dnsdist: Refactor frontend configuration

PowerDNS · Jul 5, 2024 · 121d69a · 121d69a
1 parent 8477f0b
commit 121d69a
Show file tree

Hide file tree

Showing 13 changed files with 277 additions and 124 deletions.
diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am
@@ -162,6 +162,7 @@ dnsdist_SOURCES = \
 	dnsdist-dynbpf.cc dnsdist-dynbpf.hh \
 	dnsdist-ecs.cc dnsdist-ecs.hh \
 	dnsdist-edns.cc dnsdist-edns.hh \
+	dnsdist-frontend.cc dnsdist-frontend.hh \
 	dnsdist-healthchecks.cc dnsdist-healthchecks.hh \
 	dnsdist-idstate.cc dnsdist-idstate.hh \
 	dnsdist-internal-queries.cc dnsdist-internal-queries.hh \
@@ -285,6 +286,7 @@ testrunner_SOURCES = \
 	dnsdist-dynbpf.cc dnsdist-dynbpf.hh \
 	dnsdist-ecs.cc dnsdist-ecs.hh \
 	dnsdist-edns.cc dnsdist-edns.hh \
+	dnsdist-frontend.cc dnsdist-frontend.hh \
 	dnsdist-idstate.cc dnsdist-idstate.hh \
 	dnsdist-kvs.cc dnsdist-kvs.hh \
 	dnsdist-lbpolicies.cc dnsdist-lbpolicies.hh \

diff --git a/pdns/dnsdistdist/dnsdist-carbon.cc b/pdns/dnsdistdist/dnsdist-carbon.cc
@@ -27,6 +27,7 @@
 #include "dnsdist.hh"
 #include "dnsdist-backoff.hh"
 #include "dnsdist-configuration.hh"
+#include "dnsdist-frontend.hh"
 #include "dnsdist-metrics.hh"
 
 #ifndef DISABLE_CARBON
@@ -113,7 +114,7 @@ static bool doOneCarbonExport(const Carbon::Endpoint& endpoint)
     }
 
     std::map<std::string, uint64_t> frontendDuplicates;
-    for (const auto& front : g_frontends) {
+    for (const auto& front : dnsdist::getFrontends()) {
       if (front->udpFD == -1 && front->tcpFD == -1) {
         continue;
       }
@@ -222,7 +223,7 @@ static bool doOneCarbonExport(const Carbon::Endpoint& endpoint)
     {
       std::map<std::string, uint64_t> dohFrontendDuplicates;
       const string base = "dnsdist." + hostname + ".main.doh.";
-      for (const auto& doh : g_dohlocals) {
+      for (const auto& doh : dnsdist::getDoHFrontends()) {
         string name = doh->d_tlsContext.d_addr.toStringWithPort();
         boost::replace_all(name, ".", "_");
         boost::replace_all(name, ":", "_");

diff --git a/pdns/dnsdistdist/dnsdist-configuration.hh b/pdns/dnsdistdist/dnsdist-configuration.hh
@@ -143,6 +143,7 @@ public:
 class ServerPolicy;
 struct ServerPool;
 struct DownstreamState;
+struct ClientState;
 
 using servers_t = std::vector<std::shared_ptr<DownstreamState>>;
 
@@ -161,6 +162,7 @@ struct Configuration
 {
   std::set<std::string> d_capabilitiesToRetain;
   std::vector<uint32_t> d_tcpFastOpenKey;
+  std::vector<std::shared_ptr<ClientState>> d_frontends;
 #ifdef __linux__
   // On Linux this gives us 128k pending queries (default is 8192 queries),
   // which should be enough to deal with huge spikes

