diff options
author | Oto Šťáva <oto.stava@nic.cz> | 2024-06-04 17:38:58 +0200 |
---|---|---|
committer | Oto Šťáva <oto.stava@nic.cz> | 2024-06-04 17:38:58 +0200 |
commit | b868b2584ef0bd3841256de596e3074443e9397b (patch) | |
tree | 2bcc576adb9edcf2e540b8bb237d8d9c434a7b50 /lib | |
parent | Merge branch rrl-wip-sample into rrl-wip (diff) | |
parent | Merge branch 'nits' into 'master' (diff) | |
download | knot-resolver-b868b2584ef0bd3841256de596e3074443e9397b.tar.xz knot-resolver-b868b2584ef0bd3841256de596e3074443e9397b.zip |
Merge branch 'master' into 'rrl-wip'
Diffstat (limited to 'lib')
-rw-r--r-- | lib/cache/api.c | 2 | ||||
-rw-r--r-- | lib/cache/peek.c | 3 | ||||
-rw-r--r-- | lib/dnssec.c | 2 | ||||
-rw-r--r-- | lib/dnssec/nsec.c | 18 | ||||
-rw-r--r-- | lib/dnssec/nsec3.c | 12 | ||||
-rw-r--r-- | lib/dnssec/signature.c | 2 | ||||
-rw-r--r-- | lib/dnssec/ta.c | 13 | ||||
-rw-r--r-- | lib/generic/array.h | 14 | ||||
-rw-r--r-- | lib/generic/lru.h | 5 | ||||
-rw-r--r-- | lib/generic/queue.c | 10 | ||||
-rw-r--r-- | lib/generic/queue.h | 6 | ||||
-rw-r--r-- | lib/generic/trie.c | 4 | ||||
-rw-r--r-- | lib/layer/iterate.c | 2 | ||||
-rw-r--r-- | lib/layer/validate.c | 2 | ||||
-rw-r--r-- | lib/log.c | 2 | ||||
-rw-r--r-- | lib/meson.build | 2 | ||||
-rw-r--r-- | lib/proto.c | 19 | ||||
-rw-r--r-- | lib/proto.h | 53 | ||||
-rw-r--r-- | lib/resolve-produce.c | 15 | ||||
-rw-r--r-- | lib/resolve.c | 5 | ||||
-rw-r--r-- | lib/rules/api.c | 16 | ||||
-rw-r--r-- | lib/rules/api.h | 22 | ||||
-rw-r--r-- | lib/rules/forward.c | 2 | ||||
-rw-r--r-- | lib/rules/local-addr.c | 2 | ||||
-rw-r--r-- | lib/rules/zonefile.c | 6 | ||||
-rw-r--r-- | lib/selection.c | 2 | ||||
-rw-r--r-- | lib/utils.c | 7 | ||||
-rw-r--r-- | lib/utils.h | 6 | ||||
-rw-r--r-- | lib/zonecut.c | 2 |
29 files changed, 170 insertions, 86 deletions
diff --git a/lib/cache/api.c b/lib/cache/api.c index 2143ceef..490f3d1c 100644 --- a/lib/cache/api.c +++ b/lib/cache/api.c @@ -529,7 +529,7 @@ static ssize_t stash_rrset(struct kr_cache *cache, const struct kr_query *qry, goto return_needs_pkt; const knot_dname_t *encloser = rr->owner; /**< the closest encloser name */ for (int i = 0; i < wild_labels; ++i) { - encloser = knot_wire_next_label(encloser, NULL); + encloser = knot_dname_next_label(encloser); } /* Construct the key under which RRs will be stored, diff --git a/lib/cache/peek.c b/lib/cache/peek.c index 4b8e4acc..d12031fc 100644 --- a/lib/cache/peek.c +++ b/lib/cache/peek.c @@ -174,6 +174,7 @@ int peek_nosync(kr_layer_t *ctx, knot_pkt_t *pkt) knot_db_val_bound(v), new_ttl); return ret == kr_ok() ? KR_STATE_DONE : ctx->state; } + default:; // Continue below } /* We have to try proving from NSEC*. */ @@ -359,7 +360,7 @@ static int peek_encloser( /** Name of the closest (provable) encloser. */ const knot_dname_t *clencl_name = qry->sname; for (int l = sname_labels; l > clencl_labels; --l) - clencl_name = knot_wire_next_label(clencl_name, NULL); + clencl_name = knot_dname_next_label(clencl_name); /**** 3. source of synthesis checks, in case the next closer name was covered. **** 3a. We want to query for NSEC* of source of synthesis (SS) or its diff --git a/lib/dnssec.c b/lib/dnssec.c index 9f43bb83..77cec796 100644 --- a/lib/dnssec.c +++ b/lib/dnssec.c @@ -362,7 +362,7 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx, const int covered_labels = knot_dname_labels(covered->owner, NULL) - knot_dname_is_wildcard(covered->owner); - for (uint16_t i = 0; i < vctx->rrs->len; ++i) { + for (size_t i = 0; i < vctx->rrs->len; ++i) { /* Consider every RRSIG that matches and comes from the same query. */ const knot_rrset_t *rrsig = vctx->rrs->at[i]->rr; const