dnsdist: Add `clearRules()` and `setRules()`

diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md
index 85e394a051698f2fdd3b921724b3a9718a978bdd..bdfd22700820f69243dd408623df8d55ef6947dc 100644 (file)
--- a/pdns/README-dnsdist.md
+++ b/pdns/README-dnsdist.md
@@ -412,6 +412,20 @@ A convenience function `makeRule()` is supplied which will make a NetmaskGroupRu
 depending on how you call it. `makeRule("0.0.0.0/0")` will for example match all IPv4 traffic, `makeRule{"be","nl","lu"}` will
 match all Benelux DNS traffic.
 
+All the current rules can be removed at once with:
+
+```
+> clearRules()
+```
+
+It is also possible to replace the current rules by a list of new ones in a
+single operation with `setRules()`:
+
+```
+> setRules( { newRuleAction(TCPRule(), AllowAction()), newRuleAction(AllRule(), DropAction()) } )
+```
+
+
 More power
 ----------
 More powerful things can be achieved by defining a function called
@@ -1213,14 +1227,17 @@ instantiate a server with additional parameters
     * `TCPRule(tcp)`: matches question received over TCP if `tcp` is true, over UDP otherwise
     * `TrailingDataRule()`: matches if the query has trailing data
  * Rule management related:
+    * `clearRules()`: remove all current rules
     * `getAction(num)`: returns the Action associate with rule 'num'.
-    * `showRules()`: show all defined rules (Pool, Block, QPS, addAnyTCRule)
     * `mvResponseRule(from, to)`: move response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule,
      in which case the rule will be moved to the last position.
     * `mvRule(from, to)`: move rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule,
      in which case the rule will be moved to the last position.
+    * `newRuleAction(DNS Rule, DNS Action)`: return a pair of DNS Rule and DNS Action, to be used with `setRules()`
     * `rmResponseRule(n)`: remove response rule n
     * `rmRule(n)`: remove rule n
+    * `setRules(list)`: replace the current rules with the supplied list of pairs of DNS Rules and DNS Actions (see `newRuleAction()`)
+    * `showRules()`: show all defined rules (Pool, Block, QPS, addAnyTCRule)
     * `topResponseRule()`: move the last response rule to the first position
     * `topRule()`: move the last rule to the first position
  * Built-in Actions for Rules:

diff --git a/pdns/dnsdist-console.cc b/pdns/dnsdist-console.cc
index eb1476dcd630aa41ded7a52c576faed8c35540bb..e367cedcc0402ec558736e9373e4daaad4de2b1b 100644 (file)
--- a/pdns/dnsdist-console.cc
+++ b/pdns/dnsdist-console.cc
@@ -225,7 +225,7 @@ char* my_generator(const char* text, int state)
       "addResponseAction(",
       "AllowAction(", "AllRule(", "AndRule(",
       "benchRule(",
-      "carbonServer(", "controlSocket(", "clearDynBlocks()",
+      "carbonServer(", "controlSocket(", "clearDynBlocks()", "clearRules(",
       "DelayAction(", "delta()", "DisableValidationAction(", "DropAction(",
       "dumpStats()",
       "exceedNXDOMAINs(", "exceedQRate(", "exceedQTypeRate(", "exceedRespByterate(",
@@ -236,7 +236,7 @@ char* my_generator(const char* text, int state)
       "leastOutstanding", "LogAction(",
       "makeKey()", "MaxQPSIPRule(", "MaxQPSRule(", "mvResponseRule(",
       "mvRule(",
-      "newDNSName(", "newQPSLimiter(", "newRemoteLogger(", "newServer(",
+      "newDNSName(", "newQPSLimiter(", "newRemoteLogger(", "newRuleAction(", "newServer(",
       "newServerPolicy(", "newSuffixMatchNode(", "NoRecurseAction(",
       "PoolAction(", "printDNSCryptProviderFingerprint(",
       "RegexRule(", "RemoteLogAction(", "RemoteLogResponseAction(", "rmResponseRule(",
@@ -244,8 +244,8 @@ char* my_generator(const char* text, int state)
       "QTypeRule(",
       "setACL(", "setDNSSECPool(", "setECSOverride(",
       "setECSSourcePrefixV4(", "setECSSourcePrefixV6(", "setKey(", "setLocal(",
-      "setMaxTCPClientThreads(", "setMaxTCPQueuedConnections(", "setMaxUDPOutstanding(", "setServerPolicy(",
-      "setServerPolicyLua(",
+      "setMaxTCPClientThreads(", "setMaxTCPQueuedConnections(", "setMaxUDPOutstanding(", "setRules(",
+      "setServerPolicy(", "setServerPolicyLua(",
       "setTCPRecvTimeout(", "setTCPSendTimeout(", "setVerboseHealthChecks(", "show(", "showACL()",
       "showDNSCryptBinds()", "showDynBlocks()", "showResponseLatency()", "showResponseRules()",
       "showRules()", "showServerPolicy()", "showServers()", "shutdown()", "SpoofAction(",

diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index c2c25d90b423736c649a387b1e8a181f6f4201d6..a3e9e2733020ae0f3e5b9bfb58821051b457d05d 100644 (file)
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -424,7 +424,30 @@ vector<std::function<void(void)>> setupLua(bool client, const std::string& confi
       }
       g_rulactions.setState(rules);
     });
+  g_lua.writeFunction("clearRules", []() {
+      setLuaSideEffect();
+      g_rulactions.modify([](decltype(g_rulactions)::value_type& rulactions) {
+          rulactions.clear();
+        });
+    });
+
+  g_lua.writeFunction("newRuleAction", [](luadnsrule_t dnsrule, std::shared_ptr<DNSAction> action) {
+      auto rule=makeRule(dnsrule);
+      return std::make_shared<std::pair< luadnsrule_t, std::shared_ptr<DNSAction> > >(rule, action);
+    });
 
+  g_lua.writeFunction("setRules", [](std::vector< std::pair<int, std::shared_ptr<std::pair<luadnsrule_t, std::shared_ptr<DNSAction> > > > > newruleactions) {
+      setLuaSideEffect();
+      g_rulactions.modify([newruleactions](decltype(g_rulactions)::value_type& gruleactions) {
+          gruleactions.clear();
+          for (const auto& newruleaction : newruleactions) {
+            if (newruleaction.second) {
+              auto rule=makeRule(newruleaction.second->first);
+              gruleactions.push_back({rule, newruleaction.second->second});
+            }
+          }
+        });
+    });
 
   g_lua.writeFunction("rmServer", 
                      [](boost::variant<std::shared_ptr<DownstreamState>, int> var)