This way leaves less room for mistakes, etc.  It's just the idea from:
dd0c99bd (comment 191580)

Previously this would pollute the RTT cache with non-sensical
measurements from unsuccessful TCP connects for example.

Module would crash due to the change of `request->upstream`
structure.

Previously the mitigation would stop some longer benign resolutions.
We can safely zero the subquery counter when choose a concrete transport
for the query (i.e. NS name with known IP address).

Lame delegations are weird, they breed more lame delegations on broken
zones since trying another server from the same set usualy doesn't help.
We force resolution of another NS name in hope of getting somewhere.

Previously a 12B reply with FORMERR would be treated as malformed
creating a need for a workaround (switching off EDNS for every malformed
answer).

Instead copy it from the request's options.

Reasoning: Minimization might have been turned off as a workaround for
broken authoritative servers which doesn't support it. There is no
reason to drop minimization when switching zones when following a CNAME.

When cancelling a query due to NSNXAttack mitigation when validator was
also in BOGUS state, records wouldn't be stripped from the answer.

These will become useful once we actually use it…

Previously there where resolve_badmsg and resolve_error functions used
to apply workarounds. This is now moved to selection.c and iterate.c
just provides feedback using the server selection API. Errors are now
handled centrally in selection.c:error.

ci lint:scan-build: work around changes in meson

See merge request !1127

In 1f7678ea meson was updated and that broke our scan-build.
Now we work around that.  Quick analysis of why:
https://github.com/mesonbuild/meson/pull/5918#issuecomment-762064902

dnstap tests: integrate into meson, CI, etc.

See merge request !1123

+ it's more efficient to schedule longer tests before shorter tests
- we get a warning (if meson is new enough to use priorities)

Priority numbers: I took the config tests as baseline.
I didn't touch tests with "is_parallel: false".

They need one go package which I can't find even in Debian,
so it probably can't work without network access.
The new dnstap in extra_tests runs if dnstap is built and go is found.
It also tries to keep the source tree clean.

Now both query and reply messages are tested.

In CI (after caching go deps in image) this tests only takes slightly
more time than the longest config.* tests, so that seems OK.
Even so, it's not added into the valgrind variant, as compilation
of the test still isn't split away from the run itself.

From distro packages, just libprotobuf-c-dev and golang-any are new,
but I also broke the overlong line and reorganized its contents a bit.

add dnstap subpackage

Closes #655

See merge request !1118

Jakub Ružička authored 4 years ago and Tomas Krizek committed 4 years ago

introduce new dependencies:

* libfstrm
* libprotobuf-c

SUSE is missing protoc-c compiler so don't build dnstap there.

Jakub Ružička authored 4 years ago and Tomas Krizek committed 4 years ago

introduce new dependencies:

* libfstrm
* libprotobuf-c

Jakub Ružička authored 4 years ago and Tomas Krizek committed 4 years ago

This is a relic of ancient times.

selection: return early from forward_choose_transport with asserts off

See merge request !1125

This lead to unintitialized values being possibly used down the line.

randomize record order by default, i.e. reorder_RR(true)

See merge request !1124

It's quite cheap for us, and it might help with dumb clients
overusing the lowest IP from each set.

"ctx" is the usual name elsewhere for a kr_context pointer

refactor memory allocation patterns a little

See merge request !1115

More idiomatic code seems better:
- for variable initialization we have = { 0 }
- (mm_)calloc for heap allocations
  sizeof: use variable instead of type (where suitable; not sure why)

Experience proved that it can be confused with mm_alloc()
and it may not be trivial to find the mistake.

It seems just easier than having the copies in the current way.
I don't think the `static inline` were helping us anyway,
except for avoiding KR_EXPORT in some cases.

Still, differences when copying:
 - we use plain memset() in the implementation
   (no motivation here to use the complex memzero() approach)
 - we expose mm_malloc(), as we've been referring to it
 - we KR_EXPORT some of the functions (for lua and modules)

These do not make the CI job fail, but better avoid them anyway.
I suspect they got added when we updated the CI docker image.