From: Bert Hubert Date: Thu, 3 Feb 2011 15:07:11 +0000 (+0000) Subject: make our keyenginecache per-thread, so we don't get two threads trying to use the... X-Git-Tag: auth-3.0~278 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=631580dd25b70bfdeda780c4a3b3ae1d34ba188f;p=pdns make our keyenginecache per-thread, so we don't get two threads trying to use the same engine at the same time compile the signingpipe into pdnssec as well git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1969 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- diff --git a/pdns/Makefile.am b/pdns/Makefile.am index 2bfdc2673..210fe1e80 100644 --- a/pdns/Makefile.am +++ b/pdns/Makefile.am @@ -71,7 +71,8 @@ pdnssec_SOURCES=pdnssec.cc dbdnsseckeeper.cc sstuff.hh dnsparser.cc dnsparser.hh backends/bind/bindparser.cc backends/bind/bindlexer.c \ backends/gsql/gsqlbackend.cc \ backends/gsql/gsqlbackend.hh backends/gsql/ssql.hh zoneparser-tng.cc \ - dynlistener.cc dns.cc randombackend.cc dnssecsigner.cc polarrsakeyinfra.cc md5.cc + dynlistener.cc dns.cc randombackend.cc dnssecsigner.cc polarrsakeyinfra.cc md5.cc \ + signingpipe.cc pdnssec_LDFLAGS=@moduleobjects@ @modulelibs@ @DYNLINKFLAGS@ @LIBDL@ @THREADFLAGS@ -Lext/polarssl/library/ $(BOOST_PROGRAM_OPTIONS_LDFLAGS) pdnssec_LDADD= -lpolarssl $(BOOST_PROGRAM_OPTIONS_LIBS) diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc index 3f3ad7c27..f4519781e 100644 --- a/pdns/dbdnsseckeeper.cc +++ b/pdns/dbdnsseckeeper.cc @@ -35,28 +35,26 @@ using namespace boost::assign; using namespace std; using namespace boost; -DNSSECKeeper::keycache_t DNSSECKeeper::s_keycache; +__thread DNSSECKeeper::keycache_t* DNSSECKeeper::t_keycache; DNSSECKeeper::metacache_t DNSSECKeeper::s_metacache; pthread_mutex_t DNSSECKeeper::s_metacachelock = PTHREAD_MUTEX_INITIALIZER; -pthread_mutex_t DNSSECKeeper::s_keycachelock = PTHREAD_MUTEX_INITIALIZER; bool DNSSECKeeper::isSecuredZone(const std::string& zone) { if(isPresigned(zone)) return true; - { - Lock l(&s_keycachelock); - keycache_t::const_iterator iter = s_keycache.find(zone); - if(iter != s_keycache.end() && iter->d_ttd > (unsigned int)time(0)) { - if(iter->d_keys.empty()) - return false; - else - return true; - } + + keycache_t::const_iterator iter = t_keycache->find(zone); + if(iter != t_keycache->end() && iter->d_ttd > (unsigned int)time(0)) { + if(iter->d_keys.empty()) + return false; else - ; + return true; } + else + ; + keyset_t keys = getKeys(zone, true); BOOST_FOREACH(keyset_t::value_type& val, keys) { @@ -70,7 +68,7 @@ bool DNSSECKeeper::isSecuredZone(const std::string& zone) bool DNSSECKeeper::isPresigned(const std::string& name) { vector meta; - d_db.getDomainMetadata(name, "PRESIGNED", meta); + d_keymetadb.getDomainMetadata(name, "PRESIGNED", meta); if(meta.empty()) return false; return meta[0]=="1"; @@ -102,10 +100,8 @@ void DNSSECKeeper::addKey(const std::string& name, bool keyOrZone, int algorithm void DNSSECKeeper::clearCaches(const std::string& name) { - { - Lock l(&s_keycachelock); - s_keycache.erase(name); - } + t_keycache->erase(name); // should this be broadcast in some way? + Lock l(&s_metacachelock); pair range = s_metacache.equal_range(name); while(range.first != range.second) @@ -121,7 +117,7 @@ void DNSSECKeeper::addKey(const std::string& name, const DNSSECPrivateKey& dpk, kd.active = active; kd.content = dpk.getKey()->convertToISC(); // now store it - d_db.addDomainKey(name, kd); + d_keymetadb.addDomainKey(name, kd); } @@ -134,7 +130,7 @@ static bool keyCompareByKindAndID(const DNSSECKeeper::keyset_t::value_type& a, c DNSSECPrivateKey DNSSECKeeper::getKeyById(const std::string& zname, unsigned int id) { vector keys; - d_db.getDomainKeys(zname, 0, keys); + d_keymetadb.getDomainKeys(zname, 0, keys); BOOST_FOREACH(const DNSBackend::KeyData& kd, keys) { if(kd.id != id) continue; @@ -158,19 +154,19 @@ DNSSECPrivateKey DNSSECKeeper::getKeyById(const std::string& zname, unsigned int void DNSSECKeeper::removeKey(const std::string& zname, unsigned int id) { clearCaches(zname); - d_db.removeDomainKey(zname, id); + d_keymetadb.removeDomainKey(zname, id); } void