src/usr.sbin/nsd/rrl.h - view

Return to rrl.h CVS log

Up to [local] / src / usr.sbin / nsd

File: [local] / src / usr.sbin / nsd / rrl.h (download)

Revision 1.3, Wed Mar 16 10:14:51 2022 UTC (2 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE, OPENBSD_7_5, OPENBSD_7_4_BASE, OPENBSD_7_4, OPENBSD_7_3_BASE, OPENBSD_7_3, OPENBSD_7_2_BASE, OPENBSD_7_2, OPENBSD_7_1_BASE, OPENBSD_7_1, HEAD
Changes since 1.2: +1 -1 lines

Update to nsd 4.4.0

tested by sthen and me
OK sthen

/* rrl.h - Response Rate Limiting for NSD.
 * By W.C.A. Wijngaards
 * Copyright 2012, NLnet Labs.
 * BSD, see LICENSE.
 */
#ifndef RRL_H
#define RRL_H
#include "query.h"

/** the classification types for the rrl */
enum rrl_type {
	/* classification types */
	rrl_type_nxdomain	= 0x01,
	rrl_type_error		= 0x02,
	rrl_type_referral	= 0x04,
	rrl_type_any		= 0x08,
	rrl_type_wildcard	= 0x10,
	rrl_type_nodata		= 0x20,
	rrl_type_dnskey		= 0x40,
	rrl_type_positive	= 0x80,
	rrl_type_rrsig		= 0x100,

	/* all classification types */
	rrl_type_all		= 0x1ff,
	/* to distinguish between ip4 and ip6 netblocks, used in code */
	rrl_ip6			= 0x8000
};

/** Number of buckets */
#define RRL_BUCKETS 1000000
/** default rrl limit, in 2x qps , the default is 200 qps */
#define RRL_LIMIT 400
/** default slip */
#define RRL_SLIP 2
/** default prefix lengths */
#define RRL_IPV4_PREFIX_LENGTH 24
#define RRL_IPV6_PREFIX_LENGTH 64
/** default whitelist rrl limit, in 2x qps, default is thus 2000 qps */
#define RRL_WLIST_LIMIT 4000

/**
 * Initialize for n children (optional, otherwise no mmaps used)
 * ratelimits lm and wlm are in qps (this routines x2s them for internal use).
 * plf and pls are in prefix lengths.
 */
void rrl_mmap_init(int numch, size_t numbuck, size_t lm, size_t wlm, size_t sm,
	size_t plf, size_t pls);

/**
 * Initialize rate limiting (for this child server process)
 */
void rrl_init(size_t ch);

/** deinit (for this child server process) */
void rrl_deinit(size_t ch);

/** deinit mmaps for n children */
void rrl_mmap_deinit(void);
/** frees memory but keeps mmap in place (for other processes) */
void rrl_mmap_deinit_keep_mmap(void);

/**
 * Process query that happens, the query structure contains the
 * information about the query and the answer.
 * returns true if the query is ratelimited.
 */
int rrl_process_query(query_type* query);

/**
 * Deny the query, with slip.
 * Returns DISCARD or PROCESSED(with TC flag).
 */
query_state_type rrl_slip(query_type* query);

/** convert classification type to string */
const char* rrltype2str(enum rrl_type c);
/** convert string to classification type */
enum rrl_type rrlstr2type(const char* s);

/** for unit test, update rrl bucket; return rate */
uint32_t rrl_update(query_type* query, uint32_t hash, uint64_t source,
	uint16_t flags, int32_t now, uint32_t lm);
/** set the rate limit counters, pass variables in qps */
void rrl_set_limit(size_t lm, size_t wlm, size_t sm);

#endif /* RRL_H */