mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- Added permit-small-holddown config to debug fast 5011 rollover.
git-svn-id: file:///svn/unbound/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
8a6817d1c9
commit
ee263cf6c5
11 changed files with 2008 additions and 1926 deletions
|
|
@ -1,5 +1,6 @@
|
|||
30 July 2015: Wouter
|
||||
- please afl-gcc (llvm) for uninitialised variable warning.
|
||||
- Added permit-small-holddown config to debug fast 5011 rollover.
|
||||
|
||||
24 July 2015: Wouter
|
||||
- Fix #690: Reload fails when so-reuseport is yes after changing
|
||||
|
|
|
|||
|
|
@ -444,6 +444,9 @@ server:
|
|||
# If the value 0 is given, missing anchors are not removed.
|
||||
# keep-missing: 31622400 # 366 days
|
||||
|
||||
# debug option that allows very small holddown times for key rollover
|
||||
# permit-small-holddown: no
|
||||
|
||||
# the amount of memory to use for the key cache.
|
||||
# plain value in bytes or you can append k, m or G. default is "4Mb".
|
||||
# key-cache-size: 4m
|
||||
|
|
|
|||
|
|
@ -801,6 +801,10 @@ mechanism work with zones that perform regular (non\-5011) rollovers.
|
|||
The default is 366 days. The value 0 does not remove missing anchors,
|
||||
as per the RFC.
|
||||
.TP
|
||||
.B permit\-small\-holddown: \fI<yes or no>
|
||||
Debug option that allows the autotrust 5011 rollover timers to assume
|
||||
very small values. Default is no.
|
||||
.TP
|
||||
.B key\-cache\-size: \fI<number>
|
||||
Number of bytes size of the key cache. Default is 4 megabytes.
|
||||
A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
|
||||
|
|
|
|||
|
|
@ -70,6 +70,8 @@
|
|||
uid_t cfg_uid = (uid_t)-1;
|
||||
/** from cfg username, after daemonise setup performed */
|
||||
gid_t cfg_gid = (gid_t)-1;
|
||||
/** for debug allow small timeout values for fast rollovers */
|
||||
int autr_permit_small_holddown = 0;
|
||||
|
||||
/** global config during parsing */
|
||||
struct config_parser_state* cfg_parser = 0;
|
||||
|
|
@ -200,6 +202,7 @@ config_create(void)
|
|||
cfg->add_holddown = 30*24*3600;
|
||||
cfg->del_holddown = 30*24*3600;
|
||||
cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */
|
||||
cfg->permit_small_holddown = 0;
|
||||
cfg->key_cache_size = 4 * 1024 * 1024;
|
||||
cfg->key_cache_slabs = 4;
|
||||
cfg->neg_cache_size = 1 * 1024 * 1024;
|
||||
|
|
@ -444,6 +447,9 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown)
|
||||
else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown)
|
||||
else S_UNSIGNED_OR_ZERO("keep-missing:", keep_missing)
|
||||
else if(strcmp(opt, "permit-small-holddown:") == 0)
|
||||
{ IS_YES_OR_NO; cfg->permit_small_holddown = (strcmp(val, "yes") == 0);
|
||||
autr_permit_small_holddown = cfg->permit_small_holddown; }
|
||||
else S_MEMSIZE("key-cache-size:", key_cache_size)
|
||||
else S_POW2("key-cache-slabs:", key_cache_slabs)
|
||||
else S_MEMSIZE("neg-cache-size:", neg_cache_size)
|
||||
|
|
@ -705,6 +711,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
else O_UNS(opt, "add-holddown", add_holddown)
|
||||
else O_UNS(opt, "del-holddown", del_holddown)
|
||||
else O_UNS(opt, "keep-missing", keep_missing)
|
||||
else O_YNO(opt, "permit-small-holddown", permit_small_holddown)
|
||||
else O_MEM(opt, "key-cache-size", key_cache_size)
|
||||
else O_DEC(opt, "key-cache-slabs", key_cache_slabs)
|
||||
else O_MEM(opt, "neg-cache-size", neg_cache_size)
|
||||
|
|
@ -1243,6 +1250,7 @@ config_apply(struct config_file* config)
|
|||
MINIMAL_RESPONSES = config->minimal_responses;
|
||||
RRSET_ROUNDROBIN = config->rrset_roundrobin;
|
||||
log_set_time_asc(config->log_time_ascii);
|
||||
autr_permit_small_holddown = config->permit_small_holddown;
|
||||
}
|
||||
|
||||
void config_lookup_uid(struct config_file* cfg)
|
||||
|
|
|
|||
|
|
@ -269,6 +269,8 @@ struct config_file {
|
|||
unsigned int del_holddown;
|
||||
/** autotrust keep_missing time, in seconds. 0 is forever. */
|
||||
unsigned int keep_missing;
|
||||
/** permit small holddown values, allowing 5011 rollover very fast */
|
||||
int permit_small_holddown;
|
||||
|
||||
/** size of the key cache */
|
||||
size_t key_cache_size;
|
||||
|
|
@ -368,6 +370,8 @@ struct config_file {
|
|||
extern uid_t cfg_uid;
|
||||
/** from cfg username, after daemonise setup performed */
|
||||
extern gid_t cfg_gid;
|
||||
/** debug and enable small timeouts */
|
||||
extern int autr_permit_small_holddown;
|
||||
|
||||
/**
|
||||
* Stub config options
|
||||
|
|
|
|||
2656
util/configlexer.c
2656
util/configlexer.c
File diff suppressed because it is too large
Load diff
|
|
@ -306,6 +306,7 @@ val-nsec3-keysize-iterations{COLON} {
|
|||
add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) }
|
||||
