Commit Graph

33847 Commits

Author SHA1 Message Date
Ondřej Surý
58907b2239 fixup! Add reference counting for enqueued tasks 2021-05-06 22:29:54 +02:00
Ondřej Surý
dbb9df69cd fixup! Use barriers for netmgr synchronization 2021-05-06 22:29:54 +02:00
Ondřej Surý
819171e7f7 fixup! Add reference counting for enqueued tasks 2021-05-06 22:29:54 +02:00
Ondřej Surý
51f923527a fixup! Use barriers for netmgr synchronization 2021-05-06 22:29:54 +02:00
Ondřej Surý
3ae12ddc15 fixup! Use barriers for netmgr synchronization 2021-05-06 22:29:54 +02:00
Ondřej Surý
ecec7c4ea9 fixup! Add reference counting for enqueued tasks 2021-05-06 22:29:54 +02:00
Ondřej Surý
dcc84363e0 fixup! Use barriers for netmgr synchronization 2021-05-06 22:29:54 +02:00
Ondřej Surý
f6289afc97 Add reference counting for enqueued tasks
Previously, taskmgr was using ISC_LIST for keeping the enqueued tasks
and the ISC_LIST have an inherent property that the task would not get
enqueued twice.  When taskmgr switched to using netmgr, we are using
isc_queue_t which can enqueue same item multiple times, and this was
causing problem when the previous isc_task_run() would find the task to
be empty and shutting down.  It would directly destroy the task and
leave the following netievents with already freed task.

This commit adds references counting around task_ready(++) and
task_run(--) and adds isc_task_ready() public API wrapper around
task_ready, so we can call it from netmgr when the event quantum would
be reached.
2021-05-06 22:29:53 +02:00
Ondřej Surý
57364fd1a9 fixup! Use barriers for netmgr synchronization 2021-05-06 22:29:53 +02:00
Ondřej Surý
c61104f3ab fixup! Use barriers for netmgr synchronization 2021-05-06 22:29:53 +02:00
Artem Boldariev
a116c30f59 Make some TLS tests actually use quota
A directive to check quota was missing from some of the TLS tests
which were supposed to test TLS code with quotas.
2021-05-06 22:29:53 +02:00
Artem Boldariev
03988776c9 TLS: cancel reading on the underlying TCP socket after the last ...
... handle has been detached after calling write callback. That makes
it possible to detach from the underlying socket and not to keep the
socket object alive for too long. This issue was causing TLS tests
with quota to fail because quota might not have been detached on
time (because it was still referenced by the underlying TCP socket).

One could say that this commit is an ideological continuation of:

513cdb52ec.
2021-05-06 22:29:53 +02:00
Ondřej Surý
54492750e5 Use barriers for netmgr synchronization
The netmgr listening, stoplistening, pausing and resuming now use
barriers (uv_barrier_t) for synchronization, which makes the code
much simpler.
2021-05-06 22:29:53 +02:00
Ondřej Surý
4a1d5d8057 Don't clear dig lookup if it was already cleared
This workarounds couple of races where the current_lookup would be
already detached during shutting down the dig, but still processing the
pending reads.
2021-05-06 22:29:53 +02:00
Ondřej Surý
29616ad596 Make the netmgr queue processing quantized
There was a theoretical possibility of clogging up the queue processing
with an endless loop where currently processing netievent would schedule
new netievent that would get processed immediately.  This wasn't such a
problem when only netmgr netievents were processed, but with the
addition of the tasks, there are at least two situation where this could
happen:

 1. In lib/dns/zone.c:setnsec3param() the task would get re-enqueued
    when the zone was not yet fully loaded.

 2. Tasks have internal quantum for maximum number of isc_events to be
    processed, when the task quantum is reached, the task would get
    rescheduled and then immediately processed by the netmgr queue
    processing.

As the isc_queue doesn't have a mechanism to atomically move the queue,
this commit adds mechanism to quantize the queue, so enqueueing new
netievents will never stop processing other uv_loop_t events.
2021-05-06 22:29:53 +02:00
Ondřej Surý
6a3e2a7a4b Fix wrong query accounting in the connect function in dighost.c
The start_udp() function didn't properly attach to the query and thus
a callback with ISC_R_CANCELED would end with wrong accounting on the
query object.

