1077. [func] Do not accept further recursive clients when

the total number of of recursive lookups being processed exceeds max-recursive-clients, even if some of the lookups are internally generated. [RT #1915, #1938]
2001-10-29 19:02:48 +00:00
parent 7736b3327e
commit b352902413
4 changed files with 44 additions and 5 deletions
--- a/9
+++ b/9
@@ -1,3 +1,9 @@
+1077.	[func]		Do not accept further recursive clients when
+			the total number of of recursive lookups being 
+			processed exceeds max-recursive-clients, even
+			if some	of the lookups are internally generated.
+			[RT #1915, #1938]
+
 1076.	[bug]		A badly defined global key could trigger an assertion
 			on load/reload if views were used. [RT #1947]

@@ -19,8 +25,7 @@
 1070.	[bug]		Copy DNSSEC OK (DO) to response as specified by
 			draft-ietf-dnsext-dnssec-okbit-03.txt.

-1069.	[func]		Kill oldest recursive query when recursive query
-			quota is exhausted.
+1069.	[placeholder]

 1068.	[bug]		errno could be overwritten by catgets(). [RT #1921]

--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: query.c,v 1.209 2001/10/25 01:50:15 gson Exp $ */
+/* $Id: query.c,v 1.210 2001/10/29 19:02:48 gson Exp $ */

 #include <config.h>

@@ -2136,6 +2136,9 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain,
 			killoldest = ISC_TRUE;
 			result = ISC_R_SUCCESS;
 		}
+		if (dns_resolver_nrunning(client->view->resolver) >
+		    (unsigned int)ns_g_server->recursionquota.max)
+			result = ISC_R_QUOTA;
 		if (result == ISC_R_SUCCESS &&
 		    (client->attributes & NS_CLIENTATTR_TCP) == 0)
 			result = ns_client_replace(client);
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: resolver.h,v 1.34 2001/01/09 21:53:22 bwelling Exp $ */
+/* $Id: resolver.h,v 1.35 2001/10/29 19:02:46 gson Exp $ */

 #ifndef DNS_RESOLVER_H
 #define DNS_RESOLVER_H 1
@@ -349,6 +349,16 @@ dns_resolver_setlamettl(dns_resolver_t *resolver, isc_uint32_t lame_ttl);
 *	'resolver' to be valid.
 */

+unsigned int
+dns_resolver_nrunning(dns_resolver_t *resolver);
+/*
+ * Return the number of currently running resolutions in this
+ * resolver.  This is may be less than the number of outstanding
+ * fetches due to multiple identical fetches, or more than the
+ * number of of outstanding fetches due to the fact that resolution
+ * can continue even though a fetch has been canceled.
+ */
+
 ISC_LANG_ENDDECLS

 #endif /* DNS_RESOLVER_H */
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: resolver.c,v 1.226 2001/10/10 04:11:32 marka Exp $ */
+/* $Id: resolver.c,v 1.227 2001/10/29 19:02:45 gson Exp $ */

 #include <config.h>

@@ -261,6 +261,7 @@ struct dns_resolver {
 	unsigned int			activebuckets;
 	isc_boolean_t			priming;
 	dns_fetch_t *			primefetch;
+	unsigned int			nfctx;
 };

 #define RES_MAGIC			ISC_MAGIC('R', 'e', 's', '!')
@@ -1834,6 +1835,10 @@ fctx_destroy(fetchctx_t *fctx) {
 	dns_adb_detach(&fctx->adb);
 	isc_mem_put(res->mctx, fctx, sizeof *fctx);

+	LOCK(&res->lock);
+	res->nfctx--;
+	UNLOCK(&res->lock);
+
 	if (res->buckets[bucketnum].exiting &&
 	    ISC_LIST_EMPTY(res->buckets[bucketnum].fctxs))
 		return (ISC_TRUE);
@@ -2262,6 +2267,10 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,

 	ISC_LIST_APPEND(res->buckets[bucketnum].fctxs, fctx, link);

+	LOCK(&res->lock);
+	res->nfctx++;
+	UNLOCK(&res->lock);
+
 	*fctxp = fctx;

 	return (ISC_R_SUCCESS);
@@ -4534,6 +4543,8 @@ destroy(dns_resolver_t *res) {

 	RTRACE("destroy");

+	INSIST(res->nfctx == 0);
+
 	DESTROYLOCK(&res->lock);
 	for (i = 0; i < res->nbuckets; i++) {
 		INSIST(ISC_LIST_EMPTY(res->buckets[i].fctxs));
@@ -4663,6 +4674,7 @@ dns_resolver_create(dns_view_t *view,
 	ISC_LIST_INIT(res->whenshutdown);
 	res->priming = ISC_FALSE;
 	res->primefetch = NULL;
+	res->nfctx = 0;

 	result = isc_mutex_init(&res->lock);
 	if (result != ISC_R_SUCCESS)
@@ -5219,3 +5231,12 @@ dns_resolver_setlamettl(dns_resolver_t *resolver, isc_uint32_t lame_ttl) {
 	REQUIRE(VALID_RESOLVER(resolver));
 	resolver->lame_ttl = lame_ttl;
 }
+
+unsigned int
+dns_resolver_nrunning(dns_resolver_t *resolver) {
+	unsigned int n;
+	LOCK(&resolver->lock);
+	n = resolver->nfctx;
+	UNLOCK(&resolver->lock);
+	return (n);
+}