d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

unbound: Vendor import 1.16.3

Browse Source 
Fixes CVE-2022-3204 'Non-Responsive Delegation Attack'.

MFC after:	3 days
Security:	CVE-2022-3204
Security:	https://nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt
Changelog:	https://nlnetlabs.nl/news/2022/Sep/21/unbound-1.16.3-released/
This commit is contained in:
Cy Schubert 2022-09-29 07:14:11 -07:00
parent 9b76d32f23
commit 0dde6f4f8e
22 changed files with 107 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config.guess vendored
View File

@ -4,7 +4,7 @@
# shellcheck disable=SC2006,SC2268 # see below for rationale # shellcheck disable=SC2006,SC2268 # see below for rationale
timestamp='2022-05-25' timestamp='2022-08-01'
# This file is free software; you can redistribute it and/or modify it # This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by # under the terms of the GNU General Public License as published by
@ -1036,7 +1036,7 @@ EOF
k1om:Linux:*:*) k1om:Linux:*:*)
GUESS=$UNAME_MACHINE-unknown-linux-$LIBC GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
;; ;;
loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*) loongarch32:Linux:*:* | loongarch64:Linux:*:*)
GUESS=$UNAME_MACHINE-unknown-linux-$LIBC GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
;; ;;
m32r*:Linux:*:*) m32r*:Linux:*:*)

4
config.sub vendored
View File

@ -4,7 +4,7 @@
# shellcheck disable=SC2006,SC2268 # see below for rationale # shellcheck disable=SC2006,SC2268 # see below for rationale
timestamp='2022-01-03' timestamp='2022-08-01'
# This file is free software; you can redistribute it and/or modify it # This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by # under the terms of the GNU General Public License as published by
@ -1207,7 +1207,7 @@ case $cpu-$vendor in
| k1om \ | k1om \
| le32 | le64 \ | le32 | le64 \
| lm32 \ | lm32 \
| loongarch32 | loongarch64 | loongarchx32 \ | loongarch32 | loongarch64 \
| m32c | m32r | m32rle \ | m32c | m32r | m32rle \
| m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \ | m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \
| m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \ | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \

25
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh #! /bin/sh
# Guess values for system-dependent variables and create Makefiles. # Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unbound 1.16.2. # Generated by GNU Autoconf 2.69 for unbound 1.16.3.
# #
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>. # Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
# #
@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package. # Identity of this package.
PACKAGE_NAME='unbound' PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound' PACKAGE_TARNAME='unbound'
PACKAGE_VERSION='1.16.2' PACKAGE_VERSION='1.16.3'
PACKAGE_STRING='unbound 1.16.2' PACKAGE_STRING='unbound 1.16.3'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
PACKAGE_URL='' PACKAGE_URL=''
@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing. # Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh. # This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF cat <<_ACEOF
\`configure' configures unbound 1.16.2 to adapt to many kinds of systems. \`configure' configures unbound 1.16.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]... Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1543,7 +1543,7 @@ fi
if test -n "$ac_init_help"; then if test -n "$ac_init_help"; then
case $ac_init_help in case $ac_init_help in
short | recursive ) echo "Configuration of unbound 1.16.2:";; short | recursive ) echo "Configuration of unbound 1.16.3:";;
esac esac
cat <<\_ACEOF cat <<\_ACEOF
@ -1785,7 +1785,7 @@ fi
test -n "$ac_init_help" && exit $ac_status test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then if $ac_init_version; then
cat <<\_ACEOF cat <<\_ACEOF
unbound configure 1.16.2 unbound configure 1.16.3
generated by GNU Autoconf 2.69 generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc. Copyright (C) 2012 Free Software Foundation, Inc.
@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake. running configure, to aid debugging if configure makes a mistake.
It was created by unbound $as_me 1.16.2, which was It was created by unbound $as_me 1.16.3, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@ $ $0 $@
@ -2846,11 +2846,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=16 UNBOUND_VERSION_MINOR=16
UNBOUND_VERSION_MICRO=2 UNBOUND_VERSION_MICRO=3
LIBUNBOUND_CURRENT=9 LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=18 LIBUNBOUND_REVISION=19
LIBUNBOUND_AGE=1 LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0 # 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0 # 1.0.1 had 0:13:0
@ -2936,6 +2936,7 @@ LIBUNBOUND_AGE=1
# 1.16.0 had 9:16:1 # 1.16.0 had 9:16:1
# 1.16.1 had 9:17:1 # 1.16.1 had 9:17:1
# 1.16.2 had 9:18:1 # 1.16.2 had 9:18:1
# 1.16.3 had 9:19:1
# Current -- the number of the binary API that we're implementing # Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary # Revision -- which iteration of the implementation of the binary
@ -22014,7 +22015,7 @@ _ACEOF
version=1.16.2 version=1.16.3
date=`date +'%b %e, %Y'` date=`date +'%b %e, %Y'`
@ -22533,7 +22534,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their # report actual input values of CONFIG_FILES etc. instead of their
# values after options handling. # values after options handling.
ac_log=" ac_log="
This file was extended by unbound $as_me 1.16.2, which was This file was extended by unbound $as_me 1.16.3, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES CONFIG_FILES = $CONFIG_FILES
@ -22599,7 +22600,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\ ac_cs_version="\\
unbound config.status 1.16.2 unbound config.status 1.16.3
configured by $0, generated by GNU Autoconf 2.69, configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\" with options \\"\$ac_cs_config\\"

5
configure.ac
View File

@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing # must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[16]) m4_define([VERSION_MINOR],[16])
m4_define([VERSION_MICRO],[2]) m4_define([VERSION_MICRO],[3])
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9 LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=18 LIBUNBOUND_REVISION=19
LIBUNBOUND_AGE=1 LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0 # 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0 # 1.0.1 had 0:13:0
@ -104,6 +104,7 @@ LIBUNBOUND_AGE=1
# 1.16.0 had 9:16:1 # 1.16.0 had 9:16:1
# 1.16.1 had 9:17:1 # 1.16.1 had 9:17:1
# 1.16.2 had 9:18:1 # 1.16.2 had 9:18:1
# 1.16.3 had 9:19:1
# Current -- the number of the binary API that we're implementing # Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary # Revision -- which iteration of the implementation of the binary

3
doc/Changelog
View File

@ -1,3 +1,6 @@
21 September 2022: Wouter
- Patch for CVE-2022-3204 Non-Responsive Delegation Attack.
1 August 2022: Wouter 1 August 2022: Wouter
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Tests for ghost domain fixes. - Tests for ghost domain fixes.

2
doc/README
View File

@ -1,4 +1,4 @@
README for Unbound 1.16.2 README for Unbound 1.16.3
Copyright 2007 NLnet Labs Copyright 2007 NLnet Labs
http://unbound.net http://unbound.net

2
doc/example.conf.in
View File

@ -1,7 +1,7 @@
# #
# Example configuration file. # Example configuration file.
# #
# See unbound.conf(5) man page, version 1.16.2. # See unbound.conf(5) man page, version 1.16.3.
# #
# this is a comment. # this is a comment.

4
doc/libunbound.3.in
View File

@ -1,4 +1,4 @@
.TH "libunbound" "3" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2" .TH "libunbound" "3" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\" .\"
.\" libunbound.3 -- unbound library functions manual .\" libunbound.3 -- unbound library functions manual
.\" .\"
@ -44,7 +44,7 @@
.B ub_ctx_zone_remove, .B ub_ctx_zone_remove,
.B ub_ctx_data_add, .B ub_ctx_data_add,
.B ub_ctx_data_remove .B ub_ctx_data_remove
\- Unbound DNS validating resolver 1.16.2 functions. \- Unbound DNS validating resolver 1.16.3 functions.
.SH "SYNOPSIS" .SH "SYNOPSIS"
.B #include <unbound.h> .B #include <unbound.h>
.LP .LP

2
doc/unbound-anchor.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-anchor" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2" .TH "unbound-anchor" "8" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\" .\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\" .\"

2
doc/unbound-checkconf.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-checkconf" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2" .TH "unbound-checkconf" "8" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\" .\"
.\" unbound-checkconf.8 -- unbound configuration checker manual .\" unbound-checkconf.8 -- unbound configuration checker manual
.\" .\"

2
doc/unbound-control.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-control" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2" .TH "unbound-control" "8" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\" .\"
.\" unbound-control.8 -- unbound remote control manual .\" unbound-control.8 -- unbound remote control manual
.\" .\"

2
doc/unbound-host.1.in
View File

@ -1,4 +1,4 @@
.TH "unbound\-host" "1" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2" .TH "unbound\-host" "1" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\" .\"
.\" unbound-host.1 -- unbound DNS lookup utility .\" unbound-host.1 -- unbound DNS lookup utility
.\" .\"

4
doc/unbound.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2" .TH "unbound" "8" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\" .\"
.\" unbound.8 -- unbound manual .\" unbound.8 -- unbound manual
.\" .\"
@ -9,7 +9,7 @@
.\" .\"
.SH "NAME" .SH "NAME"
.B unbound .B unbound
\- Unbound DNS validating resolver 1.16.2. \- Unbound DNS validating resolver 1.16.3.
.SH "SYNOPSIS" .SH "SYNOPSIS"
.B unbound .B unbound
.RB [ \-h ] .RB [ \-h ]

2
doc/unbound.conf.5.in
View File

@ -1,4 +1,4 @@
.TH "unbound.conf" "5" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2" .TH "unbound.conf" "5" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\" .\"
.\" unbound.conf.5 -- unbound.conf manual .\" unbound.conf.5 -- unbound.conf manual
.\" .\"

3
iterator/iter_delegpt.c
View File

@ -78,6 +78,7 @@ struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* region)
if(!delegpt_add_ns(copy, region, ns->name, ns->lame, if(!delegpt_add_ns(copy, region, ns->name, ns->lame,
ns->tls_auth_name, ns->port)) ns->tls_auth_name, ns->port))
return NULL; return NULL;
copy->nslist->cache_lookup_count = ns->cache_lookup_count;
copy->nslist->resolved = ns->resolved; copy->nslist->resolved = ns->resolved;
copy->nslist->got4 = ns->got4; copy->nslist->got4 = ns->got4;
copy->nslist->got6 = ns->got6; copy->nslist->got6 = ns->got6;
@ -121,6 +122,7 @@ delegpt_add_ns(struct delegpt* dp, struct regional* region, uint8_t* name,
ns->namelen = len; ns->namelen = len;
dp->nslist = ns; dp->nslist = ns;
ns->name = regional_alloc_init(region, name, ns->namelen); ns->name = regional_alloc_init(region, name, ns->namelen);
ns->cache_lookup_count = 0;
ns->resolved = 0; ns->resolved = 0;
ns->got4 = 0; ns->got4 = 0;
ns->got6 = 0; ns->got6 = 0;
@ -620,6 +622,7 @@ int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame,
} }
ns->next = dp->nslist; ns->next = dp->nslist;
dp->nslist = ns; dp->nslist = ns;
ns->cache_lookup_count = 0;
ns->resolved = 0; ns->resolved = 0;
ns->got4 = 0; ns->got4 = 0;
ns->got6 = 0; ns->got6 = 0;

2
iterator/iter_delegpt.h
View File

@ -101,6 +101,8 @@ struct delegpt_ns {
uint8_t* name; uint8_t* name;
/** length of name */ /** length of name */
size_t namelen; size_t namelen;
/** number of cache lookups for the name */
int cache_lookup_count;
/** /**
* If the name has been resolved. false if not queried for yet. * If the name has been resolved. false if not queried for yet.
* true if the A, AAAA queries have been generated. * true if the A, AAAA queries have been generated.

3
iterator/iter_utils.c
View File

@ -1209,6 +1209,9 @@ int iter_lookup_parent_glue_from_cache(struct module_env* env,
struct delegpt_ns* ns; struct delegpt_ns* ns;
size_t num = delegpt_count_targets(dp); size_t num = delegpt_count_targets(dp);
for(ns = dp->nslist; ns; ns = ns->next) { for(ns = dp->nslist; ns; ns = ns->next) {
if(ns->cache_lookup_count > ITERATOR_NAME_CACHELOOKUP_MAX_PSIDE)
continue;
ns->cache_lookup_count++;
/* get cached parentside A */ /* get cached parentside A */
akey = rrset_cache_lookup(env->rrset_cache, ns->name, akey = rrset_cache_lookup(env->rrset_cache, ns->name,
ns->namelen, LDNS_RR_TYPE_A, qinfo->qclass, ns->namelen, LDNS_RR_TYPE_A, qinfo->qclass,

9
iterator/iter_utils.h
View File

@ -62,6 +62,15 @@ struct ub_packed_rrset_key;
struct module_stack; struct module_stack;
struct outside_network; struct outside_network;
/* max number of lookups in the cache for target nameserver names.
* This stops, for large delegations, N*N lookups in the cache. */
#define ITERATOR_NAME_CACHELOOKUP_MAX 3
/* max number of lookups in the cache for parentside glue for nameserver names
* This stops, for larger delegations, N*N lookups in the cache.
* It is a little larger than the nonpside max, so it allows a couple extra
* lookups of parent side glue. */
#define ITERATOR_NAME_CACHELOOKUP_MAX_PSIDE 5
/** /**
* Process config options and set iterator module state. * Process config options and set iterator module state.
* Sets default values if no config is found. * Sets default values if no config is found.

36
iterator/iterator.c
View File

@ -1218,6 +1218,15 @@ generate_dnskey_prefetch(struct module_qstate* qstate,
(qstate->query_flags&BIT_RD) && !(qstate->query_flags&BIT_CD)){ (qstate->query_flags&BIT_RD) && !(qstate->query_flags&BIT_CD)){
return; return;
} }
/* we do not generate this prefetch when the query list is full,
* the query is fetched, if needed, when the validator wants it.
* At that time the validator waits for it, after spawning it.
* This means there is one state that uses cpu and a socket, the
* spawned while this one waits, and not several at the same time,
* if we had created the lookup here. And this helps to keep
* the total load down, but the query still succeeds to resolve. */
if(mesh_jostle_exceeded(qstate->env->mesh))
return;
/* if the DNSKEY is in the cache this lookup will stop quickly */ /* if the DNSKEY is in the cache this lookup will stop quickly */
log_nametypeclass(VERB_ALGO, "schedule dnskey prefetch", log_nametypeclass(VERB_ALGO, "schedule dnskey prefetch",
@ -1911,6 +1920,14 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq,
return 0; return 0;
} }
query_count++; query_count++;
/* If the mesh query list is full, exit the loop here.
* This makes the routine spawn one query at a time,
* and this means there is no query state load
* increase, because the spawned state uses cpu and a
* socket while this state waits for that spawned
* state. Next time we can look up further targets */
if(mesh_jostle_exceeded(qstate->env->mesh))
break;
} }
/* Send the A request. */ /* Send the A request. */
if(ie->supports_ipv4 && if(ie->supports_ipv4 &&
@ -1925,6 +1942,9 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq,
return 0; return 0;
} }
query_count++; query_count++;
/* If the mesh query list is full, exit the loop. */
if(mesh_jostle_exceeded(qstate->env->mesh))
break;
} }
/* mark this target as in progress. */ /* mark this target as in progress. */
@ -2085,6 +2105,15 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
} }
ns->done_pside6 = 1; ns->done_pside6 = 1;
query_count++; query_count++;
if(mesh_jostle_exceeded(qstate->env->mesh)) {
/* Wait for the lookup; do not spawn multiple
* lookups at a time. */
verbose(VERB_ALGO, "try parent-side glue lookup");
iq->num_target_queries += query_count;
target_count_increase(iq, query_count);
qstate->ext_state[id] = module_wait_subquery;
return 0;
}
} }
if(ie->supports_ipv4 && !ns->done_pside4) { if(ie->supports_ipv4 && !ns->done_pside4) {
/* Send the A request. */ /* Send the A request. */
@ -2560,7 +2589,12 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
if(iq->depth < ie->max_dependency_depth if(iq->depth < ie->max_dependency_depth
&& iq->num_target_queries == 0 && iq->num_target_queries == 0
&& (!iq->target_count || iq->target_count[TARGET_COUNT_NX]==0) && (!iq->target_count || iq->target_count[TARGET_COUNT_NX]==0)
&& iq->sent_count < TARGET_FETCH_STOP) { && iq->sent_count < TARGET_FETCH_STOP
/* if the mesh query list is full, then do not waste cpu
* and sockets to fetch promiscuous targets. They can be
* looked up when needed. */
&& !mesh_jostle_exceeded(qstate->env->mesh)
) {
tf_policy = ie->target_fetch_policy[iq->depth]; tf_policy = ie->target_fetch_policy[iq->depth];
} }

3
services/cache/dns.c vendored
View File

@ -404,6 +404,9 @@ cache_fill_missing(struct module_env* env, uint16_t qclass,
struct ub_packed_rrset_key* akey; struct ub_packed_rrset_key* akey;
time_t now = *env->now; time_t now = *env->now;
for(ns = dp->nslist; ns; ns = ns->next) { for(ns = dp->nslist; ns; ns = ns->next) {
if(ns->cache_lookup_count > ITERATOR_NAME_CACHELOOKUP_MAX)
continue;
ns->cache_lookup_count++;
akey = rrset_cache_lookup(env->rrset_cache, ns->name, akey = rrset_cache_lookup(env->rrset_cache, ns->name,
ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0); ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0);
if(akey) { if(akey) {

7
services/mesh.c
View File

@ -2240,3 +2240,10 @@ mesh_serve_expired_callback(void* arg)
mesh_do_callback(mstate, LDNS_RCODE_NOERROR, msg->rep, c, &tv); mesh_do_callback(mstate, LDNS_RCODE_NOERROR, msg->rep, c, &tv);
} }
} }
int mesh_jostle_exceeded(struct mesh_area* mesh)
{
if(mesh->all.count < mesh->max_reply_states)
return 0;
return 1;
}

11
services/mesh.h
View File

@ -685,4 +685,15 @@ struct dns_msg*
mesh_serve_expired_lookup(struct module_qstate* qstate, mesh_serve_expired_lookup(struct module_qstate* qstate,
struct query_info* lookup_qinfo); struct query_info* lookup_qinfo);
/**
* See if the mesh has space for more queries. You can allocate queries
* anyway, but this checks for the allocated space.
* @param mesh: mesh area.
* @return true if the query list is full.
* It checks the number of all queries, not just number of reply states,
* that have a client address. So that spawned queries count too,
* that were created by the iterator, or other modules.
*/
int mesh_jostle_exceeded(struct mesh_area* mesh);
#endif /* SERVICES_MESH_H */ #endif /* SERVICES_MESH_H */