- Fix #1277: disable domain ratelimit by setting value to 0.

git-svn-id: file:///svn/unbound/trunk@4235 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index af26a2559c1a5717d9aa3500e87f6d5545ba2482..49674aa111ec8239116f602639b32a4c45ccec05 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+16 June 2017: Ralph
+       - Fix #1277: disable domain ratelimit by setting value to 0.
+
 16 June 2017: Wouter
        - Fix #1301: memory leak in respip and tests.
        - Free callback in edns-subnetmod on exit and restart.

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index f88116a67df75cb61b548efa0490d88f04a5c71f..721cd3d76d3261556e56382c7c683d12ec2c9ff0 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -1202,20 +1202,20 @@ This can make ordinary queries complete (if repeatedly queried for),
 and enter the cache, whilst also mitigating the traffic flow by the
 factor given.
 .TP 5
-.B ratelimit\-for\-domain: \fI<domain> <number qps>
+.B ratelimit\-for\-domain: \fI<domain> <number qps or 0>
 Override the global ratelimit for an exact match domain name with the listed
 number.  You can give this for any number of names.  For example, for
 a top\-level\-domain you may want to have a higher limit than other names.
-A value of \-1 will disable ratelimiting for that domain.
+A value of 0 will disable ratelimiting for that domain.
 .TP 5
-.B ratelimit\-below\-domain: \fI<domain> <number qps>
+.B ratelimit\-below\-domain: \fI<domain> <number qps or 0>
 Override the global ratelimit for a domain name that ends in this name.
 You can give this multiple times, it then describes different settings
 in different parts of the namespace.  The closest matching suffix is used
 to determine the qps limit.  The rate for the exact matching domain name
 is not changed, use ratelimit\-for\-domain to set that, you might want
 to use different settings for a top\-level\-domain and subdomains.
-A value of \-1 will disable ratelimiting for domain names that end in this name.
+A value of 0 will disable ratelimiting for domain names that end in this name.
 .TP 5
 .B ip\-ratelimit: \fI<number or 0>
 Enable global ratelimiting of queries accepted per ip address.

diff --git a/services/cache/infra.c b/services/cache/infra.c
index 314c85ef511203b06a4e18d26f67eddc6205d341..ca1102ef5f7fb30f08d0b73673f2af49d587b80c 100644 (file)
--- a/services/cache/infra.c
+++ b/services/cache/infra.c
@@ -893,6 +893,8 @@ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
 
        /* find ratelimit */
        lim = infra_find_ratelimit(infra, name, namelen);
+       if(!lim)
+               return 1; /* disabled for this domain */
        
        /* find or insert ratedata */
        entry = infra_find_ratedata(infra, name, namelen, 1);
@@ -941,6 +943,8 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
 
        /* find ratelimit */
        lim = infra_find_ratelimit(infra, name, namelen);
+       if(!lim)
+               return 0; /* disabled for this domain */
 
        /* find current rate */
        entry = infra_find_ratedata(infra, name, namelen, 0);

diff --git a/services/cache/infra.h b/services/cache/infra.h
index 6f9471a3941c62ccb4a7e1b16e6fe707a8f6c2b3..10db796bfcddd5a10d96856dbf029b56d241de4b 100644 (file)
--- a/services/cache/infra.h
+++ b/services/cache/infra.h
@@ -401,7 +401,7 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
 /** find the maximum rate stored, not too old. 0 if no information. */
 int infra_rate_max(void* data, time_t now);
 
-/** find the ratelimit in qps for a domain */
+/** find the ratelimit in qps for a domain. 0 if no limit for domain. */
 int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
        size_t namelen);