mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-05 09:05:40 +00:00
Code Issues Releases Wiki Activity

Add 'proxy' option to 'listen-on' statement

Browse Source 
This commit extends "listen-on" statement with "proxy" options that
allows one to enable PROXYv2 support on a dedicated listener. It can
have the following values:

- "plain" to send PROXYv2 headers without encryption, even in the case
of encrypted transports.
- "encrypted" to send PROXYv2 headers encrypted right after the TLS
handshake.
This commit is contained in:
Artem Boldariev
2023-10-30 17:03:30 +02:00
parent c9d526d84d
commit f650d3eb63
9 changed files with 168 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/isccfg/aclconf.c
View File

@@ -701,7 +701,8 @@ cfg_acl_fromconfig(const cfg_obj_t *acl_data, const cfg_obj_t *cctx,
if (strcasecmp(cfg_obj_asstring(obj_transport),
"udp") == 0)
{
transports = isc_nm_udpsocket;
transports = isc_nm_udpsocket |
isc_nm_proxyudpsocket;
encrypted = false;
} else if (strcasecmp(cfg_obj_asstring(obj_transport),
"tcp") == 0)
@@ -713,7 +714,8 @@ cfg_acl_fromconfig(const cfg_obj_t *acl_data, const cfg_obj_t *cctx,
{
/* Good ol' DNS over port 53 */
transports = isc_nm_streamdnssocket |
isc_nm_udpsocket;
isc_nm_udpsocket |
isc_nm_proxyudpsocket;
encrypted = false;
} else if (strcasecmp(cfg_obj_asstring(obj_transport),
"tls") == 0)