Commit graph

338 commits

Author SHA1 Message Date
Mark Andrews
52b053537d Add OpenSSL libraries and flags to proxystream_test 2024-03-15 10:08:57 +11:00
Evan Hunt
5709f7bad9 rename qpdb to qpcache
move qpdb.c to qpcache.c and rename the "qp" database implementation
to "qpcache", in order to make it more clearly distinguishable from
"qpzone".
2024-03-08 15:36:56 -08:00
Evan Hunt
ab084d8c4f remove qp-zonedb.c and associated code
now that "qpzone" databases are available for use in zones, we no
longer need to retain the zone semantics in the "qp" database.

all zone-specific code has been removed from QPDB, and "configure
--with-zonedb" once again takes two values, rbt and qp.

some database API methods that are never used with a cache have
been removed from qpdb.c and qp-cachedb.c; these include newversion,
closeversion, subtractrdataset, and nodefullname.
2024-03-08 15:36:56 -08:00
Evan Hunt
ab13ba2438 add qpzone_test unit test
copy the non-cache-specific tests from the old rbtdb_test.c to
qpzone_test.c.
2024-03-08 15:36:56 -08:00
Evan Hunt
60b5422cda make the qpzone database dumpable
add database API method implementations needed to iterate and dump
a qpzone database to a file (createiterator, allrdatasets and
attachversion, plus dbiterator and rdatasetiter methods).

named-checkzone -D can now dump the contents of most zones,
but zone cuts are not correctly detected.
2024-03-08 15:36:56 -08:00
Ondřej Surý
b0c9ca7a24
Revert the s/rbt/qp/ change in load_names, it is still rbt 2024-03-06 17:54:05 +01:00
Evan Hunt
92b305be4b add a compile-time option to select default zone and cache DB
by default, QPDB is the database used by named and all tools and
unit tests. the old default of RBTDB can now be restored by using
"configure --with-zonedb=rbt --with-cachedb=rbt".

some tests have been fixed so they will work correctly with either
database.

CHANGES and release notes have been updated to reflect this change.
2024-03-06 10:49:02 +01:00
Matthijs Mekking
fe97aa59b9 Replace dns_rbtnode_t with dns_qpdata_t
This for now has almost the same structure contents except for
dns_qpdata_t has 'fn' and 'name' to store the domain name.
2024-03-06 09:57:25 +01:00
Evan Hunt
bb4464181a switch database defaults from "rbt" to "qp"
replace the string "rbt" throughout BIND with "qp" so that
qpdb databases will be used by default instead of rbtdb.
rbtdb databases can still be used by specifying "database rbt;"
in a zone statement.
2024-03-06 09:57:24 +01:00
Evan Hunt
845f832308 rename dns_rbtdb to dns_qpdb
this commit renames all variables and macros with the string "rbtdb"
or "RBDTB" to "qpdb" or "QPDB".
2024-03-06 09:57:24 +01:00
Mark Andrews
0651063658 Add RESINFO record type
This is a TXT clone using code point 261.
2024-02-26 12:02:40 +11:00
Evan Hunt
e40fd4ed06 fix several bugs in the RBTDB dbiterator implementation
- the DNS_DB_NSEC3ONLY and DNS_DB_NONSEC3 flags are mutually
  exclusive; it never made sense to set both at the same time.
  to enforce this, it is now a fatal error to do so.  the
  dbiterator implementation has been cleaned up to remove
  code that treated the two as independent: if nonsec3 is
  true, we can be certain nsec3only is false, and vice versa.
- previously, iterating a database backwards omitted
  NSEC3 records even if DNS_DB_NONSEC3 had not been set. this
  has been corrected.
- when an iterator reaches the origin node of the NSEC3 tree, we
  need to skip over it and go to the next node in the sequence.
  the NSEC3 origin node is there for housekeeping purposes and
  never contains data.
- the dbiterator_test unit test has been expanded, several
  incorrect expectations have been fixed. (for example, the
  expected number of iterations has been reduced by one; we were
  previously counting the NSEC3 origin node and we should not
  have been doing so.)
2024-02-15 10:15:50 -08:00
Evan Hunt
ac9bd03a0d clean up dns_rbt
- create_node() in rbt.c cannot fail
- the dns_rbt_*name() functions, which are wrappers around
  dns_rbt_[add|find|delete]node(), were never used except in tests.

this change isn't really necessary since RBT is likely to go away
eventually anyway. but keeping the API as simple as possible while it
persists is a good thing, and may reduce confusion while QPDB is being
developed from RBTDB code.
2024-02-14 01:36:44 -08:00
Evan Hunt
27c862d953 separate generic DB helpers into db_p.h
when the QPDB is implemented, we will need to have both qpdb_p.h and
rbtdb_p.h. in order to prevent name collisions or code duplication,
this commit adds a generic private header file, db_p.h, containing
structures and macros that will be used by both databases.

