Vendor import of Unbound 1.7.3.
This commit is contained in:
parent
7b6fdf425a
commit
4aea2433fa
50
Makefile.in
50
Makefile.in
@ -858,10 +858,11 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/
|
||||
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \
|
||||
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \
|
||||
$(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \
|
||||
$(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/respip/respip.h $(PYTHONMOD_HEADER) \
|
||||
$(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h
|
||||
$(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
|
||||
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \
|
||||
$(PYTHONMOD_HEADER) $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h \
|
||||
$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h \
|
||||
$(srcdir)/edns-subnet/edns-subnet.h
|
||||
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/testcode/checklocks.h
|
||||
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h \
|
||||
@ -1257,8 +1258,8 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
|
||||
$(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
|
||||
$(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h \
|
||||
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
|
||||
$(srcdir)/util/shm_side/shm_main.h
|
||||
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
|
||||
$(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h
|
||||
testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
|
||||
$(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
@ -1291,8 +1292,8 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
|
||||
$(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
|
||||
$(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h \
|
||||
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
|
||||
$(srcdir)/util/shm_side/shm_main.h
|
||||
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
|
||||
$(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h
|
||||
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
|
||||
@ -1375,22 +1376,22 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c
|
||||
$(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h
|
||||
worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/worker.h \
|
||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h
|
||||
context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/sldns/sbuffer.h
|
||||
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/sldns/sbuffer.h
|
||||
libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
|
||||
@ -1407,7 +1408,7 @@ libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
|
||||
$(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/libunbound/context.h \
|
||||
$(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h \
|
||||
$(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/dnscrypt/cert.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
@ -1419,11 +1420,14 @@ libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \
|
||||
$(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h
|
||||
unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
|
||||
|
||||
asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \
|
||||
$(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h
|
||||
$(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \
|
||||
|
||||
streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/testcode/checklocks.h $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
|
27
configure
vendored
27
configure
vendored
@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for unbound 1.7.2.
|
||||
# Generated by GNU Autoconf 2.69 for unbound 1.7.3.
|
||||
#
|
||||
# Report bugs to <unbound-bugs@nlnetlabs.nl>.
|
||||
#
|
||||
@ -590,8 +590,8 @@ MAKEFLAGS=
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='unbound'
|
||||
PACKAGE_TARNAME='unbound'
|
||||
PACKAGE_VERSION='1.7.2'
|
||||
PACKAGE_STRING='unbound 1.7.2'
|
||||
PACKAGE_VERSION='1.7.3'
|
||||
PACKAGE_STRING='unbound 1.7.3'
|
||||
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
|
||||
PACKAGE_URL=''
|
||||
|
||||
@ -1440,7 +1440,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures unbound 1.7.2 to adapt to many kinds of systems.
|
||||
\`configure' configures unbound 1.7.3 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1505,7 +1505,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of unbound 1.7.2:";;
|
||||
short | recursive ) echo "Configuration of unbound 1.7.3:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -1722,7 +1722,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
unbound configure 1.7.2
|
||||
unbound configure 1.7.3
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
@ -2431,7 +2431,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by unbound $as_me 1.7.2, which was
|
||||
It was created by unbound $as_me 1.7.3, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
@ -2783,11 +2783,11 @@ UNBOUND_VERSION_MAJOR=1
|
||||
|
||||
UNBOUND_VERSION_MINOR=7
|
||||
|
||||
UNBOUND_VERSION_MICRO=2
|
||||
UNBOUND_VERSION_MICRO=3
|
||||
|
||||
|
||||
LIBUNBOUND_CURRENT=7
|
||||
LIBUNBOUND_REVISION=10
|
||||
LIBUNBOUND_REVISION=11
|
||||
LIBUNBOUND_AGE=5
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
@ -2849,6 +2849,7 @@ LIBUNBOUND_AGE=5
|
||||
# 1.7.0 had 7:8:5
|
||||
# 1.7.1 had 7:9:5
|
||||
# 1.7.2 had 7:10:5
|
||||
# 1.7.3 had 7:11:5
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
@ -19762,7 +19763,7 @@ done
|
||||
|
||||
|
||||
# check if setreuid en setregid fail, on MacOSX10.4(darwin8).
|
||||
if echo $build_os | grep darwin8 > /dev/null; then
|
||||
if echo $target_os | grep darwin8 > /dev/null; then
|
||||
|
||||
$as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h
|
||||
|
||||
@ -21044,7 +21045,7 @@ _ACEOF
|
||||
|
||||
|
||||
|
||||
version=1.7.2
|
||||
version=1.7.3
|
||||
|
||||
date=`date +'%b %e, %Y'`
|
||||
|
||||
@ -21563,7 +21564,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by unbound $as_me 1.7.2, which was
|
||||
This file was extended by unbound $as_me 1.7.3, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -21629,7 +21630,7 @@ _ACEOF
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
unbound config.status 1.7.2
|
||||
unbound config.status 1.7.3
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
|
||||
# must be numbers. ac_defun because of later processing
|
||||
m4_define([VERSION_MAJOR],[1])
|
||||
m4_define([VERSION_MINOR],[7])
|
||||
m4_define([VERSION_MICRO],[2])
|
||||
m4_define([VERSION_MICRO],[3])
|
||||
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
|
||||
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
||||
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
||||
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
||||
|
||||
LIBUNBOUND_CURRENT=7
|
||||
LIBUNBOUND_REVISION=10
|
||||
LIBUNBOUND_REVISION=11
|
||||
LIBUNBOUND_AGE=5
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
@ -80,6 +80,7 @@ LIBUNBOUND_AGE=5
|
||||
# 1.7.0 had 7:8:5
|
||||
# 1.7.1 had 7:9:5
|
||||
# 1.7.2 had 7:10:5
|
||||
# 1.7.3 had 7:11:5
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
@ -1324,7 +1325,7 @@ AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])])
|
||||
AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
|
||||
|
||||
# check if setreuid en setregid fail, on MacOSX10.4(darwin8).
|
||||
if echo $build_os | grep darwin8 > /dev/null; then
|
||||
if echo $target_os | grep darwin8 > /dev/null; then
|
||||
AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work])
|
||||
fi
|
||||
AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [
|
||||
|
@ -62,7 +62,7 @@
|
||||
|
||||
/** dump one rrset zonefile line */
|
||||
static int
|
||||
dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
|
||||
dump_rrset_line(RES* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
|
||||
{
|
||||
char s[65535];
|
||||
if(!packed_rr_to_string(k, i, now, s, sizeof(s))) {
|
||||
@ -73,7 +73,7 @@ dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
|
||||
|
||||
/** dump rrset key and data info */
|
||||
static int
|
||||
dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
|
||||
dump_rrset(RES* ssl, struct ub_packed_rrset_key* k,
|
||||
struct packed_rrset_data* d, time_t now)
|
||||
{
|
||||
size_t i;
|
||||
@ -99,7 +99,7 @@ dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
|
||||
|
||||
/** dump lruhash rrset cache */
|
||||
static int
|
||||
dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now)
|
||||
dump_rrset_lruhash(RES* ssl, struct lruhash* h, time_t now)
|
||||
{
|
||||
struct lruhash_entry* e;
|
||||
/* lruhash already locked by caller */
|
||||
@ -118,7 +118,7 @@ dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now)
|
||||
|
||||
/** dump rrset cache */
|
||||
static int
|
||||
dump_rrset_cache(SSL* ssl, struct worker* worker)
|
||||
dump_rrset_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
struct rrset_cache* r = worker->env.rrset_cache;
|
||||
size_t slab;
|
||||
@ -137,7 +137,7 @@ dump_rrset_cache(SSL* ssl, struct worker* worker)
|
||||
|
||||
/** dump message to rrset reference */
|
||||
static int
|
||||
dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
|
||||
dump_msg_ref(RES* ssl, struct ub_packed_rrset_key* k)
|
||||
{
|
||||
char* nm, *tp, *cl;
|
||||
nm = sldns_wire2str_dname(k->rk.dname, k->rk.dname_len);
|
||||
@ -164,7 +164,7 @@ dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
|
||||
|
||||
/** dump message entry */
|
||||
static int
|
||||
dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d,
|
||||
dump_msg(RES* ssl, struct query_info* k, struct reply_info* d,
|
||||
time_t now)
|
||||
{
|
||||
size_t i;
|
||||
@ -246,7 +246,7 @@ copy_msg(struct regional* region, struct lruhash_entry* e,
|
||||
|
||||
/** dump lruhash msg cache */
|
||||
static int
|
||||
dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h)
|
||||
dump_msg_lruhash(RES* ssl, struct worker* worker, struct lruhash* h)
|
||||
{
|
||||
struct lruhash_entry* e;
|
||||
struct query_info* k;
|
||||
@ -274,7 +274,7 @@ dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h)
|
||||
|
||||
/** dump msg cache */
|
||||
static int
|
||||
dump_msg_cache(SSL* ssl, struct worker* worker)
|
||||
dump_msg_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
struct slabhash* sh = worker->env.msg_cache;
