- Fix #1277: disable domain ratelimit by setting value to 0.

git-svn-id: file:///svn/unbound/trunk@4235 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -1,3 +1,6 @@
+16 June 2017: Ralph
+	- Fix #1277: disable domain ratelimit by setting value to 0.
+
 16 June 2017: Wouter
 	- Fix #1301: memory leak in respip and tests.
 	- Free callback in edns-subnetmod on exit and restart.

doc/unbound.conf.5.in

@@ -1202,20 +1202,20 @@ This can make ordinary queries complete (if repeatedly queried for),
 and enter the cache, whilst also mitigating the traffic flow by the
 factor given.
 .TP 5
-.B ratelimit\-for\-domain: \fI<domain> <number qps>
+.B ratelimit\-for\-domain: \fI<domain> <number qps or 0>
 Override the global ratelimit for an exact match domain name with the listed
 number.  You can give this for any number of names.  For example, for
 a top\-level\-domain you may want to have a higher limit than other names.
-A value of \-1 will disable ratelimiting for that domain.
+A value of 0 will disable ratelimiting for that domain.
 .TP 5
-.B ratelimit\-below\-domain: \fI<domain> <number qps>
+.B ratelimit\-below\-domain: \fI<domain> <number qps or 0>
 Override the global ratelimit for a domain name that ends in this name.
 You can give this multiple times, it then describes different settings
 in different parts of the namespace.  The closest matching suffix is used
 to determine the qps limit.  The rate for the exact matching domain name
 is not changed, use ratelimit\-for\-domain to set that, you might want
 to use different settings for a top\-level\-domain and subdomains.
-A value of \-1 will disable ratelimiting for domain names that end in this name.
+A value of 0 will disable ratelimiting for domain names that end in this name.
 .TP 5
 .B ip\-ratelimit: \fI<number or 0>
 Enable global ratelimiting of queries accepted per ip address.

services/cache/infra.c

@@ -893,6 +893,8 @@ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
 
 	/* find ratelimit */
 	lim = infra_find_ratelimit(infra, name, namelen);
+	if(!lim)
+		return 1; /* disabled for this domain */
 	
 	/* find or insert ratedata */
 	entry = infra_find_ratedata(infra, name, namelen, 1);
@@ -941,6 +943,8 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
 
 	/* find ratelimit */
 	lim = infra_find_ratelimit(infra, name, namelen);
+	if(!lim)
+		return 0; /* disabled for this domain */
 
 	/* find current rate */
 	entry = infra_find_ratedata(infra, name, namelen, 0);

services/cache/infra.h

@@ -401,7 +401,7 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
 /** find the maximum rate stored, not too old. 0 if no information. */
 int infra_rate_max(void* data, time_t now);
 
-/** find the ratelimit in qps for a domain */
+/** find the ratelimit in qps for a domain. 0 if no limit for domain. */
 int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
 	size_t namelen);