From: Grigorii Demidov Date: Tue, 13 Nov 2018 10:48:31 +0000 (+0100) Subject: modules/edns_keepalive: new module, loaded by default X-Git-Tag: v3.2.0~37^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65d1c322df78b123403fc6273f58923d8329d31f;p=thirdparty%2Fknot-resolver.git modules/edns_keepalive: new module, loaded by default Minor changes to be blamed on Vladimir. --- diff --git a/NEWS b/NEWS index e830f6bc0..b2e9b342f 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ Knot Resolver 3.x.y (201y-mm-dd) ================================ +New features +------------ +- module edns_keepalive to implement server side of RFC 7828 (#408) + Module API changes ------------------ - new layer is added: answer_finalize diff --git a/daemon/lua/sandbox.lua b/daemon/lua/sandbox.lua index f10d5a777..017e3a399 100644 --- a/daemon/lua/sandbox.lua +++ b/daemon/lua/sandbox.lua @@ -322,6 +322,7 @@ modules.load('priming') modules.load('detect_time_skew') modules.load('detect_time_jump') modules.load('ta_sentinel') +modules.load('edns_keepalive') -- Interactive command evaluation function eval_cmd(line, raw) diff --git a/doc/modules.rst b/doc/modules.rst index 8ddf54daf..cb350b336 100644 --- a/doc/modules.rst +++ b/doc/modules.rst @@ -32,3 +32,4 @@ Knot Resolver modules .. include:: ../modules/rfc7706.rst .. include:: ../modules/prefill/README.rst .. include:: ../modules/serve_stale/README.rst +.. include:: ../modules/edns_keepalive/README.rst diff --git a/modules/edns_keepalive/README.rst b/modules/edns_keepalive/README.rst new file mode 100644 index 000000000..7938632b9 --- /dev/null +++ b/modules/edns_keepalive/README.rst @@ -0,0 +1,12 @@ +.. _mod-edns_keepalive: + +EDNS keepalive +-------------- + +The ``edns_keepalive`` module implements :rfc:`7828` for *clients* connecting to Knot Resolver via TCP and TLS. +Note that client connections are timed-out the same way *regardless* of them sending the EDNS option; +the module just allows clients to discover the timeout. + +When connecting to servers, Knot Resolver does not send this EDNS option. +It still attempts to reuse established connections intelligently. + diff --git a/modules/edns_keepalive/edns_keepalive.c b/modules/edns_keepalive/edns_keepalive.c new file mode 100644 index 000000000..e9676c0b9 --- /dev/null +++ b/modules/edns_keepalive/edns_keepalive.c @@ -0,0 +1,77 @@ +/* Copyright (C) 2018 CZ.NIC, z.s.p.o. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + */ + +/** + * @file edns_keepalive.c + * @brief Minimalistic EDNS keepalive implementation on server side. + * If keepalive option is present in query, + * always reply with constant timeout value. + * + */ +#include +#include "daemon/worker.h" +#include "lib/module.h" +#include "lib/layer.h" + +static int edns_keepalive_finalize(kr_layer_t *ctx) +{ + struct kr_request *req = ctx->req; + knot_pkt_t *answer = req->answer; + const knot_rrset_t *src_opt = req->qsource.packet->opt_rr; + knot_rrset_t *answ_opt = answer->opt_rr; + + const bool ka_want = + req->qsource.flags.tcp && + src_opt != NULL && + knot_edns_get_option(src_opt, KNOT_EDNS_OPTION_TCP_KEEPALIVE) && + answ_opt != NULL; + if (!ka_want) { + return ctx->state; + } + const struct worker_ctx *worker = (const struct worker_ctx *)req->daemon_context; + assert(worker); + const struct network *net = &worker->engine->net; + uint64_t timeout = net->tcp.in_idle_timeout / 100; + if (timeout > UINT16_MAX) { + timeout = UINT16_MAX; + } + knot_mm_t *pool = &answer->mm; + uint16_t ka_size = knot_edns_keepalive_size(timeout); + uint8_t ka_buf[ka_size]; + int ret = knot_edns_keepalive_write(ka_buf, ka_size, timeout); + if (ret == KNOT_EOK) { + ret = knot_edns_add_option(answ_opt, KNOT_EDNS_OPTION_TCP_KEEPALIVE, + ka_size, ka_buf, pool); + } + if (ret != KNOT_EOK) { + ctx->state = KR_STATE_FAIL; + } + return ctx->state; +} + +KR_EXPORT +const kr_layer_api_t *edns_keepalive_layer(struct kr_module *module) +{ + static kr_layer_api_t _layer = { + .answer_finalize = &edns_keepalive_finalize, + }; + /* Store module reference */ + _layer.data = module; + return &_layer; +} + +KR_MODULE_EXPORT(edns_keepalive); + diff --git a/modules/edns_keepalive/edns_keepalive.mk b/modules/edns_keepalive/edns_keepalive.mk new file mode 100644 index 000000000..4ce2bd95d --- /dev/null +++ b/modules/edns_keepalive/edns_keepalive.mk @@ -0,0 +1,5 @@ +edns_keepalive_CFLAGS := -fPIC +edns_keepalive_LDFLAGS := -Wl,-undefined -Wl,dynamic_lookup +edns_keepalive_SOURCES := modules/edns_keepalive/edns_keepalive.c +$(call make_c_module,edns_keepalive) + diff --git a/modules/modules.mk b/modules/modules.mk index 78b83da36..328c8564f 100644 --- a/modules/modules.mk +++ b/modules/modules.mk @@ -31,7 +31,8 @@ modules_TARGETS += bogus_log \ serve_stale \ detect_time_skew \ detect_time_jump \ - prefill + prefill \ + edns_keepalive endif # Make C module