- Print query name and IP address when domain rate limit exceeded.

git-svn-id: file:///svn/unbound/trunk@5117 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 78af63b845b33478305da164cf3bcc2c7ee46599..bd2e0a6022d0c71fd8c81d611d81ca1247fcf9b5 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 18 February 2019: Wouter
        - Print query name with ip_ratelimit exceeded log lines.
        - Spaces instead of tabs in that log message.
+       - Print query name and IP address when domain rate limit exceeded.
 
 14 February 2019: Wouter
        - Fix capsforid canonical sort qsort callback.

diff --git a/iterator/iterator.c b/iterator/iterator.c
index adc2b2233b4b8b44d0110e4d8e78310265950e10..c73fb5177489042ef0795be29071f980d03f473f 100644 (file)
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -1448,7 +1448,8 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
                         * now will also exceed the rate, keeping cache fresh */
                        (void)infra_ratelimit_inc(qstate->env->infra_cache,
                                iq->dp->name, iq->dp->namelen,
-                               *qstate->env->now);
+                               *qstate->env->now, &qstate->qinfo,
+                               qstate->reply);
                        /* see if we are passed through with slip factor */
                        if(qstate->env->cfg->ratelimit_factor != 0 &&
                                ub_random_max(qstate->env->rnd,
@@ -2487,7 +2488,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
        /* if not forwarding, check ratelimits per delegationpoint name */
        if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) {
                if(!infra_ratelimit_inc(qstate->env->infra_cache, iq->dp->name,
-                       iq->dp->namelen, *qstate->env->now)) {
+                       iq->dp->namelen, *qstate->env->now, &qstate->qinfo,
+                       qstate->reply)) {
                        lock_basic_lock(&ie->queries_ratelimit_lock);
                        ie->num_queries_ratelimited++;
                        lock_basic_unlock(&ie->queries_ratelimit_lock);

diff --git a/services/cache/infra.c b/services/cache/infra.c
index 5ced2d5bbccb6b4af33674eb1e7c34a21efbc539..c2484a9f1aa88c35f227a1ff90c4c7798cdf0293 100644 (file)
--- a/services/cache/infra.c
+++ b/services/cache/infra.c
@@ -909,7 +909,8 @@ int infra_rate_max(void* data, time_t now)
 }
 
 int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
-       size_t namelen, time_t timenow)
+       size_t namelen, time_t timenow, struct query_info* qinfo,
+       struct comm_reply* replylist)
 {
        int lim, max;
        struct lruhash_entry* entry;
@@ -932,9 +933,19 @@ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
                lock_rw_unlock(&entry->lock);
 
                if(premax < lim && max >= lim) {
-                       char buf[257];
+                       char buf[257], qnm[257], ts[12], cs[12], ip[128];
                        dname_str(name, buf);
-                       verbose(VERB_OPS, "ratelimit exceeded %s %d", buf, lim);
+                       dname_str(qinfo->qname, qnm);
+                       sldns_wire2str_type_buf(qinfo->qtype, ts, sizeof(ts));
+                       sldns_wire2str_class_buf(qinfo->qclass, cs, sizeof(cs));
+                       ip[0]=0;
+                       if(replylist) {
+                               addr_to_str((struct sockaddr_storage *)&replylist->addr,
+                                       replylist->addrlen, ip, sizeof(ip));
+                               verbose(VERB_OPS, "ratelimit exceeded %s %d query %s %s %s from %s", buf, lim, qnm, cs, ts, ip);
+                       } else {
+                               verbose(VERB_OPS, "ratelimit exceeded %s %d query %s %s %s", buf, lim, qnm, cs, ts);
+                       }
                }
                return (max < lim);
        }

diff --git a/services/cache/infra.h b/services/cache/infra.h
index 0f398d8ede3f13f033839c4924884d2cb39c6f1c..e33f2a6c04ee264aedcd5191b2ff74ece5832cfa 100644 (file)
--- a/services/cache/infra.h
+++ b/services/cache/infra.h
@@ -366,12 +366,15 @@ long long infra_get_host_rto(struct infra_cache* infra,
  * @param name: zone name
  * @param namelen: zone name length
  * @param timenow: what time it is now.
+ * @param qinfo: for logging, query name.
+ * @param replylist: for logging, querier's address (if any).
  * @return 1 if it could be incremented. 0 if the increment overshot the
  * ratelimit or if in the previous second the ratelimit was exceeded.
  * Failures like alloc failures are not returned (probably as 1).
  */
 int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
-       size_t namelen, time_t timenow);
+       size_t namelen, time_t timenow, struct query_info* qinfo,
+       struct comm_reply* replylist);
 
 /**
  * Decrement the query rate counter for a delegation point.