pdns/doh.hh

   1 #pragma once
   2 #include "iputils.hh"
   3 #include "libssl.hh"
   4
   5 struct DOHServerConfig;
   6
   7 class DOHResponseMapEntry
   8 {
   9 public:
  10   DOHResponseMapEntry(const std::string& regex, uint16_t status, const std::string& content, const boost::optional<std::vector<std::pair<std::string, std::string>>>& headers): d_regex(regex), d_customHeaders(headers), d_content(content), d_status(status)
  11   {
  12   }
  13
  14   bool matches(const std::string& path) const
  15   {
  16     return d_regex.match(path);
  17   }
  18
  19   uint16_t getStatusCode() const
  20   {
  21     return d_status;
  22   }
  23
  24   const std::string& getContent() const
  25   {
  26     return d_content;
  27   }
  28
  29   const boost::optional<std::vector<std::pair<std::string, std::string>>>& getHeaders() const
  30   {
  31     return d_customHeaders;
  32   }
  33
  34 private:
  35   Regex d_regex;
  36   boost::optional<std::vector<std::pair<std::string, std::string>>> d_customHeaders;
  37   std::string d_content;
  38   uint16_t d_status;
  39 };
  40
  41 struct DOHFrontend
  42 {
  43   DOHFrontend()
  44   {
  45     d_rotatingTicketsKey.clear();
  46   }
  47
  48   std::shared_ptr<DOHServerConfig> d_dsc{nullptr};
  49   std::vector<std::shared_ptr<DOHResponseMapEntry>> d_responsesMap;
  50   TLSConfig d_tlsConfig;
  51   std::string d_serverTokens{"h2o/dnsdist"};
  52 #ifdef HAVE_DNS_OVER_HTTPS
  53   std::unique_ptr<OpenSSLTLSTicketKeysRing> d_ticketKeys{nullptr};
  54 #endif
  55   std::vector<std::pair<std::string, std::string>> d_customResponseHeaders;
  56   ComboAddress d_local;
  57
  58   uint32_t d_idleTimeout{30};             // HTTP idle timeout in seconds
  59   std::vector<std::string> d_urls;
  60
  61   std::atomic<uint64_t> d_httpconnects{0};   // number of TCP/IP connections established
  62   std::atomic<uint64_t> d_getqueries{0};     // valid DNS queries received via GET
  63   std::atomic<uint64_t> d_postqueries{0};    // valid DNS queries received via POST
  64   std::atomic<uint64_t> d_badrequests{0};     // request could not be converted to dns query
  65   std::atomic<uint64_t> d_errorresponses{0}; // dnsdist set 'error' on response
  66   std::atomic<uint64_t> d_redirectresponses{0}; // dnsdist set 'redirect' on response
  67   std::atomic<uint64_t> d_validresponses{0}; // valid responses sent out
  68
  69   struct HTTPVersionStats
  70   {
  71     std::atomic<uint64_t> d_nbQueries{0}; // valid DNS queries received
  72     std::atomic<uint64_t> d_nb200Responses{0};
  73     std::atomic<uint64_t> d_nb400Responses{0};
  74     std::atomic<uint64_t> d_nb403Responses{0};
  75     std::atomic<uint64_t> d_nb500Responses{0};
  76     std::atomic<uint64_t> d_nb502Responses{0};
  77     std::atomic<uint64_t> d_nbOtherResponses{0};
  78   };
  79
  80   HTTPVersionStats d_http1Stats;
  81   HTTPVersionStats d_http2Stats;
  82
  83
  84 #ifndef HAVE_DNS_OVER_HTTPS
  85   void setup()
  86   {
  87   }
  88
  89   void reloadCertificates()
  90   {
  91   }
  92
  93   void rotateTicketsKey(time_t now)
  94   {
  95   }
  96
  97   void loadTicketsKeys(const std::string& keyFile)
  98   {
  99   }
 100
 101   void handleTicketsKeyRotation()
 102   {
 103   }
 104
 105 #else
 106   void setup();
 107   void reloadCertificates();
 108
 109   void rotateTicketsKey(time_t now);
 110   void loadTicketsKeys(const std::string& keyFile);
 111   void handleTicketsKeyRotation();
 112
 113 #endif /* HAVE_DNS_OVER_HTTPS */
 114
 115 private:
 116   time_t d_ticketsKeyNextRotation{0};
 117   std::atomic_flag d_rotatingTicketsKey;
 118 };
 119
 120 #ifndef HAVE_DNS_OVER_HTTPS
 121 struct DOHUnit
 122 {
 123 };
 124
 125 #else /* HAVE_DNS_OVER_HTTPS */
 126 #include <unordered_map>
 127
 128 struct st_h2o_req_t;
 129
 130 struct DOHUnit
 131 {
 132   std::string query;
 133   std::string response;
 134   ComboAddress remote;
 135   ComboAddress dest;
 136   st_h2o_req_t* req{nullptr};
 137   DOHUnit** self{nullptr};
 138   std::string contentType;
 139   int rsock;
 140   uint16_t qtype;
 141   /* the status_code is set from
 142      processDOHQuery() (which is executed in
 143      the DOH client thread) so that the correct
 144      response can be sent in on_dnsdist(),
 145      after the DOHUnit has been passed back to
 146      the main DoH thread.
 147   */
 148   uint16_t status_code{200};
 149   bool ednsAdded{false};
 150
 151   std::string getHTTPPath() const;
 152   std::string getHTTPHost() const;
 153   std::string getHTTPScheme() const;
 154   std::string getHTTPQueryString() const;
 155   std::unordered_map<std::string, std::string> getHTTPHeaders() const;
 156   void setHTTPResponse(uint16_t statusCode, const std::string& body, const std::string& contentType="");
 157 };
 158
 159 #endif /* HAVE_DNS_OVER_HTTPS  */
 160
 161 void handleDOHTimeout(DOHUnit* oldDU);