1. 27 Apr, 2021 2 commits
    • Michal Nowak's avatar
      Install BIND with "make DESTDIR=<PATH> install" · 3f6cc254
      Michal Nowak authored
      BIND installation should be done by setting DESTDIR during "make
      install" not by setting prefix via ./configure.
      
      Make sure that installation with DESTDIR=<PATH> works by checking that
      it installed the named binary and it's respective man page to a
      well-known place.
      
      Also rename install path variable from BIND_INSTALL_PATH to
      INSTALL_PATH to avoid namespace clash in stress tests which use
      BIND_INSTALL_PATH variable to configure path to BIND9 binaries.
      3f6cc254
    • Michal Nowak's avatar
      Install man pages when sphinx-build tool is missing · 70b03925
      Michal Nowak authored
      The exclusion of doc/man/ when the sphinx-build tool is missing was
      excessive as some targets in doc/man/ are necessary to install man
      pages.
      70b03925
  2. 26 Apr, 2021 13 commits
  3. 24 Apr, 2021 2 commits
  4. 23 Apr, 2021 7 commits
  5. 22 Apr, 2021 16 commits
    • Evan Hunt's avatar
      add HTTP timeout recovery test · b258df85
      Evan Hunt authored
      NOTE: this test currently fails
      b258df85
    • Evan Hunt's avatar
      fix TLS timeout recovery · 23ec0112
      Evan Hunt authored
      the destruction of the socket in tls_failed_read_cb() needs to be
      conditional; if reached due to a timeout on a timer that has
      subsequently been reset, the socket must not be destroyed.
      23ec0112
    • Evan Hunt's avatar
      fix TCP timeout recovery · c90da991
      Evan Hunt authored
      removed an unnecessary assert in the failed_read_cb() function.
      also renamed to isc__nm_tcp_failed_read_cb() to match the practice
      in other modules.
      c90da991
    • Evan Hunt's avatar
      add TCP and TLS timeout recovery tests · 25ef0547
      Evan Hunt authored
      NOTE: currently these tests fail
      25ef0547
    • Evan Hunt's avatar
      add TCPDNS and TLSDNS timeout recovery tests · 52f256f9
      Evan Hunt authored
      this is similar in structure to the UDP timeout recovery test.
      
      this commit adds a new mechanism to the netmgr test allowing the
      listen socket to accept incoming TCP connections but never send
      a response. this forces the client to time out on read.
      52f256f9
    • Evan Hunt's avatar
      run read callbacks synchronously on timeout · bcf5b2a6
      Evan Hunt authored
      when running read callbacks, if the event result is not ISC_R_SUCCESS,
      the callback is always run asynchronously. this is a problem on timeout,
      because there's no chance to reset the timer before the socket has
      already been destroyed. this commit allows read callbacks to run
      synchronously for both ISC_R_SUCCESS and ISC_R_TIMEDOUT result codes.
      bcf5b2a6
    • Evan Hunt's avatar
      add a UDP timeout recovery test · 609975ad
      Evan Hunt authored
      this test sets up a server socket that listens for UDP connections
      but never responds. the client will always time out; it should retry
      five times before giving up.
      609975ad
    • Evan Hunt's avatar
      allow client read callback to be assignable · 1f41d59a
      Evan Hunt authored
      allow netmgr client tests to choose the function that will be
      used as a read callback, without having to write a different
      connect callback handler.
      1f41d59a
    • Diego dos Santos Fronza's avatar
      Merge branch '2626-deadlock-with-concurrent-rndc-addzone-rndc-delzone-commands' into 'main' · 289d7c2a
      Diego dos Santos Fronza authored
      Resolve "Deadlock with concurrent `rndc addzone`/`rndc delzone` commands"
      
      Closes #2626
      
      See merge request !4904
      289d7c2a
    • Diego Fronza's avatar
      Add CHANGES note for GL #2626 · 66466550
      Diego Fronza authored
      66466550
    • Diego Fronza's avatar
      Add system test for the deadlock fix · d6224035
      Diego Fronza authored
      The test spawns 4 parallel workers that keep adding, modifying and
      deleting zones, the main thread repeatedly checks wheter rndc
      status responds within a reasonable period.
      
      While environment and timing issues may affect the test, in most
      test cases the deadlock that was taking place before the fix used to
      trigger in less than 7 seconds in a machine with at least 2 cores.
      d6224035
    • Diego Fronza's avatar
      Fix deadlock between rndc addzone/delzone/modzone · 9298dceb
      Diego Fronza authored
      It follows a description of the steps that were leading to the deadlock:
      
      1. `do_addzone` calls `isc_task_beginexclusive`.
      
