From: bert hubert <bert.hubert@netherlabs.nl>
Date: Fri, 4 Sep 2015 11:30:44 +0000 (+0200)
Subject: hook up truncation for MaxQPSIPRule so we can group ipv6 by /64 etc
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~59^2~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1b726acf1ff86f44e198e91b9fc12f736f6562c9;p=pdns

hook up truncation for MaxQPSIPRule so we can group ipv6 by /64 etc
---

diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index 35c10982b..85f911132 100644
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -355,8 +355,8 @@ vector<std::function<void(void)>> setupLua(bool client, const std::string& confi
     });
 
 
-  g_lua.writeFunction("MaxQPSIPRule", [](unsigned int qps) {
-      return std::shared_ptr<DNSRule>(new MaxQPSIPRule(qps));
+  g_lua.writeFunction("MaxQPSIPRule", [](unsigned int qps, boost::optional<int> ipv4trunc, boost::optional<int> ipv6trunc) {
+      return std::shared_ptr<DNSRule>(new MaxQPSIPRule(qps, ipv4trunc.get_value_or(32), ipv6trunc.get_value_or(64)));
     });
 
 
diff --git a/pdns/dnsdistconf.lua b/pdns/dnsdistconf.lua
index cafe0a9d6..4258c75cd 100644
--- a/pdns/dnsdistconf.lua
+++ b/pdns/dnsdistconf.lua
@@ -36,6 +36,8 @@ function luarule(remote, qname, qtype, dh, len)
 end
 addLuaAction("192.168.1.0/24", luarule)
 
+addAction(MaxQPSIPRule(5, 24, 64), DropAction())
+
 topRule()
 
 addDomainBlock("powerdns.org.")
diff --git a/pdns/dnsrulactions.hh b/pdns/dnsrulactions.hh
index f86397a8e..2eb64e31c 100644
--- a/pdns/dnsrulactions.hh
+++ b/pdns/dnsrulactions.hh
@@ -4,12 +4,15 @@
 class MaxQPSIPRule : public DNSRule
 {
 public:
-  MaxQPSIPRule(unsigned int qps) : d_qps(qps) {}
+  MaxQPSIPRule(unsigned int qps, unsigned int ipv4trunc=32, unsigned int ipv6trunc=64) : 
+    d_qps(qps), d_ipv4trunc(ipv4trunc), d_ipv6trunc(ipv6trunc)
+  {}
 
   bool matches(const ComboAddress& remote, const DNSName& qname, uint16_t qtype, dnsheader* dh, int len) const override
   {
     ComboAddress zeroport(remote);
     zeroport.sin4.sin_port=0;
+    zeroport.truncate(zeroport.sin4.sin_family == AF_INET ? d_ipv4trunc : d_ipv6trunc);
     auto iter = d_limits.find(zeroport);
     if(iter == d_limits.end()) {
       iter=d_limits.insert({zeroport,QPSLimiter(d_qps, d_qps)}).first;
@@ -19,13 +22,13 @@ public:
 
   string toString() const override
   {
-    return "per IP match for QPS over " + std::to_string(d_qps);
+    return "IP (/"+std::to_string(d_ipv4trunc)+", /"+std::to_string(d_ipv6trunc)+") match for QPS over " + std::to_string(d_qps);
   }
 
 
 private:
   mutable std::map<ComboAddress, QPSLimiter> d_limits;
-  unsigned int d_qps;
+  unsigned int d_qps, d_ipv4trunc, d_ipv6trunc;
 
 };