manager: datamodel: PROXYv2 schema created

author Aleš Mrázek <ales.mrazek@nic.cz>

Fri, 22 Apr 2022 08:29:47 +0000 (10:29 +0200)

committer Aleš Mrázek <ales.mrazek@nic.cz>

Fri, 22 Apr 2022 08:29:47 +0000 (10:29 +0200)
author Aleš Mrázek <ales.mrazek@nic.cz>
Fri, 22 Apr 2022 08:29:47 +0000 (10:29 +0200)
committer Aleš Mrázek <ales.mrazek@nic.cz>
Fri, 22 Apr 2022 08:29:47 +0000 (10:29 +0200)
diff --git a/manager/knot_resolver_manager/datamodel/network_schema.py b/manager/knot_resolver_manager/datamodel/network_schema.py

index 91475dfc2e44605e0fbbdf80088d71b2794fe1df..b7bdd298f8dedfd5d4d81ddc3735d6a104d2aaf2 100644 (file)
--- a/manager/knot_resolver_manager/datamodel/network_schema.py
+++ b/manager/knot_resolver_manager/datamodel/network_schema.py
@@ -134,6 +134,17 @@ class ListenSchema(SchemaNode):
              )
  
  
+class PROXYv2Schema(SchemaNode):
+    """
+    PROXYv2 protocol configuration.
+
+    ---
+    allow: Allow usage of the PROXYv2 protocol headers by clients on the specified addresses.
+    """
+
+    allow: List[Union[IPAddress, IPNetwork]]
+
+
  class NetworkSchema(SchemaNode):
      """
      Network connections and protocols configuration.
@@ -148,6 +159,7 @@ class NetworkSchema(SchemaNode):
      edns_buffer_size: Maximum EDNS payload size advertised in DNS packets. Different values can be configured for communication downstream (towards clients) and upstream (towards other DNS servers).
      address_renumbering: Renumbers addresses in answers to different address space.
      tls: TLS configuration, also affects DNS over TLS and DNS over HTTPS.
+    proxy_v2: PROXYv2 protocol configuration.
      listen: List of interfaces to listen to and its configuration.
      """
  
@@ -160,6 +172,7 @@ class NetworkSchema(SchemaNode):
      edns_buffer_size: EdnsBufferSizeSchema = EdnsBufferSizeSchema()
      address_renumbering: Optional[List[AddressRenumberingSchema]] = None
      tls: TLSSchema = TLSSchema()
+    proxy_v2: Union[Literal[False], PROXYv2Schema] = False
      listen: List[ListenSchema] = [
          ListenSchema({"interface": "127.0.0.1"}),
          ListenSchema({"interface": "::1", "freebind": True}),
diff --git a/manager/knot_resolver_manager/datamodel/templates/network.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/network.lua.j2

index 1ab6b2814fee51792ca13ba0281d9b6e2700c550..2297775349bf886797517bb3ba1382707a8dcaf6 100644 (file)
--- a/manager/knot_resolver_manager/datamodel/templates/network.lua.j2
+++ b/manager/knot_resolver_manager/datamodel/templates/network.lua.j2
@@ -84,6 +84,17 @@ modules.load('http')
  {{ http_config(cfg.network.tls,"doh_legacy") }}
  {% endif %}
  
+{% if cfg.network.proxy_v2 %}
+-- network.proxy-v2
+net.proxy_allowed({
+{% for item in cfg.network.proxy_v2.allow %}
+'{{ item }}',
+{% endfor %}
+})
+{% else %}
+net.proxy_allowed({})
+{% endif %}
+
  -- network.listen
  {% for listen in cfg.network.listen %}
  {{ network_listen(listen) }}
author	Aleš Mrázek <ales.mrazek@nic.cz>
	Fri, 22 Apr 2022 08:29:47 +0000 (10:29 +0200)
committer	Aleš Mrázek <ales.mrazek@nic.cz>
	Fri, 22 Apr 2022 08:29:47 +0000 (10:29 +0200)
manager/knot_resolver_manager/datamodel/network_schema.py		patch \| blob \| blame \| history
manager/knot_resolver_manager/datamodel/templates/network.lua.j2		patch \| blob \| blame \| history