Tony Finch [Fri, 9 Jun 2023 12:58:41 +0000 (13:58 +0100)]
A semantic patch to refactor isc_mem_cget and friends
The aim is to match unsafe patterns of allocation size arithmetic
and turn them into safe calls to the new `isc_mem_cget()`,
`isc_mem_creget()`, and `isc_mem_cput()`.
Ondřej Surý [Wed, 23 Aug 2023 06:56:22 +0000 (08:56 +0200)]
Checked array allocation arithmetic with isc_mem_get and friends
Add new isc_mem_cget(), isc_mem_creget(), and isc_mem_cput() macros to
complement the isc_mem_callocate() (which works like calloc()).
The overflow checks are implemented as macros in the <isc/mem.h>, so
that the compiler can see that the element size is constant: it should
always be `sizeof(something)`.
Matthijs Mekking [Tue, 22 Aug 2023 09:45:41 +0000 (11:45 +0200)]
Fix keys reference link in ARM
There's a statement that says: "Here is an example (for illustration
purposes only) of some possible entries in a [keys] list:", and that
links to the wrong "keys" statement (it links to the TSIG keys section).
Remove the reference, as we are already in the right section.
Michal Nowak [Tue, 29 Aug 2023 08:44:18 +0000 (10:44 +0200)]
Install Sphinx tools versions from BIND 9 repository
The doc/arm/requirements.txt file is the single source of truth when it
comes to Sphinx tools versions used to build documentation via
util/release-tarball-comparison.sh.
Aram Sargsyan [Wed, 23 Aug 2023 11:50:02 +0000 (11:50 +0000)]
Reset the 'result' before using it again
The 'result' variable should be reset to ISC_R_NOTFOUND again,
because otherwise a log message could be logged about not being
able to get the TLS configuration based on on the 'result' value
from the previous calls to get the TSIG key.
Matthijs Mekking [Thu, 24 Aug 2023 09:33:05 +0000 (11:33 +0200)]
After cache flush, restore serve-stale settings
When flushing the cache, we create a new cache database. The serve-stale
settings need to be restored after doing this. We already did this
for max-stale-ttl, but forgot to do this for stale-refresh-time.
Mark Andrews [Tue, 4 Jul 2023 01:57:56 +0000 (11:57 +1000)]
Set the modification time of the zone file after dumping
For secondary, mirror and redirect zones the expiry time is set
from the zone file's modification time on restart. As zone dumping
take time, set the modification time of the zone file to the expire
time less the expire interval.
Mark Andrews [Thu, 29 Jun 2023 07:25:15 +0000 (17:25 +1000)]
Allow EDNS to be used when making requests in xfrin
This allow for the EDNS options EXPIRE and NSID to be sent when
when making requests. The existing controls controlling whether
EDNS is used and whether EXPIRE or NSID are sent are honoured.
Adjust the expected byte counts in the xfer system test to reflect
the EDNS overhead. Adjust the dig call to match named's behavior
(don't set +expire as we are talking to a secondary).
Aram Sargsyan [Wed, 30 Aug 2023 12:06:19 +0000 (12:06 +0000)]
Use isc_loop_now() instead of uv_hrtime() for timestamps
The resolution of the uv_hrtime() function is bigger than the
intervals used in the timers, which can result in an unexpected
difference between the start_time and stop_time variables.
Use isc_loop_now(), which is based on uv_now() and has the same
milliseconds resolution as the functions in the uv_timer_t API.
Mark Andrews [Mon, 28 Aug 2023 06:25:16 +0000 (16:25 +1000)]
Silence CID 464884 (REVERSE_INULL)
*** CID 464884: Null pointer dereferences (REVERSE_INULL)
/bin/tests/system/dyndb/driver/db.c: 644 in create_db()
638
639 *dbp = (dns_db_t *)sampledb;
640
641 return (ISC_R_SUCCESS);
642
643 cleanup:
CID 464884: Null pointer dereferences (REVERSE_INULL)
Null-checking "sampledb" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
644 if (sampledb != NULL) {
645 if (dns_name_dynamic(&sampledb->common.origin)) {
646 dns_name_free(&sampledb->common.origin, mctx);
647 }
648
649 isc_mem_putanddetach(&sampledb->common.mctx, sampledb,
Mark Andrews [Mon, 28 Aug 2023 01:53:21 +0000 (11:53 +1000)]
rr_exists should not error if the name does not exist
rr_exists errored if the name did not exist in the zone. This was
not an issue prior to the addition of krb5-subdomain-self-rhs and
ms-subdomain-self-rhs as the only name used was the zone name which
always existed.
Timo Teräs [Wed, 9 Aug 2023 13:39:08 +0000 (16:39 +0300)]
Rework opensslecdsa_link to handle legacy key objects w/ openssl3
Due to bug in openssl3, the pkcs11-engine is made the default
provider if enabled. This causes key generation and load to
return legacy objects.
Openssl3 has limited glue and does not support the full set
of new style parameter to be inqueried from legacy key objects
Rewrite required functions to use first the new API (if available),
but fallback to the old API (if available). For the methods that
have proper OpenSSL compatiblity glue, ship only one version.
Aram Sargsyan [Tue, 22 Aug 2023 12:18:09 +0000 (12:18 +0000)]
Fix a condition in isc_dnsstream_assembler_incoming()
Before calling isc_buffer_putmem(), there is a condition to check
that 'buf_size' is greater than 0. At this point 'buf_size' is
guaranteed to be greater than zero, so either the condition is
redundant, or 'unprocessed_size' should be checked instead, which
seems more logical, because calling isc_buffer_putmem() with
'unprocessed_size' being zero is not useful, although harmless.
Aram Sargsyan [Tue, 22 Aug 2023 12:10:40 +0000 (12:10 +0000)]
Handle cases when buf_size is zero
The isc_dnsstream_assembler_incoming() inline function expects that
when 'buf_size' is zero, then 'buf' must be NULL. The expectation is
not correct, because those values come from the libuv read callback,
and its documentation notes[1] that 'nread' ('buf_size' here) might
be 0, which does not indicate an error or EOF, but is equivalent to
EAGAIN or EWOULDBLOCK under read(2).
Change the isc_dnsstream_assembler_incoming() inline function to
remove the invalid expectation.
Ondřej Surý [Mon, 21 Aug 2023 15:53:15 +0000 (17:53 +0200)]
Split the CPU architectures into more categories
Move i386 and other less common or ancient CPU architectures to
Community-Maintened category. Move armhf and arm64 to the Best-Effort
category as we do test them as part of development work (new MacBooks
are all arm64), we don't really do full set of tests in the CI.
Ondřej Surý [Thu, 17 Aug 2023 10:39:10 +0000 (12:39 +0200)]
Refactor cleanup code in the qp-trie for the forwarders table
Instead of duplicating the destroy_forwarders() code in the cleanup
sections, just call dns_forwarders_detach() every time - in case of
failure, the forwarders aren't going to be attached, and forwarders
object will be destroyed right away.
Tony Finch [Thu, 8 Jun 2023 11:57:32 +0000 (12:57 +0100)]
Remove some unnecessary token pasting macrology
There used to be an extra layer of indirection in the memory functions
for certain dynamic linking scenarios. This involved variant spellings
like isc__mem and isc___mem. The isc___mem variants were removed in
commit 7de846977b2a4fd3 so the token pasting is no longer needed and
only serves to obfuscate.
Tom Krizek [Tue, 22 Aug 2023 16:49:55 +0000 (18:49 +0200)]
Allow re-runs of rrl system test
The rrl system test has been unstable and producing false positive
results for years (GL #172). Allow the test to be re-run (once) to
reduce the noise it causes.
Tom Krizek [Tue, 22 Aug 2023 16:46:05 +0000 (18:46 +0200)]
Allow re-runs of reclimit system test
The reclimit system test has been unstable and producing false positive
results for years (GL #1587). Allow the test to be re-run (once) to
reduce the noise it causes.
