dnsdist: Log when we add an EBPF dynamic block, like regular ones

diff --git a/pdns/dnsdist-dynbpf.cc b/pdns/dnsdist-dynbpf.cc
index 5550931e5ecf297f2ade395627571c92226fe09d..7abddedf530cc3021d204ac39e913b0195c33683 100644 (file)
--- a/pdns/dnsdist-dynbpf.cc
+++ b/pdns/dnsdist-dynbpf.cc
@@ -23,8 +23,9 @@
 
 #ifdef HAVE_EBPF
 
-void DynBPFFilter::block(const ComboAddress& addr, const struct timespec& until)
+bool DynBPFFilter::block(const ComboAddress& addr, const struct timespec& until)
 {
+  bool inserted = false;
   std::unique_lock<std::mutex> lock(d_mutex);
 
   const container_t::iterator it = d_entries.find(addr);
@@ -36,7 +37,9 @@ void DynBPFFilter::block(const ComboAddress& addr, const struct timespec& until)
   else {
     d_bpf->block(addr);
     d_entries.insert(BlockEntry(addr, until));
+    inserted = true;
   }
+  return inserted;
 }
 
 void DynBPFFilter::purgeExpired(const struct timespec& now)

diff --git a/pdns/dnsdist-dynbpf.hh b/pdns/dnsdist-dynbpf.hh
index df2eec315ae4860c588c747e0483882214fe7dd0..3fed6f18cbf34a55ea5620e656ac5930529a197a 100644 (file)
--- a/pdns/dnsdist-dynbpf.hh
+++ b/pdns/dnsdist-dynbpf.hh
@@ -41,7 +41,8 @@ public:
   ~DynBPFFilter()
   {
   }
-  void block(const ComboAddress& addr, const struct timespec& until);
+  /* returns true if the addr wasn't already blocked, false otherwise */
+  bool block(const ComboAddress& addr, const struct timespec& until);
   void purgeExpired(const struct timespec& now);
   std::vector<std::tuple<ComboAddress, uint64_t, struct timespec> > getAddrStats();
 private:

diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index e3c305dd9d5118904b0885d85ba967f0779a52aa..a32f92521d8c3fb16b8cd3e328fa20f62aeddcf4 100644 (file)
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -1171,7 +1171,7 @@ void setupLuaConfig(bool client)
       }
     });
 
-  g_lua.writeFunction("addBPFFilterDynBlocks", [](const map<ComboAddress,int>& m, std::shared_ptr<DynBPFFilter> dynbpf, boost::optional<int> seconds) {
+  g_lua.writeFunction("addBPFFilterDynBlocks", [](const map<ComboAddress,int>& m, std::shared_ptr<DynBPFFilter> dynbpf, boost::optional<int> seconds, boost::optional<std::string> msg) {
       setLuaSideEffect();
       struct timespec until, now;
       clock_gettime(CLOCK_MONOTONIC, &now);
@@ -1179,7 +1179,9 @@ void setupLuaConfig(bool client)
       int actualSeconds = seconds ? *seconds : 10;
       until.tv_sec += actualSeconds;
       for(const auto& capair : m) {
-        dynbpf->block(capair.first, until);
+        if (dynbpf->block(capair.first, until)) {
+          warnlog("Inserting eBPF dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg ? *msg : "");
+        }
       }
     });
 

diff --git a/pdns/dnsdistdist/docs/reference/ebpf.rst b/pdns/dnsdistdist/docs/reference/ebpf.rst
index b55c06c887c506b3be11f0916f2585eea608839e..482b1ff5c8097e909e46d029056393bb87095d79 100644 (file)
--- a/pdns/dnsdistdist/docs/reference/ebpf.rst
+++ b/pdns/dnsdistdist/docs/reference/ebpf.rst
@@ -3,7 +3,10 @@ eBPF functions and objects
 
 These are all the functions, objects and methods related to the :doc:`../advanced/ebpf`.
 
-.. function:: addBPFFilterDynBlocks(addresses, dynbpf[, seconds=10])
+.. function:: addBPFFilterDynBlocks(addresses, dynbpf[[, seconds=10], msg])
+
+  .. versionchanged:: 1.3.0
+    ``msg`` optional parameter added.
 
   This is the eBPF equivalent of :func:`addDynBlocks`, blocking a set of addresses for (optionally) a number of seconds, using an eBPF dynamic filter.
   The default number of seconds to block for is 10.
@@ -11,6 +14,7 @@ These are all the functions, objects and methods related to the :doc:`../advance
   :param addresses: set of Addresses as returned by an :ref:`exceed function <exceedfuncs>`
   :param DynBPFFilter dynbpf: The dynamic eBPF filter to use
   :param int seconds: The number of seconds this block to expire
+  :param str msg: A message to display while inserting the block
 
 .. function:: newBPFFilter(maxV4, maxV6, maxQNames) -> BPFFilter