Release 2.5.1

ChangeLog

@@ -29,6 +29,19 @@
 # 
 ################################################################################
 
+20210924:
+    YADIFA 2.5.1-public
+
+    Fixes a critical issue that could cause yadifad to crash handling certain DNS packet.
+
+    Fixes an issue where yadifad would sometimes reply with an AXFR instead of an IXFR if the journal is under maintenance.
+
+    Increased the pid column in the logger to 6 characters
+
+    Drastically increased the limit for TCP queries.
+	Note that using a high enough number compared to the available memory will cause yadifad to warn about limits and OOM kill risks.
+	In practice a few hundred TCP queries should be enough.
+
 20210602:
     YADIFA 2.5.0-public
 
@@ -53,7 +66,6 @@
     Fixes an issue where some RRSIG records may not be updated in time if they happened to have their update bundled with NSEC3 records updates while the incremental change could not be immediately written in the journal.
     Fixes the yadifa keygen module to understand "help" as a command and not as a domain.
 
-
 20210223:
     YADIFA 2.4.2-public
 

Makefile.in

@@ -337,8 +337,8 @@ HAS_CTRL = @HAS_CTRL@
 HAS_DNSSEC_TOOLS = @HAS_DNSSEC_TOOLS@
 HAS_DYNUPDATE_SUPPORT = @HAS_DYNUPDATE_SUPPORT@
 HAS_ECDSA_SUPPORT = @HAS_ECDSA_SUPPORT@
+HAS_EDDSA = @HAS_EDDSA@
 HAS_EVENT_DYNAMIC_MODULE = @HAS_EVENT_DYNAMIC_MODULE@
-HAS_FILEPOOL_CACHE = @HAS_FILEPOOL_CACHE@
 HAS_FULL_ASCII7 = @HAS_FULL_ASCII7@
 HAS_KEYGEN = @HAS_KEYGEN@
 HAS_LIBC_MALLOC_DEBUG_SUPPORT = @HAS_LIBC_MALLOC_DEBUG_SUPPORT@
@@ -360,7 +360,6 @@ HAS_RRL_SUPPORT = @HAS_RRL_SUPPORT@
 HAS_RRSIG_MANAGEMENT_SUPPORT = @HAS_RRSIG_MANAGEMENT_SUPPORT@
 HAS_SYNC_BUILTINS = @HAS_SYNC_BUILTINS@
 HAS_SYSTEMD_RESOLVED_AVOIDANCE = @HAS_SYSTEMD_RESOLVED_AVOIDANCE@
-HAS_TCP_MANAGER = @HAS_TCP_MANAGER@
 HAS_TESTS = @HAS_TESTS@
 HAS_TOOLS = @HAS_TOOLS@
 HAS_TRACK_ZONES_DEBUG_SUPPORT = @HAS_TRACK_ZONES_DEBUG_SUPPORT@

README

@@ -29,27 +29,16 @@
 # 
 ################################################################################
 
-20210602:
-    YADIFA 2.5.0-public
+20210924:
+    YADIFA 2.5.1-public
 
-    Adds a new, friendlier, TCP manager.
+    Fixes a critical issue that could cause yadifad to crash handling certain DNS packet.
 
-      In a nutshell:
+    Fixes an issue where yadifad would sometimes reply with an AXFR instead of an IXFR if the journal is under maintenance.
 
-        It is enabled using --enable-tcp-manager.
-        It works using a quota of allowed parallel connections per host. There is one value for the registered hosts and one for unknown hosts.
-        All defined primaries are automatically added to the TCP manager as registered hosts.
-        The server's local addresses are automatically added to the registered hosts.
-        The default timeout is set to 3 seconds but doesn't imply a connection will be closed : only that it is a candidate for being closed.
+    Increased the pid column in the logger to 6 characters
 
-    EDDSA support has been enable.
-
-    Sending a TCP message now uses a single system call (message_send_tcp)
-
-    Fixes an issue in some FreeBSD setups where UDP messages couldn't be sent by YADIFA.
-    Fixes an issue in FreeBSD where TCP connections would sometimes be closed too quickly.
-    Fixes an issue where failed dynamic updates prerequisites would return SERVFAIL instead of the more accurate error code.
-    Fixes atomic usage for older C compilers.
-    Fixes an issue where some RRSIG records may not be updated in time if they happened to have their update bundled with NSEC3 records updates while the incremental change could not be immediately written in the journal.
-    Fixes the yadifa keygen module to understand "help" as a command and not as a domain.
+    Drastically increased the limit for TCP queries.
+	Note that using a high enough number compared to the available memory will cause yadifad to warn about limits and OOM kill risks.
+	In practice a few hundred TCP queries should be enough.
 

