ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2022-11-02T15:10:40Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/1971PRNG and pre-allocation2022-11-02T15:10:40ZFrancis DupontPRNG and pre-allocationI think the use of the std::mt19937 PRNG is a potentially security sensitive code should at least be analyzed.I think the use of the std::mt19937 PRNG is a potentially security sensitive code should at least be analyzed.backloghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2814Build named with DLZ is broken on 9.172022-01-19T11:20:47ZMatthijs Mekkingmatthijs@isc.orgBuild named with DLZ is broken on 9.17`configure.ac` disables DLZ:
```
# FIXME BEGIN
#sinclude(contrib/dlz/config.dlz.in)
# AC_MSG_CHECKING(contributed DLZ drivers)
#
# if test -n "$CONTRIB_DLZ"
# then
# AC_MSG_RESULT(yes)
# DLZ_DRIVER_RULES=contrib/dlz/drivers/...`configure.ac` disables DLZ:
```
# FIXME BEGIN
#sinclude(contrib/dlz/config.dlz.in)
# AC_MSG_CHECKING(contributed DLZ drivers)
#
# if test -n "$CONTRIB_DLZ"
# then
# AC_MSG_RESULT(yes)
# DLZ_DRIVER_RULES=contrib/dlz/drivers/rules
# AC_CONFIG_FILES([$DLZ_DRIVER_RULES
# contrib/dlz/modules/mysql/Makefile
# contrib/dlz/modules/mysqldyn/Makefile])
# else
# AC_MSG_RESULT(no)
# DLZ_DRIVER_RULES=/dev/null
# fi
#
# AC_SUBST(CONTRIB_DLZ)
# AC_SUBST(DLZ_DRIVER_INCLUDES)
# AC_SUBST(DLZ_DRIVER_LIBS)
# AC_SUBST(DLZ_DRIVER_SRCS)
# AC_SUBST(DLZ_DRIVER_OBJS)
# AC_SUBST(DLZ_SYSTEM_TEST)
# AC_SUBST_FILE(DLZ_DRIVER_RULES)
# this ensures the configure summary report comes out right
test -z "$with_dlz_bdb" && with_dlz_bdb=no
test -z "$with_dlz_ldap" && with_dlz_ldap=no
test -z "$with_dlz_mysql" && with_dlz_mysql=no
test -z "$with_dlz_odbc" && with_dlz_odbc=no
test -z "$with_dlz_postgres" && with_dlz_postgres=no
test -z "$with_dlz_filesystem" && with_dlz_filesystem=no
test -z "$with_dlz_stub" && with_dlz_stub=no
# FIXME END
```October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)https://gitlab.isc.org/isc-projects/bind9/-/issues/2813Build named with DLZ is broken on 9.162022-05-16T10:30:17ZMatthijs Mekkingmatthijs@isc.orgBuild named with DLZ is broken on 9.16```
gcc -include /home/vagrant/git/bind9/config.h -I/home/vagrant/git/bind9 -I../.. -I./include -I./unix/include -I. -I/home/vagrant/git/bind9/lib/ns/include -I../../lib/ns/include -I/home/vagrant/git/bind9/lib/dns/include -I../../lib/d...```
gcc -include /home/vagrant/git/bind9/config.h -I/home/vagrant/git/bind9 -I../.. -I./include -I./unix/include -I. -I/home/vagrant/git/bind9/lib/ns/include -I../../lib/ns/include -I/home/vagrant/git/bind9/lib/dns/include -I../../lib/dns/include -I/home/vagrant/git/bind9/lib/bind9/include -I../../lib/bind9/include -I/home/vagrant/git/bind9/lib/isccfg/include -I../../lib/isccfg/include -I/home/vagrant/git/bind9/lib/isccc/include -I../../lib/isccc/include -I/home/vagrant/git/bind9/lib/isc/include -I../../lib/isc -I../../lib/isc/include -I../../lib/isc/unix/include -I../../lib/isc/pthreads/include -I../../contrib/dlz/drivers/include -I/usr/include/mysql -DCONTRIB_DLZ -DDLZ_MYSQL -g -O2 -pthread -fPIC -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -Wno-missing-field-initializers -fno-strict-aliasing -c ../../contrib/dlz/drivers/dlz_mysql_driver.c
../../contrib/dlz/drivers/dlz_mysql_driver.c:66:14: error: conflicting types for ‘my_bool’
typedef bool my_bool;
^~~~~~~
In file included from ../../contrib/dlz/drivers/dlz_mysql_driver.c:45:0:
/usr/include/mysql/mysql.h:53:14: note: previous declaration of ‘my_bool’ was here
typedef char my_bool;
^~~~~~~
Makefile:632: recipe for target 'dlz_mysql_driver.o' failed
make[2]: *** [dlz_mysql_driver.o] Error 1
```May 2022 (9.16.29, 9.16.29-S1, 9.18.3, 9.19.1)https://gitlab.isc.org/isc-projects/bind9/-/issues/2812memory leak in main2021-07-14T19:06:07ZOndřej Surýmemory leak in mainI can more-or-less reliably reproduce following crash:
```
D:rrl:Core was generated by `/home/ondrej/Projects/bind9/bin/named/.libs/named -D rrl-ns2 -X named.lock -m r'.