|
||||
size_t slab;
|
||||
@ -291,7 +291,7 @@ dump_msg_cache(SSL* ssl, struct worker* worker)
|
||||
}
|
||||
|
||||
int
|
||||
dump_cache(SSL* ssl, struct worker* worker)
|
||||
dump_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
if(!dump_rrset_cache(ssl, worker))
|
||||
return 0;
|
||||
@ -302,7 +302,7 @@ dump_cache(SSL* ssl, struct worker* worker)
|
||||
|
||||
/** read a line from ssl into buffer */
|
||||
static int
|
||||
ssl_read_buf(SSL* ssl, sldns_buffer* buf)
|
||||
ssl_read_buf(RES* ssl, sldns_buffer* buf)
|
||||
{
|
||||
return ssl_read_line(ssl, (char*)sldns_buffer_begin(buf),
|
||||
sldns_buffer_capacity(buf));
|
||||
@ -310,7 +310,7 @@ ssl_read_buf(SSL* ssl, sldns_buffer* buf)
|
||||
|
||||
/** check fixed text on line */
|
||||
static int
|
||||
read_fixed(SSL* ssl, sldns_buffer* buf, const char* str)
|
||||
read_fixed(RES* ssl, sldns_buffer* buf, const char* str)
|
||||
{
|
||||
if(!ssl_read_buf(ssl, buf)) return 0;
|
||||
return (strcmp((char*)sldns_buffer_begin(buf), str) == 0);
|
||||
@ -318,7 +318,7 @@ read_fixed(SSL* ssl, sldns_buffer* buf, const char* str)
|
||||
|
||||
/** load an RR into rrset */
|
||||
static int
|
||||
load_rr(SSL* ssl, sldns_buffer* buf, struct regional* region,
|
||||
load_rr(RES* ssl, sldns_buffer* buf, struct regional* region,
|
||||
struct ub_packed_rrset_key* rk, struct packed_rrset_data* d,
|
||||
unsigned int i, int is_rrsig, int* go_on, time_t now)
|
||||
{
|
||||
@ -435,7 +435,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
||||
|
||||
/** load an rrset entry */
|
||||
static int
|
||||
load_rrset(SSL* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
load_rrset(RES* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
{
|
||||
char* s = (char*)sldns_buffer_begin(buf);
|
||||
struct regional* region = worker->scratchpad;
|
||||
@ -519,7 +519,7 @@ load_rrset(SSL* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
|
||||
/** load rrset cache */
|
||||
static int
|
||||
load_rrset_cache(SSL* ssl, struct worker* worker)
|
||||
load_rrset_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
sldns_buffer* buf = worker->env.scratch_buffer;
|
||||
if(!read_fixed(ssl, buf, "START_RRSET_CACHE")) return 0;
|
||||
@ -575,7 +575,7 @@ load_qinfo(char* str, struct query_info* qinfo, struct regional* region)
|
||||
|
||||
/** load a msg rrset reference */
|
||||
static int
|
||||
load_ref(SSL* ssl, sldns_buffer* buf, struct worker* worker,
|
||||
load_ref(RES* ssl, sldns_buffer* buf, struct worker* worker,
|
||||
struct regional *region, struct ub_packed_rrset_key** rrset,
|
||||
int* go_on)
|
||||
{
|
||||
@ -620,7 +620,7 @@ load_ref(SSL* ssl, sldns_buffer* buf, struct worker* worker,
|
||||
|
||||
/** load a msg entry */
|
||||
static int
|
||||
load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
{
|
||||
struct regional* region = worker->scratchpad;
|
||||
struct query_info qinf;
|
||||
@ -685,7 +685,7 @@ load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
|
||||
/** load msg cache */
|
||||
static int
|
||||
load_msg_cache(SSL* ssl, struct worker* worker)
|
||||
load_msg_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
sldns_buffer* buf = worker->env.scratch_buffer;
|
||||
if(!read_fixed(ssl, buf, "START_MSG_CACHE")) return 0;
|
||||
@ -698,7 +698,7 @@ load_msg_cache(SSL* ssl, struct worker* worker)
|
||||
}
|
||||
|
||||
int
|
||||
load_cache(SSL* ssl, struct worker* worker)
|
||||
load_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
if(!load_rrset_cache(ssl, worker))
|
||||
return 0;
|
||||
@ -709,7 +709,7 @@ load_cache(SSL* ssl, struct worker* worker)
|
||||
|
||||
/** print details on a delegation point */
|
||||
static void
|
||||
print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
|
||||
print_dp_details(RES* ssl, struct worker* worker, struct delegpt* dp)
|
||||
{
|
||||
char buf[257];
|
||||
struct delegpt_addr* a;
|
||||
@ -785,7 +785,7 @@ print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
|
||||
|
||||
/** print main dp info */
|
||||
static void
|
||||
print_dp_main(SSL* ssl, struct delegpt* dp, struct dns_msg* msg)
|
||||
print_dp_main(RES* ssl, struct delegpt* dp, struct dns_msg* msg)
|
||||
{
|
||||
size_t i, n_ns, n_miss, n_addr, n_res, n_avail;
|
||||
|
||||
@ -813,7 +813,7 @@ print_dp_main(SSL* ssl, struct delegpt* dp, struct dns_msg* msg)
|
||||
return;
|
||||
}
|
||||
|
||||
int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
|
||||
int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
|
||||
size_t nmlen, int ATTR_UNUSED(nmlabs))
|
||||
{
|
||||
/* deep links into the iterator module */
|
||||
|
@ -72,6 +72,7 @@
|
||||
#ifndef DAEMON_DUMPCACHE_H
|
||||
#define DAEMON_DUMPCACHE_H
|
||||
struct worker;
|
||||
#include "daemon/remote.h"
|
||||
|
||||
/**
|
||||
* Dump cache(s) to text
|
||||
@ -80,7 +81,7 @@ struct worker;
|
||||
* ptrs to the caches.
|
||||
* @return false on ssl print error.
|
||||
*/
|
||||
int dump_cache(SSL* ssl, struct worker* worker);
|
||||
int dump_cache(RES* ssl, struct worker* worker);
|
||||
|
||||
/**
|
||||
* Load cache(s) from text
|
||||
@ -89,7 +90,7 @@ int dump_cache(SSL* ssl, struct worker* worker);
|
||||
* ptrs to the caches.
|
||||
* @return false on ssl error.
|
||||
*/
|
||||
int load_cache(SSL* ssl, struct worker* worker);
|
||||
int load_cache(RES* ssl, struct worker* worker);
|
||||
|
||||
/**
|
||||
* Print the delegation used to lookup for this name.
|
||||
@ -101,7 +102,7 @@ int load_cache(SSL* ssl, struct worker* worker);
|
||||
* @param nmlabs: labels in name.
|
||||
* @return false on ssl error.
|
||||
*/
|
||||
int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
|
||||
int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
|
||||
size_t nmlen, int nmlabs);
|
||||
|
||||
#endif /* DAEMON_DUMPCACHE_H */
|
||||
|
535
daemon/remote.c
535
daemon/remote.c
File diff suppressed because it is too large
Load Diff
@ -73,6 +73,8 @@ struct rc_state {
|
||||
/** the ssl state */
|
||||
SSL* ssl;
|
||||
#endif
|
||||
/** file descriptor */
|
||||
int fd;
|
||||
/** the rc this is part of */
|
||||
struct daemon_remote* rc;
|
||||
};
|
||||
@ -103,6 +105,19 @@ struct daemon_remote {
|
||||
#endif
|
||||
};
|
||||
|
||||
/**
|
||||
* Connection to print to, either SSL or plain over fd
|
||||
*/
|
||||
struct remote_stream {
|
||||
#ifdef HAVE_SSL
|
||||
/** SSL structure, nonNULL if using SSL */
|
||||
SSL* ssl;
|
||||
#endif
|
||||
/** file descriptor for plain transfer */
|
||||
int fd;
|
||||
};
|
||||
typedef struct remote_stream RES;
|
||||
|
||||
/**
|
||||
* Create new remote control state for the daemon.
|
||||
* @param cfg: config file with key file settings.
|
||||
@ -166,26 +181,26 @@ void daemon_remote_exec(struct worker* worker);
|
||||
* @param text: the text.
|
||||
* @return false on connection failure.
|
||||
*/
|
||||
int ssl_print_text(SSL* ssl, const char* text);
|
||||
int ssl_print_text(RES* ssl, const char* text);
|
||||
|
||||
/**
|
||||
* printf style printing to the ssl connection
|
||||
* @param ssl: the SSL connection to print to. Blocking.
|
||||
* @param ssl: the RES connection to print to. Blocking.
|
||||
* @param format: printf style format string.
|
||||
* @return success or false on a network failure.
|
||||
*/
|
||||
int ssl_printf(SSL* ssl, const char* format, ...)
|
||||
int ssl_printf(RES* ssl, const char* format, ...)
|
||||
ATTR_FORMAT(printf, 2, 3);
|
||||
|
||||
/**
|
||||
* Read until \n is encountered
|
||||
* If SSL signals EOF, the string up to then is returned (without \n).
|
||||
* @param ssl: the SSL connection to read from. blocking.
|
||||
* If stream signals EOF, the string up to then is returned (without \n).
|
||||
* @param ssl: the RES connection to read from. blocking.
|
||||
* @param buf: buffer to read to.
|
||||
* @param max: size of buffer.
|
||||
* @return false on connection failure.
|
||||
*/
|
||||
int ssl_read_line(SSL* ssl, char* buf, size_t max);
|
||||
int ssl_read_line(RES* ssl, char* buf, size_t max);
|
||||
#endif /* HAVE_SSL */
|
||||
|
||||
#endif /* DAEMON_REMOTE_H */
|
||||
|
@ -1,6 +1,48 @@
|
||||
19 June 2018: Wouter
|
||||
- Fix for unbound-control on Windows and set TCP socket parameters
|
||||
more closely.
|
||||
- Fix windows unbound-control no cert bad file descriptor error.
|
||||
|
||||
18 June 2018: Wouter
|
||||
- Fix that control-use-cert: no works for 127.0.0.1 to disable certs.
|
||||
- Fix unbound-checkconf for control-use-cert.
|
||||
|
||||
15 June 2018: Wouter
|
||||
- tag for 1.7.3rc1.
|
||||
|
||||
14 June 2018: Wouter
|
||||
- #4103: Fix that auth-zone does not insist on SOA record first in
|
||||
file for url downloads.
|
||||
- Fix that first control-interface determines if TLS is used. Warn
|
||||
when IP address interfaces are used without TLS.
|
||||
- Fix nettle compile.
|
||||
|
||||
12 June 2018: Ralph
|
||||
- Don't count CNAME response types received during qname minimisation as
|
||||
query restart.
|
||||
|
||||
12 June 2018: Wouter
|
||||
- #4102 for NSD, but for Unbound. Named unix pipes do not use
|
||||
certificate and key files, access can be restricted with file and
|
||||
directory permissions. The option control-use-cert is no longer
|
||||
used, and ignored if found in unbound.conf.
|
||||
- Rename tls-additional-ports to tls-additional-port, because every
|
||||
line adds one port.
|
||||
- Fix buffer size warning in unit test.
|
||||
- remade dependencies in the Makefile.
|
||||
|
||||
6 June 2018: Wouter
|
||||
- Patch to fix openwrt for mac os build darwin detection in configure.
|
||||
|
||||
5 June 2018: Wouter
|
||||
- Fix crash if ratelimit taken into use with unbound-control
|
||||
instead of with unbound.conf.
|
||||
|
||||
4 June 2018: Wouter
|
||||
- Fix deadlock caused by incoming notify for auth-zone.
|
||||
- tag for 1.7.2rc1
|
||||
- tag for 1.7.2rc1, became 1.7.2 release on 11 June 2018,
|
||||
trunk is 1.7.3 in development from this point.
|
||||
- #4100: Fix stub reprime when it becomes useless.
|
||||
|
||||
1 June 2018: Wouter
|
||||
- Rename additional-tls-port to tls-additional-ports.
|
||||
|
@ -1,4 +1,4 @@
|
||||
README for Unbound 1.7.2
|
||||
README for Unbound 1.7.3
|
||||
Copyright 2007 NLnet Labs
|
||||
http://unbound.net
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# Example configuration file.
|
||||
#
|
||||
# See unbound.conf(5) man page, version 1.7.2.
|
||||
# See unbound.conf(5) man page, version 1.7.3.
|
||||
#
|
||||
# this is a comment.
|
||||
|
||||
@ -686,7 +686,7 @@ server:
|
||||
# tls-win-cert: no
|
||||
|
||||
# Also serve tls on these port numbers (eg. 443, ...), by listing
|
||||
# tls-additional-ports: portno for each of the port numbers.
|
||||
# tls-additional-port: portno for each of the port numbers.
|
||||
|
||||
# DNS64 prefix. Must be specified when DNS64 is use.
|
||||
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
|
||||
@ -774,18 +774,20 @@ remote-control:
|
||||
# set up the keys and certificates with unbound-control-setup.
|
||||
# control-enable: no
|
||||
|
||||
# Set to no and use an absolute path as control-interface to use
|
||||
# a unix local named pipe for unbound-control.
|
||||
# control-use-cert: yes
|
||||
|
||||
# what interfaces are listened to for remote control.
|
||||
# give 0.0.0.0 and ::0 to listen to all interfaces.
|
||||
# set to an absolute path to use a unix local name pipe, certificates
|
||||
# are not used for that, so key and cert files need not be present.
|
||||
# control-interface: 127.0.0.1
|
||||
# control-interface: ::1
|
||||
|
||||
# port number for remote control operations.
|
||||
# control-port: 8953
|
||||
|
||||
# for localhost, you can disable use of TLS by setting this to "no"
|
||||
# For local sockets this option is ignored, and TLS is not used.
|
||||
# control-use-cert: "yes"
|
||||
|
||||
# unbound server key file.
|
||||
# server-key-file: "@UNBOUND_RUN_DIR@/unbound_server.key"
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "libunbound" "3" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
|
||||
.TH "libunbound" "3" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
|
||||
.\"
|
||||
.\" libunbound.3 -- unbound library functions manual
|
||||
.\"
|
||||
@ -43,7 +43,7 @@
|
||||
.B ub_ctx_zone_remove,
|
||||
.B ub_ctx_data_add,
|
||||
.B ub_ctx_data_remove
|
||||
\- Unbound DNS validating resolver 1.7.2 functions.
|
||||
\- Unbound DNS validating resolver 1.7.3 functions.
|
||||
.SH "SYNOPSIS"
|
||||
.B #include <unbound.h>
|
||||
.LP
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-anchor" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
|
||||
.TH "unbound-anchor" "8" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
|
||||
.\"
|
||||
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
||||
.\"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-checkconf" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
|
||||
.TH "unbound-checkconf" "8" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
|
||||
.\"
|
||||
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
||||
.\"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-control" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
|
||||
.TH "unbound-control" "8" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
|
||||
.\"
|
||||
.\" unbound-control.8 -- unbound remote control manual
|
||||
.\"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound\-host" "1" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
|
||||
.TH "unbound\-host" "1" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
|
||||
.\"
|
||||
.\" unbound-host.1 -- unbound DNS lookup utility
|
||||
.\"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
|
||||
.TH "unbound" "8" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
|
||||
.\"
|
||||
.\" unbound.8 -- unbound manual
|
||||
.\"
|
||||
@ -9,7 +9,7 @@
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.B unbound
|
||||
\- Unbound DNS validating resolver 1.7.2.
|
||||
\- Unbound DNS validating resolver 1.7.3.
|
||||
.SH "SYNOPSIS"
|
||||
.B unbound
|
||||
.RB [ \-h ]
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound.conf" "5" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
|
||||
.TH "unbound.conf" "5" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
|
||||
.\"
|
||||
.\" unbound.conf.5 -- unbound.conf manual
|
||||
.\"
|
||||
@ -452,8 +452,8 @@ If no cert bundle, it uses only these certificates. Default is no.
|
||||
On windows this option uses the certificates from the cert store. Use
|
||||
the tls\-cert\-bundle option on other systems.
|
||||
.TP
|
||||
.B tls\-additional\-ports: \fI<portnr>
|
||||
List portnumbers as tls\-additional\-ports, and when interfaces are defined,
|
||||
.B tls\-additional\-port: \fI<portnr>
|
||||
List portnumbers as tls\-additional\-port, and when interfaces are defined,
|
||||
eg. with the @port suffix, as this port number, they provide dns over TLS
|
||||
service. Can list multiple, each on a new statement.
|
||||
.TP
|
||||
@ -1369,6 +1369,14 @@ By default localhost (127.0.0.1 and ::1) is listened to.
|
||||
Use 0.0.0.0 and ::0 to listen to all interfaces.
|
||||
If you change this and permissions have been dropped, you must restart
|
||||
the server for the change to take effect.
|
||||
.IP
|
||||
If you set it to an absolute path, a local socket is used. The local socket
|
||||
does not use the certificates and keys, so those files need not be present.
|
||||
To restrict access, unbound sets permissions on the file to the user and
|
||||
group that is configured, the access bits are set to allow the group members
|
||||
to access the control socket file. Put users that need to access the socket
|
||||
in the that group. To restrict access further, create a directory to put
|
||||
the control socket in and restrict access to that directory.
|
||||
.TP 5
|
||||
.B control\-port: \fI<port number>
|
||||
The port number to listen on for IPv4 or IPv6 control interfaces,
|
||||
@ -1377,11 +1385,9 @@ If you change this and permissions have been dropped, you must restart
|
||||
the server for the change to take effect.
|
||||
.TP 5
|
||||
.B control\-use\-cert: \fI<yes or no>
|
||||
Whether to require certificate authentication of control connections.
|
||||
The default is "yes".
|
||||
This should not be changed unless there are other mechanisms in place
|
||||
to prevent untrusted users from accessing the remote control
|
||||
interface.
|
||||
For localhost control-interface you can disable the use of TLS by setting
|
||||
this option to "no", default is "yes". For local sockets, TLS is disabled
|
||||
and the value of this option is ignored.
|
||||
.TP 5
|
||||
.B server\-key\-file: \fI<private key file>
|
||||
Path to the server private key, by default unbound_server.key.
|
||||
|
@ -536,7 +536,7 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
/** see if last resort is possible - does config allow queries to parent */
|
||||
static int
|
||||
can_have_last_resort(struct module_env* env, uint8_t* nm, size_t nmlen,
|
||||
uint16_t qclass)
|
||||
uint16_t qclass, struct delegpt** retdp)
|
||||
{
|
||||
struct delegpt* fwddp;
|
||||
struct iter_hints_stub* stub;
|
||||
@ -549,12 +549,14 @@ can_have_last_resort(struct module_env* env, uint8_t* nm, size_t nmlen,
|
||||
/* has_parent side is turned off for stub_first, where we
|
||||
* are allowed to go to the parent */
|
||||
stub->dp->has_parent_side_NS) {
|
||||
if(retdp) *retdp = stub->dp;
|
||||
return 0;
|
||||
}
|
||||
if((fwddp = forwards_find(env->fwds, nm, qclass)) &&
|
||||
/* has_parent_side is turned off for forward_first, where
|
||||
* we are allowed to go to the parent */
|
||||
fwddp->has_parent_side_NS) {
|
||||
if(retdp) *retdp = fwddp;
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
@ -1000,7 +1002,7 @@ generate_ns_check(struct module_qstate* qstate, struct iter_qstate* iq, int id)
|
||||
if(iq->depth == ie->max_dependency_depth)
|
||||
return;
|
||||
if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen,
|
||||
iq->qchase.qclass))
|
||||
iq->qchase.qclass, NULL))
|
||||
return;
|
||||
/* is this query the same as the nscheck? */
|
||||
if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS &&
|
||||
@ -1184,10 +1186,8 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
*/
|
||||
if (iq->refetch_glue &&
|
||||
iq->dp &&
|
||||
!can_have_last_resort(qstate->env,
|
||||
iq->dp->name,
|
||||
iq->dp->namelen,
|
||||
iq->qchase.qclass)) {
|
||||
!can_have_last_resort(qstate->env, iq->dp->name,
|
||||
iq->dp->namelen, iq->qchase.qclass, NULL)) {
|
||||
iq->refetch_glue = 0;
|
||||
}
|
||||
|
||||
@ -1300,7 +1300,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
}
|
||||
if(iq->qchase.qtype == LDNS_RR_TYPE_DS || iq->refetch_glue ||
|
||||
(iq->qchase.qtype == LDNS_RR_TYPE_NS && qstate->prefetch_leeway
|
||||
&& can_have_last_resort(qstate->env, delname, delnamelen, iq->qchase.qclass))) {
|
||||
&& can_have_last_resort(qstate->env, delname, delnamelen, iq->qchase.qclass, NULL))) {
|
||||
/* remove first label from delname, root goes to hints,
|
||||
* but only to fetch glue, not for qtype=DS. */
|
||||
/* also when prefetching an NS record, fetch it again from
|
||||
@ -1416,9 +1416,25 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
*/
|
||||
if(iter_dp_is_useless(&qstate->qinfo, qstate->query_flags,
|
||||
iq->dp)) {
|
||||
if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen, iq->qchase.qclass)) {
|
||||
struct delegpt* retdp = NULL;
|
||||
if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen, iq->qchase.qclass, &retdp)) {
|
||||
if(retdp) {
|
||||
verbose(VERB_QUERY, "cache has stub "
|
||||
"or fwd but no addresses, "
|
||||
"fallback to config");
|
||||
iq->dp = delegpt_copy(retdp,
|
||||
qstate->region);
|
||||
if(!iq->dp) {
|
||||
log_err("out of memory in "
|
||||
"stub/fwd fallback");
|
||||
return error_response(qstate,
|
||||
id, LDNS_RCODE_SERVFAIL);
|
||||
}
|
||||
break;
|
||||
}
|
||||
verbose(VERB_ALGO, "useless dp "
|
||||
"but cannot go up, servfail");
|
||||
delegpt_log(VERB_ALGO, iq->dp);
|
||||
return error_response(qstate, id,
|
||||
LDNS_RCODE_SERVFAIL);
|
||||
}
|
||||
@ -1779,7 +1795,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
log_assert(iq->dp);
|
||||
|
||||
if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen,
|
||||
iq->qchase.qclass)) {
|
||||
iq->qchase.qclass, NULL)) {
|
||||
/* fail -- no more targets, no more hope of targets, no hope
|
||||
* of a response. */
|
||||
verbose(VERB_QUERY, "configured stub or forward servers failed -- returning SERVFAIL");
|
||||
@ -1872,7 +1888,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
if( ((ie->supports_ipv6 && !ns->done_pside6) ||
|
||||
(ie->supports_ipv4 && !ns->done_pside4)) &&
|
||||
!can_have_last_resort(qstate->env, ns->name, ns->namelen,
|
||||
iq->qchase.qclass)) {
|
||||
iq->qchase.qclass, NULL)) {
|
||||
log_nametypeclass(VERB_ALGO, "cannot pside lookup ns "
|
||||
"because it is also a stub/forward,",
|
||||
ns->name, LDNS_RR_TYPE_NS, iq->qchase.qclass);
|
||||
@ -2754,16 +2770,18 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
/* set the current request's qname to the new value. */
|
||||
iq->qchase.qname = sname;
|
||||
iq->qchase.qname_len = snamelen;
|
||||
if (qstate->env->cfg->qname_minimisation)
|
||||
iq->minimisation_state = INIT_MINIMISE_STATE;
|
||||
/* Clear the query state, since this is a query restart. */
|
||||
iq->deleg_msg = NULL;
|
||||
iq->dp = NULL;
|
||||
iq->dsns_point = NULL;
|
||||
iq->auth_zone_response = 0;
|
||||
/* Note the query restart. */
|
||||
iq->query_restart_count++;
|
||||
iq->sent_count = 0;
|
||||
if(iq->minimisation_state != MINIMISE_STATE)
|
||||
/* Only count as query restart when it is not an extra
|
||||
* query as result of qname minimisation. */
|
||||
iq->query_restart_count++;
|
||||
if(qstate->env->cfg->qname_minimisation)
|
||||
iq->minimisation_state = INIT_MINIMISE_STATE;
|
||||
|
||||
/* stop current outstanding queries.
|
||||
* FIXME: should the outstanding queries be waited for and
|
||||
|
@ -883,7 +883,7 @@ struct config_file {
|
||||
struct config_strlist* local_zones_nodefault;
|
||||
struct config_strlist* local_data;
|
||||
int remote_control_enable;
|
||||
struct config_strlist* control_ifs;
|
||||
struct config_strlist_head control_ifs;
|
||||
int control_port;
|
||||
char* server_key_file;
|
||||
char* server_cert_file;
|
||||
|
@ -4164,8 +4164,8 @@ chunkline_non_comment_RR(struct auth_chunk** chunk, size_t* chunk_pos,
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** check syntax of chunklist zonefile, parse SOA RR, return false on
|
||||
* failure and return a string in the scratch buffer (SOA RR string)
|
||||
/** check syntax of chunklist zonefile, parse first RR, return false on
|
||||
* failure and return a string in the scratch buffer (first RR string)
|
||||
* on failure. */
|
||||
static int
|
||||
http_zonefile_syntax_check(struct auth_xfer* xfr, sldns_buffer* buf)
|
||||
@ -4193,26 +4193,11 @@ http_zonefile_syntax_check(struct auth_xfer* xfr, sldns_buffer* buf)
|
||||
pstate.origin_len?pstate.origin:NULL, pstate.origin_len,
|
||||
pstate.prev_rr_len?pstate.prev_rr:NULL, pstate.prev_rr_len);
|
||||
if(e != 0) {
|
||||
log_err("parse failure on SOA RR[%d]: %s",
|
||||
log_err("parse failure on first RR[%d]: %s",
|
||||
LDNS_WIREPARSE_OFFSET(e),
|
||||
sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e)));
|
||||
return 0;
|
||||
}
|
||||
/* check that name is correct */
|
||||
if(query_dname_compare(rr, xfr->name) != 0) {
|
||||
char nm[255+1], zname[255+1];
|
||||
dname_str(rr, nm);
|
||||
dname_str(xfr->name, zname);
|
||||
log_err("parse failure for %s, SOA RR for %s found instead",
|
||||
zname, nm);
|
||||
return 0;
|
||||
}
|
||||
/* check that type is SOA */
|
||||
if(sldns_wirerr_get_type(rr, rr_len, dname_len) != LDNS_RR_TYPE_SOA) {
|
||||
log_err("parse failure: first record in downloaded zonefile "
|
||||
"not of type SOA");
|
||||
return 0;
|
||||
}
|
||||
/* check that class is correct */
|
||||
if(sldns_wirerr_get_class(rr, rr_len, dname_len) != xfr->dclass) {
|
||||
log_err("parse failure: first record in downloaded zonefile "
|
||||
|
28
services/cache/infra.c
vendored
28
services/cache/infra.c
vendored
@ -232,22 +232,20 @@ infra_create(struct config_file* cfg)
|
||||
infra->host_ttl = cfg->host_ttl;
|
||||
name_tree_init(&infra->domain_limits);
|
||||
infra_dp_ratelimit = cfg->ratelimit;
|
||||
if(cfg->ratelimit != 0) {
|
||||
infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
|
||||
INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
|
||||
&rate_sizefunc, &rate_compfunc, &rate_delkeyfunc,
|
||||
&rate_deldatafunc, NULL);
|
||||
if(!infra->domain_rates) {
|
||||
infra_delete(infra);
|
||||
return NULL;
|
||||
}
|
||||
/* insert config data into ratelimits */
|
||||
if(!infra_ratelimit_cfg_insert(infra, cfg)) {
|
||||
infra_delete(infra);
|
||||
return NULL;
|
||||
}
|
||||
name_tree_init_parents(&infra->domain_limits);
|
||||
infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
|
||||
INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
|
||||
&rate_sizefunc, &rate_compfunc, &rate_delkeyfunc,
|
||||
&rate_deldatafunc, NULL);
|
||||
if(!infra->domain_rates) {
|
||||
infra_delete(infra);
|
||||
return NULL;
|
||||
}
|
||||
/* insert config data into ratelimits */
|
||||
if(!infra_ratelimit_cfg_insert(infra, cfg)) {
|
||||
infra_delete(infra);
|
||||
return NULL;
|
||||
}
|
||||
name_tree_init_parents(&infra->domain_limits);
|
||||
infra_ip_ratelimit = cfg->ip_ratelimit;
|
||||
infra->client_ip_rates = slabhash_create(cfg->ip_ratelimit_slabs,
|
||||
INFRA_HOST_STARTSIZE, cfg->ip_ratelimit_size, &ip_rate_sizefunc,
|
||||
|
@ -1059,7 +1059,7 @@ set_recvpktinfo(int s, int family)
|
||||
/** see if interface is ssl, its port number == the ssl port number */
|
||||
static int
|
||||
if_is_ssl(const char* ifname, const char* port, int ssl_port,
|
||||
struct config_strlist* tls_additional_ports)
|
||||
struct config_strlist* tls_additional_port)
|
||||
{
|
||||
struct config_strlist* s;
|
||||
char* p = strchr(ifname, '@');
|
||||
@ -1067,7 +1067,7 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port,
|
||||
return 1;
|
||||
if(p && atoi(p+1) == ssl_port)
|
||||
return 1;
|
||||
for(s = tls_additional_ports; s; s = s->next) {
|
||||
for(s = tls_additional_port; s; s = s->next) {
|
||||
if(p && atoi(p+1) == atoi(s->str))
|
||||
return 1;
|
||||
if(!p && atoi(port) == atoi(s->str))
|
||||
@ -1089,7 +1089,7 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port,
|
||||
* @param rcv: receive buffer size for UDP
|
||||
* @param snd: send buffer size for UDP
|
||||
* @param ssl_port: ssl service port number
|
||||
* @param tls_additional_ports: list of additional ssl service port numbers.
|
||||
* @param tls_additional_port: list of additional ssl service port numbers.
|
||||
* @param reuseport: try to set SO_REUSEPORT if nonNULL and true.
|
||||
* set to false on exit if reuseport failed due to no kernel support.
|
||||
* @param transparent: set IP_TRANSPARENT socket option.
|
||||
@ -1103,7 +1103,7 @@ static int
|
||||
ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
|
||||
struct addrinfo *hints, const char* port, struct listen_port** list,
|
||||
size_t rcv, size_t snd, int ssl_port,
|
||||
struct config_strlist* tls_additional_ports, int* reuseport,
|
||||
struct config_strlist* tls_additional_port, int* reuseport,
|
||||
int transparent, int tcp_mss, int freebind, int use_systemd,
|
||||
int dnscrypt_port)
|
||||
{
|
||||
@ -1170,7 +1170,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
|
||||
}
|
||||
if(do_tcp) {
|
||||
int is_ssl = if_is_ssl(ifname, port, ssl_port,
|
||||
tls_additional_ports);
|
||||
tls_additional_port);
|
||||
if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1,
|
||||
&noip6, 0, 0, reuseport, transparent, tcp_mss,
|
||||
freebind, use_systemd)) == -1) {
|
||||
@ -1356,7 +1356,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
|
||||
do_auto, cfg->do_udp, do_tcp,
|
||||
&hints, portbuf, &list,
|
||||
cfg->so_rcvbuf, cfg->so_sndbuf,
|
||||
cfg->ssl_port, cfg->tls_additional_ports,
|
||||
cfg->ssl_port, cfg->tls_additional_port,
|
||||
reuseport, cfg->ip_transparent,
|
||||
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
|
||||
cfg->dnscrypt_port)) {
|
||||
@ -1370,7 +1370,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
|
||||
do_auto, cfg->do_udp, do_tcp,
|
||||
&hints, portbuf, &list,
|
||||
cfg->so_rcvbuf, cfg->so_sndbuf,
|
||||
cfg->ssl_port, cfg->tls_additional_ports,
|
||||
cfg->ssl_port, cfg->tls_additional_port,
|
||||
reuseport, cfg->ip_transparent,
|
||||
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
|
||||
cfg->dnscrypt_port)) {
|
||||
@ -1386,7 +1386,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
|
||||
if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
|
||||
do_tcp, &hints, portbuf, &list,
|
||||
cfg->so_rcvbuf, cfg->so_sndbuf,
|
||||
cfg->ssl_port, cfg->tls_additional_ports,
|
||||
cfg->ssl_port, cfg->tls_additional_port,
|
||||
reuseport, cfg->ip_transparent,
|
||||
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
|
||||
cfg->dnscrypt_port)) {
|
||||
@ -1400,7 +1400,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
|
||||
if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
|
||||
do_tcp, &hints, portbuf, &list,
|
||||
cfg->so_rcvbuf, cfg->so_sndbuf,
|
||||
cfg->ssl_port, cfg->tls_additional_ports,
|
||||
cfg->ssl_port, cfg->tls_additional_port,
|
||||
reuseport, cfg->ip_transparent,
|
||||
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
|
||||
cfg->dnscrypt_port)) {
|
||||
|
@ -542,7 +542,8 @@ morechecks(struct config_file* cfg, const char* fname)
|
||||
# endif
|
||||
}
|
||||
#endif
|
||||
if(cfg->remote_control_enable && cfg->remote_control_use_cert) {
|
||||
if(cfg->remote_control_enable && options_remote_is_address(cfg)
|
||||
&& cfg->control_use_cert) {
|
||||
check_chroot_string("server-key-file", &cfg->server_key_file,
|
||||
cfg->chrootdir, cfg);
|
||||
check_chroot_string("server-cert-file", &cfg->server_cert_file,
|
||||
|
@ -451,47 +451,33 @@ setup_ctx(struct config_file* cfg)
|
||||
char* s_cert=NULL, *c_key=NULL, *c_cert=NULL;
|
||||
SSL_CTX* ctx;
|
||||
|
||||
if(cfg->remote_control_use_cert) {
|
||||
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
|
||||
c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
|
||||
c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
|
||||
if(!s_cert || !c_key || !c_cert)
|
||||
fatal_exit("out of memory");
|
||||
}
|
||||
if(!(options_remote_is_address(cfg) && cfg->control_use_cert))
|
||||
return NULL;
|
||||
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
|
||||
c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
|
||||
c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
|
||||
if(!s_cert || !c_key || !c_cert)
|
||||
fatal_exit("out of memory");
|
||||
ctx = SSL_CTX_new(SSLv23_client_method());
|
||||
if(!ctx)
|
||||
ssl_err("could not allocate SSL_CTX pointer");
|
||||
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
|
||||
!= SSL_OP_NO_SSLv2)
|
||||
ssl_err("could not set SSL_OP_NO_SSLv2");
|
||||
if(cfg->remote_control_use_cert) {
|
||||
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
|
||||
!= SSL_OP_NO_SSLv3)
|
||||
ssl_err("could not set SSL_OP_NO_SSLv3");
|
||||
if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
|
||||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|
||||
|| !SSL_CTX_check_private_key(ctx))
|
||||
ssl_err("Error setting up SSL_CTX client key and cert");
|
||||
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
|
||||
ssl_err("Error setting up SSL_CTX verify, server cert");
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
||||
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
|
||||
!= SSL_OP_NO_SSLv3)
|
||||
ssl_err("could not set SSL_OP_NO_SSLv3");
|
||||
if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
|
||||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|
||||
|| !SSL_CTX_check_private_key(ctx))
|
||||
ssl_err("Error setting up SSL_CTX client key and cert");
|
||||
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
|
||||
ssl_err("Error setting up SSL_CTX verify, server cert");
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
||||
|
||||
free(s_cert);
|
||||
free(c_key);
|
||||
free(c_cert);
|
||||
} else {
|
||||
/* Use ciphers that don't require authentication */
|
||||
#if defined(SSL_OP_NO_TLSv1_3)
|
||||
/* in openssl 1.1.1, negotiation code for tls 1.3 does
|
||||
* not allow the unauthenticated aNULL and eNULL ciphers */
|
||||
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_3);
|
||||
#endif
|
||||
#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
|
||||
SSL_CTX_set_security_level(ctx, 0);
|
||||
#endif
|
||||
if(!SSL_CTX_set_cipher_list(ctx, "aNULL:eNULL"))
|
||||
ssl_err("Error setting NULL cipher!");
|
||||
}
|
||||
free(s_cert);
|
||||
free(c_key);
|
||||
free(c_cert);
|
||||
return ctx;
|
||||
}
|
||||
|
||||
@ -501,12 +487,12 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||
{
|
||||
struct sockaddr_storage addr;
|
||||
socklen_t addrlen;
|
||||
int addrfamily = 0;
|
||||
int fd;
|
||||
int addrfamily = 0, proto = IPPROTO_TCP;
|
||||
int fd, useport = 1;
|
||||
/* use svr or the first config entry */
|
||||
if(!svr) {
|
||||
if(cfg->control_ifs) {
|
||||
svr = cfg->control_ifs->str;
|
||||
if(cfg->control_ifs.first) {
|
||||
svr = cfg->control_ifs.first->str;
|
||||
} else if(cfg->do_ip4) {
|
||||
svr = "127.0.0.1";
|
||||
} else {
|
||||
@ -534,6 +520,8 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||
(void)strlcpy(usock->sun_path, svr, sizeof(usock->sun_path));
|
||||
addrlen = (socklen_t)sizeof(struct sockaddr_un);
|
||||
addrfamily = AF_LOCAL;
|
||||
useport = 0;
|
||||
proto = 0;
|
||||
#endif
|
||||
} else {
|
||||
if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen))
|
||||
@ -541,8 +529,8 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||
}
|
||||
|
||||
if(addrfamily == 0)
|
||||
addrfamily = addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET;
|
||||
fd = socket(addrfamily, SOCK_STREAM, 0);
|
||||
addrfamily = addr_is_ip6(&addr, addrlen)?PF_INET6:PF_INET;
|
||||
fd = socket(addrfamily, SOCK_STREAM, proto);
|
||||
if(fd == -1) {
|
||||
#ifndef USE_WINSOCK
|
||||
fatal_exit("socket: %s", strerror(errno));
|
||||
@ -552,14 +540,18 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||
}
|
||||
if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) {
|
||||
#ifndef USE_WINSOCK
|
||||
log_err_addr("connect", strerror(errno), &addr, addrlen);
|
||||
if(errno == ECONNREFUSED && statuscmd) {
|
||||
int err = errno;
|
||||
if(!useport) log_err("connect: %s for %s", strerror(err), svr);
|
||||
else log_err_addr("connect", strerror(err), &addr, addrlen);
|
||||
if(err == ECONNREFUSED && statuscmd) {
|
||||
printf("unbound is stopped\n");
|
||||
exit(3);
|
||||
}
|
||||
#else
|
||||
log_err_addr("connect", wsa_strerror(WSAGetLastError()), &addr, addrlen);
|
||||
if(WSAGetLastError() == WSAECONNREFUSED && statuscmd) {
|
||||
int wsaerr = WSAGetLastError();
|
||||
if(!useport) log_err("connect: %s for %s", wsa_strerror(wsaerr), svr);
|
||||
else log_err_addr("connect", wsa_strerror(wsaerr), &addr, addrlen);
|
||||
if(wsaerr == WSAECONNREFUSED && statuscmd) {
|
||||
printf("unbound is stopped\n");
|
||||
exit(3);
|
||||
}
|
||||
@ -571,12 +563,13 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||
|
||||
/** setup SSL on the connection */
|
||||
static SSL*
|
||||
setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg)
|
||||
setup_ssl(SSL_CTX* ctx, int fd)
|
||||
{
|
||||
SSL* ssl;
|
||||
X509* x;
|
||||
int r;
|
||||
|
||||
if(!ctx) return NULL;
|
||||
ssl = SSL_new(ctx);
|
||||
if(!ssl)
|
||||
ssl_err("could not SSL_new");
|
||||
@ -597,78 +590,115 @@ setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg)
|
||||
/* check authenticity of server */
|
||||
if(SSL_get_verify_result(ssl) != X509_V_OK)
|
||||
ssl_err("SSL verification failed");
|
||||
if(cfg->remote_control_use_cert) {
|
||||
x = SSL_get_peer_certificate(ssl);
|
||||
if(!x)
|
||||
ssl_err("Server presented no peer certificate");
|
||||
X509_free(x);
|
||||
}
|
||||
x = SSL_get_peer_certificate(ssl);
|
||||
if(!x)
|
||||
ssl_err("Server presented no peer certificate");
|
||||
X509_free(x);
|
||||
|
||||
return ssl;
|
||||
}
|
||||
|
||||
/** read from ssl or fd, fatalexit on error, 0 EOF, 1 success */
|
||||
static int
|
||||
remote_read(SSL* ssl, int fd, char* buf, size_t len)
|
||||
{
|
||||
if(ssl) {
|
||||
int r;
|
||||
ERR_clear_error();
|
||||
if((r = SSL_read(ssl, buf, (int)len-1)) <= 0) {
|
||||
if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
|
||||
/* EOF */
|
||||
return 0;
|
||||
}
|
||||
ssl_err("could not SSL_read");
|
||||
}
|
||||
buf[r] = 0;
|
||||
} else {
|
||||
ssize_t rr = recv(fd, buf, len-1, 0);
|
||||
if(rr <= 0) {
|
||||
if(rr == 0) {
|
||||
/* EOF */
|
||||
return 0;
|
||||
}
|
||||
#ifndef USE_WINSOCK
|
||||
fatal_exit("could not recv: %s", strerror(errno));
|
||||
#else
|
||||
fatal_exit("could not recv: %s", wsa_strerror(WSAGetLastError()));
|
||||
#endif
|
||||
}
|
||||
buf[rr] = 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** write to ssl or fd, fatalexit on error */
|
||||
static void
|
||||
remote_write(SSL* ssl, int fd, const char* buf, size_t len)
|
||||
{
|
||||
if(ssl) {
|
||||
if(SSL_write(ssl, buf, (int)len) <= 0)
|
||||
ssl_err("could not SSL_write");
|
||||
} else {
|
||||
if(send(fd, buf, len, 0) < (ssize_t)len) {
|
||||
#ifndef USE_WINSOCK
|
||||
fatal_exit("could not send: %s", strerror(errno));
|
||||
#else
|
||||
fatal_exit("could not send: %s", wsa_strerror(WSAGetLastError()));
|
||||
#endif
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/** send stdin to server */
|
||||
static void
|
||||
send_file(SSL* ssl, FILE* in, char* buf, size_t sz)
|
||||
send_file(SSL* ssl, int fd, FILE* in, char* buf, size_t sz)
|
||||
{
|
||||
while(fgets(buf, (int)sz, in)) {
|
||||
if(SSL_write(ssl, buf, (int)strlen(buf)) <= 0)
|
||||
ssl_err("could not SSL_write contents");
|
||||
remote_write(ssl, fd, buf, strlen(buf));
|
||||
}
|
||||
}
|
||||
|
||||
/** send end-of-file marker to server */
|
||||
static void
|
||||
send_eof(SSL* ssl)
|
||||
send_eof(SSL* ssl, int fd)
|
||||
{
|
||||
char e[] = {0x04, 0x0a};
|
||||
if(SSL_write(ssl, e, (int)sizeof(e)) <= 0)
|
||||
ssl_err("could not SSL_write end-of-file marker");
|
||||
remote_write(ssl, fd, e, sizeof(e));
|
||||
}
|
||||
|
||||
/** send command and display result */
|
||||
static int
|
||||
go_cmd(SSL* ssl, int quiet, int argc, char* argv[])
|
||||
go_cmd(SSL* ssl, int fd, int quiet, int argc, char* argv[])
|
||||
{
|
||||
char pre[10];
|
||||
const char* space=" ";
|
||||
const char* newline="\n";
|
||||
int was_error = 0, first_line = 1;
|
||||
int r, i;
|
||||
int i;
|
||||
char buf[1024];
|
||||
snprintf(pre, sizeof(pre), "UBCT%d ", UNBOUND_CONTROL_VERSION);
|
||||
if(SSL_write(ssl, pre, (int)strlen(pre)) <= 0)
|
||||
ssl_err("could not SSL_write");
|
||||
remote_write(ssl, fd, pre, strlen(pre));
|
||||
for(i=0; i<argc; i++) {
|
||||
if(SSL_write(ssl, space, (int)strlen(space)) <= 0)
|
||||
ssl_err("could not SSL_write");
|
||||
if(SSL_write(ssl, argv[i], (int)strlen(argv[i])) <= 0)
