Tomas Krizek [Wed, 17 Apr 2019 13:13:28 +0000 (15:13 +0200)]
systemd: use 44353 for DoH port
Using 443 as the default port presents too many packaging challenges.
DoH requires configuration to be useful anyway, so users are free to
override this value as they see fit.
Petr Špaček [Tue, 16 Apr 2019 10:31:05 +0000 (12:31 +0200)]
tests: disable output buffering in config tests
Output buffering in tests made debugging much harder because crash in
middle of operation discarded while buffer and left us without a trace
what was going on.
Vladimír Čunát [Fri, 12 Apr 2019 13:06:02 +0000 (15:06 +0200)]
simplify approach to bind()
The complication is that we need to work with addresses and
just file-descriptors passed from some parent process.
The former approach lead to logical duplication of some steps;
now we add a step converting addresses to file-descriptors.
Thanks to that we always do bind() without touching libuv,
so the problem with forking disappears :-)
Vladimír Čunát [Tue, 16 Apr 2019 10:52:16 +0000 (12:52 +0200)]
lua net.interfaces(): fix mac addresses
Only the first byte was being shown since 3ab77332.
I can't see at all why this part was changed;
the buffer is (and was) way overlong for this,
so writing one zero byte just after the end is OK.
Vladimír Čunát [Fri, 12 Apr 2019 07:22:15 +0000 (09:22 +0200)]
lib/generic/lru: try to resolve alignof warnings
We run meson with -std=gnu11, but apparently some compiler still
complained about it. Unfortunately it wouldn't be easy to use
standard C11 in this case.
Vladimír Čunát [Wed, 3 Apr 2019 17:51:28 +0000 (19:51 +0200)]
lua module layers: avoid incorrect returns on errors
The layer functions are supposed to return the new state.
We've been lucky that errors are negative numbers and thus
they typically passed the (status & KR_STATE_FAIL) test.
Vladimír Čunát [Thu, 14 Mar 2019 12:09:48 +0000 (13:09 +0100)]
module API+ABI: remove one level of indirection
... for layers and props. This breaks C module API+ABI.
It seemed weird to repeatedly call a function that returns a pointer
to a structure in which we find the function we want to actually call.
We've never used changing these functions AFAIK, and the target
functions could easily be written to change their behavior instead
(i.e. move the indirection *inside* the function).
When breaking this, I also removed these two (_layers and _props)
from the dynamic symbols (to be) exported from the C modules.
They always pointed to memory belonging inside the module,
and they seem quite sensible to be set up by the _init symbol instead.
Petr Špaček [Thu, 11 Apr 2019 13:57:06 +0000 (15:57 +0200)]
table_print: simplification
As far as I understand the debug.sethook('call') descrption we are not
going to have any locals except function parameters so we can simplify
the code.
Vladimír Čunát [Mon, 8 Apr 2019 13:54:43 +0000 (15:54 +0200)]
modules/http DoH: allocate req.qsource on req.pool
The problem is that C structures are not scanned by lua GC,
so we'd have to keep these alive in some other way; therefore
it's simpler to just use the mempool.
Vladimír Čunát [Mon, 8 Apr 2019 13:52:18 +0000 (15:52 +0200)]
lib/utils kr_straddr_socket(): support mempools
"Unfortunately", for FFI-bound C functions there it doesn't hold that
missing parameters would be converted to nil/NULL.
Still, this function seems unlikely to have been used outside the repo.
Petr Špaček [Thu, 4 Apr 2019 11:19:45 +0000 (13:19 +0200)]
doh: limit max query size to 1024 B
The value is kind of arbitrary, as precaution. 64k value was causing
cqueues to close connections with GET requests with "Broken pipe"
and it seems to work with 1024 B.
Petr Špaček [Tue, 2 Apr 2019 13:49:17 +0000 (15:49 +0200)]
doh: send out HTTP TTL
We intentionally compute max-age header as minimum over all RRs, doing
so only over ANSWER section does not make sense (and RFC 8484 allows us
to do so).
Vladimír Čunát [Fri, 29 Mar 2019 19:16:31 +0000 (20:16 +0100)]
cache: fix incorrect TTL of positive packets in cache
It's a regression of b00ee5fa8 (v3.0.0). Fortunately, since that
version we use cache for positive packets only when they are BOGUS
(see `bool want_pkt =`) so that they're available for +cd queries.
Therefore the impact was really negligible, until the DoT module.
Petr Špaček [Fri, 29 Mar 2019 15:35:31 +0000 (16:35 +0100)]
DoH experiment
First version which actually works with Firefox DoH in default
configuration.
Limitations:
- does not support HTTP GET method
- headers for HTTP cache are not generated
- error handling is largely missing
- no tests
- ACLs will not work, modules do not see source IP address of the HTTP
endpoint
Petr Špaček [Sat, 16 Mar 2019 10:06:21 +0000 (11:06 +0100)]
sandbox: table_print sorts table keys
This makes it much easier to navigate in complex data structures.
AFAIK table_print is not used for anything except user interface so it
is not performance critical and we can re-sort table every time.
Debian packaging as of 3.2.1-3 is no longer shipping libkres9 or
libkres-dev (see https://bugs.debian.org/923970). This brings the
upstream debian-style packaging in line with the Debian packaging on
that front.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Vladimír Čunát [Thu, 28 Mar 2019 07:34:26 +0000 (08:34 +0100)]
validate nitpick fix: unsupported algo edge case
kr_dnskeys_trusted() semantics is changed, but I do NOT consider that
a part of public API.
Go insecure due to algorithm support even if DNSKEY is NODATA.
I can't see how that's relevant to practical usage, but I think this new
behavior makes more sense. We still do try to fetch the DNSKEY even
though we have information about its un-usability beforehand.
I'd consider fixing that a premature optimization.
We'll still be affected if the DNSKEY query SERVFAILs or something.
projects / thirdparty / knot-resolver.git / log
