Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle resource exhaustion of struct frec_src same as struct frec.

Browse Source 
Ie, by returning REFUSED response and (rate-limited) logging.
This commit is contained in:
Simon Kelley
2021-04-06 23:52:09 +01:00
parent 64a16cb376
commit 961daf8f92
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/forward.c
View File

@@ -352,9 +352,19 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
daemon->free_frec_src->next = NULL; daemon->free_frec_src->next = NULL;
} }
/* If we've been spammed with many duplicates, just drop the query. */ /* If we've been spammed with many duplicates, return REFUSED. */
if (!daemon->free_frec_src) if (!daemon->free_frec_src)
return 0; {
static time_t last_log = 0;
if ((int)difftime(now, last_log) > 5)
{
last_log = now;
my_syslog(LOG_WARNING, _("Maximum number of concurrent DNS queries reached (max: %d)"), daemon->ftabsize);
}
goto frec_err;
}
src = daemon->free_frec_src; src = daemon->free_frec_src;
daemon->free_frec_src = src->next; daemon->free_frec_src = src->next;
@@ -630,6 +640,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
} }
/* could not send on, return empty answer or address if known for whole domain */ /* could not send on, return empty answer or address if known for whole domain */
frec_err:
if (udpfd != -1) if (udpfd != -1)
{ {
plen = setup_reply(header, plen, addrp, flags, daemon->local_ttl); plen = setup_reply(header, plen, addrp, flags, daemon->local_ttl);