-
Notifications
You must be signed in to change notification settings - Fork 920
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dnsdist: Add a lot more of build-time options to select features #10950
dnsdist: Add a lot more of build-time options to select features #10950
Conversation
81e2538
to
9af6b80
Compare
9af6b80
to
73122f1
Compare
DISABLE_COMPLETION
is defined73122f1
to
eb5ffc6
Compare
Rebased. |
I thing we prefer positive names (so |
Let's put aside the fact that I would have to redo quite some work to change that now, it would also mean these names need to be defined by default and undefined when we want to disable a feature, which seems very cumbersome? |
It might not be worth it indeed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be nice to document the DISABLE_
feature and binding options ; maybe in a simple txt file ?
Or maybe/also have a CI minimum build target with everything disabled ?
Indeed, I'll add a few lines to the documentation.
That's a good idea but we would also need to disable the corresponding tests in the regression tests which is a bit of work, so I'll do that later. |
Just having a simple build in the first place would be nice IMO. But of course, having the remaining tests running after that would be better. I can have a quick look for the simple version if you want. |
@check-spelling-bot ReportUnrecognized words, please review:
To accept these unrecognized words as correct, run the following commands... in a clone of the git@github.com:rgacogne/pdns.git repository
If the flagged items do not appear to be textIf items relate to a ...
|
@check-spelling-bot ReportUnrecognized words, please review:
To accept these unrecognized words as correct, run the following commands... in a clone of the git@github.com:rgacogne/pdns.git repository
If the flagged items do not appear to be textIf items relate to a ...
|
The build with the least amount of features is failing because of #11105:
|
… is defined A configure option would be better, as we might then also not link against libedit.
Idem for DNSCrypt
…DYNBLOCK is defined
Co-authored-by: Pieter Lexis <pieter@plexis.eu>
aaa07aa
to
26c0632
Compare
Rebased. |
Something is not right. |
Short description
This PR adds a lot of build-time options to select which features are built into dnsdist, to reduce the attack surface, memory usage and disk usage.
These features can now be disabled via a configure option, thus not linking against the corresponding libraries:
For that last one, the console will still work if not disabled (see below) but no completion, history or line editing will be available.
These features can now be disabled by defining a value in
CXXFLAGS
:DISABLE_CARBON
)DISABLE_COMPLETION
)DISABLE_PROTOBUF
)DynBlockRulesGroup
interface (DISABLE_DEPRECATED_DYNBLOCK
)DISABLE_RECVMMSG
)DISABLE_SECPOLL
)DISABLE_PROMETHEUS
)DISABLE_WEB_CONFIG
)DISABLE_BUILTIN_HTML
)DISABLE_LUA_WEB_HANDLERS
)Additionally several Lua bindings can be removed when they are not needed:
DISABLE_NON_FFI_DQ_BINDINGS
DISABLE_POLICIES_BINDINGS
DISABLE_DOWNSTREAM_BINDINGS
DISABLE_DNSHEADER_BINDINGS
DISABLE_COMBO_ADDR_BINDINGS
DISABLE_DNSNAME_BINDINGS
DISABLE_SUFFIX_MATCH_BINDINGS
DISABLE_NETMASK_BINDINGS
DISABLE_QPS_LIMITER_BINDINGS
DISABLE_PACKETCACHE_BINDINGS
It also cleans up the usage of various integer types in our Lua bindings, to prevent silent overflow from happening. Cleaning the integer types used reduces the number of template instantiations and thus the final binary size.
Checklist
I have: