2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00

31006 Commits

Author SHA1 Message Date
Mark Andrews
f16738bae2 Merge branch '1602-rpz-system-test-failed-because-protoype-responses-timed-out' into 'master'
Resolve "rpz system test failed because protoype responses timed out."

Closes #1602

See merge request isc-projects/bind9!3040
2020-02-12 08:32:54 +00:00
Mark Andrews
c38752b07c spin waiting for prototype dig responses 2020-02-12 08:12:02 +00:00
Witold Krecicki
de16ce0581 Merge branch 'wpk/netmgr-pools-unlimited' into 'master'
Don't limit the size of uvreq/nmhandle pool artificially.

See merge request isc-projects/bind9!3031
2020-02-12 08:10:31 +00:00
Stephen Morris
bc539d48e7 Minor README tweaks 2020-02-11 15:14:50 +01:00
Witold Kręcicki
a133239698 Don't limit the size of uvreq/nmhandle pool artificially.
There was a hard limit set on number of uvreq and nmhandles
that can be allocated by a pool, but we don't handle a situation
where we can't get an uvreq. Don't limit the number at all,
let the OS deal with it.
2020-02-11 12:10:57 +00:00
Ondřej Surý
d3843161ab Merge branch '1428-possible-data-race-in-rbtdb-happens-occasionally-on-ppc64le' into 'master'
Convert all atomic operations in isc_rwlock to release-acquire memory ordering

Closes #1428

See merge request isc-projects/bind9!2985
2020-02-11 10:42:52 +00:00
Ondřej Surý
b43f5e0238 Convert all atomic operations in isc_rwlock to release-acquire memory ordering
The memory ordering in the rwlock was all wrong, I am copying excerpts
from the https://en.cppreference.com/w/c/atomic/memory_order#Relaxed_ordering
for the convenience of the reader:

  Relaxed ordering

  Atomic operations tagged memory_order_relaxed are not synchronization
  operations; they do not impose an order among concurrent memory
  accesses. They only guarantee atomicity and modification order
  consistency.

  Release-Acquire ordering

  If an atomic store in thread A is tagged memory_order_release and an
  atomic load in thread B from the same variable is tagged
  memory_order_acquire, all memory writes (non-atomic and relaxed atomic)
  that happened-before the atomic store from the point of view of thread
  A, become visible side-effects in thread B. That is, once the atomic
  load is completed, thread B is guaranteed to see everything thread A
  wrote to memory.

  The synchronization is established only between the threads releasing
  and acquiring the same atomic variable. Other threads can see different
  order of memory accesses than either or both of the synchronized
  threads.

Which basically means that we had no or weak synchronization between
threads using the same variables in the rwlock structure.  There should
not be a significant performance drop because the critical sections were
already protected by:

  while(1) {
    if (relaxed_atomic_operation) {
      break;
    }
    LOCK(lock);
    if (!relaxed_atomic_operation) {
      WAIT(sem, lock);
    }
    UNLOCK(lock)l
  }

I would add one more thing to "Don't do your own crypto, folks.":

  - Also don't do your own locking, folks.
2020-02-11 11:10:55 +01:00
Evan Hunt
3116a1c2f1 Merge branch '1598-dnssec-policy-doc' into 'master'
Resolve "Improve dnssec-policy documentation"

Closes #1598

See merge request isc-projects/bind9!3023
2020-02-11 09:01:36 +00:00
Evan Hunt
c7866acbf7 revise dnssec-policy documentation 2020-02-11 01:00:17 -08:00
Ondřej Surý
c72d37f3d5 Merge branch 'ondrej/remove-OpenSSL-engine-specification-in-label' into 'master'
Cleanup support for specifying PKCS#11 engine as part of the label

See merge request isc-projects/bind9!2943
2020-02-10 16:02:23 +00:00
Ondřej Surý
33fa3d5eb1 Remove reference to prepending label with engine in manpage 2020-02-10 07:30:19 -08:00
Ondřej Surý
a5c87d9d18 Cleanup support for specifying PKCS#11 engine as part of the label
The code for specifying OpenSSL PKCS#11 engine as part of the label
(e.g. -l "pkcs11:token=..." instead of -E pkcs11 -l "token=...")
was non-functional.  This commit just cleans the related code.
2020-02-10 07:30:19 -08:00
Ondřej Surý
497c797762 Merge branch 'ondrej/null-the-destroyed-pointer-early' into 'master'
NULL the destroyed pointer early

