Remi Gacogne [Mon, 3 Mar 2025 10:57:54 +0000 (11:57 +0100)]
dnsdist: Share tickets key between identical frontends created via YAML
Using the same Session Ticket Encryption Key on identical frontends
allow TLS sessions to be resumed in a much more efficient way, reducing
the latency and CPU usage. While it was already possible to do so by
manually managing the STEK, the default behaviour was to create and use
a different STEK for each frontend, because our Lua configuration makes
it almost impossible to ensure that two frontends are identical.
This is not an issue with the new YAML configuration format, so let's
share the STEK automatically in this case.
Remi Gacogne [Fri, 28 Mar 2025 14:52:08 +0000 (15:52 +0100)]
dnsdist: Add mitigations against misbehaving TCP/TLS clients
This commit adds several mitigations against misbehaving TCP/TLS clients:
- when a client is near the limit of concurrent TCP connections it is
allowed to have, the number of DNS queries over a single TCP connection
is restricted to 1 and the idle timout is reduced to 500 ms
- the same restrictions are applied to all connections if the frontend
is near the limit of concurrent TCP connections
- a limit of 50 read I/O events per query is enforced on incoming TCP
connections, to prevent a connection from continuously sending very small
packets to keep the worker busy. Clients exceeding this limit can
be prevented from opening new TCP connections for a configurable
amount of time
- three new configurable rates are introduced: new TCP connections
per second per client, new TLS sessions per second per client,
resumed TLS sessions per secondper client. Clients exceeding these
rates can be prevented from opening new TCP connections for a
configurable amount of time
Remi Gacogne [Mon, 31 Mar 2025 09:10:34 +0000 (11:10 +0200)]
dnsdist: Fix a TOCTOU in the Async regression tests
The existing code was catching all exceptions based on `OSError`
raised by a call to `os.unlink()` , and re-throwing if the file
actually existed, in an attempt to only ignore the case where
the file did not exist and still fail if the process did not
have enough rights to remove it, for example.
Unfortunately this construct introduced a TOCTOU issue, where the
initial exception might have been raised because the file did not
exist at the time of the call, resulting in a `FileNotFoundError`
exception being raised, but had been created before the existence
check, resulting in a puzzling message:
```
ready: 8/8 workersException in thread Asynchronous Responder:
Traceback (most recent call last):
File "/usr/lib/python3.13/threading.py", line 992, in run
self._target(*self._args, **self._kwargs)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/pdns/regression-tests.dnsdist/test_Async.py", line 17, in AsyncResponder
os.unlink(listenPath)
~~~~~~~~~^^^^^^^^^^^^
8 workers [816 items]
```
The new code only catches `FileNotFoundError` instead, so that
other errors are still causing a failure without needing a second
check.
Remi Gacogne [Mon, 24 Mar 2025 11:46:42 +0000 (12:46 +0100)]
dnsdist: Load Lua bindings before parsing yaml configuration
We need the Lua bindings so that inline and loaded from a file Lua
syntax work. Our regression tests did not catch this because the
setup always created an empty Lua file, causing the Lua bindings to
be loaded. This commit also fixes that by not creating (and removing
if needed) empty Lua files in the regression tests setup.
Remi Gacogne [Mon, 24 Mar 2025 15:37:58 +0000 (16:37 +0100)]
dnsdist: Better handling of non-existent Lua function name in YAML
This commit changes the way DNSdist handles a non-existent Lua function
name being referenced from the YAML configuration: instead of silently
ignoring the problem, it loudly complains before exiting.
Remi Gacogne [Mon, 24 Mar 2025 15:29:45 +0000 (16:29 +0100)]
dnsdist: Better handling of exceptions raised during YAML parsing
This commit changes the way exceptions raised during the YAML configuration
parsing are handled. I previously overlooked the way `cxx` handles exceptions
raised from a C++ code called from Rust:
```
If an exception is thrown from an extern "C++" function that is not declared
by the CXX bridge to return Result, the program calls C++'s std::terminate.
The behavior is equivalent to the same exception being thrown through a
noexcept C++ function.
```
Calling `std::terminate` is obviously not what we want, so this commit
declares that all C++ functions callable by Rust can raise exceptions,
and adds the required code to properly process these exceptions on the
Rust side of things.
Remi Gacogne [Thu, 20 Mar 2025 13:15:47 +0000 (14:15 +0100)]
rec: Prevent a crash when exiting nicely
If a TCP connection is alive when we are exiting, we might dereference
a `null` pointer when the TCP connection destructor is called after
the thread-local `t_tcpClientCounts` object has been destroyed.
projects / thirdparty / pdns.git / log
