From owner-svn-src-all@FreeBSD.ORG Mon May 28 19:47:57 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7AEAE106566C; Mon, 28 May 2012 19:47:57 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 61D9D8FC0C; Mon, 28 May 2012 19:47:57 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q4SJlvcY030250; Mon, 28 May 2012 19:47:57 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q4SJluwi030228; Mon, 28 May 2012 19:47:56 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <201205281947.q4SJluwi030228@svn.freebsd.org> From: Doug Barton Date: Mon, 28 May 2012 19:47:56 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r236196 - in head: contrib/bind9 contrib/bind9/bin/named contrib/bind9/bin/named/unix contrib/bind9/lib/bind9 contrib/bind9/lib/dns contrib/bind9/lib/dns/include/dns contrib/bind9/lib/d... X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2012 19:47:57 -0000 Author: dougb Date: Mon May 28 19:47:56 2012 New Revision: 236196 URL: http://svn.freebsd.org/changeset/base/236196 Log: Upgrade to BIND version 9.8.3, the latest from ISC. Feature Change * BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) Bug Fix * The locking strategy around the handling of iterative queries has been tuned to reduce unnecessary contention in a multi- threaded environment. Other critical bug fixes are included. All BIND users are encouraged to upgrade. Added: head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.c - copied unchanged from r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.c head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.h - copied unchanged from r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.h Modified: head/contrib/bind9/CHANGES head/contrib/bind9/README head/contrib/bind9/bin/named/builtin.c head/contrib/bind9/bin/named/query.c head/contrib/bind9/bin/named/server.c head/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c head/contrib/bind9/lib/bind9/api head/contrib/bind9/lib/bind9/check.c head/contrib/bind9/lib/dns/api head/contrib/bind9/lib/dns/dnssec.c head/contrib/bind9/lib/dns/include/dns/ecdb.h head/contrib/bind9/lib/dns/include/dns/rpz.h head/contrib/bind9/lib/dns/include/dns/sdb.h head/contrib/bind9/lib/dns/include/dns/stats.h head/contrib/bind9/lib/dns/include/dns/tsec.h head/contrib/bind9/lib/dns/include/dns/view.h head/contrib/bind9/lib/dns/rbtdb.c head/contrib/bind9/lib/dns/resolver.c head/contrib/bind9/lib/dns/sdb.c head/contrib/bind9/lib/dns/tkey.c head/contrib/bind9/lib/dns/zone.c head/contrib/bind9/lib/isc/pthreads/mutex.c head/contrib/bind9/lib/isccfg/api head/contrib/bind9/lib/isccfg/parser.c head/contrib/bind9/version head/lib/bind/dns/code.h head/lib/bind/dns/dns/enumtype.h head/lib/bind/dns/dns/rdatastruct.h Directory Properties: head/contrib/bind9/ (props changed) Modified: head/contrib/bind9/CHANGES ============================================================================== --- head/contrib/bind9/CHANGES Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/CHANGES Mon May 28 19:47:56 2012 (r236196) @@ -1,3 +1,56 @@ + --- 9.8.3 released --- + +3318. [tuning] Reduce the amount of work performed while holding a + bucket lock when finshed with a fetch context. + [RT #29239] + +3314. [bug] The masters list could be updated while refesh_callback + and stub_callback were using it. [RT #26732] + +3313. [protocol] Add TLSA record type. [RT #28989] + +3312. [bug] named-checkconf didn't detect a bad dns64 clients acl. + [RT #27631] + +3311. [bug] Abort the zone dump if zone->db is NULL in + zone.c:zone_gotwritehandle. [RT #29028] + +3310. [test] Increase table size for mutex profiling. [RT #28809] + +3309. [bug] resolver.c:fctx_finddone() was not threadsafe. + [RT #27995] + +3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS. + [RT #28956] + +3306. [bug] Improve DNS64 reverse zone performance. [RT #28563] + +3305. [func] Add wire format lookup method to sdb. [RT #28563] + +3304. [bug] Use hmctx, not mctx when freeing rbtdb->heaps. + [RT #28571] + +3302. [bug] dns_dnssec_findmatchingkeys