diff --git a/modules/gmysqlbackend/smysql.cc b/modules/gmysqlbackend/smysql.cc index 3522123f3f31..d9f484bbd3e8 100644 --- a/modules/gmysqlbackend/smysql.cc +++ b/modules/gmysqlbackend/smysql.cc @@ -372,7 +372,7 @@ class SMySQLStatement : public SSqlStatement if (d_req_bind) { for (int i = 0; i < d_parnum; i++) { if (d_req_bind[i].buffer) - delete[](char*) d_req_bind[i].buffer; + delete[] (char*)d_req_bind[i].buffer; if (d_req_bind[i].length) delete[] d_req_bind[i].length; } @@ -431,7 +431,7 @@ class SMySQLStatement : public SSqlStatement if (d_req_bind) { for (int i = 0; i < d_parnum; i++) { if (d_req_bind[i].buffer) - delete[](char*) d_req_bind[i].buffer; + delete[] (char*)d_req_bind[i].buffer; if (d_req_bind[i].length) delete[] d_req_bind[i].length; } @@ -441,7 +441,7 @@ class SMySQLStatement : public SSqlStatement if (d_res_bind) { for (int i = 0; i < d_fnum; i++) { if (d_res_bind[i].buffer) - delete[](char*) d_res_bind[i].buffer; + delete[] (char*)d_res_bind[i].buffer; if (d_res_bind[i].length) delete[] d_res_bind[i].length; if (d_res_bind[i].error) diff --git a/modules/godbcbackend/sodbc.cc b/modules/godbcbackend/sodbc.cc index c79ac2b26504..e2d3c357949e 100644 --- a/modules/godbcbackend/sodbc.cc +++ b/modules/godbcbackend/sodbc.cc @@ -263,7 +263,7 @@ class SODBCStatement : public SSqlStatement for (auto& i : d_req_bind) { if (i.ParameterType == SQL_VARCHAR) - delete[](char*) i.ParameterValuePtr; + delete[] (char*)i.ParameterValuePtr; else if (i.ParameterType == SQL_INTEGER) delete (ULONG*)i.ParameterValuePtr; else if (i.ParameterType == SQL_C_UBIGINT) diff --git a/modules/ldapbackend/ldapbackend.cc b/modules/ldapbackend/ldapbackend.cc index c1e91b692f4d..dbba1245db55 100644 --- a/modules/ldapbackend/ldapbackend.cc +++ b/modules/ldapbackend/ldapbackend.cc @@ -106,8 +106,8 @@ LdapBackend::LdapBackend(const string& suffix) LdapBackend::~LdapBackend() { d_search.reset(); // This is necessary otherwise d_pldap will get deleted first and - // we may hang in SearchResult::~SearchResult() waiting for the - // current operation to be abandoned + // we may hang in SearchResult::~SearchResult() waiting for the + // current operation to be abandoned delete (d_pldap); delete (d_authenticator); g_log << Logger::Notice << d_myname << " Ldap connection closed" << endl; diff --git a/modules/ldapbackend/powerldap.cc b/modules/ldapbackend/powerldap.cc index fe5ce7f1bb00..edd97f0c5a7b 100644 --- a/modules/ldapbackend/powerldap.cc +++ b/modules/ldapbackend/powerldap.cc @@ -39,7 +39,7 @@ PowerLDAP::SearchResult::~SearchResult() { if (!d_finished) ldap_abandon_ext(d_ld, d_msgid, NULL, NULL); // We don't really care about the return code as there's - // not much we can do now + // not much we can do now } bool PowerLDAP::SearchResult::getNext(PowerLDAP::sentry_t& entry, bool dn, int /* timeout */) diff --git a/modules/lmdbbackend/lmdbbackend.cc b/modules/lmdbbackend/lmdbbackend.cc index d75ec276879d..99b97349d653 100644 --- a/modules/lmdbbackend/lmdbbackend.cc +++ b/modules/lmdbbackend/lmdbbackend.cc @@ -821,7 +821,7 @@ namespace serialization ar& std::string(); } else { - ar& g.toDNSStringLC(); + ar & g.toDNSStringLC(); } } @@ -829,7 +829,7 @@ namespace serialization void load(Archive& ar, DNSName& g, const unsigned int /* version */) { string tmp; - ar& tmp; + ar & tmp; if (tmp.empty()) { g = DNSName(); } @@ -841,44 +841,44 @@ namespace serialization template void save(Archive& ar, const QType& g, const unsigned int /* version */) { - ar& g.getCode(); + ar & g.getCode(); } template void load(Archive& ar, QType& g, const unsigned int /* version */) { uint16_t tmp; - ar& tmp; + ar & tmp; g = QType(tmp); } template void save(Archive& ar, const DomainInfo& g, const unsigned int /* version */) { - ar& g.zone; - ar& g.last_check; - ar& g.account; - ar& g.primaries; - ar& g.id; - ar& g.notified_serial; - ar& g.kind; - ar& g.options; - ar& g.catalog; + ar & g.zone; + ar & g.last_check; + ar & g.account; + ar & g.primaries; + ar & g.id; + ar & g.notified_serial; + ar & g.kind; + ar & g.options; + ar & g.catalog; } template void load(Archive& ar, DomainInfo& g, const unsigned int version) { - ar& g.zone; - ar& g.last_check; - ar& g.account; - ar& g.primaries; - ar& g.id; - ar& g.notified_serial; - ar& g.kind; + ar & g.zone; + ar & g.last_check; + ar & g.account; + ar & g.primaries; + ar & g.id; + ar & g.notified_serial; + ar & g.kind; if (version >= 1) { - ar& g.options; - ar& g.catalog; + ar & g.options; + ar & g.catalog; } else { g.options.clear(); @@ -889,21 +889,21 @@ namespace serialization template void serialize(Archive& ar, LMDBBackend::DomainMeta& g, const unsigned int /* version */) { - ar& g.domain& g.key& g.value; + ar & g.domain & g.key & g.value; } template void save(Archive& ar, const LMDBBackend::KeyDataDB& g, const unsigned int /* version */) { - ar& g.domain& g.content& g.flags& g.active& g.published; + ar & g.domain & g.content & g.flags & g.active & g.published; } template void load(Archive& ar, LMDBBackend::KeyDataDB& g, const unsigned int version) { - ar& g.domain& g.content& g.flags& g.active; + ar & g.domain & g.content & g.flags & g.active; if (version >= 1) { - ar& g.published; + ar & g.published; } else { g.published = true; @@ -913,9 +913,9 @@ namespace serialization template void serialize(Archive& ar, TSIGKey& g, const unsigned int /* version */) { - ar& g.name; - ar& g.algorithm; // this is the ordername - ar& g.key; + ar & g.name; + ar & g.algorithm; // this is the ordername + ar & g.key; } } // namespace serialization diff --git a/modules/remotebackend/httpconnector.cc b/modules/remotebackend/httpconnector.cc index acff9dfb7c0d..457fdd57f5c4 100644 --- a/modules/remotebackend/httpconnector.cc +++ b/modules/remotebackend/httpconnector.cc @@ -379,9 +379,7 @@ int HTTPConnector::send_message(const Json& input) // connect using tcp struct addrinfo* gAddr = nullptr; struct addrinfo* gAddrPtr = nullptr; - struct addrinfo hints - { - }; + struct addrinfo hints{}; std::string sPort = std::to_string(d_port); memset(&hints, 0, sizeof hints); hints.ai_family = AF_UNSPEC; diff --git a/modules/remotebackend/unixconnector.cc b/modules/remotebackend/unixconnector.cc index 8b4d5064eccf..5ac137d4c457 100644 --- a/modules/remotebackend/unixconnector.cc +++ b/modules/remotebackend/unixconnector.cc @@ -69,12 +69,8 @@ int UnixsocketConnector::recv_message(Json& output) std::string s_output; std::string err; - struct timeval t0 - { - }; - struct timeval t - { - }; + struct timeval t0{}; + struct timeval t{}; gettimeofday(&t0, nullptr); memcpy(&t, &t0, sizeof(t0)); @@ -159,9 +155,7 @@ ssize_t UnixsocketConnector::write(const std::string& data) void UnixsocketConnector::reconnect() { - struct sockaddr_un sock - { - }; + struct sockaddr_un sock{}; int rv = 0; if (connected) { diff --git a/modules/tinydnsbackend/tinydnsbackend.cc b/modules/tinydnsbackend/tinydnsbackend.cc index 412b6f612a0d..009f48c41d33 100644 --- a/modules/tinydnsbackend/tinydnsbackend.cc +++ b/modules/tinydnsbackend/tinydnsbackend.cc @@ -50,7 +50,7 @@ vector TinyDNSBackend::getLocations() char key[6]; key[0] = '\000'; key[1] = '\045'; - key[2] = (addr)&0xff; + key[2] = (addr) & 0xff; key[3] = (addr >> 8) & 0xff; key[4] = (addr >> 16) & 0xff; key[5] = (addr >> 24) & 0xff; diff --git a/pdns/arguments.cc b/pdns/arguments.cc index 2e0ae7869264..72a2c1b99c55 100644 --- a/pdns/arguments.cc +++ b/pdns/arguments.cc @@ -583,9 +583,7 @@ void ArgvMap::gatherIncludes(const std::string& directory, const std::string& su // build name string fullName = directory + "/" + std::string(name); // ensure it's readable file - struct stat statInfo - { - }; + struct stat statInfo{}; if (stat(fullName.c_str(), &statInfo) != 0 || !S_ISREG(statInfo.st_mode)) { string msg = fullName + " is not a regular file"; SLOG(g_log << Logger::Error << msg << std::endl, diff --git a/pdns/backends/gsql/ssql.hh b/pdns/backends/gsql/ssql.hh index dbc46a32a577..79c1be0ed119 100644 --- a/pdns/backends/gsql/ssql.hh +++ b/pdns/backends/gsql/ssql.hh @@ -92,6 +92,6 @@ public: { return true; } - virtual void reconnect(){}; + virtual void reconnect() {}; virtual ~SSql() = default; }; diff --git a/pdns/credentials.cc b/pdns/credentials.cc index ddc5add19bd2..c275a78a2d27 100644 --- a/pdns/credentials.cc +++ b/pdns/credentials.cc @@ -443,8 +443,7 @@ SensitiveData CredentialsHolder::readFromTerminal() struct std::map signals; struct sigaction sigact // just sigaction does not work, it clashes with sigaction(2) - { - }; + {}; sigemptyset(&sigact.sa_mask); sigact.sa_flags = 0; sigact.sa_handler = [](int /* s */) {}; diff --git a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc index 7abb7d47f39e..289cee88b6d7 100644 --- a/pdns/dnsbackend.cc +++ b/pdns/dnsbackend.cc @@ -335,8 +335,7 @@ void fillSOAData(const DNSZoneRecord& inZoneRecord, SOAData& soaData) std::shared_ptr makeSOAContent(const SOAData& soaData) { - struct soatimes soaTimes - { + struct soatimes soaTimes{ .serial = soaData.serial, .refresh = soaData.refresh, .retry = soaData.retry, diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh index 7333551ffb26..496b80ec5826 100644 --- a/pdns/dnsbackend.hh +++ b/pdns/dnsbackend.hh @@ -134,7 +134,7 @@ struct TSIGKey struct AutoPrimary { AutoPrimary(string new_ip, string new_nameserver, string new_account) : - ip(std::move(new_ip)), nameserver(std::move(new_nameserver)), account(std::move(new_account)){}; + ip(std::move(new_ip)), nameserver(std::move(new_nameserver)), account(std::move(new_account)) {}; std::string ip; std::string nameserver; std::string account; @@ -534,7 +534,7 @@ public: struct SOAData { SOAData() : - domain_id(-1){}; + domain_id(-1) {}; DNSName qname; DNSName nameserver; diff --git a/pdns/dnsdistdist/dnscrypt.hh b/pdns/dnsdistdist/dnscrypt.hh index 516848f9a05d..4ee826d836a7 100644 --- a/pdns/dnsdistdist/dnscrypt.hh +++ b/pdns/dnsdistdist/dnscrypt.hh @@ -76,18 +76,12 @@ static_assert(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES == crypto_box #define DNSCRYPT_CERT_MAGIC_SIZE (4) #define DNSCRYPT_CERT_MAGIC_VALUE \ - { \ - 0x44, 0x4e, 0x53, 0x43 \ - } + {0x44, 0x4e, 0x53, 0x43} #define DNSCRYPT_CERT_PROTOCOL_MINOR_VERSION_VALUE \ - { \ - 0x00, 0x00 \ - } + {0x00, 0x00} #define DNSCRYPT_CLIENT_MAGIC_SIZE (8) -#define DNSCRYPT_RESOLVER_MAGIC \ - { \ - 0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38 \ - } +#define DNSCRYPT_RESOLVER_MAGIC \ + {0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38} #define DNSCRYPT_RESOLVER_MAGIC_SIZE (8) #define DNSCRYPT_PADDED_BLOCK_SIZE (64) #define DNSCRYPT_MAX_TCP_PADDING_SIZE (256) @@ -100,13 +94,9 @@ static_assert(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES == crypto_box static_assert(DNSCRYPT_CLIENT_MAGIC_SIZE <= DNSCRYPT_PUBLIC_KEY_SIZE, "DNSCrypt Client Nonce size should be smaller or equal to public key size."); #define DNSCRYPT_CERT_ES_VERSION1_VALUE \ - { \ - 0x00, 0x01 \ - } + {0x00, 0x01} #define DNSCRYPT_CERT_ES_VERSION2_VALUE \ - { \ - 0x00, 0x02 \ - } + {0x00, 0x02} class DNSCryptContext; diff --git a/pdns/dnsdistdist/dnsdist-async.cc b/pdns/dnsdistdist/dnsdist-async.cc index 84095c4a2e2b..776a8f011cef 100644 --- a/pdns/dnsdistdist/dnsdist-async.cc +++ b/pdns/dnsdistdist/dnsdist-async.cc @@ -86,9 +86,7 @@ void AsynchronousHolder::stop() void AsynchronousHolder::mainThread(std::shared_ptr data) { setThreadName("dnsdist/async"); - struct timeval now - { - }; + struct timeval now{}; std::list>> expiredEvents; auto mplexer = std::unique_ptr(FDMultiplexer::getMultiplexerSilent(1)); @@ -181,9 +179,7 @@ std::unique_ptr AsynchronousHolder::get(uint16_t asyncID, ui auto content = d_data->d_content.lock(); auto contentIt = content->find(std::tie(queryID, asyncID)); if (contentIt == content->end()) { - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); vinfolog("Asynchronous object %d not found at %d.%d", queryID, now.tv_sec, now.tv_usec); return nullptr; @@ -231,9 +227,7 @@ static bool resumeResponse(std::unique_ptr&& response) auto sender = response->getTCPQuerySender(); if (sender) { - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); TCPResponse resp(std::move(response->query.d_buffer), std::move(response->query.d_idstate), nullptr, response->downstream); @@ -318,9 +312,7 @@ bool resumeQuery(std::unique_ptr&& query) return false; } - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); TCPResponse response(std::move(query->query.d_buffer), std::move(query->query.d_idstate), nullptr, query->downstream); @@ -351,9 +343,7 @@ bool suspendQuery(DNSQuestion& dnsQuestion, uint16_t asyncID, uint16_t queryID, return false; } - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); struct timeval ttd = now; ttd.tv_sec += timeoutMs / 1000; @@ -373,9 +363,7 @@ bool suspendResponse(DNSResponse& dnsResponse, uint16_t asyncID, uint16_t queryI return false; } - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); struct timeval ttd = now; ttd.tv_sec += timeoutMs / 1000; diff --git a/pdns/dnsdistdist/dnsdist-console.cc b/pdns/dnsdistdist/dnsdist-console.cc index dc92a02be46b..b5581ac76243 100644 --- a/pdns/dnsdistdist/dnsdist-console.cc +++ b/pdns/dnsdistdist/dnsdist-console.cc @@ -480,378 +480,377 @@ void doConsole() #ifndef DISABLE_COMPLETION /**** CARGO CULT CODE AHEAD ****/ -static const std::vector s_consoleKeywords -{ +static const std::vector s_consoleKeywords{ /* keyword, function, parameters, description */ {"addACL", true, "netmask", "add to the ACL set who can use this server"}, - {"addAction", true, R"(DNS rule, DNS action [, {uuid="UUID", name="name"}])", "add a rule"}, - {"addBPFFilterDynBlocks", true, "addresses, dynbpf[[, seconds=10], msg]", "This is the eBPF equivalent of addDynBlocks(), blocking a set of addresses for (optionally) a number of seconds, using an eBPF dynamic filter"}, - {"addCapabilitiesToRetain", true, "capability or list of capabilities", "Linux capabilities to retain after startup, like CAP_BPF"}, - {"addConsoleACL", true, "netmask", "add a netmask to the console ACL"}, - {"addDNSCryptBind", true, R"('127.0.0.1:8443", "provider name", "/path/to/resolver.cert", "/path/to/resolver.key", {reusePort=false, tcpFastOpenQueueSize=0, interface="", cpus={}})", "listen to incoming DNSCrypt queries on 127.0.0.1 port 8443, with a provider name of `provider name`, using a resolver certificate and associated key stored respectively in the `resolver.cert` and `resolver.key` files. The fifth optional parameter is a table of parameters"}, - {"addDOHLocal", true, "addr, certFile, keyFile [, urls [, vars]]", "listen to incoming DNS over HTTPS queries on the specified address using the specified certificate and key. The last two parameters are tables"}, - {"addDOH3Local", true, "addr, certFile, keyFile [, vars]", "listen to incoming DNS over HTTP/3 queries on the specified address using the specified certificate and key. The last parameter is a table"}, - {"addDOQLocal", true, "addr, certFile, keyFile [, vars]", "listen to incoming DNS over QUIC queries on the specified address using the specified certificate and key. The last parameter is a table"}, - {"addDynamicBlock", true, "address, message[, action [, seconds [, clientIPMask [, clientIPPortMask]]]]", "block the supplied address with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)"}, - {"addDynBlocks", true, "addresses, message[, seconds[, action]]", "block the set of addresses with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)"}, - {"addDynBlockSMT", true, "names, message[, seconds [, action]]", "block the set of names with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)"}, - {"addLocal", true, R"(addr [, {doTCP=true, reusePort=false, tcpFastOpenQueueSize=0, interface="", cpus={}}])", "add `addr` to the list of addresses we listen on"}, - {"addCacheHitResponseAction", true, R"(DNS rule, DNS response action [, {uuid="UUID", name="name"}}])", "add a cache hit response rule"}, - {"addCacheInsertedResponseAction", true, R"(DNS rule, DNS response action [, {uuid="UUID", name="name"}}])", "add a cache inserted response rule"}, - {"addMaintenanceCallback", true, "callback", "register a function to be called as part of the maintenance hook, every second"}, - {"addResponseAction", true, R"(DNS rule, DNS response action [, {uuid="UUID", name="name"}}])", "add a response rule"}, - {"addSelfAnsweredResponseAction", true, R"(DNS rule, DNS response action [, {uuid="UUID", name="name"}}])", "add a self-answered response rule"}, - {"addXFRResponseAction", true, R"(DNS rule, DNS response action [, {uuid="UUID", name="name"}}])", "add a XFR response rule"}, - {"addTLSLocal", true, "addr, certFile(s), keyFile(s) [,params]", "listen to incoming DNS over TLS queries on the specified address using the specified certificate (or list of) and key (or list of). The last parameter is a table"}, - {"AllowAction", true, "", "let these packets go through"}, - {"AllowResponseAction", true, "", "let these packets go through"}, - {"AllRule", true, "", "matches all traffic"}, - {"AndRule", true, "list of DNS rules", "matches if all sub-rules matches"}, - {"benchRule", true, "DNS Rule [, iterations [, suffix]]", "bench the specified DNS rule"}, - {"carbonServer", true, "serverIP, [ourname], [interval]", "report statistics to serverIP using our hostname, or 'ourname' if provided, every 'interval' seconds"}, - {"clearConsoleHistory", true, "", "clear the internal (in-memory) history of console commands"}, - {"clearDynBlocks", true, "", "clear all dynamic blocks"}, - {"clearQueryCounters", true, "", "clears the query counter buffer"}, - {"clearRules", true, "", "remove all current rules"}, - {"controlSocket", true, "addr", "open a control socket on this address / connect to this address in client mode"}, - {"ContinueAction", true, "action", "execute the specified action and continue the processing of the remaining rules, regardless of the return of the action"}, - {"declareMetric", true, "name, type, description [, prometheusName]", "Declare a custom metric"}, - {"decMetric", true, "name", "Decrement a custom metric"}, - {"DelayAction", true, "milliseconds", "delay the response by the specified amount of milliseconds (UDP-only)"}, - {"DelayResponseAction", true, "milliseconds", "delay the response by the specified amount of milliseconds (UDP-only)"}, - {"delta", true, "", "shows all commands entered that changed the configuration"}, - {"DNSSECRule", true, "", "matches queries with the DO bit set"}, - {"DnstapLogAction", true, "identity, FrameStreamLogger [, alterFunction]", "send the contents of this query to a FrameStreamLogger or RemoteLogger as dnstap. `alterFunction` is a callback, receiving a DNSQuestion and a DnstapMessage, that can be used to modify the dnstap message"}, - {"DnstapLogResponseAction", true, "identity, FrameStreamLogger [, alterFunction]", "send the contents of this response to a remote or FrameStreamLogger or RemoteLogger as dnstap. `alterFunction` is a callback, receiving a DNSResponse and a DnstapMessage, that can be used to modify the dnstap message"}, - {"DropAction", true, "", "drop these packets"}, - {"DropResponseAction", true, "", "drop these packets"}, - {"DSTPortRule", true, "port", "matches questions received to the destination port specified"}, - {"dumpStats", true, "", "print all statistics we gather"}, - {"dynBlockRulesGroup", true, "", "return a new DynBlockRulesGroup object"}, - {"EDNSVersionRule", true, "version", "matches queries with the specified EDNS version"}, - {"EDNSOptionRule", true, "optcode", "matches queries with the specified EDNS0 option present"}, - {"ERCodeAction", true, "ercode", "Reply immediately by turning the query into a response with the specified EDNS extended rcode"}, - {"ERCodeRule", true, "rcode", "matches responses with the specified extended rcode (EDNS0)"}, - {"exceedNXDOMAINs", true, "rate, seconds", "get set of addresses that exceed `rate` NXDOMAIN/s over `seconds` seconds"}, - {"exceedQRate", true, "rate, seconds", "get set of address that exceed `rate` queries/s over `seconds` seconds"}, - {"exceedQTypeRate", true, "type, rate, seconds", "get set of address that exceed `rate` queries/s for queries of type `type` over `seconds` seconds"}, - {"exceedRespByterate", true, "rate, seconds", "get set of addresses that exceeded `rate` bytes/s answers over `seconds` seconds"}, - {"exceedServFails", true, "rate, seconds", "get set of addresses that exceed `rate` servfails/s over `seconds` seconds"}, - {"firstAvailable", false, "", "picks the server with the lowest `order` that has not exceeded its QPS limit"}, - {"fixupCase", true, "bool", "if set (default to no), rewrite the first qname of the question part of the answer to match the one from the query. It is only useful when you have a downstream server that messes up the case of the question qname in the answer"}, - {"generateDNSCryptCertificate", true, R"("/path/to/providerPrivate.key", "/path/to/resolver.cert", "/path/to/resolver.key", serial, validFrom, validUntil)", "generate a new resolver private key and related certificate, valid from the `validFrom` timestamp until the `validUntil` one, signed with the provider private key"}, - {"generateDNSCryptProviderKeys", true, R"("/path/to/providerPublic.key", "/path/to/providerPrivate.key")", "generate a new provider keypair"}, - {"getAction", true, "n", "Returns the Action associated with rule n"}, - {"getBind", true, "n", "returns the listener at index n"}, - {"getBindCount", true, "", "returns the number of listeners all kinds"}, - {"getCacheHitResponseRule", true, "selector", "Return the cache-hit response rule corresponding to the selector, if any"}, - {"getCacheInsertedResponseRule", true, "selector", "Return the cache-inserted response rule corresponding to the selector, if any"}, - {"getCurrentTime", true, "", "returns the current time"}, - {"getDynamicBlocks", true, "", "returns a table of the current network-based dynamic blocks"}, - {"getDynamicBlocksSMT", true, "", "returns a table of the current suffix-based dynamic blocks"}, - {"getDNSCryptBind", true, "n", "return the `DNSCryptContext` object corresponding to the bind `n`"}, - {"getDNSCryptBindCount", true, "", "returns the number of DNSCrypt listeners"}, - {"getDOHFrontend", true, "n", "returns the DoH frontend with index n"}, - {"getDOHFrontendCount", true, "", "returns the number of DoH listeners"}, - {"getDOH3Frontend", true, "n", "returns the DoH3 frontend with index n"}, - {"getDOH3FrontendCount", true, "", "returns the number of DoH3 listeners"}, - {"getDOQFrontend", true, "n", "returns the DoQ frontend with index n"}, - {"getDOQFrontendCount", true, "", "returns the number of DoQ listeners"}, - {"getListOfAddressesOfNetworkInterface", true, "itf", "returns the list of addresses configured on a given network interface, as strings"}, - {"getListOfNetworkInterfaces", true, "", "returns the list of network interfaces present on the system, as strings"}, - {"getListOfRangesOfNetworkInterface", true, "itf", "returns the list of network ranges configured on a given network interface, as strings"}, - {"getMACAddress", true, "IP addr", "return the link-level address (MAC) corresponding to the supplied neighbour IP address, if known by the kernel"}, - {"getMetric", true, "name", "Get the value of a custom metric"}, - {"getOutgoingTLSSessionCacheSize", true, "", "returns the number of TLS sessions (for outgoing connections) currently cached"}, - {"getPool", true, "name", "return the pool named `name`, or \"\" for the default pool"}, - {"getPoolServers", true, "pool", "return servers part of this pool"}, - {"getPoolNames", true, "", "returns a table with all the pool names"}, - {"getQueryCounters", true, "[max=10]", "show current buffer of query counters, limited by 'max' if provided"}, - {"getResponseRing", true, "", "return the current content of the response ring"}, - {"getResponseRule", true, "selector", "Return the response rule corresponding to the selector, if any"}, - {"getRespRing", true, "", "return the qname/rcode content of the response ring"}, - {"getRule", true, "selector", "Return the rule corresponding to the selector, if any"}, - {"getSelfAnsweredResponseRule", true, "selector", "Return the self-answered response rule corresponding to the selector, if any"}, - {"getServer", true, "id", "returns server with index 'n' or whose uuid matches if 'id' is an UUID string"}, - {"getServers", true, "", "returns a table with all defined servers"}, - {"getStatisticsCounters", true, "", "returns a map of statistic counters"}, - {"getTopCacheHitResponseRules", true, "[top]", "return the `top` cache-hit response rules"}, - {"getTopCacheInsertedResponseRules", true, "[top]", "return the `top` cache-inserted response rules"}, - {"getTopResponseRules", true, "[top]", "return the `top` response rules"}, - {"getTopRules", true, "[top]", "return the `top` rules"}, - {"getTopSelfAnsweredResponseRules", true, "[top]", "return the `top` self-answered response rules"}, - {"getTopXFRResponseRules", true, "[top]", "return the `top` XFR response rules"}, - {"getTLSFrontend", true, "n", "returns the TLS frontend with index n"}, - {"getTLSFrontendCount", true, "", "returns the number of DoT listeners"}, - {"getVerbose", true, "", "get whether log messages at the verbose level will be logged"}, - {"getXFRResponseRule", true, "selector", "Return the XFR response rule corresponding to the selector, if any"}, - {"grepq", true, R"(Netmask|DNS Name|100ms|{"::1", "powerdns.com", "100ms"} [, n] [,options])", "shows the last n queries and responses matching the specified client address or range (Netmask), or the specified DNS Name, or slower than 100ms"}, - {"hashPassword", true, "password [, workFactor]", "Returns a hashed and salted version of the supplied password, usable with 'setWebserverConfig()'"}, - {"HTTPHeaderRule", true, "name, regex", "matches DoH queries with a HTTP header 'name' whose content matches the regular expression 'regex'"}, - {"HTTPPathRegexRule", true, "regex", "matches DoH queries whose HTTP path matches 'regex'"}, - {"HTTPPathRule", true, "path", "matches DoH queries whose HTTP path is an exact match to 'path'"}, - {"HTTPStatusAction", true, "status, reason, body", "return an HTTP response"}, - {"inClientStartup", true, "", "returns true during console client parsing of configuration"}, - {"includeDirectory", true, "path", "include configuration files from `path`"}, - {"incMetric", true, "name", "Increment a custom metric"}, - {"KeyValueLookupKeyQName", true, "[wireFormat]", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return the qname of the query, either in wire format (default) or in plain text if 'wireFormat' is false"}, - {"KeyValueLookupKeySourceIP", true, "[v4Mask [, v6Mask [, includePort]]]", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return the (possibly bitmasked) source IP of the client in network byte-order."}, - {"KeyValueLookupKeySuffix", true, "[minLabels [,wireFormat]]", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return a vector of keys based on the labels of the qname in DNS wire format or plain text"}, - {"KeyValueLookupKeyTag", true, "tag", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return the value of the corresponding tag for this query, if it exists"}, - {"KeyValueStoreLookupAction", true, "kvs, lookupKey, destinationTag", "does a lookup into the key value store referenced by 'kvs' using the key returned by 'lookupKey', and storing the result if any into the tag named 'destinationTag'"}, - {"KeyValueStoreRangeLookupAction", true, "kvs, lookupKey, destinationTag", "does a range-based lookup into the key value store referenced by 'kvs' using the key returned by 'lookupKey', and storing the result if any into the tag named 'destinationTag'"}, - {"KeyValueStoreLookupRule", true, "kvs, lookupKey", "matches queries if the key is found in the specified Key Value store"}, - {"KeyValueStoreRangeLookupRule", true, "kvs, lookupKey", "matches queries if the key is found in the specified Key Value store"}, - {"leastOutstanding", false, "", "Send traffic to downstream server with least outstanding queries, with the lowest 'order', and within that the lowest recent latency"}, + {"addAction", true, R"(DNS rule, DNS action [, {uuid="UUID", name="name"}])", "add a rule"}, + {"addBPFFilterDynBlocks", true, "addresses, dynbpf[[, seconds=10], msg]", "This is the eBPF equivalent of addDynBlocks(), blocking a set of addresses for (optionally) a number of seconds, using an eBPF dynamic filter"}, + {"addCapabilitiesToRetain", true, "capability or list of capabilities", "Linux capabilities to retain after startup, like CAP_BPF"}, + {"addConsoleACL", true, "netmask", "add a netmask to the console ACL"}, + {"addDNSCryptBind", true, R"('127.0.0.1:8443", "provider name", "/path/to/resolver.cert", "/path/to/resolver.key", {reusePort=false, tcpFastOpenQueueSize=0, interface="", cpus={}})", "listen to incoming DNSCrypt queries on 127.0.0.1 port 8443, with a provider name of `provider name`, using a resolver certificate and associated key stored respectively in the `resolver.cert` and `resolver.key` files. The fifth optional parameter is a table of parameters"}, + {"addDOHLocal", true, "addr, certFile, keyFile [, urls [, vars]]", "listen to incoming DNS over HTTPS queries on the specified address using the specified certificate and key. The last two parameters are tables"}, + {"addDOH3Local", true, "addr, certFile, keyFile [, vars]", "listen to incoming DNS over HTTP/3 queries on the specified address using the specified certificate and key. The last parameter is a table"}, + {"addDOQLocal", true, "addr, certFile, keyFile [, vars]", "listen to incoming DNS over QUIC queries on the specified address using the specified certificate and key. The last parameter is a table"}, + {"addDynamicBlock", true, "address, message[, action [, seconds [, clientIPMask [, clientIPPortMask]]]]", "block the supplied address with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)"}, + {"addDynBlocks", true, "addresses, message[, seconds[, action]]", "block the set of addresses with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)"}, + {"addDynBlockSMT", true, "names, message[, seconds [, action]]", "block the set of names with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)"}, + {"addLocal", true, R"(addr [, {doTCP=true, reusePort=false, tcpFastOpenQueueSize=0, interface="", cpus={}}])", "add `addr` to the list of addresses we listen on"}, + {"addCacheHitResponseAction", true, R"(DNS rule, DNS response action [, {uuid="UUID", name="name"}}])", "add a cache hit response rule"}, + {"addCacheInsertedResponseAction", true, R"(DNS rule, DNS response action [, {uuid="UUID", name="name"}}])", "add a cache inserted response rule"}, + {"addMaintenanceCallback", true, "callback", "register a function to be called as part of the maintenance hook, every second"}, + {"addResponseAction", true, R"(DNS rule, DNS response action [, {uuid="UUID", name="name"}}])", "add a response rule"}, + {"addSelfAnsweredResponseAction", true, R"(DNS rule, DNS response action [, {uuid="UUID", name="name"}}])", "add a self-answered response rule"}, + {"addXFRResponseAction", true, R"(DNS rule, DNS response action [, {uuid="UUID", name="name"}}])", "add a XFR response rule"}, + {"addTLSLocal", true, "addr, certFile(s), keyFile(s) [,params]", "listen to incoming DNS over TLS queries on the specified address using the specified certificate (or list of) and key (or list of). The last parameter is a table"}, + {"AllowAction", true, "", "let these packets go through"}, + {"AllowResponseAction", true, "", "let these packets go through"}, + {"AllRule", true, "", "matches all traffic"}, + {"AndRule", true, "list of DNS rules", "matches if all sub-rules matches"}, + {"benchRule", true, "DNS Rule [, iterations [, suffix]]", "bench the specified DNS rule"}, + {"carbonServer", true, "serverIP, [ourname], [interval]", "report statistics to serverIP using our hostname, or 'ourname' if provided, every 'interval' seconds"}, + {"clearConsoleHistory", true, "", "clear the internal (in-memory) history of console commands"}, + {"clearDynBlocks", true, "", "clear all dynamic blocks"}, + {"clearQueryCounters", true, "", "clears the query counter buffer"}, + {"clearRules", true, "", "remove all current rules"}, + {"controlSocket", true, "addr", "open a control socket on this address / connect to this address in client mode"}, + {"ContinueAction", true, "action", "execute the specified action and continue the processing of the remaining rules, regardless of the return of the action"}, + {"declareMetric", true, "name, type, description [, prometheusName]", "Declare a custom metric"}, + {"decMetric", true, "name", "Decrement a custom metric"}, + {"DelayAction", true, "milliseconds", "delay the response by the specified amount of milliseconds (UDP-only)"}, + {"DelayResponseAction", true, "milliseconds", "delay the response by the specified amount of milliseconds (UDP-only)"}, + {"delta", true, "", "shows all commands entered that changed the configuration"}, + {"DNSSECRule", true, "", "matches queries with the DO bit set"}, + {"DnstapLogAction", true, "identity, FrameStreamLogger [, alterFunction]", "send the contents of this query to a FrameStreamLogger or RemoteLogger as dnstap. `alterFunction` is a callback, receiving a DNSQuestion and a DnstapMessage, that can be used to modify the dnstap message"}, + {"DnstapLogResponseAction", true, "identity, FrameStreamLogger [, alterFunction]", "send the contents of this response to a remote or FrameStreamLogger or RemoteLogger as dnstap. `alterFunction` is a callback, receiving a DNSResponse and a DnstapMessage, that can be used to modify the dnstap message"}, + {"DropAction", true, "", "drop these packets"}, + {"DropResponseAction", true, "", "drop these packets"}, + {"DSTPortRule", true, "port", "matches questions received to the destination port specified"}, + {"dumpStats", true, "", "print all statistics we gather"}, + {"dynBlockRulesGroup", true, "", "return a new DynBlockRulesGroup object"}, + {"EDNSVersionRule", true, "version", "matches queries with the specified EDNS version"}, + {"EDNSOptionRule", true, "optcode", "matches queries with the specified EDNS0 option present"}, + {"ERCodeAction", true, "ercode", "Reply immediately by turning the query into a response with the specified EDNS extended rcode"}, + {"ERCodeRule", true, "rcode", "matches responses with the specified extended rcode (EDNS0)"}, + {"exceedNXDOMAINs", true, "rate, seconds", "get set of addresses that exceed `rate` NXDOMAIN/s over `seconds` seconds"}, + {"exceedQRate", true, "rate, seconds", "get set of address that exceed `rate` queries/s over `seconds` seconds"}, + {"exceedQTypeRate", true, "type, rate, seconds", "get set of address that exceed `rate` queries/s for queries of type `type` over `seconds` seconds"}, + {"exceedRespByterate", true, "rate, seconds", "get set of addresses that exceeded `rate` bytes/s answers over `seconds` seconds"}, + {"exceedServFails", true, "rate, seconds", "get set of addresses that exceed `rate` servfails/s over `seconds` seconds"}, + {"firstAvailable", false, "", "picks the server with the lowest `order` that has not exceeded its QPS limit"}, + {"fixupCase", true, "bool", "if set (default to no), rewrite the first qname of the question part of the answer to match the one from the query. It is only useful when you have a downstream server that messes up the case of the question qname in the answer"}, + {"generateDNSCryptCertificate", true, R"("/path/to/providerPrivate.key", "/path/to/resolver.cert", "/path/to/resolver.key", serial, validFrom, validUntil)", "generate a new resolver private key and related certificate, valid from the `validFrom` timestamp until the `validUntil` one, signed with the provider private key"}, + {"generateDNSCryptProviderKeys", true, R"("/path/to/providerPublic.key", "/path/to/providerPrivate.key")", "generate a new provider keypair"}, + {"getAction", true, "n", "Returns the Action associated with rule n"}, + {"getBind", true, "n", "returns the listener at index n"}, + {"getBindCount", true, "", "returns the number of listeners all kinds"}, + {"getCacheHitResponseRule", true, "selector", "Return the cache-hit response rule corresponding to the selector, if any"}, + {"getCacheInsertedResponseRule", true, "selector", "Return the cache-inserted response rule corresponding to the selector, if any"}, + {"getCurrentTime", true, "", "returns the current time"}, + {"getDynamicBlocks", true, "", "returns a table of the current network-based dynamic blocks"}, + {"getDynamicBlocksSMT", true, "", "returns a table of the current suffix-based dynamic blocks"}, + {"getDNSCryptBind", true, "n", "return the `DNSCryptContext` object corresponding to the bind `n`"}, + {"getDNSCryptBindCount", true, "", "returns the number of DNSCrypt listeners"}, + {"getDOHFrontend", true, "n", "returns the DoH frontend with index n"}, + {"getDOHFrontendCount", true, "", "returns the number of DoH listeners"}, + {"getDOH3Frontend", true, "n", "returns the DoH3 frontend with index n"}, + {"getDOH3FrontendCount", true, "", "returns the number of DoH3 listeners"}, + {"getDOQFrontend", true, "n", "returns the DoQ frontend with index n"}, + {"getDOQFrontendCount", true, "", "returns the number of DoQ listeners"}, + {"getListOfAddressesOfNetworkInterface", true, "itf", "returns the list of addresses configured on a given network interface, as strings"}, + {"getListOfNetworkInterfaces", true, "", "returns the list of network interfaces present on the system, as strings"}, + {"getListOfRangesOfNetworkInterface", true, "itf", "returns the list of network ranges configured on a given network interface, as strings"}, + {"getMACAddress", true, "IP addr", "return the link-level address (MAC) corresponding to the supplied neighbour IP address, if known by the kernel"}, + {"getMetric", true, "name", "Get the value of a custom metric"}, + {"getOutgoingTLSSessionCacheSize", true, "", "returns the number of TLS sessions (for outgoing connections) currently cached"}, + {"getPool", true, "name", "return the pool named `name`, or \"\" for the default pool"}, + {"getPoolServers", true, "pool", "return servers part of this pool"}, + {"getPoolNames", true, "", "returns a table with all the pool names"}, + {"getQueryCounters", true, "[max=10]", "show current buffer of query counters, limited by 'max' if provided"}, + {"getResponseRing", true, "", "return the current content of the response ring"}, + {"getResponseRule", true, "selector", "Return the response rule corresponding to the selector, if any"}, + {"getRespRing", true, "", "return the qname/rcode content of the response ring"}, + {"getRule", true, "selector", "Return the rule corresponding to the selector, if any"}, + {"getSelfAnsweredResponseRule", true, "selector", "Return the self-answered response rule corresponding to the selector, if any"}, + {"getServer", true, "id", "returns server with index 'n' or whose uuid matches if 'id' is an UUID string"}, + {"getServers", true, "", "returns a table with all defined servers"}, + {"getStatisticsCounters", true, "", "returns a map of statistic counters"}, + {"getTopCacheHitResponseRules", true, "[top]", "return the `top` cache-hit response rules"}, + {"getTopCacheInsertedResponseRules", true, "[top]", "return the `top` cache-inserted response rules"}, + {"getTopResponseRules", true, "[top]", "return the `top` response rules"}, + {"getTopRules", true, "[top]", "return the `top` rules"}, + {"getTopSelfAnsweredResponseRules", true, "[top]", "return the `top` self-answered response rules"}, + {"getTopXFRResponseRules", true, "[top]", "return the `top` XFR response rules"}, + {"getTLSFrontend", true, "n", "returns the TLS frontend with index n"}, + {"getTLSFrontendCount", true, "", "returns the number of DoT listeners"}, + {"getVerbose", true, "", "get whether log messages at the verbose level will be logged"}, + {"getXFRResponseRule", true, "selector", "Return the XFR response rule corresponding to the selector, if any"}, + {"grepq", true, R"(Netmask|DNS Name|100ms|{"::1", "powerdns.com", "100ms"} [, n] [,options])", "shows the last n queries and responses matching the specified client address or range (Netmask), or the specified DNS Name, or slower than 100ms"}, + {"hashPassword", true, "password [, workFactor]", "Returns a hashed and salted version of the supplied password, usable with 'setWebserverConfig()'"}, + {"HTTPHeaderRule", true, "name, regex", "matches DoH queries with a HTTP header 'name' whose content matches the regular expression 'regex'"}, + {"HTTPPathRegexRule", true, "regex", "matches DoH queries whose HTTP path matches 'regex'"}, + {"HTTPPathRule", true, "path", "matches DoH queries whose HTTP path is an exact match to 'path'"}, + {"HTTPStatusAction", true, "status, reason, body", "return an HTTP response"}, + {"inClientStartup", true, "", "returns true during console client parsing of configuration"}, + {"includeDirectory", true, "path", "include configuration files from `path`"}, + {"incMetric", true, "name", "Increment a custom metric"}, + {"KeyValueLookupKeyQName", true, "[wireFormat]", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return the qname of the query, either in wire format (default) or in plain text if 'wireFormat' is false"}, + {"KeyValueLookupKeySourceIP", true, "[v4Mask [, v6Mask [, includePort]]]", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return the (possibly bitmasked) source IP of the client in network byte-order."}, + {"KeyValueLookupKeySuffix", true, "[minLabels [,wireFormat]]", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return a vector of keys based on the labels of the qname in DNS wire format or plain text"}, + {"KeyValueLookupKeyTag", true, "tag", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return the value of the corresponding tag for this query, if it exists"}, + {"KeyValueStoreLookupAction", true, "kvs, lookupKey, destinationTag", "does a lookup into the key value store referenced by 'kvs' using the key returned by 'lookupKey', and storing the result if any into the tag named 'destinationTag'"}, + {"KeyValueStoreRangeLookupAction", true, "kvs, lookupKey, destinationTag", "does a range-based lookup into the key value store referenced by 'kvs' using the key returned by 'lookupKey', and storing the result if any into the tag named 'destinationTag'"}, + {"KeyValueStoreLookupRule", true, "kvs, lookupKey", "matches queries if the key is found in the specified Key Value store"}, + {"KeyValueStoreRangeLookupRule", true, "kvs, lookupKey", "matches queries if the key is found in the specified Key Value store"}, + {"leastOutstanding", false, "", "Send traffic to downstream server with least outstanding queries, with the lowest 'order', and within that the lowest recent latency"}, #if defined(HAVE_LIBSSL) && !defined(HAVE_TLS_PROVIDERS) - {"loadTLSEngine", true, "engineName [, defaultString]", "Load the OpenSSL engine named 'engineName', setting the engine default string to 'defaultString' if supplied"}, + {"loadTLSEngine", true, "engineName [, defaultString]", "Load the OpenSSL engine named 'engineName', setting the engine default string to 'defaultString' if supplied"}, #endif #if defined(HAVE_LIBSSL) && OPENSSL_VERSION_MAJOR >= 3 && defined(HAVE_TLS_PROVIDERS) - {"loadTLSProvider", true, "providerName", "Load the OpenSSL provider named 'providerName'"}, + {"loadTLSProvider", true, "providerName", "Load the OpenSSL provider named 'providerName'"}, #endif - {"LogAction", true, "[filename], [binary], [append], [buffered]", "Log a line for each query, to the specified file if any, to the console (require verbose) otherwise. When logging to a file, the `binary` optional parameter specifies whether we log in binary form (default) or in textual form, the `append` optional parameter specifies whether we open the file for appending or truncate each time (default), and the `buffered` optional parameter specifies whether writes to the file are buffered (default) or not."}, - {"LogResponseAction", true, "[filename], [append], [buffered]", "Log a line for each response, to the specified file if any, to the console (require verbose) otherwise. The `append` optional parameter specifies whether we open the file for appending or truncate each time (default), and the `buffered` optional parameter specifies whether writes to the file are buffered (default) or not."}, - {"LuaAction", true, "function", "Invoke a Lua function that accepts a DNSQuestion"}, - {"LuaFFIAction", true, "function", "Invoke a Lua FFI function that accepts a DNSQuestion"}, - {"LuaFFIPerThreadAction", true, "function", "Invoke a Lua FFI function that accepts a DNSQuestion, with a per-thread Lua context"}, - {"LuaFFIPerThreadResponseAction", true, "function", "Invoke a Lua FFI function that accepts a DNSResponse, with a per-thread Lua context"}, - {"LuaFFIResponseAction", true, "function", "Invoke a Lua FFI function that accepts a DNSResponse"}, - {"LuaFFIRule", true, "function", "Invoke a Lua FFI function that filters DNS questions"}, - {"LuaResponseAction", true, "function", "Invoke a Lua function that accepts a DNSResponse"}, - {"LuaRule", true, "function", "Invoke a Lua function that filters DNS questions"}, + {"LogAction", true, "[filename], [binary], [append], [buffered]", "Log a line for each query, to the specified file if any, to the console (require verbose) otherwise. When logging to a file, the `binary` optional parameter specifies whether we log in binary form (default) or in textual form, the `append` optional parameter specifies whether we open the file for appending or truncate each time (default), and the `buffered` optional parameter specifies whether writes to the file are buffered (default) or not."}, + {"LogResponseAction", true, "[filename], [append], [buffered]", "Log a line for each response, to the specified file if any, to the console (require verbose) otherwise. The `append` optional parameter specifies whether we open the file for appending or truncate each time (default), and the `buffered` optional parameter specifies whether writes to the file are buffered (default) or not."}, + {"LuaAction", true, "function", "Invoke a Lua function that accepts a DNSQuestion"}, + {"LuaFFIAction", true, "function", "Invoke a Lua FFI function that accepts a DNSQuestion"}, + {"LuaFFIPerThreadAction", true, "function", "Invoke a Lua FFI function that accepts a DNSQuestion, with a per-thread Lua context"}, + {"LuaFFIPerThreadResponseAction", true, "function", "Invoke a Lua FFI function that accepts a DNSResponse, with a per-thread Lua context"}, + {"LuaFFIResponseAction", true, "function", "Invoke a Lua FFI function that accepts a DNSResponse"}, + {"LuaFFIRule", true, "function", "Invoke a Lua FFI function that filters DNS questions"}, + {"LuaResponseAction", true, "function", "Invoke a Lua function that accepts a DNSResponse"}, + {"LuaRule", true, "function", "Invoke a Lua function that filters DNS questions"}, #ifdef HAVE_IPCIPHER - {"makeIPCipherKey", true, "password", "generates a 16-byte key that can be used to pseudonymize IP addresses with IP cipher"}, + {"makeIPCipherKey", true, "password", "generates a 16-byte key that can be used to pseudonymize IP addresses with IP cipher"}, #endif /* HAVE_IPCIPHER */ - {"makeKey", true, "", "generate a new server access key, emit configuration line ready for pasting"}, - {"makeRule", true, "rule", "Make a NetmaskGroupRule() or a SuffixMatchNodeRule(), depending on how it is called"}, - {"MaxQPSIPRule", true, "qps, [v4Mask=32 [, v6Mask=64 [, burst=qps [, expiration=300 [, cleanupDelay=60 [, scanFraction=10 [, shards=10]]]]]]]", "matches traffic exceeding the qps limit per subnet"}, - {"MaxQPSRule", true, "qps", "matches traffic **not** exceeding this qps limit"}, - {"mvCacheHitResponseRule", true, "from, to", "move cache hit response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule"}, - {"mvCacheHitResponseRuleToTop", true, "", "move the last cache hit response rule to the first position"}, - {"mvCacheInsertedResponseRule", true, "from, to", "move cache inserted response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule"}, - {"mvCacheInsertedResponseRuleToTop", true, "", "move the last cache inserted response rule to the first position"}, - {"mvResponseRule", true, "from, to", "move response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule"}, - {"mvResponseRuleToTop", true, "", "move the last response rule to the first position"}, - {"mvRule", true, "from, to", "move rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule, in which case the rule will be moved to the last position"}, - {"mvRuleToTop", true, "", "move the last rule to the first position"}, - {"mvSelfAnsweredResponseRule", true, "from, to", "move self-answered response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule"}, - {"mvSelfAnsweredResponseRuleToTop", true, "", "move the last self-answered response rule to the first position"}, - {"mvXFRResponseRule", true, "from, to", "move XFR response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule"}, - {"mvXFRResponseRuleToTop", true, "", "move the last XFR response rule to the first position"}, - {"NetmaskGroupRule", true, "nmg[, src]", "Matches traffic from/to the network range specified in nmg. Set the src parameter to false to match nmg against destination address instead of source address. This can be used to differentiate between clients"}, - {"newBPFFilter", true, "{ipv4MaxItems=int, ipv4PinnedPath=string, ipv6MaxItems=int, ipv6PinnedPath=string, cidr4MaxItems=int, cidr4PinnedPath=string, cidr6MaxItems=int, cidr6PinnedPath=string, qnamesMaxItems=int, qnamesPinnedPath=string, external=bool}", "Return a new eBPF socket filter with specified options."}, - {"newCA", true, "address", "Returns a ComboAddress based on `address`"}, + {"makeKey", true, "", "generate a new server access key, emit configuration line ready for pasting"}, + {"makeRule", true, "rule", "Make a NetmaskGroupRule() or a SuffixMatchNodeRule(), depending on how it is called"}, + {"MaxQPSIPRule", true, "qps, [v4Mask=32 [, v6Mask=64 [, burst=qps [, expiration=300 [, cleanupDelay=60 [, scanFraction=10 [, shards=10]]]]]]]", "matches traffic exceeding the qps limit per subnet"}, + {"MaxQPSRule", true, "qps", "matches traffic **not** exceeding this qps limit"}, + {"mvCacheHitResponseRule", true, "from, to", "move cache hit response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule"}, + {"mvCacheHitResponseRuleToTop", true, "", "move the last cache hit response rule to the first position"}, + {"mvCacheInsertedResponseRule", true, "from, to", "move cache inserted response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule"}, + {"mvCacheInsertedResponseRuleToTop", true, "", "move the last cache inserted response rule to the first position"}, + {"mvResponseRule", true, "from, to", "move response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule"}, + {"mvResponseRuleToTop", true, "", "move the last response rule to the first position"}, + {"mvRule", true, "from, to", "move rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule, in which case the rule will be moved to the last position"}, + {"mvRuleToTop", true, "", "move the last rule to the first position"}, + {"mvSelfAnsweredResponseRule", true, "from, to", "move self-answered response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule"}, + {"mvSelfAnsweredResponseRuleToTop", true, "", "move the last self-answered response rule to the first position"}, + {"mvXFRResponseRule", true, "from, to", "move XFR response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule"}, + {"mvXFRResponseRuleToTop", true, "", "move the last XFR response rule to the first position"}, + {"NetmaskGroupRule", true, "nmg[, src]", "Matches traffic from/to the network range specified in nmg. Set the src parameter to false to match nmg against destination address instead of source address. This can be used to differentiate between clients"}, + {"newBPFFilter", true, "{ipv4MaxItems=int, ipv4PinnedPath=string, ipv6MaxItems=int, ipv6PinnedPath=string, cidr4MaxItems=int, cidr4PinnedPath=string, cidr6MaxItems=int, cidr6PinnedPath=string, qnamesMaxItems=int, qnamesPinnedPath=string, external=bool}", "Return a new eBPF socket filter with specified options."}, + {"newCA", true, "address", "Returns a ComboAddress based on `address`"}, #ifdef HAVE_CDB - {"newCDBKVStore", true, "fname, refreshDelay", "Return a new KeyValueStore object associated to the corresponding CDB database"}, + {"newCDBKVStore", true, "fname, refreshDelay", "Return a new KeyValueStore object associated to the corresponding CDB database"}, #endif - {"newDNSName", true, "name", "make a DNSName based on this .