- 6322. [placeholder]
+6345. [bug] Added missing dns_rdataset_disassociate calls in
+ validator.c:findnsec3proofs. [GL #4571]
+
+6344. [bug] Fix case insensitive setting for isc_ht hashtable.
+ [GL #4568]
+
+6343. [placeholder]
+
+6342. [placeholder]
+
+6341. [bug] Address use after free in ccmsg_senddone. [GL #4549]
+
+6340. [test] Fix incorrectly reported errors when running tests
+ with `make test` on platforms with older pytest.
+ [GL #4560]
+
+6339. [bug] The alignas() can't be used on types larger than
+ max_align_t; instead add padding into the structures
+ where we want avoid false memory sharing. [GL #4187]
+
+6338. [func] Optimize slabheader placement, so the infrastructure
+ records are put in the beginning of the slabheader
+ linked list. [GL !8675]
+
+6337. [bug] Nsupdate could assert while shutting down. [GL #4529]
+
+6336. [func] Expose the zones with the 'first refresh' flag set in
+ statistics channel's "Incoming Zone Transfers" section
+ to indicate the zones that are not yet fully ready, and
+ their first refresh is pending or is in-progress. Also
+ expose the number of such zones in the output of the
+ 'rndc status' command. [GL #4241]
+
+6335. [func] The 'dnssec-validation yes' option now requires an
+ explicitly configured 'trust-anchors' statement (or
+ 'managed-keys' or 'trusted-keys' statements, both
+ deprecated). [GL #4373]
+
+6334. [doc] Improve ARM parental-agents definition. [GL #4531]
+
+6333. [bug] Fix the DNS_GETDB_STALEFIRST flag, which was defined
+ incorrectly in lib/ns/query.c. [GL !8683]
+
+6332. [bug] Range-check the arguments to fetch-quota-param.
+ [GL #362]
+
+6331. [func] Add HSM support for dnssec-policy. You can now
+ configure keys with a key-store that allows you to
+ set the directory to store key files and to set a
+ PKCS #11 URI string. [GL #1129]
+
+6330. [doc] Update ZSK minimum lifetime documentation in ARM, also
+ depends on signing delay. [GL #4510]
+
+6329. [func] Nsupdate can now set the UL EDNS option when sending
+ UPDATE requests. [GL #4419]
+
+6328. [func] Add workaround to enforce dynamic linker to pull
+ jemalloc earlier than libc to ensure all memory
+ allocations are done via jemalloc. [GL #4404]
+
+6327. [func] Expose the TCP client count in statistics channel.
+ [GL #4425]
+
+6326. [bug] Changes to "listen-on" statements were ignored on
+ reconfiguration unless the port or interface address was
+ changed, making it impossible to change a related
+ listener transport type. Thanks to Thomas Amgarten.
+ [GL #4518] [GL #4528]
+
+6325. [func] The 'tls' block was extended with a new
+ 'cipher-suites' option that allows setting
+ allowed cipher suites for TLSv1.3.
+ [GL #3504]
+
+6324. [bug] Fix a possible crash in 'dig +nssearch +nofail' and
+ 'host -C' commands when one of the name servers returns
+ SERVFAIL. [GL #4508]
+
+ --- 9.19.21 released ---
+
+6323. [placeholder]
+
+ 6322. [security] Specific DNS answers could cause a denial-of-service
+ condition due to DNS validation taking a long time.
+ (CVE-2023-50387) [GL #4424]
- 6321. [placeholder]
+ 6321. [security] Change 6315 inadvertently introduced regressions that
+ could cause named to crash. [GL #4234]
- 6319. [placeholder]
+6320. [placeholder]
+
+ --- 9.19.20 released ---
+
+ 6319. [func] Limit isc_async_run() overhead for RBTDB tree pruning.
