Tom Krizek [Fri, 24 Nov 2023 14:50:08 +0000 (15:50 +0100)]
Allow assertion message rewrite in statschannel test
By default, the useful assertion message rewrite is used by pytest for
test modules only. Since another module is imported with shared
functionality, ensure it has pytest's assertion message rewriting
enabled to obtain more debug information in case it fails.
Tom Krizek [Fri, 24 Nov 2023 14:32:09 +0000 (15:32 +0100)]
Add assert message to test doth/stress_http_quota.py
This file is executed outside of pytest with pure python, which doesn't
do any AssertionError message rewriting like pytest. Ensure the assert
messages in this file provide a useful debug message.
Mark Andrews [Mon, 4 Dec 2023 01:23:18 +0000 (12:23 +1100)]
Destroy the message before detaching the view
With shared name memory pools (f5af981831ea8a707090c1b09a47c25b75d86b5a)
the message needs to be destroyed before the view is detached which
in turn detaches the resolver which checks that all resources have
been returned.
Aram Sargsyan [Thu, 16 Nov 2023 13:30:32 +0000 (13:30 +0000)]
Emit "no servers could be reached" also for UDP setup failure
When all the servers are exhausted for UDP setup emit "no servers
could be reached" in udp_ready(). This message can also be emitted
for a recv_done() error and for TCP connection failure similarly.
Tom Krizek [Mon, 6 Nov 2023 13:45:07 +0000 (14:45 +0100)]
Update system test documentation
Rewrite and reorganize the test documentation to focus on the pytest
runner, omit any mentions of the legacy runner which are no longer
relevant, and mention a few pytest tricks.
Ondřej Surý [Wed, 29 Nov 2023 08:01:56 +0000 (09:01 +0100)]
Refactor the handling of isc_mem overmem condition
Previously, there were two methods of working with the overmem
condition:
1. hi/lo water callback - when the overmem condition was reached
for the first time, the water callback was called with HIWATER
mark and .is_overmem boolean was set internally. Similarly,
when the used memory went below the lo water mark, the water
callback would be called with LOWATER mark and .is_overmem
was reset. This check would be called **every** time memory
was allocated or freed.
2. isc_mem_isovermem() - a simple getter for the internal
.is_overmem flag
This commit refactors removes the first method and move the hi/lo water
checks to the isc_mem_isovermem() function, thus we now have only a
single method of checking overmem condition and the check for hi/lo
water is removed from the hot path for memory contexts that doesn't use
overmem checks.
Michał Kępień [Tue, 21 Nov 2023 09:18:52 +0000 (10:18 +0100)]
Move job definitions to the proper place
The definitions of the "ci-variables" and "cross-version-config-tests"
GitLab CI jobs were accidentally added in the .gitlab-ci.yml section
that claims to only contain job templates. Move the definitions of
these two jobs to a more appropriate location in .gitlab-ci.yml, without
changing the job definitions themselves.
Michał Kępień [Tue, 21 Nov 2023 09:18:52 +0000 (10:18 +0100)]
Drop the TARBALL_EXTENSION variable
All currently supported BIND 9 branches use xz-packed tarballs for
source code distribution. Having a variable with a lengthy name that
only holds two characters does not improve readability - it was only
useful for maintaining .gitlab-ci.yml consistency between BIND 9.11 and
all the newer branches, but that era has come to an end a while ago.
Replace all occurrences of the TARBALL_EXTENSION variable in
.gitlab-ci.yml with a fixed string ("xz") to simplify the contents of
that file.
Ondřej Surý [Mon, 6 Nov 2023 19:19:20 +0000 (20:19 +0100)]
Make sure we shutdown the controlconf listeners and connections once
It was possible that controlconf connections could be shutdown twice
when shutting down the server, because they would receive the
signal (ISC_R_SHUTTINGDOWN result) from netmgr and then the shutdown
procedure would be called second time via controls_shutdown().
Split the shutdown procedure from control_recvmessage(), so we can call
it independently from netmgr callbacks and make sure it will be called
only once. Do the similar thing for the listeners.
Michał Kępień [Thu, 16 Nov 2023 10:39:51 +0000 (11:39 +0100)]
Remove steps related to the post-mortem meeting
The post-mortem meeting is now considered an on-demand event. The past
few security release cycles proved that there is rarely a need to
discuss things in this form, so there is little point in carrying out
the relevant steps for every single vulnerability - which does not
prevent us from doing so if the actual need arises.
Michał Kępień [Thu, 16 Nov 2023 10:39:51 +0000 (11:39 +0100)]
Rebase -S branches after version bumps
Applying version bumps in open source branches breaks automatic rebasing
of the bind-9.x-sub branches. Ensure the latter are manually rebased
after each version bump to prevent the "rebase" job in GitLab CI from
failing.
Michał Kępień [Thu, 16 Nov 2023 10:39:51 +0000 (11:39 +0100)]
Prepare the patches/ subdirectory earlier
The patches/ subdirectory needs to be present in each prerelease
directory before the ASN releases get pre-published or else the latter
will not contain standalone patches.
Evan Hunt [Sat, 11 Nov 2023 21:15:27 +0000 (13:15 -0800)]
set loadtime during initial transfer of a secondary zone
when transferring in a non-inline-signing secondary for the first time,
we previously never set the value of zone->loadtime, so it remained
zero. this caused a test failure in the statschannel system test,
and that test case was temporarily disabled. the value is now set
correctly and the test case has been reinstated.
Mark Andrews [Thu, 16 Nov 2023 00:15:49 +0000 (11:15 +1100)]
Check that buffer length in dns_message_renderbegin
The maximum DNS message size is 65535 octets. Check that the buffer
being passed to dns_message_renderbegin does not exceed this as the
compression code assumes that all offsets are no bigger than this.
Ondřej Surý [Tue, 7 Nov 2023 13:42:33 +0000 (14:42 +0100)]
Remove AES algorithm for DNS cookies
The AES algorithm for DNS cookies was being kept for legacy reasons, and
it can be safely removed in the next major release. Remove both the AES
usage for DNS cookies and the AES implementation itself.
Aram Sargsyan [Thu, 9 Nov 2023 08:33:35 +0000 (08:33 +0000)]
Fix catz db update callback registration logic error (take two)
Please see the 998765fea536daacfba96d8ed0a4855668d2e242 commit for
the description of the original issue. The commit had fixed the
logic error, but it was reintroduced again later with the a1afa31a5a7d318508efe5a32001104d094be057 commit, where the check of
the 'db_registered' flag was removed in dns__catz_update_cb(). The
check was removed, because the registration function was made
idempotent, so double registration is not an issue, but the check
also prevented from unneeded registration, on which the original
fix relied.
This commit just removes the update callback registration code from
the dns__catz_update_cb() function instead of bringing back the check,
because after code flow analysis, it is now clear that it's not required
at all. The "call onupdate() artificially" comment (which was mentioned
by the removed code) is speaking about the dns_catz_dbupdate_callback()
function, which is called by server.c on (re)configuration, and that
function already takes care of update callback's registration since the 998765fea536daacfba96d8ed0a4855668d2e242 commit was applied, so there
is no need to do that here again.
Aram Sargsyan [Tue, 7 Nov 2023 10:21:36 +0000 (10:21 +0000)]
Use atomics for the iterators number in isc_hashmap_t
Concurrent threads can access a hashmap for reading by creating and
then destroying an iterator, in which case the integer number of the
active iterators is increased or decreased from different threads,
introducing a data race. Use atomic operations to protect the variable.
Ondřej Surý [Tue, 7 Nov 2023 14:17:10 +0000 (15:17 +0100)]
Deprecate AES algorithm for DNS cookies
The AES algorithm for DNS cookies was being kept for legacy reasons,
and it can be safely removed in the next major release. Mark is as
deprecated, so the `named-checkconf` prints a warning when in use.
Aram Sargsyan [Tue, 7 Nov 2023 10:02:57 +0000 (10:02 +0000)]
Use a read lock when iterating over a hashmap
The 'dns_tsigkeyring_t' structure has a read/write lock to protect
its 'keys' member, which is a 'isc_hashmap_t' pointer and needs to
be protected.
The dns_tsigkeyring_dump() function, however, doesn't use the lock,
which can introduce a race with another thread, if the other thread
tries to modify the hashmap.
Add a read lock around the code, which iterates over the hashmap.
projects / thirdparty / bind9.git / log
