summaryrefslogtreecommitdiffstats
path: root/daemon
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:47:11 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:47:11 +0000
commitfa4b01ee7d479f7186d3a1a9c9eaf5211a3521ac (patch)
treeac80b66e9ade699a7a2b02492a4795838be0f6f3 /daemon
parentAdding debian version 5.7.1-1. (diff)
downloadknot-resolver-fa4b01ee7d479f7186d3a1a9c9eaf5211a3521ac.tar.xz
knot-resolver-fa4b01ee7d479f7186d3a1a9c9eaf5211a3521ac.zip
Merging upstream version 5.7.2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'daemon')
-rw-r--r--daemon/lua/kres-gen-30.lua7
-rw-r--r--daemon/lua/kres-gen-31.lua7
-rw-r--r--daemon/lua/kres-gen-32.lua7
-rwxr-xr-xdaemon/lua/kres-gen.sh15
-rw-r--r--daemon/lua/meson.build19
-rw-r--r--daemon/proxyv2.c48
-rw-r--r--daemon/proxyv2.h27
7 files changed, 81 insertions, 49 deletions
diff --git a/daemon/lua/kres-gen-30.lua b/daemon/lua/kres-gen-30.lua
index 7639e79..f3f8a49 100644
--- a/daemon/lua/kres-gen-30.lua
+++ b/daemon/lua/kres-gen-30.lua
@@ -2,9 +2,10 @@
local ffi = require('ffi')
--[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[
-typedef long time_t;
-typedef long __time_t;
-typedef long __suseconds_t;
+
+typedef @time_t@ time_t;
+typedef @time_t@ __time_t;
+typedef @time_t@ __suseconds_t;
struct timeval {
__time_t tv_sec;
__suseconds_t tv_usec;
diff --git a/daemon/lua/kres-gen-31.lua b/daemon/lua/kres-gen-31.lua
index e555a6a..46b349e 100644
--- a/daemon/lua/kres-gen-31.lua
+++ b/daemon/lua/kres-gen-31.lua
@@ -2,9 +2,10 @@
local ffi = require('ffi')
--[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[
-typedef long time_t;
-typedef long __time_t;
-typedef long __suseconds_t;
+
+typedef @time_t@ time_t;
+typedef @time_t@ __time_t;
+typedef @time_t@ __suseconds_t;
struct timeval {
__time_t tv_sec;
__suseconds_t tv_usec;
diff --git a/daemon/lua/kres-gen-32.lua b/daemon/lua/kres-gen-32.lua
index 31a5c5d..88b50de 100644
--- a/daemon/lua/kres-gen-32.lua
+++ b/daemon/lua/kres-gen-32.lua
@@ -2,9 +2,10 @@
local ffi = require('ffi')
--[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[
-typedef long time_t;
-typedef long __time_t;
-typedef long __suseconds_t;
+
+typedef @time_t@ time_t;
+typedef @time_t@ __time_t;
+typedef @time_t@ __suseconds_t;
struct timeval {
__time_t tv_sec;
__suseconds_t tv_usec;
diff --git a/daemon/lua/kres-gen.sh b/daemon/lua/kres-gen.sh
index 70afb40..3befd5d 100755
--- a/daemon/lua/kres-gen.sh
+++ b/daemon/lua/kres-gen.sh
@@ -53,12 +53,15 @@ printf -- "local ffi = require('ffi')\n"
printf -- "--[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[\n"
# Some system dependencies. TODO: this generated part isn't perfectly portable.
-${CDEFS} ${LIBKRES} types <<-EOF
- typedef time_t
- __time_t
- __suseconds_t
- struct timeval
-EOF
+printf "
+typedef @time_t@ time_t;
+typedef @time_t@ __time_t;
+typedef @time_t@ __suseconds_t;
+struct timeval {
+ __time_t tv_sec;
+ __suseconds_t tv_usec;
+};
+"
## Various types (mainly), from libknot and libkres
diff --git a/daemon/lua/meson.build b/daemon/lua/meson.build
index b19777c..6df5bc5 100644
--- a/daemon/lua/meson.build
+++ b/daemon/lua/meson.build
@@ -47,10 +47,23 @@ else
kres_gen_fname = 'kres-gen-30.lua'
endif
+# Exact types around time_t aren't easy to detect, but at least we need the same size.
