1 /* rrl.h - Response Rate Limiting for NSD. 2 * By W.C.A. Wijngaards 3 * Copyright 2012, NLnet Labs. 4 * BSD, see LICENSE. 5 */ 6 #ifndef RRL_H 7 #define RRL_H 8 #include "query.h" 9 10 /** the classification types for the rrl */ 11 enum rrl_type { 12 /* classification types */ 13 rrl_type_nxdomain = 0x01, 14 rrl_type_error = 0x02, 15 rrl_type_referral = 0x04, 16 rrl_type_any = 0x08, 17 rrl_type_wildcard = 0x10, 18 rrl_type_nodata = 0x20, 19 rrl_type_dnskey = 0x40, 20 rrl_type_positive = 0x80, 21 rrl_type_rrsig = 0x100, 22 23 /* all classification types */ 24 rrl_type_all = 0x1ff, 25 /* to distinguish between ip4 and ip6 netblocks, used in code */ 26 rrl_ip6 = 0x8000 27 }; 28 29 /** Number of buckets */ 30 #define RRL_BUCKETS 1000000 31 /** default rrl limit, in 2x qps , the default is 200 qps */ 32 #define RRL_LIMIT 400 33 /** default slip */ 34 #define RRL_SLIP 2 35 /** default prefix lengths */ 36 #define RRL_IPV4_PREFIX_LENGTH 24 37 #define RRL_IPV6_PREFIX_LENGTH 64 38 /** default whitelist rrl limit, in 2x qps, default is thus 2000 qps */ 39 #define RRL_WLIST_LIMIT 4000 40 41 /** 42 * Initialize for n children (optional, otherwise no mmaps used) 43 * ratelimits lm and wlm are in qps (this routines x2s them for internal use). 44 * plf and pls are in prefix lengths. 45 */ 46 void rrl_mmap_init(int numch, size_t numbuck, size_t lm, size_t wlm, size_t sm, 47 size_t plf, size_t pls); 48 49 /** 50 * Initialize rate limiting (for this child server process) 51 */ 52 void rrl_init(size_t ch); 53 54 /** deinit (for this child server process) */ 55 void rrl_deinit(size_t ch); 56 57 /** deinit mmaps for n children */ 58 void rrl_mmap_deinit(void); 59 /** frees memory but keeps mmap in place (for other processes) */ 60 void rrl_mmap_deinit_keep_mmap(void); 61 62 /** 63 * Process query that happens, the query structure contains the 64 * information about the query and the answer. 65 * returns true if the query is ratelimited. 66 */ 67 int rrl_process_query(query_type* query); 68 69 /** 70 * Deny the query, with slip. 71 * Returns DISCARD or PROCESSED(with TC flag). 72 */ 73 query_state_type rrl_slip(query_type* query); 74 75 /** convert classification type to string */ 76 const char* rrltype2str(enum rrl_type c); 77 /** convert string to classification type */ 78 enum rrl_type rrlstr2type(const char* s); 79 80 /** for unit test, update rrl bucket; return rate */ 81 uint32_t rrl_update(query_type* query, uint32_t hash, uint64_t source, 82 uint16_t flags, int32_t now, uint32_t lm); 83 /** set the rate limit counters, pass variables in qps */ 84 void rrl_set_limit(size_t lm, size_t wlm, size_t sm); 85 86 #endif /* RRL_H */ 87
Indexes created Tue Feb 24 01:34:59 UTC 2026