-terminated name"}, - {"newDNSNameSet", true, "", "returns a new DNSNameSet"}, - {"newDynBPFFilter", true, "bpf", "Return a new dynamic eBPF filter associated to a given BPF Filter"}, - {"newFrameStreamTcpLogger", true, "addr [, options]", "create a FrameStream logger object writing to a TCP address (addr should be ip:port), to use with `DnstapLogAction()` and `DnstapLogResponseAction()`"}, - {"newFrameStreamUnixLogger", true, "socket [, options]", "create a FrameStream logger object writing to a local unix socket, to use with `DnstapLogAction()` and `DnstapLogResponseAction()`"}, + {"newDNSName", true, "name", "make a DNSName based on this .-terminated name"}, + {"newDNSNameSet", true, "", "returns a new DNSNameSet"}, + {"newDynBPFFilter", true, "bpf", "Return a new dynamic eBPF filter associated to a given BPF Filter"}, + {"newFrameStreamTcpLogger", true, "addr [, options]", "create a FrameStream logger object writing to a TCP address (addr should be ip:port), to use with `DnstapLogAction()` and `DnstapLogResponseAction()`"}, + {"newFrameStreamUnixLogger", true, "socket [, options]", "create a FrameStream logger object writing to a local unix socket, to use with `DnstapLogAction()` and `DnstapLogResponseAction()`"}, #ifdef HAVE_LMDB - {"newLMDBKVStore", true, "fname, dbName [, noLock]", "Return a new KeyValueStore object associated to the corresponding LMDB database"}, + {"newLMDBKVStore", true, "fname, dbName [, noLock]", "Return a new KeyValueStore object associated to the corresponding LMDB database"}, #endif - {"newNMG", true, "", "Returns a NetmaskGroup"}, - {"newPacketCache", true, "maxEntries[, maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false, numberOfShards=1, deferrableInsertLock=true, options={}]", "return a new Packet Cache"}, - {"newQPSLimiter", true, "rate, burst", "configure a QPS limiter with that rate and that burst capacity"}, - {"newRemoteLogger", true, "address:port [, timeout=2, maxQueuedEntries=100, reconnectWaitTime=1]", "create a Remote Logger object, to use with `RemoteLogAction()` and `RemoteLogResponseAction()`"}, - {"newRuleAction", true, R"(DNS rule, DNS action [, {uuid="UUID", name="name"}])", "return a pair of DNS Rule and DNS Action, to be used with `setRules()`"}, - {"newServer", true, R"({address="ip:port", qps=1000, order=1, weight=10, pool="abuse", retries=5, tcpConnectTimeout=5, tcpSendTimeout=30, tcpRecvTimeout=30, checkName="a.root-servers.net.", checkType="A", maxCheckFailures=1, mustResolve=false, useClientSubnet=true, source="address|interface name|address@interface", sockets=1, reconnectOnUp=false})", "instantiate a server"}, - {"newServerPolicy", true, "name, function", "create a policy object from a Lua function"}, - {"newSuffixMatchNode", true, "", "returns a new SuffixMatchNode"}, - {"newSVCRecordParameters", true, "priority, target, mandatoryParams, alpns, noDefaultAlpn [, port [, ech [, ipv4hints [, ipv6hints [, additionalParameters ]]]]]", "return a new SVCRecordParameters object, to use with SpoofSVCAction"}, - {"NegativeAndSOAAction", true, "nxd, zone, ttl, mname, rname, serial, refresh, retry, expire, minimum [, options]", "Turn a query into a NXDomain or NoData answer and sets a SOA record in the additional section"}, - {"NoneAction", true, "", "Does nothing. Subsequent rules are processed after this action"}, - {"NotRule", true, "selector", "Matches the traffic if the selector rule does not match"}, - {"OpcodeRule", true, "code", "Matches queries with opcode code. code can be directly specified as an integer, or one of the built-in DNSOpcodes"}, - {"OrRule", true, "selectors", "Matches the traffic if one or more of the the selectors rules does match"}, - {"PoolAction", true, "poolname [, stop]", "set the packet into the specified pool"}, - {"PoolAvailableRule", true, "poolname", "Check whether a pool has any servers available to handle queries"}, - {"PoolOutstandingRule", true, "poolname, limit", "Check whether a pool has outstanding queries above limit"}, - {"printDNSCryptProviderFingerprint", true, R"("/path/to/providerPublic.key")", "display the fingerprint of the provided resolver public key"}, - {"ProbaRule", true, "probability", "Matches queries with a given probability. 1.0 means always"}, - {"ProxyProtocolValueRule", true, "type [, value]", "matches queries with a specified Proxy Protocol TLV value of that type, optionally matching the content of the option as well"}, - {"QClassRule", true, "qclass", "Matches queries with the specified qclass. class can be specified as an integer or as one of the built-in DNSClass"}, - {"QNameLabelsCountRule", true, "min, max", "matches if the qname has less than `min` or more than `max` labels"}, - {"QNameRule", true, "qname", "matches queries with the specified qname"}, - {"QNameSetRule", true, "set", "Matches if the set contains exact qname"}, - {"QNameWireLengthRule", true, "min, max", "matches if the qname's length on the wire is less than `min` or more than `max` bytes"}, - {"QPSAction", true, "maxqps", "Drop a packet if it does exceed the maxqps queries per second limits. Letting the subsequent rules apply otherwise"}, - {"QPSPoolAction", true, "maxqps, poolname [, stop]", "Send the packet into the specified pool only if it does not exceed the maxqps queries per second limits. Letting the subsequent rules apply otherwise"}, - {"QTypeRule", true, "qtype", "matches queries with the specified qtype"}, - {"RCodeAction", true, "rcode", "Reply immediately by turning the query into a response with the specified rcode"}, - {"RCodeRule", true, "rcode", "matches responses with the specified rcode"}, - {"RDRule", true, "", "Matches queries with the RD flag set"}, - {"RecordsCountRule", true, "section, minCount, maxCount", "Matches if there is at least minCount and at most maxCount records in the section section. section can be specified as an integer or as a DNS Packet Sections"}, - {"RecordsTypeCountRule", true, "section, qtype, minCount, maxCount", "Matches if there is at least minCount and at most maxCount records of type type in the section section"}, - {"RegexRule", true, "regex", "matches the query name against the supplied regex"}, - {"registerDynBPFFilter", true, "DynBPFFilter", "register this dynamic BPF filter into the web interface so that its counters are displayed"}, - {"reloadAllCertificates", true, "", "reload all DNSCrypt and TLS certificates, along with their associated keys"}, - {"RemoteLogAction", true, "RemoteLogger [, alterFunction [, serverID]]", "send the content of this query to a remote logger via Protocol Buffer. `alterFunction` is a callback, receiving a DNSQuestion and a DNSDistProtoBufMessage, that can be used to modify the Protocol Buffer content, for example for anonymization purposes. `serverID` is the server identifier."}, - {"RemoteLogResponseAction", true, "RemoteLogger [,alterFunction [,includeCNAME [, serverID]]]", "send the content of this response to a remote logger via Protocol Buffer. `alterFunction` is the same callback than the one in `RemoteLogAction` and `includeCNAME` indicates whether CNAME records inside the response should be parsed and exported. The default is to only exports A and AAAA records. `serverID` is the server identifier."}, - {"requestTCPStatesDump", true, "", "Request a dump of the TCP states (incoming connections, outgoing connections) during the next scan. Useful for debugging purposes only"}, - {"rmACL", true, "netmask", "remove netmask from ACL"}, - {"rmCacheHitResponseRule", true, "id", "remove cache hit response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, - {"rmCacheInsertedResponseRule", true, "id", "remove cache inserted response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, - {"rmResponseRule", true, "id", "remove response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, - {"rmRule", true, "id", "remove rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, - {"rmSelfAnsweredResponseRule", true, "id", "remove self-answered response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, - {"rmServer", true, "id", "remove server with index 'id' or whose uuid matches if 'id' is an UUID string"}, - {"rmXFRResponseRule", true, "id", "remove XFR response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, - {"roundrobin", false, "", "Simple round robin over available servers"}, - {"sendCustomTrap", true, "str", "send a custom `SNMP` trap from Lua, containing the `str` string"}, - {"setACL", true, "{netmask, netmask}", "replace the ACL set with these netmasks. Use `setACL({})` to reset the list, meaning no one can use us"}, - {"setACLFromFile", true, "file", "replace the ACL set with netmasks in this file"}, - {"setAddEDNSToSelfGeneratedResponses", true, "add", "set whether to add EDNS to self-generated responses, provided that the initial query had EDNS"}, - {"setAllowEmptyResponse", true, "allow", "Set to true (defaults to false) to allow empty responses (qdcount=0) with a NoError or NXDomain rcode (default) from backends"}, - {"setAPIWritable", true, "bool, dir", "allow modifications via the API. if `dir` is set, it must be a valid directory where the configuration files will be written by the API"}, - {"setCacheCleaningDelay", true, "num", "Set the interval in seconds between two runs of the cache cleaning algorithm, removing expired entries"}, - {"setCacheCleaningPercentage", true, "num", "Set the percentage of the cache that the cache cleaning algorithm will try to free by removing expired entries. By default (100), all expired entries are remove"}, - {"setConsistentHashingBalancingFactor", true, "factor", "Set the balancing factor for bounded-load consistent hashing"}, - {"setConsoleACL", true, "{netmask, netmask}", "replace the console ACL set with these netmasks"}, - {"setConsoleConnectionsLogging", true, "enabled", "whether to log the opening and closing of console connections"}, - {"setConsoleMaximumConcurrentConnections", true, "max", "Set the maximum number of concurrent console connections"}, - {"setConsoleOutputMaxMsgSize", true, "messageSize", "set console message maximum size in bytes, default is 10 MB"}, - {"setDefaultBPFFilter", true, "filter", "When used at configuration time, the corresponding BPFFilter will be attached to every bind"}, - {"setDoHDownstreamCleanupInterval", true, "interval", "minimum interval in seconds between two cleanups of the idle DoH downstream connections"}, - {"setDoHDownstreamMaxIdleTime", true, "time", "Maximum time in seconds that a downstream DoH connection to a backend might stay idle"}, - {"setDynBlocksAction", true, "action", "set which action is performed when a query is blocked. Only DNSAction.Drop (the default) and DNSAction.Refused are supported"}, - {"setDynBlocksPurgeInterval", true, "sec", "set how often the expired dynamic block entries should be removed"}, - {"setDropEmptyQueries", true, "drop", "Whether to drop empty queries right away instead of sending a NOTIMP response"}, - {"setECSOverride", true, "bool", "whether to override an existing EDNS Client Subnet value in the query"}, - {"setECSSourcePrefixV4", true, "prefix-length", "the EDNS Client Subnet prefix-length used for IPv4 queries"}, - {"setECSSourcePrefixV6", true, "prefix-length", "the EDNS Client Subnet prefix-length used for IPv6 queries"}, - {"setKey", true, "key", "set access key to that key"}, - {"setLocal", true, R"(addr [, {doTCP=true, reusePort=false, tcpFastOpenQueueSize=0, interface="", cpus={}}])", "reset the list of addresses we listen on to this address"}, - {"setMaxCachedDoHConnectionsPerDownstream", true, "max", "Set the maximum number of inactive DoH connections to a backend cached by each worker DoH thread"}, - {"setMaxCachedTCPConnectionsPerDownstream", true, "max", "Set the maximum number of inactive TCP connections to a backend cached by each worker TCP thread"}, - {"setMaxTCPClientThreads", true, "n", "set the maximum of TCP client threads, handling TCP connections"}, - {"setMaxTCPConnectionDuration", true, "n", "set the maximum duration of an incoming TCP connection, in seconds. 0 means unlimited"}, - {"setMaxTCPConnectionsPerClient", true, "n", "set the maximum number of TCP connections per client. 0 means unlimited"}, - {"setMaxTCPQueriesPerConnection", true, "n", "set the maximum number of queries in an incoming TCP connection. 0 means unlimited"}, - {"setMaxTCPQueuedConnections", true, "n", "set the maximum number of TCP connections queued (waiting to be picked up by a client thread)"}, - {"setMaxUDPOutstanding", true, "n", "set the maximum number of outstanding UDP queries to a given backend server. This can only be set at configuration time and defaults to 65535"}, - {"setMetric", true, "name, value", "Set the value of a custom metric to the supplied value"}, - {"setPayloadSizeOnSelfGeneratedAnswers", true, "payloadSize", "set the UDP payload size advertised via EDNS on self-generated responses"}, - {"setPoolServerPolicy", true, "policy, pool", "set the server selection policy for this pool to that policy"}, - {"setPoolServerPolicyLua", true, "name, function, pool", "set the server selection policy for this pool to one named 'name' and provided by 'function'"}, - {"setPoolServerPolicyLuaFFI", true, "name, function, pool", "set the server selection policy for this pool to one named 'name' and provided by 'function'"}, - {"setPoolServerPolicyLuaFFIPerThread", true, "name, code", "set server selection policy for this pool to one named 'name' and returned by the Lua FFI code passed in 'code'"}, - {"setProxyProtocolACL", true, "{netmask, netmask}", "Set the netmasks who are allowed to send Proxy Protocol headers in front of queries/connections"}, - {"setProxyProtocolApplyACLToProxiedClients", true, "apply", "Whether the general ACL should be applied to the source IP address gathered from a Proxy Protocol header, in addition to being first applied to the source address seen by dnsdist"}, - {"setProxyProtocolMaximumPayloadSize", true, "max", "Set the maximum size of a Proxy Protocol payload, in bytes"}, - {"setQueryCount", true, "bool", "set whether queries should be counted"}, - {"setQueryCountFilter", true, "func", "filter queries that would be counted, where `func` is a function with parameter `dq` which decides whether a query should and how it should be counted"}, - {"SetReducedTTLResponseAction", true, "percentage", "Reduce the TTL of records in a response to a given percentage"}, - {"setRingBuffersLockRetries", true, "n", "set the number of attempts to get a non-blocking lock to a ringbuffer shard before blocking"}, - {"setRingBuffersOptions", true, "{ lockRetries=int, recordQueries=true, recordResponses=true }", "set ringbuffer options"}, - {"setRingBuffersSize", true, "n [, numberOfShards]", "set the capacity of the ringbuffers used for live traffic inspection to `n`, and optionally the number of shards to use to `numberOfShards`"}, - {"setRoundRobinFailOnNoServer", true, "value", "By default the roundrobin load-balancing policy will still try to select a backend even if all backends are currently down. Setting this to true will make the policy fail and return that no server is available instead"}, - {"setRules", true, "list of rules", "replace the current rules with the supplied list of pairs of DNS Rules and DNS Actions (see `newRuleAction()`)"}, - {"setSecurityPollInterval", true, "n", "set the security polling interval to `n` seconds"}, - {"setSecurityPollSuffix", true, "suffix", "set the security polling suffix to the specified value"}, - {"setServerPolicy", true, "policy", "set server selection policy to that policy"}, - {"setServerPolicyLua", true, "name, function", "set server selection policy to one named 'name' and provided by 'function'"}, - {"setServerPolicyLuaFFI", true, "name, function", "set server selection policy to one named 'name' and provided by the Lua FFI 'function'"}, - {"setServerPolicyLuaFFIPerThread", true, "name, code", "set server selection policy to one named 'name' and returned by the Lua FFI code passed in 'code'"}, - {"setServFailWhenNoServer", true, "bool", "if set, return a ServFail when no servers are available, instead of the default behaviour of dropping the query"}, - {"setStaleCacheEntriesTTL", true, "n", "allows using cache entries expired for at most n seconds when there is no backend available to answer for a query"}, - {"setStructuredLogging", true, "value [, options]", "set whether log messages should be in structured-logging-like format"}, - {"setSyslogFacility", true, "facility", "set the syslog logging facility to 'facility'. Defaults to LOG_DAEMON"}, - {"setTCPDownstreamCleanupInterval", true, "interval", "minimum interval in seconds between two cleanups of the idle TCP downstream connections"}, - {"setTCPFastOpenKey", true, "string", "TCP Fast Open Key"}, - {"setTCPDownstreamMaxIdleTime", true, "time", "Maximum time in seconds that a downstream TCP connection to a backend might stay idle"}, - {"setTCPInternalPipeBufferSize", true, "size", "Set the size in bytes of the internal buffer of the pipes used internally to distribute connections to TCP (and DoT) workers threads"}, - {"setTCPRecvTimeout", true, "n", "set the read timeout on TCP connections from the client, in seconds"}, - {"setTCPSendTimeout", true, "n", "set the write timeout on TCP connections from the client, in seconds"}, - {"setUDPMultipleMessagesVectorSize", true, "n", "set the size of the vector passed to recvmmsg() to receive UDP messages. Default to 1 which means that the feature is disabled and recvmsg() is used instead"}, - {"setUDPSocketBufferSizes", true, "recv, send", "Set the size of the receive (SO_RCVBUF) and send (SO_SNDBUF) buffers for incoming UDP sockets"}, - {"setUDPTimeout", true, "n", "set the maximum time dnsdist will wait for a response from a backend over UDP, in seconds"}, - {"setVerbose", true, "bool", "set whether log messages at the verbose level will be logged"}, - {"setVerboseHealthChecks", true, "bool", "set whether health check errors