knot_pkt_t *worker_resolve_mk_pkt(const char *, uint16_t, uint16_t, const struct kr_qflags *);
struct qr_task *worker_resolve_start(knot_pkt_t *, struct kr_qflags);
int zi_zone_import(const zi_config_t);
+_Bool kr_rrl_request_begin(struct kr_request *);
struct engine {
char _stub[];
};
knot_pkt_t *worker_resolve_mk_pkt(const char *, uint16_t, uint16_t, const struct kr_qflags *);
struct qr_task *worker_resolve_start(knot_pkt_t *, struct kr_qflags);
int zi_zone_import(const zi_config_t);
+_Bool kr_rrl_request_begin(struct kr_request *);
struct engine {
char _stub[];
};
knot_pkt_t *worker_resolve_mk_pkt(const char *, uint16_t, uint16_t, const struct kr_qflags *);
struct qr_task *worker_resolve_start(knot_pkt_t *, struct kr_qflags);
int zi_zone_import(const zi_config_t);
+_Bool kr_rrl_request_begin(struct kr_request *);
struct engine {
char _stub[];
};
worker_resolve_mk_pkt
worker_resolve_start
zi_zone_import
+ kr_rrl_request_begin
EOF
echo "struct engine" | ${CDEFS} ${KRESD} types | sed '/module_array_t/,$ d'
--- /dev/null
+#include "daemon/rrl/api.h"
+#include "daemon/rrl/kru.h"
+#include "lib/resolve.h"
+
+struct kru *the_rrl_kru = NULL;
+
+// FIXME: add C API that takes configuration parameters and initializes the KRU;
+// it will then get called from the generated Lua config file.
+
+bool kr_rrl_request_begin(struct kr_request *req)
+{
+ if (!req->qsource.addr)
+ return false; // don't consider internal requests
+ const bool limited = true;
+ if (!limited && the_rrl_kru) {
+ // FIXME: process limiting via KRU.limited*
+ }
+ if (!limited) return limited;
+
+ knot_pkt_t *answer = kr_request_ensure_answer(req);
+ if (!answer) { // something bad; TODO: perhaps improve recovery from this
+ kr_assert(false);
+ return limited;
+ }
+ // at this point the packet should be pretty clear
+
+ // Example limiting: REFUSED.
+ knot_wire_set_rcode(answer->wire, KNOT_RCODE_REFUSED);
+ kr_request_set_extended_error(req, KNOT_EDNS_EDE_OTHER, "YRAA: rate-limited");
+
+ req->state = KR_STATE_DONE;
+
+ return limited;
+}
--- /dev/null
+
+#include <stdbool.h>
+#include <lib/defines.h>
+struct kr_request;
+
+/** Do rate-limiting, during knot_layer_api::begin. */
+KR_EXPORT
+bool kr_rrl_request_begin(struct kr_request *req);
# rate limiting code
kresd_src += files([
+ 'api.c',
'kru-generic.c',
'kru-avx2.c',
'../../contrib/openbsd/siphash.c',
if ffi.C.kr_view_select_action(req, view_action_buf) == 0 then
local act_str = ffi.string(view_action_buf[0].data, view_action_buf[0].len)
- return loadstring('return '..act_str)()(state, req)
+ loadstring('return ' .. act_str)()(state, req)
end
+ if ffi.C.kr_rrl_request_begin(req) then return end
+
local qry = req:initial() -- same as :current() but more descriptive
return policy.evaluate(policy.rules, req, qry, state)
or state
projects / thirdparty / knot-resolver.git / commitdiff
