+/* Copyright (C) CZ.NIC, z.s.p.o. <knot-resolver@labs.nic.cz>
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
#include "daemon/defer.h"
#include "daemon/mmapped.h"
#include "daemon/session2.h"
struct pl_defer_iter_data {
struct protolayer_data h;
uint64_t req_stamp; // time when request was received, uses get_stamp()
- // TODO use different clock than CLOCK_THREAD_CPUTIME_ID?
};
/// Return whether we're using optimized variant right now.
+/* Copyright (C) CZ.NIC, z.s.p.o. <knot-resolver@labs.nic.cz>
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
#include <stdbool.h>
#include "lib/defines.h"
#include "lib/utils.h"
subdir('lua')
+
kresd = executable(
'kresd',
kresd_src,
+/* Copyright (C) CZ.NIC, z.s.p.o. <knot-resolver@labs.nic.cz>
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
#include <fcntl.h>
#include <sys/mman.h>
#include <errno.h>
+/* Copyright (C) CZ.NIC, z.s.p.o. <knot-resolver@labs.nic.cz>
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
#include <stdbool.h>
#define MMAPPED_WAS_FIRST 1
+/* Copyright (C) CZ.NIC, z.s.p.o. <knot-resolver@labs.nic.cz>
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
#include "daemon/ratelimiting.h"
#include "daemon/mmapped.h"
#include "lib/kru.h"
+/* Copyright (C) CZ.NIC, z.s.p.o. <knot-resolver@labs.nic.cz>
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
#include <stdbool.h>
#include "lib/defines.h"
#include "lib/utils.h"
/* create rrl table */
const char *tmpdir = test_tmpdir_create();
char mmap_file[64];
- stpcpy(stpcpy(mmap_file, tmpdir), "/rrl");
+ stpcpy(stpcpy(mmap_file, tmpdir), "/ratelimiting");
ratelimiting_init(mmap_file, RRL_TABLE_SIZE, RRL_INSTANT_LIMIT, RRL_RATE_LIMIT, 0);
if (KRU.initialize == KRU_GENERIC.initialize) {
return (struct protolayer_data *)(pl_data_beg + offset);
}
+void *protolayer_sess_data_get_current(struct protolayer_iter_ctx *ctx)
+{
+ return protolayer_sess_data_get(ctx->session, ctx->layer_ix);
+}
+
/** Gets layer-specific iteration data for the layer with the specified index
* from the context. */
static inline struct protolayer_data *protolayer_iter_data_get(
return protolayer_iter_data_get(ctx, ctx->layer_ix);
}
-void *protolayer_sess_data_get_current(struct protolayer_iter_ctx *ctx)
-{
- return protolayer_sess_data_get(ctx->session, ctx->layer_ix);
-}
-
static inline ssize_t session2_get_protocol(
struct session2 *s, enum protolayer_type protocol)
{
if ((direction == PROTOLAYER_UNWRAP) && (layer_ix == 0))
defer_sample_start();
- int ret;
-
struct protolayer_iter_ctx *ctx = malloc(session->iter_ctx_size);
kr_require(ctx);
globals->iter_init(ctx, iter_data);
}
- ret = protolayer_step(ctx);
+ int ret = protolayer_step(ctx);
if ((direction == PROTOLAYER_UNWRAP) && (layer_ix == 0))
defer_sample_stop();
return ret;
* queue iterators, as it does not need to iterate through the whole queue. */
bool protolayer_queue_has_payload(const protolayer_iter_ctx_queue_t *queue);
-/** Gets layer-specific iteration data for the last processed layer.
- * To be used after returning from its callback for async continuation but before calling protolayer_continue. */
-void *protolayer_iter_data_get_current(struct protolayer_iter_ctx *ctx);
-
/** Gets layer-specific session data for the last processed layer.
* To be used after returning from its callback for async continuation but before calling protolayer_continue. */
void *protolayer_sess_data_get_current(struct protolayer_iter_ctx *ctx);
+/** Gets layer-specific iteration data for the last processed layer.
