{ "setConsoleMaximumConcurrentConnections", true, "max", "Set the maximum number of concurrent console connections" },
{ "setConsoleOutputMaxMsgSize", true, "messageSize", "set console message maximum size in bytes, default is 10 MB" },
{ "setDefaultBPFFilter", true, "filter", "When used at configuration time, the corresponding BPFFilter will be attached to every bind" },
+ { "setDoHDownstreamCleanupInterval", true, "interval", "minimum interval in seconds between two cleanups of the idle DoH downstream connections" },
+ { "setDoHDownstreamMaxIdleTime", true, "time", "Maximum time in seconds that a downstream DoH connection to a backend might stay idle" },
{ "setDynBlocksAction", true, "action", "set which action is performed when a query is blocked. Only DNSAction.Drop (the default) and DNSAction.Refused are supported" },
{ "setDynBlocksPurgeInterval", true, "sec", "set how often the expired dynamic block entries should be removed" },
{ "setDropEmptyQueries", true, "drop", "Whether to drop empty queries right away instead of sending a NOTIMP response" },
{ "setECSSourcePrefixV6", true, "prefix-length", "the EDNS Client Subnet prefix-length used for IPv6 queries" },
{ "setKey", true, "key", "set access key to that key" },
{ "setLocal", true, "addr [, {doTCP=true, reusePort=false, tcpFastOpenQueueSize=0, interface=\"\", cpus={}}]", "reset the list of addresses we listen on to this address" },
+ { "setMaxCachedDoHConnectionsPerDownstream", true, "max", "Set the maximum number of inactive DoH connections to a backend cached by each worker DoH thread" },
{ "setMaxCachedTCPConnectionsPerDownstream", true, "max", "Set the maximum number of inactive TCP connections to a backend cached by each worker TCP thread" },
{ "setMaxTCPClientThreads", true, "n", "set the maximum of TCP client threads, handling TCP connections" },
{ "setMaxTCPConnectionDuration", true, "n", "set the maximum duration of an incoming TCP connection, in seconds. 0 means unlimited" },
{ "setStaleCacheEntriesTTL", true, "n", "allows using cache entries expired for at most n seconds when there is no backend available to answer for a query" },
{ "setSyslogFacility", true, "facility", "set the syslog logging facility to 'facility'. Defaults to LOG_DAEMON" },
{ "setTCPDownstreamCleanupInterval", true, "interval", "minimum interval in seconds between two cleanups of the idle TCP downstream connections" },
+ { "setTCPDownstreamMaxIdleTime", true, "time", "Maximum time in seconds that a downstream TCP connection to a backend might stay idle" },
{ "setTCPInternalPipeBufferSize", true, "size", "Set the size in bytes of the internal buffer of the pipes used internally to distribute connections to TCP (and DoT) workers threads" },
{ "setTCPRecvTimeout", true, "n", "set the read timeout on TCP connections from the client, in seconds" },
{ "setTCPSendTimeout", true, "n", "set the write timeout on TCP connections from the client, in seconds" },
});
luaCtx.writeFunction("setMaxCachedTCPConnectionsPerDownstream", [](size_t max) {
- setMaxCachedTCPConnectionsPerDownstream(max);
+ DownstreamConnectionsManager::setMaxCachedConnectionsPerDownstream(max);
+ });
+
+ luaCtx.writeFunction("setMaxCachedDoHConnectionsPerDownstream", [](size_t max) {
+ setDoHDownstreamMaxConnectionsPerBackend(max);
});
luaCtx.writeFunction("setOutgoingDoHWorkerThreads", [](uint64_t workers) {
DownstreamConnectionsManager::setCleanupInterval(interval);
});
+ luaCtx.writeFunction("setDoHDownstreamCleanupInterval", [](uint16_t interval) {
+ setLuaSideEffect();
+ setDoHDownstreamCleanupInterval(interval);
+ });
+
+ luaCtx.writeFunction("setTCPDownstreamMaxIdeTime", [](uint16_t max) {
+ setLuaSideEffect();
+ DownstreamConnectionsManager::setMaxIdleTime(max);
+ });
+
+ luaCtx.writeFunction("setDoHDownstreamMaxIdeTime", [](uint16_t max) {
+ setLuaSideEffect();
+ setDoHDownstreamMaxIdleTime(max);
+ });
+
luaCtx.writeFunction("setConsoleConnectionsLogging", [](bool enabled) {
g_logConsoleConnections = enabled;
});
vector<std::function<void(void)>> setupLua(bool client, const std::string& config);
void tcpAcceptorThread(ClientState* p);
-void setMaxCachedTCPConnectionsPerDownstream(size_t max);
#ifdef HAVE_DNS_OVER_HTTPS
void dohThread(ClientState* cs);
void stopIO();
bool reachedMaxConcurrentQueries() const override;
bool reachedMaxStreamID() const override;
+ bool isIdle() const override;
private:
static ssize_t send_callback(nghttp2_session* session, const uint8_t* data, size_t length, int flags, void* user_data);
s_cleanupInterval = interval;
}
+ static void setMaxIdleTime(uint16_t max)
+ {
+ s_maxIdleTime = max;
+ }
+
private:
static thread_local map<boost::uuids::uuid, std::deque<std::shared_ptr<DoHConnectionToBackend>>> t_downstreamConnections;
static thread_local time_t t_nextCleanup;
static size_t s_maxCachedConnectionsPerDownstream;
static uint16_t s_cleanupInterval;
+ static uint16_t s_maxIdleTime;
};
uint32_t DoHConnectionToBackend::getConcurrentStreamsCount() const
return false;
}
+bool DoHConnectionToBackend::isIdle() const
+{
+ return getConcurrentStreamsCount() == 0;
+}
+
const std::unordered_map<std::string, std::string> DoHConnectionToBackend::s_constants = {
{"method-name", ":method"},
{"method-value", "POST"},
thread_local time_t DownstreamDoHConnectionsManager::t_nextCleanup{0};
size_t DownstreamDoHConnectionsManager::s_maxCachedConnectionsPerDownstream{10};
uint16_t DownstreamDoHConnectionsManager::s_cleanupInterval{60};
+uint16_t DownstreamDoHConnectionsManager::s_maxIdleTime{300};
size_t DownstreamDoHConnectionsManager::clear()
{
struct timeval freshCutOff = now;
freshCutOff.tv_sec -= 1;
+ struct timeval idleCutOff = now;
+ idleCutOff.tv_sec -= s_maxIdleTime;
for (auto dsIt = t_downstreamConnections.begin(); dsIt != t_downstreamConnections.end();) {
for (auto connIt = dsIt->second.begin(); connIt != dsIt->second.end();) {
continue;
}
- if (isTCPSocketUsable((*connIt)->getHandle())) {
+ if ((*connIt)->isIdle() && (*connIt)->getLastDataReceivedTime() < idleCutOff) {
+ /* idle for too long */
+ connIt = dsIt->second.erase(connIt);
+ continue;
+ }
+
+ if ((*connIt)->isUsable()) {
++connIt;
}
else {
#endif /* HAVE_NGHTTP2 */
return got;
}
+
+void setDoHDownstreamCleanupInterval(uint16_t max)
+{
+ DownstreamDoHConnectionsManager::setCleanupInterval(max);
+}
+
+void setDoHDownstreamMaxIdleTime(uint16_t max)
+{
+ DownstreamDoHConnectionsManager::setMaxIdleTime(max);
+}
+
+void setDoHDownstreamMaxConnectionsPerBackend(size_t max)
+{
+ DownstreamDoHConnectionsManager::setMaxCachedConnectionsPerDownstream(max);
+}
bool sendH2Query(const std::shared_ptr<DownstreamState>& ds, std::unique_ptr<FDMultiplexer>& mplexer, std::shared_ptr<TCPQuerySender>& sender, InternalQuery&& query, bool healthCheck);
size_t handleH2Timeouts(FDMultiplexer& mplexer, const struct timeval& now);
size_t clearH2Connections();
+
+void setDoHDownstreamCleanupInterval(uint16_t max);
+void setDoHDownstreamMaxIdleTime(uint16_t max);
+void setDoHDownstreamMaxConnectionsPerBackend(size_t max);
void TCPConnectionToBackend::queueQuery(std::shared_ptr<TCPQuerySender>& sender, TCPQuery&& query)
{
- cerr<<"in "<<__PRETTY_FUNCTION__<<" for a query with a buffer of size "<<query.d_buffer.size()<<" and a proxy protocol payload size of "<<query.d_proxyProtocolPayload.size()<<" which has been added: "<<query.d_proxyProtocolPayloadAdded<<endl;
if (!d_ioState) {
d_ioState = make_unique<IOStateHandler>(*d_mplexer, d_handler->getDescriptor());
}
return entry;
}
- if (isTCPSocketUsable(entry->getHandle())) {
+ if (entry->isUsable()) {
++ds->tcpReusedConnections;
return entry;
}
struct timeval freshCutOff = now;
freshCutOff.tv_sec -= 1;
+ struct timeval idleCutOff = now;
+ idleCutOff.tv_sec -= s_maxIdleTime;
for (auto dsIt = t_downstreamConnections.begin(); dsIt != t_downstreamConnections.end(); ) {
for (auto connIt = dsIt->second.begin(); connIt != dsIt->second.end(); ) {
continue;
}
- if (isTCPSocketUsable((*connIt)->getHandle())) {
+ if ((*connIt)->isIdle() && (*connIt)->getLastDataReceivedTime() < idleCutOff) {
+ /* idle for too long */
+ connIt = dsIt->second.erase(connIt);
+ continue;
+ }
+
+ if ((*connIt)->isUsable()) {
++connIt;
}
else {
return count;
}
-void setMaxCachedTCPConnectionsPerDownstream(size_t max)
-{
- DownstreamConnectionsManager::setMaxCachedConnectionsPerDownstream(max);
-}
-
thread_local map<boost::uuids::uuid, std::deque<std::shared_ptr<TCPConnectionToBackend>>> DownstreamConnectionsManager::t_downstreamConnections;
thread_local time_t DownstreamConnectionsManager::t_nextCleanup{0};
size_t DownstreamConnectionsManager::s_maxCachedConnectionsPerDownstream{10};
uint16_t DownstreamConnectionsManager::s_cleanupInterval{60};
+uint16_t DownstreamConnectionsManager::s_maxIdleTime{300};
return d_handler->getDescriptor();
}
+ /* whether the underlying socket has been closed under our feet, basically */
+ bool isUsable() const
+ {
+ if (!d_handler) {
+ return false;
+ }
+
+ return d_handler->isUsable();
+ }
+
const std::shared_ptr<DownstreamState>& getDS() const
{
return d_ds;
virtual bool reachedMaxStreamID() const = 0;
virtual bool reachedMaxConcurrentQueries() const = 0;
+ virtual bool isIdle() const = 0;
virtual void release()
{
}
virtual ~TCPConnectionToBackend();
- bool isIdle() const
+ bool isIdle() const override
{
return d_state == State::idle && d_pendingQueries.size() == 0 && d_pendingResponses.size() == 0;
}
s_cleanupInterval = interval;
}
+ static void setMaxIdleTime(uint16_t max)
+ {
+ s_maxIdleTime = max;
+ }
+
private:
static thread_local map<boost::uuids::uuid, std::deque<std::shared_ptr<TCPConnectionToBackend>>> t_downstreamConnections;
static thread_local time_t t_nextCleanup;
static size_t s_maxCachedConnectionsPerDownstream;
static uint16_t s_cleanupInterval;
+ static uint16_t s_maxIdleTime;
};
Tuning related functions
========================
+.. function:: setDoHDownstreamCleanupInterval(interval)
+
+ .. versionadded:: 1.7.0
+
+ Set how often, in seconds, the outgoing DoH connections to backends of a given worker thread are scanned to expunge the ones that are no longer usable. The default is 60 so once per minute and per worker thread.
