This commit changes the BIND cookie algorithms to match
draft-sury-toorop-dnsop-server-cookies-00. Namely, it changes the Client Cookie
algorithm to use SipHash 2-4, adds the new Server Cookie algorithm using SipHash
2-4. The change doesn't make the SipHash 2-4 to be the default algorithm, this
is up to the operator.
Move the macOS section of <isc/endian.h> to a lower spot as it is
believed not to be the most popular platform for running BIND. Add a
comment and remove redundant definitions.
Instead of only supporting Linux, try making <isc/endian.h> support
other GNU platforms as well. Since some compilers define __GNUC__ on
BSDs (e.g. Clang on FreeBSD), move the relevant section to the bottom of
the platform-specific part of <isc/endian.h>, so that it only gets
evaluated when more specific platform determination criteria are not
met. Also include <byteswap.h> so that any byte-swapping macros which
may be defined in that file on older platforms are used in the fallback
definitions of the nonstandard hto[bl]e{16,32,64}() and
[bl]e{16,32,64}toh() conversion functions.
While Solaris does not support the nonstandard hto[bl]e{16,32,64}() and
[bl]e{16,32,64}toh() conversion functions, it does have some
byte-swapping macros available in <sys/byteorder.h>. Ensure these
macros are used in the fallback definitions of the aforementioned
nonstandard functions.
Since the hto[bl]e{16,32,64}() and [bl]e{16,32,64}toh() conversion
functions are nonstandard, add fallback definitions of these functions
to <isc/endian.h>, so that their unavailability does not prevent
compilation from succeeding.
Current versions of DragonFly BSD, FreeBSD, NetBSD, and OpenBSD all
support the modern variants of functions converting values between host
and big-endian/little-endian byte order while older ones might not.
Ensure <isc/endian.h> works properly in both cases.
5236. [func] Add SipHash 2-4 implementation in lib/isc/siphash.c
and switch isc_hash_function() to use SipHash 2-4.
[GL #605]
(cherry picked from commit dc9543abb3)
Each individual test opened GeoIP databases but the database handles were never
closed. This commit moves the open/close from the individual unit tests into
the _setup and _teardown methods where they really belong.
(cherry picked from commit d1c7b79183)
The MSVS C compiler requires every struct to have at least one member.
The dns_geoip_databases_t structure had one set of members for
HAVE_GEOIP and a different set for HAVE_GEOIP2, and none when neither
API is in use.
This commit silences the compiler error by moving the declaration of
dns_geoip_databases_t to types.h as an opaque reference, and commenting
out the contents of geoip.h when neither version of GeoIP is enabled.
(cherry picked from commit 81fcde5953)
When trying to extract the key ID from a key file name, some test code
incorrectly attempts to strip all leading zeros. This breaks tests when
keys with ID 0 are generated. Add a new helper shell function,
keyfile_to_key_id(), which properly handles keys with ID 0 and use it in
test code whenever a key ID needs to be extracted from a key file name.
(cherry picked from commit 7d6eaad1bd)
When printing a packet, dnstap-read checks whether its text form takes
up more than the 2048 bytes allocated for the output buffer by default.
If that is the case, the output buffer is automatically expanded, but
the truncated output is left in the buffer, resulting in malformed data
being printed. Clear the output buffer before expanding it to prevent
this issue from occurring.
(cherry picked from commit 3549abe81d)
- revise mapping of search terms to database types to match the
GeoIP2 schemas.
- open GeoIP2 databases when starting up; close when shutting down.
- clarify the logged error message when an unknown database type
is configured.
- add new geoip ACL subtypes to support searching for continent in
country databases.
- map geoip ACL subtypes to specific MMDB database queries.
- perform MMDB lookups based on subtype, saving state between
queries so repeated lookups for the same address aren't necessary.
(cherry picked from commit 6e0b93e5a0)