+time_t_size = meson.get_compiler('c').sizeof('time_t', prefix: '#include <sys/time.h>')
+kres_gen_config = {}
+foreach t: [ 'long', 'long long' ]
+ if meson.get_compiler('c').sizeof(t) == time_t_size
+ kres_gen_config = { 'time_t': t }
+ break
+ endif
+endforeach
+if kres_gen_config == {}
+ error('Unexpected sizeof(time_t) == @0@'.format(time_t_size))
+endif
+
kres_gen_lua = configure_file(
input: kres_gen_fname,
output: 'kres-gen.lua',
- copy: true,
+ configuration: kres_gen_config,
)
run_target( # run manually to re-generate kres-gen.lua
@@ -72,9 +85,9 @@ if get_option('kres_gen_test') and not meson.is_cross_build()
]
# Construct the lua tester as a meson string.
kres_gen_test_luastr = '''
- dofile('@0@')
+ dofile('@0@/../../@1@')
local ffi = require('ffi')
- '''.format(meson.current_source_dir() / kres_gen_fname)
+ '''.format(meson.current_build_dir(), kres_gen_lua)
foreach ttc: types_to_check
# We're careful with adding just includes; otherwise it's more fragile (e.g. linking flags).
if 'dep' in ttc
diff --git a/daemon/proxyv2.c b/daemon/proxyv2.c
index f977ccb..aedbb91 100644
--- a/daemon/proxyv2.c
+++ b/daemon/proxyv2.c
@@ -2,6 +2,9 @@
* SPDX-License-Identifier: GPL-3.0-or-later
*/
+#include "daemon/session.h"
+#include "daemon/network.h"
+
#include "daemon/proxyv2.h"
#include "lib/generic/trie.h"
@@ -91,12 +94,12 @@ static inline enum proxy2_family proxy2_header_protocol(const struct proxy2_head
static inline union proxy2_address *proxy2_get_address(const struct proxy2_header *h)
{
- return (union proxy2_address *) ((uint8_t *) h + sizeof(struct proxy2_header));
+ return (union proxy2_address *)((uint8_t *)h + sizeof(struct proxy2_header));
}
static inline struct proxy2_tlv *get_tlvs(const struct proxy2_header *h, size_t addr_len)
{
- return (struct proxy2_tlv *) ((uint8_t *) proxy2_get_address(h) + addr_len);
+ return (struct proxy2_tlv *)((uint8_t *)proxy2_get_address(h) + addr_len);
}
/** Gets the length of the TLV's `value` attribute. */
@@ -111,20 +114,20 @@ static inline bool has_tlv(const struct proxy2_header *h,
uint64_t addr_length = ntohs(h->length);
ptrdiff_t hdr_len = sizeof(struct proxy2_header) + addr_length;
- uint8_t *tlv_hdr_end = (uint8_t *) tlv + sizeof(struct proxy2_tlv);
- ptrdiff_t distance = tlv_hdr_end - (uint8_t *) h;
+ uint8_t *tlv_hdr_end = (uint8_t *)tlv + sizeof(struct proxy2_tlv);
+ ptrdiff_t distance = tlv_hdr_end - (uint8_t *)h;
if (hdr_len < distance)
return false;
uint8_t *tlv_end = tlv_hdr_end + proxy2_tlv_length(tlv);
- distance = tlv_end - (uint8_t *) h;
+ distance = tlv_end - (uint8_t *)h;
return hdr_len >= distance;
}
static inline void next_tlv(struct proxy2_tlv **tlv)
{
- uint8_t *next = ((uint8_t *) *tlv + sizeof(struct proxy2_tlv) + proxy2_tlv_length(*tlv));
- *tlv = (struct proxy2_tlv *) next;
+ uint8_t *next = ((uint8_t *)*tlv + sizeof(struct proxy2_tlv) + proxy2_tlv_length(*tlv));
+ *tlv = (struct proxy2_tlv *)next;
}
@@ -140,7 +143,7 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr)
trie = net->proxy_addrs4;
addr_size = sizeof(addr.ip4);
- addr.ip4 = ((struct sockaddr_in *) saddr)->sin_addr;
+ addr.ip4 = ((struct sockaddr_in *)saddr)->sin_addr;
break;
case AF_INET6:
if (net->proxy_all6)
@@ -148,7 +151,7 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr)
trie = net->proxy_addrs6;
addr_size = sizeof(addr.ip6);
- addr.ip6 = ((struct sockaddr_in6 *) saddr)->sin6_addr;
+ addr.ip6 = ((struct sockaddr_in6 *)saddr)->sin6_addr;
break;
default:
kr_assert(false); // Only IPv4 and IPv6 proxy addresses supported
@@ -156,14 +159,14 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr)
}
trie_val_t *val;
- int ret = trie_get_leq(trie, (char *) &addr, addr_size, &val);
+ int ret = trie_get_leq(trie, (char *)&addr, addr_size, &val);
if (ret != kr_ok() && ret != 1)
return false;
kr_assert(val);
const struct net_proxy_data *found = *val;
kr_assert(found);
- return kr_bitcmp((char *) &addr, (char *) &found->addr, found->netmask) == 0;
+ return kr_bitcmp((char *)&addr, (char *)&found->addr, found->netmask) == 0;
}
ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
@@ -172,7 +175,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
if (!buf)
return kr_error(EINVAL);
- const struct proxy2_header *hdr = (struct proxy2_header *) buf;
+ const struct proxy2_header *hdr = (struct proxy2_header *)buf;
