Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnsdist for openSUSE:Factory checked in at 2024-02-13 22:42:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dnsdist (Old) and /work/SRC/openSUSE:Factory/.dnsdist.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dnsdist" Tue Feb 13 22:42:15 2024 rev:8 rq:1146199 version:1.8.3 Changes: -------- --- /work/SRC/openSUSE:Factory/dnsdist/dnsdist.changes 2023-11-23 21:43:59.930896168 +0100 +++ /work/SRC/openSUSE:Factory/.dnsdist.new.1815/dnsdist.changes 2024-02-13 22:42:33.116638661 +0100 @@ -1,0 +2,19 @@ +Fri Feb 9 13:37:26 UTC 2024 - Dominique Leuenberger <[email protected]> + +- Revert "provide user(dnsdist) and group(dnsdist)": the package + already uses sysusers-tools to create the user. +- Actually install dnsdist.user as %{_sysusersdir}/dnsdist.conf. + +------------------------------------------------------------------- +Fri Feb 9 12:41:00 UTC 2024 - Adam Majer <[email protected]> - 1.8.3 + +- update to 1.8.3 + https://dnsdist.org/changelog.html#change-1.8.3 + https://dnsdist.org/changelog.html#change-1.8.2 + +------------------------------------------------------------------- +Mon Feb 5 10:06:37 UTC 2024 - Marcus Meissner <[email protected]> + +- provide user(dnsdist) and group(dnsdist) + +------------------------------------------------------------------- Old: ---- dnsdist-1.8.1.tar.bz2 dnsdist-1.8.1.tar.bz2.sig New: ---- dnsdist-1.8.3.tar.bz2 dnsdist-1.8.3.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dnsdist.spec ++++++ --- /var/tmp/diff_new_pack.jar7Ta/_old 2024-02-13 22:42:34.084673501 +0100 +++ /var/tmp/diff_new_pack.jar7Ta/_new 2024-02-13 22:42:34.084673501 +0100 @@ -1,7 +1,7 @@ # # spec file for package dnsdist # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,6 +16,7 @@ # +%define home %{_var}/lib/%{name} %if 0%{?suse_version} %bcond_without apparmor %else @@ -25,29 +26,25 @@ # this should only be needed if we have to patch the ragel files # in which case it might be faster to just run it locally and put the regenerated file into the tarball %bcond_with dnsdist_ragel - # requires h2o http server for DoH %bcond_with dnsdist_doh - -%if 0%{?%is_backports} || 0%{?suse_version} >= 1599 +%if 0%{?%{is_backports}} || 0%{?suse_version} >= 1599 %bcond_without dnsdist_re2 %else %bcond_with dnsdist_re2 %endif - %if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1599 %bcond_without dnsdist_luajit %else %bcond_with dnsdist_luajit %endif - Name: dnsdist -Version: 1.8.1 +Version: 1.8.3 Release: 0 -License: GPL-2.0-only Summary: A highly DNS-, DoS- and abuse-aware loadbalancer -URL: http://www.powerdns.com/ +License: GPL-2.0-only Group: Productivity/Networking/DNS/Servers +URL: https://www.powerdns.com/ Source0: https://downloads.powerdns.com/releases/dnsdist-%{version}.tar.bz2 Source1: https://downloads.powerdns.com/releases/dnsdist-%{version}.tar.bz2.sig Source2: https://dnsdist.org/_static/dnsdist-keyblock.asc#/dnsdist.keyring @@ -55,6 +52,22 @@ Source11: dnsdist.lua Source12: usr.sbin.dnsdist Source13: local.usr.sbin.dnsdist +BuildRequires: gcc-c++ +BuildRequires: libboost_headers-devel +BuildRequires: libedit-devel +BuildRequires: libfstrm-devel +BuildRequires: libsodium-devel +BuildRequires: lmdb-devel +BuildRequires: net-snmp-devel +BuildRequires: pkgconfig +BuildRequires: sysuser-shadow +BuildRequires: sysuser-tools +BuildRequires: pkgconfig(libcap) +BuildRequires: pkgconfig(libnghttp2) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(systemd) +%systemd_ordering +%sysusers_requires %if %{with apparmor} BuildRequires: apparmor-profiles %endif @@ -67,29 +80,11 @@ %if %{with dnsdist_doh} BuildRequires: pkgconfig(libh2o-evloop) %endif -BuildRequires: gcc-c++ -BuildRequires: libboost_headers-devel -BuildRequires: libedit-devel -BuildRequires: libfstrm-devel -BuildRequires: libsodium-devel -BuildRequires: lmdb-devel %if %{with dnsdist_luajit} BuildRequires: pkgconfig(luajit) %else BuildRequires: pkgconfig(lua) %endif -BuildRequires: net-snmp-devel -BuildRequires: pkgconfig -BuildRequires: sysuser-shadow -BuildRequires: sysuser-tools -BuildRequires: pkgconfig(libcap) -BuildRequires: pkgconfig(libnghttp2) -BuildRequires: pkgconfig(libsystemd) -BuildRequires: pkgconfig(systemd) -%{systemd_ordering} -%{sysusers_requires} - -%define home %{_var}/lib/%{name} %description dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life @@ -100,11 +95,11 @@ runtime, and that its statistics can be queried from a console-like interface. %prep -%autosetup -p1 -n %name-%version +%autosetup -p1 -n %{name}-%{version} %build export CFLAGS="%{optflags} -Wno-error=deprecated-declarations" -%ifarch %arm %ix86 +%ifarch %{arm} %{ix86} export CFLAGS="$CFLAGS -D__USE_TIME_BITS64" %endif export CXXFLAGS="$CFLAGS" @@ -132,22 +127,24 @@ --bindir=%{_sbindir} \ --sysconfdir=%{_sysconfdir}/%{name}/ -make %{?_smp_mflags} +%make_build %sysusers_generate_pre %{SOURCE10} %{name} %install -make install DESTDIR=%{buildroot} %{?