Use default padding policy for responses.

net.tls_padding() can now take a boolean in addition to a numeric value. true means "use sensible default padding policy", false means "never pad".

In the struct kr_context, we change tls_padding from a uint32_t to an int32_t so that we can explicitly represent the default value (-1). This should be a safe ABI/API change, since no one had ever set a padding > 4096 anyway.

This depends on libknot having adopted the changes in:

https://gitlab.labs.nic.cz/labs/knot/merge_requests/692

Once that's done, if there's a release, then this changeset needs to also update kresd's versioned dependency on libknot.

changed title from Use default padding policy for responses. to [waiting] Use default padding policy for responses.

added 114 commits

• 2574749f...3a528009 - 113 commits from branch knot:master
• cc2d24d2 - Use default padding policy for responses.

Compare with previous version

changed title from [waiting] Use default padding policy for responses. to Use default padding policy for responses.

Now that a release has been made of libknot, i've updated this patch to depend on it.

ping! can i get someone to take a look at this?

@dkg, could the code perhaps fallback to #define default if it was compiled with older libknot for now? The hard requirement on the latest libknot seems too harsh to me at this very moment.

We could reconsider this in ~half a year.

added 72 commits

• cc2d24d2...56368857 - 71 commits from branch knot:master
• 92ff6f6c - Use default padding policy for responses.

Compare with previous version

resolved all discussions

I understand your suggestion, and if the project was using autoconf, i'd normally just throw in a test for the presence of knot_edns_default_padding_size and then wrap the core section of answer_padding() (within lib/resolve.c) within an #ifdef HAS_DEFAULT_PADDING section. But knot-resolver isn't using autoconf, and i see no other functional tests like this on a quick skim.

I could add a test and a #define to config.mk or something, but i'm not sure how the project would prefer to have this done. what do you suggest?

• I had read this MR within days after being posted, and it felt like there's little sense in it until we want to increase the minimal libknot version. (I should've posted a note here, perhaps.)

• It seems easiest to use the preprocessor in this spirit:

  #if KNOT_VERSION_HEX < ((2 << 16) | (4 << 8) | 3)
  

mentioned in commit dkg/resolver@e9a4d133

added 1 commit

• e9a4d133 - Use default padding policy for responses.

Compare with previous version

thanks for the suggestion, @vcunat . I've pushed a comparable change here.

resolved all discussions

mentioned in commit 15db5051

merged

It seems OK. I'm sorry for the delays.