Example:
  assert(require('ffi').C.kr_view_insert_action(
  		'127.0.0.0/24', 'policy.DENY_MSG("message")'
	) == 0)

Picked up old work, rebase-squashed after many months;
then fixed up a little as needed in this newer version.
(and later many minor fixes got squashed in)

Oto Šťáva authored 3 years ago and Vladimír Čunát committed 3 years ago

Also change the return type of kr_pkt_has_dnssec() and lua's :dobit()

The approach of the code was rather hacky, simulating some packets
arriving from upstream and making the module stack CONSUME that.
Instead we take a direct approach now: use the simplified validator API
and then insert into cache directly.

One effect is improved performance, and consequently roughly halving
the lag which happens when prefill module invokes this.
(With root zone the lag goes down to 0.1 s from over 0.2 s,
 on my relatively fast CPU.  Fortunately it's just once a day.)

The following actions will now be logged in debug level (or request
tracing): ANSWER, DENY, DENY_MSG, DROP, REFUSE, TC

This can be useful for RPZ and other policy debugging.

Purposefully ommitted actions:
PASS - since it's the same as normal processing
REROUTE - the action itself comes from renumber module
STUB,FORWARD,TLS_FORWARD - this could be more confusing than useful
  (e.g. when response comes from cache)

Tomas Krizek authored 3 years ago and Vladimír Čunát committed 3 years ago

Answers to EDNS requests from certain lua policies that use the
answer_clear() function would lack OPT RR and thus violate the MUST
condition in RFC6891.6.1.1.

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

The former "default" dumping style isn't really used anywhere in Knot.
The only visible difference is that RRSIGs are now logged *without*
replacing their TTLs by the original non-decremented TTL values.
That can avoid some confusion when reading debug logs.
(Those original TTLs are still shown a bit further on each line.)

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

Probably, it seems "more consistent".
Some defines still don't have it, but I left those.

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

- const for names of log groups
- enum kr_log_group for a single log group
- the kr_log_groups bitmap doesn't need to be exposed or even exported
- return bool instead of int

Now those type definitions can be simply loaded without any error, e.g.
luajit daemon/lua/kres-gen.lua
That will be useful for checking them without regenerating them.

To (hopefully) improve readability, rename the typical macro usage of:

    if (!kr_assume(x)) y; // to
    if (kr_fails_assert(x)) y;

As a convenience, replace the assert without a return value to a more
simple version:

    (void)!kr_assume(x);  // becomes
    kr_assert(x);

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

Default 5 minutes (but off).
Randomize the delays +-25%.

- add lua options debugging.assumption_abort and
  debugging.assumption_fork to make the behaviour configurable
- select default values based on meson buildtype:
  - debug/debugoptimized (default, e.g. used in CI) - abort and don't
    fork
  - plain/release - don't abort, but fork if abort is user-configured

Add HTTP headers to an optional kr_request.qsource.headers structure.
Headers are stored as name, value string pairs.

The following snippet can be used to access the headers in lua modules:

```
if (req.qsource.headers ~= nil) then
	for i = 1, tonumber(req.qsource.headers.len) do
		local name = ffi.string(req.qsource.headers.at[i - 1].name)
		local value = ffi.string(req.qsource.headers.at[i - 1].value)
		print(name, value)
	end
end
```

Fixes #616

Štěpán Balážik authored 5 years ago and Vladimír Čunát committed 4 years ago

Design discussion: #447
Code discussion: !1030

Logging strings: I originally wanted to have four chars inside [],
but it doesn't really matter in these cases where logs don't happen
within a request, so "[xdp]" won due to uniformity and simplicity.

FIXME: see FIXMEs in diff, document the API change, re-review.

Vladimír Čunát authored 4 years ago and Petr Špaček committed 4 years ago

See the definition of kr_cdb_pt for details.

Vladimír Čunát authored 4 years ago and Petr Špaček committed 4 years ago

... in case of usage from kresd (GC does it a bit differently).

It is very useful when debugging. This code gets executed only with
special DEBUG policy so we do not need to worry about maximum performance.

In particular this gets rid of last light user data inside kresd.

It was still causing problems on some systems, for example Debian Sid.
The error was the same: "bad light userdata pointer" from luajit,
but note that the problem can still be triggered by lua libraries,
e.g. cqueues.

Now it works again with the latest gdb-9.1.
As a side effect, some simplification was possible, so that some
typedefs are newly defined at once with the underlying type.

This new approach uses per-request variables in Lua and creates new
callback for each DEBUG_IF call instead of each request.

Attempt to avoid duplicating ten lines in debug_logfinish_cb lead me
to splitting kr_log_qverbose_impl into two functions kr_log_q and kr_log_req.
This is another minor change to API exposed to modules.

Formerly both logs used slightly different formats and duplicated code.
From now on verbose log and request tracing are generated using the same
code.

This required a small change to request trace_log_f definition so it
might affect external modules.

Petr Špaček authored 5 years ago and Vladimír Čunát committed 5 years ago

These files did not have GNU GPL v3 boilderplate in them so
I've added machine readable tag with appropriate license.

Vladimír Čunát authored 5 years ago and Tomas Krizek committed 5 years ago

- written relatively defensively - act OK even if the API
  isn't used in an ideal way
- CI lint:scan-build: bump the error count;
  It's only another instance of the mis-detected array_push().
- the removed stale note in modules/meson.build isn't really related

The new way of transitioning to layer callbacks - done because of
portability (mainly to aarch64) - is a bit expensive.  This is a simple
way of recovering that cost.  Merge 603a24fc regressed speed a bit.