From 98e63d18fe85b29517ae8fb21ca94f37c7972652 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 13 Apr 2024 10:04:57 +0200 Subject: Merging upstream version 3.3.5. Signed-off-by: Daniel Baumann --- src/Makefile.in | 256 +++++++++++------- src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.h | 2 +- src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.c | 50 ++-- src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.c | 63 ++--- src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.c | 58 +++-- src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.c | 54 +++- src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.c | 34 +++ src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.h | 33 +++ src/contrib/libngtcp2/ngtcp2/version.h | 4 +- src/knot/Makefile.inc | 1 + src/knot/dnssec/kasp/kasp_zone.c | 2 +- src/knot/dnssec/key-events.c | 30 ++- src/knot/dnssec/zone-sign.c | 34 ++- src/knot/include/module.h | 16 +- src/knot/modules/authsignal/Makefile.inc | 12 + src/knot/modules/authsignal/authsignal.c | 88 +++++++ src/knot/modules/authsignal/authsignal.rst | 41 +++ src/knot/nameserver/query_module.c | 37 ++- src/knot/query/quic-requestor.c | 1 + src/knot/zone/semantic-check.c | 4 + src/knot/zone/semantic-check.h | 3 +- src/libdnssec/version.h | 2 +- src/libknot/errcode.h | 1 + src/libknot/error.c | 1 + src/libknot/rrset-dump.c | 8 +- src/libknot/rrset.h | 21 +- src/libknot/version.h | 2 +- src/libknot/xdp/protocols.h | 2 +- src/libzscanner/error.c | 4 +- src/libzscanner/error.h | 3 +- src/libzscanner/scanner.c.g2 | 313 +++++++++++++++++------ src/libzscanner/scanner.c.t0 | 23 +- src/libzscanner/scanner.h | 4 +- src/libzscanner/scanner_body.rl | 25 +- src/libzscanner/version.h | 2 +- src/utils/kzonecheck/main.c | 47 ++-- src/utils/kzonecheck/zone_check.c | 37 ++- src/utils/kzonecheck/zone_check.h | 4 +- 38 files changed, 988 insertions(+), 334 deletions(-) create mode 100644 src/knot/modules/authsignal/Makefile.inc create mode 100644 src/knot/modules/authsignal/authsignal.c create mode 100644 src/knot/modules/authsignal/authsignal.rst (limited to 'src') diff --git a/src/Makefile.in b/src/Makefile.in index 5b04f9c..df978b4 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -137,49 +137,51 @@ host_triplet = @host@ @HAVE_DAEMON_TRUE@am__append_19 = libknotd.la @HAVE_DAEMON_TRUE@am__append_20 = knotd.pc -@STATIC_MODULE_cookies_TRUE@am__append_21 = $(knot_modules_cookies_la_SOURCES) -@SHARED_MODULE_cookies_TRUE@am__append_22 = knot/modules/cookies.la -@STATIC_MODULE_dnsproxy_TRUE@am__append_23 = $(knot_modules_dnsproxy_la_SOURCES) -@SHARED_MODULE_dnsproxy_TRUE@am__append_24 = knot/modules/dnsproxy.la -@STATIC_MODULE_dnstap_TRUE@am__append_25 = $(knot_modules_dnstap_la_SOURCES) -@STATIC_MODULE_dnstap_TRUE@am__append_26 = $(DNSTAP_CFLAGS) -@STATIC_MODULE_dnstap_TRUE@am__append_27 = $(libdnstap_LIBS) -@SHARED_MODULE_dnstap_TRUE@am__append_28 = knot/modules/dnstap.la -@STATIC_MODULE_geoip_TRUE@am__append_29 = $(knot_modules_geoip_la_SOURCES) -@STATIC_MODULE_geoip_TRUE@am__append_30 = $(libmaxminddb_CFLAGS) -@STATIC_MODULE_geoip_TRUE@am__append_31 = $(libmaxminddb_LIBS) -@SHARED_MODULE_geoip_TRUE@am__append_32 = knot/modules/geoip.la -@STATIC_MODULE_noudp_TRUE@am__append_33 = $(knot_modules_noudp_la_SOURCES) -@SHARED_MODULE_noudp_TRUE@am__append_34 = knot/modules/noudp.la -@STATIC_MODULE_onlinesign_TRUE@am__append_35 = $(knot_modules_onlinesign_la_SOURCES) -@SHARED_MODULE_onlinesign_TRUE@am__append_36 = knot/modules/onlinesign.la -@STATIC_MODULE_probe_TRUE@am__append_37 = $(knot_modules_probe_la_SOURCES) -@SHARED_MODULE_probe_TRUE@am__append_38 = knot/modules/probe.la -@STATIC_MODULE_queryacl_TRUE@am__append_39 = $(knot_modules_queryacl_la_SOURCES) -@SHARED_MODULE_queryacl_TRUE@am__append_40 = knot/modules/queryacl.la -@STATIC_MODULE_rrl_TRUE@am__append_41 = $(knot_modules_rrl_la_SOURCES) -@SHARED_MODULE_rrl_TRUE@am__append_42 = knot/modules/rrl.la -@STATIC_MODULE_stats_TRUE@am__append_43 = $(knot_modules_stats_la_SOURCES) -@SHARED_MODULE_stats_TRUE@am__append_44 = knot/modules/stats.la -@STATIC_MODULE_synthrecord_TRUE@am__append_45 = $(knot_modules_synthrecord_la_SOURCES) -@SHARED_MODULE_synthrecord_TRUE@am__append_46 = knot/modules/synthrecord.la -@STATIC_MODULE_whoami_TRUE@am__append_47 = $(knot_modules_whoami_la_SOURCES) -@SHARED_MODULE_whoami_TRUE@am__append_48 = knot/modules/whoami.la +@STATIC_MODULE_authsignal_TRUE@am__append_21 = $(knot_modules_authsignal_la_SOURCES) +@SHARED_MODULE_authsignal_TRUE@am__append_22 = knot/modules/authsignal.la +@STATIC_MODULE_cookies_TRUE@am__append_23 = $(knot_modules_cookies_la_SOURCES) +@SHARED_MODULE_cookies_TRUE@am__append_24 = knot/modules/cookies.la +@STATIC_MODULE_dnsproxy_TRUE@am__append_25 = $(knot_modules_dnsproxy_la_SOURCES) +@SHARED_MODULE_dnsproxy_TRUE@am__append_26 = knot/modules/dnsproxy.la +@STATIC_MODULE_dnstap_TRUE@am__append_27 = $(knot_modules_dnstap_la_SOURCES) +@STATIC_MODULE_dnstap_TRUE@am__append_28 = $(DNSTAP_CFLAGS) +@STATIC_MODULE_dnstap_TRUE@am__append_29 = $(libdnstap_LIBS) +@SHARED_MODULE_dnstap_TRUE@am__append_30 = knot/modules/dnstap.la +@STATIC_MODULE_geoip_TRUE@am__append_31 = $(knot_modules_geoip_la_SOURCES) +@STATIC_MODULE_geoip_TRUE@am__append_32 = $(libmaxminddb_CFLAGS) +@STATIC_MODULE_geoip_TRUE@am__append_33 = $(libmaxminddb_LIBS) +@SHARED_MODULE_geoip_TRUE@am__append_34 = knot/modules/geoip.la +@STATIC_MODULE_noudp_TRUE@am__append_35 = $(knot_modules_noudp_la_SOURCES) +@SHARED_MODULE_noudp_TRUE@am__append_36 = knot/modules/noudp.la +@STATIC_MODULE_onlinesign_TRUE@am__append_37 = $(knot_modules_onlinesign_la_SOURCES) +@SHARED_MODULE_onlinesign_TRUE@am__append_38 = knot/modules/onlinesign.la +@STATIC_MODULE_probe_TRUE@am__append_39 = $(knot_modules_probe_la_SOURCES) +@SHARED_MODULE_probe_TRUE@am__append_40 = knot/modules/probe.la +@STATIC_MODULE_queryacl_TRUE@am__append_41 = $(knot_modules_queryacl_la_SOURCES) +@SHARED_MODULE_queryacl_TRUE@am__append_42 = knot/modules/queryacl.la +@STATIC_MODULE_rrl_TRUE@am__append_43 = $(knot_modules_rrl_la_SOURCES) +@SHARED_MODULE_rrl_TRUE@am__append_44 = knot/modules/rrl.la +@STATIC_MODULE_stats_TRUE@am__append_45 = $(knot_modules_stats_la_SOURCES) +@SHARED_MODULE_stats_TRUE@am__append_46 = knot/modules/stats.la +@STATIC_MODULE_synthrecord_TRUE@am__append_47 = $(knot_modules_synthrecord_la_SOURCES) +@SHARED_MODULE_synthrecord_TRUE@am__append_48 = knot/modules/synthrecord.la +@STATIC_MODULE_whoami_TRUE@am__append_49 = $(knot_modules_whoami_la_SOURCES) +@SHARED_MODULE_whoami_TRUE@am__append_50 = knot/modules/whoami.la bin_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2) sbin_PROGRAMS = $(am__EXEEXT_3) $(am__EXEEXT_4) $(am__EXEEXT_5) -@HAVE_LIBUTILS_TRUE@am__append_49 = libknotus.la -@EMBEDDED_LIBNGTCP2_TRUE@@HAVE_LIBUTILS_TRUE@am__append_50 = $(libembngtcp2_LIBS) -@HAVE_UTILS_TRUE@am__append_51 = kdig khost knsec3hash knsupdate -@HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_52 = $(DNSTAP_CFLAGS) -@HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_53 = $(libdnstap_LIBS) +@HAVE_LIBUTILS_TRUE@am__append_51 = libknotus.la +@EMBEDDED_LIBNGTCP2_TRUE@@HAVE_LIBUTILS_TRUE@am__append_52 = $(libembngtcp2_LIBS) +@HAVE_UTILS_TRUE@am__append_53 = kdig khost knsec3hash knsupdate @HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_54 = $(DNSTAP_CFLAGS) @HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_55 = $(libdnstap_LIBS) -@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_56 = kxdpgun -@ENABLE_QUIC_TRUE@@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_57 = $(gnutls_CFLAGS) -@ENABLE_QUIC_TRUE@@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_58 = $(gnutls_LIBS) -@HAVE_DAEMON_TRUE@am__append_59 = knotc knotd -@HAVE_DAEMON_TRUE@@HAVE_UTILS_TRUE@am__append_60 = kzonecheck kzonesign -@HAVE_DAEMON_TRUE@@HAVE_UTILS_TRUE@am__append_61 = keymgr kjournalprint kcatalogprint +@HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_56 = $(DNSTAP_CFLAGS) +@HAVE_DNSTAP_TRUE@@HAVE_UTILS_TRUE@am__append_57 = $(libdnstap_LIBS) +@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_58 = kxdpgun +@ENABLE_QUIC_TRUE@@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_59 = $(gnutls_CFLAGS) +@ENABLE_QUIC_TRUE@@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@am__append_60 = $(gnutls_LIBS) +@HAVE_DAEMON_TRUE@am__append_61 = knotc knotd +@HAVE_DAEMON_TRUE@@HAVE_UTILS_TRUE@am__append_62 = kzonecheck kzonesign +@HAVE_DAEMON_TRUE@@HAVE_UTILS_TRUE@am__append_63 = keymgr kjournalprint kcatalogprint subdir = src SUBDIRS = ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -247,20 +249,31 @@ am__uninstall_files_from_dir = { \ } LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) \ $(pkglib_LTLIBRARIES) +knot_modules_authsignal_la_LIBADD = +am__dirstamp = $(am__leading_dot)dirstamp +am_knot_modules_authsignal_la_OBJECTS = \ + knot/modules/authsignal/la-authsignal.lo +knot_modules_authsignal_la_OBJECTS = \ + $(am_knot_modules_authsignal_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +knot_modules_authsignal_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(knot_modules_authsignal_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@SHARED_MODULE_authsignal_TRUE@am_knot_modules_authsignal_la_rpath = \ +@SHARED_MODULE_authsignal_TRUE@ -rpath $(pkglibdir) am__DEPENDENCIES_1 = @USE_GNUTLS_MEMSET_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) am__DEPENDENCIES_3 = libcontrib.la $(am__DEPENDENCIES_2) @SHARED_MODULE_cookies_TRUE@knot_modules_cookies_la_DEPENDENCIES = \ @SHARED_MODULE_cookies_TRUE@ $(am__DEPENDENCIES_3) -am__dirstamp = $(am__leading_dot)dirstamp am_knot_modules_cookies_la_OBJECTS = \ knot/modules/cookies/la-cookies.lo knot_modules_cookies_la_OBJECTS = \ $(am_knot_modules_cookies_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = knot_modules_cookies_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(knot_modules_cookies_la_LDFLAGS) \ @@ -748,6 +761,7 @@ am__libknotd_la_SOURCES_DIST = knot/catalog/catalog_db.c \ knot/zone/zonefile.c knot/zone/zonefile.h \ knot/query/quic-requestor.c knot/query/quic-requestor.h \ knot/server/quic-handler.c knot/server/quic-handler.h \ + knot/modules/authsignal/authsignal.c \ knot/modules/cookies/cookies.c \ knot/modules/dnsproxy/dnsproxy.c knot/modules/dnstap/dnstap.c \ knot/modules/geoip/geoip.c knot/modules/geoip/geodb.c \ @@ -763,33 +777,35 @@ am__libknotd_la_SOURCES_DIST = knot/catalog/catalog_db.c \ @ENABLE_QUIC_TRUE@am__objects_3 = \ @ENABLE_QUIC_TRUE@ knot/query/libknotd_la-quic-requestor.lo \ @ENABLE_QUIC_TRUE@ knot/server/libknotd_la-quic-handler.lo -am__objects_4 = knot/modules/cookies/libknotd_la-cookies.lo -@STATIC_MODULE_cookies_TRUE@am__objects_5 = $(am__objects_4) -am__objects_6 = knot/modules/dnsproxy/libknotd_la-dnsproxy.lo -@STATIC_MODULE_dnsproxy_TRUE@am__objects_7 = $(am__objects_6) -am__objects_8 = knot/modules/dnstap/libknotd_la-dnstap.lo -@STATIC_MODULE_dnstap_TRUE@am__objects_9 = $(am__objects_8) -am__objects_10 = knot/modules/geoip/libknotd_la-geoip.lo \ +am__objects_4 = knot/modules/authsignal/libknotd_la-authsignal.lo +@STATIC_MODULE_authsignal_TRUE@am__objects_5 = $(am__objects_4) +am__objects_6 = knot/modules/cookies/libknotd_la-cookies.lo +@STATIC_MODULE_cookies_TRUE@am__objects_7 = $(am__objects_6) +am__objects_8 = knot/modules/dnsproxy/libknotd_la-dnsproxy.lo +@STATIC_MODULE_dnsproxy_TRUE@am__objects_9 = $(am__objects_8) +am__objects_10 = knot/modules/dnstap/libknotd_la-dnstap.lo +@STATIC_MODULE_dnstap_TRUE@am__objects_11 = $(am__objects_10) +am__objects_12 = knot/modules/geoip/libknotd_la-geoip.lo \ knot/modules/geoip/libknotd_la-geodb.lo -@STATIC_MODULE_geoip_TRUE@am__objects_11 = $(am__objects_10) -am__objects_12 = knot/modules/noudp/libknotd_la-noudp.lo -@STATIC_MODULE_noudp_TRUE@am__objects_13 = $(am__objects_12) -am__objects_14 = knot/modules/onlinesign/libknotd_la-onlinesign.lo \ +@STATIC_MODULE_geoip_TRUE@am__objects_13 = $(am__objects_12) +am__objects_14 = knot/modules/noudp/libknotd_la-noudp.lo +@STATIC_MODULE_noudp_TRUE@am__objects_15 = $(am__objects_14) +am__objects_16 = knot/modules/onlinesign/libknotd_la-onlinesign.lo \ knot/modules/onlinesign/libknotd_la-nsec_next.lo -@STATIC_MODULE_onlinesign_TRUE@am__objects_15 = $(am__objects_14) -am__objects_16 = knot/modules/probe/libknotd_la-probe.lo -@STATIC_MODULE_probe_TRUE@am__objects_17 = $(am__objects_16) -am__objects_18 = knot/modules/queryacl/libknotd_la-queryacl.lo -@STATIC_MODULE_queryacl_TRUE@am__objects_19 = $(am__objects_18) -am__objects_20 = knot/modules/rrl/libknotd_la-rrl.lo \ +@STATIC_MODULE_onlinesign_TRUE@am__objects_17 = $(am__objects_16) +am__objects_18 = knot/modules/probe/libknotd_la-probe.lo +@STATIC_MODULE_probe_TRUE@am__objects_19 = $(am__objects_18) +am__objects_20 = knot/modules/queryacl/libknotd_la-queryacl.lo +@STATIC_MODULE_queryacl_TRUE@am__objects_21 = $(am__objects_20) +am__objects_22 = knot/modules/rrl/libknotd_la-rrl.lo \ knot/modules/rrl/libknotd_la-functions.lo -@STATIC_MODULE_rrl_TRUE@am__objects_21 = $(am__objects_20) -am__objects_22 = knot/modules/stats/libknotd_la-stats.lo -@STATIC_MODULE_stats_TRUE@am__objects_23 = $(am__objects_22) -am__objects_24 = knot/modules/synthrecord/libknotd_la-synthrecord.lo -@STATIC_MODULE_synthrecord_TRUE@am__objects_25 = $(am__objects_24) -am__objects_26 = knot/modules/whoami/libknotd_la-whoami.lo -@STATIC_MODULE_whoami_TRUE@am__objects_27 = $(am__objects_26) +@STATIC_MODULE_rrl_TRUE@am__objects_23 = $(am__objects_22) +am__objects_24 = knot/modules/stats/libknotd_la-stats.lo +@STATIC_MODULE_stats_TRUE@am__objects_25 = $(am__objects_24) +am__objects_26 = knot/modules/synthrecord/libknotd_la-synthrecord.lo +@STATIC_MODULE_synthrecord_TRUE@am__objects_27 = $(am__objects_26) +am__objects_28 = knot/modules/whoami/libknotd_la-whoami.lo +@STATIC_MODULE_whoami_TRUE@am__objects_29 = $(am__objects_28) am_libknotd_la_OBJECTS = knot/catalog/libknotd_la-catalog_db.lo \ knot/catalog/libknotd_la-catalog_update.lo \ knot/catalog/libknotd_la-generate.lo \ @@ -895,7 +911,8 @@ am_libknotd_la_OBJECTS = knot/catalog/libknotd_la-catalog_db.lo \ $(am__objects_5) $(am__objects_7) $(am__objects_9) \ $(am__objects_11) $(am__objects_13) $(am__objects_15) \ $(am__objects_17) $(am__objects_19) $(am__objects_21) \ - $(am__objects_23) $(am__objects_25) $(am__objects_27) + $(am__objects_23) $(am__objects_25) $(am__objects_27) \ + $(am__objects_29) libknotd_la_OBJECTS = $(am_libknotd_la_OBJECTS) libknotd_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -939,9 +956,9 @@ libknotus_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(libknotus_la_LDFLAGS) $(LDFLAGS) -o $@ @HAVE_LIBUTILS_TRUE@am_libknotus_la_rpath = libzscanner_la_DEPENDENCIES = $(am__DEPENDENCIES_1) -am__objects_28 = +am__objects_30 = am_libzscanner_la_OBJECTS = libzscanner/la-error.lo \ - libzscanner/la-functions.lo $(am__objects_28) + libzscanner/la-functions.lo $(am__objects_30) nodist_libzscanner_la_OBJECTS = libzscanner/la-scanner.lo libzscanner_la_OBJECTS = $(am_libzscanner_la_OBJECTS) \ $(nodist_libzscanner_la_OBJECTS) @@ -1230,6 +1247,8 @@ am__depfiles_remade = contrib/$(DEPDIR)/libcontrib_la-base32hex.Plo \ knot/journal/$(DEPDIR)/libknotd_la-journal_write.Plo \ knot/journal/$(DEPDIR)/libknotd_la-knot_lmdb.Plo \ knot/journal/$(DEPDIR)/libknotd_la-serialization.Plo \ + knot/modules/authsignal/$(DEPDIR)/la-authsignal.Plo \ + knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Plo \ knot/modules/cookies/$(DEPDIR)/la-cookies.Plo \ knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Plo \ knot/modules/dnsproxy/$(DEPDIR)/la-dnsproxy.Plo \ @@ -1434,7 +1453,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(knot_modules_cookies_la_SOURCES) \ +SOURCES = $(knot_modules_authsignal_la_SOURCES) \ + $(knot_modules_cookies_la_SOURCES) \ $(knot_modules_dnsproxy_la_SOURCES) \ $(knot_modules_dnstap_la_SOURCES) \ $(knot_modules_geoip_la_SOURCES) \ @@ -1455,7 +1475,8 @@ SOURCES = $(knot_modules_cookies_la_SOURCES) \ $(kjournalprint_SOURCES) $(knotc_SOURCES) $(knotd_SOURCES) \ $(knsec3hash_SOURCES) $(knsupdate_SOURCES) $(kxdpgun_SOURCES) \ $(kzonecheck_SOURCES) $(kzonesign_SOURCES) -DIST_SOURCES = $(knot_modules_cookies_la_SOURCES) \ +DIST_SOURCES = $(knot_modules_authsignal_la_SOURCES) \ + $(knot_modules_cookies_la_SOURCES) \ $(knot_modules_dnsproxy_la_SOURCES) \ $(knot_modules_dnstap_la_SOURCES) \ $(knot_modules_geoip_la_SOURCES) \ @@ -1546,6 +1567,7 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \ $(srcdir)/contrib/Makefile.inc $(srcdir)/knot/Makefile.inc \ + $(srcdir)/knot/modules/authsignal/Makefile.inc \ $(srcdir)/knot/modules/cookies/Makefile.inc \ $(srcdir)/knot/modules/dnsproxy/Makefile.inc \ $(srcdir)/knot/modules/dnstap/Makefile.inc \ @@ -1804,7 +1826,9 @@ EXTRA_DIST = contrib/licenses/0BSD contrib/licenses/BSD-3-Clause \ contrib/url-parser/LICENSE contrib/url-parser/README.md \ contrib/dnstap/dnstap.proto libzscanner/scanner.rl \ libzscanner/scanner_body.rl libzscanner/scanner.c.g2 \ - libzscanner/scanner.c.t0 knot/modules/cookies/cookies.rst \ + libzscanner/scanner.c.t0 \ + knot/modules/authsignal/authsignal.rst \ + knot/modules/cookies/cookies.rst \ knot/modules/dnsproxy/dnsproxy.rst \ knot/modules/dnstap/dnstap.rst knot/modules/geoip/geoip.rst \ knot/modules/noudp/noudp.rst \ @@ -1818,7 +1842,7 @@ CLEANFILES = $(am__append_5) libzscanner/scanner.c BUILT_SOURCES = $(am__append_4) libzscanner/scanner.c lib_LTLIBRARIES = libdnssec.la libknot.la libzscanner.la noinst_LTLIBRARIES = libcontrib.la $(am__append_3) $(am__append_6) \ - $(am__append_19) $(am__append_49) + $(am__append_19) $(am__append_51) pkgconfig_DATA = libdnssec.pc libknot.pc libzscanner.pc \ $(am__append_20) libcontrib_la_CPPFLAGS = $(AM_CPPFLAGS) $(CFLAG_VISIBILITY) \ @@ -2137,11 +2161,11 @@ nodist_libzscanner_la_SOURCES = \ libknotd_la_CPPFLAGS = $(AM_CPPFLAGS) $(CFLAG_VISIBILITY) \ $(libkqueue_CFLAGS) $(liburcu_CFLAGS) $(lmdb_CFLAGS) \ $(systemd_CFLAGS) $(gnutls_CFLAGS) $(libngtcp2_CFLAGS) \ - -DKNOTD_MOD_STATIC $(am__append_26) $(am__append_30) + -DKNOTD_MOD_STATIC $(am__append_28) $(am__append_32) libknotd_la_LDFLAGS = $(AM_LDFLAGS) -export-symbols-regex '^knotd_' libknotd_la_LIBADD = $(dlopen_LIBS) $(libkqueue_LIBS) $(pthread_LIBS) \ - $(libngtcp2_LIBS) $(am__append_17) $(am__append_27) \ - $(am__append_31) + $(libngtcp2_LIBS) $(am__append_17) $(am__append_29) \ + $(am__append_33) libknotd_LIBS = libknotd.la libknot.la libdnssec.la libzscanner.la \ $(libcontrib_LIBS) $(liburcu_LIBS) $(lmdb_LIBS) \ $(systemd_LIBS) $(gnutls_LIBS) @@ -2244,16 +2268,20 @@ libknotd_la_SOURCES = knot/catalog/catalog_db.c \ knot/zone/zonedb-load.h knot/zone/zonedb.c knot/zone/zonedb.h \ knot/zone/zonefile.c knot/zone/zonefile.h $(am__append_18) \ $(am__append_21) $(am__append_23) $(am__append_25) \ - $(am__append_29) $(am__append_33) $(am__append_35) \ + $(am__append_27) $(am__append_31) $(am__append_35) \ $(am__append_37) $(am__append_39) $(am__append_41) \ - $(am__append_43) $(am__append_45) $(am__append_47) + $(am__append_43) $(am__append_45) $(am__append_47) \ + $(am__append_49) KNOTD_MOD_CPPFLAGS = $(AM_CPPFLAGS) $(CFLAG_VISIBILITY) KNOTD_MOD_LDFLAGS = $(AM_LDFLAGS) -module -shared -avoid-version pkglib_LTLIBRARIES = $(am__append_22) $(am__append_24) \ - $(am__append_28) $(am__append_32) $(am__append_34) \ + $(am__append_26) $(am__append_30) $(am__append_34) \ $(am__append_36) $(am__append_38) $(am__append_40) \ $(am__append_42) $(am__append_44) $(am__append_46) \ - $(am__append_48) + $(am__append_48) $(am__append_50) +knot_modules_authsignal_la_SOURCES = knot/modules/authsignal/authsignal.c +@SHARED_MODULE_authsignal_TRUE@knot_modules_authsignal_la_LDFLAGS = $(KNOTD_MOD_LDFLAGS) +@SHARED_MODULE_authsignal_TRUE@knot_modules_authsignal_la_CPPFLAGS = $(KNOTD_MOD_CPPFLAGS) knot_modules_cookies_la_SOURCES = knot/modules/cookies/cookies.c @SHARED_MODULE_cookies_TRUE@knot_modules_cookies_la_LDFLAGS = $(KNOTD_MOD_LDFLAGS) @SHARED_MODULE_cookies_TRUE@knot_modules_cookies_la_CPPFLAGS = $(KNOTD_MOD_CPPFLAGS) @@ -2316,7 +2344,7 @@ knot_modules_whoami_la_SOURCES = knot/modules/whoami/whoami.c @HAVE_LIBUTILS_TRUE@libknotus_la_LDFLAGS = $(AM_LDFLAGS) $(LDFLAG_EXCLUDE_LIBS) @HAVE_LIBUTILS_TRUE@libknotus_la_LIBADD = $(libidn2_LIBS) \ @HAVE_LIBUTILS_TRUE@ $(libidn_LIBS) $(libnghttp2_LIBS) \ -@HAVE_LIBUTILS_TRUE@ $(libngtcp2_LIBS) $(am__append_50) +@HAVE_LIBUTILS_TRUE@ $(libngtcp2_LIBS) $(am__append_52) @HAVE_LIBUTILS_TRUE@libknotus_LIBS = libknotus.la libknot.la libdnssec.la $(libcontrib_LIBS) \ @HAVE_LIBUTILS_TRUE@ $(gnutls_LIBS) $(libedit_LIBS) @@ -2379,11 +2407,11 @@ knot_modules_whoami_la_SOURCES = knot/modules/whoami/whoami.c @HAVE_UTILS_TRUE@ utils/knsupdate/knsupdate_params.h @HAVE_UTILS_TRUE@kdig_CPPFLAGS = $(libknotus_la_CPPFLAGS) \ -@HAVE_UTILS_TRUE@ $(am__append_52) -@HAVE_UTILS_TRUE@kdig_LDADD = $(libknotus_LIBS) $(am__append_53) -@HAVE_UTILS_TRUE@khost_CPPFLAGS = $(libknotus_la_CPPFLAGS) \ @HAVE_UTILS_TRUE@ $(am__append_54) -@HAVE_UTILS_TRUE@khost_LDADD = $(libknotus_LIBS) $(am__append_55) +@HAVE_UTILS_TRUE@kdig_LDADD = $(libknotus_LIBS) $(am__append_55) +@HAVE_UTILS_TRUE@khost_CPPFLAGS = $(libknotus_la_CPPFLAGS) \ +@HAVE_UTILS_TRUE@ $(am__append_56) +@HAVE_UTILS_TRUE@khost_LDADD = $(libknotus_LIBS) $(am__append_57) @HAVE_UTILS_TRUE@knsec3hash_CPPFLAGS = $(libknotus_la_CPPFLAGS) @HAVE_UTILS_TRUE@knsec3hash_LDADD = libknot.la libdnssec.la $(libcontrib_LIBS) @HAVE_UTILS_TRUE@knsupdate_CPPFLAGS = $(libknotus_la_CPPFLAGS) @@ -2398,12 +2426,12 @@ knot_modules_whoami_la_SOURCES = knot/modules/whoami/whoami.c @ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@kxdpgun_CPPFLAGS = \ @ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(libknotus_la_CPPFLAGS) \ @ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(libmnl_CFLAGS) \ -@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(am__append_57) +@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(am__append_59) @ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@kxdpgun_LDADD = libknot.la \ @ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(libcontrib_LIBS) \ @ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(libmnl_LIBS) \ @ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(pthread_LIBS) \ -@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(am__append_58) +@ENABLE_XDP_TRUE@@HAVE_UTILS_TRUE@ $(am__append_60) @HAVE_DAEMON_TRUE@knotc_SOURCES = \ @HAVE_DAEMON_TRUE@ utils/knotc/commands.c \ @HAVE_DAEMON_TRUE@ utils/knotc/commands.h \ @@ -2465,7 +2493,7 @@ all: $(BUILT_SOURCES) config.h .SUFFIXES: .SUFFIXES: .proto .pb-c.c .pb-c.h .