Tony Finch [Thu, 24 Nov 2022 17:38:16 +0000 (17:38 +0000)]
Speed up lib/dns/gen.c
The `gen` program was causing a lengthy single-threaded pause in
the BIND build. When generating RDATATYPE_FROMTEXT_SW(), `gen` hit
the inner loop of `find_typename()` over 1.2 billion times. This
change avoids long deeply-nested loops, so `gen` now runs in less
than 10ms, about 300x faster.
Ondřej Surý [Thu, 24 Nov 2022 14:03:23 +0000 (15:03 +0100)]
Be more resilient when destroying the httpd requests
Don't restart reading in the send callback after the httpdmgr has been
shut down, and call httpd_request(..., ISC_R_SHUTDOWN, ...) when
shutting down the httpdmgr to reduce code duplication.
Ondřej Surý [Thu, 24 Nov 2022 16:11:22 +0000 (17:11 +0100)]
Make the netmgr send callback to be asynchronous only when needed
Previously, the send callback would be synchronous only on success. Add
an option (similar to what other callbacks have) to decide whether we
need the asynchronous send callback on a higher level.
On a general level, we need the asynchronous callbacks to happen only
when we are invoking the callback from the public API. If the path to
the callback went through the libuv callback or netmgr callback, we are
already on asynchronous path, and there's no need to make the call to
the callback asynchronous again.
For the send callback, this means we need the asynchronous path for
failure paths inside the isc_nm_send() (which calls isc__nm_udp_send(),
isc__nm_tcp_send(), etc...) - all other invocations of the send callback
could be synchronous, because those are called from the respective libuv
send callbacks.
Ondřej Surý [Wed, 23 Nov 2022 13:03:23 +0000 (14:03 +0100)]
Make the netmgr read callback to be asynchronous only when needed
Previously, the read callback would be synchronous only on success or
timeout. Add an option (similar to what other callbacks have) to decide
whether we need the asynchronous read callback on a higher level.
On a general level, we need the asynchronous callbacks to happen only
when we are invoking the callback from the public API. If the path to
the callback went through the libuv callback or netmgr callback, we are
already on asynchronous path, and there's no need to make the call to
the callback asynchronous again.
For the read callback, this means we need the asynchronous path for
failure paths inside the isc_nm_read() (which calls isc__nm_udp_read(),
isc__nm_tcp_read(), etc...) - all other invocations of the read callback
could be synchronous, because those are called from the respective libuv
or netmgr read callbacks.
Tony Finch [Fri, 4 Nov 2022 12:02:33 +0000 (12:02 +0000)]
Deduplicate time unit conversion factors
The various factors like NS_PER_MS are now defined in a single place
and the names are no longer inconsistent. I chose the _PER_SEC names
rather than _PER_S because it is slightly more clear in isolation;
but the smaller units are always NS, US, and MS.
Tom Krizek [Thu, 24 Nov 2022 16:42:43 +0000 (17:42 +0100)]
Simplify start/stop helper func in system tests
The system test should never attempt to start or stop any other server
than those that belong to that system test. Therefore, it is not
necessary to specify the system test name in function calls.
Additionally, this makes it possible to run the test inside a
differently named directory, as its name is automatically detected with
the $SYSTESTDIR variable. This enables running the system tests inside a
temporary directory.
Direct use of stop.pl was replaced with a more systematic approach to
use stop_servers helper function.
Evan Hunt [Mon, 21 Nov 2022 06:02:38 +0000 (22:02 -0800)]
remove unused 'nupdates' field from client
the 'nupdates' field was originally used to track whether a client
was ready to shut down, along with other similar counters nreads,
nrecvs, naccepts and nsends. this is now tracked differently, but
nupdates was overlooked when the other counters were removed.
