Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

New map() creates control/ sockets in current working directory so it
pollutes worktree when developers run it in worktree.

I've also added files with ephemeral certificates and pytests test report
which were missing as well.

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

Three instances send commands and DNS queries to each other.

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

Control protocol uses \n as command delimiter so we cannot allow \n
inside commands. Users should be able to Lua-escape \n with \010.

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

Typical example of unrepresentable message is a Lua error.
E.g. error() called from kresc would lead to NULL message.

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

For now we still attempt to support systems without lua-cqueues,
e.g. Ubuntu 16.04.

lua-http depends on lua-cqueues so the test for availability of lua-http
at the beginning of kr_https_fetch() should cover lua-cqueues as well.

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

We were exceeding CI time limit while running config tests under
Valgrind so let's see if smaller number of tests will get us through CI.

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

map() command on leader instance now:
- detects call errors on followers
- detects unsupported number of return values
- detects unsupported data types which cannot be serialized
- keeps nil return values (signaled by table counter "n")

Fixes: #662

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

Let's detect syntax errors before sending the command to all instances.

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

Helper functions for handling variable length arrays with nil values.

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

map() now depends on presence of control sockets, and by default config
tests are executed with KRESD_NO_LISTEN=1 env var which prevents control
sockets from being created. Tests for features which depend on map() now
explicitly create their own control socket.

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

Previously exit trap executed command "kill -9" even if there were no
leftover processes and this lead to clutter in logs because kill
complained about missing arguments.

As a bonus the cleanup routine now prints information about leftover
processes.

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

Reasons:
- It allows to run several kresd instances and use map() without
  worrying about instance parameters.
- It removes special case from map().

Proper functionality depends on changes in MR !1011.

Petr Špaček authored 4 years ago and Tomas Krizek committed 4 years ago

Serializes: boolean, nil, number, string, table.
Skips all other types (functions, cdata, thread ...) and repeated
references to tables.

Resulting string should Lua-evaluate to identical objects.

Lukas Jezek authored 4 years ago and Tomas Krizek committed 4 years ago

This change allows map() to work with systemd integration.

As a bonus the new client implementation is based on Lua cqueues
allows caller to wrap map() in worker.corroutine() and get
asynchronous execution/avoid blocking main loop.

Currently socket communication does not employ timeouts so a hang
instance will lead to hang map() call. This does not affect query
processing _if_ map() is being run in worker.corroutine.

Fixes: #554
Fixes: #620

daemon: lower EDNS buffer size to 1232

Closes #300 and #538

See merge request !920

Vladimír Čunát authored 4 years ago and Tomas Krizek committed 4 years ago

Note: this commits affects just the small respdiffs, not the big ones.

fix SERVFAIL in *FORWARD modes with certain CNAME setup

Closes #614

See merge request !1070

Vladimír Čunát authored 4 years ago and Petr Špaček committed 4 years ago

It failed on a CNAME to a sibling name that's a zone cut.
Fixed by a minimalistic approach - tweaking the conditions
to always ask each CNAME step separately when forwarding.

For now I was too afraid to use "multi-flag" kr_request::state,
so I kept it at _FAIL; anyone can recognize it by NULL answer anyway.

Lua wrapper: using exception was considered but didn't seem good.
I utilized the fact that modules can return nil meaning no state change.

Resolves a FIXME, and this way of doing AD should be better/safer.
(Lower likelihood of accidentally leaving it on in some situation.)

GC test: the record is inserted manually with _SECURE rank but without
signatures.  I think it's better to return AD flag in that edge case.

FIXME: see FIXMEs in diff, document the API change, re-review.

qname here wasn't lower-cased, so the match might not be correct.
Still, practically all deployments use either root TA or none,
and these can't be affected.

meson: update to version 0.49

See merge request !1082

treewide: unify ENABLE_* defines

See merge request !1084

Vladimír Čunát authored 4 years ago and Tomas Krizek committed 4 years ago

Two styles were used: (un)defined and 0/1.  We switch to 0/1.
Advantage: it can be used also like `if (ENABLE_FOO)`
(outside preprocessor).

Except for ./meson.build it's sed \
 -e 's/#ifdef ENABLE_CAP_NG/#if ENABLE_CAP_NG/g' \
 -e 's/#ifdef ENABLE_DOH2/#if ENABLE_DOH2/g' \
 -e 's/defined(ENABLE_COOKIES)/ENABLE_COOKIES/g' \
 -e 's/#ifdef ENABLE_COOKIES/#if ENABLE_COOKIES/g' \
 -i $(git grep -l ENABLE_)

ci: use docker image with XDP support

See merge request !1085