dnsdist: Handle "flat" configuration items from YAML

pdns/dnsdistdist/Makefile.am

@@ -151,7 +151,7 @@ dnsdist_SOURCES = \
 	dns.cc dns.hh \
 	dns_random.hh \
 	dnscrypt.cc dnscrypt.hh \
-	dnsdist-actions.hh \
+	dnsdist-actions.cc dnsdist-actions.hh \
 	dnsdist-async.cc dnsdist-async.hh \
 	dnsdist-backend.cc dnsdist-backend.hh \
 	dnsdist-backoff.hh \
@@ -283,6 +283,7 @@ testrunner_SOURCES = \
 	credentials.cc credentials.hh \
 	dns.cc dns.hh \
 	dnscrypt.cc dnscrypt.hh \
+	dnsdist-actions.cc dnsdist-actions.hh \
 	dnsdist-async.cc dnsdist-async.hh \
 	dnsdist-backend.cc dnsdist-backend.hh \
 	dnsdist-backoff.hh \
@@ -498,6 +499,7 @@ dnsdist_SOURCES += doq-common.cc
 endif
 
 if HAVE_YAML_CONFIGURATION
+dnsdist_SOURCES += dnsdist-rust-lib/dnsdist-configuration-yaml-items-cxx.cc
 dnsdist_LDADD += $(DNSDIST_RUST_LIBS)
 endif
 

pdns/dnsdistdist/dnsdist-actions.cc

@@ -0,0 +1,95 @@
+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#include <unordered_map>
+
+#include <boost/algorithm/string.hpp>
+
+#include "dnsdist-actions.hh"
+
+DNSAction::Action DNSAction::typeFromString(const std::string& str)
+{
+  static const std::unordered_map<std::string, Action> s_mappings{
+    {"allow", Action::Allow },
+    {"delay", Action::Delay },
+    {"drop", Action::Drop },
+    {"headermodify", Action::HeaderModify },
+    {"none", Action::None },
+    {"noop", Action::NoOp },
+    {"norecurse", Action::NoRecurse },
+    {"nxdomain", Action::Nxdomain },
+    {"pool", Action::Pool },
+    {"refused", Action::Refused },
+    {"servfail", Action::ServFail },
+    {"settag", Action::SetTag },
+    {"spoof", Action::Spoof },
+    {"spoofpacket", Action::SpoofPacket },
+    {"spoofraw", Action::SpoofRaw },
+    {"truncate", Action::Truncate },
+  };
+
+  auto lower = boost::to_lower_copy(str);
+  boost::replace_all(lower, "-", "");
+  auto mappingIt = s_mappings.find(lower);
+  if (mappingIt != s_mappings.end()) {
+    return mappingIt->second;
+  }
+  throw std::runtime_error("Unable to convert '" + str + "' into a DNS Action");
+}
+
+std::string DNSAction::typeToString(DNSAction::Action action)
+{
+  switch (action) {
+  case Action::Drop:
+    return "Drop";
+  case Action::Nxdomain:
+    return "Send NXDomain";
+  case Action::Refused:
+    return "Send Refused";
+  case Action::Spoof:
+    return "Spoof an answer";
+  case Action::SpoofPacket:
+    return "Spoof a raw answer from bytes";
+  case Action::SpoofRaw:
+    return "Spoof an answer from raw bytes";
+  case Action::Allow:
+    return "Allow";
+  case Action::HeaderModify:
+    return "Modify the header";
+  case Action::Pool:
+    return "Route to a pool";
+  case Action::Delay:
+    return "Delay";
+  case Action::Truncate:
+    return "Truncate over UDP";
+  case Action::ServFail:
+    return "Send ServFail";
+  case Action::SetTag:
+    return "Set Tag";
+  case Action::None:
+  case Action::NoOp:
+    return "Do nothing";
+  case Action::NoRecurse:
+    return "Set rd=0";
+  }
+
+  return "Unknown";
+}

pdns/dnsdistdist/dnsdist-actions.hh

@@ -21,6 +21,10 @@
  */
 #pragma once
 
+#include <cstdint>
+#include <map>
+#include <string>
+
 /* so what could you do:
    drop,
    fake up nxdomain,
@@ -55,44 +59,8 @@ public:
     SpoofPacket,
     SetTag,
   };
-  static std::string typeToString(const Action& action)
-  {
-    switch (action) {
-    case Action::Drop:
-      return "Drop";
-    case Action::Nxdomain:
-      return "Send NXDomain";
-    case Action::Refused:
-      return "Send Refused";
-    case Action::Spoof:
-      return "Spoof an answer";
-    case Action::SpoofPacket:
-      return "Spoof a raw answer from bytes";
-    case Action::SpoofRaw:
-      return "Spoof an answer from raw bytes";
-    case Action::Allow:
-      return "Allow";
-    case Action::HeaderModify:
-      return "Modify the header";
-    case Action::Pool:
-      return "Route to a pool";
-    case Action::Delay:
-      return "Delay";
-    case Action::Truncate:
-      return "Truncate over UDP";
-    case Action::ServFail:
-      return "Send ServFail";
-    case Action::SetTag:
-      return "Set Tag";
-    case Action::None:
-    case Action::NoOp:
-      return "Do nothing";
-    case Action::NoRecurse:
-      return "Set rd=0";
-    }
-
-    return "Unknown";
-  }
+  static Action typeFromString(const std::string& str);
+  static std::string typeToString(Action action);
 
   virtual Action operator()(DNSQuestion*, std::string* ruleresult) const = 0;
   virtual ~DNSAction() = default;

pdns/dnsdistdist/dnsdist-configuration-yaml.cc

@@ -41,6 +41,7 @@
 
 namespace dnsdist::configuration::yaml
 {
+void convertRuntimeFlatSettingsFromRust(const dnsdist::rust::settings::GlobalConfiguration& yamlConfig);
 
 static std::set<int> getCPUPiningFromStr(const std::string& cpuStr)
 {
@@ -427,6 +428,15 @@ bool loadConfigurationFromFile(const std::string fileName)
       });
     }
 
