2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "auth-packetcache.hh"
28 #include "cachecleaner.hh"
31 const unsigned int AuthPacketCache::s_mincleaninterval
, AuthPacketCache::s_maxcleaninterval
;
33 AuthPacketCache::AuthPacketCache(size_t mapsCount
): d_maps(mapsCount
), d_lastclean(time(nullptr))
35 S
.declare("packetcache-hit", "Number of hits on the packet cache");
36 S
.declare("packetcache-miss", "Number of misses on the packet cache");
37 S
.declare("packetcache-size", "Number of entries in the packet cache", StatType::gauge
);
38 S
.declare("deferred-packetcache-inserts","Amount of packet cache inserts that were deferred because of maintenance");
39 S
.declare("deferred-packetcache-lookup","Amount of packet cache lookups that were deferred because of maintenance");
41 d_statnumhit
=S
.getPointer("packetcache-hit");
42 d_statnummiss
=S
.getPointer("packetcache-miss");
43 d_statnumentries
=S
.getPointer("packetcache-size");
46 void AuthPacketCache::MapCombo::reserve(size_t numberOfEntries
)
48 #if BOOST_VERSION >= 105600
49 d_map
.write_lock()->get
<HashTag
>().reserve(numberOfEntries
);
50 #endif /* BOOST_VERSION >= 105600 */
53 bool AuthPacketCache::get(DNSPacket
& p
, DNSPacket
& cached
)
61 static const std::unordered_set
<uint16_t> optionsToSkip
{ EDNSOptionCode::COOKIE
};
62 uint32_t hash
= canHashPacket(p
.getString(), /* don't skip ECS */optionsToSkip
);
67 time_t now
= time(nullptr);
68 auto& mc
= getMap(p
.qdomain
);
70 auto map
= mc
.d_map
.try_read_lock();
71 if (!map
.owns_lock()) {
72 S
.inc("deferred-packetcache-lookup");
76 haveSomething
= getEntryLocked(*map
, p
.getString(), hash
, p
.qdomain
, p
.qtype
.getCode(), p
.d_tcp
, now
, value
);
84 if(cached
.noparse(value
.c_str(), value
.size()) < 0) {
89 cached
.spoofQuestion(p
); // for correct case
90 cached
.qdomain
= p
.qdomain
;
91 cached
.qtype
= p
.qtype
;
96 bool AuthPacketCache::entryMatches(cmap_t::index
<HashTag
>::type::iterator
& iter
, const std::string
& query
, const DNSName
& qname
, uint16_t qtype
, bool tcp
)
98 static const std::unordered_set
<uint16_t> skippedEDNSTypes
{ EDNSOptionCode::COOKIE
};
99 return iter
->tcp
== tcp
&& iter
->qtype
== qtype
&& iter
->qname
== qname
&& queryMatches(iter
->query
, query
, qname
, skippedEDNSTypes
);
102 void AuthPacketCache::insert(DNSPacket
& q
, DNSPacket
& r
, unsigned int maxTTL
)
110 if (ntohs(q
.d
.qdcount
) != 1) {
111 return; // do not try to cache packets with multiple questions
114 if (q
.qclass
!= QClass::IN
) // we only cache the INternet
117 uint32_t ourttl
= std::min(d_ttl
, maxTTL
);
122 uint32_t hash
= q
.getHash();
123 time_t now
= time(nullptr);
127 entry
.ttd
= now
+ ourttl
;
128 entry
.qname
= q
.qdomain
;
129 entry
.qtype
= q
.qtype
.getCode();
130 entry
.value
= r
.getString();
132 entry
.query
= q
.getString();
134 auto& mc
= getMap(entry
.qname
);
136 auto map
= mc
.d_map
.try_write_lock();
137 if (!map
.owns_lock()) {
138 S
.inc("deferred-packetcache-inserts");
142 auto& idx
= map
->get
<HashTag
>();
143 auto range
= idx
.equal_range(hash
);
144 auto iter
= range
.first
;
146 for( ; iter
!= range
.second
; ++iter
) {