Michal Nowak [Mon, 30 May 2022 13:49:34 +0000 (15:49 +0200)]
Fix statement may fall through warnings in dlz_ldap_dynamic.c
dlz_ldap_dynamic.c: In function ‘dlz_create’:
dlz_ldap_dynamic.c:971:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
971 | if (result != ISC_R_SUCCESS) {
| ^
dlz_ldap_dynamic.c:974:9: note: here
974 | case 11:
| ^~~~
dlz_ldap_dynamic.c:976:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
976 | if (result != ISC_R_SUCCESS) {
| ^
dlz_ldap_dynamic.c:979:9: note: here
979 | case 10:
| ^~~~
dlz_ldap_dynamic.c:980:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
980 | if (strlen(argv[9]) > 0) {
| ^
dlz_ldap_dynamic.c:987:9: note: here
987 | case 9:
| ^~~~
Michal Nowak [Mon, 30 May 2022 13:42:16 +0000 (15:42 +0200)]
Fix compilation warnings in dlz_wildcard_dynamic.c
dlz_wildcard_dynamic.c: In function ‘dlz_lookup’:
dlz_wildcard_dynamic.c:227:14: warning: variable ‘origin’ set but not used [-Wunused-but-set-variable]
227 | bool origin = true;
| ^~~~~~
dlz_wildcard_dynamic.c: In function ‘dlz_lookup’:
dlz_wildcard_dynamic.c:252:28: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
252 | cd->record = "@";
| ^
dlz_wildcard_dynamic.c: In function ‘dlz_authority’:
dlz_wildcard_dynamic.c:328:22: warning: unused variable ‘origin’ [-Wunused-variable]
328 | bool origin;
| ^~~~~~
dlz_wildcard_dynamic.c:312:25: warning: unused variable ‘name’ [-Wunused-variable]
312 | const char *p, *name = "@";
| ^~~~
dlz_wildcard_dynamic.c: In function ‘dlz_create’:
dlz_wildcard_dynamic.c:441:23: warning: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Wsign-compare]
441 | for (i = 4; i < argc; i += 4) {
| ^
Michal Nowak [Mon, 30 May 2022 13:23:45 +0000 (15:23 +0200)]
Fix compilation warnings in dlz_sqlite3_dynamic.c
dlz_sqlite3_dynamic.c: In function ‘dlz_sqlite3_fetch_row’:
dlz_sqlite3_dynamic.c:447:31: warning: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Wsign-compare]
447 | if (rs->pnRow > 0U && rs->curRow < rs->pnRow) {
| ^
dlz_sqlite3_dynamic.c:447:50: warning: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Wsign-compare]
447 | if (rs->pnRow > 0U && rs->curRow < rs->pnRow) {
| ^
Michal Nowak [Mon, 30 May 2022 10:36:27 +0000 (12:36 +0200)]
Fix compilation warnings in dlz_perl_driver.c
dlz_perl_driver.c: In function ‘dlz_version’:
dlz_perl_driver.c:116:27: warning: unused parameter ‘flags’ [-Wunused-parameter]
116 | dlz_version(unsigned int *flags) {
| ~~~~~~~~~~~~~~^~~~~
In file included from /usr/lib64/perl5/CORE/perl.h:5685,
from dlz_perl_driver.c:33:
dlz_perl_driver.c: In function ‘dlz_allnodes’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:151:17: note: in expansion of macro ‘POPs’
151 | POPs;
| ^~~~
dlz_perl_driver.c: In function ‘dlz_allowzonexfr’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:251:17: note: in expansion of macro ‘POPs’
251 | POPs;
| ^~~~
dlz_perl_driver.c: In function ‘dlz_findzonedb’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:328:17: note: in expansion of macro ‘POPs’
328 | POPs;
| ^~~~
dlz_perl_driver.c: In function ‘dlz_lookup’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:407:17: note: in expansion of macro ‘POPs’
407 | POPs;
| ^~~~
dlz_perl_driver.c:472:1: error: no previous prototype for ‘missing_perl_method’ [-Werror=missing-prototypes]
472 | missing_perl_method(const char *perl_class_name, PerlInterpreter *my_perl)
| ^~~~~~~~~~~~~~~~~~~
dlz_perl_driver.c: In function ‘missing_perl_method’:
dlz_perl_driver.c:485:9: error: ISO C90 forbids array ‘full_name’ whose size cannot be evaluated [-Werror=vla]
485 | char full_name[BUF_LEN];
| ^~~~
dlz_perl_driver.c: In function ‘dlz_create’:
dlz_perl_driver.c:613:13: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
613 | if (missing_method_name = missing_perl_method(perl_class_name, my_perl))
| ^~~~~~~~~~~~~~~~~~~
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:657:17: note: in expansion of macro ‘POPs’
657 | POPs;
| ^~~~
dlz_perl_driver.c:502:15: warning: unused variable ‘init_args’ [-Wunused-variable]
502 | char *init_args[] = { NULL, NULL };
| ^~~~~~~~~
Michal Nowak [Fri, 18 Nov 2022 12:30:32 +0000 (13:30 +0100)]
Exclude fuzz directory from code coverage report
gcovr fails to process fuzz/old.gcda and fuzz/old.gcno files after !7045
MR with:
(WARNING) GCOV produced the following errors processing /builds/isc-projects/bind9/fuzz/old.gcda:
Cannot open source file ../../fuzz/old.c
Cannot open source file ../../lib/dns/include/dns/compress.h
Cannot open source file ../../lib/isc/include/isc/buffer.h
...
