ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2022-08-02T08:35:15Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/2424Sanity checks for Kea 2.1.6 rc12022-08-02T08:35:15ZjenkinsSanity checks for Kea 2.1.6 rc1```
We are now at step SANITY CHECKS of Kea 2.1.6 rc1.
Please verify the packages and files according to "4. Sanity Checks" chapter on:
https://wiki.isc.org/bin/view/QA/KeaReleaseProcess#4.%20Sanity%20Checks
and your imagination.
Be...```
We are now at step SANITY CHECKS of Kea 2.1.6 rc1.
Please verify the packages and files according to "4. Sanity Checks" chapter on:
https://wiki.isc.org/bin/view/QA/KeaReleaseProcess#4.%20Sanity%20Checks
and your imagination.
Before starting any checks, please state what check you are doing in a
thread/discussion (not as comment) in Sanity Checks issue in GitLab:
None
When you finish given check state in the same thread/discussion what is the result.
This way we know what is covered upfront and we can avoid repeating ourselves.
Release content is located on:
1) [tarballs] repo.isc.org in the following folders:
/data/shared/sweng/kea/releases/2.1.6-rc1
/data/shared/sweng/kea/releases/premium-2.1.6-rc1
/data/shared/sweng/kea/releases/subscription-2.1.6-rc1
SHA256 (kea-2.1.6.tar.gz) = 7d206e9e71ccf7ea4632eac7c19268fb8afcbec2f5d3da66354a5150b315c80a
SHA256 (kea-premium-2.1.6.tar.gz) = 4b8835bef2905416c970d7aa80783e97ebeb1ee0a411c3959ef6e637a397ad33
SHA256 (kea-subscription-2.1.6.tar.gz) = 86119af13b9288abd8c13d373c578bc7c82e79f54351bb08673c85da23246b47
2) APK, deb, RPM packages on packages.aws.isc.org, exact packages versions are stored here:
https://jenkins.aws.isc.org/job/kea-dev/job/pkg/796/
Release versions are:
APK: 2.1.6-r20220524082245: https://packages.aws.isc.org/#browse/search/raw=format%3Draw%20AND%20name.raw%3D*r20220524082245.apk
deb: 2.1.6-isc20220524082245: https://packages.aws.isc.org/#browse/search/apt=format%3Dapt%20AND%20version%3D2.1.6-isc20220524082245
RPM: 2.1.6-isc20220524082245.[os]: https://packages.aws.isc.org/#browse/search/yum=format%3Dyum%20AND%20version%3D2.1.6-isc20220524082245*
Installation instructions are here: https://wiki.isc.org/bin/view/QA/KeaReleaseProcess#4.%20Sanity%20Checks, chapter 4. Sanity Checks, point 9.
```kea2.1.6https://gitlab.isc.org/isc-projects/kea/-/issues/2421lib version bump up for 2.1.62022-05-22T09:08:15ZWlodzimierz Wencellib version bump up for 2.1.6please don't do it without "all clear", "go ahead" or "go go go!" signal from @andreiplease don't do it without "all clear", "go ahead" or "go go go!" signal from @andreikea2.1.6Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/2414TLS in HA communication documentation2022-05-20T12:28:58ZMarcin GodzinaTLS in HA communication documentationDocument TLS feature in HA using Control Agent.Document TLS feature in HA using Control Agent.kea2.1.6Marcin GodzinaMarcin Godzinahttps://gitlab.isc.org/isc-projects/kea/-/issues/2410red hat 8 packages2022-05-19T14:04:14ZWlodzimierz Wencelred hat 8 packagesprepare red hat 8 packagesprepare red hat 8 packageskea2.1.6Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/2409Shared network with different subnets for HR and pool - a client matching a H...2022-10-25T13:27:12ZCathy AlmondShared network with different subnets for HR and pool - a client matching a HR is issued lease from pool but with wrong subnet IDFrom [Support ticket #20651](https://support.isc.org/Ticket/Display.html?id=20651) and associated with issue #2408.
The scenario is a shared network that contains two subnets.
One subnet has no pool addresses, but has a number of host ...From [Support ticket #20651](https://support.isc.org/Ticket/Display.html?id=20651) and associated with issue #2408.
The scenario is a shared network that contains two subnets.
One subnet has no pool addresses, but has a number of host reservations for clients. These clients are matched on the basis of information added by their relay.
The other subnet has the pool addresses for unreserved clients.
Something goes wrong with the mechanism for identifying clients, so the same relay-info is being associated with more than one client. This means that sometimes when a client needs a lease, it is matched to the host reservation per the information added by the relay, but it can't be allocated the address in its host reservation because that address is already in-use.
The Kea server OFFERs instead a pool address from the other subnet in the shared network. This is then written to the leases database, but with the subnet of the host reservations, not the subnet of the unreserved pool. The client operates normally and the Kea server appears not to take issue with this itself (although I anticipate that there might be a problem restarting and loading these subnet/address mis-matched leases). But in an HA environment, the lease update is rejected by the other servers because of the subnet id being incorrect for the address of the lease.
(Note that the above is a production environment issue, but that other circumstances could lead to an address associated with a HR that matches a 'new' client, not actually being available to be granted, so I think we should look at this more widely than just this scenario as presented above. There is also the additional scenario (which I think would take a different code path) where a client is offered the HR address, but then sends back DHCPDECLINE because it detects itself that it is in use locally, even if the Kea server did not issue the lease. Please consider this scenario too when looking at reasons why an address associated with a HR cannot be OFFERed).
