git.ipfire.org Git - thirdparty/pdns.git/log

Merge pull request #14151 from romeroalx/backport-14044-to-dnsdist-1.8.x

dnsdist: Backport 14044 to dnsdist-1.8.x: gh actions - replace yq snap in collect job build-and-test-all

gh actions - build-and-test-all: use a ubuntu-22 runner for job collect

gh actions - replace yq snap in collect job build-and-test-all

Merge pull request #13696 from omoerbeek/backport-13675-to-dnsdist-1.8.x

Backport 13675 to dnsdist 1.8.x: Fix documentation building error for dnsdist and recursor

dnsdist: Fix the version of alabaster when building the doc

Fixes
```
The alabaster extension used by this project needs at least Sphinx v3.4; it therefore cannot be built with this version.
```

(cherry picked from commit c2a7ef8bd4f2423e2dc0eaa4d4a46de99b44636b)

rec: Fix the version of alabaster when building the doc

Fixes
```
The alabaster extension used by this project needs at least Sphinx v3.4; it therefore cannot be built with this version.
```

(cherry picked from commit ac89467f17bb888fbd48c0f4c5267beab95aebee)

Merge pull request #13601 from rgacogne/ddist18-13342

dnsdist-1.8.x: Add a `DynBlockRulesGroup:removeRange()` binding

Merge pull request #13602 from rgacogne/ddist18-13310

dnsdist-1.8.x: Fix several cosmetic issues in eBPF dynamic blocks, update documentation

Merge pull request #13603 from rgacogne/ddist18-13403

dnsdist-1.8.x: Fix a race in the Async unit tests

Merge pull request #13604 from rgacogne/ddist18-13182

dnsdist-1.8.x: Also test metrics with recvmmsg support enabled

Merge pull request #13605 from rgacogne/ddist18-13135

dnsdist-1.8.x: Add a `DNSHeader:getTC()` Lua binding

Merge pull request #13607 from rgacogne/ddist18-13071

dnsdist-1.8.x: Fix code producing json

Merge pull request #13600 from rgacogne/ddist18-13314

dnsdist-1.8.x: Skip our BADVERS regression test on broken Python versions

Merge pull request #13599 from rgacogne/ddist18-13488

dnsdist-1.8.x: Fix the removal of the last rule by name or UUID

Merge pull request #13598 from rgacogne/ddist18-13536

dnsdist-1.8.x: Detect and dismiss truncated UDP responses from a backend

Implement recomendationm from #13050: step 1

Revert #12660

(cherry picked from commit 26f5d6058d8b0cf4ad2f8da729cb906796c297a0)

dnsdist: Fix the documented return value of DNSHeader:getTC()

(cherry picked from commit dfd90e05d024dbc7c5a01975fc4e753cad03e77d)

dnsdist: Add a DNSHeader:getTC() Lua binding

(cherry picked from commit 2be955a17cd79d92dd5ab3975481c4a53c6369a1)

dnsdist: Also test metrics with recvmmsg support enabled

We have seen in https://github.com/PowerDNS/pdns/issues/13148 that
we can easily break frontend metrics when `recvmmsg`/`sendmmsg`
support is enabled via `setUDPMultipleMessagesVectorSize()`, so let's
test the metrics in that case explicitly so we do not break them
again in the future.

(cherry picked from commit bd5a0bc629d6445be7a77e1c28539702f5cf2585)

dnsdist: Fix a race in the Async unit tests

We used to set the `errorRaised` variable from the `AsynchronousHolder`
thread then check its value from the main thread, which is correctly
reported as TSAN as a data race. We do know that we have waited enough,
and that otherwise it's fine to fail, but TSAN cannot know that. Switching
to a `std::atomic<bool>` fixes it.

(cherry picked from commit f39b15a71271afe6333e55f5994b680a68eeccbd)

dnsdist: Fix eBPF metrics in the internal web server

We used to only display eBPF dynamic blocks for the Dynamic BPF
registered via `registerDynBPFFilter()`, which does not play well
with the new DynBlockRulesGroup approach.
This commit fixes it by making exporting / displaying metric for
the default BPF filter (`setDefaultBPFFilter`) as well.

(cherry picked from commit 2b8de4d5c2f0d8360ef0bd6b4e33183acd1e0a87)

dnsdist: Document that `add*DynBlocks()` methods are legacy ones

(cherry picked from commit a53e079749c0472c0187c4e7f5ac57408165786d)

dnsdist: Log whether newly inserted dynamic blocks are eBPF-based

(cherry picked from commit c7306f1464596b9bc6b4d3325d26b1d9d997b3c5)

dnsdist: Display whether blocks are eBPF-based in `showDynBlocks()`

(cherry picked from commit 8959c0adf0f5be11c2c5dac1b86efe41881e81e1)

dnsdist: Disable the complexity check for setupLuaInspection()

(cherry picked from commit cbf61a8c98e712529609fec795d9b0e3a8f16516)

dnsdist: Fix version in the documentation of DynBlockRulesGroup:removeRange()

(cherry picked from commit f44613ecba20799ce1b6108424789ef5476dfb6c)

dnsdist: Add a DynBlockRulesGroup:removeRange() binding

This adds the ability to remove an existing range from the list of
existing included/excluded ranges.

(cherry picked from commit 59a8b3389bb12e127165a9e3fb0f2f28f97adcde)

dnsdist: Skip our BADVERS regression test on broken Python versions

See https://github.com/PowerDNS/pdns/pull/12912 for the longer
explanation.

(cherry picked from commit f57b74a69cf3b235ac22b38deb77ff3b09aba27b)

dnsdist: Add a regression test for rules removal

(cherry picked from commit 90149f576d927e7746d57008bf8ac66101d7c47c)

dnsdist: Prevent a copy of the UUID when scanning rules for removal

(cherry picked from commit aa7c1fcdd0500aa349659aa7a33cae960e45f093)

dnsdist: Fix the removal of the last rule by name or UUID

(cherry picked from commit 26fb52245b02022f50ab138dfcde4140bd2f707f)

dnsdist: Explain to clang-tidy that resizing a moved vector is fine

(cherry picked from commit c0391c22e44f9cef35a13feaf211bbc0b16573b7)

dnsdist: Detect and dismiss truncated UDP responses from a backend

Until now we would not have detected if the response was larger than
our buffer (4096 bytes or larger in some cases), which could have
led to parsing errors or even forwarding a corrupted response.

(cherry picked from commit 17a0b06ee3cfa43bb9ac4a0cd5186fbc42e090a5)

Merge pull request #13573 from romeroalx/rel/dnsdist-1.8.x-workflow-call

GH Actions - rel/dnsdist-1.8.x: make `build-and-test-all` and `builder` workflows reusable from other branches

make builder workflow reusable

make build-and-test-all reusable

test ubuntu jammy build target

builder: drop ubuntu kinetic, it is EOL

Merge pull request #13523 from rgacogne/ddist18-backoff

dnsdist-1.8.x: Refactor the exponential back-off timer code

dnsdist: Refactor the exponential back-off timer code

The existing code could overflow in some cases, leading to a
potentially endless busy-loop.

(cherry picked from commit d629f5b02ee6de8bf94592980472337fdbf301ad)

Merge pull request #13356 from Habbie/backport-13355-to-dnsdist-1.8.x

dnsdist 1.8 Docker: enable h2o again, using our fork

dnsdist Docker: enable h2o again, using our fork

(cherry picked from commit de02bfc15ca0b17bb082bcffd0882ec03257ce57)

Merge pull request #13349 from rgacogne/ddist18-powerdns-h2o-h2-rapid-reset

dnsdist-1.8x: Switch to our fork of h2o to mitigate http2 rapid reset

builder-support: Use curl's "fail fast with no output at all on server errors" option

(cherry picked from commit 97d18cb451fcac78816604556629278c9ca49d3c)

dnsdist: Switch to our fork of h2o to mitigate http2 rapid reset

(cherry picked from commit 115db75920b73f07c356308df1b83ba296850e2a)

