]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
- auth-load-thread, auth-task-threads: num config option that enables and
authorW.C.A. Wijngaards <wouter@nlnetlabs.nl>
Fri, 3 Jul 2026 12:03:15 +0000 (14:03 +0200)
committerW.C.A. Wijngaards <wouter@nlnetlabs.nl>
Fri, 3 Jul 2026 12:03:15 +0000 (14:03 +0200)
  disables the auth load thread.

daemon/remote.c
services/authzone.c
testcode/testbound.c
testdata/auth_load.tdir/auth_load.conf
util/config_file.c
util/config_file.h
util/configlexer.lex
util/configparser.y

index ba3d8f6ab6fbb3118cebbac65b147faff6efd8fe..66aad5e6f8c400e5c34310be577f5c9cc62dd5cb 100644 (file)
@@ -6173,6 +6173,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg,
        COPY_VAR_ptr(acls);
        COPY_VAR_int(donotquery_localhost);
        COPY_VAR_ptr(tcp_connection_limits);
+       COPY_VAR_int(auth_task_threads);
        COPY_VAR_int(harden_short_bufsize);
        COPY_VAR_int(harden_large_queries);
        COPY_VAR_int(harden_glue);
index 12f5b220c17fdc553ab0f7aff65b0499ae96ccc0..4d4294ae7c0d5a192bc31fc91222a8bc151f0e15 100644 (file)
@@ -6387,7 +6387,7 @@ static void
 process_list_end_transfer(struct auth_xfer* xfr, struct module_env* env)
 {
        int ixfr_fail = 0;
-       if(1 /* auth load enabled: max-auth-load-threads > 0 */ ) {
+       if(env->cfg->auth_task_threads != 0 /* auth load enabled */ ) {
                /* Create auth load thread task to process the data. */
                if(auth_load_add_task_xfr(xfr, env->worker)) {
                        /* Task is created, wait for it to be done. The worker
index 063037df4e8047bafe106a65a044a20f58fc2339..dbdb2b319196e491d4a2ff1e84be74735ddd2b88 100644 (file)
@@ -264,6 +264,9 @@ setup_config(FILE* in, int* lineno, int* pass_argc, char* pass_argv[])
        fprintf(cfg, "          pidfile: \"\"\n");
        fprintf(cfg, "          val-log-level: 2\n");
        fprintf(cfg, "          log-servfail: yes\n");
+       /* the extra thread needs pipe communication that is not available
+        * from fake_event calls. So auth-task-threads: 0 disables them. */
+       fprintf(cfg, "          auth-task-threads: 0\n");
        fprintf(cfg, "remote-control:   control-enable: no\n");
        while(fgets(line, MAX_LINE_LEN-1, in)) {
                parse = line;
index a3be0c0b957f3e3648c28275a4abba703f7fd152..3a93cddf10719ef2ad5ae32b7379533b4825ada6 100644 (file)
@@ -9,6 +9,7 @@ server:
        chroot: ""
        username: ""
        do-not-query-localhost: no
+       auth-task-threads: 1
 auth-zone:
        name: "example.com"
        for-upstream: yes
index ab209a818e315e414d53d8a045c682fb15810d8c..e4a2f681e42e30bb70388f7879c0a2872b782d3f 100644 (file)
@@ -243,6 +243,7 @@ config_create(void)
        cfg->views = NULL;
        cfg->acls = NULL;
        cfg->tcp_connection_limits = NULL;
+       cfg->auth_task_threads = 0;
        cfg->harden_short_bufsize = 1;
        cfg->harden_large_queries = 0;
        cfg->harden_glue = 1;
@@ -457,6 +458,7 @@ struct config_file* config_create_forlib(void)
        cfg->neg_cache_size = 100 * 1024;
        cfg->donotquery_localhost = 0; /* allow, so that you can ask a
                forward nameserver running on localhost */
+       cfg->auth_task_threads = 0; /* no extra threads to spawn in library */
        cfg->val_log_level = 2; /* to fill why_bogus with */
        cfg->val_log_squelch = 1;
        cfg->minimal_responses = 0;
@@ -742,6 +744,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
        else S_SIZET_OR_ZERO("unwanted-reply-threshold:", unwanted_threshold)
        else S_STRLIST("private-address:", private_address)
        else S_STRLIST("private-domain:", private_domain)
+       else S_NUMBER_OR_ZERO("auth-task-threads:", auth_task_threads)
        else S_YNO("do-not-query-localhost:", donotquery_localhost)
        else S_STRLIST("do-not-query-address:", donotqueryaddrs)
        else S_STRLIST("auto-trust-anchor-file:", auto_trust_anchor_file_list)
@@ -1284,6 +1287,7 @@ config_get_option(struct config_file* cfg, const char* opt,
        else O_LST(opt, "root-hints", root_hints)
        else O_LS2(opt, "access-control", acls)
        else O_LS2(opt, "tcp-connection-limit", tcp_connection_limits)
+       else O_DEC(opt, "auth-task-threads", auth_task_threads)
        else O_LST(opt, "do-not-query-address", donotqueryaddrs)
        else O_LST(opt, "private-address", private_address)
        else O_LST(opt, "private-domain", private_domain)
index c2b45759f8e54cc88e2e51e89ab6c0dd7ad10254..0a41563bad676ff4bbae74c49b56d6d7ccffc46b 100644 (file)
@@ -291,6 +291,8 @@ struct config_file {
 
