d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

unbound: Vendor import 1.17.1

Browse Source 
Release notes at
    https://www.nlnetlabs.nl/news/2023/Jan/12/unbound-1.17.1-released/.
This commit is contained in:
Cy Schubert 2023-01-13 15:52:47 -08:00
parent 643f9a0581
commit 7699e1386a
59 changed files with 7143 additions and 6154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile.in
View File

@ -616,7 +616,7 @@ install-all: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL) $(UNBOUND_EVENT_INSTA
$(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5
$(INSTALL) -c -m 644 doc/unbound-host.1 $(DESTDIR)$(mandir)/man1
$(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup
if test ! -e $(DESTDIR)$(configfile); then $(INSTALL) -d `dirname $(DESTDIR)$(configfile)`; $(INSTALL) -c -m 644 doc/example.conf $(DESTDIR)$(configfile); fi
if test ! -e "$(DESTDIR)$(configfile)"; then $(INSTALL) -d `dirname "$(DESTDIR)$(configfile)"`; $(INSTALL) -c -m 644 doc/example.conf "$(DESTDIR)$(configfile)"; fi
pythonmod-uninstall:
rm -f -- $(DESTDIR)$(PYTHON_SITE_PKG)/unboundmodule.py
@ -645,7 +645,7 @@ uninstall: $(PYTHONMOD_UNINSTALL) $(PYUNBOUND_UNINSTALL) $(UNBOUND_EVENT_UNINSTA
rm -f -- $(DESTDIR)$(includedir)/unbound.h
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la
@echo
@echo "You still need to remove "`dirname $(DESTDIR)$(configfile)`" , $(DESTDIR)$(configfile) by hand"
@echo "You still need to remove "`dirname "$(DESTDIR)$(configfile)"`" , $(DESTDIR)$(configfile) by hand"
iana_update:
curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed

1
README.md
View File

@ -4,6 +4,7 @@
[![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions)
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound)
[![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest)
[![Mastodon Follow](https://img.shields.io/mastodon/follow/109262826617293067?domain=https%3A%2F%2Ffosstodon.org&style=social)](https://fosstodon.org/@nlnetlabs)
Unbound is a validating, recursive, caching DNS resolver. It is designed to be
fast and lean and incorporates modern features based on open standards. If you

21
cachedb/cachedb.c
View File

@ -390,6 +390,15 @@ prep_data(struct module_qstate* qstate, struct sldns_buffer* buf)
if(!qstate->return_msg || !qstate->return_msg->rep)
return 0;
/* do not store failures like SERVFAIL in the cachedb, this avoids
* overwriting expired, valid, content with broken content. */
if(FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
LDNS_RCODE_NOERROR &&
FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
LDNS_RCODE_NXDOMAIN &&
FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
LDNS_RCODE_YXDOMAIN)
return 0;
/* We don't store the reply if its TTL is 0 unless serve-expired is
* enabled. Such a reply won't be reusable and simply be a waste for
* the backend. It's also compatible with the default behavior of
@ -542,10 +551,16 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf)
verbose(VERB_ALGO, "cachedb msg expired");
/* If serve-expired is enabled, we still use an expired message
* setting the TTL to 0. */
if(qstate->env->cfg->serve_expired)
adjust = -1;
else
if(!qstate->env->cfg->serve_expired ||
(FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
!= LDNS_RCODE_NOERROR &&
FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
!= LDNS_RCODE_NXDOMAIN &&
FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
!= LDNS_RCODE_YXDOMAIN))
return 0; /* message expired */
else
adjust = -1;
}
verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust);
adjust_msg_ttl(qstate->return_msg, adjust);

25
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unbound 1.17.0.
# Generated by GNU Autoconf 2.69 for unbound 1.17.1.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
#
@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
PACKAGE_VERSION='1.17.0'
PACKAGE_STRING='unbound 1.17.0'
PACKAGE_VERSION='1.17.1'
PACKAGE_STRING='unbound 1.17.1'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
PACKAGE_URL=''
@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures unbound 1.17.0 to adapt to many kinds of systems.
\`configure' configures unbound 1.17.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1543,7 +1543,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of unbound 1.17.0:";;
short | recursive ) echo "Configuration of unbound 1.17.1:";;
esac
cat <<\_ACEOF
@ -1785,7 +1785,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
unbound configure 1.17.0
unbound configure 1.17.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by unbound $as_me 1.17.0, which was
It was created by unbound $as_me 1.17.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2846,11 +2846,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=17
UNBOUND_VERSION_MICRO=0
UNBOUND_VERSION_MICRO=1
LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=20
LIBUNBOUND_REVISION=21
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -2938,6 +2938,7 @@ LIBUNBOUND_AGE=1
# 1.16.2 had 9:18:1
# 1.16.3 had 9:19:1
# 1.17.0 had 9:20:1
# 1.17.1 had 9:21:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -22085,7 +22086,7 @@ _ACEOF
version=1.17.0
version=1.17.1
date=`date +'%b %e, %Y'`
@ -22604,7 +22605,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by unbound $as_me 1.17.0, which was
This file was extended by unbound $as_me 1.17.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -22670,7 +22671,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
unbound config.status 1.17.0
unbound config.status 1.17.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

5
configure.ac
View File

@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[17])
m4_define([VERSION_MICRO],[0])
m4_define([VERSION_MICRO],[1])
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=20
LIBUNBOUND_REVISION=21
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -106,6 +106,7 @@ LIBUNBOUND_AGE=1
# 1.16.2 had 9:18:1
# 1.16.3 had 9:19:1
# 1.17.0 had 9:20:1
# 1.17.1 had 9:21:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary

5
contrib/unbound.service.in
View File

@ -42,9 +42,8 @@
[Unit]
Description=Validating, recursive, and caching DNS resolver
Documentation=man:unbound(8)
After=network-online.target
Before=nss-lookup.target
Wants=network-online.target nss-lookup.target
After=network.target
Before=network-online.target nss-lookup.target
[Install]
WantedBy=multi-user.target

9
daemon/cachedump.c
View File

@ -387,7 +387,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
struct rrset_ref ref;
uint8_t* p;
ak = alloc_special_obtain(&worker->alloc);
ak = alloc_special_obtain(worker->alloc);
if(!ak) {
log_warn("error out of memory");
return 0;
@ -398,7 +398,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
ak->rk.dname = (uint8_t*)memdup(k->rk.dname, k->rk.dname_len);
if(!ak->rk.dname) {
log_warn("error out of memory");
ub_packed_rrset_parsedelete(ak, &worker->alloc);
ub_packed_rrset_parsedelete(ak, worker->alloc);
return 0;
}
s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) +
@ -408,7 +408,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
ad = (struct packed_rrset_data*)malloc(s);
if(!ad) {
log_warn("error out of memory");
ub_packed_rrset_parsedelete(ak, &worker->alloc);
ub_packed_rrset_parsedelete(ak, worker->alloc);
return 0;
}
p = (uint8_t*)ad;
@ -431,7 +431,8 @@ move_into_cache(struct ub_packed_rrset_key* k,
ref.key = ak;
ref.id = ak->id;
(void)rrset_cache_update(worker->env.rrset_cache, &ref,
&worker->alloc, *worker->env.now);
worker->alloc, *worker->env.now);
return 1;
}

91
daemon/daemon.c
View File

@ -488,6 +488,27 @@ static int daemon_get_shufport(struct daemon* daemon, int* shufport)
return avail;
}
/**
* Clear and delete per-worker alloc caches, and free memory maintained in
* superalloc.
* The rrset and message caches must be empty at the time of call.
* @param daemon: the daemon that maintains the alloc caches to be cleared.
*/
static void
daemon_clear_allocs(struct daemon* daemon)
{
int i;
for(i=0; i<daemon->num; i++) {
alloc_clear(daemon->worker_allocs[i]);
free(daemon->worker_allocs[i]);
}
free(daemon->worker_allocs);
daemon->worker_allocs = NULL;
alloc_clear_special(&daemon->superalloc);
}
/**
* Allocate empty worker structures. With backptr and thread-number,
* from 0..numthread initialised. Used as user arguments to new threads.
@ -540,6 +561,21 @@ daemon_create_workers(struct daemon* daemon)
/* the above is not ports/numthr, due to rounding */
fatal_exit("could not create worker");
}
/* create per-worker alloc caches if not reusing existing ones. */
if(!daemon->worker_allocs) {
daemon->worker_allocs = (struct alloc_cache**)calloc(
(size_t)daemon->num, sizeof(struct alloc_cache*));
if(!daemon->worker_allocs)
fatal_exit("could not allocate worker allocs");
for(i=0; i<daemon->num; i++) {
struct alloc_cache* alloc = calloc(1,
sizeof(struct alloc_cache));
if (!alloc)
fatal_exit("could not allocate worker alloc");
alloc_init(alloc, &daemon->superalloc, i);
daemon->worker_allocs[i] = alloc;
}
}
free(shufport);
}
@ -771,6 +807,7 @@ daemon_fork(struct daemon* daemon)
/* Shutdown SHM */
shm_main_shutdown(daemon);
daemon->reuse_cache = daemon->workers[0]->reuse_cache;
daemon->need_to_exit = daemon->workers[0]->need_to_exit;
}
@ -785,9 +822,16 @@ daemon_cleanup(struct daemon* daemon)
log_thread_set(NULL);
/* clean up caches because
* a) RRset IDs will be recycled after a reload, causing collisions
* b) validation config can change, thus rrset, msg, keycache clear */
slabhash_clear(&daemon->env->rrset_cache->table);
slabhash_clear(daemon->env->msg_cache);
* b) validation config can change, thus rrset, msg, keycache clear
*
* If we are trying to keep the cache as long as possible, we should
* defer the cleanup until we know whether the new configuration allows
* the reuse. (If we're exiting, cleanup should be done here). */
if(!daemon->reuse_cache || daemon->need_to_exit) {
slabhash_clear(&daemon->env->rrset_cache->table);
slabhash_clear(daemon->env->msg_cache);
}
daemon->old_num = daemon->num; /* save the current num */
local_zones_delete(daemon->local_zones);
daemon->local_zones = NULL;
respip_set_delete(daemon->respip_set);
@ -802,8 +846,13 @@ daemon_cleanup(struct daemon* daemon)
worker_delete(daemon->workers[i]);
free(daemon->workers);
daemon->workers = NULL;
/* Unless we're trying to keep the cache, worker alloc_caches should be
* cleared and freed here. We do this after deleting workers to
* guarantee that the alloc caches are valid throughout the lifetime
* of workers. */
if(!daemon->reuse_cache || daemon->need_to_exit)
daemon_clear_allocs(daemon);
daemon->num = 0;
alloc_clear_special(&daemon->superalloc);
#ifdef USE_DNSTAP
dt_delete(daemon->dtenv);
daemon->dtenv = NULL;
@ -900,8 +949,42 @@ daemon_delete(struct daemon* daemon)
void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg)
{
int new_num = cfg->num_threads?cfg->num_threads:1;
daemon->cfg = cfg;
config_apply(cfg);
/* If this is a reload and we deferred the decision on whether to
* reuse the alloc, RRset, and message caches, then check to see if
* it's safe to keep the caches:
* - changing the number of threads is obviously incompatible with
* keeping the per-thread alloc caches. It also means we have to
* clear RRset and message caches. (note that 'new_num' may be
* adjusted in daemon_create_workers, but for our purpose we can
* simply compare it with 'old_num'; if they are equal here,
* 'new_num' won't be adjusted to a different value than 'old_num').
* - changing RRset cache size effectively clears any remaining cache
* entries. We could keep their keys in alloc caches, but it would
* be more consistent with the sense of the change to clear allocs
* and free memory. To do so we also have to clear message cache.
* - only changing message cache size does not necessarily affect
* RRset or alloc cache. But almost all new subsequent queries will
* require recursive resolution anyway, so it doesn't help much to
* just keep RRset and alloc caches. For simplicity we clear/free
* the other two, too. */
if(daemon->worker_allocs &&
(new_num != daemon->old_num ||
!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
cfg->msg_cache_slabs) ||
!slabhash_is_size(&daemon->env->rrset_cache->table,
cfg->rrset_cache_size, cfg->rrset_cache_slabs)))
{
log_warn("cannot reuse caches due to critical config change");
slabhash_clear(&daemon->env->rrset_cache->table);
slabhash_clear(daemon->env->msg_cache);
daemon_clear_allocs(daemon);
}
if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
cfg->msg_cache_slabs)) {
slabhash_delete(daemon->env->msg_cache);

6
daemon/daemon.h
View File

@ -99,8 +99,12 @@ struct daemon {
void* listen_sslctx, *connect_sslctx;
/** num threads allocated */
int num;
/** num threads allocated in the previous config or 0 at first */
int old_num;
/** the worker entries */
struct worker** workers;
/** per-worker allocation cache */
struct alloc_cache **worker_allocs;
/** do we need to exit unbound (or is it only a reload?) */
int need_to_exit;
/** master random table ; used for port div between threads on reload*/
@ -140,6 +144,8 @@ struct daemon {
/** the dnscrypt environment */
struct dnsc_env* dnscenv;
#endif
/** reuse existing cache on reload if other conditions allow it. */
int reuse_cache;
};
/**

16
daemon/remote.c
View File

@ -105,8 +105,6 @@
/** what to put on statistics lines between var and value, ": " or "=" */
#define SQ "="
/** if true, inhibits a lot of =0 lines from the stats output */
static const int inhibit_zero = 1;
/** subtract timers and the values do not overflow or become negative */
static void
@ -684,8 +682,9 @@ do_stop(RES* ssl, struct worker* worker)
/** do the reload command */
static void
do_reload(RES* ssl, struct worker* worker)
do_reload(RES* ssl, struct worker* worker, int reuse_cache)
{
worker->reuse_cache = reuse_cache;
worker->need_to_exit = 0;
comm_base_exit(worker->base);
send_ok(ssl);
@ -920,7 +919,7 @@ print_hist(RES* ssl, struct ub_stats_info* s)
/** print extended stats */
static int
print_ext(RES* ssl, struct ub_stats_info* s)
print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero)
{
int i;
char nm[32];
@ -1129,7 +1128,7 @@ do_stats(RES* ssl, struct worker* worker, int reset)
return;
if(!print_hist(ssl, &total))
return;
if(!print_ext(ssl, &total))
if(!print_ext(ssl, &total, daemon->cfg->stat_inhibit_zero))
return;
}
}
@ -1963,6 +1962,8 @@ do_flush_name(RES* ssl, struct worker* w, char* arg)
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN);
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN);
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN);
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SVCB, LDNS_RR_CLASS_IN);
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_HTTPS, LDNS_RR_CLASS_IN);
free(nm);
send_ok(ssl);
@ -3029,8 +3030,11 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd,
if(cmdcmp(p, "stop", 4)) {
do_stop(ssl, worker);
return;
} else if(cmdcmp(p, "reload_keep_cache", 17)) {
do_reload(ssl, worker, 1);
return;
} else if(cmdcmp(p, "reload", 6)) {
do_reload(ssl, worker);
do_reload(ssl, worker, 0);
return;
} else if(cmdcmp(p, "stats_noreset", 13)) {
do_stats(ssl, worker, 0);

