diff options
Diffstat (limited to 'modules/edns_keepalive')
-rw-r--r-- | modules/edns_keepalive/.packaging/test.config | 10 | ||||
-rw-r--r-- | modules/edns_keepalive/README.rst | 22 | ||||
-rw-r--r-- | modules/edns_keepalive/edns_keepalive.c | 61 | ||||
-rw-r--r-- | modules/edns_keepalive/meson.build | 17 |
4 files changed, 110 insertions, 0 deletions
diff --git a/modules/edns_keepalive/.packaging/test.config b/modules/edns_keepalive/.packaging/test.config new file mode 100644 index 0000000..5c71c79 --- /dev/null +++ b/modules/edns_keepalive/.packaging/test.config @@ -0,0 +1,10 @@ +-- SPDX-License-Identifier: GPL-3.0-or-later +modules.load('edns_keepalive') + +for _,item in ipairs(modules.list()) do + if item == "edns_keepalive" then + os.exit(0) + end +end + +os.exit(1) diff --git a/modules/edns_keepalive/README.rst b/modules/edns_keepalive/README.rst new file mode 100644 index 0000000..d8034d2 --- /dev/null +++ b/modules/edns_keepalive/README.rst @@ -0,0 +1,22 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _mod-edns_keepalive: + +EDNS keepalive +============== + +The ``edns_keepalive`` module implements :rfc:`7828` for *clients* +connecting to Knot Resolver via TCP and TLS. +The module just allows clients to discover the connection timeout, +client connections are always timed-out the same way *regardless* +of clients sending the EDNS option. + +When connecting to servers, Knot Resolver does not send this EDNS option. +It still attempts to reuse established connections intelligently. + +This module is loaded by default. For debugging purposes it can be +unloaded using standard means: + +.. code-block:: lua + + modules.unload('edns_keepalive') diff --git a/modules/edns_keepalive/edns_keepalive.c b/modules/edns_keepalive/edns_keepalive.c new file mode 100644 index 0000000..30d5df3 --- /dev/null +++ b/modules/edns_keepalive/edns_keepalive.c @@ -0,0 +1,61 @@ +/* Copyright (C) CZ.NIC, z.s.p.o. <knot-resolver@labs.nic.cz> + * SPDX-License-Identifier: GPL-3.0-or-later + */ + +/** + * @file edns_keepalive.c + * @brief Minimalistic EDNS keepalive implementation on server side. + * If keepalive option is present in query, + * always reply with constant timeout value. + * + */ +#include <libknot/packet/pkt.h> +#include "daemon/worker.h" +#include "lib/module.h" +#include "lib/layer.h" + +static int edns_keepalive_finalize(kr_layer_t *ctx) +{ + struct kr_request *req = ctx->req; + knot_pkt_t *answer = req->answer; + const knot_rrset_t *src_opt = req->qsource.packet->opt_rr; + knot_rrset_t *answ_opt = answer->opt_rr; + + const bool ka_want = + req->qsource.flags.tcp && + src_opt != NULL && + knot_edns_get_option(src_opt, KNOT_EDNS_OPTION_TCP_KEEPALIVE, NULL) && + answ_opt != NULL; + if (!ka_want) { + return ctx->state; + } + const struct network *net = &the_worker->engine->net; + uint64_t timeout = net->tcp.in_idle_timeout / 100; + if (timeout > UINT16_MAX) { + timeout = UINT16_MAX; + } + knot_mm_t *pool = &answer->mm; + uint16_t ka_size = knot_edns_keepalive_size(timeout); + uint8_t ka_buf[ka_size]; + int ret = knot_edns_keepalive_write(ka_buf, ka_size, timeout); + if (ret == KNOT_EOK) { + ret = knot_edns_add_option(answ_opt, KNOT_EDNS_OPTION_TCP_KEEPALIVE, + ka_size, ka_buf, pool); + } + if (ret != KNOT_EOK) { + ctx->state = KR_STATE_FAIL; + } + return ctx->state; +} + +KR_EXPORT int edns_keepalive_init(struct kr_module *self) +{ + static const kr_layer_api_t layer = { + .answer_finalize = &edns_keepalive_finalize, + }; + self->layer = &layer; + return kr_ok(); +} + +KR_MODULE_EXPORT(edns_keepalive) + diff --git a/modules/edns_keepalive/meson.build b/modules/edns_keepalive/meson.build new file mode 100644 index 0000000..979452f --- /dev/null +++ b/modules/edns_keepalive/meson.build @@ -0,0 +1,17 @@ +# C module: edns_keepalive +# SPDX-License-Identifier: GPL-3.0-or-later + +edns_keepalive_src = files([ + 'edns_keepalive.c', +]) +c_src_lint += edns_keepalive_src + +edns_keepalive_mod = shared_module( + 'edns_keepalive', + edns_keepalive_src, + dependencies: libknot, + include_directories: mod_inc_dir, + name_prefix: '', + install: true, + install_dir: modules_dir, +) |