typedef std::unordered_map<std::string, boost::variant<bool, int, std::string, std::vector<std::pair<int,int> >, std::vector<std::pair<int, std::string> >, std::map<std::string,std::string> > > localbind_t;
-static void parseLocalBindVars(boost::optional<localbind_t> vars, bool& reusePort, int& tcpFastOpenQueueSize, std::string& interface, std::set<int>& cpus, int& tcpListenQueueSize, size_t& maxInFlightQueriesPerConnection)
+static void parseLocalBindVars(boost::optional<localbind_t> vars, bool& reusePort, int& tcpFastOpenQueueSize, std::string& interface, std::set<int>& cpus, int& tcpListenQueueSize, size_t& maxInFlightQueriesPerConnection, size_t& tcpMaxConcurrentConnections)
{
if (vars) {
if (vars->count("reusePort")) {
if (vars->count("tcpListenQueueSize")) {
tcpListenQueueSize = boost::get<int>((*vars)["tcpListenQueueSize"]);
}
+ if (vars->count("maxConcurrentTCPConnections")) {
+ tcpMaxConcurrentConnections = boost::get<int>((*vars)["maxConcurrentTCPConnections"]);
+ }
if (vars->count("maxInFlight")) {
maxInFlightQueriesPerConnection = boost::get<int>((*vars)["maxInFlight"]);
}
int tcpFastOpenQueueSize = 0;
int tcpListenQueueSize = 0;
size_t maxInFlightQueriesPerConn = 0;
+ size_t tcpMaxConcurrentConnections = 0;
std::string interface;
std::set<int> cpus;
- parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn);
+ parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn, tcpMaxConcurrentConnections);
try {
ComboAddress loc(addr, 53);
if (maxInFlightQueriesPerConn > 0) {
tcpCS->d_maxInFlightQueriesPerConn = maxInFlightQueriesPerConn;
}
+ if (tcpMaxConcurrentConnections > 0) {
+ tcpCS->d_tcpConcurrentConnectionsLimit = tcpMaxConcurrentConnections;
+ }
+
g_frontends.push_back(std::move(tcpCS));
}
catch(const std::exception& e) {
int tcpFastOpenQueueSize = 0;
int tcpListenQueueSize = 0;
size_t maxInFlightQueriesPerConn = 0;
+ size_t tcpMaxConcurrentConnections = 0;
std::string interface;
std::set<int> cpus;
- parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn);
+ parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn, tcpMaxConcurrentConnections);
try {
ComboAddress loc(addr, 53);
if (maxInFlightQueriesPerConn > 0) {
tcpCS->d_maxInFlightQueriesPerConn = maxInFlightQueriesPerConn;
}
+ if (tcpMaxConcurrentConnections > 0) {
+ tcpCS->d_tcpConcurrentConnectionsLimit = tcpMaxConcurrentConnections;
+ }
g_frontends.push_back(std::move(tcpCS));
}
catch(std::exception& e) {
int tcpFastOpenQueueSize = 0;
int tcpListenQueueSize = 0;
size_t maxInFlightQueriesPerConn = 0;
+ size_t tcpMaxConcurrentConnections = 0;
std::string interface;
std::set<int> cpus;
std::vector<DNSCryptContext::CertKeyPaths> certKeys;
- parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn);
+ parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn, tcpMaxConcurrentConnections);
if (certFiles.type() == typeid(std::string) && keyFiles.type() == typeid(std::string)) {
auto certFile = boost::get<std::string>(certFiles);
if (tcpListenQueueSize > 0) {
cs->tcpListenQueueSize = tcpListenQueueSize;
}
+ if (maxInFlightQueriesPerConn > 0) {
+ cs->d_maxInFlightQueriesPerConn = maxInFlightQueriesPerConn;
+ }
+ if (tcpMaxConcurrentConnections > 0) {
+ cs->d_tcpConcurrentConnectionsLimit = tcpMaxConcurrentConnections;
+ }
g_frontends.push_back(std::move(cs));
}
int tcpFastOpenQueueSize = 0;
int tcpListenQueueSize = 0;
size_t maxInFlightQueriesPerConn = 0;
+ size_t tcpMaxConcurrentConnections = 0;
std::string interface;
std::set<int> cpus;
if (vars) {
- parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn);
+ parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn, tcpMaxConcurrentConnections);
if (vars->count("idleTimeout")) {
frontend->d_idleTimeout = boost::get<int>((*vars)["idleTimeout"]);
if (tcpListenQueueSize > 0) {
cs->tcpListenQueueSize = tcpListenQueueSize;
}
-
+ if (tcpMaxConcurrentConnections > 0) {
+ cs->d_tcpConcurrentConnectionsLimit = tcpMaxConcurrentConnections;
+ }
g_frontends.push_back(std::move(cs));
#else
throw std::runtime_error("addDOHLocal() called but DNS over HTTPS support is not present!");
int tcpFastOpenQueueSize = 0;
int tcpListenQueueSize = 0;
size_t maxInFlightQueriesPerConn = 0;
+ size_t tcpMaxConcurrentConns = 0;
std::string interface;
std::set<int> cpus;
if (vars) {
- parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn);
+ parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn, tcpMaxConcurrentConns);
if (vars->count("provider")) {
frontend->d_provider = boost::get<const string>((*vars)["provider"]);
if (maxInFlightQueriesPerConn > 0) {
cs->d_maxInFlightQueriesPerConn = maxInFlightQueriesPerConn;
}
+ if (tcpMaxConcurrentConns > 0) {
+ cs->d_tcpConcurrentConnectionsLimit = tcpMaxConcurrentConns;
+ }
g_tlslocals.push_back(cs->tlsFrontend);
g_frontends.push_back(std::move(cs));
Added ``tcpListenQueueSize`` parameter.