will be logged"}, - {"setVerboseLogDestination", true, "destination file", "Set a destination file to write the 'verbose' log messages to, instead of sending them to syslog and/or the standard output"}, - {"setWebserverConfig", true, "[{password=string, apiKey=string, customHeaders, statsRequireAuthentication}]", "Updates webserver configuration"}, - {"setWeightedBalancingFactor", true, "factor", "Set the balancing factor for bounded-load weighted policies (whashed, wrandom)"}, - {"setWHashedPertubation", true, "value", "Set the hash perturbation value to be used in the whashed policy instead of a random one, allowing to have consistent whashed results on different instance"}, - {"show", true, "string", "outputs `string`"}, - {"showACL", true, "", "show our ACL set"}, - {"showBinds", true, "", "show listening addresses (frontends)"}, - {"showCacheHitResponseRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined cache hit response rules, optionally with their UUIDs and optionally truncated to a given width"}, - {"showConsoleACL", true, "", "show our current console ACL set"}, - {"showDNSCryptBinds", true, "", "display the currently configured DNSCrypt binds"}, - {"showDOHFrontends", true, "", "list all the available DOH frontends"}, - {"showDOH3Frontends", true, "", "list all the available DOH3 frontends"}, - {"showDOHResponseCodes", true, "", "show the HTTP response code statistics for the DoH frontends"}, - {"showDOQFrontends", true, "", "list all the available DOQ frontends"}, - {"showDynBlocks", true, "", "show dynamic blocks in force"}, - {"showPools", true, "", "show the available pools"}, - {"showPoolServerPolicy", true, "pool", "show server selection policy for this pool"}, - {"showResponseLatency", true, "", "show a plot of the response time latency distribution"}, - {"showResponseRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined response rules, optionally with their UUIDs and optionally truncated to a given width"}, - {"showRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined rules, optionally with their UUIDs and optionally truncated to a given width"}, - {"showSecurityStatus", true, "", "Show the security status"}, - {"showSelfAnsweredResponseRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined self-answered response rules, optionally with their UUIDs and optionally truncated to a given width"}, - {"showServerPolicy", true, "", "show name of currently operational server selection policy"}, - {"showServers", true, "[{showUUIDs=false}]", "output all servers, optionally with their UUIDs"}, - {"showTCPStats", true, "", "show some statistics regarding TCP"}, - {"showTLSErrorCounters", true, "", "show metrics about TLS handshake failures"}, - {"showTLSFrontends", true, "", "list all the available TLS contexts"}, - {"showVersion", true, "", "show the current version"}, - {"showWebserverConfig", true, "", "Show the current webserver configuration"}, - {"shutdown", true, "", "shut down `dnsdist`"}, - {"snmpAgent", true, "enableTraps [, daemonSocket]", "enable `SNMP` support. `enableTraps` is a boolean indicating whether traps should be sent and `daemonSocket` an optional string specifying how to connect to the daemon agent"}, - {"SetAdditionalProxyProtocolValueAction", true, "type, value", "Add a Proxy Protocol TLV value of this type"}, - {"SetDisableECSAction", true, "", "Disable the sending of ECS to the backend. Subsequent rules are processed after this action."}, - {"SetDisableValidationAction", true, "", "set the CD bit in the question, let it go through"}, - {"SetECSAction", true, "v4[, v6]", "Set the ECS prefix and prefix length sent to backends to an arbitrary value"}, - {"SetECSOverrideAction", true, "override", "Whether an existing EDNS Client Subnet value should be overridden (true) or not (false). Subsequent rules are processed after this action"}, - {"SetECSPrefixLengthAction", true, "v4, v6", "Set the ECS prefix length. Subsequent rules are processed after this action"}, - {"SetMacAddrAction", true, "option", "Add the source MAC address to the query as EDNS0 option option. This action is currently only supported on Linux. Subsequent rules are processed after this action"}, - {"SetEDNSOptionAction", true, "option, data", "Add arbitrary EDNS option and data to the query. Subsequent rules are processed after this action"}, - {"SetExtendedDNSErrorAction", true, "infoCode [, extraText]", "Set an Extended DNS Error status that will be added to the response corresponding to the current query. Subsequent rules are processed after this action"}, - {"SetExtendedDNSErrorResponseAction", true, "infoCode [, extraText]", "Set an Extended DNS Error status that will be added to this response. Subsequent rules are processed after this action"}, - {"SetNoRecurseAction", true, "", "strip RD bit from the question, let it go through"}, - {"setOutgoingDoHWorkerThreads", true, "n", "Number of outgoing DoH worker threads"}, - {"SetProxyProtocolValuesAction", true, "values", "Set the Proxy-Protocol values for this queries to 'values'"}, - {"SetSkipCacheAction", true, "", "Don’t lookup the cache for this query, don’t store the answer"}, - {"SetSkipCacheResponseAction", true, "", "Don’t store this response into the cache"}, - {"SetTagAction", true, "name, value", "set the tag named 'name' to the given value"}, - {"SetTagResponseAction", true, "name, value", "set the tag named 'name' to the given value"}, - {"SetTempFailureCacheTTLAction", true, "ttl", "set packetcache TTL for temporary failure replies"}, - {"SNIRule", true, "name", "Create a rule which matches on the incoming TLS SNI value, if any (DoT or DoH)"}, - {"SNMPTrapAction", true, "[reason]", "send an SNMP trap, adding the optional `reason` string as the query description"}, - {"SNMPTrapResponseAction", true, "[reason]", "send an SNMP trap, adding the optional `reason` string as the response description"}, - {"SpoofAction", true, "ip|list of ips [, options]", "forge a response with the specified IPv4 (for an A query) or IPv6 (for an AAAA). If you specify multiple addresses, all that match the query type (A, AAAA or ANY) will get spoofed in"}, - {"SpoofCNAMEAction", true, "cname [, options]", "Forge a response with the specified CNAME value"}, - {"SpoofRawAction", true, "raw|list of raws [, options]", "Forge a response with the specified record data as raw bytes. If you specify multiple raws (it is assumed they match the query type), all will get spoofed in"}, - {"SpoofSVCAction", true, "list of svcParams [, options]", "Forge a response with the specified SVC record data"}, - {"SuffixMatchNodeRule", true, "smn[, quiet]", "Matches based on a group of domain suffixes for rapid testing of membership. Pass true as second parameter to prevent listing of all domains matched"}, - {"TagRule", true, "name [, value]", "matches if the tag named 'name' is present, with the given 'value' matching if any"}, - {"TCAction", true, "", "create answer to query with TC and RD bits set, to move to TCP"}, - {"TCPRule", true, "[tcp]", "Matches question received over TCP if tcp is true, over UDP otherwise"}, - {"TCResponseAction", true, "", "truncate a response"}, - {"TeeAction", true, "remote [, addECS [, local]]", "send copy of query to remote, optionally adding ECS info, optionally set local address"}, - {"testCrypto", true, "", "test of the crypto all works"}, - {"TimedIPSetRule", true, "", "Create a rule which matches a set of IP addresses which expire"}, - {"topBandwidth", true, "top", "show top-`top` clients that consume the most bandwidth over length of ringbuffer"}, - {"topCacheHitResponseRules", true, "[top][, vars]", "show `top` cache-hit response rules"}, - {"topCacheInsertedResponseRules", true, "[top][, vars]", "show `top` cache-inserted response rules"}, - {"topClients", true, "n", "show top-`n` clients sending the most queries over length of ringbuffer"}, - {"topQueries", true, "n[, labels]", "show top 'n' queries, as grouped when optionally cut down to 'labels' labels"}, - {"topResponses", true, "n, kind[, labels]", "show top 'n' responses with RCODE=kind (0=NO Error, 2=ServFail, 3=NXDomain), as grouped when optionally cut down to 'labels' labels"}, - {"topResponseRules", true, "[top][, vars]", "show `top` response rules"}, - {"topRules", true, "[top][, vars]", "show `top` rules"}, - {"topSelfAnsweredResponseRules", true, "[top][, vars]", "show `top` self-answered response rules"}, - {"topSlow", true, "[top][, limit][, labels]", "show `top` queries slower than `limit` milliseconds (timeouts excepted), grouped by last `labels` labels"}, - {"topTimeouts", true, "[top][, labels]", "show `top` queries that timed out, grouped by last `labels` labels"}, - {"TrailingDataRule", true, "", "Matches if the query has trailing data"}, - {"truncateTC", true, "bool", "if set (defaults to no starting with dnsdist 1.2.0) truncate TC=1 answers so they are actually empty. Fixes an issue for PowerDNS Authoritative Server 2.9.22. Note: turning this on breaks compatibility with RFC 6891."}, - {"unregisterDynBPFFilter", true, "DynBPFFilter", "unregister this dynamic BPF filter"}, - {"webserver", true, "address:port", "launch a webserver with stats on that address"}, - {"whashed", false, "", "Weighted hashed ('sticky') distribution over available servers, based on the server 'weight' parameter"}, - {"chashed", false, "", "Consistent hashed ('sticky') distribution over available servers, also based on the server 'weight' parameter"}, - {"wrandom", false, "", "Weighted random over available servers, based on the server 'weight' parameter"}, + {"newNMG", true, "", "Returns a NetmaskGroup"}, + {"newPacketCache", true, "maxEntries[, maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false, numberOfShards=1, deferrableInsertLock=true, options={}]", "return a new Packet Cache"}, + {"newQPSLimiter", true, "rate, burst", "configure a QPS limiter with that rate and that burst capacity"}, + {"newRemoteLogger", true, "address:port [, timeout=2, maxQueuedEntries=100, reconnectWaitTime=1]", "create a Remote Logger object, to use with `RemoteLogAction()` and `RemoteLogResponseAction()`"}, + {"newRuleAction", true, R"(DNS rule, DNS action [, {uuid="UUID", name="name"}])", "return a pair of DNS Rule and DNS Action, to be used with `setRules()`"}, + {"newServer", true, R"({address="ip:port", qps=1000, order=1, weight=10, pool="abuse", retries=5, tcpConnectTimeout=5, tcpSendTimeout=30, tcpRecvTimeout=30, checkName="a.root-servers.net.", checkType="A", maxCheckFailures=1, mustResolve=false, useClientSubnet=true, source="address|interface name|address@interface", sockets=1, reconnectOnUp=false})", "instantiate a server"}, + {"newServerPolicy", true, "name, function", "create a policy object from a Lua function"}, + {"newSuffixMatchNode", true, "", "returns a new SuffixMatchNode"}, + {"newSVCRecordParameters", true, "priority, target, mandatoryParams, alpns, noDefaultAlpn [, port [, ech [, ipv4hints [, ipv6hints [, additionalParameters ]]]]]", "return a new SVCRecordParameters object, to use with SpoofSVCAction"}, + {"NegativeAndSOAAction", true, "nxd, zone, ttl, mname, rname, serial, refresh, retry, expire, minimum [, options]", "Turn a query into a NXDomain or NoData answer and sets a SOA record in the additional section"}, + {"NoneAction", true, "", "Does nothing. Subsequent rules are processed after this action"}, + {"NotRule", true, "selector", "Matches the traffic if the selector rule does not match"}, + {"OpcodeRule", true, "code", "Matches queries with opcode code. code can be directly specified as an integer, or one of the built-in DNSOpcodes"}, + {"OrRule", true, "selectors", "Matches the traffic if one or more of the the selectors rules does match"}, + {"PoolAction", true, "poolname [, stop]", "set the packet into the specified pool"}, + {"PoolAvailableRule", true, "poolname", "Check whether a pool has any servers available to handle queries"}, + {"PoolOutstandingRule", true, "poolname, limit", "Check whether a pool has outstanding queries above limit"}, + {"printDNSCryptProviderFingerprint", true, R"("/path/to/providerPublic.key")", "display the fingerprint of the provided resolver public key"}, + {"ProbaRule", true, "probability", "Matches queries with a given probability. 1.0 means always"}, + {"ProxyProtocolValueRule", true, "type [, value]", "matches queries with a specified Proxy Protocol TLV value of that type, optionally matching the content of the option as well"}, + {"QClassRule", true, "qclass", "Matches queries with the specified qclass. class can be specified as an integer or as one of the built-in DNSClass"}, + {"QNameLabelsCountRule", true, "min, max", "matches if the qname has less than `min` or more than `max` labels"}, + {"QNameRule", true, "qname", "matches queries with the specified qname"}, + {"QNameSetRule", true, "set", "Matches if the set contains exact qname"}, + {"QNameWireLengthRule", true, "min, max", "matches if the qname's length on the wire is less than `min` or more than `max` bytes"}, + {"QPSAction", true, "maxqps", "Drop a packet if it does exceed the maxqps queries per second limits. Letting the subsequent rules apply otherwise"}, + {"QPSPoolAction", true, "maxqps, poolname [, stop]", "Send the packet into the specified pool only if it does not exceed the maxqps queries per second limits. Letting the subsequent rules apply otherwise"}, + {"QTypeRule", true, "qtype", "matches queries with the specified qtype"}, + {"RCodeAction", true, "rcode", "Reply immediately by turning the query into a response with the specified rcode"}, + {"RCodeRule", true, "rcode", "matches responses with the specified rcode"}, + {"RDRule", true, "", "Matches queries with the RD flag set"}, + {"RecordsCountRule", true, "section, minCount, maxCount", "Matches if there is at least minCount and at most maxCount records in the section section. section can be specified as an integer or as a DNS Packet Sections"}, + {"RecordsTypeCountRule", true, "section, qtype, minCount, maxCount", "Matches if there is at least minCount and at most maxCount records of type type in the section section"}, + {"RegexRule", true, "regex", "matches the query name against the supplied regex"}, + {"registerDynBPFFilter", true, "DynBPFFilter", "register this dynamic BPF filter into the web interface so that its counters are displayed"}, + {"reloadAllCertificates", true, "", "reload all DNSCrypt and TLS certificates, along with their associated keys"}, + {"RemoteLogAction", true, "RemoteLogger [, alterFunction [, serverID]]", "send the content of this query to a remote logger via Protocol Buffer. `alterFunction` is a callback, receiving a DNSQuestion and a DNSDistProtoBufMessage, that can be used to modify the Protocol Buffer content, for example for anonymization purposes. `serverID` is the server identifier."}, + {"RemoteLogResponseAction", true, "RemoteLogger [,alterFunction [,includeCNAME [, serverID]]]", "send the content of this response to a remote logger via Protocol Buffer. `alterFunction` is the same callback than the one in `RemoteLogAction` and `includeCNAME` indicates whether CNAME records inside the response should be parsed and exported. The default is to only exports A and AAAA records. `serverID` is the server identifier."}, + {"requestTCPStatesDump", true, "", "Request a dump of the TCP states (incoming connections, outgoing connections) during the next scan. Useful for debugging purposes only"}, + {"rmACL", true, "netmask", "remove netmask from ACL"}, + {"rmCacheHitResponseRule", true, "id", "remove cache hit response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, + {"rmCacheInsertedResponseRule", true, "id", "remove cache inserted response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, + {"rmResponseRule", true, "id", "remove response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, + {"rmRule", true, "id", "remove rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, + {"rmSelfAnsweredResponseRule", true, "id", "remove self-answered response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, + {"rmServer", true, "id", "remove server with index 'id' or whose uuid matches if 'id' is an UUID string"}, + {"rmXFRResponseRule", true, "id", "remove XFR response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID"}, + {"roundrobin", false, "", "Simple round robin over available servers"}, + {"sendCustomTrap", true, "str", "send a custom `SNMP` trap from Lua, containing the `str` string"}, + {"setACL", true, "{netmask, netmask}", "replace the ACL set with these netmasks. Use `setACL({})` to reset the list, meaning no one can use us"}, + {"setACLFromFile", true, "file", "replace the ACL set with netmasks in this file"}, + {"setAddEDNSToSelfGeneratedResponses", true, "add", "set whether to add EDNS to self-generated responses, provided that the initial query had EDNS"}, + {"setAllowEmptyResponse", true, "allow", "Set to true (defaults to false) to allow empty responses (qdcount=0) with a NoError or NXDomain rcode (default) from backends"}, + {"setAPIWritable", true, "bool, dir", "allow modifications via the API. if `dir` is set, it must be a valid directory where the configuration files will be written by the API"}, + {"setCacheCleaningDelay", true, "num", "Set the interval in seconds between two runs of the cache cleaning algorithm, removing expired entries"}, + {"setCacheCleaningPercentage", true, "num", "Set the percentage of the cache that the cache cleaning algorithm will try to free by removing expired entries. By default (100), all expired entries are remove"}, + {"setConsistentHashingBalancingFactor", true, "factor", "Set the balancing factor for bounded-load consistent hashing"}, + {"setConsoleACL", true, "{netmask, netmask}", "replace the console ACL set with these netmasks"}, + {"setConsoleConnectionsLogging", true, "enabled", "whether to log the opening and closing of console connections"}, + {"setConsoleMaximumConcurrentConnections", true, "max", "Set the maximum number of concurrent console connections"}, + {"setConsoleOutputMaxMsgSize", true, "messageSize", "set console message maximum size in bytes, default is 10 MB"}, + {"setDefaultBPFFilter", true, "filter", "When used at configuration time, the corresponding BPFFilter will be attached to every bind"}, + {"setDoHDownstreamCleanupInterval", true, "interval", "minimum interval in seconds between two cleanups of the idle DoH downstream connections"}, + {"setDoHDownstreamMaxIdleTime", true, "time", "Maximum time in seconds that a downstream DoH connection to a backend might stay idle"}, + {"setDynBlocksAction", true, "action", "set which action is performed when a query is blocked. Only DNSAction.Drop (the default) and DNSAction.Refused are supported"}, + {"setDynBlocksPurgeInterval", true, "sec", "set how often the expired dynamic block entries should be removed"}, + {"setDropEmptyQueries", true, "drop", "Whether to drop empty queries right away instead of sending a NOTIMP response"}, + {"setECSOverride", true, "bool", "whether to override an existing EDNS Client Subnet value in the query"}, + {"setECSSourcePrefixV4", true, "prefix-length", "the EDNS Client Subnet prefix-length used for IPv4 queries"}, + {"setECSSourcePrefixV6", true, "prefix-length", "the EDNS Client Subnet prefix-length used for IPv6 queries"}, + {"setKey", true, "key", "set access key to that key"}, + {"setLocal", true, R"(addr [, {doTCP=true, reusePort=false, tcpFastOpenQueueSize=0, interface="", cpus={}}])", "reset the list of addresses we listen on to this address"}, + {"setMaxCachedDoHConnectionsPerDownstream", true, "max", "Set the maximum number of inactive DoH connections to a backend cached by each worker DoH thread"}, + {"setMaxCachedTCPConnectionsPerDownstream", true, "max", "Set the maximum number of inactive TCP connections to a backend cached by each worker TCP thread"}, + {"setMaxTCPClientThreads", true, "n", "set the maximum of TCP client threads, handling TCP connections"}, + {"setMaxTCPConnectionDuration", true, "n", "set the maximum duration of an incoming TCP connection, in seconds. 0 means unlimited"}, + {"setMaxTCPConnectionsPerClient", true, "n", "set the maximum number of TCP connections per client. 0 means unlimited"}, + {"setMaxTCPQueriesPerConnection", true, "n", "set the maximum number of queries in an incoming TCP connection. 0 means unlimited"}, + {"setMaxTCPQueuedConnections", true, "n", "set the maximum number of TCP connections queued (waiting to be picked up by a client thread)"}, + {"setMaxUDPOutstanding", true, "n", "set the maximum number of outstanding UDP queries to a given backend server. This can only be set at configuration time and defaults to 65535"}, + {"setMetric", true, "name, value", "Set the value of a custom metric to the supplied value"}, + {"setPayloadSizeOnSelfGeneratedAnswers", true, "payloadSize", "set the UDP payload size advertised via EDNS on self-generated responses"}, + {"setPoolServerPolicy", true, "policy, pool", "set the server selection policy for this pool to that policy"}, + {"setPoolServerPolicyLua", true, "name, function, pool", "set the server selection policy for this pool to one named 'name' and provided by 'function'"}, + {"setPoolServerPolicyLuaFFI", true, "name, function, pool", "set the server selection policy for this pool to one named 'name' and provided by 'function'"}, + {"setPoolServerPolicyLuaFFIPerThread", true, "name, code", "set server selection policy for this pool to one named 'name' and returned by the Lua FFI code passed in 'code'"}, + {"setProxyProtocolACL", true, "{netmask, netmask}", "Set the netmasks who are allowed to send Proxy Protocol headers in front of queries/connections"}, + {"setProxyProtocolApplyACLToProxiedClients", true, "apply", "Whether the general ACL should be applied to the source IP address gathered from a Proxy Protocol header, in addition to being first applied to the source address seen by dnsdist"}, + {"setProxyProtocolMaximumPayloadSize", true, "max", "Set the maximum size of a Proxy Protocol payload, in bytes"}, + {"setQueryCount", true, "bool", "set whether queries should be counted"}, + {"setQueryCountFilter", true, "func", "filter queries that would be counted, where `func` is a function with parameter `dq` which decides whether a query should and how it should be counted"}, + {"SetReducedTTLResponseAction", true, "percentage", "Reduce the TTL of records in a response to a given percentage"}, + {"setRingBuffersLockRetries", true, "n", "set the number of attempts to get a non-blocking lock to a ringbuffer shard before blocking"}, + {"setRingBuffersOptions", true, "{ lockRetries=int, recordQueries=true, recordResponses=true }", "set ringbuffer options"}, + {"setRingBuffersSize", true, "n [, numberOfShards]", "set the capacity of the ringbuffers used for live traffic inspection to `n`, and optionally the number of shards to use to `numberOfShards`"}, + {"setRoundRobinFailOnNoServer", true, "value", "By default the roundrobin load-balancing policy will still try to select a backend even if all backends are currently down. Setting this to true will make the policy fail and return that no server is available instead"}, + {"setRules", true, "list of rules", "replace the current rules with the supplied list of pairs of DNS Rules and DNS Actions (see `newRuleAction()`)"}, + {"setSecurityPollInterval", true, "n", "set the security polling interval to `n` seconds"}, + {"setSecurityPollSuffix", true, "suffix", "set the security polling suffix to the specified value"}, + {"setServerPolicy", true, "policy", "set server selection policy to that policy"}, + {"setServerPolicyLua", true, "name, function", "set server selection policy to one named 'name' and provided by 'function'"}, + {"setServerPolicyLuaFFI", true, "name, function", "set server selection policy to one named 'name' and provided by the Lua FFI 'function'"}, + {"setServerPolicyLuaFFIPerThread", true, "name, code", "set server selection policy to one named 'name' and returned by the Lua FFI code passed in 'code'"}, + {"setServFailWhenNoServer", true, "bool", "if set, return a ServFail when no servers are available, instead of the default behaviour of dropping the query"}, + {"setStaleCacheEntriesTTL", true, "n", "allows using cache entries expired for at most n seconds when there is no backend available to answer for a query"}, + {"setStructuredLogging", true, "value [, options]", "set whether log messages should be in structured-logging-like format"}, + {"setSyslogFacility", true, "facility", "set the syslog logging facility to 'facility'. Defaults to LOG_DAEMON"}, + {"setTCPDownstreamCleanupInterval", true, "interval", "minimum interval in seconds between two cleanups of the idle TCP downstream connections"}, + {"setTCPFastOpenKey", true, "string", "TCP Fast Open Key"}, + {"setTCPDownstreamMaxIdleTime", true, "time", "Maximum time in seconds that a downstream TCP connection to a backend might stay idle"}, + {"setTCPInternalPipeBufferSize", true, "size", "Set the size in bytes of the internal buffer of the pipes used internally to distribute connections to TCP (and DoT) workers threads"}, + {"setTCPRecvTimeout", true, "n", "set the read timeout on TCP connections from the client, in seconds"}, + {"setTCPSendTimeout", true, "n", "set the write timeout on TCP connections from the client, in seconds"}, + {"setUDPMultipleMessagesVectorSize", true, "n", "set the size of the vector passed to recvmmsg() to receive UDP messages. Default to 1 which means that the feature is disabled and recvmsg() is used instead"}, + {"setUDPSocketBufferSizes", true, "recv, send", "Set the size of the receive (SO_RCVBUF) and send (SO_SNDBUF) buffers for incoming UDP sockets"}, + {"setUDPTimeout", true, "n", "set the maximum time dnsdist will wait for a response from a backend over UDP, in seconds"}, + {"setVerbose", true, "bool", "set whether log messages at the verbose level will be logged"}, + {"setVerboseHealthChecks", true, "bool", "set whether health check errors will be logged"}, + {"setVerboseLogDestination", true, "destination file", "Set a destination file to write the 'verbose' log messages to, instead of sending them to syslog and/or the standard output"}, + {"setWebserverConfig", true, "[{password=string, apiKey=string, customHeaders, statsRequireAuthentication}]", "Updates webserver configuration"}, + {"setWeightedBalancingFactor", true, "factor", "Set the balancing factor for bounded-load weighted policies (whashed, wrandom)"}, + {"setWHashedPertubation", true, "value", "Set the hash perturbation value to be used in the whashed policy instead of a random one, allowing to have consistent whashed results on different instance"}, + {"show", true, "string", "outputs `string`"}, + {"showACL", true, "", "show our ACL set"}, + {"showBinds", true, "", "show listening addresses (frontends)"}, + {"showCacheHitResponseRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined cache hit response rules, optionally with their UUIDs and optionally truncated to a given width"}, + {"showConsoleACL", true, "", "show our current console ACL set"}, + {"showDNSCryptBinds", true, "", "display the currently configured DNSCrypt binds"}, + {"showDOHFrontends", true, "", "list all the available DOH frontends"}, + {"showDOH3Frontends", true, "", "list all the available DOH3 frontends"}, + {"showDOHResponseCodes", true, "", "show the HTTP response code statistics for the DoH frontends"}, + {"showDOQFrontends", true, "", "list all the available DOQ frontends"}, + {"showDynBlocks", true, "", "show dynamic blocks in force"}, + {"showPools", true, "", "show the available pools"}, + {"showPoolServerPolicy", true, "pool", "show server selection policy for this pool"}, + {"showResponseLatency", true, "", "show a plot of the response time latency distribution"}, + {"showResponseRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined response rules, optionally with their UUIDs and optionally truncated to a given width"}, + {"showRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined rules, optionally with their UUIDs and optionally truncated to a given width"}, + {"showSecurityStatus", true, "", "Show the security status"}, + {"showSelfAnsweredResponseRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined self-answered response rules, optionally with their UUIDs and optionally truncated to a given width"}, + {"showServerPolicy", true, "", "show name of currently operational server selection policy"}, + {"showServers", true, "[{showUUIDs=false}]", "output all servers, optionally with their UUIDs"}, + {"showTCPStats", true, "", "show some statistics regarding TCP"}, + {"showTLSErrorCounters", true, "", "show metrics about TLS handshake failures"}, + {"showTLSFrontends", true, "", "list all the available TLS contexts"}, + {"showVersion", true, "", "show the current version"}, + {"showWebserverConfig", true, "", "Show the current webserver configuration"}, + {"shutdown", true, "", "shut down `dnsdist`"}, + {"snmpAgent", true, "enableTraps [, daemonSocket]", "enable `SNMP` support. `enableTraps` is a boolean indicating whether traps should be sent and `daemonSocket` an optional string specifying how to connect to the daemon agent"}, + {"SetAdditionalProxyProtocolValueAction", true, "type, value", "Add a Proxy Protocol TLV value of this type"}, + {"SetDisableECSAction", true, "", "Disable the sending of ECS to the backend. Subsequent rules are processed after this action."}, + {"SetDisableValidationAction", true, "", "set the CD bit in the question, let it go through"}, + {"SetECSAction", true, "v4[, v6]", "Set the ECS prefix and prefix length sent to backends to an arbitrary value"}, + {"SetECSOverrideAction", true, "override", "Whether an existing EDNS Client Subnet value should be overridden (true) or not (false). Subsequent rules are processed after this action"}, + {"SetECSPrefixLengthAction", true, "v4, v6", "Set the ECS prefix length. Subsequent rules are processed after this action"}, + {"SetMacAddrAction", true, "option", "Add the source MAC address to the query as EDNS0 option option. This action is currently only supported on Linux. Subsequent rules are processed after this action"}, + {"SetEDNSOptionAction", true, "option, data", "Add arbitrary EDNS option and data to the query. Subsequent rules are processed after this action"}, + {"SetExtendedDNSErrorAction", true, "infoCode [, extraText]", "Set an Extended DNS Error status that will be added to the response corresponding to the current query. Subsequent rules are processed after this action"}, + {"SetExtendedDNSErrorResponseAction", true, "infoCode [, extraText]", "Set an Extended DNS Error status that will be added to this response. Subsequent rules are processed after this action"}, + {"SetNoRecurseAction", true, "", "strip RD bit from the question, let it go through"}, + {"setOutgoingDoHWorkerThreads", true, "n", "Number of outgoing DoH worker threads"}, + {"SetProxyProtocolValuesAction", true, "values", "Set the Proxy-Protocol values for this queries to 'values'"}, + {"SetSkipCacheAction", true, "", "Don’t lookup the cache for this query, don’t store the answer"}, + {"SetSkipCacheResponseAction", true, "", "Don’t store this response into the cache"}, + {"SetTagAction", true, "name, value", "set the tag named 'name' to the given value"}, + {"SetTagResponseAction", true, "name, value", "set the tag named 'name' to the given value"}, + {"SetTempFailureCacheTTLAction", true, "ttl", "set packetcache TTL for temporary failure replies"}, + {"SNIRule", true, "name", "Create a rule which matches on the incoming TLS SNI value, if any (DoT or DoH)"}, + {"SNMPTrapAction", true, "[reason]", "send an SNMP trap, adding the optional `reason` string as the query description"}, + {"SNMPTrapResponseAction", true, "[reason]", "send an SNMP trap, adding the optional `reason` string as the response description"}, + {"SpoofAction", true, "ip|list of ips [, options]", "forge a response with the specified IPv4 (for an A query) or IPv6 (for an AAAA). If you specify multiple addresses, all that match the query type (A, AAAA or ANY) will get spoofed in"}, + {"SpoofCNAMEAction", true, "cname [, options]", "Forge a response with the specified CNAME value"}, + {"SpoofRawAction", true, "raw|list of raws [, options]", "Forge a response with the specified record data as raw bytes. If you specify multiple raws (it is assumed they match the query type), all will get spoofed in"}, + {"SpoofSVCAction", true, "list of svcParams [, options]", "Forge a response with the specified SVC record data"}, + {"SuffixMatchNodeRule", true, "smn[, quiet]", "Matches based on a group of domain suffixes for rapid testing of membership. Pass true as second parameter to prevent listing of all domains matched"}, + {"TagRule", true, "name [, value]", "matches if the tag named 'name' is present, with the given 'value' matching if any"}, + {"TCAction", true, "", "create answer to query with TC and RD bits set, to move to TCP"}, + {"TCPRule", true, "[tcp]", "Matches question received over TCP if tcp is true, over UDP otherwise"}, + {"TCResponseAction", true, "", "truncate a response"}, + {"TeeAction", true, "remote [, addECS [, local]]", "send copy of query to remote, optionally adding ECS info, optionally set local address"}, + {"testCrypto", true, "", "test of the crypto all works"}, + {"TimedIPSetRule", true, "", "Create a rule which matches a set of IP addresses which expire"}, + {"topBandwidth", true, "top", "show top-`top` clients that consume the most bandwidth over length of ringbuffer"}, + {"topCacheHitResponseRules", true, "[top][, vars]", "show `top` cache-hit response rules"}, + {"topCacheInsertedResponseRules", true, "[top][, vars]", "show `top` cache-inserted response rules"}, + {"topClients", true, "n", "show top-`n` clients sending the most queries over length of ringbuffer"}, + {"topQueries", true, "n[, labels]", "show top 'n' queries, as grouped when optionally cut down to 'labels' labels"}, + {"topResponses", true, "n, kind[, labels]", "show top 'n' responses with RCODE=kind (0=NO Error, 2=ServFail, 3=NXDomain), as grouped when optionally cut down to 'labels' labels"}, + {"topResponseRules", true, "[top][, vars]", "show `top` response rules"}, + {"topRules", true, "[top][, vars]", "show `top` rules"}, + {"topSelfAnsweredResponseRules", true, "[top][, vars]", "show `top` self-answered response rules"}, + {"topSlow", true, "[top][, limit][, labels]", "show `top` queries slower than `limit` milliseconds (timeouts excepted), grouped by last `labels` labels"}, + {"topTimeouts", true, "[top][, labels]", "show `top` queries that timed out, grouped by last `labels` labels"}, + {"TrailingDataRule", true, "", "Matches if the query has trailing data"}, + {"truncateTC", true, "bool", "if set (defaults to no starting with dnsdist 1.2.0) truncate TC=1 answers so they are actually empty. Fixes an issue for PowerDNS Authoritative Server 2.9.22. Note: turning this on breaks compatibility with RFC 6891."}, + {"unregisterDynBPFFilter", true, "DynBPFFilter", "unregister this dynamic BPF filter"}, + {"webserver", true, "address:port", "launch a webserver with stats on that address"}, + {"whashed", false, "", "Weighted hashed ('sticky') distribution over available servers, based on the server 'weight' parameter"}, + {"chashed", false, "", "Consistent hashed ('sticky') distribution over available servers, also based on the server 'weight' parameter"}, + {"wrandom", false, "", "Weighted random over available servers, based on the server 'weight' parameter"}, }; #if defined(HAVE_LIBEDIT) diff --git a/pdns/dnsdistdist/dnsdist-healthchecks.cc b/pdns/dnsdistdist/dnsdist-healthchecks.cc index 647cfa23e49f..be46106b01c5 100644 --- a/pdns/dnsdistdist/dnsdist-healthchecks.cc +++ b/pdns/dnsdistdist/dnsdist-healthchecks.cc @@ -51,10 +51,8 @@ struct HealthCheckData PacketBuffer d_buffer; Socket d_udpSocket; DNSName d_checkName; - struct timeval d_ttd - { - 0, 0 - }; + struct timeval d_ttd{ + 0, 0}; size_t d_bufferPos{0}; uint16_t d_checkType; uint16_t d_checkClass; @@ -462,9 +460,7 @@ void handleQueuedHealthChecks(FDMultiplexer& mplexer, bool initial) { const auto verboseHealthChecks = dnsdist::configuration::getCurrentRuntimeConfiguration().d_verboseHealthChecks; while (mplexer.getWatchedFDCount(false) > 0 || mplexer.getWatchedFDCount(true) > 0) { - struct timeval now - { - }; + struct timeval now{}; int ret = mplexer.run(&now, 100); if (ret == -1) { if (verboseHealthChecks) { diff --git a/pdns/dnsdistdist/dnsdist-idstate.hh b/pdns/dnsdistdist/dnsdist-idstate.hh index 48fdeefc3056..b69fe991de7b 100644 --- a/pdns/dnsdistdist/dnsdist-idstate.hh +++ b/pdns/dnsdistdist/dnsdist-idstate.hh @@ -79,10 +79,8 @@ struct StopWatch return d_start; } - struct timespec d_start - { - 0, 0 - }; + struct timespec d_start{ + 0, 0}; private: struct timespec getCurrentTime() const diff --git a/pdns/dnsdistdist/dnsdist-lua-bindings-network.cc b/pdns/dnsdistdist/dnsdist-lua-bindings-network.cc index 75d8447b65fc..7f95f1865ef6 100644 --- a/pdns/dnsdistdist/dnsdist-lua-bindings-network.cc +++ b/pdns/dnsdistdist/dnsdist-lua-bindings-network.cc @@ -62,7 +62,7 @@ void setupLuaBindingsNetwork(LuaContext& luaCtx, bool client) return std::make_shared(); }); - luaCtx.registerFunction::*)(const std::string&, uint16_t, std::function)>("addUnixListeningEndpoint", [client](std::shared_ptr& listener, const std::string& path, uint16_t endpointID, std::function cb) { + luaCtx.registerFunction::*)(const std::string&, uint16_t, std::function)>("addUnixListeningEndpoint", [client](std::shared_ptr& listener, const std::string& path, uint16_t endpointID, std::function cb) { if (client || !cb) { return false; } diff --git a/pdns/dnsdistdist/dnsdist-lua.cc b/pdns/dnsdistdist/dnsdist-lua.cc index 092da5fa83ad..464f0192251d 100644 --- a/pdns/dnsdistdist/dnsdist-lua.cc +++ b/pdns/dnsdistdist/dnsdist-lua.cc @@ -1350,7 +1350,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) g_outputBuffer = "Crypto failed..\n"; } #else - g_outputBuffer = "Crypto not available.\n"; + g_outputBuffer = "Crypto not available.\n"; #endif }); @@ -1848,9 +1848,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) return; } - struct stat dirStat - { - }; + struct stat dirStat{}; if (stat(dirname.c_str(), &dirStat) != 0) { errlog("The included directory %s does not exist!", dirname.c_str()); g_outputBuffer = "The included directory " + dirname + " does not exist!"; @@ -1871,9 +1869,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) if (boost::ends_with(name, ".conf")) { std::ostringstream namebuf; namebuf << dirname << "/" << name; - struct stat fileStat - { - }; + struct stat fileStat{}; if (stat(namebuf.str().c_str(), &fileStat) == 0 && S_ISREG(fileStat.st_mode)) { files.push_back(namebuf.str()); } @@ -2154,7 +2150,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) #ifdef HAVE_NGHTTP2 frontend->d_library = "nghttp2"; #else /* HAVE_NGHTTP2 */ - frontend->d_library = "h2o"; + frontend->d_library = "h2o"; #endif /* HAVE_NGHTTP2 */ } if (frontend->d_library == "h2o") { @@ -2163,8 +2159,8 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) // we _really_ need to set it again, as we just replaced the generic frontend by a new one frontend->d_library = "h2o"; #else /* HAVE_LIBH2OEVLOOP */ - errlog("DOH bind %s is configured to use libh2o but the library is not available", addr); - return; + errlog("DOH bind %s is configured to use libh2o but the library is not available", addr); + return; #endif /* HAVE_LIBH2OEVLOOP */ } else if (frontend->d_library == "nghttp2") { @@ -2281,7 +2277,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) #ifdef HAVE_LIBSSL const std::string provider("openssl"); #else - const std::string provider("gnutls"); + const std::string provider("gnutls"); #endif vinfolog("Loading default TLS provider '%s'", provider); } @@ -2302,7 +2298,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) config.d_frontends.push_back(std::move(clientState)); }); #else /* HAVE_DNS_OVER_HTTPS */ - throw std::runtime_error("addDOHLocal() called but DNS over HTTPS support is not present!"); + throw std::runtime_error("addDOHLocal() called but DNS over HTTPS support is not present!"); #endif /* HAVE_DNS_OVER_HTTPS */ }); @@ -2379,7 +2375,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) config.d_frontends.push_back(std::move(clientState)); }); #else - throw std::runtime_error("addDOH3Local() called but DNS over HTTP/3 support is not present!"); + throw std::runtime_error("addDOH3Local() called but DNS over HTTP/3 support is not present!"); #endif }); @@ -2456,7 +2452,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) config.d_frontends.push_back(std::move(clientState)); }); #else - throw std::runtime_error("addDOQLocal() called but DNS over QUIC support is not present!"); + throw std::runtime_error("addDOQLocal() called but DNS over QUIC support is not present!"); #endif }); @@ -2479,7 +2475,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) throw; } #else - g_outputBuffer = "DNS over QUIC support is not present!\n"; + g_outputBuffer = "DNS over QUIC support is not present!\n"; #endif }); @@ -2538,7 +2534,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) throw; } #else - g_outputBuffer = "DNS over HTTPS support is not present!\n"; + g_outputBuffer = "DNS over HTTPS support is not present!\n"; #endif }); @@ -2561,7 +2557,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) throw; } #else - g_outputBuffer = "DNS over HTTP3 support is not present!\n"; + g_outputBuffer = "DNS over HTTP3 support is not present!\n"; #endif }); @@ -2631,7 +2627,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) throw; } #else - g_outputBuffer = "DNS over HTTPS support is not present!\n"; + g_outputBuffer = "DNS over HTTPS support is not present!\n"; #endif }); @@ -2810,7 +2806,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) #ifdef HAVE_LIBSSL const std::string provider("openssl"); #else - const std::string provider("gnutls"); + const std::string provider("gnutls"); #endif vinfolog("Loading default TLS provider '%s'", provider); } @@ -2836,7 +2832,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) g_outputBuffer = "Error: " + string(e.what()) + "\n"; } #else - throw std::runtime_error("addTLSLocal() called but DNS over TLS support is not present!"); + throw std::runtime_error("addTLSLocal() called but DNS over TLS support is not present!"); #endif }); @@ -2860,7 +2856,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) throw; } #else - g_outputBuffer = "DNS over TLS support is not present!\n"; + g_outputBuffer = "DNS over TLS support is not present!\n"; #endif }); diff --git a/pdns/dnsdistdist/dnsdist-nghttp2-in.cc b/pdns/dnsdistdist/dnsdist-nghttp2-in.cc index c80da661fcfb..8c92b17eea95 100644 --- a/pdns/dnsdistdist/dnsdist-nghttp2-in.cc +++ b/pdns/dnsdistdist/dnsdist-nghttp2-in.cc @@ -155,9 +155,7 @@ class IncomingDoHCrossProtocolContext : public DOHUnitInterface state.du = std::move(unit); TCPResponse resp(std::move(response), std::move(state), nullptr, nullptr); resp.d_ds = downstream_; - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); conn->handleResponse(now, std::move(resp)); } @@ -170,9 +168,7 @@ class IncomingDoHCrossProtocolContext : public DOHUnitInterface /* the connection has been closed in the meantime */ return; } - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); TCPResponse resp; resp.d_idstate.d_streamID = d_streamID; @@ -356,9 +352,7 @@ class ReadFunctionGuard void IncomingHTTP2Connection::handleIO() { IOState iostate = IOState::Done; - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); try { @@ -877,9 +871,7 @@ void IncomingHTTP2Connection::handleIncomingQuery(IncomingHTTP2Connection::Pendi } try { - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); auto processingResult = handleQuery(std::move(query.d_buffer), now, streamID); diff --git a/pdns/dnsdistdist/dnsdist-nghttp2.cc b/pdns/dnsdistdist/dnsdist-nghttp2.cc index ed9ac00820a2..5635822224a0 100644 --- a/pdns/dnsdistdist/dnsdist-nghttp2.cc +++ b/pdns/dnsdistdist/dnsdist-nghttp2.cc @@ -130,10 +130,8 @@ uint32_t DoHConnectionToBackend::getConcurrentStreamsCount() const void DoHConnectionToBackend::handleResponse(PendingRequest&& request) { - struct timeval now - { - .tv_sec = 0, .tv_usec = 0 - }; + struct timeval now{ + .tv_sec = 0, .tv_usec = 0}; gettimeofday(&now, nullptr); try { @@ -181,10 +179,8 @@ void DoHConnectionToBackend::handleIOError() d_connectionDied = true; nghttp2_session_terminate_session(d_session.get(), NGHTTP2_PROTOCOL_ERROR); - struct timeval now - { - .tv_sec = 0, .tv_usec = 0 - }; + struct timeval now{ + .tv_sec = 0, .tv_usec = 0}; gettimeofday(&now, nullptr); for (auto& request : d_currentStreams) { @@ -379,10 +375,8 @@ void DoHConnectionToBackend::handleReadableIOCallback(int fd, FDMultiplexer::fun throw std::runtime_error("Fatal error while passing received data to nghttp2: " + std::string(nghttp2_strerror((int)readlen))); } - struct timeval now - { - .tv_sec = 0, .tv_usec = 0 - }; + struct timeval now{ + .tv_sec = 0, .tv_usec = 0}; gettimeofday(&now, nullptr); conn->d_lastDataReceivedTime = now; @@ -473,10 +467,8 @@ void DoHConnectionToBackend::stopIO() void DoHConnectionToBackend::updateIO(IOState newState, const FDMultiplexer::callbackfunc_t& callback, bool noTTD) { - struct timeval now - { - .tv_sec = 0, .tv_usec = 0 - }; + struct timeval now{ + .tv_sec = 0, .tv_usec = 0}; gettimeofday(&now, nullptr); boost::optional ttd{boost::none}; @@ -606,10 +598,8 @@ int DoHConnectionToBackend::on_frame_recv_callback(nghttp2_session* session, con } else { vinfolog("HTTP response has a non-200 status code: %d", request.d_responseCode); - struct timeval now - { - .tv_sec = 0, .tv_usec = 0 - }; + struct timeval now{ + .tv_sec = 0, .tv_usec = 0}; gettimeofday(&now, nullptr); @@ -664,10 +654,8 @@ int DoHConnectionToBackend::on_data_chunk_recv_callback(nghttp2_session* session } else { vinfolog("HTTP response has a non-200 status code: %d", request.d_responseCode); - struct timeval now - { - .tv_sec = 0, .tv_usec = 0 - }; + struct timeval now{ + .tv_sec = 0, .tv_usec = 0}; gettimeofday(&now, nullptr); @@ -701,10 +689,8 @@ int DoHConnectionToBackend::on_stream_close_callback(nghttp2_session* session, i return 0; } - struct timeval now - { - .tv_sec = 0, .tv_usec = 0 - }; + struct timeval now{ + .tv_sec = 0, .tv_usec = 0}; gettimeofday(&now, nullptr); auto request = std::move(stream->second); @@ -848,10 +834,8 @@ static void handleCrossProtocolQuery(int pipefd, FDMultiplexer::funcparam_t& par throw std::runtime_error("Error while reading from the DoH cross-protocol channel:" + std::string(e.what())); } - struct timeval now - { - .tv_sec = 0, .tv_usec = 0 - }; + struct timeval now{ + .tv_sec = 0, .tv_usec = 0}; gettimeofday(&now, nullptr); std::shared_ptr tqs = cpq->getTCPQuerySender(); @@ -877,10 +861,8 @@ static void dohClientThread(pdns::channel::Receiver&& receiv DoHClientThreadData data(std::move(receiver)); data.mplexer->addReadFD(data.d_receiver.getDescriptor(), handleCrossProtocolQuery, &data); - struct timeval now - { - .tv_sec = 0, .tv_usec = 0 - }; + struct timeval now{ + .tv_sec = 0, .tv_usec = 0}; gettimeofday(&now, nullptr); time_t lastTimeoutScan = now.tv_sec; @@ -1048,10 +1030,8 @@ bool initDoHWorkers() bool sendH2Query([[maybe_unused]] const std::shared_ptr& downstream, [[maybe_unused]] std::unique_ptr& mplexer, [[maybe_unused]] std::shared_ptr& sender, [[maybe_unused]] InternalQuery&& query, [[maybe_unused]] bool healthCheck) { #if defined(HAVE_DNS_OVER_HTTPS) && defined(HAVE_NGHTTP2) - struct timeval now - { - .tv_sec = 0, .tv_usec = 0 - }; + struct timeval now{ + .tv_sec = 0, .tv_usec = 0}; gettimeofday(&now, nullptr); if (healthCheck) { diff --git a/pdns/dnsdistdist/dnsdist-web.cc b/pdns/dnsdistdist/dnsdist-web.cc index 4baeb288e782..4eb57f6be51a 100644 --- a/pdns/dnsdistdist/dnsdist-web.cc +++ b/pdns/dnsdistdist/dnsdist-web.cc @@ -1678,9 +1678,7 @@ static void handleRings(const YaHTTP::Request& req, YaHTTP::Response& resp) size_t numberOfResponses = 0; Json::array queries; Json::array responses; - struct timespec now - { - }; + struct timespec now{}; gettime(&now); for (const auto& shard : g_rings.d_shards) { diff --git a/pdns/dnsdistdist/dnsdist.cc b/pdns/dnsdistdist/dnsdist.cc index a72f503508db..4482fba14209 100644 --- a/pdns/dnsdistdist/dnsdist.cc +++ b/pdns/dnsdistdist/dnsdist.cc @@ -2325,11 +2325,9 @@ static void healthChecksThread() setThreadName("dnsdist/healthC"); constexpr int intervalUsec = 1000 * 1000; - struct timeval lastRound - { + struct timeval lastRound{ .tv_sec = 0, - .tv_usec = 0 - }; + .tv_usec = 0}; for (;;) { timeval now{}; diff --git a/pdns/dnsdistdist/dolog.cc b/pdns/dnsdistdist/dolog.cc index ab5c538f94f9..fabfdbebccd0 100644 --- a/pdns/dnsdistdist/dolog.cc +++ b/pdns/dnsdistdist/dolog.cc @@ -55,9 +55,7 @@ void logTime(std::ostream& stream) std::array buffer{""}; if (LoggingConfiguration::getStructuredLogging() && LoggingConfiguration::getStructuredLoggingTimeFormat() == LoggingConfiguration::TimeFormat::Numeric) { - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); snprintf(buffer.data(), buffer.size(), "%lld.%03ld", static_cast(now.tv_sec), static_cast(now.tv_usec / 1000)); } @@ -69,9 +67,7 @@ void logTime(std::ostream& stream) time_t now{0}; time(&now); - struct tm localNow - { - }; + struct tm localNow{}; localtime_r(&now, &localNow); { diff --git a/pdns/dnsdistdist/test-dnsdist-connections-cache.cc b/pdns/dnsdistdist/test-dnsdist-connections-cache.cc index ef5d6779e077..ebc1dc0a7c28 100644 --- a/pdns/dnsdistdist/test-dnsdist-connections-cache.cc +++ b/pdns/dnsdistdist/test-dnsdist-connections-cache.cc @@ -82,10 +82,8 @@ class MockupConnection } std::shared_ptr d_ds; - struct timeval d_lastDataReceivedTime - { - 0, 0 - }; + struct timeval d_lastDataReceivedTime{ + 0, 0}; bool d_reusable{true}; bool d_usable{true}; bool d_idle{false}; diff --git a/pdns/dnsdistdist/test-dnsdistasync.cc b/pdns/dnsdistdist/test-dnsdistasync.cc index 3b7d09efbaa1..d7c3ea9d333d 100644 --- a/pdns/dnsdistdist/test-dnsdistasync.cc +++ b/pdns/dnsdistdist/test-dnsdistasync.cc @@ -115,9 +115,7 @@ BOOST_AUTO_TEST_CASE(test_TimeoutFailClose) auto holder = std::make_unique(false); uint16_t asyncID = 1; uint16_t queryID = 42; - struct timeval ttd - { - }; + struct timeval ttd{}; std::shared_ptr sender{nullptr}; { diff --git a/pdns/dnsdistdist/test-dnsdistnghttp2-in_cc.cc b/pdns/dnsdistdist/test-dnsdistnghttp2-in_cc.cc index d67288fe5737..7d8924ce999e 100644 --- a/pdns/dnsdistdist/test-dnsdistnghttp2-in_cc.cc +++ b/pdns/dnsdistdist/test-dnsdistnghttp2-in_cc.cc @@ -513,9 +513,7 @@ BOOST_FIXTURE_TEST_CASE(test_IncomingConnection_SelfAnswered, TestFixture) TCPClientThreadData threadData; threadData.mplexer = std::make_unique(); - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); size_t counter = 0; diff --git a/pdns/fstrm_logger.cc b/pdns/fstrm_logger.cc index 9e224790fd67..caa542ab314a 100644 --- a/pdns/fstrm_logger.cc +++ b/pdns/fstrm_logger.cc @@ -30,9 +30,7 @@ FrameStreamLogger::FrameStreamLogger(const int family, std::string address, bool } if (d_family == AF_UNIX) { - struct sockaddr_un local - { - }; + struct sockaddr_un local{}; if (makeUNsockaddr(d_address, &local) != 0) { throw std::runtime_error("FrameStreamLogger: Unable to use '" + d_address + "', it is not a valid UNIX socket path."); } diff --git a/pdns/mplexer.hh b/pdns/mplexer.hh index 3f22a4f85f37..df0f6ae79563 100644 --- a/pdns/mplexer.hh +++ b/pdns/mplexer.hh @@ -42,7 +42,7 @@ public: }; /** Very simple FD multiplexer, based on callbacks and boost::any parameters - As a special service, this parameter is kept around and can be modified, + As a special service, this parameter is kept around and can be modified, allowing for state to be stored inside the multiplexer. It has some "interesting" semantics diff --git a/pdns/recursordist/logging.cc b/pdns/recursordist/logging.cc index b16495d3e598..ef415f8262c0 100644 --- a/pdns/recursordist/logging.cc +++ b/pdns/recursordist/logging.cc @@ -166,8 +166,7 @@ const char* Logging::toTimestampStringMilli(const struct timeval& tval, std::arr static std::mutex mutex; auto lock = std::lock_guard(mutex); struct tm theTime // clang-format insists on formatting it like this - { - }; + {}; len = strftime(buf.data(), buf.size(), format.c_str(), localtime_r(&tval.tv_sec, &theTime)); } if (len == 0) { diff --git a/pdns/recursordist/lwres.cc b/pdns/recursordist/lwres.cc index 80368a310631..00af5b02471e 100644 --- a/pdns/recursordist/lwres.cc +++ b/pdns/recursordist/lwres.cc @@ -296,10 +296,8 @@ static bool tcpconnect(const ComboAddress& ip, TCPOutConnectionManager::Connecti return false; } - const struct timeval timeout - { - g_networkTimeoutMsec / 1000, static_cast(g_networkTimeoutMsec) % 1000 * 1000 - }; + const struct timeval timeout{ + g_networkTimeoutMsec / 1000, static_cast(g_networkTimeoutMsec) % 1000 * 1000}; Socket s(ip.sin4.sin_family, SOCK_STREAM); s.setNonBlocking(); setTCPNoDelay(s.getHandle()); diff --git a/pdns/recursordist/mtasker.hh