d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of Unbound 1.13.0.

Browse Source 
Security:	CVE-2020-28935
This commit is contained in:
Cy Schubert 2020-12-08 21:23:03 +00:00
parent 4cb89f2eee
commit c1dbcbf2d1
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor/unbound/dist/; revision=368464
svn path=/vendor/unbound/1.13.0/; revision=368465; tag=vendor/unbound/1.13.0
96 changed files with 9770 additions and 5933 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

215
config.guess vendored
View File

@ -2,7 +2,7 @@
# Attempt to guess a canonical system name.
# Copyright 1992-2020 Free Software Foundation, Inc.
timestamp='2020-09-19'
timestamp='2020-11-19'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -27,12 +27,12 @@ timestamp='2020-09-19'
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
#
# You can get the latest version of this script from:
# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
#
# Please send patches to <config-patches@gnu.org>.
me=`echo "$0" | sed -e 's,.*/,,'`
me=$(echo "$0" | sed -e 's,.*/,,')
usage="\
Usage: $0 [OPTION]
@ -103,7 +103,7 @@ set_cc_for_build() {
test "$tmp" && return 0
: "${TMPDIR=/tmp}"
# shellcheck disable=SC2039
{ tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
{ tmp=$( (umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null) && test -n "$tmp" && test -d "$tmp" ; } ||
{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } ||
{ tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } ||
{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; }
@ -131,16 +131,14 @@ if test -f /.attbin/uname ; then
PATH=$PATH:/.attbin ; export PATH
fi
UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
UNAME_MACHINE=$( (uname -m) 2>/dev/null) || UNAME_MACHINE=unknown
UNAME_RELEASE=$( (uname -r) 2>/dev/null) || UNAME_RELEASE=unknown
UNAME_SYSTEM=$( (uname -s) 2>/dev/null) || UNAME_SYSTEM=unknown
UNAME_VERSION=$( (uname -v) 2>/dev/null) || UNAME_VERSION=unknown
case "$UNAME_SYSTEM" in
Linux|GNU|GNU/*)
# If the system lacks a compiler, then just pick glibc.
# We could probably try harder.
LIBC=gnu
LIBC=unknown
set_cc_for_build
cat <<-EOF > "$dummy.c"
@ -149,16 +147,30 @@ Linux|GNU|GNU/*)
LIBC=uclibc
#elif defined(__dietlibc__)
LIBC=dietlibc
#elif defined(__GLIBC__)
LIBC=gnu
#else
#include <stdarg.h>
/* First heuristic to detect musl libc. */
#ifdef __DEFINED_va_list
LIBC=musl
#else
LIBC=gnu
#endif
#endif
EOF
eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`"
eval "$($CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g')"
# Second heuristic to detect musl libc.
if [ "$LIBC" = unknown ] &&
command -v ldd >/dev/null &&
ldd --version 2>&1 | grep -q ^musl; then
LIBC=musl
fi
# If the system lacks a compiler, then just pick glibc.
# We could probably try harder.
if [ "$LIBC" = unknown ]; then
LIBC=gnu
fi
;;
esac
@ -177,19 +189,20 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
UNAME_MACHINE_ARCH=$( (uname -p 2>/dev/null || \
"/sbin/$sysctl" 2>/dev/null || \
"/usr/sbin/$sysctl" 2>/dev/null || \
echo unknown)`
echo unknown))
case "$UNAME_MACHINE_ARCH" in
aarch64eb) machine=aarch64_be-unknown ;;
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
sh5el) machine=sh5le-unknown ;;
earmv*)
arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'`
arch=$(echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,')
endian=$(echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p')
machine="${arch}${endian}"-unknown
;;
*) machine="$UNAME_MACHINE_ARCH"-unknown ;;
@ -220,7 +233,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
case "$UNAME_MACHINE_ARCH" in
earm*)
expr='s/^earmv[0-9]/-eabi/;s/eb$//'
abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"`
abi=$(echo "$UNAME_MACHINE_ARCH" | sed -e "$expr")
;;
esac
# The OS release
@ -233,7 +246,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
release='-gnu'
;;
*)
release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2`
release=$(echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2)
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
@ -242,15 +255,15 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
echo "$machine-${os}${release}${abi-}"
exit ;;
*:Bitrig:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
UNAME_MACHINE_ARCH=$(arch | sed 's/Bitrig.//')
echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE"
exit ;;
*:OpenBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
UNAME_MACHINE_ARCH=$(arch | sed 's/OpenBSD.//')
echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE"
exit ;;
*:LibertyBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
UNAME_MACHINE_ARCH=$(arch | sed 's/^.*BSD\.//')
echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE"
exit ;;
*:MidnightBSD:*:*)
@ -286,17 +299,17 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
alpha:OSF1:*:*)
case $UNAME_RELEASE in
*4.0)
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
UNAME_RELEASE=$(/usr/sbin/sizer -v | awk '{print $3}')
;;
*5.*)
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
UNAME_RELEASE=$(/usr/sbin/sizer -v | awk '{print $4}')
;;
esac
# According to Compaq, /usr/sbin/psrinfo has been available on
# OSF/1 and Tru64 systems produced since 1995. I hope that
# covers most systems running today. This code pipes the CPU
# types through head -n 1, so we only detect the type of CPU 0.
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
ALPHA_CPU_TYPE=$(/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1)
case "$ALPHA_CPU_TYPE" in
"EV4 (21064)")
UNAME_MACHINE=alpha ;;
@ -334,7 +347,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`"
echo "$UNAME_MACHINE"-dec-osf"$(echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz)"
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
exitcode=$?
trap '' 0
@ -368,7 +381,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
exit ;;
Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
if test "`(/bin/universe) 2>/dev/null`" = att ; then
if test "$( (/bin/universe) 2>/dev/null)" = att ; then
echo pyramid-pyramid-sysv3
else
echo pyramid-pyramid-bsd
@ -381,17 +394,17 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
echo sparc-icl-nx6
exit ;;
DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
case `/usr/bin/uname -p` in
case $(/usr/bin/uname -p) in
sparc) echo sparc-icl-nx7; exit ;;
esac ;;
s390x:SunOS:*:*)
echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
echo "$UNAME_MACHINE"-ibm-solaris2"$(echo "$UNAME_RELEASE" | sed -e 's/[^.]*//')"
exit ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
echo sparc-hal-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
exit ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
echo sparc-sun-solaris2"$(echo "$UNAME_RELEASE" | sed -e 's/[^.]*//')"
exit ;;
i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
echo i386-pc-auroraux"$UNAME_RELEASE"
@ -410,30 +423,30 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
SUN_ARCH=x86_64
fi
fi
echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
echo "$SUN_ARCH"-pc-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
exit ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
# it's likely to be more like Solaris than SunOS4.
echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
echo sparc-sun-solaris3"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
exit ;;
sun4*:SunOS:*:*)
case "`/usr/bin/arch -k`" in
case "$(/usr/bin/arch -k)" in
Series*|S4*)
UNAME_RELEASE=`uname -v`
UNAME_RELEASE=$(uname -v)
;;
esac
# Japanese Language versions have a version number like `4.1.3-JL'.
echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`"
echo sparc-sun-sunos"$(echo "$UNAME_RELEASE"|sed -e 's/-/_/')"
exit ;;
sun3*:SunOS:*:*)
echo m68k-sun-sunos"$UNAME_RELEASE"
exit ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
UNAME_RELEASE=$( (sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null)
test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3
case "`/bin/arch`" in
case "$(/bin/arch)" in
sun3)
echo m68k-sun-sunos"$UNAME_RELEASE"
;;
@ -513,8 +526,8 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
}
EOF
$CC_FOR_BUILD -o "$dummy" "$dummy.c" &&
dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` &&
SYSTEM_NAME=`"$dummy" "$dummyarg"` &&
dummyarg=$(echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p') &&
SYSTEM_NAME=$("$dummy" "$dummyarg") &&
{ echo "$SYSTEM_NAME"; exit; }
echo mips-mips-riscos"$UNAME_RELEASE"
exit ;;
@ -541,7 +554,7 @@ EOF
exit ;;
AViiON:dgux:*:*)
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
UNAME_PROCESSOR=$(/usr/bin/uname -p)
if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110
then
if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \
@ -569,17 +582,17 @@ EOF
echo m68k-tektronix-bsd
exit ;;
*:IRIX*:*:*)
echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`"
echo mips-sgi-irix"$(echo "$UNAME_RELEASE"|sed -e 's/-/_/g')"
exit ;;
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
exit ;; # Note that: echo "'$(uname -s)'" gives 'AIX '
i*86:AIX:*:*)
echo i386-ibm-aix
exit ;;
ia64:AIX:*:*)
if test -x /usr/bin/oslevel ; then
IBM_REV=`/usr/bin/oslevel`
IBM_REV=$(/usr/bin/oslevel)
else
IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
fi
@ -599,7 +612,7 @@ EOF
exit(0);
}
EOF
if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"`
if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=$("$dummy")
then
echo "$SYSTEM_NAME"
else
@ -612,15 +625,15 @@ EOF
fi
exit ;;
*:AIX:*:[4567])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
IBM_CPU_ID=$(/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }')
if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
else
IBM_ARCH=powerpc
fi
if test -x /usr/bin/lslpp ; then
IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
IBM_REV=$(/usr/bin/lslpp -Lqc bos.rte.libc |
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/)
else
IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
fi
@ -648,14 +661,14 @@ EOF
echo m68k-hp-bsd4.4
exit ;;
9000/[34678]??:HP-UX:*:*)
HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
HPUX_REV=$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//')
case "$UNAME_MACHINE" in
9000/31?) HP_ARCH=m68000 ;;
9000/[34]??) HP_ARCH=m68k ;;
9000/[678][0-9][0-9])
if test -x /usr/bin/getconf; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
sc_cpu_version=$(/usr/bin/getconf SC_CPU_VERSION 2>/dev/null)
sc_kernel_bits=$(/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null)
case "$sc_cpu_version" in
523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
@ -702,7 +715,7 @@ EOF
exit (0);
}
EOF
(CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"`
(CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=$("$dummy")
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
@ -730,7 +743,7 @@ EOF
echo "$HP_ARCH"-hp-hpux"$HPUX_REV"
exit ;;
ia64:HP-UX:*:*)
HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
HPUX_REV=$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//')
echo ia64-hp-hpux"$HPUX_REV"
exit ;;
3050*:HI-UX:*:*)
@ -760,7 +773,7 @@ EOF
exit (0);
}
EOF
$CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` &&
$CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=$("$dummy") &&
{ echo "$SYSTEM_NAME"; exit; }
echo unknown-hitachi-hiuxwe2
exit ;;
@ -829,14 +842,14 @@ EOF
echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'`
FUJITSU_PROC=$(uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz)
FUJITSU_SYS=$(uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///')
FUJITSU_REL=$(echo "$UNAME_RELEASE" | sed -e 's/ /_/')
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
5000:UNIX_System_V:4.*:*)
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
FUJITSU_SYS=$(uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///')
FUJITSU_REL=$(echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/')
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
@ -849,25 +862,25 @@ EOF
echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE"
exit ;;
arm:FreeBSD:*:*)
UNAME_PROCESSOR=`uname -p`
UNAME_PROCESSOR=$(uname -p)
set_cc_for_build
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_PCS_VFP
then
echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabi
echo "${UNAME_PROCESSOR}"-unknown-freebsd"$(echo ${UNAME_RELEASE}|sed -e 's/[-(].*//')"-gnueabi
else
echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabihf
echo "${UNAME_PROCESSOR}"-unknown-freebsd"$(echo ${UNAME_RELEASE}|sed -e 's/[-(].*//')"-gnueabihf
fi
exit ;;
*:FreeBSD:*:*)
UNAME_PROCESSOR=`/usr/bin/uname -p`
UNAME_PROCESSOR=$(/usr/bin/uname -p)
case "$UNAME_PROCESSOR" in
amd64)
UNAME_PROCESSOR=x86_64 ;;
i386)
UNAME_PROCESSOR=i586 ;;
esac
echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
echo "$UNAME_PROCESSOR"-unknown-freebsd"$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')"
exit ;;
i*:CYGWIN*:*)
echo "$UNAME_MACHINE"-pc-cygwin
@ -903,15 +916,15 @@ EOF
echo x86_64-pc-cygwin
exit ;;
prep*:SunOS:5.*:*)
echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
echo powerpcle-unknown-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
exit ;;
*:GNU:*:*)
# the GNU system
echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`"
echo "$(echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,')-unknown-$LIBC$(echo "$UNAME_RELEASE"|sed -e 's,/.*$,,')"
exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC"
echo "$UNAME_MACHINE-unknown-$(echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]")$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')-$LIBC"
exit ;;
*:Minix:*:*)
echo "$UNAME_MACHINE"-unknown-minix
@ -924,7 +937,7 @@ EOF
echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in
case $(sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null) in
EV5) UNAME_MACHINE=alphaev5 ;;
EV56) UNAME_MACHINE=alphaev56 ;;
PCA56) UNAME_MACHINE=alphapca56 ;;
@ -1033,7 +1046,7 @@ EOF
#endif
#endif
EOF
eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`"
eval "$($CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI')"
test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; }
;;
mips64el:Linux:*:*)
@ -1053,7 +1066,7 @@ EOF
exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
case $(grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2) in
PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;;
PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;;
*) echo hppa-unknown-linux-"$LIBC" ;;
@ -1143,7 +1156,7 @@ EOF
echo "$UNAME_MACHINE"-pc-msdosdjgpp
exit ;;
i*86:*:4.*:*)
UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'`
UNAME_REL=$(echo "$UNAME_RELEASE" | sed 's/\/MP$//')
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL"
else
@ -1152,7 +1165,7 @@ EOF
exit ;;
i*86:*:5:[678]*)
# UnixWare 7.x, OpenUNIX and OpenServer 6.
case `/bin/uname -X | grep "^Machine"` in
case $(/bin/uname -X | grep "^Machine") in
*486*) UNAME_MACHINE=i486 ;;
*Pentium) UNAME_MACHINE=i586 ;;
*Pent*|*Celeron) UNAME_MACHINE=i686 ;;
@ -1161,10 +1174,10 @@ EOF
exit ;;
i*86:*:3.2:*)
if test -f /usr/options/cb.name; then
UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
UNAME_REL=$(sed -n 's/.*Version //p' </usr/options/cb.name)
echo "$UNAME_MACHINE"-pc-isc"$UNAME_REL"
elif /bin/uname -X 2>/dev/null >/dev/null ; then
UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
UNAME_REL=$( (/bin/uname -X|grep Release|sed -e 's/.*= //'))
(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
&& UNAME_MACHINE=i586
@ -1214,7 +1227,7 @@ EOF
3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
OS_REL=''
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
&& OS_REL=.$(sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
@ -1225,7 +1238,7 @@ EOF
NCR*:*:4.2:* | MPRAS*:*:4.2:*)
OS_REL='.3'
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
&& OS_REL=.$(sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
@ -1258,7 +1271,7 @@ EOF
exit ;;
*:SINIX-*:*:*)
if uname -p 2>/dev/null >/dev/null ; then
UNAME_MACHINE=`(uname -p) 2>/dev/null`
UNAME_MACHINE=$( (uname -p) 2>/dev/null)
echo "$UNAME_MACHINE"-sni-sysv4
else
echo ns32k-sni-sysv
@ -1344,7 +1357,7 @@ EOF
echo aarch64-apple-darwin"$UNAME_RELEASE"
exit ;;
*:Darwin:*:*)
UNAME_PROCESSOR=`uname -p`
UNAME_PROCESSOR=$(uname -p)
case $UNAME_PROCESSOR in
unknown) UNAME_PROCESSOR=powerpc ;;
esac
@ -1381,7 +1394,7 @@ EOF
echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE"
exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
UNAME_PROCESSOR=$(uname -p)
if test "$UNAME_PROCESSOR" = x86; then
UNAME_PROCESSOR=i386
UNAME_MACHINE=pc
@ -1449,10 +1462,10 @@ EOF
echo mips-sei-seiux"$UNAME_RELEASE"
exit ;;
*:DragonFly:*:*)
echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
echo "$UNAME_MACHINE"-unknown-dragonfly"$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')"
exit ;;
*:*VMS:*:*)
UNAME_MACHINE=`(uname -p) 2>/dev/null`
UNAME_MACHINE=$( (uname -p) 2>/dev/null)
case "$UNAME_MACHINE" in
A*) echo alpha-dec-vms ; exit ;;
I*) echo ia64-dec-vms ; exit ;;
@ -1462,7 +1475,7 @@ EOF
echo i386-pc-xenix
exit ;;
i*86:skyos:*:*)
echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`"
echo "$UNAME_MACHINE"-pc-skyos"$(echo "$UNAME_RELEASE" | sed -e 's/ .*$//')"
exit ;;
i*86:rdos:*:*)
echo "$UNAME_MACHINE"-pc-rdos
@ -1520,7 +1533,7 @@ main ()
#define __ARCHITECTURE__ "m68k"
#endif
int version;
version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
version=$( (hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null);
if (version < 4)
printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
else
@ -1612,7 +1625,7 @@ main ()
}
EOF
$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`$dummy` &&
$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=$($dummy) &&
{ echo "$SYSTEM_NAME"; exit; }
# Apollos put the system type in the environment.
@ -1637,14 +1650,14 @@ This script (version $timestamp), has failed to recognize the
operating system you are using. If your script is old, overwrite *all*
copies of config.guess and config.sub with the latest versions from:
https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
and
https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
EOF
year=`echo $timestamp | sed 's,-.*,,'`
year=$(echo $timestamp | sed 's,-.*,,')
# shellcheck disable=SC2003
if test "`expr "\`date +%Y\`" - "$year"`" -lt 3 ; then
if test "$(expr "$(date +%Y)" - "$year")" -lt 3 ; then
cat >&2 <<EOF
If $0 has already been updated, send the following data and any
@ -1653,20 +1666,20 @@ provide the necessary information to handle your system.
config.guess timestamp = $timestamp
uname -m = `(uname -m) 2>/dev/null || echo unknown`
uname -r = `(uname -r) 2>/dev/null || echo unknown`
uname -s = `(uname -s) 2>/dev/null || echo unknown`
uname -v = `(uname -v) 2>/dev/null || echo unknown`
uname -m = $( (uname -m) 2>/dev/null || echo unknown)
uname -r = $( (uname -r) 2>/dev/null || echo unknown)
uname -s = $( (uname -s) 2>/dev/null || echo unknown)
uname -v = $( (uname -v) 2>/dev/null || echo unknown)
/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
/usr/bin/uname -p = $( (/usr/bin/uname -p) 2>/dev/null)
/bin/uname -X = $( (/bin/uname -X) 2>/dev/null)
hostinfo = `(hostinfo) 2>/dev/null`
/bin/universe = `(/bin/universe) 2>/dev/null`
/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
/bin/arch = `(/bin/arch) 2>/dev/null`
/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
hostinfo = $( (hostinfo) 2>/dev/null)
/bin/universe = $( (/bin/universe) 2>/dev/null)
/usr/bin/arch -k = $( (/usr/bin/arch -k) 2>/dev/null)
/bin/arch = $( (/bin/arch) 2>/dev/null)
/usr/bin/oslevel = $( (/usr/bin/oslevel) 2>/dev/null)
/usr/convex/getsysinfo = $( (/usr/convex/getsysinfo) 2>/dev/null)
UNAME_MACHINE = "$UNAME_MACHINE"
UNAME_RELEASE = "$UNAME_RELEASE"

49
config.sub vendored
View File

@ -2,7 +2,7 @@
# Configuration validation subroutine script.
# Copyright 1992-2020 Free Software Foundation, Inc.
timestamp='2020-09-08'
timestamp='2020-12-02'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -33,7 +33,7 @@ timestamp='2020-09-08'
# Otherwise, we print the canonical config type on stdout and succeed.
# You can get the latest version of this script from:
# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
# https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
@ -50,7 +50,7 @@ timestamp='2020-09-08'
# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
# It is wrong to echo any other type of specification.
me=`echo "$0" | sed -e 's,.*/,,'`
me=$(echo "$0" | sed -e 's,.*/,,')
usage="\
Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
@ -769,22 +769,22 @@ case $basic_machine in
vendor=hp
;;
i*86v32)
cpu=`echo "$1" | sed -e 's/86.*/86/'`
cpu=$(echo "$1" | sed -e 's/86.*/86/')
vendor=pc
basic_os=sysv32
;;
i*86v4*)
cpu=`echo "$1" | sed -e 's/86.*/86/'`
cpu=$(echo "$1" | sed -e 's/86.*/86/')
vendor=pc
basic_os=sysv4
;;
i*86v)
cpu=`echo "$1" | sed -e 's/86.*/86/'`
cpu=$(echo "$1" | sed -e 's/86.*/86/')
vendor=pc
basic_os=sysv
;;
i*86sol2)
cpu=`echo "$1" | sed -e 's/86.*/86/'`
cpu=$(echo "$1" | sed -e 's/86.*/86/')
vendor=pc
basic_os=solaris2
;;
@ -917,7 +917,7 @@ case $basic_machine in
;;
leon-*|leon[3-9]-*)
cpu=sparc
vendor=`echo "$basic_machine" | sed 's/-.*//'`
vendor=$(echo "$basic_machine" | sed 's/-.*//')
;;
*-*)
@ -1084,7 +1084,7 @@ case $cpu-$vendor in
cpu=mipsisa64sb1el
;;
sh5e[lb]-*)
cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'`
cpu=$(echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/')
;;
spur-*)
cpu=spur
@ -1102,7 +1102,7 @@ case $cpu-$vendor in
cpu=x86_64
;;
xscale-* | xscalee[bl]-*)
cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
cpu=$(echo "$cpu" | sed 's/^xscale/arm/')
;;
arm64-*)
cpu=aarch64
@ -1241,6 +1241,7 @@ case $cpu-$vendor in
| sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \
| spu \
| tahoe \
| thumbv7* \
| tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \
| tron \
| ubicom32 \
@ -1286,11 +1287,15 @@ then
case $basic_os in
gnu/linux*)
kernel=linux
os=`echo $basic_os | sed -e 's|gnu/linux|gnu|'`
os=$(echo $basic_os | sed -e 's|gnu/linux|gnu|')
;;
os2-emx)
kernel=os2
os=$(echo $basic_os | sed -e 's|os2-emx|emx|')
;;
nto-qnx*)
kernel=nto
os=`echo $basic_os | sed -e 's|nto-qnx|qnx|'`
os=$(echo $basic_os | sed -e 's|nto-qnx|qnx|')
;;
*-*)
# shellcheck disable=SC2162
@ -1301,11 +1306,11 @@ EOF
# Default OS when just kernel was specified
nto*)
kernel=nto
os=`echo $basic_os | sed -e 's|nto|qnx|'`
os=$(echo $basic_os | sed -e 's|nto|qnx|')
;;
linux*)
kernel=linux
os=`echo $basic_os | sed -e 's|linux|gnu|'`
os=$(echo $basic_os | sed -e 's|linux|gnu|')
;;
*)
kernel=
@ -1326,7 +1331,7 @@ case $os in
os=cnk
;;
solaris1 | solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'`
os=$(echo $os | sed -e 's|solaris1|sunos4|')
;;
solaris)
os=solaris2
@ -1355,7 +1360,7 @@ case $os in
os=sco3.2v4
;;
sco3.2.[4-9]*)
os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
os=$(echo $os | sed -e 's/sco3.2./sco3.2v/')
;;
sco*v* | scout)
# Don't match below
@ -1385,7 +1390,7 @@ case $os in
os=lynxos
;;
mac[0-9]*)
os=`echo "$os" | sed -e 's|mac|macos|'`
os=$(echo "$os" | sed -e 's|mac|macos|')
;;
opened*)
os=openedition
@ -1394,10 +1399,10 @@ case $os in
os=os400
;;
sunos5*)
os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
os=$(echo "$os" | sed -e 's|sunos5|solaris2|')
;;
sunos6*)
os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
os=$(echo "$os" | sed -e 's|sunos6|solaris3|')
;;
wince*)
os=wince
@ -1431,7 +1436,7 @@ case $os in
;;
# Preserve the version number of sinix5.
sinix5.*)
os=`echo $os | sed -e 's|sinix|sysv|'`
os=$(echo $os | sed -e 's|sinix|sysv|')
;;
sinix*)
os=sysv4
@ -1716,7 +1721,7 @@ case $os in
| skyos* | haiku* | rdos* | toppers* | drops* | es* \
| onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
| midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
| nsk* | powerunix* | genode* | zvmoe* | qnx* )
| nsk* | powerunix* | genode* | zvmoe* | qnx* | emx*)
;;
# This one is extra strict with allowed versions
sco3.2v2 | sco3.2v[4-9]* | sco5v6*)
@ -1747,6 +1752,8 @@ case $kernel-$os in
;;
nto-qnx*)
;;
os2-emx)
;;
*-eabi* | *-gnueabi*)
;;
-*)

55
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unbound 1.12.0.
# Generated by GNU Autoconf 2.69 for unbound 1.13.0.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
#
@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
PACKAGE_VERSION='1.12.0'
PACKAGE_STRING='unbound 1.12.0'
PACKAGE_VERSION='1.13.0'
PACKAGE_STRING='unbound 1.13.0'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
PACKAGE_URL=''
@ -1459,7 +1459,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures unbound 1.12.0 to adapt to many kinds of systems.
\`configure' configures unbound 1.13.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1524,7 +1524,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of unbound 1.12.0:";;
short | recursive ) echo "Configuration of unbound 1.13.0:";;
esac
cat <<\_ACEOF
@ -1752,7 +1752,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
unbound configure 1.12.0
unbound configure 1.13.0
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2461,7 +2461,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by unbound $as_me 1.12.0, which was
It was created by unbound $as_me 1.13.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2811,13 +2811,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=12
UNBOUND_VERSION_MINOR=13
UNBOUND_VERSION_MICRO=0
LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=10
LIBUNBOUND_REVISION=11
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -2895,6 +2895,7 @@ LIBUNBOUND_AGE=1
# 1.10.1 had 9:8:1
# 1.11.0 had 9:9:1
# 1.12.0 had 9:10:1
# 1.13.0 had 9:11:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -14728,7 +14729,7 @@ $as_echo "no" >&6; }
fi
# Checks for header files.
for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h net/if.h
for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
@ -14742,6 +14743,34 @@ fi
done
# net/if.h portability for Darwin see:
# https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Header-Portability.html
for ac_header in net/if.h
do :
ac_fn_c_check_header_compile "$LINENO" "net/if.h" "ac_cv_header_net_if_h" "
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# include <stddef.h>
#else
# ifdef HAVE_STDLIB_H
# include <stdlib.h>
# endif
#endif
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif
"
if test "x$ac_cv_header_net_if_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_NET_IF_H 1
_ACEOF
fi
done
# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH
for ac_header in TargetConditionals.h
@ -21686,7 +21715,7 @@ _ACEOF
version=1.12.0
version=1.13.0
date=`date +'%b %e, %Y'`
@ -22205,7 +22234,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by unbound $as_me 1.12.0, which was
This file was extended by unbound $as_me 1.13.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -22271,7 +22300,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
unbound config.status 1.12.0
unbound config.status 1.13.0
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

23
configure.ac
View File

@ -10,7 +10,7 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[12])
m4_define([VERSION_MINOR],[13])
m4_define([VERSION_MICRO],[0])
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound)
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
@ -18,7 +18,7 @@ AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=10
LIBUNBOUND_REVISION=11
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -96,6 +96,7 @@ LIBUNBOUND_AGE=1
# 1.10.1 had 9:8:1
# 1.11.0 had 9:9:1
# 1.12.0 had 9:10:1
# 1.13.0 had 9:11:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -399,7 +400,23 @@ ACX_LIBTOOL_C_ONLY
PKG_PROG_PKG_CONFIG
# Checks for header files.
AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h net/if.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h],,, [AC_INCLUDES_DEFAULT])
# net/if.h portability for Darwin see:
# https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Header-Portability.html
AC_CHECK_HEADERS([net/if.h],,, [
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# include <stddef.h>
#else
# ifdef HAVE_STDLIB_H
# include <stdlib.h>
# endif
#endif
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif
])
# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH
AC_CHECK_HEADERS([TargetConditionals.h])

2
contrib/README
View File

@ -53,3 +53,5 @@ distribution but may be helpful.
lookups for downstream clients.
* drop2rpz: perl script that converts the Spamhaus DROP-List in RPZ-Format,
contributed by Andreas Schulze.
* metrics.awk: awk script that can convert unbound-control stats to
Prometheus metrics format output.

180
contrib/metrics.awk Normal file
View File

@ -0,0 +1,180 @@
# read output of unbound-control stats
# and output prometheus metrics style output.
# use these options:
# server: extended-statistics: yes
# statistics-cumulative: no
# statistics-interval: 0
# remote-control: control-enable: yes
# Can use it like unbound-control stats | awk -f "metrics.awk"
BEGIN {
FS="=";
}
# everything like total.num.queries=value is put in val["total.num.queries"]
/^.*\..*=/ {
val[$1]=$2;
}
# print the output metrics
END {
print "# HELP unbound_hits_queries Unbound DNS traffic and cache hits"
print "# TYPE unbound_hits_queries gauge"
print "unbound_hits_queries{type=\"total.num.queries\"} " val["total.num.queries"];
for (x=0; x<99; x++) {
if(val["thread" $x ".num.queries"] != "") {
print "unbound_hits_queries{type=\"thread" $x ".num.queries\"} " val["thread" $x ".num.queries"];
}
}
print "unbound_hits_queries{type=\"total.num.cachehits\"} " val["total.num.cachehits"];
print "unbound_hits_queries{type=\"total.num.prefetch\"} " val["total.num.prefetch"];
print "unbound_hits_queries{type=\"num.query.tcp\"} " val["num.query.tcp"];
print "unbound_hits_queries{type=\"num.query.tcpout\"} " val["num.query.tcpout"];
print "unbound_hits_queries{type=\"num.query.tls\"} " val["num.query.tls"];
print "unbound_hits_queries{type=\"num.query.tls.resume\"} " val["num.query.tls.resume"];
print "unbound_hits_queries{type=\"num.query.ipv6\"} " val["num.query.ipv6"];
print "unbound_hits_queries{type=\"unwanted.queries\"} " val["unwanted.queries"];
print ""
print "# HELP unbound_queue_queries Unbound requestlist size"
print "# TYPE unbound_queue_queries gauge"
print "unbound_queue_queries{type=\"total.requestlist.avg\"} " val["total.requestlist.avg"];
print "unbound_queue_queries{type=\"total.requestlist.max\"} " val["total.requestlist.max"];
print "unbound_queue_queries{type=\"total.requestlist.overwritten\"} " val["total.requestlist.overwritten"];
print "unbound_queue_queries{type=\"total.requestlist.exceeded\"} " val["total.requestlist.exceeded"];
print ""
print "# HELP unbound_memory_bytes Unbound memory usage"
print "# TYPE unbound_memory_bytes gauge"
print "unbound_memory_bytes{type=\"mem.cache.rrset\"} " val["mem.cache.rrset"];
print "unbound_memory_bytes{type=\"mem.cache.message\"} " val["mem.cache.message"];
print "unbound_memory_bytes{type=\"mem.mod.iterator\"} " val["mem.mod.iterator"];
if(val["mem.mod.validator"] != "") {
print "unbound_memory_bytes{type=\"mem.mod.validator\"} " val["mem.mod.validator"];
}
if(val["mem.mod.respip"] != "") {
print "unbound_memory_bytes{type=\"mem.mod.respip\"} " val["mem.mod.respip"];
}
if(val["mem.mod.subnet"] != "") {
print "unbound_memory_bytes{type=\"mem.mod.subnet\"} " val["mem.mod.subnet"];
}
if(val["mem.mod.ipsecmod"] != "") {
print "unbound_memory_bytes{type=\"mem.mod.ipsecmod\"} " val["mem.mod.ipsecmod"];
}
if(val["mem.mod.dynlibmod"] != "") {
print "unbound_memory_bytes{type=\"mem.mod.dynlibmod\"} " val["mem.mod.dynlibmod"];
}
print "unbound_memory_bytes{type=\"msg.cache.count\"} " val["msg.cache.count"];
print "unbound_memory_bytes{type=\"rrset.cache.count\"} " val["rrset.cache.count"];
print "unbound_memory_bytes{type=\"infra.cache.count\"} " val["infra.cache.count"];
print "unbound_memory_bytes{type=\"key.cache.count\"} " val["key.cache.count"];
print ""
print "# HELP unbound_by_type_queries Unbound DNS queries by type"
print "# TYPE unbound_by_type_queries gauge"
for(x in val) {
if(x ~ /^num.query.type./) {
if(val[x] != "") {
split(x, a, ".");
print "unbound_by_type_queries{type=\"" a[4] "\"} " val[x];
}
}
}
print ""
print "# HELP unbound_by_class_queries Unbound DNS queries by class"
print "# TYPE unbound_by_class_queries gauge"
for(x in val) {
if(x ~ /^num.query.class./) {
if(val[x] != "") {
split(x, a, ".");
print "unbound_by_class_queries{class=\"" a[4] "\"} " val[x];
}
}
}
print ""
print "# HELP unbound_by_opcode_queries Unbound DNS queries by opcode"
print "# TYPE unbound_by_opcode_queries gauge"
for(x in val) {
if(x ~ /^num.query.opcode./) {
if(val[x] != "") {
split(x, a, ".");
print "unbound_by_opcode_queries{opcode=\"" a[4] "\"} " val[x];
}
}
}
print ""
print "# HELP unbound_by_rcode_queries Unbound DNS answers by rcode"
print "# TYPE unbound_by_rcode_queries gauge"
for(x in val) {
if(x ~ /^num.answer.rcode./) {
if(val[x] != "") {
split(x, a, ".");
print "unbound_by_rcode_queries{rcode=\"" a[4] "\"} " val[x];
}
}
}
print ""
print "# HELP unbound_by_flags_queries Unbound DNS queries by flags"
print "# TYPE unbound_by_flags_queries gauge"
for(x in val) {
if(x ~ /^num.query.flags./) {
if(val[x] != "") {
split(x, a, ".");
print "unbound_by_flags_queries{flag=\"" a[4] "\"} " val[x];
}
}
}
if(val["num.query.edns.present"] != "") {
print "unbound_by_flags_queries{flag=\"num.query.edns.present\"} " val["num.query.edns.present"];
}
if(val["num.query.edns.DO"] != "") {
print "unbound_by_flags_queries{flag=\"num.query.edns.DO\"} " val["num.query.edns.DO"];
}
print ""
print "# HELP unbound_histogram_seconds Unbound DNS histogram of reply time"
print "# TYPE unbound_histogram_seconds gauge"
print "unbound_histogram_seconds{bucket=\"000000.000000.to.000000.000001\"} " val["histogram.000000.000000.to.000000.000001"];
print "unbound_histogram_seconds{bucket=\"000000.000001.to.000000.000002\"} " val["histogram.000000.000001.to.000000.000002"];
print "unbound_histogram_seconds{bucket=\"000000.000002.to.000000.000004\"} " val["histogram.000000.000002.to.000000.000004"];
print "unbound_histogram_seconds{bucket=\"000000.000004.to.000000.000008\"} " val["histogram.000000.000004.to.000000.000008"];
print "unbound_histogram_seconds{bucket=\"000000.000008.to.000000.000016\"} " val["histogram.000000.000008.to.000000.000016"];
print "unbound_histogram_seconds{bucket=\"000000.000016.to.000000.000032\"} " val["histogram.000000.000016.to.000000.000032"];
print "unbound_histogram_seconds{bucket=\"000000.000032.to.000000.000064\"} " val["histogram.000000.000032.to.000000.000064"];
print "unbound_histogram_seconds{bucket=\"000000.000064.to.000000.000128\"} " val["histogram.000000.000064.to.000000.000128"];
print "unbound_histogram_seconds{bucket=\"000000.000128.to.000000.000256\"} " val["histogram.000000.000128.to.000000.000256"];
print "unbound_histogram_seconds{bucket=\"000000.000256.to.000000.000512\"} " val["histogram.000000.000256.to.000000.000512"];
print "unbound_histogram_seconds{bucket=\"000000.000512.to.000000.001024\"} " val["histogram.000000.000512.to.000000.001024"];
print "unbound_histogram_seconds{bucket=\"000000.001024.to.000000.002048\"} " val["histogram.000000.001024.to.000000.002048"];
print "unbound_histogram_seconds{bucket=\"000000.002048.to.000000.004096\"} " val["histogram.000000.002048.to.000000.004096"];
print "unbound_histogram_seconds{bucket=\"000000.004096.to.000000.008192\"} " val["histogram.000000.004096.to.000000.008192"];
print "unbound_histogram_seconds{bucket=\"000000.008192.to.000000.016384\"} " val["histogram.000000.008192.to.000000.016384"];
print "unbound_histogram_seconds{bucket=\"000000.016384.to.000000.032768\"} " val["histogram.000000.016384.to.000000.032768"];
print "unbound_histogram_seconds{bucket=\"000000.032768.to.000000.065536\"} " val["histogram.000000.032768.to.000000.065536"];
print "unbound_histogram_seconds{bucket=\"000000.065536.to.000000.131072\"} " val["histogram.000000.065536.to.000000.131072"];
print "unbound_histogram_seconds{bucket=\"000000.131072.to.000000.262144\"} " val["histogram.000000.131072.to.000000.262144"];
print "unbound_histogram_seconds{bucket=\"000000.262144.to.000000.524288\"} " val["histogram.000000.262144.to.000000.524288"];
print "unbound_histogram_seconds{bucket=\"000000.524288.to.000001.000000\"} " val["histogram.000000.524288.to.000001.000000"];
print "unbound_histogram_seconds{bucket=\"000001.000000.to.000002.000000\"} " val["histogram.000001.000000.to.000002.000000"];
print "unbound_histogram_seconds{bucket=\"000002.000000.to.000004.000000\"} " val["histogram.000002.000000.to.000004.000000"];
print "unbound_histogram_seconds{bucket=\"000004.000000.to.000008.000000\"} " val["histogram.000004.000000.to.000008.000000"];
print "unbound_histogram_seconds{bucket=\"000008.000000.to.000016.000000\"} " val["histogram.000008.000000.to.000016.000000"];
print "unbound_histogram_seconds{bucket=\"000016.000000.to.000032.000000\"} " val["histogram.000016.000000.to.000032.000000"];
print "unbound_histogram_seconds{bucket=\"000032.000000.to.000064.000000\"} " val["histogram.000032.000000.to.000064.000000"];
print "unbound_histogram_seconds{bucket=\"000064.000000.to.000128.000000\"} " val["histogram.000064.000000.to.000128.000000"];
print "unbound_histogram_seconds{bucket=\"000128.000000.to.000256.000000\"} " val["histogram.000128.000000.to.000256.000000"];
print "unbound_histogram_seconds{bucket=\"000256.000000.to.000512.000000\"} " val["histogram.000256.000000.to.000512.000000"];
print "unbound_histogram_seconds{bucket=\"000512.000000.to.001024.000000\"} " val["histogram.000512.000000.to.001024.000000"];
print "unbound_histogram_seconds{bucket=\"001024.000000.to.002048.000000\"} " val["histogram.001024.000000.to.002048.000000"];
print "unbound_histogram_seconds{bucket=\"002048.000000.to.004096.000000\"} " val["histogram.002048.000000.to.004096.000000"];
print "unbound_histogram_seconds{bucket=\"004096.000000.to.008192.000000\"} " val["histogram.004096.000000.to.008192.000000"];
print "unbound_histogram_seconds{bucket=\"008192.000000.to.016384.000000\"} " val["histogram.008192.000000.to.016384.000000"];
print "unbound_histogram_seconds{bucket=\"016384.000000.to.032768.000000\"} " val["histogram.016384.000000.to.032768.000000"];
print "unbound_histogram_seconds{bucket=\"032768.000000.to.065536.000000\"} " val["histogram.032768.000000.to.065536.000000"];
print "unbound_histogram_seconds{bucket=\"065536.000000.to.131072.000000\"} " val["histogram.065536.000000.to.131072.000000"];
print "unbound_histogram_seconds{bucket=\"131072.000000.to.262144.000000\"} " val["histogram.131072.000000.to.262144.000000"];
print "unbound_histogram_seconds{bucket=\"262144.000000.to.524288.000000\"} " val["histogram.262144.000000.to.524288.000000"];
print ""
}

2
contrib/unbound.service.in
View File

@ -66,7 +66,7 @@ ProtectSystem=strict
RuntimeDirectory=unbound
ConfigurationDirectory=unbound
StateDirectory=unbound
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictRealtime=true
SystemCallArchitectures=native
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources

2
contrib/unbound_portable.service.in
View File

@ -38,7 +38,7 @@ ProtectSystem=strict
RuntimeDirectory=unbound
ConfigurationDirectory=unbound
StateDirectory=unbound
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictRealtime=true
SystemCallArchitectures=native
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources

10
daemon/daemon.c
View File

@ -291,7 +291,7 @@ daemon_init(void)
free(daemon);
return NULL;
}
if(!(daemon->env->edns_tags = edns_tags_create())) {
if(!(daemon->env->edns_strings = edns_strings_create())) {
auth_zones_delete(daemon->env->auth_zones);
acl_list_delete(daemon->acl);
tcl_list_delete(daemon->tcl);
@ -638,9 +638,9 @@ daemon_fork(struct daemon* daemon)
&daemon->use_rpz))
fatal_exit("auth_zones could not be setup");
/* Set-up EDNS tags */
if(!edns_tags_apply_cfg(daemon->env->edns_tags, daemon->cfg))
fatal_exit("Could not set up EDNS tags");
/* Set-up EDNS strings */
if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg))
fatal_exit("Could not set up EDNS strings");
/* setup modules */
daemon_setup_modules(daemon);
@ -773,7 +773,7 @@ daemon_delete(struct daemon* daemon)
rrset_cache_delete(daemon->env->rrset_cache);
infra_delete(daemon->env->infra_cache);
edns_known_options_delete(daemon->env);
edns_tags_delete(daemon->env->edns_tags);
edns_strings_delete(daemon->env->edns_strings);
auth_zones_delete(daemon->env->auth_zones);
}
ub_randfree(daemon->rand);

55
daemon/unbound.c
View File

@ -337,22 +337,44 @@ readpid (const char* file)
/** write pid to file.
* @param pidfile: file name of pid file.
* @param pid: pid to write to file.
* @return false on failure
*/
static void
static int
writepid (const char* pidfile, pid_t pid)
{
FILE* f;
int fd;
char pidbuf[32];
size_t count = 0;
snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)pid);
if ((f = fopen(pidfile, "w")) == NULL ) {
if((fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC
#ifdef O_NOFOLLOW
| O_NOFOLLOW
#endif
, 0644)) == -1) {
log_err("cannot open pidfile %s: %s",
pidfile, strerror(errno));
return;
return 0;
}
if(fprintf(f, "%lu\n", (unsigned long)pid) < 0) {
log_err("cannot write to pidfile %s: %s",
pidfile, strerror(errno));
while(count < strlen(pidbuf)) {
ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count);
if(r == -1) {
if(errno == EAGAIN || errno == EINTR)
continue;
log_err("cannot write to pidfile %s: %s",
pidfile, strerror(errno));
close(fd);
return 0;
} else if(r == 0) {
log_err("cannot write any bytes to pidfile %s: "
"write returns 0 bytes written", pidfile);
close(fd);
return 0;
}
count += r;
}
fclose(f);
close(fd);
return 1;
}
/**
@ -506,16 +528,17 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
/* write new pidfile (while still root, so can be outside chroot) */
#ifdef HAVE_KILL
if(cfg->pidfile && cfg->pidfile[0] && need_pidfile) {
writepid(daemon->pidfile, getpid());
if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1 &&
pidinchroot) {
if(writepid(daemon->pidfile, getpid())) {
if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1 &&
pidinchroot) {
# ifdef HAVE_CHOWN
if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) {
verbose(VERB_QUERY, "cannot chown %u.%u %s: %s",
(unsigned)cfg_uid, (unsigned)cfg_gid,
daemon->pidfile, strerror(errno));
}
if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) {
verbose(VERB_QUERY, "cannot chown %u.%u %s: %s",
(unsigned)cfg_uid, (unsigned)cfg_gid,
daemon->pidfile, strerror(errno));
}
# endif /* HAVE_CHOWN */
}
}
}
#else

8
daemon/worker.c
View File

@ -576,7 +576,7 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo,
struct comm_reply* repinfo, struct ub_packed_rrset_key** alias_rrset,
struct reply_info** encode_repp, struct auth_zones* az)
{
struct respip_action_info actinfo = {0};
struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL};
actinfo.action = respip_none;
if(qinfo->qtype != LDNS_RR_TYPE_A &&
@ -1789,8 +1789,8 @@ worker_init(struct worker* worker, struct config_file *cfg,
? cfg->tcp_keepalive_timeout
: cfg->tcp_idle_timeout,
cfg->harden_large_queries, cfg->http_max_streams,
cfg->http_endpoint, worker->daemon->tcl,
worker->daemon->listen_sslctx,
cfg->http_endpoint, cfg->http_notls_downstream,
worker->daemon->tcl, worker->daemon->listen_sslctx,
dtenv, worker_handle_request, worker);
if(!worker->front) {
log_err("could not create listening sockets");
@ -1807,7 +1807,7 @@ worker_init(struct worker* worker, struct config_file *cfg,
&worker_alloc_cleanup, worker,
cfg->do_udp || cfg->udp_upstream_without_downstream,
worker->daemon->connect_sslctx, cfg->delay_close,
cfg->tls_use_sni, dtenv);
cfg->tls_use_sni, dtenv, cfg->udp_connect);
if(!worker->back) {
log_err("could not create outgoing sockets");
worker_delete(worker);

10
dnstap/dnstap.c
View File

@ -134,15 +134,13 @@ dt_create(struct config_file* cfg)
if(cfg->dnstap && cfg->dnstap_socket_path && cfg->dnstap_socket_path[0] &&
(cfg->dnstap_ip==NULL || cfg->dnstap_ip[0]==0)) {
char* p = fname_after_chroot(cfg->dnstap_socket_path, cfg, 1);
if(!p) {
log_err("malloc failure");
return NULL;
}
char* p = cfg->dnstap_socket_path;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(p,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
p += strlen(cfg->chrootdir);
verbose(VERB_OPS, "attempting to connect to dnstap socket %s",
p);
check_socket_file(p);
free(p);
}
env = (struct dt_env *) calloc(1, sizeof(struct dt_env));

8
dnstap/dtstream.c
View File

@ -341,15 +341,19 @@ int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, struct config_file *cfg)
dtio->is_bidirectional = cfg->dnstap_bidirectional;
if(dtio->upstream_is_unix) {
char* nm;
if(!cfg->dnstap_socket_path ||
cfg->dnstap_socket_path[0]==0) {
log_err("dnstap setup: no dnstap-socket-path for "
"socket connect");
return 0;
}
nm = cfg->dnstap_socket_path;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
free(dtio->socket_path);
dtio->socket_path = fname_after_chroot(cfg->dnstap_socket_path,
cfg, 1);
dtio->socket_path = strdup(nm);
if(!dtio->socket_path) {
log_err("dnstap setup: malloc failure");
return 0;

163
doc/Changelog
View File

@ -1,3 +1,166 @@
30 November 2020: Wouter
- Fix assertion failure on double callback when iterator loses
interest in query at head of line that then has the tcp stream
not kept for reuse.
- tag for the 1.13.0rc4 release.
27 November 2020: Wouter
- Fix compile warning for type cast in http2_submit_dns_response.
- Fix when use free buffer to initialize rbtree for stream reuse.
- Fix compile warnings for windows.
- Fix compile warnings in rpz initialization.
- Fix contrib/metrics.awk for FreeBSD awk compatibility.
- tag for the 1.13.0rc3 release.
26 November 2020: Wouter
- Fix to omit UDP receive errors from log, if verbosity low.
These happen because of udp-connect.
- For #352: contrib/metrics.awk for Prometheus style metrics output.
- Fix that after failed read, the readagain cannot activate.
- Clear readagain upon decommission of pending tcp structure.
25 November 2020: Wouter
- with udp-connect ignore connection refused with UDP timeouts.
- Fix udp-connect on FreeBSD, do send calls on connected UDP socket.
- Better fix for reuse tree comparison for is-tls sockets. Where
the tree key identity is preserved after cleanup of the TLS state.
- Remove debug commands from reuse tests.
- Fix memory leak for edns client tag opcode config element.
- Attempt fix for libevent state in tcp reuse cases after a packet
is written.
- Fix readagain and writeagain callback functions for comm point
cleanup.
- tag for the 1.13.0rc2 release.
24 November 2020: Wouter
- Merge PR #283 : Stream reuse. This implements upstream stream
reuse for performing several queries over the same TCP or TLS
channel.
- set version of main branch to 1.13.0 for upcoming release.
- iana portlist updated.
- Fix one port unit test for udp-connect.
- tag for the 1.13.0rc1 release.
- Fix crash when TLS connection is closed prematurely, when
reuse tree comparison is not properly identical to insertion.
- Fix padding of struct regional for 32bit systems.
23 November 2020: George
- Merge PR #313 from Ralph Dolmans: Replace edns-client-tag with
edns-client-string option.
23 November 2020: Wouter
- Merge #351 from dvzrv: Add AF_NETLINK to set of allowed socket
address families.
- Fix #350: with the AF_NETLINK permission, to fix 1.12.0 error:
failed to list interfaces: getifaddrs: Address family not
supported by protocol.
- Fix #347: IP_DONTFRAG broken on Apple xcode 12.2.
- Option to toggle udp-connect, default is enabled.
- Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere
with chown of pidfile.
- Further fix for it and retvalue 0 fix for it.
12 November 2020: Wouter
- Fix to connect() to UDP destinations, default turned on,
this lowers vulnerability to ICMP side channels.
- Retry for interfaces with unused ports if possible.
10 November 2020: Wouter
- Fix #341: fixing a possible memory leak.
- Fix memory leak after fix for possible memory leak failure.
- Fix #343: Fail to build --with-libnghttp2 with error: 'SSIZE_MAX'
undeclared.
27 October 2020: Wouter
- In man page note that tls-cert-bundle is read before permission
drop and chroot.
22 October 2020: Wouter
- Fix #333: Unbound Segmentation Fault w/ log_info Functions From
Python Mod.
- Fix that minimal-responses does not remove addresses from a priming
query response.
21 October 2020: George
- Fix #327: net/if.h check fails on some darwin versions; contribution by
Joshua Root.
- Fix #320: potential memory corruption due to size miscomputation upton
custom region alloc init.
21 October 2020: Wouter
- Merge PR #228 : infra-keep-probing option to probe hosts that are
down. Add infra-keep-probing: yes option. Hosts that are down are
probed more frequently.
With the option turned on, it probes about every 120 seconds,
eventually after exponential backoff, and that keeps that way. If
traffic keeps up for the domain. It probes with one at a time, eg.
one query is allowed to probe, other queries within that 120 second
interval are turned away.
19 October 2020: George
- Merge PR #324 from James Renken: Add modern X.509v3 extensions to
unbound-control TLS certificates.
- Fix for PR #324 to attach the x509v3 extensions to the client
certificate.
19 October 2020: Ralph
- local-zone regional allocations outside of chunk
19 October 2020: Wouter
- Fix that http settings have colon in set_option, for
http-endpoint, http-max-streams, http-query-buffer-size,
http-response-buffer-size, and http-nodelay.
- Fix memory leak of https port string when reading config.
- Fix #330: [Feature request] Add unencrypted DNS over HTTPS support.
This adds the option http-notls-downstream: yesno to change that,
and the dohclient test code has the -n option.
- Fix python documentation warning on functions.rst inplace_cb_reply.
- Fix dnstap test to wait for log timer to see if queries are logged.
- Log ip address when http session recv fails, eg. due to tls fail.
- Fix to set the tcp handler event toggle flag back to default when
the handler structure is reused.
- Clean the fix for out of order TCP processing limits on number
of queries. It was tested to work.
16 October 2020: Wouter
- Fix that the out of order TCP processing does not limit the
number of outstanding queries over a connection.
15 October 2020: George
- Fix that if there are reply callbacks for the given rcode, those
are called per reply and a new message created if that was modified
by the call.
- Pass the comm_reply information to the inplace_cb_reply* functions
during the mesh state and update the documentation on that.
15 October 2020: Wouter
- Merge PR #326 from netblue30: DoH: implement content-length
header field
- DoH content length, simplify code, remove declaration after
statement and fix cast warning.
14 October 2020: Wouter
- Fix for python reply callback to see mesh state reply_list member,
it only removes it briefly for the commpoint call so that it does
not drop it and attempt to modify the reply list during reply.
- Fix that if there are on reply callbacks, those are called per
reply and a new message created if that was modified by the call.
- Free up auth zone parse region after use for lookup of host
13 October 2020: Wouter
- Fix #323: unbound testsuite fails on mock build in systemd-nspawn
if systemd support is build.
9 October 2020: Wouter
- Fix dnstap socket and the chroot not applied properly to the dnstap
socket path.
- Fix warning in libnss compile, nss_buf2dsa is not used without DSA.
8 October 2020: Wouter
- Tag for 1.12.0 release.
- Current repo is version 1.12.1 in development.
- Fix #319: potential memory leak on config failure, in rpz config.
1 October 2020: Wouter
- Current repo is version 1.12.0 for release. Tag for 1.12.0rc1.

2
doc/README
View File

@ -1,4 +1,4 @@
README for Unbound 1.12.0
README for Unbound 1.13.0
Copyright 2007 NLnet Labs
http://unbound.net

11
doc/example.conf.in
View File

@ -1,7 +1,7 @@
#
# Example configuration file.
#
# See unbound.conf(5) man page, version 1.12.0.
# See unbound.conf(5) man page, version 1.13.0.
#
# this is a comment.
@ -161,6 +161,9 @@ server:
# msec to wait before close of port on timeout UDP. 0 disables.
# delay-close: 0
# perform connect for UDP sockets to mitigate ICMP side channel.
# udp-connect: yes
# msec for waiting for an unknown server to reply. Increase if you
# are behind a slow satellite link, to eg. 1128.
# unknown-server-time-limit: 376
@ -192,6 +195,9 @@ server:
# minimum wait time for responses, increase if uplink is long. In msec.
# infra-cache-min-rtt: 50
# enable to make server probe down hosts more frequently.
# infra-keep-probing: no
# the number of slabs to use for the Infrastructure cache.
# the number of slabs must be a power of 2.
# more slabs reduce lock contention, but fragment memory usage.
@ -788,6 +794,9 @@ server:
# service.
# http-nodelay: yes
# Disable TLS for DNS-over-HTTP downstream service.
# http-notls-downstream: no
# DNS64 prefix. Must be specified when DNS64 is use.
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
# dns64-prefix: 64:ff9b::0/96

4
doc/libunbound.3.in
View File

@ -1,4 +1,4 @@
.TH "libunbound" "3" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
.TH "libunbound" "3" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
@ -44,7 +44,7 @@
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
\- Unbound DNS validating resolver 1.12.0 functions.
\- Unbound DNS validating resolver 1.13.0 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP

2
doc/unbound-anchor.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-anchor" "8" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
.TH "unbound-anchor" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"

2
doc/unbound-checkconf.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-checkconf" "8" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
.TH "unbound-checkconf" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"

2
doc/unbound-control.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound-control" "8" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
.TH "unbound-control" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"

2
doc/unbound-host.1.in
View File

@ -1,4 +1,4 @@
.TH "unbound\-host" "1" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
.TH "unbound\-host" "1" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.\"
.\" unbound-host.1 -- unbound DNS lookup utility
.\"

4
doc/unbound.8.in
View File

@ -1,4 +1,4 @@
.TH "unbound" "8" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
.TH "unbound" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.\"
.\" unbound.8 -- unbound manual
.\"
@ -9,7 +9,7 @@
.\"
.SH "NAME"
.B unbound
\- Unbound DNS validating resolver 1.12.0.
\- Unbound DNS validating resolver 1.13.0.
.SH "SYNOPSIS"
.B unbound
.RB [ \-h ]

35
doc/unbound.conf.5.in
View File

@ -1,4 +1,4 @@
.TH "unbound.conf" "5" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
.TH "unbound.conf" "5" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
@ -274,6 +274,10 @@ eg. 1500 msec. When timeouts happen you need extra sockets, it checks
the ID and remote IP of packets, and unwanted packets are added to the
unwanted packet counter.
.TP
.B udp\-connect: \fI<yes or no>
Perform connect for UDP sockets that mitigates ICMP side channel leakage.
Default is yes.
.TP
.B unknown\-server\-time\-limit: \fI<msec>
The wait time in msec for waiting for an unknown server to reply.
Increase this if you are behind a slow satellite link, to eg. 1128.
@ -382,6 +386,12 @@ Lower limit for dynamic retransmit timeout calculation in infrastructure
cache. Default is 50 milliseconds. Increase this value if using forwarders
needing more time to do recursive name resolution.
.TP
.B infra\-keep\-probing: \fI<yes or no>
If enabled the server keeps probing hosts that are down, in the one probe
at a time regime. Default is no. Hosts that are down, eg. they did
not respond during the one probe at a time period, are marked as down and
it may take \fBinfra\-host\-ttl\fR time to get probed again.
.TP
.B define\-tag: \fI<"list of tags">
Define the tags that can be used with local\-zone and access\-control.
Enclose the list between quotes ("") and put spaces between tags.
@ -516,7 +526,8 @@ Alternate syntax for \fBtls\-port\fR.
If null or "", no file is used. Set it to the certificate bundle file,
for example "/etc/pki/tls/certs/ca\-bundle.crt". These certificates are used
for authenticating connections made to outside peers. For example auth\-zone
urls, and also DNS over TLS connections.
urls, and also DNS over TLS connections. It is read at start up before
permission drop and chroot.
.TP
.B ssl\-cert\-bundle: \fI<file>
Alternate syntax for \fBtls\-cert\-bundle\fR.
@ -587,6 +598,10 @@ megabytes or gigabytes (1024*1024 bytes in a megabyte).
Set TCP_NODELAY socket option on sockets used to provide DNS-over-HTTPS service.
Ignored if the option is not available. Default is yes.
.TP
.B http\-notls\-downstream: \fI<yes or no>
Disable use of TLS for the downstream DNS-over-HTTP connections. Useful for
local back end servers. Default is no.
.TP
.B use\-systemd: \fI<yes or no>
Enable or disable systemd socket activation.
Default is no.
@ -1535,15 +1550,15 @@ Set the number of servers that should be used for fast server selection. Only
use the fastest specified number of servers with the fast\-server\-permil
option, that turns this on or off. The default is to use the fastest 3 servers.
.TP 5
.B edns\-client\-tag: \fI<IP netblock> <tag data>
Include an edns-client-tag option in queries with destination address matching
the configured IP netblock. This configuration option can be used multiple
times. The most specific match will be used. The tag data is configured in
decimal format, from 0 to 65535.
.B edns\-client\-string: \fI<IP netblock> <string>
Include an EDNS0 option containing configured ascii string in queries with
destination address matching the configured IP netblock. This configuration
option can be used multiple times. The most specific match will be used.
.TP 5
.B edns\-client\-tag\-opcode: \fI<opcode>
EDNS0 option code for the edns-client-tag option, from 0 to 65535. Default is
16, as assigned by IANA.
.B edns\-client\-string\-opcode: \fI<opcode>
EDNS0 option code for the \fIedns\-client\-string\fR option, from 0 to 65535.
A value from the `Reserved for Local/Experimental` range (65001-65534) should
be used. Default is 65001.
.SS "Remote Control Options"
In the
.B remote\-control:

2
libunbound/context.c
View File

@ -80,7 +80,7 @@ context_finalize(struct ub_ctx* ctx)
return UB_INITFAIL;
if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz))
return UB_INITFAIL;
if(!edns_tags_apply_cfg(ctx->env->edns_tags, cfg))
if(!edns_strings_apply_cfg(ctx->env->edns_strings, cfg))
return UB_INITFAIL;
if(!slabhash_is_size(ctx->env->msg_cache, cfg->msg_cache_size,
cfg->msg_cache_slabs)) {

10
libunbound/libunbound.c
View File

@ -154,8 +154,8 @@ static struct ub_ctx* ub_ctx_create_nopipe(void)
errno = ENOMEM;
return NULL;
}
ctx->env->edns_tags = edns_tags_create();
if(!ctx->env->edns_tags) {
ctx->env->edns_strings = edns_strings_create();
if(!ctx->env->edns_strings) {
auth_zones_delete(ctx->env->auth_zones);
edns_known_options_delete(ctx->env);
config_delete(ctx->env->cfg);
@ -186,7 +186,7 @@ ub_ctx_create(void)
config_delete(ctx->env->cfg);
modstack_desetup(&ctx->mods, ctx->env);
edns_known_options_delete(ctx->env);
edns_tags_delete(ctx->env->edns_tags);
edns_strings_delete(ctx->env->edns_strings);
free(ctx->env);
free(ctx);
errno = e;
@ -199,7 +199,7 @@ ub_ctx_create(void)
config_delete(ctx->env->cfg);
modstack_desetup(&ctx->mods, ctx->env);
edns_known_options_delete(ctx->env);
edns_tags_delete(ctx->env->edns_tags);
edns_strings_delete(ctx->env->edns_strings);
free(ctx->env);
free(ctx);
errno = e;
@ -338,7 +338,7 @@ ub_ctx_delete(struct ub_ctx* ctx)
infra_delete(ctx->env->infra_cache);
config_delete(ctx->env->cfg);
edns_known_options_delete(ctx->env);
edns_tags_delete(ctx->env->edns_tags);
edns_strings_delete(ctx->env->edns_strings);
auth_zones_delete(ctx->env->auth_zones);
free(ctx->env);
}

2
libunbound/libworker.c
View File

@ -238,7 +238,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb)
ports, numports, cfg->unwanted_threshold,
cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w,
cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx,
cfg->delay_close, cfg->tls_use_sni, NULL);
cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect);
w->env->outnet = w->back;
if(!w->is_bg || w->is_bg_thread) {
lock_basic_unlock(&ctx->cfglock);

7
pythonmod/doc/examples/example6.rst
View File

@ -60,7 +60,6 @@ The callback function's prototype is the following:
:param **kwargs: Dictionary that may contain parameters added in a future
release. Current parameters:
``repinfo``: Reply information for a communication point (comm_reply).
It is None when the callback happens in the mesh states.
:return: True on success, False on failure.
@ -105,8 +104,6 @@ The callback function's prototype is the following:
:param **kwargs: Dictionary that may contain parameters added in a future
release. Current parameters:
``repinfo``: Reply information for a communication point (comm_reply).
It is None when the callback happens in the mesh
states(modules).
:return: True on success, False on failure.
@ -154,8 +151,6 @@ The callback function's prototype is the following:
:param **kwargs: Dictionary that may contain parameters added in a future
release. Current parameters:
``repinfo``: Reply information for a communication point (comm_reply).
It is None when the callback happens in the mesh
states(modules).
:return: True on success, False on failure.
@ -201,8 +196,6 @@ The callback function's prototype is the following:
:param **kwargs: Dictionary that may contain parameters added in a future
release. Current parameters:
``repinfo``: Reply information for a communication point (comm_reply).
It is None when the callback happens in the mesh
states(modules).
:return: True on success, False on failure.

5
pythonmod/doc/modules/functions.rst
View File

@ -89,7 +89,7 @@ EDNS options
Inplace callbacks
-----------------
.. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region)
.. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region, \*\*kwargs)
Function prototype for callback functions used in
`register_inplace_cb_reply`_, `register_inplace_cb_reply_cache`_,
@ -102,6 +102,9 @@ Inplace callbacks
:param edns: :class:`edns_data`
:param opt_list_out: :class:`edns_option`. EDNS option list to append options to.
:param region: :class:`regional`
:param \*\*kwargs: Dictionary that may contain parameters added in a future
release. Current parameters:
``repinfo``: :class:`comm_reply`. Reply information for a communication point.
.. function:: inplace_cb_query(qinfo, flags, qstate, addr, zone, region)

30
pythonmod/examples/inplace_callbacks.py
View File

@ -43,7 +43,7 @@
# This query returns SERVFAIL as the txt record of bogus.nlnetlabs.nl is
# intentionally bogus. The reply will contain an empty EDNS option
# with option code 65003.
# Unbound will also log the source address(es) of the client(s) that made
# Unbound will also log the source address of the client that made
# the request.
# (unbound needs to be validating for this example to work)
@ -91,8 +91,6 @@ def inplace_reply_callback(qinfo, qstate, rep, rcode, edns, opt_list_out,
:param **kwargs: Dictionary that may contain parameters added in a future
release. Current parameters:
``repinfo``: Reply information for a communication point (comm_reply).
It is None when the callback happens in the mesh
states(modules).
:return: True on success, False on failure.
@ -121,8 +119,6 @@ def inplace_cache_callback(qinfo, qstate, rep, rcode, edns, opt_list_out,
:param **kwargs: Dictionary that may contain parameters added in a future
release. Current parameters:
``repinfo``: Reply information for a communication point (comm_reply).
It is None when the callback happens in the mesh
states(modules).
:return: True on success, False on failure.
@ -173,8 +169,6 @@ def inplace_local_callback(qinfo, qstate, rep, rcode, edns, opt_list_out,
:param **kwargs: Dictionary that may contain parameters added in a future
release. Current parameters:
``repinfo``: Reply information for a communication point (comm_reply).
It is None when the callback happens in the mesh
states(modules).
:return: True on success, False on failure.
@ -205,13 +199,11 @@ def inplace_servfail_callback(qinfo, qstate, rep, rcode, edns, opt_list_out,
:param **kwargs: Dictionary that may contain parameters added in a future
release. Current parameters:
``repinfo``: Reply information for a communication point (comm_reply).
It is None when the callback happens in the mesh
states(modules).
:return: True on success, False on failure.
For demonstration purposes we want to reply with an empty EDNS code '65003'
and log the IP address(es) of the client(s).
and log the IP address of the client.
"""
log_info("python: called back while servfail.")
@ -219,30 +211,14 @@ def inplace_servfail_callback(qinfo, qstate, rep, rcode, edns, opt_list_out,
b = bytearray.fromhex("")
edns_opt_list_append(opt_list_out, 65003, b, region)
# Log the client(s) IP address(es)
# Log the client's IP address
comm_reply = kwargs['repinfo']
if comm_reply:
# If it is not None this callback was called before the query reached
# the mesh states(modules). There is only one client associated with
# this query.
addr = comm_reply.addr
port = comm_reply.port
addr_family = comm_reply.family
log_info("python: Client IP: {}({}), port: {}"
"".format(addr, addr_family, port))
else:
# If it is not None this callback was called while the query is in the
# mesh states(modules). In this case they may be multiple clients
# waiting for this query.
# The following code is the same as with the resip.py example.
rl = qstate.mesh_info.reply_list
while (rl):
if rl.query_reply:
q = rl.query_reply
log_info("python: Client IP: {}({}), port: {}"
"".format(q.addr, q.family, q.port))
rl = rl.next
return True

26
pythonmod/interface.i
View File

@ -1413,6 +1413,19 @@ struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t n
/******************************
* Various debugging functions *
******************************/
/* rename the variadic functions because python does the formatting already*/
%rename (unbound_log_info) log_info;
%rename (unbound_log_err) log_err;
%rename (unbound_log_warn) log_warn;
%rename (unbound_verbose) verbose;
/* provide functions that take one string as argument, so python can cook
the string */
%rename (log_info) pymod_log_info;
%rename (log_warn) pymod_log_warn;
%rename (log_err) pymod_log_err;
%rename (verbose) pymod_verbose;
void verbose(enum verbosity_value level, const char* format, ...);
void log_info(const char* format, ...);
void log_err(const char* format, ...);
@ -1422,6 +1435,19 @@ void log_dns_msg(const char* str, struct query_info* qinfo, struct reply_info* r
void log_query_info(enum verbosity_value v, const char* str, struct query_info* qinf);
void regional_log_stats(struct regional *r);
/* the one argument string log functions */
void pymod_log_info(const char* str);
void pymod_log_err(const char* str);
void pymod_log_warn(const char* str);
void pymod_verbose(enum verbosity_value level, const char* str);
%{
void pymod_log_info(const char* str) { log_info("%s", str); }
void pymod_log_err(const char* str) { log_err("%s", str); }
void pymod_log_warn(const char* str) { log_warn("%s", str); }
void pymod_verbose(enum verbosity_value level, const char* str) {
verbose(level, "%s", str); }
%}
/***************************************************************************
* Free allocated memory from marked sources returning corresponding types *
***************************************************************************/

6
respip/respip.c
View File

@ -914,7 +914,7 @@ respip_rewrite_reply(const struct query_info* qinfo,
int ret = 1;
struct ub_packed_rrset_key* redirect_rrset = NULL;
struct rpz* r;
struct auth_zone* a;
struct auth_zone* a = NULL;
struct ub_packed_rrset_key* data = NULL;
int rpz_used = 0;
int rpz_log = 0;
@ -1109,7 +1109,7 @@ respip_operate(struct module_qstate* qstate, enum module_ev event, int id,
qstate->return_msg && qstate->return_msg->rep) {
struct reply_info* new_rep = qstate->return_msg->rep;
struct ub_packed_rrset_key* alias_rrset = NULL;
struct respip_action_info actinfo = {0};
struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL};
actinfo.action = respip_none;
if(!respip_rewrite_reply(&qstate->qinfo,
@ -1170,7 +1170,7 @@ respip_merge_cname(struct reply_info* base_rep,
struct ub_packed_rrset_key* alias_rrset = NULL; /* ditto */
uint16_t tgt_rcode;
size_t i, j;
struct respip_action_info actinfo = {0};
struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL};
actinfo.action = respip_none;
/* If the query for the CNAME target would result in an unusual rcode,

2
services/authzone.c
View File

@ -5387,6 +5387,7 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has no answer", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
}
}
regional_free_all(temp);
} else {
if(verbosity >= VERB_ALGO) {
char zname[255+1];
@ -6444,6 +6445,7 @@ void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has no address", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
}
}
regional_free_all(temp);
} else {
if(verbosity >= VERB_ALGO) {
char zname[255+1];

28
services/cache/infra.c vendored
View File

@ -244,6 +244,7 @@ infra_create(struct config_file* cfg)
return NULL;
}
infra->host_ttl = cfg->host_ttl;
infra->infra_keep_probing = cfg->infra_keep_probing;
infra_dp_ratelimit = cfg->ratelimit;
infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
@ -297,6 +298,7 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg)
if(!infra)
return infra_create(cfg);
infra->host_ttl = cfg->host_ttl;
infra->infra_keep_probing = cfg->infra_keep_probing;
infra_dp_ratelimit = cfg->ratelimit;
infra_ip_ratelimit = cfg->ip_ratelimit;
maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+
@ -445,6 +447,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
if(e && ((struct infra_data*)e->data)->ttl < timenow) {
/* it expired, try to reuse existing entry */
int old = ((struct infra_data*)e->data)->rtt.rto;
time_t tprobe = ((struct infra_data*)e->data)->probedelay;
uint8_t tA = ((struct infra_data*)e->data)->timeout_A;
uint8_t tAAAA = ((struct infra_data*)e->data)->timeout_AAAA;
uint8_t tother = ((struct infra_data*)e->data)->timeout_other;
@ -460,6 +463,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
if(old >= USEFUL_SERVER_TOP_TIMEOUT) {
((struct infra_data*)e->data)->rtt.rto
= USEFUL_SERVER_TOP_TIMEOUT;
((struct infra_data*)e->data)->probedelay = tprobe;
((struct infra_data*)e->data)->timeout_A = tA;
((struct infra_data*)e->data)->timeout_AAAA = tAAAA;
((struct infra_data*)e->data)->timeout_other = tother;
@ -482,7 +486,8 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
*edns_vs = data->edns_version;
*edns_lame_known = data->edns_lame_known;
*to = rtt_timeout(&data->rtt);
if(*to >= PROBE_MAXRTO && rtt_notimeout(&data->rtt)*4 <= *to) {
if(*to >= PROBE_MAXRTO && (infra->infra_keep_probing ||
rtt_notimeout(&data->rtt)*4 <= *to)) {
/* delay other queries, this is the probe query */
if(!wr) {
lock_rw_unlock(&e->lock);
@ -566,18 +571,27 @@ infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr,
struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen,
nm, nmlen, 1);
struct infra_data* data;
int needtoinsert = 0;
int needtoinsert = 0, expired = 0;
int rto = 1;
time_t oldprobedelay = 0;
if(!e) {
if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow)))
return 0;
needtoinsert = 1;
} else if(((struct infra_data*)e->data)->ttl < timenow) {
oldprobedelay = ((struct infra_data*)e->data)->probedelay;
data_entry_init(infra, e, timenow);
expired = 1;
}
/* have an entry, update the rtt */
data = (struct infra_data*)e->data;
if(roundtrip == -1) {
if(needtoinsert || expired) {
/* timeout on entry that has expired before the timer
* keep old timeout from the function caller */
data->rtt.rto = orig_rtt;
data->probedelay = oldprobedelay;
}
rtt_lost(&data->rtt, orig_rtt);
if(qtype == LDNS_RR_TYPE_A) {
if(data->timeout_A < TIMEOUT_COUNT_MAX)
@ -681,7 +695,12 @@ infra_get_lame_rtt(struct infra_cache* infra,
return 0;
host = (struct infra_data*)e->data;
*rtt = rtt_unclamped(&host->rtt);
if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay
if(host->rtt.rto >= PROBE_MAXRTO && timenow >= host->probedelay
&& infra->infra_keep_probing) {
/* single probe, keep probing */
if(*rtt >= USEFUL_SERVER_TOP_TIMEOUT)
*rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
} else if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay
&& rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) {
/* single probe for this domain, and we are not probing */
/* unless the query type allows a probe to happen */
@ -704,7 +723,8 @@ infra_get_lame_rtt(struct infra_cache* infra,
/* see if this can be a re-probe of an unresponsive server */
/* minus 1000 because that is outside of the RTTBAND, so
* blacklisted servers stay blacklisted if this is chosen */
if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT ||
infra->infra_keep_probing) {
lock_rw_unlock(&e->lock);
*rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
*lame = 0;

2
services/cache/infra.h vendored
View File

@ -114,6 +114,8 @@ struct infra_cache {
struct slabhash* hosts;
/** TTL value for host information, in seconds */
int host_ttl;
/** the hosts that are down are kept probed for recovery */
int infra_keep_probing;
/** hash table with query rates per name: rate_key, rate_data */
struct slabhash* domain_rates;
/** ratelimit settings for domains, struct domain_limit_data */

54
services/listen_dnsport.c
View File

@ -43,6 +43,7 @@
# include <sys/types.h>
#endif
#include <sys/time.h>
#include <limits.h>
#ifdef USE_TCP_FASTOPEN
#include <netinet/tcp.h>
#endif
@ -81,9 +82,6 @@
/** number of queued TCP connections for listen() */
#define TCP_BACKLOG 256
/** number of simultaneous requests a client can have */
#define TCP_MAX_REQ_SIMULTANEOUS 32
#ifndef THREADS_DISABLED
/** lock on the counter of stream buffer memory */
static lock_basic_type stream_wait_count_lock;
@ -533,7 +531,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
return -1;
}
}
# elif defined(IP_DONTFRAG)
# elif defined(IP_DONTFRAG) && !defined(__APPLE__)
/* the IP_DONTFRAG option if defined in the 11.0 OSX headers,
* but does not work on that version, so we exclude it */
int off = 0;
if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG,
&off, (socklen_t)sizeof(off)) < 0) {
@ -1244,8 +1244,9 @@ struct listen_dnsport*
listen_create(struct comm_base* base, struct listen_port* ports,
size_t bufsize, int tcp_accept_count, int tcp_idle_timeout,
int harden_large_queries, uint32_t http_max_streams,
char* http_endpoint, struct tcl_list* tcp_conn_limit, void* sslctx,
struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg)
char* http_endpoint, int http_notls, struct tcl_list* tcp_conn_limit,
void* sslctx, struct dt_env* dtenv, comm_point_callback_type* cb,
void *cb_arg)
{
struct listen_dnsport* front = (struct listen_dnsport*)
malloc(sizeof(struct listen_dnsport));
@ -1295,15 +1296,19 @@ listen_create(struct comm_base* base, struct listen_port* ports,
http_max_streams, http_endpoint,
tcp_conn_limit, bufsize, front->udp_buff,
ports->ftype, cb, cb_arg);
cp->ssl = sslctx;
if(http_notls && ports->ftype == listen_type_http)
cp->ssl = NULL;
else
cp->ssl = sslctx;
if(ports->ftype == listen_type_http) {
if(!sslctx) {
log_warn("HTTPS port configured, but no TLS "
if(!sslctx && !http_notls) {
log_warn("HTTPS port configured, but no TLS "
"tls-service-key or tls-service-pem "
"set");
}
#ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
log_warn("Unbound is not compiled with an "
if(!http_notls)
log_warn("Unbound is not compiled with an "
"OpenSSL version supporting ALPN "
" (OpenSSL >= 1.0.2). This is required "
"to use DNS-over-HTTPS");
@ -1402,6 +1407,7 @@ static int
resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addresses, int *ip_addresses_size)
{
struct ifaddrs *ifa;
void *tmpbuf;
int last_ip_addresses_size = *ip_addresses_size;
for(ifa = ifas; ifa != NULL; ifa = ifa->ifa_next) {
@ -1466,10 +1472,12 @@ resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addres
}
verbose(4, "interface %s has address %s", search_ifa, addr_buf);
*ip_addresses = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1));
if(!*ip_addresses) {
tmpbuf = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1));
if(!tmpbuf) {
log_err("realloc failed: out of memory");
return 0;
} else {
*ip_addresses = tmpbuf;
}
(*ip_addresses)[*ip_addresses_size] = strdup(addr_buf);
if(!(*ip_addresses)[*ip_addresses_size]) {
@ -1480,10 +1488,12 @@ resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addres
}
if (*ip_addresses_size == last_ip_addresses_size) {
*ip_addresses = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1));
if(!*ip_addresses) {
tmpbuf = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1));
if(!tmpbuf) {
log_err("realloc failed: out of memory");
return 0;
} else {
*ip_addresses = tmpbuf;
}
(*ip_addresses)[*ip_addresses_size] = strdup(search_ifa);
if(!(*ip_addresses)[*ip_addresses_size]) {
@ -1804,8 +1814,7 @@ tcp_req_info_setup_listen(struct tcp_req_info* req)
if(!req->cp->tcp_is_reading)
wr = 1;
if(req->num_open_req + req->num_done_req < TCP_MAX_REQ_SIMULTANEOUS &&
!req->read_is_closed)
if(!req->read_is_closed)
rd = 1;
if(wr) {
@ -2177,9 +2186,10 @@ int http2_submit_dns_response(struct http2_session* h2_session)
int ret;
nghttp2_data_provider data_prd;
char status[4];
nghttp2_nv headers[2];
nghttp2_nv headers[3];
struct http2_stream* h2_stream = h2_session->c->h2_stream;
size_t rlen;
char rlen_str[32];
if(h2_stream->rbuffer) {
log_err("http2 submit response error: rbuffer already "
@ -2198,6 +2208,8 @@ int http2_submit_dns_response(struct http2_session* h2_session)
}
rlen = sldns_buffer_remaining(h2_session->c->buffer);
snprintf(rlen_str, sizeof(rlen_str), "%u", (unsigned)rlen);
lock_basic_lock(&http2_response_buffer_count_lock);
if(http2_response_buffer_count + rlen > http2_response_buffer_max) {
lock_basic_unlock(&http2_response_buffer_count_lock);
@ -2228,13 +2240,11 @@ int http2_submit_dns_response(struct http2_session* h2_session)
headers[1].valuelen = 23;
headers[1].flags = NGHTTP2_NV_FLAG_NONE;
/*TODO be nice and add the content-length header
headers[2].name = (uint8_t*)"content-length";
headers[2].namelen = 14;
headers[2].value =
headers[2].valuelen =
headers[2].value = (uint8_t*)rlen_str;
headers[2].valuelen = strlen(rlen_str);
headers[2].flags = NGHTTP2_NV_FLAG_NONE;
*/
sldns_buffer_write(h2_stream->rbuffer,
sldns_buffer_current(h2_session->c->buffer),
@ -2244,7 +2254,7 @@ int http2_submit_dns_response(struct http2_session* h2_session)
data_prd.source.ptr = h2_session;
data_prd.read_callback = http2_submit_response_read_callback;
ret = nghttp2_submit_response(h2_session->session, h2_stream->stream_id,
headers, 2, &data_prd);
headers, 3, &data_prd);
if(ret) {
verbose(VERB_QUERY, "http2: set_stream_user_data failed, "
"error: %s", nghttp2_strerror(ret));

6
services/listen_dnsport.h
View File

@ -159,6 +159,7 @@ int resolve_interface_names(struct config_file* cfg, char*** resif,
* @param harden_large_queries: whether query size should be limited.
* @param http_max_streams: maximum number of HTTP/2 streams per connection.
* @param http_endpoint: HTTP endpoint to service queries on
* @param http_notls: no TLS for http downstream
* @param tcp_conn_limit: TCP connection limit info.
* @param sslctx: nonNULL if ssl context.
* @param dtenv: nonNULL if dnstap enabled.
@ -171,8 +172,9 @@ struct listen_dnsport*
listen_create(struct comm_base* base, struct listen_port* ports,
size_t bufsize, int tcp_accept_count, int tcp_idle_timeout,
int harden_large_queries, uint32_t http_max_streams,
char* http_endpoint, struct tcl_list* tcp_conn_limit, void* sslctx,
struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg);
char* http_endpoint, int http_notls, struct tcl_list* tcp_conn_limit,
void* sslctx, struct dt_env* dtenv, comm_point_callback_type* cb,
void *cb_arg);
/**
* delete the listening structure

2
services/localzone.c
View File

@ -157,7 +157,7 @@ local_zone_create(uint8_t* nm, size_t len, int labs,
z->namelen = len;
z->namelabs = labs;
lock_rw_init(&z->lock);
z->region = regional_create_custom(sizeof(struct regional));
z->region = regional_create_nochunk(sizeof(struct regional));
if(!z->region) {
free(z);
return NULL;

59
services/mesh.c
View File

@ -1196,6 +1196,12 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
/* Copy the client's EDNS for later restore, to make sure the edns
* compare is with the correct edns options. */
struct edns_data edns_bak = r->edns;
/* briefly set the replylist to null in case the
* meshsendreply calls tcpreqinfo sendreply that
* comm_point_drops because of size, and then the
* null stops the mesh state remove and thus
* reply_list modification and accounting */
struct mesh_reply* rlist = m->reply_list;
/* examine security status */
if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) ||
m->s.env->cfg->ignore_cd) && rep &&
@ -1218,15 +1224,21 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
r->h2_stream->mesh_state = NULL;
}
/* send the reply */
/* We don't reuse the encoded answer if either the previous or current
* response has a local alias. We could compare the alias records
* and still reuse the previous answer if they are the same, but that
* would be complicated and error prone for the relatively minor case.
* So we err on the side of safety. */
if(prev && prev_buffer && prev->qflags == r->qflags &&
/* We don't reuse the encoded answer if:
* - either the previous or current response has a local alias. We could
* compare the alias records and still reuse the previous answer if they
* are the same, but that would be complicated and error prone for the
* relatively minor case. So we err on the side of safety.
* - there are registered callback functions for the given rcode, as these
* need to be called for each reply. */
if(((rcode != LDNS_RCODE_SERVFAIL &&
!m->s.env->inplace_cb_lists[inplace_cb_reply]) ||
(rcode == LDNS_RCODE_SERVFAIL &&
!m->s.env->inplace_cb_lists[inplace_cb_reply_servfail])) &&
prev && prev_buffer && prev->qflags == r->qflags &&
!prev->local_alias && !r->local_alias &&
prev->edns.edns_present == r->edns.edns_present &&
prev->edns.bits == r->edns.bits &&
prev->edns.edns_present == r->edns.edns_present &&
prev->edns.bits == r->edns.bits &&
prev->edns.udp_size == r->edns.udp_size &&
edns_opt_list_compare(prev->edns.opt_list, r->edns.opt_list)
== 0) {
@ -1236,22 +1248,26 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
sldns_buffer_write_at(r_buffer, 0, &r->qid, sizeof(uint16_t));
sldns_buffer_write_at(r_buffer, 12, r->qname,
m->s.qinfo.qname_len);
m->reply_list = NULL;
comm_point_send_reply(&r->query_reply);
m->reply_list = rlist;
} else if(rcode) {
m->s.qinfo.qname = r->qname;
m->s.qinfo.local_alias = r->local_alias;
if(rcode == LDNS_RCODE_SERVFAIL) {
if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
rep, rcode, &r->edns, NULL, m->s.region))
rep, rcode, &r->edns, &r->query_reply, m->s.region))
r->edns.opt_list = NULL;
} else {
if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode,
&r->edns, NULL, m->s.region))
&r->edns, &r->query_reply, m->s.region))
r->edns.opt_list = NULL;
}
error_encode(r_buffer, rcode, &m->s.qinfo, r->qid,
r->qflags, &r->edns);
m->reply_list = NULL;
comm_point_send_reply(&r->query_reply);
m->reply_list = rlist;
} else {
size_t udp_size = r->edns.udp_size;
r->edns.edns_version = EDNS_ADVERTISED_VERSION;
@ -1261,7 +1277,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
m->s.qinfo.qname = r->qname;
m->s.qinfo.local_alias = r->local_alias;
if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep,
LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region) ||
LDNS_RCODE_NOERROR, &r->edns, &r->query_reply, m->s.region) ||
!apply_edns_options(&r->edns, &edns_bak,
m->s.env->cfg, r->query_reply.c,
m->s.region) ||
@ -1271,13 +1287,15 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
secure))
{
if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
rep, LDNS_RCODE_SERVFAIL, &r->edns, NULL, m->s.region))
rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region))
r->edns.opt_list = NULL;
error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
&m->s.qinfo, r->qid, r->qflags, &r->edns);
}
r->edns = edns_bak;
m->reply_list = NULL;
comm_point_send_reply(&r->query_reply);
m->reply_list = rlist;
}
/* account */
log_assert(m->s.env->mesh->num_reply_addrs > 0);
@ -1365,20 +1383,12 @@ void mesh_query_done(struct mesh_state* mstate)
mstate->reply_list = reply_list;
} else {
struct sldns_buffer* r_buffer = r->query_reply.c->buffer;
struct mesh_reply* rlist = mstate->reply_list;
if(r->query_reply.c->tcp_req_info) {
r_buffer = r->query_reply.c->tcp_req_info->spool_buffer;
prev_buffer = NULL;
}
/* briefly set the replylist to null in case the
* meshsendreply calls tcpreqinfo sendreply that
* comm_point_drops because of size, and then the
* null stops the mesh state remove and thus
* reply_list modification and accounting */
mstate->reply_list = NULL;
mesh_send_reply(mstate, mstate->s.return_rcode, rep,
r, r_buffer, prev, prev_buffer);
mstate->reply_list = rlist;
if(r->query_reply.c->tcp_req_info) {
tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate);
r_buffer = NULL;
@ -1894,7 +1904,7 @@ mesh_serve_expired_callback(void* arg)
{
struct mesh_state* mstate = (struct mesh_state*) arg;
struct module_qstate* qstate = &mstate->s;
struct mesh_reply* r, *rlist;
struct mesh_reply* r;
struct mesh_area* mesh = qstate->env->mesh;
struct dns_msg* msg;
struct mesh_cb* c;
@ -1999,15 +2009,8 @@ mesh_serve_expired_callback(void* arg)
r_buffer = r->query_reply.c->buffer;
if(r->query_reply.c->tcp_req_info)
r_buffer = r->query_reply.c->tcp_req_info->spool_buffer;
/* briefly set the replylist to null in case the meshsendreply
* calls tcpreqinfo sendreply that comm_point_drops because
* of size, and then the null stops the mesh state remove and
* thus reply_list modification and accounting */
rlist = mstate->reply_list;
mstate->reply_list = NULL;
mesh_send_reply(mstate, LDNS_RCODE_NOERROR, msg->rep,
r, r_buffer, prev, prev_buffer);
mstate->reply_list = rlist;
if(r->query_reply.c->tcp_req_info)
tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate);
prev = r;

1087
services/outside_network.c
View File

File diff suppressed because it is too large Load Diff

145
services/outside_network.h
View File

@ -52,6 +52,7 @@ struct ub_randstate;
struct pending_tcp;
struct waiting_tcp;
struct waiting_udp;
struct reuse_tcp;
struct infra_cache;
struct port_comm;
struct port_if;
@ -106,6 +107,9 @@ struct outside_network {
int delayclose;
/** timeout for delayclose */
struct timeval delay_tv;
/** if we perform udp-connect, connect() for UDP socket to mitigate
* ICMP side channel leakage */
int udp_connect;
/** array of outgoing IP4 interfaces */
struct port_if* ip4_ifs;
@ -154,6 +158,21 @@ struct outside_network {
size_t num_tcp;
/** number of tcp communication points in use. */
size_t num_tcp_outgoing;
/**
* tree of still-open and waiting tcp connections for reuse.
* can be closed and reopened to get a new tcp connection.
* or reused to the same destination again. with timeout to close.
* Entries are of type struct reuse_tcp.
* The entries are both active and empty connections.
*/
rbtree_type tcp_reuse;
/** max number of tcp_reuse entries we want to keep open */
size_t tcp_reuse_max;
/** first and last(oldest) in lru list of reuse connections.
* the oldest can be closed to get a new free pending_tcp if needed
* The list contains empty connections, that wait for timeout or
* a new query that can use the existing connection. */
struct reuse_tcp* tcp_reuse_first, *tcp_reuse_last;
/** list of tcp comm points that are free for use */
struct pending_tcp* tcp_free;
/** list of tcp queries waiting for a buffer */
@ -211,6 +230,76 @@ struct port_comm {
struct comm_point* cp;
};
/**
* Reuse TCP connection, still open can be used again.
*/
struct reuse_tcp {
/** rbtree node with links in tcp_reuse tree. key is NULL when not
* in tree. Both active and empty connections are in the tree.
* key is a pointer to this structure, the members used to compare
* are the sockaddr and and then is-ssl bool, and then ptr value is
* used in case the same address exists several times in the tree
* when there are multiple connections to the same destination to
* make the rbtree items unique. */
rbnode_type node;
/** the key for the tcp_reuse tree. address of peer, ip4 or ip6,
* and port number of peer */
struct sockaddr_storage addr;
/** length of addr */
socklen_t addrlen;
/** also key for tcp_reuse tree, if ssl is used */
int is_ssl;
/** lru chain, so that the oldest can be removed to get a new
* connection when all are in (re)use. oldest is last in list.
* The lru only contains empty connections waiting for reuse,
* the ones with active queries are not on the list because they
* do not need to be closed to make space for others. They already
* service a query so the close for another query does not help
* service a larger number of queries. */
struct reuse_tcp* lru_next, *lru_prev;
/** true if the reuse_tcp item is on the lru list with empty items */
int item_on_lru_list;
/** the connection to reuse, the fd is non-1 and is open.
* the addr and port determine where the connection is going,
* and is key to the rbtree. The SSL ptr determines if it is
* a TLS connection or a plain TCP connection there. And TLS
* or not is also part of the key to the rbtree.
* There is a timeout and read event on the fd, to close it. */
struct pending_tcp* pending;
/**
* The more read again value pointed to by the commpoint
* tcp_more_read_again pointer, so that it exists after commpoint
* delete
*/
int cp_more_read_again;
/**
* The more write again value pointed to by the commpoint
* tcp_more_write_again pointer, so that it exists after commpoint
* delete
*/
int cp_more_write_again;
/** rbtree with other queries waiting on the connection, by ID number,
* of type struct waiting_tcp. It is for looking up received
* answers to the structure for callback. And also to see if ID
* numbers are unused and can be used for a new query.
* The write_wait elements are also in the tree, so that ID numbers
* can be looked up also for them. They are bool write_wait_queued. */
rbtree_type tree_by_id;
/** list of queries waiting to be written on the channel,
* if NULL no queries are waiting to be written and the pending->query
* is the query currently serviced. The first is the next in line.
* They are also in the tree_by_id. Once written, the are removed
* from this list, but stay in the tree. */
struct waiting_tcp* write_wait_first, *write_wait_last;
/** the outside network it is part of */
struct outside_network* outnet;
};
/** max number of queries on a reuse connection */
#define MAX_REUSE_TCP_QUERIES 200
/** timeout for REUSE entries in milliseconds. */
#define REUSE_TIMEOUT 60000
/**
* A query that has an answer pending for it.
*/
@ -255,12 +344,15 @@ struct pending {
struct pending_tcp {
/** next in list of free tcp comm points, or NULL. */
struct pending_tcp* next_free;
/** the ID for the query; checked in reply */
uint16_t id;
/** tcp comm point it was sent on (and reply must come back on). */
struct comm_point* c;
/** the query being serviced, NULL if the pending_tcp is unused. */
struct waiting_tcp* query;
/** the pre-allocated reuse tcp structure. if ->pending is nonNULL
* it is in use and the connection is waiting for reuse.
* It is here for memory pre-allocation, and used to make this
* pending_tcp wait for reuse. */
struct reuse_tcp reuse;
};
/**
@ -269,12 +361,27 @@ struct pending_tcp {
struct waiting_tcp {
/**
* next in waiting list.
* if pkt==0, this points to the pending_tcp structure.
* if on_tcp_waiting_list==0, this points to the pending_tcp structure.
*/
struct waiting_tcp* next_waiting;
/** if true the item is on the tcp waiting list and next_waiting
* is used for that. If false, the next_waiting points to the
* pending_tcp */
int on_tcp_waiting_list;
/** next and prev in query waiting list for stream connection */
struct waiting_tcp* write_wait_prev, *write_wait_next;
/** true if the waiting_tcp structure is on the write_wait queue */
int write_wait_queued;
/** entry in reuse.tree_by_id, if key is NULL, not in tree, otherwise,
* this struct is key and sorted by ID (from waiting_tcp.id). */
rbnode_type id_node;
/** the ID for the query; checked in reply */
uint16_t id;
/** timeout event; timer keeps running whether the query is
* waiting for a buffer or the tcp reply is pending */
struct comm_timer* timer;
/** timeout in msec */
int timeout;
/** the outside network it is part of */
struct outside_network* outnet;
/** remote address. */
@ -284,13 +391,14 @@ struct waiting_tcp {
/**
* The query itself, the query packet to send.
* allocated after the waiting_tcp structure.
* set to NULL when the query is serviced and it part of pending_tcp.
* if this is NULL, the next_waiting points to the pending_tcp.
*/
uint8_t* pkt;
/** length of query packet. */
size_t pkt_len;
/** callback for the timeout, error or reply to the message */
/** callback for the timeout, error or reply to the message,
* or NULL if no user is waiting. the entry uses an ID number.
* a query that was written is no longer needed, but the ID number
* and a reply will come back and can be ignored if NULL */
comm_point_callback_type* cb;
/** callback user argument */
void* cb_arg;
@ -298,6 +406,8 @@ struct waiting_tcp {
int ssl_upstream;
/** ref to the tls_auth_name from the serviced_query */
char* tls_auth_name;
/** the packet was involved in an error, to stop looping errors */
int error_count;
};
/**
@ -421,6 +531,7 @@ struct serviced_query {
* msec to wait on timeouted udp sockets.
* @param tls_use_sni: if SNI is used for TLS connections.
* @param dtenv: environment to send dnstap events with (if enabled).
* @param udp_connect: if the udp_connect option is enabled.
* @return: the new structure (with no pending answers) or NULL on error.
*/
struct outside_network* outside_network_create(struct comm_base* base,
@ -429,7 +540,8 @@ struct outside_network* outside_network_create(struct comm_base* base,
struct ub_randstate* rnd, int use_caps_for_id, int* availports,
int numavailports, size_t unwanted_threshold, int tcp_mss,
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv);
void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv,
int udp_connect);
/**
* Delete outside_network structure.
@ -546,6 +658,19 @@ size_t outnet_get_mem(struct outside_network* outnet);
*/
size_t serviced_get_mem(struct serviced_query* sq);
/** Pick random ID value for a tcp stream, avoids existing IDs. */
uint16_t reuse_tcp_select_id(struct reuse_tcp* reuse,
struct outside_network* outnet);
/** find element in tree by id */
struct waiting_tcp* reuse_tcp_by_id_find(struct reuse_tcp* reuse, uint16_t id);
/** insert element in tree by id */
void reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w);
/** delete readwait waiting_tcp elements, deletes the elements in the list */
void reuse_del_readwait(rbtree_type* tree_by_id);
/** get TCP file descriptor for address, returns -1 on failure,
* tcp_mss is 0 or maxseg size to set for TCP packets. */
int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int dscp);
@ -643,4 +768,10 @@ int pending_cmp(const void* key1, const void* key2);
/** compare function of serviced query rbtree */
int serviced_cmp(const void* key1, const void* key2);
/** compare function of reuse_tcp rbtree in outside_network struct */
int reuse_cmp(const void* key1, const void* key2);
/** compare function of reuse_tcp tree_by_id rbtree */
int reuse_id_cmp(const void* key1, const void* key2);
#endif /* OUTSIDE_NETWORK_H */

2
services/rpz.c
View File

@ -440,6 +440,8 @@ rpz_create(struct config_auth* p)
respip_set_delete(r->respip_set);
if(r->taglist)
free(r->taglist);
if(r->region)
regional_destroy(r->region);
free(r);
}
return NULL;

13
smallapp/unbound-control-setup.sh.in
View File

@ -120,12 +120,19 @@ if [ ! -f "$SVR_BASE.key" ]; then
fi
cat >server.cnf <<EOF
[req]
default_bits=$BITS
default_md=$HASH
prompt=no
distinguished_name=req_distinguished_name
x509_extensions=v3_ca
[req_distinguished_name]
commonName=$SERVERNAME
[v3_ca]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=critical,CA:TRUE,pathlen:0
subjectAltName=DNS:$SERVERNAME
EOF
[ -f server.cnf ] || fatal "cannot create openssl configuration"
@ -156,8 +163,12 @@ default_bits=$BITS
default_md=$HASH
prompt=no
distinguished_name=req_distinguished_name
req_extensions=v3_req
[req_distinguished_name]
commonName=$CLIENTNAME
[v3_req]
basicConstraints=critical,CA:FALSE
subjectAltName=DNS:$CLIENTNAME
EOF
[ -f client.cnf ] || fatal "cannot create openssl configuration"
@ -179,6 +190,8 @@ if [ ! -f "$CTL_BASE.pem" -o $RECREATE -eq 1 ]; then
-CAkey "$SVR_BASE.key" \
-CAcreateserial \
-$HASH \
-extfile client.cnf \
-extensions v3_req \
-out "$CTL_BASE.pem"
[ ! -f "CTL_BASE.pem" ] || fatal "cannot create signed client certificate"

3
testcode/do-tests.sh
View File

@ -29,6 +29,9 @@ else
HAVE_MINGW=no
fi
# stop tests from notifying systemd, if that is compiled in.
export -n NOTIFY_SOCKET
cd testdata;
sh ../testcode/mini_tdir.sh clean
rm -f .perfstats.txt

136
testcode/dohclient.c
View File

@ -90,6 +90,7 @@ static void usage(char* argv[])
printf("-e HTTP endpoint, default: /dns-query\n");
printf("-c Content-type in request, default: "
"application/dns-message\n");
printf("-n no-tls, TLS is disabled\n");
printf("-h This help text\n");
exit(1);
}
@ -185,7 +186,10 @@ submit_query(struct http2_session* h2_session, struct sldns_buffer* buf)
headers[1].name = (uint8_t*)":path";
headers[1].value = (uint8_t*)h2_stream->path;
headers[2].name = (uint8_t*)":scheme";
headers[2].value = (uint8_t*)"https";
if(h2_session->ssl)
headers[2].value = (uint8_t*)"https";
else
headers[2].value = (uint8_t*)"http";
headers[3].name = (uint8_t*)":authority";
headers[3].value = (uint8_t*)h2_session->authority;
headers[4].name = (uint8_t*)"content-type";
@ -246,6 +250,7 @@ static ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session),
{
struct http2_session* h2_session = (struct http2_session*)cb_arg;
int r;
ssize_t ret;
struct timeval tv, *waittv;
fd_set rfd;
ERR_clear_error();
@ -267,35 +272,58 @@ static ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session),
return NGHTTP2_ERR_WOULDBLOCK;
}
r = SSL_read(h2_session->ssl, buf, len);
if(r <= 0) {
int want = SSL_get_error(h2_session->ssl, r);
if(want == SSL_ERROR_ZERO_RETURN) {
if(h2_session->ssl) {
r = SSL_read(h2_session->ssl, buf, len);
if(r <= 0) {
int want = SSL_get_error(h2_session->ssl, r);
if(want == SSL_ERROR_ZERO_RETURN) {
return NGHTTP2_ERR_EOF;
}
log_crypto_err("could not SSL_read");
return NGHTTP2_ERR_EOF;
}
log_crypto_err("could not SSL_read");
return r;
}
ret = read(h2_session->fd, buf, len);
if(ret == 0) {
return NGHTTP2_ERR_EOF;
} else if(ret < 0) {
log_err("could not http2 read: %s", strerror(errno));
return NGHTTP2_ERR_EOF;
}
return r;
return ret;
}
static ssize_t http2_send_cb(nghttp2_session* ATTR_UNUSED(session),
const uint8_t* buf, size_t len, int ATTR_UNUSED(flags), void* cb_arg)
{
struct http2_session* h2_session = (struct http2_session*)cb_arg;
ssize_t ret;
int r;
ERR_clear_error();
r = SSL_write(h2_session->ssl, buf, len);
if(r <= 0) {
int want = SSL_get_error(h2_session->ssl, r);
if(want == SSL_ERROR_ZERO_RETURN) {
if(h2_session->ssl) {
int r;
ERR_clear_error();
r = SSL_write(h2_session->ssl, buf, len);
if(r <= 0) {
int want = SSL_get_error(h2_session->ssl, r);
if(want == SSL_ERROR_ZERO_RETURN) {
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
log_crypto_err("could not SSL_write");
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
log_crypto_err("could not SSL_write");
return r;
}
ret = write(h2_session->fd, buf, len);
if(ret == 0) {
return NGHTTP2_ERR_CALLBACK_FAILURE;
} else if(ret < 0) {
log_err("could not http2 write: %s", strerror(errno));
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
return r;
return ret;
}
static int http2_stream_close_cb(nghttp2_session* ATTR_UNUSED(session),
@ -459,7 +487,7 @@ http2_read(struct http2_session* h2_session)
}
static void
run(struct http2_session* h2_session, int port, int count, char** q)
run(struct http2_session* h2_session, int port, int no_tls, int count, char** q)
{
int i;
SSL_CTX* ctx = NULL;
@ -470,26 +498,28 @@ run(struct http2_session* h2_session, int port, int count, char** q)
fd = open_svr(h2_session->authority, port);
h2_session->fd = fd;
ctx = connect_sslctx_create(NULL, NULL, NULL, 0);
if(!ctx) fatal_exit("cannot create ssl ctx");
SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3);
ssl = outgoing_ssl_fd(ctx, fd);
if(!ssl) {
printf("cannot create ssl\n");
exit(1);
}
h2_session->ssl = ssl;
while(1) {
int r;
ERR_clear_error();
if( (r=SSL_do_handshake(ssl)) == 1)
break;
r = SSL_get_error(ssl, r);
if(r != SSL_ERROR_WANT_READ &&
r != SSL_ERROR_WANT_WRITE) {
log_crypto_err("could not ssl_handshake");
if(!no_tls) {
ctx = connect_sslctx_create(NULL, NULL, NULL, 0);
if(!ctx) fatal_exit("cannot create ssl ctx");
SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3);
ssl = outgoing_ssl_fd(ctx, fd);
if(!ssl) {
printf("cannot create ssl\n");
exit(1);
}
h2_session->ssl = ssl;
while(1) {
int r;
ERR_clear_error();
if( (r=SSL_do_handshake(ssl)) == 1)
break;
r = SSL_get_error(ssl, r);
if(r != SSL_ERROR_WANT_READ &&
r != SSL_ERROR_WANT_WRITE) {
log_crypto_err("could not ssl_handshake");
exit(1);
}
}
}
http2_submit_setting(h2_session);
@ -511,9 +541,13 @@ run(struct http2_session* h2_session, int port, int count, char** q)
/* shutdown */
http2_session_delete(h2_session);
SSL_shutdown(ssl);
SSL_free(ssl);
SSL_CTX_free(ctx);
if(ssl) {
SSL_shutdown(ssl);
SSL_free(ssl);
}
if(ctx) {
SSL_CTX_free(ctx);
}
close(fd);
}
@ -524,10 +558,21 @@ extern char* optarg;
int main(int argc, char** argv)
{
int c;
int port = UNBOUND_DNS_OVER_HTTPS_PORT;
struct http2_session* h2_session = http2_session_create();
if(!h2_session) fatal_exit("out of memory");
int port = UNBOUND_DNS_OVER_HTTPS_PORT, no_tls = 0;
struct http2_session* h2_session;
#ifdef USE_WINSOCK
WSADATA wsa_data;
if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) {
printf("WSAStartup failed\n");
return 1;
}
#endif
log_init(0, 0, 0);
checklock_start();
h2_session = http2_session_create();
if(!h2_session) fatal_exit("out of memory");
if(argc == 1) {
usage(argv);
}
@ -537,7 +582,7 @@ int main(int argc, char** argv)
h2_session->endpoint = "/dns-query";
h2_session->content_type = "application/dns-message";
while((c=getopt(argc, argv, "c:e:hs:p:P")) != -1) {
while((c=getopt(argc, argv, "c:e:hns:p:P")) != -1) {
switch(c) {
case 'c':
h2_session->content_type = optarg;
@ -545,6 +590,9 @@ int main(int argc, char** argv)
case 'e':
h2_session->endpoint = optarg;
break;
case 'n':
no_tls = 1;
break;
case 'p':
if(atoi(optarg)==0 && strcmp(optarg,"0")!=0) {
printf("error parsing port, "
@ -573,8 +621,12 @@ int main(int argc, char** argv)
}
run(h2_session, port, argc, argv);
run(h2_session, port, no_tls, argc, argv);
checklock_stop();
#ifdef USE_WINSOCK
WSACleanup();
#endif
return 0;
}
#else

27
testcode/fake_event.c
View File

@ -872,6 +872,7 @@ listen_create(struct comm_base* base, struct listen_port* ATTR_UNUSED(ports),
int ATTR_UNUSED(harden_large_queries),
uint32_t ATTR_UNUSED(http_max_streams),
char* ATTR_UNUSED(http_endpoint),
int ATTR_UNUSED(http_notls),
struct tcl_list* ATTR_UNUSED(tcp_conn_limit),
void* ATTR_UNUSED(sslctx), struct dt_env* ATTR_UNUSED(dtenv),
comm_point_callback_type* cb, void *cb_arg)
@ -1044,7 +1045,7 @@ outside_network_create(struct comm_base* base, size_t bufsize,
void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param),
int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx),
int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni),
struct dt_env* ATTR_UNUSED(dtenv))
struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect))
{
struct replay_runtime* runtime = (struct replay_runtime*)base;
struct outside_network* outnet = calloc(1,
@ -1213,7 +1214,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
sldns_buffer_flip(pend->buffer);
if(1) {
struct edns_data edns;
struct edns_tag_addr* client_tag_addr;
struct edns_string_addr* client_string_addr;
if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen,
zone, zonelen, qstate, qstate->region)) {
free(pend);
@ -1227,13 +1228,13 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
edns.bits = 0;
if(dnssec)
edns.bits = EDNS_DO;
if((client_tag_addr = edns_tag_addr_lookup(
&env->edns_tags->client_tags,
if((client_string_addr = edns_string_addr_lookup(
&env->edns_strings->client_strings,
addr, addrlen))) {
uint16_t client_tag = htons(client_tag_addr->tag_data);
edns_opt_list_append(&qstate->edns_opts_back_out,
env->edns_tags->client_tag_opcode, 2,
(uint8_t*)&client_tag, qstate->region);
env->edns_strings->client_string_opcode,
client_string_addr->string_len,
client_string_addr->string, qstate->region);
}
edns.opt_list = qstate->edns_opts_back_out;
attach_edns_record(pend->buffer, &edns);
@ -1510,6 +1511,18 @@ int serviced_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b))
return 0;
}
int reuse_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b))
{
log_assert(0);
return 0;
}
int reuse_id_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b))
{
log_assert(0);
return 0;
}
/* timers in testbound for autotrust. statistics tested in tdir. */
struct comm_timer* comm_timer_create(struct comm_base* base,
void (*cb)(void*), void* cb_arg)

2
testcode/run_vm.sh
View File

@ -40,6 +40,8 @@ cleanup() {
exit 0
}
trap cleanup INT
# stop tests from notifying systemd, if that is compiled in.
export -n NOTIFY_SOCKET
for t in $RUNLIST
do

4
testcode/testbound.c
View File

@ -362,6 +362,10 @@ main(int argc, char* argv[])
/* we do not want the test to depend on the timezone */
(void)putenv("TZ=UTC");
memset(pass_argv, 0, sizeof(pass_argv));
#ifdef HAVE_SYSTEMD
/* we do not want the test to use systemd daemon startup notification*/
(void)unsetenv("NOTIFY_SOCKET");
#endif /* HAVE_SYSTEMD */
log_init(NULL, 0, NULL);
/* determine commandline options for the daemon */

47
testcode/unitmain.c
View File

@ -839,6 +839,52 @@ static void respip_test(void)
respip_conf_actions_test();
}
#include "services/outside_network.h"
/** add number of new IDs to the reuse tree, randomly chosen */
static void tcpid_addmore(struct reuse_tcp* reuse,
struct outside_network* outnet, unsigned int addnum)
{
unsigned int i;
struct waiting_tcp* w;
for(i=0; i<addnum; i++) {
uint16_t id = reuse_tcp_select_id(reuse, outnet);
unit_assert(!reuse_tcp_by_id_find(reuse, id));
w = calloc(1, sizeof(*w));
unit_assert(w);
w->id = id;
w->outnet = outnet;
w->next_waiting = (void*)reuse->pending;
reuse_tree_by_id_insert(reuse, w);
}
}
/** fill up the reuse ID tree and test assertions */
static void tcpid_fillup(struct reuse_tcp* reuse,
struct outside_network* outnet)
{
int t, numtest=3;
for(t=0; t<numtest; t++) {
rbtree_init(&reuse->tree_by_id, reuse_id_cmp);
tcpid_addmore(reuse, outnet, 65535);
reuse_del_readwait(&reuse->tree_by_id);
}
}
/** test TCP ID selection */
static void tcpid_test(void)
{
struct pending_tcp pend;
struct outside_network outnet;
unit_show_func("services/outside_network.c", "reuse_tcp_select_id");
memset(&pend, 0, sizeof(pend));
pend.reuse.pending = &pend;
memset(&outnet, 0, sizeof(outnet));
outnet.rnd = ub_initstate(NULL);
rbtree_init(&pend.reuse.tree_by_id, reuse_id_cmp);
tcpid_fillup(&pend.reuse, &outnet);
ub_randfree(outnet.rnd);
}
void unit_show_func(const char* file, const char* func)
{
printf("test %s:%s\n", file, func);
@ -907,6 +953,7 @@ main(int argc, char* argv[])
infra_test();
ldns_test();
msgparse_test();
tcpid_test();
#ifdef CLIENT_SUBNET
ecs_test();
#endif /* CLIENT_SUBNET */

2
testdata/dnstap.tdir/dnstap.pre vendored
View File

@ -45,7 +45,7 @@ fi
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < dnstap.conf > ub.conf
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
$PRE/unbound -d -c ub.conf -vvvv >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test

2
testdata/dnstap.tdir/dnstap.test vendored
View File

@ -59,6 +59,8 @@ dig @127.0.0.1 -p $UNBOUND_PORT q7.example.net.
dig @127.0.0.1 -p $UNBOUND_PORT q8.example.net.
dig @127.0.0.1 -p $UNBOUND_PORT q9.example.net.
dig @127.0.0.1 -p $UNBOUND_PORT q10.example.net.
echo "> wait for log to happen on timer"
sleep 3
for x in q1 q2 q3 q4 5 q6 q7 q8 q9 q10; do
if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi
if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi

28
testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf vendored Normal file
View File

@ -0,0 +1,28 @@
server:
verbosity: 2
# num-threads: 1
interface: 127.0.0.1@@PORT@
https-port: @PORT@
tls-service-key: "unbound_server.key"
tls-service-pem: "unbound_server.pem"
use-syslog: no
directory: .
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
http-query-buffer-size: 1G
http-response-buffer-size: 1G
http-max-streams: 200
http-notls-downstream: yes
local-zone: "example.net" static
local-data: "www1.example.net. IN A 1.2.3.1"
local-data: "www2.example.net. IN A 1.2.3.2"
local-data: "www3.example.net. IN A 1.2.3.3"
local-zone: "drop.net" deny
tcp-upstream: yes
forward-zone:
name: "."
forward-addr: "127.0.0.1@@TOPORT@"

16
testdata/doh_downstream_notls.tdir/doh_downstream_notls.dsc vendored Normal file
View File

@ -0,0 +1,16 @@
BaseName: doh_downstream_notls
Version: 1.0
Description: Test DNS-over-HTTP query processing with no-tls
CreationDate: Mon Jun 12 12:00:00 CET 2020
Maintainer:
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: doh_downstream_notls.pre
Post: doh_downstream_notls.post
Test: doh_downstream_notls.test
AuxFiles:
Passed:
Failure:

13
testdata/doh_downstream_notls.tdir/doh_downstream_notls.post vendored Normal file
View File

@ -0,0 +1,13 @@
# #-- doh_downstream_notls.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
PRE="../.."
if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
. ../common.sh
kill_pid $FWD_PID
kill_pid $UNBOUND_PID
cat unbound.log

33
testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre vendored Normal file
View File

@ -0,0 +1,33 @@
# #-- doh_downstream_notls.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
get_random_port 2
UNBOUND_PORT=$RND_PORT
FWD_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
# start forwarder
get_ldns_testns
$LDNS_TESTNS -p $FWD_PORT doh_downstream_notls.testns >fwd.log 2>&1 &
FWD_PID=$!
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_notls.conf > ub.conf
# start unbound in the background
$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_ldns_testns_up fwd.log
wait_unbound_up unbound.log

339
testdata/doh_downstream_notls.tdir/doh_downstream_notls.test vendored Normal file
View File

@ -0,0 +1,339 @@
# #-- doh_downstream_notls.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
get_make
(cd $PRE; $MAKE dohclient)
# this test query should just work (server is up)
echo "> query www1.example.net."
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www1.example.net" outfile | grep "1.2.3.1"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
echo "OK"
# multiple requests (from localdata)
echo "> query www1.example.net. www2.example.net. www3.example.net."
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www1.example.net" outfile | grep "1.2.3.1"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www2.example.net" outfile | grep "1.2.3.2"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www3.example.net" outfile | grep "1.2.3.3"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
# out of order requests, the example.com elements take 2 seconds to wait.
echo ""
echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net."
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www1.example.net" outfile | grep "1.2.3.1"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www2.example.net" outfile | grep "1.2.3.2"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www3.example.net" outfile | grep "1.2.3.3"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www.example.com" outfile | grep "10.20.30.40"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www2.example.com" outfile | grep "10.20.30.42"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
# out of order requests, the example.com elements take 2 seconds to wait.
# www.example.com present twice, answered twice.
echo ""
echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net."
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www1.example.net" outfile | grep "1.2.3.1"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www2.example.net" outfile | grep "1.2.3.2"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www3.example.net" outfile | grep "1.2.3.3"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www.example.com" outfile | grep "10.20.30.40"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
# out of order requests, the example.com elements take 2 seconds to wait.
# www3.example.com present twice, answered twice.
echo ""
echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net."
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www1.example.net" outfile | grep "1.2.3.1"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www2.example.net" outfile | grep "1.2.3.2"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www3.example.net" outfile | grep "1.2.3.3"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www3.example.com" outfile | grep "10.20.30.43"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
echo ""
echo "> query www4.example.com. www3.example.net."
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www3.example.net" outfile | grep "1.2.3.3"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
if grep "www4.example.com" outfile | grep "10.20.30.44"; then
echo "content OK"
else
echo "result contents not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "result contents not OK"
exit 1
fi
echo ""
echo "> query a1.example.com. - a90.example.com."
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
num_ans=$(grep -B 3 "a.example.com. IN A" outfile | grep "rcode: NOERROR" | wc -l )
if test "$num_ans" -ne 90; then
echo "number of answers not OK"
echo "> cat logfiles"
cat outfile
cat fwd.log
cat unbound.log
echo "Not OK"
exit 1
fi
echo "OK"
exit 0

74
testdata/doh_downstream_notls.tdir/doh_downstream_notls.testns vendored Normal file
View File

@ -0,0 +1,74 @@
; nameserver test file
$ORIGIN example.com.
$TTL 3600
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id sleep=2
SECTION QUESTION
www IN A
SECTION ANSWER
www IN A 10.20.30.40
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www2 IN A
SECTION ANSWER
www2 IN A 10.20.30.42
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id
SECTION QUESTION
www3 IN A
SECTION ANSWER
www3 IN A 10.20.30.43
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id sleep=2
SECTION QUESTION
www4 IN A
SECTION ANSWER
www4 IN A 10.20.30.44
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id sleep=2
SECTION QUESTION
www5 IN A
SECTION ANSWER
www5 IN A 10.20.30.45
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
REPLY QR AA NOERROR
ADJUST copy_id sleep=2
SECTION QUESTION
www6 IN A
SECTION ANSWER
www6 IN A 10.20.30.46
ENTRY_END
; lots of noerror/nodata answers for other queries (a.. queries)
ENTRY_BEGIN
MATCH opcode qtype subdomain
REPLY QR AA NOERROR
ADJUST copy_id copy_query
SECTION QUESTION
a.example.com. IN A
SECTION AUTHORITY
example.com. IN SOA ns hostmaster 2019 28800 7200 604800 3600
ENTRY_END

15
testdata/doh_downstream_notls.tdir/unbound_server.key vendored Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
-----END RSA PRIVATE KEY-----

11
testdata/doh_downstream_notls.tdir/unbound_server.pem vendored Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE
AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS
y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/
/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu
g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ
9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG
l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH
Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg==
-----END CERTIFICATE-----

47
testdata/edns_client_tag.rpl → testdata/edns_client_string.rpl vendored
View File

@ -1,14 +1,14 @@
; config options
server:
edns-client-tag: 10.0.0.0/24 1234
edns-client-tag: 10.0.0.10/32 5678
edns-client-string: 10.0.0.0/24 "abc d"
edns-client-string: 10.0.0.10/32 "123AbC!"
stub-zone:
name: "tag1234."
name: "edns-string-abc."
stub-addr: 10.0.0.1
stub-zone:
name: "tag5678."
name: "edns-string-123."
stub-addr: 10.0.0.10
stub-zone:
@ -17,7 +17,7 @@ stub-zone:
CONFIG_END
SCENARIO_BEGIN Test EDNS client tag option
SCENARIO_BEGIN Test EDNS string tag option
RANGE_BEGIN 0 1000
ADDRESS 10.0.0.1
@ -26,9 +26,9 @@ MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
tag1234. IN A
edns-string-abc. IN A
SECTION ANSWER
tag1234. IN A 10.20.30.40
edns-string-abc. IN A 10.20.30.40
SECTION ADDITIONAL
ENTRY_END
RANGE_END
@ -40,9 +40,9 @@ MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
tag5678. IN A
edns-string-123. IN A
SECTION ANSWER
tag5678. IN A 10.20.30.40
edns-string-123. IN A 10.20.30.40
SECTION ADDITIONAL
ENTRY_END
RANGE_END
@ -65,19 +65,19 @@ STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
tag1234. IN A
edns-string-abc. IN A
ENTRY_END
STEP 20 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode ednsdata
SECTION QUESTION
tag1234. IN A
edns-string-abc. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 10 ; Opcode 16
00 02 ; Length 2
04 d2 ; 1234
fd e9 ; Opcode 65001
00 05 ; Length 5
61 62 63 20 64 ; "abc d"
HEX_EDNSDATA_END
ENTRY_END
@ -86,28 +86,29 @@ ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
tag1234. IN A
edns-string-abc. IN A
SECTION ANSWER
tag1234. IN A 10.20.30.40
edns-string-abc. IN A 10.20.30.40
ENTRY_END
STEP 110 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
tag5678. IN A
edns-string-123. IN A
ENTRY_END
STEP 120 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode ednsdata
SECTION QUESTION
tag5678. IN A
edns-string-123. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
00 10 ; Opcode 16
00 02 ; Length 2
16 2e ; 5678
fd e9 ; Opcode 65001
00 07 ; Length 7
31 32 33 41 62 ; "123Ab"
43 21 ; "C!"
HEX_EDNSDATA_END
ENTRY_END
@ -116,9 +117,9 @@ ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
tag5678. IN A
edns-string-123. IN A
SECTION ANSWER
tag5678. IN A 10.20.30.40
edns-string-123. IN A 10.20.30.40
ENTRY_END
STEP 210 QUERY

153
testdata/edns_client_string_opcode.rpl vendored Normal file
View File

@ -0,0 +1,153 @@
; config options
server:
edns-client-string: 10.0.0.0/24 "abc d"
edns-client-string: 10.0.0.10/32 "123AbC!"
edns-client-string-opcode: 65432
stub-zone:
name: "edns-string-abc."
stub-addr: 10.0.0.1
stub-zone:
name: "edns-string-123."
stub-addr: 10.0.0.10
stub-zone:
name: "notag."
stub-addr: 10.10.0.1
CONFIG_END
SCENARIO_BEGIN Test EDNS string tag option
RANGE_BEGIN 0 1000
ADDRESS 10.0.0.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
edns-string-abc. IN A
SECTION ANSWER
edns-string-abc. IN A 10.20.30.40
SECTION ADDITIONAL
ENTRY_END
RANGE_END
RANGE_BEGIN 0 1000
ADDRESS 10.0.0.10
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
edns-string-123. IN A
SECTION ANSWER
edns-string-123. IN A 10.20.30.40
SECTION ADDITIONAL
ENTRY_END
RANGE_END
RANGE_BEGIN 0 1000
ADDRESS 10.10.0.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
notag. IN A
SECTION ANSWER
notag. IN A 10.20.30.40
SECTION ADDITIONAL
ENTRY_END
RANGE_END
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
edns-string-abc. IN A
ENTRY_END
STEP 20 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode ednsdata
SECTION QUESTION
edns-string-abc. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
ff 98 ; Opcode 65432
00 05 ; Length 5
61 62 63 20 64 ; "abc d"
HEX_EDNSDATA_END
ENTRY_END
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
edns-string-abc. IN A
SECTION ANSWER
edns-string-abc. IN A 10.20.30.40
ENTRY_END
STEP 110 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
edns-string-123. IN A
ENTRY_END
STEP 120 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode ednsdata
SECTION QUESTION
edns-string-123. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
ff 98 ; Opcode 65432
00 07 ; Length 7
31 32 33 41 62 ; "123Ab"
43 21 ; "C!"
HEX_EDNSDATA_END
ENTRY_END
STEP 130 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
edns-string-123. IN A
SECTION ANSWER
edns-string-123. IN A 10.20.30.40
ENTRY_END
STEP 210 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
notag. IN A
ENTRY_END
STEP 220 CHECK_OUT_QUERY
ENTRY_BEGIN
MATCH qname qtype opcode ednsdata
SECTION QUESTION
notag. IN A
SECTION ADDITIONAL
HEX_EDNSDATA_BEGIN
HEX_EDNSDATA_END
ENTRY_END
STEP 230 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
notag. IN A
SECTION ANSWER
notag. IN A 10.20.30.40
ENTRY_END
SCENARIO_END

1
testdata/fwd_oneport.tdir/fwd_oneport.conf vendored
View File

@ -13,6 +13,7 @@ server:
num-queries-per-thread: 1024
use-syslog: no
do-not-query-localhost: no
udp-connect: no
forward-zone:
name: "."
forward-addr: "127.0.0.1@@TOPORT@"

17
testdata/tcp_reuse.tdir/tcp_reuse.conf vendored Normal file
View File

@ -0,0 +1,17 @@
server:
verbosity: 5
# num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: .
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
tcp-upstream: yes
forward-zone:
name: "."
forward-addr: "127.0.0.1@@TOPORT@"

39
testdata/tcp_reuse.tdir/tcp_reuse.conf2 vendored Normal file
View File

@ -0,0 +1,39 @@
# this is the upstream server that has pipelining and responds to queries.
server:
verbosity: 1
# num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: .
pidfile: "unbound2.pid"
chroot: ""
username: ""
do-not-query-localhost: no
tcp-idle-timeout: 10000
log-queries: yes
log-replies: yes
log-identity: "upstream"
local-zone: "." refuse
local-zone: "example.com" static
local-data: "www.example.com A 10.20.30.40"
local-data: "www1.example.com A 10.20.30.41"
local-data: "www2.example.com A 10.20.30.42"
local-data: "www3.example.com A 10.20.30.43"
local-data: "www4.example.com A 10.20.30.44"
local-data: "www5.example.com A 10.20.30.45"
local-data: "www6.example.com A 10.20.30.46"
local-data: "www7.example.com A 10.20.30.47"
local-zone: "drop.net" deny
local-zone: "refuse.net" refuse
local-zone: "more.net" redirect
local-data: "more.net A 10.20.30.40"
# if queries escape, send them to localhost
forward-zone:
name: "."
forward-addr: "127.0.0.1@@TOPORT@"

16
testdata/tcp_reuse.tdir/tcp_reuse.dsc vendored Normal file
View File

@ -0,0 +1,16 @@
BaseName: tcp_reuse
Version: 1.0
Description: Test tcp stream reuse.
CreationDate: Wed Jun 03 09:37:00 CET 2020
Maintainer: Wouter Wijngaards
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: tcp_reuse.pre
Post: tcp_reuse.post
Test: tcp_reuse.test
AuxFiles:
Passed:
Failure:

19
testdata/tcp_reuse.tdir/tcp_reuse.post vendored Normal file
View File

@ -0,0 +1,19 @@
# #-- tcp_reuse.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
kill_pid `cat unbound2.pid`
if test -f unbound2.log; then
echo ">>> upstream log"
cat unbound2.log
fi
#kill_pid $UNBOUND_PID
kill_pid `cat unbound.pid`
if test -f unbound.log; then
echo ">>> unbound log"
cat unbound.log
fi

34
testdata/tcp_reuse.tdir/tcp_reuse.pre vendored Normal file
View File

@ -0,0 +1,34 @@
# #-- tcp_reuse.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
get_random_port 2
UNBOUND_PORT=$RND_PORT
UPSTREAM_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "UPSTREAM_PORT=$UPSTREAM_PORT" >> .tpkg.var.test
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tcp_reuse.conf > ub.conf
# start unbound in the background
#$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
$PRE/unbound -d -c ub.conf 2>&1 | tee unbound.log &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
wait_unbound_up unbound.log
# make upstream config file
sed -e 's/@PORT\@/'$UPSTREAM_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tcp_reuse.conf2 > ub2.conf
# start upstream unbound in the background
#$PRE/unbound -d -c ub2.conf >unbound2.log 2>&1 &
$PRE/unbound -d -c ub2.conf 2>&1 | tee unbound2.log &
UPSTREAM_PID=$!
echo "UPSTREAM_PID=$UPSTREAM_PID" >> .tpkg.var.test
wait_unbound_up unbound2.log
cat .tpkg.var.test

309
testdata/tcp_reuse.tdir/tcp_reuse.test vendored Normal file
View File

@ -0,0 +1,309 @@
# #-- tcp_reuse.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
get_make
(cd $PRE; $MAKE streamtcp)
echo "> query www1.example.com."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www1.example.com" outfile | grep "10.20.30.41"; then
echo "content OK"
else
echo "result contents not OK, for www1.example.com"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www1.example.com"
exit 1
fi
echo "OK"
echo ""
# this should be reused on the same tcp stream:
echo "> query www2.example.com."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www2.example.com" outfile | grep "10.20.30.42"; then
echo "content OK"
else
echo "result contents not OK, for www2.example.com"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www2.example.com"
exit 1
fi
echo "> query refuse.net."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT refuse.net. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "rcode: SERVFAIL" outfile; then
echo "content OK"
else
echo "result contents not OK, for refuse.net"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for refuse.net"
exit 1
fi
echo "> query www3.example.com."
echo "> query www4.example.com."
echo "> query www5.example.com."
echo "> query www6.example.com."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www3.example.com. A IN >outfile3 2>&1 &
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN >outfile4 2>&1 &
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN >outfile5 2>&1 &
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN >outfile6 2>&1 &
wait
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile3
cat outfile4
cat outfile5
cat outfile6
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www3.example.com" outfile3 | grep "10.20.30.43"; then
echo "content OK"
else
echo "result contents not OK, for www3.example.com"
echo "> cat logfiles"
cat outfile3
cat outfile4
cat outfile5
cat outfile6
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www3.example.com"
exit 1
fi
if grep "www4.example.com" outfile4 | grep "10.20.30.44"; then
echo "content OK"
else
echo "result contents not OK, for www4.example.com"
echo "> cat logfiles"
cat outfile3
cat outfile4
cat outfile5
cat outfile6
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www4.example.com"
exit 1
fi
if grep "www5.example.com" outfile5 | grep "10.20.30.45"; then
echo "content OK"
else
echo "result contents not OK, for www5.example.com"
echo "> cat logfiles"
cat outfile3
cat outfile4
cat outfile5
cat outfile6
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www5.example.com"
exit 1
fi
if grep "www6.example.com" outfile6 | grep "10.20.30.46"; then
echo "content OK"
else
echo "result contents not OK, for www6.example.com"
echo "> cat logfiles"
cat outfile3
cat outfile4
cat outfile5
cat outfile6
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www6.example.com"
exit 1
fi
echo "> query a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net"
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a1.more.net A IN a2.more.net A IN a3.more.net A IN a4.more.net A IN a5.more.net A IN >outfile 2>&1
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
cat outfile
for x in a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net; do
if grep "$x" outfile | grep "10.20.30.40"; then
echo "content OK for $x"
else
echo "result contents not OK, for $x"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for $x"
exit 1
fi
done
# make the server timeout to drop the upstream connection
echo "> sleep 15"
sleep 15
# see if we are still up.
echo "> query a7.more.net"
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a7.more.net A IN >outfile 2>&1
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
cat outfile
for x in a7.more.net; do
if grep "$x" outfile | grep "10.20.30.40"; then
echo "content OK for $x"
else
echo "result contents not OK, for $x"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for $x"
exit 1
fi
done
# dropconn.drop.net make the server drop the connection.
echo "> query a11.more.net a12.more.net dropconn.drop.net a14.more.net a15.more.net"
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a11.more.net A IN a12.more.net A IN dropconn.drop.net A IN a14.more.net A IN a15.more.net A IN >outfile 2>&1
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
cat outfile
# cannot really check outfile, because it may or may not have answers depending
# on how fast the other server responds or the drop happens, but there are
# a bunch of connection drops, whilst resolving the other queries.
echo "> query drop.net."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT drop.net. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "rcode: SERVFAIL" outfile; then
echo "content OK"
else
echo "result contents not OK, for drop.net"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for drop.net"
exit 1
fi
# timeouts at the end. (so that the server is not marked as failed for
# the other tests).
echo "> query q1.drop.net."
echo "> query q2.drop.net."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q1.drop.net. A IN >outfile1 2>&1 &
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q2.drop.net. A IN >outfile2 2>&1 &
wait
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile1
cat outfile2
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
cat outfile1
cat outfile2
if grep "rcode: SERVFAIL" outfile1; then
echo "content OK"
else
echo "result contents not OK, for q1.drop.net"
echo "> cat logfiles"
cat outfile1
cat outfile2
cat unbound2.log
cat unbound.log
echo "result contents not OK, for q1.drop.net"
exit 1
fi
if grep "rcode: SERVFAIL" outfile2; then
echo "content OK"
else
echo "result contents not OK, for q2.drop.net"
echo "> cat logfiles"
cat outfile1
cat outfile2
cat unbound2.log
cat unbound.log
echo "result contents not OK, for q2.drop.net"
exit 1
fi
echo "OK"
exit 0

18
testdata/tls_reuse.tdir/tls_reuse.conf vendored Normal file
View File

@ -0,0 +1,18 @@
server:
verbosity: 5
# num-threads: 1
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: .
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
tls-cert-bundle: "unbound_server.pem"
tls-upstream: yes
forward-zone:
name: "."
forward-addr: "127.0.0.1@@TOPORT@#unbound"

43
testdata/tls_reuse.tdir/tls_reuse.conf2 vendored Normal file
View File

@ -0,0 +1,43 @@
# this is the upstream server that has pipelining and responds to queries.
server:
verbosity: 1
# num-threads: 1
interface: 127.0.0.1@@PORT@
port: @PORT@
use-syslog: no
directory: .
pidfile: "unbound2.pid"
chroot: ""
username: ""
do-not-query-localhost: no
tls-port: @PORT@
tls-service-key: "unbound_server.key"
tls-service-pem: "unbound_server.pem"
tcp-idle-timeout: 10000
log-queries: yes
log-replies: yes
log-identity: "upstream"
local-zone: "." refuse
local-zone: "example.com" static
local-data: "www.example.com A 10.20.30.40"
local-data: "www1.example.com A 10.20.30.41"
local-data: "www2.example.com A 10.20.30.42"
local-data: "www3.example.com A 10.20.30.43"
local-data: "www4.example.com A 10.20.30.44"
local-data: "www5.example.com A 10.20.30.45"
local-data: "www6.example.com A 10.20.30.46"
local-data: "www7.example.com A 10.20.30.47"
local-zone: "drop.net" deny
local-zone: "refuse.net" refuse
local-zone: "more.net" redirect
local-data: "more.net A 10.20.30.40"
# if queries escape, send them to localhost
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: "127.0.0.1@@TOPORT@"

16
testdata/tls_reuse.tdir/tls_reuse.dsc vendored Normal file
View File

@ -0,0 +1,16 @@
BaseName: tls_reuse
Version: 1.0
Description: Test tls stream reuse.
CreationDate: Wed Jun 30 16:37:00 CET 2020
Maintainer: Wouter Wijngaards
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: tls_reuse.pre
Post: tls_reuse.post
Test: tls_reuse.test
AuxFiles:
Passed:
Failure:

19
testdata/tls_reuse.tdir/tls_reuse.post vendored Normal file
View File

@ -0,0 +1,19 @@
# #-- tls_reuse.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
. ../common.sh
kill_pid `cat unbound2.pid`
if test -f unbound2.log; then
echo ">>> upstream log"
cat unbound2.log
fi
#kill_pid $UNBOUND_PID
kill_pid `cat unbound.pid`
if test -f unbound.log; then
echo ">>> unbound log"
cat unbound.log
fi

34
testdata/tls_reuse.tdir/tls_reuse.pre vendored Normal file
View File

@ -0,0 +1,34 @@
# #-- tls_reuse.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
get_random_port 2
UNBOUND_PORT=$RND_PORT
UPSTREAM_PORT=$(($RND_PORT + 1))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "UPSTREAM_PORT=$UPSTREAM_PORT" >> .tpkg.var.test
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tls_reuse.conf > ub.conf
# start unbound in the background
#$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
$PRE/unbound -d -c ub.conf 2>&1 | tee unbound.log &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
wait_unbound_up unbound.log
# make upstream config file
sed -e 's/@PORT\@/'$UPSTREAM_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tls_reuse.conf2 > ub2.conf
# start upstream unbound in the background
#$PRE/unbound -d -c ub2.conf >unbound2.log 2>&1 &
$PRE/unbound -d -c ub2.conf 2>&1 | tee unbound2.log &
UPSTREAM_PID=$!
echo "UPSTREAM_PID=$UPSTREAM_PID" >> .tpkg.var.test
wait_unbound_up unbound2.log
cat .tpkg.var.test

308
testdata/tls_reuse.tdir/tls_reuse.test vendored Normal file
View File

@ -0,0 +1,308 @@
# #-- tls_reuse.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
get_make
(cd $PRE; $MAKE streamtcp)
echo "> query www1.example.com."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www1.example.com" outfile | grep "10.20.30.41"; then
echo "content OK"
else
echo "result contents not OK, for www1.example.com"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www1.example.com"
exit 1
fi
echo "OK"
echo ""
# this should be reused on the same tcp stream:
echo "> query www2.example.com."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www2.example.com" outfile | grep "10.20.30.42"; then
echo "content OK"
else
echo "result contents not OK, for www2.example.com"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www2.example.com"
exit 1
fi
echo "> query refuse.net."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT refuse.net. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "rcode: SERVFAIL" outfile; then
echo "content OK"
else
echo "result contents not OK, for refuse.net"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for refuse.net"
exit 1
fi
echo "> query www3.example.com."
echo "> query www4.example.com."
echo "> query www5.example.com."
echo "> query www6.example.com."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www3.example.com. A IN >outfile3 2>&1 &
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN >outfile4 2>&1 &
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN >outfile5 2>&1 &
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN >outfile6 2>&1 &
wait
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile3
cat outfile4
cat outfile5
cat outfile6
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "www3.example.com" outfile3 | grep "10.20.30.43"; then
echo "content OK"
else
echo "result contents not OK, for www3.example.com"
echo "> cat logfiles"
cat outfile3
cat outfile4
cat outfile5
cat outfile6
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www3.example.com"
exit 1
fi
if grep "www4.example.com" outfile4 | grep "10.20.30.44"; then
echo "content OK"
else
echo "result contents not OK, for www4.example.com"
echo "> cat logfiles"
cat outfile3
cat outfile4
cat outfile5
cat outfile6
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www4.example.com"
exit 1
fi
if grep "www5.example.com" outfile5 | grep "10.20.30.45"; then
echo "content OK"
else
echo "result contents not OK, for www5.example.com"
echo "> cat logfiles"
cat outfile3
cat outfile4
cat outfile5
cat outfile6
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www5.example.com"
exit 1
fi
if grep "www6.example.com" outfile6 | grep "10.20.30.46"; then
echo "content OK"
else
echo "result contents not OK, for www6.example.com"
echo "> cat logfiles"
cat outfile3
cat outfile4
cat outfile5
cat outfile6
cat unbound2.log
cat unbound.log
echo "result contents not OK, for www6.example.com"
exit 1
fi
echo "> query a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net"
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a1.more.net A IN a2.more.net A IN a3.more.net A IN a4.more.net A IN a5.more.net A IN >outfile 2>&1
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
cat outfile
for x in a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net; do
if grep "$x" outfile | grep "10.20.30.40"; then
echo "content OK for $x"
else
echo "result contents not OK, for $x"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for $x"
exit 1
fi
done
# make the server timeout to drop the upstream connection
echo "> sleep 15"
sleep 15
# see if we are still up.
echo "> query a7.more.net"
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a7.more.net A IN >outfile 2>&1
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
cat outfile
for x in a7.more.net; do
if grep "$x" outfile | grep "10.20.30.40"; then
echo "content OK for $x"
else
echo "result contents not OK, for $x"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for $x"
exit 1
fi
done
# dropconn.drop.net make the server drop the connection.
echo "> query a11.more.net a12.more.net dropconn.drop.net a14.more.net a15.more.net"
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a11.more.net A IN a12.more.net A IN dropconn.drop.net A IN a14.more.net A IN a15.more.net A IN >outfile 2>&1
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
cat outfile
# cannot really check outfile, because it may or may not have answers depending
# on how fast the other server responds or the drop happens, but there are
# a bunch of connection drops, whilst resolving the other queries.
echo "> query drop.net."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT drop.net. A IN >outfile 2>&1
cat outfile
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
if grep "rcode: SERVFAIL" outfile; then
echo "content OK"
else
echo "result contents not OK, for drop.net"
echo "> cat logfiles"
cat outfile
cat unbound2.log
cat unbound.log
echo "result contents not OK, for drop.net"
exit 1
fi
# timeouts at the end. (so that the server is not marked as failed for
# the other tests).
echo "> query q1.drop.net."
echo "> query q2.drop.net."
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q1.drop.net. A IN >outfile1 2>&1 &
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q2.drop.net. A IN >outfile2 2>&1 &
wait
if test "$?" -ne 0; then
echo "exit status not OK"
echo "> cat logfiles"
cat outfile1
cat outfile2
cat unbound2.log
cat unbound.log
echo "Not OK"
exit 1
fi
cat outfile1
cat outfile2
if grep "rcode: SERVFAIL" outfile1; then
echo "content OK"
else
echo "result contents not OK, for q1.drop.net"
echo "> cat logfiles"
cat outfile1
cat outfile2
cat unbound2.log
cat unbound.log
echo "result contents not OK, for q1.drop.net"
exit 1
fi
if grep "rcode: SERVFAIL" outfile2; then
echo "content OK"
else
echo "result contents not OK, for q2.drop.net"
echo "> cat logfiles"
cat outfile1
cat outfile2
cat unbound2.log
cat unbound.log
echo "result contents not OK, for q2.drop.net"
exit 1
fi
echo "OK"
exit 0

39
testdata/tls_reuse.tdir/unbound_control.key vendored Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
-----END RSA PRIVATE KEY-----

22
testdata/tls_reuse.tdir/unbound_control.pem vendored Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
-----END CERTIFICATE-----

39
testdata/tls_reuse.tdir/unbound_server.key vendored Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
-----END RSA PRIVATE KEY-----

22
testdata/tls_reuse.tdir/unbound_server.pem vendored Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
-----END CERTIFICATE-----

