From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 24 Feb 2021 13:38:39 +0000 (+0100)
Subject: Fix TCP_FASTOPEN_CONNECT detection, add a fastOpen option to sdig
X-Git-Tag: dnsdist-1.6.0-alpha2~11^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f9d2aa29032e6687b492f647d587925dcf2d9c1;p=thirdparty%2Fpdns.git

Fix TCP_FASTOPEN_CONNECT detection, add a fastOpen option to sdig
---

diff --git a/docs/manpages/sdig.1.rst b/docs/manpages/sdig.1.rst
index 14c79fceed..612a06ece1 100644
--- a/docs/manpages/sdig.1.rst
+++ b/docs/manpages/sdig.1.rst
@@ -43,6 +43,8 @@ dot
     use DoT instead of UDP to send a query. Implies tcp.
 insecure
     when using DoT, do not validate the server certificate.
+fastOpen
+    when using TCP or, DoT, enable TCP Fast Open
 subjectName *name*
     when using DoT, verify the server certificate is issued for *name*. The `openssl` provider will accept an empty name and still
     make sure the certificate is issued by a trusted CA, `gnutls` will only do the validation if a name is given.
diff --git a/pdns/sdig.cc b/pdns/sdig.cc
index c4432a2008..bec3918ad2 100644
--- a/pdns/sdig.cc
+++ b/pdns/sdig.cc
@@ -39,7 +39,7 @@ static void usage()
   cerr << "sdig" << endl;
   cerr << "Syntax: sdig IP-ADDRESS-OR-DOH-URL PORT QNAME QTYPE "
           "[dnssec] [ednssubnet SUBNET/MASK] [hidesoadetails] [hidettl] [recurse] [showflags] "
-          "[tcp] [dot] [insecure] [subjectName name] [caStore file] [tlsProvider openssl|gnutls] "
+          "[tcp] [dot] [insecure] [fastOpen] [subjectName name] [caStore file] [tlsProvider openssl|gnutls] "
           "[xpf XPFDATA] [class CLASSNUM] "
           "[proxy UDP(0)/TCP(1) SOURCE-IP-ADDRESS-AND-PORT DESTINATION-IP-ADDRESS-AND-PORT]"
        << endl;
@@ -260,6 +260,8 @@ try {
         dot = true;
       else if (strcmp(argv[i], "insecure") == 0)
         insecureDoT = true;
+      else if (strcmp(argv[i], "fastOpen") == 0)
+        fastOpen = true;
       else if (strcmp(argv[i], "ednssubnet") == 0) {
         if (argc < i + 2) {
           cerr << "ednssubnet needs an argument" << endl;
@@ -409,6 +411,7 @@ try {
     }
     uint16_t counter = 0;
     Socket sock(dest.sin4.sin_family, SOCK_STREAM);
+    setTCPNoDelay(sock.getHandle()); // disable NAGLE, which does not play nicely with delayed ACKs
     TCPIOHandler handler(subjectName, sock.releaseHandle(), timeout, tlsCtx, time(nullptr));
     handler.connect(fastOpen, dest, timeout);
     // we are writing the proxyheader inside the TLS connection. Is that right?
diff --git a/pdns/tcpiohandler.hh b/pdns/tcpiohandler.hh
index b9b271e384..d15daa8caf 100644
--- a/pdns/tcpiohandler.hh
+++ b/pdns/tcpiohandler.hh
@@ -1,6 +1,8 @@
 
 #pragma once
 #include <memory>
+/* needed for proper TCP_FASTOPEN_CONNECT detection */
+#include <netinet/tcp.h>
 
 #include "libssl.hh"
 #include "misc.hh"
@@ -250,7 +252,7 @@ public:
       SConnectWithTimeout(d_socket, remote, /* no timeout, we will handle it ourselves */ 0);
     }
 #else
-    SConnectWithTimeout(d_socket, d_ds->remote, /* no timeout, we will handle it ourselves */ 0);
+    SConnectWithTimeout(d_socket, remote, /* no timeout, we will handle it ourselves */ 0);
 #endif /* MSG_FASTOPEN */
 
     if (d_conn) {
@@ -282,7 +284,7 @@ public:
       SConnectWithTimeout(d_socket, remote, timeout);
     }
 #else
-    SConnectWithTimeout(d_socket, d_ds->remote, timeout);
+    SConnectWithTimeout(d_socket, remote, timeout);
 #endif /* MSG_FASTOPEN */
 
     if (d_conn) {
@@ -359,6 +361,7 @@ public:
       return d_conn->tryWrite(buffer, pos, toWrite);
     }
 
+#ifdef MSG_FASTOPEN
     if (d_fastOpen) {
       int socketFlags = MSG_FASTOPEN;
       size_t sent = sendMsgWithOptions(d_socket, reinterpret_cast<const char *>(&buffer.at(pos)), toWrite - pos, &d_remote, nullptr, 0, socketFlags);
@@ -373,6 +376,7 @@ public:
 
       return IOState::Done;
     }
+#endif /* MSG_FASTOPEN */
 
     do {
       ssize_t res = ::write(d_socket, reinterpret_cast<const char*>(&buffer.at(pos)), toWrite - pos);
@@ -401,9 +405,20 @@ public:
     if (d_conn) {
       return d_conn->write(buffer, bufferSize, writeTimeout);
     }
-    else {
-      return writen2WithTimeout(d_socket, buffer, bufferSize, writeTimeout);
+
+#ifdef MSG_FASTOPEN
+    if (d_fastOpen) {
+      int socketFlags = MSG_FASTOPEN;
+      size_t sent = sendMsgWithOptions(d_socket, reinterpret_cast<const char *>(buffer), bufferSize, &d_remote, nullptr, 0, socketFlags);
+      if (sent > 0) {
+        d_fastOpen = false;
+      }
+
+      return sent;
     }
+#endif /* MSG_FASTOPEN */
+
+    return writen2WithTimeout(d_socket, buffer, bufferSize, writeTimeout);
   }
 
   bool hasBufferedData() const
@@ -454,7 +469,9 @@ private:
   std::unique_ptr<TLSConnection> d_conn{nullptr};
   ComboAddress d_remote;
   int d_socket{-1};
+#ifdef MSG_FASTOPEN
   bool d_fastOpen{false};
+#endif
 };
 
 struct TLSContextParameters