Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 May 2012 19:47:56 +0000 (UTC)
From:      Doug Barton <dougb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r236196 - in head: contrib/bind9 contrib/bind9/bin/named contrib/bind9/bin/named/unix contrib/bind9/lib/bind9 contrib/bind9/lib/dns contrib/bind9/lib/dns/include/dns contrib/bind9/lib/d...
Message-ID:  <201205281947.q4SJluwi030228@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: dougb
Date: Mon May 28 19:47:56 2012
New Revision: 236196
URL: http://svn.freebsd.org/changeset/base/236196

Log:
  Upgrade to BIND version 9.8.3, the latest from ISC.
  
  Feature Change
  
  *  BIND now recognizes the TLSA resource record type, created to
     support IETF DANE (DNS-based Authentication of Named Entities)
  
  Bug Fix
  
  *  The locking strategy around the handling of iterative queries
     has been tuned to reduce unnecessary contention in a multi-
     threaded environment.
  
  Other critical bug fixes are included.
  
  All BIND users are encouraged to upgrade.

Added:
  head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.c
     - copied unchanged from r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.c
  head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.h
     - copied unchanged from r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.h
Modified:
  head/contrib/bind9/CHANGES
  head/contrib/bind9/README
  head/contrib/bind9/bin/named/builtin.c
  head/contrib/bind9/bin/named/query.c
  head/contrib/bind9/bin/named/server.c
  head/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c
  head/contrib/bind9/lib/bind9/api
  head/contrib/bind9/lib/bind9/check.c
  head/contrib/bind9/lib/dns/api
  head/contrib/bind9/lib/dns/dnssec.c
  head/contrib/bind9/lib/dns/include/dns/ecdb.h
  head/contrib/bind9/lib/dns/include/dns/rpz.h
  head/contrib/bind9/lib/dns/include/dns/sdb.h
  head/contrib/bind9/lib/dns/include/dns/stats.h
  head/contrib/bind9/lib/dns/include/dns/tsec.h
  head/contrib/bind9/lib/dns/include/dns/view.h
  head/contrib/bind9/lib/dns/rbtdb.c
  head/contrib/bind9/lib/dns/resolver.c
  head/contrib/bind9/lib/dns/sdb.c
  head/contrib/bind9/lib/dns/tkey.c
  head/contrib/bind9/lib/dns/zone.c
  head/contrib/bind9/lib/isc/pthreads/mutex.c
  head/contrib/bind9/lib/isccfg/api
  head/contrib/bind9/lib/isccfg/parser.c
  head/contrib/bind9/version
  head/lib/bind/dns/code.h
  head/lib/bind/dns/dns/enumtype.h
  head/lib/bind/dns/dns/rdatastruct.h
Directory Properties:
  head/contrib/bind9/   (props changed)

Modified: head/contrib/bind9/CHANGES
==============================================================================
--- head/contrib/bind9/CHANGES	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/CHANGES	Mon May 28 19:47:56 2012	(r236196)
@@ -1,3 +1,56 @@
+	--- 9.8.3 released ---
+
+3318.	[tuning]	Reduce the amount of work performed while holding a
+			bucket lock when finshed with a fetch context.
+			[RT #29239]
+
+3314.	[bug]		The masters list could be updated while refesh_callback
+			and stub_callback were using it. [RT #26732]
+
+3313.	[protocol]	Add TLSA record type. [RT #28989]
+
+3312.	[bug]		named-checkconf didn't detect a bad dns64 clients acl.
+			[RT #27631]
+
+3311.	[bug]		Abort the zone dump if zone->db is NULL in
+			zone.c:zone_gotwritehandle. [RT #29028]
+
+3310.	[test]		Increase table size for mutex profiling. [RT #28809]
+
+3309.	[bug]		resolver.c:fctx_finddone() was not threadsafe.
+			[RT #27995]
+
+3307.	[bug]		Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
+			[RT #28956]
+
+3306.	[bug]		Improve DNS64 reverse zone performance. [RT #28563]
+
+3305.	[func]		Add wire format lookup method to sdb. [RT #28563]
+
+3304.	[bug]		Use hmctx, not mctx when freeing rbtdb->heaps.
+			[RT #28571]
+
+3302.	[bug]		dns_dnssec_findmatchingkeys could fail to find
+			keys if the zone name contained character that
+			required special mappings. [RT #28600]
+
+3301.	[contrib]	Update queryperf to build on darwin.  Add -R flag
+			for non-recursive queries. [RT #28565]
+
+3300.	[bug]		Named could die if gssapi was enabled in named.conf
+			but was not compiled in. [RT #28338]
+
+3299.	[bug]		Make SDB handle errors from database drivers better.
+			[RT #28534]
+
+3232.	[bug]		Zero zone->curmaster before return in
+			dns_zone_setmasterswithkeys(). [RT #26732]
+
+3183.	[bug]		Added RTLD_GLOBAL flag to dlopen call. [RT #26301]
+
+3197.	[bug]		Don't try to log the filename and line number when
+			the config parser can't open a file. [RT #22263]
+
 	--- 9.8.2 released ---
 
