diff --git a/contrib/bind9/CHANGES b/contrib/bind9/CHANGES index 43d2bd7af22d..a8d3857a8c96 100644 --- a/contrib/bind9/CHANGES +++ b/contrib/bind9/CHANGES @@ -1,3 +1,47 @@ + --- 9.4.2-P2 released --- + +2406. [bug] Some operating systems have FD_SETSIZE set to a + low value by default, which can cause resource + exhaustion when many simultaneous connections are + open. Linux in particular makes it difficult to + increase this value. To use more sockets with + select(), set ISC_SOCKET_FDSETSIZE. Example: + STD_CDEFINES="-DISC_SOCKET_FDSETSIZE=4096" ./configure + (This should not be necessary in most cases, and + never for an authoritative-only server.) [RT #18328] + +2404. [port] hpux: files unlimited support. + +2403. [bug] TSIG context leak. [RT #18341] + +2402. [port] Support Solaris 2.11 and over. [RT #18362] + +2401. [bug] Expect to get E[MN]FILE errno internal_accept() + (from accept() or fcntl() system calls). [RT #18358] + +2399. [bug] Abort timeout queries to reduce the number of open + UDP sockets. [RT #18367] + +2398. [bug] Improve file descriptor management. New, + temporary, named.conf option reserved-sockets, + default 512. [RT #18344] + +2396. [bug] Don't set SO_REUSEADDR for randomized ports. + [RT #18336] + +2395. [port] Avoid warning and no effect from "files unlimited" + on Linux when running as root. [RT #18335] + +2394. [bug] Default configuration options set the limit for + open files to 'unlimited' as described in the + documentation. [RT #18331] + +2392. [bug] remove 'grep -q' from acl test script, some platforms + don't support it. [RT #18253] + +2322. [port] MacOS: work around the limitation of setrlimit() + for RLIMIT_NOFILE. [RT #17526] + --- 9.4.2-P1 released --- 2375. [security] Fully randomize UDP query ports to improve @@ -33,7 +77,7 @@ [RT #17113] 2249. [bug] Only set Authentic Data bit if client requested - DNSSEC, per RFC 3655 [RT #17175] + DNSSEC, per RFC 3655 [RT #17175] 2248. [cleanup] Fix several errors reported by Coverity. [RT #17160] diff --git a/contrib/bind9/COPYRIGHT b/contrib/bind9/COPYRIGHT index 48141e718230..2eaecb296f7d 100644 --- a/contrib/bind9/COPYRIGHT +++ b/contrib/bind9/COPYRIGHT @@ -1,4 +1,4 @@ -Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -$Id: COPYRIGHT,v 1.9.18.4 2007/08/28 07:19:54 tbox Exp $ +$Id: COPYRIGHT,v 1.9.18.4.10.1 2008/07/23 07:28:54 tbox Exp $ Portions Copyright (C) 1996-2001 Nominum, Inc. diff --git a/contrib/bind9/bin/dig/dighost.c b/contrib/bind9/bin/dig/dighost.c index 6e7c16be108a..9e7e79659a69 100644 --- a/contrib/bind9/bin/dig/dighost.c +++ b/contrib/bind9/bin/dig/dighost.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.259.18.43 2007/08/28 07:19:55 tbox Exp $ */ +/* $Id: dighost.c,v 1.259.18.43.10.3 2008/07/23 23:16:43 marka Exp $ */ /*! \file * \note @@ -2217,14 +2217,15 @@ send_tcp_connect(dig_query_t *query) { sockcount++; debug("sockcount=%d", sockcount); if (specified_source) - result = isc_socket_bind(query->sock, &bind_address); + result = isc_socket_bind(query->sock, &bind_address, + ISC_SOCKET_REUSEADDRESS); else { if ((isc_sockaddr_pf(&query->sockaddr) == AF_INET) && have_ipv4) isc_sockaddr_any(&bind_any); else isc_sockaddr_any6(&bind_any); - result = isc_socket_bind(query->sock, &bind_any); + result = isc_socket_bind(query->sock, &bind_any, 0); } check_result(result, "isc_socket_bind"); bringup_timer(query, TCP_TIMEOUT); @@ -2271,11 +2272,12 @@ send_udp(dig_query_t *query) { sockcount++; debug("sockcount=%d", sockcount); if (specified_source) { - result = isc_socket_bind(query->sock, &bind_address); + result = isc_socket_bind(query->sock, &bind_address, + ISC_SOCKET_REUSEADDRESS); } else { isc_sockaddr_anyofpf(&bind_any, isc_sockaddr_pf(&query->sockaddr)); - result = isc_socket_bind(query->sock, &bind_any); + result = isc_socket_bind(query->sock, &bind_any, 0); } check_result(result, "isc_socket_bind"); diff --git a/contrib/bind9/bin/named/client.c b/contrib/bind9/bin/named/client.c index 87dbdb859ce2..3b87d2648c0e 100644 --- a/contrib/bind9/bin/named/client.c +++ b/contrib/bind9/bin/named/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.219.18.28.10.1 2008/05/22 21:28:04 each Exp $ */ +/* $Id: client.c,v 1.219.18.28.10.2 2008/07/23 07:28:54 tbox Exp $ */ #include diff --git a/contrib/bind9/bin/named/config.c b/contrib/bind9/bin/named/config.c index e2dc833f9f6f..632960c15c37 100644 --- a/contrib/bind9/bin/named/config.c +++ b/contrib/bind9/bin/named/config.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.47.18.32 2007/09/13 05:04:01 each Exp $ */ +/* $Id: config.c,v 1.47.18.32.10.3 2008/07/23 23:48:17 tbox Exp $ */ /*! \file */ @@ -52,7 +52,7 @@ options {\n\ #ifndef WIN32 " coresize default;\n\ datasize default;\n\ - files default;\n\ + files unlimited;\n\ stacksize default;\n" #endif " deallocate-on-exit true;\n\ @@ -99,6 +99,7 @@ options {\n\ use-ixfr true;\n\ edns-udp-size 4096;\n\ max-udp-size 4096;\n\ + reserved-sockets 512;\n\ \n\ /* view */\n\ allow-notify {none;};\n\ diff --git a/contrib/bind9/bin/named/controlconf.c b/contrib/bind9/bin/named/controlconf.c index 3e364469e6d3..f0703cb06505 100644 --- a/contrib/bind9/bin/named/controlconf.c +++ b/contrib/bind9/bin/named/controlconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.40.18.10 2006/12/07 04:53:02 marka Exp $ */ +/* $Id: controlconf.c,v 1.40.18.10.40.3 2008/07/23 23:16:43 marka Exp $ */ /*! \file */ @@ -1151,8 +1151,8 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp, type, &listener->sock); if (result == ISC_R_SUCCESS) - result = isc_socket_bind(listener->sock, - &listener->address); + result = isc_socket_bind(listener->sock, &listener->address, + ISC_SOCKET_REUSEADDRESS); if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) { listener->perm = cfg_obj_asuint32(cfg_tuple_get(control, diff --git a/contrib/bind9/bin/named/interfacemgr.c b/contrib/bind9/bin/named/interfacemgr.c index db410310147c..2a82c9874764 100644 --- a/contrib/bind9/bin/named/interfacemgr.c +++ b/contrib/bind9/bin/named/interfacemgr.