From b352902413608d0eb310c4bb45412fa45734afbc Mon Sep 17 00:00:00 2001
From: Andreas Gustafsson <source@isc.org>
Date: Mon, 29 Oct 2001 19:02:48 +0000
Subject: [PATCH] 1077.   [func]          Do not accept further recursive
 clients when                         the total number of of recursive lookups
 being                         processed exceeds max-recursive-clients, even  
                       if some of the lookups are internally generated.       
                  [RT #1915, #1938]

---
 CHANGES                        |  9 +++++++--
 bin/named/query.c              |  5 ++++-
 lib/dns/include/dns/resolver.h | 12 +++++++++++-
 lib/dns/resolver.c             | 23 ++++++++++++++++++++++-
 4 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 08cab9657f..5098839168 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+1077.	[func]		Do not accept further recursive clients when
+			the total number of of recursive lookups being 
+			processed exceeds max-recursive-clients, even
+			if some	of the lookups are internally generated.
+			[RT #1915, #1938]
+
 1076.	[bug]		A badly defined global key could trigger an assertion
 			on load/reload if views were used. [RT #1947]
 
@@ -19,8 +25,7 @@
 1070.	[bug]		Copy DNSSEC OK (DO) to response as specified by
 			draft-ietf-dnsext-dnssec-okbit-03.txt.
 
-1069.	[func]		Kill oldest recursive query when recursive query
-			quota is exhausted.
+1069.	[placeholder]
 
 1068.	[bug]		errno could be overwritten by catgets(). [RT #1921]
 
diff --git a/bin/named/query.c b/bin/named/query.c
index b5b0c4a812..42504dfa80 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.209 2001/10/25 01:50:15 gson Exp $ */
+/* $Id: query.c,v 1.210 2001/10/29 19:02:48 gson Exp $ */
 
 #include <config.h>
 
@@ -2136,6 +2136,9 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain,
 			killoldest = ISC_TRUE;
 			result = ISC_R_SUCCESS;
 		}
+		if (dns_resolver_nrunning(client->view->resolver) >
+		    (unsigned int)ns_g_server->recursionquota.max)
+			result = ISC_R_QUOTA;
 		if (result == ISC_R_SUCCESS &&
 		    (client->attributes & NS_CLIENTATTR_TCP) == 0)
 			result = ns_client_replace(client);
diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
index e3c97b0785..13483bcc7c 100644
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.h,v 1.34 2001/01/09 21:53:22 bwelling Exp $ */
+/* $Id: resolver.h,v 1.35 2001/10/29 19:02:46 gson Exp $ */
 
 #ifndef DNS_RESOLVER_H
 #define DNS_RESOLVER_H 1
@@ -349,6 +349,16 @@ dns_resolver_setlamettl(dns_resolver_t *resolver, isc_uint32_t lame_ttl);
  *	'resolver' to be valid.
  */
 
+unsigned int
+dns_resolver_nrunning(dns_resolver_t *resolver);
+/*
+ * Return the number of currently running resolutions in this
+ * resolver.  This is may be less than the number of outstanding
+ * fetches due to multiple identical fetches, or more than the
+ * number of of outstanding fetches due to the fact that resolution
+ * can continue even though a fetch has been canceled.
+ */
+
 ISC_LANG_ENDDECLS
 
 #endif /* DNS_RESOLVER_H */
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 0f8dc05f05..50aaa629ea 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.226 2001/10/10 04:11:32 marka Exp $ */
+/* $Id: resolver.c,v 1.227 2001/10/29 19:02:45 gson Exp $ */
 
 #include <config.h>
 
@@ -261,6 +261,7 @@ struct dns_resolver {
 	unsigned int			activebuckets;
 	isc_boolean_t			priming;
 	dns_fetch_t *			primefetch;
+	unsigned int			nfctx;
 };
 
 #define RES_MAGIC			ISC_MAGIC('R', 'e', 's', '!')
@@ -1834,6 +1835,10 @@ fctx_destroy(fetchctx_t *fctx) {
 	dns_adb_detach(&fctx->adb);
 	isc_mem_put(res->mctx, fctx, sizeof *fctx);
 
+	LOCK(&res->lock);
+	res->nfctx--;
+	UNLOCK(&res->lock);
+
 	if (res->buckets[bucketnum].exiting &&
 	    ISC_LIST_EMPTY(res->buckets[bucketnum].fctxs))
 		return (ISC_TRUE);
@@ -2262,6 +2267,10 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
 
 	ISC_LIST_APPEND(res->buckets[bucketnum].fctxs, fctx, link);
 
+	LOCK(&res->lock);
+	res->nfctx++;
+	UNLOCK(&res->lock);
+
 	*fctxp = fctx;
 
 	return (ISC_R_SUCCESS);
@@ -4534,6 +4543,8 @@ destroy(dns_resolver_t *res) {
 
 	RTRACE("destroy");
 
+	INSIST(res->nfctx == 0);
+
 	DESTROYLOCK(&res->lock);
 	for (i = 0; i < res->nbuckets; i++) {
 		INSIST(ISC_LIST_EMPTY(res->buckets[i].fctxs));
@@ -4663,6 +4674,7 @@ dns_resolver_create(dns_view_t *view,
 	ISC_LIST_INIT(res->whenshutdown);
 	res->priming = ISC_FALSE;
 	res->primefetch = NULL;
+	res->nfctx = 0;
 
 	result = isc_mutex_init(&res->lock);
 	if (result != ISC_R_SUCCESS)
@@ -5219,3 +5231,12 @@ dns_resolver_setlamettl(dns_resolver_t *resolver, isc_uint32_t lame_ttl) {
 	REQUIRE(VALID_RESOLVER(resolver));
 	resolver->lame_ttl = lame_ttl;
 }
+
+unsigned int
+dns_resolver_nrunning(dns_resolver_t *resolver) {
+	unsigned int n;
+	LOCK(&resolver->lock);
+	n = resolver->nfctx;
+	UNLOCK(&resolver->lock);
+	return (n);
+}