1. 06 May, 2019 1 commit
  2. 26 Apr, 2019 2 commits
    • Michał Kępień's avatar
      Merge branch 'michal/simplify-trailing-period-handling-in-system-tests-v9_11' into 'v9_11' · 16bb74b1
      Michał Kępień authored
      [v9_11] Simplify trailing period handling in system tests
      
      See merge request isc-projects/bind9!1878
      16bb74b1
    • Michał Kępień's avatar
      Simplify trailing period handling in system tests · 72c7bc03
      Michał Kępień authored
      Windows systems do not allow a trailing period in file names while Unix
      systems do.  When BIND system tests are run, the $TP environment
      variable is set to an empty string on Windows systems and to "." on Unix
      systems.  This environment variable is then used by system test scripts
      for handling this discrepancy properly.
      
      In multiple system test scripts, a variable holding a zone name is set
      to a string with a trailing period while the names of the zone's
      corresponding dlvset-* and/or dsset-* files are determined using
      numerous sed invocations like the following one:
      
          dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
      
      In order to improve code readability, use zone names without trailing
      periods and replace sed invocations with variable substitutions.
      
      To retain local consistency, also remove the trailing period from
      certain other zone names used in system tests that are not subsequently
      processed using sed.
      
      (cherry picked from commit da2c1b74)
      72c7bc03
  3. 25 Apr, 2019 13 commits
    • Ondřej Surý's avatar
      Merge branch 'prep-release-v9_11' into 'v9_11' · 343fa390
      Ondřej Surý authored
      Prep release v9 11
      
      See merge request isc-projects/bind9!1865
      343fa390
    • Tinderbox User's avatar
      doc rebuild · a648e07b
      Tinderbox User authored
      (cherry picked from commit 40b034f5)
      a648e07b
    • Tinderbox User's avatar
      prep 9.11.6-P1 · 7c6b5f2e
      Tinderbox User authored
      (cherry picked from commit 6195f229)
      7c6b5f2e
    • Ondřej Surý's avatar
      Merge branch '999-tcp-client-crash-v9_11-locks' into 'v9_11' · aaee7528
      Ondřej Surý authored
      Replace atomic operations in bin/named/client.c with isc_refcount reference counting
      
      See merge request isc-projects/bind9!1864
      aaee7528
    • Ondřej Surý's avatar
    • Ondřej Surý's avatar
      Merge branch '615-tcp-client-crash-v9_11-v9_11_6_patch-v9_11' into 'v9_11' · 581ae795
      Ondřej Surý authored
      Resolve "tcp-clients mostly ineffective"
      
      See merge request isc-projects/bind9!1863
      581ae795
    • Evan Hunt's avatar
      CHANGES, release note · b96a3a0c
      Evan Hunt authored
      (cherry picked from commit 5e18ad05)
      b96a3a0c
    • Evan Hunt's avatar
      restore allowance for tcp-clients < interfaces · 59434b98
      Evan Hunt authored
      in the "refactor tcpquota and pipeline refs" commit, the counting
      of active interfaces was tightened in such a way that named could
      fail to listen on an interface if there were more interfaces than
      tcp-clients. when checking the quota to start accepting on an
      interface, if the number of active clients was above zero, then
      it was presumed that some other client was able to handle accepting
      new connections. this, however, ignored the fact that the current client
      could be included in that count, so if the quota was already exceeded
      before all the interfaces were listening, some interfaces would never
      listen.
      
      we now check whether the current client has been marked active; if so,
      then the number of active clients on the interface must be greater
      than 1, not 0.
      
      (cherry picked from commit 0b4e2cd4c3192ba88569dd344f542a8cc43742b5)
      (cherry picked from commit d01023aa)
      59434b98
    • Evan Hunt's avatar
      refactor tcpquota and pipeline refs; allow special-case overrun in isc_quota · c47ccf63
      Evan Hunt authored
      - if the TCP quota has been exceeded but there are no clients listening
        for new connections on the interface, we can now force attachment to the
        quota using isc_quota_force(), instead of carrying on with the quota not
        attached.
      - the TCP client quota is now referenced via a reference-counted
        'ns_tcpconn' object, one of which is created whenever a client begins
        listening for new connections, and attached to by members of that
        client's pipeline group. when the last reference to the tcpconn
        object is detached, it is freed and the TCP quota slot is released.
      - reduce code duplication by adding mark_tcp_active() function.
      - convert counters to atomic.
      
      (cherry picked from commit 7e8222378ca24f1302a0c1c638565050ab04681b)
      (cherry picked from commit 4939451275722bfda490ea86ca13e84f6bc71e46)
      (cherry picked from commit 13f7c918)
      c47ccf63
    • Evan Hunt's avatar
      better tcpquota accounting and client mortality checks · 2ab8a085
      Evan Hunt authored
      - ensure that tcpactive is cleaned up correctly when accept() fails.
      - set 'client->tcpattached' when the client is attached to the tcpquota.
        carry this value on to new clients sharing the same pipeline group.
        don't call isc_quota_detach() on the tcpquota unless tcpattached is
        set.  this way clients that were allowed to accept TCP connections
        despite being over quota (and therefore, were never attached to the
        quota) will not inadvertently detach from it and mess up the
        accounting.
      - simplify the code for tcpquota disconnection by using a new function
        tcpquota_disconnect().
      - before deciding whether to reject a new connection due to quota
        exhaustion, check to see whether there are at least two active
        clients. previously, this was "at least one", but that could be
        insufficient if there was one other client in READING state (waiting
        for messages on an open connection) but none in READY (listening
        for new connections).
      - before deciding whether a TCP client object can to go inactive, we
        must ensure there are enough other clients to maintain service
        afterward -- both accepting new connections and reading/processing new
        queries.  A TCP client can't shut down unless at least one
        client is accepting new connections and (in the case of pipelined
        clients) at least one additional client is waiting to read.
      
      (cherry picked from commit c7394738b2445c16f728a88394864dd61baad900)
      (cherry picked from commit e965d5f11d3d0f6d59704e614fceca2093cb1856)
      (cherry picked from commit 87d43116)
      2ab8a085
    • Michał Kępień's avatar
      use reference counter for pipeline groups (v3) · 366b4e1e
      Michał Kępień authored
      Track pipeline groups using a shared reference counter
      instead of a linked list.
      
      (cherry picked from commit 513afd33)
      (cherry picked from commit 9446629b)
      366b4e1e
    • Witold Krecicki's avatar
      tcp-clients could still be exceeded (v2) · 719f604e
      Witold Krecicki authored
      the TCP client quota could still be ineffective under some
      circumstances.  this change:
      
      - improves quota accounting to ensure that TCP clients are
        properly limited, while still guaranteeing that at least one client
        is always available to serve TCP connections on each interface.
      - uses more descriptive names and removes one (ntcptarget) that
        was no longer needed
      - adds comments
      
      (cherry picked from commit 924651f1)
      (cherry picked from commit 55a7a458)
      719f604e
    • Witold Krecicki's avatar
      fix enforcement of tcp-clients (v1) · ec2d50da
      Witold Krecicki authored
      tcp-clients settings could be exceeded in some cases by
      creating more and more active TCP clients that are over
      the set quota limit, which in the end could lead to a
      DoS attack by e.g. exhaustion of file descriptors.
      
      If TCP client we're closing went over the quota (so it's
      not attached to a quota) mark it as mortal - so that it
      will be destroyed and not set up to listen for new
      connections - unless it's the last client for a specific
      interface.
      
      (cherry picked from commit f97131d2)
      (cherry picked from commit 9689ffc4)
      ec2d50da
  4. 24 Apr, 2019 5 commits
  5. 23 Apr, 2019 9 commits
  6. 19 Apr, 2019 10 commits