DNSSECKeeper::deactivateKey(const std::string& zname, unsigned int id) { clearCaches(zname); - d_db.deactivateDomainKey(zname, id); + d_keymetadb.deactivateDomainKey(zname, id); } void DNSSECKeeper::activateKey(const std::string& zname, unsigned int id) { clearCaches(zname); - d_db.activateDomainKey(zname, id); + d_keymetadb.activateDomainKey(zname, id); } @@ -188,7 +184,7 @@ void DNSSECKeeper::getFromMeta(const std::string& zname, const std::string& key, } } vector meta; - d_db.getDomainMetadata(zname, key, meta); + d_keymetadb.getDomainMetadata(zname, key, meta); if(!meta.empty()) value=*meta.begin(); @@ -230,18 +226,18 @@ void DNSSECKeeper::setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecor string descr = ns3p.getZoneRepresentation(); vector meta; meta.push_back(descr); - d_db.setDomainMetadata(zname, "NSEC3PARAM", meta); + d_keymetadb.setDomainMetadata(zname, "NSEC3PARAM", meta); meta.clear(); if(narrow) meta.push_back("1"); - d_db.setDomainMetadata(zname, "NSEC3NARROW", meta); + d_keymetadb.setDomainMetadata(zname, "NSEC3NARROW", meta); } void DNSSECKeeper::unsetNSEC3PARAM(const std::string& zname) { clearCaches(zname); - d_db.setDomainMetadata(zname, "NSEC3PARAM", vector()); + d_keymetadb.setDomainMetadata(zname, "NSEC3PARAM", vector()); } @@ -250,37 +246,34 @@ void DNSSECKeeper::setPresigned(const std::string& zname) clearCaches(zname); vector meta; meta.push_back("1"); - d_db.setDomainMetadata(zname, "PRESIGNED", meta); + d_keymetadb.setDomainMetadata(zname, "PRESIGNED", meta); } void DNSSECKeeper::unsetPresigned(const std::string& zname) { clearCaches(zname); - d_db.setDomainMetadata(zname, "PRESIGNED", vector()); + d_keymetadb.setDomainMetadata(zname, "PRESIGNED", vector()); } DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const std::string& zone, boost::tribool allOrKeyOrZone) { unsigned int now = time(0); - { - Lock l(&s_keycachelock); - keycache_t::const_iterator iter = s_keycache.find(zone); + keycache_t::const_iterator iter = t_keycache->find(zone); - if(iter != s_keycache.end() && iter->d_ttd > now) { - keyset_t ret; - BOOST_FOREACH(const keyset_t::value_type& value, iter->d_keys) { - if(boost::indeterminate(allOrKeyOrZone) || allOrKeyOrZone == value.second.keyOrZone) - ret.push_back(value); - } - return ret; + if(iter != t_keycache->end() && iter->d_ttd > now) { + keyset_t ret; + BOOST_FOREACH(const keyset_t::value_type& value, iter->d_keys) { + if(boost::indeterminate(allOrKeyOrZone) || allOrKeyOrZone == value.second.keyOrZone) + ret.push_back(value); } + return ret; } - + keyset_t retkeyset, allkeyset; vector dbkeyset; - d_db.getDomainKeys(zone, 0, dbkeyset); + d_keymetadb.getDomainKeys(zone, 0, dbkeyset); BOOST_FOREACH(UeberBackend::KeyData& kd, dbkeyset) { @@ -305,13 +298,12 @@ DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const std::string& zone, boost::tri } sort(retkeyset.begin(), retkeyset.end(), keyCompareByKindAndID); sort(allkeyset.begin(), allkeyset.end(), keyCompareByKindAndID); - Lock l(&s_keycachelock); KeyCacheEntry kce; kce.d_domain=zone; kce.d_keys = allkeyset; kce.d_ttd = now + 30; - replacing_insert(s_keycache, kce); + replacing_insert(*t_keycache, kce); return retkeyset; } diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh index edbe499a6..893c44461 100644 --- a/pdns/dnsseckeeper.hh +++ b/pdns/dnsseckeeper.hh @@ -28,9 +28,13 @@ public: typedef std::pair keymeta_t; typedef std::vector keyset_t; private: - UeberBackend d_db; + UeberBackend d_keymetadb; public: - DNSSECKeeper() : d_db("key-only"){} + DNSSECKeeper() : d_keymetadb("key-only") + { + if(!t_keycache) + t_keycache = new keycache_t(); + } bool isSecuredZone(const std::string& zone); keyset_t getKeys(const std::string& zone, boost::tribool allOrKeyOrZone = boost::indeterminate); @@ -102,9 +106,8 @@ private: > > metacache_t; - static keycache_t s_keycache; + static __thread keycache_t* t_keycache; static metacache_t s_metacache; - static pthread_mutex_t s_keycachelock; static pthread_mutex_t s_metacachelock; };