1. 06 Dec, 2018 24 commits
    • Evan Hunt's avatar
      8da0c0e7
    • Evan Hunt's avatar
      restore filter-aaaa syntax checking · 7a47e4d8
      Evan Hunt authored
      - added functionality to check hook parameters in named-checkconf,
        and restored the checkconf tests that were removed from the
        filter-aaaa test.
      7a47e4d8
    • Evan Hunt's avatar
      refactor to support multiple module instances · b94945e6
      Evan Hunt authored
      - use a per-view module list instead of global hook_modules
      - create an 'instance' pointer when registering modules, store it in
        the module structure, and use it as action_data when calling
        hook functions - this enables multiple module instances to be set
        up in parallel
      - also some nomenclature changes and cleanup
      b94945e6
    • Evan Hunt's avatar
      add additional hook points, plus some minor refactoring · 9df0bdc9
      Evan Hunt authored
      - added some hook points that will be needed for a dns64 module later
      - moved some code from the beginning of query_respond() to
        the end of query_prepresponse(); this has no effect on functionality
        but means we can have a hook point at the top of query_respond(),
        which seems nicer
      - compressed duplicated code into query_zerottl_refetch() function
      - added a qctx->answered flag so that a module can prevent
        query_addrrset() from being called from query_respond() when
        it's already been called from the module.
      9df0bdc9
    • Michał Kępień's avatar
    • Evan Hunt's avatar
      copy ns_hook objects before adding them to a hook table · 0b988256
      Evan Hunt authored
      - this is necessary because adding the same hook to multiple views
        causes the ISC_LIST link value to become inconsistent; it isn't
        noticeable when only one hook action is ever registered at a
        given hook point, but it will break things when there are two.
      0b988256
    • Evan Hunt's avatar
      use entirely local persistent data in modules · 74683fbc
      Evan Hunt authored
      - eliminate qctx->hookdata and client->hookflags.
      - use a memory pool to allocate data blobs in the filter-aaaa module,
        and associate them with the client address in a hash table
      - instead of detaching the client in query_done(), mark it for deletion
        and then call ns_client_detach() from qctx_destroy(); this ensures
        that it will still exist when the QCTX_DESTROYED hook point is
        reached.
      74683fbc
    • Evan Hunt's avatar
      8725f573
    • Evan Hunt's avatar
      clear AD flag when altering response messages · 427e9ca3
      Evan Hunt authored
      - the AD flag was not being cleared correctly when filtering
      - enabled dnssec valdiation in the filter-aaaa test to confirm this
        works correctly now
      427e9ca3
    • Evan Hunt's avatar
      improve hook processing macros · 055bf266
      Evan Hunt authored
      - use a get_hooktab() function to determine the hook table.
      - PROCESS_HOOK now jumps to a cleanup tag on failure
      - add PROCESS_ALL_HOOKS in query.c, to run all hook functions at
        a specified hook point without stopping. this is to be used for
        intiialization and destruction functions that must run in every
        module.
      - 'result' is set in PROCESS_HOOK only when a hook function
        interrupts processing.
      - revised terminology: a "callback" is now a "hook action"
      - remove unused NS_PROCESS_HOOK and NS_PROCESS_HOOK_VOID macros.
      055bf266
    • Evan Hunt's avatar
      enable modules to store data in qctx · 81f58e2e
      Evan Hunt authored
      - added a 'hookdata' array to qctx to store pointers to up to
        16 blobs of data which are allocated by modules as needed.
        each module is assigned an ID number as it's loaded, and this
        is the index into the hook data array. this is to be used for
        holding persistent state between calls to a hook module for a
        specific query.
      - instead of using qctx->filter_aaaa, we now use qctx->hookdata.
        (this was the last piece of filter-aaaa specific code outside the
        module.)
      - added hook points for qctx initialization and destruction. we get
        a filter-aaaa data pointer from the mempool when initializing and
        store it in the qctx->hookdata table; return to to the mempool
        when destroying the qctx.
      - link the view to the qctx so that detaching the client doesn't cause
        hooks to fail
      - added a qctx_destroy() function which must be called after qctx_init;
        this calls the QCTX_DESTROY hook and detaches the view
      - general cleanup and comments
      81f58e2e
    • Evan Hunt's avatar
      add a parser to filter-aaaa.so and pass in the parameters · 9911c835
      Evan Hunt authored
      - make some cfg-parsing functions global so they can be run
        from filter-aaaa.so
      - add filter-aaaa options to the hook module's parser
      - mark filter-aaaa options in named.conf as obsolete, remove
        from named and checkconf, and update the filter-aaaa test not to
        use checkconf anymore
      - remove filter-aaaa-related struct members from dns_view
      9911c835
    • Evan Hunt's avatar
      add hook statement to configuration parser · d2f46443
      Evan Hunt authored
      - allow multiple "hook" statements at global or view level
      - add "optional bracketed text" type for optional parameter list
      - load hook module from specified path rather than hardcoded path
      - add a hooktable pointer (and a callback for freeing it) to the
        view structure
      - change the hooktable functions so they no longer update ns__hook_table
        by default, and modify PROCESS_HOOK so it uses the view hooktable, if
        set, rather than ns__hook_table. (ns__hook_table is retained for
        use by unit tests.)
      - update the filter-aaaa system test to load filter-aaaa.so
      - add a prereq script to check for dlopen support before running
        the filter-aaaa system test
      
      not yet done:
      - configuration parameters are not being passed to the filter-aaaa
        module; the filter-aaaa ACL and filter-aaaa-on-{v4,v6} settings are
        still stored in dns_view
      d2f46443
    • Evan Hunt's avatar
      e2ac439e
    • Evan Hunt's avatar
      initial implementation of filter-aaaa.so as a shared object · d3f0f71b
      Evan Hunt authored
      - temporary kluge! in this version, for testing purposes,
        named always searches for a filter-aaaa module at /tmp/filter-aaaa.so.
        this enables the filter-aaaa system test to run even though the
        code to configure hooks in named.conf hasn't been written yet.
      - filter-aaaa-on-v4, filter-aaaa-on-v6 and the filter-aaaa ACL are
        still configured in the view as they were before, not in the hook.
      d3f0f71b
    • Evan Hunt's avatar
      move several query.c helper functions to client.c and rename · e4f0a98b
      Evan Hunt authored
      - these formerly static helper functions have been moved into client.c
        and made external so that they can be used in hook modules as well as
        internally in libns: query_newrdataset, query_putrdataset,
        query_newnamebuf, query_newname, query_getnamebuf, query_keepname,
        query_releasename, query_newdbversion, query_findversion
      - made query_recurse() and query_done() into public functions
        ns_query_recurse() and ns_query_done() so they can be called from
        modules.
      e4f0a98b
    • Evan Hunt's avatar
      0d7ab9ba
    • Evan Hunt's avatar
      refactor filter-aaaa implementation · d43dcef1
      Evan Hunt authored
       - the goal of this change is for AAAA filtering to be fully contained
         in the query logic, and implemented at discrete points that can be
         replaced with hook callouts later on.
       - the new code may be slightly less efficient than the old filter-aaaa
         implementation, but maximum efficiency was never a priority for AAAA
         filtering anyway.
       - we now use the rdataset RENDERED attribute to indicate that an AAAA
         rdataset should not be included when rendering the message. (this
         flag was originally meant to indicate that an rdataset has already
         been rendered and should not be repeated, but it can also be used to
         prevent rendering in the first place.)
       - the DNS_MESSAGERENDER_FILTER_AAAA, NS_CLIENTATTR_FILTER_AAAA,
         and DNS_RDATASETGLUE_FILTERAAAA flags are all now unnecessary and
         have been removed.
      d43dcef1
    • Evan Hunt's avatar
      refactor query.c to make qctx more accessible · 29897b14
      Evan Hunt authored
      - the purpose of this change is allow for more well-defined hook points
        to be available in the query processing logic. some functions that
        formerly didn't have access to 'qctx' do now; this is needed because
        'qctx' is what gets passed when calling a hook function.
      - query_addrdataset() has been broken up into three separate functions
        since it used to do three unrelated things, and what was formerly
        query_addadditional() has been renamed query_additional_cb() for
        clarity.
      - client->filter_aaaa is now qctx->filter_aaaa. (later, it will be moved
        into opaque storage in the qctx, for use by the filter-aaaa module.)
      - cleaned up style and braces
      29897b14
    • Evan Hunt's avatar
      set up hooks.c to enable setting hook points and loading modules · 70cc3f80
      Evan Hunt authored
      - move hooks.h to public include directory
      - ns_hooktable_init() initializes a hook table. if NULL is passed in, it
        initializes the global hook table
      - ns_hooktable_save() saves a pointer to the current global hook table.
      - ns_hooktable_reset() replaces the global hook table with different
        one
      - ns_hook_add() adds hooks at specified hook points in a hook table (or
        the global hook table if the specified table is NULL)
      - load and unload functions support dlopen() of hook modules (this is
        adapted from dyndb and not yet functional)
      - began adding new hook points to query.c
      70cc3f80
    • Ondřej Surý's avatar
      Merge branch 'mr1106-remove-some-more-algorithm-references-master' into 'master' · 6f11f90e
      Ondřej Surý authored
      (master) Mr1106 remove some more algorithm references
      
      See merge request !1192
      6f11f90e
    • Matthijs Mekking's avatar
      Replace some more DSA examples with ECDSAP256SHA256 · 07370798
      Matthijs Mekking authored
      (cherry picked from commit 5f27dc35)
      07370798
    • Matthijs Mekking's avatar
      Remove one more GOST reference · 7ef858f5
      Matthijs Mekking authored
      We can remove this, because it is used in `strtodsdigest` but that
      already no longer covers the algorithm name "GOST".
      
      There is one more GOST reference in `bin/python/isc/checkds.py.in`
      but that is used for presentation format and probably should stay.
      
      (cherry picked from commit 57d44fbc)
      7ef858f5
    • Mark Andrews's avatar
      Merge branch '756-dyndb-system-test-failing-intermittently' into 'master' · 1cf2f7d0
      Mark Andrews authored
      Add additional logging to driver.
      
      See merge request !1178
      1cf2f7d0
  2. 05 Dec, 2018 9 commits
  3. 04 Dec, 2018 4 commits
  4. 03 Dec, 2018 3 commits