21
daemon/worker.c
View File

@ -133,7 +133,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker),
rrset = slabhash_get_mem(&worker->env.rrset_cache->table);
infra = infra_get_mem(worker->env.infra_cache);
mesh = mesh_get_mem(worker->env.mesh);
ac = alloc_get_mem(&worker->alloc);
ac = alloc_get_mem(worker->alloc);
superac = alloc_get_mem(&worker->daemon->superalloc);
anch = anchors_get_mem(worker->env.anchors);
iter = 0;
@ -623,6 +623,14 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
if(worker->env.cfg->serve_expired_ttl &&
rep->serve_expired_ttl < timenow)
return 0;
/* Ignore expired failure answers */
if(FLAGS_GET_RCODE(rep->flags) !=
LDNS_RCODE_NOERROR &&
FLAGS_GET_RCODE(rep->flags) !=
LDNS_RCODE_NXDOMAIN &&
FLAGS_GET_RCODE(rep->flags) !=
LDNS_RCODE_YXDOMAIN)
return 0;
if(!rrset_array_lock(rep->ref, rep->rrset_count, 0))
return 0;
*is_expired_answer = 1;
@ -730,8 +738,6 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
goto bail_out;
}
} else {
/* We don't check the global ede as this is a warning, not
* an error */
if (*is_expired_answer == 1 &&
worker->env.cfg->ede_serve_expired && worker->env.cfg->ede) {
EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
@ -2059,15 +2065,14 @@ worker_init(struct worker* worker, struct config_file *cfg,
}
server_stats_init(&worker->stats, cfg);
alloc_init(&worker->alloc, &worker->daemon->superalloc,
worker->thread_num);
alloc_set_id_cleanup(&worker->alloc, &worker_alloc_cleanup, worker);
worker->alloc = worker->daemon->worker_allocs[worker->thread_num];
alloc_set_id_cleanup(worker->alloc, &worker_alloc_cleanup, worker);
worker->env = *worker->daemon->env;
comm_base_timept(worker->base, &worker->env.now, &worker->env.now_tv);
worker->env.worker = worker;
worker->env.worker_base = worker->base;
worker->env.send_query = &worker_send_query;
worker->env.alloc = &worker->alloc;
worker->env.alloc = worker->alloc;
worker->env.outnet = worker->back;
worker->env.rnd = worker->rndstate;
/* If case prefetch is triggered, the corresponding mesh will clear
@ -2211,7 +2216,7 @@ worker_delete(struct worker* worker)
#endif /* USE_DNSTAP */
comm_base_delete(worker->base);
ub_randfree(worker->rndstate);
alloc_clear(&worker->alloc);
/* don't touch worker->alloc, as it's maintained in daemon */
regional_destroy(worker->env.scratch);
regional_destroy(worker->scratchpad);
free(worker);

4
daemon/worker.h
View File

@ -118,7 +118,7 @@ struct worker {
/** do we need to restart or quit (on signal) */
int need_to_exit;
/** allocation cache for this thread */
struct alloc_cache alloc;
struct alloc_cache *alloc;
/** per thread statistics */
struct ub_server_stats stats;
/** thread scratch regional */
@ -131,6 +131,8 @@ struct worker {
/** dnstap environment, changed for this thread */
struct dt_env dtenv;
#endif
/** reuse existing cache on reload if other conditions allow it. */
int reuse_cache;
};
/**

86
doc/Changelog
View File

@ -1,7 +1,93 @@
5 January 2023: Wouter
- Tag for 1.17.1 release.
2 January 2023: Wouter
- Fix windows compile for libunbound subprocess reap comm point closes.
- Update github workflows to use checkout v3.
14 December 2022: George
- Merge #569 from JINMEI Tatuya: add keep-cache option to
'unbound-control reload' to keep caches.
13 December 2022: George
- Expose 'statistics-inhibit-zero' as a configuration option; the
default value retains Unbound's behavior.
- Expose 'max-sent-count' as a configuration option; the
default value retains Unbound's behavior.
- Merge #461 from Christian Allred: Add max-query-restarts option.
Exposes an internal configuration but the default value retains
Unbound's behavior.
13 December 2022: Wouter
- Merge #808: Wrap Makefile script's directory variables in quotes.
- Fix to wrap Makefile scripts directory in quotes for uninstall.
1 December 2022: Wouter
- Fix #773: When used with systemd-networkd, unbound does not start
until systemd-networkd-wait-online.service times out.
30 November 2022: George
- Add SVCB and HTTPS to the types removed by 'unbound-control flush'.
- Clear documentation for interactivity between the subnet module and
the serve-expired and prefetch configuration options.
30 November 2022: Wouter
- Fix #782: Segmentation fault in stats.c:404.
28 November 2022: Wouter
- Fix for the ignore of tcp events for closed comm points, preserve
the use after free protection features.
23 November 2022: Philip
- Merge #720 from jonathangray: fix use after free when
WSACreateEvent() fails.
22 November 2022: George
- Ignore expired error responses.
11 November 2022: Wouter
- Fix #779: [doc] Missing documention in ub_resolve_event() for
callback parameter was_ratelimited.
9 November 2022: George
- Complementary fix for distutils.sysconfig deprecation in Python 3.10
to commit 62c5039ab9da42713e006e840b7578e01d66e7f2.
8 November 2022: Wouter
- Fix to ignore tcp events for closed comm points.
- Fix to make sure to not read again after a tcp comm point is closed.
- Fix #775: libunbound: subprocess reap causes parent process reap
to hang.
- iana portlist update.
21 October 2022: George
- Merge #767 from jonathangray: consistently use IPv4/IPv6 in
unbound.conf.5.
21 October 2022: Wouter
- Fix that cachedb does not store failures in the external cache.
18 October 2022: George
- Clarify the use of MAX_SENT_COUNT in the iterator code.
17 October 2022: Wouter
- testcode/dohclient sets log identity to its name.
14 October 2022: Wouter
- Merge #768 from fobser: Arithmetic on a pointer to void is a GNU
extension.
- In unit test, print python script name list correctly.
13 October 2022: Wouter
- Tag for 1.17.0 release. The code repository continues with 1.17.1.
11 October 2022: George
- Fix PROXYv2 header read for TCP connections when no proxied addresses
are provided.
7 October 2022: Wouter
- Tag for 1.17.0rc1 release.
7 October 2022: George
- Fix to stop possible loops in the tcp reuse code (write_wait list
and tcp_wait list). Based on analysis and patch from Prad Seniappan

2
doc/README
View File

@ -1,4 +1,4 @@
README for Unbound 1.17.0
README for Unbound 1.17.1
Copyright 2007 NLnet Labs
http://unbound.net

18
doc/example.conf.in
View File

@ -1,7 +1,7 @@
#
# Example configuration file.
#
# See unbound.conf(5) man page, version 1.17.0.
# See unbound.conf(5) man page, version 1.17.1.
#
# this is a comment.
@ -35,9 +35,14 @@ server:
# statistics-cumulative: no
# enable extended statistics (query types, answer codes, status)
# printed from unbound-control. default off, because of speed.
# printed from unbound-control. Default off, because of speed.
# extended-statistics: no
# Inhibits selected extended statistics (qtype, qclass, qopcode, rcode,
# rpz-actions) from printing if their value is 0.
# Default on.
# statistics-inhibit-zero: yes
# number of threads to create. 1 disables threading.
# num-threads: 1
@ -173,6 +178,15 @@ server:
# a throwaway response (also timeouts) is received.
# outbound-msg-retry: 5
# Hard limit on the number of outgoing queries Unbound will make while
# resolving a name, making sure large NS sets do not loop.
# It resets on query restarts (e.g., CNAME) and referrals.
# max-sent-count: 32
# Hard limit on the number of times Unbound is allowed to restart a
# query upon encountering a CNAME record.
# max-query-restarts: 11
# msec for waiting for an unknown server to reply. Increase if you
# are behind a slow satellite link, to eg. 1128.
# unknown-server-time-limit: 376

4
doc/libunbound.3.in
View File

@ -1,4 +1,4 @@
.TH "libunbound" "3" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
.TH "libunbound" "3" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
@ -44,7 +44,7 @@
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
\- Unbound DNS validating resolver 1.17.0 functions.
\- Unbound DNS validating resolver 1.17.1 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP

2
doc/unbound-anchor.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-anchor" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
.TH "unbound-anchor" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"

2
doc/unbound-checkconf.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-checkconf" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
.TH "unbound-checkconf" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"

10
doc/unbound-control.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-control" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
.TH "unbound-control" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"
@ -54,6 +54,12 @@ Stop the server. The server daemon exits.
.B reload
Reload the server. This flushes the cache and reads the config file fresh.
.TP
.B reload_keep_cache
Reload the server but try to keep the RRset and message cache if
(re)configuration allows for it.
That means the caches sizes and the number of threads must not change between
reloads.
.TP
.B verbosity \fInumber
Change verbosity value for logging. Same values as \fBverbosity\fR keyword in
\fIunbound.conf\fR(5). This new setting lasts until the server is issued
@ -130,7 +136,7 @@ name specified.
.TP
.B flush \fIname
Remove the name from the cache. Removes the types
A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR.
A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR, SVCB and HTTPS.
Because that is fast to do. Other record types can be removed using
.B flush_type
or

2
doc/unbound-host.1.in
View File

@ -1,4 +1,4 @@
.TH "unbound\-host" "1" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
.TH "unbound\-host" "1" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
.\"
.\" unbound-host.1 -- unbound DNS lookup utility
.\"

4
doc/unbound.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
.TH "unbound" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
.\"
.\" unbound.8 -- unbound manual
.\"
@ -9,7 +9,7 @@
.\"
.SH "NAME"
.B unbound
\- Unbound DNS validating resolver 1.17.0.
\- Unbound DNS validating resolver 1.17.1.
.SH "SYNOPSIS"
.B unbound
.RB [ \-h ]

36
doc/unbound.conf.5.in
View File

@ -1,4 +1,4 @@
.TH "unbound.conf" "5" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
.TH "unbound.conf" "5" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
@ -112,6 +112,14 @@ If enabled, extended statistics are printed from \fIunbound\-control\fR(8).
Default is off, because keeping track of more statistics takes time. The
counters are listed in \fIunbound\-control\fR(8).
.TP
.B statistics\-inhibit\-zero: \fI<yes or no>
If enabled, selected extended statistics with a value of 0 are inhibited from
printing with \fIunbound\-control\fR(8).
These are query types, query classes, query opcodes, answer rcodes
(except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED) and
RPZ actions.
Default is on.
.TP
.B num\-threads: \fI<number>
The number of threads to create to serve clients. Use 1 for no threading.
.TP
@ -349,7 +357,7 @@ ip\-transparent option is also available.
The value of the Differentiated Services Codepoint (DSCP) in the
differentiated services field (DS) of the outgoing IP packet headers.
The field replaces the outdated IPv4 Type-Of-Service field and the
IPV6 traffic class field.
IPv6 traffic class field.
.TP
.B rrset\-cache\-size: \fI<number>
Number of bytes size of the RRset cache. Default is 4 megabytes.
@ -416,7 +424,7 @@ Enable or disable whether ip4 queries are answered or issued. Default is yes.
Enable or disable whether ip6 queries are answered or issued. Default is yes.
If disabled, queries are not answered on IPv6, and queries are not sent on
IPv6 to the internet nameservers. With this option you can disable the
ipv6 transport for sending DNS traffic, it does not impact the contents of
IPv6 transport for sending DNS traffic, it does not impact the contents of
the DNS traffic, which may have ip4 and ip6 addresses in it.
.TP
.B prefer\-ip4: \fI<yes or no>
@ -1671,7 +1679,7 @@ This specifies the action data for \fIresponse-ip\fR with action being
to redirect as specified by "\fIresource record string\fR". "Resource
record string" is similar to that of \fIaccess-control-tag-action\fR,
but it must be of either AAAA, A or CNAME types.
If the IP-netblock is an IPv6/IPV4 prefix, the record
If the IP-netblock is an IPv6/IPv4 prefix, the record
must be AAAA/A respectively, unless it is a CNAME (which can be used
for both versions of IP netblocks). If it is CNAME there must not be
more than one \fIresponse-ip-data\fR for the same IP-netblock.
@ -1820,6 +1828,21 @@ If a forward/stub zone is used, this is the number of retries per nameserver in
the zone.
Default is 5.
.TP 5
.B max\-sent\-count: \fI<number>
Hard limit on the number of outgoing queries Unbound will make while resolving
a name, making sure large NS sets do not loop.
Results in SERVFAIL when reached.
It resets on query restarts (e.g., CNAME) and referrals.
Default is 32.
.TP 5
.B max\-query\-restarts: \fI<number>
Hard limit on the number of times Unbound is allowed to restart a query upon
encountering a CNAME record.
Results in SERVFAIL when reached.
Changing this value needs caution as it can allow long CNAME chains to be
accepted, where Unbound needs to verify (resolve) each link individually.
Default is 11.
.TP 5
.B fast\-server\-permil: \fI<number>
Specify how many times out of 1000 to pick from the set of fastest servers.
0 turns the feature off. A value of 900 would pick from the fastest
@ -1853,7 +1876,7 @@ errors. Default is "no".
When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
Extended DNS Errors concerning DNSSEC failures that are not served from cache,
will also contain a descriptive text message about the reason for the failure.
.TP
.TP 5
.B ede\-serve\-expired: \fI<yes or no>
If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
Answer as EDNS0 option to the expired response. Note that this will not attach
@ -2358,6 +2381,9 @@ The maximum size of the ECS cache is controlled by 'msg-cache-size' in the
configuration file. On top of that, for each query only 100 different subnets
are allowed to be stored for each address family. Exceeding that number, older
entries will be purged from cache.
.LP
This module does not interact with the \fBserve\-expired*\fR and
\fBprefetch:\fR options.
.TP
.B send\-client\-subnet: \fI<IP address>\fR
Send client source address to this authority. Append /num to indicate a

11
edns-subnet/subnetmod.c
View File

@ -204,6 +204,17 @@ subnetmod_init(struct module_env *env, int id)
}
alloc_init(&sn_env->alloc, NULL, 0);
env->modinfo[id] = (void*)sn_env;
/* Warn that serve-expired and prefetch do not work with the subnet
* module cache. */
if(env->cfg->serve_expired)
log_warn(
"subnetcache: serve-expired is set but not working "
"for data originating from the subnet module cache.");
if(env->cfg->prefetch)
log_warn(
"subnetcache: prefetch is set but not working "
"for data originating from the subnet module cache.");
/* Copy msg_cache settings */
sn_env->subnet_msg_cache = slabhash_create(env->cfg->msg_cache_slabs,
HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size,

2
iterator/iter_utils.c
View File

@ -175,6 +175,8 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
iter_env->supports_ipv6 = cfg->do_ip6;
iter_env->supports_ipv4 = cfg->do_ip4;
iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
iter_env->max_sent_count = cfg->max_sent_count;
iter_env->max_query_restarts = cfg->max_query_restarts;
return 1;
}

7
iterator/iterator.c
View File

@ -1314,7 +1314,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
/* We enforce a maximum number of query restarts. This is primarily a
* cheap way to prevent CNAME loops. */
if(iq->query_restart_count > MAX_RESTART_COUNT) {
if(iq->query_restart_count > ie->max_query_restarts) {
verbose(VERB_QUERY, "request has exceeded the maximum number"
" of query restarts with %d", iq->query_restart_count);
errinf(qstate, "request has exceeded the maximum number "
@ -2276,14 +2276,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
iq->num_current_queries, iq->sent_count);
/* Make sure that we haven't run away */
/* FIXME: is this check even necessary? */
if(iq->referral_count > MAX_REFERRAL_COUNT) {
verbose(VERB_QUERY, "request has exceeded the maximum "
"number of referrrals with %d", iq->referral_count);
errinf(qstate, "exceeded the maximum of referrals");
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
}
if(iq->sent_count > MAX_SENT_COUNT) {
if(iq->sent_count > ie->max_sent_count) {
verbose(VERB_QUERY, "request has exceeded the maximum "
"number of sends with %d", iq->sent_count);
errinf(qstate, "exceeded the maximum number of sends");
@ -2630,7 +2629,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
* the original query is one that matched too, so we have
* caps_server+1 number of matching queries now */
if(iq->caps_server+1 >= naddr*3 ||
iq->caps_server*2+2 >= MAX_SENT_COUNT) {
iq->caps_server*2+2 >= (size_t)ie->max_sent_count) {
/* *2 on sentcount check because ipv6 may fail */
/* we're done, process the response */
verbose(VERB_ALGO, "0x20 fallback had %d responses "

10
iterator/iterator.h
View File

@ -63,12 +63,8 @@ struct rbtree_type;
/** max number of nxdomains allowed for target lookups for a query and
* its subqueries when fallback has kicked in */
#define MAX_TARGET_NX_FALLBACK (MAX_TARGET_NX*2)
/** max number of query restarts. Determines max number of CNAME chain. */
#define MAX_RESTART_COUNT 11
/** max number of referrals. Makes sure resolver does not run away */
#define MAX_REFERRAL_COUNT 130
/** max number of queries-sent-out. Make sure large NS set does not loop */
#define MAX_SENT_COUNT 32
/** max number of queries for which to perform dnsseclameness detection,
* (rrsigs missing detection) after that, just pick up that response */
#define DNSSEC_LAME_DETECT_COUNT 4
@ -145,6 +141,12 @@ struct iter_env {
/** number of retries on outgoing queries */
int outbound_msg_retry;
/** number of queries_sent */
int max_sent_count;
/** max number of query restarts to limit length of CNAME chain */
int max_query_restarts;
};
/**

1
libunbound/context.c
View File

@ -70,6 +70,7 @@ context_finalize(struct ub_ctx* ctx)
} else {
log_init(cfg->logfile, cfg->use_syslog, NULL);
}
ctx->pipe_pid = getpid();
cfg_apply_local_port_policy(cfg, 65536);
config_apply(cfg);
if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env))

6
libunbound/context.h
View File

@ -89,6 +89,12 @@ struct ub_ctx {
pid_t bg_pid;
/** tid of bg worker thread */
ub_thread_type bg_tid;
/** pid when pipes are created. This was the process when the
* setup was called. Helps with clean up, so we can tell after a fork
* which side of the fork the delete is on. */
pid_t pipe_pid;
/** when threaded, the worker that exists in the created thread. */
struct libworker* thread_worker;
/** do threading (instead of forking) for async resolution */
int dothread;

39
libunbound/libunbound.c
View File

@ -305,11 +305,31 @@ ub_ctx_delete(struct ub_ctx* ctx)
int do_stop = 1;
if(!ctx) return;
/* if the delete is called but it has forked, and before the fork
* the context was finalized, then the bg worker is not stopped
* from here. There is one worker, but two contexts that refer to
* it and only one should clean up, the one with getpid == pipe_pid.*/
if(ctx->created_bg && ctx->pipe_pid != getpid()) {
do_stop = 0;
#ifndef USE_WINSOCK
/* Stop events from getting deregistered, if the backend is
* epoll, the epoll fd is the same as the other process.
* That process should deregister them. */
if(ctx->qq_pipe->listen_com)
ctx->qq_pipe->listen_com->event_added = 0;
if(ctx->qq_pipe->res_com)
ctx->qq_pipe->res_com->event_added = 0;
if(ctx->rr_pipe->listen_com)
ctx->rr_pipe->listen_com->event_added = 0;
if(ctx->rr_pipe->res_com)
ctx->rr_pipe->res_com->event_added = 0;
#endif
}
/* see if bg thread is created and if threads have been killed */
/* no locks, because those may be held by terminated threads */
/* for processes the read pipe is closed and we see that on read */
#ifdef HAVE_PTHREAD
if(ctx->created_bg && ctx->dothread) {
if(ctx->created_bg && ctx->dothread && do_stop) {
if(pthread_kill(ctx->bg_tid, 0) == ESRCH) {
/* thread has been killed */
do_stop = 0;
@ -318,6 +338,23 @@ ub_ctx_delete(struct ub_ctx* ctx)
#endif /* HAVE_PTHREAD */
if(do_stop)
ub_stop_bg(ctx);
if(ctx->created_bg && ctx->pipe_pid != getpid() && ctx->thread_worker) {
/* This delete is happening from a different process. Delete
* the thread worker from this process memory space. The
* thread is not there to do so, so it is freed here. */
struct ub_event_base* evbase = comm_base_internal(
ctx->thread_worker->base);
libworker_delete_event(ctx->thread_worker);
ctx->thread_worker = NULL;
#ifdef USE_MINI_EVENT
ub_event_base_free(evbase);
#else
/* cannot event_base_free, because the epoll_fd cleanup
* in libevent could stop the original event_base in the
* other process from working. */
free(evbase);
#endif
}
libworker_delete_event(ctx->event_worker);
modstack_desetup(&ctx->mods, ctx->env);

1
libunbound/libworker.c
View File

@ -395,6 +395,7 @@ int libworker_bg(struct ub_ctx* ctx)
w = libworker_setup(ctx, 1, NULL);
if(!w) return UB_NOMEM;
w->is_bg_thread = 1;
ctx->thread_worker = w;
#ifdef ENABLE_LOCK_CHECKS
w->thread_num = 1; /* for nicer DEBUG checklocks */
#endif

3
libunbound/unbound-event.h
View File

@ -230,7 +230,7 @@ int ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base);
* @param callback: this is called on completion of the resolution.
* It is called as:
* void callback(void* mydata, int rcode, void* packet, int packet_len,
* int sec, char* why_bogus)
* int sec, char* why_bogus, int was_ratelimited)
* with mydata: the same as passed here, you may pass NULL,
* with rcode: 0 on no error, nonzero for mostly SERVFAIL situations,
* this is a DNS rcode.
@ -241,6 +241,7 @@ int ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base);
* with packet_len: length in bytes of the packet buffer.
* with sec: 0 if insecure, 1 if bogus, 2 if DNSSEC secure.
* with why_bogus: text string explaining why it is bogus (or NULL).
* with was_ratelimited: if the query was ratelimited.
* These point to buffers inside unbound; do not deallocate the packet or
* error string.
*

39
pythonmod/pythonmod.c
View File

@ -255,7 +255,7 @@ log_py_err(void)
int pythonmod_init(struct module_env* env, int id)
{
int py_mod_idx = py_mod_count++;
/* Initialize module */
FILE* script_py = NULL;
PyObject* py_init_arg, *res;
@ -316,23 +316,37 @@ int pythonmod_init(struct module_env* env, int id)
if (py_mod_count==1) {
/* Initialize Python */
PyRun_SimpleString("import sys \n");
if(PyRun_SimpleString("import sys \n") < 0 ) {
goto python_init_fail;
}
PyRun_SimpleString("sys.path.append('.') \n");
PyRun_SimpleString("sys.path.append('"RUN_DIR"') \n");
PyRun_SimpleString("sys.path.append('"SHARE_DIR"') \n");
if(env->cfg->directory && env->cfg->directory[0]) {
char wdir[1524];
snprintf(wdir, sizeof(wdir), "sys.path.append('%s') \n",
env->cfg->directory);
PyRun_SimpleString(wdir);
}
PyRun_SimpleString("sys.path.append('"RUN_DIR"') \n");
PyRun_SimpleString("sys.path.append('"SHARE_DIR"') \n");
PyRun_SimpleString("import distutils.sysconfig \n");
PyRun_SimpleString("sys.path.append(distutils.sysconfig.get_python_lib(1,0)) \n");
if (PyRun_SimpleString("from unboundmodule import *\n") < 0)
/* Check if sysconfig is there and use that instead of distutils;
* distutils.sysconfig is deprecated in Python 3.10. */
if(PyRun_SimpleString("import sysconfig \n") < 0) {
log_info("pythonmod: module sysconfig not available; "
"falling back to distutils.sysconfig.");
if(PyRun_SimpleString("import distutils.sysconfig \n") < 0
|| PyRun_SimpleString("sys.path.append("
"distutils.sysconfig.get_python_lib(1,0)) \n") < 0) {
goto python_init_fail;
}
} else {
if(PyRun_SimpleString("sys.path.append("
"sysconfig.get_path('platlib')) \n") < 0) {
goto python_init_fail;
}
}
if(PyRun_SimpleString("from unboundmodule import *\n") < 0)
{
log_err("pythonmod: cannot initialize core module: unboundmodule.py");
PyGILState_Release(gil);
return 0;
goto python_init_fail;
}
}
@ -480,6 +494,11 @@ int pythonmod_init(struct module_env* env, int id)
PyGILState_Release(gil);
return 1;
python_init_fail:
log_err("pythonmod: cannot initialize core module: unboundmodule.py");
PyGILState_Release(gil);
return 0;
}
void pythonmod_deinit(struct module_env* env, int id)

1
services/authzone.c
View File

@ -2756,6 +2756,7 @@ az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname,
== 0) {
msg->rep->rrsets[i]->rk.dname = newname;
msg->rep->rrsets[i]->rk.dname_len = newlen;
msg->rep->rrsets[i]->entry.hash = rrset_key_hash(&msg->rep->rrsets[i]->rk);
}
}
}

8
services/cache/dns.c vendored
View File

@ -636,6 +636,14 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r,
r->serve_expired_ttl < now) {
return NULL;
}
/* Ignore expired failure answers */
if(FLAGS_GET_RCODE(r->flags) !=
LDNS_RCODE_NOERROR &&
FLAGS_GET_RCODE(r->flags) !=
LDNS_RCODE_NXDOMAIN &&
FLAGS_GET_RCODE(r->flags) !=
LDNS_RCODE_YXDOMAIN)
return 0;
} else {
return NULL;
}

4
sldns/rrdef.h
View File

@ -196,8 +196,8 @@ enum sldns_enum_rr_type
LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest-12 */
LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */
LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */
LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */
LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */
LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */

12
smallapp/unbound-control.c
View File

@ -102,6 +102,12 @@ usage(void)
printf(" stop stops the server\n");
printf(" reload reloads the server\n");
printf(" (this flushes data, stats, requestlist)\n");
printf(" reload_keep_cache reloads the server but tries to\n");
printf(" keep the RRset and message cache\n");
printf(" if (re)configuration allows for it.\n");
printf(" That means the caches sizes and\n");
printf(" the number of threads must not\n");
printf(" change between reloads.\n");
printf(" stats print statistics\n");
printf(" stats_noreset peek at statistics\n");
#ifdef HAVE_SHMGET
@ -180,8 +186,6 @@ usage(void)
#ifdef HAVE_SHMGET
/** what to put on statistics lines between var and value, ": " or "=" */
#define SQ "="
/** if true, inhibits a lot of =0 lines from the stats output */
static const int inhibit_zero = 1;
/** divide sum of timers to get average */
static void
timeval_divide(struct timeval* avg, const struct timeval* sum, long long d)
@ -316,7 +320,7 @@ static void print_hist(struct ub_stats_info* s)
}
/** print extended */
static void print_extended(struct ub_stats_info* s)
static void print_extended(struct ub_stats_info* s, int inhibit_zero)
{
int i;
char nm[16];
@ -439,7 +443,7 @@ static void do_stats_shm(struct config_file* cfg, struct ub_stats_info* stats,
if(cfg->stat_extended) {
print_mem(shm_stat, &stats[0]);
print_hist(stats);
print_extended(stats);
print_extended(stats, cfg->stat_inhibit_zero);
}
}
#endif /* HAVE_SHMGET */

1
testcode/dohclient.c
View File

@ -573,6 +573,7 @@ int main(int argc, char** argv)
#endif
checklock_start();
log_init(0, 0, 0);
log_ident_set("dohclient");
h2_session = http2_session_create();
if(!h2_session) fatal_exit("out of memory");

9
testdata/03-testbound.tdir/03-testbound.test vendored
View File

@ -103,6 +103,15 @@ for input in $PRE/testdata/*.rpl $PRE/testdata/*.crpl; do
fi
fi
# detect if cachedb is needed
if echo $cleaninput | grep cachedb >/dev/null 2>&1; then
if grep "define USE_CACHEDB 1" $PRE/config.h >/dev/null 2>&1; then
: # CACHEDB is supported
else
continue
fi
fi
if test $do_valgrind = "yes"; then
echo
if (valgrind $VALGRIND_FLAGS $PRE/testbound -p $input >tmpout 2>&1;); then

7
testdata/09-unbound-control.tdir/09-unbound-control.conf vendored
View File

@ -1,6 +1,6 @@
server:
verbosity: 2
# num-threads: 1
num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
@ -9,6 +9,10 @@ server:
chroot: ""
username: ""
do-not-query-localhost: no
access-control: 127.0.0.1 allow_snoop
msg-cache-size: 4m
rrset-cache-size: 4m
minimal-responses: yes
remote-control:
control-enable: yes
control-interface: 127.0.0.1
@ -21,4 +25,3 @@ remote-control:
forward-zone:
name: "."
forward-addr: "127.0.0.1@@TOPORT@"

614
testdata/09-unbound-control.tdir/09-unbound-control.test vendored
View File

@ -5,364 +5,317 @@
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# exit value is 1 on usage
$PRE/unbound-control -h
if test $? -ne 1; then
echo "wrong exit value for usage."
exit 1
else
echo "exit value for usage: OK"
fi
# End the test
# $1: exit value
end () {
echo "> cat logfiles"
cat fwd.log
cat unbound.log
exit $1
}
# Expect a given exit value of the previous command
# $1: the expected exit value
# $2: optional text to print when failing
expect_exit_value () {
if test $? -ne $1; then
if test -z "$2"; then
if test $1 -eq 1; then
msg="on error"
else
msg="after success"
fi
else
msg="$2"
fi
echo "wrong exit value $msg"
end 1
fi
}
# Helper function for quering
# $@: at least the domain name to query and optional dig arguments
query () {
echo "> dig $@"
dig @127.0.0.1 -p $UNBOUND_PORT $@ | tee outfile
}
# Expect something in the answer
# $1: expected regular expression
expect_answer () {
echo "> check answer for \"$1\""
if grep "$1" outfile; then
echo "OK"
else
echo "Not OK"
end 1
fi
}
# Fail the test for unexpected answers
# $1: unexpected regular expression
fail_answer () {
echo "> \"$1\" should not be in answer"
if grep "$1" outfile; then
echo "Not OK"
end 1
else
echo "OK"
fi
}
# Issue an unbound-control command
# $@: command arguments
control_command () {
echo "$PRE/unbound-control $@"
$PRE/unbound-control $@ > outfile
}
# Dump the cache contents
# $@: optional options to unbound-control
cache_dump () {
echo "$PRE/unbound-control $@ dump_cache > cache.dump"
$PRE/unbound-control $@ dump_cache > cache.dump
}
# Load cache contents
# $@: optional options to unbound-control
cache_load () {
echo "$PRE/unbound-control $@ load_cache < cache.dump"
$PRE/unbound-control $@ load_cache < cache.dump
}
# Expect an entry in the cache dump
# $1: expected regular expression
expect_in_cache_dump () {
echo "> check cache dump for \"$1\""
if grep "$1" cache.dump; then
echo "OK cache dump"
else
echo "Not OK cache dump"
end 1
fi
}
# Fail the test for unexpected entry in the cache dump
# $1: unexpected regular expression
fail_in_cache_dump () {
echo "> \"$1\" should not be in cache dump"
if grep "$1" cache.dump; then
echo "Not OK cache dump"
end 1
else
echo "OK cache dump"
fi
}
# start the test
cp ub.conf main.conf
teststep "exit value is 1 on usage"
control_command -h
expect_exit_value 1 "for usage"
# use lock-verify if possible
# test if the server is up.
echo "> dig www.example.com."
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> check answer"
if grep "10.20.30.40" outfile; then
echo "OK"
else
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
teststep "test if the server is up"
query www.example.com.
expect_answer "10.20.30.40"
# exit value is 1 when a bad command is given.
echo "$PRE/unbound-control -c ub.conf blablargh"
$PRE/unbound-control -c ub.conf blablargh
if test $? -ne 1; then
echo "wrong exit value on error."
echo "> cat logfiles"
cat fwd.log
cat unbound.lo
exit 1
else
echo "correct exit value on error"
fi
teststep "exit value is 1 when a bad command is given"
control_command -c ub.conf blablargh
expect_exit_value 1
# reload the server. test if the server came up by putting a new
# local-data element in the server.
teststep "reload the server"
echo "server: local-data: 'afterreload. IN A 5.6.7.8'" >> ub.conf
echo "$PRE/unbound-control -c ub.conf reload"
$PRE/unbound-control -c ub.conf reload
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
control_command -c ub.conf reload
expect_exit_value 0
query afterreload.
expect_answer "5.6.7.8"
echo "> dig afterreload."
dig @127.0.0.1 -p $UNBOUND_PORT afterreload. | tee outfile
echo "> check answer"
if grep "5.6.7.8" outfile; then
echo "OK"
else
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
teststep "must have had at least 1 query since reload"
control_command -c ub.conf stats
expect_exit_value 0
expect_answer "^total.num.queries=[1-9][0-9]*$"
# must have had queries now. 1 since reload.
echo "$PRE/unbound-control -c ub.conf stats"
$PRE/unbound-control -c ub.conf stats > tmp.$$
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
if grep "^total.num.queries=[1-9][0-9]*$" tmp.$$; then
echo "OK"
else
echo "bad stats"
cat tmp.$$
exit 1
fi
teststep "check verbosity"
control_command -c ub.conf verbosity 2
expect_exit_value 0
# verbosity
echo "$PRE/unbound-control -c ub.conf verbosity 2"
$PRE/unbound-control -c ub.conf verbosity 2
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
teststep "check syntax error in parse"
control_command -c ub.conf verbosity jkdf
expect_exit_value 1
# check syntax error in parse
echo "$PRE/unbound-control -c ub.conf verbosity jkdf"
$PRE/unbound-control -c ub.conf verbosity jkdf
if test $? -ne 1; then
echo "wrong exit value after failure"
exit 1
fi
# check bad credentials
teststep "check bad credentials"
cp ub.conf bad.conf
echo "remote-control:" >> bad.conf
echo " server-key-file: bad_server.key" >> bad.conf
echo " server-cert-file: bad_server.pem" >> bad.conf
echo " control-key-file: bad_control.key" >> bad.conf
echo " control-cert-file: bad_control.pem" >> bad.conf
echo "$PRE/unbound-control -c bad.conf verbosity 2"
$PRE/unbound-control -c bad.conf verbosity 2
if test $? -ne 1; then
echo "wrong exit value after failure"
exit 1
fi
cat conf.bad_credentials >> bad.conf
control_command -c bad.conf verbosity 2
expect_exit_value 1
# check spoofedclient credentials
teststep "check spoofed client credentials"
rm -f bad.conf
cp ub.conf bad.conf
echo "remote-control:" >> bad.conf
echo " server-key-file: unbound_server.key" >> bad.conf
echo " server-cert-file: unbound_server.pem" >> bad.conf
echo " control-key-file: bad_control.key" >> bad.conf
echo " control-cert-file: bad_control.pem" >> bad.conf
echo "$PRE/unbound-control -c bad.conf verbosity 2"
$PRE/unbound-control -c bad.conf verbosity 2
if test $? -ne 1; then
echo "wrong exit value after failure"
exit 1
fi
cat conf.spoofed_credentials >> bad.conf
control_command -c bad.conf verbosity 2
expect_exit_value 1
# create a new local zone
echo "> test of local zone"
echo "$PRE/unbound-control -c ub.conf local_zone example.net static"
$PRE/unbound-control -c ub.conf local_zone example.net static
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
echo "$PRE/unbound-control -c ub.conf local_data www.example.net A 192.0.2.1"
$PRE/unbound-control -c ub.conf local_data www.example.net A 192.0.2.1
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
teststep "create a new local zone"
control_command -c ub.conf local_zone example.net static
expect_exit_value 0
control_command -c ub.conf local_data www.example.net A 192.0.2.1
expect_exit_value 0
# check that www.example.net exists
echo "> dig www.example.net."
dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile
echo "> check answer"
if grep "192.0.2.1" outfile; then
echo "OK"
else
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
teststep "check that www.example.net exists"
query www.example.net.
expect_answer "192.0.2.1"
# check that mail.example.net has nxdomain
echo "> dig mail.example.net."
dig @127.0.0.1 -p $UNBOUND_PORT mail.example.net. | tee outfile
echo "> check answer"
if grep "NXDOMAIN" outfile; then
echo "OK"
else
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
teststep "check that mail.example.net has nxdomain"
query mail.example.net.
expect_answer "NXDOMAIN"
# remove www.example.net - check it gets nxdomain
echo "$PRE/unbound-control -c ub.conf local_data_remove www.example.net"
$PRE/unbound-control -c ub.conf local_data_remove www.example.net
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
echo "> dig www.example.net."
dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile
echo "> check answer"
if grep "NXDOMAIN" outfile; then
echo "OK"
else
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
teststep "remove www.example.net - check it gets nxdomain"
control_command -c ub.conf local_data_remove www.example.net
expect_exit_value 0
query www.example.net.
expect_answer "NXDOMAIN"
# remove nonexistent name - check bug#287(segfault) does not happen.
echo "$PRE/unbound-control -c ub.conf local_data_remove test.example.net"
$PRE/unbound-control -c ub.conf local_data_remove test.example.net
teststep "remove nonexistent name - check bug#287(segfault) does not happen"
control_command -c ub.conf local_data_remove test.example.net
# if crash then then we get: error: could not SSL_read from unbound-control
if test $? -ne 0; then
echo "wrong exit value after success"
cat unbound.log
echo "Not OK"
exit 1
fi
expect_exit_value 0
# remove example.net - check its gone.
echo "$PRE/unbound-control -c ub.conf local_zone_remove example.net"
$PRE/unbound-control -c ub.conf local_zone_remove example.net
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
echo "> dig www.example.net."
dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile
echo "> check answer"
if grep "SERVFAIL" outfile; then
echo "OK"
else
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
teststep "remove example.net - check its gone"
control_command -c ub.conf local_zone_remove example.net
expect_exit_value 0
query www.example.net.
expect_answer "SERVFAIL"
# dump the cache
echo "> test cache dump"
# fillup cache
echo "dig www.example.com"
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com.
echo "$PRE/unbound-control -c ub.conf dump_cache"
$PRE/unbound-control -c ub.conf dump_cache > tmp.$$
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
cat tmp.$$
if grep 10.20.30.40 tmp.$$; then
echo "OK example.com is in cache dump"
else
echo "Not OK cache dump"
exit 1
fi
teststep "dump the cache"
query www.example.com.
cache_dump -c ub.conf
expect_exit_value 0
cat cache.dump
expect_in_cache "10.20.30.40"
# test lookup
echo "$PRE/unbound-control -c ub.conf lookup www.example.com"
$PRE/unbound-control -c ub.conf lookup www.example.com
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
control_command -c ub.conf lookup www.example.com
expect_exit_value 0
# answer to lookup is meaningless because of use a forwarder, oh well.
# load the cache dump.
echo "$PRE/unbound-control -c ub.conf load_cache < tmp.$$"
$PRE/unbound-control -c ub.conf load_cache < tmp.$$
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
echo "> dig www.example.com."
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
echo "> check answer"
if grep "10.20.30.40" outfile; then
echo "OK"
else
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
teststep "load the cache dump"
cache_load -c ub.conf
expect_exit_value 0
query www.example.com.
expect_answer "10.20.30.40"
# load local-zones from file
echo "$PRE/unbound-control -c ub.conf local_zones < local_zones"
$PRE/unbound-control -c ub.conf local_zones < local_zones
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
echo "> dig localzonefromfile."
dig @127.0.0.1 -p $UNBOUND_PORT localzonefromfile | tee outfile
echo "> check answer"
if grep "REFUSED" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
teststep "load local-zones from file"
control_command -c ub.conf local_zones < local_zones
expect_exit_value 0
query localzonefromfile
expect_answer "REFUSED"
# load local-data from file
echo "$PRE/unbound-control -c ub.conf local_datas < local_data"
$PRE/unbound-control -c ub.conf local_datas < local_data
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
echo "> dig localdatafromfile."
dig @127.0.0.1 -p $UNBOUND_PORT -t txt localdatafromfile | tee outfile
echo "> check answer"
if grep "local data from file OK" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
teststep "load local-data from file"
control_command -c ub.conf local_datas < local_data
expect_exit_value 0
query -t txt localdatafromfile
expect_answer "local data from file OK"
# remove local-zone and local-data from file
echo "$PRE/unbound-control -c ub.conf local_zones_remove < local_zones_remove"
$PRE/unbound-control -c ub.conf local_zones_remove < local_zones_remove
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
echo "$PRE/unbound-control -c ub.conf local_datas_remove < local_data_remove"
$PRE/unbound-control -c ub.conf local_datas_remove < local_data_remove
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
echo "> check zone and data removal list_local_zones"
$PRE/unbound-control -c ub.conf list_local_zones | tee outfile
if grep "localzonefromfile" outfile; then
echo "Not OK"
exit 1
fi
if grep "local data from file OK" outfile; then
echo "Not OK"
exit 1
fi
if grep "otherlocalzone" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
teststep "remove local-zone and local-data from file"
control_command -c ub.conf local_zones_remove < local_zones_remove
expect_exit_value 0
control_command -c ub.conf local_datas_remove < local_data_remove
expect_exit_value 0
control_command -c ub.conf list_local_zones
fail_answer "localzonefromfile"
fail_answer "local data from file OK"
expect_answer "otherlocalzone"
# flushing
echo "$PRE/unbound-control -c ub.conf flush www.example.net"
$PRE/unbound-control -c ub.conf flush www.example.net
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
teststep "flushing"
control_command -c ub.conf flush www.example.net
expect_exit_value 0
control_command -c ub.conf flush_type www.example.net TXT
expect_exit_value 0
control_command -c ub.conf flush_zone example.net
expect_exit_value 0
echo "$PRE/unbound-control -c ub.conf flush_type www.example.net TXT"
$PRE/unbound-control -c ub.conf flush_type www.example.net TXT
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
teststep "reload the server for a clean state and populate the cache"
cp main.conf ub.conf
control_command -c ub.conf reload
expect_exit_value 0
query www.example.com
expect_answer "10.20.30.40"
echo "$PRE/unbound-control -c ub.conf flush_zone example.net"
$PRE/unbound-control -c ub.conf flush_zone example.net
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
teststep "reload and check cache dump - should be empty"
control_command -c ub.conf reload
expect_exit_value 0
cache_dump -c ub.conf
expect_exit_value 0
fail_in_cache_dump "www.example.com.*10.20.30.40"
fail_in_cache_dump "msg www.example.com. IN A"
# now stop the server
echo "$PRE/unbound-control -c ub.conf stop"
$PRE/unbound-control -c ub.conf stop
if test $? -ne 0; then
echo "wrong exit value after success"
exit 1
fi
# see if the server has really exited.
query www.example.com
expect_answer "10.20.30.40"
teststep "reload_keep_cache and check cache dump - should not be empty"
control_command -c ub.conf reload_keep_cache
expect_exit_value 0
cache_dump -c ub.conf
expect_exit_value 0
expect_in_cache_dump "www.example.com.*10.20.30.40"
expect_in_cache_dump "msg www.example.com. IN A"
query www.example.com +nordflag
expect_answer "10.20.30.40"
teststep "change msg-cache-size and reload_keep_cache - should be empty"
echo "server: msg-cache-size: 2m" >> ub.conf
control_command -c ub.conf reload_keep_cache
expect_exit_value 0
cache_dump -c ub.conf
expect_exit_value 0
fail_in_cache_dump "www.example.com.*10.20.30.40"
fail_in_cache_dump "msg www.example.com. IN A"
query www.example.com
expect_answer "10.20.30.40"
teststep "change rrset-cache-size and reload_keep_cache - should be empty"
echo "server: rrset-cache-size: 2m" >> ub.conf
control_command -c ub.conf reload_keep_cache
expect_exit_value 0
cache_dump -c ub.conf
expect_exit_value 0
fail_in_cache_dump "www.example.com.*10.20.30.40"
fail_in_cache_dump "msg www.example.com. IN A"
query www.example.com
expect_answer "10.20.30.40"
teststep "change num-threads and reload_keep_cache - should be empty"
echo "server: num-threads: 2" >> ub.conf
control_command -c ub.conf reload_keep_cache
expect_exit_value 0
cache_dump -c ub.conf
expect_exit_value 0
fail_in_cache_dump "www.example.com.*10.20.30.40"
fail_in_cache_dump "msg www.example.com. IN A"
query www.example.com
expect_answer "10.20.30.40"
teststep "change minimal-responses and reload_keep_cache - should not be empty"
echo "server: minimal-responses: no" >> ub.conf
control_command -c ub.conf reload_keep_cache
expect_exit_value 0
cache_dump -c ub.conf
expect_exit_value 0
expect_in_cache_dump "www.example.com.*10.20.30.40"
expect_in_cache_dump "msg www.example.com. IN A"
teststep "now stop the server"
control_command -c ub.conf stop
expect_exit_value 0
teststep "see if the server has really exited"
TRY_MAX=20
for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do
if kill -0 $UNBOUND_PID 2>&1 | tee tmp.$$; then
@ -379,11 +332,8 @@ for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do
done
if kill -0 $UNBOUND_PID; then
echo "still up!"
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "not stopped, failure"
exit 1
end 1
else
echo "stopped OK"
@ -392,15 +342,9 @@ else
echo "lock-verify test worked."
else
echo "lock-verify test failed."
cat fwd.log
cat unbound.log
exit 1
end 1
fi
fi
fi
echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "> OK"
exit 0
end 0

