- Fix #1417: [dnscrypt] shared secret cache counters, and works when

dnscrypt is not enabled. git-svn-id: file:///svn/unbound/trunk@4326 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2017-08-31 08:06:17 +00:00 · 2017-08-31 08:06:17 +00:00 · 425dec3037
commit 425dec3037
parent a270aa3c53
8 changed files with 92 additions and 2 deletions
--- a/daemon/remote.c
+++ b/daemon/remote.c
@ -825,6 +825,9 @@ print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
 #ifdef USE_IPSECMOD
 	size_t ipsecmod = 0;
 #endif /* USE_IPSECMOD */
 #ifdef USE_DNSCRYPT
 	size_t dnscrypt_shared_secret = 0;
 #endif /* USE_DNSCRYPT */
 	msg = slabhash_get_mem(daemon->env->msg_cache);
 	rrset = slabhash_get_mem(&daemon->env->rrset_cache->table);
 	val = mod_get_mem(&worker->env, "validator");
@ -836,6 +839,12 @@ print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
 #ifdef USE_IPSECMOD
 	ipsecmod = mod_get_mem(&worker->env, "ipsecmod");
 #endif /* USE_IPSECMOD */
 #ifdef USE_DNSCRYPT
 	if(daemon->dnscenv) {
 		dnscrypt_shared_secret = slabhash_get_mem(
 			daemon->dnscenv->shared_secrets_cache);
 	}
 #endif /* USE_DNSCRYPT */
 	if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset))
 		return 0;
@ -855,6 +864,11 @@ print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
 	if(!print_longnum(ssl, "mem.mod.ipsecmod"SQ, ipsecmod))
 		return 0;
 #endif /* USE_IPSECMOD */
 #ifdef USE_DNSCRYPT
 	if(!print_longnum(ssl, "mem.cache.dnscrypt_shared_secret"SQ,
 			dnscrypt_shared_secret))
 		return 0;
 #endif /* USE_DNSCRYPT */
 	return 1;
 }
@ -1041,6 +1055,12 @@ print_ext(SSL* ssl, struct ub_stats_info* s)
 		(unsigned)s->svr.infra_cache_count)) return 0;
 	if(!ssl_printf(ssl, "key.cache.count"SQ"%u\n",
 		(unsigned)s->svr.key_cache_count)) return 0;
 #ifdef USE_DNSCRYPT
 	if(!ssl_printf(ssl, "dnscrypt_shared_secret.cache.count"SQ"%u\n",
 		(unsigned)s->svr.shared_secret_cache_count)) return 0;
 	if(!ssl_printf(ssl, "num.query.dnscrypt.shared_secret.cachemiss"SQ"%lu\n",
 		(unsigned long)s->svr.num_query_dnscrypt_secret_missed_cache)) return 0;
 #endif /* USE_DNSCRYPT */
 	return 1;
 }
--- a/daemon/stats.c
+++ b/daemon/stats.c
@ -158,6 +158,24 @@ get_queries_ratelimit(struct worker* worker, int reset)
 	return r;
 }
 #ifdef USE_DNSCRYPT
 /** get the number of shared secret cache miss */
 static size_t
 get_dnscrypt_cache_miss(struct worker* worker, int reset)
 {
 	size_t r;
 	struct dnsc_env* de = worker->daemon->dnscenv;
 	if(!de) return 0;
 	lock_basic_lock(&de->shared_secrets_cache_lock);
 	r = de->num_query_dnscrypt_secret_missed_cache;
 	if(reset && !worker->env.cfg->stat_cumulative)
 		de->num_query_dnscrypt_secret_missed_cache = 0;
 	lock_basic_unlock(&de->shared_secrets_cache_lock);
 	return r;
 }
 #endif /* USE_DNSCRYPT */
 void
 server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
 {
@ -201,6 +219,21 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
 		s->svr.key_cache_count = (long long)count_slabhash_entries(worker->env.key_cache->slab);