_smp_mflags} +%make_install # %if 0%{?suse_version} ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} %endif %if %{with apparmor} -install -D -m 0644 %{S:12} %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.dnsdist -install -D -m 0644 %{S:13} %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.dnsdist +install -D -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.dnsdist +install -D -m 0644 %{SOURCE13} %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.dnsdist %endif install -Dd -m 0750 %{buildroot}%{_sysconfdir}/%{name}/ %{buildroot}%{home}/ -install -m 0640 %{S:11} %{buildroot}%{_sysconfdir}/%{name}/dnsdist.conf +install -m 0640 %{SOURCE11} %{buildroot}%{_sysconfdir}/%{name}/dnsdist.conf + +install -D -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/dnsdist.conf %pre -f %{name}.pre %service_add_pre %{name}.service %{name}@.service @@ -164,8 +161,9 @@ %files %doc README.md %{_sbindir}/dnsdist -%{_mandir}/man1/dnsdist.1* +%{_mandir}/man1/dnsdist.1%{?ext_man} %{_unitdir}/%{name}*.service +%{_sysusersdir}/dnsdist.conf %if 0%{?suse_version} %{_sbindir}/rc%{name} %endif ++++++ dnsdist-1.8.1.tar.bz2 -> dnsdist-1.8.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/Makefile.am new/dnsdist-1.8.3/Makefile.am --- old/dnsdist-1.8.1/Makefile.am 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/Makefile.am 2023-12-14 13:49:09.000000000 +0100 @@ -138,6 +138,7 @@ dnscrypt.cc dnscrypt.hh \ dnsdist-async.cc dnsdist-async.hh \ dnsdist-backend.cc \ + dnsdist-backoff.hh \ dnsdist-cache.cc dnsdist-cache.hh \ dnsdist-carbon.cc dnsdist-carbon.hh \ dnsdist-concurrent-connections.hh \ @@ -250,6 +251,7 @@ dnscrypt.cc dnscrypt.hh \ dnsdist-async.cc dnsdist-async.hh \ dnsdist-backend.cc \ + dnsdist-backoff.hh \ dnsdist-cache.cc dnsdist-cache.hh \ dnsdist-concurrent-connections.hh \ dnsdist-dnsparser.cc dnsdist-dnsparser.hh \ @@ -316,6 +318,7 @@ test-dnsdist_cc.cc \ test-dnsdistasync.cc \ test-dnsdistbackend_cc.cc \ + test-dnsdistbackoff.cc \ test-dnsdistdynblocks_hh.cc \ test-dnsdistkvs_cc.cc \ test-dnsdistlbpolicies_cc.cc \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/Makefile.in new/dnsdist-1.8.3/Makefile.in --- old/dnsdist-1.8.1/Makefile.in 2023-09-07 14:28:10.000000000 +0200 +++ new/dnsdist-1.8.3/Makefile.in 2023-12-14 13:49:29.000000000 +0100 @@ -205,8 +205,8 @@ circular_buffer.hh connection-management.hh credentials.cc \ credentials.hh dns.cc dns.hh dns_random.hh dnscrypt.cc \ dnscrypt.hh dnsdist-async.cc dnsdist-async.hh \ - dnsdist-backend.cc dnsdist-cache.cc dnsdist-cache.hh \ - dnsdist-carbon.cc dnsdist-carbon.hh \ + dnsdist-backend.cc dnsdist-backoff.hh dnsdist-cache.cc \ + dnsdist-cache.hh dnsdist-carbon.cc dnsdist-carbon.hh \ dnsdist-concurrent-connections.hh dnsdist-console.cc \ dnsdist-console.hh dnsdist-discovery.cc dnsdist-discovery.hh \ dnsdist-dnscrypt.cc dnsdist-dnsparser.cc dnsdist-dnsparser.hh \ @@ -348,14 +348,14 @@ cachecleaner.hh circular_buffer.hh connection-management.hh \ credentials.cc credentials.hh dns.cc dns.hh dnscrypt.cc \ dnscrypt.hh dnsdist-async.cc dnsdist-async.hh \ - dnsdist-backend.cc dnsdist-cache.cc dnsdist-cache.hh \ - dnsdist-concurrent-connections.hh dnsdist-dnsparser.cc \ - dnsdist-dnsparser.hh dnsdist-downstream-connection.hh \ - dnsdist-dynblocks.cc dnsdist-dynblocks.hh dnsdist-dynbpf.cc \ - dnsdist-dynbpf.hh dnsdist-ecs.cc dnsdist-ecs.hh \ - dnsdist-idstate.hh dnsdist-kvs.cc dnsdist-kvs.hh \ - dnsdist-lbpolicies.cc dnsdist-lbpolicies.hh \ - dnsdist-lua-bindings-dnsquestion.cc \ + dnsdist-backend.cc dnsdist-backoff.hh dnsdist-cache.cc \ + dnsdist-cache.hh dnsdist-concurrent-connections.hh \ + dnsdist-dnsparser.cc dnsdist-dnsparser.hh \ + dnsdist-downstream-connection.hh dnsdist-dynblocks.cc \ + dnsdist-dynblocks.hh dnsdist-dynbpf.cc dnsdist-dynbpf.hh \ + dnsdist-ecs.cc dnsdist-ecs.hh dnsdist-idstate.hh \ + dnsdist-kvs.cc dnsdist-kvs.hh dnsdist-lbpolicies.cc \ + dnsdist-lbpolicies.hh dnsdist-lua-bindings-dnsquestion.cc \ dnsdist-lua-bindings-kvs.cc dnsdist-lua-bindings.cc \ dnsdist-lua-ffi-interface.h dnsdist-lua-ffi-interface.inc \ dnsdist-lua-ffi.cc dnsdist-lua-ffi.hh dnsdist-lua-network.cc \ @@ -383,17 +383,18 @@ test-dnsdist-connections-cache.cc test-dnsdist-dnsparser.cc \ test-dnsdist-lua-ffi.cc test-dnsdist_cc.cc \ test-dnsdistasync.cc test-dnsdistbackend_cc.cc \ - test-dnsdistdynblocks_hh.cc test-dnsdistkvs_cc.cc \ - test-dnsdistlbpolicies_cc.cc test-dnsdistluanetwork.cc \ - test-dnsdistnghttp2_cc.cc test-dnsdistpacketcache_cc.cc \ - test-dnsdistrings_cc.cc test-dnsdistrules_cc.cc \ - test-dnsdistsvc_cc.cc test-dnsdisttcp_cc.cc \ - test-dnsparser_cc.cc test-iputils_hh.cc test-luawrapper.cc \ - test-mplexer.cc test-proxy_protocol_cc.cc testrunner.cc \ - threadname.hh threadname.cc uuid-utils.hh uuid-utils.cc xpf.cc \ - xpf.hh cdb.cc cdb.hh ext/lmdb-safe/lmdb-safe.cc \ - ext/lmdb-safe/lmdb-safe.hh kqueuemplexer.cc epollmplexer.cc \ - devpollmplexer.cc portsmplexer.cc + test-dnsdistbackoff.cc test-dnsdistdynblocks_hh.cc \ + test-dnsdistkvs_cc.cc test-dnsdistlbpolicies_cc.cc \ + test-dnsdistluanetwork.cc test-dnsdistnghttp2_cc.cc \ + test-dnsdistpacketcache_cc.cc test-dnsdistrings_cc.cc \ + test-dnsdistrules_cc.cc test-dnsdistsvc_cc.cc \ + test-dnsdisttcp_cc.cc test-dnsparser_cc.cc test-iputils_hh.cc \ + test-luawrapper.cc test-mplexer.cc test-proxy_protocol_cc.cc \ + testrunner.cc threadname.hh threadname.cc uuid-utils.hh \ + uuid-utils.cc xpf.cc xpf.hh cdb.cc cdb.hh \ + ext/lmdb-safe/lmdb-safe.cc ext/lmdb-safe/lmdb-safe.hh \ + kqueuemplexer.cc epollmplexer.cc devpollmplexer.cc \ + portsmplexer.cc am_testrunner_OBJECTS = bpf-filter.