From 3394aa9c252813093a5a338bf1b48900ae438e2a Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 5 Dec 2024 13:16:02 -0800 Subject: [PATCH] remove "sortlist" this commit removes the deprecated "sortlist" option. the option is now marked as ancient; it is a fatal error to use it in named.conf. the sortlist system test has been removed, and other tests that referenced the option have been modified. the enabling functions, dns_message_setsortorder() and dns_rdataset_towiresorted(), have also been removed. --- bin/named/config.c | 1 - bin/named/server.c | 51 ------- bin/tests/system/Makefile.am | 1 - bin/tests/system/checkconf/deprecated.conf | 2 - bin/tests/system/checkconf/tests.sh | 1 - bin/tests/system/sortlist/ns1/example.db | 37 ----- bin/tests/system/sortlist/ns1/named.conf.in | 46 ------ bin/tests/system/sortlist/ns1/root.db | 24 ---- bin/tests/system/sortlist/setup.sh | 16 --- bin/tests/system/sortlist/tests_sortlist.py | 53 ------- doc/arm/reference.rst | 97 +------------ doc/arm/zones.inc.rst | 2 +- doc/misc/options | 2 - fuzz/isc_lex_getmastertoken.in/named.conf | Bin 16332 -> 16219 bytes fuzz/isc_lex_gettoken.in/named.conf | 16 --- lib/dns/include/dns/acl.h | 3 +- lib/dns/include/dns/message.h | 29 ---- lib/dns/include/dns/rdataset.h | 22 +-- lib/dns/include/dns/types.h | 1 - lib/dns/include/dns/view.h | 1 - lib/dns/message.c | 48 +------ lib/dns/rdataset.c | 62 +++----- lib/dns/view.c | 3 - lib/isccfg/aclconf.c | 7 +- lib/isccfg/check.c | 18 +-- lib/isccfg/namedconf.c | 2 +- lib/ns/Makefile.am | 2 - lib/ns/include/ns/sortlist.h | 68 --------- lib/ns/query.c | 100 +------------ lib/ns/sortlist.c | 150 -------------------- tests/ns/query_test.c | 1 - 31 files changed, 44 insertions(+), 822 deletions(-) delete mode 100644 bin/tests/system/sortlist/ns1/example.db delete mode 100644 bin/tests/system/sortlist/ns1/named.conf.in delete mode 100644 bin/tests/system/sortlist/ns1/root.db delete mode 100644 bin/tests/system/sortlist/setup.sh delete mode 100644 bin/tests/system/sortlist/tests_sortlist.py delete mode 100644 lib/ns/include/ns/sortlist.h delete mode 100644 lib/ns/sortlist.c diff --git a/bin/named/config.c b/bin/named/config.c index d4d6b0b4f0..8aef22dddb 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -193,7 +193,6 @@ options {\n\ require-server-cookie no;\n\ root-key-sentinel yes;\n\ servfail-ttl 1;\n\ -# sortlist \n\ stale-answer-client-timeout off;\n\ stale-answer-enable false;\n\ stale-answer-ttl 30; /* 30 seconds */\n\ diff --git a/bin/named/server.c b/bin/named/server.c index 2c231feb3b..cb78911a8a 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -584,51 +584,6 @@ configure_view_acl(const cfg_obj_t *vconfig, const cfg_obj_t *config, return result; } -/*% - * Configure a sortlist at '*aclp'. Essentially the same as - * configure_view_acl() except it calls cfg_acl_fromconfig with a - * nest_level value of 2. - */ -static isc_result_t -configure_view_sortlist(const cfg_obj_t *vconfig, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, isc_mem_t *mctx, - dns_acl_t **aclp) { - isc_result_t result; - const cfg_obj_t *maps[3]; - const cfg_obj_t *aclobj = NULL; - int i = 0; - - if (*aclp != NULL) { - dns_acl_detach(aclp); - } - if (vconfig != NULL) { - maps[i++] = cfg_tuple_get(vconfig, "options"); - } - if (config != NULL) { - const cfg_obj_t *options = NULL; - (void)cfg_map_get(config, "options", &options); - if (options != NULL) { - maps[i++] = options; - } - } - maps[i] = NULL; - - (void)named_config_get(maps, "sortlist", &aclobj); - if (aclobj == NULL) { - return ISC_R_SUCCESS; - } - - /* - * Use a nest level of 3 for the "top level" of the sortlist; - * this means each entry in the top three levels will be stored - * as lists of separate, nested ACLs, rather than merged together - * into IP tables as is usually done with ACLs. - */ - result = cfg_acl_fromconfig(aclobj, config, actx, mctx, 3, aclp); - - return result; -} - static isc_result_t configure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config, const char *confname, const char *conftuplename, @@ -5121,12 +5076,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config, "except-from", named_g_mctx, &view->answernames_exclude)); - /* - * Configure sortlist, if set - */ - CHECK(configure_view_sortlist(vconfig, config, actx, named_g_mctx, - &view->sortlist)); - /* * Configure default allow-update and allow-update-forwarding ACLs, * so they can be inherited by zones. (XXX: These are not diff --git a/bin/tests/system/Makefile.am b/bin/tests/system/Makefile.am index 2014f67ce7..3cc3db366a 100644 --- a/bin/tests/system/Makefile.am +++ b/bin/tests/system/Makefile.am @@ -150,7 +150,6 @@ TESTS = \ sfcache \ shutdown \ smartsign \ - sortlist \ spf \ staticstub \ statistics \ diff --git a/bin/tests/system/checkconf/deprecated.conf b/bin/tests/system/checkconf/deprecated.conf index 2498b05a24..d7e6cfea89 100644 --- a/bin/tests/system/checkconf/deprecated.conf +++ b/bin/tests/system/checkconf/deprecated.conf @@ -14,8 +14,6 @@ options { dnssec-validation yes; max-zone-ttl 600; - - sortlist { }; }; trust-anchors { diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index a4b35ba4ce..57637cf0cf 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -184,7 +184,6 @@ echo_i "checking named-checkconf deprecate warnings ($n)" ret=0 $CHECKCONF deprecated.conf >checkconf.out$n.1 2>&1 || ret=1 grep "option 'max-zone-ttl' is deprecated" /dev/null || ret=1 -grep "option 'sortlist' is deprecated" /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status + ret)) # set -i to ignore deprecate warnings diff --git a/bin/tests/system/sortlist/ns1/example.db b/bin/tests/system/sortlist/ns1/example.db deleted file mode 100644 index b68e2159e6..0000000000 --- a/bin/tests/system/sortlist/ns1/example.db +++ /dev/null @@ -1,37 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA ns1.example. hostmaster.example. ( - 2000042795 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -example. NS ns1.example. -ns1.example. A 10.53.0.1 - -; Let's see what the sortlist picks out of this... -a A 1.1.1.1 -a A 1.1.1.5 -a A 1.1.1.2 -a A 192.168.3.1 -a A 1.1.1.3 -a A 192.168.1.1 -a A 1.1.1.4 - -b A 10.53.0.1 -b A 10.53.0.2 -b A 10.53.0.3 -b A 10.53.0.4 -b A 10.53.0.5 - diff --git a/bin/tests/system/sortlist/ns1/named.conf.in b/bin/tests/system/sortlist/ns1/named.conf.in deleted file mode 100644 index 1a0b3ad91f..0000000000 --- a/bin/tests/system/sortlist/ns1/named.conf.in +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * SPDX-License-Identifier: MPL-2.0 - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - query-source address 10.53.0.1; - notify-source 10.53.0.1; - transfer-source 10.53.0.1; - port @PORT@; - pid-file "named.pid"; - listen-on { 10.53.0.1; }; - listen-on-v6 { none; }; - recursion no; - dnssec-validation no; - notify yes; - - sortlist { - { 10.53.0.1; // IF 10.53.0.1 - { - !1.1.1.4; !1.1.1.2; !1.1.1.3; !1.1.1.1; // sort these last, - 192.168.3/24; // this first - { 192.168.2/24; 192.168.1/24; }; }; }; // and these next - { { 10.53.0.2; 10.53.0.3; }; }; // Prefer self - 10.53.0.4; // BIND 8 compat - { 10.53.0.5; 10.53.0.5; }; // BIND 8 compat - }; -}; - -zone "." { - type primary; - file "root.db"; -}; - -zone "example" { - type primary; - file "example.db"; -}; diff --git a/bin/tests/system/sortlist/ns1/root.db b/bin/tests/system/sortlist/ns1/root.db deleted file mode 100644 index 17780d13f0..0000000000 --- a/bin/tests/system/sortlist/ns1/root.db +++ /dev/null @@ -1,24 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 -. IN SOA gson.nominum.com. a.root.servers.nil. ( - 2000042100 ; serial - 600 ; refresh - 600 ; retry - 1200 ; expire - 600 ; minimum - ) -. NS a.root-servers.nil. -a.root-servers.nil. A 10.53.0.1 - -example. NS ns2.example. -ns2.example. A 10.53.0.2 diff --git a/bin/tests/system/sortlist/setup.sh b/bin/tests/system/sortlist/setup.sh deleted file mode 100644 index 82240a7c1b..0000000000 --- a/bin/tests/system/sortlist/setup.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -. ../conf.sh - -copy_setports ns1/named.conf.in ns1/named.conf diff --git a/bin/tests/system/sortlist/tests_sortlist.py b/bin/tests/system/sortlist/tests_sortlist.py deleted file mode 100644 index f5c68c86af..0000000000 --- a/bin/tests/system/sortlist/tests_sortlist.py +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -import dns.message - -import pytest - -import isctest - - -def test_sortlist(): - """Test two-element sortlist statement""" - msg = dns.message.make_query("a.example.", "A") - resp = isctest.query.tcp(msg, "10.53.0.1", source="10.53.0.1") - sortlist = [ - "192.168.3.1", - "192.168.1.1", - "1.1.1.5", - "1.1.1.1", - "1.1.1.3", - "1.1.1.2", - "1.1.1.4", - ] - rrset = dns.rrset.from_text_list("a.example.", 300, "IN", "A", sortlist) - assert len(resp.answer) == 1 - assert resp.answer[0] == rrset - assert list(resp.answer[0].items) == list(rrset.items) - - -@pytest.mark.parametrize( - "source_ip,possible_results", - [ - ("10.53.0.2", ["10.53.0.2", "10.53.0.3"]), - ("10.53.0.3", ["10.53.0.2", "10.53.0.3"]), - ("10.53.0.4", ["10.53.0.4"]), - ("10.53.0.5", ["10.53.0.5"]), - ], -) -def test_sortlist_compat(possible_results, source_ip): - """Test one-element sortlist statement and undocumented BIND 8 features""" - msg = dns.message.make_query("b.example.", "A") - resp = isctest.query.tcp(msg, "10.53.0.1", source=source_ip) - assert ( - resp.answer[0][0].to_text() in possible_results - ), f"{possible_results} not found" diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 51a261c068..1679d3388f 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -240,7 +240,7 @@ Definition and Usage Address match lists are primarily used to determine access control for various server operations. They are also used in the :any:`listen-on` and -:any:`sortlist` statements. The elements which constitute an address match +:any:`listen-on-v6` statements. The elements which constitute an address match list can be any of the following: - :term:`ip_address`: an IP address (IPv4 or IPv6) @@ -269,8 +269,8 @@ comparisons require that the list of keys be traversed until a matching key is found, and therefore may be somewhat slower. The interpretation of a match depends on whether the list is being used -for access control, defining :any:`listen-on` ports, or in a :any:`sortlist`, -and whether the element was negated. +for access control or for defining :any:`listen-on` ports, and whether +the element was negated. When used as an access control list, a non-negated match allows access and a negated match denies access. If there is no match, access is @@ -3948,94 +3948,6 @@ Periodic Task Intervals gone away. For convenience, TTL-style time-unit suffixes may be used to specify the value. It also accepts ISO 8601 duration formats. -The :any:`sortlist` Statement -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The response to a DNS query may consist of multiple resource records -(RRs) forming a resource record set (RRset). The name server -normally returns the RRs within the RRset in an indeterminate order (but -see the :any:`rrset-order` statement in :ref:`rrset_ordering`). The client resolver code should -rearrange the RRs as appropriate: that is, using any addresses on the -local net in preference to other addresses. However, not all resolvers -can do this or are correctly configured. When a client is using a local -server, the sorting can be performed in the server, based on the -client's address. This only requires configuring the name servers, not -all the clients. - -.. namedconf:statement:: sortlist - :tags: query, deprecated - :short: Controls the ordering of RRs returned to the client, based on the client's IP address. - - This option is deprecated and will be removed in a future release. - - The :any:`sortlist` statement (see below) takes an :term:`address_match_list` and - interprets it in a special way. Each top-level statement in the :any:`sortlist` - must itself be an explicit :term:`address_match_list` with one or two elements. The - first element (which may be an IP address, an IP prefix, an ACL name, or a nested - :term:`address_match_list`) of each top-level list is checked against the source - address of the query until a match is found. When the addresses in the first - element overlap, the first rule to match is selected. - - Once the source address of the query has been matched, if the top-level - statement contains only one element, the actual primitive element that - matched the source address is used to select the address in the response - to move to the beginning of the response. If the statement is a list of - two elements, then the second element is interpreted as a topology - preference list. Each top-level element is assigned a distance, and the - address in the response with the minimum distance is moved to the - beginning of the response. - - In the following example, any queries received from any of the addresses - of the host itself get responses preferring addresses on any of the - locally connected networks. Next most preferred are addresses on the - 192.168.1/24 network, and after that either the 192.168.2/24 or - 192.168.3/24 network, with no preference shown between these two - networks. Queries received from a host on the 192.168.1/24 network - prefer other addresses on that network to the 192.168.2/24 and - 192.168.3/24 networks. Queries received from a host on the 192.168.4/24 - or the 192.168.5/24 network only prefer other addresses on their - directly connected networks. - -:: - - sortlist { - // IF the local host - // THEN first fit on the following nets - { localhost; - { localnets; - 192.168.1/24; - { 192.168.2/24; 192.168.3/24; }; }; }; - // IF on class C 192.168.1 THEN use .1, or .2 or .3 - { 192.168.1/24; - { 192.168.1/24; - { 192.168.2/24; 192.168.3/24; }; }; }; - // IF on class C 192.168.2 THEN use .2, or .1 or .3 - { 192.168.2/24; - { 192.168.2/24; - { 192.168.1/24; 192.168.3/24; }; }; }; - // IF on class C 192.168.3 THEN use .3, or .1 or .2 - { 192.168.3/24; - { 192.168.3/24; - { 192.168.1/24; 192.168.2/24; }; }; }; - // IF .4 or .5 THEN prefer that net - { { 192.168.4/24; 192.168.5/24; }; - }; - }; - -The following example illustrates reasonable behavior for the local host -and hosts on directly connected networks. Responses sent to queries from the -local host favor any of the directly connected networks. Responses -sent to queries from any other hosts on a directly connected network -prefer addresses on that same network. Responses to other queries -are not sorted. - -:: - - sortlist { - { localhost; localnets; }; - { localnets; }; - }; - .. _rrset_ordering: RRset Ordering @@ -4053,8 +3965,7 @@ RRset Ordering :short: Defines the order in which equal RRs (RRsets) are returned. The :any:`rrset-order` statement permits configuration of the ordering of - the records in a multiple-record response. See also: - :any:`sortlist`. + the records in a multiple-record response. Each rule in an :any:`rrset-order` statement is defined as follows: diff --git a/doc/arm/zones.inc.rst b/doc/arm/zones.inc.rst index 34afe377de..22e66e0611 100644 --- a/doc/arm/zones.inc.rst +++ b/doc/arm/zones.inc.rst @@ -29,7 +29,7 @@ of RRs in a set is not significant and need not be preserved by name servers, resolvers, or other parts of the DNS. However, sorting of multiple RRs is permitted for optimization purposes: for example, to specify that a particular nearby server be tried first. See -:any:`sortlist` and :ref:`rrset_ordering`. +:ref:`rrset_ordering`. The components of a Resource Record are: diff --git a/doc/misc/options b/doc/misc/options index 39dda6d191..4c253ed286 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -278,7 +278,6 @@ options { sig-validity-interval [ ]; // obsolete sig0checks-quota ; // experimental sig0checks-quota-exempt { ; ... }; // experimental - sortlist { ; ... }; // deprecated stale-answer-client-timeout ( disabled | off | ); stale-answer-enable ; stale-answer-ttl ; @@ -574,7 +573,6 @@ view [ ] { sig-signing-signatures ; sig-signing-type ; sig-validity-interval [ ]; // obsolete - sortlist { ; ... }; // deprecated stale-answer-client-timeout ( disabled | off | ); stale-answer-enable ; stale-answer-ttl ; diff --git a/fuzz/isc_lex_getmastertoken.in/named.conf b/fuzz/isc_lex_getmastertoken.in/named.conf index 0036788f444a7e11b3995e540aa79762613d9342..d40a2ab5676ba9aace79e2d0efd9c71f92811a8c 100644 GIT binary patch delta 12 TcmX?8f4gpjufXPg0(|-aD*6R* delta 139 zcmcazccy-WuRwi%L4HntdZj`&7bmBofr7q*g*6wDsc5KYq-PA|8kvCkAZbpZ7*NE} z%o@Z2Ndnb!a@GO~Am-vM&Mzv-$t*5GF$<{65ULWas3beJQbAWCB|kSYGfzQjakPLw E0JNGO!Ttcp_continuation = 0; m->verified_sig = 0; m->verify_attempted = 0; - m->order = NULL; - m->order_arg.env = NULL; - m->order_arg.acl = NULL; - m->order_arg.element = NULL; m->query.base = NULL; m->query.length = 0; m->free_query = 0; @@ -662,13 +658,6 @@ msgreset(dns_message_t *msg, bool everything) { dynbuf = next_dynbuf; } - if (msg->order_arg.env != NULL) { - dns_aclenv_detach(&msg->order_arg.env); - } - if (msg->order_arg.acl != NULL) { - dns_acl_detach(&msg->order_arg.acl); - } - /* * Set other bits to normal default values. */ @@ -2104,19 +2093,16 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, 0 && (rdataset->attributes & DNS_RDATASETATTR_RENDERED) == 0) { - const void *order_arg = &msg->order_arg; st = *(msg->buffer); count = 0; if (partial) { result = dns_rdataset_towirepartial( rdataset, name, msg->cctx, msg->buffer, - msg->order, order_arg, rd_options, - &count, NULL); + rd_options, &count, NULL); } else { - result = dns_rdataset_towiresorted( + result = dns_rdataset_towire( rdataset, name, msg->cctx, msg->buffer, - msg->order, order_arg, rd_options, - &count); + rd_options, &count); } total += count; if (partial && result == ISC_R_NOSPACE) { @@ -2178,14 +2164,12 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, if (partial) { result = dns_rdataset_towirepartial( rdataset, name, msg->cctx, - msg->buffer, msg->order, - &msg->order_arg, rd_options, - &count, NULL); + msg->buffer, rd_options, &count, + NULL); } else { - result = dns_rdataset_towiresorted( + result = dns_rdataset_towire( rdataset, name, msg->cctx, - msg->buffer, msg->order, - &msg->order_arg, rd_options, + msg->buffer, rd_options, &count); } @@ -4722,24 +4706,6 @@ dns_message_getrawmessage(dns_message_t *msg) { return &msg->saved; } -void -dns_message_setsortorder(dns_message_t *msg, dns_rdatasetorderfunc_t order, - dns_aclenv_t *env, dns_acl_t *acl, - const dns_aclelement_t *elem) { - REQUIRE(DNS_MESSAGE_VALID(msg)); - REQUIRE((order == NULL) == (env == NULL)); - REQUIRE(env == NULL || (acl != NULL || elem != NULL)); - - msg->order = order; - if (env != NULL) { - dns_aclenv_attach(env, &msg->order_arg.env); - } - if (acl != NULL) { - dns_acl_attach(acl, &msg->order_arg.acl); - } - msg->order_arg.element = elem; -} - void dns_message_settimeadjust(dns_message_t *msg, int timeadjust) { REQUIRE(DNS_MESSAGE_VALID(msg)); diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c index 9a0ee35b4e..b09ff3cf29 100644 --- a/lib/dns/rdataset.c +++ b/lib/dns/rdataset.c @@ -221,13 +221,6 @@ struct towire_sort { dns_rdata_t *rdata; }; -static int -towire_compare(const void *av, const void *bv) { - const struct towire_sort *a = (const struct towire_sort *)av; - const struct towire_sort *b = (const struct towire_sort *)bv; - return a->key - b->key; -} - static void swap_rdata(dns_rdata_t *in, unsigned int a, unsigned int b) { dns_rdata_t rdata = in[a]; @@ -236,18 +229,17 @@ swap_rdata(dns_rdata_t *in, unsigned int a, unsigned int b) { } static isc_result_t -towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, - dns_compress_t *cctx, isc_buffer_t *target, - dns_rdatasetorderfunc_t order, const void *order_arg, bool partial, - unsigned int options, unsigned int *countp, - void **state ISC_ATTR_UNUSED) { +towire(dns_rdataset_t *rdataset, const dns_name_t *owner_name, + dns_compress_t *cctx, isc_buffer_t *target, bool partial, + unsigned int options, unsigned int *countp, + void **state ISC_ATTR_UNUSED) { isc_region_t r; isc_result_t result; unsigned int i, count = 0, added; isc_buffer_t savedbuffer, rdlen, rrbuffer; unsigned int headlen; bool question = false; - bool shuffle = false, sort = false; + bool shuffle = false; bool want_random, want_cyclic; dns_rdata_t in_fixed[MAX_SHUFFLE]; dns_rdata_t *in = in_fixed; @@ -297,28 +289,25 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, } /* - * Do we want to sort and/or shuffle this answer? + * Do we want to shuffle this answer? */ if (!question && count > 1 && rdataset->type != dns_rdatatype_rrsig) { - if (order != NULL) { - sort = true; - } if (want_random || want_cyclic) { shuffle = true; } } - if (shuffle || sort) { + if (shuffle) { if (count > MAX_SHUFFLE) { in = isc_mem_cget(cctx->mctx, count, sizeof(*in)); out = isc_mem_cget(cctx->mctx, count, sizeof(*out)); if (in == NULL || out == NULL) { - shuffle = sort = false; + shuffle = false; } } } - if (shuffle || sort) { + if (shuffle) { uint32_t seed = 0; unsigned int j = 0; @@ -353,18 +342,12 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, swap_rdata(in, j, j + seed % (count - j)); } - out[i].key = (sort) ? (*order)(&in[j], order_arg) : 0; + out[i].key = 0; out[i].rdata = &in[j]; if (++j == count) { j = 0; } } - /* - * Sortlist order. - */ - if (sort) { - qsort(out, count, sizeof(out[0]), towire_compare); - } } savedbuffer = *target; @@ -415,7 +398,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, /* * Copy out the rdata */ - if (shuffle || sort) { + if (shuffle) { rdata = *(out[i].rdata); } else { dns_rdata_reset(&rdata); @@ -433,7 +416,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, added++; } - if (shuffle || sort) { + if (shuffle) { i++; if (i == count) { result = ISC_R_NOMORE; @@ -475,33 +458,22 @@ cleanup: return result; } -isc_result_t -dns_rdataset_towiresorted(dns_rdataset_t *rdataset, - const dns_name_t *owner_name, dns_compress_t *cctx, - isc_buffer_t *target, dns_rdatasetorderfunc_t order, - const void *order_arg, unsigned int options, - unsigned