D:rrl:Program terminated with signal SIGABRT, Aborted.
D:rrl:#0 0x...I can more-or-less reliably reproduce following crash:
```
D:rrl:Core was generated by `/home/ondrej/Projects/bind9/bin/named/.libs/named -D rrl-ns2 -X named.lock -m r'.
D:rrl:Program terminated with signal SIGABRT, Aborted.
D:rrl:#0 0x00007fdc2dd8e7bb in raise () from /lib/x86_64-linux-gnu/libc.so.6
D:rrl:#0 0x00007fdc2dd8e7bb in raise () from /lib/x86_64-linux-gnu/libc.so.6
D:rrl:#1 0x00007fdc2dd79535 in abort () from /lib/x86_64-linux-gnu/libc.so.6
D:rrl:#2 0x000055dc9eb46c2f in assertion_failed (file=<optimized out>, line=<optimized out>, type=isc_assertiontype_insist, cond=0x7fdc2ea7aa97 "malloced == 0") at main.c:249
D:rrl:#3 0x00007fdc2ea31971 in isc_assertion_failed (file=file@entry=0x7fdc2ea7a958 "mem.c", line=line@entry=550, type=type@entry=isc_assertiontype_insist, cond=cond@entry=0x7fdc2ea7aa97 "malloced == 0") at assertions.c:47
D:rrl:#4 0x00007fdc2ea44583 in destroy (ctx=ctx@entry=0x55dca054da60) at jemalloc_shim.h:37
D:rrl:#5 0x00007fdc2ea448f4 in isc__mem_destroy (ctxp=0x55dc9ebade88 <named_g_mctx>, file=<optimized out>, line=<optimized out>) at mem.c:645
D:rrl:#6 0x000055dc9eb48d04 in main (argc=<optimized out>, argv=<optimized out>) at main.c:1556
D:rrl:--------------------------------------------------------------------------------
```
The memleak analysis points to:
```
add 0x7fdc0c039740 size 256 file netmgr/netmgr.c line 1480 mctx 0x55dca054da60
add 0x7fdc0c0c8a00 size 536 file netmgr/netmgr.c line 1647 mctx 0x55dca054da60
add 0x7fdc0c0395f0 size 256 file netmgr/netmgr.c line 1478 mctx 0x55dca054da60
add 0x7fdc0c6c9010 size 536 file netmgr/netmgr.c line 1644 mctx 0x55dca054da60
```
as it does happen only intermittently and in the softhsm2.4 branch (which is kind of broken - jemalloc+softhsm2.4 is no-no-no), it was only found later that this happens on "vanilla" build.
We changed the `isc_mem_allocate()` and `isc_mem_free()` on the `ah_frees` and `ah_handles` to `isc_mem_put() and `isc_mem_put()`, but missed the fact that `isc_mem_reallocate() is being used on L1642 and L1645.August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/kea/-/issues/1969Packet drops seen for 20 sec on every 8th day when perf_dhcp tests are run ag...2022-11-02T15:10:41ZvarsrajaPacket drops seen for 20 sec on every 8th day when perf_dhcp tests are run against Kea DHCP service continuouslyHi All,
We are running performance tests for kea dhcp using the perf-dhcp provided by kea .