bool ok = vctx->rrs->at[i]->qry_uid == vctx->qry_uid diff --git a/lib/dnssec/nsec.c b/lib/dnssec/nsec.c index d798e3cf..be34d92d 100644 --- a/lib/dnssec/nsec.c +++ b/lib/dnssec/nsec.c @@ -81,15 +81,13 @@ static int dname_cmp(const knot_dname_t *d1, const knot_dname_t *d2) dname_reverse(d1, d1_len, d1_rev_arr); dname_reverse(d2, d2_len, d2_rev_arr); - int res = 0; - while (res == 0 && d1_rev != NULL) { - res = lf_cmp(d1_rev, d2_rev); - d1_rev = knot_wire_next_label(d1_rev, NULL); - d2_rev = knot_wire_next_label(d2_rev, NULL); - } - - kr_require(res != 0 || d2_rev == NULL); - return res; + do { + int res = lf_cmp(d1_rev, d2_rev); + if (res != 0 || d1_rev[0] == '\0') + return res; + d1_rev = knot_dname_next_label(d1_rev); + d2_rev = knot_dname_next_label(d2_rev); + } while (true); } @@ -251,7 +249,7 @@ int kr_nsec_negative(const ranked_rr_array_t *rrrs, uint32_t qry_uid, ssynth[1] = '*'; const knot_dname_t *clencl = sname; for (int l = sname_labels; l > clencl_labels; --l) - clencl = knot_wire_next_label(clencl, NULL); + clencl = knot_dname_next_label(clencl); (void)!!knot_dname_store(&ssynth[2], clencl); // Try to (dis)prove the source of synthesis by a covering or matching NSEC. diff --git a/lib/dnssec/nsec3.c b/lib/dnssec/nsec3.c index 4199f25f..4ff27500 100644 --- a/lib/dnssec/nsec3.c +++ b/lib/dnssec/nsec3.c @@ -143,7 +143,7 @@ static int closest_encloser_match(int *flags, const knot_rrset_t *nsec3, goto fail; } - const knot_dname_t *encloser = knot_wire_next_label(name, NULL); + const knot_dname_t *encloser = knot_dname_next_label(name); *skipped = 1; /* Avoid doing too much work on SHA1, mitigating: @@ -154,7 +154,7 @@ static int closest_encloser_match(int *flags, const knot_rrset_t *nsec3, const int max_labels = knot_dname_labels(nsec3->owner, NULL) - 1 + kr_nsec3_max_depth(¶ms); for (int l = knot_dname_labels(encloser, NULL); l > max_labels; --l) { - encloser = knot_wire_next_label(encloser, NULL); + encloser = knot_dname_next_label(encloser); ++(*skipped); } @@ -174,7 +174,7 @@ static int closest_encloser_match(int *flags, const knot_rrset_t *nsec3, if (!encloser[0]) break; - encloser = knot_wire_next_label(encloser, NULL); + encloser = knot_dname_next_label(encloser); ++(*skipped); } @@ -404,7 +404,7 @@ static int closest_encloser_proof(const knot_pkt_t *pkt, for (unsigned j = 0; j < skipped; ++j) { if (kr_fails_assert(next_closer[0])) return kr_error(EINVAL); - next_closer = knot_wire_next_label(next_closer, NULL); + next_closer = knot_dname_next_label(next_closer); } for (unsigned j = 0; j < sec->count; ++j) { const knot_rrset_t *rrset_j = knot_pkt_rr(sec, j); @@ -425,7 +425,7 @@ static int closest_encloser_proof(const knot_pkt_t *pkt, if ((flags & FLG_CLOSEST_PROVABLE_ENCLOSER) && (flags & FLG_NAME_COVERED) && next_closer) { if (encloser_name && next_closer[0]) - *encloser_name = knot_wire_next_label(next_closer, NULL); + *encloser_name = knot_dname_next_label(next_closer); if (matching_encloser_nsec3) *matching_encloser_nsec3 = matching; if (covering_next_nsec3) @@ -569,7 +569,7 @@ int kr_nsec3_wildcard_answer_response_check(const knot_pkt_t *pkt, knot_section_ for (int i = 0; i < trim_to_next; ++i) { if (kr_fails_assert(sname[0])) return kr_error(EINVAL); - sname = knot_wire_next_label(sname, NULL); + sname = knot_dname_next_label(sname); } int flags = 0; diff --git a/lib/dnssec/signature.c b/lib/dnssec/signature.c index f80337fe..6e443cf9 100644 --- a/lib/dnssec/signature.c +++ b/lib/dnssec/signature.c @@ -224,7 +224,7 @@ static int sign_ctx_add_records(dnssec_sign_ctx_t *ctx, const knot_rrset_t *cove for (int j = 0; j < trim_labels; ++j) { if (kr_fails_assert(beginp[0])) return