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.c,v 1.76.18.8 2006/07/20 01:10:30 marka Exp $ */ +/* $Id: interfacemgr.c,v 1.76.18.8.44.3 2008/07/23 23:16:43 marka Exp $ */ /*! \file */ @@ -307,7 +307,8 @@ ns_interface_accepttcp(ns_interface_t *ifp) { #ifndef ISC_ALLOW_MAPPED isc_socket_ipv6only(ifp->tcpsocket, ISC_TRUE); #endif - result = isc_socket_bind(ifp->tcpsocket, &ifp->addr); + result = isc_socket_bind(ifp->tcpsocket, &ifp->addr, + ISC_SOCKET_REUSEADDRESS); if (result != ISC_R_SUCCESS) { isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR, "binding TCP socket: %s", diff --git a/contrib/bind9/bin/named/lwresd.c b/contrib/bind9/bin/named/lwresd.c index a1073fa4bbf4..1f7184e72dcc 100644 --- a/contrib/bind9/bin/named/lwresd.c +++ b/contrib/bind9/bin/named/lwresd.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresd.c,v 1.46.18.7 2006/03/02 00:37:21 marka Exp $ */ +/* $Id: lwresd.c,v 1.46.18.7.52.3 2008/07/23 23:16:43 marka Exp $ */ /*! \file * \brief @@ -576,7 +576,8 @@ listener_bind(ns_lwreslistener_t *listener, isc_sockaddr_t *address) { return (result); } - result = isc_socket_bind(sock, &listener->address); + result = isc_socket_bind(sock, &listener->address, + ISC_SOCKET_REUSEADDRESS); if (result != ISC_R_SUCCESS) { char socktext[ISC_SOCKADDR_FORMATSIZE]; isc_sockaddr_format(&listener->address, socktext, diff --git a/contrib/bind9/bin/named/named.conf.docbook b/contrib/bind9/bin/named/named.conf.docbook index e4cfcc7fef01..8635f9754fd6 100644 --- a/contrib/bind9/bin/named/named.conf.docbook +++ b/contrib/bind9/bin/named/named.conf.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []> - + Aug 13, 2004 @@ -40,6 +40,7 @@ 2005 2006 2007 + 2008 Internet Systems Consortium, Inc. ("ISC") @@ -201,6 +202,7 @@ options { port integer; querylog boolean; recursing-file quoted_string; + reserved-sockets integer; random-device quoted_string; recursive-clients integer; serial-query-rate integer; diff --git a/contrib/bind9/bin/named/server.c b/contrib/bind9/bin/named/server.c index 8e0c66cca4d9..79bd125c5498 100644 --- a/contrib/bind9/bin/named/server.c +++ b/contrib/bind9/bin/named/server.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.419.18.57.10.1 2008/05/22 21:28:04 each Exp $ */ +/* $Id: server.c,v 1.419.18.57.10.3 2008/07/23 12:04:32 marka Exp $ */ /*! \file */ @@ -2696,27 +2696,29 @@ static isc_result_t load_configuration(const char *filename, ns_server_t *server, isc_boolean_t first_time) { - isc_result_t result; - isc_interval_t interval; - cfg_parser_t *parser = NULL; + cfg_aclconfctx_t aclconfctx; cfg_obj_t *config; - const cfg_obj_t *options; - const cfg_obj_t *views; - const cfg_obj_t *obj; - const cfg_obj_t *v4ports, *v6ports; - const cfg_obj_t *maps[3]; - const cfg_obj_t *builtin_views; + cfg_parser_t *parser = NULL; const cfg_listelt_t *element; + const cfg_obj_t *builtin_views; + const cfg_obj_t *maps[3]; + const cfg_obj_t *obj; + const cfg_obj_t *options; + const cfg_obj_t *v4ports, *v6ports; + const cfg_obj_t *views; dns_view_t *view = NULL; dns_view_t *view_next; - dns_viewlist_t viewlist; dns_viewlist_t tmpviewlist; - cfg_aclconfctx_t aclconfctx; - isc_uint32_t interface_interval; - isc_uint32_t heartbeat_interval; - isc_uint32_t udpsize; + dns_viewlist_t viewlist; in_port_t listen_port; int i; + isc_interval_t interval; + isc_resourcevalue_t files; + isc_result_t result; + isc_uint32_t heartbeat_interval; + isc_uint32_t interface_interval; + isc_uint32_t reserved; + isc_uint32_t udpsize; cfg_aclconfctx_init(&aclconfctx); ISC_LIST_INIT(viewlist); @@ -2796,6 +2798,43 @@ load_configuration(const char *filename, ns_server_t *server, */ set_limits(maps); + /* + * Sanity check on "files" limit. + */ + result = isc_resource_curlimit(isc_resource_openfiles, &files); + if (result == ISC_R_SUCCESS && files < FD_SETSIZE) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_WARNING, + "the 'files' limit (%" ISC_PRINT_QUADFORMAT "u) " + "is less than FD_SETSIZE (%d), increase " + "'files' in named.conf or recompile with a " + "smaller FD_SETSIZE.", files, FD_SETSIZE); + if (files > FD_SETSIZE) + files = FD_SETSIZE; + } else + files = FD_SETSIZE; + + /* + * Set the number of socket reserved for TCP, stdio etc. + */ + obj = NULL; + result = ns_config_get(maps, "reserved-sockets", &obj); + INSIST(result == ISC_R_SUCCESS); + reserved = cfg_obj_asuint32(obj); + if (files < 128U) /* Prevent underflow. */ + reserved = 0; + else if (reserved > files - 128U) /* Mimimum UDP space. */ + reserved = files - 128; + if (reserved < 128U) /* Mimimum TCP/stdio space. */ + reserved = 128; + if (reserved + 128U > files) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_WARNING, + "less than 128 UDP sockets available after " + "applying 'reserved-sockets' and 'files'"); + } + isc__socketmgr_setreserved(ns_g_socketmgr, reserved); + /* * Configure various server options. */ diff --git a/contrib/bind9/bin/rndc/rndc.c b/contrib/bind9/bin/rndc/rndc.c index 8fd0d8e1e2c0..b916aea88bd0 100644 --- a/contrib/bind9/bin/rndc/rndc.c +++ b/contrib/bind9/bin/rndc/rndc.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.c,v 1.96.18.17 2006/08/04 03:03:41 marka Exp $ */ +/* $Id: rndc.c,v 1.96.18.17.42.3 2008/07/23 23:16:43 marka Exp $ */ /*! \file */ @@ -400,10 +400,10 @@ rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) { DO("create socket", isc_socket_create(socketmgr, pf, type, &sock)); switch (isc_sockaddr_pf(addr)) { case AF_INET: - DO("bind socket", isc_socket_bind(sock, &local4)); + DO("bind socket", isc_socket_bind(sock, &local4, 0)); break; case AF_INET6: - DO("bind socket", isc_socket_bind(sock, &local6)); + DO("bind socket", isc_socket_bind(sock, &local6, 0)); break; default: break; diff --git a/contrib/bind9/configure.in b/contrib/bind9/configure.in index b9280a30a5c4..fb2f2e2aac3a 100644 --- a/contrib/bind9/configure.in +++ b/contrib/bind9/configure.