- Setup: Dockerized Kea1.6.2 running in well provisioned hardware.
- Runs details: Running perf-dhcp to generate approx 100 requests/ sec , val...Hi All,
We are running performance tests for kea dhcp using the perf-dhcp provided by kea .
- Setup: Dockerized Kea1.6.2 running in well provisioned hardware.
- Runs details: Running perf-dhcp to generate approx 100 requests/ sec , validating all 4 packet handling DHCP discover request etc.
perfdhcp -p 600 -r 100 10.0.0.4 -t 10 this is executed in a loop
- Issue : We observe a 20sec packet drops on requests on every 8th day exactly. The in between days there are no packet losses. There are no restarts of kea-dhcp service. After the packet loss duration, things go back to normal.
- Request: Is there any limits we might be hitting every 8th day of the run? Are there any parameters we should check?
It would be very helpful, if we can determine what causes this packet loss.
Attaching our config for kea-dhcp4.conf and kea-dhcp-ddns.conf[kea-dhcp4.conf](/uploads/a25452141ff09d39ea5457288135c3c9/kea-dhcp4.conf)[kea-dhcp-ddns.conf](/uploads/9651904743e169891229666ee707effb/kea-dhcp-ddns.conf)![dhcp-graph-packet-loss](/uploads/2442b96fb947cf0ccf34e931c326b476/dhcp-graph-packet-loss.png)
![dhcp-test-run](/uploads/2f64b24ab37c54ae447df067455da3c2/dhcp-test-run.png)backloghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2811checkds code may fail to release all resources on shutdown2021-07-13T09:50:39ZMichał Kępieńcheckds code may fail to release all resources on shutdownThe "checkds" system test has been failing intermittently on FreeBSD:
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1845792
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1847239
- https://gitlab.isc.org/isc-projects/bind...The "checkds" system test has been failing intermittently on FreeBSD:
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1845792
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1847239
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1851457
These failures are caused not by the test itself failing (the actual
Python tests are skipped), but rather by `named` assertion failures
triggered by outstanding memory allocations at shutdown.
I assumed these are happening because `named` is shut down very shortly
after startup. By looking at the list of outstanding allocations, I was
able to determine that the leaked allocations are instances of the
`dns_message_t` structure along with its various members. All of these
`dns_message_t` objects had `from_to_wire` set to
`DNS_MESSAGE_INTENTRENDER`, which made me look at
`checkds_send_toaddr()`, where these objects are allocated.
I believe there is a bug in there that prevents the `dns_message_t`
object (referenced by the `message` stack variable) from being released
when the `dns_request_createvia()` call fails (e.g. because
`requestmgr->exiting` is `true`, which is what happens at shutdown):
```diff
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index bbd2da00fda..cb6f47870f4 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -21231,7 +21231,7 @@ checkds_send_toaddr(isc_task_t *task, isc_event_t *event) {
checkds->zone, ISC_LOG_DEBUG(3),
"checkds: dns_request_createvia() to %s failed: %s",
addrbuf, dns_result_totext(result));
- goto cleanup;
+ goto cleanup_key;
}
cleanup_key:
```
(Note that the `goto` statement can also be removed altogether, but
perhaps it is more future-proof to leave it there, in case more code
gets added at a later time.)
To reproduce the problem, apply the following patch:
```diff
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index bbd2da00fda..1790f7d3ada 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -14,6 +14,7 @@
#include <errno.h>
#include <inttypes.h>
#include <stdbool.h>
+#include <unistd.h>
#include <isc/atomic.h>
#include <isc/file.h>
@@ -21222,6 +21223,7 @@ checkds_send_toaddr(isc_task_t *task, isc_event_t *event) {
timeout = 15;
options |= DNS_REQUESTOPT_TCP;
+ sleep(1);
result = dns_request_createvia(
checkds->zone->view->requestmgr, message, &src, &checkds->dst,
dscp, options, key, timeout * 3, timeout, 0,
```
and run the `checkds` system test on a platform where the Python tests
for checkds are skipped.