 3298.	[bug]		Named could dereference a NULL pointer in
@@ -58,9 +111,9 @@
 3274.	[bug]		Log when a zone is not reusable.  Only set loadtime
 			on successful loads.  [RT #27650]
 
-3273.   [bug]           AAAA responses could be returned in the additional
-                        section even when filter-aaaa-on-v4 was in use.
-                        [RT #27292]
+3273.	[bug]		AAAA responses could be returned in the additional
+			section even when filter-aaaa-on-v4 was in use.
+			[RT #27292]
 
 3271.	[port]		darwin: mksymtbl is not always stable, loop several
 			times before giving up.  mksymtbl was using non

Modified: head/contrib/bind9/README
==============================================================================
--- head/contrib/bind9/README	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/README	Mon May 28 19:47:56 2012	(r236196)
@@ -51,6 +51,10 @@ BIND 9
         For up-to-date release notes and errata, see
         http://www.isc.org/software/bind9/releasenotes
 
+BIND 9.8.3
+
+	BIND 9.8.3 is a maintenance release.
+
 BIND 9.8.2
 
 	BIND 9.8.2 includes a number of bug fixes and prevents a security

Modified: head/contrib/bind9/bin/named/builtin.c
==============================================================================
--- head/contrib/bind9/bin/named/builtin.c	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/bin/named/builtin.c	Mon May 28 19:47:56 2012	(r236196)
@@ -69,35 +69,79 @@ static builtin_t empty_builtin = { do_em
 static builtin_t dns64_builtin = { do_dns64_lookup, NULL, NULL };
 
 static dns_sdbimplementation_t *builtin_impl;
+static dns_sdbimplementation_t *dns64_impl;
 
-static const char hex[] = "0123456789abcdef";
-static const char HEX[] = "0123456789ABCDEF";
+/*
+ * Pre computed HEX * 16 or 1 table.
+ */
+static const unsigned char hex16[256] = {
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*00*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,	/*10*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*20*/
+	 0, 16, 32, 48, 64, 80, 96,112,128,144,  1,  1,  1,  1,  1,  1,	/*30*/
+	 1,160,176,192,208,224,240,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*40*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*50*/
+	 1,160,176,192,208,224,240,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*60*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*70*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*80*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*90*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*A0*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*B0*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*C0*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*D0*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1, /*E0*/
+	 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1  /*F0*/
+};
+
+const unsigned char decimal[] = "0123456789";
+
+static size_t
+dns64_rdata(unsigned char *v, size_t start, unsigned char *rdata) {
+	size_t i, j = 0;
+
+	for (i = 0; i < 4; i++) {
+		unsigned char c = v[start++];
+		if (start == 7)
+			start++;
+		if (c > 99) {
+			rdata[j++] = 3;
+			rdata[j++] = decimal[c/100]; c = c % 100;
+			rdata[j++] = decimal[c/10]; c = c % 10;
+			rdata[j++] = decimal[c];
+		} else if (c > 9) {
+			rdata[j++] = 2;
+			rdata[j++] = decimal[c/10]; c = c % 10;
+			rdata[j++] = decimal[c];
+		} else {
+			rdata[j++] = 1;
+			rdata[j++] = decimal[c];
+		}
+	}
+	memcpy(&rdata[j], "\07in-addr\04arpa", 14);
+	return (j + 14);
+}
 
 static isc_result_t
-dns64_cname(const char *zone, const char *name, dns_sdblookup_t *lookup) {
-	size_t zlen, nlen, j;
-	const char *s;
-	unsigned char v[16];
+dns64_cname(const dns_name_t *zone, const dns_name_t *name,
+	    dns_sdblookup_t *lookup)
+{
+	size_t zlen, nlen, j, len;
+	unsigned char v[16], n;
 	unsigned int i;
-	char reverse[sizeof("123.123.123.123.in-addr.arpa.")];
+	unsigned char rdata[sizeof("123.123.123.123.in-addr.arpa.")];
+	unsigned char *ndata;
 
 	/*
-	 * The sum the length of the relative name and the length of the zone
-	 * name for a IPv6 reverse lookup comes to 71.
-	 *
-	 * The reverse of 2001::10.0.0.1 (dns64 2001::/96) has a zone of
-	 * "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.2.ip6.arpa"
-	 * and a name of "1.0.0.0.0.0.a.0".  The sum of the lengths of these
-	 * two strings is 71.
+	 * The combined length of the zone and name is 74.
 	 *
-	 * The minimum length for a ip6.arpa zone name is 8.
+	 * The minimum zone length is 10 ((3)ip6(4)arpa(0)).
 	 *
-	 * The length of name should always be odd as we are expecting
+	 * The length of name should always be even as we are expecting
 	 * a series of nibbles.
 	 */
-	zlen = strlen(zone);
-	nlen = strlen(name);
-	if ((zlen + nlen) > 71U || zlen < 8U || (nlen % 2) != 1U)
+	zlen = zone->length;
+	nlen = name->length;
+	if ((zlen + nlen) > 74U || zlen < 10U || (nlen % 2) != 0U)
 		return (ISC_R_NOTFOUND);
 
