...
 
Commits (568)
......@@ -38,6 +38,7 @@ _obj
/compile
/compile_commands.json
/depcomp
/distro/tests/*/.vagrant
/install-sh
/stamp-h1
/aclocal.m4
......@@ -49,7 +50,6 @@ _obj
/daemon/kresd
/daemon/lua/*.inc
/daemon/lua/trust_anchors.lua
/daemon/lua/zonefile.lua
/tests/test_array
/tests/test_lru
/tests/test_map
......
......@@ -4,6 +4,7 @@ variables:
DEBIAN_FRONTEND: noninteractive
LC_ALL: C.UTF-8
GIT_SUBMODULE_STRATEGY: recursive
GIT_STRATEGY: clone # sometimes unclean submodule dirs otherwise
COVERAGE: '1'
stages:
......@@ -28,13 +29,29 @@ build:clang:linux:amd64:
stage: build
image: $CI_REGISTRY/knot/knot-resolver/ci:debian-unstable # newer Debian for newer Clang
script:
- CXX=clang++-5.0 CC=clang-5.0 PREFIX=$(pwd)/.local make -k all CFLAGS=-Werror
- CXX=clang++-5.0 CC=clang-5.0 PREFIX=$(pwd)/.local make -k all "CFLAGS=-Werror -Wno-error=unused-command-line-argument"
- CXX=clang++-5.0 CC=clang-5.0 PREFIX=$(pwd)/.local make install CFLAGS=-Werror
tags:
- docker
- linux
- amd64
srpm:
stage: build
allow_failure: true # don't block testing pipeline in case of failure
image: $CI_REGISTRY/knot/knot-resolver/ci:fedora-27
script:
- scripts/make-srpm.sh
artifacts:
when: always
expire_in: '1 week'
paths:
- "*.src.rpm"
tags:
- docker
- linux
- amd64
lint:lua:
stage: test
dependencies: [] # do not download build artifacts
......@@ -58,7 +75,7 @@ lint:clang-scan-build:
image: $CI_REGISTRY/knot/knot-resolver/ci:debian-unstable # newer Debian for newer Clang
dependencies: [] # do not download build artifacts
script:
- MAKEFLAGS="-k -j$(nproc)" /usr/lib/llvm-5.0/bin/scan-build -o scan-results --status-bugs make
- MAKEFLAGS="-k -j$(nproc)" SCAN_BUILD="/usr/lib/llvm-5.0/bin/scan-build -o scan-results --status-bugs -no-failure-reports" ./tests/clang_scan_build.sh make
artifacts:
when: on_failure
expire_in: '1 day'
......@@ -99,8 +116,24 @@ installcheck:linux:amd64:
- linux
- amd64
doc:
stage: test
script:
- SPHINXFLAGS="-W" make doc
dependencies: []
artifacts:
expire_in: 1 hour
paths:
- ./doc/*
tags:
- docker
deckard:linux:amd64:
stage: test
except:
- schedules # prevent unstable test from cancelling nightly OBS build
script:
- PREFIX=$(pwd)/.local MAKEFLAGS="--jobs $(nproc) --keep-going" make check-integration
- PREFIX=$(pwd)/.local MAKEFLAGS="--jobs $(nproc)" make coverage-c coverage-lua COVERAGE_STAGE=gcov-deckard
......@@ -173,8 +206,8 @@ respdiff:iter:udp:linux:amd64:
- PREFIX=$(pwd)/.local ./ci/respdiff/start-resolvers.sh
- ./ci/respdiff/run-respdiff-tests.sh udp
- cat results/respdiff.txt
- echo 'test if mismatch rate >= 1 %'
- grep -q '^target diagrees.*0\.[0-9][0-9] %' results/respdiff.txt
- echo 'test if mismatch rate < 0.8 %'
- grep -q '^target disagrees.*0\.[0-7][0-9] %' results/respdiff.txt
- killall --wait kresd
- PREFIX=$(pwd)/.local MAKEFLAGS="--jobs $(nproc)" make coverage-c coverage-lua COVERAGE_STAGE=gcov-respdiff-iter-udp
dependencies:
......@@ -183,7 +216,10 @@ respdiff:iter:udp:linux:amd64:
when: always
expire_in: '1 week'
paths:
- kresd.log.xz
- results/*.txt
- results/*.svg
- results/respdiff.db/data.mdb.xz
- ./*.info
tags:
- docker
......@@ -197,8 +233,8 @@ respdiff:iter:tcp:linux:amd64:
- PREFIX=$(pwd)/.local ./ci/respdiff/start-resolvers.sh
- ./ci/respdiff/run-respdiff-tests.sh tcp
- cat results/respdiff.txt
- echo 'test if mismatch rate >= 1 %'
- grep -q '^target diagrees.*0\.[0-9][0-9] %' results/respdiff.txt
- echo 'test if mismatch rate < 0.8 %'
- grep -q '^target disagrees.*0\.[0-7][0-9] %' results/respdiff.txt
- killall --wait kresd
- PREFIX=$(pwd)/.local MAKEFLAGS="--jobs $(nproc)" make coverage-c coverage-lua COVERAGE_STAGE=gcov-respdiff-iter-tcp
dependencies:
......@@ -207,7 +243,10 @@ respdiff:iter:tcp:linux:amd64:
when: always
expire_in: '1 week'
paths:
- kresd.log.xz
- results/*.txt
- results/*.svg
- results/respdiff.db/data.mdb.xz
- ./*.info
tags:
- docker
......@@ -221,8 +260,8 @@ respdiff:iter:tls:linux:amd64:
- PREFIX=$(pwd)/.local ./ci/respdiff/start-resolvers.sh
- ./ci/respdiff/run-respdiff-tests.sh tls
- cat results/respdiff.txt
- echo 'test if mismatch rate >= 1 %'
- grep -q '^target diagrees.*0\.[0-9][0-9] %' results/respdiff.txt
- echo 'test if mismatch rate < 0.8 %'
- grep -q '^target disagrees.*0\.[0-7][0-9] %' results/respdiff.txt
- killall --wait kresd
- PREFIX=$(pwd)/.local MAKEFLAGS="--jobs $(nproc)" make coverage-c coverage-lua COVERAGE_STAGE=gcov-respdiff-iter-tls
dependencies:
......@@ -231,13 +270,54 @@ respdiff:iter:tls:linux:amd64:
when: always
expire_in: '1 week'
paths:
- kresd.log.xz
- results/*.txt
- results/*.svg
- results/respdiff.db/data.mdb.xz
- ./*.info
tags:
- docker
- linux
- amd64
distro:fedora-27:
stage: test
image: $CI_REGISTRY/knot/knot-resolver/ci:fedora-27
only:
- branches@knot/knot-resolver # do not trigger job for forks (no privileged runners)
dependencies:
- srpm
script:
- mock --old-chroot -r fedora-27-x86_64 --rebuild *.src.rpm
after_script:
- mv /var/lib/mock/fedora-27-x86_64/result fedora-27-x86_64
artifacts:
when: always
expire_in: '1 week'
paths:
- fedora-27-x86_64/
tags:
- privileged # mock requires additional capabilities (e.g. mount)
distro:epel-7:
stage: test
image: $CI_REGISTRY/knot/knot-resolver/ci:fedora-27
only:
- branches@knot/knot-resolver # do not trigger job for forks (no privileged runners)
dependencies:
- srpm
script:
- mock --dnf --old-chroot -r epel-7-x86_64 --rebuild *.src.rpm
after_script:
- mv /var/lib/mock/epel-7-x86_64/result epel-7-x86_64
artifacts:
when: always
expire_in: '1 week'
paths:
- epel-7-x86_64/
tags:
- privileged # mock require additional capabilities (e.g. mount)
# compute coverage for all runs
coverage:
stage: coverage
......@@ -275,6 +355,19 @@ pages:
paths:
- public
# trigger obs build for master branch
obs:devel:
stage: deploy
only:
- schedules
dependencies: []
script:
- scripts/make-archive.sh
- scripts/make-distrofiles.sh
- echo -e "[general]\napiurl = https://api.opensuse.org\n\n[https://api.opensuse.org]\nuser = CZ-NIC-automation\npass = $OBS_PASSWORD" > /root/.oscrc
- scripts/build-in-obs.sh knot-dns-devel # build against latest development version of knot
- scripts/build-in-obs.sh knot-resolver-devel # build against knot in knot-resolver-latest
#arm_build:
# image: cznic/armhf-ubuntu:16.04
# stage: build
......
