Run the RPZ update as offloaded work

Previously, the RPZ updates ran quantized on the main nm_worker loops. As the quantum was set to 1024, this might lead to service interruptions when large RPZ update was processed. Change the RPZ update process to run as the offloaded work. The update and cleanup loops were refactored to do as little locking of the maintenance lock as possible for the shortest periods of time and the db iterator is being paused for every iteration, so we don't hold the rbtdb tree lock for prolonged periods of time. (cherry picked from commit f106d0ed2b)
2022-03-07 13:55:03 +01:00
parent f4cba0784e
commit e128b6a951
3 changed files with 267 additions and 392 deletions
--- a/lib/dns/include/dns/rpz.h
+++ b/lib/dns/include/dns/rpz.h
@@ -144,25 +144,21 @@ struct dns_rpz_zone {
 	dns_ttl_t	 max_policy_ttl;
 	dns_rpz_policy_t policy; /* DNS_RPZ_POLICY_GIVEN or override */

-	uint32_t min_update_interval;	 /* minimal interval between
-					  * updates */
-	isc_ht_t	 *nodes;		 /* entries in zone */
-	dns_rpz_zones_t *rpzs;		 /* owner */
-	isc_time_t	 lastupdated;	 /* last time the zone was processed
-					  * */
-	bool updatepending;		 /* there is an update
-					  * pending/waiting */
-	bool		 updaterunning;	 /* there is an update running */
-	dns_db_t	 *db;		 /* zones database */
-	dns_dbversion_t *dbversion;	 /* version we will be updating to */
-	dns_db_t	 *updb;		 /* zones database we're working on */
-	dns_dbversion_t *updbversion;	 /* version we're currently working
-					  * on */
-	dns_dbiterator_t *updbit;	 /* iterator to use when updating */
-	isc_ht_t	 *newnodes;	 /* entries in zone being updated */
-	bool		  db_registered; /* is the notify event
-					  * registered? */
-	bool	     addsoa;		 /* add soa to the additional section */
+	uint32_t min_update_interval;	/* minimal interval between
+					 * updates */
+	isc_ht_t	 *nodes;		/* entries in zone */
+	dns_rpz_zones_t *rpzs;		/* owner */
+	isc_time_t	 lastupdated;	/* last time the zone was processed
+					 * */
+	bool		 updatepending; /* there is an update pending */
+	bool		 updaterunning; /* there is an update running */
+	isc_result_t	 updateresult;	/* result from the offloaded work */
+	dns_db_t	 *db;		/* zones database */
+	dns_dbversion_t *dbversion;	/* version we will be updating to */
+	dns_db_t	 *updb;		/* zones database we're working on */
+	dns_dbversion_t *updbversion;	/* version we're currently working
+					 * on */
+	bool	     addsoa;		/* add soa to the additional section */
 	isc_timer_t *updatetimer;
 	isc_event_t  updateevent;
 };