|
||||
ssl_err("could not SSL_write");
|
||||
remote_write(ssl, fd, space, strlen(space));
|
||||
remote_write(ssl, fd, argv[i], strlen(argv[i]));
|
||||
}
|
||||
if(SSL_write(ssl, newline, (int)strlen(newline)) <= 0)
|
||||
ssl_err("could not SSL_write");
|
||||
remote_write(ssl, fd, newline, strlen(newline));
|
||||
|
||||
if(argc == 1 && strcmp(argv[0], "load_cache") == 0) {
|
||||
send_file(ssl, stdin, buf, sizeof(buf));
|
||||
send_file(ssl, fd, stdin, buf, sizeof(buf));
|
||||
}
|
||||
else if(argc == 1 && (strcmp(argv[0], "local_zones") == 0 ||
|
||||
strcmp(argv[0], "local_zones_remove") == 0 ||
|
||||
strcmp(argv[0], "local_datas") == 0 ||
|
||||
strcmp(argv[0], "local_datas_remove") == 0)) {
|
||||
send_file(ssl, stdin, buf, sizeof(buf));
|
||||
send_eof(ssl);
|
||||
send_file(ssl, fd, stdin, buf, sizeof(buf));
|
||||
send_eof(ssl, fd);
|
||||
}
|
||||
|
||||
while(1) {
|
||||
ERR_clear_error();
|
||||
if((r = SSL_read(ssl, buf, (int)sizeof(buf)-1)) <= 0) {
|
||||
if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
|
||||
/* EOF */
|
||||
break;
|
||||
}
|
||||
ssl_err("could not SSL_read");
|
||||
if(remote_read(ssl, fd, buf, sizeof(buf)) == 0) {
|
||||
break; /* EOF */
|
||||
}
|
||||
buf[r] = 0;
|
||||
if(first_line && strncmp(buf, "error", 5) == 0) {
|
||||
printf("%s", buf);
|
||||
was_error = 1;
|
||||
@ -703,18 +733,18 @@ go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[])
|
||||
|
||||
/* contact server */
|
||||
fd = contact_server(svr, cfg, argc>0&&strcmp(argv[0],"status")==0);
|
||||
ssl = setup_ssl(ctx, fd, cfg);
|
||||
ssl = setup_ssl(ctx, fd);
|
||||
|
||||
/* send command */
|
||||
ret = go_cmd(ssl, quiet, argc, argv);
|
||||
ret = go_cmd(ssl, fd, quiet, argc, argv);
|
||||
|
||||
SSL_free(ssl);
|
||||
if(ssl) SSL_free(ssl);
|
||||
#ifndef USE_WINSOCK
|
||||
close(fd);
|
||||
#else
|
||||
closesocket(fd);
|
||||
#endif
|
||||
SSL_CTX_free(ctx);
|
||||
if(ctx) SSL_CTX_free(ctx);
|
||||
config_delete(cfg);
|
||||
return ret;
|
||||
}
|
||||
|
@ -94,7 +94,7 @@ static void print_neg_cache(struct val_neg_cache* neg)
|
||||
/** get static pointer to random zone name */
|
||||
static char* get_random_zone(void)
|
||||
{
|
||||
static char zname[256];
|
||||
static char zname[36];
|
||||
int labels = random() % 3;
|
||||
int i;
|
||||
char* p = zname;
|
||||
@ -102,10 +102,10 @@ static char* get_random_zone(void)
|
||||
|
||||
for(i=0; i<labels; i++) {
|
||||
labnum = random()%10;
|
||||
snprintf(p, 256-(p-zname), "\003%3.3d", labnum);
|
||||
snprintf(p, sizeof(zname)-(p-zname), "\003%3.3d", labnum);
|
||||
p+=4;
|
||||
}
|
||||
snprintf(p, 256-(p-zname), "\007example\003com");
|
||||
snprintf(p, sizeof(zname)-(p-zname), "\007example\003com");
|
||||
return zname;
|
||||
}
|
||||
|
||||
|
2
testdata/fwd_oneport.tdir/fwd_oneport.pre
vendored
2
testdata/fwd_oneport.tdir/fwd_oneport.pre
vendored
@ -28,4 +28,4 @@ echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
|
||||
cat .tpkg.var.test
|
||||
wait_ldns_testns_up fwd.log
|
||||
wait_unbound_up unbound.log
|
||||
|
||||
sleep 2
|
||||
|
2
testdata/fwd_oneport.tdir/fwd_oneport.test
vendored
2
testdata/fwd_oneport.tdir/fwd_oneport.test
vendored
@ -36,7 +36,7 @@ dig @localhost -p $UNBOUND_PORT www5.example.com. >outfile5 &
|
||||
digpid5=$!
|
||||
dig @localhost -p $UNBOUND_PORT www6.example.com. >outfile6 &
|
||||
digpid6=$!
|
||||
sleep 6
|
||||
sleep 12
|
||||
kill -9 $digpid1
|
||||
kill -9 $digpid2
|
||||
kill -9 $digpid3
|
||||
|
@ -244,9 +244,10 @@ config_create(void)
|
||||
cfg->insecure_lan_zones = 0;
|
||||
cfg->python_script = NULL;
|
||||
cfg->remote_control_enable = 0;
|
||||
cfg->control_ifs = NULL;
|
||||
cfg->control_ifs.first = NULL;
|
||||
cfg->control_ifs.last = NULL;
|
||||
cfg->control_port = UNBOUND_CONTROL_PORT;
|
||||
cfg->remote_control_use_cert = 1;
|
||||
cfg->control_use_cert = 1;
|
||||
cfg->minimal_responses = 0;
|
||||
cfg->rrset_roundrobin = 0;
|
||||
cfg->max_udp_size = 4096;
|
||||
@ -386,6 +387,9 @@ struct config_file* config_create_forlib(void)
|
||||
#define S_STRLIST_UNIQ(str, var) if(strcmp(opt, str)==0) \
|
||||
{ if(cfg_strlist_find(cfg->var, val)) { return 0;} \
|
||||
return cfg_strlist_insert(&cfg->var, strdup(val)); }
|
||||
/** append string to strlist */
|
||||
#define S_STRLIST_APPEND(str, var) if(strcmp(opt, str)==0) \
|
||||
{ return cfg_strlist_append(&cfg->var, strdup(val)); }
|
||||
|
||||
int config_set_option(struct config_file* cfg, const char* opt,
|
||||
const char* val)
|
||||
@ -457,8 +461,9 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||
else S_NUMBER_NONZERO("ssl-port:", ssl_port)
|
||||
else S_STR("tls-cert-bundle:", tls_cert_bundle)
|
||||
else S_YNO("tls-win-cert:", tls_win_cert)
|
||||
else S_STRLIST("additional-tls-port:", tls_additional_ports)
|
||||
else S_STRLIST("tls-additional-ports:", tls_additional_ports)
|
||||
else S_STRLIST("additional-tls-port:", tls_additional_port)
|
||||
else S_STRLIST("tls-additional-ports:", tls_additional_port)
|
||||
else S_STRLIST("tls-additional-port:", tls_additional_port)
|
||||
else S_YNO("interface-automatic:", if_automatic)
|
||||
else S_YNO("use-systemd:", use_systemd)
|
||||
else S_YNO("do-daemonize:", do_daemonize)
|
||||
@ -555,7 +560,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||
else S_YNO("unblock-lan-zones:", unblock_lan_zones)
|
||||
else S_YNO("insecure-lan-zones:", insecure_lan_zones)
|
||||
else S_YNO("control-enable:", remote_control_enable)
|
||||
else S_STRLIST("control-interface:", control_ifs)
|
||||
else S_STRLIST_APPEND("control-interface:", control_ifs)
|
||||
else S_NUMBER_NONZERO("control-port:", control_port)
|
||||
else S_STR("server-key-file:", server_key_file)
|
||||
else S_STR("server-cert-file:", server_cert_file)
|
||||
@ -879,7 +884,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||
else O_DEC(opt, "ssl-port", ssl_port)
|
||||
else O_STR(opt, "tls-cert-bundle", tls_cert_bundle)
|
||||
else O_YNO(opt, "tls-win-cert", tls_win_cert)
|
||||
else O_LST(opt, "tls-additional-ports", tls_additional_ports)
|
||||
else O_LST(opt, "tls-additional-port", tls_additional_port)
|
||||
else O_YNO(opt, "use-systemd", use_systemd)
|
||||
else O_YNO(opt, "do-daemonize", do_daemonize)
|
||||
else O_STR(opt, "chroot", chrootdir)
|
||||
@ -941,7 +946,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||
else O_YNO(opt, "trust-anchor-signaling", trust_anchor_signaling)
|
||||
else O_YNO(opt, "root-key-sentinel", root_key_sentinel)
|
||||
else O_LST(opt, "dlv-anchor", dlv_anchor_list)
|
||||
else O_LST(opt, "control-interface", control_ifs)
|
||||
else O_LST(opt, "control-interface", control_ifs.first)
|
||||
else O_LST(opt, "domain-insecure", domain_insecure)
|
||||
else O_UNS(opt, "val-override-date", val_date_override)
|
||||
else O_YNO(opt, "minimal-responses", minimal_responses)
|
||||
@ -1303,7 +1308,7 @@ config_delete(struct config_file* cfg)
|
||||
free(cfg->ssl_service_key);
|
||||
free(cfg->ssl_service_pem);
|
||||
free(cfg->tls_cert_bundle);
|
||||
config_delstrlist(cfg->tls_additional_ports);
|
||||
config_delstrlist(cfg->tls_additional_port);
|
||||
free(cfg->log_identity);
|
||||
config_del_strarray(cfg->ifs, cfg->num_ifs);
|
||||
config_del_strarray(cfg->out_ifs, cfg->num_out_ifs);
|
||||
@ -1344,7 +1349,7 @@ config_delete(struct config_file* cfg)
|
||||
config_del_strbytelist(cfg->respip_tags);
|
||||
config_deltrplstrlist(cfg->acl_tag_actions);
|
||||
config_deltrplstrlist(cfg->acl_tag_datas);
|
||||
config_delstrlist(cfg->control_ifs);
|
||||
config_delstrlist(cfg->control_ifs.first);
|
||||
free(cfg->server_key_file);
|
||||
free(cfg->server_cert_file);
|
||||
free(cfg->control_key_file);
|
||||
@ -2264,3 +2269,12 @@ void errinf_dname(struct module_qstate* qstate, const char* str, uint8_t* dname)
|
||||
snprintf(b, sizeof(b), "%s %s", str, buf);
|
||||
errinf(qstate, b);
|
||||
}
|
||||
|
||||
int options_remote_is_address(struct config_file* cfg)
|
||||
{
|
||||
if(!cfg->remote_control_enable) return 0;
|
||||
if(!cfg->control_ifs.first) return 1;
|
||||
if(!cfg->control_ifs.first->str) return 1;
|
||||
if(cfg->control_ifs.first->str[0] == 0) return 1;
|
||||
return (cfg->control_ifs.first->str[0] != '/');
|
||||
}
|
||||
|
@ -53,6 +53,14 @@ struct sock_list;
|
||||
struct ub_packed_rrset_key;
|
||||
struct regional;
|
||||
|
||||
/** List head for strlist processing, used for append operation. */
|
||||
struct config_strlist_head {
|
||||
/** first in list of text items */
|
||||
struct config_strlist* first;
|
||||
/** last in list of text items */
|
||||
struct config_strlist* last;
|
||||
};
|
||||
|
||||
/**
|
||||
* The configuration options.
