Commit graph

1394 commits

Author SHA1 Message Date
Aaron Thompson
8607580599 Update to PKCS#11 v3.0 EdDSA macros.
(cherry picked from commit 3e685fe01a)
2020-05-01 06:54:26 +02:00
Aaron Thompson
b5f2e93339 Fix compiler warnings about unused pk11 constants.
(cherry picked from commit 2ef379d911)
2020-05-01 06:54:26 +02:00
Aaron Thompson
61853130c9 Remove remaining PKCS#11 DH references.
Missed in 0a73c9f137 and 8efd394c80.

(cherry picked from commit d28c7dadbb)
2020-05-01 06:54:26 +02:00
Aaron Thompson
f534519af5 Finish refactoring after the removal of --with-ecdsa and --with-eddsa.
Missed in c3b8130fe8.

(cherry picked from commit 7fc4f926fb)
2020-05-01 06:54:26 +02:00
Ondřej Surý
8717ce376b Stop leaking OpenSSL types and defines in the isc/hmac.h
The <isc/md.h> header directly included <openssl/hmac.h> header which
enforced all users of the libisc library to explicitly list the include
path to OpenSSL and link with -lcrypto.  By hiding the specific
implementation into the private namespace, we no longer enforce this.
In the long run, this might also allow us to switch cryptographic
library implementation without affecting the downstream users.

(cherry picked from commit 70100c664a)
2020-04-28 16:28:54 +02:00
Ondřej Surý
5948a29463 Stop leaking OpenSSL types and defines in the isc/safe.h
The two "functions" that isc/safe.h declared before were actually simple
defines to matching OpenSSL functions.  The downside of the approach was
enforcing all users of the libisc library to explicitly list the include
path to OpenSSL and link with -lcrypto.  By hiding the specific
implementation into the private namespace changing the defines into
simple functions, we no longer enforce this.  In the long run, this
might also allow us to switch cryptographic library implementation
without affecting the downstream users.

(cherry picked from commit ab827ab5bf)
2020-04-28 16:27:39 +02:00
Ondřej Surý
c22c8cb0e1 Stop leaking OpenSSL types and defines in the isc/md.h
The <isc/md.h> header directly included <openssl/evp.h> header which
enforced all users of the libisc library to explicitly list the include
path to OpenSSL and link with -lcrypto.  By hiding the specific
implementation into the private namespace, we no longer enforce this.
In the long run, this might also allow us to switch cryptographic
library implementation without affecting the downstream users.

While making the isc_md_type_t type opaque, the API using the data type
was changed to use the pointer to isc_md_type_t instead of using the
type directly.

(cherry picked from commit 4e114f8ed6)
2020-04-28 15:24:07 +02:00
Aaron Thompson
99f800df0d Fix/improve some comments in buffer.h.
isc_buffer_dup now cannot fail as a result of c73e5866c4.

(cherry picked from commit 850d8ae019)
2020-04-16 15:58:25 +02:00
Witold Kręcicki
365636dbc9 netmgr refactoring: use generic functions when operating on sockets.
tcpdns used transport-specific functions to operate on the outer socket.
Use generic ones instead, and select the proper call in netmgr.c.
Make the missing functions (e.g. isc_nm_read) generic and add type-specific
calls (isc__nm_tcp_read). This is the preparation for netmgr TLS layer.

(cherry picked from commit 5fedd21e16)
2020-04-03 13:44:28 +02:00
Witold Kręcicki
7ab77d009d Add a quota attach function with a callback, some code cleanups.
We introduce a isc_quota_attach_cb function - if ISC_R_QUOTA is returned
at the time the function is called, then a callback will be called when
there's quota available (with quota already attached). The callbacks are
organized as a LIFO queue in the quota structure.
It's needed for TCP client quota -  with old networking code we had one
single place where tcp clients quota was processed so we could resume
accepting when the we had spare slots, but it's gone with netmgr - now
we need to notify the listener/accepter that there's quota available so
that it can resume accepting.

Remove unused isc_quota_force() function.

The isc_quote_reserve and isc_quota_release were used only internally
from the quota.c and the tests.  We should not expose API we are not
using.