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/contrib/Makefile.inc $(srcdir)/libdnssec/Makefile.inc $(srcdir)/libknot/Makefile.inc $(srcdir)/libzscanner/Makefile.inc $(srcdir)/knot/Makefile.inc $(srcdir)/knot/modules/cookies/Makefile.inc $(srcdir)/knot/modules/dnsproxy/Makefile.inc $(srcdir)/knot/modules/dnstap/Makefile.inc $(srcdir)/knot/modules/geoip/Makefile.inc $(srcdir)/knot/modules/noudp/Makefile.inc $(srcdir)/knot/modules/onlinesign/Makefile.inc $(srcdir)/knot/modules/probe/Makefile.inc $(srcdir)/knot/modules/queryacl/Makefile.inc $(srcdir)/knot/modules/rrl/Makefile.inc $(srcdir)/knot/modules/stats/Makefile.inc $(srcdir)/knot/modules/synthrecord/Makefile.inc $(srcdir)/knot/modules/whoami/Makefile.inc $(srcdir)/utils/Makefile.inc $(am__configure_deps) +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/contrib/Makefile.inc $(srcdir)/libdnssec/Makefile.inc $(srcdir)/libknot/Makefile.inc $(srcdir)/libzscanner/Makefile.inc $(srcdir)/knot/Makefile.inc $(srcdir)/knot/modules/authsignal/Makefile.inc $(srcdir)/knot/modules/cookies/Makefile.inc $(srcdir)/knot/modules/dnsproxy/Makefile.inc $(srcdir)/knot/modules/dnstap/Makefile.inc $(srcdir)/knot/modules/geoip/Makefile.inc $(srcdir)/knot/modules/noudp/Makefile.inc $(srcdir)/knot/modules/onlinesign/Makefile.inc $(srcdir)/knot/modules/probe/Makefile.inc $(srcdir)/knot/modules/queryacl/Makefile.inc $(srcdir)/knot/modules/rrl/Makefile.inc $(srcdir)/knot/modules/stats/Makefile.inc $(srcdir)/knot/modules/synthrecord/Makefile.inc $(srcdir)/knot/modules/whoami/Makefile.inc $(srcdir)/utils/Makefile.inc $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ @@ -2485,7 +2513,7 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; -$(srcdir)/contrib/Makefile.inc $(srcdir)/libdnssec/Makefile.inc $(srcdir)/libknot/Makefile.inc $(srcdir)/libzscanner/Makefile.inc $(srcdir)/knot/Makefile.inc $(srcdir)/knot/modules/cookies/Makefile.inc $(srcdir)/knot/modules/dnsproxy/Makefile.inc $(srcdir)/knot/modules/dnstap/Makefile.inc $(srcdir)/knot/modules/geoip/Makefile.inc $(srcdir)/knot/modules/noudp/Makefile.inc $(srcdir)/knot/modules/onlinesign/Makefile.inc $(srcdir)/knot/modules/probe/Makefile.inc $(srcdir)/knot/modules/queryacl/Makefile.inc $(srcdir)/knot/modules/rrl/Makefile.inc $(srcdir)/knot/modules/stats/Makefile.inc $(srcdir)/knot/modules/synthrecord/Makefile.inc $(srcdir)/knot/modules/whoami/Makefile.inc $(srcdir)/utils/Makefile.inc $(am__empty): +$(srcdir)/contrib/Makefile.inc $(srcdir)/libdnssec/Makefile.inc $(srcdir)/libknot/Makefile.inc $(srcdir)/libzscanner/Makefile.inc $(srcdir)/knot/Makefile.inc $(srcdir)/knot/modules/authsignal/Makefile.inc $(srcdir)/knot/modules/cookies/Makefile.inc $(srcdir)/knot/modules/dnsproxy/Makefile.inc $(srcdir)/knot/modules/dnstap/Makefile.inc $(srcdir)/knot/modules/geoip/Makefile.inc $(srcdir)/knot/modules/noudp/Makefile.inc $(srcdir)/knot/modules/onlinesign/Makefile.inc $(srcdir)/knot/modules/probe/Makefile.inc $(srcdir)/knot/modules/queryacl/Makefile.inc $(srcdir)/knot/modules/rrl/Makefile.inc $(srcdir)/knot/modules/stats/Makefile.inc $(srcdir)/knot/modules/synthrecord/Makefile.inc $(srcdir)/knot/modules/whoami/Makefile.inc $(srcdir)/utils/Makefile.inc $(am__empty): $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh @@ -2729,6 +2757,21 @@ clean-pkglibLTLIBRARIES: echo rm -f $${locs}; \ rm -f $${locs}; \ } +knot/modules/authsignal/$(am__dirstamp): + @$(MKDIR_P) knot/modules/authsignal + @: > knot/modules/authsignal/$(am__dirstamp) +knot/modules/authsignal/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) knot/modules/authsignal/$(DEPDIR) + @: > knot/modules/authsignal/$(DEPDIR)/$(am__dirstamp) +knot/modules/authsignal/la-authsignal.lo: \ + knot/modules/authsignal/$(am__dirstamp) \ + knot/modules/authsignal/$(DEPDIR)/$(am__dirstamp) +knot/modules/$(am__dirstamp): + @$(MKDIR_P) knot/modules + @: > knot/modules/$(am__dirstamp) + +knot/modules/authsignal.la: $(knot_modules_authsignal_la_OBJECTS) $(knot_modules_authsignal_la_DEPENDENCIES) $(EXTRA_knot_modules_authsignal_la_DEPENDENCIES) knot/modules/$(am__dirstamp) + $(AM_V_CCLD)$(knot_modules_authsignal_la_LINK) $(am_knot_modules_authsignal_la_rpath) $(knot_modules_authsignal_la_OBJECTS) $(knot_modules_authsignal_la_LIBADD) $(LIBS) knot/modules/cookies/$(am__dirstamp): @$(MKDIR_P) knot/modules/cookies @: > knot/modules/cookies/$(am__dirstamp) @@ -2738,9 +2781,6 @@ knot/modules/cookies/$(DEPDIR)/$(am__dirstamp): knot/modules/cookies/la-cookies.lo: \ knot/modules/cookies/$(am__dirstamp) \ knot/modules/cookies/$(DEPDIR)/$(am__dirstamp) -knot/modules/$(am__dirstamp): - @$(MKDIR_P) knot/modules - @: > knot/modules/$(am__dirstamp) knot/modules/cookies.la: $(knot_modules_cookies_la_OBJECTS) $(knot_modules_cookies_la_DEPENDENCIES) $(EXTRA_knot_modules_cookies_la_DEPENDENCIES) knot/modules/$(am__dirstamp) $(AM_V_CCLD)$(knot_modules_cookies_la_LINK) $(am_knot_modules_cookies_la_rpath) $(knot_modules_cookies_la_OBJECTS) $(knot_modules_cookies_la_LIBADD) $(LIBS) @@ -3700,6 +3740,9 @@ knot/query/libknotd_la-quic-requestor.lo: knot/query/$(am__dirstamp) \ knot/query/$(DEPDIR)/$(am__dirstamp) knot/server/libknotd_la-quic-handler.lo: knot/server/$(am__dirstamp) \ knot/server/$(DEPDIR)/$(am__dirstamp) +knot/modules/authsignal/libknotd_la-authsignal.lo: \ + knot/modules/authsignal/$(am__dirstamp) \ + knot/modules/authsignal/$(DEPDIR)/$(am__dirstamp) knot/modules/cookies/libknotd_la-cookies.lo: \ knot/modules/cookies/$(am__dirstamp) \ knot/modules/cookies/$(DEPDIR)/$(am__dirstamp) @@ -4034,6 +4077,8 @@ mostlyclean-compile: -rm -f knot/events/handlers/*.lo -rm -f knot/journal/*.$(OBJEXT) -rm -f knot/journal/*.lo + -rm -f knot/modules/authsignal/*.$(OBJEXT) + -rm -f knot/modules/authsignal/*.lo -rm -f knot/modules/cookies/*.$(OBJEXT) -rm -f knot/modules/cookies/*.lo -rm -f knot/modules/dnsproxy/*.$(OBJEXT) @@ -4250,6 +4295,8 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@knot/journal/$(DEPDIR)/libknotd_la-journal_write.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@knot/journal/$(DEPDIR)/libknotd_la-knot_lmdb.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@knot/journal/$(DEPDIR)/libknotd_la-serialization.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@knot/modules/authsignal/$(DEPDIR)/la-authsignal.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@knot/modules/cookies/$(DEPDIR)/la-cookies.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@knot/modules/dnsproxy/$(DEPDIR)/la-dnsproxy.Plo@am__quote@ # am--include-marker @@ -4468,6 +4515,13 @@ am--depfiles: $(am__depfiles_remade) @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< +knot/modules/authsignal/la-authsignal.lo: knot/modules/authsignal/authsignal.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(knot_modules_authsignal_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT knot/modules/authsignal/la-authsignal.lo -MD -MP -MF knot/modules/authsignal/$(DEPDIR)/la-authsignal.Tpo -c -o knot/modules/authsignal/la-authsignal.lo `test -f 'knot/modules/authsignal/authsignal.c' || echo '$(srcdir)/'`knot/modules/authsignal/authsignal.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) knot/modules/authsignal/$(DEPDIR)/la-authsignal.Tpo knot/modules/authsignal/$(DEPDIR)/la-authsignal.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='knot/modules/authsignal/authsignal.c' object='knot/modules/authsignal/la-authsignal.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(knot_modules_authsignal_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o knot/modules/authsignal/la-authsignal.lo `test -f 'knot/modules/authsignal/authsignal.c' || echo '$(srcdir)/'`knot/modules/authsignal/authsignal.c + knot/modules/cookies/la-cookies.lo: knot/modules/cookies/cookies.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(knot_modules_cookies_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT knot/modules/cookies/la-cookies.lo -MD -MP -MF knot/modules/cookies/$(DEPDIR)/la-cookies.Tpo -c -o knot/modules/cookies/la-cookies.lo `test -f 'knot/modules/cookies/cookies.c' || echo '$(srcdir)/'`knot/modules/cookies/cookies.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) knot/modules/cookies/$(DEPDIR)/la-cookies.Tpo knot/modules/cookies/$(DEPDIR)/la-cookies.Plo @@ -6246,6 +6300,13 @@ knot/server/libknotd_la-quic-handler.lo: knot/server/quic-handler.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libknotd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o knot/server/libknotd_la-quic-handler.lo `test -f 'knot/server/quic-handler.c' || echo '$(srcdir)/'`knot/server/quic-handler.c +knot/modules/authsignal/libknotd_la-authsignal.lo: knot/modules/authsignal/authsignal.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libknotd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT knot/modules/authsignal/libknotd_la-authsignal.lo -MD -MP -MF knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Tpo -c -o knot/modules/authsignal/libknotd_la-authsignal.lo `test -f 'knot/modules/authsignal/authsignal.c' || echo '$(srcdir)/'`knot/modules/authsignal/authsignal.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Tpo knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='knot/modules/authsignal/authsignal.c' object='knot/modules/authsignal/libknotd_la-authsignal.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libknotd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o knot/modules/authsignal/libknotd_la-authsignal.lo `test -f 'knot/modules/authsignal/authsignal.c' || echo '$(srcdir)/'`knot/modules/authsignal/authsignal.c + knot/modules/cookies/libknotd_la-cookies.lo: knot/modules/cookies/cookies.