Bug 1417 - [dnscrypt] shared secret cache configuration option + counters
[dnscrypt] shared secret cache configuration option + counters
Status: RESOLVED FIXED
Product: unbound
Classification: Unclassified
Component: server
unspecified
Other All
: P5 enhancement
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-30 02:20 CEST by Manu Bretelle
Modified: 2017-08-31 17:00 CEST (History)
2 users (show)

See Also:


Attachments
1_dnsc_fix_tests (4.52 KB, patch)
2017-08-30 02:20 CEST, Manu Bretelle
Details | Diff
2_dnsc_shared_secret_config (6.83 KB, patch)
2017-08-30 02:22 CEST, Manu Bretelle
Details | Diff
3_dnsc_shared_secret_cache_counters (9.20 KB, patch)
2017-08-30 02:23 CEST, Manu Bretelle
Details | Diff
2_dnsc_shared_secret_config_v2 (7.40 KB, patch)
2017-08-30 02:41 CEST, Manu Bretelle
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Manu Bretelle 2017-08-30 02:20:10 CEST
Hi, a new batch of patches. First a quick regex fix the test. (`;` needed to be escaped)
second, a patch to make the dnscrypt shared secret cache size and slabs configurable which will default to 4m/4 slabs.
third, a patch to be able to get access to the cache stats (number of keys, size) as well as the number of cache misses so one can compute the miss ratio using num.query.dnscrypt.shared_secret.cachemiss / total.num.dnscrypt.crypted .
Comment 1 Manu Bretelle 2017-08-30 02:20:55 CEST
Created attachment 444 [details]
1_dnsc_fix_tests

escape `;`
Comment 2 Manu Bretelle 2017-08-30 02:22:24 CEST
Created attachment 445 [details]
2_dnsc_shared_secret_config

adds `dnscrypt-shared-secret-cache-size` and `dnscrypt-shared-secret-cache-slabs` config options
Comment 3 Manu Bretelle 2017-08-30 02:23:34 CEST
Created attachment 446 [details]
3_dnsc_shared_secret_cache_counters

Adds shared secret cache counters (cache size/keys count and cache misses)
Comment 4 Manu Bretelle 2017-08-30 02:41:26 CEST
Created attachment 447 [details]
2_dnsc_shared_secret_config_v2

shared secret cache config (v2 adds option to unbound-control get_option dnscrypt-shared-secret-cache-{size,slabs}
Comment 5 Manu Bretelle 2017-08-30 02:48:48 CEST
BTW, none of the dnscrypt counters are documented in `doc/unbound-control.8`. I don't this it makes sense to documented it there given that this is behind a feature flag. I supose I could dump a `README` within the dnscrypt folder. thought?
Comment 6 Manu Bretelle 2017-08-30 02:53:27 CEST
Also, build results with and without dnscrypt enabled: https://travis-ci.org/chantra/unbound/builds/269818984
Comment 7 Wouter Wijngaards 2017-08-31 13:59:05 CEST
Hi Manu,

Patch 1: the tests fail if I apply this.  Without that, the tests work.  Do you have a different grep or something?

It is fine to have man page entries for optional content (describe it is there for the option).  It is better to have it documented.

Patch 2 and 3 are fine, thank you.  I have committed them.

Best regards, Wouter
Comment 8 Manu Bretelle 2017-08-31 17:00:37 CEST
(In reply to Wouter Wijngaards from comment #7)

> 
> Patch 1: the tests fail if I apply this.  Without that, the tests work.  Do
> you have a different grep or something?
> 
yes, that was stupid of me... the issue is not in grep behaviour, but the root of all evil here is different `dig` behaviour. So while this succeeded on old dig version in travis CI, it fails with newer ones.

> It is fine to have man page entries for optional content (describe it is
> there for the option).  It is better to have it documented.

Ok, I will get this done later.

> 
> Patch 2 and 3 are fine, thank you.  I have committed them.
> 

Thanks!