$(OBJEXT) credentials.$(OBJEXT) \ dns.$(OBJEXT) dnscrypt.$(OBJEXT) dnsdist-async.$(OBJEXT) \ dnsdist-backend.$(OBJEXT) dnsdist-cache.$(OBJEXT) \ @@ -424,6 +425,7 @@ test-dnsdist-dnsparser.$(OBJEXT) \ test-dnsdist-lua-ffi.$(OBJEXT) test-dnsdist_cc.$(OBJEXT) \ test-dnsdistasync.$(OBJEXT) test-dnsdistbackend_cc.$(OBJEXT) \ + test-dnsdistbackoff.$(OBJEXT) \ test-dnsdistdynblocks_hh.$(OBJEXT) \ test-dnsdistkvs_cc.$(OBJEXT) \ test-dnsdistlbpolicies_cc.$(OBJEXT) \ @@ -530,6 +532,7 @@ ./$(DEPDIR)/test-dnsdist_cc.Po \ ./$(DEPDIR)/test-dnsdistasync.Po \ ./$(DEPDIR)/test-dnsdistbackend_cc.Po \ + ./$(DEPDIR)/test-dnsdistbackoff.Po \ ./$(DEPDIR)/test-dnsdistdynblocks_hh.Po \ ./$(DEPDIR)/test-dnsdistkvs_cc.Po \ ./$(DEPDIR)/test-dnsdistlbpolicies_cc.Po \ @@ -1129,8 +1132,8 @@ circular_buffer.hh connection-management.hh credentials.cc \ credentials.hh dns.cc dns.hh dns_random.hh dnscrypt.cc \ dnscrypt.hh dnsdist-async.cc dnsdist-async.hh \ - dnsdist-backend.cc dnsdist-cache.cc dnsdist-cache.hh \ - dnsdist-carbon.cc dnsdist-carbon.hh \ + dnsdist-backend.cc dnsdist-backoff.hh dnsdist-cache.cc \ + dnsdist-cache.hh dnsdist-carbon.cc dnsdist-carbon.hh \ dnsdist-concurrent-connections.hh dnsdist-console.cc \ dnsdist-console.hh dnsdist-discovery.cc dnsdist-discovery.hh \ dnsdist-dnscrypt.cc dnsdist-dnsparser.cc dnsdist-dnsparser.hh \ @@ -1190,14 +1193,14 @@ cachecleaner.hh circular_buffer.hh connection-management.hh \ credentials.cc credentials.hh dns.cc dns.hh dnscrypt.cc \ dnscrypt.hh dnsdist-async.cc dnsdist-async.hh \ - dnsdist-backend.cc dnsdist-cache.cc dnsdist-cache.hh \ - dnsdist-concurrent-connections.hh dnsdist-dnsparser.cc \ - dnsdist-dnsparser.hh dnsdist-downstream-connection.hh \ - dnsdist-dynblocks.cc dnsdist-dynblocks.hh dnsdist-dynbpf.cc \ - dnsdist-dynbpf.hh dnsdist-ecs.cc dnsdist-ecs.hh \ - dnsdist-idstate.hh dnsdist-kvs.cc dnsdist-kvs.hh \ - dnsdist-lbpolicies.cc dnsdist-lbpolicies.hh \ - dnsdist-lua-bindings-dnsquestion.cc \ + dnsdist-backend.cc dnsdist-backoff.hh dnsdist-cache.cc \ + dnsdist-cache.hh dnsdist-concurrent-connections.hh \ + dnsdist-dnsparser.cc dnsdist-dnsparser.hh \ + dnsdist-downstream-connection.hh dnsdist-dynblocks.cc \ + dnsdist-dynblocks.hh dnsdist-dynbpf.cc dnsdist-dynbpf.hh \ + dnsdist-ecs.cc dnsdist-ecs.hh dnsdist-idstate.hh \ + dnsdist-kvs.cc dnsdist-kvs.hh dnsdist-lbpolicies.cc \ + dnsdist-lbpolicies.hh dnsdist-lua-bindings-dnsquestion.cc \ dnsdist-lua-bindings-kvs.cc dnsdist-lua-bindings.cc \ dnsdist-lua-ffi-interface.h dnsdist-lua-ffi-interface.inc \ dnsdist-lua-ffi.cc dnsdist-lua-ffi.hh dnsdist-lua-network.cc \ @@ -1225,16 +1228,17 @@ test-dnsdist-connections-cache.cc test-dnsdist-dnsparser.cc \ test-dnsdist-lua-ffi.cc test-dnsdist_cc.cc \ test-dnsdistasync.cc test-dnsdistbackend_cc.cc \ - test-dnsdistdynblocks_hh.cc test-dnsdistkvs_cc.cc \ - test-dnsdistlbpolicies_cc.cc test-dnsdistluanetwork.cc \ - test-dnsdistnghttp2_cc.cc test-dnsdistpacketcache_cc.cc \ - test-dnsdistrings_cc.cc test-dnsdistrules_cc.cc \ - test-dnsdistsvc_cc.cc test-dnsdisttcp_cc.cc \ - test-dnsparser_cc.cc test-iputils_hh.cc test-luawrapper.cc \ - test-mplexer.cc test-proxy_protocol_cc.cc testrunner.cc \ - threadname.hh threadname.cc uuid-utils.hh uuid-utils.cc xpf.cc \ - xpf.hh $(am__append_12) $(am__append_21) $(am__append_28) \ - $(am__append_30) $(am__append_32) $(am__append_34) + test-dnsdistbackoff.cc test-dnsdistdynblocks_hh.cc \ + test-dnsdistkvs_cc.cc test-dnsdistlbpolicies_cc.cc \ + test-dnsdistluanetwork.cc test-dnsdistnghttp2_cc.cc \ + test-dnsdistpacketcache_cc.cc test-dnsdistrings_cc.cc \ + test-dnsdistrules_cc.cc test-dnsdistsvc_cc.cc \ + test-dnsdisttcp_cc.cc test-dnsparser_cc.cc test-iputils_hh.cc \ + test-luawrapper.cc test-mplexer.cc test-proxy_protocol_cc.cc \ + testrunner.cc threadname.hh threadname.cc uuid-utils.hh \ + uuid-utils.cc xpf.cc xpf.hh $(am__append_12) $(am__append_21) \ + $(am__append_28) $(am__append_30) $(am__append_32) \ + $(am__append_34) dnsdist_LDFLAGS = \ $(AM_LDFLAGS) \ $(PROGRAM_LDFLAGS) \ @@ -1507,6 +1511,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdist_cc.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistasync.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistbackend_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistbackoff.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistdynblocks_hh.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistkvs_cc.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistlbpolicies_cc.Po@am__quote@ # am--include-marker @@ -2292,6 +2297,7 @@ -rm -f ./$(DEPDIR)/test-dnsdist_cc.Po -rm -f ./$(DEPDIR)/test-dnsdistasync.Po -rm -f ./$(DEPDIR)/test-dnsdistbackend_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistbackoff.Po -rm -f ./$(DEPDIR)/test-dnsdistdynblocks_hh.Po -rm -f ./$(DEPDIR)/test-dnsdistkvs_cc.Po -rm -f ./$(DEPDIR)/test-dnsdistlbpolicies_cc.Po @@ -2458,6 +2464,7 @@ -rm -f ./$(DEPDIR)/test-dnsdist_cc.Po -rm -f ./$(DEPDIR)/test-dnsdistasync.Po -rm -f ./$(DEPDIR)/test-dnsdistbackend_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistbackoff.Po -rm -f ./$(DEPDIR)/test-dnsdistdynblocks_hh.Po -rm -f ./$(DEPDIR)/test-dnsdistkvs_cc.Po -rm -f ./$(DEPDIR)/test-dnsdistlbpolicies_cc.Po diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/configure new/dnsdist-1.8.3/configure --- old/dnsdist-1.8.1/configure 2023-09-07 14:28:08.000000000 +0200 +++ new/dnsdist-1.8.3/configure 2023-12-14 13:49:27.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for dnsdist 1.8.1. +# Generated by GNU Autoconf 2.69 for dnsdist 1.8.3. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='dnsdist' PACKAGE_TARNAME='dnsdist' -PACKAGE_VERSION='1.8.1' -PACKAGE_STRING='dnsdist 1.8.1' +PACKAGE_VERSION='1.8.3' +PACKAGE_STRING='dnsdist 1.8.3' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1585,7 +1585,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures dnsdist 1.8.1 to adapt to many kinds of systems. +\`configure' configures dnsdist 1.8.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1656,7 +1656,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of dnsdist 1.8.1:";; + short | recursive ) echo "Configuration of dnsdist 1.8.3:";; esac cat <<\_ACEOF @@ -1870,7 +1870,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -dnsdist configure 1.8.1 +dnsdist configure 1.8.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2542,7 +2542,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by dnsdist $as_me 1.8.1, which was +It was created by dnsdist $as_me 1.8.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3408,7 +3408,7 @@ # Define the identity of the package. PACKAGE='dnsdist' - VERSION='1.8.1' + VERSION='1.8.3' cat >>confdefs.h <<_ACEOF @@ -25871,7 +25871,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by dnsdist $as_me 1.8.1, which was +This file was extended by dnsdist $as_me 1.8.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -25937,7 +25937,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -dnsdist config.status 1.8.1 +dnsdist config.status 1.8.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/configure.ac new/dnsdist-1.8.3/configure.ac --- old/dnsdist-1.8.1/configure.ac 2023-09-07 14:27:59.000000000 +0200 +++ new/dnsdist-1.8.3/configure.ac 2023-12-14 13:49:21.000000000 +0100 @@ -1,6 +1,6 @@ AC_PREREQ([2.69]) -AC_INIT([dnsdist], [1.8.1]) +AC_INIT([dnsdist], [1.8.3]) AM_INIT_AUTOMAKE([foreign tar-ustar dist-bzip2 no-dist-gzip parallel-tests 1.11 subdir-objects]) AM_SILENT_RULES([yes]) AC_CONFIG_MACRO_DIR([m4]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist-backend.cc new/dnsdist-1.8.3/dnsdist-backend.cc --- old/dnsdist-1.8.1/dnsdist-backend.cc 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/dnsdist-backend.cc 2023-12-14 13:49:09.000000000 +0100 @@ -21,6 +21,7 @@ */ #include "dnsdist.hh" +#include "dnsdist-backoff.hh" #include "dnsdist-nghttp2.hh" #include "dnsdist-random.hh" #include "dnsdist-rings.hh" @@ -676,14 +677,14 @@ } time_t backOff = d_config.d_lazyHealthCheckMaxBackOff; - double backOffCoeffTmp = std::pow(2.0, failedTests); - if (backOffCoeffTmp != HUGE_VAL && static_cast<uint64_t>(backOffCoeffTmp) <= static_cast<uint64_t>(std::numeric_limits<time_t>::max())) { - time_t backOffCoeff = static_cast<time_t>(backOffCoeffTmp); - if ((std::numeric_limits<time_t>::max() / d_config.d_lazyHealthCheckFailedInterval) >= backOffCoeff) { - backOff = d_config.d_lazyHealthCheckFailedInterval * backOffCoeff; - if (backOff > d_config.d_lazyHealthCheckMaxBackOff || (std::numeric_limits<time_t>::max() - now) <= backOff) { - backOff = d_config.d_lazyHealthCheckMaxBackOff; - } + const ExponentialBackOffTimer backOffTimer(d_config.d_lazyHealthCheckMaxBackOff); + auto backOffCoeffTmp = backOffTimer.get(failedTests); + /* backOffCoeffTmp cannot be higher than d_config.d_lazyHealthCheckMaxBackOff */ + const auto backOffCoeff = static_cast<time_t>(backOffCoeffTmp); + if ((std::numeric_limits<time_t>::max() / d_config.d_lazyHealthCheckFailedInterval) >= backOffCoeff) { + backOff = d_config.d_lazyHealthCheckFailedInterval * backOffCoeff; + if (backOff > d_config.d_lazyHealthCheckMaxBackOff || (std::numeric_limits<time_t>::max() - now) <= backOff) { + backOff = d_config.d_lazyHealthCheckMaxBackOff; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist-backoff.hh new/dnsdist-1.8.3/dnsdist-backoff.hh --- old/dnsdist-1.8.1/dnsdist-backoff.hh 1970-01-01 01:00:00.000000000 +0100 +++ new/dnsdist-1.8.3/dnsdist-backoff.hh 2023-12-14 13:49:09.000000000 +0100 @@ -0,0 +1,44 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +class ExponentialBackOffTimer +{ +public: + ExponentialBackOffTimer(unsigned int maxBackOff) : + d_maxBackOff(maxBackOff) + { + } + + unsigned int get(size_t consecutiveFailures) const + { + unsigned int backOff = d_maxBackOff; + if (consecutiveFailures <= 31) { + backOff = 1U << consecutiveFailures; + backOff = std::min(d_maxBackOff, backOff); + } + return backOff; + } + +private: + const unsigned int d_maxBackOff; +}; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist-carbon.cc new/dnsdist-1.8.3/dnsdist-carbon.cc --- old/dnsdist-1.8.1/dnsdist-carbon.cc 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/dnsdist-carbon.cc 2023-12-14 13:49:09.000000000 +0100 @@ -25,6 +25,7 @@ #include "dnsdist-carbon.hh" #include "dnsdist.hh" +#include "dnsdist-backoff.hh" #ifndef DISABLE_CARBON #include "dolog.hh" @@ -272,6 +273,8 @@ { setThreadName("dnsdist/carbon"); const auto intervalUSec = endpoint.interval * 1000 * 1000; + /* maximum interval between two attempts is 10 minutes */ + const ExponentialBackOffTimer backOffTimer(10 * 60); try { uint8_t consecutiveFailures = 0; @@ -290,16 +293,7 @@ consecutiveFailures = 0; } else { - /* maximum interval between two attempts is 10 minutes */ - const time_t maxBackOff = 10 * 60; - time_t backOff = 1; - double backOffTmp = std::pow(2.0, static_cast<double>(consecutiveFailures)); - if (backOffTmp != HUGE_VAL && static_cast<uint64_t>(backOffTmp) <= static_cast<uint64_t>(std::numeric_limits<time_t>::max())) { - backOff = static_cast<time_t>(backOffTmp); - if (backOff > maxBackOff) { - backOff = maxBackOff; - } - } + const auto backOff = backOffTimer.get(consecutiveFailures); if (consecutiveFailures < std::numeric_limits<decltype(consecutiveFailures)>::max()) { consecutiveFailures++; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist-dynblocks.cc new/dnsdist-1.8.3/dnsdist-dynblocks.cc --- old/dnsdist-1.8.1/dnsdist-dynblocks.cc 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/dnsdist-dynblocks.cc 2023-12-14 13:49:09.000000000 +0100 @@ -260,7 +260,7 @@ } if (!d_beQuiet) { - warnlog("Inserting %sdynamic block for %s for %d seconds: %s", warning ? "(warning) " :"", requestor.toString(), rule.d_blockDuration, rule.d_blockReason); + warnlog("Inserting %s%sdynamic block for %s for %d seconds: %s", warning ? "(warning) " :"", bpf ? "eBPF " : "", requestor.toString(), rule.d_blockDuration, rule.d_blockReason); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist-dynblocks.hh new/dnsdist-1.8.3/dnsdist-dynblocks.hh --- old/dnsdist-1.8.1/dnsdist-dynblocks.hh 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/dnsdist-dynblocks.hh 2023-12-14 13:49:09.000000000 +0100 @@ -310,6 +310,16 @@ d_excludedSubnets.addMasks(group, false); } + void removeRange(const Netmask& range) + { + d_excludedSubnets.deleteMask(range); + } + + void removeRange(const NetmaskGroup& group) + { + d_excludedSubnets.deleteMasks(group); + } + void excludeDomain(const DNSName& domain) { d_excludedDomains.add(domain); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist-lua-bindings.cc new/dnsdist-1.8.3/dnsdist-lua-bindings.cc --- old/dnsdist-1.8.1/dnsdist-lua-bindings.cc 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/dnsdist-lua-bindings.cc 2023-12-14 13:49:09.000000000 +0100 @@ -192,10 +192,14 @@ return (bool)dh.cd; }); - luaCtx.registerFunction<uint16_t(dnsheader::*)()const>("getID", [](const dnsheader& dh) { + luaCtx.registerFunction<uint16_t(dnsheader::*)()const>("getID", [](const dnsheader& dh) { return ntohs(dh.id); }); + luaCtx.registerFunction<bool(dnsheader::*)()const>("getTC", [](const dnsheader& dh) { + return (bool)dh.tc; + }); + luaCtx.registerFunction<void(dnsheader::*)(bool)>("setTC", [](dnsheader& dh, bool v) { dh.tc=v; if(v) dh.ra = dh.rd; // you'll always need this, otherwise TC=1 gets ignored diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist-lua-inspection.cc new/dnsdist-1.8.3/dnsdist-lua-inspection.cc --- old/dnsdist-1.8.1/dnsdist-lua-inspection.cc 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/dnsdist-lua-inspection.cc 2023-12-14 13:49:09.000000000 +0100 @@ -250,7 +250,7 @@ #endif /* DISABLE_DEPRECATED_DYNBLOCK */ #endif /* DISABLE_DYNBLOCKS */ - +// NOLINTNEXTLINE(readability-function-cognitive-complexity): this function declares Lua bindings, even with a good refactoring it will likely blow up the threshold void setupLuaInspection(LuaContext& luaCtx) { #ifndef DISABLE_TOP_N_BINDINGS @@ -879,6 +879,19 @@ group->includeRange(Netmask(*boost::get<std::string>(&ranges))); } }); + luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(boost::variant<std::string, LuaArray<std::string>, NetmaskGroup>)>("removeRange", [](std::shared_ptr<DynBlockRulesGroup>& group, boost::variant<std::string, LuaArray<std::string>, NetmaskGroup> ranges) { + if (ranges.type() == typeid(LuaArray<std::string>)) { + for (const auto& range : *boost::get<LuaArray<std::string>>(&ranges)) { + group->removeRange(Netmask(range.second)); + } + } + else if (ranges.type() == typeid(NetmaskGroup)) { + group->removeRange(*boost::get<NetmaskGroup>(&ranges)); + } + else { + group->removeRange(Netmask(*boost::get<std::string>(&ranges))); + } + }); luaCtx.registerFunction<void(std::shared_ptr<DynBlockRulesGroup>::*)(LuaTypeOrArrayOf<std::string>)>("excludeDomains", [](std::shared_ptr<DynBlockRulesGroup>& group, LuaTypeOrArrayOf<std::string> domains) { if (domains.type() == typeid(LuaArray<std::string>)) { for (const auto& range : *boost::get<LuaArray<std::string>>(&domains)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist-lua-rules.cc new/dnsdist-1.8.3/dnsdist-lua-rules.cc --- old/dnsdist-1.8.1/dnsdist-lua-rules.cc 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/dnsdist-lua-rules.cc 2023-12-14 13:49:09.000000000 +0100 @@ -130,23 +130,27 @@ if (auto str = boost::get<std::string>(&id)) { try { const auto uuid = getUniqueID(*str); - if (rules.erase(std::remove_if(rules.begin(), + auto removeIt = std::remove_if(rules.begin(), rules.end(), - [uuid](const T& a) { return a.d_id == uuid; }), - rules.end()) == rules.end()) { + [&uuid](const