size_t total = numthread * perthread + misc;
size_t avail;
struct rlimit rlim;
+ size_t memsize_expect = cfg->msg_cache_size + cfg->rrset_cache_size
+ + (cfg->do_tcp?cfg->stream_wait_size:0)
+ + (cfg->ip_ratelimit?cfg->ip_ratelimit_size:0)
+ + (cfg->ratelimit?cfg->ratelimit_size:0)
+ + (cfg->dnscrypt?cfg->dnscrypt_shared_secret_cache_size + cfg->dnscrypt_nonce_cache_size:0)
+ + cfg->infra_cache_numhosts * (sizeof(struct infra_key)+sizeof(struct infra_data));
+ if(strstr(cfg->module_conf, "validator") && (cfg->trust_anchor_file_list || cfg->trust_anchor_list || cfg->auto_trust_anchor_file_list || cfg->trusted_keys_file_list)) {
+ memsize_expect += cfg->key_cache_size + cfg->neg_cache_size;
+ }
+#ifdef HAVE_NGHTTP2_NGHTTP2_H
+ if(cfg_has_https(cfg)) {
+ memsize_expect += cfg->http_query_buffer_size + cfg->http_response_buffer_size;
+ }
+#endif
+
+ if(getrlimit(RLIMIT_AS, &rlim) == 0) {
+ if(rlim.rlim_cur != (rlim_t)RLIM_INFINITY &&
+ rlim.rlim_cur < (rlim_t)memsize_expect) {
+ log_warn("the ulimit(max memory size) is smaller than the expected memory usage (added size of caches). %u < %u bytes", (unsigned)rlim.rlim_cur, (unsigned)memsize_expect);
+ }
+ }
+ if(getrlimit(RLIMIT_DATA, &rlim) == 0) {
+ if(rlim.rlim_cur != (rlim_t)RLIM_INFINITY &&
+ rlim.rlim_cur < memsize_expect) {
+ log_warn("the ulimit(data seg size) is smaller than the expected memory usage (added size of caches). %u < %u bytes", (unsigned)rlim.rlim_cur, (unsigned)memsize_expect);
+ }
+ }
if(total > 1024 &&
strncmp(ub_event_get_version(), "mini-event", 10) == 0) {
- ipsecmod: Better logging for detecting a cycle when attaching the
A/AAAA subquery.
+24 February 2021: Wouter
+ - On startup of unbound it checks if rlimits on memory size look
+ sufficient for the configured cache size, and logs warning if not.
+
23 February 2021: Wouter
- Fix for zonemd, that domain-insecure zones work without dnssec.
- Fix for zonemd, do not reject insecure result from trust anchor
return 0;
}
+/** see if config contains https turned on */
+int cfg_has_https(struct config_file* cfg)
+{
+ int i;
+ char portbuf[32];
+ snprintf(portbuf, sizeof(portbuf), "%d", cfg->port);
+ for(i = 0; i<cfg->num_ifs; i++) {
+ if(if_is_https(cfg->ifs[i], portbuf, cfg->https_port))
+ return 1;
+ }
+ return 0;
+}
+
/**
* Helper for ports_open. Creates one interface (or NULL for default).
* @param ifname: The interface ip address.
int resolve_interface_names(struct config_file* cfg, char*** resif,
int* num_resif);
+/**
+ * Return true if the config contains settinsg that enable https.
+ * @return true if https ports are used for server.
+ */
+int cfg_has_https(struct config_file* cfg);
+
/**
* Create commpoints with for this thread for the shared ports.
* @param base: the comm_base that provides event functionality.
projects / thirdparty / unbound.git / commitdiff
