From: Yorgos Thessalonikefs Date: Mon, 17 Feb 2025 14:21:18 +0000 (+0100) Subject: - Consider reconfigurations when calculating the still_useful_timeout X-Git-Tag: release-1.23.0rc1~50 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=72828ff81c4fad197a5b4ec7db3b4f649bccbbb9;p=thirdparty%2Funbound.git - Consider reconfigurations when calculating the still_useful_timeout for servers in the infrastructure cache. --- diff --git a/doc/Changelog b/doc/Changelog index b33dfa8e8..e4d8aada0 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +17 February 2025: Yorgos + - Consider reconfigurations when calculating the still_useful_timeout + for servers in the infrastructure cache. + 30 January 2025: Wouter - Fix #986: Resolving sas.com with dnssec-validation fails though signed delegations seem to be (mostly) correct. diff --git a/services/cache/infra.c b/services/cache/infra.c index bb3ee87e9..0ed3c297b 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -60,16 +60,6 @@ * can do this number of packets (until those all timeout too) */ #define TIMEOUT_COUNT_MAX 3 -/** Minus 1000 because that is outside of the RTTBAND, so - * blacklisted servers stay blacklisted if this is chosen. - * If USEFUL_SERVER_TOP_TIMEOUT is below 1000 (configured via RTT_MAX_TIMEOUT, - * infra-cache-max-rtt) change it to just above the RTT_BAND. */ -#define STILL_USEFUL_TIMEOUT ( \ - USEFUL_SERVER_TOP_TIMEOUT < 1000 || \ - USEFUL_SERVER_TOP_TIMEOUT - 1000 <= RTT_BAND \ - ?RTT_BAND + 1 \ - :USEFUL_SERVER_TOP_TIMEOUT - 1000) - /** ratelimit value for delegation point */ int infra_dp_ratelimit = 0; @@ -82,6 +72,19 @@ int infra_ip_ratelimit = 0; * For clients with a valid DNS Cookie. */ int infra_ip_ratelimit_cookie = 0; +/** Minus 1000 because that is outside of the RTTBAND, so + * blacklisted servers stay blacklisted if this is chosen. + * If USEFUL_SERVER_TOP_TIMEOUT is below 1000 (configured via RTT_MAX_TIMEOUT, + * infra-cache-max-rtt) change it to just above the RTT_BAND. */ +static int still_useful_timeout() +{ + return + USEFUL_SERVER_TOP_TIMEOUT < 1000 || + USEFUL_SERVER_TOP_TIMEOUT - 1000 <= RTT_BAND + ?RTT_BAND + 1 + :USEFUL_SERVER_TOP_TIMEOUT - 1000; +} + size_t infra_sizefunc(void* k, void* ATTR_UNUSED(d)) { @@ -668,7 +671,7 @@ infra_update_tcp_works(struct infra_cache* infra, if(data->rtt.rto >= RTT_MAX_TIMEOUT) /* do not disqualify this server altogether, it is better * than nothing */ - data->rtt.rto = STILL_USEFUL_TIMEOUT; + data->rtt.rto = still_useful_timeout(); lock_rw_unlock(&e->lock); } @@ -808,7 +811,7 @@ infra_get_lame_rtt(struct infra_cache* infra, && infra->infra_keep_probing) { /* single probe, keep probing */ if(*rtt >= USEFUL_SERVER_TOP_TIMEOUT) - *rtt = STILL_USEFUL_TIMEOUT; + *rtt = still_useful_timeout(); } else if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay && rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) { /* single probe for this domain, and we are not probing */ @@ -816,15 +819,15 @@ infra_get_lame_rtt(struct infra_cache* infra, if(qtype == LDNS_RR_TYPE_A) { if(host->timeout_A >= TIMEOUT_COUNT_MAX) *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = STILL_USEFUL_TIMEOUT; + else *rtt = still_useful_timeout(); } else if(qtype == LDNS_RR_TYPE_AAAA) { if(host->timeout_AAAA >= TIMEOUT_COUNT_MAX) *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = STILL_USEFUL_TIMEOUT; + else *rtt = still_useful_timeout(); } else { if(host->timeout_other >= TIMEOUT_COUNT_MAX) *rtt = USEFUL_SERVER_TOP_TIMEOUT; - else *rtt = STILL_USEFUL_TIMEOUT; + else *rtt = still_useful_timeout(); } } /* expired entry */ @@ -832,7 +835,7 @@ infra_get_lame_rtt(struct infra_cache* infra, /* see if this can be a re-probe of an unresponsive server */ if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) { lock_rw_unlock(&e->lock); - *rtt = STILL_USEFUL_TIMEOUT; + *rtt = still_useful_timeout(); *lame = 0; *dnsseclame = 0; *reclame = 0;