Parameterise work limits for DNSSEC validation.

2025-12-19 18:28:25 +00:00 · 2024-01-02 21:43:04 +00:00
parent bfefd6e38c
commit c5aa221e44
8 changed files with 94 additions and 52 deletions
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -759,6 +759,7 @@ struct dyndir {
 #define DNSSEC_FAIL_NOKEY       0x0100 /* no DNSKEY */
 #define DNSSEC_FAIL_NSEC3_ITERS 0x0200 /* too many iterations in NSEC3 */
 #define DNSSEC_FAIL_BADPACKET   0x0400 /* bad packet */
+#define DNSSEC_FAIL_WORK        0x0800 /* too much crypto */

 #define STAT_ISEQUAL(a, b)  (((a) & 0xffff0000) == (b))

@@ -1242,6 +1243,7 @@ extern struct daemon {
  int rr_status_sz;
  int dnssec_no_time_check;
  int back_to_the_future;
+  int limit_key_fail, limit_ds_fail, limit_sig_fail, limit_crypto, limit_work, limit_nsec3_iters;
 #endif
  struct frec *frec_list;
  struct frec_src *free_frec_src;