fixup! fixup! WIP: Support new server connect syntax

bin/named/named.conf.rst

@@ -512,6 +512,7 @@ SERVER
 
   server netprefix {
   	bogus boolean;
+  	connect [ port integer ] [ transport string ] [ tls string ];
   	edns boolean;
   	edns-udp-size integer;
   	edns-version integer;
@@ -534,7 +535,7 @@ SERVER
   	request-nsid boolean;
   	send-cookie boolean;
   	tcp-keepalive boolean;
-  	tcp-only boolean;
+  	tcp-only boolean;// deprecated
   	transfer-format ( many-answers | one-answer );
   	transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
   	    dscp integer ];
@@ -822,6 +823,8 @@ VIEW
   	serial-update-method ( date | increment | unixtime );
   	server netprefix {
   		bogus boolean;
+  		connect [ port integer ] [ transport string ] [ tls
+  		    string ];
   		edns boolean;
   		edns-udp-size integer;
   		edns-version integer;
@@ -846,7 +849,7 @@ VIEW
   		request-nsid boolean;
   		send-cookie boolean;
   		tcp-keepalive boolean;
-  		tcp-only boolean;
+  		tcp-only boolean;// deprecated
   		transfer-format ( many-answers | one-answer );
   		transfer-source ( ipv4_address | * ) [ port ( integer |
   		    * ) ] [ dscp integer ];

bin/named/server.c

@@ -1528,6 +1528,48 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
 		CHECK(dns_peer_setforcetcp(peer, cfg_obj_asboolean(obj)));
 	}
 
+	obj = NULL;
+	(void)cfg_map_get(cpeer, "connect", &obj);
+	if (obj != NULL) {
+		dns_transport_t *transport = NULL;
+		const cfg_obj_t *obj_port = NULL, *obj_transport = NULL;
+		const char *transport_name = NULL;
+
+		(void)dns_peer_setforcetcp(peer, false);
+		INSIST(cfg_obj_istuple(obj));
+
+		obj_transport = cfg_tuple_get(obj, "transport");
+		if (cfg_obj_isstring(obj_transport)) {
+			transport_name = cfg_obj_asstring(obj_transport);
+
+			if (strcasecmp(transport_name, "tcp") == 0) {
+				transport = dns_transport_create(
+					DNS_TRANSPORT_TCP, mctx);
+			} else if (strcasecmp(transport_name, "tls") == 0) {
+				transport = dns_transport_create(
+					DNS_TRANSPORT_TLS, mctx);
+			} else {
+				INSIST(0);
+				ISC_UNREACHABLE();
+			}
+		} else {
+			INSIST(0);
+			ISC_UNREACHABLE();
+		}
+
+		obj_port = cfg_tuple_get(obj, "port");
+		if (cfg_obj_isuint32(obj_port)) {
+			dns_transport_set_port(
+				transport,
+				(in_port_t)cfg_obj_asuint32(obj_port));
+		}
+
+		if (transport != NULL) {
+			(void)dns_peer_settransport(peer, transport);
+			dns_transport_detach(&transport);
+		}
+	}
+
 	obj = NULL;
 	(void)cfg_map_get(cpeer, "tcp-keepalive", &obj);
 	if (obj != NULL) {

doc/misc/options

@@ -418,6 +418,7 @@ primaries <string> [ port <integer> ] [ dscp
 
 server <netprefix> {
         bogus <boolean>;
+        connect [ port <integer> ] [ transport <string> ] [ tls <string> ];
         edns <boolean>;
         edns-udp-size <integer>;
         edns-version <integer>;
@@ -440,7 +441,7 @@ server <netprefix> {
         request-nsid <boolean>;
         send-cookie <boolean>;
         tcp-keepalive <boolean>;
-        tcp-only <boolean>;
+        tcp-only <boolean>; // deprecated
         transfer-format ( many-answers | one-answer );
         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
             dscp <integer> ];
@@ -702,6 +703,8 @@ view <string> [ <class> ] {
         serial-update-method ( date | increment | unixtime );
         server <netprefix> {
                 bogus <boolean>;
+                connect [ port <integer> ] [ transport <string> ] [ tls
+                    <string> ];
                 edns <boolean>;
                 edns-udp-size <integer>;
                 edns-version <integer>;
@@ -726,7 +729,7 @@ view <string> [ <class> ] {
                 request-nsid <boolean>;
                 send-cookie <boolean>;
                 tcp-keepalive <boolean>;
-                tcp-only <boolean>;
+                tcp-only <boolean>; // deprecated
                 transfer-format ( many-answers | one-answer );
                 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
                     * ) ] [ dscp <integer> ];

