git.ipfire.org Git - thirdparty/bind9.git/commit

author	Evan Hunt <each@isc.org>
	Wed, 6 Feb 2019 19:26:36 +0000 (11:26 -0800)
committer	Ondřej Surý <ondrej@sury.org>
	Thu, 25 Apr 2019 15:02:43 +0000 (17:02 +0200)
commit	8141be26334458da0086c4ddd6a791da912e85f5
tree	a022d39b1ac5aecd39ac2750d689fc108e0c3aa5	tree \| snapshot
parent	42f65ae3416c7e4b6ea7974ff05c857170ba3505	commit \| diff

better tcpquota accounting and client mortality checks

- ensure that tcpactive is cleaned up correctly when accept() fails.
- set 'client->tcpattached' when the client is attached to the tcpquota.
  carry this value on to new clients sharing the same pipeline group.
  don't call isc_quota_detach() on the tcpquota unless tcpattached is
  set.  this way clients that were allowed to accept TCP connections
  despite being over quota (and therefore, were never attached to the
  quota) will not inadvertently detach from it and mess up the
  accounting.
- simplify the code for tcpquota disconnection by using a new function
  tcpquota_disconnect().
- before deciding whether to reject a new connection due to quota
  exhaustion, check to see whether there are at least two active
  clients. previously, this was "at least one", but that could be
  insufficient if there was one other client in READING state (waiting
  for messages on an open connection) but none in READY (listening
  for new connections).
- before deciding whether a TCP client object can to go inactive, we
  must ensure there are enough other clients to maintain service
  afterward -- both accepting new connections and reading/processing new
  queries.  A TCP client can't shut down unless at least one
  client is accepting new connections and (in the case of pipelined
  clients) at least one additional client is waiting to read.

(cherry picked from commit c7394738b2445c16f728a88394864dd61baad900)
(cherry picked from commit 7d6518aa9c3577e1ae79e8e1358e3215a70780b3)

lib/ns/client.c		diff \| blob \| blame \| history
lib/ns/include/ns/client.h		diff \| blob \| blame \| history