Ecosyste.ms: Repos

An open API service providing repository metadata for many open source software ecosystems.

GitHub / merlinscholz / lockdoc-netbsd

Experiment-based search for potential synchronization bugs in the NetBSD kernel

JSON API: https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/merlinscholz%2Flockdoc-netbsd

Stars: 0
Forks: 0
Open Issues: 0

License: None
Language:
Repo Size: 1.66 GB
Dependencies: 344

Created: over 1 year ago
Updated: 7 months ago
Last pushed: 9 months ago
Last synced: 7 months ago

Topics: c, kernel, locking, netbsd

Files

Readme

Dependencies

external/gpl2/dtc/dist/pylibfdt/setup.py pypi

crypto/external/bsd/openssl/dist/external/perl/Text-Template-1.56/META.yml cpan

Carp 0
Encode 0
Exporter 0
base 0
perl 5.008
strict 0
warnings 0

crypto/external/bsd/openssl.old/dist/external/perl/Text-Template-1.46/META.json cpan

ExtUtils::MakeMaker 0

crypto/external/bsd/openssl.old/dist/external/perl/Text-Template-1.46/META.yml cpan

external/apache2/llvm/dist/clang/tools/clang-fuzzer/Dockerfile docker

ubuntu 16.04 build

external/apache2/llvm/dist/clang/utils/analyzer/Dockerfile docker

ubuntu bionic build

external/apache2/llvm/dist/libcxx/utils/ci/Dockerfile docker

ubuntu bionic build

external/apache2/llvm/dist/llvm/utils/docker/debian8/Dockerfile docker

launcher.gcr.io/google/debian8 latest build

external/apache2/llvm/dist/llvm/utils/docker/example/Dockerfile docker

ubuntu latest build

external/apache2/llvm/dist/llvm/utils/docker/nvidia-cuda/Dockerfile docker

nvidia/cuda 8.0-devel build

external/bsd/file/dist/fuzz/Dockerfile docker

gcr.io/oss-fuzz-base/base-builder latest build

external/bsd/libfido2/dist/fuzz/Dockerfile docker

ubuntu focal build

external/bsd/pam-u2f/dist/tests/bionic/Dockerfile docker

ubuntu bionic build

crypto/external/bsd/openssl/dist/external/perl/Text-Template-1.56/META.json cpan

external/apache2/llvm/dist/llvm/utils/vscode/llvm/package.json npm

@types/node ^8.10.59 development
@types/vscode ^1.39.0 development
js-yaml ^3.13.1 development
tslint ^5.16.0 development
typescript ^3.8.3 development

common/dist/zlib/contrib/dotzlib/DotZLib/DotZLib.csproj nuget

external/apache2/llvm/dist/clang/tools/clang-format-vs/ClangFormat/ClangFormat.csproj nuget

external/apache2/llvm/dist/clang/tools/clang-format-vs/ClangFormat/packages.config nuget

external/apache2/llvm/dist/llvm/tools/msbuild/llvm.csproj nuget

external/gpl3/binutils/dist/zlib/contrib/dotzlib/DotZLib/DotZLib.csproj nuget

external/gpl3/binutils.old/dist/zlib/contrib/dotzlib/DotZLib/DotZLib.csproj nuget

external/apache2/llvm/dist/clang/utils/analyzer/requirements.txt pypi

external/apache2/llvm/dist/clang/utils/check_cfc/setup.py pypi

external/apache2/llvm/dist/llvm/utils/lit/setup.py pypi

external/apache2/llvm/dist/llvm/utils/lit/tests/Inputs/show-used-features/requires.txt pypi

external/apache2/llvm/dist/llvm/utils/lit/tests/Inputs/shtest-format/requires-missing.txt pypi

REQUIRES * test
RUN * test

external/apache2/llvm/dist/llvm/utils/lit/tests/Inputs/shtest-format/requires-present.txt pypi

REQUIRES * test
RUN * test

external/apache2/llvm/dist/llvm/utils/lit/tests/Inputs/shtest-format/requires-star.txt pypi

