vendor/unbound/1.6.6

2 files changed, 22 insertions, 4 deletions

diff --git a/iterator/iterator.c b/iterator/iterator.c
index 205ab0d15407..01ac883e81e8 100644
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -78,6 +78,12 @@ iter_init(struct module_env* env, int id)
 		return 0;
 	}
 	env->modinfo[id] = (void*)iter_env;
+
+	lock_basic_init(&iter_env->queries_ratelimit_lock);
+	lock_protect(&iter_env->queries_ratelimit_lock,
+			&iter_env->num_queries_ratelimited,
+		sizeof(iter_env->num_queries_ratelimited));
+
 	if(!iter_apply_cfg(iter_env, env->cfg)) {
 		log_err("iterator: could not apply configuration settings.");
 		return 0;
@@ -103,6 +109,7 @@ iter_deinit(struct module_env* env, int id)
 	if(!env || !env->modinfo[id])
 		return;
 	iter_env = (struct iter_env*)env->modinfo[id];
+	lock_basic_destroy(&iter_env->queries_ratelimit_lock);
 	free(iter_env->target_fetch_policy);
 	priv_delete(iter_env->priv);
 	donotq_delete(iter_env->donotq);
@@ -1276,6 +1283,9 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
 					"delegation point", iq->dp->name,
 					LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN);
 			} else {
+				lock_basic_lock(&ie->queries_ratelimit_lock);
+				ie->num_queries_ratelimited++;
+				lock_basic_unlock(&ie->queries_ratelimit_lock);
 				log_nametypeclass(VERB_ALGO, "ratelimit exceeded with "
 					"delegation point", iq->dp->name,
 					LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN);
@@ -2064,6 +2074,9 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 	if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) {
 		if(!infra_ratelimit_inc(qstate->env->infra_cache, iq->dp->name,
 			iq->dp->namelen, *qstate->env->now)) {
+			lock_basic_lock(&ie->queries_ratelimit_lock);
+			ie->num_queries_ratelimited++;
+			lock_basic_unlock(&ie->queries_ratelimit_lock);
 			verbose(VERB_ALGO, "query exceeded ratelimits");
 			return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
 		}
@@ -2156,7 +2169,6 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 		}
 	}
 	if(iq->minimisation_state == SKIP_MINIMISE_STATE) {
-		iq->minimise_timeout_count++;
 		if(iq->minimise_timeout_count < MAX_MINIMISE_TIMEOUT_COUNT)
 			/* Do not increment qname, continue incrementing next 
 			 * iteration */
@@ -2197,6 +2209,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 		if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok)
 		    infra_ratelimit_dec(qstate->env->infra_cache, iq->dp->name,
 			iq->dp->namelen, *qstate->env->now);
+		if(qstate->env->cfg->qname_minimisation)
+			iq->minimisation_state = SKIP_MINIMISE_STATE;
 		return next_state(iq, QUERYTARGETS_STATE);
 	}
 	outbound_list_insert(&iq->outlist, outq);
@@ -2246,8 +2260,10 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 
 	if(iq->response == NULL) {
 		/* Don't increment qname when QNAME minimisation is enabled */
-		if(qstate->env->cfg->qname_minimisation)
+		if(qstate->env->cfg->qname_minimisation) {
+			iq->minimise_timeout_count++;
 			iq->minimisation_state = SKIP_MINIMISE_STATE;
+		}
 		iq->chase_to_rd = 0;
 		iq->dnssec_lame_query = 0;
 		verbose(VERB_ALGO, "query response was timeout");
diff --git a/iterator/iterator.h b/iterator/iterator.h
index 37b0ab0dc24a..75aafee475e2 100644
--- a/iterator/iterator.h
+++ b/iterator/iterator.h
@@ -130,8 +130,10 @@ struct iter_env {
 	 */
 	int* target_fetch_policy;
 
-	/** ip6.arpa dname in wireformat, used for qname-minimisation */
-	uint8_t* ip6arpa_dname;
+	/** lock on ratelimit counter */
+	lock_basic_type queries_ratelimit_lock;
+	/** number of queries that have been ratelimited */
+	size_t num_queries_ratelimited;
 };
 
 /**