diff --git a/kong/core/globalpatches.lua b/kong/core/globalpatches.lua index 433f92905290..845d8c3a03f1 100644 --- a/kong/core/globalpatches.lua +++ b/kong/core/globalpatches.lua @@ -32,3 +32,33 @@ _G.math.randomseed = function() return seed end +--- Patch the TCP connect method such that all connections will be resolved +-- first by the internal DNS resolver. +-- STEP 1: load code that should not be using the patched versions +require "resty.dns.resolver" -- will cache TCP and UDP functions +-- STEP 2: forward declaration of locals to hold stuff loaded AFTER patching +local toip +-- STEP 3: store original unpatched versions +local old_tcp = ngx.socket.tcp +-- STEP 4: patch globals +_G.ngx.socket.tcp = function(...) + local sock = old_tcp(...) + local old_connect = sock.connect + sock.connect = function(s, host, port, sock_opts) + local target_ip, target_port = toip(host, port) + + if not target_ip then + return nil, target_port + else + -- need to do the extra check here: https://github.com/openresty/lua-nginx-module/issues/860 + if not sock_opts then + return old_connect(s, target_ip, target_port) + else + return old_connect(s, target_ip, target_port, sock_opts) + end + end + end + return sock +end +-- STEP 5: load code that should be using the patched versions, if any (because of dependency chain) +toip = require("dns.client").toip -- this will load utils and penlight modules for example diff --git a/kong/plugins/galileo/buffer.lua b/kong/plugins/galileo/buffer.lua index 07752f72a065..0f0f1ac93039 100644 --- a/kong/plugins/galileo/buffer.lua +++ b/kong/plugins/galileo/buffer.lua @@ -21,7 +21,6 @@ local alf_serializer = require "kong.plugins.galileo.alf" local http = require "resty.http" -local connect = require("kong.singletons").dns.connect local setmetatable = setmetatable local timer_at = ngx.timer.at @@ -112,7 +111,7 @@ _send = function(premature, self, to_send) local client = http.new() client:set_timeout(self.connection_timeout) - local ok, err = connect(client, self.host, self.port) + local ok, err = client:connect(self.host, self.port) if not ok then retry = true log(ERR, "could not connect to Galileo collector: ", err) diff --git a/kong/plugins/http-log/handler.lua b/kong/plugins/http-log/handler.lua index 7ba18fa35990..5ab42e4ff9c7 100644 --- a/kong/plugins/http-log/handler.lua +++ b/kong/plugins/http-log/handler.lua @@ -2,7 +2,6 @@ local basic_serializer = require "kong.plugins.log-serializers.basic" local BasePlugin = require "kong.plugins.base_plugin" local cjson = require "cjson" local url = require "socket.url" -local connect = require("kong.singletons").dns.connect local HttpLogHandler = BasePlugin:extend() @@ -55,7 +54,7 @@ local function log(premature, conf, body, name) local sock = ngx.socket.tcp() sock:settimeout(conf.timeout) - ok, err = connect(sock, host, port) + ok, err = sock:connect(host, port) if not ok then ngx.log(ngx.ERR, name.."failed to connect to "..host..":"..tostring(port)..": ", err) return diff --git a/kong/plugins/ldap-auth/access.lua b/kong/plugins/ldap-auth/access.lua index 534a545b1231..50c764dc4b56 100644 --- a/kong/plugins/ldap-auth/access.lua +++ b/kong/plugins/ldap-auth/access.lua @@ -1,4 +1,3 @@ -local singletons = require "kong.singletons" local responses = require "kong.tools.responses" local constants = require "kong.constants" local cache = require "kong.tools.database_cache" @@ -12,7 +11,6 @@ local ngx_debug = ngx.DEBUG local decode_base64 = ngx.decode_base64 local ngx_socket_tcp = ngx.socket.tcp local tostring = tostring -local connect = singletons.dns.connect local AUTHORIZATION = "authorization" local PROXY_AUTHORIZATION = "proxy-authorization" @@ -40,7 +38,7 @@ local function ldap_authenticate(given_username, given_password, conf) local sock = ngx_socket_tcp() sock:settimeout(conf.timeout) - ok, error = connect(sock, conf.ldap_host, conf.ldap_port) + ok, error = sock:connect(conf.ldap_host, conf.ldap_port) if not ok then ngx_log(ngx_error, "[ldap-auth] failed to connect to "..conf.ldap_host..":"..tostring(conf.ldap_port)..": ", error) return responses.send_HTTP_INTERNAL_SERVER_ERROR(error) diff --git a/kong/plugins/rate-limiting/policies.lua b/kong/plugins/rate-limiting/policies.lua index d98cf8c72121..22b8f56530af 100644 --- a/kong/plugins/rate-limiting/policies.lua +++ b/kong/plugins/rate-limiting/policies.lua @@ -65,7 +65,7 @@ return { increment = function(conf, api_id, identifier, current_timestamp, value) local red = redis:new() red:set_timeout(conf.redis_timeout) - local ok, err = connect(red, conf.redis_host, conf.redis_port) + local ok, err = red:connect(conf.redis_host, conf.redis_port) if not ok then ngx_log(ngx.ERR, "failed to connect to Redis: ", err) return @@ -110,7 +110,7 @@ return { usage = function(conf, api_id, identifier, current_timestamp, name) local red = redis:new() red:set_timeout(conf.redis_timeout) - local ok, err = connect(red, conf.redis_host, conf.redis_port) + local ok, err = red:connect(conf.redis_host, conf.redis_port) if not ok then ngx_log(ngx.ERR, "failed to connect to Redis: ", err) return diff --git a/kong/plugins/response-ratelimiting/policies.lua b/kong/plugins/response-ratelimiting/policies.lua index 305aefacdb42..a726d86631f2 100644 --- a/kong/plugins/response-ratelimiting/policies.lua +++ b/kong/plugins/response-ratelimiting/policies.lua @@ -3,7 +3,6 @@ local timestamp = require "kong.tools.timestamp" local cache = require "kong.tools.database_cache" local redis = require "resty.redis" local ngx_log = ngx.log -local connect = require("kong.singletons").dns.connect local pairs = pairs local fmt = string.format @@ -66,7 +65,7 @@ return { increment = function(conf, api_id, identifier, current_timestamp, value, name) local red = redis:new() red:set_timeout(conf.redis_timeout) - local ok, err = connect(red, conf.redis_host, conf.redis_port) + local ok, err = red:connect(conf.redis_host, conf.redis_port) if not ok then ngx_log(ngx.ERR, "failed to connect to Redis: ", err) return @@ -111,7 +110,7 @@ return { usage = function(conf, api_id, identifier, current_timestamp, period, name) local red = redis:new() red:set_timeout(conf.redis_timeout) - local ok, err = connect(red, conf.redis_host, conf.redis_port) + local ok, err = red:connect(conf.redis_host, conf.redis_port) if not ok then ngx_log(ngx.ERR, "failed to connect to Redis: ", err) return diff --git a/kong/plugins/runscope/log.lua b/kong/plugins/runscope/log.lua index 7515776d098f..6fd13dca59d9 100644 --- a/kong/plugins/runscope/log.lua +++ b/kong/plugins/runscope/log.lua @@ -1,6 +1,5 @@ local cjson = require "cjson" local url = require "socket.url" -local connect = require("kong.singletons").dns.connect local _M = {} @@ -60,7 +59,7 @@ local function log(premature, conf, message) local sock = ngx.socket.tcp() sock:settimeout(conf.timeout) - ok, err = connect(sock, host, port) + ok, err = sock:connect(host, port) if not ok then ngx_log(ngx_log_ERR, "[runscope] failed to connect to "..host..":"..tostring(port)..": ", err) return diff --git a/kong/plugins/tcp-log/handler.lua b/kong/plugins/tcp-log/handler.lua index cab8fd9111c9..ee5182b59ecb 100644 --- a/kong/plugins/tcp-log/handler.lua +++ b/kong/plugins/tcp-log/handler.lua @@ -1,8 +1,6 @@ local BasePlugin = require "kong.plugins.base_plugin" local basic_serializer = require "kong.plugins.log-serializers.basic" local cjson = require "cjson" -local singletons = require "kong.singletons" -local connect = singletons.dns.connect local TcpLogHandler = BasePlugin:extend() @@ -18,7 +16,7 @@ local function log(premature, conf, message) local sock = ngx.socket.tcp() sock:settimeout(timeout) - ok, err = connect(sock, host, port) + ok, err = sock:connect(host, port) if not ok then ngx.log(ngx.ERR, "[tcp-log] failed to connect to "..host..":"..tostring(port)..": ", err) return