dnsdist: Fix a confusion about contexts/frontends in `getDNSCryptBind`

We internally keep two different frontends (UDP and TCP) for DNSCrypt
configuration binds, but the frontends should not be exposed to the user.
`getDNSCryptBind` should return distinct DNSCrypt contexts, one per
DNSCrypt configuration bind. This was broken during the refactoring
of how frontends are internally kept.

diff --git a/pdns/dnsdistdist/dnsdist-frontend.cc b/pdns/dnsdistdist/dnsdist-frontend.cc
index 8e75ee396f7f93f88e52759b0d96c012bd6b629f..faf8226322b6d3c7612ef6b9a7e55c0afc25b78b 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-frontend.cc
+++ b/pdns/dnsdistdist/dnsdist-frontend.cc
@@ -32,11 +32,11 @@ const std::vector<std::shared_ptr<ClientState>>& getFrontends()
   return dnsdist::configuration::getImmutableConfiguration().d_frontends;
 }
 
-std::vector<std::shared_ptr<DNSCryptContext>> getDNSCryptFrontends()
+std::vector<std::shared_ptr<DNSCryptContext>> getDNSCryptFrontends(bool udpOnly)
 {
   std::vector<std::shared_ptr<DNSCryptContext>> results;
   for (const auto& frontend : getFrontends()) {
-    if (frontend->getProtocol() == dnsdist::Protocol::DNSCryptUDP || frontend->getProtocol() == dnsdist::Protocol::DNSCryptTCP) {
+    if (frontend->getProtocol() == dnsdist::Protocol::DNSCryptUDP || (!udpOnly && frontend->getProtocol() == dnsdist::Protocol::DNSCryptTCP)) {
       results.push_back(frontend->dnscryptCtx);
     }
   }

diff --git a/pdns/dnsdistdist/dnsdist-frontend.hh b/pdns/dnsdistdist/dnsdist-frontend.hh
index fe7f1c2a92f81c0c46416b972d8ae4ef6056d9be..4724c104aa7893f0e6aa7f4fd23c53df328dd28a 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-frontend.hh
+++ b/pdns/dnsdistdist/dnsdist-frontend.hh
@@ -34,7 +34,7 @@ struct DOH3Frontend;
 namespace dnsdist
 {
 const std::vector<std::shared_ptr<ClientState>>& getFrontends();
-std::vector<std::shared_ptr<DNSCryptContext>> getDNSCryptFrontends();
+std::vector<std::shared_ptr<DNSCryptContext>> getDNSCryptFrontends(bool udpOnly);
 std::vector<std::shared_ptr<TLSFrontend>> getDoTFrontends();
 std::vector<std::shared_ptr<DOHFrontend>> getDoHFrontends();
 std::vector<std::shared_ptr<DOQFrontend>> getDoQFrontends();

diff --git a/pdns/dnsdistdist/dnsdist-lua.cc b/pdns/dnsdistdist/dnsdist-lua.cc
index f52ae0cfe28ba400eca88962cd4538d40cecd1e0..9d2d77c4f07952a74b8d6573bfbfbd0252a02b6a 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-lua.cc
+++ b/pdns/dnsdistdist/dnsdist-lua.cc
@@ -1594,7 +1594,11 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
   luaCtx.writeFunction("getDNSCryptBind", [](uint64_t idx) {
     setLuaNoSideEffect();
     std::shared_ptr<DNSCryptContext> ret = nullptr;
-    auto frontends = dnsdist::getDNSCryptFrontends();
+    /* we are only interested in distinct DNSCrypt binds,
+       and we have two frontends (UDP and TCP) per bind
+       sharing the same context so we need to retrieve
+       the UDP ones only . */
+    auto frontends = dnsdist::getDNSCryptFrontends(true);
     if (idx < frontends.size()) {
       ret = frontends.at(idx);
     }
@@ -1603,7 +1607,11 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
 
   luaCtx.writeFunction("getDNSCryptBindCount", []() {
     setLuaNoSideEffect();
-    return dnsdist::getDNSCryptFrontends().size();
+    /* we are only interested in distinct DNSCrypt binds,
+       and we have two frontends (UDP and TCP) per bind
+       sharing the same context so we need to retrieve
+       the UDP ones only . */
+    return dnsdist::getDNSCryptFrontends(true).size();
   });
 #endif /* HAVE_DNSCRYPT */