]>
git.ipfire.org Git - thirdparty/pdns.git/log
Otto Moerbeek [Fri, 14 Feb 2020 09:55:11 +0000 (10:55 +0100)]
Formatting
Otto Moerbeek [Fri, 14 Feb 2020 09:22:12 +0000 (10:22 +0100)]
Avoid copying policies around by passing a Policy& that gets modified
if a match is found.
Remi Gacogne [Thu, 13 Feb 2020 14:24:42 +0000 (15:24 +0100)]
rec: Lookup RPZ Client IP rules before qname ones
Remi Gacogne [Thu, 13 Feb 2020 14:23:57 +0000 (15:23 +0100)]
rec: Add more RPZ regression tests
Otto Moerbeek [Wed, 12 Feb 2020 16:04:39 +0000 (17:04 +0100)]
Test clientIP before name, fix one more cutoff condition.
Remi Gacogne [Wed, 12 Feb 2020 15:53:47 +0000 (16:53 +0100)]
rec: Add unit tests for the RPZ policy priorities and ordering
Otto Moerbeek [Wed, 12 Feb 2020 15:49:58 +0000 (16:49 +0100)]
Set the d_priority field in the policy objects of a zone.
Comments from racacogne:
Better name for currentPriority, more elegant loops with right cutoff.
Remi Gacogne [Wed, 12 Feb 2020 14:54:38 +0000 (15:54 +0100)]
rec: Add regression tests for the ordering of RPZ policies
Otto Moerbeek [Wed, 12 Feb 2020 14:35:12 +0000 (15:35 +0100)]
Continue evaluation of RPZ rules after passthru, taking
into account RPZ priorities.
Remi Gacogne [Fri, 14 Feb 2020 09:00:55 +0000 (10:00 +0100)]
dnsdist: Fix issues reported by Charles-Henri during code review
Chris Hofstaedtler [Fri, 13 Dec 2019 10:00:31 +0000 (11:00 +0100)]
Replace include guard ifdef/define with pragma once
Peter van Dijk [Mon, 10 Feb 2020 09:26:15 +0000 (10:26 +0100)]
travis: enable ODBC thread locking
Peter van Dijk [Mon, 10 Feb 2020 09:26:09 +0000 (10:26 +0100)]
circleci: enable ODBC thread locking
Peter van Dijk [Wed, 12 Feb 2020 21:00:28 +0000 (22:00 +0100)]
Merge pull request #8614 from zeha/api-rm-unimplemented-check
Remove not implemented zone check API from spec
Peter van Dijk [Wed, 12 Feb 2020 20:16:30 +0000 (21:16 +0100)]
Merge pull request #8766 from zeha/chrish
Update my name in old changelogs
Peter van Dijk [Wed, 12 Feb 2020 20:06:24 +0000 (21:06 +0100)]
Merge pull request #8793 from rgacogne/auth-reserve-caches
auth: Prepare the caches' buckets in advance
Peter van Dijk [Wed, 12 Feb 2020 19:03:43 +0000 (20:03 +0100)]
docs security-policy: fix typo in my email address
Pieter Lexis [Wed, 12 Feb 2020 14:29:01 +0000 (15:29 +0100)]
YaHTTP: Send correct Host header for IPv6 address
Pieter Lexis [Wed, 12 Feb 2020 14:27:18 +0000 (15:27 +0100)]
YaHTTP: Parse addresses with IPv6 literals
A URL like http://[::1]:81 are parsed correctly now.
Remi Gacogne [Wed, 12 Feb 2020 09:09:24 +0000 (10:09 +0100)]
Merge pull request #8760 from rgacogne/ddist-doh-exact-match
dnsdist: Don't accept sub-paths of configured DoH URLs
Remi Gacogne [Wed, 12 Feb 2020 09:09:04 +0000 (10:09 +0100)]
Update pdns/dnsdistdist/docs/upgrade_guide.rst
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Remi Gacogne [Tue, 11 Feb 2020 14:29:24 +0000 (15:29 +0100)]
Add a couple tests on Netmask comparison
Remi Gacogne [Tue, 11 Feb 2020 13:28:07 +0000 (14:28 +0100)]
Keep a masked network in the Netmask class
Remi Gacogne [Tue, 11 Feb 2020 11:52:37 +0000 (12:52 +0100)]
Compare netmasks on their masked version (highly inefficient version)
Remi Gacogne [Wed, 12 Feb 2020 08:43:49 +0000 (09:43 +0100)]
Merge pull request #8355 from stephanbosch/netmask-tree
Rework NetmaskTree for better CPU and memory efficiency.
Stephan Bosch [Wed, 9 Oct 2019 00:06:33 +0000 (02:06 +0200)]
iputils.hh: NetmaskTree: Make the node_type key value const.
