Merge remote-tracking branch 'nlnet/master'

* nlnet/master: (64 commits) Changelog entry for NLnetLabs#951. - Merge NLnetLabs#951: Cachedb no store. The cachedb-no-store: yes option is used to stop cachedb from writing messages to the backend storage. It reads messages when data is available from the backend. The default is no. - Fix to print detailed errors when an SSL IO routine fails via SSL_get_error. - Changelog entry for: Merge NLnetLabs#955 from buevsan: fix ipset wrong behavior. - Update testdata/ipset.tdir test for ipset fix. - Update the dns64_lookup.rpl test for the DNS64 fallback patch. - Changelog entry for DNS64 patches from Daniel Gröber. Fixes for dns64 fallback to plain AAAA when no A records: - Cleanup if condition. - Rename variable for readability. dns64: Fall back to plain AAAA query with synthall but no A records Fixes for dns64 readability refactoring: - Move declarations to the top for C90 compliance. - Save cycles by not calling (yet) unneeded functions. - Possible use of uninitialised value. - Consistent formatting. dns64: Fix misleading indentation dns64: Refactor handle_event checks for readability fix ipset wrong behavior - Fix NLnetLabs#954: Inconsistent RPZ handling for A record returned along with CNAME. - Update pymod tests for the new Python script variable. - For multi Python module setups, clean previously parsed module functions in __main__'s dictionary, if any, so that only current module functions are registered. - Expose the configured listening and outgoing interfaces, if any, as a list of strings in the Python 'config_file' class instead of the current Swig object proxy; fixes NLnetLabs#79. - Expose the script filename in the Python module environment 'mod_env' instead of the config_file structure which includes the linked list of scripts in a multi Python module setup; fixes NLnetLabs#79. - Better fix for infinite loop when reading multiple lines of input on a broken remote control socket, by treating a zero byte line the same as transmission end. Addesses NLnetLabs#947 and NLnetLabs#948. Apply suggestions from code review - cachedb-no-store, example conf and man page documentation. Changelog note for NLnetLabs#944. - Merge NLnetLabs#944: Disable EDNS DO. Disable the EDNS DO flag in upstream requests. This can be helpful for devices that cannot handle DNSSEC information. But it should not be enabled otherwise, because that would stop DNSSEC validation. The DNSSEC validation would not work for Unbound itself, and also not for downstream users. Default is no. The option is disable-edns-do: no ...
jedisct1 · Oct 24, 2023 · d0d5711 · d0d5711
2 parents 204d3d8 + 0ce68e9
commit d0d5711
Show file tree

Hide file tree

Showing 96 changed files with 3,344 additions and 737 deletions.
diff --git a/Makefile.in b/Makefile.in
@@ -738,7 +738,7 @@ msgencode.lo msgencode.o: $(srcdir)/util/data/msgencode.c config.h $(srcdir)/uti
 msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/data/msgparse.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \
  $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
 msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
@@ -793,7 +793,7 @@ iter_priv.lo iter_priv.o: $(srcdir)/iterator/iter_priv.c config.h $(srcdir)/iter
  $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h
 iter_resptype.lo iter_resptype.o: $(srcdir)/iterator/iter_resptype.c config.h \
- $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
+ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iterator.h $(srcdir)/util/log.h \
  $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/net_help.h \
  $(srcdir)/util/data/dname.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h

diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c
@@ -265,11 +265,11 @@ cachedb_init(struct module_env* env, int id)
 		return 0;
 	}
 	cachedb_env->enabled = 1;
-	if(env->cfg->serve_expired_reply_ttl)
+	if(env->cfg->serve_expired && env->cfg->serve_expired_reply_ttl)
 		log_warn(
 			"cachedb: serve-expired-reply-ttl is set but not working for data "
-			"originating from the external cache; 0 TLL is used for those.");
-	if(env->cfg->serve_expired_client_timeout)
+			"originating from the external cache; 0 TTL is used for those.");
+	if(env->cfg->serve_expired && env->cfg->serve_expired_client_timeout)
 		log_warn(
 			"cachedb: serve-expired-client-timeout is set but not working for "
 			"data originating from the external cache; expired data are used "
@@ -815,6 +815,11 @@ cachedb_handle_response(struct module_qstate* qstate,
 		qstate->ext_state[id] = module_finished;
 		return;
 	}
+	if(qstate->env->cfg->cachedb_no_store) {
+		/* do not store the item in the external cache */
+		qstate->ext_state[id] = module_finished;
+		return;
+	}
 
 	/* store the item into the backend cache */
 	cachedb_extcache_store(qstate, ie);

diff --git a/cachedb/redis.c b/cachedb/redis.c
@@ -59,11 +59,28 @@ struct redis_moddata {
 	const char* server_path; /* server's unix path, or "", NULL if unused */
 	const char* server_password; /* server's AUTH password, or "", NULL if unused */
 	struct timeval timeout;	 /* timeout for connection setup and commands */
+	int logical_db;		/* the redis logical database to use */
 };
 
 static redisReply* redis_command(struct module_env*, struct cachedb_env*,
 	const char*, const uint8_t*, size_t);
 
+static void
+moddata_clean(struct redis_moddata** moddata) {
+	if(!moddata || !*moddata)
+		return;
+	if((*moddata)->ctxs) {
+		int i;
+		for(i = 0; i < (*moddata)->numctxs; i++) {
+			if((*moddata)->ctxs[i])
+				redisFree((*moddata)->ctxs[i]);
+		}
+		free((*moddata)->ctxs);
+	}
+	free(*moddata);
+	*moddata = NULL;
+}
+
 static redisContext*
 redis_connect(const struct redis_moddata* moddata)
 {
@@ -97,10 +114,21 @@ redis_connect(const struct redis_moddata* moddata)
 		}
 		freeReplyObject(rep);
 	}
+	if(moddata->logical_db > 0) {
+		redisReply* rep;
+		rep = redisCommand(ctx, "SELECT %d", moddata->logical_db);
+		if(!rep || rep->type == REDIS_REPLY_ERROR) {
+			log_err("failed to set logical database (%d)",
+				moddata->logical_db);
+			freeReplyObject(rep);
+			goto fail;
+		}
+		freeReplyObject(rep);
+	}
 	verbose(VERB_OPS, "Connection to Redis established");
 	return ctx;
 
-  fail:
+fail:
 	if(ctx)
 		redisFree(ctx);
 	return NULL;
@@ -117,14 +145,13 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 	moddata = calloc(1, sizeof(struct redis_moddata));
 	if(!moddata) {
 		log_err("out of memory");
-		return 0;
+		goto fail;
 	}
 	moddata->numctxs = env->cfg->num_threads;
 	moddata->ctxs = calloc(env->cfg->num_threads, sizeof(redisContext*));
 	if(!moddata->ctxs) {
 		log_err("out of memory");
-		free(moddata);
-		return 0;
+		goto fail;
 	}
 	/* note: server_host is a shallow reference to configured string.
 	 * we don't have to free it in this module. */
@@ -134,8 +161,15 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 	moddata->server_password = env->cfg->redis_server_password;
 	moddata->timeout.tv_sec = env->cfg->redis_timeout / 1000;
 	moddata->timeout.tv_usec = (env->cfg->redis_timeout % 1000) * 1000;
-	for(i = 0; i < moddata->numctxs; i++)
-		moddata->ctxs[i] = redis_connect(moddata);
+	moddata->logical_db = env->cfg->redis_logical_db;
+	for(i = 0; i < moddata->numctxs; i++) {
+		redisContext* ctx = redis_connect(moddata);
+		if(!ctx) {
+			log_err("redis_init: failed to init redis");
+			goto fail;
+		}
+		moddata->ctxs[i] = ctx;
+	}
 	cachedb_env->backend_data = moddata;
 	if(env->cfg->redis_expire_records) {
 		redisReply* rep = NULL;
@@ -148,7 +182,7 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 			log_err("redis_init: failed to init redis, the "
 				"redis-expire-records option requires the SETEX command "
 				"(redis >= 2.0.0)");
-			return 0;
+			goto fail;
 		}
 		redis_reply_type = rep->type;
 		freeReplyObject(rep);
@@ -160,11 +194,14 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 			log_err("redis_init: failed to init redis, the "
 				"redis-expire-records option requires the SETEX command "
 				"(redis >= 2.0.0)");
-			return 0;
+			goto fail;
 		}
 	}
-
 	return 1;
+
+fail:
+	moddata_clean(&moddata);
+	return 0;
 }
 
 static void
@@ -175,18 +212,7 @@ redis_deinit(struct module_env* env, struct cachedb_env* cachedb_env)
 	(void)env;
 
 	verbose(VERB_OPS, "Redis deinitialization");
-
-	if(!moddata)
-		return;
-	if(moddata->ctxs) {
-		int i;
-		for(i = 0; i < moddata->numctxs; i++) {
-			if(moddata->ctxs[i])
-				redisFree(moddata->ctxs[i]);
-		}
-		free(moddata->ctxs);
-	}
-	free(moddata);
+	moddata_clean(&moddata);
 }
 
 /*