force kresd to follow net.ip(4,6) settings when forwarding

Continuation of the parent commit. In particular, kr_nsrep_set() can't be used to create NS list "with holes".

force kresd to follow net.ip(4,6) settings when forwarding
Continuation of the parent commit. In particular, kr_nsrep_set() can't be used to create NS list "with holes".
15dc8bd8 · Vladimír Čunát · 06bf7a39 · 15dc8bd8 · 15dc8bd8 · 15dc8bd8
Verified Commit 15dc8bd8 authored 6 years ago by Vladimír Čunát
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,7 @@ Bugfixes
  as the submodule collects metrics from all sub-processes as well.
 - TLS fixes for corner cases (!714, !700)
 - fix build with -DNOVERBOSELOG (#424)
+- policy.{FORWARD,TLS_FORWARD,STUB}: respect net.ipv{4,6} setting (!710)

 Improvements
 ------------

--- a/daemon/README.rst
+++ b/daemon/README.rst
@@ -461,13 +461,13 @@ configured in the config file.

   :return: boolean (default: true)

-   Enable/disable using IPv6 for recursion.
+   Enable/disable using IPv6 for contacting upstream nameservers.

 .. envvar:: net.ipv4 = true|false

   :return: boolean (default: true)

-   Enable/disable using IPv4 for recursion.
+   Enable/disable using IPv4 for contacting upstream nameservers.

 .. function:: net.listen(addresses, [port = 53, flags = {tls = (port == 853)}])


--- a/lib/nsrep.h
+++ b/lib/nsrep.h
@@ -109,11 +109,11 @@ struct kr_nsrep
 };

 /**
- * Set given NS address.
+ * Set given NS address.  (Very low-level access to the list.)
 * @param  qry      updated query
 * @param  index    index of the updated target
 * @param  sock     socket address to use (sockaddr_in or sockaddr_in6 or NULL)
- * @return          0 or an error code
+ * @return          0 or an error code, in particular kr_error(ENOENT) for net.ipvX
 */
 KR_EXPORT
 int kr_nsrep_set(struct kr_query *qry, size_t index, const struct sockaddr *sock);

--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -81,13 +81,20 @@ end

 -- Override the list of nameservers (forwarders)
 local function set_nslist(qry, list)
-	for i, ns in ipairs(list) do
+	local ns_i = 0
+	for _, ns in ipairs(list) do
 		-- kr_nsrep_set() can return kr_error(ENOENT), it's OK
-		ffi.C.kr_nsrep_set(qry, i - 1, ns)
+		if ffi.C.kr_nsrep_set(qry, ns_i, ns) == 0 then
+			ns_i = ns_i + 1
+		end
 	end
 	-- If less than maximum NSs, insert guard to terminate the list
-	if #list < 4 then
-		assert(ffi.C.kr_nsrep_set(qry, #list, nil) == 0);
+	if ns_i < 3 then
+		assert(ffi.C.kr_nsrep_set(qry, ns_i, nil) == 0);
+	end
+	if ns_i == 0 then
+		-- would use assert() but don't want to compose the message if not triggered
+		error('no adress in the configured NS set is usable:\n' .. table_print(list, 2))
 	end
 end