Vendor import of Unbound 1.7.3.

This commit is contained in:
Dag-Erling Smørgrav 2018-09-10 16:31:49 +00:00
parent 7b6fdf425a
commit 4aea2433fa
34 changed files with 2093 additions and 1977 deletions

View File

@ -858,10 +858,11 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \
$(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \
$(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/respip/respip.h $(PYTHONMOD_HEADER) \
$(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \
$(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h
$(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \
$(PYTHONMOD_HEADER) $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h \
$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h \
$(srcdir)/edns-subnet/edns-subnet.h
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/testcode/checklocks.h
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h \
@ -1257,8 +1258,8 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
$(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
$(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h \
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/util/shm_side/shm_main.h
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
$(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h
testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
$(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
@ -1291,8 +1292,8 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
$(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
$(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h \
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/util/shm_side/shm_main.h
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
$(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
@ -1375,22 +1376,22 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c
$(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h
worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/worker.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h
context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
$(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h \
$(srcdir)/services/mesh.h $(srcdir)/sldns/sbuffer.h
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/sldns/sbuffer.h
libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \
$(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
@ -1407,7 +1408,7 @@ libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
$(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/libunbound/context.h \
$(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h \
$(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/dnscrypt/cert.h \
$(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
@ -1419,11 +1420,14 @@ libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \
$(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h
unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \
$(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h
$(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
$(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \
streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/testcode/checklocks.h $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \

27
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unbound 1.7.2.
# Generated by GNU Autoconf 2.69 for unbound 1.7.3.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl>.
#
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
PACKAGE_VERSION='1.7.2'
PACKAGE_STRING='unbound 1.7.2'
PACKAGE_VERSION='1.7.3'
PACKAGE_STRING='unbound 1.7.3'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
PACKAGE_URL=''
@ -1440,7 +1440,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures unbound 1.7.2 to adapt to many kinds of systems.
\`configure' configures unbound 1.7.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1505,7 +1505,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of unbound 1.7.2:";;
short | recursive ) echo "Configuration of unbound 1.7.3:";;
esac
cat <<\_ACEOF
@ -1722,7 +1722,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
unbound configure 1.7.2
unbound configure 1.7.3
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2431,7 +2431,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by unbound $as_me 1.7.2, which was
It was created by unbound $as_me 1.7.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2783,11 +2783,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=7
UNBOUND_VERSION_MICRO=2
UNBOUND_VERSION_MICRO=3
LIBUNBOUND_CURRENT=7
LIBUNBOUND_REVISION=10
LIBUNBOUND_REVISION=11
LIBUNBOUND_AGE=5
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -2849,6 +2849,7 @@ LIBUNBOUND_AGE=5
# 1.7.0 had 7:8:5
# 1.7.1 had 7:9:5
# 1.7.2 had 7:10:5
# 1.7.3 had 7:11:5
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -19762,7 +19763,7 @@ done
# check if setreuid en setregid fail, on MacOSX10.4(darwin8).
if echo $build_os | grep darwin8 > /dev/null; then
if echo $target_os | grep darwin8 > /dev/null; then
$as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h
@ -21044,7 +21045,7 @@ _ACEOF
version=1.7.2
version=1.7.3
date=`date +'%b %e, %Y'`
@ -21563,7 +21564,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by unbound $as_me 1.7.2, which was
This file was extended by unbound $as_me 1.7.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -21629,7 +21630,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
unbound config.status 1.7.2
unbound config.status 1.7.3
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

View File

@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[7])
m4_define([VERSION_MICRO],[2])
m4_define([VERSION_MICRO],[3])
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=7
LIBUNBOUND_REVISION=10
LIBUNBOUND_REVISION=11
LIBUNBOUND_AGE=5
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -80,6 +80,7 @@ LIBUNBOUND_AGE=5
# 1.7.0 had 7:8:5
# 1.7.1 had 7:9:5
# 1.7.2 had 7:10:5
# 1.7.3 had 7:11:5
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -1324,7 +1325,7 @@ AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])])
AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
# check if setreuid en setregid fail, on MacOSX10.4(darwin8).
if echo $build_os | grep darwin8 > /dev/null; then
if echo $target_os | grep darwin8 > /dev/null; then
AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work])
fi
AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [

View File

@ -62,7 +62,7 @@
/** dump one rrset zonefile line */
static int
dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
dump_rrset_line(RES* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
{
char s[65535];
if(!packed_rr_to_string(k, i, now, s, sizeof(s))) {
@ -73,7 +73,7 @@ dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
/** dump rrset key and data info */
static int
dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
dump_rrset(RES* ssl, struct ub_packed_rrset_key* k,
struct packed_rrset_data* d, time_t now)
{
size_t i;
@ -99,7 +99,7 @@ dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
/** dump lruhash rrset cache */
static int
dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now)
dump_rrset_lruhash(RES* ssl, struct lruhash* h, time_t now)
{
struct lruhash_entry* e;
/* lruhash already locked by caller */
@ -118,7 +118,7 @@ dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now)
/** dump rrset cache */
static int
dump_rrset_cache(SSL* ssl, struct worker* worker)
dump_rrset_cache(RES* ssl, struct worker* worker)
{
struct rrset_cache* r = worker->env.rrset_cache;
size_t slab;
@ -137,7 +137,7 @@ dump_rrset_cache(SSL* ssl, struct worker* worker)
/** dump message to rrset reference */
static int
dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
dump_msg_ref(RES* ssl, struct ub_packed_rrset_key* k)
{
char* nm, *tp, *cl;
nm = sldns_wire2str_dname(k->rk.dname, k->rk.dname_len);
@ -164,7 +164,7 @@ dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
/** dump message entry */
static int
dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d,
dump_msg(RES* ssl, struct query_info* k, struct reply_info* d,
time_t now)
{
size_t i;
@ -246,7 +246,7 @@ copy_msg(struct regional* region, struct lruhash_entry* e,
/** dump lruhash msg cache */
static int
dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h)
dump_msg_lruhash(RES* ssl, struct worker* worker, struct lruhash* h)
{
struct lruhash_entry* e;
struct query_info* k;
@ -274,7 +274,7 @@ dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h)
/** dump msg cache */
static int
dump_msg_cache(SSL* ssl, struct worker* worker)
dump_msg_cache(RES* ssl, struct worker* worker)
{
struct slabhash* sh = worker->env.msg_cache;
size_t slab;
@ -291,7 +291,7 @@ dump_msg_cache(SSL* ssl, struct worker* worker)
}
int
dump_cache(SSL* ssl, struct worker* worker)
dump_cache(RES* ssl, struct worker* worker)
{
if(!dump_rrset_cache(ssl, worker))
return 0;
@ -302,7 +302,7 @@ dump_cache(SSL* ssl, struct worker* worker)
/** read a line from ssl into buffer */
static int
ssl_read_buf(SSL* ssl, sldns_buffer* buf)
ssl_read_buf(RES* ssl, sldns_buffer* buf)
{
return ssl_read_line(ssl, (char*)sldns_buffer_begin(buf),
sldns_buffer_capacity(buf));
@ -310,7 +310,7 @@ ssl_read_buf(SSL* ssl, sldns_buffer* buf)
/** check fixed text on line */
static int
read_fixed(SSL* ssl, sldns_buffer* buf, const char* str)
read_fixed(RES* ssl, sldns_buffer* buf, const char* str)
{
if(!ssl_read_buf(ssl, buf)) return 0;
return (strcmp((char*)sldns_buffer_begin(buf), str) == 0);
@ -318,7 +318,7 @@ read_fixed(SSL* ssl, sldns_buffer* buf, const char* str)
/** load an RR into rrset */
static int
load_rr(SSL* ssl, sldns_buffer* buf, struct regional* region,
load_rr(RES* ssl, sldns_buffer* buf, struct regional* region,
struct ub_packed_rrset_key* rk, struct packed_rrset_data* d,
unsigned int i, int is_rrsig, int* go_on, time_t now)
{
@ -435,7 +435,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
/** load an rrset entry */
static int
load_rrset(SSL* ssl, sldns_buffer* buf, struct worker* worker)
load_rrset(RES* ssl, sldns_buffer* buf, struct worker* worker)
{
char* s = (char*)sldns_buffer_begin(buf);
struct regional* region = worker->scratchpad;
@ -519,7 +519,7 @@ load_rrset(SSL* ssl, sldns_buffer* buf, struct worker* worker)
/** load rrset cache */
static int
load_rrset_cache(SSL* ssl, struct worker* worker)
load_rrset_cache(RES* ssl, struct worker* worker)
{
sldns_buffer* buf = worker->env.scratch_buffer;
if(!read_fixed(ssl, buf, "START_RRSET_CACHE")) return 0;
@ -575,7 +575,7 @@ load_qinfo(char* str, struct query_info* qinfo, struct regional* region)
/** load a msg rrset reference */
static int
load_ref(SSL* ssl, sldns_buffer* buf, struct worker* worker,
load_ref(RES* ssl, sldns_buffer* buf, struct worker* worker,
struct regional *region, struct ub_packed_rrset_key** rrset,
int* go_on)
{
@ -620,7 +620,7 @@ load_ref(SSL* ssl, sldns_buffer* buf, struct worker* worker,
/** load a msg entry */
static int
load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker)
load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker)
{
struct regional* region = worker->scratchpad;
struct query_info qinf;
@ -685,7 +685,7 @@ load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker)
/** load msg cache */
static int
load_msg_cache(SSL* ssl, struct worker* worker)
load_msg_cache(RES* ssl, struct worker* worker)
{
sldns_buffer* buf = worker->env.scratch_buffer;
if(!read_fixed(ssl, buf, "START_MSG_CACHE")) return 0;
@ -698,7 +698,7 @@ load_msg_cache(SSL* ssl, struct worker* worker)
}
int
load_cache(SSL* ssl, struct worker* worker)
load_cache(RES* ssl, struct worker* worker)
{
if(!load_rrset_cache(ssl, worker))
return 0;
@ -709,7 +709,7 @@ load_cache(SSL* ssl, struct worker* worker)
/** print details on a delegation point */
static void
print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
print_dp_details(RES* ssl, struct worker* worker, struct delegpt* dp)
{
char buf[257];
struct delegpt_addr* a;
@ -785,7 +785,7 @@ print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
/** print main dp info */
static void
print_dp_main(SSL* ssl, struct delegpt* dp, struct dns_msg* msg)
print_dp_main(RES* ssl, struct delegpt* dp, struct dns_msg* msg)
{
size_t i, n_ns, n_miss, n_addr, n_res, n_avail;
@ -813,7 +813,7 @@ print_dp_main(SSL* ssl, struct delegpt* dp, struct dns_msg* msg)
return;
}
int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
size_t nmlen, int ATTR_UNUSED(nmlabs))
{
/* deep links into the iterator module */

