summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/Makefile.in256
-rw-r--r--src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.h2
-rw-r--r--src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.c50
-rw-r--r--src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.c63
-rw-r--r--src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.c58
-rw-r--r--src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.c54
-rw-r--r--src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.c34
-rw-r--r--src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.h33
-rw-r--r--src/contrib/libngtcp2/ngtcp2/version.h4
-rw-r--r--src/knot/Makefile.inc1
-rw-r--r--src/knot/dnssec/kasp/kasp_zone.c2
-rw-r--r--src/knot/dnssec/key-events.c30
-rw-r--r--src/knot/dnssec/zone-sign.c34
-rw-r--r--src/knot/include/module.h16
-rw-r--r--src/knot/modules/authsignal/Makefile.inc12
-rw-r--r--src/knot/modules/authsignal/authsignal.c88
-rw-r--r--src/knot/modules/authsignal/authsignal.rst41
-rw-r--r--src/knot/nameserver/query_module.c37
-rw-r--r--src/knot/query/quic-requestor.c1
-rw-r--r--src/knot/zone/semantic-check.c4
-rw-r--r--src/knot/zone/semantic-check.h3
-rw-r--r--src/libdnssec/version.h2
-rw-r--r--src/libknot/errcode.h1
-rw-r--r--src/libknot/error.c1
-rw-r--r--src/libknot/rrset-dump.c8
-rw-r--r--src/libknot/rrset.h21
-rw-r--r--src/libknot/version.h2
-rw-r--r--src/libknot/xdp/protocols.h2
-rw-r--r--src/libzscanner/error.c4
-rw-r--r--src/libzscanner/error.h3
-rw-r--r--src/libzscanner/scanner.c.g2313
-rw-r--r--src/libzscanner/scanner.c.t023
-rw-r--r--src/libzscanner/scanner.h4
-rw-r--r--src/libzscanner/scanner_body.rl25
-rw-r--r--src/libzscanner/version.h2
-rw-r--r--src/utils/kzonecheck/main.c47
-rw-r--r--src/utils/kzonecheck/zone_check.c37
-rw-r--r--src/utils/kzonecheck/zone_check.h4
38 files changed, 988 insertions, 334 deletions
diff --git a/src/Makefile.in b/src/Makefile.in
index 5b04f9c..df978b4 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -137,49 +137,51 @@ host_triplet = @host@
@HAVE_DAEMON_TRUE@am__append_19 = libknotd.la
@HAVE_DAEMON_TRUE@am__append_20 = knotd.pc
-@STATIC_MODULE_cookies_TRUE@am__append_21 = $(knot_modules_cookies_la_SOURCES)
-@SHARED_MODULE_cookies_TRUE@am__append_22 = knot/modules/cookies.la
-@STATIC_MODULE_dnsproxy_TRUE@am__append_23 = $(knot_modules_dnsproxy_la_SOURCES)
-@SHARED_MODULE_dnsproxy_TRUE@am__append_24 = knot/modules/dnsproxy.la
-@STATIC_MODULE_dnstap_TRUE@am__append_25 = $(knot_modules_dnstap_la_SOURCES)
-@STATIC_MODULE_dnstap_TRUE@am__append_26 = $(DNSTAP_CFLAGS)
-@STATIC_MODULE_dnstap_TRUE@am__append_27 = $(libdnstap_LIBS)
-@SHARED_MODULE_dnstap_TRUE@am__append_28 = knot/modules/dnstap.la
-@STATIC_MODULE_geoip_TRUE@am__append_29 = $(knot_modules_geoip_la_SOURCES)
-@STATIC_MODULE_geoip_TRUE@am__append_30 = $(libmaxminddb_CFLAGS)
-@STATIC_MODULE_geoip_TRUE@am__append_31 = $(libmaxminddb_LIBS)
-@SHARED_MODULE_geoip_TRUE@am__append_32 = knot/modules/geoip.la
-@STATIC_MODULE_noudp_TRUE@am__append_33 = $(knot_modules_noudp_la_SOURCES)
-@SHARED_MODULE_noudp_TRUE@am__append_34 = knot/modules/noudp.la
-@STATIC_MODULE_onlinesign_TRUE@am__append_35 = $(knot_modules_onlinesign_la_SOURCES)
-@SHARED_MODULE_onlinesign_TRUE@am__append_36 = knot/modules/onlinesign.la
-@STATIC_MODULE_probe_TRUE@am__append_37 = $(knot_modules_probe_la_SOURCES)
-@SHARED_MODULE_probe_TRUE@am__append_38 = knot/modules/probe.la
-@STATIC_MODULE_queryacl_TRUE@am__append_39 = $(knot_modules_queryacl_la_SOURCES)
-@SHARED_MODULE_queryacl_TRUE@am__append_40 = knot/modules/queryacl.la
-@STATIC_MODULE_rrl_TRUE@am__append_41 = $(knot_modules_rrl_la_SOURCES)
-@SHARED_MODULE_rrl_TRUE@am__append_42 = knot/modules/rrl.la
-@STATIC_MODULE_stats_TRUE@am__append_43 = $(knot_modules_stats_la_SOURCES)
-@SHARED_MODULE_stats_TRUE@am__append_44 = knot/modules/stats.la
-@STATIC_MODULE_synthrecord_TRUE@am__append_45 = $(knot_modules_synthrecord_la_SOURCES)
-@SHARED_MODULE_synthrecord_TRUE@am__append_46 = knot/modules/synthrecord.la
-@STATIC_MODULE_whoami_TRUE@am__append_47 = $(knot_modules_whoami_la_SOURCES)
-@SHARED_MODULE_whoami_TRUE@am__append_48 = knot/modules/whoami.la
+@STATIC_MODULE_authsignal_TRUE@am__append_21 = $(knot_modules_authsignal_la_SOURCES)
+@SHARED_MODULE_authsignal_TRUE@am__append_22 = knot/modules/authsignal.la
+@STATIC_MODULE_cookies_TRUE@am__append_23 = $(knot_modules_cookies_la_SOURCES)
+@SHARED_MODULE_cookies_TRUE@am__append_24 = knot/modules/cookies.la
+@STATIC_MODULE_dnsproxy_TRUE@am__append_25 = $(knot_modules_dnsproxy_la_SOURCES)
+@SHARED_MODULE_dnsproxy_TRUE@am__append_26 = knot/modules/dnsproxy.la
+@STATIC_MODULE_dnstap_TRUE@am__append_27 = $(knot_modules_dnstap_la_SOURCES)
+@STATIC_MODULE_dnstap_TRUE@am__append_28 = $(DNSTAP_CFLAGS)
+@STATIC_MODULE_dnstap_TRUE@am__append_29 = $(libdnstap_LIBS)
+@SHARED_MODULE_dnstap_TRUE@am__append_30 = knot/modules/dnstap.la
+@STATIC_MODULE_geoip_TRUE@am__append_31 = $(knot_modules_geoip_la_SOURCES)
+@STATIC_MODULE_geoip_TRUE@am__append_32 = $(libmaxminddb_CFLAGS)
+@STATIC_MODULE_geoip_TRUE@am__append_33 = $(libmaxminddb_LIBS)
+@SHARED_MODULE_geoip_TRUE@am__append_34 = knot/modules/geoip.la
+@STATIC_MODULE_noudp_TRUE@am__append_35 = $(knot_modules_noudp_la_SOURCES)
+@SHARED_MODULE_noudp_TRUE@am__append_36 = knot/modules/noudp.la
+@STATIC_MODULE_onlinesign_TRUE@am__append_37 = $(knot_modules_onlinesign_la_SOURCES)
+@SHARED_MODULE_onlinesign_TRUE@am__append_38 = knot/modules/onlinesign.la
+@STATIC_MODULE_probe_TRUE@am__append_39 = $(knot_modules_probe_la_SOURCES)
+@SHARED_MODULE_probe_TRUE@am__append_40 = knot/modules/probe.la
+@STATIC_MODULE_queryacl_TRUE@am__append_41 = $(knot_modules_queryacl_la_SOURCES)
+@SHARED_MODULE_queryacl_TRUE@am__append_42 = knot/modules/queryacl.la
+@STATIC_MODULE_rrl_TRUE@am__append_43 = $(knot_modules_rrl_la_SOURCES)
+@SHARED_MODULE_rrl_TRUE@am__append_44 = knot/modules/rrl.la
+@STATIC_MODULE_stats_TRUE@am__append_45 = $(knot_modules_stats_la_SOURCES)
+@SHARED_MODULE_stats_TRUE@am__append_46 = knot/modules/stats.la
+@STATIC_MODULE_synthrecord_TRUE@am__append_47 = $(knot_modules_synthrecord_la_SOURCES)
+@SHARED_MODULE_synthrecord_TRUE@am__append_48 = knot/modules/synthrecord.la
+@STATIC_MODULE_whoami_TRUE@am__append_49 = $(knot_modules_whoami_la_SOURCES)
+@SHARED_MODULE_whoami_TRUE@am__append_50 = knot/modules/whoami.la
bin_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2)
sbin_PROGRAMS = $(am__EXEEXT_3) $(am__EXEEXT_4) $(am__EXEEXT_5)
-@HAVE_LIBUTILS_TRUE@am__append_49 = libknotus.la
-@EMBEDDED_LIBNGTCP2_TRUE@@HAVE_LIBUTILS_TRUE@am__append_50 = $(libembngtcp2_LIBS)
-@HAVE_UTILS_TRUE@am__append_51 = kdig khost knsec3hash knsupdate
-@HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_52 = $(DNSTAP_CFLAGS)
-@HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_53 = $(libdnstap_LIBS)
+@HAVE_LIBUTILS_TRUE@am__append_51 = libknotus.la
+@EMBEDDED_LIBNGTCP2_TRUE@@HAVE_LIBUTILS_TRUE@am__append_52 = $(libembngtcp2_LIBS)
+@HAVE_UTILS_TRUE@am__append_53 = kdig khost knsec3hash knsupdate
@HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_54 = $(DNSTAP_CFLAGS)
@HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_55 = $(libdnstap_LIBS)
-@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_56 = kxdpgun
-@ENABLE_QUIC_TRUE@@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_57 = $(gnutls_CFLAGS)
-@ENABLE_QUIC_TRUE@@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_58 = $(gnutls_LIBS)
-@HAVE_DAEMON_TRUE@am__append_59 = knotc knotd
-@HAVE_DAEMON_TRUE@@HAVE_UTILS_TRUE@am__append_60 = kzonecheck kzonesign
-@HAVE_DAEMON_TRUE@@HAVE_UTILS_TRUE@am__append_61 = keymgr kjournalprint kcatalogprint
+@HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_56 = $(DNSTAP_CFLAGS)
+@HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_57 = $(libdnstap_LIBS)
+@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_58 = kxdpgun
+@ENABLE_QUIC_TRUE@@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_59 = $(gnutls_CFLAGS)
+@ENABLE_QUIC_TRUE@@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_60 = $(gnutls_LIBS)
+@HAVE_DAEMON_TRUE@am__append_61 = knotc knotd
+@HAVE_DAEMON_TRUE@@HAVE_UTILS_TRUE@am__append_62 = kzonecheck kzonesign
+@HAVE_DAEMON_TRUE@@HAVE_UTILS_TRUE@am__append_63 = keymgr kjournalprint kcatalogprint
subdir = src
SUBDIRS =
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -247,20 +249,31 @@ am__uninstall_files_from_dir = { \
}
LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) \
$(pkglib_LTLIBRARIES)
+knot_modules_authsignal_la_LIBADD =
+am__dirstamp = $(am__leading_dot)dirstamp
+am_knot_modules_authsignal_la_OBJECTS = \
+ knot/modules/authsignal/la-authsignal.lo
+knot_modules_authsignal_la_OBJECTS = \
+ $(am_knot_modules_authsignal_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+knot_modules_authsignal_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(knot_modules_authsignal_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+@SHARED_MODULE_authsignal_TRUE@am_knot_modules_authsignal_la_rpath = \
+@SHARED_MODULE_authsignal_TRUE@ -rpath $(pkglibdir)
am__DEPENDENCIES_1 =
@USE_GNUTLS_MEMSET_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
am__DEPENDENCIES_3 = libcontrib.la $(am__DEPENDENCIES_2)
@SHARED_MODULE_cookies_TRUE@knot_modules_cookies_la_DEPENDENCIES = \
@SHARED_MODULE_cookies_TRUE@ $(am__DEPENDENCIES_3)
-am__dirstamp = $(am__leading_dot)dirstamp
am_knot_modules_cookies_la_OBJECTS = \
knot/modules/cookies/la-cookies.lo
knot_modules_cookies_la_OBJECTS = \
$(am_knot_modules_cookies_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
knot_modules_cookies_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(AM_CFLAGS) $(CFLAGS) $(knot_modules_cookies_la_LDFLAGS) \
@@ -748,6 +761,7 @@ am__libknotd_la_SOURCES_DIST = knot/catalog/catalog_db.c \
knot/zone/zonefile.c knot/zone/zonefile.h \
knot/query/quic-requestor.c knot/query/quic-requestor.h \
knot/server/quic-handler.c knot/server/quic-handler.h \
+ knot/modules/authsignal/authsignal.c \
knot/modules/cookies/cookies.c \
knot/modules/dnsproxy/dnsproxy.c knot/modules/dnstap/dnstap.c \
knot/modules/geoip/geoip.c knot/modules/geoip/geodb.c \
@@ -763,33 +777,35 @@ am__libknotd_la_SOURCES_DIST = knot/catalog/catalog_db.c \
@ENABLE_QUIC_TRUE@am__objects_3 = \
@ENABLE_QUIC_TRUE@ knot/query/libknotd_la-quic-requestor.lo \
@ENABLE_QUIC_TRUE@ knot/server/libknotd_la-quic-handler.lo
-am__objects_4 = knot/modules/cookies/libknotd_la-cookies.lo
-@STATIC_MODULE_cookies_TRUE@am__objects_5 = $(am__objects_4)
-am__objects_6 = knot/modules/dnsproxy/libknotd_la-dnsproxy.lo
-@STATIC_MODULE_dnsproxy_TRUE@am__objects_7 = $(am__objects_6)
-am__objects_8 = knot/modules/dnstap/libknotd_la-dnstap.lo
-@STATIC_MODULE_dnstap_TRUE@am__objects_9 = $(am__objects_8)
-am__objects_10 = knot/modules/geoip/libknotd_la-geoip.lo \
+am__objects_4 = knot/modules/authsignal/libknotd_la-authsignal.lo
+@STATIC_MODULE_authsignal_TRUE@am__objects_5 = $(am__objects_4)
+am__objects_6 = knot/modules/cookies/libknotd_la-cookies.lo
+@STATIC_MODULE_cookies_TRUE@am__objects_7 = $(am__objects_6)
+am__objects_8 = knot/modules/dnsproxy/libknotd_la-dnsproxy.lo
+@STATIC_MODULE_dnsproxy_TRUE@am__objects_9 = $(am__objects_8)
+am__objects_10 = knot/modules/dnstap/libknotd_la-dnstap.lo
+@STATIC_MODULE_dnstap_TRUE@am__objects_11 = $(am__objects_10)
+am__objects_12 = knot/modules/geoip/libknotd_la-geoip.lo \
knot/modules/geoip/libknotd_la-geodb.lo
-@STATIC_MODULE_geoip_TRUE@am__objects_11 = $(am__objects_10)
-am__objects_12 = knot/modules/noudp/libknotd_la-noudp.lo
-@STATIC_MODULE_noudp_TRUE@am__objects_13 = $(am__objects_12)
-am__objects_14 = knot/modules/onlinesign/libknotd_la-onlinesign.lo \
+@STATIC_MODULE_geoip_TRUE@am__objects_13 = $(am__objects_12)
+am__objects_14 = knot/modules/noudp/libknotd_la-noudp.lo
+@STATIC_MODULE_noudp_TRUE@am__objects_15 = $(am__objects_14)
+am__objects_16 = knot/modules/onlinesign/libknotd_la-onlinesign.lo \
knot/modules/onlinesign/libknotd_la-nsec_next.lo
-@STATIC_MODULE_onlinesign_TRUE@am__objects_15 = $(am__objects_14)
-am__objects_16 = knot/modules/probe/libknotd_la-probe.lo
-@STATIC_MODULE_probe_TRUE@am__objects_17 = $(am__objects_16)
-am__objects_18 = knot/modules/queryacl/libknotd_la-queryacl.lo
-@STATIC_MODULE_queryacl_TRUE@am__objects_19 = $(am__objects_18)
-am__objects_20 = knot/modules/rrl/libknotd_la-rrl.lo \
+@STATIC_MODULE_onlinesign_TRUE@am__objects_17 = $(am__objects_16)
+am__objects_18 = knot/modules/probe/libknotd_la-probe.lo
+@STATIC_MODULE_probe_TRUE@am__objects_19 = $(am__objects_18)
+am__objects_20 = knot/modules/queryacl/libknotd_la-queryacl.lo
+@STATIC_MODULE_queryacl_TRUE@am__objects_21 = $(am__objects_20)
+am__objects_22 = knot/modules/rrl/libknotd_la-rrl.lo \
knot/modules/rrl/libknotd_la-functions.lo
-@STATIC_MODULE_rrl_TRUE@am__objects_21 = $(am__objects_20)
-am__objects_22 = knot/modules/stats/libknotd_la-stats.lo
-@STATIC_MODULE_stats_TRUE@am__objects_23 = $(am__objects_22)
-am__objects_24 = knot/modules/synthrecord/libknotd_la-synthrecord.lo
-@STATIC_MODULE_synthrecord_TRUE@am__objects_25 = $(am__objects_24)
-am__objects_26 = knot/modules/whoami/libknotd_la-whoami.lo
-@STATIC_MODULE_whoami_TRUE@am__objects_27 = $(am__objects_26)
+@STATIC_MODULE_rrl_TRUE@am__objects_23 = $(am__objects_22)
+am__objects_24 = knot/modules/stats/libknotd_la-stats.lo
+@STATIC_MODULE_stats_TRUE@am__objects_25 = $(am__objects_24)
+am__objects_26 = knot/modules/synthrecord/libknotd_la-synthrecord.lo
+@STATIC_MODULE_synthrecord_TRUE@am__objects_27 = $(am__objects_26)
+am__objects_28 = knot/modules/whoami/libknotd_la-whoami.lo
+@STATIC_MODULE_whoami_TRUE@am__objects_29 = $(am__objects_28)
am_libknotd_la_OBJECTS = knot/catalog/libknotd_la-catalog_db.lo \
knot/catalog/libknotd_la-catalog_update.lo \
knot/catalog/libknotd_la-generate.lo \
@@ -895,7 +911,8 @@ am_libknotd_la_OBJECTS = knot/catalog/libknotd_la-catalog_db.lo \
$(am__objects_5) $(am__objects_7) $(am__objects_9) \
$(am__objects_11) $(am__objects_13) $(am__objects_15) \
$(am__objects_17) $(am__objects_19) $(am__objects_21) \
- $(am__objects_23) $(am__objects_25) $(am__objects_27)
+ $(am__objects_23) $(am__objects_25) $(am__objects_27) \
+ $(am__objects_29)
libknotd_la_OBJECTS = $(am_libknotd_la_OBJECTS)
libknotd_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@@ -939,9 +956,9 @@ libknotus_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(libknotus_la_LDFLAGS) $(LDFLAGS) -o $@
@HAVE_LIBUTILS_TRUE@am_libknotus_la_rpath =
libzscanner_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
-am__objects_28 =
+am__objects_30 =
am_libzscanner_la_OBJECTS = libzscanner/la-error.lo \
- libzscanner/la-functions.lo $(am__objects_28)
+ libzscanner/la-functions.lo $(am__objects_30)
nodist_libzscanner_la_OBJECTS = libzscanner/la-scanner.lo
libzscanner_la_OBJECTS = $(am_libzscanner_la_OBJECTS) \
$(nodist_libzscanner_la_OBJECTS)
@@ -1230,6 +1247,8 @@ am__depfiles_remade = contrib/$(DEPDIR)/libcontrib_la-base32hex.Plo \
knot/journal/$(DEPDIR)/libknotd_la-journal_write.Plo \
knot/journal/$(DEPDIR)/libknotd_la-knot_lmdb.Plo \
knot/journal/$(DEPDIR)/libknotd_la-serialization.Plo \
+ knot/modules/authsignal/$(DEPDIR)/la-authsignal.Plo \
+ knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Plo \
knot/modules/cookies/$(DEPDIR)/la-cookies.Plo \
knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Plo \
knot/modules/dnsproxy/$(DEPDIR)/la-dnsproxy.Plo \
@@ -1434,7 +1453,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(knot_modules_cookies_la_SOURCES) \
+SOURCES = $(knot_modules_authsignal_la_SOURCES) \
+ $(knot_modules_cookies_la_SOURCES) \
$(knot_modules_dnsproxy_la_SOURCES) \
$(knot_modules_dnstap_la_SOURCES) \
$(knot_modules_geoip_la_SOURCES) \
@@ -1455,7 +1475,8 @@ SOURCES = $(knot_modules_cookies_la_SOURCES) \
$(kjournalprint_SOURCES) $(knotc_SOURCES) $(knotd_SOURCES) \
$(knsec3hash_SOURCES) $(knsupdate_SOURCES) $(kxdpgun_SOURCES) \
$(kzonecheck_SOURCES) $(kzonesign_SOURCES)
-DIST_SOURCES = $(knot_modules_cookies_la_SOURCES) \
+DIST_SOURCES = $(knot_modules_authsignal_la_SOURCES) \
+ $(knot_modules_cookies_la_SOURCES) \
$(knot_modules_dnsproxy_la_SOURCES) \
$(knot_modules_dnstap_la_SOURCES) \
$(knot_modules_geoip_la_SOURCES) \
@@ -1546,6 +1567,7 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
$(srcdir)/contrib/Makefile.inc $(srcdir)/knot/Makefile.inc \
+ $(srcdir)/knot/modules/authsignal/Makefile.inc \
$(srcdir)/knot/modules/cookies/Makefile.inc \
$(srcdir)/knot/modules/dnsproxy/Makefile.inc \
$(srcdir)/knot/modules/dnstap/Makefile.inc \
@@ -1804,7 +1826,9 @@ EXTRA_DIST = contrib/licenses/0BSD contrib/licenses/BSD-3-Clause \
contrib/url-parser/LICENSE contrib/url-parser/README.md \
contrib/dnstap/dnstap.proto libzscanner/scanner.rl \
libzscanner/scanner_body.rl libzscanner/scanner.c.g2 \
- libzscanner/scanner.c.t0 knot/modules/cookies/cookies.rst \
+ libzscanner/scanner.c.t0 \
+ knot/modules/authsignal/authsignal.rst \
+ knot/modules/cookies/cookies.rst \
knot/modules/dnsproxy/dnsproxy.rst \
knot/modules/dnstap/dnstap.rst knot/modules/geoip/geoip.rst \
knot/modules/noudp/noudp.rst \
@@ -1818,7 +1842,7 @@ CLEANFILES = $(am__append_5) libzscanner/scanner.c
BUILT_SOURCES = $(am__append_4) libzscanner/scanner.c
lib_LTLIBRARIES = libdnssec.la libknot.la libzscanner.la
noinst_LTLIBRARIES = libcontrib.la $(am__append_3) $(am__append_6) \
- $(am__append_19) $(am__append_49)
+ $(am__append_19) $(am__append_51)
pkgconfig_DATA = libdnssec.pc libknot.pc libzscanner.pc \
$(am__append_20)
libcontrib_la_CPPFLAGS = $(AM_CPPFLAGS) $(CFLAG_VISIBILITY) \
@@ -2137,11 +2161,11 @@ nodist_libzscanner_la_SOURCES = \
libknotd_la_CPPFLAGS = $(AM_CPPFLAGS) $(CFLAG_VISIBILITY) \
$(libkqueue_CFLAGS) $(liburcu_CFLAGS) $(lmdb_CFLAGS) \
$(systemd_CFLAGS) $(gnutls_CFLAGS) $(libngtcp2_CFLAGS) \
- -DKNOTD_MOD_STATIC $(am__append_26) $(am__append_30)
+ -DKNOTD_MOD_STATIC $(am__append_28) $(am__append_32)
libknotd_la_LDFLAGS = $(AM_LDFLAGS) -export-symbols-regex '^knotd_'
libknotd_la_LIBADD = $(dlopen_LIBS) $(libkqueue_LIBS) $(pthread_LIBS) \
- $(libngtcp2_LIBS) $(am__append_17) $(am__append_27) \
- $(am__append_31)
+ $(libngtcp2_LIBS) $(am__append_17) $(am__append_29) \
+ $(am__append_33)
libknotd_LIBS = libknotd.la libknot.la libdnssec.la libzscanner.la \
$(libcontrib_LIBS) $(liburcu_LIBS) $(lmdb_LIBS) \
$(systemd_LIBS) $(gnutls_LIBS)
@@ -2244,16 +2268,20 @@ libknotd_la_SOURCES = knot/catalog/catalog_db.c \
knot/zone/zonedb-load.h knot/zone/zonedb.c knot/zone/zonedb.h \
knot/zone/zonefile.c knot/zone/zonefile.h $(am__append_18) \
$(am__append_21) $(am__append_23) $(am__append_25) \
- $(am__append_29) $(am__append_33) $(am__append_35) \
+ $(am__append_27) $(am__append_31) $(am__append_35) \
$(am__append_37) $(am__append_39) $(am__append_41) \
- $(am__append_43) $(am__append_45) $(am__append_47)
+ $(am__append_43) $(am__append_45) $(am__append_47) \
+ $(am__append_49)
KNOTD_MOD_CPPFLAGS = $(AM_CPPFLAGS) $(CFLAG_VISIBILITY)
KNOTD_MOD_LDFLAGS = $(AM_LDFLAGS) -module -shared -avoid-version
pkglib_LTLIBRARIES = $(am__append_22) $(am__append_24) \
- $(am__append_28) $(am__append_32) $(am__append_34) \
+ $(am__append_26) $(am__append_30) $(am__append_34) \
$(am__append_36) $(am__append_38) $(am__append_40) \
$(am__append_42) $(am__append_44) $(am__append_46) \
- $(am__append_48)
+ $(am__append_48) $(am__append_50)
+knot_modules_authsignal_la_SOURCES = knot/modules/authsignal/authsignal.c
+@SHARED_MODULE_authsignal_TRUE@knot_modules_authsignal_la_LDFLAGS = $(KNOTD_MOD_LDFLAGS)
+@SHARED_MODULE_authsignal_TRUE@knot_modules_authsignal_la_CPPFLAGS = $(KNOTD_MOD_CPPFLAGS)
knot_modules_cookies_la_SOURCES = knot/modules/cookies/cookies.c
@SHARED_MODULE_cookies_TRUE@knot_modules_cookies_la_LDFLAGS = $(KNOTD_MOD_LDFLAGS)
@SHARED_MODULE_cookies_TRUE@knot_modules_cookies_la_CPPFLAGS = $(KNOTD_MOD_CPPFLAGS)
@@ -2316,7 +2344,7 @@ knot_modules_whoami_la_SOURCES = knot/modules/whoami/whoami.c
@HAVE_LIBUTILS_TRUE@libknotus_la_LDFLAGS = $(AM_LDFLAGS) $(LDFLAG_EXCLUDE_LIBS)
@HAVE_LIBUTILS_TRUE@libknotus_la_LIBADD = $(libidn2_LIBS) \
@HAVE_LIBUTILS_TRUE@ $(libidn_LIBS) $(libnghttp2_LIBS) \
-@HAVE_LIBUTILS_TRUE@ $(libngtcp2_LIBS) $(am__append_50)
+@HAVE_LIBUTILS_TRUE@ $(libngtcp2_LIBS) $(am__append_52)
@HAVE_LIBUTILS_TRUE@libknotus_LIBS = libknotus.la libknot.la libdnssec.la $(libcontrib_LIBS) \
@HAVE_LIBUTILS_TRUE@ $(gnutls_LIBS) $(libedit_LIBS)
@@ -2379,11 +2407,11 @@ knot_modules_whoami_la_SOURCES = knot/modules/whoami/whoami.c
@HAVE_UTILS_TRUE@ utils/knsupdate/knsupdate_params.h
@HAVE_UTILS_TRUE@kdig_CPPFLAGS = $(libknotus_la_CPPFLAGS) \
-@HAVE_UTILS_TRUE@ $(am__append_52)
-@HAVE_UTILS_TRUE@kdig_LDADD = $(libknotus_LIBS) $(am__append_53)
-@HAVE_UTILS_TRUE@khost_CPPFLAGS = $(libknotus_la_CPPFLAGS) \
@HAVE_UTILS_TRUE@ $(am__append_54)
-@HAVE_UTILS_TRUE@khost_LDADD = $(libknotus_LIBS) $(am__append_55)
+@HAVE_UTILS_TRUE@kdig_LDADD = $(libknotus_LIBS) $(am__append_55)
+@HAVE_UTILS_TRUE@khost_CPPFLAGS = $(libknotus_la_CPPFLAGS) \
+@HAVE_UTILS_TRUE@ $(am__append_56)
+@HAVE_UTILS_TRUE@khost_LDADD = $(libknotus_LIBS) $(am__append_57)