      2. `isc_task_beginexclusive` waits for (N_WORKERS - 1) halted tasks,
         this blocks waiting for those (no. workers -1) workers to halt.
      ...
      isc_task_beginexclusive(isc_task_t *task0) {
          ...
      	while (manager->halted + 1 < manager->workers) {
      		wake_all_queues(manager);
      		WAIT(&manager->halt_cond, &manager->halt_lock);
      	}
      ```
      
      3. It is possible that in `task.c / dispatch()` a worker is running a
         task event, if that event blocks it will not allow this worker to
         halt.
      
      4. `do_addzone` acquires `LOCK(&view->new_zone_lock);`,
      
      5. `rmzone` event is called from some worker's `dispatch()`, `rmzone`
         blocks waiting for the same lock.
      
      6. `do_addzone` calls `isc_task_beginexclusive`.
      
      7. Deadlock triggered, since:
      	- `rmzone` is wating for the lock.
      	- `isc_task_beginexclusive` is waiting for (no. workers - 1) to
      	   be halted
      	- since `rmzone` event is blocked it won't allow the worker to halt.
      
      To fix this, we updated do_addzone code to call isc_task_beginexclusive
      before the lock is acquired, we postpone locking to the nearest required
      place, same for isc_task_beginexclusive.
      
      The same could happen with rndc modzone, so that was addressed as well.
      9298dceb
    • Petr Špaček's avatar
      Merge branch '2634-test-tkey-gssapi-credential' into 'main' · fa6b277b
      Petr Špaček authored
      Add tests for the "tkey-gssapi-credential" option
      
      See merge request !4905
      fa6b277b
    • Petr Špaček's avatar
      Add tests for the "tkey-gssapi-credential" option · 1746d2e8
      Petr Špaček authored
      Four named instances in the "nsupdate" system test have GSS-TSIG support
      enabled.  All of them currently use "tkey-gssapi-keytab".  Configure two
      of them with "tkey-gssapi-credential" to test that option.
      
      As "tkey-gssapi-keytab" and "tkey-gssapi-credential" both provide the
      same functionality, no test modifications are required.  The difference
      between the two options is that the value of "tkey-gssapi-keytab" is an
      explicit path to the keytab file to acquire credentials from, while the
      value of "tkey-gssapi-credential" is the name of the principal whose
      credentials should be used; those credentials are looked up in the
      keytab file expected by the Kerberos library, i.e. /etc/krb5.keytab by
      default.  The path to the default keytab file can be overridden using by
      setting the KRB5_KTNAME environment variable.  Utilize that variable to
      use existing keytab files with the "tkey-gssapi-credential" option.
      
      The KRB5_KTNAME environment variable should not interfere with the
      "tkey-gssapi-keytab" option.  Nevertheless, rename one of the keytab
      files used with "tkey-gssapi-keytab" to something else than the contents
      of the KRB5_KTNAME environment variable in order to make sure that both
      "tkey-gssapi-keytab" and "tkey-gssapi-credential" are actually tested.
      1746d2e8
    • Ondřej Surý's avatar
      Merge branch 'ondrej/autoconf-2.71-fixes' into 'main' · c38bcb69
      Ondřej Surý authored
      Update the configure.ac for autoconf >= 2.71 compatibility
      
      See merge request !4899
      c38bcb69
    • Ondřej Surý's avatar
      Update the configure.ac for autoconf >= 2.71 compatibility · f52872c3
      Ondřej Surý authored
      This mostly removes stuff that's either deprecated, obsolete or not used
      at all:
      
      * Update the minimal autoconf version to 2.69
      * AC_PROG_CC_C99 is deprecated, just use AC_PROG_CC as we require C11
        anyway
      * AC_HEADER_TIME is deprecated, both <sys/time.h> and <time.h> can be
        included at the same time, and we don't use the macros that
        AC_HEADER_TIME defines anywhere
      * AC_HEADER_STDC checks for ISO C90 and we require at least C11
      * Replace AC_TRY_*([]) with AC_*_IFELSE([AC_LANG_PROGRAM()])
      * Update m4/ax_check_openssl.m4 from serial 10 to serial 11
      * Update m4/ax_gcc_func_attribute.m4 from serial 10 to serial 13
      * Update m4/ax_pthread.m4 from serial 24 to serial 30
      * Add early AC_CANONICAL_TARGET call to prevent warning from AX_PTHREAD
      f52872c3