From 2f64f130bbe961b890314bcd579bcf0a548e4062 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Mon, 10 Jun 2024 12:29:18 +0200 Subject: [PATCH] dnsdist: Make dynamic rules holders static --- pdns/dnsdistdist/dnsdist-async.cc | 3 +- pdns/dnsdistdist/dnsdist-dynblocks.cc | 92 ++++-- pdns/dnsdistdist/dnsdist-dynblocks.hh | 23 +- pdns/dnsdistdist/dnsdist-lua-ffi.cc | 29 +- pdns/dnsdistdist/dnsdist-lua-inspection.cc | 12 +- pdns/dnsdistdist/dnsdist-lua.cc | 30 +- pdns/dnsdistdist/dnsdist-metrics.cc | 3 +- pdns/dnsdistdist/dnsdist-snmp.cc | 3 +- pdns/dnsdistdist/dnsdist-tcp-upstream.hh | 1 - pdns/dnsdistdist/dnsdist-tcp.cc | 2 +- pdns/dnsdistdist/dnsdist-web.cc | 12 +- pdns/dnsdistdist/dnsdist-xsk.cc | 3 +- pdns/dnsdistdist/dnsdist-xsk.hh | 2 +- pdns/dnsdistdist/dnsdist.cc | 39 ++- pdns/dnsdistdist/dnsdist.hh | 20 +- pdns/dnsdistdist/doh.cc | 4 +- pdns/dnsdistdist/doh3.cc | 4 +- pdns/dnsdistdist/doq.cc | 4 +- pdns/dnsdistdist/test-dnsdist_cc.cc | 4 +- pdns/dnsdistdist/test-dnsdistdynblocks_hh.cc | 288 +++++++++--------- pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc | 2 - pdns/dnsdistdist/test-dnsdisttcp_cc.cc | 2 +- 22 files changed, 305 insertions(+), 277 deletions(-) diff --git a/pdns/dnsdistdist/dnsdist-async.cc b/pdns/dnsdistdist/dnsdist-async.cc index 0424abe8a0d56..b76622b84c970 100644 --- a/pdns/dnsdistdist/dnsdist-async.cc +++ b/pdns/dnsdistdist/dnsdist-async.cc @@ -283,9 +283,8 @@ bool resumeQuery(std::unique_ptr&& query) } DNSQuestion dnsQuestion = query->getDQ(); - LocalHolders holders; - auto result = processQueryAfterRules(dnsQuestion, holders, query->downstream); + auto result = processQueryAfterRules(dnsQuestion, query->downstream); if (result == ProcessQueryResult::Drop) { /* easy */ return true; diff --git a/pdns/dnsdistdist/dnsdist-dynblocks.cc b/pdns/dnsdistdist/dnsdist-dynblocks.cc index 4a451efd97d5d..1891fb9a168c5 100644 --- a/pdns/dnsdistdist/dnsdist-dynblocks.cc +++ b/pdns/dnsdistdist/dnsdist-dynblocks.cc @@ -1,10 +1,10 @@ - #include "dnsdist.hh" #include "dnsdist-dynblocks.hh" #include "dnsdist-metrics.hh" +#include "sholder.hh" -GlobalStateHolder> g_dynblockNMG; -GlobalStateHolder> g_dynblockSMT; +static GlobalStateHolder s_dynblockNMG; +static GlobalStateHolder s_dynblockSMT; #ifndef DISABLE_DYNBLOCKS void DynBlockRulesGroup::apply(const timespec& now) @@ -28,7 +28,7 @@ void DynBlockRulesGroup::apply(const timespec& now) return; } - boost::optional> blocks; + boost::optional blocks; bool updated = false; for (const auto& entry : counts) { @@ -114,7 +114,7 @@ void DynBlockRulesGroup::apply(const timespec& now) } if (updated && blocks) { - g_dynblockNMG.setState(std::move(*blocks)); + s_dynblockNMG.setState(std::move(*blocks)); } applySMT(now, statNodeRoot); @@ -156,7 +156,7 @@ void DynBlockRulesGroup::applySMT(const struct timespec& now, StatNode& statNode if (!namesToBlock.empty()) { updated = false; - SuffixMatchTree smtBlocks = g_dynblockSMT.getCopy(); + auto smtBlocks = dnsdist::DynamicBlocks::getSuffixDynamicRulesCopy(); for (auto& [name, parameters] : namesToBlock) { if (parameters.d_reason || parameters.d_action) { DynBlockRule rule(d_suffixMatchRule); @@ -173,7 +173,7 @@ void DynBlockRulesGroup::applySMT(const struct timespec& now, StatNode& statNode } } if (updated) { - g_dynblockSMT.setState(std::move(smtBlocks)); + s_dynblockSMT.setState(std::move(smtBlocks)); } } } @@ -213,7 +213,7 @@ static DNSAction::Action getActualAction(const DynBlock& block) namespace dnsdist::DynamicBlocks { -bool addOrRefreshBlock(NetmaskTree& blocks, const timespec& now, const AddressAndPortRange& requestor, DynBlock&& dblock, bool beQuiet) +bool addOrRefreshBlock(ClientAddressDynamicRules& blocks, const timespec& now, const AddressAndPortRange& requestor, DynBlock&& dblock, bool beQuiet) { unsigned int count = 0; bool expired = false; @@ -278,7 +278,7 @@ bool addOrRefreshBlock(NetmaskTree& blocks, const return true; } -bool addOrRefreshBlockSMT(SuffixMatchTree& blocks, const timespec& now, DynBlock&& dblock, bool beQuiet) +bool addOrRefreshBlockSMT(SuffixDynamicRules& blocks, const timespec& now, DynBlock&& dblock, bool beQuiet) { unsigned int count = 0; /* be careful, if you try to insert a longer suffix @@ -316,7 +316,7 @@ bool addOrRefreshBlockSMT(SuffixMatchTree& blocks, const timespec& now } } -void DynBlockRulesGroup::addOrRefreshBlock(boost::optional>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning) +void DynBlockRulesGroup::addOrRefreshBlock(boost::optional& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning) { /* network exclusions are address-based only (no port) */ if (d_excludedSubnets.match(requestor.getNetwork())) { @@ -332,7 +332,7 @@ void DynBlockRulesGroup::addOrRefreshBlock(boost::optional& blocks, const struct timespec& now, const DNSName& name, const DynBlockRule& rule, bool& updated) +void DynBlockRulesGroup::addOrRefreshBlockSMT(SuffixDynamicRules& blocks, const struct timespec& now, const DNSName& name, const DynBlockRule& rule, bool& updated) { if (d_excludedDomains.check(name)) { /* do not add a block for excluded domains */ @@ -493,7 +493,7 @@ void DynBlockMaintenance::purgeExpired(const struct timespec& now) // since the block happens in kernel space. uint64_t bpfBlocked = 0; { - auto blocks = g_dynblockNMG.getLocal(); + auto blocks = s_dynblockNMG.getLocal(); std::vector toRemove; for (const auto& entry : *blocks) { if (!(now < entry.second.until)) { @@ -516,29 +516,29 @@ void DynBlockMaintenance::purgeExpired(const struct timespec& now) } } if (!toRemove.empty()) { - auto updated = g_dynblockNMG.getCopy(); + auto updated = dnsdist::DynamicBlocks::getClientAddressDynamicRulesCopy(); for (const auto& entry : toRemove) { updated.erase(entry); } - g_dynblockNMG.setState(std::move(updated)); + s_dynblockNMG.setState(std::move(updated)); dnsdist::metrics::g_stats.dynBlocked += bpfBlocked; } } { std::vector toRemove; - auto blocks = g_dynblockSMT.getLocal(); - blocks->visit([&toRemove, now](const SuffixMatchTree& node) { + auto blocks = s_dynblockSMT.getLocal(); + blocks->visit([&toRemove, now](const SuffixDynamicRules& node) { if (!(now < node.d_value.until)) { toRemove.push_back(node.d_value.domain); } }); if (!toRemove.empty()) { - auto updated = g_dynblockSMT.getCopy(); + auto updated = dnsdist::DynamicBlocks::getSuffixDynamicRulesCopy(); for (const auto& entry : toRemove) { updated.remove(entry); } - g_dynblockSMT.setState(std::move(updated)); + s_dynblockSMT.setState(std::move(updated)); } } } @@ -550,7 +550,7 @@ std::map>> D return results; } - auto blocks = g_dynblockNMG.getLocal(); + auto blocks = s_dynblockNMG.getLocal(); for (const auto& entry : *blocks) { auto& topsForReason = results[entry.second.reason]; uint64_t value = entry.second.blocks.load(); @@ -583,8 +583,8 @@ std::map>> DynBlockMaint return results; } - auto blocks = g_dynblockSMT.getLocal(); - blocks->visit([&results, topN](const SuffixMatchTree& node) { + auto blocks = s_dynblockSMT.getLocal(); + blocks->visit([&results, topN](const SuffixDynamicRules& node) { auto& topsForReason = results[node.d_value.reason]; if (topsForReason.size() < topN || topsForReason.front().second < node.d_value.blocks) { auto newEntry = std::pair(node.d_value.domain, node.d_value.blocks.load()); @@ -992,4 +992,52 @@ std::string DynBlockRulesGroup::DynBlockCacheMissRatioRule::toString() const return result.str(); } +namespace dnsdist::DynamicBlocks +{ +const ClientAddressDynamicRules& getClientAddressDynamicRules() +{ + static thread_local auto t_localRules = s_dynblockNMG.getLocal(); + return *t_localRules; +} + +ClientAddressDynamicRules getClientAddressDynamicRulesCopy() +{ + return s_dynblockNMG.getCopy(); +} + +const SuffixDynamicRules& getSuffixDynamicRules() +{ + static thread_local auto t_localRules = s_dynblockSMT.getLocal(); + return *t_localRules; +} + +SuffixDynamicRules getSuffixDynamicRulesCopy() +{ + return s_dynblockSMT.getCopy(); +} + +void setClientAddressDynamicRules(ClientAddressDynamicRules&& rules) +{ + s_dynblockNMG.setState(std::move(rules)); +} + +void setSuffixDynamicRules(SuffixDynamicRules&& rules) +{ + s_dynblockSMT.setState(std::move(rules)); +} + +void clearClientAddressDynamicRules() +{ + ClientAddressDynamicRules