From: Oto Šťáva Date: Tue, 4 Jun 2024 15:38:58 +0000 (+0200) Subject: Merge branch 'master' into 'rrl-wip' X-Git-Tag: v6.0.9~1^2~48 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b868b2584ef0bd3841256de596e3074443e9397b;p=thirdparty%2Fknot-resolver.git Merge branch 'master' into 'rrl-wip' --- b868b2584ef0bd3841256de596e3074443e9397b diff --cc daemon/proxyv2.h index a21f14b1e,6a6bc1794..9bba34762 --- a/daemon/proxyv2.h +++ b/daemon/proxyv2.h @@@ -35,19 -31,5 +31,9 @@@ struct proxy_result bool has_tls : 1; }; - /** Checks for a PROXY protocol version 2 signature in the specified buffer. */ - static inline bool proxy_header_present(const void* buf, const ssize_t nread) - { - return nread >= PROXY2_MIN_SIZE && - memcmp(buf, PROXY2_SIGNATURE, sizeof(PROXY2_SIGNATURE)) == 0; - } - +/** Checks whether the use of PROXYv2 protocol is allowed for the specified + * address. */ +bool proxy_allowed(const struct sockaddr *saddr); + - /** Parses the PROXYv2 header from buf of size nread and writes the result into - * out. The function assumes that the PROXYv2 signature is present - * and has been already checked by the caller (like `udp_recv` or `tcp_recv`). */ - ssize_t proxy_process_header(struct proxy_result *out, - const void *buf, ssize_t nread); + /** Initializes the protocol layers managed by the PROXYv2 "module". */ + void proxy_protolayers_init(void); diff --cc daemon/session2.c index a2c519a07,19ea42dc3..5f6f7d005 --- a/daemon/session2.c +++ b/daemon/session2.c @@@ -554,37 -575,25 +577,37 @@@ static int session2_submit struct protolayer_payload payload, const struct comm_info *comm, protolayer_finished_cb cb, void *baton) { - struct protolayer_manager *manager = s->layers; - if (!comm) - comm = &manager->session->comm; + if (session->closing) + return kr_error(ECANCELED); - + if (kr_fails_assert(session->proto < KR_PROTO_COUNT)) + return kr_error(EFAULT); + + bool had_comm_param = (comm != NULL); + if (!had_comm_param) + comm = &session->comm_storage; + // RRL: at this point we might start doing nontrivial work, + // but we may not know the client's IP yet. + // Note two cases: incoming session (new request) + // vs. outgoing session (resuming work on some request) + if (direction == PROTOLAYER_UNWRAP) { + kr_rrl_sample_start(); + // In particular we don't want to miss en/decryption work + // for regular connections from clients. - if (!s->outgoing && s->secure && !proxy_allowed(comm->comm_addr)) ++ if (!session->outgoing && session->secure && !proxy_allowed(comm->comm_addr)) + kr_rrl_sample_addr((const union kr_sockaddr *)comm->comm_addr); + } + int ret; + - if (manager->session->closing) { - ret = kr_error(ECANCELED); - goto finish_ret; - } - - struct protolayer_iter_ctx *ctx = malloc(manager->cb_ctx_size); + struct protolayer_iter_ctx *ctx = malloc(session->iter_ctx_size); kr_require(ctx); - VERBOSE_LOG(manager->session, + VERBOSE_LOG(session, "%s submitted to grp '%s' in %s direction (%zu: %s)\n", protolayer_payload_name(payload.type), - protolayer_grp_name(manager->grp), + kr_proto_name(session->proto), (direction == PROTOLAYER_UNWRAP) ? "unwrap" : "wrap", - layer_ix, layer_name(manager->grp, layer_ix)); + layer_ix, layer_name(session->proto, layer_ix)); *ctx = (struct protolayer_iter_ctx) { .payload = payload, @@@ -611,17 -636,13 +650,16 @@@ } if (globals->iter_init) - globals->iter_init(manager, ctx, iter_data); + globals->iter_init(ctx, iter_data); } - return protolayer_step(ctx); + ret = protolayer_step(ctx); - finish_ret: + if (direction == PROTOLAYER_UNWRAP) + kr_rrl_sample_stop(); + return ret; } - static void *get_init_param(enum protolayer_protocol p, + static void *get_init_param(enum protolayer_type p, struct protolayer_data_param *layer_param, size_t layer_param_count) {