From: W.C.A. Wijngaards Date: Fri, 3 Jul 2026 12:03:15 +0000 (+0200) Subject: - auth-load-thread, auth-task-threads: num config option that enables and X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0a5cde80f1b62c93c4fc9f8efa2718ce99ab43d6;p=thirdparty%2Funbound.git - auth-load-thread, auth-task-threads: num config option that enables and disables the auth load thread. --- diff --git a/daemon/remote.c b/daemon/remote.c index ba3d8f6ab..66aad5e6f 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -6173,6 +6173,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg, COPY_VAR_ptr(acls); COPY_VAR_int(donotquery_localhost); COPY_VAR_ptr(tcp_connection_limits); + COPY_VAR_int(auth_task_threads); COPY_VAR_int(harden_short_bufsize); COPY_VAR_int(harden_large_queries); COPY_VAR_int(harden_glue); diff --git a/services/authzone.c b/services/authzone.c index 12f5b220c..4d4294ae7 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -6387,7 +6387,7 @@ static void process_list_end_transfer(struct auth_xfer* xfr, struct module_env* env) { int ixfr_fail = 0; - if(1 /* auth load enabled: max-auth-load-threads > 0 */ ) { + if(env->cfg->auth_task_threads != 0 /* auth load enabled */ ) { /* Create auth load thread task to process the data. */ if(auth_load_add_task_xfr(xfr, env->worker)) { /* Task is created, wait for it to be done. The worker diff --git a/testcode/testbound.c b/testcode/testbound.c index 063037df4..dbdb2b319 100644 --- a/testcode/testbound.c +++ b/testcode/testbound.c @@ -264,6 +264,9 @@ setup_config(FILE* in, int* lineno, int* pass_argc, char* pass_argv[]) fprintf(cfg, " pidfile: \"\"\n"); fprintf(cfg, " val-log-level: 2\n"); fprintf(cfg, " log-servfail: yes\n"); + /* the extra thread needs pipe communication that is not available + * from fake_event calls. So auth-task-threads: 0 disables them. */ + fprintf(cfg, " auth-task-threads: 0\n"); fprintf(cfg, "remote-control: control-enable: no\n"); while(fgets(line, MAX_LINE_LEN-1, in)) { parse = line; diff --git a/testdata/auth_load.tdir/auth_load.conf b/testdata/auth_load.tdir/auth_load.conf index a3be0c0b9..3a93cddf1 100644 --- a/testdata/auth_load.tdir/auth_load.conf +++ b/testdata/auth_load.tdir/auth_load.conf @@ -9,6 +9,7 @@ server: chroot: "" username: "" do-not-query-localhost: no + auth-task-threads: 1 auth-zone: name: "example.com" for-upstream: yes diff --git a/util/config_file.c b/util/config_file.c index ab209a818..e4a2f681e 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -243,6 +243,7 @@ config_create(void) cfg->views = NULL; cfg->acls = NULL; cfg->tcp_connection_limits = NULL; + cfg->auth_task_threads = 0; cfg->harden_short_bufsize = 1; cfg->harden_large_queries = 0; cfg->harden_glue = 1; @@ -457,6 +458,7 @@ struct config_file* config_create_forlib(void) cfg->neg_cache_size = 100 * 1024; cfg->donotquery_localhost = 0; /* allow, so that you can ask a forward nameserver running on localhost */ + cfg->auth_task_threads = 0; /* no extra threads to spawn in library */ cfg->val_log_level = 2; /* to fill why_bogus with */ cfg->val_log_squelch = 1; cfg->minimal_responses = 0; @@ -742,6 +744,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_SIZET_OR_ZERO("unwanted-reply-threshold:", unwanted_threshold) else S_STRLIST("private-address:", private_address) else S_STRLIST("private-domain:", private_domain) + else S_NUMBER_OR_ZERO("auth-task-threads:", auth_task_threads) else S_YNO("do-not-query-localhost:", donotquery_localhost) else S_STRLIST("do-not-query-address:", donotqueryaddrs) else S_STRLIST("auto-trust-anchor-file:", auto_trust_anchor_file_list) @@ -1284,6 +1287,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LST(opt, "root-hints", root_hints) else O_LS2(opt, "access-control", acls) else O_LS2(opt, "tcp-connection-limit", tcp_connection_limits) + else O_DEC(opt, "auth-task-threads", auth_task_threads) else O_LST(opt, "do-not-query-address", donotqueryaddrs) else O_LST(opt, "private-address", private_address) else O_LST(opt, "private-domain", private_domain) diff --git a/util/config_file.h b/util/config_file.h index c2b45759f..0a41563ba 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -291,6 +291,8 @@ struct config_file { /** list of tcp connection limitss, linked list */ struct config_str2list* tcp_connection_limits; + /** auth task threads, or 0 disabled. */ + int auth_task_threads; /** harden against very small edns buffer sizes */ int harden_short_bufsize; diff --git a/util/configlexer.lex b/util/configlexer.lex index 196575bdb..4881d760f 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -595,6 +595,7 @@ name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) } name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) } udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } +auth-task-threads{COLON} { YDVAR(1, VAR_AUTH_TASK_THREADS) } answer-cookie{COLON} { YDVAR(1, VAR_ANSWER_COOKIE ) } cookie-secret{COLON} { YDVAR(1, VAR_COOKIE_SECRET) } cookie-secret-file{COLON} { YDVAR(1, VAR_COOKIE_SECRET_FILE) } diff --git a/util/configparser.y b/util/configparser.y index 9e1cd611b..bc217c765 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -193,6 +193,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT +%token VAR_AUTH_TASK_THREADS %token VAR_ANSWER_COOKIE VAR_COOKIE_SECRET VAR_IP_RATELIMIT_COOKIE %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY @@ -343,6 +344,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_tls_cert_bundle | server_tls_additional_port | server_low_rtt | server_fast_server_permil | server_fast_server_num | server_tls_win_cert | server_tcp_connection_limit | server_log_servfail | server_deny_any | + server_auth_task_threads | server_unknown_server_time_limit | server_log_tag_queryreply | server_discard_timeout | server_wait_limit | server_wait_limit_cookie | server_wait_limit_netblock | server_wait_limit_cookie_netblock | @@ -4234,6 +4236,15 @@ server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG } } ; +server_auth_task_threads: VAR_AUTH_TASK_THREADS STRING_ARG + { + OUTYY(("P(server_auth_task_threads:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->auth_task_threads = atoi($2); + free($2); + } + ; server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG { OUTYY(("P(server_answer_cookie:%s)\n", $2));