 	else	s->svr.key_cache_count = 0;
 #ifdef USE_DNSCRYPT
 	if(worker->daemon->dnscenv) {
 		s->svr.num_query_dnscrypt_secret_missed_cache =
 			(long long)get_dnscrypt_cache_miss(worker, reset);
 		s->svr.shared_secret_cache_count = (long long)count_slabhash_entries(
 			worker->daemon->dnscenv->shared_secrets_cache);
 	} else {
 		s->svr.num_query_dnscrypt_secret_missed_cache = 0;
 		s->svr.shared_secret_cache_count = 0;
 	}
 #else
 	s->svr.num_query_dnscrypt_secret_missed_cache = 0;
 	s->svr.shared_secret_cache_count = 0;
 #endif /* USE_DNSCRYPT */
 	/* get tcp accept usage */
 	s->svr.tcp_accept_usage = 0;
 	for(lp = worker->front->cps; lp; lp = lp->next) {
@ -262,7 +295,7 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a)
 		a->svr.num_query_dnscrypt_cleartext;
 	total->svr.num_query_dnscrypt_crypted_malformed += \
 		a->svr.num_query_dnscrypt_crypted_malformed;
-#endif
+#endif /* USE_DNSCRYPT */
 	/* the max size reached is upped to higher of both */
 	if(a->svr.max_query_list_size > total->svr.max_query_list_size)
 		total->svr.max_query_list_size = a->svr.max_query_list_size;
--- a/dnscrypt/dnscrypt.c
+++ b/dnscrypt/dnscrypt.c
@ -177,6 +177,9 @@ dnscrypt_server_uncurve(struct dnsc_env* env,
                                       hash);
    if(!entry) {
        lock_basic_lock(&env->shared_secrets_cache_lock);
        env->num_query_dnscrypt_secret_missed_cache++;
        lock_basic_unlock(&env->shared_secrets_cache_lock);
        if(cert->es_version[1] == 2) {
 #ifdef USE_DNSCRYPT_XCHACHA20
            if (crypto_box_curve25519xchacha20poly1305_beforenm(
@ -765,6 +768,10 @@ dnsc_create(void)
 		fatal_exit("dnsc_create: could not initialize libsodium.");
 	}
 	env = (struct dnsc_env *) calloc(1, sizeof(struct dnsc_env));
 	lock_basic_init(&env->shared_secrets_cache_lock);
 	lock_protect(&env->shared_secrets_cache_lock,
 				 &env->num_query_dnscrypt_secret_missed_cache,
 				 sizeof(env->num_query_dnscrypt_secret_missed_cache));
 	return env;
 }
@ -810,6 +817,7 @@ dnsc_delete(struct dnsc_env *env)
 	sodium_free(env->certs);
 	sodium_free(env->keypairs);
 	slabhash_delete(env->shared_secrets_cache);
 	lock_basic_destroy(&env->shared_secrets_cache_lock);
 	free(env);
 }
--- a/dnscrypt/dnscrypt.h
+++ b/dnscrypt/dnscrypt.h
@ -26,6 +26,7 @@
 #include "config.h"
 #include "dnscrypt/cert.h"
 #include "util/locks.h"
 #define DNSCRYPT_QUERY_HEADER_SIZE \
    (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_PUBLICKEYBYTES + crypto_box_HALF_NONCEBYTES + crypto_box_MACBYTES)
@ -63,6 +64,10 @@ struct dnsc_env {
 	unsigned char hash_key[crypto_shorthash_KEYBYTES];
 	char * provider_name;
 	struct slabhash *shared_secrets_cache;
 	/** lock on shared secret cache counters */
 	lock_basic_type shared_secrets_cache_lock;
 	/** number of misses from shared_secrets_cache */
 	size_t num_query_dnscrypt_secret_missed_cache;
 };
 struct dnscrypt_query_header {
--- a/doc/Changelog
+++ b/doc/Changelog
@ -2,6 +2,8 @@
 	- Fix #1424: cachedb:testframe is not thread safe.