5
testdata/09-unbound-control.tdir/conf.bad_credentials vendored Normal file
View File

@ -0,0 +1,5 @@
remote-control:
server-key-file: bad_server.key
server-cert-file: bad_server.pem
control-key-file: bad_control.key
control-cert-file: bad_control.pem

5
testdata/09-unbound-control.tdir/conf.spoofed_credentials vendored Normal file
View File

@ -0,0 +1,5 @@
remote-control:
server-key-file: unbound_server.key
server-cert-file: unbound_server.pem
control-key-file: bad_control.key
control-cert-file: bad_control.pem

181
testdata/cachedb_servfail_cname.crpl vendored Normal file
View File

@ -0,0 +1,181 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
minimal-responses: no
;serve-expired: yes
module-config: "cachedb iterator"
cachedb:
backend: "testframe"
secret-seed: "testvalue"
stub-zone:
name: "."
stub-addr: 193.0.14.129
CONFIG_END
SCENARIO_BEGIN Test cachedb store and servfail reply from cname.
; the servfail reply should not overwrite the cache contents.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns2.example.com.
SECTION ADDITIONAL
ns2.example.com. IN A 1.2.3.5
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
foo.com. IN NS
SECTION AUTHORITY
foo.com. IN NS ns.example.com.
ENTRY_END
RANGE_END
; ns2.example.com.
RANGE_BEGIN 0 20
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns2.example.com., now failing
RANGE_BEGIN 20 100
ADDRESS 1.2.3.5
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME foo.example.com.
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA SERVFAIL
SECTION QUESTION
foo.example.com. IN A
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA SERVFAIL
SECTION QUESTION
ns2.example.com. IN A
SECTION ANSWER
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
REPLY QR AA SERVFAIL
SECTION QUESTION
ns2.example.com. IN AAAA
SECTION ANSWER
ENTRY_END
RANGE_END
; get and entry in cache, to make it expired.
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; get the answer for it
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 1.2.3.4
ENTRY_END
; it is now expired
STEP 20 TIME_PASSES ELAPSE 20
; get a servfail in cache for the destination
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
foo.example.com. IN A
ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
foo.example.com. IN A
ENTRY_END
; the query is now a CNAME to servfail.
; there is a valid, but expired, entry in cache.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN CNAME foo.example.com.
ENTRY_END
SCENARIO_END

6
testdata/common.sh vendored
View File

@ -29,6 +29,7 @@
# wait_server_up_or_fail: wait for server to come up or print a failure string
# skip_test x : print message and skip test (must be called in .pre)
# kill_pid : kill a server, make sure and wait for it to go down.
# teststep : print the current test step in the output
# print error and exit
@ -272,3 +273,8 @@ set_doxygen_path () {
fi
}
# Print the current test step in the output
teststep () {
echo
echo "STEP [ $1 ]"
}

3
testdata/fwd_0ttlservfail.rpl vendored
View File

@ -2,6 +2,7 @@
; config options go here.
server:
serve-expired: yes
prefetch: yes
forward-zone: name: "." forward-addr: 216.0.0.1
CONFIG_END
@ -45,7 +46,7 @@ SECTION ANSWER
ENTRY_END
; enough to pass by the TTL of the servfail answer in cache
STEP 50 TIME_PASSES ELAPSE 40
STEP 50 TIME_PASSES ELAPSE 5
; this query triggers a prefetch
STEP 210 QUERY

7
testdata/pymod.tdir/pymod.py vendored
View File

@ -37,7 +37,12 @@
import os
def init(id, cfg):
log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script))
scripts=[]
s = cfg.python_script
while s != None:
scripts.append(s.str)
s = s.next
log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, scripts))
return True
def deinit(id):

130
testdata/serve_expired_cached_servfail.rpl vendored Normal file
View File

@ -0,0 +1,130 @@
; config options
server:
module-config: "validator iterator"
qname-minimisation: "no"
minimal-responses: no
serve-expired: yes
serve-expired-reply-ttl: 123
log-servfail: yes
ede: yes
ede-serve-expired: yes
stub-zone:
name: "example.com"
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply
; Scenario overview:
; - query for example.com. IN A
; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
; - check that the client gets the SERVFAIL; also cached
; - query again right after the TTL expired
; - cached SERVFAIL should be ignored and upstream queried
; - check that we get the correct answer
; ns.example.com.
RANGE_BEGIN 0 20
ADDRESS 1.2.3.4
; response to A query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 30 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. 10 IN NS
SECTION ANSWER
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 10 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; Query with RD flag
STEP 0 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we get the SERVFAIL (will be cached)
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
; Query again
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we get the cached SERVFAIL
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
; Wait for the SERVFAIL to expire
STEP 31 TIME_PASSES ELAPSE 6
; Query again
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we got the correct answer
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 10 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
SCENARIO_END

20
testdata/serve_expired_servfail.rpl → testdata/serve_expired_client_timeout_servfail.rpl vendored
View File

@ -4,7 +4,7 @@ server:
qname-minimisation: "no"
minimal-responses: no
serve-expired: yes
serve-expired-client-timeout: 1800
serve-expired-client-timeout: 1
serve-expired-reply-ttl: 123
log-servfail: yes
ede: yes
@ -32,11 +32,11 @@ RANGE_BEGIN 0 20
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
example.com. 10 IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
@ -48,14 +48,14 @@ RANGE_BEGIN 0 20
SECTION ANSWER
example.com. 10 IN A 5.6.7.8
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 30 100
RANGE_BEGIN 30 70
ADDRESS 1.2.3.4
; response to A query
ENTRY_BEGIN
@ -85,13 +85,13 @@ ENTRY_BEGIN
SECTION ANSWER
example.com. 10 IN A 5.6.7.8
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 10 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 10 IN A 1.2.3.4
ENTRY_END
; Wait for the TTL to expire
STEP 11 TIME_PASSES ELAPSE 3601
STEP 11 TIME_PASSES ELAPSE 11
; Query again
STEP 30 QUERY

167
testdata/subnet_cached_servfail.crpl vendored Normal file
View File

@ -0,0 +1,167 @@
; Check if an expired SERVFAIL answer stored in the global cache does not block
; ECS queries to reach the ECS cache.
server:
trust-anchor-signaling: no
target-fetch-policy: "0 0 0 0 0"
send-client-subnet: 1.2.3.4
max-client-subnet-ipv4: 21
module-config: "subnetcache iterator"
verbosity: 3
access-control: 127.0.0.1 allow_snoop
qname-minimisation: no
minimal-responses: no
serve-expired: yes
prefetch: yes
stub-zone:
name: "example.com."
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache
; ns.example.com.
RANGE_BEGIN 0 10
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR SERVFAIL
SECTION QUESTION
www.example.com. IN A
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 11 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname ednsdata
ADJUST copy_id copy_ednsdata_assume_clientsubnet
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 10 IN A 10.20.30.40
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
; client is 127.0.0.1
00 08 ; OPC
00 05 ; option length
00 01 ; Family
08 00 ; source mask, scopemask
7f ; address
HEX_EDNSDATA_END
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; This answer should be in the global cache
STEP 2 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; Bring the cached SERVFAIL to prefetch time
STEP 10 TIME_PASSES ELAPSE 5
STEP 11 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 08 00 05 ; OPC, optlen
00 01 08 00 ; ip4, source 8, scope 0
7f ; 127.0.0.0/8
HEX_EDNSDATA_END
ENTRY_END
; This answer was cached but a prefetch was triggerred
STEP 12 CHECK_ANSWER
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
ENTRY_END
; Wait for the SERVFAIL to expire
STEP 13 TIME_PASSES ELAPSE 2
; Query again to verify that the record was prefetched and stored in the ECS
; cache (because the server replied with ECS this time)
STEP 14 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 08 00 05 ; OPC, optlen
00 01 08 00 ; ip4, source 8, scope 0
7f ; 127.0.0.0/8
HEX_EDNSDATA_END
ENTRY_END
; This record came from the ECS cache
STEP 15 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA DO NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 8 IN A 10.20.30.40
SECTION AUTHORITY
example.com. 3598 IN NS ns.example.com.
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 08 00 05 ; OPC, optlen
00 01 08 08 ; ip4, source 8, scope 0
7f ; 127.0.0.0/8
HEX_EDNSDATA_END
ns.example.com. 3598 IN A 1.2.3.4
ENTRY_END
SCENARIO_END

9
util/config_file.c
View File

@ -99,6 +99,7 @@ config_create(void)
cfg->stat_interval = 0;
cfg->stat_cumulative = 0;
cfg->stat_extended = 0;
cfg->stat_inhibit_zero = 1;
cfg->num_threads = 1;
cfg->port = UNBOUND_DNS_PORT;
cfg->do_ip4 = 1;
@ -336,6 +337,8 @@ config_create(void)
cfg->ip_ratelimit_backoff = 0;
cfg->ratelimit_backoff = 0;
cfg->outbound_msg_retry = 5;
cfg->max_sent_count = 32;
cfg->max_query_restarts = 11;
cfg->qname_minimisation = 1;
cfg->qname_minimisation_strict = 0;
cfg->shm_enable = 0;
@ -516,6 +519,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("use-syslog:", use_syslog)
else S_STR("log-identity:", log_identity)
else S_YNO("extended-statistics:", stat_extended)
else S_YNO("statistics-inhibit-zero:", stat_inhibit_zero)
else S_YNO("statistics-cumulative:", stat_cumulative)
else S_YNO("shm-enable:", shm_enable)
else S_NUMBER_OR_ZERO("shm-key:", shm_key)
@ -778,6 +782,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff)
else S_YNO("ratelimit-backoff:", ratelimit_backoff)
else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry)
else S_NUMBER_NONZERO("max-sent-count:", max_sent_count)
else S_NUMBER_NONZERO("max-query-restarts:", max_query_restarts)
else S_SIZET_NONZERO("fast-server-num:", fast_server_num)
else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
else S_YNO("qname-minimisation:", qname_minimisation)
@ -996,6 +1002,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "statistics-interval", stat_interval)
else O_YNO(opt, "statistics-cumulative", stat_cumulative)
else O_YNO(opt, "extended-statistics", stat_extended)
else O_YNO(opt, "statistics-inhibit-zero", stat_inhibit_zero)
else O_YNO(opt, "shm-enable", shm_enable)
else O_DEC(opt, "shm-key", shm_key)
else O_YNO(opt, "use-syslog", use_syslog)
@ -1238,6 +1245,8 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff)
else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff)
else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry)
else O_UNS(opt, "max-sent-count", max_sent_count)
else O_UNS(opt, "max-query-restarts", max_query_restarts)
else O_DEC(opt, "fast-server-num", fast_server_num)
else O_DEC(opt, "fast-server-permil", fast_server_permil)
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)

7
util/config_file.h
View File

@ -76,6 +76,8 @@ struct config_file {
int stat_cumulative;
/** if true, the statistics are kept in greater detail */
int stat_extended;
/** if true, inhibits a lot of =0 lines from the extended stats output */
int stat_inhibit_zero;
/** number of threads to create */
int num_threads;
@ -608,6 +610,11 @@ struct config_file {
/** number of retries on outgoing queries */
int outbound_msg_retry;
/** max sent queries per qstate; resets on query restarts (e.g.,
* CNAMES) and referrals */
int max_sent_count;
/** max number of query restarts; determines max length of CNAME chain */
int max_query_restarts;
/** minimise outgoing QNAME and hide original QTYPE if possible */
int qname_minimisation;
/** minimise QNAME in strict mode, minimise according to RFC.

6837
util/configlexer.c
View File

File diff suppressed because it is too large Load Diff

3
util/configlexer.lex
View File

@ -438,6 +438,7 @@ insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) }
statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) }
statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) }
extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) }
statistics-inhibit-zero{COLON} { YDVAR(1, VAR_STATISTICS_INHIBIT_ZERO) }
shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) }
shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) }
remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) }
@ -514,6 +515,8 @@ ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) }
ip-ratelimit-backoff{COLON} { YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) }
ratelimit-backoff{COLON} { YDVAR(1, VAR_RATELIMIT_BACKOFF) }
outbound-msg-retry{COLON} { YDVAR(1, VAR_OUTBOUND_MSG_RETRY) }
max-sent-count{COLON} { YDVAR(1, VAR_MAX_SENT_COUNT) }
max-query-restarts{COLON} { YDVAR(1, VAR_MAX_QUERY_RESTARTS) }
low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) }
fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) }
low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) }

4118
util/configparser.c
View File

File diff suppressed because it is too large Load Diff

532
util/configparser.h
View File

@ -254,137 +254,140 @@ extern int yydebug;
VAR_RATELIMIT_SLABS = 455, /* VAR_RATELIMIT_SLABS */
VAR_RATELIMIT_SIZE = 456, /* VAR_RATELIMIT_SIZE */
VAR_OUTBOUND_MSG_RETRY = 457, /* VAR_OUTBOUND_MSG_RETRY */
VAR_RATELIMIT_FOR_DOMAIN = 458, /* VAR_RATELIMIT_FOR_DOMAIN */
VAR_RATELIMIT_BELOW_DOMAIN = 459, /* VAR_RATELIMIT_BELOW_DOMAIN */
VAR_IP_RATELIMIT_FACTOR = 460, /* VAR_IP_RATELIMIT_FACTOR */
VAR_RATELIMIT_FACTOR = 461, /* VAR_RATELIMIT_FACTOR */
VAR_IP_RATELIMIT_BACKOFF = 462, /* VAR_IP_RATELIMIT_BACKOFF */
VAR_RATELIMIT_BACKOFF = 463, /* VAR_RATELIMIT_BACKOFF */
VAR_SEND_CLIENT_SUBNET = 464, /* VAR_SEND_CLIENT_SUBNET */
VAR_CLIENT_SUBNET_ZONE = 465, /* VAR_CLIENT_SUBNET_ZONE */
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 466, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
VAR_CLIENT_SUBNET_OPCODE = 467, /* VAR_CLIENT_SUBNET_OPCODE */
VAR_MAX_CLIENT_SUBNET_IPV4 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
VAR_MAX_CLIENT_SUBNET_IPV6 = 469, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
VAR_MIN_CLIENT_SUBNET_IPV4 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
VAR_MIN_CLIENT_SUBNET_IPV6 = 471, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
VAR_MAX_ECS_TREE_SIZE_IPV4 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
VAR_MAX_ECS_TREE_SIZE_IPV6 = 473, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
VAR_CAPS_WHITELIST = 474, /* VAR_CAPS_WHITELIST */
VAR_CACHE_MAX_NEGATIVE_TTL = 475, /* VAR_CACHE_MAX_NEGATIVE_TTL */
VAR_PERMIT_SMALL_HOLDDOWN = 476, /* VAR_PERMIT_SMALL_HOLDDOWN */
VAR_QNAME_MINIMISATION = 477, /* VAR_QNAME_MINIMISATION */
VAR_QNAME_MINIMISATION_STRICT = 478, /* VAR_QNAME_MINIMISATION_STRICT */
VAR_IP_FREEBIND = 479, /* VAR_IP_FREEBIND */
VAR_DEFINE_TAG = 480, /* VAR_DEFINE_TAG */
VAR_LOCAL_ZONE_TAG = 481, /* VAR_LOCAL_ZONE_TAG */
VAR_ACCESS_CONTROL_TAG = 482, /* VAR_ACCESS_CONTROL_TAG */
VAR_LOCAL_ZONE_OVERRIDE = 483, /* VAR_LOCAL_ZONE_OVERRIDE */
VAR_ACCESS_CONTROL_TAG_ACTION = 484, /* VAR_ACCESS_CONTROL_TAG_ACTION */
VAR_ACCESS_CONTROL_TAG_DATA = 485, /* VAR_ACCESS_CONTROL_TAG_DATA */
VAR_VIEW = 486, /* VAR_VIEW */
VAR_ACCESS_CONTROL_VIEW = 487, /* VAR_ACCESS_CONTROL_VIEW */
VAR_VIEW_FIRST = 488, /* VAR_VIEW_FIRST */
VAR_SERVE_EXPIRED = 489, /* VAR_SERVE_EXPIRED */
VAR_SERVE_EXPIRED_TTL = 490, /* VAR_SERVE_EXPIRED_TTL */
VAR_SERVE_EXPIRED_TTL_RESET = 491, /* VAR_SERVE_EXPIRED_TTL_RESET */
VAR_SERVE_EXPIRED_REPLY_TTL = 492, /* VAR_SERVE_EXPIRED_REPLY_TTL */
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 493, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
VAR_EDE_SERVE_EXPIRED = 494, /* VAR_EDE_SERVE_EXPIRED */
VAR_SERVE_ORIGINAL_TTL = 495, /* VAR_SERVE_ORIGINAL_TTL */
VAR_FAKE_DSA = 496, /* VAR_FAKE_DSA */
VAR_FAKE_SHA1 = 497, /* VAR_FAKE_SHA1 */
VAR_LOG_IDENTITY = 498, /* VAR_LOG_IDENTITY */
VAR_HIDE_TRUSTANCHOR = 499, /* VAR_HIDE_TRUSTANCHOR */
VAR_HIDE_HTTP_USER_AGENT = 500, /* VAR_HIDE_HTTP_USER_AGENT */
VAR_HTTP_USER_AGENT = 501, /* VAR_HTTP_USER_AGENT */
VAR_TRUST_ANCHOR_SIGNALING = 502, /* VAR_TRUST_ANCHOR_SIGNALING */
VAR_AGGRESSIVE_NSEC = 503, /* VAR_AGGRESSIVE_NSEC */
VAR_USE_SYSTEMD = 504, /* VAR_USE_SYSTEMD */
VAR_SHM_ENABLE = 505, /* VAR_SHM_ENABLE */
VAR_SHM_KEY = 506, /* VAR_SHM_KEY */
VAR_ROOT_KEY_SENTINEL = 507, /* VAR_ROOT_KEY_SENTINEL */
VAR_DNSCRYPT = 508, /* VAR_DNSCRYPT */
VAR_DNSCRYPT_ENABLE = 509, /* VAR_DNSCRYPT_ENABLE */
VAR_DNSCRYPT_PORT = 510, /* VAR_DNSCRYPT_PORT */
VAR_DNSCRYPT_PROVIDER = 511, /* VAR_DNSCRYPT_PROVIDER */
VAR_DNSCRYPT_SECRET_KEY = 512, /* VAR_DNSCRYPT_SECRET_KEY */
VAR_DNSCRYPT_PROVIDER_CERT = 513, /* VAR_DNSCRYPT_PROVIDER_CERT */
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 514, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 515, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 516, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 517, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 518, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
VAR_PAD_RESPONSES = 519, /* VAR_PAD_RESPONSES */
VAR_PAD_RESPONSES_BLOCK_SIZE = 520, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
VAR_PAD_QUERIES = 521, /* VAR_PAD_QUERIES */
VAR_PAD_QUERIES_BLOCK_SIZE = 522, /* VAR_PAD_QUERIES_BLOCK_SIZE */
VAR_IPSECMOD_ENABLED = 523, /* VAR_IPSECMOD_ENABLED */
VAR_IPSECMOD_HOOK = 524, /* VAR_IPSECMOD_HOOK */
VAR_IPSECMOD_IGNORE_BOGUS = 525, /* VAR_IPSECMOD_IGNORE_BOGUS */
VAR_IPSECMOD_MAX_TTL = 526, /* VAR_IPSECMOD_MAX_TTL */
VAR_IPSECMOD_WHITELIST = 527, /* VAR_IPSECMOD_WHITELIST */
VAR_IPSECMOD_STRICT = 528, /* VAR_IPSECMOD_STRICT */
VAR_CACHEDB = 529, /* VAR_CACHEDB */
VAR_CACHEDB_BACKEND = 530, /* VAR_CACHEDB_BACKEND */
VAR_CACHEDB_SECRETSEED = 531, /* VAR_CACHEDB_SECRETSEED */
VAR_CACHEDB_REDISHOST = 532, /* VAR_CACHEDB_REDISHOST */
VAR_CACHEDB_REDISPORT = 533, /* VAR_CACHEDB_REDISPORT */
VAR_CACHEDB_REDISTIMEOUT = 534, /* VAR_CACHEDB_REDISTIMEOUT */
VAR_CACHEDB_REDISEXPIRERECORDS = 535, /* VAR_CACHEDB_REDISEXPIRERECORDS */
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 536, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
VAR_FOR_UPSTREAM = 537, /* VAR_FOR_UPSTREAM */
VAR_AUTH_ZONE = 538, /* VAR_AUTH_ZONE */
VAR_ZONEFILE = 539, /* VAR_ZONEFILE */
VAR_MASTER = 540, /* VAR_MASTER */
VAR_URL = 541, /* VAR_URL */
VAR_FOR_DOWNSTREAM = 542, /* VAR_FOR_DOWNSTREAM */
VAR_FALLBACK_ENABLED = 543, /* VAR_FALLBACK_ENABLED */
VAR_TLS_ADDITIONAL_PORT = 544, /* VAR_TLS_ADDITIONAL_PORT */
VAR_LOW_RTT = 545, /* VAR_LOW_RTT */
VAR_LOW_RTT_PERMIL = 546, /* VAR_LOW_RTT_PERMIL */
VAR_FAST_SERVER_PERMIL = 547, /* VAR_FAST_SERVER_PERMIL */
VAR_FAST_SERVER_NUM = 548, /* VAR_FAST_SERVER_NUM */
VAR_ALLOW_NOTIFY = 549, /* VAR_ALLOW_NOTIFY */
VAR_TLS_WIN_CERT = 550, /* VAR_TLS_WIN_CERT */
VAR_TCP_CONNECTION_LIMIT = 551, /* VAR_TCP_CONNECTION_LIMIT */
VAR_FORWARD_NO_CACHE = 552, /* VAR_FORWARD_NO_CACHE */
VAR_STUB_NO_CACHE = 553, /* VAR_STUB_NO_CACHE */
VAR_LOG_SERVFAIL = 554, /* VAR_LOG_SERVFAIL */
VAR_DENY_ANY = 555, /* VAR_DENY_ANY */
VAR_UNKNOWN_SERVER_TIME_LIMIT = 556, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
VAR_LOG_TAG_QUERYREPLY = 557, /* VAR_LOG_TAG_QUERYREPLY */
VAR_STREAM_WAIT_SIZE = 558, /* VAR_STREAM_WAIT_SIZE */
VAR_TLS_CIPHERS = 559, /* VAR_TLS_CIPHERS */
VAR_TLS_CIPHERSUITES = 560, /* VAR_TLS_CIPHERSUITES */
VAR_TLS_USE_SNI = 561, /* VAR_TLS_USE_SNI */
VAR_IPSET = 562, /* VAR_IPSET */
VAR_IPSET_NAME_V4 = 563, /* VAR_IPSET_NAME_V4 */
VAR_IPSET_NAME_V6 = 564, /* VAR_IPSET_NAME_V6 */
VAR_TLS_SESSION_TICKET_KEYS = 565, /* VAR_TLS_SESSION_TICKET_KEYS */
VAR_RPZ = 566, /* VAR_RPZ */
VAR_TAGS = 567, /* VAR_TAGS */
VAR_RPZ_ACTION_OVERRIDE = 568, /* VAR_RPZ_ACTION_OVERRIDE */
VAR_RPZ_CNAME_OVERRIDE = 569, /* VAR_RPZ_CNAME_OVERRIDE */
VAR_RPZ_LOG = 570, /* VAR_RPZ_LOG */
VAR_RPZ_LOG_NAME = 571, /* VAR_RPZ_LOG_NAME */
VAR_DYNLIB = 572, /* VAR_DYNLIB */
VAR_DYNLIB_FILE = 573, /* VAR_DYNLIB_FILE */
VAR_EDNS_CLIENT_STRING = 574, /* VAR_EDNS_CLIENT_STRING */
VAR_EDNS_CLIENT_STRING_OPCODE = 575, /* VAR_EDNS_CLIENT_STRING_OPCODE */
VAR_NSID = 576, /* VAR_NSID */
VAR_ZONEMD_PERMISSIVE_MODE = 577, /* VAR_ZONEMD_PERMISSIVE_MODE */
VAR_ZONEMD_CHECK = 578, /* VAR_ZONEMD_CHECK */
VAR_ZONEMD_REJECT_ABSENCE = 579, /* VAR_ZONEMD_REJECT_ABSENCE */
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 580, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
VAR_INTERFACE_AUTOMATIC_PORTS = 581, /* VAR_INTERFACE_AUTOMATIC_PORTS */
VAR_EDE = 582, /* VAR_EDE */
VAR_INTERFACE_ACTION = 583, /* VAR_INTERFACE_ACTION */
VAR_INTERFACE_VIEW = 584, /* VAR_INTERFACE_VIEW */
VAR_INTERFACE_TAG = 585, /* VAR_INTERFACE_TAG */
VAR_INTERFACE_TAG_ACTION = 586, /* VAR_INTERFACE_TAG_ACTION */
VAR_INTERFACE_TAG_DATA = 587, /* VAR_INTERFACE_TAG_DATA */
VAR_PROXY_PROTOCOL_PORT = 588 /* VAR_PROXY_PROTOCOL_PORT */
VAR_MAX_SENT_COUNT = 458, /* VAR_MAX_SENT_COUNT */
VAR_MAX_QUERY_RESTARTS = 459, /* VAR_MAX_QUERY_RESTARTS */
VAR_RATELIMIT_FOR_DOMAIN = 460, /* VAR_RATELIMIT_FOR_DOMAIN */
VAR_RATELIMIT_BELOW_DOMAIN = 461, /* VAR_RATELIMIT_BELOW_DOMAIN */
VAR_IP_RATELIMIT_FACTOR = 462, /* VAR_IP_RATELIMIT_FACTOR */
VAR_RATELIMIT_FACTOR = 463, /* VAR_RATELIMIT_FACTOR */
VAR_IP_RATELIMIT_BACKOFF = 464, /* VAR_IP_RATELIMIT_BACKOFF */
VAR_RATELIMIT_BACKOFF = 465, /* VAR_RATELIMIT_BACKOFF */
VAR_SEND_CLIENT_SUBNET = 466, /* VAR_SEND_CLIENT_SUBNET */
VAR_CLIENT_SUBNET_ZONE = 467, /* VAR_CLIENT_SUBNET_ZONE */
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 468, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
VAR_CLIENT_SUBNET_OPCODE = 469, /* VAR_CLIENT_SUBNET_OPCODE */
VAR_MAX_CLIENT_SUBNET_IPV4 = 470, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
VAR_MAX_CLIENT_SUBNET_IPV6 = 471, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
VAR_MIN_CLIENT_SUBNET_IPV4 = 472, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
VAR_MIN_CLIENT_SUBNET_IPV6 = 473, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
VAR_MAX_ECS_TREE_SIZE_IPV4 = 474, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
VAR_MAX_ECS_TREE_SIZE_IPV6 = 475, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
VAR_CAPS_WHITELIST = 476, /* VAR_CAPS_WHITELIST */
VAR_CACHE_MAX_NEGATIVE_TTL = 477, /* VAR_CACHE_MAX_NEGATIVE_TTL */
VAR_PERMIT_SMALL_HOLDDOWN = 478, /* VAR_PERMIT_SMALL_HOLDDOWN */
VAR_QNAME_MINIMISATION = 479, /* VAR_QNAME_MINIMISATION */
VAR_QNAME_MINIMISATION_STRICT = 480, /* VAR_QNAME_MINIMISATION_STRICT */
VAR_IP_FREEBIND = 481, /* VAR_IP_FREEBIND */
VAR_DEFINE_TAG = 482, /* VAR_DEFINE_TAG */
VAR_LOCAL_ZONE_TAG = 483, /* VAR_LOCAL_ZONE_TAG */
VAR_ACCESS_CONTROL_TAG = 484, /* VAR_ACCESS_CONTROL_TAG */
VAR_LOCAL_ZONE_OVERRIDE = 485, /* VAR_LOCAL_ZONE_OVERRIDE */
VAR_ACCESS_CONTROL_TAG_ACTION = 486, /* VAR_ACCESS_CONTROL_TAG_ACTION */
VAR_ACCESS_CONTROL_TAG_DATA = 487, /* VAR_ACCESS_CONTROL_TAG_DATA */
VAR_VIEW = 488, /* VAR_VIEW */
VAR_ACCESS_CONTROL_VIEW = 489, /* VAR_ACCESS_CONTROL_VIEW */
VAR_VIEW_FIRST = 490, /* VAR_VIEW_FIRST */
VAR_SERVE_EXPIRED = 491, /* VAR_SERVE_EXPIRED */
VAR_SERVE_EXPIRED_TTL = 492, /* VAR_SERVE_EXPIRED_TTL */
VAR_SERVE_EXPIRED_TTL_RESET = 493, /* VAR_SERVE_EXPIRED_TTL_RESET */
VAR_SERVE_EXPIRED_REPLY_TTL = 494, /* VAR_SERVE_EXPIRED_REPLY_TTL */
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 495, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
VAR_EDE_SERVE_EXPIRED = 496, /* VAR_EDE_SERVE_EXPIRED */
VAR_SERVE_ORIGINAL_TTL = 497, /* VAR_SERVE_ORIGINAL_TTL */
VAR_FAKE_DSA = 498, /* VAR_FAKE_DSA */
VAR_FAKE_SHA1 = 499, /* VAR_FAKE_SHA1 */
VAR_LOG_IDENTITY = 500, /* VAR_LOG_IDENTITY */
VAR_HIDE_TRUSTANCHOR = 501, /* VAR_HIDE_TRUSTANCHOR */
VAR_HIDE_HTTP_USER_AGENT = 502, /* VAR_HIDE_HTTP_USER_AGENT */
VAR_HTTP_USER_AGENT = 503, /* VAR_HTTP_USER_AGENT */
VAR_TRUST_ANCHOR_SIGNALING = 504, /* VAR_TRUST_ANCHOR_SIGNALING */
VAR_AGGRESSIVE_NSEC = 505, /* VAR_AGGRESSIVE_NSEC */
VAR_USE_SYSTEMD = 506, /* VAR_USE_SYSTEMD */
VAR_SHM_ENABLE = 507, /* VAR_SHM_ENABLE */
VAR_SHM_KEY = 508, /* VAR_SHM_KEY */
VAR_ROOT_KEY_SENTINEL = 509, /* VAR_ROOT_KEY_SENTINEL */
VAR_DNSCRYPT = 510, /* VAR_DNSCRYPT */
VAR_DNSCRYPT_ENABLE = 511, /* VAR_DNSCRYPT_ENABLE */
VAR_DNSCRYPT_PORT = 512, /* VAR_DNSCRYPT_PORT */
VAR_DNSCRYPT_PROVIDER = 513, /* VAR_DNSCRYPT_PROVIDER */
VAR_DNSCRYPT_SECRET_KEY = 514, /* VAR_DNSCRYPT_SECRET_KEY */
VAR_DNSCRYPT_PROVIDER_CERT = 515, /* VAR_DNSCRYPT_PROVIDER_CERT */
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 516, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 517, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 518, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 519, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 520, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
VAR_PAD_RESPONSES = 521, /* VAR_PAD_RESPONSES */
VAR_PAD_RESPONSES_BLOCK_SIZE = 522, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
VAR_PAD_QUERIES = 523, /* VAR_PAD_QUERIES */
VAR_PAD_QUERIES_BLOCK_SIZE = 524, /* VAR_PAD_QUERIES_BLOCK_SIZE */
VAR_IPSECMOD_ENABLED = 525, /* VAR_IPSECMOD_ENABLED */
VAR_IPSECMOD_HOOK = 526, /* VAR_IPSECMOD_HOOK */
VAR_IPSECMOD_IGNORE_BOGUS = 527, /* VAR_IPSECMOD_IGNORE_BOGUS */
VAR_IPSECMOD_MAX_TTL = 528, /* VAR_IPSECMOD_MAX_TTL */
VAR_IPSECMOD_WHITELIST = 529, /* VAR_IPSECMOD_WHITELIST */
VAR_IPSECMOD_STRICT = 530, /* VAR_IPSECMOD_STRICT */
VAR_CACHEDB = 531, /* VAR_CACHEDB */
VAR_CACHEDB_BACKEND = 532, /* VAR_CACHEDB_BACKEND */
VAR_CACHEDB_SECRETSEED = 533, /* VAR_CACHEDB_SECRETSEED */
VAR_CACHEDB_REDISHOST = 534, /* VAR_CACHEDB_REDISHOST */
VAR_CACHEDB_REDISPORT = 535, /* VAR_CACHEDB_REDISPORT */
VAR_CACHEDB_REDISTIMEOUT = 536, /* VAR_CACHEDB_REDISTIMEOUT */
VAR_CACHEDB_REDISEXPIRERECORDS = 537, /* VAR_CACHEDB_REDISEXPIRERECORDS */
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 538, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
VAR_FOR_UPSTREAM = 539, /* VAR_FOR_UPSTREAM */
VAR_AUTH_ZONE = 540, /* VAR_AUTH_ZONE */
VAR_ZONEFILE = 541, /* VAR_ZONEFILE */
VAR_MASTER = 542, /* VAR_MASTER */
VAR_URL = 543, /* VAR_URL */
VAR_FOR_DOWNSTREAM = 544, /* VAR_FOR_DOWNSTREAM */
VAR_FALLBACK_ENABLED = 545, /* VAR_FALLBACK_ENABLED */
VAR_TLS_ADDITIONAL_PORT = 546, /* VAR_TLS_ADDITIONAL_PORT */
VAR_LOW_RTT = 547, /* VAR_LOW_RTT */
VAR_LOW_RTT_PERMIL = 548, /* VAR_LOW_RTT_PERMIL */
VAR_FAST_SERVER_PERMIL = 549, /* VAR_FAST_SERVER_PERMIL */
VAR_FAST_SERVER_NUM = 550, /* VAR_FAST_SERVER_NUM */
VAR_ALLOW_NOTIFY = 551, /* VAR_ALLOW_NOTIFY */
VAR_TLS_WIN_CERT = 552, /* VAR_TLS_WIN_CERT */
VAR_TCP_CONNECTION_LIMIT = 553, /* VAR_TCP_CONNECTION_LIMIT */
VAR_FORWARD_NO_CACHE = 554, /* VAR_FORWARD_NO_CACHE */
VAR_STUB_NO_CACHE = 555, /* VAR_STUB_NO_CACHE */
VAR_LOG_SERVFAIL = 556, /* VAR_LOG_SERVFAIL */
VAR_DENY_ANY = 557, /* VAR_DENY_ANY */
VAR_UNKNOWN_SERVER_TIME_LIMIT = 558, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
VAR_LOG_TAG_QUERYREPLY = 559, /* VAR_LOG_TAG_QUERYREPLY */
VAR_STREAM_WAIT_SIZE = 560, /* VAR_STREAM_WAIT_SIZE */
VAR_TLS_CIPHERS = 561, /* VAR_TLS_CIPHERS */
VAR_TLS_CIPHERSUITES = 562, /* VAR_TLS_CIPHERSUITES */
VAR_TLS_USE_SNI = 563, /* VAR_TLS_USE_SNI */
VAR_IPSET = 564, /* VAR_IPSET */
VAR_IPSET_NAME_V4 = 565, /* VAR_IPSET_NAME_V4 */
VAR_IPSET_NAME_V6 = 566, /* VAR_IPSET_NAME_V6 */
VAR_TLS_SESSION_TICKET_KEYS = 567, /* VAR_TLS_SESSION_TICKET_KEYS */
VAR_RPZ = 568, /* VAR_RPZ */
VAR_TAGS = 569, /* VAR_TAGS */
VAR_RPZ_ACTION_OVERRIDE = 570, /* VAR_RPZ_ACTION_OVERRIDE */
VAR_RPZ_CNAME_OVERRIDE = 571, /* VAR_RPZ_CNAME_OVERRIDE */
VAR_RPZ_LOG = 572, /* VAR_RPZ_LOG */
VAR_RPZ_LOG_NAME = 573, /* VAR_RPZ_LOG_NAME */
VAR_DYNLIB = 574, /* VAR_DYNLIB */
VAR_DYNLIB_FILE = 575, /* VAR_DYNLIB_FILE */
VAR_EDNS_CLIENT_STRING = 576, /* VAR_EDNS_CLIENT_STRING */
VAR_EDNS_CLIENT_STRING_OPCODE = 577, /* VAR_EDNS_CLIENT_STRING_OPCODE */
VAR_NSID = 578, /* VAR_NSID */
VAR_ZONEMD_PERMISSIVE_MODE = 579, /* VAR_ZONEMD_PERMISSIVE_MODE */
VAR_ZONEMD_CHECK = 580, /* VAR_ZONEMD_CHECK */
VAR_ZONEMD_REJECT_ABSENCE = 581, /* VAR_ZONEMD_REJECT_ABSENCE */
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 582, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
VAR_INTERFACE_AUTOMATIC_PORTS = 583, /* VAR_INTERFACE_AUTOMATIC_PORTS */
VAR_EDE = 584, /* VAR_EDE */
VAR_INTERFACE_ACTION = 585, /* VAR_INTERFACE_ACTION */
VAR_INTERFACE_VIEW = 586, /* VAR_INTERFACE_VIEW */
VAR_INTERFACE_TAG = 587, /* VAR_INTERFACE_TAG */
VAR_INTERFACE_TAG_ACTION = 588, /* VAR_INTERFACE_TAG_ACTION */
VAR_INTERFACE_TAG_DATA = 589, /* VAR_INTERFACE_TAG_DATA */
VAR_PROXY_PROTOCOL_PORT = 590, /* VAR_PROXY_PROTOCOL_PORT */
VAR_STATISTICS_INHIBIT_ZERO = 591 /* VAR_STATISTICS_INHIBIT_ZERO */
};
typedef enum yytokentype yytoken_kind_t;
#endif
@ -593,137 +596,140 @@ extern int yydebug;
#define VAR_RATELIMIT_SLABS 455
#define VAR_RATELIMIT_SIZE 456
#define VAR_OUTBOUND_MSG_RETRY 457
#define VAR_RATELIMIT_FOR_DOMAIN 458
#define VAR_RATELIMIT_BELOW_DOMAIN 459
#define VAR_IP_RATELIMIT_FACTOR 460
#define VAR_RATELIMIT_FACTOR 461
#define VAR_IP_RATELIMIT_BACKOFF 462
#define VAR_RATELIMIT_BACKOFF 463
#define VAR_SEND_CLIENT_SUBNET 464
#define VAR_CLIENT_SUBNET_ZONE 465
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 466
#define VAR_CLIENT_SUBNET_OPCODE 467
#define VAR_MAX_CLIENT_SUBNET_IPV4 468
#define VAR_MAX_CLIENT_SUBNET_IPV6 469
#define VAR_MIN_CLIENT_SUBNET_IPV4 470
#define VAR_MIN_CLIENT_SUBNET_IPV6 471
#define VAR_MAX_ECS_TREE_SIZE_IPV4 472
#define VAR_MAX_ECS_TREE_SIZE_IPV6 473
#define VAR_CAPS_WHITELIST 474
#define VAR_CACHE_MAX_NEGATIVE_TTL 475
#define VAR_PERMIT_SMALL_HOLDDOWN 476
#define VAR_QNAME_MINIMISATION 477
#define VAR_QNAME_MINIMISATION_STRICT 478
#define VAR_IP_FREEBIND 479
#define VAR_DEFINE_TAG 480
#define VAR_LOCAL_ZONE_TAG 481
#define VAR_ACCESS_CONTROL_TAG 482
#define VAR_LOCAL_ZONE_OVERRIDE 483
#define VAR_ACCESS_CONTROL_TAG_ACTION 484
#define VAR_ACCESS_CONTROL_TAG_DATA 485
#define VAR_VIEW 486
#define VAR_ACCESS_CONTROL_VIEW 487
#define VAR_VIEW_FIRST 488
#define VAR_SERVE_EXPIRED 489
#define VAR_SERVE_EXPIRED_TTL 490
#define VAR_SERVE_EXPIRED_TTL_RESET 491
#define VAR_SERVE_EXPIRED_REPLY_TTL 492
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 493
#define VAR_EDE_SERVE_EXPIRED 494
#define VAR_SERVE_ORIGINAL_TTL 495
#define VAR_FAKE_DSA 496
#define VAR_FAKE_SHA1 497
#define VAR_LOG_IDENTITY 498
#define VAR_HIDE_TRUSTANCHOR 499
#define VAR_HIDE_HTTP_USER_AGENT 500
#define VAR_HTTP_USER_AGENT 501
#define VAR_TRUST_ANCHOR_SIGNALING 502
#define VAR_AGGRESSIVE_NSEC 503
#define VAR_USE_SYSTEMD 504
#define VAR_SHM_ENABLE 505
#define VAR_SHM_KEY 506
#define VAR_ROOT_KEY_SENTINEL 507
#define VAR_DNSCRYPT 508
#define VAR_DNSCRYPT_ENABLE 509
#define VAR_DNSCRYPT_PORT 510
#define VAR_DNSCRYPT_PROVIDER 511
#define VAR_DNSCRYPT_SECRET_KEY 512
#define VAR_DNSCRYPT_PROVIDER_CERT 513
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 514
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 515
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 516
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 517
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 518
#define VAR_PAD_RESPONSES 519
#define VAR_PAD_RESPONSES_BLOCK_SIZE 520
#define VAR_PAD_QUERIES 521
#define VAR_PAD_QUERIES_BLOCK_SIZE 522
#define VAR_IPSECMOD_ENABLED 523
#define VAR_IPSECMOD_HOOK 524
#define VAR_IPSECMOD_IGNORE_BOGUS 525
#define VAR_IPSECMOD_MAX_TTL 526
#define VAR_IPSECMOD_WHITELIST 527
#define VAR_IPSECMOD_STRICT 528
#define VAR_CACHEDB 529
#define VAR_CACHEDB_BACKEND 530
#define VAR_CACHEDB_SECRETSEED 531
#define VAR_CACHEDB_REDISHOST 532
#define VAR_CACHEDB_REDISPORT 533
#define VAR_CACHEDB_REDISTIMEOUT 534
#define VAR_CACHEDB_REDISEXPIRERECORDS 535
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 536
#define VAR_FOR_UPSTREAM 537
#define VAR_AUTH_ZONE 538
#define VAR_ZONEFILE 539
#define VAR_MASTER 540
#define VAR_URL 541
#define VAR_FOR_DOWNSTREAM 542
#define VAR_FALLBACK_ENABLED 543
#define VAR_TLS_ADDITIONAL_PORT 544
#define VAR_LOW_RTT 545
#define VAR_LOW_RTT_PERMIL 546
#define VAR_FAST_SERVER_PERMIL 547
#define VAR_FAST_SERVER_NUM 548
#define VAR_ALLOW_NOTIFY 549
#define VAR_TLS_WIN_CERT 550
#define VAR_TCP_CONNECTION_LIMIT 551
#define VAR_FORWARD_NO_CACHE 552
#define VAR_STUB_NO_CACHE 553
#define VAR_LOG_SERVFAIL 554
#define VAR_DENY_ANY 555
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 556
#define VAR_LOG_TAG_QUERYREPLY 557
#define VAR_STREAM_WAIT_SIZE 558
#define VAR_TLS_CIPHERS 559
#define VAR_TLS_CIPHERSUITES 560
#define VAR_TLS_USE_SNI 561
#define VAR_IPSET 562
#define VAR_IPSET_NAME_V4 563
#define VAR_IPSET_NAME_V6 564
#define VAR_TLS_SESSION_TICKET_KEYS 565
#define VAR_RPZ 566
#define VAR_TAGS 567
#define VAR_RPZ_ACTION_OVERRIDE 568
#define VAR_RPZ_CNAME_OVERRIDE 569
#define VAR_RPZ_LOG 570
#define VAR_RPZ_LOG_NAME 571
#define VAR_DYNLIB 572
#define VAR_DYNLIB_FILE 573
#define VAR_EDNS_CLIENT_STRING 574
#define VAR_EDNS_CLIENT_STRING_OPCODE 575
#define VAR_NSID 576
#define VAR_ZONEMD_PERMISSIVE_MODE 577
#define VAR_ZONEMD_CHECK 578
#define VAR_ZONEMD_REJECT_ABSENCE 579
#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 580
#define VAR_INTERFACE_AUTOMATIC_PORTS 581
#define VAR_EDE 582
#define VAR_INTERFACE_ACTION 583
#define VAR_INTERFACE_VIEW 584
#define VAR_INTERFACE_TAG 585
#define VAR_INTERFACE_TAG_ACTION 586
#define VAR_INTERFACE_TAG_DATA 587
#define VAR_PROXY_PROTOCOL_PORT 588
#define VAR_MAX_SENT_COUNT 458
#define VAR_MAX_QUERY_RESTARTS 459
#define VAR_RATELIMIT_FOR_DOMAIN 460
#define VAR_RATELIMIT_BELOW_DOMAIN 461
#define VAR_IP_RATELIMIT_FACTOR 462
#define VAR_RATELIMIT_FACTOR 463
#define VAR_IP_RATELIMIT_BACKOFF 464
#define VAR_RATELIMIT_BACKOFF 465
#define VAR_SEND_CLIENT_SUBNET 466
#define VAR_CLIENT_SUBNET_ZONE 467
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 468
#define VAR_CLIENT_SUBNET_OPCODE 469
#define VAR_MAX_CLIENT_SUBNET_IPV4 470
#define VAR_MAX_CLIENT_SUBNET_IPV6 471
#define VAR_MIN_CLIENT_SUBNET_IPV4 472
#define VAR_MIN_CLIENT_SUBNET_IPV6 473
#define VAR_MAX_ECS_TREE_SIZE_IPV4 474
#define VAR_MAX_ECS_TREE_SIZE_IPV6 475
#define VAR_CAPS_WHITELIST 476
#define VAR_CACHE_MAX_NEGATIVE_TTL 477
#define VAR_PERMIT_SMALL_HOLDDOWN 478
#define VAR_QNAME_MINIMISATION 479
#define VAR_QNAME_MINIMISATION_STRICT 480
#define VAR_IP_FREEBIND 481
#define VAR_DEFINE_TAG 482
#define VAR_LOCAL_ZONE_TAG 483
#define VAR_ACCESS_CONTROL_TAG 484
#define VAR_LOCAL_ZONE_OVERRIDE 485
#define VAR_ACCESS_CONTROL_TAG_ACTION 486
#define VAR_ACCESS_CONTROL_TAG_DATA 487
#define VAR_VIEW 488
#define VAR_ACCESS_CONTROL_VIEW 489
#define VAR_VIEW_FIRST 490
#define VAR_SERVE_EXPIRED 491
#define VAR_SERVE_EXPIRED_TTL 492
#define VAR_SERVE_EXPIRED_TTL_RESET 493
#define VAR_SERVE_EXPIRED_REPLY_TTL 494
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 495
#define VAR_EDE_SERVE_EXPIRED 496
#define VAR_SERVE_ORIGINAL_TTL 497
#define VAR_FAKE_DSA 498
#define VAR_FAKE_SHA1 499
#define VAR_LOG_IDENTITY 500
#define VAR_HIDE_TRUSTANCHOR 501
#define VAR_HIDE_HTTP_USER_AGENT 502
#define VAR_HTTP_USER_AGENT 503
#define VAR_TRUST_ANCHOR_SIGNALING 504
#define VAR_AGGRESSIVE_NSEC 505
#define VAR_USE_SYSTEMD 506
#define VAR_SHM_ENABLE 507
#define VAR_SHM_KEY 508
#define VAR_ROOT_KEY_SENTINEL 509
#define VAR_DNSCRYPT 510
#define VAR_DNSCRYPT_ENABLE 511
#define VAR_DNSCRYPT_PORT 512
#define VAR_DNSCRYPT_PROVIDER 513
#define VAR_DNSCRYPT_SECRET_KEY 514
#define VAR_DNSCRYPT_PROVIDER_CERT 515
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 516
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 517
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 518
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 519
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 520
#define VAR_PAD_RESPONSES 521
#define VAR_PAD_RESPONSES_BLOCK_SIZE 522
#define VAR_PAD_QUERIES 523
#define VAR_PAD_QUERIES_BLOCK_SIZE 524
#define VAR_IPSECMOD_ENABLED 525
#define VAR_IPSECMOD_HOOK 526
#define VAR_IPSECMOD_IGNORE_BOGUS 527
#define VAR_IPSECMOD_MAX_TTL 528
#define VAR_IPSECMOD_WHITELIST 529
#define VAR_IPSECMOD_STRICT 530
#define VAR_CACHEDB 531
#define VAR_CACHEDB_BACKEND 532
#define VAR_CACHEDB_SECRETSEED 533
#define VAR_CACHEDB_REDISHOST 534
#define VAR_CACHEDB_REDISPORT 535
#define VAR_CACHEDB_REDISTIMEOUT 536
#define VAR_CACHEDB_REDISEXPIRERECORDS 537
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 538
#define VAR_FOR_UPSTREAM 539
#define VAR_AUTH_ZONE 540
#define VAR_ZONEFILE 541
#define VAR_MASTER 542
#define VAR_URL 543
#define VAR_FOR_DOWNSTREAM 544
#define VAR_FALLBACK_ENABLED 545
#define VAR_TLS_ADDITIONAL_PORT 546
#define VAR_LOW_RTT 547
#define VAR_LOW_RTT_PERMIL 548
#define VAR_FAST_SERVER_PERMIL 549
#define VAR_FAST_SERVER_NUM 550
#define VAR_ALLOW_NOTIFY 551
#define VAR_TLS_WIN_CERT 552
#define VAR_TCP_CONNECTION_LIMIT 553
#define VAR_FORWARD_NO_CACHE 554
#define VAR_STUB_NO_CACHE 555
#define VAR_LOG_SERVFAIL 556
#define VAR_DENY_ANY 557
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 558
#define VAR_LOG_TAG_QUERYREPLY 559
#define VAR_STREAM_WAIT_SIZE 560
#define VAR_TLS_CIPHERS 561
#define VAR_TLS_CIPHERSUITES 562
#define VAR_TLS_USE_SNI 563
#define VAR_IPSET 564
#define VAR_IPSET_NAME_V4 565
#define VAR_IPSET_NAME_V6 566
#define VAR_TLS_SESSION_TICKET_KEYS 567
#define VAR_RPZ 568
#define VAR_TAGS 569
#define VAR_RPZ_ACTION_OVERRIDE 570
#define VAR_RPZ_CNAME_OVERRIDE 571
#define VAR_RPZ_LOG 572
#define VAR_RPZ_LOG_NAME 573
#define VAR_DYNLIB 574
#define VAR_DYNLIB_FILE 575
#define VAR_EDNS_CLIENT_STRING 576
#define VAR_EDNS_CLIENT_STRING_OPCODE 577
#define VAR_NSID 578
#define VAR_ZONEMD_PERMISSIVE_MODE 579
#define VAR_ZONEMD_CHECK 580
#define VAR_ZONEMD_REJECT_ABSENCE 581
#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 582
#define VAR_INTERFACE_AUTOMATIC_PORTS 583
#define VAR_EDE 584
#define VAR_INTERFACE_ACTION 585
#define VAR_INTERFACE_VIEW 586
#define VAR_INTERFACE_TAG 587
#define VAR_INTERFACE_TAG_ACTION 588
#define VAR_INTERFACE_TAG_DATA 589
#define VAR_PROXY_PROTOCOL_PORT 590
#define VAR_STATISTICS_INHIBIT_ZERO 591
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -733,7 +739,7 @@ union YYSTYPE
char* str;
#line 737 "util/configparser.h"
#line 743 "util/configparser.h"
};
typedef union YYSTYPE YYSTYPE;

