/*
* Copyright (C) 2013, 2015-2017 Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#ifndef DNS_RRL_H
/*
* Rate limit DNS responses.
*/
#include <dns/fixedname.h>
/*
* Memory allocation or other failures.
*/
/*
* dropped or slipped responses.
*/
/*
* Major events in dropping or slipping.
*/
/*
* Limit computations.
*/
/*
* Even less interesting.
*/
sizeof(" responses to ") + \
sizeof("/128 for IN ") + \
/*
* Response types.
*/
typedef enum {
DNS_RRL_RTYPE_FREE = 0,
/*
* A rate limit bucket key.
* This should be small to limit the total size of the database.
* The hash of the qname should be wide enough to make the probability
* of collisions among requests from a single IP address block less than 50%.
* We need a 32-bit hash value for 10000 qps (e.g. random qnames forged
* by attacker) to collide with legitimate qnames from the target with
* probability at most 1%.
*/
struct dns__rrl_key {
};
union dns_rrl_key {
struct dns__rrl_key s;
};
/*
* A rate-limit entry.
* This should be small to limit the total size of the table of entries.
*/
struct dns_rrl_entry {
};
#if DNS_RRL_MAX_WINDOW >= DNS_RRL_MAX_TS
#error "DNS_RRL_MAX_WINDOW is too large"
#endif
#error "DNS_RRL_MAX_rate is too large"
#endif
#endif
#error "DNS_RRL_MAX_LOG_SECS is too large"
#endif
#error "DNS_RRL_STOP_LOG_SECS is too large"
#endif
/*
* A hash table of rate-limit entries.
*/
struct dns_rrl_hash {
int length;
};
/*
* A block of rate-limit entries.
*/
struct dns_rrl_block {
int size;
};
/*
* A rate limited qname buffer.
*/
struct dns_rrl_qname_buf {
const dns_rrl_entry_t *e;
unsigned int index;
};
struct dns_rrl_rate {
int r;
int scaled;
const char *str;
};
/*
* Per-view query rate limit parameters and a pointer to database.
*/
struct dns_rrl {
int window;
double qps_scale;
int max_entries;
int num_entries;
int qps_responses;
double qps;
unsigned int probes;
unsigned int searches;
unsigned int hash_gen;
unsigned int ts_gen;
int ipv4_prefixlen;
int ipv6_prefixlen;
int num_logged;
int num_qnames;
};
typedef enum {
void
#endif /* DNS_RRL_H */