VERSION

@@ -1 +1 @@
-2.5.0
+2.5.1

bin/yadifa/ChangeLog

@@ -29,6 +29,19 @@
 # 
 ################################################################################
 
+20210924:
+    YADIFA 2.5.1-public
+
+    Fixes a critical issue that could cause yadifad to crash handling certain DNS packet.
+
+    Fixes an issue where yadifad would sometimes reply with an AXFR instead of an IXFR if the journal is under maintenance.
+
+    Increased the pid column in the logger to 6 characters
+
+    Drastically increased the limit for TCP queries.
+	Note that using a high enough number compared to the available memory will cause yadifad to warn about limits and OOM kill risks.
+	In practice a few hundred TCP queries should be enough.
+
 20210602:
     YADIFA 2.5.0-public
 
@@ -53,7 +66,6 @@
     Fixes an issue where some RRSIG records may not be updated in time if they happened to have their update bundled with NSEC3 records updates while the incremental change could not be immediately written in the journal.
     Fixes the yadifa keygen module to understand "help" as a command and not as a domain.
 
-
 20210223:
     YADIFA 2.4.2-public
 

bin/yadifa/Makefile.in

@@ -473,8 +473,8 @@ HAS_CTRL = @HAS_CTRL@
 HAS_DNSSEC_TOOLS = @HAS_DNSSEC_TOOLS@
 HAS_DYNUPDATE_SUPPORT = @HAS_DYNUPDATE_SUPPORT@
 HAS_ECDSA_SUPPORT = @HAS_ECDSA_SUPPORT@
+HAS_EDDSA = @HAS_EDDSA@
 HAS_EVENT_DYNAMIC_MODULE = @HAS_EVENT_DYNAMIC_MODULE@
-HAS_FILEPOOL_CACHE = @HAS_FILEPOOL_CACHE@
 HAS_FULL_ASCII7 = @HAS_FULL_ASCII7@
 HAS_KEYGEN = @HAS_KEYGEN@
 HAS_LIBC_MALLOC_DEBUG_SUPPORT = @HAS_LIBC_MALLOC_DEBUG_SUPPORT@
@@ -496,7 +496,6 @@ HAS_RRL_SUPPORT = @HAS_RRL_SUPPORT@
 HAS_RRSIG_MANAGEMENT_SUPPORT = @HAS_RRSIG_MANAGEMENT_SUPPORT@
 HAS_SYNC_BUILTINS = @HAS_SYNC_BUILTINS@
 HAS_SYSTEMD_RESOLVED_AVOIDANCE = @HAS_SYSTEMD_RESOLVED_AVOIDANCE@
-HAS_TCP_MANAGER = @HAS_TCP_MANAGER@
 HAS_TESTS = @HAS_TESTS@
 HAS_TOOLS = @HAS_TOOLS@
 HAS_TRACK_ZONES_DEBUG_SUPPORT = @HAS_TRACK_ZONES_DEBUG_SUPPORT@

bin/yadifa/README

@@ -29,27 +29,16 @@
 # 
 ################################################################################
 
-20210602:
-    YADIFA 2.5.0-public
+20210924:
+    YADIFA 2.5.1-public
 
-    Adds a new, friendlier, TCP manager.
+    Fixes a critical issue that could cause yadifad to crash handling certain DNS packet.
 
-      In a nutshell:
+    Fixes an issue where yadifad would sometimes reply with an AXFR instead of an IXFR if the journal is under maintenance.
 
-        It is enabled using --enable-tcp-manager.
-        It works using a quota of allowed parallel connections per host. There is one value for the registered hosts and one for unknown hosts.
-        All defined primaries are automatically added to the TCP manager as registered hosts.
-        The server's local addresses are automatically added to the registered hosts.
-        The default timeout is set to 3 seconds but doesn't imply a connection will be closed : only that it is a candidate for being closed.
+    Increased the pid column in the logger to 6 characters
 
-    EDDSA support has been enable.
-
-    Sending a TCP message now uses a single system call (message_send_tcp)
-
-    Fixes an issue in some FreeBSD setups where UDP messages couldn't be sent by YADIFA.
-    Fixes an issue in FreeBSD where TCP connections would sometimes be closed too quickly.
-    Fixes an issue where failed dynamic updates prerequisites would return SERVFAIL instead of the more accurate error code.
-    Fixes atomic usage for older C compilers.
-    Fixes an issue where some RRSIG records may not be updated in time if they happened to have their update bundled with NSEC3 records updates while the incremental change could not be immediately written in the journal.
-    Fixes the yadifa keygen module to understand "help" as a command and not as a domain.
+    Drastically increased the limit for TCP queries.
+	Note that using a high enough number compared to the available memory will cause yadifad to warn about limits and OOM kill risks.
+	In practice a few hundred TCP queries should be enough.
 

bin/yadifa/VERSION

@@ -1 +1 @@
-2.5.0
+2.5.1

bin/yadifa/common.c

@@ -61,3 +61,26 @@ filename_from_path(const char *s)       // base_of_path sounds like beginning of
     return (ptr ? ++ptr : s);           // if a '/' was found, return the word starting after, else return the original word
 }
 
+static  char **module_argv = NULL;
+static int module_argc = 0;
+
+void module_arg_set(char **argv, int argc)
+{
+    module_argv = argv;
+    module_argc = argc;
+}
+
+int module_arg_count()
+{
+    return module_argc;
+}
+
+const char *module_arg_get(int index)
+{
+    if((index >= 0) && (index < module_argc))
+    {
+        return module_argv[index];
+    }
+
+    return NULL;
+}

bin/yadifa/common.h

@@ -148,6 +148,10 @@ const char *filename_from_path(const char *fullpath);
 
 int module_verbosity_level();
 
+void module_arg_set(char **argv, int argc);
+int module_arg_count();
+const char *module_arg_get(int index);
+
 #ifdef __cplusplus
 }
 #endif

bin/yadifa/message-viewer-dig.c

@@ -100,9 +100,8 @@ message_viewer_dig_end(message_viewer *mv, long time_duration)
     osformat(os, ";; Query time: %ld msec\n", time_duration);
 
     /** @todo 20150710 gve -- still need to implemented the server viewable line */
-//    osformat(os, ";; SERVER: %{hostaddr}(%{hostaddr})\n", config->server, config->server);
-
-    osformat(os,   ";; WHEN: %s", ctime(&timep));
+    osformat(os, ";; SERVER: %{hostaddr}(%{hostaddrip})\n", mv->host, mv->host);
+    osformat(os, ";; WHEN: %s", ctime(&timep));
 
     if(mv->view_mode_with & MESSAGE_VIEWER_WITH_XFR)
     {
@@ -112,7 +111,7 @@ message_viewer_dig_end(message_viewer *mv, long time_duration)
     {
         osformat(os, ";; MSG SIZE rcvd: %ld", mv->bytes);
     }
-    //osformat(os, "\n");
+    osformat(os, "\n");
 }
 
 
@@ -183,8 +182,10 @@ message_viewer_dig_header(message_viewer *mv, const u8 *buffer)
              count_name[0], count[0],
              count_name[1], count[1],
              count_name[2], count[2],
-             count_name[3], count[3]
-    );
+             count_name[3], count[3]);
+
+    // note: should handle ;; WARNING: recursion requested but not available
+    osprintln(os, "");
 }
 
 
@@ -233,7 +234,7 @@ message_viewer_dig_section_footer(message_viewer *mv, u32 section_idx, u16 count
 
 
 static void
-message_viewer_dig_question_record(message_viewer *mv, u8 *record_wire, u16 rclass, u16 rtype)
+message_viewer_dig_question_record(message_viewer *mv, const u8 *record_wire, u16 rclass, u16 rtype)
 {
     if(mv->view_mode_with & MESSAGE_VIEWER_WITH_XFR)
     {
@@ -283,7 +284,7 @@ message_viewer_dig_question_record(message_viewer *mv, u8 *record_wire, u16 rcla
 
 
 static void
-message_viewer_dig_section_record(message_viewer *mv, u8 *record_wire, u8 section_idx)
+message_viewer_dig_section_record(message_viewer *mv, const u8 *record_wire, u8 section_idx)
 {
     (void)section_idx;
 
@@ -301,10 +302,9 @@ message_viewer_dig_section_record(message_viewer *mv, u8 *record_wire, u8 sectio
 
     /*    ------------------------------------------------------------    */
 
-
     /* 1. get the needed parameters: FQDN, TYPE, CLASS, TTL, RDATA size */
-    u8 *rname      = record_wire;
-    u8 *rdata      = rname + dnsname_len(rname);
+    const u8 *rname      = record_wire;
+    const u8 *rdata      = rname + dnsname_len(rname);
     u16 rtype      = GET_U16_AT(rdata[0]);
     u16 rclass     = GET_U16_AT(rdata[2]);
     u32 rttl       = ntohl(GET_U32_AT(rdata[4]));
@@ -337,7 +337,6 @@ message_viewer_dig_section_record(message_viewer *mv, u8 *record_wire, u8 sectio
     osformat(os, "%7d", rttl);
     output_stream_write_u8(os, (u8)' ');
 
-
     /* C. write CLASS + alignment for next item */
     next = counters.write_count + 7;
 
@@ -366,6 +365,93 @@ message_viewer_dig_section_record(message_viewer *mv, u8 *record_wire, u8 sectio
     flushout();
 }
 
+static ya_result
+message_viewer_dig_pseudosection_record(message_viewer *mv, const u8 *record_wire)
+{
+    const u8 *p = record_wire;
+    const u8 *name = p;
+    p += dnsname_len(p);
+    u16 rtype = GET_U16_AT_P(p);
+    p += 2;
+    u16 rclass = GET_U16_AT_P(p);
+    p += 2;
+    u32 rttl = ntohl(GET_U32_AT_P(p));
+    p += 4;
+    u16 rdatasize = ntohs(GET_U16_AT_P(p));
+    p += 2;
+    const u8 *rdata = p;
+
+    switch(rtype)
+    {
+        case TYPE_OPT:
+        {
+            osprintln(mv->os, ";; OPT PSEUDOSECTION:");
+            if(*name != 0)
+            {
+                // wrong
+                osformatln(mv->os, "; WARNING: wrong OPT record name %{dnsname}", name);
+            }
+            //u8 extended_rcode = (u8)((rttl >> 24) & 0xff);
+            u8 version = (u8)((rttl >> 16) & 0xff);
+            bool do_bit = rttl & MESSAGE_EDNS0_DNSSEC;
+            osformat(mv->os, "; EDNS: version %u, flags:", version);
+            if(do_bit)
+            {
+                output_stream_write(mv->os, " do", 3);
+            }
+            osformatln(mv->os, "; udp: %u", ntohs(rclass));
+
+            const u8 *rdata_limit = &rdata[rdatasize];
+
+            while(rdata < rdata_limit)
+            {
+                if(rdata_limit - rdata < 4)
+                {
+                    osformatln(mv->os, "; WARNING: OPT rdata format error", name);
+                    break;
+                }
+
+                u16 option_code = GET_U16_AT_P(rdata);
+                rdata += 2;
+                u16 option_length = ntohs(GET_U16_AT_P(rdata));
+                rdata += 2;
+
+                if(rdata_limit - rdata < option_length)
+                {
+                    osformatln(mv->os, "; WARNING: OPT rdata format error", name);
+                    break;
+                }
+
+                switch(option_code)
+                {
+                    default:
+                    {
+                        osformat(mv->os, "; CODE: %u DATA: ", ntohs(option_code));
+                        osprint_base16(mv->os, rdata, option_length);
+                        output_stream_write_u8(mv->os, '\n');
+                        break;
+                    }
+                }
+
+                rdata += option_length;
+            }
+            break;
+        }
+        case TYPE_TSIG:
+        {
+            osprintln(mv->os, ";; TSIG PSEUDOSECTION:");
+            message_viewer_dig_section_record(mv, record_wire, 3);
+            output_stream_write_u8(mv->os, '\n');
+            break;
+        }
+        default:
+        {
+            break;
+        }
+    }
+
+    return SUCCESS;
+}
 
 static const message_viewer_vtbl dig_viewer_vtbl = {
        message_viewer_dig_header,
@@ -375,6 +461,7 @@ static const message_viewer_vtbl dig_viewer_vtbl = {
        message_viewer_dig_section_footer,
        message_viewer_dig_question_record,
        message_viewer_dig_section_record,
+       message_viewer_dig_pseudosection_record,
        "message_viewer_dig",
 };