some functions and structs have been renamed to more specifically refer
to the RBT database, in order to avoid namespace collision with similar
things that will be needed by the QPDB later.
2024-02-14 09:00:27 +01:00
Ondřej Surý
175655b771
Fix case insensitive matching in isc_ht hash table implementation
The case insensitive matching in isc_ht was basically completely broken
as only the hashvalue computation was case insensitive, but the key
comparison was always case sensitive.
2024-02-11 09:36:56 +01:00
Ondřej Surý
8404129471
Use DNS_QPGC_MAYBE instead of DNS_QPGC_ALL for more realistic load
In the benchmarks, DNS_QPGC_ALL was trying to hard to cleanup QP
and this was slowing down QP too much.  Use DNS_QPGC_MAYBE instead
that we are going to use anyway for more realistic load - this also
shows the memory usage matching the real loads.
2024-02-08 08:33:36 +01:00
Ondřej Surý
76997983fd
Use EXIT_SUCCESS and EXIT_FAILURE
Instead of randomly using -1 or 1 as a failure status, properly utilize
the EXIT_FAILURE define that's platform specific (as it should be).
2024-02-08 08:01:58 +01:00
Matthijs Mekking
18b566ccea Refactor findzonekeys
Move dns_dnssec_findzonekeys from the dnssec.{c,h} source code to
zone.{c,h} (the header file already commented that this should be done
inside dns_zone_t).

Alter the function in such a way, that keys are searched for in the
key stores if a 'dnssec-policy' (kasp) is attached to the zone,
otherwise keep using the zone's key-directory.
2024-01-25 14:48:07 +01:00
Ondřej Surý
41a0ee1071
Add workaround for jemalloc linking order
Because we don't use jemalloc functions directly, but only via the
libisc library, the dynamic linker might pull the jemalloc library
too late when memory has been already allocated via standard libc
allocator.

Add a workaround round isc_mem_create() that makes the dynamic linker
to pull jemalloc earlier than libc.
2024-01-18 09:34:36 +01:00
Evan Hunt
ea9a8cb392 prevent an infinite loop in fix_iterator()
it was possible for fix_iterator() to get stuck in a loop while
trying to find the predecessor of a missing node. this has been
fixed and a regression test has been added.
2023-12-21 09:18:30 -08:00
Evan Hunt
84f79cd164 fix_iterator() could produce incoherent iterator stacks
the fix_iterator() function moves an iterator so that it points
to the predecessor of the searched-for name when that name doesn't
exist in the database. the tests only checked the correctness of
the top of the stack, however, and missed some cases where interior
branches in the stack could be missing or duplicated. in these
cases, the iterator would produce inconsistent results when walked.

the predecessors test case in qp_test has been updated to walk
each iterator to the end and ensure that the expected number of
nodes are found.
2023-12-21 09:18:30 -08:00
Mark Andrews
fd077c2661 NetBSD has added 'hmac' to libc so rename out uses of hmac 2023-12-13 22:27:38 +00:00
Matthijs Mekking
ab8a0c4b5a and fix yet another dns_qp_lookup() iterator bug
This one is similar to the bug when searching for a key, reaching a
dead-end branch that doesn't match, because the branch offset point
is after the point where the search key differs.

This fixes the case where we are multiple levels deep. In other
words, we had a more-than-one matches *after* the point where the
search key differs.

For example, consider the following qp-trie:

branch: "[e]", "[m]":
 - leaf: "a.b.c.d.e"
 - branch: "moo[g]", "moo[k]", "moo[n]":
   - leaf: "moog"
   - branch: "mook[e]", "mook[o]"
     - leaf: "mooker"
     - leaf: "mooko"
   - leaf: "moon"

If searching for a key "monky", we would reach the branch with
twigs "moo[k]" and "moo[n]". The key matches on the 'k' on offset=4,
and reaches the branch with twigs "mook[e]" and "mook[o]". This time
we cannot find a twig that matches our key at offset=5, there is no
twig for 'y'. The closest name we found was "mooker".

Note that on a branch it can't detect it is on a dead branch because the
key is not encapsulated in a branch node.

In the previous code we considered "mooker" to be the successor of
"monky" and so we needed to the predecessor of "mooker" to find the
predecessor for "monky". However, since the search key alread differed
before entering this branch, this is not enough. We would be left with
"moog" as the predecessor of "monky", while in this example "a.b.c.d.e"
is the actual predecessor.

Instead, we need to go up a level, find the predecessor and check
again if we are on the right branch, and repeat the process until we
are.