Usually, this doesn't happen because underlying libuv API
uv_udp_connect() is synchronous, but isc_nm_udpconnect() could return
ISC_R_CANCELED in case it's called while the netmgr is shutting down.
2021-05-06 22:29:52 +02:00
Ondřej Surý
ac75fb6265 Cleanup lib/isc/task.c
After the last refactoring, the struct isc_task and struct isc_taskmgr
had couple of unused fields.  In this commit, we remove unused fields
from the both structs and convert the isc_task_t atomic flags into two
atomic_bools for easier manipulation.
2021-05-06 22:29:52 +02:00
Ondřej Surý
b79c5a2d05 Destroy netmgr before destroying taskmgr
With taskmgr running on top of netmgr, the ordering of how the tasks and
netmgr shutdown interacts was wrong as previously isc_taskmgr_destroy()
was waiting until all tasks were properly shutdown and detached.  This
responsibility was moved to netmgr, so we now need to do the following:

  1. shutdown all the tasks - this schedules all shutdown events onto
     the netmgr queue

  2. shutdown the netmgr - this also makes sure all the tasks and
     events are properly executed

  3. Shutdown the taskmgr - this now waits for all the tasks to finish
     running before returning

  4. Shutdown the netmgr - this call waits for all the netmgr netievents
     to finish before returning

This solves the race when the taskmgr object would be destroyed before
all the tasks were finished running in the netmgr loops.
2021-05-06 22:29:52 +02:00
Ondřej Surý
56925348a5 Add new isc_managers API to simplify <*>mgr create/destroy
Previously, netmgr, taskmgr, timermgr and socketmgr all had their own
isc_<*>mgr_create() and isc_<*>mgr_destroy() functions.  The new
isc_managers_create() and isc_managers_destroy() fold all four into a
single function and makes sure the objects are created and destroy in
correct order.

Especially now, when taskmgr runs on top of netmgr, the correct order is
important and when the code was duplicated at many places it's easy to
make mistake.

The former isc_<*>mgr_create() and isc_<*>mgr_destroy() functions were
made private and a single call to isc_managers_create() and
isc_managers_destroy() is required at the program startup / shutdown.
2021-05-06 22:29:52 +02:00
Matthijs Mekking
cf99c1dc85 Merge branch '2603-test-dnssec-policy-none' into 'main'
Check zonefile is untouched if dnssec-policy none

Closes #2603

See merge request isc-projects/bind9!4888
2021-05-05 17:15:58 +00:00
Matthijs Mekking
66f2cd228d Use isdigit instead of checking character range
When looking for key files, we could use isdigit rather than checking
if the character is within the range [0-9].

Use (unsigned char) cast to ensure the value is representable in the
unsigned char type (as suggested by the isdigit manpage).

Change " & 0xff" occurrences to the recommended (unsigned char) type
cast.
2021-05-05 19:15:33 +02:00
Matthijs Mekking
0c09867e96 Changes and release notes for [#2603] 2021-05-05 19:15:32 +02:00
Matthijs Mekking
511bc1b882 Check for filename clashes /w dnssec-policy zones
Just like with dynamic and/or inline-signing zones, check if no two
or more zone configurations set the same filename. In these cases,
the zone files are not read-only and named-checkconf should catch
a configuration where multiple zone statements write to the same file.

Add some bad configuration tests where KASP zones reference the same
zone file.

Update the good-kasp test to allow for two zones configure the same
file name, dnssec-policy none.
2021-05-05 19:13:55 +02:00
Matthijs Mekking
2d1b3a9899 Check zonefile is untouched if dnssec-policy none
Make sure no DNSSEC contents are added to the zonefile if dnssec-policy
is set to "none" (and no .state files exist for the zone).
2021-05-05 19:13:55 +02:00
Mark Andrews
d8cc16a659 Merge branch '2670-always-set-rewrite-when-compacting-a-version-1-journal' into 'main'
Resolve "Always set 'rewrite' when compacting a version 1 journal."

Closes #2670

See merge request isc-projects/bind9!4985
2021-05-05 13:33:55 +00:00
Mark Andrews
a60b54e1df Add release note for [GL #2670] 2021-05-05 23:13:55 +10:00
Mark Andrews
79da175a76 Add CHANGES note for [GL #2670] 2021-05-05 23:13:09 +10:00
Mark Andrews
ae1ae07b03 Check journal compaction 2021-05-05 23:12:37 +10:00
Mark Andrews
4a8e33b9f0 Always perform a re-write when processing a version 1 journal
version 1 journals may have a mix of type 1 and type 2 transaction
headers so always use the recovery code.
2021-05-05 23:12:37 +10:00
Mark Andrews
71df4fb84c Allow named-journalprint to compact journals at a given serial 2021-05-05 23:12:37 +10:00
Matthijs Mekking
cecc905b46 Merge branch 'matthijs-follow-up-2596' into 'main'
Remove double "insecure" check

See merge request isc-projects/bind9!4997
2021-05-05 10:48:38 +00:00
Matthijs Mekking
22243ac804 Remove double "insecure" check
This was a conflict between dba13d280a
and 636ff1e15c.
2021-05-05 12:45:47 +02:00
Matthijs Mekking
09ed248f60 Merge branch '2596-dnssec-policy-keys-inaccessible' into 'main'
Don't roll keys when the private key file is offline

Closes #2596

See merge request isc-projects/bind9!4885
2021-05-05 10:33:46 +00:00
Matthijs Mekking
636ff1e15c No longer need to strcmp for "none"
When we introduced "dnssec-policy insecure" we could have removed the
'strcmp' check for "none", because if it was set to "none", the 'kasp'
variable would have been set to NULL.
2021-05-05 11:23:53 +02:00
Matthijs Mekking
366ed047dd Changes and release notes for [#2596] 2021-05-05 11:14:35 +02:00
Matthijs Mekking
4a8ad0a77f Add kasp tests for offline keys
Add a test for default.kasp that if we remove the private key file,
no successor key is created for it. We need to update the kasp script
to deal with a missing private key. If this is the case, skip checks
for private key files.

Add a test with a zone for which the private key of the ZSK is missing.

Add a test with a zone for which the private key of the KSK is missing.
2021-05-05 11:14:02 +02:00
Matthijs Mekking
6a60bf637d Update smart signing when key is offline
BIND 9 is smart about when to sign with what key. If a key is offline,
BIND will delete the old signature anyway if there is another key to
sign the RRset with.

With KASP we don't want to fallback to the KSK if the ZSK is missing,
only for the SOA RRset. If the KSK is missing, but we do have a ZSK,
deleting the signature is fine. Otherwise it depends on if we use KASP
or not. Update the 'delsig_ok' function to reflect that.
2021-05-05 11:13:19 +02:00
Matthijs Mekking
3e6fc49c16 Don't roll offline keys
When checking the current DNSSEC state against the policy, consider
offline keys. If we didn't found an active key, check if the key is
offline by checking the public key list. If there is a match in the
public key list (the key data is retrieved from the .key and the
.state files), treat the key as offline and don't create a successor
key for it.
2021-05-05 11:13:19 +02:00
Matthijs Mekking
b3a5859a9b rndc dnssec -status should include offline keys
The rndc command 'dnssec -status' only considered keys from
'dns_dnssec_findmatchingkeys' which only includes keys with accessible
private keys. Change it so that offline keys are also listed in the
status.
2021-05-05 11:13:19 +02:00
Matthijs Mekking
7ed089576f Try to read state when reading keylist from rdata
The function 'dns_dnssec_keylistfromrdataset()' creates a keylist from
the DNSKEY RRset. If we attempt to read the private key, we also store
the key state. However, if the private key is offline, the key state
will not be stored. To fix this, first attempt to read the public key
file. If then reading the private key file fails, and we do have a
public key, add that to the keylist, with appropriate state. If we
also failed to read the public key file, add the DNSKEY to the keylist,
as we did before.
2021-05-05 11:13:19 +02:00
Matthijs Mekking
fa05c1b8da When reading public key from file, also read state
The 'dst_key_fromnamedfile()' function did not read and store the
key state from the .state file when reading a public key file.
2021-05-05 11:13:19 +02:00
Matthijs Mekking
cf17698f87 Fix a kasp lock issue
The kasp lock would stay locked if 'dns_keymgr_run' failed.
2021-05-05 11:13:19 +02:00
Mark Andrews
2be319b759 Merge branch '2678-named-checkconf-doesn-t-catch-redefinition-of-dnssec-policy-insecure' into 'main'
Resolve "named-checkconf doesn't catch redefinition of dnssec-policy insecure"

Closes #2678

See merge request isc-projects/bind9!4994
2021-05-05 07:03:12 +00:00
Mark Andrews
dba13d280a named-checkconf now detects redefinition of dnssec-policy 'insecure' 2021-05-05 16:23:19 +10:00
Mark Andrews
0f53872542 Merge branch '2536-inline-signing-documentation-doesn-t-match-reality' into 'main'
Resolve "inline-signing documentation doesn't match reality"

Closes #2536

See merge request isc-projects/bind9!4751
2021-05-05 00:17:40 +00:00
Matthijs Mekking
a548a450b3 checkconf tests for inline-signing at options/view 2021-05-04 23:35:59 +00:00
Mark Andrews
03978a7881 Add Release note for [GL #2536] 2021-05-04 23:35:59 +00:00
Mark Andrews
475a553e37 Add CHANGES note for [GL #2536] 2021-05-04 23:35:59 +00:00
Mark Andrews
b3301da262 inline-signing should have been in zone_only_clauses 2021-05-04 23:35:59 +00:00
Ondřej Surý
74d9a917eb Merge branch '2675-wrong-rfc-reference-in-name-c' into 'main'
Fix RFC292 -> RFC952 typo

Closes #2675

See merge request isc-projects/bind9!4990
2021-05-04 15:22:49 +00:00