1338566Sdes/* 2338566Sdes * daemon/tcp_conn_limit.h - client TCP connection limit storage for the server. 3338566Sdes * 4338566Sdes * Copyright (c) 2018, NLnet Labs. All rights reserved. 5338566Sdes * 6338566Sdes * This software is open source. 7338566Sdes * 8338566Sdes * Redistribution and use in source and binary forms, with or without 9338566Sdes * modification, are permitted provided that the following conditions 10338566Sdes * are met: 11338566Sdes * 12338566Sdes * Redistributions of source code must retain the above copyright notice, 13338566Sdes * this list of conditions and the following disclaimer. 14338566Sdes * 15338566Sdes * Redistributions in binary form must reproduce the above copyright notice, 16338566Sdes * this list of conditions and the following disclaimer in the documentation 17338566Sdes * and/or other materials provided with the distribution. 18338566Sdes * 19338566Sdes * Neither the name of the NLNET LABS nor the names of its contributors may 20338566Sdes * be used to endorse or promote products derived from this software without 21338566Sdes * specific prior written permission. 22338566Sdes * 23338566Sdes * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24338566Sdes * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25338566Sdes * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26338566Sdes * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27338566Sdes * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28338566Sdes * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29338566Sdes * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30338566Sdes * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31338566Sdes * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32338566Sdes * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33338566Sdes * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34338566Sdes */ 35338566Sdes 36338566Sdes/** 37338566Sdes * \file 38338566Sdes * 39338566Sdes * This file keeps track of the limit on the number of TCP connections 40338566Sdes * each client makes the server. 41338566Sdes */ 42338566Sdes 43338566Sdes#ifndef DAEMON_TCP_CONN_LIMIT_H 44338566Sdes#define DAEMON_TCP_CONN_LIMIT_H 45338566Sdes#include "util/storage/dnstree.h" 46338566Sdes#include "util/locks.h" 47338566Sdesstruct config_file; 48338566Sdesstruct regional; 49338566Sdes 50338566Sdes/** 51338566Sdes * TCP connection limit storage structure 52338566Sdes */ 53338566Sdesstruct tcl_list { 54338566Sdes /** regional for allocation */ 55338566Sdes struct regional* region; 56338566Sdes /** 57338566Sdes * Tree of the addresses that are TCP connection limited. 58338566Sdes * contents of type tcl_addr. 59338566Sdes */ 60338566Sdes rbtree_type tree; 61338566Sdes}; 62338566Sdes 63338566Sdes/** 64338566Sdes * 65338566Sdes * An address span with connection limit information 66338566Sdes */ 67338566Sdesstruct tcl_addr { 68338566Sdes /** node in address tree */ 69338566Sdes struct addr_tree_node node; 70338566Sdes /** lock on structure data */ 71338566Sdes lock_quick_type lock; 72338566Sdes /** connection limit on this netblock */ 73338566Sdes uint32_t limit; 74338566Sdes /** current connection count on this netblock */ 75338566Sdes uint32_t count; 76338566Sdes}; 77338566Sdes 78338566Sdes/** 79338566Sdes * Create TCP connection limit structure 80338566Sdes * @return new structure or NULL on error. 81338566Sdes */ 82338566Sdesstruct tcl_list* tcl_list_create(void); 83338566Sdes 84338566Sdes/** 85338566Sdes * Delete TCP connection limit structure. 86338566Sdes * @param tcl: to delete. 87338566Sdes */ 88338566Sdesvoid tcl_list_delete(struct tcl_list* tcl); 89338566Sdes 90338566Sdes/** 91338566Sdes * Process TCP connection limit config. 92338566Sdes * @param tcl: where to store. 93338566Sdes * @param cfg: config options. 94338566Sdes * @return 0 on error. 95338566Sdes */ 96338566Sdesint tcl_list_apply_cfg(struct tcl_list* tcl, struct config_file* cfg); 97338566Sdes 98338566Sdes/** 99338566Sdes * Increment TCP connection count if found, provided the 100338566Sdes * count was below the limit. 101338566Sdes * @param tcl: structure for tcl storage, or NULL. 102338566Sdes * @return: 0 if limit reached, 1 if tcl was NULL or limit not reached. 103338566Sdes */ 104338566Sdesint tcl_new_connection(struct tcl_addr* tcl); 105338566Sdes 106338566Sdes/** 107338566Sdes * Decrement TCP connection count if found. 108338566Sdes * @param tcl: structure for tcl storage, or NULL. 109338566Sdes */ 110338566Sdesvoid tcl_close_connection(struct tcl_addr* tcl); 111338566Sdes 112338566Sdes/** 113338566Sdes * Lookup address to see its TCP connection limit structure 114338566Sdes * @param tcl: structure for address storage. 115338566Sdes * @param addr: address to check 116338566Sdes * @param addrlen: length of addr. 117338566Sdes * @return: tcl structure from this address. 118338566Sdes */ 119338566Sdesstruct tcl_addr* 120338566Sdestcl_addr_lookup(struct tcl_list* tcl, struct sockaddr_storage* addr, 121338566Sdes socklen_t addrlen); 122338566Sdes 123338566Sdes/** 124338566Sdes * Get memory used by TCP connection limit structure. 125338566Sdes * @param tcl: structure for address storage. 126338566Sdes * @return bytes in use. 127338566Sdes */ 128338566Sdessize_t tcl_list_get_mem(struct tcl_list* tcl); 129338566Sdes 130338566Sdes#endif /* DAEMON_TCP_CONN_LIMIT_H */ 131