xref: /netbsd/external/bsd/nsd/dist/rrl.h (revision 66a1527d) 
1 /* rrl.h - Response Rate Limiting for NSD.
2  * By W.C.A. Wijngaards
3  * Copyright 2012, NLnet Labs.
4  * BSD, see LICENSE.
5  */
6 #ifndef RRL_H
7 #define RRL_H
8 #include "query.h"
9 
10 /** the classification types for the rrl */
11 enum rrl_type {
12 	/* classification types */
13 	rrl_type_nxdomain	= 0x01,
14 	rrl_type_error		= 0x02,
15 	rrl_type_referral	= 0x04,
16 	rrl_type_any		= 0x08,
17 	rrl_type_wildcard	= 0x10,
18 	rrl_type_nodata		= 0x20,
19 	rrl_type_dnskey		= 0x40,
20 	rrl_type_positive	= 0x80,
21 	rrl_type_rrsig		= 0x100,
22 
23 	/* all classification types */
24 	rrl_type_all		= 0x1ff,
25 	/* to distinguish between ip4 and ip6 netblocks, used in code */
26 	rrl_ip6			= 0x8000
27 };
28 
29 /** Number of buckets */
30 #define RRL_BUCKETS 1000000
31 /** default rrl limit, in 2x qps , the default is 200 qps */
32 #define RRL_LIMIT 400
33 /** default slip */
34 #define RRL_SLIP 2
35 /** default prefix lengths */
36 #define RRL_IPV4_PREFIX_LENGTH 24
37 #define RRL_IPV6_PREFIX_LENGTH 64
38 /** default whitelist rrl limit, in 2x qps, default is thus 2000 qps */
39 #define RRL_WLIST_LIMIT 4000
40 
41 /**
42  * Initialize for n children (optional, otherwise no mmaps used)
43  * ratelimits lm and wlm are in qps (this routines x2s them for internal use).
44  * plf and pls are in prefix lengths.
45  */
46 void rrl_mmap_init(int numch, size_t numbuck, size_t lm, size_t wlm, size_t sm,
47 	size_t plf, size_t pls);
48 
49 /**
50  * Initialize rate limiting (for this child server process)
51  */
52 void rrl_init(size_t ch);
53 
54 /** deinit (for this child server process) */
55 void rrl_deinit(size_t ch);
56 
57 /** deinit mmaps for n children */
58 void rrl_mmap_deinit(void);
59 /** frees memory but keeps mmap in place (for other processes) */
60 void rrl_mmap_deinit_keep_mmap(void);
61 
62 /**
63  * Process query that happens, the query structure contains the
64  * information about the query and the answer.
65  * returns true if the query is ratelimited.
66  */
67 int rrl_process_query(query_type* query);
68 
69 /**
70  * Deny the query, with slip.
71  * Returns DISCARD or PROCESSED(with TC flag).
72  */
73 query_state_type rrl_slip(query_type* query);
74 
75 /** convert classification type to string */
76 const char* rrltype2str(enum rrl_type c);
77 /** convert string to classification type */
78 enum rrl_type rrlstr2type(const char* s);
79 
80 /** for unit test, update rrl bucket; return rate */
81 uint32_t rrl_update(query_type* query, uint32_t hash, uint64_t source,
82 	uint16_t flags, int32_t now, uint32_t lm);
83 /** set the rate limit counters, pass variables in qps */
84 void rrl_set_limit(size_t lm, size_t wlm, size_t sm);
85 
86 #endif /* RRL_H */
87