        /** list of tcp connection limitss, linked list */
        struct config_str2list* tcp_connection_limits;
+       /** auth task threads, or 0 disabled. */
+       int auth_task_threads;
 
        /** harden against very small edns buffer sizes */
        int harden_short_bufsize;
index 196575bdb8a5e0382a8ffa644ad7938406d758b0..4881d760f2cfc526ecac5a90d8bc191f5c01b90d 100644 (file)
@@ -595,6 +595,7 @@ name-v4{COLON}                      { YDVAR(1, VAR_IPSET_NAME_V4) }
 name-v6{COLON}                 { YDVAR(1, VAR_IPSET_NAME_V6) }
 udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) }
 tcp-connection-limit{COLON}    { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) }
+auth-task-threads{COLON}       { YDVAR(1, VAR_AUTH_TASK_THREADS) }
 answer-cookie{COLON}           { YDVAR(1, VAR_ANSWER_COOKIE ) }
 cookie-secret{COLON}           { YDVAR(1, VAR_COOKIE_SECRET) }
 cookie-secret-file{COLON}      { YDVAR(1, VAR_COOKIE_SECRET_FILE) }
index 9e1cd611b79c83d54b91282d859de68e02dad1c4..bc217c76550dccbfb4e8360dda085db118bc1d7c 100644 (file)
@@ -193,6 +193,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
 %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM
 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT
+%token VAR_AUTH_TASK_THREADS
 %token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE
 %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY
 %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY
@@ -343,6 +344,7 @@ content_server: server_num_threads | server_verbosity | server_port |
        server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
        server_fast_server_permil | server_fast_server_num  | server_tls_win_cert |
        server_tcp_connection_limit | server_log_servfail | server_deny_any |
+       server_auth_task_threads |
        server_unknown_server_time_limit | server_log_tag_queryreply |
        server_discard_timeout | server_wait_limit | server_wait_limit_cookie |
        server_wait_limit_netblock | server_wait_limit_cookie_netblock |
@@ -4234,6 +4236,15 @@ server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG
                }
        }
        ;
+server_auth_task_threads: VAR_AUTH_TASK_THREADS STRING_ARG
+       {
+               OUTYY(("P(server_auth_task_threads:%s)\n", $2));
+               if(atoi($2) == 0 && strcmp($2, "0") != 0)
+                       yyerror("number expected");
+               else cfg_parser->cfg->auth_task_threads = atoi($2);
+               free($2);
+       }
+       ;
 server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG
        {
                OUTYY(("P(server_answer_cookie:%s)\n", $2));