REQUIRES * test
RUN * test

external/apache2/llvm/dist/llvm/utils/lit/tests/Inputs/shtest-format/requires-triple.txt pypi

REQUIRES * test
RUN * test

external/bsd/file/dist/python/pyproject.toml pypi

external/bsd/file/dist/python/setup.py pypi

external/bsd/nsd/dist/contrib/bind2nsd/setup.py pypi

external/bsd/tre/dist/python/setup.py pypi

external/bsd/unbound/dist/doc/requirements.txt pypi

1.Introduction *
2.History *
3.Goals *
3liststhegoals ,whileSection4liststheexplicitnon
4.Non-Goals *
5.Choices *
ADSrecordswouldindicateareferral. *
ASOArecordwouldindicatethatthiswasaNODATAanswer. *
AbsenceofNSrecordwouldindicateaNODATAansweraswell. *
Addingfullauthoritysupport ,requiresmuchmorecode,andmorecomplex
Adirectqueryforthatnamewillattempttogetamsgintothemessage *
Alsoforzonesforwhichnochainoftrustexists ,butaDSisgivenbythe
Alsoredirectionofdomainnameswithfixeddataisneededbyservice *
Amisconfigurationthatsometimeshappensiswheretheparentandchild *
Andthuspreventscache-snooping *
ByW.C.A.Wijngaards ,NLnetLabs,October2006.
Concluding ,aspoofoftheparentdelegationcanbeusedformanycases
Contents *
DataintheDNSisstoredinResourceRecordsets *
Forreferrals ,delegationsthataddasinglelabelcanbecheckedtobe
Forsomeboxesitisnecessarytoprobeforeveryfailingquery ,a
However ,someauthorityfeaturesareexpectedinarecursor.Thingslike
Ifmanyqueriesaremade ,andtheyaremadetonamesforwhichthe
Ifthecachememoryislow *
IfthedomainisDNSSECsigned ,bytheway,thenNSECrecordsare
IftheotherdomainissignedbyDNSSEC ,thefakeswillbedetected.
InSection2theoriginsoftheUnboundprojectaredocumented.Section *
Insteadofafalsepositive ,wewantfalsenegatives
Insummary ,thehardengluefeaturepresentsasecurityriskif
Itdoesdosomerrsigduplicateremoval ,inthemsgparser,fordnssecqtype
Itminimizesthechancesofadroppedquerymakinga *
Itsucceedsifonehas0x20intact ,orelseallareequal.
Mainpoints *
MattLarson *
NSECandNSEC3recordswereobtained *
NameSystem *
Notallglueisletthrough *
Otherwise ,itresultsina5secondwaittimebeforeEDNStimeoutis
Otherwise ,servfailisreturnedtotheclient.
RRmaybeinserted ,withinthemessageTTLtime,andthusreturnthe
RequirementsforRecursiveCachingResolver *
Retriesonavalidationfailurearenow5xtoadifferentnameserverIP *
SissonandRoyArendsfromNominet.Around2006theideacametocreate *
So ,onlymessagesthatidentifythezoneareusedtomarkthezone
SoitwillfaithfullynegativecachefortheexactTTLasoriginally *
SomemiddleboxesdropEDNS0queries ,mainlywhenforwarding,notwhen
Sopossibly ,forcomplicatedsetups,withmultiple
ThatincludesalmostallnegativeresponsesandalsoA ,AAAAqtypes.
Thatwouldbemostresponsesfromservers. *
TheJavaprototypeworkedverywell ,withcontributionsfromGeoff
Thecasingfromthequerynameisusedinpreferencetothecasing *
ThecurrentunboundcodeusesanegativecacheforqueriesfortypeDS. *
Thednssec-lamenessdetectionisusedtodetectoperatorfailures ,
Thedraftdescribestobackofftothenextserver ,andgothroughall
Thefollowingissueneedstoberesolved *
Thegluethatisletthroughisstoredinthecache *
Thelast50 *
Thelimitedsupportallowsaddingsomestaticdata *
ThemaincomponentsaretheValidatorthatvalidatesthesecurity *
ThemessagehasaTTLsmallerorequaltotheTTLoftheanswerRR. *
Thenthereceiverdoesnotknowwhetherthiswasareferral *
Theservercanbespoofedbygettingittovisitaespeciallyprepared *
ThesesituationsbecomeconsistentoncetheoriginalTTLexpires. *
Thetimeoutcanbeconfigured. *
TheunboundresolverprojectstartedbyBillManning ,DavidBlacka,and
Theyaresenttoarandomserver ,butnooneaddressmorethan4times.
Thisdeniesqueriesthatarenotauthoritative ,orversion.bind,orany.
Thisisarecursiveserver ,andauthorityfeaturesareoutofscope.
ThisistherequirementsdocumentforaDNSnameserverandaimsto *
Thisprojectaimstodevelopsuchanameserverinmodularcomponents ,so
