]> granicus.if.org Git - pdns/commitdiff
for shame
authorbert hubert <bert.hubert@netherlabs.nl>
Sun, 29 Nov 2015 18:28:08 +0000 (19:28 +0100)
committerbert hubert <bert.hubert@netherlabs.nl>
Sun, 29 Nov 2015 18:28:08 +0000 (19:28 +0100)
pdns/dnsdist-lua2.cc [new file with mode: 0644]

diff --git a/pdns/dnsdist-lua2.cc b/pdns/dnsdist-lua2.cc
new file mode 100644 (file)
index 0000000..602dc51
--- /dev/null
@@ -0,0 +1,113 @@
+#include "dnsdist.hh"
+#include "dnsrulactions.hh"
+#include <thread>
+#include "dolog.hh"
+#include "sodcrypto.hh"
+#include "base64.hh"
+#include <map>
+#include <fstream>
+
+
+static double DiffTime(const struct timespec& first, const struct timespec& second)
+{
+  int seconds=second.tv_sec - first.tv_sec;
+  int nseconds=second.tv_nsec - first.tv_nsec;
+  
+  if(nseconds < 0) {
+    seconds-=1;
+    nseconds+=1000000000;
+  }
+  return seconds + nseconds/1000000000.0;
+}
+
+map<ComboAddress,int> filterScore(const map<ComboAddress, unsigned int,ComboAddress::addressOnlyLessThan >& counts, 
+                                 struct timespec& mintime,
+                                 struct timespec& maxtime, int rate)
+{
+  std::multimap<unsigned int,ComboAddress> score;
+  for(const auto& e : counts) 
+    score.insert({e.second, e.first});
+
+  map<ComboAddress,int> ret;
+  
+  double delta=DiffTime(mintime, maxtime);
+  double lim = delta*rate;
+  
+  for(auto s = score.crbegin(); s != score.crend() && s->first > lim; ++s) {
+    ret[s->second]=s->first;
+  }
+  return ret;
+}
+
+
+typedef   map<ComboAddress, unsigned int,ComboAddress::addressOnlyLessThan > counts_t;
+map<ComboAddress,int> exceedRespGen(int rate, int seconds, std::function<void(counts_t&, const Rings::Response&)> T) 
+{
+  counts_t counts;
+  struct timespec mintime, maxtime, cutoff;
+  clock_gettime(CLOCK_MONOTONIC, &maxtime);
+  mintime=cutoff=maxtime;
+  cutoff.tv_sec -= seconds;
+  
+  for(const auto& c : g_rings.respRing) {
+    if(seconds && c.when < cutoff)
+      continue;
+
+    T(counts, c);
+    if(c.when < mintime)
+      mintime = c.when;
+  }
+  
+  return filterScore(counts, mintime, maxtime, rate);
+}
+
+
+map<ComboAddress,int> exceedRCode(int rate, int seconds, int rcode) 
+{
+  return exceedRespGen(rate, seconds, [rcode](counts_t& counts, const Rings::Response& r) 
+                  {
+                    if(r.rcode == rcode)
+                      counts[r.requestor]++;
+                  });
+}
+
+map<ComboAddress,int> exceedRespByterate(int rate, int seconds) 
+{
+  return exceedRespGen(rate, seconds, [](counts_t& counts, const Rings::Response& r) 
+                  {
+                    counts[r.requestor]+=r.size;
+                  });
+}
+
+
+void moreLua()
+{
+  g_lua.writeFunction("newCA", [](const std::string& name) { return ComboAddress(name); });
+  g_lua.writeFunction("newNMG", []() { return std::make_shared<NetmaskGroup>(); });
+  g_lua.registerFunction<void(NetmaskGroup::*)(const ComboAddress&)>("add", 
+                                                                    [](NetmaskGroup& s, const ComboAddress& ca) { s.addMask(Netmask(ca)); });
+
+  g_lua.registerFunction<void(NetmaskGroup::*)(const map<ComboAddress,int>&)>("add", 
+                                                                             [](NetmaskGroup& s, const map<ComboAddress,int>& m) { 
+                                                                               for(const auto& capair : m)
+                                                                                 s.addMask(Netmask(capair.first)); 
+                                                                             });
+
+
+  g_lua.registerFunction<bool(NetmaskGroup::*)(const ComboAddress&)>("match", 
+                                                                    [](NetmaskGroup& s, const ComboAddress& ca) { return s.match(ca); });
+
+
+  g_lua.writeFunction("exceedServfails", [](unsigned int rate, int seconds) {
+      return exceedRCode(rate, seconds, RCode::ServFail);
+    });
+  g_lua.writeFunction("exceedNXDOMAINs", [](unsigned int rate, int seconds) {
+      return exceedRCode(rate, seconds, RCode::NXDomain);
+    });
+
+  g_lua.writeFunction("exceedRespByterate", [](unsigned int rate, int seconds) {
+      return exceedRespByterate(rate, seconds);
+    });
+
+
+}