147 if (!entryMatches(iter
, entry
.query
, entry
.qname
, entry
.qtype
, entry
.tcp
)) {
151 moveCacheItemToBack
<SequencedTag
>(*map
, iter
);
152 iter
->value
= entry
.value
;
153 iter
->ttd
= now
+ ourttl
;
158 /* no existing entry found to refresh */
159 map
->insert(std::move(entry
));
161 if (*d_statnumentries
>= d_maxEntries
) {
162 /* remove the least recently inserted or replaced entry */
163 auto& sidx
= map
->get
<SequencedTag
>();
167 ++(*d_statnumentries
);
172 bool AuthPacketCache::getEntryLocked(const cmap_t
& map
, const std::string
& query
, uint32_t hash
, const DNSName
&qname
, uint16_t qtype
, bool tcp
, time_t now
, string
& value
)
174 auto& idx
= map
.get
<HashTag
>();
175 auto range
= idx
.equal_range(hash
);
177 for(auto iter
= range
.first
; iter
!= range
.second
; ++iter
) {
178 if (iter
->ttd
< now
) {
182 if (!entryMatches(iter
, query
, qname
, qtype
, tcp
)) {
193 /* clears the entire cache. */
194 uint64_t AuthPacketCache::purge()
200 d_statnumentries
->store(0);
202 return purgeLockedCollectionsVector(d_maps
);
205 uint64_t AuthPacketCache::purgeExact(const DNSName
& qname
)
207 auto& mc
= getMap(qname
);
208 uint64_t delcount
= purgeExactLockedCollection
<NameTag
>(mc
, qname
);
210 *d_statnumentries
-= delcount
;
215 /* purges entries from the packetcache. If match ends on a $, it is treated as a suffix */
216 uint64_t AuthPacketCache::purge(const string
&match
)
222 uint64_t delcount
= 0;
224 if(boost::ends_with(match
, "$")) {
225 delcount
= purgeLockedCollectionsVector
<NameTag
>(d_maps
, match
);
226 *d_statnumentries
-= delcount
;
229 delcount
= purgeExact(DNSName(match
));
235 void AuthPacketCache::cleanup()
237 uint64_t totErased
= pruneLockedCollectionsVector
<SequencedTag
>(d_maps
);
238 *d_statnumentries
-= totErased
;
240 DLOG(g_log
<<"Done with cache clean, cacheSize: "<<(*d_statnumentries
)<<", totErased"<<totErased
<<endl
);
244 after d_nextclean operations, we clean. We also adjust the cleaninterval
245 a bit so we slowly move it to a value where we clean roughly every 30 seconds.
247 If d_nextclean has reached its maximum value, we also test if we were called
248 within 30 seconds, and if so, we skip cleaning. This means that under high load,
249 we will not clean more often than every 30 seconds anyhow.
252 void AuthPacketCache::cleanupIfNeeded()
254 if (d_ops
++ == d_nextclean
) {
255 time_t now
= time(nullptr);
256 int timediff
= max((int)(now
- d_lastclean
), 1);
258 DLOG(g_log
<<"cleaninterval: "<<d_cleaninterval
<<", timediff: "<<timediff
<<endl
);
260 if (d_cleaninterval
== s_maxcleaninterval
&& timediff
< 30) {
261 d_cleanskipped
= true;
262 d_nextclean
+= d_cleaninterval
;
264 DLOG(g_log
<<"cleaning skipped, timediff: "<<timediff
<<endl
);
269 if(!d_cleanskipped
) {
270 d_cleaninterval
=(int)(0.6*d_cleaninterval
)+(0.4*d_cleaninterval
*(30.0/timediff
));
271 d_cleaninterval
=std::max(d_cleaninterval
, s_mincleaninterval
);
272 d_cleaninterval
=std::min(d_cleaninterval
, s_maxcleaninterval
);
274 DLOG(g_log
<<"new cleaninterval: "<<d_cleaninterval
<<endl
);
276 d_cleanskipped
= false;
279 d_nextclean
+= d_cleaninterval
;