Thisspeedsupbuildingchainsoftrust ,andusesNSECandNSEC3
Thisworksverywellwhendetectinganaddressthatyouusemuch-like *
Thus ,evenlongqueriesgeta50
Tocombatthisthefirst50 *
UnboundassumesEDNS0supportforthefirstquery.Thenitcandetect *
UnboundkeepsTTLvaluesformessageformats ,andthusrcodes,such
Unboundpreservesthecasingreceivedfromauthorityserversasbest *
Whenanewquerycomesin ,andaplaceinthefirst50
Youcanputauthoritydataonaseparateserver ,andsettheserverin
additionalsection *
addresses ,andthenmakes3
aforwarderaddress-whichiswherethemiddleboxesneedtobedetected. *
afull-fledgedCimplementationreadyfordeployeduse.NLnetLabs *
andqueriedforagain ,sothatitsproofcanbecheckedagain.
andtorespondwithafixedrcode *
answerwillbeputinthecache ,markedas
areferral.Whenansweringtoclients ,aSOArecordisneededfor
arepickedup. *
aretheonlyonesworking ,andserversreportedbythechilddonot.
asNXDOMAIN.Alsoitkeepsthelatestrrsetsintherrsetcache. *
ascertainsthatRRSIGsareOK *
asingleprobequeryissent.Thisprobehasasub-secondtimeout ,and
asmoreglueispresentfortherecursiveservicetouse.Thefeature *
aspossible.Itcompresseswithoutcase ,socasecangetlostthere.
atno-dataproof.Itcouldbedeterminedbyattemptingtoprove *
authoritativeservers ,doesnotperformduplicateremoval.
authorityserversdonotrespond ,thentherequestlistforunbound
beforethevalidatorwillproperlyverifythemessages. *
behaviour. *
bynewerquerieswhenolder *
cache.SinceAandAAAAqueriesarenotsynthesizedbytheunboundcache ,
checkNSEC *
clientswhenpossible *
createdaJavabasedprototyperesolvercalledUnbound.Thebasic *
datafrompreviousqueries.Thenetworkingandquerymanagementcode *
datafromtheparentofazone.Thiscanbeused ,byspoofingtheparent,
designdecisionsofcleanmoduleswasexecuted. *
detectdnssec-lamenessislessofaproblemthanmarkinghonest *
detected ,whichisslowbutitworksatleast.
disabled.Disablingthefeatureleadstopossiblebetterperformance *
documentthegoalsandnon-goalsoftheproject.TheDNS *
domain.Thisdomaintheninsertsanaddressforanotherauthoritative *
doubt.Thiscaseisvalidatedbyunboundasa *
duplicates ,butwhenpresentedwithduplicatesonthewirefromthe
effectofmanyresolverslessandeasiertohandle ,butpenalizes
eithercondition *
falselyEDNS-nonsupporting ,andthusDNSSEC
fillsupfast.Thisresultsindenialofservicefornewqueries. *
finalanswer.Tohelplookups ,unboundwillhoweverusetheparent
fingerprintsondatasets ,theIteratorthatsendsqueriestothe
fromtheirzone ,thiscoversmostdelegation
fromtheserverwithoutmakingunboundauthoritativeforthezones. *
havedifferentNS ,glueinformation.Thechildisauthoritative,and
hierarchicalDNSserversthatownthedataandtheCachethatstores *
iftheserverresponds *
indicatesazoneversionwherethisdomainisnotanylongerNXDOMAIN. *
individualresolversbyhavinglessprobesandalongertimebeforefixes *
isdetected.Insteadthezonethatisdnssec-lamebecomesbogus. *
isimplementedsoastominimisethesecurityrisk ,whiletryingto
ispreferred.Otherwise ,itcanreplaceolderqueriesoutofthelast50
iswhenaserverhasthezoneinquestion ,butlacksdnssecdata,suchas
keepthisperformancegain. *
keycacheadditionally ,aftertheprobing,abadkeyentryiscreatedthat
lame ,andnotusedfor900seconds,andthesecondwillresultina
lame.ThezoneisidentifiedbySOAorNSRRsetsintheanswer *
localhost ,reverselookupfor127.0.0.1,orblockingAS112traffic.
looksupdataintheDNSforclientsandcachespreviousanswersto *
maintenance. *
makestheentirezonebogusfor900seconds.Thisisafixedvalueat *
messagefromcachewhichis *
middleboxes ,andcandetecttheoccasionalauthoritythatdropsEDNS.
negativecachedNXDOMAINreplywithaSOARRwheretheserialnumber *
nooutofzoneglueisusedforfurtherresolving ,ismorecomplicated
o0x20backoff. *
oAnauthoritativenameserver. *
oAvalidatingrecursiveDNSresolver. *