int *countp) { - return towiresorted(rdataset, owner_name, cctx, target, order, - order_arg, false, options, countp, NULL); -} - isc_result_t dns_rdataset_towirepartial(dns_rdataset_t *rdataset, const dns_name_t *owner_name, dns_compress_t *cctx, - isc_buffer_t *target, dns_rdatasetorderfunc_t order, - const void *order_arg, unsigned int options, + isc_buffer_t *target, unsigned int options, unsigned int *countp, void **state) { REQUIRE(state == NULL); /* XXX remove when implemented */ - return towiresorted(rdataset, owner_name, cctx, target, order, - order_arg, true, options, countp, state); + return towire(rdataset, owner_name, cctx, target, true, options, countp, + state); } isc_result_t dns_rdataset_towire(dns_rdataset_t *rdataset, const dns_name_t *owner_name, dns_compress_t *cctx, isc_buffer_t *target, unsigned int options, unsigned int *countp) { - return towiresorted(rdataset, owner_name, cctx, target, NULL, NULL, - false, options, countp, NULL); + return towire(rdataset, owner_name, cctx, target, false, options, + countp, NULL); } isc_result_t diff --git a/lib/dns/view.c b/lib/dns/view.c index f5dd2126c7..fb354d3ad7 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -324,9 +324,6 @@ destroy(dns_view_t *view) { if (view->recursiononacl != NULL) { dns_acl_detach(&view->recursiononacl); } - if (view->sortlist != NULL) { - dns_acl_detach(&view->sortlist); - } if (view->transferacl != NULL) { dns_acl_detach(&view->transferacl); } diff --git a/lib/isccfg/aclconf.c b/lib/isccfg/aclconf.c index 642ef27306..03030aa898 100644 --- a/lib/isccfg/aclconf.c +++ b/lib/isccfg/aclconf.c @@ -812,9 +812,8 @@ cfg_acl_fromconfig(const cfg_obj_t *acl_data, const cfg_obj_t *cctx, /* * If we're nesting ACLs, put the nested * ACL onto the elements list; otherwise - * merge it into *this* ACL. We nest ACLs - * in two cases: 1) sortlist, 2) if the - * nested ACL contains negated members. + * merge it into *this* ACL. We nest the + * ACL if it contains negated members. */ if (inneracl != NULL) { dns_acl_detach(&inneracl); @@ -953,7 +952,7 @@ cfg_acl_fromconfig(const cfg_obj_t *acl_data, const cfg_obj_t *cctx, /* * This should only be reached for localhost, localnets * and keyname elements, and nested ACLs if nest_level is - * nonzero (i.e., in sortlists). + * nonzero. */ if (de->nestedacl != NULL && de->type != dns_aclelementtype_nestedacl) diff --git a/lib/isccfg/check.c b/lib/isccfg/check.c index d0887be3b8..ee4dfbfb94 100644 --- a/lib/isccfg/check.c +++ b/lib/isccfg/check.c @@ -547,17 +547,13 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, isc_result_t result = ISC_R_SUCCESS, tresult; int i = 0; - static const char *acls[] = { "allow-proxy", - "allow-proxy-on", - "allow-query", - "allow-query-on", - "allow-query-cache", - "allow-query-cache-on", - "blackhole", - "match-clients", - "match-destinations", - "sortlist", - NULL }; + static const char *acls[] = { + "allow-proxy", "allow-proxy-on", + "allow-query", "allow-query-on", + "allow-query-cache", "allow-query-cache-on", + "blackhole", "match-clients", + "match-destinations", NULL + }; while (acls[i] != NULL) { tresult = checkacl(acls[i++], actx, NULL, voptions, config, diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 967b29a75d..24dd3596ee 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -2119,7 +2119,7 @@ static cfg_clausedef_t view_clauses[] = { { "rrset-order", &cfg_type_rrsetorder, 0 }, { "send-cookie", &cfg_type_boolean, 0 }, { "servfail-ttl", &cfg_type_duration, 0 }, - { "sortlist", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_DEPRECATED }, + { "sortlist", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT }, { "stale-answer-enable", &cfg_type_boolean, 0 }, { "stale-answer-client-timeout", &cfg_type_staleanswerclienttimeout, 0 }, diff --git a/lib/ns/Makefile.am b/lib/ns/Makefile.am index a1533c9db2..3e0e58746d 100644 --- a/lib/ns/Makefile.am +++ b/lib/ns/Makefile.am @@ -15,7 +15,6 @@ libns_la_HEADERS = \ include/ns/notify.h \ include/ns/query.h \ include/ns/server.h \ - include/ns/sortlist.h \ include/ns/stats.h \ include/ns/types.h \ include/ns/update.h \ @@ -31,7 +30,6 @@ libns_la_SOURCES = \ probes.d \ query.c \ server.c \ - sortlist.c \ stats.c \ update.c \ xfrout.c diff --git a/lib/ns/include/ns/sortlist.h b/lib/ns/include/ns/sortlist.h deleted file mode 100644 index baac9fd16a..0000000000 --- a/lib/ns/include/ns/sortlist.