clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 22:57:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Fix #1277: disable domain ratelimit by setting value to 0.

Browse Source 
git-svn-id: file:///svn/unbound/trunk@4235 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Ralph Dolmans 2017-06-16 13:22:43 +00:00
parent 4e66465e22
commit 71d2d60b85
4 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/Changelog
View File

@ -1,3 +1,6 @@
16 June 2017: Ralph
- Fix #1277: disable domain ratelimit by setting value to 0.
16 June 2017: Wouter
- Fix #1301: memory leak in respip and tests.
- Free callback in edns-subnetmod on exit and restart.

8
doc/unbound.conf.5.in
View File

@ -1202,20 +1202,20 @@ This can make ordinary queries complete (if repeatedly queried for),
and enter the cache, whilst also mitigating the traffic flow by the
factor given.
.TP 5
.B ratelimit\-for\-domain: \fI<domain> <number qps>
.B ratelimit\-for\-domain: \fI<domain> <number qps or 0>
Override the global ratelimit for an exact match domain name with the listed
number. You can give this for any number of names. For example, for
a top\-level\-domain you may want to have a higher limit than other names.
A value of \-1 will disable ratelimiting for that domain.
A value of 0 will disable ratelimiting for that domain.
.TP 5
.B ratelimit\-below\-domain: \fI<domain> <number qps>
.B ratelimit\-below\-domain: \fI<domain> <number qps or 0>
Override the global ratelimit for a domain name that ends in this name.
You can give this multiple times, it then describes different settings
in different parts of the namespace. The closest matching suffix is used
to determine the qps limit. The rate for the exact matching domain name
is not changed, use ratelimit\-for\-domain to set that, you might want
to use different settings for a top\-level\-domain and subdomains.
A value of \-1 will disable ratelimiting for domain names that end in this name.
A value of 0 will disable ratelimiting for domain names that end in this name.
.TP 5
.B ip\-ratelimit: \fI<number or 0>
Enable global ratelimiting of queries accepted per ip address.

4
services/cache/infra.c vendored
View File

@ -893,6 +893,8 @@ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
/* find ratelimit */
lim = infra_find_ratelimit(infra, name, namelen);
if(!lim)
return 1; /* disabled for this domain */
/* find or insert ratedata */
entry = infra_find_ratedata(infra, name, namelen, 1);
@ -941,6 +943,8 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
/* find ratelimit */
lim = infra_find_ratelimit(infra, name, namelen);
if(!lim)
return 0; /* disabled for this domain */
/* find current rate */
entry = infra_find_ratedata(infra, name, namelen, 0);

2
services/cache/infra.h vendored
View File

@ -401,7 +401,7 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
/** find the maximum rate stored, not too old. 0 if no information. */
int infra_rate_max(void* data, time_t now);
/** find the ratelimit in qps for a domain */
/** find the ratelimit in qps for a domain. 0 if no limit for domain. */
int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
size_t namelen);