 	/*
@@ -116,25 +160,20 @@ dns64_cname(const char *zone, const char
 	 * are byte aligned and we correctly return ISC_R_NOTFOUND or
 	 * ISC_R_SUCCESS.  We will not generate a CNAME in this case.
 	 */
-	i = (nlen % 4) == 1U ? 1 : 0;
+	ndata = name->ndata;
+	i = (nlen % 4) == 2U ? 1 : 0;
 	j = nlen;
 	memset(v, 0, sizeof(v));
-	while (j >= 1U) {
+	while (j != 0) {
 		INSIST((i/2) < sizeof(v));
-		if (j > 1U && name[1] != '.')
+		if (ndata[0] != 1)
 			return (ISC_R_NOTFOUND);
-		v[i/2] >>= 4;
-		if ((s = strchr(hex, name[0])) != NULL)
-			v[i/2] |= (s - hex) << 4;
-		else if ((s = strchr(HEX, name[0])) != NULL)
-			v[i/2] |= (s - HEX) << 4;
-		else
+		n = hex16[ndata[1]&0xff];
+		if (n == 1)
 			return (ISC_R_NOTFOUND);
-		if (j > 1U)
-			j -= 2;
-		else
-			j -= 1;
-		name += 2;
+		v[i/2] = n | (v[i/2]>>4);
+		j -= 2;
+		ndata += 2;
 		i++;
 	}
 
@@ -144,90 +183,91 @@ dns64_cname(const char *zone, const char
 	 * it corresponds to a empty node in the zone or there should be
 	 * a CNAME.
 	 */
+#define ZLEN(x) (10 + (x)/2)
 	switch (zlen) {
-	case 24:	/* prefix len 32 */
+	case ZLEN(32):	/* prefix len 32 */
+		/*
+		 * The nibbles that map to this byte must be zero for 'name'
+		 * to exist in the zone.
+		 */
+		if (nlen > 16U && v[(nlen-1)/4 - 4] != 0)
+			return (ISC_R_NOTFOUND);
 		/*
-		 * If the total length is not 71 then this is a empty node
+		 * If the total length is not 74 then this is a empty node
 		 * so return success.
 		 */
-		if (nlen + zlen != 71U)
+		if (nlen + zlen != 74U)
 			return (ISC_R_SUCCESS);
-		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
-			 v[8], v[9], v[10], v[11]);
+		len = dns64_rdata(v, 8, rdata);
 		break;
-	case 28:	/* prefix len 40 */
+	case ZLEN(40):	/* prefix len 40 */
 		/*
 		 * The nibbles that map to this byte must be zero for 'name'
 		 * to exist in the zone.
 		 */
-		if (nlen > 11U && v[nlen/4 - 3] != 0)
+		if (nlen > 12U && v[(nlen-1)/4 - 3] != 0)
 			return (ISC_R_NOTFOUND);
 		/*
-		 * If the total length is not 71 then this is a empty node
+		 * If the total length is not 74 then this is a empty node
 		 * so return success.
 		 */
-		if (nlen + zlen != 71U)
+		if (nlen + zlen != 74U)
 			return (ISC_R_SUCCESS);
-		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
-			 v[6], v[8], v[9], v[10]);
+		len = dns64_rdata(v, 6, rdata);
 		break;
-	case 32:	/* prefix len 48 */
+	case ZLEN(48):	/* prefix len 48 */
 		/*
 		 * The nibbles that map to this byte must be zero for 'name'
 		 * to exist in the zone.
 		 */
-		if (nlen > 7U && v[nlen/4 - 2] != 0)
+		if (nlen > 8U && v[(nlen-1)/4 - 2] != 0)
 			return (ISC_R_NOTFOUND);
 		/*
-		 * If the total length is not 71 then this is a empty node
+		 * If the total length is not 74 then this is a empty node
 		 * so return success.
 		 */
-		if (nlen + zlen != 71U)
+		if (nlen + zlen != 74U)
 			return (ISC_R_SUCCESS);
-		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
-			 v[5], v[6], v[8], v[9]);
+		len = dns64_rdata(v, 5, rdata);
 		break;
-	case 36:	/* prefix len 56 */
+	case ZLEN(56):	/* prefix len 56 */
 		/*
 		 * The nibbles that map to this byte must be zero for 'name'
 		 * to exist in the zone.
 		 */
-		if (nlen > 3U && v[nlen/4 - 1] != 0)
+		if (nlen > 4U && v[(nlen-1)/4 - 1] != 0)
 			return (ISC_R_NOTFOUND);
 		/*
-		 * If the total length is not 71 then this is a empty node
+		 * If the total length is not 74 then this is a empty node
 		 * so return success.
 		 */
-		if (nlen + zlen != 71U)
+		if (nlen + zlen != 74U)
 			return (ISC_R_SUCCESS);
-		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
-			 v[4], v[5], v[6], v[8]);
+		len = dns64_rdata(v, 4, rdata);
 		break;
-	case 40:	/* prefix len 64 */
+	case ZLEN(64):	/* prefix len 64 */
 		/*
 		 * The nibbles that map to this byte must be zero for 'name'
 		 * to exist in the zone.
 		 */
-		if (v[nlen/4] != 0)
+		if (v[(nlen-1)/4] != 0)
 			return (ISC_R_NOTFOUND);
 		/*
-		 * If the total length is not 71 then this is a empty node
+		 * If the total length is not 74 then this is a empty node
 		 * so return success.
 		 */
-		if (nlen + zlen != 71U)
+		if (nlen + zlen != 74U)
 			return (ISC_R_SUCCESS);
-		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
-			 v[3], v[4], v[5], v[6]);
+		len = dns64_rdata(v, 3, rdata);
 		break;
-	case 56:	/* prefix len 96 */
+	case ZLEN(96):	/* prefix len 96 */
 		/*
-		 * If the total length is not 71 then this is a empty node
+		 * If the total length is not 74 then this is a empty node
 		 * so return success.
 		 */
-		if (nlen + zlen != 71U)
+		if (nlen + zlen != 74U)
 			return (ISC_R_SUCCESS);
-		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
-			 v[0], v[1], v[2], v[3]);
+		len = dns64_rdata(v, 0, rdata);
 		break;
 	default:
 		/*
@@ -236,7 +276,7 @@ dns64_cname(const char *zone, const char
 		 */
 		return (ISC_R_NOTFOUND);
 	}
-	return (dns_sdb_putrr(lookup, "CNAME", 600, reverse));
+	return (dns_sdb_putrdata(lookup, dns_rdatatype_cname, 600, rdata, len));
 }
 