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * SPDX-License-Identifier: MPL-2.0 - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -#pragma once - -/*! \file */ - -#include - -#include -#include - -/*% - * Type for callback functions that rank addresses. - */ -typedef int (*dns_addressorderfunc_t)(const isc_netaddr_t *address, - const void *arg); - -/*% - * Return value type for setup_sortlist. - */ -typedef enum { - NS_SORTLISTTYPE_NONE, - NS_SORTLISTTYPE_1ELEMENT, - NS_SORTLISTTYPE_2ELEMENT -} ns_sortlisttype_t; - -ns_sortlisttype_t -ns_sortlist_setup(dns_acl_t *acl, dns_aclenv_t *env, isc_netaddr_t *clientaddr, - void **argp); -/*%< - * Find the sortlist statement in 'acl' (for ACL environment 'env') - * that applies to 'clientaddr', if any. - * - * If a 1-element sortlist item applies, return NS_SORTLISTTYPE_1ELEMENT and - * make '*argp' point to the matching subelement. - * - * If a 2-element sortlist item applies, return NS_SORTLISTTYPE_2ELEMENT and - * make '*argp' point to ACL that forms the second element. - * - * If no sortlist item applies, return NS_SORTLISTTYPE_NONE and set '*argp' - * to NULL. - */ - -int -ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg); -/*%< - * Find the sort order of 'addr' in 'arg', the matching element - * of a 1-element top-level sortlist statement. - */ - -int -ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg); -/*%< - * Find the sort order of 'addr' in 'arg', a topology-like - * ACL forming the second element in a 2-element top-level - * sortlist statement. - */ diff --git a/lib/ns/query.c b/lib/ns/query.c index 6460b79049..cc57bcf684 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -69,7 +69,6 @@ #include #include #include -#include #include #include @@ -4396,35 +4395,6 @@ rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult, return true; } -/* - * Extract a network address from the RDATA of an A or AAAA - * record. - * - * Returns: - * ISC_R_SUCCESS - * ISC_R_NOTIMPLEMENTED The rdata is not a known address type. - */ -static isc_result_t -rdata_tonetaddr(const dns_rdata_t *rdata, isc_netaddr_t *netaddr) { - struct in_addr ina; - struct in6_addr in6a; - - switch (rdata->type) { - case dns_rdatatype_a: - INSIST(rdata->length == 4); - memmove(&ina.s_addr, rdata->data, 4); - isc_netaddr_fromin(netaddr, &ina); - return ISC_R_SUCCESS; - case dns_rdatatype_aaaa: - INSIST(rdata->length == 16); - memmove(in6a.s6_addr, rdata->data, 16); - isc_netaddr_fromin6(netaddr, &in6a); - return ISC_R_SUCCESS; - default: - return ISC_R_NOTIMPLEMENTED; - } -} - static unsigned char inaddr10_offsets[] = { 0, 3, 11, 16 }; static unsigned char inaddr172_offsets[] = { 0, 3, 7, 15, 20 }; static unsigned char inaddr192_offsets[] = { 0, 4, 8, 16, 21 }; @@ -11354,72 +11324,6 @@ query_addauth(query_ctx_t *qctx) { } } -/* - * Find the sort order of 'rdata' in the topology-like - * ACL forming the second element in a 2-element top-level - * sortlist statement. - */ -static int -query_sortlist_order_2element(const dns_rdata_t *rdata, const void *arg) { - isc_netaddr_t netaddr; - - if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS) { - return INT_MAX; - } - return ns_sortlist_addrorder2(&netaddr, arg); -} - -/* - * Find the sort order of 'rdata' in the matching element - * of a 1-element top-level sortlist statement. - */ -static int -query_sortlist_order_1element(const dns_rdata_t *rdata, const void *arg) { - isc_netaddr_t netaddr; - - if (rdata_tonetaddr(rdata, &netaddr) != ISC_R_SUCCESS) { - return INT_MAX; - } - return ns_sortlist_addrorder1(&netaddr, arg); -} - -/* - * Find the sortlist statement that applies to 'client' and set up - * the sortlist info in in client->message appropriately. - */ -static void -query_setup_sortlist(query_ctx_t *qctx) { - isc_netaddr_t netaddr; - ns_client_t *client = qctx->client; - dns_aclenv_t *env = client->manager->aclenv; - dns_acl_t *acl = NULL; - dns_aclelement_t *elt = NULL; - void *order_arg = NULL; - - isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); - switch (ns_sortlist_setup(client->view->sortlist, env, &netaddr, - &order_arg)) - { - case NS_SORTLISTTYPE_1ELEMENT: - elt = order_arg; - dns_message_setsortorder(client->message, - query_sortlist_order_1element, env, - NULL, elt); - break; - case NS_SORTLISTTYPE_2ELEMENT: - acl = order_arg; - dns_message_setsortorder(client->message, - query_sortlist_order_2element, env, - acl, NULL); - dns_acl_detach(&acl); - break; - case