diff --git a/CHANGES b/CHANGES index e7deb1f159..e2872ab293 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,19 @@ +3975. [bug] Don't populate or use the bad cache for queries that + don't request or use recursion. [RT #37466] + +3974. [bug] handle DH_compute_key() failure correctly in + openssldh_link.c. [RT #37477] + +3973. [func] Added hooks for Google/Great Performance Tools + CPU Profiler, including in real time. [RT #37339] + +3972. [bug] Fix host's usage statement. [RT #37397] + +3971. [bug] Reduce the cascasding failures due to a bad $TTL line + in named-checkconf / named-checkzone. [RT #37138] + 3970. [contrib] Fixed a use after free bug in the SDB LDAP driver. - [RT #37237] + [RT #37237] 3969. [test] Added 'delv' system test. [RT #36901] diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index e79cbc1823..ed00c3c5dd 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -67,7 +67,7 @@ usage(void) ISC_PLATFORM_NORETURN_POST; static void usage(void) { - fprintf(stderr, "usage: %s [-h] [-j] [-p] [-v] [-z] [-t directory] " + fprintf(stderr, "usage: %s [-h] [-j] [-p [-x]] [-v] [-z] [-t directory] " "[named.conf]\n", program); exit(1); } diff --git a/bin/dig/host.c b/bin/dig/host.c index 16e6f2aa0e..b5f023b15c 100644 --- a/bin/dig/host.c +++ b/bin/dig/host.c @@ -165,7 +165,7 @@ show_usage(void) { " -4 use IPv4 query transport only\n" " -6 use IPv6 query transport only\n" " -m set memory debugging flag (trace|record|usage)\n" -" -v print version number and exit\n", stderr); +" -V print version number and exit\n", stderr); exit(1); } diff --git a/bin/named/main.c b/bin/named/main.c index 409edc35d3..4d26ff5c05 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -54,6 +54,10 @@ #include +#ifdef HAVE_GPERFTOOLS_PROFILER +#include +#endif + /* * Defining NS_MAIN provides storage declarations (rather than extern) @@ -1169,6 +1173,10 @@ main(int argc, char *argv[]) { char *instance = NULL; #endif +#ifdef HAVE_GPERFTOOLS_PROFILER + (void) ProfilerStart(NULL); +#endif + /* * Record version in core image. * strings named.core | grep "named version:" @@ -1288,5 +1296,9 @@ main(int argc, char *argv[]) { ns_os_shutdown(); +#ifdef HAVE_GPERFTOOLS_PROFILER + ProfilerStop(); +#endif + return (0); } diff --git a/bin/named/query.c b/bin/named/query.c index e820b993f2..6f90c0fc41 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -6303,32 +6303,36 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * if the current query has CD=0, then we can just return * SERVFAIL now. */ - flags = 0; - failcache = dns_badcache_find(client->view->failcache, - client->query.qname, qtype, - &flags, &client->tnow); - if (failcache && (((flags & NS_FAILCACHE_CD) != 0) || - ((client->message->flags & DNS_MESSAGEFLAG_CD) == 0))) - { - if (isc_log_wouldlog(ns_g_lctx, ISC_LOG_DEBUG(1))) { - char namebuf[DNS_NAME_FORMATSIZE]; - char typename[DNS_RDATATYPE_FORMATSIZE]; + if (RECURSIONOK(client)) { + flags = 0; + failcache = dns_badcache_find(client->view->failcache, + client->query.qname, qtype, + &flags, &client->tnow); + if (failcache && + (((flags & NS_FAILCACHE_CD) != 0) || + ((client->message->flags & DNS_MESSAGEFLAG_CD) == 0))) + { + if (isc_log_wouldlog(ns_g_lctx, ISC_LOG_DEBUG(1))) { + char namebuf[DNS_NAME_FORMATSIZE]; + char typename[DNS_RDATATYPE_FORMATSIZE]; - dns_name_format(client->query.qname, - namebuf, sizeof(namebuf)); - dns_rdatatype_format(qtype, - typename, sizeof(typename)); - ns_client_log(client, NS_LOGCATEGORY_CLIENT, - NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(1), - "servfail