View File

@ -72,6 +72,7 @@
#ifndef DAEMON_DUMPCACHE_H
#define DAEMON_DUMPCACHE_H
struct worker;
#include "daemon/remote.h"
/**
* Dump cache(s) to text
@ -80,7 +81,7 @@ struct worker;
* ptrs to the caches.
* @return false on ssl print error.
*/
int dump_cache(SSL* ssl, struct worker* worker);
int dump_cache(RES* ssl, struct worker* worker);
/**
* Load cache(s) from text
@ -89,7 +90,7 @@ int dump_cache(SSL* ssl, struct worker* worker);
* ptrs to the caches.
* @return false on ssl error.
*/
int load_cache(SSL* ssl, struct worker* worker);
int load_cache(RES* ssl, struct worker* worker);
/**
* Print the delegation used to lookup for this name.
@ -101,7 +102,7 @@ int load_cache(SSL* ssl, struct worker* worker);
* @param nmlabs: labels in name.
* @return false on ssl error.
*/
int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
size_t nmlen, int nmlabs);
#endif /* DAEMON_DUMPCACHE_H */

File diff suppressed because it is too large Load Diff

View File

@ -73,6 +73,8 @@ struct rc_state {
/** the ssl state */
SSL* ssl;
#endif
/** file descriptor */
int fd;
/** the rc this is part of */
struct daemon_remote* rc;
};
@ -103,6 +105,19 @@ struct daemon_remote {
#endif
};
/**
* Connection to print to, either SSL or plain over fd
*/
struct remote_stream {
#ifdef HAVE_SSL
/** SSL structure, nonNULL if using SSL */
SSL* ssl;
#endif
/** file descriptor for plain transfer */
int fd;
};
typedef struct remote_stream RES;
/**
* Create new remote control state for the daemon.
* @param cfg: config file with key file settings.
@ -166,26 +181,26 @@ void daemon_remote_exec(struct worker* worker);
* @param text: the text.
* @return false on connection failure.
*/
int ssl_print_text(SSL* ssl, const char* text);
int ssl_print_text(RES* ssl, const char* text);
/**
* printf style printing to the ssl connection
* @param ssl: the SSL connection to print to. Blocking.
* @param ssl: the RES connection to print to. Blocking.
* @param format: printf style format string.
* @return success or false on a network failure.
*/
int ssl_printf(SSL* ssl, const char* format, ...)
int ssl_printf(RES* ssl, const char* format, ...)
ATTR_FORMAT(printf, 2, 3);
/**
* Read until \n is encountered
* If SSL signals EOF, the string up to then is returned (without \n).
* @param ssl: the SSL connection to read from. blocking.
* If stream signals EOF, the string up to then is returned (without \n).
* @param ssl: the RES connection to read from. blocking.
* @param buf: buffer to read to.
* @param max: size of buffer.
* @return false on connection failure.
*/
int ssl_read_line(SSL* ssl, char* buf, size_t max);
int ssl_read_line(RES* ssl, char* buf, size_t max);
#endif /* HAVE_SSL */
#endif /* DAEMON_REMOTE_H */

View File

@ -1,6 +1,48 @@
19 June 2018: Wouter
- Fix for unbound-control on Windows and set TCP socket parameters
more closely.
- Fix windows unbound-control no cert bad file descriptor error.
18 June 2018: Wouter
- Fix that control-use-cert: no works for 127.0.0.1 to disable certs.
- Fix unbound-checkconf for control-use-cert.
15 June 2018: Wouter
- tag for 1.7.3rc1.
14 June 2018: Wouter
- #4103: Fix that auth-zone does not insist on SOA record first in
file for url downloads.
- Fix that first control-interface determines if TLS is used. Warn
when IP address interfaces are used without TLS.
- Fix nettle compile.
12 June 2018: Ralph
- Don't count CNAME response types received during qname minimisation as
query restart.
12 June 2018: Wouter
- #4102 for NSD, but for Unbound. Named unix pipes do not use
certificate and key files, access can be restricted with file and
directory permissions. The option control-use-cert is no longer
used, and ignored if found in unbound.conf.
- Rename tls-additional-ports to tls-additional-port, because every
line adds one port.
- Fix buffer size warning in unit test.
- remade dependencies in the Makefile.
6 June 2018: Wouter
- Patch to fix openwrt for mac os build darwin detection in configure.
5 June 2018: Wouter
- Fix crash if ratelimit taken into use with unbound-control
instead of with unbound.conf.
4 June 2018: Wouter
- Fix deadlock caused by incoming notify for auth-zone.
- tag for 1.7.2rc1
- tag for 1.7.2rc1, became 1.7.2 release on 11 June 2018,
trunk is 1.7.3 in development from this point.
- #4100: Fix stub reprime when it becomes useless.
1 June 2018: Wouter
- Rename additional-tls-port to tls-additional-ports.

View File

@ -1,4 +1,4 @@
README for Unbound 1.7.2
README for Unbound 1.7.3
Copyright 2007 NLnet Labs
http://unbound.net

View File

@ -1,7 +1,7 @@
#
# Example configuration file.
#
# See unbound.conf(5) man page, version 1.7.2.
# See unbound.conf(5) man page, version 1.7.3.
#
# this is a comment.
@ -686,7 +686,7 @@ server:
# tls-win-cert: no
# Also serve tls on these port numbers (eg. 443, ...), by listing
# tls-additional-ports: portno for each of the port numbers.
# tls-additional-port: portno for each of the port numbers.
# DNS64 prefix. Must be specified when DNS64 is use.
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
@ -774,18 +774,20 @@ remote-control:
# set up the keys and certificates with unbound-control-setup.
# control-enable: no
# Set to no and use an absolute path as control-interface to use
# a unix local named pipe for unbound-control.
# control-use-cert: yes
# what interfaces are listened to for remote control.
# give 0.0.0.0 and ::0 to listen to all interfaces.
# set to an absolute path to use a unix local name pipe, certificates
# are not used for that, so key and cert files need not be present.
# control-interface: 127.0.0.1
# control-interface: ::1
# port number for remote control operations.
# control-port: 8953
# for localhost, you can disable use of TLS by setting this to "no"
# For local sockets this option is ignored, and TLS is not used.
# control-use-cert: "yes"
# unbound server key file.
# server-key-file: "@UNBOUND_RUN_DIR@/unbound_server.key"

View File

@ -1,4 +1,4 @@
.TH "libunbound" "3" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.TH "libunbound" "3" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
@ -43,7 +43,7 @@
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
\- Unbound DNS validating resolver 1.7.2 functions.
\- Unbound DNS validating resolver 1.7.3 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP

View File

@ -1,4 +1,4 @@
.TH "unbound-anchor" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.TH "unbound-anchor" "8" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"

View File

@ -1,4 +1,4 @@
.TH "unbound-checkconf" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.TH "unbound-checkconf" "8" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"

View File

@ -1,4 +1,4 @@
.TH "unbound-control" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.TH "unbound-control" "8" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"

View File

@ -1,4 +1,4 @@
.TH "unbound\-host" "1" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.TH "unbound\-host" "1" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
.\"
.\" unbound-host.1 -- unbound DNS lookup utility
.\"

View File

@ -1,4 +1,4 @@
.TH "unbound" "8" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.TH "unbound" "8" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
.\"
.\" unbound.8 -- unbound manual
.\"
@ -9,7 +9,7 @@
.\"
.SH "NAME"
.B unbound
\- Unbound DNS validating resolver 1.7.2.
\- Unbound DNS validating resolver 1.7.3.
.SH "SYNOPSIS"
.B unbound
.RB [ \-h ]

