6 files changed, 87 insertions, 61 deletions
diff --git a/src/libknot/control/control.c b/src/libknot/control/control.c
index 8656057..671896f 100644
--- a/src/libknot/control/control.c
+++ b/src/libknot/control/control.c
@@ -1,4 +1,4 @@
-/*  Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -37,7 +37,7 @@
 #endif
 
 /*! Listen backlog size. */
-#define LISTEN_BACKLOG		5
+#define DEFAULT_LISTEN_BACKLOG		5
 
 /*! Default socket operations timeout in milliseconds. */
 #define DEFAULT_TIMEOUT		(30 * 1000)
@@ -196,6 +196,12 @@ void knot_ctl_set_timeout(knot_ctl_t *ctx, int timeout_ms)
 _public_
 int knot_ctl_bind(knot_ctl_t *ctx, const char *path)
 {
+	return knot_ctl_bind2(ctx, path, DEFAULT_LISTEN_BACKLOG);
+}
+
+_public_
+int knot_ctl_bind2(knot_ctl_t *ctx, const char *path, unsigned backlog)
+{
 	if (ctx == NULL || path == NULL) {
 		return KNOT_EINVAL;
 	}
@@ -215,7 +221,7 @@ int knot_ctl_bind(knot_ctl_t *ctx, const char *path)
 	}
 
 	// Start listening.
-	if (listen(ctx->listen_sock, LISTEN_BACKLOG) != 0) {
+	if (listen(ctx->listen_sock, backlog) != 0) {
 		close_sock(&ctx->listen_sock);
 		return knot_map_errno();
 	}
diff --git a/src/libknot/control/control.h b/src/libknot/control/control.h
index 1d3dcd1..8ab1e10 100644
--- a/src/libknot/control/control.h
+++ b/src/libknot/control/control.h
@@ -1,4 +1,4 @@
-/*  Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -94,6 +94,11 @@ void knot_ctl_set_timeout(knot_ctl_t *ctx, int timeout_ms);
 int knot_ctl_bind(knot_ctl_t *ctx, const char *path);
 
 /*!
+ * Same as knot_ctl_bind() with socket backlog specification.
+ */
+int knot_ctl_bind2(knot_ctl_t *ctx, const char *path, unsigned backlog);
+
+/*!
  * Unbinds a control socket.
  *
  * \note Server operation.
diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c
index 5e447e7..f9d1d1d 100644
--- a/src/libknot/quic/quic.c
+++ b/src/libknot/quic/quic.c
@@ -44,6 +44,7 @@
 #include "libknot/wire.h"
 
 #define SERVER_DEFAULT_SCIDLEN 18
+#define QUIC_REGULAR_TOKEN_TIMEOUT (24 * 3600 * 1000000000LLU)
 
 #define QUIC_DEFAULT_VERSION "-VERS-ALL:+VERS-TLS1.3"
 #define QUIC_DEFAULT_GROUPS  "-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1"
@@ -971,14 +972,25 @@ int knot_quic_handle(knot_quic_table_t *table, knot_quic_reply_t *reply,
 		}
 
 		if (header.tokenlen > 0) {
-			ret = ngtcp2_crypto_verify_retry_token(
-				&odcid, header.token, header.tokenlen,
-				(const uint8_t *)table->hash_secret,
-				sizeof(table->hash_secret), header.version,
-				(const struct sockaddr *)reply->ip_rem,
-				addr_len((struct sockaddr_in6 *)reply->ip_rem),
-				&dcid, idle_timeout, now // NOTE setting retry token validity to idle_timeout for simplicity
-			);
+			if (header.token[0] == NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY) {
+				ret = ngtcp2_crypto_verify_retry_token(
+					&odcid, header.token, header.tokenlen,
+					(const uint8_t *)table->hash_secret,
+					sizeof(table->hash_secret), header.version,
+					(const struct sockaddr *)reply->ip_rem,
+					addr_len((struct sockaddr_in6 *)reply->ip_rem),
+					&dcid, idle_timeout, now // NOTE setting retry token validity to idle_timeout for simplicity
+				);
+			} else {
+				ret = ngtcp2_crypto_verify_regular_token(
+					header.token, header.tokenlen,
+					(const uint8_t *)table->hash_secret,
+					sizeof(table->hash_secret),
+					(const struct sockaddr *)reply->ip_rem,
+					addr_len((struct sockaddr_in6 *)reply->ip_rem),
+					QUIC_REGULAR_TOKEN_TIMEOUT, now
+				);
+			}
 			if (ret != 0) {
 				ret = KNOT_EOK;
 				goto finish;
diff --git a/src/libknot/version.h b/src/libknot/version.h
index 2f86ed7..66b1793 100644
--- a/src/libknot/version.h
+++ b/src/libknot/version.h
@@ -18,7 +18,7 @@
 
 #define KNOT_VERSION_MAJOR 3
 #define KNOT_VERSION_MINOR 3
-#define KNOT_VERSION_PATCH 0x05
+#define KNOT_VERSION_PATCH 0x06
 
 #define KNOT_VERSION_HEX ((KNOT_VERSION_MAJOR << 16) | \
                           (KNOT_VERSION_MINOR <<  8) | \
diff --git a/src/libknot/xdp/tcp.c b/src/libknot/xdp/tcp.c
index 7d647d7..94d445c 100644
--- a/src/libknot/xdp/tcp.c
+++ b/src/libknot/xdp/tcp.c
@@ -588,7 +588,7 @@ int knot_tcp_send(knot_xdp_socket_t *socket, knot_tcp_relay_t relays[],
 			break;
 		case XDP_TCP_RESET:
 			NEXT_MSG
-			msg->flags |= KNOT_XDP_MSG_RST;
+			msg->flags |= (KNOT_XDP_MSG_RST | KNOT_XDP_MSG_ACK);
 			break;
 		case XDP_TCP_NOOP:
 		default:
diff --git a/src/libknot/yparser/ypbody.c b/src/libknot/yparser/ypbody.c
index ad9cf1f..3343604 100644
--- a/src/libknot/yparser/ypbody.c
+++ b/src/libknot/yparser/ypbody.c
@@ -1,5 +1,5 @@
 
-/*  Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -45,8 +45,8 @@ static const unsigned char _yparser_key_offsets[] = {
 	0, 0, 14, 16, 27, 29, 32, 43,
 	44, 54, 65, 67, 68, 78, 90, 94,
 	96, 99, 104, 107, 110, 122, 132, 142,
-	145, 148, 151, 156, 159, 162, 176, 190,
-	204
+	145, 155, 160, 163, 166, 169, 172, 186,
+	200, 214
 };
 
 static const char _yparser_trans_keys[] = {
@@ -65,43 +65,44 @@ static const char _yparser_trans_keys[] = {
 	34, 32, 126, 34, 92, 127, 0, 31,
 	10, 13, 32, 34, 32, 126, 10, 13,
 	32, 34, 35, 44, 91, 92, 93, 127,
-	0, 31, 32, 34, 35, 44, 92, 127,
-	0, 31, 91, 93, 32, 44, 91, 92,
+	0, 31, 32, 34, 35, 44, 91, 92,
+	93, 127, 0, 31, 32, 44, 91, 92,
 	93, 127, 0, 31, 34, 35, 32, 44,
-	93, 10, 13, 32, 34, 32, 126, 34,
-	92, 127, 0, 31, 32, 44, 93, 34,
-	32, 126, 10, 13, 32, 35, 42, 45,
+	93, 32, 34, 35, 44, 92, 127, 0,
+	31, 91, 93, 34, 92, 127, 0, 31,
+	32, 44, 93, 10, 13, 32, 34, 32,
+	126, 34, 32, 126, 10, 13, 32, 35,
+	42, 45, 92, 95, 46, 57, 65, 90,
+	97, 122, 10, 13, 32, 35, 42, 45,
 	92, 95, 46, 57, 65, 90, 97, 122,
 	10, 13, 32, 35, 42, 45, 92, 95,
 	46, 57, 65, 90, 97, 122, 10, 13,
 	32, 35, 42, 45, 92, 95, 46, 57,
-	65, 90, 97, 122, 10, 13, 32, 35,
-	42, 45, 92, 95, 46, 57, 65, 90,
-	97, 122, 0
+	65, 90, 97, 122, 0
 };
 
 static const char _yparser_single_lengths[] = {
 	0, 8, 2, 5, 2, 3, 5, 1,
 	4, 5, 2, 1, 6, 6, 4, 2,
-	1, 3, 3, 1, 10, 6, 6, 3,
-	3, 1, 3, 3, 1, 8, 8, 8,
-	8
+	1, 3, 3, 1, 10, 8, 6, 3,
+	6, 3, 3, 3, 1, 1, 8, 8,
+	8, 8
 };
 
 static const char _yparser_range_lengths[] = {
 	0, 3, 0, 3, 0, 0, 3, 0,
 	3, 3, 0, 0, 2, 3, 0, 0,
-	1, 1, 0, 1, 1, 2, 2, 0,
-	0, 1, 1, 0, 1, 3, 3, 3,
-	3
+	1, 1, 0, 1, 1, 1, 2, 0,
+	2, 1, 0, 0, 1, 1, 3, 3,
+	3, 3
 };
 
 static const unsigned char _yparser_index_offsets[] = {
 	0, 0, 12, 15, 24, 27, 31, 40,
 	42, 50, 59, 62, 64, 73, 83, 88,
-	91, 94, 99, 103, 106, 118, 127, 136,
-	140, 144, 147, 152, 156, 159, 171, 183,
-	195
+	91, 94, 99, 103, 106, 118, 128, 137,
+	141, 150, 155, 159, 163, 166, 169, 181,
+	193, 205
 };
 
 static const char _yparser_indicies[] = {
@@ -120,30 +121,32 @@ static const char _yparser_indicies[] = {
 	0, 0, 37, 30, 31, 32, 0, 40,
 	37, 0, 12, 13, 14, 27, 35, 0,
 	41, 28, 0, 0, 0, 26, 41, 43,
-	0, 0, 44, 0, 0, 0, 42, 46,
-	47, 0, 48, 49, 0, 0, 0, 45,
-	50, 41, 51, 0, 12, 13, 34, 0,
-	52, 45, 0, 54, 55, 0, 0, 53,
-	46, 47, 49, 0, 56, 53, 0, 1,
-	2, 3, 4, 57, 6, 57, 57, 57,
-	57, 57, 0, 59, 60, 61, 62, 63,
-	64, 63, 63, 63, 63, 63, 58, 65,
-	66, 67, 68, 69, 70, 69, 69, 69,
-	69, 69, 0, 71, 72, 73, 74, 75,
-	76, 75, 75, 75, 75, 75, 58, 0
+	0, 0, 0, 44, 45, 0, 0, 42,
+	47, 48, 0, 49, 50, 0, 0, 0,
+	46, 51, 52, 45, 0, 52, 43, 0,
+	0, 44, 0, 0, 0, 42, 54, 55,
+	0, 0, 53, 47, 48, 50, 0, 12,
+	13, 34, 0, 56, 53, 0, 57, 46,
+	0, 1, 2, 3, 4, 58, 6, 58,
+	58, 58, 58, 58, 0, 60, 61, 62,
+	63, 64, 65, 64, 64, 64, 64, 64,
+	59, 66, 67, 68, 69, 70, 71, 70,
+	70, 70, 70, 70, 0, 72, 73, 74,
+	75, 76, 77, 76, 76, 76, 76, 76,
+	59, 0
 };
 
 static const char _yparser_trans_targs[] = {
-	0, 30, 31, 1, 2, 3, 7, 4,
-	3, 5, 4, 5, 32, 29, 20, 4,
+	0, 31, 32, 1, 2, 3, 7, 4,
+	3, 5, 4, 5, 33, 30, 20, 4,
 	6, 5, 8, 9, 10, 9, 11, 10,
-	11, 12, 13, 17, 16, 13, 32, 29,
+	11, 12, 13, 17, 16, 13, 33, 30,
 	14, 16, 14, 15, 13, 17, 18, 19,
-	17, 21, 22, 26, 25, 22, 23, 21,
-	25, 24, 23, 24, 22, 26, 27, 28,
-	26, 6, 0, 30, 31, 1, 2, 6,
-	7, 30, 31, 1, 2, 6, 7, 30,
-	31, 1, 2, 6, 7
+	17, 21, 22, 25, 29, 27, 22, 23,
+	24, 29, 27, 23, 24, 25, 26, 28,
+	25, 22, 6, 0, 31, 32, 1, 2,
+	6, 7, 31, 32, 1, 2, 6, 7,
+	31, 32, 1, 2, 6, 7
 };
 
 static const char _yparser_trans_actions[] = {
@@ -152,26 +155,26 @@ static const char _yparser_trans_actions[] = {
 	13, 15, 21, 46, 19, 13, 19, 0,
 	0, 0, 37, 7, 37, 9, 43, 11,
 	11, 9, 0, 0, 40, 9, 0, 9,
-	40, 0, 37, 7, 37, 9, 11, 11,
-	9, 11, 0, 0, 40, 9, 0, 9,
-	40, 46, 31, 55, 28, 88, 28, 83,
-	93, 34, 5, 75, 5, 71, 79, 25,
-	3, 63, 3, 59, 67
+	40, 0, 37, 7, 37, 0, 9, 11,
+	11, 9, 11, 0, 0, 9, 0, 9,
+	40, 40, 46, 31, 55, 28, 88, 28,
+	83, 93, 34, 5, 75, 5, 71, 79,
+	25, 3, 63, 3, 59, 67
 };
 
 static const char _yparser_eof_actions[] = {
 	0, 23, 23, 23, 23, 23, 23, 23,
 	23, 23, 23, 23, 23, 23, 23, 23,
 	23, 23, 23, 23, 23, 23, 23, 23,
-	23, 23, 23, 23, 23, 0, 28, 5,
-	3
+	23, 23, 23, 23, 23, 23, 0, 28,
+	5, 3
 };
 
 
 
 
 
-int _yp_start_state = 29;
+int _yp_start_state = 30;
 
 int _yp_parse(
 	yp_parser_t *parser)