From 85192d456969676e87653354df196babc4e7e31e Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Fri, 10 Apr 2015 12:13:59 +0000 Subject: [PATCH] - unbound-control ratelimit_list lists high rate domains. git-svn-id: file:///svn/unbound/trunk@3393 be551aaa-1e26-0410-a405-d3ace91eadb9 --- daemon/remote.c | 51 ++++++++++++++++++++++++++++++++++++++ doc/Changelog | 1 + services/cache/infra.c | 4 +-- smallapp/unbound-control.c | 2 ++ 4 files changed, 56 insertions(+), 2 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index 7b09c03a0..0a5ff31c8 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -2267,6 +2267,54 @@ do_list_local_data(SSL* ssl, struct worker* worker) lock_rw_unlock(&zones->lock); } +/** struct for user arg ratelimit list */ +struct ratelimit_list_arg { + /** the infra cache */ + struct infra_cache* infra; + /** the SSL to print to */ + SSL* ssl; + /** all or only ratelimited */ + int all; + /** current time */ + time_t now; +}; + +/** list items in the ratelimit table */ +static void +rate_list(struct lruhash_entry* e, void* arg) +{ + struct ratelimit_list_arg* a = (struct ratelimit_list_arg*)arg; + struct rate_key* k = (struct rate_key*)e->key; + struct rate_data* d = (struct rate_data*)e->data; + char buf[257]; + int lim = infra_find_ratelimit(a->infra, k->name, k->namelen); + int max = infra_rate_max(d, a->now); + if(a->all == 0) { + if(max < lim) + return; + } + dname_str(k->name, buf); + ssl_printf(a->ssl, "%s %d limit %d\n", buf, max, lim); +} + +/** do the ratelimit_list command */ +static void +do_ratelimit_list(SSL* ssl, struct worker* worker, char* arg) +{ + struct ratelimit_list_arg a; + a.all = 0; + a.infra = worker->env.infra_cache; + a.now = *worker->env.now; + a.ssl = ssl; + arg = skipwhite(arg); + if(strcmp(arg, "+a") == 0) + a.all = 1; + if(a.infra->domain_rates==NULL || + (a.all == 0 && infra_dp_ratelimit == 0)) + return; + slabhash_traverse(a.infra->domain_rates, 0, rate_list, &a); +} + /** tell other processes to execute the command */ static void distribute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd) @@ -2336,6 +2384,9 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd, } else if(cmdcmp(p, "list_local_data", 15)) { do_list_local_data(ssl, worker); return; + } else if(cmdcmp(p, "ratelimit_list", 14)) { + do_ratelimit_list(ssl, worker, p+14); + return; } else if(cmdcmp(p, "stub_add", 8)) { /* must always distribute this cmd */ if(rc) distribute_cmd(rc, ssl, cmd); diff --git a/doc/Changelog b/doc/Changelog index fabf2cd8c..82182e513 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,4 +1,5 @@ 10 April 2015: Wouter + - unbound-control ratelimit_list lists high rate domains. - ratelimit feature, ratelimit: 100, or some sensible qps, can be used to turn it on. It ratelimits recursion effort per zone. For particular names you can configure exceptions in unbound.conf. diff --git a/services/cache/infra.c b/services/cache/infra.c index d80ea27e8..b54338197 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -704,7 +704,7 @@ infra_get_lame_rtt(struct infra_cache* infra, } /** find the ratelimit in qps for a domain */ -static int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, +int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, size_t namelen) { int labs = dname_count_labels(name); @@ -789,7 +789,7 @@ static int* infra_rate_find_second(void* data, time_t t) } /** find the maximum rate stored, not too old. 0 if no information. */ -static int infra_rate_max(void* data, time_t now) +int infra_rate_max(void* data, time_t now) { struct rate_data* d = (struct rate_data*)data; int i, max = 0; diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index 29530d4f6..d4b147d67 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -123,6 +123,8 @@ usage() printf(" forward [off | addr ...] without arg show forward setup\n"); printf(" or off to turn off root forwarding\n"); printf(" or give list of ip addresses\n"); + printf(" ratelimit_list [+a] list ratelimited domains\n"); + printf(" +a list all, also not ratelimited\n"); printf("Version %s\n", PACKAGE_VERSION); printf("BSD licensed, see LICENSE in source package for details.\n"); printf("Report bugs to %s\n", PACKAGE_BUGREPORT); -- 2.47.2