Commit b655c2f9 authored by Daniel Salzman's avatar Daniel Salzman

Merge branch 'rrl_refactor' into 'master'

Module RRL refactoring

See merge request !993
parents 1abc2d8d 0eb7d6db
This diff is collapsed.
/* Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> /* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -72,7 +72,7 @@ typedef enum { ...@@ -72,7 +72,7 @@ typedef enum {
* \brief RRL request descriptor. * \brief RRL request descriptor.
*/ */
typedef struct { typedef struct {
const uint8_t *w; const uint8_t *wire;
uint16_t len; uint16_t len;
rrl_req_flag_t flags; rrl_req_flag_t flags;
knot_pkt_t *query; knot_pkt_t *query;
...@@ -90,15 +90,15 @@ rrl_table_t *rrl_create(size_t size, uint32_t rate); ...@@ -90,15 +90,15 @@ rrl_table_t *rrl_create(size_t size, uint32_t rate);
* \brief Query the RRL table for accept or deny, when the rate limit is reached. * \brief Query the RRL table for accept or deny, when the rate limit is reached.
* *
* \param rrl RRL table. * \param rrl RRL table.
* \param a Source address. * \param remote Source address.
* \param req RRL request (containing resp., flags and question). * \param req RRL request (containing resp., flags and question).
* \param zone Zone name related to the response (or NULL). * \param zone Zone name related to the response (or NULL).
* \param mod Query module (needed for logging). * \param mod Query module (needed for logging).
* \retval KNOT_EOK if passed. * \retval KNOT_EOK if passed.
* \retval KNOT_ELIMIT when the limit is reached. * \retval KNOT_ELIMIT when the limit is reached.
*/ */
int rrl_query(rrl_table_t *rrl, const struct sockaddr_storage *a, rrl_req_t *req, int rrl_query(rrl_table_t *rrl, const struct sockaddr_storage *remote,
const knot_dname_t *zone, knotd_mod_t *mod); rrl_req_t *req, const knot_dname_t *zone, knotd_mod_t *mod);
/*! /*!
* \brief Roll a dice whether answer slips or not. * \brief Roll a dice whether answer slips or not.
......
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> /* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -97,7 +97,7 @@ static knotd_state_t ratelimit_apply(knotd_state_t state, knot_pkt_t *pkt, ...@@ -97,7 +97,7 @@ static knotd_state_t ratelimit_apply(knotd_state_t state, knot_pkt_t *pkt,
} }
rrl_req_t req = { rrl_req_t req = {
.w = pkt->wire, .wire = pkt->wire,
.query = qdata->query .query = qdata->query
}; };
...@@ -164,17 +164,16 @@ int rrl_load(knotd_mod_t *mod) ...@@ -164,17 +164,16 @@ int rrl_load(knotd_mod_t *mod)
} }
// Create table. // Create table.
knotd_conf_t rate = knotd_conf_mod(mod, MOD_RATE_LIMIT); uint32_t rate = knotd_conf_mod(mod, MOD_RATE_LIMIT).single.integer;
knotd_conf_t size = knotd_conf_mod(mod, MOD_TBL_SIZE); size_t size = knotd_conf_mod(mod, MOD_TBL_SIZE).single.integer;
ctx->rrl = rrl_create(size.single.integer, rate.single.integer); ctx->rrl = rrl_create(size, rate);
if (ctx->rrl == NULL) { if (ctx->rrl == NULL) {
ctx_free(ctx); ctx_free(ctx);
return KNOT_ENOMEM; return KNOT_ENOMEM;
} }
// Get slip. // Get slip.
knotd_conf_t conf = knotd_conf_mod(mod, MOD_SLIP); ctx->slip = knotd_conf_mod(mod, MOD_SLIP).single.integer;
ctx->slip = conf.single.integer;
// Get whitelist. // Get whitelist.
ctx->whitelist = knotd_conf_mod(mod, MOD_WHITELIST); ctx->whitelist = knotd_conf_mod(mod, MOD_WHITELIST);
......
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> /* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -21,6 +21,7 @@ ...@@ -21,6 +21,7 @@
#include "libknot/libknot.h" #include "libknot/libknot.h"
#include "contrib/sockaddr.h" #include "contrib/sockaddr.h"
#include "knot/modules/rrl/functions.c" #include "knot/modules/rrl/functions.c"
#include "stdio.h"
/* Enable time-dependent tests. */ /* Enable time-dependent tests. */
//#define ENABLE_TIMED_TESTS //#define ENABLE_TIMED_TESTS
...@@ -115,7 +116,7 @@ int main(int argc, char *argv[]) ...@@ -115,7 +116,7 @@ int main(int argc, char *argv[])
knot_wire_flags_set_qr(rbuf); knot_wire_flags_set_qr(rbuf);
rrl_req_t rq; rrl_req_t rq;
rq.w = rbuf; rq.wire = rbuf;
rq.len = rlen; rq.len = rlen;
rq.query = query; rq.query = query;
rq.flags = 0; rq.flags = 0;
...@@ -125,7 +126,7 @@ int main(int argc, char *argv[]) ...@@ -125,7 +126,7 @@ int main(int argc, char *argv[])
rrl_table_t *rrl = rrl_create(RRL_SIZE, rate); rrl_table_t *rrl = rrl_create(RRL_SIZE, rate);
ok(rrl != NULL, "rrl: create"); ok(rrl != NULL, "rrl: create");
/* 4. N unlimited requests. */ /* 2. N unlimited requests. */
knot_dname_t *zone = knot_dname_from_str_alloc("rrl."); knot_dname_t *zone = knot_dname_from_str_alloc("rrl.");
struct sockaddr_storage addr; struct sockaddr_storage addr;
...@@ -142,6 +143,16 @@ int main(int argc, char *argv[]) ...@@ -142,6 +143,16 @@ int main(int argc, char *argv[])
} }
is_int(0, ret, "rrl: unlimited IPv4/v6 requests"); is_int(0, ret, "rrl: unlimited IPv4/v6 requests");
/* 3. Endian-independent hash input buffer. */
uint8_t buf[RRL_CLSBLK_MAXLEN];
// CLS_LARGE + remote + dname wire.
uint8_t expectedv4[] = "\x10\x01\x02\x03\x00\x00\x00\x00\x00\x04""beef";
rrl_classify(buf, sizeof(buf), &addr, &rq, qname);
is_int(0, memcmp(buf, expectedv4, sizeof(expectedv4)), "rrl: IPv4 hash input buffer");
uint8_t expectedv6[] = "\x10\x11\x22\x33\x44\x55\x66\x77\x00\x04""beef";
rrl_classify(buf, sizeof(buf), &addr6, &rq, qname);
is_int(0, memcmp(buf, expectedv6, sizeof(expectedv6)), "rrl: IPv6 hash input buffer");
#ifdef ENABLE_TIMED_TESTS #ifdef ENABLE_TIMED_TESTS
/* 5. limited request */ /* 5. limited request */
ret = rrl_query(rrl, &addr, &rq, zone, NULL); ret = rrl_query(rrl, &addr, &rq, zone, NULL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment