summaryrefslogtreecommitdiffstats
path: root/modules/cookies/README.rst
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:26:00 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:26:00 +0000
commit830407e88f9d40d954356c3754f2647f91d5c06a (patch)
treed6a0ece6feea91f3c656166dbaa884ef8a29740e /modules/cookies/README.rst
parentInitial commit. (diff)
downloadknot-resolver-98d55686c8af309ef910d45b4aa72db5092f465c.tar.xz
knot-resolver-98d55686c8af309ef910d45b4aa72db5092f465c.zip
Adding upstream version 5.6.0.upstream/5.6.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--modules/cookies/README.rst56
1 files changed, 56 insertions, 0 deletions
diff --git a/modules/cookies/README.rst b/modules/cookies/README.rst
new file mode 100644
index 0000000..b8aba8a
--- /dev/null
+++ b/modules/cookies/README.rst
@@ -0,0 +1,56 @@
+.. SPDX-License-Identifier: GPL-3.0-or-later
+
+.. _mod-cookies:
+
+DNS Cookies
+===========
+
+The module performs most of the :rfc:`7873` DNS cookies functionality. Its main purpose is to check the cookies of inbound queries and responses. It is also used to alter the behaviour of the cookie functionality.
+
+Example Configuration
+---------------------
+
+.. code-block:: lua
+
+ -- Load the module before the 'iterate' layer.
+ modules = {
+ 'cookies < iterate'
+ }
+
+ -- Configure the client part of the resolver. Set 8 bytes of the client
+ -- secret and choose the hashing algorithm to be used.
+ -- Use a string composed of hexadecimal digits to set the secret.
+ cookies.config { client_secret = '0123456789ABCDEF',
+ client_cookie_alg = 'FNV-64' }
+
+ -- Configure the server part of the resolver.
+ cookies.config { server_secret = 'FEDCBA9876543210',
+ server_cookie_alg = 'FNV-64' }
+
+ -- Enable client cookie functionality. (Add cookies into outbound
+ -- queries.)
+ cookies.config { client_enabled = true }
+
+ -- Enable server cookie functionality. (Handle cookies in inbound
+ -- requests.)
+ cookies.config { server_enabled = true }
+
+.. tip:: If you want to change several parameters regarding the client or server configuration then do it within a single ``cookies.config()`` invocation.
+
+.. warning:: The module must be loaded before any other module that has direct influence on query processing and response generation. The module must be able to intercept an incoming query before the processing of the actual query starts. It must also be able to check the cookies of inbound responses and eventually discard them before they are handled by other functional units.
+
+Properties
+----------
+
+.. function:: cookies.config(configuration)
+
+ :param table configuration: part of cookie configuration to be changed, may be called without parameter
+ :return: JSON dictionary containing current configuration
+
+ The function may be called without any parameter. In such case it only returns current configuration. The returned JSON also contains available algorithm choices.
+
+Dependencies
+------------
+
+* `Nettle <https://www.lysator.liu.se/~nisse/nettle/>`_ required for HMAC-SHA256
+