestor.isIPv4() ? d_v4Mask : d_v6Mask, d_portMask)]; + auto& entry = counts[AddressAndPortRange(ringEntry.requestor, ringEntry.requestor.isIPv4() ? d_v4Mask : d_v6Mask, d_portMask)]; ++entry.responses; - bool respRateMatches = d_respRateRule.matches(c.when); - bool suffixMatchRuleMatches = d_suffixMatchRule.matches(c.when); - bool rcodeRuleMatches = checkIfResponseCodeMatches(c); + bool respRateMatches = d_respRateRule.matches(ringEntry.when); + bool suffixMatchRuleMatches = d_suffixMatchRule.matches(ringEntry.when); + bool rcodeRuleMatches = checkIfResponseCodeMatches(ringEntry); if (respRateMatches || rcodeRuleMatches) { if (respRateMatches) { - entry.respBytes += c.size; + entry.respBytes += ringEntry.size; } if (rcodeRuleMatches) { - ++entry.d_rcodeCounts[c.dh.rcode]; + ++entry.d_rcodeCounts[ringEntry.dh.rcode]; } } if (suffixMatchRuleMatches) { - bool hit = c.ds.sin4.sin_family == 0; - if (!hit && c.ds.isIPv4() && c.ds.sin4.sin_addr.s_addr == 0 && c.ds.sin4.sin_port == 0) { + bool hit = ringEntry.ds.sin4.sin_family == 0; + if (!hit && ringEntry.ds.isIPv4() && ringEntry.ds.sin4.sin_addr.s_addr == 0 && ringEntry.ds.sin4.sin_port == 0) { hit = true; } - root.submit(c.name, ((c.dh.rcode == 0 && c.usec == std::numeric_limits::max()) ? -1 : c.dh.rcode), c.size, hit, boost::none); + root.submit(ringEntry.name, ((ringEntry.dh.rcode == 0 && ringEntry.usec == std::numeric_limits::max()) ? -1 : ringEntry.dh.rcode), ringEntry.size, hit, boost::none); } } } @@ -539,10 +541,10 @@ std::map>> D topsForReason.pop_front(); } - topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& a, const std::pair& b) { - return a.second < b.second; - }), - newEntry); + topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& rhs, const std::pair& lhs) { + return rhs.second < lhs.second; + }), + newEntry); } } @@ -566,10 +568,10 @@ std::map>> DynBlockMaint topsForReason.pop_front(); } - topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& a, const std::pair& b) { - return a.second < b.second; - }), - newEntry); + topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& rhs, const std::pair& lhs) { + return rhs.second < lhs.second; + }), + newEntry); } }); @@ -578,7 +580,7 @@ std::map>> DynBlockMaint struct DynBlockEntryStat { - size_t sum; + size_t sum{0}; unsigned int lastSeenValue{0}; }; @@ -609,9 +611,9 @@ void DynBlockMaintenance::generateMetrics() } /* do NMG */ - std::map> nm; + std::map> netmasks; for (const auto& reason : s_metricsData.front().nmgData) { - auto& reasonStat = nm[reason.first]; + auto& reasonStat = netmasks[reason.first]; /* prepare the counters by scanning the oldest entry (N+1) */ for (const auto& entry : reason.second) { @@ -629,9 +631,9 @@ void DynBlockMaintenance::generateMetrics() continue; } - auto& nmgData = snap.nmgData; + const auto& nmgData = snap.nmgData; for (const auto& reason : nmgData) { - auto& reasonStat = nm[reason.first]; + auto& reasonStat = netmasks[reason.first]; for (const auto& entry : reason.second) { auto& stat = reasonStat[entry.first]; if (entry.second < stat.lastSeenValue) { @@ -649,20 +651,20 @@ void DynBlockMaintenance::generateMetrics() /* now we need to get the top N entries (for each "reason") based on our counters (sum of the last N entries) */ std::map>> topNMGs; { - for (const auto& reason : nm) { + for (const auto& reason : netmasks) { auto& topsForReason = topNMGs[reason.first]; for (const auto& entry : reason.second) { if (topsForReason.size() < s_topN || topsForReason.front().second < entry.second.sum) { /* Note that this is a gauge, so we need to divide by the number of elapsed seconds */ - auto newEntry = std::pair(entry.first, std::round(entry.second.sum / 60.0)); + auto newEntry = std::pair(entry.first, std::round(static_cast(entry.second.sum) / 60.0)); if (topsForReason.size() >= s_topN) { topsForReason.pop_front(); } - topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& a, const std::pair& b) { - return a.second < b.second; - }), - newEntry); + topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& rhs, const std::pair& lhs) { + return rhs.second < lhs.second; + }), + newEntry); } } } @@ -689,7 +691,7 @@ void DynBlockMaintenance::generateMetrics() continue; } - auto& smtData = snap.smtData; + const auto& smtData = snap.smtData; for (const auto& reason : smtData) { auto& reasonStat = smt[reason.first]; for (const auto& entry : reason.second) { @@ -714,15 +716,15 @@ void DynBlockMaintenance::generateMetrics() for (const auto& entry : reason.second) { if (topsForReason.size() < s_topN || topsForReason.front().second < entry.second.sum) { /* Note that this is a gauge, so we need to divide by the number of elapsed seconds */ - auto newEntry = std::pair(entry.first, std::round(entry.second.sum / 60.0)); + auto newEntry = std::pair(entry.first, std::round(static_cast(entry.second.sum) / 60.0)); if (topsForReason.size() >= s_topN) { topsForReason.pop_front(); } - topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& a, const std::pair& b) { - return a.second < b.second; - }), - newEntry); + topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& lhs, const std::pair& rhs) { + return lhs.second < rhs.second; + }), + newEntry); } } } @@ -759,7 +761,7 @@ void DynBlockMaintenance::run() sleepDelay = std::min(sleepDelay, (nextMetricsGeneration - now)); // coverity[store_truncates_time_t] - sleep(sleepDelay); + std::this_thread::sleep_for(std::chrono::seconds(sleepDelay)); try { now = time(nullptr); @@ -781,7 +783,9 @@ void DynBlockMaintenance::run() } if (s_expiredDynBlocksPurgeInterval > 0 && now >= nextExpiredPurge) { - struct timespec tspec; + struct timespec tspec + { + }; gettime(&tspec); purgeExpired(tspec); diff --git a/pdns/dnsdistdist/dnsdist-lua-ffi.cc b/pdns/dnsdistdist/dnsdist-lua-ffi.cc index 4b7ae8cf49..8133633071 100644 --- a/pdns/dnsdistdist/dnsdist-lua-ffi.cc +++ b/pdns/dnsdistdist/dnsdist-lua-ffi.cc @@ -1717,7 +1717,9 @@ bool dnsdist_ffi_dynamic_blocks_add(const char* address, const char* message, ui AddressAndPortRange target(clientIPCA, clientIPMask, clientIPPortMask); - struct timespec now; + struct timespec now + { + }; gettime(&now); auto slow = g_dynblockNMG.getCopy(); if (dnsdist::DynamicBlocks::addOrRefreshBlock(slow, now, target, message, duration, static_cast(action), false, false)) { @@ -1754,7 +1756,9 @@ bool dnsdist_ffi_dynamic_blocks_smt_add(const char* suffix, const char* message, return false; } - struct timespec now; + struct timespec now + { + }; gettime(&now); auto slow = g_dynblockSMT.getCopy(); if (dnsdist::DynamicBlocks::addOrRefreshBlockSMT(slow, now, domain, message, duration, static_cast(action), false)) { @@ -1787,7 +1791,9 @@ size_t dnsdist_ffi_dynamic_blocks_get_entries(dnsdist_ffi_dynamic_blocks_list_t* auto list = std::make_unique(); - struct timespec now; + struct timespec now + { + }; gettime(&now); auto fullCopy = g_dynblockNMG.getCopy(); @@ -1818,7 +1824,9 @@ size_t dnsdist_ffi_dynamic_blocks_smt_get_entries(dnsdist_ffi_dynamic_blocks_lis auto list = std::make_unique(); - struct timespec now; + struct timespec now + { + }; gettime(&now); auto fullCopy = g_dynblockSMT.getCopy(); @@ -1862,10 +1870,13 @@ void dnsdist_ffi_dynamic_blocks_list_free(dnsdist_ffi_dynamic_blocks_list_t* lis } for (auto& entry : list->d_entries) { + // NOLINTNEXTLINE(cppcoreguidelines-owning-memory): this is a C API, RAII is not an option free(entry.key); + // NOLINTNEXTLINE(cppcoreguidelines-owning-memory): this is a C API, RAII is not an option free(entry.reason); } + // NOLINTNEXTLINE(cppcoreguidelines-owning-memory): this is a C API, RAII is not an option delete list; }