From: Remi Gacogne Date: Thu, 3 Jul 2025 19:15:01 +0000 (+0200) Subject: dnsdist: Add a selector to match the incoming protocol X-Git-Tag: rec-5.4.0-alpha0~44^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=363baee040886defdb57671fab3a336f83ae9099;p=thirdparty%2Fpdns.git dnsdist: Add a selector to match the incoming protocol Signed-off-by: Remi Gacogne --- diff --git a/pdns/dnsdistdist/dnsdist-protocols.cc b/pdns/dnsdistdist/dnsdist-protocols.cc index 35da4711f4..dac252d5f7 100644 --- a/pdns/dnsdistdist/dnsdist-protocols.cc +++ b/pdns/dnsdistdist/dnsdist-protocols.cc @@ -68,6 +68,16 @@ bool Protocol::operator!=(Protocol::typeenum type) const return d_protocol != type; } +bool Protocol::operator==(const Protocol& rhs) const +{ + return d_protocol == rhs.d_protocol; +} + +bool Protocol::operator!=(const Protocol& rhs) const +{ + return d_protocol != rhs.d_protocol; +} + const std::string& Protocol::toString() const { return s_names.at(static_cast(d_protocol)); diff --git a/pdns/dnsdistdist/dnsdist-protocols.hh b/pdns/dnsdistdist/dnsdist-protocols.hh index beb43ed3d7..17e13f3c3b 100644 --- a/pdns/dnsdistdist/dnsdist-protocols.hh +++ b/pdns/dnsdistdist/dnsdist-protocols.hh @@ -54,6 +54,8 @@ public: bool operator==(typeenum) const; bool operator!=(typeenum) const; + bool operator==(const Protocol& rhs) const; + bool operator!=(const Protocol& rhs) const; const std::string& toString() const; const std::string& toPrettyString() const; diff --git a/pdns/dnsdistdist/dnsdist-rules-factory.hh b/pdns/dnsdistdist/dnsdist-rules-factory.hh index c42eb0ed5c..48f2100014 100644 --- a/pdns/dnsdistdist/dnsdist-rules-factory.hh +++ b/pdns/dnsdistdist/dnsdist-rules-factory.hh @@ -1501,6 +1501,28 @@ private: Comparisons d_comparison; }; +class IncomingProtocolRule : public DNSRule +{ +public: + IncomingProtocolRule(const std::string& protocol) : + d_protocol(protocol) + { + } + + bool matches(const DNSQuestion* dq) const override + { + return dq->getProtocol() == d_protocol; + } + + string toString() const override + { + return "incoming protocol is " + d_protocol.toString(); + } + +private: + dnsdist::Protocol d_protocol; +}; + namespace dnsdist::selectors { std::shared_ptr getAndSelector(const std::vector>& rules); diff --git a/pdns/dnsdistdist/dnsdist-selectors-definitions.yml b/pdns/dnsdistdist/dnsdist-selectors-definitions.yml index 215912fd4c..2fb005499c 100644 --- a/pdns/dnsdistdist/dnsdist-selectors-definitions.yml +++ b/pdns/dnsdistdist/dnsdist-selectors-definitions.yml @@ -70,6 +70,13 @@ - name: "expression" type: "String" description: "The regex to match on" +- name: "IncomingProtocol" + description: "Matches queries received over a specific protocol" + version_added: 2.1.0 + parameters: + - name: "protocol" + type: "String" + description: "The protocol to match on, in a case-sensitive way. Supported values are DoUDP, DoTCP, DNSCryptUDP, DNSCryptTCP, DoT, DoH, DoQ and DoH3" - name: "KeyValueStoreLookup" skip-cpp: true skip-rust: true diff --git a/pdns/dnsdistdist/dnsdist-settings-documentation-generator.py b/pdns/dnsdistdist/dnsdist-settings-documentation-generator.py index 63d6a14cbf..b53425d025 100644 --- a/pdns/dnsdistdist/dnsdist-settings-documentation-generator.py +++ b/pdns/dnsdistdist/dnsdist-settings-documentation-generator.py @@ -105,6 +105,10 @@ def process_object(object_name, entries, entry_type, is_setting_struct=False, lu output += '-' * len(object_name) + '\n' output += '\n' + if 'version_added' in entries: + output += ' .. versionadded:: ' + entries['version_added'] + '\n' + output += '\n' + if 'description' in entries: description = entries['description'] output += description + '\n' diff --git a/pdns/dnsdistdist/docs/reference/selectors.rst b/pdns/dnsdistdist/docs/reference/selectors.rst index bde5fd3dfe..4f1b9911bb 100644 --- a/pdns/dnsdistdist/docs/reference/selectors.rst +++ b/pdns/dnsdistdist/docs/reference/selectors.rst @@ -83,6 +83,14 @@ Selectors can be combined via :func:`AndRule`, :func:`OrRule` and :func:`NotRule :param str path: The exact HTTP path to match on +.. function:: IncomingProtocolRule(protocol) + + .. versionadded:: 2.1.0 + + Matches queries received over a specific protocol. + + :param str protocol: The protocol to match on, in a case-sensitive way. Supported values are DoUDP, DoTCP, DNSCryptUDP, DNSCryptTCP, DoT, DoH, DoQ and DoH3 + .. function:: KeyValueStoreLookupRule(kvs, lookupKey) .. versionadded:: 1.4.0