kr_error(EINVAL); - beginp = (uint8_t *) knot_wire_next_label(beginp, NULL); + beginp = (uint8_t *) knot_dname_next_label(beginp); if (kr_fails_assert(beginp)) return kr_error(EFAULT); } diff --git a/lib/dnssec/ta.c b/lib/dnssec/ta.c index 67f0a206..6593b2f3 100644 --- a/lib/dnssec/ta.c +++ b/lib/dnssec/ta.c @@ -28,9 +28,9 @@ const knot_dname_t * kr_ta_closest(const struct kr_context *ctx, const knot_dnam kr_require(ctx && name); if (type == KNOT_RRTYPE_DS && name[0] != '\0') { /* DS is parent-side record, so the parent name needs to be covered. */ - name = knot_wire_next_label(name, NULL); + name = knot_dname_next_label(name); } - while (name) { + do { struct kr_context *ctx_nc = (struct kr_context *)/*const-cast*/ctx; if (kr_ta_get(ctx_nc->trust_anchors, name)) { return name; @@ -38,9 +38,12 @@ const knot_dname_t * kr_ta_closest(const struct kr_context *ctx, const knot_dnam if (kr_ta_get(ctx_nc->negative_anchors, name)) { return NULL; } - name = knot_wire_next_label(name, NULL); - } - return NULL; + if (name[0] == '\0') { + return NULL; + } else { + name = knot_dname_next_label(name); + } + } while (true); } /* @internal Create DS from DNSKEY, caller MUST free dst if successful. */ diff --git a/lib/generic/array.h b/lib/generic/array.h index 9f351189..9bea546b 100644 --- a/lib/generic/array.h +++ b/lib/generic/array.h @@ -113,7 +113,7 @@ static inline void array_std_free(void *baton, void *p) * Mempool usage: pass kr_memreserve and a knot_mm_t* . * @return 0 if success, <0 on failure */ #define array_reserve_mm(array, n, reserve, baton) \ - (reserve)((baton), (void **) &(array).at, sizeof((array).at[0]), (n), &(array).cap) + (reserve)((baton), (void **) &(array).at, array_member_size((array)), (n), &(array).cap) /** * Push value at the end of the array, resize it if necessary. @@ -122,9 +122,9 @@ static inline void array_std_free(void *baton, void *p) * @return element index on success, <0 on failure */ #define array_push_mm(array, val, reserve, baton) \ - (int)((array).len < (array).cap ? ((array).at[(array).len] = val, (array).len++) \ + (int)((array).len < (array).cap ? ((array).at[(array).len] = (val), (array).len++) \ : (array_reserve_mm(array, ((array).cap + 1), reserve, baton) < 0 ? -1 \ - : ((array).at[(array).len] = val, (array).len++))) + : ((array).at[(array).len] = (val), (array).len++))) /** * Push value at the end of the array, resize it if necessary (plain malloc/free). @@ -152,6 +152,12 @@ static inline void array_std_free(void *baton, void *p) * @warning Undefined if the array is empty. */ #define array_tail(array) \ - (array).at[(array).len - 1] + (array).at[(array).len - 1] + +/** + * Return the size of a singular member in the array. + */ +#define array_member_size(array) \ + (sizeof((array).at[0])) // NOLINT(bugprone-sizeof-expression): usually a false-positive /** @} */ diff --git a/lib/generic/lru.h b/lib/generic/lru.h index 448c1b92..1c1dd81a 100644 --- a/lib/generic/lru.h +++ b/lib/generic/lru.h @@ -130,7 +130,10 @@ #define lru_get_new(table, key_, len_, is_new) \ (__typeof__((table)->pdata_t)) \ lru_get_impl(&(table)->lru, (key_), (len_), \ - sizeof(*(table)->pdata_t), true, is_new) + lru_member_size((table)), true, is_new) + +#define lru_member_size(table) \ + (sizeof(*(table)->pdata_t)) // NOLINT(bugprone-sizeof-expression): usually a false-positive /** * @brief Apply a function to every item in LRU. diff --git a/lib/generic/queue.c b/lib/generic/queue.c index 5bed153e..29609dd2 100644 --- a/lib/generic/queue.c +++ b/lib/generic/queue.c @@ -62,7 +62,7 @@ void * queue_push_impl(struct queue *q) if (t->begin * 2 >= t->cap) { /* Utilization is below 50%, so let's shift (no overlap). * (size_t cast is to avoid unintended sign-extension) */ - memcpy(t->data, t->data + t->begin * q->item_size, + memcpy(t->data, t->data + t->begin * (size_t)q->item_size, (size_t) (t->end - t->begin) * (size_t) q->item_size); t->end -= t->begin; t->begin = 0; @@ -76,7 +76,7 @@ void * queue_push_impl(struct queue *q) kr_require(t->end < t->cap); ++(q->len); ++(t->end); - return t->data + q->item_size * (t->end - 1); + return t->data + (size_t)q->item_size * (t->end - 1); } /* Return pointer to the space for the new element. */ @@ -98,8 +98,8 @@ void * queue_push_head_impl(struct queue *q) * Computations here are simplified due to h->begin == 0. * (size_t cast is to avoid unintended sign-extension) */ const int cnt = h->end; - memcpy(h->data + (h->cap - cnt) * q->item_size, h->data, - (size_t) cnt * (size_t) q->item_size); + memcpy(h->data + ((size_t)h->cap - cnt) * q->item_size, h->data, + (size_t)cnt * (size_t)q->item_size); h->begin = h->cap - cnt; h->end = h->cap; } else { @@ -113,7 +113,7 @@ void * queue_push_head_impl(struct queue *q) kr_require(h->begin > 0); --(h->begin); ++(q->len); - return h->data + q->item_size * h->begin; + return h->data + (size_t)q->item_size * h->begin; } void queue_pop_impl(struct queue *q) diff --git a/lib/generic/queue.h b/lib/generic/queue.h index 3fa52cea..fc2a86f3 100644 --- a/lib/generic/queue.h +++ b/lib/generic/queue.h @@ -71,7 +71,7 @@ /** @brief Initialize a queue. You can malloc() it the usual way. */ #define queue_init(q) do { \ (void)(((__typeof__(((q).pdata_t)))0) == (void *)0); /* typecheck queue_t */ \ - queue_init_impl(&(q).queue, sizeof(*(q).pdata_t)); \ + queue_init_impl(&(q).queue, queue_member_size((q))); \ } while (false) /** @brief De-initialize a queue: make it invalid and free any inner allocations. */ @@ -105,6 +105,10 @@ #define queue_len(q) \ ((const size_t)(q).queue.len) +/** @brief Return the size of a single element in the queue. */ +#define queue_member_size(q) \ + (sizeof(*(q).pdata_t)) // NOLINT(bugprone-sizeof-expression): usually a false-positive + /** @brief Type for queue iterator, parametrized by value type. * It's a simple structure that owns no other resources. diff --git a/lib/generic/trie.c b/lib/generic/trie.c index f9aceda7..21254eb4 100644 --- a/lib/generic/trie.c +++ b/lib/generic/trie.c @@ -470,6 +470,10 @@ static int ns_longer_alloc(nstack_t *ns) memcpy(st, ns->stack, ns->len * sizeof(node_t *)); } else { st = realloc(ns->stack, new_size); + if (st == NULL) { + free(ns->stack); // left behind by realloc, callers bail out + ns->stack = NULL; + } } if (st == NULL) return KNOT_ENOMEM; diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c index 4eacf86f..6f312ca7 100644 --- a/lib/layer/iterate.c +++ b/lib/layer/iterate.c @@ -51,7 +51,7 @@ static const knot_dname_t *minimized_qname(struct kr_query *query, uint16_t *qty int cut_labels = knot_dname_labels(query->zone_cut.name, NULL); int qname_labels = knot_dname_labels(qname, NULL); while(qname[0] && qname_labels > cut_labels + 1) { - qname = knot_wire_next_label(qname, NULL); + qname = knot_dname_next_label(qname); qname_labels -= 1; } diff --git a/lib/layer/validate.c b/lib/layer/validate.c index 3bdb205c..af20b2e4 100644 --- a/lib/layer/validate.c +++ b/lib/layer/validate.c @@ -709,7 +709,7 @@ static int check_validation_result(kr_layer_t *ctx, const knot_pkt_t *pkt, ranke invalid_entry = entry; break; } else if (kr_rank_test(entry->rank, KR_RANK_MISSING) && - !invalid_entry) { + !invalid_entry) { // NOLINT(bugprone-branch-clone) invalid_entry = entry; } else if (kr_rank_test(entry->rank, KR_RANK_OMIT)) { continue; @@ -126,7 +126,7 @@ void kr_log_fmt(enum kr_log_group group, kr_log_level_t level, const char *file, } va_start(args, fmt); - vfprintf(stream, fmt, args); + (void)vfprintf(stream, fmt, args); va_end(args); } } diff --git a/lib/meson.build b/lib/meson.build index d8cbf1fa..60988f02 100644 --- a/lib/meson.build +++ b/lib/meson.build @@ -23,6 +23,7 @@ libkres_src = files([ 'layer/iterate.c', 'layer/validate.c', 'log.c', + 'proto.c', 'rules/api.c', 'rules/defaults.c', 'rules/forward.c', @@ -60,6 +61,7 @@ libkres_headers = files([ 'layer/iterate.h', 'log.h', 'module.h', + 'proto.h', 'resolve.h', 'resolve-impl.h', 'rplan.h', diff --git a/lib/proto.c b/lib/proto.c new file mode 100644 index 00000000..cf12e94e --- /dev/null +++ b/lib/proto.c @@ -0,0 +1,19 @@ +/* Copyright (C) CZ.NIC, z.s.p.o. <knot-resolver@labs.nic.cz> + * SPDX-License-Identifier: GPL-3.0-or-later + */ + +#include "lib/proto.h" + +const char *kr_proto_name(enum kr_proto p) +{ + switch (p) { + case KR_PROTO_INTERNAL: + return "INTERNAL"; +#define XX(cid, vid, name) case KR_PROTO_##cid: \ + return (name); + KR_PROTO_MAP(XX) +#undef XX + default: + return "(default)"; + } +} diff --git a/lib/proto.h b/lib/proto.h new file mode 100644 index 00000000..875fe8e3 --- /dev/null +++ b/lib/proto.h @@ -0,0 +1,53 @@ +/* Copyright (C) CZ.NIC, z.s.p.o. <knot-resolver@labs.nic.cz> + * SPDX-License-Identifier: GPL-3.0-or-later + */ +#pragma once + +#include <stdint.h> + +#include "lib/defines.h" + +/** DNS transport protocol map + * + * This macro is used to generate `enum kr_proto` as well as other additional + * data on protocols, like name string constants. + * + * It defines DNS transport protocols for use by `session2` (to define sequences + * of protocol layers) and `rules` (to filter requests based on them). To find + * out more, see the individual usages. + * + * Parameters for XX are: + * 1. Constant name (for e.g. KR_PROTO_* enum value identifiers) + * 2. Variable name (for e.g. kr_proto_* array identifiers, like those defined + * in `session2.c`) + * 3. Human-readable name for logging */ +#define KR_PROTO_MAP(XX) \ + XX(UDP53, udp53, "DNS UDP") \ + XX(TCP53, tcp53, "DNS TCP") \ + XX(DOT, dot, "DNS-over-TLS") \ + XX(DOH, doh, "DNS-over-HTTPS") \ + XX(DOQ, doq, "DNS-over-QUIC") /* unused for now */ \ + // + +/** DNS protocol set - mutually exclusive options, contrary to + * kr_request_qsource_flags + * + * The XDP flag is not discerned here, as it could apply to any protocol. (Not + * right now, but libknot does support it for TCP, so that would complete + * everything) + */ +enum kr_proto { + KR_PROTO_INTERNAL = 0, /// no protocol, e.g. useful to mark internal requests +#define XX(cid, vid, name) KR_PROTO_ ## cid, + KR_PROTO_MAP(XX) +#undef XX + KR_PROTO_COUNT, +}; + +/** Gets the constant string name of the specified transport protocol. */ +KR_EXPORT +const char *kr_proto_name(enum kr_proto p); + +/** Bitmap of enum kr_proto options. */ +typedef uint8_t kr_proto_set; +static_assert(sizeof(kr_proto_set) * 8 >= KR_PROTO_COUNT, "bad combination of type sizes"); diff --git a/lib/resolve-produce.c b/lib/resolve-produce.c index d9bec433..563a2ca2 100644 --- a/lib/resolve-produce.c +++ b/lib/resolve-produce.c @@ -72,7 +72,7 @@ static void check_empty_nonterms(struct kr_query *qry, knot_pkt_t *pkt, struct k * otherwise this would risk leaking information to parent if the NODATA TTD > zone cut TTD. */ int labels = knot_dname_labels(target, NULL) - knot_dname_labels(cut_name, NULL); while (target[0] && labels > 2) { - target = knot_wire_next_label(target, NULL); + target = knot_dname_next_label(target); --labels; } for (int i = 0; i < labels; ++i) { @@ -84,7 +84,7 @@ static void check_empty_nonterms(struct