del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) }
|
||||
keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) }
|
||||
permit-small-holddown{COLON} { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) }
|
||||
use-syslog{COLON} { YDVAR(1, VAR_USE_SYSLOG) }
|
||||
log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) }
|
||||
log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) }
|
||||
|
|
|
|||
1214
util/configparser.c
1214
util/configparser.c
File diff suppressed because it is too large
Load diff
|
|
@ -203,7 +203,8 @@ extern int yydebug;
|
|||
VAR_RATELIMIT_BELOW_DOMAIN = 412,
|
||||
VAR_RATELIMIT_FACTOR = 413,
|
||||
VAR_CAPS_WHITELIST = 414,
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 415
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 415,
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 416
|
||||
};
|
||||
#endif
|
||||
/* Tokens. */
|
||||
|
|
@ -365,6 +366,7 @@ extern int yydebug;
|
|||
#define VAR_RATELIMIT_FACTOR 413
|
||||
#define VAR_CAPS_WHITELIST 414
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 415
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 416
|
||||
|
||||
|
||||
|
||||
|
|
@ -378,7 +380,7 @@ typedef union YYSTYPE
|
|||
|
||||
|
||||
/* Line 2058 of yacc.c */
|
||||
#line 382 "util/configparser.h"
|
||||
#line 384 "util/configparser.h"
|
||||
} YYSTYPE;
|
||||
# define YYSTYPE_IS_TRIVIAL 1
|
||||
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ extern struct config_parser_state* cfg_parser;
|
|||
%token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
|
||||
%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
|
||||
%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN VAR_RATELIMIT_FACTOR
|
||||
%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL
|
||||
%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
|
||||
|
||||
%%
|
||||
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
|
||||
|
|
@ -185,7 +185,8 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||
server_ip_transparent | server_ratelimit | server_ratelimit_slabs |
|
||||
server_ratelimit_size | server_ratelimit_for_domain |
|
||||
server_ratelimit_below_domain | server_ratelimit_factor |
|
||||
server_caps_whitelist | server_cache_max_negative_ttl
|
||||
server_caps_whitelist | server_cache_max_negative_ttl |
|
||||
server_permit_small_holddown
|
||||
;
|
||||
stubstart: VAR_STUB_ZONE
|
||||
{
|
||||
|
|
@ -1125,6 +1126,15 @@ server_keep_missing: VAR_KEEP_MISSING STRING_ARG
|
|||
free($2);
|
||||
}
|
||||
;
|
||||
server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_permit_small_holddown:%s)\n", $2));
|
||||
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->permit_small_holddown =
|
||||
(strcmp($2, "yes")==0);
|
||||
free($2);
|
||||
}
|
||||
server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_key_cache_size:%s)\n", $2));
|
||||
|
|
|
|||
|
|
@ -1447,9 +1447,11 @@ set_tp_times(struct trust_anchor* tp, time_t rrsig_exp_interval,
|
|||
if(rrsig_exp_interval/2 < x)
|
||||
x = rrsig_exp_interval/2;
|
||||
/* MAX(1hr, x) */
|
||||
if(x < 3600)
|
||||
tp->autr->query_interval = 3600;
|
||||
else tp->autr->query_interval = x;
|
||||
if(!autr_permit_small_holddown) {
|
||||
if(x < 3600)
|
||||
tp->autr->query_interval = 3600;
|
||||
else tp->autr->query_interval = x;
|
||||
}
|
||||
|
||||
/* x= MIN(1day, ttl/10, expire/10) */
|
||||
x = 24 * 3600;
|
||||
|
|
@ -1458,9 +1460,11 @@ set_tp_times(struct trust_anchor* tp, time_t rrsig_exp_interval,
|
|||
if(rrsig_exp_interval/10 < x)
|
||||
x = rrsig_exp_interval/10;
|
||||
/* MAX(1hr, x) */
|
||||
if(x < 3600)
|
||||
tp->autr->retry_time = 3600;
|
||||
else tp->autr->retry_time = x;
|
||||
if(!autr_permit_small_holddown) {
|
||||
if(x < 3600)
|
||||
tp->autr->retry_time = 3600;
|
||||
else tp->autr->retry_time = x;
|
||||
}
|
||||
|
||||
if(qi != tp->autr->query_interval || rt != tp->autr->retry_time) {
|
||||
*changed = 1;
|
||||
|
|
@ -1959,8 +1963,10 @@ calc_next_probe(struct module_env* env, time_t wait)
|
|||
{
|
||||
/* make it random, 90-100% */
|
||||
time_t rnd, rest;
|
||||
if(wait < 3600)
|
||||
wait = 3600;
|
||||
if(!autr_permit_small_holddown) {
|
||||
if(wait < 3600)
|
||||
wait = 3600;
|
||||
}
|
||||
rnd = wait/10;
|
||||
rest = wait-rnd;
|
||||
rnd = (time_t)ub_random_max(env->rnd, (long int)rnd);
|
||||
|
|
@ -2378,6 +2384,7 @@ autr_probe_timer(struct module_env* env)
|
|||
struct trust_anchor* tp;
|
||||
time_t next_probe = 3600;
|
||||
int num = 0;
|
||||
if(autr_permit_small_holddown) next_probe = 1;
|
||||
verbose(VERB_ALGO, "autotrust probe timer callback");
|
||||
/* while there are still anchors to probe */
|
||||
while( (tp = todo_probe(env, &next_probe)) ) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue