From: Robert Edmonds Date: Tue, 10 Jun 2025 03:15:15 +0000 (-0400) Subject: dnsdist: YAML: Correct `enable_proxy_protocol` value for TCP/UDP binds X-Git-Tag: dnsdist-2.0.0-beta1~37^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31cdf2138c479984aa3269e37f0a5b89f47f75dc;p=thirdparty%2Fpdns.git dnsdist: YAML: Correct `enable_proxy_protocol` value for TCP/UDP binds The YAML `enable_proxy_protocol` property of `BindConfiguration` is documented as defaulting to "true", but is actually defined to default to false. This commit redefines this property to default to "true", which matches the documentation. It also matches the documentation of the `enableProxyProtocol` option to the Lua `addLocal()` function. However, when `loadBinds()` constructs the `ClientState` for a TCP or UDP bind, it hardcodes the last parameter (`enableProxyProtocol`) to false, i.e. it ignores the configured value. In this commit, the `enableProxyProtocol` parameter to the `ClientState` constructor is taken from the corresponding value loaded by the YAML parser. --- diff --git a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc index 46c260915d..d747f19349 100644 --- a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc +++ b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc @@ -694,7 +694,7 @@ static void loadBinds(const ::rust::Vec dnsCryptContext; #endif /* defined(HAVE_DNSCRYPT) */ - auto state = std::make_shared(listeningAddress, protocol != "doq" && protocol != "doh3", bind.reuseport, bind.tcp.fast_open_queue_size, std::string(bind.interface), cpus, false); + auto state = std::make_shared(listeningAddress, protocol != "doq" && protocol != "doh3", bind.reuseport, bind.tcp.fast_open_queue_size, std::string(bind.interface), cpus, bind.enable_proxy_protocol); if (bind.tcp.listen_queue_size > 0) { state->tcpListenQueueSize = bind.tcp.listen_queue_size; @@ -738,7 +738,7 @@ static void loadBinds(const ::rust::Vec(ComboAddress(std::string(bind.listen_address), defaultPort), false, bind.reuseport, bind.tcp.fast_open_queue_size, std::string(bind.interface), cpus, false); + state = std::make_shared(ComboAddress(std::string(bind.listen_address), defaultPort), false, bind.reuseport, bind.tcp.fast_open_queue_size, std::string(bind.interface), cpus, bind.enable_proxy_protocol); #if defined(HAVE_DNSCRYPT) state->dnscryptCtx = std::move(dnsCryptContext); #endif /* defined(HAVE_DNSCRYPT) */ diff --git a/pdns/dnsdistdist/dnsdist-settings-definitions.yml b/pdns/dnsdistdist/dnsdist-settings-definitions.yml index 5af3b7cf4b..296cae61f3 100644 --- a/pdns/dnsdistdist/dnsdist-settings-definitions.yml +++ b/pdns/dnsdistdist/dnsdist-settings-definitions.yml @@ -1100,7 +1100,7 @@ bind: description: "Set the CPU affinity for this listener thread, asking the scheduler to run it on a single CPU id, or a set of CPU ids. This parameter is only available if the OS provides the ``pthread_setaffinity_np()`` function" - name: "enable_proxy_protocol" type: "bool" - default: "false" + default: "true" description: "Whether to expect a proxy protocol v2 header in front of incoming queries coming from an address allowed by the ACL in :ref:`yaml-settings-ProxyProtocolConfiguration`. Default is ``true``, meaning that queries are expected to have a proxy protocol payload if they come from an address present in the proxy protocol ACL" - name: "tcp" type: "IncomingTcpConfiguration"