summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Obser <florian@cvs.openbsd.org>2022-09-23 19:37:24 +0000
committerFlorian Obser <florian@cvs.openbsd.org>2022-09-23 19:37:24 +0000
commit0a5624d64332d26a9bfe0c9a35d22a7fb4d28cfe (patch)
treea14f96baf01cd33c19e2b21870ea3c282113c2b0
parentcd811d8821ebe039e38aac097646ee9906093031 (diff)
Sync to libunbound 1.16.3
-rw-r--r--sbin/unwind/libunbound/config.h6
-rw-r--r--sbin/unwind/libunbound/iterator/iter_delegpt.c3
-rw-r--r--sbin/unwind/libunbound/iterator/iter_delegpt.h2
-rw-r--r--sbin/unwind/libunbound/iterator/iter_utils.c3
-rw-r--r--sbin/unwind/libunbound/iterator/iter_utils.h9
-rw-r--r--sbin/unwind/libunbound/iterator/iterator.c36
-rw-r--r--sbin/unwind/libunbound/services/cache/dns.c3
-rw-r--r--sbin/unwind/libunbound/services/mesh.c7
-rw-r--r--sbin/unwind/libunbound/services/mesh.h11
-rw-r--r--sbin/unwind/libunbound/util/configlexer.c4
10 files changed, 78 insertions, 6 deletions
diff --git a/sbin/unwind/libunbound/config.h b/sbin/unwind/libunbound/config.h
index d195a8946e7..db4f84f7236 100644
--- a/sbin/unwind/libunbound/config.h
+++ b/sbin/unwind/libunbound/config.h
@@ -764,7 +764,7 @@
#define PACKAGE_NAME "unbound"
/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "unbound 1.16.2"
+#define PACKAGE_STRING "unbound 1.16.3"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "unbound"
@@ -773,7 +773,7 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
-#define PACKAGE_VERSION "1.16.2"
+#define PACKAGE_VERSION "1.16.3"
/* default pidfile location */
#define PIDFILE ""
@@ -796,7 +796,7 @@
#define ROOT_CERT_FILE "/var/unbound/etc/icannbundle.pem"
/* version number for resource files */
-#define RSRC_PACKAGE_VERSION 1,16,2,0
+#define RSRC_PACKAGE_VERSION 1,16,3,0
/* Directory to chdir to */
#define RUN_DIR "/var/unbound/etc"
diff --git a/sbin/unwind/libunbound/iterator/iter_delegpt.c b/sbin/unwind/libunbound/iterator/iter_delegpt.c
index 4bffa1b3a7d..fd07aaa1335 100644
--- a/sbin/unwind/libunbound/iterator/iter_delegpt.c
+++ b/sbin/unwind/libunbound/iterator/iter_delegpt.c
@@ -78,6 +78,7 @@ struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* region)
if(!delegpt_add_ns(copy, region, ns->name, ns->lame,
ns->tls_auth_name, ns->port))
return NULL;
+ copy->nslist->cache_lookup_count = ns->cache_lookup_count;
copy->nslist->resolved = ns->resolved;
copy->nslist->got4 = ns->got4;
copy->nslist->got6 = ns->got6;
@@ -121,6 +122,7 @@ delegpt_add_ns(struct delegpt* dp, struct regional* region, uint8_t* name,
ns->namelen = len;
dp->nslist = ns;
ns->name = regional_alloc_init(region, name, ns->namelen);
+ ns->cache_lookup_count = 0;
ns->resolved = 0;
ns->got4 = 0;
ns->got6 = 0;
@@ -620,6 +622,7 @@ int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame,
}
ns->next = dp->nslist;
dp->nslist = ns;
+ ns->cache_lookup_count = 0;
ns->resolved = 0;
ns->got4 = 0;
ns->got6 = 0;
diff --git a/sbin/unwind/libunbound/iterator/iter_delegpt.h b/sbin/unwind/libunbound/iterator/iter_delegpt.h
index 62c8edc5122..586597a69a1 100644
--- a/sbin/unwind/libunbound/iterator/iter_delegpt.h
+++ b/sbin/unwind/libunbound/iterator/iter_delegpt.h
@@ -101,6 +101,8 @@ struct delegpt_ns {
uint8_t* name;
/** length of name */
size_t namelen;
+ /** number of cache lookups for the name */
+ int cache_lookup_count;
/**
* If the name has been resolved. false if not queried for yet.
* true if the A, AAAA queries have been generated.
diff --git a/sbin/unwind/libunbound/iterator/iter_utils.c b/sbin/unwind/libunbound/iterator/iter_utils.c
index 3e13e595c63..56b184a02fb 100644
--- a/sbin/unwind/libunbound/iterator/iter_utils.c
+++ b/sbin/unwind/libunbound/iterator/iter_utils.c
@@ -1209,6 +1209,9 @@ int iter_lookup_parent_glue_from_cache(struct module_env* env,
struct delegpt_ns* ns;
size_t num = delegpt_count_targets(dp);
for(ns = dp->nslist; ns; ns = ns->next) {
+ if(ns->cache_lookup_count > ITERATOR_NAME_CACHELOOKUP_MAX_PSIDE)
+ continue;
+ ns->cache_lookup_count++;
/* get cached parentside A */
akey = rrset_cache_lookup(env->rrset_cache, ns->name,
ns->namelen, LDNS_RR_TYPE_A, qinfo->qclass,
diff --git a/sbin/unwind/libunbound/iterator/iter_utils.h b/sbin/unwind/libunbound/iterator/iter_utils.h
index 8583fde58a4..850be96a6e1 100644
--- a/sbin/unwind/libunbound/iterator/iter_utils.h
+++ b/sbin/unwind/libunbound/iterator/iter_utils.h
@@ -62,6 +62,15 @@ struct ub_packed_rrset_key;
struct module_stack;
struct outside_network;
+/* max number of lookups in the cache for target nameserver names.
+ * This stops, for large delegations, N*N lookups in the cache. */
+#define ITERATOR_NAME_CACHELOOKUP_MAX 3
+/* max number of lookups in the cache for parentside glue for nameserver names
+ * This stops, for larger delegations, N*N lookups in the cache.
+ * It is a little larger than the nonpside max, so it allows a couple extra
+ * lookups of parent side glue. */
+#define ITERATOR_NAME_CACHELOOKUP_MAX_PSIDE 5
+
/**
* Process config options and set iterator module state.
* Sets default values if no config is found.
diff --git a/sbin/unwind/libunbound/iterator/iterator.c b/sbin/unwind/libunbound/iterator/iterator.c
index 25e5cfee464..da9b7990c50 100644
--- a/sbin/unwind/libunbound/iterator/iterator.c
+++ b/sbin/unwind/libunbound/iterator/iterator.c
@@ -1218,6 +1218,15 @@ generate_dnskey_prefetch(struct module_qstate* qstate,
(qstate->query_flags&BIT_RD) && !(qstate->query_flags&BIT_CD)){
return;
}
+ /* we do not generate this prefetch when the query list is full,
+ * the query is fetched, if needed, when the validator wants it.
+ * At that time the validator waits for it, after spawning it.
+ * This means there is one state that uses cpu and a socket, the
+ * spawned while this one waits, and not several at the same time,
+ * if we had created the lookup here. And this helps to keep
+ * the total load down, but the query still succeeds to resolve. */
+ if(mesh_jostle_exceeded(qstate->env->mesh))
+ return;
/* if the DNSKEY is in the cache this lookup will stop quickly */
log_nametypeclass(VERB_ALGO, "schedule dnskey prefetch",
@@ -1911,6 +1920,14 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq,
return 0;
}
query_count++;
+ /* If the mesh query list is full, exit the loop here.
