The initial tcp statistics test was not testing tcp-highwater counter,
but only initial number of current TCP clients, so this missing test was
added to ensure initial tcp-highwater value is correct.
After the network manager rewrite, tcp-higwater stats was only being
updated when a valid DNS query was received over tcp.
It turns out tcp-quota is updated right after a tcp connection is
accepted, before any data is read, so in the event that some client
connect but don't send a valid query, it wouldn't be taken into
account to update tcp-highwater stats, that is wrong.
This commit fix tcp-highwater to update its stats whenever a tcp connection
is established, independent of what happens after (timeout/invalid
request, etc).
During BIND startup it scans for network interfaces available, in this
process it ensures that for every interface it will bind and listen to,
at least one socket will be always available accepting connections on
that interface, this way avoiding some DOS attacks that could exploit
tcp quota on some interface and make others unavailable.
In the previous network implementation this initial "reserved" tcp-quota
used by BIND was already been added to the tcp-highwater stats, but with
the new network code it was necesary to add this workaround to ensure
tcp-highwater stats reflect the tcp-quota used by BIND after startup.
- Add a GitLab merge request number to the "trust-anchors" release
note and slightly rephrase its second half.
- Replace tabs with spaces in doc/arm/notes-9.15.7.xml to retain
consistency with other XML files containing release notes.
- Move the "Security Fixes" section for BIND 9.15.6 higher up, for
consistency with release notes for other versions.
- Add a missing release note for TCP high-water. That feature was not
yet merged when the initial version of !2524 was prepared and its
release note was missed when that merge request was later rebased.
- Rephrase the release note for CVE-2019-6477 so that it uses the same
text as its corresponding notes in all other releases.
- Unify whitespace in doc/arm/notes-9.15.6.xml.
Add a GitLab CI job (which is run only if all other jobs in a pipeline
succeed) that builds a BIND release tarball, i.e. fetches the source
tarball from the tarball building job, creates Windows zips, puts
certain parts of BIND documentation into the appropriate places, and
packs it all up into a single tarball whose contents can be subsequently
signed and published.
Add a system test job for binaries created by Visual Studio in the
"Debug" build configuration to GitLab CI so that they can be tested
along their "Release" counterparts when necessary.
Add a Visual Studio build job using the "Debug" build configuration to
GitLab CI without enabling it for every pipeline as it takes about twice
as long to complete as its "Release" counterpart.
Add a set of jobs to GitLab CI that create a BIND source tarball and
then build and test its contents. Run those extra jobs only when a tag
is pushed to the Git repository as they are only meant to be sanity
checks of BIND source tarball contents.
