[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor] 03/03: relay: Reconfigure libevent options only on DNS params change
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main
in repository tor.
commit 7ce17c2b008dee04b209ac698e7a380eae63987e
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
AuthorDate: Tue Mar 15 15:33:35 2022 -0400
relay: Reconfigure libevent options only on DNS params change
Related #40312
Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
src/feature/relay/dns.c | 103 +++++++++++++++++++++++++++---------------------
1 file changed, 59 insertions(+), 44 deletions(-)
diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c
index 8467b9c0a4..0af80d52ae 100644
--- a/src/feature/relay/dns.c
+++ b/src/feature/relay/dns.c
@@ -111,6 +111,7 @@ static int answer_is_wildcarded(const char *ip);
static int evdns_err_is_transient(int err);
static void inform_pending_connections(cached_resolve_t *resolve);
static void make_pending_resolve_cached(cached_resolve_t *cached);
+static void configure_libevent_options(void);
#ifdef DEBUG_DNS_CACHE
static void assert_cache_ok_(void);
@@ -222,7 +223,7 @@ dns_new_consensus_params(const networkstatus_t *ns)
/* Consensus has parameters for the Exit relay DNS side and so we only reset
* the DNS nameservers if we are in server mode. */
if (server_mode(get_options())) {
- dns_reset();
+ configure_libevent_options();
}
}
@@ -1415,6 +1416,60 @@ get_consensus_param_exit_dns_attempts(void)
return str;
}
+/** Configure the libevent options. This can be called after initialization.
+ * This should never be called without the evdns base pointer initialized. */
+static void
+configure_libevent_options(void)
+{
+ if (BUG(!the_evdns_base)) {
+ return;
+ }
+
+#define SET(k,v) evdns_base_set_option(the_evdns_base, (k), (v))
+
+ // If we only have one nameserver, it does not make sense to back off
+ // from it for a timeout. Unfortunately, the value for max-timeouts is
+ // currently clamped by libevent to 255, but it does not hurt to set
+ // it higher in case libevent gets a patch for this. Higher-than-
+ // default maximum of 3 with multiple nameservers to avoid spuriously
+ // marking one down on bursts of timeouts resulting from scans/attacks
+ // against non-responding authoritative DNS servers.
+ if (evdns_base_count_nameservers(the_evdns_base) == 1) {
+ SET("max-timeouts:", "1000000");
+ } else {
+ SET("max-timeouts:", "10");
+ }
+
+ // Elongate the queue of maximum inflight dns requests, so if a bunch
+ // remain pending at the resolver (happens commonly with Unbound) we won't
+ // stall every other DNS request. This potentially means some wasted
+ // CPU as there's a walk over a linear queue involved, but this is a
+ // much better tradeoff compared to just failing DNS requests because
+ // of a full queue.
+ SET("max-inflight:", "8192");
+
+ /* Set timeout to be 1 second. This tells libevent that it shouldn't wait
+ * more than N second to drop a DNS query and consider it "timed out". It is
+ * very important to differentiate here a libevent timeout and a DNS server
+ * timeout. And so, by setting this to N second, libevent sends back
+ * "DNS_ERR_TIMEOUT" if that N second is reached which does NOT indicate that
+ * the query itself timed out in transit. */
+ SET("timeout:", get_consensus_param_exit_dns_timeout());
+
+ /* This tells libevent to attemps up to X times a DNS query if the previous
+ * one failed to complete within N second. We believe that this should be
+ * enough to catch temporary hiccups on the first query. But after that, it
+ * should signal us that it won't be able to resolve it. */
+ SET("attempts:", get_consensus_param_exit_dns_attempts());
+
+ if (get_options()->ServerDNSRandomizeCase)
+ SET("randomize-case:", "1");
+ else
+ SET("randomize-case:", "0");
+
+#undef SET
+}
+
/** Configure eventdns nameservers if force is true, or if the configuration
* has changed since the last time we called this function, or if we failed on
* our last attempt. On Unix, this reads from /etc/resolv.conf or
@@ -1528,50 +1583,10 @@ configure_nameservers(int force)
}
#endif /* defined(_WIN32) */
-#define SET(k,v) evdns_base_set_option(the_evdns_base, (k), (v))
-
- // If we only have one nameserver, it does not make sense to back off
- // from it for a timeout. Unfortunately, the value for max-timeouts is
- // currently clamped by libevent to 255, but it does not hurt to set
- // it higher in case libevent gets a patch for this. Higher-than-
- // default maximum of 3 with multiple nameservers to avoid spuriously
- // marking one down on bursts of timeouts resulting from scans/attacks
- // against non-responding authoritative DNS servers.
- if (evdns_base_count_nameservers(the_evdns_base) == 1) {
- SET("max-timeouts:", "1000000");
- } else {
- SET("max-timeouts:", "10");
- }
-
- // Elongate the queue of maximum inflight dns requests, so if a bunch
- // remain pending at the resolver (happens commonly with Unbound) we won't
- // stall every other DNS request. This potentially means some wasted
- // CPU as there's a walk over a linear queue involved, but this is a
- // much better tradeoff compared to just failing DNS requests because
- // of a full queue.
- SET("max-inflight:", "8192");
-
- /* Set timeout to be 1 second. This tells libevent that it shouldn't wait
- * more than N second to drop a DNS query and consider it "timed out". It is
- * very important to differentiate here a libevent timeout and a DNS server
- * timeout. And so, by setting this to N second, libevent sends back
- * "DNS_ERR_TIMEOUT" if that N second is reached which does NOT indicate that
- * the query itself timed out in transit. */
- SET("timeout:", get_consensus_param_exit_dns_timeout());
-
- /* This tells libevent to attemps up to X times a DNS query if the previous
- * one failed to complete within N second. We believe that this should be
- * enough to catch temporary hiccups on the first query. But after that, it
- * should signal us that it won't be able to resolve it. */
- SET("attempts:", get_consensus_param_exit_dns_attempts());
-
- if (options->ServerDNSRandomizeCase)
- SET("randomize-case:", "1");
- else
- SET("randomize-case:", "0");
-
-#undef SET
+ /* Setup libevent options. */
+ configure_libevent_options();
+ /* Relaunch periodical DNS check event. */
dns_servers_relaunch_checks();
nameservers_configured = 1;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits