summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorDaniel Salzman <daniel.salzman@nic.cz>2021-03-12 12:57:47 +0100
committerDaniel Salzman <daniel.salzman@nic.cz>2021-03-15 13:21:50 +0100
commit98f4ee460aa1f229dff14fcf7a776dc605e8c237 (patch)
treee2d997a8a18473dddaa83a69ce6025b8e8461b05 /src
parentkdig: force TCP with +fastopen (diff)
downloadknot-98f4ee460aa1f229dff14fcf7a776dc605e8c237.tar.xz
knot-98f4ee460aa1f229dff14fcf7a776dc605e8c237.zip
mod-dnsproxy: add TCP Fast Open support
Diffstat (limited to 'src')
-rw-r--r--src/knot/modules/dnsproxy/dnsproxy.c17
-rw-r--r--src/knot/modules/dnsproxy/dnsproxy.rst10
2 files changed, 24 insertions, 3 deletions
diff --git a/src/knot/modules/dnsproxy/dnsproxy.c b/src/knot/modules/dnsproxy/dnsproxy.c
index d589a69fa..b7ab3d2e5 100644
--- a/src/knot/modules/dnsproxy/dnsproxy.c
+++ b/src/knot/modules/dnsproxy/dnsproxy.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -22,6 +22,7 @@
#include "knot/nameserver/process_query.h" // Forces static module!
#define MOD_REMOTE "\x06""remote"
+#define MOD_TCP_FASTOPEN "\x0C""tcp-fastopen"
#define MOD_TIMEOUT "\x07""timeout"
#define MOD_FALLBACK "\x08""fallback"
#define MOD_CATCH_NXDOMAIN "\x0E""catch-nxdomain"
@@ -31,6 +32,7 @@ const yp_item_t dnsproxy_conf[] = {
{ knotd_conf_check_ref } },
{ MOD_TIMEOUT, YP_TINT, YP_VINT = { 0, INT32_MAX, 500 } },
{ MOD_FALLBACK, YP_TBOOL, YP_VBOOL = { true } },
+ { MOD_TCP_FASTOPEN, YP_TBOOL, YP_VNONE },
{ MOD_CATCH_NXDOMAIN, YP_TBOOL, YP_VNONE },
{ NULL }
};
@@ -50,6 +52,7 @@ typedef struct {
struct sockaddr_storage remote;
struct sockaddr_storage via;
bool fallback;
+ bool tfo;
bool catch_nxdomain;
int timeout;
} dnsproxy_t;
@@ -87,11 +90,16 @@ static knotd_state_t dnsproxy_fwd(knotd_state_t state, knot_pkt_t *pkt,
return state; /* Ignore, not enough memory. */
}
- bool is_tcp = net_is_stream(qdata->params->socket);
+ knot_request_flag_t flags = KNOT_REQUEST_NONE;
+ if (!net_is_stream(qdata->params->socket)) {
+ flags = KNOT_REQUEST_UDP;
+ } else if (proxy->tfo) {
+ flags = KNOT_REQUEST_TFO;
+ }
const struct sockaddr_storage *dst = &proxy->remote;
const struct sockaddr_storage *src = &proxy->via;
knot_request_t *req = knot_request_make(re.mm, dst, src, qdata->query, NULL,
- is_tcp ? 0 : KNOT_REQUEST_UDP);
+ flags);
if (req == NULL) {
knot_requestor_clear(&re);
return state; /* Ignore, not enough memory. */
@@ -144,6 +152,9 @@ int dnsproxy_load(knotd_mod_t *mod)
conf = knotd_conf_mod(mod, MOD_FALLBACK);
proxy->fallback = conf.single.boolean;
+ conf = knotd_conf_mod(mod, MOD_TCP_FASTOPEN);
+ proxy->tfo = conf.single.boolean;
+
conf = knotd_conf_mod(mod, MOD_CATCH_NXDOMAIN);
proxy->catch_nxdomain = conf.single.boolean;
diff --git a/src/knot/modules/dnsproxy/dnsproxy.rst b/src/knot/modules/dnsproxy/dnsproxy.rst
index b03d89e23..2a291bed1 100644
--- a/src/knot/modules/dnsproxy/dnsproxy.rst
+++ b/src/knot/modules/dnsproxy/dnsproxy.rst
@@ -53,6 +53,7 @@ Module reference
remote: remote_id
timeout: INT
fallback: BOOL
+ tcp-fastopen: BOOL
catch-nxdomain: BOOL
.. _mod-dnsproxy_id:
@@ -92,6 +93,15 @@ to resolve them.
*Default:* on
+.. _mod-dnsproxy_tcp-fastopen:
+
+tcp-fastopen
+............
+
+If enabled, TCP Fast Open is used when forwarding TCP queries.
+
+*Default:* off
+
.. _mod-dnsproxy_catch-nxdomain:
catch-nxdomain