doc/misc/options.active

@@ -415,6 +415,7 @@ primaries <string> [ port <integer> ] [ dscp
 
 server <netprefix> {
         bogus <boolean>;
+        connect [ port <integer> ] [ transport <string> ] [ tls <string> ];
         edns <boolean>;
         edns-udp-size <integer>;
         edns-version <integer>;
@@ -437,7 +438,7 @@ server <netprefix> {
         request-nsid <boolean>;
         send-cookie <boolean>;
         tcp-keepalive <boolean>;
-        tcp-only <boolean>;
+        tcp-only <boolean>; // deprecated
         transfer-format ( many-answers | one-answer );
         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
             dscp <integer> ];
@@ -698,6 +699,8 @@ view <string> [ <class> ] {
         serial-update-method ( date | increment | unixtime );
         server <netprefix> {
                 bogus <boolean>;
+                connect [ port <integer> ] [ transport <string> ] [ tls
+                    <string> ];
                 edns <boolean>;
                 edns-udp-size <integer>;
                 edns-version <integer>;
@@ -722,7 +725,7 @@ view <string> [ <class> ] {
                 request-nsid <boolean>;
                 send-cookie <boolean>;
                 tcp-keepalive <boolean>;
-                tcp-only <boolean>;
+                tcp-only <boolean>; // deprecated
                 transfer-format ( many-answers | one-answer );
                 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
                     * ) ] [ dscp <integer> ];

doc/misc/server.grammar.rst

@@ -2,6 +2,7 @@
 
   server <netprefix> {
   	bogus <boolean>;
+  	connect [ port <integer> ] [ transport <string> ] [ tls <string> ];
   	edns <boolean>;
   	edns-udp-size <integer>;
   	edns-version <integer>;
@@ -24,7 +25,7 @@
   	request-nsid <boolean>;
   	send-cookie <boolean>;
   	tcp-keepalive <boolean>;
-  	tcp-only <boolean>;
+  	tcp-only <boolean>; // deprecated
   	transfer-format ( many-answers | one-answer );
   	transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
   	    dscp <integer> ];

lib/dns/include/dns/peer.h

@@ -32,6 +32,7 @@
 #include <isc/netaddr.h>
 #include <isc/refcount.h>
 
+#include <dns/transport.h>
 #include <dns/types.h>
 
 #define DNS_PEERLIST_MAGIC ISC_MAGIC('s', 'e', 'R', 'L')
@@ -221,4 +222,11 @@ dns_peer_setednsversion(dns_peer_t *peer, uint8_t ednsversion);
 
 isc_result_t
 dns_peer_getednsversion(dns_peer_t *peer, uint8_t *ednsversion);
+
+isc_result_t
+dns_peer_settransport(dns_peer_t *peer, dns_transport_t *transport);
+
+isc_result_t
+dns_peer_gettransport(dns_peer_t *peer, dns_transport_t **transportp);
+
 ISC_LANG_ENDDECLS

lib/dns/include/dns/transport.h

@@ -30,6 +30,9 @@ typedef enum {
 typedef struct dns_transport	  dns_transport_t;
 typedef struct dns_transport_list dns_transport_list_t;
 
+dns_transport_t *
+dns_transport_create(dns_transport_type_t type, isc_mem_t *mctx);
+
 dns_transport_t *
 dns_transport_new(const dns_name_t *name, dns_transport_type_t type,
 		  dns_transport_list_t *list);
@@ -80,6 +83,12 @@ dns_transport_set_mode(dns_transport_t *transport, dns_http_mode_t mode);
  *\li	'transport' is of type DNS_TRANSPORT_HTTP (for endpoint or mode).
  */
 
+uint16_t
+dns_transport_get_port(const dns_transport_t *transport);
+
+void
+dns_transport_set_port(dns_transport_t *transport, const uint16_t port);
+
 void
 dns_transport_attach(dns_transport_t *source, dns_transport_t **targetp);
 /*%<

lib/dns/peer.c

@@ -71,6 +71,7 @@ struct dns_peer {
 	uint8_t ednsversion; /* edns version */
 
 	uint32_t bitflags;
+	dns_transport_t *transport;
 
 	ISC_LINK(dns_peer_t) next;
 };
@@ -96,6 +97,7 @@ struct dns_peer {
 #define FORCE_TCP_BIT		   15
 #define SERVER_PADDING_BIT	   16
 #define REQUEST_TCP_KEEPALIVE_BIT  17
+#define TRANSPORT_BIT		   18
 
 static void
 peerlist_delete(dns_peerlist_t **list);
@@ -344,6 +346,11 @@ peer_delete(dns_peer_t **peer) {
 			    sizeof(*p->transfer_source));
 	}
 
+	if (DNS_BIT_CHECK(TRANSPORT_BIT, &p->bitflags)) {
+		INSIST(p->transport != NULL);
+		dns_transport_detach(&p->transport);
+	}
+
 	isc_mem_put(mem, p, sizeof(*p));
 }
 
