2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00

34861 Commits

Author SHA1 Message Date
Ondřej Surý
d4e04abb73 Merge branch 'ondrej/fix-isc_time_add-overflow' into 'main'
Fix isc_time_add() overflow

See merge request isc-projects/bind9!5511
2021-10-21 07:50:50 +00:00
Ondřej Surý
04511736a0 Add isc_time_add and isc_time_subtract unit test
The isc_time_add() and isc_time_subtract() didn't have a unit test, add
the unit test with couple of edge case vectors to check whether overflow
and underflow is correctly handled.
2021-10-21 09:31:01 +02:00
Ondřej Surý
2b147ac358 Use __builtin_*_overflow for isc_time_{add,subtract}()
Use the __builtin_uadd_overflow() and __builtin_usub_overflow() for
overflow checks in isc_time_add() and isc_time_subtract().  This
generates more efficient and safe code.
2021-10-21 09:31:01 +02:00
Ondřej Surý
8c05f12bc8 Fix isc_time_add() overflow
The isc_time_add() could overflow when t.seconds + i.seconds == UINT_MAX
and t.nanoseconds + i.nanoseconds >= NS_PER_S.

Fix the overflow in isc_time_add(), and simplify the ISC_R_RANGE checks
both in isc_time_add() and isc_time_subtract() functions.
2021-10-21 09:31:01 +02:00
Mark Andrews
d09625423c Merge branch '2944-doth-system-test-fails-with-256-file-descriptors' into 'main'
Resolve "doth system test fails with 256 file descriptors"

Closes #2944

See merge request isc-projects/bind9!5477
2021-10-20 20:45:17 +00:00
Mark Andrews
5d1e6b036a Increase the number of file descriptors for stress_http_quota.py
stress_http_quota.py uses more than 256 file descriptors and fails
on some platforms.  Increase the available descriptors to 1024.
2021-10-20 19:41:25 +00:00
Evan Hunt
d48fa3b1c4 Merge branch 'each-cleanup-qmin-test' into 'main'
fix qmin system test

See merge request isc-projects/bind9!5509
2021-10-20 06:30:05 +00:00
Evan Hunt
ac3eb921fc fix qmin system test
The qmin system test was printing spurious output.  On investigation,
the test case turned out to be both broken and ineffective: its
expectations were wrong, and it was printing the output because its
wrong expectations were not met, and those failed expectations were
not causing a test failure. All of this has been corrected.
2021-10-19 11:34:52 -07:00
Michał Kępień
3693e2aafb Merge branch 'compat/main/arm-sphinx' into 'main'
Make backward compatibility for older python-sphinx

See merge request isc-projects/bind9!5501
2021-10-19 11:46:47 +00:00
Petr Mensik
8f8bbae3fc Enable building documentation with Sphinx < 2.0.0
The ReferenceRole class is only available in Sphinx >= 2.0.0, which
makes building BIND 9 documentation impossible with older Sphinx
versions:

    Running Sphinx v1.7.6

    Configuration error:
    There is a programable error in your configuration file:

    Traceback (most recent call last):
      File "/usr/lib/python3.6/site-packages/sphinx/config.py", line 161, in __init__
        execfile_(filename, config)
      File "/usr/lib/python3.6/site-packages/sphinx/util/pycompat.py", line 150, in execfile_
        exec_(code, _globals)
      File "conf.py", line 21, in <module>
        from sphinx.util.docutils import ReferenceRole
    ImportError: cannot import name 'ReferenceRole'

Work around the problem by defining a stub version of the ReferenceRole
class if the latter cannot be imported.  This allows documentation
(without GitLab hyperlinks in release notes) to be built with older
Sphinx versions.
2021-10-19 13:41:57 +02:00
Ondřej Surý
0c10fddedc Merge branch '2953-remove-mctx-from-fctxbucket_t' into 'main'
Remove isc_mem_t from fctxbucket_t

Closes #2953

See merge request isc-projects/bind9!5506
2021-10-19 07:43:58 +00:00
Ondřej Surý
ef831e9dfe Remove isc_mem_t from fctxbucket_t
The fctxbucket_t properly attaches to the fetchctx_t, so it can safely
use its memory context.  Save a little bit of memory by removing own
memory context from fctxbucket_t.
2021-10-19 09:18:14 +02:00
Evan Hunt
2b7037fa1b Merge branch '2953-rework-the-fetchctx_t-reference-counting' into 'main'
Rewrite the fetchctx_t reference counting