uint64_t content_length = ntohs(hdr->length);
ssize_t hdr_len = sizeof(struct proxy2_header) + content_length;
@@ -191,7 +194,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
enum proxy2_command command = proxy2_header_command(hdr);
if (command == PROXY2_CMD_LOCAL) {
/* Addresses for LOCAL are to be discarded */
- *out = (struct proxy_result) { .command = PROXY2_CMD_LOCAL };
+ *out = (struct proxy_result){ .command = PROXY2_CMD_LOCAL };
goto fill_wirebuf;
}
@@ -200,13 +203,14 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
return kr_error(KNOT_EMALF);
}
- *out = (struct proxy_result) { .command = PROXY2_CMD_PROXY };
+ *out = (struct proxy_result){ .command = PROXY2_CMD_PROXY };
/* Parse flags */
enum proxy2_family family = proxy2_header_family(hdr);
switch(family) {
case PROXY2_AF_UNSPEC:
- case PROXY2_AF_UNIX: /* UNIX is unsupported, fall back to UNSPEC */
+ case PROXY2_AF_UNIX:
+ /* UNIX is unsupported, fall back to UNSPEC */
out->family = AF_UNSPEC;
break;
case PROXY2_AF_INET:
@@ -215,7 +219,8 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
case PROXY2_AF_INET6:
out->family = AF_INET6;
break;
- default: /* PROXYv2 prohibits other values */
+ default:
+ /* PROXYv2 prohibits other values */
return kr_error(KNOT_EMALF);
}
@@ -227,7 +232,8 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
case PROXY2_PROTOCOL_STREAM:
out->protocol = SOCK_STREAM;
break;
- default: /* PROXYv2 prohibits other values */
+ default:
+ /* PROXYv2 prohibits other values */
return kr_error(KNOT_EMALF);
}
@@ -240,12 +246,12 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
if (content_length < addr_length)
return kr_error(KNOT_EMALF);
- out->src_addr.ip4 = (struct sockaddr_in) {
+ out->src_addr.ip4 = (struct sockaddr_in){
.sin_family = AF_INET,
.sin_addr = { .s_addr = addr->ipv4_addr.src_addr },
.sin_port = addr->ipv4_addr.src_port,
};
- out->dst_addr.ip4 = (struct sockaddr_in) {
+ out->dst_addr.ip4 = (struct sockaddr_in){
.sin_family = AF_INET,
.sin_addr = { .s_addr = addr->ipv4_addr.dst_addr },
.sin_port = addr->ipv4_addr.dst_port,
@@ -256,7 +262,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
if (content_length < addr_length)
return kr_error(KNOT_EMALF);
- out->src_addr.ip6 = (struct sockaddr_in6) {
+ out->src_addr.ip6 = (struct sockaddr_in6){
.sin6_family = AF_INET6,
.sin6_port = addr->ipv6_addr.src_port
};
@@ -264,7 +270,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
&out->src_addr.ip6.sin6_addr.s6_addr,
&addr->ipv6_addr.src_addr,
sizeof(out->src_addr.ip6.sin6_addr.s6_addr));
- out->dst_addr.ip6 = (struct sockaddr_in6) {
+ out->dst_addr.ip6 = (struct sockaddr_in6){
.sin6_family = AF_INET6,
.sin6_port = addr->ipv6_addr.dst_port
};
diff --git a/daemon/proxyv2.h b/daemon/proxyv2.h
index 2d57744..fdee126 100644
--- a/daemon/proxyv2.h
+++ b/daemon/proxyv2.h
@@ -6,10 +6,11 @@
#include <stdint.h>
-#include "daemon/session.h"
-#include "daemon/network.h"
#include "lib/utils.h"
+struct network;
+struct session;
+
extern const char PROXY2_SIGNATURE[12];
#define PROXY2_MIN_SIZE 16
@@ -21,14 +22,20 @@ enum proxy2_command {
/** Parsed result of the PROXY protocol */
struct proxy_result {
- enum proxy2_command command; /**< Proxy command - PROXY or LOCAL. */
- int family; /**< Address family from netinet library (e.g. AF_INET6). */
- int protocol; /**< Protocol type from socket library (e.g. SOCK_STREAM). */
- union kr_sockaddr src_addr; /**< Parsed source address and port. */
- union kr_sockaddr dst_addr; /**< Parsed destination address and port. */
- bool has_tls : 1; /**< `true` = client has used TLS with the proxy.
- If TLS padding is enabled, it will be used even if
- the proxy did not use TLS with kresd. */
+ /** Proxy command - PROXY or LOCAL. */
+ enum proxy2_command command;
+ /** Address family from netinet library (e.g. AF_INET6). */
+ int family;
+ /** Protocol type from socket library (e.g. SOCK_STREAM). */
+ int protocol;
+ /** Parsed source address and port. */
+ union kr_sockaddr src_addr;
+ /** Parsed destination address and port. */
+ union kr_sockaddr dst_addr;
+ /** `true` = client has used TLS with the proxy. If TLS padding is
+ * enabled, it will be used even if the communication between kresd and
+ * the proxy is unencrypted. */
+ bool has_tls : 1;
};
/** Checks for a PROXY protocol version 2 signature in the specified buffer. */