......@@ -3,7 +3,7 @@
url = https://gitlab.labs.nic.cz/knot/deckard.git
[submodule "modules/policy/lua-aho-corasick"]
path = modules/policy/lua-aho-corasick
url = git://github.com/cloudflare/lua-aho-corasick.git
url = https://github.com/cloudflare/lua-aho-corasick.git
[submodule "tests/config/tapered"]
path = tests/config/tapered
url = https://github.com/telemachus/tapered.git
......@@ -76,4 +76,4 @@ files['daemon/lua/kres-gen.lua'].ignore = {'631'} -- Allow overly long lines
-- Tests and scripts can use global variables
files['scripts'].ignore = {'111', '112', '113'}
files['tests'].ignore = {'111', '112', '113'}
files['modules/*/*_test.lua'].ignore = {'111', '112', '113', '122'}
\ No newline at end of file
files['modules/**/*.test.lua'].ignore = {'111', '112', '113', '121', '122'}
......@@ -16,7 +16,7 @@ lint-lua: $(patsubst %.lua.in,%.lua,$(wildcard */*/*.lua.in))
.PHONY: all install check clean doc info lint
# Dependencies
KNOT_MINVER := 2.4.0
KNOT_MINVER := 2.6.4
$(eval $(call find_lib,libknot,$(KNOT_MINVER),yes))
$(eval $(call find_lib,libdnssec,$(KNOT_MINVER),yes))
$(eval $(call find_lib,libzscanner,$(KNOT_MINVER),yes))
......@@ -30,8 +30,8 @@ $(eval $(call find_lib,cmocka))
$(eval $(call find_bin,doxygen))
$(eval $(call find_bin,sphinx-build))
$(eval $(call find_pythonpkg,breathe))
$(eval $(call find_lib,libmemcached,1.0))
$(eval $(call find_lib,hiredis,,yes))
#$(eval $(call find_lib,libmemcached,1.0))
#$(eval $(call find_lib,hiredis,,yes))
$(eval $(call find_lib,socket_wrapper))
$(eval $(call find_lib,libsystemd,227))
$(eval $(call find_lib,gnutls))
......@@ -86,6 +86,7 @@ endif
info:
$(info Target: Knot DNS Resolver $(VERSION)-$(PLATFORM))
$(info Compiler: $(CC) $(BUILD_CFLAGS))
$(info Linker: $(CCLD) $(BUILD_LDFLAGS))
$(info )
$(info Variables)
$(info ---------)
......@@ -115,8 +116,8 @@ info:
$(info [$(HAS_sphinx-build)] sphinx-build (doc))
$(info [$(HAS_breathe)] python-breathe (doc))
$(info [$(HAS_go)] go (modules/go, Go buildmode=c-shared support))
$(info [$(HAS_libmemcached)] libmemcached (modules/memcached))
$(info [$(HAS_hiredis)] hiredis (modules/redis))
# $(info [$(HAS_libmemcached)] libmemcached (modules/memcached))
# $(info [$(HAS_hiredis)] hiredis (modules/redis))
$(info [$(HAS_cmocka)] cmocka (tests/unit))
$(info [$(HAS_libsystemd)] systemd (daemon))
$(info [$(HAS_nettle)] nettle (modules/cookies))
......@@ -171,7 +172,7 @@ endif
$(DESTDIR)$(MODULEDIR):
$(INSTALL) -d $@
$(DESTDIR)$(ETCDIR):
$(INSTALL) -m 0750 -d $@
$(INSTALL) -m 0755 -d $@
# Sub-targets
include contrib/contrib.mk
......
Knot Resolver 2.3.0 (2018-04-23)
================================
Security
--------
- fix CVE-2018-1110: denial of service triggered by malformed DNS messages
(!550, !558, security!2, security!4)
- increase resilience against slow lorris attack (security!5)
Bugfixes
--------
- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538)
- validation: fix SERVFAIL for DS . query (!544)
- lib/resolve: don't send unecessary queries to parent zone (!513)
- iterate: fix validation for zones where parent and child share NS (!543)
- TLS: improve error handling and documentation (!536, !555, !559)
Improvements
------------
- prefill: new module to periodically import root zone into cache
(replacement for RFC 7706, !511)
- network_listen_fd: always create end point for supervisor supplied file descriptor
- use CPPFLAGS build environment variable if set (!547)
Knot Resolver 2.2.0 (2018-03-28)
================================
New features
------------
- cache server unavailability to prevent flooding unreachable servers
(Please note that caching algorithm needs further optimization
and will change in further versions but we need to gather operational
experience first.)
Bugfixes
--------
- don't magically -D_FORTIFY_SOURCE=2 in some cases
- allow large responses for outbound over TCP
- fix crash with RR sets with over 255 records
Knot Resolver 2.1.1 (2018-02-23)
================================
Bugfixes
--------
- when iterating, avoid unnecessary queries for NS in insecure parent.
This problem worsened in 2.0.0. (#246)
- prevent UDP packet leaks when using TLS forwarding
- fix the hints module also on some other systems, e.g. Gentoo.
Knot Resolver 2.1.0 (2018-02-16)
================================
Incompatible changes
--------------------
- stats: remove tracking of expiring records (predict uses another way)
- systemd: re-use a single kresd.socket and kresd-tls.socket
- ta_sentinel: implement protocol draft-ietf-dnsop-kskroll-sentinel-01
(our draft-ietf-dnsop-kskroll-sentinel-00 implementation had inverted logic)
- libknot: require version 2.6.4 or newer to get bugfixes for DNS-over-TLS
Bugfixes
--------
- detect_time_jump module: don't clear cache on suspend-resume (#284)
- stats module: fix stats.list() returning nothing, regressed in 2.0.0
- policy.TLS_FORWARD: refusal when configuring with multiple IPs (#306)
- cache: fix broken refresh of insecure records that were about to expire
- fix the hints module on some systems, e.g. Fedora (came back on 2.0.0)
- build with older gnutls (conditionally disable features)
- fix the predict module to work with insecure records & cleanup code
Knot Resolver 2.0.0 (2018-01-31)
================================
Incompatible changes
--------------------
- systemd: change unit files to allow running multiple instances,
deployments with single instance now must use `kresd@1.service`
instead of `kresd.service`; see kresd.systemd(7) for details
- systemd: the directory for cache is now /var/cache/knot-resolver
- unify default directory and user to `knot-resolver`
- directory with trust anchor file specified by -k option must be writeable
- policy module is now loaded by default to enforce RFC 6761;
see documentation for policy.PASS if you use locally-served DNS zones
- drop support for alternative cache backends memcached, redis,
and for Lua bindings for some specific cache operations
- REORDER_RR option is not implemented (temporarily)
New features
------------
- aggressive caching of validated records (RFC 8198) for NSEC zones;
thanks to ICANN for sponsoring this work.
- forwarding over TLS, authenticated by SPKI pin or certificate.
policy.TLS_FORWARD pipelines queries out-of-order over shared TLS connection
Beware: Some resolvers do not support out-of-order query processing.
TLS forwarding to such resolvers will lead to slower resolution or failures.
- trust anchors: you may specify a read-only file via -K or --keyfile-ro
- trust anchors: at build-time you may set KEYFILE_DEFAULT (read-only)
- ta_sentinel module implements draft ietf-dnsop-kskroll-sentinel-00,
enabled by default
- serve_stale module is prototype, subject to change
- extended API for Lua modules
Bugfixes
--------
- fix build on osx - regressed in 1.5.3 (different linker option name)
Knot Resolver 1.5.3 (2018-01-23)
================================
Bugfixes
--------
- fix the hints module on some systems, e.g. Fedora.
Symptom: `undefined symbol: engine_hint_root_file`
Knot Resolver 1.5.2 (2018-01-22)
================================
Security
--------
- fix CVE-2018-1000002: insufficient DNSSEC validation, allowing
attackers to deny existence of some data by forging packets.
Some combinations pointed out in RFC 6840 sections 4.1 and 4.3
were not taken into account.
Bugfixes
--------
- memcached: fix fallout from module rename in 1.5.1
Knot Resolver 1.5.1 (2017-12-12)
================================
......@@ -37,6 +173,33 @@ Improvements
(e.g. avoids SERVFAIL when server adds extra records but omits RRSIGs)
Knot Resolver 1.99.1-alpha (2017-10-26)
=======================================
This is an experimental release meant for testing aggressive caching.
It contains some regressions and might (theoretically) be even vulnerable.
The current focus is to minimize queries into the root zone.
Improvements
------------
- negative answers from validated NSEC (NXDOMAIN, NODATA)
- verbose log is very chatty around cache operations (maybe too much)
Regressions
-----------
- dropped support for alternative cache backends
and for some specific cache operations
- caching doesn't yet work for various cases:
* negative answers without NSEC (i.e. with NSEC3 or insecure)
* +cd queries (needs other internal changes)
* positive wildcard answers
- spurious SERVFAIL on specific combinations of cached records, printing:
<= bad keys, broken trust chain
- make check
- a few Deckard tests are broken, probably due to some problems above
+ unknown ones?
Knot Resolver 1.4.0 (2017-09-22)
================================
......@@ -129,7 +292,7 @@ Improvements
------------
- major feature: support for forwarding with validation (#112).
The old policy.FORWARD action now does that; the previous non-validating
mode is still avaliable as policy.STUB except that also uses caching (#122).
mode is still available as policy.STUB except that also uses caching (#122).
- command line: specify ports via @ but still support # for compatibility
- policy: recognize 100.64.0.0/10 as local addresses
- layer/iterate: *do* retry repeatedly if REFUSED, as we can't yet easily
......@@ -310,8 +473,8 @@ Bugfixes:
- Free TCP buffer on cancelled connection.
- Fix crash in hints module on empty hints file, and fix non-lowercase hints.
Miscelaneous:
-------------
Miscellaneous:
--------------
- It now requires knot >= 2.3.1 to link successfully.
- The API+ABI for modules changed slightly.
- New LRU implementation.
......
......@@ -4,15 +4,13 @@
[![Coverage Status](https://gitlab.labs.nic.cz/knot/knot-resolver/badges/master/coverage.svg?x)](https://knot.pages.labs.nic.cz/knot-resolver/)
[![Coverity](https://img.shields.io/coverity/scan/3912.svg)](https://scan.coverity.com/projects/3912)
[![Documentation Status](https://readthedocs.org/projects/knot-resolver/badge/?version=latest)](https://readthedocs.org/projects/knot-resolver/?badge=latest)
[![Join the chat at gitter.im/CZ-NIC/knot-resolver](https://badges.gitter.im/Join%20Chat.svg?x)](https://gitter.im/CZ-NIC/knot-resolver?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
Knot DNS Resolver is a caching full resolver implementation written in C and [LuaJIT][luajit], both a resolver library and a daemon. The core architecture is tiny and efficient, and provides a foundation and
a state-machine like API for extensions. There are four of those built-in - *iterator*, *validator* and two caching modules. Most of the [rich features](https://knot-resolver.readthedocs.io/en/latest/modules.html) are written in Lua(JIT) and C. Batteries are included, but optional.
a state-machine like API for extensions. There are three modules built-in - *iterator*, *validator*, *cache*, and a few more are loaded by default. Most of the [rich features](https://knot-resolver.readthedocs.io/en/latest/modules.html) are written in Lua(JIT) and C. Batteries are included, but optional.
The LuaJIT modules, support DNS privacy and DNSSEC, and persistent cache with low memory footprint make it a great personal DNS resolver or a research tool to tap into DNS data. TL;DR it's the [OpenResty][openresty] of DNS.
Several cache backends (LMDB, Redis and Memcached), strong filtering rules, and auto-configuration with etcd make it a great large-scale resolver solution.
Strong filtering rules, and auto-configuration with etcd make it a great large-scale resolver solution.
The server adopts a [different scaling strategy][scaling] than the rest of the DNS recursors - no threading, shared-nothing architecture (except MVCC cache that may be shared) that allows you to pin instances on available CPU cores and grow by self-replication. You can start and stop additional nodes depending on the contention without downtime.
......@@ -20,16 +18,20 @@ It also has strong support for DNS over TCP, notably TCP Fast-Open, query pipeli
### Packages
Knot Resolver is packaged for
[Debian](https://packages.debian.org/sid/knot-resolver),
[Fedora](https://apps.fedoraproject.org/packages/knot-resolver/),
[Ubuntu](https://packages.ubuntu.com/zesty/knot-resolver),
[Homebrew](https://github.com/Homebrew/homebrew-core/blob/master/Formula/knot-resolver.rb) and
[NixOS/Nixpkgs](https://hydra.nixos.org/search?query=knot-resolver).
You can also find it as the default DNS resolver in our open-source router [Turris Omnia](https://omnia.turris.cz).
See the [Knot-resolver homepage](https://www.knot-resolver.cz/download/) for more information.
The latest stable packages for various distributions are available in our
[upstream repository](https://build.opensuse.org/package/show/home:CZ-NIC:knot-resolver-latest/knot-resolver).
Follow the
[installation instructions](https://software.opensuse.org//download.html?project=home%3ACZ-NIC%3Aknot-resolver-latest&package=knot-resolver)
to add this repository to your system.
Knot Resolver is also available from the following distributions' repositories.
<!-- [openSUSE](https://build.opensuse.org/package/show/server:dns/knot-resolver), (it seems to be in a bad shape) -->
* [Fedora and Fedora EPEL](https://apps.fedoraproject.org/packages/knot-resolver)
* [Debian stable](https://packages.debian.org/stable/knot-resolver),
[Debian testing](https://packages.debian.org/testing/knot-resolver),
[Debian unstable](https://packages.debian.org/sid/knot-resolver)
* [Ubuntu](https://packages.ubuntu.com/bionic/knot-resolver)
* [Arch Linux (AUR)](https://aur.archlinux.org/packages/knot-resolver)
### Building from sources
......@@ -56,9 +58,9 @@ $ kresd
See the documentation at [knot-resolver.readthedocs.io][doc] for more options.
[depends]: https://knot-resolver.readthedocs.io/en/latest/build.html
[doc]: https://knot-resolver.readthedocs.io/en/latest/index.html
[scaling]: https://knot-resolver.readthedocs.io/en/latest/daemon.html#scaling-out
[depends]: https://knot-resolver.readthedocs.io/en/stable/build.html
[doc]: https://knot-resolver.readthedocs.io/en/stable/index.html
[scaling]: https://knot-resolver.readthedocs.io/en/stable/daemon.html#scaling-out
[deckard]: https://gitlab.labs.nic.cz/knot/deckard
[luajit]: https://luajit.org/
[libuv]: http://libuv.org
......@@ -66,4 +68,7 @@ See the documentation at [knot-resolver.readthedocs.io][doc] for more options.
### Contacting us
[![Join the chat at https://gitter.im/CZ-NIC/knot-resolver](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/CZ-NIC/knot-resolver?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
- [GitLab issues](https://gitlab.labs.nic.cz/knot/knot-resolver/issues) (you may authenticate via GitHub)
- [mailing list](https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-resolver-users)
- [![Join the chat at https://gitter.im/CZ-NIC/knot-resolver](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/CZ-NIC/knot-resolver?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
......@@ -212,7 +212,7 @@ int main(int argc, char ** argv)
p_err("\nload everything:\t");
time_get(&time);
for (size_t i = 0, ki = key_count - 1; i < run_count; ++i, --ki) {
unsigned *r = lru_get_new(lru, keys[ki].chars, keys[ki].len);
unsigned *r = lru_get_new(lru, keys[ki].chars, keys[ki].len, NULL);
if (!r || *r == 0)
++miss;
if (r)
......
FROM debian:stable
MAINTAINER Knot Resolver <knot-resolver@labs.nic.cz>
WORKDIR /root
CMD ["/bin/bash"]
# generic cleanup
RUN apt-get update -qq
RUN apt-get upgrade -y -qqq
# Knot and Knot Resolver dependecies
RUN apt-get install -y -qqq make cmake pkg-config git build-essential bsdmainutils libtool autoconf make pkg-config liburcu-dev libgnutls28-dev libedit-dev liblmdb-dev libcap-ng-dev libsystemd-dev libidn11-dev protobuf-c-compiler libfstrm-dev pkg-config libuv1-dev libcmocka-dev libluajit-5.1-dev lua-sec lua-socket lua-http
# Python packags required for Deckard CI
# Python: grab latest versions from PyPi
# (dnspython and Augeas binding in Debian packages are slow and buggy)
RUN apt-get install -y -qqq python3-pip wget
RUN pip3 install --upgrade pip
RUN pip3 install pylint
RUN pip3 install pep8
# C dependencies for python-augeas
RUN apt-get install -y -qqq libaugeas-dev libffi-dev
# Python dependencies for Deckard
RUN wget https://gitlab.labs.nic.cz/knot/deckard/raw/master/requirements.txt -O /tmp/deckard-req.txt
RUN pip3 install -r /tmp/deckard-req.txt
# build and install latest version of Knot DNS
# (kresd depends on libknot and libdnssec)
RUN git clone --depth=1 --branch=2.6 https://gitlab.labs.nic.cz/knot/knot-dns.git /tmp/knot
WORKDIR /tmp/knot
RUN pwd
RUN autoreconf -if
RUN ./configure
RUN make
RUN make install
RUN ldconfig
# Valgrind for kresd CI
RUN apt-get install valgrind -y -qqq
RUN wget https://raw.githubusercontent.com/LuaJIT/LuaJIT/v2.0.4/src/lj.supp -O /lj.supp
# TODO: rebuild LuaJIT with Valgrind support
# Lua lint for kresd CI
RUN apt-get install luarocks -y -qqq
RUN luarocks install luacheck
# respdiff for kresd CI
RUN pip3 install dnspython python-augeas
RUN git clone --depth=1 https://gitlab.labs.nic.cz/knot/resolver-benchmarking.git /tmp/resolver-benchmarking
RUN mv /tmp/resolver-benchmarking/response_differences/respdiff /var/opt/respdiff
RUN pip3 install -r /tmp/resolver-benchmarking/requirements.txt
RUN rm -rf /tmp/resolver-benchmarking
# Unbound for respdiff
RUN apt-get install unbound unbound-anchor -y -qqq
RUN printf "server:\n interface: 127.0.0.1@53535\n use-syslog: yes\nremote-control:\n control-enable: no\n" >> /etc/unbound/unbound.conf
# BIND for respdiff
RUN apt-get install bind9 -y -qqq
RUN printf 'options {\n directory "/var/cache/bind";\n listen-on port 53533 { 127.0.0.1; };\n listen-on-v6 port 53533 { ::1; };\n};\n' > /etc/bind/named.conf.options
# PowerDNS Recursor for Deckard CI
RUN apt-get install pdns-recursor -y -qqq
# code coverage
RUN apt-get install -y -qqq lcov
RUN luarocks install luacov
# LuaJIT binary for stand-alone scripting
RUN apt-get install -y -qqq luajit
\ No newline at end of file
Dockerfile.debian
\ No newline at end of file
FROM debian:stable
MAINTAINER Knot Resolver <knot-resolver@labs.nic.cz>
WORKDIR /root
CMD ["/bin/bash"]
RUN echo "deb http://ftp.debian.org/debian stretch-backports main" >> /etc/apt/sources.list
# generic cleanup
RUN apt-get update -qq
RUN apt-get upgrade -y -qqq
# Knot and Knot Resolver dependecies
RUN apt-get -t stretch-backports install -y git
RUN apt-get install -y -qqq make cmake pkg-config build-essential bsdmainutils libtool autoconf make pkg-config liburcu-dev libgnutls28-dev libedit-dev liblmdb-dev libcap-ng-dev libsystemd-dev libidn11-dev protobuf-c-compiler libfstrm-dev pkg-config libuv1-dev libcmocka-dev libluajit-5.1-dev lua-sec lua-socket lua-http
# documentation dependecies
RUN apt-get install -y -qqq doxygen python3-sphinx python3-breathe python3-sphinx-rtd-theme
# Python packags required for Deckard CI
# Python: grab latest versions from PyPi
# (dnspython and Augeas binding in Debian packages are slow and buggy)
RUN apt-get install -y -qqq python3-pip wget augeas-tools
RUN pip3 install --upgrade pip
RUN pip3 install pylint
RUN pip3 install pep8
# C dependencies for python-augeas
RUN apt-get install -y -qqq libaugeas-dev libffi-dev
# Python dependencies for Deckard
RUN wget https://gitlab.labs.nic.cz/knot/deckard/raw/master/requirements.txt -O /tmp/deckard-req.txt
RUN pip3 install -r /tmp/deckard-req.txt
# build and install latest version of Knot DNS
# (kresd depends on libknot and libdnssec)
RUN git clone --depth=1 --branch=2.6 https://gitlab.labs.nic.cz/knot/knot-dns.git /tmp/knot
WORKDIR /tmp/knot
RUN pwd
RUN autoreconf -if
RUN ./configure
RUN make
RUN make install
RUN ldconfig
# Valgrind for kresd CI
RUN apt-get install valgrind -y -qqq
RUN wget https://raw.githubusercontent.com/LuaJIT/LuaJIT/v2.0.4/src/lj.supp -O /lj.supp
# TODO: rebuild LuaJIT with Valgrind support
# Lua lint for kresd CI
RUN apt-get install luarocks -y -qqq
RUN luarocks install luacheck
# respdiff for kresd CI
RUN apt-get install lmdb-utils -y -qqq
RUN pip3 install dnspython python-augeas
RUN git clone --depth=1 https://gitlab.labs.nic.cz/knot/resolver-benchmarking.git /tmp/resolver-benchmarking
RUN mv /tmp/resolver-benchmarking/response_differences/respdiff /var/opt/respdiff
RUN pip3 install -r /tmp/resolver-benchmarking/requirements.txt
RUN rm -rf /tmp/resolver-benchmarking
# Python static analysis for respdiff
RUN pip3 install mypy
RUN pip3 install flake8
# Unbound for respdiff
RUN apt-get install unbound unbound-anchor -y -qqq
RUN printf "server:\n interface: 127.0.0.1@53535\n use-syslog: yes\n do-ip6: no\nremote-control:\n control-enable: no\n" >> /etc/unbound/unbound.conf
# BIND for respdiff
RUN apt-get install bind9 -y -qqq
RUN printf '\nOPTIONS="-4 $OPTIONS"' >> /etc/default/bind9
RUN printf 'options {\n directory "/var/cache/bind";\n listen-on port 53533 { 127.0.0.1; };\n listen-on-v6 port 53533 { ::1; };\n};\n' > /etc/bind/named.conf.options
# PowerDNS Recursor for Deckard CI
RUN apt-get install pdns-recursor -y -qqq
# code coverage
RUN apt-get install -y -qqq lcov
RUN luarocks install luacov
# LuaJIT binary for stand-alone scripting
RUN apt-get install -y -qqq luajit
# OpenBuildService CLI tool
RUN apt-get install -y osc
FROM fedora:27
WORKDIR "/tmp"
CMD ["/bin/bash"]
RUN dnf install -y mock rpkg git
-- Refer to manual: https://knot-resolver.readthedocs.io/en/latest/daemon.html#configuration
-- Listen on localhost and external interface
net.listen('127.0.0.1', 5353)
net.listen('::1', 5353)
net.listen('127.0.0.1', 8853, { tls = true })
net.listen('::1', 8853, { tls = true })
net.ipv6=false
-- Auto-maintain root TA
trust_anchors.file = '.local/etc/kresd/root.keys'
trust_anchors.file = '.local/etc/knot-resolver/root.keys'
-- Large cache size, so we don't need to flush often
-- This can be larger than available RAM, least frequently accessed
......@@ -22,4 +21,4 @@ modules = {
'stats', -- Track internal statistics
}
verbose(false)
verbose(true)
[sendrecv]
# in seconds
timeout = 5
timeout = 11
# number of queries to run simultaneously
jobs = 64
# in seconds (float); delay each query by a random time (uniformly distributed) between min and max; set max to 0 to disable
time_delay_min = 0
time_delay_max = 0
[servers]
names = kresd, bind, unbound
......@@ -12,19 +15,25 @@ names = kresd, bind, unbound
# each symbolic name in [servers] section refers to config section
# containing IP address and port of particular server
[kresd]
ip = ::1
ip = 127.0.0.1
port = 5353
transport = tcp
graph_color = #00a2e2
restart_script = ./ci/respdiff/restart-kresd.sh
[bind]
ip = 127.0.0.1
port = 53533
transport = udp
graph_color = #e2a000
restart_script = ./ci/respdiff/restart-bind.sh
[unbound]
ip = 127.0.0.1
port = 53535
transport = udp
graph_color = #218669
restart_script = ./ci/respdiff/restart-unbound.sh
[diff]
# symbolic name of server under test
......@@ -38,5 +47,4 @@ criteria = opcode, rcode, flags, question, qname, qtype, answertypes, answerrrsi
[report]
