diff options
| author | Vladimír Čunát <vladimir.cunat@nic.cz> | 2024-09-30 15:34:11 +0200 |
|---|---|---|
| committer | Vladimír Čunát <vladimir.cunat@nic.cz> | 2024-09-30 15:34:11 +0200 |
| commit | 3b815e8f6989d64ce1facaa24dd0f94c585b819d (patch) | |
| tree | 48943e52d37bdb89b313dc6ba5320eb7c19ef140 /modules | |
| parent | fixup! defer: add request and idle timeouts, limit on waiting queries (diff) | |
| parent | Merge branch 'python-constants-module' into 'master' (diff) | |
| download | knot-resolver-3b815e8f6989d64ce1facaa24dd0f94c585b819d.tar.xz knot-resolver-3b815e8f6989d64ce1facaa24dd0f94c585b819d.zip | |
Merge branch 'master' into rrl-wip
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/dns64/dns64.lua | 2 | ||||
| -rw-r--r-- | modules/policy/policy.lua | 12 | ||||
| -rw-r--r-- | modules/serve_stale/serve_stale.lua | 21 | ||||
| -rw-r--r-- | modules/stats/README.rst | 2 | ||||
| -rw-r--r-- | modules/stats/stats.c | 8 | ||||
| -rwxr-xr-x | modules/ta_update/ta_update.test.integr/rfc5011/dns2rpl.py | 2 | ||||
| -rwxr-xr-x | modules/ta_update/ta_update.test.integr/rfc5011/genkeyszones.sh | 2 | ||||
| -rw-r--r-- | modules/workarounds/workarounds.lua | 2 |
8 files changed, 43 insertions, 8 deletions
diff --git a/modules/dns64/dns64.lua b/modules/dns64/dns64.lua index b4fb1ecb..4dc8cb45 100644 --- a/modules/dns64/dns64.lua +++ b/modules/dns64/dns64.lua @@ -152,7 +152,7 @@ function M.layer.consume(state, req, pkt) end end ffi.C.kr_ranked_rrarray_finalize(req.answ_selected, qry.uid, req.pool) - req:set_extended_error(kres.extended_error.FORGED, "BHD4: DNS64 synthesis") + req:set_extended_error(kres.extended_error.SYNTHESIZED, "BHD4: from DNS64") end local function hexchar2int(char) diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua index bf796a6d..036e8cf6 100644 --- a/modules/policy/policy.lua +++ b/modules/policy/policy.lua @@ -857,10 +857,14 @@ function policy.TAGS_ASSIGN(names) end -- Perform a list of actions sequentially; meant for kr_view_insert_action(). +-- Return value of the last one is propagated. function policy.COMBINE(list) if #list == 1 then return list[1] end local r = 'function(state,req) ' - for _, item in ipairs(list) do + for i, item in ipairs(list) do + if i == #list then + r = r .. 'return ' + end r = r .. item .. '(state,req); ' end return r .. 'end' @@ -934,7 +938,11 @@ policy.layer = { if ffi.C.kr_view_select_action(req, view_action_buf) == 0 then local act_str = ffi.string(view_action_buf[0].data, view_action_buf[0].len) - loadstring('return ' .. act_str)()(state, req) + local new_state = loadstring('return '..act_str)()(state, req) + -- We still respect the chain-rule notion, i.e. we skip + -- lua-configured policy rules iff the action was "final" + -- (`refused` and `noanswer` in the current 6.x) + if new_state ~= nil then return new_state end end if ffi.C.ratelimiting_request_begin(req) then return end diff --git a/modules/serve_stale/serve_stale.lua b/modules/serve_stale/serve_stale.lua index faf07fbe..d1b18f90 100644 --- a/modules/serve_stale/serve_stale.lua +++ b/modules/serve_stale/serve_stale.lua @@ -27,7 +27,9 @@ M.layer = { local now = ffi.C.kr_now() local deadline = qry.creation_time_mono + M.timeout if now > deadline or qry.flags.NO_NS_FOUND then - log_debug(ffi.C.LOG_GRP_SRVSTALE, ' => no reachable NS, using stale data') + log_qry(qry, ffi.C.LOG_GRP_SRVSTALE, + ' => no reachable NS, using stale data "%s"', + kres.dname2str(qry:name())) qry.stale_cb = M.callback -- TODO: probably start the same request that doesn't stale-serve, -- but first we need some detection of non-interactive / internal requests. @@ -36,6 +38,23 @@ M.layer = { return state end, + + answer_finalize = function (state, req) + local qry = req:resolved() + if state ~= kres.DONE or qry == nil then + return state + end + + if req.stale_accounted and qry.stale_cb ~= nil then + if req.answer:rcode() == kres.rcode.NOERROR then + req:set_extended_error(kres.extended_error.STALE, 'WFAC') + elseif req.answer:rcode() == kres.rcode.NXDOMAIN then + req:set_extended_error(kres.extended_error.STALE_NXD, 'QSF6') + end + end + + return state + end, } return M diff --git a/modules/stats/README.rst b/modules/stats/README.rst index 1def925c..e9258274 100644 --- a/modules/stats/README.rst +++ b/modules/stats/README.rst @@ -55,6 +55,8 @@ Built-in counters keep track of number of queries and answers matching specific +-----------------+----------------------------------+ | answer.cached | queries answered from cache | +-----------------+----------------------------------+ +| answer.stale | queries that utilized stale data | ++-----------------+----------------------------------+ +-----------------+----------------------------------+ | **Answers categorized by RCODE** | diff --git a/modules/stats/stats.c b/modules/stats/stats.c index deed9c94..596847d7 100644 --- a/modules/stats/stats.c +++ b/modules/stats/stats.c @@ -37,12 +37,17 @@ #define UPSTREAMS_COUNT 512 /* Size of recent upstreams */ #endif -/** @cond internal Fixed-size map of predefined metrics. */ +/** @cond internal Fixed-size map of predefined metrics. + * + * When changing the list, don't forget _parse_resolver_metrics() + * in ../../manager/knot_resolver_manager/statistics.py + */ #define CONST_METRICS(X) \ X(answer,total) X(answer,noerror) X(answer,nodata) X(answer,nxdomain) X(answer,servfail) \ X(answer,cached) X(answer,1ms) X(answer,10ms) X(answer,50ms) X(answer,100ms) \ X(answer,250ms) X(answer,500ms) X(answer,1000ms) X(answer,1500ms) X(answer,slow) \ X(answer,sum_ms) \ + X(answer,stale) \ X(answer,aa) X(answer,tc) X(answer,rd) X(answer,ra) X(answer, ad) X(answer,cd) \ X(answer,edns0) X(answer,do) \ X(query,edns) X(query,dnssec) \ @@ -303,6 +308,7 @@ static int collect(kr_layer_t *ctx) DEPRECATED use new names metric_answer_edns0 and metric_answer_do */ + stat_const_add(data, metric_answer_stale, param->stale_accounted); stat_const_add(data, metric_query_edns, knot_pkt_has_edns(param->answer)); stat_const_add(data, metric_query_dnssec, knot_pkt_has_dnssec(param->answer)); diff --git a/modules/ta_update/ta_update.test.integr/rfc5011/dns2rpl.py b/modules/ta_update/ta_update.test.integr/rfc5011/dns2rpl.py index 317d6719..6002e830 100755 --- a/modules/ta_update/ta_update.test.integr/rfc5011/dns2rpl.py +++ b/modules/ta_update/ta_update.test.integr/rfc5011/dns2rpl.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3 +#!/usr/bin/env python3 """ Generate RFC 5011 test simulating successful KSK roll-over in 2017. diff --git a/modules/ta_update/ta_update.test.integr/rfc5011/genkeyszones.sh b/modules/ta_update/ta_update.test.integr/rfc5011/genkeyszones.sh index 4a654695..5ff1d8f1 100755 --- a/modules/ta_update/ta_update.test.integr/rfc5011/genkeyszones.sh +++ b/modules/ta_update/ta_update.test.integr/rfc5011/genkeyszones.sh @@ -1,4 +1,4 @@ -#!/usr/bin/bash +#!/usr/bin/env bash # First, generate DNSSEC keys with timers set to simulate 2017 KSK roll-over. # Second, fake system time to pretend that we are at the beginning on time slots diff --git a/modules/workarounds/workarounds.lua b/modules/workarounds/workarounds.lua index 4ce7c478..4cbfdb9d 100644 --- a/modules/workarounds/workarounds.lua +++ b/modules/workarounds/workarounds.lua @@ -4,7 +4,7 @@ if not policy then modules.load('policy') end local M = {} -- the module -function M.config() +function M.init() policy.add(policy.suffix(policy.FLAGS('NO_0X20'), { -- https://github.com/DNS-OARC/dns-violations/blob/master/2017/DVE-2017-0003.md todname('avqs.mcafee.com'), todname('avts.mcafee.com'), |