@HAVE_UTILS_TRUE@knsec3hash_CPPFLAGS = $(libknotus_la_CPPFLAGS)
@HAVE_UTILS_TRUE@knsec3hash_LDADD = libknot.la libdnssec.la $(libcontrib_LIBS)
@HAVE_UTILS_TRUE@knsupdate_CPPFLAGS = $(libknotus_la_CPPFLAGS)
@@ -2398,12 +2426,12 @@ knot_modules_whoami_la_SOURCES = knot/modules/whoami/whoami.c
@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@kxdpgun_CPPFLAGS = \
@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(libknotus_la_CPPFLAGS) \
@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(libmnl_CFLAGS) \
-@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(am__append_57)
+@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(am__append_59)
@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@kxdpgun_LDADD = libknot.la \
@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(libcontrib_LIBS) \
@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(libmnl_LIBS) \
@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(pthread_LIBS) \
-@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(am__append_58)
+@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(am__append_60)
@HAVE_DAEMON_TRUE@knotc_SOURCES = \
@HAVE_DAEMON_TRUE@ utils/knotc/commands.c \
@HAVE_DAEMON_TRUE@ utils/knotc/commands.h \
@@ -2465,7 +2493,7 @@ all: $(BUILT_SOURCES) config.h
.SUFFIXES:
.SUFFIXES: .proto .pb-c.c .pb-c.h .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/contrib/Makefile.inc $(srcdir)/libdnssec/Makefile.inc $(srcdir)/libknot/Makefile.inc $(srcdir)/libzscanner/Makefile.inc $(srcdir)/knot/Makefile.inc $(srcdir)/knot/modules/cookies/Makefile.inc $(srcdir)/knot/modules/dnsproxy/Makefile.inc $(srcdir)/knot/modules/dnstap/Makefile.inc $(srcdir)/knot/modules/geoip/Makefile.inc $(srcdir)/knot/modules/noudp/Makefile.inc $(srcdir)/knot/modules/onlinesign/Makefile.inc $(srcdir)/knot/modules/probe/Makefile.inc $(srcdir)/knot/modules/queryacl/Makefile.inc $(srcdir)/knot/modules/rrl/Makefile.inc $(srcdir)/knot/modules/stats/Makefile.inc $(srcdir)/knot/modules/synthrecord/Makefile.inc $(srcdir)/knot/modules/whoami/Makefile.inc $(srcdir)/utils/Makefile.inc $(am__configure_deps)
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/contrib/Makefile.inc $(srcdir)/libdnssec/Makefile.inc $(srcdir)/libknot/Makefile.inc $(srcdir)/libzscanner/Makefile.inc $(srcdir)/knot/Makefile.inc $(srcdir)/knot/modules/authsignal/Makefile.inc $(srcdir)/knot/modules/cookies/Makefile.inc $(srcdir)/knot/modules/dnsproxy/Makefile.inc $(srcdir)/knot/modules/dnstap/Makefile.inc $(srcdir)/knot/modules/geoip/Makefile.inc $(srcdir)/knot/modules/noudp/Makefile.inc $(srcdir)/knot/modules/onlinesign/Makefile.inc $(srcdir)/knot/modules/probe/Makefile.inc $(srcdir)/knot/modules/queryacl/Makefile.inc $(srcdir)/knot/modules/rrl/Makefile.inc $(srcdir)/knot/modules/stats/Makefile.inc $(srcdir)/knot/modules/synthrecord/Makefile.inc $(srcdir)/knot/modules/whoami/Makefile.inc $(srcdir)/utils/Makefile.inc $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
@@ -2485,7 +2513,7 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
-$(srcdir)/contrib/Makefile.inc $(srcdir)/libdnssec/Makefile.inc $(srcdir)/libknot/Makefile.inc $(srcdir)/libzscanner/Makefile.inc $(srcdir)/knot/Makefile.inc $(srcdir)/knot/modules/cookies/Makefile.inc $(srcdir)/knot/modules/dnsproxy/Makefile.inc $(srcdir)/knot/modules/dnstap/Makefile.inc $(srcdir)/knot/modules/geoip/Makefile.inc $(srcdir)/knot/modules/noudp/Makefile.inc $(srcdir)/knot/modules/onlinesign/Makefile.inc $(srcdir)/knot/modules/probe/Makefile.inc $(srcdir)/knot/modules/queryacl/Makefile.inc $(srcdir)/knot/modules/rrl/Makefile.inc $(srcdir)/knot/modules/stats/Makefile.inc $(srcdir)/knot/modules/synthrecord/Makefile.inc $(srcdir)/knot/modules/whoami/Makefile.inc $(srcdir)/utils/Makefile.inc $(am__empty):
+$(srcdir)/contrib/Makefile.inc $(srcdir)/libdnssec/Makefile.inc $(srcdir)/libknot/Makefile.inc $(srcdir)/libzscanner/Makefile.inc $(srcdir)/knot/Makefile.inc $(srcdir)/knot/modules/authsignal/Makefile.inc $(srcdir)/knot/modules/cookies/Makefile.inc $(srcdir)/knot/modules/dnsproxy/Makefile.inc $(srcdir)/knot/modules/dnstap/Makefile.inc $(srcdir)/knot/modules/geoip/Makefile.inc $(srcdir)/knot/modules/noudp/Makefile.inc $(srcdir)/knot/modules/onlinesign/Makefile.inc $(srcdir)/knot/modules/probe/Makefile.inc $(srcdir)/knot/modules/queryacl/Makefile.inc $(srcdir)/knot/modules/rrl/Makefile.inc $(srcdir)/knot/modules/stats/Makefile.inc $(srcdir)/knot/modules/synthrecord/Makefile.inc $(srcdir)/knot/modules/whoami/Makefile.inc $(srcdir)/utils/Makefile.inc $(am__empty):
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
@@ -2729,6 +2757,21 @@ clean-pkglibLTLIBRARIES:
echo rm -f $${locs}; \
rm -f $${locs}; \
}
+knot/modules/authsignal/$(am__dirstamp):
+ @$(MKDIR_P) knot/modules/authsignal
+ @: > knot/modules/authsignal/$(am__dirstamp)
+knot/modules/authsignal/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) knot/modules/authsignal/$(DEPDIR)
+ @: > knot/modules/authsignal/$(DEPDIR)/$(am__dirstamp)
+knot/modules/authsignal/la-authsignal.lo: \
+ knot/modules/authsignal/$(am__dirstamp) \
+ knot/modules/authsignal/$(DEPDIR)/$(am__dirstamp)
+knot/modules/$(am__dirstamp):
+ @$(MKDIR_P) knot/modules
+ @: > knot/modules/$(am__dirstamp)
+
+knot/modules/authsignal.la: $(knot_modules_authsignal_la_OBJECTS) $(knot_modules_authsignal_la_DEPENDENCIES) $(EXTRA_knot_modules_authsignal_la_DEPENDENCIES) knot/modules/$(am__dirstamp)
+ $(AM_V_CCLD)$(knot_modules_authsignal_la_LINK) $(am_knot_modules_authsignal_la_rpath) $(knot_modules_authsignal_la_OBJECTS) $(knot_modules_authsignal_la_LIBADD) $(LIBS)
knot/modules/cookies/$(am__dirstamp):
@$(MKDIR_P) knot/modules/cookies
@: > knot/modules/cookies/$(am__dirstamp)
@@ -2738,9 +2781,6 @@ knot/modules/cookies/$(DEPDIR)/$(am__dirstamp):
knot/modules/cookies/la-cookies.lo: \
knot/modules/cookies/$(am__dirstamp) \
knot/modules/cookies/$(DEPDIR)/$(am__dirstamp)
-knot/modules/$(am__dirstamp):
- @$(MKDIR_P) knot/modules
- @: > knot/modules/$(am__dirstamp)
knot/modules/cookies.la: $(knot_modules_cookies_la_OBJECTS) $(knot_modules_cookies_la_DEPENDENCIES) $(EXTRA_knot_modules_cookies_la_DEPENDENCIES) knot/modules/$(am__dirstamp)
$(AM_V_CCLD)$(knot_modules_cookies_la_LINK) $(am_knot_modules_cookies_la_rpath) $(knot_modules_cookies_la_OBJECTS) $(knot_modules_cookies_la_LIBADD) $(LIBS)
@@ -3700,6 +3740,9 @@ knot/query/libknotd_la-quic-requestor.lo: knot/query/$(am__dirstamp) \
knot/query/$(DEPDIR)/$(am__dirstamp)
knot/server/libknotd_la-quic-handler.lo: knot/server/$(am__dirstamp) \
knot/server/$(DEPDIR)/$(am__dirstamp)
+knot/modules/authsignal/libknotd_la-authsignal.lo: \
+ knot/modules/authsignal/$(am__dirstamp) \
+ knot/modules/authsignal/$(DEPDIR)/$(am__dirstamp)
knot/modules/cookies/libknotd_la-cookies.lo: \
knot/modules/cookies/$(am__dirstamp) \
knot/modules/cookies/$(DEPDIR)/$(am__dirstamp)
@@ -4034,6 +4077,8 @@ mostlyclean-compile:
-rm -f knot/events/handlers/*.lo
-rm -f knot/journal/*.$(OBJEXT)
-rm -f knot/journal/*.lo
+ -rm -f knot/modules/authsignal/*.$(OBJEXT)
+ -rm -f knot/modules/authsignal/*.lo
-rm -f knot/modules/cookies/*.$(OBJEXT)
-rm -f knot/modules/cookies/*.lo
-rm -f knot/modules/dnsproxy/*.$(OBJEXT)
@@ -4250,6 +4295,8 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@knot/journal/$(DEPDIR)/libknotd_la-journal_write.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@knot/journal/$(DEPDIR)/libknotd_la-knot_lmdb.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@knot/journal/$(DEPDIR)/libknotd_la-serialization.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@knot/modules/authsignal/$(DEPDIR)/la-authsignal.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@knot/modules/cookies/$(DEPDIR)/la-cookies.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@knot/modules/dnsproxy/$(DEPDIR)/la-dnsproxy.Plo@am__quote@ # am--include-marker
@@ -4468,6 +4515,13 @@ am--depfiles: $(am__depfiles_remade)
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+knot/modules/authsignal/la-authsignal.lo: knot/modules/authsignal/authsignal.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(knot_modules_authsignal_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT knot/modules/authsignal/la-authsignal.lo -MD -MP -MF knot/modules/authsignal/$(DEPDIR)/la-authsignal.Tpo -c -o knot/modules/authsignal/la-authsignal.lo `test -f 'knot/modules/authsignal/authsignal.c' || echo '$(srcdir)/'`knot/modules/authsignal/authsignal.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) knot/modules/authsignal/$(DEPDIR)/la-authsignal.Tpo knot/modules/authsignal/$(DEPDIR)/la-authsignal.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='knot/modules/authsignal/authsignal.c' object='knot/modules/authsignal/la-authsignal.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(knot_modules_authsignal_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o knot/modules/authsignal/la-authsignal.lo `test -f 'knot/modules/authsignal/authsignal.c' || echo '$(srcdir)/'`knot/modules/authsignal/authsignal.c
+
knot/modules/cookies/la-cookies.lo: knot/modules/cookies/cookies.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(knot_modules_cookies_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT knot/modules/cookies/la-cookies.lo -MD -MP -MF knot/modules/cookies/$(DEPDIR)/la-cookies.Tpo -c -o knot/modules/cookies/la-cookies.lo `test -f 'knot/modules/cookies/cookies.c' || echo '$(srcdir)/'`knot/modules/cookies/cookies.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) knot/modules/cookies/$(DEPDIR)/la-cookies.Tpo knot/modules/cookies/$(DEPDIR)/la-cookies.Plo
@@ -6246,6 +6300,13 @@ knot/server/libknotd_la-quic-handler.lo: knot/server/quic-handler.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libknotd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o knot/server/libknotd_la-quic-handler.lo `test -f 'knot/server/quic-handler.c' || echo '$(srcdir)/'`knot/server/quic-handler.c
+knot/modules/authsignal/libknotd_la-authsignal.lo: knot/modules/authsignal/authsignal.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libknotd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT knot/modules/authsignal/libknotd_la-authsignal.lo -MD -MP -MF knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Tpo -c -o knot/modules/authsignal/libknotd_la-authsignal.lo `test -f 'knot/modules/authsignal/authsignal.c' || echo '$(srcdir)/'`knot/modules/authsignal/authsignal.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Tpo knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='knot/modules/authsignal/authsignal.c' object='knot/modules/authsignal/libknotd_la-authsignal.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libknotd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o knot/modules/authsignal/libknotd_la-authsignal.lo `test -f 'knot/modules/authsignal/authsignal.c' || echo '$(srcdir)/'`knot/modules/authsignal/authsignal.c
+
knot/modules/cookies/libknotd_la-cookies.lo: knot/modules/cookies/cookies.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libknotd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT knot/modules/cookies/libknotd_la-cookies.lo -MD -MP -MF knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Tpo -c -o knot/modules/cookies/libknotd_la-cookies.lo `test -f 'knot/modules/cookies/cookies.c' || echo '$(srcdir)/'`knot/modules/cookies/cookies.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Tpo knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Plo
@@ -6902,6 +6963,7 @@ clean-libtool:
-rm -rf knot/events/handlers/.libs knot/events/handlers/_libs
-rm -rf knot/journal/.libs knot/journal/_libs
-rm -rf knot/modules/.libs knot/modules/_libs
+ -rm -rf knot/modules/authsignal/.libs knot/modules/authsignal/_libs
-rm -rf knot/modules/cookies/.libs knot/modules/cookies/_libs
-rm -rf knot/modules/dnsproxy/.libs knot/modules/dnsproxy/_libs
-rm -rf knot/modules/dnstap/.libs knot/modules/dnstap/_libs
@@ -7289,6 +7351,8 @@ distclean-generic:
-rm -f knot/journal/$(DEPDIR)/$(am__dirstamp)
-rm -f knot/journal/$(am__dirstamp)
-rm -f knot/modules/$(am__dirstamp)
+ -rm -f knot/modules/authsignal/$(DEPDIR)/$(am__dirstamp)
+ -rm -f knot/modules/authsignal/$(am__dirstamp)
-rm -f knot/modules/cookies/$(DEPDIR)/$(am__dirstamp)
-rm -f knot/modules/cookies/$(am__dirstamp)
-rm -f knot/modules/dnsproxy/$(DEPDIR)/$(am__dirstamp)
@@ -7526,6 +7590,8 @@ distclean: distclean-recursive
-rm -f knot/journal/$(DEPDIR)/libknotd_la-journal_write.Plo
-rm -f knot/journal/$(DEPDIR)/libknotd_la-knot_lmdb.Plo
-rm -f knot/journal/$(DEPDIR)/libknotd_la-serialization.Plo
+ -rm -f knot/modules/authsignal/$(DEPDIR)/la-authsignal.Plo
+ -rm -f knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Plo
-rm -f knot/modules/cookies/$(DEPDIR)/la-cookies.Plo
-rm -f knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Plo
-rm -f knot/modules/dnsproxy/$(DEPDIR)/la-dnsproxy.Plo
@@ -7891,6 +7957,8 @@ maintainer-clean: maintainer-clean-recursive
-rm -f knot/journal/$(DEPDIR)/libknotd_la-journal_write.Plo
-rm -f knot/journal/$(DEPDIR)/libknotd_la-knot_lmdb.Plo
-rm -f knot/journal/$(DEPDIR)/libknotd_la-serialization.Plo
+ -rm -f knot/modules/authsignal/$(DEPDIR)/la-authsignal.Plo
+ -rm -f knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Plo
-rm -f knot/modules/cookies/$(DEPDIR)/la-cookies.Plo
-rm -f knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Plo
-rm -f knot/modules/dnsproxy/$(DEPDIR)/la-dnsproxy.Plo
diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.h b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.h
index 107d413..85b5f4d 100644
--- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.h
+++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.h
@@ -36,7 +36,7 @@ typedef struct ngtcp2_buf {
uint8_t *begin;
/* end points to the one beyond of the last byte of the buffer */
uint8_t *end;
- /* pos pointers to the start of data. Typically, this points to the
+ /* pos points to the start of data. Typically, this points to the
point that next data should be read. Initially, it points to
|begin|. */
uint8_t *pos;
diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.c b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.c
index ef311ff..9ad37fb 100644
--- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.c
+++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.c
@@ -27,10 +27,6 @@
#include <assert.h>
#include <string.h>
-#if defined(_MSC_VER)
-# include <intrin.h>
-#endif
-
#include "ngtcp2_log.h"
#include "ngtcp2_macro.h"
#include "ngtcp2_mem.h"
@@ -235,39 +231,27 @@ void ngtcp2_cc_cubic_init(ngtcp2_cc_cubic *cubic, ngtcp2_log *log) {
}
uint64_t ngtcp2_cbrt(uint64_t n) {
- int d;
- uint64_t a;
-
- if (n == 0) {
- return 0;
- }
-
-#if defined(_MSC_VER)
- {
- unsigned long index;
-# if defined(_WIN64)
- if (_BitScanReverse64(&index, n)) {
- d = 61 - index;
- } else {
- ngtcp2_unreachable();
- }
-# else /* !defined(_WIN64) */
- if (_BitScanReverse(&index, (unsigned int)(n >> 32))) {
- d = 31 - index;
- } else {
- d = 32 + 31 - _BitScanReverse(&index, (unsigned int)n);
+ size_t s;
+ uint64_t y = 0;
+ uint64_t b;
+
+ for (s = 63; s > 0; s -= 3) {
+ y <<= 1;
+ b = 3 * y * (y + 1) + 1;
+ if ((n >> s) >= b) {
+ n -= b << s;
+ y++;
}
-# endif /* !defined(_WIN64) */
}
-#else /* !defined(_MSC_VER) */
- d = __builtin_clzll(n);
-#endif /* !defined(_MSC_VER) */
- a = 1ULL << ((64 - d) / 3 + 1);
- for (; a * a * a > n;) {
- a = (2 * a + n / a / a) / 3;
+ y <<= 1;
+ b = 3 * y * (y + 1) + 1;
+ if (n >= b) {
+ n -= b;
+ y++;
}
- return a;
+
+ return y;
}
/* HyStart++ constants */
diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.c b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.c
index a4873eb..c8caf47 100644
--- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.c
+++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.c
@@ -3441,12 +3441,22 @@ static ngtcp2_ssize conn_write_pkt(ngtcp2_conn *conn, ngtcp2_pkt_info *pi,
}
switch ((*pfrc)->fr.type) {
+ case NGTCP2_FRAME_RESET_STREAM:
+ strm =
+ ngtcp2_conn_find_stream(conn, (*pfrc)->fr.reset_stream.stream_id);
+ if (strm == NULL ||
+ !ngtcp2_strm_require_retransmit_reset_stream(strm)) {
+ frc = *pfrc;
+ *pfrc = (*pfrc)->next;
+ ngtcp2_frame_chain_objalloc_del(frc, &conn->frc_objalloc, conn->mem);
+ continue;
+ }
+ break;
case NGTCP2_FRAME_STOP_SENDING:
strm =
ngtcp2_conn_find_stream(conn, (*pfrc)->fr.stop_sending.stream_id);
if (strm == NULL ||
- ((strm->flags & NGTCP2_STRM_FLAG_SHUT_RD) &&
- ngtcp2_strm_rx_offset(strm) == strm->rx.last_offset)) {
+ !ngtcp2_strm_require_retransmit_stop_sending(strm)) {
frc = *pfrc;
*pfrc = (*pfrc)->next;
ngtcp2_frame_chain_objalloc_del(frc, &conn->frc_objalloc, conn->mem);
@@ -3476,10 +3486,8 @@ static ngtcp2_ssize conn_write_pkt(ngtcp2_conn *conn, ngtcp2_pkt_info *pi,
case NGTCP2_FRAME_MAX_STREAM_DATA:
strm = ngtcp2_conn_find_stream(conn,
(*pfrc)->fr.max_stream_data.stream_id);
- if (strm == NULL ||
- (strm->flags &
- (NGTCP2_STRM_FLAG_SHUT_RD | NGTCP2_STRM_FLAG_STOP_SENDING)) ||
- (*pfrc)->fr.max_stream_data.max_stream_data < strm->rx.max_offset) {
+ if (strm == NULL || !ngtcp2_strm_require_retransmit_max_stream_data(
+ strm, &(*pfrc)->fr.max_stream_data)) {
frc = *pfrc;
*pfrc = (*pfrc)->next;
ngtcp2_frame_chain_objalloc_del(frc, &conn->frc_objalloc, conn->mem);
@@ -3497,8 +3505,8 @@ static ngtcp2_ssize conn_write_pkt(ngtcp2_conn *conn, ngtcp2_pkt_info *pi,
case NGTCP2_FRAME_STREAM_DATA_BLOCKED:
strm = ngtcp2_conn_find_stream(
conn, (*pfrc)->fr.stream_data_blocked.stream_id);
- if (strm == NULL || (strm->flags & NGTCP2_STRM_FLAG_SHUT_WR) ||
- (*pfrc)->fr.stream_data_blocked.offset != strm->tx.max_offset) {
+ if (strm == NULL || !ngtcp2_strm_require_retransmit_stream_data_blocked(
+ strm, &(*pfrc)->fr.stream_data_blocked)) {
frc = *pfrc;
*pfrc = (*pfrc)->next;
ngtcp2_frame_chain_objalloc_del(frc, &conn->frc_objalloc, conn->mem);
@@ -7145,7 +7153,7 @@ static int conn_recv_stream(ngtcp2_conn *conn, const ngtcp2_stream *fr) {
return rv;
}
}
- } else if (fr->datacnt) {
+ } else if (fr->datacnt && !(strm->flags & NGTCP2_STRM_FLAG_STOP_SENDING)) {
rv = ngtcp2_strm_recv_reordering(strm, fr->data[0].base, fr->data[0].len,
fr->offset);
if (rv != 0) {
@@ -7304,27 +7312,20 @@ static int conn_recv_reset_stream(ngtcp2_conn *conn,
}
/* Stream is reset before we create ngtcp2_strm object. */
- conn->rx.offset += fr->final_size;
- ngtcp2_conn_extend_max_offset(conn, fr->final_size);
-
- rv = conn_call_stream_reset(conn, fr->stream_id, fr->final_size,
- fr->app_error_code, NULL);
+ strm = ngtcp2_objalloc_strm_get(&conn->strm_objalloc);
+ if (strm == NULL) {
+ return NGTCP2_ERR_NOMEM;
+ }
+ rv = ngtcp2_conn_init_stream(conn, strm, fr->stream_id, NULL);
if (rv != 0) {
+ ngtcp2_objalloc_strm_release(&conn->strm_objalloc, strm);
return rv;
}
- /* There will be no activity in this stream because we got
- RESET_STREAM and don't write stream data any further. This
- effectively allows another new stream for peer. */
- if (bidi) {
- handle_max_remote_streams_extension(&conn->remote.bidi.unsent_max_streams,
- 1);
- } else {
- handle_max_remote_streams_extension(&conn->remote.uni.unsent_max_streams,
- 1);
+ rv = conn_call_stream_open(conn, strm);
+ if (rv != 0) {
+ return rv;
}
-
- return 0;
}
if ((strm->flags & NGTCP2_STRM_FLAG_SHUT_RD)) {
@@ -7461,15 +7462,16 @@ static int conn_recv_stop_sending(ngtcp2_conn *conn,
been acknowledged. */
if (!ngtcp2_strm_is_all_tx_data_fin_acked(strm) &&
!(strm->flags & NGTCP2_STRM_FLAG_RESET_STREAM)) {
+ strm->flags |= NGTCP2_STRM_FLAG_RESET_STREAM;
+
rv = conn_reset_stream(conn, strm, fr->app_error_code);
if (rv != 0) {
return rv;
}
}
- strm->flags |= NGTCP2_STRM_FLAG_SHUT_WR |
- NGTCP2_STRM_FLAG_STOP_SENDING_RECVED |
- NGTCP2_STRM_FLAG_RESET_STREAM;
+ strm->flags |=
+ NGTCP2_STRM_FLAG_SHUT_WR | NGTCP2_STRM_FLAG_STOP_SENDING_RECVED;
ngtcp2_strm_streamfrq_clear(strm);
@@ -12533,14 +12535,15 @@ static int conn_shutdown_stream_read(ngtcp2_conn *conn, ngtcp2_strm *strm,
/* Extend connection flow control window for the amount of data
which are not passed to application. */
- if (!(strm->flags & (NGTCP2_STRM_FLAG_STOP_SENDING |
- NGTCP2_STRM_FLAG_RESET_STREAM_RECVED))) {
+ if (!(strm->flags & NGTCP2_STRM_FLAG_RESET_STREAM_RECVED)) {
ngtcp2_conn_extend_max_offset(conn, strm->rx.last_offset -
ngtcp2_strm_rx_offset(strm));
}
strm->flags |= NGTCP2_STRM_FLAG_STOP_SENDING;
+ ngtcp2_strm_discard_reordered_data(strm);
+
return conn_stop_sending(conn, strm, app_error_code);
}
diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.c b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.c
index 2c00af5..0a3ecf6 100644
--- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.c
+++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.c
@@ -124,6 +124,25 @@ static uint8_t *write_varint_param(uint8_t *p, ngtcp2_transport_param_id id,
}
/*
+ * zero_paramlen returns the length of a single transport parameter
+ * which has zero length value in its parameter.
+ */
+static size_t zero_paramlen(ngtcp2_transport_param_id id) {
+ return ngtcp2_put_uvarintlen(id) + 1;
+}
+
+/*
+ * write_zero_param writes parameter |id| that has zero length value.
