2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "auth-packetcache.hh"
28 #include "cachecleaner.hh"
31 const unsigned int AuthPacketCache::s_mincleaninterval
, AuthPacketCache::s_maxcleaninterval
;
33 AuthPacketCache::AuthPacketCache(size_t mapsCount
): d_maps(mapsCount
), d_lastclean(time(nullptr))
35 S
.declare("packetcache-hit", "Number of hits on the packet cache");
36 S
.declare("packetcache-miss", "Number of misses on the packet cache");
37 S
.declare("packetcache-size", "Number of entries in the packet cache");
38 S
.declare("deferred-packetcache-inserts","Amount of packet cache inserts that were deferred because of maintenance");
39 S
.declare("deferred-packetcache-lookup","Amount of packet cache lookups that were deferred because of maintenance");
41 d_statnumhit
=S
.getPointer("packetcache-hit");
42 d_statnummiss
=S
.getPointer("packetcache-miss");
43 d_statnumentries
=S
.getPointer("packetcache-size");
46 AuthPacketCache::~AuthPacketCache()
49 vector
<WriteLock
*> locks
;
50 for(auto& mc
: d_maps
) {
51 locks
.push_back(new WriteLock(&mc
.d_mut
));
53 for(auto wl
: locks
) {
61 void AuthPacketCache::MapCombo::reserve(size_t numberOfEntries
)
63 #if BOOST_VERSION >= 105600
65 d_map
.get
<HashTag
>().reserve(numberOfEntries
);
66 #endif /* BOOST_VERSION >= 105600 */
69 bool AuthPacketCache::get(DNSPacket
& p
, DNSPacket
& cached
)
77 uint32_t hash
= canHashPacket(p
.getString());
82 time_t now
= time(nullptr);
83 auto& mc
= getMap(p
.qdomain
);
85 TryReadLock
rl(&mc
.d_mut
);
87 S
.inc("deferred-packetcache-lookup");
91 haveSomething
= getEntryLocked(mc
.d_map
, p
.getString(), hash
, p
.qdomain
, p
.qtype
.getCode(), p
.d_tcp
, now
, value
);
99 if(cached
.noparse(value
.c_str(), value
.size()) < 0) {
104 cached
.spoofQuestion(p
); // for correct case
105 cached
.qdomain
= p
.qdomain
;
106 cached
.qtype
= p
.qtype
;
111 bool AuthPacketCache::entryMatches(cmap_t::index
<HashTag
>::type::iterator
& iter
, const std::string
& query
, const DNSName
& qname
, uint16_t qtype
, bool tcp
)
113 return iter
->tcp
== tcp
&& iter
->qtype
== qtype
&& iter
->qname
== qname
&& queryMatches(iter
->query
, query
, qname
);
116 void AuthPacketCache::insert(DNSPacket
& q
, DNSPacket
& r
, unsigned int maxTTL
)
124 if (ntohs(q
.d
.qdcount
) != 1) {
125 return; // do not try to cache packets with multiple questions
128 if (q
.qclass
!= QClass::IN
) // we only cache the INternet
131 uint32_t ourttl
= std::min(d_ttl
, maxTTL
);
136 uint32_t hash
= q
.getHash();
137 time_t now
= time(nullptr);
141 entry
.ttd
= now
+ ourttl
;
142 entry
.qname
= q
.qdomain
;
143 entry
.qtype
= q
.qtype
.getCode();
144 entry
.value
= r
.getString();
146 entry
.query
= q
.getString();
148 auto& mc
= getMap(entry
.qname
);
150 TryWriteLock
l(&mc
.d_mut
);
152 S
.inc("deferred-packetcache-inserts");
156 auto& idx
= mc
.d_map
.get
<HashTag
>();
157 auto range
= idx
.equal_range(hash
);
158 auto iter
= range
.first
;
160 for( ; iter
!= range
.second
; ++iter
) {
161 if (!entryMatches(iter
, entry
.query
, entry
.qname
, entry
.qtype
, entry
.tcp
)) {
165 moveCacheItemToBack
<SequencedTag
>(mc