See merge request isc-projects/bind9!3026
2020-02-10 05:23:38 +00:00
Ondřej Surý
bc1d4c9cb4 Clear the pointer to destroyed object early using the semantic patch
Also disable the semantic patch as the code needs tweaks here and there because
some destroy functions might not destroy the object and return early if the
object is still in use.
2020-02-09 18:00:17 -08:00
Ondřej Surý
b97d003033 Add semantic patch to NULL the destroyed pointer early
Our destroy functions usually look like this:

    void
    foo_destroy(foo_t **foop) {
        foo_t foo = *foop;
        ...destroy the contents of foo...
        *foop = NULL;
    }

nulling the pointer should be done as soon as possible which is
not always the case.  This commit adds simple semantic patch that
changes the example function to:

    void
    foo_destroy(foo_t **foop) {
        foo_t foo = *foop;
        *foop = NULL;
        ...destroy the contents of foo...
    }
2020-02-09 18:00:16 -08:00
Evan Hunt
d4f7603af2 Merge branch '932-doc-query-error-logging' into 'master'
improve documentation of query logging

Closes #932

See merge request isc-projects/bind9!2976
2020-02-09 00:06:24 +00:00
Evan Hunt
21bb9fa77f improve documentation of query logging 2020-02-08 16:05:46 -08:00
Ondřej Surý
e557894717 Merge branch 'michal/fix-the-pipelined-system-test-on-openbsd' into 'master'
Fix the "pipelined" system test on OpenBSD

See merge request isc-projects/bind9!3011
2020-02-08 22:46:26 +00:00
Michał Kępień
a5e90f2aa7 Fix the "pipelined" system test on OpenBSD
On OpenBSD, the bin/tests/system/pipelined/ans5/ans.py script does not
shut down when it is sent the SIGTERM signal.  What seems to be
happening is that starting the UDP listening thread somehow makes the
accept() calls in the script's main thread uninterruptible and thus the
SIGTERM signal sent to the main thread does not get processed until a
TCP connection is established with the script's TCP socket.  Work around
the issue by setting a timeout for operations performed on the script's
TCP socket, so that each accept() call in the main thread's infinite
loop returns after at most 1 second, allowing termination signals sent
to the script to be processed.
2020-02-08 14:01:21 -08:00
Ondřej Surý
95483951ce Merge branch 'wpk/fix-atomics-usage' into 'master'
Fix atomics usage for mutexatomics

See merge request isc-projects/bind9!2967
2020-02-08 21:46:37 +00:00
Witold Kręcicki
e9bc2c865a Add mutexatomics system and unit test jobs 2020-02-08 12:34:19 -08:00
Witold Kręcicki
d708370db4 Fix atomics usage for mutexatomics 2020-02-08 12:34:19 -08:00
Ondřej Surý
d72845f01c Merge branch 'ondrej/coccinelle-improvements' into 'master'
Variaous little coccinelle improvements

See merge request isc-projects/bind9!3025
2020-02-08 11:47:42 +00:00
Ondřej Surý
41fe9b7a14 Formatting issues found by local coccinelle run 2020-02-08 03:12:09 -08:00
Ondřej Surý
de92c24b56 Replace isc_mem_put()+isc_mem_detach() with isc_mem_putanddetach() in contrib/ 2020-02-08 03:12:09 -08:00
Ondřej Surý
341840c026 Run the check-cocci on the whole tree, allow passing extra arguments 2020-02-08 03:12:09 -08:00
Ondřej Surý
0dfec4eef7 Remove #include <config.h> from netmgr.h 2020-02-08 03:12:09 -08:00
Mark Andrews
fea8b5eae6 Merge branch '1596-echo_ic-should-be-used-for-continuations' into 'master'
Resolve "echo_ic should be used for continuations."

