typedef std::unordered_map<std::string, boost::variant<bool, int, std::string, std::vector<std::pair<int,int> >, std::vector<std::pair<int, std::string> >, std::map<std::string,std::string> > > localbind_t;
-static void parseLocalBindVars(boost::optional<localbind_t> vars, bool& reusePort, int& tcpFastOpenQueueSize, std::string& interface, std::set<int>& cpus)
+static void parseLocalBindVars(boost::optional<localbind_t> vars, bool& reusePort, int& tcpFastOpenQueueSize, std::string& interface, std::set<int>& cpus, int& tcpListenQueueSize)
{
if (vars) {
if (vars->count("reusePort")) {
if (vars->count("tcpFastOpenQueueSize")) {
tcpFastOpenQueueSize = boost::get<int>((*vars)["tcpFastOpenQueueSize"]);
}
+ if (vars->count("tcpListenQueueSize")) {
+ tcpListenQueueSize = boost::get<int>((*vars)["tcpListenQueueSize"]);
+ }
if (vars->count("interface")) {
interface = boost::get<std::string>((*vars)["interface"]);
}
}
bool reusePort = false;
int tcpFastOpenQueueSize = 0;
+ int tcpListenQueueSize = 0;
std::string interface;
std::set<int> cpus;
- parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus);
+ parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize);
try {
ComboAddress loc(addr, 53);
// only works pre-startup, so no sync necessary
g_frontends.push_back(std::unique_ptr<ClientState>(new ClientState(loc, false, reusePort, tcpFastOpenQueueSize, interface, cpus)));
- g_frontends.push_back(std::unique_ptr<ClientState>(new ClientState(loc, true, reusePort, tcpFastOpenQueueSize, interface, cpus)));
+ auto tcpCS = std::unique_ptr<ClientState>(new ClientState(loc, true, reusePort, tcpFastOpenQueueSize, interface, cpus));
+ if (tcpListenQueueSize > 0) {
+ tcpCS->tcpListenQueueSize = tcpListenQueueSize;
+ }
+ g_frontends.push_back(std::move(tcpCS));
}
catch(const std::exception& e) {
g_outputBuffer="Error: "+string(e.what())+"\n";
}
bool reusePort = false;
int tcpFastOpenQueueSize = 0;
+ int tcpListenQueueSize = 0;
std::string interface;
std::set<int> cpus;
- parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus);
+ parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize);
try {
ComboAddress loc(addr, 53);
// only works pre-startup, so no sync necessary
g_frontends.push_back(std::unique_ptr<ClientState>(new ClientState(loc, false, reusePort, tcpFastOpenQueueSize, interface, cpus)));
- g_frontends.push_back(std::unique_ptr<ClientState>(new ClientState(loc, true, reusePort, tcpFastOpenQueueSize, interface, cpus)));
+ auto tcpCS = std::unique_ptr<ClientState>(new ClientState(loc, true, reusePort, tcpFastOpenQueueSize, interface, cpus));
+ if (tcpListenQueueSize > 0) {
+ tcpCS->tcpListenQueueSize = tcpListenQueueSize;
+ }
+ g_frontends.push_back(std::move(tcpCS));
}
catch(std::exception& e) {
g_outputBuffer="Error: "+string(e.what())+"\n";
#ifdef HAVE_DNSCRYPT
bool reusePort = false;
int tcpFastOpenQueueSize = 0;
+ int tcpListenQueueSize = 0;
std::string interface;
std::set<int> cpus;
std::vector<DNSCryptContext::CertKeyPaths> certKeys;
- parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus);
+ parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize);
if (certFiles.type() == typeid(std::string) && keyFiles.type() == typeid(std::string)) {
auto certFile = boost::get<std::string>(certFiles);
/* TCP */
cs = std::unique_ptr<ClientState>(new ClientState(ComboAddress(addr, 443), true, reusePort, tcpFastOpenQueueSize, interface, cpus));
cs->dnscryptCtx = ctx;
+ if (tcpListenQueueSize > 0) {
+ cs->tcpListenQueueSize = tcpListenQueueSize;
+ }
+
g_frontends.push_back(std::move(cs));
}
catch(std::exception& e) {
bool reusePort = false;
int tcpFastOpenQueueSize = 0;
+ int tcpListenQueueSize = 0;
std::string interface;
std::set<int> cpus;
- if(vars) {
- parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus);
+ if (vars) {
+ parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize);
if (vars->count("idleTimeout")) {
frontend->d_idleTimeout = boost::get<int>((*vars)["idleTimeout"]);
g_dohlocals.push_back(frontend);
auto cs = std::unique_ptr<ClientState>(new ClientState(frontend->d_local, true, reusePort, tcpFastOpenQueueSize, interface, cpus));
cs->dohFrontend = frontend;
+ if (tcpListenQueueSize > 0) {
+ cs->tcpListenQueueSize = tcpListenQueueSize;
+ }
+
g_frontends.push_back(std::move(cs));
#else
throw std::runtime_error("addDOHLocal() called but DNS over HTTPS support is not present!");
bool reusePort = false;
int tcpFastOpenQueueSize = 0;
+ int tcpListenQueueSize = 0;
std::string interface;
std::set<int> cpus;
if (vars) {
- parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus);
+ parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize);
if (vars->count("provider")) {
frontend->d_provider = boost::get<const string>((*vars)["provider"]);
// only works pre-startup, so no sync necessary
auto cs = std::unique_ptr<ClientState>(new ClientState(frontend->d_addr, true, reusePort, tcpFastOpenQueueSize, interface, cpus));
cs->tlsFrontend = frontend;
+ if (tcpListenQueueSize > 0) {
+ cs->tcpListenQueueSize = tcpListenQueueSize;
+ }
g_tlslocals.push_back(cs->tlsFrontend);
g_frontends.push_back(std::move(cs));
}
.. versionchanged:: 1.4.0
Removed ``doTCP`` from the options. A listen socket on TCP is always created.
+ .. versionchanged:: 1.5.0
+ Added ``tcpListenQueueSize`` parameter.
+
Add to the list of listen addresses.
:param str address: The IP Address with an optional port to listen on.
* ``tcpFastOpenQueueSize=0``: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0.
* ``interface=""``: str - Set the network interface to use.
* ``cpus={}``: table - Set the CPU affinity for this listener thread, asking the scheduler to run it on a single CPU id, or a set of CPU ids. This parameter is only available if the OS provides the pthread_setaffinity_np() function.
+ * ``tcpListenQueueSize=SOMAXCONN``: int - Set the size of the listen queue. Default is ``SOMAXCONN``.
.. code-block:: lua
.. versionchanged:: 1.5.0
``sendCacheControlHeaders``, ``sessionTimeout``, ``trustForwardedForHeader`` options added.
- ``url`` now defaults to ``/dns-query`` instead of ``/``
+ ``url`` now defaults to ``/dns-query`` instead of ``/``. Added ``tcpListenQueueSize`` parameter.
Listen on the specified address and TCP port for incoming DNS over HTTPS connections, presenting the specified X.509 certificate.
If no certificate (or key) files are specified, listen for incoming DNS over HTTP connections instead.
* ``keyLogFile``: str - Write the TLS keys in the specified file so that an external program can decrypt TLS exchanges, in the format described in https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format. Note that this feature requires OpenSSL >= 1.1.1.
* ``sendCacheControlHeaders``: bool - Whether to parse the response to find the lowest TTL and set a HTTP Cache-Control header accordingly. Default is true.
* ``trustForwardedForHeader``: bool - Whether to parse any existing X-Forwarded-For header in the HTTP query and use the right-most value as the client source address and port, for ACL checks, rules, logging and so on. Default is false.
+ * ``tcpListenQueueSize=SOMAXCONN``: int - Set the size of the listen queue. Default is ``SOMAXCONN``.
.. function:: addTLSLocal(address, certFile(s), keyFile(s) [, options])
.. versionchanged:: 1.4.0
``ciphersTLS13``, ``minTLSVersion``, ``ocspResponses``, ``preferServerCiphers``, ``keyLogFile`` options added.
.. versionchanged:: 1.5.0
- ``sessionTimeout`` option added.
+ ``sessionTimeout`` and ``tcpListenQueueSize`` options added.
Listen on the specified address and TCP port for incoming DNS over TLS connections, presenting the specified X.509 certificate.
* ``minTLSVersion``: str - Minimum version of the TLS protocol to support. Possible values are 'tls1.0', 'tls1.1', 'tls1.2' and 'tls1.3'. Default is to require at least TLS 1.0. Note that this value is ignored when the GnuTLS provider is in use, and the ``ciphers`` option should be set accordingly instead. For example, 'NORMAL:!VERS-TLS1.0:!VERS-TLS1.1' will disable TLS 1.0 and 1.1.
* ``preferServerCiphers``: bool - Whether to prefer the order of ciphers set by the server instead of the one set by the client. Default is true, meaning that the order of the server is used.
* ``keyLogFile``: str - Write the TLS keys in the specified file so that an external program can decrypt TLS exchanges, in the format described in https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format. Note that this feature requires OpenSSL >= 1.1.1.
+ * ``tcpListenQueueSize=SOMAXCONN``: int - Set the size of the listen queue. Default is ``SOMAXCONN``.
.. function:: setLocal(address[, options])
projects / thirdparty / pdns.git / commitdiff
