diff options
Diffstat (limited to 'src/libknot')
-rw-r--r-- | src/libknot/control/control.c | 12 | ||||
-rw-r--r-- | src/libknot/control/control.h | 7 | ||||
-rw-r--r-- | src/libknot/quic/quic.c | 28 | ||||
-rw-r--r-- | src/libknot/version.h | 2 | ||||
-rw-r--r-- | src/libknot/xdp/tcp.c | 2 | ||||
-rw-r--r-- | src/libknot/yparser/ypbody.c | 97 |
6 files changed, 87 insertions, 61 deletions
diff --git a/src/libknot/control/control.c b/src/libknot/control/control.c index 8656057..671896f 100644 --- a/src/libknot/control/control.c +++ b/src/libknot/control/control.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -37,7 +37,7 @@ #endif /*! Listen backlog size. */ -#define LISTEN_BACKLOG 5 +#define DEFAULT_LISTEN_BACKLOG 5 /*! Default socket operations timeout in milliseconds. */ #define DEFAULT_TIMEOUT (30 * 1000) @@ -196,6 +196,12 @@ void knot_ctl_set_timeout(knot_ctl_t *ctx, int timeout_ms) _public_ int knot_ctl_bind(knot_ctl_t *ctx, const char *path) { + return knot_ctl_bind2(ctx, path, DEFAULT_LISTEN_BACKLOG); +} + +_public_ +int knot_ctl_bind2(knot_ctl_t *ctx, const char *path, unsigned backlog) +{ if (ctx == NULL || path == NULL) { return KNOT_EINVAL; } @@ -215,7 +221,7 @@ int knot_ctl_bind(knot_ctl_t *ctx, const char *path) } // Start listening. - if (listen(ctx->listen_sock, LISTEN_BACKLOG) != 0) { + if (listen(ctx->listen_sock, backlog) != 0) { close_sock(&ctx->listen_sock); return knot_map_errno(); } diff --git a/src/libknot/control/control.h b/src/libknot/control/control.h index 1d3dcd1..8ab1e10 100644 --- a/src/libknot/control/control.h +++ b/src/libknot/control/control.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -94,6 +94,11 @@ void knot_ctl_set_timeout(knot_ctl_t *ctx, int timeout_ms); int knot_ctl_bind(knot_ctl_t *ctx, const char *path); /*! + * Same as knot_ctl_bind() with socket backlog specification. + */ +int knot_ctl_bind2(knot_ctl_t *ctx, const char *path, unsigned backlog); + +/*! * Unbinds a control socket. * * \note Server operation. diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c index 5e447e7..f9d1d1d 100644 --- a/src/libknot/quic/quic.c +++ b/src/libknot/quic/quic.c @@ -44,6 +44,7 @@ #include "libknot/wire.h" #define SERVER_DEFAULT_SCIDLEN 18 +#define QUIC_REGULAR_TOKEN_TIMEOUT (24 * 3600 * 1000000000LLU) #define QUIC_DEFAULT_VERSION "-VERS-ALL:+VERS-TLS1.3" #define QUIC_DEFAULT_GROUPS "-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1" @@ -971,14 +972,25 @@ int knot_quic_handle(knot_quic_table_t *table, knot_quic_reply_t *reply, } if (header.tokenlen > 0) { - ret = ngtcp2_crypto_verify_retry_token( - &odcid, header.token, header.tokenlen, - (const uint8_t *)table->hash_secret, - sizeof(table->hash_secret), header.version, - (const struct sockaddr *)reply->ip_rem, - addr_len((struct sockaddr_in6 *)reply->ip_rem), - &dcid, idle_timeout, now // NOTE setting retry token validity to idle_timeout for simplicity - ); + if (header.token[0] == NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY) { + ret = ngtcp2_crypto_verify_retry_token( + &odcid, header.token, header.tokenlen, + (const uint8_t *)table->hash_secret, + sizeof(table->hash_secret), header.version, + (const struct sockaddr *)reply->ip_rem, + addr_len((struct sockaddr_in6 *)reply->ip_rem), + &dcid, idle_timeout, now // NOTE setting retry token validity to idle_timeout for simplicity + ); + } else { + ret = ngtcp2_crypto_verify_regular_token( + header.token, header.tokenlen, + (const uint8_t *)table->hash_secret, + sizeof(table->hash_secret), + (const struct sockaddr *)reply->ip_rem, + addr_len((struct sockaddr_in6 *)reply->ip_rem), + QUIC_REGULAR_TOKEN_TIMEOUT, now + ); + } if (ret != 0) { ret = KNOT_EOK; goto finish; diff --git a/src/libknot/version.h b/src/libknot/version.h index 2f86ed7..66b1793 100644 --- a/src/libknot/version.h +++ b/src/libknot/version.h @@ -18,7 +18,7 @@ #define KNOT_VERSION_MAJOR 3 #define KNOT_VERSION_MINOR 3 -#define KNOT_VERSION_PATCH 0x05 +#define KNOT_VERSION_PATCH 0x06 #define KNOT_VERSION_HEX ((KNOT_VERSION_MAJOR << 16) | \ (KNOT_VERSION_MINOR << 8) | \ diff --git a/src/libknot/xdp/tcp.c b/src/libknot/xdp/tcp.c index 7d647d7..94d445c 100644 --- a/src/libknot/xdp/tcp.c +++ b/src/libknot/xdp/tcp.c @@ -588,7 +588,7 @@ int knot_tcp_send(knot_xdp_socket_t *socket, knot_tcp_relay_t relays[], break; case XDP_TCP_RESET: NEXT_MSG - msg->flags |= KNOT_XDP_MSG_RST; + msg->flags |= (KNOT_XDP_MSG_RST | KNOT_XDP_MSG_ACK); break; case XDP_TCP_NOOP: default: diff --git a/src/libknot/yparser/ypbody.c b/src/libknot/yparser/ypbody.c index ad9cf1f..3343604 100644 --- a/src/libknot/yparser/ypbody.c +++ b/src/libknot/yparser/ypbody.c @@ -1,5 +1,5 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -45,8 +45,8 @@ static const unsigned char _yparser_key_offsets[] = { 0, 0, 14, 16, 27, 29, 32, 43, 44, 54, 65, 67, 68, 78, 90, 94, 96, 99, 104, 107, 110, 122, 132, 142, - 145, 148, 151, 156, 159, 162, 176, 190, - 204 + 145, 155, 160, 163, 166, 169, 172, 186, + 200, 214 }; static const char _yparser_trans_keys[] = { @@ -65,43 +65,44 @@ static const char _yparser_trans_keys[] = { 34, 32, 126, 34, 92, 127, 0, 31, 10, 13, 32, 34, 32, 126, 10, 13, 32, 34, 35, 44, 91, 92, 93, 127, - 0, 31, 32, 34, 35, 44, 92, 127, - 0, 31, 91, 93, 32, 44, 91, 92, + 0, 31, 32, 34, 35, 44, 91, 92, + 93, 127, 0, 31, 32, 44, 91, 92, 93, 127, 0, 31, 34, 35, 32, 44, - 93, 10, 13, 32, 34, 32, 126, 34, - 92, 127, 0, 31, 32, 44, 93, 34, - 32, 126, 10, 13, 32, 35, 42, 45, + 93, 32, 34, 35, 44, 92, 127, 0, + 31, 91, 93, 34, 92, 127, 0, 31, + 32, 44, 93, 10, 13, 32, 34, 32, + 126, 34, 32, 126, 10, 13, 32, 35, + 42, 45, 92, 95, 46, 57, 65, 90, + 97, 122, 10, 13, 32, 35, 42, 45, 92, 95, 46, 57, 65, 90, 97, 122, 10, 13, 32, 35, 42, 45, 92, 95, 46, 57, 65, 90, 97, 122, 10, 13, 32, 35, 42, 45, 92, 95, 46, 57, - 65, 90, 97, 122, 10, 13, 32, 35, - 42, 45, 92, 95, 46, 57, 65, 90, - 97, 122, 0 + 65, 90, 97, 122, 0 }; static const char _yparser_single_lengths[] = { 