diff options
Diffstat (limited to 'modules')
123 files changed, 278 insertions, 1001 deletions
diff --git a/modules/bogus_log/.packaging/test.config b/modules/bogus_log/.packaging/test.config deleted file mode 100644 index bf1c8219..00000000 --- a/modules/bogus_log/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('bogus_log') -assert(bogus_log) -quit() diff --git a/modules/daf/.packaging/test.config b/modules/daf/.packaging/test.config deleted file mode 100644 index 2fa1d8cb..00000000 --- a/modules/daf/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('daf') -assert(daf) -quit() diff --git a/modules/daf/daf.test.lua b/modules/daf/daf.test.lua index 2a46393b..557c1a99 100644 --- a/modules/daf/daf.test.lua +++ b/modules/daf/daf.test.lua @@ -37,7 +37,9 @@ local function test_basic_actions() daf.add('qname = deny. deny') daf.add('qname = drop. drop') - check_answer('daf pass action', 'pass.', kres.type.A, kres.rcode.NOERROR) + -- This one won't work anymore, as PASS(THRU) now also skips hints. + --check_answer('daf pass action', 'pass.', kres.type.A, kres.rcode.NOERROR) + check_answer('daf deny action', 'deny.', kres.type.A, kres.rcode.NXDOMAIN) check_answer('daf drop action', 'drop.', kres.type.A, kres.rcode.SERVFAIL) end diff --git a/modules/detect_time_jump/.packaging/test.config b/modules/detect_time_jump/.packaging/test.config deleted file mode 100644 index 7ed0e602..00000000 --- a/modules/detect_time_jump/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('detect_time_jump') -assert(detect_time_jump) -quit() diff --git a/modules/detect_time_skew/.packaging/test.config b/modules/detect_time_skew/.packaging/test.config deleted file mode 100644 index 3a379071..00000000 --- a/modules/detect_time_skew/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('detect_time_skew') -assert(detect_time_skew) -quit() diff --git a/modules/dns64/.packaging/test.config b/modules/dns64/.packaging/test.config deleted file mode 100644 index 5abf524c..00000000 --- a/modules/dns64/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('dns64') -assert(dns64) -quit() diff --git a/modules/dns64/dns64.test.lua b/modules/dns64/dns64.test.lua index 45956a4c..0686ecc0 100644 --- a/modules/dns64/dns64.test.lua +++ b/modules/dns64/dns64.test.lua @@ -3,9 +3,9 @@ local condition = require('cqueues.condition') -- setup resolver modules = { 'hints', 'dns64' } -hints['dns64.example'] = '192.168.1.1' hints.use_nodata(true) -- Respond NODATA to AAAA query hints.ttl(60) +hints['dns64.example'] = '192.168.1.1' dns64.config('fe80::21b:77ff:0:0') -- helper to wait for query resolution diff --git a/modules/dnstap/.packaging/centos/7/builddeps b/modules/dnstap/.packaging/centos/7/builddeps deleted file mode 100644 index d3ab3547..00000000 --- a/modules/dnstap/.packaging/centos/7/builddeps +++ /dev/null @@ -1,3 +0,0 @@ -fstrm-devel -protobuf-c-devel -protobuf-c-compiler diff --git a/modules/dnstap/.packaging/centos/7/rundeps b/modules/dnstap/.packaging/centos/7/rundeps deleted file mode 100644 index 06c2792f..00000000 --- a/modules/dnstap/.packaging/centos/7/rundeps +++ /dev/null @@ -1,2 +0,0 @@ -fstrm -protobuf-c diff --git a/modules/dnstap/.packaging/centos/8/builddeps b/modules/dnstap/.packaging/centos/8/builddeps deleted file mode 100644 index d3ab3547..00000000 --- a/modules/dnstap/.packaging/centos/8/builddeps +++ /dev/null @@ -1,3 +0,0 @@ -fstrm-devel -protobuf-c-devel -protobuf-c-compiler diff --git a/modules/dnstap/.packaging/centos/8/rundeps b/modules/dnstap/.packaging/centos/8/rundeps deleted file mode 100644 index 06c2792f..00000000 --- a/modules/dnstap/.packaging/centos/8/rundeps +++ /dev/null @@ -1,2 +0,0 @@ -fstrm -protobuf-c diff --git a/modules/dnstap/.packaging/debian/10/builddeps b/modules/dnstap/.packaging/debian/10/builddeps deleted file mode 100644 index 417dc04a..00000000 --- a/modules/dnstap/.packaging/debian/10/builddeps +++ /dev/null @@ -1,3 +0,0 @@ -libfstrm-dev -libprotobuf-c-dev -protobuf-c-compiler diff --git a/modules/dnstap/.packaging/debian/10/rundeps b/modules/dnstap/.packaging/debian/10/rundeps deleted file mode 100644 index a726e120..00000000 --- a/modules/dnstap/.packaging/debian/10/rundeps +++ /dev/null @@ -1,2 +0,0 @@ -libfstrm0 -libprotobuf-c1 diff --git a/modules/dnstap/.packaging/debian/9/builddeps b/modules/dnstap/.packaging/debian/9/builddeps deleted file mode 100644 index 417dc04a..00000000 --- a/modules/dnstap/.packaging/debian/9/builddeps +++ /dev/null @@ -1,3 +0,0 @@ -libfstrm-dev -libprotobuf-c-dev -protobuf-c-compiler diff --git a/modules/dnstap/.packaging/debian/9/rundeps b/modules/dnstap/.packaging/debian/9/rundeps deleted file mode 100644 index a726e120..00000000 --- a/modules/dnstap/.packaging/debian/9/rundeps +++ /dev/null @@ -1,2 +0,0 @@ -libfstrm0 -libprotobuf-c1 diff --git a/modules/dnstap/.packaging/fedora/31/builddeps b/modules/dnstap/.packaging/fedora/31/builddeps deleted file mode 100644 index d3ab3547..00000000 --- a/modules/dnstap/.packaging/fedora/31/builddeps +++ /dev/null @@ -1,3 +0,0 @@ -fstrm-devel -protobuf-c-devel -protobuf-c-compiler diff --git a/modules/dnstap/.packaging/fedora/31/rundeps b/modules/dnstap/.packaging/fedora/31/rundeps deleted file mode 100644 index 06c2792f..00000000 --- a/modules/dnstap/.packaging/fedora/31/rundeps +++ /dev/null @@ -1,2 +0,0 @@ -fstrm -protobuf-c diff --git a/modules/dnstap/.packaging/fedora/32/builddeps b/modules/dnstap/.packaging/fedora/32/builddeps deleted file mode 100644 index d3ab3547..00000000 --- a/modules/dnstap/.packaging/fedora/32/builddeps +++ /dev/null @@ -1,3 +0,0 @@ -fstrm-devel -protobuf-c-devel -protobuf-c-compiler diff --git a/modules/dnstap/.packaging/fedora/32/rundeps b/modules/dnstap/.packaging/fedora/32/rundeps deleted file mode 100644 index 06c2792f..00000000 --- a/modules/dnstap/.packaging/fedora/32/rundeps +++ /dev/null @@ -1,2 +0,0 @@ -fstrm -protobuf-c diff --git a/modules/dnstap/.packaging/leap/15.2/builddeps b/modules/dnstap/.packaging/leap/15.2/builddeps deleted file mode 100644 index 30f8d9e1..00000000 --- a/modules/dnstap/.packaging/leap/15.2/builddeps +++ /dev/null @@ -1,3 +0,0 @@ -fstrm-devel -libprotobuf-c-devel -protobuf-c diff --git a/modules/dnstap/.packaging/leap/15.2/rundeps b/modules/dnstap/.packaging/leap/15.2/rundeps deleted file mode 100644 index 06c2792f..00000000 --- a/modules/dnstap/.packaging/leap/15.2/rundeps +++ /dev/null @@ -1,2 +0,0 @@ -fstrm -protobuf-c diff --git a/modules/dnstap/.packaging/test.config b/modules/dnstap/.packaging/test.config deleted file mode 100644 index 5966860f..00000000 --- a/modules/dnstap/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('dnstap') -assert(dnstap) -quit() diff --git a/modules/dnstap/.packaging/ubuntu/16.04/builddeps b/modules/dnstap/.packaging/ubuntu/16.04/builddeps deleted file mode 100644 index 417dc04a..00000000 --- a/modules/dnstap/.packaging/ubuntu/16.04/builddeps +++ /dev/null @@ -1,3 +0,0 @@ -libfstrm-dev -libprotobuf-c-dev -protobuf-c-compiler diff --git a/modules/dnstap/.packaging/ubuntu/16.04/rundeps b/modules/dnstap/.packaging/ubuntu/16.04/rundeps deleted file mode 100644 index a726e120..00000000 --- a/modules/dnstap/.packaging/ubuntu/16.04/rundeps +++ /dev/null @@ -1,2 +0,0 @@ -libfstrm0 -libprotobuf-c1 diff --git a/modules/dnstap/.packaging/ubuntu/18.04/builddeps b/modules/dnstap/.packaging/ubuntu/18.04/builddeps deleted file mode 100644 index 417dc04a..00000000 --- a/modules/dnstap/.packaging/ubuntu/18.04/builddeps +++ /dev/null @@ -1,3 +0,0 @@ -libfstrm-dev -libprotobuf-c-dev -protobuf-c-compiler diff --git a/modules/dnstap/.packaging/ubuntu/18.04/rundeps b/modules/dnstap/.packaging/ubuntu/18.04/rundeps deleted file mode 100644 index a726e120..00000000 --- a/modules/dnstap/.packaging/ubuntu/18.04/rundeps +++ /dev/null @@ -1,2 +0,0 @@ -libfstrm0 -libprotobuf-c1 diff --git a/modules/dnstap/.packaging/ubuntu/20.04/builddeps b/modules/dnstap/.packaging/ubuntu/20.04/builddeps deleted file mode 100644 index 417dc04a..00000000 --- a/modules/dnstap/.packaging/ubuntu/20.04/builddeps +++ /dev/null @@ -1,3 +0,0 @@ -libfstrm-dev -libprotobuf-c-dev -protobuf-c-compiler diff --git a/modules/dnstap/.packaging/ubuntu/20.04/rundeps b/modules/dnstap/.packaging/ubuntu/20.04/rundeps deleted file mode 100644 index a726e120..00000000 --- a/modules/dnstap/.packaging/ubuntu/20.04/rundeps +++ /dev/null @@ -1,2 +0,0 @@ -libfstrm0 -libprotobuf-c1 diff --git a/modules/dnstap/dnstap.c b/modules/dnstap/dnstap.c index 75726672..ab52bca3 100644 --- a/modules/dnstap/dnstap.c +++ b/modules/dnstap/dnstap.c @@ -10,7 +10,7 @@ #include "modules/dnstap/dnstap.pb-c.h" #include "contrib/cleanup.h" -#include "daemon/session.h" +#include "daemon/session2.h" #include "daemon/worker.h" #include "lib/layer.h" #include "lib/resolve.h" @@ -116,7 +116,7 @@ static int get_tcp_info(const struct kr_request *req, struct tcp_info *info) if (!req->qsource.dst_addr || !req->qsource.flags.tcp) /* not TCP-based */ return -abs(ENOENT); /* First obtain the file-descriptor. */ - uv_handle_t *h = session_get_handle(worker_request_get_source_session(req)); + uv_handle_t *h = session2_get_handle(worker_request_get_source_session(req)); uv_os_fd_t fd; int ret = uv_fileno(h, &fd); if (ret) diff --git a/modules/edns_keepalive/.packaging/test.config b/modules/edns_keepalive/.packaging/test.config deleted file mode 100644 index 5c71c797..00000000 --- a/modules/edns_keepalive/.packaging/test.config +++ /dev/null @@ -1,10 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('edns_keepalive') - -for _,item in ipairs(modules.list()) do - if item == "edns_keepalive" then - os.exit(0) - end -end - -os.exit(1) diff --git a/modules/edns_keepalive/edns_keepalive.c b/modules/edns_keepalive/edns_keepalive.c index 30d5df32..22b1397f 100644 --- a/modules/edns_keepalive/edns_keepalive.c +++ b/modules/edns_keepalive/edns_keepalive.c @@ -29,8 +29,7 @@ static int edns_keepalive_finalize(kr_layer_t *ctx) if (!ka_want) { return ctx->state; } - const struct network *net = &the_worker->engine->net; - uint64_t timeout = net->tcp.in_idle_timeout / 100; + uint64_t timeout = the_network->tcp.in_idle_timeout / 100; if (timeout > UINT16_MAX) { timeout = UINT16_MAX; } diff --git a/modules/etcd/.packaging/centos/7/pre-test.sh b/modules/etcd/.packaging/centos/7/pre-test.sh deleted file mode 100755 index 4df79d99..00000000 --- a/modules/etcd/.packaging/centos/7/pre-test.sh +++ /dev/null @@ -1 +0,0 @@ -luarocks install etcd --from=https://mah0x211.github.io/rocks/ diff --git a/modules/etcd/.packaging/centos/7/rundeps b/modules/etcd/.packaging/centos/7/rundeps deleted file mode 100644 index 795a3c44..00000000 --- a/modules/etcd/.packaging/centos/7/rundeps +++ /dev/null @@ -1,6 +0,0 @@ -openssl-devel -lua-devel -luarocks -git -gcc -make diff --git a/modules/etcd/.packaging/centos/8/NOTSUPPORTED b/modules/etcd/.packaging/centos/8/NOTSUPPORTED deleted file mode 100644 index e69de29b..00000000 --- a/modules/etcd/.packaging/centos/8/NOTSUPPORTED +++ /dev/null diff --git a/modules/etcd/.packaging/debian/10/pre-test.sh b/modules/etcd/.packaging/debian/10/pre-test.sh deleted file mode 100755 index 20073dc8..00000000 --- a/modules/etcd/.packaging/debian/10/pre-test.sh +++ /dev/null @@ -1 +0,0 @@ -luarocks --lua-version 5.1 install etcd --from=https://mah0x211.github.io/rocks/ diff --git a/modules/etcd/.packaging/debian/10/rundeps b/modules/etcd/.packaging/debian/10/rundeps deleted file mode 100644 index 02d3fcf5..00000000 --- a/modules/etcd/.packaging/debian/10/rundeps +++ /dev/null @@ -1,4 +0,0 @@ -libssl-dev -luarocks -git -make diff --git a/modules/etcd/.packaging/debian/9/pre-test.sh b/modules/etcd/.packaging/debian/9/pre-test.sh deleted file mode 100755 index 4df79d99..00000000 --- a/modules/etcd/.packaging/debian/9/pre-test.sh +++ /dev/null @@ -1 +0,0 @@ -luarocks install etcd --from=https://mah0x211.github.io/rocks/ diff --git a/modules/etcd/.packaging/debian/9/rundeps b/modules/etcd/.packaging/debian/9/rundeps deleted file mode 100644 index 02d3fcf5..00000000 --- a/modules/etcd/.packaging/debian/9/rundeps +++ /dev/null @@ -1,4 +0,0 @@ -libssl-dev -luarocks -git -make diff --git a/modules/etcd/.packaging/fedora/31/NOTSUPPORTED b/modules/etcd/.packaging/fedora/31/NOTSUPPORTED deleted file mode 100644 index b912289a..00000000 --- a/modules/etcd/.packaging/fedora/31/NOTSUPPORTED +++ /dev/null @@ -1,16 +0,0 @@ -Error installing etcd using luarocks: - - - -Missing dependencies for process 1.9.0-1: - luarocks-fetch-gitrec >= 0.2 (not installed) - -process 1.9.0-1 depends on luarocks-fetch-gitrec >= 0.2 (not installed) -Installing https://luarocks.org/luarocks-fetch-gitrec-0.2-1.src.rock - -No existing manifest. Attempting to rebuild... -luarocks-fetch-gitrec 0.2-1 is now installed in /root/.luarocks (license: MIT) - - -Error: Unknown protocol gitrec - diff --git a/modules/etcd/.packaging/fedora/32/NOTSUPPORTED b/modules/etcd/.packaging/fedora/32/NOTSUPPORTED deleted file mode 100644 index b912289a..00000000 --- a/modules/etcd/.packaging/fedora/32/NOTSUPPORTED +++ /dev/null @@ -1,16 +0,0 @@ -Error installing etcd using luarocks: - - - -Missing dependencies for process 1.9.0-1: - luarocks-fetch-gitrec >= 0.2 (not installed) - -process 1.9.0-1 depends on luarocks-fetch-gitrec >= 0.2 (not installed) -Installing https://luarocks.org/luarocks-fetch-gitrec-0.2-1.src.rock - -No existing manifest. Attempting to rebuild... -luarocks-fetch-gitrec 0.2-1 is now installed in /root/.luarocks (license: MIT) - - -Error: Unknown protocol gitrec - diff --git a/modules/etcd/.packaging/leap/15.2/pre-test.sh b/modules/etcd/.packaging/leap/15.2/pre-test.sh deleted file mode 100755 index 20073dc8..00000000 --- a/modules/etcd/.packaging/leap/15.2/pre-test.sh +++ /dev/null @@ -1 +0,0 @@ -luarocks --lua-version 5.1 install etcd --from=https://mah0x211.github.io/rocks/ diff --git a/modules/etcd/.packaging/leap/15.2/rundeps b/modules/etcd/.packaging/leap/15.2/rundeps deleted file mode 100644 index e8df59ba..00000000 --- a/modules/etcd/.packaging/leap/15.2/rundeps +++ /dev/null @@ -1,6 +0,0 @@ -libopenssl-devel -lua51-devel -lua51-luarocks -git -gcc -make diff --git a/modules/etcd/.packaging/test.config b/modules/etcd/.packaging/test.config deleted file mode 100644 index 1cc7e5aa..00000000 --- a/modules/etcd/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('etcd') -assert(etcd) -quit() diff --git a/modules/etcd/.packaging/ubuntu/16.04/pre-test.sh b/modules/etcd/.packaging/ubuntu/16.04/pre-test.sh deleted file mode 100755 index 4df79d99..00000000 --- a/modules/etcd/.packaging/ubuntu/16.04/pre-test.sh +++ /dev/null @@ -1 +0,0 @@ -luarocks install etcd --from=https://mah0x211.github.io/rocks/ diff --git a/modules/etcd/.packaging/ubuntu/16.04/rundeps b/modules/etcd/.packaging/ubuntu/16.04/rundeps deleted file mode 100644 index a355a9f8..00000000 --- a/modules/etcd/.packaging/ubuntu/16.04/rundeps +++ /dev/null @@ -1,3 +0,0 @@ -libssl-dev -luarocks -git diff --git a/modules/etcd/.packaging/ubuntu/18.04/pre-test.sh b/modules/etcd/.packaging/ubuntu/18.04/pre-test.sh deleted file mode 100755 index 4df79d99..00000000 --- a/modules/etcd/.packaging/ubuntu/18.04/pre-test.sh +++ /dev/null @@ -1 +0,0 @@ -luarocks install etcd --from=https://mah0x211.github.io/rocks/ diff --git a/modules/etcd/.packaging/ubuntu/18.04/rundeps b/modules/etcd/.packaging/ubuntu/18.04/rundeps deleted file mode 100644 index a355a9f8..00000000 --- a/modules/etcd/.packaging/ubuntu/18.04/rundeps +++ /dev/null @@ -1,3 +0,0 @@ -libssl-dev -luarocks -git diff --git a/modules/etcd/.packaging/ubuntu/20.04/pre-test.sh b/modules/etcd/.packaging/ubuntu/20.04/pre-test.sh deleted file mode 100755 index 20073dc8..00000000 --- a/modules/etcd/.packaging/ubuntu/20.04/pre-test.sh +++ /dev/null @@ -1 +0,0 @@ -luarocks --lua-version 5.1 install etcd --from=https://mah0x211.github.io/rocks/ diff --git a/modules/etcd/.packaging/ubuntu/20.04/rundeps b/modules/etcd/.packaging/ubuntu/20.04/rundeps deleted file mode 100644 index 02d3fcf5..00000000 --- a/modules/etcd/.packaging/ubuntu/20.04/rundeps +++ /dev/null @@ -1,4 +0,0 @@ -libssl-dev -luarocks -git -make diff --git a/modules/experimental_dot_auth/.packaging/centos/7/rundeps b/modules/experimental_dot_auth/.packaging/centos/7/rundeps deleted file mode 100644 index 36b83e18..00000000 --- a/modules/experimental_dot_auth/.packaging/centos/7/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-basexx diff --git a/modules/experimental_dot_auth/.packaging/centos/8/rundeps b/modules/experimental_dot_auth/.packaging/centos/8/rundeps deleted file mode 100644 index 984c7cec..00000000 --- a/modules/experimental_dot_auth/.packaging/centos/8/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua5.1-basexx diff --git a/modules/experimental_dot_auth/.packaging/debian/10/rundeps b/modules/experimental_dot_auth/.packaging/debian/10/rundeps deleted file mode 100644 index 36b83e18..00000000 --- a/modules/experimental_dot_auth/.packaging/debian/10/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-basexx diff --git a/modules/experimental_dot_auth/.packaging/debian/9/rundeps b/modules/experimental_dot_auth/.packaging/debian/9/rundeps deleted file mode 100644 index 36b83e18..00000000 --- a/modules/experimental_dot_auth/.packaging/debian/9/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-basexx diff --git a/modules/experimental_dot_auth/.packaging/fedora/31/rundeps b/modules/experimental_dot_auth/.packaging/fedora/31/rundeps deleted file mode 100644 index 984c7cec..00000000 --- a/modules/experimental_dot_auth/.packaging/fedora/31/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua5.1-basexx diff --git a/modules/experimental_dot_auth/.packaging/fedora/32/rundeps b/modules/experimental_dot_auth/.packaging/fedora/32/rundeps deleted file mode 100644 index 984c7cec..00000000 --- a/modules/experimental_dot_auth/.packaging/fedora/32/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua5.1-basexx diff --git a/modules/experimental_dot_auth/.packaging/leap/15.2/NOTSUPPORTED b/modules/experimental_dot_auth/.packaging/leap/15.2/NOTSUPPORTED deleted file mode 100644 index 682eff05..00000000 --- a/modules/experimental_dot_auth/.packaging/leap/15.2/NOTSUPPORTED +++ /dev/null @@ -1,6 +0,0 @@ - -ERROR:test_packaging:Installing https://luarocks.org/basexx-0.4.1-1.rockspec -Error: Failed extracting v0.4.1.tar.gz - -Doesn't works on GitLab CI/CD, but works on localhost. -gzip and tar packages are installed, all packages has same version as packages on localhost's docker container. diff --git a/modules/experimental_dot_auth/.packaging/leap/15.2/pre-test.sh b/modules/experimental_dot_auth/.packaging/leap/15.2/pre-test.sh deleted file mode 100755 index df5d7845..00000000 --- a/modules/experimental_dot_auth/.packaging/leap/15.2/pre-test.sh +++ /dev/null @@ -1 +0,0 @@ -luarocks --lua-version 5.1 install basexx --from=https://mah0x211.github.io/rocks/ diff --git a/modules/experimental_dot_auth/.packaging/leap/15.2/rundeps b/modules/experimental_dot_auth/.packaging/leap/15.2/rundeps deleted file mode 100644 index 9e636d84..00000000 --- a/modules/experimental_dot_auth/.packaging/leap/15.2/rundeps +++ /dev/null @@ -1,4 +0,0 @@ -lua51-luarocks -git -tar -gzip diff --git a/modules/experimental_dot_auth/.packaging/test.config b/modules/experimental_dot_auth/.packaging/test.config deleted file mode 100644 index 39e9aed8..00000000 --- a/modules/experimental_dot_auth/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('experimental_dot_auth') -assert(experimental_dot_auth) -quit() diff --git a/modules/experimental_dot_auth/.packaging/ubuntu/16.04/NOTSUPPORTED b/modules/experimental_dot_auth/.packaging/ubuntu/16.04/NOTSUPPORTED deleted file mode 100644 index e69de29b..00000000 --- a/modules/experimental_dot_auth/.packaging/ubuntu/16.04/NOTSUPPORTED +++ /dev/null diff --git a/modules/experimental_dot_auth/.packaging/ubuntu/18.04/rundeps b/modules/experimental_dot_auth/.packaging/ubuntu/18.04/rundeps deleted file mode 100644 index 36b83e18..00000000 --- a/modules/experimental_dot_auth/.packaging/ubuntu/18.04/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-basexx diff --git a/modules/experimental_dot_auth/.packaging/ubuntu/20.04/rundeps b/modules/experimental_dot_auth/.packaging/ubuntu/20.04/rundeps deleted file mode 100644 index 36b83e18..00000000 --- a/modules/experimental_dot_auth/.packaging/ubuntu/20.04/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-basexx diff --git a/modules/graphite/.packaging/centos/7/rundeps b/modules/graphite/.packaging/centos/7/rundeps deleted file mode 100644 index 3da806bd..00000000 --- a/modules/graphite/.packaging/centos/7/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-cqueues diff --git a/modules/graphite/.packaging/centos/8/rundeps b/modules/graphite/.packaging/centos/8/rundeps deleted file mode 100644 index 182251d9..00000000 --- a/modules/graphite/.packaging/centos/8/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua5.1-cqueues diff --git a/modules/graphite/.packaging/debian/10/rundeps b/modules/graphite/.packaging/debian/10/rundeps deleted file mode 100644 index 3da806bd..00000000 --- a/modules/graphite/.packaging/debian/10/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-cqueues diff --git a/modules/graphite/.packaging/debian/9/rundeps b/modules/graphite/.packaging/debian/9/rundeps deleted file mode 100644 index 3da806bd..00000000 --- a/modules/graphite/.packaging/debian/9/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-cqueues diff --git a/modules/graphite/.packaging/fedora/31/rundeps b/modules/graphite/.packaging/fedora/31/rundeps deleted file mode 100644 index 182251d9..00000000 --- a/modules/graphite/.packaging/fedora/31/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua5.1-cqueues diff --git a/modules/graphite/.packaging/fedora/32/rundeps b/modules/graphite/.packaging/fedora/32/rundeps deleted file mode 100644 index 182251d9..00000000 --- a/modules/graphite/.packaging/fedora/32/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua5.1-cqueues diff --git a/modules/graphite/.packaging/leap/15.2/NOTSUPPORTED b/modules/graphite/.packaging/leap/15.2/NOTSUPPORTED deleted file mode 100644 index b1ae77d0..00000000 --- a/modules/graphite/.packaging/leap/15.2/NOTSUPPORTED +++ /dev/null @@ -1,6 +0,0 @@ - -ERROR:test_packaging:Installing https://luarocks.org/cqueues-20190813.51-0.src.rock -164 Error: Failed extracting rel-20190813.tar.gz - -Doesn't works on GitLab CI/CD, but works on localhost. -gzip and tar packages are installed, all packages has same version as packages on localhost's docker container. diff --git a/modules/graphite/.packaging/leap/15.2/pre-test.sh b/modules/graphite/.packaging/leap/15.2/pre-test.sh deleted file mode 100755 index 9614066a..00000000 --- a/modules/graphite/.packaging/leap/15.2/pre-test.sh +++ /dev/null @@ -1 +0,0 @@ -luarocks --lua-version 5.1 install cqueues --from=https://mah0x211.github.io/rocks/ diff --git a/modules/graphite/.packaging/leap/15.2/rundeps b/modules/graphite/.packaging/leap/15.2/rundeps deleted file mode 100644 index 83238871..00000000 --- a/modules/graphite/.packaging/leap/15.2/rundeps +++ /dev/null @@ -1,6 +0,0 @@ -libopenssl-devel -lua51-luarocks -git -tar -gzip -m4 diff --git a/modules/graphite/.packaging/test.config b/modules/graphite/.packaging/test.config deleted file mode 100644 index c23033b1..00000000 --- a/modules/graphite/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('graphite') -assert(graphite) -quit() diff --git a/modules/graphite/.packaging/ubuntu/16.04/rundeps b/modules/graphite/.packaging/ubuntu/16.04/rundeps deleted file mode 100644 index 3da806bd..00000000 --- a/modules/graphite/.packaging/ubuntu/16.04/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-cqueues diff --git a/modules/graphite/.packaging/ubuntu/18.04/rundeps b/modules/graphite/.packaging/ubuntu/18.04/rundeps deleted file mode 100644 index 3da806bd..00000000 --- a/modules/graphite/.packaging/ubuntu/18.04/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-cqueues diff --git a/modules/graphite/.packaging/ubuntu/20.04/rundeps b/modules/graphite/.packaging/ubuntu/20.04/rundeps deleted file mode 100644 index 3da806bd..00000000 --- a/modules/graphite/.packaging/ubuntu/20.04/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-cqueues diff --git a/modules/hints/.packaging/test.config b/modules/hints/.packaging/test.config deleted file mode 100644 index d89c7f0c..00000000 --- a/modules/hints/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('hints') -assert(hints) -quit() diff --git a/modules/hints/README.rst b/modules/hints/README.rst index c2deb5a9..7d775188 100644 --- a/modules/hints/README.rst +++ b/modules/hints/README.rst @@ -136,6 +136,8 @@ Properties If set to true (the default), NODATA will be synthesised for matching hint name, but mismatching type (e.g. AAAA query when only A hint exists). + The setting is (now) per-entry, so you want to set it before any address-name pairs. + .. function:: hints.ttl([new_ttl]) :param int new_ttl: new TTL to set (optional) @@ -143,3 +145,5 @@ Properties This function allows to read and write the TTL value used for records generated by the hints module. + The setting is (now) per-entry, so you want to set it before any address-name pairs. + diff --git a/modules/hints/hints.c b/modules/hints/hints.c index a3f2f300..eaefaae4 100644 --- a/modules/hints/hints.c +++ b/modules/hints/hints.c @@ -20,6 +20,7 @@ #include "lib/zonecut.h" #include "lib/module.h" #include "lib/layer.h" +#include "lib/rules/api.h" #include <inttypes.h> #include <math.h> @@ -29,12 +30,9 @@ #define ERR_MSG(...) kr_log_error(HINT, "[ ]" __VA_ARGS__) struct hints_data { - struct kr_zonecut hints; - struct kr_zonecut reverse_hints; bool use_nodata; /**< See hint_use_nodata() description, exposed via lua. */ uint32_t ttl; /**< TTL used for the hints, exposed via lua. */ }; -static const uint32_t HINTS_TTL_DEFAULT = 5; /** Useful for returning from module properties. */ static char * bool2jsonstr(bool val) @@ -45,134 +43,6 @@ static char * bool2jsonstr(bool val) return result; } -static int put_answer(knot_pkt_t *pkt, struct kr_query *qry, knot_rrset_t *rr, bool use_nodata) -{ - int ret = 0; - if (!knot_rrset_empty(rr) || use_nodata) { - /* Update packet question */ - if (!knot_dname_is_equal(knot_pkt_qname(pkt), rr->owner)) { - kr_pkt_recycle(pkt); - knot_pkt_put_question(pkt, qry->sname, qry->sclass, qry->stype); - } - if (!knot_rrset_empty(rr)) { - /* Append to packet */ - ret = knot_pkt_put_rotate(pkt, KNOT_COMPR_HINT_QNAME, rr, - qry->reorder, KNOT_PF_FREE); - } else { - /* Return empty answer if name exists, but type doesn't match */ - knot_wire_set_aa(pkt->wire); - } - } else { - ret = kr_error(ENOENT); - } - /* Clear RR if failed */ - if (ret != 0) { - knot_rrset_clear(rr, &pkt->mm); - } - return ret; -} - -static int satisfy_reverse(/*const*/ struct hints_data *data, - knot_pkt_t *pkt, struct kr_query *qry) -{ - /* Find a matching name */ - pack_t *addr_set = kr_zonecut_find(&data->reverse_hints, qry->sname); - if (!addr_set || addr_set->len == 0) { - return kr_error(ENOENT); - } - knot_dname_t *qname = knot_dname_copy(qry->sname, &pkt->mm); - knot_rrset_t rr; - knot_rrset_init(&rr, qname, KNOT_RRTYPE_PTR, KNOT_CLASS_IN, data->ttl); - - /* Append address records from hints */ - uint8_t *addr = pack_last(*addr_set); - if (addr != NULL) { - size_t len = pack_obj_len(addr); - void *addr_val = pack_obj_val(addr); - knot_rrset_add_rdata(&rr, addr_val, len, &pkt->mm); - } - - return put_answer(pkt, qry, &rr, data->use_nodata); -} - -static int satisfy_forward(/*const*/ struct hints_data *data, - knot_pkt_t *pkt, struct kr_query *qry) -{ - /* Find a matching name */ - pack_t *addr_set = kr_zonecut_find(&data->hints, qry->sname); - if (!addr_set || addr_set->len == 0) { - return kr_error(ENOENT); - } - knot_dname_t *qname = knot_dname_copy(qry->sname, &pkt->mm); - knot_rrset_t rr; - knot_rrset_init(&rr, qname, qry->stype, qry->sclass, data->ttl); - - size_t family_len; - switch (rr.type) { - case KNOT_RRTYPE_A: - family_len = sizeof(struct in_addr); - break; - case KNOT_RRTYPE_AAAA: - family_len = sizeof(struct in6_addr); - break; - default: - goto finish; - }; - - /* Append address records from hints */ - uint8_t *addr = pack_head(*addr_set); - while (addr != pack_tail(*addr_set)) { - size_t len = pack_obj_len(addr); - void *addr_val = pack_obj_val(addr); - if (len == family_len) { - knot_rrset_add_rdata(&rr, addr_val, len, &pkt->mm); - } - addr = pack_obj_next(addr); - } -finish: - return put_answer(pkt, qry, &rr, data->use_nodata); -} - -static int query(kr_layer_t *ctx, knot_pkt_t *pkt) -{ - struct kr_query *qry = ctx->req->current_query; - if (!qry || (ctx->state & KR_STATE_FAIL)) { - return ctx->state; - } - - struct kr_module *module = ctx->api->data; - struct hints_data *data = module->data; - if (!data) { /* No valid file. */ - return ctx->state; - } - /* We can optimize for early return like this: */ - if (!data->use_nodata && qry->stype != KNOT_RRTYPE_A - && qry->stype != KNOT_RRTYPE_AAAA && qry->stype != KNOT_RRTYPE_PTR) { - return ctx->state; - } - /* FIXME: putting directly into packet breaks ordering in case the hint - * is applied after a CNAME jump. */ - const bool is_rev = - knot_dname_in_bailiwick(qry->sname, (const uint8_t *)"\4arpa\0") > 0 && - (knot_dname_in_bailiwick(qry->sname, (const uint8_t *)"\7in-addr\4arpa\0") > 0 - || knot_dname_in_bailiwick(qry->sname, (const uint8_t *)"\3ip6\4arpa\0") > 0); - if (is_rev) { - if (satisfy_reverse(data, pkt, qry) != 0) - return ctx->state; - } else { - if (satisfy_forward(data, pkt, qry) != 0) - return ctx->state; - } - - VERBOSE_MSG(qry, "<= answered from hints\n"); - qry->flags.DNSSEC_WANT = false; /* Never authenticated */ - qry->flags.CACHED = true; - qry->flags.NO_MINIMIZE = true; - pkt->parsed = pkt->size; - knot_wire_set_qr(pkt->wire); - return KR_STATE_DONE; -} - static int parse_addr_str(union kr_sockaddr *sa, const char *addr) { int family = strchr(addr, ':') ? AF_INET6 : AF_INET; @@ -185,54 +55,7 @@ static int parse_addr_str(union kr_sockaddr *sa, const char *addr) return 0; } -/** @warning _NOT_ thread-safe; returns a pointer to static data! */ -static const knot_dname_t * raw_addr2reverse(const uint8_t *raw_addr, int family) -{ - #define REV_MAXLEN (4*16 + 16 /* the suffix, terminator, etc. */) - char reverse_addr[REV_MAXLEN]; - static knot_dname_t dname[REV_MAXLEN]; - #undef REV_MAXLEN - - if (family == AF_INET) { - snprintf(reverse_addr, sizeof(reverse_addr), - "%d.%d.%d.%d.in-addr.arpa.", - raw_addr[3], raw_addr[2], raw_addr[1], raw_addr[0]); - } else if (family == AF_INET6) { - char *ra_it = reverse_addr; - for (int i = 15; i >= 0; --i) { - ssize_t free_space = reverse_addr + sizeof(reverse_addr) - ra_it; - int written = snprintf(ra_it, free_space, "%x.%x.", - raw_addr[i] & 0x0f, raw_addr[i] >> 4); - if (kr_fails_assert(written < free_space)) - return NULL; - ra_it += written; - } - ssize_t free_space = reverse_addr + sizeof(reverse_addr) - ra_it; - if (snprintf(ra_it, free_space, "ip6.arpa.") >= free_space) { - return NULL; - } - } else { - return NULL; - } - - if (!knot_dname_from_str(dname, reverse_addr, sizeof(dname))) { - return NULL; - } - return dname; -} - -static const knot_dname_t * addr2reverse(const char *addr) -{ - /* Parse address string */ - union kr_sockaddr ia; - if (parse_addr_str(&ia, addr) != 0) { - return NULL; - } - return raw_addr2reverse((const /*sign*/uint8_t *)kr_inaddr(&ia.ip), - kr_inaddr_family(&ia.ip)); -} - -static int add_pair(struct kr_zonecut *hints, const char *name, const char *addr) +static int add_pair_root(struct kr_zonecut *hints, const char *name, const char *addr) { /* Build key */ knot_dname_t key[KNOT_DNAME_MAXLEN]; @@ -245,149 +68,15 @@ static int add_pair(struct kr_zonecut *hints, const char *name, const char *addr if (parse_addr_str(&ia, addr) != 0) { return kr_error(EINVAL); } - return kr_zonecut_add(hints, key, kr_inaddr(&ia.ip), kr_inaddr_len(&ia.ip)); } -static int add_reverse_pair(struct kr_zonecut *hints, const char *name, const char *addr) -{ - const knot_dname_t *key = addr2reverse(addr); - - if (key == NULL) { - return kr_error(EINVAL); - } - - knot_dname_t ptr_name[KNOT_DNAME_MAXLEN]; - if (!knot_dname_from_str(ptr_name, name, sizeof(ptr_name))) { - return kr_error(EINVAL); - } - - return kr_zonecut_add(hints, key, ptr_name, knot_dname_size(ptr_name)); -} - -/** For a given name, remove either one address or all of them (if == NULL). - * - * Also remove the corresponding reverse records. - */ -static int del_pair(struct hints_data *data, const char *name, const char *addr) -{ - /* Build key */ - knot_dname_t key[KNOT_DNAME_MAXLEN]; - if (!knot_dname_from_str(key, name, sizeof(key))) { - return kr_error(EINVAL); - } - int key_len = knot_dname_size(key); - - if (addr) { - /* Remove the pair. */ - union kr_sockaddr ia; - if (parse_addr_str(&ia, addr) != 0) { - return kr_error(EINVAL); - } - - const knot_dname_t *reverse_key = addr2reverse(addr); - kr_zonecut_del(&data->reverse_hints, reverse_key, key, key_len); - return kr_zonecut_del(&data->hints, key, - kr_inaddr(&ia.ip), kr_inaddr_len(&ia.ip)); - } - /* We're removing everything for the name; - * first find the name's pack */ - pack_t *addr_set = kr_zonecut_find(&data->hints, key); - if (!addr_set || addr_set->len == 0) { - return kr_error(ENOENT); - } - - /* Remove address records in hints from reverse_hints. */ - - for (uint8_t *a = pack_head(*addr_set); a != pack_tail(*addr_set); - a = pack_obj_next(a)) { - void *addr_val = pack_obj_val(a); - int family = pack_obj_len(a) == kr_family_len(AF_INET) - ? AF_INET : AF_INET6; - const knot_dname_t *reverse_key = raw_addr2reverse(addr_val, family); - if (reverse_key != NULL) { - kr_zonecut_del(&data->reverse_hints, reverse_key, key, key_len); - } - } - - /* Remove the whole name. */ - return kr_zonecut_del_all(&data->hints, key); -} - -static int load_file(struct kr_module *module, const char *path) -{ - auto_fclose FILE *fp = fopen(path, "r"); - if (fp == NULL) { - ERR_MSG("reading '%s' failed: %s\n", path, strerror(errno)); - return kr_error(errno); - } else { - VERBOSE_MSG(NULL, "reading '%s'\n", path); - } - - /* Load file to map */ - struct hints_data *data = module->data; - size_t line_len_unused = 0; - size_t count = 0; - size_t line_count = 0; - auto_free char *line = NULL; - int ret = kr_ok(); - - while (getline(&line, &line_len_unused, fp) > 0) { - ++line_count; - /* Ingore #comments as described in man hosts.5 */ - char *comm = strchr(line, '#'); - if (comm) { - *comm = '\0'; - } - - char *saveptr = NULL; - const char *addr = strtok_r(line, " \t\n", &saveptr); - if (addr == NULL || strlen(addr) == 0) { - continue; - } - const char *canonical_name = strtok_r(NULL, " \t\n", &saveptr); - if (canonical_name == NULL) { - ret = -1; - goto error; - } - /* Since the last added PTR records takes preference, - * we add canonical name as the last one. */ - const char *name_tok; - while ((name_tok = strtok_r(NULL, " \t\n", &saveptr)) != NULL) { - ret = add_pair(&data->hints, name_tok, addr); - if (!ret) { - ret = add_reverse_pair(&data->reverse_hints, name_tok, addr); - } - if (ret) { - ret = -1; - goto error; - } - count += 1; - } - ret = add_pair(&data->hints, canonical_name, addr); - if (!ret) { - ret = add_reverse_pair(&data->reverse_hints, canonical_name, addr); - } - if (ret) { - ret = -1; - goto error; - } - count += 1; - } -error: - if (ret) { - ret = kr_error(ret); - ERR_MSG("%s:%zu: invalid syntax\n", path, line_count); - } - VERBOSE_MSG(NULL, "loaded %zu hints\n", count); - return ret; -} - static char* hint_add_hosts(void *env, struct kr_module *module, const char *args) { if (!args) args = "/etc/hosts"; - int err = load_file(module, args); + const struct hints_data *data = module->data; + int err = kr_rule_local_hosts(args, data->use_nodata, data->ttl, KR_RULE_TAGS_ALL); return bool2jsonstr(err == kr_ok()); } @@ -412,12 +101,8 @@ static char* hint_set(void *env, struct kr_module *module, const char *args) if (addr) { *addr = '\0'; ++addr; - ret = add_reverse_pair(&data->reverse_hints, args_copy, addr); - if (ret) { - del_pair(data, args_copy, addr); - } else { - ret = add_pair(&data->hints, args_copy, addr); - } + ret = kr_rule_local_address(args_copy, addr, + data->use_nodata, data->ttl, KR_RULE_TAGS_ALL); } return bool2jsonstr(ret == 0); @@ -438,7 +123,9 @@ static char* hint_del(void *env, struct kr_module *module, const char *args) *addr = '\0'; ++addr; } - ret = del_pair(data, args_copy, addr); + ret = kr_rule_local_address_del(args_copy, addr, data->use_nodata, KR_RULE_TAGS_ALL); + if (ret) + VERBOSE_MSG(NULL, "hints.del(%s) error: %s\n", args, kr_strerror(ret)); return bool2jsonstr(ret == 0); } @@ -461,7 +148,6 @@ static JsonNode *pack_addrs(pack_t *pack) return root; } -static char* pack_hints(struct kr_zonecut *hints); /** * Retrieve address hints, either for given name or for all names. * @@ -470,30 +156,7 @@ static char* pack_hints(struct kr_zonecut *hints); */ static char* hint_get(void *env, struct kr_module *module, const char *args) { - struct kr_zonecut *hints = &((struct hints_data *) module->data)->hints; - if (kr_fails_assert(hints)) - return NULL; - - if (!args) { - return pack_hints(hints); - } - - knot_dname_t key[KNOT_DNAME_MAXLEN]; - pack_t *pack = NULL; - if (knot_dname_from_str(key, args, sizeof(key))) { - pack = kr_zonecut_find(hints, key); - } - if (!pack || pack->len == 0) { - return NULL; - } - - char *result = NULL; - JsonNode *root = pack_addrs(pack); - if (root) { - result = json_encode(root); - json_delete(root); - } - return result; + return NULL; } /** @internal Pack all hints into serialized JSON. */ @@ -519,8 +182,12 @@ static void unpack_hint(struct kr_zonecut *root_hints, JsonNode *table, const ch JsonNode *node = NULL; json_foreach(node, table) { switch(node->tag) { - case JSON_STRING: add_pair(root_hints, name ? name : node->key, node->string_); break; - case JSON_ARRAY: unpack_hint(root_hints, node, name ? name : node->key); break; + case JSON_STRING: + add_pair_root(root_hints, name ? name : node->key, node->string_); + break; + case JSON_ARRAY: + unpack_hint(root_hints, node, name ? name : node->key); + break; default: continue; } } @@ -535,9 +202,7 @@ static void unpack_hint(struct kr_zonecut *root_hints, JsonNode *table, const ch */ static char* hint_root(void *env, struct kr_module *module, const char *args) { - struct engine *engine = env; - struct kr_context *ctx = &engine->resolver; - struct kr_zonecut *root_hints = &ctx->root_hints; + struct kr_zonecut *root_hints = &the_resolver->root_hints; /* Replace root hints if parameter is set */ if (args && args[0] != '\0') { JsonNode *root_node = json_decode(args); @@ -551,11 +216,9 @@ static char* hint_root(void *env, struct kr_module *module, const char *args) static char* hint_root_file(void *env, struct kr_module *module, const