Commit f5d0fe57 authored by Mark Karpilovskij's avatar Mark Karpilovskij Committed by Daniel Salzman

cookies: cooperation with the RRL module

parent 1dd71dd0
......@@ -358,6 +358,7 @@ typedef enum {
KNOTD_QUERY_FLAG_NO_IXFR = 1 << 1, /*!< Don't process IXFR. */
KNOTD_QUERY_FLAG_LIMIT_ANY = 1 << 2, /*!< Limit ANY QTYPE (respond with TC=1). */
KNOTD_QUERY_FLAG_LIMIT_SIZE = 1 << 3, /*!< Apply UDP size limit. */
KNOTD_QUERY_FLAG_COOKIE = 1 << 4, /*!< Valid DNS Cookie indication. */
} knotd_query_flag_t;
/*! Query processing data context parameters. */
......
......@@ -208,6 +208,9 @@ static knotd_state_t cookies_process(knotd_state_t state, knot_pkt_t *pkt,
return KNOTD_STATE_FAIL;
}
// Set the valid cookie flag.
qdata->params->flags |= KNOTD_QUERY_FLAG_COOKIE;
return state;
}
......
......@@ -111,6 +111,11 @@ static knotd_state_t ratelimit_apply(knotd_state_t state, knot_pkt_t *pkt,
return state;
}
// Rate limit is not applied to responses with a valid cookie.
if (qdata->params->flags & KNOTD_QUERY_FLAG_COOKIE) {
return state;
}
// Exempt clients.
if (addr_range_match(&ctx->whitelist, qdata->params->remote)) {
return state;
......
......@@ -16,6 +16,10 @@ the responses as truncated or by dropping them altogether.
The module introduces two statistics counters. The number of slipped and
dropped responses.
.. NOTE::
If the :ref:`Cookies<mod-cookies>` module is active, RRL is not applied
for responses with a valid DNS cookie.
Example
-------
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment