d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IFC @ r255209

Browse Source
This commit is contained in:
Peter Grehan 2013-09-04 20:55:56 +00:00
commit 46ed9e4908
3423 changed files with 711250 additions and 103256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Makefile
View File

@ -242,6 +242,7 @@ cleanworld:
# skip this for -n to avoid changing previous behavior of
# 'make -n buildworld' etc.
${TGTS}: .MAKE
tinderbox toolchains kernel-toolchains: .MAKE
.endif
${TGTS}:
@ -348,19 +349,21 @@ make bmake: .PHONY
@echo ">>> Building an up-to-date make(1)"
@echo "--------------------------------------------------------------"
${_+_}@cd ${.CURDIR}/usr.bin/${.TARGET}; \
${MMAKE} obj && \
${MMAKE} depend && \
${MMAKE} all && \
${MMAKE} obj DESTDIR= && \
${MMAKE} depend DESTDIR= && \
${MMAKE} all DESTDIR= && \
${MMAKE} install DESTDIR=${MYMAKE:H} BINDIR= PROGNAME=${MYMAKE:T}
tinderbox toolchains kernel-toolchains: upgrade_checks
tinderbox:
@cd ${.CURDIR} && ${MAKE} DOING_TINDERBOX=YES universe
@cd ${.CURDIR} && ${SUB_MAKE} DOING_TINDERBOX=YES universe
toolchains:
@cd ${.CURDIR} && ${MAKE} UNIVERSE_TARGET=toolchain universe
@cd ${.CURDIR} && ${SUB_MAKE} UNIVERSE_TARGET=toolchain universe
kernel-toolchains:
@cd ${.CURDIR} && ${MAKE} UNIVERSE_TARGET=kernel-toolchain universe
@cd ${.CURDIR} && ${SUB_MAKE} UNIVERSE_TARGET=kernel-toolchain universe
#
# universe
@ -419,7 +422,7 @@ universe_${target}_prologue: universe_prologue
.if !defined(MAKE_JUST_KERNELS)
.for target_arch in ${TARGET_ARCHES_${target}}
universe_${target}: universe_${target}_${target_arch}
universe_${target}_${target_arch}: universe_${target}_prologue
universe_${target}_${target_arch}: universe_${target}_prologue .MAKE
@echo ">> ${target}.${target_arch} ${UNIVERSE_TARGET} started on `LC_ALL=C date`"
@(cd ${.CURDIR} && env __MAKE_CONF=/dev/null \
${SUB_MAKE} ${JFLAG} ${UNIVERSE_TARGET} \
@ -440,7 +443,7 @@ universe_${target}_kernels: universe_${target}_${target_arch}
.endfor
.endif
universe_${target}: universe_${target}_kernels
universe_${target}_kernels: universe_${target}_prologue
universe_${target}_kernels: universe_${target}_prologue .MAKE
.if exists(${KERNSRCDIR}/${target}/conf/NOTES)
@(cd ${KERNSRCDIR}/${target}/conf && env __MAKE_CONF=/dev/null \
${SUB_MAKE} LINT > ${.CURDIR}/_.${target}.makeLINT 2>&1 || \
@ -468,7 +471,7 @@ TARGET_ARCH_${kernel}!= cd ${KERNSRCDIR}/${TARGET}/conf && \
.error "Target architecture for ${TARGET}/conf/${kernel} unknown. config(8) likely too old."
.endif
universe_kernconfs: universe_kernconf_${TARGET}_${kernel}
universe_kernconf_${TARGET}_${kernel}:
universe_kernconf_${TARGET}_${kernel}: .MAKE
@(cd ${.CURDIR} && env __MAKE_CONF=/dev/null \
${SUB_MAKE} ${JFLAG} buildkernel \
TARGET=${TARGET} \

9
Makefile.inc1
View File

@ -265,7 +265,7 @@ WMAKEENV= ${CROSSENV} \
PATH=${TMPPATH}
# make hierarchy
HMAKE= PATH=${TMPPATH} ${MAKE} LOCAL_MTREE=${LOCAL_MTREE}
HMAKE= PATH=${TMPPATH} ${MAKE} LOCAL_MTREE=${LOCAL_MTREE:Q}
.if defined(NO_ROOT)
HMAKE+= PATH=${TMPPATH} METALOG=${METALOG} -DNO_ROOT
.endif
@ -814,7 +814,7 @@ distributeworld installworld: installcheck installcheck_UGID
cd ${.CURDIR}/etc; ${CROSSENV} PATH=${TMPPATH} ${MAKE} \
METALOG=${METALOG} ${IMAKE_INSTALL} ${IMAKE_MTREE} \
DISTBASE=/base DESTDIR=${DESTDIR}/${DISTDIR}/base \
LOCAL_MTREE=${LOCAL_MTREE} distrib-dirs
LOCAL_MTREE=${LOCAL_MTREE:Q} distrib-dirs
.endif
${_+_}cd ${.CURDIR}; ${IMAKE} re${.TARGET:S/world$//}; \
${IMAKEENV} rm -rf ${INSTALLTMP}
@ -888,7 +888,7 @@ reinstall:
@echo ">>> Making hierarchy"
@echo "--------------------------------------------------------------"
${_+_}cd ${.CURDIR}; ${MAKE} -f Makefile.inc1 \
LOCAL_MTREE=${LOCAL_MTREE} hierarchy
LOCAL_MTREE=${LOCAL_MTREE:Q} hierarchy
@echo
@echo "--------------------------------------------------------------"
@echo ">>> Installing everything"
@ -1331,7 +1331,8 @@ build-tools: .MAKE
usr.bin/awk \
lib/libmagic \
usr.bin/mkesdb_static \
usr.bin/mkcsmapper_static
usr.bin/mkcsmapper_static \
usr.bin/vi/catalog
${_+_}@${ECHODIR} "===> ${_tool} (obj,build-tools)"; \
cd ${.CURDIR}/${_tool} && \
${MAKE} DIRPRFX=${_tool}/ obj && \

15
ObsoleteFiles.inc
View File

@ -38,6 +38,20 @@
# xargs -n1 | sort | uniq -d;
# done
# 20130903: gnupatch is no more
OLD_FILES+=usr/bin/gnupatch
OLD_FILES+=usr/share/man/man1/gnupatch.1.gz
# 20130829: bsdpatch is patch unconditionally
OLD_FILES+=usr/bin/bsdpatch
OLD_FILES+=usr/share/man/man1/bsdpatch.1.gz
# 20130822: bind 9.9.3-P2 import
OLD_LIBS+=usr/lib/liblwres.so.80
# 20130814: vm_page_busy(9)
OLD_FILES+=usr/share/man/man9/vm_page_flash.9.gz
OLD_FILES+=usr/share/man/man9/vm_page_io.9.gz
OLD_FILES+=usr/share/man/man9/vm_page_io_finish.9.gz
OLD_FILES+=usr/share/man/man9/vm_page_io_start.9.gz
OLD_FILES+=usr/share/man/man9/vm_page_wakeup.9.gz
# 20130710: libkvm version bump
OLD_LIBS+=lib/libkvm.so.5
OLD_LIBS+=usr/lib32/libkvm.so.5
@ -114,6 +128,7 @@ OLD_FILES+=usr/include/clang/3.2/xmmintrin.h
OLD_FILES+=usr/include/clang/3.2/xopintrin.h
OLD_DIRS+=usr/include/clang/3.2
# 20130404: legacy ATA stack removed
OLD_FILES+=etc/periodic/daily/405.status-ata-raid
OLD_FILES+=rescue/atacontrol
OLD_FILES+=sbin/atacontrol
OLD_FILES+=usr/share/man/man8/atacontrol.8.gz

61
UPDATING
View File

@ -31,6 +31,63 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 10.x IS SLOW:
disable the most expensive debugging functionality run
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
20130827:
Thomas Dickey (vendor author thereof) reports that dialog(1) since
2011/10/18 has a bug in handling --hline. Testers and I noticed the
--hline is not ignored but displayed as a NULL string, regardless of
value. This will cause confusion in some bsdconfig dialogs where the
--hline is used to inform users which keybindings to use. This will
likewise affect any other persons relying on --hline. It also looks
rather strange seeing "[]" at the bottom of dialog(1) widgets when
passing --hline "anything". Thomas said he will have a look in a few
weeks. NOTE: The "[]" brackets appear with the left-edge where it
would normally appear given the width of text to display, but the
displayed text is not there (part of the bug).
20130821:
The PADLOCK_RNG and RDRAND_RNG kernel options are now devices.
Thus "device padlock_rng" and "device rdrand_rng" should be
used instead of "options PADLOCK_RNG" & "options RDRAND_RNG".
20130813:
WITH_ICONV has been split into two feature sets. WITH_ICONV now
enables just the iconv* functionality and is now on by default.
WITH_LIBICONV_COMPAT enables the libiconv api and link time
compatability. Set WITHOUT_ICONV to build the old way.
If you have been using WITH_ICONV before, you will very likely
need to turn on WITH_LIBICONV_COMPAT.
20130806:
INVARIANTS option now enables DEBUG for code with OpenSolaris and
Illumos origin, including ZFS. If you have INVARIANTS in your
kernel configuration, then there is no need to set DEBUG or ZFS_DEBUG
explicitly.
DEBUG used to enable witness(9) tracking of OpenSolaris (mostly ZFS)
locks if WITNESS option was set. Because that generated a lot of
witness(9) reports and all of them were believed to be false
positives, this is no longer done. New option OPENSOLARIS_WITNESS
can be used to achieve the previous behavior.
20130806:
Timer values in IPv6 data structures now use time_uptime instead
of time_second. Although this is not a user-visible functional
change, userland utilities which directly use them---ndp(8),
rtadvd(8), and rtsold(8) in the base system---need to be updated
to r253970 or later.
20130802:
find -delete can now delete the pathnames given as arguments,
instead of only files found below them or if the pathname did
not contain any slashes. Formerly, the following error message
would result:
find: -delete: <path>: relative path potentially not safe
Deleting the pathnames given as arguments can be prevented
without error messages using -mindepth 1 or by changing
directory and passing "." as argument to find. This works in the
old as well as the new version of find.
20130726:
Behavior of devfs rules path matching has been changed.
Pattern is now always matched against fully qualified devfs
@ -301,9 +358,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 10.x IS SLOW:
20120913:
The random(4) support for the VIA hardware random number
generator (`PADLOCK') is no longer enabled unconditionally.
Add the PADLOCK_RNG option in the custom kernel config if
Add the padlock_rng device in the custom kernel config if
needed. The GENERIC kernels on i386 and amd64 do include the
option, so the change only affects the custom kernel
device, so the change only affects the custom kernel
configurations.
20120908:

22
bin/chflags/chflags.1
View File

@ -32,7 +32,7 @@
.\" @(#)chflags.1 8.4 (Berkeley) 5/2/95
.\" $FreeBSD$
.\"
.Dd March 3, 2006
.Dd April 8, 2013
.Dt CHFLAGS 1
.Os
.Sh NAME
@ -101,20 +101,36 @@ The following keywords are currently defined:
.Bl -tag -offset indent -width ".Cm opaque"
.It Cm arch , archived
set the archived flag (super-user only)
.It Cm opaque
set the opaque flag (owner or super-user only)
.It Cm nodump
set the nodump flag (owner or super-user only)
.It Cm opaque
set the opaque flag (owner or super-user only)
.It Cm sappnd , sappend
set the system append-only flag (super-user only)
.It Cm schg , schange , simmutable
set the system immutable flag (super-user only)
.It Cm snapshot
set the snapshot flag (filesystems do not allow changing this flag)
.It Cm sunlnk , sunlink
set the system undeletable flag (super-user only)
.It Cm uappnd , uappend
set the user append-only flag (owner or super-user only)
.It Cm uarch , uarchive
set the archive flag (owner or super-user only)
.It Cm uchg , uchange , uimmutable
set the user immutable flag (owner or super-user only)
.It Cm uhidden , hidden
set the hidden file attribute (owner or super-user only)
.It Cm uoffline , offline
set the offline file attribute (owner or super-user only)
.It Cm urdonly , rdonly , readonly
set the DOS, Windows and CIFS readonly flag (owner or super-user only)
.It Cm usparse , sparse
set the sparse file attribute (owner or super-user only)
.It Cm usystem , system
set the DOS, Windows and CIFS system flag (owner or super-user only)
.It Cm ureparse , reparse
set the Windows reparse point file attribute (owner or super-user only)
.It Cm uunlnk , uunlink
set the user undeletable flag (owner or super-user only)
.El

3
bin/ls/ls.1
View File

@ -232,6 +232,9 @@ output.
Include the file flags in a long
.Pq Fl l
output.
See
.Xr chflags 1
for a list of file flags and their meanings.
.It Fl p
Write a slash
.Pq Ql /

7
bin/pkill/pkill.1
View File

@ -29,7 +29,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd February 11, 2010
.Dd August 9, 2013
.Dt PKILL 1
.Os
.Sh NAME
@ -44,6 +44,7 @@
.Op Fl N Ar system
.Op Fl P Ar ppid
.Op Fl U Ar uid
.Op Fl c Ar class
.Op Fl d Ar delim
.Op Fl g Ar pgrp
.Op Fl j Ar jid
@ -60,6 +61,7 @@
.Op Fl N Ar system
.Op Fl P Ar ppid
.Op Fl U Ar uid
.Op Fl c Ar class
.Op Fl g Ar pgrp
.Op Fl j Ar jid
.Op Fl s Ar sid
@ -130,6 +132,9 @@ or
process and all of its ancestors are excluded (unless
.Fl v
is used).
.It Fl c Ar class
Restrict matches to processes running with specified login class
.Ar class .
.It Fl f
Match against full argument lists.
The default is to match against process names.

43
bin/pkill/pkill.c
View File

@ -79,12 +79,14 @@ enum listtype {
LT_TTY,
LT_PGRP,
LT_JID,
LT_SID
LT_SID,
LT_CLASS
};
struct list {
SLIST_ENTRY(list) li_chain;
long li_number;
char *li_name;
};
SLIST_HEAD(listhead, list);
@ -116,6 +118,7 @@ static struct listhead ppidlist = SLIST_HEAD_INITIALIZER(ppidlist);
static struct listhead tdevlist = SLIST_HEAD_INITIALIZER(tdevlist);
static struct listhead sidlist = SLIST_HEAD_INITIALIZER(sidlist);
static struct listhead jidlist = SLIST_HEAD_INITIALIZER(jidlist);
static struct listhead classlist = SLIST_HEAD_INITIALIZER(classlist);
static void usage(void) __attribute__((__noreturn__));
static int killact(const struct kinfo_proc *);
@ -179,7 +182,7 @@ main(int argc, char **argv)
execf = NULL;
coref = _PATH_DEVNULL;
while ((ch = getopt(argc, argv, "DF:G:ILM:N:P:SU:ad:fg:ij:lnoqs:t:u:vx")) != -1)
while ((ch = getopt(argc, argv, "DF:G:ILM:N:P:SU:ac:d:fg:ij:lnoqs:t:u:vx")) != -1)
switch (ch) {
case 'D':
debug_opt++;
@ -222,6 +225,10 @@ main(int argc, char **argv)
case 'a':
ancestors++;
break;
case 'c':
makelist(&classlist, LT_CLASS, optarg);
criteria = 1;
break;
case 'd':
if (!pgrep)
usage();
@ -469,6 +476,20 @@ main(int argc, char **argv)
continue;
}
SLIST_FOREACH(li, &classlist, li_chain) {
/*
* We skip P_SYSTEM processes to match ps(1) output.
*/
if ((kp->ki_flag & P_SYSTEM) == 0 &&
kp->ki_loginclass != NULL &&
strcmp(kp->ki_loginclass, li->li_name) == 0)
break;
}
if (SLIST_FIRST(&classlist) != NULL && li == NULL) {
selected[i] = 0;
continue;
}
if (argc == 0)
selected[i] = 1;
}
@ -562,9 +583,9 @@ usage(void)
fprintf(stderr,
"usage: %s %s [-F pidfile] [-G gid] [-M core] [-N system]\n"
" [-P ppid] [-U uid] [-g pgrp] [-j jid] [-s sid]\n"
" [-t tty] [-u euid] pattern ...\n", getprogname(),
ustr);
" [-P ppid] [-U uid] [-c class] [-g pgrp] [-j jid]\n"
" [-s sid] [-t tty] [-u euid] pattern ...\n",
getprogname(), ustr);
exit(STATUS_BADUSAGE);
}
@ -664,8 +685,10 @@ makelist(struct listhead *head, enum listtype type, char *src)
SLIST_INSERT_HEAD(head, li, li_chain);
empty = 0;
li->li_number = (uid_t)strtol(sp, &ep, 0);
if (*ep == '\0') {
if (type != LT_CLASS)
li->li_number = (uid_t)strtol(sp, &ep, 0);
if (type != LT_CLASS && *ep == '\0') {
switch (type) {
case LT_PGRP:
if (li->li_number == 0)
@ -750,6 +773,12 @@ foundtty: if ((st.st_mode & S_IFCHR) == 0)
errx(STATUS_BADUSAGE,
"Invalid jail ID `%s'", sp);
break;
case LT_CLASS:
li->li_number = -1;
li->li_name = strdup(sp);
if (li->li_name == NULL)
err(STATUS_ERROR, "Cannot allocate memory");
break;
default:
usage();
}

1
bin/ps/keyword.c
View File

@ -87,6 +87,7 @@ static VAR var[] = {
{"etimes", "ELAPSED", NULL, USER, elapseds, 0, CHAR, NULL, 0},
{"euid", "", "uid", 0, NULL, 0, CHAR, NULL, 0},
{"f", "F", NULL, 0, kvar, KOFF(ki_flag), INT, "x", 0},
{"fib", "FIB", NULL, 0, kvar, KOFF(ki_fibnum), INT, "d", 0},
{"flags", "", "f", 0, NULL, 0, CHAR, NULL, 0},
{"gid", "GID", NULL, 0, kvar, KOFF(ki_groups), UINT, UIDFMT, 0},
{"group", "GROUP", NULL, LJUST, egroupname, 0, CHAR, NULL, 0},

3
bin/ps/ps.1
View File

@ -512,6 +512,9 @@ elapsed running time, format
minutes:seconds.
.It Cm etimes
elapsed running time, in decimal integer seconds
.It Cm fib
default FIB number, see
.Xr setfib 1
.It Cm flags
the process flags, in hexadecimal (alias
.Cm f )

8
bin/sh/alias.c
View File

@ -237,17 +237,19 @@ printaliases(void)
}
int
aliascmd(int argc, char **argv)
aliascmd(int argc __unused, char **argv __unused)
{
char *n, *v;
int ret = 0;
struct alias *ap;
if (argc == 1) {
nextopt("");
if (*argptr == NULL) {
printaliases();
return (0);
}
while ((n = *++argv) != NULL) {
while ((n = *argptr++) != NULL) {
if ((v = strchr(n+1, '=')) == NULL) /* n+1: funny ksh stuff */
if ((ap = lookupalias(n, 0)) == NULL) {
warning("%s: not found", n);

4
bin/sh/arith_yylex.c
View File

@ -218,9 +218,13 @@ checkeqcur:
value += ARITH_REM - '%';
goto checkeq;
case '+':
if (buf[1] == '+')
return ARITH_BAD;
value += ARITH_ADD - '+';
goto checkeq;
case '-':
if (buf[1] == '-')
return ARITH_BAD;
value += ARITH_SUB - '-';
goto checkeq;
case '~':

1
bin/sh/eval.c
View File

@ -109,7 +109,6 @@ reseteval(void)
{
evalskip = 0;
loopnest = 0;
funcnest = 0;
}

2
bin/sh/exec.c
View File

@ -762,5 +762,7 @@ typecmd_impl(int argc, char **argv, int cmd, const char *path)
int
typecmd(int argc, char **argv)
{
if (argc > 2 && strcmp(argv[1], "--") == 0)
argc--, argv++;
return typecmd_impl(argc, argv, TYPECMD_TYPE, bltinlookup("PATH", 1));
}

53
bin/sh/jobs.c
View File

@ -83,13 +83,12 @@ static struct job *bgjob = NULL; /* last background process */
static struct job *jobmru; /* most recently used job list */
static pid_t initialpgrp; /* pgrp of shell on invocation */
#endif
int in_waitcmd = 0; /* are we in waitcmd()? */
volatile sig_atomic_t breakwaitcmd = 0; /* should wait be terminated? */
static int ttyfd = -1;
/* mode flags for dowait */
#define DOWAIT_BLOCK 0x1 /* wait until a child exits */
#define DOWAIT_SIG 0x2 /* if DOWAIT_BLOCK, abort on signals */
#define DOWAIT_SIG 0x2 /* if DOWAIT_BLOCK, abort on SIGINT/SIGQUIT */
#define DOWAIT_SIG_ANY 0x4 /* if DOWAIT_SIG, abort on any signal */
#if JOBS
static void restartjob(struct job *);
@ -183,13 +182,14 @@ out: out2fmt_flush("sh: can't access tty; job control turned off\n");
#if JOBS
int
fgcmd(int argc __unused, char **argv)
fgcmd(int argc __unused, char **argv __unused)
{
struct job *jp;
pid_t pgrp;
int status;
jp = getjob(argv[1]);
nextopt("");
jp = getjob(*argptr);
if (jp->jobctl == 0)
error("job not created under job control");
printjobcmd(jp);
@ -210,8 +210,9 @@ bgcmd(int argc, char **argv)
{
struct job *jp;
nextopt("");
do {
jp = getjob(*++argv);
jp = getjob(*argptr);
if (jp->jobctl == 0)
error("job not created under job control");
if (jp->state == JOBDONE)
@ -220,7 +221,7 @@ bgcmd(int argc, char **argv)
jp->foreground = 0;
out1fmt("[%td] ", jp - jobtab + 1);
printjobcmd(jp);
} while (--argc > 1);
} while (*argptr != NULL && *++argptr != NULL);
return 0;
}
@ -482,7 +483,7 @@ waitcmd(int argc __unused, char **argv __unused)
static int
waitcmdloop(struct job *job)
{
int status, retval;
int status, retval, sig;
struct job *jp;
/*
@ -490,17 +491,12 @@ waitcmdloop(struct job *job)
* received.
*/
in_waitcmd++;
do {
if (job != NULL) {
if (job->state) {
if (job->state == JOBDONE) {
status = job->ps[job->nprocs - 1].status;
if (WIFEXITED(status))
retval = WEXITSTATUS(status);
#if JOBS
else if (WIFSTOPPED(status))
retval = WSTOPSIG(status) + 128;
#endif
else
retval = WTERMSIG(status) + 128;
if (! iflag || ! job->changed)
@ -510,7 +506,6 @@ waitcmdloop(struct job *job)
if (job == bgjob)
bgjob = NULL;
}
in_waitcmd--;
return retval;
}
} else {
@ -526,7 +521,6 @@ waitcmdloop(struct job *job)
}
for (jp = jobtab ; ; jp++) {
if (jp >= jobtab + njobs) { /* no running procs */
in_waitcmd--;
return 0;
}
if (jp->used && jp->state == 0)
@ -534,20 +528,22 @@ waitcmdloop(struct job *job)
}
}
} while (dowait(DOWAIT_BLOCK | DOWAIT_SIG, (struct job *)NULL) != -1);
in_waitcmd--;
return pendingsig + 128;
sig = pendingsig_waitcmd;
pendingsig_waitcmd = 0;
return sig + 128;
}
int
jobidcmd(int argc __unused, char **argv)
jobidcmd(int argc __unused, char **argv __unused)
{
struct job *jp;
int i;
jp = getjob(argv[1]);
nextopt("");
jp = getjob(*argptr);
for (i = 0 ; i < jp->nprocs ; ) {
out1fmt("%d", (int)jp->ps[i].pid);
out1c(++i < jp->nprocs? ' ' : '\n');
@ -991,7 +987,8 @@ waitforjob(struct job *jp, int *origstatus)
INTOFF;
TRACE(("waitforjob(%%%td) called\n", jp - jobtab + 1));
while (jp->state == 0)
if (dowait(DOWAIT_BLOCK | (Tflag ? DOWAIT_SIG : 0), jp) == -1)
if (dowait(DOWAIT_BLOCK | (Tflag ? DOWAIT_SIG |
DOWAIT_SIG_ANY : 0), jp) == -1)
dotrap();
#if JOBS
if (jp->jobctl) {
@ -1082,12 +1079,17 @@ dowait(int mode, struct job *job)
pid = wait3(&status, wflags, (struct rusage *)NULL);
TRACE(("wait returns %d, status=%d\n", (int)pid, status));
if (pid == 0 && (mode & DOWAIT_SIG) != 0) {
sigsuspend(&omask);
pid = -1;
if (((mode & DOWAIT_SIG_ANY) != 0 ?
pendingsig : pendingsig_waitcmd) != 0) {
errno = EINTR;
break;
}
sigsuspend(&omask);
if (int_pending())
break;
}
} while (pid == -1 && errno == EINTR && breakwaitcmd == 0);
} while (pid == -1 && errno == EINTR);
if (pid == -1 && errno == ECHILD && job != NULL)
job->state = JOBDONE;
if ((mode & DOWAIT_SIG) != 0) {
@ -1096,11 +1098,6 @@ dowait(int mode, struct job *job)
sigprocmask(SIG_SETMASK, &omask, NULL);
INTON;
}
if (breakwaitcmd != 0) {
breakwaitcmd = 0;
if (pid <= 0)
return -1;
}
if (pid <= 0)
return pid;
INTOFF;

2
bin/sh/jobs.h
View File

@ -83,8 +83,6 @@ enum {
};
extern int job_warning; /* user was warned about stopped jobs */
extern int in_waitcmd; /* are we in waitcmd()? */
extern volatile sig_atomic_t breakwaitcmd; /* break wait to process traps? */
void setjobctl(int);
void showjobs(int, int);

2
bin/sh/main.c
View File

@ -185,8 +185,6 @@ reset(void)
{
reseteval();
resetinput();
resetparser();
resetredir();
}
/*

