From 71d2d60b85a83c8c19c9414c535df194f599922a Mon Sep 17 00:00:00 2001 From: Ralph Dolmans Date: Fri, 16 Jun 2017 13:22:43 +0000 Subject: [PATCH] - Fix #1277: disable domain ratelimit by setting value to 0. git-svn-id: file:///svn/unbound/trunk@4235 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 3 +++ doc/unbound.conf.5.in | 8 ++++---- services/cache/infra.c | 4 ++++ services/cache/infra.h | 2 +- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index af26a2559..49674aa11 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +16 June 2017: Ralph + - Fix #1277: disable domain ratelimit by setting value to 0. + 16 June 2017: Wouter - Fix #1301: memory leak in respip and tests. - Free callback in edns-subnetmod on exit and restart. diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index f88116a67..721cd3d76 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1202,20 +1202,20 @@ This can make ordinary queries complete (if repeatedly queried for), and enter the cache, whilst also mitigating the traffic flow by the factor given. .TP 5 -.B ratelimit\-for\-domain: \fI +.B ratelimit\-for\-domain: \fI Override the global ratelimit for an exact match domain name with the listed number. You can give this for any number of names. For example, for a top\-level\-domain you may want to have a higher limit than other names. -A value of \-1 will disable ratelimiting for that domain. +A value of 0 will disable ratelimiting for that domain. .TP 5 -.B ratelimit\-below\-domain: \fI +.B ratelimit\-below\-domain: \fI Override the global ratelimit for a domain name that ends in this name. You can give this multiple times, it then describes different settings in different parts of the namespace. The closest matching suffix is used to determine the qps limit. The rate for the exact matching domain name is not changed, use ratelimit\-for\-domain to set that, you might want to use different settings for a top\-level\-domain and subdomains. -A value of \-1 will disable ratelimiting for domain names that end in this name. +A value of 0 will disable ratelimiting for domain names that end in this name. .TP 5 .B ip\-ratelimit: \fI Enable global ratelimiting of queries accepted per ip address. diff --git a/services/cache/infra.c b/services/cache/infra.c index 314c85ef5..ca1102ef5 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -893,6 +893,8 @@ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name, /* find ratelimit */ lim = infra_find_ratelimit(infra, name, namelen); + if(!lim) + return 1; /* disabled for this domain */ /* find or insert ratedata */ entry = infra_find_ratedata(infra, name, namelen, 1); @@ -941,6 +943,8 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, /* find ratelimit */ lim = infra_find_ratelimit(infra, name, namelen); + if(!lim) + return 0; /* disabled for this domain */ /* find current rate */ entry = infra_find_ratedata(infra, name, namelen, 0); diff --git a/services/cache/infra.h b/services/cache/infra.h index 6f9471a39..10db796bf 100644 --- a/services/cache/infra.h +++ b/services/cache/infra.h @@ -401,7 +401,7 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, /** find the maximum rate stored, not too old. 0 if no information. */ int infra_rate_max(void* data, time_t now); -/** find the ratelimit in qps for a domain */ +/** find the ratelimit in qps for a domain. 0 if no limit for domain. */ int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, size_t namelen);