View File

@ -1,4 +1,4 @@
.TH "unbound.conf" "5" "Jun 11, 2018" "NLnet Labs" "unbound 1.7.2"
.TH "unbound.conf" "5" "Jun 21, 2018" "NLnet Labs" "unbound 1.7.3"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
@ -452,8 +452,8 @@ If no cert bundle, it uses only these certificates. Default is no.
On windows this option uses the certificates from the cert store. Use
the tls\-cert\-bundle option on other systems.
.TP
.B tls\-additional\-ports: \fI<portnr>
List portnumbers as tls\-additional\-ports, and when interfaces are defined,
.B tls\-additional\-port: \fI<portnr>
List portnumbers as tls\-additional\-port, and when interfaces are defined,
eg. with the @port suffix, as this port number, they provide dns over TLS
service. Can list multiple, each on a new statement.
.TP
@ -1369,6 +1369,14 @@ By default localhost (127.0.0.1 and ::1) is listened to.
Use 0.0.0.0 and ::0 to listen to all interfaces.
If you change this and permissions have been dropped, you must restart
the server for the change to take effect.
.IP
If you set it to an absolute path, a local socket is used. The local socket
does not use the certificates and keys, so those files need not be present.
To restrict access, unbound sets permissions on the file to the user and
group that is configured, the access bits are set to allow the group members
to access the control socket file. Put users that need to access the socket
in the that group. To restrict access further, create a directory to put
the control socket in and restrict access to that directory.
.TP 5
.B control\-port: \fI<port number>
The port number to listen on for IPv4 or IPv6 control interfaces,
@ -1377,11 +1385,9 @@ If you change this and permissions have been dropped, you must restart
the server for the change to take effect.
.TP 5
.B control\-use\-cert: \fI<yes or no>
Whether to require certificate authentication of control connections.
The default is "yes".
This should not be changed unless there are other mechanisms in place
to prevent untrusted users from accessing the remote control
interface.
For localhost control-interface you can disable the use of TLS by setting
this option to "no", default is "yes". For local sockets, TLS is disabled
and the value of this option is ignored.
.TP 5
.B server\-key\-file: \fI<private key file>
Path to the server private key, by default unbound_server.key.

View File

@ -536,7 +536,7 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
/** see if last resort is possible - does config allow queries to parent */
static int
can_have_last_resort(struct module_env* env, uint8_t* nm, size_t nmlen,
uint16_t qclass)
uint16_t qclass, struct delegpt** retdp)
{
struct delegpt* fwddp;
struct iter_hints_stub* stub;
@ -549,12 +549,14 @@ can_have_last_resort(struct module_env* env, uint8_t* nm, size_t nmlen,
/* has_parent side is turned off for stub_first, where we
* are allowed to go to the parent */
stub->dp->has_parent_side_NS) {
if(retdp) *retdp = stub->dp;
return 0;
}
if((fwddp = forwards_find(env->fwds, nm, qclass)) &&
/* has_parent_side is turned off for forward_first, where
* we are allowed to go to the parent */
fwddp->has_parent_side_NS) {
if(retdp) *retdp = fwddp;
return 0;
}
return 1;
@ -1000,7 +1002,7 @@ generate_ns_check(struct module_qstate* qstate, struct iter_qstate* iq, int id)
if(iq->depth == ie->max_dependency_depth)
return;
if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen,
iq->qchase.qclass))
iq->qchase.qclass, NULL))
return;
/* is this query the same as the nscheck? */
if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS &&
@ -1184,10 +1186,8 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
*/
if (iq->refetch_glue &&
iq->dp &&
!can_have_last_resort(qstate->env,
iq->dp->name,
iq->dp->namelen,
iq->qchase.qclass)) {
!can_have_last_resort(qstate->env, iq->dp->name,
iq->dp->namelen, iq->qchase.qclass, NULL)) {
iq->refetch_glue = 0;
}
@ -1300,7 +1300,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
}
if(iq->qchase.qtype == LDNS_RR_TYPE_DS || iq->refetch_glue ||
(iq->qchase.qtype == LDNS_RR_TYPE_NS && qstate->prefetch_leeway
&& can_have_last_resort(qstate->env, delname, delnamelen, iq->qchase.qclass))) {
&& can_have_last_resort(qstate->env, delname, delnamelen, iq->qchase.qclass, NULL))) {
/* remove first label from delname, root goes to hints,
* but only to fetch glue, not for qtype=DS. */
/* also when prefetching an NS record, fetch it again from
@ -1416,9 +1416,25 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
*/
if(iter_dp_is_useless(&qstate->qinfo, qstate->query_flags,
iq->dp)) {
if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen, iq->qchase.qclass)) {
struct delegpt* retdp = NULL;
if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen, iq->qchase.qclass, &retdp)) {
if(retdp) {
verbose(VERB_QUERY, "cache has stub "
"or fwd but no addresses, "
"fallback to config");
iq->dp = delegpt_copy(retdp,
qstate->region);
if(!iq->dp) {
log_err("out of memory in "
"stub/fwd fallback");
return error_response(qstate,
id, LDNS_RCODE_SERVFAIL);
}
break;
}
verbose(VERB_ALGO, "useless dp "
"but cannot go up, servfail");
delegpt_log(VERB_ALGO, iq->dp);
return error_response(qstate, id,
LDNS_RCODE_SERVFAIL);
}
@ -1779,7 +1795,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
log_assert(iq->dp);
if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen,
iq->qchase.qclass)) {
iq->qchase.qclass, NULL)) {
/* fail -- no more targets, no more hope of targets, no hope
* of a response. */
verbose(VERB_QUERY, "configured stub or forward servers failed -- returning SERVFAIL");
@ -1872,7 +1888,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
if( ((ie->supports_ipv6 && !ns->done_pside6) ||
(ie->supports_ipv4 && !ns->done_pside4)) &&
!can_have_last_resort(qstate->env, ns->name, ns->namelen,
iq->qchase.qclass)) {
iq->qchase.qclass, NULL)) {
log_nametypeclass(VERB_ALGO, "cannot pside lookup ns "
"because it is also a stub/forward,",
ns->name, LDNS_RR_TYPE_NS, iq->qchase.qclass);
@ -2754,16 +2770,18 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
/* set the current request's qname to the new value. */
iq->qchase.qname = sname;
iq->qchase.qname_len = snamelen;
if (qstate->env->cfg->qname_minimisation)
iq->minimisation_state = INIT_MINIMISE_STATE;
/* Clear the query state, since this is a query restart. */
iq->deleg_msg = NULL;
iq->dp = NULL;
iq->dsns_point = NULL;
iq->auth_zone_response = 0;
/* Note the query restart. */
iq->query_restart_count++;
iq->sent_count = 0;
if(iq->minimisation_state != MINIMISE_STATE)
/* Only count as query restart when it is not an extra
* query as result of qname minimisation. */
iq->query_restart_count++;
if(qstate->env->cfg->qname_minimisation)
iq->minimisation_state = INIT_MINIMISE_STATE;
/* stop current outstanding queries.
* FIXME: should the outstanding queries be waited for and

View File

@ -883,7 +883,7 @@ struct config_file {
struct config_strlist* local_zones_nodefault;
struct config_strlist* local_data;
int remote_control_enable;
struct config_strlist* control_ifs;
struct config_strlist_head control_ifs;
int control_port;
char* server_key_file;
char* server_cert_file;

View File

@ -4164,8 +4164,8 @@ chunkline_non_comment_RR(struct auth_chunk** chunk, size_t* chunk_pos,
return 0;
}
/** check syntax of chunklist zonefile, parse SOA RR, return false on
* failure and return a string in the scratch buffer (SOA RR string)
/** check syntax of chunklist zonefile, parse first RR, return false on
* failure and return a string in the scratch buffer (first RR string)
* on failure. */
static int
http_zonefile_syntax_check(struct auth_xfer* xfr, sldns_buffer* buf)
@ -4193,26 +4193,11 @@ http_zonefile_syntax_check(struct auth_xfer* xfr, sldns_buffer* buf)
pstate.origin_len?pstate.origin:NULL, pstate.origin_len,
pstate.prev_rr_len?pstate.prev_rr:NULL, pstate.prev_rr_len);
if(e != 0) {
log_err("parse failure on SOA RR[%d]: %s",
log_err("parse failure on first RR[%d]: %s",
LDNS_WIREPARSE_OFFSET(e),
sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e)));
return 0;
}
/* check that name is correct */
if(query_dname_compare(rr, xfr->name) != 0) {
char nm[255+1], zname[255+1];
dname_str(rr, nm);
dname_str(xfr->name, zname);
log_err("parse failure for %s, SOA RR for %s found instead",
zname, nm);
return 0;
}
/* check that type is SOA */
if(sldns_wirerr_get_type(rr, rr_len, dname_len) != LDNS_RR_TYPE_SOA) {
log_err("parse failure: first record in downloaded zonefile "
"not of type SOA");
return 0;
}
/* check that class is correct */
if(sldns_wirerr_get_class(rr, rr_len, dname_len) != xfr->dclass) {
log_err("parse failure: first record in downloaded zonefile "

