Oto Šťáva authored 3 years ago and Vladimír Čunát committed 3 years ago

Also change the return type of kr_pkt_has_dnssec() and lua's :dobit()

We can always easily add groups when needed.

The approach of the code was rather hacky, simulating some packets
arriving from upstream and making the module stack CONSUME that.
Instead we take a direct approach now: use the simplified validator API
and then insert into cache directly.

One effect is improved performance, and consequently roughly halving
the lag which happens when prefill module invokes this.
(With root zone the lag goes down to 0.1 s from over 0.2 s,
 on my relatively fast CPU.  Fortunately it's just once a day.)

The following actions will now be logged in debug level (or request
tracing): ANSWER, DENY, DENY_MSG, DROP, REFUSE, TC

This can be useful for RPZ and other policy debugging.

Purposefully ommitted actions:
PASS - since it's the same as normal processing
REROUTE - the action itself comes from renumber module
STUB,FORWARD,TLS_FORWARD - this could be more confusing than useful
  (e.g. when response comes from cache)

Version 2.9 isn't supported anymore anyway, but 3.0.2 is needed for
extended error constants.

Tomas Krizek authored 3 years ago and Vladimír Čunát committed 3 years ago

Answers to EDNS requests from certain lua policies that use the
answer_clear() function would lack OPT RR and thus violate the MUST
condition in RFC6891.6.1.1.

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

NSEC* params were not being stashed by this function.  For prefilling
it's useful, but doing it on *every* NSEC* record would be quite a waste,
so we introduce a parameter to select this.

Implementation: there were good reasons not to implement this until
needed - it wasn't straightforward at all.

It's not a perfect solution and with the future policy engine it will
hopefully be better, but it's really trivial to add this already.
(should've done that years ago)

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

It's special: always on and not shown in log_groups() output.

It's been quite a long fight to find how to best deal with such
a special case (from user perspective; code itself is easy).

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

The former "default" dumping style isn't really used anywhere in Knot.
The only visible difference is that RRSIGs are now logged *without*
replacing their TTLs by the original non-decremented TTL values.
That can avoid some confusion when reading debug logs.
(Those original TTLs are still shown a bit further on each line.)

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

Let's be consistent witk kr_log_name2level()
and even generally we tend to use negative numbers for errors.

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

Probably, it seems "more consistent".
Some defines still don't have it, but I left those.

Lukas Jezek authored 3 years ago and Tomas Krizek committed 3 years ago

logging

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

- unify interactive mode to stdout
- use its own logging group
- elevated log level when the command throws an exception
- don't try detecting that the logs go back into the same console
  (yes, in that case you can see some lines twice)
- don't make the binary mode turn off logging

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

- const for names of log groups
- enum kr_log_group for a single log group
- the kr_log_groups bitmap doesn't need to be exposed or even exported
- return bool instead of int

It's better to use separate log group, to separate between logs that
come from the lua module vs native C implementation. It is also more
descriptive, since http modules is used for other stuff besides its
deprecated DoH.

This serves two purposes:

1. As a utility logger during development.
2. As the last entry in enum - to make iteration over the values
   possible. Changing the value of LOG_GRP_DEVEL shouldn't be an issue,
   since it shouldn't be used in production code.

Now those type definitions can be simply loaded without any error, e.g.
luajit daemon/lua/kres-gen.lua
That will be useful for checking them without regenerating them.

To (hopefully) improve readability, rename the typical macro usage of:

    if (!kr_assume(x)) y; // to
    if (kr_fails_assert(x)) y;

As a convenience, replace the assert without a return value to a more
simple version:

    (void)!kr_assume(x);  // becomes
    kr_assert(x);

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

Default 5 minutes (but off).
Randomize the delays +-25%.

- add lua options debugging.assumption_abort and
  debugging.assumption_fork to make the behaviour configurable
- select default values based on meson buildtype:
  - debug/debugoptimized (default, e.g. used in CI) - abort and don't
    fork
  - plain/release - don't abort, but fork if abort is user-configured

Add HTTP headers to an optional kr_request.qsource.headers structure.
Headers are stored as name, value string pairs.

The following snippet can be used to access the headers in lua modules:

```
if (req.qsource.headers ~= nil) then
	for i = 1, tonumber(req.qsource.headers.len) do
		local name = ffi.string(req.qsource.headers.at[i - 1].name)
		local value = ffi.string(req.qsource.headers.at[i - 1].value)
		print(name, value)
	end
end
```

Fixes #616

It wasn't really used for a long time and became completely obsolete after
!1030.