archive/netdata_netdata
0
0
Fork 0
mirror of https://github.com/netdata/netdata.git synced 2025-05-11 12:15:51 +00:00
Code Issues Projects Releases Wiki Activity
netdata_netdata/libnetdata/simple_pattern/simple_pattern.h
Andrew Moss 01aaa90939
Fixing DNS-lookup performance issue on FreeBSD. () 
Our default configuration includes:
   allow connections from = localhost *
   allow management from = localhost

The problem occurs when a connection is received that passes the `allow connections` pattern
match, but fails the ACL check for `allow management`. During the failure processing path the
DNS lookup is triggered to allow the FQDN to be checked against the pattern. On a FreeBSD
system this lookup fails more slowly than linux and causes a visible performance problem
during stress-testing.

The fix adds a heuristic to analyse the patterns and determine if it is possible to match a DNS name,
or only match a numeric IP address (either IPv4 or IPv6), or only match a constant value. This
heuristic is used to disable the DNS checks when they cannot produce anything that may match
the pattern. Each heuristic is evaluated once, when the configuration is loaded, not per-connection to the agent.

Because the heuristic is not exact it can be overridden using the new config options for each of the ACL connection filters to set it to "yes", "no" or "heuristic". The default for everything *except* the netdata.conf ACL is "heuristic". Because of the numeric-patterns in the netdata.conf ACL the default is set to "no".
2019-10-24 20:44:56 +02:00

36 lines
1.3 KiB
C
Raw Blame History

// SPDX-License-Identifier: GPL-3.0-or-later
#ifndef NETDATA_SIMPLE_PATTERN_H
#define NETDATA_SIMPLE_PATTERN_H
#include "../libnetdata.h"
typedef enum {
SIMPLE_PATTERN_EXACT,
SIMPLE_PATTERN_PREFIX,
SIMPLE_PATTERN_SUFFIX,
SIMPLE_PATTERN_SUBSTRING
} SIMPLE_PREFIX_MODE;
typedef void SIMPLE_PATTERN;
// create a simple_pattern from the string given
// default_mode is used in cases where EXACT matches, without an asterisk,
// should be considered PREFIX matches.
extern SIMPLE_PATTERN *simple_pattern_create(const char *list, const char *separators, SIMPLE_PREFIX_MODE default_mode);
// test if string str is matched from the pattern and fill 'wildcarded' with the parts matched by '*'
extern int simple_pattern_matches_extract(SIMPLE_PATTERN *list, const char *str, char *wildcarded, size_t wildcarded_size);
// test if string str is matched from the pattern
#define simple_pattern_matches(list, str) simple_pattern_matches_extract(list, str, NULL, 0)
// free a simple_pattern that was created with simple_pattern_create()
// list can be NULL, in which case, this does nothing.
extern void simple_pattern_free(SIMPLE_PATTERN *list);
extern void simple_pattern_dump(uint64_t debug_type, SIMPLE_PATTERN *p) ;
extern int simple_pattern_is_potential_name(SIMPLE_PATTERN *p) ;
#endif //NETDATA_SIMPLE_PATTERN_H
Reference in a new issue View git blame Copy permalink