- Fix that ratelimit and ip-ratelimit are applied after reload of

git-svn-id: file:///svn/unbound/trunk@4786 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 367451e7b9d84100e2f63c40f92b52814e2f7991..3461722b43a3bd2f5b72317cd33d2b618540141c 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,8 @@
        - Fix #4127 unbound -h does not list -p help.
        - Print error if SSL name verification configured but not available
          in the ssl library.
+       - Fix that ratelimit and ip-ratelimit are applied after reload of
+         changed config file.
 
 16 July 2018: Wouter
        - Fix qname minimisation NXDOMAIN validation lookup failures causing

diff --git a/services/cache/infra.c b/services/cache/infra.c
index f4320306daa2df1b3b4b0c270669c01446762e89..59f2eba8969d683058e7386a33411fff8427c7ed 100644 (file)
--- a/services/cache/infra.c
+++ b/services/cache/infra.c
@@ -215,6 +215,18 @@ static int infra_ratelimit_cfg_insert(struct infra_cache* infra,
        return 1;
 }
 
+/** setup domain limits tree (0 on failure) */
+static int
+setup_domain_limits(struct infra_cache* infra, struct config_file* cfg)
+{
+       name_tree_init(&infra->domain_limits);
+       if(!infra_ratelimit_cfg_insert(infra, cfg)) {
+               return 0;
+       }
+       name_tree_init_parents(&infra->domain_limits);
+       return 1;
+}
+
 struct infra_cache* 
 infra_create(struct config_file* cfg)
 {
@@ -230,7 +242,6 @@ infra_create(struct config_file* cfg)
                return NULL;
        }
        infra->host_ttl = cfg->host_ttl;
-       name_tree_init(&infra->domain_limits);
        infra_dp_ratelimit = cfg->ratelimit;
        infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
                INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
@@ -241,11 +252,10 @@ infra_create(struct config_file* cfg)
                return NULL;
        }
        /* insert config data into ratelimits */
-       if(!infra_ratelimit_cfg_insert(infra, cfg)) {
+       if(!setup_domain_limits(infra, cfg)) {
                infra_delete(infra);
                return NULL;
        }
-       name_tree_init_parents(&infra->domain_limits);
        infra_ip_ratelimit = cfg->ip_ratelimit;
        infra->client_ip_rates = slabhash_create(cfg->ip_ratelimit_slabs,
            INFRA_HOST_STARTSIZE, cfg->ip_ratelimit_size, &ip_rate_sizefunc,
@@ -285,12 +295,22 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg)
        if(!infra)
                return infra_create(cfg);
        infra->host_ttl = cfg->host_ttl;
+       infra_dp_ratelimit = cfg->ratelimit;
+       infra_ip_ratelimit = cfg->ip_ratelimit;
        maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+
                sizeof(struct infra_data)+INFRA_BYTES_NAME);
        if(maxmem != slabhash_get_size(infra->hosts) ||
                cfg->infra_cache_slabs != infra->hosts->size) {
                infra_delete(infra);
                infra = infra_create(cfg);
+       } else {
+               /* reapply domain limits */
+               traverse_postorder(&infra->domain_limits, domain_limit_free,
+                       NULL);
+               if(!setup_domain_limits(infra, cfg)) {
+                       infra_delete(infra);
+                       return NULL;
+               }
        }
        return infra;
 }