search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dma: bump man page date
[dragonfly.git] / contrib / sendmail-8.14 / sendmail / ratectrl.c
blob22f9803efb5f70f27ae3a83923275f617ad187bc
1 /*
2 * Copyright (c) 2003 Sendmail, Inc. and its suppliers.
3 * All rights reserved.
4 *
5 * By using this file, you agree to the terms and conditions set
6 * forth in the LICENSE file which can be found at the top level of
7 * the sendmail distribution.
8 *
9 * Contributed by Jose Marcio Martins da Cruz - Ecole des Mines de Paris
10 * Jose-Marcio.Martins@ensmp.fr
11 */
12
13 /* a part of this code is based on inetd.c for which this copyright applies: */
14 /*
15 * Copyright (c) 1983, 1991, 1993, 1994
16 * The Regents of the University of California. All rights reserved.
17 *
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that the following conditions
20 * are met:
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 * 2. Redistributions in binary form must reproduce the above copyright
24 * notice, this list of conditions and the following disclaimer in the
25 * documentation and/or other materials provided with the distribution.
26 * 3. All advertising materials mentioning features or use of this software
27 * must display the following acknowledgement:
28 * This product includes software developed by the University of
29 * California, Berkeley and its contributors.
30 * 4. Neither the name of the University nor the names of its contributors
31 * may be used to endorse or promote products derived from this software
32 * without specific prior written permission.
33 *
34 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
35 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
36 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
37 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
38 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
39 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
40 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
41 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
42 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
43 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
44 * SUCH DAMAGE.
45 */
46
47 #include <sendmail.h>
48 SM_RCSID("@(#)$Id: ratectrl.c,v 8.11 2006/08/15 23:24:57 ca Exp $")
49
50 /*
51 ** stuff included - given some warnings (inet_ntoa)
52 ** - surely not everything is needed
53 */
54
55 #if NETINET || NETINET6
56 # include <arpa/inet.h>
57 #endif /* NETINET || NETINET6 */
58
59 #include <sm/time.h>
60
61 #ifndef HASH_ALG
62 # define HASH_ALG 2
63 #endif /* HASH_ALG */
64
65 #ifndef RATECTL_DEBUG
66 # define RATECTL_DEBUG 0
67 #endif /* RATECTL_DEBUG */
68
69 /* forward declarations */
70 static int client_rate __P((time_t, SOCKADDR *, bool));
71 static int total_rate __P((time_t, bool));
72 #if 0
73 static int sockaddrcmp __P((SOCKADDR *, SOCKADDR *));
74 #endif /* 0 */
75
76 /*
77 ** CONNECTION_RATE_CHECK - updates connection history data
78 ** and computes connection rate for the given host
79 **
80 ** Parameters:
81 ** hostaddr -- ip address of smtp client
82 ** e -- envelope
83 **
84 ** Returns:
85 ** true (always)
86 **
87 ** Side Effects:
88 ** updates connection history
89 **
90 ** Warnings:
91 ** For each connection, this call shall be
92 ** done only once with the value true for the
93 ** update parameter.
94 ** Typically, this call is done with the value
95 ** true by the father, and once again with
96 ** the value false by the children.
