From 7e7fc71357309c1646eee51d82ab515472c62346 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 20 Jan 2015 16:10:30 -0800 Subject: [PATCH] add keep-response-order option warning Support keep-response-order ACL on input, but do not take any action setting it. Used as backward compatibility after support for pipelining and TCP connection reusage were again removed. --- bin/named/config.c | 1 + bin/named/server.c | 11 ++++++++++ bin/tests/named.conf | 3 ++- .../checkconf/bad-keep-response-order.conf | 21 +++++++++++++++++++ bin/tests/system/checkconf/bad-many.conf | 3 ++- bin/tests/system/checkconf/good.conf | 3 +++ lib/bind9/check.c | 4 ++-- lib/isccfg/namedconf.c | 1 + 8 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 bin/tests/system/checkconf/bad-keep-response-order.conf diff --git a/bin/named/config.c b/bin/named/config.c index 22d8a85..515cc4f 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -72,6 +72,7 @@ options {\n\ heartbeat-interval 60;\n\ host-statistics no;\n\ interface-interval 60;\n\ +# keep-response-order {any;};\n\ listen-on {any;};\n\ listen-on-v6 {none;};\n\ match-mapped-addresses no;\n\ diff --git a/bin/named/server.c b/bin/named/server.c index e8f19d3..0ee47af 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -4987,6 +4987,7 @@ load_configuration(const char *filename, ns_server_t *server, const cfg_obj_t *options; const cfg_obj_t *usev4ports, *avoidv4ports, *usev6ports, *avoidv6ports; const cfg_obj_t *views; + dns_acl_t *keepresporder=NULL; dns_view_t *view = NULL; dns_view_t *view_next; dns_viewlist_t tmpviewlist; @@ -5207,6 +5208,16 @@ load_configuration(const char *filename, ns_server_t *server, dns_dispatchmgr_setblackhole(ns_g_dispatchmgr, server->blackholeacl); + CHECK(configure_view_acl(NULL, config, "keep-response-order", NULL, + ns_g_aclconfctx, ns_g_mctx, + &keepresporder)); + if (keepresporder != NULL) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_WARNING, + "keep-response-order option is ignored and can be safely removed"); + dns_acl_detach(&keepresporder); + } + obj = NULL; result = ns_config_get(maps, "match-mapped-addresses", &obj); INSIST(result == ISC_R_SUCCESS); diff --git a/bin/tests/named.conf b/bin/tests/named.conf index 722d262..5b40045 100644 --- a/bin/tests/named.conf +++ b/bin/tests/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2011, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -116,6 +116,7 @@ options { allow-transfer { any; }; allow-recursion { !any; }; blackhole { 45/24; }; + keep-response-order { 46/24; }; listen-on { 10/24; diff --git a/bin/tests/system/checkconf/bad-keep-response-order.conf b/bin/tests/system/checkconf/bad-keep-response-order.conf new file mode 100644 index 0000000..24c1f6c --- /dev/null +++ b/bin/tests/system/checkconf/bad-keep-response-order.conf @@ -0,0 +1,21 @@ +/* + * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +options { + keep-response-order { + does_not_exist; + }; +}; diff --git a/bin/tests/system/checkconf/bad-many.conf b/bin/tests/system/checkconf/bad-many.conf index cfc4d02..09add87 100644 --- a/bin/tests/system/checkconf/bad-many.conf +++ b/bin/tests/system/checkconf/bad-many.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2005, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -33,6 +33,7 @@ options { host-statistics-max 100; hostname none; interface-interval 30; + keep-response-order { 10.0.0.10/24; }; listen-on port 90 { any; }; listen-on port 100 { 127.0.0.1; }; listen-on-v6 port 53 { none; }; diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf index cf7c745..43b0638 100644 --- a/bin/tests/system/checkconf/good.conf +++ b/bin/tests/system/checkconf/good.conf @@ -44,6 +44,9 @@ options { host-statistics-max 100; hostname none; interface-interval 30; + keep-response-order { + 10.0.0.10/24; + }; listen-on port 90 { "any"; }; diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 00c4b3e..d4803e2 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -403,8 +403,8 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, static const char *acls[] = { "allow-query", "allow-query-on", "allow-query-cache", "allow-query-cache-on", - "blackhole", "match-clients", "match-destinations", - "sortlist", "filter-aaaa", NULL }; + "blackhole", "keep-response-order", "match-clients", + "match-destinations", "sortlist", "filter-aaaa", NULL }; while (acls[i] != NULL) { tresult = checkacl(acls[i++], actx, NULL, voptions, config, diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index d9b1df1..f357c63 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -959,6 +959,7 @@ options_clauses[] = { { "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP }, { "hostname", &cfg_type_qstringornone, 0 }, { "interface-interval", &cfg_type_uint32, 0 }, + { "keep-response-order", &cfg_type_bracketed_aml, 0 }, { "listen-on", &cfg_type_listenon, CFG_CLAUSEFLAG_MULTI }, { "listen-on-v6", &cfg_type_listenon, CFG_CLAUSEFLAG_MULTI }, { "managed-keys-directory", &cfg_type_qstring, 0 }, -- 2.20.1