 	- For #1417: escape ; in dnscrypt tests.
 	- but reverted that, tests fails with that escape.
 	- Fix #1417: [dnscrypt] shared secret cache counters, and works when
 	  dnscrypt is not enabled.
 30 August 2017: Wouter
 	- updated contrib/fastrpz.patch to apply with configparser changes.
--- a/libunbound/unbound.h
+++ b/libunbound/unbound.h
@ -622,6 +622,7 @@ struct ub_shm_stat_info {
 		long long subnet;
 		long long ipsecmod;
 		long long respip;
 		long long dnscrypt_shared_secret;
 	} mem;
 };
@ -737,6 +738,10 @@ struct ub_server_stats {
 	long long num_query_dnscrypt_cleartext;
 	/** number of malformed encrypted queries */
 	long long num_query_dnscrypt_crypted_malformed;
 	/** number of queries which did not have a shared secret in cache */
 	long long num_query_dnscrypt_secret_missed_cache;
 	/** number of dnscrypt shared secret cache entries */
 	long long shared_secret_cache_count;
 };
 /** 
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@ -207,7 +207,7 @@ static void pr_stats(const char* nm, struct ub_stats_info* s)
    PR_UL_NM("num.dnscrypt.cleartext", s->svr.num_query_dnscrypt_cleartext);
    PR_UL_NM("num.dnscrypt.malformed",
             s->svr.num_query_dnscrypt_crypted_malformed);
-#endif
+#endif /* USE_DNSCRYPT */
 	printf("%s.requestlist.avg"SQ"%g\n", nm,
 		(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
 			(double)s->svr.sum_query_list_size/
@ -251,6 +251,10 @@ static void print_mem(struct ub_shm_stat_info* shm_stat)
 #ifdef USE_IPSECMOD
 	PR_LL("mem.mod.ipsecmod", shm_stat->mem.ipsecmod);
 #endif
 #ifdef USE_DNSCRYPT
 	PR_LL("mem.cache.dnscrypt_shared_secret",
 		shm_stat->mem.dnscrypt_shared_secret);
 #endif
 }
 /** print histogram */
@ -351,6 +355,12 @@ static void print_extended(struct ub_stats_info* s)
 	PR_UL("rrset.cache.count", s->svr.rrset_cache_count);
 	PR_UL("infra.cache.count", s->svr.infra_cache_count);
 	PR_UL("key.cache.count", s->svr.key_cache_count);
 #ifdef USE_DNSCRYPT
 	PR_UL("dnscrypt_shared_secret.cache.count",
 			 s->svr.shared_secret_cache_count);
 	PR_UL("num.query.dnscrypt.shared_secret.cachemiss",
 			 s->svr.num_query_dnscrypt_secret_missed_cache);
 #endif /* USE_DNSCRYPT */
 }
 /** print statistics out of memory structures */
--- a/util/shm_side/shm_main.c
+++ b/util/shm_side/shm_main.c
@ -249,6 +249,13 @@ void shm_main_run(struct worker *worker)
 		shm_stat->mem.msg = (long long)slabhash_get_mem(worker->env.msg_cache);
 		shm_stat->mem.rrset = (long long)slabhash_get_mem(&worker->env.rrset_cache->table);
 		shm_stat->mem.dnscrypt_shared_secret = 0;
 #ifdef USE_DNSCRYPT
 		if(worker->daemon->dnscenv) {
 			shm_stat->mem.dnscrypt_shared_secret = (long long)slabhash_get_mem(
 				worker->daemon->dnscenv->shared_secrets_cache);
 		}
 #endif
 		shm_stat->mem.val = (long long)mod_get_mem(&worker->env,
 			"validator");
 		shm_stat->mem.iter = (long long)mod_get_mem(&worker->env,