Closes #2953

See merge request isc-projects/bind9!5500
2021-10-18 22:08:45 +00:00
Evan Hunt
2336bb0d9e CHANGES for [GL #2953] 2021-10-18 14:35:50 -07:00
Evan Hunt
18cc459e05 Incidental cleanup
- there are several allocation functions in adb.c that can no
  longer return NULL.
- a macro in rbt.c was never used.
2021-10-18 14:35:50 -07:00
Ondřej Surý
b01d75be36 Use fibonacci hashing for zone counter buckets
Change the 'dbuckets' hash table in resolver.c to use fibonacci
hashing like the RBT.
2021-10-18 14:35:44 -07:00
Evan Hunt
09028dd38f Simplify fctx_unlink() and fctx_destroy()
These functions are always called together; this commit
combines them.
2021-10-18 14:27:13 -07:00
Ondřej Surý
d609425bf3 Rewrite fetchctx_t reference counting
Using proper attach/detach functions for the fetch context
instead of fctx_increference() and _decreference() makes
it easier to debug reference counting errors in the resolver.

Fixed several such errors that were found as a result.
2021-10-18 14:27:13 -07:00
Evan Hunt
8dd43a8fcd Merge branch 'each-route-socket-fixes' into 'main'
fix route socket errors

See merge request isc-projects/bind9!5505
2021-10-18 21:25:28 +00:00
Evan Hunt
32b50407bf check statichandle before attaching
it is possible for udp_recv_cb() to fire after the socket
is already shutting down and statichandle is NULL; we need to
create a temporary handle in this case.
2021-10-18 14:21:04 -07:00
Evan Hunt
75427139ad attach the interface manager when activating a route socket
it was possible for the route socket's udp_recv() callback to fire
after the interfacemgr was detached, causing an assertion failure.
this has now been fixed by referencing the interfacemgr when setting up
the route socket, and dereferencing it when shutting it down.
2021-10-18 14:21:03 -07:00
Evan Hunt
9e6ed31b91 Merge branch 'each-test-fixes' into 'main'
Fix test errors that caused intermittent failures

See merge request isc-projects/bind9!5504
2021-10-18 21:19:58 +00:00
Evan Hunt
c167feb1dc Fix statistics test error
The statistics system test sometimes needs a pause to wait for the
expected stats to be reported.

Also, the test for priming queries was ineffective; the result of
the grep was not being checked.
2021-10-18 14:14:33 -07:00
Evan Hunt
3ecaccb961 Fix cds test error
The margin of error (up to 2 seconds) allowed for the inception time
in the cds system test was a bit too small, and has been increased to 3
seconds.
2021-10-18 14:13:38 -07:00
Evan Hunt
9b6060c6c4 Fix catz test error
The catz system test included a test case that was looking for a single
answer record after an update, when it should have been looking for two.
The test usually passed because of timing - the first dig usually got a
response before the update was completed - but occasionally the update
processed fast enough for the test to fail. On investigation, it turned
out to be the test that was wrong.
2021-10-18 14:13:38 -07:00
Evan Hunt
2143120636 Fix digdelv test error
The digdelv system test has a test case in which stderr was
included in the dig output. When trace logging was in use,
this confused the grep and caused a spurious test failure.
2021-10-18 14:13:05 -07:00
Evan Hunt
07e84ae54e Merge branch 'each-dispatch-fixes' into 'main'
Dispatch manager fixes

Closes #2957

See merge request isc-projects/bind9!5503
2021-10-18 21:06:56 +00:00
Evan Hunt
94496635ff silence compiler warning
Silence a warning about a signed/unsigned integer comparison.
2021-10-18 12:49:40 -07:00
Ondřej Surý
a0bb05faf6 Lock dispatch when canceling connect
When canceling pending connections, the disp->pending list
was accessed unlocked.
2021-10-18 12:46:19 -07:00
Ondřej Surý
f0931c07e7 Merge branch '2873-configuration-issues-on-solaris' into 'main'
Use correct compiler version flag in the autoconf script.

Closes #2873

See merge request isc-projects/bind9!5482
2021-10-18 13:23:06 +00:00
Ondřej Surý
7eb208005f Use correct compiler version flag in the autoconf script
The autoconf script prints used compiler version at the end of the
configure script.  Solaris native compiler doesn't support --version,
and -V has to be used which in turn isn't supported by Gcc/Clang.
Detect which version flag has to be used and call $CC with it.
2021-10-18 12:45:25 +02:00
Evan Hunt
dbcc3cb19d Merge branch '2926-netmgr-netlink' into 'main'
Use netmgr for route sockets and remove isc_socket

Closes #2926

See merge request isc-projects/bind9!5455
2021-10-15 08:27:10 +00:00
Evan Hunt
4919c7a227 CHANGES and release note for [GL #2926] 2021-10-15 01:01:25 -07:00
Evan Hunt
ab98e95f4c Don't use route socket in unit tests
Some of the libns unit tests override the isc_nmhandle_attach() and
_detach() functions. This causes a failure in ns_interface_create()
if a route socket is being used, so we add a parameter to disable it.
2021-10-15 01:01:25 -07:00
Evan Hunt
a55589f881 remove all references to isc_socket and related types
Removed socket.c, socket.h, and all references to isc_socket_t,
isc_socketmgr_t, isc_sockevent_t, etc.
2021-10-15 01:01:25 -07:00
Evan Hunt
68e8b19ddc rewrite interfacemgr to use netmgr route sockets 2021-10-15 01:01:25 -07:00
Evan Hunt
075139f60e netmgr: refactor isc__nm_incstats() and isc__nm_decstats()
route/netlink sockets don't have stats counters associated with them,
so it's now necessary to check whether socket stats exist before
incrementing or decrementing them. rather than relying on the caller
for this, we now just pass the socket and an index, and the correct
stats counter will be updated if it exists.
2021-10-15 00:57:02 -07:00
Evan Hunt
8c51a32e5c netmgr: add isc_nm_routeconnect()
isc_nm_routeconnect() opens a route/netlink socket, then calls a
connect callback, much like isc_nm_udpconnect(), with a handle that
can then be monitored for network changes.

Internally the socket is treated as a UDP socket, since route/netlink
sockets follow the datagram contract.
2021-10-15 00:56:58 -07:00
Evan Hunt
a9e35ea936 Merge branch 'each-refactor-nm-stats' into 'main'
netmgr: refactor isc__nm_incstats() and isc__nm_decstats()

See merge request isc-projects/bind9!5498
2021-10-15 07:47:40 +00:00
Evan Hunt
8d6bf826c6 netmgr: refactor isc__nm_incstats() and isc__nm_decstats()
After support for route/netlink sockets is merged, not all sockets
will have stats counters associated with them, so it's now necessary
to check whether socket stats exist before incrementing or decrementing
them. rather than relying on the caller for this, we now just pass the
socket and an index, and the correct stats counter will be updated if
it exists.
2021-10-15 00:40:37 -07:00
Mark Andrews
5307b663b2 Merge branch '2947-unexpected-deletion-of-configured-catalog-zone' into 'main'
Resolve "unexpected deletion of configured catalog zone"

Closes #2947

See merge request isc-projects/bind9!5491
2021-10-15 05:24:00 +00:00
Mark Andrews
bf9c569852 Check that existing catalog zone entries are preserved
Update the 'catz' system test by adding tests that update an
catalog zone (catalog1.example) while preserving existing entries
(increase SOA serial) then check that catalog zone has transferred
and that the existing entries have not accidentally been removed
as a consequence (can return updated zone content).
2021-10-15 15:35:14 +11:00
Mark Andrews
63145fb1d3 Prevent existing catalog zone entries being incorrectly deleted
After receiving a new version of a catalog zone it is required
to merge it with the old version.

The algorithm walks through the new version's hash table and applies
the following logic:

1. If an entry from the new version does not exist in the old
   version, then it's a new entry, add the entry to the `toadd` hash
   table.
2. If the zone does not exist in the set of configured zones, because
   it was deleted via rndc delzone or it was removed from another
   catalog zone instance, then add into to the `toadd` hash table to
   be reinstantiated.
3. If an entry from the new version also exists in the old version,
   but is modified, then add the entry to the `tomod` hash table, then
   remove it from the old version's hash table.
4. If an entry from the new version also exists in the old version and
   is the same (unmodified) then just remove it from the old version's
   hash table.

The algorithm then deletes all the remaining zones which still exist
in the old version's hash table (because only the ones that don't
exist in the new version should now remain there), then adds the ones
that were added to the `toadd`, and modifies the ones that were added
to the `tomod`, completing the merge.

During a recent refactoring, the part when the entry should be
removed from the old version's hash table on condition (4.) above
was accidentally omitted, so the unmodified zones were remaining
in the old version's hash table and consequently being deleted.
2021-10-15 04:31:37 +00:00
Mark Andrews
e0e8ab6973 Merge branch 'marka-ms-subdomain-check-srv-ptr-targets' into 'main'
Add {krb5,ms}-subdomain-self-rhs rule types

See merge request isc-projects/bind9!5499
2021-10-15 01:14:54 +00:00
Mark Andrews
19819a1f02 Release note [GL #481] 2021-10-15 11:32:17 +11:00
Mark Andrews
fd8de9e8a8 CHANGES for [GL #481] 2021-10-15 11:32:17 +11:00
Mark Andrews
bf2cde0e8a Document {krb5,ms}-subdomain-self-rhs update policy rules
Add documentation for ms-subdomain-self-rhs and krb5-subdomain-self-rhs
update policy rules.
2021-10-15 11:32:17 +11:00
Mark Andrews
4202554871 Add tests for {krb5,ms}-subdomain-self-rhs update policy rules
check that updates are accepted and rejected as expected under the
following scenarios:

* check krb5-subdomain-self-rhs match PTR
* check krb5-subdomain-self-rhs no-match PTR
* check krb5-subdomain-self-rhs match SRV
* check krb5-subdomain-self-rhs no listed types match (SRV & TXT)
* check krb5-subdomain-self-rhs no-match RDATA (SRV)
* check krb5-subdomain-self-rhs no-match TYPE (TXT)
* check krb5-subdomain-self-rhs delete PTR (matching PTR)
* check krb5-subdomain-self-rhs delete PTR (matching PTR with non-matching
  PTR)
* check krb5-subdomain-self-rhs delete ANY (matching PTR)
* check krb5-subdomain-self-rhs delete ANY (matching PTR with non-matching
  PTR)
* check krb5-subdomain-self-rhs delete SRV (matching SRV)
* check krb5-subdomain-self-rhs delete SRV (matching SRV with non-matching
  SRV)
* check krb5-subdomain-self-rhs delete ANY (matching SRV)
* check krb5-subdomain-self-rhs delete ANY (matching SRV with non-matching
  SRV)

* check ms-subdomain-self-rhs match (PTR)
* check ms-subdomain-self-rhs no-match (PTR)
* check ms-subdomain-self-rhs match (SRV)
* check ms-subdomain-self-rhs no-match (SRV)
* check ms-subdomain-self-rhs delete SRV (matching SRV)
* check ms-subdomain-self-rhs delete SRV (matching SRV with non-matching
  SRV)
* check ms-subdomain-self-rhs delete PTR (matching PTR)
* check ms-subdomain-self-rhs delete PTR (matching PTR with non-matching
  PTR)
* check ms-subdomain-self-rhs delete ANY (matching PTR)
* check ms-subdomain-self-rhs delete ANY (matching PTR with non-matching
  PTR)
* check ms-subdomain-self-rhs delete ANY (matching SRV)
* check ms-subdomain-self-rhs delete ANY (matching SRV with non-matching
  SRV)
2021-10-15 11:30:51 +11:00
Mark Andrews
93279bb4b3 Add {krb5,ms}-subdomain-self-rhs update policy rules
The new rules compare the target name in PTR and SRV records against
the machine name embedded in the kerberos principal.  This can be
used to further restrict what PTR and SRV records can be added or
deleted via dynamic updates if desired.
2021-10-15 11:18:41 +11:00
Ondřej Surý
d10968936b Merge branch 'ondrej/use-system-ephemeral-ports-in-dispatch' into 'main'
Use system ephemeral ports for default portset

See merge request isc-projects/bind9!5457
2021-10-14 16:21:31 +00:00