97 **
98 */
99
100 bool
101 connection_rate_check(hostaddr, e)
102 SOCKADDR *hostaddr;
103 ENVELOPE *e;
104 {
105 time_t now;
106 int totalrate, clientrate;
107 static int clientconn = 0;
108
109 now = time(NULL);
110 #if RATECTL_DEBUG
111 sm_syslog(LOG_INFO, NOQID, "connection_rate_check entering...");
112 #endif /* RATECTL_DEBUG */
113
114 /* update server connection rate */
115 totalrate = total_rate(now, e == NULL);
116 #if RATECTL_DEBUG
117 sm_syslog(LOG_INFO, NOQID, "global connection rate: %d", globalRate);
118 #endif /* RATECTL_DEBUG */
119
120 /* update client connection rate */
121 clientrate = client_rate(now, hostaddr, e == NULL);
122
123 if (e == NULL)
124 clientconn = count_open_connections(hostaddr);
125
126 if (e != NULL)
127 {
128 char s[16];
129
130 sm_snprintf(s, sizeof(s), "%d", clientrate);
131 macdefine(&e->e_macro, A_TEMP, macid("{client_rate}"), s);
132 sm_snprintf(s, sizeof(s), "%d", totalrate);
133 macdefine(&e->e_macro, A_TEMP, macid("{total_rate}"), s);
134 sm_snprintf(s, sizeof(s), "%d", clientconn);
135 macdefine(&e->e_macro, A_TEMP, macid("{client_connections}"),
136 s);
137 }
138 return true;
139 }
140
141 /*
142 ** Data declarations needed to evaluate connection rate
143 */
144
145 static int CollTime = 60;
146
147 /* this should be a power of 2, otherwise CPMHMASK doesn't work well */
148 #ifndef CPMHSIZE
149 # define CPMHSIZE 1024
150 #endif /* CPMHSIZE */
151
152 #define CPMHMASK (CPMHSIZE-1)
153
154 #ifndef MAX_CT_STEPS
155 # define MAX_CT_STEPS 10
156 #endif /* MAX_CT_STEPS */
157
158 /*
159 ** time granularity: 10s (that's one "tick")
160 ** will be initialised to ConnectionRateWindowSize/CHTSIZE
161 ** before being used the first time
162 */
163
164 static int ChtGran = -1;
165
166 #define CHTSIZE 6
167
168 /* Number of connections for a certain "tick" */
169 typedef struct CTime
170 {
171 unsigned long ct_Ticks;
172 int ct_Count;
173 }
174 CTime_T;
175
176 typedef struct CHash
177 {
178 #if NETINET6 && NETINET
179 union
180 {
181 struct in_addr c4_Addr;
182 struct in6_addr c6_Addr;
183 } cu_Addr;
184 # define ch_Addr4 cu_Addr.c4_Addr
185 # define ch_Addr6 cu_Addr.c6_Addr
186 #else /* NETINET6 && NETINET */
187 # if NETINET6
188 struct in6_addr ch_Addr;
189 # define ch_Addr6 ch_Addr
190 # else /* NETINET6 */
191 struct in_addr ch_Addr;
192 # define ch_Addr4 ch_Addr
193 # endif /* NETINET6 */
194 #endif /* NETINET6 && NETINET */
195
196 int ch_Family;
197 time_t ch_LTime;
198 unsigned long ch_colls;
199
200 /* 6 buckets for ticks: 60s */
201 CTime_T ch_Times[CHTSIZE];
202 }
203 CHash_T;
204
205 static CHash_T CHashAry[CPMHSIZE];
206 static bool CHashAryOK = false;
207
208 /*
209 ** CLIENT_RATE - Evaluate connection rate per smtp client
210 **
211 ** Parameters:
212 ** now - current time in secs
213 ** saddr - client address
214 ** update - update data / check only
215 **
216 ** Returns:
217 ** connection rate (connections / ConnectionRateWindowSize)
218 **
219 ** Side effects:
220 ** update static global data
221 **
222 */
223
224 static int
225 client_rate(now, saddr, update)
226 time_t now;
227 SOCKADDR *saddr;
228 bool update;
229 {
230 unsigned int hv;
