9 files changed, 33 insertions, 8 deletions
diff --git a/src/libknot/codes.c b/src/libknot/codes.c
index 9027e6f..7a0a170 100644
--- a/src/libknot/codes.c
+++ b/src/libknot/codes.c
@@ -1,4 +1,4 @@
-/*  Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -126,6 +126,8 @@ const knot_lookup_t knot_svcb_param_names[] = {
 	{ KNOT_SVCB_PARAM_IPV4HINT,  "ipv4hint" },
 	{ KNOT_SVCB_PARAM_ECH,       "ech" },
 	{ KNOT_SVCB_PARAM_IPV6HINT,  "ipv6hint" },
+	{ KNOT_SVCB_PARAM_DOHPATH,   "dohpath" },
+	{ KNOT_SVCB_PARAM_OHTTP,     "ohttp" },
 	{ 0, NULL }
 };
 
@@ -139,4 +141,5 @@ const knot_lookup_t knot_edns_opt_names[] = {
 	{ KNOT_EDNS_OPTION_PADDING,       "PADDING" },
 	{ KNOT_EDNS_OPTION_CHAIN,         "CHAIN" },
 	{ KNOT_EDNS_OPTION_EDE,           "EDE" },
+	{ 0, NULL }
 };
diff --git a/src/libknot/consts.h b/src/libknot/consts.h
index e6041b7..f685365 100644
--- a/src/libknot/consts.h
+++ b/src/libknot/consts.h
@@ -1,4 +1,4 @@
-/*  Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -148,7 +148,7 @@ typedef enum {
 /*!
  * \brief Service Binding (SVCB) Parameter Registry
  *
- * https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-05 // FIXME
+ * https://www.iana.org/assignments/dns-svcb/dns-svcb.xhtml
  */
 typedef enum {
 	KNOT_SVCB_PARAM_MANDATORY = 0,
@@ -158,6 +158,8 @@ typedef enum {
 	KNOT_SVCB_PARAM_IPV4HINT  = 4,
 	KNOT_SVCB_PARAM_ECH       = 5,
 	KNOT_SVCB_PARAM_IPV6HINT  = 6,
+	KNOT_SVCB_PARAM_DOHPATH   = 7,
+	KNOT_SVCB_PARAM_OHTTP     = 8,
 } knot_svcb_param_t;
 
 /*! @} */
diff --git a/src/libknot/descriptor.c b/src/libknot/descriptor.c
index 5ff2714..b5b8737 100644
--- a/src/libknot/descriptor.c
+++ b/src/libknot/descriptor.c
@@ -1,4 +1,4 @@
-/*  Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -150,6 +150,8 @@ static const knot_rdata_descriptor_t rdata_descriptors[] = {
 	                               KNOT_RDATA_WF_END }, "URI" },
 	[KNOT_RRTYPE_CAA]        = { { KNOT_RDATA_WF_REMAINDER,
 	                               KNOT_RDATA_WF_END }, "CAA" },
+	[KNOT_RRTYPE_WALLET]     = { { KNOT_RDATA_WF_REMAINDER,
+	                               KNOT_RDATA_WF_END }, "WALLET" },
 };
 
 #define MAX_RRTYPE sizeof(rdata_descriptors) / sizeof(knot_rdata_descriptor_t) - 1
diff --git a/src/libknot/descriptor.h b/src/libknot/descriptor.h
index 14cd3b3..714bc5e 100644
--- a/src/libknot/descriptor.h
+++ b/src/libknot/descriptor.h
@@ -1,4 +1,4 @@
-/*  Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -126,6 +126,8 @@ enum knot_rr_type {
 	KNOT_RRTYPE_ANY        = 255, /*!< QTYPE. Any record. */
 	KNOT_RRTYPE_URI        = 256, /*!< Uniform resource identifier. */
 	KNOT_RRTYPE_CAA        = 257, /*!< Certification authority restriction. */
+
+	KNOT_RRTYPE_WALLET     = 262, /*!< Public wallet address. */
 };
 
 /*!
diff --git a/src/libknot/errcode.h b/src/libknot/errcode.h
index a9eb65c..6ec4a94 100644
--- a/src/libknot/errcode.h
+++ b/src/libknot/errcode.h
@@ -57,6 +57,8 @@ enum knot_error {
 	KNOT_ERANGE        = -ERANGE,
 	KNOT_EADDRNOTAVAIL = -EADDRNOTAVAIL,
 	KNOT_ENOTDIR       = -ENOTDIR,
+	KNOT_EPERM         = -EPERM,
+	KNOT_EROFS         = -EROFS,
 
 	KNOT_ERRNO_ERROR   = -500,
 
@@ -175,6 +177,7 @@ enum knot_error {
 	KNOT_NO_PRIVATE_KEY,
 	KNOT_NO_READY_KEY,
 	KNOT_DNSSEC_EKEYTAG_LIMIT,
+	KNOT_DNSSEC_EXTRA_NSEC,
 
