Pull request 2060: 6368-conf-ratelimit-subnet-len

Updates #6368. Squashed commit of the following: commit def3bd7c746c671efaf655c3cfbb1a7664becd85 Merge: 59d678c95 d3862614e Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Thu Nov 9 16:27:36 2023 +0300 Merge branch 'master' into 6368-conf-ratelimit-subnet-len commit 59d678c95978d4ab21b952ef0cae70cad1ad50d8 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Wed Nov 8 18:16:40 2023 +0300 all: imp chlog commit 69d6a57d7facbdc6038612f31796f727adcb107f Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Wed Nov 8 17:48:19 2023 +0300 all: upd chlog commit fa1998352618c839e248eb86c84e75933e0a5d0f Merge: 236ba3bce f8fe9bfc8 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Wed Nov 8 16:22:31 2023 +0300 Merge branch 'master' into 6368-conf-ratelimit-subnet-len commit 236ba3bceefbe6f9eeb6c70150f5a371f014f60d Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Wed Nov 8 16:21:09 2023 +0300 all: upd dnsproxy commit 771af632f7795af6cdd53ffd81d0294165441439 Merge: 5a23b039e cbcc17a58 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Tue Nov 7 17:51:56 2023 +0300 Merge branch 'master' into 6368-conf-ratelimit-subnet-len commit 5a23b039e59d1ec5cb2bfea3942da7104db3b9bd Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Tue Nov 7 17:49:27 2023 +0300 all: upd dnsproxy commit 8b7aca3fbd21897183378470fd687380630602eb Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Fri Nov 3 16:37:41 2023 +0300 all: upd chlog commit bd7d23bacc08d8f907e0e7e07a48259bb9ed17e8 Author: Stanislav Chzhen <s.chzhen@adguard.com> Date: Fri Nov 3 15:52:06 2023 +0300 all: conf ratelimit subnet len
2023-11-09 16:44:28 +03:00
parent d3862614e5
commit 53170d8711
6 changed files with 50 additions and 26 deletions
--- a/internal/dnsforward/config.go
+++ b/internal/dnsforward/config.go
@@ -46,6 +46,14 @@ type Config struct {
 	// (0 to disable).
 	Ratelimit uint32 `yaml:"ratelimit"`

+	// RatelimitSubnetLenIPv4 is a subnet length for IPv4 addresses used for
+	// rate limiting requests.
+	RatelimitSubnetLenIPv4 int `yaml:"ratelimit_subnet_len_ipv4"`
+
+	// RatelimitSubnetLenIPv6 is a subnet length for IPv6 addresses used for
+	// rate limiting requests.
+	RatelimitSubnetLenIPv6 int `yaml:"ratelimit_subnet_len_ipv6"`
+
 	// RatelimitWhitelist is the list of whitelisted client IP addresses.
 	RatelimitWhitelist []string `yaml:"ratelimit_whitelist"`

@@ -275,24 +283,26 @@ type ServerConfig struct {
 func (s *Server) createProxyConfig() (conf proxy.Config, err error) {
 	srvConf := s.conf
 	conf = proxy.Config{
-		UDPListenAddr:          srvConf.UDPListenAddrs,
-		TCPListenAddr:          srvConf.TCPListenAddrs,
-		HTTP3:                  srvConf.ServeHTTP3,
-		Ratelimit:              int(srvConf.Ratelimit),
-		RatelimitWhitelist:     srvConf.RatelimitWhitelist,
-		RefuseAny:              srvConf.RefuseAny,
-		TrustedProxies:         srvConf.TrustedProxies,
-		CacheMinTTL:            srvConf.CacheMinTTL,
-		CacheMaxTTL:            srvConf.CacheMaxTTL,
-		CacheOptimistic:        srvConf.CacheOptimistic,
-		UpstreamConfig:         srvConf.UpstreamConfig,
-		BeforeRequestHandler:   s.beforeRequestHandler,
-		RequestHandler:         s.handleDNSRequest,
-		HTTPSServerName:        aghhttp.UserAgent(),
-		EnableEDNSClientSubnet: srvConf.EDNSClientSubnet.Enabled,
-		MaxGoroutines:          int(srvConf.MaxGoroutines),
-		UseDNS64:               srvConf.UseDNS64,
-		DNS64Prefs:             srvConf.DNS64Prefixes,
+		UDPListenAddr:           srvConf.UDPListenAddrs,
+		TCPListenAddr:           srvConf.TCPListenAddrs,
+		HTTP3:                   srvConf.ServeHTTP3,
+		Ratelimit:               int(srvConf.Ratelimit),
+		RatelimitSubnetMaskIPv4: net.CIDRMask(srvConf.RatelimitSubnetLenIPv4, netutil.IPv4BitLen),
+		RatelimitSubnetMaskIPv6: net.CIDRMask(srvConf.RatelimitSubnetLenIPv6, netutil.IPv6BitLen),
+		RatelimitWhitelist:      srvConf.RatelimitWhitelist,
+		RefuseAny:               srvConf.RefuseAny,
+		TrustedProxies:          srvConf.TrustedProxies,
+		CacheMinTTL:             srvConf.CacheMinTTL,
+		CacheMaxTTL:             srvConf.CacheMaxTTL,
+		CacheOptimistic:         srvConf.CacheOptimistic,
+		UpstreamConfig:          srvConf.UpstreamConfig,
+		BeforeRequestHandler:    s.beforeRequestHandler,
+		RequestHandler:          s.handleDNSRequest,
+		HTTPSServerName:         aghhttp.UserAgent(),
+		EnableEDNSClientSubnet:  srvConf.EDNSClientSubnet.Enabled,
+		MaxGoroutines:           int(srvConf.MaxGoroutines),
+		UseDNS64:                srvConf.UseDNS64,
+		DNS64Prefs:              srvConf.DNS64Prefixes,
 	}

 	if srvConf.EDNSClientSubnet.UseCustom {