+ :param int interval: The interval in seconds.
+
+.. function:: setDoHDownstreamMaxIdleTime(max)
+
+ .. versionadded:: 1.7.0
+
+ Set how long, in seconds, an outgoing DoH connection to a backend might stay idle before being closed. The default is 300 so 5 minutes.
+
+ :param int max: The maximum time in seconds.
+
+.. function:: setMaxCachedDoHConnectionsPerDownstream(max)
+
+ .. versionadded:: 1.7.0
+
+ Set the maximum number of inactive DoH connections to a backend cached by each DoH worker thread. These connections can be reused when a new query comes in, instead of having to establish a new connection. dnsdist regularly checks whether the other end has closed any cached connection, closing them in that case.
+
+ :param int max: The maximum number of inactive connections to keep. Default is 10, so 10 connections per backend and per DoH worker thread.
+
.. function:: setMaxCachedTCPConnectionsPerDownstream(max)
.. versionadded:: 1.6.0
:param int num:
+.. function:: setTCPDownstreamCleanupInterval(interval)
+
+ .. versionadded:: 1.6.0
+
+ Set how often, in seconds, the outgoing TCP connections to backends of a given worker thread are scanned to expunge the ones that are no longer usable. The default is 60 so once per minute and per worker thread.
+
+ :param int interval: The interval in seconds.
+
+.. function:: setDoHDownstreamMaxIdleTime(max)
+
+ .. versionadded:: 1.7.0
+
+ Set how long, in seconds, an outgoing DoH connection to a backend might stay idle before being closed. The default is 300 so 5 minutes.
+
+ :param int max: The maximum time in seconds.
+
+
.. function:: setTCPInternalPipeBufferSize(size)
.. versionadded:: 1.6.0
return false;
}
+ bool isUsable() const override
+ {
+ return true;
+ }
+
std::string getServerNameIndication() const override
{
return "";
return false;
}
+ bool isUsable() const override
+ {
+ return true;
+ }
+
std::string getServerNameIndication() const override
{
return "";
return false;
}
+ bool isUsable() const override
+ {
+ if (!d_conn) {
+ return false;
+ }
+
+ char buf;
+ int res = SSL_peek(d_conn.get(), &buf, sizeof(buf));
+ if (res > 0) {
+ return true;
+ }
+ try {
+ convertIORequestToIOState(res);
+ return true;
+ }
+ catch (...) {
+ return false;
+ }
+
+ return false;
+ }
+
void close() override
{
if (d_conn) {
return false;
}
+ bool isUsable() const override
+ {
+ if (!d_conn) {
+ return false;
+ }
+
+ /* as far as I can tell we can't peek so we cannot do better */
+ return isTCPSocketUsable(d_socket);
+ }
+
std::string getServerNameIndication() const override
{
if (d_conn) {
virtual bool hasSessionBeenResumed() const = 0;
virtual std::vector<std::unique_ptr<TLSSession>> getSessions() = 0;
virtual void setSession(std::unique_ptr<TLSSession>& session) = 0;
+ virtual bool isUsable() const = 0;
virtual void close() = 0;
void setUnknownTicketKey()
return d_conn->getSessions();
}
+ bool isUsable() const
+ {
+ if (!d_conn) {
+ return isTCPSocketUsable(d_socket);
+ }
+ return d_conn->isUsable();
+ }
+
private:
std::unique_ptr<TLSConnection> d_conn{nullptr};
ComboAddress d_remote;
projects / thirdparty / pdns.git / commitdiff