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libknotd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT knot/modules/cookies/libknotd_la-cookies.lo -MD -MP -MF knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Tpo -c -o knot/modules/cookies/libknotd_la-cookies.lo `test -f 'knot/modules/cookies/cookies.c' || echo '$(srcdir)/'`knot/modules/cookies/cookies.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Tpo knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Plo @@ -6902,6 +6963,7 @@ clean-libtool: -rm -rf knot/events/handlers/.libs knot/events/handlers/_libs -rm -rf knot/journal/.libs knot/journal/_libs -rm -rf knot/modules/.libs knot/modules/_libs + -rm -rf knot/modules/authsignal/.libs knot/modules/authsignal/_libs -rm -rf knot/modules/cookies/.libs knot/modules/cookies/_libs -rm -rf knot/modules/dnsproxy/.libs knot/modules/dnsproxy/_libs -rm -rf knot/modules/dnstap/.libs knot/modules/dnstap/_libs @@ -7289,6 +7351,8 @@ distclean-generic: -rm -f knot/journal/$(DEPDIR)/$(am__dirstamp) -rm -f knot/journal/$(am__dirstamp) -rm -f knot/modules/$(am__dirstamp) + -rm -f knot/modules/authsignal/$(DEPDIR)/$(am__dirstamp) + -rm -f knot/modules/authsignal/$(am__dirstamp) -rm -f knot/modules/cookies/$(DEPDIR)/$(am__dirstamp) -rm -f knot/modules/cookies/$(am__dirstamp) -rm -f knot/modules/dnsproxy/$(DEPDIR)/$(am__dirstamp) @@ -7526,6 +7590,8 @@ distclean: distclean-recursive -rm -f knot/journal/$(DEPDIR)/libknotd_la-journal_write.Plo -rm -f knot/journal/$(DEPDIR)/libknotd_la-knot_lmdb.Plo -rm -f knot/journal/$(DEPDIR)/libknotd_la-serialization.Plo + -rm -f knot/modules/authsignal/$(DEPDIR)/la-authsignal.Plo + -rm -f knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Plo -rm -f knot/modules/cookies/$(DEPDIR)/la-cookies.Plo -rm -f knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Plo -rm -f knot/modules/dnsproxy/$(DEPDIR)/la-dnsproxy.Plo @@ -7891,6 +7957,8 @@ maintainer-clean: maintainer-clean-recursive -rm -f knot/journal/$(DEPDIR)/libknotd_la-journal_write.Plo -rm -f knot/journal/$(DEPDIR)/libknotd_la-knot_lmdb.Plo -rm -f knot/journal/$(DEPDIR)/libknotd_la-serialization.Plo + -rm -f knot/modules/authsignal/$(DEPDIR)/la-authsignal.Plo + -rm -f knot/modules/authsignal/$(DEPDIR)/libknotd_la-authsignal.Plo -rm -f knot/modules/cookies/$(DEPDIR)/la-cookies.Plo -rm -f knot/modules/cookies/$(DEPDIR)/libknotd_la-cookies.Plo -rm -f knot/modules/dnsproxy/$(DEPDIR)/la-dnsproxy.Plo diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.h b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.h index 107d413..85b5f4d 100644 --- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.h +++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.h @@ -36,7 +36,7 @@ typedef struct ngtcp2_buf { uint8_t *begin; /* end points to the one beyond of the last byte of the buffer */ uint8_t *end; - /* pos pointers to the start of data. Typically, this points to the + /* pos points to the start of data. Typically, this points to the point that next data should be read. Initially, it points to |begin|. */ uint8_t *pos; diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.c b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.c index ef311ff..9ad37fb 100644 --- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.c +++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.c @@ -27,10 +27,6 @@ #include #include -#if defined(_MSC_VER) -# include -#endif - #include "ngtcp2_log.h" #include "ngtcp2_macro.h" #include "ngtcp2_mem.h" @@ -235,39 +231,27 @@ void ngtcp2_cc_cubic_init(ngtcp2_cc_cubic *cubic, ngtcp2_log *log) { } uint64_t ngtcp2_cbrt(uint64_t n) { - int d; - uint64_t a; - - if (n == 0) { - return 0; - } - -#if defined(_MSC_VER) - { - unsigned long index; -# if defined(_WIN64) - if (_BitScanReverse64(&index, n)) { - d = 61 - index; - } else { - ngtcp2_unreachable(); - } -# else /* !defined(_WIN64) */ - if (_BitScanReverse(&index, (unsigned int)(n >> 32))) { - d = 31 - index; - } else { - d = 32 + 31 - _BitScanReverse(&index, (unsigned int)n); + size_t s; + uint64_t y = 0; + uint64_t b; + + for (s = 63; s > 0; s -= 3) { + y <<= 1; + b = 3 * y * (y + 1) + 1; + if ((n >> s) >= b) { + n -= b << s; + y++; } -# endif /* !defined(_WIN64) */ } -#else /* !defined(_MSC_VER) */ - d = __builtin_clzll(n); -#endif /* !defined(_MSC_VER) */ - a = 1ULL << ((64 - d) / 3 + 1); - for (; a * a * a > n;) { - a = (2 * a + n / a / a) / 3; + y <<= 1; + b = 3 * y * (y + 1) + 1; + if (n >= b) { + n -= b; + y++; } - return a; + + return y; } /* HyStart++ constants */ diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.c b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.c index a4873eb..c8caf47 100644 --- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.c +++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.c @@ -3441,12 +3441,22 @@ static ngtcp2_ssize conn_write_pkt(ngtcp2_conn *conn, ngtcp2_pkt_info *pi, } switch ((*pfrc)->fr.type) { + case NGTCP2_FRAME_RESET_STREAM: + strm = + ngtcp2_conn_find_stream(conn, (*pfrc)->fr.reset_stream.stream_id); + if (strm == NULL || + !ngtcp2_strm_require_retransmit_reset_stream(strm)) { + frc = *pfrc; + *pfrc = (*pfrc)->next; + ngtcp2_frame_chain_objalloc_del(frc, &conn->frc_objalloc, conn->mem); + continue; + } + break; case NGTCP2_FRAME_STOP_SENDING: strm = ngtcp2_conn_find_stream(conn, (*pfrc)->fr.stop_sending.stream_id); if (strm == NULL || - ((strm->flags & NGTCP2_STRM_FLAG_SHUT_RD) && - ngtcp2_strm_rx_offset(strm) == strm->rx.last_offset)) { + !ngtcp2_strm_require_retransmit_stop_sending(strm)) { frc = *pfrc; *pfrc = (*pfrc)->next; ngtcp2_frame_chain_objalloc_del(frc, &conn->frc_objalloc, conn->mem); @@ -3476,10 +3486,8 @@ static ngtcp2_ssize conn_write_pkt(ngtcp2_conn *conn, ngtcp2_pkt_info *pi, case NGTCP2_FRAME_MAX_STREAM_DATA: strm = ngtcp2_conn_find_stream(conn, (*pfrc)->fr.max_stream_data.stream_id); - if (strm == NULL || - (strm->flags & - (NGTCP2_STRM_FLAG_SHUT_RD | NGTCP2_STRM_FLAG_STOP_SENDING)) || - (*pfrc)->fr.max_stream_data.max_stream_data < strm->rx.max_offset) { + if (strm == NULL || !ngtcp2_strm_require_retransmit_max_stream_data( + strm, &(*pfrc)->fr.max_stream_data)) { frc = *pfrc; *pfrc = (*pfrc)->next; ngtcp2_frame_chain_objalloc_del(frc, &conn->frc_objalloc, conn->mem); @@ -3497,8 +3505,8 @@ static ngtcp2_ssize conn_write_pkt(ngtcp2_conn *conn, ngtcp2_pkt_info *pi, case NGTCP2_FRAME_STREAM_DATA_BLOCKED: strm = ngtcp2_conn_find_stream( conn, (*pfrc)->fr.stream_data_blocked.stream_id); - if (strm == NULL || (strm->flags & NGTCP2_STRM_FLAG_SHUT_WR) || - (*pfrc)->fr.stream_data_blocked.offset != strm->tx.max_offset) { + if (strm == NULL || !ngtcp2_strm_require_retransmit_stream_data_blocked( + strm, &(*pfrc)->fr.stream_data_blocked)) { frc = *pfrc; *pfrc = (*pfrc)->next; ngtcp2_frame_chain_objalloc_del(frc, &conn->frc_objalloc, conn->mem); @@ -7145,7 +7153,7 @@ static int conn_recv_stream(ngtcp2_conn *conn, const ngtcp2_stream *fr) { return rv; } } - } else if (fr->datacnt) { + } else if (fr->datacnt && !(strm->flags & NGTCP2_STRM_FLAG_STOP_SENDING)) { rv = ngtcp2_strm_recv_reordering(strm, fr->data[0].base, fr->data[0].len, fr->offset); if (rv != 0) { @@ -7304,27 +7312,20 @@ static int conn_recv_reset_stream(ngtcp2_conn *conn, } /* Stream is reset before we create ngtcp2_strm object. */ - conn->rx.offset += fr->final_size; - ngtcp2_conn_extend_max_offset(conn, fr->final_size); - - rv = conn_call_stream_reset(conn, fr->stream_id, fr->final_size, - fr->app_error_code, NULL); + strm = ngtcp2_objalloc_strm_get(&conn->strm_objalloc); + if (strm == NULL) { + return NGTCP2_ERR_NOMEM; + } + rv = ngtcp2_conn_init_stream(conn, strm, fr->stream_id, NULL); if (rv != 0) { + ngtcp2_objalloc_strm_release(&conn->strm_objalloc, strm); return rv; } - /* There will be no activity in this stream because we got - RESET_STREAM and don't write stream data any further. This - effectively allows another new stream for peer. */ - if (bidi) { - handle_max_remote_streams_extension(&conn->remote.bidi.unsent_max_streams, - 1); - } else { - handle_max_remote_streams_extension(&conn->remote.uni.unsent_max_streams, - 1); + rv = conn_call_stream_open(conn, strm); + if (rv != 0) { + return rv; } - - return 0; } if ((strm->flags & NGTCP2_STRM_FLAG_SHUT_RD)) { @@ -7461,15 +7462,16 @@ static int conn_recv_stop_sending(ngtcp2_conn *conn, been acknowledged. */ if (!ngtcp2_strm_is_all_tx_data_fin_acked(strm) && !(strm->flags & NGTCP2_STRM_FLAG_RESET_STREAM)) { + strm->flags |= NGTCP2_STRM_FLAG_RESET_STREAM; + rv = conn_reset_stream(conn, strm, fr->app_error_code); if (rv != 0) { return rv; } } - strm->flags |= NGTCP2_STRM_FLAG_SHUT_WR | - NGTCP2_STRM_FLAG_STOP_SENDING_RECVED | - NGTCP2_STRM_FLAG_RESET_STREAM; + strm->flags |= + NGTCP2_STRM_FLAG_SHUT_WR | NGTCP2_STRM_FLAG_STOP_SENDING_RECVED; ngtcp2_strm_streamfrq_clear(strm); @@ -12533,14 +12535,15 @@ static int conn_shutdown_stream_read(ngtcp2_conn *conn, ngtcp2_strm *strm, /* Extend connection flow control window for the amount of data which are not passed to application. */ - if (!(strm->flags & (NGTCP2_STRM_FLAG_STOP_SENDING | - NGTCP2_STRM_FLAG_RESET_STREAM_RECVED))) { + if (!(strm->flags & NGTCP2_STRM_FLAG_RESET_STREAM_RECVED)) { ngtcp2_conn_extend_max_offset(conn, strm->rx.last_offset - ngtcp2_strm_rx_offset(strm)); } strm->flags |= NGTCP2_STRM_FLAG_STOP_SENDING; + ngtcp2_strm_discard_reordered_data(strm); + return conn_stop_sending(conn, strm, app_error_code); } diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.c b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.c index 2c00af5..0a3ecf6 100644 --- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.c +++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.c @@ -123,6 +123,25 @@ static uint8_t *write_varint_param(uint8_t *p, ngtcp2_transport_param_id id, return ngtcp2_put_uvarint(p, value); } +/* + * zero_paramlen returns the length of a single transport parameter + * which has zero length value in its parameter. + */ +static size_t zero_paramlen(ngtcp2_transport_param_id id) { + return ngtcp2_put_uvarintlen(id) + 1; +} + +/* + * write_zero_param writes parameter |id| that has zero length value. + * It returns p + the number of bytes written. + */ +static uint8_t *write_zero_param(uint8_t *p, ngtcp2_transport_param_id id) { + p = ngtcp2_put_uvarint(p, id); + *p++ = 0; + + return p; +} + /* * cid_paramlen returns the length of a single transport parameter * which has |cid| as value. @@ -235,9 +254,7 @@ ngtcp2_ssize ngtcp2_transport_params_encode_versioned( params->ack_delay_exponent); } if (params->disable_active_migration) { - len += - ngtcp2_put_uvarintlen(NGTCP2_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION) + - ngtcp2_put_uvarintlen(0); + len += zero_paramlen(NGTCP2_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION); } if (params->max_ack_delay != NGTCP2_DEFAULT_MAX_ACK_DELAY) { len += varint_paramlen(NGTCP2_TRANSPORT_PARAM_MAX_ACK_DELAY, @@ -258,8 +275,7 @@ ngtcp2_ssize ngtcp2_transport_params_encode_versioned( params->max_datagram_frame_size); } if (params->grease_quic_bit) { - len += ngtcp2_put_uvarintlen(NGTCP2_TRANSPORT_PARAM_GREASE_QUIC_BIT) + - ngtcp2_put_uvarintlen(0); + len += zero_paramlen(NGTCP2_TRANSPORT_PARAM_GREASE_QUIC_BIT); } if (params->version_info_present) { version_infolen = @@ -377,8 +393,7 @@ ngtcp2_ssize ngtcp2_transport_params_encode_versioned( } if (params->disable_active_migration) { - p = ngtcp2_put_uvarint(p, NGTCP2_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION); - p = ngtcp2_put_uvarint(p, 0); + p = write_zero_param(p, NGTCP2_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION); } if (params->max_ack_delay != NGTCP2_DEFAULT_MAX_ACK_DELAY) { @@ -404,8 +419,7 @@ ngtcp2_ssize ngtcp2_transport_params_encode_versioned( } if (params->grease_quic_bit) { - p = ngtcp2_put_uvarint(p, NGTCP2_TRANSPORT_PARAM_GREASE_QUIC_BIT); - p = ngtcp2_put_uvarint(p, 0); + p = write_zero_param(p, NGTCP2_TRANSPORT_PARAM_GREASE_QUIC_BIT); } if (params->version_info_present) { @@ -482,6 +496,22 @@ static int decode_varint_param(uint64_t *pdest, const uint8_t **pp, return 0; } +/* + * decode_zero_param decodes zero length value from the buffer pointed + * by |*pp| of length |end - *pp|. The length is encoded in varint + * form. If it decodes zero length value successfully, it increments + * |*pp| by 1, and returns 0. Otherwise it returns -1. + */ +static int decode_zero_param(const uint8_t **pp, const uint8_t *end) { + if (*pp == end || **pp != 0) { + return -1; + } + + ++*pp; + + return 0; +} + /* * decode_cid_param decodes length prefixed ngtcp2_cid from the buffer * pointed by |*pp| of length |end - *pp|. The length is encoded in @@ -701,10 +731,7 @@ int ngtcp2_transport_params_decode_versioned(int transport_params_version, params->preferred_addr_present = 1; break; case NGTCP2_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION: - if (decode_varint(&valuelen, &p, end) != 0) { - return NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM; - } - if (valuelen != 0) { + if (decode_zero_param(&p, end) != 0) { return NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM; } params->disable_active_migration = 1; @@ -751,10 +778,7 @@ int ngtcp2_transport_params_decode_versioned(int transport_params_version, } break; case NGTCP2_TRANSPORT_PARAM_GREASE_QUIC_BIT: - if (decode_varint(&valuelen, &p, end) != 0) { - return NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM; - } - if (valuelen != 0) { + if (decode_zero_param(&p, end) != 0) { return NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM; } params->grease_quic_bit = 1; diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.c b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.c index 6308261..5ebdce7 100644 --- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.c +++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.c @@ -237,7 +237,7 @@ static ngtcp2_ssize rtb_reclaim_frame(ngtcp2_rtb *rtb, uint8_t flags, switch (frc->fr.type) { case NGTCP2_FRAME_STREAM: strm = ngtcp2_conn_find_stream(conn, fr->stream.stream_id); - if (strm == NULL) { + if (strm == NULL || (strm->flags & NGTCP2_STRM_FLAG_RESET_STREAM)) { continue; } @@ -339,26 +339,60 @@ static ngtcp2_ssize rtb_reclaim_frame(ngtcp2_rtb *rtb, uint8_t flags, return rv; } - break; + ++num_reclaimed; + + nfrc->next = *pfrc; + *pfrc = nfrc; + pfrc = &nfrc->next; + + continue; case NGTCP2_FRAME_DATAGRAM: case NGTCP2_FRAME_DATAGRAM_LEN: continue; - default: - rv = ngtcp2_frame_chain_objalloc_new(&nfrc, rtb->frc_objalloc); - if (rv != 0) { - return rv; + case NGTCP2_FRAME_RESET_STREAM: + strm = ngtcp2_conn_find_stream(conn, fr->reset_stream.stream_id); + if (strm == NULL || !ngtcp2_strm_require_retransmit_reset_stream(strm)) { + continue; } - nfrc->fr = *fr; + break; + case NGTCP2_FRAME_STOP_SENDING: + strm = ngtcp2_conn_find_stream(conn, fr->stop_sending.stream_id); + if (strm == NULL || !ngtcp2_strm_require_retransmit_stop_sending(strm)) { + continue; + } - rv = ngtcp2_bind_frame_chains(frc, nfrc, rtb->mem); - if (rv != 0) { - return rv; + break; + case NGTCP2_FRAME_MAX_STREAM_DATA: + strm = ngtcp2_conn_find_stream(conn, fr->max_stream_data.stream_id); + if (strm == NULL || !ngtcp2_strm_require_retransmit_max_stream_data( + strm, &fr->max_stream_data)) { + continue; + } + + break; + case NGTCP2_FRAME_STREAM_DATA_BLOCKED: + strm = ngtcp2_conn_find_stream(conn, fr->stream_data_blocked.stream_id); + if (strm == NULL || !ngtcp2_strm_require_retransmit_stream_data_blocked( + strm, &fr->stream_data_blocked)) { + continue; } break; } + rv = ngtcp2_frame_chain_objalloc_new(&nfrc, rtb->frc_objalloc); + if (rv != 0) { + return rv; + } + + nfrc->fr = *fr; + + rv = ngtcp2_bind_frame_chains(frc, nfrc, rtb->mem); + if (rv != 0) { + return rv; + } + ++num_reclaimed; nfrc->next = *pfrc; diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.c b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.c index 6bbeb8f..c00e86f 100644 --- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.c +++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.c @@ -158,6 +158,18 @@ void ngtcp2_strm_update_rx_offset(ngtcp2_strm *strm, uint64_t offset) { ngtcp2_rob_remove_prefix(strm->rx.rob, offset); } +void ngtcp2_strm_discard_reordered_data(ngtcp2_strm *strm) { + if (strm->rx.rob == NULL) { + return; + } + + strm->rx.cont_offset = ngtcp2_strm_rx_offset(strm); + + ngtcp2_rob_free(strm->rx.rob); + ngtcp2_mem_free(strm->mem, strm->rx.rob); + strm->rx.rob = NULL; +} + void ngtcp2_strm_shutdown(ngtcp2_strm *strm, uint32_t flags) { strm->flags |= flags & NGTCP2_STRM_FLAG_SHUT_RDWR; } @@ -696,3 +708,25 @@ void ngtcp2_strm_set_app_error_code(ngtcp2_strm *strm, strm->flags |= NGTCP2_STRM_FLAG_APP_ERROR_CODE_SET; strm->app_error_code = app_error_code; } + +int ngtcp2_strm_require_retransmit_reset_stream(ngtcp2_strm *strm) { + return !ngtcp2_strm_is_all_tx_data_fin_acked(strm); +} + +int ngtcp2_strm_require_retransmit_stop_sending(ngtcp2_strm *strm) { + return !(strm->flags & NGTCP2_STRM_FLAG_SHUT_RD) || + ngtcp2_strm_rx_offset(strm) != strm->rx.last_offset; +} + +int ngtcp2_strm_require_retransmit_max_stream_data(ngtcp2_strm *strm, + ngtcp2_max_stream_data *fr) { + return fr->max_stream_data == strm->rx.max_offset && + !(strm->flags & + (NGTCP2_STRM_FLAG_SHUT_RD | NGTCP2_STRM_FLAG_STOP_SENDING)); +} + +int ngtcp2_strm_require_retransmit_stream_data_blocked( + ngtcp2_strm *strm, ngtcp2_stream_data_blocked *fr) { + return fr->offset == strm->tx.max_offset && + !(strm->flags & NGTCP2_STRM_FLAG_SHUT_WR); +} diff --git a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.h b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.h index 223e38f..385302a 100644 --- a/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.h +++ b/src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.h @@ -36,6 +36,7 @@ #include "ngtcp2_gaptr.h" #include "ngtcp2_ksl.h" #include "ngtcp2_pq.h" +#include "ngtcp2_pkt.h" typedef struct ngtcp2_frame_chain ngtcp2_frame_chain; @@ -219,6 +220,12 @@ int ngtcp2_strm_recv_reordering(ngtcp2_strm *strm, const uint8_t *data, */ void ngtcp2_strm_update_rx_offset(ngtcp2_strm *strm, uint64_t offset); +/* + * ngtcp2_strm_discard_reordered_data discards all buffered reordered + * data. + */ +void ngtcp2_strm_discard_reordered_data(ngtcp2_strm *strm); + /* * ngtcp2_strm_shutdown shutdowns |strm|. |flags| should be * NGTCP2_STRM_FLAG_SHUT_RD, and/or NGTCP2_STRM_FLAG_SHUT_WR. @@ -320,4 +327,30 @@ int ngtcp2_strm_ack_data(ngtcp2_strm *strm, uint64_t offset, uint64_t len); */ void ngtcp2_strm_set_app_error_code(ngtcp2_strm *strm, uint64_t app_error_code); +/* + * ngtcp2_strm_require_retransmit_reset_stream returns nonzero if + * RESET_STREAM frame should be retransmitted. + */ +int ngtcp2_strm_require_retransmit_reset_stream(ngtcp2_strm *strm); + +/* + * ngtcp2_strm_require_retransmit_stop_sending returns nonzero if + * STOP_SENDING frame should be retransmitted. + */ +int ngtcp2_strm_require_retransmit_stop_sending(ngtcp2_strm *strm); + +/* + * ngtcp2_strm_require_retransmit_max_stream_data returns nonzero if + * MAX_STREAM_DATA frame should be retransmitted. + */ +int ngtcp2_strm_require_retransmit_max_stream_data(ngtcp2_strm *strm, + ngtcp2_max_stream_data *fr); + +/* + * ngtcp2_strm_require_retransmit_stream_data_blocked returns nonzero + * if STREAM_DATA_BLOCKED frame frame should be retransmitted. + */ +int ngtcp2_strm_require_retransmit_stream_data_blocked( + ngtcp2_strm *strm, ngtcp2_stream_data_blocked *fr); + #endif /* NGTCP2_STRM_H */ diff --git a/src/contrib/libngtcp2/ngtcp2/version.h b/src/contrib/libngtcp2/ngtcp2/version.h index b102eae..801c6cb 100644 --- a/src/contrib/libngtcp2/ngtcp2/version.h +++ b/src/contrib/libngtcp2/ngtcp2/version.h @@ -36,7 +36,7 @@ * * Version number of the ngtcp2 library release. */ -#define NGTCP2_VERSION "1.2.0" +#define NGTCP2_VERSION "1.3.0" /** * @macro @@ -46,6 +46,6 @@ * number, 8 bits for minor and 8 bits for patch. Version 1.2.3 * becomes 0x010203. */ -#define NGTCP2_VERSION_NUM 0x010200 +#define NGTCP2_VERSION_NUM 0x010300 #endif /* VERSION_H */ diff --git a/src/knot/Makefile.inc b/src/knot/Makefile.inc index 3a20ec1..f67fe7f 100644 --- a/src/knot/Makefile.inc +++ b/src/knot/Makefile.inc @@ -239,6 +239,7 @@ KNOTD_MOD_LDFLAGS = $(AM_LDFLAGS) -module -shared -avoid-version pkglibdir = $(module_instdir) pkglib_LTLIBRARIES = +include $(srcdir)/knot/modules/authsignal/Makefile.inc include $(srcdir)/knot/modules/cookies/Makefile.inc include $(srcdir)/knot/modules/dnsproxy/Makefile.inc include $(srcdir)/knot/modules/dnstap/Makefile.inc diff --git a/src/knot/dnssec/kasp/kasp_zone.c b/src/knot/dnssec/kasp/kasp_zone.c index 58925fa..e70f21d 100644 --- a/src/knot/dnssec/kasp/kasp_zone.c +++ b/src/knot/dnssec/kasp/kasp_zone.c @@ -382,7 +382,7 @@ int kasp_zone_keys_from_rr(knot_kasp_zone_t *zone, zone->keys[i].is_pub_only = true; zone->keys[i].is_ksk = (knot_dnskey_flags(zkey) == DNSKEY_FLAGS_KSK); - zone->keys[i].is_zsk = policy_single_type_signing || !zone->keys[i].is_ksk; + zone->keys[i].is_zsk = true; // doesn't hurt in case of validation, any KSK might behave like ZSK that is published but not active zone->keys[i].timing.publish = 1; zone->keys[i].timing.active = 1; diff --git a/src/knot/dnssec/key-events.c b/src/knot/dnssec/key-events.c index ffd2ce8..ace48d5 100644 --- a/src/knot/dnssec/key-events.c +++ b/src/knot/dnssec/key-events.c @@ -293,7 +293,8 @@ typedef enum { typedef struct { roll_action_type_t type; - bool ksk; + bool ksk; // These flags seem redundant, but are needed to avoid ASAN + bool zsk; // heap-use-after-free if the key is accessed directly