From 89ad258515c0652efa47c8fc38fa521c153fbfaf Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Mon, 9 Apr 2018 10:15:06 +0000 Subject: [PATCH] - num.query.authzone.up and num.query.authzone.down statistics counters. - Fix downstream auth zone, only fallback when auth zone fails to answer and fallback is enabled. git-svn-id: file:///svn/unbound/trunk@4610 be551aaa-1e26-0410-a405-d3ace91eadb9 --- Makefile.in | 4 ++-- daemon/remote.c | 4 ++++ daemon/stats.c | 17 +++++++++++++++++ doc/Changelog | 3 +++ doc/unbound-control.8.in | 10 ++++++++++ iterator/iterator.c | 3 +++ libunbound/unbound.h | 4 ++++ services/authzone.c | 5 ++++- services/authzone.h | 4 ++++ smallapp/unbound-control.c | 2 ++ 10 files changed, 53 insertions(+), 3 deletions(-) diff --git a/Makefile.in b/Makefile.in index 24a694289..8f970d190 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1228,7 +1228,7 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h + $(srcdir)/util/rtt.h $(srcdir)/services/authzone.h $(srcdir)/validator/val_kcache.h unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/remote.h \ @@ -1325,7 +1325,7 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h + $(srcdir)/util/rtt.h $(srcdir)/services/authzone.h $(srcdir)/validator/val_kcache.h replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \ diff --git a/daemon/remote.c b/daemon/remote.c index 47c0f4050..ab50e0d91 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -1075,6 +1075,10 @@ print_ext(SSL* ssl, struct ub_stats_info* s) if(!ssl_printf(ssl, "num.query.dnscrypt.replay"SQ"%lu\n", (unsigned long)s->svr.num_query_dnscrypt_replay)) return 0; #endif /* USE_DNSCRYPT */ + if(!ssl_printf(ssl, "num.query.authzone.up"SQ"%lu\n", + (unsigned long)s->svr.num_query_authzone_up)) return 0; + if(!ssl_printf(ssl, "num.query.authzone.down"SQ"%lu\n", + (unsigned long)s->svr.num_query_authzone_down)) return 0; return 1; } diff --git a/daemon/stats.c b/daemon/stats.c index ed7887208..5c31caec7 100644 --- a/daemon/stats.c +++ b/daemon/stats.c @@ -60,6 +60,7 @@ #include "sldns/sbuffer.h" #include "services/cache/rrset.h" #include "services/cache/infra.h" +#include "services/authzone.h" #include "validator/val_kcache.h" /** add timers and the values do not overflow or become negative */ @@ -256,6 +257,22 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) s->svr.nonce_cache_count = 0; s->svr.num_query_dnscrypt_replay = 0; #endif /* USE_DNSCRYPT */ + if(worker->env.auth_zones) { + if(reset && !worker->env.cfg->stat_cumulative) { + lock_rw_wrlock(&worker->env.auth_zones->lock); + } else { + lock_rw_rdlock(&worker->env.auth_zones->lock); + } + s->svr.num_query_authzone_up = (long long)worker->env. + auth_zones->num_query_up; + s->svr.num_query_authzone_down = (long long)worker->env. + auth_zones->num_query_down; + if(reset && !worker->env.cfg->stat_cumulative) { + worker->env.auth_zones->num_query_up = 0; + worker->env.auth_zones->num_query_down = 0; + } + lock_rw_unlock(&worker->env.auth_zones->lock); + } /* get tcp accept usage */ s->svr.tcp_accept_usage = 0; diff --git a/doc/Changelog b/doc/Changelog index c03c2b9d7..2480d1394 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,9 @@ 9 April 2018: Wouter - Fix that flush_zone sets prefetch ttl expired, so that with serve-expired enabled it'll start prefetching those entries. + - num.query.authzone.up and num.query.authzone.down statistics counters. + - Fix downstream auth zone, only fallback when auth zone fails to + answer and fallback is enabled. 5 April 2018: Wouter - Combine write of tcp length and tcp query for dns over tls. diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index 601d86ee7..a8b5a599b 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -601,6 +601,16 @@ dnscrypt queries replay. The client nonce must be unique for each client public key/server secret key pair. This cache should be able to host QPS * `replay window` interval keys to prevent replay of a query during `replay window` seconds. +.TP +.I num.query.authzone.up +The number of queries answered from auth\-zone data, upstream queries. +These queries would otherwise have been sent (with fallback enabled) to +the internet, but are now answered from the auth zone. +.TP +.I num.query.authzone.down +The number of queries for downstream answered from auth\-zone data. +These queries are from downstream clients, and have had an answer from +the data in the auth zone. .SH "FILES" .TP .I @ub_conf_file@ diff --git a/iterator/iterator.c b/iterator/iterator.c index 0d70b6eff..158a99250 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -2171,6 +2171,9 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, if((iq->chase_flags&BIT_RD) && !(iq->response->rep->flags&BIT_AA)) { verbose(VERB_ALGO, "forwarder, ignoring referral from auth zone"); } else { + lock_rw_wrlock(&qstate->env->auth_zones->lock); + qstate->env->auth_zones->num_query_up++; + lock_rw_unlock(&qstate->env->auth_zones->lock); iq->num_current_queries++; iq->chase_to_rd = 0; iq->dnssec_lame_query = 0; diff --git a/libunbound/unbound.h b/libunbound/unbound.h index 1b0f54fd2..aa195a87a 100644 --- a/libunbound/unbound.h +++ b/libunbound/unbound.h @@ -747,6 +747,10 @@ struct ub_server_stats { long long num_query_dnscrypt_replay; /** number of dnscrypt nonces cache entries */ long long nonce_cache_count; + /** number of queries for unbound's auth_zones, upstream query */ + long long num_query_authzone_up; + /** number of queries for unbound's auth_zones, downstream answers */ + long long num_query_authzone_down; }; /** diff --git a/services/authzone.c b/services/authzone.c index fac8e4ed1..224f96a5b 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -3153,10 +3153,13 @@ int auth_zones_answer(struct auth_zones* az, struct module_env* env, /* answer it from zone z */ r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback); lock_rw_unlock(&z->lock); - if(fallback) { + if(!r && fallback) { /* fallback to regular answering (recursive) */ return 0; } + lock_rw_wrlock(&az->lock); + az->num_query_down++; + lock_rw_unlock(&az->lock); /* encode answer */ if(!r) diff --git a/services/authzone.h b/services/authzone.h index d54ef4b96..258a1ebc3 100644 --- a/services/authzone.h +++ b/services/authzone.h @@ -77,6 +77,10 @@ struct auth_zones { rbtree_type xtree; /** do we have downstream enabled */ int have_downstream; + /** number of queries upstream */ + size_t num_query_up; + /** number of queries downstream */ + size_t num_query_down; }; /** diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index fa1e3f6b9..306b59900 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -366,6 +366,8 @@ static void print_extended(struct ub_stats_info* s) PR_UL("num.query.dnscrypt.replay", s->svr.num_query_dnscrypt_replay); #endif /* USE_DNSCRYPT */ + PR_UL("num.query.authzone.up", s->svr.num_query_authzone_up); + PR_UL("num.query.authzone.down", s->svr.num_query_authzone_down); } /** print statistics out of memory structures */ -- 2.47.3