#ifdef USE_IPSECMOD
size_t ipsecmod = 0;
#endif /* USE_IPSECMOD */
+#ifdef USE_DNSCRYPT
+ size_t dnscrypt_shared_secret = 0;
+#endif /* USE_DNSCRYPT */
msg = slabhash_get_mem(daemon->env->msg_cache);
rrset = slabhash_get_mem(&daemon->env->rrset_cache->table);
val = mod_get_mem(&worker->env, "validator");
#ifdef USE_IPSECMOD
ipsecmod = mod_get_mem(&worker->env, "ipsecmod");
#endif /* USE_IPSECMOD */
+#ifdef USE_DNSCRYPT
+ if(daemon->dnscenv) {
+ dnscrypt_shared_secret = slabhash_get_mem(
+ daemon->dnscenv->shared_secrets_cache);
+ }
+#endif /* USE_DNSCRYPT */
if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset))
return 0;
if(!print_longnum(ssl, "mem.mod.ipsecmod"SQ, ipsecmod))
return 0;
#endif /* USE_IPSECMOD */
+#ifdef USE_DNSCRYPT
+ if(!print_longnum(ssl, "mem.cache.dnscrypt_shared_secret"SQ,
+ dnscrypt_shared_secret))
+ return 0;
+#endif /* USE_DNSCRYPT */
return 1;
}
(unsigned)s->svr.infra_cache_count)) return 0;
if(!ssl_printf(ssl, "key.cache.count"SQ"%u\n",
(unsigned)s->svr.key_cache_count)) return 0;
+#ifdef USE_DNSCRYPT
+ if(!ssl_printf(ssl, "dnscrypt_shared_secret.cache.count"SQ"%u\n",
+ (unsigned)s->svr.shared_secret_cache_count)) return 0;
+ if(!ssl_printf(ssl, "num.query.dnscrypt.shared_secret.cachemiss"SQ"%lu\n",
+ (unsigned long)s->svr.num_query_dnscrypt_secret_missed_cache)) return 0;
+#endif /* USE_DNSCRYPT */
return 1;
}
return r;
}
+#ifdef USE_DNSCRYPT
+/** get the number of shared secret cache miss */
+static size_t
+get_dnscrypt_cache_miss(struct worker* worker, int reset)
+{
+ size_t r;
+ struct dnsc_env* de = worker->daemon->dnscenv;
+ if(!de) return 0;
+
+ lock_basic_lock(&de->shared_secrets_cache_lock);
+ r = de->num_query_dnscrypt_secret_missed_cache;
+ if(reset && !worker->env.cfg->stat_cumulative)
+ de->num_query_dnscrypt_secret_missed_cache = 0;
+ lock_basic_unlock(&de->shared_secrets_cache_lock);
+ return r;
+}
+#endif /* USE_DNSCRYPT */
+
void
server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
{
s->svr.key_cache_count = (long long)count_slabhash_entries(worker->env.key_cache->slab);
else s->svr.key_cache_count = 0;
+#ifdef USE_DNSCRYPT
+ if(worker->daemon->dnscenv) {
+ s->svr.num_query_dnscrypt_secret_missed_cache =
+ (long long)get_dnscrypt_cache_miss(worker, reset);
+ s->svr.shared_secret_cache_count = (long long)count_slabhash_entries(
+ worker->daemon->dnscenv->shared_secrets_cache);
+ } else {
+ s->svr.num_query_dnscrypt_secret_missed_cache = 0;
+ s->svr.shared_secret_cache_count = 0;
+ }
+#else
+ s->svr.num_query_dnscrypt_secret_missed_cache = 0;
+ s->svr.shared_secret_cache_count = 0;
+#endif /* USE_DNSCRYPT */
+
/* get tcp accept usage */
s->svr.tcp_accept_usage = 0;
for(lp = worker->front->cps; lp; lp = lp->next) {
a->svr.num_query_dnscrypt_cleartext;
total->svr.num_query_dnscrypt_crypted_malformed += \
a->svr.num_query_dnscrypt_crypted_malformed;
-#endif
+#endif /* USE_DNSCRYPT */
/* the max size reached is upped to higher of both */
if(a->svr.max_query_list_size > total->svr.max_query_list_size)
total->svr.max_query_list_size = a->svr.max_query_list_size;
hash);
if(!entry) {
+ lock_basic_lock(&env->shared_secrets_cache_lock);
+ env->num_query_dnscrypt_secret_missed_cache++;
+ lock_basic_unlock(&env->shared_secrets_cache_lock);
if(cert->es_version[1] == 2) {
#ifdef USE_DNSCRYPT_XCHACHA20
if (crypto_box_curve25519xchacha20poly1305_beforenm(