(cherry picked from commit d151a10f30)
2020-03-30 10:29:33 +02:00
Mark Andrews
af14091f65 Refactor the isc_log API so it cannot fail on memory failures
The isc_mem API now crashes on memory allocation failure, and this is
the next commit in series to cleanup the code that could fail before,
but cannot fail now, e.g. isc_result_t return type has been changed to
void for the isc_log API functions that could only return ISC_R_SUCCESS.

(cherry picked from commit 0b793166d0)
2020-03-18 11:44:18 +01:00
Diego Fronza
341b69aa7e Fixed potential-lock-inversion
This commit simplifies a bit the lock management within dns_resolver_prime()
and prime_done() functions by means of turning resolver's attribute
"priming" into an atomic_bool and by creating only one dependent object on the
lock "primelock", namely the "primefetch" attribute.

By having the attribute "priming" as an atomic type, it save us from having to
use a lock just to test if priming is on or off for the given resolver context
object, within "dns_resolver_prime" function.

The "primelock" lock is still necessary, since dns_resolver_prime() function
internally calls dns_resolver_createfetch(), and whenever this function
succeeds it registers an event in the task manager which could be called by
another thread, namely the "prime_done" function, and this function is
responsible for disposing the "primefetch" attribute in the resolver object,
also for resetting "priming" attribute to false.

It is important that the invariant "priming == false AND primefetch == NULL"
remains constant, so that any thread calling "dns_resolver_prime" knows for sure
that if the "priming" attribute is false, "primefetch" attribute should also be
NULL, so a new fetch context could be created to fulfill this purpose, and
assigned to "primefetch" attribute under the lock protection.

To honor the explanation above, dns_resolver_prime is implemented as follow:
	1. Atomically checks the attribute "priming" for the given resolver context.
	2. If "priming" is false, assumes that "primefetch" is NULL (this is
           ensured by the "prime_done" implementation), acquire "primelock"
	   lock and create a new fetch context, update "primefetch" pointer to
	   point to the newly allocated fetch context.
	3. If "priming" is true, assumes that the job is already in progress,
	   no locks are acquired, nothing else to do.

To keep the previous invariant consistent, "prime_done" is implemented as follow:
	1. Acquire "primefetch" lock.
	2. Keep a reference to the current "primefetch" object;
	3. Reset "primefetch" attribute to NULL.
	4. Release "primefetch" lock.
	5. Atomically update "priming" attribute to false.
	6. Destroy the "primefetch" object by using the temporary reference.

This ensures that if "priming" is false, "primefetch" was already reset to NULL.

It doesn't make any difference in having the "priming" attribute not protected
by a lock, since the visible state of this variable would depend on the calling
order of the functions "dns_resolver_prime" and "prime_done".

As an example, suppose that instead of using an atomic for the "priming" attribute
we employed a lock to protect it.
Now suppose that "prime_done" function is called by Thread A, it is then preempted
before acquiring the lock, thus not reseting "priming" to false.
In parallel to that suppose that a Thread B is scheduled and that it calls
"dns_resolver_prime()", it then acquires the lock and check that "priming" is true,
thus it will consider that this resolver object is already priming and it won't do
any more job.
Conversely if the lock order was acquired in the other direction, Thread B would check
that "priming" is false (since prime_done acquired the lock first and set "priming" to false)
and it would initiate a priming fetch for this resolver.

An atomic variable wouldn't change this behavior, since it would behave exactly the
same, depending on the function call order, with the exception that it would avoid
having to use a lock.

There should be no side effects resulting from this change, since the previous
implementation employed use of the more general resolver's "lock" mutex, which
is used in far more contexts, but in the specifics of the "dns_resolver_prime"
and "prime_done" it was only used to protect "primefetch" and "priming" attributes,
which are not used in any of the other critical sections protected by the same lock,
thus having zero dependency on those variables.
2020-03-06 13:37:07 -03:00
Diego Fronza
84d6896661 Added atomic_compare_exchange_strong_acq_rel macro
It is much better to read than:
atomic_compare_exchange_strong_explicit() with 5 arguments.
2020-03-06 13:37:07 -03:00
Mark Andrews
5d64049301 Fix lists of installed header files 2020-03-06 13:00:04 +11:00
Evan Hunt
11a0d771f9 fix spelling errors reported by Fossies.
(cherry picked from commit ba0313e649)
2020-02-21 07:05:31 +00:00
Ondřej Surý
36987a98d1 Merge branch 'ondrej/fix-crash-on-arm64-from-weak-cmpxchg' into 'master'
Fix crash on arm64 from using atomic_compare_exchange_weak outside of the loop

See merge request isc-projects/bind9!3042

(cherry picked from commit e4671ef2fa)

fa68a0d8 Added atomic_compare_exchange_strong_acq_rel macro
4cf275ba Replace non-loop usage of atomic_compare_exchange_weak with strong variant
4ff887db Add arm64 to GitLab CI
2020-02-20 19:21:01 +00:00
Ondřej Surý
649fe9be35 Fixup the missing clang-format bits
(cherry picked from commit 3832e3ecc9)
2020-02-16 18:07:27 +01:00
Ondřej Surý
829b461c54 Merge branch '46-enforce-clang-format-rules' into 'master'
Start enforcing the clang-format rules on changed files

Closes #46

See merge request isc-projects/bind9!3063

(cherry picked from commit a04cdde45d)

d2b5853b Start enforcing the clang-format rules on changed files
618947c6 Switch AlwaysBreakAfterReturnType from TopLevelDefinitions to All
654927c8 Add separate .clang-format files for headers
5777c44a Reformat using the new rules
60d29f69 Don't enforce copyrights on .clang-format
2020-02-14 08:45:59 +00:00
Ondřej Surý
cdef20bb66 Merge branch 'each-style-tweak' into 'master'
adjust clang-format options to get closer to ISC style

See merge request isc-projects/bind9!3061

(cherry picked from commit d3b49b6675)

0255a974 revise .clang-format and add a C formatting script in util
e851ed0b apply the modified style
2020-02-14 05:35:29 +00:00
Ondřej Surý
2e55baddd8 Merge branch '46-add-curly-braces' into 'master'
Add curly braces using uncrustify and then reformat with clang-format back

Closes #46

See merge request isc-projects/bind9!3057

(cherry picked from commit 67b68e06ad)

36c6105e Use coccinelle to add braces to nested single line statement
d14bb713 Add copy of run-clang-tidy that can fixup the filepaths
056e133c Use clang-tidy to add curly braces around one-line statements
2020-02-13 21:28:35 +00:00
Ondřej Surý
c931d8e417 Merge branch '46-just-use-clang-format-to-reformat-sources' into 'master'
Reformat source code with clang-format

Closes #46

See merge request isc-projects/bind9!2156

(cherry picked from commit 7099e79a9b)

4c3b063e Import Linux kernel .clang-format with small modifications
f50b1e06 Use clang-format to reformat the source files
11341c76 Update the definition files for Windows
df6c1f76 Remove tkey_test (which is no-op anyway)
2020-02-12 14:51:18 +00:00
Ondřej Surý
0dfec4eef7 Remove #include <config.h> from netmgr.h 2020-02-08 03:12:09 -08:00
Mark Andrews
6c2e138d7a simplify ISC_LIKELY/ISC_UNLIKELY for CPPCHECK 2020-02-04 11:09:22 +01:00
Mark Andrews
668a972d1e simplify RUNTIME_CHECK for cppcheck 2020-02-04 11:09:22 +01:00
Ondřej Surý
4459745ff2 isc_buffer_allocate() can't fail now, change the return type to void 2020-02-03 08:29:00 +01:00
Ondřej Surý
de123a67d6 isc_mempool_create cannot fail, change the return type to void 2020-02-02 08:39:45 +01:00
Ondřej Surý
9643a62dd5 Refactor parts of isc_httpd and isc_httpd for better readability and safety 2020-01-22 11:13:53 +11:00
Witold Kręcicki
493b6a9f33 Make hazard pointers max_threads configurable at runtime.
hp implementation requires an object for each thread accessing
a hazard pointer. previous implementation had a hardcoded
HP_MAX_THREAD value of 128, which failed on machines with lots of
CPU cores (named uses 3n threads). We make isc__hp_max_threads
configurable at startup, with the value set to 4*named_g_cpus.
It's also important for this value not to be too big as we do
linear searches on a list.
2020-01-14 21:26:57 +01:00
Ondřej Surý
c4aec79079 When compiling with MSVC, use inline functions for isc_refcount_increment/decrement 2020-01-14 13:12:13 +01:00
Ondřej Surý
49976947ab Restore DbC checks in isc_refcount API
The isc_refcount API that provides reference counting lost DbC checks for
overflows and underflows in the isc_refcount_{increment,decrement} functions.

