chore(dnsdist): move checkDNSCryptQuery to dnsdist-dnscrypt

author Pieter Lexis <pieter.lexis@powerdns.com>

Thu, 23 Oct 2025 09:14:15 +0000 (11:14 +0200)

committer Pieter Lexis <pieter.lexis@powerdns.com>

Mon, 1 Jun 2026 10:52:27 +0000 (12:52 +0200)
author Pieter Lexis <pieter.lexis@powerdns.com>
Thu, 23 Oct 2025 09:14:15 +0000 (11:14 +0200)
committer Pieter Lexis <pieter.lexis@powerdns.com>
Mon, 1 Jun 2026 10:52:27 +0000 (12:52 +0200)
diff --git a/pdns/dnsdistdist/dnsdist-dnscrypt.cc b/pdns/dnsdistdist/dnsdist-dnscrypt.cc

index 7ae6a4a0150ea613614beb2f373a737ff1a3505a..7de63bf16351e97f3c9d8dfa93c5fd866729ac03 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-dnscrypt.cc
+++ b/pdns/dnsdistdist/dnsdist-dnscrypt.cc
@@ -65,3 +65,24 @@ bool encryptResponse(PacketBuffer& response, size_t maximumSize, bool tcp, std::
    return true;
  }
  #endif
+
+bool checkDNSCryptQuery([[maybe_unused]] const ClientState& clientState, [[maybe_unused]] PacketBuffer& query, [[maybe_unused]] std::unique_ptr<DNSCryptQuery>& dnsCryptQuery, [[maybe_unused]] time_t now, [[maybe_unused]] bool tcp)
+{
+#ifdef HAVE_DNSCRYPT
+  if (clientState.dnscryptCtx) {
+    PacketBuffer response;
+    dnsCryptQuery = std::make_unique<DNSCryptQuery>(clientState.dnscryptCtx);
+
+    bool decrypted = handleDNSCryptQuery(query, *dnsCryptQuery, tcp, now, response);
+
+    if (!decrypted) {
+      if (!response.empty()) {
+        query = std::move(response);
+        return true;
+      }
+      throw std::runtime_error("Unable to decrypt DNSCrypt query, dropping.");
+    }
+  }
+#endif /* HAVE_DNSCRYPT */
+  return false;
+}
diff --git a/pdns/dnsdistdist/dnsdist-dnscrypt.hh b/pdns/dnsdistdist/dnsdist-dnscrypt.hh

index 6305d8b3495f3f14003da52db8ebe72443dd7db4..487f30c2d2e8b8828ef7ba07650491b55d2157c0 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-dnscrypt.hh
+++ b/pdns/dnsdistdist/dnsdist-dnscrypt.hh
@@ -22,9 +22,10 @@
  #pragma once
  
  #include "config.h"
+#include "dnsdist.hh"
  
  #ifdef HAVE_DNSCRYPT
-#include "dnsdist.hh"
  bool handleDNSCryptQuery(PacketBuffer& packet, DNSCryptQuery& query, bool tcp, time_t now, PacketBuffer& response);
  bool encryptResponse(PacketBuffer& response, size_t maximumSize, bool tcp, std::unique_ptr<DNSCryptQuery>& dnsCryptQuery);
  #endif
+bool checkDNSCryptQuery(const ClientState& clientState, PacketBuffer& query, std::unique_ptr<DNSCryptQuery>& dnsCryptQuery, time_t now, bool tcp);
diff --git a/pdns/dnsdistdist/dnsdist-tcp.cc b/pdns/dnsdistdist/dnsdist-tcp.cc

index 3a51cba25e11e94959d7b1290d642b7972f4e8ab..b01a15e8327cbd3ecbd5bae188665665704f59b7 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-tcp.cc
+++ b/pdns/dnsdistdist/dnsdist-tcp.cc
@@ -28,6 +28,7 @@
  #include "dnsdist.hh"
  #include "dnsdist-concurrent-connections.hh"
  #include "dnsdist-dnsparser.hh"
+#include "dnsdist-dnscrypt.hh"
  #include "dnsdist-ecs.hh"
  #include "dnsdist-edns.hh"
  #include "dnsdist-nghttp2-in.hh"
diff --git a/pdns/dnsdistdist/dnsdist.cc b/pdns/dnsdistdist/dnsdist.cc

index b8d0d289750c9de54a4645f20dfc1cb30e83f7c8..39524ce9a30e00cdb1e02d9194c50d3d94ab29ae 100644 (file)
--- a/pdns/dnsdistdist/dnsdist.cc
+++ b/pdns/dnsdistdist/dnsdist.cc
@@ -1139,27 +1139,6 @@ static bool isUDPQueryAcceptable(ClientState& clientState, const struct msghdr*
    return true;
  }
  
-bool checkDNSCryptQuery(const ClientState& clientState, [[maybe_unused]] PacketBuffer& query, [[maybe_unused]] std::unique_ptr<DNSCryptQuery>& dnsCryptQuery, [[maybe_unused]] time_t now, [[maybe_unused]] bool tcp)
-{
-  if (clientState.dnscryptCtx) {
-#ifdef HAVE_DNSCRYPT
-    PacketBuffer response;
-    dnsCryptQuery = std::make_unique<DNSCryptQuery>(clientState.dnscryptCtx);
-
-    bool decrypted = handleDNSCryptQuery(query, *dnsCryptQuery, tcp, now, response);
-
-    if (!decrypted) {
-      if (!response.empty()) {
-        query = std::move(response);
-        return true;
-      }
-      throw std::runtime_error("Unable to decrypt DNSCrypt query, dropping.");
-    }
-#endif /* HAVE_DNSCRYPT */
-  }
-  return false;
-}
-
  bool checkQueryHeaders(const struct dnsheader& dnsHeader, ClientState& clientState)
  {
    if (dnsHeader.qr) { // don't respond to responses
diff --git a/pdns/dnsdistdist/dnsdist.hh b/pdns/dnsdistdist/dnsdist.hh

index 094bd62cdcd11a2762cc03163c2bc20aa1624629..e6b804e3071bb062001d3c5ce1a28b6a91d155dd 100644 (file)
--- a/pdns/dnsdistdist/dnsdist.hh
+++ b/pdns/dnsdistdist/dnsdist.hh
@@ -996,8 +996,6 @@ bool checkQueryHeaders(const struct dnsheader& dnsHeader, ClientState& clientSta
  
  class DNSCryptQuery;
  
-bool checkDNSCryptQuery(const ClientState& clientState, PacketBuffer& query, std::unique_ptr<DNSCryptQuery>& dnsCryptQuery, time_t now, bool tcp);
-
  enum class ProcessQueryResult : uint8_t
  {
    Drop,
author	Pieter Lexis <pieter.lexis@powerdns.com>
	Thu, 23 Oct 2025 09:14:15 +0000 (11:14 +0200)
committer	Pieter Lexis <pieter.lexis@powerdns.com>
	Mon, 1 Jun 2026 10:52:27 +0000 (12:52 +0200)
pdns/dnsdistdist/dnsdist-dnscrypt.cc		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-dnscrypt.hh		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-tcp.cc		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist.cc		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist.hh		patch \| blob \| blame \| history