I do not think this is significant enough to fix in July releases - it
only happens if `named` is shut down around the time a DS check is
queued and only triggers an assertion failure *at shutdown*.August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/1968postgres back-end does not use mktime to convert to local timezone2022-11-02T15:10:40ZRazvan Becheriupostgres back-end does not use mktime to convert to local timezonepostgres reads data using extract epoch and boost::lexical_cast (UTC) but writes data using localtime_r (timezone time and date).
this causes update queries to fail if kea timezone is different than postgres back-end timezone.
fix shou...postgres reads data using extract epoch and boost::lexical_cast (UTC) but writes data using localtime_r (timezone time and date).
this causes update queries to fail if kea timezone is different than postgres back-end timezone.
fix should be (pseudo code):
‘’’
mktime(gmtime_r(boost::lexical_cast(extrach epoch)))
‘’’backloghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2810Silence untrusted loop bound2021-07-14T19:09:27ZMark AndrewsSilence untrusted loop bound```
630
1. tainted_argument: Calling function dns_rdata_tostruct taints argument nsec3param.iterations. [show details]
631 result = dns_rdata_tostruct(nsec3rdata, &nsec3param, NULL);
2. Condition !!(result == 0), taking tr...```
630
1. tainted_argument: Calling function dns_rdata_tostruct taints argument nsec3param.iterations. [show details]
631 result = dns_rdata_tostruct(nsec3rdata, &nsec3param, NULL);
2. Condition !!(result == 0), taking true branch.
3. Condition !!(result == 0), taking true branch.
632 RUNTIME_CHECK(result == ISC_R_SUCCESS);
633
634 dns_fixedname_init(&fixed);
CID 281425 (#1 of 1): Untrusted loop bound (TAINTED_SCALAR)
4. tainted_data: Passing tainted expression nsec3param.iterations to dns_nsec3_hashname, which uses it as a loop boundary. [show details]
Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
635 result = dns_nsec3_hashname(&fixed, rawhash, &rhsize, vctx->origin,
636 vctx->origin, nsec3param.hash,
637 nsec3param.iterations, nsec3param.salt,
638 nsec3param.salt_length);
```August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)https://gitlab.isc.org/isc-projects/bind9/-/issues/2809Make quota configurable for DoH2021-08-09T11:48:30ZArtem BoldarievMake quota configurable for DoHCurrently, DoH shares the quota with TCP, which makes
little sense anyway (see `tcp-clients` option), because of the nature of
interaction of DoH clients: they tend to keep idle opened connections
for longer periods of time, preventing t...Currently, DoH shares the quota with TCP, which makes
little sense anyway (see `tcp-clients` option), because of the nature of
interaction of DoH clients: they tend to keep idle opened connections
for longer periods of time, preventing the TCP and TLS client from
being served.
Because of these differences, it makes sense for DoH to have a separate quota facility. Also, it makes sense to make the number of streams per connection configurable as well, as these are treated as virtual connections by the code.
*See !5036 for additional details.*August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2808unchecked returns in rbtdb_test.c and dnssec-signzone.c2021-07-14T19:14:21ZMark Andrewsunchecked returns in rbtdb_test.c and dnssec-signzone.crbtdb_test.c
```
134 isc_buffer_add(&b, strlen(str1));
CID 332455 (#1 of 2): Unchecked return value (CHECKED_RETURN) [select issue]
135 dns_name_fromtext(name1, &b, dns_rootname, 0, NULL);
136
137 name2 = dns_fi...rbtdb_test.c
```
134 isc_buffer_add(&b, strlen(str1));
CID 332455 (#1 of 2): Unchecked return value (CHECKED_RETURN) [select issue]
135 dns_name_fromtext(name1, &b, dns_rootname, 0, NULL);
136
137 name2 = dns_fixedname_initname(&fname2);
138 isc_buffer_constinit(&b, str2, strlen(str2));
139 isc_buffer_add(&b, strlen(str2));
CID 332455 (#2 of 2): Unchecked return value (CHECKED_RETURN)
1. check_return: Calling dns_name_fromtext without checking return value (as is done elsewhere 137 out of 157 times).
140 dns_name_fromtext(name2, &b, dns_rootname, 0, NULL);
```
```
199 isc_buffer_add(&b, strlen(str1));
CID 332453 (#1 of 2): Unchecked return value (CHECKED_RETURN) [select issue]
200 dns_name_fromtext(name1, &b, dns_rootname, 0, NULL);
201
202 name2 = dns_fixedname_initname(&fname2);
203 isc_buffer_constinit(&b, str1, strlen(str1));
204 isc_buffer_add(&b, strlen(str1));
CID 332453 (#2 of 2): Unchecked return value (CHECKED_RETURN)
1. check_return: Calling dns_name_fromtext without checking return value (as is done elsewhere 137 out of 157 times).
205 dns_name_fromtext(name2, &b, dns_rootname, 0, NULL);
```
dnssec-signzone.c
```
385
CID 332452 (#1 of 1): Unchecked return value (CHECKED_RETURN)
1. check_return: Calling isc_rwlock_lock without checking return value (as is done elsewhere 98 out of 100 times).
386 isc_rwlock_lock(&keylist_lock, isc_rwlocktype_read);
387 key = keythatsigned_unlocked(rrsig);
CID 332454: Unchecked return value (CHECKED_RETURN) [select issue]
388 isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_read);
```August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2807Coverity reports use of tainted scalar2021-07-14T19:07:03ZMark AndrewsCoverity reports use of tainted scalar```
2607
43. tainted_argument: Calling function journal_read_xhdr taints argument xhdr.size. [show details]
2608 result = journal_read_xhdr(j1, &xhdr);
44. Condition rewrite, taking true branch.
45. ...```
2607
43. tainted_argument: Calling function journal_read_xhdr taints argument xhdr.size. [show details]
2608 result = journal_read_xhdr(j1, &xhdr);
44. Condition rewrite, taking true branch.
45. Condition result == 29, taking false branch.
2609 if (rewrite && result == ISC_R_NOMORE) {
2610 break;
2611 }
46. Condition result != 0, taking false branch.
2612 CHECK(result);
2613
47. var_assign_var: Assigning: size = xhdr.size. Both are now tainted.
2614 size = xhdr.size;
CID 331088 (#3 of 3): Untrusted allocation size (TAINTED_SCALAR)
48. tainted_data: Passing tainted expression size to isc__mem_get, which uses it as an allocation size. [show details]
Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
2615 buf = isc_mem_get(mctx, size);
```August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2806Remove AX_CHECK_OPENSSL2022-03-01T09:56:02ZOndřej SurýRemove AX_CHECK_OPENSSLIn favor of openssl.pcIn favor of openssl.pcNot plannedOndřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/kea/-/issues/1965Client class management commands in cb_cmds hooks library2021-07-26T16:54:52ZMarcin SiodelskiClient class management commands in cb_cmds hooks libraryThis ticket implements new commands for managing client classes in the config backend based on the design document: https://gitlab.isc.org/isc-projects/kea/-/wikis/designs/client-classes-in-cb.This ticket implements new commands for managing client classes in the config backend based on the design document: https://gitlab.isc.org/isc-projects/kea/-/wikis/designs/client-classes-in-cb.kea1.9.10Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/kea/-/issues/1964MultiThreadingMgr::startProcessing and MultiThreadingMgr::stopProcessing must...2021-08-27T17:54:46ZRazvan BecheriuMultiThreadingMgr::startProcessing and MultiThreadingMgr::stopProcessing must be thread safeit seems that MultiThreadingMgr::startProcessing and MultiThreadingMgr::stopProcessing do stop the MT http listener and client, but the check for the isInCriticalSection is not thread safe and a race can happen.
solution - make thread s...it seems that MultiThreadingMgr::startProcessing and MultiThreadingMgr::stopProcessing do stop the MT http listener and client, but the check for the isInCriticalSection is not thread safe and a race can happen.
