bool has_tls : 1;
};
- /** Checks for a PROXY protocol version 2 signature in the specified buffer. */
- static inline bool proxy_header_present(const void* buf, const ssize_t nread)
- {
- return nread >= PROXY2_MIN_SIZE &&
- memcmp(buf, PROXY2_SIGNATURE, sizeof(PROXY2_SIGNATURE)) == 0;
- }
-
+/** Checks whether the use of PROXYv2 protocol is allowed for the specified
+ * address. */
+bool proxy_allowed(const struct sockaddr *saddr);
+
- /** Parses the PROXYv2 header from buf of size nread and writes the result into
- * out. The function assumes that the PROXYv2 signature is present
- * and has been already checked by the caller (like `udp_recv` or `tcp_recv`). */
- ssize_t proxy_process_header(struct proxy_result *out,
- const void *buf, ssize_t nread);
+ /** Initializes the protocol layers managed by the PROXYv2 "module". */
+ void proxy_protolayers_init(void);
struct protolayer_payload payload, const struct comm_info *comm,
protolayer_finished_cb cb, void *baton)
{
- struct protolayer_manager *manager = s->layers;
- if (!comm)
- comm = &manager->session->comm;
+ if (session->closing)
+ return kr_error(ECANCELED);
-
+ if (kr_fails_assert(session->proto < KR_PROTO_COUNT))
+ return kr_error(EFAULT);
+
+ bool had_comm_param = (comm != NULL);
+ if (!had_comm_param)
+ comm = &session->comm_storage;
- if (!s->outgoing && s->secure && !proxy_allowed(comm->comm_addr))
+ // RRL: at this point we might start doing nontrivial work,
+ // but we may not know the client's IP yet.
+ // Note two cases: incoming session (new request)
+ // vs. outgoing session (resuming work on some request)
+ if (direction == PROTOLAYER_UNWRAP) {
+ kr_rrl_sample_start();
+ // In particular we don't want to miss en/decryption work
+ // for regular connections from clients.
- if (manager->session->closing) {
- ret = kr_error(ECANCELED);
- goto finish_ret;
- }
-
- struct protolayer_iter_ctx *ctx = malloc(manager->cb_ctx_size);
++ if (!session->outgoing && session->secure && !proxy_allowed(comm->comm_addr))
+ kr_rrl_sample_addr((const union kr_sockaddr *)comm->comm_addr);
+ }
+ int ret;
+
+ struct protolayer_iter_ctx *ctx = malloc(session->iter_ctx_size);
kr_require(ctx);
- VERBOSE_LOG(manager->session,
+ VERBOSE_LOG(session,
"%s submitted to grp '%s' in %s direction (%zu: %s)\n",
protolayer_payload_name(payload.type),
- protolayer_grp_name(manager->grp),
+ kr_proto_name(session->proto),
(direction == PROTOLAYER_UNWRAP) ? "unwrap" : "wrap",
- layer_ix, layer_name(manager->grp, layer_ix));
+ layer_ix, layer_name(session->proto, layer_ix));
*ctx = (struct protolayer_iter_ctx) {
.payload = payload,
}
if (globals->iter_init)
- globals->iter_init(manager, ctx, iter_data);
+ globals->iter_init(ctx, iter_data);
}
- return protolayer_step(ctx);
+ ret = protolayer_step(ctx);
- finish_ret:
+ if (direction == PROTOLAYER_UNWRAP)
+ kr_rrl_sample_stop();
+ return ret;
}
- static void *get_init_param(enum protolayer_protocol p,
+ static void *get_init_param(enum protolayer_type p,
struct protolayer_data_param *layer_param,
size_t layer_param_count)
{
projects / thirdparty / knot-resolver.git / commitdiff
