From fbe8e3b0b246b2bd8a0b98547f7d2ed39663592a Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Thu, 4 Aug 2022 11:33:37 +0200 Subject: [PATCH] - Fix ratelimit inconsistency, for ip-ratelimits the value is the amount allowed, like for ratelimits. --- doc/Changelog | 4 ++++ services/cache/infra.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 2d449e0a2..dcac7fc41 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +4 August 2022: Wouter + - Fix ratelimit inconsistency, for ip-ratelimits the value is the + amount allowed, like for ratelimits. + 2 August 2022: Wouter - Fix edns subnet so that scope 0 answers only match sourcemask 0 queries for answers from cache if from a query with sourcemask 0. diff --git a/services/cache/infra.c b/services/cache/infra.c index 0461c815b..9d5cdb162 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -1040,7 +1040,7 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, max = infra_rate_max(entry->data, timenow, backoff); lock_rw_unlock(&entry->lock); - return (max >= lim); + return (max > lim); } size_t @@ -1073,7 +1073,7 @@ int infra_ip_ratelimit_inc(struct infra_cache* infra, max = infra_rate_max(entry->data, timenow, backoff); lock_rw_unlock(&entry->lock); - if(premax < infra_ip_ratelimit && max >= infra_ip_ratelimit) { + if(premax <= infra_ip_ratelimit && max > infra_ip_ratelimit) { char client_ip[128], qnm[LDNS_MAX_DOMAINLEN+1+12+12]; addr_to_str((struct sockaddr_storage *)&repinfo->addr, repinfo->addrlen, client_ip, sizeof(client_ip));