diff options
Diffstat (limited to 'contrib/unbound/services/cache/infra.h')
-rw-r--r-- | contrib/unbound/services/cache/infra.h | 52 |
1 files changed, 44 insertions, 8 deletions
diff --git a/contrib/unbound/services/cache/infra.h b/contrib/unbound/services/cache/infra.h index 14f97c4c64d3..1a88bbb94da8 100644 --- a/contrib/unbound/services/cache/infra.h +++ b/contrib/unbound/services/cache/infra.h @@ -122,6 +122,10 @@ struct infra_cache { rbtree_type domain_limits; /** hash table with query rates per client ip: ip_rate_key, ip_rate_data */ struct slabhash* client_ip_rates; + /** tree of addr_tree_node, with wait_limit_netblock_info information */ + rbtree_type wait_limits_netblock; + /** tree of addr_tree_node, with wait_limit_netblock_info information */ + rbtree_type wait_limits_cookie_netblock; }; /** ratelimit, unless overridden by domain_limits, 0 is off */ @@ -153,6 +157,8 @@ struct rate_key { /** ip ratelimit, 0 is off */ extern int infra_ip_ratelimit; +/** ip ratelimit for DNS Cookie clients, 0 is off */ +extern int infra_ip_ratelimit_cookie; /** * key for ip_ratelimit lookups, a source IP. @@ -182,10 +188,22 @@ struct rate_data { /** what the timestamp is of the qps array members, counter is * valid for that timestamp. Usually now and now-1. */ time_t timestamp[RATE_WINDOW]; + /** the number of queries waiting in the mesh */ + int mesh_wait; }; #define ip_rate_data rate_data +/** + * Data to store the configuration per netblock for the wait limit + */ +struct wait_limit_netblock_info { + /** The addr tree node, this must be first. */ + struct addr_tree_node node; + /** the limit on the amount */ + int limit; +}; + /** infra host cache default hash lookup size */ #define INFRA_HOST_STARTSIZE 32 /** bytes per zonename reserved in the hostcache, dnamelen(zonename.com.) */ @@ -216,7 +234,7 @@ struct infra_cache* infra_adjust(struct infra_cache* infra, struct config_file* cfg); /** - * Plain find infra data function (used by the the other functions) + * Plain find infra data function (used by the other functions) * @param infra: infrastructure cache. * @param addr: host address. * @param addrlen: length of addr. @@ -368,6 +386,7 @@ long long infra_get_host_rto(struct infra_cache* infra, * @param name: zone name * @param namelen: zone name length * @param timenow: what time it is now. + * @param backoff: if backoff is enabled. * @param qinfo: for logging, query name. * @param replylist: for logging, querier's address (if any). * @return 1 if it could be incremented. 0 if the increment overshot the @@ -375,7 +394,7 @@ long long infra_get_host_rto(struct infra_cache* infra, * Failures like alloc failures are not returned (probably as 1). */ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name, - size_t namelen, time_t timenow, struct query_info* qinfo, + size_t namelen, time_t timenow, int backoff, struct query_info* qinfo, struct comm_reply* replylist); /** @@ -398,13 +417,15 @@ void infra_ratelimit_dec(struct infra_cache* infra, uint8_t* name, * @param name: zone name * @param namelen: zone name length * @param timenow: what time it is now. + * @param backoff: if backoff is enabled. * @return true if exceeded. */ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, - size_t namelen, time_t timenow); + size_t namelen, time_t timenow, int backoff); -/** find the maximum rate stored, not too old. 0 if no information. */ -int infra_rate_max(void* data, time_t now); +/** find the maximum rate stored. 0 if no information. + * When backoff is enabled look for the maximum in the whole RATE_WINDOW. */ +int infra_rate_max(void* data, time_t now, int backoff); /** find the ratelimit in qps for a domain. 0 if no limit for domain. */ int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, @@ -413,14 +434,17 @@ int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, /** Update query ratelimit hash and decide * whether or not a query should be dropped. * @param infra: infra cache - * @param repinfo: information about client + * @param addr: client address + * @param addrlen: client address length * @param timenow: what time it is now. + * @param has_cookie: if the request came with a DNS Cookie. + * @param backoff: if backoff is enabled. * @param buffer: with query for logging. * @return 1 if it could be incremented. 0 if the increment overshot the * ratelimit and the query should be dropped. */ int infra_ip_ratelimit_inc(struct infra_cache* infra, - struct comm_reply* repinfo, time_t timenow, - struct sldns_buffer* buffer); + struct sockaddr_storage* addr, socklen_t addrlen, time_t timenow, + int has_cookie, int backoff, struct sldns_buffer* buffer); /** * Get memory used by the infra cache. @@ -466,4 +490,16 @@ void ip_rate_delkeyfunc(void* d, void* arg); /* delete data */ #define ip_rate_deldatafunc rate_deldatafunc +/** See if the IP address can have another reply in the wait limit */ +int infra_wait_limit_allowed(struct infra_cache* infra, struct comm_reply* rep, + int cookie_valid, struct config_file* cfg); + +/** Increment number of waiting replies for IP */ +void infra_wait_limit_inc(struct infra_cache* infra, struct comm_reply* rep, + time_t timenow, struct config_file* cfg); + +/** Decrement number of waiting replies for IP */ +void infra_wait_limit_dec(struct infra_cache* infra, struct comm_reply* rep, + struct config_file* cfg); + #endif /* SERVICES_CACHE_INFRA_H */ |