Commit 99fadb7f authored by Vladimír Čunát's avatar Vladimír Čunát

Merge !733: various nitpicks, mainly docs

parents d5f80fc1 cb648196
......@@ -625,7 +625,7 @@ using :c:func:`net.tls()`.
`secret leaks eventually <https://en.wikipedia.org/wiki/Forward_secrecy>`_.
.. warning:: **Setting the secret is probably too risky with TLS <= 1.2**.
At this moment no GnuTLS stable release even supports TLS 1.3.
GnuTLS stable release supports TLS 1.3 since 3.6.3 (summer 2018).
Therefore setting the secrets should be considered experimental for now
and might not be available on your system.
......
......@@ -421,6 +421,8 @@ static int run_worker(uv_loop_t *loop, struct engine *engine, fd_array_t *ipc_se
* Otherwise we would abort() from libuv e.g. with </dev/null */
if (args->interactive) switch (uv_guess_handle(0)) {
case UV_TTY: /* standard terminal */
/* TODO: it has worked OK so far, but we'd better use uv_tty_*
* for this case instead of uv_pipe_*. */
case UV_NAMED_PIPE: /* echo 'quit()' | kresd ... */
break;
default:
......
......@@ -135,7 +135,7 @@ static uv_handle_t *ioreq_spawn(struct worker_ctx *worker,
bool precond = (socktype == SOCK_DGRAM || socktype == SOCK_STREAM)
&& (family == AF_INET || family == AF_INET6);
if (!precond) {
/* assert(false); see #245 */
assert(false);
kr_log_verbose("[work] ioreq_spawn: pre-condition failed\n");
return NULL;
}
......
......@@ -98,19 +98,22 @@
#define queue_push_head(q, data) \
*((__typeof__((q).pdata_t)) queue_push_head_impl(&(q).queue)) = data
/** @brief Remove the element at the head. */
/** @brief Remove the element at the head.
* The queue must not be empty. */
#define queue_pop(q) \
queue_pop_impl(&(q).queue)
/** @brief Return a "reference" to the element at the head (it's an L-value) . */
/** @brief Return a "reference" to the element at the head (it's an L-value).
* The queue must not be empty. */
#define queue_head(q) \
( *(__typeof__((q).pdata_t)) queue_head_impl(&(q).queue) )
/** @brief Return a "reference" to the element at the tail (it's an L-value) . */
/** @brief Return a "reference" to the element at the tail (it's an L-value).
* The queue must not be empty. */
#define queue_tail(q) \
( *(__typeof__((q).pdata_t)) queue_tail_impl(&(q).queue) )
/** @brief Return the number of elements in the queue. */
/** @brief Return the number of elements in the queue (very efficient). */
#define queue_len(q) \
((const size_t)(q).queue.len)
......
......@@ -281,9 +281,14 @@ uint16_t kr_inaddr_port(const struct sockaddr *addr);
/** Set port. */
KR_EXPORT
void kr_inaddr_set_port(struct sockaddr *addr, uint16_t port);
/** String representation for given address as "<addr>#<port>" */
/** Write string representation for given address as "<addr>#<port>".
* \param[in] addr the raw address
* \param[out] buf the buffer for output string
* \param[in,out] buflen the available(in) and utilized(out) length, including \0 */
KR_EXPORT
int kr_inaddr_str(const struct sockaddr *addr, char *buf, size_t *buflen);
/** Return address type for string. */
KR_EXPORT KR_PURE
int kr_straddr_family(const char *addr);
......
......@@ -154,8 +154,12 @@ Policy examples
end)
-- Enforce local RPZ
policy.add(policy.rpz(policy.DENY, 'blacklist.rpz'))
-- Forward all queries below 'company.se' to given resolver
-- Forward all queries below 'company.se' to given resolver;
-- beware: typically this won't work due to DNSSEC - see "Replacing part..." below
policy.add(policy.suffix(policy.FORWARD('192.168.1.1'), {todname('company.se')}))
-- Forward reverse queries about the 192.168.1.1/24 space to .1 port 5353
-- and do it directly without attempts to validate DNSSEC etc.
policy.add(policy.suffix(policy.STUB('192.168.1.1@5353'), {todname('1.168.192.in-addr.arpa')}))
-- Forward all queries matching pattern
policy.add(policy.pattern(policy.FORWARD('2001:DB8::1'), '\4bad[0-9]\2cz'))
-- Forward all queries (to public resolvers https://www.nic.cz/odvr)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment