fergalmoran/DnsServer
1
0
Fork 0
mirror of https://github.com/fergalmoran/DnsServer.git synced 2026-02-05 15:33:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

DnsServer: Updated WriteClientSubnetRateLimitLog() to check for QPM bypass list before logging rate limit event entries.

Browse Source
This commit is contained in:
Shreyas Zare
2025-01-12 17:49:48 +05:30
parent c3b7c32193
commit 280dd995e8
1 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
DnsServerCore/Dns/DnsServer.cs
View File

@@ -4312,23 +4312,31 @@ namespace DnsServerCore.Dns
}
}
internal bool IsQpmLimitCrossed(IPAddress remoteIP)
private bool IsQpmLimitBypassed(IPAddress remoteIP)
{
if ((_qpmLimitRequests < 1) && (_qpmLimitErrors < 1))
return false;
if (IPAddress.IsLoopback(remoteIP))
return false;
return true;
if (_qpmLimitBypassList is not null)
{
foreach (NetworkAddress networkAddress in _qpmLimitBypassList)
{
if (networkAddress.Contains(remoteIP))
return false;
return true;
}
}
return false;
}
internal bool IsQpmLimitCrossed(IPAddress remoteIP)
{
if ((_qpmLimitRequests < 1) && (_qpmLimitErrors < 1))
return false;
if (IsQpmLimitBypassed(remoteIP))
return false;
IPAddress remoteSubnet;
switch (remoteIP.AddressFamily)
@@ -4400,6 +4408,9 @@ namespace DnsServerCore.Dns
if (oldAverageCountPerMinute >= qpmLimit)
{
//previously over limit
if (IsQpmLimitBypassed(sampleEntry.Key))
continue; //network bypassed
long averageCountPerMinute = 0;
if (newQpmLimitClientSubnetStats.TryGetValue(sampleEntry.Key, out long newCountPerSample))
@@ -4417,6 +4428,9 @@ namespace DnsServerCore.Dns
if (averageCountPerMinute >= qpmLimit)
{
//currently over limit
if (IsQpmLimitBypassed(sampleEntry.Key))
continue; //network bypassed
if ((oldQpmLimitClientSubnetStats is not null) && oldQpmLimitClientSubnetStats.TryGetValue(sampleEntry.Key, out long oldCountPerSample))
{
long oldAverageCountPerMinute = oldCountPerSample / _qpmLimitSampleMinutes;