.d_map
, iter
);
166 iter
->value
= entry
.value
;
167 iter
->ttd
= now
+ ourttl
;
172 /* no existing entry found to refresh */
173 mc
.d_map
.insert(entry
);
175 if (*d_statnumentries
>= d_maxEntries
) {
176 /* remove the least recently inserted or replaced entry */
177 auto& sidx
= mc
.d_map
.get
<SequencedTag
>();
181 (*d_statnumentries
)++;
186 bool AuthPacketCache::getEntryLocked(cmap_t
& map
, const std::string
& query
, uint32_t hash
, const DNSName
&qname
, uint16_t qtype
, bool tcp
, time_t now
, string
& value
)
188 auto& idx
= map
.get
<HashTag
>();
189 auto range
= idx
.equal_range(hash
);
191 for(auto iter
= range
.first
; iter
!= range
.second
; ++iter
) {
192 if (iter
->ttd
< now
) {
196 if (!entryMatches(iter
, query
, qname
, qtype
, tcp
)) {
207 /* clears the entire cache. */
208 uint64_t AuthPacketCache::purge()
214 d_statnumentries
->store(0);
216 return purgeLockedCollectionsVector(d_maps
);
219 uint64_t AuthPacketCache::purgeExact(const DNSName
& qname
)
221 auto& mc
= getMap(qname
);
222 uint64_t delcount
= purgeExactLockedCollection
<NameTag
>(mc
, qname
);
224 *d_statnumentries
-= delcount
;
229 /* purges entries from the packetcache. If match ends on a $, it is treated as a suffix */
230 uint64_t AuthPacketCache::purge(const string
&match
)
236 uint64_t delcount
= 0;
238 if(ends_with(match
, "$")) {
239 delcount
= purgeLockedCollectionsVector
<NameTag
>(d_maps
, match
);
240 *d_statnumentries
-= delcount
;
243 delcount
= purgeExact(DNSName(match
));
249 void AuthPacketCache::cleanup()
251 uint64_t maxCached
= d_maxEntries
;
252 uint64_t cacheSize
= *d_statnumentries
;
253 uint64_t totErased
= 0;
255 totErased
= pruneLockedCollectionsVector
<SequencedTag
>(d_maps
, maxCached
, cacheSize
);
256 *d_statnumentries
-= totErased
;
258 DLOG(g_log
<<"Done with cache clean, cacheSize: "<<(*d_statnumentries
)<<", totErased"<<totErased
<<endl
);
262 after d_nextclean operations, we clean. We also adjust the cleaninterval
263 a bit so we slowly move it to a value where we clean roughly every 30 seconds.
265 If d_nextclean has reached its maximum value, we also test if we were called
266 within 30 seconds, and if so, we skip cleaning. This means that under high load,
267 we will not clean more often than every 30 seconds anyhow.
270 void AuthPacketCache::cleanupIfNeeded()
272 if (d_ops
++ == d_nextclean
) {
273 time_t now
= time(nullptr);
274 int timediff
= max((int)(now
- d_lastclean
), 1);
276 DLOG(g_log
<<"cleaninterval: "<<d_cleaninterval
<<", timediff: "<<timediff
<<endl
);
278 if (d_cleaninterval
== s_maxcleaninterval
&& timediff
< 30) {
279 d_cleanskipped
= true;
280 d_nextclean
+= d_cleaninterval
;
282 DLOG(g_log
<<"cleaning skipped, timediff: "<<timediff
<<endl
);
287 if(!d_cleanskipped
) {
288 d_cleaninterval
=(int)(0.6*d_cleaninterval
)+(0.4*d_cleaninterval
*(30.0/timediff
));
289 d_cleaninterval
=std::max(d_cleaninterval
, s_mincleaninterval
);
290 d_cleaninterval
=std::min(d_cleaninterval
, s_maxcleaninterval
);
292 DLOG(g_log
<<"new cleaninterval: "<<d_cleaninterval
<<endl
);
294 d_cleanskipped
= false;
297 d_nextclean
+= d_cleaninterval
;