The various factors like NS_PER_MS are now defined in a single place
and the names are no longer inconsistent. I chose the _PER_SEC names
rather than _PER_S because it is slightly more clear in isolation;
but the smaller units are always NS, US, and MS.
The system test should never attempt to start or stop any other server
than those that belong to that system test. Therefore, it is not
necessary to specify the system test name in function calls.
Additionally, this makes it possible to run the test inside a
differently named directory, as its name is automatically detected with
the $SYSTESTDIR variable. This enables running the system tests inside a
temporary directory.
Direct use of stop.pl was replaced with a more systematic approach to
use stop_servers helper function.
Extract the tlss values if present from the ipkeylist entry and add
the resulting tls setting to the constructed configuration for the
primary.
When comparing catalog zone entries for reuse also check the
masters.tlss values for equality.
the 'nupdates' field was originally used to track whether a client
was ready to shut down, along with other similar counters nreads,
nrecvs, naccepts and nsends. this is now tracked differently, but
nupdates was overlooked when the other counters were removed.
dlz_ldap_dynamic.c: In function ‘dlz_create’:
dlz_ldap_dynamic.c:971:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
971 | if (result != ISC_R_SUCCESS) {
| ^
dlz_ldap_dynamic.c:974:9: note: here
974 | case 11:
| ^~~~
dlz_ldap_dynamic.c:976:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
976 | if (result != ISC_R_SUCCESS) {
| ^
dlz_ldap_dynamic.c:979:9: note: here
979 | case 10:
| ^~~~
dlz_ldap_dynamic.c:980:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
980 | if (strlen(argv[9]) > 0) {
| ^
dlz_ldap_dynamic.c:987:9: note: here
987 | case 9:
| ^~~~
dlz_wildcard_dynamic.c: In function ‘dlz_lookup’:
dlz_wildcard_dynamic.c:227:14: warning: variable ‘origin’ set but not used [-Wunused-but-set-variable]
227 | bool origin = true;
| ^~~~~~
dlz_wildcard_dynamic.c: In function ‘dlz_lookup’:
dlz_wildcard_dynamic.c:252:28: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
252 | cd->record = "@";
| ^
dlz_wildcard_dynamic.c: In function ‘dlz_authority’:
dlz_wildcard_dynamic.c:328:22: warning: unused variable ‘origin’ [-Wunused-variable]
328 | bool origin;
| ^~~~~~
dlz_wildcard_dynamic.c:312:25: warning: unused variable ‘name’ [-Wunused-variable]
312 | const char *p, *name = "@";
| ^~~~
dlz_wildcard_dynamic.c: In function ‘dlz_create’:
dlz_wildcard_dynamic.c:441:23: warning: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Wsign-compare]
441 | for (i = 4; i < argc; i += 4) {
| ^
dlz_sqlite3_dynamic.c: In function ‘dlz_sqlite3_fetch_row’:
dlz_sqlite3_dynamic.c:447:31: warning: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Wsign-compare]
447 | if (rs->pnRow > 0U && rs->curRow < rs->pnRow) {
| ^
dlz_sqlite3_dynamic.c:447:50: warning: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Wsign-compare]
447 | if (rs->pnRow > 0U && rs->curRow < rs->pnRow) {
| ^
dlz_perl_driver.c: In function ‘dlz_version’:
dlz_perl_driver.c:116:27: warning: unused parameter ‘flags’ [-Wunused-parameter]
116 | dlz_version(unsigned int *flags) {
| ~~~~~~~~~~~~~~^~~~~
In file included from /usr/lib64/perl5/CORE/perl.h:5685,
from dlz_perl_driver.c:33:
dlz_perl_driver.c: In function ‘dlz_allnodes’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:151:17: note: in expansion of macro ‘POPs’
151 | POPs;
| ^~~~
dlz_perl_driver.c: In function ‘dlz_allowzonexfr’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:251:17: note: in expansion of macro ‘POPs’
251 | POPs;
| ^~~~
dlz_perl_driver.c: In function ‘dlz_findzonedb’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:328:17: note: in expansion of macro ‘POPs’
328 | POPs;
| ^~~~
dlz_perl_driver.c: In function ‘dlz_lookup’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:407:17: note: in expansion of macro ‘POPs’
407 | POPs;
| ^~~~
dlz_perl_driver.c:472:1: error: no previous prototype for ‘missing_perl_method’ [-Werror=missing-prototypes]
472 | missing_perl_method(const char *perl_class_name, PerlInterpreter *my_perl)
| ^~~~~~~~~~~~~~~~~~~
dlz_perl_driver.c: In function ‘missing_perl_method’:
dlz_perl_driver.c:485:9: error: ISO C90 forbids array ‘full_name’ whose size cannot be evaluated [-Werror=vla]
485 | char full_name[BUF_LEN];
| ^~~~
dlz_perl_driver.c: In function ‘dlz_create’:
dlz_perl_driver.c:613:13: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
613 | if (missing_method_name = missing_perl_method(perl_class_name, my_perl))
| ^~~~~~~~~~~~~~~~~~~
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:657:17: note: in expansion of macro ‘POPs’
657 | POPs;
| ^~~~
dlz_perl_driver.c:502:15: warning: unused variable ‘init_args’ [-Wunused-variable]
502 | char *init_args[] = { NULL, NULL };
| ^~~~~~~~~
gcovr fails to process fuzz/old.gcda and fuzz/old.gcno files after !7045
MR with:
(WARNING) GCOV produced the following errors processing /builds/isc-projects/bind9/fuzz/old.gcda:
Cannot open source file ../../fuzz/old.c
Cannot open source file ../../lib/dns/include/dns/compress.h
Cannot open source file ../../lib/isc/include/isc/buffer.h
...
(gcovr could not infer a working directory that resolved it.)
Given that code coverage inspection is meant only for BIND 9 code and
not its tests and auxiliary tools, the "fuzz" directory should be
excluded from being included in the code coverage report.
Remove the text from the ARM and DNSSEC guide that describes how to do
key and denial of existence operations using dynamic update. Add a new
section about DNSSEC multi-signer models, but no longer suggest using
dynamic update and auto-dnssec allow.
Remove code that triggers key and denial of existence management
operations. Dynamic update should no longer be used to do DNSSEC
maintenance (other than that of course signatures need to be
created for the new zone contents).
Remove test cases that rely upon key and denial of existence
management operations triggered by dynamic updates.
The autosign system test needed a bit more care than just removing
because the test cases are dependent on each other, so there are some
additional tweaks such as setting the NSEC3PARAM via rndc signing,
and renaming zone input files. In the process, some additional
debug output files have been added, and a 'ret' fail case overwrite
was fixed.
Since this is very sensitive code which has often had security
problems in many DNS implementations, it needs a decent amount of
validation. This fuzzer ensures that the new code has the same output
as the old code, and that it doesn't take longer than a second.
The benchmark uses the fuzzer's copy of the old dns_name_fromwire()
code to compare a number of scenarios: many compression pointers, many
labels, long labels, random data, with/without downcasing.
The aim is to do less work per byte:
* Check the bounds for each label, instead of checking the
bounds for each character.
* Instead of copying one character at a time from the wire to
the name, copy entire runs of sequential labels using memmove()
to make the most of its fast loop.
* To remember where the name ends, we only need to set the end
marker when we see a compression pointer or when we reach the
root label. There is no need to check if we jumped back and
conditionally update the counter for every character.
* To parse a compression pointer, we no longer take a diversion
around the outer loop in between reading the upper byte of the
pointer and the lower byte.
* The parser state machine is now implicit in the instruction
pointer, instead of being an explicit variable. Similarly,
when we reach the root label we break directly out of the loop
instead of setting a second state machine variable.
* DNS_NAME_DOWNCASE is never used with dns_name_fromwire() so
that option is no longer supported.
I have removed this comment which dated from January 1999 when
dns_name_fromwire() was first introduced:
/*
* Note: The following code is not optimized for speed, but
* rather for correctness. Speed will be addressed in the future.
*/
No functional change, apart from removing support for the unused
DNS_NAME_DOWNCASE option. The new code is about 2x faster than the
old code: best case 11x faster, worst case 1.4x faster.
C does not make any guarantees about the value of padding in a
structure, so bytewise comparison of two semantically equal structures
with padding can be spuriously non-equal due to non-equal padding
bytes.
Compare each member of name.attributes individually to avoid this
problem.
Create a zone that triggers DNAME owner name checks in a zone that
is only reachable using a dual stack server. The answer contains
a name that is higher in the tree than the query name.
e.g.
foo.v4only.net. CNAME v4only.net.
v4only.net. A 10.0.0.1
ns4 is serving the test zone (ipv4-only)
ns6 is the root server for this test (dual stacked)
ns7 is acting as the dual stack server (dual stacked)
ns9 is the server under test (ipv6-only)
When using dual-stack-servers the covering namespace to check whether
answers are in scope or not should be fctx->domain. To do this we need
to be able to distingish forwarding due to forwarders clauses and
dual-stack-servers. A new flag FCTX_ADDRINFO_DUALSTACK has been added
to signal this.
