2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00

Add isc_nmsocket_set_tlsctx()

This commit adds isc_nmsocket_set_tlsctx() - an asynchronous function
that replaces the TLS context within a given TLS-enabled listener
socket object. It is based on the newly added reference counting
functionality.

The intention of adding this function is to add functionality to
replace a TLS context without recreating the whole socket object,
including the underlying TCP listener socket, as a BIND process might
not have enough permissions to re-create it fully on reconfiguration.
This commit is contained in:
Artem Boldariev
2022-03-31 13:47:48 +03:00
parent 25609156a5
commit df317184eb
6 changed files with 168 additions and 13 deletions

View File

@@ -328,6 +328,8 @@ typedef enum isc__netievent_type {
netievent_task,
netievent_settlsctx,
/*
* event type values higher than this will be treated
* as high-priority events, which can be processed
@@ -665,6 +667,38 @@ typedef struct isc__netievent {
isc__nm_put_netievent(nm, ievent); \
}
typedef struct isc__netievent__tlsctx {
NETIEVENT__SOCKET;
isc_tlsctx_t *tlsctx;
} isc__netievent__tlsctx_t;
#define NETIEVENT_SOCKET_TLSCTX_TYPE(type) \
typedef isc__netievent__tlsctx_t isc__netievent_##type##_t;
#define NETIEVENT_SOCKET_TLSCTX_DECL(type) \
isc__netievent_##type##_t *isc__nm_get_netievent_##type( \
isc_nm_t *nm, isc_nmsocket_t *sock, isc_tlsctx_t *tlsctx); \
void isc__nm_put_netievent_##type(isc_nm_t *nm, \
isc__netievent_##type##_t *ievent);
#define NETIEVENT_SOCKET_TLSCTX_DEF(type) \
isc__netievent_##type##_t *isc__nm_get_netievent_##type( \
isc_nm_t *nm, isc_nmsocket_t *sock, isc_tlsctx_t *tlsctx) { \
isc__netievent_##type##_t *ievent = \
isc__nm_get_netievent(nm, netievent_##type); \
isc__nmsocket_attach(sock, &ievent->sock); \
isc_tlsctx_attach(tlsctx, &ievent->tlsctx); \
\
return (ievent); \
} \
\
void isc__nm_put_netievent_##type(isc_nm_t *nm, \
isc__netievent_##type##_t *ievent) { \
isc_tlsctx_free(&ievent->tlsctx); \
isc__nmsocket_detach(&ievent->sock); \
isc__nm_put_netievent(nm, ievent); \
}
typedef union {
isc__netievent_t ni;
isc__netievent__socket_t nis;
@@ -672,6 +706,7 @@ typedef union {
isc__netievent_udpsend_t nius;
isc__netievent__socket_quota_t nisq;
isc__netievent_tlsconnect_t nitc;
isc__netievent__tlsctx_t nitls;
} isc__netievent_storage_t;
/*
@@ -930,6 +965,7 @@ struct isc_nmsocket {
isc_tlsctx_t *ctx;
isc_tlsctx_t **listener_tls_ctx; /*%< A context reference per
worker */
size_t n_listener_tls_ctx;
isc_nmsocket_t *tlslistener;
atomic_bool result_updated;
enum {
@@ -1608,6 +1644,9 @@ void
isc__nm_async_tlsdnsshutdown(isc__networker_t *worker, isc__netievent_t *ev0);
void
isc__nm_async_tlsdnsread(isc__networker_t *worker, isc__netievent_t *ev0);
void
isc__nm_async_tlsdns_set_tlsctx(isc_nmsocket_t *listener, isc_tlsctx_t *tlsctx,
const int tid);
/*%<
* Callback handlers for asynchronous TLSDNS events.
*/
@@ -1684,6 +1723,10 @@ isc__nmhandle_tls_keepalive(isc_nmhandle_t *handle, bool value);
* Set the keepalive value on the underlying TCP handle.
*/
void
isc__nm_async_tls_set_tlsctx(isc_nmsocket_t *listener, isc_tlsctx_t *tlsctx,
const int tid);
void
isc__nm_http_stoplistening(isc_nmsocket_t *sock);
@@ -1769,8 +1812,14 @@ isc__nm_httpsession_attach(isc_nm_http_session_t *source,
void
isc__nm_httpsession_detach(isc_nm_http_session_t **sessionp);
void
isc__nm_http_set_tlsctx(isc_nmsocket_t *sock, isc_tlsctx_t *tlsctx);
#endif
void
isc__nm_async_settlsctx(isc__networker_t *worker, isc__netievent_t *ev0);
#define isc__nm_uverr2result(x) \
isc___nm_uverr2result(x, true, __FILE__, __LINE__, __func__)
isc_result_t
@@ -1963,6 +2012,8 @@ NETIEVENT_TYPE(stop);
NETIEVENT_TASK_TYPE(task);
NETIEVENT_SOCKET_TLSCTX_TYPE(settlsctx);
/* Now declared the helper functions */
NETIEVENT_SOCKET_DECL(close);
@@ -2030,6 +2081,8 @@ NETIEVENT_DECL(stop);
NETIEVENT_TASK_DECL(task);
NETIEVENT_SOCKET_TLSCTX_DECL(settlsctx);
void
isc__nm_udp_failed_read_cb(isc_nmsocket_t *sock, isc_result_t result);
void