Here's the logging by HA when the lease update is rejected
```
2022-04-28 22:42:39.410 ERROR [kea-dhcp4.callouts/9787.140701841197248] HOOKS_CALLOUT_ERROR error returned by callout on hook $lease4_update registered by library with index 1 (callout address 0x7ff7aa57bf30) (callout duration 0.074 ms)
2022-04-28 22:42:41.546 ERROR [kea-dhcp4.callouts/9787.140701841197248] HOOKS_CALLOUT_ERROR error returned by callout on hook $lease4_update registered by library with index 1 (callout address 0x7ff7aa57bf30) (callout duration 0.066 ms)
```
Also this:
```
2022-04-28 22:30:07.013 WARN [kea-dhcp4.ha-hooks/26493.139690055428288] HA_LEASE_UPDATE_FAILED [hwtype=1 ce:47:47:XX:XX:XX], cid=[01:ce:47:47:XX:XX:XX], tid=0x5fc5fba0: lease update to SERVER-NAME-REDACTED (http://XXX.XXX.XX.XX:8080) failed: The
address 10.1.XX.XX does not belong to subnet 192.2.XX.XX/24, subnet-id=6, error code 1
```
And here's the logging on the active server when it hits the issue with host reservation because another client has already been issued with the address associated with the matching HR:
```
2022-04-28 22:36:41.489 WARN [kea-dhcp4.alloc-engine/26493.139690055428288] ALLOC_ENGINE_V4_DISCOVER_ADDRESS_CONFLICT [hwtype=1 08:9b:b9:XX:XX:XX], cid=[01:08:9b:b9:XX:XX:XX], tid=0xdcec1449: conflicting reservation for address 10.1.XX.XX with existing lease Address: 10.1.XX.XX
```
Version 2.0.0 (package)kea2.1.6Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/kea/-/issues/2384ddns-tuning should preparse subnet host expressions so expression errors are ...2022-05-09T13:37:37ZThomas Markwalderddns-tuning should preparse subnet host expressions so expression errors are caught prior to client traffic submissionThis ticket addresses a ddns-tuning hook library review comment
https://gitlab.isc.org/isc-private/kea-premium/-/merge_requests/262#note_281640
This entails adding callbacks dhcpX_srv_configured and cbX_updated, during which the cache...This ticket addresses a ddns-tuning hook library review comment
https://gitlab.isc.org/isc-private/kea-premium/-/merge_requests/262#note_281640
This entails adding callbacks dhcpX_srv_configured and cbX_updated, during which the cache would be flushed and subnet expressions would be parsed and cached if parsing succeds, or logged if not. I believe this also eliminates the needs to for using time stamp of last flush to detect updated subnets, since all changes would be handled in the above callbacks.kea2.1.6Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/2381race conditions found in kea-dhcp4 MT when perfdhcp packets contain DHO_HOST_...2022-05-20T12:57:01ZThomas Markwalderrace conditions found in kea-dhcp4 MT when perfdhcp packets contain DHO_HOST_NAMETSAN reported two different race conditions while I was testing #1548 in MT mode in kea-dhcp4 with a version of perfdhcp that I hacked to send the DHO_HOST_OPTION in client packets. I have verified that these both exist in master withou...TSAN reported two different race conditions while I was testing #1548 in MT mode in kea-dhcp4 with a version of perfdhcp that I hacked to send the DHO_HOST_OPTION in client packets. I have verified that these both exist in master without #1548 (i.e. they have been in the code for quite some time).
The first one is in std::regex() which is called from util::StringSanitzerImpl(). I isloted this enough to be pretty convinced this is in the std::regex implementation (at least under Ubuntu 20.04. I alternated between a local static mutex and a class member mutex in StringSanitizerImpl (see hack_mutex.diff). When hack_mutex_ is a local static the race is avoided, when it is a a member of StringSantizierImpl() the race occurs. I believe this means that the memory in contention resides within std::regex itself. If one undefines USE_REGEX so the code uses regcomp, the race does not occur at all.
The second on is in isc::cryptolink::CryptoLink::initialize(), which is being called when creating the D2Dhcid for NameChangeRequests. I added a mutex and lock to CryptoLink which makes the race condition go away, see crypto.diff. It isn't pretty maybe but it's demonstrative.
These haven't shown up before because most of tests don't send host name (or FQDN) options in client packets. I imagine we would have probably see these same conditions if perfdhcp sent FQDN options in v4 or v6 as well.
I have attached the tsan report, my server config, config.*, and the perfdhcp hack diff.
[kea-dhcp4.log](/uploads/b36f81cb15b9d3b2d6a7da086c64dd5c/kea-dhcp4.log)
[tsan.conf](/uploads/d847830c0a9258eeb640c6e18f096ed0/tsan.conf)
[perfdhcp_dho_host.diff](/uploads/767d437c2c41cd1ce9db4c6804bfa2b9/perfdhcp_dho_host.diff)
[config.log](/uploads/cb8ed4ea767cb11081078485bd115ce7/config.log)
[config.report](/uploads/23954a9b3bddbf19bde934bc05dd7467/config.report)
[hack_mutex.diff](/uploads/bc4fc1b39adcd125c9487b958119b9ae/hack_mutex.diff)
[crypto.diff](/uploads/1d9fdf8f33806734ba4dcf146d45be9d/crypto.diff)kea2.1.6Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/2354Allow disabling ddns in reservations2022-05-31T19:41:57ZKenneth PorterAllow disabling ddns in reservationsAllow the use of ddns-send-updates (value false) at reservation scope.
I place my pool leases in dhcp.example.com. This subdomain is enabled for dynamic update. I place my fixed address leases (reservations) in example.com which is not...Allow the use of ddns-send-updates (value false) at reservation scope.
I place my pool leases in dhcp.example.com. This subdomain is enabled for dynamic update. I place my fixed address leases (reservations) in example.com which is not enabled for dynamic update by directly editing my BIND 9 zone files. kea-dhcp4 should _not_ send dynamic updates for my reservations. My pool is in 10.96.6.0/24. I use other /24's in the 10.96/16 netblock for different functions like printers and cameras. They all share the same netmask and default router so I can't put them in different subnets.
Currently, ddns is set on a per-subnet basis. It seems that allowing it to be disabled per reservation would achieve the desired result. Other solutions are welcome.
I'm a coder but not familiar with the Kea code base so I can help shake out an implementation but I'm not able to create one from scratch.
Replies here are fine. I'm also on kea-users and posted about it there.kea2.1.6Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/2293kea-admin lease-upload fails if CSV file contains duplicate leases2022-05-23T14:27:10ZAndrei Pavelandrei@isc.orgkea-admin lease-upload fails if CSV file contains duplicate leases```sh
$ kea-admin lease-upload mysql -4 -i /tmp/kea-dhcp4.csv
ERROR 1062 (23000) at line 1: Duplicate entry '167772160' for key 'PRIMARY'
$ kea-admin lease-upload pgsql -4 -i /tmp/kea-dhcp4.csv
ERROR: duplicate key value violates uniqu...```sh
$ kea-admin lease-upload mysql -4 -i /tmp/kea-dhcp4.csv
ERROR 1062 (23000) at line 1: Duplicate entry '167772160' for key 'PRIMARY'
$ kea-admin lease-upload pgsql -4 -i /tmp/kea-dhcp4.csv
ERROR: duplicate key value violates unique constraint "lease4_pkey"
DETAIL: Key (address)=(167772160) already exists.
```
Same for v6.
Duplicate leases are common when running Kea with memfile backend.
Workaround 1: start a dummy Kea server with a low `lfc-timer` e.g. 1 so that it calls kea-lfc and then use the curated `csv.2` file.
