Mark Andrews [Fri, 16 Feb 2024 00:40:26 +0000 (11:40 +1100)]
Use a new memory context when flushing the cache
When the cache's memory context was in over memory state when the
cache was flushed it resulted in LRU cleaning removing newly entered
data in the new cache straight away until the old cache had been
destroyed enough to take it out of over memory state. When flushing
the cache create a new memory context for the new db to prevent this.
Ondřej Surý [Tue, 28 May 2024 14:13:31 +0000 (16:13 +0200)]
Create the new database for AXFR from the dns_zone API
The `axfr_makedb()` didn't set the loop on the newly created database,
effectively killing delayed cleaning on such database. Move the
database creation into dns_zone API that knows all the gory details of
creating new database suitable for the zone.
Disable deadlines for hypothesis tests when running in CI
The times it takes to run tests CI vary significantly enough
that it makes hypothesis test reach their deadlines and fail randomly
marking the tests as flaky.
This commit disables the deadlines when running in CI.
Štěpán Balážik [Thu, 21 Dec 2023 19:25:20 +0000 (20:25 +0100)]
Extend isctest package with more utility functions
Check for more rcodes and various properties needed in the wildcard
test. Add a `name` module for various dns.name.Name operations (with
`prepend_label` function only now).
Expose `timeout` as a parameter of `query.tcp`/`query.udp`.
The system test from the BIND 9.19.24 release does not include the
isctest/vars/autoconf.py file from 9.19.25-dev, and therefore the job
will fail before the 9.19.25 release is published. In the meantime,
consider using the conf.sh file.
Refactor code like this into peek_uint16() and get_uint16 macros
to prevent code repetition and possible mistakes when copy and
pasting the same code over and over.
As a side note for an entertainment of a careful reader of the commit
messages: The byte manipulation was changed from multiplication and
addition to shift with or.
The difference in the assembly looks like this:
MUL and ADD:
movzx eax, BYTE PTR [rdi]
movzx edi, BYTE PTR [rdi+1]
sal eax, 8
or edi, eax
SHIFT and OR:
movzx edi, WORD PTR [rdi]
rol di, 8
movzx edi, di
If the result and/or buffer is then being used after the macro call,
there's more differences in favor of the SHIFT+OR solution.
Aydın Mercan [Fri, 17 May 2024 13:45:10 +0000 (16:45 +0300)]
fix typing mistakes in trace macros
The detach function declaration in `ISC__REFCOUNT_TRACE_DECL` had an
returned an accidental implicit int. While not allowed since C99, it
became an error by default in GCC 14.
`ISC_REFCOUNT_TRACE_IMPL` and `ISC_REFCOUNT_STATIC_TRACE_IMPL` expanded
into the wrong macros, trying to declare it again with the wrong number
of parameters.
Mark Andrews [Mon, 29 Jan 2024 18:21:37 +0000 (10:21 -0800)]
add test cases for several FORMERR code paths:
- duplicated question
- duplicated answer
- qtype as an answer
- two question types
- question names
- nsec3 bad owner name
- short record
- short question
- mismatching question class
- bad record owner name
- mismatched class in record
- mismatched KEY class
- OPT wrong owner name
- invalid RRSIG "covers" type
- UPDATE malformed delete type
- TSIG wrong class
- TSIG not the last record
Matthijs Mekking [Wed, 15 May 2024 09:35:31 +0000 (11:35 +0200)]
Rewrite qp fix_iterator()
The fix_iterator() function had a lot of bugs in it and while fixing
them, the number of corner cases and the complexity of the function
got out of hand. Rewrite the function with the following modifications:
The function now requires that the iterator is pointing to a leaf node.
This removes the cases we have to deal when the iterator was left on a
dead branch.
From the leaf node, pop up the iterator stack until we encounter the
branch where the offset point is before the point where the search key
differs. This will bring us to the right branch, or at the first
unmatched node, in which case we pop up to the parent branch. From
there it is easier to retrieve the predecessor.
Once we are at the right branch, all we have to do is find the right
twig (which is either the twig for the character at the position where
the search key differs, or the previous twig) and walk down from there
to the greatest leaf or, in case there is no good twig, get the
previous twig from the successor and get the greatest leaf from there.
If there is no previous twig to select in this branch, because every
leaf from this branch node is greater than the one we wanted, we need
to pop up the stack again and resume at the parent branch. This is
achieved by calling prevleaf().
Matthijs Mekking [Wed, 15 May 2024 08:59:07 +0000 (10:59 +0200)]
Get anyleaf when qp lookup is on a dead end branch
Move the fix_iterator out of the loop and only call it when we found
a leaf node. This leaf node may be the wrong leaf node, but fix_iterator
should correct that.
Also, when we don't need to set the iterator, just get any leaf. We
only need to have a leaf for the qpkey_compare and the end result does
not matter if compare was against an ancestor leaf or any leaf below
that point.