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl esyscmd([sed "s/^/# /" COPYRIGHT])dnl AC_DIVERT_POP()dnl -AC_REVISION($Revision: 1.355.18.71 $) +AC_REVISION($Revision: 1.355.18.71.8.2 $) AC_INIT(lib/dns/name.c) AC_PREREQ(2.59) @@ -1839,7 +1839,7 @@ case "$host" in [*-solaris2.[89]]) hack_shutup_pthreadonceinit=yes ;; - *-solaris2.10) + *-solaris2.1[0-9]) hack_shutup_pthreadonceinit=yes ;; esac diff --git a/contrib/bind9/doc/arm/Bv9ARM-book.xml b/contrib/bind9/doc/arm/Bv9ARM-book.xml index a3f61c7c9f3e..24642c13c2b7 100644 --- a/contrib/bind9/doc/arm/Bv9ARM-book.xml +++ b/contrib/bind9/doc/arm/Bv9ARM-book.xml @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []> - + BIND 9 Administrator Reference Manual @@ -28,6 +28,7 @@ 2005 2006 2007 + 2008 Internet Systems Consortium, Inc. ("ISC") @@ -4441,6 +4442,7 @@ category notify { null; }; max-transfer-idle-in number; max-transfer-idle-out number; tcp-clients number; + reserved-sockets number; recursive-clients number; serial-query-rate number; serial-queries number; @@ -6605,6 +6607,23 @@ query-source-v6 address * port *; + + reserved-sockets + + + The number of file descriptors reserved for TCP, stdio, + etc. This needs to be big enough to cover the number of + interfaces named listens on, tcp-clients as well as + to provide room for outgoing TCP queries and incoming zone + transfers. The default is 512. + The minimum value is 128 and the + maximum value is 128 less than + 'files' or FD_SETSIZE (whichever is smaller). This + option may be removed in the future. + + + + max-cache-size diff --git a/contrib/bind9/lib/bind/configure.in b/contrib/bind9/lib/bind/configure.in index 82bea7821008..6e98c5c0fddf 100644 --- a/contrib/bind9/lib/bind/configure.in +++ b/contrib/bind9/lib/bind/configure.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001, 2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -AC_REVISION($Revision: 1.90.18.34 $) +AC_REVISION($Revision: 1.90.18.34.10.2 $) AC_INIT(resolv/herror.c) AC_PREREQ(2.13) @@ -2590,7 +2590,7 @@ case "$host" in *-solaris2.9) hack_shutup_in6addr_init_macros=yes ;; - *-solaris2.10) + *-solaris2.1[0-9]) hack_shutup_in6addr_init_macros=yes ;; esac diff --git a/contrib/bind9/lib/bind9/check.c b/contrib/bind9/lib/bind9/check.c index 01d67b79463b..6cfdc93c6141 100644 --- a/contrib/bind9/lib/bind9/check.c +++ b/contrib/bind9/lib/bind9/check.c @@ -1015,10 +1015,10 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, isc_buffer_add(&b, strlen(zname)); tresult = dns_name_fromtext(dns_fixedname_name(&fixedname), &b, dns_rootname, ISC_TRUE, NULL); - if (tresult != ISC_R_SUCCESS) { + if (result != ISC_R_SUCCESS) { cfg_obj_log(zconfig, logctx, ISC_LOG_ERROR, "zone '%s': is not a valid name", zname); - result = ISC_R_FAILURE; + tresult = ISC_R_FAILURE; } else { char namebuf[DNS_NAME_FORMATSIZE]; diff --git a/contrib/bind9/lib/dns/api b/contrib/bind9/lib/dns/api index f40dfe0239bf..7ad55061cc58 100644 --- a/contrib/bind9/lib/dns/api +++ b/contrib/bind9/lib/dns/api @@ -1,3 +1,3 @@ LIBINTERFACE = 35 -LIBREVISION = 0 +LIBREVISION = 1 LIBAGE = 0 diff --git a/contrib/bind9/lib/dns/dispatch.c b/contrib/bind9/lib/dns/dispatch.c index 4da89ca20b2f..617fde8a2dad 100644 --- a/contrib/bind9/lib/dns/dispatch.c +++ b/contrib/bind9/lib/dns/dispatch.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dispatch.c,v 1.116.18.19.12.1 2008/05/22 21:28:06 each Exp $ */ +/* $Id: dispatch.c,v 1.116.18.19.12.5 2008/07/23 23:16:43 marka Exp $ */ /*! \file */ @@ -276,7 +276,26 @@ request_log(dns_dispatch_t *disp, dns_dispentry_t *resp, } /* - * ARC4 random number generator obtained from OpenBSD + * ARC4 random number generator derived from OpenBSD. + * Only dispatch_arc4random() and dispatch_arc4uniformrandom() are expected + * to be called from general dispatch routines; the rest of them are subroutines + * for these two. + * + * The original copyright follows: + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ static void dispatch_arc4init(arc4ctx_t *actx) { @@ -1172,7 +1191,7 @@ destroy_mgr(dns_dispatchmgr_t **mgrp) { static isc_result_t create_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local, - isc_socket_t **sockp) + unsigned int options, isc_socket_t **sockp) { isc_socket_t *sock; isc_result_t result; @@ -1186,7 +1205,7 @@ create_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local, #ifndef ISC_ALLOW_MAPPED isc_socket_ipv6only(sock, ISC_TRUE); #endif - result = isc_socket_bind(sock, local); + result = isc_socket_bind(sock, local, options); if (result != ISC_R_SUCCESS) { isc_socket_detach(&sock); return (result); @@ -1917,7 +1936,7 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, attributes &= ~DNS_DISPATCHATTR_RANDOMPORT; goto getsocket; } - result = create_socket(sockmgr, &localaddr_bound, &sock); + result = create_socket(sockmgr, &localaddr_bound, 0, &sock); if (result == ISC_R_ADDRINUSE) { if (++k == 1024) attributes &= ~DNS_DISPATCHATTR_RANDOMPORT; @@ -1925,7 +1944,8 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, } localport = prt; } else - result = create_socket(sockmgr, localaddr, &sock); + result = create_socket(sockmgr, localaddr, + ISC_SOCKET_REUSEADDRESS, &sock); if (result != ISC_R_SUCCESS) goto deallocate_dispatch; if ((attributes & DNS_DISPATCHATTR_RANDOMPORT) == 0 && diff --git a/contrib/bind9/lib/dns/include/dns/dispatch.h b/contrib/bind9/lib/dns/include/dns/dispatch.h index ec3253c9a6c3..914993bf9e8a 100644 --- a/contrib/bind9/lib/dns/include/dns/dispatch.h +++ b/contrib/bind9/lib/dns/include/dns/dispatch.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dispatch.h,v 1.48.18.5.12.1 2008/05/22 21:28:06 each Exp $ */ +/* $Id: dispatch.h,v 1.48.18.5.12.2 2008/07/23 07:28:56 tbox Exp $ */ #ifndef DNS_DISPATCH_H #define DNS_DISPATCH_H 1 diff --git a/contrib/bind9/lib/dns/request.c b/contrib/bind9/lib/dns/request.c index be8f93d6b843..c0348fe94f8f 100644 --- a/contrib/bind9/lib/dns/request.c +++ b/contrib/bind9/lib/dns/request.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: request.c,v 1.72.18.5 2006/08/21 00:40:53 marka Exp $ */ +/* $Id: request.c,v 1.72.18.5.42.2 2008/07/23 07:28:56 tbox Exp $ */ /*! \file */ @@ -518,11 +518,11 @@ create_tcp_dispatch(dns_requestmgr_t *requestmgr, isc_sockaddr_t *srcaddr, if (srcaddr == NULL) { isc_sockaddr_anyofpf(&bind_any, isc_sockaddr_pf(destaddr)); - result = isc_socket_bind(socket, &bind_any); + result = isc_socket_bind(socket, &bind_any, 0); } else { src = *srcaddr; isc_sockaddr_setport(&src, 0); - result = isc_socket_bind(socket, &src); + result = isc_socket_bind(socket, &src, 0); } if (result != ISC_R_SUCCESS) goto cleanup; diff --git a/contrib/bind9/lib/dns/resolver.c b/contrib/bind9/lib/dns/resolver.c index 03f4a94c2568..cdf5788d7a3b 100644 --- a/contrib/bind9/lib/dns/resolver.c +++ b/contrib/bind9/lib/dns/resolver.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.284.18.66.8.1 2008/05/22 21:28:06 each Exp $ */ +/* $Id: resolver.c,v 1.284.18.66.8.4 2008/07/24 05:00:48 jinmei Exp $ */ /*! \file */ @@ -1123,7 +1123,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, goto cleanup_query; #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT - result = isc_socket_bind(query->tcpsocket, &addr); + result = isc_socket_bind(query->tcpsocket, &addr, 0); if (result != ISC_R_SUCCESS) goto cleanup_socket; #endif @@ -2689,6 +2689,8 @@ fctx_destroy(fetchctx_t *fctx) { static void fctx_timeout(isc_task_t *task, isc_event_t *event) { fetchctx_t *fctx = event->ev_arg; + isc_timerevent_t *tevent = (isc_timerevent_t *)event; + resquery_t *query; REQUIRE(VALID_FCTX(fctx)); @@ -2704,8 +2706,18 @@ fctx_timeout(isc_task_t *task, isc_event_t *event) { fctx->timeouts++; /* * We could cancel the running queries here, or we could let - * them keep going. Right now we choose the latter... + * them keep going. Since we normally use separate sockets for + * different queries, we adopt the former approach to reduce + * the number of open sockets: cancel the oldest query if it + * expired after the query had started (this is usually the + * case but is not always so, depending on the task schedule + * timing). */ + query = ISC_LIST_HEAD(fctx->queries); + if (query != NULL && + isc_time_compare(&tevent->due, &query->start) >= 0) { + fctx_cancelquery(&query, NULL, NULL, ISC_TRUE); + } fctx->attributes &= ~FCTX_ATTR_ADDRWAIT; /* * Our timer has triggered. Reestablish the fctx lifetime diff --git a/contrib/bind9/lib/dns/xfrin.c b/contrib/bind9/lib/dns/xfrin.c index dd7801d4f460..f95773f41063 100644 --- a/contrib/bind9/lib/dns/xfrin.c +++ b/contrib/bind9/lib/dns/xfrin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrin.c,v 1.135.18.16 2007/10/31 01:59:47 marka Exp $ */ +/* $Id: xfrin.c,v 1.135.18.16.10.3 2008/07/23 23:16:43 marka Exp $ */ /*! \file */ @@ -862,7 +862,8 @@ xfrin_start(dns_xfrin_ctx_t *xfr) { isc_sockettype_tcp, &xfr->socket)); #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT - CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr)); + CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr, + ISC_SOCKET_REUSEADDRESS)); #endif CHECK(isc_socket_connect(xfr->socket, &xfr->masteraddr, xfr->task, xfrin_connect_done, xfr)); diff --git a/contrib/bind9/lib/isc/api b/contrib/bind9/lib/isc/api index ecadc93c94f3..f40dfe0239bf 100644 --- a/contrib/bind9/lib/isc/api +++ b/contrib/bind9/lib/isc/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 32 -LIBREVISION = 5 +LIBINTERFACE = 35 +LIBREVISION = 0 LIBAGE = 0 diff --git a/contrib/bind9/lib/isc/include/isc/resource.h b/contrib/bind9/lib/isc/include/isc/resource.h index 53b2a4e5a285..18cd0ad81e24 100644 --- a/contrib/bind9/lib/isc/include/isc/resource.h +++ b/contrib/bind9/lib/isc/include/isc/resource.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resource.h,v 1.5.18.2 2005/04/29 00:17:02 marka Exp $ */ +/* $Id: resource.h,v 1.5.18.2.52.2 2008/07/23 23:48:17 tbox Exp $ */ #ifndef ISC_RESOURCE_H #define ISC_RESOURCE_H 1 @@ -81,6 +81,19 @@ isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value); *\li #ISC_R_NOTIMPLEMENTED 'resource' is not a type known by the OS. */ +isc_result_t +isc_resource_curlimit(isc_resource_t resource, isc_resourcevalue_t *value); +/* + * Get the current limit on a resource. + * + * Requires: + * 'resource' is a valid member of the isc_resource_t enumeration. + * + * Returns: + * ISC_R_SUCCESS Success. + * ISC_R_NOTIMPLEMENTED 'resource' is not a type known by the OS. + */ + ISC_LANG_ENDDECLS #endif /* ISC_RESOURCE_H */ diff --git a/contrib/bind9/lib/isc/include/isc/socket.h b/contrib/bind9/lib/isc/include/isc/socket.h index ccc49f53ca39..951a06316ed2 100644 --- a/contrib/bind9/lib/isc/include/isc/socket.h +++ b/contrib/bind9/lib/isc/include/isc/socket.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: socket.h,v 1.57.18.6 2006/06/07 00:29:45 marka Exp $ */ +/* $Id: socket.h,v 1.57.18.6.46.4 2008/07/23 23:16:43 marka Exp $ */ #ifndef ISC_SOCKET_H #define ISC_SOCKET_H 1 @@ -77,6 +77,12 @@ ISC_LANG_BEGINDECLS */ #define ISC_SOCKET_MAXSCATTERGATHER 8 +/*% + * In isc_socket_bind() set socket option SO_REUSEADDR prior to calling + * bind() if a non zero port is specified (AF_INET and AF_INET6). + */ +#define ISC_SOCKET_REUSEADDRESS 0x01U + /*** *** Types ***/ @@ -312,7 +318,8 @@ isc_socket_detach(isc_socket_t **socketp); */ isc_result_t -isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp); +isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp, + unsigned int options); /*%< * Bind 'socket' to '*addressp'. * @@ -747,6 +754,12 @@ isc_socket_permunix(isc_sockaddr_t *sockaddr, isc_uint32_t perm, * \li #ISC_R_FAILURE */ +void +isc__socketmgr_setreserved(isc_socketmgr_t *mgr, isc_uint32_t); +/*%< + * Temporary. For use by named only. + */ + ISC_LANG_ENDDECLS #endif /* ISC_SOCKET_H */ diff --git a/contrib/bind9/lib/isc/include/isc/timer.h b/contrib/bind9/lib/isc/include/isc/timer.h index 1e139dda819d..6e78be9d0269 100644 --- a/contrib/bind9/lib/isc/include/isc/timer.h +++ b/contrib/bind9/lib/isc/include/isc/timer.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: timer.h,v 1.31.18.3 2005/10/26 06:50:50 marka Exp $ */ +/* $Id: timer.h,v 1.31.18.3.52.2 2008/07/24 23:48:09 tbox Exp $ */ #ifndef ISC_TIMER_H #define ISC_TIMER_H 1 @@ -76,6 +76,7 @@ #include #include #include +#include ISC_LANG_BEGINDECLS @@ -93,6 +94,7 @@ typedef enum { typedef struct isc_timerevent { struct isc_event common; + isc_time_t due; } isc_timerevent_t; #define ISC_TIMEREVENT_FIRSTEVENT (ISC_EVENTCLASS_TIMER + 0) diff --git a/contrib/bind9/lib/isc/timer.c b/contrib/bind9/lib/isc/timer.c index f67d0910e8bb..d594307d953c 100644 --- a/contrib/bind9/lib/isc/timer.c +++ b/contrib/bind9/lib/isc/timer.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: timer.c,v 1.73.18.7 2007/10/24 23:46:26 tbox Exp $ */ +/* $Id: timer.c,v 1.73.18.7.10.3 2008/07/29 18:35:53 jinmei Exp $ */ /*! \file */ @@ -577,7 +577,7 @@ isc_timer_detach(isc_timer_t **timerp) { static void dispatch(isc_timermgr_t *manager, isc_time_t *now) { isc_boolean_t done = ISC_FALSE, post_event, need_schedule; - isc_event_t *event; + isc_timerevent_t *event; isc_eventtype_t type = 0; isc_timer_t *timer; isc_result_t result; @@ -650,16 +650,18 @@ dispatch(isc_timermgr_t *manager, isc_time_t *now) { /* * XXX We could preallocate this event. */ - event = isc_event_allocate(manager->mctx, + event = (isc_timerevent_t *)isc_event_allocate(manager->mctx, timer, type, timer->action, timer->arg, sizeof(*event)); - if (event != NULL) - isc_task_send(timer->task, &event); - else + if (event != NULL) { + event->due = timer->due; + isc_task_send(timer->task, + ISC_EVENT_PTR(&event)); + } else UNEXPECTED_ERROR(__FILE__, __LINE__, isc_msgcat_get(isc_msgcat, ISC_MSGSET_TIMER, diff --git a/contrib/bind9/lib/isc/unix/app.c b/contrib/bind9/lib/isc/unix/app.c index 59b1f6cc9724..b71d766eb551 100644 --- a/contrib/bind9/lib/isc/unix/app.c +++ b/contrib/bind9/lib/isc/unix/app.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: app.c,v 1.50.18.2 2005/04/29 00:17:06 marka Exp $ */ +/* $Id: app.c,v 1.50.18.2.50.1 2008/07/29 04:47:31 each Exp $ */ /*! \file */ @@ -303,7 +303,7 @@ evloop() { int n; isc_time_t when, now; struct timeval tv, *tvp; - fd_set readfds, writefds; + fd_set *readfds, *writefds; int maxfd; isc_boolean_t readytasks; isc_boolean_t call_timer_dispatch = ISC_FALSE; @@ -332,7 +332,7 @@ evloop() { } isc__socketmgr_getfdsets(&readfds, &writefds, &maxfd); - n = select(maxfd, &readfds, &writefds, NULL, tvp); + n = select(maxfd, readfds, writefds, NULL, tvp); if (n == 0 || call_timer_dispatch) { /* @@ -352,7 +352,7 @@ evloop() { isc__timermgr_dispatch(); } if (n > 0) - (void)isc__socketmgr_dispatch(&readfds, &writefds, + (void)isc__socketmgr_dispatch(readfds, writefds, maxfd); (void)isc__taskmgr_dispatch(); diff --git a/contrib/bind9/lib/isc/unix/resource.c b/contrib/bind9/lib/isc/unix/resource.c index 703ec27ae076..0264976f8816 100644 --- a/contrib/bind9/lib/isc/unix/resource.c +++ b/contrib/bind9/lib/isc/unix/resource.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resource.c,v 1.12 2004/03/05 05:11:46 marka Exp $ */ +/* $Id: resource.c,v 1.12.944.4 2008/07/28 22:44:46 marka Exp $ */ #include @@ -28,6 +28,14 @@ #include #include +#ifdef __linux__ +#include /* To get the large NR_OPEN. */ +#endif + +#ifdef __hpux +#include +#endif + #include "errno2result.h" static isc_result_t @@ -182,8 +190,51 @@ isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value) { if (unixresult == 0) return (ISC_R_SUCCESS); - else - return (isc__errno2result(errno)); + +#if defined(OPEN_MAX) && defined(__APPLE__) + /* + * The Darwin kernel doesn't accept RLIM_INFINITY for rlim_cur; the + * maximum possible value is OPEN_MAX. BIND8 used to use + * sysconf(_SC_OPEN_MAX) for such a case, but this value is much + * smaller than OPEN_MAX and is not really effective. + */ + if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { + rl.rlim_cur = OPEN_MAX; + unixresult = setrlimit(unixresource, &rl); + if (unixresult == 0) + return (ISC_R_SUCCESS); + } +#elif defined(NR_OPEN) && defined(__linux__) + /* + * Some Linux kernels don't accept RLIM_INFINIT; the maximum + * possible value is the NR_OPEN defined in linux/fs.h. + */ + if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { + rl.rlim_cur = rl.rlim_max = NR_OPEN; + unixresult = setrlimit(unixresource, &rl); + if (unixresult == 0) + return (ISC_R_SUCCESS); + } +#elif defined(__hpux) + if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { + uint64_t maxfiles; + if (gettune("maxfiles_lim", &maxfiles) == 0) { + rl.rlim_cur = rl.rlim_max = maxfiles; + unixresult = setrlimit(unixresource, &rl); + if (unixresult == 0) + return (ISC_R_SUCCESS); + } + } +#endif + if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { + if (getrlimit(unixresource, &rl) == 0) { + rl.rlim_cur = rl.rlim_max; + unixresult = setrlimit(unixresource, &rl); + if (unixresult == 0) + return (ISC_R_SUCCESS); + } + } + return (isc__errno2result(errno)); } isc_result_t @@ -202,3 +253,20 @@ isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value) { return (result); } + +isc_result_t +isc_resource_curlimit(isc_resource_t resource, isc_resourcevalue_t *value) { + int unixresult; + int unixresource; + struct rlimit rl; + isc_result_t result; + + result = resource2rlim(resource, &unixresource); + if (result == ISC_R_SUCCESS) { + unixresult = getrlimit(unixresource, &rl); + INSIST(unixresult == 0); + *value = rl.rlim_cur; + } + + return (result); +} diff --git a/contrib/bind9/lib/isc/unix/socket.c b/contrib/bind9/lib/isc/unix/socket.c index e0b902167e8f..1b4da78c2436 100644 --- a/contrib/bind9/lib/isc/unix/socket.c +++ b/contrib/bind9/lib/isc/unix/socket.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: socket.c,v 1.237.18.29 2007/08/28 07:20:06 tbox Exp $ */ +/* $Id: socket.c,v 1.237.18.29.10.6 2008/07/29 04:47:31 each Exp $ */ /*! \file */ @@ -64,6 +64,34 @@ #include "socket_p.h" #endif /* ISC_PLATFORM_USETHREADS */ +/*% + * Max number of open sockets. In the vast majority of cases the default size + * of FD_SETSIZE should be fine, and this constant should be increased only + * when absolutely necessary and possible, i.e., the server is exhausting all + * available file descriptors (up to FD_SETSIZE) and the select() function + * and FD_xxx macros support larger values than FD_SETSIZE (which may not + * always by true, but we keep using some of them to ensure as much + * portability as possible). Note also that overall server performance + * may be rather worsened with a larger value of this constant due to + * inherent scalability problems of select(). + * + * As a special note, this value shouldn't have to be touched if + * this is a build for an authoritative only DNS server. + */ + +#ifndef ISC_SOCKET_FDSETSIZE +#define ISC_SOCKET_FDSETSIZE FD_SETSIZE +#endif + +/*% + * Mac OS X needs a special definition to support larger values in select() + */ +#if ISC_SOCKET_FDSETSIZE > FD_SETSIZE +#ifdef __APPLE__ +#define _DARWIN_UNLIMITED_SELECT +#endif /* __APPLE__ */ +#endif + /*% * Some systems define the socket length argument as an int, some as size_t, * some as socklen_t. This is here so it can be easily changed if needed. @@ -202,13 +230,18 @@ struct isc_socketmgr { unsigned int magic; isc_mem_t *mctx; isc_mutex_t lock; + int fd_bufsize; + int fdsize; /* Locked by manager lock. */ ISC_LIST(isc_socket_t) socklist; - fd_set read_fds; - fd_set write_fds; - isc_socket_t *fds[FD_SETSIZE]; - int fdstate[FD_SETSIZE]; + fd_set *read_fds; + fd_set *read_fds_copy; + fd_set *write_fds; + fd_set *write_fds_copy; + isc_socket_t **fds; + int *fdstate; int maxfd; + int reserved; /* unlocked */ #ifdef ISC_PLATFORM_USETHREADS isc_thread_t watcher; isc_condition_t shutdown_ok; @@ -251,6 +284,8 @@ static void build_msghdr_send(isc_socket_t *, isc_socketevent_t *, struct msghdr *, struct iovec *, size_t *); static void build_msghdr_recv(isc_socket_t *, isc_socketevent_t *, struct msghdr *, struct iovec *, size_t *); +static void cleanup_fdsets(isc_socketmgr_t *, isc_mem_t *); +static isc_result_t create_fdsets(isc_socketmgr_t *, isc_mem_t *); #define SELECT_POKE_SHUTDOWN (-1) #define SELECT_POKE_NOTHING (-2) @@ -329,12 +364,12 @@ wakeup_socket(isc_socketmgr_t *manager, int fd, int msg) { * or writes. */ - INSIST(fd >= 0 && fd < (int)FD_SETSIZE); + INSIST(fd >= 0 && fd < manager->fdsize); if (manager->fdstate[fd] == CLOSE_PENDING) { manager->fdstate[fd] = CLOSED; - FD_CLR(fd, &manager->read_fds); - FD_CLR(fd, &manager->write_fds); + FD_CLR(fd, manager->read_fds); + FD_CLR(fd, manager->write_fds); (void)close(fd); return; } @@ -347,9 +382,9 @@ wakeup_socket(isc_socketmgr_t *manager, int fd, int msg) { * Set requested bit. */ if (msg == SELECT_POKE_READ) - FD_SET(sock->fd, &manager->read_fds); + FD_SET(sock->fd, manager->read_fds); if (msg == SELECT_POKE_WRITE) - FD_SET(sock->fd, &manager->write_fds); + FD_SET(sock->fd, manager->write_fds); } #ifdef ISC_PLATFORM_USETHREADS @@ -1221,7 +1256,7 @@ destroy(isc_socket_t **sockp) { INSIST(ISC_LIST_EMPTY(sock->recv_list)); INSIST(ISC_LIST_EMPTY(sock->send_list)); INSIST(sock->connect_ev == NULL); - REQUIRE(sock->fd >= 0 && sock->fd < (int)FD_SETSIZE); + REQUIRE(sock->fd >= 0 && sock->fd < (int)manager->fdsize); LOCK(&manager->lock); @@ -1478,9 +1513,18 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, #ifdef F_DUPFD /* - * Leave a space for stdio to work in. + * Leave a space for stdio and TCP to work in. */ - if (sock->fd >= 0 && sock->fd < 20) { + if (manager->reserved != 0 && type == isc_sockettype_udp && + sock->fd >= 0 && sock->fd < manager->reserved) { + int new, tmp; + new = fcntl(sock->fd, F_DUPFD, manager->reserved); + tmp = errno; + (void)close(sock->fd); + errno = tmp; + sock->fd = new; + err = "isc_socket_create: fcntl/reserved"; + } else if (sock->fd >= 0 && sock->fd < 20) { int new, tmp; new = fcntl(sock->fd, F_DUPFD, 20); tmp = errno; @@ -1491,7 +1535,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, } #endif - if (sock->fd >= (int)FD_SETSIZE) { + if (sock->fd >= (int)manager->fdsize) { (void)close(sock->fd); isc_log_iwrite(isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, @@ -1964,7 +2008,7 @@ internal_accept(isc_task_t *me, isc_event_t *ev) { (void)close(fd); errno = tmp; fd = new; - err = "fcntl"; + err = "accept/fcntl"; } #endif @@ -1972,8 +2016,17 @@ internal_accept(isc_task_t *me, isc_event_t *ev) { if (SOFT_ERROR(errno)) goto soft_error; switch (errno) { - case ENOBUFS: case ENFILE: + case EMFILE: + isc_log_iwrite(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, + isc_msgcat, ISC_MSGSET_SOCKET, + ISC_MSG_TOOMANYFDS, + "%s: too many open file descriptors", + err); + goto soft_error; + + case ENOBUFS: case ENOMEM: case ECONNRESET: case ECONNABORTED: @@ -2023,7 +2076,7 @@ internal_accept(isc_task_t *me, isc_event_t *ev) { sock->pf); (void)close(fd); goto soft_error; - } else if (fd >= (int)FD_SETSIZE) { + } else if (fd >= (int)manager->fdsize) { isc_log_iwrite(isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, isc_msgcat, ISC_MSGSET_SOCKET, @@ -2235,7 +2288,7 @@ process_fds(isc_socketmgr_t *manager, int maxfd, isc_socket_t *sock; isc_boolean_t unlock_sock; - REQUIRE(maxfd <= (int)FD_SETSIZE); + REQUIRE(maxfd <= (int)manager->fdsize); /* * Process read/writes on other fds here. Avoid locking @@ -2249,8 +2302,8 @@ process_fds(isc_socketmgr_t *manager, int maxfd, if (manager->fdstate[i] == CLOSE_PENDING) { manager->fdstate[i] = CLOSED; - FD_CLR(i, &manager->read_fds); - FD_CLR(i, &manager->write_fds); + FD_CLR(i, manager->read_fds); + FD_CLR(i, manager->write_fds); (void)close(i); @@ -2261,7 +2314,7 @@ process_fds(isc_socketmgr_t *manager, int maxfd, unlock_sock = ISC_FALSE; if (FD_ISSET(i, readfds)) { if (sock == NULL) { - FD_CLR(i, &manager->read_fds); + FD_CLR(i, manager->read_fds); goto check_write; } unlock_sock = ISC_TRUE; @@ -2272,12 +2325,12 @@ process_fds(isc_socketmgr_t *manager, int maxfd, else dispatch_recv(sock); } - FD_CLR(i, &manager->read_fds); + FD_CLR(i, manager->read_fds); } check_write: if (FD_ISSET(i, writefds)) { if (sock == NULL) { - FD_CLR(i, &manager->write_fds); + FD_CLR(i, manager->write_fds); continue; } if (!unlock_sock) { @@ -2290,7 +2343,7 @@ process_fds(isc_socketmgr_t *manager, int maxfd, else dispatch_send(sock); } - FD_CLR(i, &manager->write_fds); + FD_CLR(i, manager->write_fds); } if (unlock_sock) UNLOCK(&sock->lock); @@ -2311,8 +2364,6 @@ watcher(void *uap) { isc_boolean_t done; int ctlfd; int cc; - fd_set readfds; - fd_set writefds; int msg, fd; int maxfd; char strbuf[ISC_STRERRORSIZE]; @@ -2326,13 +2377,16 @@ watcher(void *uap) { done = ISC_FALSE; while (!done) { do { - readfds = manager->read_fds; - writefds = manager->write_fds; + memcpy(manager->read_fds_copy, manager->read_fds, + manager->fd_bufsize); + memcpy(manager->write_fds_copy, manager->write_fds, + manager->fd_bufsize); maxfd = manager->maxfd + 1; UNLOCK(&manager->lock); - cc = select(maxfd, &readfds, &writefds, NULL, NULL); + cc = select(maxfd, manager->read_fds_copy, + manager->write_fds_copy, NULL, NULL); if (cc < 0) { if (!SOFT_ERROR(errno)) { isc__strerror(errno, strbuf, @@ -2354,7 +2408,7 @@ watcher(void *uap) { /* * Process reads on internal, control fd. */ - if (FD_ISSET(ctlfd, &readfds)) { + if (FD_ISSET(ctlfd, manager->read_fds_copy)) { for (;;) { select_readmsg(manager, &fd, &msg); @@ -2393,7 +2447,8 @@ watcher(void *uap) { } } - process_fds(manager, maxfd, &readfds, &writefds); + process_fds(manager, maxfd, manager->read_fds_copy, + manager->write_fds_copy); } manager_log(manager, TRACE, @@ -2405,6 +2460,88 @@ watcher(void *uap) { } #endif /* ISC_PLATFORM_USETHREADS */ +void +isc__socketmgr_setreserved(isc_socketmgr_t *manager, isc_uint32_t reserved) { + + REQUIRE(VALID_MANAGER(manager)); + + manager->reserved = reserved; +} + +/* + * Initialize fdsets in socketmgr structure. + */ +static isc_result_t +create_fdsets(isc_socketmgr_t *manager, isc_mem_t *mctx) { +#if ISC_SOCKET_FDSETSIZE > FD_SETSIZE + manager->fdsize = ISC_SOCKET_FDSETSIZE; + manager->fd_bufsize = howmany(ISC_SOCKET_FDSETSIZE, NFDBITS) * + sizeof(fd_mask); +#else + manager->fdsize = FD_SETSIZE; + manager->fd_bufsize = sizeof(fd_set); +#endif + + manager->fds = NULL; + manager->fdstate = NULL; + manager->read_fds = NULL; + manager->read_fds_copy = NULL; + manager->write_fds = NULL; + manager->write_fds_copy = NULL; + + manager->fds = isc_mem_get(mctx, + manager->fdsize * sizeof(manager->fds[0])); + if (manager->fds == NULL) + goto fail; + + manager->fdstate = isc_mem_get(mctx, manager->fdsize * + sizeof(manager->fdstate[0])); + if (manager->fdstate == NULL) + goto fail; + + manager->read_fds = isc_mem_get(mctx, manager->fd_bufsize); + if (manager->read_fds == NULL) + goto fail; + manager->read_fds_copy = isc_mem_get(mctx, manager->fd_bufsize); + if (manager->read_fds_copy == NULL) + goto fail; + manager->write_fds = isc_mem_get(mctx, manager->fd_bufsize); + if (manager->write_fds == NULL) + goto fail; + manager->write_fds_copy = isc_mem_get(mctx, manager->fd_bufsize); + if (manager->write_fds_copy == NULL) + goto fail; + + return (ISC_R_SUCCESS); + + fail: + cleanup_fdsets(manager, mctx); + return (ISC_R_NOMEMORY); +} + +/* + * Clean up fdsets in socketmgr structure. + */ +static void +cleanup_fdsets(isc_socketmgr_t *manager, isc_mem_t *mctx) { + if (manager->fds != NULL) { + isc_mem_put(mctx, manager->fds, + manager->fdsize * sizeof(manager->fds[0])); + } + if (manager->fdstate != NULL) { + isc_mem_put(mctx, manager->fdstate, + manager->fdsize * sizeof(manager->fdstate[0])); + } + if (manager->read_fds != NULL) + isc_mem_put(mctx, manager->read_fds, manager->fd_bufsize); + if (manager->read_fds_copy != NULL) + isc_mem_put(mctx, manager->read_fds_copy, manager->fd_bufsize); + if (manager->write_fds != NULL) + isc_mem_put(mctx, manager->write_fds, manager->fd_bufsize); + if (manager->write_fds_copy != NULL) + isc_mem_put(mctx, manager->write_fds_copy, manager->fd_bufsize); +} + /* * Create a new socket manager. */ @@ -2430,17 +2567,26 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) { if (manager == NULL) return (ISC_R_NOMEMORY); + result = create_fdsets(manager, mctx); + if (result != ISC_R_SUCCESS) { + cleanup_fdsets(manager, mctx); + isc_mem_put(mctx, manager, sizeof(*manager)); + return (result); + } + manager->magic = SOCKET_MANAGER_MAGIC; manager->mctx = NULL; - memset(manager->fds, 0, sizeof(manager->fds)); + memset(manager->fds, 0, sizeof(manager->fds[0]) * manager->fdsize); ISC_LIST_INIT(manager->socklist); result = isc_mutex_init(&manager->lock); if (result != ISC_R_SUCCESS) { + cleanup_fdsets(manager, mctx); isc_mem_put(mctx, manager, sizeof(*manager)); return (result); } #ifdef ISC_PLATFORM_USETHREADS if (isc_condition_init(&manager->shutdown_ok) != ISC_R_SUCCESS) { + cleanup_fdsets(manager, mctx); DESTROYLOCK(&manager->lock); isc_mem_put(mctx, manager, sizeof(*manager)); UNEXPECTED_ERROR(__FILE__, __LINE__, @@ -2455,6 +2601,7 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) { * select/poll loop when something internal needs to be done. */ if (pipe(manager->pipe_fds) != 0) { + cleanup_fdsets(manager, mctx); DESTROYLOCK(&manager->lock); isc_mem_put(mctx, manager, sizeof(*manager)); isc__strerror(errno, strbuf, sizeof(strbuf)); @@ -2478,15 +2625,17 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) { /* * Set up initial state for the select loop */ - FD_ZERO(&manager->read_fds); - FD_ZERO(&manager->write_fds); + memset(manager->read_fds, 0, manager->fd_bufsize); + memset(manager->write_fds, 0, manager->fd_bufsize); #ifdef ISC_PLATFORM_USETHREADS - FD_SET(manager->pipe_fds[0], &manager->read_fds); + FD_SET(manager->pipe_fds[0], manager->read_fds); manager->maxfd = manager->pipe_fds[0]; #else /* ISC_PLATFORM_USETHREADS */ manager->maxfd = 0; #endif /* ISC_PLATFORM_USETHREADS */ - memset(manager->fdstate, 0, sizeof(manager->fdstate)); + manager->reserved = 0; + memset(manager->fdstate, 0, + manager->fdsize * sizeof(manager->fdstate[0])); #ifdef ISC_PLATFORM_USETHREADS /* @@ -2592,11 +2741,12 @@ isc_socketmgr_destroy(isc_socketmgr_t **managerp) { (void)isc_condition_destroy(&manager->shutdown_ok); #endif /* ISC_PLATFORM_USETHREADS */ - for (i = 0; i < (int)FD_SETSIZE; i++) + for (i = 0; i < (int)manager->fdsize; i++) if (manager->fdstate[i] == CLOSE_PENDING) (void)close(i); DESTROYLOCK(&manager->lock); + cleanup_fdsets(manager, manager->mctx); manager->magic = 0; mctx= manager->mctx; isc_mem_put(mctx, manager, sizeof(*manager)); @@ -3165,7 +3315,8 @@ isc_socket_permunix(isc_sockaddr_t *sockaddr, isc_uint32_t perm, } isc_result_t -isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) { +isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, + unsigned int options) { char strbuf[ISC_STRERRORSIZE]; int on = 1; @@ -3184,7 +3335,8 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) { if (sock->pf == AF_UNIX) goto bind_socket; #endif - if (isc_sockaddr_getport(sockaddr) != (in_port_t)0 && + if ((options & ISC_SOCKET_REUSEADDRESS) != 0 && + isc_sockaddr_getport(sockaddr) != (in_port_t)0 && setsockopt(sock->fd, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)) < 0) { UNEXPECTED_ERROR(__FILE__, __LINE__, @@ -3813,12 +3965,17 @@ isc_socket_ipv6only(isc_socket_t *sock, isc_boolean_t yes) { #ifndef ISC_PLATFORM_USETHREADS void -isc__socketmgr_getfdsets(fd_set *readset, fd_set *writeset, int *maxfd) { +isc__socketmgr_getfdsets(fd_set **readset, fd_set **writeset, int *maxfd) { if (socketmgr == NULL) *maxfd = 0; else { - *readset = socketmgr->read_fds; - *writeset = socketmgr->write_fds; + /* Prepare duplicates of fd_sets, as select() will modify */ + memcpy(socketmgr->read_fds_copy, socketmgr->read_fds, + socketmgr->fd_bufsize); + memcpy(socketmgr->write_fds_copy, socketmgr->write_fds, + socketmgr->fd_bufsize); + *readset = socketmgr->read_fds_copy; + *writeset = socketmgr->write_fds_copy; *maxfd = socketmgr->maxfd + 1; } } diff --git a/contrib/bind9/lib/isc/unix/socket_p.h b/contrib/bind9/lib/isc/unix/socket_p.h index c260bbc9128f..4f9cf27bf1f2 100644 --- a/contrib/bind9/lib/isc/unix/socket_p.h +++ b/contrib/bind9/lib/isc/unix/socket_p.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: socket_p.h,v 1.7.18.2 2005/04/29 00:17:08 marka Exp $ */ +/* $Id: socket_p.h,v 1.7.18.2.52.1 2008/07/29 04:47:31 each Exp $ */ #ifndef ISC_SOCKET_P_H #define ISC_SOCKET_P_H @@ -27,7 +27,7 @@ #endif void -isc__socketmgr_getfdsets(fd_set *readset, fd_set *writeset, int *maxfd); +isc__socketmgr_getfdsets(fd_set **readset, fd_set **writeset, int *maxfd); isc_result_t isc__socketmgr_dispatch(fd_set *readset, fd_set *writeset, int maxfd); diff --git a/contrib/bind9/lib/isccfg/api b/contrib/bind9/lib/isccfg/api index aba393a7ba90..d94beab3e3f9 100644 --- a/contrib/bind9/lib/isccfg/api +++ b/contrib/bind9/lib/isccfg/api @@ -1,3 +1,3 @@ LIBINTERFACE = 30 -LIBREVISION = 3 +LIBREVISION = 4 LIBAGE = 0 diff --git a/contrib/bind9/lib/isccfg/namedconf.c b/contrib/bind9/lib/isccfg/namedconf.c index 65e30a2f3732..b04b3abde7a2 100644 --- a/contrib/bind9/lib/isccfg/namedconf.c +++ b/contrib/bind9/lib/isccfg/namedconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: namedconf.c,v 1.30.18.38 2006/05/03 01:46:40 marka Exp $ */ +/* $Id: namedconf.c,v 1.30.18.38.50.2 2008/07/23 23:48:17 tbox Exp $ */ /*! \file */ @@ -634,6 +634,7 @@ options_clauses[] = { { "recursing-file", &cfg_type_qstring, 0 }, { "random-device", &cfg_type_qstring, 0 }, { "recursive-clients", &cfg_type_uint32, 0 }, + { "reserved-sockets", &cfg_type_uint32, 0 }, { "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, { "serial-query-rate", &cfg_type_uint32, 0 }, { "server-id", &cfg_type_serverid, 0 }, diff --git a/contrib/bind9/version b/contrib/bind9/version index 85ab554163c8..72f7f63bc0d1 100644 --- a/contrib/bind9/version +++ b/contrib/bind9/version @@ -1,4 +1,4 @@ -# $Id: version,v 1.29.134.18.8.1 2008/05/22 21:28:03 each Exp $ +# $Id: version,v 1.29.134.18.8.2 2008/07/29 05:03:28 each Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -7,4 +7,4 @@ MAJORVER=9 MINORVER=4 PATCHVER=2 RELEASETYPE=-P -RELEASEVER=1 +RELEASEVER=2