oCasepreservation *
oCodediversityintheDNSresolvermonoculture. *
oDNSSECsupport. *
oDenialofserviceprotection *
oDrop-inreplacementforBINDapartfromconfig. *
oEDNSfallback.IsdoneaccordingtotheEDNSRFC *
oElegantdesignofvalidator ,resolver,cachemodules.
oFailureofvalidationandprobing. *
oFullyRFCcompliant. *
oHighlyportable ,targetsincludemodernUnixsystems,suchas
oHighperformance *
oIfaclientmakesaquerywithoutRDbit ,inthecaseofareturned
oInC ,opensource
oNXDOMAINandSOAserialnumbers. *
oParentandchildwithdifferentnameserverinformation. *
oRobust. *
oSOArecordsinnegativecachedanswersforDSqueries. *
oSmallestaspossiblecomponentthatdoesthejob. *
oStub-zonescanbeconfigured *
oTheharden-gluefeature ,whenyesalloutofzoneglueisdeleted,when
oThemethodbywhichdnssec-lamenessisdetectedisnotsecure.DNSSEClame *
oToomanyFeatures. *
oUsedas *
oauthorityfeatures. *
ofdenialofservice.I.e.acompletelydifferentNSsetcouldbereturned ,
oftheauthorityserver.ThisisthesameasBIND.RFC4343allowseither *
onaserver ,dnssec
oneortworound-tripresolvescanbedoneinthelast50 *
ordnssec-non-lamenessinthechild.Thefirstresultsintheservermarked *
orfc2181discouragesduplicatesRRsinRRsets.unbounddoesnotcreate *
ortheinformationwithheld.Allofthesealterationscanbecaughtby *
otheaccesscontroldeniesqueriesbeforeanyotherprocessing. *
parent ,dnssec
presentintheNSrecordintheauthoritysectionisletthrough. *
project.Section5discusseschoicesmadeduringdevelopment. *
proofscouldbevalid ,orneithercouldbevalid,whichcreates
providers.Limitedsupportisaddedspecificallytoaddressthis. *
queriesandgetanswersfromthecache *
queriesareperformedtogetthedata. *
reassurancethattheDNSserverdoesEDNSdoesnotmeanthatpathcan *
returnedtotheclient. *
routingpackets.Todetectthis ,whentimeoutskeephappening,asthe
rrsigandany ,becauseofspecialrrsigprocessinginthemsgparser.
runasaserver ,butalinkedintoanapplication
serverintothecache ,whenvisitingthatotherdomain,thisaddressmay
serverslame.dnssec-lamenessisaconfigerroranddeservesthetrouble. *
serversseveraltimes.Unboundgoesongetthefulllistofnameserver *
signatures.Themethodtodetectdnsseclamenesslooksatnonvalidated *
solaris ,linux,andmaybealsothewindowsplatform.
specifiedforanNXDOMAINmessage ,butsendanewerSOArecordif
speedupprocessingiscalledacaching ,recursivenameserver.
spoofedgluetoaclient.Whenthemessageexpires ,itisrefetchedand
structureforqueries. *
support *
takelargeDNSanswers. *
thanthat ,seebelow.
thatalsoDNSSEC *
thebareNSEC *
thecachedRRisupdatedwiththecorrectcontent. *
thecorrectmessageformat ,aSOArecordispickedfromthecache
themessagecache.IfaDNSKEYorDSfailsinthechainoftrustinthe *
thenbeusedtosendqueriesto.Andfakeanswersmaybereturned. *
theninterfacewiththemodulestoperformthenecessaryprocessing. *
thevalidatoriftheparentissigned ,andresultin900secondsbogus.
thishasbeenfoundinthemeantime.Inpoint ,thiscouldleadtoa
thisquerywillbe *
thistimeandisconservativeinsendingprobes.Itmakesthecompound *
thosemisconfigureddomainswheretheserversreportedbytheparent *
thusremovethe *
thususefultocachedatatospeedupfuturelookups.Aserverthat *
timeoutapproached5-10seconds ,andEDNSstatushasnotbeendetectedyet,
timetolive *
tocreateafalsesenseofdnssec-lamenessinthechild ,orafalsesense
unbound.confasstubforthosezones ,thisallowsclientstoaccessdata
unboundwillnottrustinformationfromtheparentnameserversasthe *
updatedfromanotherquery ,theNXDOMAINisdroppedfromthecache,
updatedmorecarefully.IfoneoftheNSECrecordsinanNXDOMAINis *
validatorfailure *
versionoftheglueasalastresortlookup.Thisresolveslookupsfor *
volunteeredtowritethisimplementation. *
whichispresentinadelegation ,oftypeAandAAAA,wherethenameis
willnotbepresentinthereplytotheclient *
withattemptatno-DSproof *