emptyNMG; + setClientAddressDynamicRules(std::move(emptyNMG)); +} + +void clearSuffixDynamicRules() +{ + SuffixDynamicRules emptySMT; + setSuffixDynamicRules(std::move(emptySMT)); +} + +} + #endif /* DISABLE_DYNBLOCKS */ diff --git a/pdns/dnsdistdist/dnsdist-dynblocks.hh b/pdns/dnsdistdist/dnsdist-dynblocks.hh index d0a75ae3c737c..9a644b798352e 100644 --- a/pdns/dnsdistdist/dnsdist-dynblocks.hh +++ b/pdns/dnsdistdist/dnsdist-dynblocks.hh @@ -69,6 +69,8 @@ struct dnsdist_ffi_stat_node_t }; using dnsdist_ffi_dynamic_block_inserted_hook = std::function; +using ClientAddressDynamicRules = NetmaskTree; +using SuffixDynamicRules = SuffixMatchTree; class DynBlockRulesGroup { @@ -290,15 +292,15 @@ private: void applySMT(const struct timespec& now, StatNode& statNodeRoot); bool checkIfQueryTypeMatches(const Rings::Query& query); bool checkIfResponseCodeMatches(const Rings::Response& response); - void addOrRefreshBlock(boost::optional>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning); - void addOrRefreshBlockSMT(SuffixMatchTree& blocks, const struct timespec& now, const DNSName& name, const DynBlockRule& rule, bool& updated); + void addOrRefreshBlock(boost::optional& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning); + void addOrRefreshBlockSMT(SuffixDynamicRules& blocks, const struct timespec& now, const DNSName& name, const DynBlockRule& rule, bool& updated); - void addBlock(boost::optional>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated) + void addBlock(boost::optional& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated) { addOrRefreshBlock(blocks, now, requestor, rule, updated, false); } - void handleWarning(boost::optional>& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated) + void handleWarning(boost::optional& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated) { addOrRefreshBlock(blocks, now, requestor, rule, updated, true); } @@ -383,7 +385,16 @@ private: namespace dnsdist::DynamicBlocks { -bool addOrRefreshBlock(NetmaskTree& blocks, const timespec& now, const AddressAndPortRange& requestor, DynBlock&& dblock, bool beQuiet); -bool addOrRefreshBlockSMT(SuffixMatchTree& blocks, const timespec& now, DynBlock&& dblock, bool beQuiet); +bool addOrRefreshBlock(ClientAddressDynamicRules& blocks, const timespec& now, const AddressAndPortRange& requestor, DynBlock&& dblock, bool beQuiet); +bool addOrRefreshBlockSMT(SuffixDynamicRules& blocks, const timespec& now, DynBlock&& dblock, bool beQuiet); + +const ClientAddressDynamicRules& getClientAddressDynamicRules(); +const SuffixDynamicRules& getSuffixDynamicRules(); +ClientAddressDynamicRules getClientAddressDynamicRulesCopy(); +SuffixDynamicRules getSuffixDynamicRulesCopy(); +void setClientAddressDynamicRules(ClientAddressDynamicRules&& rules); +void setSuffixDynamicRules(SuffixDynamicRules&& rules); +void clearClientAddressDynamicRules(); +void clearSuffixDynamicRules(); } #endif /* DISABLE_DYNBLOCKS */ diff --git a/pdns/dnsdistdist/dnsdist-lua-ffi.cc b/pdns/dnsdistdist/dnsdist-lua-ffi.cc index 7d180d5650b74..28489057d6ea0 100644 --- a/pdns/dnsdistdist/dnsdist-lua-ffi.cc +++ b/pdns/dnsdistdist/dnsdist-lua-ffi.cc @@ -1860,7 +1860,8 @@ bool dnsdist_ffi_dynamic_blocks_add(const char* address, const char* message, ui timespec until{now}; until.tv_sec += duration; DynBlock dblock{message, until, DNSName(), static_cast(action)}; - auto slow = g_dynblockNMG.getCopy(); + + auto dynamicRules = dnsdist::DynamicBlocks::getClientAddressDynamicRulesCopy(); if (dblock.action == DNSAction::Action::SetTag && tagKey != nullptr) { dblock.tagSettings = std::make_shared(); dblock.tagSettings->d_name = tagKey; @@ -1868,8 +1869,8 @@ bool dnsdist_ffi_dynamic_blocks_add(const char* address, const char* message, ui dblock.tagSettings->d_value = tagValue; } } - if (dnsdist::DynamicBlocks::addOrRefreshBlock(slow, now, target, std::move(dblock), false)) { - g_dynblockNMG.setState(slow); + if (dnsdist::DynamicBlocks::addOrRefreshBlock(dynamicRules, now, target, std::move(dblock), false)) { + dnsdist::DynamicBlocks::setClientAddressDynamicRules(std::move(dynamicRules)); return true; } } @@ -1907,7 +1908,7 @@ bool dnsdist_ffi_dynamic_blocks_smt_add(const char* suffix, const char* message, timespec until{now}; until.tv_sec += duration; DynBlock dblock{message, until, domain, static_cast(action)}; - auto slow = g_dynblockSMT.getCopy(); + auto smtBlocks = dnsdist::DynamicBlocks::getSuffixDynamicRulesCopy(); if (dblock.action == DNSAction::Action::SetTag && tagKey != nullptr) { dblock.tagSettings = std::make_shared(); dblock.tagSettings->d_name = tagKey; @@ -1915,8 +1916,8 @@ bool dnsdist_ffi_dynamic_blocks_smt_add(const char* suffix, const char* message, dblock.tagSettings->d_value = tagValue; } } - if (dnsdist::DynamicBlocks::addOrRefreshBlockSMT(slow, now, std::move(dblock), false)) { - g_dynblockSMT.setState(slow); + if (dnsdist::DynamicBlocks::addOrRefreshBlockSMT(smtBlocks, now, std::move(dblock), false)) { + dnsdist::DynamicBlocks::setSuffixDynamicRules(std::move(smtBlocks)); return true; } } @@ -1945,13 +1946,11 @@ size_t dnsdist_ffi_dynamic_blocks_get_entries(dnsdist_ffi_dynamic_blocks_list_t* auto list = std::make_unique(); - struct timespec now - { - }; + timespec now{}; gettime(&now); - auto fullCopy = g_dynblockNMG.getCopy(); - for (const auto& entry : fullCopy) { + const auto& dynamicRules = dnsdist::DynamicBlocks::getClientAddressDynamicRules(); + for (const auto& entry : dynamicRules) { const auto& client = entry.first; const auto& details = entry.second; if (!(now < details.until)) { @@ -1978,14 +1977,12 @@ size_t dnsdist_ffi_dynamic_blocks_smt_get_entries(dnsdist_ffi_dynamic_blocks_lis auto list = std::make_unique(); - struct timespec now - { - }; + timespec now{}; gettime(&now); const auto defaultAction = dnsdist::configuration::getCurrentRuntimeConfiguration().d_dynBlockAction; - auto fullCopy = g_dynblockSMT.getCopy(); - fullCopy.visit([&now, &list, defaultAction](const SuffixMatchTree& node) { + const auto& smtBlocks = dnsdist::DynamicBlocks::getSuffixDynamicRules(); + smtBlocks.visit([&now, &list, defaultAction](const SuffixMatchTree& node) { if (!(now < node.d_value.until)) { return; } diff --git a/pdns/dnsdistdist/dnsdist-lua-inspection.cc b/pdns/dnsdistdist/dnsdist-lua-inspection.cc index 0ba7de7489d81..ff3ba6090927d 100644 --- a/pdns/dnsdistdist/dnsdist-lua-inspection.cc +++ b/pdns/dnsdistdist/dnsdist-lua-inspection.cc @@ -1071,7 +1071,7 @@ void setupLuaInspection(LuaContext& luaCtx) parseDynamicActionOptionalParameters("addDynBlockSMT", rule, action, optionalParameters); bool needUpdate = false; - auto slow = g_dynblockSMT.getCopy(); + auto smtBlocks = dnsdist::DynamicBlocks::getSuffixDynamicRulesCopy(); for (const auto& capair : names) { DNSName domain(capair.second); domain.makeUsLowerCase(); @@ -1079,13 +1079,13 @@ void setupLuaInspection(LuaContext& luaCtx) until.tv_sec += actualSeconds; DynBlock dblock{msg, until, domain, action ? *action : DNSAction::Action::None}; dblock.tagSettings = rule.d_tagSettings; - if (dnsdist::DynamicBlocks::addOrRefreshBlockSMT(slow, now, std::move(dblock), false)) { + if (dnsdist::DynamicBlocks::addOrRefreshBlockSMT(smtBlocks, now, std::move(dblock), false)) { needUpdate = true; } } if (needUpdate) { - g_dynblockSMT.setState(slow); + dnsdist::DynamicBlocks::setSuffixDynamicRules(std::move(smtBlocks)); } }); @@ -1124,9 +1124,9 @@ void setupLuaInspection(LuaContext& luaCtx) DynBlock dblock{msg, until, DNSName(), action ? *action : DNSAction::Action::None}; dblock.tagSettings = rule.d_tagSettings; - auto slow = g_dynblockNMG.getCopy(); - if (dnsdist::DynamicBlocks::addOrRefreshBlock(slow, now, target, std::move(dblock), false)) { - g_dynblockNMG.setState(slow); + auto dynamicRules = dnsdist::DynamicBlocks::getClientAddressDynamicRulesCopy(); + if (dnsdist::DynamicBlocks::addOrRefreshBlock(dynamicRules, now, target, std::move(dblock), false)) { + dnsdist::DynamicBlocks::setClientAddressDynamicRules(std::move(dynamicRules)); } }); #endif /* DISABLE_DYNBLOCKS */ diff --git a/pdns/dnsdistdist/dnsdist-lua.cc b/pdns/dnsdistdist/dnsdist-lua.cc index 991a8bcc94d02..4b1d75d7800c1 100644 --- a/pdns/dnsdistdist/dnsdist-lua.cc +++ b/pdns/dnsdistdist/dnsdist-lua.cc @@ -1592,12 +1592,12 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) luaCtx.writeFunction("showDynBlocks", []() { setLuaNoSideEffect(); const auto dynBlockDefaultAction = dnsdist::configuration::getCurrentRuntimeConfiguration().d_dynBlockAction; - auto slow = g_dynblockNMG.getCopy(); + const auto& clientAddressDynamicRules = dnsdist::DynamicBlocks::getClientAddressDynamicRules(); timespec now{}; gettime(&now); boost::format fmt("%-24s %8d %8d %-10s %-20s %-10s %s\n"); g_outputBuffer = (fmt % "What" % "Seconds" % "Blocks" % "Warning" % "Action" % "eBPF" % "Reason").str(); - for (const auto& entry : slow) { + for (const auto& entry : clientAddressDynamicRules) { if (now < entry.second.until) { uint64_t counter = entry.second.blocks; if (g_defaultBPFFilter && entry.second.bpf) { @@ -1606,8 +1606,8 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) g_outputBuffer += (fmt % entry.first.toString() % (entry.second.until.tv_sec - now.tv_sec) % counter % (entry.second.warning ? "true" : "false") % DNSAction::typeToString(entry.second.action != DNSAction::Action::None ? entry.second.action : dynBlockDefaultAction) % (g_defaultBPFFilter && entry.second.bpf ? "*" : "") % entry.second.reason).str(); } } - auto slow2 = g_dynblockSMT.getCopy(); - slow2.visit([&now, &fmt, dynBlockDefaultAction](const SuffixMatchTree& node) { + const auto& suffixDynamicRules = dnsdist::DynamicBlocks::getSuffixDynamicRules(); + suffixDynamicRules.visit([&now, &fmt, dynBlockDefaultAction](const SuffixMatchTree& node) { if (now < node.d_value.until) { string dom("empty"); if (!node.d_value.domain.empty()) { @@ -1625,8 +1625,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) LuaAssociativeTable entries; const auto defaultAction = dnsdist::configuration::getCurrentRuntimeConfiguration().d_dynBlockAction; - auto fullCopy = g_dynblockNMG.getCopy(); - for (const auto& blockPair : fullCopy) { + for (const auto& blockPair : dnsdist::DynamicBlocks::getClientAddressDynamicRules()) { const auto& requestor = blockPair.first; if (!(now < blockPair.second.until)) { continue; @@ -1650,8 +1649,8 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) LuaAssociativeTable entries; const auto defaultAction = dnsdist::configuration::getCurrentRuntimeConfiguration().d_dynBlockAction; - auto fullCopy = g_dynblockSMT.getCopy(); - fullCopy.visit([&now, &entries, defaultAction](const SuffixMatchTree& node) { + const auto& suffixDynamicRules = dnsdist::DynamicBlocks::getSuffixDynamicRules(); + suffixDynamicRules.visit([&now, &entries, defaultAction](const SuffixMatchTree& node) { if (!(now < node.d_value.until)) { return; } @@ -1670,10 +1669,8 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) luaCtx.writeFunction("clearDynBlocks", []() { setLuaSideEffect(); - nmts_t nmg; - g_dynblockNMG.setState(nmg); - SuffixMatchTree smt; - g_dynblockSMT.setState(smt); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); + dnsdist::DynamicBlocks::clearSuffixDynamicRules(); }); #ifndef DISABLE_DEPRECATED_DYNBLOCK @@ -1683,7 +1680,8 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) return; } setLuaSideEffect(); - auto slow = g_dynblockNMG.getCopy(); + auto dynamicRules = dnsdist::DynamicBlocks::getClientAddressDynamicRulesCopy(); + timespec now{}; gettime(&now); timespec until{now}; @@ -1693,7 +1691,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) unsigned int count = 0; /* this legacy interface does not support ranges or ports, use DynBlockRulesGroup instead */ AddressAndPortRange requestor(capair.first, capair.first.isIPv4() ? 32 : 128, 0); - auto* got = slow.lookup(requestor); + auto* got = dynamicRules.lookup(requestor); bool expired = false; if (got != nullptr) { if (until < got->second.until) { @@ -1713,9 +1711,9 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) if (got == nullptr || expired) { warnlog("Inserting dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg); } - slow.insert(requestor).second = std::move(dblock); + dynamicRules.insert(requestor).second = std::move(dblock); } - g_dynblockNMG.setState(slow); + dnsdist::DynamicBlocks::setClientAddressDynamicRules(std::move(dynamicRules)); }); luaCtx.writeFunction("setDynBlocksAction", [](DNSAction::Action action) { diff --git a/pdns/dnsdistdist/dnsdist-metrics.cc b/pdns/dnsdistdist/dnsdist-metrics.cc index d47236ea8b60a..3c8986d0568c0 100644 --- a/pdns/dnsdistdist/dnsdist-metrics.cc +++ b/pdns/dnsdistdist/dnsdist-metrics.cc @@ -23,6 +23,7 @@ #include "dnsdist-metrics.hh" #include "dnsdist.hh" +#include "dnsdist-dynblocks.hh" #include "dnsdist-web.hh" namespace dnsdist::metrics @@ -145,7 +146,7 @@ Stats::Stats() : {"cpu-user-msec", getCPUTimeUser}, {"fd-usage", getOpenFileDescriptors}, {"dyn-blocked", &dynBlocked}, - {"dyn-block-nmg-size", [](const std::string&) { return g_dynblockNMG.getLocal()->size(); }}, + {"dyn-block-nmg-size", [](const std::string&) { return dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(); }}, {"security-status", &securityStatus}, {"doh-query-pipe-full", &dohQueryPipeFull}, {"doh-response-pipe-full", &dohResponsePipeFull}, diff --git a/pdns/dnsdistdist/dnsdist-snmp.cc b/pdns/dnsdistdist/dnsdist-snmp.cc index 4da79ca72409a..593f1045c5e4c 100644 --- a/pdns/dnsdistdist/dnsdist-snmp.cc +++ b/pdns/dnsdistdist/dnsdist-snmp.cc @@ -1,5 +1,6 @@ #include "dnsdist-snmp.hh" +#include "dnsdist-dynblocks.hh" #include "dnsdist-metrics.hh" #include "dolog.hh" @@ -597,7 +598,7 @@ DNSDistSNMPAgent::DNSDistSNMPAgent(const std::string& name, const std::string& d registerGauge64Stat("cpuUserMSec", cpuUserMSecOID, &getCPUTimeUser); registerGauge64Stat("cpuSysMSec", cpuSysMSecOID, &getCPUTimeSystem); registerGauge64Stat("fdUsage", fdUsageOID, &getOpenFileDescriptors); - registerGauge64Stat("dynBlockedNMGSize", dynBlockedNMGSizeOID, [](const std::string&) { return g_dynblockNMG.getLocal()->size(); }); + registerGauge64Stat("dynBlockedNMGSize", dynBlockedNMGSizeOID, [](const std::string&) { return dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(); }); registerGauge64Stat("securityStatus", securityStatusOID, [](const std::string&) { return dnsdist::metrics::g_stats.securityStatus.load(); }); registerGauge64Stat("realMemoryUsage", realMemoryUsageOID, &getRealMemoryUsage); diff --git a/pdns/dnsdistdist/dnsdist-tcp-upstream.hh b/pdns/dnsdistdist/dnsdist-tcp-upstream.hh index 44992284d0194..df177c877825b 100644 --- a/pdns/dnsdistdist/dnsdist-tcp-upstream.hh +++ b/pdns/dnsdistdist/dnsdist-tcp-upstream.hh @@ -14,7 +14,6 @@ public: { } - LocalHolders holders; std::unique_ptr mplexer{nullptr}; pdns::channel::Receiver queryReceiver; pdns::channel::Receiver crossProtocolQueryReceiver; diff --git a/pdns/dnsdistdist/dnsdist-tcp.cc b/pdns/dnsdistdist/dnsdist-tcp.cc index ef695d2112146..e5f9fcdb0a885 100644 --- a/pdns/dnsdistdist/dnsdist-tcp.cc +++ b/pdns/dnsdistdist/dnsdist-tcp.cc @@ -735,7 +735,7 @@ IncomingTCPConnectionState::QueryProcessingResult IncomingTCPConnectionState::ha } std::shared_ptr backend; - auto result = processQuery(dnsQuestion, d_threadData.holders, backend); + auto result = processQuery(dnsQuestion, backend); if (result == ProcessQueryResult::Asynchronous) { /* we are done for now */ diff --git a/pdns/dnsdistdist/dnsdist-web.cc b/pdns/dnsdistdist/dnsdist-web.cc index 7fcaad5f468fe..787c225bca309 100644 --- a/pdns/dnsdistdist/dnsdist-web.cc +++ b/pdns/dnsdistdist/dnsdist-web.cc @@ -990,10 +990,10 @@ static void handleJSONStats(const YaHTTP::Request& req, YaHTTP::Response& resp) else if (command == "dynblocklist") { Json::object obj; #ifndef DISABLE_DYNBLOCKS - auto nmg = g_dynblockNMG.getLocal(); timespec now{}; gettime(&now); - for (const auto& entry : *nmg) { + const auto& dynamicClientAddressRules = dnsdist::DynamicBlocks::getClientAddressDynamicRules(); + for (const auto& entry : dynamicClientAddressRules) { if (!(now < entry.second.until)) { continue; } @@ -1011,8 +1011,8 @@ static void handleJSONStats(const YaHTTP::Request& req, YaHTTP::Response& resp) obj.emplace(entry.first.toString(), thing); } - auto smt = g_dynblockSMT.getLocal(); - smt->visit([&now, &obj, &runtimeConfig](const SuffixMatchTree& node) { + const auto& dynamicSuffixRules = dnsdist::DynamicBlocks::getSuffixDynamicRules(); + dynamicSuffixRules.visit([&now, &obj, &runtimeConfig](const SuffixMatchTree& node) { if (!