diff options
author | Daniel Salzman <daniel.salzman@nic.cz> | 2021-03-12 12:57:47 +0100 |
---|---|---|
committer | Daniel Salzman <daniel.salzman@nic.cz> | 2021-03-15 13:21:50 +0100 |
commit | 98f4ee460aa1f229dff14fcf7a776dc605e8c237 (patch) | |
tree | e2d997a8a18473dddaa83a69ce6025b8e8461b05 | |
parent | kdig: force TCP with +fastopen (diff) | |
download | knot-98f4ee460aa1f229dff14fcf7a776dc605e8c237.tar.xz knot-98f4ee460aa1f229dff14fcf7a776dc605e8c237.zip |
mod-dnsproxy: add TCP Fast Open support
-rw-r--r-- | src/knot/modules/dnsproxy/dnsproxy.c | 17 | ||||
-rw-r--r-- | src/knot/modules/dnsproxy/dnsproxy.rst | 10 |
2 files changed, 24 insertions, 3 deletions
diff --git a/src/knot/modules/dnsproxy/dnsproxy.c b/src/knot/modules/dnsproxy/dnsproxy.c index d589a69fa..b7ab3d2e5 100644 --- a/src/knot/modules/dnsproxy/dnsproxy.c +++ b/src/knot/modules/dnsproxy/dnsproxy.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,6 +22,7 @@ #include "knot/nameserver/process_query.h" // Forces static module! #define MOD_REMOTE "\x06""remote" +#define MOD_TCP_FASTOPEN "\x0C""tcp-fastopen" #define MOD_TIMEOUT "\x07""timeout" #define MOD_FALLBACK "\x08""fallback" #define MOD_CATCH_NXDOMAIN "\x0E""catch-nxdomain" @@ -31,6 +32,7 @@ const yp_item_t dnsproxy_conf[] = { { knotd_conf_check_ref } }, { MOD_TIMEOUT, YP_TINT, YP_VINT = { 0, INT32_MAX, 500 } }, { MOD_FALLBACK, YP_TBOOL, YP_VBOOL = { true } }, + { MOD_TCP_FASTOPEN, YP_TBOOL, YP_VNONE }, { MOD_CATCH_NXDOMAIN, YP_TBOOL, YP_VNONE }, { NULL } }; @@ -50,6 +52,7 @@ typedef struct { struct sockaddr_storage remote; struct sockaddr_storage via; bool fallback; + bool tfo; bool catch_nxdomain; int timeout; } dnsproxy_t; @@ -87,11 +90,16 @@ static knotd_state_t dnsproxy_fwd(knotd_state_t state, knot_pkt_t *pkt, return state; /* Ignore, not enough memory. */ } - bool is_tcp = net_is_stream(qdata->params->socket); + knot_request_flag_t flags = KNOT_REQUEST_NONE; + if (!net_is_stream(qdata->params->socket)) { + flags = KNOT_REQUEST_UDP; + } else if (proxy->tfo) { + flags = KNOT_REQUEST_TFO; + } const struct sockaddr_storage *dst = &proxy->remote; const struct sockaddr_storage *src = &proxy->via; knot_request_t *req = knot_request_make(re.mm, dst, src, qdata->query, NULL, - is_tcp ? 0 : KNOT_REQUEST_UDP); + flags); if (req == NULL) { knot_requestor_clear(&re); return state; /* Ignore, not enough memory. */ @@ -144,6 +152,9 @@ int dnsproxy_load(knotd_mod_t *mod) conf = knotd_conf_mod(mod, MOD_FALLBACK); proxy->fallback = conf.single.boolean; + conf = knotd_conf_mod(mod, MOD_TCP_FASTOPEN); + proxy->tfo = conf.single.boolean; + conf = knotd_conf_mod(mod, MOD_CATCH_NXDOMAIN); proxy->catch_nxdomain = conf.single.boolean; diff --git a/src/knot/modules/dnsproxy/dnsproxy.rst b/src/knot/modules/dnsproxy/dnsproxy.rst index b03d89e23..2a291bed1 100644 --- a/src/knot/modules/dnsproxy/dnsproxy.rst +++ b/src/knot/modules/dnsproxy/dnsproxy.rst @@ -53,6 +53,7 @@ Module reference remote: remote_id timeout: INT fallback: BOOL + tcp-fastopen: BOOL catch-nxdomain: BOOL .. _mod-dnsproxy_id: @@ -92,6 +93,15 @@ to resolve them. *Default:* on +.. _mod-dnsproxy_tcp-fastopen: + +tcp-fastopen +............ + +If enabled, TCP Fast Open is used when forwarding TCP queries. + +*Default:* off + .. _mod-dnsproxy_catch-nxdomain: catch-nxdomain |