[thirdparty/pdns.git] / pdns / signingpipe.cc

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "signingpipe.hh"
#include "misc.hh"
#include "dns_random.hh"
#include <poll.h>

#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <sched.h>

// deal with partial reads
namespace {
int readn(int fd, void* buffer, unsigned int len)
{
  unsigned int pos=0;
  int res;
  for(;;) {
    res = read(fd, (char*)buffer + pos, len - pos);
    if(res == 0) {
      if(pos)
        throw runtime_error("Signing Pipe remote shut down in the middle of a message");
      else {
        //cerr<<"Got decent EOF on "<<fd<<endl;
        return 0;
      }
    }
      
    if(res < 0) {
      if(errno == EAGAIN || errno == EINTR) {
        if(pos==0)
          return -1;
        waitForData(fd, -1); 
        continue;
      }
      unixDie("Reading from socket in Signing Pipe loop");
    }
  
    pos+=res;
    if(pos == len)
      break;
  }
  return len;
}
}

void* ChunkedSigningPipe::helperWorker(ChunkedSigningPipe* csp, int fd)
try {
  csp->worker(fd);
  return nullptr;
}
catch(...) {
  g_log<<Logger::Error<<"Unknown exception in signing thread occurred"<<endl;
  return nullptr;
}

ChunkedSigningPipe::ChunkedSigningPipe(DNSName  signerName, bool mustSign, unsigned int workers)
  : d_signed(0), d_queued(0), d_outstanding(0), d_numworkers(workers), d_submitted(0), d_signer(std::move(signerName)),
    d_maxchunkrecords(100), d_threads(d_numworkers), d_mustSign(mustSign), d_final(false)
{
  d_rrsetToSign = make_unique<rrset_t>();
  d_chunks.push_back(vector<DNSZoneRecord>()); // load an empty chunk
  
  if(!d_mustSign)
    return;
  
  int fds[2];
  
  for(unsigned int n=0; n < d_numworkers; ++n) {
    if(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) < 0) 
      throw runtime_error("Unable to create communication socket in for ChunkedSigningPipe");
    setCloseOnExec(fds[0]);
    setCloseOnExec(fds[1]);
    d_threads[n] = std::thread(helperWorker, this, fds[1]);
    setNonBlocking(fds[0]);
    d_sockets.push_back(fds[0]);
    d_outstandings[fds[0]] = 0;
  }
}

ChunkedSigningPipe::~ChunkedSigningPipe()
{
  if(!d_mustSign)
    return;

  for(int fd :  d_sockets) {
    close(fd); // this will trigger all threads to exit
  }

  for(auto& thread : d_threads) {
    thread.join();
  }
  //cout<<"Did: "<<d_signed<<", records (!= chunks) submitted: "<<d_submitted<<endl;
}

namespace {
bool
dedupLessThan(const DNSZoneRecord& a, const DNSZoneRecord &b)
{
  return make_tuple(a.dr.d_content->getZoneRepresentation(), a.dr.d_ttl) < make_tuple(b.dr.d_content->getZoneRepresentation(), b.dr.d_ttl);  // XXX SLOW SLOW SLOW
}

bool dedupEqual(const DNSZoneRecord& a, const DNSZoneRecord &b)
{
  return make_tuple(a.dr.d_content->getZoneRepresentation(), a.dr.d_ttl) == make_tuple(b.dr.d_content->getZoneRepresentation(), b.dr.d_ttl);  // XXX SLOW SLOW SLOW
}
}

void ChunkedSigningPipe::dedupRRSet()
{
  // our set contains contains records for one type and one name, but might not be sorted otherwise
  sort(d_rrsetToSign->begin(), d_rrsetToSign->end(), dedupLessThan);
  d_rrsetToSign->erase(unique(d_rrsetToSign->begin(), d_rrsetToSign->end(), dedupEqual), d_rrsetToSign->end());
}

