* Do not initialize quic_table unless it is enabled
Fedora in FIPS mode might fail to initialize ngtcp2 library, because
some ciphers desired are not available.
Make it possible to skip initialization by setting explicitly quic_port
to 0. Unless we have some listeners for port 853 configured, skip its
initialization as well.
Related: https://pagure.io/freeipa/issue/9877
* Fix typo in logged function name
subquery without subnet, and the forward-no-cache or
stub-no-cache option is set, it is not stored in cache due to
the forward or stub option.
This has the changelog entry and test.
other streams on the http2 session are not affected by a drop,
and can clean up properly if also dropped. Fix http2 send reply
so that when there is a send failure is does not recurse into
the mesh functions and also does not drop the connection due to
the condition of one stream.
to include YXDOMAIN and non-referral nodata answers in the mitigation as
well, reported by TaoFei Guo from Peking University, Yang Luo and JianJun
Chen from Tsinghua University.
- On fast_reload, the identity and version strings are always freed and
reallocated as part of dt_apply_cfg(). Add fr_worker_pickup_dnstap_changes()
to copy any changes from daemon to workers.
* Statistics counter for number of queries dropped by limit on reply addresses
Request list entries can be associated with multiple pending "reply
addresses". Basically each request list entry keeps its own list of
clients that should receive the response once the recursion is finished.
This requires keeping allocations around for each client, and there is
a global limit on the number of *additional* reply addresses that can
be allocated. (Each new request list entry seems to get its own initial
reply address which is not counted against the limit.)
This commit adds a statistics counter "num_queries_replyaddr_limit" that
counts the number of incoming client queries that have been dropped due
to the restriction on allocating additional reply addresses. This allows
distinguishing these drops from other kinds of drops.
* Statistics counter for number of mesh reply entries
Request list entries can be associated with multiple pending "reply
addresses". Since there is a limit on the number of additional reply
addresses that can be allocated which can cause incoming queries to be
dropped if exceeded, it would be nice to be able to track this number.
This commit basically exports the mesh_area's internal counter
`num_reply_addrs` as "threadX.requestlist.current.replies" /
"total.requestlist.current.replies".
* - Remove SDK_VERSION and only run failed jobs, echo windows config.log
* Use commented out to fix syntax of ci.
* - Turn off succeeded tests, only link libssp for cross compile, use
no-shared for openssl ios.
* - Remove iPhone armv7s, and iPhoneSimulator i386 from ios ci.
The lib system does not provide symbols for it on the new macos
runner.
- Fix to exclude libssp for windows compiles.