231 int i;
232 int cnt;
233 bool coll;
234 CHash_T *chBest = NULL;
235 unsigned int ticks;
236
237 cnt = 0;
238 hv = 0xABC3D20F;
239 if (ChtGran < 0)
240 ChtGran = ConnectionRateWindowSize / CHTSIZE;
241 if (ChtGran <= 0)
242 ChtGran = 10;
243
244 ticks = now / ChtGran;
245
246 if (!CHashAryOK)
247 {
248 memset(CHashAry, 0, sizeof(CHashAry));
249 CHashAryOK = true;
250 }
251
252 {
253 char *p;
254 int addrlen;
255 #if HASH_ALG != 1
256 int c, d;
257 #endif /* HASH_ALG != 1 */
258
259 switch (saddr->sa.sa_family)
260 {
261 #if NETINET
262 case AF_INET:
263 p = (char *)&saddr->sin.sin_addr;
264 addrlen = sizeof(struct in_addr);
265 break;
266 #endif /* NETINET */
267 #if NETINET6
268 case AF_INET6:
269 p = (char *)&saddr->sin6.sin6_addr;
270 addrlen = sizeof(struct in6_addr);
271 break;
272 #endif /* NETINET6 */
273 default:
274 /* should not happen */
275 return -1;
276 }
277
278 /* compute hash value */
279 for (i = 0; i < addrlen; ++i, ++p)
280 #if HASH_ALG == 1
281 hv = (hv << 5) ^ (hv >> 23) ^ *p;
282 hv = (hv ^ (hv >> 16));
283 #elif HASH_ALG == 2
284 {
285 d = *p;
286 c = d;
287 c ^= c<<6;
288 hv += (c<<11) ^ (c>>1);
289 hv ^= (d<<14) + (d<<7) + (d<<4) + d;
290 }
291 #elif HASH_ALG == 3
292 {
293 hv = (hv << 4) + *p;
294 d = hv & 0xf0000000;
295 if (d != 0)
296 {
297 hv ^= (d >> 24);
298 hv ^= d;
299 }
300 }
301 #else /* HASH_ALG == 1 */
302 hv = ((hv << 1) ^ (*p & 0377)) % cctx->cc_size;
303 #endif /* HASH_ALG == 1 */
304 }
305
306 coll = true;
307 for (i = 0; i < MAX_CT_STEPS; ++i)
308 {
309 CHash_T *ch = &CHashAry[(hv + i) & CPMHMASK];
310
311 #if NETINET
312 if (saddr->sa.sa_family == AF_INET &&
313 ch->ch_Family == AF_INET &&
314 (saddr->sin.sin_addr.s_addr == ch->ch_Addr4.s_addr ||
315 ch->ch_Addr4.s_addr == 0))
316 {
317 chBest = ch;
318 coll = false;
319 break;
320 }
321 #endif /* NETINET */
322 #if NETINET6
323 if (saddr->sa.sa_family == AF_INET6 &&
324 ch->ch_Family == AF_INET6 &&
325 (IN6_ARE_ADDR_EQUAL(&saddr->sin6.sin6_addr,
326 &ch->ch_Addr6) != 0 ||
327 IN6_IS_ADDR_UNSPECIFIED(&ch->ch_Addr6)))
328 {
329 chBest = ch;
330 coll = false;
331 break;
332 }
333 #endif /* NETINET6 */
334 if (chBest == NULL || ch->ch_LTime == 0 ||
335 ch->ch_LTime < chBest->ch_LTime)
336 chBest = ch;
337 }
338
339 /* Let's update data... */
340 if (update)
341 {
342 if (coll && (now - chBest->ch_LTime < CollTime))
343 {
344 /*
345 ** increment the number of collisions last
346 ** CollTime for this client
347 */
348
349 chBest->ch_colls++;
350
351 /*
352 ** Maybe shall log if collision rate is too high...
353 ** and take measures to resize tables
354 ** if this is the case
355 */
356 }
357
358 /*
359 ** If it's not a match, then replace the data.
360 ** Note: this purges the history of a colliding entry,
361 ** which may cause "overruns", i.e., if two entries are
362 ** "cancelling" each other out, then they may exceed
363 ** the limits that are set. This might be mitigated a bit
364 ** by the above "best of 5" function however.
365 **
366 ** Alternative approach: just use the old data, which may
367 ** cause false positives however.
368 ** To activate this, change deactivate following memset call.
