]>
Commit | Line | Data |
---|---|---|
12471842 PL |
1 | /* |
2 | * This file is part of PowerDNS or dnsdist. | |
3 | * Copyright -- PowerDNS.COM B.V. and its contributors | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of version 2 of the GNU General Public License as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * In addition, for the avoidance of any doubt, permission is granted to | |
10 | * link this program with OpenSSL and to (re)distribute the binaries | |
11 | * produced as the result of such linking. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License | |
19 | * along with this program; if not, write to the Free Software | |
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
21 | */ | |
6bb38cd6 RG |
22 | |
23 | #include <dirent.h> | |
24 | #include <fstream> | |
aff9ca62 PD |
25 | |
26 | // for OpenBSD, sys/socket.h needs to come before net/if.h | |
27 | #include <sys/socket.h> | |
6bb38cd6 | 28 | #include <net/if.h> |
aff9ca62 | 29 | |
9ef9b494 | 30 | #include <sys/types.h> |
6bb38cd6 | 31 | #include <sys/stat.h> |
df111b53 | 32 | #include <thread> |
6bb38cd6 RG |
33 | |
34 | #include "dnsdist.hh" | |
b5521206 | 35 | #include "dnsdist-console.hh" |
e7c732b8 | 36 | #include "dnsdist-ecs.hh" |
dd9c8246 | 37 | #include "dnsdist-healthchecks.hh" |
6bb38cd6 | 38 | #include "dnsdist-lua.hh" |
0ed8f0fa RG |
39 | #ifdef LUAJIT_VERSION |
40 | #include "dnsdist-lua-ffi.hh" | |
41 | #endif /* LUAJIT_VERSION */ | |
03b00917 | 42 | #include "dnsdist-rings.hh" |
5d4e1ef8 | 43 | #include "dnsdist-secpoll.hh" |
6bb38cd6 | 44 | |
df111b53 | 45 | #include "base64.hh" |
b7860997 | 46 | #include "dnswriter.hh" |
6bb38cd6 | 47 | #include "dolog.hh" |
0e41337b | 48 | #include "lock.hh" |
a227f47d | 49 | #include "protobuf.hh" |
6bb38cd6 RG |
50 | #include "sodcrypto.hh" |
51 | ||
8c15553e RG |
52 | #ifdef HAVE_LIBSSL |
53 | #include "libssl.hh" | |
54 | #endif | |
55 | ||
6bb38cd6 | 56 | #include <boost/logic/tribool.hpp> |
1720247e | 57 | #include <boost/lexical_cast.hpp> |
df111b53 | 58 | |
6ab65223 PL |
59 | #ifdef HAVE_SYSTEMD |
60 | #include <systemd/sd-daemon.h> | |
61 | #endif | |
62 | ||
df111b53 | 63 | using std::thread; |
64 | ||
6bb38cd6 | 65 | static vector<std::function<void(void)>>* g_launchWork = nullptr; |
2e72cc0e | 66 | |
6bb38cd6 RG |
67 | boost::tribool g_noLuaSideEffect; |
68 | static bool g_included{false}; | |
d8d85a30 | 69 | |
6bb38cd6 RG |
70 | /* this is a best effort way to prevent logging calls with no side-effects in the output of delta() |
71 | Functions can declare setLuaNoSideEffect() and if nothing else does declare a side effect, or nothing | |
72 | has done so before on this invocation, this call won't be part of delta() output */ | |
73 | void setLuaNoSideEffect() | |
153d5065 | 74 | { |
6bb38cd6 RG |
75 | if(g_noLuaSideEffect==false) // there has been a side effect already |
76 | return; | |
77 | g_noLuaSideEffect=true; | |
78 | } | |
153d5065 | 79 | |
6bb38cd6 | 80 | void setLuaSideEffect() |
d8d85a30 | 81 | { |
6bb38cd6 RG |
82 | g_noLuaSideEffect=false; |
83 | } | |
f850b032 | 84 | |
6bb38cd6 RG |
85 | bool getLuaNoSideEffect() |
86 | { | |
d7a26377 RG |
87 | if (g_noLuaSideEffect) { |
88 | return true; | |
89 | } | |
90 | return false; | |
d8d85a30 | 91 | } |
92 | ||
6bb38cd6 | 93 | void resetLuaSideEffect() |
2d11d1b2 | 94 | { |
6bb38cd6 | 95 | g_noLuaSideEffect = boost::logic::indeterminate; |
2d11d1b2 | 96 | } |
97 | ||
37b9ba5a | 98 | typedef std::unordered_map<std::string, boost::variant<bool, int, std::string, std::vector<std::pair<int,int> >, std::vector<std::pair<int, std::string> >, std::map<std::string,std::string> > > localbind_t; |
6bb38cd6 | 99 | |
c58723d7 | 100 | static void parseLocalBindVars(boost::optional<localbind_t> vars, bool& reusePort, int& tcpFastOpenQueueSize, std::string& interface, std::set<int>& cpus, int& tcpListenQueueSize) |
efd35aa8 RG |
101 | { |
102 | if (vars) { | |
efd35aa8 RG |
103 | if (vars->count("reusePort")) { |
104 | reusePort = boost::get<bool>((*vars)["reusePort"]); | |
105 | } | |
106 | if (vars->count("tcpFastOpenQueueSize")) { | |
107 | tcpFastOpenQueueSize = boost::get<int>((*vars)["tcpFastOpenQueueSize"]); | |
108 | } | |
c58723d7 RG |
109 | if (vars->count("tcpListenQueueSize")) { |
110 | tcpListenQueueSize = boost::get<int>((*vars)["tcpListenQueueSize"]); | |
111 | } | |
efd35aa8 RG |
112 | if (vars->count("interface")) { |
113 | interface = boost::get<std::string>((*vars)["interface"]); | |
114 | } | |
f0e4dcba | 115 | if (vars->count("cpus")) { |
ba8ade8e | 116 | for (const auto& cpu : boost::get<std::vector<std::pair<int,int>>>((*vars)["cpus"])) { |
f0e4dcba RG |
117 | cpus.insert(cpu.second); |
118 | } | |
119 | } | |
efd35aa8 RG |
120 | } |
121 | } | |
122 | ||
39006144 | 123 | #if defined(HAVE_DNS_OVER_TLS) || defined(HAVE_DNS_OVER_HTTPS) |
bf8cd40d | 124 | static bool loadTLSCertificateAndKeys(const std::string& context, std::vector<std::pair<std::string, std::string>>& pairs, boost::variant<std::string, std::vector<std::pair<int,std::string>>> certFiles, boost::variant<std::string, std::vector<std::pair<int,std::string>>> keyFiles) |
8ef43a02 RG |
125 | { |
126 | if (certFiles.type() == typeid(std::string) && keyFiles.type() == typeid(std::string)) { | |
127 | auto certFile = boost::get<std::string>(certFiles); | |
128 | auto keyFile = boost::get<std::string>(keyFiles); | |
bf8cd40d RG |
129 | pairs.clear(); |
130 | pairs.push_back({certFile, keyFile}); | |
8ef43a02 RG |
131 | } |
132 | else if (certFiles.type() == typeid(std::vector<std::pair<int,std::string>>) && keyFiles.type() == typeid(std::vector<std::pair<int,std::string>>)) | |
133 | { | |
134 | auto certFilesVect = boost::get<std::vector<std::pair<int,std::string>>>(certFiles); | |
135 | auto keyFilesVect = boost::get<std::vector<std::pair<int,std::string>>>(keyFiles); | |
136 | if (certFilesVect.size() == keyFilesVect.size()) { | |
bf8cd40d | 137 | pairs.clear(); |
8ef43a02 | 138 | for (size_t idx = 0; idx < certFilesVect.size(); idx++) { |
bf8cd40d | 139 | pairs.push_back({certFilesVect.at(idx).second, keyFilesVect.at(idx).second}); |
8ef43a02 RG |
140 | } |
141 | } | |
142 | else { | |
bf8cd40d RG |
143 | errlog("Error, mismatching number of certificates and keys in call to %s()!", context); |
144 | g_outputBuffer="Error, mismatching number of certificates and keys in call to " + context + "()!"; | |
8ef43a02 RG |
145 | return false; |
146 | } | |
147 | } | |
148 | else { | |
bf8cd40d RG |
149 | errlog("Error, mismatching number of certificates and keys in call to %s()!", context); |
150 | g_outputBuffer="Error, mismatching number of certificates and keys in call to " + context + "()!"; | |
8ef43a02 RG |
151 | return false; |
152 | } | |
153 | ||
154 | return true; | |
155 | } | |
b54e94dc RG |
156 | |
157 | static void parseTLSConfig(TLSConfig& config, const std::string& context, boost::optional<localbind_t> vars) | |
158 | { | |
159 | if (vars->count("ciphers")) { | |
160 | config.d_ciphers = boost::get<const string>((*vars)["ciphers"]); | |
161 | } | |
162 | ||
163 | if (vars->count("ciphersTLS13")) { | |
164 | config.d_ciphers13 = boost::get<const string>((*vars)["ciphersTLS13"]); | |
165 | } | |
166 | ||
167 | #ifdef HAVE_LIBSSL | |
168 | if (vars->count("minTLSVersion")) { | |
169 | config.d_minTLSVersion = libssl_tls_version_from_string(boost::get<const string>((*vars)["minTLSVersion"])); | |
170 | } | |
171 | #endif /* HAVE_LIBSSL */ | |
172 | ||
173 | if (vars->count("ticketKeyFile")) { | |
174 | config.d_ticketKeyFile = boost::get<const string>((*vars)["ticketKeyFile"]); | |
175 | } | |
176 | ||
177 | if (vars->count("ticketsKeysRotationDelay")) { | |
178 | config.d_ticketsKeyRotationDelay = boost::get<int>((*vars)["ticketsKeysRotationDelay"]); | |
179 | } | |
180 | ||
181 | if (vars->count("numberOfTicketsKeys")) { | |
182 | config.d_numberOfTicketsKeys = boost::get<int>((*vars)["numberOfTicketsKeys"]); | |
183 | } | |
184 | ||
185 | if (vars->count("preferServerCiphers")) { | |
186 | config.d_preferServerCiphers = boost::get<bool>((*vars)["preferServerCiphers"]); | |
187 | } | |
188 | ||
25426675 MH |
189 | if (vars->count("sessionTimeout")) { |
190 | config.d_sessionTimeout = boost::get<int>((*vars)["sessionTimeout"]); | |
191 | } | |
192 | ||
b54e94dc RG |
193 | if (vars->count("sessionTickets")) { |
194 | config.d_enableTickets = boost::get<bool>((*vars)["sessionTickets"]); | |
195 | } | |
196 | ||
197 | if (vars->count("numberOfStoredSessions")) { | |
198 | auto value = boost::get<int>((*vars)["numberOfStoredSessions"]); | |
199 | if (value < 0) { | |
200 | errlog("Invalid value '%d' for %s() parameter 'numberOfStoredSessions', should be >= 0, dismissing", value, context); | |
201 | g_outputBuffer="Invalid value '" + std::to_string(value) + "' for " + context + "() parameter 'numberOfStoredSessions', should be >= 0, dimissing"; | |
202 | } | |
203 | config.d_maxStoredSessions = value; | |
204 | } | |
205 | ||
206 | if (vars->count("ocspResponses")) { | |
207 | auto files = boost::get<std::vector<std::pair<int, std::string>>>((*vars)["ocspResponses"]); | |
208 | for (const auto& file : files) { | |
209 | config.d_ocspFiles.push_back(file.second); | |
210 | } | |
211 | } | |
7f8a5a32 RG |
212 | |
213 | if (vars->count("keyLogFile")) { | |
f8bbe49b | 214 | #ifdef HAVE_SSL_CTX_SET_KEYLOG_CALLBACK |
7f8a5a32 | 215 | config.d_keyLogFile = boost::get<const string>((*vars)["keyLogFile"]); |
f8bbe49b RG |
216 | #else |
217 | errlog("TLS Key logging has been enabled using the 'keyLogFile' parameter to %s(), but this version of OpenSSL does not support it", context); | |
218 | g_outputBuffer = "TLS Key logging has been enabled using the 'keyLogFile' parameter to " + context + "(), but this version of OpenSSL does not support it"; | |
219 | #endif | |
7f8a5a32 | 220 | } |
b54e94dc RG |
221 | } |
222 | ||
39006144 | 223 | #endif // defined(HAVE_DNS_OVER_TLS) || defined(HAVE_DNS_OVER_HTTPS) |
8ef43a02 | 224 | |
a9599e73 | 225 | static void setupLuaConfig(bool client, bool configCheck) |
df111b53 | 226 | { |
98650fde | 227 | typedef std::unordered_map<std::string, boost::variant<bool, std::string, vector<pair<int, std::string> >, DownstreamState::checkfunc_t > > newserver_t; |
6f2a4580 | 228 | g_lua.writeFunction("inClientStartup", [client]() { |
541dd48f | 229 | return client && !g_configurationDone; |
6f2a4580 PD |
230 | }); |
231 | ||
8a059611 | 232 | g_lua.writeFunction("inConfigCheck", [configCheck]() { |
203b5348 RG |
233 | return !configCheck; |
234 | }); | |
235 | ||
6bb38cd6 | 236 | g_lua.writeFunction("newServer", |
203b5348 | 237 | [client, configCheck](boost::variant<string,newserver_t> pvars, boost::optional<int> qps) { |
a5526b57 CH |
238 | setLuaSideEffect(); |
239 | ||
240 | std::shared_ptr<DownstreamState> ret = std::make_shared<DownstreamState>(ComboAddress()); | |
241 | newserver_t vars; | |
242 | ||
243 | ComboAddress serverAddr; | |
244 | std::string serverAddressStr; | |
245 | if(auto addrStr = boost::get<string>(&pvars)) { | |
246 | serverAddressStr = *addrStr; | |
247 | if(qps) { | |
248 | vars["qps"] = std::to_string(*qps); | |
249 | } | |
250 | } else { | |
251 | vars = boost::get<newserver_t>(pvars); | |
252 | serverAddressStr = boost::get<string>(vars["address"]); | |
253 | } | |
2e72cc0e | 254 | |
a5526b57 CH |
255 | try { |
256 | serverAddr = ComboAddress(serverAddressStr, 53); | |
257 | } | |
258 | catch(const PDNSException& e) { | |
259 | g_outputBuffer="Error creating new server: "+string(e.reason); | |
260 | errlog("Error creating new server with address %s: %s", serverAddressStr, e.reason); | |
261 | return ret; | |
262 | } | |
263 | catch(std::exception& e) { | |
264 | g_outputBuffer="Error creating new server: "+string(e.what()); | |
265 | errlog("Error creating new server with address %s: %s", serverAddressStr, e.what()); | |
266 | return ret; | |
267 | } | |
2e72cc0e | 268 | |
a5526b57 CH |
269 | if(IsAnyAddress(serverAddr)) { |
270 | g_outputBuffer="Error creating new server: invalid address for a downstream server."; | |
271 | errlog("Error creating new server: %s is not a valid address for a downstream server", serverAddressStr); | |
272 | return ret; | |
273 | } | |
274 | ||
275 | ComboAddress sourceAddr; | |
70b0d0e2 | 276 | std::string sourceItfName; |
a5526b57 CH |
277 | unsigned int sourceItf = 0; |
278 | size_t numberOfSockets = 1; | |
279 | std::set<int> cpus; | |
fbe2a2e0 | 280 | |
8592b46e RG |
281 | if(vars.count("source")) { |
282 | /* handle source in the following forms: | |
283 | - v4 address ("192.0.2.1") | |
284 | - v6 address ("2001:DB8::1") | |
285 | - interface name ("eth0") | |
286 | - v4 address and interface name ("192.0.2.1@eth0") | |
287 | - v6 address and interface name ("2001:DB8::1@eth0") | |
288 | */ | |
289 | const string source = boost::get<string>(vars["source"]); | |
290 | bool parsed = false; | |
291 | std::string::size_type pos = source.find("@"); | |
292 | if (pos == std::string::npos) { | |
293 | /* no '@', try to parse that as a valid v4/v6 address */ | |
294 | try { | |
295 | sourceAddr = ComboAddress(source); | |
296 | parsed = true; | |
297 | } | |
298 | catch(...) | |
299 | { | |
300 | } | |
301 | } | |
302 | ||
303 | if (parsed == false) | |
304 | { | |
305 | /* try to parse as interface name, or v4/v6@itf */ | |
306 | sourceItfName = source.substr(pos == std::string::npos ? 0 : pos + 1); | |
307 | unsigned int itfIdx = if_nametoindex(sourceItfName.c_str()); | |
308 | ||
309 | if (itfIdx != 0) { | |
310 | if (pos == 0 || pos == std::string::npos) { | |
311 | /* "eth0" or "@eth0" */ | |
312 | sourceItf = itfIdx; | |
313 | } | |
314 | else { | |
315 | /* "192.0.2.1@eth0" */ | |
316 | sourceAddr = ComboAddress(source.substr(0, pos)); | |
317 | sourceItf = itfIdx; | |
318 | } | |
83fe2c55 | 319 | #ifdef SO_BINDTODEVICE |
8592b46e RG |
320 | /* we need to retain CAP_NET_RAW to be able to set SO_BINDTODEVICE in the health checks */ |
321 | g_capabilitiesToRetain.insert("CAP_NET_RAW"); | |
83fe2c55 | 322 | #endif |
8592b46e RG |
323 | } |
324 | else | |
325 | { | |
326 | warnlog("Dismissing source %s because '%s' is not a valid interface name", source, sourceItfName); | |
327 | } | |
328 | } | |
329 | } | |
330 | ||
331 | if (vars.count("sockets")) { | |
332 | numberOfSockets = std::stoul(boost::get<string>(vars["sockets"])); | |
333 | if (numberOfSockets == 0) { | |
334 | warnlog("Dismissing invalid number of sockets '%s', using 1 instead", boost::get<string>(vars["sockets"])); | |
335 | numberOfSockets = 1; | |
336 | } | |
337 | } | |
150105a2 | 338 | |
203b5348 RG |
339 | // create but don't connect the socket in client or check-config modes |
340 | ret=std::make_shared<DownstreamState>(serverAddr, sourceAddr, sourceItf, sourceItfName, numberOfSockets, !(client || configCheck)); | |
b6e26895 RG |
341 | if (!(client || configCheck)) { |
342 | infolog("Added downstream server %s", serverAddr.toStringWithPort()); | |
343 | } | |
fbe2a2e0 | 344 | |
8592b46e RG |
345 | if(vars.count("qps")) { |
346 | int qpsVal=std::stoi(boost::get<string>(vars["qps"])); | |
347 | ret->qps=QPSLimiter(qpsVal, qpsVal); | |
348 | } | |
349 | ||
350 | if(vars.count("order")) { | |
351 | ret->order=std::stoi(boost::get<string>(vars["order"])); | |
352 | } | |
353 | ||
354 | if(vars.count("weight")) { | |
355 | try { | |
356 | int weightVal=std::stoi(boost::get<string>(vars["weight"])); | |
357 | ||
358 | if(weightVal < 1) { | |
359 | errlog("Error creating new server: downstream weight value must be greater than 0."); | |
360 | return ret; | |
361 | } | |
362 | ||
363 | ret->setWeight(weightVal); | |
364 | } | |
365 | catch(std::exception& e) { | |
366 | // std::stoi will throw an exception if the string isn't in a value int range | |
367 | errlog("Error creating new server: downstream weight value must be between %s and %s", 1, std::numeric_limits<int>::max()); | |
368 | return ret; | |
369 | } | |
370 | } | |
371 | ||
372 | if(vars.count("retries")) { | |
373 | ret->retries=std::stoi(boost::get<string>(vars["retries"])); | |
374 | } | |
375 | ||
376 | if(vars.count("checkInterval")) { | |
377 | ret->checkInterval=static_cast<unsigned int>(std::stoul(boost::get<string>(vars["checkInterval"]))); | |
378 | } | |
379 | ||
380 | if(vars.count("tcpConnectTimeout")) { | |
381 | ret->tcpConnectTimeout=std::stoi(boost::get<string>(vars["tcpConnectTimeout"])); | |
382 | } | |
383 | ||
384 | if(vars.count("tcpSendTimeout")) { | |
385 | ret->tcpSendTimeout=std::stoi(boost::get<string>(vars["tcpSendTimeout"])); | |
386 | } | |
387 | ||
388 | if(vars.count("tcpRecvTimeout")) { | |
389 | ret->tcpRecvTimeout=std::stoi(boost::get<string>(vars["tcpRecvTimeout"])); | |
390 | } | |
391 | ||
392 | if(vars.count("tcpFastOpen")) { | |
393 | bool fastOpen = boost::get<bool>(vars["tcpFastOpen"]); | |
394 | if (fastOpen) { | |
d987f632 | 395 | #ifdef MSG_FASTOPEN |
8592b46e | 396 | ret->tcpFastOpen=true; |
d987f632 | 397 | #else |
8592b46e | 398 | warnlog("TCP Fast Open has been configured on downstream server %s but is not supported", boost::get<string>(vars["address"])); |
d987f632 | 399 | #endif |
8592b46e RG |
400 | } |
401 | } | |
284d460c | 402 | |
8592b46e | 403 | if(vars.count("name")) { |
be05aa91 | 404 | ret->setName(boost::get<string>(vars["name"])); |
8592b46e | 405 | } |
18eeccc9 | 406 | |
8592b46e RG |
407 | if (vars.count("id")) { |
408 | ret->setId(boost::lexical_cast<boost::uuids::uuid>(boost::get<string>(vars["id"]))); | |
409 | } | |
1720247e | 410 | |
8592b46e RG |
411 | if(vars.count("checkName")) { |
412 | ret->checkName=DNSName(boost::get<string>(vars["checkName"])); | |
413 | } | |
ad485896 | 414 | |
8592b46e RG |
415 | if(vars.count("checkType")) { |
416 | ret->checkType=boost::get<string>(vars["checkType"]); | |
417 | } | |
ad485896 | 418 | |
8592b46e RG |
419 | if(vars.count("checkClass")) { |
420 | ret->checkClass=std::stoi(boost::get<string>(vars["checkClass"])); | |
421 | } | |
de9f7157 | 422 | |
8592b46e RG |
423 | if(vars.count("checkFunction")) { |
424 | ret->checkFunction= boost::get<DownstreamState::checkfunc_t>(vars["checkFunction"]); | |
425 | } | |
98650fde | 426 | |
8592b46e RG |
427 | if(vars.count("checkTimeout")) { |
428 | ret->checkTimeout = std::stoi(boost::get<string>(vars["checkTimeout"])); | |
429 | } | |
b7e6f4a1 | 430 | |
8592b46e RG |
431 | if(vars.count("setCD")) { |
432 | ret->setCD=boost::get<bool>(vars["setCD"]); | |
433 | } | |
21830638 | 434 | |
8592b46e RG |
435 | if(vars.count("mustResolve")) { |
436 | ret->mustResolve=boost::get<bool>(vars["mustResolve"]); | |
437 | } | |
a6e02424 | 438 | |
8592b46e RG |
439 | if(vars.count("useClientSubnet")) { |
440 | ret->useECS=boost::get<bool>(vars["useClientSubnet"]); | |
441 | } | |
ca404e94 | 442 | |
bde73d5b RG |
443 | if(vars.count("useProxyProtocol")) { |
444 | ret->useProxyProtocol = boost::get<bool>(vars["useProxyProtocol"]); | |
445 | } | |
446 | ||
8592b46e RG |
447 | if(vars.count("disableZeroScope")) { |
448 | ret->disableZeroScope=boost::get<bool>(vars["disableZeroScope"]); | |
449 | } | |
996db8e9 | 450 | |
8592b46e RG |
451 | if(vars.count("ipBindAddrNoPort")) { |
452 | ret->ipBindAddrNoPort=boost::get<bool>(vars["ipBindAddrNoPort"]); | |
453 | } | |
5cc8371b | 454 | |
8592b46e RG |
455 | if(vars.count("addXPF")) { |
456 | ret->xpfRRCode=std::stoi(boost::get<string>(vars["addXPF"])); | |
457 | } | |
5602f131 | 458 | |
8592b46e RG |
459 | if(vars.count("maxCheckFailures")) { |
460 | ret->maxCheckFailures=std::stoi(boost::get<string>(vars["maxCheckFailures"])); | |
461 | } | |
9e87dcb8 | 462 | |
8592b46e RG |
463 | if(vars.count("rise")) { |
464 | ret->minRiseSuccesses=std::stoi(boost::get<string>(vars["rise"])); | |
465 | } | |
1b633bec | 466 | |
8592b46e | 467 | if(vars.count("cpus")) { |
ba8ade8e | 468 | for (const auto& cpu : boost::get<vector<pair<int,string>>>(vars["cpus"])) { |
8592b46e RG |
469 | cpus.insert(std::stoi(cpu.second)); |
470 | } | |
471 | } | |
3a8ee8bf | 472 | |
8592b46e RG |
473 | /* this needs to be done _AFTER_ the order has been set, |
474 | since the server are kept ordered inside the pool */ | |
475 | auto localPools = g_pools.getCopy(); | |
476 | if(vars.count("pool")) { | |
477 | if(auto* pool = boost::get<string>(&vars["pool"])) { | |
478 | ret->pools.insert(*pool); | |
479 | } | |
480 | else { | |
481 | auto pools = boost::get<vector<pair<int, string> > >(vars["pool"]); | |
482 | for(auto& p : pools) { | |
483 | ret->pools.insert(p.second); | |
484 | } | |
485 | } | |
486 | for(const auto& poolName: ret->pools) { | |
487 | addServerToPool(localPools, poolName, ret); | |
488 | } | |
489 | } | |
490 | else { | |
491 | addServerToPool(localPools, "", ret); | |
492 | } | |
493 | g_pools.setState(localPools); | |
494 | ||
495 | if (ret->connected) { | |
496 | ret->threadStarted.test_and_set(); | |
497 | ||
498 | if(g_launchWork) { | |
499 | g_launchWork->push_back([ret,cpus]() { | |
500 | ret->tid = thread(responderThread, ret); | |
501 | if (!cpus.empty()) { | |
502 | mapThreadToCPUList(ret->tid.native_handle(), cpus); | |
503 | } | |
504 | }); | |
505 | } | |
506 | else { | |
507 | ret->tid = thread(responderThread, ret); | |
508 | if (!cpus.empty()) { | |
509 | mapThreadToCPUList(ret->tid.native_handle(), cpus); | |
510 | } | |
511 | } | |
512 | } | |
8c82c02d | 513 | |
8592b46e RG |
514 | auto states = g_dstates.getCopy(); |
515 | states.push_back(ret); | |
516 | std::stable_sort(states.begin(), states.end(), [](const decltype(ret)& a, const decltype(ret)& b) { | |
517 | return a->order < b->order; | |
518 | }); | |
519 | g_dstates.setState(states); | |
520 | return ret; | |
521 | } ); | |
df111b53 | 522 | |
6bb38cd6 | 523 | g_lua.writeFunction("rmServer", |
adfdcc4b | 524 | [](boost::variant<std::shared_ptr<DownstreamState>, int, std::string> var) |
8592b46e | 525 | { |
f758857a | 526 | setLuaSideEffect(); |
adfdcc4b | 527 | shared_ptr<DownstreamState> server = nullptr; |
886e2cf2 | 528 | auto states = g_dstates.getCopy(); |
adfdcc4b | 529 | if (auto* rem = boost::get<shared_ptr<DownstreamState>>(&var)) { |
886e2cf2 RG |
530 | server = *rem; |
531 | } | |
adfdcc4b RG |
532 | else if (auto str = boost::get<std::string>(&var)) { |
533 | const auto uuid = getUniqueID(*str); | |
534 | for (auto& state : states) { | |
535 | if (state->id == uuid) { | |
536 | server = state; | |
537 | } | |
538 | } | |
539 | } | |
886e2cf2 RG |
540 | else { |
541 | int idx = boost::get<int>(var); | |
0f06cd4c | 542 | server = states.at(idx); |
886e2cf2 | 543 | } |
adfdcc4b RG |
544 | if (!server) { |
545 | throw std::runtime_error("unable to locate the requested server"); | |
546 | } | |
886e2cf2 RG |
547 | auto localPools = g_pools.getCopy(); |
548 | for (const string& poolName : server->pools) { | |
549 | removeServerFromPool(localPools, poolName, server); | |
550 | } | |
0f06cd4c RG |
551 | /* the server might also be in the default pool */ |
552 | removeServerFromPool(localPools, "", server); | |
886e2cf2 RG |
553 | g_pools.setState(localPools); |
554 | states.erase(remove(states.begin(), states.end(), server), states.end()); | |
555 | g_dstates.setState(states); | |
8592b46e | 556 | } ); |
df111b53 | 557 | |
f758857a | 558 | g_lua.writeFunction("truncateTC", [](bool tc) { setLuaSideEffect(); g_truncateTC=tc; }); |
559 | g_lua.writeFunction("fixupCase", [](bool fu) { setLuaSideEffect(); g_fixupCase=fu; }); | |
df111b53 | 560 | |
df111b53 | 561 | g_lua.writeFunction("addACL", [](const std::string& domain) { |
f758857a | 562 | setLuaSideEffect(); |
e5a14b2b | 563 | g_ACL.modify([domain](NetmaskGroup& nmg) { nmg.addMask(domain); }); |
df111b53 | 564 | }); |
2e72cc0e | 565 | |
a1d18701 | 566 | g_lua.writeFunction("rmACL", [](const std::string& netmask) { |
567 | setLuaSideEffect(); | |
568 | g_ACL.modify([netmask](NetmaskGroup& nmg) { nmg.deleteMask(netmask); }); | |
569 | }); | |
570 | ||
efd35aa8 | 571 | g_lua.writeFunction("setLocal", [client](const std::string& addr, boost::optional<localbind_t> vars) { |
f758857a | 572 | setLuaSideEffect(); |
5949b95b | 573 | if(client) |
574 | return; | |
85e4ce52 RG |
575 | if (g_configurationDone) { |
576 | g_outputBuffer="setLocal cannot be used at runtime!\n"; | |
577 | return; | |
578 | } | |
efd35aa8 RG |
579 | bool reusePort = false; |
580 | int tcpFastOpenQueueSize = 0; | |
c58723d7 | 581 | int tcpListenQueueSize = 0; |
efd35aa8 | 582 | std::string interface; |
f0e4dcba | 583 | std::set<int> cpus; |
efd35aa8 | 584 | |
c58723d7 | 585 | parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize); |
efd35aa8 | 586 | |
5949b95b | 587 | try { |
588 | ComboAddress loc(addr, 53); | |
6e9fd124 | 589 | for (auto it = g_frontends.begin(); it != g_frontends.end(); ) { |
265260f5 | 590 | /* DoH, DoT and DNSCrypt frontends are separate */ |
e52d278a | 591 | if ((*it)->tlsFrontend == nullptr && (*it)->dnscryptCtx == nullptr && (*it)->dohFrontend == nullptr) { |
6e9fd124 RG |
592 | it = g_frontends.erase(it); |
593 | } | |
594 | else { | |
595 | ++it; | |
596 | } | |
597 | } | |
598 | ||
599 | // only works pre-startup, so no sync necessary | |
600 | g_frontends.push_back(std::unique_ptr<ClientState>(new ClientState(loc, false, reusePort, tcpFastOpenQueueSize, interface, cpus))); | |
c58723d7 RG |
601 | auto tcpCS = std::unique_ptr<ClientState>(new ClientState(loc, true, reusePort, tcpFastOpenQueueSize, interface, cpus)); |
602 | if (tcpListenQueueSize > 0) { | |
603 | tcpCS->tcpListenQueueSize = tcpListenQueueSize; | |
604 | } | |
605 | g_frontends.push_back(std::move(tcpCS)); | |
5949b95b | 606 | } |
6e9fd124 | 607 | catch(const std::exception& e) { |
5949b95b | 608 | g_outputBuffer="Error: "+string(e.what())+"\n"; |
609 | } | |
610 | }); | |
611 | ||
efd35aa8 | 612 | g_lua.writeFunction("addLocal", [client](const std::string& addr, boost::optional<localbind_t> vars) { |
f758857a | 613 | setLuaSideEffect(); |
2e72cc0e | 614 | if(client) |
615 | return; | |
85e4ce52 RG |
616 | if (g_configurationDone) { |
617 | g_outputBuffer="addLocal cannot be used at runtime!\n"; | |
618 | return; | |
619 | } | |
efd35aa8 RG |
620 | bool reusePort = false; |
621 | int tcpFastOpenQueueSize = 0; | |
c58723d7 | 622 | int tcpListenQueueSize = 0; |
efd35aa8 | 623 | std::string interface; |
f0e4dcba | 624 | std::set<int> cpus; |
efd35aa8 | 625 | |
c58723d7 | 626 | parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize); |
efd35aa8 | 627 | |
2e72cc0e | 628 | try { |
629 | ComboAddress loc(addr, 53); | |
6e9fd124 RG |
630 | // only works pre-startup, so no sync necessary |
631 | g_frontends.push_back(std::unique_ptr<ClientState>(new ClientState(loc, false, reusePort, tcpFastOpenQueueSize, interface, cpus))); | |
c58723d7 RG |
632 | auto tcpCS = std::unique_ptr<ClientState>(new ClientState(loc, true, reusePort, tcpFastOpenQueueSize, interface, cpus)); |
633 | if (tcpListenQueueSize > 0) { | |
634 | tcpCS->tcpListenQueueSize = tcpListenQueueSize; | |
635 | } | |
636 | g_frontends.push_back(std::move(tcpCS)); | |
2e72cc0e | 637 | } |
638 | catch(std::exception& e) { | |
56d44226 RG |
639 | g_outputBuffer="Error: "+string(e.what())+"\n"; |
640 | errlog("Error while trying to listen on %s: %s\n", addr, string(e.what())); | |
2e72cc0e | 641 | } |
642 | }); | |
6bb38cd6 | 643 | |
e4944ea0 | 644 | g_lua.writeFunction("setACL", [](boost::variant<string,vector<pair<int, string>>> inp) { |
f758857a | 645 | setLuaSideEffect(); |
e5a14b2b | 646 | NetmaskGroup nmg; |
e4944ea0 | 647 | if(auto str = boost::get<string>(&inp)) { |
648 | nmg.addMask(*str); | |
649 | } | |
650 | else for(const auto& p : boost::get<vector<pair<int,string>>>(inp)) { | |
e5a14b2b | 651 | nmg.addMask(p.second); |
cffde2fd | 652 | } |
653 | g_ACL.setState(nmg); | |
df111b53 | 654 | }); |
6bb38cd6 | 655 | |
df111b53 | 656 | g_lua.writeFunction("showACL", []() { |
f758857a | 657 | setLuaNoSideEffect(); |
df111b53 | 658 | vector<string> vec; |
cffde2fd | 659 | |
a9c2e4ab | 660 | g_ACL.getLocal()->toStringVector(&vec); |
cffde2fd | 661 | |
df111b53 | 662 | for(const auto& s : vec) |
cffde2fd | 663 | g_outputBuffer+=s+"\n"; |
664 | ||
df111b53 | 665 | }); |
6bb38cd6 | 666 | |
6ab65223 PL |
667 | g_lua.writeFunction("shutdown", []() { |
668 | #ifdef HAVE_SYSTEMD | |
669 | sd_notify(0, "STOPPING=1"); | |
a227f47d RG |
670 | #endif /* HAVE_SYSTEMD */ |
671 | #if 0 | |
672 | // Useful for debugging leaks, but might lead to race under load | |
673 | // since other threads are still runing. | |
674 | for(auto& frontend : g_tlslocals) { | |
675 | frontend->cleanup(); | |
676 | } | |
677 | g_tlslocals.clear(); | |
678 | #ifdef HAVE_PROTOBUF | |
679 | google::protobuf::ShutdownProtobufLibrary(); | |
680 | #endif /* HAVE_PROTOBUF */ | |
681 | #endif /* 0 */ | |
6ab65223 PL |
682 | _exit(0); |
683 | } ); | |
df111b53 | 684 | |
7f768697 CHB |
685 | typedef std::unordered_map<std::string, boost::variant<bool, std::string> > showserversopts_t; |
686 | ||
687 | g_lua.writeFunction("showServers", [](boost::optional<showserversopts_t> vars) { | |
f758857a | 688 | setLuaNoSideEffect(); |
7f768697 CHB |
689 | bool showUUIDs = false; |
690 | if (vars) { | |
691 | if (vars->count("showUUIDs")) { | |
692 | showUUIDs = boost::get<bool>((*vars)["showUUIDs"]); | |
693 | } | |
df111b53 | 694 | } |
7f768697 CHB |
695 | try { |
696 | ostringstream ret; | |
697 | boost::format fmt; | |
698 | if (showUUIDs) { | |
699 | fmt = boost::format("%1$-3d %15$-36s %2$-20.20s %|62t|%3% %|92t|%4$5s %|88t|%5$7.1f %|103t|%6$7d %|106t|%7$3d %|115t|%8$2d %|117t|%9$10d %|123t|%10$7d %|128t|%11$5.1f %|146t|%12$5.1f %|152t|%13$11d %14%" ); | |
700 | // 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | |
701 | ret << (fmt % "#" % "Name" % "Address" % "State" % "Qps" % "Qlim" % "Ord" % "Wt" % "Queries" % "Drops" % "Drate" % "Lat" % "Outstanding" % "Pools" % "UUID") << endl; | |
702 | } else { | |
703 | fmt = boost::format("%1$-3d %2$-20.20s %|25t|%3% %|55t|%4$5s %|51t|%5$7.1f %|66t|%6$7d %|69t|%7$3d %|78t|%8$2d %|80t|%9$10d %|86t|%10$7d %|91t|%11$5.1f %|109t|%12$5.1f %|115t|%13$11d %14%" ); | |
704 | ret << (fmt % "#" % "Name" % "Address" % "State" % "Qps" % "Qlim" % "Ord" % "Wt" % "Queries" % "Drops" % "Drate" % "Lat" % "Outstanding" % "Pools") << endl; | |
705 | } | |
df111b53 | 706 | |
7f768697 CHB |
707 | uint64_t totQPS{0}, totQueries{0}, totDrops{0}; |
708 | int counter=0; | |
709 | auto states = g_dstates.getLocal(); | |
710 | for(const auto& s : *states) { | |
711 | string status = s->getStatus(); | |
712 | string pools; | |
713 | for(auto& p : s->pools) { | |
714 | if(!pools.empty()) | |
715 | pools+=" "; | |
716 | pools+=p; | |
717 | } | |
718 | if (showUUIDs) { | |
be05aa91 | 719 | ret << (fmt % counter % s->getName() % s->remote.toStringWithPort() % |
7f768697 CHB |
720 | status % |
721 | s->queryLoad % s->qps.getRate() % s->order % s->weight % s->queries.load() % s->reuseds.load() % (s->dropRate) % (s->latencyUsec/1000.0) % s->outstanding.load() % pools % s->id) << endl; | |
722 | } else { | |
be05aa91 | 723 | ret << (fmt % counter % s->getName() % s->remote.toStringWithPort() % |
7f768697 CHB |
724 | status % |
725 | s->queryLoad % s->qps.getRate() % s->order % s->weight % s->queries.load() % s->reuseds.load() % (s->dropRate) % (s->latencyUsec/1000.0) % s->outstanding.load() % pools) << endl; | |
726 | } | |
727 | totQPS += s->queryLoad; | |
728 | totQueries += s->queries.load(); | |
729 | totDrops += s->reuseds.load(); | |
730 | ++counter; | |
731 | } | |
732 | if (showUUIDs) { | |
733 | ret<< (fmt % "All" % "" % "" % "" | |
734 | % | |
735 | (double)totQPS % "" % "" % "" % totQueries % totDrops % "" % "" % "" % "" % "" ) << endl; | |
736 | } else { | |
737 | ret<< (fmt % "All" % "" % "" % "" | |
738 | % | |
739 | (double)totQPS % "" % "" % "" % totQueries % totDrops % "" % "" % "" % "" ) << endl; | |
740 | } | |
741 | ||
742 | g_outputBuffer=ret.str(); | |
743 | } catch(std::exception& e) { | |
744 | g_outputBuffer=e.what(); | |
745 | throw; | |
746 | } | |
df111b53 | 747 | }); |
748 | ||
6bb38cd6 RG |
749 | g_lua.writeFunction("getServers", []() { |
750 | setLuaNoSideEffect(); | |
751 | vector<pair<int, std::shared_ptr<DownstreamState> > > ret; | |
752 | int count=1; | |
753 | for(const auto& s : g_dstates.getCopy()) { | |
754 | ret.push_back(make_pair(count++, s)); | |
755 | } | |
756 | return ret; | |
8499caaf | 757 | }); |
e27097e4 | 758 | |
6bb38cd6 RG |
759 | g_lua.writeFunction("getPoolServers", [](string pool) { |
760 | return getDownstreamCandidates(g_pools.getCopy(), pool); | |
b1bec9f0 RG |
761 | }); |
762 | ||
adfdcc4b RG |
763 | g_lua.writeFunction("getServer", [client](boost::variant<unsigned int, std::string> i) { |
764 | if (client) { | |
6bb38cd6 | 765 | return std::make_shared<DownstreamState>(ComboAddress()); |
adfdcc4b RG |
766 | } |
767 | auto states = g_dstates.getCopy(); | |
768 | if (auto str = boost::get<std::string>(&i)) { | |
769 | const auto uuid = getUniqueID(*str); | |
770 | for (auto& state : states) { | |
771 | if (state->id == uuid) { | |
772 | return state; | |
773 | } | |
774 | } | |
775 | } | |
776 | else if (auto pos = boost::get<unsigned int>(&i)) { | |
777 | return states.at(*pos); | |
778 | } | |
779 | ||
780 | g_outputBuffer = "Error: no rule matched\n"; | |
781 | return std::shared_ptr<DownstreamState>(nullptr); | |
731774a8 | 782 | }); |
783 | ||
6bb38cd6 | 784 | g_lua.writeFunction("carbonServer", [](const std::string& address, boost::optional<string> ourName, |
48341d8f | 785 | boost::optional<unsigned int> interval, boost::optional<string> namespace_name, |
f7a645ec RG |
786 | boost::optional<string> instance_name) { |
787 | setLuaSideEffect(); | |
788 | auto ours = g_carbon.getCopy(); | |
789 | ours.push_back({ | |
790 | ComboAddress(address, 2003), | |
791 | (namespace_name && !namespace_name->empty()) ? *namespace_name : "dnsdist", | |
792 | ourName ? *ourName : "", | |
793 | (instance_name && !instance_name->empty()) ? *instance_name : "main" , | |
794 | interval ? *interval : 30 | |
795 | }); | |
796 | g_carbon.setState(ours); | |
797 | }); | |
87c605c4 | 798 | |
203b5348 | 799 | g_lua.writeFunction("webserver", [client,configCheck](const std::string& address, const std::string& password, const boost::optional<std::string> apiKey, const boost::optional<std::map<std::string, std::string> > customHeaders) { |
f758857a | 800 | setLuaSideEffect(); |
59b364f3 RG |
801 | ComboAddress local; |
802 | try { | |
803 | local = ComboAddress(address); | |
804 | } | |
805 | catch (const PDNSException& e) { | |
806 | throw std::runtime_error(std::string("Error parsing the bind address for the webserver: ") + e.reason); | |
807 | } | |
808 | ||
203b5348 | 809 | if (client || configCheck) { |
59b364f3 RG |
810 | return; |
811 | } | |
812 | ||
6bb38cd6 RG |
813 | try { |
814 | int sock = SSocket(local.sin4.sin_family, SOCK_STREAM, 0); | |
815 | SSetsockopt(sock, SOL_SOCKET, SO_REUSEADDR, 1); | |
816 | SBind(sock, local); | |
817 | SListen(sock, 5); | |
818 | auto launch=[sock, local, password, apiKey, customHeaders]() { | |
32c97b56 CHB |
819 | setWebserverPassword(password); |
820 | setWebserverAPIKey(apiKey); | |
821 | setWebserverCustomHeaders(customHeaders); | |
80dbd7d2 | 822 | thread t(dnsdistWebserverThread, sock, local); |
6bb38cd6 RG |
823 | t.detach(); |
824 | }; | |
825 | if(g_launchWork) | |
826 | g_launchWork->push_back(launch); | |
827 | else | |
828 | launch(); | |
731774a8 | 829 | } |
830 | catch(std::exception& e) { | |
6bb38cd6 RG |
831 | g_outputBuffer="Unable to bind to webserver socket on " + local.toStringWithPort() + ": " + e.what(); |
832 | errlog("Unable to bind to webserver socket on %s: %s", local.toStringWithPort(), e.what()); | |
731774a8 | 833 | } |
731774a8 | 834 | |
835 | }); | |
836 | ||
32c97b56 CHB |
837 | typedef std::unordered_map<std::string, boost::variant<std::string, std::map<std::string, std::string>> > webserveropts_t; |
838 | ||
839 | g_lua.writeFunction("setWebserverConfig", [](boost::optional<webserveropts_t> vars) { | |
80dbd7d2 | 840 | setLuaSideEffect(); |
32c97b56 CHB |
841 | |
842 | if (!vars) { | |
843 | return ; | |
844 | } | |
845 | if(vars->count("password")) { | |
846 | const std::string password = boost::get<std::string>(vars->at("password")); | |
847 | ||
848 | setWebserverPassword(password); | |
849 | } | |
850 | if(vars->count("apiKey")) { | |
32c97b56 CHB |
851 | const std::string apiKey = boost::get<std::string>(vars->at("apiKey")); |
852 | ||
853 | setWebserverAPIKey(apiKey); | |
854 | } | |
855 | if(vars->count("customHeaders")) { | |
856 | const boost::optional<std::map<std::string, std::string> > headers = boost::get<std::map<std::string, std::string> >(vars->at("customHeaders")); | |
857 | ||
858 | setWebserverCustomHeaders(headers); | |
859 | } | |
80dbd7d2 CHB |
860 | }); |
861 | ||
203b5348 | 862 | g_lua.writeFunction("controlSocket", [client,configCheck](const std::string& str) { |
87c605c4 | 863 | setLuaSideEffect(); |
6bb38cd6 | 864 | ComboAddress local(str, 5199); |
832c1792 | 865 | |
203b5348 | 866 | if(client || configCheck) { |
6bb38cd6 | 867 | g_serverControl = local; |
87c605c4 RG |
868 | return; |
869 | } | |
731774a8 | 870 | |
9c9b4998 RG |
871 | g_consoleEnabled = true; |
872 | #ifdef HAVE_LIBSODIUM | |
873 | if (g_configurationDone && g_consoleKey.empty()) { | |
874 | warnlog("Warning, the console has been enabled via 'controlSocket()' but no key has been set with 'setKey()' so all connections will fail until a key has been set"); | |
875 | } | |
876 | #endif | |
877 | ||
6bb38cd6 RG |
878 | try { |
879 | int sock = SSocket(local.sin4.sin_family, SOCK_STREAM, 0); | |
880 | SSetsockopt(sock, SOL_SOCKET, SO_REUSEADDR, 1); | |
881 | SBind(sock, local); | |
882 | SListen(sock, 5); | |
883 | auto launch=[sock, local]() { | |
884 | thread t(controlThread, sock, local); | |
885 | t.detach(); | |
886 | }; | |
887 | if(g_launchWork) | |
888 | g_launchWork->push_back(launch); | |
889 | else | |
890 | launch(); | |
ae3dfa48 | 891 | |
6bb38cd6 RG |
892 | } |
893 | catch(std::exception& e) { | |
894 | g_outputBuffer="Unable to bind to control socket on " + local.toStringWithPort() + ": " + e.what(); | |
895 | errlog("Unable to bind to control socket on %s: %s", local.toStringWithPort(), e.what()); | |
896 | } | |
63beb26d G |
897 | }); |
898 | ||
b5521206 RG |
899 | g_lua.writeFunction("addConsoleACL", [](const std::string& netmask) { |
900 | setLuaSideEffect(); | |
901 | #ifndef HAVE_LIBSODIUM | |
902 | warnlog("Allowing remote access to the console while libsodium support has not been enabled is not secure, and will result in cleartext communications"); | |
903 | #endif | |
904 | ||
905 | g_consoleACL.modify([netmask](NetmaskGroup& nmg) { nmg.addMask(netmask); }); | |
906 | }); | |
907 | ||
908 | g_lua.writeFunction("setConsoleACL", [](boost::variant<string,vector<pair<int, string>>> inp) { | |
909 | setLuaSideEffect(); | |
910 | ||
911 | #ifndef HAVE_LIBSODIUM | |
912 | warnlog("Allowing remote access to the console while libsodium support has not been enabled is not secure, and will result in cleartext communications"); | |
913 | #endif | |
914 | ||
915 | NetmaskGroup nmg; | |
916 | if(auto str = boost::get<string>(&inp)) { | |
917 | nmg.addMask(*str); | |
918 | } | |
919 | else for(const auto& p : boost::get<vector<pair<int,string>>>(inp)) { | |
920 | nmg.addMask(p.second); | |
921 | } | |
922 | g_consoleACL.setState(nmg); | |
923 | }); | |
924 | ||
925 | g_lua.writeFunction("showConsoleACL", []() { | |
926 | setLuaNoSideEffect(); | |
927 | ||
928 | #ifndef HAVE_LIBSODIUM | |
929 | warnlog("Allowing remote access to the console while libsodium support has not been enabled is not secure, and will result in cleartext communications"); | |
930 | #endif | |
931 | ||
932 | vector<string> vec; | |
933 | g_consoleACL.getLocal()->toStringVector(&vec); | |
934 | ||
935 | for(const auto& s : vec) { | |
936 | g_outputBuffer += s + "\n"; | |
937 | } | |
938 | }); | |
939 | ||
6bb38cd6 RG |
940 | g_lua.writeFunction("clearQueryCounters", []() { |
941 | unsigned int size{0}; | |
942 | { | |
943 | WriteLock wl(&g_qcount.queryLock); | |
944 | size = g_qcount.records.size(); | |
945 | g_qcount.records.clear(); | |
946 | } | |
6eecd4c2 | 947 | |
6bb38cd6 RG |
948 | boost::format fmt("%d records cleared from query counter buffer\n"); |
949 | g_outputBuffer = (fmt % size).str(); | |
2332b03c | 950 | }); |
951 | ||
6bb38cd6 RG |
952 | g_lua.writeFunction("getQueryCounters", [](boost::optional<unsigned int> optMax) { |
953 | setLuaNoSideEffect(); | |
954 | ReadLock rl(&g_qcount.queryLock); | |
955 | g_outputBuffer = "query counting is currently: "; | |
956 | g_outputBuffer+= g_qcount.enabled ? "enabled" : "disabled"; | |
957 | g_outputBuffer+= (boost::format(" (%d records in buffer)\n") % g_qcount.records.size()).str(); | |
f39b7598 | 958 | |
6bb38cd6 RG |
959 | boost::format fmt("%-3d %s: %d request(s)\n"); |
960 | QueryCountRecords::iterator it; | |
961 | unsigned int max = optMax ? *optMax : 10; | |
962 | unsigned int index{1}; | |
963 | for(it = g_qcount.records.begin(); it != g_qcount.records.end() && index <= max; ++it, ++index) { | |
964 | g_outputBuffer += (fmt % index % it->first % it->second).str(); | |
965 | } | |
808c5ef7 | 966 | }); |
967 | ||
6bb38cd6 | 968 | g_lua.writeFunction("setQueryCount", [](bool enabled) { g_qcount.enabled=enabled; }); |
ae3dfa48 | 969 | |
6bb38cd6 RG |
970 | g_lua.writeFunction("setQueryCountFilter", [](QueryCountFilter func) { |
971 | g_qcount.filter = func; | |
886e2cf2 RG |
972 | }); |
973 | ||
6bb38cd6 RG |
974 | g_lua.writeFunction("makeKey", []() { |
975 | setLuaNoSideEffect(); | |
976 | g_outputBuffer="setKey("+newKey()+")\n"; | |
6bba426c | 977 | }); |
978 | ||
6bb38cd6 | 979 | g_lua.writeFunction("setKey", [](const std::string& key) { |
b5521206 | 980 | if(!g_configurationDone && ! g_consoleKey.empty()) { // this makes sure the commandline -k key prevails over dnsdist.conf |
6bb38cd6 RG |
981 | return; // but later setKeys() trump the -k value again |
982 | } | |
b5521206 RG |
983 | #ifndef HAVE_LIBSODIUM |
984 | warnlog("Calling setKey() while libsodium support has not been enabled is not secure, and will result in cleartext communications"); | |
985 | #endif | |
6bba426c | 986 | |
6bb38cd6 RG |
987 | setLuaSideEffect(); |
988 | string newkey; | |
989 | if(B64Decode(key, newkey) < 0) { | |
990 | g_outputBuffer=string("Unable to decode ")+key+" as Base64"; | |
991 | errlog("%s", g_outputBuffer); | |
992 | } | |
2332b03c | 993 | else |
b5521206 | 994 | g_consoleKey=newkey; |
2332b03c | 995 | }); |
996 | ||
6bb38cd6 RG |
997 | g_lua.writeFunction("testCrypto", [](boost::optional<string> optTestMsg) |
998 | { | |
999 | setLuaNoSideEffect(); | |
1000 | #ifdef HAVE_LIBSODIUM | |
1001 | try { | |
1002 | string testmsg; | |
2332b03c | 1003 | |
6bb38cd6 RG |
1004 | if (optTestMsg) { |
1005 | testmsg = *optTestMsg; | |
1006 | } | |
1007 | else { | |
1008 | testmsg = "testStringForCryptoTests"; | |
1009 | } | |
6eecd4c2 | 1010 | |
6bb38cd6 RG |
1011 | SodiumNonce sn, sn2; |
1012 | sn.init(); | |
1013 | sn2=sn; | |
b5521206 RG |
1014 | string encrypted = sodEncryptSym(testmsg, g_consoleKey, sn); |
1015 | string decrypted = sodDecryptSym(encrypted, g_consoleKey, sn2); | |
4ed8dfeb | 1016 | |
6bb38cd6 RG |
1017 | sn.increment(); |
1018 | sn2.increment(); | |
b7860997 | 1019 | |
b5521206 RG |
1020 | encrypted = sodEncryptSym(testmsg, g_consoleKey, sn); |
1021 | decrypted = sodDecryptSym(encrypted, g_consoleKey, sn2); | |
36da3ecd | 1022 | |
6bb38cd6 RG |
1023 | if(testmsg == decrypted) |
1024 | g_outputBuffer="Everything is ok!\n"; | |
1025 | else | |
c29bf3df RG |
1026 | g_outputBuffer="Crypto failed.. (the decoded value does not match the cleartext one)\n"; |
1027 | } | |
1028 | catch(const std::exception& e) { | |
1029 | g_outputBuffer="Crypto failed: "+std::string(e.what())+"\n"; | |
6bb38cd6 RG |
1030 | } |
1031 | catch(...) { | |
1032 | g_outputBuffer="Crypto failed..\n"; | |
1033 | } | |
1034 | #else | |
1035 | g_outputBuffer="Crypto not available.\n"; | |
1036 | #endif | |
1037 | }); | |
b7860997 | 1038 | |
6bb38cd6 | 1039 | g_lua.writeFunction("setTCPRecvTimeout", [](int timeout) { g_tcpRecvTimeout=timeout; }); |
89cb6f9a | 1040 | |
6bb38cd6 | 1041 | g_lua.writeFunction("setTCPSendTimeout", [](int timeout) { g_tcpSendTimeout=timeout; }); |
89cb6f9a | 1042 | |
6bb38cd6 | 1043 | g_lua.writeFunction("setUDPTimeout", [](int timeout) { g_udpTimeout=timeout; }); |
d3826006 | 1044 | |
6bb38cd6 RG |
1045 | g_lua.writeFunction("setMaxUDPOutstanding", [](uint16_t max) { |
1046 | if (!g_configurationDone) { | |
1047 | g_maxOutstanding = max; | |
1048 | } else { | |
1049 | g_outputBuffer="Max UDP outstanding cannot be altered at runtime!\n"; | |
b7860997 | 1050 | } |
55baa1f2 RG |
1051 | }); |
1052 | ||
6bb38cd6 RG |
1053 | g_lua.writeFunction("setMaxTCPClientThreads", [](uint64_t max) { |
1054 | if (!g_configurationDone) { | |
1055 | g_maxTCPClientThreads = max; | |
1056 | } else { | |
1057 | g_outputBuffer="Maximum TCP client threads count cannot be altered at runtime!\n"; | |
1058 | } | |
55baa1f2 RG |
1059 | }); |
1060 | ||
6bb38cd6 RG |
1061 | g_lua.writeFunction("setMaxTCPQueuedConnections", [](uint64_t max) { |
1062 | if (!g_configurationDone) { | |
1063 | g_maxTCPQueuedConnections = max; | |
1064 | } else { | |
1065 | g_outputBuffer="The maximum number of queued TCP connections cannot be altered at runtime!\n"; | |
1066 | } | |
55baa1f2 RG |
1067 | }); |
1068 | ||
6bb38cd6 RG |
1069 | g_lua.writeFunction("setMaxTCPQueriesPerConnection", [](size_t max) { |
1070 | if (!g_configurationDone) { | |
1071 | g_maxTCPQueriesPerConn = max; | |
1072 | } else { | |
1073 | g_outputBuffer="The maximum number of queries per TCP connection cannot be altered at runtime!\n"; | |
1074 | } | |
57c61ce9 RG |
1075 | }); |
1076 | ||
6bb38cd6 RG |
1077 | g_lua.writeFunction("setMaxTCPConnectionsPerClient", [](size_t max) { |
1078 | if (!g_configurationDone) { | |
1079 | g_maxTCPConnectionsPerClient = max; | |
1080 | } else { | |
1081 | g_outputBuffer="The maximum number of TCP connection per client cannot be altered at runtime!\n"; | |
1082 | } | |
57c61ce9 RG |
1083 | }); |
1084 | ||
6bb38cd6 RG |
1085 | g_lua.writeFunction("setMaxTCPConnectionDuration", [](size_t max) { |
1086 | if (!g_configurationDone) { | |
1087 | g_maxTCPConnectionDuration = max; | |
1088 | } else { | |
1089 | g_outputBuffer="The maximum duration of a TCP connection cannot be altered at runtime!\n"; | |
1090 | } | |
788c3243 RG |
1091 | }); |
1092 | ||
6bb38cd6 | 1093 | g_lua.writeFunction("setCacheCleaningDelay", [](uint32_t delay) { g_cacheCleaningDelay = delay; }); |
0570f37c | 1094 | |
6bb38cd6 | 1095 | g_lua.writeFunction("setCacheCleaningPercentage", [](uint16_t percentage) { if (percentage < 100) g_cacheCleaningPercentage = percentage; else g_cacheCleaningPercentage = 100; }); |
0570f37c | 1096 | |
6bb38cd6 | 1097 | g_lua.writeFunction("setECSSourcePrefixV4", [](uint16_t prefix) { g_ECSSourcePrefixV4=prefix; }); |
f39b7598 | 1098 | |
6bb38cd6 | 1099 | g_lua.writeFunction("setECSSourcePrefixV6", [](uint16_t prefix) { g_ECSSourcePrefixV6=prefix; }); |
0570f37c | 1100 | |
6bb38cd6 | 1101 | g_lua.writeFunction("setECSOverride", [](bool override) { g_ECSOverride=override; }); |
df111b53 | 1102 | |
53c57da7 RG |
1103 | g_lua.writeFunction("setPreserveTrailingData", [](bool preserve) { g_preserveTrailingData = preserve; }); |
1104 | ||
6bb38cd6 RG |
1105 | g_lua.writeFunction("showDynBlocks", []() { |
1106 | setLuaNoSideEffect(); | |
1107 | auto slow = g_dynblockNMG.getCopy(); | |
1108 | struct timespec now; | |
1109 | gettime(&now); | |
1d3ba133 RG |
1110 | boost::format fmt("%-24s %8d %8d %-10s %-20s %s\n"); |
1111 | g_outputBuffer = (fmt % "What" % "Seconds" % "Blocks" % "Warning" % "Action" % "Reason").str(); | |
6bb38cd6 | 1112 | for(const auto& e: slow) { |
7c888097 SB |
1113 | if(now < e.second.until) |
1114 | g_outputBuffer+= (fmt % e.first.toString() % (e.second.until.tv_sec - now.tv_sec) % e.second.blocks % (e.second.warning ? "true" : "false") % DNSAction::typeToString(e.second.action != DNSAction::Action::None ? e.second.action : g_dynBlockAction) % e.second.reason).str(); | |
6bb38cd6 RG |
1115 | } |
1116 | auto slow2 = g_dynblockSMT.getCopy(); | |
1117 | slow2.visit([&now, &fmt](const SuffixMatchTree<DynBlock>& node) { | |
1118 | if(now <node.d_value.until) { | |
1119 | string dom("empty"); | |
1120 | if(!node.d_value.domain.empty()) | |
1121 | dom = node.d_value.domain.toString(); | |
1d3ba133 | 1122 | g_outputBuffer+= (fmt % dom % (node.d_value.until.tv_sec - now.tv_sec) % node.d_value.blocks % (node.d_value.warning ? "true" : "false") % DNSAction::typeToString(node.d_value.action != DNSAction::Action::None ? node.d_value.action : g_dynBlockAction) % node.d_value.reason).str(); |
6bb38cd6 RG |
1123 | } |
1124 | }); | |
832c1792 | 1125 | |
520eb5a0 | 1126 | }); |
df111b53 | 1127 | |
6bb38cd6 | 1128 | g_lua.writeFunction("clearDynBlocks", []() { |
f758857a | 1129 | setLuaSideEffect(); |
6bb38cd6 RG |
1130 | nmts_t nmg; |
1131 | g_dynblockNMG.setState(nmg); | |
1132 | SuffixMatchTree<DynBlock> smt; | |
1133 | g_dynblockSMT.setState(smt); | |
1134 | }); | |
1135 | ||
1136 | g_lua.writeFunction("addDynBlocks", | |
f8327125 | 1137 | [](const std::unordered_map<ComboAddress,unsigned int, ComboAddress::addressOnlyHash, ComboAddress::addressOnlyEqual>& m, const std::string& msg, boost::optional<int> seconds, boost::optional<DNSAction::Action> action) { |
6ddb008a RG |
1138 | if (m.empty()) { |
1139 | return; | |
1140 | } | |
6bb38cd6 RG |
1141 | setLuaSideEffect(); |
1142 | auto slow = g_dynblockNMG.getCopy(); | |
1143 | struct timespec until, now; | |
1144 | gettime(&now); | |
1145 | until=now; | |
1146 | int actualSeconds = seconds ? *seconds : 10; | |
1147 | until.tv_sec += actualSeconds; | |
1148 | for(const auto& capair : m) { | |
1149 | unsigned int count = 0; | |
1150 | auto got = slow.lookup(Netmask(capair.first)); | |
1151 | bool expired=false; | |
1152 | if(got) { | |
1153 | if(until < got->second.until) // had a longer policy | |
1154 | continue; | |
1155 | if(now < got->second.until) // only inherit count on fresh query we are extending | |
1156 | count=got->second.blocks; | |
1157 | else | |
1158 | expired=true; | |
1159 | } | |
1160 | DynBlock db{msg,until,DNSName(),(action ? *action : DNSAction::Action::None)}; | |
1161 | db.blocks=count; | |
1162 | if(!got || expired) | |
1163 | warnlog("Inserting dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg); | |
1164 | slow.insert(Netmask(capair.first)).second=db; | |
1165 | } | |
1166 | g_dynblockNMG.setState(slow); | |
1167 | }); | |
1168 | ||
1169 | g_lua.writeFunction("addDynBlockSMT", | |
1170 | [](const vector<pair<unsigned int, string> >&names, const std::string& msg, boost::optional<int> seconds, boost::optional<DNSAction::Action> action) { | |
6ddb008a RG |
1171 | if (names.empty()) { |
1172 | return; | |
1173 | } | |
6bb38cd6 RG |
1174 | setLuaSideEffect(); |
1175 | auto slow = g_dynblockSMT.getCopy(); | |
1176 | struct timespec until, now; | |
1177 | gettime(&now); | |
1178 | until=now; | |
1179 | int actualSeconds = seconds ? *seconds : 10; | |
1180 | until.tv_sec += actualSeconds; | |
1181 | ||
1182 | for(const auto& capair : names) { | |
1183 | unsigned int count = 0; | |
1184 | DNSName domain(capair.second); | |
86df840d | 1185 | domain.makeUsLowerCase(); |
6bb38cd6 RG |
1186 | auto got = slow.lookup(domain); |
1187 | bool expired=false; | |
1188 | if(got) { | |
1189 | if(until < got->until) // had a longer policy | |
1190 | continue; | |
1191 | if(now < got->until) // only inherit count on fresh query we are extending | |
1192 | count=got->blocks; | |
1193 | else | |
1194 | expired=true; | |
1195 | } | |
1196 | ||
1197 | DynBlock db{msg,until,domain,(action ? *action : DNSAction::Action::None)}; | |
1198 | db.blocks=count; | |
1199 | if(!got || expired) | |
1200 | warnlog("Inserting dynamic block for %s for %d seconds: %s", domain, actualSeconds, msg); | |
1201 | slow.add(domain, db); | |
1202 | } | |
1203 | g_dynblockSMT.setState(slow); | |
1204 | }); | |
1205 | ||
1206 | g_lua.writeFunction("setDynBlocksAction", [](DNSAction::Action action) { | |
1207 | if (!g_configurationDone) { | |
3d60b39a | 1208 | if (action == DNSAction::Action::Drop || action == DNSAction::Action::NoOp || action == DNSAction::Action::Nxdomain || action == DNSAction::Action::Refused || action == DNSAction::Action::Truncate || action == DNSAction::Action::NoRecurse) { |
6bb38cd6 RG |
1209 | g_dynBlockAction = action; |
1210 | } | |
1211 | else { | |
3d60b39a | 1212 | errlog("Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused, Truncate or NoRecurse!"); |
1213 | g_outputBuffer="Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused, Truncate or NoRecurse!\n"; | |
6bb38cd6 RG |
1214 | } |
1215 | } else { | |
1216 | g_outputBuffer="Dynamic blocks action cannot be altered at runtime!\n"; | |
1217 | } | |
df111b53 | 1218 | }); |
832c1792 | 1219 | |
37b6d73d | 1220 | g_lua.writeFunction("addDNSCryptBind", [](const std::string& addr, const std::string& providerName, boost::variant<std::string, std::vector<std::pair<int, std::string>>> certFiles, boost::variant<std::string, std::vector<std::pair<int, std::string>>> keyFiles, boost::optional<localbind_t> vars) { |
6bb38cd6 RG |
1221 | if (g_configurationDone) { |
1222 | g_outputBuffer="addDNSCryptBind cannot be used at runtime!\n"; | |
1223 | return; | |
1224 | } | |
1225 | #ifdef HAVE_DNSCRYPT | |
6bb38cd6 RG |
1226 | bool reusePort = false; |
1227 | int tcpFastOpenQueueSize = 0; | |
c58723d7 | 1228 | int tcpListenQueueSize = 0; |
6bb38cd6 RG |
1229 | std::string interface; |
1230 | std::set<int> cpus; | |
37b6d73d | 1231 | std::vector<DNSCryptContext::CertKeyPaths> certKeys; |
df111b53 | 1232 | |
c58723d7 | 1233 | parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize); |
df111b53 | 1234 | |
37b6d73d RG |
1235 | if (certFiles.type() == typeid(std::string) && keyFiles.type() == typeid(std::string)) { |
1236 | auto certFile = boost::get<std::string>(certFiles); | |
1237 | auto keyFile = boost::get<std::string>(keyFiles); | |
1238 | certKeys.push_back({certFile, keyFile}); | |
1239 | } | |
1240 | else if (certFiles.type() == typeid(std::vector<std::pair<int,std::string>>) && keyFiles.type() == typeid(std::vector<std::pair<int,std::string>>)) { | |
1241 | auto certFilesVect = boost::get<std::vector<std::pair<int,std::string>>>(certFiles); | |
1242 | auto keyFilesVect = boost::get<std::vector<std::pair<int,std::string>>>(keyFiles); | |
1243 | if (certFilesVect.size() == keyFilesVect.size()) { | |
1244 | for (size_t idx = 0; idx < certFilesVect.size(); idx++) { | |
1245 | certKeys.push_back({certFilesVect.at(idx).second, keyFilesVect.at(idx).second}); | |
1246 | } | |
1247 | } | |
1248 | else { | |
1249 | errlog("Error, mismatching number of certificates and keys in call to addDNSCryptBind!"); | |
1250 | g_outputBuffer="Error, mismatching number of certificates and keys in call to addDNSCryptBind()!"; | |
1251 | return; | |
1252 | } | |
1253 | } | |
1254 | else { | |
1255 | errlog("Error, mismatching number of certificates and keys in call to addDNSCryptBind()!"); | |
1256 | g_outputBuffer="Error, mismatching number of certificates and keys in call to addDNSCryptBind()!"; | |
1257 | return; | |
1258 | } | |
1259 | ||
6bb38cd6 | 1260 | try { |
37b6d73d | 1261 | auto ctx = std::make_shared<DNSCryptContext>(providerName, certKeys); |
6e9fd124 RG |
1262 | |
1263 | /* UDP */ | |
1264 | auto cs = std::unique_ptr<ClientState>(new ClientState(ComboAddress(addr, 443), false, reusePort, tcpFastOpenQueueSize, interface, cpus)); | |
1265 | cs->dnscryptCtx = ctx; | |
1266 | g_dnsCryptLocals.push_back(ctx); | |
1267 | g_frontends.push_back(std::move(cs)); | |
1268 | ||
1269 | /* TCP */ | |
1270 | cs = std::unique_ptr<ClientState>(new ClientState(ComboAddress(addr, 443), true, reusePort, tcpFastOpenQueueSize, interface, cpus)); | |
1271 | cs->dnscryptCtx = ctx; | |
c58723d7 RG |
1272 | if (tcpListenQueueSize > 0) { |
1273 | cs->tcpListenQueueSize = tcpListenQueueSize; | |
1274 | } | |
1275 | ||
6e9fd124 | 1276 | g_frontends.push_back(std::move(cs)); |
df111b53 | 1277 | } |
6bb38cd6 RG |
1278 | catch(std::exception& e) { |
1279 | errlog(e.what()); | |
1280 | g_outputBuffer="Error: "+string(e.what())+"\n"; | |
1281 | } | |
1282 | #else | |
1283 | g_outputBuffer="Error: DNSCrypt support is not enabled.\n"; | |
1284 | #endif | |
4d5959e6 | 1285 | |
df111b53 | 1286 | }); |
1287 | ||
6bb38cd6 | 1288 | g_lua.writeFunction("showDNSCryptBinds", []() { |
f758857a | 1289 | setLuaNoSideEffect(); |
6bb38cd6 RG |
1290 | #ifdef HAVE_DNSCRYPT |
1291 | ostringstream ret; | |
43234e76 RG |
1292 | boost::format fmt("%1$-3d %2% %|25t|%3$-20.20s"); |
1293 | ret << (fmt % "#" % "Address" % "Provider Name") << endl; | |
6bb38cd6 RG |
1294 | size_t idx = 0; |
1295 | ||
26438bc9 | 1296 | std::unordered_set<std::shared_ptr<DNSCryptContext>> contexts; |
6e9fd124 RG |
1297 | for (const auto& frontend : g_frontends) { |
1298 | const std::shared_ptr<DNSCryptContext> ctx = frontend->dnscryptCtx; | |
26438bc9 | 1299 | if (!ctx || contexts.count(ctx) != 0) { |
a6544e62 RG |
1300 | continue; |
1301 | } | |
26438bc9 | 1302 | contexts.insert(ctx); |
6e9fd124 | 1303 | ret<< (fmt % idx % frontend->local.toStringWithPort() % ctx->getProviderName()) << endl; |
6bb38cd6 | 1304 | idx++; |
df111b53 | 1305 | } |
df111b53 | 1306 | |
6bb38cd6 RG |
1307 | g_outputBuffer=ret.str(); |
1308 | #else | |
1309 | g_outputBuffer="Error: DNSCrypt support is not enabled.\n"; | |
1310 | #endif | |
886e2cf2 | 1311 | }); |
df111b53 | 1312 | |
43234e76 | 1313 | g_lua.writeFunction("getDNSCryptBind", [](size_t idx) { |
6bb38cd6 RG |
1314 | setLuaNoSideEffect(); |
1315 | #ifdef HAVE_DNSCRYPT | |
43234e76 | 1316 | std::shared_ptr<DNSCryptContext> ret = nullptr; |
6bb38cd6 | 1317 | if (idx < g_dnsCryptLocals.size()) { |
6e9fd124 | 1318 | ret = g_dnsCryptLocals.at(idx); |
d92708ed | 1319 | } |
6bb38cd6 RG |
1320 | return ret; |
1321 | #else | |
1322 | g_outputBuffer="Error: DNSCrypt support is not enabled.\n"; | |
1323 | #endif | |
d92708ed RG |
1324 | }); |
1325 | ||
265260f5 RG |
1326 | g_lua.writeFunction("getDNSCryptBindCount", []() { |
1327 | setLuaNoSideEffect(); | |
1328 | return g_dnsCryptLocals.size(); | |
1329 | }); | |
1330 | ||
203b5348 | 1331 | g_lua.writeFunction("generateDNSCryptProviderKeys", [client](const std::string& publicKeyFile, const std::string privateKeyFile) { |
6bb38cd6 RG |
1332 | setLuaNoSideEffect(); |
1333 | #ifdef HAVE_DNSCRYPT | |
203b5348 RG |
1334 | if (client) { |
1335 | return; | |
1336 | } | |
6bb38cd6 RG |
1337 | unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]; |
1338 | unsigned char privateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE]; | |
1339 | sodium_mlock(privateKey, sizeof(privateKey)); | |
4c6f4321 | 1340 | |
6bb38cd6 | 1341 | try { |
43234e76 | 1342 | DNSCryptContext::generateProviderKeys(publicKey, privateKey); |
4c6f4321 | 1343 | |
6bb38cd6 RG |
1344 | ofstream pubKStream(publicKeyFile); |
1345 | pubKStream.write((char*) publicKey, sizeof(publicKey)); | |
1346 | pubKStream.close(); | |
df111b53 | 1347 | |
6bb38cd6 RG |
1348 | ofstream privKStream(privateKeyFile); |
1349 | privKStream.write((char*) privateKey, sizeof(privateKey)); | |
1350 | privKStream.close(); | |
df111b53 | 1351 | |
43234e76 | 1352 | g_outputBuffer="Provider fingerprint is: " + DNSCryptContext::getProviderFingerprint(publicKey) + "\n"; |
6bb38cd6 RG |
1353 | } |
1354 | catch(std::exception& e) { | |
1355 | errlog(e.what()); | |
1356 | g_outputBuffer="Error: "+string(e.what())+"\n"; | |
1357 | } | |
df111b53 | 1358 | |
6bb38cd6 RG |
1359 | sodium_memzero(privateKey, sizeof(privateKey)); |
1360 | sodium_munlock(privateKey, sizeof(privateKey)); | |
1361 | #else | |
1362 | g_outputBuffer="Error: DNSCrypt support is not enabled.\n"; | |
1363 | #endif | |
aeb36780 RG |
1364 | }); |
1365 | ||
6bb38cd6 RG |
1366 | g_lua.writeFunction("printDNSCryptProviderFingerprint", [](const std::string& publicKeyFile) { |
1367 | setLuaNoSideEffect(); | |
1368 | #ifdef HAVE_DNSCRYPT | |
1369 | unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]; | |
aeb36780 | 1370 | |
6bb38cd6 RG |
1371 | try { |
1372 | ifstream file(publicKeyFile); | |
1373 | file.read((char *) &publicKey, sizeof(publicKey)); | |
df111b53 | 1374 | |
6bb38cd6 RG |
1375 | if (file.fail()) |
1376 | throw std::runtime_error("Invalid dnscrypt provider public key file " + publicKeyFile); | |
df111b53 | 1377 | |
6bb38cd6 | 1378 | file.close(); |
43234e76 | 1379 | g_outputBuffer="Provider fingerprint is: " + DNSCryptContext::getProviderFingerprint(publicKey) + "\n"; |
6bb38cd6 RG |
1380 | } |
1381 | catch(std::exception& e) { | |
1382 | errlog(e.what()); | |
1383 | g_outputBuffer="Error: "+string(e.what())+"\n"; | |
1384 | } | |
1385 | #else | |
1386 | g_outputBuffer="Error: DNSCrypt support is not enabled.\n"; | |
1387 | #endif | |
df111b53 | 1388 | }); |
1389 | ||
501983cd | 1390 | #ifdef HAVE_DNSCRYPT |
203b5348 | 1391 | g_lua.writeFunction("generateDNSCryptCertificate", [client](const std::string& providerPrivateKeyFile, const std::string& certificateFile, const std::string privateKeyFile, uint32_t serial, time_t begin, time_t end, boost::optional<DNSCryptExchangeVersion> version) { |
6bb38cd6 | 1392 | setLuaNoSideEffect(); |
203b5348 RG |
1393 | if (client) { |
1394 | return; | |
1395 | } | |
43234e76 RG |
1396 | DNSCryptPrivateKey privateKey; |
1397 | DNSCryptCert cert; | |
42fae326 | 1398 | |
50bed881 | 1399 | try { |
43234e76 | 1400 | if (generateDNSCryptCertificate(providerPrivateKeyFile, serial, begin, end, version ? *version : DNSCryptExchangeVersion::VERSION1, cert, privateKey)) { |
6bb38cd6 | 1401 | privateKey.saveToFile(privateKeyFile); |
43234e76 | 1402 | DNSCryptContext::saveCertFromFile(cert, certificateFile); |
6bb38cd6 | 1403 | } |
50bed881 | 1404 | } |
6bb38cd6 RG |
1405 | catch(const std::exception& e) { |
1406 | errlog(e.what()); | |
1407 | g_outputBuffer="Error: "+string(e.what())+"\n"; | |
50bed881 | 1408 | } |
50bed881 | 1409 | }); |
501983cd | 1410 | #endif |
df111b53 | 1411 | |
6bb38cd6 RG |
1412 | g_lua.writeFunction("showPools", []() { |
1413 | setLuaNoSideEffect(); | |
df111b53 | 1414 | try { |
6bb38cd6 RG |
1415 | ostringstream ret; |
1416 | boost::format fmt("%1$-20.20s %|25t|%2$20s %|25t|%3$20s %|50t|%4%" ); | |
1417 | // 1 2 3 4 | |
1418 | ret << (fmt % "Name" % "Cache" % "ServerPolicy" % "Servers" ) << endl; | |
1419 | ||
1420 | const auto localPools = g_pools.getCopy(); | |
1421 | for (const auto& entry : localPools) { | |
1422 | const string& name = entry.first; | |
1423 | const std::shared_ptr<ServerPool> pool = entry.second; | |
1424 | string cache = pool->packetCache != nullptr ? pool->packetCache->toString() : ""; | |
1425 | string policy = g_policy.getLocal()->name; | |
1426 | if (pool->policy != nullptr) { | |
1427 | policy = pool->policy->name; | |
1428 | } | |
1429 | string servers; | |
1430 | ||
a1b1a29d | 1431 | for (const auto& server: pool->getServers()) { |
6bb38cd6 RG |
1432 | if (!servers.empty()) { |
1433 | servers += ", "; | |
1434 | } | |
be05aa91 RG |
1435 | if (!server.second->getName().empty()) { |
1436 | servers += server.second->getName(); | |
6bb38cd6 RG |
1437 | servers += " "; |
1438 | } | |
1439 | servers += server.second->remote.toStringWithPort(); | |
1440 | } | |
1441 | ||
1442 | ret << (fmt % name % cache % policy % servers) << endl; | |
1443 | } | |
1444 | g_outputBuffer=ret.str(); | |
1445 | }catch(std::exception& e) { g_outputBuffer=e.what(); throw; } | |
1446 | }); | |
1447 | ||
1448 | g_lua.writeFunction("getPool", [client](const string& poolName) { | |
1449 | if (client) { | |
1450 | return std::make_shared<ServerPool>(); | |
df111b53 | 1451 | } |
6bb38cd6 RG |
1452 | auto localPools = g_pools.getCopy(); |
1453 | std::shared_ptr<ServerPool> pool = createPoolIfNotExists(localPools, poolName); | |
1454 | g_pools.setState(localPools); | |
1455 | return pool; | |
df111b53 | 1456 | }); |
1457 | ||
6bb38cd6 RG |
1458 | g_lua.writeFunction("setVerboseHealthChecks", [](bool verbose) { g_verboseHealthChecks=verbose; }); |
1459 | g_lua.writeFunction("setStaleCacheEntriesTTL", [](uint32_t ttl) { g_staleCacheEntriesTTL = ttl; }); | |
03ebf8b2 | 1460 | |
6bb38cd6 | 1461 | g_lua.writeFunction("showBinds", []() { |
f758857a | 1462 | setLuaNoSideEffect(); |
6bb38cd6 RG |
1463 | try { |
1464 | ostringstream ret; | |
ba7ec340 | 1465 | boost::format fmt("%1$-3d %2$-20.20s %|35t|%3$-20.20s %|57t|%4%" ); |
6bb38cd6 RG |
1466 | // 1 2 3 4 |
1467 | ret << (fmt % "#" % "Address" % "Protocol" % "Queries" ) << endl; | |
1468 | ||
1469 | size_t counter = 0; | |
1470 | for (const auto& front : g_frontends) { | |
ba7ec340 | 1471 | ret << (fmt % counter % front->local.toStringWithPort() % front->getType() % front->queries) << endl; |
6bb38cd6 | 1472 | counter++; |
0e41337b | 1473 | } |
6bb38cd6 RG |
1474 | g_outputBuffer=ret.str(); |
1475 | }catch(std::exception& e) { g_outputBuffer=e.what(); throw; } | |
0e5b3cff | 1476 | }); |
1477 | ||
6bb38cd6 | 1478 | g_lua.writeFunction("getBind", [](size_t num) { |
f758857a | 1479 | setLuaNoSideEffect(); |
6bb38cd6 RG |
1480 | ClientState* ret = nullptr; |
1481 | if(num < g_frontends.size()) { | |
6e9fd124 | 1482 | ret=g_frontends[num].get(); |
df111b53 | 1483 | } |
df111b53 | 1484 | return ret; |
6bb38cd6 | 1485 | }); |
df111b53 | 1486 | |
265260f5 RG |
1487 | g_lua.writeFunction("getBindCount", []() { |
1488 | setLuaNoSideEffect(); | |
1489 | return g_frontends.size(); | |
1490 | }); | |
1491 | ||
6bb38cd6 RG |
1492 | g_lua.writeFunction("help", [](boost::optional<std::string> command) { |
1493 | setLuaNoSideEffect(); | |
1494 | g_outputBuffer = ""; | |
1495 | for (const auto& keyword : g_consoleKeywords) { | |
1496 | if (!command) { | |
1497 | g_outputBuffer += keyword.toString() + "\n"; | |
1498 | } | |
1499 | else if (keyword.name == command) { | |
1500 | g_outputBuffer = keyword.toString() + "\n"; | |
1501 | return; | |
1502 | } | |
1503 | } | |
1504 | if (command) { | |
1505 | g_outputBuffer = "Nothing found for " + *command + "\n"; | |
786e4d8c | 1506 | } |
786e4d8c | 1507 | }); |
520eb5a0 | 1508 | |
6bb38cd6 | 1509 | g_lua.writeFunction("showVersion", []() { |
786e4d8c | 1510 | setLuaNoSideEffect(); |
6bb38cd6 | 1511 | g_outputBuffer = "dnsdist " + std::string(VERSION) + "\n"; |
786e4d8c RS |
1512 | }); |
1513 | ||
eb0ca460 PL |
1514 | g_lua.writeFunction("showSecurityStatus", []() { |
1515 | setLuaNoSideEffect(); | |
1516 | g_outputBuffer = std::to_string(g_stats.securityStatus) + "\n"; | |
1517 | }); | |
1518 | ||
6bb38cd6 RG |
1519 | #ifdef HAVE_EBPF |
1520 | g_lua.writeFunction("setDefaultBPFFilter", [](std::shared_ptr<BPFFilter> bpf) { | |
1521 | if (g_configurationDone) { | |
1522 | g_outputBuffer="setDefaultBPFFilter() cannot be used at runtime!\n"; | |
1523 | return; | |
1524 | } | |
1525 | g_defaultBPFFilter = bpf; | |
786e4d8c | 1526 | }); |
62edea30 | 1527 | |
6bb38cd6 RG |
1528 | g_lua.writeFunction("registerDynBPFFilter", [](std::shared_ptr<DynBPFFilter> dbpf) { |
1529 | if (dbpf) { | |
1530 | g_dynBPFFilters.push_back(dbpf); | |
520eb5a0 | 1531 | } |
520eb5a0 | 1532 | }); |
f5b58807 | 1533 | |
6bb38cd6 RG |
1534 | g_lua.writeFunction("unregisterDynBPFFilter", [](std::shared_ptr<DynBPFFilter> dbpf) { |
1535 | if (dbpf) { | |
1536 | for (auto it = g_dynBPFFilters.begin(); it != g_dynBPFFilters.end(); it++) { | |
1537 | if (*it == dbpf) { | |
1538 | g_dynBPFFilters.erase(it); | |
1539 | break; | |
1540 | } | |
1541 | } | |
1542 | } | |
2d11d1b2 | 1543 | }); |
df111b53 | 1544 | |
b6ba8123 | 1545 | g_lua.writeFunction("addBPFFilterDynBlocks", [](const std::unordered_map<ComboAddress,unsigned int, ComboAddress::addressOnlyHash, ComboAddress::addressOnlyEqual>& m, std::shared_ptr<DynBPFFilter> dynbpf, boost::optional<int> seconds, boost::optional<std::string> msg) { |
6bb38cd6 RG |
1546 | setLuaSideEffect(); |
1547 | struct timespec until, now; | |
1548 | clock_gettime(CLOCK_MONOTONIC, &now); | |
1549 | until=now; | |
1550 | int actualSeconds = seconds ? *seconds : 10; | |
1551 | until.tv_sec += actualSeconds; | |
1552 | for(const auto& capair : m) { | |
4900be3f RG |
1553 | if (dynbpf->block(capair.first, until)) { |
1554 | warnlog("Inserting eBPF dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg ? *msg : ""); | |
1555 | } | |
6bb38cd6 | 1556 | } |
df111b53 | 1557 | }); |
62edea30 | 1558 | |
6bb38cd6 | 1559 | #endif /* HAVE_EBPF */ |
2d11d1b2 | 1560 | |
6bb38cd6 | 1561 | g_lua.writeFunction<std::unordered_map<string,uint64_t>()>("getStatisticsCounters", []() { |
f758857a | 1562 | setLuaNoSideEffect(); |
6bb38cd6 RG |
1563 | std::unordered_map<string,uint64_t> res; |
1564 | for(const auto& entry : g_stats.entries) { | |
1565 | if(const auto& val = boost::get<DNSDistStats::stat_t*>(&entry.second)) | |
1566 | res[entry.first] = (*val)->load(); | |
df111b53 | 1567 | } |
6bb38cd6 RG |
1568 | return res; |
1569 | }); | |
df111b53 | 1570 | |
6bb38cd6 RG |
1571 | g_lua.writeFunction("includeDirectory", [](const std::string& dirname) { |
1572 | if (g_configurationDone) { | |
1573 | errlog("includeDirectory() cannot be used at runtime!"); | |
1574 | g_outputBuffer="includeDirectory() cannot be used at runtime!\n"; | |
1575 | return; | |
df111b53 | 1576 | } |
1577 | ||
6bb38cd6 RG |
1578 | if (g_included) { |
1579 | errlog("includeDirectory() cannot be used recursively!"); | |
1580 | g_outputBuffer="includeDirectory() cannot be used recursively!\n"; | |
e12b3374 RG |
1581 | return; |
1582 | } | |
1583 | ||
6bb38cd6 RG |
1584 | g_included = true; |
1585 | struct stat st; | |
1586 | if (stat(dirname.c_str(), &st)) { | |
1587 | errlog("The included directory %s does not exist!", dirname.c_str()); | |
1588 | g_outputBuffer="The included directory " + dirname + " does not exist!"; | |
1589 | return; | |
df111b53 | 1590 | } |
df111b53 | 1591 | |
6bb38cd6 RG |
1592 | if (!S_ISDIR(st.st_mode)) { |
1593 | errlog("The included directory %s is not a directory!", dirname.c_str()); | |
1594 | g_outputBuffer="The included directory " + dirname + " is not a directory!"; | |
1595 | return; | |
6f6b4d69 | 1596 | } |
1597 | ||
6bb38cd6 RG |
1598 | DIR *dirp; |
1599 | struct dirent *ent; | |
1600 | std::list<std::string> files; | |
1601 | if (!(dirp = opendir(dirname.c_str()))) { | |
1602 | errlog("Error opening the included directory %s!", dirname.c_str()); | |
1603 | g_outputBuffer="Error opening the included directory " + dirname + "!"; | |
1604 | return; | |
6f6b4d69 | 1605 | } |
df111b53 | 1606 | |
6bb38cd6 RG |
1607 | while((ent = readdir(dirp)) != NULL) { |
1608 | if (ent->d_name[0] == '.') { | |
1609 | continue; | |
1610 | } | |
3f6d07a4 | 1611 | |
6bb38cd6 RG |
1612 | if (boost::ends_with(ent->d_name, ".conf")) { |
1613 | std::ostringstream namebuf; | |
1614 | namebuf << dirname.c_str() << "/" << ent->d_name; | |
2a817e5a | 1615 | |
6bb38cd6 RG |
1616 | if (stat(namebuf.str().c_str(), &st) || !S_ISREG(st.st_mode)) { |
1617 | continue; | |
1618 | } | |
e0b5e49d | 1619 | |
6bb38cd6 RG |
1620 | files.push_back(namebuf.str()); |
1621 | } | |
e41f8165 | 1622 | } |
e41f8165 | 1623 | |
6bb38cd6 RG |
1624 | closedir(dirp); |
1625 | files.sort(); | |
1626 | ||
1627 | for (auto file = files.begin(); file != files.end(); ++file) { | |
1628 | std::ifstream ifs(*file); | |
1629 | if (!ifs) { | |
1630 | warnlog("Unable to read configuration from '%s'", *file); | |
1631 | } else { | |
1632 | vinfolog("Read configuration from '%s'", *file); | |
1633 | } | |
26a6373d | 1634 | |
6bb38cd6 | 1635 | g_lua.executeCode(ifs); |
741ebe08 | 1636 | } |
26a6373d | 1637 | |
6bb38cd6 | 1638 | g_included = false; |
26a6373d SO |
1639 | }); |
1640 | ||
6bb38cd6 RG |
1641 | g_lua.writeFunction("setAPIWritable", [](bool writable, boost::optional<std::string> apiConfigDir) { |
1642 | setLuaSideEffect(); | |
1643 | g_apiReadWrite = writable; | |
1644 | if (apiConfigDir) { | |
1645 | if (!(*apiConfigDir).empty()) { | |
1646 | g_apiConfigDirectory = *apiConfigDir; | |
1647 | } | |
1648 | else { | |
1649 | errlog("The API configuration directory value cannot be empty!"); | |
1650 | g_outputBuffer="The API configuration directory value cannot be empty!"; | |
1651 | } | |
741ebe08 | 1652 | } |
5b8255ba | 1653 | }); |
26a6373d | 1654 | |
6bb38cd6 RG |
1655 | g_lua.writeFunction("setServFailWhenNoServer", [](bool servfail) { |
1656 | setLuaSideEffect(); | |
1657 | g_servFailOnNoPolicy = servfail; | |
1658 | }); | |
26a6373d | 1659 | |
32b86928 RG |
1660 | g_lua.writeFunction("setRoundRobinFailOnNoServer", [](bool fail) { |
1661 | setLuaSideEffect(); | |
1662 | g_roundrobinFailOnNoServer = fail; | |
1663 | }); | |
1664 | ||
2b4287d4 RG |
1665 | g_lua.writeFunction("setConsistentHashingBalancingFactor", [](double factor) { |
1666 | setLuaSideEffect(); | |
088c18d0 | 1667 | if (factor >= 1.0) { |
80ee5144 RG |
1668 | g_consistentHashBalancingFactor = factor; |
1669 | } | |
1670 | else { | |
1671 | errlog("Invalid value passed to setConsistentHashingBalancingFactor()!"); | |
1672 | g_outputBuffer="Invalid value passed to setConsistentHashingBalancingFactor()!\n"; | |
1673 | return; | |
1674 | } | |
2b4287d4 RG |
1675 | }); |
1676 | ||
439de524 RG |
1677 | g_lua.writeFunction("setWeightedBalancingFactor", [](double factor) { |
1678 | setLuaSideEffect(); | |
088c18d0 | 1679 | if (factor >= 1.0) { |
439de524 RG |
1680 | g_weightedBalancingFactor = factor; |
1681 | } | |
1682 | else { | |
1683 | errlog("Invalid value passed to setWeightedBalancingFactor()!"); | |
1684 | g_outputBuffer="Invalid value passed to setWeightedBalancingFactor()!\n"; | |
1685 | return; | |
1686 | } | |
1687 | }); | |
1688 | ||
01f6920b | 1689 | g_lua.writeFunction("setRingBuffersSize", [](size_t capacity, boost::optional<size_t> numberOfShards) { |
6bb38cd6 RG |
1690 | setLuaSideEffect(); |
1691 | if (g_configurationDone) { | |
1692 | errlog("setRingBuffersSize() cannot be used at runtime!"); | |
1693 | g_outputBuffer="setRingBuffersSize() cannot be used at runtime!\n"; | |
1694 | return; | |
5b8255ba | 1695 | } |
01f6920b | 1696 | g_rings.setCapacity(capacity, numberOfShards ? *numberOfShards : 1); |
5b8255ba | 1697 | }); |
26a6373d | 1698 | |
6d31c8b6 RG |
1699 | g_lua.writeFunction("setRingBuffersLockRetries", [](size_t retries) { |
1700 | setLuaSideEffect(); | |
1701 | g_rings.setNumberOfLockRetries(retries); | |
5b8255ba | 1702 | }); |
26a6373d | 1703 | |
6bb38cd6 RG |
1704 | g_lua.writeFunction("setWHashedPertubation", [](uint32_t pertub) { |
1705 | setLuaSideEffect(); | |
1706 | g_hashperturb = pertub; | |
1707 | }); | |
26a6373d | 1708 | |
6bb38cd6 RG |
1709 | g_lua.writeFunction("setTCPUseSinglePipe", [](bool flag) { |
1710 | if (g_configurationDone) { | |
1711 | g_outputBuffer="setTCPUseSinglePipe() cannot be used at runtime!\n"; | |
1712 | return; | |
5b8255ba | 1713 | } |
6bb38cd6 RG |
1714 | setLuaSideEffect(); |
1715 | g_useTCPSinglePipe = flag; | |
5b8255ba | 1716 | }); |
26a6373d | 1717 | |
203b5348 RG |
1718 | g_lua.writeFunction("snmpAgent", [client,configCheck](bool enableTraps, boost::optional<std::string> masterSocket) { |
1719 | if(client || configCheck) | |
cd4bb56b | 1720 | return; |
9f4eb5cc | 1721 | #ifdef HAVE_NET_SNMP |
6bb38cd6 RG |
1722 | if (g_configurationDone) { |
1723 | errlog("snmpAgent() cannot be used at runtime!"); | |
1724 | g_outputBuffer="snmpAgent() cannot be used at runtime!\n"; | |
1725 | return; | |
1726 | } | |
1727 | ||
1728 | if (g_snmpEnabled) { | |
1729 | errlog("snmpAgent() cannot be used twice!"); | |
1730 | g_outputBuffer="snmpAgent() cannot be used twice!\n"; | |
1731 | return; | |
9f4eb5cc | 1732 | } |
6bb38cd6 RG |
1733 | |
1734 | g_snmpEnabled = true; | |
1735 | g_snmpTrapsEnabled = enableTraps; | |
1736 | g_snmpAgent = new DNSDistSNMPAgent("dnsdist", masterSocket ? *masterSocket : std::string()); | |
1737 | #else | |
1738 | errlog("NET SNMP support is required to use snmpAgent()"); | |
1739 | g_outputBuffer="NET SNMP support is required to use snmpAgent()\n"; | |
9f4eb5cc RG |
1740 | #endif /* HAVE_NET_SNMP */ |
1741 | }); | |
497a6e3a | 1742 | |
6bb38cd6 | 1743 | g_lua.writeFunction("sendCustomTrap", [](const std::string& str) { |
9f4eb5cc | 1744 | if (g_snmpAgent && g_snmpTrapsEnabled) { |
6bb38cd6 | 1745 | g_snmpAgent->sendCustomTrap(str); |
9f4eb5cc | 1746 | } |
9f4eb5cc | 1747 | }); |
6beb5731 | 1748 | |
be05aa91 RG |
1749 | g_lua.writeFunction("setServerPolicy", [](ServerPolicy policy) { |
1750 | setLuaSideEffect(); | |
1751 | g_policy.setState(policy); | |
1752 | }); | |
1753 | ||
1754 | g_lua.writeFunction("setServerPolicyLua", [](string name, ServerPolicy::policyfunc_t policy) { | |
1755 | setLuaSideEffect(); | |
1756 | g_policy.setState(ServerPolicy{name, policy, true}); | |
1757 | }); | |
1758 | ||
1759 | g_lua.writeFunction("setServerPolicyLuaFFI", [](string name, ServerPolicy::ffipolicyfunc_t policy) { | |
1760 | setLuaSideEffect(); | |
1761 | auto pol = ServerPolicy(name, policy); | |
1762 | g_policy.setState(std::move(pol)); | |
1763 | }); | |
1764 | ||
1765 | g_lua.writeFunction("showServerPolicy", []() { | |
1766 | setLuaSideEffect(); | |
1767 | g_outputBuffer=g_policy.getLocal()->name+"\n"; | |
1768 | }); | |
1769 | ||
6bb38cd6 RG |
1770 | g_lua.writeFunction("setPoolServerPolicy", [](ServerPolicy policy, string pool) { |
1771 | setLuaSideEffect(); | |
1772 | auto localPools = g_pools.getCopy(); | |
1773 | setPoolPolicy(localPools, pool, std::make_shared<ServerPolicy>(policy)); | |
1774 | g_pools.setState(localPools); | |
6c1ca990 | 1775 | }); |
e41f8165 | 1776 | |
be05aa91 | 1777 | g_lua.writeFunction("setPoolServerPolicyLua", [](string name, ServerPolicy::policyfunc_t policy, string pool) { |
6bb38cd6 RG |
1778 | setLuaSideEffect(); |
1779 | auto localPools = g_pools.getCopy(); | |
a1b1a29d | 1780 | setPoolPolicy(localPools, pool, std::make_shared<ServerPolicy>(ServerPolicy{name, policy, true})); |
6bb38cd6 | 1781 | g_pools.setState(localPools); |
9396d955 RG |
1782 | }); |
1783 | ||
6bb38cd6 RG |
1784 | g_lua.writeFunction("showPoolServerPolicy", [](string pool) { |
1785 | setLuaSideEffect(); | |
1786 | auto localPools = g_pools.getCopy(); | |
1787 | auto poolObj = getPool(localPools, pool); | |
1788 | if (poolObj->policy == nullptr) { | |
1789 | g_outputBuffer=g_policy.getLocal()->name+"\n"; | |
9396d955 | 1790 | } else { |
6bb38cd6 | 1791 | g_outputBuffer=poolObj->policy->name+"\n"; |
9396d955 RG |
1792 | } |
1793 | }); | |
1794 | ||
6bb38cd6 RG |
1795 | g_lua.writeFunction("setTCPDownstreamCleanupInterval", [](uint16_t interval) { |
1796 | setLuaSideEffect(); | |
1797 | g_downstreamTCPCleanupInterval = interval; | |
9396d955 RG |
1798 | }); |
1799 | ||
6bb38cd6 RG |
1800 | g_lua.writeFunction("setConsoleConnectionsLogging", [](bool enabled) { |
1801 | g_logConsoleConnections = enabled; | |
e65ae260 RG |
1802 | }); |
1803 | ||
03c05963 CHB |
1804 | g_lua.writeFunction("setConsoleOutputMaxMsgSize", [](uint32_t size) { |
1805 | g_consoleOutputMsgMaxSize = size; | |
1806 | }); | |
1807 | ||
6bb38cd6 RG |
1808 | g_lua.writeFunction("setUDPMultipleMessagesVectorSize", [](size_t vSize) { |
1809 | if (g_configurationDone) { | |
1810 | errlog("setUDPMultipleMessagesVectorSize() cannot be used at runtime!"); | |
1811 | g_outputBuffer="setUDPMultipleMessagesVectorSize() cannot be used at runtime!\n"; | |
1812 | return; | |
2a817e5a | 1813 | } |
6bb38cd6 RG |
1814 | #if defined(HAVE_RECVMMSG) && defined(HAVE_SENDMMSG) && defined(MSG_WAITFORONE) |
1815 | setLuaSideEffect(); | |
1816 | g_udpVectorSize = vSize; | |
1817 | #else | |
1818 | errlog("recvmmsg() support is not available!"); | |
1819 | g_outputBuffer="recvmmsg support is not available!\n"; | |
1820 | #endif | |
1821 | }); | |
a227f47d | 1822 | |
e7c732b8 RG |
1823 | g_lua.writeFunction("setAddEDNSToSelfGeneratedResponses", [](bool add) { |
1824 | g_addEDNSToSelfGeneratedResponses = add; | |
1825 | }); | |
1826 | ||
1827 | g_lua.writeFunction("setPayloadSizeOnSelfGeneratedAnswers", [](uint16_t payloadSize) { | |
1828 | if (payloadSize < 512) { | |
1829 | warnlog("setPayloadSizeOnSelfGeneratedAnswers() is set too low, using 512 instead!"); | |
1830 | g_outputBuffer="setPayloadSizeOnSelfGeneratedAnswers() is set too low, using 512 instead!"; | |
1831 | payloadSize = 512; | |
1832 | } | |
1833 | if (payloadSize > s_udpIncomingBufferSize) { | |
1834 | warnlog("setPayloadSizeOnSelfGeneratedAnswers() is set too high, capping to %d instead!", s_udpIncomingBufferSize); | |
1835 | g_outputBuffer="setPayloadSizeOnSelfGeneratedAnswers() is set too high, capping to " + std::to_string(s_udpIncomingBufferSize) + " instead"; | |
1836 | payloadSize = s_udpIncomingBufferSize; | |
1837 | } | |
1838 | g_PayloadSizeSelfGenAnswers = payloadSize; | |
1839 | }); | |
1840 | ||
5d4e1ef8 RG |
1841 | g_lua.writeFunction("setSecurityPollSuffix", [](const std::string& suffix) { |
1842 | if (g_configurationDone) { | |
1843 | g_outputBuffer="setSecurityPollSuffix() cannot be used at runtime!\n"; | |
1844 | return; | |
1845 | } | |
1846 | ||
1847 | g_secPollSuffix = suffix; | |
1848 | }); | |
1849 | ||
1850 | g_lua.writeFunction("setSecurityPollInterval", [](time_t newInterval) { | |
1851 | if (newInterval <= 0) { | |
1852 | warnlog("setSecurityPollInterval() should be > 0, skipping"); | |
1853 | g_outputBuffer="setSecurityPollInterval() should be > 0, skipping"; | |
1854 | } | |
1855 | ||
1856 | g_secPollInterval = newInterval; | |
1857 | }); | |
1858 | ||
0ca6a67f RG |
1859 | g_lua.writeFunction("setSyslogFacility", [](int facility) { |
1860 | setLuaSideEffect(); | |
1861 | if (g_configurationDone) { | |
1862 | g_outputBuffer="setSyslogFacility cannot be used at runtime!\n"; | |
1863 | return; | |
1864 | } | |
1865 | setSyslogFacility(facility); | |
1866 | }); | |
1867 | ||
44947230 | 1868 | g_lua.writeFunction("addDOHLocal", [client](const std::string& addr, boost::optional<boost::variant<std::string, std::vector<std::pair<int,std::string>>>> certFiles, boost::optional<boost::variant<std::string, std::vector<std::pair<int,std::string>>>> keyFiles, boost::optional<boost::variant<std::string, vector<pair<int, std::string> > > > urls, boost::optional<localbind_t> vars) { |
fbf14b03 RG |
1869 | if (client) { |
1870 | return; | |
1871 | } | |
b35ad620 | 1872 | #ifdef HAVE_DNS_OVER_HTTPS |
fbf14b03 RG |
1873 | setLuaSideEffect(); |
1874 | if (g_configurationDone) { | |
1875 | g_outputBuffer="addDOHLocal cannot be used at runtime!\n"; | |
1876 | return; | |
1877 | } | |
1878 | auto frontend = std::make_shared<DOHFrontend>(); | |
bf8cd40d | 1879 | |
44947230 | 1880 | if (certFiles && !certFiles->empty() && keyFiles && !keyFiles->empty()) { |
b54e94dc | 1881 | if (!loadTLSCertificateAndKeys("addDOHLocal", frontend->d_tlsConfig.d_certKeyPairs, *certFiles, *keyFiles)) { |
44947230 RG |
1882 | return; |
1883 | } | |
1884 | ||
1885 | frontend->d_local = ComboAddress(addr, 443); | |
1886 | } | |
1887 | else { | |
1888 | frontend->d_local = ComboAddress(addr, 80); | |
1889 | infolog("No certificate provided for DoH endpoint %s, running in DNS over HTTP mode instead of DNS over HTTPS", frontend->d_local.toStringWithPort()); | |
bf8cd40d RG |
1890 | } |
1891 | ||
0718e562 RG |
1892 | if (urls) { |
1893 | if (urls->type() == typeid(std::string)) { | |
1894 | frontend->d_urls.push_back(boost::get<std::string>(*urls)); | |
1895 | } | |
1896 | else if (urls->type() == typeid(std::vector<std::pair<int,std::string>>)) { | |
1897 | auto urlsVect = boost::get<std::vector<std::pair<int,std::string>>>(*urls); | |
1898 | for(const auto& p : urlsVect) { | |
1899 | frontend->d_urls.push_back(p.second); | |
1900 | } | |
fbf14b03 RG |
1901 | } |
1902 | } | |
1903 | else { | |
a6f94324 | 1904 | frontend->d_urls = {"/dns-query"}; |
fbf14b03 RG |
1905 | } |
1906 | ||
2b0cb8f8 RG |
1907 | bool reusePort = false; |
1908 | int tcpFastOpenQueueSize = 0; | |
c58723d7 | 1909 | int tcpListenQueueSize = 0; |
2b0cb8f8 RG |
1910 | std::string interface; |
1911 | std::set<int> cpus; | |
2b0cb8f8 | 1912 | |
c58723d7 RG |
1913 | if (vars) { |
1914 | parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize); | |
2b0cb8f8 | 1915 | |
fbf14b03 RG |
1916 | if (vars->count("idleTimeout")) { |
1917 | frontend->d_idleTimeout = boost::get<int>((*vars)["idleTimeout"]); | |
1918 | } | |
b54e94dc | 1919 | |
3d0371b3 RG |
1920 | if (vars->count("serverTokens")) { |
1921 | frontend->d_serverTokens = boost::get<const string>((*vars)["serverTokens"]); | |
1922 | } | |
b54e94dc | 1923 | |
ee01507f CR |
1924 | if (vars->count("customResponseHeaders")) { |
1925 | for (auto const& headerMap : boost::get<std::map<std::string,std::string>>((*vars)["customResponseHeaders"])) { | |
cf3e149b | 1926 | std::pair<std::string,std::string> headerResponse = std::make_pair(boost::to_lower_copy(headerMap.first), headerMap.second); |
ee01507f CR |
1927 | frontend->d_customResponseHeaders.push_back(headerResponse); |
1928 | } | |
1929 | } | |
0ef9ab19 | 1930 | |
0026abf9 RG |
1931 | if (vars->count("sendCacheControlHeaders")) { |
1932 | frontend->d_sendCacheControlHeaders = boost::get<bool>((*vars)["sendCacheControlHeaders"]); | |
1933 | } | |
1934 | ||
8b5f4644 RG |
1935 | if (vars->count("trustForwardedForHeader")) { |
1936 | frontend->d_trustForwardedForHeader = boost::get<bool>((*vars)["trustForwardedForHeader"]); | |
1937 | } | |
1938 | ||
b54e94dc | 1939 | parseTLSConfig(frontend->d_tlsConfig, "addDOHLocal", vars); |
fbf14b03 RG |
1940 | } |
1941 | g_dohlocals.push_back(frontend); | |
2b0cb8f8 | 1942 | auto cs = std::unique_ptr<ClientState>(new ClientState(frontend->d_local, true, reusePort, tcpFastOpenQueueSize, interface, cpus)); |
fbf14b03 | 1943 | cs->dohFrontend = frontend; |
c58723d7 RG |
1944 | if (tcpListenQueueSize > 0) { |
1945 | cs->tcpListenQueueSize = tcpListenQueueSize; | |
1946 | } | |
1947 | ||
fbf14b03 RG |
1948 | g_frontends.push_back(std::move(cs)); |
1949 | #else | |
56d44226 | 1950 | throw std::runtime_error("addDOHLocal() called but DNS over HTTPS support is not present!"); |
fbf14b03 RG |
1951 | #endif |
1952 | }); | |
1953 | ||
1b51c0f3 RG |
1954 | g_lua.writeFunction("showDOHFrontends", []() { |
1955 | #ifdef HAVE_DNS_OVER_HTTPS | |
1956 | setLuaNoSideEffect(); | |
1957 | try { | |
1958 | ostringstream ret; | |
b608e6c6 RG |
1959 | boost::format fmt("%-3d %-20.20s %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d"); |
1960 | ret << (fmt % "#" % "Address" % "HTTP" % "HTTP/1" % "HTTP/2" % "GET" % "POST" % "Bad" % "Errors" % "Redirects" % "Valid" % "# ticket keys" % "Rotation delay" % "Next rotation") << endl; | |
1b51c0f3 RG |
1961 | size_t counter = 0; |
1962 | for (const auto& ctx : g_dohlocals) { | |
39c323e5 | 1963 | ret << (fmt % counter % ctx->d_local.toStringWithPort() % ctx->d_httpconnects % ctx->d_http1Stats.d_nbQueries % ctx->d_http2Stats.d_nbQueries % ctx->d_getqueries % ctx->d_postqueries % ctx->d_badrequests % ctx->d_errorresponses % ctx->d_redirectresponses % ctx->d_validresponses % ctx->getTicketsKeysCount() % ctx->getTicketsKeyRotationDelay() % ctx->getNextTicketsKeyRotation()) << endl; |
1b51c0f3 RG |
1964 | counter++; |
1965 | } | |
1966 | g_outputBuffer = ret.str(); | |
1967 | } | |
1968 | catch(const std::exception& e) { | |
1969 | g_outputBuffer = e.what(); | |
1970 | throw; | |
1971 | } | |
1972 | #else | |
1973 | g_outputBuffer="DNS over HTTPS support is not present!\n"; | |
1974 | #endif | |
1975 | }); | |
1976 | ||
5bbcbea0 RG |
1977 | g_lua.writeFunction("showDOHResponseCodes", []() { |
1978 | #ifdef HAVE_DNS_OVER_HTTPS | |
1979 | setLuaNoSideEffect(); | |
1980 | try { | |
1981 | ostringstream ret; | |
1982 | boost::format fmt("%-3d %-20.20s %-15d %-15d %-15d %-15d %-15d %-15d"); | |
1983 | g_outputBuffer = "\n- HTTP/1:\n\n"; | |
1984 | ret << (fmt % "#" % "Address" % "200" % "400" % "403" % "500" % "502" % "Others" ) << endl; | |
1985 | size_t counter = 0; | |
1986 | for (const auto& ctx : g_dohlocals) { | |
1987 | ret << (fmt % counter % ctx->d_local.toStringWithPort() % ctx->d_http1Stats.d_nb200Responses % ctx->d_http1Stats.d_nb400Responses % ctx->d_http1Stats.d_nb403Responses % ctx->d_http1Stats.d_nb500Responses % ctx->d_http1Stats.d_nb502Responses % ctx->d_http1Stats.d_nbOtherResponses) << endl; | |
1988 | counter++; | |
1989 | } | |
1990 | g_outputBuffer += ret.str(); | |
1991 | ret.str(""); | |
1992 | ||
1993 | g_outputBuffer += "\n- HTTP/2:\n\n"; | |
1994 | ret << (fmt % "#" % "Address" % "200" % "400" % "403" % "500" % "502" % "Others" ) << endl; | |
1995 | counter = 0; | |
1996 | for (const auto& ctx : g_dohlocals) { | |
1997 | ret << (fmt % counter % ctx->d_local.toStringWithPort() % ctx->d_http2Stats.d_nb200Responses % ctx->d_http2Stats.d_nb400Responses % ctx->d_http2Stats.d_nb403Responses % ctx->d_http2Stats.d_nb500Responses % ctx->d_http2Stats.d_nb502Responses % ctx->d_http2Stats.d_nbOtherResponses) << endl; | |
1998 | counter++; | |
1999 | } | |
2000 | g_outputBuffer += ret.str(); | |
2001 | } | |
2002 | catch(const std::exception& e) { | |
2003 | g_outputBuffer = e.what(); | |
2004 | throw; | |
2005 | } | |
2006 | #else | |
2007 | g_outputBuffer="DNS over HTTPS support is not present!\n"; | |
2008 | #endif | |
2009 | }); | |
2010 | ||
28b56482 | 2011 | g_lua.writeFunction("getDOHFrontend", [client](size_t index) { |
1b51c0f3 | 2012 | std::shared_ptr<DOHFrontend> result = nullptr; |
28b56482 RG |
2013 | if (client) { |
2014 | return result; | |
2015 | } | |
1b51c0f3 RG |
2016 | #ifdef HAVE_DNS_OVER_HTTPS |
2017 | setLuaNoSideEffect(); | |
2018 | try { | |
2019 | if (index < g_dohlocals.size()) { | |
2020 | result = g_dohlocals.at(index); | |
2021 | } | |
2022 | else { | |
0718e562 RG |
2023 | errlog("Error: trying to get DOH frontend with index %zu but we only have %zu frontend(s)\n", index, g_dohlocals.size()); |
2024 | g_outputBuffer="Error: trying to get DOH frontend with index " + std::to_string(index) + " but we only have " + std::to_string(g_dohlocals.size()) + " frontend(s)\n"; | |
1b51c0f3 RG |
2025 | } |
2026 | } | |
2027 | catch(const std::exception& e) { | |
0718e562 | 2028 | g_outputBuffer="Error while trying to get DOH frontend with index " + std::to_string(index) + ": "+string(e.what())+"\n"; |
56d44226 | 2029 | errlog("Error while trying to get DOH frontend with index %zu: %s\n", index, string(e.what())); |
1b51c0f3 RG |
2030 | } |
2031 | #else | |
2032 | g_outputBuffer="DNS over HTTPS support is not present!\n"; | |
2033 | #endif | |
2034 | return result; | |
2035 | }); | |
2036 | ||
265260f5 RG |
2037 | g_lua.writeFunction("getDOHFrontendCount", []() { |
2038 | setLuaNoSideEffect(); | |
2039 | return g_dohlocals.size(); | |
2040 | }); | |
2041 | ||
6c7cec08 | 2042 | g_lua.registerFunction<void(std::shared_ptr<DOHFrontend>::*)()>("reloadCertificates", [](std::shared_ptr<DOHFrontend> frontend) { |
1b51c0f3 | 2043 | if (frontend != nullptr) { |
6c7cec08 | 2044 | frontend->reloadCertificates(); |
1b51c0f3 RG |
2045 | } |
2046 | }); | |
2047 | ||
0ef9ab19 RG |
2048 | g_lua.registerFunction<void(std::shared_ptr<DOHFrontend>::*)()>("rotateTicketsKey", [](std::shared_ptr<DOHFrontend> frontend) { |
2049 | if (frontend != nullptr) { | |
2050 | frontend->rotateTicketsKey(time(nullptr)); | |
2051 | } | |
2052 | }); | |
2053 | ||
2054 | g_lua.registerFunction<void(std::shared_ptr<DOHFrontend>::*)(const std::string&)>("loadTicketsKeys", [](std::shared_ptr<DOHFrontend> frontend, const std::string& file) { | |
2055 | if (frontend != nullptr) { | |
2056 | frontend->loadTicketsKeys(file); | |
2057 | } | |
2058 | }); | |
2059 | ||
28b56482 RG |
2060 | g_lua.registerFunction<void(std::shared_ptr<DOHFrontend>::*)(const std::map<int, std::shared_ptr<DOHResponseMapEntry>>&)>("setResponsesMap", [](std::shared_ptr<DOHFrontend> frontend, const std::map<int, std::shared_ptr<DOHResponseMapEntry>>& map) { |
2061 | if (frontend != nullptr) { | |
2062 | std::vector<std::shared_ptr<DOHResponseMapEntry>> newMap; | |
2063 | newMap.reserve(map.size()); | |
2064 | ||
2065 | for (const auto& entry : map) { | |
2066 | newMap.push_back(entry.second); | |
2067 | } | |
2068 | ||
2069 | frontend->d_responsesMap = std::move(newMap); | |
2070 | } | |
2071 | }); | |
2072 | ||
fa974ada | 2073 | g_lua.writeFunction("addTLSLocal", [client](const std::string& addr, boost::variant<std::string, std::vector<std::pair<int,std::string>>> certFiles, boost::variant<std::string, std::vector<std::pair<int,std::string>>> keyFiles, boost::optional<localbind_t> vars) { |
b35ad620 | 2074 | if (client) { |
a227f47d | 2075 | return; |
b35ad620 RG |
2076 | } |
2077 | #ifdef HAVE_DNS_OVER_TLS | |
a227f47d RG |
2078 | setLuaSideEffect(); |
2079 | if (g_configurationDone) { | |
2080 | g_outputBuffer="addTLSLocal cannot be used at runtime!\n"; | |
2081 | return; | |
2082 | } | |
2083 | shared_ptr<TLSFrontend> frontend = std::make_shared<TLSFrontend>(); | |
fa974ada | 2084 | |
b54e94dc | 2085 | if (!loadTLSCertificateAndKeys("addTLSLocal", frontend->d_tlsConfig.d_certKeyPairs, certFiles, keyFiles)) { |
fa974ada RG |
2086 | return; |
2087 | } | |
a227f47d | 2088 | |
6e9fd124 RG |
2089 | bool reusePort = false; |
2090 | int tcpFastOpenQueueSize = 0; | |
c58723d7 | 2091 | int tcpListenQueueSize = 0; |
6e9fd124 RG |
2092 | std::string interface; |
2093 | std::set<int> cpus; | |
6e9fd124 | 2094 | |
a227f47d | 2095 | if (vars) { |
c58723d7 | 2096 | parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize); |
a227f47d RG |
2097 | |
2098 | if (vars->count("provider")) { | |
2099 | frontend->d_provider = boost::get<const string>((*vars)["provider"]); | |
b5af510a | 2100 | boost::algorithm::to_lower(frontend->d_provider); |
a227f47d RG |
2101 | } |
2102 | ||
b54e94dc | 2103 | parseTLSConfig(frontend->d_tlsConfig, "addTLSLocal", vars); |
a227f47d RG |
2104 | } |
2105 | ||
2106 | try { | |
2107 | frontend->d_addr = ComboAddress(addr, 853); | |
d94702d6 RG |
2108 | if (!frontend->d_provider.empty()) { |
2109 | vinfolog("Loading TLS provider '%s'", frontend->d_provider); | |
2110 | } | |
2111 | else { | |
b5af510a | 2112 | #ifdef HAVE_LIBSSL |
d94702d6 | 2113 | vinfolog("Loading default TLS provider 'openssl'"); |
b5af510a RG |
2114 | #else |
2115 | vinfolog("Loading default TLS provider 'gnutls'"); | |
2116 | #endif | |
d94702d6 | 2117 | } |
6e9fd124 RG |
2118 | // only works pre-startup, so no sync necessary |
2119 | auto cs = std::unique_ptr<ClientState>(new ClientState(frontend->d_addr, true, reusePort, tcpFastOpenQueueSize, interface, cpus)); | |
2120 | cs->tlsFrontend = frontend; | |
c58723d7 RG |
2121 | if (tcpListenQueueSize > 0) { |
2122 | cs->tcpListenQueueSize = tcpListenQueueSize; | |
2123 | } | |
6e9fd124 RG |
2124 | g_tlslocals.push_back(cs->tlsFrontend); |
2125 | g_frontends.push_back(std::move(cs)); | |
a227f47d RG |
2126 | } |
2127 | catch(const std::exception& e) { | |
2128 | g_outputBuffer="Error: "+string(e.what())+"\n"; | |
2129 | } | |
2130 | #else | |
56d44226 | 2131 | throw std::runtime_error("addTLSLocal() called but DNS over TLS support is not present!"); |
a227f47d RG |
2132 | #endif |
2133 | }); | |
2134 | ||
7f2f825d | 2135 | g_lua.writeFunction("showTLSContexts", []() { |
a227f47d RG |
2136 | #ifdef HAVE_DNS_OVER_TLS |
2137 | setLuaNoSideEffect(); | |
2138 | try { | |
2139 | ostringstream ret; | |
2140 | boost::format fmt("%1$-3d %2$-20.20s %|25t|%3$-14d %|40t|%4$-14d %|54t|%5$-21.21s"); | |
2141 | // 1 2 3 4 5 | |
2142 | ret << (fmt % "#" % "Address" % "# ticket keys" % "Rotation delay" % "Next rotation" ) << endl; | |
2143 | size_t counter = 0; | |
2144 | for (const auto& ctx : g_tlslocals) { | |
2145 | ret << (fmt % counter % ctx->d_addr.toStringWithPort() % ctx->getTicketsKeysCount() % ctx->getTicketsKeyRotationDelay() % ctx->getNextTicketsKeyRotation()) << endl; | |
2146 | counter++; | |
2147 | } | |
2148 | g_outputBuffer = ret.str(); | |
2149 | } | |
2150 | catch(const std::exception& e) { | |
2151 | g_outputBuffer = e.what(); | |
2152 | throw; | |
2153 | } | |
2154 | #else | |
2155 | g_outputBuffer="DNS over TLS support is not present!\n"; | |
2156 | #endif | |
2157 | }); | |
2158 | ||
7f2f825d | 2159 | g_lua.writeFunction("getTLSContext", [](size_t index) { |
a227f47d RG |
2160 | std::shared_ptr<TLSCtx> result = nullptr; |
2161 | #ifdef HAVE_DNS_OVER_TLS | |
2162 | setLuaNoSideEffect(); | |
2163 | try { | |
2164 | if (index < g_tlslocals.size()) { | |
2165 | result = g_tlslocals.at(index)->getContext(); | |
2166 | } | |
2167 | else { | |
0718e562 RG |
2168 | errlog("Error: trying to get TLS context with index %zu but we only have %zu context(s)\n", index, g_tlslocals.size()); |
2169 | g_outputBuffer="Error: trying to get TLS context with index " + std::to_string(index) + " but we only have " + std::to_string(g_tlslocals.size()) + " context(s)\n"; | |
a227f47d RG |
2170 | } |
2171 | } | |
2172 | catch(const std::exception& e) { | |
0718e562 RG |
2173 | g_outputBuffer="Error while trying to get TLS context with index " + std::to_string(index) + ": "+string(e.what())+"\n"; |
2174 | errlog("Error while trying to get TLS context with index %zu: %s\n", index, string(e.what())); | |
a227f47d RG |
2175 | } |
2176 | #else | |
2177 | g_outputBuffer="DNS over TLS support is not present!\n"; | |
2178 | #endif | |
2179 | return result; | |
2180 | }); | |
2181 | ||
8ef43a02 RG |
2182 | g_lua.writeFunction("getTLSFrontend", [](size_t index) { |
2183 | std::shared_ptr<TLSFrontend> result = nullptr; | |
2184 | #ifdef HAVE_DNS_OVER_TLS | |
2185 | setLuaNoSideEffect(); | |
2186 | try { | |
2187 | if (index < g_tlslocals.size()) { | |
2188 | result = g_tlslocals.at(index); | |
2189 | } | |
2190 | else { | |
0718e562 RG |
2191 | errlog("Error: trying to get TLS frontend with index %zu but we only have %zu frontends\n", index, g_tlslocals.size()); |
2192 | g_outputBuffer="Error: trying to get TLS frontend with index " + std::to_string(index) + " but we only have " + std::to_string(g_tlslocals.size()) + " frontend(s)\n"; | |
8ef43a02 RG |
2193 | } |
2194 | } | |
2195 | catch(const std::exception& e) { | |
0718e562 RG |
2196 | g_outputBuffer="Error while trying to get TLS frontend with index " + std::to_string(index) + ": "+string(e.what())+"\n"; |
2197 | errlog("Error while trying to get TLS frontend with index %zu: %s\n", index, string(e.what())); | |
8ef43a02 RG |
2198 | } |
2199 | #else | |
2200 | g_outputBuffer="DNS over TLS support is not present!\n"; | |
2201 | #endif | |
2202 | return result; | |
2203 | }); | |
2204 | ||
265260f5 RG |
2205 | g_lua.writeFunction("getTLSFrontendCount", []() { |
2206 | setLuaNoSideEffect(); | |
2207 | return g_tlslocals.size(); | |
2208 | }); | |
2209 | ||
a227f47d RG |
2210 | g_lua.registerFunction<void(std::shared_ptr<TLSCtx>::*)()>("rotateTicketsKey", [](std::shared_ptr<TLSCtx> ctx) { |
2211 | if (ctx != nullptr) { | |
2212 | ctx->rotateTicketsKey(time(nullptr)); | |
2213 | } | |
2214 | }); | |
2215 | ||
2216 | g_lua.registerFunction<void(std::shared_ptr<TLSCtx>::*)(const std::string&)>("loadTicketsKeys", [](std::shared_ptr<TLSCtx> ctx, const std::string& file) { | |
2217 | if (ctx != nullptr) { | |
2218 | ctx->loadTicketsKeys(file); | |
2219 | } | |
2220 | }); | |
8ef43a02 RG |
2221 | |
2222 | g_lua.registerFunction<void(std::shared_ptr<TLSFrontend>::*)(boost::variant<std::string, std::vector<std::pair<int,std::string>>> certFiles, boost::variant<std::string, std::vector<std::pair<int,std::string>>> keyFiles)>("loadNewCertificatesAndKeys", [](std::shared_ptr<TLSFrontend>& frontend, boost::variant<std::string, std::vector<std::pair<int,std::string>>> certFiles, boost::variant<std::string, std::vector<std::pair<int,std::string>>> keyFiles) { | |
9ce6a273 | 2223 | #ifdef HAVE_DNS_OVER_TLS |
b54e94dc | 2224 | if (loadTLSCertificateAndKeys("loadNewCertificatesAndKeys", frontend->d_tlsConfig.d_certKeyPairs, certFiles, keyFiles)) { |
8ef43a02 RG |
2225 | frontend->setupTLS(); |
2226 | } | |
9ce6a273 | 2227 | #endif |
8ef43a02 | 2228 | }); |
0dffe9e3 | 2229 | |
bcc62bfb RG |
2230 | g_lua.writeFunction("reloadAllCertificates", []() { |
2231 | for (auto& frontend : g_frontends) { | |
2232 | if (!frontend) { | |
2233 | continue; | |
2234 | } | |
2235 | try { | |
2236 | #ifdef HAVE_DNSCRYPT | |
2237 | if (frontend->dnscryptCtx) { | |
37b6d73d | 2238 | frontend->dnscryptCtx->reloadCertificates(); |
bcc62bfb RG |
2239 | } |
2240 | #endif /* HAVE_DNSCRYPT */ | |
2241 | #ifdef HAVE_DNS_OVER_TLS | |
2242 | if (frontend->tlsFrontend) { | |
2243 | frontend->tlsFrontend->setupTLS(); | |
2244 | } | |
2245 | #endif /* HAVE_DNS_OVER_TLS */ | |
6e3a9fe4 RG |
2246 | #ifdef HAVE_DNS_OVER_HTTPS |
2247 | if (frontend->dohFrontend) { | |
6c7cec08 | 2248 | frontend->dohFrontend->reloadCertificates(); |
6e3a9fe4 RG |
2249 | } |
2250 | #endif /* HAVE_DNS_OVER_HTTPS */ | |
bcc62bfb RG |
2251 | } |
2252 | catch(const std::exception& e) { | |
2253 | errlog("Error reloading certificates for frontend %s: %s", frontend->local.toStringWithPort(), e.what()); | |
2254 | } | |
2255 | } | |
2256 | }); | |
2257 | ||
2258 | g_lua.writeFunction("setAllowEmptyResponse", [](bool allow) { g_allowEmptyResponse=allow; }); | |
8c15553e RG |
2259 | |
2260 | #if defined(HAVE_LIBSSL) && defined(HAVE_OCSP_BASIC_SIGN) | |
203b5348 RG |
2261 | g_lua.writeFunction("generateOCSPResponse", [client](const std::string& certFile, const std::string& caCert, const std::string& caKey, const std::string& outFile, int ndays, int nmin) { |
2262 | if (client) { | |
2263 | return; | |
2264 | } | |
2265 | ||
2266 | libssl_generate_ocsp_response(certFile, caCert, caKey, outFile, ndays, nmin); | |
8c15553e RG |
2267 | }); |
2268 | #endif /* HAVE_LIBSSL && HAVE_OCSP_BASIC_SIGN*/ | |
6bb38cd6 | 2269 | } |
2a817e5a | 2270 | |
203b5348 | 2271 | vector<std::function<void(void)>> setupLua(bool client, bool configCheck, const std::string& config) |
6bb38cd6 RG |
2272 | { |
2273 | g_launchWork= new vector<std::function<void(void)>>(); | |
2a817e5a | 2274 | |
6bb38cd6 | 2275 | setupLuaActions(); |
203b5348 | 2276 | setupLuaConfig(client, configCheck); |
6bb38cd6 | 2277 | setupLuaBindings(client); |
4d4d5623 | 2278 | setupLuaBindingsDNSCrypt(); |
6bb38cd6 | 2279 | setupLuaBindingsDNSQuestion(); |
4d4d5623 RG |
2280 | setupLuaBindingsKVS(client); |
2281 | setupLuaBindingsPacketCache(); | |
203b5348 | 2282 | setupLuaBindingsProtoBuf(client, configCheck); |
6bb38cd6 RG |
2283 | setupLuaInspection(); |
2284 | setupLuaRules(); | |
2285 | setupLuaVars(); | |
80a216c9 | 2286 | |
0ed8f0fa RG |
2287 | #ifdef LUAJIT_VERSION |
2288 | g_lua.executeCode(getLuaFFIWrappers()); | |
2289 | #endif | |
2290 | ||
839f3021 | 2291 | std::ifstream ifs(config); |
6bb38cd6 | 2292 | if(!ifs) |
839f3021 | 2293 | warnlog("Unable to read configuration from '%s'", config); |
2e72cc0e | 2294 | else |
cdc04ede | 2295 | vinfolog("Read configuration from '%s'", config); |
df111b53 | 2296 | |
2297 | g_lua.executeCode(ifs); | |
d8c19b98 | 2298 | |
6bb38cd6 | 2299 | auto ret = *g_launchWork; |
2e72cc0e | 2300 | delete g_launchWork; |
6bb38cd6 | 2301 | g_launchWork = nullptr; |
2e72cc0e | 2302 | return ret; |
df111b53 | 2303 | } |