Merge branch 'PowerDNS:master' into fix7524

PowerDNS · Dec 17, 2024 · 8edb47d · 8edb47d
2 parents d981d44 + 1af5744
commit 8edb47d
Show file tree

Hide file tree

Showing 29 changed files with 857 additions and 251 deletions.
diff --git a/docs/changelog/4.9.rst b/docs/changelog/4.9.rst
@@ -1,6 +1,20 @@
 Changelogs for 4.9.x
 ====================
 
+.. changelog::
+  :version: 4.9.3
+  :released: 17th of December 2024
+
+  This is release 4.9.3 of the Authoritative Server.
+
+  Please review the :doc:`Upgrade Notes <../upgrading>` before upgrading from versions < 4.9.x.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 14968
+
+    SVCB parser: allow quotes around port=
+
 .. changelog::
   :version: 4.9.2
   :released: 1st of October 2024

diff --git a/docs/secpoll.zone b/docs/secpoll.zone
@@ -1,4 +1,4 @@
-@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2024121300 10800 3600 604800 10800
+@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2024121700 10800 3600 604800 10800
 @       3600    IN  NS  pdns-public-ns1.powerdns.com.
 @       3600    IN  NS  pdns-public-ns2.powerdns.com.
 
@@ -130,6 +130,7 @@ auth-4.9.0-beta2.security-status                        60 IN TXT "2 Unsupported
 auth-4.9.0.security-status                              60 IN TXT "1 OK"
 auth-4.9.1.security-status                              60 IN TXT "1 OK"
 auth-4.9.2.security-status                              60 IN TXT "1 OK"
+auth-4.9.3.security-status                              60 IN TXT "1 OK"
 
 ; Auth Debian
 auth-3.4.1-2.debian.security-status                     60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2015-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-03/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-04/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-05/"

diff --git a/modules/lmdbbackend/lmdbbackend.cc b/modules/lmdbbackend/lmdbbackend.cc
@@ -1009,7 +1009,7 @@ static std::shared_ptr<DNSRecordContent> deserializeContentZR(uint16_t qtype, co
   if (qtype == QType::A && content.size() == 4) {
     return std::make_shared<ARecordContent>(*((uint32_t*)content.c_str()));
   }
-  return DNSRecordContent::deserialize(qname, qtype, content);
+  return DNSRecordContent::deserialize(qname, qtype, content, QClass::IN, true);
 }
 
 /* design. If you ask a question without a zone id, we lookup the best

diff --git a/pdns/dnsdistdist/dnsdist-carbon.cc b/pdns/dnsdistdist/dnsdist-carbon.cc
@@ -57,6 +57,11 @@ static bool doOneCarbonExport(const Carbon::Endpoint& endpoint)
     {
       auto entries = dnsdist::metrics::g_stats.entries.read_lock();
       for (const auto& entry : *entries) {
+        // Skip non-empty labels, since labels are not supported in Carbon
+        if (!entry.d_labels.empty()) {
+          continue;
+        }
+
         str << namespace_name << "." << hostname << "." << instance_name << "." << entry.d_name << ' ';
         if (const auto& val = std::get_if<pdns::stat_t*>(&entry.d_value)) {
           str << (*val)->load();

diff --git a/pdns/dnsdistdist/dnsdist-idstate.hh b/pdns/dnsdistdist/dnsdist-idstate.hh
@@ -157,8 +157,8 @@ struct InternalQueryState
   int32_t d_streamID{-1}; // 4
   uint32_t cacheKey{0}; // 4
   uint32_t cacheKeyNoECS{0}; // 4
-  // DoH-only */
-  uint32_t cacheKeyUDP{0}; // 4
+  // DoH-only: if we received a TC=1 answer, we had to retry over TCP and thus we need the TCP cache key */
+  uint32_t cacheKeyTCP{0}; // 4
   uint32_t ttlCap{0}; // cap the TTL _after_ inserting into the packet cache // 4
   int backendFD{-1}; // 4
   int delayMsec{0};

diff --git a/pdns/dnsdistdist/dnsdist-lua-ffi.cc b/pdns/dnsdistdist/dnsdist-lua-ffi.cc
@@ -260,7 +260,7 @@ void dnsdist_ffi_dnsquestion_get_sni(const dnsdist_ffi_dnsquestion_t* dq, const
 
 const char* dnsdist_ffi_dnsquestion_get_tag(const dnsdist_ffi_dnsquestion_t* dq, const char* label)
 {
-  const char * result = nullptr;
+  const char* result = nullptr;
 
   if (dq != nullptr && dq->dq != nullptr && dq->dq->ids.qTag != nullptr) {
     const auto it = dq->dq->ids.qTag->find(label);
@@ -456,7 +456,6 @@ size_t dnsdist_ffi_dnsquestion_get_tag_array(dnsdist_ffi_dnsquestion_t* dq, cons
     ++pos;
   }
 
