1. 06 Apr, 2019 6 commits
  2. 05 Apr, 2019 12 commits
    • Evan Hunt's avatar
      refactor tcpquota and pipeline refs; allow special-case overrun in isc_quota · 86a7d4c1
      Evan Hunt authored
      - if the TCP quota has been exceeded but there are no clients listening
        for new connections on the interface, we can now force attachment to the
        quota using isc_quota_force(), instead of carrying on with the quota not
      - the TCP client quota is now referenced via a reference-counted
        'ns_tcpconn' object, one of which is created whenever a client begins
        listening for new connections, and attached to by members of that
        client's pipeline group. when the last reference to the tcpconn
        object is detached, it is freed and the TCP quota slot is released.
      - reduce code duplication by adding mark_tcp_active() function
      - convert counters to atomic
      (cherry picked from commit 7e8222378ca24f1302a0c1c638565050ab04681b)
    • Evan Hunt's avatar
      better tcpquota accounting and client mortality checks · 7d6518aa
      Evan Hunt authored
      - ensure that tcpactive is cleaned up correctly when accept() fails.
      - set 'client->tcpattached' when the client is attached to the tcpquota.
        carry this value on to new clients sharing the same pipeline group.
        don't call isc_quota_detach() on the tcpquota unless tcpattached is
        set.  this way clients that were allowed to accept TCP connections
        despite being over quota (and therefore, were never attached to the
        quota) will not inadvertently detach from it and mess up the
      - simplify the code for tcpquota disconnection by using a new function
      - before deciding whether to reject a new connection due to quota
        exhaustion, check to see whether there are at least two active
        clients. previously, this was "at least one", but that could be
        insufficient if there was one other client in READING state (waiting
        for messages on an open connection) but none in READY (listening
        for new connections).
      - before deciding whether a TCP client object can to go inactive, we
        must ensure there are enough other clients to maintain service
        afterward -- both accepting new connections and reading/processing new
        queries.  A TCP client can't shut down unless at least one
        client is accepting new connections and (in the case of pipelined
        clients) at least one additional client is waiting to read.
      (cherry picked from commit c7394738b2445c16f728a88394864dd61baad900)
    • Michał Kępień's avatar
      use reference counter for pipeline groups (v3) · 890dbb82
      Michał Kępień authored
      Track pipeline groups using a shared reference counter
      instead of a linked list.
      (cherry picked from commit 72eb9275ab8f97364c18abbc79671795f9cc1f23)
    • Witold Krecicki's avatar
      tcp-clients could still be exceeded (v2) · 7278b66c
      Witold Krecicki authored
      the TCP client quota could still be ineffective under some
      circumstances.  this change:
      - improves quota accounting to ensure that TCP clients are
        properly limited, while still guaranteeing that at least one client
        is always available to serve TCP connections on each interface.
      - uses more descriptive names and removes one (ntcptarget) that
        was no longer needed
      - adds comments
      (cherry picked from commit a43fe7cd3f051f12bb544b6fa364135b1719c587)
    • Witold Krecicki's avatar
      fix enforcement of tcp-clients (v1) · 264384fb
      Witold Krecicki authored
      tcp-clients settings could be exceeded in some cases by
      creating more and more active TCP clients that are over
      the set quota limit, which in the end could lead to a
      DoS attack by e.g. exhaustion of file descriptors.
      If TCP client we're closing went over the quota (so it's
      not attached to a quota) mark it as mortal - so that it
      will be destroyed and not set up to listen for new
      connections - unless it's the last client for a specific
      (cherry picked from commit 9ef6eb4c37ed909c8e2a5508c3b3e510b7b13b85)
    • Evan Hunt's avatar
      Merge branch '880-secure-asdfasdfasdf-abacadabra-crash-v9_12_4_patch' into 'v9_12_4_patch' · 2af98441
      Evan Hunt authored
      Fix nxdomain-redirect crash when recursive query results in ncache nxdomain
      See merge request isc-private/bind9!83
    • Evan Hunt's avatar
      CHANGES, release note · 82b03ce2
      Evan Hunt authored
    • Matthijs Mekking's avatar
      Fix nxdomain-redirect assertion failure · 4f00c86e
      Matthijs Mekking authored
      - Always set is_zonep in query_getdb; previously it was only set if
        result was ISC_R_SUCCESS or ISC_R_NOTFOUND.
      - Don't reset is_zone for redirect.
      - Style cleanup.
      (cherry picked from commit 3352270bdbbb39b167072aa282c6b310ffd96a7d)
      (cherry picked from commit e2500c60a0a764f35116e57b8d22f3109e97f75b)
    • Matthijs Mekking's avatar
      Add test for nxdomain-redirect ncachenxdomain · 21c7c65b
      Matthijs Mekking authored
      (cherry picked from commit 8dc43bc9fe934a0b4729cb1c467e62a73a11ebad)
      (cherry picked from commit 6093cc063bfe06066c59fd4b84ae7c68cf683215)
    • Evan Hunt's avatar
      Merge branch '892-fix-redirect-name-v9_12_4_patch' into 'v9_12_4_patch' · 5acc98e8
      Evan Hunt authored
      use qname in redirect2
      Closes #892
      See merge request isc-projects/bind9!1561
    • Mark Andrews's avatar
      add CHANGES · 29b792a1
      Mark Andrews authored
    • Mark Andrews's avatar
      use client->query.qname · 7c94f4b8
      Mark Andrews authored
      (cherry picked from commit 8758d36a)
      (cherry picked from commit e7826648272b341a84e497a1e17756d359b64444)
  3. 27 Feb, 2019 2 commits
  4. 21 Feb, 2019 20 commits