Closes #1596

See merge request isc-projects/bind9!2991
2020-02-07 21:35:28 +00:00
Mark Andrews
1e4773f121 indent failed: descriptions 2020-02-07 21:12:21 +00:00
Mark Andrews
ec95bc6f2c indent some test descriptions/continuation 2020-02-07 21:12:21 +00:00
Mark Andrews
0d5ec0c7dc remove space before 'failed' 2020-02-07 21:12:21 +00:00
Mark Andrews
059b16b991 ident continuation of test descriptions 2020-02-07 21:12:21 +00:00
Mark Andrews
879c63b573 remove space from before 'failed'; count errors 2020-02-07 21:12:21 +00:00
Matthijs Mekking
5db8ae931c Merge branch 'each-max-zone-ttl' into 'master'
dnssec-policy neater configuration

See merge request isc-projects/bind9!3006
2020-02-07 19:28:41 +00:00
Matthijs Mekking
a8a2c06cf2 update CHANGES 2020-02-07 19:17:05 +01:00
Evan Hunt
09e061aef7 make ISO8601 duration parsing case-insensitive for robustness 2020-02-07 19:17:05 +01:00
Evan Hunt
6504e7da95 various style cleanups 2020-02-07 19:17:05 +01:00
Evan Hunt
58aa084edc add support for key algorithm mnemonics in dnssec-policy 2020-02-07 19:17:05 +01:00
Matthijs Mekking
8c0db909ee Warn if key lengths are out of range/predefined 2020-02-07 09:30:26 -08:00
Matthijs Mekking
ae6bf1979d Make key-directory optional
The key-directory keyword actually does nothing right now but may
be useful in the future if we want to differentiate between key
directories or HSM keys, or if we want to speficy different
directories for different keys or policies.  Make it optional for
the time being.
2020-02-07 09:30:26 -08:00
Matthijs Mekking
2733edb2a6 Allow for key lifetime unlimited
The keyword 'unlimited' can be used instead of PT0S which means the
same but is more comprehensible for users.

Also fix some redundant "none" parameters in the kasp test.
2020-02-07 09:30:26 -08:00
Evan Hunt
9dc630016e rename 'zone-max-ttl' to 'max-zone-ttl' for consistency 2020-02-07 09:24:06 -08:00
Matthijs Mekking
f862b974b1 Merge branch '1589-intermittent-kasp-failure-keyid-0' into 'master'
kasp test: Fix key id 0000 lookup

Closes #1589

See merge request isc-projects/bind9!2968
2020-02-07 15:09:58 +00:00
Matthijs Mekking
e97313b44d whitespace: line out settime calls nicely 2020-02-07 15:42:31 +01:00
Matthijs Mekking
b6eb28f629 kasp test: Fix key id 0000 lookup
When checking keys we search for keys by key id. The kasp test used key id
0 as an indicator that a key was not yet found. Use "no" instead.
2020-02-07 15:42:31 +01:00
Mark Andrews
b9862397ca Merge branch '1599-autosign-conversion-from-nsec3-to-nsec-can-take-more-than-2-seconds' into 'master'
Resolve "autosign conversion from NSEC3 to NSEC can take more than 2 seconds."

Closes #1599

See merge request isc-projects/bind9!3000
2020-02-07 12:37:35 +00:00
Mark Andrews
e378241324 wait a short while for no NSEC3PARAM 2020-02-07 12:16:13 +00:00
Witold Krecicki
64c7bb3552 Merge branch 'wpk/disable-openssl-siphash' into 'master'
Disable OpenSSL siphash.

See merge request isc-projects/bind9!2965
2020-02-07 12:15:51 +00:00
Witold Kręcicki
9371bad268 Disable OpenSSL siphash.
Creation of EVP_MD_CTX and EVP_PKEY is quite expensive, until
we fix the code to reuse the context and key we'll use our own
implementation of siphash.
2020-02-07 11:55:17 +00:00
Mark Andrews
8ea60d63c7 Merge branch 'marka-coverity-dns-db-find' into 'master'
Silence unchecked return reported by coverity.

See merge request isc-projects/bind9!3005
2020-02-07 09:43:50 +00:00