+ * To be used after returning from its callback for async continuation but before calling protolayer_continue. */
+void *protolayer_iter_data_get_current(struct protolayer_iter_ctx *ctx);
/** Layer-specific data - the generic struct. To be added as the first member of
* each specific struct. */
} source;
};
-
/** Query resolution task. */
struct qr_task
{
},
"rate-limit": {
"type": "integer",
- "description": "Number of allowed queries per second from a single host."
+ "description": "Maximal number of allowed queries per second from a single host."
},
"instant-limit": {
"type": "integer",
- "description": "Number of allowed queries at a single point in time from a single host.",
+ "description": "Maximal number of allowed queries at a single point in time from a single host.",
"default": 50
},
"slip": {
#define ALIGNED_CPU_CACHE _Alignas(64)
-// An unsigned integral type used for prices, blocking occurs when sum of prices overflows.
+// An unsigned integral type used for prices, limiting occurs when sum of prices overflows.
// Greater than 16-bit type enables randomized fractional incrementing as the internal counters are still 16-bit.
// Exponential decay always uses randomized rounding on 32 bits.
typedef uint32_t kru_price_t;
/// Note that the _multi variants increase these totals
/// by tracking multiple keys in a single query.
///
+ /// The max_decay parameter sets maximal decrease of a counter per a time_now tick,
+ /// which occurs when the original value was just under the limit.
+ /// I.e. the value KRU_LIMIT will be lowered to (KRU_LIMIT - max_decay);
+ /// in general, the value is multiplied by (KRU_LIMIT - max_decay)/KRU_LIMIT each time_now tick
+ /// (typically time_now counts milliseconds).
+ ///
/// Returns false if kru is NULL or other failure occurs.
- bool (*initialize)(struct kru *kru, int capacity_log, kru_price_t max_decay); // TODO describe max_decay and some other args below
+ bool (*initialize)(struct kru *kru, int capacity_log, kru_price_t max_decay);
/// Calculate size of the KRU structure.
size_t (*get_size)(int capacity_log);
/// Returns a prefix (value in prefixes) on which the key is blocked, or zero if all queries passed.
/// Updates KRU only if no query is blocked, unless a race condition occurs --
/// in such a case all longer prefixes might have been updated.
- /// The key of i-th query consists of prefixes[i] bits of key, prefixes[i], and namespace.
+ /// The key of i-th query consists of prefixes[i] bits of key, prefixes[i], and namespace;
+ /// the specific namespace values may be arbitrary,
+ /// they just extend the keys to allow storing different noncolliding sets of them in the same table (such as IPv4 and IPv6).
/// If zero is returned, *max_load_out (unless NULL) is set to
/// the maximum of final values of the involved counters normalized to the limit 2^16.
uint8_t (*limited_multi_prefix_or)(struct kru *kru, uint32_t time_now,
/// Returns the maximum of final values of the involved counters normalized to the limit 2^16
/// and stores the corresponding prefix (value in prefixes) to *prefix_out (unless NULL).
/// Set prices to NULL to skip updating; otherwise, KRU is always updated, using maximal allowed value on overflow.
- /// The key of i-th query consists of prefixes[i] bits of key, prefixes[i], and namespace.
+ /// The key of i-th query consists of prefixes[i] bits of key, prefixes[i], and namespace; as above.
uint16_t (*load_multi_prefix_max)(struct kru *kru, uint32_t time_now,
uint8_t namespace, uint8_t key[static 16], uint8_t *prefixes, kru_price_t *prices, size_t queries_cnt, uint8_t *prefix_out);
};
---
capacity: Expected maximal number of blocked networks/hosts at the same time.
- rate_limit: Number of allowed queries per second from a single host.
- instant_limit: Number of allowed queries at a single point in time from a single host.
+ rate_limit: Maximal number of allowed queries per second from a single host.
+ instant_limit: Maximal number of allowed queries at a single point in time from a single host.
slip: Number of restricted responses out of which one is sent as truncated, the others are dropped.
"""
libuv,
lmdb,
libdnssec,
- # https://mesonbuild.com/howtox.html#add-math-library-lm-portably
- (meson.get_compiler('c').find_library('m', required : false)),
+ libm,
],
)
projects / thirdparty / knot-resolver.git / commitdiff
