chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: efb4bf4)
resolved: enforce ratelimit on LLMNR traffic
authorLennart Poettering <lennart@poettering.net>
Tue, 5 Aug 2014 14:34:45 +0000 (16:34 +0200)
committerLennart Poettering <lennart@poettering.net>
Tue, 5 Aug 2014 15:02:46 +0000 (17:02 +0200)
src/resolve/resolved-dns-scope.c patch | blob | history
src/resolve/resolved-dns-scope.h patch | blob | history
src/resolve/resolved-link.h patch | blob | history

diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index f1de9bc2eb65ca1fada7d19afb714a01020a8f37..8d16101dc7042bd84ff9ecce84b6ec179d8aff59 100644 (file)
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -28,6 +28,9 @@
 #include "resolved-dns-domain.h"
 #include "resolved-dns-scope.h"
 
+#define MULTICAST_RATELIMIT_INTERVAL_USEC (1*USEC_PER_SEC)
+#define MULTICAST_RATELIMIT_BURST 1000
+
 int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int family) {
         DnsScope *s;
 
@@ -49,6 +52,9 @@ int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int
 
         log_debug("New scope on link %s, protocol %s, family %s", l ? l->name : "*", dns_protocol_to_string(protocol), family == AF_UNSPEC ? "*" : af_to_name(family));
 
+        /* Enforce ratelimiting for the multicast protocols */
+        RATELIMIT_INIT(s->ratelimit, MULTICAST_RATELIMIT_INTERVAL_USEC, MULTICAST_RATELIMIT_BURST);
+
         *ret = s;
         return 0;
 }
@@ -161,6 +167,9 @@ int dns_scope_send(DnsScope *s, DnsPacket *p) {
                 if (DNS_PACKET_QDCOUNT(p) > 1)
                         return -ENOTSUP;
 
+                if (!ratelimit_test(&s->ratelimit))
+                        return -EBUSY;
+
                 family = s->family;
                 port = 5355;
 
@@ -524,6 +533,9 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) {
         if (stream)
                 r = dns_stream_write_packet(stream, reply);
         else {
+                if (!ratelimit_test(&s->ratelimit))
+                        return;
+
                 if (p->family == AF_INET)
                         fd = manager_llmnr_ipv4_udp_fd(s->manager);
                 else if (p->family == AF_INET6)
diff --git a/src/resolve/resolved-dns-scope.h b/src/resolve/resolved-dns-scope.h
index 7c18bff2b73214e949d92e3f397c1e7af1ef5bba..ae9469a39f24d46073f28834484eff9d2191a099 100644 (file)
--- a/src/resolve/resolved-dns-scope.h
+++ b/src/resolve/resolved-dns-scope.h
@@ -55,6 +55,8 @@ struct DnsScope {
         DnsCache cache;
         DnsZone zone;
 
+        RateLimit ratelimit;
+
         LIST_HEAD(DnsTransaction, transactions);
 
         LIST_FIELDS(DnsScope, scopes);
diff --git a/src/resolve/resolved-link.h b/src/resolve/resolved-link.h
index af9a8ab365f6ea96e8361b58e625f45a07a2d6af..4f0702e872b7ca318a66b68dd6ebb49dc7990449 100644 (file)
--- a/src/resolve/resolved-link.h
+++ b/src/resolve/resolved-link.h
@@ -67,9 +67,6 @@ struct Link {
 
         char name[IF_NAMESIZE];
         uint32_t mtu;
-
-        RateLimit mdns_ratelimit;
-        RateLimit llmnr_ratelimit;
 };
 
 int link_new(Manager *m, Link **ret, int ifindex);
Unnamed repository; edit this file 'description' to name the repository.