(now < node.d_value.until)) { return; } @@ -1048,8 +1048,8 @@ static void handleJSONStats(const YaHTTP::Request& req, YaHTTP::Response& resp) } } if (g_defaultBPFFilter) { - auto nmg = g_dynblockNMG.getLocal(); - for (const auto& entry : *nmg) { + const auto& dynamicClientAddressRules = dnsdist::DynamicBlocks::getClientAddressDynamicRules(); + for (const auto& entry : dynamicClientAddressRules) { if (!(now < entry.second.until) || !entry.second.bpf) { continue; } diff --git a/pdns/dnsdistdist/dnsdist-xsk.cc b/pdns/dnsdistdist/dnsdist-xsk.cc index 2deafb1887ccc..47eb05369f9bc 100644 --- a/pdns/dnsdistdist/dnsdist-xsk.cc +++ b/pdns/dnsdistdist/dnsdist-xsk.cc @@ -202,7 +202,6 @@ void XskClientThread(ClientState* clientState) { setThreadName("dnsdist/xskClient"); auto xskInfo = clientState->xskInfo; - LocalHolders holders; for (;;) { #if defined(__SANITIZE_THREAD__) @@ -217,7 +216,7 @@ void XskClientThread(ClientState* clientState) #else xskInfo->incomingPacketsQueue.consume_all([&](XskPacket& packet) { #endif - if (XskProcessQuery(*clientState, holders, packet)) { + if (XskProcessQuery(*clientState, packet)) { packet.updatePacket(); xskInfo->pushToSendQueue(packet); } diff --git a/pdns/dnsdistdist/dnsdist-xsk.hh b/pdns/dnsdistdist/dnsdist-xsk.hh index bea39984b3c34..4a08533d3a169 100644 --- a/pdns/dnsdistdist/dnsdist-xsk.hh +++ b/pdns/dnsdistdist/dnsdist-xsk.hh @@ -34,7 +34,7 @@ namespace dnsdist::xsk { void XskResponderThread(std::shared_ptr dss, std::shared_ptr xskInfo); bool XskIsQueryAcceptable(const XskPacket& packet, ClientState& clientState, bool& expectProxyProtocol); -bool XskProcessQuery(ClientState& clientState, LocalHolders& holders, XskPacket& packet); +bool XskProcessQuery(ClientState& clientState, XskPacket& packet); void XskRouter(std::shared_ptr xsk); void XskClientThread(ClientState* clientState); void addDestinationAddress(const ComboAddress& addr); diff --git a/pdns/dnsdistdist/dnsdist.cc b/pdns/dnsdistdist/dnsdist.cc index 8ac38960a8f41..5c74b261c4fe5 100644 --- a/pdns/dnsdistdist/dnsdist.cc +++ b/pdns/dnsdistdist/dnsdist.cc @@ -1030,7 +1030,7 @@ static bool applyRulesChainToQuery(const std::vector return !drop; } -static bool applyRulesToQuery(LocalHolders& holders, DNSQuestion& dnsQuestion, const timespec& now) +static bool applyRulesToQuery(DNSQuestion& dnsQuestion, const timespec& now) { if (g_rings.shouldRecordQueries()) { g_rings.insertQuery(now, dnsQuestion.ids.origRemote, dnsQuestion.ids.qname, dnsQuestion.ids.qtype, dnsQuestion.getData().size(), *dnsQuestion.getHeader(), dnsQuestion.getProtocol()); @@ -1067,7 +1067,7 @@ static bool applyRulesToQuery(LocalHolders& holders, DNSQuestion& dnsQuestion, c }; /* the Dynamic Block mechanism supports address and port ranges, so we need to pass the full address and port */ - if (auto* got = holders.dynNMGBlock->lookup(AddressAndPortRange(dnsQuestion.ids.origRemote, dnsQuestion.ids.origRemote.isIPv4() ? 32 : 128, 16))) { + if (auto* got = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(dnsQuestion.ids.origRemote, dnsQuestion.ids.origRemote.isIPv4() ? 32 : 128, 16))) { auto updateBlockStats = [&got]() { ++dnsdist::metrics::g_stats.dynBlocked; got->second.blocks++; @@ -1144,7 +1144,7 @@ static bool applyRulesToQuery(LocalHolders& holders, DNSQuestion& dnsQuestion, c } } - if (auto* got = holders.dynSMTBlock->lookup(dnsQuestion.ids.qname)) { + if (auto* got = dnsdist::DynamicBlocks::getSuffixDynamicRules().lookup(dnsQuestion.ids.qname)) { auto updateBlockStats = [&got]() { ++dnsdist::metrics::g_stats.dynBlocked; got->blocks++; @@ -1262,7 +1262,7 @@ ssize_t udpClientSendRequestToBackend(const std::shared_ptr& ba return result; } -static bool isUDPQueryAcceptable(ClientState& clientState, LocalHolders& holders, const struct msghdr* msgh, const ComboAddress& remote, ComboAddress& dest, bool& expectProxyProtocol) +static bool isUDPQueryAcceptable(ClientState& clientState, const struct msghdr* msgh, const ComboAddress& remote, ComboAddress& dest, bool& expectProxyProtocol) { if ((msgh->msg_flags & MSG_TRUNC) != 0) { /* message was too large for our buffer */ @@ -1448,7 +1448,7 @@ static void selectBackendForOutgoingQuery(DNSQuestion& dnsQuestion, const std::s selectedBackend = policy.getSelectedBackend(*servers, dnsQuestion); } -ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, LocalHolders& holders, std::shared_ptr& selectedBackend) +ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, std::shared_ptr& selectedBackend) { const uint16_t queryId = ntohs(dnsQuestion.getHeader()->id); @@ -1681,7 +1681,7 @@ std::unique_ptr getUDPCrossProtocolQueryFromDQ(DNSQuestion& return std::make_unique(std::move(dnsQuestion.getMutableData()), std::move(dnsQuestion.ids), nullptr); } -ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, LocalHolders& holders, std::shared_ptr& selectedBackend) +ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, std::shared_ptr& selectedBackend) { const uint16_t queryId = ntohs(dnsQuestion.getHeader()->id); @@ -1698,10 +1698,10 @@ ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, LocalHolders& holders, header.qr = true; return true; }); - return processQueryAfterRules(dnsQuestion, holders, selectedBackend); + return processQueryAfterRules(dnsQuestion, selectedBackend); } - if (!applyRulesToQuery(holders, dnsQuestion, now)) { + if (!applyRulesToQuery(dnsQuestion, now)) { return ProcessQueryResult::Drop; } @@ -1709,7 +1709,7 @@ ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, LocalHolders& holders, return ProcessQueryResult::Asynchronous; } - return processQueryAfterRules(dnsQuestion, holders, selectedBackend); + return processQueryAfterRules(dnsQuestion, selectedBackend); } catch (const std::exception& e) { vinfolog("Got an error while parsing a %s query from %s, id %d: %s", (dnsQuestion.overTCP() ? "TCP" : "UDP"), dnsQuestion.ids.origRemote.toStringWithPort(), queryId, e.what()); @@ -1783,7 +1783,7 @@ bool assignOutgoingUDPQueryToBackend(std::shared_ptr& downstrea return true; } -static void processUDPQuery(ClientState& clientState, LocalHolders& holders, const struct msghdr* msgh, const ComboAddress& remote, ComboAddress& dest, PacketBuffer& query, std::vector* responsesVect, unsigned int* queuedResponses, struct iovec* respIOV, cmsgbuf_aligned* respCBuf) +static void processUDPQuery(ClientState& clientState, const struct msghdr* msgh, const ComboAddress& remote, ComboAddress& dest, PacketBuffer& query, std::vector* responsesVect, unsigned int* queuedResponses, struct iovec* respIOV, cmsgbuf_aligned* respCBuf) { assert(responsesVect == nullptr || (queuedResponses != nullptr && respIOV != nullptr && respCBuf != nullptr)); uint16_t queryId = 0; @@ -1795,7 +1795,7 @@ static void processUDPQuery(ClientState& clientState, LocalHolders& holders, con try { bool expectProxyProtocol = false; - if (!isUDPQueryAcceptable(clientState, holders, msgh, remote, dest, expectProxyProtocol)) { + if (!isUDPQueryAcceptable(clientState, msgh, remote, dest, expectProxyProtocol)) { return; } /* dest might have been updated, if we managed to harvest the destination address */ @@ -1861,7 +1861,7 @@ static void processUDPQuery(ClientState& clientState, LocalHolders& holders, con } std::shared_ptr backend{nullptr}; - auto result = processQuery(dnsQuestion, holders, backend); + auto result = processQuery(dnsQuestion, backend); if (result == ProcessQueryResult::Drop || result == ProcessQueryResult::Asynchronous) { return; @@ -1917,7 +1917,7 @@ static void processUDPQuery(ClientState& clientState, LocalHolders& holders, con #ifdef HAVE_XSK namespace dnsdist::xsk { -bool XskProcessQuery(ClientState& clientState, LocalHolders& holders, XskPacket& packet) +bool XskProcessQuery(ClientState& clientState, XskPacket& packet) { uint16_t queryId = 0; const auto& remote = packet.getFromAddr(); @@ -1984,7 +1984,7 @@ bool XskProcessQuery(ClientState& clientState, LocalHolders& holders, XskPacket& dnsQuestion.proxyProtocolValues = make_unique>(std::move(proxyProtocolValues)); } std::shared_ptr backend{nullptr}; - auto result = processQuery(dnsQuestion, holders, backend); + auto result = processQuery(dnsQuestion, backend); if (result == ProcessQueryResult::Drop) { return