kr_query *qry, knot_pkt_t *pkt, struct k break; } kr_assert(target[0]); - target = knot_wire_next_label(target, NULL); + target = knot_dname_next_label(target); } kr_cache_commit(cache); #endif @@ -277,7 +277,7 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query int cut_labels = knot_dname_labels(qry->zone_cut.name, NULL); int wanted_name_labels = knot_dname_labels(wanted_name, NULL); while (wanted_name[0] && wanted_name_labels > cut_labels + name_offset) { - wanted_name = knot_wire_next_label(wanted_name, NULL); + wanted_name = knot_dname_next_label(wanted_name); wanted_name_labels -= 1; } minimized = (wanted_name != qry->sname); @@ -508,11 +508,11 @@ static int zone_cut_check(struct kr_request *request, struct kr_query *qry, knot const knot_dname_t *parent = qry->parent->zone_cut.name; if (parent[0] != '\0' && knot_dname_in_bailiwick(qry->sname, parent) >= 0) { - requested_name = knot_wire_next_label(parent, NULL); + requested_name = knot_dname_next_label(parent); } - } else if ((qry->stype == KNOT_RRTYPE_DS) && (qry->sname[0] != '\0')) { + } else if ((qry->stype == KNOT_RRTYPE_DS) && (requested_name[0] != '\0')) { /* If this is explicit DS query, start from encloser too. */ - requested_name = knot_wire_next_label(requested_name, NULL); + requested_name = knot_dname_next_label(requested_name); } int state = KR_STATE_FAIL; @@ -521,7 +521,8 @@ static int zone_cut_check(struct kr_request *request, struct kr_query *qry, knot if (state == KR_STATE_DONE || (state & KR_STATE_FAIL)) { return state; } else if (state == KR_STATE_CONSUME) { - requested_name = knot_wire_next_label(requested_name, NULL); + kr_require(requested_name[0] != '\0'); + requested_name = knot_dname_next_label(requested_name); } } while (state == KR_STATE_CONSUME); diff --git a/lib/resolve.c b/lib/resolve.c index e8a63489..ec00b215 100644 --- a/lib/resolve.c +++ b/lib/resolve.c @@ -715,6 +715,8 @@ int kr_resolve_consume(struct kr_request *request, struct kr_transport **transpo if (transport && !qry->flags.CACHED) { if (!(request->state & KR_STATE_FAIL)) { /* Do not complete NS address resolution on soft-fail. */ + if (kr_fails_assert(packet->wire)) + return KR_STATE_FAIL; const int rcode = knot_wire_get_rcode(packet->wire); if (rcode != KNOT_RCODE_SERVFAIL && rcode != KNOT_RCODE_REFUSED) { qry->flags.AWAIT_IPV6 = false; @@ -748,7 +750,7 @@ int kr_resolve_consume(struct kr_request *request, struct kr_transport **transpo } /* Pop query if resolved. */ - if (request->state == KR_STATE_YIELD) { + if (request->state == KR_STATE_YIELD) { // NOLINT(bugprone-branch-clone) return KR_STATE_PRODUCE; /* Requery */ } else if (qry->flags.RESOLVED) { kr_rplan_pop(rplan, qry); @@ -931,6 +933,7 @@ int kr_resolve_finish(struct kr_request *request, int state) knot_wire_clear_ad(wire); knot_wire_clear_aa(wire); knot_wire_set_rcode(wire, KNOT_RCODE_SERVFAIL); + default:; // Do nothing } } } diff --git a/lib/rules/api.c b/lib/rules/api.c index ca026879..8e908a7a 100644 --- a/lib/rules/api.c +++ b/lib/rules/api.c @@ -91,7 +91,7 @@ int kr_rule_tag_add(const char *tag, kr_rule_tags_t *tagset) kr_log_error(RULES, "ERROR: invalid length: %d\n", (int)val.len); return kr_error(EILSEQ); } - *tagset |= (1 << *tindex_p); + *tagset |= ((kr_rule_tags_t)1 << *tindex_p); return kr_ok(); } else if (ret != kr_error(ENOENT)) { return ret; @@ -114,7 +114,7 @@ int kr_rule_tag_add(const char *tag, kr_rule_tags_t *tagset) int ix = ffsll(~bmp) - 1; if (ix < 0 || ix >= 8 * sizeof(bmp)) return kr_error(E2BIG); - const kr_rule_tags_t tag_new = 1 << ix; + const kr_rule_tags_t tag_new = (kr_rule_tags_t)1 << ix; kr_require((tag_new & bmp) == 0); // Update the bitmap. ATM ruledb does not overwrite, so we `remove` before `write`. @@ -158,7 +158,7 @@ int kr_rules_init(const char *path, size_t maxsize) // Later we might improve it to auto-resize in case of running out of space. // Caveat: mdb_env_set_mapsize() can only be called without transactions open. .maxsize = maxsize ? maxsize : - (sizeof(size_t) > 4 ? 