char *args) { - struct engine *engine = env; - struct kr_context *ctx = &engine->resolver; - const char *err_msg = engine_hint_root_file(ctx, args); + const char *err_msg = engine_hint_root_file(args); if (err_msg) { - luaL_error(engine->L, "error when opening '%s': %s", args, err_msg); + luaL_error(the_engine->L, "error when opening '%s': %s", args, err_msg); } return strdup(err_msg ? err_msg : ""); } @@ -605,14 +268,20 @@ static char* hint_ttl(void *env, struct kr_module *module, const char *args) KR_EXPORT int hints_init(struct kr_module *module) { - static kr_layer_api_t layer = { - .produce = &query, - }; + static kr_layer_api_t layer = { 0 }; /* Store module reference */ layer.data = module; module->layer = &layer; static const struct kr_prop props[] = { + /* TODO(decide): .del() used to work on individual RRs; + * now it deletes whole RRsets. Also, .get() doesn't work at all. + * + * We'll probably be deprecating access direct through these non-declarative + * commands (set, get, del) which are also usable dynamically. + * + * For .set() and .add_hosts() see the RW transaction note at kr_rule_local_data_merge() + */ { &hint_set, "set", "Set {name, address} hint.", }, { &hint_del, "del", "Delete one {name, address} hint or all addresses for the name.", }, { &hint_get, "get", "Retrieve hint for given name.", }, @@ -625,19 +294,11 @@ int hints_init(struct kr_module *module) }; module->props = props; - knot_mm_t *pool = mm_ctx_mempool2(MM_DEFAULT_BLKSIZE); - if (!pool) { - return kr_error(ENOMEM); - } - struct hints_data *data = mm_alloc(pool, sizeof(struct hints_data)); - if (!data) { - mp_delete(pool->ctx); + struct hints_data *data = malloc(sizeof(*data)); + if (!data) return kr_error(ENOMEM); - } - kr_zonecut_init(&data->hints, (const uint8_t *)(""), pool); - kr_zonecut_init(&data->reverse_hints, (const uint8_t *)(""), pool); data->use_nodata = true; - data->ttl = HINTS_TTL_DEFAULT; + data->ttl = KR_RULE_TTL_DEFAULT; module->data = data; return kr_ok(); @@ -647,13 +308,8 @@ int hints_init(struct kr_module *module) KR_EXPORT int hints_deinit(struct kr_module *module) { - struct hints_data *data = module->data; - if (data) { - kr_zonecut_deinit(&data->hints); - kr_zonecut_deinit(&data->reverse_hints); - mp_delete(data->hints.pool->ctx); - module->data = NULL; - } + free(module->data); + module->data = NULL; return kr_ok(); } @@ -671,7 +327,9 @@ int hints_config(struct kr_module *module, const char *conf) } if (conf && conf[0]) { - return load_file(module, conf); + const struct hints_data *data = module->data; + return kr_rule_local_hosts(conf, + data->use_nodata, data->ttl, KR_RULE_TAGS_ALL); } return kr_ok(); } diff --git a/modules/hints/tests/hints.test.lua b/modules/hints/tests/hints.test.lua index b62e502d..eda53c71 100644 --- a/modules/hints/tests/hints.test.lua +++ b/modules/hints/tests/hints.test.lua @@ -1,5 +1,6 @@ -- SPDX-License-Identifier: GPL-3.0-or-later local utils = require('test_utils') +local C = require('ffi').C -- setup resolver modules = { 'hints > iterate' } @@ -36,6 +37,9 @@ local function test_nxdomain() hints.config() -- clean start hints.use_nodata(false) hints.add_hosts('hints.test.hosts') + -- We commit manually, as in these tests we query before loading config finishes. + C.kr_rules_commit(true) + -- TODO: prefilling or some other way of getting NXDOMAIN (instead of SERVFAIL) utils.check_answer('bad name gives NXDOMAIN', 'badname.lan', kres.type.A, kres.rcode.SERVFAIL) @@ -50,6 +54,7 @@ local function test_nodata() hints.config() -- clean start hints.use_nodata(true) -- default ATM but let's not depend on that hints['myname.lan'] = '2001:db8::1' + C.kr_rules_commit(true) utils.check_answer('another type gives NODATA', 'myname.lan', kres.type.MX, utils.NODATA) utils.check_answer('record itself is OK', diff --git a/modules/http/.packaging/centos/7/rundeps b/modules/http/.packaging/centos/7/rundeps deleted file mode 100644 index c557cb28..00000000 --- a/modules/http/.packaging/centos/7/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-http diff --git a/modules/http/.packaging/centos/8/rundeps b/modules/http/.packaging/centos/8/rundeps deleted file mode 100644 index ed5aee15..00000000 --- a/modules/http/.packaging/centos/8/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua5.1-http diff --git a/modules/http/.packaging/debian/10/rundeps b/modules/http/.packaging/debian/10/rundeps deleted file mode 100644 index c557cb28..00000000 --- a/modules/http/.packaging/debian/10/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-http diff --git a/modules/http/.packaging/debian/9/rundeps b/modules/http/.packaging/debian/9/rundeps deleted file mode 100644 index c557cb28..00000000 --- a/modules/http/.packaging/debian/9/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-http diff --git a/modules/http/.packaging/fedora/31/rundeps b/modules/http/.packaging/fedora/31/rundeps deleted file mode 100644 index ed5aee15..00000000 --- a/modules/http/.packaging/fedora/31/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua5.1-http diff --git a/modules/http/.packaging/fedora/32/rundeps b/modules/http/.packaging/fedora/32/rundeps deleted file mode 100644 index ed5aee15..00000000 --- a/modules/http/.packaging/fedora/32/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua5.1-http diff --git a/modules/http/.packaging/leap/15.2/NOTSUPPORTED b/modules/http/.packaging/leap/15.2/NOTSUPPORTED deleted file mode 100644 index bb50260c..00000000 --- a/modules/http/.packaging/leap/15.2/NOTSUPPORTED +++ /dev/null @@ -1,5 +0,0 @@ - -https://github.com/wahern/luaossl/issues/175 - - -Doesn't work with libopenssl-devel 1.1.0i-lp151.1.1 diff --git a/modules/http/.packaging/leap/15.2/pre-test.sh b/modules/http/.packaging/leap/15.2/pre-test.sh deleted file mode 100755 index bb1e1311..00000000 --- a/modules/http/.packaging/leap/15.2/pre-test.sh +++ /dev/null @@ -1 +0,0 @@ -luarocks --lua-version 5.1 install http --from=https://mah0x211.github.io/rocks/ diff --git a/modules/http/.packaging/leap/15.2/rundeps b/modules/http/.packaging/leap/15.2/rundeps deleted file mode 100644 index ab051889..00000000 --- a/modules/http/.packaging/leap/15.2/rundeps +++ /dev/null @@ -1,7 +0,0 @@ -libopenssl-devel -lua51-devel -lua51-luarocks -git -tar -gzip -m4 diff --git a/modules/http/.packaging/test.config b/modules/http/.packaging/test.config deleted file mode 100644 index cb5e5dd5..00000000 --- a/modules/http/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('http') -assert(http) -quit() diff --git a/modules/http/.packaging/ubuntu/16.04/NOTSUPPORTED b/modules/http/.packaging/ubuntu/16.04/NOTSUPPORTED deleted file mode 100644 index e69de29b..00000000 --- a/modules/http/.packaging/ubuntu/16.04/NOTSUPPORTED +++ /dev/null diff --git a/modules/http/.packaging/ubuntu/18.04/rundeps b/modules/http/.packaging/ubuntu/18.04/rundeps deleted file mode 100644 index c557cb28..00000000 --- a/modules/http/.packaging/ubuntu/18.04/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-http diff --git a/modules/http/.packaging/ubuntu/20.04/rundeps b/modules/http/.packaging/ubuntu/20.04/rundeps deleted file mode 100644 index c557cb28..00000000 --- a/modules/http/.packaging/ubuntu/20.04/rundeps +++ /dev/null @@ -1 +0,0 @@ -lua-http diff --git a/modules/http/README.rst b/modules/http/README.rst index 6d8a075c..461e9a17 100644 --- a/modules/http/README.rst +++ b/modules/http/README.rst @@ -30,7 +30,7 @@ and unlimited number of "used-defined kinds" can be added in configuration. Each network address and port combination can be configured to expose one kind of endpoint. This is done using the same mechanisms as network configuration for plain DNS and DNS-over-TLS, -see chapter :ref:`network-configuration` for more details. +see chapter :ref:`config-lua-network` for more details. .. warning:: Management endpoint (``webmgmt``) must not be directly exposed to untrusted parties. Use `reverse-proxy`_ like Apache_ @@ -47,7 +47,7 @@ Example configuration This section shows how to configure HTTP module itself. For information how to configure HTTP server's IP addresses and ports please see chapter -:ref:`network-configuration`. +:ref:`config-lua-network`. .. code-block:: lua diff --git a/modules/http/prometheus.lua b/modules/http/prometheus.lua index 3218552f..3164e9d5 100644 --- a/modules/http/prometheus.lua +++ b/modules/http/prometheus.lua @@ -15,8 +15,12 @@ local function merge(t, results, prefix) for _, result in pairs(results) do if type(result) == 'table' then for k, v in pairs(result) do - local val = t[prefix..k] - t[prefix..k] = (val or 0) + v + if type(result) == 'table' then + merge(t, result, prefix..k..'.') + else + local val = t[prefix..k] + t[prefix..k] = (val or 0) + v + end end end end diff --git a/modules/meson.build b/modules/meson.build index 48bd4781..5ffe95f8 100644 --- a/modules/meson.build +++ b/modules/meson.build @@ -7,6 +7,7 @@ lua_mod_src = [ # add lua modules without separate meson.build files('dns64/dns64.lua'), files('etcd/etcd.lua'), files('graphite/graphite.lua'), + files('prefetch/prefetch.lua'), files('predict/predict.lua'), files('prefill/prefill.lua'), files('priming/priming.lua'), diff --git a/modules/nsid/.packaging/test.config b/modules/nsid/.packaging/test.config deleted file mode 100644 index de54cceb..00000000 --- a/modules/nsid/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('nsid') -assert(nsid) -quit() diff --git a/modules/nsid/nsid.c b/modules/nsid/nsid.c index a67dcdb5..a106d17d 100644 --- a/modules/nsid/nsid.c +++ b/modules/nsid/nsid.c @@ -59,13 +59,12 @@ static int nsid_finalize(kr_layer_t *ctx) { static char* nsid_name(void *env, struct kr_module *module, const char *args) { - struct engine *engine = env; struct nsid_config *config = module->data; if (args) { /* set */ /* API is not binary safe, we need to fix this one day */ uint8_t *arg_copy = (uint8_t *)strdup(args); if (arg_copy == NULL) - luaL_error(engine->L, "[nsid] error while allocating new NSID value\n"); + luaL_error(the_engine->L, "[nsid] error while allocating new NSID value\n"); free(config->local_nsid); config->local_nsid = arg_copy; config->local_nsid_len = strlen(args); diff --git a/modules/policy/.packaging/test.config b/modules/policy/.packaging/test.config deleted file mode 100644 index 60c9ddc0..00000000 --- a/modules/policy/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('policy') -assert(policy) -quit() diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua index 47e436f0..60b03478 100644 --- a/modules/policy/policy.lua +++ b/modules/policy/policy.lua @@ -5,8 +5,6 @@ local ffi = require('ffi') local LOG_GRP_POLICY_TAG = ffi.string(ffi.C.kr_log_grp2name(ffi.C.LOG_GRP_POLICY)) local LOG_GRP_REQDBG_TAG = ffi.string(ffi.C.kr_log_grp2name(ffi.C.LOG_GRP_REQDBG)) -local todname = kres.str2dname -- not available during module load otherwise - -- Counter of unique rules local nextid = 0 local function getruleid() @@ -71,7 +69,8 @@ end -- policy functions are defined below local policy = {} -function policy.PASS(state, _) +function policy.PASS(state, req) + policy.FLAGS('PASSTHRU_LEGACY')(state, req) return state end @@ -269,91 +268,6 @@ function policy.ANSWER(rtable, nodata) end end -local dname_localhost = todname('localhost.') - --- Rule for localhost. zone; see RFC6303, sec. 3 -local function localhost(_, req) - local qry = req:current() - local answer = req:ensure_answer() - if answer == nil then return nil end - ffi.C.kr_pkt_make_auth_header(answer) - - local is_exact = ffi.C.knot_dname_is_equal(qry.sname, dname_localhost) - - answer:rcode(kres.rcode.NOERROR) - answer:begin(kres.section.ANSWER) - if qry.stype == kres.type.AAAA then - answer:put(qry.sname, 900, answer:qclass(), kres.type.AAAA, - '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1') - elseif qry.stype == kres.type.A then - answer:put(qry.sname, 900, answer:qclass(), kres.type.A, '\127\0\0\1') - elseif is_exact and qry.stype == kres.type.SOA then - mkauth_soa(answer, dname_localhost) - elseif is_exact and qry.stype == kres.type.NS then - answer:put(dname_localhost, 900, answer:qclass(), kres.type.NS, dname_localhost) - else - answer:begin(kres.section.AUTHORITY) - mkauth_soa(answer, dname_localhost) - end - return kres.DONE -end - -local dname_rev4_localhost = todname('1.0.0.127.in-addr.arpa'); -local dname_rev4_localhost_apex = todname('127.in-addr.arpa'); - --- Rule for reverse localhost. --- Answer with locally served minimal 127.in-addr.arpa domain, only having --- a PTR record in 1.0.0.127.in-addr.arpa, and with 1.0...0.ip6.arpa. zone. --- TODO: much of this would better be left to the hints module (or coordinated). -local function localhost_reversed(_, req) - local qry = req:current() - local answer = req:ensure_answer() - if answer == nil then return nil end - - -- classify qry.sname: - local is_exact -- exact dname for localhost - local is_apex -- apex of a locally-served localhost zone - local is_nonterm -- empty non-terminal name - if ffi.C.knot_dname_in_bailiwick(qry.sname, todname('ip6.arpa.')) > 0 then - -- exact ::1 query (relying on the calling rule) - is_exact = true - is_apex = true - else - -- within 127.in-addr.arpa. - local labels = ffi.C.knot_dname_labels(qry.sname, nil) - if labels == 3 then - is_exact = false - is_apex = true - elseif labels == 4+2 and ffi.C.knot_dname_is_equal( - qry.sname, dname_rev4_localhost) then - is_exact = true - else - is_exact = false - is_apex = false - is_nonterm = ffi.C.knot_dname_in_bailiwick(dname_rev4_localhost, qry.sname) > 0 - end - end - - ffi.C.kr_pkt_make_auth_header(answer) - answer:rcode(kres.rcode.NOERROR) - answer:begin(kres.section.ANSWER) - if is_exact and qry.stype == kres.type.PTR then - answer:put(qry.sname, 900, answer:qclass(), kres.type.PTR, dname_localhost) - elseif is_apex and qry.stype == kres.type.SOA then - mkauth_soa(answer, dname_rev4_localhost_apex, dname_localhost) - elseif is_apex and qry.stype == kres.type.NS then - answer:put(dname_rev4_localhost_apex, 900, answer:qclass(), kres.type.NS, - dname_localhost) - else - if not is_nonterm then - answer:rcode(kres.rcode.NXDOMAIN) - end - answer:begin(kres.section.AUTHORITY) - mkauth_soa(answer, dname_rev4_localhost_apex, dname_localhost) - end - return kres.DONE -end - -- All requests function policy.all(action) return function(_, _) return action end @@ -916,172 +830,98 @@ function policy.todnames(names) return names end --- RFC1918 Private, local, broadcast, test and special zones --- Considerations: RFC6761, sec 6.1. --- https://www.iana.org/assignments/locally-served-dns-zones -local private_zones = { - -- RFC6303 - '10.in-addr.arpa.', - '16.172.in-addr.arpa.', - '17.172.in-addr.arpa.', - '18.172.in-addr.arpa.', - '19.172.in-addr.arpa.', - '20.172.in-addr.arpa.', - '21.172.in-addr.arpa.', - '22.172.in-addr.arpa.', - '23.172.in-addr.arpa.', - '24.172.in-addr.arpa.', - '25.172.in-addr.arpa.', - '26.172.in-addr.arpa.', - '27.172.in-addr.arpa.', - '28.172.in-addr.arpa.', - '29.172.in-addr.arpa.', - '30.172.in-addr.arpa.', - '31.172.in-addr.arpa.', - '168.192.in-addr.arpa.', - '0.in-addr.arpa.', - '254.169.in-addr.arpa.', - '2.0.192.in-addr.arpa.', - '100.51.198.in-addr.arpa.', - '113.0.203.in-addr.arpa.', - '255.255.255.255.in-addr.arpa.', - -- RFC7793 - '64.100.in-addr.arpa.', - '65.100.in-addr.arpa.', - '66.100.in-addr.arpa.', - '67.100.in-addr.arpa.', - '68.100.in-addr.arpa.', - '69.100.in-addr.arpa.', - '70.100.in-addr.arpa.', - '71.100.in-addr.arpa.', - '72.100.in-addr.arpa.', - '73.100.in-addr.arpa.', - '74.100.in-addr.arpa.', - '75.100.in-addr.arpa.', - '76.100.in-addr.arpa.', - '77.100.in-addr.arpa.', - '78.100.in-addr.arpa.', - '79.100.in-addr.arpa.', - '80.100.in-addr.arpa.', - '81.100.in-addr.arpa.', - '82.100.in-addr.arpa.', - '83.100.in-addr.arpa.', - '84.100.in-addr.arpa.', - '85.100.in-addr.arpa.', - '86.100.in-addr.arpa.', - '87.100.in-addr.arpa.', - '88.100.in-addr.arpa.', - '89.100.in-addr.arpa.', - '90.100.in-addr.arpa.', - '91.100.in-addr.arpa.', - '92.100.in-addr.arpa.', - '93.100.in-addr.arpa.', - '94.100.in-addr.arpa.', - '95.100.in-addr.arpa.', - '96.100.in-addr.arpa.', - '97.100.in-addr.arpa.', - '98.100.in-addr.arpa.', - '99.100.in-addr.arpa.', - '100.100.in-addr.arpa.', - '101.100.in-addr.arpa.', - '102.100.in-addr.arpa.', - '103.100.in-addr.arpa.', - '104.100.in-addr.arpa.', - '105.100.in-addr.arpa.', - '106.100.in-addr.arpa.', - '107.100.in-addr.arpa.', - '108.100.in-addr.arpa.', - '109.100.in-addr.arpa.', - '110.100.in-addr.arpa.', - '111.100.in-addr.arpa.', - '112.100.in-addr.arpa.', - '113.100.in-addr.arpa.', - '114.100.in-addr.arpa.', - '115.100.in-addr.arpa.', - '116.100.in-addr.arpa.', - '117.100.in-addr.arpa.', - '118.100.in-addr.arpa.', - '119.100.in-addr.arpa.', - '120.100.in-addr.arpa.', - '121.100.in-addr.arpa.', - '122.100.in-addr.arpa.', - '123.100.in-addr.arpa.', - '124.100.in-addr.arpa.', - '125.100.in-addr.arpa.', - '126.100.in-addr.arpa.', - '127.100.in-addr.arpa.', - - -- RFC6303 - -- localhost_reversed handles ::1 - '0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.', - 'd.f.ip6.arpa.', - '8.e.f.ip6.arpa.', - '9.e.f.ip6.arpa.', - 'a.e.f.ip6.arpa.', - 'b.e.f.ip6.arpa.', - '8.b.d.0.1.0.0.2.ip6.arpa.', - -- RFC8375 - 'home.arpa.', -} -policy.todnames(private_zones) - -- @var Default rules policy.rules = {} policy.postrules = {} -policy.special_names = { - -- XXX: beware of special_names_optim() when modifying these filters - { - cb=policy.suffix_common(policy.DENY_MSG( - 'Blocking is mandated by standards, see references on ' - .. 'https://www.iana.org/assignments/' - .. 'locally-served-dns-zones/locally-served-dns-zones.xhtml', - kres.extended_error.NOTSUP), - private_zones, todname('arpa.')), - count=0 - }, - { - cb=policy.suffix(policy.DENY_MSG( - 'Blocking is mandated by standards, see references on ' - .. 'https://www.iana.org/assignments/' - .. 'special-use-domain-names/special-use-domain-names.xhtml', - kres.extended_error.NOTSUP), + +-- This certainly isn't perfect, but it allows lua config like: +-- kr_view_insert_action('127.0.0.0/24', policy.TAGS_ASSIGN({'t01', 't02'})) +local kr_rule_tags_t = ffi.typeof('kr_rule_tags_t[1]') +function policy.get_tagset(names) + local result = ffi.new(kr_rule_tags_t, 0) + for _, name in pairs(names) do + if ffi.C.kr_rule_tag_add(name, result) ~= 0 then + error('converting tagset failed') + end + end + return result[0] -- it's atomic value fortunately +end +function policy.tags_assign_bitmap(bitmap) + return function (_, req) + req.rule_tags = bitmap + end +end +function policy.TAGS_ASSIGN(names) + local bitmap = policy.get_tagset(names) + return 'policy.tags_assign_bitmap(' .. tostring(bitmap) .. ')' +end + +-- Perform a list of actions sequentially; meant for kr_view_insert_action(). +function policy.COMBINE(list) + if #list == 1 then return list[1] end + local r = 'function(state,req) ' + for _, item in ipairs(list) do + r = r .. item .. '(state,req); ' + end + return r .. 