T& rule) { return rule.d_id == uuid; }); + if (removeIt == rules.end()) { g_outputBuffer = "Error: no rule matched\n"; return; } + rules.erase(removeIt, + rules.end()); } catch (const std::runtime_error& e) { /* it was not an UUID, let's see if it was a name instead */ - if (rules.erase(std::remove_if(rules.begin(), + auto removeIt = std::remove_if(rules.begin(), rules.end(), - [&str](const T& a) { return a.d_name == *str; }), - rules.end()) == rules.end()) { + [&str](const T& rule) { return rule.d_name == *str; }); + if (removeIt == rules.end()) { g_outputBuffer = "Error: no rule matched\n"; return; } + rules.erase(removeIt, + rules.end()); } } else if (auto pos = boost::get<unsigned int>(&id)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist-lua.cc new/dnsdist-1.8.3/dnsdist-lua.cc --- old/dnsdist-1.8.1/dnsdist-lua.cc 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/dnsdist-lua.cc 2023-12-14 13:49:09.000000000 +0100 @@ -1399,15 +1399,15 @@ auto slow = g_dynblockNMG.getCopy(); struct timespec now; gettime(&now); - boost::format fmt("%-24s %8d %8d %-10s %-20s %s\n"); - g_outputBuffer = (fmt % "What" % "Seconds" % "Blocks" % "Warning" % "Action" % "Reason").str(); + boost::format fmt("%-24s %8d %8d %-10s %-20s %-10s %s\n"); + g_outputBuffer = (fmt % "What" % "Seconds" % "Blocks" % "Warning" % "Action" % "eBPF" % "Reason").str(); for (const auto& e : slow) { if (now < e.second.until) { uint64_t counter = e.second.blocks; if (g_defaultBPFFilter && e.second.bpf) { counter += g_defaultBPFFilter->getHits(e.first.getNetwork()); } - g_outputBuffer += (fmt % e.first.toString() % (e.second.until.tv_sec - now.tv_sec) % counter % (e.second.warning ? "true" : "false") % DNSAction::typeToString(e.second.action != DNSAction::Action::None ? e.second.action : g_dynBlockAction) % e.second.reason).str(); + g_outputBuffer += (fmt % e.first.toString() % (e.second.until.tv_sec - now.tv_sec) % counter % (e.second.warning ? "true" : "false") % DNSAction::typeToString(e.second.action != DNSAction::Action::None ? e.second.action : g_dynBlockAction) % (g_defaultBPFFilter && e.second.bpf ? "*" : "") % e.second.reason).str(); } } auto slow2 = g_dynblockSMT.getCopy(); @@ -1416,7 +1416,7 @@ string dom("empty"); if (!node.d_value.domain.empty()) dom = node.d_value.domain.toString(); - g_outputBuffer += (fmt % dom % (node.d_value.until.tv_sec - now.tv_sec) % node.d_value.blocks % (node.d_value.warning ? "true" : "false") % DNSAction::typeToString(node.d_value.action != DNSAction::Action::None ? node.d_value.action : g_dynBlockAction) % node.d_value.reason).str(); + g_outputBuffer += (fmt % dom % (node.d_value.until.tv_sec - now.tv_sec) % node.d_value.blocks % (node.d_value.warning ? "true" : "false") % DNSAction::typeToString(node.d_value.action != DNSAction::Action::None ? node.d_value.action : g_dynBlockAction) % "" % node.d_value.reason).str(); } }); }); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist-web.cc new/dnsdist-1.8.3/dnsdist-web.cc --- old/dnsdist-1.8.1/dnsdist-web.cc 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/dnsdist-web.cc 2023-12-14 13:49:09.000000000 +0100 @@ -946,33 +946,42 @@ auto nmg = g_dynblockNMG.getLocal(); struct timespec now; gettime(&now); - for (const auto& e: *nmg) { - if(now < e.second.until ) { - Json::object thing{ - {"reason", e.second.reason}, - {"seconds", (double)(e.second.until.tv_sec - now.tv_sec)}, - {"blocks", (double)e.second.blocks}, - {"action", DNSAction::typeToString(e.second.action != DNSAction::Action::None ? e.second.action : g_dynBlockAction) }, - {"warning", e.second.warning } - }; - obj.emplace(e.first.toString(), thing); + for (const auto& entry: *nmg) { + if (!(now < entry.second.until)) { + continue; + } + uint64_t counter = entry.second.blocks; + if (entry.second.bpf && g_defaultBPFFilter) { + counter += g_defaultBPFFilter->getHits(entry.first.getNetwork()); } + Json::object thing{ + {"reason", entry.second.reason}, + {"seconds", static_cast<double>(entry.second.until.tv_sec - now.tv_sec)}, + {"blocks", static_cast<double>(counter)}, + {"action", DNSAction::typeToString(entry.second.action != DNSAction::Action::None ? entry.second.action : g_dynBlockAction)}, + {"warning", entry.second.warning}, + {"ebpf", entry.second.bpf} + }; + obj.emplace(entry.first.toString(), thing); } auto smt = g_dynblockSMT.getLocal(); smt->visit([&now,&obj](const SuffixMatchTree<DynBlock>& node) { - if(now <node.d_value.until) { - string dom("empty"); - if(!node.d_value.domain.empty()) - dom = node.d_value.domain.toString(); - Json::object thing{ - {"reason", node.d_value.reason}, - {"seconds", (double)(node.d_value.until.tv_sec - now.tv_sec)}, - {"blocks", (double)node.d_value.blocks}, - {"action", DNSAction::typeToString(node.d_value.action != DNSAction::Action::None ? node.d_value.action : g_dynBlockAction) } - }; - obj.emplace(dom, thing); + if (!(now < node.d_value.until)) { + return; } + string dom("empty"); + if (!node.d_value.domain.empty()) { + dom = node.d_value.domain.toString(); + } + Json::object thing{ + {"reason", node.d_value.reason}, + {"seconds", static_cast<double>(node.d_value.until.tv_sec - now.tv_sec)}, + {"blocks", static_cast<double>(node.d_value.blocks)}, + {"action", DNSAction::typeToString(node.d_value.action != DNSAction::Action::None ? node.d_value.action : g_dynBlockAction)}, + {"ebpf", node.d_value.bpf} + }; + obj.emplace(dom, thing); }); #endif /* DISABLE_DYNBLOCKS */ Json my_json = obj; @@ -995,6 +1004,23 @@ obj.emplace(std::get<0>(entry).toString(), thing ); } } + if (g_defaultBPFFilter) { + auto nmg = g_dynblockNMG.getLocal(); + for (const auto& entry: *nmg) { + if (!(now < entry.second.until) || !entry.second.bpf) { + continue; + } + uint64_t counter = entry.second.blocks + g_defaultBPFFilter->getHits(entry.first.getNetwork()); + Json::object thing{ + {"reason", entry.second.reason}, + {"seconds", static_cast<double>(entry.second.until.tv_sec - now.tv_sec)}, + {"blocks", static_cast<double>(counter)}, + {"action", DNSAction::typeToString(entry.second.action != DNSAction::Action::None ? entry.second.action : g_dynBlockAction)}, + {"warning", entry.second.warning}, + }; + obj.emplace(entry.first.toString(), thing); + } + } #endif /* HAVE_EBPF */ Json my_json = obj; resp.body = my_json.dump(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist.1 new/dnsdist-1.8.3/dnsdist.1 --- old/dnsdist-1.8.1/dnsdist.1 2023-09-07 14:28:41.000000000 +0200 +++ new/dnsdist-1.8.3/dnsdist.1 2023-12-14 13:49:53.000000000 +0100 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "DNSDIST" "1" "Sep 07, 2023" "" "dnsdist" +.TH "DNSDIST" "1" "Dec 14, 2023" "" "dnsdist" .SH NAME dnsdist \- A DNS and DoS aware, scriptable loadbalancer .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/dnsdist.cc new/dnsdist-1.8.3/dnsdist.cc --- old/dnsdist-1.8.1/dnsdist.cc 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/dnsdist.cc 2023-12-14 13:49:09.000000000 +0100 @@ -717,7 +717,8 @@ auto localRespRuleActions = g_respruleactions.getLocal(); auto localCacheInsertedRespRuleActions = g_cacheInsertedRespRuleActions.getLocal(); const size_t initialBufferSize = getInitialUDPPacketBufferSize(); - PacketBuffer response(initialBufferSize); + /* allocate one more byte so we can detect truncation */ + PacketBuffer response(initialBufferSize + 1); uint16_t queryId = 0; std::vector<int> sockets; sockets.reserve(dss->sockets.size()); @@ -746,14 +747,16 @@ } for (const auto& fd : sockets) { - response.resize(initialBufferSize); + /* allocate one more byte so we can detect truncation */ + // NOLINTNEXTLINE(bugprone-use-after-move): resizing a vector has no preconditions so it is valid to do so after moving it + response.resize(initialBufferSize + 1); ssize_t got = recv(fd, response.data(), response.size(), 0); if (got == 0 && dss->isStopped()) { break; } - if (got < 0 || static_cast<size_t>(got) < sizeof(dnsheader)) { + if (got < 0 || static_cast<size_t>(got) < sizeof(dnsheader) || static_cast<size_t>(got) == (initialBufferSize + 1)) { continue; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/ext/json11/json11.cpp new/dnsdist-1.8.3/ext/json11/json11.cpp --- old/dnsdist-1.8.1/ext/json11/json11.cpp 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/ext/json11/json11.cpp 2023-12-14 13:49:09.000000000 +0100 @@ -93,10 +93,18 @@ out += "\\r"; } else if (ch == '\t') { out += "\\t"; - } else if (static_cast<uint8_t>(ch) <= 0x1f || static_cast<uint8_t>(ch) >= 0x7f) { + } else if (static_cast<uint8_t>(ch) <= 0x1f) { char buf[8]; snprintf(buf, sizeof buf, "\\u%04x", ch); out += buf; + } else if (static_cast<uint8_t>(ch) == 0xe2 && static_cast<uint8_t>(value[i+1]) == 0x80 + && static_cast<uint8_t>(value[i+2]) == 0xa8) { + out += "\\u2028"; + i += 2; + } else if (static_cast<uint8_t>(ch) == 0xe2 && static_cast<uint8_t>(value[i+1]) == 0x80 + && static_cast<uint8_t>(value[i+2]) == 0xa9) { + out += "\\u2029"; + i += 2; } else { out += ch; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/html/local.js new/dnsdist-1.8.3/html/local.js --- old/dnsdist-1.8.1/html/local.js 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/html/local.js 2023-12-14 13:49:10.000000000 +0100 @@ -237,10 +237,10 @@ $.ajax({ url: 'jsonstat?command=dynblocklist', type: 'GET', dataType: 'json', jsonp: false, success: function(data) { - var bouw='<table width="100%"><tr align=left><th>Dyn blocked netmask</th><th>Seconds</th><th>Blocks</th><th align=left>Reason</th></tr>'; + var bouw='<table width="100%"><tr align=left><th>Dyn blocked netmask</th><th>Seconds</th><th>Blocks</th><th>eBPF</th><th align=left>Reason</th></tr>'; var gotsome=false; $.each(data, function(a,b) { - bouw=bouw+("<tr><td>"+a+"</td><td>"+b.seconds+"</td><td>"+b.blocks+"</td><td>"+b.reason+"</td></tr>"); + bouw=bouw+("<tr><td>"+a+"</td><td>"+b.seconds+"</td><td>"+b.blocks+"</td><td>"+b.ebpf+"</td><td>"+b.reason+"</td></tr>"); gotsome=true; }); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/htmlfiles.h new/dnsdist-1.8.3/htmlfiles.h --- old/dnsdist-1.8.1/htmlfiles.h 2023-09-07 14:28:15.000000000 +0200 +++ new/dnsdist-1.8.3/htmlfiles.h 2023-12-14 13:49:32.000000000 +0100 @@ -25371,19 +25371,21 @@ 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x20, 0x6e, 0x65, 0x74, 0x6d, 0x61, 0x73, 0x6b, 0x3c, 0x2f, 0x74, 0x68, 0x3e, 0x3c, 0x74, 0x68, 0x3e, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x3c, 0x2f, 0x74, 0x68, 0x3e, 0x3c, 0x74, 0x68, 0x3e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x3c, 0x2f, 0x74, - 0x68, 0x3e, 0x3c, 0x74, 0x68, 0x20, 0x61, 0x6c, 0x69, 0x67, 0x6e, 0x3d, 0x6c, 0x65, 0x66, 0x74, - 0x3e, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x3c, 0x2f, 0x74, 0x68, 0x3e, 0x3c, 0x2f, 0x74, 0x72, - 0x3e, 0x27, 0x3b, 0x0a, 0x09, 0x09, 0x20, 0x20, 0x20, 0x20, 0x20, 0x76, 0x61, 0x72, 0x20, 0x67, - 0x6f, 0x74, 0x73, 0x6f, 0x6d, 0x65, 0x3d, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x3b, 0x0a, 0x20, 0x20, + 0x68, 0x3e, 0x3c, 0x74, 0x68, 0x3e, 0x65, 0x42, 0x50, 0x46, 0x3c, 0x2f, 0x74, 0x68, 0x3e, 0x3c, + 0x74, 0x68, 0x20, 0x61, 0x6c, 0x69, 0x67, 0x6e, 0x3d, 0x6c, 0x65, 0x66, 0x74, 0x3e, 0x52, 0x65, + 0x61, 0x73, 0x6f, 0x6e, 0x3c, 0x2f, 0x74, 0x68, 0x3e, 0x3c, 0x2f, 0x74, 0x72, 0x3e, 0x27, 0x3b, + 0x0a, 0x09, 0x09, 0x20, 0x20, 0x20, 0x20, 0x20, 0x76, 0x61, 0x72, 0x20, 0x67, 0x6f, 0x74, 0x73, + 0x6f, 0x6d, 0x65, 0x3d, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x3b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x24, 0x2e, 0x65, 0x61, 0x63, 0x68, 0x28, 0x64, 0x61, 0x74, 0x61, 0x2c, 0x20, - 0x66, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x28, 0x61, 0x2c, 0x62, 0x29, 0x20, 0x7b, 0x0a, + 0x24, 0x2e, 0x65, 0x61, 0x63, 0x68, 0x28, 0x64, 0x61, 0x74, 0x61, 0x2c, 0x20, 0x66, 0x75, 0x6e, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x28, 0x61, 0x2c, 0x62, 0x29, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6f, 0x75, 0x77, 0x3d, 0x62, 0x6f, - 0x75, 0x77, 0x2b, 0x28, 0x22, 0x3c, 0x74, 0x72, 0x3e, 0x3c, 0x74, 0x64, 0x3e, 0x22, 0x2b, 0x61, - 0x2b, 0x22, 0x3c, 0x2f, 0x74, 0x64, 0x3e, 0x3c, 0x74, 0x64, 0x3e, 0x22, 0x2b, 0x62, 0x2e, 0x73, - 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x2b, 0x22, 0x3c, 0x2f, 0x74, 0x64, 0x3e, 0x3c, 0x74, 0x64, - 0x3e, 0x22, 0x2b, 0x62, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x2b, 0x22, 0x3c, 0x2f, 0x74, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x6f, 0x75, 0x77, 0x3d, 0x62, 0x6f, 0x75, 0x77, 0x2b, + 0x28, 0x22, 0x3c, 0x74, 0x72, 0x3e, 0x3c, 0x74, 0x64, 0x3e, 0x22, 0x2b, 0x61, 0x2b, 0x22, 0x3c, + 0x2f, 0x74, 0x64, 0x3e, 0x3c, 0x74, 0x64, 0x3e, 0x22, 0x2b, 0x62, 0x2e, 0x73, 0x65, 0x63, 0x6f, + 0x6e, 0x64, 0x73, 0x2b, 0x22, 0x3c, 0x2f, 0x74, 0x64, 0x3e, 0x3c, 0x74, 0x64, 0x3e, 0x22, 0x2b, + 0x62, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x2b, 0x22, 0x3c, 0x2f, 0x74, 0x64, 0x3e, 0x3c, + 0x74, 0x64, 0x3e, 0x22, 0x2b, 0x62, 0x2e, 0x65, 0x62, 0x70, 0x66, 0x2b, 0x22, 0x3c, 0x2f, 0x74, 0x64, 0x3e, 0x3c, 0x74, 0x64, 0x3e, 0x22, 0x2b, 0x62, 0x2e, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x2b, 0x22, 0x3c, 0x2f, 0x74, 0x64, 0x3e, 0x3c, 0x2f, 0x74, 0x72, 0x3e, 0x22, 0x29, 0x3b, 0x0a, 0x09, 0x09, 0x09, 0x20, 0x67, 0x6f, 0x74, 0x73, 0x6f, 0x6d, 0x65, 0x3d, 0x74, 0x72, 0x75, 0x65, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/iputils.hh new/dnsdist-1.8.3/iputils.hh --- old/dnsdist-1.8.1/iputils.hh 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/iputils.hh 2023-12-14 13:49:10.000000000 +0100 @@ -1416,6 +1416,13 @@ tree.erase(nm); } + void deleteMasks(const NetmaskGroup& group) + { + for (const auto& entry : group.tree) { + deleteMask(entry.first); + } + } + void deleteMask(const std::string& ip) { if (!ip.empty()) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/test-dnsdistasync.cc new/dnsdist-1.8.3/test-dnsdistasync.cc --- old/dnsdist-1.8.1/test-dnsdistasync.cc 2023-09-07 14:27:45.000000000 +0200 +++ new/dnsdist-1.8.3/test-dnsdistasync.cc 2023-12-14 13:49:10.000000000 +0100 @@ -49,7 +49,7 @@ errorRaised = true; } - bool errorRaised{false}; + std::atomic<bool> errorRaised{false}; }; struct DummyCrossProtocolQuery : public CrossProtocolQuery @@ -131,7 +131,7 @@ usleep(20000); BOOST_CHECK(holder->empty()); - BOOST_CHECK(sender->errorRaised); + BOOST_CHECK(sender->errorRaised.load()); holder->stop(); } @@ -159,7 +159,7 @@ usleep(20000); BOOST_CHECK(holder->empty()); - BOOST_CHECK(sender->errorRaised); + BOOST_CHECK(sender->errorRaised.load()); holder->stop(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdist-1.8.1/test-dnsdistbackoff.cc new/dnsdist-1.8.3/test-dnsdistbackoff.cc --- old/dnsdist-1.8.1/test-dnsdistbackoff.cc 1970-01-01 01:00:00.000000000 +0100 +++ new/dnsdist-1.8.3/test-dnsdistbackoff.cc 2023-12-14 13:49:10.000000000 +0100 @@ -0,0 +1,58 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#define BOOST_TEST_DYN_LINK +#define BOOST_TEST_NO_MAIN + +#include <boost/test/unit_test.hpp> + +#include "dnsdist-backoff.hh" + +BOOST_AUTO_TEST_SUITE(dnsdistbackoff) + +BOOST_AUTO_TEST_CASE(test_ExponentialBackOffTimer) +{ + const unsigned int maxBackOff = 10 * 60; + const ExponentialBackOffTimer ebot(maxBackOff); + const std::vector<std::pair<size_t, unsigned int>> testVector{ + {0U, 1U}, + {1U, 2U}, + {2U, 4U}, + {3U, 8U}, + {4U, 16U}, + {5U, 32U}, + {6U, 64U}, + {7U, 128U}, + {8U, 256U}, + {9U, 512U}, + {10U, maxBackOff}}; + for (const auto& entry : testVector) { + BOOST_CHECK_EQUAL(ebot.get(entry.first), entry.second); + } + + /* the behaviour is identical after 32 but let's go to 1024 to be safe */ + for (size_t consecutiveFailures = testVector.size(); consecutiveFailures < 1024; consecutiveFailures++) { + BOOST_CHECK_EQUAL(ebot.get(consecutiveFailures), maxBackOff); + } +} + +BOOST_AUTO_TEST_SUITE_END()
