upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-13 15:49:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update HTTP listeners quotas on reconfiguration

Browse source 
This commit ensures that on reconfiguration a proper value for HTTP
connections limit is picked up.

The commit also refactors how listeners settings are updated so that
there is less code duplication.

(cherry picked from commit a2379135fa)
This commit is contained in:
Artem Boldariev 2022-06-22 15:28:57 +03:00
parent 63a4c12227
commit 1ccbb24078
1 changed files with 42 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
lib/ns/interfacemgr.c
View file

@ -927,12 +927,9 @@ clearlistenon(ns_interfacemgr_t *mgr) {
}
static void
replace_listener_tlsctx(ns_interfacemgr_t *mgr, ns_interface_t *ifp,
isc_tlsctx_t *newctx) {
replace_listener_tlsctx(ns_interface_t *ifp, isc_tlsctx_t *newctx) {
char sabuf[ISC_SOCKADDR_FORMATSIZE];
REQUIRE(NS_INTERFACE_VALID(ifp));
LOCK(&mgr->lock);
isc_sockaddr_format(&ifp->addr, sabuf, sizeof(sabuf));
isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_INFO,
"updating TLS context on %s", sabuf);
@ -942,6 +939,41 @@ replace_listener_tlsctx(ns_interfacemgr_t *mgr, ns_interface_t *ifp,
} else if (ifp->http_secure_listensocket != NULL) {
isc_nmsocket_set_tlsctx(ifp->http_secure_listensocket, newctx);
}
}
static void
update_http_settings(ns_interface_t *ifp, ns_listenelt_t *le) {
REQUIRE(le->is_http);
INSIST(ifp->http_quota != NULL);
isc_quota_max(ifp->http_quota, le->http_max_clients);
}
static void
update_listener_configuration(ns_interfacemgr_t *mgr, ns_interface_t *ifp,
ns_listenelt_t *le) {
REQUIRE(NS_INTERFACEMGR_VALID(mgr));
REQUIRE(NS_INTERFACE_VALID(ifp));
REQUIRE(le != NULL);
LOCK(&mgr->lock);
/*
* We need to update the TLS contexts
* inside the TLS/HTTPS listeners during
* a reconfiguration because the
* certificates could have been changed.
*/
if (le->sslctx != NULL) {
replace_listener_tlsctx(ifp, le->sslctx);
}
/*
* Let's update HTTP listener settings
* on reconfiguration.
*/
if (le->is_http) {
update_http_settings(ifp, le);
}
UNLOCK(&mgr->lock);
}
@ -1025,15 +1057,9 @@ do_scan(ns_interfacemgr_t *mgr, bool verbose, bool config) {
sabuf, ifp->dscp);
}
if (LISTENING(ifp)) {
/*
* We need to update the TLS contexts
* inside the TLS/HTTPS listeners during
* a reconfiguration because the
* certificates could have been changed.
*/
if (config && le->sslctx != NULL) {
replace_listener_tlsctx(
mgr, ifp, le->sslctx);
if (config) {
update_listener_configuration(
mgr, ifp, le);
}
continue;
}
@ -1190,17 +1216,10 @@ do_scan(ns_interfacemgr_t *mgr, bool verbose, bool config) {
sabuf, ifp->dscp);
}
if (LISTENING(ifp)) {
/*
* We need to update the TLS contexts
* inside the TLS/HTTPS listeners during
* a reconfiguration because the
* certificates could have been changed.
*/
if (config && le->sslctx != NULL) {
replace_listener_tlsctx(
mgr, ifp, le->sslctx);
if (config) {
update_listener_configuration(
mgr, ifp, le);
}
continue;
}
}