Unit tests to cover the scenario are now added.
2023-12-11 21:01:29 +00:00
Matthijs Mekking
276bdcf5cf and fix another dns_qp_lookup() iterator bug
There was yet another edge case in which an iterator could be
positioned at the wrong node after dns_qp_lookup(). When searching for
a key, it's possible to reach a leaf that matches at the given offset,
but because the offset point is *after* the point where the search key
differs from the leaf's contents, we are now at the wrong leaf.

In other words, the bug fixed the previous commit for dead-end branches
must also be applied on matched leaves.

For example, if searching for the key "monpop", we could reach a branch
containing "moop" and "moor". the branch offset point - i.e., the point
after which the branch's leaves differ from each other - is the
fourth character ("p" or "r"). The search key matches the fourth
character "p", and takes that twig to the next node (which can be
a branch for names starting with "moop", or could be a leaf node for
"moop").

The old code failed to detect this condition, and would have
incorrectly left the iterator pointing at some successor, and not
at the predecessor of the "moop".

To find the right predecessor in this case, we need to get to the
previous branch and get the previous from there.

This has been fixed and the unit test now includes several new
scenarios for testing search names that match and unmatch on the
offset but have a different character before the offset.
2023-12-11 21:01:29 +00:00
Evan Hunt
60a33ae6bb fix another dns_qp_lookup() iterator bug
there was another edge case in which an iterator could be positioned at
the wrong node after dns_qp_lookup().  when searching for a key, it's
possible to reach a dead-end branch that doesn't match, because the
branch offset point is *after* the point where the search key differs
from the branch's contents.

for example, if searching for the key "mop", we could reach a branch
containing "moon" and "moor". the branch offset point - i.e., the
point after which the branch's leaves differ from each other - is the
fourth character ("n" or "r"). however, both leaves differ from the
search key at position *three* ("o" or "p"). the old code failed to
detect this condition, and would have incorrectly left the iterator
pointing at some lower value and not at "moor".

this has been fixed and the unit test now includes this scenario.
2023-12-06 11:03:30 -08:00
Evan Hunt
8612902476 fix dns_qp_lookup() iterator bug
in some cases it was possible for the iterator to be positioned in the
wrong place by dns_qp_lookup(). previously, when a leaf node was found
which matched the search key at its parent branch's offset point, but
did not match after that point, the code incorrectly assumed the leaf
it had found was a successor to the searched-for name, and stepped the
iterator back to find a predecessor.  however, it was possible for the
non-matching leaf to be the predecessor, in which case stepping the
iterator back was wrong.

(for example: a branch contains "aba" and "abcd", and we are searching
for "abcde". we step down to the twig matching the letter "c" in
position 3. "abcd" is the predecessor of "abcde", so the iterator is
already correctly positioned, but because the twig was an exact match,
we would have moved it back one step to "aba".)

this previously went unnoticed due to a mistake in the qp_test unit
test, which had the wrong expected result for the test case that should
have detected the error. both the code and the test have been fixed.
2023-12-06 11:03:30 -08:00
Evan Hunt
947bc0a432 add an iterator argument to dns_qp_lookup()
the 'predecessor' argument to dns_qp_lookup() turns out not to
be sufficient for our needs: the predecessor node in a QP database
could have become "empty" (for the current version) because of an
update or because cache data expired, and in that case the caller
would have to iterate more than one step back to find the predecessor
node that it needs.

it may also be necessary for a caller to iterate forward, in
order to determine whether a node has any children.

for both of these reasons, we now replace the 'predecessor'
argument with an 'iter' argument. if set, this points to memory
with enough space for a dns_qpiter object.

when an exact match is found by the lookup, the iterator will be
pointing to the matching node. if not, it will be pointing to the
lexical predecessor of the nae that was searched for.

a dns_qpiter_current() method has been added for examining
the current value of the iterator without moving it in either
direction.
2023-12-06 11:03:30 -08:00
Artem Boldariev
71219882ed DoH unit test: do not increase 'active_cconnects' too much
Theoretically, the value could get too big, not letting the test to
finish. This commit fixes that omission.
2023-12-06 15:15:25 +02:00
Artem Boldariev
6d9a3b40a8 Add pre-rendered PROXY header test for PROXY over UDP
This commit extends the PROXY over UDP transport test with
a pre-rendered PROXY header handling test.
2023-12-06 15:15:25 +02:00
Artem Boldariev
c9da121ece PROXY Stream pre-rendered PROXY handling test
This commit extends the PROXY Stream transport unit test suite with a
pre-rendered PROXY header handling test.
2023-12-06 15:15:25 +02:00
Artem Boldariev
c9d526d84d Increase conn. timeout in the timeout recovery tests
Due to increased number of the NM unit tests and, thus, increased load
on the system timeout recovery tests can sometimes fail, in particular
on FreeBSD. This commit fixes that. Besides, it seems that use of
T_SOFT here was unintentional to begin with.
2023-12-06 15:15:25 +02:00
Artem Boldariev
b6cdebcf5c PROXY over UDP unit tests
This commit adds a unit test suite for the new PROXY over UDP
transport. Most of the code is reused from the UDP unit test suite, as
the new transport aims to be fully compatible with UDP on the API
level.
2023-12-06 15:15:25 +02:00
Artem Boldariev
148cfb17d5 Refactor UDP tests
This commit mostly moves the code around to make the parts of the UDP
unit test suite reusable. That changes the unit test suite structure
to resemble that of stream based unit tests.

The motivation behind this is to reuse most of the code for the new
PROXY over UDP uni tests suite.
2023-12-06 15:15:25 +02:00
Artem Boldariev
69995bc7b7 Extend DNS over HTTP(S) unit tests with PROXY over TLS checks
This commit adds PROXY over TLS related checks to DNS over HTTP(S)
transport in order to ensure its compatibility with this mode.
2023-12-06 15:15:25 +02:00
Artem Boldariev
bf3f0c45cb Adapt DNS over HTTP(S) unit tests for PROXY over TLS mode
This commit fixes the common, infrastructural code within the DNS over
HTTP unit test suite to fix and prepare it for PROXY over TLS mode.
2023-12-06 15:15:25 +02:00
Artem Boldariev
90a00d8de2 StreamDNS over TLS: Add PROXY over TLS tests
This commit extends the TLS DNS unit tests suite with checks related
to PROXY over TLS support in StreamDNS.
2023-12-06 15:15:25 +02:00
Artem Boldariev
c8d4f3b565 Extend PROXY Stream tests to include checks for PROXY over TLS
This commit extends the PROXY stream unit test suite with checks
related to PROXY over TLS support within the transport.
2023-12-06 15:15:25 +02:00
Artem Boldariev
9a7e30b1ca PROXY over TLS: Fix stream-based DNS transports tests support
This commit fixes the infrastructural code of the stream-based DNS
transports to take PROXY over TLS support into account.
2023-12-06 15:15:25 +02:00
Artem Boldariev
eb52015db1 Stream DNS: add PROXY over TLS support
This commit extends Stream DNS with PROXY over TLS support.
2023-12-06 15:15:25 +02:00
Artem Boldariev
e5852bea1c Fix common netmgr unit testing code for PROXY Stream over TLS
This commit fixes common netmgr unit testing code to take PROXY Stream
over TLS support into account.
2023-12-06 15:15:24 +02:00
Artem Boldariev
fee8b0d8d5 Add PROXYv2 related checks to DNS over HTTP(S) unit test suite
This commit extends DNS over HTTP(S) unit test suite with PROXYv2
related checks to ensure that the transport is compatible with that
mode.
2023-12-06 15:15:24 +02:00
Artem Boldariev
eccc3fe0a0 Add PROXYv2 support to DNS over HTTP(S) transport
This commit extends DNS over HTTP(S) transport with PROXYv2 support.
2023-12-06 15:15:24 +02:00
Artem Boldariev
d199265e95 Add PROXYv2 related tests for TLS DNS transport
This commit adds a set of PROXYv2 related tests to ensure that Stream
DNS over TLS supports this mode.
2023-12-06 15:15:24 +02:00
Artem Boldariev
96ba4d2a9a Add PROXYv2 related tests for TCP DNS transport
This commit adds a set of PROXYv2 related tests to ensure that Stream
DNS over TCP supports this mode.
2023-12-06 15:15:24 +02:00
Artem Boldariev
e97903ca14 Add PROXY support to Stream DNS
This commit makes it possible to use Stream DNS on top of PROXY Stream
either directly or indirectly (in the case when TLS is involved).
2023-12-06 15:15:24 +02:00
Artem Boldariev
2020dce326 Extend TLS Stream unit suite with PROXYv2 related tests
This commit adds a set of tests which help to verify that TLS Stream
works as expected on top of PROXY Stream.
2023-12-06 15:15:24 +02:00
Artem Boldariev
4437096ba0 Make it possible to use TLS Stream on top of PROXY Stream
This commit modifies TLS Stream to make it possible to use over PROXY
Stream. That is required to add PROVYv2 support into TLS-based
transports (DNS over HTTP, DNS over TLS).
2023-12-06 15:15:24 +02:00
Artem Boldariev
4330014fce PROXY Stream: add unit test suite
This commit adds a specialised test suite for the PROXY Stream
transport by reusing most of the testing code from other unit tests
for other stream-based transports.
2023-12-06 15:15:24 +02:00
Artem Boldariev
7d9a8ddc00 Add PROXY header handling unit test suite
The commit adds a fairly comprehensive unit test suite for our new
PROXYv2 handling code. The unit tests suite ensures both the
correctness of the code and ensures that the part responsible for
handling incoming headers is very strict regarding what to accept as
valid.
2023-12-06 15:15:24 +02:00
Matthijs Mekking
a759f7f33c Change max NSEC3 iterations in unit tests to 50
The nsec3 unit test needs to be adjusted to accept a lower maximum value
for NSEC3 iterations.
2023-12-05 14:58:58 +00:00
Ondřej Surý
0b865c781a
Add isc_mem_overmem unit test
The new unit isc_mem_overmem unit test sets hi and lo water marks and
then does allocations to go over:

