implement a maintenance() function in dnsdist lua which can configure dynamic filters...

dyn = newNMG()
function blockFilter(remote, qname, qtype, dh)
--	print(string.format("Called from %s", remote:tostring()))
	if(dyn:match(remote))
	then
		print("Blocking query from " .. remote:tostring() .. " because dynamic blocklist")
		return true
	end
	return false
end

function maintenance()
	local newdyn = newNMG()
	local exc=exceedServfails(1, 3) -- more than 1 qps over 3 seconds
	newdyn:add(exc)
	for k, v in pairs( exc ) do
	   newdyn:add(k)
	end

	exc=exceedNXDOMAINs(3, 10)   -- more than 3 qps over 10 seconds
	for k, v in pairs( exc ) do
	   print("Adding because of NXDOMAIN: "..k:tostring())
	   newdyn:add(k)
	end

	newdyn:add(exceedByterate(1000, 4)) -- more than 1000 bytes/s over 4 seconds

	dyn=newdyn
end

diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index 7dcb6b5b399e54a93fe05609cec304d58c9aba7a..7a61ee7efa3474ee1fcc9fe085de88b051eff16e 100644 (file)
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -616,6 +616,7 @@ dnsdist_SOURCES = \
        dnsdist.cc \
        dnsdist-carbon.cc \
        dnsdist-lua.cc \
+       dnsdist-lua2.cc \
        dnsdist-tcp.cc \
        dnsdist-web.cc \
        dnslabeltext.cc \

diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index 21c920e34bda308f22b0c7a658c6c90a3fec7a1d..247728550feb58af0fe7a50038c7e283da86450b 100644 (file)
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -930,6 +930,8 @@ vector<std::function<void(void)>> setupLua(bool client, const std::string& confi
        g_outputBuffer += (clmn % lentry % rentry).str();
       }
     });
+
+  moreLua();
   
   std::ifstream ifs(config);
   if(!ifs) 

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index 31c32e6dade11f671c45f27502dabda94f172f58..07783e7af363be909b5cebd1d2f060badb480628 100644 (file)
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -191,8 +191,10 @@ void* responderThread(std::shared_ptr<DownstreamState> state)
     vinfolog("Got answer from %s, relayed to %s, took %f usec", state->remote.toStringWithPort(), ids->origRemote.toStringWithPort(), udiff);
 
     {
+      struct timespec ts;
+      clock_gettime(CLOCK_MONOTONIC, &ts);
       std::lock_guard<std::mutex> lock(g_rings.respMutex);
-      g_rings.respRing.push_back({ids->qname, ids->qtype, (uint8_t)dh->rcode, (unsigned int)udiff});
+      g_rings.respRing.push_back({ts, ids->origRemote, ids->qname, ids->qtype, (uint8_t)dh->rcode, (unsigned int)udiff, (unsigned int)len});
     }
     if(dh->rcode == 2)
       g_stats.servfailResponses++;
@@ -219,12 +221,6 @@ void* responderThread(std::shared_ptr<DownstreamState> state)
   return 0;
 }
 
-bool operator<(const struct timespec&a, const struct timespec& b) 
-{ 
-  return std::tie(a.tv_sec, a.tv_nsec) < std::tie(b.tv_sec, b.tv_nsec); 
-}
-
-
 DownstreamState::DownstreamState(const ComboAddress& remote_): checkName("a.root-servers.net."), checkType(QType::A), mustResolve(false)
 {
   remote = remote_;
@@ -666,11 +662,18 @@ void* maintThread()
           ids.origFD = -1;
           dss->reuseds++;
           --dss->outstanding;
+         struct timespec ts;
+         clock_gettime(CLOCK_MONOTONIC, &ts);
          std::lock_guard<std::mutex> lock(g_rings.respMutex);
-         g_rings.respRing.push_back({ids.qname, ids.qtype, 0, 2000000});
+         g_rings.respRing.push_back({ts, ids.origRemote, ids.qname, ids.qtype, 0, 2000000, 0});
         }          
       }
     }
+
+    std::lock_guard<std::mutex> lock(g_luamutex);
+    auto f =g_lua.readVariable<boost::optional<std::function<void()> > >("maintenance");
+    if(f)
+      (*f)();
   }
   return 0;
 }

diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh
index 9038de1565ff45d03d6aad474299558eba1498e6..3634ae4cfef5cb395f1973390e7d15a14b60e361 100644 (file)
--- a/pdns/dnsdist.hh
+++ b/pdns/dnsdist.hh
@@ -187,10 +187,13 @@ struct Rings {
   boost::circular_buffer<DNSName> queryRing;
   struct Response
   {
+    struct timespec when;
+    ComboAddress requestor;
     DNSName name;
     uint16_t qtype;
     uint8_t rcode;
     unsigned int usec;
+    unsigned int size;
   };
   boost::circular_buffer<Response> respRing;
   std::mutex respMutex;
@@ -360,3 +363,5 @@ void dnsdistWebserverThread(int sock, const ComboAddress& local, const string& p
 bool getMsgLen(int fd, uint16_t* len);
 bool putMsgLen(int fd, uint16_t len);
 void* tcpAcceptorThread(void* p);
+
+void moreLua();

diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am
index e2d53821cb1777fa2a25b3a4862f7a58177d0178..1b5cc81bc2cb4867c18199c38b2935cbf9a4b787 100644 (file)
--- a/pdns/dnsdistdist/Makefile.am
+++ b/pdns/dnsdistdist/Makefile.am
@@ -30,6 +30,7 @@ dnsdist_SOURCES = \
        dnsdist.cc dnsdist.hh \
        dnsdist-carbon.cc \
        dnsdist-lua.cc \
+       dnsdist-lua2.cc \
        dnsdist-tcp.cc \
        dnsdist-web.cc \
        dnslabeltext.cc \

diff --git a/pdns/dnsdistdist/dnsdist-lua2.cc b/pdns/dnsdistdist/dnsdist-lua2.cc
new file mode 120000 (symlink)
index 0000000..b3410b1
--- /dev/null
+++ b/pdns/dnsdistdist/dnsdist-lua2.cc
@@ -0,0 +1 @@
+../dnsdist-lua2.cc
\ No newline at end of file

diff --git a/pdns/misc.hh b/pdns/misc.hh
index 3e962cfb07156d3b26964fe8c505e3bc9d26455f..570ff4a66fd21fd33a494ad9e92de54bd3b49956 100644 (file)
--- a/pdns/misc.hh
+++ b/pdns/misc.hh
@@ -317,6 +317,12 @@ inline bool operator<(const struct timeval& lhs, const struct timeval& rhs)
   return make_pair(lhs.tv_sec, lhs.tv_usec) < make_pair(rhs.tv_sec, rhs.tv_usec);
 }
 
+inline bool operator<(const struct timespec& lhs, const struct timespec& rhs)
+{
+  return tie(lhs.tv_sec, lhs.tv_nsec) < tie(rhs.tv_sec, rhs.tv_nsec);
+}
+
+
 inline bool pdns_ilexicographical_compare(const std::string& a, const std::string& b)  __attribute__((pure));
 inline bool pdns_ilexicographical_compare(const std::string& a, const std::string& b)
 {