during key generation. knot_time_t time; knot_kasp_key_t *key; uint16_t ready_keytag; @@ -525,6 +526,7 @@ static roll_action_t next_action(kdnssec_ctx_t *ctx, zone_sign_roll_flags_t flag if (knot_time_cmp(keytime, res.time) < 0) { res.key = key; res.ksk = key->is_ksk; + res.zsk = key->is_zsk; res.time = keytime; res.type = restype; } @@ -679,6 +681,28 @@ static int exec_really_remove(kdnssec_ctx_t *ctx, knot_kasp_key_t *key) return kdnssec_delete_key(ctx, key); } +static void log_next_event(kdnssec_ctx_t *ctx, roll_action_t *next) +{ + char time_str[64] = ""; + struct tm time_gm = { 0 }; + time_t nt = next->time; + localtime_r(&nt, &time_gm); + strftime(time_str, sizeof(time_str), KNOT_LOG_TIME_FORMAT, &time_gm); + + if (next->type == GENERATE) { + const char *key_type = ctx->policy->single_type_signing ? + "CSK" : (next->ksk ? "KSK" : "ZSK"); + log_zone_info(ctx->zone->dname, "DNSSEC, next key action, %s, generate at %s", + key_type, time_str); + } else { + const char *key_type = next->ksk ? + (next->zsk ? "CSK" : "KSK") : "ZSK"; + log_zone_info(ctx->zone->dname, "DNSSEC, next key action, %s tag %hu, %s at %s", + key_type, dnssec_key_get_keytag(next->key->key), + roll_action_name(next->type), time_str); + } +} + int knot_dnssec_key_rollover(kdnssec_ctx_t *ctx, zone_sign_roll_flags_t flags, zone_sign_reschedule_t *reschedule) { @@ -848,6 +872,10 @@ int knot_dnssec_key_rollover(kdnssec_ctx_t *ctx, zone_sign_roll_flags_t flags, return knot_dnssec_key_rollover(ctx, flags, reschedule); } + if (ret == KNOT_EOK && next.time > 0) { + log_next_event(ctx, &next); + } + if (ret == KNOT_EOK && reschedule->keys_changed) { ret = kdnssec_ctx_commit(ctx); if (ret == KNOT_EOK && (ctx->dbus_event & DBUS_EVENT_KEYS_UPDATED)) { diff --git a/src/knot/dnssec/zone-sign.c b/src/knot/dnssec/zone-sign.c index 9293c02..62f809e 100644 --- a/src/knot/dnssec/zone-sign.c +++ b/src/knot/dnssec/zone-sign.c @@ -89,6 +89,9 @@ static bool apex_dnssec_changed(zone_update_t *update) /*- private API - signing of in-zone nodes -----------------------------------*/ +#define VALID_SIG_FOUND (1 << 7) +#define VALID_KEYTAG_LIMIT 3 + /*! * \brief Check if there is a valid signature for a given RR set and key. * @@ -99,7 +102,8 @@ static bool apex_dnssec_changed(zone_update_t *update) * \param policy DNSSEC policy. * \param skip_crypto All RRSIGs in this node have been verified, just check validity. * \param refresh Consider RRSIG expired when gonna expire this soon. - * \param found_invalid Out: some matching but expired%invalid RRSIG found. + * \param invalid_map Out: found valid (bit VALID_SIG_FOUND) and invalid count + * positions of RRSIG with matching algo+keytag+type. * \param at Out: RRSIG position. * * \return The signature exists and is valid. @@ -111,7 +115,7 @@ static bool valid_signature_exists(const knot_rrset_t *covered, const kdnssec_ctx_t *dnssec_ctx, knot_timediff_t refresh, bool skip_crypto, - int *found_invalid, + uint8_t *invalid_map, uint16_t *at) { assert(key); @@ -141,13 +145,16 @@ static bool valid_signature_exists(const knot_rrset_t *covered, if (at != NULL) { *at = i; } - if (found_invalid == NULL) { + if (invalid_map == NULL) { return true; } else { + invalid_map[i] |= VALID_SIG_FOUND; found_valid = true; // continue searching for invalid RRSIG } - } else if (found_invalid != NULL) { - *found_invalid = ret; + } else if (invalid_map != NULL) { + if ((++invalid_map[i] & ~VALID_SIG_FOUND) == VALID_KEYTAG_LIMIT) { + return found_valid; + } } } @@ -305,8 +312,10 @@ int knot_validate_rrsigs(const knot_rrset_t *covered, return KNOT_EINVAL; } + uint8_t val_inval_map[1 + rrsigs->rrs.count]; // Ensure the size isn't 0 (UBSAN). + memset(val_inval_map, 0, sizeof(val_inval_map)); + bool valid_exists = false; - int ret = KNOT_EOK; for (size_t i = 0; i < sign_ctx->count; i++) { const knot_kasp_key_t *key = &sign_ctx->dnssec_ctx->zone->keys[i]; if (!key_used(key->is_ksk, key->is_zsk, covered->type, @@ -316,12 +325,21 @@ int knot_validate_rrsigs(const knot_rrset_t *covered, uint16_t valid_at; if (valid_signature_exists(covered, rrsigs, key->key, sign_ctx->sign_ctxs[i], - sign_ctx->dnssec_ctx, 0, skip_crypto, &ret, &valid_at)) { + sign_ctx->dnssec_ctx, 0, skip_crypto, val_inval_map, &valid_at)) { valid_exists = true; } } - return valid_exists ? ret : KNOT_DNSSEC_ENOSIG; + for (int i = 0; i < rrsigs->rrs.count; i++) { + uint8_t val = val_inval_map[i]; + if (val > 0 && val < VALID_KEYTAG_LIMIT /* found invalid && not found valid */) { + return KNOT_DNSSEC_ENOSIG; + } else if ((val & ~VALID_SIG_FOUND) >= VALID_KEYTAG_LIMIT) { + return KNOT_DNSSEC_EKEYTAG_LIMIT; + } + } + + return valid_exists ? KNOT_EOK : KNOT_DNSSEC_ENOSIG; } /*! diff --git a/src/knot/include/module.h b/src/knot/include/module.h index 3ee1581..15a9077 100644 --- a/src/knot/include/module.h +++ b/src/knot/include/module.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2023 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -487,6 +487,20 @@ const knot_dname_t *knotd_qdata_zone_name(const knotd_qdata_t *qdata); */ knot_rrset_t knotd_qdata_zone_apex_rrset(const knotd_qdata_t *qdata, uint16_t type); +/*! + * Gets a rrset of the given type. + * + * \param[in] qdata Query data. + * \param[in] zone_name Optional zone name, the current one otherwise. + * \param[in] node_name Optional node name, apex otherwise. + * \param[out] out Destination rrset to store the output to. + * + * \return Error code (KNOT_ENOZONE, KNOT_EEMPTYZONE, KNOT_ENONODE), KNOT_EOK if success. + */ +int knotd_qdata_zone_rrset(const knotd_qdata_t *qdata, const knot_dname_t *zone_name, + const knot_dname_t *node_name, uint16_t type, + knot_rrset_t *out); + /*! General query processing states. */ typedef enum { KNOTD_STATE_NOOP = 0, /*!< No response. */ diff --git a/src/knot/modules/authsignal/Makefile.inc b/src/knot/modules/authsignal/Makefile.inc new file mode 100644 index 0000000..89c9683 --- /dev/null +++ b/src/knot/modules/authsignal/Makefile.inc @@ -0,0 +1,12 @@ +knot_modules_authsignal_la_SOURCES = knot/modules/authsignal/authsignal.c +EXTRA_DIST += knot/modules/authsignal/authsignal.rst + +if STATIC_MODULE_authsignal +libknotd_la_SOURCES += $(knot_modules_authsignal_la_SOURCES) +endif + +if SHARED_MODULE_authsignal +knot_modules_authsignal_la_LDFLAGS = $(KNOTD_MOD_LDFLAGS) +knot_modules_authsignal_la_CPPFLAGS = $(KNOTD_MOD_CPPFLAGS) +pkglib_LTLIBRARIES += knot/modules/authsignal.la +endif diff --git a/src/knot/modules/authsignal/authsignal.c b/src/knot/modules/authsignal/authsignal.c new file mode 100644 index 0000000..2f8cf0b --- /dev/null +++ b/src/knot/modules/authsignal/authsignal.c @@ -0,0 +1,88 @@ +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + */ + +#include "knot/include/module.h" + +static knotd_in_state_t signal_query(knotd_in_state_t state, knot_pkt_t *pkt, + knotd_qdata_t *qdata, knotd_mod_t *mod) +{ + assert(pkt && qdata && mod); + + // Applicable when search in zone fails. + if (!(state == KNOTD_IN_STATE_MISS || state == KNOTD_IN_STATE_NODATA)) { + return state; + } + + const unsigned name_len = knot_dname_size(qdata->name); + + // Check for prefix mismatch. + const char *prefix = "\x07_dsboot"; + const size_t prefix_len = 8; + if (name_len < prefix_len || memcmp(qdata->name, prefix, prefix_len) != 0) { + // promote NXDOMAIN to NODATA to accommodate synthesis below (= may be ENT) + qdata->rcode = KNOT_RCODE_NOERROR; + return KNOTD_IN_STATE_NODATA; + } + + // Check for qtype match + const uint16_t qtype = knot_pkt_qtype(qdata->query); + if (!(qtype == KNOT_RRTYPE_CDS || qtype == KNOT_RRTYPE_CDNSKEY)) { + // promote NXDOMAIN to NODATA to accommodate CDS/CDNSKEY synthesis + qdata->rcode = KNOT_RCODE_NOERROR; + return KNOTD_IN_STATE_NODATA; + } + + // Copy target zone name + knot_dname_storage_t target; + unsigned target_len = name_len - knot_dname_size(knotd_qdata_zone_name(qdata)) - prefix_len; + memcpy(target, qdata->name + prefix_len, target_len); + target[target_len] = '\0'; + + // Fetch CDS/CDNSKEY rrset + knot_rrset_t rrset; + int ret = knotd_qdata_zone_rrset(qdata, target, NULL, qtype, &rrset); + if (ret == KNOT_ENOZONE) { // unknown zone + return state; + } else if (ret != KNOT_EOK) { // something weird (zone empty, apex missing, ...) + qdata->rcode = KNOT_RCODE_SERVFAIL; + return KNOTD_IN_STATE_ERROR; + } else if (knot_rrset_empty(&rrset)) { // zone apex doesn't have requested type + // promote NXDOMAIN to NODATA to accommodate synthesis of other qtype + qdata->rcode = KNOT_RCODE_NOERROR; + return KNOTD_IN_STATE_NODATA; + } + + // Replace owner + rrset.owner = (knot_dname_t *)qdata->name; + + // Insert synthetic response into packet. + if (knot_pkt_put(pkt, 0, &rrset, KNOT_PF_FREE) != KNOT_EOK) { + return KNOTD_IN_STATE_ERROR; + } + + // Authoritative response. + knot_wire_set_aa(pkt->wire); + + return KNOTD_IN_STATE_HIT; +} + +int auth_signal_load(knotd_mod_t *mod) +{ + return knotd_mod_in_hook(mod, KNOTD_STAGE_ANSWER, signal_query); +} + +KNOTD_MOD_API(authsignal, KNOTD_MOD_FLAG_SCOPE_ZONE | KNOTD_MOD_FLAG_OPT_CONF, + auth_signal_load, NULL, NULL, NULL); diff --git a/src/knot/modules/authsignal/authsignal.rst b/src/knot/modules/authsignal/authsignal.rst new file mode 100644 index 0000000..01043a1 --- /dev/null +++ b/src/knot/modules/authsignal/authsignal.rst @@ -0,0 +1,41 @@ +.. _mod-authsignal: + +``authsignal`` – Automatic Authenticated DNSSEC Bootstrapping records +===================================================================== + +This module is able to synthesize records for automatic DNSSEC bootstrapping +(draft-ietf-dnsop-dnssec-bootstrapping). + +Records are synthesized only if the query can't be satisfied from the zone. + +Synthesized records also need to be signed. Typically, this would be done +using the :ref:`onlinesign` module. + +Example +------- + +Automatic forward records +......................... + +:: + mod-onlinesign: + - id: authsignal + nsec-bitmap: [CDS, CDNSKEY] + + zone: + - domain: example.net + dnssec-signing: on + - domain: _signal.ns1.example.com + module: [mod-authsignal, mod-onlinesign/authsignal] + +Result: + +.. code-block:: console + + $ kdig CDS _dsboot.example.net._signal.ns1.example.com. + ... + ;; QUESTION SECTION: + ;; _dsboot.example.net._signal.ns1.example.com. IN CDS + + ;; ANSWER SECTION: + _dsboot.example.net._signal.ns1.example.com. 0 IN CDS 45504 13 2 2F2D518FD9DBB2B1403F51398A9931F2832B89F0F85C146B130D383FC23584FA diff --git a/src/knot/nameserver/query_module.c b/src/knot/nameserver/query_module.c index 54a982b..f02ee1b 100644 --- a/src/knot/nameserver/query_module.c +++ b/src/knot/nameserver/query_module.