b/pdns/recursordist/mtasker.hh index f23040914d5a..ea794ece02a7 100644 --- a/pdns/recursordist/mtasker.hh +++ b/pdns/recursordist/mtasker.hh @@ -50,9 +50,7 @@ public: { EventKey key; std::shared_ptr context; - struct timeval ttd - { - }; + struct timeval ttd{}; int tid{}; }; struct KeyTag @@ -266,18 +264,14 @@ int MTasker::waitEvent(EventKey& key, EventVal* val, un waiter.ttd.tv_sec = 0; waiter.ttd.tv_usec = 0; if (timeoutMsec != 0) { - struct timeval increment - { - }; + struct timeval increment{}; increment.tv_sec = timeoutMsec / 1000; increment.tv_usec = static_cast(1000 * (timeoutMsec % 1000)); if (now != nullptr) { waiter.ttd = increment + *now; } else { - struct timeval realnow - { - }; + struct timeval realnow{}; gettimeofday(&realnow, nullptr); waiter.ttd = increment + realnow; } diff --git a/pdns/recursordist/pdns_recursor.cc b/pdns/recursordist/pdns_recursor.cc index 559ff7aa06c0..a59ee8ab437c 100644 --- a/pdns/recursordist/pdns_recursor.cc +++ b/pdns/recursordist/pdns_recursor.cc @@ -1563,9 +1563,7 @@ void startDoResolve(void* arg) // NOLINT(readability-function-cognitive-complexi #ifdef HAVE_FSTRM if (hasUDR) { if (isEnabledForUDRs(t_nodFrameStreamServersInfo.servers)) { - struct timespec timeSpec - { - }; + struct timespec timeSpec{}; std::string str; if (g_useKernelTimestamp && comboWriter->d_kernelTimestamp.tv_sec != 0) { TIMEVAL_TO_TIMESPEC(&comboWriter->d_kernelTimestamp, &timeSpec); // NOLINT @@ -1722,9 +1720,7 @@ void startDoResolve(void* arg) // NOLINT(readability-function-cognitive-complexi nod = true; #ifdef HAVE_FSTRM if (isEnabledForNODs(t_nodFrameStreamServersInfo.servers)) { - struct timespec timeSpec - { - }; + struct timespec timeSpec{}; std::string str; if (g_useKernelTimestamp && comboWriter->d_kernelTimestamp.tv_sec != 0) { TIMEVAL_TO_TIMESPEC(&comboWriter->d_kernelTimestamp, &timeSpec); // NOLINT @@ -1793,12 +1789,8 @@ void startDoResolve(void* arg) // NOLINT(readability-function-cognitive-complexi } if (!comboWriter->d_tcp) { - struct msghdr msgh - { - }; - struct iovec iov - { - }; + struct msghdr msgh{}; + struct iovec iov{}; cmsgbuf_aligned cbuf{}; fillMSGHdr(&msgh, &iov, &cbuf, 0, reinterpret_cast(&*packet.begin()), packet.size(), &comboWriter->d_remote); // NOLINT(cppcoreguidelines-pro-type-reinterpret-cast) msgh.msg_control = nullptr; @@ -2313,12 +2305,8 @@ static string* doProcessUDPQuestion(const std::string& question, const ComboAddr "qname", Logging::Loggable(qname), "qtype", Logging::Loggable(QType(qtype)), "source", Logging::Loggable(source), "remote", Logging::Loggable(fromaddr))); } - struct msghdr msgh - { - }; - struct iovec iov - { - }; + struct msghdr msgh{}; + struct iovec iov{}; cmsgbuf_aligned cbuf{}; fillMSGHdr(&msgh, &iov, &cbuf, 0, reinterpret_cast(response.data()), response.length(), const_cast(&fromaddr)); // NOLINT(cppcoreguidelines-pro-type-reinterpret-cast,cppcoreguidelines-pro-type-const-cast) msgh.msg_control = nullptr; @@ -2343,9 +2331,7 @@ static string* doProcessUDPQuestion(const std::string& question, const ComboAddr << stringerror(sendErr) << endl, g_slogudpin->error(Logr::Error, sendErr, "Sending UDP reply to client failed", "source", Logging::Loggable(source), "remote", Logging::Loggable(fromaddr))); } - struct timeval now - { - }; + struct timeval now{}; Utility::gettimeofday(&now, nullptr); uint64_t spentUsec = uSec(now - tval); t_Counters.at(rec::Histogram::cumulativeAnswers)(spentUsec); @@ -2456,12 +2442,8 @@ static void handleNewUDPQuestion(int fileDesc, FDMultiplexer::funcparam_t& /* va ComboAddress fromaddr; // the address the query is coming from ComboAddress source; // the address we assume the query is coming from, might be set by proxy protocol ComboAddress destination; // the address we assume the query was sent to, might be set by proxy protocol - struct msghdr msgh - { - }; - struct iovec iov - { - }; + struct msghdr msgh{}; + struct iovec iov{}; cmsgbuf_aligned cbuf; bool firstQuery = true; std::vector proxyProtocolValues; diff --git a/pdns/recursordist/rec-carbon.cc b/pdns/recursordist/rec-carbon.cc index d0f77742cc75..1eecf86c5015 100644 --- a/pdns/recursordist/rec-carbon.cc +++ b/pdns/recursordist/rec-carbon.cc @@ -45,10 +45,8 @@ void doCarbonDump(void*) Socket s(remote.sin4.sin_family, SOCK_STREAM); s.setNonBlocking(); std::shared_ptr tlsCtx{nullptr}; - const struct timeval timeout - { - g_networkTimeoutMsec / 1000, static_cast(g_networkTimeoutMsec) % 1000 * 1000 - }; + const struct timeval timeout{ + g_networkTimeoutMsec / 1000, static_cast(g_networkTimeoutMsec) % 1000 * 1000}; auto handler = std::make_shared("", false, s.releaseHandle(), timeout, tlsCtx); handler->tryConnect(SyncRes::s_tcp_fast_open_connect, remote); // we do the connect so the first attempt happens while we gather stats diff --git a/pdns/recursordist/rec-eventtrace.cc b/pdns/recursordist/rec-eventtrace.cc index 8a3112d9cf86..beceebf1e7ef 100644 --- a/pdns/recursordist/rec-eventtrace.cc +++ b/pdns/recursordist/rec-eventtrace.cc @@ -21,10 +21,7 @@ */ #include "rec-eventtrace.hh" -#define NameEntry(M) \ - { \ - M, #M \ - } +#define NameEntry(M) {M, #M} const std::unordered_map RecEventTrace::s_eventNames = { NameEntry(CustomEvent), diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc index 2c0f123617b8..e0ea406d3c7c 100644 --- a/pdns/recursordist/rec-main.cc +++ b/pdns/recursordist/rec-main.cc @@ -2500,19 +2500,15 @@ class PeriodicTask } private: - struct timeval last_run - { - 0, 0 - }; + struct timeval last_run{ + 0, 0}; struct timeval period; string name; }; static void houseKeepingWork(Logr::log_t log) { - struct timeval now - { - }; + struct timeval now{}; Utility::gettimeofday(&now); t_Counters.updateSnap(now, g_regressionTestMode); @@ -2726,15 +2722,11 @@ static void runLuaMaintenance(RecThreadInfo& threadInfo, time_t& last_lua_mainte if (threadInfo.isWorker()) { // either UDP of TCP worker // Only on threads processing queries if (g_now.tv_sec - last_lua_maintenance >= luaMaintenanceInterval) { - struct timeval start - { - }; + struct timeval start{}; Utility::gettimeofday(&start); t_pdl->maintenance(); last_lua_maintenance = g_now.tv_sec; - struct timeval stop - { - }; + struct timeval stop{}; Utility::gettimeofday(&stop); t_Counters.at(rec::Counter::maintenanceUsec) += uSec(stop - start); ++t_Counters.at(rec::Counter::maintenanceCalls); diff --git a/pdns/recursordist/rec-main.hh b/pdns/recursordist/rec-main.hh index 1d07b75f3d51..5cbf1814fc56 100644 --- a/pdns/recursordist/rec-main.hh +++ b/pdns/recursordist/rec-main.hh @@ -118,10 +118,8 @@ struct DNSComboWriter string d_requestorId; string d_deviceId; string d_deviceName; - struct timeval d_kernelTimestamp - { - 0, 0 - }; + struct timeval d_kernelTimestamp{ + 0, 0}; std::string d_query; std::unordered_set d_policyTags; std::unordered_set d_gettagPolicyTags; diff --git a/pdns/recursordist/rec-tcp.cc b/pdns/recursordist/rec-tcp.cc index 21af9a44d4e6..b968ab12a0c5 100644 --- a/pdns/recursordist/rec-tcp.cc +++ b/pdns/recursordist/rec-tcp.cc @@ -291,9 +291,7 @@ static void doProtobufLogQuery(bool logQuery, LocalStateHolder& static void doProcessTCPQuestion(std::unique_ptr& comboWriter, shared_ptr& conn, RunningTCPQuestionGuard& tcpGuard, int fileDesc) { RecThreadInfo::self().incNumberOfDistributedQueries(); - struct timeval start - { - }; + struct timeval start{}; Utility::gettimeofday(&start, nullptr); DNSName qname; @@ -453,19 +451,15 @@ static void doProcessTCPQuestion(std::unique_ptr& comboWriter, s bool hadError = sendResponseOverTCP(comboWriter, response); finishTCPReply(comboWriter, hadError, false); - struct timeval now - { - }; + struct timeval now{}; Utility::gettimeofday(&now, nullptr); uint64_t spentUsec = uSec(now - start); t_Counters.at(rec::Histogram::cumulativeAnswers)(spentUsec); comboWriter->d_eventTrace.add(RecEventTrace::AnswerSent); if (t_protobufServers.servers && comboWriter->d_logResponse && (!luaconfsLocal->protobufExportConfig.taggedOnly || (pbData && pbData->d_tagged))) { - struct timeval tval - { - 0, 0 - }; + struct timeval tval{ + 0, 0}; protobufLogResponse(dnsheader, luaconfsLocal, pbData, tval, true, comboWriter->d_source, comboWriter->d_destination, comboWriter->d_mappedSource, comboWriter->d_ednssubnet, comboWriter->d_uuid, comboWriter->d_requestorId, comboWriter->d_deviceId, comboWriter->d_deviceName, comboWriter->d_meta, comboWriter->d_eventTrace, comboWriter->d_policyTags); } diff --git a/pdns/recursordist/reczones.cc b/pdns/recursordist/reczones.cc index ff3fbeeabda3..04d510205c5a 100644 --- a/pdns/recursordist/reczones.cc +++ b/pdns/recursordist/reczones.cc @@ -296,9 +296,7 @@ static void processApiZonesFile(const string& file, shared_ptr(tval.tv_sec)); @@ -1122,9 +1120,7 @@ const char* isoDateTimeMillis(const struct timeval& tval, timebuf_t& buf) static const char* timestamp(time_t arg, timebuf_t& buf) { const std::string s_timestampFormat = "%Y-%m-%dT%T"; - struct tm tmval - { - }; + struct tm tmval{}; size_t len = strftime(buf.data(), buf.size(), s_timestampFormat.c_str(), localtime_r(&arg, &tmval)); if (len == 0) { int ret = snprintf(buf.data(), buf.size(), "%lld", static_cast(arg)); @@ -6198,9 +6194,7 @@ int directResolve(const DNSName& qname, const QType qtype, const QClass qclass, { auto log = slog->withValues("qname", Logging::Loggable(qname), "qtype", Logging::Loggable(qtype)); - struct timeval now - { - }; + struct timeval now{}; gettimeofday(&now, nullptr); SyncRes resolver(now); diff --git a/pdns/recursordist/syncres.hh b/pdns/recursordist/syncres.hh index 45151b5ce7dd..c67a27f74b12 100644 --- a/pdns/recursordist/syncres.hh +++ b/pdns/recursordist/syncres.hh @@ -908,7 +908,7 @@ class ImmediateServFailException { public: ImmediateServFailException(string reason_) : - reason(std::move(reason_)){}; + reason(std::move(reason_)) {}; string reason; //! Print this to tell the user what went wrong }; diff --git a/pdns/recursordist/taskqueue.cc b/pdns/recursordist/taskqueue.cc index 7e268e4edfd9..d18a8cb8c9ca 100644 --- a/pdns/recursordist/taskqueue.cc +++ b/pdns/recursordist/taskqueue.cc @@ -52,9 +52,7 @@ bool ResolveTask::run(bool logErrors) const log->error(Logr::Debug, "null task"); return false; } - struct timeval now - { - }; + struct timeval now{}; Utility::gettimeofday(&now); if (d_deadline >= now.tv_sec) { d_func(now, logErrors, *this); diff --git a/pdns/recursordist/test-aggressive_nsec_cc.cc b/pdns/recursordist/test-aggressive_nsec_cc.cc index 2d1e1577ad80..948d7743d9ac 100644 --- a/pdns/recursordist/test-aggressive_nsec_cc.cc +++ b/pdns/recursordist/test-aggressive_nsec_cc.cc @@ -1087,9 +1087,7 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec_replace) const size_t testSize = 10000; auto cache = make_unique(testSize); - struct timeval now - { - }; + struct timeval now{}; Utility::gettimeofday(&now, nullptr); vector names; @@ -1239,9 +1237,7 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec_dump) expected.emplace_back("www.powerdns.org. 10 IN NSEC3 1 0 50 ab HASG==== A RRSIG NSEC3 by ./TYPE0\n"); expected.emplace_back("- RRSIG NSEC3 5 3 10 20370101000000 20370101000000 24567 dummy. data\n"); - struct timeval now - { - }; + struct timeval now{}; Utility::gettimeofday(&now, nullptr); DNSRecord rec; diff --git a/pdns/recursordist/test-mtasker.cc b/pdns/recursordist/test-mtasker.cc index fd9fd6b9cd74..3747443cbee6 100644 --- a/pdns/recursordist/test-mtasker.cc +++ b/pdns/recursordist/test-mtasker.cc @@ -178,9 +178,7 @@ BOOST_AUTO_TEST_CASE(test_MtaskerException) for (;;) { mt.schedule(now); - } - }, - std::exception); + } }, std::exception); } BOOST_AUTO_TEST_SUITE_END() diff --git a/pdns/recursordist/test-rec-tcounters_cc.cc b/pdns/recursordist/test-rec-tcounters_cc.cc index f77d5b297c21..a947e8bf49cb 100644 --- a/pdns/recursordist/test-rec-tcounters_cc.cc +++ b/pdns/recursordist/test-rec-tcounters_cc.cc @@ -104,10 +104,8 @@ BOOST_AUTO_TEST_CASE(update_with_sleep) if (dns_random(10000) == 0) { tlocal.updateSnap(); } - struct timespec interval - { - 0, dns_random(20 * 1000 * 1000) - }; + struct timespec interval{ + 0, dns_random(20 * 1000 * 1000)}; nanosleep(&interval, nullptr); } done++; @@ -120,10 +118,8 @@ BOOST_AUTO_TEST_CASE(update_with_sleep) if (dns_random(10000) == 0) { tlocal.updateSnap(); } - struct timespec interval - { - 0, dns_random(40 * 1000 * 1000) - }; + struct timespec interval{ + 0, dns_random(40 * 1000 * 1000)}; nanosleep(&interval, nullptr); } done++; @@ -135,10 +131,8 @@ BOOST_AUTO_TEST_CASE(update_with_sleep) auto avg = counts.at(rec::DoubleWAvgCounter::avgLatencyUsec).avg; // std::cerr << avg << std::endl; BOOST_CHECK(avg == 0.0 || (avg >= 1.1 && avg <= 2.2)); - struct timespec interval - { - 0, dns_random(80 * 1000 * 1000) - }; + struct timespec interval{ + 0, dns_random(80 * 1000 * 1000)}; nanosleep(&interval, nullptr); } }); diff --git a/pdns/recursordist/test-settings.cc b/pdns/recursordist/test-settings.cc index 25b649df4f77..a40a5288ca0d 100644 --- a/pdns/recursordist/test-settings.cc +++ b/pdns/recursordist/test-settings.cc @@ -100,9 +100,7 @@ BOOST_AUTO_TEST_CASE(test_rust_validation_with_error1) BOOST_CHECK_THROW({ auto settings = pdns::rust::settings::rec::parse_yaml_string(yaml); auto back = settings.to_yaml_string(); - settings.validate(); - }, - rust::Error); + settings.validate(); }, rust::Error); } BOOST_AUTO_TEST_CASE(test_rust_validation_with_error2) @@ -118,10 +116,7 @@ BOOST_AUTO_TEST_CASE(test_rust_validation_with_error2) auto settings = pdns::rust::settings::rec::parse_yaml_string(yaml); auto back = settings.to_yaml_string(); - BOOST_CHECK_THROW({ - settings.validate(); - }, - rust::Error); + BOOST_CHECK_THROW({ settings.validate(); }, rust::Error); } BOOST_AUTO_TEST_CASE(test_rust_validation_with_error3) @@ -137,9 +132,7 @@ BOOST_AUTO_TEST_CASE(test_rust_validation_with_error3) BOOST_CHECK_THROW({ auto settings = pdns::rust::settings::rec::parse_yaml_string(yaml); auto back = settings.to_yaml_string(); - settings.validate(); - }, - rust::Error); + settings.validate(); }, rust::Error); } BOOST_AUTO_TEST_CASE(test_rust_validation_with_error4) @@ -153,9 +146,7 @@ BOOST_AUTO_TEST_CASE(test_rust_validation_with_error4) BOOST_CHECK_THROW({ auto settings = pdns::rust::settings::rec::parse_yaml_string(yaml); auto back = settings.to_yaml_string(); - settings.validate(); - }, - rust::Error); + settings.validate(); }, rust::Error); } BOOST_AUTO_TEST_CASE(test_rust_validation_with_error5) @@ -194,9 +185,7 @@ BOOST_AUTO_TEST_CASE(test_rust_validation_with_error5) BOOST_CHECK_THROW({ auto settings = pdns::rust::settings::rec::parse_yaml_string(yamltest.str()); auto back = settings.to_yaml_string(); - settings.validate(); - }, - rust::Error); + settings.validate(); }, rust::Error); } } diff --git a/pdns/recursordist/test-syncres_cc8.cc b/pdns/recursordist/test-syncres_cc8.cc index ff08b91951bb..86e478938547 100644 --- a/pdns/recursordist/test-syncres_cc8.cc +++ b/pdns/recursordist/test-syncres_cc8.cc @@ -1141,7 +1141,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_ent_opt_out) * A recently discovered corner case (see RFC Errata ID 3441 [Err3441]) * shows that not only those delegations remain insecure but also the * empty non-terminal space that is derived from those delegations. - */ + */ /* We have a NSEC3 proving that was.here does exist, and a second one proving that ent.was.here. does not, diff --git a/pdns/recursordist/ws-recursor.cc b/pdns/recursordist/ws-recursor.cc index 8e548ecdc413..ddd258c2aef6 100644 --- a/pdns/recursordist/ws-recursor.cc +++ b/pdns/recursordist/ws-recursor.cc @@ -867,10 +867,8 @@ void AsyncWebServer::serveConnection(const std::shared_ptr& socket) cons yarl.initialize(&req); socket->setNonBlocking(); - const struct timeval timeout - { - g_networkTimeoutMsec / 1000, static_cast(g_networkTimeoutMsec) % 1000 * 1000 - }; + const struct timeval timeout{ + g_networkTimeoutMsec / 1000, static_cast(g_networkTimeoutMsec) % 1000 * 1000}; std::shared_ptr tlsCtx{nullptr}; if (d_loglevel > WebServer::LogLevel::None) { socket->getRemote(remote); diff --git a/pdns/recursordist/ws-recursor.hh b/pdns/recursordist/ws-recursor.hh index 18ab40b5b7fc..ae7db469f993 100644 --- a/pdns/recursordist/ws-recursor.hh +++ b/pdns/recursordist/ws-recursor.hh @@ -52,7 +52,7 @@ class AsyncWebServer : public WebServer { public: AsyncWebServer(FDMultiplexer* fdm, const string& listenaddress, int port) : - WebServer(listenaddress, port), d_fdm(fdm){}; + WebServer(listenaddress, port), d_fdm(fdm) {}; void go(); private: diff --git a/pdns/stubresolver.cc b/pdns/stubresolver.cc index 47b3d9854dbe..64615ba8e08e 100644 --- a/pdns/stubresolver.cc +++ b/pdns/stubresolver.cc @@ -50,9 +50,7 @@ bool resolversDefined() */ static void parseLocalResolvConf_locked(vector& resolversForStub, const time_t& now) { - struct stat statResult - { - }; + struct stat statResult{}; s_localResolvConfLastCheck = now; if (stat(LOCAL_RESOLV_CONF_PATH, &statResult) != -1) { @@ -159,9 +157,7 @@ int stubDoResolve(const DNSName& qname, uint16_t qtype, vector& r retry: sock.read(reply); // this calls recv if (reply.size() > sizeof(struct dnsheader)) { - struct dnsheader dHeader - { - }; + struct dnsheader dHeader{}; memcpy(&dHeader, reply.c_str(), sizeof(dHeader)); if (dHeader.id != packetWriter.getHeader()->id) { goto retry; diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index a2332109d6d9..c480ce441f21 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -609,9 +609,7 @@ static void gatherRecords(const Json& container, const DNSName& qname, const QTy } } else { - struct in6_addr tmpbuf - { - }; + struct in6_addr tmpbuf{}; if (inet_pton(AF_INET6, content.c_str(), &tmpbuf) != 1 || content.find('.') != string::npos) { throw std::runtime_error("Invalid IPv6 address"); }