summaryrefslogtreecommitdiff
path: root/services/cache
diff options
context:
space:
mode:
Diffstat (limited to 'services/cache')
-rw-r--r--services/cache/infra.c37
-rw-r--r--services/cache/infra.h7
2 files changed, 21 insertions, 23 deletions
diff --git a/services/cache/infra.c b/services/cache/infra.c
index 0461c815b86b..537cb949cf88 100644
--- a/services/cache/infra.c
+++ b/services/cache/infra.c
@@ -834,14 +834,13 @@ static struct lruhash_entry* infra_find_ratedata(struct infra_cache* infra,
/** find data item in array for ip addresses */
static struct lruhash_entry* infra_find_ip_ratedata(struct infra_cache* infra,
- struct comm_reply* repinfo, int wr)
+ struct sockaddr_storage* addr, socklen_t addrlen, int wr)
{
struct ip_rate_key key;
- hashvalue_type h = hash_addr(&(repinfo->addr),
- repinfo->addrlen, 0);
+ hashvalue_type h = hash_addr(addr, addrlen, 0);
memset(&key, 0, sizeof(key));
- key.addr = repinfo->addr;
- key.addrlen = repinfo->addrlen;
+ key.addr = *addr;
+ key.addrlen = addrlen;
key.entry.hash = h;
return slabhash_lookup(infra->client_ip_rates, h, &key, wr);
}
@@ -876,10 +875,9 @@ static void infra_create_ratedata(struct infra_cache* infra,
/** create rate data item for ip address */
static void infra_ip_create_ratedata(struct infra_cache* infra,
- struct comm_reply* repinfo, time_t timenow)
+ struct sockaddr_storage* addr, socklen_t addrlen, time_t timenow)
{
- hashvalue_type h = hash_addr(&(repinfo->addr),
- repinfo->addrlen, 0);
+ hashvalue_type h = hash_addr(addr, addrlen, 0);
struct ip_rate_key* k = (struct ip_rate_key*)calloc(1, sizeof(*k));
struct ip_rate_data* d = (struct ip_rate_data*)calloc(1, sizeof(*d));
if(!k || !d) {
@@ -887,8 +885,8 @@ static void infra_ip_create_ratedata(struct infra_cache* infra,
free(d);
return; /* alloc failure */
}
- k->addr = repinfo->addr;
- k->addrlen = repinfo->addrlen;
+ k->addr = *addr;
+ k->addrlen = addrlen;
lock_rw_init(&k->entry.lock);
k->entry.hash = h;
k->entry.key = k;
@@ -985,8 +983,8 @@ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
sldns_wire2str_class_buf(qinfo->qclass, cs, sizeof(cs));
ip[0]=0;
if(replylist) {
- addr_to_str((struct sockaddr_storage *)&replylist->addr,
- replylist->addrlen, ip, sizeof(ip));
+ addr_to_str((struct sockaddr_storage *)&replylist->remote_addr,
+ replylist->remote_addrlen, ip, sizeof(ip));
verbose(VERB_OPS, "ratelimit exceeded %s %d query %s %s %s from %s", buf, lim, qnm, cs, ts, ip);
} else {
verbose(VERB_OPS, "ratelimit exceeded %s %d query %s %s %s", buf, lim, qnm, cs, ts);
@@ -1040,7 +1038,7 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
max = infra_rate_max(entry->data, timenow, backoff);
lock_rw_unlock(&entry->lock);
- return (max >= lim);
+ return (max > lim);
}
size_t
@@ -1054,8 +1052,8 @@ infra_get_mem(struct infra_cache* infra)
}
int infra_ip_ratelimit_inc(struct infra_cache* infra,
- struct comm_reply* repinfo, time_t timenow, int backoff,
- struct sldns_buffer* buffer)
+ struct sockaddr_storage* addr, socklen_t addrlen, time_t timenow,
+ int backoff, struct sldns_buffer* buffer)
{
int max;
struct lruhash_entry* entry;
@@ -1065,7 +1063,7 @@ int infra_ip_ratelimit_inc(struct infra_cache* infra,
return 1;
}
/* find or insert ratedata */
- entry = infra_find_ip_ratedata(infra, repinfo, 1);
+ entry = infra_find_ip_ratedata(infra, addr, addrlen, 1);
if(entry) {
int premax = infra_rate_max(entry->data, timenow, backoff);
int* cur = infra_rate_give_second(entry->data, timenow);
@@ -1073,10 +1071,9 @@ int infra_ip_ratelimit_inc(struct infra_cache* infra,
max = infra_rate_max(entry->data, timenow, backoff);
lock_rw_unlock(&entry->lock);
- if(premax < infra_ip_ratelimit && max >= infra_ip_ratelimit) {
+ if(premax <= infra_ip_ratelimit && max > infra_ip_ratelimit) {
char client_ip[128], qnm[LDNS_MAX_DOMAINLEN+1+12+12];
- addr_to_str((struct sockaddr_storage *)&repinfo->addr,
- repinfo->addrlen, client_ip, sizeof(client_ip));
+ addr_to_str(addr, addrlen, client_ip, sizeof(client_ip));
qnm[0]=0;
if(sldns_buffer_limit(buffer)>LDNS_HEADER_SIZE &&
LDNS_QDCOUNT(sldns_buffer_begin(buffer))!=0) {
@@ -1101,6 +1098,6 @@ int infra_ip_ratelimit_inc(struct infra_cache* infra,
}
/* create */
- infra_ip_create_ratedata(infra, repinfo, timenow);
+ infra_ip_create_ratedata(infra, addr, addrlen, timenow);
return 1;
}
diff --git a/services/cache/infra.h b/services/cache/infra.h
index 6a2371aca477..faf7fd2f30e1 100644
--- a/services/cache/infra.h
+++ b/services/cache/infra.h
@@ -416,15 +416,16 @@ int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
/** Update query ratelimit hash and decide
* whether or not a query should be dropped.
* @param infra: infra cache
- * @param repinfo: information about client
+ * @param addr: client address
+ * @param addrlen: client address length
* @param timenow: what time it is now.
* @param backoff: if backoff is enabled.
* @param buffer: with query for logging.
* @return 1 if it could be incremented. 0 if the increment overshot the
* ratelimit and the query should be dropped. */
int infra_ip_ratelimit_inc(struct infra_cache* infra,
- struct comm_reply* repinfo, time_t timenow, int backoff,
- struct sldns_buffer* buffer);
+ struct sockaddr_storage* addr, socklen_t addrlen, time_t timenow,
+ int backoff, struct sldns_buffer* buffer);
/**
* Get memory used by the infra cache.
generated by cgit v1.3 (git 2.53.0) at 2026-03-10 20:36:30 +0000