daemon: allow binding to either UDP or TCP

Previously it would bind to UDP and TCP, or TLS.
Now it can bind to either TLS, UDP, TCP, UDP and TCP.

diff --git a/daemon/README.rst b/daemon/README.rst
index 1d891e6c4a78544e3b6927e7b223944e0d994316..06dffc5d4d5bfbc0f27009af819b47c4aa3e4e29 100644 (file)
--- a/daemon/README.rst
+++ b/daemon/README.rst
@@ -509,7 +509,7 @@ For when listening on ``localhost`` just doesn't cut it.
 
    Enable/disable using IPv4 for recursion.
 
-.. function:: net.listen(addresses, [port = 53, flags = {tls = (port == 853)}])
+.. function:: net.listen(addresses, [port = 53, flags = {tls = true|false, tcp = true|false, udp = true|false}])
 
    :return: boolean
 
@@ -519,13 +519,17 @@ For when listening on ``localhost`` just doesn't cut it.
    The command can be given multiple times, but note that it silently skips
    any addresses that have already been bound.
 
+   The DNS over TLS is implicitly enabled if the port is equal to 853.
+   Otherwise both UDP and TCP are enabled unless explicitly disabled in flags.
+
    Examples:
 
    .. code-block:: lua
 
-       net.listen('::1')
-       net.listen(net.lo, 5353)
-       net.listen({net.eth0, '127.0.0.1'}, 53853, {tls = true})
+  net.listen('::1')
+  net.listen(net.lo, 5353)
+  net.listen({net.eth0, '127.0.0.1'}, 53853, {tls = true})
+  net.listen({net.eth0, '127.0.0.1'}, 53853, {tcp = true, udp = false})
 
 .. function:: net.close(address, [port = 53])
 

diff --git a/daemon/bindings.c b/daemon/bindings.c
index bde8d7a319afeb6035a26644f277fb28c92add3e..b308a9ae93178a440234bf9476a54cb953d204e2 100644 (file)
--- a/daemon/bindings.c
+++ b/daemon/bindings.c
@@ -228,7 +228,7 @@ static int net_listen(lua_State *L)
        int n = lua_gettop(L);
        if (n < 1 || n > 3) {
                format_error(L, "expected one to three arguments; usage:\n"
-                            "net.listen(addressses, [port = " xstr(KR_DNS_PORT) ", flags = {tls = (port == " xstr(KR_DNS_TLS_PORT) ")}])\n");
+                               "net.listen(addresses, [port = " xstr(KR_DNS_PORT) ", flags = {tls = true|false, udp = true|false, tcp = true|false}])\n");
                lua_error(L);
        }
 
@@ -237,11 +237,26 @@ static int net_listen(lua_State *L)
                port = lua_tointeger(L, 2);
        }
 
+       int flags = 0;
        bool tls = (port == KR_DNS_TLS_PORT);
        if (n > 2 && lua_istable(L, 3)) {
-               tls = table_get_flag(L, 3, "tls", tls);
+               // DNS over TLS is mutually exclusive with either "udp" or "tcp"
+               // It's not possible to listen on both encrypted and non-encrypted traffic on the same port
+               if (table_get_flag(L, 3, "tls", false)) {
+                       flags = NET_TCP|NET_TLS;
+               } else {
+                       // Both UDP and TCP are enabled unless explicitly disabled
+                       if (table_get_flag(L, 3, "udp", true)) {
+                               flags |= NET_UDP;
+                       }
+                       if (table_get_flag(L, 3, "tcp", true)) {
+                               flags |= NET_TCP;
+                       }
+               }
+       } else {
+               // If the flags are not specified, decide default based on port number
+               flags = tls ? (NET_TCP|NET_TLS) : (NET_TCP|NET_UDP);
        }
-       int flags = tls ? (NET_TCP|NET_TLS) : (NET_TCP|NET_UDP);
        
        /* Now focus on the first argument. */
        lua_pop(L, n - 1);