View File

@ -232,22 +232,20 @@ infra_create(struct config_file* cfg)
infra->host_ttl = cfg->host_ttl;
name_tree_init(&infra->domain_limits);
infra_dp_ratelimit = cfg->ratelimit;
if(cfg->ratelimit != 0) {
infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
&rate_sizefunc, &rate_compfunc, &rate_delkeyfunc,
&rate_deldatafunc, NULL);
if(!infra->domain_rates) {
infra_delete(infra);
return NULL;
}
/* insert config data into ratelimits */
if(!infra_ratelimit_cfg_insert(infra, cfg)) {
infra_delete(infra);
return NULL;
}
name_tree_init_parents(&infra->domain_limits);
infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
&rate_sizefunc, &rate_compfunc, &rate_delkeyfunc,
&rate_deldatafunc, NULL);
if(!infra->domain_rates) {
infra_delete(infra);
return NULL;
}
/* insert config data into ratelimits */
if(!infra_ratelimit_cfg_insert(infra, cfg)) {
infra_delete(infra);
return NULL;
}
name_tree_init_parents(&infra->domain_limits);
infra_ip_ratelimit = cfg->ip_ratelimit;
infra->client_ip_rates = slabhash_create(cfg->ip_ratelimit_slabs,
INFRA_HOST_STARTSIZE, cfg->ip_ratelimit_size, &ip_rate_sizefunc,

View File

@ -1059,7 +1059,7 @@ set_recvpktinfo(int s, int family)
/** see if interface is ssl, its port number == the ssl port number */
static int
if_is_ssl(const char* ifname, const char* port, int ssl_port,
struct config_strlist* tls_additional_ports)
struct config_strlist* tls_additional_port)
{
struct config_strlist* s;
char* p = strchr(ifname, '@');
@ -1067,7 +1067,7 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port,
return 1;
if(p && atoi(p+1) == ssl_port)
return 1;
for(s = tls_additional_ports; s; s = s->next) {
for(s = tls_additional_port; s; s = s->next) {
if(p && atoi(p+1) == atoi(s->str))
return 1;
if(!p && atoi(port) == atoi(s->str))
@ -1089,7 +1089,7 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port,
* @param rcv: receive buffer size for UDP
* @param snd: send buffer size for UDP
* @param ssl_port: ssl service port number
* @param tls_additional_ports: list of additional ssl service port numbers.
* @param tls_additional_port: list of additional ssl service port numbers.
* @param reuseport: try to set SO_REUSEPORT if nonNULL and true.
* set to false on exit if reuseport failed due to no kernel support.
* @param transparent: set IP_TRANSPARENT socket option.
@ -1103,7 +1103,7 @@ static int
ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
struct addrinfo *hints, const char* port, struct listen_port** list,
size_t rcv, size_t snd, int ssl_port,
struct config_strlist* tls_additional_ports, int* reuseport,
struct config_strlist* tls_additional_port, int* reuseport,
int transparent, int tcp_mss, int freebind, int use_systemd,
int dnscrypt_port)
{
@ -1170,7 +1170,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
}
if(do_tcp) {
int is_ssl = if_is_ssl(ifname, port, ssl_port,
tls_additional_ports);
tls_additional_port);
if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1,
&noip6, 0, 0, reuseport, transparent, tcp_mss,
freebind, use_systemd)) == -1) {
@ -1356,7 +1356,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
do_auto, cfg->do_udp, do_tcp,
&hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->tls_additional_ports,
cfg->ssl_port, cfg->tls_additional_port,
reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) {
@ -1370,7 +1370,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
do_auto, cfg->do_udp, do_tcp,
&hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->tls_additional_ports,
cfg->ssl_port, cfg->tls_additional_port,
reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) {
@ -1386,7 +1386,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
do_tcp, &hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->tls_additional_ports,
cfg->ssl_port, cfg->tls_additional_port,
reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) {
@ -1400,7 +1400,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
do_tcp, &hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->tls_additional_ports,
cfg->ssl_port, cfg->tls_additional_port,
reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) {

View File

@ -542,7 +542,8 @@ morechecks(struct config_file* cfg, const char* fname)
# endif
}
#endif
if(cfg->remote_control_enable && cfg->remote_control_use_cert) {
if(cfg->remote_control_enable && options_remote_is_address(cfg)
&& cfg->control_use_cert) {
check_chroot_string("server-key-file", &cfg->server_key_file,
cfg->chrootdir, cfg);
check_chroot_string("server-cert-file", &cfg->server_cert_file,

