Modules to become dynamically loadable modules?

Petr Menšík pemensik at redhat.com
Tue Jul 9 11:02:50 UTC 2024 

Hello unbound users!

I have been digging around existing modules for unbound. There are some 
quite nice, dnstap module for example. We package unbound for fedora and 
rhel, but do not build alternative modules like redis, ipset or dnscrypt.

Main reason for it is dependencies dragged into libunbound.so. Because 
our packaging would drag more unnecessary dependencies with each 
depending application, gnutls-dane for example. The more we enable 
during build, the more would get linked into libunbound. Which is quite 
nice library for general DNS resolution and I would recommend it for 
more complex resolution. But external module dependencies would make 
every application using it require more packages.

I know most people does not need those modules. And they are made as 
modules separate already, but not as loadable code. Of course problem is 
they often have non-trivial configuration parts.

But unbound already supports dynlibmod, which kind of prepares loading 
of external code. Could it be expanded a bit more to provide also 
configuration snippets and known loadable modules?

Our unbound-libs package now depends on libprotobuf-c.so.1, among 
others. Because we wanted dnstap. I think for general distributions, 
this approach does not scale well. Ideally I would have unbound-dnstap 
subpackage, which would only depend on protobuf-c. Another 
unbound-redis, unbound-ipset, etc. But basic daemon would not link to 
external libraries, only crypto libraries.

Is there specific reason, why loadable module cannot be dlopened only 
when cachedb module is specified? Similar with any interesting features, 
which are less common and have external library dependencies? dynlibmod 
seems capable of such thing, but would make modules configuration look 
weird. Especially when cachedb requires own section in configuration. 
dynlibmod does not seem to support additional configuration processed in 
module.

I expect those questions have already appeared. Were there any reasons 
why modules are not (yet?) separate loadable code, but linked into main 
library? Are there some blockers, why it should not be made such way?

Regards,
Petr

-- 
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

More information about the Unbound-users mailing list