This prevents changing the key used by the tree, which would otherwise provide
an opportunity to corrupt the tree.
Stephan Bosch [Mon, 30 Sep 2019 13:10:42 +0000 (15:10 +0200)]
iputils.hh: NetmaskTree: Make the iterator reference a normal reference rather than a pointer.
This is possible now that the iterator type is no longer dictated by the
internal std::set. This changes the NetmaskTree::iterator API, but it makes it
more standard, less cumbersome, and less confusing.
Stephan Bosch [Mon, 30 Sep 2019 12:33:43 +0000 (14:33 +0200)]
iputils.hh: NetmaskTree: Make TreeNode::node a normal field rather than a pointer.
It no longer needs to be allocated separately.
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree: Drop the internal std::set.
It is now superfluous.
Otto Moerbeek [Tue, 11 Feb 2020 16:08:28 +0000 (17:08 +0100)]
Merge pull request #8777 from omoerbeek/rec-wip-qname-vs-ds
rec: QNAME minimization sometimes uses 1 label too many
Remi Gacogne [Tue, 11 Feb 2020 15:40:31 +0000 (16:40 +0100)]
dnsdist: Document that we no longer start as root by default
Remi Gacogne [Tue, 11 Feb 2020 15:40:11 +0000 (16:40 +0100)]
dnsdist: Document that DoH paths are now exact matches.
Otto Moerbeek [Tue, 11 Feb 2020 14:58:35 +0000 (15:58 +0100)]
Typos
Peter van Dijk [Tue, 11 Feb 2020 12:22:44 +0000 (13:22 +0100)]
builder: also touch /var/lib/rpm/* before build-specs
Otto Moerbeek [Tue, 11 Feb 2020 11:33:09 +0000 (12:33 +0100)]
Merge pull request #8778 from Habbie/recursor-rpz-refresh
rec RPZ dumpFile/seedFile: store/get SOA refresh on dump/load
Otto Moerbeek [Tue, 11 Feb 2020 11:30:29 +0000 (12:30 +0100)]
Warn at refresh=0
Remi Gacogne [Wed, 29 Jan 2020 16:59:02 +0000 (17:59 +0100)]
dnsdist: Add LuaRule(), the non-FFI equivalent of LuaFFIRule()
Remi Gacogne [Thu, 23 Jan 2020 13:20:33 +0000 (14:20 +0100)]
dnsdist: Add Lua bindings and documentation for the Lua FFI policies
Remi Gacogne [Wed, 22 Jan 2020 17:59:40 +0000 (18:59 +0100)]
dnsdist: Speed up the consistent hashing policies with large weights
Using a sorted vector provides a much faster lookup time than a
std::set when the number of points on the circle (weight of the
backend) is huge.
A boost::flat_set is almost as fast as a sorted vector but the
insertion time is quite bad.
Remi Gacogne [Mon, 6 Jan 2020 15:59:24 +0000 (16:59 +0100)]
dnsdist: Clean up FFI types
Remi Gacogne [Fri, 3 Jan 2020 17:06:54 +0000 (18:06 +0100)]
dnsdist: Add direct Lua FFI interface for masking the remote addr
Remi Gacogne [Fri, 3 Jan 2020 17:05:57 +0000 (18:05 +0100)]
dnsdist: Skip the creation of temp objects in KVS lookups from Lua
Remi Gacogne [Fri, 3 Jan 2020 17:04:33 +0000 (18:04 +0100)]
dnsdist: Speed-up of the leastOutstanding policy
Remi Gacogne [Fri, 3 Jan 2020 17:03:31 +0000 (18:03 +0100)]
dnsdist: Add Lua Netmask bindings
Remi Gacogne [Thu, 2 Jan 2020 16:09:44 +0000 (17:09 +0100)]
dnsdist: Implement fast-{c,w}hashed FFI policies
Remi Gacogne [Thu, 26 Dec 2019 15:37:29 +0000 (16:37 +0100)]
dnsdist: Bench LB policies
Remi Gacogne [Thu, 26 Dec 2019 15:37:13 +0000 (16:37 +0100)]
dnsdist: Add Lua bindings for DNSName::hash()
Remi Gacogne [Mon, 16 Dec 2019 17:57:31 +0000 (18:57 +0100)]
dnsdist: Add unit tests for Lua LB policies as well
Remi Gacogne [Fri, 13 Dec 2019 09:34:06 +0000 (10:34 +0100)]
dnsdist: Add unit tests for the load-balancing policies
Remi Gacogne [Wed, 11 Dec 2019 17:12:32 +0000 (18:12 +0100)]
dnsdist: Implement FFI LB policies
Remi Gacogne [Tue, 3 Dec 2019 16:10:09 +0000 (17:10 +0100)]
dnsdist: Allow wrapping the FFI interface for the existing DNSQuestion object
Remi Gacogne [Thu, 7 Nov 2019 14:36:04 +0000 (15:36 +0100)]
dnsdist: Add more FFI regression test (DoH, EDNS options and tags)
Remi Gacogne [Tue, 5 Nov 2019 15:40:56 +0000 (16:40 +0100)]
dnsdist: Add documentation and a regression test for FFI functions