View File

@ -451,47 +451,33 @@ setup_ctx(struct config_file* cfg)
char* s_cert=NULL, *c_key=NULL, *c_cert=NULL;
SSL_CTX* ctx;
if(cfg->remote_control_use_cert) {
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
if(!s_cert || !c_key || !c_cert)
fatal_exit("out of memory");
}
if(!(options_remote_is_address(cfg) && cfg->control_use_cert))
return NULL;
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
if(!s_cert || !c_key || !c_cert)
fatal_exit("out of memory");
ctx = SSL_CTX_new(SSLv23_client_method());
if(!ctx)
ssl_err("could not allocate SSL_CTX pointer");
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
!= SSL_OP_NO_SSLv2)
ssl_err("could not set SSL_OP_NO_SSLv2");
if(cfg->remote_control_use_cert) {
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
!= SSL_OP_NO_SSLv3)
ssl_err("could not set SSL_OP_NO_SSLv3");
if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|| !SSL_CTX_check_private_key(ctx))
ssl_err("Error setting up SSL_CTX client key and cert");
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
ssl_err("Error setting up SSL_CTX verify, server cert");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
!= SSL_OP_NO_SSLv3)
ssl_err("could not set SSL_OP_NO_SSLv3");
if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|| !SSL_CTX_check_private_key(ctx))
ssl_err("Error setting up SSL_CTX client key and cert");
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
ssl_err("Error setting up SSL_CTX verify, server cert");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
free(s_cert);
free(c_key);
free(c_cert);
} else {
/* Use ciphers that don't require authentication */
#if defined(SSL_OP_NO_TLSv1_3)
/* in openssl 1.1.1, negotiation code for tls 1.3 does
* not allow the unauthenticated aNULL and eNULL ciphers */
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_3);
#endif
#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
SSL_CTX_set_security_level(ctx, 0);
#endif
if(!SSL_CTX_set_cipher_list(ctx, "aNULL:eNULL"))
ssl_err("Error setting NULL cipher!");
}
free(s_cert);
free(c_key);
free(c_cert);
return ctx;
}
@ -501,12 +487,12 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
{
struct sockaddr_storage addr;
socklen_t addrlen;
int addrfamily = 0;
int fd;
int addrfamily = 0, proto = IPPROTO_TCP;
int fd, useport = 1;
/* use svr or the first config entry */
if(!svr) {
if(cfg->control_ifs) {
svr = cfg->control_ifs->str;
if(cfg->control_ifs.first) {
svr = cfg->control_ifs.first->str;
} else if(cfg->do_ip4) {
svr = "127.0.0.1";
} else {
@ -534,6 +520,8 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
(void)strlcpy(usock->sun_path, svr, sizeof(usock->sun_path));
addrlen = (socklen_t)sizeof(struct sockaddr_un);
addrfamily = AF_LOCAL;
useport = 0;
proto = 0;
#endif
} else {
if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen))
@ -541,8 +529,8 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
}
if(addrfamily == 0)
addrfamily = addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET;
fd = socket(addrfamily, SOCK_STREAM, 0);
addrfamily = addr_is_ip6(&addr, addrlen)?PF_INET6:PF_INET;
fd = socket(addrfamily, SOCK_STREAM, proto);
if(fd == -1) {
#ifndef USE_WINSOCK
fatal_exit("socket: %s", strerror(errno));
@ -552,14 +540,18 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
}
if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) {
#ifndef USE_WINSOCK
log_err_addr("connect", strerror(errno), &addr, addrlen);
if(errno == ECONNREFUSED && statuscmd) {
int err = errno;
if(!useport) log_err("connect: %s for %s", strerror(err), svr);
else log_err_addr("connect", strerror(err), &addr, addrlen);
if(err == ECONNREFUSED && statuscmd) {
printf("unbound is stopped\n");
exit(3);
}
#else
log_err_addr("connect", wsa_strerror(WSAGetLastError()), &addr, addrlen);
if(WSAGetLastError() == WSAECONNREFUSED && statuscmd) {
int wsaerr = WSAGetLastError();
if(!useport) log_err("connect: %s for %s", wsa_strerror(wsaerr), svr);
else log_err_addr("connect", wsa_strerror(wsaerr), &addr, addrlen);
if(wsaerr == WSAECONNREFUSED && statuscmd) {
printf("unbound is stopped\n");
exit(3);
}
@ -571,12 +563,13 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
/** setup SSL on the connection */
static SSL*
setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg)
setup_ssl(SSL_CTX* ctx, int fd)
{
SSL* ssl;
X509* x;
int r;
if(!ctx) return NULL;
ssl = SSL_new(ctx);
if(!ssl)
ssl_err("could not SSL_new");
@ -597,78 +590,115 @@ setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg)
/* check authenticity of server */
if(SSL_get_verify_result(ssl) != X509_V_OK)
ssl_err("SSL verification failed");
if(cfg->remote_control_use_cert) {
x = SSL_get_peer_certificate(ssl);
if(!x)
ssl_err("Server presented no peer certificate");
X509_free(x);
}
x = SSL_get_peer_certificate(ssl);
if(!x)
ssl_err("Server presented no peer certificate");
X509_free(x);
return ssl;
}
/** read from ssl or fd, fatalexit on error, 0 EOF, 1 success */
static int
remote_read(SSL* ssl, int fd, char* buf, size_t len)
{
if(ssl) {
int r;
ERR_clear_error();
if((r = SSL_read(ssl, buf, (int)len-1)) <= 0) {
if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
/* EOF */
return 0;
}
ssl_err("could not SSL_read");
}
buf[r] = 0;
} else {
ssize_t rr = recv(fd, buf, len-1, 0);
if(rr <= 0) {
if(rr == 0) {
/* EOF */
return 0;
}
#ifndef USE_WINSOCK
fatal_exit("could not recv: %s", strerror(errno));
#else
fatal_exit("could not recv: %s", wsa_strerror(WSAGetLastError()));
#endif
}
buf[rr] = 0;
}
return 1;
}
/** write to ssl or fd, fatalexit on error */
static void
remote_write(SSL* ssl, int fd, const char* buf, size_t len)
{
if(ssl) {
if(SSL_write(ssl, buf, (int)len) <= 0)
ssl_err("could not SSL_write");
} else {
if(send(fd, buf, len, 0) < (ssize_t)len) {
#ifndef USE_WINSOCK
fatal_exit("could not send: %s", strerror(errno));
#else
fatal_exit("could not send: %s", wsa_strerror(WSAGetLastError()));
#endif
}
}
}
/** send stdin to server */
static void
send_file(SSL* ssl, FILE* in, char* buf, size_t sz)
send_file(SSL* ssl, int fd, FILE* in, char* buf, size_t sz)
{
while(fgets(buf, (int)sz, in)) {
if(SSL_write(ssl, buf, (int)strlen(buf)) <= 0)
ssl_err("could not SSL_write contents");
remote_write(ssl, fd, buf, strlen(buf));
}
}
/** send end-of-file marker to server */
static void
send_eof(SSL* ssl)
send_eof(SSL* ssl, int fd)
{
char e[] = {0x04, 0x0a};
if(SSL_write(ssl, e, (int)sizeof(e)) <= 0)
ssl_err("could not SSL_write end-of-file marker");
remote_write(ssl, fd, e, sizeof(e));
}
/** send command and display result */
static int
go_cmd(SSL* ssl, int quiet, int argc, char* argv[])
go_cmd(SSL* ssl, int fd, int quiet, int argc, char* argv[])
{
char pre[10];
const char* space=" ";
const char* newline="\n";
int was_error = 0, first_line = 1;
int r, i;
int i;
char buf[1024];
snprintf(pre, sizeof(pre), "UBCT%d ", UNBOUND_CONTROL_VERSION);
if(SSL_write(ssl, pre, (int)strlen(pre)) <= 0)
ssl_err("could not SSL_write");
remote_write(ssl, fd, pre, strlen(pre));
for(i=0; i<argc; i++) {
if(SSL_write(ssl, space, (int)strlen(space)) <= 0)
ssl_err("could not SSL_write");
if(SSL_write(ssl, argv[i], (int)strlen(argv[i])) <= 0)
ssl_err("could not SSL_write");
remote_write(ssl, fd, space, strlen(space));
remote_write(ssl, fd, argv[i], strlen(argv[i]));
}
if(SSL_write(ssl, newline, (int)strlen(newline)) <= 0)
ssl_err("could not SSL_write");
remote_write(ssl, fd, newline, strlen(newline));
if(argc == 1 && strcmp(argv[0], "load_cache") == 0) {
send_file(ssl, stdin, buf, sizeof(buf));
send_file(ssl, fd, stdin, buf, sizeof(buf));
}
else if(argc == 1 && (strcmp(argv[0], "local_zones") == 0 ||
strcmp(argv[0], "local_zones_remove") == 0 ||
strcmp(argv[0], "local_datas") == 0 ||
strcmp(argv[0], "local_datas_remove") == 0)) {
send_file(ssl, stdin, buf, sizeof(buf));
send_eof(ssl);
send_file(ssl, fd, stdin, buf, sizeof(buf));
send_eof(ssl, fd);
}
while(1) {
ERR_clear_error();
if((r = SSL_read(ssl, buf, (int)sizeof(buf)-1)) <= 0) {
if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
/* EOF */
break;
}
ssl_err("could not SSL_read");
if(remote_read(ssl, fd, buf, sizeof(buf)) == 0) {
break; /* EOF */
}
buf[r] = 0;
if(first_line && strncmp(buf, "error", 5) == 0) {
printf("%s", buf);
was_error = 1;
@ -703,18 +733,18 @@ go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[])
/* contact server */
fd = contact_server(svr, cfg, argc>0&&strcmp(argv[0],"status")==0);
ssl = setup_ssl(ctx, fd, cfg);
ssl = setup_ssl(ctx, fd);
/* send command */
ret = go_cmd(ssl, quiet, argc, argv);
ret = go_cmd(ssl, fd, quiet, argc, argv);
SSL_free(ssl);
if(ssl) SSL_free(ssl);
#ifndef USE_WINSOCK
close(fd);
#else
closesocket(fd);
#endif
SSL_CTX_free(ctx);
if(ctx) SSL_CTX_free(ctx);
config_delete(cfg);
return ret;
}

View File

@ -94,7 +94,7 @@ static void print_neg_cache(struct val_neg_cache* neg)
/** get static pointer to random zone name */
static char* get_random_zone(void)
{
static char zname[256];
static char zname[36];
int labels = random() % 3;
int i;
char* p = zname;
@ -102,10 +102,10 @@ static char* get_random_zone(void)
for(i=0; i<labels; i++) {
labnum = random()%10;
snprintf(p, 256-(p-zname), "\003%3.3d", labnum);
snprintf(p, sizeof(zname)-(p-zname), "\003%3.3d", labnum);
p+=4;
}
snprintf(p, 256-(p-zname), "\007example\003com");
snprintf(p, sizeof(zname)-(p-zname), "\007example\003com");
return zname;
}

View File

@ -28,4 +28,4 @@ echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_ldns_testns_up fwd.log
wait_unbound_up unbound.log
sleep 2

View File

@ -36,7 +36,7 @@ dig @localhost -p $UNBOUND_PORT www5.example.com. >outfile5 &
digpid5=$!
dig @localhost -p $UNBOUND_PORT www6.example.com. >outfile6 &
digpid6=$!
sleep 6
sleep 12
kill -9 $digpid1
kill -9 $digpid2
kill -9 $digpid3

