Commit 6c9f7cb6 authored by Jan Kadlec's avatar Jan Kadlec

Merge branch 'master' into netriplex-patches

Conflicts:
	src/knot/main.c
parents 3b5b0f64 38d1bae6
......@@ -28,10 +28,6 @@ src/common/base64.c
src/common/base64.h
src/common/binsearch.h
src/common/crc.h
src/common/dSFMT-params.h
src/common/dSFMT-params521.h
src/common/dSFMT.c
src/common/dSFMT.h
src/common/descriptor.c
src/common/descriptor.h
src/common/errcode.c
......@@ -69,8 +65,6 @@ src/common/mempool.c
src/common/mempool.h
src/common/print.c
src/common/print.h
src/common/prng.c
src/common/prng.h
src/common/ref.c
src/common/ref.h
src/common/slab/alloc-common.h
......@@ -148,6 +142,7 @@ src/libknot/dnssec/nsec-bitmap.h
src/libknot/dnssec/nsec3.c
src/libknot/dnssec/nsec3.h
src/libknot/dnssec/policy.h
src/libknot/dnssec/random.h
src/libknot/dnssec/rrset-sign.c
src/libknot/dnssec/rrset-sign.h
src/libknot/dnssec/sig0.c
......
......@@ -11,6 +11,7 @@ Knot DNS has several dependencies:
Optional packages:
* libcap-ng >= 0.6.4 (for POSIX 1003.1e capabilites(7))
* libidn (for IDNA2003 support in Knot utilities)
Dependencies for building documentation:
* texinfo
......
......@@ -87,22 +87,19 @@ AM_CONDITIONAL([T0_PARSER], test "$enable_fastparser" = "no")
# Debug modules
AC_ARG_ENABLE([debug],
AS_HELP_STRING([--enable-debug=server,zones,xfr,packet,dname,rr,ns,hash,compiler,stash],
AS_HELP_STRING([--enable-debug=server,zones,xfr,packet,rr,ns,loader,dnssec],
[compile selected debug modules [default=none]]),
[
echo ${enableval}|tr "," "\n"|while read val; do
case "${val}" in
server) AC_DEFINE([KNOTD_SERVER_DEBUG], [1], [Server debug.]) ;;
zones) AC_DEFINE([KNOT_ZONES_DEBUG], [1], [Zones debug.]) ;;
xfr) AC_DEFINE([KNOT_XFR_DEBUG], [1], [XFR debug.]) ;;
packet) AC_DEFINE([KNOT_PACKET_DEBUG], [1], [Packet debug.]) ;;
dname) AC_DEFINE([KNOT_DNAME_DEBUG], [1], [Domain names debug.]) ;;
rr) AC_DEFINE([KNOT_RR_DEBUG], [1], [RR debug.]) ;;
ns) AC_DEFINE([KNOT_NS_DEBUG], [1], [Nameserver debug.]) ;;
hash) AC_DEFINE([KNOT_HASH_DEBUG], [1], [Hashtable debug.]) ;;
compiler) AC_DEFINE([KNOT_COMPILER_DEBUG], [1], [Zone compiler debug.]) ;;
stash) AC_DEFINE([KNOT_STASH_DEBUG], [1], [Hash table stash debug.]) ;;
dnssec) AC_DEFINE([KNOT_DNSSEC_DEBUG], [1], [DNSSEC debug.]) ;;
server) AC_DEFINE([KNOTD_SERVER_DEBUG], [1], [Server debug.]) ;;
zones) AC_DEFINE([KNOT_ZONES_DEBUG], [1], [Zones debug.]) ;;
xfr) AC_DEFINE([KNOT_XFR_DEBUG], [1], [XFR debug.]) ;;
packet) AC_DEFINE([KNOT_PACKET_DEBUG], [1], [Packet debug.]) ;;
rr) AC_DEFINE([KNOT_RR_DEBUG], [1], [RR debug.]) ;;
ns) AC_DEFINE([KNOT_NS_DEBUG], [1], [Nameserver debug.]) ;;
loader) AC_DEFINE([KNOT_LOADER_DEBUG], [1], [Zone loading debug.]) ;;
dnssec) AC_DEFINE([KNOT_DNSSEC_DEBUG], [1], [DNSSEC debug.]) ;;
esac
done
], [])
......@@ -318,9 +315,6 @@ AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_TYPE_SSIZE_T
# Set PRNG parameters
AC_DEFINE([DSFMT_MEXP], [521], [DSFMT parameters])
