Vladimír Čunát authored 8 years ago and Ondřej Surý committed 8 years ago

On standard 64-bit: 24 -> 16 bytes per element.

Fixes https://gitlab.labs.nic.cz/knot/resolver/issues/76

If the ephemeral X.509 certificate is due for renewal in less than a
week, regenerate it automatically.

If kresd is configured to listen using TLS, but it has no credentials,
it should fall back to generating ephemeral credentials and using
them.

It stores the ephemerally-generated secret key in the same directory
as the cache, using the name "ephemeral_key.pem".  If the cache
persists, then the key will too, even if the daemon dies.  This means
that any set of daemons that share a cache will also share an
ephemeral secret key.

The ephemeral X.509 certificate that corresponds to the key will be
automatically generated (self-signed), will have a lifetime of about
90 days (matching Let's Encrypt policy).  The ephemeral cert is
never written to disk; it is always dynamically-generated by kresd.

This should make it very easy to get DNS-over-TLS working in
opportunistic mode.

This can be useful for scheduling checks in the future, for logging
when we're using an expired cert, requesting a new cert, refreshing an
ephemeral cert, etc.

Vladimír Čunát authored 8 years ago and Ondřej Surý committed 8 years ago

Motivation: maintaining these by hand in kres.lua is tricky, as just
inserting or reordering the structures can do anything and isn't
detected in general.  For example, `rr_array_t::at` has always
"missed a star".

A couple libknot structure fields have apparently changed name since
the old definitions were written; in most cases I renamed them in *.lua.

The file daemon/lua/kres-gen.lua will be regenerated only if explicitly
deleted.  That requires building with debug symbols and gdb on $PATH.

Now that we renamed "debug" to "verbose", the old name didn't seem very
suitable anymore; this new identifier haven't got to master yet.

Split NDEBUG to NDEBUG (asserts) and NOVERBOSELOG (verbose logging); rename all related symbols to use VERBOSE instead of DEBUG

... but don't raise any kind of error.
The lua function `verbose()` behaved reasonably already.
It doesn't warn, but docs for the function do mention `NLOGDEBUG`.

In particular, don't require to call an externally defined function to
find if in --verbose mode or not.  Now it's just an extern bool.
I'm confident the performance impact of not using -DNLOGDEBUG should be
negligible now.

This comes with a small incompatible API+ABI change, but that shouldn't
matter as we've had a couple of those already since the last release.

Fixes https://github.com/CZ-NIC/knot-resolver/issues/35.

This reverts commit 64f80706.
TL;DR: it brought almost no benefits AFAIK and potential for problems.

The "portable bytecode" produced by luajit isn't compatible when
(lib)luajit version changes or when some build-time configuration of it
changes.  If you mix these up, kresd fails to start.

... and avoid returning a negative number.

It seems a bit cleaner, though impact on size and load speed should not
be noticeable.  We simply install most of the lua code, as before, and I
assume that we *do* want to keep that visibility, at least by default.
Suggested on !57.

Some structures have changed but lua was still using the old ABI.
I think no our lua code used the fields misplaced due to this,
except an example in documentation.

I didn't check much of the ABI in there.  I wish I knew some
(half-)automatic way how to do that.

- The API and ABI for modules changes slightly (details below).
  KR_MODULE_API is bumped to avoid loading incompatible code.
  We have bumped libkres ABIVER since the last release 1.1.1,
  so leaving that one intact.

- Make KR_STATE_YIELD not reuse 0 value anymore.
  It's easy to e.g. return kr_ok() by mistake.
- struct kr_layer_t:
  * ::mm was unused, uninitialized, etc.
  * Make ::state an int, as it was everywhere else.
  * void *data was ugly and always containing struct kr_request *
- struct kr_layer_api:
  * Drop the void* parameter from ::begin, as it was only used
    for the request which is available as ctx->req anyway
    (formerly ctx->data).
  * Drop ::fail.  It wasn't even called.  Modules can watch for
    KR_STATE_FAIL in ::finish.
- Document the apparent meaning of the layer interface, deduced mainly
  from the way it's used in the code.  Caveats:
  * enum knot_layer_state handling seems to assume that it holds exactly
    one of the possibilities at a time.  The cookie module does NOT
    follow that (intentionally), apparently depending on the exact
    implementation of the handling at that moment.  It feels fragile.
  * I was unable to deduce a plausible description of when ::reset is
    called.  It's practically unused in modules, too.

It causes lots of line changes, but it would be confusing to keep the
current state over long term.

The implementation is now similar to set-associative caches
that x86 CPU use.  Also the API is changed a bit, leading to
slight simplification of our use patterns.

Fixes https://gitlab.labs.nic.cz/knot/resolver/issues/93.
API of a KR_EXPORT function is changed, so ABIVER is bumped.

This saves a few kilobytes in the executable.
Also, the name XXD seemed no longer suitable,
as it does lua-specific cleaning.

and set libknot_SONAME and libzscanner_SONAME as lua literals.

Remove now obsolete libpath lua function - use find_soname from
platform.mk to define <arg>_SONAME, add lua_pushliteral to
daemon/engine.c and add -D to daemon/daemon.mk for any new library
loaded from Lua.