dnsdist: Add a selector to match the incoming protocol

author Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 3 Jul 2025 19:15:01 +0000 (21:15 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Fri, 4 Jul 2025 08:09:36 +0000 (10:09 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 3 Jul 2025 19:15:01 +0000 (21:15 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Fri, 4 Jul 2025 08:09:36 +0000 (10:09 +0200)
diff --git a/pdns/dnsdistdist/dnsdist-protocols.cc b/pdns/dnsdistdist/dnsdist-protocols.cc

index 35da4711f41523786b3f7d808495b49bf48de63e..dac252d5f77bb40d2b9b211443f6a8897ba37727 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-protocols.cc
+++ b/pdns/dnsdistdist/dnsdist-protocols.cc
@@ -68,6 +68,16 @@ bool Protocol::operator!=(Protocol::typeenum type) const
    return d_protocol != type;
  }
  
+bool Protocol::operator==(const Protocol& rhs) const
+{
+  return d_protocol == rhs.d_protocol;
+}
+
+bool Protocol::operator!=(const Protocol& rhs) const
+{
+  return d_protocol != rhs.d_protocol;
+}
+
  const std::string& Protocol::toString() const
  {
    return s_names.at(static_cast<uint8_t>(d_protocol));
diff --git a/pdns/dnsdistdist/dnsdist-protocols.hh b/pdns/dnsdistdist/dnsdist-protocols.hh

index beb43ed3d71d218588432770cf5fd6a55c523098..17e13f3c3b1379cd19e3ffd2b4c0ddd916b31241 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-protocols.hh
+++ b/pdns/dnsdistdist/dnsdist-protocols.hh
@@ -54,6 +54,8 @@ public:
  
    bool operator==(typeenum) const;
    bool operator!=(typeenum) const;
+  bool operator==(const Protocol& rhs) const;
+  bool operator!=(const Protocol& rhs) const;
  
    const std::string& toString() const;
    const std::string& toPrettyString() const;
diff --git a/pdns/dnsdistdist/dnsdist-rules-factory.hh b/pdns/dnsdistdist/dnsdist-rules-factory.hh

index c42eb0ed5c6e3baef5ef694263d19d6b740214b7..48f210001481718f8d7fa4bcd979bc01d5677712 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-rules-factory.hh
+++ b/pdns/dnsdistdist/dnsdist-rules-factory.hh
@@ -1501,6 +1501,28 @@ private:
    Comparisons d_comparison;
  };
  
+class IncomingProtocolRule : public DNSRule
+{
+public:
+  IncomingProtocolRule(const std::string& protocol) :
+    d_protocol(protocol)
+  {
+  }
+
+  bool matches(const DNSQuestion* dq) const override
+  {
+    return dq->getProtocol() == d_protocol;
+  }
+
+  string toString() const override
+  {
+    return "incoming protocol is " + d_protocol.toString();
+  }
+
+private:
+  dnsdist::Protocol d_protocol;
+};
+
  namespace dnsdist::selectors
  {
  std::shared_ptr<AndRule> getAndSelector(const std::vector<std::shared_ptr<DNSRule>>& rules);
diff --git a/pdns/dnsdistdist/dnsdist-selectors-definitions.yml b/pdns/dnsdistdist/dnsdist-selectors-definitions.yml

index 215912fd4c28e9defe7fc1d54ee3c53990516587..2fb005499cfa61ae91a1e2e17b6ae127fbd16037 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-selectors-definitions.yml
+++ b/pdns/dnsdistdist/dnsdist-selectors-definitions.yml
@@ -70,6 +70,13 @@
      - name: "expression"
        type: "String"
        description: "The regex to match on"
+- name: "IncomingProtocol"
+  description: "Matches queries received over a specific protocol"
+  version_added: 2.1.0
+  parameters:
+    - name: "protocol"
+      type: "String"
+      description: "The protocol to match on, in a case-sensitive way. Supported values are DoUDP, DoTCP, DNSCryptUDP, DNSCryptTCP, DoT, DoH, DoQ and DoH3"
  - name: "KeyValueStoreLookup"
    skip-cpp: true
    skip-rust: true
diff --git a/pdns/dnsdistdist/dnsdist-settings-documentation-generator.py b/pdns/dnsdistdist/dnsdist-settings-documentation-generator.py

index 63d6a14cbfbd931b326bb10c414b4dd8de38d684..b53425d02546ecb63010aa16894714dc7ff144d2 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-settings-documentation-generator.py
+++ b/pdns/dnsdistdist/dnsdist-settings-documentation-generator.py
@@ -105,6 +105,10 @@ def process_object(object_name, entries, entry_type, is_setting_struct=False, lu
      output += '-' * len(object_name) + '\n'
      output += '\n'
  
+    if 'version_added' in entries:
+        output += '  .. versionadded:: ' + entries['version_added'] + '\n'
+        output += '\n'
+
      if 'description' in entries:
          description = entries['description']
          output += description + '\n'
diff --git a/pdns/dnsdistdist/docs/reference/selectors.rst b/pdns/dnsdistdist/docs/reference/selectors.rst

index bde5fd3dfec09b5d3ac0f428d97d7307f83b3bfd..4f1b9911bbe79d1f6be36f88a3cea4dec52ff3ba 100644 (file)
--- a/pdns/dnsdistdist/docs/reference/selectors.rst
+++ b/pdns/dnsdistdist/docs/reference/selectors.rst
@@ -83,6 +83,14 @@ Selectors can be combined via :func:`AndRule`, :func:`OrRule` and :func:`NotRule
  
    :param str path: The exact HTTP path to match on
  
+.. function:: IncomingProtocolRule(protocol)
+
+  .. versionadded:: 2.1.0
+
+  Matches queries received over a specific protocol.
+
+  :param str protocol: The protocol to match on, in a case-sensitive way. Supported values are DoUDP, DoTCP, DNSCryptUDP, DNSCryptTCP, DoT, DoH, DoQ and DoH3
+
  .. function:: KeyValueStoreLookupRule(kvs, lookupKey)
  
    .. versionadded:: 1.4.0
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 3 Jul 2025 19:15:01 +0000 (21:15 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 4 Jul 2025 08:09:36 +0000 (10:09 +0200)
pdns/dnsdistdist/dnsdist-protocols.cc		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-protocols.hh		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-rules-factory.hh		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-selectors-definitions.yml		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-settings-documentation-generator.py		patch \| blob \| blame \| history
pdns/dnsdistdist/docs/reference/selectors.rst		patch \| blob \| blame \| history