Merge pull request #13184 from rgacogne/ddist18-backport-package-building-workflow

dnsdist-1.8.x: Backport the workflow to build packages from tags

Fix 'check if hashes were created for all requested targets'

fix the provenance generation

dnsdist-1.8.x: Backport the workflow to build packages from tags

Merge pull request #13178 from rgacogne/ddist18-tcpiohandler-fix-conn-index-race

dnsdist-1.8.x: TCPIOHandler: Fix a race when creating the first TLS connections

TCPIOHandler: Fix a race when creating the first TLS connections

We used to get a index from OpenSSL when the first incoming or
outgoing TLS connection was created. That index is later used
to store application-related data along the TLS connection, to
be able to access it in callbacks called from inside the OpenSSL
library.
Unfortunately the atomic flag construction used was racy: if a second
connection is created while the first one is still getting the index,
it could be reading the initial value (-1) instead of the actual index,
which might prevent the callback from working properly because they
cannot retrieve the necessary data. The good news is that this should
not have a serious impact: a TLS session might not be properly resumed
while it should have been, leading to a full TLS session negotiation.
This commit fixes the race by using a full mutex and only releasing
it once the value has been computed. In order to avoid a performance
penalty, the index is now computed when a TLS connection _context_
is created, instead of a TLS connection. TLS contexts should be
reused for a large number of connections, and mostly created during
startup or in the first few seconds of the application.

The race was reported by Thread Sanitizer during the
`test_TLS.py::TestTLSFrontendLimits::testTCPConnsPerTLSFrontend`
regression test as:
```
WARNING: ThreadSanitizer: data race (pid=120466)
  Read of size 4 at 0x55a12bf3d758 by thread T4:
    #0 OpenSSLTLSConnection::OpenSSLTLSConnection(int, timeval const&, std::shared_ptr<OpenSSLFrontendContext>) /work/pdns/pdns/dnsdistdist/tcpiohandler.cc:106 (dnsdist+0x97ece8) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #1 std::__detail::_MakeUniq<OpenSSLTLSConnection>::__single_object std::make_unique<OpenSSLTLSConnection, int&, timeval const&, std::shared_ptr<OpenSSLFrontendContext>&>(int&, timeval const&, std::shared_ptr<OpenSSLFrontendContext>&) /usr/include/c++/13.2.1/bits/unique_ptr.h:1070 (dnsdist+0x97eff6) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #2 OpenSSLTLSIOCtx::getConnection(int, timeval const&, long) /work/pdns/pdns/dnsdistdist/tcpiohandler.cc:797 (dnsdist+0x97eff6)
    #3 TCPIOHandler::TCPIOHandler(int, timeval const&, std::shared_ptr<TLSCtx>, long) /work/pdns/pdns/dnsdistdist/tcpiohandler.hh:246 (dnsdist+0x88c24f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #4 IncomingTCPConnectionState::IncomingTCPConnectionState(ConnectionInfo&&, TCPClientThreadData&, timeval const&) /work/pdns/pdns/dnsdistdist/dnsdist-tcp-upstream.hh:29 (dnsdist+0x88c24f)
    #5 void std::_Construct<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(IncomingTCPConnectionState*, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/stl_construct.h:119 (dnsdist+0x878b1e) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #6 void std::allocator_traits<std::allocator<void> >::construct<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(std::allocator<void>&, IncomingTCPConnectionState*, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/alloc_traits.h:660 (dnsdist+0x878b1e)
    #7 std::_Sp_counted_ptr_inplace<IncomingTCPConnectionState, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<ConnectionInfo, TCPClientThreadData&, timeval&>(std::allocator<void>, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:604 (dnsdist+0x878b1e)
    #8 std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<IncomingTCPConnectionState, std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(IncomingTCPConnectionState*&, std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:971 (dnsdist+0x878b1e)
    #9 std::__shared_ptr<IncomingTCPConnectionState, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:1712 (dnsdist+0x878b1e)
    #10 std::shared_ptr<IncomingTCPConnectionState>::shared_ptr<std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr.h:464 (dnsdist+0x878b1e)
    #11 std::shared_ptr<std::enable_if<!std::is_array<IncomingTCPConnectionState>::value, IncomingTCPConnectionState>::type> std::make_shared<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr.h:1010 (dnsdist+0x878b1e)
    #12 handleIncomingTCPQuery /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:1118 (dnsdist+0x878b1e)
    #13 void std::__invoke_impl<void, void (*&)(int, boost::any&), int, boost::any&>(std::__invoke_other, void (*&)(int, boost::any&), int&&, boost::any&) /usr/include/c++/13.2.1/bits/invoke.h:61 (dnsdist+0x32d951) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #14 std::enable_if<is_invocable_r_v<void, void (*&)(int, boost::any&), int, boost::any&>, void>::type std::__invoke_r<void, void (*&)(int, boost::any&), int, boost::any&>(void (*&)(int, boost::any&), int&&, boost::any&) /usr/include/c++/13.2.1/bits/invoke.h:111 (dnsdist+0x32d951)
    #15 std::_Function_handler<void (int, boost::any&), void (*)(int, boost::any&)>::_M_invoke(std::_Any_data const&, int&&, boost::any&) /usr/include/c++/13.2.1/bits/std_function.h:290 (dnsdist+0x32d951)
    #16 std::function<void (int, boost::any&)>::operator()(int, boost::any&) const /usr/include/c++/13.2.1/bits/std_function.h:591 (dnsdist+0x98fc0f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #17 EpollFDMultiplexer::run(timeval*, int) /work/pdns/pdns/dnsdistdist/epollmplexer.cc:190 (dnsdist+0x98fc0f)
    #18 tcpClientThread /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:1251 (dnsdist+0x86cb7f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #19 void std::__invoke_impl<void, void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(std::__invoke_other, void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/invoke.h:61 (dnsdist+0x87aab1) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #20 std::__invoke_result<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >::type std::__invoke<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/invoke.h:96 (dnsdist+0x87aab1)
    #21 void std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) /usr/include/c++/13.2.1/bits/std_thread.h:292 (dnsdist+0x87aab1)
    #22 std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::operator()() /usr/include/c++/13.2.1/bits/std_thread.h:299 (dnsdist+0x87aab1)
    #23 std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > > >::_M_run() /usr/include/c++/13.2.1/bits/std_thread.h:244 (dnsdist+0x87aab1)
    #24 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104 (libstdc++.so.6+0xe1942) (BuildId: 207eb738c5976dd9aac1ae0640fc4de5946b547e)

  Previous write of size 4 at 0x55a12bf3d758 by thread T3:
    #0 OpenSSLTLSConnection::OpenSSLTLSConnection(int, timeval const&, std::shared_ptr<OpenSSLFrontendContext>) /work/pdns/pdns/dnsdistdist/tcpiohandler.cc:88 (dnsdist+0x97ed98) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #1 std::__detail::_MakeUniq<OpenSSLTLSConnection>::__single_object std::make_unique<OpenSSLTLSConnection, int&, timeval const&, std::shared_ptr<OpenSSLFrontendContext>&>(int&, timeval const&, std::shared_ptr<OpenSSLFrontendContext>&) /usr/include/c++/13.2.1/bits/unique_ptr.h:1070 (dnsdist+0x97eff6) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #2 OpenSSLTLSIOCtx::getConnection(int, timeval const&, long) /work/pdns/pdns/dnsdistdist/tcpiohandler.cc:797 (dnsdist+0x97eff6)
    #3 TCPIOHandler::TCPIOHandler(int, timeval const&, std::shared_ptr<TLSCtx>, long) /work/pdns/pdns/dnsdistdist/tcpiohandler.hh:246 (dnsdist+0x88c24f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #4 IncomingTCPConnectionState::IncomingTCPConnectionState(ConnectionInfo&&, TCPClientThreadData&, timeval const&) /work/pdns/pdns/dnsdistdist/dnsdist-tcp-upstream.hh:29 (dnsdist+0x88c24f)
    #5 void std::_Construct<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(IncomingTCPConnectionState*, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/stl_construct.h:119 (dnsdist+0x878b1e) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #6 void std::allocator_traits<std::allocator<void> >::construct<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(std::allocator<void>&, IncomingTCPConnectionState*, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/alloc_traits.h:660 (dnsdist+0x878b1e)
    #7 std::_Sp_counted_ptr_inplace<IncomingTCPConnectionState, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<ConnectionInfo, TCPClientThreadData&, timeval&>(std::allocator<void>, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:604 (dnsdist+0x878b1e)
    #8 std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<IncomingTCPConnectionState, std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(IncomingTCPConnectionState*&, std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:971 (dnsdist+0x878b1e)
    #9 std::__shared_ptr<IncomingTCPConnectionState, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr_base.h:1712 (dnsdist+0x878b1e)
    #10 std::shared_ptr<IncomingTCPConnectionState>::shared_ptr<std::allocator<void>, ConnectionInfo, TCPClientThreadData&, timeval&>(std::_Sp_alloc_shared_tag<std::allocator<void> >, ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr.h:464 (dnsdist+0x878b1e)
    #11 std::shared_ptr<std::enable_if<!std::is_array<IncomingTCPConnectionState>::value, IncomingTCPConnectionState>::type> std::make_shared<IncomingTCPConnectionState, ConnectionInfo, TCPClientThreadData&, timeval&>(ConnectionInfo&&, TCPClientThreadData&, timeval&) /usr/include/c++/13.2.1/bits/shared_ptr.h:1010 (dnsdist+0x878b1e)
    #12 handleIncomingTCPQuery /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:1118 (dnsdist+0x878b1e)
    #13 void std::__invoke_impl<void, void (*&)(int, boost::any&), int, boost::any&>(std::__invoke_other, void (*&)(int, boost::any&), int&&, boost::any&) /usr/include/c++/13.2.1/bits/invoke.h:61 (dnsdist+0x32d951) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #14 std::enable_if<is_invocable_r_v<void, void (*&)(int, boost::any&), int, boost::any&>, void>::type std::__invoke_r<void, void (*&)(int, boost::any&), int, boost::any&>(void (*&)(int, boost::any&), int&&, boost::any&) /usr/include/c++/13.2.1/bits/invoke.h:111 (dnsdist+0x32d951)
    #15 std::_Function_handler<void (int, boost::any&), void (*)(int, boost::any&)>::_M_invoke(std::_Any_data const&, int&&, boost::any&) /usr/include/c++/13.2.1/bits/std_function.h:290 (dnsdist+0x32d951)
    #16 std::function<void (int, boost::any&)>::operator()(int, boost::any&) const /usr/include/c++/13.2.1/bits/std_function.h:591 (dnsdist+0x98fc0f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #17 EpollFDMultiplexer::run(timeval*, int) /work/pdns/pdns/dnsdistdist/epollmplexer.cc:190 (dnsdist+0x98fc0f)
    #18 tcpClientThread /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:1251 (dnsdist+0x86cb7f) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #19 void std::__invoke_impl<void, void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(std::__invoke_other, void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/invoke.h:61 (dnsdist+0x87aab1) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #20 std::__invoke_result<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >::type std::__invoke<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/invoke.h:96 (dnsdist+0x87aab1)
    #21 void std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) /usr/include/c++/13.2.1/bits/std_thread.h:292 (dnsdist+0x87aab1)
    #22 std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::operator()() /usr/include/c++/13.2.1/bits/std_thread.h:299 (dnsdist+0x87aab1)
    #23 std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > > >::_M_run() /usr/include/c++/13.2.1/bits/std_thread.h:244 (dnsdist+0x87aab1)
    #24 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104 (libstdc++.so.6+0xe1942) (BuildId: 207eb738c5976dd9aac1ae0640fc4de5946b547e)

  Location is global 'OpenSSLTLSConnection::s_tlsConnIndex' of size 4 at 0x55a12bf3d758 (dnsdist+0xc49758)

  Thread T4 'dnsdist/tcpClie' (tid=120471, running) created by main thread at:
    #0 pthread_create /usr/src/debug/gcc/gcc/libsanitizer/tsan/tsan_interceptors_posix.cpp:1036 (libtsan.so.2+0x44219) (BuildId: 7e8fcb9ed0a63b98f2293e37c92ac955413efd9e)
    #1 __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 (libstdc++.so.6+0xe1a29) (BuildId: 207eb738c5976dd9aac1ae0640fc4de5946b547e)
    #2 std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:172 (libstdc++.so.6+0xe1a29)
    #3 TCPClientCollection::addTCPClientThread(std::vector<ClientState*, std::allocator<ClientState*> >&) /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:149 (dnsdist+0x8685a1) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #4 TCPClientCollection::TCPClientCollection(unsigned long, std::vector<ClientState*, std::allocator<ClientState*> >) /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:126 (dnsdist+0x868912) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #5 std::__detail::_MakeUniq<TCPClientCollection>::__single_object std::make_unique<TCPClientCollection, unsigned long&, std::vector<ClientState*, std::allocator<ClientState*> > >(unsigned long&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/unique_ptr.h:1070 (dnsdist+0x20adef) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #6 main /work/pdns/pdns/dnsdistdist/dnsdist.cc:2865 (dnsdist+0x20adef)

  Thread T3 'dnsdist/tcpClie' (tid=120470, running) created by main thread at:
    #0 pthread_create /usr/src/debug/gcc/gcc/libsanitizer/tsan/tsan_interceptors_posix.cpp:1036 (libtsan.so.2+0x44219) (BuildId: 7e8fcb9ed0a63b98f2293e37c92ac955413efd9e)
    #1 __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663 (libstdc++.so.6+0xe1a29) (BuildId: 207eb738c5976dd9aac1ae0640fc4de5946b547e)
    #2 std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:172 (libstdc++.so.6+0xe1a29)
    #3 TCPClientCollection::addTCPClientThread(std::vector<ClientState*, std::allocator<ClientState*> >&) /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:149 (dnsdist+0x8685a1) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #4 TCPClientCollection::TCPClientCollection(unsigned long, std::vector<ClientState*, std::allocator<ClientState*> >) /work/pdns/pdns/dnsdistdist/dnsdist-tcp.cc:126 (dnsdist+0x868912) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #5 std::__detail::_MakeUniq<TCPClientCollection>::__single_object std::make_unique<TCPClientCollection, unsigned long&, std::vector<ClientState*, std::allocator<ClientState*> > >(unsigned long&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/13.2.1/bits/unique_ptr.h:1070 (dnsdist+0x20adef) (BuildId: ad82581368352777fda41d4b4145ba8ec738044c)
    #6 main /work/pdns/pdns/dnsdistdist/dnsdist.cc:2865 (dnsdist+0x20adef)

SUMMARY: ThreadSanitizer: data race /work/pdns/pdns/dnsdistdist/tcpiohandler.cc:106 in OpenSSLTLSConnection::OpenSSLTLSConnection(int, timeval const&, std::shared_ptr<OpenSSLFrontendContext>)
```

(cherry picked from commit b56f05b6d81d64cc11f389e2b08d070c1b912ce7)

Merge pull request #13122 from rgacogne/ddist18-auto-include-ffi-inspection

dnsdist-1.8.x: Automatically load Lua FFI inspection functions

dnsdist: add dnsdist-lua-inspection-ffi.h to dist tarballs

(cherry picked from commit 46de63a6feb237e39b444c80ba82b57c4635ae52)

Merge pull request #13123 from rgacogne/ddist18-declare-custom-metrics-at-runtime

dnsdist-1.8.x: Allow declaring custom metrics at runtime

Merge pull request #13118 from rgacogne/ddist18-fix-dnsdistconf-grp-rpm

dnsdist-1.8.x: Fix the group of the dnsdist.conf file when installed via RPM

Merge pull request #13133 from rgacogne/ddist18-tsig-qtype

dnsdist-1.8.x: Make DNSQType.TSIG available in dnsdist

Merge pull request #13116 from rgacogne/ddist18-discovery-short-read

dnsdist-1.8.x: Properly handle short reads on backend upgrade discovery

Merge pull request #13132 from rgacogne/ddist18-12801-SpoofAction

dnsdist-1.8x: SpoofAction: copy the QClass from the request

Merge pull request #13131 from rgacogne/ddist18-fix-pool-cache-metrics

dnsdist-1.8.x: Fix cache hit and miss metrics with DoH queries

Merge pull request #13130 from rgacogne/ddist18-ossl3-ticket-leak

dnsdist-1.8.x: Fix a memory leak when processing TLS tickets w/ OpenSSL 3.x

Merge pull request #13129 from rgacogne/ddist18-wait-reconnect

dnsdist-1.8.x: Properly handle reconnection failure for backend UDP sockets

Merge pull request #13128 from rgacogne/ddist18-12840-fix-console-desc

dnsdist-1.8.x: Fix the console description of PoolAction and QPSPoolAction

Merge pull request #13127 from rgacogne/ddist18-yahttp-fuzz-overflow

dnsdist-1.8.x: YaHTTP: Prevent integer overflow on very large chunks

Merge pull request #13126 from rgacogne/ddist18-async-test-racy

dnsdist-1.8.x: Remove a racy test in the AsynchronousHolder unit tests

Merge pull request #13125 from rgacogne/ddist18-increment-dyn-blocked-ebpf

dnsdist-1.8.x: Increment the "dyn blocked" counter for eBPF blocks as well

Merge pull request #13124 from rgacogne/ddist18-12916-docker-webserver

dnsdist-1.8.x: Fix webserver config template for our docker container

Merge pull request #13121 from rgacogne/ddist18-fix-crypto-detection-deprecated

dnsdist-1.8.x: Stop using the now deprecated ERR_load_CRYPTO_strings() to detect OpenSSL