187
bin/sh/parser.c
View File

@ -96,7 +96,7 @@ static struct heredoc *heredoclist; /* list of here documents to read */
static int doprompt; /* if set, prompt the user */
static int needprompt; /* true if interactive and at start of line */
static int lasttoken; /* last token read */
int tokpushback; /* last token pushed back */
static int tokpushback; /* last token pushed back */
static char *wordtext; /* text of last word returned by readtoken */
static int checkkwd;
static struct nodelist *backquotelist;
@ -108,12 +108,13 @@ static int funclinno; /* line # where the current function started */
static struct parser_temp *parser_temp;
static union node *list(int, int);
static union node *list(int);
static union node *andor(void);
static union node *pipeline(void);
static union node *command(void);
static union node *simplecmd(union node **, union node *);
static union node *makename(void);
static union node *makebinary(int type, union node *n1, union node *n2);
static void parsefname(void);
static void parseheredoc(void);
static int peektoken(void);
@ -121,6 +122,7 @@ static int readtoken(void);
static int xxreadtoken(void);
static int readtoken1(int, const char *, const char *, int);
static int noexpand(char *);
static void consumetoken(int);
static void synexpect(int) __dead2;
static void synerror(const char *) __dead2;
static void setprompt(int);
@ -210,6 +212,7 @@ parsecmd(int interact)
heredoclist = NULL;
tokpushback = 0;
checkkwd = 0;
doprompt = interact;
if (doprompt)
setprompt(1);
@ -222,18 +225,18 @@ parsecmd(int interact)
if (t == TNL)
return NULL;
tokpushback++;
return list(1, 1);
return list(1);
}
static union node *
list(int nlflag, int erflag)
list(int nlflag)
{
union node *ntop, *n1, *n2, *n3;
int tok;
checkkwd = CHKNL | CHKKWD | CHKALIAS;
if (!nlflag && !erflag && tokendlist[peektoken()])
if (!nlflag && tokendlist[peektoken()])
return NULL;
ntop = n1 = NULL;
for (;;) {
@ -255,17 +258,11 @@ list(int nlflag, int erflag)
if (ntop == NULL)
ntop = n2;
else if (n1 == NULL) {
n1 = (union node *)stalloc(sizeof (struct nbinary));
n1->type = NSEMI;
n1->nbinary.ch1 = ntop;
n1->nbinary.ch2 = n2;
n1 = makebinary(NSEMI, ntop, n2);
ntop = n1;
}
else {
n3 = (union node *)stalloc(sizeof (struct nbinary));
n3->type = NSEMI;
n3->nbinary.ch1 = n1->nbinary.ch2;
n3->nbinary.ch2 = n2;
n3 = makebinary(NSEMI, n1->nbinary.ch2, n2);
n1->nbinary.ch2 = n3;
n1 = n3;
}
@ -286,8 +283,7 @@ list(int nlflag, int erflag)
tokpushback++;
}
checkkwd = CHKNL | CHKKWD | CHKALIAS;
if (!nlflag && (erflag ? peektoken() == TEOF :
tokendlist[peektoken()]))
if (!nlflag && tokendlist[peektoken()])
return ntop;
break;
case TEOF:
@ -297,7 +293,7 @@ list(int nlflag, int erflag)
pungetc(); /* push back EOF on input */
return ntop;
default:
if (nlflag || erflag)
if (nlflag)
synexpect(-1);
tokpushback++;
return ntop;
@ -310,10 +306,10 @@ list(int nlflag, int erflag)
static union node *
andor(void)
{
union node *n1, *n2, *n3;
union node *n;
int t;
n1 = pipeline();
n = pipeline();
for (;;) {
if ((t = readtoken()) == TAND) {
t = NAND;
@ -321,14 +317,9 @@ andor(void)
t = NOR;
} else {
tokpushback++;
return n1;
return n;
}
n2 = pipeline();
n3 = (union node *)stalloc(sizeof (struct nbinary));
n3->type = t;
n3->nbinary.ch1 = n1;
n3->nbinary.ch2 = n2;
n1 = n3;
n = makebinary(t, n, pipeline());
}
}
@ -410,49 +401,39 @@ command(void)
case TIF:
n1 = (union node *)stalloc(sizeof (struct nif));
n1->type = NIF;
if ((n1->nif.test = list(0, 0)) == NULL)
if ((n1->nif.test = list(0)) == NULL)
synexpect(-1);
if (readtoken() != TTHEN)
synexpect(TTHEN);
n1->nif.ifpart = list(0, 0);
consumetoken(TTHEN);
n1->nif.ifpart = list(0);
n2 = n1;
while (readtoken() == TELIF) {
n2->nif.elsepart = (union node *)stalloc(sizeof (struct nif));
n2 = n2->nif.elsepart;
n2->type = NIF;
if ((n2->nif.test = list(0, 0)) == NULL)
if ((n2->nif.test = list(0)) == NULL)
synexpect(-1);
if (readtoken() != TTHEN)
synexpect(TTHEN);
n2->nif.ifpart = list(0, 0);
consumetoken(TTHEN);
n2->nif.ifpart = list(0);
}
if (lasttoken == TELSE)
n2->nif.elsepart = list(0, 0);
n2->nif.elsepart = list(0);
else {
n2->nif.elsepart = NULL;
tokpushback++;
}
if (readtoken() != TFI)
synexpect(TFI);
consumetoken(TFI);
checkkwd = CHKKWD | CHKALIAS;
break;
case TWHILE:
case TUNTIL: {
int got;
n1 = (union node *)stalloc(sizeof (struct nbinary));
n1->type = (lasttoken == TWHILE)? NWHILE : NUNTIL;
if ((n1->nbinary.ch1 = list(0, 0)) == NULL)
case TUNTIL:
t = lasttoken;
if ((n1 = list(0)) == NULL)
synexpect(-1);
if ((got=readtoken()) != TDO) {
TRACE(("expecting DO got %s %s\n", tokname[got], got == TWORD ? wordtext : ""));
synexpect(TDO);
}
n1->nbinary.ch2 = list(0, 0);
if (readtoken() != TDONE)
synexpect(TDONE);
consumetoken(TDO);
n1 = makebinary((t == TWHILE)? NWHILE : NUNTIL, n1, list(0));
consumetoken(TDONE);
checkkwd = CHKKWD | CHKALIAS;
break;
}
case TFOR:
if (readtoken() != TWORD || quoteflag || ! goodname(wordtext))
synerror("Bad for loop variable");
@ -464,10 +445,7 @@ TRACE(("expecting DO got %s %s\n", tokname[got], got == TWORD ? wordtext : ""));
if (lasttoken == TWORD && ! quoteflag && equal(wordtext, "in")) {
app = &ap;
while (readtoken() == TWORD) {
n2 = (union node *)stalloc(sizeof (struct narg));
n2->type = NARG;
n2->narg.text = wordtext;
n2->narg.backquote = backquotelist;
n2 = makename();
*app = n2;
app = &n2->narg.next;
}
@ -499,21 +477,15 @@ TRACE(("expecting DO got %s %s\n", tokname[got], got == TWORD ? wordtext : ""));
t = TEND;
else
synexpect(-1);
n1->nfor.body = list(0, 0);
if (readtoken() != t)
synexpect(t);
n1->nfor.body = list(0);
consumetoken(t);
checkkwd = CHKKWD | CHKALIAS;
break;
case TCASE:
n1 = (union node *)stalloc(sizeof (struct ncase));
n1->type = NCASE;
if (readtoken() != TWORD)
synexpect(TWORD);
n1->ncase.expr = n2 = (union node *)stalloc(sizeof (struct narg));
n2->type = NARG;
n2->narg.text = wordtext;
n2->narg.backquote = backquotelist;
n2->narg.next = NULL;
consumetoken(TWORD);
n1->ncase.expr = makename();
while (readtoken() == TNL);
if (lasttoken != TWORD || ! equal(wordtext, "in"))
synerror("expecting \"in\"");
@ -526,10 +498,7 @@ TRACE(("expecting DO got %s %s\n", tokname[got], got == TWORD ? wordtext : ""));
if (lasttoken == TLP)
readtoken();
for (;;) {
*app = ap = (union node *)stalloc(sizeof (struct narg));
ap->type = NARG;
ap->narg.text = wordtext;
ap->narg.backquote = backquotelist;
*app = ap = makename();
checkkwd = CHKNL | CHKKWD;
if (readtoken() != TPIPE)
break;
@ -539,7 +508,7 @@ TRACE(("expecting DO got %s %s\n", tokname[got], got == TWORD ? wordtext : ""));
ap->narg.next = NULL;
if (lasttoken != TRP)
synexpect(TRP);
cp->nclist.body = list(0, 0);
cp->nclist.body = list(0);
checkkwd = CHKNL | CHKKWD | CHKALIAS;
if ((t = readtoken()) != TESAC) {
@ -559,34 +528,31 @@ TRACE(("expecting DO got %s %s\n", tokname[got], got == TWORD ? wordtext : ""));
case TLP:
n1 = (union node *)stalloc(sizeof (struct nredir));
n1->type = NSUBSHELL;
n1->nredir.n = list(0, 0);
n1->nredir.n = list(0);
n1->nredir.redirect = NULL;
if (readtoken() != TRP)
synexpect(TRP);
consumetoken(TRP);
checkkwd = CHKKWD | CHKALIAS;
is_subshell = 1;
break;
case TBEGIN:
n1 = list(0, 0);
if (readtoken() != TEND)
synexpect(TEND);
n1 = list(0);
consumetoken(TEND);
checkkwd = CHKKWD | CHKALIAS;
break;
/* Handle an empty command like other simple commands. */
/* A simple command must have at least one redirection or word. */
case TBACKGND:
case TSEMI:
case TAND:
case TOR:
/*
* An empty command before a ; doesn't make much sense, and
* should certainly be disallowed in the case of `if ;'.
*/
case TPIPE:
case TENDCASE:
case TFALLTHRU:
case TEOF:
case TNL:
case TRP:
if (!redir)
synexpect(-1);
case TNL:
case TEOF:
case TWORD:
case TRP:
tokpushback++;
n1 = simplecmd(rpp, redir);
return n1;
@ -644,10 +610,7 @@ simplecmd(union node **rpp, union node *redir)
for (;;) {
checkkwd = savecheckkwd;
if (readtoken() == TWORD) {
n = (union node *)stalloc(sizeof (struct narg));
n->type = NARG;
n->narg.text = wordtext;
n->narg.backquote = backquotelist;
n = makename();
*app = n;
app = &n->narg.next;
if (savecheckkwd != 0 && !isassignment(wordtext))
@ -659,8 +622,7 @@ simplecmd(union node **rpp, union node *redir)
} else if (lasttoken == TLP && app == &args->narg.next
&& rpp == orig_rpp) {
/* We have a function */
if (readtoken() != TRP)
synexpect(TRP);
consumetoken(TRP);
funclinno = plinno;
/*
* - Require plain text.
@ -708,6 +670,18 @@ makename(void)
return n;
}
static union node *
makebinary(int type, union node *n1, union node *n2)
{
union node *n;
n = (union node *)stalloc(sizeof (struct nbinary));
n->type = type;
n->nbinary.ch1 = n1;
n->nbinary.ch2 = n2;
return (n);
}
void
fixredir(union node *n, const char *text, int err)
{
@ -734,8 +708,7 @@ parsefname(void)
{
union node *n = redirnode;
if (readtoken() != TWORD)
synexpect(-1);
consumetoken(TWORD);
if (n->type == NHERE) {
struct heredoc *here = heredoc;
struct heredoc *p;
@ -786,11 +759,7 @@ parseheredoc(void)
}
readtoken1(pgetc(), here->here->type == NHERE? SQSYNTAX : DQSYNTAX,
here->eofmark, here->striptabs);
n = (union node *)stalloc(sizeof (struct narg));
n->narg.type = NARG;
n->narg.next = NULL;
n->narg.text = wordtext;
n->narg.backquote = backquotelist;
n = makename();
here->here->nhere.doc = n;
}
}
@ -1090,14 +1059,14 @@ done:
doprompt = 0;
}
n = list(0, oldstyle);
n = list(0);
if (oldstyle)
if (oldstyle) {
if (peektoken() != TEOF)
synexpect(-1);
doprompt = saveprompt;
else {
if (readtoken() != TRP)
synexpect(TRP);
}
} else
consumetoken(TRP);
(*nlpp)->n = n;
if (oldstyle) {
@ -1819,14 +1788,6 @@ parsearith: {
} /* end of readtoken */
void
resetparser(void)
{
tokpushback = 0;
checkkwd = 0;
}
/*
* Returns true if the text contains nothing to expand (no dollar signs
* or backquotes).
@ -1888,6 +1849,14 @@ isassignment(const char *p)
}
static void
consumetoken(int token)
{
if (readtoken() != token)
synexpect(token);
}
/*
* Called when an unexpected token is read during the parse. The argument
* is the token that is expected, or -1 if more than one type of token can

7
bin/sh/parser.h
View File

@ -68,18 +68,15 @@
/*
* NEOF is returned by parsecmd when it encounters an end of file. It
* must be distinct from NULL, so we use the address of a variable that
* happens to be handy.
* must be distinct from NULL.
*/
extern int tokpushback;
#define NEOF ((union node *)&tokpushback)
#define NEOF ((union node *)-1)
extern int whichprompt; /* 1 == PS1, 2 == PS2 */
extern const char *const parsekwd[];
union node *parsecmd(int);
void fixredir(union node *, const char *, int);
void resetparser(void);
int goodname(const char *);
int isassignment(const char *);
char *getprompt(void *);

12
bin/sh/redir.c
View File

@ -319,18 +319,6 @@ popredir(void)
INTON;
}
/*
* Undo all redirections. Called on error or interrupt.
*/
void
resetredir(void)
{
while (redirlist)
popredir();
}
/* Return true if fd 0 has already been redirected at least once. */
int
fd0_redirected_p(void)

1
bin/sh/redir.h
View File

@ -40,7 +40,6 @@
union node;
void redirect(union node *, int);
void popredir(void);
void resetredir(void);
int fd0_redirected_p(void);
void clearredir(void);

16
bin/sh/trap.c
View File

@ -74,6 +74,7 @@ __FBSDID("$FreeBSD$");
static char sigmode[NSIG]; /* current value of signal */
volatile sig_atomic_t pendingsig; /* indicates some signal received */
volatile sig_atomic_t pendingsig_waitcmd; /* indicates SIGINT/SIGQUIT received */
int in_dotrap; /* do we execute in a trap handler? */
static char *volatile trap[NSIG]; /* trap handler commands */
static volatile sig_atomic_t gotsig[NSIG];
@ -389,23 +390,13 @@ onsig(int signo)
}
/* If we are currently in a wait builtin, prepare to break it */
if ((signo == SIGINT || signo == SIGQUIT) && in_waitcmd != 0) {
breakwaitcmd = 1;
pendingsig = signo;
}
if (signo == SIGINT || signo == SIGQUIT)
pendingsig_waitcmd = signo;
if (trap[signo] != NULL && trap[signo][0] != '\0' &&
(signo != SIGCHLD || !ignore_sigchld)) {
gotsig[signo] = 1;
pendingsig = signo;
/*
* If a trap is set, not ignored and not the null command, we
* need to make sure traps are executed even when a child
* blocks signals.
*/
if (Tflag && !(trap[signo][0] == ':' && trap[signo][1] == '\0'))
breakwaitcmd = 1;
}
#ifndef NO_HISTORY
@ -428,6 +419,7 @@ dotrap(void)
in_dotrap++;
for (;;) {
pendingsig = 0;
pendingsig_waitcmd = 0;
for (i = 1; i < NSIG; i++) {
if (gotsig[i]) {
gotsig[i] = 0;

1
bin/sh/trap.h
View File

@ -34,6 +34,7 @@
*/
extern volatile sig_atomic_t pendingsig;
extern volatile sig_atomic_t pendingsig_waitcmd;
extern int in_dotrap;
extern volatile sig_atomic_t gotwinch;

1
bin/sh/var.c
View File

@ -710,6 +710,7 @@ localcmd(int argc __unused, char **argv __unused)
{
char *name;
nextopt("");
if (! in_function())
error("Not in a function");
while ((name = *argptr++) != NULL) {

1
cddl/contrib/opensolaris/cmd/zfs/zfs_main.c
View File

@ -57,6 +57,7 @@
#include <sys/fs/zfs.h>
#include <sys/types.h>
#include <time.h>
#include <err.h>
#include <libzfs.h>
#include <libzfs_core.h>

29
cddl/contrib/opensolaris/cmd/zpool/zpool_main.c
View File

@ -25,6 +25,7 @@
* Copyright (c) 2012 by Delphix. All rights reserved.
* Copyright (c) 2012 by Frederik Wessels. All rights reserved.
* Copyright (c) 2012 Martin Matuska <mm@FreeBSD.org>. All rights reserved.
* Copyright (c) 2013 by Prasad Joshi (sTec). All rights reserved.
*/
#include <solaris.h>
@ -1295,12 +1296,13 @@ print_status_config(zpool_handle_t *zhp, const char *name, nvlist_t *nv,
int namewidth, int depth, boolean_t isspare)
{
nvlist_t **child;
uint_t c, children;
uint_t c, vsc, children;
pool_scan_stat_t *ps = NULL;
vdev_stat_t *vs;
char rbuf[6], wbuf[6], cbuf[6];
char *vname;
uint64_t notpresent;
uint64_t ashift;
spare_cbdata_t cb;
const char *state;
@ -1309,7 +1311,7 @@ print_status_config(zpool_handle_t *zhp, const char *name, nvlist_t *nv,
children = 0;
verify(nvlist_lookup_uint64_array(nv, ZPOOL_CONFIG_VDEV_STATS,
(uint64_t **)&vs, &c) == 0);
(uint64_t **)&vs, &vsc) == 0);
state = zpool_state_to_name(vs->vs_state, vs->vs_aux);
if (isspare) {
@ -1363,6 +1365,10 @@ print_status_config(zpool_handle_t *zhp, const char *name, nvlist_t *nv,
(void) printf(gettext("unsupported feature(s)"));
break;
case VDEV_AUX_ASHIFT_TOO_BIG:
(void) printf(gettext("unsupported minimum blocksize"));
break;
case VDEV_AUX_SPARED:
verify(nvlist_lookup_uint64(nv, ZPOOL_CONFIG_GUID,
&cb.cb_guid) == 0);
@ -1405,6 +1411,12 @@ print_status_config(zpool_handle_t *zhp, const char *name, nvlist_t *nv,
(void) printf(gettext("corrupted data"));
break;
}
} else if (children == 0 && !isspare &&
VDEV_STAT_VALID(vs_physical_ashift, vsc) &&
vs->vs_configured_ashift < vs->vs_physical_ashift) {
(void) printf(
gettext(" block size: %dB configured, %dB native"),
1 << vs->vs_configured_ashift, 1 << vs->vs_physical_ashift);
}
(void) nvlist_lookup_uint64_array(nv, ZPOOL_CONFIG_SCAN_STATS,
@ -2117,8 +2129,10 @@ zpool_do_import(int argc, char **argv)
errno = 0;
searchguid = strtoull(argv[0], &endptr, 10);
if (errno != 0 || *endptr != '\0')
if (errno != 0 || *endptr != '\0') {
searchname = argv[0];
searchguid = 0;
}
found_config = NULL;
/*
@ -4268,6 +4282,15 @@ status_callback(zpool_handle_t *zhp, void *data)
"'zpool clear'.\n"));
break;
case ZPOOL_STATUS_NON_NATIVE_ASHIFT:
(void) printf(gettext("status: One or more devices are "
"configured to use a non-native block size.\n"
"\tExpect reduced performance.\n"));
(void) printf(gettext("action: Replace affected devices with "
"devices that support the\n\tconfigured block size, or "
"migrate data to a properly configured\n\tpool.\n"));
break;
default:
/*
* The remaining errors can't actually be generated, yet.

74
cddl/contrib/opensolaris/cmd/ztest/ztest.c
View File

@ -20,7 +20,7 @@
*/
/*
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012 by Delphix. All rights reserved.
* Copyright (c) 2013 by Delphix. All rights reserved.
* Copyright 2011 Nexenta Systems, Inc. All rights reserved.
* Copyright (c) 2012 Martin Matuska <mm@FreeBSD.org>. All rights reserved.
* Copyright (c) 2013 Steven Hartland. All rights reserved.
@ -186,6 +186,7 @@ static const ztest_shared_opts_t ztest_opts_defaults = {
extern uint64_t metaslab_gang_bang;
extern uint64_t metaslab_df_alloc_threshold;
extern uint64_t zfs_deadman_synctime;
static ztest_shared_opts_t *ztest_shared_opts;
static ztest_shared_opts_t ztest_opts;
@ -365,7 +366,7 @@ ztest_info_t ztest_info[] = {
{ ztest_fault_inject, 1, &zopt_sometimes },
{ ztest_ddt_repair, 1, &zopt_sometimes },
{ ztest_dmu_snapshot_hold, 1, &zopt_sometimes },
{ ztest_reguid, 1, &zopt_sometimes },
{ ztest_reguid, 1, &zopt_rarely },
{ ztest_spa_rename, 1, &zopt_rarely },
{ ztest_scrub, 1, &zopt_rarely },
{ ztest_spa_upgrade, 1, &zopt_rarely },
@ -768,6 +769,16 @@ ztest_kill(ztest_shared_t *zs)
{
zs->zs_alloc = metaslab_class_get_alloc(spa_normal_class(ztest_spa));
zs->zs_space = metaslab_class_get_space(spa_normal_class(ztest_spa));
/*
* Before we kill off ztest, make sure that the config is updated.
* See comment above spa_config_sync().
*/
mutex_enter(&spa_namespace_lock);
spa_config_sync(ztest_spa, B_FALSE, B_FALSE);
mutex_exit(&spa_namespace_lock);
zfs_dbgmsg_print(FTAG);
(void) kill(getpid(), SIGKILL);
}
@ -2732,7 +2743,7 @@ ztest_vdev_attach_detach(ztest_ds_t *zd, uint64_t id)
uint64_t leaf, top;
uint64_t ashift = ztest_get_ashift();
uint64_t oldguid, pguid;
size_t oldsize, newsize;
uint64_t oldsize, newsize;
char oldpath[MAXPATHLEN], newpath[MAXPATHLEN];
int replacing;
int oldvd_has_siblings = B_FALSE;
@ -2891,8 +2902,8 @@ ztest_vdev_attach_detach(ztest_ds_t *zd, uint64_t id)
if (error != expected_error && expected_error != EBUSY) {
fatal(0, "attach (%s %llu, %s %llu, %d) "
"returned %d, expected %d",
oldpath, (longlong_t)oldsize, newpath,
(longlong_t)newsize, replacing, error, expected_error);
oldpath, oldsize, newpath,
newsize, replacing, error, expected_error);
}
VERIFY(mutex_unlock(&ztest_vdev_lock) == 0);
@ -3606,6 +3617,9 @@ ztest_dmu_read_write(ztest_ds_t *zd, uint64_t id)
else
dmu_tx_hold_write(tx, bigobj, bigoff, bigsize);
/* This accounts for setting the checksum/compression. */
dmu_tx_hold_bonus(tx, bigobj);
txg = ztest_tx_assign(tx, TXG_MIGHTWAIT, FTAG);
if (txg == 0) {
umem_free(packbuf, packsize);
@ -4755,6 +4769,14 @@ ztest_fault_inject(ztest_ds_t *zd, uint64_t id)
ASSERT(leaves >= 1);
/*
* Grab the name lock as reader. There are some operations
* which don't like to have their vdevs changed while
* they are in progress (i.e. spa_change_guid). Those
* operations will have grabbed the name lock as writer.
*/
(void) rw_rdlock(&ztest_name_lock);
/*
* We need SCL_STATE here because we're going to look at vd0->vdev_tsd.
*/
@ -4784,7 +4806,14 @@ ztest_fault_inject(ztest_ds_t *zd, uint64_t id)
if (vd0 != NULL && vd0->vdev_top->vdev_islog)
islog = B_TRUE;
if (vd0 != NULL && maxfaults != 1) {
/*
* If the top-level vdev needs to be resilvered
* then we only allow faults on the device that is
* resilvering.
*/
if (vd0 != NULL && maxfaults != 1 &&
(!vdev_resilver_needed(vd0->vdev_top, NULL, NULL) ||
vd0->vdev_resilver_txg != 0)) {
/*
* Make vd0 explicitly claim to be unreadable,
* or unwriteable, or reach behind its back
@ -4815,6 +4844,7 @@ ztest_fault_inject(ztest_ds_t *zd, uint64_t id)
if (sav->sav_count == 0) {
spa_config_exit(spa, SCL_STATE, FTAG);
(void) rw_unlock(&ztest_name_lock);
return;
}
vd0 = sav->sav_vdevs[ztest_random(sav->sav_count)];
@ -4828,6 +4858,7 @@ ztest_fault_inject(ztest_ds_t *zd, uint64_t id)
}
spa_config_exit(spa, SCL_STATE, FTAG);
(void) rw_unlock(&ztest_name_lock);
/*
* If we can tolerate two or more faults, or we're dealing
@ -5293,16 +5324,33 @@ static void *
ztest_deadman_thread(void *arg)
{
ztest_shared_t *zs = arg;
int grace = 300;
hrtime_t delta;
spa_t *spa = ztest_spa;
hrtime_t delta, total = 0;
delta = (zs->zs_thread_stop - zs->zs_thread_start) / NANOSEC + grace;
for (;;) {
delta = (zs->zs_thread_stop - zs->zs_thread_start) /
NANOSEC + zfs_deadman_synctime;
(void) poll(NULL, 0, (int)(1000 * delta));
(void) poll(NULL, 0, (int)(1000 * delta));
fatal(0, "failed to complete within %d seconds of deadline", grace);
/*
* If the pool is suspended then fail immediately. Otherwise,
* check to see if the pool is making any progress. If
* vdev_deadman() discovers that there hasn't been any recent
* I/Os then it will end up aborting the tests.
*/
if (spa_suspended(spa)) {
fatal(0, "aborting test after %llu seconds because "
"pool has transitioned to a suspended state.",
zfs_deadman_synctime);
return (NULL);
}
vdev_deadman(spa->spa_root_vdev);
return (NULL);
total += zfs_deadman_synctime;
(void) printf("ztest has been running for %lld seconds\n",
total);
}
}
static void
@ -5616,6 +5664,7 @@ ztest_run(ztest_shared_t *zs)
zs->zs_alloc = metaslab_class_get_alloc(spa_normal_class(spa));
zs->zs_space = metaslab_class_get_space(spa_normal_class(spa));
zfs_dbgmsg_print(FTAG);
umem_free(tid, ztest_opts.zo_threads * sizeof (thread_t));
@ -6031,6 +6080,7 @@ main(int argc, char **argv)
(void) setvbuf(stdout, NULL, _IOLBF, 0);
dprintf_setup(&argc, argv);
zfs_deadman_synctime = 300;
ztest_fd_rand = open("/dev/urandom", O_RDONLY);
ASSERT3S(ztest_fd_rand, >=, 0);

190
cddl/contrib/opensolaris/common/ctf/ctf_create.c
View File

@ -24,13 +24,15 @@
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Copyright (c) 2013, Joyent, Inc. All rights reserved.
*/
#include <sys/sysmacros.h>
#include <sys/param.h>
#include <sys/mman.h>
#include <ctf_impl.h>
#include <sys/debug.h>
/*
* This static string is used as the template for initially populating a
@ -166,6 +168,51 @@ ctf_copy_membnames(ctf_dtdef_t *dtd, uchar_t *s)
return (s);
}
/*
* Only types of dyanmic CTF containers contain reference counts. These
* containers are marked RD/WR. Because of that we basically make this a no-op
* for compatability with non-dynamic CTF sections. This is also a no-op for
* types which are not dynamic types. It is the responsibility of the caller to
* make sure it is a valid type. We help that caller out on debug builds.
*
* Note that the reference counts are not maintained for types that are not
* within this container. In other words if we have a type in a parent, that
* will not have its reference count increased. On the flip side, the parent
* will not be allowed to remove dynamic types if it has children.
*/
static void
ctf_ref_inc(ctf_file_t *fp, ctf_id_t tid)
{
ctf_dtdef_t *dtd = ctf_dtd_lookup(fp, tid);
if (dtd == NULL)
return;
if (!(fp->ctf_flags & LCTF_RDWR))
return;
dtd->dtd_ref++;
}
/*
* Just as with ctf_ref_inc, this is a no-op on non-writeable containers and the
* caller should ensure that this is already a valid type.
*/
static void
ctf_ref_dec(ctf_file_t *fp, ctf_id_t tid)
{
ctf_dtdef_t *dtd = ctf_dtd_lookup(fp, tid);
if (dtd == NULL)
return;
if (!(fp->ctf_flags & LCTF_RDWR))
return;
ASSERT(dtd->dtd_ref >= 1);
dtd->dtd_ref--;
}
/*
* If the specified CTF container is writable and has been modified, reload
* this container with the updated type definitions. In order to make this
@ -180,6 +227,10 @@ ctf_copy_membnames(ctf_dtdef_t *dtd, uchar_t *s)
* ctf_bufopen() will return a new ctf_file_t, but we want to keep the fp
* constant for the caller, so after ctf_bufopen() returns, we use bcopy to
* swap the interior of the old and new ctf_file_t's, and then free the old.
*
* Note that the lists of dynamic types stays around and the resulting container
* is still writeable. Furthermore, the reference counts that are on the dtd's
* are still valid.
*/
int
ctf_update(ctf_file_t *fp)
@ -432,6 +483,7 @@ ctf_dtd_delete(ctf_file_t *fp, ctf_dtdef_t *dtd)
ctf_dtdef_t *p, **q = &fp->ctf_dthash[h];
ctf_dmdef_t *dmd, *nmd;
size_t len;
int kind, i;
for (p = *q; p != NULL; p = p->dtd_hash) {
if (p != dtd)
@ -443,7 +495,8 @@ ctf_dtd_delete(ctf_file_t *fp, ctf_dtdef_t *dtd)
if (p != NULL)
*q = p->dtd_hash;
switch (CTF_INFO_KIND(dtd->dtd_data.ctt_info)) {
kind = CTF_INFO_KIND(dtd->dtd_data.ctt_info);
switch (kind) {
case CTF_K_STRUCT:
case CTF_K_UNION:
case CTF_K_ENUM:
@ -454,14 +507,33 @@ ctf_dtd_delete(ctf_file_t *fp, ctf_dtdef_t *dtd)
ctf_free(dmd->dmd_name, len);
fp->ctf_dtstrlen -= len;
}
if (kind != CTF_K_ENUM)
ctf_ref_dec(fp, dmd->dmd_type);
nmd = ctf_list_next(dmd);
ctf_free(dmd, sizeof (ctf_dmdef_t));
}
break;
case CTF_K_FUNCTION:
ctf_ref_dec(fp, dtd->dtd_data.ctt_type);
for (i = 0; i < CTF_INFO_VLEN(dtd->dtd_data.ctt_info); i++)
if (dtd->dtd_u.dtu_argv[i] != 0)
ctf_ref_dec(fp, dtd->dtd_u.dtu_argv[i]);
ctf_free(dtd->dtd_u.dtu_argv, sizeof (ctf_id_t) *
CTF_INFO_VLEN(dtd->dtd_data.ctt_info));
break;
case CTF_K_ARRAY:
ctf_ref_dec(fp, dtd->dtd_u.dtu_arr.ctr_contents);
ctf_ref_dec(fp, dtd->dtd_u.dtu_arr.ctr_index);
break;
case CTF_K_TYPEDEF:
ctf_ref_dec(fp, dtd->dtd_data.ctt_type);
break;
case CTF_K_POINTER:
case CTF_K_VOLATILE:
case CTF_K_CONST:
case CTF_K_RESTRICT:
ctf_ref_dec(fp, dtd->dtd_data.ctt_type);
break;
}
if (dtd->dtd_name) {
@ -495,7 +567,9 @@ ctf_dtd_lookup(ctf_file_t *fp, ctf_id_t type)
* Discard all of the dynamic type definitions that have been added to the
* container since the last call to ctf_update(). We locate such types by
* scanning the list and deleting elements that have type IDs greater than
* ctf_dtoldid, which is set by ctf_update(), above.
* ctf_dtoldid, which is set by ctf_update(), above. Note that to work properly
* with our reference counting schemes, we must delete the dynamic list in
* reverse.
*/
int
ctf_discard(ctf_file_t *fp)
@ -508,11 +582,11 @@ ctf_discard(ctf_file_t *fp)
if (!(fp->ctf_flags & LCTF_DIRTY))
return (0); /* no update required */
for (dtd = ctf_list_next(&fp->ctf_dtdefs); dtd != NULL; dtd = ntd) {
for (dtd = ctf_list_prev(&fp->ctf_dtdefs); dtd != NULL; dtd = ntd) {
if (dtd->dtd_type <= fp->ctf_dtoldid)
continue; /* skip types that have been committed */
ntd = ctf_list_next(dtd);
ntd = ctf_list_prev(dtd);
ctf_dtd_delete(fp, dtd);
}
@ -614,6 +688,8 @@ ctf_add_reftype(ctf_file_t *fp, uint_t flag, ctf_id_t ref, uint_t kind)
if ((type = ctf_add_generic(fp, flag, NULL, &dtd)) == CTF_ERR)
return (CTF_ERR); /* errno is set for us */
ctf_ref_inc(fp, ref);
dtd->dtd_data.ctt_info = CTF_TYPE_INFO(kind, flag, 0);
dtd->dtd_data.ctt_type = (ushort_t)ref;
@ -645,16 +721,29 @@ ctf_add_array(ctf_file_t *fp, uint_t flag, const ctf_arinfo_t *arp)
{
ctf_dtdef_t *dtd;
ctf_id_t type;
ctf_file_t *fpd;
if (arp == NULL)
return (ctf_set_errno(fp, EINVAL));
fpd = fp;
if (ctf_lookup_by_id(&fpd, arp->ctr_contents) == NULL &&
ctf_dtd_lookup(fp, arp->ctr_contents) == NULL)
return (ctf_set_errno(fp, ECTF_BADID));
fpd = fp;
if (ctf_lookup_by_id(&fpd, arp->ctr_index) == NULL &&
ctf_dtd_lookup(fp, arp->ctr_index) == NULL)
return (ctf_set_errno(fp, ECTF_BADID));
if ((type = ctf_add_generic(fp, flag, NULL, &dtd)) == CTF_ERR)
return (CTF_ERR); /* errno is set for us */
dtd->dtd_data.ctt_info = CTF_TYPE_INFO(CTF_K_ARRAY, flag, 0);
dtd->dtd_data.ctt_size = 0;
dtd->dtd_u.dtu_arr = *arp;
ctf_ref_inc(fp, arp->ctr_contents);
ctf_ref_inc(fp, arp->ctr_index);
return (type);
}
@ -662,6 +751,7 @@ ctf_add_array(ctf_file_t *fp, uint_t flag, const ctf_arinfo_t *arp)
int
ctf_set_array(ctf_file_t *fp, ctf_id_t type, const ctf_arinfo_t *arp)
{
ctf_file_t *fpd;
ctf_dtdef_t *dtd = ctf_dtd_lookup(fp, type);
if (!(fp->ctf_flags & LCTF_RDWR))
@ -670,8 +760,22 @@ ctf_set_array(ctf_file_t *fp, ctf_id_t type, const ctf_arinfo_t *arp)
if (dtd == NULL || CTF_INFO_KIND(dtd->dtd_data.ctt_info) != CTF_K_ARRAY)
return (ctf_set_errno(fp, ECTF_BADID));
fpd = fp;
if (ctf_lookup_by_id(&fpd, arp->ctr_contents) == NULL &&
ctf_dtd_lookup(fp, arp->ctr_contents) == NULL)
return (ctf_set_errno(fp, ECTF_BADID));
fpd = fp;
if (ctf_lookup_by_id(&fpd, arp->ctr_index) == NULL &&
ctf_dtd_lookup(fp, arp->ctr_index) == NULL)
return (ctf_set_errno(fp, ECTF_BADID));
ctf_ref_dec(fp, dtd->dtd_u.dtu_arr.ctr_contents);
ctf_ref_dec(fp, dtd->dtd_u.dtu_arr.ctr_index);
fp->ctf_flags |= LCTF_DIRTY;
dtd->dtd_u.dtu_arr = *arp;
ctf_ref_inc(fp, arp->ctr_contents);
ctf_ref_inc(fp, arp->ctr_index);
return (0);
}
@ -683,7 +787,9 @@ ctf_add_function(ctf_file_t *fp, uint_t flag,
ctf_dtdef_t *dtd;
ctf_id_t type;
uint_t vlen;
int i;
ctf_id_t *vdat = NULL;
ctf_file_t *fpd;
if (ctc == NULL || (ctc->ctc_flags & ~CTF_FUNC_VARARG) != 0 ||
(ctc->ctc_argc != 0 && argv == NULL))
@ -696,6 +802,18 @@ ctf_add_function(ctf_file_t *fp, uint_t flag,
if (vlen > CTF_MAX_VLEN)
return (ctf_set_errno(fp, EOVERFLOW));
fpd = fp;
if (ctf_lookup_by_id(&fpd, ctc->ctc_return) == NULL &&
ctf_dtd_lookup(fp, ctc->ctc_return) == NULL)
return (ctf_set_errno(fp, ECTF_BADID));
for (i = 0; i < ctc->ctc_argc; i++) {
fpd = fp;
if (ctf_lookup_by_id(&fpd, argv[i]) == NULL &&
ctf_dtd_lookup(fp, argv[i]) == NULL)
return (ctf_set_errno(fp, ECTF_BADID));
}
if (vlen != 0 && (vdat = ctf_alloc(sizeof (ctf_id_t) * vlen)) == NULL)
return (ctf_set_errno(fp, EAGAIN));
@ -707,6 +825,10 @@ ctf_add_function(ctf_file_t *fp, uint_t flag,
dtd->dtd_data.ctt_info = CTF_TYPE_INFO(CTF_K_FUNCTION, flag, vlen);
dtd->dtd_data.ctt_type = (ushort_t)ctc->ctc_return;
ctf_ref_inc(fp, ctc->ctc_return);
for (i = 0; i < ctc->ctc_argc; i++)
ctf_ref_inc(fp, argv[i]);
bcopy(argv, vdat, sizeof (ctf_id_t) * ctc->ctc_argc);
if (ctc->ctc_flags & CTF_FUNC_VARARG)
vdat[vlen - 1] = 0; /* add trailing zero to indicate varargs */
@ -825,8 +947,11 @@ ctf_add_typedef(ctf_file_t *fp, uint_t flag, const char *name, ctf_id_t ref)
{
ctf_dtdef_t *dtd;
ctf_id_t type;
ctf_file_t *fpd;
if (ref == CTF_ERR || ref < 0 || ref > CTF_MAX_TYPE)
fpd = fp;
if (ref == CTF_ERR || (ctf_lookup_by_id(&fpd, ref) == NULL &&
ctf_dtd_lookup(fp, ref) == NULL))
return (ctf_set_errno(fp, EINVAL));
if ((type = ctf_add_generic(fp, flag, name, &dtd)) == CTF_ERR)
@ -834,6 +959,7 @@ ctf_add_typedef(ctf_file_t *fp, uint_t flag, const char *name, ctf_id_t ref)
dtd->dtd_data.ctt_info = CTF_TYPE_INFO(CTF_K_TYPEDEF, flag, 0);
dtd->dtd_data.ctt_type = (ushort_t)ref;
ctf_ref_inc(fp, ref);
return (type);
}
@ -1008,6 +1134,45 @@ ctf_add_member(ctf_file_t *fp, ctf_id_t souid, const char *name, ctf_id_t type)
if (s != NULL)
fp->ctf_dtstrlen += strlen(s) + 1;
ctf_ref_inc(fp, type);
fp->ctf_flags |= LCTF_DIRTY;
return (0);
}
/*
* This removes a type from the dynamic section. This will fail if the type is
* referenced by another type. Note that the CTF ID is never reused currently by
* CTF. Note that if this container is a parent container then we just outright
* refuse to remove the type. There currently is no notion of searching for the
* ctf_dtdef_t in parent containers. If there is, then this constraint could
* become finer grained.
*/
int
ctf_delete_type(ctf_file_t *fp, ctf_id_t type)
{
ctf_file_t *fpd;
ctf_dtdef_t *dtd = ctf_dtd_lookup(fp, type);
if (!(fp->ctf_flags & LCTF_RDWR))
return (ctf_set_errno(fp, ECTF_RDONLY));
/*
* We want to give as useful an errno as possible. That means that we
* want to distinguish between a type which does not exist and one for
* which the type is not dynamic.
*/
fpd = fp;
if (ctf_lookup_by_id(&fpd, type) == NULL &&
ctf_dtd_lookup(fp, type) == NULL)
return (CTF_ERR); /* errno is set for us */
if (dtd == NULL)
return (ctf_set_errno(fp, ECTF_NOTDYN));
if (dtd->dtd_ref != 0 || fp->ctf_refcnt > 1)
return (ctf_set_errno(fp, ECTF_REFERENCED));
ctf_dtd_delete(fp, dtd);
fp->ctf_flags |= LCTF_DIRTY;
return (0);
}
@ -1103,6 +1268,9 @@ ctf_add_type(ctf_file_t *dst_fp, ctf_file_t *src_fp, ctf_id_t src_type)
ctf_hash_t *hp;
ctf_helem_t *hep;
if (dst_fp == src_fp)
return (src_type);
if (!(dst_fp->ctf_flags & LCTF_RDWR))
return (ctf_set_errno(dst_fp, ECTF_RDONLY));
@ -1313,6 +1481,14 @@ ctf_add_type(ctf_file_t *dst_fp, ctf_file_t *src_fp, ctf_id_t src_type)
if (errs)
return (CTF_ERR); /* errno is set for us */
/*
* Now that we know that we can't fail, we go through and bump
* all the reference counts on the member types.
*/
for (dmd = ctf_list_next(&dtd->dtd_u.dtu_members);
dmd != NULL; dmd = ctf_list_next(dmd))
ctf_ref_inc(dst_fp, dmd->dmd_type);
break;
}

7
cddl/contrib/opensolaris/common/ctf/ctf_error.c
View File

@ -23,8 +23,9 @@
* Copyright 2003 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Copyright (c) 2012, Joyent, Inc.
*/
#include <ctf_impl.h>
@ -73,6 +74,8 @@ static const char *const _ctf_errlist[] = {
"Limit on number of dynamic types reached", /* ECTF_FULL */
"Duplicate member name definition", /* ECTF_DUPMEMBER */
"Conflicting type is already defined", /* ECTF_CONFLICT */
"Type has outstanding references", /* ECTF_REFERENCED */
"Type is not a dynamic type" /* ECTF_NOTDYN */
};
static const int _ctf_nerr = sizeof (_ctf_errlist) / sizeof (_ctf_errlist[0]);

10
cddl/contrib/opensolaris/common/ctf/ctf_impl.h
View File

@ -24,12 +24,13 @@
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* Copyright (c) 2012, Joyent, Inc. All rights reserved.
*/
#ifndef _CTF_IMPL_H
#define _CTF_IMPL_H
#pragma ident "%Z%%M% %I% %E% SMI"
#include <sys/types.h>
#include <sys/errno.h>
#include <sys/sysmacros.h>
@ -149,6 +150,7 @@ typedef struct ctf_dtdef {
char *dtd_name; /* name associated with definition (if any) */
ctf_id_t dtd_type; /* type identifier for this definition */
ctf_type_t dtd_data; /* type node (see <sys/ctf.h>) */
int dtd_ref; /* recfount for dyanmic types */
union {
ctf_list_t dtu_members; /* struct, union, or enum */
ctf_arinfo_t dtu_arr; /* array */
@ -269,7 +271,9 @@ enum {
ECTF_DTFULL, /* CTF type is full (no more members allowed) */
ECTF_FULL, /* CTF container is full */
ECTF_DUPMEMBER, /* duplicate member name definition */
ECTF_CONFLICT /* conflicting type definition present */
ECTF_CONFLICT, /* conflicting type definition present */
ECTF_REFERENCED, /* type has outstanding references */
ECTF_NOTDYN /* type is not a dynamic type */
};
extern ssize_t ctf_get_ctt_size(const ctf_file_t *, const ctf_type_t *,

13
cddl/contrib/opensolaris/common/ctf/ctf_open.c
View File

@ -24,8 +24,9 @@
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Copyright (c) 2012, Joyent, Inc. All rights reserved.
*/
#include <ctf_impl.h>
#include <sys/mman.h>
@ -810,8 +811,12 @@ ctf_close(ctf_file_t *fp)
if (fp->ctf_parent != NULL)
ctf_close(fp->ctf_parent);
for (dtd = ctf_list_next(&fp->ctf_dtdefs); dtd != NULL; dtd = ntd) {
ntd = ctf_list_next(dtd);
/*
* Note, to work properly with reference counting on the dynamic
* section, we must delete the list in reverse.
*/
for (dtd = ctf_list_prev(&fp->ctf_dtdefs); dtd != NULL; dtd = ntd) {
ntd = ctf_list_prev(dtd);
ctf_dtd_delete(fp, dtd);
}

57
cddl/contrib/opensolaris/lib/libctf/common/ctf_lib.c
View File

@ -216,6 +216,7 @@ ctf_fdopen(int fd, int *errp)
{
ctf_sect_t ctfsect, symsect, strsect;
ctf_file_t *fp = NULL;
size_t shstrndx, shnum;
struct stat64 st;
ssize_t nbytes;
@ -278,11 +279,10 @@ ctf_fdopen(int fd, int *errp)
#else
uchar_t order = ELFDATA2LSB;
#endif
GElf_Half i, n;
GElf_Shdr *sp;
void *strs_map;
size_t strs_mapsz;
size_t strs_mapsz, i;
char *strs;
if (hdr.e32.e_ident[EI_DATA] != order)
@ -298,11 +298,38 @@ ctf_fdopen(int fd, int *errp)
ehdr_to_gelf(&e32, &hdr.e64);
}
if (hdr.e64.e_shstrndx >= hdr.e64.e_shnum)
shnum = hdr.e64.e_shnum;
shstrndx = hdr.e64.e_shstrndx;
/* Extended ELF sections */
if ((shstrndx == SHN_XINDEX) || (shnum == 0)) {
if (hdr.e32.e_ident[EI_CLASS] == ELFCLASS32) {
Elf32_Shdr x32;
if (pread64(fd, &x32, sizeof (x32),
hdr.e64.e_shoff) != sizeof (x32))
return (ctf_set_open_errno(errp,
errno));
shnum = x32.sh_size;
shstrndx = x32.sh_link;
} else {
Elf64_Shdr x64;
if (pread64(fd, &x64, sizeof (x64),
hdr.e64.e_shoff) != sizeof (x64))
return (ctf_set_open_errno(errp,
errno));
shnum = x64.sh_size;
shstrndx = x64.sh_link;
}
}
if (shstrndx >= shnum)
return (ctf_set_open_errno(errp, ECTF_CORRUPT));
n = hdr.e64.e_shnum;
nbytes = sizeof (GElf_Shdr) * n;
nbytes = sizeof (GElf_Shdr) * shnum;
if ((sp = malloc(nbytes)) == NULL)
return (ctf_set_open_errno(errp, errno));
@ -314,7 +341,7 @@ ctf_fdopen(int fd, int *errp)
if (hdr.e32.e_ident[EI_CLASS] == ELFCLASS32) {
Elf32_Shdr *sp32;
nbytes = sizeof (Elf32_Shdr) * n;
nbytes = sizeof (Elf32_Shdr) * shnum;
if ((sp32 = malloc(nbytes)) == NULL || pread64(fd,
sp32, nbytes, hdr.e64.e_shoff) != nbytes) {
@ -322,7 +349,7 @@ ctf_fdopen(int fd, int *errp)
return (ctf_set_open_errno(errp, errno));
}
for (i = 0; i < n; i++)
for (i = 0; i < shnum; i++)
shdr_to_gelf(&sp32[i], &sp[i]);
free(sp32);
@ -336,14 +363,14 @@ ctf_fdopen(int fd, int *errp)
* Now mmap the section header strings section so that we can
* perform string comparison on the section names.
*/
strs_mapsz = sp[hdr.e64.e_shstrndx].sh_size +
(sp[hdr.e64.e_shstrndx].sh_offset & ~_PAGEMASK);
strs_mapsz = sp[shstrndx].sh_size +
(sp[shstrndx].sh_offset & ~_PAGEMASK);
strs_map = mmap64(NULL, strs_mapsz, PROT_READ, MAP_PRIVATE,
fd, sp[hdr.e64.e_shstrndx].sh_offset & _PAGEMASK);
fd, sp[shstrndx].sh_offset & _PAGEMASK);
strs = (char *)strs_map +
(sp[hdr.e64.e_shstrndx].sh_offset & ~_PAGEMASK);
(sp[shstrndx].sh_offset & ~_PAGEMASK);
if (strs_map == MAP_FAILED) {
free(sp);
@ -354,15 +381,15 @@ ctf_fdopen(int fd, int *errp)
* Iterate over the section header array looking for the CTF
* section and symbol table. The strtab is linked to symtab.
*/
for (i = 0; i < n; i++) {
for (i = 0; i < shnum; i++) {
const GElf_Shdr *shp = &sp[i];
const GElf_Shdr *lhp = &sp[shp->sh_link];
if (shp->sh_link >= hdr.e64.e_shnum)
if (shp->sh_link >= shnum)
continue; /* corrupt sh_link field */
if (shp->sh_name >= sp[hdr.e64.e_shstrndx].sh_size ||
lhp->sh_name >= sp[hdr.e64.e_shstrndx].sh_size)
if (shp->sh_name >= sp[shstrndx].sh_size ||
lhp->sh_name >= sp[shstrndx].sh_size)
continue; /* corrupt sh_name field */
if (shp->sh_type == SHT_PROGBITS &&

12
cddl/contrib/opensolaris/lib/libdtrace/common/dt_open.c
View File

@ -1086,7 +1086,17 @@ dt_vopen(int version, int flags, int *errp,
dtfd = open("/dev/dtrace/dtrace", O_RDWR);
err = errno; /* save errno from opening dtfd */
#if defined(__FreeBSD__)
/*
* Automatically load the 'dtraceall' module if we couldn't open the
* char device.
*/
if (err == ENOENT && modfind("dtraceall") < 0) {
kldload("dtraceall"); /* ignore the error */
dtfd = open("/dev/dtrace/dtrace", O_RDWR);
err = errno;
}
#endif
#if defined(sun)
ftfd = open("/dev/dtrace/provider/fasttrap", O_RDWR);
#else

1
cddl/contrib/opensolaris/lib/libzfs/common/libzfs.h
View File

@ -326,6 +326,7 @@ typedef enum {
ZPOOL_STATUS_RESILVERING, /* device being resilvered */
ZPOOL_STATUS_OFFLINE_DEV, /* device online */
ZPOOL_STATUS_REMOVED_DEV, /* removed device */
ZPOOL_STATUS_NON_NATIVE_ASHIFT, /* (e.g. 512e dev with ashift of 9) */
/*
* Finally, the following indicates a healthy pool.

12
cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c
View File

@ -3572,7 +3572,6 @@ zfs_rollback(zfs_handle_t *zhp, zfs_handle_t *snap, boolean_t force)
{
rollback_data_t cb = { 0 };
int err;
zfs_cmd_t zc = { 0 };
boolean_t restore_resv = 0;
uint64_t old_volsize, new_volsize;
zfs_prop_t resv_prop;
@ -3604,22 +3603,15 @@ zfs_rollback(zfs_handle_t *zhp, zfs_handle_t *snap, boolean_t force)
(old_volsize == zfs_prop_get_int(zhp, resv_prop));
}
(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
if (ZFS_IS_VOLUME(zhp))
zc.zc_objset_type = DMU_OST_ZVOL;
else
zc.zc_objset_type = DMU_OST_ZFS;
/*
* We rely on zfs_iter_children() to verify that there are no
* newer snapshots for the given dataset. Therefore, we can
* simply pass the name on to the ioctl() call. There is still
* an unlikely race condition where the user has taken a
* snapshot since we verified that this was the most recent.
*
*/
if ((err = zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_ROLLBACK, &zc)) != 0) {
err = lzc_rollback(zhp->zfs_name, NULL, 0);
if (err != 0) {
(void) zfs_standard_error_fmt(zhp->zfs_hdl, errno,
dgettext(TEXT_DOMAIN, "cannot rollback '%s'"),
zhp->zfs_name);

6
cddl/contrib/opensolaris/lib/libzfs/common/libzfs_iter.c
View File

@ -21,10 +21,10 @@
/*
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright 2010 Nexenta Systems, Inc. All rights reserved.
* Copyright (c) 2012 by Delphix. All rights reserved.
* Copyright (c) 2012 Pawel Jakub Dawidek <pawel@dawidek.net>.
* All rights reserved.
* Copyright 2013 Nexenta Systems, Inc. All rights reserved.
*/
#include <stdio.h>
@ -452,8 +452,12 @@ iter_dependents_cb(zfs_handle_t *zhp, void *arg)
}
ida->stack = isf.next;
}
if (!first && err == 0)
err = ida->func(zhp, ida->data);
else
zfs_close(zhp);
return (err);
}

87
cddl/contrib/opensolaris/lib/libzfs/common/libzfs_status.c
View File

@ -73,57 +73,66 @@ static char *zfs_msgid_table[] = {
/* ARGSUSED */
static int
vdev_missing(uint64_t state, uint64_t aux, uint64_t errs)
vdev_missing(vdev_stat_t *vs, uint_t vsc)
{
return (state == VDEV_STATE_CANT_OPEN &&
aux == VDEV_AUX_OPEN_FAILED);
return (vs->vs_state == VDEV_STATE_CANT_OPEN &&
vs->vs_aux == VDEV_AUX_OPEN_FAILED);
}
/* ARGSUSED */
static int
vdev_faulted(uint64_t state, uint64_t aux, uint64_t errs)
vdev_faulted(vdev_stat_t *vs, uint_t vsc)
{
return (state == VDEV_STATE_FAULTED);
return (vs->vs_state == VDEV_STATE_FAULTED);
}
/* ARGSUSED */
static int
vdev_errors(uint64_t state, uint64_t aux, uint64_t errs)
vdev_errors(vdev_stat_t *vs, uint_t vsc)
{
return (state == VDEV_STATE_DEGRADED || errs != 0);
return (vs->vs_state == VDEV_STATE_DEGRADED ||
vs->vs_read_errors != 0 || vs->vs_write_errors != 0 ||
vs->vs_checksum_errors != 0);
}
/* ARGSUSED */
static int
vdev_broken(uint64_t state, uint64_t aux, uint64_t errs)
vdev_broken(vdev_stat_t *vs, uint_t vsc)
{
return (state == VDEV_STATE_CANT_OPEN);
return (vs->vs_state == VDEV_STATE_CANT_OPEN);
}
/* ARGSUSED */
static int
vdev_offlined(uint64_t state, uint64_t aux, uint64_t errs)
vdev_offlined(vdev_stat_t *vs, uint_t vsc)
{
return (state == VDEV_STATE_OFFLINE);
return (vs->vs_state == VDEV_STATE_OFFLINE);
}
/* ARGSUSED */
static int
vdev_removed(uint64_t state, uint64_t aux, uint64_t errs)
vdev_removed(vdev_stat_t *vs, uint_t vsc)
{
return (state == VDEV_STATE_REMOVED);
return (vs->vs_state == VDEV_STATE_REMOVED);
}
static int
vdev_non_native_ashift(vdev_stat_t *vs, uint_t vsc)
{
return (VDEV_STAT_VALID(vs_physical_ashift, vsc) &&
vs->vs_configured_ashift < vs->vs_physical_ashift);
}
/*
* Detect if any leaf devices that have seen errors or could not be opened.
*/
static boolean_t
find_vdev_problem(nvlist_t *vdev, int (*func)(uint64_t, uint64_t, uint64_t))
find_vdev_problem(nvlist_t *vdev, int (*func)(vdev_stat_t *, uint_t),
boolean_t ignore_replacing)
{
nvlist_t **child;
vdev_stat_t *vs;
uint_t c, children;
char *type;
uint_t c, vsc, children;
/*
* Ignore problems within a 'replacing' vdev, since we're presumably in
@ -131,23 +140,25 @@ find_vdev_problem(nvlist_t *vdev, int (*func)(uint64_t, uint64_t, uint64_t))
* out again. We'll pick up the fact that a resilver is happening
* later.
*/
verify(nvlist_lookup_string(vdev, ZPOOL_CONFIG_TYPE, &type) == 0);
if (strcmp(type, VDEV_TYPE_REPLACING) == 0)
return (B_FALSE);
if (ignore_replacing == B_TRUE) {
char *type;
verify(nvlist_lookup_string(vdev, ZPOOL_CONFIG_TYPE,
&type) == 0);
if (strcmp(type, VDEV_TYPE_REPLACING) == 0)
return (B_FALSE);
}
if (nvlist_lookup_nvlist_array(vdev, ZPOOL_CONFIG_CHILDREN, &child,
&children) == 0) {
for (c = 0; c < children; c++)
if (find_vdev_problem(child[c], func))
if (find_vdev_problem(child[c], func, ignore_replacing))
return (B_TRUE);
} else {
verify(nvlist_lookup_uint64_array(vdev, ZPOOL_CONFIG_VDEV_STATS,
(uint64_t **)&vs, &c) == 0);
(uint64_t **)&vs, &vsc) == 0);
if (func(vs->vs_state, vs->vs_aux,
vs->vs_read_errors +
vs->vs_write_errors +
vs->vs_checksum_errors))
if (func(vs, vsc) != 0)
return (B_TRUE);
}
@ -157,7 +168,7 @@ find_vdev_problem(nvlist_t *vdev, int (*func)(uint64_t, uint64_t, uint64_t))
if (nvlist_lookup_nvlist_array(vdev, ZPOOL_CONFIG_L2CACHE, &child,
&children) == 0) {
for (c = 0; c < children; c++)
if (find_vdev_problem(child[c], func))
if (find_vdev_problem(child[c], func, ignore_replacing))
return (B_TRUE);
}
@ -270,15 +281,15 @@ check_status(nvlist_t *config, boolean_t isimport)
* Bad devices in non-replicated config.
*/
if (vs->vs_state == VDEV_STATE_CANT_OPEN &&
find_vdev_problem(nvroot, vdev_faulted))
find_vdev_problem(nvroot, vdev_faulted, B_TRUE))
return (ZPOOL_STATUS_FAULTED_DEV_NR);
if (vs->vs_state == VDEV_STATE_CANT_OPEN &&
find_vdev_problem(nvroot, vdev_missing))
find_vdev_problem(nvroot, vdev_missing, B_TRUE))
return (ZPOOL_STATUS_MISSING_DEV_NR);
if (vs->vs_state == VDEV_STATE_CANT_OPEN &&
find_vdev_problem(nvroot, vdev_broken))
find_vdev_problem(nvroot, vdev_broken, B_TRUE))
return (ZPOOL_STATUS_CORRUPT_LABEL_NR);
/*
@ -300,31 +311,37 @@ check_status(nvlist_t *config, boolean_t isimport)
/*
* Missing devices in a replicated config.
*/
if (find_vdev_problem(nvroot, vdev_faulted))
if (find_vdev_problem(nvroot, vdev_faulted, B_TRUE))
return (ZPOOL_STATUS_FAULTED_DEV_R);
if (find_vdev_problem(nvroot, vdev_missing))
if (find_vdev_problem(nvroot, vdev_missing, B_TRUE))
return (ZPOOL_STATUS_MISSING_DEV_R);
if (find_vdev_problem(nvroot, vdev_broken))
if (find_vdev_problem(nvroot, vdev_broken, B_TRUE))
return (ZPOOL_STATUS_CORRUPT_LABEL_R);
/*
* Devices with errors
*/
if (!isimport && find_vdev_problem(nvroot, vdev_errors))
if (!isimport && find_vdev_problem(nvroot, vdev_errors, B_TRUE))
return (ZPOOL_STATUS_FAILING_DEV);
/*
* Offlined devices
*/
if (find_vdev_problem(nvroot, vdev_offlined))
if (find_vdev_problem(nvroot, vdev_offlined, B_TRUE))
return (ZPOOL_STATUS_OFFLINE_DEV);
/*
* Removed device
*/
if (find_vdev_problem(nvroot, vdev_removed))
if (find_vdev_problem(nvroot, vdev_removed, B_TRUE))
return (ZPOOL_STATUS_REMOVED_DEV);
/*
* Suboptimal, but usable, ashift configuration.
*/
if (find_vdev_problem(nvroot, vdev_non_native_ashift, B_FALSE))
return (ZPOOL_STATUS_NON_NATIVE_ASHIFT);
/*
* Outdated, but usable, version
*/

26
cddl/contrib/opensolaris/lib/libzfs_core/common/libzfs_core.c
View File

@ -20,7 +20,7 @@
*/
/*
* Copyright (c) 2012 by Delphix. All rights reserved.
* Copyright (c) 2013 by Delphix. All rights reserved.
* Copyright (c) 2013 Steven Hartland. All rights reserved.
*/
@ -628,3 +628,27 @@ out:
free((void*)(uintptr_t)zc.zc_nvlist_dst);
return (error);
}
/*
* Roll back this filesystem or volume to its most recent snapshot.
* If snapnamebuf is not NULL, it will be filled in with the name
* of the most recent snapshot.
*
* Return 0 on success or an errno on failure.
*/
int
lzc_rollback(const char *fsname, char *snapnamebuf, int snapnamelen)
{
nvlist_t *args;
nvlist_t *result;
int err;
args = fnvlist_alloc();
err = lzc_ioctl(ZFS_IOC_ROLLBACK, fsname, args, &result);
nvlist_free(args);
if (err == 0 && snapnamebuf != NULL) {
const char *snapname = fnvlist_lookup_string(result, "target");
(void) strlcpy(snapnamebuf, snapname, snapnamelen);
}
return (err);
}

3
cddl/contrib/opensolaris/lib/libzfs_core/common/libzfs_core.h
View File

@ -20,7 +20,7 @@
*/
/*
* Copyright (c) 2012 by Delphix. All rights reserved.
* Copyright (c) 2013 by Delphix. All rights reserved.
* Copyright (c) 2013 by Martin Matuska <mm@FreeBSD.org>. All rights reserved.
*/
@ -59,6 +59,7 @@ int lzc_send_space(const char *snapname, const char *fromsnap,
boolean_t lzc_exists(const char *dataset);
int lzc_rollback(const char *fsname, char *snapnamebuf, int snapnamelen);
#ifdef __cplusplus
}

6
cddl/contrib/opensolaris/lib/libzpool/common/kernel.c
View File

@ -591,6 +591,12 @@ dprintf_setup(int *argc, char **argv)
dprintf_print_all = 1;
}
int
sysctl_handle_64(SYSCTL_HANDLER_ARGS)
{
return (0);
}
/*
* =========================================================================
* debug printfs

46
cddl/contrib/opensolaris/lib/libzpool/common/sys/zfs_context.h
View File

@ -659,11 +659,55 @@ typedef uint32_t idmap_rid_t;
#define SX_SYSINIT(name, lock, desc)
#define SYSCTL_HANDLER_ARGS struct sysctl_oid *oidp, void *arg1, \
intptr_t arg2, struct sysctl_req *req
/*
* This describes the access space for a sysctl request. This is needed
* so that we can use the interface from the kernel or from user-space.
*/
struct sysctl_req {
struct thread *td; /* used for access checking */
int lock; /* wiring state */
void *oldptr;
size_t oldlen;
size_t oldidx;
int (*oldfunc)(struct sysctl_req *, const void *, size_t);
void *newptr;
size_t newlen;
size_t newidx;
int (*newfunc)(struct sysctl_req *, void *, size_t);
size_t validlen;
int flags;
};
SLIST_HEAD(sysctl_oid_list, sysctl_oid);
/*
* This describes one "oid" in the MIB tree. Potentially more nodes can
* be hidden behind it, expanded by the handler.
*/
struct sysctl_oid {
struct sysctl_oid_list *oid_parent;
SLIST_ENTRY(sysctl_oid) oid_link;
int oid_number;
u_int oid_kind;
void *oid_arg1;
intptr_t oid_arg2;
const char *oid_name;
int (*oid_handler)(SYSCTL_HANDLER_ARGS);
const char *oid_fmt;
int oid_refcnt;
u_int oid_running;
const char *oid_descr;
};
#define SYSCTL_DECL(...)
#define SYSCTL_NODE(...)
#define SYSCTL_INT(...)
#define SYSCTL_UINT(...)
#define SYSCTL_ULONG(...)
#define SYSCTL_PROC(...)
#define SYSCTL_QUAD(...)
#define SYSCTL_UQUAD(...)
#ifdef TUNABLE_INT
@ -675,6 +719,8 @@ typedef uint32_t idmap_rid_t;
#define TUNABLE_ULONG(...)
#define TUNABLE_QUAD(...)
int sysctl_handle_64(SYSCTL_HANDLER_ARGS);
/* Errors */
#ifndef ERESTART

70
cddl/contrib/opensolaris/tools/ctf/cvt/dwarf.c
View File

@ -23,8 +23,6 @@
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* DWARF to tdata conversion
*
@ -1796,6 +1794,59 @@ die_resolve(dwarf_t *dw)
} while (dw->dw_nunres != 0);
}
/*
* Any object containing a function or object symbol at any scope should also
* contain DWARF data.
*/
static boolean_t
should_have_dwarf(Elf *elf)
{
Elf_Scn *scn = NULL;
Elf_Data *data = NULL;
GElf_Shdr shdr;
GElf_Sym sym;
uint32_t symdx = 0;
size_t nsyms = 0;
boolean_t found = B_FALSE;
while ((scn = elf_nextscn(elf, scn)) != NULL) {
gelf_getshdr(scn, &shdr);
if (shdr.sh_type == SHT_SYMTAB) {
found = B_TRUE;
break;
}
}
if (!found)
terminate("cannot convert stripped objects\n");
data = elf_getdata(scn, NULL);
nsyms = shdr.sh_size / shdr.sh_entsize;
for (symdx = 0; symdx < nsyms; symdx++) {
gelf_getsym(data, symdx, &sym);
if ((GELF_ST_TYPE(sym.st_info) == STT_FUNC) ||
(GELF_ST_TYPE(sym.st_info) == STT_TLS) ||
(GELF_ST_TYPE(sym.st_info) == STT_OBJECT)) {
char *name;
name = elf_strptr(elf, shdr.sh_link, sym.st_name);
/* Studio emits these local symbols regardless */
if ((strcmp(name, "Bbss.bss") != 0) &&
(strcmp(name, "Ttbss.bss") != 0) &&
(strcmp(name, "Ddata.data") != 0) &&
(strcmp(name, "Ttdata.data") != 0) &&
(strcmp(name, "Drodata.rodata") != 0))
return (B_TRUE);
}
}
return (B_FALSE);
}
/*ARGSUSED*/
int
dw_read(tdata_t *td, Elf *elf, char *filename __unused)
@ -1820,8 +1871,12 @@ dw_read(tdata_t *td, Elf *elf, char *filename __unused)
if ((rc = dwarf_elf_init(elf, DW_DLC_READ, &dw.dw_dw,
&dw.dw_err)) == DW_DLV_NO_ENTRY) {
errno = ENOENT;
return (-1);
if (should_have_dwarf(elf)) {
errno = ENOENT;
return (-1);
} else {
return (0);
}
} else if (rc != DW_DLV_OK) {
if (dwarf_errno(&dw.dw_err) == DW_DLE_DEBUG_INFO_NULL) {
/*
@ -1839,9 +1894,14 @@ dw_read(tdata_t *td, Elf *elf, char *filename __unused)
&addrsz, &nxthdr, &dw.dw_err)) != DW_DLV_OK)
terminate("rc = %d %s\n", rc, dwarf_errmsg(&dw.dw_err));
if ((cu = die_sibling(&dw, NULL)) == NULL)
if ((cu = die_sibling(&dw, NULL)) == NULL ||
(((child = die_child(&dw, cu)) == NULL) &&
should_have_dwarf(elf))) {
terminate("file does not contain dwarf type data "
"(try compiling with -g)\n");
} else if (child == NULL) {
return (0);
}
dw.dw_maxoff = nxthdr - 1;

3
cddl/lib/libdtrace/Makefile
View File

@ -48,8 +48,11 @@ SRCS= dt_aggregate.c \
DSRCS= errno.d \
io.d \
ip.d \
psinfo.d \
signal.d \
tcp.d \
udp.d \
unistd.d
WARNS?= 1

285
cddl/lib/libdtrace/ip.d Normal file
View File

@ -0,0 +1,285 @@
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
* $FreeBSD$
*/
/*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013 Mark Johnston <markj@freebsd.org>
*/
#pragma D depends_on provider ip
/*
* pktinfo is where packet ID info can be made available for deeper
* analysis if packet IDs become supported by the kernel in the future.
* The pkt_addr member is currently always NULL.
*/
typedef struct pktinfo {
uintptr_t pkt_addr;
} pktinfo_t;
/*
* csinfo is where connection state info is made available.
*/
typedef uint32_t zoneid_t;
typedef struct csinfo {
uintptr_t cs_addr;
uint64_t cs_cid;
pid_t cs_pid;
zoneid_t cs_zoneid;
} csinfo_t;
/*
* ipinfo contains common IP info for both IPv4 and IPv6.
*/
typedef struct ipinfo {
uint8_t ip_ver; /* IP version (4, 6) */
uint32_t ip_plength; /* payload length */
string ip_saddr; /* source address */
string ip_daddr; /* destination address */
} ipinfo_t;
/*
* ifinfo contains network interface info.
*/
typedef struct ifinfo {
string if_name; /* interface name */
int8_t if_local; /* is delivered locally */
/*netstackid_t if_ipstack;*/ /* ipstack ID */
uintptr_t if_addr; /* pointer to raw ill_t */
} ifinfo_t;
typedef uint32_t ipaddr_t;
typedef struct {
uint8_t ipha_version_and_hdr_length;
uint8_t ipha_type_of_service;
uint16_t ipha_length;
uint16_t ipha_ident;
uint16_t ipha_fragment_offset_and_flags;
uint8_t ipha_ttl;
uint8_t ipha_protocol;
uint16_t ipha_hdr_checksum;
ipaddr_t ipha_src;
ipaddr_t ipha_dst;
} ipha_t;
/*
* ipv4info is a translated version of the IPv4 header (with raw pointer).
* These values are NULL if the packet is not IPv4.
*/
typedef struct ipv4info {
uint8_t ipv4_ver; /* IP version (4) */
uint8_t ipv4_ihl; /* header length, bytes */
uint8_t ipv4_tos; /* type of service field */
uint16_t ipv4_length; /* length (header + payload) */
uint16_t ipv4_ident; /* identification */
uint8_t ipv4_flags; /* IP flags */
uint16_t ipv4_offset; /* fragment offset */
uint8_t ipv4_ttl; /* time to live */
uint8_t ipv4_protocol; /* next level protocol */
string ipv4_protostr; /* next level protocol, as a string */
uint16_t ipv4_checksum; /* header checksum */
ipaddr_t ipv4_src; /* source address */
ipaddr_t ipv4_dst; /* destination address */
string ipv4_saddr; /* source address, string */
string ipv4_daddr; /* destination address, string */
ipha_t *ipv4_hdr; /* pointer to raw header */
} ipv4info_t;
/*
* ipv6info is a translated version of the IPv6 header (with raw pointer).
* These values are NULL if the packet is not IPv6.
*/
typedef struct in6_addr in6_addr_t;
typedef struct ip6_hdr ip6_t;
typedef struct ipv6info {
uint8_t ipv6_ver; /* IP version (6) */
uint8_t ipv6_tclass; /* traffic class */
uint32_t ipv6_flow; /* flow label */
uint16_t ipv6_plen; /* payload length */
uint8_t ipv6_nexthdr; /* next header protocol */
string ipv6_nextstr; /* next header protocol, as a string */
uint8_t ipv6_hlim; /* hop limit */
in6_addr_t *ipv6_src; /* source address */
in6_addr_t *ipv6_dst; /* destination address */
string ipv6_saddr; /* source address, string */
string ipv6_daddr; /* destination address, string */
ip6_t *ipv6_hdr; /* pointer to raw header */
} ipv6info_t;
#pragma D binding "1.0" IPPROTO_IP
inline short IPPROTO_IP = 0;
#pragma D binding "1.0" IPPROTO_ICMP
inline short IPPROTO_ICMP = 1;
#pragma D binding "1.0" IPPROTO_IGMP
inline short IPPROTO_IGMP = 2;
#pragma D binding "1.0" IPPROTO_IPV4
inline short IPPROTO_IPV4 = 4;
#pragma D binding "1.0" IPPROTO_TCP
inline short IPPROTO_TCP = 6;
#pragma D binding "1.0" IPPROTO_UDP
inline short IPPROTO_UDP = 17;
#pragma D binding "1.0" IPPROTO_IPV6
inline short IPPROTO_IPV6 = 41;
#pragma D binding "1.0" IPPROTO_ROUTING
inline short IPPROTO_ROUTING = 43;
#pragma D binding "1.0" IPPROTO_FRAGMENT
inline short IPPROTO_FRAGMENT = 44;
#pragma D binding "1.0" IPPROTO_RSVP
inline short IPPROTO_RSVP = 46;
#pragma D binding "1.0" IPPROTO_GRE
inline short IPPROTO_GRE = 47;
#pragma D binding "1.0" IPPROTO_ESP
inline short IPPROTO_ESP = 50;
#pragma D binding "1.0" IPPROTO_AH
inline short IPPROTO_AH = 51;
#pragma D binding "1.0" IPPROTO_MOBILE
inline short IPPROTO_MOBILE = 55;
#pragma D binding "1.0" IPPROTO_ICMPV6
inline short IPPROTO_ICMPV6 = 58;
#pragma D binding "1.0" IPPROTO_DSTOPTS
inline short IPPROTO_DSTOPTS = 60;
#pragma D binding "1.0" IPPROTO_ETHERIP
inline short IPPROTO_ETHERIP = 97;
#pragma D binding "1.0" IPPROTO_PIM
inline short IPPROTO_PIM = 103;
#pragma D binding "1.0" IPPROTO_IPCOMP
inline short IPPROTO_IPCOMP = 108;
#pragma D binding "1.0" IPPROTO_SCTP
inline short IPPROTO_SCTP = 132;
#pragma D binding "1.0" IPPROTO_RAW
inline short IPPROTO_RAW = 255;
inline uint8_t INP_IPV4 = 0x01;
inline uint8_t INP_IPV6 = 0x02;
#pragma D binding "1.0" protocols
inline string protocols[int proto] =
proto == IPPROTO_IP ? "IP" :
proto == IPPROTO_ICMP ? "ICMP" :
proto == IPPROTO_IGMP ? "IGMP" :
proto == IPPROTO_IPV4 ? "IPV4" :
proto == IPPROTO_TCP ? "TCP" :
proto == IPPROTO_UDP ? "UDP" :
proto == IPPROTO_IPV6 ? "IPV6" :
proto == IPPROTO_ROUTING ? "ROUTING" :
proto == IPPROTO_FRAGMENT ? "FRAGMENT" :
proto == IPPROTO_RSVP ? "RSVP" :
proto == IPPROTO_GRE ? "GRE" :
proto == IPPROTO_ESP ? "ESP" :
proto == IPPROTO_AH ? "AH" :
proto == IPPROTO_MOBILE ? "MOBILE" :
proto == IPPROTO_ICMPV6 ? "ICMPV6" :
proto == IPPROTO_DSTOPTS ? "DSTOPTS" :
proto == IPPROTO_ETHERIP ? "ETHERIP" :
proto == IPPROTO_PIM ? "PIM" :
proto == IPPROTO_IPCOMP ? "IPCOMP" :
proto == IPPROTO_SCTP ? "SCTP" :
proto == IPPROTO_RAW ? "RAW" :
"<unknown>";
/*
* This field is always NULL according to the current definition of the ip
* probes.
*/
#pragma D binding "1.0" translator
translator pktinfo_t < void *p > {
pkt_addr = NULL;
};
#pragma D binding "1.0" translator
translator csinfo_t < void *p > {
cs_addr = NULL;
cs_cid = (uint64_t)p;
cs_pid = 0;
cs_zoneid = 0;
};
#pragma D binding "1.0" translator
translator csinfo_t < struct inpcb *p > {
cs_addr = NULL;
cs_cid = (uint64_t)p;
cs_pid = 0; /* XXX */
cs_zoneid = 0;
};
#pragma D binding "1.0" translator
translator ipinfo_t < uint8_t *p > {
ip_ver = p == NULL ? 0 : ((struct ip *)p)->ip_v;
ip_plength = p == NULL ? 0 :
((struct ip *)p)->ip_v == 4 ?
ntohs(((struct ip *)p)->ip_len) - (((struct ip *)p)->ip_hl << 2):
ntohs(((struct ip6_hdr *)p)->ip6_ctlun.ip6_un1.ip6_un1_plen);
ip_saddr = p == NULL ? 0 :
((struct ip *)p)->ip_v == 4 ?
inet_ntoa(&((struct ip *)p)->ip_src.s_addr) :
inet_ntoa6(&((struct ip6_hdr *)p)->ip6_src);
ip_daddr = p == NULL ? 0 :
((struct ip *)p)->ip_v == 4 ?
inet_ntoa(&((struct ip *)p)->ip_dst.s_addr) :
inet_ntoa6(&((struct ip6_hdr *)p)->ip6_dst);
};
#pragma D binding "1.0" IFF_LOOPBACK
inline int IFF_LOOPBACK = 0x8;
#pragma D binding "1.0" translator
translator ifinfo_t < struct ifnet *p > {
if_name = p->if_xname;
if_local = (p->if_flags & IFF_LOOPBACK) == 0 ? 0 : 1;
if_addr = (uintptr_t)p;
};
#pragma D binding "1.0" translator
translator ipv4info_t < struct ip *p > {
ipv4_ver = p == NULL ? 0 : p->ip_v;
ipv4_ihl = p == NULL ? 0 : p->ip_hl;
ipv4_tos = p == NULL ? 0 : p->ip_tos;
ipv4_length = p == NULL ? 0 : ntohs(p->ip_len);
ipv4_ident = p == NULL ? 0 : ntohs(p->ip_id);
ipv4_flags = p == NULL ? 0 : (p->ip_off & 0xe000);
ipv4_offset = p == NULL ? 0 : p->ip_off;
ipv4_ttl = p == NULL ? 0 : p->ip_ttl;
ipv4_protocol = p == NULL ? 0 : p->ip_p;
ipv4_protostr = p == NULL ? "<null>" : protocols[p->ip_p];
ipv4_checksum = p == NULL ? 0 : ntohs(p->ip_sum);
ipv4_src = p == NULL ? 0 : (ipaddr_t)ntohl(p->ip_src.s_addr);
ipv4_dst = p == NULL ? 0 : (ipaddr_t)ntohl(p->ip_dst.s_addr);
ipv4_saddr = p == NULL ? 0 : inet_ntoa(&p->ip_src.s_addr);
ipv4_daddr = p == NULL ? 0 : inet_ntoa(&p->ip_dst.s_addr);
ipv4_hdr = (ipha_t *)p;
};
#pragma D binding "1.0" translator
translator ipv6info_t < struct ip6_hdr *p > {
ipv6_ver = p == NULL ? 0 : (ntohl(p->ip6_ctlun.ip6_un1.ip6_un1_flow) & 0xf0000000) >> 28;
ipv6_tclass = p == NULL ? 0 : (ntohl(p->ip6_ctlun.ip6_un1.ip6_un1_flow) & 0x0ff00000) >> 20;
ipv6_flow = p == NULL ? 0 : ntohl(p->ip6_ctlun.ip6_un1.ip6_un1_flow) & 0x000fffff;
ipv6_plen = p == NULL ? 0 : ntohs(p->ip6_ctlun.ip6_un1.ip6_un1_plen);
ipv6_nexthdr = p == NULL ? 0 : p->ip6_ctlun.ip6_un1.ip6_un1_nxt;
ipv6_nextstr = p == NULL ? "<null>" : protocols[p->ip6_ctlun.ip6_un1.ip6_un1_nxt];
ipv6_hlim = p == NULL ? 0 : p->ip6_ctlun.ip6_un1.ip6_un1_hlim;
ipv6_src = p == NULL ? 0 : (in6_addr_t *)&p->ip6_src;
ipv6_dst = p == NULL ? 0 : (in6_addr_t *)&p->ip6_dst;
ipv6_saddr = p == NULL ? 0 : inet_ntoa6(&p->ip6_src);
ipv6_daddr = p == NULL ? 0 : inet_ntoa6(&p->ip6_dst);
ipv6_hdr = (ip6_t *)p;
};

203
cddl/lib/libdtrace/tcp.d Normal file
View File

@ -0,0 +1,203 @@
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
* $FreeBSD$
*/
/*
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013 Mark Johnston <markj@freebsd.org>
*/
#pragma D depends_on library ip.d
#pragma D depends_on provider tcp
/*
* Convert a TCP state value to a string.
*/
#pragma D binding "1.0" TCPS_CLOSED
inline int TCPS_CLOSED = 0;
#pragma D binding "1.0" TCPS_LISTEN
inline int TCPS_LISTEN = 1;
#pragma D binding "1.0" TCPS_SYN_SENT
inline int TCPS_SYN_SENT = 2;
#pragma D binding "1.0" TCPS_SYN_RECEIVED
inline int TCPS_SYN_RECEIVED = 3;
#pragma D binding "1.0" TCPS_ESTABLISHED
inline int TCPS_ESTABLISHED = 4;
#pragma D binding "1.0" TCPS_CLOSE_WAIT
inline int TCPS_CLOSE_WAIT = 5;
#pragma D binding "1.0" TCPS_FIN_WAIT_1
inline int TCPS_FIN_WAIT_1 = 6;
#pragma D binding "1.0" TCPS_CLOSING
inline int TCPS_CLOSING = 7;
#pragma D binding "1.0" TCPS_LAST_ACK
inline int TCPS_LAST_ACK = 8;
#pragma D binding "1.0" TCPS_FIN_WAIT_2
inline int TCPS_FIN_WAIT_2 = 9;
#pragma D binding "1.0" TCPS_TIME_WAIT
inline int TCPS_TIME_WAIT = 10;
/* TCP segment flags. */
#pragma D binding "1.0" TH_FIN
inline uint8_t TH_FIN = 0x01;
#pragma D binding "1.0" TH_SYN
inline uint8_t TH_SYN = 0x02;
#pragma D binding "1.0" TH_RST
inline uint8_t TH_RST = 0x04;
#pragma D binding "1.0" TH_PUSH
inline uint8_t TH_PUSH = 0x08;
#pragma D binding "1.0" TH_ACK
inline uint8_t TH_ACK = 0x10;
#pragma D binding "1.0" TH_URG
inline uint8_t TH_URG = 0x20;
#pragma D binding "1.0" TH_ECE
inline uint8_t TH_ECE = 0x40;
#pragma D binding "1.0" TH_CWR
inline uint8_t TH_CWR = 0x80;
/* TCP connection state strings. */
#pragma D binding "1.0" tcp_state_string
inline string tcp_state_string[int32_t state] =
state == TCPS_CLOSED ? "state-closed" :
state == TCPS_LISTEN ? "state-listen" :
state == TCPS_SYN_SENT ? "state-syn-sent" :
state == TCPS_SYN_RECEIVED ? "state-syn-received" :
state == TCPS_ESTABLISHED ? "state-established" :
state == TCPS_CLOSE_WAIT ? "state-close-wait" :
state == TCPS_FIN_WAIT_1 ? "state-fin-wait-1" :
state == TCPS_CLOSING ? "state-closing" :
state == TCPS_LAST_ACK ? "state-last-ack" :
state == TCPS_FIN_WAIT_2 ? "state-fin-wait-2" :
state == TCPS_TIME_WAIT ? "state-time-wait" :
"<unknown>";
/*
* tcpsinfo contains stable TCP details from tcp_t.
*/
typedef struct tcpsinfo {
uintptr_t tcps_addr;
int tcps_local; /* is delivered locally, boolean */
int tcps_active; /* active open (from here), boolean */
uint16_t tcps_lport; /* local port */
uint16_t tcps_rport; /* remote port */
string tcps_laddr; /* local address, as a string */
string tcps_raddr; /* remote address, as a string */
int32_t tcps_state; /* TCP state */
uint32_t tcps_iss; /* Initial sequence # sent */
uint32_t tcps_suna; /* sequence # sent but unacked */
uint32_t tcps_snxt; /* next sequence # to send */
uint32_t tcps_rack; /* sequence # we have acked */
uint32_t tcps_rnxt; /* next sequence # expected */
uint32_t tcps_swnd; /* send window size */
int32_t tcps_snd_ws; /* send window scaling */
uint32_t tcps_rwnd; /* receive window size */
int32_t tcps_rcv_ws; /* receive window scaling */
uint32_t tcps_cwnd; /* congestion window */
uint32_t tcps_cwnd_ssthresh; /* threshold for congestion avoidance */
uint32_t tcps_sack_fack; /* SACK sequence # we have acked */
uint32_t tcps_sack_snxt; /* next SACK seq # for retransmission */
uint32_t tcps_rto; /* round-trip timeout, msec */
uint32_t tcps_mss; /* max segment size */
int tcps_retransmit; /* retransmit send event, boolean */
} tcpsinfo_t;
/*
* tcplsinfo provides the old tcp state for state changes.
*/
typedef struct tcplsinfo {
int32_t tcps_state; /* previous TCP state */
} tcplsinfo_t;
/*
* tcpinfo is the TCP header fields.
*/
typedef struct tcpinfo {
uint16_t tcp_sport; /* source port */
uint16_t tcp_dport; /* destination port */
uint32_t tcp_seq; /* sequence number */
uint32_t tcp_ack; /* acknowledgment number */
uint8_t tcp_offset; /* data offset, in bytes */
uint8_t tcp_flags; /* flags */
uint16_t tcp_window; /* window size */
uint16_t tcp_checksum; /* checksum */
uint16_t tcp_urgent; /* urgent data pointer */
struct tcphdr *tcp_hdr; /* raw TCP header */
} tcpinfo_t;
#pragma D binding "1.0" translator
translator csinfo_t < struct tcpcb *p > {
cs_addr = NULL;
cs_cid = (uint64_t)p;
cs_pid = 0;
cs_zoneid = 0;
};
#pragma D binding "1.0" translator
translator tcpsinfo_t < struct tcpcb *p > {
tcps_addr = (uintptr_t)p;
tcps_local = -1; /* XXX */
tcps_active = -1; /* XXX */
tcps_lport = p == NULL ? 0 : ntohs(p->t_inpcb->inp_inc.inc_ie.ie_lport);
tcps_rport = p == NULL ? 0 : ntohs(p->t_inpcb->inp_inc.inc_ie.ie_fport);
tcps_laddr = p == NULL ? 0 :
p->t_inpcb->inp_vflag == INP_IPV4 ?
inet_ntoa(&p->t_inpcb->inp_inc.inc_ie.ie_dependladdr.ie46_local.ia46_addr4.s_addr) :
inet_ntoa6(&p->t_inpcb->inp_inc.inc_ie.ie_dependladdr.ie6_local);
tcps_raddr = p == NULL ? 0 :
p->t_inpcb->inp_vflag == INP_IPV4 ?
inet_ntoa(&p->t_inpcb->inp_inc.inc_ie.ie_dependfaddr.ie46_foreign.ia46_addr4.s_addr) :
inet_ntoa6(&p->t_inpcb->inp_inc.inc_ie.ie_dependfaddr.ie6_foreign);
tcps_state = p == NULL ? -1 : p->t_state;
tcps_iss = p == NULL ? 0 : p->iss;
tcps_suna = p == NULL ? 0 : p->snd_una;
tcps_snxt = p == NULL ? 0 : p->snd_nxt;
tcps_rack = p == NULL ? 0 : p->last_ack_sent;
tcps_rnxt = p == NULL ? 0 : p->rcv_nxt;
tcps_swnd = p == NULL ? -1 : p->snd_wnd;
tcps_snd_ws = p == NULL ? -1 : p->snd_scale;
tcps_rwnd = p == NULL ? -1 : p->rcv_wnd;
tcps_rcv_ws = p == NULL ? -1 : p->rcv_scale;
tcps_cwnd = p == NULL ? -1 : p->snd_cwnd;
tcps_cwnd_ssthresh = p == NULL ? -1 : p->snd_ssthresh;
tcps_sack_fack = p == NULL ? 0 : p->snd_fack;
tcps_sack_snxt = p == NULL ? 0 : p->sack_newdata;
tcps_rto = p == NULL ? -1 : p->t_rxtcur / 1000; /* XXX */
tcps_mss = p == NULL ? -1 : p->t_maxseg;
tcps_retransmit = -1; /* XXX */
};
#pragma D binding "1.0" translator
translator tcpinfo_t < struct tcphdr *p > {
tcp_sport = p == NULL ? 0 : ntohs(p->th_sport);
tcp_dport = p == NULL ? 0 : ntohs(p->th_dport);
tcp_seq = p == NULL ? -1 : ntohl(p->th_seq);
tcp_ack = p == NULL ? -1 : ntohl(p->th_ack);
tcp_offset = p == NULL ? -1 : (p->th_off >> 2);
tcp_flags = p == NULL ? 0 : p->th_flags;
tcp_window = p == NULL ? 0 : ntohs(p->th_win);
tcp_checksum = p == NULL ? 0 : ntohs(p->th_sum);
tcp_urgent = p == NULL ? 0 : ntohs(p->th_urp);
tcp_hdr = (struct tcphdr *)p;
};
#pragma D binding "1.0" translator
translator tcplsinfo_t < int s > {
tcps_state = s;
};

75
cddl/lib/libdtrace/udp.d Normal file
View File

@ -0,0 +1,75 @@
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
* $FreeBSD$
*/
/*
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013 Mark Johnston <markj@FreeBSD.org>
*/
#pragma D depends_on library ip.d
#pragma D depends_on provider udp
/*
* udpsinfo contains stable UDP details.
*/
typedef struct udpsinfo {
uintptr_t udps_addr;
uint16_t udps_lport; /* local port */
uint16_t udps_rport; /* remote port */
string udps_laddr; /* local address, as a string */
string udps_raddr; /* remote address, as a string */
} udpsinfo_t;
/*
* udpinfo is the UDP header fields.
*/
typedef struct udpinfo {
uint16_t udp_sport; /* source port */
uint16_t udp_dport; /* destination port */
uint16_t udp_length; /* total length */
uint16_t udp_checksum; /* headers + data checksum */
struct udphdr *udp_hdr; /* raw UDP header */
} udpinfo_t;
#pragma D binding "1.0" translator
translator udpsinfo_t < struct inpcb *p > {
udps_addr = (uintptr_t)p;
udps_lport = p == NULL ? 0 : ntohs(p->inp_inc.inc_ie.ie_lport);
udps_rport = p == NULL ? 0 : ntohs(p->inp_inc.inc_ie.ie_fport);
udps_laddr = p == NULL ? "" :
p->inp_vflag == INP_IPV4 ?
inet_ntoa(&p->inp_inc.inc_ie.ie_dependladdr.ie46_local.ia46_addr4.s_addr) :
inet_ntoa6(&p->inp_inc.inc_ie.ie_dependladdr.ie6_local);
udps_raddr = p == NULL ? "" :
p->inp_vflag == INP_IPV4 ?
inet_ntoa(&p->inp_inc.inc_ie.ie_dependfaddr.ie46_foreign.ia46_addr4.s_addr) :
inet_ntoa6(&p->inp_inc.inc_ie.ie_dependfaddr.ie6_foreign);
};
#pragma D binding "1.0" translator
translator udpinfo_t < struct udphdr *p > {
udp_sport = p == NULL ? 0 : ntohs(p->uh_sport);
udp_dport = p == NULL ? 0 : ntohs(p->uh_dport);
udp_length = p == NULL ? 0 : ntohs(p->uh_ulen);
udp_checksum = p == NULL ? 0 : ntohs(p->uh_sum);
udp_hdr = p;
};

6
cddl/lib/libzpool/Makefile
View File

@ -64,7 +64,9 @@ NO_PROFILE=
CSTD= c99
CFLAGS+= -DDEBUG=1
#DEBUG_FLAGS+= -g
# Since there are many asserts in this library, it makes no sense to compile
# it without debugging.
CFLAGS+= -g -DDEBUG=1
.include <bsd.lib.mk>

5
cddl/usr.bin/ztest/Makefile
View File

@ -25,7 +25,8 @@ LDADD= -lgeom -lm -lnvpair -lumem -lzpool -lpthread -lavl -lzfs_core -lzfs \
CSTD= c99
CFLAGS+= -DDEBUG=1
#DEBUG_FLAGS+= -g
# Since there are many asserts in this program, it makes no sense to compile
# it without debugging.
CFLAGS+= -g -DDEBUG=1
.include <bsd.prog.mk>

5
cddl/usr.sbin/zdb/Makefile
View File

@ -27,7 +27,8 @@ DPADD= ${LIBGEOM} ${LIBM} ${LIBNVPAIR} ${LIBPTHREAD} ${LIBUMEM} \
${LIBUUTIL} ${LIBZFS_CORE} ${LIBZFS} ${LIBZPOOL}
LDADD= -lgeom -lm -lnvpair -lpthread -lumem -luutil -lzfs_core -lzfs -lzpool
CFLAGS+= -DDEBUG=1
#DEBUG_FLAGS+= -g
# Since there are many asserts in this program, it makes no sense to compile
# it without debugging.
CFLAGS+= -g -DDEBUG=1
.include <bsd.prog.mk>

967
contrib/bind9/CHANGES
View File

File diff suppressed because it is too large Load Diff

4
contrib/bind9/COPYRIGHT
View File

@ -1,4 +1,4 @@
Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
$Id: COPYRIGHT,v 1.17.14.2 2012/01/04 23:46:18 tbox Exp $
$Id: COPYRIGHT,v 1.19 2012/01/03 23:46:59 tbox Exp $
Portions of this code release fall under one or more of the
following Copyright notices. Please see individual source

4
contrib/bind9/FAQ
View File

@ -1,6 +1,6 @@
Frequently Asked Questions about BIND 9
Copyright © 2004-2010 Internet Systems Consortium, Inc. ("ISC")
Copyright © 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
Copyright © 2000-2003 Internet Software Consortium.
@ -869,7 +869,7 @@ A: If you run Tiger(Mac OS 10.4) or later then this is all you need to do:
Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
key "rndc-key" {
algorithm hmac-md5;
algorithm hmac-sha256;
secret "uvceheVuqf17ZwIcTydddw==";
};

5
contrib/bind9/FAQ.xml
View File

@ -1,7 +1,7 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
<!--
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -30,6 +30,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
<year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -1564,7 +1565,7 @@ rand_irqs="3 14 15"</programlisting>
<informalexample>
<programlisting>
key "rndc-key" {
algorithm hmac-md5;
algorithm hmac-sha256;
secret "uvceheVuqf17ZwIcTydddw==";
};</programlisting>
</informalexample>

52
contrib/bind9/HISTORY
View File

@ -1,5 +1,57 @@
Summary of functional enhancements from prior major releases of BIND 9:
BIND 9.8.0
BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
releases. New features include:
- Built-in trust anchor for the root zone, which can be
switched on via "dnssec-validation auto;"
- Support for DNS64.
- Support for response policy zones (RPZ).
- Support for writable DLZ zones.
- Improved ease of configuration of GSS/TSIG for
interoperability with Active Directory
- Support for GOST signing algorithm for DNSSEC.
- Removed RTT Banding from server selection algorithm.
- New "static-stub" zone type.
- Allow configuration of resolver timeouts via
"resolver-query-timeout" option.
- The DLZ "dlopen" driver is now built by default.
- Added a new include file with function typedefs
for the DLZ "dlopen" driver.
- Made "--with-gssapi" default.
- More verbose error reporting from DLZ LDAP.
BIND 9.7.0
BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
releases. Most are intended to simplify DNSSEC configuration.
New features include:
- Fully automatic signing of zones by "named".
- Simplified configuration of DNSSEC Lookaside Validation (DLV).
- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
command line tool or the "local" update-policy option. (As a side
effect, this also makes it easier to configure automatic zone
re-signing.)
- New named option "attach-cache" that allows multiple views to
share a single cache.
- DNS rebinding attack prevention.
- New default values for dnssec-keygen parameters.
- Support for RFC 5011 automated trust anchor maintenance
- Smart signing: simplified tools for zone signing and key
maintenance.
- The "statistics-channels" option is now available on Windows.
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
- On some platforms, named and other binaries can now print out
a stack backtrace on assertion failure, to aid in debugging.
- A "tools only" installation mode on Windows, which only installs
dig, host, nslookup and nsupdate.
- Improved PKCS#11 support, including Keyper support and explicit
OpenSSL engine selection.
BIND 9.6.0
Full NSEC3 support

20
contrib/bind9/Makefile.in
View File

@ -1,4 +1,4 @@
# Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.58.250.4 2011/09/06 04:06:11 marka Exp $
# $Id: Makefile.in,v 1.62 2011/09/06 04:06:37 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -61,9 +61,21 @@ tags:
rm -f TAGS
find lib bin -name "*.[ch]" -print | @ETAGS@ -
check: test
test check:
@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>&- || echo fail`"; then \
echo I: NOTE: The tests were not run because they require that; \
echo I: the IP addresses 10.53.0.1 through 10.53.0.8 are configured; \
echo I: as alias addresses on the loopback interface. Please run; \
echo I: \'bin/tests/system/ifconfig.sh up\' as root to configure; \
echo I: them, then rerun the tests. Run make force-test to run the; \
echo I: tests anyway.; \
exit 1; \
fi
${MAKE} test-force
test:
force-test: test-force
test-force:
status=0; \
(cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \
(test -f unit/unittest.sh && $(SHELL) unit/unittest.sh) || status=1; \

167
contrib/bind9/README
View File

@ -51,114 +51,64 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
BIND 9.8.4
BIND 9.9.3
BIND 9.8.4 includes several bug fixes and patches security
flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244.
BIND 9.9.3 is a maintenance release and patches the security
flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266.
BIND 9.8.3
BIND 9.9.2
BIND 9.8.3 is a maintenance release.
BIND 9.9.2 is a maintenance release and patches the security
flaw described in CVE-2012-4244.
BIND 9.8.2
BIND 9.9.1
BIND 9.8.2 includes a number of bug fixes and prevents a security
problem described in CVE-2011-4313
BIND 9.9.1 is a maintenance release.
BIND 9.8.1
BIND 9.9.0
BIND 9.8.1 includes a number of bug fixes and enhancements from
BIND 9.8 and earlier releases. New features include:
BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
releases. New features include:
- The DLZ "dlopen" driver is now built by default.
- Added a new include file with function typedefs
for the DLZ "dlopen" driver.
- Made "--with-gssapi" default.
- More verbose error reporting from DLZ LDAP.
BIND 9.8.0
BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
releases. New features include:
- Built-in trust anchor for the root zone, which can be
switched on via "dnssec-validation auto;"
- Support for DNS64.
- Support for response policy zones (RPZ).
- Support for writable DLZ zones.
- Improved ease of configuration of GSS/TSIG for
interoperability with Active Directory
- Support for GOST signing algorithm for DNSSEC.
- Removed RTT Banding from server selection algorithm.
- New "static-stub" zone type.
- Allow configuration of resolver timeouts via
"resolver-query-timeout" option.
BIND 9.7.0
BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
releases. Most are intended to simplify DNSSEC configuration.
New features include:
- Fully automatic signing of zones by "named".
- Simplified configuration of DNSSEC Lookaside Validation (DLV).
- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
command line tool or the "local" update-policy option. (As a side
effect, this also makes it easier to configure automatic zone
re-signing.)
- New named option "attach-cache" that allows multiple views to
share a single cache.
- DNS rebinding attack prevention.
- New default values for dnssec-keygen parameters.
- Support for RFC 5011 automated trust anchor maintenance
- Smart signing: simplified tools for zone signing and key
maintenance.
- The "statistics-channels" option is now available on Windows.
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
- On some platforms, named and other binaries can now print out
a stack backtrace on assertion failure, to aid in debugging.
- A "tools only" installation mode on Windows, which only installs
dig, host, nslookup and nsupdate.
- Improved PKCS#11 support, including Keyper support and explicit
OpenSSL engine selection.
Known issues in this release:
- In rare cases, DNSSEC validation can leak memory. When this
happens, it will cause an assertion failure when named exits,
but is otherwise harmless. A fix exists, but was too late for
this release; it will be included in BIND 9.7.1.
Compatibility notes:
- If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
you should ensure that all changes that are in progress have
completed prior to upgrading to BIND 9.7. BIND 9.7 implements
those features in a way which is not backwards compatible.
- Prior releases had a bug which caused HMAC-SHA* keys with long
secrets to be used incorrectly. Fixing this bug means that older
versions of BIND 9 may fail to interoperate with this version
when using TSIG keys. If this occurs, the new "isc-hmac-fixup"
tool will convert a key with a long secret into a form that works
correctly with all versions of BIND 9. See the "isc-hmac-fixup"
man page for additional details.
- Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
It is possible for the new key ID to collide with that of a
different key. Newly generated keys will not have this problem,
as "dnssec-keygen" looks for potential collisions before
generating keys, but exercise caution if using key revokation
with keys that were generated by older versions of BIND 9. See
the Administrator's Reference Manual, section 4.10 ("Dynamic
Trust Anchor Management") for more details.
- A bug was fixed in which a key's scheduled inactivity date was
stored incorectly. Users who participated in the 9.7.0 BETA test
and had DNSSEC keys with scheduled inactivity dates will need to
reset those keys' dates using "dnssec-settime -I".
- Inline signing, allowing automatic DNSSEC signing of
master zones without modification of the zonefile, or
"bump in the wire" signing in slaves.
- NXDOMAIN redirection.
- New 'rndc flushtree' command clears all data under a given
name from the DNS cache.
- New 'rndc sync' command dumps pending changes in a dynamic
zone to disk without a freeze/thaw cycle.
- New 'rndc signing' command displays or clears signing status
records in 'auto-dnssec' zones.
- NSEC3 parameters for 'auto-dnssec' zones can now be set prior
to signing, eliminating the need to initially sign with NSEC.
- Startup time improvements on large authoritative servers.
- Slave zones are now saved in raw format by default.
- Several improvements to response policy zones (RPZ).
- Improved hardware scalability by using multiple threads
to listen for queries and using finer-grained client locking
- The 'also-notify' option now takes the same syntax as
'masters', so it can used named masterlists and TSIG keys.
- 'dnssec-signzone -D' writes an output file containing only DNSSEC
data, which can be included by the primary zone file.
- 'dnssec-signzone -R' forces removal of signatures that are
not expired but were created by a key which no longer exists.
- 'dnssec-signzone -X' allows a separate expiration date to
be specified for DNSKEY signatures from other signatures.
- New '-L' option to dnssec-keygen, dnssec-settime, and
dnssec-keyfromlabel sets the default TTL for the key.
- dnssec-dsfromkey now supports reading from standard input,
to make it easier to convert DNSKEY to DS.
- RFC 1918 reverse zones have been added to the empty-zones
table per RFC 6303.
- Dynamic updates can now optionally set the zone's SOA serial
number to the current UNIX time.
- DLZ modules can now retrieve the source IP address of
the querying client.
- 'request-ixfr' option can now be set at the per-zone level.
- 'dig +rrcomments' turns on comments about DNSKEY records,
indicating their key ID, algorithm and function
- Simplified nsupdate syntax and added readline support
Building
@ -188,12 +138,12 @@ Building
AIX 4.3, 5L
CentOS 4, 4.5, 5
Darwin 9.0.0d1/ARM
Debian 4
Fedora Core 5, 7
FreeBSD 6.1
Debian 4, 5, 6
Fedora Core 5, 7, 8
FreeBSD 6, 7, 8
HP-UX 11.23 PA
MacOS X 10.4, 10.5
Red Hat Enterprise Linux 4, 5
MacOS X 10.5, 10.6, 10.7
Red Hat Enterprise Linux 4, 5, 6
SCO OpenServer 5.0.6
Slackware 9, 10
SuSE 9, 10
@ -214,7 +164,8 @@ Building
CFLAGS
C compiler flags. Defaults to include -g and/or -O2
as supported by the compiler.
as supported by the compiler. Please include '-g'
if you need to set CFLAGS.
STD_CINCLUDES
System header file directories. Can be used to specify
@ -331,6 +282,10 @@ Building
libraries. sh-utils-1.16 provides a "printf" which compiles
on SunOS 4.
Known limitations
Linux requires kernel build 2.6.39 or later to get the
performance benefits from using multiple sockets.
Documentation

7
contrib/bind9/aclocal.m4 vendored
View File

@ -1,2 +1,5 @@
sinclude(./libtool.m4)dnl
sinclude(libtool.m4/libtool.m4)dnl
sinclude(libtool.m4/ltoptions.m4)dnl
sinclude(libtool.m4/ltsugar.m4)dnl
sinclude(libtool.m4/ltversion.m4)dnl
sinclude(libtool.m4/lt~obsolete.m4)dnl

6
contrib/bind9/bin/Makefile.in
View File

@ -1,4 +1,4 @@
# Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -19,8 +19,8 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
SUBDIRS = named rndc dig dnssec tests tools nsupdate \
check confgen @PKCS11_TOOLS@
SUBDIRS = named rndc dig dnssec tools tests nsupdate \
check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
TARGETS =
@BIND9_MAKE_RULES@

20
contrib/bind9/bin/check/check-tool.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.c,v 1.41 2010/09/07 23:46:59 tbox Exp $ */
/* $Id: check-tool.c,v 1.44 2011/12/22 07:32:39 each Exp $ */
/*! \file */
@ -196,6 +196,10 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
a->type == dns_rdatatype_a);
REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) ||
aaaa->type == dns_rdatatype_aaaa);
if (a == NULL || aaaa == NULL)
return (answer);
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
hints.ai_family = PF_UNSPEC;
@ -258,8 +262,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
}
return (ISC_TRUE);
}
if (a == NULL || aaaa == NULL)
return (answer);
/*
* Check that all glue records really exist.
*/
@ -597,7 +600,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
dns_zone_settype(zone, dns_zone_master);
isc_buffer_init(&buffer, zonename, strlen(zonename));
isc_buffer_constinit(&buffer, zonename, strlen(zonename));
isc_buffer_add(&buffer, strlen(zonename));
dns_fixedname_init(&fixorigin);
origin = dns_fixedname_name(&fixorigin);
@ -635,7 +638,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
/*% dump the zone */
isc_result_t
dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
dns_masterformat_t fileformat, const dns_master_style_t *style)
dns_masterformat_t fileformat, const dns_master_style_t *style,
const isc_uint32_t rawversion)
{
isc_result_t result;
FILE *output = stdout;
@ -661,8 +665,8 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
}
}
result = dns_zone_dumptostream2(zone, output, fileformat, style);
result = dns_zone_dumptostream3(zone, output, fileformat, style,
rawversion);
if (output != stdout)
(void)isc_stdio_close(output);

7
contrib/bind9/bin/check/check-tool.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2010, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.h,v 1.16 2010/09/07 23:46:59 tbox Exp $ */
/* $Id: check-tool.h,v 1.18 2011/12/09 23:47:02 tbox Exp $ */
#ifndef CHECK_TOOL_H
#define CHECK_TOOL_H
@ -41,7 +41,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
isc_result_t
dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
dns_masterformat_t fileformat, const dns_master_style_t *style);
dns_masterformat_t fileformat, const dns_master_style_t *style,
const isc_uint32_t rawversion);
#ifdef _WIN32
void InitSockets(void);

17
contrib/bind9/bin/check/named-checkconf.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkconf.c,v 1.54.62.2 2011/03/12 04:59:13 tbox Exp $ */
/* $Id: named-checkconf.c,v 1.56 2011/03/12 04:59:46 tbox Exp $ */
/*! \file */
@ -294,6 +294,18 @@ configure_zone(const char *vclass, const char *view,
zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
}
obj = NULL;
if (get_maps(maps, "check-spf", &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_CHECKSPF;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options &= ~DNS_ZONEOPT_CHECKSPF;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_CHECKSPF;
}
obj = NULL;
if (get_checknames(maps, &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
@ -471,6 +483,7 @@ main(int argc, char **argv) {
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
/* FALLTHROUGH */
case 'h':
usage();

35
contrib/bind9/bin/check/named-checkzone.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -33,9 +33,9 @@
named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
.SH "SYNOPSIS"
.HP 16
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
.HP 18
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
.SH "DESCRIPTION"
.PP
\fBnamed\-checkzone\fR
@ -139,11 +139,19 @@ Specify the format of the zone file. Possible formats are
.PP
\-F \fIformat\fR
.RS 4
Specify the format of the output file specified. Possible formats are
Specify the format of the output file specified. For
\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
.sp
Possible formats are
\fB"text"\fR
(default) and
\fB"raw"\fR. For
\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
\fB"raw"\fR
or
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
\fBnamed\fR.
\fB"raw=N"\fR
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
.RE
.PP
\-k \fImode\fR
@ -160,6 +168,11 @@ checks with the specified failure mode. Possible modes are
\fB"ignore"\fR.
.RE
.PP
\-L \fIserial\fR
.RS 4
When compiling a zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
.RE
.PP
\-m \fImode\fR
.RS 4
Specify whether MX records should be checked to see if they are addresses. Possible modes are
@ -236,6 +249,14 @@ Chroot to
so that include directives in the configuration file are processed as if run by a similarly chrooted named.
.RE
.PP
\-T \fImode\fR
.RS 4
Check if Sender Policy Framework records (TXT and SPF) both exist or both don't exist. A warning is issued if they don't match. Possible modes are
\fB"warn"\fR
(default),
\fB"ignore"\fR.
.RE
.PP
\-w \fIdirectory\fR
.RS 4
chdir to
@ -281,7 +302,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004\-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2007, 2009\-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br

71
contrib/bind9/bin/check/named-checkzone.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkzone.c,v 1.61.62.2 2011/12/22 23:45:54 tbox Exp $ */
/* $Id: named-checkzone.c,v 1.65 2011/12/22 17:29:22 each Exp $ */
/*! \file */
@ -39,6 +39,7 @@
#include <dns/db.h>
#include <dns/fixedname.h>
#include <dns/log.h>
#include <dns/master.h>
#include <dns/masterdump.h>
#include <dns/name.h>
#include <dns/rdataclass.h>
@ -112,8 +113,12 @@ main(int argc, char **argv) {
const char *outputformatstr = NULL;
dns_masterformat_t inputformat = dns_masterformat_text;
dns_masterformat_t outputformat = dns_masterformat_text;
dns_masterrawheader_t header;
isc_uint32_t rawversion = 1, serialnum = 0;
isc_boolean_t snset = ISC_FALSE;
isc_boolean_t logdump = ISC_FALSE;
FILE *errout = stdout;
char *endp;
outputstyle = &dns_master_style_full;
@ -145,19 +150,21 @@ main(int argc, char **argv) {
if (progmode == progmode_compile) {
zone_options |= (DNS_ZONEOPT_CHECKNS |
DNS_ZONEOPT_FATALNS |
DNS_ZONEOPT_CHECKSPF |
DNS_ZONEOPT_CHECKDUPRR |
DNS_ZONEOPT_CHECKNAMES |
DNS_ZONEOPT_CHECKNAMESFAIL |
DNS_ZONEOPT_CHECKWILDCARD);
} else
zone_options |= DNS_ZONEOPT_CHECKDUPRR;
zone_options |= (DNS_ZONEOPT_CHECKDUPRR |
DNS_ZONEOPT_CHECKSPF);
#define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
isc_commandline_errprint = ISC_FALSE;
while ((c = isc_commandline_parse(argc, argv,
"c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:W:"))
"c:df:hi:jk:L:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
!= EOF) {
switch (c) {
case 'c':
@ -235,6 +242,17 @@ main(int argc, char **argv) {
}
break;
case 'L':
snset = ISC_TRUE;
endp = NULL;
serialnum = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0') {
fprintf(stderr, "source serial number "
"must be numeric");
exit(1);
}
break;
case 'n':
if (ARGCMP("ignore")) {
zone_options &= ~(DNS_ZONEOPT_CHECKNS|
@ -363,6 +381,18 @@ main(int argc, char **argv) {
}
break;
case 'T':
if (ARGCMP("warn")) {
zone_options |= DNS_ZONEOPT_CHECKSPF;
} else if (ARGCMP("ignore")) {
zone_options &= ~DNS_ZONEOPT_CHECKSPF;
} else {
fprintf(stderr, "invalid argument to -T: %s\n",
isc_commandline_argument);
exit(1);
}
break;
case 'W':
if (ARGCMP("warn"))
zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
@ -374,6 +404,7 @@ main(int argc, char **argv) {
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
prog_name, isc_commandline_option);
/* FALLTHROUGH */
case 'h':
usage();
@ -398,7 +429,11 @@ main(int argc, char **argv) {
inputformat = dns_masterformat_text;
else if (strcasecmp(inputformatstr, "raw") == 0)
inputformat = dns_masterformat_raw;
else {
else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
inputformat = dns_masterformat_raw;
fprintf(stderr,
"WARNING: input format raw, version ignored\n");
} else {
fprintf(stderr, "unknown file format: %s\n",
inputformatstr);
exit(1);
@ -406,11 +441,22 @@ main(int argc, char **argv) {
}
if (outputformatstr != NULL) {
if (strcasecmp(outputformatstr, "text") == 0)
if (strcasecmp(outputformatstr, "text") == 0) {
outputformat = dns_masterformat_text;
else if (strcasecmp(outputformatstr, "raw") == 0)
} else if (strcasecmp(outputformatstr, "raw") == 0) {
outputformat = dns_masterformat_raw;
else {
} else if (strncasecmp(outputformatstr, "raw=", 4) == 0) {
char *end;
outputformat = dns_masterformat_raw;
rawversion = strtol(outputformatstr + 4, &end, 10);
if (end == outputformatstr + 4 || *end != '\0' ||
rawversion > 1U) {
fprintf(stderr,
"unknown raw format version\n");
exit(1);
}
} else {
fprintf(stderr, "unknown file format: %s\n",
outputformatstr);
exit(1);
@ -465,13 +511,20 @@ main(int argc, char **argv) {
result = load_zone(mctx, origin, filename, inputformat, classname,
&zone);
if (snset) {
dns_master_initrawheader(&header);
header.flags = DNS_MASTERRAW_SOURCESERIALSET;
header.sourceserial = serialnum;
dns_zone_setrawdata(zone, &header);
}
if (result == ISC_R_SUCCESS && dumpzone) {
if (logdump) {
fprintf(errout, "dump zone to %s...", output_filename);
fflush(errout);
}
result = dump_zone(origin, zone, output_filename,
outputformat, outputstyle);
outputformat, outputstyle, rawversion);
if (logdump)
fprintf(errout, "done\n");
}

45
contrib/bind9/bin/check/named-checkzone.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkzone.docbook,v 1.40 2010/01/16 23:48:15 tbox Exp $ -->
<!-- $Id: named-checkzone.docbook,v 1.44 2011/12/22 07:32:39 each Exp $ -->
<refentry id="man.named-checkzone">
<refentryinfo>
<date>June 13, 2000</date>
@ -38,6 +38,8 @@
<year>2007</year>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -70,11 +72,13 @@
<arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
<arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
<arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
<arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-D</option></arg>
<arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
@ -95,9 +99,11 @@
<arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
<arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-D</option></arg>
<arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
@ -247,12 +253,20 @@
<listitem>
<para>
Specify the format of the output file specified.
Possible formats are <command>"text"</command> (default)
and <command>"raw"</command>.
For <command>named-checkzone</command>,
this does not cause any effects unless it dumps the zone
contents.
</para>
<para>
Possible formats are <command>"text"</command> (default)
and <command>"raw"</command> or <command>"raw=N"</command>,
which store the zone in a binary format for rapid loading
by <command>named</command>. <command>"raw=N"</command>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
<command>named</command>; if N is 1, the file can be read
by release 9.9.0 or higher. The default is 1.
</para>
</listitem>
</varlistentry>
@ -271,6 +285,17 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">serial</replaceable></term>
<listitem>
<para>
When compiling a zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-m <replaceable class="parameter">mode</replaceable></term>
<listitem>
@ -379,6 +404,18 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-T <replaceable class="parameter">mode</replaceable></term>
<listitem>
<para>
Check if Sender Policy Framework records (TXT and SPF)
both exist or both don't exist. A warning is issued
if they don't match. Possible modes are
<command>"warn"</command> (default), <command>"ignore"</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-w <replaceable class="parameter">directory</replaceable></term>
<listitem>

47
contrib/bind9/bin/check/named-checkzone.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -29,11 +29,11 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543696"></a><h2>DESCRIPTION</h2>
<a name="id2543736"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@ -53,7 +53,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543731"></a><h2>OPTIONS</h2>
<a name="id2543771"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@ -128,14 +128,24 @@
and <span><strong class="command">"raw"</strong></span>.
</p></dd>
<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
<dd><p>
<dd>
<p>
Specify the format of the output file specified.
Possible formats are <span><strong class="command">"text"</strong></span> (default)
and <span><strong class="command">"raw"</strong></span>.
For <span><strong class="command">named-checkzone</strong></span>,
this does not cause any effects unless it dumps the zone
contents.
</p></dd>
</p>
<p>
Possible formats are <span><strong class="command">"text"</strong></span> (default)
and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
which store the zone in a binary format for rapid loading
by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
<span><strong class="command">named</strong></span>; if N is 1, the file can be read
by release 9.9.0 or higher. The default is 1.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Perform <span><strong class="command">"check-names"</strong></span> checks with the
@ -146,6 +156,12 @@
(default for <span><strong class="command">named-checkzone</strong></span>) and
<span><strong class="command">"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
<dd><p>
When compiling a zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</p></dd>
<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Specify whether MX records should be checked to see if they
@ -214,6 +230,13 @@
directives in the configuration file are processed as if
run by a similarly chrooted named.
</p></dd>
<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Check if Sender Policy Framework records (TXT and SPF)
both exist or both don't exist. A warning is issued
if they don't match. Possible modes are
<span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
chdir to <code class="filename">directory</code> so that
@ -247,14 +270,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544446"></a><h2>RETURN VALUES</h2>
<a name="id2544612"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544458"></a><h2>SEE ALSO</h2>
<a name="id2544624"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@ -262,7 +285,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544491"></a><h2>AUTHOR</h2>
<a name="id2544657"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

2
contrib/bind9/bin/confgen/ddns-confgen.c
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: ddns-confgen.c,v 1.9.308.2 2011/03/12 04:59:13 tbox Exp $ */
/* $Id: ddns-confgen.c,v 1.11 2011/03/12 04:59:46 tbox Exp $ */
/*! \file */

12
contrib/bind9/bin/confgen/keygen.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -126,13 +126,17 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
switch (alg) {
case DST_ALG_HMACMD5:
case DST_ALG_HMACSHA1:
case DST_ALG_HMACSHA224:
case DST_ALG_HMACSHA256:
if (keysize < 1 || keysize > 512)
fatal("keysize %d out of range (must be 1-512)\n",
keysize);
break;
case DST_ALG_HMACSHA256:
if (keysize < 1 || keysize > 256)
fatal("keysize %d out of range (must be 1-256)\n",
case DST_ALG_HMACSHA384:
case DST_ALG_HMACSHA512:
if (keysize < 1 || keysize > 1024)
fatal("keysize %d out of range (must be 1-1024)\n",
keysize);
break;
default:

6
contrib/bind9/bin/confgen/rndc-confgen.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc-confgen.c,v 1.5.308.2 2011/03/12 04:59:13 tbox Exp $ */
/* $Id: rndc-confgen.c,v 1.7 2011/03/12 04:59:46 tbox Exp $ */
/*! \file */
@ -140,8 +140,6 @@ main(int argc, char **argv) {
keysize = strtol(isc_commandline_argument, &p, 10);
if (*p != '\0' || keysize < 0)
fatal("-b requires a non-negative number");
if (keysize < 1 || keysize > 512)
fatal("-b must be in the range 1 through 512");
break;
case 'c':
keyfile = isc_commandline_argument;

6
contrib/bind9/bin/dig/Makefile.in
View File

@ -1,4 +1,4 @@
# Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2005, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -23,6 +23,8 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
READLINE_LIB = @READLINE_LIB@
CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} ${BIND9_INCLUDES} \
${ISC_INCLUDES} ${LWRES_INCLUDES} ${ISCCFG_INCLUDES}
@ -78,7 +80,7 @@ host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
${FINALBUILDCMD}
nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
export BASEOBJS="nslookup.@O@ dighost.@O@ ${UOBJS}"; \
export BASEOBJS="nslookup.@O@ dighost.@O@ ${READLINE_LIB} ${UOBJS}"; \
${FINALBUILDCMD}
doc man:: ${MANOBJS}

46
contrib/bind9/bin/dig/dig.1
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -57,7 +57,9 @@ allows multiple lookups to be issued from the command line.
Unless it is told to query a specific name server,
\fBdig\fR
will try each of the servers listed in
\fI/etc/resolv.conf\fR.
\fI/etc/resolv.conf\fR. If no usable server addreses are found,
\fBdig\fR
will send the query to the local host.
.PP
When no command line arguments or options are given,
\fBdig\fR
@ -95,13 +97,20 @@ is the name or IP address of the name server to query. This can be an IPv4 addre
\fIserver\fR
argument is a hostname,
\fBdig\fR
resolves that name before querying that name server. If no
resolves that name before querying that name server.
.sp
If no
\fIserver\fR
argument is provided,
\fBdig\fR
consults
\fI/etc/resolv.conf\fR
and queries the name servers listed there. The reply from the name server that responds is displayed.
\fI/etc/resolv.conf\fR; if an address is found there, it queries the name server at that address. If either of the
\fB\-4\fR
or
\fB\-6\fR
options are in use, then only addresses for the corresponding transport will be tried. If no usable addresses are found,
\fBdig\fR
will send the query to the local host. The reply from the name server that responds is displayed.
.RE
.PP
\fBname\fR
@ -291,7 +300,7 @@ A synonym for
.PP
\fB+[no]adflag\fR
.RS 4
Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated.
Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default.
.RE
.PP
\fB+[no]cdflag\fR
@ -332,6 +341,9 @@ attempts to find the authoritative name servers for the zone containing the name
Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
\fBdig\fR
makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
.sp
\fB+dnssec\fR
is also set when +trace is set to better emulate the default queries from a nameserver.
.RE
.PP
\fB+[no]cmd\fR
@ -358,6 +370,24 @@ option is enabled. If short form answers are requested, the default is not to sh
Toggle the display of comment lines in the output. The default is to print comments.
.RE
.PP
\fB+[no]rrcomments\fR
.RS 4
Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active.
.RE
.PP
\fB+split=W\fR
.RS 4
Split long hex\- or base64\-formatted fields in resource records into chunks of
\fIW\fR
characters (where
\fIW\fR
is rounded up to the nearest multiple of 4).
\fI+nosplit\fR
or
\fI+split=0\fR
causes fields not to be split at all. The default is 56 characters, or 44 characters when multiline mode is active.
.RE
.PP
\fB+[no]stats\fR
.RS 4
This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
@ -445,7 +475,7 @@ bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively
.RS 4
Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
\fB+noedns\fR
clears the remembered EDNS version.
clears the remembered EDNS version. EDNS is set to 0 by default.
.RE
.PP
\fB+[no]multiline\fR
@ -567,7 +597,7 @@ RFC1035.
.PP
There are probably too many query options.
.SH "COPYRIGHT"
Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

118
contrib/bind9/bin/dig/dig.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.c,v 1.237.124.4 2011/12/07 17:23:55 each Exp $ */
/* $Id: dig.c,v 1.245 2011/12/07 17:23:28 each Exp $ */
/*! \file */
@ -67,7 +67,8 @@ static char domainopt[DNS_NAME_MAXTEXT];
static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE,
ip6_int = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE,
multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE,
onesoa = ISC_FALSE;
onesoa = ISC_FALSE, rrcomments = ISC_FALSE;
static isc_uint32_t splitwidth = 0xffffffff;
/*% opcode text */
static const char * const opcodetext[] = {
@ -186,7 +187,7 @@ help(void) {
" +domain=### (Set default domainname)\n"
" +bufsize=### (Set EDNS0 Max UDP packet size)\n"
" +ndots=### (Set NDOTS value)\n"
" +edns=### (Set EDNS version)\n"
" +[no]edns[=###] (Set EDNS version) [0]\n"
" +[no]search (Set whether to use searchlist)\n"
" +[no]showsearch (Search with intermediate results)\n"
" +[no]defname (Ditto)\n"
@ -201,6 +202,8 @@ help(void) {
" +[no]cl (Control display of class in records)\n"
" +[no]cmd (Control display of command line)\n"
" +[no]comments (Control display of comment lines)\n"
" +[no]rrcomments (Control display of per-record "
"comments)\n"
" +[no]question (Control display of question)\n"
" +[no]answer (Control display of answer)\n"
" +[no]authority (Control display of authority)\n"
@ -213,7 +216,7 @@ help(void) {
" +[no]qr (Print question before sending)\n"
" +[no]nssearch (Search all authoritative nameservers)\n"
" +[no]identify (ID responders in short answers)\n"
" +[no]trace (Trace delegation down from root)\n"
" +[no]trace (Trace delegation down from root [+dnssec])\n"
" +[no]dnssec (Request DNSSEC records)\n"
" +[no]nsid (Request Name Server ID)\n"
#ifdef DIG_SIGCHASE
@ -223,6 +226,7 @@ help(void) {
" +[no]topdown (Do DNSSEC validation top down mode)\n"
#endif
#endif
" +[no]split=## (Split hex/base64 fields into chunks)\n"
" +[no]multiline (Print records in an expanded format)\n"
" +[no]onesoa (AXFR prints only one soa record)\n"
" global d-opts and servers (before host name) affect all queries.\n"
@ -240,6 +244,8 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
isc_uint64_t diff;
isc_time_t now;
time_t tnow;
struct tm tmnow;
char time_str[100];
char fromtext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(from, fromtext, sizeof(fromtext));
@ -251,7 +257,10 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
printf(";; Query time: %ld msec\n", (long int)diff/1000);
printf(";; SERVER: %s(%s)\n", fromtext, query->servname);
time(&tnow);
printf(";; WHEN: %s", ctime(&tnow));
tmnow = *localtime(&tnow);
if (strftime(time_str, sizeof(time_str),
"%a %b %d %H:%M:%S %Z %Y", &tmnow) > 0U)
printf(";; WHEN: %s\n", time_str);
if (query->lookup->doing_xfr) {
printf(";; XFR size: %u records (messages %u, "
"bytes %" ISC_PRINT_QUADFORMAT "u)\n",
@ -259,7 +268,6 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
query->byte_count);
} else {
printf(";; MSG SIZE rcvd: %u\n", bytes);
}
if (key != NULL) {
if (!validated)
@ -276,7 +284,7 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
"from %s(%s) in %d ms\n\n",
query->lookup->doing_xfr ?
query->byte_count : (isc_uint64_t)bytes,
fromtext, query->servname,
fromtext, query->userarg,
(int)diff/1000);
}
}
@ -391,6 +399,8 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
styleflags |= DNS_STYLEFLAG_NO_TTL;
if (noclass)
styleflags |= DNS_STYLEFLAG_NO_CLASS;
if (rrcomments)
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
if (multiline) {
styleflags |= DNS_STYLEFLAG_OMIT_OWNER;
styleflags |= DNS_STYLEFLAG_OMIT_CLASS;
@ -399,16 +409,21 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
styleflags |= DNS_STYLEFLAG_TTL;
styleflags |= DNS_STYLEFLAG_MULTILINE;
styleflags |= DNS_STYLEFLAG_COMMENT;
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
}
if (multiline || (nottl && noclass))
result = dns_master_stylecreate(&style, styleflags,
24, 24, 24, 32, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 24, 24, 32, 80, 8,
splitwidth, mctx);
else if (nottl || noclass)
result = dns_master_stylecreate(&style, styleflags,
24, 24, 32, 40, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 24, 32, 40, 80, 8,
splitwidth, mctx);
else
result = dns_master_stylecreate(&style, styleflags,
24, 32, 40, 48, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 32, 40, 48, 80, 8,
splitwidth, mctx);
check_result(result, "dns_master_stylecreate");
result = dns_master_rdatasettotext(owner_name, rdataset, style, target);
@ -433,6 +448,10 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
unsigned int styleflags = 0;
styleflags |= DNS_STYLEFLAG_REL_OWNER;
if (query->lookup->comments)
styleflags |= DNS_STYLEFLAG_COMMENT;
if (rrcomments)
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
if (nottl)
styleflags |= DNS_STYLEFLAG_NO_TTL;
if (noclass)
@ -444,17 +463,20 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
styleflags |= DNS_STYLEFLAG_OMIT_TTL;
styleflags |= DNS_STYLEFLAG_TTL;
styleflags |= DNS_STYLEFLAG_MULTILINE;
styleflags |= DNS_STYLEFLAG_COMMENT;
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
}
if (multiline || (nottl && noclass))
result = dns_master_stylecreate(&style, styleflags,
24, 24, 24, 32, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 24, 24, 32, 80, 8,
splitwidth, mctx);
else if (nottl || noclass)
result = dns_master_stylecreate(&style, styleflags,
24, 24, 32, 40, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 24, 32, 40, 80, 8,
splitwidth, mctx);
else
result = dns_master_stylecreate(&style, styleflags,
24, 32, 40, 48, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 32, 40, 48, 80, 8,
splitwidth, mctx);
check_result(result, "dns_master_stylecreate");
if (query->lookup->cmdline[0] != 0) {
@ -525,6 +547,13 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
printf(";; WARNING: recursion requested "
"but not available\n");
}
if (msg != query->lookup->sendmsg &&
query->lookup->edns != -1 && msg->opt == NULL &&
(msg->rcode == dns_rcode_formerr ||
msg->rcode == dns_rcode_notimp))
printf("\n;; WARNING: EDNS query returned status "
"%s - retry with '+noedns'\n",
rcode_totext(msg->rcode));
if (msg != query->lookup->sendmsg && extrabytes != 0U)
printf(";; WARNING: Messages has %u extra byte%s at "
"end\n", extrabytes, extrabytes != 0 ? "s" : "");
@ -754,6 +783,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->section_answer = state;
lookup->section_additional = state;
lookup->comments = state;
rrcomments = state;
lookup->stats = state;
printcmd = state;
break;
@ -855,8 +885,10 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->edns = -1;
break;
}
if (value == NULL)
goto need_value;
if (value == NULL) {
lookup->edns = 0;
break;
}
result = parse_uint(&num, value, 255, "edns");
if (result != ISC_R_SUCCESS)
fatal("Couldn't parse edns");
@ -912,6 +944,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->identify = ISC_TRUE;
lookup->stats = ISC_FALSE;
lookup->comments = ISC_FALSE;
rrcomments = ISC_FALSE;
lookup->section_additional = ISC_FALSE;
lookup->section_authority = ISC_FALSE;
lookup->section_question = ISC_FALSE;
@ -972,6 +1005,10 @@ plus_option(char *option, isc_boolean_t is_batchfile,
goto invalid_option;
}
break;
case 'r': /* rrcomments */
FULLCHECK("rrcomments");
rrcomments = state;
break;
default:
goto invalid_option;
}
@ -998,6 +1035,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->section_authority = ISC_FALSE;
lookup->section_question = ISC_FALSE;
lookup->comments = ISC_FALSE;
rrcomments = ISC_FALSE;
lookup->stats = ISC_FALSE;
}
break;
@ -1020,6 +1058,36 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->dnssec = ISC_TRUE;
break;
#endif
case 'p': /* split */
FULLCHECK("split");
if (value != NULL && !state)
goto invalid_option;
if (!state) {
splitwidth = 0;
break;
} else if (value == NULL)
break;
result = parse_uint(&splitwidth, value,
1023, "split");
if (splitwidth % 4 != 0) {
splitwidth = ((splitwidth + 3) / 4) * 4;
fprintf(stderr, ";; Warning, split must be "
"a multiple of 4; adjusting "
"to %d\n", splitwidth);
}
/*
* There is an adjustment done in the
* totext_<rrtype>() functions which causes
* splitwidth to shrink. This is okay when we're
* using the default width but incorrect in this
* case, so we correct for it
*/
if (splitwidth)
splitwidth += 3;
if (result != ISC_R_SUCCESS)
fatal("Couldn't parse retries");
break;
case 't': /* stats */
FULLCHECK("stats");
lookup->stats = state;
@ -1064,10 +1132,12 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->recurse = ISC_FALSE;
lookup->identify = ISC_TRUE;
lookup->comments = ISC_FALSE;
rrcomments = ISC_FALSE;
lookup->stats = ISC_FALSE;
lookup->section_additional = ISC_FALSE;
lookup->section_authority = ISC_TRUE;
lookup->section_question = ISC_FALSE;
lookup->dnssec = ISC_TRUE;
usesearch = ISC_FALSE;
}
break;
@ -1471,6 +1541,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
if (!is_batchfile) {
debug("making new lookup");
default_lookup = make_empty_lookup();
default_lookup->adflag = ISC_TRUE;
default_lookup->edns = 0;
#ifndef NOPOSIX
/*

138
contrib/bind9/bin/dig/dig.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dig.docbook,v 1.47 2010/03/04 23:50:34 tbox Exp $ -->
<!-- $Id: dig.docbook,v 1.51 2011/11/04 11:02:50 jreed Exp $ -->
<refentry id="man.dig">
<refentryinfo>
@ -45,6 +45,8 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -116,9 +118,10 @@
<para>
Unless it is told to query a specific name server,
<command>dig</command> will try each of the servers listed
in
<filename>/etc/resolv.conf</filename>.
<command>dig</command> will try each of the servers listed in
<filename>/etc/resolv.conf</filename>. If no usable server addreses
are found, <command>dig</command> will send the query to the local
host.
</para>
<para>
@ -157,20 +160,25 @@
<term><constant>server</constant></term>
<listitem>
<para>
is the name or IP address of the name server to query. This can
be an IPv4
address in dotted-decimal notation or an IPv6
is the name or IP address of the name server to query. This
can be an IPv4 address in dotted-decimal notation or an IPv6
address in colon-delimited notation. When the supplied
<parameter>server</parameter> argument is a
hostname,
<command>dig</command> resolves that name before
querying that name
server. If no <parameter>server</parameter>
argument is provided,
<command>dig</command> consults <filename>/etc/resolv.conf</filename>
and queries the name servers listed there. The reply from the
name
server that responds is displayed.
<parameter>server</parameter> argument is a hostname,
<command>dig</command> resolves that name before querying
that name server.
</para>
<para>
If no <parameter>server</parameter> argument is
provided, <command>dig</command> consults
<filename>/etc/resolv.conf</filename>; if an
address is found there, it queries the name server at
that address. If either of the <option>-4</option> or
<option>-6</option> options are in use, then
only addresses for the corresponding transport
will be tried. If no usable addresses are found,
<command>dig</command> will send the query to the
local host. The reply from the name server that
responds is displayed.
</para>
</listitem>
</varlistentry>
@ -460,7 +468,8 @@
policy of the server. AD=1 indicates that all records
have been validated as secure and the answer is not
from a OPT-OUT range. AD=0 indicate that some part
of the answer was insecure or not validated.
of the answer was insecure or not validated. This
bit is set by default.
</para>
</listitem>
</varlistentry>
@ -497,19 +506,17 @@
<varlistentry>
<term><option>+[no]recurse</option></term>
<listitem>
<para>
Toggle the setting of the RD (recursion desired) bit in the
query.
This bit is set by default, which means <command>dig</command>
normally sends recursive queries. Recursion is automatically
disabled
when the <parameter>+nssearch</parameter> or
<parameter>+trace</parameter> query options are
used.
</para>
</listitem>
</varlistentry>
<listitem>
<para>
Toggle the setting of the RD (recursion desired) bit
in the query. This bit is set by default, which means
<command>dig</command> normally sends recursive
queries. Recursion is automatically disabled when
the <parameter>+nssearch</parameter> or
<parameter>+trace</parameter> query options are used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]nssearch</option></term>
@ -529,20 +536,21 @@
<varlistentry>
<term><option>+[no]trace</option></term>
<listitem>
<para>
Toggle tracing of the delegation path from the root name servers
for
the name being looked up. Tracing is disabled by default. When
tracing is enabled, <command>dig</command> makes
iterative queries to
resolve the name being looked up. It will follow referrals from
the
root servers, showing the answer from each server that was used
to
resolve the lookup.
</para>
</listitem>
</varlistentry>
<para>
Toggle tracing of the delegation path from the root
name servers for the name being looked up. Tracing
is disabled by default. When tracing is enabled,
<command>dig</command> makes iterative queries to
resolve the name being looked up. It will follow
referrals from the root servers, showing the answer
from each server that was used to resolve the lookup.
</para>
<para>
<command>+dnssec</command> is also set when +trace is
set to better emulate the default queries from a nameserver.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]cmd</option></term>
@ -587,8 +595,35 @@
<listitem>
<para>
Toggle the display of comment lines in the output. The default
is to
print comments.
is to print comments.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]rrcomments</option></term>
<listitem>
<para>
Toggle the display of per-record comments in the output (for
example, human-readable key information about DNSKEY records).
The default is not to print record comments unless multiline
mode is active.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+split=W</option></term>
<listitem>
<para>
Split long hex- or base64-formatted fields in resource
records into chunks of <parameter>W</parameter> characters
(where <parameter>W</parameter> is rounded up to the nearest
multiple of 4).
<parameter>+nosplit</parameter> or
<parameter>+split=0</parameter> causes fields not to be
split at all. The default is 56 characters, or 44 characters
when multiline mode is active.
</para>
</listitem>
</varlistentry>
@ -748,9 +783,10 @@
<listitem>
<para>
Specify the EDNS version to query with. Valid values
are 0 to 255. Setting the EDNS version will cause a
EDNS query to be sent. <option>+noedns</option> clears the
remembered EDNS version.
are 0 to 255. Setting the EDNS version will cause
a EDNS query to be sent. <option>+noedns</option>
clears the remembered EDNS version. EDNS is set to
0 by default.
</para>
</listitem>
</varlistentry>

138
contrib/bind9/bin/dig/dig.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -34,7 +34,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543524"></a><h2>DESCRIPTION</h2>
<a name="id2543530"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@ -57,9 +57,10 @@
</p>
<p>
Unless it is told to query a specific name server,
<span><strong class="command">dig</strong></span> will try each of the servers listed
in
<code class="filename">/etc/resolv.conf</code>.
<span><strong class="command">dig</strong></span> will try each of the servers listed in
<code class="filename">/etc/resolv.conf</code>. If no usable server addreses
are found, <span><strong class="command">dig</strong></span> will send the query to the local
host.
</p>
<p>
When no command line arguments or options are given,
@ -80,7 +81,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543597"></a><h2>SIMPLE USAGE</h2>
<a name="id2543609"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@ -91,22 +92,29 @@
</p>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">server</code></span></dt>
<dd><p>
is the name or IP address of the name server to query. This can
be an IPv4
address in dotted-decimal notation or an IPv6
<dd>
<p>
is the name or IP address of the name server to query. This
can be an IPv4 address in dotted-decimal notation or an IPv6
address in colon-delimited notation. When the supplied
<em class="parameter"><code>server</code></em> argument is a
hostname,
<span><strong class="command">dig</strong></span> resolves that name before
querying that name
server. If no <em class="parameter"><code>server</code></em>
argument is provided,
<span><strong class="command">dig</strong></span> consults <code class="filename">/etc/resolv.conf</code>
and queries the name servers listed there. The reply from the
name
server that responds is displayed.
</p></dd>
<em class="parameter"><code>server</code></em> argument is a hostname,
<span><strong class="command">dig</strong></span> resolves that name before querying
that name server.
</p>
<p>
If no <em class="parameter"><code>server</code></em> argument is
provided, <span><strong class="command">dig</strong></span> consults
<code class="filename">/etc/resolv.conf</code>; if an
address is found there, it queries the name server at
that address. If either of the <code class="option">-4</code> or
<code class="option">-6</code> options are in use, then
only addresses for the corresponding transport
will be tried. If no usable addresses are found,
<span><strong class="command">dig</strong></span> will send the query to the
local host. The reply from the name server that
responds is displayed.
</p>
</dd>
<dt><span class="term"><code class="constant">name</code></span></dt>
<dd><p>
is the name of the resource record that is to be looked up.
@ -126,7 +134,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543688"></a><h2>OPTIONS</h2>
<a name="id2543713"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@ -230,7 +238,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544037"></a><h2>QUERY OPTIONS</h2>
<a name="id2544061"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@ -315,7 +323,8 @@
policy of the server. AD=1 indicates that all records
have been validated as secure and the answer is not
from a OPT-OUT range. AD=0 indicate that some part
of the answer was insecure or not validated.
of the answer was insecure or not validated. This
bit is set by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
<dd><p>
@ -334,15 +343,13 @@
</p></dd>
<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
<dd><p>
Toggle the setting of the RD (recursion desired) bit in the
query.
This bit is set by default, which means <span><strong class="command">dig</strong></span>
normally sends recursive queries. Recursion is automatically
disabled
when the <em class="parameter"><code>+nssearch</code></em> or
<em class="parameter"><code>+trace</code></em> query options are
used.
</p></dd>
Toggle the setting of the RD (recursion desired) bit
in the query. This bit is set by default, which means
<span><strong class="command">dig</strong></span> normally sends recursive
queries. Recursion is automatically disabled when
the <em class="parameter"><code>+nssearch</code></em> or
<em class="parameter"><code>+trace</code></em> query options are used.
</p></dd>
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
<dd><p>
When this option is set, <span><strong class="command">dig</strong></span>
@ -354,18 +361,21 @@
zone.
</p></dd>
<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
<dd><p>
Toggle tracing of the delegation path from the root name servers
for
the name being looked up. Tracing is disabled by default. When
tracing is enabled, <span><strong class="command">dig</strong></span> makes
iterative queries to
resolve the name being looked up. It will follow referrals from
the
root servers, showing the answer from each server that was used
to
resolve the lookup.
</p></dd>
<dd>
<p>
Toggle tracing of the delegation path from the root
name servers for the name being looked up. Tracing
is disabled by default. When tracing is enabled,
<span><strong class="command">dig</strong></span> makes iterative queries to
resolve the name being looked up. It will follow
referrals from the root servers, showing the answer
from each server that was used to resolve the lookup.
</p>
<p>
<span><strong class="command">+dnssec</strong></span> is also set when +trace is
set to better emulate the default queries from a nameserver.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
Toggles the printing of the initial comment in the output
@ -392,8 +402,25 @@
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
<dd><p>
Toggle the display of comment lines in the output. The default
is to
print comments.
is to print comments.
</p></dd>
<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
<dd><p>
Toggle the display of per-record comments in the output (for
example, human-readable key information about DNSKEY records).
The default is not to print record comments unless multiline
mode is active.
</p></dd>
<dt><span class="term"><code class="option">+split=W</code></span></dt>
<dd><p>
Split long hex- or base64-formatted fields in resource
records into chunks of <em class="parameter"><code>W</code></em> characters
(where <em class="parameter"><code>W</code></em> is rounded up to the nearest
multiple of 4).
<em class="parameter"><code>+nosplit</code></em> or
<em class="parameter"><code>+split=0</code></em> causes fields not to be
split at all. The default is 56 characters, or 44 characters
when multiline mode is active.
</p></dd>
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd><p>
@ -488,9 +515,10 @@
<dt><span class="term"><code class="option">+edns=#</code></span></dt>
<dd><p>
Specify the EDNS version to query with. Valid values
are 0 to 255. Setting the EDNS version will cause a
EDNS query to be sent. <code class="option">+noedns</code> clears the
remembered EDNS version.
are 0 to 255. Setting the EDNS version will cause
a EDNS query to be sent. <code class="option">+noedns</code>
clears the remembered EDNS version. EDNS is set to
0 by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
<dd><p>
@ -561,7 +589,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545186"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2545324"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@ -607,7 +635,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545248"></a><h2>IDN SUPPORT</h2>
<a name="id2545386"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -621,14 +649,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545338"></a><h2>FILES</h2>
<a name="id2545409"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545355"></a><h2>SEE ALSO</h2>
<a name="id2545426"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@ -636,7 +664,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545393"></a><h2>BUGS</h2>
<a name="id2545531"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

90
contrib/bind9/bin/dig/dighost.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dighost.c,v 1.336.22.9 2011/12/07 17:23:55 each Exp $ */
/* $Id: dighost.c,v 1.345 2011/12/07 17:23:28 each Exp $ */
/*! \file
* \note
@ -362,8 +362,6 @@ connect_timeout(isc_task_t *task, isc_event_t *event);
static void
launch_next_query(dig_query_t *query, isc_boolean_t include_question);
static void
send_tcp_connect(dig_query_t *query);
static void *
mem_alloc(void *arg, size_t size) {
@ -791,9 +789,9 @@ make_empty_lookup(void) {
looknew->new_search = ISC_FALSE;
looknew->done_as_is = ISC_FALSE;
looknew->need_search = ISC_FALSE;
dns_fixedname_init(&looknew->fdomain);
ISC_LINK_INIT(looknew, link);
ISC_LIST_INIT(looknew->q);
ISC_LIST_INIT(looknew->connecting);
ISC_LIST_INIT(looknew->my_server_list);
return (looknew);
}
@ -815,11 +813,11 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
looknew = make_empty_lookup();
INSIST(looknew != NULL);
strncpy(looknew->textname, lookold->textname, MXNAME);
strlcpy(looknew->textname, lookold->textname, MXNAME);
#if DIG_SIGCHASE_TD
strncpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME);
strlcpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME);
#endif
strncpy(looknew->cmdline, lookold->cmdline, MXNAME);
strlcpy(looknew->cmdline, lookold->cmdline, MXNAME);
looknew->textname[MXNAME-1] = 0;
looknew->rdtype = lookold->rdtype;
looknew->qrdtype = lookold->qrdtype;
@ -867,8 +865,6 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
looknew->tsigctx = NULL;
looknew->need_search = lookold->need_search;
looknew->done_as_is = lookold->done_as_is;
dns_name_copy(dns_fixedname_name(&lookold->fdomain),
dns_fixedname_name(&looknew->fdomain), NULL);
if (servers)
clone_server_list(lookold->my_server_list,
@ -998,7 +994,7 @@ parse_hmac(const char *hmac) {
len = strlen(hmac);
if (len >= (int) sizeof(buf))
fatal("unknown key type '%.*s'", len, hmac);
strncpy(buf, hmac, sizeof(buf));
strlcpy(buf, hmac, sizeof(buf));
digestbits = 0;
@ -1080,8 +1076,8 @@ read_confkey(void) {
secretstr = cfg_obj_asstring(secretobj);
algorithm = cfg_obj_asstring(algorithmobj);
strncpy(keynametext, keyname, sizeof(keynametext));
strncpy(keysecret, secretstr, sizeof(keysecret));
strlcpy(keynametext, keyname, sizeof(keynametext));
strlcpy(keysecret, secretstr, sizeof(keysecret));
parse_hmac(algorithm);
setup_text_key();
@ -1164,7 +1160,7 @@ make_searchlist_entry(char *domain) {
if (search == NULL)
fatal("memory allocation failure in %s:%d",
__FILE__, __LINE__);
strncpy(search->origin, domain, MXNAME);
strlcpy(search->origin, domain, MXNAME);
search->origin[MXNAME-1] = 0;
ISC_LINK_INIT(search, link);
return (search);
@ -1473,7 +1469,10 @@ clear_query(dig_query_t *query) {
if (lookup->current_query == query)
lookup->current_query = NULL;
ISC_LIST_UNLINK(lookup->q, query, link);
if (ISC_LINK_LINKED(query, link))
ISC_LIST_UNLINK(lookup->q, query, link);
if (ISC_LINK_LINKED(query, clink))
ISC_LIST_UNLINK(lookup->connecting, query, clink);
if (ISC_LINK_LINKED(&query->recvbuf, link))
ISC_LIST_DEQUEUE(query->recvlist, &query->recvbuf,
link);
@ -1481,6 +1480,7 @@ clear_query(dig_query_t *query) {
ISC_LIST_DEQUEUE(query->lengthlist, &query->lengthbuf,
link);
INSIST(query->recvspace != NULL);
if (query->sock != NULL) {
isc_socket_detach(&query->sock);
sockcount--;
@ -1508,13 +1508,22 @@ try_clear_lookup(dig_lookup_t *lookup) {
debug("try_clear_lookup(%p)", lookup);
if (ISC_LIST_HEAD(lookup->q) != NULL) {
if (ISC_LIST_HEAD(lookup->q) != NULL ||
ISC_LIST_HEAD(lookup->connecting) != NULL)
{
if (debugging) {
q = ISC_LIST_HEAD(lookup->q);
while (q != NULL) {
debug("query to %s still pending", q->servname);
q = ISC_LIST_NEXT(q, link);
}
q = ISC_LIST_HEAD(lookup->connecting);
while (q != NULL) {
debug("query to %s still connecting",
q->servname);
q = ISC_LIST_NEXT(q, clink);
}
}
return (ISC_FALSE);
}
@ -1642,7 +1651,7 @@ start_lookup(void) {
= current_lookup->rdclassset;
current_lookup->rdclass = dns_rdataclass_in;
strncpy(current_lookup->textnamesigchase,
strlcpy(current_lookup->textnamesigchase,
current_lookup->textname, MXNAME);
current_lookup->trace_root_sigchase = ISC_TRUE;
@ -1654,7 +1663,7 @@ start_lookup(void) {
check_result(result, "dns_name_totext");
isc_buffer_usedregion(b, &r);
r.base[r.length] = '\0';
strncpy(current_lookup->textname, (char*)r.base,
strlcpy(current_lookup->textname, (char*)r.base,
MXNAME);
isc_buffer_free(&b);
@ -1800,6 +1809,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
lookup->trace_root = ISC_FALSE;
if (lookup->ns_search_only)
lookup->recurse = ISC_FALSE;
dns_fixedname_init(&lookup->fdomain);
domain = dns_fixedname_name(&lookup->fdomain);
dns_name_copy(name, domain, NULL);
}
@ -2290,7 +2300,6 @@ setup_lookup(dig_lookup_t *lookup) {
query->rr_count = 0;
query->msg_count = 0;
query->byte_count = 0;
ISC_LINK_INIT(query, link);
ISC_LIST_INIT(query->recvlist);
ISC_LIST_INIT(query->lengthlist);
query->sock = NULL;
@ -2303,6 +2312,7 @@ setup_lookup(dig_lookup_t *lookup) {
isc_buffer_init(&query->slbuf, query->slspace, 2);
query->sendbuf = lookup->renderbuf;
ISC_LINK_INIT(query, clink);
ISC_LINK_INIT(query, link);
ISC_LIST_ENQUEUE(lookup->q, query, link);
}
@ -2424,6 +2434,7 @@ static void
force_timeout(dig_lookup_t *l, dig_query_t *query) {
isc_event_t *event;
debug("force_timeout ()");
event = isc_event_allocate(mctx, query, ISC_TIMEREVENT_IDLE,
connect_timeout, l,
sizeof(isc_event_t));
@ -2491,6 +2502,7 @@ send_tcp_connect(dig_query_t *query) {
send_tcp_connect(next);
return;
}
INSIST(query->sock == NULL);
result = isc_socket_create(socketmgr,
isc_sockaddr_pf(&query->sockaddr),
@ -2521,6 +2533,9 @@ send_tcp_connect(dig_query_t *query) {
if (l->ns_search_only && !l->trace_root) {
debug("sending next, since searching");
next = ISC_LIST_NEXT(query, link);
if (ISC_LINK_LINKED(query, link))
ISC_LIST_DEQUEUE(l->q, query, link);
ISC_LIST_ENQUEUE(l->connecting, query, clink);
if (next != NULL)
send_tcp_connect(next);
}
@ -2601,7 +2616,7 @@ send_udp(dig_query_t *query) {
static void
connect_timeout(isc_task_t *task, isc_event_t *event) {
dig_lookup_t *l = NULL;
dig_query_t *query = NULL, *cq;
dig_query_t *query = NULL, *next, *cq;
UNUSED(task);
REQUIRE(event->ev_type == ISC_TIMEREVENT_IDLE);
@ -2625,7 +2640,9 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
if (query->sock != NULL)
isc_socket_cancel(query->sock, NULL,
ISC_SOCKCANCEL_ALL);
send_tcp_connect(ISC_LIST_NEXT(cq, link));
next = ISC_LIST_NEXT(cq, link);
if (next != NULL)
send_tcp_connect(next);
}
UNLOCK_LOOKUP;
return;
@ -2868,9 +2885,8 @@ connect_done(isc_task_t *task, isc_event_t *event) {
if (next != NULL) {
bringup_timer(next, TCP_TIMEOUT);
send_tcp_connect(next);
} else {
} else
check_next_lookup(l);
}
UNLOCK_LOOKUP;
return;
}
@ -3427,6 +3443,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
if (n == 0)
docancel = ISC_TRUE;
l->trace_root = ISC_FALSE;
usesearch = ISC_FALSE;
} else
#ifdef DIG_SIGCHASE
if (!do_sigchase)
@ -3603,15 +3620,19 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) {
*/
void
do_lookup(dig_lookup_t *lookup) {
dig_query_t *query;
REQUIRE(lookup != NULL);
debug("do_lookup()");
lookup->pending = ISC_TRUE;
if (lookup->tcp_mode)
send_tcp_connect(ISC_LIST_HEAD(lookup->q));
else
send_udp(ISC_LIST_HEAD(lookup->q));
query = ISC_LIST_HEAD(lookup->q);
if (query != NULL) {
if (lookup->tcp_mode)
send_tcp_connect(query);
else
send_udp(query);
}
}
/*%
@ -4083,7 +4104,7 @@ sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
check_result(result, "dns_name_totext");
isc_buffer_usedregion(b, &r);
r.base[r.length] = '\0';
strcpy(lookup->textname, (char*)r.base);
strlcpy(lookup->textname, (char*)r.base, sizeof(lookup->textname));
isc_buffer_free(&b);
if (type == dns_rdatatype_rrsig)
@ -4208,7 +4229,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
return (ISC_R_NOMEMORY);
memset(tempnamekey, 0, tempnamekeylen);
strncpy(tempnamekey, tempname, tempnamelen);
strlcpy(tempnamekey, tempname, tempnamelen);
strcat(tempnamekey ,".key");
@ -4342,7 +4363,7 @@ prepare_lookup(dns_name_t *name)
lookup->new_search = ISC_TRUE;
lookup->trace_root_sigchase = ISC_FALSE;
strncpy(lookup->textname, lookup->textnamesigchase, MXNAME);
strlcpy(lookup->textname, lookup->textnamesigchase, MXNAME);
lookup->rdtype = lookup->rdtype_sigchase;
lookup->rdtypeset = ISC_TRUE;
@ -4401,7 +4422,7 @@ prepare_lookup(dns_name_t *name)
dns_rdata_totext(&aaaa, &ns.name, b);
isc_buffer_usedregion(b, &r);
r.base[r.length] = '\0';
strncpy(namestr, (char*)r.base,
strlcpy(namestr, (char*)r.base,
DNS_NAME_FORMATSIZE);
isc_buffer_free(&b);
dns_rdata_reset(&aaaa);
@ -4430,7 +4451,7 @@ prepare_lookup(dns_name_t *name)
dns_rdata_totext(&a, &ns.name, b);
isc_buffer_usedregion(b, &r);
r.base[r.length] = '\0';
strncpy(namestr, (char*)r.base,
strlcpy(namestr, (char*)r.base,
DNS_NAME_FORMATSIZE);
isc_buffer_free(&b);
dns_rdata_reset(&a);
@ -4609,7 +4630,6 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
{
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
dst_key_t *trustedKey = NULL;
dst_key_t *dnsseckey = NULL;
int i;
@ -4653,10 +4673,6 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
dst_key_free(&dnsseckey);
} while (dns_rdataset_next(rdataset) == ISC_R_SUCCESS);
if (trustedKey != NULL)
dst_key_free(&trustedKey);
trustedKey = NULL;
return (ISC_R_NOTFOUND);
}

20
contrib/bind9/bin/dig/host.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: host.c,v 1.124.40.3 2011/03/11 06:46:59 marka Exp $ */
/* $Id: host.c,v 1.127 2011/03/11 06:11:20 marka Exp $ */
/*! \file */
@ -446,10 +446,18 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
if (msg->rcode != 0) {
char namestr[DNS_NAME_FORMATSIZE];
dns_name_format(query->lookup->name, namestr, sizeof(namestr));
printf("Host %s not found: %d(%s)\n",
(msg->rcode != dns_rcode_nxdomain) ? namestr :
query->lookup->textname, msg->rcode,
rcode_totext(msg->rcode));
if (query->lookup->identify_previous_line)
printf("Nameserver %s:\n\t%s not found: %d(%s)\n",
query->servname,
(msg->rcode != dns_rcode_nxdomain) ? namestr :
query->lookup->textname, msg->rcode,
rcode_totext(msg->rcode));
else
printf("Host %s not found: %d(%s)\n",
(msg->rcode != dns_rcode_nxdomain) ? namestr :
query->lookup->textname, msg->rcode,
rcode_totext(msg->rcode));
return (ISC_R_SUCCESS);
}

6
contrib/bind9/bin/dig/include/dig/dig.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.h,v 1.111.306.3 2011/12/07 17:23:55 each Exp $ */
/* $Id: dig.h,v 1.114 2011/12/07 17:23:28 each Exp $ */
#ifndef DIG_H
#define DIG_H
@ -168,6 +168,7 @@ isc_boolean_t sigchase;
dns_name_t *oname;
ISC_LINK(dig_lookup_t) link;
ISC_LIST(dig_query_t) q;
ISC_LIST(dig_query_t) connecting;
dig_query_t *current_query;
dig_serverlist_t my_server_list;
dig_searchlist_t *origin;
@ -214,6 +215,7 @@ struct dig_query {
slspace[4];
isc_socket_t *sock;
ISC_LINK(dig_query_t) link;
ISC_LINK(dig_query_t) clink;
isc_sockaddr_t sockaddr;
isc_time_t time_sent;
isc_uint64_t byte_count;

68
contrib/bind9/bin/dig/nslookup.c
View File

@ -15,11 +15,12 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nslookup.c,v 1.127.38.2 2011/02/28 01:19:58 tbox Exp $ */
/* $Id: nslookup.c,v 1.130 2011/12/16 23:01:16 each Exp $ */
#include <config.h>
#include <stdlib.h>
#include <unistd.h>
#include <isc/app.h>
#include <isc/buffer.h>
@ -45,6 +46,11 @@
#include <dig/dig.h>
#if defined(HAVE_READLINE)
#include <readline/readline.h>
#include <readline/history.h>
#endif
static isc_boolean_t short_form = ISC_TRUE,
tcpmode = ISC_FALSE,
identify = ISC_FALSE, stats = ISC_TRUE,
@ -53,6 +59,8 @@ static isc_boolean_t short_form = ISC_TRUE,
section_additional = ISC_TRUE, recurse = ISC_TRUE,
aaonly = ISC_FALSE, nofail = ISC_TRUE;
static isc_boolean_t interactive;
static isc_boolean_t in_use = ISC_FALSE;
static char defclass[MXRD] = "IN";
static char deftype[MXRD] = "A";
@ -715,28 +723,12 @@ addlookup(char *opt) {
}
static void
get_next_command(void) {
char *buf;
do_next_command(char *input) {
char *ptr, *arg;
char *input;
fflush(stdout);
buf = isc_mem_allocate(mctx, COMMSIZE);
if (buf == NULL)
fatal("memory allocation failure");
fputs("> ", stderr);
fflush(stderr);
isc_app_block();
ptr = fgets(buf, COMMSIZE, stdin);
isc_app_unblock();
if (ptr == NULL) {
in_use = ISC_FALSE;
goto cleanup;
}
input = buf;
ptr = next_token(&input, " \t\r\n");
if (ptr == NULL)
goto cleanup;
return;
arg = next_token(&input, " \t\r\n");
if ((strcasecmp(ptr, "set") == 0) &&
(arg != NULL))
@ -750,20 +742,48 @@ get_next_command(void) {
show_settings(ISC_TRUE, ISC_TRUE);
} else if (strcasecmp(ptr, "exit") == 0) {
in_use = ISC_FALSE;
goto cleanup;
} else if (strcasecmp(ptr, "help") == 0 ||
strcasecmp(ptr, "?") == 0) {
printf("The '%s' command is not yet implemented.\n", ptr);
goto cleanup;
} else if (strcasecmp(ptr, "finger") == 0 ||
strcasecmp(ptr, "root") == 0 ||
strcasecmp(ptr, "ls") == 0 ||
strcasecmp(ptr, "view") == 0) {
printf("The '%s' command is not implemented.\n", ptr);
goto cleanup;
} else
addlookup(ptr);
cleanup:
}
static void
get_next_command(void) {
char *buf;
char *ptr;
fflush(stdout);
buf = isc_mem_allocate(mctx, COMMSIZE);
if (buf == NULL)
fatal("memory allocation failure");
isc_app_block();
if (interactive) {
#ifdef HAVE_READLINE
ptr = readline("> ");
add_history(ptr);
#else
fputs("> ", stderr);
fflush(stderr);
ptr = fgets(buf, COMMSIZE, stdin);
#endif
} else
ptr = fgets(buf, COMMSIZE, stdin);
isc_app_unblock();
if (ptr == NULL) {
in_use = ISC_FALSE;
} else
do_next_command(ptr);
#ifdef HAVE_READLINE
if (interactive)
free(ptr);
#endif
isc_mem_free(mctx, buf);
}
@ -859,6 +879,8 @@ int
main(int argc, char **argv) {
isc_result_t result;
interactive = ISC_TF(isatty(0));
ISC_LIST_INIT(lookup_list);
ISC_LIST_INIT(server_list);
ISC_LIST_INIT(search_list);

22
contrib/bind9/bin/dnssec/Makefile.in
View File

@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.42 2009/12/05 23:31:40 each Exp $
# $Id: Makefile.in,v 1.42.332.1 2011/03/16 06:37:51 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -44,19 +44,23 @@ NOSYMLIBS = ${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
# Alphabetically
TARGETS = dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@ \
dnssec-keyfromlabel@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
dnssec-revoke@EXEEXT@ dnssec-settime@EXEEXT@
dnssec-revoke@EXEEXT@ dnssec-settime@EXEEXT@ \
dnssec-verify@EXEEXT@
OBJS = dnssectool.@O@
SRCS = dnssec-dsfromkey.c dnssec-keyfromlabel.c dnssec-keygen.c \
dnssec-revoke.c dnssec-settime.c dnssec-signzone.c dnssectool.c
dnssec-revoke.c dnssec-settime.c dnssec-signzone.c \
dnssec-verify.c dnssectool.c
MANPAGES = dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \
dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8
dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8 \
dnssec-verify.8
HTMLPAGES = dnssec-dsfromkey.html dnssec-keyfromlabel.html \
dnssec-keygen.html dnssec-revoke.html \
dnssec-settime.html dnssec-signzone.html
dnssec-settime.html dnssec-signzone.html \
dnssec-verify.html
MANOBJS = ${MANPAGES} ${HTMLPAGES}
@ -82,6 +86,14 @@ dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
${FINALBUILDCMD}
dnssec-verify.@O@: dnssec-verify.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-verify.c
dnssec-verify@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
export BASEOBJS="dnssec-verify.@O@ ${OBJS}"; \
${FINALBUILDCMD}
dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
dnssec-revoke.@O@ ${OBJS} ${LIBS}

22
contrib/bind9/bin/dnssec/dnssec-dsfromkey.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -32,9 +32,9 @@
dnssec\-dsfromkey \- DNSSEC DS RR generation tool
.SH "SYNOPSIS"
.HP 17
\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] {keyfile}
\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] {keyfile}
.HP 17
\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
.SH "DESCRIPTION"
.PP
\fBdnssec\-dsfromkey\fR
@ -58,6 +58,11 @@ Select the digest algorithm. The value of
must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384). These values are case insensitive.
.RE
.PP
\-T \fITTL\fR
.RS 4
Specifies the TTL of the DS records.
.RE
.PP
\-K \fIdirectory\fR
.RS 4
Look for key files (or, in keyset mode,
@ -71,6 +76,15 @@ files) in
Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
\fBfile\fR. If the zone name is the same as
\fBfile\fR, then it may be omitted.
.sp
If
\fBfile\fR
is set to
"\-", then the zone data is read from the standard input. This makes it possible to use the output of the
\fBdig\fR
command as input, as in:
.sp
\fBdig dnskey example.com | dnssec\-dsfromkey \-f \- example.com\fR
.RE
.PP
\-A
@ -139,5 +153,5 @@ RFC 4509.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2008\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2008\-2012 Internet Systems Consortium, Inc. ("ISC")
.br

57
contrib/bind9/bin/dnssec/dnssec-dsfromkey.c
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-dsfromkey.c,v 1.19.14.2 2011/09/05 23:45:53 tbox Exp $ */
/* $Id: dnssec-dsfromkey.c,v 1.24 2011/10/25 01:54:18 marka Exp $ */
/*! \file */
@ -31,12 +31,13 @@
#include <isc/string.h>
#include <isc/util.h>
#include <dns/callbacks.h>
#include <dns/db.h>
#include <dns/dbiterator.h>
#include <dns/ds.h>
#include <dns/fixedname.h>
#include <dns/log.h>
#include <dns/keyvalues.h>
#include <dns/log.h>
#include <dns/master.h>
#include <dns/name.h>
#include <dns/rdata.h>
@ -61,6 +62,7 @@ static dns_rdataclass_t rdclass;
static dns_fixedname_t fixed;
static dns_name_t *name = NULL;
static isc_mem_t *mctx = NULL;
static isc_uint32_t ttl;
static isc_result_t
initname(char *setname) {
@ -76,8 +78,28 @@ initname(char *setname) {
return (result);
}
static void
db_load_from_stream(dns_db_t *db, FILE *fp) {
isc_result_t result;
dns_rdatacallbacks_t callbacks;
dns_rdatacallbacks_init(&callbacks);
result = dns_db_beginload(db, &callbacks.add, &callbacks.add_private);
if (result != ISC_R_SUCCESS)
fatal("dns_db_beginload failed: %s", isc_result_totext(result));
result = dns_master_loadstream(fp, name, name, rdclass, 0,
&callbacks, mctx);
if (result != ISC_R_SUCCESS)
fatal("can't load from input: %s", isc_result_totext(result));
result = dns_db_endload(db, &callbacks.add_private);
if (result != ISC_R_SUCCESS)
fatal("dns_db_endload failed: %s", isc_result_totext(result));
}
static isc_result_t
loadsetfromfile(char *filename, dns_rdataset_t *rdataset) {
loadset(const char *filename, dns_rdataset_t *rdataset) {
isc_result_t result;
dns_db_t *db = NULL;
dns_dbnode_t *node = NULL;
@ -90,9 +112,15 @@ loadsetfromfile(char *filename, dns_rdataset_t *rdataset) {
if (result != ISC_R_SUCCESS)
fatal("can't create database");
result = dns_db_load(db, filename);
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
fatal("can't load %s: %s", filename, isc_result_totext(result));
if (strcmp(filename, "-") == 0) {
db_load_from_stream(db, stdin);
filename = "input";
} else {
result = dns_db_load(db, filename);
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
fatal("can't load %s: %s", filename,
isc_result_totext(result));
}
result = dns_db_findnode(db, name, ISC_FALSE, &node);
if (result != ISC_R_SUCCESS)
@ -141,7 +169,7 @@ loadkeyset(char *dirname, dns_rdataset_t *rdataset) {
return (ISC_R_NOSPACE);
isc_buffer_putuint8(&buf, 0);
return (loadsetfromfile(filename, rdataset));
return (loadset(filename, rdataset));
}
static void
@ -256,7 +284,9 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
}
}
result = dns_rdata_totext(&ds, (dns_name_t *) NULL, &textb);
result = dns_rdata_tofmttext(&ds, (dns_name_t *) NULL, 0, 0, 0, "",
&textb);
if (result != ISC_R_SUCCESS)
fatal("can't print rdata");
@ -267,6 +297,9 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
isc_buffer_usedregion(&nameb, &r);
printf("%.*s ", (int)r.length, r.base);
if (ttl != 0U)
printf("%u ", ttl);
isc_buffer_usedregion(&classb, &r);
printf("%.*s", (int)r.length, r.base);
@ -302,6 +335,7 @@ usage(void) {
fprintf(stderr, " -l: add lookaside zone and print DLV records\n");
fprintf(stderr, " -s: read keyset from keyset-<dnsname> file\n");
fprintf(stderr, " -c class: rdata class for DS set (default: IN)\n");
fprintf(stderr, " -T TTL\n");
fprintf(stderr, " -f file: read keyset from zone file\n");
fprintf(stderr, " -A: when used with -f, "
"include all keys in DS set, not just KSKs\n");
@ -341,7 +375,7 @@ main(int argc, char **argv) {
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv,
"12Aa:c:d:Ff:K:l:sv:h")) != -1) {
"12Aa:c:d:Ff:K:l:sT:v:h")) != -1) {
switch (ch) {
case '1':
dtype = DNS_DSDIGEST_SHA1;
@ -381,6 +415,9 @@ main(int argc, char **argv) {
case 's':
usekeyset = ISC_TRUE;
break;
case 'T':
ttl = atol(isc_commandline_argument);
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
@ -466,7 +503,7 @@ main(int argc, char **argv) {
if (usekeyset)
result = loadkeyset(dir, &rdataset);
else
result = loadsetfromfile(filename, &rdataset);
result = loadset(filename, &rdataset);
if (result != ISC_R_SUCCESS)
fatal("could not load DNSKEY set: %s\n",

25
contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-dsfromkey.docbook,v 1.12 2010/12/23 23:47:08 tbox Exp $ -->
<!-- $Id: dnssec-dsfromkey.docbook,v 1.17 2011/10/25 01:54:18 marka Exp $ -->
<refentry id="man.dnssec-dsfromkey">
<refentryinfo>
<date>August 26, 2009</date>
@ -39,6 +39,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
@ -52,6 +53,7 @@
<arg><option>-2</option></arg>
<arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
<arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
<arg choice="req">keyfile</arg>
</cmdsynopsis>
<cmdsynopsis>
@ -64,6 +66,7 @@
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
<arg><option>-s</option></arg>
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
<arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
<arg><option>-A</option></arg>
<arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
@ -114,6 +117,15 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-T <replaceable class="parameter">TTL</replaceable></term>
<listitem>
<para>
Specifies the TTL of the DS records.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-K <replaceable class="parameter">directory</replaceable></term>
<listitem>
@ -134,6 +146,15 @@
from <option>file</option>. If the zone name is the same as
<option>file</option>, then it may be omitted.
</para>
<para>
If <option>file</option> is set to <literal>"-"</literal>, then
the zone data is read from the standard input. This makes it
possible to use the output of the <command>dig</command>
command as input, as in:
</para>
<para>
<userinput>dig dnskey example.com | dnssec-dsfromkey -f - example.com</userinput>
</para>
</listitem>
</varlistentry>

39
contrib/bind9/bin/dnssec/dnssec-dsfromkey.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -28,18 +28,18 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] {keyfile}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] {keyfile}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543468"></a><h2>DESCRIPTION</h2>
<a name="id2543489"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543480"></a><h2>OPTIONS</h2>
<a name="id2543500"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@ -57,6 +57,10 @@
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
These values are case insensitive.
</p></dd>
<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
<dd><p>
Specifies the TTL of the DS records.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
Look for key files (or, in keyset mode,
@ -64,12 +68,23 @@
<code class="option">directory</code>.
</p></dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
<dd>
<p>
Zone file mode: in place of the keyfile name, the argument is
the DNS domain name of a zone master file, which can be read
from <code class="option">file</code>. If the zone name is the same as
<code class="option">file</code>, then it may be omitted.
</p></dd>
</p>
<p>
If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
the zone data is read from the standard input. This makes it
possible to use the output of the <span><strong class="command">dig</strong></span>
command as input, as in:
</p>
<p>
<strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
</p>
</dd>
<dt><span class="term">-A</span></dt>
<dd><p>
Include ZSK's when generating DS records. Without this option,
@ -101,7 +116,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543667"></a><h2>EXAMPLE</h2>
<a name="id2543726"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@ -116,7 +131,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543697"></a><h2>FILES</h2>
<a name="id2543756"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@ -130,13 +145,13 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543732"></a><h2>CAVEAT</h2>
<a name="id2543792"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543741"></a><h2>SEE ALSO</h2>
<a name="id2543801"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -146,7 +161,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543781"></a><h2>AUTHOR</h2>
<a name="id2543841"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

11
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8
View File

@ -32,7 +32,7 @@
dnssec\-keyfromlabel \- DNSSEC key generation tool
.SH "SYNOPSIS"
.HP 20
\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keyfromlabel\fR
@ -122,6 +122,15 @@ Sets the directory in which the key files are to be written.
Generate KEY records rather than DNSKEY records.
.RE
.PP
\-L \fIttl\fR
.RS 4
Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
0
or
none
removes it.
.RE
.PP
\-p \fIprotocol\fR
.RS 4
Sets the protocol value for the key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.

21
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keyfromlabel.c,v 1.32.14.4 2011/11/30 00:51:38 marka Exp $ */
/* $Id: dnssec-keyfromlabel.c,v 1.38 2011/11/30 00:48:51 marka Exp $ */
/*! \file */
@ -85,6 +85,7 @@ usage(void) {
fprintf(stderr, " -K directory: directory in which to place "
"key files\n");
fprintf(stderr, " -k: generate a TYPE=KEY key\n");
fprintf(stderr, " -L ttl: default key TTL\n");
fprintf(stderr, " -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
fprintf(stderr, " (DNSKEY generation defaults to ZONE\n");
fprintf(stderr, " -p protocol: default: 3 [dnssec]\n");
@ -139,12 +140,13 @@ main(int argc, char **argv) {
dns_rdataclass_t rdclass;
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
char *label = NULL;
dns_ttl_t ttl = 0;
isc_stdtime_t publish = 0, activate = 0, revoke = 0;
isc_stdtime_t inactive = 0, delete = 0;
isc_stdtime_t now;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
isc_boolean_t unsetdel = ISC_FALSE;
@ -166,7 +168,7 @@ main(int argc, char **argv) {
isc_stdtime_get(&now);
while ((ch = isc_commandline_parse(argc, argv,
"3a:Cc:E:f:K:kl:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
"3a:Cc:E:f:K:kl:L:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
{
switch (ch) {
case '3':
@ -204,6 +206,13 @@ main(int argc, char **argv) {
case 'k':
options |= DST_TYPE_KEY;
break;
case 'L':
if (strcmp(isc_commandline_argument, "none") == 0)
ttl = 0;
else
ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'l':
label = isc_mem_strdup(mctx, isc_commandline_argument);
break;
@ -356,6 +365,8 @@ main(int argc, char **argv) {
fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
"If you still wish to use RSA (RSAMD5) please "
"specify \"-a RSAMD5\"\n");
if (freeit != NULL)
free(freeit);
return (1);
} else {
r.base = algname;
@ -515,6 +526,10 @@ main(int argc, char **argv) {
dst_key_setprivateformat(key, 1, 2);
}
/* Set default key TTL */
if (setttl)
dst_key_setttl(key, ttl);
/*
* Do not overwrite an existing key. Warn LOUDLY if there
* is a risk of ID collision due to this key or another key

17
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook
View File

@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.18.14.2 2011/02/28 01:19:58 tbox Exp $ -->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.21 2011/03/17 01:40:34 each Exp $ -->
<refentry id="man.dnssec-keyfromlabel">
<refentryinfo>
<date>February 8, 2008</date>
@ -60,6 +60,7 @@
<arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-k</option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
@ -236,6 +237,20 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p <replaceable class="parameter">protocol</replaceable></term>
<listitem>

23
contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html
View File

@ -28,10 +28,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543498"></a><h2>DESCRIPTION</h2>
<a name="id2543507"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
@ -44,7 +44,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543516"></a><h2>OPTIONS</h2>
<a name="id2543525"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -135,6 +135,15 @@
<dd><p>
Generate KEY records rather than DNSKEY records.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
<dd><p>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<code class="literal">0</code> or <code class="literal">none</code> removes it.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
<dd><p>
Sets the protocol value for the key. The protocol
@ -164,7 +173,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543880"></a><h2>TIMING OPTIONS</h2>
<a name="id2543980"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -211,7 +220,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544046"></a><h2>GENERATED KEY FILES</h2>
<a name="id2543054"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@ -250,7 +259,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544119"></a><h2>SEE ALSO</h2>
<a name="id2543127"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -258,7 +267,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544152"></a><h2>AUTHOR</h2>
<a name="id2543160"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

20
contrib/bind9/bin/dnssec/dnssec-keygen.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -33,7 +33,7 @@
dnssec\-keygen \- DNSSEC key generation tool
.SH "SYNOPSIS"
.HP 14
\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keygen\fR
@ -103,11 +103,6 @@ Indicates that the DNS record containing the key should have the specified class
Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
.RE
.PP
\-e
.RS 4
If generating an RSAMD5/RSASHA1 key, use a large exponent.
.RE
.PP
\-f \fIflag\fR
.RS 4
Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flags are KSK (Key Signing Key) and REVOKE.
@ -139,6 +134,15 @@ Sets the directory in which the key files are to be written.
Deprecated in favor of \-T KEY.
.RE
.PP
\-L \fIttl\fR
.RS 4
Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
0
or
none
removes it.
.RE
.PP
\-p \fIprotocol\fR
.RS 4
Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
@ -298,7 +302,7 @@ RFC 4034.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004, 2005, 2007\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004, 2005, 2007\-2012 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

49
contrib/bind9/bin/dnssec/dnssec-keygen.c
View File

@ -1,5 +1,5 @@
/*
* Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.115.14.4 2011/11/30 00:51:38 marka Exp $ */
/* $Id: dnssec-keygen.c,v 1.120 2011/11/30 00:48:51 marka Exp $ */
/*! \file */
@ -124,11 +124,12 @@ usage(void) {
#else
fprintf(stderr, " -E <engine name>\n");
#endif
fprintf(stderr, " -e: use large exponent (RSAMD5/RSASHA1 only)\n");
fprintf(stderr, " -f <keyflag>: KSK | REVOKE\n");
fprintf(stderr, " -g <generator>: use specified generator "
"(DH only)\n");
fprintf(stderr, " -L <ttl>: default key TTL\n");
fprintf(stderr, " -p <protocol>: (default: 3 [dnssec])\n");
fprintf(stderr, " -r <randomdev>: a file containing random data\n");
fprintf(stderr, " -s <strength>: strength value this key signs DNS "
"records with (default: 0)\n");
fprintf(stderr, " -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "
@ -137,8 +138,6 @@ usage(void) {
fprintf(stderr, " -t <type>: "
"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
"(default: AUTHCONF)\n");
fprintf(stderr, " -r <randomdev>: a file containing random data\n");
fprintf(stderr, " -h: print usage and exit\n");
fprintf(stderr, " -m <memory debugging mode>:\n");
fprintf(stderr, " usage | trace | record | size | mctx\n");
@ -212,7 +211,7 @@ main(int argc, char **argv) {
isc_boolean_t conflict = ISC_FALSE, null_key = ISC_FALSE;
isc_boolean_t oldstyle = ISC_FALSE;
isc_mem_t *mctx = NULL;
int ch, rsa_exp = 0, generator = 0, param = 0;
int ch, generator = 0, param = 0;
int protocol = -1, size = -1, signatory = 0;
isc_result_t ret;
isc_textregion_t r;
@ -231,6 +230,7 @@ main(int argc, char **argv) {
dns_rdataclass_t rdclass;
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
int dbits = 0;
dns_ttl_t ttl = 0;
isc_boolean_t use_default = ISC_FALSE, use_nsec3 = ISC_FALSE;
isc_stdtime_t publish = 0, activate = 0, revoke = 0;
isc_stdtime_t inactive = 0, delete = 0;
@ -238,7 +238,7 @@ main(int argc, char **argv) {
int prepub = -1;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
isc_boolean_t unsetdel = ISC_FALSE;
@ -257,7 +257,7 @@ main(int argc, char **argv) {
/*
* Process memory debugging argument first.
*/
#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:km:n:P:p:qR:r:S:s:T:t:v:"
#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:kL:m:n:P:p:qR:r:S:s:T:t:v:"
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'm':
@ -310,7 +310,9 @@ main(int argc, char **argv) {
engine = isc_commandline_argument;
break;
case 'e':
rsa_exp = 1;
fprintf(stderr,
"phased-out option -e "
"(was 'use (RSA) large exponent)\n");
break;
case 'f':
c = (unsigned char)(isc_commandline_argument[0]);
@ -340,6 +342,13 @@ main(int argc, char **argv) {
"To generate a key-signing key, use -f KSK.\n"
"To generate a key with TYPE=KEY, use -T KEY.\n");
break;
case 'L':
if (strcmp(isc_commandline_argument, "none") == 0)
ttl = 0;
else
ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'n':
nametype = isc_commandline_argument;
break;
@ -526,6 +535,7 @@ main(int argc, char **argv) {
"recommended.\nIf you still wish to "
"use RSA (RSAMD5) please specify "
"\"-a RSAMD5\"\n");
INSIST(freeit == NULL);
return (1);
} else if (strcasecmp(algname, "HMAC-MD5") == 0)
alg = DST_ALG_HMACMD5;
@ -781,13 +791,6 @@ main(int argc, char **argv) {
break;
}
if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
alg == DNS_KEYALG_RSASHA512 || alg == DST_ALG_ECCGOST ||
alg == DST_ALG_ECDSA256 || alg == DST_ALG_ECDSA384) &&
rsa_exp != 0)
fatal("specified RSA exponent for a non-RSA key");
if (alg != DNS_KEYALG_DH && generator != 0)
fatal("specified DH generator for a non-DH key");
@ -847,7 +850,6 @@ main(int argc, char **argv) {
case DNS_KEYALG_NSEC3RSASHA1:
case DNS_KEYALG_RSASHA256:
case DNS_KEYALG_RSASHA512:
param = rsa_exp;
show_progress = ISC_TRUE;
break;
@ -960,8 +962,15 @@ main(int argc, char **argv) {
dst_key_settime(key, DST_TIME_INACTIVE,
inactive);
if (setdel)
if (setdel) {
if (setinact && delete < inactive)
fprintf(stderr, "%s: warning: Key is "
"scheduled to be deleted "
"before it is scheduled to be "
"made inactive.\n",
program);
dst_key_settime(key, DST_TIME_DELETE, delete);
}
} else {
if (setpub || setact || setrev || setinact ||
setdel || unsetpub || unsetact ||
@ -975,6 +984,10 @@ main(int argc, char **argv) {
dst_key_setprivateformat(key, 1, 2);
}
/* Set the default key TTL */
if (setttl)
dst_key_setttl(key, ttl);
/*
* Do not overwrite an existing key, or create a key
* if there is a risk of ID collision due to this key

30
contrib/bind9/bin/dnssec/dnssec-keygen.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.docbook,v 1.36 2010/12/23 04:07:59 marka Exp $ -->
<!-- $Id: dnssec-keygen.docbook,v 1.38 2011/03/17 23:47:29 tbox Exp $ -->
<refentry id="man.dnssec-keygen">
<refentryinfo>
<date>June 30, 2000</date>
@ -43,6 +43,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
@ -67,7 +68,6 @@
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
<arg><option>-e</option></arg>
<arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
<arg><option>-G</option></arg>
<arg><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
@ -75,6 +75,7 @@
<arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
<arg><option>-k</option></arg>
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
@ -231,15 +232,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-e</term>
<listitem>
<para>
If generating an RSAMD5/RSASHA1 key, use a large exponent.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-f <replaceable class="parameter">flag</replaceable></term>
<listitem>
@ -300,6 +292,20 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p <replaceable class="parameter">protocol</replaceable></term>
<listitem>

31
contrib/bind9/bin/dnssec/dnssec-keygen.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543582"></a><h2>DESCRIPTION</h2>
<a name="id2543590"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@ -46,7 +46,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543601"></a><h2>OPTIONS</h2>
<a name="id2543608"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -139,10 +139,6 @@
support it defaults to pkcs11; the empty name resets it to
no engine.
</p></dd>
<dt><span class="term">-e</span></dt>
<dd><p>
If generating an RSAMD5/RSASHA1 key, use a large exponent.
</p></dd>
<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
<dd><p>
Set the specified flag in the flag field of the KEY/DNSKEY record.
@ -173,6 +169,15 @@
<dd><p>
Deprecated in favor of -T KEY.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
<dd><p>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<code class="literal">0</code> or <code class="literal">none</code> removes it.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
<dd><p>
Sets the protocol value for the generated key. The protocol
@ -251,7 +256,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544169"></a><h2>TIMING OPTIONS</h2>
<a name="id2544187"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -322,7 +327,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544359"></a><h2>GENERATED KEYS</h2>
<a name="id2544377"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -368,7 +373,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544441"></a><h2>EXAMPLE</h2>
<a name="id2544459"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -389,7 +394,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544485"></a><h2>SEE ALSO</h2>
<a name="id2544571"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@ -398,7 +403,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544584"></a><h2>AUTHOR</h2>
<a name="id2544602"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

5
contrib/bind9/bin/dnssec/dnssec-revoke.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,13 +14,12 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-revoke.c,v 1.22.124.2 2011/10/20 23:46:27 tbox Exp $ */
/* $Id: dnssec-revoke.c,v 1.24 2011/10/20 23:46:51 tbox Exp $ */
/*! \file */
#include <config.h>
#include <libgen.h>
#include <stdlib.h>
#include <unistd.h>

2
contrib/bind9/bin/dnssec/dnssec-revoke.docbook
View File

@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-revoke.docbook,v 1.7.266.2 2011/10/20 23:46:27 tbox Exp $ -->
<!-- $Id: dnssec-revoke.docbook,v 1.9 2011/10/20 23:46:51 tbox Exp $ -->
<refentry id="man.dnssec-revoke">
<refentryinfo>
<date>June 1, 2009</date>

11
contrib/bind9/bin/dnssec/dnssec-settime.8
View File

@ -32,7 +32,7 @@
dnssec\-settime \- Set the key timing metadata for a DNSSEC key
.SH "SYNOPSIS"
.HP 15
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
.SH "DESCRIPTION"
.PP
\fBdnssec\-settime\fR
@ -67,6 +67,15 @@ will fail when attempting to update a legacy key. With this option, the key will
Sets the directory in which the key files are to reside.
.RE
.PP
\-L \fIttl\fR
.RS 4
Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
0
or
none
removes it.
.RE
.PP
\-h
.RS 4
Emit usage message and exit.

56
contrib/bind9/bin/dnssec/dnssec-settime.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2009-2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,13 +14,12 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-settime.c,v 1.28.16.3 2011/06/02 20:24:11 each Exp $ */
/* $Id: dnssec-settime.c,v 1.32 2011/06/02 20:24:45 each Exp $ */
/*! \file */
#include <config.h>
#include <libgen.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
@ -67,6 +66,7 @@ usage(void) {
fprintf(stderr, " -f: force update of old-style "
"keys\n");
fprintf(stderr, " -K directory: set key file location\n");
fprintf(stderr, " -L ttl: set default key TTL\n");
fprintf(stderr, " -v level: set level of verbosity\n");
fprintf(stderr, " -h: help\n");
fprintf(stderr, "Timing options:\n");
@ -138,11 +138,13 @@ main(int argc, char **argv) {
unsigned int size = 0;
isc_uint16_t flags = 0;
int prepub = -1;
dns_ttl_t ttl = 0;
isc_stdtime_t now;
isc_stdtime_t pub = 0, act = 0, rev = 0, inact = 0, del = 0;
isc_stdtime_t prevact = 0, previnact = 0, prevdel = 0;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
isc_boolean_t unsetdel = ISC_FALSE;
@ -169,7 +171,7 @@ main(int argc, char **argv) {
isc_stdtime_get(&now);
#define CMDLINE_FLAGS "A:D:E:fhI:i:K:P:p:R:S:uv:"
#define CMDLINE_FLAGS "A:D:E:fhI:i:K:L:P:p:R:S:uv:"
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'E':
@ -233,6 +235,13 @@ main(int argc, char **argv) {
"directory");
}
break;
case 'L':
if (strcmp(isc_commandline_argument, "none") == 0)
ttl = 0;
else
ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
@ -344,7 +353,6 @@ main(int argc, char **argv) {
if (predecessor != NULL) {
char keystr[DST_KEY_FORMATSIZE];
isc_stdtime_t when;
int major, minor;
if (prepub == -1)
@ -376,19 +384,20 @@ main(int argc, char **argv) {
fatal("Predecessor has incompatible format "
"version %d.%d\n\t", major, minor);
result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &prevact);
if (result != ISC_R_SUCCESS)
fatal("Predecessor has no activation date. "
"You must set one before\n\t"
"generating a successor.");
result = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &act);
result = dst_key_gettime(prevkey, DST_TIME_INACTIVE,
&previnact);
if (result != ISC_R_SUCCESS)
fatal("Predecessor has no inactivation date. "
"You must set one before\n\t"
"generating a successor.");
pub = act - prepub;
pub = prevact - prepub;
if (pub < now && prepub != 0)
fatal("Predecessor will become inactive before the\n\t"
"prepublication period ends. Either change "
@ -396,13 +405,18 @@ main(int argc, char **argv) {
"or use the -i option to set a shorter "
"prepublication interval.");
result = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
result = dst_key_gettime(prevkey, DST_TIME_DELETE, &prevdel);
if (result != ISC_R_SUCCESS)
fprintf(stderr, "%s: WARNING: Predecessor has no "
fprintf(stderr, "%s: warning: Predecessor has no "
"removal date;\n\t"
"it will remain in the zone "
"indefinitely after rollover.\n",
program);
else if (prevdel < previnact)
fprintf(stderr, "%s: warning: Predecessor is "
"scheduled to be deleted\n\t"
"before it is scheduled to be "
"inactive.\n", program);
changed = setpub = setact = ISC_TRUE;
dst_key_free(&prevkey);
@ -464,6 +478,20 @@ main(int argc, char **argv) {
fatal("Key flags mismatch");
}
prevdel = previnact = 0;
if ((setdel && setinact && del < inact) ||
(dst_key_gettime(key, DST_TIME_INACTIVE,
&previnact) == ISC_R_SUCCESS &&
setdel && !setinact && del < previnact) ||
(dst_key_gettime(key, DST_TIME_DELETE,
&prevdel) == ISC_R_SUCCESS &&
setinact && !setdel && prevdel < inact) ||
(!setdel && !setinact && prevdel < previnact))
fprintf(stderr, "%s: warning: Key is scheduled to "
"be deleted before it is\n\t"
"scheduled to be inactive.\n",
program);
if (force)
set_keyversion(key);
else
@ -516,6 +544,9 @@ main(int argc, char **argv) {
else if (unsetdel)
dst_key_unsettime(key, DST_TIME_DELETE);
if (setttl)
dst_key_setttl(key, ttl);
/*
* No metadata changes were made but we're forcing an upgrade
* to the new format anyway: use "-P now -A now" as the default
@ -526,6 +557,9 @@ main(int argc, char **argv) {
changed = ISC_TRUE;
}
if (!changed && setttl)
changed = ISC_TRUE;
/*
* Print out time values, if -p was used.
*/

17
contrib/bind9/bin/dnssec/dnssec-settime.docbook
View File

@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-settime.docbook,v 1.11.70.3 2011/11/03 20:21:30 each Exp $ -->
<!-- $Id: dnssec-settime.docbook,v 1.15 2011/11/03 20:21:37 each Exp $ -->
<refentry id="man.dnssec-settime">
<refentryinfo>
<date>July 15, 2009</date>
@ -48,6 +48,7 @@
<command>dnssec-settime</command>
<arg><option>-f</option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
@ -116,6 +117,20 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-h</term>
<listitem>

23
contrib/bind9/bin/dnssec/dnssec-settime.html
View File

@ -28,10 +28,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543424"></a><h2>DESCRIPTION</h2>
<a name="id2543432"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@ -57,7 +57,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543472"></a><h2>OPTIONS</h2>
<a name="id2543480"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@ -74,6 +74,15 @@
<dd><p>
Sets the directory in which the key files are to reside.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
<dd><p>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<code class="literal">0</code> or <code class="literal">none</code> removes it.
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
Emit usage message and exit.
@ -90,7 +99,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543563"></a><h2>TIMING OPTIONS</h2>
<a name="id2543664"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -169,7 +178,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543770"></a><h2>PRINTING OPTIONS</h2>
<a name="id2543802"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@ -195,7 +204,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543848"></a><h2>SEE ALSO</h2>
<a name="id2543880"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -203,7 +212,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543881"></a><h2>AUTHOR</h2>
<a name="id2542138"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

66
contrib/bind9/bin/dnssec/dnssec-signzone.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -33,7 +33,7 @@
dnssec\-signzone \- DNSSEC zone signing tool
.SH "SYNOPSIS"
.HP 16
\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-p\fR] [\fB\-R\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
.SH "DESCRIPTION"
.PP
\fBdnssec\-signzone\fR
@ -72,6 +72,15 @@ files in
\fBdirectory\fR.
.RE
.PP
\-D
.RS 4
Output only those record types automatically managed by
\fBdnssec\-signzone\fR, i.e. RRSIG, NSEC, NSEC3 and NSEC3PARAM records. If smart signing (\fB\-S\fR) is used, DNSKEY records are also included. The resulting file can be included in the original zone file with
\fB$INCLUDE\fR. This option cannot be combined with
\fB\-O raw\fR
or serial number updating.
.RE
.PP
\-E \fIengine\fR
.RS 4
Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
@ -119,11 +128,29 @@ must be later than
\fBstart\-time\fR.
.RE
.PP
\-X \fIextended end\-time\fR
.RS 4
Specify the date and time when the generated RRSIG records for the DNSKEY RRset will expire. This is to be used in cases when the DNSKEY signatures need to persist longer than signatures on other records; e.g., when the private component of the KSK is kept offline and the KSK signature is to be refreshed manually.
.sp
As with
\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
\fBextended end\-time\fR
is specified, the value of
\fBend\-time\fR
is used as the default. (\fBend\-time\fR, in turn, defaults to 30 days from the start time.)
\fBextended end\-time\fR
must be later than
\fBstart\-time\fR.
.RE
.PP
\-f \fIoutput\-file\fR
.RS 4
The name of the output file containing the signed zone. The default is to append
\fI.signed\fR
to the input filename.
to the input filename. If
\fBoutput\-file\fR
is set to
"\-", then the signed zone is written to the standard output, with a default output format of "full".
.RE
.PP
\-h
@ -164,6 +191,11 @@ option specifies a jitter window that will be used to randomize the signature ex
Signature lifetime jitter also to some extent benefits validators and servers by spreading out cache expiration, i.e. if large numbers of RRSIGs don't expire at the same time from all caches there will be less congestion than if all validators need to refetch at mostly the same time.
.RE
.PP
\-L \fIserial\fR
.RS 4
When writing a signed zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
.RE
.PP
\-n \fIncpus\fR
.RS 4
Specifies the number of threads to use. By default, one thread is started for each detected CPU.
@ -205,8 +237,15 @@ The zone origin. If not specified, the name of the zone file is assumed to be th
.RS 4
The format of the output file containing the signed zone. Possible formats are
\fB"text"\fR
(default) and
\fB"raw"\fR.
(default)
\fB"full"\fR, which is text output in a format suitable for processing by external scripts, and
\fB"raw"\fR
or
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
\fBnamed\fR.
\fB"raw=N"\fR
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
.RE
.PP
\-p
@ -221,6 +260,17 @@ Disable post sign verification tests.
The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm. This option skips these tests.
.RE
.PP
\-R
.RS 4
Remove signatures from keys that no longer exist.
.sp
Normally, when a previously\-signed zone is passed as input to the signer, and a DNSKEY record has been removed and replaced with a new one, signatures from the old key that are still within their validity period are retained. This allows the zone to continue to validate with cached copies of the old DNSKEY RRset. The
\fB\-R\fR
forces
\fBdnssec\-signzone\fR
to remove all orphaned signatures.
.RE
.PP
\-r \fIrandomdev\fR
.RS 4
Specifies the source of randomness. If the operating system does not provide a
@ -265,8 +315,8 @@ If either of the key's unpublication or deletion dates are set and in the past,
.PP
\-T \fIttl\fR
.RS 4
Specifies the TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the minimum TTL value from the zone's SOA record. This option is ignored when signing without
\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them.
Specifies a TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the TTL value from the zone's SOA record. This option is ignored when signing without
\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them, or if any of the imported DNSKEY records had a default TTL value. In the event of a a conflict between TTL values in imported keys, the shortest one is used.
.RE
.PP
\-t
@ -378,7 +428,7 @@ RFC 4033.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

951
contrib/bind9/bin/dnssec/dnssec-signzone.c
View File

File diff suppressed because it is too large Load Diff

107
contrib/bind9/bin/dnssec/dnssec-signzone.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.docbook,v 1.44 2009/12/03 23:18:16 each Exp $ -->
<!-- $Id: dnssec-signzone.docbook,v 1.52 2011/12/22 07:32:40 each Exp $ -->
<refentry id="man.dnssec-signzone">
<refentryinfo>
<date>June 05, 2009</date>
@ -43,6 +43,7 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
<year>2011</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -60,6 +61,7 @@
<arg><option>-a</option></arg>
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-D</option></arg>
<arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
<arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
<arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
@ -67,6 +69,7 @@
<arg><option>-h</option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
<arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
<arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
@ -74,8 +77,9 @@
<arg><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg>
<arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
<arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
<arg><option>-p</option></arg>
<arg><option>-P</option></arg>
<arg><option>-p</option></arg>
<arg><option>-R</option></arg>
<arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
<arg><option>-S</option></arg>
<arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
@ -83,6 +87,7 @@
<arg><option>-t</option></arg>
<arg><option>-u</option></arg>
<arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
<arg><option>-X <replaceable class="parameter">extended end-time</replaceable></option></arg>
<arg><option>-x</option></arg>
<arg><option>-z</option></arg>
<arg><option>-3 <replaceable class="parameter">salt</replaceable></option></arg>
@ -151,6 +156,22 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-D</term>
<listitem>
<para>
Output only those record types automatically managed by
<command>dnssec-signzone</command>, i.e. RRSIG, NSEC,
NSEC3 and NSEC3PARAM records. If smart signing
(<option>-S</option>) is used, DNSKEY records are also
included. The resulting file can be included in the original
zone file with <command>$INCLUDE</command>. This option
cannot be combined with <option>-O raw</option> or serial
number updating.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-E <replaceable class="parameter">engine</replaceable></term>
<listitem>
@ -237,14 +258,41 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-X <replaceable class="parameter">extended end-time</replaceable></term>
<listitem>
<para>
Specify the date and time when the generated RRSIG records
for the DNSKEY RRset will expire. This is to be used in cases
when the DNSKEY signatures need to persist longer than
signatures on other records; e.g., when the private component
of the KSK is kept offline and the KSK signature is to be
refreshed manually.
</para>
<para>
As with <option>start-time</option>, an absolute
time is indicated in YYYYMMDDHHMMSS notation. A time relative
to the start time is indicated with +N, which is N seconds from
the start time. A time relative to the current time is
indicated with now+N. If no <option>extended end-time</option> is
specified, the value of <option>end-time</option> is used as
the default. (<option>end-time</option>, in turn, defaults to
30 days from the start time.) <option>extended end-time</option>
must be later than <option>start-time</option>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-f <replaceable class="parameter">output-file</replaceable></term>
<listitem>
<para>
The name of the output file containing the signed zone. The
default is to append <filename>.signed</filename> to
the
input filename.
the input filename. If <option>output-file</option> is
set to <literal>"-"</literal>, then the signed zone is
written to the standard output, with a default output
format of "full".
</para>
</listitem>
</varlistentry>
@ -324,6 +372,17 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">serial</replaceable></term>
<listitem>
<para>
When writing a signed zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-n <replaceable class="parameter">ncpus</replaceable></term>
<listitem>
@ -388,7 +447,15 @@
<para>
The format of the output file containing the signed zone.
Possible formats are <command>"text"</command> (default)
and <command>"raw"</command>.
<command>"full"</command>, which is text output in a
format suitable for processing by external scripts,
and <command>"raw"</command> or <command>"raw=N"</command>,
which store the zone in a binary format for rapid loading
by <command>named</command>. <command>"raw=N"</command>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
<command>named</command>; if N is 1, the file can be
read by release 9.9.0 or higher. The default is 1.
</para>
</listitem>
</varlistentry>
@ -421,6 +488,24 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-R</term>
<listitem>
<para>
Remove signatures from keys that no longer exist.
</para>
<para>
Normally, when a previously-signed zone is passed as input
to the signer, and a DNSKEY record has been removed and
replaced with a new one, signatures from the old key
that are still within their validity period are retained.
This allows the zone to continue to validate with cached
copies of the old DNSKEY RRset. The <option>-R</option> forces
<command>dnssec-signzone</command> to remove all orphaned
signatures.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
@ -508,15 +593,17 @@
<term>-T <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Specifies the TTL to be used for new DNSKEY records imported
into the zone from the key repository. If not specified,
the default is the minimum TTL value from the zone's SOA
Specifies a TTL to be used for new DNSKEY records imported
into the zone from the key repository. If not
specified, the default is the TTL value from the zone's SOA
record. This option is ignored when signing without
<option>-S</option>, since DNSKEY records are not imported
from the key repository in that case. It is also ignored if
there are any pre-existing DNSKEY records at the zone apex,
in which case new records' TTL values will be set to match
them.
them, or if any of the imported DNSKEY records had a default
TTL value. In the event of a a conflict between TTL values in
imported keys, the shortest one is used.
</para>
</listitem>
</varlistentry>

95
contrib/bind9/bin/dnssec/dnssec-signzone.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543597"></a><h2>DESCRIPTION</h2>
<a name="id2543626"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543612"></a><h2>OPTIONS</h2>
<a name="id2543641"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -67,6 +67,17 @@
Look for <code class="filename">dsset-</code> or
<code class="filename">keyset-</code> files in <code class="option">directory</code>.
</p></dd>
<dt><span class="term">-D</span></dt>
<dd><p>
Output only those record types automatically managed by
<span><strong class="command">dnssec-signzone</strong></span>, i.e. RRSIG, NSEC,
NSEC3 and NSEC3PARAM records. If smart signing
(<code class="option">-S</code>) is used, DNSKEY records are also
included. The resulting file can be included in the original
zone file with <span><strong class="command">$INCLUDE</strong></span>. This option
cannot be combined with <code class="option">-O raw</code> or serial
number updating.
</p></dd>
<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
<dd><p>
Uses a crypto hardware (OpenSSL engine) for the crypto operations
@ -118,12 +129,36 @@
<code class="option">end-time</code> must be later than
<code class="option">start-time</code>.
</p></dd>
<dt><span class="term">-X <em class="replaceable"><code>extended end-time</code></em></span></dt>
<dd>
<p>
Specify the date and time when the generated RRSIG records
for the DNSKEY RRset will expire. This is to be used in cases
when the DNSKEY signatures need to persist longer than
signatures on other records; e.g., when the private component
of the KSK is kept offline and the KSK signature is to be
refreshed manually.
</p>
<p>
As with <code class="option">start-time</code>, an absolute
time is indicated in YYYYMMDDHHMMSS notation. A time relative
to the start time is indicated with +N, which is N seconds from
the start time. A time relative to the current time is
indicated with now+N. If no <code class="option">extended end-time</code> is
specified, the value of <code class="option">end-time</code> is used as
the default. (<code class="option">end-time</code>, in turn, defaults to
30 days from the start time.) <code class="option">extended end-time</code>
must be later than <code class="option">start-time</code>.
</p>
</dd>
<dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt>
<dd><p>
The name of the output file containing the signed zone. The
default is to append <code class="filename">.signed</code> to
the
input filename.
the input filename. If <code class="option">output-file</code> is
set to <code class="literal">"-"</code>, then the signed zone is
written to the standard output, with a default output
format of "full".
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
@ -184,6 +219,12 @@
validators need to refetch at mostly the same time.
</p>
</dd>
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
<dd><p>
When writing a signed zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</p></dd>
<dt><span class="term">-n <em class="replaceable"><code>ncpus</code></em></span></dt>
<dd><p>
Specifies the number of threads to use. By default, one
@ -217,7 +258,15 @@
<dd><p>
The format of the output file containing the signed zone.
Possible formats are <span><strong class="command">"text"</strong></span> (default)
and <span><strong class="command">"raw"</strong></span>.
<span><strong class="command">"full"</strong></span>, which is text output in a
format suitable for processing by external scripts,
and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
which store the zone in a binary format for rapid loading
by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
<span><strong class="command">named</strong></span>; if N is 1, the file can be
read by release 9.9.0 or higher. The default is 1.
</p></dd>
<dt><span class="term">-p</span></dt>
<dd><p>
@ -239,6 +288,22 @@
This option skips these tests.
</p>
</dd>
<dt><span class="term">-R</span></dt>
<dd>
<p>
Remove signatures from keys that no longer exist.
</p>
<p>
Normally, when a previously-signed zone is passed as input
to the signer, and a DNSKEY record has been removed and
replaced with a new one, signatures from the old key
that are still within their validity period are retained.
This allows the zone to continue to validate with cached
copies of the old DNSKEY RRset. The <code class="option">-R</code> forces
<span><strong class="command">dnssec-signzone</strong></span> to remove all orphaned
signatures.
</p>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
<dd><p>
Specifies the source of randomness. If the operating
@ -297,15 +362,17 @@
</dd>
<dt><span class="term">-T <em class="replaceable"><code>ttl</code></em></span></dt>
<dd><p>
Specifies the TTL to be used for new DNSKEY records imported
into the zone from the key repository. If not specified,
the default is the minimum TTL value from the zone's SOA
Specifies a TTL to be used for new DNSKEY records imported
into the zone from the key repository. If not
specified, the default is the TTL value from the zone's SOA
record. This option is ignored when signing without
<code class="option">-S</code>, since DNSKEY records are not imported
from the key repository in that case. It is also ignored if
there are any pre-existing DNSKEY records at the zone apex,
in which case new records' TTL values will be set to match
them.
them, or if any of the imported DNSKEY records had a default
TTL value. In the event of a a conflict between TTL values in
imported keys, the shortest one is used.
</p></dd>
<dt><span class="term">-t</span></dt>
<dd><p>
@ -379,7 +446,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544965"></a><h2>EXAMPLE</h2>
<a name="id2545127"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@ -409,14 +476,14 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2545020"></a><h2>SEE ALSO</h2>
<a name="id2545182"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545045"></a><h2>AUTHOR</h2>
<a name="id2545207"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

Some files were not shown because too many files have changed in this diff Show More