-
   if (!dq->tagsVect->empty()) {
     *out = dq->tagsVect->data();
   }
@@ -1007,7 +1006,7 @@ static constexpr char s_lua_ffi_code[] = R"FFICodeContent(
   ffi.cdef[[
 )FFICodeContent"
 #include "dnsdist-lua-ffi-interface.inc"
-R"FFICodeContent(
+                                         R"FFICodeContent(
   ]]
 
 )FFICodeContent";
@@ -1057,7 +1056,8 @@ size_t dnsdist_ffi_generate_proxy_protocol_payload(const size_t addrSize, const
     if (valuesCount > 0) {
       valuesVect.reserve(valuesCount);
       for (size_t idx = 0; idx < valuesCount; idx++) {
-        valuesVect.push_back({ std::string(values[idx].value, values[idx].size), values[idx].type });
+        // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-pointer-arithmetic)
+        valuesVect.push_back({std::string(values[idx].value, values[idx].size), values[idx].type});
       }
     }
 
@@ -1086,7 +1086,8 @@ size_t dnsdist_ffi_dnsquestion_generate_proxy_protocol_payload(const dnsdist_ffi
   if (valuesCount > 0) {
     valuesVect.reserve(valuesCount);
     for (size_t idx = 0; idx < valuesCount; idx++) {
-      valuesVect.push_back({ std::string(values[idx].value, values[idx].size), values[idx].type });
+      // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-pointer-arithmetic)
+      valuesVect.push_back({std::string(values[idx].value, values[idx].size), values[idx].type});
     }
   }
 
@@ -1113,7 +1114,7 @@ bool dnsdist_ffi_dnsquestion_add_proxy_protocol_values(dnsdist_ffi_dnsquestion_t
   dnsQuestion->dq->proxyProtocolValues->reserve(dnsQuestion->dq->proxyProtocolValues->size() + valuesCount);
   for (size_t idx = 0; idx < valuesCount; idx++) {
     // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-pointer-arithmetic): the Lua FFI API is a C API..
-    dnsQuestion->dq->proxyProtocolValues->push_back({ std::string(values[idx].value, values[idx].size), values[idx].type });
+    dnsQuestion->dq->proxyProtocolValues->push_back({std::string(values[idx].value, values[idx].size), values[idx].type});
   }
 
   return true;
@@ -1146,7 +1147,8 @@ struct dnsdist_ffi_domain_list_t
 {
   std::vector<std::string> d_domains;
 };
-struct dnsdist_ffi_address_list_t {
+struct dnsdist_ffi_address_list_t
+{
   std::vector<std::string> d_addresses;
 };
 
@@ -1476,7 +1478,8 @@ void dnsdist_ffi_ring_entry_list_free(dnsdist_ffi_ring_entry_list_t* list)
   delete list;
 }
 
-template<typename T> static void addRingEntryToList(std::unique_ptr<dnsdist_ffi_ring_entry_list_t>& list, const struct timespec& now, const T& entry)
+template <typename T>
+static void addRingEntryToList(std::unique_ptr<dnsdist_ffi_ring_entry_list_t>& list, const struct timespec& now, const T& entry)
 {
   auto age = DiffTime(entry.when, now);
 
@@ -1805,45 +1808,45 @@ bool dnsdist_ffi_metric_declare(const char* name, size_t nameLen, const char* ty
   if (name == nullptr || nameLen == 0 || type == nullptr || description == nullptr) {
     return false;
   }
-  auto result = dnsdist::metrics::declareCustomMetric(name, type, description, customName != nullptr ? std::optional<std::string>(customName) : std::nullopt);
+  auto result = dnsdist::metrics::declareCustomMetric(name, type, description, customName != nullptr ? std::optional<std::string>(customName) : std::nullopt, false);
   return !result;
 }
 
 void dnsdist_ffi_metric_inc(const char* metricName, size_t metricNameLen)
 {
-  auto result = dnsdist::metrics::incrementCustomCounter(std::string_view(metricName, metricNameLen), 1U);
+  auto result = dnsdist::metrics::incrementCustomCounter(std::string_view(metricName, metricNameLen), 1U, {});
   if (std::get_if<dnsdist::metrics::Error>(&result) != nullptr) {
     return;
   }
 }
 
 void dnsdist_ffi_metric_inc_by(const char* metricName, size_t metricNameLen, uint64_t value)
 {
-  auto result = dnsdist::metrics::incrementCustomCounter(std::string_view(metricName, metricNameLen), value);
+  auto result = dnsdist::metrics::incrementCustomCounter(std::string_view(metricName, metricNameLen), value, {});
   if (std::get_if<dnsdist::metrics::Error>(&result) != nullptr) {
     return;
   }
 }
 
 void dnsdist_ffi_metric_dec(const char* metricName, size_t metricNameLen)
 {
-  auto result = dnsdist::metrics::decrementCustomCounter(std::string_view(metricName, metricNameLen), 1U);
+  auto result = dnsdist::metrics::decrementCustomCounter(std::string_view(metricName, metricNameLen), 1U, {});
   if (std::get_if<dnsdist::metrics::Error>(&result) != nullptr) {
     return;
   }
 }
 
 void dnsdist_ffi_metric_set(const char* metricName, size_t metricNameLen, double value)
 {
-  auto result = dnsdist::metrics::setCustomGauge(std::string_view(metricName, metricNameLen), value);
+  auto result = dnsdist::metrics::setCustomGauge(std::string_view(metricName, metricNameLen), value, {});
   if (std::get_if<dnsdist::metrics::Error>(&result) != nullptr) {
     return;
   }
 }
 
 double dnsdist_ffi_metric_get(const char* metricName, size_t metricNameLen, bool isCounter)
 {
-  auto result = dnsdist::metrics::getCustomMetric(std::string_view(metricName, metricNameLen));
+  auto result = dnsdist::metrics::getCustomMetric(std::string_view(metricName, metricNameLen), {});
   if (std::get_if<dnsdist::metrics::Error>(&result) != nullptr) {
     return 0.;
   }

diff --git a/pdns/dnsdistdist/dnsdist-lua-ffi.hh b/pdns/dnsdistdist/dnsdist-lua-ffi.hh
@@ -23,27 +23,31 @@
 
 #include "dnsdist.hh"
 
-extern "C" {
+extern "C"
+{
 #include "dnsdist-lua-ffi-interface.h"
 }
 
 #include "ext/luawrapper/include/LuaContext.hpp"
 
 // dnsdist_ffi_dnsquestion_t is a lightuserdata
-template<>
-struct LuaContext::Pusher<dnsdist_ffi_dnsquestion_t*> {
-    static const int minSize = 1;
-    static const int maxSize = 1;
-
-    static PushedObject push(lua_State* state, dnsdist_ffi_dnsquestion_t* ptr) noexcept {
-        lua_pushlightuserdata(state, ptr);
-        return PushedObject{state, 1};
-    }
+template <>
+struct LuaContext::Pusher<dnsdist_ffi_dnsquestion_t*>
+{
+  static const int minSize = 1;
+  static const int maxSize = 1;
+
+  static PushedObject push(lua_State* state, dnsdist_ffi_dnsquestion_t* ptr) noexcept
+  {
+    lua_pushlightuserdata(state, ptr);
+    return PushedObject{state, 1};
+  }
 };
 
 struct dnsdist_ffi_dnsquestion_t
 {
-  dnsdist_ffi_dnsquestion_t(DNSQuestion* dq_): dq(dq_)
+  dnsdist_ffi_dnsquestion_t(DNSQuestion* dq_) :
+    dq(dq_)
   {
   }
 
@@ -63,20 +67,23 @@ struct dnsdist_ffi_dnsquestion_t
 };
 
 // dnsdist_ffi_dnsresponse_t is a lightuserdata
-template<>
-struct LuaContext::Pusher<dnsdist_ffi_dnsresponse_t*> {
-    static const int minSize = 1;
-    static const int maxSize = 1;
-
-    static PushedObject push(lua_State* state, dnsdist_ffi_dnsresponse_t* ptr) noexcept {
-        lua_pushlightuserdata(state, ptr);
-        return PushedObject{state, 1};
-    }
+template <>
+struct LuaContext::Pusher<dnsdist_ffi_dnsresponse_t*>
+{
+  static const int minSize = 1;
+  static const int maxSize = 1;
+
+  static PushedObject push(lua_State* state, dnsdist_ffi_dnsresponse_t* ptr) noexcept
+  {
+    lua_pushlightuserdata(state, ptr);
+    return PushedObject{state, 1};
+  }
 };
 
 struct dnsdist_ffi_dnsresponse_t
 {
-  dnsdist_ffi_dnsresponse_t(DNSResponse* dr_): dr(dr_)
+  dnsdist_ffi_dnsresponse_t(DNSResponse* dr_) :
+    dr(dr_)
   {
   }
 
@@ -85,44 +92,50 @@ struct dnsdist_ffi_dnsresponse_t
 };
 
 // dnsdist_ffi_server_t is a lightuserdata
-template<>
-struct LuaContext::Pusher<dnsdist_ffi_server_t*> {
-    static const int minSize = 1;
-    static const int maxSize = 1;
-
-    static PushedObject push(lua_State* state, dnsdist_ffi_server_t* ptr) noexcept {
-        lua_pushlightuserdata(state, ptr);
-        return PushedObject{state, 1};
-    }
+template <>
+struct LuaContext::Pusher<dnsdist_ffi_server_t*>
+{
+  static const int minSize = 1;
+  static const int maxSize = 1;
+
+  static PushedObject push(lua_State* state, dnsdist_ffi_server_t* ptr) noexcept
+  {
+    lua_pushlightuserdata(state, ptr);
+    return PushedObject{state, 1};
+  }
 };
 
 struct dnsdist_ffi_server_t
 {
-  dnsdist_ffi_server_t(const std::shared_ptr<DownstreamState>& server_): server(server_)
+  dnsdist_ffi_server_t(const std::shared_ptr<DownstreamState>& server_) :
+    server(server_)
   {
   }
 
   const std::shared_ptr<DownstreamState>& server;
 };
 
 // dnsdist_ffi_servers_list_t is a lightuserdata
-template<>
-struct LuaContext::Pusher<dnsdist_ffi_servers_list_t*> {
-    static const int minSize = 1;
-    static const int maxSize = 1;
-
-    static PushedObject push(lua_State* state, dnsdist_ffi_servers_list_t* ptr) noexcept {
-        lua_pushlightuserdata(state, ptr);
-        return PushedObject{state, 1};
-    }
+template <>
+struct LuaContext::Pusher<dnsdist_ffi_servers_list_t*>
+{
+  static const int minSize = 1;
+  static const int maxSize = 1;
+
+  static PushedObject push(lua_State* state, dnsdist_ffi_servers_list_t* ptr) noexcept
+  {
+    lua_pushlightuserdata(state, ptr);
+    return PushedObject{state, 1};
+  }
 };
 
 struct dnsdist_ffi_servers_list_t
 {
-  dnsdist_ffi_servers_list_t(const ServerPolicy::NumberedServerVector& servers_): servers(servers_)
+  dnsdist_ffi_servers_list_t(const ServerPolicy::NumberedServerVector& servers_) :
+    servers(servers_)
   {
     ffiServers.reserve(servers.size());
-    for (const auto& server: servers) {
+    for (const auto& server : servers) {
       ffiServers.push_back(dnsdist_ffi_server_t(server.second));
     }
   }
@@ -132,20 +145,23 @@ struct dnsdist_ffi_servers_list_t
 };
 
 // dnsdist_ffi_network_message_t is a lightuserdata
-template<>
-struct LuaContext::Pusher<dnsdist_ffi_network_message_t*> {
-    static const int minSize = 1;
-    static const int maxSize = 1;
-
-    static PushedObject push(lua_State* state, dnsdist_ffi_network_message_t* ptr) noexcept {
-        lua_pushlightuserdata(state, ptr);
-        return PushedObject{state, 1};
-    }
+template <>
+struct LuaContext::Pusher<dnsdist_ffi_network_message_t*>
+{
+  static const int minSize = 1;
+  static const int maxSize = 1;
+
+  static PushedObject push(lua_State* state, dnsdist_ffi_network_message_t* ptr) noexcept
+  {
+    lua_pushlightuserdata(state, ptr);
+    return PushedObject{state, 1};
+  }
 };
 
 struct dnsdist_ffi_network_message_t
 {
-  dnsdist_ffi_network_message_t(const std::string& payload_ ,const std::string& from_, uint16_t endpointID_): payload(payload_), from(from_), endpointID(endpointID_)
+  dnsdist_ffi_network_message_t(const std::string& payload_, const std::string& from_, uint16_t endpointID_) :
+    payload(payload_), from(from_), endpointID(endpointID_)
   {
   }