bool ChunkedSigningPipe::submit(const DNSZoneRecord& rr)
{
  ++d_submitted;
  // check if we have a full RRSET to sign
  if(!d_rrsetToSign->empty() && (d_rrsetToSign->begin()->dr.d_type != rr.dr.d_type ||  d_rrsetToSign->begin()->dr.d_name != rr.dr.d_name)) 
  {
    dedupRRSet();
    sendRRSetToWorker();
  }
  d_rrsetToSign->push_back(rr);
  return !d_chunks.empty() && d_chunks.front().size() >= d_maxchunkrecords; // "you can send more"
}

pair<vector<int>, vector<int> > ChunkedSigningPipe::waitForRW(bool rd, bool wr, int seconds)
{
  vector<pollfd> pfds;

  for(int & d_socket : d_sockets) {    
    if(d_eof.count(d_socket))  
      continue;
    struct pollfd pfd;
    memset(&pfd, 0, sizeof(pfd));
    pfd.fd = d_socket;
    if(rd)
      pfd.events |= POLLIN;
    if(wr)
      pfd.events |= POLLOUT;
    pfds.push_back(pfd);
  }

  int res = poll(&pfds[0], pfds.size(), (seconds < 0) ? -1 : (seconds * 1000)); // -1 = infinite
  if(res < 0)
    unixDie("polling for activity from signers, "+std::to_string(d_sockets.size()));
  pair<vector<int>, vector<int> > vects;
  for(auto & pfd : pfds) 
    if(pfd.revents & POLLIN)
      vects.first.push_back(pfd.fd);
    else if(pfd.revents & POLLOUT)
      vects.second.push_back(pfd.fd);
  
  return vects;
}

void ChunkedSigningPipe::addSignedToChunks(std::unique_ptr<chunk_t>& signedChunk)
{
  chunk_t::const_iterator from = signedChunk->begin();
  
  while(from != signedChunk->end()) {
    chunk_t& fillChunk = d_chunks.back();
    chunk_t::size_type room = d_maxchunkrecords - fillChunk.size();
    
    unsigned int fit = std::min(room, (chunk_t::size_type)(signedChunk->end() - from));
  
    d_chunks.back().insert(fillChunk.end(), from , from + fit);
    from+=fit;

    if(from != signedChunk->end()) // it didn't fit, so add a new chunk
      d_chunks.push_back(chunk_t());
  }
}

void ChunkedSigningPipe::sendRRSetToWorker() // it sounds so socialist!
{
  if(!d_mustSign) {
    addSignedToChunks(d_rrsetToSign);
    d_rrsetToSign->clear();
    return;
  }
  
  if(d_final && !d_outstanding) // nothing to do!
    return;
  
  bool wantRead, wantWrite;
  
  wantWrite = !d_rrsetToSign->empty();
  wantRead = d_outstanding || wantWrite;  // if we wrote, we want to read
  
  pair<vector<int>, vector<int> > rwVect;
  
  rwVect = waitForRW(wantRead, wantWrite, -1); // wait for something to happen
  
  if(wantWrite && !rwVect.second.empty()) {
    shuffle(rwVect.second.begin(), rwVect.second.end(), pdns::dns_random_engine()); // pick random available worker
    auto ptr = d_rrsetToSign.release();
    writen2(*rwVect.second.begin(), &ptr, sizeof(ptr));
    d_rrsetToSign = make_unique<rrset_t>();
    d_outstandings[*rwVect.second.begin()]++;
    d_outstanding++;
    d_queued++;
    wantWrite=false;
  } 
  
  if(wantRead) {
    while(d_outstanding) {
      for(int fd :  rwVect.first) {
        if(d_eof.count(fd))
          continue;
        
        while(d_outstanding) {
          chunk_t* chunk = nullptr;
          int res = readn(fd, &chunk, sizeof(chunk));
          if(!res) {
            if (d_outstandings[fd] > 0) {
              throw std::runtime_error("A signing pipe worker died while we were waiting for its result");
            }
            d_eof.insert(fd);
            break;
          }
          if(res < 0) {
            if(errno != EAGAIN && errno != EINTR)
              unixDie("Error reading signed chunk from thread");
            else
              break;
          }

          std::unique_ptr<rrset_t> chunkPtr(chunk);
          chunk = nullptr;
          --d_outstanding;
          d_outstandings[fd]--;
          