+ * This makes the routine spawn one query at a time,
+ * and this means there is no query state load
+ * increase, because the spawned state uses cpu and a
+ * socket while this state waits for that spawned
+ * state. Next time we can look up further targets */
+ if(mesh_jostle_exceeded(qstate->env->mesh))
+ break;
}
/* Send the A request. */
if(ie->supports_ipv4 &&
@@ -1925,6 +1942,9 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq,
return 0;
}
query_count++;
+ /* If the mesh query list is full, exit the loop. */
+ if(mesh_jostle_exceeded(qstate->env->mesh))
+ break;
}
/* mark this target as in progress. */
@@ -2085,6 +2105,15 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
}
ns->done_pside6 = 1;
query_count++;
+ if(mesh_jostle_exceeded(qstate->env->mesh)) {
+ /* Wait for the lookup; do not spawn multiple
+ * lookups at a time. */
+ verbose(VERB_ALGO, "try parent-side glue lookup");
+ iq->num_target_queries += query_count;
+ target_count_increase(iq, query_count);
+ qstate->ext_state[id] = module_wait_subquery;
+ return 0;
+ }
}
if(ie->supports_ipv4 && !ns->done_pside4) {
/* Send the A request. */
@@ -2560,7 +2589,12 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
if(iq->depth < ie->max_dependency_depth
&& iq->num_target_queries == 0
&& (!iq->target_count || iq->target_count[TARGET_COUNT_NX]==0)
- && iq->sent_count < TARGET_FETCH_STOP) {
+ && iq->sent_count < TARGET_FETCH_STOP
+ /* if the mesh query list is full, then do not waste cpu
+ * and sockets to fetch promiscuous targets. They can be
+ * looked up when needed. */
+ && !mesh_jostle_exceeded(qstate->env->mesh)
+ ) {
tf_policy = ie->target_fetch_policy[iq->depth];
}
diff --git a/sbin/unwind/libunbound/services/cache/dns.c b/sbin/unwind/libunbound/services/cache/dns.c
index 6bca8d85fad..b6e5697349c 100644
--- a/sbin/unwind/libunbound/services/cache/dns.c
+++ b/sbin/unwind/libunbound/services/cache/dns.c
@@ -404,6 +404,9 @@ cache_fill_missing(struct module_env* env, uint16_t qclass,
struct ub_packed_rrset_key* akey;
time_t now = *env->now;
for(ns = dp->nslist; ns; ns = ns->next) {
+ if(ns->cache_lookup_count > ITERATOR_NAME_CACHELOOKUP_MAX)
+ continue;
+ ns->cache_lookup_count++;
akey = rrset_cache_lookup(env->rrset_cache, ns->name,
ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0);
if(akey) {
diff --git a/sbin/unwind/libunbound/services/mesh.c b/sbin/unwind/libunbound/services/mesh.c
index 30bcf7cda15..2a411942663 100644
--- a/sbin/unwind/libunbound/services/mesh.c
+++ b/sbin/unwind/libunbound/services/mesh.c
@@ -2240,3 +2240,10 @@ mesh_serve_expired_callback(void* arg)
mesh_do_callback(mstate, LDNS_RCODE_NOERROR, msg->rep, c, &tv);
}
}
+
+int mesh_jostle_exceeded(struct mesh_area* mesh)
+{
+ if(mesh->all.count < mesh->max_reply_states)
+ return 0;
+ return 1;
+}
diff --git a/sbin/unwind/libunbound/services/mesh.h b/sbin/unwind/libunbound/services/mesh.h
index 3be9b63faed..25121a67b3a 100644
--- a/sbin/unwind/libunbound/services/mesh.h
+++ b/sbin/unwind/libunbound/services/mesh.h
@@ -685,4 +685,15 @@ struct dns_msg*
mesh_serve_expired_lookup(struct module_qstate* qstate,
struct query_info* lookup_qinfo);
+/**
+ * See if the mesh has space for more queries. You can allocate queries
+ * anyway, but this checks for the allocated space.
+ * @param mesh: mesh area.
+ * @return true if the query list is full.
+ * It checks the number of all queries, not just number of reply states,
+ * that have a client address. So that spawned queries count too,
+ * that were created by the iterator, or other modules.
+ */
+int mesh_jostle_exceeded(struct mesh_area* mesh);
+
#endif /* SERVICES_MESH_H */
diff --git a/sbin/unwind/libunbound/util/configlexer.c b/sbin/unwind/libunbound/util/configlexer.c
index ca661287a9a..a09ca8679ee 100644
--- a/sbin/unwind/libunbound/util/configlexer.c
+++ b/sbin/unwind/libunbound/util/configlexer.c
@@ -5,7 +5,7 @@
#define YY_INT_ALIGNED short int
-/* $OpenBSD: configlexer.c,v 1.14 2022/08/30 05:46:51 florian Exp $ */
+/* $OpenBSD: configlexer.c,v 1.15 2022/09/23 19:37:23 florian Exp $ */
/* A lexical scanner generated by flex */
@@ -27,7 +27,7 @@
/* end standard C headers. */
-/* $OpenBSD: configlexer.c,v 1.14 2022/08/30 05:46:51 florian Exp $ */
+/* $OpenBSD: configlexer.c,v 1.15 2022/09/23 19:37:23 florian Exp $ */
/* flex integer type definitions */