policy: Add flag to force TCP as transport

This is already implemented in the backend, but the flag has not been
exposed. This patch adds the flag so that any forwarders will be
connected to using TCP.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
index 77fa29a71abd77c469747615a7df7f1febe2ad17..88e235a8beefec2591003179ac74ad487b14df7f 100644 (file)
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -914,6 +914,7 @@ Throws lua exceptions when detecting something fishy.
       i.e. we trust their DNSSEC validation.
     - for auths this inserts a negative trust anchor
       Beware that setting .set_insecure() *later* would override that.
+  .tcp to force transport over TCP
 \param targets same format as policy.TLS_FORWARD() except that `tls = true`
                can be specified for each address (defaults to false)
 --]]
@@ -924,6 +925,7 @@ function policy.rule_forward_add(subtree, options, targets)
                        {
                                is_nods = options.dnssec == false,
                                is_auth = options.auth,
+                               is_tcp  = options.tcp
                        },
                        targets_3
                ) == 0)