.. versionchanged:: 1.6.0
- Added ``maxInFlight`` parameter.
+ Added ``maxInFlight`` and ``maxConcurrentTCPConnections`` parameters.
Add to the list of listen addresses.
* ``cpus={}``: table - Set the CPU affinity for this listener thread, asking the scheduler to run it on a single CPU id, or a set of CPU ids. This parameter is only available if the OS provides the pthread_setaffinity_np() function.
* ``tcpListenQueueSize=SOMAXCONN``: int - Set the size of the listen queue. Default is ``SOMAXCONN``.
* ``maxInFlight=0``: int - Maximum number of in-flight queries. The default is 0, which disables out-of-order processing.
+ * ``maxConcurrentTCPConnections=0``: int - Maximum number of concurrent incoming TCP connections. The default is 0 which means unlimited.
.. code-block:: lua
``url`` now defaults to ``/dns-query`` instead of ``/``, and does exact matching instead of accepting sub-paths. Added ``tcpListenQueueSize`` parameter.
.. versionchanged:: 1.6.0
- ``exactPathMatching``, ``releaseBuffers`` and ``enableRenegotiation`` options added.
+ ``enableRenegotiation``, ``exactPathMatching``, ``maxConcurrentTCPConnections`` and ``releaseBuffers`` options added.
``internalPipeBufferSize`` now defaults to 1048576 on Linux.
Listen on the specified address and TCP port for incoming DNS over HTTPS connections, presenting the specified X.509 certificate.
* ``tcpListenQueueSize=SOMAXCONN``: int - Set the size of the listen queue. Default is ``SOMAXCONN``.
* ``internalPipeBufferSize=0``: int - Set the size in bytes of the internal buffer of the pipes used internally to pass queries and responses between threads. Requires support for ``F_SETPIPE_SZ`` which is present in Linux since 2.6.35. The actual size might be rounded up to a multiple of a page size. 0 means that the OS default size is used. The default value is 0, except on Linux where it is 1048576 since 1.6.0.
* ``exactPathMatching=true``: bool - Whether to do exact path matching of the query path against the paths configured in ``urls`` (true, the default since 1.5.0) or to accepts sub-paths (false, and was the default before 1.5.0).
+ * ``maxConcurrentTCPConnections=0``: int - Maximum number of concurrent incoming TCP connections. The default is 0 which means unlimited.
* ``releaseBuffers=true``: bool - Whether OpenSSL should release its I/O buffers when a connection goes idle, saving roughly 35 kB of memory per connection.
* ``enableRenegotiation=false``: bool - Whether secure TLS renegotiation should be enabled. Disabled by default since it increases the attack surface and is seldom used for DNS.
.. versionchanged:: 1.5.0
``sessionTimeout`` and ``tcpListenQueueSize`` options added.
.. versionchanged:: 1.6.0
- ``maxInFlight``, ``releaseBuffers`` and ``enableRenegotiation`` options added.
+ ``enableRenegotiation``, ``maxConcurrentTCPConnections``, ``maxInFlight`` and ``releaseBuffers`` options added.
Listen on the specified address and TCP port for incoming DNS over TLS connections, presenting the specified X.509 certificate.
* ``keyLogFile``: str - Write the TLS keys in the specified file so that an external program can decrypt TLS exchanges, in the format described in https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format. Note that this feature requires OpenSSL >= 1.1.1.
* ``tcpListenQueueSize=SOMAXCONN``: int - Set the size of the listen queue. Default is ``SOMAXCONN``.
* ``maxInFlight=0``: int - Maximum number of in-flight queries. The default is 0, which disables out-of-order processing.
+ * ``maxConcurrentTCPConnections=0``: int - Maximum number of concurrent incoming TCP connections. The default is 0 which means unlimited.
* ``releaseBuffers=true``: bool - Whether OpenSSL should release its I/O buffers when a connection goes idle, saving roughly 35 kB of memory per connection.
* ``enableRenegotiation=false``: bool - Whether secure TLS renegotiation should be enabled (OpenSSL only, the GnuTLS provider does not support it). Disabled by default since it increases the attack surface and is seldom used for DNS.
projects / thirdparty / pdns.git / commitdiff
