use DoT instead of UDP to send a query. Implies tcp.
insecure
when using DoT, do not validate the server certificate.
+fastOpen
+ when using TCP or, DoT, enable TCP Fast Open
subjectName *name*
when using DoT, verify the server certificate is issued for *name*. The `openssl` provider will accept an empty name and still
make sure the certificate is issued by a trusted CA, `gnutls` will only do the validation if a name is given.
cerr << "sdig" << endl;
cerr << "Syntax: sdig IP-ADDRESS-OR-DOH-URL PORT QNAME QTYPE "
"[dnssec] [ednssubnet SUBNET/MASK] [hidesoadetails] [hidettl] [recurse] [showflags] "
- "[tcp] [dot] [insecure] [subjectName name] [caStore file] [tlsProvider openssl|gnutls] "
+ "[tcp] [dot] [insecure] [fastOpen] [subjectName name] [caStore file] [tlsProvider openssl|gnutls] "
"[xpf XPFDATA] [class CLASSNUM] "
"[proxy UDP(0)/TCP(1) SOURCE-IP-ADDRESS-AND-PORT DESTINATION-IP-ADDRESS-AND-PORT]"
<< endl;
dot = true;
else if (strcmp(argv[i], "insecure") == 0)
insecureDoT = true;
+ else if (strcmp(argv[i], "fastOpen") == 0)
+ fastOpen = true;
else if (strcmp(argv[i], "ednssubnet") == 0) {
if (argc < i + 2) {
cerr << "ednssubnet needs an argument" << endl;
}
uint16_t counter = 0;
Socket sock(dest.sin4.sin_family, SOCK_STREAM);
+ setTCPNoDelay(sock.getHandle()); // disable NAGLE, which does not play nicely with delayed ACKs
TCPIOHandler handler(subjectName, sock.releaseHandle(), timeout, tlsCtx, time(nullptr));
handler.connect(fastOpen, dest, timeout);
// we are writing the proxyheader inside the TLS connection. Is that right?
#pragma once
#include <memory>
+/* needed for proper TCP_FASTOPEN_CONNECT detection */
+#include <netinet/tcp.h>
#include "libssl.hh"
#include "misc.hh"
SConnectWithTimeout(d_socket, remote, /* no timeout, we will handle it ourselves */ 0);
}
#else
- SConnectWithTimeout(d_socket, d_ds->remote, /* no timeout, we will handle it ourselves */ 0);
+ SConnectWithTimeout(d_socket, remote, /* no timeout, we will handle it ourselves */ 0);
#endif /* MSG_FASTOPEN */
if (d_conn) {
SConnectWithTimeout(d_socket, remote, timeout);
}
#else
- SConnectWithTimeout(d_socket, d_ds->remote, timeout);
+ SConnectWithTimeout(d_socket, remote, timeout);
#endif /* MSG_FASTOPEN */
if (d_conn) {
return d_conn->tryWrite(buffer, pos, toWrite);
}
+#ifdef MSG_FASTOPEN
if (d_fastOpen) {
int socketFlags = MSG_FASTOPEN;
size_t sent = sendMsgWithOptions(d_socket, reinterpret_cast<const char *>(&buffer.at(pos)), toWrite - pos, &d_remote, nullptr, 0, socketFlags);
return IOState::Done;
}
+#endif /* MSG_FASTOPEN */
do {
ssize_t res = ::write(d_socket, reinterpret_cast<const char*>(&buffer.at(pos)), toWrite - pos);
if (d_conn) {
return d_conn->write(buffer, bufferSize, writeTimeout);
}
- else {
- return writen2WithTimeout(d_socket, buffer, bufferSize, writeTimeout);
+
+#ifdef MSG_FASTOPEN
+ if (d_fastOpen) {
+ int socketFlags = MSG_FASTOPEN;
+ size_t sent = sendMsgWithOptions(d_socket, reinterpret_cast<const char *>(buffer), bufferSize, &d_remote, nullptr, 0, socketFlags);
+ if (sent > 0) {
+ d_fastOpen = false;
+ }
+
+ return sent;
}
+#endif /* MSG_FASTOPEN */
+
+ return writen2WithTimeout(d_socket, buffer, bufferSize, writeTimeout);
}
bool hasBufferedData() const
std::unique_ptr<TLSConnection> d_conn{nullptr};
ComboAddress d_remote;
int d_socket{-1};
+#ifdef MSG_FASTOPEN
bool d_fastOpen{false};
+#endif
};
struct TLSContextParameters
projects / thirdparty / pdns.git / commitdiff