2048 : 500) * 1024*(size_t)1024, + (size_t)(sizeof(size_t) > 4 ? 2048 : 500) * 1024*1024, }; int ret = the_rules->api->open(&the_rules->db, &the_rules->stats, &opts, NULL); /* No persistence - we always refill from config for now. @@ -848,8 +848,8 @@ static int subnet_encode(const struct sockaddr *addr, int sub_len, uint8_t buf[3 uint16_t x = a[i] * 85; // interleave by zero bits uint8_t sub_mask = 255 >> (8 - MIN(sub_len, 8)); uint16_t r = x | (sub_mask * 85 * 2); - buf[2*i] = r / 256; - buf[2*i + 1] = r % 256; + buf[(ssize_t)2*i] = r / 256; + buf[(ssize_t)2*i + 1] = r % 256; } return i * 2; } @@ -870,9 +870,9 @@ bool subnet_is_prefix(uint8_t a, uint8_t b) } #define KEY_PREPEND(key, arr) do { \ - key.data -= sizeof(arr); \ - key.len += sizeof(arr); \ - memcpy(key.data, arr, sizeof(arr)); \ + (key).data -= sizeof(arr); \ + (key).len += sizeof(arr); \ + memcpy((key).data, arr, sizeof(arr)); \ } while (false) int kr_view_insert_action(const char *subnet, const char *dst_subnet, diff --git a/lib/rules/api.h b/lib/rules/api.h index bf51e4d5..1069ef4d 100644 --- a/lib/rules/api.h +++ b/lib/rules/api.h @@ -4,6 +4,7 @@ #pragma once #include "lib/defines.h" +#include "lib/proto.h" struct kr_query; struct kr_request; struct knot_pkt; @@ -16,27 +17,6 @@ typedef uint64_t kr_rule_tags_t; /// Tags "capacity", i.e. numbered from 0 to _CAP - 1. #define KR_RULE_TAGS_CAP (sizeof(kr_rule_tags_t) * 8) -/** DNS protocol set - mutually exclusive options, contrary to kr_request_qsource_flags - * - * The XDP flag is not discerned here, as it could apply to any protocol. - * (not right now, but libknot does support it for TCP, so that would complete everything) - * - * TODO: probably unify with enum protolayer_grp. - */ -enum kr_proto { - KR_PROTO_INTERNAL = 0, /// no protocol, e.g. useful to mark internal requests - KR_PROTO_UDP53, - KR_PROTO_TCP53, - KR_PROTO_DOT, - KR_PROTO_DOH, - KR_PROTO_DOQ, /// unused for now - KR_PROTO_COUNT, -}; -/** Bitmap of enum kr_proto options. */ -typedef uint8_t kr_proto_set; -static_assert(sizeof(kr_proto_set) * 8 >= KR_PROTO_COUNT, "bad combination of type sizes"); - - /** Open the rule DB. * * You can call this to override the path or size (NULL/0 -> default). diff --git a/lib/rules/forward.c b/lib/rules/forward.c index 12ad14d5..ef2cf9da 100644 --- a/lib/rules/forward.c +++ b/lib/rules/forward.c @@ -95,7 +95,7 @@ int kr_rule_data_src_check(struct kr_query *qry, struct knot_pkt *pkt) const knot_dname_t *apex = qry->sname; for (int labels = knot_dname_labels(apex, NULL); labels > qry->data_src.rule_depth; - --labels, apex = knot_wire_next_label(apex, NULL)); + --labels, apex = knot_dname_next_label(apex)); kr_zonecut_set(&qry->zone_cut, apex); qry->zone_cut.avoid_resolving = true; knot_db_val_t targets = qry->data_src.targets_ptr; diff --git a/lib/rules/local-addr.c b/lib/rules/local-addr.c index 787639df..cd5d456b 100644 --- a/lib/rules/local-addr.c +++ b/lib/rules/local-addr.c @@ -67,7 +67,7 @@ static const knot_dname_t * raw_addr2reverse(const uint8_t *raw_addr, int family #undef REV_MAXLEN if (family == AF_INET) { - snprintf(reverse_addr, sizeof(reverse_addr), + (void)snprintf(reverse_addr, sizeof(reverse_addr), "%d.%d.%d.%d.in-addr.arpa.", raw_addr[3], raw_addr[2], raw_addr[1], raw_addr[0]); } else if (family == AF_INET6) { diff --git a/lib/rules/zonefile.c b/lib/rules/zonefile.c index cfd2bc27..d308f375 100644 --- a/lib/rules/zonefile.c +++ b/lib/rules/zonefile.c @@ -50,7 +50,8 @@ static void rr_scan2trie(zs_scanner_t *s) knot_rrset_init(rr, NULL, s->r_type, KNOT_CLASS_IN, s->r_ttl); // we don't ^^ need owner so save allocation } - knot_rrset_add_rdata(rr, s->r_data, s->r_data_length, s_data->pool); + int ret = knot_rrset_add_rdata(rr, s->r_data, s->r_data_length, s_data->pool); + kr_assert(!ret); } /// Process an RRset of other types into a rule static int rr_trie2rule(const char *key_data, uint32_t key_len, trie_val_t *rr_p, void *config) @@ -202,6 +203,7 @@ static void process_record(zs_scanner_t *s) KR_RRTYPE_GET_STR(type_str, s->r_type); kr_log_warning(RULES, "skipping unsupported RR type %s\n", type_str); return; + default:; // Continue below } if (knot_rrtype_is_metatype(s->r_type)) goto unsupported_type; @@ -244,7 +246,7 @@ int kr_rule_zonefile(const struct kr_rule_zonefile_config *c) s_data_t s_data = { 0 }; s_data.c = c; - s_data.pool = mm_ctx_mempool2(64 * 1024); + s_data.pool = mm_ctx_mempool2((size_t)64 * 1024); s_data.rrs = trie_create(s_data.pool); ret = zs_set_processing(s, process_record, NULL, &s_data); if (kr_fails_assert(ret == 0)) diff --git a/lib/selection.c b/lib/selection.c index ea3a85ae..9cdd1a60 100644 --- a/lib/selection.c +++ b/lib/selection.c @@ -149,7 +149,7 @@ struct rtt_state get_rtt_state(const uint8_t *ip, size_t len, knot_db_val_t key = cache_key(ip, len); - if (cache->api->read(db, stats, &key, &value, 1)) { + if (cache->api->read(db, stats, &key, &value, 1)) { // NOLINT(bugprone-branch-clone) state = default_rtt_state; } else if (kr_fails_assert(value.len == sizeof(struct rtt_state))) { // shouldn't happen but let's be more robust diff --git a/lib/utils.c b/lib/utils.c index 6d215760..04b1bcb9 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -955,9 +955,8 @@ int kr_ranked_rrarray_add(ranked_rr_array_t *array, const knot_rrset_t *rr, static int rdata_p_cmp(const void *rp1, const void *rp2) { /* Just correct types of the parameters and pass them dereferenced. */ - const knot_rdata_t - *const *r1 = rp1, - *const *r2 = rp2; + const knot_rdata_t *const *r1 = (const knot_rdata_t *const *)rp1; + const knot_rdata_t *const *r2 = (const knot_rdata_t *const *)rp2; return knot_rdata_cmp(*r1, *r2); } int kr_ranked_rrarray_finalize(ranked_rr_array_t *array, uint32_t qry_uid, knot_mm_t *pool) @@ -982,7 +981,7 @@ int kr_ranked_rrarray_finalize(ranked_rr_array_t *array, uint32_t qry_uid, knot_ } else { /* Multiple RRs; first: sort the array. */ stashed->rr->additional = NULL; - qsort(ra->at, ra->len, sizeof(ra->at[0]), rdata_p_cmp); + qsort((void *)ra->at, ra->len, array_member_size(*ra), rdata_p_cmp); /* Prune duplicates: NULL all except the last instance. */ int dup_count = 0; for (int i = 0; i + 1 < ra->len; ++i) { diff --git a/lib/utils.h b/lib/utils.h index 8f84fc46..9fdc2d48 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -618,4 +618,10 @@ static inline size_t kr_dname_prefixlen(const uint8_t *name, unsigned nlabels) #endif ); } +#if KNOT_VERSION_HEX < 0x030400 +static inline const knot_dname_t * knot_dname_next_label(const knot_dname_t *dname) +{ + return knot_wire_next_label(dname, NULL); +} +#endif diff --git a/lib/zonecut.c b/lib/zonecut.c index 2bbd26fc..aea38e46 100644 --- a/lib/zonecut.c +++ b/lib/zonecut.c @@ -580,7 +580,7 @@ int kr_zonecut_find_cached(struct kr_context *ctx, struct kr_zonecut *cut, trie_clear(cut->nsset); /* Subtract label from QNAME. */ if (!is_root) { - label = knot_wire_next_label(label, NULL); + label = knot_dname_next_label(label); } else { ret = kr_error(ENOENT); break; |