1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00

resolved: enforce ratelimit on LLMNR traffic

This commit is contained in:
Lennart Poettering 2014-08-05 16:34:45 +02:00
parent efb4bf4e41
commit aea2429d6e
3 changed files with 14 additions and 3 deletions

View File

@ -28,6 +28,9 @@
#include "resolved-dns-domain.h"
#include "resolved-dns-scope.h"
#define MULTICAST_RATELIMIT_INTERVAL_USEC (1*USEC_PER_SEC)
#define MULTICAST_RATELIMIT_BURST 1000
int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int family) {
DnsScope *s;
@ -49,6 +52,9 @@ int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int
log_debug("New scope on link %s, protocol %s, family %s", l ? l->name : "*", dns_protocol_to_string(protocol), family == AF_UNSPEC ? "*" : af_to_name(family));
/* Enforce ratelimiting for the multicast protocols */
RATELIMIT_INIT(s->ratelimit, MULTICAST_RATELIMIT_INTERVAL_USEC, MULTICAST_RATELIMIT_BURST);
*ret = s;
return 0;
}
@ -161,6 +167,9 @@ int dns_scope_send(DnsScope *s, DnsPacket *p) {
if (DNS_PACKET_QDCOUNT(p) > 1)
return -ENOTSUP;
if (!ratelimit_test(&s->ratelimit))
return -EBUSY;
family = s->family;
port = 5355;
@ -524,6 +533,9 @@ void dns_scope_process_query(DnsScope *s, DnsStream *stream, DnsPacket *p) {
if (stream)
r = dns_stream_write_packet(stream, reply);
else {
if (!ratelimit_test(&s->ratelimit))
return;
if (p->family == AF_INET)
fd = manager_llmnr_ipv4_udp_fd(s->manager);
else if (p->family == AF_INET6)

View File

@ -55,6 +55,8 @@ struct DnsScope {
DnsCache cache;
DnsZone zone;
RateLimit ratelimit;
LIST_HEAD(DnsTransaction, transactions);
LIST_FIELDS(DnsScope, scopes);

View File

@ -67,9 +67,6 @@ struct Link {
char name[IF_NAMESIZE];
uint32_t mtu;
RateLimit mdns_ratelimit;
RateLimit llmnr_ratelimit;
};
int link_new(Manager *m, Link **ret, int ifindex);