+ [GL #4383]
6318. [placeholder]
--- /dev/null
- /*%
- * Prune context
- */
- typedef struct {
- dns_db_t *db;
- dns_dbnode_t *node;
- } db_prune_t;
-
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#pragma once
+
+#include <isc/heap.h>
+#include <isc/lang.h>
+#include <isc/urcu.h>
+
+#include <dns/nsec3.h>
+#include <dns/rbt.h>
+#include <dns/types.h>
+
+#define RDATATYPE_NCACHEANY DNS_TYPEPAIR_VALUE(0, dns_rdatatype_any)
+
+#ifdef STRONG_RWLOCK_CHECK
+#define STRONG_RWLOCK_CHECK(cond) REQUIRE(cond)
+#else
+#define STRONG_RWLOCK_CHECK(cond)
+#endif
+
+#define NODE_INITLOCK(l) isc_rwlock_init((l))
+#define NODE_DESTROYLOCK(l) isc_rwlock_destroy(l)
+#define NODE_LOCK(l, t, tp) \
+ { \
+ STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_none); \
+ RWLOCK((l), (t)); \
+ *tp = t; \
+ }
+#define NODE_UNLOCK(l, tp) \
+ { \
+ STRONG_RWLOCK_CHECK(*tp != isc_rwlocktype_none); \
+ RWUNLOCK(l, *tp); \
+ *tp = isc_rwlocktype_none; \
+ }
+#define NODE_RDLOCK(l, tp) NODE_LOCK(l, isc_rwlocktype_read, tp);
+#define NODE_WRLOCK(l, tp) NODE_LOCK(l, isc_rwlocktype_write, tp);
+#define NODE_TRYLOCK(l, t, tp) \
+ ({ \
+ STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_none); \
+ isc_result_t _result = isc_rwlock_trylock(l, t); \
+ if (_result == ISC_R_SUCCESS) { \
+ *tp = t; \
+ }; \
+ _result; \
+ })
+#define NODE_TRYRDLOCK(l, tp) NODE_TRYLOCK(l, isc_rwlocktype_read, tp)
+#define NODE_TRYWRLOCK(l, tp) NODE_TRYLOCK(l, isc_rwlocktype_write, tp)
+#define NODE_TRYUPGRADE(l, tp) \
+ ({ \
+ STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_read); \
+ isc_result_t _result = isc_rwlock_tryupgrade(l); \
+ if (_result == ISC_R_SUCCESS) { \
+ *tp = isc_rwlocktype_write; \
+ }; \
+ _result; \
+ })
+#define NODE_FORCEUPGRADE(l, tp) \
+ if (NODE_TRYUPGRADE(l, tp) != ISC_R_SUCCESS) { \
+ NODE_UNLOCK(l, tp); \
+ NODE_WRLOCK(l, tp); \
+ }
+
+#define TREE_INITLOCK(l) isc_rwlock_init(l)
+#define TREE_DESTROYLOCK(l) isc_rwlock_destroy(l)
+#define TREE_LOCK(l, t, tp) \
+ { \
+ STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_none); \
+ RWLOCK(l, t); \
+ *tp = t; \
+ }
+#define TREE_UNLOCK(l, tp) \
+ { \
+ STRONG_RWLOCK_CHECK(*tp != isc_rwlocktype_none); \
+ RWUNLOCK(l, *tp); \
+ *tp = isc_rwlocktype_none; \
+ }
+#define TREE_RDLOCK(l, tp) TREE_LOCK(l, isc_rwlocktype_read, tp);
+#define TREE_WRLOCK(l, tp) TREE_LOCK(l, isc_rwlocktype_write, tp);
+#define TREE_TRYLOCK(l, t, tp) \
+ ({ \
+ STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_none); \
+ isc_result_t _result = isc_rwlock_trylock(l, t); \
+ if (_result == ISC_R_SUCCESS) { \
+ *tp = t; \
+ }; \
+ _result; \
+ })
+#define TREE_TRYRDLOCK(l, tp) TREE_TRYLOCK(l, isc_rwlocktype_read, tp)
+#define TREE_TRYWRLOCK(l, tp) TREE_TRYLOCK(l, isc_rwlocktype_write, tp)
+#define TREE_TRYUPGRADE(l, tp) \
+ ({ \
+ STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_read); \
+ isc_result_t _result = isc_rwlock_tryupgrade(l); \
+ if (_result == ISC_R_SUCCESS) { \
+ *tp = isc_rwlocktype_write; \
+ }; \
+ _result; \
+ })
+#define TREE_FORCEUPGRADE(l, tp) \
+ if (TREE_TRYUPGRADE(l, tp) != ISC_R_SUCCESS) { \
+ TREE_UNLOCK(l, tp); \
+ TREE_WRLOCK(l, tp); \
+ }
+
+#define IS_STUB(db) (((db)->common.attributes & DNS_DBATTR_STUB) != 0)
+#define IS_CACHE(db) (((db)->common.attributes & DNS_DBATTR_CACHE) != 0)
+
+ISC_LANG_BEGINDECLS
+
+struct dns_glue {
+ struct dns_glue *next;
+ dns_fixedname_t fixedname;
+ dns_rdataset_t rdataset_a;
+ dns_rdataset_t sigrdataset_a;
+ dns_rdataset_t rdataset_aaaa;
+ dns_rdataset_t sigrdataset_aaaa;
+
+ isc_mem_t *mctx;
+ struct rcu_head rcu_head;
+};
+
+typedef struct {
+ dns_glue_t *glue_list;
+ dns_db_t *db;
+ dns_dbversion_t *version;
+ dns_name_t *nodename;
+} dns_glue_additionaldata_ctx_t;
+
+typedef struct {
+ isc_rwlock_t lock;
+ /* Protected in the refcount routines. */
+ isc_refcount_t references;
+ /* Locked by lock. */
+ bool exiting;
+} db_nodelock_t;
+
+ISC_LANG_ENDDECLS
projects / thirdparty / bind9.git / commitdiff