# Checks for library functions.
AC_CHECK_FUNCS([clock_gettime gettimeofday fgetln getline madvise poll posix_memalign pselect pthread_setaffinity_np regcomp select setgroups initgroups])
......
......@@ -13,7 +13,7 @@ In this chapter we provide suggested configurations and explain the meaning of i
* Enabling zone semantic checks::
* Creating IXFR differences from zone file changes::
* Using Response Rate Limiting::
* Automatic DNSSEC signing (experimental)::
* Automatic DNSSEC signing::
@end menu
@node Minimal configuration
......@@ -192,24 +192,7 @@ message to its primary master specified by @code{xfr-in} directive. When it rece
the response from primary master, it forwards it back to the originator. This finishes the transaction.
However, if the zone is configured as master (i.e. not having any @code{xfr-in} directive), it accepts
such an UPDATE and processes it. As of 1.2, there are a few limitations with DNSSEC signed zones described below. Other than that, UPDATE of unsigned zones works as expected without any limitations.
@itemize @bullet
@item
Knot DNS doesn't automatically sign incoming RR if the zone is signed.
As a workaround, it accepts DNSSEC-related records. However, it may prove challenging
to create such an UPDATE that it correctly adds/replaces signed RRs, so this
feature should be treated as experimental until correct signing is implemented.
@item
As for the reason in a previous point, removing RRSIG with no specified rdata makes it impossible
to determine whether the user meant a RRSIG for an NSEC3 record or other one.
Since they are stored separately, it is advisable to always specify RRSIG along with at least the types it covers.
@item
Deleting a last RR also removes its RRSIG.
@end itemize
such an UPDATE and processes it.
@node Remote control interface
@section Remote control interface
......@@ -246,7 +229,7 @@ which checks are enabled by default and which are optional.
@node Creating IXFR differences from zone file changes
@section Creating IXFR differences from zone file changes
If Knot is being run as a master server, experimental feature @code{ixfr-from-differences}
If Knot is being run as a master server, feature @code{ixfr-from-differences}
can be enabled to create IXFR differences from changes made to the master zone file.
See @ref{Controlling running daemon} for more information. For more about @code{zones} statement see @ref{zones}.
......@@ -276,14 +259,14 @@ system @{
@}
@end example
@node Automatic DNSSEC signing (experimental)
@section Automatic DNSSEC signing (experimental)
@node Automatic DNSSEC signing
@section Automatic DNSSEC signing
Knot DNS 1.4 is the first release to include automatic DNSSEC signing feature.
Automatic DNSSEC signing is currently highly experimental and there is a lot of
issues we are working on and limitations we will try to eliminate. By all
means, anything in the current implementation can change including
configuration options. We have no intention to maintain backward compatibility.
Automatic DNSSEC signing is currently a technical preview and there are some
limitations we will try to eliminate. The concept of key management and
configuration is likely to change in the future without maintaining backward
compatibility.
@subsection Example configuration
......
......@@ -29,8 +29,7 @@ Knot DNS supports the following DNS features:
@itemize
@item TCP/UDP protocols
@item AXFR - master, slave
@item IXFR - master (primary master experimental), slave
@item AXFR, IXFR - master, slave
@item TSIG
@item ENDS0
@item DNSSEC, including NSEC3
......
......@@ -68,6 +68,7 @@ This manual is for Knot DNS (version @value{VERSION}, @value{UPDATED}).
* Troubleshooting::
* Statement Index::
* Knot DNS Configuration Reference::
* Migration from other DNS servers::
@detailmenu
--- The Detailed Node Listing ---
......@@ -245,5 +246,6 @@ Statement Definition and Usage
@c appendixes
@include reference.texi
@include migration.texi
@bye
@node Migration for other DNS servers, , Knot DNS Configuration Reference, Top
@appendix Migration for other DNS servers
@node Migration from other DNS servers, , Knot DNS Configuration Reference, Top
@appendix Migration from other DNS servers
@menu
* Knot DNS for BIND users::
* Knot DNS for NSD users::
* Knot DNS for PowerDNS users::
* Knot DNS for djbdns users::
@c * Knot DNS for NSD users::
@c * Knot DNS for PowerDNS users::
@c * Knot DNS for djbdns users::
@end menu
@node Knot DNS for BIND users
@appendixsec Knot DNS for BIND users
[TODO]
@subsection Automatic DNSSEC signing
Migrating automatically signed zones from Bind to Knot DNS is very easy due to
the fact that Knot DNS is able to use DNSSEC keys generated by Bind.
@enumerate
@item
To obtain current content of the zone which is being migrated, request Bind
to flush the zone into the zone file: @code{rndc flush example.com}
Note: If dynamic updates (DDNS) are enabled for the given zone, you might need to
freeze the zone before flushing it. That can be done similarly:
@code{rndc freeze example.com}
@item
Copy the fresh zone file into the zones storage directory of Knot DNS. It's
default location is @code{/var/lib/knot}.
@item
We recommend to store DNSSEC keys for each zone in a separate directory. For
this purpose, create a directory @code{example.com.keys} in zones storage
directory. Then copy all DNSSEC keys (@code{*.key} and @code{*.private}) from
Bind key directory (configured as @code{key-directory}) into the newly
created one.
@item
Add the zone into the Knot DNS configuration file. Zone configuration should
contain at least specification of the zone file (option @code{file}), key
directory (option @code{dnssec-keydir}), and enable automatic DNSSEC signing
(option @code{dnssec-enable}).
You can follow this example:
@example
zones @{
storage "/var/lib/knot";
example.com @{
dnssec-enable on;
dnssec-keydir "example.com.keys";
file "example.com.db";
@}
@}
@end example
@item
Start Knot DNS and check the log files to make sure that everything went right.
@end enumerate
@ignore
@node Knot DNS for NSD users
@appendixsec Knot DNS for NSD users
......@@ -27,3 +77,5 @@
@appendixsec Knot DNS for djbdns users
[TODO]
@end ignore
@node Knot DNS Configuration Reference, , Statement Index, Top
@node Knot DNS Configuration Reference, Migration from other DNS servers, Statement Index, Top
@appendix Knot DNS Configuration Reference
This reference describes every configuration option in Knot DNS server.
......@@ -720,6 +720,7 @@ The @code{zones} statement contains definition of zones served by Knot DNS.
[ @code{dnssec-keydir} @code{"}@kbd{string}@code{"}@code{;} ]
[ @code{dnssec-enable} ( @code{on} | @code{off} )@code{;} ]
[ @code{signature-lifetime} ( @kbd{integer} | @kbd{integer}(@code{s} | @code{m} | @code{h} | @code{d})@code{;} ) ]
[ @code{serial-policy} ( increment | unixtime ); ]
@end example
@node zones Statement Definition and Grammar
......@@ -744,6 +745,7 @@ The @code{zones} statement contains definition of zones served by Knot DNS.
* dnssec-keydir::
* dnssec-enable::
* signature-lifetime::
* serial-policy::
@end menu
@node zone_id
......@@ -831,7 +833,7 @@ Most checks are disabled by default.