+ * It returns p + the number of bytes written.
+ */
+static uint8_t *write_zero_param(uint8_t *p, ngtcp2_transport_param_id id) {
+ p = ngtcp2_put_uvarint(p, id);
+ *p++ = 0;
+
+ return p;
+}
+
+/*
* cid_paramlen returns the length of a single transport parameter
* which has |cid| as value.
*/
@@ -235,9 +254,7 @@ ngtcp2_ssize ngtcp2_transport_params_encode_versioned(
params->ack_delay_exponent);
}
if (params->disable_active_migration) {
- len +=
- ngtcp2_put_uvarintlen(NGTCP2_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION) +
- ngtcp2_put_uvarintlen(0);
+ len += zero_paramlen(NGTCP2_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION);
}
if (params->max_ack_delay != NGTCP2_DEFAULT_MAX_ACK_DELAY) {
len += varint_paramlen(NGTCP2_TRANSPORT_PARAM_MAX_ACK_DELAY,
@@ -258,8 +275,7 @@ ngtcp2_ssize ngtcp2_transport_params_encode_versioned(
params->max_datagram_frame_size);
}
if (params->grease_quic_bit) {
- len += ngtcp2_put_uvarintlen(NGTCP2_TRANSPORT_PARAM_GREASE_QUIC_BIT) +
- ngtcp2_put_uvarintlen(0);
+ len += zero_paramlen(NGTCP2_TRANSPORT_PARAM_GREASE_QUIC_BIT);
}
if (params->version_info_present) {
version_infolen =
@@ -377,8 +393,7 @@ ngtcp2_ssize ngtcp2_transport_params_encode_versioned(
}
if (params->disable_active_migration) {
- p = ngtcp2_put_uvarint(p, NGTCP2_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION);
- p = ngtcp2_put_uvarint(p, 0);
+ p = write_zero_param(p, NGTCP2_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION);
}
if (params->max_ack_delay != NGTCP2_DEFAULT_MAX_ACK_DELAY) {
@@ -404,8 +419,7 @@ ngtcp2_ssize ngtcp2_transport_params_encode_versioned(
}
if (params->grease_quic_bit) {
- p = ngtcp2_put_uvarint(p, NGTCP2_TRANSPORT_PARAM_GREASE_QUIC_BIT);
- p = ngtcp2_put_uvarint(p, 0);
+ p = write_zero_param(p, NGTCP2_TRANSPORT_PARAM_GREASE_QUIC_BIT);
}
if (params->version_info_present) {
@@ -483,6 +497,22 @@ static int decode_varint_param(uint64_t *pdest, const uint8_t **pp,
}
/*
+ * decode_zero_param decodes zero length value from the buffer pointed
+ * by |*pp| of length |end - *pp|. The length is encoded in varint
+ * form. If it decodes zero length value successfully, it increments
+ * |*pp| by 1, and returns 0. Otherwise it returns -1.
+ */
+static int decode_zero_param(const uint8_t **pp, const uint8_t *end) {
+ if (*pp == end || **pp != 0) {
+ return -1;
+ }
+
+ ++*pp;
+
+ return 0;
+}
+
+/*
* decode_cid_param decodes length prefixed ngtcp2_cid from the buffer
* pointed by |*pp| of length |end - *pp|. The length is encoded in
* varint form. If it decodes a value successfully, it stores the
@@ -701,10 +731,7 @@ int ngtcp2_transport_params_decode_versioned(int transport_params_version,
params->preferred_addr_present = 1;
break;
case NGTCP2_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION:
- if (decode_varint(&valuelen, &p, end) != 0) {
- return NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM;
- }
- if (valuelen != 0) {
+ if (decode_zero_param(&p, end) != 0) {
return NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM;
}
params->disable_active_migration = 1;
@@ -751,10 +778,7 @@ int ngtcp2_transport_params_decode_versioned(int transport_params_version,
}
break;
case NGTCP2_TRANSPORT_PARAM_GREASE_QUIC_BIT:
- if (decode_varint(&valuelen, &p, end) != 0) {
- return NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM;
- }
- if (valuelen != 0) {
+ if (decode_zero_param(&p, end) != 0) {
return NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM;
}
params->grease_quic_bit = 1;
diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.c b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.c
index 6308261..5ebdce7 100644
--- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.c
+++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.c
@@ -237,7 +237,7 @@ static ngtcp2_ssize rtb_reclaim_frame(ngtcp2_rtb *rtb, uint8_t flags,
switch (frc->fr.type) {
case NGTCP2_FRAME_STREAM:
strm = ngtcp2_conn_find_stream(conn, fr->stream.stream_id);
- if (strm == NULL) {
+ if (strm == NULL || (strm->flags & NGTCP2_STRM_FLAG_RESET_STREAM)) {
continue;
}
@@ -339,26 +339,60 @@ static ngtcp2_ssize rtb_reclaim_frame(ngtcp2_rtb *rtb, uint8_t flags,
return rv;
}
- break;
+ ++num_reclaimed;
+
+ nfrc->next = *pfrc;
+ *pfrc = nfrc;
+ pfrc = &nfrc->next;
+
+ continue;
case NGTCP2_FRAME_DATAGRAM:
case NGTCP2_FRAME_DATAGRAM_LEN:
continue;
- default:
- rv = ngtcp2_frame_chain_objalloc_new(&nfrc, rtb->frc_objalloc);
- if (rv != 0) {
- return rv;
+ case NGTCP2_FRAME_RESET_STREAM:
+ strm = ngtcp2_conn_find_stream(conn, fr->reset_stream.stream_id);
+ if (strm == NULL || !ngtcp2_strm_require_retransmit_reset_stream(strm)) {
+ continue;
}
- nfrc->fr = *fr;
+ break;
+ case NGTCP2_FRAME_STOP_SENDING:
+ strm = ngtcp2_conn_find_stream(conn, fr->stop_sending.stream_id);
+ if (strm == NULL || !ngtcp2_strm_require_retransmit_stop_sending(strm)) {
+ continue;
+ }
- rv = ngtcp2_bind_frame_chains(frc, nfrc, rtb->mem);
- if (rv != 0) {
- return rv;
+ break;
+ case NGTCP2_FRAME_MAX_STREAM_DATA:
+ strm = ngtcp2_conn_find_stream(conn, fr->max_stream_data.stream_id);
+ if (strm == NULL || !ngtcp2_strm_require_retransmit_max_stream_data(
+ strm, &fr->max_stream_data)) {
+ continue;
+ }
+
+ break;
+ case NGTCP2_FRAME_STREAM_DATA_BLOCKED:
+ strm = ngtcp2_conn_find_stream(conn, fr->stream_data_blocked.stream_id);
+ if (strm == NULL || !ngtcp2_strm_require_retransmit_stream_data_blocked(
+ strm, &fr->stream_data_blocked)) {
+ continue;
}
break;
}
+ rv = ngtcp2_frame_chain_objalloc_new(&nfrc, rtb->frc_objalloc);
+ if (rv != 0) {
+ return rv;
+ }
+
+ nfrc->fr = *fr;
+
+ rv = ngtcp2_bind_frame_chains(frc, nfrc, rtb->mem);
+ if (rv != 0) {
+ return rv;
+ }
+
++num_reclaimed;
nfrc->next = *pfrc;
diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.c b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.c
index 6bbeb8f..c00e86f 100644
--- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.c
+++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.c
@@ -158,6 +158,18 @@ void ngtcp2_strm_update_rx_offset(ngtcp2_strm *strm, uint64_t offset) {
ngtcp2_rob_remove_prefix(strm->rx.rob, offset);
}
+void ngtcp2_strm_discard_reordered_data(ngtcp2_strm *strm) {
+ if (strm->rx.rob == NULL) {
+ return;
+ }
+
+ strm->rx.cont_offset = ngtcp2_strm_rx_offset(strm);
+
+ ngtcp2_rob_free(strm->rx.rob);
+ ngtcp2_mem_free(strm->mem, strm->rx.rob);
+ strm->rx.rob = NULL;
+}
+
void ngtcp2_strm_shutdown(ngtcp2_strm *strm, uint32_t flags) {
strm->flags |= flags & NGTCP2_STRM_FLAG_SHUT_RDWR;
}
@@ -696,3 +708,25 @@ void ngtcp2_strm_set_app_error_code(ngtcp2_strm *strm,
strm->flags |= NGTCP2_STRM_FLAG_APP_ERROR_CODE_SET;
strm->app_error_code = app_error_code;
}
+
+int ngtcp2_strm_require_retransmit_reset_stream(ngtcp2_strm *strm) {
+ return !ngtcp2_strm_is_all_tx_data_fin_acked(strm);
+}
+
+int ngtcp2_strm_require_retransmit_stop_sending(ngtcp2_strm *strm) {
+ return !(strm->flags & NGTCP2_STRM_FLAG_SHUT_RD) ||
+ ngtcp2_strm_rx_offset(strm) != strm->rx.last_offset;
+}
+
+int ngtcp2_strm_require_retransmit_max_stream_data(ngtcp2_strm *strm,
+ ngtcp2_max_stream_data *fr) {
+ return fr->max_stream_data == strm->rx.max_offset &&
+ !(strm->flags &
+ (NGTCP2_STRM_FLAG_SHUT_RD | NGTCP2_STRM_FLAG_STOP_SENDING));
+}
+
+int ngtcp2_strm_require_retransmit_stream_data_blocked(
+ ngtcp2_strm *strm, ngtcp2_stream_data_blocked *fr) {
+ return fr->offset == strm->tx.max_offset &&
+ !(strm->flags & NGTCP2_STRM_FLAG_SHUT_WR);
+}
diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.h b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.h
index 223e38f..385302a 100644
--- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.h
+++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.h
@@ -36,6 +36,7 @@
#include "ngtcp2_gaptr.h"
#include "ngtcp2_ksl.h"
#include "ngtcp2_pq.h"
+#include "ngtcp2_pkt.h"
typedef struct ngtcp2_frame_chain ngtcp2_frame_chain;
@@ -220,6 +221,12 @@ int ngtcp2_strm_recv_reordering(ngtcp2_strm *strm, const uint8_t *data,
void ngtcp2_strm_update_rx_offset(ngtcp2_strm *strm, uint64_t offset);
/*
+ * ngtcp2_strm_discard_reordered_data discards all buffered reordered
+ * data.
+ */
+void ngtcp2_strm_discard_reordered_data(ngtcp2_strm *strm);
+
+/*
* ngtcp2_strm_shutdown shutdowns |strm|. |flags| should be
* NGTCP2_STRM_FLAG_SHUT_RD, and/or NGTCP2_STRM_FLAG_SHUT_WR.
*/
@@ -320,4 +327,30 @@ int ngtcp2_strm_ack_data(ngtcp2_strm *strm, uint64_t offset, uint64_t len);
*/
void ngtcp2_strm_set_app_error_code(ngtcp2_strm *strm, uint64_t app_error_code);
+/*
+ * ngtcp2_strm_require_retransmit_reset_stream returns nonzero if
+ * RESET_STREAM frame should be retransmitted.
+ */
+int ngtcp2_strm_require_retransmit_reset_stream(ngtcp2_strm *strm);
+
+/*
+ * ngtcp2_strm_require_retransmit_stop_sending returns nonzero if
+ * STOP_SENDING frame should be retransmitted.
+ */
+int ngtcp2_strm_require_retransmit_stop_sending(ngtcp2_strm *strm);
+
+/*
+ * ngtcp2_strm_require_retransmit_max_stream_data returns nonzero if
+ * MAX_STREAM_DATA frame should be retransmitted.
+ */
+int ngtcp2_strm_require_retransmit_max_stream_data(ngtcp2_strm *strm,
+ ngtcp2_max_stream_data *fr);
+
+/*
+ * ngtcp2_strm_require_retransmit_stream_data_blocked returns nonzero
+ * if STREAM_DATA_BLOCKED frame frame should be retransmitted.
+ */
+int ngtcp2_strm_require_retransmit_stream_data_blocked(
+ ngtcp2_strm *strm, ngtcp2_stream_data_blocked *fr);
+
#endif /* NGTCP2_STRM_H */
diff --git a/src/contrib/libngtcp2/ngtcp2/version.h b/src/contrib/libngtcp2/ngtcp2/version.h
index b102eae..801c6cb 100644
--- a/src/contrib/libngtcp2/ngtcp2/version.h
+++ b/src/contrib/libngtcp2/ngtcp2/version.h
@@ -36,7 +36,7 @@
*
* Version number of the ngtcp2 library release.
*/
-#define NGTCP2_VERSION "1.2.0"
+#define NGTCP2_VERSION "1.3.0"
/**
* @macro
@@ -46,6 +46,6 @@
* number, 8 bits for minor and 8 bits for patch. Version 1.2.3
* becomes 0x010203.
