12c1ae072Ssthen /* rrl.h - Response Rate Limiting for NSD. 22c1ae072Ssthen * By W.C.A. Wijngaards 32c1ae072Ssthen * Copyright 2012, NLnet Labs. 42c1ae072Ssthen * BSD, see LICENSE. 52c1ae072Ssthen */ 62c1ae072Ssthen #ifndef RRL_H 72c1ae072Ssthen #define RRL_H 82c1ae072Ssthen #include "query.h" 92c1ae072Ssthen 102c1ae072Ssthen /** the classification types for the rrl */ 112c1ae072Ssthen enum rrl_type { 122c1ae072Ssthen /* classification types */ 132c1ae072Ssthen rrl_type_nxdomain = 0x01, 142c1ae072Ssthen rrl_type_error = 0x02, 152c1ae072Ssthen rrl_type_referral = 0x04, 162c1ae072Ssthen rrl_type_any = 0x08, 172c1ae072Ssthen rrl_type_wildcard = 0x10, 182c1ae072Ssthen rrl_type_nodata = 0x20, 192c1ae072Ssthen rrl_type_dnskey = 0x40, 202c1ae072Ssthen rrl_type_positive = 0x80, 212c1ae072Ssthen rrl_type_rrsig = 0x100, 222c1ae072Ssthen 232c1ae072Ssthen /* all classification types */ 242c1ae072Ssthen rrl_type_all = 0x1ff, 252c1ae072Ssthen /* to distinguish between ip4 and ip6 netblocks, used in code */ 262c1ae072Ssthen rrl_ip6 = 0x8000 272c1ae072Ssthen }; 282c1ae072Ssthen 292c1ae072Ssthen /** Number of buckets */ 302c1ae072Ssthen #define RRL_BUCKETS 1000000 312c1ae072Ssthen /** default rrl limit, in 2x qps , the default is 200 qps */ 322c1ae072Ssthen #define RRL_LIMIT 400 3312455795Ssthen /** default slip */ 3412455795Ssthen #define RRL_SLIP 2 3512455795Ssthen /** default prefix lengths */ 3612455795Ssthen #define RRL_IPV4_PREFIX_LENGTH 24 3712455795Ssthen #define RRL_IPV6_PREFIX_LENGTH 64 382c1ae072Ssthen /** default whitelist rrl limit, in 2x qps, default is thus 2000 qps */ 392c1ae072Ssthen #define RRL_WLIST_LIMIT 4000 402c1ae072Ssthen 412c1ae072Ssthen /** 422c1ae072Ssthen * Initialize for n children (optional, otherwise no mmaps used) 432c1ae072Ssthen * ratelimits lm and wlm are in qps (this routines x2s them for internal use). 4412455795Ssthen * plf and pls are in prefix lengths. 452c1ae072Ssthen */ 4612455795Ssthen void rrl_mmap_init(int numch, size_t numbuck, size_t lm, size_t wlm, size_t sm, 4712455795Ssthen size_t plf, size_t pls); 482c1ae072Ssthen 492c1ae072Ssthen /** 502c1ae072Ssthen * Initialize rate limiting (for this child server process) 512c1ae072Ssthen */ 522c1ae072Ssthen void rrl_init(size_t ch); 532c1ae072Ssthen 54*bc6311d7Sflorian /** deinit (for this child server process) */ 55b90bb40eSsthen void rrl_deinit(size_t ch); 56b90bb40eSsthen 57b90bb40eSsthen /** deinit mmaps for n children */ 58b90bb40eSsthen void rrl_mmap_deinit(void); 59b90bb40eSsthen /** frees memory but keeps mmap in place (for other processes) */ 60b90bb40eSsthen void rrl_mmap_deinit_keep_mmap(void); 61b90bb40eSsthen 622c1ae072Ssthen /** 632c1ae072Ssthen * Process query that happens, the query structure contains the 642c1ae072Ssthen * information about the query and the answer. 652c1ae072Ssthen * returns true if the query is ratelimited. 662c1ae072Ssthen */ 672c1ae072Ssthen int rrl_process_query(query_type* query); 682c1ae072Ssthen 692c1ae072Ssthen /** 702c1ae072Ssthen * Deny the query, with slip. 712c1ae072Ssthen * Returns DISCARD or PROCESSED(with TC flag). 722c1ae072Ssthen */ 732c1ae072Ssthen query_state_type rrl_slip(query_type* query); 742c1ae072Ssthen 752c1ae072Ssthen /** convert classification type to string */ 762c1ae072Ssthen const char* rrltype2str(enum rrl_type c); 772c1ae072Ssthen /** convert string to classification type */ 782c1ae072Ssthen enum rrl_type rrlstr2type(const char* s); 792c1ae072Ssthen 802c1ae072Ssthen /** for unit test, update rrl bucket; return rate */ 812c1ae072Ssthen uint32_t rrl_update(query_type* query, uint32_t hash, uint64_t source, 822c1ae072Ssthen uint16_t flags, int32_t now, uint32_t lm); 83d3fecca9Ssthen /** set the rate limit counters, pass variables in qps */ 84d3fecca9Ssthen void rrl_set_limit(size_t lm, size_t wlm, size_t sm); 852c1ae072Ssthen 862c1ae072Ssthen #endif /* RRL_H */ 87