 static isc_result_t
@@ -249,13 +289,23 @@ builtin_lookup(const char *zone, const c
 
 	if (strcmp(name, "@") == 0)
 		return (b->do_lookup(lookup));
-	else if (b->do_lookup == do_dns64_lookup)
-		return (dns64_cname(zone, name, lookup));
 	else
 		return (ISC_R_NOTFOUND);
 }
 
 static isc_result_t
+dns64_lookup(const dns_name_t *zone, const dns_name_t *name, void *dbdata,
+	     dns_sdblookup_t *lookup)
+{
+	builtin_t *b = (builtin_t *) dbdata;
+
+	if (name->labels == 0 && name->length == 0)
+		return (b->do_lookup(lookup));
+	else
+		return (dns64_cname(zone, name, lookup));
+}
+
+static isc_result_t
 put_txt(dns_sdblookup_t *lookup, const char *text) {
 	unsigned char buf[256];
 	unsigned int len = strlen(text);
@@ -481,7 +531,17 @@ static dns_sdbmethods_t builtin_methods 
 	builtin_authority,
 	NULL,		/* allnodes */
 	builtin_create,
-	builtin_destroy
+	builtin_destroy,
+	NULL
+};
+
+static dns_sdbmethods_t dns64_methods = {
+	NULL,
+	builtin_authority,
+	NULL,		/* allnodes */
+	builtin_create,
+	builtin_destroy,
+	dns64_lookup,
 };
 
 isc_result_t
@@ -491,11 +551,17 @@ ns_builtin_init(void) {
 				       DNS_SDBFLAG_RELATIVERDATA,
 				       ns_g_mctx, &builtin_impl)
 		      == ISC_R_SUCCESS);
+	RUNTIME_CHECK(dns_sdb_register("_dns64", &dns64_methods, NULL,
+				       DNS_SDBFLAG_RELATIVEOWNER |
+				       DNS_SDBFLAG_RELATIVERDATA |
+				       DNS_SDBFLAG_DNS64,
+				       ns_g_mctx, &dns64_impl)
+		      == ISC_R_SUCCESS);
 	return (ISC_R_SUCCESS);
 }
 
 void
 ns_builtin_deinit(void) {
 	dns_sdb_unregister(&builtin_impl);
+	dns_sdb_unregister(&dns64_impl);
 }
-

Modified: head/contrib/bind9/bin/named/query.c
==============================================================================
--- head/contrib/bind9/bin/named/query.c	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/bin/named/query.c	Mon May 28 19:47:56 2012	(r236196)
@@ -3354,6 +3354,11 @@ query_addwildcardproof(ns_client_t *clie
 		dns_name_copy(name, cname, NULL);
 		while (result == DNS_R_NXDOMAIN) {
 			labels = dns_name_countlabels(cname) - 1;
+			/*
+			 * Sanity check.
+			 */
+			if (labels == 0U)
+				goto cleanup;
 			dns_name_split(cname, labels, NULL, cname);
 			result = dns_db_find(db, cname, version,
 					     dns_rdatatype_nsec,

Modified: head/contrib/bind9/bin/named/server.c
==============================================================================
--- head/contrib/bind9/bin/named/server.c	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/bin/named/server.c	Mon May 28 19:47:56 2012	(r236196)
@@ -1358,7 +1358,7 @@ dns64_reverse(dns_view_t *view, isc_mem_
 {
 	char *cp;
 	char reverse[48+sizeof("ip6.arpa.")];
-	const char *dns64_dbtype[4] = { "_builtin", "dns64", ".", "." };
+	const char *dns64_dbtype[4] = { "_dns64", "dns64", ".", "." };
 	const char *sep = ": view ";
 	const char *viewname = view->name;
 	const unsigned char *s6;