|
||||
* Strings are malloced.
|
||||
@ -105,7 +113,7 @@ struct config_file {
|
||||
/** should the system certificate store get added to the cert bundle */
|
||||
int tls_win_cert;
|
||||
/** additional tls ports */
|
||||
struct config_strlist* tls_additional_ports;
|
||||
struct config_strlist* tls_additional_port;
|
||||
|
||||
/** outgoing port range number of ports (per thread) */
|
||||
int outgoing_num_ports;
|
||||
@ -374,11 +382,11 @@ struct config_file {
|
||||
/** remote control section. enable toggle. */
|
||||
int remote_control_enable;
|
||||
/** the interfaces the remote control should listen on */
|
||||
struct config_strlist* control_ifs;
|
||||
struct config_strlist_head control_ifs;
|
||||
/** if the use-cert option is set */
|
||||
int control_use_cert;
|
||||
/** port number for the control port */
|
||||
int control_port;
|
||||
/** use certificates for remote control */
|
||||
int remote_control_use_cert;
|
||||
/** private key file for server */
|
||||
char* server_key_file;
|
||||
/** certificate file for server */
|
||||
@ -653,14 +661,6 @@ struct config_strbytelist {
|
||||
size_t str2len;
|
||||
};
|
||||
|
||||
/** List head for strlist processing, used for append operation. */
|
||||
struct config_strlist_head {
|
||||
/** first in list of text items */
|
||||
struct config_strlist* first;
|
||||
/** last in list of text items */
|
||||
struct config_strlist* last;
|
||||
};
|
||||
|
||||
/**
|
||||
* Create config file structure. Filled with default values.
|
||||
* @return: the new structure or NULL on memory error.
|
||||
@ -894,6 +894,10 @@ void config_delview(struct config_view* p);
|
||||
*/
|
||||
void config_delviews(struct config_view* list);
|
||||
|
||||
/** check if config for remote control turns on IP-address interface
|
||||
* with certificates or a named pipe without certificates. */
|
||||
int options_remote_is_address(struct config_file* cfg);
|
||||
|
||||
/**
|
||||
* Convert 14digit to time value
|
||||
* @param str: string of 14 digits
|
||||
|
2664
util/configlexer.c
2664
util/configlexer.c
File diff suppressed because it is too large
Load Diff
@ -239,9 +239,10 @@ tls-port{COLON} { YDVAR(1, VAR_SSL_PORT) }
|
||||
ssl-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
|
||||
tls-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
|
||||
tls-win-cert{COLON} { YDVAR(1, VAR_TLS_WIN_CERT) }
|
||||
additional-ssl-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) }
|
||||
additional-tls-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) }
|
||||
tls-additional-ports{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) }
|
||||
additional-ssl-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
|
||||
additional-tls-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
|
||||
tls-additional-ports{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
|
||||
tls-additional-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
|
||||
use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) }
|
||||
do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) }
|
||||
interface{COLON} { YDVAR(1, VAR_INTERFACE) }
|
||||
|
@ -361,7 +361,7 @@ extern int yydebug;
|
||||
VAR_URL = 490,
|
||||
VAR_FOR_DOWNSTREAM = 491,
|
||||
VAR_FALLBACK_ENABLED = 492,
|
||||
VAR_TLS_ADDITIONAL_PORTS = 493,
|
||||
VAR_TLS_ADDITIONAL_PORT = 493,
|
||||
VAR_LOW_RTT = 494,
|
||||
VAR_LOW_RTT_PERMIL = 495,
|
||||
VAR_ALLOW_NOTIFY = 496,
|
||||
@ -604,7 +604,7 @@ extern int yydebug;
|
||||
#define VAR_URL 490
|
||||
#define VAR_FOR_DOWNSTREAM 491
|
||||
#define VAR_FALLBACK_ENABLED 492
|
||||
#define VAR_TLS_ADDITIONAL_PORTS 493
|
||||
#define VAR_TLS_ADDITIONAL_PORT 493
|
||||
#define VAR_LOW_RTT 494
|
||||
#define VAR_LOW_RTT_PERMIL 495
|
||||
#define VAR_ALLOW_NOTIFY 496
|
||||
@ -999,15 +999,15 @@ static const yytype_uint16 yyrline[] =
|
||||
2025, 2034, 2044, 2054, 2064, 2071, 2078, 2087, 2097, 2107,
|
||||
2114, 2121, 2128, 2136, 2146, 2156, 2166, 2176, 2206, 2216,
|
||||
2224, 2233, 2248, 2257, 2262, 2263, 2264, 2264, 2264, 2265,
|
||||
2265, 2265, 2266, 2266, 2268, 2278, 2287, 2294, 2304, 2311,
|
||||
2318, 2325, 2332, 2337, 2338, 2339, 2339, 2340, 2340, 2341,
|
||||
2341, 2342, 2343, 2344, 2345, 2346, 2347, 2349, 2357, 2364,
|
||||
2372, 2380, 2387, 2394, 2403, 2412, 2421, 2430, 2439, 2448,
|
||||
2453, 2454, 2455, 2457, 2463, 2473, 2480, 2489, 2497, 2503,
|
||||
2504, 2506, 2506, 2506, 2507, 2507, 2508, 2509, 2510, 2511,
|
||||
2512, 2514, 2524, 2534, 2541, 2550, 2557, 2566, 2574, 2587,
|
||||
2595, 2608, 2613, 2614, 2615, 2615, 2616, 2616, 2616, 2618,
|
||||
2632, 2647, 2659, 2674
|
||||
2265, 2265, 2266, 2266, 2268, 2278, 2287, 2294, 2301, 2308,
|
||||
2315, 2322, 2329, 2334, 2335, 2336, 2336, 2337, 2337, 2338,
|
||||
2338, 2339, 2340, 2341, 2342, 2343, 2344, 2346, 2354, 2361,
|
||||
2369, 2377, 2384, 2391, 2400, 2409, 2418, 2427, 2436, 2445,
|
||||
2450, 2451, 2452, 2454, 2460, 2470, 2477, 2486, 2494, 2500,
|
||||
2501, 2503, 2503, 2503, 2504, 2504, 2505, 2506, 2507, 2508,
|
||||
2509, 2511, 2521, 2531, 2538, 2547, 2554, 2563, 2571, 2584,
|
||||
2592, 2605, 2610, 2611, 2612, 2612, 2613, 2613, 2613, 2615,
|
||||
2629, 2644, 2656, 2671
|
||||
};
|
||||
#endif
|
||||
|
||||
@ -1103,7 +1103,7 @@ static const char *const yytname[] =
|
||||
"VAR_CACHEDB_REDISTIMEOUT", "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM",
|
||||
"VAR_FOR_UPSTREAM", "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER",
|
||||
"VAR_URL", "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED",
|
||||
"VAR_TLS_ADDITIONAL_PORTS", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL",
|
||||
"VAR_TLS_ADDITIONAL_PORT", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL",
|
||||
"VAR_ALLOW_NOTIFY", "VAR_TLS_WIN_CERT", "$accept", "toplevelvars",
|
||||
"toplevelvar", "serverstart", "contents_server", "content_server",
|
||||
"stubstart", "contents_stub", "content_stub", "forwardstart",
|
||||
@ -1124,7 +1124,7 @@ static const char *const yytname[] =
|
||||
"server_udp_upstream_without_downstream", "server_ssl_upstream",
|
||||
"server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port",
|
||||
"server_tls_cert_bundle", "server_tls_win_cert",
|
||||
"server_tls_additional_ports", "server_use_systemd",
|
||||
"server_tls_additional_port", "server_use_systemd",
|
||||
"server_do_daemonize", "server_use_syslog", "server_log_time_ascii",
|
||||
"server_log_queries", "server_log_replies", "server_chroot",
|
||||
"server_username", "server_directory", "server_logfile",
|
||||
@ -3022,8 +3022,8 @@ yyparse (void)
|
||||
case 260:
|
||||
#line 701 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(server_tls_additional_ports:%s)\n", (yyvsp[0].str)));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_ports,
|
||||
OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str)));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
|
||||
(yyvsp[0].str)))
|
||||
yyerror("out of memory");
|
||||
}
|
||||
@ -5072,7 +5072,7 @@ yyparse (void)
|
||||
#line 2288 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str)));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[0].str)))
|
||||
if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str)))
|
||||
yyerror("out of memory");
|
||||
}
|
||||
#line 5079 "util/configparser.c" /* yacc.c:1646 */
|
||||
@ -5082,128 +5082,125 @@ yyparse (void)
|
||||
#line 2295 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->remote_control_use_cert =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0);
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5092 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5089 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 428:
|
||||
#line 2305 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2302 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->server_key_file);
|
||||
cfg_parser->cfg->server_key_file = (yyvsp[0].str);
|
||||
}
|
||||
#line 5102 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5099 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 429:
|
||||
#line 2312 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2309 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->server_cert_file);
|
||||
cfg_parser->cfg->server_cert_file = (yyvsp[0].str);
|
||||
}
|
||||
#line 5112 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5109 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 430:
|
||||
#line 2319 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2316 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->control_key_file);
|
||||
cfg_parser->cfg->control_key_file = (yyvsp[0].str);
|
||||
}
|
||||
#line 5122 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5119 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 431:
|
||||
#line 2326 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2323 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->control_cert_file);
|
||||
cfg_parser->cfg->control_cert_file = (yyvsp[0].str);
|
||||
}
|
||||
#line 5132 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5129 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 432:
|
||||
#line 2333 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2330 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("\nP(dnstap:)\n"));
|
||||
}
|
||||
#line 5140 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5137 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 447:
|
||||
#line 2350 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2347 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5151 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5148 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 448:
|
||||
#line 2358 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2355 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->dnstap_socket_path);
|
||||
cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str);
|
||||
}
|
||||
#line 5161 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5158 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 449:
|
||||
#line 2365 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2362 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5172 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5169 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 450:
|
||||
#line 2373 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2370 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5183 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5180 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 451:
|
||||
#line 2381 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2378 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->dnstap_identity);
|
||||
cfg_parser->cfg->dnstap_identity = (yyvsp[0].str);
|
||||
}
|
||||
#line 5193 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5190 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 452:
|
||||
#line 2388 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2385 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->dnstap_version);
|
||||
cfg_parser->cfg->dnstap_version = (yyvsp[0].str);
|
||||
}
|
||||
#line 5203 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5200 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 453:
|
||||
#line 2395 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2392 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5211,11 +5208,11 @@ yyparse (void)
|
||||
else cfg_parser->cfg->dnstap_log_resolver_query_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5215 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5212 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 454:
|
||||
#line 2404 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2401 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5223,11 +5220,11 @@ yyparse (void)
|
||||
else cfg_parser->cfg->dnstap_log_resolver_response_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5227 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5224 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 455:
|
||||
#line 2413 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2410 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5235,11 +5232,11 @@ yyparse (void)
|
||||
else cfg_parser->cfg->dnstap_log_client_query_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5239 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5236 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 456:
|
||||
#line 2422 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2419 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5247,11 +5244,11 @@ yyparse (void)
|
||||
else cfg_parser->cfg->dnstap_log_client_response_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5251 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5248 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 457:
|
||||
#line 2431 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2428 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5259,11 +5256,11 @@ yyparse (void)
|
||||
else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5263 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5260 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 458:
|
||||
