Timo Teräs [Wed, 9 Aug 2023 13:39:08 +0000 (16:39 +0300)]
Rework opensslecdsa_link to handle legacy key objects w/ openssl3
Due to bug in openssl3, the pkcs11-engine is made the default
provider if enabled. This causes key generation and load to
return legacy objects.
Openssl3 has limited glue and does not support the full set
of new style parameter to be inqueried from legacy key objects
Rewrite required functions to use first the new API (if available),
but fallback to the old API (if available). For the methods that
have proper OpenSSL compatiblity glue, ship only one version.
Aram Sargsyan [Tue, 22 Aug 2023 12:18:09 +0000 (12:18 +0000)]
Fix a condition in isc_dnsstream_assembler_incoming()
Before calling isc_buffer_putmem(), there is a condition to check
that 'buf_size' is greater than 0. At this point 'buf_size' is
guaranteed to be greater than zero, so either the condition is
redundant, or 'unprocessed_size' should be checked instead, which
seems more logical, because calling isc_buffer_putmem() with
'unprocessed_size' being zero is not useful, although harmless.
Aram Sargsyan [Tue, 22 Aug 2023 12:10:40 +0000 (12:10 +0000)]
Handle cases when buf_size is zero
The isc_dnsstream_assembler_incoming() inline function expects that
when 'buf_size' is zero, then 'buf' must be NULL. The expectation is
not correct, because those values come from the libuv read callback,
and its documentation notes[1] that 'nread' ('buf_size' here) might
be 0, which does not indicate an error or EOF, but is equivalent to
EAGAIN or EWOULDBLOCK under read(2).
Change the isc_dnsstream_assembler_incoming() inline function to
remove the invalid expectation.
Ondřej Surý [Mon, 21 Aug 2023 15:53:15 +0000 (17:53 +0200)]
Split the CPU architectures into more categories
Move i386 and other less common or ancient CPU architectures to
Community-Maintened category. Move armhf and arm64 to the Best-Effort
category as we do test them as part of development work (new MacBooks
are all arm64), we don't really do full set of tests in the CI.
Ondřej Surý [Thu, 17 Aug 2023 10:39:10 +0000 (12:39 +0200)]
Refactor cleanup code in the qp-trie for the forwarders table
Instead of duplicating the destroy_forwarders() code in the cleanup
sections, just call dns_forwarders_detach() every time - in case of
failure, the forwarders aren't going to be attached, and forwarders
object will be destroyed right away.
Tony Finch [Thu, 8 Jun 2023 11:57:32 +0000 (12:57 +0100)]
Remove some unnecessary token pasting macrology
There used to be an extra layer of indirection in the memory functions
for certain dynamic linking scenarios. This involved variant spellings
like isc__mem and isc___mem. The isc___mem variants were removed in
commit 7de846977b2a4fd3 so the token pasting is no longer needed and
only serves to obfuscate.
Tom Krizek [Tue, 22 Aug 2023 16:49:55 +0000 (18:49 +0200)]
Allow re-runs of rrl system test
The rrl system test has been unstable and producing false positive
results for years (GL #172). Allow the test to be re-run (once) to
reduce the noise it causes.
Tom Krizek [Tue, 22 Aug 2023 16:46:05 +0000 (18:46 +0200)]
Allow re-runs of reclimit system test
The reclimit system test has been unstable and producing false positive
results for years (GL #1587). Allow the test to be re-run (once) to
reduce the noise it causes.
Tom Krizek [Tue, 22 Aug 2023 16:39:51 +0000 (18:39 +0200)]
Allow re-runs of qmin system test
The qmin test is inherently unstable. It fails quite often with failure
modes described in GL #904. Allow the pytest runner to re-run the test
up to 3 times to only detect a more persistent and reproducible failures
rather than random noise caused by the nature of the test.
Tom Krizek [Tue, 22 Aug 2023 15:59:16 +0000 (17:59 +0200)]
Disable loadtime check in statschannel test
It is better to disable the specific check that causes the test to fail
rather than mark the entire test as xfail, which can mask other issues
which the test is capable of detecting.
Tom Krizek [Tue, 22 Aug 2023 15:26:14 +0000 (17:26 +0200)]
ci: fix after_script for out-of-tree tests
The commands in after_script run in a new shell, separate from
before_script and script commands. Since the pytest.log.txt is for out
of tree tests is present in the build directory, switch to it (if set)
before running any postprocessing commands.
Ondřej Surý [Wed, 23 Aug 2023 05:40:20 +0000 (07:40 +0200)]
Regenerate the DTrace generated files on configure change
The DTrace generated files were missing dependency on the Makefile, so
they didn't get regenerated when ./configure was re-run. This would
create problem especially between ./configure --enable-tracing vs
./configure --disable-tracing invocations.