diff --git a/pdns/dnsdistdist/dnsdist-frontend.cc b/pdns/dnsdistdist/dnsdist-frontend.cc
@@ -0,0 +1,88 @@
+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "dnsdist-frontend.hh"
+#include "dnsdist.hh"
+
+namespace dnsdist
+{
+
+const std::vector<std::shared_ptr<ClientState>>& getFrontends()
+{
+  return dnsdist::configuration::getImmutableConfiguration().d_frontends;
+}
+
+std::vector<std::shared_ptr<DNSCryptContext>> getDNSCryptFrontends()
+{
+  std::vector<std::shared_ptr<DNSCryptContext>> results;
+  for (const auto& frontend : getFrontends()) {
+    if (frontend->getProtocol() == dnsdist::Protocol::DNSCryptUDP || frontend->getProtocol() == dnsdist::Protocol::DNSCryptTCP) {
+      results.push_back(frontend->dnscryptCtx);
+    }
+  }
+  return results;
+}
+
+std::vector<std::shared_ptr<TLSFrontend>> getDoTFrontends()
+{
+  std::vector<std::shared_ptr<TLSFrontend>> results;
+  for (const auto& frontend : getFrontends()) {
+    if (frontend->getProtocol() == dnsdist::Protocol::DoT) {
+      results.push_back(frontend->tlsFrontend);
+    }
+  }
+  return results;
+}
+
+std::vector<std::shared_ptr<DOHFrontend>> getDoHFrontends()
+{
+  std::vector<std::shared_ptr<DOHFrontend>> results;
+  for (const auto& frontend : getFrontends()) {
+    if (frontend->getProtocol() == dnsdist::Protocol::DoH) {
+      results.push_back(frontend->dohFrontend);
+    }
+  }
+  return results;
+}
+
+std::vector<std::shared_ptr<DOQFrontend>> getDoQFrontends()
+{
+  std::vector<std::shared_ptr<DOQFrontend>> results;
+  for (const auto& frontend : getFrontends()) {
+    if (frontend->getProtocol() == dnsdist::Protocol::DoQ) {
+      results.push_back(frontend->doqFrontend);
+    }
+  }
+  return results;
+}
+
+std::vector<std::shared_ptr<DOH3Frontend>> getDoH3Frontends()
+{
+  std::vector<std::shared_ptr<DOH3Frontend>> results;
+  for (const auto& frontend : getFrontends()) {
+    if (frontend->getProtocol() == dnsdist::Protocol::DoH3) {
+      results.push_back(frontend->doh3Frontend);
+    }
+  }
+  return results;
+}
+}
diff --git a/pdns/dnsdistdist/dnsdist-frontend.hh b/pdns/dnsdistdist/dnsdist-frontend.hh
@@ -0,0 +1,42 @@
+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#pragma once
+
+#include <memory>
+#include <vector>
+
+struct ClientState;
+class DNSCryptContext;
+class TLSFrontend;
+struct DOHFrontend;
+struct DOQFrontend;
+struct DOH3Frontend;
+
+namespace dnsdist
+{
+const std::vector<std::shared_ptr<ClientState>>& getFrontends();
+std::vector<std::shared_ptr<DNSCryptContext>> getDNSCryptFrontends();
+std::vector<std::shared_ptr<TLSFrontend>> getDoTFrontends();
+std::vector<std::shared_ptr<DOHFrontend>> getDoHFrontends();
+std::vector<std::shared_ptr<DOQFrontend>> getDoQFrontends();
+std::vector<std::shared_ptr<DOH3Frontend>> getDoH3Frontends();
+}
diff --git a/pdns/dnsdistdist/dnsdist-lua-bindings.cc b/pdns/dnsdistdist/dnsdist-lua-bindings.cc
@@ -23,6 +23,7 @@
 #include "config.h"
 #include "dnsdist.hh"
 #include "dnsdist-async.hh"
+#include "dnsdist-frontend.hh"
 #include "dnsdist-lua.hh"
 #include "dnsdist-resolver.hh"
 #include "dnsdist-svc.hh"
@@ -670,7 +671,7 @@ void setupLuaBindings(LuaContext& luaCtx, bool client, bool configCheck)
       return;
     }
     if (bpf) {
-      for (const auto& frontend : g_frontends) {
+      for (const auto& frontend : dnsdist::getFrontends()) {
         frontend->attachFilter(bpf, frontend->getSocket());
       }
     }

diff --git a/pdns/dnsdistdist/dnsdist-lua-inspection.cc b/pdns/dnsdistdist/dnsdist-lua-inspection.cc
@@ -24,6 +24,7 @@
 #include "dnsdist.hh"
 #include "dnsdist-console.hh"
 #include "dnsdist-dynblocks.hh"
+#include "dnsdist-frontend.hh"
 #include "dnsdist-lua.hh"
 #include "dnsdist-nghttp2.hh"
 #include "dnsdist-rings.hh"
@@ -732,7 +733,7 @@ void setupLuaInspection(LuaContext& luaCtx)
     ret << (fmt % "#" % "Address" % "Connections" % "Max concurrent conn" % "Died reading query" % "Died sending response" % "Gave up" % "Client timeouts" % "Downstream timeouts" % "Avg queries/conn" % "Avg duration" % "TLS new sessions" % "TLS Resumptions" % "TLS unknown ticket keys" % "TLS inactive ticket keys" % "TLS 1.0" % "TLS 1.1" % "TLS 1.2" % "TLS 1.3" % "TLS other") << endl;
 
     size_t counter = 0;
-    for (const auto& frontend : g_frontends) {
+    for (const auto& frontend : dnsdist::getFrontends()) {
       ret << (fmt % counter % frontend->local.toStringWithPort() % frontend->tcpCurrentConnections % frontend->tcpMaxConcurrentConnections % frontend->tcpDiedReadingQuery % frontend->tcpDiedSendingResponse % frontend->tcpGaveUp % frontend->tcpClientTimeouts % frontend->tcpDownstreamTimeouts % frontend->tcpAvgQueriesPerConnection % frontend->tcpAvgConnectionDuration % frontend->tlsNewSessions % frontend->tlsResumptions % frontend->tlsUnknownTicketKey % frontend->tlsInactiveTicketKey % frontend->tls10queries % frontend->tls11queries % frontend->tls12queries % frontend->tls13queries % frontend->tlsUnknownqueries) << endl;
       ++counter;
     }
@@ -759,7 +760,7 @@ void setupLuaInspection(LuaContext& luaCtx)
     ret << (fmt % "#" % "Address" % "DH key too small" % "Inappropriate fallback" % "No shared cipher" % "Unknown cipher type" % "Unknown exchange type" % "Unknown protocol" % "Unsupported EC" % "Unsupported protocol") << endl;
 
     size_t counter = 0;
-    for (const auto& frontend : g_frontends) {
+    for (const auto& frontend : dnsdist::getFrontends()) {
       if (!frontend->hasTLS()) {
         continue;
       }