summaryrefslogtreecommitdiffstats
path: root/modules/edns_keepalive
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/edns_keepalive/.packaging/test.config10
-rw-r--r--modules/edns_keepalive/README.rst22
-rw-r--r--modules/edns_keepalive/edns_keepalive.c61
-rw-r--r--modules/edns_keepalive/meson.build17
4 files changed, 110 insertions, 0 deletions
diff --git a/modules/edns_keepalive/.packaging/test.config b/modules/edns_keepalive/.packaging/test.config
new file mode 100644
index 0000000..5c71c79
--- /dev/null
+++ b/modules/edns_keepalive/.packaging/test.config
@@ -0,0 +1,10 @@
+-- SPDX-License-Identifier: GPL-3.0-or-later
+modules.load('edns_keepalive')
+
+for _,item in ipairs(modules.list()) do
+ if item == "edns_keepalive" then
+ os.exit(0)
+ end
+end
+
+os.exit(1)
diff --git a/modules/edns_keepalive/README.rst b/modules/edns_keepalive/README.rst
new file mode 100644
index 0000000..d8034d2
--- /dev/null
+++ b/modules/edns_keepalive/README.rst
@@ -0,0 +1,22 @@
+.. SPDX-License-Identifier: GPL-3.0-or-later
+
+.. _mod-edns_keepalive:
+
+EDNS keepalive
+==============
+
+The ``edns_keepalive`` module implements :rfc:`7828` for *clients*
+connecting to Knot Resolver via TCP and TLS.
+The module just allows clients to discover the connection timeout,
+client connections are always timed-out the same way *regardless*
+of clients sending the EDNS option.
+
+When connecting to servers, Knot Resolver does not send this EDNS option.
+It still attempts to reuse established connections intelligently.
+
+This module is loaded by default. For debugging purposes it can be
+unloaded using standard means:
+
+.. code-block:: lua
+
+ modules.unload('edns_keepalive')
diff --git a/modules/edns_keepalive/edns_keepalive.c b/modules/edns_keepalive/edns_keepalive.c
new file mode 100644
index 0000000..30d5df3
--- /dev/null
+++ b/modules/edns_keepalive/edns_keepalive.c
@@ -0,0 +1,61 @@
+/* Copyright (C) CZ.NIC, z.s.p.o. <knot-resolver@labs.nic.cz>
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+/**
+ * @file edns_keepalive.c
+ * @brief Minimalistic EDNS keepalive implementation on server side.
+ * If keepalive option is present in query,
+ * always reply with constant timeout value.
+ *
+ */
+#include <libknot/packet/pkt.h>
+#include "daemon/worker.h"
+#include "lib/module.h"
+#include "lib/layer.h"
+
+static int edns_keepalive_finalize(kr_layer_t *ctx)
+{
+ struct kr_request *req = ctx->req;
+ knot_pkt_t *answer = req->answer;
+ const knot_rrset_t *src_opt = req->qsource.packet->opt_rr;
+ knot_rrset_t *answ_opt = answer->opt_rr;
+
+ const bool ka_want =
+ req->qsource.flags.tcp &&
+ src_opt != NULL &&
+ knot_edns_get_option(src_opt, KNOT_EDNS_OPTION_TCP_KEEPALIVE, NULL) &&
+ answ_opt != NULL;
+ if (!ka_want) {
+ return ctx->state;
+ }
+ const struct network *net = &the_worker->engine->net;
+ uint64_t timeout = net->tcp.in_idle_timeout / 100;
+ if (timeout > UINT16_MAX) {
+ timeout = UINT16_MAX;
+ }
+ knot_mm_t *pool = &answer->mm;
+ uint16_t ka_size = knot_edns_keepalive_size(timeout);
+ uint8_t ka_buf[ka_size];
+ int ret = knot_edns_keepalive_write(ka_buf, ka_size, timeout);
+ if (ret == KNOT_EOK) {
+ ret = knot_edns_add_option(answ_opt, KNOT_EDNS_OPTION_TCP_KEEPALIVE,
+ ka_size, ka_buf, pool);
+ }
+ if (ret != KNOT_EOK) {
+ ctx->state = KR_STATE_FAIL;
+ }
+ return ctx->state;
+}
+
+KR_EXPORT int edns_keepalive_init(struct kr_module *self)
+{
+ static const kr_layer_api_t layer = {
+ .answer_finalize = &edns_keepalive_finalize,
+ };
+ self->layer = &layer;
+ return kr_ok();
+}
+
+KR_MODULE_EXPORT(edns_keepalive)
+
diff --git a/modules/edns_keepalive/meson.build b/modules/edns_keepalive/meson.build
new file mode 100644
index 0000000..979452f
--- /dev/null
+++ b/modules/edns_keepalive/meson.build
@@ -0,0 +1,17 @@
+# C module: edns_keepalive
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+edns_keepalive_src = files([
+ 'edns_keepalive.c',
+])
+c_src_lint += edns_keepalive_src
+
+edns_keepalive_mod = shared_module(
+ 'edns_keepalive',
+ edns_keepalive_src,
+ dependencies: libknot,
+ include_directories: mod_inc_dir,
+ name_prefix: '',
+ install: true,
+ install_dir: modules_dir,
+)