+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
#pragma once
#include "iputils.hh"
#include "libssl.hh"
{
DOHFrontend()
{
- d_rotatingTicketsKey.clear();
}
std::shared_ptr<DOHServerConfig> d_dsc{nullptr};
- std::vector<std::pair<std::string, std::string>> d_certKeyPairs;
- std::vector<std::string> d_ocspFiles;
std::vector<std::shared_ptr<DOHResponseMapEntry>> d_responsesMap;
- std::string d_ciphers;
- std::string d_ciphers13;
+ TLSConfig d_tlsConfig;
+ TLSErrorCounters d_tlsCounters;
std::string d_serverTokens{"h2o/dnsdist"};
- LibsslTLSVersion d_minTLSVersion{LibsslTLSVersion::TLS10};
-#ifdef HAVE_DNS_OVER_HTTPS
- std::unique_ptr<OpenSSLTLSTicketKeysRing> d_ticketKeys{nullptr};
-#endif
std::vector<std::pair<std::string, std::string>> d_customResponseHeaders;
ComboAddress d_local;
uint32_t d_idleTimeout{30}; // HTTP idle timeout in seconds
std::vector<std::string> d_urls;
- std::string d_ticketKeyFile;
-
- time_t d_ticketsKeyRotationDelay{43200};
- size_t d_maxStoredSessions{20480};
- uint8_t d_numberOfTicketsKeys{5};
- bool d_enableTickets{true};
-
- std::atomic<uint64_t> d_httpconnects; // number of TCP/IP connections established
- std::atomic<uint64_t> d_tls10queries; // valid DNS queries received via TLSv1.0
- std::atomic<uint64_t> d_tls11queries; // valid DNS queries received via TLSv1.1
- std::atomic<uint64_t> d_tls12queries; // valid DNS queries received via TLSv1.2
- std::atomic<uint64_t> d_tls13queries; // valid DNS queries received via TLSv1.3
- std::atomic<uint64_t> d_tlsUnknownqueries; // valid DNS queries received via unknown TLS version
-
- std::atomic<uint64_t> d_getqueries; // valid DNS queries received via GET
- std::atomic<uint64_t> d_postqueries; // valid DNS queries received via POST
- std::atomic<uint64_t> d_badrequests; // request could not be converted to dns query
- std::atomic<uint64_t> d_errorresponses; // dnsdist set 'error' on response
- std::atomic<uint64_t> d_redirectresponses; // dnsdist set 'redirect' on response
- std::atomic<uint64_t> d_validresponses; // valid responses sent out
+
+ std::atomic<uint64_t> d_httpconnects{0}; // number of TCP/IP connections established
+ std::atomic<uint64_t> d_getqueries{0}; // valid DNS queries received via GET
+ std::atomic<uint64_t> d_postqueries{0}; // valid DNS queries received via POST
+ std::atomic<uint64_t> d_badrequests{0}; // request could not be converted to dns query
+ std::atomic<uint64_t> d_errorresponses{0}; // dnsdist set 'error' on response
+ std::atomic<uint64_t> d_redirectresponses{0}; // dnsdist set 'redirect' on response
+ std::atomic<uint64_t> d_validresponses{0}; // valid responses sent out
struct HTTPVersionStats
{
HTTPVersionStats d_http1Stats;
HTTPVersionStats d_http2Stats;
+ bool d_sendCacheControlHeaders{true};
+ bool d_trustForwardedForHeader{false};
+ time_t getTicketsKeyRotationDelay() const
+ {
+ return d_tlsConfig.d_ticketsKeyRotationDelay;
+ }
#ifndef HAVE_DNS_OVER_HTTPS
void setup()
{
}
+ time_t getNextTicketsKeyRotation() const
+ {
+ return 0;
+ }
+
+ size_t getTicketsKeysCount() const
+ {
+ size_t res = 0;
+ return res;
+ }
+
#else
void setup();
void reloadCertificates();
void rotateTicketsKey(time_t now);
void loadTicketsKeys(const std::string& keyFile);
void handleTicketsKeyRotation();
-
+ time_t getNextTicketsKeyRotation() const;
+ size_t getTicketsKeysCount() const;
#endif /* HAVE_DNS_OVER_HTTPS */
-
-private:
- time_t d_ticketsKeyNextRotation{0};
- std::atomic_flag d_rotatingTicketsKey;
};
#ifndef HAVE_DNS_OVER_HTTPS
struct DOHUnit
{
+ DOHUnit()
+ {
+ }
+ DOHUnit(const DOHUnit&) = delete;
+ DOHUnit& operator=(const DOHUnit&) = delete;
+
+ void get()
+ {
+ ++d_refcnt;
+ }
+
+ void release()
+ {
+ if (--d_refcnt == 0) {
+ delete this;
+ }
+ }
+
std::string query;
std::string response;
ComboAddress remote;
st_h2o_req_t* req{nullptr};
DOHUnit** self{nullptr};
std::string contentType;
+ std::atomic<uint64_t> d_refcnt{1};
int rsock;
uint16_t qtype;
/* the status_code is set from