5 struct DOHServerConfig;
7 class DOHResponseMapEntry
10 DOHResponseMapEntry(const std::string& regex, uint16_t status, const std::string& content, const boost::optional<std::vector<std::pair<std::string, std::string>>>& headers): d_regex(regex), d_customHeaders(headers), d_content(content), d_status(status)
14 bool matches(const std::string& path) const
16 return d_regex.match(path);
19 uint16_t getStatusCode() const
24 const std::string& getContent() const
29 const boost::optional<std::vector<std::pair<std::string, std::string>>>& getHeaders() const
31 return d_customHeaders;
36 boost::optional<std::vector<std::pair<std::string, std::string>>> d_customHeaders;
37 std::string d_content;
43 std::shared_ptr<DOHServerConfig> d_dsc{nullptr};
44 std::vector<std::pair<std::string, std::string>> d_certKeyPairs;
45 std::vector<std::string> d_ocspFiles;
46 std::vector<std::shared_ptr<DOHResponseMapEntry>> d_responsesMap;
47 std::string d_ciphers;
48 std::string d_ciphers13;
49 std::string d_serverTokens{"h2o/dnsdist"};
50 LibsslTLSVersion d_minTLSVersion{LibsslTLSVersion::TLS10};
51 #ifdef HAVE_DNS_OVER_HTTPS
52 std::unique_ptr<OpenSSLTLSTicketKeysRing> d_ticketKeys{nullptr};
54 std::vector<std::pair<std::string, std::string>> d_customResponseHeaders;
57 uint32_t d_idleTimeout{30}; // HTTP idle timeout in seconds
58 std::vector<std::string> d_urls;
59 std::string d_ticketKeyFile;
61 std::atomic_flag d_rotatingTicketsKey;
62 time_t d_ticketsKeyRotationDelay{43200};
63 time_t d_ticketsKeyNextRotation{0};
64 size_t d_maxStoredSessions{20480};
65 uint8_t d_numberOfTicketsKeys{5};
66 bool d_enableTickets{true};
68 std::atomic<uint64_t> d_httpconnects; // number of TCP/IP connections established
69 std::atomic<uint64_t> d_tls10queries; // valid DNS queries received via TLSv1.0
70 std::atomic<uint64_t> d_tls11queries; // valid DNS queries received via TLSv1.1
71 std::atomic<uint64_t> d_tls12queries; // valid DNS queries received via TLSv1.2
72 std::atomic<uint64_t> d_tls13queries; // valid DNS queries received via TLSv1.3
73 std::atomic<uint64_t> d_tlsUnknownqueries; // valid DNS queries received via unknown TLS version
75 std::atomic<uint64_t> d_getqueries; // valid DNS queries received via GET
76 std::atomic<uint64_t> d_postqueries; // valid DNS queries received via POST
77 std::atomic<uint64_t> d_badrequests; // request could not be converted to dns query
78 std::atomic<uint64_t> d_errorresponses; // dnsdist set 'error' on response
79 std::atomic<uint64_t> d_redirectresponses; // dnsdist set 'redirect' on response
80 std::atomic<uint64_t> d_validresponses; // valid responses sent out
82 struct HTTPVersionStats
84 std::atomic<uint64_t> d_nbQueries{0}; // valid DNS queries received
85 std::atomic<uint64_t> d_nb200Responses{0};
86 std::atomic<uint64_t> d_nb400Responses{0};
87 std::atomic<uint64_t> d_nb403Responses{0};
88 std::atomic<uint64_t> d_nb500Responses{0};
89 std::atomic<uint64_t> d_nb502Responses{0};
90 std::atomic<uint64_t> d_nbOtherResponses{0};
93 HTTPVersionStats d_http1Stats;
94 HTTPVersionStats d_http2Stats;
97 #ifndef HAVE_DNS_OVER_HTTPS
102 void reloadCertificates()
106 void rotateTicketsKey(time_t now)
110 void loadTicketsKeys(const std::string& keyFile)
114 void handleTicketsKeyRotation()
120 void reloadCertificates();
122 void rotateTicketsKey(time_t now);
123 void loadTicketsKeys(const std::string& keyFile);
124 void handleTicketsKeyRotation();
126 #endif /* HAVE_DNS_OVER_HTTPS */
129 #ifndef HAVE_DNS_OVER_HTTPS
134 #else /* HAVE_DNS_OVER_HTTPS */
135 #include <unordered_map>
142 std::string response;
145 st_h2o_req_t* req{nullptr};
146 DOHUnit** self{nullptr};
147 std::string contentType;
150 /* the status_code is set from
151 processDOHQuery() (which is executed in
152 the DOH client thread) so that the correct
153 response can be sent in on_dnsdist(),
154 after the DOHUnit has been passed back to
157 uint16_t status_code{200};
158 bool ednsAdded{false};
160 std::string getHTTPPath() const;
161 std::string getHTTPHost() const;
162 std::string getHTTPScheme() const;
163 std::string getHTTPQueryString() const;
164 std::unordered_map<std::string, std::string> getHTTPHeaders() const;
165 void setHTTPResponse(uint16_t statusCode, const std::string& body, const std::string& contentType="");
168 #endif /* HAVE_DNS_OVER_HTTPS */
170 void handleDOHTimeout(DOHUnit* oldDU);