*/
-#define NGTCP2_VERSION_NUM 0x010200
+#define NGTCP2_VERSION_NUM 0x010300
#endif /* VERSION_H */
diff --git a/src/knot/Makefile.inc b/src/knot/Makefile.inc
index 3a20ec1..f67fe7f 100644
--- a/src/knot/Makefile.inc
+++ b/src/knot/Makefile.inc
@@ -239,6 +239,7 @@ KNOTD_MOD_LDFLAGS = $(AM_LDFLAGS) -module -shared -avoid-version
pkglibdir = $(module_instdir)
pkglib_LTLIBRARIES =
+include $(srcdir)/knot/modules/authsignal/Makefile.inc
include $(srcdir)/knot/modules/cookies/Makefile.inc
include $(srcdir)/knot/modules/dnsproxy/Makefile.inc
include $(srcdir)/knot/modules/dnstap/Makefile.inc
diff --git a/src/knot/dnssec/kasp/kasp_zone.c b/src/knot/dnssec/kasp/kasp_zone.c
index 58925fa..e70f21d 100644
--- a/src/knot/dnssec/kasp/kasp_zone.c
+++ b/src/knot/dnssec/kasp/kasp_zone.c
@@ -382,7 +382,7 @@ int kasp_zone_keys_from_rr(knot_kasp_zone_t *zone,
zone->keys[i].is_pub_only = true;
zone->keys[i].is_ksk = (knot_dnskey_flags(zkey) == DNSKEY_FLAGS_KSK);
- zone->keys[i].is_zsk = policy_single_type_signing || !zone->keys[i].is_ksk;
+ zone->keys[i].is_zsk = true; // doesn't hurt in case of validation, any KSK might behave like ZSK that is published but not active
zone->keys[i].timing.publish = 1;
zone->keys[i].timing.active = 1;
diff --git a/src/knot/dnssec/key-events.c b/src/knot/dnssec/key-events.c
index ffd2ce8..ace48d5 100644
--- a/src/knot/dnssec/key-events.c
+++ b/src/knot/dnssec/key-events.c
@@ -293,7 +293,8 @@ typedef enum {
typedef struct {
roll_action_type_t type;
- bool ksk;
+ bool ksk; // These flags seem redundant, but are needed to avoid ASAN
+ bool zsk; // heap-use-after-free if the key is accessed directly during key generation.
knot_time_t time;
knot_kasp_key_t *key;
uint16_t ready_keytag;
@@ -525,6 +526,7 @@ static roll_action_t next_action(kdnssec_ctx_t *ctx, zone_sign_roll_flags_t flag
if (knot_time_cmp(keytime, res.time) < 0) {
res.key = key;
res.ksk = key->is_ksk;
+ res.zsk = key->is_zsk;
res.time = keytime;
res.type = restype;
}
@@ -679,6 +681,28 @@ static int exec_really_remove(kdnssec_ctx_t *ctx, knot_kasp_key_t *key)
return kdnssec_delete_key(ctx, key);
}
+static void log_next_event(kdnssec_ctx_t *ctx, roll_action_t *next)
+{
+ char time_str[64] = "";
+ struct tm time_gm = { 0 };
+ time_t nt = next->time;
+ localtime_r(&nt, &time_gm);
+ strftime(time_str, sizeof(time_str), KNOT_LOG_TIME_FORMAT, &time_gm);
+
+ if (next->type == GENERATE) {
+ const char *key_type = ctx->policy->single_type_signing ?
+ "CSK" : (next->ksk ? "KSK" : "ZSK");
+ log_zone_info(ctx->zone->dname, "DNSSEC, next key action, %s, generate at %s",
+ key_type, time_str);
+ } else {
+ const char *key_type = next->ksk ?
+ (next->zsk ? "CSK" : "KSK") : "ZSK";
+ log_zone_info(ctx->zone->dname, "DNSSEC, next key action, %s tag %hu, %s at %s",
+ key_type, dnssec_key_get_keytag(next->key->key),
+ roll_action_name(next->type), time_str);
+ }
+}
+
int knot_dnssec_key_rollover(kdnssec_ctx_t *ctx, zone_sign_roll_flags_t flags,
zone_sign_reschedule_t *reschedule)
{
@@ -848,6 +872,10 @@ int knot_dnssec_key_rollover(kdnssec_ctx_t *ctx, zone_sign_roll_flags_t flags,
return knot_dnssec_key_rollover(ctx, flags, reschedule);
}
+ if (ret == KNOT_EOK && next.time > 0) {
+ log_next_event(ctx, &next);
+ }
+
if (ret == KNOT_EOK && reschedule->keys_changed) {
ret = kdnssec_ctx_commit(ctx);
if (ret == KNOT_EOK && (ctx->dbus_event & DBUS_EVENT_KEYS_UPDATED)) {
diff --git a/src/knot/dnssec/zone-sign.c b/src/knot/dnssec/zone-sign.c
index 9293c02..62f809e 100644
--- a/src/knot/dnssec/zone-sign.c
+++ b/src/knot/dnssec/zone-sign.c
@@ -89,6 +89,9 @@ static bool apex_dnssec_changed(zone_update_t *update)
/*- private API - signing of in-zone nodes -----------------------------------*/
+#define VALID_SIG_FOUND (1 << 7)
+#define VALID_KEYTAG_LIMIT 3
+
/*!
* \brief Check if there is a valid signature for a given RR set and key.
*
@@ -99,7 +102,8 @@ static bool apex_dnssec_changed(zone_update_t *update)
* \param policy DNSSEC policy.
* \param skip_crypto All RRSIGs in this node have been verified, just check validity.
* \param refresh Consider RRSIG expired when gonna expire this soon.
- * \param found_invalid Out: some matching but expired%invalid RRSIG found.
+ * \param invalid_map Out: found valid (bit VALID_SIG_FOUND) and invalid count
+ * positions of RRSIG with matching algo+keytag+type.
* \param at Out: RRSIG position.
*
* \return The signature exists and is valid.
@@ -111,7 +115,7 @@ static bool valid_signature_exists(const knot_rrset_t *covered,
const kdnssec_ctx_t *dnssec_ctx,
knot_timediff_t refresh,
bool skip_crypto,
- int *found_invalid,
+ uint8_t *invalid_map,
uint16_t *at)
{
assert(key);
@@ -141,13 +145,16 @@ static bool valid_signature_exists(const knot_rrset_t *covered,
if (at != NULL) {
*at = i;
}
- if (found_invalid == NULL) {
+ if (invalid_map == NULL) {
return true;
} else {
+ invalid_map[i] |= VALID_SIG_FOUND;
found_valid = true; // continue searching for invalid RRSIG
}
- } else if (found_invalid != NULL) {
- *found_invalid = ret;
+ } else if (invalid_map != NULL) {
+ if ((++invalid_map[i] & ~VALID_SIG_FOUND) == VALID_KEYTAG_LIMIT) {
+ return found_valid;
+ }
}
}
@@ -305,8 +312,10 @@ int knot_validate_rrsigs(const knot_rrset_t *covered,
return KNOT_EINVAL;
}
+ uint8_t val_inval_map[1 + rrsigs->rrs.count]; // Ensure the size isn't 0 (UBSAN).
+ memset(val_inval_map, 0, sizeof(val_inval_map));
+
bool valid_exists = false;
- int ret = KNOT_EOK;
for (size_t i = 0; i < sign_ctx->count; i++) {
const knot_kasp_key_t *key = &sign_ctx->dnssec_ctx->zone->keys[i];
if (!key_used(key->is_ksk, key->is_zsk, covered->type,
@@ -316,12 +325,21 @@ int knot_validate_rrsigs(const knot_rrset_t *covered,
uint16_t valid_at;
if (valid_signature_exists(covered, rrsigs, key->key, sign_ctx->sign_ctxs[i],
- sign_ctx->dnssec_ctx, 0, skip_crypto, &ret, &valid_at)) {
+ sign_ctx->dnssec_ctx, 0, skip_crypto, val_inval_map, &valid_at)) {
valid_exists = true;
}
}
- return valid_exists ? ret : KNOT_DNSSEC_ENOSIG;
+ for (int i = 0; i < rrsigs->rrs.count; i++) {
+ uint8_t val = val_inval_map[i];
+ if (val > 0 && val < VALID_KEYTAG_LIMIT /* found invalid && not found valid */) {
+ return KNOT_DNSSEC_ENOSIG;
+ } else if ((val & ~VALID_SIG_FOUND) >= VALID_KEYTAG_LIMIT) {
+ return KNOT_DNSSEC_EKEYTAG_LIMIT;
+ }
+ }
+
+ return valid_exists ? KNOT_EOK : KNOT_DNSSEC_ENOSIG;
}
/*!
diff --git a/src/knot/include/module.h b/src/knot/include/module.h
index 3ee1581..15a9077 100644
--- a/src/knot/include/module.h
+++ b/src/knot/include/module.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -487,6 +487,20 @@ const knot_dname_t *knotd_qdata_zone_name(const knotd_qdata_t *qdata);
*/
knot_rrset_t knotd_qdata_zone_apex_rrset(const knotd_qdata_t *qdata, uint16_t type);
+/*!
+ * Gets a rrset of the given type.
+ *
+ * \param[in] qdata Query data.
+ * \param[in] zone_name Optional zone name, the current one otherwise.
+ * \param[in] node_name Optional node name, apex otherwise.
+ * \param[out] out Destination rrset to store the output to.
+ *
+ * \return Error code (KNOT_ENOZONE, KNOT_EEMPTYZONE, KNOT_ENONODE), KNOT_EOK if success.
+ */
+int knotd_qdata_zone_rrset(const knotd_qdata_t *qdata, const knot_dname_t *zone_name,
+ const knot_dname_t *node_name, uint16_t type,
+ knot_rrset_t *out);
+
/*! General query processing states. */
typedef enum {
KNOTD_STATE_NOOP = 0, /*!< No response. */
diff --git a/src/knot/modules/authsignal/Makefile.inc b/src/knot/modules/authsignal/Makefile.inc
new file mode 100644
index 0000000..89c9683
--- /dev/null
+++ b/src/knot/modules/authsignal/Makefile.inc
@@ -0,0 +1,12 @@
+knot_modules_authsignal_la_SOURCES = knot/modules/authsignal/authsignal.c
+EXTRA_DIST += knot/modules/authsignal/authsignal.rst
+
+if STATIC_MODULE_authsignal
+libknotd_la_SOURCES += $(knot_modules_authsignal_la_SOURCES)
+endif
+
+if SHARED_MODULE_authsignal
+knot_modules_authsignal_la_LDFLAGS = $(KNOTD_MOD_LDFLAGS)
+knot_modules_authsignal_la_CPPFLAGS = $(KNOTD_MOD_CPPFLAGS)
+pkglib_LTLIBRARIES += knot/modules/authsignal.la
+endif
diff --git a/src/knot/modules/authsignal/authsignal.c b/src/knot/modules/authsignal/authsignal.c
new file mode 100644
index 0000000..2f8cf0b
--- /dev/null
+++ b/src/knot/modules/authsignal/authsignal.c
@@ -0,0 +1,88 @@
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include "knot/include/module.h"
+
+static knotd_in_state_t signal_query(knotd_in_state_t state, knot_pkt_t *pkt,
+ knotd_qdata_t *qdata, knotd_mod_t *mod)
+{
+ assert(pkt && qdata && mod);
+
+ // Applicable when search in zone fails.
+ if (!(state == KNOTD_IN_STATE_MISS || state == KNOTD_IN_STATE_NODATA)) {
+ return state;
+ }
+
+ const unsigned name_len = knot_dname_size(qdata->name);
+
+ // Check for prefix mismatch.
+ const char *prefix = "\x07_dsboot";
+ const size_t prefix_len = 8;
+ if (name_len < prefix_len || memcmp(qdata->name, prefix, prefix_len) != 0) {
+ // promote NXDOMAIN to NODATA to accommodate synthesis below (= may be ENT)
+ qdata->rcode = KNOT_RCODE_NOERROR;
+ return KNOTD_IN_STATE_NODATA;
+ }
+
+ // Check for qtype match
+ const uint16_t qtype = knot_pkt_qtype(qdata->query);
+ if (!(qtype == KNOT_RRTYPE_CDS || qtype == KNOT_RRTYPE_CDNSKEY)) {
+ // promote NXDOMAIN to NODATA to accommodate CDS/CDNSKEY synthesis
+ qdata->rcode = KNOT_RCODE_NOERROR;
+ return KNOTD_IN_STATE_NODATA;
+ }
+
+ // Copy target zone name
+ knot_dname_storage_t target;
+ unsigned target_len = name_len - knot_dname_size(knotd_qdata_zone_name(qdata)) - prefix_len;
+ memcpy(target, qdata->name + prefix_len, target_len);
+ target[target_len] = '\0';
+
+ // Fetch CDS/CDNSKEY rrset
+ knot_rrset_t rrset;
+ int ret = knotd_qdata_zone_rrset(qdata, target, NULL, qtype, &rrset);
+ if (ret == KNOT_ENOZONE) { // unknown zone
+ return state;
+ } else if (ret != KNOT_EOK) { // something weird (zone empty, apex missing, ...)
+ qdata->rcode = KNOT_RCODE_SERVFAIL;
+ return KNOTD_IN_STATE_ERROR;
+ } else if (knot_rrset_empty(&rrset)) { // zone apex doesn't have requested type
+ // promote NXDOMAIN to NODATA to accommodate synthesis of other qtype
+ qdata->rcode = KNOT_RCODE_NOERROR;
+ return KNOTD_IN_STATE_NODATA;
+ }
+
+ // Replace owner
+ rrset.owner = (knot_dname_t *)qdata->name;
+
+ // Insert synthetic response into packet.
+ if (knot_pkt_put(pkt, 0, &rrset, KNOT_PF_FREE) != KNOT_EOK) {
+ return KNOTD_IN_STATE_ERROR;
+ }
+
+ // Authoritative response.
+ knot_wire_set_aa(pkt->wire);
+
+ return KNOTD_IN_STATE_HIT;
+}
+
+int auth_signal_load(knotd_mod_t *mod)
+{
+ return knotd_mod_in_hook(mod, KNOTD_STAGE_ANSWER, signal_query);
+}
+
+KNOTD_MOD_API(authsignal, KNOTD_MOD_FLAG_SCOPE_ZONE | KNOTD_MOD_FLAG_OPT_CONF,
+ auth_signal_load, NULL, NULL, NULL);
diff --git a/src/knot/modules/authsignal/authsignal.rst b/src/knot/modules/authsignal/authsignal.rst
new file mode 100644
index 0000000..01043a1
--- /dev/null
+++ b/src/knot/modules/authsignal/authsignal.rst
@@ -0,0 +1,41 @@
+.. _mod-authsignal:
+
+``authsignal`` – Automatic Authenticated DNSSEC Bootstrapping records
+=====================================================================
+
+This module is able to synthesize records for automatic DNSSEC bootstrapping
+(draft-ietf-dnsop-dnssec-bootstrapping).