+    if (!globalConfig.proxy_protocol.acl.empty()) {
+      dnsdist::configuration::updateRuntimeConfiguration([globalConfig](dnsdist::configuration::RuntimeConfiguration& config) {
+        config.d_proxyProtocolACL.clear();
+        for (const auto& aclEntry : globalConfig.proxy_protocol.acl) {
+          config.d_proxyProtocolACL.addMask(std::string(aclEntry));
+        }
+      });
+    }
+
 #ifndef DISABLE_CARBON
     for (const auto& carbonConfig : globalConfig.metrics.carbon) {
       auto newEndpoint = dnsdist::Carbon::newEndpoint(std::string(carbonConfig.address),
@@ -485,9 +495,27 @@ bool loadConfigurationFromFile(const std::string fileName)
         config.d_dashboardRequiresAuthentication = webConfig.dashboard_requires_authentication;
         config.d_statsRequireAuthentication = webConfig.stats_require_authentication;
         dnsdist::webserver::setMaxConcurrentConnections(webConfig.max_concurrent_connections);
+        config.d_apiConfigDirectory = std::string(webConfig.api_configuration_directory);
+        config.d_apiReadWrite = webConfig.api_read_write;
       });
+    }
 
+    if (globalConfig.query_count.enabled) {
+      dnsdist::configuration::updateRuntimeConfiguration([&globalConfig](dnsdist::configuration::RuntimeConfiguration& config) {
+        config.d_queryCountConfig.d_enabled = true;
+        if (!globalConfig.query_count.filter.empty()) {
+          getOptionalLuaFunction<dnsdist::QueryCount::Configuration::Filter>(config.d_queryCountConfig.d_filter, std::string(globalConfig.query_count.filter));
+        }
+      });
     }
+
+    if (!globalConfig.dynamic_rules_settings.default_action.empty()) {
+      dnsdist::configuration::updateRuntimeConfiguration([default_action=globalConfig.dynamic_rules_settings.default_action](dnsdist::configuration::RuntimeConfiguration& config) {
+        config.d_dynBlockAction = DNSAction::typeFromString(std::string(default_action));
+      });
+    }
+
+    convertRuntimeFlatSettingsFromRust(globalConfig);
     return true;
   }
   catch (const ::rust::Error& exp) {

pdns/dnsdistdist/dnsdist-rust-lib/Makefile.am

@@ -5,13 +5,25 @@ EXTRA_DIST = \
 
 BUILT_SOURCES=rust/src/lib.rs
 
+# all: rust/src/lib.rs libdnsdist_settings_cxx.a
+
+# dnsdist_settings_cxx.cc rust/src/lib%rs: settings-generator.py dnsdist-rules-definitions.yml rust-pre-in.rs rust-middle-in.rs rust-post-in.rs dnsdist_settings_cxx_pre-in.cc dnsdist_settings_cxx_post-in.cc
+# 	@if test "$(PYTHON)" = ":"; then echo "Settings definitions have changed, python is needed to regenerate the related settings files but python was not found. Please install python and re-run configure"; exit 1; fi
+# 	@if ! $(PYTHON) --version | grep -q "Python 3"; then echo $(PYTHON) should be at least version 3. Please install python 3 and re-run configure; exit 1; fi
+# 	$(MAKE) -C rust clean
+# 	(cd ${srcdir} && $(PYTHON) settings-generator.py dnsdist-rules-definitions.yml)
+
+# noinst_LIBRARIES = libdnsdist_settings_cxx.a
+# libdnsdist_settings_cxx_a_SOURCES = dnsdist_settings_cxx.cc
+
 all: rust/src/lib.rs
 
-rust/src/lib%rs: settings-generator.py dnsdist-rules-definitions.yml rust-pre-in.rs rust-middle-in.rs rust-post-in.rs
+rust/src/lib%rs: settings-generator.py dnsdist-rules-definitions.yml rust-pre-in.rs rust-middle-in.rs rust-post-in.rs dnsdist-configuration-yaml-items-cxx-pre-in.cc
 	@if test "$(PYTHON)" = ":"; then echo "Settings definitions have changed, python is needed to regenerate the related settings files but python was not found. Please install python and re-run configure"; exit 1; fi
 	@if ! $(PYTHON) --version | grep -q "Python 3"; then echo $(PYTHON) should be at least version 3. Please install python 3 and re-run configure; exit 1; fi
 	$(MAKE) -C rust clean
 	(cd ${srcdir} && $(PYTHON) settings-generator.py dnsdist-rules-definitions.yml)
 
 clean-local:
+	rm dnsdist-configuration-yaml-items-cxx.cc
 	rm -f rust/src/lib.rs

pdns/dnsdistdist/dnsdist-rust-lib/dnsdist-configuration-yaml-items-cxx-pre-in.cc

@@ -0,0 +1,24 @@
+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "dnsdist-configuration.hh"
+#include "dnsdist-configuration-yaml.hh"