From 330c6e1cb0cf9dd6a71e9f27eebbab6f46381708 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Tue, 17 Jul 2018 14:27:44 +0000 Subject: [PATCH] - Fix that ratelimit and ip-ratelimit are applied after reload of git-svn-id: file:///svn/unbound/trunk@4786 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 2 ++ services/cache/infra.c | 26 +++++++++++++++++++++++--- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 367451e7b..3461722b4 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,8 @@ - Fix #4127 unbound -h does not list -p help. - Print error if SSL name verification configured but not available in the ssl library. + - Fix that ratelimit and ip-ratelimit are applied after reload of + changed config file. 16 July 2018: Wouter - Fix qname minimisation NXDOMAIN validation lookup failures causing diff --git a/services/cache/infra.c b/services/cache/infra.c index f4320306d..59f2eba89 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -215,6 +215,18 @@ static int infra_ratelimit_cfg_insert(struct infra_cache* infra, return 1; } +/** setup domain limits tree (0 on failure) */ +static int +setup_domain_limits(struct infra_cache* infra, struct config_file* cfg) +{ + name_tree_init(&infra->domain_limits); + if(!infra_ratelimit_cfg_insert(infra, cfg)) { + return 0; + } + name_tree_init_parents(&infra->domain_limits); + return 1; +} + struct infra_cache* infra_create(struct config_file* cfg) { @@ -230,7 +242,6 @@ infra_create(struct config_file* cfg) return NULL; } infra->host_ttl = cfg->host_ttl; - name_tree_init(&infra->domain_limits); infra_dp_ratelimit = cfg->ratelimit; infra->domain_rates = slabhash_create(cfg->ratelimit_slabs, INFRA_HOST_STARTSIZE, cfg->ratelimit_size, @@ -241,11 +252,10 @@ infra_create(struct config_file* cfg) return NULL; } /* insert config data into ratelimits */ - if(!infra_ratelimit_cfg_insert(infra, cfg)) { + if(!setup_domain_limits(infra, cfg)) { infra_delete(infra); return NULL; } - name_tree_init_parents(&infra->domain_limits); infra_ip_ratelimit = cfg->ip_ratelimit; infra->client_ip_rates = slabhash_create(cfg->ip_ratelimit_slabs, INFRA_HOST_STARTSIZE, cfg->ip_ratelimit_size, &ip_rate_sizefunc, @@ -285,12 +295,22 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg) if(!infra) return infra_create(cfg); infra->host_ttl = cfg->host_ttl; + infra_dp_ratelimit = cfg->ratelimit; + infra_ip_ratelimit = cfg->ip_ratelimit; maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+ sizeof(struct infra_data)+INFRA_BYTES_NAME); if(maxmem != slabhash_get_size(infra->hosts) || cfg->infra_cache_slabs != infra->hosts->size) { infra_delete(infra); infra = infra_create(cfg); + } else { + /* reapply domain limits */ + traverse_postorder(&infra->domain_limits, domain_limit_free, + NULL); + if(!setup_domain_limits(infra, cfg)) { + infra_delete(infra); + return NULL; + } } return infra; }