From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 26 Aug 2021 14:25:36 +0000 (+0200)
Subject: dnsdist: Provide bindings to know which TLS provider is in use
X-Git-Tag: dnsdist-1.7.0-alpha1~46^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82e9d3f32f3e3c138285645752c1fc1071964eaf;p=thirdparty%2Fpdns.git

dnsdist: Provide bindings to know which TLS provider is in use
---

diff --git a/pdns/dnsdist-lua-bindings.cc b/pdns/dnsdist-lua-bindings.cc
index f8c04b8d0e..7f0568ff88 100644
--- a/pdns/dnsdist-lua-bindings.cc
+++ b/pdns/dnsdist-lua-bindings.cc
@@ -354,10 +354,34 @@ void setupLuaBindings(LuaContext& luaCtx, bool client)
       setLuaNoSideEffect();
       return fe.local.toStringWithPort();
     });
-  luaCtx.registerFunction<std::string(ClientState::*)()>("__tostring", [](const ClientState& fe) {
+  luaCtx.registerFunction<std::string(ClientState::*)()const>("__tostring", [](const ClientState& fe) {
       setLuaNoSideEffect();
       return fe.local.toStringWithPort();
     });
+  luaCtx.registerFunction<std::string(ClientState::*)()const>("getType", [](const ClientState& fe) {
+      setLuaNoSideEffect();
+      return fe.getType();
+  });
+  luaCtx.registerFunction<std::string(ClientState::*)()const>("getConfiguredTLSProvider", [](const ClientState& fe) {
+      setLuaNoSideEffect();
+      if (fe.tlsFrontend != nullptr) {
+        return fe.tlsFrontend->getRequestedProvider();
+      }
+      else if (fe.dohFrontend != nullptr) {
+        return std::string("openssl");
+      }
+      return std::string();
+  });
+  luaCtx.registerFunction<std::string(ClientState::*)()const>("getEffectiveTLSProvider", [](const ClientState& fe) {
+      setLuaNoSideEffect();
+      if (fe.tlsFrontend != nullptr) {
+        return fe.tlsFrontend->getEffectiveProvider();
+      }
+      else if (fe.dohFrontend != nullptr) {
+        return std::string("openssl");
+      }
+      return std::string();
+  });
   luaCtx.registerMember("muted", &ClientState::muted);
 #ifdef HAVE_EBPF
   luaCtx.registerFunction<void(ClientState::*)(std::shared_ptr<BPFFilter>)>("attachFilter", [](ClientState& frontend, std::shared_ptr<BPFFilter> bpf) {
diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst
index 29913fa6d6..10f6691637 100644
--- a/pdns/dnsdistdist/docs/reference/config.rst
+++ b/pdns/dnsdistdist/docs/reference/config.rst
@@ -854,6 +854,24 @@ ClientState functions
 
      Remove the BPF filter associated to this frontend, if any.
 
+  .. method:: ClientState:getEffectiveTLSProvider() -> string
+
+    .. versionadded:: 1.7.0
+
+    Return the name of the TLS provider actually used.
+
+  .. method:: ClientState:getRequestedTLSProvider() -> string
+
+    .. versionadded:: 1.7.0
+
+    Return the name of the TLS provider requested in the configuration.
+
+  .. method:: ClientState:getType() -> string
+
+    .. versionadded:: 1.7.0
+
+    Return the type of the frontend: UDP, UDP (DNSCrypt), TCP, TCP (DNSCrypt), TCP (DNS over TLS) or TCP (DNS over HTTPS).
+
   .. method:: ClientState:toString() -> string
 
     Return the address and port this frontend is listening on.
diff --git a/pdns/dnsdistdist/test-dnsdisttcp_cc.cc b/pdns/dnsdistdist/test-dnsdisttcp_cc.cc
index 4f506fefc1..8e479b4bee 100644
--- a/pdns/dnsdistdist/test-dnsdisttcp_cc.cc
+++ b/pdns/dnsdistdist/test-dnsdisttcp_cc.cc
@@ -294,6 +294,11 @@ public:
   {
     return 0;
   }
+
+  std::string getName() const override
+  {
+    return "Mockup TLS";
+  }
 };
 
 class MockupFDMultiplexer : public FDMultiplexer
diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index daa49a1a59..a6a90b8a89 100644
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -562,6 +562,11 @@ public:
     return d_feContext->d_ticketKeys.getKeysCount();
   }
 
+  std::string getName() const override
+  {
+    return "openssl";
+  }
+
 private:
   std::shared_ptr<OpenSSLFrontendContext> d_feContext;
   std::unique_ptr<SSL_CTX, void(*)(SSL_CTX*)> d_tlsCtx; // client context
@@ -1204,6 +1209,11 @@ public:
     return *(d_ticketsKey.read_lock()) != nullptr ? 1 : 0;
   }
 
+  std::string getName() const override
+  {
+    return "gnutls";
+  }
+
 private:
   std::unique_ptr<gnutls_certificate_credentials_st, void(*)(gnutls_certificate_credentials_t)> d_creds;
   gnutls_priority_t d_priorityCache{nullptr};
diff --git a/pdns/tcpiohandler.hh b/pdns/tcpiohandler.hh
index 6b8a4c1fba..89fde1f6bf 100644
--- a/pdns/tcpiohandler.hh
+++ b/pdns/tcpiohandler.hh
@@ -98,6 +98,7 @@ public:
   }
 
   virtual size_t getTicketsKeysCount() = 0;
+  virtual std::string getName() const = 0;
 
 protected:
   std::atomic_flag d_rotatingTicketsKey;
@@ -178,6 +179,19 @@ public:
     return res;
   }
 
+  std::string getRequestedProvider() const
+  {
+    return d_provider;
+  }
+
+  std::string getEffectiveProvider() const
+  {
+    if (d_ctx) {
+      return d_ctx->getName();
+    }
+    return "";
+  }
+
   TLSConfig d_tlsConfig;
   TLSErrorCounters d_tlsCounters;
   ComboAddress d_addr;