          addSignedToChunks(chunkPtr);
        }
      }
      if(!d_outstanding || !d_final)
        break;
      rwVect = waitForRW(true, false, -1); // wait for something to happen
    }
  }
  
  if(wantWrite) {  // our optimization above failed, we now wait synchronously
    rwVect = waitForRW(false, wantWrite, -1); // wait for something to happen
    shuffle(rwVect.second.begin(), rwVect.second.end(), pdns::dns_random_engine()); // pick random available worker
    auto ptr = d_rrsetToSign.release();
    writen2(*rwVect.second.begin(), &ptr, sizeof(ptr));
    d_rrsetToSign = make_unique<rrset_t>();
    d_outstandings[*rwVect.second.begin()]++;
    d_outstanding++;
    d_queued++;
  }
  
}

unsigned int ChunkedSigningPipe::getReady() const
{
   unsigned int sum=0; 
   for(const auto& v :  d_chunks) {
     sum += v.size(); 
   }
   return sum;
}

void ChunkedSigningPipe::worker(int fd)
try
{
  UeberBackend db("key-only");
  DNSSECKeeper dk(&db);
  
  chunk_t* chunk = nullptr;
  int res;
  for(;;) {
    res = readn(fd, &chunk, sizeof(chunk));
    if(!res)
      break;
    if(res < 0)
      unixDie("reading object pointer to sign from pdns");
    try {
      set<DNSName> authSet;
      authSet.insert(d_signer);
      addRRSigs(dk, db, authSet, *chunk);
      ++d_signed;

      writen2(fd, &chunk, sizeof(chunk));
      chunk = nullptr;
    }
    catch(const PDNSException& pe) {
      delete chunk;
      throw;
    }
    catch(const std::exception& e) {
      delete chunk;
      throw;
    }
  }
  close(fd);
}
catch(const PDNSException& pe)
{
  g_log<<Logger::Error<<"Signing thread died because of PDNSException: "<<pe.reason<<endl;
  close(fd);
}
catch(const std::exception& e)
{
  g_log<<Logger::Error<<"Signing thread died because of std::exception: "<<e.what()<<endl;
  close(fd);
}

void ChunkedSigningPipe::flushToSign()
{
  sendRRSetToWorker();
  d_rrsetToSign->clear();
}

vector<DNSZoneRecord> ChunkedSigningPipe::getChunk(bool final)
{
  if(final && !d_final) {
    // this means we should keep on reading until d_outstanding == 0
    d_final = true;
    flushToSign();
    
    for(int fd :  d_sockets) {
      shutdown(fd, SHUT_WR); // perhaps this transmits EOF the other side
      //cerr<<"shutdown of "<<fd<<endl;
    }
  }
  if(d_final)
    flushToSign(); // should help us wait
  vector<DNSZoneRecord> front=d_chunks.front();
  d_chunks.pop_front();
  if(d_chunks.empty())
    d_chunks.push_back(vector<DNSZoneRecord>());
/*  if(d_final && front.empty())
      cerr<<"getChunk returning empty in final"<<endl; */
  return front;
}
Commit	Line	Data
870a0fe4 AT	1	#ifdef HAVE_CONFIG_H
	2	#include "config.h"
	3	#endif
8e9b7d99	4	#include "signingpipe.hh"
a6ef6f7a	5	#include "misc.hh"
d720eb8a	6	#include "dns_random.hh"
a6ef6f7a	7	#include <poll.h>
fa8fd4d2	8
a6ef6f7a BH	9	#include <sys/socket.h>
	10	#include <netinet/in.h>
	11	#include <netinet/tcp.h>
	12	#include <sched.h>
8e9b7d99	13
8d59e8ce BH	14	// deal with partial reads
	15	namespace {
	16	int readn(int fd, void* buffer, unsigned int len)
	17	{
	18	unsigned int pos=0;
	19	int res;
	20	for(;;) {
	21	res = read(fd, (char*)buffer + pos, len - pos);
	22	if(res == 0) {
	23	if(pos)
	24	throw runtime_error("Signing Pipe remote shut down in the middle of a message");
	25	else {
7b217f2e	26	//cerr<<"Got decent EOF on "<<fd<<endl;
8d59e8ce BH	27	return 0;
	28	}
	29	}
	30
	31	if(res < 0) {
	32	if(errno == EAGAIN \|\| errno == EINTR) {
	33	if(pos==0)
	34	return -1;
	35	waitForData(fd, -1);
	36	continue;
	37	}
	38	unixDie("Reading from socket in Signing Pipe loop");
	39	}
	40
	41	pos+=res;
	42	if(pos == len)
	43	break;
	44	}
	45	return len;
	46	}
	47	}
	48
07019b51 RG	49	void* ChunkedSigningPipe::helperWorker(ChunkedSigningPipe* csp, int fd)
	50	try {
	51	csp->worker(fd);
	52	return nullptr;
8267bd2c	53	}
97f1f8d9	54	catch(...) {
e6a9dde5	55	g_log<<Logger::Error<<"Unknown exception in signing thread occurred"<<endl;
07019b51	56	return nullptr;
bec14a20	57	}
8267bd2c	58
1290c1d2 RP	59	ChunkedSigningPipe::ChunkedSigningPipe(DNSName signerName, bool mustSign, unsigned int workers)
1290c1d2 RP	60	: d_signed(0), d_queued(0), d_outstanding(0), d_numworkers(workers), d_submitted(0), d_signer(std::move(signerName)),
07019b51	61	d_maxchunkrecords(100), d_threads(d_numworkers), d_mustSign(mustSign), d_final(false)
8267bd2c	62	{
c2826d2e	63	d_rrsetToSign = make_unique<rrset_t>();
90ba52e0	64	d_chunks.push_back(vector<DNSZoneRecord>()); // load an empty chunk
8d59e8ce	65
8267bd2c BH	66	if(!d_mustSign)
8267bd2c BH	67	return;
a2aaa807	68
a2aaa807 BH	69	int fds[2];
a2aaa807 BH	70
8267bd2c	71	for(unsigned int n=0; n < d_numworkers; ++n) {
8d59e8ce BH	72	if(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) < 0)
8d59e8ce BH	73	throw runtime_error("Unable to create communication socket in for ChunkedSigningPipe");
3897b9e1	74	setCloseOnExec(fds[0]);
3897b9e1	75	setCloseOnExec(fds[1]);
07019b51	76	d_threads[n] = std::thread(helperWorker, this, fds[1]);
3897b9e1	77	setNonBlocking(fds[0]);
8d59e8ce	78	d_sockets.push_back(fds[0]);
e3200e07	79	d_outstandings[fds[0]] = 0;
8267bd2c BH	80	}
	81	}
	82
	83	ChunkedSigningPipe::~ChunkedSigningPipe()
	84	{
	85	if(!d_mustSign)
	86	return;
07019b51	87
ef7cd021	88	for(int fd : d_sockets) {
a6ef6f7a BH	89	close(fd); // this will trigger all threads to exit
a6ef6f7a BH	90	}
07019b51 RG	91
	92	for(auto& thread : d_threads) {
	93	thread.join();
a6ef6f7a	94	}
7b217f2e	95	//cout<<"Did: "<<d_signed<<", records (!= chunks) submitted: "<<d_submitted<<endl;
8267bd2c BH	96	}
8267bd2c BH	97
a2f3b9ec	98	namespace {
b9bafae0	99	bool
90ba52e0	100	dedupLessThan(const DNSZoneRecord& a, const DNSZoneRecord &b)
a2f3b9ec	101	{
90ba52e0	102	return make_tuple(a.dr.d_content->getZoneRepresentation(), a.dr.d_ttl) < make_tuple(b.dr.d_content->getZoneRepresentation(), b.dr.d_ttl); // XXX SLOW SLOW SLOW
a2f3b9ec BH	103	}
a2f3b9ec BH	104
90ba52e0	105	bool dedupEqual(const DNSZoneRecord& a, const DNSZoneRecord &b)
a2f3b9ec	106	{
90ba52e0	107	return make_tuple(a.dr.d_content->getZoneRepresentation(), a.dr.d_ttl) == make_tuple(b.dr.d_content->getZoneRepresentation(), b.dr.d_ttl); // XXX SLOW SLOW SLOW
a2f3b9ec BH	108	}
	109	}
	110
	111	void ChunkedSigningPipe::dedupRRSet()
	112	{
	113	// our set contains contains records for one type and one name, but might not be sorted otherwise
	114	sort(d_rrsetToSign->begin(), d_rrsetToSign->end(), dedupLessThan);
	115	d_rrsetToSign->erase(unique(d_rrsetToSign->begin(), d_rrsetToSign->end(), dedupEqual), d_rrsetToSign->end());
	116	}
	117
90ba52e0	118	bool ChunkedSigningPipe::submit(const DNSZoneRecord& rr)
8e9b7d99	119	{
8d59e8ce BH	120	++d_submitted;
8d59e8ce BH	121	// check if we have a full RRSET to sign
90ba52e0	122	if(!d_rrsetToSign->empty() && (d_rrsetToSign->begin()->dr.d_type != rr.dr.d_type \|\| d_rrsetToSign->begin()->dr.d_name != rr.dr.d_name))
8e9b7d99	123	{
a2f3b9ec	124	dedupRRSet();
a2aaa807	125	sendRRSetToWorker();
8e9b7d99	126	}
a2aaa807	127	d_rrsetToSign->push_back(rr);
a2f3b9ec	128	return !d_chunks.empty() && d_chunks.front().size() >= d_maxchunkrecords; // "you can send more"
8e9b7d99 BH	129	}
8e9b7d99 BH	130
a6ef6f7a BH	131	pair<vector<int>, vector<int> > ChunkedSigningPipe::waitForRW(bool rd, bool wr, int seconds)
a6ef6f7a BH	132	{
ac10b8c6	133	vector<pollfd> pfds;
e3200e07	134
d7f67000 RP	135	for(int & d_socket : d_sockets) {
d7f67000 RP	136	if(d_eof.count(d_socket))
ac10b8c6 BH	137	continue;
	138	struct pollfd pfd;
	139	memset(&pfd, 0, sizeof(pfd));
d7f67000	140	pfd.fd = d_socket;
ac10b8c6 BH	141	if(rd)
	142	pfd.events \|= POLLIN;
	143	if(wr)
	144	pfd.events \|= POLLOUT;
	145	pfds.push_back(pfd);
a6ef6f7a	146	}
e3200e07	147
a135720d	148	int res = poll(&pfds[0], pfds.size(), (seconds < 0) ? -1 : (seconds * 1000)); // -1 = infinite
a6ef6f7a	149	if(res < 0)
335da0ba	150	unixDie("polling for activity from signers, "+std::to_string(d_sockets.size()));
a6ef6f7a	151	pair<vector<int>, vector<int> > vects;
d7f67000 RP	152	for(auto & pfd : pfds)
	153	if(pfd.revents & POLLIN)
	154	vects.first.push_back(pfd.fd);
	155	else if(pfd.revents & POLLOUT)
	156	vects.second.push_back(pfd.fd);
a6ef6f7a BH	157
	158	return vects;
	159	}
	160
c2826d2e	161	void ChunkedSigningPipe::addSignedToChunks(std::unique_ptr<chunk_t>& signedChunk)
8d59e8ce BH	162	{
	163	chunk_t::const_iterator from = signedChunk->begin();
	164
	165	while(from != signedChunk->end()) {
	166	chunk_t& fillChunk = d_chunks.back();
8d59e8ce BH	167	chunk_t::size_type room = d_maxchunkrecords - fillChunk.size();
	168
	169	unsigned int fit = std::min(room, (chunk_t::size_type)(signedChunk->end() - from));
	170
	171	d_chunks.back().insert(fillChunk.end(), from , from + fit);
	172	from+=fit;
c2826d2e	173
8d59e8ce BH	174	if(from != signedChunk->end()) // it didn't fit, so add a new chunk
	175	d_chunks.push_back(chunk_t());
	176	}
	177	}
a6ef6f7a	178
a2aaa807	179	void ChunkedSigningPipe::sendRRSetToWorker() // it sounds so socialist!
8267bd2c BH	180	{
8267bd2c BH	181	if(!d_mustSign) {
8d59e8ce	182	addSignedToChunks(d_rrsetToSign);
a2aaa807	183	d_rrsetToSign->clear();
8267bd2c BH	184	return;
8267bd2c BH	185	}
a2aaa807	186
8d59e8ce BH	187	if(d_final && !d_outstanding) // nothing to do!
	188	return;
	189
a6ef6f7a BH	190	bool wantRead, wantWrite;
	191
	192	wantWrite = !d_rrsetToSign->empty();
8d59e8ce	193	wantRead = d_outstanding \|\| wantWrite; // if we wrote, we want to read
a6ef6f7a BH	194
	195	pair<vector<int>, vector<int> > rwVect;
	196
e3200e07	197	rwVect = waitForRW(wantRead, wantWrite, -1); // wait for something to happen
a6ef6f7a BH	198
a6ef6f7a BH	199	if(wantWrite && !rwVect.second.empty()) {
d720eb8a	200	shuffle(rwVect.second.begin(), rwVect.second.end(), pdns::dns_random_engine()); // pick random available worker
c2826d2e RG	201	auto ptr = d_rrsetToSign.release();
	202	writen2(*rwVect.second.begin(), &ptr, sizeof(ptr));
	203	d_rrsetToSign = make_unique<rrset_t>();
e3200e07	204	d_outstandings[*rwVect.second.begin()]++;
8267bd2c	205	d_outstanding++;
a2aaa807	206	d_queued++;
8d59e8ce BH	207	wantWrite=false;
	208	}
	209
	210	if(wantRead) {
	211	while(d_outstanding) {
ef7cd021	212	for(int fd : rwVect.first) {
8d59e8ce BH	213	if(d_eof.count(fd))
	214	continue;
	215
	216	while(d_outstanding) {
c2826d2e	217	chunk_t* chunk = nullptr;
8d59e8ce BH	218	int res = readn(fd, &chunk, sizeof(chunk));
8d59e8ce BH	219	if(!res) {
e3200e07 RG	220	if (d_outstandings[fd] > 0) {
	221	throw std::runtime_error("A signing pipe worker died while we were waiting for its result");
	222	}
8d59e8ce BH	223	d_eof.insert(fd);
	224	break;
	225	}
	226	if(res < 0) {
	227	if(errno != EAGAIN && errno != EINTR)
	228	unixDie("Error reading signed chunk from thread");
	229	else
	230	break;
	231	}
c2826d2e RG	232
	233	std::unique_ptr<rrset_t> chunkPtr(chunk);
	234	chunk = nullptr;
8d59e8ce	235	--d_outstanding;
e3200e07	236	d_outstandings[fd]--;
8d59e8ce	237
c2826d2e	238	addSignedToChunks(chunkPtr);
8d59e8ce BH	239	}
	240	}
	241	if(!d_outstanding \|\| !d_final)
a6ef6f7a	242	break;
e3200e07	243	rwVect = waitForRW(true, false, -1); // wait for something to happen
a6ef6f7a	244	}
8267bd2c	245	}
a6ef6f7a	246
8d59e8ce	247	if(wantWrite) { // our optimization above failed, we now wait synchronously
e3200e07	248	rwVect = waitForRW(false, wantWrite, -1); // wait for something to happen