NS_SORTLISTTYPE_NONE: - break; - default: - UNREACHABLE(); - } -} - /* * When sending a referral, if the answer to the question is * in the glue, sort it to the start of the additional section. @@ -11582,13 +11486,11 @@ ns_query_done(query_ctx_t *qctx) { } /* - * We are done. Set up sortlist data for the message - * rendering code, sort the answer to the front of the + * We are done. Sort the answer to the front of the * additional section if necessary, make a final tweak * to the AA bit if the auth-nxdomain config option * says so, then render and send the response. */ - query_setup_sortlist(qctx); query_glueanswer(qctx); if (qctx->client->message->rcode == dns_rcode_nxdomain && diff --git a/lib/ns/sortlist.c b/lib/ns/sortlist.c deleted file mode 100644 index 2d1766e443..0000000000 --- a/lib/ns/sortlist.c +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * SPDX-License-Identifier: MPL-2.0 - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -/*! \file */ - -#include -#include -#include - -#include -#include - -#include -#include - -ns_sortlisttype_t -ns_sortlist_setup(dns_acl_t *acl, dns_aclenv_t *env, isc_netaddr_t *clientaddr, - void **argp) { - if (acl == NULL) { - goto dont_sort; - } - - for (size_t i = 0; i < acl->length; i++) { - /* - * 'e' refers to the current 'top level statement' - * in the sortlist (see ARM). - */ - dns_aclelement_t *e = &acl->elements[i]; - dns_aclelement_t *try_elt; - dns_aclelement_t *order_elt = NULL; - dns_aclelement_t *matched_elt = NULL; - - if (e->type == dns_aclelementtype_nestedacl) { - dns_acl_t *inner = e->nestedacl; - - if (inner->length == 0) { - try_elt = e; - } else if (inner->length > 2) { - goto dont_sort; - } else if (inner->elements[0].negative) { - goto dont_sort; - } else { - try_elt = &inner->elements[0]; - if (inner->length == 2) { - order_elt = &inner->elements[1]; - } - } - } else { - /* - * BIND 8 allows bare elements at the top level - * as an undocumented feature. - */ - try_elt = e; - } - - if (!dns_aclelement_match( - clientaddr, NULL, try_elt, env, - (const dns_aclelement_t **)&matched_elt)) - { - continue; - } - - if (order_elt == NULL) { - INSIST(matched_elt != NULL); - *argp = matched_elt; - return NS_SORTLISTTYPE_1ELEMENT; - } - - if (order_elt->type == dns_aclelementtype_nestedacl) { - dns_acl_t *inner = NULL; - dns_acl_attach(order_elt->nestedacl, &inner); - *argp = inner; - return NS_SORTLISTTYPE_2ELEMENT; - } - - if (order_elt->type == dns_aclelementtype_localhost) { - rcu_read_lock(); - dns_acl_t *inner = rcu_dereference(env->localhost); - if (inner != NULL) { - *argp = dns_acl_ref(inner); - rcu_read_unlock(); - return NS_SORTLISTTYPE_2ELEMENT; - } - rcu_read_unlock(); - } - - if (order_elt->type == dns_aclelementtype_localnets) { - rcu_read_lock(); - dns_acl_t *inner = rcu_dereference(env->localhost); - if (inner != NULL) { - *argp = dns_acl_ref(inner); - rcu_read_unlock(); - return NS_SORTLISTTYPE_2ELEMENT; - } - rcu_read_unlock(); - } - - /* - * BIND 8 allows a bare IP prefix as - * the 2nd element of a 2-element - * sortlist statement. - */ - *argp = order_elt; - return NS_SORTLISTTYPE_1ELEMENT; - } - -dont_sort: - *argp = NULL; - return NS_SORTLISTTYPE_NONE; -} - -int -ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg) { - const dns_sortlist_arg_t *sla = (const dns_sortlist_arg_t *)arg; - dns_aclenv_t *env = sla->env; - const dns_acl_t *sortacl = sla->acl; - int match; - - (void)dns_acl_match(addr, NULL, sortacl, env, &match, NULL); - if (match > 0) { - return match; - } else if (match < 0) { - return INT_MAX - (-match); - } else { - return INT_MAX / 2; - } -} - -int -ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg) { - const dns_sortlist_arg_t *sla = (const dns_sortlist_arg_t *)arg; - dns_aclenv_t *env = sla->env; - const dns_aclelement_t *element = sla->element; - - if (dns_aclelement_match(addr, NULL, element, env, NULL)) { - return 0; - } - - return INT_MAX; -} diff --git a/tests/ns/query_test.c b/tests/ns/query_test.c index 3dcb1dd791..812c23350d 100644 --- a/tests/ns/query_test.c +++ b/tests/ns/query_test.c @@ -1383,7 +1383,6 @@ run_hookasync_e2e_test(const ns__query_hookasync_e2e_test_params_t *test) { result = ns_test_qctx_create(&qctx_params, &qctx); INSIST(result == ISC_R_SUCCESS); - isc_sockaddr_any(&qctx->client->peeraddr); /* for sortlist */ qctx->client->sendcb = send_noop; /* Load a zone. it should have ns.foo/A */