summaryrefslogtreecommitdiffstats
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'master' into defer-wipLukáš Ondráček2025-01-022-4/+4
|\
| * kr_module_load(): don't pass the_engine in module->dataVladimír Čunát2024-12-202-4/+2
| | | | | | | | | | | | | | | | | | It was a confusing way of repurposing the field. My comment from over five years ago (129002fc0d) said that some external C modules might be relying on this. But that certainly sounds moot nowadays. To get more confidence, I rechecked all kr_module::data references (as found by libclang).
| * kr_module_load(): avoid calling deinit() on errorsVladimír Čunát2024-12-201-0/+2
| | | | | | | | | | | | If the module's init() failed or wasn't even called, I see it as an API error to call deinit(). When init() fails, it should take care of cleanup itself.
* | daemon/defer: add subpriorities by prefix lengthLukáš Ondráček2024-12-302-0/+36
|/
* lib/mmapped: fix typoLukáš Ondráček2024-11-041-1/+1
|
* mmapped_* nit: move from daemon/ to lib/Vladimír Čunát2024-11-043-0/+148
| | | | | | | | We'll utilize this for cache, so this will be an easy way for GC to access the mmapped_* symbols. In lib/ we usually prefix symbols by kr_ but I don't think it's worth the hassle in this case, as mmapped_ seems like a good enough prefix.
* lib/kru: improve code formattingLukáš Ondráček2024-11-041-3/+3
|
* daemon/ratelimiting: polishLukáš Ondráček2024-11-041-4/+12
|
* lib/kru: fix zero incrementLukáš Ondráček2024-10-021-3/+4
|
* lib/log: add [defer ] groupVladimír Čunát2024-10-012-0/+3
| | | | In particular this turns off those debug logs by default.
* lib/utils: deduplicate kr_straddr_socket* + describeVladimír Čunát2024-10-012-50/+22
|
* Merge branch 'master' into rrl-wipVladimír Čunát2024-09-3017-102/+334
|\
| * local-data: generate CNAMEs from DNAMEsVladimír Čunát2024-09-253-15/+127
| | | | | | | | | | As with some other aspects, these DNAMEs do not work exactly as in a real zone, e.g. they don't cause occlusion.
| * lib/generic/array: extend the return type of array_push*()Vladimír Čunát2024-09-121-1/+1
| | | | | | | | | | | | | | | | In case of no error, the index is returned, but `int` isn't a great choice for returning array indices. (though I doubt that we can get anywhere near 2^31 elements in practice) Detected by Coverity.
| * validator: fix after fac462e163a2614e24d2c604a9b120b949796a72.menakite2024-09-061-2/+7
| | | | | | | | | | See: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1590#note_304380
| * cache: set EDE when synthesizing answer from aggressive cachemenakite2024-09-061-0/+6
| |
| * validator: set EDE code if SEP does not match or DNSKEY is revoked.menakite2024-09-061-4/+32
| | | | | | | | | | | | | | | | | | If the tag and algorithm of DS and DNSKEY do not correspond, or in case the DNSKEY is revoked, set EDE code "DNSKEY Missing". If both match, but the algorithm is not supported, set EDE code "Unsupported DNSKEY Algorithm". In case RRSIGs for DNSKEY exist, but can't be validated due to a key error, set EDE code "RRSIGs Missing".
| * resolver,validator: provide more EDE codes.menakite2024-09-065-26/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dnssec: * Provide a way to retrieve whether a DNSKEY has the Zone Key bit set, and add bindings for Lua modules (kr_dnssec_key_zonekey_flag), like kr_dnssec_key_sep_flag. * In kr_ds_algo_support() provide a way to retrieve what is wrong with the keys. * Check if a RRSIG RR has the signature expired already before inception time. validator: * Set EDE "Unsupported NSEC3 Iterations Value" when downgrading. * Set EDE "Signature Expired before Valid" when checking RRSIGs. * Set EDE "No Zone Key Bit Set" when a DNSKEY with the Zone Key Bit set to 0 is discarded. * Instead of the generic "Other Error" with extra text "unsupported digest/key", set appropriate EDEs "Unsupported DNSKEY Algorithm" and "Unsupported DS Digest Type". resolver: * Set EDE "No Reachable Authority" when it is decided that all authoritative servers are unreachable or misbehaving. Some parts adjusted by vcunat, in particular construction of EDE messages.
| * lib/utils: generalize kr_strcatdup() for mempoolsVladimír Čunát2024-09-062-4/+6
| | | | | | | | It's trivial really, and I'd like to use it now.
| * cache: move setting EDE "Stale Answer" to the the serve_stale module.menakite2024-08-191-3/+1
| | | | | | | | | | | | | | | | | | It is not guaranteed yet that the request will finish in state DONE. This prevents other EDE codes from being applied to the request and in case the request ends in FAIL state it produces a SERVFAIL answer with EDE "Stale Answer", which is a bit weird. Move setting EDEs in answer_finalize in the serve_stale module, where the proper EDE in case of NXDOMAIN is set too.
