I've removed couple layers of indirection to make it easier to follow.
This should make it easier to extend the policy module.

Vitezslav Kriz authored 7 years ago and Petr Špaček committed 7 years ago

Config tests now have ability to run daemon with different arguments and
to check exit code.

Symbols not marked by KR_EXPORT shouldn't be visible outside
the same output binary (e.g. sbin/kresd or lib/kdns_modules/hints.so)
Also mark `engine_hint_root_file`.

It is enabled by default.

RFC 6761 mandates functionality implemented by policy module, so it is
now loaded by default. Users with special needs can still unload the
module.

The pin parameter contains SHA-256 encoded using Base64, but this is not
the only option. Explicit name allows us to add alternative formats
later on, and is consistent with GnuTLS naming.

Policy handling was split into smaller functions to allow easier
checking. The code needs further refactoring, it seems that
net_tls_client is just a thin wrapper around tls_client_params_set in C,
which is unnecessary and error prone.

Apparently some corner cases are not handled properly.
We need to fix these in follow-up patches.

The last processed query is not always resolved (if resolution fails),
so previous code returned wrong query in some messages after failure.

This is a followup on addition of trace callbacks in the resolver library,
to get rid of the Lua/C interfacing in daemon and unify it with the log tracing.
All modules can now install completion callback on the kr_request object that
will be called after the resolution is done.

Marek Vavruša authored 7 years ago and Marek Vavrusa committed 7 years ago

This implements worker coroutines in Lua to perform non-blocking I/O and do many things concurrently.
For example a file watcher can be now implemented as:

```
  local watcher = notify.opendir('/etc')
  watcher:add('hosts')

  -- Watch changes to /etc/hosts
  worker.coroutine(function ()
    for flags, name in watcher:changes() do
      for flag in notify.flags(flags) do
        print(name, notify[flag])
      end
    end
  end)
```

In order to make this work, the runtime uses the cqueues library which
can run coroutines concurrently, and return a file descriptor to poll on
if it's blocked. The worker takes that file descriptor and calls
`event.socket(pollfd, resume_callback)` so that libuv can wake up
the worker when its ready again.

The cqueues library is still optional, but if it's not present following stuff
won't work:

* worker.coroutine()
* worker.sleep()

Vladimír Čunát authored 7 years ago and Petr Špaček committed 7 years ago

It should be enough to update the table once per TLS_FORWARD rule,
without re-doing that every time the policy is triggered.

This allows debugging of what records were used for final answer.

This leverages the HTTP interface to trace execution of individual
requests. This is helpful for troubleshooting problems with a specific instance,
or to generate test files (as it writes out answers received).

Ideally it would also print a timeline of request processing broken down by
function (or layer) and the amount of time spent, but there's no
tracepoint for that yet.

this allows for changing request settings or performing other actions
just after the request is created.

fixup! module: detect discontinuous jumps in the system time

Vitezslav Kriz authored 7 years ago and Petr Špaček committed 7 years ago

Check differences between real and monotonic time.
It clears cache when this diffrence changes since
last cache clear.

Vitezslav Kriz authored 7 years ago and Petr Špaček committed 7 years ago

Monotonic time from libuv function uv_now (wrapped in kr_now) is
used for query timeout, stats and RTT in reputation cache.

Cache, DNSSEC Validation and Cookies use real time.

Without this check, the module would print warning for every single run
without root trust anchor.

Vitezslav Kriz authored 7 years ago and Petr Špaček committed 7 years ago

This module is enabled by default, but disabled in Deckard tests.

If user provides custom hints file with config option hints.root_file('file')
resovler fail with error. Before it just silently pass and may fail
when loading defaults file, which leads to confusing error message.

The old name was confusing because module name was different than all
other names and references in manual.