Mark Andrews [Tue, 9 Jan 2024 01:22:21 +0000 (12:22 +1100)]
Add regression test data for [GL #4517]
An obscured DNSKEY RRset at a delegation was incorrectly added to
the NSEC/NSEC3 type bit map leading to zone verification failures.
This adds such a RRset to the test zone.
Mark Andrews [Tue, 9 Jan 2024 06:01:07 +0000 (17:01 +1100)]
Fail if there are non apex DNSKEYs
DNSSEC only works when DNSKEYs are self signed. This only occurs
when the DNSKEY RRset is at the apex. Cause dnssec-signzone to
fail if it attempts to sign an non-apex DNSKEY RRset.
Ondřej Surý [Fri, 19 Jan 2024 09:27:41 +0000 (10:27 +0100)]
Properly attach/detach isc_httpd in case read ends earlier than send
An assertion failure would be triggered when sending the TCP data ends
after the TCP reading gets closed. Implement proper reference counting
for the isc_httpd object.
Evan Hunt [Mon, 13 May 2024 22:56:15 +0000 (15:56 -0700)]
Fix QP chain on partial match
When searching for a requested name in dns_qp_lookup(), we may add
a leaf node to the QP chain, then subsequently determine that the
branch we were on was a dead end. When that happens, the chain can be
left holding a pointer to a node that is *not* an ancestor of the
requested name.
We correct for this by unwinding any chain links with an offset
value greater or equal to that of the node we found.
Matthijs Mekking [Fri, 10 May 2024 15:19:15 +0000 (17:19 +0200)]
Refactor fix_iterator
The code below the if/else construction could only be run if the 'if'
code path was taken. Move the code into the 'if' code block so that
it is more easier to read.
Aydın Mercan [Fri, 10 May 2024 20:37:52 +0000 (23:37 +0300)]
Expand list in chaos authors response
The list isn't exactly maintained but it helped with some BIND history
tracking and is basically harmless so it might be worth holding onto it.
I have adapted the name to ASCII so IDN support won't be necessary.
Aydın Mercan [Mon, 22 Apr 2024 14:01:16 +0000 (17:01 +0300)]
Keep track of the recursive clients highwater
The high-water allows administrators to better tune the recursive
clients limit without having to to poll the statistics channel in high
rates to get this number.
Aydın Mercan [Tue, 30 Apr 2024 11:37:26 +0000 (14:37 +0300)]
Return the old counter value in `isc_stats_increment`
Returning the value allows for better high-water tracking without
running into edge cases like the following:
0. The counter is at value X
1. Increment the value (X+1)
2. The value is decreased multiple times in another threads (X+1-Y)
3. Get the value (X+1-Y)
4. Update-if-greater misses the X+1 value which should have been the
high-water
Tom Krizek [Mon, 25 Mar 2024 13:56:08 +0000 (14:56 +0100)]
Use a dedicated file for each autoconf variable
To avoid any escaping issues or messing with a language-specific format
when the variable has to be parsed, create a dedicated file for each
variable that is obtained from autoconf.
Tom Krizek [Wed, 28 Feb 2024 16:04:40 +0000 (17:04 +0100)]
Move env var initialization to isctest.vars
Make sure all initialization takes place in isctest.vars.__init__ and
export the initial env vars there. Remove the no longer needed env
fixture and use os.environ instead.
Tom Krizek [Wed, 28 Feb 2024 09:44:58 +0000 (10:44 +0100)]
Don't export openssl-related env vars unless set
If OPENSSL_CONF is exported as an empty string, it will cause issues on
rhel9fips. Allow the environment variables to be set and exported, but
make sure to only export them if they have been set by the user.
Tom Krizek [Mon, 26 Feb 2024 12:52:55 +0000 (13:52 +0100)]
Parse openssl-related vars in pytest
The openssl config needs to be parsed for some tests that use SoftHSM2.
Rewrite the parsing to python and ensure the required variables are
properly set test-wide.
Tom Krizek [Thu, 4 Jan 2024 13:48:04 +0000 (14:48 +0100)]
Coalesce system test variables
Provide a single point of access to all the variables used by tests. Use
a custom dict-like structure to access the underlying data without
making a copy. This allows the individual modules to update the contents
at runtime, which is used for some variables.
Tom Krizek [Thu, 29 Feb 2024 13:49:38 +0000 (14:49 +0100)]
Load env vars in shell-only processing of conf.sh
While this isn't required for pytest operation and execution of the
system test suite, it can be handy to allow test script development and
debugging. Especially setup scripts often source conf.sh and expect
environment variables to be loaded. If these scripts are executed
stand-alone, the environment variables need to be loaded from the python
package.
Tom Krizek [Thu, 29 Feb 2024 13:51:54 +0000 (14:51 +0100)]
Move environment variables from conf.sh to pytest
Remove conf.sh.in and move the environment variables into isctest/vars
python package. This enabled the removal of an ugly pytest hack which
loaded and parsed these variables from the environment.
projects / thirdparty / bind9.git / log