View File

@ -244,9 +244,10 @@ config_create(void)
cfg->insecure_lan_zones = 0;
cfg->python_script = NULL;
cfg->remote_control_enable = 0;
cfg->control_ifs = NULL;
cfg->control_ifs.first = NULL;
cfg->control_ifs.last = NULL;
cfg->control_port = UNBOUND_CONTROL_PORT;
cfg->remote_control_use_cert = 1;
cfg->control_use_cert = 1;
cfg->minimal_responses = 0;
cfg->rrset_roundrobin = 0;
cfg->max_udp_size = 4096;
@ -386,6 +387,9 @@ struct config_file* config_create_forlib(void)
#define S_STRLIST_UNIQ(str, var) if(strcmp(opt, str)==0) \
{ if(cfg_strlist_find(cfg->var, val)) { return 0;} \
return cfg_strlist_insert(&cfg->var, strdup(val)); }
/** append string to strlist */
#define S_STRLIST_APPEND(str, var) if(strcmp(opt, str)==0) \
{ return cfg_strlist_append(&cfg->var, strdup(val)); }
int config_set_option(struct config_file* cfg, const char* opt,
const char* val)
@ -457,8 +461,9 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_NUMBER_NONZERO("ssl-port:", ssl_port)
else S_STR("tls-cert-bundle:", tls_cert_bundle)
else S_YNO("tls-win-cert:", tls_win_cert)
else S_STRLIST("additional-tls-port:", tls_additional_ports)
else S_STRLIST("tls-additional-ports:", tls_additional_ports)
else S_STRLIST("additional-tls-port:", tls_additional_port)
else S_STRLIST("tls-additional-ports:", tls_additional_port)
else S_STRLIST("tls-additional-port:", tls_additional_port)
else S_YNO("interface-automatic:", if_automatic)
else S_YNO("use-systemd:", use_systemd)
else S_YNO("do-daemonize:", do_daemonize)
@ -555,7 +560,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("unblock-lan-zones:", unblock_lan_zones)
else S_YNO("insecure-lan-zones:", insecure_lan_zones)
else S_YNO("control-enable:", remote_control_enable)
else S_STRLIST("control-interface:", control_ifs)
else S_STRLIST_APPEND("control-interface:", control_ifs)
else S_NUMBER_NONZERO("control-port:", control_port)
else S_STR("server-key-file:", server_key_file)
else S_STR("server-cert-file:", server_cert_file)
@ -879,7 +884,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "ssl-port", ssl_port)
else O_STR(opt, "tls-cert-bundle", tls_cert_bundle)
else O_YNO(opt, "tls-win-cert", tls_win_cert)
else O_LST(opt, "tls-additional-ports", tls_additional_ports)
else O_LST(opt, "tls-additional-port", tls_additional_port)
else O_YNO(opt, "use-systemd", use_systemd)
else O_YNO(opt, "do-daemonize", do_daemonize)
else O_STR(opt, "chroot", chrootdir)
@ -941,7 +946,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "trust-anchor-signaling", trust_anchor_signaling)
else O_YNO(opt, "root-key-sentinel", root_key_sentinel)
else O_LST(opt, "dlv-anchor", dlv_anchor_list)
else O_LST(opt, "control-interface", control_ifs)
else O_LST(opt, "control-interface", control_ifs.first)
else O_LST(opt, "domain-insecure", domain_insecure)
else O_UNS(opt, "val-override-date", val_date_override)
else O_YNO(opt, "minimal-responses", minimal_responses)
@ -1303,7 +1308,7 @@ config_delete(struct config_file* cfg)
free(cfg->ssl_service_key);
free(cfg->ssl_service_pem);
free(cfg->tls_cert_bundle);
config_delstrlist(cfg->tls_additional_ports);
config_delstrlist(cfg->tls_additional_port);
free(cfg->log_identity);
config_del_strarray(cfg->ifs, cfg->num_ifs);
config_del_strarray(cfg->out_ifs, cfg->num_out_ifs);
@ -1344,7 +1349,7 @@ config_delete(struct config_file* cfg)
config_del_strbytelist(cfg->respip_tags);
config_deltrplstrlist(cfg->acl_tag_actions);
config_deltrplstrlist(cfg->acl_tag_datas);
config_delstrlist(cfg->control_ifs);
config_delstrlist(cfg->control_ifs.first);
free(cfg->server_key_file);
free(cfg->server_cert_file);
free(cfg->control_key_file);
@ -2264,3 +2269,12 @@ void errinf_dname(struct module_qstate* qstate, const char* str, uint8_t* dname)
snprintf(b, sizeof(b), "%s %s", str, buf);
errinf(qstate, b);
}
int options_remote_is_address(struct config_file* cfg)
{
if(!cfg->remote_control_enable) return 0;
if(!cfg->control_ifs.first) return 1;
if(!cfg->control_ifs.first->str) return 1;
if(cfg->control_ifs.first->str[0] == 0) return 1;
return (cfg->control_ifs.first->str[0] != '/');
}

View File

@ -53,6 +53,14 @@ struct sock_list;
struct ub_packed_rrset_key;
struct regional;
/** List head for strlist processing, used for append operation. */
struct config_strlist_head {
/** first in list of text items */
struct config_strlist* first;
/** last in list of text items */
struct config_strlist* last;
};
/**
* The configuration options.
* Strings are malloced.
@ -105,7 +113,7 @@ struct config_file {
/** should the system certificate store get added to the cert bundle */
int tls_win_cert;
/** additional tls ports */
struct config_strlist* tls_additional_ports;
struct config_strlist* tls_additional_port;
/** outgoing port range number of ports (per thread) */
int outgoing_num_ports;
@ -374,11 +382,11 @@ struct config_file {
/** remote control section. enable toggle. */
int remote_control_enable;
/** the interfaces the remote control should listen on */
struct config_strlist* control_ifs;
struct config_strlist_head control_ifs;
/** if the use-cert option is set */
int control_use_cert;
/** port number for the control port */
int control_port;
/** use certificates for remote control */
int remote_control_use_cert;
/** private key file for server */
char* server_key_file;
/** certificate file for server */
@ -653,14 +661,6 @@ struct config_strbytelist {
size_t str2len;
};
/** List head for strlist processing, used for append operation. */
struct config_strlist_head {
/** first in list of text items */
struct config_strlist* first;
/** last in list of text items */
struct config_strlist* last;
};
/**
* Create config file structure. Filled with default values.
* @return: the new structure or NULL on memory error.
@ -894,6 +894,10 @@ void config_delview(struct config_view* p);
*/
void config_delviews(struct config_view* list);
/** check if config for remote control turns on IP-address interface
* with certificates or a named pipe without certificates. */
int options_remote_is_address(struct config_file* cfg);
/**
* Convert 14digit to time value
* @param str: string of 14 digits

File diff suppressed because it is too large Load Diff

View File

@ -239,9 +239,10 @@ tls-port{COLON} { YDVAR(1, VAR_SSL_PORT) }
ssl-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
tls-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
tls-win-cert{COLON} { YDVAR(1, VAR_TLS_WIN_CERT) }
additional-ssl-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) }
additional-tls-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) }
tls-additional-ports{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) }
additional-ssl-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
additional-tls-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
tls-additional-ports{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
tls-additional-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) }
do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) }
interface{COLON} { YDVAR(1, VAR_INTERFACE) }