'end' +end + +--[[ Insert a forwarding rule, i.e. override upstream for one DNS subtree. + +Throws lua exceptions when detecting something fishy. + +\param subtree plain string +\param options + .auth targets are authoritative (false by default = resolver) + .dnssec if overridden to false, don't validate DNSSEC locally + - for resolvers we still do *not* send CD=1 upstream, + i.e. we trust their DNSSEC validation. + - for auths this inserts a negative trust anchor + Beware that setting .set_insecure() *later* would override that. +\param targets same format as policy.TLS_FORWARD() except that `tls = true` + can be specified for each address (defaults to false) +--]] +function policy.rule_forward_add(subtree, options, targets) + local targets_2 = {} + for _, target in ipairs(targets) do + local port_default = 53 + if target.tls or false then + port_default = 853 + -- lots of code; easiest to just call it this way; checks and throws + -- The extra .tls field gets ignored. + policy.TLS_FORWARD({target}) + end + + -- this also throws on failure + local sock = addr2sock(target[1], port_default) + if options.auth then + local port = ffi.C.kr_inaddr_port(sock) + assert(not options.tls and port == port_default) + end + table.insert(targets_2, sock) + end + local targets_3 = ffi.new('const struct sockaddr * [?]', #targets_2 + 1, targets_2) + targets_3[#targets_2] = nil + + local subtree_dname = todname(subtree) + assert(ffi.C.kr_rule_forward(subtree_dname, { - todname('test.'), - todname('onion.'), - todname('invalid.'), - todname('local.'), -- RFC 8375.4 - }), - count=0 - }, - { - cb=policy.suffix(localhost, {dname_localhost}), - count=0 - }, - { - cb=policy.suffix_common(localhost_reversed, { - todname('127.in-addr.arpa.'), - todname('1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.')}, - todname('arpa.')), - count=0 - }, -} + is_nods = options.dnssec == false, + is_auth = options.auth, + }, + targets_3 + ) == 0) --- Return boolean; false = no special name may apply, true = some might apply. --- The point is to *efficiently* filter almost all QNAMEs that do not apply. -local function special_names_optim(req, sname) - local qname_size = req.qsource.packet.qname_size - if qname_size < 9 then return true end -- don't want to special-case bad array access - local root = sname + qname_size - 1 - return - -- .a???. or .t???. - (root[-5] == 4 and (root[-4] == 97 or root[-4] == 116)) - -- .on???. or .in?????. or lo???. or *ost. - or (root[-6] == 5 and root[-5] == 111 and root[-4] == 110) - or (root[-8] == 7 and root[-7] == 105 and root[-6] == 110) - or (root[-6] == 5 and root[-5] == 108 and root[-4] == 111) - or (root[-3] == 111 and root[-2] == 115 and root[-1] == 116) + -- Probably the best way to turn off DNSSEC validation for auth is negative TA. + if options.auth and options.dnssec == false then + local ntas = kres.context().negative_anchors + assert(ffi.C.kr_ta_add(ntas, subtree_dname, kres.type.DS, 0, nil, 0) == 0) + end end + +local view_action_buf = ffi.new('knot_db_val_t[1]') + -- Top-down policy list walk until we hit a match -- the caller is responsible for reordering policy list -- from most specific to least specific. @@ -1091,10 +931,14 @@ policy.layer = { begin = function(state, req) -- Don't act on "finished" cases. if bit.band(state, bit.bor(kres.FAIL, kres.DONE)) ~= 0 then return state end + + if ffi.C.kr_view_select_action(req, view_action_buf) == 0 then + local act_str = ffi.string(view_action_buf[0].data, view_action_buf[0].len) + return loadstring('return '..act_str)()(state, req) + end + local qry = req:initial() -- same as :current() but more descriptive return policy.evaluate(policy.rules, req, qry, state) - or (special_names_optim(req, qry.sname) - and policy.evaluate(policy.special_names, req, qry, state)) or state end, finish = function(state, req) diff --git a/modules/predict/.packaging/test.config b/modules/predict/.packaging/test.config deleted file mode 100644 index b8e706e3..00000000 --- a/modules/predict/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('predict') -assert(predict) -quit() diff --git a/modules/predict/README.rst b/modules/predict/README.rst index 966c4ca4..0bc85671 100644 --- a/modules/predict/README.rst +++ b/modules/predict/README.rst @@ -2,34 +2,19 @@ .. _mod-predict: -Prefetching records -=================== - -The ``predict`` module helps to keep the cache hot by prefetching records. -It can utilize two independent mechanisms to select the records which should be refreshed: -expiring records and prediction. - -Expiring records ----------------- - -This mechanism is always active when the predict module is loaded and it is not configurable. - -Any time the resolver answers with records that are about to expire, -they get refreshed. (see :c:func:`is_expiring`) -That improves latency for records which get frequently queried, relatively to their TTL. - Prediction ---------- -The predict module can also learn usage patterns and repetitive queries, +``predict`` is an experimental module that tries to help keep the cache hot by prefetching records using a prediction mechanism to select records which should be refreshed. + +The module can learn usage patterns and repetitive queries, though this mechanism is a prototype and **not recommended** for use in production or with high traffic. For example, if it makes a query every day at 18:00, the resolver expects that it is needed by that time and prefetches it ahead of time. This is helpful to minimize the perceived latency and keeps the cache hot. -You can disable prediction by configuring ``period = 0``. -Otherwise it will load the required :ref:`stats <mod-stats>` module if not present, +It will load the required :ref:`stats <mod-stats>` module if not present, and it will use its :func:`stats.frequent` table and clear it periodically. .. tip:: The tracking window and period length determine memory requirements. If you have a server with relatively fast query turnover, keep the period low (hour for start) and shorter tracking window (5 minutes). For personal slower resolver, keep the tracking window longer (i.e. 30 minutes) and period longer (a day), as the habitual queries occur daily. Experiment to get the best results. diff --git a/modules/predict/predict.lua b/modules/predict/predict.lua index 0117fd52..38fb7258 100644 --- a/modules/predict/predict.lua +++ b/modules/predict/predict.lua @@ -172,18 +172,4 @@ function predict.config(config) predict.init() end -predict.layer = { - -- Prefetch all expiring (sub-)queries immediately after the request finishes. - -- Doing that immediately is simplest and avoids creating (new) large bursts of activity. - finish = function (_, req) - local qrys = req.rplan.resolved - for i = 0, (tonumber(qrys.len) - 1) do -- size_t doesn't work for some reason - local qry = qrys.at[i] - if qry.flags.EXPIRING == true then - resolve(kres.dname2str(qry.sname), qry.stype, qry.sclass, {'NO_CACHE'}) - end - end - end -} - return predict diff --git a/modules/prefetch/README.rst b/modules/prefetch/README.rst new file mode 100644 index 00000000..4d5a5e3e --- /dev/null +++ b/modules/prefetch/README.rst @@ -0,0 +1,18 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _mod-prefetch: + +Expiring records +---------------- + +The ``prefetch`` module helps to keep the cache hot by prefetching expiring records. + +This mechanism is activated when the module is loaded and it is not configurable. + +.. code-block:: lua + + modules.load('prefetch') + + +Any time the resolver answers with records that are about to expire, they get refreshed. (see :c:func:`is_expiring`) +That improves latency for records which get frequently queried, relatively to their TTL. diff --git a/modules/prefetch/prefetch.lua b/modules/prefetch/prefetch.lua new file mode 100644 index 00000000..673cf3e5 --- /dev/null +++ b/modules/prefetch/prefetch.lua @@ -0,0 +1,21 @@ +-- SPDX-License-Identifier: GPL-3.0-or-later +-- Speculative prefetching for repetitive and soon-expiring records to reduce latency. +-- @module prefetch +local prefetch = {} + + +prefetch.layer = { + -- Prefetch all expiring (sub-)queries immediately after the request finishes. + -- Doing that immediately is simplest and avoids creating (new) large bursts of activity. + finish = function (_, req) + local qrys = req.rplan.resolved + for i = 0, (tonumber(qrys.len) - 1) do -- size_t doesn't work for some reason + local qry = qrys.at[i] + if qry.flags.EXPIRING == true then + resolve(kres.dname2str(qry.sname), qry.stype, qry.sclass, {'NO_CACHE'}) + end + end + end +} + +return prefetch diff --git a/modules/prefill/.packaging/test.config b/modules/prefill/.packaging/test.config deleted file mode 100644 index d0258b02..00000000 --- a/modules/prefill/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('prefill') -assert(prefill) -quit() diff --git a/modules/priming/.packaging/test.config b/modules/priming/.packaging/test.config deleted file mode 100644 index 63239f07..00000000 --- a/modules/priming/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('priming') -assert(priming) -quit() diff --git a/modules/rebinding/.packaging/test.config b/modules/rebinding/.packaging/test.config deleted file mode 100644 index 0a84b88b..00000000 --- a/modules/rebinding/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('rebinding') -assert(rebinding) -quit() diff --git a/modules/refuse_nord/.packaging/test.config b/modules/refuse_nord/.packaging/test.config deleted file mode 100644 index 8679e269..00000000 --- a/modules/refuse_nord/.packaging/test.config +++ /dev/null @@ -1,3 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -assert(modules.load('refuse_nord') == true) -quit() diff --git a/modules/renumber/.packaging/test.config b/modules/renumber/.packaging/test.config deleted file mode 100644 index 37f136ab..00000000 --- a/modules/renumber/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('renumber') -assert(renumber) -quit() diff --git a/modules/serve_stale/.packaging/test.config b/modules/serve_stale/.packaging/test.config deleted file mode 100644 index 362c4ec8..00000000 --- a/modules/serve_stale/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('serve_stale') -assert(serve_stale) -quit() diff --git a/modules/stats/.packaging/test.config b/modules/stats/.packaging/test.config deleted file mode 100644 index fd25460d..00000000 --- a/modules/stats/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('stats') -assert(stats) -quit() diff --git a/modules/stats/README.rst b/modules/stats/README.rst index 7d423aa8..1def925c 100644 --- a/modules/stats/README.rst +++ b/modules/stats/README.rst @@ -89,6 +89,8 @@ Built-in counters keep track of number of queries and answers matching specific +-----------------+----------------------------------+ | answer.slow | completed in more than 1500ms | +-----------------+----------------------------------+ +| answer.sum_ms | sum of all latencies in ms | ++-----------------+----------------------------------+ +-----------------+----------------------------------+ | **Answer flags** | @@ -207,5 +209,5 @@ and include subrequests. The list maximum size is 5000 entries, make diffs if yo Clear the list of most frequent iterative queries. -.. include:: ../modules/graphite/README.rst -.. include:: ../modules/http/prometheus.rst +.. include:: ../../modules/graphite/README.rst +.. include:: ../../modules/http/prometheus.rst diff --git a/modules/stats/stats.c b/modules/stats/stats.c index ebb28778..a8a29de2 100644 --- a/modules/stats/stats.c +++ b/modules/stats/stats.c @@ -42,6 +42,7 @@ X(answer,total) X(answer,noerror) X(answer,nodata) X(answer,nxdomain) X(answer,servfail) \ X(answer,cached) X(answer,1ms) X(answer,10ms) X(answer,50ms) X(answer,100ms) \ X(answer,250ms) X(answer,500ms) X(answer,1000ms) X(answer,1500ms) X(answer,slow) \ + X(answer,sum_ms) \ X(answer,aa) X(answer,tc) X(answer,rd) X(answer,ra) X(answer, ad) X(answer,cd) \ X(answer,edns0) X(answer,do) \ X(query,edns) X(query,dnssec) \ @@ -56,10 +57,18 @@ enum const_metric { }; struct const_metric_elm { const char *key; + const char *sup_key; + const char *sub_key; size_t val; }; static struct const_metric_elm const_metrics[] = { - #define X(a,b) [metric_ ## a ## _ ## b] = { #a "." #b, 0 }, + #define X(a,b) \ + [metric_ ## a ## _ ## b] = { \ + .key = #a "." #b, \ + .sup_key = #a, \ + .sub_key = #b, \ + .val = 0 \ + }, CONST_METRICS(X) #undef X }; @@ -220,6 +229,7 @@ static int collect(kr_layer_t *ctx) /* Histogram of answer latency. */ struct kr_query *first = rplan->resolved.at[0]; uint64_t elapsed = kr_now() - first->timestamp_mono; + stat_const_add(data, metric_answer_sum_ms, elapsed); if (elapsed <= 1) { stat_const_add(data, metric_answer_1ms, 1); } else if (elapsed <= 10) { @@ -357,8 +367,31 @@ static int list_entry(const char *key, uint32_t key_len, trie_val_t *val, void * if (!key_matches_prefix(key, key_len, ctx->key_prefix, ctx->key_prefix_len)) return 0; size_t number = (size_t) *val; - auto_free char *key_nt = strndup(key, key_len); - json_append_member(ctx->root, key_nt, json_mknumber(number)); + + uint32_t dot_index = 0; + for (uint32_t i = 0; i < key_len; i++) { + if (!key[i]) + break; + if (key[i] == '.') { + dot_index = i; + } + } + + if (dot_index) { + auto_free char *sup_key_nt = strndup(key, dot_index); + auto_free char *sub_key_nt = strndup(key + dot_index + 1, key_len - dot_index - 1); + JsonNode *sup = json_find_member(ctx->root, sup_key_nt); + if (!sup) { + sup = json_mkobject(); + json_append_member(ctx->root, sup_key_nt, sup); + } + if (kr_fails_assert(sup)) + return 0; + json_append_member(sup, sub_key_nt, json_mknumber(number)); + } else { + auto_free char *key_nt = strndup(key, key_len); + json_append_member(ctx->root, key_nt, json_mknumber(number)); + } return 0; } @@ -374,8 +407,15 @@ static char* stats_list(void *env, struct kr_module *module, const char *args) size_t args_len = args ? strlen(args) : 0; for (unsigned i = 0; i < metric_const_end; ++i) { struct const_metric_elm *elm = &const_metrics[i]; - if (!args || strncmp(elm->key, args, args_len) == 0) { - json_append_member(root, elm->key, json_mknumber(elm->val)); + if (!args || strcmp(elm->sup_key, args) == 0) { + JsonNode *sup = json_find_member(root, elm->sup_key); + if (!sup) { + sup = json_mkobject(); + json_append_member(root, elm->sup_key, sup); + } + if (kr_fails_assert(sup)) + break; + json_append_member(sup, elm->sub_key, json_mknumber(elm->val)); } } struct list_entry_context ctx = { diff --git a/modules/stats/test.integr/kresd_config.j2 b/modules/stats/test.integr/kresd_config.j2 index 4db7caab..d0707691 100644 --- a/modules/stats/test.integr/kresd_config.j2 +++ b/modules/stats/test.integr/kresd_config.j2 @@ -9,32 +9,36 @@ FWD_TARGET = policy.FORWARD('192.0.2.1') function check_stats(got) log_info(ffi.C.LOG_GRP_TESTS, 'checking if stat values match expected values:') local expected = { - ['answer.cd'] = 2, - ['answer.cached'] = 1, - ['answer.nodata'] = 1, - ['answer.noerror'] = 2, - ['answer.nxdomain'] = 1, - ['answer.servfail'] = 2, - ['answer.edns0'] = 6, - ['answer.ra'] = 6, - ['answer.rd'] = 5, - ['answer.do'] = 1, - ['answer.ad'] = 0, - ['answer.tc'] = 0, - ['answer.aa'] = 0, - ['answer.total'] = 6 + ['answer'] = { + ['cd'] = 2, + ['cached'] = 1, + ['nodata'] = 1, + ['noerror'] = 2, + ['nxdomain'] = 1, + ['servfail'] = 2, + ['edns0'] = 6, + ['ra'] = 6, + ['rd'] = 5, + ['do'] = 1, + ['ad'] = 0, + ['tc'] = 0, + ['aa'] = 0, + ['total'] = 6 + } } print(table_print(expected)) local ok = true - for key, expval in pairs(expected) do - if got[key] ~= expval then - log_info(ffi.C.LOG_GRP_TESTS, - 'ERROR: stats key ' .. key - .. ' has unexpected value' - .. ' (expected ' .. tostring(expval) - .. ' got ' .. tostring(got[key] .. ')')) - ok = false + for sup_key, sup in pairs(expected) do + for sub_key, expval in pairs(sup) do + if got[sup_key][sub_key] ~= expval then + log_info(ffi.C.LOG_GRP_TESTS, + 'ERROR: stats key ' .. key + .. ' has unexpected value' + .. ' (expected ' .. tostring(expval) + .. ' got ' .. tostring(got[key] .. ')')) + ok = false + end end end if ok then @@ -52,6 +56,7 @@ function reply_result(state, req) local result = check_stats(got) return result(state, req) end +policy.add(policy.all(policy.FLAGS('PASSTHRU_LEGACY'))) -- the test isn't written with this in mind policy.add(policy.pattern(reply_result, 'stats.test.')) policy.add(policy.all(FWD_TARGET)) -- avoid iteration diff --git a/modules/ta_sentinel/.packaging/test.config b/modules/ta_sentinel/.packaging/test.config deleted file mode 100644 index 4bb6ac9a..00000000 --- a/modules/ta_sentinel/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('ta_sentinel') -assert(ta_sentinel) -quit() diff --git a/modules/ta_signal_query/.packaging/test.config b/modules/ta_signal_query/.packaging/test.config deleted file mode 100644 index dfa7c2a5..00000000 --- a/modules/ta_signal_query/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('ta_signal_query') -assert(ta_signal_query) -quit() diff --git a/modules/ta_update/.packaging/test.config b/modules/ta_update/.packaging/test.config deleted file mode 100644 index 5fe55875..00000000 --- a/modules/ta_update/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('ta_update') -assert(ta_update) -quit() diff --git a/modules/ta_update/ta_update.lua b/modules/ta_update/ta_update.lua index 2361e167..3c059f85 100644 --- a/modules/ta_update/ta_update.lua +++ b/modules/ta_update/ta_update.lua @@ -58,7 +58,7 @@ end -- Evaluate TA status of a RR according to RFC5011. The time is in seconds. local function ta_present(keyset, rr, hold_down_time) - if rr.type == kres.type.DNSKEY and not C.kr_dnssec_key_ksk(rr.rdata) then + if rr.type == kres.type.DNSKEY and not C.kr_dnssec_key_sep_flag(rr.rdata) then return false -- Ignore end -- Attempt to extract key_tag @@ -212,7 +212,7 @@ local function check_upstream(keyset, new_keys) local ta = ta_find(keyset, rr) table.insert(process_keys, ta) - if rr.type == kres.type.DNSKEY and not C.kr_dnssec_key_ksk(rr.rdata) then + if rr.type == kres.type.DNSKEY and not C.kr_dnssec_key_sep_flag(rr.rdata) then goto continue -- Ignore end diff --git a/modules/ta_update/ta_update.test.integr/kresd_config.j2 b/modules/ta_update/ta_update.test.integr/kresd_config.j2 index da319a28..f19c5b7d 100644 --- a/modules/ta_update/ta_update.test.integr/kresd_config.j2 +++ b/modules/ta_update/ta_update.test.integr/kresd_config.j2 @@ -23,6 +23,7 @@ end policy.add(policy.suffix(policy.PASS, {todname('test.')})) cache.size = 2*MB log_level('debug') +net.bufsize(4096) {% endraw %} modules.load('hints') diff --git a/modules/ta_update/ta_update.unmanagedkey.test.integr/kresd_config.j2 b/modules/ta_update/ta_update.unmanagedkey.test.integr/kresd_config.j2 index 263404d7..300dac95 100644 --- a/modules/ta_update/ta_update.unmanagedkey.test.integr/kresd_config.j2 +++ b/modules/ta_update/ta_update.unmanagedkey.test.integr/kresd_config.j2 @@ -39,6 +39,7 @@ end policy.add(policy.suffix(policy.PASS, {todname('test.')})) cache.size = 2*MB log_level('debug') +net.bufsize(4096) {% endraw %} modules.load('hints') diff --git a/modules/view/.packaging/test.config b/modules/view/.packaging/test.config deleted file mode 100644 index b639fdaf..00000000 --- a/modules/view/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('view') -assert(view) -quit() diff --git a/modules/watchdog/.packaging/test.config b/modules/watchdog/.packaging/test.config deleted file mode 100644 index 9d1a291c..00000000 --- a/modules/watchdog/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('watchdog') -assert(watchdog) -quit() diff --git a/modules/workarounds/.packaging/test.config b/modules/workarounds/.packaging/test.config deleted file mode 100644 index c420810b..00000000 --- a/modules/workarounds/.packaging/test.config +++ /dev/null @@ -1,4 +0,0 @@ --- SPDX-License-Identifier: GPL-3.0-or-later -modules.load('workarounds') -assert(workarounds) -quit() |