From: bert hubert <bert.hubert@netherlabs.nl>
Date: Sun, 29 Nov 2015 16:43:01 +0000 (+0100)
Subject: implement a maintenance() function in dnsdist lua which can configure dynamic filters... 
X-Git-Tag: dnsdist-1.0.0-alpha1~170^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80a216c96edfb13c157e29482c14810e84e097b6;p=thirdparty%2Fpdns.git

implement a maintenance() function in dnsdist lua which can configure dynamic filters, plus add ringbuffer tooling to do so:

dyn = newNMG()
function blockFilter(remote, qname, qtype, dh)
--	print(string.format("Called from %s", remote:tostring()))
	if(dyn:match(remote))
	then
		print("Blocking query from " .. remote:tostring() .. " because dynamic blocklist")
		return true
	end
	return false
end

function maintenance()
	local newdyn = newNMG()
	local exc=exceedServfails(1, 3) -- more than 1 qps over 3 seconds
	newdyn:add(exc)
	for k, v in pairs( exc ) do
	   newdyn:add(k)
	end

	exc=exceedNXDOMAINs(3, 10)   -- more than 3 qps over 10 seconds
	for k, v in pairs( exc ) do
	   print("Adding because of NXDOMAIN: "..k:tostring())
	   newdyn:add(k)
	end

	newdyn:add(exceedByterate(1000, 4)) -- more than 1000 bytes/s over 4 seconds

	dyn=newdyn
end
---

diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index 7dcb6b5b39..7a61ee7efa 100644
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -616,6 +616,7 @@ dnsdist_SOURCES = \
 	dnsdist.cc \
 	dnsdist-carbon.cc \
 	dnsdist-lua.cc \
+	dnsdist-lua2.cc \
 	dnsdist-tcp.cc \
 	dnsdist-web.cc \
 	dnslabeltext.cc \
diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index 21c920e34b..247728550f 100644
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -930,6 +930,8 @@ vector<std::function<void(void)>> setupLua(bool client, const std::string& confi
 	g_outputBuffer += (clmn % lentry % rentry).str();
       }
     });
+
+  moreLua();
   
   std::ifstream ifs(config);
   if(!ifs) 
diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index 31c32e6dad..07783e7af3 100644
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -191,8 +191,10 @@ void* responderThread(std::shared_ptr<DownstreamState> state)
     vinfolog("Got answer from %s, relayed to %s, took %f usec", state->remote.toStringWithPort(), ids->origRemote.toStringWithPort(), udiff);
 
     {
+      struct timespec ts;
+      clock_gettime(CLOCK_MONOTONIC, &ts);
       std::lock_guard<std::mutex> lock(g_rings.respMutex);
-      g_rings.respRing.push_back({ids->qname, ids->qtype, (uint8_t)dh->rcode, (unsigned int)udiff});
+      g_rings.respRing.push_back({ts, ids->origRemote, ids->qname, ids->qtype, (uint8_t)dh->rcode, (unsigned int)udiff, (unsigned int)len});
     }
     if(dh->rcode == 2)
       g_stats.servfailResponses++;
@@ -219,12 +221,6 @@ void* responderThread(std::shared_ptr<DownstreamState> state)
   return 0;
 }
 
-bool operator<(const struct timespec&a, const struct timespec& b) 
-{ 
-  return std::tie(a.tv_sec, a.tv_nsec) < std::tie(b.tv_sec, b.tv_nsec); 
-}
-
-
 DownstreamState::DownstreamState(const ComboAddress& remote_): checkName("a.root-servers.net."), checkType(QType::A), mustResolve(false)
 {
   remote = remote_;
@@ -666,11 +662,18 @@ void* maintThread()
           ids.origFD = -1;
           dss->reuseds++;
           --dss->outstanding;
+	  struct timespec ts;
+	  clock_gettime(CLOCK_MONOTONIC, &ts);
 	  std::lock_guard<std::mutex> lock(g_rings.respMutex);
-	  g_rings.respRing.push_back({ids.qname, ids.qtype, 0, 2000000});
+	  g_rings.respRing.push_back({ts, ids.origRemote, ids.qname, ids.qtype, 0, 2000000, 0});
         }          
       }
     }
+
+    std::lock_guard<std::mutex> lock(g_luamutex);
+    auto f =g_lua.readVariable<boost::optional<std::function<void()> > >("maintenance");
+    if(f)
+      (*f)();
   }
   return 0;
 }
diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh
index 9038de1565..3634ae4cfe 100644
--- a/pdns/dnsdist.hh
+++ b/pdns/dnsdist.hh
@@ -187,10 +187,13 @@ struct Rings {
   boost::circular_buffer<DNSName> queryRing;
   struct Response
   {
+    struct timespec when;
+    ComboAddress requestor;
     DNSName name;
     uint16_t qtype;
     uint8_t rcode;
     unsigned int usec;
+    unsigned int size;
   };
   boost::circular_buffer<Response> respRing;
   std::mutex respMutex;
@@ -360,3 +363,5 @@ void dnsdistWebserverThread(int sock, const ComboAddress& local, const string& p
 bool getMsgLen(int fd, uint16_t* len);
 bool putMsgLen(int fd, uint16_t len);
 void* tcpAcceptorThread(void* p);
+
+void moreLua();
diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am
index e2d53821cb..1b5cc81bc2 100644
--- a/pdns/dnsdistdist/Makefile.am
+++ b/pdns/dnsdistdist/Makefile.am
@@ -30,6 +30,7 @@ dnsdist_SOURCES = \
 	dnsdist.cc dnsdist.hh \
 	dnsdist-carbon.cc \
 	dnsdist-lua.cc \
+	dnsdist-lua2.cc \
 	dnsdist-tcp.cc \
 	dnsdist-web.cc \
 	dnslabeltext.cc \
diff --git a/pdns/dnsdistdist/dnsdist-lua2.cc b/pdns/dnsdistdist/dnsdist-lua2.cc
new file mode 120000
index 0000000000..b3410b1dc5
--- /dev/null
+++ b/pdns/dnsdistdist/dnsdist-lua2.cc
@@ -0,0 +1 @@
+../dnsdist-lua2.cc
\ No newline at end of file
diff --git a/pdns/misc.hh b/pdns/misc.hh
index 3e962cfb07..570ff4a66f 100644
--- a/pdns/misc.hh
+++ b/pdns/misc.hh
@@ -317,6 +317,12 @@ inline bool operator<(const struct timeval& lhs, const struct timeval& rhs)
   return make_pair(lhs.tv_sec, lhs.tv_usec) < make_pair(rhs.tv_sec, rhs.tv_usec);
 }
 
+inline bool operator<(const struct timespec& lhs, const struct timespec& rhs)
+{
+  return tie(lhs.tv_sec, lhs.tv_nsec) < tie(rhs.tv_sec, rhs.tv_nsec);
+}
+
+
 inline bool pdns_ilexicographical_compare(const std::string& a, const std::string& b)  __attribute__((pure));
 inline bool pdns_ilexicographical_compare(const std::string& a, const std::string& b)
 {