Modified: head/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c
==============================================================================
--- head/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c	Mon May 28 19:47:56 2012	(r236196)
@@ -250,7 +250,7 @@ dlopen_dlz_create(const char *dlzname, u
 	isc_mutex_init(&cd->lock);
 
 	/* Open the library */
-	dlopen_flags = RTLD_NOW;
+	dlopen_flags = RTLD_NOW|RTLD_GLOBAL;
 
 #ifdef RTLD_DEEPBIND
 	/*

Modified: head/contrib/bind9/lib/bind9/api
==============================================================================
--- head/contrib/bind9/lib/bind9/api	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/bind9/api	Mon May 28 19:47:56 2012	(r236196)
@@ -4,5 +4,5 @@
 # 9.8: 80-89
 # 9.9: 90-109
 LIBINTERFACE = 80
-LIBREVISION = 4
+LIBREVISION = 5
 LIBAGE = 0

Modified: head/contrib/bind9/lib/bind9/check.c
==============================================================================
--- head/contrib/bind9/lib/bind9/check.c	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/bind9/check.c	Mon May 28 19:47:56 2012	(r236196)
@@ -434,7 +434,7 @@ check_dns64(cfg_aclconfctx_t *actx, cons
 	int nbytes;
 	int i;
 
-	static const char *acls[] = { "client", "exclude", "mapped", NULL};
+	static const char *acls[] = { "clients", "exclude", "mapped", NULL};
 
 	if (voptions != NULL)
 		cfg_map_get(voptions, "dns64", &dns64);

Modified: head/contrib/bind9/lib/dns/api
==============================================================================
--- head/contrib/bind9/lib/dns/api	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/dns/api	Mon May 28 19:47:56 2012	(r236196)
@@ -4,5 +4,5 @@
 # 9.8: 80-89
 # 9.9: 90-109
 LIBINTERFACE = 87
-LIBREVISION = 0
+LIBREVISION = 1
 LIBAGE = 6

Modified: head/contrib/bind9/lib/dns/dnssec.c
==============================================================================
--- head/contrib/bind9/lib/dns/dnssec.c	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/dns/dnssec.c	Mon May 28 19:47:56 2012	(r236196)
@@ -1246,7 +1246,7 @@ dns_dnssec_findmatchingkeys(dns_name_t *
 	isc_dir_init(&dir);
 
 	isc_buffer_init(&b, namebuf, sizeof(namebuf) - 1);
-	RETERR(dns_name_totext(origin, ISC_FALSE, &b));
+	RETERR(dns_name_tofilenametext(origin, ISC_FALSE, &b));
 	len = isc_buffer_usedlength(&b);
 	namebuf[len] = '\0';
 

Modified: head/contrib/bind9/lib/dns/include/dns/ecdb.h
==============================================================================
--- head/contrib/bind9/lib/dns/include/dns/ecdb.h	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/dns/include/dns/ecdb.h	Mon May 28 19:47:56 2012	(r236196)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2012  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -39,6 +39,8 @@
  *** Functions
  ***/
 
+ISC_LANG_BEGINDECLS
+
 /* TBD: describe those */
 
 isc_result_t

Modified: head/contrib/bind9/lib/dns/include/dns/rpz.h
==============================================================================
--- head/contrib/bind9/lib/dns/include/dns/rpz.h	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/dns/include/dns/rpz.h	Mon May 28 19:47:56 2012	(r236196)
@@ -194,5 +194,7 @@ dns_rpz_cidr_find(dns_rpz_cidr_t *cidr, 
 dns_rpz_policy_t
 dns_rpz_decode_cname(dns_rdataset_t *, dns_name_t *selfname);
 
+ISC_LANG_ENDDECLS
+
 #endif /* DNS_RPZ_H */
 

Modified: head/contrib/bind9/lib/dns/include/dns/sdb.h
==============================================================================
--- head/contrib/bind9/lib/dns/include/dns/sdb.h	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/dns/include/dns/sdb.h	Mon May 28 19:47:56 2012	(r236196)
@@ -59,6 +59,9 @@ typedef struct dns_sdballnodes dns_sdbal
 typedef isc_result_t
 (*dns_sdblookupfunc_t)(const char *zone, const char *name, void *dbdata,
 		       dns_sdblookup_t *);
+typedef isc_result_t
+(*dns_sdblookup2func_t)(const dns_name_t *zone, const dns_name_t *name,
+			void *dbdata, dns_sdblookup_t *lookup);
 
 typedef isc_result_t
 (*dns_sdbauthorityfunc_t)(const char *zone, void *dbdata, dns_sdblookup_t *);
@@ -81,6 +84,7 @@ typedef struct dns_sdbmethods {
 	dns_sdballnodesfunc_t	allnodes;
 	dns_sdbcreatefunc_t	create;
 	dns_sdbdestroyfunc_t	destroy;
+	dns_sdblookup2func_t	lookup2;
 } dns_sdbmethods_t;
 
 /***
@@ -92,6 +96,7 @@ ISC_LANG_BEGINDECLS
 #define DNS_SDBFLAG_RELATIVEOWNER 0x00000001U
 #define DNS_SDBFLAG_RELATIVERDATA 0x00000002U
 #define DNS_SDBFLAG_THREADSAFE 0x00000004U
+#define DNS_SDBFLAG_DNS64 0x00000008U
 
 isc_result_t
 dns_sdb_register(const char *drivername, const dns_sdbmethods_t *methods,

Modified: head/contrib/bind9/lib/dns/include/dns/stats.h
==============================================================================
--- head/contrib/bind9/lib/dns/include/dns/stats.h	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/dns/include/dns/stats.h	Mon May 28 19:47:56 2012	(r236196)
@@ -147,6 +147,8 @@ typedef void (*dns_rdatatypestats_dumper
 					    void *);
 typedef void (*dns_opcodestats_dumper_t)(dns_opcode_t, isc_uint64_t, void *);
 
+ISC_LANG_BEGINDECLS
+
 isc_result_t
 dns_generalstats_create(isc_mem_t *mctx, dns_stats_t **statsp, int ncounters);
 /*%<

Modified: head/contrib/bind9/lib/dns/include/dns/tsec.h
==============================================================================
--- head/contrib/bind9/lib/dns/include/dns/tsec.h	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/dns/include/dns/tsec.h	Mon May 28 19:47:56 2012	(r236196)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2010, 2012  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -132,4 +132,6 @@ dns_tsec_getkey(dns_tsec_t *tsec, void *
  *\li	*tsecp points to a valid key structure depending on the TSEC type.
  */
 
+ISC_LANG_ENDDECLS
+
 #endif /* DNS_TSEC_H */

Modified: head/contrib/bind9/lib/dns/include/dns/view.h
==============================================================================
--- head/contrib/bind9/lib/dns/include/dns/view.h	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/dns/include/dns/view.h	Mon May 28 19:47:56 2012	(r236196)
@@ -1075,4 +1075,6 @@ dns_view_setnewzones(dns_view_t *view, i
 void
 dns_view_restorekeyring(dns_view_t *view);
 
+ISC_LANG_ENDDECLS
+
 #endif /* DNS_VIEW_H */

Modified: head/contrib/bind9/lib/dns/rbtdb.c
==============================================================================
--- head/contrib/bind9/lib/dns/rbtdb.c	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/dns/rbtdb.c	Mon May 28 19:47:56 2012	(r236196)
@@ -7814,7 +7814,7 @@ dns_rbtdb_create
 		for (i = 0 ; i < (int)rbtdb->node_lock_count ; i++)
 			if (rbtdb->heaps[i] != NULL)
 				isc_heap_destroy(&rbtdb->heaps[i]);
-		isc_mem_put(mctx, rbtdb->heaps,
+		isc_mem_put(hmctx, rbtdb->heaps,
 			    rbtdb->node_lock_count * sizeof(isc_heap_t *));
 	}
 

Copied: head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.c (from r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.c	Mon May 28 19:47:56 2012	(r236196, copy of r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.c)
@@ -0,0 +1,290 @@
+/*
+ * Copyright (C) 2012  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/* draft-ietf-dane-protocol-19.txt */
+
+#ifndef RDATA_GENERIC_TLSA_52_C
+#define RDATA_GENERIC_TLSA_52_C
+
+#define RRTYPE_TLSA_ATTRIBUTES 0
+
+static inline isc_result_t
+fromtext_tlsa(ARGS_FROMTEXT) {
+	isc_token_t token;
+
+	REQUIRE(type == 52);
+
+	UNUSED(type);
+	UNUSED(rdclass);
+	UNUSED(origin);
+	UNUSED(options);
+	UNUSED(callbacks);
+
+	/*
+	 * Certificate Usage.
+	 */
+	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+				      ISC_FALSE));
+	if (token.value.as_ulong > 0xffU)
+		RETTOK(ISC_R_RANGE);
+	RETERR(uint8_tobuffer(token.value.as_ulong, target));
+
+	/*
+	 * Selector.
+	 */
+	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+				      ISC_FALSE));
+	if (token.value.as_ulong > 0xffU)
+		RETTOK(ISC_R_RANGE);
+	RETERR(uint8_tobuffer(token.value.as_ulong, target));
+
+	/*
+	 * Matching type.
+	 */
+	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+				      ISC_FALSE));
+	if (token.value.as_ulong > 0xffU)
+		RETTOK(ISC_R_RANGE);
+	RETERR(uint8_tobuffer(token.value.as_ulong, target));
+
+	/*
+	 * Certificate Association Data.
+	 */
+	return (isc_hex_tobuffer(lexer, target, -1));
+}
+
+static inline isc_result_t
+totext_tlsa(ARGS_TOTEXT) {
+	isc_region_t sr;
+	char buf[sizeof("64000 ")];
+	unsigned int n;
+
+	REQUIRE(rdata->type == 52);
+	REQUIRE(rdata->length != 0);
+
+	UNUSED(tctx);
+
+	dns_rdata_toregion(rdata, &sr);
+
+	/*
+	 * Certificate Usage.
+	 */
+	n = uint8_fromregion(&sr);
+	isc_region_consume(&sr, 1);
+	sprintf(buf, "%u ", n);
+	RETERR(str_totext(buf, target));
+
+	/*
+	 * Selector.
+	 */
+	n = uint8_fromregion(&sr);
+	isc_region_consume(&sr, 1);
+	sprintf(buf, "%u ", n);
+	RETERR(str_totext(buf, target));
+
+	/*
+	 * Matching type.
+	 */
+	n = uint8_fromregion(&sr);
+	isc_region_consume(&sr, 1);
+	sprintf(buf, "%u", n);
+	RETERR(str_totext(buf, target));
+
+	/*
+	 * Certificate Association Data.
+	 */
+	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
+		RETERR(str_totext(" (", target));
+	RETERR(str_totext(tctx->linebreak, target));
+	if (tctx->width == 0) /* No splitting */
+		RETERR(isc_hex_totext(&sr, 0, "", target));
+	else
+		RETERR(isc_hex_totext(&sr, tctx->width - 2,
+				      tctx->linebreak, target));
+	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
+		RETERR(str_totext(" )", target));
+	return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+fromwire_tlsa(ARGS_FROMWIRE) {
+	isc_region_t sr;
+
+	REQUIRE(type == 52);
+
+	UNUSED(type);
+	UNUSED(rdclass);
+	UNUSED(dctx);
+	UNUSED(options);
+
+	isc_buffer_activeregion(source, &sr);
+
+	if (sr.length < 3)
+		return (ISC_R_UNEXPECTEDEND);
+
+	isc_buffer_forward(source, sr.length);
+	return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline isc_result_t
+towire_tlsa(ARGS_TOWIRE) {
+	isc_region_t sr;
+
+	REQUIRE(rdata->type == 52);
+	REQUIRE(rdata->length != 0);
+
+	UNUSED(cctx);
+
+	dns_rdata_toregion(rdata, &sr);
+	return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline int
+compare_tlsa(ARGS_COMPARE) {
+	isc_region_t r1;
+	isc_region_t r2;
+
+	REQUIRE(rdata1->type == rdata2->type);
+	REQUIRE(rdata1->rdclass == rdata2->rdclass);
+	REQUIRE(rdata1->type == 52);
+	REQUIRE(rdata1->length != 0);
+	REQUIRE(rdata2->length != 0);
+
+	dns_rdata_toregion(rdata1, &r1);
+	dns_rdata_toregion(rdata2, &r2);
+	return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_tlsa(ARGS_FROMSTRUCT) {
+	dns_rdata_tlsa_t *tlsa = source;
+
+	REQUIRE(type == 52);
+	REQUIRE(source != NULL);
+	REQUIRE(tlsa->common.rdtype == type);
+	REQUIRE(tlsa->common.rdclass == rdclass);
+
+	UNUSED(type);
+	UNUSED(rdclass);
+
+	RETERR(uint8_tobuffer(tlsa->usage, target));
+	RETERR(uint8_tobuffer(tlsa->selector, target));
+	RETERR(uint8_tobuffer(tlsa->match, target));
+
+	return (mem_tobuffer(target, tlsa->data, tlsa->length));
+}
+
+static inline isc_result_t
+tostruct_tlsa(ARGS_TOSTRUCT) {
+	dns_rdata_tlsa_t *tlsa = target;
+	isc_region_t region;
+
+	REQUIRE(rdata->type == 52);
+	REQUIRE(target != NULL);
+	REQUIRE(rdata->length != 0);
+
+	tlsa->common.rdclass = rdata->rdclass;
+	tlsa->common.rdtype = rdata->type;
+	ISC_LINK_INIT(&tlsa->common, link);
+
+	dns_rdata_toregion(rdata, &region);
+
+	tlsa->usage = uint8_fromregion(&region);
+	isc_region_consume(&region, 1);
+	tlsa->selector = uint8_fromregion(&region);
+	isc_region_consume(&region, 1);
+	tlsa->match = uint8_fromregion(&region);
+	isc_region_consume(&region, 1);
+	tlsa->length = region.length;
+
+	tlsa->data = mem_maybedup(mctx, region.base, region.length);
+	if (tlsa->data == NULL)
+		return (ISC_R_NOMEMORY);
+
+	tlsa->mctx = mctx;
+	return (ISC_R_SUCCESS);
+}
+
+static inline void
+freestruct_tlsa(ARGS_FREESTRUCT) {
+	dns_rdata_tlsa_t *tlsa = source;
+
+	REQUIRE(tlsa != NULL);
+	REQUIRE(tlsa->common.rdtype == 52);
+
+	if (tlsa->mctx == NULL)
+		return;
+
+	if (tlsa->data != NULL)
+		isc_mem_free(tlsa->mctx, tlsa->data);
+	tlsa->mctx = NULL;
+}
+
+static inline isc_result_t
+additionaldata_tlsa(ARGS_ADDLDATA) {
+	REQUIRE(rdata->type == 52);
+
+	UNUSED(rdata);
+	UNUSED(add);
+	UNUSED(arg);
+
+	return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_tlsa(ARGS_DIGEST) {
+	isc_region_t r;
+
+	REQUIRE(rdata->type == 52);
+
+	dns_rdata_toregion(rdata, &r);
+
+	return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_tlsa(ARGS_CHECKOWNER) {
+
+	REQUIRE(type == 52);
+
+	UNUSED(name);
+	UNUSED(type);
+	UNUSED(rdclass);
+	UNUSED(wildcard);
+
+	return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_tlsa(ARGS_CHECKNAMES) {
+
+	REQUIRE(rdata->type == 52);
+
+	UNUSED(rdata);
+	UNUSED(owner);
+	UNUSED(bad);
+
+	return (ISC_TRUE);
+}
+
+static inline int
+casecompare_tlsa(ARGS_COMPARE) {
+	return (compare_tlsa(rdata1, rdata2));
+}
+
+#endif	/* RDATA_GENERIC_TLSA_52_C */

Copied: head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.h (from r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.h	Mon May 28 19:47:56 2012	(r236196, copy of r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.h)
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2012  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+#ifndef GENERIC_TLSA_52_H
+#define GENERIC_TLSA_52_H 1
+
+/*!
+ *  \brief per draft-ietf-dane-protocol-19.txt
+ */
+typedef struct dns_rdata_tlsa {
+	dns_rdatacommon_t	common;
+	isc_mem_t		*mctx;
+	isc_uint8_t		usage;
+	isc_uint8_t		selector;
+	isc_uint8_t		match;
+	isc_uint16_t		length;
+	unsigned char		*data;
+} dns_rdata_tlsa_t;
+
+#endif /* GENERIC_TLSA_52_H */

Modified: head/contrib/bind9/lib/dns/resolver.c
==============================================================================
--- head/contrib/bind9/lib/dns/resolver.c	Mon May 28 19:44:35 2012	(r236195)
+++ head/contrib/bind9/lib/dns/resolver.c	Mon May 28 19:47:56 2012	(r236196)
@@ -180,7 +180,9 @@ struct fetchctx {
 	dns_rdatatype_t			type;
 	unsigned int			options;
 	unsigned int			bucketnum;
-	char *			info;
+	char *				info;
+	isc_mem_t *			mctx;
+
 	/*% Locked by appropriate bucket lock. */
 	fetchstate			state;
 	isc_boolean_t			want_shutdown;
@@ -446,7 +448,8 @@ static void resquery_response(isc_task_t
 static void resquery_connected(isc_task_t *task, isc_event_t *event);
 static void fctx_try(fetchctx_t *fctx, isc_boolean_t retrying,
 		     isc_boolean_t badcache);
-static isc_boolean_t fctx_destroy(fetchctx_t *fctx);
+static void fctx_destroy(fetchctx_t *fctx);
+static isc_boolean_t fctx_unlink(fetchctx_t *fctx);
 static isc_result_t ncache_adderesult(dns_message_t *message,
 				      dns_db_t *cache, dns_dbnode_t *node,
 				      dns_rdatatype_t covers,
@@ -478,8 +481,7 @@ valcreate(fetchctx_t *fctx, dns_adbaddri
 	dns_valarg_t *valarg;
 	isc_result_t result;
 
-	valarg = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx,
-			     sizeof(*valarg));
+	valarg = isc_mem_get(fctx->mctx, sizeof(*valarg));
 	if (valarg == NULL)
 		return (ISC_R_NOMEMORY);
 
@@ -501,8 +503,7 @@ valcreate(fetchctx_t *fctx, dns_adbaddri
 		}
 		ISC_LIST_APPEND(fctx->validators, validator, link);
 	} else
-		isc_mem_put(fctx->res->buckets[fctx->bucketnum].mctx,
-			    valarg, sizeof(*valarg));
+		isc_mem_put(fctx->mctx, valarg, sizeof(*valarg));
 	return (result);
 }
 
@@ -1386,13 +1387,12 @@ fctx_query(fetchctx_t *fctx, dns_adbaddr
 
 	dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
 
-	query = isc_mem_get(res->buckets[fctx->bucketnum].mctx,
-			    sizeof(*query));
+	query = isc_mem_get(fctx->mctx, sizeof(*query));
 	if (query == NULL) {
 		result = ISC_R_NOMEMORY;
 		goto stop_idle_timer;
 	}
-	query->mctx = res->buckets[fctx->bucketnum].mctx;
+	query->mctx = fctx->mctx;
 	query->options = options;
 	query->attributes = 0;
 	query->sends = 0;
@@ -1569,8 +1569,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddr
  cleanup_query:
 	if (query->connects == 0) {
 		query->magic = 0;
-		isc_mem_put(res->buckets[fctx->bucketnum].mctx,
-			    query, sizeof(*query));
+		isc_mem_put(fctx->mctx, query, sizeof(*query));
 	}
 
  stop_idle_timer:
@@ -1600,8 +1599,7 @@ add_bad_edns(fetchctx_t *fctx, isc_socka

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201205281947.q4SJluwi030228>