#line 2440 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2437 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5271,29 +5268,29 @@ yyparse (void)
|
||||
else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5275 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5272 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 459:
|
||||
#line 2449 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2446 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("\nP(python:)\n"));
|
||||
}
|
||||
#line 5283 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5280 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 463:
|
||||
#line 2458 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2455 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(python-script:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->python_script);
|
||||
cfg_parser->cfg->python_script = (yyvsp[0].str);
|
||||
}
|
||||
#line 5293 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5290 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 464:
|
||||
#line 2464 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2461 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str)));
|
||||
if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5302,21 +5299,21 @@ yyparse (void)
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5306 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5303 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 465:
|
||||
#line 2474 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2471 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->log_identity);
|
||||
cfg_parser->cfg->log_identity = (yyvsp[0].str);
|
||||
}
|
||||
#line 5316 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5313 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 466:
|
||||
#line 2481 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2478 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
|
||||
validate_respip_action((yyvsp[0].str));
|
||||
@ -5324,31 +5321,31 @@ yyparse (void)
|
||||
(yyvsp[-1].str), (yyvsp[0].str)))
|
||||
fatal_exit("out of memory adding response-ip");
|
||||
}
|
||||
#line 5328 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5325 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 467:
|
||||
#line 2490 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2487 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str)));
|
||||
if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
|
||||
(yyvsp[-1].str), (yyvsp[0].str)))
|
||||
fatal_exit("out of memory adding response-ip-data");
|
||||
}
|
||||
#line 5339 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5336 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 468:
|
||||
#line 2498 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2495 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("\nP(dnscrypt:)\n"));
|
||||
OUTYY(("\nP(dnscrypt:)\n"));
|
||||
}
|
||||
#line 5348 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5345 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 481:
|
||||
#line 2515 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2512 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5356,11 +5353,11 @@ yyparse (void)
|
||||
else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0);
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5360 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5357 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 482:
|
||||
#line 2525 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2522 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str)));
|
||||
|
||||
@ -5369,21 +5366,21 @@ yyparse (void)
|
||||
else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str));
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5373 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5370 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 483:
|
||||
#line 2535 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2532 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->dnscrypt_provider);
|
||||
cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str);
|
||||
}
|
||||
#line 5383 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5380 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 484:
|
||||
#line 2542 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2539 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str)));
|
||||
if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
|
||||
@ -5391,21 +5388,21 @@ yyparse (void)
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
|
||||
fatal_exit("out of memory adding dnscrypt-provider-cert");
|
||||
}
|
||||
#line 5395 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5392 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 485:
|
||||
#line 2551 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2548 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str)));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str)))
|
||||
fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
|
||||
}
|
||||
#line 5405 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5402 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 486:
|
||||
#line 2558 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2555 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str)));
|
||||
if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
|
||||
@ -5413,22 +5410,22 @@ yyparse (void)
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
|
||||
fatal_exit("out of memory adding dnscrypt-secret-key");
|
||||
}
|
||||
#line 5417 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5414 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 487:
|
||||
#line 2567 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2564 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str)));
|
||||
if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
|
||||
yyerror("memory size expected");
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5428 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5425 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 488:
|
||||
#line 2575 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2572 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str)));
|
||||
if(atoi((yyvsp[0].str)) == 0)
|
||||
@ -5440,22 +5437,22 @@ yyparse (void)
|
||||
}
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5444 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5441 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 489:
|
||||
#line 2588 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2585 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str)));
|
||||
if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size))
|
||||
yyerror("memory size expected");
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5455 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5452 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 490:
|
||||
#line 2596 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2593 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str)));
|
||||
if(atoi((yyvsp[0].str)) == 0)
|
||||
@ -5467,19 +5464,19 @@ yyparse (void)
|
||||
}
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5471 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5468 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 491:
|
||||
#line 2609 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2606 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("\nP(cachedb:)\n"));
|
||||
}
|
||||
#line 5479 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5476 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 499:
|
||||
#line 2619 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2616 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
#ifdef USE_CACHEDB
|
||||
OUTYY(("P(backend:%s)\n", (yyvsp[0].str)));
|
||||
@ -5492,11 +5489,11 @@ yyparse (void)
|
||||
OUTYY(("P(Compiled without cachedb, ignoring)\n"));
|
||||
#endif
|
||||
}
|
||||
#line 5496 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5493 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 500:
|
||||
#line 2633 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2630 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
#ifdef USE_CACHEDB
|
||||
OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str)));
|
||||
@ -5510,11 +5507,11 @@ yyparse (void)
|
||||
free((yyvsp[0].str));
|
||||
#endif
|
||||
}
|
||||
#line 5514 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5511 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 501:
|
||||
#line 2648 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2645 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
#if defined(USE_CACHEDB) && defined(USE_REDIS)
|
||||
OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str)));
|
||||
@ -5525,11 +5522,11 @@ yyparse (void)
|
||||
free((yyvsp[0].str));
|
||||
#endif
|
||||
}
|
||||
#line 5529 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5526 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 502:
|
||||
#line 2660 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2657 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
#if defined(USE_CACHEDB) && defined(USE_REDIS)
|
||||
int port;
|
||||
@ -5543,11 +5540,11 @@ yyparse (void)
|
||||
#endif
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5547 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5544 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 503:
|
||||
#line 2675 "util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2672 "util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
#if defined(USE_CACHEDB) && defined(USE_REDIS)
|
||||
OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str)));
|
||||
@ -5559,11 +5556,11 @@ yyparse (void)
|
||||
#endif
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5563 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5560 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
|
||||
#line 5567 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5564 "util/configparser.c" /* yacc.c:1646 */
|
||||
default: break;
|
||||
}
|
||||
/* User semantic actions sometimes alter yychar, and that requires
|
||||
@ -5791,7 +5788,7 @@ yyparse (void)
|
||||
#endif
|
||||
return yyresult;
|
||||
}
|
||||
#line 2687 "util/configparser.y" /* yacc.c:1906 */
|
||||
#line 2684 "util/configparser.y" /* yacc.c:1906 */
|
||||
|
||||
|
||||
/* parse helper routines could be here */
|
||||
|
@ -280,7 +280,7 @@ extern int yydebug;
|
||||
VAR_URL = 490,
|
||||
VAR_FOR_DOWNSTREAM = 491,
|
||||
VAR_FALLBACK_ENABLED = 492,
|
||||
VAR_TLS_ADDITIONAL_PORTS = 493,
|
||||
VAR_TLS_ADDITIONAL_PORT = 493,
|
||||
VAR_LOW_RTT = 494,
|
||||
VAR_LOW_RTT_PERMIL = 495,
|
||||
VAR_ALLOW_NOTIFY = 496,
|
||||
@ -523,7 +523,7 @@ extern int yydebug;
|
||||
#define VAR_URL 490
|
||||
#define VAR_FOR_DOWNSTREAM 491
|
||||
#define VAR_FALLBACK_ENABLED 492
|
||||
#define VAR_TLS_ADDITIONAL_PORTS 493
|
||||
#define VAR_TLS_ADDITIONAL_PORT 493
|
||||
#define VAR_LOW_RTT 494
|
||||
#define VAR_LOW_RTT_PERMIL 495
|
||||
#define VAR_ALLOW_NOTIFY 496
|
||||
|
@ -156,7 +156,7 @@ extern struct config_parser_state* cfg_parser;
|
||||
%token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
|
||||
%token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
|
||||
%token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
|
||||
%token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORTS VAR_LOW_RTT VAR_LOW_RTT_PERMIL
|
||||
%token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
|
||||
%token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT
|
||||
|
||||
%%
|
||||
@ -248,7 +248,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
||||
server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
|
||||
server_ipsecmod_whitelist | server_ipsecmod_strict |
|
||||
server_udp_upstream_without_downstream | server_aggressive_nsec |
|
||||
server_tls_cert_bundle | server_tls_additional_ports | server_low_rtt |
|
||||
server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
|
||||
server_low_rtt_permil | server_tls_win_cert
|
||||
;
|
||||
stubstart: VAR_STUB_ZONE
|
||||
@ -697,10 +697,10 @@ server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_tls_additional_ports: VAR_TLS_ADDITIONAL_PORTS STRING_ARG
|
||||
server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_tls_additional_ports:%s)\n", $2));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_ports,
|
||||
OUTYY(("P(server_tls_additional_port:%s)\n", $2));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
|
||||
$2))
|
||||
yyerror("out of memory");
|
||||
}
|
||||
@ -2287,17 +2287,14 @@ rc_control_port: VAR_CONTROL_PORT STRING_ARG
|
||||
rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
|
||||
{
|
||||
OUTYY(("P(control_interface:%s)\n", $2));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, $2))
|
||||
if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
|
||||
yyerror("out of memory");
|
||||
}
|
||||
;
|
||||
rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
|
||||
{
|
||||
OUTYY(("P(control_use_cert:%s)\n", $2));
|
||||
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->remote_control_use_cert =
|
||||
(strcmp($2, "yes")==0);
|
||||
cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
|
Loading…
Reference in New Issue
Block a user