Jan Hák
6055b7c9f6
acl: add protocol option to the configuration
2024-09-27 12:41:36 +02:00
Jan Doskočil
b3e2a5916f
tests: longer lasting RRSIGs to prevent test breakage by expiration
2024-08-19 13:42:24 +02:00
Jan Doskočil
dc9fe7869d
test_journal: correct potential for truncation in snprintf
...
fmt string is "i%d" - theoretically if the argument was eg INT_MIN this
could've been 13 chars long, which is why gcc threw a warning
2024-08-16 11:09:30 +02:00
Daniel Salzman
934914bf38
module: add protocol processing callback
2024-08-12 08:01:47 +02:00
Daniel Salzman
3187da5791
tests/confdb: fix UBSAN 'applying non-zero offset 1 to null pointer'
2024-07-25 14:25:15 +02:00
Jan Doskočil
24288b60a6
dnssec: superfluous NSEC semantic test case
2024-07-11 16:46:56 +02:00
Daniel Salzman
f6c1a557d7
conf: add options for XDP preferred busy polling
2024-04-04 10:05:39 +02:00
Daniel Salzman
7d4b53a231
conf: add xdp.ring-size configuration option
2024-04-03 21:40:57 +02:00
Daniel Salzman
b2cba0a723
semchecks: extend SOA presence checks
2024-03-27 08:40:33 +01:00
Libor Peltan
4647ac1f5d
dnssec/validation: fix validation of two CSKs
2024-02-27 16:40:13 +01:00
Daniel Salzman
66ab02cc13
dnssec/validation: add limit on non-matching keys with a duplicate keytag
2024-02-27 13:04:04 +01:00
Daniel Salzman
a985930bf9
tests: remove useless test
2024-01-21 20:40:37 +01:00
Daniel Salzman
ec36c9f679
conf: change conf_import() arguments to flags
2024-01-16 13:48:11 +01:00
Daniel Salzman
e4e2b2503f
acl: extend 'update-owner-match' with a 'pattern' mode
2023-12-08 09:29:33 +01:00
Daniel Salzman
999d404c01
semchecks: check SHA-1 and GOST even if not supported by libdnssec or local policy
2023-11-23 20:55:53 +01:00
Daniel Salzman
9f8ba83231
conf: consider more remote.via addresses with the same address family
2023-11-14 13:14:48 +01:00
Daniel Salzman
14dbad9c2b
semchecks: remove check for DS at non-delegation point
...
It showed that having DS without NS can be convenient for private zones
with DNSSEC:
"Tuomo Soini: Anybody from internet gets NXDOMAIN because public dns servers
don't know anything about internal zone."
This partially reverts:
b0da0e1182f7b0793f07
2023-10-04 11:03:31 +02:00
Daniel Salzman
5c5a6d9d7f
serial: split serial_next() to serial_next_generic() and serial_next(), add test
2023-07-25 17:58:51 +02:00
Libor Peltan
0c475eae4a
knot: implemented serial-modulo
2023-07-25 17:58:51 +02:00
Libor Peltan
36fff51b20
knot: refactoring: read out serial-policy config inside serial_next()
2023-07-25 17:58:51 +02:00
Daniel Salzman
cc7aa37d8e
timers: write master-pinning-related timers only if non-empty
2023-07-18 11:27:49 +02:00
Libor Peltan
18ff92aa47
requestor: refactoring: add EDNS option in requestor
2023-07-10 09:04:14 +02:00
Jan Hák
498b3b37f6
kzonecheck: add flag '-p' that prints zone on stdout
2023-06-15 10:22:08 +02:00
Daniel Salzman
8a24d4ab47
requestor: fix local certificate initialization
2023-05-23 10:42:01 +02:00
Daniel Salzman
b591442bc2
requestor: add support for remote certificate pin check
2023-05-23 10:42:01 +02:00
Libor Peltan
a5fc3bb6d3
events: bugfix: retype params for va_fun zone_events_schedule_at
2023-05-11 14:40:08 +02:00
Daniel Salzman
3744c843bb
acl: add client certificate public key pin check
2023-03-02 21:01:33 +01:00
Daniel Salzman
e987372a0a
server: set 0222 mode to STREAM UNIX listen socket files
2023-01-04 08:47:45 +01:00
Daniel Salzman
f7b0793f07
tests: add tests for DS at apex or at non-delegation point
2022-11-16 15:39:08 +01:00
Daniel Salzman
a1a384b5f7
tests: increase robustness of test_fdset
2022-09-16 14:18:31 +02:00
Daniel Salzman
5df3518b17
kaspdb: return the first timestamp from kasp_db_load_offline_records() if for_time is 0
2022-08-09 17:13:14 +02:00
Daniel Salzman
41cdb22ad2
conf: improve QUIC-specific options, add doc, reduce defaults
2022-07-24 19:35:00 +02:00
Libor Peltan
38714ce333
xdp-quic: proper quic-specific configuration options
2022-07-24 19:35:00 +02:00
Daniel Salzman
6b6cc6a00f
conf: use CONFIG_DIR as a base directory for QUIC key and cert files
2022-07-24 19:34:26 +02:00
Daniel Salzman
772cab052f
conf: split 'xdp.quic' into 'xdp.quic' and 'xdp.quic-port'
2022-07-24 19:34:26 +02:00
Daniel Salzman
a8525ade5d
server: add proto value to qdata and remove redundant qdata flags
...
Also add QUIC support to mod-stats and mod-probe.
Restrict the proxy mode to UDP in the xdp-handler.
2022-07-24 19:34:26 +02:00
Libor Peltan
2ce87eb3b1
xdp-tcp: integrate with new BPF filter with configurable QUIC port
2022-07-23 17:28:24 +02:00
Daniel Salzman
7d63072d43
conf: add 'query' ACL action for allowing only DNS queries with a TSIG
2022-06-06 17:23:23 +02:00
Daniel Salzman
241e9cae89
semchecks: improve some error messages
2022-05-27 14:35:19 +02:00
Daniel Salzman
719a411a18
semchecks: improve DNSSEC validation error messages
2022-05-27 14:35:19 +02:00
Libor Peltan
16ddd88616
libdnssec: verify correct DNSKEY flags and proto
2022-05-27 14:35:19 +02:00
Libor Peltan
fa828c5da7
sematic-checks: use verification routines from dnssec-verify
2022-05-27 14:35:19 +02:00
Daniel Salzman
b72a707aed
knotd,kxdpgun: adapt to new XDP initialization
2022-05-16 08:36:02 +02:00
Daniel Salzman
083831540d
conf: add optional automatic ACL rule synthesis for 'master' and 'notify' remotes
2022-04-22 14:33:12 +02:00
Daniel Salzman
36ee79139b
conf: merge tcp-max-syn-clients and tcp-max-clients XDP options
2022-03-16 15:24:42 +01:00
Libor Peltan
1a435a5e2e
xdp-tcp: allow configuring outbuf memory limit separately
2022-03-16 14:58:06 +01:00
Libor Peltan
a023cc05ce
xdp-tcp: allow configuring separate SYN table
2022-03-16 14:58:06 +01:00
Libor Peltan
302b690199
xdp-tcp: major refactoring + store outgoing buffers
...
- both unsent and unacked buffers of outgoing payload stored
- no longer uses dynarray
- multiple in-buffers per relay
- packets are only sent in knot_tcp_send()
2022-03-16 13:41:23 +01:00
Libor Peltan
2eb866673f
timers: refactoring: store expire timestamp instead of last refresh
2022-02-24 16:44:01 +01:00
Daniel Salzman
53aabc1b66
tests/confio: extend tests for conf_io_list()
2022-02-22 16:49:52 +01:00
