mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

Update HTTP listeners quotas on reconfiguration

Browse Source 
This commit ensures that on reconfiguration a proper value for HTTP
connections limit is picked up.

The commit also refactors how listeners settings are updated so that
there is less code duplication.
This commit is contained in:
Artem Boldariev
2022-06-22 15:28:57 +03:00
parent 3f0b310772
commit a2379135fa
1 changed files with 42 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
lib/ns/interfacemgr.c
View File

@@ -929,12 +929,9 @@ clearlistenon(ns_interfacemgr_t *mgr) {
} }
static void static void
replace_listener_tlsctx(ns_interfacemgr_t *mgr, ns_interface_t *ifp, replace_listener_tlsctx(ns_interface_t *ifp, isc_tlsctx_t *newctx) {
isc_tlsctx_t *newctx) {
char sabuf[ISC_SOCKADDR_FORMATSIZE]; char sabuf[ISC_SOCKADDR_FORMATSIZE];
REQUIRE(NS_INTERFACE_VALID(ifp));
LOCK(&mgr->lock);
isc_sockaddr_format(&ifp->addr, sabuf, sizeof(sabuf)); isc_sockaddr_format(&ifp->addr, sabuf, sizeof(sabuf));
isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_INFO, isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_INFO,
"updating TLS context on %s", sabuf); "updating TLS context on %s", sabuf);
@@ -944,6 +941,41 @@ replace_listener_tlsctx(ns_interfacemgr_t *mgr, ns_interface_t *ifp,
} else if (ifp->http_secure_listensocket != NULL) { } else if (ifp->http_secure_listensocket != NULL) {
isc_nmsocket_set_tlsctx(ifp->http_secure_listensocket, newctx); isc_nmsocket_set_tlsctx(ifp->http_secure_listensocket, newctx);
} }
}
static void
update_http_settings(ns_interface_t *ifp, ns_listenelt_t *le) {
REQUIRE(le->is_http);
INSIST(ifp->http_quota != NULL);
isc_quota_max(ifp->http_quota, le->http_max_clients);
}
static void
update_listener_configuration(ns_interfacemgr_t *mgr, ns_interface_t *ifp,
ns_listenelt_t *le) {
REQUIRE(NS_INTERFACEMGR_VALID(mgr));
REQUIRE(NS_INTERFACE_VALID(ifp));
REQUIRE(le != NULL);
LOCK(&mgr->lock);
/*
* We need to update the TLS contexts
* inside the TLS/HTTPS listeners during
* a reconfiguration because the
* certificates could have been changed.
*/
if (le->sslctx != NULL) {
replace_listener_tlsctx(ifp, le->sslctx);
}
/*
* Let's update HTTP listener settings
* on reconfiguration.
*/
if (le->is_http) {
update_http_settings(ifp, le);
}
UNLOCK(&mgr->lock); UNLOCK(&mgr->lock);
} }
@@ -1027,15 +1059,9 @@ do_scan(ns_interfacemgr_t *mgr, bool verbose, bool config) {
sabuf, ifp->dscp); sabuf, ifp->dscp);
} }
if (LISTENING(ifp)) { if (LISTENING(ifp)) {
/* if (config) {
* We need to update the TLS contexts update_listener_configuration(
* inside the TLS/HTTPS listeners during mgr, ifp, le);
* a reconfiguration because the
* certificates could have been changed.
*/
if (config && le->sslctx != NULL) {
replace_listener_tlsctx(
mgr, ifp, le->sslctx);
} }
continue; continue;
} }
@@ -1192,17 +1218,10 @@ do_scan(ns_interfacemgr_t *mgr, bool verbose, bool config) {
sabuf, ifp->dscp); sabuf, ifp->dscp);
} }
if (LISTENING(ifp)) { if (LISTENING(ifp)) {
/* if (config) {
* We need to update the TLS contexts update_listener_configuration(
* inside the TLS/HTTPS listeners during mgr, ifp, le);
* a reconfiguration because the
* certificates could have been changed.
*/
if (config && le->sslctx != NULL) {
replace_listener_tlsctx(
mgr, ifp, le->sslctx);
} }
continue; continue;
} }
} }