Ondřej Surý [Wed, 23 Aug 2023 05:33:50 +0000 (07:33 +0200)]
Don't generate the probes.lo on macOS
The DTrace on macOS only needs header file and the dtrace command
doesn't have the -G option. Skip generating the object file on macOS,
so the build doesn't fail.
Evan Hunt [Fri, 19 May 2023 05:02:06 +0000 (22:02 -0700)]
prevent query_coveringnsec() from running twice
when synthesizing a new CNAME, we now check whether the target
matches the query already being processed. if so, we do not
restart the query; this prevents a waste of resources.
Tom Krizek [Wed, 9 Aug 2023 13:42:05 +0000 (15:42 +0200)]
ci: Disable dnsrps for respdiff jobs compiled with ASAN/TSAN
The dnsrps build assumes that dlopen is available from libc. This
assumption isn't met when attempting to build with address or thread
sanitizer on debian (bullseye, bookworm). Disable dnsrps build to avoid
the issue, since it's not needed anyway for our respdiff tests.
Tom Krizek [Mon, 7 Aug 2023 14:59:11 +0000 (16:59 +0200)]
Compile system test binaries during make
Using check_PROGRAMS would postpone compiling the binaries needed by
system tests until `make check` would be called. Since it's preferable
to invoke pytest directly to run the system test suite, compile these
binaries without installing them during `make all` instead by using
noinst_PROGRAMS.
This removes the need to use TESTS= make -e check hack invoked from
pytest to work around this issue.
Ondřej Surý [Mon, 14 Aug 2023 12:24:52 +0000 (14:24 +0200)]
Add zone name to the LIBDNS_XFRIN probes
We already print the formatted zone name via the xfrin_log() function,
generate the text once and store it in xfr->info static buffer. Then we
can reuse the string to pass it to the LIBDNS_XFRIN probes.
Ondřej Surý [Tue, 31 Jan 2023 09:14:21 +0000 (10:14 +0100)]
Add tracing probes to the dns_xfrin unit
Add tracing probes to incoming transfers, so we can accurately measure
the individual events when sending, receiving and parsing the incoming
transfers.
Ondřej Surý [Mon, 30 Jan 2023 14:42:20 +0000 (15:42 +0100)]
Add tracing probes to the custom isc_rwlock implementation
Add tracing probes to ISC own isc_rwlock implementation to allow
fine-grained tracing. The pthread rwlock already has probes inside
glibc, and it's difficult to add probes to headers included from the
other libraries.
Ondřej Surý [Mon, 30 Jan 2023 14:36:49 +0000 (15:36 +0100)]
Add support for User Statically Defined Tracing (USDT) probes
This adds support for User Statically Defined Tracing (USDT). On
Linux, this uses the header from SystemTap and dtrace utility, but the
support is universal as long as dtrace is available.
Also add the required infrastructure to add probes to libisc, libdns and
libns libraries, where most of the probes will be.
Michal Nowak [Mon, 24 Jul 2023 15:30:35 +0000 (17:30 +0200)]
Drop unnecessary gcovr workarounds
Many problems of the Debian 11 gcovr version were fixed in the Debian 12
one. Replace workarounds we accumulated over the years with two new,
simple ones.
Ondřej Surý [Wed, 16 Aug 2023 14:30:53 +0000 (16:30 +0200)]
Limit the number of inactive handles kept for reuse
Instead of growing and never shrinking the list of the inactive
handles (to be reused mostly on the UDP connections), limit the number
of maximum number of inactive handles kept to 64. Instead of caching
the inactive handles for all listening sockets, enable the caching on on
UDP listening sockets. For TCP, the handles were cached for each
accepted socket thus reusing the handles only for long-standing TCP
connections, but not reusing the handles across different TCP streams.
Tom Krizek [Wed, 16 Aug 2023 08:38:09 +0000 (10:38 +0200)]
Add clean-local target to clean pytest runner artifacts
The command finds all directories in bin/tests/system which contain an
underscore. Underscore indicates either a temporary directory (_tmp_), a
symlink to test artifacts (TESTNAME_MODULENAME), or a python-related
cache. Using underscore for a system test name is invalid and a hyphen
must be used instead.
Tom Krizek [Thu, 10 Aug 2023 14:53:10 +0000 (16:53 +0200)]
Silence pylint's refactoring suggestions for system_test_dir()
While it'd be fairly easy to split the function up into smaller ones,
the readability wouldn't be improved in this case. Silence the
suggestions instead.
Tom Krizek [Thu, 10 Aug 2023 14:14:08 +0000 (16:14 +0200)]
Create symlinks to test artifacts for pytest runner
While temporary directories are useful for test execution to keep
everything clean, they are difficult to work with manually. Create a
symlink for each test artifact directory with a stable and predictable
path. The symlink always either points to the latest artifacts, or is
missing in case the last run succeeded.
Ensure these symlinked directories aren't detected as test suites by the
pytest runner.
