2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 struct DOHServerConfig;
28 class DOHResponseMapEntry
31 DOHResponseMapEntry(const std::string& regex, uint16_t status, const std::string& content, const boost::optional<std::vector<std::pair<std::string, std::string>>>& headers): d_regex(regex), d_customHeaders(headers), d_content(content), d_status(status)
35 bool matches(const std::string& path) const
37 return d_regex.match(path);
40 uint16_t getStatusCode() const
45 const std::string& getContent() const
50 const boost::optional<std::vector<std::pair<std::string, std::string>>>& getHeaders() const
52 return d_customHeaders;
57 boost::optional<std::vector<std::pair<std::string, std::string>>> d_customHeaders;
58 std::string d_content;
68 std::shared_ptr<DOHServerConfig> d_dsc{nullptr};
69 std::vector<std::shared_ptr<DOHResponseMapEntry>> d_responsesMap;
70 TLSConfig d_tlsConfig;
71 TLSErrorCounters d_tlsCounters;
72 std::string d_serverTokens{"h2o/dnsdist"};
73 std::vector<std::pair<std::string, std::string>> d_customResponseHeaders;
76 uint32_t d_idleTimeout{30}; // HTTP idle timeout in seconds
77 std::vector<std::string> d_urls;
79 std::atomic<uint64_t> d_httpconnects{0}; // number of TCP/IP connections established
80 std::atomic<uint64_t> d_getqueries{0}; // valid DNS queries received via GET
81 std::atomic<uint64_t> d_postqueries{0}; // valid DNS queries received via POST
82 std::atomic<uint64_t> d_badrequests{0}; // request could not be converted to dns query
83 std::atomic<uint64_t> d_errorresponses{0}; // dnsdist set 'error' on response
84 std::atomic<uint64_t> d_redirectresponses{0}; // dnsdist set 'redirect' on response
85 std::atomic<uint64_t> d_validresponses{0}; // valid responses sent out
87 struct HTTPVersionStats
89 std::atomic<uint64_t> d_nbQueries{0}; // valid DNS queries received
90 std::atomic<uint64_t> d_nb200Responses{0};
91 std::atomic<uint64_t> d_nb400Responses{0};
92 std::atomic<uint64_t> d_nb403Responses{0};
93 std::atomic<uint64_t> d_nb500Responses{0};
94 std::atomic<uint64_t> d_nb502Responses{0};
95 std::atomic<uint64_t> d_nbOtherResponses{0};
98 HTTPVersionStats d_http1Stats;
99 HTTPVersionStats d_http2Stats;
100 bool d_sendCacheControlHeaders{true};
102 time_t getTicketsKeyRotationDelay() const
104 return d_tlsConfig.d_ticketsKeyRotationDelay;
107 #ifndef HAVE_DNS_OVER_HTTPS
112 void reloadCertificates()
116 void rotateTicketsKey(time_t now)
120 void loadTicketsKeys(const std::string& keyFile)
124 void handleTicketsKeyRotation()
128 time_t getNextTicketsKeyRotation() const
133 size_t getTicketsKeysCount() const
141 void reloadCertificates();
143 void rotateTicketsKey(time_t now);
144 void loadTicketsKeys(const std::string& keyFile);
145 void handleTicketsKeyRotation();
146 time_t getNextTicketsKeyRotation() const;
147 size_t getTicketsKeysCount() const;
148 #endif /* HAVE_DNS_OVER_HTTPS */
151 #ifndef HAVE_DNS_OVER_HTTPS
156 #else /* HAVE_DNS_OVER_HTTPS */
157 #include <unordered_map>
166 DOHUnit(const DOHUnit&) = delete;
167 DOHUnit& operator=(const DOHUnit&) = delete;
176 if (--d_refcnt == 0) {
182 std::string response;
185 st_h2o_req_t* req{nullptr};
186 DOHUnit** self{nullptr};
187 std::string contentType;
188 std::atomic<uint64_t> d_refcnt{1};
191 /* the status_code is set from
192 processDOHQuery() (which is executed in
193 the DOH client thread) so that the correct
194 response can be sent in on_dnsdist(),
195 after the DOHUnit has been passed back to
198 uint16_t status_code{200};
199 bool ednsAdded{false};
201 std::string getHTTPPath() const;
202 std::string getHTTPHost() const;
203 std::string getHTTPScheme() const;
204 std::string getHTTPQueryString() const;
205 std::unordered_map<std::string, std::string> getHTTPHeaders() const;
206 void setHTTPResponse(uint16_t statusCode, const std::string& body, const std::string& contentType="");
209 #endif /* HAVE_DNS_OVER_HTTPS */
211 void handleDOHTimeout(DOHUnit* oldDU);