# diffsum reports mismatches in field values in this order
# if particular message has multiple mismatches, it is counted only once into category with highest weight
field_weights = opcode, qcase, qtype, rcode, flags, answertypes, answerrrsigs, answer, authority, additional, edns, nsid
field_weights = timeout, opcode, qcase, qtype, rcode, flags, answertypes, answerrrsigs, answer, authority, additional, edns, nsid
[sendrecv]
# in seconds
timeout = 5
timeout = 11
# number of queries to run simultaneously
jobs = 64
# in seconds (float); delay each query by a random time (uniformly distributed) between min and max; set max to 0 to disable
time_delay_min = 0
time_delay_max = 0
[servers]
names = kresd, bind, unbound
......@@ -12,19 +15,25 @@ names = kresd, bind, unbound
# each symbolic name in [servers] section refers to config section
# containing IP address and port of particular server
[kresd]
ip = ::1
ip = 127.0.0.1
port = 8853
transport = tls
graph_color = #00a2e2
restart_script = ./ci/respdiff/restart-kresd.sh
[bind]
ip = 127.0.0.1
port = 53533
transport = udp
graph_color = #e2a000
restart_script = ./ci/respdiff/restart-bind.sh
[unbound]
ip = 127.0.0.1
port = 53535
transport = udp
graph_color = #218669
restart_script = ./ci/respdiff/restart-unbound.sh
[diff]
# symbolic name of server under test
......@@ -38,5 +47,4 @@ criteria = opcode, rcode, flags, question, qname, qtype, answertypes, answerrrsi
[report]
# diffsum reports mismatches in field values in this order
# if particular message has multiple mismatches, it is counted only once into category with highest weight
field_weights = opcode, qcase, qtype, rcode, flags, answertypes, answerrrsigs, answer, authority, additional, edns, nsid
field_weights = timeout, opcode, qcase, qtype, rcode, flags, answertypes, answerrrsigs, answer, authority, additional, edns, nsid
[sendrecv]
# in seconds
timeout = 5
timeout = 11
# number of queries to run simultaneously
jobs = 64
# in seconds (float); delay each query by a random time (uniformly distributed) between min and max; set max to 0 to disable
time_delay_min = 0
time_delay_max = 0
[servers]
names = kresd, bind, unbound
......@@ -12,19 +15,25 @@ names = kresd, bind, unbound
# each symbolic name in [servers] section refers to config section
# containing IP address and port of particular server
[kresd]
ip = ::1
ip = 127.0.0.1
port = 5353
transport = udp
graph_color = #00a2e2
restart_script = ./ci/respdiff/restart-kresd.sh
[bind]
ip = 127.0.0.1
port = 53533
transport = udp
graph_color = #e2a000
restart_script = ./ci/respdiff/restart-bind.sh
[unbound]
ip = 127.0.0.1
port = 53535
transport = udp
graph_color = #218669
restart_script = ./ci/respdiff/restart-unbound.sh
[diff]
# symbolic name of server under test
......@@ -38,5 +47,4 @@ criteria = opcode, rcode, flags, question, qname, qtype, answertypes, answerrrsi
[report]
# diffsum reports mismatches in field values in this order
# if particular message has multiple mismatches, it is counted only once into category with highest weight
field_weights = opcode, qcase, qtype, rcode, flags, answertypes, answerrrsigs, answer, authority, additional, edns, nsid
field_weights = timeout, opcode, qcase, qtype, rcode, flags, answertypes, answerrrsigs, answer, authority, additional, edns, nsid
#!/bin/sh
service bind9 restart
#!/bin/sh
exec > /dev/null
exec 2>&1
PREFIX=$(pwd)/.local
killall -w kresd
rm -f '*.mdb'
LD_LIBRARY_PATH=$PREFIX/lib $PREFIX/sbin/kresd -f 1 -q -c $(pwd)/ci/respdiff/kresd.config &>>kresd.log &
# wait until socket is receiving connections
sleep 1
#!/bin/sh
service unbound restart
......@@ -3,6 +3,8 @@
# respdiff scripts must be present in /var/opt/respdiff
set -o errexit -o nounset -o xtrace
NDIFFREPRO=3
wget https://gitlab.labs.nic.cz/knot/knot-resolver/snippets/69/raw?inline=false -O /tmp/queries.txt
mkdir results
rm -rf respdiff.db
......@@ -11,4 +13,13 @@ CONFIG="$(pwd)/ci/respdiff/respdiff-${1}.conf"
/var/opt/respdiff/qprep.py respdiff.db < /tmp/queries.txt
time /var/opt/respdiff/orchestrator.py respdiff.db -c "${CONFIG}"
time /var/opt/respdiff/msgdiff.py respdiff.db -c "${CONFIG}"
for i in $(seq $NDIFFREPRO); do
time /var/opt/respdiff/diffrepro.py -c "${CONFIG}" respdiff.db
done
/var/opt/respdiff/diffsum.py respdiff.db -c "${CONFIG}" > results/respdiff.txt
/var/opt/respdiff/histogram.py respdiff.db -c "${CONFIG}" -o results/histogram.svg
: minimize LMDB and log size so they can be effectively archived
mkdir results/respdiff.db
mdb_copy -c respdiff.db results/respdiff.db
xz -9 results/respdiff.db/data.mdb
xz kresd.log
......@@ -7,5 +7,5 @@ service bind9 start && service bind9 status;
# dig @localhost -p 53533
#run kresd
LD_LIBRARY_PATH=$PREFIX/lib $PREFIX/sbin/kresd -f 1 -q -c $(pwd)/ci/respdiff/kresd.config &
LD_LIBRARY_PATH=$PREFIX/lib $PREFIX/sbin/kresd -f 1 -q -c $(pwd)/ci/respdiff/kresd.config &>kresd.log &
# dig @localhost -p 5353
......@@ -90,7 +90,7 @@ const char *get_type_name(const char *value)
static void complete_function(EditLine * el)
{
//Add left parenthesis to function name.
//Add left parenthesis to function name.
el_insertstr(el, "(");
}
......@@ -392,7 +392,7 @@ static int interact()
//Create necessary folders.
char *dirs[3] =
{ afmt("%s/.local", home), afmt("%s/.local/share", home),
afmt("%s/.local/share/kresd/", home)
afmt("%s/.local/share/knot-resolver/", home)
};
bool ok = true;
for (int i = 0; i < 3; i++) {
......@@ -403,12 +403,12 @@ static int interact()
}
if (ok) {
hist_file =
afmt("%s/.local/share/kresd/" HISTORY_FILE, home);
afmt("%s/.local/share/knot-resolver/" HISTORY_FILE, home);
}
} else {
if (!mkdir(afmt("%s/kresd/", data_home), 0755)
if (!mkdir(afmt("%s/knot-resolver/", data_home), 0755)
|| errno == EEXIST) {
hist_file = afmt("%s/kresd/" HISTORY_FILE, data_home);
hist_file = afmt("%s/knot-resolver/" HISTORY_FILE, data_home);
}
}
......
# Project
MAJOR := 1
MINOR := 5
PATCH := 1
MAJOR := 2
MINOR := 3
PATCH := 0
EXTRA :=
ABIVER := 4
ABIVER := 7
BUILDMODE := dynamic
HARDENING := yes
......@@ -18,11 +18,12 @@ PKGCONFIGDIR ?= $(LIBDIR)/pkgconfig
MANDIR ?= $(PREFIX)/share/man
INCLUDEDIR ?= $(PREFIX)/include
MODULEDIR ?= $(LIBDIR)/kdns_modules
ETCDIR ?= $(PREFIX)/etc/kresd
ETCDIR ?= $(PREFIX)/etc/knot-resolver
ROOTHINTS ?= $(ETCDIR)/root.hints
COVERAGE_STAGE ?= gcov
COVERAGE_STATSDIR ?= $(CURDIR)/coverage.stats
TOPSRCDIR := $(CURDIR)
KEYFILE_DEFAULT ?=
# Tools
CC ?= cc
......@@ -33,11 +34,12 @@ INSTALL := install
# Flags
BUILD_LDFLAGS += $(LDFLAGS)
BUILD_CFLAGS := $(CFLAGS) -std=c99 -D_GNU_SOURCE -Wno-unused -Wtype-limits -Wformat -Wformat-security -Wall -I$(abspath .) -I$(abspath lib/generic) -I$(abspath contrib) -I$(abspath contrib/lmdb)
BUILD_CFLAGS := $(CFLAGS) $(CPPFLAGS) -std=c99 -D_GNU_SOURCE
BUILD_CFLAGS += -Wno-unused -Wtype-limits -Wformat -Wformat-security -Wall
BUILD_CFLAGS += -I$(abspath .) -I$(abspath lib/generic) -I$(abspath contrib)
BUILD_CFLAGS += -DPACKAGE_VERSION="\"$(VERSION)\"" -DPREFIX="\"$(PREFIX)\"" -DMODULEDIR="\"$(MODULEDIR)\""
BUILD_CFLAGS += -fvisibility=hidden
ifeq (,$(findstring -O,$(CFLAGS)))
BUILD_CFLAGS += -O2
endif
ifeq (,$(findstring -fsanitize=address,$(CFLAGS)))
BUILD_CFLAGS += -D_FORTIFY_SOURCE=2
endif
......@@ -4,6 +4,7 @@ contrib_SOURCES := \
contrib/ccan/isaac/isaac.c \
contrib/ccan/json/json.c \
contrib/ucw/mempool.c \
contrib/ucw/mempool-fmt.c \
contrib/murmurhash3/murmurhash3.c \
contrib/base32hex.c \
contrib/base64.c
......@@ -16,6 +17,7 @@ contrib_SOURCES += contrib/lmdb/mdb.c \
contrib/lmdb/midl.c
contrib_CFLAGS += -pthread
contrib_LIBS += -pthread
lmdb_CFLAGS += -I$(abspath contrib/lmdb)
endif
$(eval $(call make_static,contrib,contrib))
......@@ -15,6 +15,7 @@
#include <stdarg.h>
#include <stdbool.h>
#include <stdlib.h>
#ifdef CONFIG_UCW_CLEAN_ABI
#define assert_failed ucw_assert_failed
......
/*
* UCW Library -- Memory Pools (Formatting)
*
* (c) 2005 Martin Mares <mj@ucw.cz>
* (c) 2007 Pavel Charvat <pchar@ucw.cz>
*
* This software may be freely distributed and used according to the terms
* of the GNU Lesser General Public License.
*/
#include <ucw/lib.h>
#include <ucw/mempool.h>
#include <stdio.h>
#include <string.h>
static char *
mp_vprintf_at(struct mempool *mp, size_t ofs, const char *fmt, va_list args)
{
char *ret = mp_grow(mp, ofs + 1) + ofs;
va_list args2;
va_copy(args2, args);
int cnt = vsnprintf(ret, mp_avail(mp) - ofs, fmt, args2);
va_end(args2);
if (cnt < 0)
{
/* Our C library doesn't support C99 return value of vsnprintf, so we need to iterate */
do
{
ret = mp_expand(mp) + ofs;
va_copy(args2, args);
cnt = vsnprintf(ret, mp_avail(mp) - ofs, fmt, args2);
va_end(args2);
}
while (cnt < 0);
}
else if ((uint)cnt >= mp_avail(mp) - ofs)
{
ret = mp_grow(mp, ofs + cnt + 1) + ofs;
va_copy(args2, args);
vsnprintf(ret, cnt + 1, fmt, args2);
va_end(args2);
}
mp_end(mp, ret + cnt + 1);
return ret - ofs;
}
char *
mp_vprintf(struct mempool *mp, const char *fmt, va_list args)
{
mp_start(mp, 1);
return mp_vprintf_at(mp, 0, fmt, args);
}
char *
mp_printf(struct mempool *p, const char *fmt, ...)
{
va_list args;
va_start(args, fmt);
char *res = mp_vprintf(p, fmt, args);
va_end(args);
return res;
}
char *
mp_vprintf_append(struct mempool *mp, char *ptr, const char *fmt, va_list args)
{
size_t ofs = mp_open(mp, ptr);
ASSERT(ofs && !ptr[ofs - 1]);
return mp_vprintf_at(mp, ofs - 1, fmt, args);
}
char *
mp_printf_append(struct mempool *mp, char *ptr, const char *fmt, ...)
{
va_list args;
va_start(args, fmt);
char *res = mp_vprintf_append(mp, ptr, fmt, args);
va_end(args);
return res;
}
#ifdef TEST
int main(void)
{
struct mempool *mp = mp_new(64);
char *x = mp_printf(mp, "<Hello, %s!>", "World");
fputs(x, stdout);
x = mp_printf_append(mp, x, "<Appended>");
fputs(x, stdout);
x = mp_printf(mp, "<Hello, %50s!>\n", "World");
fputs(x, stdout);
return 0;
}
#endif
This diff is collapsed.
This diff is collapsed.
......@@ -7,6 +7,7 @@ kresd_SOURCES := \
daemon/ffimodule.c \
daemon/tls.c \
daemon/tls_ephemeral_credentials.c \
daemon/zimport.c \
daemon/main.c
kresd_DIST := daemon/lua/kres.lua daemon/lua/kres-gen.lua \
......@@ -56,21 +57,16 @@ daemon-install: kresd-install bindings-install
ifneq ($(SED),)
$(SED) -e "s/@VERSION@/$(VERSION)/" -e "s/@DATE@/$(date)/" \
-e "s|@MODULEDIR@|$(MODULEDIR)|" \
-e "s|@KEYFILE_DEFAULT@|$(KEYFILE_DEFAULT)|" \
doc/kresd.8.in > doc/kresd.8
$(INSTALL) -d -m 0755 $(DESTDIR)$(MANDIR)/man8/
$(INSTALL) -m 0644 doc/kresd.8 $(DESTDIR)$(MANDIR)/man8/
endif
daemon-clean: kresd-clean
@$(RM) daemon/lua/*.inc daemon/lua/trust_anchors.lua \
daemon/lua/zonefile.lua
@$(RM) daemon/lua/*.inc daemon/lua/trust_anchors.lua
daemon/lua/trust_anchors.lua: daemon/lua/trust_anchors.lua.in
@$(call quiet,SED,$<) -e "s|@ETCDIR@|$(ETCDIR)|g" $< > $@
LIBZSCANNER_COMMENTS := \
$(shell pkg-config libzscanner --atleast-version=2.4.2 && echo true || echo false)
daemon/lua/zonefile.lua: daemon/lua/zonefile.lua.in
@$(call quiet,SED,$<) -e "s|@LIBZSCANNER_COMMENTS@|$(LIBZSCANNER_COMMENTS)|g" $< > $@
@$(call quiet,SED,$<) -e "s|@ETCDIR@|$(ETCDIR)|g;s|@KEYFILE_DEFAULT@|$(KEYFILE_DEFAULT)|g" $< > $@
daemon/lua/kres-gen.lua: | $(libkres)
@echo "WARNING: regenerating $@"
......
......@@ -28,9 +28,9 @@
#include "daemon/bindings.h"
#include "daemon/ffimodule.h"
#include "lib/nsrep.h"
#include "lib/cache.h"
#include "lib/cache/api.h"
#include "lib/defines.h"
#include "lib/cdb_lmdb.h"
#include "lib/cache/cdb_lmdb.h"
#include "lib/dnssec/ta.h"
/** @internal Compatibility wrapper for Lua < 5.2 */
......@@ -472,6 +472,26 @@ static int l_tojson(lua_State *L)
return 1;
}
static int l_fromjson(lua_State *L)
{
if (lua_gettop(L) != 1 || !lua_isstring(L, 1)) {
lua_pushliteral(L, "a JSON string is required");
lua_error(L);
}
const char *json_str = lua_tostring(L, 1);
JsonNode *root_node = json_decode(json_str);
if (!root_node) {
lua_pushliteral(L, "invalid JSON string");
lua_error(L);
}
l_unpack_json(L, root_node);
json_delete(root_node);
return 1;
}
/** @internal Throw Lua error if expr is false */
#define expr_checked(expr) \
if (!(expr)) { lua_pushboolean(L, false); lua_rawseti(L, -2, lua_rawlen(L, -2) + 1); continue; }
......@@ -581,10 +601,11 @@ static int l_trampoline(lua_State *L)
static int init_resolver(struct engine *engine)
{
/* Open resolution context */
engine->resolver.trust_anchors = map_make();
engine->resolver.negative_anchors = map_make();
engine->resolver.trust_anchors = map_make(NULL);
engine->resolver.negative_anchors = map_make(NULL);
engine->resolver.pool = engine->pool;
engine->resolver.modules = &engine->modules;
engine->resolver.cache_rtt_tout_retry_interval = KR_NS_TIMEOUT_RETRY_INTERVAL;
/* Create OPT RR */
engine->resolver.opt_rr = mm_alloc(engine->pool, sizeof(knot_rrset_t));
if (!engine->resolver.opt_rr) {
......@@ -593,9 +614,8 @@ static int init_resolver(struct engine *engine)
knot_edns_init(engine->resolver.opt_rr, KR_EDNS_PAYLOAD, 0, KR_EDNS_VERSION, engine->pool);
/* Use default TLS padding */
engine->resolver.tls_padding = -1;
/* Set default root hints */
/* Empty init; filled via ./lua/config.lua */
kr_zonecut_init(&engine->resolver.root_hints, (const uint8_t *)"", engine->pool);
kr_zonecut_set_sbelt(&engine->resolver, &engine->resolver.root_hints);
/* Open NS rtt + reputation cache */
lru_create(&engine->resolver.cache_rtt, LRU_RTT_SIZE, engine->pool, NULL);
lru_create(&engine->resolver.cache_rep, LRU_REP_SIZE, engine->pool, NULL);
......@@ -604,8 +624,7 @@ static int init_resolver(struct engine *engine)
/* Load basic modules */
engine_register(engine, "iterate", NULL, NULL);
engine_register(engine, "validate", NULL, NULL);
engine_register(engine, "rrcache", NULL, NULL);
engine_register(engine, "pktcache", NULL, NULL);
engine_register(engine, "cache", NULL, NULL);
return array_push(engine->backends, kr_cdb_lmdb());
}
......@@ -643,6 +662,8 @@ static int init_state(struct engine *engine)
lua_setglobal(engine->L, "libzscanner_SONAME");
lua_pushcfunction(engine->L, l_tojson);
lua_setglobal(engine->L, "tojson");
lua_pushcfunction(engine->L, l_fromjson);
lua_setglobal(engine->L, "fromjson");
lua_pushcfunction(engine->L, l_map);
lua_setglobal(engine->L, "map");
lua_pushlightuserdata(engine->L, engine);
......@@ -650,19 +671,6 @@ static int init_state(struct engine *engine)
return kr_ok();
}
static enum lru_apply_do update_stat_item(const char *key, uint len,
unsigned *rtt, void *baton)
{
return *rtt > KR_NS_LONG ? LRU_APPLY_DO_EVICT : LRU_APPLY_DO_NOTHING;
}
/** @internal Walk RTT table, clearing all entries with bad score
* to compensate for intermittent network issues or temporary bad behaviour. */
static void update_state(uv_timer_t *handle)
{
struct engine *engine = handle->data;
lru_apply(engine->resolver.cache_rtt, update_stat_item, NULL);
}
/**
* Start luacov measurement and store results to file specified by
* KRESD_COVERAGE_STATS environment variable.
......@@ -704,6 +712,7 @@ int engine_init(struct engine *engine, knot_mm_t *pool)
int ret = init_state(engine);
if (ret != 0) {
engine_deinit(engine);
return ret;
}
init_measurement(engine);
/* Initialize resolver */
......@@ -723,8 +732,8 @@ static void engine_unload(struct engine *engine, struct kr_module *module)
/* Unregister module */
auto_free char *name = strdup(module->name);
kr_module_unload(module);
/* Clear in Lua world */
if (name) {
/* Clear in Lua world, but not for embedded modules ('cache' in particular). */
if (name && !kr_module_embedded(name)) {
lua_pushnil(engine->L);
lua_setglobal(engine->L, name);
}
......@@ -811,9 +820,8 @@ int engine_ipc(struct engine *engine, const char *expr)
}
}