summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-08-05 16:34:45 +0200
committerLennart Poettering <lennart@poettering.net>2014-08-05 17:02:46 +0200
commitaea2429d6ec32261dbf6b9caa125fcc6ea9ea76a (patch)
treeb91706efae618d95d3a8dacef8e1481420739ce9 /src
parentefb4bf4e419e14a13eead6289ea40165579a816f (diff)
resolved: enforce ratelimit on LLMNR traffic
Diffstat (limited to 'src')
-rw-r--r--src/resolve/resolved-dns-scope.c12
-rw-r--r--src/resolve/resolved-dns-scope.h2
-rw-r--r--src/resolve/resolved-link.h3
3 files changed, 14 insertions, 3 deletions
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index f1de9bc2eb..8d16101dc7 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -28,6 +28,9 @@
#include "resolved-dns-domain.h"
#include "resolved-dns-scope.h"
+#define MULTICAST_RATELIMIT_INTERVAL_USEC (1*USEC_PER_SEC)
+#define MULTICAST_RATELIMIT_BURST 1000
+
int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int family) {
DnsScope *s;
@@ -49,6 +52,9 @@ int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int
log_debug("New scope on link %s, protocol %s, family %s", l ? l->name : "*", dns_protocol_to_string(protocol), family == AF_UNSPEC ? "*" : af_to_name(family));
+ /* Enforce ratelimiting for the multicast protocols */
+ RATELIMIT_INIT(s->ratelimit, MULTICAST_RATELIMIT_INTERVAL_USEC, MULTICAST_RATELIMIT_BURST);
+
*ret = s;
return 0;
}
@@ -161,6 +167,9 @@ int dns_scope_send(DnsScope *s, DnsPacket *p) {
if (DNS_PACKET_QDCOUNT(p) > 1)
return -ENOTSUP;
+ if (!ratelimit_test(&s->ratelimit))
+ return -EBUSY;
+
family = s->family;
port = 5355;
@@ -524,6 +533,9 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) {
if (stream)
r = dns_stream_write_packet(stream, reply);
else {
+ if (!ratelimit_test(&s->ratelimit))
+ return;
+
if (p->family == AF_INET)
fd = manager_llmnr_ipv4_udp_fd(s->manager);
else if (p->family == AF_INET6)
diff --git a/src/resolve/resolved-dns-scope.h b/src/resolve/resolved-dns-scope.h
index 7c18bff2b7..ae9469a39f 100644
--- a/src/resolve/resolved-dns-scope.h
+++ b/src/resolve/resolved-dns-scope.h
@@ -55,6 +55,8 @@ struct DnsScope {
DnsCache cache;
DnsZone zone;
+ RateLimit ratelimit;
+
LIST_HEAD(DnsTransaction, transactions);
LIST_FIELDS(DnsScope, scopes);
diff --git a/src/resolve/resolved-link.h b/src/resolve/resolved-link.h
index af9a8ab365..4f0702e872 100644
--- a/src/resolve/resolved-link.h
+++ b/src/resolve/resolved-link.h
@@ -67,9 +67,6 @@ struct Link {
char name[IF_NAMESIZE];
uint32_t mtu;
-
- RateLimit mdns_ratelimit;
- RateLimit llmnr_ratelimit;
};
int link_new(Manager *m, Link **ret, int ifindex);