solution - make thread safe:
```
isInCriticalSection
startProcessing
stopProcessing
```
related to https://support.isc.org/Ticket/Display.html?id=18750kea1.9.11Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1963Move some parts of d2 into a new library2022-03-17T12:07:06ZFrancis DupontMove some parts of d2 into a new libraryAs discussed in the design ticket this is needed for the hook to be linked.As discussed in the design ticket this is needed for the hook to be linked.kea1.9.11Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1962outdated link to performance report in Kea ARM2021-07-22T15:19:22ZWlodzimierz Wenceloutdated link to performance report in Kea ARMin section 8.2.27. Multi-Threading Settings in Different Backends we have a link to perf report and it's https://jenkins.isc.org/job/kea-dev/job/performance/KeaPerformanceReport/
When new reports-kea page will be operational this should...in section 8.2.27. Multi-Threading Settings in Different Backends we have a link to perf report and it's https://jenkins.isc.org/job/kea-dev/job/performance/KeaPerformanceReport/
When new reports-kea page will be operational this should be updated.https://gitlab.isc.org/isc-projects/kea/-/issues/1961make check in src/bin/admin deletes repo2021-07-05T20:09:57ZAndrei Pavelandrei@isc.orgmake check in src/bin/admin deletes repo```
remove_if_exists \
[...]
"${KEA_LOCKFILE_DIR-}" \
"${KEA_PIDFILE_DIR-}"
```
and those variables are set to `@abs_top_builddir@`...```
remove_if_exists \
[...]
"${KEA_LOCKFILE_DIR-}" \
"${KEA_PIDFILE_DIR-}"
```
and those variables are set to `@abs_top_builddir@`...kea1.9.10Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/dhcp/-/issues/198compilation error2022-01-14T16:43:53ZWlodzimierz Wencelcompilation error```
11:19:29 make[1]: Entering directory '/tmp/workspace/dhcp-dev/unit-tests/client'
11:19:29 Making all in .
11:19:29 make[2]: Entering directory '/tmp/workspace/dhcp-dev/unit-tests/client'
11:19:29 gcc -DHAVE_CONFIG_H -I. -I../incl...```
11:19:29 make[1]: Entering directory '/tmp/workspace/dhcp-dev/unit-tests/client'
11:19:29 Making all in .
11:19:29 make[2]: Entering directory '/tmp/workspace/dhcp-dev/unit-tests/client'
11:19:29 gcc -DHAVE_CONFIG_H -I. -I../includes -DCLIENT_PATH='"PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin"' -DLOCALSTATEDIR='"/var"' -g -O2 -Wall -Werror -fno-strict-aliasing -I../includes -I/tmp/workspace/dhcp-dev/unit-tests/bind/include -MT client_tables.o -MD -MP -MF .deps/client_tables.Tpo -c -o client_tables.o client_tables.c
11:19:29 mv -f .deps/client_tables.Tpo .deps/client_tables.Po
11:19:29 gcc -DHAVE_CONFIG_H -I. -I../includes -DCLIENT_PATH='"PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin"' -DLOCALSTATEDIR='"/var"' -g -O2 -Wall -Werror -fno-strict-aliasing -I../includes -I/tmp/workspace/dhcp-dev/unit-tests/bind/include -MT clparse.o -MD -MP -MF .deps/clparse.Tpo -c -o clparse.o clparse.c
11:19:30 mv -f .deps/clparse.Tpo .deps/clparse.Po
11:19:30 gcc -DHAVE_CONFIG_H -I. -I../includes -DCLIENT_PATH='"PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin"' -DLOCALSTATEDIR='"/var"' -g -O2 -Wall -Werror -fno-strict-aliasing -I../includes -I/tmp/workspace/dhcp-dev/unit-tests/bind/include -MT dhclient.o -MD -MP -MF .deps/dhclient.Tpo -c -o dhclient.o dhclient.c
11:19:30 In file included from /usr/include/string.h:519,
11:19:30 from /usr/include/x86_64-linux-gnu/sys/un.h:37,
11:19:30 from ../includes/dhcpd.h:37,
11:19:30 from dhclient.c:33:
11:19:30 In function ‘memcpy’,
11:19:30 inlined from ‘forw_dhcpv4_response’ at dhclient.c:2019:2,
11:19:30 inlined from ‘dhcpv6’ at dhclient.c:1914:5:
11:19:30 /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: writing 16 bytes into a region of size 1 [-Werror=stringop-overflow=]
11:19:30 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
11:19:30 | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
11:19:30 In file included from ../includes/dhcpd.h:97,
11:19:30 from dhclient.c:33:
11:19:30 dhclient.c: In function ‘dhcpv6’:
11:19:30 ../includes/tree.h:62:16: note: at offset 0 to object ‘data’ with size 1 declared here
11:19:30 62 | unsigned char data [1];
11:19:30 | ^~~~
11:19:31 cc1: all warnings being treated as errors
11:19:31 make[2]: *** [Makefile:526: dhclient.o] Error 1
11:19:31 make[2]: Leaving directory '/tmp/workspace/dhcp-dev/unit-tests/client'
11:19:31 make[1]: *** [Makefile:666: all-recursive] Error 1
11:19:31 make[1]: Leaving directory '/tmp/workspace/dhcp-dev/unit-tests/client'
11:19:31 make: *** [Makefile:494: all-recursive] Error 1
```
https://jenkins.aws.isc.org/view/All/job/dhcp-dev/job/unit-tests/25/execution/node/124/log/
```
11:16:53 ISC DHCP source configure results:
11:16:53 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
11:16:53
11:16:53 Package:
11:16:53 Name: DHCP
11:16:53 Version: 4.4.2
11:16:53
11:16:53 C Compiler: gcc
11:16:53
11:16:53 Flags:
11:16:53 DEFS: -DHAVE_CONFIG_H
11:16:53 CFLAGS: -g -O2 -Wall -Werror -fno-strict-aliasing -I$(top_srcdir)/includes -I/tmp/workspace/dhcp-dev/unit-tests/bind/include
11:16:53
11:16:53 DHCP versions: DHCPv4, DHCPv6 and DHCPv4-over-DHCPv6
11:16:53
11:16:53 Features:
11:16:53 debug: no
11:16:53 failover: yes
11:16:53 execute: yes
11:16:53 binary-leases: no
11:16:53 dhcpv6: yes
11:16:53 delayed-ack: yes
11:16:53 dhcpv4o6: yes
11:16:53 relay-port: no
11:16:53
11:16:53 Developer:
11:16:53 ATF unittests : no
11:16:53
11:16:53
11:16:53 Now you can type make to build ISC DHCP
11:16:53
```
OS: ubuntu-20.10https://gitlab.isc.org/isc-projects/kea/-/issues/1960Implement TKEY exchange2021-08-05T17:57:28ZTomek MrugalskiImplement TKEY exchangeOne of the operations required by the GSS-TSIG hook is the ability to establish security context with the DNS server using TKEY protocol. We have the TKEY RR type added in #1880, we now need to start using it.
There is an example implem...One of the operations required by the GSS-TSIG hook is the ability to establish security context with the DNS server using TKEY protocol. We have the TKEY RR type added in #1880, we now need to start using it.
There is an example implementation available in #1935, which is a kind of an experiment. The TKEY exchange part of it should be turned into production code in GSS-TSIG hook.kea1.9.11Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2805Session persistence for forwarders2023-11-02T17:02:19ZPeter DaviesSession persistence for forwardersSession persistence for forwarders:
Where Bind is configured to use forwarding extensively or exclusively and the environment in which it is located precludes the use of udp as a transport protocol.
It may enhance throughput and limi...Session persistence for forwarders:
Where Bind is configured to use forwarding extensively or exclusively and the environment in which it is located precludes the use of udp as a transport protocol.
It may enhance throughput and limit resources utilisation if tcp sessions could be made persistent to some configurable degree.
Bind would need to be able to discover if there was an existing tcp session that could be (re)used when it needs to forward queries to some well known source.
[RT #18727](https://support.isc.org/Ticket/Display.html?id=18727)Not planned