d720eb8a	249	shuffle(rwVect.second.begin(), rwVect.second.end(), pdns::dns_random_engine()); // pick random available worker
c2826d2e RG	250	auto ptr = d_rrsetToSign.release();
	251	writen2(*rwVect.second.begin(), &ptr, sizeof(ptr));
	252	d_rrsetToSign = make_unique<rrset_t>();
e3200e07	253	d_outstandings[*rwVect.second.begin()]++;
8d59e8ce BH	254	d_outstanding++;
8d59e8ce BH	255	d_queued++;
a6ef6f7a BH	256	}
a6ef6f7a BH	257
8267bd2c BH	258	}
8267bd2c BH	259
e3200e07	260	unsigned int ChunkedSigningPipe::getReady() const
a2aaa807 BH	261	{
a2aaa807 BH	262	unsigned int sum=0;
90ba52e0	263	for(const auto& v : d_chunks) {
a2aaa807 BH	264	sum += v.size();
	265	}
	266	return sum;
	267	}
07019b51 RG	268
07019b51 RG	269	void ChunkedSigningPipe::worker(int fd)
a6ef6f7a	270	try
8267bd2c	271	{
a6ef6f7a	272	UeberBackend db("key-only");
ea99d474	273	DNSSECKeeper dk(&db);
a6ef6f7a	274
c23d888d	275	chunk_t* chunk = nullptr;
8267bd2c BH	276	int res;
8267bd2c BH	277	for(;;) {
a6ef6f7a BH	278	res = readn(fd, &chunk, sizeof(chunk));
a6ef6f7a BH	279	if(!res)
8267bd2c	280	break;
a6ef6f7a BH	281	if(res < 0)
a6ef6f7a BH	282	unixDie("reading object pointer to sign from pdns");
c23d888d RG	283	try {
	284	set<DNSName> authSet;
	285	authSet.insert(d_signer);
	286	addRRSigs(dk, db, authSet, *chunk);
	287	++d_signed;
	288
	289	writen2(fd, &chunk, sizeof(chunk));
	290	chunk = nullptr;
	291	}
	292	catch(const PDNSException& pe) {
	293	delete chunk;
	294	throw;
	295	}
	296	catch(const std::exception& e) {
	297	delete chunk;
	298	throw;
	299	}
8267bd2c	300	}
a6ef6f7a BH	301	close(fd);
a6ef6f7a BH	302	}
c23d888d	303	catch(const PDNSException& pe)
97f1f8d9	304	{
e6a9dde5	305	g_log<<Logger::Error<<"Signing thread died because of PDNSException: "<<pe.reason<<endl;
97f1f8d9 KM	306	close(fd);
97f1f8d9 KM	307	}
c23d888d	308	catch(const std::exception& e)
a6ef6f7a	309	{
e6a9dde5	310	g_log<<Logger::Error<<"Signing thread died because of std::exception: "<<e.what()<<endl;
a6ef6f7a	311	close(fd);
8267bd2c BH	312	}
8267bd2c BH	313
8e9b7d99 BH	314	void ChunkedSigningPipe::flushToSign()
8e9b7d99 BH	315	{
a2aaa807 BH	316	sendRRSetToWorker();
a2aaa807 BH	317	d_rrsetToSign->clear();
8e9b7d99 BH	318	}
8e9b7d99 BH	319
90ba52e0	320	vector<DNSZoneRecord> ChunkedSigningPipe::getChunk(bool final)
8e9b7d99	321	{
a6ef6f7a BH	322	if(final && !d_final) {
	323	// this means we should keep on reading until d_outstanding == 0
	324	d_final = true;
8e9b7d99	325	flushToSign();
a6ef6f7a	326
ef7cd021	327	for(int fd : d_sockets) {
a6ef6f7a	328	shutdown(fd, SHUT_WR); // perhaps this transmits EOF the other side
7b217f2e	329	//cerr<<"shutdown of "<<fd<<endl;
a6ef6f7a	330	}
8267bd2c	331	}
a6ef6f7a BH	332	if(d_final)
a6ef6f7a BH	333	flushToSign(); // should help us wait
90ba52e0	334	vector<DNSZoneRecord> front=d_chunks.front();
a2aaa807 BH	335	d_chunks.pop_front();
a2aaa807 BH	336	if(d_chunks.empty())
90ba52e0	337	d_chunks.push_back(vector<DNSZoneRecord>());
e125fc69	338	/* if(d_final && front.empty())
e125fc69	339	cerr<<"getChunk returning empty in final"<<endl; */
a2aaa807	340	return front;
8e9b7d99	341	}
8d59e8ce	342
8d59e8ce	343