26
util/config_file.c
View File

@ -170,7 +170,9 @@ config_create(void)
cfg->infra_cache_slabs = 4;
cfg->infra_cache_numhosts = 10000;
cfg->infra_cache_min_rtt = 50;
cfg->infra_keep_probing = 0;
cfg->delay_close = 0;
cfg->udp_connect = 1;
if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int))))
goto error_exit;
init_outgoing_availports(cfg->outgoing_avail_ports, 65536);
@ -321,8 +323,8 @@ config_create(void)
cfg->qname_minimisation_strict = 0;
cfg->shm_enable = 0;
cfg->shm_key = 11777;
cfg->edns_client_tags = NULL;
cfg->edns_client_tag_opcode = LDNS_EDNS_CLIENT_TAG;
cfg->edns_client_strings = NULL;
cfg->edns_client_string_opcode = 65001;
cfg->dnscrypt = 0;
cfg->dnscrypt_port = 0;
cfg->dnscrypt_provider = NULL;
@ -522,11 +524,12 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_STR("tls-ciphersuites:", tls_ciphersuites)
else S_YNO("tls-use-sni:", tls_use_sni)
else S_NUMBER_NONZERO("https-port:", https_port)
else S_STR("http-endpoint", http_endpoint)
else S_NUMBER_NONZERO("http-max-streams", http_max_streams)
else S_MEMSIZE("http-query-buffer-size", http_query_buffer_size)
else S_MEMSIZE("http-response-buffer-size", http_response_buffer_size)
else S_YNO("http-nodelay", http_nodelay)
else S_STR("http-endpoint:", http_endpoint)
else S_NUMBER_NONZERO("http-max-streams:", http_max_streams)
else S_MEMSIZE("http-query-buffer-size:", http_query_buffer_size)
else S_MEMSIZE("http-response-buffer-size:", http_response_buffer_size)
else S_YNO("http-nodelay:", http_nodelay)
else S_YNO("http-notls-downstream:", http_notls_downstream)
else S_YNO("interface-automatic:", if_automatic)
else S_YNO("use-systemd:", use_systemd)
else S_YNO("do-daemonize:", do_daemonize)
@ -562,10 +565,12 @@ int config_set_option(struct config_file* cfg, const char* opt,
IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val);
RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt;
}
else S_YNO("infra-keep-probing:", infra_keep_probing)
else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl)
else S_POW2("infra-cache-slabs:", infra_cache_slabs)
else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts)
else S_NUMBER_OR_ZERO("delay-close:", delay_close)
else S_YNO("udp-connect:", udp_connect)
else S_STR("chroot:", chrootdir)
else S_STR("username:", username)
else S_STR("directory:", directory)
@ -958,8 +963,10 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "infra-host-ttl", host_ttl)
else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs)
else O_DEC(opt, "infra-cache-min-rtt", infra_cache_min_rtt)
else O_YNO(opt, "infra-keep-probing", infra_keep_probing)
else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts)
else O_UNS(opt, "delay-close", delay_close)
else O_YNO(opt, "udp-connect", udp_connect)
else O_YNO(opt, "do-ip4", do_ip4)
else O_YNO(opt, "do-ip6", do_ip6)
else O_YNO(opt, "do-udp", do_udp)
@ -990,6 +997,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_MEM(opt, "http-query-buffer-size", http_query_buffer_size)
else O_MEM(opt, "http-response-buffer-size", http_response_buffer_size)
else O_YNO(opt, "http-nodelay", http_nodelay)
else O_YNO(opt, "http-notls-downstream", http_notls_downstream)
else O_YNO(opt, "use-systemd", use_systemd)
else O_YNO(opt, "do-daemonize", do_daemonize)
else O_STR(opt, "chroot", chrootdir)
@ -1150,7 +1158,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_LS3(opt, "access-control-tag-action", acl_tag_actions)
else O_LS3(opt, "access-control-tag-data", acl_tag_datas)
else O_LS2(opt, "access-control-view", acl_view)
else O_LS2(opt, "edns-client-tags", edns_client_tags)
else O_LS2(opt, "edns-client-strings", edns_client_strings)
#ifdef USE_IPSECMOD
else O_YNO(opt, "ipsecmod-enabled", ipsecmod_enabled)
else O_YNO(opt, "ipsecmod-ignore-bogus", ipsecmod_ignore_bogus)
@ -1519,7 +1527,7 @@ config_delete(struct config_file* cfg)
config_deldblstrlist(cfg->ratelimit_below_domain);
config_delstrlist(cfg->python_script);
config_delstrlist(cfg->dynlib_file);
config_deldblstrlist(cfg->edns_client_tags);
config_deldblstrlist(cfg->edns_client_strings);
#ifdef USE_IPSECMOD
free(cfg->ipsecmod_hook);
config_delstrlist(cfg->ipsecmod_whitelist);

14
util/config_file.h
View File

@ -143,6 +143,8 @@ struct config_file {
size_t http_response_buffer_size;
/** set TCP_NODELAY option for http sockets */
int http_nodelay;
/** Disable TLS for http sockets downstream */
int http_notls_downstream;
/** outgoing port range number of ports (per thread) */
int outgoing_num_ports;
@ -179,8 +181,12 @@ struct config_file {
size_t infra_cache_numhosts;
/** min value for infra cache rtt */
int infra_cache_min_rtt;
/** keep probing hosts that are down */
int infra_keep_probing;
/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */
int delay_close;
/** udp_connect enable uses UDP connect to mitigate ICMP side channel */
int udp_connect;
/** the target fetch policy for the iterator */
char* target_fetch_policy;
@ -562,10 +568,10 @@ struct config_file {
/** SHM data - key for the shm */
int shm_key;
/** list of EDNS client tag entries, linked list */
struct config_str2list* edns_client_tags;
/** EDNS opcode to use for EDNS client tags */
uint16_t edns_client_tag_opcode;
/** list of EDNS client string entries, linked list */
struct config_str2list* edns_client_strings;
/** EDNS opcode to use for EDNS client strings */
uint16_t edns_client_string_opcode;
/** DNSCrypt */
/** true to enable dnscrypt */

6346
util/configlexer.c
View File

File diff suppressed because it is too large Load Diff

7
util/configlexer.lex
View File

@ -262,6 +262,7 @@ http-max-streams{COLON} { YDVAR(1, VAR_HTTP_MAX_STREAMS) }
http-query-buffer-size{COLON} { YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) }
http-response-buffer-size{COLON} { YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) }
http-nodelay{COLON} { YDVAR(1, VAR_HTTP_NODELAY) }
http-notls-downstream{COLON} { YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) }
use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) }
do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) }
interface{COLON} { YDVAR(1, VAR_INTERFACE) }
@ -296,9 +297,11 @@ infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) }
infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }
infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }
infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) }
infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) }
num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) }
udp-connect{COLON} { YDVAR(1, VAR_UDP_CONNECT) }
target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) }
harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) }
harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) }
@ -526,8 +529,8 @@ name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) }
name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) }
udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) }
tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) }
edns-client-tag{COLON} { YDVAR(2, VAR_EDNS_CLIENT_TAG) }
edns-client-tag-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_TAG_OPCODE) }
edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) }
edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) }
<INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; }
/* Quoted strings. Strip leading and ending quotes */

3579
util/configparser.c
View File

File diff suppressed because it is too large Load Diff

616
util/configparser.h
View File

@ -194,158 +194,161 @@ extern int yydebug;
VAR_HTTP_QUERY_BUFFER_SIZE = 400,
VAR_HTTP_RESPONSE_BUFFER_SIZE = 401,
VAR_HTTP_NODELAY = 402,
VAR_STUB_FIRST = 403,
VAR_MINIMAL_RESPONSES = 404,
VAR_RRSET_ROUNDROBIN = 405,
VAR_MAX_UDP_SIZE = 406,
VAR_DELAY_CLOSE = 407,
VAR_UNBLOCK_LAN_ZONES = 408,
VAR_INSECURE_LAN_ZONES = 409,
VAR_INFRA_CACHE_MIN_RTT = 410,
VAR_DNS64_PREFIX = 411,
VAR_DNS64_SYNTHALL = 412,
VAR_DNS64_IGNORE_AAAA = 413,
VAR_DNSTAP = 414,
VAR_DNSTAP_ENABLE = 415,
VAR_DNSTAP_SOCKET_PATH = 416,
VAR_DNSTAP_IP = 417,
VAR_DNSTAP_TLS = 418,
VAR_DNSTAP_TLS_SERVER_NAME = 419,
VAR_DNSTAP_TLS_CERT_BUNDLE = 420,
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 421,
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 422,
VAR_DNSTAP_SEND_IDENTITY = 423,
VAR_DNSTAP_SEND_VERSION = 424,
VAR_DNSTAP_BIDIRECTIONAL = 425,
VAR_DNSTAP_IDENTITY = 426,
VAR_DNSTAP_VERSION = 427,
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 428,
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 429,
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 430,
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 431,
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 432,
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 433,
VAR_RESPONSE_IP_TAG = 434,
VAR_RESPONSE_IP = 435,
VAR_RESPONSE_IP_DATA = 436,
VAR_HARDEN_ALGO_DOWNGRADE = 437,
VAR_IP_TRANSPARENT = 438,
VAR_IP_DSCP = 439,
VAR_DISABLE_DNSSEC_LAME_CHECK = 440,
VAR_IP_RATELIMIT = 441,
VAR_IP_RATELIMIT_SLABS = 442,
VAR_IP_RATELIMIT_SIZE = 443,
VAR_RATELIMIT = 444,
VAR_RATELIMIT_SLABS = 445,
VAR_RATELIMIT_SIZE = 446,
VAR_RATELIMIT_FOR_DOMAIN = 447,
VAR_RATELIMIT_BELOW_DOMAIN = 448,
VAR_IP_RATELIMIT_FACTOR = 449,
VAR_RATELIMIT_FACTOR = 450,
VAR_SEND_CLIENT_SUBNET = 451,
VAR_CLIENT_SUBNET_ZONE = 452,
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 453,
VAR_CLIENT_SUBNET_OPCODE = 454,
VAR_MAX_CLIENT_SUBNET_IPV4 = 455,
VAR_MAX_CLIENT_SUBNET_IPV6 = 456,
VAR_MIN_CLIENT_SUBNET_IPV4 = 457,
VAR_MIN_CLIENT_SUBNET_IPV6 = 458,
VAR_MAX_ECS_TREE_SIZE_IPV4 = 459,
VAR_MAX_ECS_TREE_SIZE_IPV6 = 460,
VAR_CAPS_WHITELIST = 461,
VAR_CACHE_MAX_NEGATIVE_TTL = 462,
VAR_PERMIT_SMALL_HOLDDOWN = 463,
VAR_QNAME_MINIMISATION = 464,
VAR_QNAME_MINIMISATION_STRICT = 465,
VAR_IP_FREEBIND = 466,
VAR_DEFINE_TAG = 467,
VAR_LOCAL_ZONE_TAG = 468,
VAR_ACCESS_CONTROL_TAG = 469,
VAR_LOCAL_ZONE_OVERRIDE = 470,
VAR_ACCESS_CONTROL_TAG_ACTION = 471,
VAR_ACCESS_CONTROL_TAG_DATA = 472,
VAR_VIEW = 473,
VAR_ACCESS_CONTROL_VIEW = 474,
VAR_VIEW_FIRST = 475,
VAR_SERVE_EXPIRED = 476,
VAR_SERVE_EXPIRED_TTL = 477,
VAR_SERVE_EXPIRED_TTL_RESET = 478,
VAR_SERVE_EXPIRED_REPLY_TTL = 479,
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 480,
VAR_FAKE_DSA = 481,
VAR_FAKE_SHA1 = 482,
VAR_LOG_IDENTITY = 483,
VAR_HIDE_TRUSTANCHOR = 484,
VAR_TRUST_ANCHOR_SIGNALING = 485,
VAR_AGGRESSIVE_NSEC = 486,
VAR_USE_SYSTEMD = 487,
VAR_SHM_ENABLE = 488,
VAR_SHM_KEY = 489,
VAR_ROOT_KEY_SENTINEL = 490,
VAR_DNSCRYPT = 491,
VAR_DNSCRYPT_ENABLE = 492,
VAR_DNSCRYPT_PORT = 493,
VAR_DNSCRYPT_PROVIDER = 494,
VAR_DNSCRYPT_SECRET_KEY = 495,
VAR_DNSCRYPT_PROVIDER_CERT = 496,
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 497,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 498,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 499,
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 500,
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 501,
VAR_IPSECMOD_ENABLED = 502,
VAR_IPSECMOD_HOOK = 503,
VAR_IPSECMOD_IGNORE_BOGUS = 504,
VAR_IPSECMOD_MAX_TTL = 505,
VAR_IPSECMOD_WHITELIST = 506,
VAR_IPSECMOD_STRICT = 507,
VAR_CACHEDB = 508,
VAR_CACHEDB_BACKEND = 509,
VAR_CACHEDB_SECRETSEED = 510,
VAR_CACHEDB_REDISHOST = 511,
VAR_CACHEDB_REDISPORT = 512,
VAR_CACHEDB_REDISTIMEOUT = 513,
VAR_CACHEDB_REDISEXPIRERECORDS = 514,
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 515,
VAR_FOR_UPSTREAM = 516,
VAR_AUTH_ZONE = 517,
VAR_ZONEFILE = 518,
VAR_MASTER = 519,
VAR_URL = 520,
VAR_FOR_DOWNSTREAM = 521,
VAR_FALLBACK_ENABLED = 522,
VAR_TLS_ADDITIONAL_PORT = 523,
VAR_LOW_RTT = 524,
VAR_LOW_RTT_PERMIL = 525,
VAR_FAST_SERVER_PERMIL = 526,
VAR_FAST_SERVER_NUM = 527,
VAR_ALLOW_NOTIFY = 528,
VAR_TLS_WIN_CERT = 529,
VAR_TCP_CONNECTION_LIMIT = 530,
VAR_FORWARD_NO_CACHE = 531,
VAR_STUB_NO_CACHE = 532,
VAR_LOG_SERVFAIL = 533,
VAR_DENY_ANY = 534,
VAR_UNKNOWN_SERVER_TIME_LIMIT = 535,
VAR_LOG_TAG_QUERYREPLY = 536,
VAR_STREAM_WAIT_SIZE = 537,
VAR_TLS_CIPHERS = 538,
VAR_TLS_CIPHERSUITES = 539,
VAR_TLS_USE_SNI = 540,
VAR_IPSET = 541,
VAR_IPSET_NAME_V4 = 542,
VAR_IPSET_NAME_V6 = 543,
VAR_TLS_SESSION_TICKET_KEYS = 544,
VAR_RPZ = 545,
VAR_TAGS = 546,
VAR_RPZ_ACTION_OVERRIDE = 547,
VAR_RPZ_CNAME_OVERRIDE = 548,
VAR_RPZ_LOG = 549,
VAR_RPZ_LOG_NAME = 550,
VAR_DYNLIB = 551,
VAR_DYNLIB_FILE = 552,
VAR_EDNS_CLIENT_TAG = 553,
VAR_EDNS_CLIENT_TAG_OPCODE = 554
VAR_HTTP_NOTLS_DOWNSTREAM = 403,
VAR_STUB_FIRST = 404,
VAR_MINIMAL_RESPONSES = 405,
VAR_RRSET_ROUNDROBIN = 406,
VAR_MAX_UDP_SIZE = 407,
VAR_DELAY_CLOSE = 408,
VAR_UDP_CONNECT = 409,
VAR_UNBLOCK_LAN_ZONES = 410,
VAR_INSECURE_LAN_ZONES = 411,
VAR_INFRA_CACHE_MIN_RTT = 412,
VAR_INFRA_KEEP_PROBING = 413,
VAR_DNS64_PREFIX = 414,
VAR_DNS64_SYNTHALL = 415,
VAR_DNS64_IGNORE_AAAA = 416,
VAR_DNSTAP = 417,
VAR_DNSTAP_ENABLE = 418,
VAR_DNSTAP_SOCKET_PATH = 419,
VAR_DNSTAP_IP = 420,
VAR_DNSTAP_TLS = 421,
VAR_DNSTAP_TLS_SERVER_NAME = 422,
VAR_DNSTAP_TLS_CERT_BUNDLE = 423,
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424,
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425,
VAR_DNSTAP_SEND_IDENTITY = 426,
VAR_DNSTAP_SEND_VERSION = 427,
VAR_DNSTAP_BIDIRECTIONAL = 428,
VAR_DNSTAP_IDENTITY = 429,
VAR_DNSTAP_VERSION = 430,
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431,
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432,
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433,
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434,
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435,
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436,
VAR_RESPONSE_IP_TAG = 437,
VAR_RESPONSE_IP = 438,
VAR_RESPONSE_IP_DATA = 439,
VAR_HARDEN_ALGO_DOWNGRADE = 440,
VAR_IP_TRANSPARENT = 441,
VAR_IP_DSCP = 442,
VAR_DISABLE_DNSSEC_LAME_CHECK = 443,
VAR_IP_RATELIMIT = 444,
VAR_IP_RATELIMIT_SLABS = 445,
VAR_IP_RATELIMIT_SIZE = 446,
VAR_RATELIMIT = 447,
VAR_RATELIMIT_SLABS = 448,
VAR_RATELIMIT_SIZE = 449,
VAR_RATELIMIT_FOR_DOMAIN = 450,
VAR_RATELIMIT_BELOW_DOMAIN = 451,
VAR_IP_RATELIMIT_FACTOR = 452,
VAR_RATELIMIT_FACTOR = 453,
VAR_SEND_CLIENT_SUBNET = 454,
VAR_CLIENT_SUBNET_ZONE = 455,
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456,
VAR_CLIENT_SUBNET_OPCODE = 457,
VAR_MAX_CLIENT_SUBNET_IPV4 = 458,
VAR_MAX_CLIENT_SUBNET_IPV6 = 459,
VAR_MIN_CLIENT_SUBNET_IPV4 = 460,
VAR_MIN_CLIENT_SUBNET_IPV6 = 461,
VAR_MAX_ECS_TREE_SIZE_IPV4 = 462,
VAR_MAX_ECS_TREE_SIZE_IPV6 = 463,
VAR_CAPS_WHITELIST = 464,
VAR_CACHE_MAX_NEGATIVE_TTL = 465,
VAR_PERMIT_SMALL_HOLDDOWN = 466,
VAR_QNAME_MINIMISATION = 467,
VAR_QNAME_MINIMISATION_STRICT = 468,
VAR_IP_FREEBIND = 469,
VAR_DEFINE_TAG = 470,
VAR_LOCAL_ZONE_TAG = 471,
VAR_ACCESS_CONTROL_TAG = 472,
VAR_LOCAL_ZONE_OVERRIDE = 473,
VAR_ACCESS_CONTROL_TAG_ACTION = 474,
VAR_ACCESS_CONTROL_TAG_DATA = 475,
VAR_VIEW = 476,
VAR_ACCESS_CONTROL_VIEW = 477,
VAR_VIEW_FIRST = 478,
VAR_SERVE_EXPIRED = 479,
VAR_SERVE_EXPIRED_TTL = 480,
VAR_SERVE_EXPIRED_TTL_RESET = 481,
VAR_SERVE_EXPIRED_REPLY_TTL = 482,
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483,
VAR_FAKE_DSA = 484,
VAR_FAKE_SHA1 = 485,
VAR_LOG_IDENTITY = 486,
VAR_HIDE_TRUSTANCHOR = 487,
VAR_TRUST_ANCHOR_SIGNALING = 488,
VAR_AGGRESSIVE_NSEC = 489,
VAR_USE_SYSTEMD = 490,
VAR_SHM_ENABLE = 491,
VAR_SHM_KEY = 492,
VAR_ROOT_KEY_SENTINEL = 493,
VAR_DNSCRYPT = 494,
VAR_DNSCRYPT_ENABLE = 495,
VAR_DNSCRYPT_PORT = 496,
VAR_DNSCRYPT_PROVIDER = 497,
VAR_DNSCRYPT_SECRET_KEY = 498,
VAR_DNSCRYPT_PROVIDER_CERT = 499,
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 500,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 501,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 502,
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 503,
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 504,
VAR_IPSECMOD_ENABLED = 505,
VAR_IPSECMOD_HOOK = 506,
VAR_IPSECMOD_IGNORE_BOGUS = 507,
VAR_IPSECMOD_MAX_TTL = 508,
VAR_IPSECMOD_WHITELIST = 509,
VAR_IPSECMOD_STRICT = 510,
VAR_CACHEDB = 511,
VAR_CACHEDB_BACKEND = 512,
VAR_CACHEDB_SECRETSEED = 513,
VAR_CACHEDB_REDISHOST = 514,
VAR_CACHEDB_REDISPORT = 515,
VAR_CACHEDB_REDISTIMEOUT = 516,
VAR_CACHEDB_REDISEXPIRERECORDS = 517,
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 518,
VAR_FOR_UPSTREAM = 519,
VAR_AUTH_ZONE = 520,
VAR_ZONEFILE = 521,
VAR_MASTER = 522,
VAR_URL = 523,
VAR_FOR_DOWNSTREAM = 524,
VAR_FALLBACK_ENABLED = 525,
VAR_TLS_ADDITIONAL_PORT = 526,
VAR_LOW_RTT = 527,
VAR_LOW_RTT_PERMIL = 528,
VAR_FAST_SERVER_PERMIL = 529,
VAR_FAST_SERVER_NUM = 530,
VAR_ALLOW_NOTIFY = 531,
VAR_TLS_WIN_CERT = 532,
VAR_TCP_CONNECTION_LIMIT = 533,
VAR_FORWARD_NO_CACHE = 534,
VAR_STUB_NO_CACHE = 535,
VAR_LOG_SERVFAIL = 536,
VAR_DENY_ANY = 537,
VAR_UNKNOWN_SERVER_TIME_LIMIT = 538,
VAR_LOG_TAG_QUERYREPLY = 539,
VAR_STREAM_WAIT_SIZE = 540,
VAR_TLS_CIPHERS = 541,
VAR_TLS_CIPHERSUITES = 542,
VAR_TLS_USE_SNI = 543,
VAR_IPSET = 544,
VAR_IPSET_NAME_V4 = 545,
VAR_IPSET_NAME_V6 = 546,
VAR_TLS_SESSION_TICKET_KEYS = 547,
VAR_RPZ = 548,
VAR_TAGS = 549,
VAR_RPZ_ACTION_OVERRIDE = 550,
VAR_RPZ_CNAME_OVERRIDE = 551,
VAR_RPZ_LOG = 552,
VAR_RPZ_LOG_NAME = 553,
VAR_DYNLIB = 554,
VAR_DYNLIB_FILE = 555,
VAR_EDNS_CLIENT_STRING = 556,
VAR_EDNS_CLIENT_STRING_OPCODE = 557
};
#endif
/* Tokens. */
@ -494,158 +497,161 @@ extern int yydebug;
#define VAR_HTTP_QUERY_BUFFER_SIZE 400
#define VAR_HTTP_RESPONSE_BUFFER_SIZE 401
#define VAR_HTTP_NODELAY 402
#define VAR_STUB_FIRST 403
#define VAR_MINIMAL_RESPONSES 404
#define VAR_RRSET_ROUNDROBIN 405
#define VAR_MAX_UDP_SIZE 406
#define VAR_DELAY_CLOSE 407
#define VAR_UNBLOCK_LAN_ZONES 408
#define VAR_INSECURE_LAN_ZONES 409
#define VAR_INFRA_CACHE_MIN_RTT 410
#define VAR_DNS64_PREFIX 411
#define VAR_DNS64_SYNTHALL 412
#define VAR_DNS64_IGNORE_AAAA 413
#define VAR_DNSTAP 414
#define VAR_DNSTAP_ENABLE 415
#define VAR_DNSTAP_SOCKET_PATH 416
#define VAR_DNSTAP_IP 417
#define VAR_DNSTAP_TLS 418
#define VAR_DNSTAP_TLS_SERVER_NAME 419
#define VAR_DNSTAP_TLS_CERT_BUNDLE 420
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 421
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 422
#define VAR_DNSTAP_SEND_IDENTITY 423
#define VAR_DNSTAP_SEND_VERSION 424
#define VAR_DNSTAP_BIDIRECTIONAL 425
#define VAR_DNSTAP_IDENTITY 426
#define VAR_DNSTAP_VERSION 427
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 428
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 429
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 430
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 431
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 432
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 433
#define VAR_RESPONSE_IP_TAG 434
#define VAR_RESPONSE_IP 435
#define VAR_RESPONSE_IP_DATA 436
#define VAR_HARDEN_ALGO_DOWNGRADE 437
#define VAR_IP_TRANSPARENT 438
#define VAR_IP_DSCP 439
#define VAR_DISABLE_DNSSEC_LAME_CHECK 440
#define VAR_IP_RATELIMIT 441
#define VAR_IP_RATELIMIT_SLABS 442
#define VAR_IP_RATELIMIT_SIZE 443
#define VAR_RATELIMIT 444
#define VAR_RATELIMIT_SLABS 445
#define VAR_RATELIMIT_SIZE 446
#define VAR_RATELIMIT_FOR_DOMAIN 447
#define VAR_RATELIMIT_BELOW_DOMAIN 448
#define VAR_IP_RATELIMIT_FACTOR 449
#define VAR_RATELIMIT_FACTOR 450
#define VAR_SEND_CLIENT_SUBNET 451
#define VAR_CLIENT_SUBNET_ZONE 452
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 453
#define VAR_CLIENT_SUBNET_OPCODE 454
#define VAR_MAX_CLIENT_SUBNET_IPV4 455
#define VAR_MAX_CLIENT_SUBNET_IPV6 456
#define VAR_MIN_CLIENT_SUBNET_IPV4 457
#define VAR_MIN_CLIENT_SUBNET_IPV6 458
#define VAR_MAX_ECS_TREE_SIZE_IPV4 459
#define VAR_MAX_ECS_TREE_SIZE_IPV6 460
#define VAR_CAPS_WHITELIST 461
#define VAR_CACHE_MAX_NEGATIVE_TTL 462
#define VAR_PERMIT_SMALL_HOLDDOWN 463
#define VAR_QNAME_MINIMISATION 464
#define VAR_QNAME_MINIMISATION_STRICT 465
#define VAR_IP_FREEBIND 466
#define VAR_DEFINE_TAG 467
#define VAR_LOCAL_ZONE_TAG 468
#define VAR_ACCESS_CONTROL_TAG 469
#define VAR_LOCAL_ZONE_OVERRIDE 470
#define VAR_ACCESS_CONTROL_TAG_ACTION 471
#define VAR_ACCESS_CONTROL_TAG_DATA 472
#define VAR_VIEW 473
#define VAR_ACCESS_CONTROL_VIEW 474
#define VAR_VIEW_FIRST 475
#define VAR_SERVE_EXPIRED 476
#define VAR_SERVE_EXPIRED_TTL 477
#define VAR_SERVE_EXPIRED_TTL_RESET 478
#define VAR_SERVE_EXPIRED_REPLY_TTL 479
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 480
#define VAR_FAKE_DSA 481
#define VAR_FAKE_SHA1 482
#define VAR_LOG_IDENTITY 483
#define VAR_HIDE_TRUSTANCHOR 484
#define VAR_TRUST_ANCHOR_SIGNALING 485
#define VAR_AGGRESSIVE_NSEC 486
#define VAR_USE_SYSTEMD 487
#define VAR_SHM_ENABLE 488
#define VAR_SHM_KEY 489
#define VAR_ROOT_KEY_SENTINEL 490
#define VAR_DNSCRYPT 491
#define VAR_DNSCRYPT_ENABLE 492
#define VAR_DNSCRYPT_PORT 493
#define VAR_DNSCRYPT_PROVIDER 494
#define VAR_DNSCRYPT_SECRET_KEY 495
#define VAR_DNSCRYPT_PROVIDER_CERT 496
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 497
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 498
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 499
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 500
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 501
#define VAR_IPSECMOD_ENABLED 502
#define VAR_IPSECMOD_HOOK 503
#define VAR_IPSECMOD_IGNORE_BOGUS 504
#define VAR_IPSECMOD_MAX_TTL 505
#define VAR_IPSECMOD_WHITELIST 506
#define VAR_IPSECMOD_STRICT 507
#define VAR_CACHEDB 508
#define VAR_CACHEDB_BACKEND 509
#define VAR_CACHEDB_SECRETSEED 510
#define VAR_CACHEDB_REDISHOST 511
#define VAR_CACHEDB_REDISPORT 512
#define VAR_CACHEDB_REDISTIMEOUT 513
#define VAR_CACHEDB_REDISEXPIRERECORDS 514
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 515
#define VAR_FOR_UPSTREAM 516
#define VAR_AUTH_ZONE 517
#define VAR_ZONEFILE 518
#define VAR_MASTER 519
#define VAR_URL 520
#define VAR_FOR_DOWNSTREAM 521
#define VAR_FALLBACK_ENABLED 522
#define VAR_TLS_ADDITIONAL_PORT 523
#define VAR_LOW_RTT 524
#define VAR_LOW_RTT_PERMIL 525
#define VAR_FAST_SERVER_PERMIL 526
#define VAR_FAST_SERVER_NUM 527
#define VAR_ALLOW_NOTIFY 528
#define VAR_TLS_WIN_CERT 529
#define VAR_TCP_CONNECTION_LIMIT 530
#define VAR_FORWARD_NO_CACHE 531
#define VAR_STUB_NO_CACHE 532
#define VAR_LOG_SERVFAIL 533
#define VAR_DENY_ANY 534
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 535
#define VAR_LOG_TAG_QUERYREPLY 536
#define VAR_STREAM_WAIT_SIZE 537
#define VAR_TLS_CIPHERS 538
#define VAR_TLS_CIPHERSUITES 539
#define VAR_TLS_USE_SNI 540
#define VAR_IPSET 541
#define VAR_IPSET_NAME_V4 542
#define VAR_IPSET_NAME_V6 543
#define VAR_TLS_SESSION_TICKET_KEYS 544
#define VAR_RPZ 545
#define VAR_TAGS 546
#define VAR_RPZ_ACTION_OVERRIDE 547
#define VAR_RPZ_CNAME_OVERRIDE 548
#define VAR_RPZ_LOG 549
#define VAR_RPZ_LOG_NAME 550
#define VAR_DYNLIB 551
#define VAR_DYNLIB_FILE 552
#define VAR_EDNS_CLIENT_TAG 553
#define VAR_EDNS_CLIENT_TAG_OPCODE 554
#define VAR_HTTP_NOTLS_DOWNSTREAM 403
#define VAR_STUB_FIRST 404
#define VAR_MINIMAL_RESPONSES 405
#define VAR_RRSET_ROUNDROBIN 406
#define VAR_MAX_UDP_SIZE 407
#define VAR_DELAY_CLOSE 408
#define VAR_UDP_CONNECT 409
#define VAR_UNBLOCK_LAN_ZONES 410
#define VAR_INSECURE_LAN_ZONES 411
#define VAR_INFRA_CACHE_MIN_RTT 412
#define VAR_INFRA_KEEP_PROBING 413
#define VAR_DNS64_PREFIX 414
#define VAR_DNS64_SYNTHALL 415
#define VAR_DNS64_IGNORE_AAAA 416
#define VAR_DNSTAP 417
#define VAR_DNSTAP_ENABLE 418
#define VAR_DNSTAP_SOCKET_PATH 419
#define VAR_DNSTAP_IP 420
#define VAR_DNSTAP_TLS 421
#define VAR_DNSTAP_TLS_SERVER_NAME 422
#define VAR_DNSTAP_TLS_CERT_BUNDLE 423
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425
#define VAR_DNSTAP_SEND_IDENTITY 426
#define VAR_DNSTAP_SEND_VERSION 427
#define VAR_DNSTAP_BIDIRECTIONAL 428
#define VAR_DNSTAP_IDENTITY 429
#define VAR_DNSTAP_VERSION 430
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436
#define VAR_RESPONSE_IP_TAG 437
#define VAR_RESPONSE_IP 438
#define VAR_RESPONSE_IP_DATA 439
#define VAR_HARDEN_ALGO_DOWNGRADE 440
#define VAR_IP_TRANSPARENT 441
#define VAR_IP_DSCP 442
#define VAR_DISABLE_DNSSEC_LAME_CHECK 443
#define VAR_IP_RATELIMIT 444
#define VAR_IP_RATELIMIT_SLABS 445
#define VAR_IP_RATELIMIT_SIZE 446
#define VAR_RATELIMIT 447
#define VAR_RATELIMIT_SLABS 448
#define VAR_RATELIMIT_SIZE 449
#define VAR_RATELIMIT_FOR_DOMAIN 450
#define VAR_RATELIMIT_BELOW_DOMAIN 451
#define VAR_IP_RATELIMIT_FACTOR 452
#define VAR_RATELIMIT_FACTOR 453
#define VAR_SEND_CLIENT_SUBNET 454
#define VAR_CLIENT_SUBNET_ZONE 455
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456
#define VAR_CLIENT_SUBNET_OPCODE 457
#define VAR_MAX_CLIENT_SUBNET_IPV4 458
#define VAR_MAX_CLIENT_SUBNET_IPV6 459
#define VAR_MIN_CLIENT_SUBNET_IPV4 460
#define VAR_MIN_CLIENT_SUBNET_IPV6 461
#define VAR_MAX_ECS_TREE_SIZE_IPV4 462
#define VAR_MAX_ECS_TREE_SIZE_IPV6 463
#define VAR_CAPS_WHITELIST 464
#define VAR_CACHE_MAX_NEGATIVE_TTL 465
#define VAR_PERMIT_SMALL_HOLDDOWN 466
#define VAR_QNAME_MINIMISATION 467
#define VAR_QNAME_MINIMISATION_STRICT 468
#define VAR_IP_FREEBIND 469
#define VAR_DEFINE_TAG 470
#define VAR_LOCAL_ZONE_TAG 471
#define VAR_ACCESS_CONTROL_TAG 472
#define VAR_LOCAL_ZONE_OVERRIDE 473
#define VAR_ACCESS_CONTROL_TAG_ACTION 474
#define VAR_ACCESS_CONTROL_TAG_DATA 475
#define VAR_VIEW 476
#define VAR_ACCESS_CONTROL_VIEW 477
#define VAR_VIEW_FIRST 478
#define VAR_SERVE_EXPIRED 479
#define VAR_SERVE_EXPIRED_TTL 480
#define VAR_SERVE_EXPIRED_TTL_RESET 481
#define VAR_SERVE_EXPIRED_REPLY_TTL 482
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483
#define VAR_FAKE_DSA 484
#define VAR_FAKE_SHA1 485
#define VAR_LOG_IDENTITY 486
#define VAR_HIDE_TRUSTANCHOR 487
#define VAR_TRUST_ANCHOR_SIGNALING 488
#define VAR_AGGRESSIVE_NSEC 489
#define VAR_USE_SYSTEMD 490
#define VAR_SHM_ENABLE 491
#define VAR_SHM_KEY 492
#define VAR_ROOT_KEY_SENTINEL 493
#define VAR_DNSCRYPT 494
#define VAR_DNSCRYPT_ENABLE 495
#define VAR_DNSCRYPT_PORT 496
#define VAR_DNSCRYPT_PROVIDER 497
#define VAR_DNSCRYPT_SECRET_KEY 498
#define VAR_DNSCRYPT_PROVIDER_CERT 499
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 500
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 501
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 502
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 503
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 504
#define VAR_IPSECMOD_ENABLED 505
#define VAR_IPSECMOD_HOOK 506
#define VAR_IPSECMOD_IGNORE_BOGUS 507
#define VAR_IPSECMOD_MAX_TTL 508
#define VAR_IPSECMOD_WHITELIST 509
#define VAR_IPSECMOD_STRICT 510
#define VAR_CACHEDB 511
#define VAR_CACHEDB_BACKEND 512
#define VAR_CACHEDB_SECRETSEED 513
#define VAR_CACHEDB_REDISHOST 514
#define VAR_CACHEDB_REDISPORT 515
#define VAR_CACHEDB_REDISTIMEOUT 516
#define VAR_CACHEDB_REDISEXPIRERECORDS 517
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 518
#define VAR_FOR_UPSTREAM 519
#define VAR_AUTH_ZONE 520
#define VAR_ZONEFILE 521
#define VAR_MASTER 522
#define VAR_URL 523
#define VAR_FOR_DOWNSTREAM 524
#define VAR_FALLBACK_ENABLED 525
#define VAR_TLS_ADDITIONAL_PORT 526
#define VAR_LOW_RTT 527
#define VAR_LOW_RTT_PERMIL 528
#define VAR_FAST_SERVER_PERMIL 529
#define VAR_FAST_SERVER_NUM 530
#define VAR_ALLOW_NOTIFY 531
#define VAR_TLS_WIN_CERT 532
#define VAR_TCP_CONNECTION_LIMIT 533
#define VAR_FORWARD_NO_CACHE 534
#define VAR_STUB_NO_CACHE 535
#define VAR_LOG_SERVFAIL 536
#define VAR_DENY_ANY 537
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 538
#define VAR_LOG_TAG_QUERYREPLY 539
#define VAR_STREAM_WAIT_SIZE 540
#define VAR_TLS_CIPHERS 541
#define VAR_TLS_CIPHERSUITES 542
#define VAR_TLS_USE_SNI 543
#define VAR_IPSET 544
#define VAR_IPSET_NAME_V4 545
#define VAR_IPSET_NAME_V6 546
#define VAR_TLS_SESSION_TICKET_KEYS 547
#define VAR_RPZ 548
#define VAR_TAGS 549
#define VAR_RPZ_ACTION_OVERRIDE 550
#define VAR_RPZ_CNAME_OVERRIDE 551
#define VAR_RPZ_LOG 552
#define VAR_RPZ_LOG_NAME 553
#define VAR_DYNLIB 554
#define VAR_DYNLIB_FILE 555
#define VAR_EDNS_CLIENT_STRING 556
#define VAR_EDNS_CLIENT_STRING_OPCODE 557
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -655,7 +661,7 @@ union YYSTYPE
char* str;
#line 659 "util/configparser.h"
#line 665 "util/configparser.h"
};
typedef union YYSTYPE YYSTYPE;

68
util/configparser.y
View File

@ -114,11 +114,11 @@ extern struct config_parser_state* cfg_parser;
%token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
%token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
%token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
%token VAR_HTTP_NODELAY
%token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
%token VAR_INFRA_CACHE_MIN_RTT
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
%token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
@ -178,7 +178,8 @@ extern struct config_parser_state* cfg_parser;
%token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
%token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
%token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_TAG VAR_EDNS_CLIENT_TAG_OPCODE
%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
%token VAR_EDNS_CLIENT_STRING_OPCODE
%%
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@ -249,14 +250,14 @@ content_server: server_num_threads | server_verbosity | server_port |
server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
server_https_port | server_http_endpoint | server_http_max_streams |
server_http_query_buffer_size | server_http_response_buffer_size |
server_http_nodelay |
server_http_nodelay | server_http_notls_downstream |
server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
server_so_reuseport | server_delay_close |
server_so_reuseport | server_delay_close | server_udp_connect |
server_unblock_lan_zones | server_insecure_lan_zones |
server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
server_infra_cache_min_rtt | server_harden_algo_downgrade |
server_ip_transparent | server_ip_ratelimit | server_ratelimit |
server_ip_dscp |
server_ip_dscp | server_infra_keep_probing |
server_ip_ratelimit_slabs | server_ratelimit_slabs |
server_ip_ratelimit_size | server_ratelimit_size |
server_ratelimit_for_domain |
@ -291,8 +292,8 @@ content_server: server_num_threads | server_verbosity | server_port |
server_unknown_server_time_limit | server_log_tag_queryreply |
server_stream_wait_size | server_tls_ciphers |
server_tls_ciphersuites | server_tls_session_ticket_keys |
server_tls_use_sni | server_edns_client_tag |
server_edns_client_tag_opcode
server_tls_use_sni | server_edns_client_string |
server_edns_client_string_opcode
;
stubstart: VAR_STUB_ZONE
{
@ -982,6 +983,7 @@ server_https_port: VAR_HTTPS_PORT STRING_ARG
if(atoi($2) == 0)
yyerror("port number expected");
else cfg_parser->cfg->https_port = atoi($2);
free($2);
};
server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
{
@ -1030,6 +1032,14 @@ server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
yyerror("expected yes or no.");
else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
free($2);
}
server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
{
OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
free($2);
};
server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
{
@ -1434,6 +1444,15 @@ server_delay_close: VAR_DELAY_CLOSE STRING_ARG
free($2);
}
;
server_udp_connect: VAR_UDP_CONNECT STRING_ARG
{
OUTYY(("P(server_udp_connect:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
free($2);
}
;
server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
{
OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
@ -1531,6 +1550,16 @@ server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
free($2);
}
;
server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
{
OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->infra_keep_probing =
(strcmp($2, "yes")==0);
free($2);
}
;
server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
{
OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
@ -2465,29 +2494,24 @@ server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
#endif
}
;
server_edns_client_tag: VAR_EDNS_CLIENT_TAG STRING_ARG STRING_ARG
server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
{
int tag_data;
OUTYY(("P(server_edns_client_tag:%s %s)\n", $2, $3));
tag_data = atoi($3);
if(tag_data > 65535 || tag_data < 0 ||
(tag_data == 0 && (strlen($3) != 1 || $3[0] != '0')))
yyerror("edns-client-tag data invalid, needs to be a "
"number from 0 to 65535");
OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
if(!cfg_str2list_insert(
&cfg_parser->cfg->edns_client_tags, $2, $3))
&cfg_parser->cfg->edns_client_strings, $2, $3))
fatal_exit("out of memory adding "
"edns-client-tag");
"edns-client-string");
}
;
server_edns_client_tag_opcode: VAR_EDNS_CLIENT_TAG_OPCODE STRING_ARG
server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
{
OUTYY(("P(edns_client_tag_opcode:%s)\n", $2));
OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
if(atoi($2) == 0 && strcmp($2, "0") != 0)
yyerror("option code expected");
else if(atoi($2) > 65535 || atoi($2) < 0)
yyerror("option code must be in interval [0, 65535]");
else cfg_parser->cfg->edns_client_tag_opcode = atoi($2);
else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
free($2);
}
;

3
util/data/msgencode.c
View File

@ -624,6 +624,9 @@ positive_answer(struct reply_info* rep, uint16_t qtype) {
for(i=0;i<rep->an_numrrsets; i++) {
if(ntohs(rep->rrsets[i]->rk.type) == qtype) {
/* for priming queries, type NS, include addresses */
if(qtype == LDNS_RR_TYPE_NS)
return 0;
/* in case it is a wildcard with DNSSEC, there will
* be NSEC/NSEC3 records in the authority section
* that we cannot remove */

2
util/data/msgreply.h
View File

@ -552,7 +552,7 @@ struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code);
* @param rep: Reply info. Could be NULL.
* @param rcode: return code.
* @param edns: edns data of the reply.
* @param repinfo: comm_reply. NULL.
* @param repinfo: comm_reply. Reply information for a communication point.
* @param region: region to store data.
* @return false on failure (a callback function returned an error).
*/

73
util/edns.c
View File

@ -48,81 +48,84 @@
#include "util/data/msgparse.h"
#include "util/data/msgreply.h"
struct edns_tags* edns_tags_create(void)
struct edns_strings* edns_strings_create(void)
{
struct edns_tags* edns_tags = calloc(1, sizeof(struct edns_tags));
if(!edns_tags)
struct edns_strings* edns_strings = calloc(1,
sizeof(struct edns_strings));
if(!edns_strings)
return NULL;
if(!(edns_tags->region = regional_create())) {
edns_tags_delete(edns_tags);
if(!(edns_strings->region = regional_create())) {
edns_strings_delete(edns_strings);
return NULL;
}
return edns_tags;
return edns_strings;
}
void edns_tags_delete(struct edns_tags* edns_tags)
void edns_strings_delete(struct edns_strings* edns_strings)
{
if(!edns_tags)
if(!edns_strings)
return;
regional_destroy(edns_tags->region);
free(edns_tags);
regional_destroy(edns_strings->region);
free(edns_strings);
}
static int
edns_tags_client_insert(struct edns_tags* edns_tags,
edns_strings_client_insert(struct edns_strings* edns_strings,
struct sockaddr_storage* addr, socklen_t addrlen, int net,
uint16_t tag_data)
const char* string)
{
struct edns_tag_addr* eta = regional_alloc_zero(edns_tags->region,
sizeof(struct edns_tag_addr));
if(!eta)
struct edns_string_addr* esa = regional_alloc_zero(edns_strings->region,
sizeof(struct edns_string_addr));
if(!esa)
return 0;
eta->tag_data = tag_data;
if(!addr_tree_insert(&edns_tags->client_tags, &eta->node, addr, addrlen,
net)) {
verbose(VERB_QUERY, "duplicate EDNS client tag ignored.");
esa->string_len = strlen(string);
esa->string = regional_alloc_init(edns_strings->region, string,
esa->string_len);
if(!esa->string)
return 0;
if(!addr_tree_insert(&edns_strings->client_strings, &esa->node, addr,
addrlen, net)) {
verbose(VERB_QUERY, "duplicate EDNS client string ignored.");
}
return 1;
}
int edns_tags_apply_cfg(struct edns_tags* edns_tags,
int edns_strings_apply_cfg(struct edns_strings* edns_strings,
struct config_file* config)
{
struct config_str2list* c;
regional_free_all(edns_tags->region);
addr_tree_init(&edns_tags->client_tags);
regional_free_all(edns_strings->region);
addr_tree_init(&edns_strings->client_strings);
for(c=config->edns_client_tags; c; c=c->next) {
for(c=config->edns_client_strings; c; c=c->next) {
struct sockaddr_storage addr;
socklen_t addrlen;
int net;
uint16_t tag_data;
log_assert(c->str && c->str2);
if(!netblockstrtoaddr(c->str, UNBOUND_DNS_PORT, &addr, &addrlen,
&net)) {
log_err("cannot parse EDNS client tag IP netblock: %s",
c->str);
log_err("cannot parse EDNS client string IP netblock: "
"%s", c->str);
return 0;
}
tag_data = atoi(c->str2); /* validated in config parser */
if(!edns_tags_client_insert(edns_tags, &addr, addrlen, net,
tag_data)) {
log_err("out of memory while adding EDNS tags");
if(!edns_strings_client_insert(edns_strings, &addr, addrlen,
net, c->str2)) {
log_err("out of memory while adding EDNS strings");
return 0;
}
}
edns_tags->client_tag_opcode = config->edns_client_tag_opcode;
edns_strings->client_string_opcode = config->edns_client_string_opcode;
addr_tree_init_parents(&edns_tags->client_tags);
addr_tree_init_parents(&edns_strings->client_strings);
return 1;
}
struct edns_tag_addr*
edns_tag_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
struct edns_string_addr*
edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
socklen_t addrlen)
{
return (struct edns_tag_addr*)addr_tree_lookup(tree, addr, addrlen);
return (struct edns_string_addr*)addr_tree_lookup(tree, addr, addrlen);
}
static int edns_keepalive(struct edns_data* edns_out, struct edns_data* edns_in,

52
util/edns.h
View File

@ -50,58 +50,60 @@ struct comm_point;
struct regional;
/**
* Structure containing all EDNS tags.
* Structure containing all EDNS strings.
*/
struct edns_tags {
/** Tree of EDNS client tags to use in upstream queries, per address
* prefix. Contains nodes of type edns_tag_addr. */
rbtree_type client_tags;
/** EDNS opcode to use for client tags */
uint16_t client_tag_opcode;
struct edns_strings {
/** Tree of EDNS client strings to use in upstream queries, per address
* prefix. Contains nodes of type edns_string_addr. */
rbtree_type client_strings;
/** EDNS opcode to use for client strings */
uint16_t client_string_opcode;
/** region to allocate tree nodes in */
struct regional* region;
};
/**
* EDNS tag. Node of rbtree, containing tag and prefix.
* EDNS string. Node of rbtree, containing string and prefix.
*/
struct edns_tag_addr {
struct edns_string_addr {
/** node in address tree, used for tree lookups. Need to be the first
* member of this struct. */
struct addr_tree_node node;
/** tag data, in host byte ordering */
uint16_t tag_data;
/** string, ascii format */
uint8_t* string;
/** length of string */
size_t string_len;
};
/**
* Create structure to hold EDNS tags
* @return: newly created edns_tags, NULL on alloc failure.
* Create structure to hold EDNS strings
* @return: newly created edns_strings, NULL on alloc failure.
*/
struct edns_tags* edns_tags_create(void);
struct edns_strings* edns_strings_create(void);
/** Delete EDNS tags structure
* @param edns_tags: struct to delete
/** Delete EDNS strings structure
* @param edns_strings: struct to delete
*/
void edns_tags_delete(struct edns_tags* edns_tags);
void edns_strings_delete(struct edns_strings* edns_strings);
/**
* Add configured EDNS tags
* @param edns_tags: edns tags to apply config to
* @param config: struct containing EDNS tags configuration
* Add configured EDNS strings
* @param edns_strings: edns strings to apply config to
* @param config: struct containing EDNS strings configuration
* @return 0 on error
*/
int edns_tags_apply_cfg(struct edns_tags* edns_tags,
int edns_strings_apply_cfg(struct edns_strings* edns_strings,
struct config_file* config);
/**
* Find tag for address.
* @param tree: tree containing EDNS tags per address prefix.
* Find string for address.
* @param tree: tree containing EDNS strings per address prefix.
* @param addr: address to use for tree lookup
* @param addrlen: length of address
* @return: matching tree node, NULL otherwise
*/
struct edns_tag_addr*
edns_tag_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
struct edns_string_addr*
edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
socklen_t addrlen);
/**

2
util/fptr_wlist.c
View File

@ -229,6 +229,8 @@ fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *))
else if(fptr == &fwd_cmp) return 1;
else if(fptr == &pending_cmp) return 1;
else if(fptr == &serviced_cmp) return 1;
else if(fptr == &reuse_cmp) return 1;
else if(fptr == &reuse_id_cmp) return 1;
else if(fptr == &name_tree_compare) return 1;
else if(fptr == &order_lock_cmp) return 1;
else if(fptr == &codeline_cmp) return 1;

1
util/iana_ports.inc
View File

@ -5290,6 +5290,7 @@
22005,
22273,
22305,
22333,
22335,
22343,
22347,

4
util/module.h
View File

@ -520,8 +520,8 @@ struct module_env {
struct edns_known_option* edns_known_options;
/* Number of known edns options */
size_t edns_known_options_num;
/** EDNS client tag information */
struct edns_tags* edns_tags;
/** EDNS client string information */
struct edns_strings* edns_strings;
/* Make every mesh state unique, do not aggregate mesh states. */
int unique_mesh;