false; @@ -2045,7 +2045,7 @@ bool XskProcessQuery(ClientState& clientState, LocalHolders& holders, XskPacket& #ifndef DISABLE_RECVMMSG #if defined(HAVE_RECVMMSG) && defined(HAVE_SENDMMSG) && defined(MSG_WAITFORONE) -static void MultipleMessagesUDPClientThread(ClientState* clientState, LocalHolders& holders) +static void MultipleMessagesUDPClientThread(ClientState* clientState) { struct MMReceiver { @@ -2117,7 +2117,7 @@ static void MultipleMessagesUDPClientThread(ClientState* clientState, LocalHolde } recvData[msgIdx].packet.resize(got); - processUDPQuery(*clientState, holders, msgh, remote, recvData[msgIdx].dest, recvData[msgIdx].packet, &outMsgVec, &msgsToSend, &recvData[msgIdx].iov, &recvData[msgIdx].cbuf); + processUDPQuery(*clientState, msgh, remote, recvData[msgIdx].dest, recvData[msgIdx].packet, &outMsgVec, &msgsToSend, &recvData[msgIdx].iov, &recvData[msgIdx].cbuf); } /* immediate (not delayed or sent to a backend) responses (mostly from a rule, dynamic block @@ -2140,11 +2140,10 @@ static void udpClientThread(std::vector states) { try { setThreadName("dnsdist/udpClie"); - LocalHolders holders; #ifndef DISABLE_RECVMMSG #if defined(HAVE_RECVMMSG) && defined(HAVE_SENDMMSG) && defined(MSG_WAITFORONE) if (dnsdist::configuration::getImmutableConfiguration().d_udpVectorSize > 1) { - MultipleMessagesUDPClientThread(states.at(0), holders); + MultipleMessagesUDPClientThread(states.at(0)); } else #endif /* defined(HAVE_RECVMMSG) && defined(HAVE_SENDMMSG) && defined(MSG_WAITFORONE) */ @@ -2169,7 +2168,7 @@ static void udpClientThread(std::vector states) ComboAddress remote; ComboAddress dest; - auto handleOnePacket = [&packet, &iov, &holders, &msgh, &remote, &dest, initialBufferSize](const UDPStateParam& param) { + auto handleOnePacket = [&packet, &iov, &msgh, &remote, &dest, initialBufferSize](const UDPStateParam& param) { packet.resize(initialBufferSize); iov.iov_base = &packet.at(0); iov.iov_len = packet.size(); @@ -2184,7 +2183,7 @@ static void udpClientThread(std::vector states) packet.resize(static_cast(got)); - processUDPQuery(*param.cs, holders, &msgh, remote, dest, packet, nullptr, nullptr, nullptr, nullptr); + processUDPQuery(*param.cs, &msgh, remote, dest, packet, nullptr, nullptr, nullptr, nullptr); }; std::vector params; diff --git a/pdns/dnsdistdist/dnsdist.hh b/pdns/dnsdistdist/dnsdist.hh index 8ed4136a72665..163a508f10986 100644 --- a/pdns/dnsdistdist/dnsdist.hh +++ b/pdns/dnsdistdist/dnsdist.hh @@ -52,7 +52,6 @@ #include "misc.hh" #include "mplexer.hh" #include "noinitvector.hh" -#include "sholder.hh" #include "tcpiohandler.hh" #include "uuid-utils.hh" #include "proxy-protocol.hh" @@ -274,8 +273,6 @@ struct DynBlock bool bpf{false}; }; -extern GlobalStateHolder> g_dynblockNMG; - using pdns::stat_t; class BasicQPSLimiter @@ -1022,8 +1019,6 @@ enum ednsHeaderFlags EDNS_HEADER_FLAG_DO = 32768 }; -extern GlobalStateHolder> g_dynblockSMT; - extern std::vector> g_tlslocals; extern std::vector> g_dohlocals; extern std::vector> g_doqlocals; @@ -1058,19 +1053,8 @@ enum class ProcessQueryResult : uint8_t #include "dnsdist-rule-chains.hh" -struct LocalHolders -{ - LocalHolders() : - dynNMGBlock(g_dynblockNMG.getLocal()), dynSMTBlock(g_dynblockSMT.getLocal()) - { - } - - LocalStateHolder> dynNMGBlock; - LocalStateHolder> dynSMTBlock; -}; - -ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, LocalHolders& holders, std::shared_ptr& selectedBackend); -ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, LocalHolders& holders, std::shared_ptr& selectedBackend); +ProcessQueryResult processQuery(DNSQuestion& dnsQuestion, std::shared_ptr& selectedBackend); +ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, std::shared_ptr& selectedBackend); bool processResponse(PacketBuffer& response, DNSResponse& dnsResponse, bool muted); bool processRulesResult(const DNSAction::Action& action, DNSQuestion& dnsQuestion, std::string& ruleresult, bool& drop); bool processResponseAfterRules(PacketBuffer& response, DNSResponse& dnsResponse, bool muted); diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc index ef96639a708f2..6fb5b2939cdc2 100644 --- a/pdns/dnsdistdist/doh.cc +++ b/pdns/dnsdistdist/doh.cc @@ -207,7 +207,6 @@ struct DOHServerConfig DOHServerConfig& operator=(DOHServerConfig&&) = delete; ~DOHServerConfig() = default; - LocalHolders holders; std::set> paths; h2o_globalconf_t h2o_config{}; h2o_context_t h2o_ctx{}; @@ -696,7 +695,6 @@ static void processDOHQuery(DOHUnitUniquePtr&& unit, bool inMainThread = false) remote = ids.origRemote; DOHServerConfig* dsc = unit->dsc; - auto& holders = dsc->holders; ClientState& clientState = *dsc->clientState; if (unit->query.size() < sizeof(dnsheader) || unit->query.size() > std::numeric_limits::max()) { @@ -757,7 +755,7 @@ static void processDOHQuery(DOHUnitUniquePtr&& unit, bool inMainThread = false) ids.cs = &clientState; dnsQuestion.sni = std::move(unit->sni); ids.du = std::move(unit); - auto result = processQuery(dnsQuestion, holders, downstream); + auto result = processQuery(dnsQuestion, downstream); if (result == ProcessQueryResult::Drop) { unit = getDUFromIDS(ids); diff --git a/pdns/dnsdistdist/doh3.cc b/pdns/dnsdistdist/doh3.cc index 39df3bfaae152..661e9c6182236 100644 --- a/pdns/dnsdistdist/doh3.cc +++ b/pdns/dnsdistdist/doh3.cc @@ -96,7 +96,6 @@ struct DOH3ServerConfig using ConnectionsMap = std::map; - LocalHolders holders; ConnectionsMap d_connections; QuicheConfig config; QuicheHTTP3Config http3config; @@ -488,7 +487,6 @@ static void processDOH3Query(DOH3UnitUniquePtr&& doh3Unit) remote = unit->ids.origRemote; DOH3ServerConfig* dsc = unit->dsc; - auto& holders = dsc->holders; ClientState& clientState = *dsc->clientState; if (!dnsdist::configuration::getCurrentRuntimeConfiguration().d_ACL.match(remote)) { @@ -559,7 +557,7 @@ static void processDOH3Query(DOH3UnitUniquePtr&& doh3Unit) }); unit->ids.cs = &clientState; - auto result = processQuery(dnsQuestion, holders, downstream); + auto result = processQuery(dnsQuestion, downstream); if (result == ProcessQueryResult::Drop) { unit->status_code = 403; handleImmediateResponse(std::move(unit), "DoH3 dropped query"); diff --git a/pdns/dnsdistdist/doq.cc b/pdns/dnsdistdist/doq.cc index f535b1c5c0630..661fe5c2b5f96 100644 --- a/pdns/dnsdistdist/doq.cc +++ b/pdns/dnsdistdist/doq.cc @@ -91,7 +91,6 @@ struct DOQServerConfig using ConnectionsMap = std::map; - LocalHolders holders; ConnectionsMap d_connections; QuicheConfig config; ClientState* clientState{nullptr}; @@ -409,7 +408,6 @@ static void processDOQQuery(DOQUnitUniquePtr&& doqUnit) remote = unit->ids.origRemote; DOQServerConfig* dsc = unit->dsc; - auto& holders = dsc->holders; ClientState& clientState = *dsc->clientState; if (!dnsdist::configuration::getCurrentRuntimeConfiguration().d_ACL.match(remote)) { @@ -476,7 +474,7 @@ static void processDOQQuery(DOQUnitUniquePtr&& doqUnit) }); unit->ids.cs = &clientState; - auto result = processQuery(dnsQuestion, holders, downstream); + auto result = processQuery(dnsQuestion, downstream); if (result == ProcessQueryResult::Drop) { handleImmediateResponse(std::move(unit), "DoQ dropped query"); return; diff --git a/pdns/dnsdistdist/test-dnsdist_cc.cc b/pdns/dnsdistdist/test-dnsdist_cc.cc index 233afb94499af..0dfba46297924 100644 --- a/pdns/dnsdistdist/test-dnsdist_cc.cc +++ b/pdns/dnsdistdist/test-dnsdist_cc.cc @@ -43,7 +43,7 @@ #include "ednscookies.hh" #include "ednssubnet.hh" -ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, LocalHolders& holders, std::shared_ptr& selectedBackend) +ProcessQueryResult processQueryAfterRules(DNSQuestion& dnsQuestion, std::shared_ptr& selectedBackend) { return ProcessQueryResult::Drop; } @@ -85,7 +85,7 @@ bool DNSDistSNMPAgent::sendBackendStatusChangeTrap([[maybe_unused]] DownstreamSt #ifdef HAVE_XSK namespace dnsdist::xsk { -bool XskProcessQuery(ClientState& clientState, LocalHolders& holders, XskPacket& packet) +bool XskProcessQuery(ClientState& clientState, XskPacket& packet) { return false; } diff --git a/pdns/dnsdistdist/test-dnsdistdynblocks_hh.cc b/pdns/dnsdistdist/test-dnsdistdynblocks_hh.cc index 0bcbb98128957..f8d46b383a4e0 100644 --- a/pdns/dnsdistdist/test-dnsdistdynblocks_hh.cc +++ b/pdns/dnsdistdist/test-dnsdistdynblocks_hh.cc @@ -68,7 +68,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) { size_t numberOfQueries = 45 * numberOfSeconds; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol); @@ -80,8 +80,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } { @@ -90,7 +90,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) { size_t numberOfQueries = (50 * numberOfSeconds) + 1; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol); @@ -99,10 +99,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr); - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second; + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr); + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -115,7 +115,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) { /* clear the rings and dynamic blocks */ g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); /* Insert 100 qps from a given client in the last 10s this should trigger the rule */ @@ -132,10 +132,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries * numberOfSeconds); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); /* now we clean up the dynamic blocks, simulating an admin removing the block */ - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); /* we apply the rules again, but as if we were 20s in the future. Since we have a time windows of 10s nothing should be added, regardless of the number of queries @@ -143,10 +143,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) { struct timespec later = now; later.tv_sec += 20; dbrg.apply(later); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); /* just in case */ - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); /* we apply the rules again, this tile as if we were 5s in the future. Since we have a time windows of 10s, and 100 qps over 5s then 0 qps over 5s @@ -155,10 +155,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) { later = now; later.tv_sec += 5; dbrg.apply(later); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); /* clean up */ - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); /* we apply the rules again, this tile as if we were 6s in the future. Since we have a time windows of 10s, and 100 qps over 4s then 0 qps over 6s @@ -167,7 +167,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate, TestFixture) { later = now; later.tv_sec += 6; dbrg.apply(later); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); } } @@ -209,7 +209,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture) size_t numberOfQueries = 45 * numberOfSeconds; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol); @@ -221,8 +221,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture) BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(requestor1, 128, 16)) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(requestor1, 128, 16)) == nullptr); } { @@ -231,7 +231,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture) size_t numberOfQueries = (50 * numberOfSeconds) + 1; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { ComboAddress requestor("2001:db8::" + std::to_string(idx)); @@ -241,11 +241,11 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture) BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); { /* beginning of the range should be blocked */ - const auto& block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(requestor1, 128, 16))->second; + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(requestor1, 128, 16))->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -257,7 +257,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture) { /* end of the range should be blocked as well */ ComboAddress end("2001:0db8:0000:0000:ffff:ffff:ffff:ffff"); - const auto& block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(end, 128, 16))->second; + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(end, 128, 16))->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -269,7 +269,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_RangeV6, TestFixture) { /* outside of the range should NOT */ ComboAddress out("2001:0db8:0000:0001::0"); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(out, 128, 16)) == nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(out, 128, 16)) == nullptr); } } } @@ -312,7 +312,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture) size_t numberOfQueries = 45 * numberOfSeconds; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol); @@ -324,8 +324,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture) BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(requestor1, 128, 16)) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(requestor1, 128, 16)) == nullptr); } { @@ -334,7 +334,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture) size_t numberOfQueries = (50 * numberOfSeconds) + 1; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { ComboAddress requestor("192.0.2.1:" + std::to_string(idx)); @@ -344,11 +344,11 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture) BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); { /* beginning of the port range should be blocked */ - const auto& block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16))->second; + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16))->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -359,7 +359,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture) { /* end of the range should be blocked as well */ - const auto& block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16383"), 32, 16))->second; + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16383"), 32, 16))->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -370,13 +370,13 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture) { /* outside of the range should not */ - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16384"), 32, 16)) == nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16384"), 32, 16)) == nullptr); } /* we (again) insert just above 50 qps from several clients the same IPv4 port range, this should update the block which will check by looking at the blocked counter */ { - auto block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16)); + auto block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16)); BOOST_REQUIRE(block != nullptr); BOOST_CHECK_EQUAL(block->second.blocks, 0U); block->second.blocks = 42U; @@ -394,16 +394,16 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_V4Ports, TestFixture) dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); { /* previous address/port should still be blocked */ - auto block = g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16)); + auto block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:0"), 32, 16)); BOOST_REQUIRE(block != nullptr); BOOST_CHECK_EQUAL(block->second.blocks, 42U); } /* but not a different one */ - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16384"), 32, 16)) == nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(AddressAndPortRange(ComboAddress("192.0.2.1:16384"), 32, 16)) == nullptr); } } @@ -455,7 +455,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_responses, TestFixture size_t numberOfQueries = 45; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t timeIdx = 0; timeIdx < 100; timeIdx++) { struct timespec when = now; @@ -471,8 +471,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QueryRate_responses, TestFixture BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries * 100); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } } @@ -509,7 +509,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) { size_t numberOfQueries = 45 * numberOfSeconds; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol); @@ -517,8 +517,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } { @@ -527,7 +527,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) { size_t numberOfQueries = 50 * numberOfSeconds + 1; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { g_rings.insertQuery(now, requestor1, qname, QType::A, size, dnsHeader, protocol); @@ -535,8 +535,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } { @@ -545,7 +545,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) { size_t numberOfQueries = 50 * numberOfSeconds + 1; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol); @@ -553,10 +553,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_QTypeRate, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr); - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second; + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr); + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -603,7 +603,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) { size_t numberOfResponses = 45 * numberOfSeconds; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); dnsHeader.rcode = rcode; for (size_t idx = 0; idx < numberOfResponses; idx++) { @@ -612,8 +612,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), numberOfResponses); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } { @@ -621,7 +621,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) { size_t numberOfResponses = 50 * numberOfSeconds + 1; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); dnsHeader.rcode = RCode::FormErr; for (size_t idx = 0; idx < numberOfResponses; idx++) { @@ -630,8 +630,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), numberOfResponses); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } { @@ -640,7 +640,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) { size_t numberOfResponses = 50 * numberOfSeconds + 1; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); dnsHeader.rcode = rcode; for (size_t idx = 0; idx < numberOfResponses; idx++) { @@ -649,10 +649,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRate, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), numberOfResponses); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr); - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second; + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr); + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -698,7 +698,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) { this should not trigger the rule */ g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); dnsHeader.rcode = rcode; for (size_t idx = 0; idx < 20; idx++) { @@ -711,15 +711,15 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 100U); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } { /* insert just 50 FormErrs and nothing else, from a given client in the last 10s */ g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); dnsHeader.rcode = RCode::FormErr; for (size_t idx = 0; idx < 50; idx++) { @@ -728,8 +728,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 50U); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } { @@ -737,7 +737,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) { this should trigger the rule this time */ g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); dnsHeader.rcode = rcode; for (size_t idx = 0; idx < 21; idx++) { @@ -750,10 +750,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 100U); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); - BOOST_REQUIRE(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr); - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second; + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); + BOOST_REQUIRE(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr); + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(block.until.tv_sec, now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -767,7 +767,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) { this should NOT trigger the rule since we don't have more than 50 queries */ g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); dnsHeader.rcode = rcode; for (size_t idx = 0; idx < 11; idx++) { @@ -780,8 +780,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_RCodeRatio, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 50U); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } } @@ -821,7 +821,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_ResponseByteRate, TestFixture) { size_t numberOfResponses = 99 * numberOfSeconds; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); dnsHeader.rcode = rcode; for (size_t idx = 0; idx < numberOfResponses; idx++) { @@ -830,8 +830,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_ResponseByteRate, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), numberOfResponses); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } { @@ -839,7 +839,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_ResponseByteRate, TestFixture) { size_t numberOfResponses = 100 * numberOfSeconds + 1; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); dnsHeader.rcode = rcode; for (size_t idx = 0; idx < numberOfResponses; idx++) { @@ -848,10 +848,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_ResponseByteRate, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), numberOfResponses); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr); - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second; + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr); + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -900,7 +900,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) { this should not trigger the rule */ g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < 20; idx++) { g_rings.insertResponse(now, requestor1, qname, qtype, responseTime, size, dnsHeader, backend, outgoingProtocol); @@ -911,8 +911,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 100U); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } { @@ -920,7 +920,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) { this should trigger the rule this time */ g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < 51; idx++) { g_rings.insertResponse(now, requestor1, qname, qtype, responseTime, size, dnsHeader, backend, outgoingProtocol); @@ -931,10 +931,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 100U); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); - BOOST_REQUIRE(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr); - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second; + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); + BOOST_REQUIRE(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr); + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(block.until.tv_sec, now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -948,7 +948,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) { this should NOT trigger the rule since we don't have more than 50 queries */ g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < 40; idx++) { g_rings.insertResponse(now, requestor1, qname, qtype, responseTime, size, dnsHeader, backend, outgoingProtocol); @@ -959,8 +959,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 50U); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } /* the global cache-hit rate is too low, should not trigger */ @@ -970,7 +970,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) { /* insert 51 cache misses and 49 hits from a given client in the last 10s */ g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < 51; idx++) { g_rings.insertResponse(now, requestor1, qname, qtype, responseTime, size, dnsHeader, backend, outgoingProtocol); @@ -981,8 +981,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_CacheMissRatio, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfResponseEntries(), 100U); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_REQUIRE(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_REQUIRE(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } } @@ -1019,7 +1019,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) { size_t numberOfQueries = 20 * numberOfSeconds; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol); @@ -1027,8 +1027,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) == nullptr); } { @@ -1037,7 +1037,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) { size_t numberOfQueries = 20 * numberOfSeconds + 1; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol); @@ -1045,12 +1045,12 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr); { - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second; + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -1073,12 +1073,12 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr); { - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second; + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -1102,12 +1102,12 