From 012703888b6174330df24b57a3d8808d54dfeb68 Mon Sep 17 00:00:00 2001 From: Wim Date: Fri, 17 Nov 2017 23:58:46 +0100 Subject: [PATCH] dnsdist: Add burst option to MaxQPSIPRule --- pdns/dnsdist-console.cc | 2 +- pdns/dnsdist-lua.cc | 4 ++-- pdns/dnsdistdist/docs/rules-actions.rst | 5 +++-- pdns/dnsrulactions.hh | 10 +++++----- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/pdns/dnsdist-console.cc b/pdns/dnsdist-console.cc index 60710bc9a..d70a64674 100644 --- a/pdns/dnsdist-console.cc +++ b/pdns/dnsdist-console.cc @@ -339,7 +339,7 @@ const std::vector g_consoleKeywords{ { "leastOutstanding", false, "", "Send traffic to downstream server with least outstanding queries, with the lowest 'order', and within that the lowest recent latency"}, { "LogAction", true, "[filename], [binary], [append], [buffered]", "Log a line for each query, to the specified file if any, to the console (require verbose) otherwise. When logging to a file, the `binary` optional parameter specifies whether we log in binary form (default) or in textual form, the `append` optional parameter specifies whether we open the file for appending or truncate each time (default), and the `buffered` optional parameter specifies whether writes to the file are buffered (default) or not." }, { "makeKey", true, "", "generate a new server access key, emit configuration line ready for pasting" }, - { "MaxQPSIPRule", true, "qps, v4Mask=32, v6Mask=64", "matches traffic exceeding the qps limit per subnet" }, + { "MaxQPSIPRule", true, "qps, v4Mask=32, v6Mask=64, burst=qps", "matches traffic exceeding the qps limit per subnet" }, { "MaxQPSRule", true, "qps", "matches traffic **not** exceeding this qps limit" }, { "mvCacheHitResponseRule", true, "from, to", "move cache hit response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule" }, { "mvResponseRule", true, "from, to", "move response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule" }, diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index 9ddb588e6..571c78a08 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -923,8 +923,8 @@ vector> setupLua(bool client, const std::string& confi return std::shared_ptr(new SkipCacheAction); }); - g_lua.writeFunction("MaxQPSIPRule", [](unsigned int qps, boost::optional ipv4trunc, boost::optional ipv6trunc) { - return std::shared_ptr(new MaxQPSIPRule(qps, ipv4trunc.get_value_or(32), ipv6trunc.get_value_or(64))); + g_lua.writeFunction("MaxQPSIPRule", [](unsigned int qps, boost::optional ipv4trunc, boost::optional ipv6trunc, boost::optional burst) { + return std::shared_ptr(new MaxQPSIPRule(qps, burst.get_value_or(qps), ipv4trunc.get_value_or(32), ipv6trunc.get_value_or(64))); }); diff --git a/pdns/dnsdistdist/docs/rules-actions.rst b/pdns/dnsdistdist/docs/rules-actions.rst index e267d4317..317e7b94a 100644 --- a/pdns/dnsdistdist/docs/rules-actions.rst +++ b/pdns/dnsdistdist/docs/rules-actions.rst @@ -382,13 +382,14 @@ These ``DNSRule``\ s be one of the following items: Matches queries with the DO flag set -.. function:: MaxQPSIPRule(qps[, v4Mask[, v6Mask]]) +.. function:: MaxQPSIPRule(qps[, v4Mask[, v6Mask[, burst]]]) - Matches traffic for a subnet specified by ``v4Mask`` or ``v6Mask`` exceeding ``qps`` queries per second + Matches traffic for a subnet specified by ``v4Mask`` or ``v6Mask`` exceeding ``qps`` queries per second upto ``burst`` allowed :param int qps: The number of queries per second allowed, above this number traffic is matched :param int v4Mask: The IPv4 netmask to match on. Default is 32 (the whole address) :param int v6Mask: The IPv6 netmask to match on. Default is 64 + :param int burst: The number of burstable queries per second allowed. Default is same as qps .. function:: MaxQPSRule(qps) diff --git a/pdns/dnsrulactions.hh b/pdns/dnsrulactions.hh index 6c26a5a06..8f824efa8 100644 --- a/pdns/dnsrulactions.hh +++ b/pdns/dnsrulactions.hh @@ -32,8 +32,8 @@ class MaxQPSIPRule : public DNSRule { public: - MaxQPSIPRule(unsigned int qps, unsigned int ipv4trunc=32, unsigned int ipv6trunc=64) : - d_qps(qps), d_ipv4trunc(ipv4trunc), d_ipv6trunc(ipv6trunc) + MaxQPSIPRule(unsigned int qps, unsigned int burst, unsigned int ipv4trunc=32, unsigned int ipv6trunc=64) : + d_qps(qps), d_burst(burst), d_ipv4trunc(ipv4trunc), d_ipv6trunc(ipv6trunc) { pthread_rwlock_init(&d_lock, 0); } @@ -54,7 +54,7 @@ public: WriteLock w(&d_lock); auto iter = d_limits.find(zeroport); if(iter == d_limits.end()) { - iter=d_limits.insert({zeroport,QPSLimiter(d_qps, d_qps)}).first; + iter=d_limits.insert({zeroport,QPSLimiter(d_qps, d_burst)}).first; } return !iter->second.check(); } @@ -62,14 +62,14 @@ public: string toString() const override { - return "IP (/"+std::to_string(d_ipv4trunc)+", /"+std::to_string(d_ipv6trunc)+") match for QPS over " + std::to_string(d_qps); + return "IP (/"+std::to_string(d_ipv4trunc)+", /"+std::to_string(d_ipv6trunc)+") match for QPS over " + std::to_string(d_qps) + " burst "+ std::to_string(d_burst); } private: mutable pthread_rwlock_t d_lock; mutable std::map d_limits; - unsigned int d_qps, d_ipv4trunc, d_ipv6trunc; + unsigned int d_qps, d_burst, d_ipv4trunc, d_ipv6trunc; }; -- 2.40.0