lib/generic/queue: fix a bug + minor changes

See merge request !1050

... and most importantly, review all the code.

Detail: queue_{head,tail}_impl() no longer "safely return" NULL
on an empty queue, as the API always dereferences the returned
pointer anyway.

It... feels better that way.

Emptying the queue and using it again... didn't work :-(
Fortunately, no use case in kresd so far could trigger this, I believe:
 - struct session::waiting is a list of tasks waiting
   while connection is being established
 - the temporary queue in session_tasklist_finalize_expired() is also
   only once filled and emptied

The trailing _t implies the type is a typedef like:

typedef struct tls_ctx {
...
} tls_ctx_t;

But it is a plain struct - so remove it to avoid confusion.

Petr Špaček authored 4 years ago and Vladimír Čunát committed 4 years ago

It was rather confusing:
- event.after(0, ...) executed function immediatelly
- event.recurrent(0, ...) executed function immediatelly (seemingly worked)
  but stoped after the first execution, i.e. no recurrence took place.

config test improvements

See merge request !1045

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

In theory there should be no background task but we need cleanup in case
kresd gets into infinite loop or something like that.

Fixes #596.

distro/tests: fix file permissions set by ansible

See merge request !1044

Ansible switched default file perm to 600 from more permissive 666. Add
file mode explicitly to avoid issues.

docs: clarify policy.ANSWER

See merge request !1037

script to gather data from systemd journal

See merge request !1040

ci: check whether Deckard submodule commit is present on master

See merge request !1038

This is to prevent issues like !1036

Fix RFC5011 rollover

See merge request !1035

ci: fix divergent commit in Deckard submodule

See merge request !1036

Branch on Deckard tree tracked in this repository was left unmerged in
Deckard. The two trees therefore diverged and broke CI in knot-resolver
repo on a few commits retroactively.

validator: new approach to missing RRSIG(s)

Closes #390

See merge request !1020

It is very useful when debugging. This code gets executed only with
special DEBUG policy so we do not need to worry about maximum performance.

Vladimír Čunát authored 4 years ago and Petr Špaček committed 4 years ago

The line was being logged a bit prematurely when the validator isn't
really going insecure yet.  This solves (some of?) those cases.

The original approach was using SOA owner in negative answers
to optimize number of DS queries. This approarch is less realiable with
weird "servers", including pre-DNSSEC servers which reply to DS query
with an SOA owner pointing to the child zone instead of parent zone.

We now walk the tree from root down to find the missing DS or proof of
its non-existance.

Vladimír Čunát authored 4 years ago and Petr Špaček committed 4 years ago

This is about situations when validator *thinks* it's in a signed zone
but an unsigned answer comes in. The assumption was that RRSIGs didn't
make it through some middle-boxes and it retried with explicit QTYPE=RRSIG.

There were two issues with that.
1. It seems that in most cases the cause of the situation is that
   we skipped over a zone cut that transitioned to insecure state,
   so the signatures correctly don't exist.
2. An explicit RRSIG query appears to be more trouble than worth;
   it seems reasonable for servers not to answer it (fully);
   see RFC 8482 sect. 7.

The new approach simply tries to find a proof that the name is insecure,
by spawning a QTYPE=DS sub-query on that name.  That fixes some
real-life cases; usually this happens in iteration mode where one IP
address serves zones on both sides of a cut that transitions to insecure.
For details see new comments in that rrsig_not_found() function.

The change resulted in the iterator fallback not making sense anymore
so it was removed.

cache: add number of entries to cache.stats()

Closes #510

See merge request !1028

daemon/lua: get rid of __engine symbol in lua

See merge request !1033