Workaround 2: call LFC yourself and then use `csv.2` file: `kea-lfc -4 -x /tmp/kea-dhcp4.csv.2 -i /tmp/kea-dhcp4.csv.1 -o /tmp/kea-dhcp4.csv.output -f /tmp/kea-dhcp4.csv.completed -p /tmp/kea-dhcp4.csv.pid -cignored-path`kea2.1.6Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/2286AddressSanitizer reports stack-buffer-overflow in RotatingFileTest.nowString2022-05-18T19:57:13ZAndrei Pavelandrei@isc.orgAddressSanitizer reports stack-buffer-overflow in RotatingFileTest.nowStringhttps://jenkins.aws.isc.org/job/kea-dev/job/ut-asan/117/parsed_console/:
```
[2022-01-24T17:25:00.096Z] [ RUN ] RotatingFileTest.nowString
[2022-01-24T17:25:00.096Z] =================================================================
...https://jenkins.aws.isc.org/job/kea-dev/job/ut-asan/117/parsed_console/:
```
[2022-01-24T17:25:00.096Z] [ RUN ] RotatingFileTest.nowString
[2022-01-24T17:25:00.096Z] =================================================================
[2022-01-24T17:25:00.096Z] ==22451==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc57122ce0 at pc 0x7f6b36b43550 bp 0x7ffc57121ba0 sp 0x7ffc57121350
[2022-01-24T17:25:00.096Z] READ of size 263 at 0x7ffc57122ce0 thread T0
[2022-01-24T17:25:00.350Z] #0 0x7f6b36b4354f (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xa854f)
[2022-01-24T17:25:00.350Z] #1 0x55ce6e792754 in std::char_traits<char>::length(char const*) /usr/include/c++/8/bits/char_traits.h:322
[2022-01-24T17:25:00.350Z] #2 0x55ce6e797961 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::append(char const*) /usr/include/c++/8/bits/basic_string.h:1266
[2022-01-24T17:25:00.350Z] #3 0x55ce6e7971ba in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator+=(char const*) /usr/include/c++/8/bits/basic_string.h:1178
[2022-01-24T17:25:00.350Z] #4 0x55ce6e8e24a7 in TestBody /tmp/workspace/kea-dev/ut-asan/premium/src/hooks/dhcp/forensic_log/tests/rotating_file_unittests.cc:147
[2022-01-24T17:25:00.350Z] #5 0x55ce6eac4c10 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2443
[2022-01-24T17:25:00.350Z] #6 0x55ce6eab7307 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2479
[2022-01-24T17:25:00.350Z] #7 0x55ce6ea65913 in testing::Test::Run() /usr/src/googletest/googletest/src/gtest.cc:2517
[2022-01-24T17:25:00.350Z] #8 0x55ce6ea66d46 in testing::TestInfo::Run() /usr/src/googletest/googletest/src/gtest.cc:2693
[2022-01-24T17:25:00.350Z] #9 0x55ce6ea67912 in testing::TestCase::Run() /usr/src/googletest/googletest/src/gtest.cc:2813
[2022-01-24T17:25:00.350Z] #10 0x55ce6ea82b98 in testing::internal::UnitTestImpl::RunAllTests() /usr/src/googletest/googletest/src/gtest.cc:5179
[2022-01-24T17:25:00.350Z] #11 0x55ce6eac7c02 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2443
[2022-01-24T17:25:00.350Z] #12 0x55ce6eab94fd in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/src/googletest/googletest/src/gtest.cc:2479
[2022-01-24T17:25:00.350Z] #13 0x55ce6ea7f923 in testing::UnitTest::Run() /usr/src/googletest/googletest/src/gtest.cc:4788
[2022-01-24T17:25:00.350Z] #14 0x55ce6e77ffcb in RUN_ALL_TESTS() /usr/src/googletest/googletest/include/gtest/gtest.h:2341
[2022-01-24T17:25:00.350Z] #15 0x55ce6e77fe6c in main /tmp/workspace/kea-dev/ut-asan/premium/src/hooks/dhcp/forensic_log/tests/run_unittests.cc:17
[2022-01-24T17:25:00.350Z] #16 0x7f6b335d609a in __libc_start_main ../csu/libc-start.c:308
[2022-01-24T17:25:00.350Z] #17 0x55ce6e77fcc9 in _start (/tmp/workspace/kea-dev/ut-asan/premium/src/hooks/dhcp/forensic_log/tests/.libs/libdhcp_legal_log_unittests+0x18acc9)
[2022-01-24T17:25:00.350Z]
[2022-01-24T17:25:00.350Z] Address 0x7ffc57122ce0 is located in stack of thread T0 at offset 4224 in frame
[2022-01-24T17:25:00.350Z] #0 0x55ce6e8e0d43 in TestBody /tmp/workspace/kea-dev/ut-asan/premium/src/hooks/dhcp/forensic_log/tests/rotating_file_unittests.cc:124
[2022-01-24T17:25:00.350Z]
[2022-01-24T17:25:00.350Z] This frame has 62 object(s):
[2022-01-24T17:25:00.350Z] [32, 33) '<unknown>'
[2022-01-24T17:25:00.350Z] [96, 97) '<unknown>'
[2022-01-24T17:25:00.350Z] [160, 161) '<unknown>'
[2022-01-24T17:25:00.350Z] [224, 225) '<unknown>'
[2022-01-24T17:25:00.350Z] [288, 289) '<unknown>'
[2022-01-24T17:25:00.350Z] [352, 353) '<unknown>'
[2022-01-24T17:25:00.350Z] [416, 417) '<unknown>'
[2022-01-24T17:25:00.350Z] [480, 481) '<unknown>'
[2022-01-24T17:25:00.350Z] [544, 546) '<unknown>'
[2022-01-24T17:25:00.350Z] [608, 610) '<unknown>'
[2022-01-24T17:25:00.350Z] [672, 674) '<unknown>'
[2022-01-24T17:25:00.350Z] [736, 740) 'test_day'
[2022-01-24T17:25:00.350Z] [800, 808) '<unknown>'
[2022-01-24T17:25:00.350Z] [864, 872) '<unknown>'
[2022-01-24T17:25:00.350Z] [928, 936) '<unknown>'
[2022-01-24T17:25:00.350Z] [992, 1000) '<unknown>'
[2022-01-24T17:25:00.350Z] [1056, 1064) '<unknown>'
[2022-01-24T17:25:00.350Z] [1120, 1128) '<unknown>'
[2022-01-24T17:25:00.350Z] [1184, 1192) '<unknown>'
[2022-01-24T17:25:00.350Z] [1248, 1256) '<unknown>'
[2022-01-24T17:25:00.350Z] [1312, 1320) '<unknown>'
[2022-01-24T17:25:00.350Z] [1376, 1384) '<unknown>'
[2022-01-24T17:25:00.350Z] [1440, 1448) 'gtest_msg'