Merge pull request #13120 from rgacogne/ddist18-libeditr

dnsdist-1.8.x: fix typo libeditr -> libedit

Merge pull request #13119 from rgacogne/ddist18-doing-red-hat-job-myself

dnsdist-1.8.x: Work around Red Hat 8 pooping the bed in OpenSSL's headers

Merge pull request #13117 from rgacogne/ddist18-12738-disableZeroScope

dnsdist-1.8.x: Undo an accidentally change of disableZeroScope to disableZeroScoping

dnsdist: Remove a second useless check, useless static casts

(cherry picked from commit 6f0a2aec1d935a59f71ac8dfb6b8c174726071c2)

coverity CID 398388: useless <0 check on unsigned value

(cherry picked from commit d86200ac489e08be1831b524d2268b2a1b0f222f)

Merge pull request #13150 from rgacogne/ddist18-fix-frontend-metrics-recvmmsg

dnsdist-1.8.x: Properly record self-answered UDP responses with recvmmsg

dnsdist: Properly record self-answered UDP responses with recvmmsg

Responses sent directly from dnsdist, without reaching out to a backend
(self-generated and cache hits answers, mostly) where not properly
accounted for in frontend metrics, ring buffer entries and latency
computation when recvmmsg/sendmmsg support was enabled via
`setUDPMultipleMessagesVectorSize()`.

(cherry picked from commit 3692220de3633434cb88556132cbb77255440ce3)

auth: Simplify the SQL upgrade condition

(cherry picked from commit bc90e72e012c633f04a2fa52e3f852359aee8a79)

Clarify which types are supported, implemented, meta, etc

(cherry picked from commit 2e63e431478aa4ffbc59b1e821ad755f2b12db9c)

Make DNSQType.TSIG available in dnsdist

(cherry picked from commit f38196e3bc40e3cc2ca67dc9cafa8c611d012978)

fix #12801 + regression test

(cherry picked from commit 6bb404b627442d64b829edcffcc9f5fbc4987eb4)

dnsdist: Fix a boolean nit as suggested by Otto

(cherry picked from commit 2c9b6e8915304b24996e9382ba1e8a36713b5da4)

dnsdist: Fix cache hit and miss metrics with DoH queries

Since we do two lookups for DoH queries forwarded over UDP (first
TCP then UDP), we need to be careful to only record a cache miss
in our last attempt.

(cherry picked from commit bc4d98b7cb2ecad488560d1dbef156708a1166af)

libssl: Fix a memory leak when processing TLS tickets w/ OpenSSL 3.x

(cherry picked from commit 0a18d0349145ae0c49b6dfef0be58bde925c4806)

dnsdist: Add a TSAN suppression for the backend re-connection code

(cherry picked from commit 0d199b6529f5c410d6014bf3058c717b57625553)

dnsdist: check that the UDP responder thread is running after reconnecting

(cherry picked from commit bb1ace1fedca0f6bdd2a962514cd5a6491f3c703)

dnsdist: Only log failed backend connection attempt at info on first try

(cherry picked from commit 3de50c36895bc12a8555066f376e70320166c73e)

dnsdist: Properly handle reconnection failure for backend UDP sockets

We try to reconnect our UDP sockets toward backends on some kind of
network errors that indicate a topology change, but we need to be
careful to handle the case where we actually fail to reconnect, as
we end up with no remaining sockets to use.
This commit properly deals with this case by pausing the thread handling
UDP responses from the backend, instead of having it enter a busy loop,
and by attempting to reconnect if we get a `bad file number` error when
trying to send a UDP datagram to the backend.

(cherry picked from commit 541b8df1fc0773549a76c8de13fb1123baba8bda)

Update dnsdist-console.cc

(cherry picked from commit 6f1bb66b685ea467e94d6b06f443186e0dd80afd)

YaHTTP: Prevent integer overflow on very large chunks

If the chunk_size is very close to the maximum value of an integer,
we trigger an integer overflow when checking if we have a trailing
newline after the payload.
Reported by OSS-Fuzz as:
https://oss-fuzz.com/testcase-detail/6439610474692608
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56804

(cherry picked from commit b602982fc5b4fb9139dec591541e0c070ceb47f5)

dnsdist: Remove a racy test in the AsynchronousHolder unit tests

We are adding an expired event so the worker thread of the
AsynchronousHolder can pick it up immediately, even before we come
back from the call to push(), which leads to a racy test.
This was observed on GitHub Actions when running with TSAN:
```
FAIL: testrunner
================

Running 170 test cases...
test-dnsdistasync.cc(156): error: in "test_dnsdistasync/test_AddingExpiredEvent": check !holder->empty() has failed

*** 1 failure is detected in the test module "unit"
FAIL testrunner (exit status: 201)
```

(cherry picked from commit 35bbac75efbd4fb8a9523ab3974bea5507484f65)

dnsdist: Increment the "dyn blocked" counter for eBPF blocks as well

Regular, userspace blocks increment the "dyn blocked" counter for every
dropped query. The eBPF blocks are executed in kernelspace and thus do
not increment that counter at all, which makes it challenging for
reporting to do its job. On the other hand we want our eBPF code to
be as efficient as possible since it is used when performance really
matters.
This commit updates the counter when a eBPF dynamic block is removed,
which is a compromise between the performance impact and a slight
reporting delay.

(cherry picked from commit e59686d645ff5d1652f2fdef109fff5d98d70ea2)

dnsdist: Fix indentation in dnsdist-metrics.{cc,hh}

Update dockerdata/startup.py

Co-authored-by: Remi Gacogne <github@coredump.fr>
(cherry picked from commit b9e82a462fae4cf5979de3e13c68a9af2ca169c8)

fixed the webserver config line?

(cherry picked from commit fa8766c59d2cdf05d86c2dd2ea21018524b35609)

dnsdist: Fix the initial value of the custom gauge in our tests

Thanks Otto!

(cherry picked from commit 55361195cb8d1f6c4a6e32e2504996bec67a23b4)

dnsdist: Implement a FFI method to declare a new custom metric

(cherry picked from commit 67cbba12a6e203d17f1286421d8acfc1b13559d1)

dnsdist: Allow declaring custom metrics at runtime

Also fixes a bug in the prometheus HELP and TYPE messages for custom
metrics with labels, and adds a method to increment a counter by more
than one.

(cherry picked from commit 54c1bc22f3ae1af76253efa7ba859601d6d6c45e)

dnsdist: Automatically load Lua FFI inspection functions

We used to do that for all Lua FFI functions except the ones used
for inspecting StatNode objects.

(cherry picked from commit b4fbe20d867d6f97f282f6e17d71e7e0a1346659)

Stop using the now deprecated ERR_load_CRYPTO_strings() to detect OpenSSL

And move to BN_new() instead, which has been present since at least
0.9.6 and is still in 3.1.

(cherry picked from commit 9fcef4932c9323b085984f8a087045fef70103f5)

dnsdist: fix typo

(cherry picked from commit d9b4683e38076cbf8a2bcd79ebf1f7c5da88ac00)

Work around Red Hat 8 pooping the bed in OpenSSL's headers

The openssl/kdf.h header on EL8 is invalid because someone backported
a work-in-progress feature to an older OpenSSL branch and did not
bother to backport the fixes that were added later.

Red Hat declined to fix their mess and helpfully suggested we do the
work instead in https://bugzilla.redhat.com/show_bug.cgi?id=2215856

(cherry picked from commit 3dabf2d4a1a478fb00a232259e8043f075eb4d03)

dnsdist: Fix the group of the dnsdist.conf file when installed via RPM

I _hope_ the `%attr` directive does the right thing, based on
http://ftp.rpm.org/max-rpm/s1-rpm-anywhere-specifying-file-attributes.html
I'm using this directive instead of calling `chgrp` in `%post` because
I'm told using `chgrp` would make `verify` complain about the ownership later.

(cherry picked from commit 32c478585461060b993a414e074daea47de94b80)