diff options
| author | Daniel Salzman <daniel.salzman@nic.cz> | 2023-08-23 18:03:57 +0200 |
|---|---|---|
| committer | Daniel Salzman <daniel.salzman@nic.cz> | 2023-08-23 18:03:57 +0200 |
| commit | 8d72578d7ccce94e1fe1f6d3face9ebe17949d78 (patch) | |
| tree | 4c1ab9fc2a56d410cba76cc5a191c6d0d7d64331 | |
| parent | doc: remove square brackets from 'ddns-master' reference (diff) | |
| parent | tests: various fixes and hardedning (diff) | |
| download | knot-8d72578d7ccce94e1fe1f6d3face9ebe17949d78.tar.xz knot-8d72578d7ccce94e1fe1f6d3face9ebe17949d78.zip | |
Merge branch 'various_fixes' into 'master'
Various fixes
See merge request knot/knot-dns!1571
| -rw-r--r-- | src/libknot/quic/quic_conn.c | 1 | ||||
| -rw-r--r-- | src/libknot/xdp/tcp.c | 2 | ||||
| -rw-r--r-- | src/utils/common/exec.c | 50 | ||||
| -rw-r--r-- | src/utils/kxdpgun/main.c | 1 | ||||
| -rw-r--r-- | tests-extra/tests/catalog/basic/test.py | 1 | ||||
| -rw-r--r-- | tests-extra/tests/catalog/update_pairs/test.py | 4 | ||||
| -rw-r--r-- | tests-extra/tests/dnssec/offline_ksk/test.py | 4 | ||||
| -rw-r--r-- | tests-extra/tests/ixfr/inconsistent_history/test.py | 1 | ||||
| -rw-r--r-- | tests-extra/tests/quic/backup/test.py | 12 |
9 files changed, 50 insertions, 26 deletions
diff --git a/src/libknot/quic/quic_conn.c b/src/libknot/quic/quic_conn.c index 8f07d1932..309337b3b 100644 --- a/src/libknot/quic/quic_conn.c +++ b/src/libknot/quic/quic_conn.c @@ -452,6 +452,7 @@ void knot_quic_stream_ack_data(knot_quic_conn_t *conn, int64_t stream_id, knot_quic_obuf_t *first; while (!EMPTY_LIST(*obs) && end_acked >= (first = HEAD(*obs))->len + s->first_offset) { rem_node((node_t *)first); + assert(HEAD(*obs) != first); // help CLANG analyzer understand what rem_node did and that further usage of HEAD(*obs) is safe s->obufs_size -= first->len; conn->obufs_size -= first->len; conn->quic_table->obufs_size -= first->len; diff --git a/src/libknot/xdp/tcp.c b/src/libknot/xdp/tcp.c index 86de9c72b..afed9fac9 100644 --- a/src/libknot/xdp/tcp.c +++ b/src/libknot/xdp/tcp.c @@ -654,6 +654,7 @@ int knot_tcp_sweep(knot_tcp_table_t *tcp_table, // reset connections to free ibufs while (free_inbuf > 0 && rl != rl_max) { + assert(tcp_table->next_ibuf != NULL); if (tcp_table->next_ibuf->inbuf.iov_len == 0) { // this conn might have get rid of ibuf in the meantime next_ptr_ibuf(&tcp_table->next_ibuf); } @@ -666,6 +667,7 @@ int knot_tcp_sweep(knot_tcp_table_t *tcp_table, // reset connections to free obufs while (free_outbuf > 0 && rl != rl_max) { + assert(tcp_table->next_obuf != NULL); if (knot_tcp_outbufs_usage(tcp_table->next_obuf->outbufs) == 0) { next_ptr_obuf(&tcp_table->next_obuf); } diff --git a/src/utils/common/exec.c b/src/utils/common/exec.c index 27412fee4..78c08d417 100644 --- a/src/utils/common/exec.c +++ b/src/utils/common/exec.c @@ -667,6 +667,33 @@ static bool all_zero(const uint8_t * const str, const size_t len) return true; } +static void json_edns_ecs(jsonw_t *w, uint8_t *optdata, uint16_t optlen, char *tmps) +{ + knot_edns_client_subnet_t ecs = { 0 }; + struct sockaddr_storage addr = { 0 }; + + int ret = knot_edns_client_subnet_parse(&ecs, optdata, optlen); + if (ret == KNOT_EOK) { + ret = knot_edns_client_subnet_get_addr(&addr, &ecs); + } + if (ret == KNOT_EOK) { + jsonw_object(w, "ECS"); + jsonw_int(w, "FAMILY", ecs.family); + + ret = sockaddr_tostr(tmps, sizeof(tmps), &addr); + assert(ret == KNOT_EOK); + jsonw_str(w, "IP", tmps); + + jsonw_int(w, "SOURCE", ecs.source_len); + if (ecs.scope_len != 0) { + jsonw_int(w, "SCOPE", ecs.scope_len); + } + jsonw_end(w); + } else { + json_edns_unknown(w, optdata, KNOT_EDNS_OPTION_CLIENT_SUBNET, optlen); + } +} + static void json_edns_opt(jsonw_t *w, uint8_t *optdata, uint16_t optype, uint16_t optlen) { char tmps[SOCKADDR_STRLEN] = { 0 }; @@ -678,26 +705,7 @@ static void json_edns_opt(jsonw_t *w, uint8_t *optdata, uint16_t optype, uint16_ jsonw_str_len(w, "NSID", optdata, optlen, true); break; case KNOT_EDNS_OPTION_CLIENT_SUBNET: - ; - knot_edns_client_subnet_t ecs = { 0 }; - int ret = knot_edns_client_subnet_parse(&ecs, optdata, optlen); - if (ret == KNOT_EOK) { - jsonw_object(w, "ECS"); - jsonw_int(w, "FAMILY", ecs.family); - - struct sockaddr_storage addr = { 0 }; - ret = knot_edns_client_subnet_get_addr(&addr, &ecs); - sockaddr_tostr(tmps, sizeof(tmps), &addr); - jsonw_str(w, "IP", tmps); - - jsonw_int(w, "SOURCE", ecs.source_len); - if (ecs.scope_len != 0) { - jsonw_int(w, "SCOPE", ecs.scope_len); - } - jsonw_end(w); - } else { - json_edns_unknown(w, optdata, optype, optlen); - } + json_edns_ecs(w, optdata, optlen, tmps); break; case KNOT_EDNS_OPTION_EXPIRE: if (optlen == 0) { @@ -785,7 +793,7 @@ static void json_print_edns(jsonw_t *w, const knot_pkt_t *pkt) } jsonw_end(w); - const knot_lookup_t *item = item = knot_lookup_by_id(knot_rcode_names, knot_pkt_ext_rcode(pkt)); + const knot_lookup_t *item = knot_lookup_by_id(knot_rcode_names, knot_pkt_ext_rcode(pkt)); (void)snprintf(tmp, sizeof(tmp), "RCODE%hu", knot_pkt_ext_rcode(pkt)); jsonw_str(w, "RCODE", item == NULL ? tmp : item->name); jsonw_int(w, "UDPSIZE", knot_edns_get_payload(pkt->opt_rr)); diff --git a/src/utils/kxdpgun/main.c b/src/utils/kxdpgun/main.c index 71cba385f..80127e4b0 100644 --- a/src/utils/kxdpgun/main.c +++ b/src/utils/kxdpgun/main.c @@ -637,6 +637,7 @@ void *xdp_gun_thread(void *_ctx) ptrnode_t *n = HEAD(reuse_conns); newconn = n->d; rem_node(&n->n); + assert(HEAD(reuse_conns) != n); free(n); if (newconn->streams_count < 1) { newconn = NULL; // un-re-usable conn diff --git a/tests-extra/tests/catalog/basic/test.py b/tests-extra/tests/catalog/basic/test.py index 56125edcc..32a97a37c 100644 --- a/tests-extra/tests/catalog/basic/test.py +++ b/tests-extra/tests/catalog/basic/test.py @@ -204,6 +204,7 @@ resp = slave.dig("cataloged2.", "SOA", dnssec=True) resp.check(rcode="REFUSED") master.start() +master.zone_wait(zone[0]) # Check refresh of catalog after purge. slave.ctl("zone-refresh %s" % zone[1].name) diff --git a/tests-extra/tests/catalog/update_pairs/test.py b/tests-extra/tests/catalog/update_pairs/test.py index 8be7f913a..3bddc4ed2 100644 --- a/tests-extra/tests/catalog/update_pairs/test.py +++ b/tests-extra/tests/catalog/update_pairs/test.py @@ -72,7 +72,7 @@ detail_log("SCENARIO " + scenario) t.start() -rootser = knot.zones_wait(rzone) +rootser = knot.zone_wait(rzone) t.sleep(5) for z in rzone: @@ -104,7 +104,7 @@ else: up.delete("bar.zones." + catz[0].name, "PTR", "cataloged2.") up.try_send() -knot.zones_wait(rzone, rootser) +knot.zone_wait(rzone, rootser + 2, equal=True) # signed twice t.sleep(10) if scenario == "uniq2x": diff --git a/tests-extra/tests/dnssec/offline_ksk/test.py b/tests-extra/tests/dnssec/offline_ksk/test.py index cb4c8febd..bc1b5ad50 100644 --- a/tests-extra/tests/dnssec/offline_ksk/test.py +++ b/tests-extra/tests/dnssec/offline_ksk/test.py @@ -179,7 +179,7 @@ def tickf(when): # generate keys, including manual KSK rollover on the beginning key_ksk1 = signer.key_gen(ZONE, ksk="true", created="+0", publish="+0", ready="+0", active="+0", retire=tickf(4), remove=tickf(5)) -key_ksk2 = signer.key_gen(ZONE, ksk="true", created="+0", publish=tickf(2), ready=tickf(3), active=tickf(4), retire="+2h", remove="+3h") +key_ksk2 = signer.key_gen(ZONE, ksk="true", created="+0", publish=tickf(3), ready=tickf(4), active=tickf(5), retire="+2h", remove="+3h") key_zsk1 = knot.key_gen(ZONE, ksk="false", created="+0", publish="+0", active="+0") # pregenerate keys, exchange KSR, pre-sign it, exchange SKR @@ -209,7 +209,7 @@ knot.zone_wait(zone) check_zone(knot, zone, 2, 1, 1, "init") zone_update(master, knot, zone, ON_SLAVE) -wait_for_dnskey_count(t, knot, 3, STARTUP + TICK_SAFE) +wait_for_dnskey_count(t, knot, 3, STARTUP + TICK_SAFE * 2) check_zone(knot, zone, 3, 2, 1, "KSK rollover: publish") zone_update(master, knot, zone, ON_SLAVE) diff --git a/tests-extra/tests/ixfr/inconsistent_history/test.py b/tests-extra/tests/ixfr/inconsistent_history/test.py index 560d478bc..b97f4f6fb 100644 --- a/tests-extra/tests/ixfr/inconsistent_history/test.py +++ b/tests-extra/tests/ixfr/inconsistent_history/test.py @@ -29,6 +29,7 @@ serial = master.zone_wait(zone, serial) master.update_zonefile(zone, version=2) master.stop() master.start() +master.zone_wait(zone) # Try to refresh slave, IXFR should fail, AXFR ok slave.ctl("zone-refresh", wait=True) diff --git a/tests-extra/tests/quic/backup/test.py b/tests-extra/tests/quic/backup/test.py index 59e9c07cf..401d5f131 100644 --- a/tests-extra/tests/quic/backup/test.py +++ b/tests-extra/tests/quic/backup/test.py @@ -18,9 +18,17 @@ backup_dir2 = os.path.join(master.dir, "backup2") keyfile = os.path.join(master.dir, "keys", DFLT_QUIC_KEY_FILE) backup_keyfile = os.path.join(backup_dir, "keys", DFLT_QUIC_KEY_FILE) -t.start() +try: + t.start() +except Failed as e: + stderr = t.out_dir + "/" + str(e).split("'")[1] + "/stderr" + with open(stderr) as fstderr: + if "QUIC" in fstderr.readline(): + raise Skip("QUIC support not compiled in") + raise e master.zones_wait(zones) +t.sleep(1) master.fill_cert_key() key1_pin = master.cert_key @@ -31,6 +39,7 @@ master.stop() master.start() master.zones_wait(zones) +t.sleep(1) master.fill_cert_key() key2_pin = master.cert_key @@ -43,6 +52,7 @@ master.stop() master.start() master.zones_wait(zones) +t.sleep(1) master.fill_cert_key() key3_pin = master.cert_key |