[2022-01-24T17:25:00.350Z] [1504, 1512) '<unknown>'
[2022-01-24T17:25:00.350Z] [1568, 1576) '<unknown>'
[2022-01-24T17:25:00.350Z] [1632, 1640) '<unknown>'
[2022-01-24T17:25:00.350Z] [1696, 1704) '<unknown>'
[2022-01-24T17:25:00.350Z] [1760, 1768) '<unknown>'
[2022-01-24T17:25:00.350Z] [1824, 1832) '<unknown>'
[2022-01-24T17:25:00.350Z] [1888, 1896) '<unknown>'
[2022-01-24T17:25:00.350Z] [1952, 1960) '<unknown>'
[2022-01-24T17:25:00.350Z] [2016, 2024) '<unknown>'
[2022-01-24T17:25:00.350Z] [2080, 2088) '<unknown>'
[2022-01-24T17:25:00.350Z] [2144, 2152) '<unknown>'
[2022-01-24T17:25:00.350Z] [2208, 2216) '<unknown>'
[2022-01-24T17:25:00.350Z] [2272, 2280) '<unknown>'
[2022-01-24T17:25:00.350Z] [2336, 2344) '<unknown>'
[2022-01-24T17:25:00.350Z] [2400, 2408) '<unknown>'
[2022-01-24T17:25:00.350Z] [2464, 2472) '<unknown>'
[2022-01-24T17:25:00.350Z] [2528, 2544) 'gtest_ar'
[2022-01-24T17:25:00.350Z] [2592, 2608) 'gtest_ar'
[2022-01-24T17:25:00.350Z] [2656, 2672) 'params'
[2022-01-24T17:25:00.350Z] [2720, 2736) '<unknown>'
[2022-01-24T17:25:00.350Z] [2784, 2800) '<unknown>'
[2022-01-24T17:25:00.350Z] [2848, 2864) '<unknown>'
[2022-01-24T17:25:00.350Z] [2912, 2928) 'gtest_ar'
[2022-01-24T17:25:00.350Z] [2976, 3032) '<unknown>'
[2022-01-24T17:25:00.350Z] [3072, 3104) '<unknown>'
[2022-01-24T17:25:00.350Z] [3136, 3168) '<unknown>'
[2022-01-24T17:25:00.350Z] [3200, 3232) '<unknown>'
[2022-01-24T17:25:00.350Z] [3264, 3296) 'expected_string'
[2022-01-24T17:25:00.350Z] [3328, 3360) '<unknown>'
[2022-01-24T17:25:00.350Z] [3392, 3424) '<unknown>'
[2022-01-24T17:25:00.350Z] [3456, 3488) 'now_string'
[2022-01-24T17:25:00.350Z] [3520, 3552) '<unknown>'
[2022-01-24T17:25:00.350Z] [3584, 3616) '<unknown>'
[2022-01-24T17:25:00.350Z] [3648, 3680) '<unknown>'
[2022-01-24T17:25:00.350Z] [3712, 3744) 'format'
[2022-01-24T17:25:00.350Z] [3776, 3808) '<unknown>'
[2022-01-24T17:25:00.350Z] [3840, 3872) '<unknown>'
[2022-01-24T17:25:00.350Z] [3904, 3936) '<unknown>'
[2022-01-24T17:25:00.350Z] [3968, 4224) 'buf' <== Memory access at offset 4224 overflows this variable
[2022-01-24T17:25:00.350Z] HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
[2022-01-24T17:25:00.350Z] (longjmp and C++ exceptions *are* supported)
[2022-01-24T17:25:00.350Z] SUMMARY: AddressSanitizer: stack-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xa854f)
[2022-01-24T17:25:00.350Z] Shadow bytes around the buggy address:
[2022-01-24T17:25:00.350Z] 0x10000ae1c540: f2 f2 f2 f2 f8 f8 f8 f8 f2 f2 f2 f2 f8 f8 f8 f8
[2022-01-24T17:25:00.350Z] 0x10000ae1c550: f2 f2 f2 f2 f8 f8 f8 f8 f2 f2 f2 f2 00 00 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c560: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c570: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:25:00.350Z] =>0x10000ae1c590: 00 00 00 00 00 00 00 00 00 00 00 00[f3]f3 f3 f3
[2022-01-24T17:25:00.350Z] 0x10000ae1c5a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c5b0: f1 f1 f1 f1 00 00 f2 f2 00 00 00 00 00 00 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c5c0: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c5d0: f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00
[2022-01-24T17:25:00.350Z] 0x10000ae1c5e0: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[2022-01-24T17:25:00.350Z] Shadow byte legend (one shadow byte represents 8 application bytes):
[2022-01-24T17:25:00.350Z] Addressable: 00
[2022-01-24T17:25:00.350Z] Partially addressable: 01 02 03 04 05 06 07
[2022-01-24T17:25:00.350Z] Heap left redzone: fa
[2022-01-24T17:25:00.350Z] Freed heap region: fd
[2022-01-24T17:25:00.350Z] Stack left redzone: f1
[2022-01-24T17:25:00.350Z] Stack mid redzone: f2
[2022-01-24T17:25:00.350Z] Stack right redzone: f3
[2022-01-24T17:25:00.350Z] Stack after return: f5
[2022-01-24T17:25:00.350Z] Stack use after scope: f8
[2022-01-24T17:25:00.350Z] Global redzone: f9
[2022-01-24T17:25:00.350Z] Global init order: f6
[2022-01-24T17:25:00.350Z] Poisoned by user: f7
[2022-01-24T17:25:00.350Z] Container overflow: fc
[2022-01-24T17:25:00.350Z] Array cookie: ac
[2022-01-24T17:25:00.350Z] Intra object redzone: bb
[2022-01-24T17:25:00.350Z] ASan internal: fe
[2022-01-24T17:25:00.350Z] Left alloca redzone: ca
[2022-01-24T17:25:00.350Z] Right alloca redzone: cb
[2022-01-24T17:25:00.350Z] ==22451==ABORTING
[2022-01-24T17:25:00.350Z] FAIL: libdhcp_legal_log_unittests
[2022-01-24T17:25:00.350Z] ======================================
[2022-01-24T17:25:00.350Z] 1 of 1 test failed
[2022-01-24T17:25:00.350Z] Please report to kea-dev@lists.isc.org
[2022-01-24T17:25:00.350Z] ======================================
```
It refers to this code:
```
char buf[256];
memset(buf, '-', sizeof(buf));
std::string format("%Y%m%d");
format += buf;
```
It seems like `buf` should be null-terminated.kea2.1.6Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/2227RFC3396 Encoding Long Options2022-05-19T17:33:41ZPeter DaviesRFC3396 Encoding Long OptionsRFC3396 Encoding Long Options:
rfc3396 defines a mechanism for encoding long DHCP options by concatenating multiple instances of the same option.
Implementing this would be useful to users we need to send, for example, a list of c...RFC3396 Encoding Long Options:
rfc3396 defines a mechanism for encoding long DHCP options by concatenating multiple instances of the same option.
Implementing this would be useful to users we need to send, for example, a list of classless routes (option 121) that exceed 255 bytes (rfc3442).
[RT 19933](https://support.isc.org/Ticket/Display.html?id=19933)kea2.1.6Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1263Role based access controls to CA2022-05-25T08:34:40ZVicky Riskvicky@isc.orgRole based access controls to CAThis is related to support RT#15938 and GL #1120.
Along with providing a mechanism for authentication on the CA interface (from Kea, not requiring the reverse proxy - #1120), we have a request for role-based access controls.
Requireme...This is related to support RT#15938 and GL #1120.
Along with providing a mechanism for authentication on the CA interface (from Kea, not requiring the reverse proxy - #1120), we have a request for role-based access controls.
Requirements: https://gitlab.isc.org/isc-projects/kea/-/wikis/designs/rbac-tls-requirements
Design: https://gitlab.isc.org/isc-projects/kea/-/wikis/designs/rbac-tls-designkea2.1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/562Rate-limit for DHCPv62022-06-21T15:00:17ZTomek MrugalskiRate-limit for DHCPv6A customer is requesting Kea ability to rate-limit the leasing IPv6 addresses:
> Furthermore, we are seeing that DHCPv6 allows a single device
> to request multiple IP addresses if it can randomly change the
> DUID. Is there some mechan...A customer is requesting Kea ability to rate-limit the leasing IPv6 addresses:
> Furthermore, we are seeing that DHCPv6 allows a single device
> to request multiple IP addresses if it can randomly change the
> DUID. Is there some mechanism to rate-limit the leasing of IPs
> given to the same device?
Although this particular request is v6 specific, the same concept can be easily extended to v4.kea2.1.6https://gitlab.isc.org/isc-projects/kea/-/issues/24202.1.6 release checklist2022-06-21T15:02:22ZWlodzimierz Wencel2.1.6 release checklist---
name: a.b.c release checklist
about: Create a new issue using this checklist for each release.
---
# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaRelease...---
name: a.b.c release checklist
about: Create a new issue using this checklist for each release.
---
# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess).
## Pre-Release Preparation
Some of those checks and updates can be made before the actual freeze.
1. Check Jenkins results:
1. [x] Check Jenkins jobs for failures: [distcheck](https://jenkins.aws.isc.org/job/kea-dev/job/distcheck/), etc...
1. [x] Check [Jenkins Tests Report](https://jenkins.aws.isc.org/job/kea-dev/job/jenkins-tests-report/).
1. [x] Check [tarball check report](https://jenkins.aws.isc.org/job/kea-dev/job/tarball-internal/Kea_20Build_20Checks/)
1. [x] Check [Performance Test Results](https://jenkins.isc.org/job/kea-dev/job/performance/KeaPerformanceReport/) in Jenkins for drops in performance.
1. Check versioning, ask the development team if:
- the library versions are being updated
- `KEA_HOOKS_VERSION` is being updated
- [x] create an issue for that for developers in Gitlab
- script: [./tools/bump-lib-versions.sh](https://gitlab.isc.org/isc-projects/kea/-/blob/master/tools/bump-lib-versions.sh) Kea-q.w.e Kea-a.b.c (where `a.b.c` is the version to be released and `q.w.e` is the version previous to that)
1. [x] Look at the issue numbers in commit descriptions. Add to ChangeLog a mention about any change with visible impact that had not been mentioned already.
1. If any changes have been done to database schemas, then:
1. [x] Check that a previously released schema has not been changed.
1. [x] Check that the additions to `dhcpdb_create.*sql`, and nothing more nor less than what was added in this release, is present in a `upgrade_*_to_*.sh.in` script that should also have been added in this release.
1. Prepare Release Notes
1. [x] Create Release Notes on Kea GitLab wiki and notify @tomek about that. It should be created under "release notes" directory, like this one: https://gitlab.isc.org/isc-projects/kea/-/wikis/release%20notes/release-notes-2.1.0
1. [x] Finish release notes and conduct its review
1. [x] Run [release-pkgs-upload-internal](https://jenkins.aws.isc.org/job/kea-dev/job/release-pkgs-upload-internal/) and [release-pkgs-check-internal](https://jenkins.aws.isc.org/job/kea-dev/job/release-pkgs-check-internal/) to test repositories for correctness.
1. If a new Cloudsmith repository is used, then:
1. [x] Make sure freeradius packages are uploaded to the Cloudsmith repository or copied from a previous repository.
1. [x] Make sure access tokens have been been synchronized from previous Cloudsmith repositories and to the [check-pkgs.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/pkgs-check/check-pkgs.py) QA tool.
1. [x] Check if ReadTheDocs can build Kea documentation.
1. Trigger rebuilding docs on [readthedocs.org](https://readthedocs.org/projects/kea/builds) and wait for the build to complete.
The following steps may involve changing files in the repository.
1. [x] Run [update-code-for-release.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/update-code-for-release.py) <br>
Example command: `GITLAB_KEA_TOKEN='...' GITLAB_KEA_PREMIUM_TOKEN='...' ./update-code-for-release.py 1.9.7 'Apr 28, 2021' ~/isc/repos/kea/` <br>
The script:
- creates Gitlab issue and MR for release changes
- adds release entries to ChangeLogs
- regenerates BNF grammar
- regenerates documentation
- regenerates messages
- reorders messages in alphabetical order
- regenerates parsers
- updates copyright dates
- pushes the changes to MR
1. Check manually User's Guide sections:
1. Chapter 1. Introduction
1. [x] On what platforms we are running tests using Jenkins? Update Supported Platforms in platforms.rst file.
1. [x] Did we add any additional 3rd party software? Update if needed
1. [x] Is there a new tool installed in bin or sbin released this time? If yes, is it documented?
1. Chapter 2. Quick Start
1. [x] Has the default installation process changed (for kea and hooks)? If yes, are those changes documented and highlighted in the release notes?
1. Chapter 3. Installation
1. [x] Check installation hierarchy (this is also automatically checked at the end of [ut-extended job](https://jenkins.aws.isc.org/job/kea-dev/job/ut-extended/))
1. [x] Check and update Build Requirements
1. [x] Check configure options against what `./configure -h` says
1. [x] Check ChangeLog entries in Kea main and premium: spelling, trailing whitespaces, etc.
