dnsdist: Add setTCPFastOpenKey()

Signed-off-by: Y7n05h <Y7n05h@protonmail.com>

diff --git a/pdns/dnsdist-console.cc b/pdns/dnsdist-console.cc
index 5d66c21bcfa1290e0ebb9e846fb5b2295708f8ca..3a3073e3db1679ee73c7d56bad1d2126af858672 100644 (file)
--- a/pdns/dnsdist-console.cc
+++ b/pdns/dnsdist-console.cc
@@ -685,6 +685,7 @@ const std::vector<ConsoleKeyword> g_consoleKeywords{
   { "setStaleCacheEntriesTTL", true, "n", "allows using cache entries expired for at most n seconds when there is no backend available to answer for a query" },
   { "setSyslogFacility", true, "facility", "set the syslog logging facility to 'facility'. Defaults to LOG_DAEMON" },
   { "setTCPDownstreamCleanupInterval", true, "interval", "minimum interval in seconds between two cleanups of the idle TCP downstream connections" },
+  { "setTCPFastOpenKey", true, "string", "TCP Fast Open Key" },
   { "setTCPDownstreamMaxIdleTime", true, "time", "Maximum time in seconds that a downstream TCP connection to a backend might stay idle" },
   { "setTCPInternalPipeBufferSize", true, "size", "Set the size in bytes of the internal buffer of the pipes used internally to distribute connections to TCP (and DoT) workers threads" },
   { "setTCPRecvTimeout", true, "n", "set the read timeout on TCP connections from the client, in seconds" },

diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index d7458a2c5b659c6561345f052242215b3ec2dc03..1ea0da2d6887e72345ea0f43e0f4de99f9968bb7 100644 (file)
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -30,6 +30,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <thread>
+#include <vector>
 
 #include "dnsdist.hh"
 #include "dnsdist-carbon.hh"
@@ -1987,6 +1988,19 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
   });
 
   luaCtx.writeFunction("setTCPInternalPipeBufferSize", [](uint64_t size) { g_tcpInternalPipeBufferSize = size; });
+  luaCtx.writeFunction("setTCPFastOpenKey", [](const std::string& keyString) {
+    setLuaSideEffect();
+    unsigned int key[4] = {};
+    auto ret = sscanf(keyString.c_str(), "%x-%x-%x-%x", &key[0], &key[1], &key[2], &key[3]);
+    if (ret != 4) {
+      g_outputBuffer = "Invalid value passed to setTCPFastOpenKey()!\n";
+      return;
+    }
+    extern vector<unsigned int> g_TCPFastOpenKey;
+    for (const auto i : key) {
+      g_TCPFastOpenKey.push_back(i);
+    }
+  });
 
 #ifdef HAVE_NET_SNMP
   luaCtx.writeFunction("snmpAgent", [client, configCheck](bool enableTraps, boost::optional<std::string> daemonSocket) {

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index e1036faa0358a2aae4755d66ac2e3144b6931340..bf98eb12866bd9f70e500318230b3b95a3d22f51 100644 (file)
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -111,7 +111,7 @@ std::vector<std::shared_ptr<DynBPFFilter> > g_dynBPFFilters;
 std::vector<std::unique_ptr<ClientState>> g_frontends;
 GlobalStateHolder<pools_t> g_pools;
 size_t g_udpVectorSize{1};
-
+std::vector<unsigned int> g_TCPFastOpenKey;
 /* UDP: the grand design. Per socket we listen on for incoming queries there is one thread.
    Then we have a bunch of connected sockets for talking to downstream servers.
    We send directly to those sockets.
@@ -1983,6 +1983,11 @@ static void setUpLocalBind(std::unique_ptr<ClientState>& cs)
     if (cs->fastOpenQueueSize > 0) {
 #ifdef TCP_FASTOPEN
       SSetsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN, cs->fastOpenQueueSize);
+      if (!g_TCPFastOpenKey.empty()) {
+        auto res = setsockopt(fd, IPPROTO_IP, TCP_FASTOPEN_KEY, g_TCPFastOpenKey.data(), g_TCPFastOpenKey.size() * sizeof(g_TCPFastOpenKey[0]));
+        if (res == -1)
+          throw runtime_error("setsockopt for level IPPROTO_TCP and opname TCP_FASTOPEN_KEY failed: " + stringerror());
+      }
 #else
       if (warn) {
         warnlog("TCP Fast Open has been configured on local address '%s' but is not supported", cs->local.toStringWithPort());