[master] DDoS mitigation features

3938.	[func]		Added quotas to be used in recursive resolvers
			that are under high query load for names in zones
			whose authoritative servers are nonresponsive or
			are experiencing a denial of service attack.

			- "fetches-per-server" limits the number of
			  simultaneous queries that can be sent to any
			  single authoritative server.  The configured
			  value is a starting point; it is automatically
			  adjusted downward if the server is partially or
			  completely non-responsive. The algorithm used to
			  adjust the quota can be configured via the
			  "fetch-quota-params" option.
			- "fetches-per-zone" limits the number of
			  simultaneous queries that can be sent for names
			  within a single domain.  (Note: Unlike
			  "fetches-per-server", this value is not
			  self-tuning.)
			- New stats counters have been added to count
			  queries spilled due to these quotas.

			See the ARM for details of these options. [RT #37125]

lib/isccfg/parser.c

@@ -19,6 +19,8 @@
 
 #include <config.h>
 
+#include <stdlib.h>
+
 #include <isc/buffer.h>
 #include <isc/dir.h>
 #include <isc/formatcheck.h>
@@ -120,6 +122,7 @@ cfg_rep_t cfg_rep_tuple = { "tuple", free_tuple };
 cfg_rep_t cfg_rep_sockaddr = { "sockaddr", free_noop };
 cfg_rep_t cfg_rep_netprefix = { "netprefix", free_noop };
 cfg_rep_t cfg_rep_void = { "void", free_noop };
+cfg_rep_t cfg_rep_fixedpoint = { "fixedpoint", free_noop };
 
 /*
  * Configuration type definitions.
@@ -646,6 +649,80 @@ cfg_type_t cfg_type_void = {
 	"void", cfg_parse_void, cfg_print_void, cfg_doc_void, &cfg_rep_void,
 	NULL };
 
+/*
+ * Fixed point
+ */
+isc_result_t
+cfg_parse_fixedpoint(cfg_parser_t *pctx, const cfg_type_t *type,
+		     cfg_obj_t **ret)
+{
+	isc_result_t result;
+	cfg_obj_t *obj = NULL;
+	UNUSED(type);
+	size_t n1, n2, n3, l;
+	const char *p;
+
+	UNUSED(type);
+
+	CHECK(cfg_gettoken(pctx, 0));
+	if (pctx->token.type != isc_tokentype_string) {
+		cfg_parser_error(pctx, CFG_LOG_NEAR,
+				 "expected fixed point number");
+		return (ISC_R_UNEXPECTEDTOKEN);
+	}
+
+
+	p = TOKEN_STRING(pctx);
+	l = strlen(p);
+	n1 = strspn(p, "0123456789");
+	n2 = strspn(p + n1, ".");
+	n3 = strspn(p + n1 + n2, "0123456789");
+
+	if ((n1 + n2 + n3 != l) || (n1 + n3 == 0) ||
+	    n1 > 5 || n2 > 1 || n3 > 2) {
+		cfg_parser_error(pctx, CFG_LOG_NEAR,
+				 "expected fixed point number");
+		return (ISC_R_UNEXPECTEDTOKEN);
+	}
+
+	CHECK(cfg_create_obj(pctx, &cfg_type_fixedpoint, &obj));
+
+	obj->value.uint32 = strtoul(p, NULL, 10) * 100;
+	switch (n3) {
+	case 2:
+		obj->value.uint32 += strtoul(p + n1 + n2, NULL, 10);
+		break;
+	case 1:
+		obj->value.uint32 += strtoul(p + n1 + n2, NULL, 10) * 10;
+		break;
+	}
+	*ret = obj;
+
+ cleanup:
+	return (result);
+}
+
+void
+cfg_print_fixedpoint(cfg_printer_t *pctx, const cfg_obj_t *obj) {
+	char buf[64];
+	int n;
+
+	n = snprintf(buf, sizeof(buf), "%u.%02u",
+		     obj->value.uint32/100, obj->value.uint32%100);
+	INSIST(n > 0 && (size_t)n < sizeof(buf));
+	cfg_print_chars(pctx, buf, strlen(buf));
+}
+
+isc_uint32_t
+cfg_obj_asfixedpoint(const cfg_obj_t *obj) {
+	REQUIRE(obj != NULL && obj->type->rep == &cfg_rep_fixedpoint);
+	return (obj->value.uint32);
+}
+
+cfg_type_t cfg_type_fixedpoint = {
+	"fixedpoint", cfg_parse_fixedpoint, cfg_print_fixedpoint,
+	cfg_doc_terminal, &cfg_rep_fixedpoint, NULL
+};
 
 /*
  * uint32