From: Vladimír Čunát Date: Mon, 30 Sep 2024 13:34:11 +0000 (+0200) Subject: Merge branch 'master' into rrl-wip X-Git-Tag: v6.0.9~1^2~29 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3b815e8f6989d64ce1facaa24dd0f94c585b819d;p=thirdparty%2Fknot-resolver.git Merge branch 'master' into rrl-wip --- 3b815e8f6989d64ce1facaa24dd0f94c585b819d diff --cc meson.build index 8b4bd83bd,82035cecc..267145ea3 --- a/meson.build +++ b/meson.build @@@ -27,10 -27,8 +27,10 @@@ lmdb = dependency('lmdb', required: fal if not lmdb.found() # darwin workaround: missing pkgconfig lmdb = meson.get_compiler('c').find_library('lmdb') endif - gnutls = dependency('gnutls') + gnutls = dependency('gnutls', version: '>=3.4') luajit = dependency('luajit') +# https://mesonbuild.com/howtox.html#add-math-library-lm-portably +libm = meson.get_compiler('c').find_library('m', required : false) message('------------------------------') diff --cc modules/policy/policy.lua index bf796a6dd,f599e7d1a..036e8cf69 --- a/modules/policy/policy.lua +++ b/modules/policy/policy.lua @@@ -934,11 -938,13 +938,15 @@@ policy.layer = if ffi.C.kr_view_select_action(req, view_action_buf) == 0 then local act_str = ffi.string(view_action_buf[0].data, view_action_buf[0].len) - loadstring('return ' .. act_str)()(state, req) + local new_state = loadstring('return '..act_str)()(state, req) + -- We still respect the chain-rule notion, i.e. we skip + -- lua-configured policy rules iff the action was "final" + -- (`refused` and `noanswer` in the current 6.x) + if new_state ~= nil then return new_state end end + if ffi.C.ratelimiting_request_begin(req) then return end + local qry = req:initial() -- same as :current() but more descriptive return policy.evaluate(policy.rules, req, qry, state) or state diff --cc python/knot_resolver/datamodel/config_schema.py index d80f664a3,ddadd7fb5..7942eb73c --- a/python/knot_resolver/datamodel/config_schema.py +++ b/python/knot_resolver/datamodel/config_schema.py @@@ -1,34 -1,30 +1,31 @@@ import logging import os import socket - from typing import Any, Dict, List, Optional, Tuple, Union - - from typing_extensions import Literal - - from knot_resolver_manager.constants import MAX_WORKERS - from knot_resolver_manager.datamodel.cache_schema import CacheSchema - from knot_resolver_manager.datamodel.dns64_schema import Dns64Schema - from knot_resolver_manager.datamodel.dnssec_schema import DnssecSchema - from knot_resolver_manager.datamodel.forward_schema import ForwardSchema - from knot_resolver_manager.datamodel.local_data_schema import LocalDataSchema, RPZSchema, RuleSchema - from knot_resolver_manager.datamodel.logging_schema import LoggingSchema - from knot_resolver_manager.datamodel.lua_schema import LuaSchema - from knot_resolver_manager.datamodel.management_schema import ManagementSchema - from knot_resolver_manager.datamodel.monitoring_schema import MonitoringSchema - from knot_resolver_manager.datamodel.network_schema import NetworkSchema - from knot_resolver_manager.datamodel.options_schema import OptionsSchema - from knot_resolver_manager.datamodel.templates import POLICY_CONFIG_TEMPLATE, WORKER_CONFIG_TEMPLATE - from knot_resolver_manager.datamodel.types import Dir, EscapedStr, IntPositive - from knot_resolver_manager.datamodel.view_schema import ViewSchema - from knot_resolver_manager.datamodel.webmgmt_schema import WebmgmtSchema + from typing import Any, Dict, List, Literal, Optional, Tuple, Union +from knot_resolver_manager.datamodel.rate_limiting_schema import RateLimitingSchema - from knot_resolver_manager.utils.modeling import ConfigSchema - from knot_resolver_manager.utils.modeling.base_schema import lazy_default - from knot_resolver_manager.utils.modeling.exceptions import AggregateDataValidationError, DataValidationError - _DEFAULT_RUNDIR = "/var/run/knot-resolver" - - DEFAULT_MANAGER_API_SOCK = _DEFAULT_RUNDIR + "/manager.sock" + from knot_resolver.constants import API_SOCK_FILE, RUN_DIR, VERSION + from knot_resolver.datamodel.cache_schema import CacheSchema + from knot_resolver.datamodel.dns64_schema import Dns64Schema + from knot_resolver.datamodel.dnssec_schema import DnssecSchema + from knot_resolver.datamodel.forward_schema import ForwardSchema + from knot_resolver.datamodel.globals import Context, get_global_validation_context, set_global_validation_context + from knot_resolver.datamodel.local_data_schema import LocalDataSchema, RPZSchema, RuleSchema + from knot_resolver.datamodel.logging_schema import LoggingSchema + from knot_resolver.datamodel.lua_schema import LuaSchema + from knot_resolver.datamodel.management_schema import ManagementSchema + from knot_resolver.datamodel.monitoring_schema import MonitoringSchema + from knot_resolver.datamodel.network_schema import NetworkSchema + from knot_resolver.datamodel.options_schema import OptionsSchema + from knot_resolver.datamodel.templates import POLICY_CONFIG_TEMPLATE, WORKER_CONFIG_TEMPLATE + from knot_resolver.datamodel.types import EscapedStr, IntPositive, WritableDir + from knot_resolver.datamodel.view_schema import ViewSchema + from knot_resolver.datamodel.webmgmt_schema import WebmgmtSchema + from knot_resolver.utils.modeling import ConfigSchema + from knot_resolver.utils.modeling.base_schema import lazy_default + from knot_resolver.utils.modeling.exceptions import AggregateDataValidationError, DataValidationError + + WORKERS_MAX = 256 logger = logging.getLogger(__name__) diff --cc python/knot_resolver/datamodel/rate_limiting_schema.py index 4733223fa,000000000..4733223fa mode 100644,000000..100644 --- a/python/knot_resolver/datamodel/rate_limiting_schema.py +++ b/python/knot_resolver/datamodel/rate_limiting_schema.py diff --cc python/knot_resolver/datamodel/templates/rate_limiting.lua.j2 index 096c7f3c2,000000000..096c7f3c2 mode 100644,000000..100644 --- a/python/knot_resolver/datamodel/templates/rate_limiting.lua.j2 +++ b/python/knot_resolver/datamodel/templates/rate_limiting.lua.j2