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr); { - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second; + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second; BOOST_CHECK_EQUAL(block.reason, reason); /* should have been updated */ BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); @@ -1125,7 +1125,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) { size_t numberOfQueries = 50 * numberOfSeconds + 1; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol); @@ -1133,12 +1133,12 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Warning, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr); { - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second; + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -1186,7 +1186,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Ranges, TestFixture) { size_t numberOfQueries = 50 * numberOfSeconds + 1; g_rings.clear(); BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), 0U); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); for (size_t idx = 0; idx < numberOfQueries; idx++) { g_rings.insertQuery(now, requestor1, qname, qtype, size, dnsHeader, protocol); @@ -1195,10 +1195,10 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesGroup_Ranges, TestFixture) { BOOST_CHECK_EQUAL(g_rings.getNumberOfQueryEntries(), numberOfQueries * 2); dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 1U); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor1) != nullptr); - BOOST_CHECK(g_dynblockNMG.getLocal()->lookup(requestor2) == nullptr); - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor1)->second; + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 1U); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1) != nullptr); + BOOST_CHECK(dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor2) == nullptr); + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor1)->second; BOOST_CHECK_EQUAL(block.reason, reason); BOOST_CHECK_EQUAL(static_cast(block.until.tv_sec), now.tv_sec + blockDuration); BOOST_CHECK(block.domain.empty()); @@ -1236,7 +1236,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { DynBlockRulesGroup dbrg; dbrg.setQuiet(true); g_rings.clear(); - g_dynblockNMG.setState(emptyNMG); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); { /* block above 0 qps for numberOfSeconds seconds, no warning */ @@ -1253,11 +1253,11 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { /* we apply the rules, all clients should be blocked */ dbrg.apply(now); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 256U); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 256U); for (size_t idx = 0; idx < 256; idx++) { const ComboAddress requestor("192.0.2." + std::to_string(idx)); - const auto& block = g_dynblockNMG.getLocal()->lookup(requestor)->second; + const auto& block = dnsdist::DynamicBlocks::getClientAddressDynamicRules().lookup(requestor)->second; /* simulate that: - .1 does 1 query ... @@ -1283,7 +1283,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { struct timespec expired = now; expired.tv_sec += blockDuration + 1; DynBlockMaintenance::purgeExpired(expired); - BOOST_CHECK_EQUAL(g_dynblockNMG.getLocal()->size(), 0U); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); } { @@ -1291,8 +1291,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { DynBlockRulesGroup dbrg; dbrg.setQuiet(true); g_rings.clear(); - g_dynblockNMG.setState(emptyNMG); - g_dynblockSMT.setState(emptySMT); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); + dnsdist::DynamicBlocks::clearSuffixDynamicRules(); { DynBlockRulesGroup::DynBlockRule rule(reason, blockDuration, 0, 0, numberOfSeconds, action); @@ -1315,7 +1315,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { for (size_t idx = 0; idx < 256; idx++) { const DNSName name(DNSName(std::to_string(idx)) + qname); - const auto* block = g_dynblockSMT.getLocal()->lookup(name); + const auto* block = dnsdist::DynamicBlocks::getSuffixDynamicRules().lookup(name); BOOST_REQUIRE(block != nullptr); BOOST_REQUIRE(block->action == action); /* simulate that: @@ -1343,7 +1343,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { struct timespec expired = now; expired.tv_sec += blockDuration + 1; DynBlockMaintenance::purgeExpired(expired); - BOOST_CHECK(g_dynblockSMT.getLocal()->getNodes().empty()); + BOOST_CHECK(dnsdist::DynamicBlocks::getSuffixDynamicRules().getNodes().empty()); } { @@ -1351,8 +1351,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { DynBlockRulesGroup dbrg; dbrg.setQuiet(true); g_rings.clear(); - g_dynblockNMG.setState(emptyNMG); - g_dynblockSMT.setState(emptySMT); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); + dnsdist::DynamicBlocks::clearSuffixDynamicRules(); { DynBlockRulesGroup::DynBlockRule rule(reason, blockDuration, 0, 0, numberOfSeconds, action); @@ -1375,7 +1375,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { for (size_t idx = 0; idx < 256; idx++) { const DNSName name(DNSName(std::to_string(idx)) + qname); - const auto* block = g_dynblockSMT.getLocal()->lookup(name); + const auto* block = dnsdist::DynamicBlocks::getSuffixDynamicRules().lookup(name); BOOST_REQUIRE(block != nullptr); BOOST_REQUIRE(block->action == DNSAction::Action::Truncate); /* simulate that: @@ -1403,7 +1403,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { struct timespec expired = now; expired.tv_sec += blockDuration + 1; DynBlockMaintenance::purgeExpired(expired); - BOOST_CHECK(g_dynblockSMT.getLocal()->getNodes().empty()); + BOOST_CHECK(dnsdist::DynamicBlocks::getSuffixDynamicRules().getNodes().empty()); } #ifdef BENCH_DYNBLOCKS @@ -1412,8 +1412,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { DynBlockRulesGroup dbrg; dbrg.setQuiet(true); g_rings.clear(); - g_dynblockNMG.setState(emptyNMG); - g_dynblockSMT.setState(emptySMT); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); + dnsdist::DynamicBlocks::clearSuffixDynamicRules(); { DynBlockRulesGroup::DynBlockRule rule(reason, blockDuration, 0, 0, numberOfSeconds, action); @@ -1457,7 +1457,7 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { sw.start(); DynBlockMaintenance::purgeExpired(expired); cerr<<"removed 1000000 entries in "<getNodes().size(), 0U); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getSuffixDynamicRules().getNodes().size(), 0U); } #endif @@ -1467,8 +1467,8 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { DynBlockRulesGroup dbrg; dbrg.setQuiet(true); g_rings.clear(); - g_dynblockNMG.setState(emptyNMG); - g_dynblockSMT.setState(emptySMT); + dnsdist::DynamicBlocks::clearClientAddressDynamicRules(); + dnsdist::DynamicBlocks::clearSuffixDynamicRules(); { DynBlockRulesGroup::DynBlockRule rule(reason, blockDuration, 0, 0, numberOfSeconds, action); dbrg.setQueryRate(std::move(rule)); @@ -1492,19 +1492,19 @@ BOOST_FIXTURE_TEST_CASE(test_DynBlockRulesMetricsCache_GetTopN, TestFixture) { StopWatch sw; sw.start(); dbrg.apply(now); - cerr<<"added "<size()<<" entries in "<size(), 1000000U); + cerr<<"added "<size()<<" entries in "<size(), 0U); + BOOST_CHECK_EQUAL(dnsdist::DynamicBlocks::getClientAddressDynamicRules().size(), 0U); } #endif } diff --git a/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc b/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc index 70f5eb5fc1740..0391f8fb4aa9f 100644 --- a/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc +++ b/pdns/dnsdistdist/test-dnsdistlbpolicies_cc.cc @@ -21,8 +21,6 @@ std::unique_ptr g_snmpAgent{nullptr}; #if BENCH_POLICIES #include "dnsdist-rings.hh" Rings g_rings; -GlobalStateHolder> g_dynblockNMG; -GlobalStateHolder> g_dynblockSMT; #endif /* BENCH_POLICIES */ std::vector> g_frontends; diff --git a/pdns/dnsdistdist/test-dnsdisttcp_cc.cc b/pdns/dnsdistdist/test-dnsdisttcp_cc.cc index 9475310f96b4b..8fa4a636bf458 100644 --- a/pdns/dnsdistdist/test-dnsdisttcp_cc.cc +++ b/pdns/dnsdistdist/test-dnsdisttcp_cc.cc @@ -57,7 +57,7 @@ void handleResponseSent(const InternalQueryState& ids, double udiff, const Combo std::function& selectedBackend)> s_processQuery; -ProcessQueryResult processQuery(DNSQuestion& dq, LocalHolders& holders, std::shared_ptr& selectedBackend) +ProcessQueryResult processQuery(DNSQuestion& dq, std::shared_ptr& selectedBackend) { if (s_processQuery) { return s_processQuery(dq, selectedBackend);