(gcovr could not infer a working directory that resolved it.)
Given that code coverage inspection is meant only for BIND 9 code and
not its tests and auxiliary tools, the "fuzz" directory should be
excluded from being included in the code coverage report.
Remove the text from the ARM and DNSSEC guide that describes how to do
key and denial of existence operations using dynamic update. Add a new
section about DNSSEC multi-signer models, but no longer suggest using
dynamic update and auto-dnssec allow.
Remove code that triggers key and denial of existence management
operations. Dynamic update should no longer be used to do DNSSEC
maintenance (other than that of course signatures need to be
created for the new zone contents).
Remove test cases that rely upon key and denial of existence
management operations triggered by dynamic updates.
The autosign system test needed a bit more care than just removing
because the test cases are dependent on each other, so there are some
additional tweaks such as setting the NSEC3PARAM via rndc signing,
and renaming zone input files. In the process, some additional
debug output files have been added, and a 'ret' fail case overwrite
was fixed.
Tony Finch [Mon, 7 Nov 2022 16:22:48 +0000 (16:22 +0000)]
Fuzzing and benchmarking for dns_name_fromwire()
Since this is very sensitive code which has often had security
problems in many DNS implementations, it needs a decent amount of
validation. This fuzzer ensures that the new code has the same output
as the old code, and that it doesn't take longer than a second.
The benchmark uses the fuzzer's copy of the old dns_name_fromwire()
code to compare a number of scenarios: many compression pointers, many
labels, long labels, random data, with/without downcasing.
Tony Finch [Mon, 7 Nov 2022 14:00:45 +0000 (14:00 +0000)]
Simplify and speed up DNS name decompression
The aim is to do less work per byte:
* Check the bounds for each label, instead of checking the
bounds for each character.
* Instead of copying one character at a time from the wire to
the name, copy entire runs of sequential labels using memmove()
to make the most of its fast loop.
* To remember where the name ends, we only need to set the end
marker when we see a compression pointer or when we reach the
root label. There is no need to check if we jumped back and
conditionally update the counter for every character.
* To parse a compression pointer, we no longer take a diversion
around the outer loop in between reading the upper byte of the
pointer and the lower byte.
* The parser state machine is now implicit in the instruction
pointer, instead of being an explicit variable. Similarly,
when we reach the root label we break directly out of the loop
instead of setting a second state machine variable.
* DNS_NAME_DOWNCASE is never used with dns_name_fromwire() so
that option is no longer supported.
I have removed this comment which dated from January 1999 when
dns_name_fromwire() was first introduced:
/*
* Note: The following code is not optimized for speed, but
* rather for correctness. Speed will be addressed in the future.
*/
No functional change, apart from removing support for the unused
DNS_NAME_DOWNCASE option. The new code is about 2x faster than the
old code: best case 11x faster, worst case 1.4x faster.
Tony Finch [Wed, 9 Nov 2022 17:32:05 +0000 (17:32 +0000)]
Avoid unspecified behaviour in name_test
C does not make any guarantees about the value of padding in a
structure, so bytewise comparison of two semantically equal structures
with padding can be spuriously non-equal due to non-equal padding
bytes.
Compare each member of name.attributes individually to avoid this
problem.
Mark Andrews [Wed, 19 Oct 2022 05:53:11 +0000 (16:53 +1100)]
Add system test for dual-stack-servers with possible DNAME response
Create a zone that triggers DNAME owner name checks in a zone that
is only reachable using a dual stack server. The answer contains
a name that is higher in the tree than the query name.
e.g.
foo.v4only.net. CNAME v4only.net.
v4only.net. A 10.0.0.1
ns4 is serving the test zone (ipv4-only)
ns6 is the root server for this test (dual stacked)
ns7 is acting as the dual stack server (dual stacked)
ns9 is the server under test (ipv6-only)
Mark Andrews [Mon, 17 Oct 2022 23:02:08 +0000 (10:02 +1100)]
Select the appropriate namespace when using a dual stack server
When using dual-stack-servers the covering namespace to check whether
answers are in scope or not should be fctx->domain. To do this we need
to be able to distingish forwarding due to forwarders clauses and
dual-stack-servers. A new flag FCTX_ADDRINFO_DUALSTACK has been added
to signal this.
Michal Nowak [Thu, 8 Sep 2022 15:12:46 +0000 (17:12 +0200)]
Rename $HOSTNAME to $HOST_NAME to silence checkbashisms
checkbashisms warns about possible reliance on HOSTNAME environmental
variable which Bash sets to the name of the current host, and some
commands may leverage it:
possible bashism in builtin/tests.sh line 199 ($HOST(TYPE|NAME)):
grep "^\"$HOSTNAME\"$" dig.out.ns1.$n > /dev/null || ret=1
possible bashism in builtin/tests.sh line 221 ($HOST(TYPE|NAME)):
grep "^\"$HOSTNAME\"$" dig.out.ns2.$n > /dev/null || ret=1
possible bashism in builtin/tests.sh line 228 ($HOST(TYPE|NAME)):
grep "^; NSID: .* (\"$HOSTNAME\")$" dig.out.ns2.$n > /dev/null || ret=1
We don't use the variable this way but rename it to HOST_NAME to silence
the tool.
possible bashism in bin/tests/system/checkconf/tests.sh line 105 (should be 'b = a'):
if [ $? == 0 ]; then echo_i "failed"; ret=1; fi
possible bashism in bin/tests/system/keyfromlabel/tests.sh line 62 (should be 'b = a'):
test $ret == 0 || continue
possible bashism in bin/tests/system/keyfromlabel/tests.sh line 79 (should be 'b = a'):
test $ret == 0 || continue
Ondřej Surý [Sun, 13 Nov 2022 09:12:52 +0000 (10:12 +0100)]
Deprecate setting operating system limits from named.conf
It was possible to set operating system limits (RLIMIT_DATA,
RLIMIT_STACK, RLIMIT_CORE and RLIMIT_NOFILE) from named.conf. It's
better to leave these untouched as setting these is responsibility of
the operating system and/or supervisor.
Deprecate the configuration options and remove them in future BIND 9
release.
Ondřej Surý [Tue, 8 Nov 2022 11:46:50 +0000 (12:46 +0100)]
Remove the last remnants of --with-tuning=large
The small/large tuning has been completely removed from the code with
last remnant of the dead code in ns_interfacemgr. Remove the dead code
and the configure option.
Matthijs Mekking [Wed, 12 Oct 2022 14:24:13 +0000 (16:24 +0200)]
Change default TTL of NSEC3PARAM to SOA MINIMUM
Despite the RFC says that the NSEC3PARAM is not something that is
intended for the resolver to be cached, and thus the TTL of 0 is most
logical, a zero TTL RRset can be abused by bad actors.
Ondřej Surý [Thu, 10 Nov 2022 08:30:52 +0000 (09:30 +0100)]
Check view->adb in dns_view_flushcache()
The call to dns_view_flushcache() is done under exclusive mode, but we
still need to check if view->adb is still attached before calling
dns_adb_flush() because the shutdown might have been already
initialized. This most likely only a theoretical problem on shutdown
because there's either no way how to initiate cache flush when shutting
down or very slim window where the `rndc flush` would have to hit the
slim time during named shutdown.
Ondřej Surý [Wed, 9 Nov 2022 17:04:23 +0000 (18:04 +0100)]
Don't use view->resolver directly when priming in dns_view_find()
When starting priming from dns_view_find(), the dns_view shutdown could
be initiated by different thread, detaching from the resolver. Use
dns_view_getresolver() to attach to the resolver under view->lock, so we
don't try to call dns_resolver_prime() with NULL pointer.
There are more accesses to view->resolver, (and also view->adb and
view->requestmgr that suffer from the same problem) in the dns_view
module, but they are all done in exclusive mode or under a view->lock.
projects / thirdparty / bind9.git / log
