Pull request 1806: 5661-fix-protection-update-lock
Updates #5661. Squashed commit of the following: commit 02e83c75c8f44f084c0cb8d33b7d6a524c8c1b0e Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Apr 6 19:28:17 2023 +0300 dnsforward: imp logs commit 0f27265fc94f0e3b8e2dee79dbf9ab5344416c61 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Apr 6 19:18:19 2023 +0300 dnsforward: imp locks
This commit is contained in:
parent
b1120221c7
commit
5d5a729569
|
@ -587,11 +587,11 @@ func (s *Server) prepareTLS(proxyConfig *proxy.Config) (err error) {
|
||||||
if s.conf.StrictSNICheck {
|
if s.conf.StrictSNICheck {
|
||||||
if len(cert.DNSNames) != 0 {
|
if len(cert.DNSNames) != 0 {
|
||||||
s.conf.dnsNames = cert.DNSNames
|
s.conf.dnsNames = cert.DNSNames
|
||||||
log.Debug("dnsforward: using certificate's SAN as DNS names: %v", cert.DNSNames)
|
log.Debug("dns: using certificate's SAN as DNS names: %v", cert.DNSNames)
|
||||||
slices.Sort(s.conf.dnsNames)
|
slices.Sort(s.conf.dnsNames)
|
||||||
} else {
|
} else {
|
||||||
s.conf.dnsNames = append(s.conf.dnsNames, cert.Subject.CommonName)
|
s.conf.dnsNames = append(s.conf.dnsNames, cert.Subject.CommonName)
|
||||||
log.Debug("dnsforward: using certificate's CN as DNS name: %s", cert.Subject.CommonName)
|
log.Debug("dns: using certificate's CN as DNS name: %s", cert.Subject.CommonName)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -649,16 +649,8 @@ func (s *Server) onGetCertificate(ch *tls.ClientHelloInfo) (*tls.Certificate, er
|
||||||
// UpdatedProtectionStatus updates protection state, if the protection was
|
// UpdatedProtectionStatus updates protection state, if the protection was
|
||||||
// disabled temporarily. Returns the updated state of protection.
|
// disabled temporarily. Returns the updated state of protection.
|
||||||
func (s *Server) UpdatedProtectionStatus() (enabled bool) {
|
func (s *Server) UpdatedProtectionStatus() (enabled bool) {
|
||||||
changed := false
|
s.serverLock.RLock()
|
||||||
defer func() {
|
defer s.serverLock.RUnlock()
|
||||||
if changed {
|
|
||||||
log.Info("dns: protection is restarted after pause")
|
|
||||||
s.conf.ConfigModified()
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
s.serverLock.Lock()
|
|
||||||
defer s.serverLock.Unlock()
|
|
||||||
|
|
||||||
disabledUntil := s.conf.ProtectionDisabledUntil
|
disabledUntil := s.conf.ProtectionDisabledUntil
|
||||||
if disabledUntil == nil {
|
if disabledUntil == nil {
|
||||||
|
@ -669,9 +661,33 @@ func (s *Server) UpdatedProtectionStatus() (enabled bool) {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
s.conf.ProtectionEnabled = true
|
// Update the values in a separate goroutine, unless an update is already in
|
||||||
s.conf.ProtectionDisabledUntil = nil
|
// progress. Since this method is called very often, and this update is a
|
||||||
changed = true
|
// relatively rare situation, do not lock s.serverLock for writing, as that
|
||||||
|
// can lead to freezes.
|
||||||
|
//
|
||||||
|
// See https://github.com/AdguardTeam/AdGuardHome/issues/5661.
|
||||||
|
if s.protectionUpdateInProgress.CompareAndSwap(false, true) {
|
||||||
|
go s.enableProtectionAfterPause()
|
||||||
|
}
|
||||||
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// enableProtectionAfterPause sets the protection configuration to enabled
|
||||||
|
// values. It is intended to be used as a goroutine.
|
||||||
|
func (s *Server) enableProtectionAfterPause() {
|
||||||
|
defer log.OnPanic("dns: enabling protection after pause")
|
||||||
|
|
||||||
|
defer s.protectionUpdateInProgress.Store(false)
|
||||||
|
|
||||||
|
defer s.conf.ConfigModified()
|
||||||
|
|
||||||
|
s.serverLock.Lock()
|
||||||
|
defer s.serverLock.Unlock()
|
||||||
|
|
||||||
|
s.conf.ProtectionEnabled = true
|
||||||
|
s.conf.ProtectionDisabledUntil = nil
|
||||||
|
|
||||||
|
log.Info("dns: protection is restarted after pause")
|
||||||
|
}
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"runtime"
|
"runtime"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
"sync/atomic"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
|
"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
|
||||||
|
@ -111,6 +112,10 @@ type Server struct {
|
||||||
|
|
||||||
isRunning bool
|
isRunning bool
|
||||||
|
|
||||||
|
// protectionUpdateInProgress is used to make sure that only one goroutine
|
||||||
|
// updating the protection configuration after a pause is running at a time.
|
||||||
|
protectionUpdateInProgress atomic.Bool
|
||||||
|
|
||||||
conf ServerConfig
|
conf ServerConfig
|
||||||
// serverLock protects Server.
|
// serverLock protects Server.
|
||||||
serverLock sync.RWMutex
|
serverLock sync.RWMutex
|
||||||
|
|
Loading…
Reference in New Issue