369 */
370
371 if (coll)
372 {
373 #if NETINET
374 if (saddr->sa.sa_family == AF_INET)
375 {
376 chBest->ch_Family = AF_INET;
377 chBest->ch_Addr4 = saddr->sin.sin_addr;
378 }
379 #endif /* NETINET */
380 #if NETINET6
381 if (saddr->sa.sa_family == AF_INET6)
382 {
383 chBest->ch_Family = AF_INET6;
384 chBest->ch_Addr6 = saddr->sin6.sin6_addr;
385 }
386 #endif /* NETINET6 */
387 #if 1
388 memset(chBest->ch_Times, '\0',
389 sizeof(chBest->ch_Times));
390 #endif /* 1 */
391 }
392
393 chBest->ch_LTime = now;
394 {
395 CTime_T *ct = &chBest->ch_Times[ticks % CHTSIZE];
396
397 if (ct->ct_Ticks != ticks)
398 {
399 ct->ct_Ticks = ticks;
400 ct->ct_Count = 0;
401 }
402 ++ct->ct_Count;
403 }
404 }
405
406 /* Now let's count connections on the window */
407 for (i = 0; i < CHTSIZE; ++i)
408 {
409 CTime_T *ct = &chBest->ch_Times[i];
410
411 if (ct->ct_Ticks <= ticks && ct->ct_Ticks >= ticks - CHTSIZE)
412 cnt += ct->ct_Count;
413 }
414
415 #if RATECTL_DEBUG
416 sm_syslog(LOG_WARNING, NOQID,
417 "cln: cnt=(%d), CHTSIZE=(%d), ChtGran=(%d)",
418 cnt, CHTSIZE, ChtGran);
419 #endif /* RATECTL_DEBUG */
420 return cnt;
421 }
422
423 /*
424 ** TOTAL_RATE - Evaluate global connection rate
425 **
426 ** Parameters:
427 ** now - current time in secs
428 ** update - update data / check only
429 **
430 ** Returns:
431 ** connection rate (connections / ConnectionRateWindowSize)
432 */
433
434 static CTime_T srv_Times[CHTSIZE];
435 static bool srv_Times_OK = false;
436
437 static int
438 total_rate(now, update)
439 time_t now;
440 bool update;
441 {
442 int i;
443 int cnt = 0;
444 CTime_T *ct;
445 unsigned int ticks;
446
447 if (ChtGran < 0)
448 ChtGran = ConnectionRateWindowSize / CHTSIZE;
449 if (ChtGran == 0)
450 ChtGran = 10;
451 ticks = now / ChtGran;
452 if (!srv_Times_OK)
453 {
454 memset(srv_Times, 0, sizeof(srv_Times));
455 srv_Times_OK = true;
456 }
457
458 /* Let's update data */
459 if (update)
460 {
461 ct = &srv_Times[ticks % CHTSIZE];
462
463 if (ct->ct_Ticks != ticks)
464 {
465 ct->ct_Ticks = ticks;
466 ct->ct_Count = 0;
467 }
468 ++ct->ct_Count;
469 }
470
471 /* Let's count connections on the window */
472 for (i = 0; i < CHTSIZE; ++i)
473 {
474 ct = &srv_Times[i];
475
476 if (ct->ct_Ticks <= ticks && ct->ct_Ticks >= ticks - CHTSIZE)
477 cnt += ct->ct_Count;
478 }
479
480 #if RATECTL_DEBUG
481 sm_syslog(LOG_WARNING, NOQID,
482 "srv: cnt=(%d), CHTSIZE=(%d), ChtGran=(%d)",
483 cnt, CHTSIZE, ChtGran);
484 #endif /* RATECTL_DEBUG */
485
486 return cnt;
487 }
488
489 #if 0
490 /*
491 ** SOCKADDRCMP - compare two SOCKADDR structures
492 ** this function may be used to compare SOCKADDR
493 ** structures when using bsearch and qsort functions
494 ** in the same way we do with strcmp
495 **
496 ** Parameters:
497 ** a, b - addresses
498 **
499 ** Returns:
500 ** 1 if a > b
501 ** -1 if a < b
502 ** 0 if a = b
503 **
504 ** OBS: This call isn't used at the moment, it will
505 ** be used when code will be extended to work with IPV6
506 */
507
508 static int
509 sockaddrcmp(a, b)
510 SOCKADDR *a;
511 SOCKADDR *b;
512 {
513 if (a->sa.sa_family > b->sa.sa_family)
514 return 1;
515 if (a->sa.sa_family < b->sa.sa_family)
516 return -1;
517
518 switch (a->sa.sa_family)
519 {
520 case AF_INET:
521 if (a->sin.sin_addr.s_addr > b->sin.sin_addr.s_addr)
522 return 1;
523 if (a->sin.sin_addr.s_addr < b->sin.sin_addr.s_addr)
524 return -1;
525 return 0;
526 break;
527
528 case AF_INET6:
529 /* TO BE DONE */
530 break;
531 }
532 return 0;
533 }
534 #endif /* 0 */
DragonFly BSD