fatal_exit("dnsc_create: could not initialize libsodium.");
}
env = (struct dnsc_env *) calloc(1, sizeof(struct dnsc_env));
+ lock_basic_init(&env->shared_secrets_cache_lock);
+ lock_protect(&env->shared_secrets_cache_lock,
+ &env->num_query_dnscrypt_secret_missed_cache,
+ sizeof(env->num_query_dnscrypt_secret_missed_cache));
return env;
}
sodium_free(env->certs);
sodium_free(env->keypairs);
slabhash_delete(env->shared_secrets_cache);
+ lock_basic_destroy(&env->shared_secrets_cache_lock);
free(env);
}
#include "config.h"
#include "dnscrypt/cert.h"
+#include "util/locks.h"
#define DNSCRYPT_QUERY_HEADER_SIZE \
(DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_PUBLICKEYBYTES + crypto_box_HALF_NONCEBYTES + crypto_box_MACBYTES)
unsigned char hash_key[crypto_shorthash_KEYBYTES];
char * provider_name;
struct slabhash *shared_secrets_cache;
+ /** lock on shared secret cache counters */
+ lock_basic_type shared_secrets_cache_lock;
+ /** number of misses from shared_secrets_cache */
+ size_t num_query_dnscrypt_secret_missed_cache;
};
struct dnscrypt_query_header {
- Fix #1424: cachedb:testframe is not thread safe.
- For #1417: escape ; in dnscrypt tests.
- but reverted that, tests fails with that escape.
+ - Fix #1417: [dnscrypt] shared secret cache counters, and works when
+ dnscrypt is not enabled.
30 August 2017: Wouter
- updated contrib/fastrpz.patch to apply with configparser changes.
long long subnet;
long long ipsecmod;
long long respip;
+ long long dnscrypt_shared_secret;
} mem;
};
long long num_query_dnscrypt_cleartext;
/** number of malformed encrypted queries */
long long num_query_dnscrypt_crypted_malformed;
+ /** number of queries which did not have a shared secret in cache */
+ long long num_query_dnscrypt_secret_missed_cache;
+ /** number of dnscrypt shared secret cache entries */
+ long long shared_secret_cache_count;
};
/**
PR_UL_NM("num.dnscrypt.cleartext", s->svr.num_query_dnscrypt_cleartext);
PR_UL_NM("num.dnscrypt.malformed",
s->svr.num_query_dnscrypt_crypted_malformed);
-#endif
+#endif /* USE_DNSCRYPT */
printf("%s.requestlist.avg"SQ"%g\n", nm,
(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
(double)s->svr.sum_query_list_size/
#ifdef USE_IPSECMOD
PR_LL("mem.mod.ipsecmod", shm_stat->mem.ipsecmod);
#endif
+#ifdef USE_DNSCRYPT
+ PR_LL("mem.cache.dnscrypt_shared_secret",
+ shm_stat->mem.dnscrypt_shared_secret);
+#endif
}
/** print histogram */
PR_UL("rrset.cache.count", s->svr.rrset_cache_count);
PR_UL("infra.cache.count", s->svr.infra_cache_count);
PR_UL("key.cache.count", s->svr.key_cache_count);
+#ifdef USE_DNSCRYPT
+ PR_UL("dnscrypt_shared_secret.cache.count",
+ s->svr.shared_secret_cache_count);
+ PR_UL("num.query.dnscrypt.shared_secret.cachemiss",
+ s->svr.num_query_dnscrypt_secret_missed_cache);
+#endif /* USE_DNSCRYPT */
}
/** print statistics out of memory structures */
shm_stat->mem.msg = (long long)slabhash_get_mem(worker->env.msg_cache);
shm_stat->mem.rrset = (long long)slabhash_get_mem(&worker->env.rrset_cache->table);
+ shm_stat->mem.dnscrypt_shared_secret = 0;
+#ifdef USE_DNSCRYPT
+ if(worker->daemon->dnscenv) {
+ shm_stat->mem.dnscrypt_shared_secret = (long long)slabhash_get_mem(
+ worker->daemon->dnscenv->shared_secrets_cache);
+ }
+#endif
shm_stat->mem.val = (long long)mod_get_mem(&worker->env,
"validator");
shm_stat->mem.iter = (long long)mod_get_mem(&worker->env,
projects / thirdparty / unbound.git / commitdiff