View File

@ -361,7 +361,7 @@ extern int yydebug;
VAR_URL = 490,
VAR_FOR_DOWNSTREAM = 491,
VAR_FALLBACK_ENABLED = 492,
VAR_TLS_ADDITIONAL_PORTS = 493,
VAR_TLS_ADDITIONAL_PORT = 493,
VAR_LOW_RTT = 494,
VAR_LOW_RTT_PERMIL = 495,
VAR_ALLOW_NOTIFY = 496,
@ -604,7 +604,7 @@ extern int yydebug;
#define VAR_URL 490
#define VAR_FOR_DOWNSTREAM 491
#define VAR_FALLBACK_ENABLED 492
#define VAR_TLS_ADDITIONAL_PORTS 493
#define VAR_TLS_ADDITIONAL_PORT 493
#define VAR_LOW_RTT 494
#define VAR_LOW_RTT_PERMIL 495
#define VAR_ALLOW_NOTIFY 496
@ -999,15 +999,15 @@ static const yytype_uint16 yyrline[] =
2025, 2034, 2044, 2054, 2064, 2071, 2078, 2087, 2097, 2107,
2114, 2121, 2128, 2136, 2146, 2156, 2166, 2176, 2206, 2216,
2224, 2233, 2248, 2257, 2262, 2263, 2264, 2264, 2264, 2265,
2265, 2265, 2266, 2266, 2268, 2278, 2287, 2294, 2304, 2311,
2318, 2325, 2332, 2337, 2338, 2339, 2339, 2340, 2340, 2341,
2341, 2342, 2343, 2344, 2345, 2346, 2347, 2349, 2357, 2364,
2372, 2380, 2387, 2394, 2403, 2412, 2421, 2430, 2439, 2448,
2453, 2454, 2455, 2457, 2463, 2473, 2480, 2489, 2497, 2503,
2504, 2506, 2506, 2506, 2507, 2507, 2508, 2509, 2510, 2511,
2512, 2514, 2524, 2534, 2541, 2550, 2557, 2566, 2574, 2587,
2595, 2608, 2613, 2614, 2615, 2615, 2616, 2616, 2616, 2618,
2632, 2647, 2659, 2674
2265, 2265, 2266, 2266, 2268, 2278, 2287, 2294, 2301, 2308,
2315, 2322, 2329, 2334, 2335, 2336, 2336, 2337, 2337, 2338,
2338, 2339, 2340, 2341, 2342, 2343, 2344, 2346, 2354, 2361,
2369, 2377, 2384, 2391, 2400, 2409, 2418, 2427, 2436, 2445,
2450, 2451, 2452, 2454, 2460, 2470, 2477, 2486, 2494, 2500,
2501, 2503, 2503, 2503, 2504, 2504, 2505, 2506, 2507, 2508,
2509, 2511, 2521, 2531, 2538, 2547, 2554, 2563, 2571, 2584,
2592, 2605, 2610, 2611, 2612, 2612, 2613, 2613, 2613, 2615,
2629, 2644, 2656, 2671
};
#endif
@ -1103,7 +1103,7 @@ static const char *const yytname[] =
"VAR_CACHEDB_REDISTIMEOUT", "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM",
"VAR_FOR_UPSTREAM", "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER",
"VAR_URL", "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED",
"VAR_TLS_ADDITIONAL_PORTS", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL",
"VAR_TLS_ADDITIONAL_PORT", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL",
"VAR_ALLOW_NOTIFY", "VAR_TLS_WIN_CERT", "$accept", "toplevelvars",
"toplevelvar", "serverstart", "contents_server", "content_server",
"stubstart", "contents_stub", "content_stub", "forwardstart",
@ -1124,7 +1124,7 @@ static const char *const yytname[] =
"server_udp_upstream_without_downstream", "server_ssl_upstream",
"server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port",
"server_tls_cert_bundle", "server_tls_win_cert",
"server_tls_additional_ports", "server_use_systemd",
"server_tls_additional_port", "server_use_systemd",
"server_do_daemonize", "server_use_syslog", "server_log_time_ascii",
"server_log_queries", "server_log_replies", "server_chroot",
"server_username", "server_directory", "server_logfile",
@ -3022,8 +3022,8 @@ yyparse (void)
case 260:
#line 701 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(server_tls_additional_ports:%s)\n", (yyvsp[0].str)));
if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_ports,
OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str)));
if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
(yyvsp[0].str)))
yyerror("out of memory");
}
@ -5072,7 +5072,7 @@ yyparse (void)
#line 2288 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str)));
if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[0].str)))
if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str)))
yyerror("out of memory");
}
#line 5079 "util/configparser.c" /* yacc.c:1646 */
@ -5082,128 +5082,125 @@ yyparse (void)
#line 2295 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->remote_control_use_cert =
(strcmp((yyvsp[0].str), "yes")==0);
cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0);
free((yyvsp[0].str));
}
#line 5092 "util/configparser.c" /* yacc.c:1646 */
#line 5089 "util/configparser.c" /* yacc.c:1646 */
break;
case 428:
#line 2305 "util/configparser.y" /* yacc.c:1646 */
#line 2302 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->server_key_file);
cfg_parser->cfg->server_key_file = (yyvsp[0].str);
}
#line 5102 "util/configparser.c" /* yacc.c:1646 */
#line 5099 "util/configparser.c" /* yacc.c:1646 */
break;
case 429:
#line 2312 "util/configparser.y" /* yacc.c:1646 */
#line 2309 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->server_cert_file);
cfg_parser->cfg->server_cert_file = (yyvsp[0].str);
}
#line 5112 "util/configparser.c" /* yacc.c:1646 */
#line 5109 "util/configparser.c" /* yacc.c:1646 */
break;
case 430:
#line 2319 "util/configparser.y" /* yacc.c:1646 */
#line 2316 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->control_key_file);
cfg_parser->cfg->control_key_file = (yyvsp[0].str);
}
#line 5122 "util/configparser.c" /* yacc.c:1646 */
#line 5119 "util/configparser.c" /* yacc.c:1646 */
break;
case 431:
#line 2326 "util/configparser.y" /* yacc.c:1646 */
#line 2323 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->control_cert_file);
cfg_parser->cfg->control_cert_file = (yyvsp[0].str);
}
#line 5132 "util/configparser.c" /* yacc.c:1646 */
#line 5129 "util/configparser.c" /* yacc.c:1646 */
break;
case 432:
#line 2333 "util/configparser.y" /* yacc.c:1646 */
#line 2330 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("\nP(dnstap:)\n"));
}
#line 5140 "util/configparser.c" /* yacc.c:1646 */
#line 5137 "util/configparser.c" /* yacc.c:1646 */
break;
case 447:
#line 2350 "util/configparser.y" /* yacc.c:1646 */
#line 2347 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0);
}
#line 5151 "util/configparser.c" /* yacc.c:1646 */
#line 5148 "util/configparser.c" /* yacc.c:1646 */
break;
case 448:
#line 2358 "util/configparser.y" /* yacc.c:1646 */
#line 2355 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->dnstap_socket_path);
cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str);
}
#line 5161 "util/configparser.c" /* yacc.c:1646 */
#line 5158 "util/configparser.c" /* yacc.c:1646 */
break;
case 449:
#line 2365 "util/configparser.y" /* yacc.c:1646 */
#line 2362 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0);
}
#line 5172 "util/configparser.c" /* yacc.c:1646 */
#line 5169 "util/configparser.c" /* yacc.c:1646 */
break;
case 450:
#line 2373 "util/configparser.y" /* yacc.c:1646 */
#line 2370 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0);
}
#line 5183 "util/configparser.c" /* yacc.c:1646 */
#line 5180 "util/configparser.c" /* yacc.c:1646 */
break;
case 451:
#line 2381 "util/configparser.y" /* yacc.c:1646 */
#line 2378 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->dnstap_identity);
cfg_parser->cfg->dnstap_identity = (yyvsp[0].str);
}
#line 5193 "util/configparser.c" /* yacc.c:1646 */
#line 5190 "util/configparser.c" /* yacc.c:1646 */
break;
case 452:
#line 2388 "util/configparser.y" /* yacc.c:1646 */
#line 2385 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->dnstap_version);
cfg_parser->cfg->dnstap_version = (yyvsp[0].str);
}
#line 5203 "util/configparser.c" /* yacc.c:1646 */
#line 5200 "util/configparser.c" /* yacc.c:1646 */
break;
case 453:
#line 2395 "util/configparser.y" /* yacc.c:1646 */
#line 2392 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5211,11 +5208,11 @@ yyparse (void)
else cfg_parser->cfg->dnstap_log_resolver_query_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5215 "util/configparser.c" /* yacc.c:1646 */
#line 5212 "util/configparser.c" /* yacc.c:1646 */
break;
case 454:
#line 2404 "util/configparser.y" /* yacc.c:1646 */
#line 2401 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5223,11 +5220,11 @@ yyparse (void)
else cfg_parser->cfg->dnstap_log_resolver_response_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5227 "util/configparser.c" /* yacc.c:1646 */
#line 5224 "util/configparser.c" /* yacc.c:1646 */
break;
case 455:
#line 2413 "util/configparser.y" /* yacc.c:1646 */
#line 2410 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5235,11 +5232,11 @@ yyparse (void)
else cfg_parser->cfg->dnstap_log_client_query_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5239 "util/configparser.c" /* yacc.c:1646 */
#line 5236 "util/configparser.c" /* yacc.c:1646 */
break;
case 456:
#line 2422 "util/configparser.y" /* yacc.c:1646 */
#line 2419 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5247,11 +5244,11 @@ yyparse (void)
else cfg_parser->cfg->dnstap_log_client_response_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5251 "util/configparser.c" /* yacc.c:1646 */
#line 5248 "util/configparser.c" /* yacc.c:1646 */
break;
case 457:
#line 2431 "util/configparser.y" /* yacc.c:1646 */
#line 2428 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5259,11 +5256,11 @@ yyparse (void)
else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5263 "util/configparser.c" /* yacc.c:1646 */
#line 5260 "util/configparser.c" /* yacc.c:1646 */
break;
case 458:
#line 2440 "util/configparser.y" /* yacc.c:1646 */
#line 2437 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5271,29 +5268,29 @@ yyparse (void)
else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5275 "util/configparser.c" /* yacc.c:1646 */
#line 5272 "util/configparser.c" /* yacc.c:1646 */
break;
case 459:
#line 2449 "util/configparser.y" /* yacc.c:1646 */
#line 2446 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("\nP(python:)\n"));
}
#line 5283 "util/configparser.c" /* yacc.c:1646 */
#line 5280 "util/configparser.c" /* yacc.c:1646 */
break;
case 463:
#line 2458 "util/configparser.y" /* yacc.c:1646 */
#line 2455 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(python-script:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->python_script);
cfg_parser->cfg->python_script = (yyvsp[0].str);
}
#line 5293 "util/configparser.c" /* yacc.c:1646 */
#line 5290 "util/configparser.c" /* yacc.c:1646 */
break;
case 464:
#line 2464 "util/configparser.y" /* yacc.c:1646 */
#line 2461 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str)));
if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5302,21 +5299,21 @@ yyparse (void)
(strcmp((yyvsp[0].str), "yes")==0);
free((yyvsp[0].str));
}
#line 5306 "util/configparser.c" /* yacc.c:1646 */
#line 5303 "util/configparser.c" /* yacc.c:1646 */
break;
case 465:
#line 2474 "util/configparser.y" /* yacc.c:1646 */
#line 2471 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->log_identity);
cfg_parser->cfg->log_identity = (yyvsp[0].str);
}
#line 5316 "util/configparser.c" /* yacc.c:1646 */
#line 5313 "util/configparser.c" /* yacc.c:1646 */
break;
case 466:
#line 2481 "util/configparser.y" /* yacc.c:1646 */
#line 2478 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
validate_respip_action((yyvsp[0].str));
@ -5324,31 +5321,31 @@ yyparse (void)
(yyvsp[-1].str), (yyvsp[0].str)))
fatal_exit("out of memory adding response-ip");
}
#line 5328 "util/configparser.c" /* yacc.c:1646 */
#line 5325 "util/configparser.c" /* yacc.c:1646 */
break;
case 467:
#line 2490 "util/configparser.y" /* yacc.c:1646 */
#line 2487 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str)));
if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
(yyvsp[-1].str), (yyvsp[0].str)))
fatal_exit("out of memory adding response-ip-data");
}
#line 5339 "util/configparser.c" /* yacc.c:1646 */
#line 5336 "util/configparser.c" /* yacc.c:1646 */
break;
case 468:
#line 2498 "util/configparser.y" /* yacc.c:1646 */
#line 2495 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("\nP(dnscrypt:)\n"));
OUTYY(("\nP(dnscrypt:)\n"));
}
#line 5348 "util/configparser.c" /* yacc.c:1646 */
#line 5345 "util/configparser.c" /* yacc.c:1646 */
break;
case 481:
#line 2515 "util/configparser.y" /* yacc.c:1646 */
#line 2512 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5356,11 +5353,11 @@ yyparse (void)
else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0);
free((yyvsp[0].str));
}
#line 5360 "util/configparser.c" /* yacc.c:1646 */
#line 5357 "util/configparser.c" /* yacc.c:1646 */
break;
case 482:
#line 2525 "util/configparser.y" /* yacc.c:1646 */
#line 2522 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str)));
@ -5369,21 +5366,21 @@ yyparse (void)
else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str));
free((yyvsp[0].str));
}
#line 5373 "util/configparser.c" /* yacc.c:1646 */
#line 5370 "util/configparser.c" /* yacc.c:1646 */
break;
case 483:
#line 2535 "util/configparser.y" /* yacc.c:1646 */
#line 2532 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->dnscrypt_provider);
cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str);
}
#line 5383 "util/configparser.c" /* yacc.c:1646 */
#line 5380 "util/configparser.c" /* yacc.c:1646 */
break;
case 484:
#line 2542 "util/configparser.y" /* yacc.c:1646 */
#line 2539 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str)));
if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
@ -5391,21 +5388,21 @@ yyparse (void)
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
fatal_exit("out of memory adding dnscrypt-provider-cert");
}
#line 5395 "util/configparser.c" /* yacc.c:1646 */
#line 5392 "util/configparser.c" /* yacc.c:1646 */
break;
case 485:
#line 2551 "util/configparser.y" /* yacc.c:1646 */
#line 2548 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str)));
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str)))
fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
}
#line 5405 "util/configparser.c" /* yacc.c:1646 */
#line 5402 "util/configparser.c" /* yacc.c:1646 */
break;
case 486:
#line 2558 "util/configparser.y" /* yacc.c:1646 */
#line 2555 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str)));
if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
@ -5413,22 +5410,22 @@ yyparse (void)
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
fatal_exit("out of memory adding dnscrypt-secret-key");
}
#line 5417 "util/configparser.c" /* yacc.c:1646 */
#line 5414 "util/configparser.c" /* yacc.c:1646 */
break;
case 487:
#line 2567 "util/configparser.y" /* yacc.c:1646 */
#line 2564 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str)));
if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
yyerror("memory size expected");
free((yyvsp[0].str));
}
#line 5428 "util/configparser.c" /* yacc.c:1646 */
#line 5425 "util/configparser.c" /* yacc.c:1646 */
break;
case 488:
#line 2575 "util/configparser.y" /* yacc.c:1646 */
#line 2572 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str)));
if(atoi((yyvsp[0].str)) == 0)
@ -5440,22 +5437,22 @@ yyparse (void)
}
free((yyvsp[0].str));
}
#line 5444 "util/configparser.c" /* yacc.c:1646 */
#line 5441 "util/configparser.c" /* yacc.c:1646 */
break;
case 489:
#line 2588 "util/configparser.y" /* yacc.c:1646 */
#line 2585 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str)));
if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size))
yyerror("memory size expected");
free((yyvsp[0].str));
}
#line 5455 "util/configparser.c" /* yacc.c:1646 */
#line 5452 "util/configparser.c" /* yacc.c:1646 */
break;
case 490:
#line 2596 "util/configparser.y" /* yacc.c:1646 */
#line 2593 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str)));
if(atoi((yyvsp[0].str)) == 0)
@ -5467,19 +5464,19 @@ yyparse (void)
}
free((yyvsp[0].str));
}
#line 5471 "util/configparser.c" /* yacc.c:1646 */
#line 5468 "util/configparser.c" /* yacc.c:1646 */
break;
case 491:
#line 2609 "util/configparser.y" /* yacc.c:1646 */
#line 2606 "util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("\nP(cachedb:)\n"));
}
#line 5479 "util/configparser.c" /* yacc.c:1646 */
#line 5476 "util/configparser.c" /* yacc.c:1646 */
break;
case 499:
#line 2619 "util/configparser.y" /* yacc.c:1646 */
#line 2616 "util/configparser.y" /* yacc.c:1646 */
{
#ifdef USE_CACHEDB
OUTYY(("P(backend:%s)\n", (yyvsp[0].str)));
@ -5492,11 +5489,11 @@ yyparse (void)
OUTYY(("P(Compiled without cachedb, ignoring)\n"));
#endif
}
#line 5496 "util/configparser.c" /* yacc.c:1646 */
#line 5493 "util/configparser.c" /* yacc.c:1646 */
break;
case 500:
#line 2633 "util/configparser.y" /* yacc.c:1646 */
#line 2630 "util/configparser.y" /* yacc.c:1646 */
{
#ifdef USE_CACHEDB
OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str)));
@ -5510,11 +5507,11 @@ yyparse (void)
free((yyvsp[0].str));
#endif
}
#line 5514 "util/configparser.c" /* yacc.c:1646 */
#line 5511 "util/configparser.c" /* yacc.c:1646 */
break;
case 501:
#line 2648 "util/configparser.y" /* yacc.c:1646 */
#line 2645 "util/configparser.y" /* yacc.c:1646 */
{
#if defined(USE_CACHEDB) && defined(USE_REDIS)
OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str)));
@ -5525,11 +5522,11 @@ yyparse (void)
free((yyvsp[0].str));
#endif
}
#line 5529 "util/configparser.c" /* yacc.c:1646 */
#line 5526 "util/configparser.c" /* yacc.c:1646 */
break;
case 502:
#line 2660 "util/configparser.y" /* yacc.c:1646 */
#line 2657 "util/configparser.y" /* yacc.c:1646 */
{
#if defined(USE_CACHEDB) && defined(USE_REDIS)
int port;
@ -5543,11 +5540,11 @@ yyparse (void)
#endif
free((yyvsp[0].str));
}
#line 5547 "util/configparser.c" /* yacc.c:1646 */
#line 5544 "util/configparser.c" /* yacc.c:1646 */
break;
case 503:
#line 2675 "util/configparser.y" /* yacc.c:1646 */
#line 2672 "util/configparser.y" /* yacc.c:1646 */
{
#if defined(USE_CACHEDB) && defined(USE_REDIS)
OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str)));
@ -5559,11 +5556,11 @@ yyparse (void)
#endif
free((yyvsp[0].str));
}
#line 5563 "util/configparser.c" /* yacc.c:1646 */
#line 5560 "util/configparser.c" /* yacc.c:1646 */
break;
#line 5567 "util/configparser.c" /* yacc.c:1646 */
#line 5564 "util/configparser.c" /* yacc.c:1646 */
default: break;
}
/* User semantic actions sometimes alter yychar, and that requires
@ -5791,7 +5788,7 @@ yyparse (void)
#endif
return yyresult;
}
#line 2687 "util/configparser.y" /* yacc.c:1906 */
#line 2684 "util/configparser.y" /* yacc.c:1906 */
/* parse helper routines could be here */

