- Fix ratelimit inconsistency, for ip-ratelimits the value is the

  amount allowed, like for ratelimits.

diff --git a/doc/Changelog b/doc/Changelog
index 2d449e0a227377535db4c7defcbfc74c2df47de7..dcac7fc410798ba4942de0b15782dd6aa9cddfe6 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+4 August 2022: Wouter
+       - Fix ratelimit inconsistency, for ip-ratelimits the value is the
+         amount allowed, like for ratelimits.
+
 2 August 2022: Wouter
        - Fix edns subnet so that scope 0 answers only match sourcemask 0
          queries for answers from cache if from a query with sourcemask 0.

diff --git a/services/cache/infra.c b/services/cache/infra.c
index 0461c815b86b6e3fc6c1fc6df67b5fa1e4a49e39..9d5cdb16223fd98a68e614dd4bae23e90f049031 100644 (file)
--- a/services/cache/infra.c
+++ b/services/cache/infra.c
@@ -1040,7 +1040,7 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
        max = infra_rate_max(entry->data, timenow, backoff);
        lock_rw_unlock(&entry->lock);
 
-       return (max >= lim);
+       return (max > lim);
 }
 
 size_t 
@@ -1073,7 +1073,7 @@ int infra_ip_ratelimit_inc(struct infra_cache* infra,
                max = infra_rate_max(entry->data, timenow, backoff);
                lock_rw_unlock(&entry->lock);
 
-               if(premax < infra_ip_ratelimit && max >= infra_ip_ratelimit) {
+               if(premax <= infra_ip_ratelimit && max > infra_ip_ratelimit) {
                        char client_ip[128], qnm[LDNS_MAX_DOMAINLEN+1+12+12];
                        addr_to_str((struct sockaddr_storage *)&repinfo->addr,
                                repinfo->addrlen, client_ip, sizeof(client_ip));