| * modules/stats: add answer.staleFrantisek Tobias2024-08-191-0/+1
| |
| * validator nit: move validate_wrapper() to a better placeVladimír Čunát2024-08-191-10/+9
| |
| * validator: avoid clearing EDE if query didn't actually failmenakite2024-08-191-40/+43
| |
| * {daemon,lib}: sync EDE codes supported by libknot.menakite2024-08-132-1/+7
| | | | | | | | | | | | | | | | | | Adds the following extended error codes: * 25 (Signature Expired before Valid): KNOT_EDNS_EDE_EXPIRED_INV * 26 (Too Early): KNOT_EDNS_EDE_TOO_EARLY * 27 (Unsupported NSEC3 Iterations Value): KNOT_EDNS_EDE_NSEC3_ITERS * 28 (Unable to conform to policy): KNOT_EDNS_EDE_NONCONF_POLICY * 29 (Synthesized): KNOT_EDNS_EDE_SYNTHESIZED
| * NEWS+comment for the parent commitVladimír Čunát2024-08-121-0/+1
| |
| * iterator: fix handling of ANY queries and != IN classes.menakite2024-08-111-6/+6
| | | | | | | | | | | | | | It was supposed to answer NOTIMP, but was returning FAIL instead of DONE and so the answer was SERVFAIL. Also added EDE code "Not Supported" for clarity.
| * lib: fix typo in generated doc for log group "zoncut".menakite2024-08-071-1/+1
| | | | | | | | | | Setting log_groups({ 'zonecut' }) just leads to a warning and no "zone cut" logging shown.
| * doc/dev: removed outdated requirements from Knot Resolver libraryFrantisek Tobias2024-08-011-5/+0
| |
* | rrl: fixup build on non-x86_64Vladimír Čunát2024-08-131-0/+1
| | | | | | | | | | Missing include caused issues with unknown `KR_EXPORT`, e.g.: https://gitlab.nic.cz/knot/knot-resolver/-/jobs/1142787#L2801
* | Merge branch 'master' into rrl-wipLukáš Ondráček2024-07-3014-72/+95
|\|
| * lib/rules subnet_encode(): improve doc-commentsVladimír Čunát2024-07-221-10/+18
| |
| * lib/rules nit: missing `static` for a functionVladimír Čunát2024-07-221-1/+1
| |
| * lib/rules: fix a bug in subnet computationsVladimír Čunát2024-07-221-4/+13
| | | | | | | | | | | | | | | | | | The problem mainly affected subnets not aligned on whole bytes, but maybe also others. Reported: https://lists.nic.cz/hyperkitty/list/knot-resolver-users@lists.nic.cz/message/6P2JPK72WMVLP45TDV42DTACEA2N5NW2/ I'm really sorry about this; no idea why I thought that the simple multiplication would suffice.
| * treewide nit: avoid NULL arithmeticsVladimír Čunát2024-07-113-6/+6
| | | | | | | | | | | | | | | | | | (u)intptr_t casts seem the best in terms of compliance: https://stackoverflow.com/q/45220134/587396 Otherwise with clang 18 we can get warnings like ../$path:$line:$col: runtime error: applying non-zero offset $num to null pointer SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../$path:$line:$col
| * drop libknot <=3.2.x supportOto Šťáva2024-07-112-8/+0
| |
| * drop libknot 3.0.x supportVladimír Čunát2024-07-111-5/+0
| | | | | | | | | | | | | | | | - Upstream last maintained 3.0.x in summer 2022. - Our packaging shouldn't be affected, neither the new one, nor OBS. - If someone updates resolver, it shouldn't be too hard to update libknot as well. - Maintenance on resolver side still needed effort for kres-gen-30.lua
| * Merge remote-tracking branch 'origin/master-5' into masterOto Šťáva2024-07-031-1/+4
| |\
| | * iterate: fix NSEC3 records missing from answer in an edge caseVladimír Čunát2024-05-291-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When positive wildcard expansion happens, NSEC(3) records are needed to prove that the expansion was allowed. If the NSEC3 had too many iterations, we downgrade the answer to insecure status, but unintentionally we also dropped the NSEC3 record from the answer. That was breaking DNSSEC validation of that answer, e.g. when forwarding to Knot Resolver. The validator needs the NSEC3 - either to validate the expansion or to determine that it's too expensive.
| * | lib/rules: tweak how the read-only transactions workVladimír Čunát2024-07-026-19/+38
| | | | | | | | | | | | | | | | | | Let's avoid reloading the RO transaction unless necessary. For example, when normal config reload happens (one kresd at a time), we most likely do *not* want to reload the rule DB prematurely.
| * | lib/rules kr_rules_init(): allow not overwriting the DBVladimír Čunát2024-07-023-18/+15
| | |
* | | defer: fix/hide tidy/trivial_checks warningsLukáš Ondráček2024-07-301-1/+0
| | |
* | | lib/kru: add optional arg prefix_out for loggingLukáš Ondráček2024-06-182-5/+15
| | |
* | | treewide: utilize _Alignas, as it's standard C11Vladimír Čunát2024-06-143-16/+8
| | |
* | | defer: extend kru allowing separated reads/updatesLukáš Ondráček2024-06-062-11/+55
| | |
* | | rrl: tidyingLukáš Ondráček2024-06-044-106/+87
| | |
* | | fixup! rrl: renaming, movements, create defer protolayerLukáš Ondráček2024-06-043-0/+8
| | |
* | | rrl: renaming, movements, create defer protolayerLukáš Ondráček2024-06-046-0/+765
| | |
* | | Merge branch 'master' into 'rrl-wip'Oto Šťáva2024-06-0429-86/+170
|\| |
| * | Some more Clang-Tidy silencingOto Šťáva2024-06-043-8/+9
| | |
| * | daemon, lib: unify protolayer_grp and kr_proto enumsOto Šťáva2024-06-044-21/+75
| | |
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 07:36:33 +0100