34
util/configparser.y
View File

@ -140,7 +140,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_DISABLE_DNSSEC_LAME_CHECK
%token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
%token VAR_OUTBOUND_MSG_RETRY
%token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
%token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
%token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
@ -193,7 +193,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
%token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
%token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
%token VAR_PROXY_PROTOCOL_PORT
%token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
%%
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@ -282,6 +282,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_ratelimit_below_domain | server_ratelimit_factor |
server_ip_ratelimit_factor | server_ratelimit_backoff |
server_ip_ratelimit_backoff | server_outbound_msg_retry |
server_max_sent_count | server_max_query_restarts |
server_send_client_subnet | server_client_subnet_zone |
server_client_subnet_always_forward | server_client_subnet_opcode |
server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
@ -322,7 +323,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
server_interface_automatic_ports | server_ede |
server_proxy_protocol_port
server_proxy_protocol_port | server_statistics_inhibit_zero
;
stubstart: VAR_STUB_ZONE
{
@ -554,6 +555,15 @@ server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
free($2);
}
;
server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
{
OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
free($2);
}
;
server_shm_enable: VAR_SHM_ENABLE STRING_ARG
{
OUTYY(("P(server_shm_enable:%s)\n", $2));
@ -2636,6 +2646,24 @@ server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
free($2);
}
;
server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
{
OUTYY(("P(server_max_sent_count:%s)\n", $2));
if(atoi($2) == 0 && strcmp($2, "0") != 0)
yyerror("number expected");
else cfg_parser->cfg->max_sent_count = atoi($2);
free($2);
}
;
server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
{
OUTYY(("P(server_max_query_restarts:%s)\n", $2));
if(atoi($2) == 0 && strcmp($2, "0") != 0)
yyerror("number expected");
else cfg_parser->cfg->max_query_restarts = atoi($2);
free($2);
}
;
server_low_rtt: VAR_LOW_RTT STRING_ARG
{
OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));

1
util/iana_ports.inc
View File

@ -4840,6 +4840,7 @@
8403,
8416,
8417,
8433,
8442,
8443,
8444,

30
util/netevent.c
View File

@ -810,7 +810,7 @@ static int consume_pp2_header(struct sldns_buffer* buf, struct comm_reply* rep,
/* We are reading a whole packet;
* Move the rest of the data to overwrite the PROXYv2 header */
/* XXX can we do better to avoid memmove? */
memmove(header, ((void*)header)+size,
memmove(header, ((char*)header)+size,
sldns_buffer_limit(buf)-size);
sldns_buffer_set_limit(buf, sldns_buffer_limit(buf)-size);
}
@ -2545,8 +2545,9 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
return 1;
}
/** read again to drain buffers when there could be more to read */
static void
/** read again to drain buffers when there could be more to read, returns 0
* on failure which means the comm point is closed. */
static int
tcp_req_info_read_again(int fd, struct comm_point* c)
{
while(c->tcp_req_info->read_again) {
@ -2563,9 +2564,10 @@ tcp_req_info_read_again(int fd, struct comm_point* c)
(void)(*c->callback)(c, c->cb_arg,
NETEVENT_CLOSED, NULL);
}
return;
return 0;
}
}
return 1;
}
/** read again to drain buffers when there could be more to read */
@ -2623,6 +2625,9 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
log_assert(c->type == comm_tcp);
ub_comm_base_now(c->ev->base);
if(c->fd == -1 || c->fd != fd)
return; /* duplicate event, but commpoint closed. */
#ifdef USE_DNSCRYPT
/* Initialize if this is a dnscrypt socket */
if(c->tcp_parent) {
@ -2671,8 +2676,10 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
}
return;
}
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
tcp_req_info_read_again(fd, c);
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) {
if(!tcp_req_info_read_again(fd, c))
return;
}
if(moreread && *moreread)
tcp_more_read_again(fd, c);
return;
@ -2690,8 +2697,10 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
}
return;
}
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
tcp_req_info_read_again(fd, c);
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) {
if(!tcp_req_info_read_again(fd, c))
return;
}
if(morewrite && *morewrite)
tcp_more_write_again(fd, c);
return;
@ -4488,6 +4497,11 @@ comm_point_close(struct comm_point* c)
tcp_req_info_clear(c->tcp_req_info);
if(c->h2_session)
http2_session_server_delete(c->h2_session);
/* stop the comm point from reading or writing after it is closed. */
if(c->tcp_more_read_again && *c->tcp_more_read_again)
*c->tcp_more_read_again = 0;
if(c->tcp_more_write_again && *c->tcp_more_write_again)
*c->tcp_more_write_again = 0;
/* close fd after removing from event lists, or epoll.. is messed up */
if(c->fd != -1 && !c->do_not_close) {

53
util/tube.c
View File

@ -45,6 +45,9 @@
#include "util/netevent.h"
#include "util/fptr_wlist.h"
#include "util/ub_event.h"
#ifdef HAVE_POLL_H
#include <poll.h>
#endif
#ifndef USE_WINSOCK
/* on unix */
@ -396,20 +399,28 @@ int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len,
return 1;
}
/** perform a select() on the fd */
/** perform poll() on the fd */
static int
pollit(int fd, struct timeval* t)
{
fd_set r;
struct pollfd fds;
int pret;
int msec = -1;
memset(&fds, 0, sizeof(fds));
fds.fd = fd;
fds.events = POLLIN | POLLERR | POLLHUP;
#ifndef S_SPLINT_S
FD_ZERO(&r);
FD_SET(FD_SET_T fd, &r);
if(t)
msec = t->tv_sec*1000 + t->tv_usec/1000;
#endif
if(select(fd+1, &r, NULL, NULL, t) == -1) {
pret = poll(&fds, 1, msec);
if(pret == -1)
return 0;
}
errno = 0;
return (int)(FD_ISSET(fd, &r));
if(pret != 0)
return 1;
return 0;
}
int tube_poll(struct tube* tube)
@ -426,24 +437,27 @@ int tube_wait(struct tube* tube)
int tube_wait_timeout(struct tube* tube, int msec)
{
struct timeval t;
int fd = tube->sr;
fd_set r;
t.tv_sec = msec/1000;
t.tv_usec = (msec%1000)*1000;
#ifndef S_SPLINT_S
FD_ZERO(&r);
FD_SET(FD_SET_T fd, &r);
#endif
int ret = 0;
while(1) {
if(select(fd+1, &r, NULL, NULL, &t) == -1) {
struct pollfd fds;
memset(&fds, 0, sizeof(fds));
fds.fd = tube->sr;
fds.events = POLLIN | POLLERR | POLLHUP;
ret = poll(&fds, 1, msec);
if(ret == -1) {
if(errno == EAGAIN || errno == EINTR)
continue;
return -1;
}
break;
}
return (int)(FD_ISSET(fd, &r));
if(ret != 0)
return 1;
return 0;
}
int tube_read_fd(struct tube* tube)
@ -529,6 +543,7 @@ struct tube* tube_create(void)
if(tube->event == WSA_INVALID_EVENT) {
free(tube);
log_err("WSACreateEvent: %s", wsa_strerror(WSAGetLastError()));
return NULL;
}
if(!WSAResetEvent(tube->event)) {
log_err("WSAResetEvent: %s", wsa_strerror(WSAGetLastError()));