dnsdist: Add support for the processing of X-Forwarded-For headers

[thirdparty/pdns.git] / pdns / doh.hh

diff --git a/pdns/doh.hh b/pdns/doh.hh
index 80481ec4dbdacc09ce2d262026174b41ae44f90f..9e51c2e065359951176d3f26343d416cf11fd7c7 100644 (file)
--- a/pdns/doh.hh
+++ b/pdns/doh.hh
@@ -1,3 +1,24 @@
+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
 #pragma once
 #include "iputils.hh"
 #include "libssl.hh"
@@ -42,7 +63,6 @@ struct DOHFrontend
 {
   DOHFrontend()
   {
-    d_rotatingTicketsKey.clear();
   }
 
   std::shared_ptr<DOHServerConfig> d_dsc{nullptr};
@@ -50,9 +70,6 @@ struct DOHFrontend
   TLSConfig d_tlsConfig;
   TLSErrorCounters d_tlsCounters;
   std::string d_serverTokens{"h2o/dnsdist"};
-#ifdef HAVE_DNS_OVER_HTTPS
-  std::unique_ptr<OpenSSLTLSTicketKeysRing> d_ticketKeys{nullptr};
-#endif
   std::vector<std::pair<std::string, std::string>> d_customResponseHeaders;
   ComboAddress d_local;
 
@@ -80,7 +97,13 @@ struct DOHFrontend
 
   HTTPVersionStats d_http1Stats;
   HTTPVersionStats d_http2Stats;
+  bool d_sendCacheControlHeaders{true};
+  bool d_trustForwardedForHeader{false};
 
+  time_t getTicketsKeyRotationDelay() const
+  {
+    return d_tlsConfig.d_ticketsKeyRotationDelay;
+  }
 
 #ifndef HAVE_DNS_OVER_HTTPS
   void setup()
@@ -103,35 +126,27 @@ struct DOHFrontend
   {
   }
 
-#else
-  void setup();
-  void reloadCertificates();
-
-  void rotateTicketsKey(time_t now);
-  void loadTicketsKeys(const std::string& keyFile);
-  void handleTicketsKeyRotation();
-
-#endif /* HAVE_DNS_OVER_HTTPS */
-
   time_t getNextTicketsKeyRotation() const
   {
-    return d_ticketsKeyNextRotation;
+    return 0;
   }
 
   size_t getTicketsKeysCount() const
   {
     size_t res = 0;
-#ifdef HAVE_DNS_OVER_HTTPS
-    if (d_ticketKeys) {
-      res = d_ticketKeys->getKeysCount();
-    }
-#endif /* HAVE_DNS_OVER_HTTPS */
     return res;
   }
 
-private:
-  time_t d_ticketsKeyNextRotation{0};
-  std::atomic_flag d_rotatingTicketsKey;
+#else
+  void setup();
+  void reloadCertificates();
+
+  void rotateTicketsKey(time_t now);
+  void loadTicketsKeys(const std::string& keyFile);
+  void handleTicketsKeyRotation();
+  time_t getNextTicketsKeyRotation() const;
+  size_t getTicketsKeysCount() const;
+#endif /* HAVE_DNS_OVER_HTTPS */
 };
 
 #ifndef HAVE_DNS_OVER_HTTPS
@@ -159,8 +174,7 @@ struct DOHUnit
 
   void release()
   {
-    --d_refcnt;
-    if (d_refcnt == 0) {
+    if (--d_refcnt == 0) {
       delete this;
     }
   }