Commit b655c2f9 authored by Daniel Salzman's avatar Daniel Salzman

Merge branch 'rrl_refactor' into 'master'

Module RRL refactoring

See merge request !993
parents 1abc2d8d 0eb7d6db
This diff is collapsed.
/* Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -72,7 +72,7 @@ typedef enum {
* \brief RRL request descriptor.
*/
typedef struct {
const uint8_t *w;
const uint8_t *wire;
uint16_t len;
rrl_req_flag_t flags;
knot_pkt_t *query;
......@@ -90,15 +90,15 @@ rrl_table_t *rrl_create(size_t size, uint32_t rate);
* \brief Query the RRL table for accept or deny, when the rate limit is reached.
*
* \param rrl RRL table.
* \param a Source address.
* \param remote Source address.
* \param req RRL request (containing resp., flags and question).
* \param zone Zone name related to the response (or NULL).
* \param mod Query module (needed for logging).
* \retval KNOT_EOK if passed.
* \retval KNOT_ELIMIT when the limit is reached.
*/
int rrl_query(rrl_table_t *rrl, const struct sockaddr_storage *a, rrl_req_t *req,
const knot_dname_t *zone, knotd_mod_t *mod);
int rrl_query(rrl_table_t *rrl, const struct sockaddr_storage *remote,
rrl_req_t *req, const knot_dname_t *zone, knotd_mod_t *mod);
/*!
* \brief Roll a dice whether answer slips or not.
......
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -97,7 +97,7 @@ static knotd_state_t ratelimit_apply(knotd_state_t state, knot_pkt_t *pkt,
}
rrl_req_t req = {
.w = pkt->wire,
.wire = pkt->wire,
.query = qdata->query
};
......@@ -164,17 +164,16 @@ int rrl_load(knotd_mod_t *mod)
}
// Create table.
knotd_conf_t rate = knotd_conf_mod(mod, MOD_RATE_LIMIT);
knotd_conf_t size = knotd_conf_mod(mod, MOD_TBL_SIZE);
ctx->rrl = rrl_create(size.single.integer, rate.single.integer);
uint32_t rate = knotd_conf_mod(mod, MOD_RATE_LIMIT).single.integer;
size_t size = knotd_conf_mod(mod, MOD_TBL_SIZE).single.integer;
ctx->rrl = rrl_create(size, rate);
if (ctx->rrl == NULL) {
ctx_free(ctx);
return KNOT_ENOMEM;
}
// Get slip.
knotd_conf_t conf = knotd_conf_mod(mod, MOD_SLIP);
ctx->slip = conf.single.integer;
ctx->slip = knotd_conf_mod(mod, MOD_SLIP).single.integer;
// Get whitelist.
ctx->whitelist = knotd_conf_mod(mod, MOD_WHITELIST);
......
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -21,6 +21,7 @@
#include "libknot/libknot.h"
#include "contrib/sockaddr.h"
#include "knot/modules/rrl/functions.c"
#include "stdio.h"
/* Enable time-dependent tests. */
//#define ENABLE_TIMED_TESTS
......@@ -115,7 +116,7 @@ int main(int argc, char *argv[])
knot_wire_flags_set_qr(rbuf);
rrl_req_t rq;
rq.w = rbuf;
rq.wire = rbuf;
rq.len = rlen;
rq.query = query;
rq.flags = 0;
......@@ -125,7 +126,7 @@ int main(int argc, char *argv[])
rrl_table_t *rrl = rrl_create(RRL_SIZE, rate);
ok(rrl != NULL, "rrl: create");
/* 4. N unlimited requests. */
/* 2. N unlimited requests. */
knot_dname_t *zone = knot_dname_from_str_alloc("rrl.");
struct sockaddr_storage addr;
......@@ -142,6 +143,16 @@ int main(int argc, char *argv[])
}
is_int(0, ret, "rrl: unlimited IPv4/v6 requests");
/* 3. Endian-independent hash input buffer. */
uint8_t buf[RRL_CLSBLK_MAXLEN];
// CLS_LARGE + remote + dname wire.
uint8_t expectedv4[] = "\x10\x01\x02\x03\x00\x00\x00\x00\x00\x04""beef";
rrl_classify(buf, sizeof(buf), &addr, &rq, qname);
is_int(0, memcmp(buf, expectedv4, sizeof(expectedv4)), "rrl: IPv4 hash input buffer");
uint8_t expectedv6[] = "\x10\x11\x22\x33\x44\x55\x66\x77\x00\x04""beef";
rrl_classify(buf, sizeof(buf), &addr6, &rq, qname);
is_int(0, memcmp(buf, expectedv6, sizeof(expectedv6)), "rrl: IPv6 hash input buffer");
#ifdef ENABLE_TIMED_TESTS
/* 5. limited request */
ret = rrl_query(rrl, &addr, &rq, zone, NULL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment