Commit 1f848a12 authored by Vladimír Čunát's avatar Vladimír Čunát

Merge branch 'master' into cache-NSEC3

parents 4a0855bd febd08ce
......@@ -50,7 +50,6 @@ _obj
/daemon/kresd
/daemon/lua/*.inc
/daemon/lua/trust_anchors.lua
/daemon/lua/zonefile.lua
/tests/test_array
/tests/test_lru
/tests/test_map
......
......@@ -19,21 +19,21 @@ ip = 127.0.0.1
port = 5353
transport = tcp
graph_color = #00a2e2
restart_script = /builds/knot/knot-resolver/ci/respdiff/restart-kresd.sh
restart_script = ./ci/respdiff/restart-kresd.sh
[bind]
ip = 127.0.0.1
port = 53533
transport = udp
graph_color = #e2a000
restart_script = /builds/knot/knot-resolver/ci/respdiff/restart-bind.sh
restart_script = ./ci/respdiff/restart-bind.sh
[unbound]
ip = 127.0.0.1
port = 53535
transport = udp
graph_color = #218669
restart_script = /builds/knot/knot-resolver/ci/respdiff/restart-unbound.sh
restart_script = ./ci/respdiff/restart-unbound.sh
[diff]
# symbolic name of server under test
......
......@@ -19,21 +19,21 @@ ip = 127.0.0.1
port = 8853
transport = tls
graph_color = #00a2e2
restart_script = /builds/knot/knot-resolver/ci/respdiff/restart-kresd.sh
restart_script = ./ci/respdiff/restart-kresd.sh
[bind]
ip = 127.0.0.1
port = 53533
transport = udp
graph_color = #e2a000
restart_script = /builds/knot/knot-resolver/ci/respdiff/restart-bind.sh
restart_script = ./ci/respdiff/restart-bind.sh
[unbound]
ip = 127.0.0.1
port = 53535
transport = udp
graph_color = #218669
restart_script = /builds/knot/knot-resolver/ci/respdiff/restart-unbound.sh
restart_script = ./ci/respdiff/restart-unbound.sh
[diff]
# symbolic name of server under test
......
......@@ -19,21 +19,21 @@ ip = 127.0.0.1
port = 5353
transport = udp
graph_color = #00a2e2
restart_script = /builds/knot/knot-resolver/ci/respdiff/restart-kresd.sh
restart_script = ./ci/respdiff/restart-kresd.sh
[bind]
ip = 127.0.0.1
port = 53533
transport = udp
graph_color = #e2a000
restart_script = /builds/knot/knot-resolver/ci/respdiff/restart-bind.sh
restart_script = ./ci/respdiff/restart-bind.sh
[unbound]
ip = 127.0.0.1
port = 53535
transport = udp
graph_color = #218669
restart_script = /builds/knot/knot-resolver/ci/respdiff/restart-unbound.sh
restart_script = ./ci/respdiff/restart-unbound.sh
[diff]
# symbolic name of server under test
......
......@@ -63,17 +63,11 @@ ifneq ($(SED),)
$(INSTALL) -m 0644 doc/kresd.8 $(DESTDIR)$(MANDIR)/man8/
endif
daemon-clean: kresd-clean
@$(RM) daemon/lua/*.inc daemon/lua/trust_anchors.lua \
daemon/lua/zonefile.lua
@$(RM) daemon/lua/*.inc daemon/lua/trust_anchors.lua
daemon/lua/trust_anchors.lua: daemon/lua/trust_anchors.lua.in
@$(call quiet,SED,$<) -e "s|@ETCDIR@|$(ETCDIR)|g;s|@KEYFILE_DEFAULT@|$(KEYFILE_DEFAULT)|g" $< > $@
LIBZSCANNER_COMMENTS := \
$(shell pkg-config libzscanner --atleast-version=2.4.2 && echo true || echo false)
daemon/lua/zonefile.lua: daemon/lua/zonefile.lua.in
@$(call quiet,SED,$<) -e "s|@LIBZSCANNER_COMMENTS@|$(LIBZSCANNER_COMMENTS)|g" $< > $@
daemon/lua/kres-gen.lua: | $(libkres)
@echo "WARNING: regenerating $@"
@# the sed saves some space(s)
......
......@@ -33,6 +33,15 @@ typedef struct {
uint16_t pos;
uint16_t count;
} knot_pktsection_t;
struct knot_compr {
uint8_t *wire;
knot_rrinfo_t *rrinfo;
struct {
uint16_t pos;
uint8_t labels;
} suffix;
};
typedef struct knot_compr knot_compr_t;
struct knot_pkt {
uint8_t *wire;
size_t size;
......@@ -54,7 +63,7 @@ struct knot_pkt {
knot_rrinfo_t *rr_info;
knot_rrset_t *rr;
knot_mm_t mm;
char _stub[]; /* TMP: do NOT replace yet (changed in libknot-2.6.0) */
knot_compr_t compr;
};
typedef struct knot_pkt knot_pkt_t;
typedef struct {
......
......@@ -48,6 +48,8 @@ typedef void (*trace_callback_f)(struct kr_request *);
struct knot_rdataset
knot_rrset_t
knot_pktsection_t
struct knot_compr
knot_compr_t
struct knot_pkt
knot_pkt_t
# generics
......
......@@ -169,7 +169,6 @@ ffi.metatype( zs_scanner_t, {
return ffi.string(libzscanner.zs_strerror(zs.error.code))
end,
current_comment = function(zs)
if not @LIBZSCANNER_COMMENTS@ then return nil end -- support in libzscanner
if zs.buffer_length > 0 then
return ffi.string(zs.buffer, zs.buffer_length - 1)
else
......
......@@ -473,8 +473,8 @@ static void zi_zone_process(uv_timer_t* handle)
/* At the moment import of root zone only is supported.
* Check the name of the parsed zone.
* TODO - implement importing of arbitrary zone. */
char zone_name_str[KNOT_DNAME_MAXLEN];
knot_dname_to_str(zone_name_str, z_import->origin, sizeof(zone_name_str));
KR_DNAME_GET_STR(zone_name_str, z_import->origin);
if (strcmp(".", zone_name_str) != 0) {
kr_log_error("[zimport] unexpected zone name `%s` (root zone expected), fail\n",
zone_name_str);
......@@ -513,9 +513,9 @@ static void zi_zone_process(uv_timer_t* handle)
/* Import DNSKEY at first step. If any validation problems will appear,
* cancel import of whole zone. */
char qname_str[KNOT_DNAME_MAXLEN], type_str[16];
knot_dname_to_str(qname_str, rr->owner, sizeof(qname_str));
knot_rrtype_to_string(rr->type, type_str, sizeof(type_str));
KR_DNAME_GET_STR(qname_str, rr->owner);
KR_RRTYPE_GET_STR(type_str, rr->type);
VERBOSE_MSG(NULL, "importing: qname: '%s' type: '%s'\n",
qname_str, type_str);
......@@ -535,8 +535,8 @@ static void zi_zone_process(uv_timer_t* handle)
continue;
}
knot_dname_to_str(qname_str, rr->owner, sizeof(qname_str));
knot_rrtype_to_string(rr->type, type_str, sizeof(type_str));
KR_DNAME_GET_STR(qname_str, rr->owner);
KR_RRTYPE_GET_STR(type_str, rr->type);
VERBOSE_MSG(NULL, "importing: qname: '%s' type: '%s'\n",
qname_str, type_str);
int res = zi_rrset_import(z_import, rr);
......@@ -567,8 +567,8 @@ static void zi_zone_process(uv_timer_t* handle)
continue;
}
knot_dname_to_str(qname_str, rr->owner, sizeof(qname_str));
knot_rrtype_to_string(rr->type, type_str, sizeof(type_str));
KR_DNAME_GET_STR(qname_str, rr->owner);
KR_RRTYPE_GET_STR(type_str, rr->type);
VERBOSE_MSG(NULL, "importing: qname: '%s' type: '%s'\n",
qname_str, type_str);
res = zi_rrset_import(z_import, rr);
......@@ -769,8 +769,7 @@ int zi_zone_import(struct zone_import_ctx *z_import,
} else {
/* For now - fail.
* TODO - query DS and continue after answer had been obtained. */
char zone_name_str[KNOT_DNAME_MAXLEN];
knot_dname_to_str(zone_name_str, z_import->origin, sizeof(zone_name_str));
KR_DNAME_GET_STR(zone_name_str, z_import->origin);
kr_log_error("[zimport] no TA found for `%s`, fail\n", zone_name_str);
ret = 1;
}
......
......@@ -72,10 +72,12 @@ static inline int KR_COLD kr_error(int x) {
#define KR_DNS_TLS_PORT 853
#define KR_EDNS_VERSION 0
#define KR_EDNS_PAYLOAD 4096 /* Default UDP payload (max unfragmented UDP is 1452B) */
#define KR_DEFAULT_TLS_PADDING 468 /* Default EDNS(0) Padding is 468 */
#define KR_CACHE_DEFAULT_TTL_MIN (5) /* avoid bursts of queries */
#define KR_CACHE_DEFAULT_TTL_MAX (6 * 24 * 3600) /* 6 days, like the root NS TTL */
#define KR_DNAME_STR_MAXLEN (KNOT_DNAME_TXT_MAXLEN + 1)
#define KR_RRTYPE_STR_MAXLEN (16 + 1)
/*
* Address sanitizer hints.
*/
......
......@@ -257,41 +257,6 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx,
return vctx->result;
}
/* Fallbacks: implemented in newer libdnssec.
* Note: changing some from true to false is NOT enough to fully remove the support. */
#if KNOT_VERSION_HEX < ((2 << 16) | (6 << 8) | 0)
static bool dnssec_algorithm_key_support(dnssec_key_algorithm_t algo)
{
switch (algo) {
case DNSSEC_KEY_ALGORITHM_DSA_SHA1:
case DNSSEC_KEY_ALGORITHM_DSA_SHA1_NSEC3:
case DNSSEC_KEY_ALGORITHM_RSA_SHA1:
case DNSSEC_KEY_ALGORITHM_RSA_SHA1_NSEC3:
case DNSSEC_KEY_ALGORITHM_RSA_SHA256:
case DNSSEC_KEY_ALGORITHM_RSA_SHA512:
case DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256:
case DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384:
return true;
//case DNSSEC_KEY_ALGORITHM_ED25519:
//case DNSSEC_KEY_ALGORITHM_ED448:
default:
return false;
}
}
static bool dnssec_algorithm_digest_support(dnssec_key_digest_t algo)
{
switch (algo) {
case DNSSEC_KEY_DIGEST_SHA1:
case DNSSEC_KEY_DIGEST_SHA256:
case DNSSEC_KEY_DIGEST_SHA384:
return true;
default:
return false;
};
}
#endif
static bool kr_ds_algo_support(const knot_rrset_t *ta)
{
for (uint16_t i = 0; i < ta->rrs.rr_count; ++i) {
......
......@@ -160,12 +160,13 @@ static int update_nsaddr(const knot_rrset_t *rr, struct kr_query *query, int *gl
const knot_rdata_t *rdata = rr->rrs.data;
const void *addr = knot_rdata_data(rdata);
const int addr_len = knot_rdata_rdlen(rdata);
char name_str[KNOT_DNAME_MAXLEN];
char name_str[KR_DNAME_STR_MAXLEN];
char addr_str[INET6_ADDRSTRLEN];
WITH_VERBOSE(query) {
const int af = (addr_len == sizeof(struct in_addr)) ?
AF_INET : AF_INET6;
knot_dname_to_str(name_str, rr->owner, sizeof(name_str));
name_str[sizeof(name_str) - 1] = 0;
inet_ntop(af, addr, addr_str, sizeof(addr_str));
}
if (!(query->flags.ALLOW_LOCAL) &&
......@@ -878,9 +879,8 @@ int kr_make_query(struct kr_query *query, knot_pkt_t *pkt)
knot_wire_set_id(pkt->wire, query->id);
pkt->parsed = pkt->size;
WITH_VERBOSE(query) {
char name_str[KNOT_DNAME_MAXLEN], type_str[16];
knot_dname_to_str(name_str, query->sname, sizeof(name_str));
knot_rrtype_to_string(query->stype, type_str, sizeof(type_str));
KR_DNAME_GET_STR(name_str, query->sname);
KR_RRTYPE_GET_STR(type_str, query->stype);
QVERBOSE_MSG(query, "'%s' type '%s' id was assigned, parent id %u\n",
name_str, type_str, query->parent ? query->parent->id : 0);
}
......
......@@ -536,12 +536,7 @@ static int answer_padding(struct kr_request *request)
int32_t pad_bytes = -1;
if (padding == -1) { /* use the default padding policy from libknot */
#if KNOT_VERSION_HEX < ((2 << 16) | (4 << 8) | 3)
/* no knot_edns_default_padding_size available in libknot */
padding = KR_DEFAULT_TLS_PADDING;
#else
pad_bytes = knot_edns_default_padding_size(answer, opt_rr);
#endif
}
if (padding >= 2) {
int32_t max_pad_bytes = knot_edns_get_payload(opt_rr) - (answer->size + knot_rrset_size(opt_rr));
......@@ -1145,8 +1140,7 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
qry->flags.DNSSEC_WANT = true;
want_secured = true;
WITH_VERBOSE(qry) {
char qname_str[KNOT_DNAME_MAXLEN];
knot_dname_to_str(qname_str, wanted_name, sizeof(qname_str));
KR_DNAME_GET_STR(qname_str, wanted_name);
VERBOSE_MSG(qry, ">< TA: '%s'\n", qname_str);
}
}
......@@ -1224,8 +1218,7 @@ static int trust_chain_check(struct kr_request *request, struct kr_query *qry)
qry->zone_cut.trust_anchor = knot_rrset_copy(ta_rr, qry->zone_cut.pool);
WITH_VERBOSE(qry) {
char qname_str[KNOT_DNAME_MAXLEN];
knot_dname_to_str(qname_str, ta_rr->owner, sizeof(qname_str));
KR_DNAME_GET_STR(qname_str, ta_rr->owner);
VERBOSE_MSG(qry, ">< TA: '%s'\n", qname_str);
}
}
......@@ -1563,10 +1556,13 @@ int kr_resolve_checkout(struct kr_request *request, struct sockaddr *src,
}
WITH_VERBOSE(qry) {
char qname_str[KNOT_DNAME_MAXLEN], zonecut_str[KNOT_DNAME_MAXLEN], ns_str[INET6_ADDRSTRLEN], type_str[16];
knot_dname_to_str(qname_str, knot_pkt_qname(packet), sizeof(qname_str));
knot_dname_to_str(zonecut_str, qry->zone_cut.name, sizeof(zonecut_str));
knot_rrtype_to_string(knot_pkt_qtype(packet), type_str, sizeof(type_str));
char ns_str[INET6_ADDRSTRLEN];
KR_DNAME_GET_STR(qname_str, knot_pkt_qname(packet));
KR_DNAME_GET_STR(zonecut_str, qry->zone_cut.name);
KR_RRTYPE_GET_STR(type_str, knot_pkt_qtype(packet));
for (size_t i = 0; i < KR_NSREP_MAXADDR; ++i) {
struct sockaddr *addr = &qry->ns.addr[i].ip;
if (addr->sa_family == AF_UNSPEC) {
......
......@@ -230,9 +230,8 @@ struct kr_query *kr_rplan_push(struct kr_rplan *rplan, struct kr_query *parent,
qry->stype = type;
WITH_VERBOSE(qry) {
char name_str[KNOT_DNAME_MAXLEN], type_str[16];
knot_dname_to_str(name_str, name, sizeof(name_str));
knot_rrtype_to_string(type, type_str, sizeof(type_str));
KR_DNAME_GET_STR(name_str, name);
KR_RRTYPE_GET_STR(type_str, type);
VERBOSE_MSG(parent, "plan '%s' type '%s'\n", name_str, type_str);
}
return qry;
......
......@@ -882,9 +882,7 @@ char *kr_pkt_text(const knot_pkt_t *pkt)
static const char * snames[] = {
";; ANSWER SECTION", ";; AUTHORITY SECTION", ";; ADDITIONAL SECTION"
};
char rrtype[32];
char flags[32];
char qname[KNOT_DNAME_MAXLEN];
uint8_t pkt_rcode = knot_wire_get_rcode(pkt->wire);
uint8_t pkt_opcode = knot_wire_get_opcode(pkt->wire);
const char *rcode_str = "Unknown";
......@@ -918,8 +916,8 @@ char *kr_pkt_text(const knot_pkt_t *pkt)
}
if (qdcount == 1) {
knot_dname_to_str(qname, knot_pkt_qname(pkt), KNOT_DNAME_MAXLEN);
knot_rrtype_to_string(knot_pkt_qtype(pkt), rrtype, sizeof(rrtype));
KR_DNAME_GET_STR(qname, knot_pkt_qname(pkt));
KR_RRTYPE_GET_STR(rrtype, knot_pkt_qtype(pkt));
ptr = mp_printf_append(mp, ptr, ";; QUESTION SECTION\n%s\t\t%s\n", qname, rrtype);
} else if (qdcount > 1) {
ptr = mp_printf_append(mp, ptr, ";; Warning: unsupported QDCOUNT %hu\n", qdcount);
......
......@@ -82,6 +82,15 @@ bool kr_log_trace(const struct kr_query *query, const char *source, const char *
#define WITH_VERBOSE(query) if(__builtin_expect(kr_verbose_status || kr_log_trace_enabled(query), false))
#define kr_log_verbose if(VERBOSE_STATUS) kr_log_verbose
#define KR_DNAME_GET_STR(dname_str, dname) \
char dname_str[KR_DNAME_STR_MAXLEN]; \
knot_dname_to_str(dname_str, (dname), sizeof(dname_str)); \
dname_str[sizeof(dname_str) - 1] = 0;
#define KR_RRTYPE_GET_STR(rrtype_str, rrtype) \
char rrtype_str[KR_RRTYPE_STR_MAXLEN]; \
knot_rrtype_to_string((rrtype), rrtype_str, sizeof(rrtype_str)); \
rrtype_str[sizeof(rrtype_str) - 1] = 0;
/* C11 compatibility, but without any implementation so far. */
#ifndef static_assert
......
......@@ -258,11 +258,7 @@ int check_response(kr_layer_t *ctx, knot_pkt_t *pkt)
return KR_STATE_FAIL;
}
#if KNOT_VERSION_HEX >= ((2 << 16) | (4 << 8)) // just renamed function since 2.4.0
uint16_t rcode = knot_pkt_ext_rcode(pkt);
#else
uint16_t rcode = knot_pkt_get_ext_rcode(pkt);
#endif
if (rcode == KNOT_RCODE_BADCOOKIE) {
struct kr_query *next = NULL;
if (!(qry->flags.BADCOOKIE_AGAIN)) {
......
......@@ -512,11 +512,7 @@ static char* pack_hints(struct kr_zonecut *hints) {
JsonNode *root_node = json_mkobject();
trie_it_t *it;
for (it = trie_it_begin(hints->nsset); !trie_it_finished(it); trie_it_next(it)) {
char nsname_str[KNOT_DNAME_MAXLEN] = {'\0'};
knot_dname_to_str(nsname_str,
/* here we trust that it's a correct dname */
(const knot_dname_t *)trie_it_key(it, NULL),
sizeof(nsname_str));
KR_DNAME_GET_STR(nsname_str, (const knot_dname_t *)trie_it_key(it, NULL));
JsonNode *addr_list = pack_addrs((pack_t *)*trie_it_val(it));
if (!addr_list) goto error;
json_append_member(root_node, nsname_str, addr_list);
......
......@@ -326,11 +326,11 @@ static char* stats_list(void *env, struct kr_module *module, const char *args)
static enum lru_apply_do dump_value(const char *key, uint len, unsigned *val, void *baton)
{
uint16_t key_type = 0;
char key_name[KNOT_DNAME_MAXLEN], type_str[16];
/* Extract query name, type and counter */
memcpy(&key_type, key, sizeof(key_type));
knot_dname_to_str(key_name, (uint8_t *)key + sizeof(key_type), sizeof(key_name));
knot_rrtype_to_string(key_type, type_str, sizeof(type_str));
KR_DNAME_GET_STR(key_name, (uint8_t *)key + sizeof(key_type));
KR_RRTYPE_GET_STR(type_str, key_type);
/* Convert to JSON object */
JsonNode *json_val = json_mkobject();
json_append_member(json_val, "count", json_mknumber(*val));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment