Archives
/
encrypted-dns-server
mirror of https://github.com/jedisct1/encrypted-dns-server
2
0
Fork 0
Code Issues Releases Wiki Activity

Make DNS cache TTLs configurable

Browse Source
pull/5/head
Frank Denis 5 years ago
parent 267a260801
commit ba96f014ef
5 changed files with 66 additions and 11 deletions
Show Stats Download Patch File Download Diff File

15
encrypted-dns.toml
Unescape Escape View File

@ -56,6 +56,21 @@ tcp_max_active_connections = 100
cache_capacity = 10000 cache_capacity = 10000
## DNS cache: minimum TTL
cache_ttl_min = 600
## DNS cache: max TTL
cache_ttl_max = 86400
## DNS cache: error TTL
cache_ttl_error = 600
## User name to drop privileges to, when started as root. ## User name to drop privileges to, when started as root.
# user = "nobody" # user = "nobody"

39
src/cache.rs
Unescape Escape View File

@ -1,6 +1,9 @@
use crate::dns; use crate::dns;
use clockpro_cache::ClockProCache;
use coarsetime::{Duration, Instant}; use coarsetime::{Duration, Instant};
use parking_lot::{Mutex, MutexGuard};
use std::sync::Arc;
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub struct CachedResponse { pub struct CachedResponse {
@ -9,8 +12,9 @@ pub struct CachedResponse {
} }
impl CachedResponse { impl CachedResponse {
pub fn new(response: Vec<u8>) -> Self { pub fn new(cache: &Cache, response: Vec<u8>) -> Self {
let ttl = dns::min_ttl(&response, 1, 86400, 3600).unwrap_or(3600); let ttl = dns::min_ttl(&response, cache.ttl_min, cache.ttl_max, cache.ttl_error)
.unwrap_or(cache.ttl_error);
let expiry = Instant::recent() + Duration::from_secs(u64::from(ttl)); let expiry = Instant::recent() + Duration::from_secs(u64::from(ttl));
CachedResponse { response, expiry } CachedResponse { response, expiry }
} }
@ -27,3 +31,34 @@ impl CachedResponse {
Instant::recent() > self.expiry Instant::recent() > self.expiry
} }
} }
#[derive(Clone, Derivative)]
#[derivative(Debug)]
pub struct Cache {
#[derivative(Debug = "ignore")]
cache: Arc<Mutex<ClockProCache<u128, CachedResponse>>>,
ttl_min: u32,
ttl_max: u32,
ttl_error: u32,
}
impl Cache {
pub fn new(
clockpro_cache: ClockProCache<u128, CachedResponse>,
ttl_min: u32,
ttl_max: u32,
ttl_error: u32,
) -> Self {
Cache {
cache: Arc::new(Mutex::new(clockpro_cache)),
ttl_min,
ttl_max,
ttl_error,
}
}
#[inline]
pub fn lock(&self) -> MutexGuard<ClockProCache<u128, CachedResponse>> {
self.cache.lock()
}
}

3
src/config.rs
Unescape Escape View File

@ -31,6 +31,9 @@ pub struct Config {
pub udp_max_active_connections: u32, pub udp_max_active_connections: u32,
pub tcp_max_active_connections: u32, pub tcp_max_active_connections: u32,
pub cache_capacity: usize, pub cache_capacity: usize,
pub cache_ttl_min: u32,
pub cache_ttl_max: u32,
pub cache_ttl_error: u32,
pub user: Option<String>, pub user: Option<String>,
pub group: Option<String>, pub group: Option<String>,
pub chroot: Option<String>, pub chroot: Option<String>,

7
src/globals.rs
Unescape Escape View File

@ -2,7 +2,6 @@ use crate::cache::*;
use crate::crypto::*; use crate::crypto::*;
use crate::dnscrypt_certs::*; use crate::dnscrypt_certs::*;
use clockpro_cache::ClockProCache;
use parking_lot::{Mutex, RwLock}; use parking_lot::{Mutex, RwLock};
use siphasher::sip128::SipHasher13; use siphasher::sip128::SipHasher13;
use std::collections::vec_deque::VecDeque; use std::collections::vec_deque::VecDeque;
@ -14,8 +13,7 @@ use std::time::Duration;
use tokio::runtime::Runtime; use tokio::runtime::Runtime;
use tokio::sync::oneshot; use tokio::sync::oneshot;
#[derive(Derivative)] #[derive(Debug, Clone)]
#[derivative(Debug)]
pub struct Globals { pub struct Globals {
pub runtime: Arc<Runtime>, pub runtime: Arc<Runtime>,
pub state_file: PathBuf, pub state_file: PathBuf,
@ -36,6 +34,5 @@ pub struct Globals {
pub tcp_active_connections: Arc<Mutex<VecDeque<oneshot::Sender<()>>>>, pub tcp_active_connections: Arc<Mutex<VecDeque<oneshot::Sender<()>>>>,
pub key_cache_capacity: usize, pub key_cache_capacity: usize,
pub hasher: SipHasher13, pub hasher: SipHasher13,
#[derivative(Debug = "ignore")] pub cache: Cache,
pub cache: Arc<Mutex<ClockProCache<u128, CachedResponse>>>,
} }

13
src/main.rs
Unescape Escape View File

@ -222,7 +222,7 @@ async fn resolve(globals: &Globals, mut packet: &mut Vec<u8>) -> Result<Vec<u8>,
return Ok(cached_response.into_response()); return Ok(cached_response.into_response());
} }
} else { } else {
let cached_response = CachedResponse::new(response.clone()); let cached_response = CachedResponse::new(&globals.cache, response.clone());
globals.cache.lock().insert(packet_hash, cached_response); globals.cache.lock().insert(packet_hash, cached_response);
} }
dns::set_tid(&mut response, original_tid); dns::set_tid(&mut response, original_tid);
@ -537,8 +537,13 @@ fn main() -> Result<(), Error> {
let (sh_k0, sh_k1) = rand::thread_rng().gen(); let (sh_k0, sh_k1) = rand::thread_rng().gen();
let hasher = SipHasher13::new_with_keys(sh_k0, sh_k1); let hasher = SipHasher13::new_with_keys(sh_k0, sh_k1);
let cache = ClockProCache::new(cache_capacity) let cache = Cache::new(
.map_err(|e| format_err!("Unable to create the DNS cache: [{}]", e))?; ClockProCache::new(cache_capacity)
.map_err(|e| format_err!("Unable to create the DNS cache: [{}]", e))?,
config.cache_ttl_min,
config.cache_ttl_max,
config.cache_ttl_error,
);
let globals = Arc::new(Globals { let globals = Arc::new(Globals {
runtime: runtime.clone(), runtime: runtime.clone(),
@ -566,7 +571,7 @@ fn main() -> Result<(), Error> {
))), ))),
key_cache_capacity, key_cache_capacity,
hasher, hasher,
cache: Arc::new(Mutex::new(cache)), cache,
}); });
let updater = DNSCryptEncryptionParamsUpdater::new(globals.clone()); let updater = DNSCryptEncryptionParamsUpdater::new(globals.clone());
if !state_is_new { if !state_is_new {

Write Preview
Loading…
Cancel
Save