Tom Krizek [Tue, 22 Aug 2023 16:39:51 +0000 (18:39 +0200)]
Allow re-runs of qmin system test
The qmin test is inherently unstable. It fails quite often with failure
modes described in GL #904. Allow the pytest runner to re-run the test
up to 3 times to only detect a more persistent and reproducible failures
rather than random noise caused by the nature of the test.
Tom Krizek [Tue, 22 Aug 2023 15:59:16 +0000 (17:59 +0200)]
Disable loadtime check in statschannel test
It is better to disable the specific check that causes the test to fail
rather than mark the entire test as xfail, which can mask other issues
which the test is capable of detecting.
Tom Krizek [Tue, 22 Aug 2023 15:26:14 +0000 (17:26 +0200)]
ci: fix after_script for out-of-tree tests
The commands in after_script run in a new shell, separate from
before_script and script commands. Since the pytest.log.txt is for out
of tree tests is present in the build directory, switch to it (if set)
before running any postprocessing commands.
Ondřej Surý [Wed, 23 Aug 2023 05:40:20 +0000 (07:40 +0200)]
Regenerate the DTrace generated files on configure change
The DTrace generated files were missing dependency on the Makefile, so
they didn't get regenerated when ./configure was re-run. This would
create problem especially between ./configure --enable-tracing vs
./configure --disable-tracing invocations.
Ondřej Surý [Wed, 23 Aug 2023 05:33:50 +0000 (07:33 +0200)]
Don't generate the probes.lo on macOS
The DTrace on macOS only needs header file and the dtrace command
doesn't have the -G option. Skip generating the object file on macOS,
so the build doesn't fail.
Evan Hunt [Fri, 19 May 2023 05:02:06 +0000 (22:02 -0700)]
prevent query_coveringnsec() from running twice
when synthesizing a new CNAME, we now check whether the target
matches the query already being processed. if so, we do not
restart the query; this prevents a waste of resources.
Tom Krizek [Wed, 9 Aug 2023 13:42:05 +0000 (15:42 +0200)]
ci: Disable dnsrps for respdiff jobs compiled with ASAN/TSAN
The dnsrps build assumes that dlopen is available from libc. This
assumption isn't met when attempting to build with address or thread
sanitizer on debian (bullseye, bookworm). Disable dnsrps build to avoid
the issue, since it's not needed anyway for our respdiff tests.
Tom Krizek [Mon, 7 Aug 2023 14:59:11 +0000 (16:59 +0200)]
Compile system test binaries during make
Using check_PROGRAMS would postpone compiling the binaries needed by
system tests until `make check` would be called. Since it's preferable
to invoke pytest directly to run the system test suite, compile these
binaries without installing them during `make all` instead by using
noinst_PROGRAMS.
This removes the need to use TESTS= make -e check hack invoked from
pytest to work around this issue.
Ondřej Surý [Mon, 14 Aug 2023 12:24:52 +0000 (14:24 +0200)]
Add zone name to the LIBDNS_XFRIN probes
We already print the formatted zone name via the xfrin_log() function,
generate the text once and store it in xfr->info static buffer. Then we
can reuse the string to pass it to the LIBDNS_XFRIN probes.
Ondřej Surý [Tue, 31 Jan 2023 09:14:21 +0000 (10:14 +0100)]
Add tracing probes to the dns_xfrin unit
Add tracing probes to incoming transfers, so we can accurately measure
the individual events when sending, receiving and parsing the incoming
transfers.
Ondřej Surý [Mon, 30 Jan 2023 14:42:20 +0000 (15:42 +0100)]
Add tracing probes to the custom isc_rwlock implementation
Add tracing probes to ISC own isc_rwlock implementation to allow
fine-grained tracing. The pthread rwlock already has probes inside
glibc, and it's difficult to add probes to headers included from the
other libraries.
Ondřej Surý [Mon, 30 Jan 2023 14:36:49 +0000 (15:36 +0100)]
Add support for User Statically Defined Tracing (USDT) probes
This adds support for User Statically Defined Tracing (USDT). On
Linux, this uses the header from SystemTap and dtrace utility, but the
support is universal as long as dtrace is available.
Also add the required infrastructure to add probes to libisc, libdns and
libns libraries, where most of the probes will be.