Commit Diff
Diff:
df7b3e7ec2269218f81a92cfbee08be708965636
437140e30abc8e0567763b34594c87b70cbefe50
Commit:
437140e30abc8e0567763b34594c87b70cbefe50
Tree:
fdfd51f3bd790fe3c74886bfcc36dcc9486c58a8
Author:
pbug <pbug@delphinusdns.org>
Committer:
pbug <pbug@delphinusdns.org>
Date:
Sat Sep 25 19:57:56 2010 UTC
Message:
* add a packetcount to struct recurses, this should in theory prevent a flood of requests if there is a bug in the code. The server will abort() when 50 packets have gone out. This should save me from always having a packet dump next to me looking over this baby. compiles on OpenBSD.
blob - 363c5b86019196fc4feebc99dbb3802d2c791df2
blob + e7d4697ebcd3a3509658c87f3098c52cd7eede77
--- db.h
+++ db.h
@@ -138,6 +138,7 @@ struct recurses {
int isfake; /* received or faked */
int launched; /* is launched */
int replied; /* we replied to this question */
+ int packetcount; /* packet count of requests */
int af; /* address family */
int proto; /* protocol UDP/TCP */
struct sockaddr_storage source; /* source + port */
blob - 4a7cebf061fdf96d3390ee3d9030016803db94e7
blob + b72280a4d5997d560692cc190a7f0f620203191f
--- recurse.c
+++ recurse.c
@@ -71,7 +71,7 @@ struct recurseentry {
} *rn1, *rn2, *rnp;
-static const char rcsid[] = "$Id: recurse.c,v 1.20 2010/09/25 19:31:55 pbug Exp $";
+static const char rcsid[] = "$Id: recurse.c,v 1.21 2010/09/25 19:57:56 pbug Exp $";
/*
* INIT_RECURSE - initialize the recurse singly linked list
@@ -295,6 +295,7 @@ recurseloop(int sp, int *raw, DB *db)
sr->callback = NULL;
sr->hascallback = 0;
sr->isfake = 0;
+ sr->packetcount = 0;
memcpy(&sr->source, &rh.source, sizeof(struct sockaddr_storage));
memcpy(&sr->dest, &rh.dest, sizeof(struct sockaddr_storage));
sr->received = time(NULL);
@@ -402,9 +403,16 @@ recurseloop(int sp, int *raw, DB *db)
sr1->authoritative = 0;
recurse_parse(db, sr1, (u_char*)&buf, len);
+ /* check if we're flooding anything */
+ if (sr1->packetcount > 50) {
+ syslog(LOG_ERR, "packetcount is over 50, I think I'm flooding something, abort()");
+ abort();
+ }
+
type = lookup_zone(db, sr1->question, &sd, &lzerrno, (char *)fakereplystring, wildcard);
if (type < 0) {
syslog(LOG_DEBUG, "lookup_zone failed, doing netlookup");
+
if (sr1->authoritative == DNS_TYPE_NS &&
netlookup(db, sr1) < 0) {
syslog(LOG_DEBUG, "subsequent netlookup failed");
@@ -1447,6 +1455,7 @@ netlookup(DB *db, struct recurses *sr)
}
sr->sent_last_query = time(NULL);
+ sr->packetcount++;
return (0);
@@ -1497,6 +1506,7 @@ fakerecurse(DB *db, struct recurses *sr, struct ns *ns
fakesr->isfake = 1;
fakesr->launched = 0;
fakesr->received = time(NULL);
+ fakesr->packetcount = 0;
fakesr->question = build_fake_question(ns->nsserver, ns->nslen, htons(DNS_TYPE_A));
if (fakesr->question == NULL) {
repomaster@centroid.eu