View File

@ -280,7 +280,7 @@ extern int yydebug;
VAR_URL = 490,
VAR_FOR_DOWNSTREAM = 491,
VAR_FALLBACK_ENABLED = 492,
VAR_TLS_ADDITIONAL_PORTS = 493,
VAR_TLS_ADDITIONAL_PORT = 493,
VAR_LOW_RTT = 494,
VAR_LOW_RTT_PERMIL = 495,
VAR_ALLOW_NOTIFY = 496,
@ -523,7 +523,7 @@ extern int yydebug;
#define VAR_URL 490
#define VAR_FOR_DOWNSTREAM 491
#define VAR_FALLBACK_ENABLED 492
#define VAR_TLS_ADDITIONAL_PORTS 493
#define VAR_TLS_ADDITIONAL_PORT 493
#define VAR_LOW_RTT 494
#define VAR_LOW_RTT_PERMIL 495
#define VAR_ALLOW_NOTIFY 496

View File

@ -156,7 +156,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
%token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
%token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
%token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORTS VAR_LOW_RTT VAR_LOW_RTT_PERMIL
%token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
%token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT
%%
@ -248,7 +248,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
server_ipsecmod_whitelist | server_ipsecmod_strict |
server_udp_upstream_without_downstream | server_aggressive_nsec |
server_tls_cert_bundle | server_tls_additional_ports | server_low_rtt |
server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
server_low_rtt_permil | server_tls_win_cert
;
stubstart: VAR_STUB_ZONE
@ -697,10 +697,10 @@ server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
free($2);
}
;
server_tls_additional_ports: VAR_TLS_ADDITIONAL_PORTS STRING_ARG
server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
{
OUTYY(("P(server_tls_additional_ports:%s)\n", $2));
if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_ports,
OUTYY(("P(server_tls_additional_port:%s)\n", $2));
if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
$2))
yyerror("out of memory");
}
@ -2287,17 +2287,14 @@ rc_control_port: VAR_CONTROL_PORT STRING_ARG
rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
{
OUTYY(("P(control_interface:%s)\n", $2));
if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, $2))
if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
yyerror("out of memory");
}
;
rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
{
OUTYY(("P(control_use_cert:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->remote_control_use_cert =
(strcmp($2, "yes")==0);
cfg_parser->cfg->control_use_cert = (strcmp($2, "yes")==0);
free($2);
}
;