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2023 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -665,6 +665,41 @@ knot_rrset_t knotd_qdata_zone_apex_rrset(const knotd_qdata_t *qdata, uint16_t ty return node_rrset(qdata->extra->contents->apex, type); } +_public_ +int knotd_qdata_zone_rrset(const knotd_qdata_t *qdata, const knot_dname_t *zone_name, + const knot_dname_t *node_name, uint16_t type, + knot_rrset_t *out) +{ + if (qdata == NULL || out == NULL) { + return KNOT_EINVAL; + } + + const zone_contents_t *contents = qdata->extra->contents; + if (zone_name != NULL) { + server_t *server = qdata->params->server; + zone_t *zone = knot_zonedb_find(server->zone_db, zone_name); + if (zone == NULL) { + return KNOT_ENOZONE; + } + contents = zone->contents; + } + if (contents == NULL) { + return KNOT_EEMPTYZONE; + } + + const zone_node_t *node = contents->apex; + if (node_name != NULL) { + node = zone_contents_find_node(contents, node_name); // NSEC3 not considered. + } + if (node == NULL) { + return KNOT_ENONODE; + } + + *out = node_rrset(node, type); + + return KNOT_EOK; +} + _public_ int knotd_mod_dnssec_init(knotd_mod_t *mod) { diff --git a/src/knot/query/quic-requestor.c b/src/knot/query/quic-requestor.c index 0cfb8ec..62008f9 100644 --- a/src/knot/query/quic-requestor.c +++ b/src/knot/query/quic-requestor.c @@ -87,6 +87,7 @@ static int quic_exchange(knot_quic_conn_t *conn, knot_quic_reply_t *r, int timeo if (hconn == NULL) { return KNOT_EOK; } else if (hconn != conn) { + knot_quic_cleanup(&hconn, 1); return KNOT_ESEMCHECK; } diff --git a/src/knot/zone/semantic-check.c b/src/knot/zone/semantic-check.c index 2360728..862d7a4 100644 --- a/src/knot/zone/semantic-check.c +++ b/src/knot/zone/semantic-check.c @@ -75,6 +75,8 @@ static const char *error_messages[SEM_ERR_UNKNOWN + 1] = { "missing DNSKEY", [SEM_ERR_DNSKEY_INVALID] = "invalid DNSKEY", + [SEM_ERR_DNSKEY_KEYTAG_LIMIT] = + "many DNSKEYs with equal keytag", [SEM_ERR_CDS_NONE] = "missing CDS", @@ -500,6 +502,8 @@ static sem_error_t err_dnssec2sem(int ret, uint16_t rrtype, char *info, size_t l return SEM_ERR_NSEC_RDATA_CHAIN; case KNOT_DNSSEC_ENSEC3_OPTOUT: return SEM_ERR_NSEC3_INSECURE_DELEGATION_OPT; + case KNOT_DNSSEC_EKEYTAG_LIMIT: + return SEM_ERR_DNSKEY_KEYTAG_LIMIT; default: return SEM_ERR_UNKNOWN; } diff --git a/src/knot/zone/semantic-check.h b/src/knot/zone/semantic-check.h index f92639b..6a8b3c3 100644 --- a/src/knot/zone/semantic-check.h +++ b/src/knot/zone/semantic-check.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2023 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -64,6 +64,7 @@ typedef enum { SEM_ERR_DNSKEY_NONE, SEM_ERR_DNSKEY_INVALID, + SEM_ERR_DNSKEY_KEYTAG_LIMIT, SEM_ERR_CDS_NONE, SEM_ERR_CDS_NOT_MATCH, diff --git a/src/libdnssec/version.h b/src/libdnssec/version.h index e1948bc..0368f18 100644 --- a/src/libdnssec/version.h +++ b/src/libdnssec/version.h @@ -18,7 +18,7 @@ #define DNSSEC_VERSION_MAJOR 3 #define DNSSEC_VERSION_MINOR 3 -#define DNSSEC_VERSION_PATCH 0x04 +#define DNSSEC_VERSION_PATCH 0x05 #define DNSSEC_VERSION_HEX ((DNSSEC_VERSION_MAJOR << 16) | \ (DNSSEC_VERSION_MINOR << 8) | \ diff --git a/src/libknot/errcode.h b/src/libknot/errcode.h index cf51b96..a9eb65c 100644 --- a/src/libknot/errcode.h +++ b/src/libknot/errcode.h @@ -174,6 +174,7 @@ enum knot_error { KNOT_NO_PUBLIC_KEY, KNOT_NO_PRIVATE_KEY, KNOT_NO_READY_KEY, + KNOT_DNSSEC_EKEYTAG_LIMIT, KNOT_ERROR_MAX = -501 }; diff --git a/src/libknot/error.c b/src/libknot/error.c index d5802f2..a148ee7 100644 --- a/src/libknot/error.c +++ b/src/libknot/error.c @@ -173,6 +173,7 @@ static const struct error errors[] = { { KNOT_NO_PUBLIC_KEY, "no public key" }, { KNOT_NO_PRIVATE_KEY, "no private key" }, { KNOT_NO_READY_KEY, "no key ready for submission" }, + { KNOT_DNSSEC_EKEYTAG_LIMIT, "many keys with equal keytag" }, /* Terminator */ { KNOT_ERROR, NULL } diff --git a/src/libknot/rrset-dump.c b/src/libknot/rrset-dump.c index 7011a65..51a52dd 100644 --- a/src/libknot/rrset-dump.c +++ b/src/libknot/rrset-dump.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2023 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -598,7 +598,7 @@ static void wire_text_to_str(rrset_dump_params_t *p, size_t in_len, CHECK_INMAX(in_len) // Check if quotation can ever be disabled (parser protection fallback). - if (!quote) { + if (!quote && !alpn_mode) { for (size_t i = 0; i < in_len; i++) { if (p->in[i] == ' ') { // Other WS characters are encoded. quote = true; @@ -1515,7 +1515,11 @@ static void wire_svcparam_to_str(rrset_dump_params_t *p) wire_value_list_to_str(p, wire_svcb_paramkey_to_str, p->in + val_len); break; case KNOT_SVCB_PARAM_ALPN: + dump_string(p, "\""); + CHECK_PRET wire_value_list_to_str(p, wire_text_to_str_alpn, p->in + val_len); + dump_string(p, "\""); + CHECK_PRET break; case KNOT_SVCB_PARAM_NDALPN: p->ret = -1; // must not have value diff --git a/src/libknot/rrset.h b/src/libknot/rrset.h index fdc5719..51efb74 100644 --- a/src/libknot/rrset.h +++ b/src/libknot/rrset.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2019 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -185,10 +185,27 @@ bool knot_rrset_is_nsec3rel(const knot_rrset_t *rr); int knot_rrset_rr_to_canonical(knot_rrset_t *rrset); /*! - * \brief Size of rrset in wire format. + * \brief Size of rrset in wire format (without compression). * * \retval size in bytes */ size_t knot_rrset_size(const knot_rrset_t *rrset); +/*! + * \brief Fast estimate of knot_rrset_size(); it can return slightly larger values. + */ +inline static size_t knot_rrset_size_estimate(const knot_rrset_t *rrset) +{ + if (rrset == NULL) { + return 0; + } + + /* 8B = TYPE + CLASS + TTL + RDLENGTH - sizeof(knot_rdata_t::len) + * We over-estimate by the count of padding bytes (<= rrset->rrs.count) */ + size_t estim = rrset->rrs.size + + rrset->rrs.count * (knot_dname_size(rrset->owner) + 8); + + return estim; +} + /*! @} */ diff --git a/src/libknot/version.h b/src/libknot/version.h index f3a9210..2f86ed7 100644 --- a/src/libknot/version.h +++ b/src/libknot/version.h @@ -18,7 +18,7 @@ #define KNOT_VERSION_MAJOR 3 #define KNOT_VERSION_MINOR 3 -#define KNOT_VERSION_PATCH 0x04 +#define KNOT_VERSION_PATCH 0x05 #define KNOT_VERSION_HEX ((KNOT_VERSION_MAJOR << 16) | \ (KNOT_VERSION_MINOR << 8) | \ diff --git a/src/libknot/xdp/protocols.h b/src/libknot/xdp/protocols.h index 1a18601..ee26e97 100644 --- a/src/libknot/xdp/protocols.h +++ b/src/libknot/xdp/protocols.h @@ -90,7 +90,7 @@ inline static void *prot_read_tcp(void *data, knot_xdp_msg_t *msg, uint16_t *src continue; } - if (opts + 1 > hdr_end || opts + opts[1] > hdr_end) { + if (opts + 1 > hdr_end || opts + opts[1] > hdr_end || opts[1] < 2) { // Malformed option. break; } diff --git a/src/libzscanner/error.c b/src/libzscanner/error.c index 8e571f9..a43db0e 100644 --- a/src/libzscanner/error.c +++ b/src/libzscanner/error.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2022 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -167,6 +167,8 @@ static const err_table_t err_msgs[] = { "empty comma-separated list item" ), ERR_ITEM( ZS_FILE_ACCESS, "permission denied" ), + ERR_ITEM( ZS_BAD_ALPN_BACKSLASH, + "unscaped backslash character" ), ERR_ITEM( 0, NULL ) // Terminator }; diff --git a/src/libzscanner/error.h b/src/libzscanner/error.h index f54a750..87b73a9 100644 --- a/src/libzscanner/error.h +++ b/src/libzscanner/error.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2022 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -96,6 +96,7 @@ enum err_codes { ZS_MISSING_SVCB_MANDATORY, ZS_EMPTY_LIST_ITEM, ZS_FILE_ACCESS, + ZS_BAD_ALPN_BACKSLASH, }; /*! diff --git a/src/libzscanner/scanner.c.g2 b/src/libzscanner/scanner.c.g2 index 66f6b1a..f97c3ae 100644 --- a/src/libzscanner/scanner.c.g2 +++ b/src/libzscanner/scanner.c.g2 @@ -40865,6 +40865,7 @@ tr1008: // Reset per-record contexts. s->long_string = false; s->comma_list = false; + s->pending_backslash = false; s->state = ZS_STATE_ERROR; @@ -40909,6 +40910,7 @@ tr1010: // Reset per-record contexts. s->long_string = false; s->comma_list = false; + s->pending_backslash = false; s->state = ZS_STATE_ERROR; @@ -41367,24 +41369,31 @@ tr1033: goto st319; tr1037: { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -41416,24 +41425,31 @@ tr1045: rdata_tail++; } { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -41484,24 +41500,31 @@ case 319: goto tr1032; tr1036: { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -41514,24 +41537,31 @@ tr1044: rdata_tail++; } { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -41551,24 +41581,31 @@ case 1409: goto st0; tr1038: { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -41603,24 +41640,31 @@ tr1046: rdata_tail++; } { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -41674,24 +41718,31 @@ case 1410: goto tr1032; tr1039: { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -41701,24 +41752,31 @@ tr1047: rdata_tail++; } { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -41866,24 +41924,31 @@ tr1048: goto st324; tr1052: { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -41915,24 +41980,31 @@ tr1061: rdata_tail++; } { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -42006,24 +42078,31 @@ tr1049: goto st325; tr1053: { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -42055,24 +42134,31 @@ tr1062: rdata_tail++; } { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -42122,24 +42208,31 @@ case 325: goto tr1032; tr1054: { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -42149,24 +42242,31 @@ tr1063: rdata_tail++; } { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -42187,24 +42287,31 @@ case 326: goto tr1056; tr1055: { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -42214,24 +42321,31 @@ tr1064: rdata_tail++; } { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {goto st307;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} } } } @@ -57047,6 +57161,10 @@ tr1951: } { s->comma_list = false; + if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} + } } { s->item_length = rdata_tail - s->item_length2_location - 2; @@ -57083,6 +57201,10 @@ tr1952: } { s->comma_list = false; + if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} + } } { s->item_length = rdata_tail - s->item_length2_location - 2; @@ -57126,6 +57248,10 @@ tr1953: } { s->comma_list = false; + if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} + } } { s->item_length = rdata_tail - s->item_length2_location - 2; @@ -57169,6 +57295,10 @@ tr1954: } { s->comma_list = false; + if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} + } } { s->item_length = rdata_tail - s->item_length2_location - 2; @@ -58174,6 +58304,7 @@ case 609: tr1949: { s->comma_list = true; + s->pending_backslash = false; } { if (rdata_tail < rdata_stop) { @@ -58264,6 +58395,10 @@ tr1955: } { s->comma_list = false; + if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} + } } { s->item_length = rdata_tail - s->item_length2_location - 2; @@ -58568,6 +58703,10 @@ tr1956: } { s->comma_list = false; + if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} + } } { s->item_length = rdata_tail - s->item_length2_location - 2; @@ -58919,6 +59058,10 @@ tr1957: } { s->comma_list = false; + if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} + } } { s->item_length = rdata_tail - s->item_length2_location - 2; @@ -59590,6 +59733,10 @@ tr2128: } { s->comma_list = false; + if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} + } } { s->item_length = rdata_tail - s->item_length2_location - 2; @@ -59686,6 +59833,10 @@ tr1958: } { s->comma_list = false; + if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {goto st307;} + } } { s->item_length = rdata_tail - s->item_length2_location - 2; @@ -61488,6 +61639,7 @@ case 696: tr1950: { s->comma_list = true; + s->pending_backslash = false; } { if (rdata_tail < rdata_stop) { @@ -61552,6 +61704,7 @@ case 697: tr2127: { s->comma_list = true; + s->pending_backslash = false; } { if (rdata_tail < rdata_stop) { diff --git a/src/libzscanner/scanner.c.t0 b/src/libzscanner/scanner.c.t0 index 0909496..b1b2616 100644 --- a/src/libzscanner/scanner.c.t0 +++ b/src/libzscanner/scanner.c.t0 @@ -6983,6 +6983,7 @@ _match: // Reset per-record contexts. s->long_string = false; s->comma_list = false; + s->pending_backslash = false; s->state = ZS_STATE_ERROR; @@ -7528,24 +7529,31 @@ _match: break; case 68: { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); p--; {cs = 307;goto _again;} - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {cs = 307;goto _again;} } } } @@ -8844,11 +8852,16 @@ _match: case 292: { s->comma_list = true; + s->pending_backslash = false; } break; case 293: { s->comma_list = false; + if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + p--; {cs = 307;goto _again;} + } } break; case 294: diff --git a/src/libzscanner/scanner.h b/src/libzscanner/scanner.h index b45ca48..140b4f1 100644 --- a/src/libzscanner/scanner.h +++ b/src/libzscanner/scanner.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -157,6 +157,8 @@ struct zs_scanner { bool long_string; /*! Comma separated string list indication (svcb parsing). */ bool comma_list; + /*! Indication of a non-applied backslash. */ + bool pending_backslash; /*! Pointer to the actual dname storage (origin/owner/rdata). */ uint8_t *dname; diff --git a/src/libzscanner/scanner_body.rl b/src/libzscanner/scanner_body.rl index 34d51cd..a1ff46c 100644 --- a/src/libzscanner/scanner_body.rl +++ b/src/libzscanner/scanner_body.rl @@ -1,4 +1,4 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -116,6 +116,7 @@ // Reset per-record contexts. s->long_string = false; s->comma_list = false; + s->pending_backslash = false; s->state = ZS_STATE_ERROR; @@ -656,24 +657,31 @@ } action _comma_list { - uint8_t *last_two = rdata_tail - 2; - uint16_t current_len = rdata_tail - s->item_length_location - 2; if (s->comma_list) { + uint8_t *last_two = rdata_tail - 2; + uint16_t current_len = rdata_tail - s->item_length_location - 2; if (last_two[1] == ',') { if (current_len <= 1) { WARN(ZS_EMPTY_LIST_ITEM); fhold; fgoto err_line; - } else if (last_two[0] != '\\') { // Start a new item. + } else if (last_two[0] != '\\' || !s->pending_backslash) { // Start a new item. *(s->item_length_location) = current_len; s->item_length_location = rdata_tail - 1; } else { // Remove backslash. last_two[0] = ','; rdata_tail--; + s->pending_backslash = false; } - } else if (current_len > 1 && last_two[1] == '\\') { - if (last_two[0] == '\\') { // Remove backslash. + } else if (last_two[1] == '\\') { + if (s->pending_backslash) { // Remove backslash. rdata_tail--; + s->pending_backslash = false; + } else { + s->pending_backslash = true; } + } else if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + fhold; fgoto err_line; } } } @@ -1800,9 +1808,14 @@ action _alpnl_init { s->comma_list = true; + s->pending_backslash = false; } action _alpnl_exit { s->comma_list = false; + if (s->pending_backslash) { + WARN(ZS_BAD_ALPN_BACKSLASH); + fhold; fgoto err_line; + } } action _mandatory_init { diff --git a/src/libzscanner/version.h b/src/libzscanner/version.h index 653d9bf..25520c7 100644 --- a/src/libzscanner/version.h +++ b/src/libzscanner/version.h @@ -18,7 +18,7 @@ #define ZSCANNER_VERSION_MAJOR 3 #define ZSCANNER_VERSION_MINOR 3 -#define ZSCANNER_VERSION_PATCH 0x04 +#define ZSCANNER_VERSION_PATCH 0x05 #define ZSCANNER_VERSION_HEX ((ZSCANNER_VERSION_MAJOR << 16) | \ (ZSCANNER_VERSION_MINOR << 8) | \ diff --git a/src/utils/kzonecheck/main.c b/src/utils/kzonecheck/main.c index 3a2b620..5fb4c73 100644 --- a/src/utils/kzonecheck/main.c +++ b/src/utils/kzonecheck/main.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2023 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -40,6 +40,7 @@ static void print_help(void) " -o, --origin Zone name.\n" " (default filename without .zone)\n" " -d, --dnssec Also check DNSSEC-related records.\n" + " -z, --zonemd Also check ZONEMD.\n" " -t, --time Current time specification.\n" " (default current UNIX time)\n" " -p, --print Print the zone on stdout.\n" @@ -66,7 +67,7 @@ static bool str2bool(const char *s) int main(int argc, char *argv[]) { const char *origin = NULL; - bool verbose = false, print = false; + bool zonemd = false, verbose = false, print = false; semcheck_optional_t optional = SEMCHECK_DNSSEC_AUTO; // default value for --dnssec knot_time_t check_time = (knot_time_t)time(NULL); @@ -75,6 +76,7 @@ int main(int argc, char *argv[]) { "origin", required_argument, NULL, 'o' }, { "time", required_argument, NULL, 't' }, { "dnssec", required_argument, NULL, 'd' }, + { "zonemd", no_argument, NULL, 'z' }, { "print", no_argument, NULL, 'p' }, { "verbose", no_argument, NULL, 'v' }, { "help", no_argument, NULL, 'h' }, @@ -87,7 +89,7 @@ int main(int argc, char *argv[]) /* Parse command line arguments */ int opt = 0; - while ((opt = getopt_long(argc, argv, "o:t:d:pvVh", opts, NULL)) != -1) { + while ((opt = getopt_long(argc, argv, "o:t:d:zpvVh", opts, NULL)) != -1) { switch (opt) { case 'o': origin = optarg; @@ -107,6 +109,9 @@ int main(int argc, char *argv[]) case 'd': optional = str2bool(optarg) ? SEMCHECK_DNSSEC_ON : SEMCHECK_DNSSEC_OFF; break; + case 'z': + zonemd = true; + break; case 't': if (knot_time_parse("YMDhms|#|+-#U|+-#", optarg, &check_time) != KNOT_EOK) { @@ -146,6 +151,15 @@ int main(int argc, char *argv[]) zonename = strdup(origin); } + knot_dname_storage_t zone; + if (knot_dname_from_str(zone, zonename, sizeof(zone)) == NULL) { + ERR2("invalid zone name"); + free(zonename); + return EXIT_FAILURE; + } + free(zonename); + knot_dname_to_lower(zone); + log_init(); log_levels_set(LOG_TARGET_STDOUT, LOG_SOURCE_ANY, 0); log_levels_set(LOG_TARGET_STDERR, LOG_SOURCE_ANY, 0); @@ -155,31 +169,14 @@ int main(int argc, char *argv[]) log_levels_add(LOG_TARGET_STDOUT, LOG_SOURCE_ANY, LOG_UPTO(LOG_DEBUG)); } - knot_dname_t *dname = knot_dname_from_str_alloc(zonename); - knot_dname_to_lower(dname); - free(zonename); - int ret = zone_check(filename, dname, optional, (time_t)check_time, print); - knot_dname_free(dname, NULL); - + int ret = zone_check(filename, zone, zonemd, optional, (time_t)check_time, print); log_close(); - - switch (ret) { - case KNOT_EOK: - if (verbose) { - INFO2("No semantic error found"); + if (ret == KNOT_EOK) { + if (verbose && !print) { + INFO2("No error found"); } return EXIT_SUCCESS; - case KNOT_EZONEINVAL: - ERR2("serious semantic error detected"); - // FALLTHROUGH - case KNOT_ESEMCHECK: - return EXIT_FAILURE; - case KNOT_EACCES: - case KNOT_EFILE: - ERR2("failed to load the zone file"); - return EXIT_FAILURE; - default: - ERR2("failed to run semantic checks (%s)", knot_strerror(ret)); + } else { return EXIT_FAILURE; } } diff --git a/src/utils/kzonecheck/zone_check.c b/src/utils/kzonecheck/zone_check.c index 542e152..2ea63b8 100644 --- a/src/utils/kzonecheck/zone_check.c +++ b/src/utils/kzonecheck/zone_check.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2023 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,6 +20,7 @@ #include "utils/kzonecheck/zone_check.h" #include "knot/zone/contents.h" +#include "knot/zone/digest.h" #include "knot/zone/zonefile.h" #include "knot/zone/zone-dump.h" #include "utils/common/msg.h" @@ -62,7 +63,7 @@ static void print_statistics(err_handler_stats_t *stats) } } -int zone_check(const char *zone_file, const knot_dname_t *zone_name, +int zone_check(const char *zone_file, const knot_dname_t *zone_name, bool zonemd, semcheck_optional_t optional, time_t time, bool print) { err_handler_stats_t stats = { @@ -71,7 +72,15 @@ int zone_check(const char *zone_file, const knot_dname_t *zone_name, zloader_t zl; int ret = zonefile_open(&zl, zone_file, zone_name, optional, time); - if (ret != KNOT_EOK) { + switch (ret) { + case KNOT_EOK: + break; + case KNOT_EACCES: + case KNOT_EFILE: + ERR2("failed to load the zone file"); + return ret; + default: + ERR2("failed to run semantic checks (%s)", knot_strerror(ret)); return ret; } zl.err_handler = (sem_handler_t *)&stats; @@ -80,21 +89,39 @@ int zone_check(const char *zone_file, const knot_dname_t *zone_name, zone_contents_t *contents = zonefile_load(&zl); zonefile_close(&zl); if (contents == NULL && !stats.handler.error) { + ERR2("failed to run semantic checks"); return KNOT_ERROR; } if (stats.error_count > 0) { print_statistics(&stats); - ret = stats.handler.error ? KNOT_EZONEINVAL : KNOT_ESEMCHECK; - if (print) { + if (stats.handler.error) { fprintf(stderr, "\n"); + ERR2("serious semantic error detected"); + ret = KNOT_EINVAL; + } else { + ret = KNOT_ESEMCHECK; + } + } + + if (zonemd) { + ret = zone_contents_digest_verify(contents); + if (ret != KNOT_EOK) { + if (stats.error_count > 0 && !stats.handler.error) { + fprintf(stderr, "\n"); + } + ERR2("invalid ZONEMD"); } } if (print) { + if (ret != KNOT_EOK) { + fprintf(stderr, "\n"); + } printf(";; Zone dump (Knot DNS %s)\n", PACKAGE_VERSION); zone_dump_text(contents, stdout, false, NULL); } + zone_contents_deep_free(contents); return ret; diff --git a/src/utils/kzonecheck/zone_check.h b/src/utils/kzonecheck/zone_check.h index 7039f16..206c27e 100644 --- a/src/utils/kzonecheck/zone_check.h +++ b/src/utils/kzonecheck/zone_check.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2023 CZ.NIC, z.s.p.o. +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,5 +19,5 @@ #include "knot/zone/semantic-check.h" #include "libknot/libknot.h" -int zone_check(const char *zone_file, const knot_dname_t *zone_name, +int zone_check(const char *zone_file, const knot_dname_t *zone_name, bool zonemd, semcheck_optional_t optional, time_t time, bool print); -- cgit v1.2.3