Remi Gacogne [Mon, 24 Mar 2025 11:46:42 +0000 (12:46 +0100)]
dnsdist: Load Lua bindings before parsing yaml configuration
We need the Lua bindings so that inline and loaded from a file Lua
syntax work. Our regression tests did not catch this because the
setup always created an empty Lua file, causing the Lua bindings to
be loaded. This commit also fixes that by not creating (and removing
if needed) empty Lua files in the regression tests setup.
Remi Gacogne [Mon, 24 Mar 2025 15:37:58 +0000 (16:37 +0100)]
dnsdist: Better handling of non-existent Lua function name in YAML
This commit changes the way DNSdist handles a non-existent Lua function
name being referenced from the YAML configuration: instead of silently
ignoring the problem, it loudly complains before exiting.
Remi Gacogne [Mon, 24 Mar 2025 15:29:45 +0000 (16:29 +0100)]
dnsdist: Better handling of exceptions raised during YAML parsing
This commit changes the way exceptions raised during the YAML configuration
parsing are handled. I previously overlooked the way `cxx` handles exceptions
raised from a C++ code called from Rust:
```
If an exception is thrown from an extern "C++" function that is not declared
by the CXX bridge to return Result, the program calls C++'s std::terminate.
The behavior is equivalent to the same exception being thrown through a
noexcept C++ function.
```
Calling `std::terminate` is obviously not what we want, so this commit
declares that all C++ functions callable by Rust can raise exceptions,
and adds the required code to properly process these exceptions on the
Rust side of things.
Remi Gacogne [Thu, 20 Mar 2025 13:15:47 +0000 (14:15 +0100)]
rec: Prevent a crash when exiting nicely
If a TCP connection is alive when we are exiting, we might dereference
a `null` pointer when the TCP connection destructor is called after
the thread-local `t_tcpClientCounts` object has been destroyed.
milzi234 [Tue, 18 Mar 2025 14:11:44 +0000 (15:11 +0100)]
Fixes the documentation workflows upload. Uses sudo to install rclone, omits the --no-wait flag on the invalidations, since that doesn't exist (...). Lastly, adds the possibility to set DOCS_WORKFLOW_BRANCH_OVERRIDE in which case the workflow doesn't check for the branch it's running on, so it can be tested on other branches. Useful in forks.
This introduces support for binding to a Unix instead of a TCP/IP
socket, which is useful in applications where binding to a TCP/IP socket
is not desired due to security and/or performance considerations or
constraints of the surrounding system. Closes #8677.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Remi Gacogne [Fri, 14 Mar 2025 13:17:57 +0000 (14:17 +0100)]
dnsdist: Upgrade clang to 19 in our CI
To get rid of the `WARNING: Symbolizer buffer too small` warning,
which is caused by big backtraces, and fixed in clang >= 15 by
using a dynamic symbolizer buffer size.
I only upgrade it for dnsdist because of a compatibility issue between
`libfaketime` and the ASAN implementation in recent versions of `clang`:
https://github.com/wolfcw/libfaketime/issues/365
It seems to be fixed in the `libfaketime` repository. There has not
been any release since the fix, but I guess we could compile from
a more recent commit.
pizchen [Sat, 15 Mar 2025 04:59:15 +0000 (12:59 +0800)]
Add timeout config per UDP backend server
Currently TCP backend has per server config option while UDP backend
can only use the global timeout setting. This change will add timeout
config per UDP backend server.
Remi Gacogne [Thu, 6 Mar 2025 08:44:30 +0000 (09:44 +0100)]
dnsdist: Limit # of proxy protocol-enabled outgoing TCP connections
TCP worker threads keep a cache of outgoing TCP connections to a
backend to be able to reuse them for subsequent queries. Proxy
protocol-enabled outgoing TCP connections are trickier because the
proxy protocol payload is sent only once at the beginning of the
TCP connection, contains the source and destination addresses and
ports, and thus the connections can only be reused with the exact
same incoming TCP connection. For this reason these connections are
stored in a specific structure of the incoming connection, instead
of the TCP worker connection cache. However, we can only reuse a
given proxy protocol-enabled outgoing TCP connection for a subsequent
query if the TLV values contained in the proxy-protocol payload
associated to the new query are exactly the same than the ones
associated to the existing query. Up until now, we would keep an
unbounded amount of proxy protocol-enabled connections around if
the TLV values were, for example, randomly assigned per query.
This commit sets a limit on the number of such connections we will
keep around: we will keep at most N connections, where N is the
ratio between the number of concurrent queries on a single TCP
connection supported by the backend and the number of concurrent
queries on a single TCP connection supported by the frontend, with
a hard cap to 5.
projects / thirdparty / pdns.git / log
