STR(net_tls_sticket_MIN_SECRET_LEN) " bytes",
file_name);
}
- fclose(fp);
+ if (fclose(fp) == EOF) {
+ lua_error_p(L,
+ "net.tls_sticket_secret_file - reading of file '%s' failed",
+ file_name);
+ }
- struct network *net = &the_worker->engine->net;
-
- tls_session_ticket_ctx_destroy(net->tls_session_ticket_ctx);
- net->tls_session_ticket_ctx =
- tls_session_ticket_ctx_create(net->loop, secret_buf, secret_len);
- if (net->tls_session_ticket_ctx == NULL) {
+ tls_session_ticket_ctx_destroy(the_network->tls_session_ticket_ctx);
+ the_network->tls_session_ticket_ctx =
+ tls_session_ticket_ctx_create(the_network->loop, secret_buf, secret_len);
+ if (the_network->tls_session_ticket_ctx == NULL) {
lua_error_p(L,
"net.tls_sticket_secret_file - can't create session ticket context");
}
#include "lib/dnssec/ta.h"
#include "lib/log.h"
- /* Cleanup engine state every 5 minutes */
- const size_t CLEANUP_TIMER = 5*60*1000;
-/* Magic defaults for the engine. */
-#ifndef LRU_RTT_SIZE
-#define LRU_RTT_SIZE 65536 /**< NS RTT cache size */
-#endif
-#ifndef LRU_REP_SIZE
-#define LRU_REP_SIZE (LRU_RTT_SIZE / 4) /**< NS reputation cache size */
-#endif
-#ifndef LRU_COOKIES_SIZE
- #if ENABLE_COOKIES
- #define LRU_COOKIES_SIZE LRU_RTT_SIZE /**< DNS cookies cache size. */
- #else
- #define LRU_COOKIES_SIZE LRU_ASSOC /* simpler than guards everywhere */
- #endif
-#endif
-
-/**@internal Maximum number of incomplete TCP connections in queue.
-* Default is from empirical testing - in our case, more isn't necessarily better.
-* See https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/968
-* */
-#ifndef TCP_BACKLOG_DEFAULT
-#define TCP_BACKLOG_DEFAULT 128
-#endif
/* Execute byte code */
#define l_dobytecode(L, arr, len, name) \
len_s = 0;
}
uint32_t len_n = htonl(len_s);
- fwrite(&len_n, sizeof(len_n), 1, out);
- if (len_s > 0)
- fwrite(message, len_s, 1, out);
+ if (fwrite(&len_n, sizeof(len_n), 1, out) != 1)
+ goto finish;
+ if (len_s > 0) {
+ if (fwrite(message, len_s, 1, out) != 1)
+ goto finish;
+ }
- } else {
+ break;
+ case IO_MODE_TEXT:
+ /* Human-readable and console-printable mode */
- if (message)
- fprintf(out, "%s", message);
- if (message || !args->quiet)
- fprintf(out, "\n");
- if (!args->quiet)
- fprintf(out, "> ");
+ if (message) {
+ if (fprintf(out, "%s", message) < 0)
+ goto finish;
+ }
+ if (message || !args->quiet) {
+ if (fprintf(out, "\n") < 0)
+ goto finish;
+ }
+ if (!args->quiet) {
+ if (fprintf(out, "> ") < 0)
+ goto finish;
+ }
+ break;
}
/* Duplicate command and output to logs */
finish:
/* Close if redirected */
if (stream_fd != STDIN_FILENO) {
- fclose(out);
+ (void)fclose(out);
}
+ /* If a LMDB transaction got open, we can't leave it hanging.
+ * We accept the changes, if any. */
+ kr_cache_commit(&the_resolver->cache);
+ kr_rules_commit(true);
}
void io_tty_alloc(uv_handle_t *handle, size_t suggested, uv_buf_t *buf)
#include "contrib/base64.h"
#include "daemon/tls.h"
#include "daemon/worker.h"
-#include "daemon/session.h"
+#include "daemon/session2.h"
- #define EPHEMERAL_CERT_EXPIRATION_SECONDS_RENEW_BEFORE (60*60*24*7)
+ #define EPHEMERAL_CERT_EXPIRATION_SECONDS_RENEW_BEFORE ((time_t)60*60*24*7)
#define GNUTLS_PIN_MIN_VERSION 0x030400
+#define UNWRAP_BUF_SIZE 131072
+#define TLS_CHUNK_SIZE (16 * 1024)
#define VERBOSE_MSG(cl_side, ...)\
if (cl_side) \
return kr_error(EINVAL);
}
/* record the expiration date: */
- tls_credentials->valid_until = _get_end_entity_expiration(tls_credentials->credentials);
+ tls_credentials->valid_until = get_end_entity_expiration(tls_credentials->credentials);
/* Exchange the x509 credentials */
- struct tls_credentials *old_credentials = net->tls_credentials;
+ struct tls_credentials *old_credentials = the_network->tls_credentials;
/* Start using the new x509_credentials */
- net->tls_credentials = tls_credentials;
- tls_credentials_log_pins(net->tls_credentials);
+ the_network->tls_credentials = tls_credentials;
+ tls_credentials_log_pins(the_network->tls_credentials);
if (old_credentials) {
err = tls_credentials_release(old_credentials);
* So it takes 2 RTT.
* As we use session tickets, there are additional messages, add one RTT mode.
*/
- #define TLS_MAX_HANDSHAKE_TIME (KR_CONN_RTT_MAX * 3)
- #define TLS_MAX_HANDSHAKE_TIME (KR_CONN_RTT_MAX * (uint64_t)3)
++#define TLS_MAX_HANDSHAKE_TIME (KR_CONN_RTT_MAX * (uint64_t)3)
/** Transport session (opaque). */
-struct session;
+struct session2;
struct tls_ctx;
struct tls_client_ctx;
{
/* The implementation used to have extra caching layer,
* but it didn't work well. Now it's very simple. */
- return mp_new(16 * 1024);
+ return mp_new((size_t)16 * 1024);
}
/** Return a mempool. */
-static inline void pool_release(struct worker_ctx *worker, struct mempool *mp)
+static inline void pool_release(struct mempool *mp)
{
mp_delete(mp);
}
struct list_entry_context *ctx = baton;
if (!key_matches_prefix(key, key_len, ctx->key_prefix, ctx->key_prefix_len))
return 0;
- size_t number = (size_t) *val;
+ size_t number = (size_t)*val;
- auto_free char *key_nt = strndup(key, key_len);
- json_append_member(ctx->root, key_nt, json_mknumber((double)number));
+
+ uint32_t dot_index = 0;
+ for (uint32_t i = 0; i < key_len; i++) {
+ if (!key[i])
+ break;
+ if (key[i] == '.') {
+ dot_index = i;
+ }
+ }
+
+ if (dot_index) {
+ auto_free char *sup_key_nt = strndup(key, dot_index);
+ auto_free char *sub_key_nt = strndup(key + dot_index + 1, key_len - dot_index - 1);
+ JsonNode *sup = json_find_member(ctx->root, sup_key_nt);
+ if (!sup) {
+ sup = json_mkobject();
+ json_append_member(ctx->root, sup_key_nt, sup);
+ }
+ if (kr_fails_assert(sup))
+ return 0;
- json_append_member(sup, sub_key_nt, json_mknumber(number));
++ json_append_member(sup, sub_key_nt, json_mknumber((double)number));
+ } else {
+ auto_free char *key_nt = strndup(key, key_len);
- json_append_member(ctx->root, key_nt, json_mknumber(number));
++ json_append_member(ctx->root, key_nt, json_mknumber((double)number));
+ }
return 0;
}
size_t args_len = args ? strlen(args) : 0;
for (unsigned i = 0; i < metric_const_end; ++i) {
struct const_metric_elm *elm = &const_metrics[i];
- if (!args || strncmp(elm->key, args, args_len) == 0) {
- json_append_member(root, elm->key, json_mknumber((double)elm->val));
+ if (!args || strcmp(elm->sup_key, args) == 0) {
+ JsonNode *sup = json_find_member(root, elm->sup_key);
+ if (!sup) {
+ sup = json_mkobject();
+ json_append_member(root, elm->sup_key, sup);
+ }
+ if (kr_fails_assert(sup))
+ break;
- json_append_member(sup, elm->sub_key, json_mknumber(elm->val));
++ json_append_member(sup, elm->sub_key, json_mknumber((double)elm->val));
}
}
struct list_entry_context ctx = {
projects / thirdparty / knot-resolver.git / commitdiff