+
+Records are synthesized only if the query can't be satisfied from the zone.
+
+Synthesized records also need to be signed. Typically, this would be done
+using the :ref:`onlinesign<mod-onlinesign>` module.
+
+Example
+-------
+
+Automatic forward records
+.........................
+
+::
+ mod-onlinesign:
+ - id: authsignal
+ nsec-bitmap: [CDS, CDNSKEY]
+
+ zone:
+ - domain: example.net
+ dnssec-signing: on
+ - domain: _signal.ns1.example.com
+ module: [mod-authsignal, mod-onlinesign/authsignal]
+
+Result:
+
+.. code-block:: console
+
+ $ kdig CDS _dsboot.example.net._signal.ns1.example.com.
+ ...
+ ;; QUESTION SECTION:
+ ;; _dsboot.example.net._signal.ns1.example.com. IN CDS
+
+ ;; ANSWER SECTION:
+ _dsboot.example.net._signal.ns1.example.com. 0 IN CDS 45504 13 2 2F2D518FD9DBB2B1403F51398A9931F2832B89F0F85C146B130D383FC23584FA
diff --git a/src/knot/nameserver/query_module.c b/src/knot/nameserver/query_module.c
index 54a982b..f02ee1b 100644
--- a/src/knot/nameserver/query_module.c
+++ b/src/knot/nameserver/query_module.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -666,6 +666,41 @@ knot_rrset_t knotd_qdata_zone_apex_rrset(const knotd_qdata_t *qdata, uint16_t ty
}
_public_
+int knotd_qdata_zone_rrset(const knotd_qdata_t *qdata, const knot_dname_t *zone_name,
+ const knot_dname_t *node_name, uint16_t type,
+ knot_rrset_t *out)
+{
+ if (qdata == NULL || out == NULL) {
+ return KNOT_EINVAL;
+ }
+
+ const zone_contents_t *contents = qdata->extra->contents;
+ if (zone_name != NULL) {
+ server_t *server = qdata->params->server;
+ zone_t *zone = knot_zonedb_find(server->zone_db, zone_name);
+ if (zone == NULL) {
+ return KNOT_ENOZONE;
+ }
+ contents = zone->contents;
+ }
+ if (contents == NULL) {
+ return KNOT_EEMPTYZONE;
+ }
+
+ const zone_node_t *node = contents->apex;
+ if (node_name != NULL) {
+ node = zone_contents_find_node(contents, node_name); // NSEC3 not considered.
+ }
+ if (node == NULL) {
+ return KNOT_ENONODE;
+ }
+
+ *out = node_rrset(node, type);
+
+ return KNOT_EOK;
+}
+
+_public_
int knotd_mod_dnssec_init(knotd_mod_t *mod)
{
if (mod == NULL || mod->dnssec != NULL) {
diff --git a/src/knot/query/quic-requestor.c b/src/knot/query/quic-requestor.c
index 0cfb8ec..62008f9 100644
--- a/src/knot/query/quic-requestor.c
+++ b/src/knot/query/quic-requestor.c
@@ -87,6 +87,7 @@ static int quic_exchange(knot_quic_conn_t *conn, knot_quic_reply_t *r, int timeo
if (hconn == NULL) {
return KNOT_EOK;
} else if (hconn != conn) {
+ knot_quic_cleanup(&hconn, 1);
return KNOT_ESEMCHECK;
}
diff --git a/src/knot/zone/semantic-check.c b/src/knot/zone/semantic-check.c
index 2360728..862d7a4 100644
--- a/src/knot/zone/semantic-check.c
+++ b/src/knot/zone/semantic-check.c
@@ -75,6 +75,8 @@ static const char *error_messages[SEM_ERR_UNKNOWN + 1] = {
"missing DNSKEY",
[SEM_ERR_DNSKEY_INVALID] =
"invalid DNSKEY",
+ [SEM_ERR_DNSKEY_KEYTAG_LIMIT] =
+ "many DNSKEYs with equal keytag",
[SEM_ERR_CDS_NONE] =
"missing CDS",
@@ -500,6 +502,8 @@ static sem_error_t err_dnssec2sem(int ret, uint16_t rrtype, char *info, size_t l
return SEM_ERR_NSEC_RDATA_CHAIN;
case KNOT_DNSSEC_ENSEC3_OPTOUT:
return SEM_ERR_NSEC3_INSECURE_DELEGATION_OPT;
+ case KNOT_DNSSEC_EKEYTAG_LIMIT:
+ return SEM_ERR_DNSKEY_KEYTAG_LIMIT;
default:
return SEM_ERR_UNKNOWN;
}
diff --git a/src/knot/zone/semantic-check.h b/src/knot/zone/semantic-check.h
index f92639b..6a8b3c3 100644
--- a/src/knot/zone/semantic-check.h
+++ b/src/knot/zone/semantic-check.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -64,6 +64,7 @@ typedef enum {
SEM_ERR_DNSKEY_NONE,
SEM_ERR_DNSKEY_INVALID,
+ SEM_ERR_DNSKEY_KEYTAG_LIMIT,
SEM_ERR_CDS_NONE,
SEM_ERR_CDS_NOT_MATCH,
diff --git a/src/libdnssec/version.h b/src/libdnssec/version.h
index e1948bc..0368f18 100644
--- a/src/libdnssec/version.h
+++ b/src/libdnssec/version.h
@@ -18,7 +18,7 @@
#define DNSSEC_VERSION_MAJOR 3
#define DNSSEC_VERSION_MINOR 3
-#define DNSSEC_VERSION_PATCH 0x04
+#define DNSSEC_VERSION_PATCH 0x05
#define DNSSEC_VERSION_HEX ((DNSSEC_VERSION_MAJOR << 16) | \
(DNSSEC_VERSION_MINOR << 8) | \
diff --git a/src/libknot/errcode.h b/src/libknot/errcode.h
index cf51b96..a9eb65c 100644
--- a/src/libknot/errcode.h
+++ b/src/libknot/errcode.h
@@ -174,6 +174,7 @@ enum knot_error {
KNOT_NO_PUBLIC_KEY,
KNOT_NO_PRIVATE_KEY,
KNOT_NO_READY_KEY,
+ KNOT_DNSSEC_EKEYTAG_LIMIT,
KNOT_ERROR_MAX = -501
};
diff --git a/src/libknot/error.c b/src/libknot/error.c
index d5802f2..a148ee7 100644
--- a/src/libknot/error.c
+++ b/src/libknot/error.c
@@ -173,6 +173,7 @@ static const struct error errors[] = {
{ KNOT_NO_PUBLIC_KEY, "no public key" },
{ KNOT_NO_PRIVATE_KEY, "no private key" },
{ KNOT_NO_READY_KEY, "no key ready for submission" },
+ { KNOT_DNSSEC_EKEYTAG_LIMIT, "many keys with equal keytag" },
/* Terminator */
{ KNOT_ERROR, NULL }
diff --git a/src/libknot/rrset-dump.c b/src/libknot/rrset-dump.c
index 7011a65..51a52dd 100644
--- a/src/libknot/rrset-dump.c
+++ b/src/libknot/rrset-dump.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -598,7 +598,7 @@ static void wire_text_to_str(rrset_dump_params_t *p, size_t in_len,
CHECK_INMAX(in_len)
// Check if quotation can ever be disabled (parser protection fallback).
- if (!quote) {
+ if (!quote && !alpn_mode) {
for (size_t i = 0; i < in_len; i++) {
if (p->in[i] == ' ') { // Other WS characters are encoded.
quote = true;
@@ -1515,7 +1515,11 @@ static void wire_svcparam_to_str(rrset_dump_params_t *p)
wire_value_list_to_str(p, wire_svcb_paramkey_to_str, p->in + val_len);
break;
case KNOT_SVCB_PARAM_ALPN:
+ dump_string(p, "\"");
+ CHECK_PRET
wire_value_list_to_str(p, wire_text_to_str_alpn, p->in + val_len);
+ dump_string(p, "\"");
+ CHECK_PRET
break;
case KNOT_SVCB_PARAM_NDALPN:
p->ret = -1; // must not have value
diff --git a/src/libknot/rrset.h b/src/libknot/rrset.h
index fdc5719..51efb74 100644
--- a/src/libknot/rrset.h
+++ b/src/libknot/rrset.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -185,10 +185,27 @@ bool knot_rrset_is_nsec3rel(const knot_rrset_t *rr);
int knot_rrset_rr_to_canonical(knot_rrset_t *rrset);
/*!
- * \brief Size of rrset in wire format.
+ * \brief Size of rrset in wire format (without compression).
*
* \retval size in bytes
*/
size_t knot_rrset_size(const knot_rrset_t *rrset);
+/*!
+ * \brief Fast estimate of knot_rrset_size(); it can return slightly larger values.
+ */
+inline static size_t knot_rrset_size_estimate(const knot_rrset_t *rrset)
+{
+ if (rrset == NULL) {
+ return 0;
+ }
+
+ /* 8B = TYPE + CLASS + TTL + RDLENGTH - sizeof(knot_rdata_t::len)
+ * We over-estimate by the count of padding bytes (<= rrset->rrs.count) */
+ size_t estim = rrset->rrs.size
+ + rrset->rrs.count * (knot_dname_size(rrset->owner) + 8);
+
+ return estim;
+}
+
/*! @} */
diff --git a/src/libknot/version.h b/src/libknot/version.h
index f3a9210..2f86ed7 100644
--- a/src/libknot/version.h
+++ b/src/libknot/version.h
@@ -18,7 +18,7 @@
#define KNOT_VERSION_MAJOR 3
#define KNOT_VERSION_MINOR 3
-#define KNOT_VERSION_PATCH 0x04
+#define KNOT_VERSION_PATCH 0x05
#define KNOT_VERSION_HEX ((KNOT_VERSION_MAJOR << 16) | \
(KNOT_VERSION_MINOR << 8) | \
diff --git a/src/libknot/xdp/protocols.h b/src/libknot/xdp/protocols.h
index 1a18601..ee26e97 100644
--- a/src/libknot/xdp/protocols.h
+++ b/src/libknot/xdp/protocols.h
@@ -90,7 +90,7 @@ inline static void *prot_read_tcp(void *data, knot_xdp_msg_t *msg, uint16_t *src
continue;
}
- if (opts + 1 > hdr_end || opts + opts[1] > hdr_end) {
+ if (opts + 1 > hdr_end || opts + opts[1] > hdr_end || opts[1] < 2) {
// Malformed option.
break;
}
diff --git a/src/libzscanner/error.c b/src/libzscanner/error.c
index 8e571f9..a43db0e 100644
--- a/src/libzscanner/error.c
+++ b/src/libzscanner/error.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -167,6 +167,8 @@ static const err_table_t err_msgs[] = {
"empty comma-separated list item" ),
ERR_ITEM( ZS_FILE_ACCESS,
"permission denied" ),
+ ERR_ITEM( ZS_BAD_ALPN_BACKSLASH,
+ "unscaped backslash character" ),
ERR_ITEM( 0, NULL ) // Terminator
};
diff --git a/src/libzscanner/error.h b/src/libzscanner/error.h
index f54a750..87b73a9 100644
--- a/src/libzscanner/error.h
+++ b/src/libzscanner/error.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -96,6 +96,7 @@ enum err_codes {
ZS_MISSING_SVCB_MANDATORY,
ZS_EMPTY_LIST_ITEM,
ZS_FILE_ACCESS,
+ ZS_BAD_ALPN_BACKSLASH,
};
/*!
diff --git a/src/libzscanner/scanner.c.g2 b/src/libzscanner/scanner.c.g2
index 66f6b1a..f97c3ae 100644
--- a/src/libzscanner/scanner.c.g2
+++ b/src/libzscanner/scanner.c.g2
@@ -40865,6 +40865,7 @@ tr1008:
// Reset per-record contexts.
s->long_string = false;
s->comma_list = false;
+ s->pending_backslash = false;
s->state = ZS_STATE_ERROR;
@@ -40909,6 +40910,7 @@ tr1010:
// Reset per-record contexts.
