mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
- On startup of unbound it checks if rlimits on memory size look
sufficient for the configured cache size, and logs warning if not.
This commit is contained in:
parent
7f25bb4730
commit
d3497f6bd1
@ -197,6 +197,33 @@ checkrlimits(struct config_file* cfg)
|
||||
size_t total = numthread * perthread + misc;
|
||||
size_t avail;
|
||||
struct rlimit rlim;
|
||||
size_t memsize_expect = cfg->msg_cache_size + cfg->rrset_cache_size
|
||||
+ (cfg->do_tcp?cfg->stream_wait_size:0)
|
||||
+ (cfg->ip_ratelimit?cfg->ip_ratelimit_size:0)
|
||||
+ (cfg->ratelimit?cfg->ratelimit_size:0)
|
||||
+ (cfg->dnscrypt?cfg->dnscrypt_shared_secret_cache_size + cfg->dnscrypt_nonce_cache_size:0)
|
||||
+ cfg->infra_cache_numhosts * (sizeof(struct infra_key)+sizeof(struct infra_data));
|
||||
if(strstr(cfg->module_conf, "validator") && (cfg->trust_anchor_file_list || cfg->trust_anchor_list || cfg->auto_trust_anchor_file_list || cfg->trusted_keys_file_list)) {
|
||||
memsize_expect += cfg->key_cache_size + cfg->neg_cache_size;
|
||||
}
|
||||
#ifdef HAVE_NGHTTP2_NGHTTP2_H
|
||||
if(cfg_has_https(cfg)) {
|
||||
memsize_expect += cfg->http_query_buffer_size + cfg->http_response_buffer_size;
|
||||
}
|
||||
#endif
|
||||
|
||||
if(getrlimit(RLIMIT_AS, &rlim) == 0) {
|
||||
if(rlim.rlim_cur != (rlim_t)RLIM_INFINITY &&
|
||||
rlim.rlim_cur < (rlim_t)memsize_expect) {
|
||||
log_warn("the ulimit(max memory size) is smaller than the expected memory usage (added size of caches). %u < %u bytes", (unsigned)rlim.rlim_cur, (unsigned)memsize_expect);
|
||||
}
|
||||
}
|
||||
if(getrlimit(RLIMIT_DATA, &rlim) == 0) {
|
||||
if(rlim.rlim_cur != (rlim_t)RLIM_INFINITY &&
|
||||
rlim.rlim_cur < memsize_expect) {
|
||||
log_warn("the ulimit(data seg size) is smaller than the expected memory usage (added size of caches). %u < %u bytes", (unsigned)rlim.rlim_cur, (unsigned)memsize_expect);
|
||||
}
|
||||
}
|
||||
|
||||
if(total > 1024 &&
|
||||
strncmp(ub_event_get_version(), "mini-event", 10) == 0) {
|
||||
|
@ -4,6 +4,10 @@
|
||||
- ipsecmod: Better logging for detecting a cycle when attaching the
|
||||
A/AAAA subquery.
|
||||
|
||||
24 February 2021: Wouter
|
||||
- On startup of unbound it checks if rlimits on memory size look
|
||||
sufficient for the configured cache size, and logs warning if not.
|
||||
|
||||
23 February 2021: Wouter
|
||||
- Fix for zonemd, that domain-insecure zones work without dnssec.
|
||||
- Fix for zonemd, do not reject insecure result from trust anchor
|
||||
|
@ -1105,6 +1105,19 @@ if_is_https(const char* ifname, const char* port, int https_port)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** see if config contains https turned on */
|
||||
int cfg_has_https(struct config_file* cfg)
|
||||
{
|
||||
int i;
|
||||
char portbuf[32];
|
||||
snprintf(portbuf, sizeof(portbuf), "%d", cfg->port);
|
||||
for(i = 0; i<cfg->num_ifs; i++) {
|
||||
if(if_is_https(cfg->ifs[i], portbuf, cfg->https_port))
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper for ports_open. Creates one interface (or NULL for default).
|
||||
* @param ifname: The interface ip address.
|
||||
|
@ -147,6 +147,12 @@ void listening_ports_free(struct listen_port* list);
|
||||
int resolve_interface_names(struct config_file* cfg, char*** resif,
|
||||
int* num_resif);
|
||||
|
||||
/**
|
||||
* Return true if the config contains settinsg that enable https.
|
||||
* @return true if https ports are used for server.
|
||||
*/
|
||||
int cfg_has_https(struct config_file* cfg);
|
||||
|
||||
/**
|
||||
* Create commpoints with for this thread for the shared ports.
|
||||
* @param base: the comm_base that provides event functionality.
|
||||
|
Loading…
Reference in New Issue
Block a user