Ondřej Surý 0f821104e0 Use a keyed hash for the RRL bucket table ... The previous hash_key() was a deterministic, unkeyed (<<1) + add over the key words. An off-path attacker could invert it offline and submit queries whose source /24, qname hash, and qtype map to a single bucket; under chaining this turns every lookup into an O(N) walk under rrl->lock and starves legitimate query processing on the very feature deployed to mitigate DoS. Replace it with isc_hash32(), which is HalfSipHash-2-4 keyed by a per-process random seed, so collision sets cannot be precomputed. Assisted-by: Claude:claude-opus-4-7 (cherry picked from commit a6b7ce29c4)		2026-05-04 16:15:58 +02:00
..
dns	Use a keyed hash for the RRL bucket table	2026-05-04 16:15:58 +02:00
isc	Dispatch ratelimiter events under the lock	2026-04-30 10:53:49 +02:00
isccc	Remove redundant parentheses from the return statement	2024-11-19 14:26:52 +01:00
isccfg	Fix KASP key leaks on keystore lookup failure	2026-03-16 11:05:03 +01:00
ns	Fix swapped arguments in redirect2() single-label branch	2026-04-30 07:38:57 +02:00
.gitignore	The isc/platform.h header has been completely removed	2021-07-06 05:33:48 +00:00
Makefile.am	Move irs_resconf into libdns and remove libirs	2023-02-24 09:38:59 +00:00