s->long_string = false;
s->comma_list = false;
+ s->pending_backslash = false;
s->state = ZS_STATE_ERROR;
@@ -41367,24 +41369,31 @@ tr1033:
goto st319;
tr1037:
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -41416,24 +41425,31 @@ tr1045:
rdata_tail++;
}
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -41484,24 +41500,31 @@ case 319:
goto tr1032;
tr1036:
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -41514,24 +41537,31 @@ tr1044:
rdata_tail++;
}
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -41551,24 +41581,31 @@ case 1409:
goto st0;
tr1038:
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -41603,24 +41640,31 @@ tr1046:
rdata_tail++;
}
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -41674,24 +41718,31 @@ case 1410:
goto tr1032;
tr1039:
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -41701,24 +41752,31 @@ tr1047:
rdata_tail++;
}
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -41866,24 +41924,31 @@ tr1048:
goto st324;
tr1052:
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -41915,24 +41980,31 @@ tr1061:
rdata_tail++;
}
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -42006,24 +42078,31 @@ tr1049:
goto st325;
tr1053:
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -42055,24 +42134,31 @@ tr1062:
rdata_tail++;
}
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -42122,24 +42208,31 @@ case 325:
goto tr1032;
tr1054:
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -42149,24 +42242,31 @@ tr1063:
rdata_tail++;
}
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -42187,24 +42287,31 @@ case 326:
goto tr1056;
tr1055:
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -42214,24 +42321,31 @@ tr1064:
rdata_tail++;
}
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {goto st307;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
}
}
}
@@ -57047,6 +57161,10 @@ tr1951:
}
{
s->comma_list = false;
+ if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
+ }
}
{
s->item_length = rdata_tail - s->item_length2_location - 2;
@@ -57083,6 +57201,10 @@ tr1952:
}
{
s->comma_list = false;
+ if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
+ }
}
{
s->item_length = rdata_tail - s->item_length2_location - 2;
@@ -57126,6 +57248,10 @@ tr1953:
}
{
s->comma_list = false;
+ if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
+ }
}
{
s->item_length = rdata_tail - s->item_length2_location - 2;
@@ -57169,6 +57295,10 @@ tr1954:
}
{
s->comma_list = false;
+ if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
+ }
}
{
s->item_length = rdata_tail - s->item_length2_location - 2;
@@ -58174,6 +58304,7 @@ case 609:
tr1949:
{
s->comma_list = true;
+ s->pending_backslash = false;
}
{
if (rdata_tail < rdata_stop) {
@@ -58264,6 +58395,10 @@ tr1955:
}
{
s->comma_list = false;
+ if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
+ }
}
{
s->item_length = rdata_tail - s->item_length2_location - 2;
@@ -58568,6 +58703,10 @@ tr1956:
}
{
s->comma_list = false;
+ if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
+ }
}
{
s->item_length = rdata_tail - s->item_length2_location - 2;
@@ -58919,6 +59058,10 @@ tr1957:
}
{
s->comma_list = false;
+ if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
+ }
}
{
s->item_length = rdata_tail - s->item_length2_location - 2;
@@ -59590,6 +59733,10 @@ tr2128:
}
{
s->comma_list = false;
+ if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
+ }
}
{
s->item_length = rdata_tail - s->item_length2_location - 2;
@@ -59686,6 +59833,10 @@ tr1958:
}
{
s->comma_list = false;
+ if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {goto st307;}
+ }
}
{
s->item_length = rdata_tail - s->item_length2_location - 2;
@@ -61488,6 +61639,7 @@ case 696:
tr1950:
{
s->comma_list = true;
+ s->pending_backslash = false;
}
{
if (rdata_tail < rdata_stop) {
@@ -61552,6 +61704,7 @@ case 697:
tr2127:
{
s->comma_list = true;
+ s->pending_backslash = false;
}
{
if (rdata_tail < rdata_stop) {
diff --git a/src/libzscanner/scanner.c.t0 b/src/libzscanner/scanner.c.t0
index 0909496..b1b2616 100644
--- a/src/libzscanner/scanner.c.t0
+++ b/src/libzscanner/scanner.c.t0
@@ -6983,6 +6983,7 @@ _match:
// Reset per-record contexts.
s->long_string = false;
s->comma_list = false;
+ s->pending_backslash = false;
s->state = ZS_STATE_ERROR;
@@ -7528,24 +7529,31 @@ _match:
break;
case 68:
{
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
p--; {cs = 307;goto _again;}
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {cs = 307;goto _again;}
}
}
}
@@ -8844,11 +8852,16 @@ _match:
case 292:
{
s->comma_list = true;
+ s->pending_backslash = false;
}
break;
case 293:
{
s->comma_list = false;
+ if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ p--; {cs = 307;goto _again;}
+ }
}
break;
case 294:
diff --git a/src/libzscanner/scanner.h b/src/libzscanner/scanner.h
index b45ca48..140b4f1 100644
--- a/src/libzscanner/scanner.h
+++ b/src/libzscanner/scanner.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -157,6 +157,8 @@ struct zs_scanner {
bool long_string;
/*! Comma separated string list indication (svcb parsing). */
bool comma_list;
+ /*! Indication of a non-applied backslash. */
+ bool pending_backslash;
/*! Pointer to the actual dname storage (origin/owner/rdata). */
uint8_t *dname;
diff --git a/src/libzscanner/scanner_body.rl b/src/libzscanner/scanner_body.rl
index 34d51cd..a1ff46c 100644
--- a/src/libzscanner/scanner_body.rl
+++ b/src/libzscanner/scanner_body.rl
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -116,6 +116,7 @@
// Reset per-record contexts.
s->long_string = false;
s->comma_list = false;
+ s->pending_backslash = false;
s->state = ZS_STATE_ERROR;
@@ -656,24 +657,31 @@
}
action _comma_list {
- uint8_t *last_two = rdata_tail - 2;
- uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (s->comma_list) {
+ uint8_t *last_two = rdata_tail - 2;
+ uint16_t current_len = rdata_tail - s->item_length_location - 2;
if (last_two[1] == ',') {
if (current_len <= 1) {
WARN(ZS_EMPTY_LIST_ITEM);
fhold; fgoto err_line;
- } else if (last_two[0] != '\\') { // Start a new item.
+ } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item.
*(s->item_length_location) = current_len;
s->item_length_location = rdata_tail - 1;
} else { // Remove backslash.
last_two[0] = ',';
rdata_tail--;
+ s->pending_backslash = false;
}
- } else if (current_len > 1 && last_two[1] == '\\') {
- if (last_two[0] == '\\') { // Remove backslash.
+ } else if (last_two[1] == '\\') {
+ if (s->pending_backslash) { // Remove backslash.
rdata_tail--;
+ s->pending_backslash = false;
+ } else {
+ s->pending_backslash = true;
}
+ } else if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ fhold; fgoto err_line;
}
}
}
@@ -1800,9 +1808,14 @@
action _alpnl_init {
s->comma_list = true;
+ s->pending_backslash = false;
}
action _alpnl_exit {
s->comma_list = false;
+ if (s->pending_backslash) {
+ WARN(ZS_BAD_ALPN_BACKSLASH);
+ fhold; fgoto err_line;
+ }
}
action _mandatory_init {
diff --git a/src/libzscanner/version.h b/src/libzscanner/version.h
index 653d9bf..25520c7 100644
--- a/src/libzscanner/version.h
+++ b/src/libzscanner/version.h
@@ -18,7 +18,7 @@
#define ZSCANNER_VERSION_MAJOR 3
#define ZSCANNER_VERSION_MINOR 3
-#define ZSCANNER_VERSION_PATCH 0x04
+#define ZSCANNER_VERSION_PATCH 0x05
#define ZSCANNER_VERSION_HEX ((ZSCANNER_VERSION_MAJOR << 16) | \
(ZSCANNER_VERSION_MINOR << 8) | \
diff --git a/src/utils/kzonecheck/main.c b/src/utils/kzonecheck/main.c
index 3a2b620..5fb4c73 100644
--- a/src/utils/kzonecheck/main.c
+++ b/src/utils/kzonecheck/main.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -40,6 +40,7 @@ static void print_help(void)
" -o, --origin <zone_origin> Zone name.\n"
" (default filename without .zone)\n"
" -d, --dnssec <on|off> Also check DNSSEC-related records.\n"
+ " -z, --zonemd Also check ZONEMD.\n"
" -t, --time <timestamp> Current time specification.\n"
" (default current UNIX time)\n"
" -p, --print Print the zone on stdout.\n"
@@ -66,7 +67,7 @@ static bool str2bool(const char *s)
int main(int argc, char *argv[])
{
const char *origin = NULL;
- bool verbose = false, print = false;
+ bool zonemd = false, verbose = false, print = false;
semcheck_optional_t optional = SEMCHECK_DNSSEC_AUTO; // default value for --dnssec
knot_time_t check_time = (knot_time_t)time(NULL);
@@ -75,6 +76,7 @@ int main(int argc, char *argv[])
{ "origin", required_argument, NULL, 'o' },
{ "time", required_argument, NULL, 't' },
{ "dnssec", required_argument, NULL, 'd' },
+ { "zonemd", no_argument, NULL, 'z' },
{ "print", no_argument, NULL, 'p' },
{ "verbose", no_argument, NULL, 'v' },
{ "help", no_argument, NULL, 'h' },
@@ -87,7 +89,7 @@ int main(int argc, char *argv[])
/* Parse command line arguments */
int opt = 0;
- while ((opt = getopt_long(argc, argv, "o:t:d:pvVh", opts, NULL)) != -1) {
+ while ((opt = getopt_long(argc, argv, "o:t:d:zpvVh", opts, NULL)) != -1) {
switch (opt) {
case 'o':
origin = optarg;
@@ -107,6 +109,9 @@ int main(int argc, char *argv[])
case 'd':
optional = str2bool(optarg) ? SEMCHECK_DNSSEC_ON : SEMCHECK_DNSSEC_OFF;
break;
+ case 'z':
+ zonemd = true;
+ break;
case 't':
if (knot_time_parse("YMDhms|#|+-#U|+-#",
optarg, &check_time) != KNOT_EOK) {
@@ -146,6 +151,15 @@ int main(int argc, char *argv[])
zonename = strdup(origin);
}
+ knot_dname_storage_t zone;
+ if (knot_dname_from_str(zone, zonename, sizeof(zone)) == NULL) {
+ ERR2("invalid zone name");
+ free(zonename);
+ return EXIT_FAILURE;
+ }
+ free(zonename);
+ knot_dname_to_lower(zone);
+
log_init();
log_levels_set(LOG_TARGET_STDOUT, LOG_SOURCE_ANY, 0);
log_levels_set(LOG_TARGET_STDERR, LOG_SOURCE_ANY, 0);
@@ -155,31 +169,14 @@ int main(int argc, char *argv[])
log_levels_add(LOG_TARGET_STDOUT, LOG_SOURCE_ANY, LOG_UPTO(LOG_DEBUG));
}
- knot_dname_t *dname = knot_dname_from_str_alloc(zonename);
- knot_dname_to_lower(dname);
- free(zonename);
- int ret = zone_check(filename, dname, optional, (time_t)check_time, print);
- knot_dname_free(dname, NULL);
-
+ int ret = zone_check(filename, zone, zonemd, optional, (time_t)check_time, print);
log_close();
-
- switch (ret) {
- case KNOT_EOK:
- if (verbose) {
- INFO2("No semantic error found");
+ if (ret == KNOT_EOK) {
+ if (verbose && !print) {
+ INFO2("No error found");
}
return EXIT_SUCCESS;
- case KNOT_EZONEINVAL:
- ERR2("serious semantic error detected");
- // FALLTHROUGH
- case KNOT_ESEMCHECK:
- return EXIT_FAILURE;
- case KNOT_EACCES:
- case KNOT_EFILE:
- ERR2("failed to load the zone file");
- return EXIT_FAILURE;
- default:
- ERR2("failed to run semantic checks (%s)", knot_strerror(ret));
+ } else {
return EXIT_FAILURE;
}
}
diff --git a/src/utils/kzonecheck/zone_check.c b/src/utils/kzonecheck/zone_check.c
index 542e152..2ea63b8 100644
--- a/src/utils/kzonecheck/zone_check.c
+++ b/src/utils/kzonecheck/zone_check.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -20,6 +20,7 @@
#include "utils/kzonecheck/zone_check.h"
#include "knot/zone/contents.h"
+#include "knot/zone/digest.h"
#include "knot/zone/zonefile.h"
#include "knot/zone/zone-dump.h"
#include "utils/common/msg.h"
@@ -62,7 +63,7 @@ static void print_statistics(err_handler_stats_t *stats)
}
}
-int zone_check(const char *zone_file, const knot_dname_t *zone_name,
+int zone_check(const char *zone_file, const knot_dname_t *zone_name, bool zonemd,
semcheck_optional_t optional, time_t time, bool print)
{
err_handler_stats_t stats = {
@@ -71,7 +72,15 @@ int zone_check(const char *zone_file, const knot_dname_t *zone_name,
zloader_t zl;
int ret = zonefile_open(&zl, zone_file, zone_name, optional, time);
- if (ret != KNOT_EOK) {
+ switch (ret) {
+ case KNOT_EOK:
+ break;
+ case KNOT_EACCES:
+ case KNOT_EFILE:
+ ERR2("failed to load the zone file");
+ return ret;
+ default:
+ ERR2("failed to run semantic checks (%s)", knot_strerror(ret));
return ret;
}
zl.err_handler = (sem_handler_t *)&stats;
@@ -80,21 +89,39 @@ int zone_check(const char *zone_file, const knot_dname_t *zone_name,
zone_contents_t *contents = zonefile_load(&zl);
zonefile_close(&zl);
if (contents == NULL && !stats.handler.error) {
+ ERR2("failed to run semantic checks");
return KNOT_ERROR;
}
if (stats.error_count > 0) {
print_statistics(&stats);
- ret = stats.handler.error ? KNOT_EZONEINVAL : KNOT_ESEMCHECK;
- if (print) {
+ if (stats.handler.error) {
fprintf(stderr, "\n");
+ ERR2("serious semantic error detected");
+ ret = KNOT_EINVAL;
+ } else {
+ ret = KNOT_ESEMCHECK;
+ }
+ }
+
+ if (zonemd) {
+ ret = zone_contents_digest_verify(contents);
+ if (ret != KNOT_EOK) {
+ if (stats.error_count > 0 && !stats.handler.error) {
+ fprintf(stderr, "\n");
+ }
+ ERR2("invalid ZONEMD");
}
}
if (print) {
+ if (ret != KNOT_EOK) {
+ fprintf(stderr, "\n");
+ }
printf(";; Zone dump (Knot DNS %s)\n", PACKAGE_VERSION);
zone_dump_text(contents, stdout, false, NULL);
}
+
zone_contents_deep_free(contents);
return ret;
diff --git a/src/utils/kzonecheck/zone_check.h b/src/utils/kzonecheck/zone_check.h
index 7039f16..206c27e 100644
--- a/src/utils/kzonecheck/zone_check.h
+++ b/src/utils/kzonecheck/zone_check.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -19,5 +19,5 @@
#include "knot/zone/semantic-check.h"
#include "libknot/libknot.h"
-int zone_check(const char *zone_file, const knot_dname_t *zone_name,
+int zone_check(const char *zone_file, const knot_dname_t *zone_name, bool zonemd,
semcheck_optional_t optional, time_t time, bool print);