1. [x] Check AUTHORS, INSTALL, README files in Kea main and premium.
- AUTHORS: update credits
- README: check "provides" with Release Notes, User Guide (1.3 Kea Software)
1. [x] If changes were made, commit the change, push the branch to the main repository and request a review. Once the changes have been approved, merge the MR to master.
## Build selection, tarballs upload and sanity checks
This is the last moment to freeze code! :snowflake:
1. [x] Go to [tarball-internal](https://jenkins.aws.isc.org/job/kea-dev/job/tarball-internal/) Jenkins job and pick the last tarball built - it will be a release candidate.
1. [x] Check tarball before requesting sanity checks from the development team.
1. Download tarballs from picked Jenkins build
1. Check hook libraries.
1. Are there any new hook libraries installed in this release?
1. Are they in the proper tarball? Premium or subscription?
1. Do they have their own package?
1. Check sizes - is the new package reasonable?
1. Check installation tree, compare it with the previous release
1. Check installed libraries.
1. which were updated? (save results)
1. Do any of the libraries from the current release have lower version than in the previous release?
1. Uninstall Kea, check what left (there should be just configuration files)
1. Check if all of the installed binaries has man page
1. if not, is it in the tarball?
1. are man page up-to-date?
1. Check if documentation is properly formatted, has correct versions and dates.
1. it's advised to search for previous version numbers, some of them are statically added in statements that are no longer valid
1. [x] Upload tarballs to repo.isc.org using Jenkins and send sanity checks request.
1. Go to [release-tarball-upload-internal](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload-internal/) Jenkins job.
1. Click "Build with Parameters"
1. In field "Tarball" select picked tarball build
1. In field "Release_Candidate" pick:
1. rc1 if this is the first selected build for release, it will push the selected tarballs to repo.isc.org, to a directory suffixed with indicated rc#
1. next rc# if this is a respin after some fixes (note: it is not possible to pick previous rc number - it will result in an error)
1. final if the last rc number was ok, this will push the selected tarball to repo.isc.org, to a directory with no suffixes
1. Submit the job that will automatically:
1. Upload the tarballs <br>
and if this is not the final version:
1. Create a GitLab issue for sanity checks, put there the announcement
1. Send Sanity Checks announcement via email to dhcp-team@isc.org and to DHCP channel on Mattermost.<br>
The announcement includes:
- a link to chapter 4 Sanity Checks of the release process: [KeaReleaseProcess - SanityChecks](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess#4.%20Sanity%20Checks)
- a link to the GitLab issue
- tarballs locations with SHA256 checksums
- rpm/deb packages locations and versions
## Releasing Tarballs and Packages
1. [x] Update Release Notes with ChangeLog entries
1. [x] Upload final RPM & DEB packages to cloudsmith.io
1. Go to [release-pkgs-upload-internal](https://jenkins.aws.isc.org/job/kea-dev/job/release-pkgs-upload-internal/).
1. Click "Build with Parameters" link
1. Pick your selected pkg build in Packages field, and select `PrivPubRepos: "both"`, `TestProdRepos: "production"` and click Build button.
1. When it finishes run check: [releases-pkgs-check-internal](https://jenkins.aws.isc.org/job/kea-dev/job/release-pkgs-check-internal/).
1. [x] Upload final tarballs to repo.isc.org
1. Go to [release-tarball-upload-internal](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload-internal/) Jenkins job.
1. Click "Build with Parameters"
1. In field "Tarball" select picked tarball build
1. In field "Release_Candidate" pick final <br>
This job will also:
- open an issue on [the signing repository](https://gitlab.isc.org/isc-private/signing/-/issues) requesting signing final tarballs on repo.isc.org
- create Git tags `Kea-a.b.c` in Kea main and premium repositories
- send a signing request issue link on the DHCP Mattermost channel
1. [x] Update ReadTheDocs
1. Trigger rebuilding docs on [readthedocs.org](https://readthedocs.org/projects/kea/builds).
1. Publish currently released version. On the `Versions` tab, scroll down to `Activate a version`, search for `kea-a.b.c` and click `Activate`.
1. For stable releases, change the default version to point to this stable release.
1. [x] Mark Jenkins jobs with release artifacts to be kept forever: <br>
Go to the following Jenkins jobs, click release build and then, on the build page, click `Keep this build forever` button: <br>
1. [tarball-internal job](https://jenkins.aws.isc.org/job/kea-dev/job/tarball-internal/)
1. [pkg job](https://jenkins.aws.isc.org/job/kea-dev/job/pkg/)
1. [x] Create an issue and a merge request to bump up Kea version in `configure.ac` to next development version which could be, based on just released version `a.b.c`:
* `a.b.z-git` where `z == c + 1` or
* `a.y.0-git` where `y == b + 1` or
* `x.1.0-git` where `x == a + 1`
1. [x] Send a request for publishing the release on the Support Mattermost channel linking the Signing issue and the release checklist issue.
### On the Day of Public Release
- [x] ***(Support)*** Wait for clearance from Security Officer to proceed with the public release (if applicable).
- [x] ***(Support)*** Wait for the signing ticket from the release engineer.
- [x] ***(Support)*** Confirm that the tarballs have the checksums mentioned on the signing ticket.
- [x] ***(Support)*** Sign the tarballs.
- [x] ***(Support)*** Upload signature files to repo.isc.org.
- [x] ***(Support)*** Place tarballs in public location on FTP site.
- [x] ***(Support)*** Publish links to downloads on ISC website.
- [x] ***(Support)*** Write release email to *kea-announce*.
- [x] ***(Support)*** Write email to *kea-users* (if a major release).
- [x] ***(Support)*** Send eligible customers updated links to the Subscription software FTP site.
- [x] ***(Support)*** If it is a new `major.minor` version, SWENG will have created a new repo in Cloudsmith, which will need the customer tokens migrated from an existing repo. Then update support customers that this new private repo exists.
- [x] ***(Support)*** Update tickets in case of waiting for support customers.
- [ ] ***(QA)*** Inform Marketing of the release.
- [ ] ***(Marketing)*** If a new Cloudsmith repository is used, update the Zapier scripts.
- [ ] ***(Marketing)*** Upload Premium hooks tarball to SendOwl. Create a new product if a new branch, otherwise update existing product. Send notifications to existing subscribers of the new version.
- [ ] ***(Marketing)*** Announce on social media.
- [ ] ***(Marketing)*** Update [Wikipedia entry for Kea](https://en.wikipedia.org/wiki/Kea_(software)).
- [ ] ***(Marketing)*** Write blog article (if a major release).
- [ ] ***(Marketing)*** Update [Kea page on web site if any new hooks](https://www.isc.org/kea/).