cache hit %s/%s (%s)", - namebuf, typename, - ((flags & NS_FAILCACHE_CD) != 0) - ? "CD=1" - : "CD=0"); + dns_name_format(client->query.qname, + namebuf, sizeof(namebuf)); + dns_rdatatype_format(qtype, typename, + sizeof(typename)); + ns_client_log(client, NS_LOGCATEGORY_CLIENT, + NS_LOGMODULE_QUERY, + ISC_LOG_DEBUG(1), + "servfail cache hit %s/%s (%s)", + namebuf, typename, + ((flags & NS_FAILCACHE_CD) != 0) + ? "CD=1" + : "CD=0"); + } + client->attributes |= NS_CLIENTATTR_NOSETFC; + QUERY_ERROR(DNS_R_SERVFAIL); + goto cleanup; } - client->attributes |= NS_CLIENTATTR_NOSETFC; - QUERY_ERROR(DNS_R_SERVFAIL); - goto cleanup; } /* @@ -8385,6 +8389,7 @@ ns_query_start(ns_client_t *client) { */ client->query.attributes &= ~(NS_QUERYATTR_RECURSIONOK|NS_QUERYATTR_CACHEOK); + client->query.attributes |= NS_CLIENTATTR_NOSETFC; } else if ((client->attributes & NS_CLIENTATTR_RA) == 0 || (message->flags & DNS_MESSAGEFLAG_RD) == 0) { /* @@ -8394,6 +8399,7 @@ ns_query_start(ns_client_t *client) { * doesn't want recursion, turn recursion off. */ client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK; + client->query.attributes |= NS_CLIENTATTR_NOSETFC; } /* diff --git a/bin/tests/system/checkconf/altdlz.conf b/bin/tests/system/checkconf/altdlz.conf index 2f663da0f2..f0492b54e0 100644 --- a/bin/tests/system/checkconf/altdlz.conf +++ b/bin/tests/system/checkconf/altdlz.conf @@ -23,3 +23,8 @@ zone "example.com" { type master; dlz external; }; + +zone "." { + type redirect; + dlz external; +}; diff --git a/bin/tests/system/checkzone/zones/badttl.db b/bin/tests/system/checkzone/zones/badttl.db new file mode 100644 index 0000000000..256731e594 --- /dev/null +++ b/bin/tests/system/checkzone/zones/badttl.db @@ -0,0 +1,23 @@ +; Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + + +$TTL +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 + +ns-and-dname NS ns.ns-and-dname + DNAME example.com. +ns.ns-and-dname A 203.178.141.207 diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index ab65200677..51e1193651 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -2166,14 +2166,14 @@ status=`expr $status + $ret` echo "I:checking dnskey query with no data still gets put in cache ($n)" ret=0 myDIGOPTS="+noadd +nosea +nostat +noquest +nocomm +nocmd -p 5300 @10.53.0.4" -firstVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '{ print $2 }'` +firstVal=`$DIG $myDIGOPTS insecure.example. dnskey| awk '$1 != ";;" { print $2 }'` sleep 1 -secondVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '{ print $2 }'` -if [ $firstVal -eq $secondVal ] +secondVal=`$DIG $myDIGOPTS insecure.example. dnskey| awk '$1 != ";;" { print $2 }'` +if [ ${firstVal:-0} -eq ${secondVal:-0} ] then sleep 1 - thirdVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '{ print $2 }'` - if [ $firstVal -eq $thirdVal ] + thirdVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '$1 != ";;" { print $2 }'` + if [ ${firstVal:-0} -eq ${thirdVal:-0} ] then echo "I: cannot confirm query answer still in cache" ret=1 @@ -2339,13 +2339,13 @@ $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload expiring.example 2>&1 | $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush $DIG +noall +answer +dnssec +cd -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.1.$n $DIG +noall +answer +dnssec -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.2.$n -ttls=`awk '{print $2}' dig.out.ns4.1.$n` -ttls2=`awk '{print $2}' dig.out.ns4.2.$n` -for ttl in $ttls; do - [ $ttl -eq 300 ] || ret=1 +ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n` +ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n` +for ttl in ${ttls:-0}; do + [ ${ttl:-0} -eq 300 ] || ret=1 done -for ttl in $ttls2; do - [ $ttl -le 60 ] || ret=1 +for ttl in ${ttls2:-0}; do + [ ${ttl:-0} -le 60 ] || ret=1 done n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi @@ -2354,15 +2354,16 @@ status=`expr $status + $ret` echo "I:testing TTL is capped at RRSIG expiry time for records in the additional section ($n)" ret=0 $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush +sleep 1 $DIG +noall +additional +dnssec +cd -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.1.$n $DIG +noall +additional +dnssec -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n -ttls=`awk '{print $2}' dig.out.ns4.1.$n` -ttls2=`awk '{print $2}' dig.out.ns4.2.$n` -for ttl in $ttls; do - [ $ttl -eq 300 ] || ret=1 +ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n` +ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n` +for ttl in ${ttls:-300}; do + [ ${ttl:-0} -eq 300 ] || ret=1 done -for ttl in $ttls2; do - [ $ttl -le 60 ] || ret=1 +for ttl in ${ttls2:-0}; do + [ ${ttl:-0} -le 60 ] || ret=1 done n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi @@ -2377,12 +2378,12 @@ ret=0 $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush $DIG +noall +answer +dnssec +cd -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.1.$n $DIG +noall +answer +dnssec -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.2.$n -ttls=`awk '{print $2}' dig.out.ns4.1.$n` -ttls2=`awk '{print $2}' dig.out.ns4.2.$n` -for ttl in $ttls; do +ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n` +ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n` +for ttl in ${ttls:-0}; do [ $ttl -eq 300 ] || ret=1 done -for ttl in $ttls2; do +for ttl in ${ttls2:-0}; do [ $ttl -le 120 -a $ttl -gt 60 ] || ret=1 done n=`expr $n + 1` @@ -2393,12 +2394,12 @@ echo "I:testing TTL of expired RRsets with dnssec-accept-expired yes; ($n)" ret=0 $DIG +noall +answer +dnssec +cd -p 5300 expired.example soa @10.53.0.4 > dig.out.ns4.1.$n $DIG +noall +answer +dnssec -p 5300 expired.example soa @10.53.0.4 > dig.out.ns4.2.$n -ttls=`awk '{print $2}' dig.out.ns4.1.$n` -ttls2=`awk '{print $2}' dig.out.ns4.2.$n` -for ttl in $ttls; do +ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n` +ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n` +for ttl in ${ttls:-0}; do [ $ttl -eq 300 ] || ret=1 done -for ttl in $ttls2; do +for ttl in ${ttls2:-0}; do [ $ttl -le 120 -a $ttl -gt 60 ] || ret=1 done n=`expr $n + 1` @@ -2410,12 +2411,12 @@ ret=0 $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush $DIG +noall +additional +dnssec +cd -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.1.$n $DIG +noall +additional +dnssec -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n -ttls=`awk '{print $2}' dig.out.ns4.1.$n` -ttls2=`awk '{print $2}' dig.out.ns4.2.$n` -for ttl in $ttls; do +ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n` +ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n` +for ttl in ${ttls:-300}; do [ $ttl -eq 300 ] || ret=1 done -for ttl in $ttls2; do +for ttl in ${ttls2:-0}; do [ $ttl -le 120 -a $ttl -gt 60 ] || ret=1 done n=`expr $n + 1` diff --git a/bin/tests/system/masterformat/ns1/named.conf b/bin/tests/system/masterformat/ns1/named.conf index 0968e729e0..d52ef6acfc 100644 --- a/bin/tests/system/masterformat/ns1/named.conf +++ b/bin/tests/system/masterformat/ns1/named.conf @@ -27,6 +27,7 @@ options { notify no; dnssec-enable yes; session-keyfile "session.key"; + servfail-ttl 0; }; key rndc_key { diff --git a/bin/tests/system/masterformat/ns2/named.conf b/bin/tests/system/masterformat/ns2/named.conf index 8da301ef1f..8307f1f095 100644 --- a/bin/tests/system/masterformat/ns2/named.conf +++ b/bin/tests/system/masterformat/ns2/named.conf @@ -26,6 +26,7 @@ options { recursion no; notify no; dnssec-enable yes; + servfail-ttl 0; }; zone "example" { diff --git a/bin/tests/system/views/setup.sh b/bin/tests/system/views/setup.sh index ebd059fdcc..254bd3bfc3 100644 --- a/bin/tests/system/views/setup.sh +++ b/bin/tests/system/views/setup.sh @@ -37,8 +37,8 @@ test -r $RANDFILE || $GENRANDOM 400 $RANDFILE # $KEYGEN -K ns2/internal -r $RANDFILE -3q inline > /dev/null 2>&1 $KEYGEN -K ns2/internal -r $RANDFILE -3qfk inline > /dev/null 2>&1 -k1=`$KEYGEN -K ns2/external -r $RANDFILE -3q inline` -k2=`$KEYGEN -K ns2/external -r $RANDFILE -3qfk inline` +k1=`$KEYGEN -K ns2/external -r $RANDFILE -3q inline 2> /dev/null` +k2=`$KEYGEN -K ns2/external -r $RANDFILE -3qfk inline 2> /dev/null` $KEYGEN -K ns2/external -r $RANDFILE -3q inline > /dev/null 2>&1 $KEYGEN -K ns2/external -r $RANDFILE -3qfk inline > /dev/null 2>&1 test -n "$k1" && rm -f ns2/external/$k1.* diff --git a/bin/tests/system/views/tests.sh b/bin/tests/system/views/tests.sh index 13748052f4..b90d7f5edf 100644 --- a/bin/tests/system/views/tests.sh +++ b/bin/tests/system/views/tests.sh @@ -123,17 +123,20 @@ fi if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -echo "I:verifying inline zones work with views" -ret=0 -$DIG @10.53.0.2 -p 5300 -b 10.53.0.2 +dnssec DNSKEY inline > dig.out.internal -$DIG @10.53.0.2 -p 5300 -b 10.53.0.5 +dnssec DNSKEY inline > dig.out.external -grep "ANSWER: 4," dig.out.internal > /dev/null || ret=1 -grep "ANSWER: 4," dig.out.external > /dev/null || ret=1 -int=`awk '$4 == "DNSKEY" { print $8 }' dig.out.internal | sort` -ext=`awk '$4 == "DNSKEY" { print $8 }' dig.out.external | sort` -test "$int" != "$ext" || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi -status=`expr $status + $ret` +if $SHELL ../testcrypto.sh +then + echo "I:verifying inline zones work with views" + ret=0 + $DIG @10.53.0.2 -p 5300 -b 10.53.0.2 +dnssec DNSKEY inline > dig.out.internal + $DIG @10.53.0.2 -p 5300 -b 10.53.0.5 +dnssec DNSKEY inline > dig.out.external + grep "ANSWER: 4," dig.out.internal > /dev/null || ret=1 + grep "ANSWER: 4," dig.out.external > /dev/null || ret=1 + int=`awk '$4 == "DNSKEY" { print $8 }' dig.out.internal | sort` + ext=`awk '$4 == "DNSKEY" { print $8 }' dig.out.external | sort` + test "$int" != "$ext" || ret=1 + if [ $ret != 0 ]; then echo "I:failed"; fi + status=`expr $status + $ret` +fi echo "I:exit status: $status" exit $status diff --git a/config.h.in b/config.h.in index d1e9352f33..e8170791fc 100644 --- a/config.h.in +++ b/config.h.in @@ -230,6 +230,9 @@ int sigwait(const unsigned int *set, int *sig); /* Build with GeoIP Country IPv6 support */ #undef HAVE_GEOIP_V6 +/* Define to use gperftools CPU profiler. */ +#undef HAVE_GPERFTOOLS_PROFILER + /* Define to 1 if you have the header file. */ #undef HAVE_GSSAPI_GSSAPI_H @@ -242,7 +245,7 @@ int sigwait(const unsigned int *set, int *sig); /* Define to 1 if you have the header file. */ #undef HAVE_GSSAPI_KRB5_H -/* Define to 1 if you have the `if_nametoindex' function. */ +/* Define to 1 if you have the if_nametoindex function. */ #undef HAVE_IF_NAMETOINDEX /* Define to 1 if you have the header file. */ diff --git a/configure b/configure index 095f9e2aa0..ca244b250b 100755 --- a/configure +++ b/configure @@ -1001,6 +1001,7 @@ with_libxml2 with_libjson enable_largefile with_purify +with_gperftools_profiler enable_backtrace enable_symtable enable_ipv6 @@ -1667,7 +1668,7 @@ Optional Features: --enable-libbind deprecated --enable-warn-error turn on -Werror when compiling --enable-developer enable developer build settings - --enable-seccomp enable support for libseccomp sysstem call filtering + --enable-seccomp enable support for libseccomp system call filtering [default=no] --enable-kqueue use BSD kqueue when available [default=yes] --enable-epoll use Linux epoll when available [default=auto] @@ -1707,7 +1708,7 @@ Optional Packages: --with-geoip=PATH Build with GeoIP support (yes|no|path) --with-gssapi=PATH Specify path for system-supplied GSSAPI [default=yes] --with-randomdev=PATH Specify path for random device - --with-locktype=ARG Specify mutex lock type (adaptive or standard) + --with-locktype=ARG Specify mutex lock type (adaptive or standard) --with-libtool use GNU libtool --with-openssl=PATH Build with OpenSSL yes|no|path. (Crypto is required for DNSSEC) @@ -1720,6 +1721,7 @@ Optional Packages: --with-libxml2=PATH build with libxml2 library yes|no|path --with-libjson=PATH build with libjson0 library yes|no|path --with-purify=PATH use Rational purify + --with-gperftools-profiler use gperftools CPU profiler --with-kame=PATH use Kame IPv6 default path /usr/local/v6 --with-readline=LIBSPEC specify readline library default -lreadline @@ -17106,6 +17108,34 @@ esac +# +# Google/Great Performance Tools CPU Profiler +# +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use gperftools profiler" >&5 +$as_echo_n "checking whether to use gperftools profiler... " >&6; } + +# Check whether --with-gperftools-profiler was given. +if test "${with_gperftools_profiler+set}" = set; then : + withval=$with_gperftools_profiler; use_profiler="$withval" +else + use_profiler="no" +fi + + +case $use_profiler in + yes) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_GPERFTOOLS_PROFILER 1" >>confdefs.h + + LIBS="$LIBS -lprofiler" + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; +esac # # enable/disable dumping stack backtrace. Also check if the system supports @@ -19107,7 +19137,8 @@ esac case $ac_cv_have_if_nametoindex in yes) ISC_PLATFORM_HAVEIFNAMETOINDEX="#define ISC_PLATFORM_HAVEIFNAMETOINDEX 1" - $as_echo "#define HAVE_IF_NAMETOINDEX 1" >>confdefs.h + +$as_echo "#define HAVE_IF_NAMETOINDEX 1" >>confdefs.h ;; *) diff --git a/configure.in b/configure.in index 4334143c6d..8067f003fb 100644 --- a/configure.in +++ b/configure.in @@ -95,7 +95,7 @@ esac #libseccomp sandboxing AC_ARG_ENABLE(seccomp, - AS_HELP_STRING([--enable-seccomp],[enable support for libseccomp sysstem call filtering [default=no]])) + AS_HELP_STRING([--enable-seccomp],[enable support for libseccomp system call filtering [default=no]])) case "$enable_seccomp" in yes) case $host_os in @@ -1127,7 +1127,7 @@ then AC_DEFINE(HAVE_PTHREAD_ATTR_SETSTACKSIZE),) AC_ARG_WITH(locktype, - [ --with-locktype=ARG Specify mutex lock type (adaptive or standard)], + [ --with-locktype=ARG Specify mutex lock type (adaptive or standard)], locktype="$withval", locktype="adaptive") case "$locktype" in @@ -2402,6 +2402,25 @@ esac AC_SUBST(PURIFY) +# +# Google/Great Performance Tools CPU Profiler +# +AC_MSG_CHECKING(whether to use gperftools profiler) +AC_ARG_WITH(gperftools-profiler, + [ --with-gperftools-profiler use gperftools CPU profiler], + use_profiler="$withval", use_profiler="no") + +case $use_profiler in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_GPERFTOOLS_PROFILER], 1, + [Define to use gperftools CPU profiler.]) + LIBS="$LIBS -lprofiler" + ;; + *) + AC_MSG_RESULT(no) + ;; +esac # # enable/disable dumping stack backtrace. Also check if the system supports @@ -3478,7 +3497,8 @@ esac case $ac_cv_have_if_nametoindex in yes) ISC_PLATFORM_HAVEIFNAMETOINDEX="#define ISC_PLATFORM_HAVEIFNAMETOINDEX 1" - AC_DEFINE(HAVE_IF_NAMETOINDEX, 1) + AC_DEFINE(HAVE_IF_NAMETOINDEX, 1, + [Define to 1 if you have the if_nametoindex function.]) ;; *) ISC_PLATFORM_HAVEIFNAMETOINDEX="#undef ISC_PLATFORM_HAVEIFNAMETOINDEX" diff --git a/lib/dns/include/dns/Makefile.in b/lib/dns/include/dns/Makefile.in index 0825ee10f5..ce134c28d5 100644 --- a/lib/dns/include/dns/Makefile.in +++ b/lib/dns/include/dns/Makefile.in @@ -13,15 +13,14 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.60 2011/11/14 18:32:34 each Exp $ - srcdir = @srcdir@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ @BIND9_VERSION@ -HEADERS = acache.h acl.h adb.h bit.h byaddr.h cache.h callbacks.h cert.h \ +HEADERS = acache.h acl.h adb.h badcache.h bit.h byaddr.h \ + cache.h callbacks.h cert.h \ client.h clientinfo.h compress.h \ db.h dbiterator.h dbtable.h diff.h dispatch.h \ dlz.h dlz_dlopen.h dns64.h dnssec.h ds.h dsdigest.h \ diff --git a/lib/dns/master.c b/lib/dns/master.c index 98ec9280dc..3f46c8b35b 100644 --- a/lib/dns/master.c +++ b/lib/dns/master.c @@ -221,7 +221,7 @@ task_send(dns_loadctx_t *lctx); static void loadctx_destroy(dns_loadctx_t *lctx); -#define GETTOKEN(lexer, options, token, eol) \ +#define GETTOKENERR(lexer, options, token, eol, err) \ do { \ result = gettoken(lexer, options, token, eol, callbacks); \ switch (result) { \ @@ -234,6 +234,7 @@ loadctx_destroy(dns_loadctx_t *lctx); SETRESULT(lctx, result); \ LOGIT(result); \ read_till_eol = ISC_TRUE; \ + err \ goto next_line; \ } else \ goto log_and_cleanup; \ @@ -249,6 +250,8 @@ loadctx_destroy(dns_loadctx_t *lctx); goto log_and_cleanup; \ } \ } while (0) +#define GETTOKEN(lexer, options, token, eol) \ + GETTOKENERR(lexer, options, token, eol, {} ) #define COMMITALL \ do { \ @@ -389,13 +392,19 @@ gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *token, if (eol != ISC_TRUE) if (token->type == isc_tokentype_eol || token->type == isc_tokentype_eof) { + unsigned long int line; + const char *what; + const char *file; + file = isc_lex_getsourcename(lex); + line = isc_lex_getsourceline(lex); + if (token->type == isc_tokentype_eol) { + line--; + what = "line"; + } else + what = "file"; (*callbacks->error)(callbacks, "dns_master_load: %s:%lu: unexpected end of %s", - isc_lex_getsourcename(lex), - isc_lex_getsourceline(lex), - (token->type == - isc_tokentype_eol) ? - "line" : "file"); + file, line, what); return (ISC_R_UNEXPECTEDEND); } return (ISC_R_SUCCESS); @@ -1152,7 +1161,9 @@ load_text(dns_loadctx_t *lctx) { finish_origin = ISC_TRUE; } else if (strcasecmp(DNS_AS_STR(token), "$TTL") == 0) { - GETTOKEN(lctx->lex, 0, &token, ISC_FALSE); + GETTOKENERR(lctx->lex, 0, &token, ISC_FALSE, + lctx->ttl = 0; + lctx->default_ttl_known = ISC_TRUE;); result = dns_ttl_fromtext(&token.value.as_textregion, &lctx->ttl); diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c index 6c3f555f8d..2056394e03 100644 --- a/lib/dns/openssldh_link.c +++ b/lib/dns/openssldh_link.c @@ -93,7 +93,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv, if (r.length < len) return (ISC_R_NOSPACE); ret = DH_compute_key(r.base, dhpub->pub_key, dhpriv); - if (ret == 0) + if (ret <= 0) return (dst__openssl_toresult2("DH_compute_key", DST_R_COMPUTESECRETFAILURE)); isc_buffer_add(secret, len); diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c index 026d771235..ab31d7d3d0 100644 --- a/lib/dns/rdataset.c +++ b/lib/dns/rdataset.c @@ -80,6 +80,7 @@ dns_rdataset_init(dns_rdataset_t *rdataset) { rdataset->privateuint4 = 0; rdataset->private5 = NULL; rdataset->private6 = NULL; + rdataset->private7 = NULL; rdataset->resign = 0; } diff --git a/lib/isc/unix/app.c b/lib/isc/unix/app.c index afbc6a9736..bde902814c 100644 --- a/lib/isc/unix/app.c +++ b/lib/isc/unix/app.c @@ -716,6 +716,18 @@ isc__app_ctxrun(isc_appctx_t *ctx0) { strbuf); return (ISC_R_UNEXPECTED); } +#ifdef HAVE_GPERFTOOLS_PROFILER + /* + * Don't want to get 99.99% real time is sigsuspend()! + */ + if (sigaddset(&sset, SIGALRM) != 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_app_run() sigsetops: %s", + strbuf); + return (ISC_R_UNEXPECTED); + } +#endif result = sigsuspend(&sset); } else { /* diff --git a/util/copyrights b/util/copyrights index 27429ac8a2..ab53efbaf3 100644 --- a/util/copyrights +++ b/util/copyrights @@ -959,6 +959,7 @@ ./bin/tests/system/checkzone/zones/bad-nsec3owner-padded.db ZONE 2014 ./bin/tests/system/checkzone/zones/bad1.db ZONE 2013 ./bin/tests/system/checkzone/zones/bad2.db ZONE 2014 +./bin/tests/system/checkzone/zones/badttl.db ZONE 2014 ./bin/tests/system/checkzone/zones/good-nsec3-nopadhash.db ZONE 2014 ./bin/tests/system/checkzone/zones/good1.db ZONE 2011 ./bin/tests/system/checkzone/zones/spf.db ZONE 2013 @@ -1002,6 +1003,13 @@ ./bin/tests/system/database/ns1/named.conf2 CONF-C 2011,2013 ./bin/tests/system/database/setup.sh SH 2011,2012 ./bin/tests/system/database/tests.sh SH 2011,2012 +./bin/tests/system/delv/clean.sh SH 2014 +./bin/tests/system/delv/ns1/named.conf CONF-C 2014 +./bin/tests/system/delv/ns1/root.db ZONE 2014 +./bin/tests/system/delv/ns2/example.db ZONE 2014 +./bin/tests/system/delv/ns2/named.conf CONF-C 2014 +./bin/tests/system/delv/ns3/named.conf CONF-C 2014 +./bin/tests/system/delv/tests.sh SH 2014 ./bin/tests/system/dialup/ns1/example.db ZONE 2000,2001,2004,2007 ./bin/tests/system/dialup/ns1/named.conf CONF-C 2000,2001,2004,2007 ./bin/tests/system/dialup/ns1/root.db ZONE 2000,2001,2004,2007 diff --git a/win32utils/Configure b/win32utils/Configure index 3aac50c518..c0cfa647dc 100644 --- a/win32utils/Configure +++ b/win32utils/Configure @@ -2930,12 +2930,14 @@ exit 0; # --with-libxml2 supported # --with-libjson not supported on WIN32 (package not available on WIN32) # --with-purify ? (package available on WIN32 but for free?) +# --with-gperftools-profiler (package not available on WIN32) # --with-libtool not supported on WIN32 (never) # --with-locktype not supported on WIN32 (not yet available on WIN32) # --with-readline supported # --with-idn support # --with-[lib]iconv (part of IDN) # --with-atf not supported on WIN32 (package not available on WIN32) +# --with-tuning supported # --with-dlopen included without a way to disable it # --with-dlz-* ? #