could fail to find + keys if the zone name contained character that + required special mappings. [RT #28600] + +3301. [contrib] Update queryperf to build on darwin. Add -R flag + for non-recursive queries. [RT #28565] + +3300. [bug] Named could die if gssapi was enabled in named.conf + but was not compiled in. [RT #28338] + +3299. [bug] Make SDB handle errors from database drivers better. + [RT #28534] + +3232. [bug] Zero zone->curmaster before return in + dns_zone_setmasterswithkeys(). [RT #26732] + +3183. [bug] Added RTLD_GLOBAL flag to dlopen call. [RT #26301] + +3197. [bug] Don't try to log the filename and line number when + the config parser can't open a file. [RT #22263] + --- 9.8.2 released --- 3298. [bug] Named could dereference a NULL pointer in @@ -58,9 +111,9 @@ 3274. [bug] Log when a zone is not reusable. Only set loadtime on successful loads. [RT #27650] -3273. [bug] AAAA responses could be returned in the additional - section even when filter-aaaa-on-v4 was in use. - [RT #27292] +3273. [bug] AAAA responses could be returned in the additional + section even when filter-aaaa-on-v4 was in use. + [RT #27292] 3271. [port] darwin: mksymtbl is not always stable, loop several times before giving up. mksymtbl was using non Modified: head/contrib/bind9/README ============================================================================== --- head/contrib/bind9/README Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/README Mon May 28 19:47:56 2012 (r236196) @@ -51,6 +51,10 @@ BIND 9 For up-to-date release notes and errata, see http://www.isc.org/software/bind9/releasenotes +BIND 9.8.3 + + BIND 9.8.3 is a maintenance release. + BIND 9.8.2 BIND 9.8.2 includes a number of bug fixes and prevents a security Modified: head/contrib/bind9/bin/named/builtin.c ============================================================================== --- head/contrib/bind9/bin/named/builtin.c Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/bin/named/builtin.c Mon May 28 19:47:56 2012 (r236196) @@ -69,35 +69,79 @@ static builtin_t empty_builtin = { do_em static builtin_t dns64_builtin = { do_dns64_lookup, NULL, NULL }; static dns_sdbimplementation_t *builtin_impl; +static dns_sdbimplementation_t *dns64_impl; -static const char hex[] = "0123456789abcdef"; -static const char HEX[] = "0123456789ABCDEF"; +/* + * Pre computed HEX * 16 or 1 table. + */ +static const unsigned char hex16[256] = { + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*00*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*10*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*20*/ + 0, 16, 32, 48, 64, 80, 96,112,128,144, 1, 1, 1, 1, 1, 1, /*30*/ + 1,160,176,192,208,224,240, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*40*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*50*/ + 1,160,176,192,208,224,240, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*60*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*70*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*80*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*90*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*A0*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*B0*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*C0*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*D0*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /*E0*/ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 /*F0*/ +}; + +const unsigned char decimal[] = "0123456789"; + +static size_t +dns64_rdata(unsigned char *v, size_t start, unsigned char *rdata) { + size_t i, j = 0; + + for (i = 0; i < 4; i++) { + unsigned char c = v[start++]; + if (start == 7) + start++; + if (c > 99) { + rdata[j++] = 3; + rdata[j++] = decimal[c/100]; c = c % 100; + rdata[j++] = decimal[c/10]; c = c % 10; + rdata[j++] = decimal[c]; + } else if (c > 9) { + rdata[j++] = 2; + rdata[j++] = decimal[c/10]; c = c % 10; + rdata[j++] = decimal[c]; + } else { + rdata[j++] = 1; + rdata[j++] = decimal[c]; + } + } + memcpy(&rdata[j], "\07in-addr\04arpa", 