Is your feature request related to a problem? Please describe.
I want to auto-blacklist sources at a coarser granularity for IPv6 than for IPv4 (e.g. /64 for v6, /32 for v4) to match the aggregation already used by twSetv6Prefix(64) on our StringStatsDBs.
The decision needs the address family of lt.remote:
if lt.remote:isIPv6() then
blacklistNetmask(newNetmask(lt.remote:tostring() .. "/64"), expiry, reason)
else
blacklistIP(lt.remote, expiry, reason)
end
Describe the solution you'd like
Expose the ComboAddress:isIPv4() / isIPv6() functions of the Upstream PowerDNS C++ object to Lua
Describe alternatives you've considered
Today scripts have to fall back to string-matching:
local function is_ipv6(ca)
return string.find(ca:tostring(), ":", 1, true) ~= nil
end
I think it's not good and quite fragile (e.g. surprising on IPv4-mapped IPv6 like ::ffff:1.2.3.4).
Additional context
While touching ComboAddress bindings, two adjacent helpers would close the gap for prefix-based policy logic:
ComboAddress:getNetwork(prefix) → returns a Netmask (or its string), so blacklistNetmask(lt.remote:getNetwork(64), …) becomes possible without round-tripping through tostring() and newNetmask().
Is your feature request related to a problem? Please describe.
I want to auto-blacklist sources at a coarser granularity for IPv6 than for IPv4 (e.g. /64 for v6, /32 for v4) to match the aggregation already used by twSetv6Prefix(64) on our StringStatsDBs.
The decision needs the address family of lt.remote:
Describe the solution you'd like
Expose the ComboAddress:isIPv4() / isIPv6() functions of the Upstream PowerDNS C++ object to Lua
Describe alternatives you've considered
Today scripts have to fall back to string-matching:
I think it's not good and quite fragile (e.g. surprising on IPv4-mapped IPv6 like ::ffff:1.2.3.4).
Additional context
While touching ComboAddress bindings, two adjacent helpers would close the gap for prefix-based policy logic:
ComboAddress:getNetwork(prefix) → returns a Netmask(or its string), soblacklistNetmask(lt.remote:getNetwork(64), …)becomes possible without round-tripping through tostring() and newNetmask().