From: Wouter Wijngaards Date: Wed, 2 May 2018 06:36:02 +0000 (+0000) Subject: - Fix fail to reject dead peers in forward-zone, with ssl-upstream. X-Git-Tag: release-1.7.2rc1~34 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=6fefbb411561b13b7735a42e243821d695bc4a04;p=thirdparty%2Funbound.git - Fix fail to reject dead peers in forward-zone, with ssl-upstream. git-svn-id: file:///svn/unbound/trunk@4670 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index ac8c00c9c..336d8b111 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +2 May 2018: Wouter + - Fix fail to reject dead peers in forward-zone, with ssl-upstream. + 1 May 2018: Wouter - Fix that unbound-control reload frees the rrset keys and returns the memory pages to the system. diff --git a/services/outside_network.c b/services/outside_network.c index 63dfe4961..54970c174 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -1301,8 +1301,8 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, w->ssl_upstream = sq->ssl_upstream; w->tls_auth_name = sq->tls_auth_name; #ifndef S_SPLINT_S - tv.tv_sec = timeout; - tv.tv_usec = 0; + tv.tv_sec = timeout/1000; + tv.tv_usec = (timeout%1000)*1000; #endif comm_timer_set(w->timer, &tv); if(pend) { @@ -1812,7 +1812,12 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error, } if(sq->tcp_upstream || sq->ssl_upstream) { struct timeval now = *sq->outnet->now_tv; - if(now.tv_sec > sq->last_sent_time.tv_sec || + if(error==NETEVENT_TIMEOUT) { + if(!infra_rtt_update(sq->outnet->infra, &sq->addr, + sq->addrlen, sq->zone, sq->zonelen, sq->qtype, + -1, sq->last_rtt, (time_t)now.tv_sec)) + log_err("out of memory in TCP exponential backoff."); + } else if(now.tv_sec > sq->last_sent_time.tv_sec || (now.tv_sec == sq->last_sent_time.tv_sec && now.tv_usec > sq->last_sent_time.tv_usec)) { /* convert from microseconds to milliseconds */ @@ -1822,7 +1827,7 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error, log_assert(roundtime >= 0); /* only store if less then AUTH_TIMEOUT seconds, it could be * huge due to system-hibernated and we woke up */ - if(roundtime < TCP_AUTH_QUERY_TIMEOUT*1000) { + if(roundtime < 60000) { if(!infra_rtt_update(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone, sq->zonelen, sq->qtype, roundtime, sq->last_rtt, (time_t)now.tv_sec)) @@ -1863,18 +1868,26 @@ serviced_tcp_initiate(struct serviced_query* sq, sldns_buffer* buff) static int serviced_tcp_send(struct serviced_query* sq, sldns_buffer* buff) { - int vs, rtt; + int vs, rtt, timeout; uint8_t edns_lame_known; if(!infra_host(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone, sq->zonelen, *sq->outnet->now_secs, &vs, &edns_lame_known, &rtt)) return 0; + sq->last_rtt = rtt; if(vs != -1) sq->status = serviced_query_TCP_EDNS; else sq->status = serviced_query_TCP; serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS); sq->last_sent_time = *sq->outnet->now_tv; - sq->pending = pending_tcp_query(sq, buff, TCP_AUTH_QUERY_TIMEOUT, + if(sq->tcp_upstream || sq->ssl_upstream) { + timeout = rtt; + if(rtt >= 376 && rtt < TCP_AUTH_QUERY_TIMEOUT) + timeout = TCP_AUTH_QUERY_TIMEOUT; + } else { + timeout = TCP_AUTH_QUERY_TIMEOUT; + } + sq->pending = pending_tcp_query(sq, buff, timeout, serviced_tcp_callback, sq); return sq->pending != NULL; } diff --git a/services/outside_network.h b/services/outside_network.h index 105f76513..01a307417 100644 --- a/services/outside_network.h +++ b/services/outside_network.h @@ -376,7 +376,7 @@ struct serviced_query { int retry; /** time last UDP was sent */ struct timeval last_sent_time; - /** rtt of last (UDP) message */ + /** rtt of last message */ int last_rtt; /** do we know edns probe status already, for UDP_EDNS queries */ int edns_lame_known; @@ -456,7 +456,7 @@ struct pending* pending_udp_query(struct serviced_query* sq, * checks id. * @param sq: serviced query. * @param packet: wireformat query to send to destination. copied from. - * @param timeout: in seconds from now. + * @param timeout: in milliseconds from now. * Timer starts running now. Timer may expire if all buffers are used, * without any query been sent to the server yet. * @param callback: function to call on error, timeout or reply. diff --git a/testcode/fake_event.c b/testcode/fake_event.c index 860e2e81e..80e3685c0 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -1125,7 +1125,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, pend->addrlen = sq->addrlen; pend->callback = callback; pend->cb_arg = callback_arg; - pend->timeout = timeout; + pend->timeout = timeout/1000; pend->transport = transport_tcp; pend->pkt = NULL; pend->zone = NULL; @@ -1218,7 +1218,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, log_assert(pend->zone); pend->callback = callback; pend->cb_arg = callback_arg; - pend->timeout = UDP_AUTH_QUERY_TIMEOUT; + pend->timeout = UDP_AUTH_QUERY_TIMEOUT/1000; pend->transport = transport_udp; /* pretend UDP */ pend->pkt = NULL; pend->runtime = runtime; @@ -1757,7 +1757,7 @@ int comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, } pend->callback = fc->cb; pend->cb_arg = fc->cb_arg; - pend->timeout = UDP_AUTH_QUERY_TIMEOUT; + pend->timeout = UDP_AUTH_QUERY_TIMEOUT/1000; pend->transport = transport_udp; pend->pkt = NULL; pend->runtime = runtime; diff --git a/util/net_help.h b/util/net_help.h index 5e0d3a629..1ecb13999 100644 --- a/util/net_help.h +++ b/util/net_help.h @@ -73,10 +73,10 @@ struct regional; /** set RCODE bits in uint16 flags */ #define FLAGS_SET_RCODE(f, r) (f = (((f) & 0xfff0) | (r))) -/** timeout in seconds for UDP queries to auth servers. */ -#define UDP_AUTH_QUERY_TIMEOUT 4 -/** timeout in seconds for TCP queries to auth servers. */ -#define TCP_AUTH_QUERY_TIMEOUT 30 +/** timeout in milliseconds for UDP queries to auth servers. */ +#define UDP_AUTH_QUERY_TIMEOUT 3000 +/** timeout in milliseconds for TCP queries to auth servers. */ +#define TCP_AUTH_QUERY_TIMEOUT 3000 /** Advertised version of EDNS capabilities */ #define EDNS_ADVERTISED_VERSION 0 /** Advertised size of EDNS capabilities */