- unbound-control ratelimit_list lists high rate domains.

git-svn-id: file:///svn/unbound/trunk@3393 be551aaa-1e26-0410-a405-d3ace91eadb9

daemon/remote.c

@@ -2267,6 +2267,54 @@ do_list_local_data(SSL* ssl, struct worker* worker)
 	lock_rw_unlock(&zones->lock);
 }
 
+/** struct for user arg ratelimit list */
+struct ratelimit_list_arg {
+	/** the infra cache */
+	struct infra_cache* infra;
+	/** the SSL to print to */
+	SSL* ssl;
+	/** all or only ratelimited */
+	int all;
+	/** current time */
+	time_t now;
+};
+
+/** list items in the ratelimit table */
+static void
+rate_list(struct lruhash_entry* e, void* arg)
+{
+	struct ratelimit_list_arg* a = (struct ratelimit_list_arg*)arg;
+	struct rate_key* k = (struct rate_key*)e->key;
+	struct rate_data* d = (struct rate_data*)e->data;
+	char buf[257];
+	int lim = infra_find_ratelimit(a->infra, k->name, k->namelen);
+	int max = infra_rate_max(d, a->now);
+	if(a->all == 0) {
+		if(max < lim)
+			return;
+	}
+	dname_str(k->name, buf);
+	ssl_printf(a->ssl, "%s %d limit %d\n", buf, max, lim);
+}
+
+/** do the ratelimit_list command */
+static void
+do_ratelimit_list(SSL* ssl, struct worker* worker, char* arg)
+{
+	struct ratelimit_list_arg a;
+	a.all = 0;
+	a.infra = worker->env.infra_cache;
+	a.now = *worker->env.now;
+	a.ssl = ssl;
+	arg = skipwhite(arg);
+	if(strcmp(arg, "+a") == 0)
+		a.all = 1;
+	if(a.infra->domain_rates==NULL ||
+		(a.all == 0 && infra_dp_ratelimit == 0))
+		return;
+	slabhash_traverse(a.infra->domain_rates, 0, rate_list, &a);
+}
+
 /** tell other processes to execute the command */
 static void
 distribute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd)
@@ -2336,6 +2384,9 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
 	} else if(cmdcmp(p, "list_local_data", 15)) {
 		do_list_local_data(ssl, worker);
 		return;
+	} else if(cmdcmp(p, "ratelimit_list", 14)) {
+		do_ratelimit_list(ssl, worker, p+14);
+		return;
 	} else if(cmdcmp(p, "stub_add", 8)) {
 		/* must always distribute this cmd */
 		if(rc) distribute_cmd(rc, ssl, cmd);

doc/Changelog

@@ -1,4 +1,5 @@
 10 April 2015: Wouter
+	- unbound-control ratelimit_list lists high rate domains.
 	- ratelimit feature, ratelimit: 100, or some sensible qps, can be
 	  used to turn it on.  It ratelimits recursion effort per zone.
 	  For particular names you can configure exceptions in unbound.conf.

services/cache/infra.c

@@ -704,7 +704,7 @@ infra_get_lame_rtt(struct infra_cache* infra,
 }
 
 /** find the ratelimit in qps for a domain */
-static int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
+int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
 	size_t namelen)
 {
 	int labs = dname_count_labels(name);
@@ -789,7 +789,7 @@ static int* infra_rate_find_second(void* data, time_t t)
 }
 
 /** find the maximum rate stored, not too old. 0 if no information. */
-static int infra_rate_max(void* data, time_t now)
+int infra_rate_max(void* data, time_t now)
 {
 	struct rate_data* d = (struct rate_data*)data;
 	int i, max = 0;

smallapp/unbound-control.c

@@ -123,6 +123,8 @@ usage()
 	printf("  forward [off | addr ...]	without arg show forward setup\n");
 	printf("				or off to turn off root forwarding\n");
 	printf("				or give list of ip addresses\n");
+	printf("  ratelimit_list [+a]		list ratelimited domains\n");
+	printf("		+a		list all, also not ratelimited\n");
 	printf("Version %s\n", PACKAGE_VERSION);
 	printf("BSD licensed, see LICENSE in source package for details.\n");
 	printf("Report bugs to %s\n", PACKAGE_BUGREPORT);