external/apache2/llvm/dist/llvm/utils/vscode/llvm/package-lock.json npm

@babel/code-frame 7.8.3 development
@babel/highlight 7.8.3 development
@types/node 8.10.59 development
@types/vscode 1.42.0 development
ansi-styles 3.2.1 development
argparse 1.0.10 development
balanced-match 1.0.0 development
brace-expansion 1.1.11 development
builtin-modules 1.1.1 development
chalk 2.4.2 development
color-convert 1.9.3 development
color-name 1.1.3 development
commander 2.20.3 development
concat-map 0.0.1 development
diff 4.0.2 development
escape-string-regexp 1.0.5 development
esprima 4.0.1 development
esutils 2.0.3 development
fs.realpath 1.0.0 development
glob 7.1.6 development
has-flag 3.0.0 development
inflight 1.0.6 development
inherits 2.0.4 development
js-tokens 4.0.0 development
js-yaml 3.13.1 development
minimatch 3.0.4 development
minimist 0.0.8 development
mkdirp 0.5.1 development
once 1.4.0 development
path-is-absolute 1.0.1 development
path-parse 1.0.6 development
resolve 1.15.1 development
semver 5.7.1 development
sprintf-js 1.0.3 development
supports-color 5.5.0 development
tslib 1.11.1 development
tslint 5.20.1 development
tsutils 2.29.0 development
typescript 3.8.3 development
wrappy 1.0.2 development