Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Count dynamic block exceed...() statistics by Netmask rather than individual IP address #4993

Closed
neilcook opened this issue Feb 10, 2017 · 1 comment · Fixed by #10815

Comments

@neilcook
Copy link
Contributor

  • Program: dnsdist
  • Issue type: Feature request

Short description

The exceedXXX() functions used for triggering dynamic blocks return a set of ComboAddresses containing the IP addresses that matched the rule. However they only count based on individual IP addresses, (i.e. /32 for v4 and /128 for v6). It would be nice if they had the capability to count based on a netmask, e.g. exceedServFails(rate, seconds, v4mask, v6mask)

An example would be: exceedServFailsMask(20, 10, 32, 64)

Which would count v4 addresses by individual IP, but v6 addresses by /64 aggregation.

The return value from these functions should probably be a set of Netmasks or a NetmaskGroup rather than a set of ComboAddress's, otherwise the set of ComboAddress's returned would be potentially huge.

Usecase

Count groups of IP addresses rather than individual IPs addresses when creating dynamic blocks.

Description

See above.

@neilcook neilcook changed the title Count dynamic block exceed...() statistics by Netmask rather than individual IP address dnsdist: Count dynamic block exceed...() statistics by Netmask rather than individual IP address Feb 10, 2017
@rgacogne rgacogne added this to the dnsdist-1.2.0 milestone Feb 10, 2017
@rgacogne rgacogne modified the milestones: dnsdist-1.3.0, dnsdist-1.2.0 Jul 17, 2017
@rgacogne rgacogne modified the milestones: dnsdist-1.3.0, dnsdist-1.4.0 Mar 27, 2018
@rgacogne rgacogne modified the milestones: dnsdist-1.4.0, dnsdist-1.5.0 Apr 10, 2019
@rgacogne rgacogne modified the milestones: dnsdist-1.5.0, dnsdist-1.6.0 Feb 11, 2020
@rgacogne rgacogne modified the milestones: dnsdist-1.6.0, dnsdist-1.7.0 Nov 26, 2020
@rgacogne rgacogne modified the milestones: dnsdist-1.7.0, dnsdist-1.8.0 Sep 7, 2021
@rgacogne
Copy link
Member

I don't think we will implement this for the exceed* functions that are pretty much deprecated at this point, but I would like to support this in DynBlockRulesGroup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants