Bug 1417

Summary: [dnscrypt] shared secret cache configuration option + counters
Product: unbound Reporter: Manu Bretelle <chantr4>
Component: serverAssignee: unbound team <unbound-team>
Status: RESOLVED FIXED    
Severity: enhancement CC: cathya, wouter
Priority: P5    
Version: unspecified   
Hardware: Other   
OS: All   
Attachments: 1_dnsc_fix_tests
2_dnsc_shared_secret_config
3_dnsc_shared_secret_cache_counters
2_dnsc_shared_secret_config_v2

Description Manu Bretelle 2017-08-30 02:20:10 CEST
Hi, a new batch of patches. First a quick regex fix the test. (`;` needed to be escaped)
second, a patch to make the dnscrypt shared secret cache size and slabs configurable which will default to 4m/4 slabs.
third, a patch to be able to get access to the cache stats (number of keys, size) as well as the number of cache misses so one can compute the miss ratio using num.query.dnscrypt.shared_secret.cachemiss / total.num.dnscrypt.crypted .
Comment 1 Manu Bretelle 2017-08-30 02:20:55 CEST
Created attachment 444 [details]
1_dnsc_fix_tests

escape `;`
Comment 2 Manu Bretelle 2017-08-30 02:22:24 CEST
Created attachment 445 [details]
2_dnsc_shared_secret_config

adds `dnscrypt-shared-secret-cache-size` and `dnscrypt-shared-secret-cache-slabs` config options
Comment 3 Manu Bretelle 2017-08-30 02:23:34 CEST
Created attachment 446 [details]
3_dnsc_shared_secret_cache_counters

Adds shared secret cache counters (cache size/keys count and cache misses)
Comment 4 Manu Bretelle 2017-08-30 02:41:26 CEST
Created attachment 447 [details]
2_dnsc_shared_secret_config_v2

shared secret cache config (v2 adds option to unbound-control get_option dnscrypt-shared-secret-cache-{size,slabs}
Comment 5 Manu Bretelle 2017-08-30 02:48:48 CEST
BTW, none of the dnscrypt counters are documented in `doc/unbound-control.8`. I don't this it makes sense to documented it there given that this is behind a feature flag. I supose I could dump a `README` within the dnscrypt folder. thought?
Comment 6 Manu Bretelle 2017-08-30 02:53:27 CEST
Also, build results with and without dnscrypt enabled: https://travis-ci.org/chantra/unbound/builds/269818984
Comment 7 Wouter Wijngaards 2017-08-31 13:59:05 CEST
Hi Manu,

Patch 1: the tests fail if I apply this.  Without that, the tests work.  Do you have a different grep or something?

It is fine to have man page entries for optional content (describe it is there for the option).  It is better to have it documented.

Patch 2 and 3 are fine, thank you.  I have committed them.

Best regards, Wouter
Comment 8 Manu Bretelle 2017-08-31 17:00:37 CEST
(In reply to Wouter Wijngaards from comment #7)

> 
> Patch 1: the tests fail if I apply this.  Without that, the tests work.  Do
> you have a different grep or something?
> 
yes, that was stupid of me... the issue is not in grep behaviour, but the root of all evil here is different `dig` behaviour. So while this succeeded on old dig version in travis CI, it fails with newer ones.

> It is fine to have man page entries for optional content (describe it is
> there for the option).  It is better to have it documented.

Ok, I will get this done later.

> 
> Patch 2 and 3 are fine, thank you.  I have committed them.
> 

Thanks!