- [ ] ***(Marketing)*** Update Kea Premium and Kea Subscription data sheets if any new hooks.
- [ ] ***(Marketing)*** Update [significant features matrix](https://kb.isc.org/docs/en/aa-01615) (if any significant new features).
- [ ] ***(Marketing)*** Update [Kea documentation page in KB](https://kb.isc.org/docs/en/kea-administrator-reference-manual).kea2.1.6Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/149[ISC-support #20800] Improvements to Kea client packet processing - handling ...2022-05-20T15:00:02ZCathy Almond[ISC-support #20800] Improvements to Kea client packet processing - handling host reservationsOption to perform earlier host reservation lookup and then (optionally) to suppress this later if it has already been done.
---
This feature request originated in Support ticket https://support.isc.org/Ticket/Display.html?id=13430
The...Option to perform earlier host reservation lookup and then (optionally) to suppress this later if it has already been done.
---
This feature request originated in Support ticket https://support.isc.org/Ticket/Display.html?id=13430
The use case from this production environment is slightly complicated - multiple client requests for different services that 'look' like different and independent clients, whereas they're all originating from the same consumer provisioning. They can be associated with their consumer via the MAC address of the CPE device at the consumer premises. These all have host reservations in Kea; the CPE device MAC address can be added to the client packet.
The problem then is that host reservation processing takes place after subnet allocation, so it's not possible to use built-in host reservation process (e.g. against flex-id) for classification and subnet selection - it's too late.
The host reservation lookup is easily done earlier by means of a custom hook using a callout at pkt4_receive that:
- pulls the info from the packet
- uses that to call HostMgr to retrieve the global host reservation using the identifier retrieved from the client packet (as opposed to the client's own source MAC address)
- from that information sets class values
- lets Kea assign subnet appropriately
The downside of this approach is that this adds an additional host reservation lookup to the client packet processing flow.
Some environments might actually want the second host reservation lookup (it depends where the second MAC address has been added to the client packet and whether or not this involves flex-id), or they might not.
This feature request is raised to look at the use cases vs. processing flow/ordering to see if there's scope to add more flexibility/tuning.
(I would also hope that any work in this area tries hard to keep the configuration control for this as simple and as intuitive as possible).kea2.1.6https://gitlab.isc.org/isc-projects/bind9/-/issues/3388Missing INDENT call2022-06-02T12:56:23ZMark AndrewsMissing INDENT callFrom `Peter <pmc@citylink.dinoex.sub.org>` on bind-users
```
******************** PATCH ****************
--- lib/dns/message.c.orig 2022-05-10 11:02:21.000000000 +0200
+++ lib/dns/message.c 2022-05-30 04:02:40.568222000 +0200
@@ ...From `Peter <pmc@citylink.dinoex.sub.org>` on bind-users
```
******************** PATCH ****************
--- lib/dns/message.c.orig 2022-05-10 11:02:21.000000000 +0200
+++ lib/dns/message.c 2022-05-30 04:02:40.568222000 +0200
@@ -4296,6 +4296,7 @@
INDENT(style);
ADD_STRING(target, "QUESTION: ");
} else {
+ INDENT(style);
ADD_STRING(target, "ZONE: ");
}
snprintf(buf, sizeof(buf), "%1u",
******************** PATCH ****************
```June 2022 (9.16.30, 9.16.30-S1, 9.18.4, 9.19.2)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/3376Dereferencing pointer to incomplete type in openssl_shim.c2022-05-30T09:59:39ZMichal NowakDereferencing pointer to incomplete type in openssl_shim.cJob [#2527669](https://gitlab.isc.org/isc-projects/bind9/-/jobs/2527669) failed for 0a19bb3bf38c4e80eaa3027c38212f776f9168f5:
```
/bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -D_FORTIFY_SOURCE=2 -DI...Job [#2527669](https://gitlab.isc.org/isc-projects/bind9/-/jobs/2527669) failed for 0a19bb3bf38c4e80eaa3027c38212f776f9168f5:
```
/bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -D_FORTIFY_SOURCE=2 -DISC_MEM_DEFAULTFILL=1 -DISC_MEM_TRACKLINES=1 -DISC_LIST_CHECKINIT=1 -DISC_STATS_CHECKUNDERFLOW=1 -include ../../config.h -I./include -I../../include -I../../lib/isc/include -I../../lib/isc/include -I/usr/include/json-c -I/usr/include/libxml2 -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -Werror=vla -fno-strict-aliasing -fno-delete-null-pointer-checks -fdiagnostics-show-option -Werror -fno-omit-frame-pointer -fno-optimize-sibling-calls -O1 -g -Wall -Wextra -O2 -pthread -MT libisc_la-random.lo -MD -MP -MF .deps/libisc_la-random.Tpo -c -o libisc_la-random.lo `test -f 'random.c' || echo './'`random.c
openssl_shim.c: In function 'SSL_SESSION_is_resumable':
openssl_shim.c:203:15: error: dereferencing pointer to incomplete type 'SSL_SESSION {aka const struct ssl_session_st}'
return (!sess->not_resumable &&
^~
openssl_shim.c:205:1: error: control reaches end of non-void function [-Werror=return-type]
}
^
cc1: all warnings being treated as errors
```
The culprit seems to be in 35338b41058b0bcebb137eb098e785f171d0476f and only on Debian 9 "stretch".June 2022 (9.16.30, 9.16.30-S1, 9.18.4, 9.19.2)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3375CID 352848, CID 352849: Control flow issues (DEADCODE)2022-05-30T10:15:02ZArаm SаrgsyаnCID 352848, CID 352849: Control flow issues (DEADCODE)```
** CID 352849: Control flow issues (DEADCODE)
/lib/dns/xfrin.c: 1143 in xfrin_start()
________________________________________________________________________________________________________
*** CID 352849: Control flow issues ...```
** CID 352849: Control flow issues (DEADCODE)
/lib/dns/xfrin.c: 1143 in xfrin_start()
________________________________________________________________________________________________________
*** CID 352849: Control flow issues (DEADCODE)
/lib/dns/xfrin.c: 1143 in xfrin_start()
1137 }
1138
1139 if (store != NULL && store != found_store) {
1140 isc_tls_cert_store_free(&store);
1141 }
1142
>>> CID 352849: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "sess_cache != found_sess_cache" inside this statement: "if (sess_cache != NULL && s...".