The commit restores the overflow check in the isc_refcount_increment and
underflows check in the isc_refcount_decrement by checking for the previous
value to not be on the boundary.
2020-01-14 13:12:13 +01:00
Evan Hunt
80a5c9f5c8 associate socket stats counters with netmgr socket objects
- the socket stat counters have been moved from socket.h to stats.h.
- isc_nm_t now attaches to the same stats counter group as
  isc_socketmgr_t, so that both managers can increment the same
  set of statistics
- isc__nmsocket_init() now takes an interface as a paramter so that
  the address family can be determined when initializing the socket.
- based on the address family and socket type, a group of statistics
  counters will be associated with the socket - for example, UDP4Active
  with IPv4 UDP sockets and TCP6Active with IPv6 TCP sockets.  note
  that no counters are currently associated with TCPDNS sockets; those
  stats will be handled by the underlying TCP socket.
- the counters are not actually used by netmgr sockets yet; counter
  increment and decrement calls will be added in a later commit.
2020-01-13 14:05:02 -08:00
Ondřej Surý
17deac8b8e Remove unused isc_log_get() function 2020-01-08 11:53:04 +01:00
Ondřej Surý
255134166c Add conditional ISC_NO_SANITIZE macro to disable TSAN for function 2020-01-08 11:53:04 +01:00
Diego Fronza
ed9853e739 Fix tcp-highwater stats updating
After the network manager rewrite, tcp-higwater stats was only being
updated when a valid DNS query was received over tcp.

It turns out tcp-quota is updated right after a tcp connection is
accepted, before any data is read, so in the event that some client
connect but don't send a valid query, it wouldn't be taken into
account to update tcp-highwater stats, that is wrong.

This commit fix tcp-highwater to update its stats whenever a tcp connection
is established, independent of what happens after (timeout/invalid
request, etc).
2019-12-12 11:23:10 -08:00
Ondřej Surý
01731d4b1b Add and use ISC_THREAD_LOCAL macro
The new ISC_THREAD_LOCAL macro unifies usage of platform dependent
Thread Local Storage definition thread_local vs __thread vs
__declspec(thread) to a single macro.

