/* ================================================== */
-int
+CLG_Limit
CLG_LimitServiceRate(CLG_Service service, int index)
{
Record *record;
check_service_number(service);
if (tokens_per_hit[service] == 0)
- return 0;
+ return CLG_PASS;
record = ARR_GetElement(records, index);
record->drop_flags &= ~(1U << service);
if (record->tokens[service] >= tokens_per_hit[service]) {
record->tokens[service] -= tokens_per_hit[service];
- return 0;
+ return CLG_PASS;
}
drop = limit_response_random(leak_rate[service]);
if (!drop) {
record->tokens[service] = 0;
- return 0;
+ return CLG_PASS;
}
record->drop_flags |= 1U << service;
record->drops[service]++;
total_drops[service]++;
- return 1;
+ return CLG_DROP;
}
/* ================================================== */
CLG_CMDMON,
} CLG_Service;
+typedef enum {
+ CLG_PASS = 0,
+ CLG_DROP,
+} CLG_Limit;
+
extern void CLG_Initialise(void);
extern void CLG_Finalise(void);
extern int CLG_GetClientIndex(IPAddr *client);
extern int CLG_LogServiceAccess(CLG_Service service, IPAddr *client, struct timespec *now);
-extern int CLG_LimitServiceRate(CLG_Service service, int index);
+extern CLG_Limit CLG_LimitServiceRate(CLG_Service service, int index);
extern void CLG_UpdateNtpStats(int auth, NTP_Timestamp_Source rx_ts_src,
NTP_Timestamp_Source tx_ts_src);
extern int CLG_GetNtpMinPoll(void);
/* Don't reply to all requests from hosts other than localhost if the rate
is excessive */
- if (!localhost && log_index >= 0 && CLG_LimitServiceRate(CLG_CMDMON, log_index)) {
- DEBUG_LOG("Command packet discarded to limit response rate");
- return;
+ if (!localhost && log_index >= 0 &&
+ CLG_LimitServiceRate(CLG_CMDMON, log_index) != CLG_PASS) {
+ DEBUG_LOG("Command packet discarded to limit response rate");
+ return;
}
expected_length = PKL_CommandLength(&rx_message);
NTP_Local_Timestamp local_tx, *tx_ts;
NTP_int64 ntp_rx, *local_ntp_rx;
int log_index, interleaved, poll, version;
+ CLG_Limit limit;
uint32_t kod;
/* Ignore the packet if it wasn't received by server socket */
log_index = CLG_LogServiceAccess(CLG_NTP, &remote_addr->ip_addr, &rx_ts->ts);
/* Don't reply to all requests if the rate is excessive */
- if (log_index >= 0 && CLG_LimitServiceRate(CLG_NTP, log_index)) {
+ limit = log_index >= 0 ? CLG_LimitServiceRate(CLG_NTP, log_index) : CLG_PASS;
+ if (limit == CLG_DROP) {
DEBUG_LOG("NTP packet discarded to limit response rate");
return;
}
SCH_GetLastEventTime(&now, NULL, NULL);
log_index = CLG_LogServiceAccess(CLG_NTSKE, &addr.ip_addr, &now);
- if (log_index >= 0 && CLG_LimitServiceRate(CLG_NTSKE, log_index)) {
+ if (log_index >= 0 && CLG_LimitServiceRate(CLG_NTSKE, log_index) != CLG_PASS) {
DEBUG_LOG("Rejected connection from %s (%s)",
UTI_IPSockAddrToString(&addr), "rate limit");
SCK_CloseSocket(sock_fd);
ts.tv_sec += 1;
index = CLG_LogServiceAccess(s, &ip, &ts);
TEST_CHECK(index >= 0);
- if (!CLG_LimitServiceRate(s, index))
+ if (CLG_LimitServiceRate(s, index) == CLG_PASS)
j++;
}
projects / thirdparty / chrony.git / commitdiff