539
util/netevent.c
View File

@ -341,10 +341,15 @@ comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet,
if(sldns_buffer_remaining(packet) == 0)
log_err("error: send empty UDP packet");
#endif
log_assert(addr && addrlen > 0);
sent = sendto(c->fd, (void*)sldns_buffer_begin(packet),
sldns_buffer_remaining(packet), 0,
addr, addrlen);
if(addr) {
log_assert(addr && addrlen > 0);
sent = sendto(c->fd, (void*)sldns_buffer_begin(packet),
sldns_buffer_remaining(packet), 0,
addr, addrlen);
} else {
sent = send(c->fd, (void*)sldns_buffer_begin(packet),
sldns_buffer_remaining(packet), 0);
}
if(sent == -1) {
/* try again and block, waiting for IO to complete,
* we want to send the answer, and we will wait for
@ -574,6 +579,32 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet,
#endif /* AF_INET6 && IPV6_PKTINFO && HAVE_SENDMSG */
}
/** return true is UDP receive error needs to be logged */
static int udp_recv_needs_log(int err)
{
switch(err) {
case ECONNREFUSED:
# ifdef ENETUNREACH
case ENETUNREACH:
# endif
# ifdef EHOSTDOWN
case EHOSTDOWN:
# endif
# ifdef EHOSTUNREACH
case EHOSTUNREACH:
# endif
# ifdef ENETDOWN
case ENETDOWN:
# endif
if(verbosity >= VERB_ALGO)
return 1;
return 0;
default:
break;
}
return 1;
}
void
comm_point_udp_ancil_callback(int fd, short event, void* arg)
{
@ -616,7 +647,8 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg)
msg.msg_flags = 0;
rcv = recvmsg(fd, &msg, 0);
if(rcv == -1) {
if(errno != EAGAIN && errno != EINTR) {
if(errno != EAGAIN && errno != EINTR
&& udp_recv_needs_log(errno)) {
log_err("recvmsg failed: %s", strerror(errno));
}
return;
@ -697,7 +729,8 @@ comm_point_udp_callback(int fd, short event, void* arg)
(struct sockaddr*)&rep.addr, &rep.addrlen);
if(rcv == -1) {
#ifndef USE_WINSOCK
if(errno != EAGAIN && errno != EINTR)
if(errno != EAGAIN && errno != EINTR
&& udp_recv_needs_log(errno))
log_err("recvfrom %d failed: %s",
fd, strerror(errno));
#else
@ -965,6 +998,10 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg)
/* clear leftover flags from previous use, and then set the
* correct event base for the event structure for libevent */
ub_event_free(c_hdl->ev->ev);
if((c_hdl->type == comm_tcp && c_hdl->tcp_req_info) ||
c_hdl->type == comm_local || c_hdl->type == comm_raw)
c_hdl->tcp_do_toggle_rw = 0;
else c_hdl->tcp_do_toggle_rw = 1;
if(c_hdl->type == comm_http) {
#ifdef HAVE_NGHTTP2
@ -978,6 +1015,10 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg)
log_warn("failed to submit http2 settings");
return;
}
if(!c->ssl) {
c_hdl->tcp_do_toggle_rw = 0;
c_hdl->use_h2 = 1;
}
#endif
c_hdl->ev->ev = ub_event_new(c_hdl->ev->base->eb->base, -1,
UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT,
@ -1042,6 +1083,8 @@ reclaim_tcp_handler(struct comm_point* c)
comm_point_start_listening(c->tcp_parent, -1, -1);
}
}
c->tcp_more_read_again = NULL;
c->tcp_more_write_again = NULL;
}
/** do the callback when writing is done */
@ -1049,16 +1092,27 @@ static void
tcp_callback_writer(struct comm_point* c)
{
log_assert(c->type == comm_tcp);
sldns_buffer_clear(c->buffer);
if(!c->tcp_write_and_read) {
sldns_buffer_clear(c->buffer);
c->tcp_byte_count = 0;
}
if(c->tcp_do_toggle_rw)
c->tcp_is_reading = 1;
c->tcp_byte_count = 0;
/* switch from listening(write) to listening(read) */
if(c->tcp_req_info) {
tcp_req_info_handle_writedone(c->tcp_req_info);
} else {
comm_point_stop_listening(c);
comm_point_start_listening(c, -1, c->tcp_timeout_msec);
if(c->tcp_write_and_read) {
fptr_ok(fptr_whitelist_comm_point(c->callback));
if( (*c->callback)(c, c->cb_arg, NETEVENT_PKT_WRITTEN,
&c->repinfo) ) {
comm_point_start_listening(c, -1,
c->tcp_timeout_msec);
}
} else {
comm_point_start_listening(c, -1, c->tcp_timeout_msec);
}
}
}
@ -1361,10 +1415,28 @@ ssl_handle_write(struct comm_point* c)
}
/* ignore return, if fails we may simply block */
(void)SSL_set_mode(c->ssl, (long)SSL_MODE_ENABLE_PARTIAL_WRITE);
if(c->tcp_byte_count < sizeof(uint16_t)) {
uint16_t len = htons(sldns_buffer_limit(c->buffer));
if((c->tcp_write_and_read?c->tcp_write_byte_count:c->tcp_byte_count) < sizeof(uint16_t)) {
uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(c->buffer));
ERR_clear_error();
if(sizeof(uint16_t)+sldns_buffer_remaining(c->buffer) <
if(c->tcp_write_and_read) {
if(c->tcp_write_pkt_len + 2 < LDNS_RR_BUF_SIZE) {
/* combine the tcp length and the query for
* write, this emulates writev */
uint8_t buf[LDNS_RR_BUF_SIZE];
memmove(buf, &len, sizeof(uint16_t));
memmove(buf+sizeof(uint16_t),
c->tcp_write_pkt,
c->tcp_write_pkt_len);
r = SSL_write(c->ssl,
(void*)(buf+c->tcp_write_byte_count),
c->tcp_write_pkt_len + 2 -
c->tcp_write_byte_count);
} else {
r = SSL_write(c->ssl,
(void*)(((uint8_t*)&len)+c->tcp_write_byte_count),
(int)(sizeof(uint16_t)-c->tcp_write_byte_count));
}
} else if(sizeof(uint16_t)+sldns_buffer_remaining(c->buffer) <
LDNS_RR_BUF_SIZE) {
/* combine the tcp length and the query for write,
* this emulates writev */
@ -1406,20 +1478,32 @@ ssl_handle_write(struct comm_point* c)
log_crypto_err("could not SSL_write");
return 0;
}
c->tcp_byte_count += r;
if(c->tcp_byte_count < sizeof(uint16_t))
return 1;
sldns_buffer_set_position(c->buffer, c->tcp_byte_count -
sizeof(uint16_t));
if(sldns_buffer_remaining(c->buffer) == 0) {
if(c->tcp_write_and_read) {
c->tcp_write_byte_count += r;
if(c->tcp_write_byte_count < sizeof(uint16_t))
return 1;
} else {
c->tcp_byte_count += r;
if(c->tcp_byte_count < sizeof(uint16_t))
return 1;
sldns_buffer_set_position(c->buffer, c->tcp_byte_count -
sizeof(uint16_t));
}
if((!c->tcp_write_and_read && sldns_buffer_remaining(c->buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) {
tcp_callback_writer(c);
return 1;
}
}
log_assert(sldns_buffer_remaining(c->buffer) > 0);
log_assert(c->tcp_write_and_read || sldns_buffer_remaining(c->buffer) > 0);
log_assert(!c->tcp_write_and_read || c->tcp_write_byte_count < c->tcp_write_pkt_len + 2);
ERR_clear_error();
r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer),
(int)sldns_buffer_remaining(c->buffer));
if(c->tcp_write_and_read) {
r = SSL_write(c->ssl, (void*)(c->tcp_write_pkt + c->tcp_write_byte_count - 2),
(int)(c->tcp_write_pkt_len + 2 - c->tcp_write_byte_count));
} else {
r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer),
(int)sldns_buffer_remaining(c->buffer));
}
if(r <= 0) {
int want = SSL_get_error(c->ssl, r);
if(want == SSL_ERROR_ZERO_RETURN) {
@ -1444,9 +1528,13 @@ ssl_handle_write(struct comm_point* c)
log_crypto_err("could not SSL_write");
return 0;
}
sldns_buffer_skip(c->buffer, (ssize_t)r);
if(c->tcp_write_and_read) {
c->tcp_write_byte_count += r;
} else {
sldns_buffer_skip(c->buffer, (ssize_t)r);
}
if(sldns_buffer_remaining(c->buffer) == 0) {
if((!c->tcp_write_and_read && sldns_buffer_remaining(c->buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) {
tcp_callback_writer(c);
}
return 1;
@ -1458,9 +1546,17 @@ ssl_handle_write(struct comm_point* c)
/** handle ssl tcp connection with dns contents */
static int
ssl_handle_it(struct comm_point* c)
ssl_handle_it(struct comm_point* c, int is_write)
{
if(c->tcp_is_reading)
/* handle case where renegotiation wants read during write call
* or write during read calls */
if(is_write && c->ssl_shake_state == comm_ssl_shake_hs_write)
return ssl_handle_read(c);
else if(!is_write && c->ssl_shake_state == comm_ssl_shake_hs_read)
return ssl_handle_write(c);
/* handle read events for read operation and write events for a
* write operation */
else if(!is_write)
return ssl_handle_read(c);
return ssl_handle_write(c);
}
@ -1477,8 +1573,8 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok)
ssize_t r;
log_assert(c->type == comm_tcp || c->type == comm_local);
if(c->ssl)
return ssl_handle_it(c);
if(!c->tcp_is_reading)
return ssl_handle_it(c, 0);
if(!c->tcp_is_reading && !c->tcp_write_and_read)
return 0;
log_assert(fd != -1);
@ -1581,10 +1677,10 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
#else
buffer = c->buffer;
#endif
if(c->tcp_is_reading && !c->ssl)
if(c->tcp_is_reading && !c->ssl && !c->tcp_write_and_read)
return 0;
log_assert(fd != -1);
if(c->tcp_byte_count == 0 && c->tcp_check_nb_connect) {
if(((!c->tcp_write_and_read && c->tcp_byte_count == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == 0)) && c->tcp_check_nb_connect) {
/* check for pending error from nonblocking connect */
/* from Stevens, unix network programming, vol1, 3rd ed, p450*/
int error = 0;
@ -1625,7 +1721,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
}
}
if(c->ssl)
return ssl_handle_it(c);
return ssl_handle_it(c, 1);
#ifdef USE_MSG_FASTOPEN
/* Only try this on first use of a connection that uses tfo,
@ -1634,15 +1730,22 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
if(c->tcp_do_fastopen == 1) {
/* this form of sendmsg() does both a connect() and send() so need to
look for various flavours of error*/
uint16_t len = htons(sldns_buffer_limit(buffer));
uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(buffer));
struct msghdr msg;
struct iovec iov[2];
c->tcp_do_fastopen = 0;
memset(&msg, 0, sizeof(msg));
iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count;
iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count;
iov[1].iov_base = sldns_buffer_begin(buffer);
iov[1].iov_len = sldns_buffer_limit(buffer);
if(c->tcp_write_and_read) {
iov[0].iov_base = (uint8_t*)&len + c->tcp_write_byte_count;
iov[0].iov_len = sizeof(uint16_t) - c->tcp_write_byte_count;
iov[1].iov_base = c->tcp_write_pkt;
iov[1].iov_len = c->tcp_write_pkt_len;
} else {
iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count;
iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count;
iov[1].iov_base = sldns_buffer_begin(buffer);
iov[1].iov_len = sldns_buffer_limit(buffer);
}
log_assert(iov[0].iov_len > 0);
msg.msg_name = &c->repinfo.addr;
msg.msg_namelen = c->repinfo.addrlen;
@ -1688,12 +1791,18 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
}
} else {
c->tcp_byte_count += r;
if(c->tcp_byte_count < sizeof(uint16_t))
return 1;
sldns_buffer_set_position(buffer, c->tcp_byte_count -
sizeof(uint16_t));
if(sldns_buffer_remaining(buffer) == 0) {
if(c->tcp_write_and_read) {
c->tcp_write_byte_count += r;
if(c->tcp_write_byte_count < sizeof(uint16_t))
return 1;
} else {
c->tcp_byte_count += r;
if(c->tcp_byte_count < sizeof(uint16_t))
return 1;
sldns_buffer_set_position(buffer, c->tcp_byte_count -
sizeof(uint16_t));
}
if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) {
tcp_callback_writer(c);
return 1;
}
@ -1701,19 +1810,31 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
}
#endif /* USE_MSG_FASTOPEN */
if(c->tcp_byte_count < sizeof(uint16_t)) {
uint16_t len = htons(sldns_buffer_limit(buffer));
if((c->tcp_write_and_read?c->tcp_write_byte_count:c->tcp_byte_count) < sizeof(uint16_t)) {
uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(buffer));
#ifdef HAVE_WRITEV
struct iovec iov[2];
iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count;
iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count;
iov[1].iov_base = sldns_buffer_begin(buffer);
iov[1].iov_len = sldns_buffer_limit(buffer);
if(c->tcp_write_and_read) {
iov[0].iov_base = (uint8_t*)&len + c->tcp_write_byte_count;
iov[0].iov_len = sizeof(uint16_t) - c->tcp_write_byte_count;
iov[1].iov_base = c->tcp_write_pkt;
iov[1].iov_len = c->tcp_write_pkt_len;
} else {
iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count;
iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count;
iov[1].iov_base = sldns_buffer_begin(buffer);
iov[1].iov_len = sldns_buffer_limit(buffer);
}
log_assert(iov[0].iov_len > 0);
r = writev(fd, iov, 2);
#else /* HAVE_WRITEV */
r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_byte_count),
sizeof(uint16_t)-c->tcp_byte_count, 0);
if(c->tcp_write_and_read) {
r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_write_byte_count),
sizeof(uint16_t)-c->tcp_write_byte_count, 0);
} else {
r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_byte_count),
sizeof(uint16_t)-c->tcp_byte_count, 0);
}
#endif /* HAVE_WRITEV */
if(r == -1) {
#ifndef USE_WINSOCK
@ -1752,19 +1873,31 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
#endif
return 0;
}
c->tcp_byte_count += r;
if(c->tcp_byte_count < sizeof(uint16_t))
return 1;
sldns_buffer_set_position(buffer, c->tcp_byte_count -
sizeof(uint16_t));
if(sldns_buffer_remaining(buffer) == 0) {
if(c->tcp_write_and_read) {
c->tcp_write_byte_count += r;
if(c->tcp_write_byte_count < sizeof(uint16_t))
return 1;
} else {
c->tcp_byte_count += r;
if(c->tcp_byte_count < sizeof(uint16_t))
return 1;
sldns_buffer_set_position(buffer, c->tcp_byte_count -
sizeof(uint16_t));
}
if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) {
tcp_callback_writer(c);
return 1;
}
}
log_assert(sldns_buffer_remaining(buffer) > 0);
r = send(fd, (void*)sldns_buffer_current(buffer),
sldns_buffer_remaining(buffer), 0);
log_assert(c->tcp_write_and_read || sldns_buffer_remaining(buffer) > 0);
log_assert(!c->tcp_write_and_read || c->tcp_write_byte_count < c->tcp_write_pkt_len + 2);
if(c->tcp_write_and_read) {
r = send(fd, (void*)c->tcp_write_pkt + c->tcp_write_byte_count - 2,
c->tcp_write_pkt_len + 2 - c->tcp_write_byte_count, 0);
} else {
r = send(fd, (void*)sldns_buffer_current(buffer),
sldns_buffer_remaining(buffer), 0);
}
if(r == -1) {
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
@ -1787,9 +1920,13 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
&c->repinfo.addr, c->repinfo.addrlen);
return 0;
}
sldns_buffer_skip(buffer, r);
if(c->tcp_write_and_read) {
c->tcp_write_byte_count += r;
} else {
sldns_buffer_skip(buffer, r);
}
if(sldns_buffer_remaining(buffer) == 0) {
if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) {
tcp_callback_writer(c);
}
@ -1819,6 +1956,54 @@ tcp_req_info_read_again(int fd, struct comm_point* c)
}
}
/** read again to drain buffers when there could be more to read */
static void
tcp_more_read_again(int fd, struct comm_point* c)
{
/* if the packet is done, but another one could be waiting on
* the connection, the callback signals this, and we try again */
/* this continues until the read routines get EAGAIN or so,
* and thus does not call the callback, and the bool is 0 */
int* moreread = c->tcp_more_read_again;
while(moreread && *moreread) {
*moreread = 0;
if(!comm_point_tcp_handle_read(fd, c, 0)) {
reclaim_tcp_handler(c);
if(!c->tcp_do_close) {
fptr_ok(fptr_whitelist_comm_point(
c->callback));
(void)(*c->callback)(c, c->cb_arg,
NETEVENT_CLOSED, NULL);
}
return;
}
}
}
/** write again to fill up when there could be more to write */
static void
tcp_more_write_again(int fd, struct comm_point* c)
{
/* if the packet is done, but another is waiting to be written,
* the callback signals it and we try again. */
/* this continues until the write routines get EAGAIN or so,
* and thus does not call the callback, and the bool is 0 */
int* morewrite = c->tcp_more_write_again;
while(morewrite && *morewrite) {
*morewrite = 0;
if(!comm_point_tcp_handle_write(fd, c)) {
reclaim_tcp_handler(c);
if(!c->tcp_do_close) {
fptr_ok(fptr_whitelist_comm_point(
c->callback));
(void)(*c->callback)(c, c->cb_arg,
NETEVENT_CLOSED, NULL);
}
return;
}
}
}
void
comm_point_tcp_handle_callback(int fd, short event, void* arg)
{
@ -1839,7 +2024,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
if(!c->tcp_do_close) {
fptr_ok(fptr_whitelist_comm_point(
c->callback));
(void)(*c->callback)(c, c->cb_arg,
(void)(*c->callback)(c, c->cb_arg,
NETEVENT_CLOSED, NULL);
}
return;
@ -1857,34 +2042,46 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
}
return;
}
if(event&UB_EV_READ) {
if(event&UB_EV_READ
#ifdef USE_MSG_FASTOPEN
&& !(c->tcp_do_fastopen && (event&UB_EV_WRITE))
#endif
) {
int has_tcpq = (c->tcp_req_info != NULL);
int* moreread = c->tcp_more_read_again;
if(!comm_point_tcp_handle_read(fd, c, 0)) {
reclaim_tcp_handler(c);
if(!c->tcp_do_close) {
fptr_ok(fptr_whitelist_comm_point(
c->callback));
(void)(*c->callback)(c, c->cb_arg,
(void)(*c->callback)(c, c->cb_arg,
NETEVENT_CLOSED, NULL);
}
return;
}
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
tcp_req_info_read_again(fd, c);
if(moreread && *moreread)
tcp_more_read_again(fd, c);
return;
}
if(event&UB_EV_WRITE) {
int has_tcpq = (c->tcp_req_info != NULL);
int* morewrite = c->tcp_more_write_again;
if(!comm_point_tcp_handle_write(fd, c)) {
reclaim_tcp_handler(c);
if(!c->tcp_do_close) {
fptr_ok(fptr_whitelist_comm_point(
c->callback));
(void)(*c->callback)(c, c->cb_arg,
(void)(*c->callback)(c, c->cb_arg,
NETEVENT_CLOSED, NULL);
}
return;
}
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
tcp_req_info_read_again(fd, c);
if(morewrite && *morewrite)
tcp_more_write_again(fd, c);
return;
}
log_err("Ignored event %d for tcphdl.", event);
@ -2359,48 +2556,76 @@ int http2_stream_close_cb(nghttp2_session* ATTR_UNUSED(session),
ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), uint8_t* buf,
size_t len, int ATTR_UNUSED(flags), void* cb_arg)
{
#ifdef HAVE_SSL
struct http2_session* h2_session = (struct http2_session*)cb_arg;
int r;
ssize_t ret;
log_assert(h2_session->c->type == comm_http);
log_assert(h2_session->c->h2_session);
if(!h2_session->c->ssl)
return 0;
ERR_clear_error();
r = SSL_read(h2_session->c->ssl, buf, len);
if(r <= 0) {
int want = SSL_get_error(h2_session->c->ssl, r);
if(want == SSL_ERROR_ZERO_RETURN) {
return NGHTTP2_ERR_EOF;
} else if(want == SSL_ERROR_WANT_READ) {
return NGHTTP2_ERR_WOULDBLOCK;
} else if(want == SSL_ERROR_WANT_WRITE) {
h2_session->c->ssl_shake_state = comm_ssl_shake_hs_write;
comm_point_listen_for_rw(h2_session->c, 0, 1);
return NGHTTP2_ERR_WOULDBLOCK;
} else if(want == SSL_ERROR_SYSCALL) {
#ifdef HAVE_SSL
if(h2_session->c->ssl) {
int r;
ERR_clear_error();
r = SSL_read(h2_session->c->ssl, buf, len);
if(r <= 0) {
int want = SSL_get_error(h2_session->c->ssl, r);
if(want == SSL_ERROR_ZERO_RETURN) {
return NGHTTP2_ERR_EOF;
} else if(want == SSL_ERROR_WANT_READ) {
return NGHTTP2_ERR_WOULDBLOCK;
} else if(want == SSL_ERROR_WANT_WRITE) {
h2_session->c->ssl_shake_state = comm_ssl_shake_hs_write;
comm_point_listen_for_rw(h2_session->c, 0, 1);
return NGHTTP2_ERR_WOULDBLOCK;
} else if(want == SSL_ERROR_SYSCALL) {
#ifdef ECONNRESET
if(errno == ECONNRESET && verbosity < 2)
return NGHTTP2_ERR_CALLBACK_FAILURE;
if(errno == ECONNRESET && verbosity < 2)
return NGHTTP2_ERR_CALLBACK_FAILURE;
#endif
if(errno != 0)
log_err("SSL_read syscall: %s",
strerror(errno));
if(errno != 0)
log_err("SSL_read syscall: %s",
strerror(errno));
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
log_crypto_err("could not SSL_read");
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
log_crypto_err("could not SSL_read");
return r;
}
#endif /* HAVE_SSL */
ret = recv(h2_session->c->fd, buf, len, 0);
if(ret == 0) {
return NGHTTP2_ERR_EOF;
} else if(ret < 0) {
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
return NGHTTP2_ERR_WOULDBLOCK;
#ifdef ECONNRESET
if(errno == ECONNRESET && verbosity < 2)
return NGHTTP2_ERR_CALLBACK_FAILURE;
#endif
log_err_addr("could not http2 recv: %s", strerror(errno),
&h2_session->c->repinfo.addr,
h2_session->c->repinfo.addrlen);
#else /* USE_WINSOCK */
if(WSAGetLastError() == WSAECONNRESET)
return NGHTTP2_ERR_CALLBACK_FAILURE;
if(WSAGetLastError() == WSAEINPROGRESS)
return NGHTTP2_ERR_WOULDBLOCK;
if(WSAGetLastError() == WSAEWOULDBLOCK) {
ub_winsock_tcp_wouldblock(h2_session->c->ev->ev,
UB_EV_READ);
return NGHTTP2_ERR_WOULDBLOCK;
}
log_err_addr("could not http2 recv: %s",
wsa_strerror(WSAGetLastError()),
&h2_session->c->repinfo.addr,
h2_session->c->repinfo.addrlen);
#endif
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
return r;
#else
(void)buf;
(void)len;
(void)cb_arg;
return -1;
#endif
return ret;
}
#endif /* HAVE_NGHTTP2 */
@ -2411,15 +2636,17 @@ comm_point_http2_handle_read(int ATTR_UNUSED(fd), struct comm_point* c)
#ifdef HAVE_NGHTTP2
int ret;
log_assert(c->h2_session);
log_assert(c->ssl);
/* reading until recv cb returns NGHTTP2_ERR_WOULDBLOCK */
ret = nghttp2_session_recv(c->h2_session->session);
if(ret) {
if(ret != NGHTTP2_ERR_EOF &&
ret != NGHTTP2_ERR_CALLBACK_FAILURE) {
verbose(VERB_QUERY, "http2: session_recv failed, "
"error: %s", nghttp2_strerror(ret));
char a[256];
addr_to_str(&c->repinfo.addr, c->repinfo.addrlen,
a, sizeof(a));
verbose(VERB_QUERY, "http2: session_recv from %s failed, "
"error: %s", a, nghttp2_strerror(ret));
}
return 0;
}
@ -2648,47 +2875,81 @@ http_write_more(int fd, struct comm_point* c)
ssize_t http2_send_cb(nghttp2_session* ATTR_UNUSED(session), const uint8_t* buf,
size_t len, int ATTR_UNUSED(flags), void* cb_arg)
{
#ifdef HAVE_SSL
int r;
ssize_t ret;
struct http2_session* h2_session = (struct http2_session*)cb_arg;
log_assert(h2_session->c->type == comm_http);
log_assert(h2_session->c->h2_session);
if(!h2_session->c->ssl)
return 0;
ERR_clear_error();
r = SSL_write(h2_session->c->ssl, buf, len);
if(r <= 0) {
int want = SSL_get_error(h2_session->c->ssl, r);
if(want == SSL_ERROR_ZERO_RETURN) {
return NGHTTP2_ERR_CALLBACK_FAILURE;
} else if(want == SSL_ERROR_WANT_READ) {
h2_session->c->ssl_shake_state = comm_ssl_shake_hs_read;
comm_point_listen_for_rw(h2_session->c, 1, 0);
return NGHTTP2_ERR_WOULDBLOCK;
} else if(want == SSL_ERROR_WANT_WRITE) {
return NGHTTP2_ERR_WOULDBLOCK;
} else if(want == SSL_ERROR_SYSCALL) {
#ifdef EPIPE
if(errno == EPIPE && verbosity < 2)
#ifdef HAVE_SSL
if(h2_session->c->ssl) {
int r;
ERR_clear_error();
r = SSL_write(h2_session->c->ssl, buf, len);
if(r <= 0) {
int want = SSL_get_error(h2_session->c->ssl, r);
if(want == SSL_ERROR_ZERO_RETURN) {
return NGHTTP2_ERR_CALLBACK_FAILURE;
} else if(want == SSL_ERROR_WANT_READ) {
h2_session->c->ssl_shake_state = comm_ssl_shake_hs_read;
comm_point_listen_for_rw(h2_session->c, 1, 0);
return NGHTTP2_ERR_WOULDBLOCK;
} else if(want == SSL_ERROR_WANT_WRITE) {
return NGHTTP2_ERR_WOULDBLOCK;
} else if(want == SSL_ERROR_SYSCALL) {
#ifdef EPIPE
if(errno == EPIPE && verbosity < 2)
return NGHTTP2_ERR_CALLBACK_FAILURE;
#endif
if(errno != 0)
log_err("SSL_write syscall: %s",
strerror(errno));
if(errno != 0)
log_err("SSL_write syscall: %s",
strerror(errno));
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
log_crypto_err("could not SSL_write");
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
log_crypto_err("could not SSL_write");
return r;
}
#endif /* HAVE_SSL */
ret = send(h2_session->c->fd, buf, len, 0);
if(ret == 0) {
return NGHTTP2_ERR_CALLBACK_FAILURE;
} else if(ret < 0) {
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
return NGHTTP2_ERR_WOULDBLOCK;
#ifdef EPIPE
if(errno == EPIPE && verbosity < 2)
return NGHTTP2_ERR_CALLBACK_FAILURE;
#endif
#ifdef ECONNRESET
if(errno == ECONNRESET && verbosity < 2)
return NGHTTP2_ERR_CALLBACK_FAILURE;
#endif
log_err_addr("could not http2 write: %s", strerror(errno),
&h2_session->c->repinfo.addr,
h2_session->c->repinfo.addrlen);
#else /* USE_WINSOCK */
if(WSAGetLastError() == WSAENOTCONN)
return NGHTTP2_ERR_WOULDBLOCK;
if(WSAGetLastError() == WSAEINPROGRESS)
return NGHTTP2_ERR_WOULDBLOCK;
if(WSAGetLastError() == WSAEWOULDBLOCK) {
ub_winsock_tcp_wouldblock(h2_session->c->ev->ev,
UB_EV_WRITE);
return NGHTTP2_ERR_WOULDBLOCK;
}
if(WSAGetLastError() == WSAECONNRESET && verbosity < 2)
return NGHTTP2_ERR_CALLBACK_FAILURE;
log_err_addr("could not http2 write: %s",
wsa_strerror(WSAGetLastError()),
&h2_session->c->repinfo.addr,
h2_session->c->repinfo.addrlen);
#endif
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
return r;
#else
(void)buf;
(void)len;
(void)cb_arg;
return -1;
#endif
return ret;
}
#endif /* HAVE_NGHTTP2 */
@ -2699,7 +2960,6 @@ comm_point_http2_handle_write(int ATTR_UNUSED(fd), struct comm_point* c)
#ifdef HAVE_NGHTTP2
int ret;
log_assert(c->h2_session);
log_assert(c->ssl);
ret = nghttp2_session_send(c->h2_session->session);
if(ret) {
@ -2811,7 +3071,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg)
if(!c->tcp_do_close) {
fptr_ok(fptr_whitelist_comm_point(
c->callback));
(void)(*c->callback)(c, c->cb_arg,
(void)(*c->callback)(c, c->cb_arg,
NETEVENT_CLOSED, NULL);
}
}
@ -2823,7 +3083,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg)
if(!c->tcp_do_close) {
fptr_ok(fptr_whitelist_comm_point(
c->callback));
(void)(*c->callback)(c, c->cb_arg,
(void)(*c->callback)(c, c->cb_arg,
NETEVENT_CLOSED, NULL);
}
}
@ -3555,6 +3815,7 @@ comm_point_close(struct comm_point* c)
if(!c)
return;
if(c->fd != -1) {
verbose(5, "comm_point_close of %d: event_del", c->fd);
if(ub_event_del(c->ev->ev) != 0) {
log_err("could not event_del on close");
}
@ -3736,12 +3997,20 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec)
}
if(c->type == comm_tcp || c->type == comm_http) {
ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE);
if(c->tcp_is_reading)
if(c->tcp_write_and_read) {
verbose(5, "startlistening %d mode rw", (newfd==-1?c->fd:newfd));
ub_event_add_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE);
} else if(c->tcp_is_reading) {
verbose(5, "startlistening %d mode r", (newfd==-1?c->fd:newfd));
ub_event_add_bits(c->ev->ev, UB_EV_READ);
else ub_event_add_bits(c->ev->ev, UB_EV_WRITE);
} else {
verbose(5, "startlistening %d mode w", (newfd==-1?c->fd:newfd));
ub_event_add_bits(c->ev->ev, UB_EV_WRITE);
}
}
if(newfd != -1) {
if(c->fd != -1) {
if(c->fd != -1 && c->fd != newfd) {
verbose(5, "cpsl close of fd %d for %d", c->fd, newfd);
sock_close(c->fd);
}
c->fd = newfd;

44
util/netevent.h
View File

@ -95,6 +95,9 @@ typedef int comm_point_callback_type(struct comm_point*, void*, int,
#define NETEVENT_CAPSFAIL -3
/** to pass done transfer to callback function; http file is complete */
#define NETEVENT_DONE -4
/** to pass write of the write packet is done to callback function
* used when tcp_write_and_read is enabled */
#define NETEVENT_PKT_WRITTEN -5
/** timeout to slow accept calls when not possible, in msec. */
#define NETEVENT_SLOW_ACCEPT_TIME 2000
@ -276,6 +279,44 @@ struct comm_point {
and after read/write completes. No callback is done. */
int tcp_do_close;
/** flag that indicates the stream is both written and read from. */
int tcp_write_and_read;
/** byte count for written length over write channel, for when
* tcp_write_and_read is enabled. When tcp_write_and_read is enabled,
* this is the counter for writing, the one for reading is in the
* commpoint.buffer sldns buffer. The counter counts from 0 to
* 2+tcp_write_pkt_len, and includes the tcp length bytes. */
size_t tcp_write_byte_count;
/** packet to write currently over the write channel. for when
* tcp_write_and_read is enabled. When tcp_write_and_read is enabled,
* this is the buffer for the written packet, the commpoint.buffer
* sldns buffer is the buffer for the received packet. */
uint8_t* tcp_write_pkt;
/** length of tcp_write_pkt in bytes */
size_t tcp_write_pkt_len;
/** if set try to read another packet again (over connection with
* multiple packets), once set, tries once, then zero again,
* so set it in the packet complete section.
* The pointer itself has to be set before the callback is invoked,
* when you set things up, and continue to exist also after the
* commpoint is closed and deleted in your callback. So that after
* the callback cleans up netevent can see what it has to do.
* Or leave NULL if it is not used at all. */
int* tcp_more_read_again;
/** if set try to write another packet (over connection with
* multiple packets), once set, tries once, then zero again,
* so set it in the packet complete section.
* The pointer itself has to be set before the callback is invoked,
* when you set things up, and continue to exist also after the
* commpoint is closed and deleted in your callback. So that after
* the callback cleans up netevent can see what it has to do.
* Or leave NULL if it is not used at all. */
int* tcp_more_write_again;
/** if set, read/write completes:
read/write state of tcp is toggled.
buffer reset/bytecount reset.
@ -589,7 +630,8 @@ void comm_point_drop_reply(struct comm_reply* repinfo);
* Send an udp message over a commpoint.
* @param c: commpoint to send it from.
* @param packet: what to send.
* @param addr: where to send it to.
* @param addr: where to send it to. If NULL, send is performed,
* for connected sockets, to the connected address.
* @param addrlen: length of addr.
* @return: false on a failure.
*/

31
util/regional.c
View File

@ -80,18 +80,39 @@ regional_init(struct regional* r)
r->total_large = 0;
}
struct regional*
regional_create_custom(size_t size)
/**
* Create a new region, with custom first block and large-object sizes.
* @param size: length of first block.
* @param large_object_size: outside of chunk allocation threshold.
* @return: newly allocated regional.
*/
static struct regional*
regional_create_custom_large_object(size_t size, size_t large_object_size)
{
struct regional* r = (struct regional*)malloc(size);
struct regional* r;
size = ALIGN_UP(size, ALIGNMENT);
r = (struct regional*)malloc(size);
log_assert(sizeof(struct regional) <= size);
if(!r) return NULL;
r->first_size = size;
r->large_object_size = large_object_size;
regional_init(r);
return r;
}
struct regional*
regional_create_custom(size_t size)
{
return regional_create_custom_large_object(size,
REGIONAL_LARGE_OBJECT_SIZE);
}
struct regional*
regional_create_nochunk(size_t size)
{
return regional_create_custom_large_object(size, 0);
}
void
regional_free_all(struct regional *r)
{
@ -134,7 +155,7 @@ regional_alloc(struct regional *r, size_t size)
malloc and ALIGN_UP */
a = ALIGN_UP(size, ALIGNMENT);
/* large objects */
if(a > REGIONAL_LARGE_OBJECT_SIZE) {
if(a > r->large_object_size) {
s = malloc(ALIGNMENT + size);
if(!s) return NULL;
r->total_large += ALIGNMENT+size;
@ -219,7 +240,7 @@ regional_log_stats(struct regional *r)
/* some basic assertions put here (non time critical code) */
log_assert(ALIGNMENT >= sizeof(char*));
log_assert(REGIONAL_CHUNK_SIZE > ALIGNMENT);
log_assert(REGIONAL_CHUNK_SIZE-ALIGNMENT > REGIONAL_LARGE_OBJECT_SIZE);
log_assert(REGIONAL_CHUNK_SIZE-ALIGNMENT > r->large_object_size);
log_assert(REGIONAL_CHUNK_SIZE >= sizeof(struct regional));
/* debug print */
log_info("regional %u chunks, %u large",

13
util/regional.h
View File

@ -74,6 +74,11 @@ struct regional
size_t available;
/** current chunk data position. */
char* data;
/** threshold for outside of chunk allocations */
size_t large_object_size;
/** padding for sizeof8 alignment of sizeof(struct regional)
* for 32bit systems */
size_t padding;
};
/**
@ -88,6 +93,14 @@ struct regional* regional_create(void);
* @return: newly allocated regional.
*/
struct regional* regional_create_custom(size_t size);
/**
* Create a new region, with custom settings, that will allocate everything
* outside the region chunk.
* @param size: length of first block.
* @return: newly allocated regional.
*/
struct regional* regional_create_nochunk(size_t size);
/**
* Free all memory associated with regional. Only keeps the first block with

2
validator/val_secalgo.c
View File

@ -990,6 +990,7 @@ static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo)
return pk;
}
#if defined(USE_DSA) && defined(USE_SHA1)
static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len)
{
SECKEYPublicKey* pk;
@ -1050,6 +1051,7 @@ static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len)
}
return pk;
}
#endif /* USE_DSA && USE_SHA1 */
static SECKEYPublicKey* nss_buf2rsa(unsigned char* key, size_t len)
{