Merge pull request #1 from lifenjoiner/pr2537

Add `cert_refresh_concurrency`
2025-04-04 21:57:44 +03:00 · 2023-12-11 21:17:54 +08:00 · 2023-12-11 21:17:54 +08:00 · e75fa68301
commit e75fa68301
parent 3305b57778 6fce626b1b
4 changed files with 20 additions and 11 deletions
--- a/dnscrypt-proxy/config.go
+++ b/dnscrypt-proxy/config.go
@ -42,6 +42,7 @@ type Config struct {
 	Timeout                  int            `toml:"timeout"`
 	KeepAlive                int            `toml:"keepalive"`
 	Proxy                    string         `toml:"proxy"`
+	CertRefreshConcurrency   int            `toml:"cert_refresh_concurrency"`
 	CertRefreshDelay         int            `toml:"cert_refresh_delay"`
 	CertIgnoreTimestamp      bool           `toml:"cert_ignore_timestamp"`
 	EphemeralKeys            bool           `toml:"dnscrypt_ephemeral_keys"`
@ -116,6 +117,7 @@ func newConfig() Config {
 		LocalDoH:                 LocalDoHConfig{Path: "/dns-query"},
 		Timeout:                  5000,
 		KeepAlive:                5,
+		CertRefreshConcurrency:   10,
 		CertRefreshDelay:         240,
 		HTTP3:                    false,
 		CertIgnoreTimestamp:      false,
@ -437,6 +439,7 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
 	if config.ForceTCP {
 		proxy.mainProto = "tcp"
 	}
+	proxy.certRefreshConcurrency = Max(1, config.CertRefreshConcurrency)
 	proxy.certRefreshDelay = time.Duration(Max(60, config.CertRefreshDelay)) * time.Minute
 	proxy.certRefreshDelayAfterFailure = time.Duration(10 * time.Second)
 	proxy.certIgnoreTimestamp = config.CertIgnoreTimestamp
--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
@ -183,6 +183,12 @@ keepalive = 30
 # use_syslog = true


+## The maximum concurrency to reload certificates from the resolvers.
+## Default is 10.
+
+# cert_refresh_concurrency = 10
+
+
 ## Delay, in minutes, after which certificates are reloaded

 cert_refresh_delay = 240
--- a/dnscrypt-proxy/proxy.go
+++ b/dnscrypt-proxy/proxy.go
@ -74,6 +74,7 @@ type Proxy struct {
 	certRefreshDelayAfterFailure  time.Duration
 	timeout                       time.Duration
 	certRefreshDelay              time.Duration
+	certRefreshConcurrency        int
 	cacheSize                     int
 	logMaxBackups                 int
 	logMaxAge                     int
--- a/dnscrypt-proxy/serversInfo.go
+++ b/dnscrypt-proxy/serversInfo.go
@ -228,24 +228,23 @@ func (serversInfo *ServersInfo) refresh(proxy *Proxy) (int, error) {
 	copy(registeredServers, serversInfo.registeredServers)
 	serversInfo.RUnlock()
 	liveServers := 0
+	countChannel := make(chan struct{}, proxy.certRefreshConcurrency)
+	waitChannel := make(chan struct{})
 	var err error
-
-	// simultaneously refresh all servers
-	wg := sync.WaitGroup{}
-	wg.Add(len(registeredServers))
 	for i := range registeredServers {
-		go func(rs *RegisteredServer) {
-			if err = serversInfo.refreshServer(proxy, rs.name, rs.stamp); err == nil {
-				serversInfo.Lock()
+		countChannel <- struct{}{}
+		go func(registeredServer *RegisteredServer) {
+			if err = serversInfo.refreshServer(proxy, registeredServer.name, registeredServer.stamp); err == nil {
 				liveServers++
 				proxy.xTransport.internalResolverReady = true
-				serversInfo.Unlock()
 			}
-			wg.Done()
+			<-countChannel
+			if len(countChannel) == 0 {
+				close(waitChannel)
+			}
 		}(&registeredServers[i])
 	}
-	wg.Wait()
-
+	<-waitChannel
 	serversInfo.Lock()
 	sort.SliceStable(serversInfo.inner, func(i, j int) bool {
 		return serversInfo.inner[i].initialRtt < serversInfo.inner[j].initialRtt