1143 if (sess_cache != NULL && sess_cache != found_sess_cache) {
1144 isc_tlsctx_client_session_cache_detach(&sess_cache);
1145 }
1146
1147 isc_refcount_decrement0(&xfr->connects);
1148 dns_xfrin_detach(&connect_xfr);
** CID 352848: Control flow issues (DEADCODE)
/bin/dig/dighost.c: 2880 in get_create_tls_context()
________________________________________________________________________________________________________
*** CID 352848: Control flow issues (DEADCODE)
/bin/dig/dighost.c: 2880 in get_create_tls_context()
2874 if (ctx != NULL && found_ctx != ctx) {
2875 isc_tlsctx_free(&ctx);
2876 }
2877 if (store != NULL && store != found_store) {
2878 isc_tls_cert_store_free(&store);
2879 }
>>> CID 352848: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "sess_cache != found_sess_cache" inside this statement: "if (sess_cache != NULL && s...".
2880 if (sess_cache != NULL && sess_cache != found_sess_cache) {
2881 isc_tlsctx_client_session_cache_detach(&sess_cache);
2882 }
2883 return (NULL);
2884 }
2885
```June 2022 (9.16.30, 9.16.30-S1, 9.18.4, 9.19.2)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3371Check for __attribute__((fallthrough)) support is sometimes incorrect2022-05-30T09:49:33ZJoshua RootCheck for __attribute__((fallthrough)) support is sometimes incorrect### Description
Clang added support for the gcc-style fallthrough attribute (i.e. `__attribute__((fallthrough))`) in version 10. However, `__has_attribute(fallthrough)` will return 1 in C mode in older versions, even though they only su...### Description
Clang added support for the gcc-style fallthrough attribute (i.e. `__attribute__((fallthrough))`) in version 10. However, `__has_attribute(fallthrough)` will return 1 in C mode in older versions, even though they only support the C++11 fallthrough attribute. At best, the unsupported attribute is simply ignored; at worst, it causes errors like this:
```
In file included from rdata.c:604:
In file included from ./code.h:66:
./rdata/generic/opt_41.c:236:4: error: expected expression
FALLTHROUGH;
^
../../lib/isc/include/isc/util.h:65:21: note: expanded from macro 'FALLTHROUGH'
#define FALLTHROUGH __attribute__((fallthrough))
^
```
### Request
The C2x fallthrough attribute has the advantages of being supported in the broadest range of clang versions (added in version 9) and being easy to check for support. Therefore, I think it would be best to use it if possible, and fall back to not using an attribute for clang versions that don't have it. This patch implements that:
```patch
--- lib/isc/include/isc/util.h.orig 2022-05-09 19:32:19.000000000 +1000
+++ lib/isc/include/isc/util.h 2022-05-20 02:36:59.000000000 +1000
@@ -35,6 +35,10 @@
#define __has_attribute(x) 0
#endif /* if !defined(__has_attribute) */
+#if !defined(__has_c_attribute)
+#define __has_c_attribute(x) 0
+#endif /* if !defined(__has_c_attribute) */
+
#if !defined(__has_feature)
#define __has_feature(x) 0
#endif /* if !defined(__has_feature) */
@@ -61,7 +65,9 @@
#define ISC_NONSTRING
#endif /* __GNUC__ */
-#if __GNUC__ >= 7 || __has_attribute(fallthrough)
+#if __has_c_attribute(fallthrough)
+#define FALLTHROUGH [[fallthrough]]
+#elif !defined(__clang__) && (__GNUC__ >= 7 || __has_attribute(fallthrough))
#define FALLTHROUGH __attribute__((fallthrough))
#else
/* clang-format off */
```
### Links / references
https://github.com/llvm/llvm-project/commit/1e0affb6e564b7361b0aadb38805f26deff4ecfcJune 2022 (9.16.30, 9.16.30-S1, 9.18.4, 9.19.2)https://gitlab.isc.org/isc-projects/bind9/-/issues/3366./configure fails to find "uv.h" on BSD2022-05-19T10:20:27ZMichal Nowak./configure fails to find "uv.h" on BSDOn [FreeBSD](https://gitlab.isc.org/isc-projects/bind9/-/jobs/2519436/raw) and [OpenBSD](https://gitlab.isc.org/isc-projects/bind9/-/jobs/2519438/raw) (and likely any system which has libuv headers installed outside of `/usr/include`) `....On [FreeBSD](https://gitlab.isc.org/isc-projects/bind9/-/jobs/2519436/raw) and [OpenBSD](https://gitlab.isc.org/isc-projects/bind9/-/jobs/2519438/raw) (and likely any system which has libuv headers installed outside of `/usr/include`) `./configure` fails to find `uv.h`:
```
configure:18059: checking for libuv
configure:18063: checking for LIBUV
configure:18070: $PKG_CONFIG --exists --print-errors "libuv >= 1.0.0"
configure:18073: $? = 0
configure:18087: $PKG_CONFIG --exists --print-errors "libuv >= 1.0.0"
configure:18090: $? = 0
configure:18128: result: yes
configure:18134: checking whether UV_UDP_MMSG_FREE is declared
configure:18134: cc -c -g -O2 -pthread conftest.c >&5
conftest.c:76:10: fatal error: 'uv.h' file not found
#include <uv.h>
^~~~~~
```
libuv is detected by `pkg-config` correctly:
```
$ pkg-config --modversion libuv
1.42.0
$ pkg-config --cflags libuv
-I/usr/local/include
$ pkg-config --libs libuv
-L/usr/local/lib -luv
```
This results in believing `UV_UDP_*` are undeclared in libuv:
```
checking for libuv... checking for libuv >= 1.0.0... yes
checking whether UV_UDP_MMSG_FREE is declared... no
checking whether UV_UDP_MMSG_CHUNK is declared... no
checking whether struct msghdr uses padding for alignment... no
checking whether UV_UDP_RECVMMSG is declared... no
checking whether UV_UDP_LINUX_RECVERR is declared... no
```
While they are present in `/usr/local/include/uv.h`:
```
$ grep -n -e UV_UDP_MMSG_FREE -e UV_UDP_MMSG_CHUNK -e UV_UDP_RECVMMSG -e UV_UDP_LINUX_RECVERR /usr/local/include/uv.h
628: UV_UDP_MMSG_CHUNK = 8,
634: UV_UDP_MMSG_FREE = 16,
642: UV_UDP_LINUX_RECVERR = 32,
646: UV_UDP_RECVMMSG = 256
```
`CFLAGS="-I/usr/local/include" ./configure` identifies `uv.h` correctly:
```
checking for libuv... checking for LIBUV... yes
checking whether UV_UDP_MMSG_FREE is declared... yes
checking whether UV_UDP_MMSG_CHUNK is declared... yes
checking whether struct msghdr uses padding for alignment... no
checking whether UV_UDP_RECVMMSG is declared... yes
checking whether UV_UDP_LINUX_RECVERR is declared... yes
```June 2022 (9.16.30, 9.16.30-S1, 9.18.4, 9.19.2)