From 2c44f82e5b9a5b007cff4004b7fcbec91786d245 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Ondr=C3=A1=C4=8Dek?=
 <lukas.ondracek@nic.cz>
Date: Mon, 19 Aug 2024 14:50:30 +0200
Subject: [PATCH] rrl: improve documentation

---
 src/knot/modules/rrl/rrl.rst | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/knot/modules/rrl/rrl.rst b/src/knot/modules/rrl/rrl.rst
index b42093cc3e..85c8d3554a 100644
--- a/src/knot/modules/rrl/rrl.rst
+++ b/src/knot/modules/rrl/rrl.rst
@@ -89,9 +89,10 @@ The specific prefixes and multipliers, which might be adjusted in the future, ar
 for IPv6 /128: 1, /64: 2, /56: 3, /48: 4, /32: 64;
 for IPv4 /32: 1, /24: 32, /20: 256, /18: 768.
 
-With each host/network, a counter of unrestricted responses is associated
-and it is lowered by a constant fraction of its value each millisecond;
-a response is restricted if a counter would exceed its capacity otherwise.
+With each host/network, a counter of unrestricted responses is associated;
+if the counter would exceed its capacity, it is not incremented and the response is restricted.
+Counters use exponential decay for lowering their values,
+i.e. they are lowered by a constant fraction of their value each millisecond.
 The specified rate limit is reached, when the number of queries is the same every millisecond;
 sending many queries once a second or even a larger timespan leads to a more strict limiting.
 
@@ -178,16 +179,19 @@ table-size
 ..........
 
 Maximal number of stored hosts/networks with their counters.
-The data structure tries to store only the most frequent sources and the
-table size is internally a little bigger,
-so it is safe to set it according to the expected maximal number of limited sources.
+The data structure tries to store only the most frequent sources,
+so it is safe to set it according to the expected maximal number of limited ones.
 
 Use `1.4 * maximum_qps / rate-limit`,
 where `maximum_qps` is the number of queries which can be handled by the server per second.
 There is at most `maximum_qps / rate-limit` limited hosts;
-larger networks have higher limits and so require only a fraction of the value.
+larger networks have higher limits and so require only a fraction of the value (handled by the `1.4` multiplier).
 The value will be rounded up to the nearest power of two.
 
+The same table size is used for both counting-based and time-based limiting;
+the maximum number of time-limited hosts is expected to be lower, so it's not typically needed to be considered.
+There is at most `1 000 000 * #cpus / time-rate-limit` of them.
+
 The memory occupied by one table structure is `8 * table-size B`.
 
 *Default:* ``524288``
@@ -216,6 +220,9 @@ and logging is disabled for the `log-period` milliseconds.
 As long as limiting is needed, one source is logged each period
 and sources with more blocked queries have greater probability to be chosen.
 
+The approach is used by counting-based and time-based limiting separately,
+so you can expect one message per `log-period` from each of them.
+
 *Default:* ``0`` (disabled)
 
 .. _mod-rrl_dry-run:
-- 
GitLab