0. x < lo_water
1. lo_water < x < hi_water
2. x > hi_water
3. lo_water < x < hi_water
4. < lo_water
2023-11-29 14:16:20 +01:00
Ondřej Surý
14bdd21e0a
Refactor the handling of isc_mem overmem condition
Previously, there were two methods of working with the overmem
condition:

1. hi/lo water callback - when the overmem condition was reached
   for the first time, the water callback was called with HIWATER
   mark and .is_overmem boolean was set internally.  Similarly,
   when the used memory went below the lo water mark, the water
   callback would be called with LOWATER mark and .is_overmem
   was reset.  This check would be called **every** time memory
   was allocated or freed.

2. isc_mem_isovermem() - a simple getter for the internal
   .is_overmem flag

This commit refactors removes the first method and move the hi/lo water
checks to the isc_mem_isovermem() function, thus we now have only a
single method of checking overmem condition and the check for hi/lo
water is removed from the hot path for memory contexts that doesn't use
overmem checks.
2023-11-29 14:16:20 +01:00
Mark Andrews
cbfcdbc199 Adjust message buffer sizes in test code 2023-11-16 11:22:02 +11:00
Ondřej Surý
17da9fed58
Remove AES algorithm for DNS cookies
The AES algorithm for DNS cookies was being kept for legacy reasons, and
it can be safely removed in the next major release.  Remove both the AES
usage for DNS cookies and the AES implementation itself.
2023-11-15 10:31:16 +01:00
Ondřej Surý
aa393b9e57
Bump the timeouts in the dispatch_test
The client connection timeout was set to just one second, which might
not be enough on busy systems (and the CI machines are oh-boy-busy).
Bump the server timeouts to 10 seconds and client timeouts to 5 seconds,
this will make the unit test run a little bit longer, but it should be
more reliable.
2023-10-27 12:55:51 +02:00
Ondřej Surý
b7e793b84c
Add tests/dns/badcache.out to .gitignore 2023-10-27 12:55:51 +02:00
Tom Krizek
4cb8b13987
Reformat shell scripts with shfmt
All changes in this commit were automated using the command:

  shfmt -w -i 2 -ci -bn . $(find . -name "*.sh.in")

By default, only *.sh and files without extension are checked, so
*.sh.in files have to be added additionally. (See mvdan/sh#944)
2023-10-26 10:23:50 +02:00
Ondřej Surý
d246aa02a6
Add dispatch_getcp and dispatch_newtcp tests
Refactor the dispatch unit test to use more local variables (previously
dispatchmgr, dispatch and dispentry were all global), and add two new
tests:

* dispatch_getcp - test whether the TCP connection will get reused
* dispatch_newtcp - test that the TCP connection will not get reused
                    when DNS_DISPATCHOPT_UNSHARED is in effect
2023-10-24 13:07:03 +02:00
Ondřej Surý
f213f644ed
Add option to mark TCP dispatch as unshared
The current dispatch code could reuse the TCP connection when
dns_dispatch_gettcp() would be used first.  This is problematic as the
dns_resolver doesn't use TCP connection sharing, but dns_request could
get the TCP stream that was created outside of the dns_request.

Add new DNS_DISPATCHOPT_UNSHARED option to dns_dispatch_createtcp() that
would prevent the TCP stream to be reused.  Use that option in the
dns_resolver call to dns_dispatch_createtcp() to prevent dns_request
from reusing the TCP connections created by dns_resolver.

Additionally, the dns_xfrin unit added TCP connection sharing for
incoming transfers.  While interleaving *xfr streams on a TCP connection
should work this should be a deliberate change and be property of the
server that can be controlled.  Additionally some level of parallel TCP
streams is desirable.  Revert to the old behaviour by removing the
dns_dispatch_gettcp() calls from dns_xfrin and use the new option to
prevent from sharing the transfer streams with dns_request.
2023-10-24 13:07:03 +02:00
Aram Sargsyan
b535843bb7 Fix an error in the qp_test.c unit test
In order to check whether there are enough inserted values the
code uses the 'tests' variable (loop counter), which is unreliable,
because the loop sometimes removes an item instead of inserting
one (when the randomly generated item already exists).

Instead of the loop counter, use the existing variable 'inserted',
which should indicate the correct number of the inserted items.
2023-10-19 08:46:58 +00:00
Michal Nowak
dd234c60fe
Update the source code formatting using clang-format-17 2023-10-17 17:47:46 +02:00
Ondřej Surý
b3a8f0048f Refactor dns_{acl,aclenv}_create to return void
The dns_{acl,aclenv}_create() can't fail, so change it to return void.
2023-10-13 14:44:40 +02:00
Ondřej Surý
d46d51be78 Refactor isc_radix_create to return void
The isc_radix_create() can't fail, so change it to return void.
2023-10-13 14:44:40 +02:00
Aram Sargsyan
20fdab8667 Fix undefined behaviour occurrences
The undefined behaviour was detected by LLVM 17. Fix the affected
functions definitions to match the expected function type.
2023-10-13 09:57:28 +00:00
Petr Špaček
992b87ccc1 Add qplookups test to .gitignore 2023-10-13 09:00:43 +02:00
Evan Hunt
8f6a3f47db fix a QP chain bug
depending on how the QP trie is traversed during a lookup, it is
possible for a search to terminate on a leaf which is a partial
match, without that leaf being added to the chain. to ensure the
chain is correct in this case, when a partial match condition is
detected via qpkey_compare(), we will call add_link() again, just
in case.  (add_link() will check for a duplicated node, so it will
be harmless if it was already done.)
2023-10-09 13:29:02 -07:00
Ondřej Surý
1974a91e58
Add base testing set of names for load-names benchmark
This was generated from dnsperf queryfile with following script:

    #!/usr/bin/env python3
    names = {}

    import sys

    i = 0
    for line in iter(sys.stdin.readline, ''):
	name = line.rstrip('\n')
	if not name in names:
	    names[name] = line
	    print(f"{i},{name}")
	    i += 1
	if i >= 1024*1024:
	    break
2023-10-09 21:04:21 +02:00
Ondřej Surý
9a45fd6f33
Fix hashmap part of load-names benchmark
The name_match() was errorneously converting struct item into dns_name
pointer.  Correctly retype void *node to struct item * first and then
use item.fixed.name to pass the name to dns_name_equal() function.
2023-10-09 21:04:21 +02:00
Ondřej Surý
81f48e11e4
Use read number of items instead of raw array size in load_names
The load_names benchmark expected the input CSV with domains would fill
the whole item array and it would crash when the number of lines would
be less than that.

Fix the expectations by using the real number or lines read to calculate
the array start and end position for each benchmark thread.
2023-10-09 21:04:21 +02:00
Evan Hunt
03016902dd rename dns_qp_findname_ancestor() to dns_qp_lookup()
I am weary of typing so long a name. (plus, the name has become slightly
misleading now that the DNS_QPFIND_NOEXACT option no longer exists.)
2023-09-28 00:32:44 -07:00
Evan Hunt
6231fd66af rename QP-related types to use standard BIND nomenclature
changed type names in QP trie code to match the usual convention:
 - qp_node_t -> dns_qpnode_t
 - qp_ref_t -> dns_qpref_t
 - qp_shift_t -> dns_qpshift_t
 - qp_weight_t -> dns_qpweight_t
 - qp_chunk_t -> dns_qpchunk_t
 - qp_cell_t -> dns_qpcell_t
2023-09-28 00:32:39 -07:00
Evan Hunt
4e3e61806c get predecessor name in dns_qp_findname_ancestor()
dns_qp_findname_ancestor() now takes an optional 'predecessor'
parameter, which if non-NULL is updated to contain the DNSSEC
predecessor of the name searched for. this is done by constructing
an iterator stack while carrying out the search, so it can be used
to step backward if needed.
2023-09-28 00:32:37 -07:00
Evan Hunt
606232b8d5 remove DNS_QPFIND_NOEXACT
since dns_qp_findname_ancestor() can now return a chain object, it is no
longer necessary to provide a _NOEXACT search option. if we want to look
up the closest ancestor of a name, we can just do a normal search, and
if successful, retrieve the second-to-last node from the QP chain.

this makes ancestor lookups slightly more complicated for the caller,
but allows us to simplify the code in dns_qp_findname_ancestor(), making
it easier to ensure correctness.  this was a fairly rare use case:
outside of unit tests, DNS_QPFIND_NOEXACT was only used in the zone
table, which has now been updated to use the QP chain.  the equivalent
RBT feature is only used by the resolver for cache lookups of 'atparent'
types (i.e, DS records).
2023-09-28 00:30:57 -07:00
Evan Hunt
3bf23fadb0 improvements to the QP iterator
- make iterators reversible: refactor dns_qpiter_next() and add a new
  dns_qpiter_prev() function to support iterating both forwards and
  backwards through a QP trie.
- added a 'name' parameter to dns_qpiter_next() (as well as _prev())
  to make it easier to retrieve the nodename while iterating, without
  having to construct it from pointer value data.
2023-09-28 00:30:51 -07:00
Evan Hunt
7f0242b8c7 tidy the helper functions for retrieving twigs
- the helper functions for accessing twigs beneath a branch
  (branch_twig_pos(), branch_twig_ptr(), etc) were somewhat confusing
  to read, since several of them were implemented by calling other
  helper functions. they now all show what they're really doing.
- branch_twigs_vector() has been renamed to simply branch_twigs().
- revised some unrelated comments in qp_p.h for clarity.
2023-09-28 00:30:47 -07:00
Evan Hunt
7f766ba7c4 add a node chain traversal mechanism
dns_qp_findname_ancestor() now takes an optional 'chain' parameter;
if set, the dns_qpchain object it points to will be updated with an
array of pointers to the populated nodes between the tree root and the
requested name. the number of nodes in the chain can then be accessed
using dns_qpchain_length() and the individual nodes using
dns_qpchain_node().
2023-09-28 00:30:43 -07:00
Evan Hunt
29cf7dceb7 modify dns_qp_findname_ancestor() to return found name
add a 'foundname' parameter to dns_qp_findname_ancestor(),
and use it to set the found name in dns_nametree.

this required adding a dns_qpkey_toname() function; that was
done by moving qp_test_keytoname() from the test library to qp.c.
added some more test cases and fixed bugs with the handling of
relative and empty names.
2023-09-28 07:01:13 +00:00
Evan Hunt
e68a691904 add a "qplookups" benchmark test
this loads a file containing DNS names and measures the time it takes to:
1) iterate it,
2) look up each name with dns_qp_getname()
3) look up each name with dns_qp_findname_ancestor()
4) look up a modified name based on the name, to check performance
   when the name is not found.
2023-09-27 16:24:04 -07:00
Evan Hunt
d71ebd2086 minor cleanups
- removed some commented-out code
- cleaned up uses of pval and ival that were not needed
2023-09-27 13:05:05 -07:00
Evan Hunt
232f90f005 fixed the qpmulti benchmark
the refactoring of isc_job_run() and isc_async_run() in 9.19.12
intefered with the way the qpmulti benchmark uses uv_idle.
it has now been modified to use isc_job/isc_async instead.
2023-09-27 11:51:03 -07:00
Ondřej Surý
f5af981831
Change dns_message_create() function to accept memory pools
Instead of creating new memory pools for each new dns_message, change
dns_message_create() method to optionally accept externally created
dns_fixedname_t and dns_rdataset_t memory pools.  This allows us to
preallocate the memory pools in ns_client and dns_resolver units for the
lifetime of dns_resolver_t and ns_clientmgr_t.
2023-09-24 18:07:40 +02:00
Ondřej Surý
9f40eee0a8
Remove isc_hash_function macro
The last two users of 64-bit isc_hash_function() macro were removed in
the previous commits, remove the macro as well.
2023-09-19 19:56:33 +02:00
Mark Andrews
92a0d65a51
Fix hashmap iteration
When isc_hashmap_iter_delcurrent_next calls hashmap_delete_node
nodes from the front of the table could be added to the end of
the table resulting in them being returned twice.  Detect when
this is happening and prevent those nodes being returned twice
buy reducing the effective size of the table by one each time
it happens.
2023-09-19 11:18:03 +02:00
Ondřej Surý
c9b4b45943
Replace the linked list of TCP dispatches with hash table
Reusing TCP connections with dns_dispatch_gettcp() used linear linked
list to lookup existing outgoing TCP connections that could be reused.
Replace the linked list with per-loop cds_lfht hashtable to speedup the
lookups.  We use cds_lfht because it allows non-unique node insertion
that we need to check for dispatches in different connection states.
2023-09-16 07:32:18 +02:00
Ondřej Surý
6fd06c461b
Make dns_dispatch bound to threads
Instead of high number of dispatches (4 * named_g_udpdisp)[1], make the
dispatches bound to threads and make dns_dispatchset_t create a dispatch
for each thread (event loop).

This required couple of other changes:

1. The dns_dispatch_createudp() must be called on loop, so the isc_tid()
   is already initialized - changes to nsupdate and mdig were required.

2. The dns_requestmgr had only a single dispatch per v4 and v6.  Instead
   of using single dispatch, use dns_dispatchset_t for each protocol -
   this is same as dns_resolver.
2023-09-16 07:32:17 +02:00
Ondřej Surý
e270266627
Refactor isc_hashmap to accept custom match function
Refactor isc_hashmap to allow custom matching functions.  This allows us
to have better tailored keys that don't require fixed uint8_t arrays,
but can be composed of more fields from the stored data structure.
2023-09-16 07:20:48 +02:00
Ondřej Surý
4dd49ac528
Implement incremental version of SipHash 2-4 and HalfSipHash 2-4
When inserting items into hashtables (hashmaps), we might have a
fragmented key (as an example we might want to hash DNS name + class +
type).  We either need to construct continuous key in the memory and
then hash it en bloc, or incremental hashing is required.

This incremental version of SipHash 2-4 algorithm is the first building
block.

As SipHash 2-4 is often used in the hot paths, I've turned the
implementation into header-only version in the process.
2023-09-12 16:17:06 +02:00
Evan Hunt
1019c0c0b1
unconditionally create view and resolver nametrees
instead of allowing a NULL nametree in dns_nametree_covered(),
require nametree to exist, and ensure that the nametrees defined
for view and resolver objects are always created.
2023-09-04 10:19:48 +02:00
Evan Hunt
b1e4e2a9ee
add a 'foundname' argument to dns_nametree_covered()
when checking whether a name is covered, the ancestor name that
was found can be set into a name object passed in.
2023-09-04 10:19:48 +02:00
Evan Hunt
0ebaa26da7
add semantics to name trees to support counters
name trees can now also hold trees of counters. each time a name
dns_nametree_add() is called with a given name, the counter for that
name is incremented; the name is not deleted until dns_nametree_delete()
is called the same number of times.

this is meant to be used for synth-from-dnssec, which is incremented for
each key defined at a name, and decremented when a key is removed, the
name must continue to exist until the number of keys has reached zero.
2023-09-04 10:19:48 +02:00
Evan Hunt
9ed1dba976
add semantics to dns_nametree to support bitfields
name trees can now hold either boolean values or bit fields. the
type is selected when the name tree is created.

the behavior of dns_nametree_add() differs slightly beteween the types:
in a boolean tree adding an existing name will return ISC_R_EXISTS,
but in a bitfield tree it simply sets the specified bit in the bitfield
and returns ISC_R_SUCCESS.
2023-09-04 10:19:48 +02:00
Evan Hunt
56114aaa0d add dns_nametree structure for policy match lookups
this is a QP trie of boolean values to indicate whether a name is
included in or excluded from some policy. this can be used for
synth-from-dnssec, deny-answer-aliases, etc.
2023-09-01 10:46:48 -07:00
Mark Andrews
14727bb4b9 Detect uncleared libcrypto errors in rdata processing
If libcrypto errors are not cleared slow memory leaks occur which
are not detected at shutdown.
2023-09-01 12:01:20 +10:00
Mark Andrews
b6e1650455 Style fix 2023-09-01 12:01:20 +10:00
Ondřej Surý
d9048b3db1
Remove ISC_MEM_ZERO and isc_mem_*x() API
Use the new isc_mem_c*() calloc-like API for allocations that are
zeroed.

In turn, this also fixes couple of incorrect usage of the ISC_MEM_ZERO
for structures that need to be zeroed explicitly.

There are few places where isc_mem_cput() is used on structures with a
flexible member (or similar).
2023-08-31 22:08:35 +02:00
Ondřej Surý
8ac679a980
Remove ISC_MEM_ALIGN() memory flag
The ISC_MEM_ALIGN() was not used anywhere (except mem.c itself), so just
remove the unused flag.
2023-08-31 22:08:35 +02:00
Ondřej Surý
55c29b8d83
Do extra manual isc_mem_cget() conversions
Some of the cases weren't caught by the coccinelle and there were some
places where cget+memmove() could get converted to simple creget().
2023-08-31 22:08:35 +02:00
Ondřej Surý
89fcb6f897
Apply the isc_mem_cget semantic patch 2023-08-31 22:08:35 +02:00
Evan Hunt
62d70966f2 remove dns_name_towire2()
we don't need two versions of dns_name_towire(), we can just add NULL
to the calls that don't need to specify a compression offset.
2023-08-31 10:29:16 -07:00
Evan Hunt
a290ed5bd0 remove dns_name_fromstring2()
we don't need two versions of dns_name_fromstring() any longer; we
can just specify an origin value of dns_rootname for absolute names.
2023-08-31 10:29:16 -07:00