From: Remi Gacogne Date: Mon, 27 Jun 2016 10:39:24 +0000 (+0200) Subject: dnsdist: Add `clearRules()` and `setRules()` X-Git-Tag: auth-4.0.0-rc1~10^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=50ce537a41a4334b7afd5c47f086e582d175ff9b;p=pdns dnsdist: Add `clearRules()` and `setRules()` --- diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md index 85e394a05..bdfd22700 100644 --- a/pdns/README-dnsdist.md +++ b/pdns/README-dnsdist.md @@ -412,6 +412,20 @@ A convenience function `makeRule()` is supplied which will make a NetmaskGroupRu depending on how you call it. `makeRule("0.0.0.0/0")` will for example match all IPv4 traffic, `makeRule{"be","nl","lu"}` will match all Benelux DNS traffic. +All the current rules can be removed at once with: + +``` +> clearRules() +``` + +It is also possible to replace the current rules by a list of new ones in a +single operation with `setRules()`: + +``` +> setRules( { newRuleAction(TCPRule(), AllowAction()), newRuleAction(AllRule(), DropAction()) } ) +``` + + More power ---------- More powerful things can be achieved by defining a function called @@ -1213,14 +1227,17 @@ instantiate a server with additional parameters * `TCPRule(tcp)`: matches question received over TCP if `tcp` is true, over UDP otherwise * `TrailingDataRule()`: matches if the query has trailing data * Rule management related: + * `clearRules()`: remove all current rules * `getAction(num)`: returns the Action associate with rule 'num'. - * `showRules()`: show all defined rules (Pool, Block, QPS, addAnyTCRule) * `mvResponseRule(from, to)`: move response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule, in which case the rule will be moved to the last position. * `mvRule(from, to)`: move rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule, in which case the rule will be moved to the last position. + * `newRuleAction(DNS Rule, DNS Action)`: return a pair of DNS Rule and DNS Action, to be used with `setRules()` * `rmResponseRule(n)`: remove response rule n * `rmRule(n)`: remove rule n + * `setRules(list)`: replace the current rules with the supplied list of pairs of DNS Rules and DNS Actions (see `newRuleAction()`) + * `showRules()`: show all defined rules (Pool, Block, QPS, addAnyTCRule) * `topResponseRule()`: move the last response rule to the first position * `topRule()`: move the last rule to the first position * Built-in Actions for Rules: diff --git a/pdns/dnsdist-console.cc b/pdns/dnsdist-console.cc index eb1476dcd..e367cedcc 100644 --- a/pdns/dnsdist-console.cc +++ b/pdns/dnsdist-console.cc @@ -225,7 +225,7 @@ char* my_generator(const char* text, int state) "addResponseAction(", "AllowAction(", "AllRule(", "AndRule(", "benchRule(", - "carbonServer(", "controlSocket(", "clearDynBlocks()", + "carbonServer(", "controlSocket(", "clearDynBlocks()", "clearRules(", "DelayAction(", "delta()", "DisableValidationAction(", "DropAction(", "dumpStats()", "exceedNXDOMAINs(", "exceedQRate(", "exceedQTypeRate(", "exceedRespByterate(", @@ -236,7 +236,7 @@ char* my_generator(const char* text, int state) "leastOutstanding", "LogAction(", "makeKey()", "MaxQPSIPRule(", "MaxQPSRule(", "mvResponseRule(", "mvRule(", - "newDNSName(", "newQPSLimiter(", "newRemoteLogger(", "newServer(", + "newDNSName(", "newQPSLimiter(", "newRemoteLogger(", "newRuleAction(", "newServer(", "newServerPolicy(", "newSuffixMatchNode(", "NoRecurseAction(", "PoolAction(", "printDNSCryptProviderFingerprint(", "RegexRule(", "RemoteLogAction(", "RemoteLogResponseAction(", "rmResponseRule(", @@ -244,8 +244,8 @@ char* my_generator(const char* text, int state) "QTypeRule(", "setACL(", "setDNSSECPool(", "setECSOverride(", "setECSSourcePrefixV4(", "setECSSourcePrefixV6(", "setKey(", "setLocal(", - "setMaxTCPClientThreads(", "setMaxTCPQueuedConnections(", "setMaxUDPOutstanding(", "setServerPolicy(", - "setServerPolicyLua(", + "setMaxTCPClientThreads(", "setMaxTCPQueuedConnections(", "setMaxUDPOutstanding(", "setRules(", + "setServerPolicy(", "setServerPolicyLua(", "setTCPRecvTimeout(", "setTCPSendTimeout(", "setVerboseHealthChecks(", "show(", "showACL()", "showDNSCryptBinds()", "showDynBlocks()", "showResponseLatency()", "showResponseRules()", "showRules()", "showServerPolicy()", "showServers()", "shutdown()", "SpoofAction(", diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index c2c25d90b..a3e9e2733 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -424,7 +424,30 @@ vector> setupLua(bool client, const std::string& confi } g_rulactions.setState(rules); }); + g_lua.writeFunction("clearRules", []() { + setLuaSideEffect(); + g_rulactions.modify([](decltype(g_rulactions)::value_type& rulactions) { + rulactions.clear(); + }); + }); + + g_lua.writeFunction("newRuleAction", [](luadnsrule_t dnsrule, std::shared_ptr action) { + auto rule=makeRule(dnsrule); + return std::make_shared > >(rule, action); + }); + g_lua.writeFunction("setRules", [](std::vector< std::pair > > > > newruleactions) { + setLuaSideEffect(); + g_rulactions.modify([newruleactions](decltype(g_rulactions)::value_type& gruleactions) { + gruleactions.clear(); + for (const auto& newruleaction : newruleactions) { + if (newruleaction.second) { + auto rule=makeRule(newruleaction.second->first); + gruleactions.push_back({rule, newruleaction.second->second}); + } + } + }); + }); g_lua.writeFunction("rmServer", [](boost::variant, int> var)