Remi Gacogne [Mon, 4 Nov 2019 17:47:06 +0000 (18:47 +0100)]
dnsdist: Implement LuaFFIRule, LuaFFIAction and LuaFFIResponseAction
Peter van Dijk [Tue, 11 Feb 2020 10:33:32 +0000 (11:33 +0100)]
Merge pull request #8807 from Habbie/docker-ovl-rpm
builder: touch /var/lib/rpm/* in every docker layer that uses rpmdb
Peter van Dijk [Tue, 11 Feb 2020 10:06:03 +0000 (11:06 +0100)]
builder: touch /var/lib/rpm/* in every docker layer that uses rpmdb
references:
https://github.com/pombredanne/dnf-plugin-ovl
https://bugzilla.redhat.com/show_bug.cgi?id=
1213602
Peter van Dijk [Tue, 11 Feb 2020 05:56:30 +0000 (06:56 +0100)]
Merge pull request #8804 from rgacogne/ddist-install-config-file
dnsdist: Fix configuration file installation / chmod
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree: Add iterator class and use it for begin() and end() methods.
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree: Keep track of the left-most node in the tree.
Needed to provide a begin() iterator in constant time.
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree: Copy the tree using tree traversal.
Before, it used the internal std::set.
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree::TreeNode: Implement tree traversal methods.
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree: Make tree cleanup mandatory.
Potentially leaving branches full of unassigned nodes unnecessarily complicates
tree algorithms. Disabling tree cleanup was not used anywhere, except for a unit
test. Note that, after this change, individual branch nodes can still be
unassigned, but not the whole branch. So, when e.g. the left sub-branch of a
node exists, algorithms can rely on the fact that there is at least one assigned
node in there.
Stephan Bosch [Wed, 9 Oct 2019 20:49:21 +0000 (22:49 +0200)]
iputils.hh: NetmaskTree: Always normalize key netmasks.
This makes address bits below the network mask all zero, which is consistent
with the tree's behavior.
This change addresses one sensitivity to this behavioral change in the recursor
cache.
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree: Reduce the number of tree nodes.
Before, it created a tree node for every network bit in the netmask. Now, it
only creates a tree node when necessary (only for values and branches).
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree: Initialize TreeNode::node immediately.
Later commit relies on this.
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree: Use for loops instead of while loops.
Makes using `continue' easier in later commit.
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree: Restructure the tree with separate branches for for IPv4 and IPv6
This simplifies the code considerably.
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree: Rename field "root" to "d_root"
Stephan Bosch [Mon, 30 Sep 2019 08:30:25 +0000 (10:30 +0200)]
iputils.hh: NetmaskTree: Use ComboAddress::getBit() and Netmask::getBit()
Stephan Bosch [Wed, 9 Oct 2019 01:49:33 +0000 (03:49 +0200)]
iputils.hh: NetmaskTree: Make cleanup_tree() method private.
Stephan Bosch [Mon, 30 Sep 2019 08:30:24 +0000 (10:30 +0200)]
iputils.hh: Netmask: Prevent the construction of a 128-bit IPv4 netmask.
Stephan Bosch [Mon, 30 Sep 2019 08:30:24 +0000 (10:30 +0200)]
iputils.hh: Netmask: Add getBit()
Stephan Bosch [Mon, 30 Sep 2019 08:30:24 +0000 (10:30 +0200)]
iputils.hh: Netmask: Add getAddressBits()
Stephan Bosch [Mon, 30 Sep 2019 08:30:24 +0000 (10:30 +0200)]
iputils.hh: ComboAddress: Add getBit()
Stephan Bosch [Mon, 30 Sep 2019 08:30:24 +0000 (10:30 +0200)]
iputils.hh: ComboAddress: Add getBits()
Stephan Bosch [Wed, 9 Oct 2019 00:23:30 +0000 (02:23 +0200)]
iputils.hh: Netmask: Add getSuper()
Stephan Bosch [Mon, 30 Sep 2019 08:30:24 +0000 (10:30 +0200)]
test-iputils_hh.cc: Add tests for NetmaskTree copy, swap and iterator operations.
Stephan Bosch [Wed, 9 Oct 2019 00:34:15 +0000 (02:34 +0200)]
iputils.hh: Netmask: Add getNormalized()
Stephan Bosch [Mon, 30 Sep 2019 08:30:24 +0000 (10:30 +0200)]
test-iputils_hh.cc: Test 0.0.0.0 address at serveral network bit ranges.
Stephan Bosch [Mon, 30 Sep 2019 08:30:24 +0000 (10:30 +0200)]
test-iputils_hh.cc: Better verify the NetmaskTree container size during tests.
Stephan Bosch [Wed, 9 Oct 2019 01:34:13 +0000 (03:34 +0200)]
iputils.hh: Consistently use nullptr rather than NULL.
Stephan Bosch [Wed, 9 Oct 2019 20:36:12 +0000 (22:36 +0200)]
iputils.hh: Fix erroneous comments.
Stephan Bosch [Mon, 30 Sep 2019 08:30:24 +0000 (10:30 +0200)]
Reformat test-iputils_hh.cc.
Remove a few empty lines.
Stephan Bosch [Mon, 30 Sep 2019 08:30:24 +0000 (10:30 +0200)]
Reformat iputils.hh
Mainly removed whitespace at end of line and fixed several indenting mishaps.
Peter van Dijk [Mon, 10 Feb 2020 18:23:08 +0000 (19:23 +0100)]
Merge pull request #8803 from rgacogne/dnsname-centos-6
Fix "error: 'strlen' was not declared in this scope" on CentOS 6
Remi Gacogne [Mon, 10 Feb 2020 17:12:47 +0000 (18:12 +0100)]
dnsdist: Fix configuration file installation / chmod
Introduced in
c98c0ef694de0c536e6d71af8c58a16f6635ea35
Remi Gacogne [Mon, 10 Feb 2020 17:10:01 +0000 (18:10 +0100)]
Fix "error: 'strlen' was not declared in this scope" on CentOS 6
Peter van Dijk [Mon, 10 Feb 2020 16:33:18 +0000 (17:33 +0100)]
Merge pull request #8800 from Habbie/dnsdist-docs-tables
dnsdist docs: refer to new tables. Fixes #8798
Remi Gacogne [Mon, 10 Feb 2020 14:36:47 +0000 (15:36 +0100)]
Merge pull request #8783 from rgacogne/cpu-steal-iowait
Add 'IO wait' and 'steal' metrics on Linux
Otto Moerbeek [Mon, 10 Feb 2020 14:17:09 +0000 (15:17 +0100)]
Tweaks for minimum time
Otto Moerbeek [Mon, 10 Feb 2020 13:31:41 +0000 (14:31 +0100)]
Introduce an explicit refreshFromConf arg to RPZIXFRTracker.
Always load and store the rpz refresh value from and to the zone.
That we we can easily decide which value to use: if an explicit
refreshFromConf value is set, use that one, otherwise use the one
in the rpz zone.
Remi Gacogne [Mon, 10 Feb 2020 10:53:24 +0000 (11:53 +0100)]
Document that IO wait and steal metrics are in units of USER_HZ.
Remi Gacogne [Mon, 10 Feb 2020 10:26:33 +0000 (11:26 +0100)]
Merge pull request #8801 from rgacogne/ddist-setwebapikey
dnsdist: Fix a typo 'apikey' -> 'apiKey' in setWebserverConfig() doc
Remi Gacogne [Mon, 10 Feb 2020 10:25:16 +0000 (11:25 +0100)]
dnsdist: Fix a typo 'apikey' -> 'apiKey' in setWebserverConfig() doc
Peter van Dijk [Mon, 10 Feb 2020 09:40:39 +0000 (10:40 +0100)]
dnsdist docs: refer to new tables. Fixes #8798
Remi Gacogne [Mon, 10 Feb 2020 09:17:39 +0000 (10:17 +0100)]
Merge pull request #8792 from rgacogne/dnsname-strlen
DNSName: Don't call strlen() when the length is already known
Remi Gacogne [Fri, 7 Feb 2020 14:32:57 +0000 (15:32 +0100)]
Merge pull request #8737 from Habbie/circleci-pager
avoid 'git show -s' from starting a pager in CircleCI
Remi Gacogne [Thu, 30 Jan 2020 14:11:53 +0000 (15:11 +0100)]
DNSName: Don't call strlen() when the length is already known
Remi Gacogne [Fri, 7 Feb 2020 14:29:39 +0000 (15:29 +0100)]
Merge pull request #8795 from omoerbeek/rec-lua-docs-policytag
rec: Remove duplicate *PolicyTags docs
Remi Gacogne [Fri, 7 Feb 2020 14:28:42 +0000 (15:28 +0100)]
Merge pull request #8171 from rgacogne/dnsdist-soa-in-negative
dnsdist: Add SetNegativeAndSOAAction() and its Lua binding