From: Remi Gacogne Date: Tue, 16 Apr 2019 14:05:40 +0000 (+0200) Subject: dnsdist: Add Lua bindings for DOH metrics and certificate reloading X-Git-Tag: dnsdist-1.4.0-alpha2~6^2~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1b51c0f39a8f2707283aefb0c424bc76c2b8b9bb;p=thirdparty%2Fpdns.git dnsdist: Add Lua bindings for DOH metrics and certificate reloading --- diff --git a/pdns/dnsdist-console.cc b/pdns/dnsdist-console.cc index 8fde18cb5d..98bd43c9cb 100644 --- a/pdns/dnsdist-console.cc +++ b/pdns/dnsdist-console.cc @@ -345,6 +345,7 @@ const std::vector g_consoleKeywords{ { "addAction", true, "DNS rule, DNS action [, {uuid=\"UUID\"}]", "add a rule" }, { "addConsoleACL", true, "netmask", "add a netmask to the console ACL" }, { "addDNSCryptBind", true, "\"127.0.0.1:8443\", \"provider name\", \"/path/to/resolver.cert\", \"/path/to/resolver.key\", {reusePort=false, tcpFastOpenSize=0, interface=\"\", cpus={}}", "listen to incoming DNSCrypt queries on 127.0.0.1 port 8443, with a provider name of `provider name`, using a resolver certificate and associated key stored respectively in the `resolver.cert` and `resolver.key` files. The fifth optional parameter is a table of parameters" }, + { "addDOHLocal", true, "addr, certFile, keyFile [, urls [, vars]]", "listen to incoming DNS over HTTPS queries on the specified address using the specified certificate and key. The last two parameters are tables" }, { "addDynBlocks", true, "addresses, message[, seconds[, action]]", "block the set of addresses with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)" }, { "addLocal", true, "addr [, {doTCP=true, reusePort=false, tcpFastOpenSize=0, interface=\"\", cpus={}}]", "add `addr` to the list of addresses we listen on" }, { "addCacheHitResponseAction", true, "DNS rule, DNS response action [, {uuid=\"UUID\"}]", "add a cache hit response rule" }, @@ -387,6 +388,7 @@ const std::vector g_consoleKeywords{ { "generateDNSCryptProviderKeys", true, "\"/path/to/providerPublic.key\", \"/path/to/providerPrivate.key\"", "generate a new provider keypair" }, { "getBind", true, "n", "returns the listener at index n" }, { "getDNSCryptBind", true, "n", "return the `DNSCryptContext` object corresponding to the bind `n`" }, + { "getDOHFrontend", true, "n", "returns the DOH frontend with index n" }, { "getPool", true, "name", "return the pool named `name`, or \"\" for the default pool" }, { "getPoolServers", true, "pool", "return servers part of this pool" }, { "getQueryCounters", true, "[max=10]", "show current buffer of query counters, limited by 'max' if provided" }, @@ -488,6 +490,7 @@ const std::vector g_consoleKeywords{ { "showCacheHitResponseRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined cache hit response rules, optionally with their UUIDs and optionally truncated to a given width" }, { "showConsoleACL", true, "", "show our current console ACL set" }, { "showDNSCryptBinds", true, "", "display the currently configured DNSCrypt binds" }, + { "showDOHFrontends", true, "", "list all the available DOH frontends" }, { "showDynBlocks", true, "", "show dynamic blocks in force" }, { "showPools", true, "", "show the available pools" }, { "showPoolServerPolicy", true, "pool", "show server selection policy for this pool" }, diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index 1eec9e5937..dc43dc93bd 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -1693,6 +1693,58 @@ void setupLuaConfig(bool client) #endif }); + g_lua.writeFunction("showDOHFrontends", []() { +#ifdef HAVE_DNS_OVER_HTTPS + setLuaNoSideEffect(); + try { + ostringstream ret; + boost::format fmt("%-3d %-20.20s %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d"); + ret << (fmt % "#" % "Address" % "HTTP" % "HTTP/1" % "HTTP/2" % "TLS 1.0" % "TLS 1.1" % "TLS 1.2" % "TLS 1.3" % "TLS other" % "GET" % "POST" % "Bad" % "Errors" % "Valid") << endl; + size_t counter = 0; + for (const auto& ctx : g_dohlocals) { + ret << (fmt % counter % ctx->d_local.toStringWithPort() % ctx->d_httpconnects % ctx->d_http1queries % ctx->d_http2queries % ctx->d_tls10queries % ctx->d_tls11queries % ctx->d_tls12queries % ctx->d_tls13queries % ctx->d_tlsUnknownqueries % ctx->d_getqueries % ctx->d_postqueries % ctx->d_badrequests % ctx->d_errorresponses % ctx->d_validresponses) << endl; + counter++; + } + g_outputBuffer = ret.str(); + } + catch(const std::exception& e) { + g_outputBuffer = e.what(); + throw; + } +#else + g_outputBuffer="DNS over HTTPS support is not present!\n"; +#endif + }); + + g_lua.writeFunction("getDOHFrontend", [](size_t index) { + std::shared_ptr result = nullptr; +#ifdef HAVE_DNS_OVER_HTTPS + setLuaNoSideEffect(); + try { + if (index < g_dohlocals.size()) { + result = g_dohlocals.at(index); + } + else { + errlog("Error: trying to get DOH frontend with index %zu but we only have %zu\n", index, g_dohlocals.size()); + g_outputBuffer="Error: trying to get DOH frontend with index " + std::to_string(index) + " but we only have " + std::to_string(g_dohlocals.size()) + "\n"; + } + } + catch(const std::exception& e) { + g_outputBuffer="Error: "+string(e.what())+"\n"; + errlog("Error: %s\n", string(e.what())); + } +#else + g_outputBuffer="DNS over HTTPS support is not present!\n"; +#endif + return result; + }); + + g_lua.registerFunction::*)()>("reloadCertificate", [](std::shared_ptr frontend) { + if (frontend != nullptr) { + frontend->reloadCertificate(); + } + }); + g_lua.writeFunction("addTLSLocal", [client](const std::string& addr, boost::variant>> certFiles, boost::variant>> keyFiles, boost::optional vars) { if (client) return;