The commit also unifies the required level of support for TLS as for
some parts of the code it was mandatory and for some parts of the code
it wasn't.
2019-12-03 16:27:24 +01:00
Mark Andrews
912ce87479 Make fctx->attributes atomic.
FCTX_ATTR_SHUTTINGDOWN needs to be set and tested while holding the node
lock but the rest of the attributes don't as they are task locked. Making
fctx->attributes atomic allows both behaviours without races.
2019-12-03 08:58:53 +11:00
Ondřej Surý
b9f4ba19a6 Use integer fast type for mutexatomic shim type 2019-11-26 13:07:12 +01:00
Ondřej Surý
3ce6708be2 Add missing header guard to new header files 2019-11-25 09:10:29 +01:00
Evan Hunt
00333a5c97 netmgr: add shutdown function
- new function isc_nm_shutdown() shuts down all active TCP connections,
  but does not destroy the netmgr.
2019-11-22 16:46:32 -08:00
Witold Kręcicki
37354ee225 netmgr: fix TCP backlog and client quota count
- add support for TCP backlog, using the value provided by config.
 - don't attach to TCP client quota for listening sockets, only
   connected sockets.
2019-11-22 16:46:32 -08:00
Evan Hunt
c4ad0466d6 netmgr: log TCP connection errors 2019-11-22 16:46:32 -08:00
Evan Hunt
199bd6b623 netmgr: make TCP timeouts configurable
- restore support for tcp-initial-timeout, tcp-idle-timeout,
  tcp-keepalive-timeout and tcp-advertised-timeout configuration
  options, which were ineffective previously.
2019-11-22 16:46:31 -08:00
Evan Hunt
123ee350dc place a limit on pipelined queries that can be processed simultaneously
when the TCPDNS_CLIENTS_PER_CONN limit has been exceeded for a TCP
DNS connection, switch to sequential mode to ensure that memory cannot
be exhausted by too many simultaneous queries.
2019-11-17 18:59:39 -08:00
Samuel Thibault
d10fbdec84 hurd: Fix build
Move PATH_MAX, NAME_MAX, IOV_MAX default definitions to the common
<isc/platform.h>.
2019-11-10 20:14:17 +00:00
Evan Hunt
b9a5508e52 remove ISC_QUEUE as it is no longer used 2019-11-07 11:55:37 -08:00
Witold Kręcicki
a85a65f96e add atomic_exchange operations to mutexatomic.h and win32 stdatomic.h 2019-11-07 11:55:37 -08:00
Evan Hunt
59c64fa4bd add isc_task_pause() and isc_task_unpause() functions
This allows a task to be temporary disabled so that objects won't be
processed simultaneously by libuv events and isc_task events. When a
task is paused, currently running events may complete, but no further
event will added to the run queue will be executed until the task is
unpaused.
2019-11-07 11:55:37 -08:00
Evan Hunt
36ee430327 optionally associate a netmgr with a task manager when creating
When a task manager is created, we can now specify an `isc_nm`
object to associate with it; thereafter when the task manager is
placed into exclusive mode, the network manager will be paused.
2019-11-07 11:55:37 -08:00
Witold Kręcicki
70397f9d92 netmgr: libuv-based network manager
This is a replacement for the existing isc_socket and isc_socketmgr
implementation. It uses libuv for asynchronous network communication;
"networker" objects will be distributed across worker threads reading
incoming packets and sending them for processing.

UDP listener sockets automatically create an array of "child" sockets
so each worker can listen separately.

TCP sockets are shared amongst worker threads.

A TCPDNS socket is a wrapper around a TCP socket, which handles the
the two-byte length field at the beginning of DNS messages over TCP.

(Other wrapper socket types can be implemented in the future to handle
DNS over TLS, DNS over HTTPS, etc.)
2019-11-07 11:55:37 -08:00
Evan Hunt
a8c814cb2f implement fixed-size array stack data structure 2019-11-07 11:55:37 -08:00
Witold Kręcicki
402969bf95 implement fetch-and-add array queue data structure
this is a lockless queue based on hazard pointers.
2019-11-07 11:55:37 -08:00
Evan Hunt
64e1a4a398 temporarily move ISC_QUEUE to list.h
The double-locked queue implementation is still currently in use
in ns_client, but will be replaced by a fetch-and-add array queue.
This commit moves it from queue.h to list.h so that queue.h can be
used for the new data structure, and clean up dependencies between
list.h and types.h. Later, when the ISC_QUEUE is no longer is use,
it will be removed completely.
2019-11-07 11:55:37 -08:00
Witold Kręcicki
aa57fa7090 implement hazard pointer data structure
this is a mechanism to allow safe lock-free data structures.
2019-11-07 11:55:37 -08:00
Witold Kręcicki
a5f8374400 add isc_sockaddr_fromsockaddr function
This converts from struct sockaddr to isc_sockaddr_t
2019-11-07 11:55:37 -08:00
Diego Fronza
a544e2e300 Add functions for collecting high-water counters
Add {isc,ns}_stats_{update_if_greater,get_counter}() functions that
are used to set and collect high-water type of statistics.
2019-11-06 09:11:20 +01:00
Diego Fronza
0fc98ef2d5 Change the isc_statscounter_t type from int to C99 int_fast64_t type
For TCP high-water work, we need to keep the used integer types widths
in sync.

Note: int_fast32_t is used on WIN32 platform
2019-11-06 08:43:46 +01:00
Michał Kępień
abfde3d543 Fix cppcheck 1.89 warnings
cppcheck 1.89 enabled certain value flow analysis mechanisms [1] which
trigger null pointer dereference false positives in lib/dns/rpz.c:

    lib/dns/rpz.c:582:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:1419:44: note: Calling function 'adj_trigger_cnt', 4th argument 'NULL' value is 0
      adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
                                               ^
    lib/dns/rpz.c:582:7: note: Null pointer dereference
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:596:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:1419:44: note: Calling function 'adj_trigger_cnt', 4th argument 'NULL' value is 0
      adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
                                               ^
    lib/dns/rpz.c:596:7: note: Null pointer dereference
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:610:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:1419:44: note: Calling function 'adj_trigger_cnt', 4th argument 'NULL' value is 0
      adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
                                               ^
    lib/dns/rpz.c:610:7: note: Null pointer dereference
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^

It seems that cppcheck no longer treats at least some REQUIRE()
assertion failures as fatal, so add extra assertion macro definitions to
lib/isc/include/isc/util.h that are only used when the CPPCHECK
preprocessor macro is defined; these definitions make cppcheck 1.89
behave as expected.

There is an important requirement for these custom definitions to work:
cppcheck must properly treat abort() as a function which does not
return.  In order for that to happen, the __GNUC__ macro must be set to
a high enough number (because system include directories are used and
system headers compile attributes away if __GNUC__ is not high enough).
__GNUC__ is thus set to the major version number of the GCC compiler
used, which is what that latter does itself during compilation.

[1] aaeec462e6
2019-10-16 22:23:36 +02:00
Mark Andrews
fb87e669fb Detect partial prefixes / incomplete IPv4 address in acls. 2019-10-14 00:28:07 +11:00
Ondřej Surý
635e5293b2 Remove unused RSA Security copyrighted cryptoki.h header 2019-10-04 08:35:45 +02:00
Ondřej Surý
8828a41077 Declare __SANITIZE_THREAD__ in isc/util.h when clang ThreadSanitizer is used 2019-10-02 14:09:33 +02:00
Ondřej Surý
5a788adb1c Add ATOMIC_VAR_INIT initializer to mutexatomics.h 2019-09-26 11:37:35 +02:00
Ondřej Surý
728fc0ca25 Add atomic_fetch_add and atomic_fetch_or convenience macros and unix and win32 shims 2019-09-26 11:37:35 +02:00
Ondřej Surý
c47fad2431 Replace the OASIS PKCS#11 header file with one from p11-kit
The OASIS pkcs11.h header has a restrictive license.  Replace the
pkcs11.h pkcs11f.h and pkcs11t.h headers with pkcs11.h from p11-kit.

For source distribution, the license for the OASIS headers itself
doesn't pose any licensing problem when combined with MPL license, but
it possibly creates problem for downstream distributors of BIND 9.
2019-09-16 04:47:50 -04:00
Ondřej Surý
aea3631fd5 Check isc_mutex_{lock,unlock}() return values in mutexatomic.h shim 2019-09-13 10:55:14 +02:00
Ondřej Surý
aeea5ece97 Remove now useless ISC_MEMFLAG_NOLOCK memflag
Previously the libisc allocator had ability to run unlocked when threading was
disabled.  As the threading is now always on, remove the ISC_MEMFLAG_NOLOCK
memory flag as it serves no purpose.
2019-09-12 09:26:09 +02:00
Ondřej Surý
19fbdef31e Remove unused isc_mem_createx() function
The isc_mem_createx() function was only used in the tests to eliminate using the
default flags (which as of writing this commit message was ISC_MEMFLAG_INTERNAL
and ISC_MEMFLAG_FILL).  This commit removes the isc_mem_createx() function from
the public API.
2019-09-12 09:26:09 +02:00
Ondřej Surý
1b716a39f5 Simplify isc_mem_create() to always use defaults and never fail
Previously, the isc_mem_create() and isc_mem_createx() functions took `max_size`
and `target_size` as first two arguments.  Those values were never used in the
BIND 9 code.  The refactoring removes those arguments and let BIND 9 always use
the default values.

Previously, the isc_mem_create() and isc_mem_createx() functions could have
failed because of failed memory allocation.  As this was no longer true and the
functions have always returned ISC_R_SUCCESS, the have been refactored to return
void.
2019-09-12 09:26:09 +02:00
Mark Andrews
2f558854b7 implement maxudp under windows 2019-09-04 10:04:14 +10:00
Ondřej Surý
6fd3259560 Fix alignment issues in the native implementation of isc_siphash24()
The native implementation's conversion from the uint8_t buffers to uint64_t now
follows the reference implementation that doesn't require aligned buffers.
2019-09-02 13:21:07 +02:00
Ondřej Surý
a912f31398 Add new default siphash24 cookie algorithm, but keep AES as legacy
This commit changes the BIND cookie algorithms to match
draft-sury-toorop-dnsop-server-cookies-00.  Namely, it changes the Client Cookie
algorithm to use SipHash 2-4, adds the new Server Cookie algorithm using SipHash
2-4, and changes the default for the Server Cookie algorithm to be siphash24.

Add siphash24 cookie algorithm, and make it keep legacy aes as
2019-07-21 15:16:28 -04:00
Witold Kręcicki
92424e23fa Special, for-tests-only, mode with atomics emulated by a mutex-locked variable - useful for finding atomics congestions 2019-07-09 16:09:36 +02:00
Ondřej Surý
49462cf974 Make isc_rwlock.c thread-safe
The ThreadSanitizer found several possible data races in our rwlock
implementation.  This commit changes all the unprotected variables to atomic and
also changes the explicit memory ordering (atomic_<foo>_explicit(..., <order>)
functions to use our convenience macros (atomic_<foo>_<order>).
2019-07-03 00:05:34 -04:00
Ondřej Surý
570f358252 Add atomic_compare_exchange_strong_relaxed convenience macro 2019-07-03 00:05:34 -04:00
Ondřej Surý
e3e6888946 Make the usage of json-c objects opaque to the caller
The json-c have previously leaked into the global namespace leading
to forced -I<include_path> for every compilation unit using isc/xml.h
header.  This MR fixes the usage making the caller object opaque.
2019-06-25 12:04:20 +02:00
Ondřej Surý
0771dd3be8 Make the usage of libxml2 opaque to the caller
The libxml2 have previously leaked into the global namespace leading
to forced -I<include_path> for every compilation unit using isc/xml.h
header.  This MR fixes the usage making the caller object opaque.
2019-06-25 12:01:32 +02:00
Ondřej Surý
ac3d9b97a3 Fix Windows build by moving #include <pthread.h> to correct #ifdef block 2019-06-05 11:17:19 -07:00
Mark Andrews
5d5d751c7f teach cppcheck that _assert_int_equal and _assert_int_not_equal don't return on failure 2019-06-03 23:04:10 -04:00
Ondřej Surý
14ecd7d79e Revise the Windows section of <isc/endian.h>
Add a comment and remove redundant definitions.
2019-06-03 14:13:23 +02:00
Ondřej Surý
7e05848870 Revise the macOS section of <isc/endian.h>
Move the macOS section of <isc/endian.h> to a lower spot as it is
believed not to be the most popular platform for running BIND.  Add a
comment and remove redundant definitions.
2019-06-03 14:13:23 +02:00
Ondřej Surý
2e54b1be29 Make <isc/endian.h> detect GNU rather than Linux
Instead of only supporting Linux, try making <isc/endian.h> support
other GNU platforms as well.  Since some compilers define __GNUC__ on
BSDs (e.g. Clang on FreeBSD), move the relevant section to the bottom of
the platform-specific part of <isc/endian.h>, so that it only gets
evaluated when more specific platform determination criteria are not
met.  Also include <byteswap.h> so that any byte-swapping macros which
may be defined in that file on older platforms are used in the fallback
definitions of the nonstandard hto[bl]e{16,32,64}() and
[bl]e{16,32,64}toh() conversion functions.
2019-06-03 14:13:23 +02:00
Ondřej Surý
387cc00121 Add Solaris support for <isc/endian.h>
While Solaris does not support the nonstandard hto[bl]e{16,32,64}() and
[bl]e{16,32,64}toh() conversion functions, it does have some
byte-swapping macros available in <sys/byteorder.h>.  Ensure these
macros are used in the fallback definitions of the aforementioned
nonstandard functions.
2019-06-03 14:13:23 +02:00
Ondřej Surý
85059c2937 Add fallback definitions to <isc/endian.h>
Since the hto[bl]e{16,32,64}() and [bl]e{16,32,64}toh() conversion
functions are nonstandard, add fallback definitions of these functions
to <isc/endian.h>, so that their unavailability does not prevent
compilation from succeeding.
2019-06-03 14:13:23 +02:00
Michał Kępień
7ab1fb2a8d Fix <isc/endian.h> on BSD systems
Current versions of DragonFly BSD, FreeBSD, NetBSD, and OpenBSD all
support the modern variants of functions converting values between host
and big-endian/little-endian byte order while older ones might not.
Ensure <isc/endian.h> works properly in both cases.
2019-06-03 14:13:23 +02:00
Witold Kręcicki
02bbf1e2b9 Add --enable-pthread-rwlock option 2019-05-30 16:10:16 +02:00
Ondřej Surý
4501f646ee Implement isc_rwlock_downgrade using pthreads and single atomic_bool 2019-05-30 16:10:16 +02:00
Ondřej Surý
64fbffbbaa Use simple pthread_rwlock in place of our custom adaptive rwlock 2019-05-30 16:10:16 +02:00
Ondřej Surý
4d2d3b49ce Cleanup the way we detect json-c library to use only pkg-config 2019-05-29 15:08:52 +02:00
Mark Andrews
505ec918d7 include <isc/string.h> for isc_string_strerror_r prototype 2019-05-24 16:27:40 +10:00
Ondřej Surý
d5055665ca Remove isc_hash_reverse function 2019-05-21 10:23:17 +00:00
Ondřej Surý
2e7d82443f Convert isc_hash functions to use isc_siphash24 2019-05-21 10:23:13 +00:00
Ondřej Surý
a197df137a Add reference SipHash 2-4 implementation 2019-05-20 19:01:31 +02:00
Ondřej Surý
0efc36c19a Add portable <isc/endian.h> header 2019-05-20 19:01:31 +02:00
Ondřej Surý
eb8c9bdd55 Make lib/isc/app.c opaque and thread-safe
This work cleans up the API which includes couple of things:

1. Make the isc_appctx_t type fully opaque

2. Protect all access to the isc_app_t members via stdatomics

3. sigwait() is part of POSIX.1, remove dead non-sigwait code

4. Remove unused code: isc_appctx_set{taskmgr,sockmgr,timermgr}
2019-05-20 18:13:02 +02:00
Ondřej Surý
ab389695b0 Add most useful relaxed and acquire-relase stdatomic convenience macros
The header file <isc/atomic.h> now contains convenience macros for
most useful explicit memory ordering for C11 stdatomics, only relaxed
and acquire-release semantics is being used.  These macros SHOULD be
used instead of atomic_<func>_explicit functions.
2019-05-13 12:17:21 +07:00
Evan Hunt
2f3876d187 refactor tcpquota and pipeline refs; allow special-case overrun in isc_quota
- if the TCP quota has been exceeded but there are no clients listening
  for new connections on the interface, we can now force attachment to the
  quota using isc_quota_force(), instead of carrying on with the quota not
  attached.
- the TCP client quota is now referenced via a reference-counted
  'ns_tcpconn' object, one of which is created whenever a client begins
  listening for new connections, and attached to by members of that
  client's pipeline group. when the last reference to the tcpconn
  object is detached, it is freed and the TCP quota slot is released.
- reduce code duplication by adding mark_tcp_active() function
- convert counters to stdatomic

(cherry picked from commit a8dd133d270873b736c1be9bf50ebaa074f5b38f)
(cherry picked from commit 4a8fc979c4)
2019-04-25 16:32:05 +02:00
Ondřej Surý
2e40cc94dc On non-GNUC systems, use uintmax_t in the ISC_ALIGN macro 2019-04-18 12:55:25 +02:00
Mark Andrews
a520662ed4 allow dlz to signal that the view's transfer acl should be used 2019-03-11 14:27:13 +11:00
Mark Andrews
435ae2f29a Handle EDQUOT and ENOSPC errors 2019-03-07 21:02:48 -08:00
Mark Andrews
cb913177ae improve clang / cmocka integration 2019-03-05 10:20:29 -08:00
Ondřej Surý
3a3e75042d Remove support for compiling without assertions (Both ISC_CHECK_ALL, ISC_CHECK_NONE are now gone) 2019-01-31 11:16:08 +01:00