1/* rrl.h - Response Rate Limiting for NSD.
2 * By W.C.A. Wijngaards
3 * Copyright 2012, NLnet Labs.
4 * BSD, see LICENSE.
5 */
6#ifndef RRL_H
7#define RRL_H
8#include "query.h"
9
10/** the classification types for the rrl */
11enum rrl_type {
12	/* classification types */
13	rrl_type_nxdomain	= 0x01,
14	rrl_type_error		= 0x02,
15	rrl_type_referral	= 0x04,
16	rrl_type_any		= 0x08,
17	rrl_type_wildcard	= 0x10,
18	rrl_type_nodata		= 0x20,
19	rrl_type_dnskey		= 0x40,
20	rrl_type_positive	= 0x80,
21	rrl_type_rrsig		= 0x100,
22
23	/* all classification types */
24	rrl_type_all		= 0x1ff,
25	/* to distinguish between ip4 and ip6 netblocks, used in code */
26	rrl_ip6			= 0x8000
27};
28
29/** Number of buckets */
30#define RRL_BUCKETS 1000000
31/** default rrl limit, in 2x qps , the default is 200 qps */
32#define RRL_LIMIT 400
33/** default slip */
34#define RRL_SLIP 2
35/** default prefix lengths */
36#define RRL_IPV4_PREFIX_LENGTH 24
37#define RRL_IPV6_PREFIX_LENGTH 64
38/** default whitelist rrl limit, in 2x qps, default is thus 2000 qps */
39#define RRL_WLIST_LIMIT 4000
40
41/**
42 * Initialize for n children (optional, otherwise no mmaps used)
43 * ratelimits lm and wlm are in qps (this routines x2s them for internal use).
44 * plf and pls are in prefix lengths.
45 */
46void rrl_mmap_init(int numch, size_t numbuck, size_t lm, size_t wlm, size_t sm,
47	size_t plf, size_t pls);
48
49/**
50 * Initialize rate limiting (for this child server process)
51 */
52void rrl_init(size_t ch);
53
54/** deinit (for this child server process) */
55void rrl_deinit(size_t ch);
56
57/** deinit mmaps for n children */
58void rrl_mmap_deinit(void);
59/** frees memory but keeps mmap in place (for other processes) */
60void rrl_mmap_deinit_keep_mmap(void);
61
62/**
63 * Process query that happens, the query structure contains the
64 * information about the query and the answer.
65 * returns true if the query is ratelimited.
66 */
67int rrl_process_query(query_type* query);
68
69/**
70 * Deny the query, with slip.
71 * Returns DISCARD or PROCESSED(with TC flag).
72 */
73query_state_type rrl_slip(query_type* query);
74
75/** convert classification type to string */
76const char* rrltype2str(enum rrl_type c);
77/** convert string to classification type */
78enum rrl_type rrlstr2type(const char* s);
79
80/** for unit test, update rrl bucket; return rate */
81uint32_t rrl_update(query_type* query, uint32_t hash, uint64_t source,
82	uint16_t flags, int32_t now, uint32_t lm);
83/** set the rate limit counters, pass variables in qps */
84void rrl_set_limit(size_t lm, size_t wlm, size_t sm);
85
86#endif /* RRL_H */
87