@@ -965,3 +972,26 @@ dns_peer_getednsversion(dns_peer_t *peer, uint8_t *ednsversion) {
 		return (ISC_R_NOTFOUND);
 	}
 }
+
+isc_result_t
+dns_peer_settransport(dns_peer_t *peer, dns_transport_t *transport) {
+	REQUIRE(DNS_PEER_VALID(peer));
+
+	dns_transport_attach(transport, &peer->transport);
+	DNS_BIT_SET(TRANSPORT_BIT, &peer->bitflags);
+	return (ISC_R_SUCCESS);
+}
+
+isc_result_t
+dns_peer_gettransport(dns_peer_t *peer, dns_transport_t **transportp) {
+	REQUIRE(DNS_PEER_VALID(peer));
+	REQUIRE(transportp != NULL && *transportp == NULL);
+
+	if (!DNS_BIT_CHECK(EDNS_VERSION_BIT, &peer->bitflags)) {
+		return (ISC_R_NOTFOUND);
+	}
+
+	*transportp = peer->transport;
+
+	return (ISC_R_SUCCESS);
+}

lib/dns/transport.c

@@ -51,6 +51,7 @@ struct dns_transport {
 		char *endpoint;
 		dns_http_mode_t mode;
 	} doh;
+	uint16_t port;
 };
 
 static void
@@ -131,14 +132,23 @@ dns_transport_get_mode(dns_transport_t *transport) {
 }
 
 dns_transport_t *
-dns_transport_new(const dns_name_t *name, dns_transport_type_t type,
-		  dns_transport_list_t *list) {
-	dns_transport_t *transport = isc_mem_get(list->mctx,
-						 sizeof(*transport));
+dns_transport_create(dns_transport_type_t type, isc_mem_t *mctx) {
+	dns_transport_t *transport;
+
+	REQUIRE(type > DNS_TRANSPORT_NONE && type < DNS_TRANSPORT_COUNT);
+
+	transport = isc_mem_get(mctx, sizeof(*transport));
 	*transport = (dns_transport_t){ .type = type };
 	isc_refcount_init(&transport->references, 1);
-	isc_mem_attach(list->mctx, &transport->mctx);
+	isc_mem_attach(mctx, &transport->mctx);
 	transport->magic = TRANSPORT_MAGIC;
+	return (transport);
+}
+
+dns_transport_t *
+dns_transport_new(const dns_name_t *name, dns_transport_type_t type,
+		  dns_transport_list_t *list) {
+	dns_transport_t *transport = dns_transport_create(type, list->mctx);
 
 	list_add(list, name, type, transport);
 
@@ -282,6 +292,18 @@ dns_transport_find(const dns_transport_type_t type, const dns_name_t *name,
 	return (transport);
 }
 
+uint16_t
+dns_transport_get_port(const dns_transport_t *transport) {
+	REQUIRE(VALID_TRANSPORT(transport));
+	return (transport->port);
+}
+
+void
+dns_transport_set_port(dns_transport_t *transport, const uint16_t port) {
+	REQUIRE(VALID_TRANSPORT(transport));
+	transport->port = port;
+}
+
 dns_transport_list_t *
 dns_transport_list_new(isc_mem_t *mctx) {
 	dns_transport_list_t *list = isc_mem_get(mctx, sizeof(*list));

lib/isccfg/namedconf.c

@@ -2465,11 +2465,24 @@ static cfg_type_t cfg_type_key = { "key",	  cfg_parse_named_map,
 				   cfg_print_map, cfg_doc_map,
 				   &cfg_rep_map,  key_clausesets };
 
+static cfg_tuplefielddef_t cfg_server_connect_tuple_fields[] = {
+	{ "port", &cfg_type_optional_port, 0 },
+	{ "transport", &cfg_type_astring, 0 },
+	{ "tls", &cfg_type_astring, 0 },
+	{ NULL, NULL, 0 }
+};
+
+static cfg_type_t cfg_type_server_connect = {
+	"server-connect", cfg_parse_kv_tuple, cfg_print_kv_tuple,
+	cfg_doc_kv_tuple, &cfg_rep_tuple,     cfg_server_connect_tuple_fields
+};
+
 /*%
  * Clauses that can be found in a 'server' statement.
  */
 static cfg_clausedef_t server_clauses[] = {
 	{ "bogus", &cfg_type_boolean, 0 },
+	{ "connect", &cfg_type_server_connect, 0 },
 	{ "edns", &cfg_type_boolean, 0 },
 	{ "edns-udp-size", &cfg_type_uint32, 0 },
 	{ "edns-version", &cfg_type_uint32, 0 },
@@ -2488,7 +2501,7 @@ static cfg_clausedef_t server_clauses[] = {
 	{ "send-cookie", &cfg_type_boolean, 0 },
 	{ "support-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "tcp-keepalive", &cfg_type_boolean, 0 },
-	{ "tcp-only", &cfg_type_boolean, 0 },
+	{ "tcp-only", &cfg_type_boolean, CFG_CLAUSEFLAG_DEPRECATED },
 	{ "transfer-format", &cfg_type_transferformat, 0 },
 	{ "transfer-source", &cfg_type_sockaddr4wild, 0 },
 	{ "transfer-source-v6", &cfg_type_sockaddr6wild, 0 },