@subsubsection ixfr-from-differences
@vindex ixfr-from-differences
EXPERIMENTAL: option @code{ixfr-from-differences} is only relevant if you are running Knot DNS as a master for this zone.
Option @code{ixfr-from-differences} is only relevant if you are running Knot DNS as a master for this zone.
By turning the feature on you tell Knot to create differences from changes you made to a zone file upon server reload.
See @ref{Controlling running daemon} for more information.
......@@ -862,7 +864,9 @@ are 1 to INT_MAX and default value is 5.
@subsubsection zonefile-sync
@vindex zonefile-sync
@code{zonefile-sync} is only relevant in a slave server scenario and only after receiving IXFR. It is a time in seconds after which current zone in memory will be synced to its file on a disk (as set in @ref{file}). Knot DNS will serve the latest zone even after restart, but zone file on a disk will only be synced after @code{zonefile-sync} time has expired. Possible values are 1 to INT_MAX, optionally suffixed by unit size (s/m/h/d) - @emph{1s} is one second, @emph{1m} one minute, @emph{1h} one hour and @emph{1d} one day with default value set to @emph{1h}.
@code{zonefile-sync} specifies a time in seconds after which current zone in memory will be synced to zone file on the disk (as set in @ref{file}). Knot DNS will serve the latest zone even after restart, but zone file on a disk will only be synced after @code{zonefile-sync} time has expired (or synced manually via @code{knotc flush} - see @ref{Running Knot DNS}). This is applicable when the zone is updated via IXFR, DDNS or automatic DNSSEC signing. Possible values are 0 to INT_MAX, optionally suffixed by unit size (s/m/h/d) - @emph{1s} is one second, @emph{1m} one minute, @emph{1h} one hour and @emph{1d} one day with default value set to @emph{0s}.
@b{Important note:} If you are serving large zones with frequent updates where the immediate sync to zone file is not desirable, set this value in the configuration file to other value.
@node ixfr-fslimit
@subsubsection ixfr-fslimit
......@@ -882,7 +886,7 @@ Default value: not set
@subsubsection dnssec-enable
@vindex dnssec-enable
EXPERIMENTAL: Enable automatic DNSSEC signing for the zone.
PREVIEW: Enable automatic DNSSEC signing for the zone.
Default value (in @code{zones} section): off
......@@ -904,6 +908,26 @@ hour. For information about zone expiration date, invoke the
Default value: @kbd{30d} (@kbd{2592000})
@node serial-policy
@subsubsection serial-policy
@vindex serial-policy
Specifies how the zone serial is updated after DDNS (dynamic update) and
automatic DNSSEC signing. If the serial is changed by the dynamic update, no
change is made.
increment - After update or signing, the serial is automatically incremented
(according to serial number arithmetic).
unixtime - After update or signing, serial is set to the current unix time.
@strong{Warning:} If your serial was in other than unix time format, be careful with
transition to unix time. It may happen that the new serial will be 'lower' than
the old one. If this is the case, the transition should be done by hand (consult:
http://www.zytrax.com/books/dns/ch9/serial.html).
Default value: increment
@node zones Example
@subsection zones Example
......@@ -918,23 +942,25 @@ zones @{
disable-any off;
notify-timeout 60;
notify-retries 5;
zonefile-sync 1h;
zonefile-sync 0;
ixfr-fslimit 1G;
dnssec-enable on;
dnssec-keydir "keys";
signature-lifetime 60d;
serial-policy increment;
example.com @{
storage "samples";
file "example.com.zone";
ixfr-from-differences off; #experimental
ixfr-from-differences off;
disable-any off;
semantic-checks on;
notify-timeout 60;
notify-retries 5;
zonefile-sync 1h;
zonefile-sync 0;
dnssec-keydir "keys";
dnssec-enable off;
signature-lifetime 30d;
serial-policy increment;
xfr-in server0;
xfr-out server0, server1;
notify-in server0;
......
......@@ -155,9 +155,7 @@ $ knotc -c master.conf reload # reconfigure and load updated zones
If you want @emph{IXFR-out} differences created from changes you make to a zone file, enable @ref{ixfr-from-differences}
in @code{zones} statement, then reload your server as seen above.
If @emph{SOA}'s @emph{serial} is not changed no differences will be created. Please note
that this feature is in @emph{experimental} stage and should be used with care.
If you encounter a bug using this feature, please send it to Knot developers (@pxref{Submitting a bugreport}).
If @emph{SOA}'s @emph{serial} is not changed no differences will be created.
If you want to force refresh the slave zones, you can do this with the @code{knotc refresh} action.
@example
......
......@@ -105,12 +105,11 @@ listed, separated by commas:
timers, high-level journal management.
@item @code{xfr} - AXFR, IXFR and NOTIFY handling.
@item @code{packet} - Packet parsing and response creation.
@item @code{dname} - Parsing, comparing and other operations on domain names.
@item @code{rr} - Details of processed resource records.
@item @code{ns} - Query processing, high-level handling of all requests
(transfers, NOTIFY, normal queries).
@item @code{hash} - Details of hash table (the main data structure) operation.
@item @code{compiler} - Zone file compilation.
@item @code{loader} - Zone loading and semantic checks.
@item @code{dnssec} - DNSSEC operations.
@end itemize
@item
......
......@@ -24,8 +24,8 @@ Is a domain name that is to be looked up.
.TP
.I server
Is a domain name or an IPv4 or IPv6 address of the nameserver to send a query to.
The address can be specified using [address]:port notation. If no server is specified,
the servers from \fB/etc/resolv.conf\fR are used.
An additional port can be specified using address:port ([address]:port for IPv6 address)
or address#port notation. If no server is specified, the servers from \fB/etc/resolv.conf\fR are used.
.TP
If no arguments are provided, \fBkdig\fR sends \fINS\fR query for the root zone.
.SH OPTIONS
......@@ -164,7 +164,7 @@ Use EDNS version (default is 0).
.TP
.BR +noidn
Disable IDN transformation to ASCII and vice versa.
IDN support depends on libidn availability during project building!
IDNA2003 support depends on libidn availability during project building!
.TP
.BI +time= T
Set wait for reply interval in seconds (default is 5 seconds).
......@@ -179,26 +179,22 @@ Set EDNS buffer size in bytes (default is 512 bytes).
Options \fB\-k\fR and \fB\-y\fR cannot be used mutually.
.SS Missing features with regard to ISC dig
Options \fB\-f\fR and \fB\-m\fR and query options:
.br
.BR
.BR +split=\fIW\fR ,\ +tries=\fIT\fR ,\ +ndots=\fID\fR ,
.br
.BR
.BR +domain=\fIsomename\fR , +trusted\-key=\fI####\fR ,
.br
.BR
.BR + [ no ] vc ,\ + [ no ] search ,\ + [ no ] showsearch ,
.br
.BR
.BR + [ no ] defname ,\ + [ no ] aaonly ,\ + [ no ] cmd ,
.br
.BR
.BR + [ no ] identify ,\ + [ no ] comments ,\ + [ no ] rrcomments ,
.br
.BR
.BR + [ no ] onesoa ,\ + [ no ] besteffort ,\ + [ no ] sigchase ,
.br
.BR
.BR + [ no ] topdown ,\ + [ no ] nssearch ,\ + [ no ] trace.
.TP
Per-user file configuration via ${HOME}/.digrc.
.SS Differences with regard to ISC dig
Optional port specification has a form of [address]:port instead of address#port.
.TP
Trailing information is formatted slightly different.
.SH EXAMPLES
.B Example 1. Get A record for example.com:
.TP
......@@ -208,7 +204,7 @@ Trailing information is formatted slightly different.
.TP
# kdig example.com \-t AXFR @192.0.2.1
.TP
.B Example 3. Send one A query for example.com from 192.0.2.1 and one reverse \
.B Example 3. Get A record for example.com from 192.0.2.1 and reverse \
lookup for address 2001:DB8::1 from 192.0.2.2. Both using TCP protocol:
.TP
# kdig +tcp example.com \-t A @192.0.2.1 \-x 2001:DB8::1 @192.0.2.2
......
......@@ -217,7 +217,7 @@ serves as an example of the configuration for knotc(8) and knotd(8).
# default: ${localstatedir}/lib/knot, configured with --with-storage
storage "/var/lib/knot";
# Build differences from zone file changes. EXPERIMENTAL feature.
# Build differences from zone file changes
# Possible values: on|off
# Default value: off
ixfr-from-differences off;
......@@ -256,7 +256,7 @@ serves as an example of the configuration for knotc(8) and knotd(8).
# f.e. 1k, 100M, 2G
ixfr-fslimit 1G;
# Enable DNSSEC online signing (EXPERIMENTAL)
# Enable DNSSEC online signing (technical preview)
# Possible values: on | off;
# Default value: off
dnssec-enable off;
......@@ -274,6 +274,11 @@ serves as an example of the configuration for knotc(8) and knotd(8).
# signatures expires in 7200 seconds or less and it was chosen as a
# reasonable value with regard to signing overhead.
signature-lifetime 30d;
# Serial policy after DDNS and automatic DNSSEC signing.
# Possible values: increment | unixtime
# Default value: increment
serial-policy increment;
# Zone entry
#
......@@ -331,7 +336,7 @@ serves as an example of the configuration for knotc(8) and knotd(8).
# Default value: inherited from zones section
dnssec-keydir "keys";
# Enable DNSSEC online signing (EXPERIMENTAL)
# Enable DNSSEC online signing (technical preview)
# Possible values: on | off;
# Default value: inherited from zones section
dnssec-enable off;
......@@ -346,6 +351,11 @@ serves as an example of the configuration for knotc(8) and knotd(8).
# reasonable value with regard to signing overhead.
signature-lifetime 30d;
# Serial policy after DDNS and automatic DNSSEC signing.
# Possible values: increment | unixtime
# Default value: increment
serial-policy increment;
# XFR master server
xfr-in server0;
......
......@@ -238,9 +238,11 @@ zones {
# Timeout for syncing changes from zone database to zonefile
# Possible values: <1..INT_MAX> (seconds)
# Default value: 1h (1 hour)
# Default value: 0s - immediate sync
# It is also possible to suffix with unit size [s/m/h/d]
# f.e. 1s = 1 day, 1m = 1 minute, 1h = 1 hour, 1d = 1 day
# Warning: If serving a large zone, set this to a larger value
# to keep disk load down.
zonefile-sync 1h;
# File size limit for IXFR journal
......@@ -269,6 +271,11 @@ zones {
# reasonable value with regard to signing overhead.
# signature-lifetime 30d;
# Serial policy after DDNS and automatic DNSSEC signing.
# Possible values: increment | unixtime
# Default value: increment
# serial-policy increment;
# Zone entry
#
# Format: <zone-name> { file "<path-to-zone-file>"; }
......@@ -340,6 +347,11 @@ zones {
# reasonable value with regard to signing overhead.
# signature-lifetime 30d;
# Serial policy after DDNS and automatic DNSSEC signing.
# Possible values: increment | unixtime
# Default value: increment
# serial-policy increment;
# XFR master server
xfr-in server0;
......
......@@ -164,6 +164,7 @@ libknot_la_SOURCES = \
libknot/dnssec/nsec3.c \
libknot/dnssec/nsec3.h \
libknot/dnssec/policy.h \
libknot/dnssec/random.h \
libknot/dnssec/rrset-sign.c \
libknot/dnssec/rrset-sign.h \
libknot/dnssec/sig0.c \
......@@ -216,12 +217,6 @@ libknots_la_SOURCES = \
common/errors.c \
common/errcode.h \
common/errcode.c \
common/dSFMT.h \
common/dSFMT-params.h \
common/dSFMT-params521.h \
common/dSFMT.c \
common/prng.h \
common/prng.c \
common/fdset.h \
common/fdset.c \
common/getline.h \
......
#ifndef DSFMT_PARAMS_H
#define DSFMT_PARAMS_H
#include "common/dSFMT.h"
/*----------------------
the parameters of DSFMT
following definitions are in dSFMT-paramsXXXX.h file.
----------------------*/
/** the pick up position of the array.
#define DSFMT_POS1 122
*/
/** the parameter of shift left as four 32-bit registers.
#define DSFMT_SL1 18
*/
/** the parameter of shift right as four 32-bit registers.
#define DSFMT_SR1 12
*/
/** A bitmask, used in the recursion. These parameters are introduced
* to break symmetry of SIMD.
#define DSFMT_MSK1 (uint64_t)0xdfffffefULL
#define DSFMT_MSK2 (uint64_t)0xddfecb7fULL
*/
/** These definitions are part of a 128-bit period certification vector.
#define DSFMT_PCV1 UINT64_C(0x00000001)
#define DSFMT_PCV2 UINT64_C(0x00000000)
*/
#define DSFMT_LOW_MASK UINT64_C(0x000FFFFFFFFFFFFF)
#define DSFMT_HIGH_CONST UINT64_C(0x3FF0000000000000)
#define DSFMT_SR 12
/* for sse2 */
#if defined(HAVE_SSE2)
#define SSE2_SHUFF 0x1b
#elif defined(HAVE_ALTIVEC)
#if defined(__APPLE__) /* For OSX */
#define ALTI_SR (vector unsigned char)(4)
#define ALTI_SR_PERM \
(vector unsigned char)(15,0,1,2,3,4,5,6,15,8,9,10,11,12,13,14)
#define ALTI_SR_MSK \
(vector unsigned int)(0x000fffffU,0xffffffffU,0x000fffffU,0xffffffffU)
#define ALTI_PERM \
(vector unsigned char)(12,13,14,15,8,9,10,11,4,5,6,7,0,1,2,3)
#else
#define ALTI_SR {4}
#define ALTI_SR_PERM {15,0,1,2,3,4,5,6,15,8,9,10,11,12,13,14}
#define ALTI_SR_MSK {0x000fffffU,0xffffffffU,0x000fffffU,0xffffffffU}
#define ALTI_PERM {12,13,14,15,8,9,10,11,4,5,6,7,0,1,2,3}
#endif
#endif
#if DSFMT_MEXP == 521
#include "common/dSFMT-params521.h"
#elif DSFMT_MEXP == 1279
#include "dSFMT-params1279.h"
#elif DSFMT_MEXP == 2203
#include "dSFMT-params2203.h"
#elif DSFMT_MEXP == 4253
#include "dSFMT-params4253.h"
#elif DSFMT_MEXP == 11213
#include "dSFMT-params11213.h"
#elif DSFMT_MEXP == 19937
#include "dSFMT-params19937.h"
#elif DSFMT_MEXP == 44497
#include "dSFMT-params44497.h"
#elif DSFMT_MEXP == 86243
#include "dSFMT-params86243.h"
#elif DSFMT_MEXP == 132049
#include "dSFMT-params132049.h"
#elif DSFMT_MEXP == 216091
#include "dSFMT-params216091.h"
#else
#ifdef __GNUC__
#error "DSFMT_MEXP is not valid."
#undef DSFMT_MEXP
#else
#undef DSFMT_MEXP
#endif
#endif
#endif /* DSFMT_PARAMS_H */
#ifndef DSFMT_PARAMS521_H
#define DSFMT_PARAMS521_H
/* #define DSFMT_N 4 */
/* #define DSFMT_MAXDEGREE 544 */
#define DSFMT_POS1 3
#define DSFMT_SL1 25
#define DSFMT_MSK1 UINT64_C(0x000fbfefff77efff)
#define DSFMT_MSK2 UINT64_C(0x000ffeebfbdfbfdf)
#define DSFMT_MSK32_1 0x000fbfefU
#define DSFMT_MSK32_2 0xff77efffU
#define DSFMT_MSK32_3 0x000ffeebU
#define DSFMT_MSK32_4 0xfbdfbfdfU
#define DSFMT_FIX1 UINT64_C(0xcfb393d661638469)
#define DSFMT_FIX2 UINT64_C(0xc166867883ae2adb)
#define DSFMT_PCV1 UINT64_C(0xccaa588000000000)
#define DSFMT_PCV2 UINT64_C(0x0000000000000001)
#define DSFMT_IDSTR "dSFMT2-521:3-25:fbfefff77efff-ffeebfbdfbfdf"
/* PARAMETERS FOR ALTIVEC */
#if defined(__APPLE__) /* For OSX */
#define ALTI_SL1 (vector unsigned int)(1, 1, 1, 1)
#define ALTI_SL1_PERM \
(vector unsigned char)(3,4,5,6,7,29,29,29,11,12,13,14,15,0,1,2)
#define ALTI_SL1_MSK \
(vector unsigned int)(0xffffffffU,0xfe000000U,0xffffffffU,0xfe000000U)
#define ALTI_MSK (vector unsigned int)(DSFMT_MSK32_1, \
DSFMT_MSK32_2, DSFMT_MSK32_3, DSFMT_MSK32_4)
#else /* For OTHER OSs(Linux?) */
#define ALTI_SL1 {1, 1, 1, 1}
#define ALTI_SL1_PERM \
{3,4,5,6,7,29,29,29,11,12,13,14,15,0,1,2}
#define ALTI_SL1_MSK \
{0xffffffffU,0xfe000000U,0xffffffffU,0xfe000000U}
#define ALTI_MSK \
{DSFMT_MSK32_1, DSFMT_MSK32_2, DSFMT_MSK32_3, DSFMT_MSK32_4}
#endif
#endif /* DSFMT_PARAMS521_H */
This diff is collapsed.
This diff is collapsed.
......@@ -321,8 +321,6 @@ int knot_rrtype_is_metatype(const uint16_t type)
int knot_rrtype_is_ddns_forbidden(const uint16_t type)
{
return type == KNOT_RRTYPE_RRSIG ||
type == KNOT_RRTYPE_DNSKEY ||
type == KNOT_RRTYPE_NSEC3PARAM ||
type == KNOT_RRTYPE_NSEC ||
type == KNOT_RRTYPE_NSEC3;
}
......@@ -195,18 +195,11 @@ event_t* evsched_next(evsched_t *s)
/* Immediately return. */
if (timercmp_ge(&dt, &next_ev->tv)) {
s->cur = next_ev;
s->last_ev = next_ev;
s->running = true;
heap_delmin(&s->heap);
pthread_mutex_unlock(&s->mx);
pthread_mutex_lock(&s->rl);
/* Check back for late cancellation. */
if (s->cur == NULL) {
pthread_mutex_unlock(&s->rl);
pthread_mutex_lock(&s->mx);
continue;
}
return next_ev;
}
......@@ -225,7 +218,6 @@ event_t* evsched_next(evsched_t *s)
/* Unlock calendar, this shouldn't happen. */
pthread_mutex_unlock(&s->mx);
return NULL;
}
int evsched_event_finished(evsched_t *s)
......@@ -234,15 +226,17 @@ int evsched_event_finished(evsched_t *s)
return KNOT_EINVAL;
}
/* Mark as finished. */
if (s->cur) {
s->cur = NULL;