Tom Krizek [Tue, 8 Aug 2023 11:23:20 +0000 (13:23 +0200)]
ci: run out-of-tree system tests with pytest runner
Out-of-tree builds are built in a directory that is different from
source directory. The build directory doesn't contain the non-compiled
test files from bin/tests/system which are the test cases required by
the pytest runner.
In order to run the system tests for out-of-tree build, copy over the
contents (tests) of bin/tests/system/ from the source directory into the
build directory. Then, it is possible to invoke the pytest runner inside
the build directory.
With the v9.19.16 release tag merged, the "cross-version-config-tests"
GitLab CI job will no longer fail due to the two relevant system tests
being absent from the development branch. This makes the pytest
filtering expression added to work around that issue unnecessary, so
remove it.
Michal Nowak [Tue, 15 Aug 2023 15:23:30 +0000 (17:23 +0200)]
Mark test_send_timeout as flaky
In some cases, BIND is not fast enough to fill the send buffer and
manages to answer all queries, contrary to what the test expects.
Repeat the check up to 3 times to limit this test instability.
Tom Krizek [Thu, 17 Aug 2023 08:30:46 +0000 (10:30 +0200)]
Add custom flaky decorator to handle unstable tests
If the flaky plugin for pytest is available, use its decorator to
support re-running unstable tests. In case the package is missing,
execute the test as usual without attempts to re-run it in case of
failure.
This is mostly intended to increase the test stability in CI. Using a
custom decorator enables us to keep the flaky package as an optional
dependency.
Michal Nowak [Thu, 3 Aug 2023 08:44:09 +0000 (10:44 +0200)]
Clean leftover files in autosign and masterformat
The following files were reported in CI by the legacy system test runner
and prevented job to pass. They should be removed.
$ if git rev-parse > /dev/null 2>&1; then ( ! grep "^I:.*:file.*not removed$" *.log ); fi
autosign.log:I:autosign:file autosign/ns3/kskonly.example.db.jbk not removed
autosign.log:I:autosign:file autosign/ns3/optout.example.db.jbk not removed
autosign.log:I:autosign:file autosign/ns3/reconf.example.db.jbk not removed
masterformat.log:I:masterformat:file masterformat/ns1/signed.db.raw.jbk not removed
masterformat.log:I:masterformat:file masterformat/ns1/signed.db.raw.signed not removed
masterformat.log:I:masterformat:file masterformat/ns1/signed.db.raw.signed.jnl not removed
Don't print an error when the ns*/inactive directory is not
present:
rmdir: ns*/inactive: No such file or directory
Remove nsupdate.out.test file instead of nsupdate.out, as the latter
does not exist.
Ondřej Surý [Tue, 15 Aug 2023 15:29:27 +0000 (17:29 +0200)]
Attach to the dns_dispatchmgr in the dns_view object
The dns_dispatchmgr object was only set in the dns_view object making it
prone to use-after-free in the dns_xfrin unit when shutting down named.
Remove dns_view_setdispatchmgr() and optionally pass the dispatchmgr
directly to dns_view_create() when it is attached and not just assigned,
so the dns_dispatchmgr doesn't cease to exist too early.
The dns_view_getdnsdispatchmgr() is now protected by the RCU lock, the
dispatchmgr reference is incremented, so the caller needs to detach from
it, and the function can return NULL in case the dns_view has been
already shut down.
Instead of an RBT for the forwarders table, use a QP trie.
We now use reference counting for dns_forwarders_t. When a forwarders
object is retrieved by dns_fwdtable_find(), it must now be explicitly
detached by the caller afterward.
QP tries require stored objects to include their names, so the
the forwarders object now has that. This obviates the need to
pass back a separate 'foundname' value from dns_fwdtable_find().
replace the red-black tree used by the negative trust anchor table
with a QP trie.
because of this change, dns_ntatable_init() can no longer fail, and
neither can dns_view_initntatable(). these functions have both been
changed to type void.
rename dns_qp_findname_parent() to _findname_ancestor()
this function finds the closest matching ancestor, but the function
name could be read to imply that it returns the direct parent node;
this commit suggests a slightly less misleading name.
Tony Finch [Thu, 6 Apr 2023 10:30:00 +0000 (11:30 +0100)]
A SET_IF_NOT_NULL() macro for optional return values
The SET_IF_NOT_NULL() macro avoids a fair amount of tedious boilerplate,
checking pointer parameters to see if they're non-NULL and updating
them if they are. The macro was already in the dns_zone unit, and this
commit moves it to the <isc/util.h> header.
I have included a Coccinelle semantic patch to use SET_IF_NOT_NULL()
where appropriate. The patch needs an #include in `openssl_shim.c`
in order to work.
Mark Andrews [Wed, 2 Aug 2023 06:16:30 +0000 (16:16 +1000)]
Add sleeps so that the modification time changes
The mkeys system test could fail because root zone was resigned
within the same second as it was previously signed causing reloads
to fail. Add delays to the test to prevent this.
projects / thirdparty / bind9.git / log