0, 8, 2, 5, 2, 3, 5, 1, 4, 5, 2, 1, 6, 6, 4, 2, - 1, 3, 3, 1, 10, 6, 6, 3, - 3, 1, 3, 3, 1, 8, 8, 8, - 8 + 1, 3, 3, 1, 10, 8, 6, 3, + 6, 3, 3, 3, 1, 1, 8, 8, + 8, 8 }; static const char _yparser_range_lengths[] = { 0, 3, 0, 3, 0, 0, 3, 0, 3, 3, 0, 0, 2, 3, 0, 0, - 1, 1, 0, 1, 1, 2, 2, 0, - 0, 1, 1, 0, 1, 3, 3, 3, - 3 + 1, 1, 0, 1, 1, 1, 2, 0, + 2, 1, 0, 0, 1, 1, 3, 3, + 3, 3 }; static const unsigned char _yparser_index_offsets[] = { 0, 0, 12, 15, 24, 27, 31, 40, 42, 50, 59, 62, 64, 73, 83, 88, - 91, 94, 99, 103, 106, 118, 127, 136, - 140, 144, 147, 152, 156, 159, 171, 183, - 195 + 91, 94, 99, 103, 106, 118, 128, 137, + 141, 150, 155, 159, 163, 166, 169, 181, + 193, 205 }; static const char _yparser_indicies[] = { @@ -120,30 +121,32 @@ static const char _yparser_indicies[] = { 0, 0, 37, 30, 31, 32, 0, 40, 37, 0, 12, 13, 14, 27, 35, 0, 41, 28, 0, 0, 0, 26, 41, 43, - 0, 0, 44, 0, 0, 0, 42, 46, - 47, 0, 48, 49, 0, 0, 0, 45, - 50, 41, 51, 0, 12, 13, 34, 0, - 52, 45, 0, 54, 55, 0, 0, 53, - 46, 47, 49, 0, 56, 53, 0, 1, - 2, 3, 4, 57, 6, 57, 57, 57, - 57, 57, 0, 59, 60, 61, 62, 63, - 64, 63, 63, 63, 63, 63, 58, 65, - 66, 67, 68, 69, 70, 69, 69, 69, - 69, 69, 0, 71, 72, 73, 74, 75, - 76, 75, 75, 75, 75, 75, 58, 0 + 0, 0, 0, 44, 45, 0, 0, 42, + 47, 48, 0, 49, 50, 0, 0, 0, + 46, 51, 52, 45, 0, 52, 43, 0, + 0, 44, 0, 0, 0, 42, 54, 55, + 0, 0, 53, 47, 48, 50, 0, 12, + 13, 34, 0, 56, 53, 0, 57, 46, + 0, 1, 2, 3, 4, 58, 6, 58, + 58, 58, 58, 58, 0, 60, 61, 62, + 63, 64, 65, 64, 64, 64, 64, 64, + 59, 66, 67, 68, 69, 70, 71, 70, + 70, 70, 70, 70, 0, 72, 73, 74, + 75, 76, 77, 76, 76, 76, 76, 76, + 59, 0 }; static const char _yparser_trans_targs[] = { - 0, 30, 31, 1, 2, 3, 7, 4, - 3, 5, 4, 5, 32, 29, 20, 4, + 0, 31, 32, 1, 2, 3, 7, 4, + 3, 5, 4, 5, 33, 30, 20, 4, 6, 5, 8, 9, 10, 9, 11, 10, - 11, 12, 13, 17, 16, 13, 32, 29, + 11, 12, 13, 17, 16, 13, 33, 30, 14, 16, 14, 15, 13, 17, 18, 19, - 17, 21, 22, 26, 25, 22, 23, 21, - 25, 24, 23, 24, 22, 26, 27, 28, - 26, 6, 0, 30, 31, 1, 2, 6, - 7, 30, 31, 1, 2, 6, 7, 30, - 31, 1, 2, 6, 7 + 17, 21, 22, 25, 29, 27, 22, 23, + 24, 29, 27, 23, 24, 25, 26, 28, + 25, 22, 6, 0, 31, 32, 1, 2, + 6, 7, 31, 32, 1, 2, 6, 7, + 31, 32, 1, 2, 6, 7 }; static const char _yparser_trans_actions[] = { @@ -152,26 +155,26 @@ static const char _yparser_trans_actions[] = { 13, 15, 21, 46, 19, 13, 19, 0, 0, 0, 37, 7, 37, 9, 43, 11, 11, 9, 0, 0, 40, 9, 0, 9, - 40, 0, 37, 7, 37, 9, 11, 11, - 9, 11, 0, 0, 40, 9, 0, 9, - 40, 46, 31, 55, 28, 88, 28, 83, - 93, 34, 5, 75, 5, 71, 79, 25, - 3, 63, 3, 59, 67 + 40, 0, 37, 7, 37, 0, 9, 11, + 11, 9, 11, 0, 0, 9, 0, 9, + 40, 40, 46, 31, 55, 28, 88, 28, + 83, 93, 34, 5, 75, 5, 71, 79, + 25, 3, 63, 3, 59, 67 }; static const char _yparser_eof_actions[] = { 0, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, - 23, 23, 23, 23, 23, 0, 28, 5, - 3 + 23, 23, 23, 23, 23, 23, 0, 28, + 5, 3 }; -int _yp_start_state = 29; +int _yp_start_state = 30; int _yp_parse( yp_parser_t *parser) |