14); + return (j + 14); +} static isc_result_t -dns64_cname(const char *zone, const char *name, dns_sdblookup_t *lookup) { - size_t zlen, nlen, j; - const char *s; - unsigned char v[16]; +dns64_cname(const dns_name_t *zone, const dns_name_t *name, + dns_sdblookup_t *lookup) +{ + size_t zlen, nlen, j, len; + unsigned char v[16], n; unsigned int i; - char reverse[sizeof("123.123.123.123.in-addr.arpa.")]; + unsigned char rdata[sizeof("123.123.123.123.in-addr.arpa.")]; + unsigned char *ndata; /* - * The sum the length of the relative name and the length of the zone - * name for a IPv6 reverse lookup comes to 71. - * - * The reverse of 2001::10.0.0.1 (dns64 2001::/96) has a zone of - * "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.2.ip6.arpa" - * and a name of "1.0.0.0.0.0.a.0". The sum of the lengths of these - * two strings is 71. + * The combined length of the zone and name is 74. * - * The minimum length for a ip6.arpa zone name is 8. + * The minimum zone length is 10 ((3)ip6(4)arpa(0)). * - * The length of name should always be odd as we are expecting + * The length of name should always be even as we are expecting * a series of nibbles. */ - zlen = strlen(zone); - nlen = strlen(name); - if ((zlen + nlen) > 71U || zlen < 8U || (nlen % 2) != 1U) + zlen = zone->length; + nlen = name->length; + if ((zlen + nlen) > 74U || zlen < 10U || (nlen % 2) != 0U) return (ISC_R_NOTFOUND); /* @@ -116,25 +160,20 @@ dns64_cname(const char *zone, const char * are byte aligned and we correctly return ISC_R_NOTFOUND or * ISC_R_SUCCESS. We will not generate a CNAME in this case. */ - i = (nlen % 4) == 1U ? 1 : 0; + ndata = name->ndata; + i = (nlen % 4) == 2U ? 1 : 0; j = nlen; memset(v, 0, sizeof(v)); - while (j >= 1U) { + while (j != 0) { INSIST((i/2) < sizeof(v)); - if (j > 1U && name[1] != '.') + if (ndata[0] != 1) return (ISC_R_NOTFOUND); - v[i/2] >>= 4; - if ((s = strchr(hex, name[0])) != NULL) - v[i/2] |= (s - hex) << 4; - else if ((s = strchr(HEX, name[0])) != NULL) - v[i/2] |= (s - HEX) << 4; - else + n = hex16[ndata[1]&0xff]; + if (n == 1) return (ISC_R_NOTFOUND); - if (j > 1U) - j -= 2; - else - j -= 1; - name += 2; + v[i/2] = n | (v[i/2]>>4); + j -= 2; + ndata += 2; i++; } @@ -144,90 +183,91 @@ dns64_cname(const char *zone, const char * it corresponds to a empty node in the zone or there should be * a CNAME. */ +#define ZLEN(x) (10 + (x)/2) switch (zlen) { - case 24: /* prefix len 32 */ + case ZLEN(32): /* prefix len 32 */ + /* + * The nibbles that map to this byte must be zero for 'name' + * to exist in the zone. + */ + if (nlen > 16U && v[(nlen-1)/4 - 4] != 0) + return (ISC_R_NOTFOUND); /* - * If the total length is not 71 then this is a empty node + * If the total length is not 74 then this is a empty node * so return success. */ - if (nlen + zlen != 71U) + if (nlen + zlen != 74U) return (ISC_R_SUCCESS); - snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.", - v[8], v[9], v[10], v[11]); + len = dns64_rdata(v, 8, rdata); break; - case 28: /* prefix len 40 */ + case ZLEN(40): /* prefix len 40 */ /* * The nibbles that map to this byte must be zero for 'name' * to exist in the zone. */ - if (nlen > 11U && v[nlen/4 - 3] != 0) + if (nlen > 12U && v[(nlen-1)/4 - 3] != 0) return (ISC_R_NOTFOUND); /* - * If the total length is not 71 then this is a empty node + * If the total length is not 74 then this is a empty node * so return success. */ - if (nlen + zlen != 71U) + if (nlen + zlen != 74U) return (ISC_R_SUCCESS); - snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.", - v[6], v[8], v[9], v[10]); + len = dns64_rdata(v, 6, rdata); break; - case 32: /* prefix len 48 */ + case ZLEN(48): /* prefix len 48 */ /* * The nibbles that map to this byte must be zero for 'name' * to exist in the zone. */ - if (nlen > 7U && v[nlen/4 - 2] != 0) + if (nlen > 8U && v[(nlen-1)/4 - 2] != 0) return (ISC_R_NOTFOUND); /* - * If the total length is not 71 then this is a empty node + * If the total length is not 74 then this is a empty node * so return success. */ - if (nlen + zlen != 71U) + if (nlen + zlen != 74U) return (ISC_R_SUCCESS); - snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.", - v[5], v[6], v[8], v[9]); + len = dns64_rdata(v, 5, rdata); break; - case 36: /* prefix len 56 */ + case ZLEN(56): /* prefix len 56 */ /* * The nibbles that map to this byte must be zero for 'name' * to exist in the zone. */ - if (nlen > 3U && v[nlen/4 - 1] != 0) + if (nlen > 4U && v[(nlen-1)/4 - 1] != 0) return (ISC_R_NOTFOUND); /* - * If the total length is not 71 then this is a empty node + * If the total length is not 74 then this is a empty node * so return success. */ - if (nlen + zlen != 71U) + if (nlen + zlen != 74U) return (ISC_R_SUCCESS); - snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.", - v[4], v[5], v[6], v[8]); + len = dns64_rdata(v, 4, rdata); break; - case 40: /* prefix len 64 */ + case ZLEN(64): /* prefix len 64 */ /* * The nibbles that map to this byte must be zero for 'name' * to exist in the zone. */ - if (v[nlen/4] != 0) + if (v[(nlen-1)/4] != 0) return (ISC_R_NOTFOUND); /* - * If the total length is not 71 then this is a empty node + * If the total length is not 74 then this is a empty node * so return success. */ - if (nlen + zlen != 71U) + if (nlen + zlen != 74U) return (ISC_R_SUCCESS); - snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.", - v[3], v[4], v[5], v[6]); + len = dns64_rdata(v, 3, rdata); break; - case 56: /* prefix len 96 */ + case ZLEN(96): /* prefix len 96 */ /* - * If the total length is not 71 then this is a empty node + * If the total length is not 74 then this is a empty node * so return success. */ - if (nlen + zlen != 71U) + if (nlen + zlen != 74U) return (ISC_R_SUCCESS); - snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.", - v[0], v[1], v[2], v[3]); + len = dns64_rdata(v, 0, rdata); break; default: /* @@ -236,7 +276,7 @@ dns64_cname(const char *zone, const char */ return (ISC_R_NOTFOUND); } - return (dns_sdb_putrr(lookup, "CNAME", 600, reverse)); + return (dns_sdb_putrdata(lookup, dns_rdatatype_cname, 600, rdata, len)); } static isc_result_t @@ -249,13 +289,23 @@ builtin_lookup(const char *zone, const c if (strcmp(name, "@") == 0) return (b->do_lookup(lookup)); - else if (b->do_lookup == do_dns64_lookup) - return (dns64_cname(zone, name, lookup)); else return (ISC_R_NOTFOUND); } static isc_result_t +dns64_lookup(const dns_name_t *zone, const dns_name_t *name, void *dbdata, + dns_sdblookup_t *lookup) +{ + builtin_t *b = (builtin_t *) dbdata; + + if (name->labels == 0 && name->length == 0) + return (b->do_lookup(lookup)); + else + return (dns64_cname(zone, name, lookup)); +} + +static isc_result_t put_txt(dns_sdblookup_t *lookup, const char *text) { unsigned char buf[256]; unsigned int len = strlen(text); @@ -481,7 +531,17 @@ static dns_sdbmethods_t builtin_methods builtin_authority, NULL, /* allnodes */ builtin_create, - builtin_destroy + builtin_destroy, + NULL +}; + +static dns_sdbmethods_t dns64_methods = { + NULL, + builtin_authority, + NULL, /* allnodes */ + builtin_create, + builtin_destroy, + dns64_lookup, }; isc_result_t @@ -491,11 +551,17 @@ ns_builtin_init(void) { DNS_SDBFLAG_RELATIVERDATA, ns_g_mctx, &builtin_impl) == ISC_R_SUCCESS); + RUNTIME_CHECK(dns_sdb_register("_dns64", &dns64_methods, NULL, + DNS_SDBFLAG_RELATIVEOWNER | + DNS_SDBFLAG_RELATIVERDATA | + DNS_SDBFLAG_DNS64, + ns_g_mctx, &dns64_impl) + == ISC_R_SUCCESS); return (ISC_R_SUCCESS); } void ns_builtin_deinit(void) { dns_sdb_unregister(&builtin_impl); + dns_sdb_unregister(&dns64_impl); } - Modified: head/contrib/bind9/bin/named/query.c ============================================================================== --- head/contrib/bind9/bin/named/query.c Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/bin/named/query.c Mon May 28 19:47:56 2012 (r236196) @@ -3354,6 +3354,11 @@ query_addwildcardproof(ns_client_t *clie dns_name_copy(name, cname, NULL); while (result == DNS_R_NXDOMAIN) { labels = dns_name_countlabels(cname) - 1; + /* + * Sanity check. + */ + if (labels == 0U) + goto cleanup; dns_name_split(cname, labels, NULL, cname); result = dns_db_find(db, cname, version, dns_rdatatype_nsec, Modified: head/contrib/bind9/bin/named/server.c ============================================================================== --- head/contrib/bind9/bin/named/server.c Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/bin/named/server.c Mon May 28 19:47:56 2012 (r236196) @@ -1358,7 +1358,7 @@ dns64_reverse(dns_view_t *view, isc_mem_ { char *cp; char reverse[48+sizeof("ip6.arpa.")]; - const char *dns64_dbtype[4] = { "_builtin", "dns64", ".", "." }; + const char *dns64_dbtype[4] = { "_dns64", "dns64", ".", "." }; const char *sep = ": view "; const char *viewname = view->name; const unsigned char *s6; Modified: head/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c ============================================================================== --- head/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c Mon May 28 19:47:56 2012 (r236196) @@ -250,7 +250,7 @@ dlopen_dlz_create(const char *dlzname, u isc_mutex_init(&cd->lock); /* Open the library */ - dlopen_flags = RTLD_NOW; + dlopen_flags = RTLD_NOW|RTLD_GLOBAL; #ifdef RTLD_DEEPBIND /* Modified: head/contrib/bind9/lib/bind9/api ============================================================================== --- head/contrib/bind9/lib/bind9/api Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/bind9/api Mon May 28 19:47:56 2012 (r236196) @@ -4,5 +4,5 @@ # 9.8: 80-89 # 9.9: 90-109 LIBINTERFACE = 80 -LIBREVISION = 4 +LIBREVISION = 5 LIBAGE = 0 Modified: head/contrib/bind9/lib/bind9/check.c ============================================================================== --- head/contrib/bind9/lib/bind9/check.c Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/bind9/check.c Mon May 28 19:47:56 2012 (r236196) @@ -434,7 +434,7 @@ check_dns64(cfg_aclconfctx_t *actx, cons int nbytes; int i; - static const char *acls[] = { "client", "exclude", "mapped", NULL}; + static const char *acls[] = { "clients", "exclude", "mapped", NULL}; if (voptions != NULL) cfg_map_get(voptions, "dns64", &dns64); Modified: head/contrib/bind9/lib/dns/api ============================================================================== --- head/contrib/bind9/lib/dns/api Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/dns/api Mon May 28 19:47:56 2012 (r236196) @@ -4,5 +4,5 @@ # 9.8: 80-89 # 9.9: 90-109 LIBINTERFACE = 87 -LIBREVISION = 0 +LIBREVISION = 1 LIBAGE = 6 Modified: head/contrib/bind9/lib/dns/dnssec.c ============================================================================== --- head/contrib/bind9/lib/dns/dnssec.c Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/dns/dnssec.c Mon May 28 19:47:56 2012 (r236196) @@ -1246,7 +1246,7 @@ dns_dnssec_findmatchingkeys(dns_name_t * isc_dir_init(&dir); isc_buffer_init(&b, namebuf, sizeof(namebuf) - 1); - RETERR(dns_name_totext(origin, ISC_FALSE, &b)); + RETERR(dns_name_tofilenametext(origin, ISC_FALSE, &b)); len = isc_buffer_usedlength(&b); namebuf[len] = '\0'; Modified: head/contrib/bind9/lib/dns/include/dns/ecdb.h ============================================================================== --- head/contrib/bind9/lib/dns/include/dns/ecdb.h Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/dns/include/dns/ecdb.h Mon May 28 19:47:56 2012 (r236196) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -39,6 +39,8 @@ *** Functions ***/ +ISC_LANG_BEGINDECLS + /* TBD: describe those */ isc_result_t Modified: head/contrib/bind9/lib/dns/include/dns/rpz.h ============================================================================== --- head/contrib/bind9/lib/dns/include/dns/rpz.h Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/dns/include/dns/rpz.h Mon May 28 19:47:56 2012 (r236196) @@ -194,5 +194,7 @@ dns_rpz_cidr_find(dns_rpz_cidr_t *cidr, dns_rpz_policy_t dns_rpz_decode_cname(dns_rdataset_t *, dns_name_t *selfname); +ISC_LANG_ENDDECLS + #endif /* DNS_RPZ_H */ Modified: head/contrib/bind9/lib/dns/include/dns/sdb.h ============================================================================== --- head/contrib/bind9/lib/dns/include/dns/sdb.h Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/dns/include/dns/sdb.h Mon May 28 19:47:56 2012 (r236196) @@ -59,6 +59,9 @@ typedef struct dns_sdballnodes dns_sdbal typedef isc_result_t (*dns_sdblookupfunc_t)(const char *zone, const char *name, void *dbdata, dns_sdblookup_t *); +typedef isc_result_t +(*dns_sdblookup2func_t)(const dns_name_t *zone, const dns_name_t *name, + void *dbdata, dns_sdblookup_t *lookup); typedef isc_result_t (*dns_sdbauthorityfunc_t)(const char *zone, void *dbdata, dns_sdblookup_t *); @@ -81,6 +84,7 @@ typedef struct dns_sdbmethods { dns_sdballnodesfunc_t allnodes; dns_sdbcreatefunc_t create; dns_sdbdestroyfunc_t destroy; + dns_sdblookup2func_t lookup2; } dns_sdbmethods_t; /*** @@ -92,6 +96,7 @@ ISC_LANG_BEGINDECLS #define DNS_SDBFLAG_RELATIVEOWNER 0x00000001U #define DNS_SDBFLAG_RELATIVERDATA 0x00000002U #define DNS_SDBFLAG_THREADSAFE 0x00000004U +#define DNS_SDBFLAG_DNS64 0x00000008U isc_result_t dns_sdb_register(const char *drivername, const dns_sdbmethods_t *methods, Modified: head/contrib/bind9/lib/dns/include/dns/stats.h ============================================================================== --- head/contrib/bind9/lib/dns/include/dns/stats.h Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/dns/include/dns/stats.h Mon May 28 19:47:56 2012 (r236196) @@ -147,6 +147,8 @@ typedef void (*dns_rdatatypestats_dumper void *); typedef void (*dns_opcodestats_dumper_t)(dns_opcode_t, isc_uint64_t, void *); +ISC_LANG_BEGINDECLS + isc_result_t dns_generalstats_create(isc_mem_t *mctx, dns_stats_t **statsp, int ncounters); /*%< Modified: head/contrib/bind9/lib/dns/include/dns/tsec.h ============================================================================== --- head/contrib/bind9/lib/dns/include/dns/tsec.h Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/dns/include/dns/tsec.h Mon May 28 19:47:56 2012 (r236196) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -132,4 +132,6 @@ dns_tsec_getkey(dns_tsec_t *tsec, void * *\li *tsecp points to a valid key structure depending on the TSEC type. */ +ISC_LANG_ENDDECLS + #endif /* DNS_TSEC_H */ Modified: head/contrib/bind9/lib/dns/include/dns/view.h ============================================================================== --- head/contrib/bind9/lib/dns/include/dns/view.h Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/dns/include/dns/view.h Mon May 28 19:47:56 2012 (r236196) @@ -1075,4 +1075,6 @@ dns_view_setnewzones(dns_view_t *view, i void dns_view_restorekeyring(dns_view_t *view); +ISC_LANG_ENDDECLS + #endif /* DNS_VIEW_H */ Modified: head/contrib/bind9/lib/dns/rbtdb.c ============================================================================== --- head/contrib/bind9/lib/dns/rbtdb.c Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/dns/rbtdb.c Mon May 28 19:47:56 2012 (r236196) @@ -7814,7 +7814,7 @@ dns_rbtdb_create for (i = 0 ; i < (int)rbtdb->node_lock_count ; i++) if (rbtdb->heaps[i] != NULL) isc_heap_destroy(&rbtdb->heaps[i]); - isc_mem_put(mctx, rbtdb->heaps, + isc_mem_put(hmctx, rbtdb->heaps, rbtdb->node_lock_count * sizeof(isc_heap_t *)); } Copied: head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.c (from r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.c Mon May 28 19:47:56 2012 (r236196, copy of r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.c) @@ -0,0 +1,290 @@ +/* + * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id$ */ + +/* draft-ietf-dane-protocol-19.txt */ + +#ifndef RDATA_GENERIC_TLSA_52_C +#define RDATA_GENERIC_TLSA_52_C + +#define RRTYPE_TLSA_ATTRIBUTES 0 + +static inline isc_result_t +fromtext_tlsa(ARGS_FROMTEXT) { + isc_token_t token; + + REQUIRE(type == 52); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(origin); + UNUSED(options); + UNUSED(callbacks); + + /* + * Certificate Usage. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffU) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + + /* + * Selector. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffU) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + + /* + * Matching type. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffU) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + + /* + * Certificate Association Data. + */ + return (isc_hex_tobuffer(lexer, target, -1)); +} + +static inline isc_result_t +totext_tlsa(ARGS_TOTEXT) { + isc_region_t sr; + char buf[sizeof("64000 ")]; + unsigned int n; + + REQUIRE(rdata->type == 52); + REQUIRE(rdata->length != 0); + + UNUSED(tctx); + + dns_rdata_toregion(rdata, &sr); + + /* + * Certificate Usage. + */ + n = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + sprintf(buf, "%u ", n); + RETERR(str_totext(buf, target)); + + /* + * Selector. + */ + n = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + sprintf(buf, "%u ", n); + RETERR(str_totext(buf, target)); + + /* + * Matching type. + */ + n = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + sprintf(buf, "%u", n); + RETERR(str_totext(buf, target)); + + /* + * Certificate Association Data. + */ + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext(" (", target)); + RETERR(str_totext(tctx->linebreak, target)); + if (tctx->width == 0) /* No splitting */ + RETERR(isc_hex_totext(&sr, 0, "", target)); + else + RETERR(isc_hex_totext(&sr, tctx->width - 2, + tctx->linebreak, target)); + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext(" )", target)); + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +fromwire_tlsa(ARGS_FROMWIRE) { + isc_region_t sr; + + REQUIRE(type == 52); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(dctx); + UNUSED(options); + + isc_buffer_activeregion(source, &sr); + + if (sr.length < 3) + return (ISC_R_UNEXPECTEDEND); + + isc_buffer_forward(source, sr.length); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline isc_result_t +towire_tlsa(ARGS_TOWIRE) { + isc_region_t sr; + + REQUIRE(rdata->type == 52); + REQUIRE(rdata->length != 0); + + UNUSED(cctx); + + dns_rdata_toregion(rdata, &sr); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline int +compare_tlsa(ARGS_COMPARE) { + isc_region_t r1; + isc_region_t r2; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == 52); + REQUIRE(rdata1->length != 0); + REQUIRE(rdata2->length != 0); + + dns_rdata_toregion(rdata1, &r1); + dns_rdata_toregion(rdata2, &r2); + return (isc_region_compare(&r1, &r2)); +} + +static inline isc_result_t +fromstruct_tlsa(ARGS_FROMSTRUCT) { + dns_rdata_tlsa_t *tlsa = source; + + REQUIRE(type == 52); + REQUIRE(source != NULL); + REQUIRE(tlsa->common.rdtype == type); + REQUIRE(tlsa->common.rdclass == rdclass); + + UNUSED(type); + UNUSED(rdclass); + + RETERR(uint8_tobuffer(tlsa->usage, target)); + RETERR(uint8_tobuffer(tlsa->selector, target)); + RETERR(uint8_tobuffer(tlsa->match, target)); + + return (mem_tobuffer(target, tlsa->data, tlsa->length)); +} + +static inline isc_result_t +tostruct_tlsa(ARGS_TOSTRUCT) { + dns_rdata_tlsa_t *tlsa = target; + isc_region_t region; + + REQUIRE(rdata->type == 52); + REQUIRE(target != NULL); + REQUIRE(rdata->length != 0); + + tlsa->common.rdclass = rdata->rdclass; + tlsa->common.rdtype = rdata->type; + ISC_LINK_INIT(&tlsa->common, link); + + dns_rdata_toregion(rdata, ®ion); + + tlsa->usage = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + tlsa->selector = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + tlsa->match = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + tlsa->length = region.length; + + tlsa->data = mem_maybedup(mctx, region.base, region.length); + if (tlsa->data == NULL) + return (ISC_R_NOMEMORY); + + tlsa->mctx = mctx; + return (ISC_R_SUCCESS); +} + +static inline void +freestruct_tlsa(ARGS_FREESTRUCT) { + dns_rdata_tlsa_t *tlsa = source; + + REQUIRE(tlsa != NULL); + REQUIRE(tlsa->common.rdtype == 52); + + if (tlsa->mctx == NULL) + return; + + if (tlsa->data != NULL) + isc_mem_free(tlsa->mctx, tlsa->data); + tlsa->mctx = NULL; +} + +static inline isc_result_t +additionaldata_tlsa(ARGS_ADDLDATA) { + REQUIRE(rdata->type == 52); + + UNUSED(rdata); + UNUSED(add); + UNUSED(arg); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +digest_tlsa(ARGS_DIGEST) { + isc_region_t r; + + REQUIRE(rdata->type == 52); + + dns_rdata_toregion(rdata, &r); + + return ((digest)(arg, &r)); +} + +static inline isc_boolean_t +checkowner_tlsa(ARGS_CHECKOWNER) { + + REQUIRE(type == 52); + + UNUSED(name); + UNUSED(type); + UNUSED(rdclass); + UNUSED(wildcard); + + return (ISC_TRUE); +} + +static inline isc_boolean_t +checknames_tlsa(ARGS_CHECKNAMES) { + + REQUIRE(rdata->type == 52); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(bad); + + return (ISC_TRUE); +} + +static inline int +casecompare_tlsa(ARGS_COMPARE) { + return (compare_tlsa(rdata1, rdata2)); +} + +#endif /* RDATA_GENERIC_TLSA_52_C */ Copied: head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.h (from r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/contrib/bind9/lib/dns/rdata/generic/tlsa_52.h Mon May 28 19:47:56 2012 (r236196, copy of r236173, vendor/bind9/dist/lib/dns/rdata/generic/tlsa_52.h) @@ -0,0 +1,35 @@ +/* + * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id$ */ + +#ifndef GENERIC_TLSA_52_H +#define GENERIC_TLSA_52_H 1 + +/*! + * \brief per draft-ietf-dane-protocol-19.txt + */ +typedef struct dns_rdata_tlsa { + dns_rdatacommon_t common; + isc_mem_t *mctx; + isc_uint8_t usage; + isc_uint8_t selector; + isc_uint8_t match; + isc_uint16_t length; + unsigned char *data; +} dns_rdata_tlsa_t; + +#endif /* GENERIC_TLSA_52_H */ Modified: head/contrib/bind9/lib/dns/resolver.c ============================================================================== --- head/contrib/bind9/lib/dns/resolver.c Mon May 28 19:44:35 2012 (r236195) +++ head/contrib/bind9/lib/dns/resolver.c Mon May 28 19:47:56 2012 (r236196) @@ -180,7 +180,9 @@ struct fetchctx { dns_rdatatype_t type; unsigned int options; unsigned int bucketnum; - char * info; + char * info; + isc_mem_t * mctx; + /*% Locked by appropriate bucket lock. */ fetchstate state; isc_boolean_t want_shutdown; @@ -446,7 +448,8 @@ static void resquery_response(isc_task_t static void resquery_connected(isc_task_t *task, isc_event_t *event); static void fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache); -static isc_boolean_t fctx_destroy(fetchctx_t *fctx); +static void fctx_destroy(fetchctx_t *fctx); +static isc_boolean_t fctx_unlink(fetchctx_t *fctx); static isc_result_t ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdatatype_t covers, @@ -478,8 +481,7 @@ valcreate(fetchctx_t *fctx, dns_adbaddri dns_valarg_t *valarg; isc_result_t result; - valarg = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx, - sizeof(*valarg)); + valarg = isc_mem_get(fctx->mctx, sizeof(*valarg)); if (valarg == NULL) return (ISC_R_NOMEMORY); @@ -501,8 +503,7 @@ valcreate(fetchctx_t *fctx, dns_adbaddri } ISC_LIST_APPEND(fctx->validators, validator, link); } else - isc_mem_put(fctx->res->buckets[fctx->bucketnum].mctx, - valarg, sizeof(*valarg)); + isc_mem_put(fctx->mctx, valarg, sizeof(*valarg)); return (result); } @@ -1386,13 +1387,12 @@ fctx_query(fetchctx_t *fctx, dns_adbaddr dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE); - query = isc_mem_get(res->buckets[fctx->bucketnum].mctx, - sizeof(*query)); + query = isc_mem_get(fctx->mctx, sizeof(*query)); if (query == NULL) { result = ISC_R_NOMEMORY; goto stop_idle_timer; } - query->mctx = res->buckets[fctx->bucketnum].mctx; + query->mctx = fctx->mctx; query->options = options; query->attributes = 0; query->sends = 0; @@ -1569,8 +1569,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddr cleanup_query: if (query->connects == 0) { query->magic = 0; - isc_mem_put(res->buckets[fctx->bucketnum].mctx, - query, sizeof(*query)); + isc_mem_put(fctx->mctx, query, sizeof(*query)); } stop_idle_timer: @@ -1600,8 +1599,7 @@ add_bad_edns(fetchctx_t *fctx, isc_socka *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***