From: Remi Gacogne Date: Mon, 26 Mar 2018 10:27:46 +0000 (+0200) Subject: dnsdist: Log when we add an EBPF dynamic block, like regular ones X-Git-Tag: dnsdist-1.3.0~27^2~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4900be3f60fb8e29dd014bdea6a05adeb8db736e;p=pdns dnsdist: Log when we add an EBPF dynamic block, like regular ones --- diff --git a/pdns/dnsdist-dynbpf.cc b/pdns/dnsdist-dynbpf.cc index 5550931e5..7abddedf5 100644 --- a/pdns/dnsdist-dynbpf.cc +++ b/pdns/dnsdist-dynbpf.cc @@ -23,8 +23,9 @@ #ifdef HAVE_EBPF -void DynBPFFilter::block(const ComboAddress& addr, const struct timespec& until) +bool DynBPFFilter::block(const ComboAddress& addr, const struct timespec& until) { + bool inserted = false; std::unique_lock lock(d_mutex); const container_t::iterator it = d_entries.find(addr); @@ -36,7 +37,9 @@ void DynBPFFilter::block(const ComboAddress& addr, const struct timespec& until) else { d_bpf->block(addr); d_entries.insert(BlockEntry(addr, until)); + inserted = true; } + return inserted; } void DynBPFFilter::purgeExpired(const struct timespec& now) diff --git a/pdns/dnsdist-dynbpf.hh b/pdns/dnsdist-dynbpf.hh index df2eec315..3fed6f18c 100644 --- a/pdns/dnsdist-dynbpf.hh +++ b/pdns/dnsdist-dynbpf.hh @@ -41,7 +41,8 @@ public: ~DynBPFFilter() { } - void block(const ComboAddress& addr, const struct timespec& until); + /* returns true if the addr wasn't already blocked, false otherwise */ + bool block(const ComboAddress& addr, const struct timespec& until); void purgeExpired(const struct timespec& now); std::vector > getAddrStats(); private: diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index e3c305dd9..a32f92521 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -1171,7 +1171,7 @@ void setupLuaConfig(bool client) } }); - g_lua.writeFunction("addBPFFilterDynBlocks", [](const map& m, std::shared_ptr dynbpf, boost::optional seconds) { + g_lua.writeFunction("addBPFFilterDynBlocks", [](const map& m, std::shared_ptr dynbpf, boost::optional seconds, boost::optional msg) { setLuaSideEffect(); struct timespec until, now; clock_gettime(CLOCK_MONOTONIC, &now); @@ -1179,7 +1179,9 @@ void setupLuaConfig(bool client) int actualSeconds = seconds ? *seconds : 10; until.tv_sec += actualSeconds; for(const auto& capair : m) { - dynbpf->block(capair.first, until); + if (dynbpf->block(capair.first, until)) { + warnlog("Inserting eBPF dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg ? *msg : ""); + } } }); diff --git a/pdns/dnsdistdist/docs/reference/ebpf.rst b/pdns/dnsdistdist/docs/reference/ebpf.rst index b55c06c88..482b1ff5c 100644 --- a/pdns/dnsdistdist/docs/reference/ebpf.rst +++ b/pdns/dnsdistdist/docs/reference/ebpf.rst @@ -3,7 +3,10 @@ eBPF functions and objects These are all the functions, objects and methods related to the :doc:`../advanced/ebpf`. -.. function:: addBPFFilterDynBlocks(addresses, dynbpf[, seconds=10]) +.. function:: addBPFFilterDynBlocks(addresses, dynbpf[[, seconds=10], msg]) + + .. versionchanged:: 1.3.0 + ``msg`` optional parameter added. This is the eBPF equivalent of :func:`addDynBlocks`, blocking a set of addresses for (optionally) a number of seconds, using an eBPF dynamic filter. The default number of seconds to block for is 10. @@ -11,6 +14,7 @@ These are all the functions, objects and methods related to the :doc:`../advance :param addresses: set of Addresses as returned by an :ref:`exceed function ` :param DynBPFFilter dynbpf: The dynamic eBPF filter to use :param int seconds: The number of seconds this block to expire + :param str msg: A message to display while inserting the block .. function:: newBPFFilter(maxV4, maxV6, maxQNames) -> BPFFilter