 	KNOT_ERROR_MAX = -501
 };
diff --git a/src/libknot/error.c b/src/libknot/error.c
index a148ee7..ae9b973 100644
--- a/src/libknot/error.c
+++ b/src/libknot/error.c
@@ -58,6 +58,8 @@ static const struct error errors[] = {
 	{ KNOT_ERANGE,        "value is out of range" },
 	{ KNOT_EADDRNOTAVAIL, "address is not available" },
 	{ KNOT_ENOTDIR,       "not a directory" },
+	{ KNOT_EPERM,         "operation not permitted" },
+	{ KNOT_EROFS,         "read-only file system" },
 
 	{ KNOT_ERRNO_ERROR,   "unknown system error" },
 
@@ -174,6 +176,7 @@ static const struct error errors[] = {
 	{ KNOT_NO_PRIVATE_KEY,        "no private key" },
 	{ KNOT_NO_READY_KEY,          "no key ready for submission" },
 	{ KNOT_DNSSEC_EKEYTAG_LIMIT,  "many keys with equal keytag" },
+	{ KNOT_DNSSEC_EXTRA_NSEC,     "superfluous NSEC(3)" },
 
 	/* Terminator */
 	{ KNOT_ERROR, NULL }
diff --git a/src/libknot/rrset-dump.c b/src/libknot/rrset-dump.c
index 51a52dd..ea406ca 100644
--- a/src/libknot/rrset-dump.c
+++ b/src/libknot/rrset-dump.c
@@ -1540,6 +1540,12 @@ static void wire_svcparam_to_str(rrset_dump_params_t *p)
 		case KNOT_SVCB_PARAM_IPV6HINT:
 			wire_value_list_to_str(p, wire_ipv6_to_str, p->in + val_len);
 			break;
+		case KNOT_SVCB_PARAM_DOHPATH:
+			wire_text_to_str(p, val_len, NULL, true, false);
+			break;
+		case KNOT_SVCB_PARAM_OHTTP:
+			p->ret = -1; // must not have value
+			break;
 		default:
 			wire_text_to_str(p, val_len, NULL, true, false);
 		}
@@ -2263,6 +2269,7 @@ static int txt_dump_data(rrset_dump_params_t *p, uint16_t type)
 			return dump_mx(p);
 		case KNOT_RRTYPE_TXT:
 		case KNOT_RRTYPE_SPF:
+		case KNOT_RRTYPE_WALLET:
 			return dump_txt(p);
 		case KNOT_RRTYPE_KEY:
 		case KNOT_RRTYPE_DNSKEY:
diff --git a/src/libknot/version.h b/src/libknot/version.h
index cca89f7..91261cb 100644
--- a/src/libknot/version.h
+++ b/src/libknot/version.h
@@ -18,7 +18,7 @@
 
 #define KNOT_VERSION_MAJOR 3
 #define KNOT_VERSION_MINOR 3
-#define KNOT_VERSION_PATCH 0x07
+#define KNOT_VERSION_PATCH 0x08
 
 #define KNOT_VERSION_HEX ((KNOT_VERSION_MAJOR << 16) | \
                           (KNOT_VERSION_MINOR <<  8) | \
diff --git a/src/libknot/xdp/tcp.c b/src/libknot/xdp/tcp.c
index 94d445c..eae73a9 100644
--- a/src/libknot/xdp/tcp.c
+++ b/src/libknot/xdp/tcp.c
@@ -353,7 +353,10 @@ int knot_tcp_recv(knot_tcp_relay_t *relays, knot_xdp_msg_t msgs[], uint32_t msg_
 				bool synack = (msg->flags & KNOT_XDP_MSG_ACK);
 
 				knot_tcp_table_t *add_table = tcp_table;
-				if (syn_table != NULL && !synack) {
+				if (syn_table != NULL) {
+					if (synack) {
+						break; // creating conn based on SYN+ACK is only for kxdpgun, disallow in knotd
+					}
 					add_table = syn_table;
 					if (*tcp_table_lookup(&msg->ip_from, &msg->ip_to, &conn_hash, syn_table) != NULL) {
 						break;
@@ -383,7 +386,7 @@ int knot_tcp_recv(knot_tcp_relay_t *relays, knot_xdp_msg_t msgs[], uint32_t msg_
 			break;
 		case KNOT_XDP_MSG_ACK:
 			if (!seq_ack_match) {
-				if (syn_table != NULL && msg->payload.iov_len == 0 &&
+				if (syn_table != NULL && msg->payload.iov_len == 0 && conn == NULL &&
 				    (pconn = tcp_table_lookup(&msg->ip_from, &msg->ip_to, &conn_hash, syn_table)) != NULL &&
 				    (conn = *pconn) != NULL && check_seq_ack(msg, conn)) {
 					// move conn from syn_table to tcp_table