Upgrade to Unbound 1.5.1. Almost all our local changes to date have been
adopted upstream, greatly reducing the diff.
This commit is contained in:
commit
7e4640559c
@ -19,9 +19,10 @@ libtool=@libtool@
|
||||
staticexe=@staticexe@
|
||||
EXEEXT=@EXEEXT@
|
||||
configfile=@ub_conf_file@
|
||||
UNBOUND_RUN_DIR=@UNBOUND_RUN_DIR@
|
||||
CHECKLOCK_SRC=testcode/checklocks.c
|
||||
CHECKLOCK_OBJ=@CHECKLOCK_OBJ@
|
||||
DNSTAP_SRC=@DNSTAP_SRC@
|
||||
DNSTAP_OBJ=@DNSTAP_OBJ@
|
||||
WITH_PYTHONMODULE=@WITH_PYTHONMODULE@
|
||||
WITH_PYUNBOUND=@WITH_PYUNBOUND@
|
||||
PYTHON_SITE_PKG=@PYTHON_SITE_PKG@
|
||||
@ -44,6 +45,7 @@ PYUNBOUND_TARGET=@PYUNBOUND_TARGET@
|
||||
# K&R C compilers), but causes problems if $U is defined in the env).
|
||||
U=
|
||||
|
||||
PROTOC_C=@PROTOC_C@
|
||||
SWIG=@SWIG@
|
||||
YACC=@YACC@
|
||||
LEX=@LEX@
|
||||
@ -56,6 +58,7 @@ LIBS=@LIBS@
|
||||
LIBOBJS=@LIBOBJS@
|
||||
# filter out ctime_r from compat obj.
|
||||
LIBOBJ_WITHOUT_CTIME=@LIBOBJ_WITHOUT_CTIME@
|
||||
LIBOBJ_WITHOUT_CTIMEARC4=@LIBOBJ_WITHOUT_CTIMEARC4@
|
||||
RUNTIME_PATH=@RUNTIME_PATH@
|
||||
DEPFLAG=@DEPFLAG@
|
||||
DATE=@CONFIG_DATE@
|
||||
@ -69,15 +72,15 @@ LINT=splint
|
||||
LINTFLAGS=+quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -preproc -Drlimit=rlimit64 -D__gnuc_va_list=va_list -formatcode
|
||||
#-Dglob64=glob -Dglobfree64=globfree
|
||||
# compat with openssl linux edition.
|
||||
LINTFLAGS+="-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned" -D"ECDSA_SIG=DSA_SIG"
|
||||
LINTFLAGS+="-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned" -D"ECDSA_SIG=DSA_SIG" -Dfstrm_res=int
|
||||
# compat with NetBSD
|
||||
LINTFLAGS+=@NETBSD_LINTFLAGS@
|
||||
# compat with OpenBSD
|
||||
LINTFLAGS+="-Dsigset_t=long"
|
||||
# FreeBSD
|
||||
LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int"
|
||||
LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=int" "-D__va_list=va_list"
|
||||
|
||||
INSTALL=$(srcdir)/install-sh
|
||||
INSTALL=$(SHELL) $(srcdir)/install-sh
|
||||
|
||||
#pythonmod.c is not here, it is mentioned by itself in its own rules,
|
||||
#makedepend fails on missing interface.h otherwise.
|
||||
@ -106,7 +109,7 @@ util/winsock_event.c validator/autotrust.c validator/val_anchor.c \
|
||||
validator/validator.c validator/val_kcache.c validator/val_kentry.c \
|
||||
validator/val_neg.c validator/val_nsec3.c validator/val_nsec.c \
|
||||
validator/val_secalgo.c validator/val_sigcrypt.c \
|
||||
validator/val_utils.c $(CHECKLOCK_SRC)
|
||||
validator/val_utils.c dns64/dns64.c $(CHECKLOCK_SRC) $(DNSTAP_SRC)
|
||||
COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
|
||||
msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
|
||||
iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \
|
||||
@ -116,7 +119,8 @@ fptr_wlist.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \
|
||||
random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \
|
||||
slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \
|
||||
validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
|
||||
val_secalgo.lo val_sigcrypt.lo val_utils.lo $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ)
|
||||
val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo \
|
||||
$(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ)
|
||||
COMMON_OBJ=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
|
||||
outside_network.lo
|
||||
# set to $COMMON_OBJ or to "" if --enableallsymbols
|
||||
@ -124,9 +128,13 @@ COMMON_OBJ_ALL_SYMBOLS=@COMMON_OBJ_ALL_SYMBOLS@
|
||||
COMPAT_SRC=compat/ctime_r.c compat/fake-rfc2553.c compat/gmtime_r.c \
|
||||
compat/inet_aton.c compat/inet_ntop.c compat/inet_pton.c compat/malloc.c \
|
||||
compat/memcmp.c compat/memmove.c compat/snprintf.c compat/strlcat.c \
|
||||
compat/strlcpy.c compat/strptime.c
|
||||
compat/strlcpy.c compat/strptime.c compat/getentropy_linux.c \
|
||||
compat/getentropy_osx.c compat/getentropy_solaris.c compat/getentropy_win.c \
|
||||
compat/explicit_bzero.c compat/arc4random.c compat/arc4random_uniform.c \
|
||||
compat/arc4_lock.c compat/sha512.c
|
||||
COMPAT_OBJ=$(LIBOBJS:.o=.lo)
|
||||
COMPAT_OBJ_WITHOUT_CTIME=$(LIBOBJ_WITHOUT_CTIME:.o=.lo)
|
||||
COMPAT_OBJ_WITHOUT_CTIMEARC4=$(LIBOBJ_WITHOUT_CTIMEARC4:.o=.lo)
|
||||
SLDNS_SRC=ldns/keyraw.c ldns/sbuffer.c ldns/wire2str.c ldns/parse.c \
|
||||
ldns/parseutil.c ldns/rrdef.c ldns/str2wire.c
|
||||
SLDNS_OBJ=keyraw.lo sbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \
|
||||
@ -156,7 +164,7 @@ CONTROL_OBJ_LINK=$(CONTROL_OBJ) worker_cb.lo $(COMMON_OBJ_ALL_SYMBOLS) \
|
||||
$(SLDNS_OBJ) $(COMPAT_OBJ) @WIN_CONTROL_OBJ_LINK@
|
||||
HOST_SRC=smallapp/unbound-host.c
|
||||
HOST_OBJ=unbound-host.lo
|
||||
HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIME) @WIN_HOST_OBJ_LINK@
|
||||
HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) @WIN_HOST_OBJ_LINK@
|
||||
UBANCHOR_SRC=smallapp/unbound-anchor.c
|
||||
UBANCHOR_OBJ=unbound-anchor.lo
|
||||
UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) \
|
||||
@ -173,7 +181,7 @@ LOCKVERIFY_OBJ_LINK=$(LOCKVERIFY_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \
|
||||
$(SLDNS_OBJ)
|
||||
PETAL_SRC=testcode/petal.c
|
||||
PETAL_OBJ=petal.lo
|
||||
PETAL_OBJ_LINK=$(PETAL_OBJ) $(COMPAT_OBJ_WITHOUT_CTIME)
|
||||
PETAL_OBJ_LINK=$(PETAL_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4)
|
||||
PKTVIEW_SRC=testcode/pktview.c testcode/readhex.c
|
||||
PKTVIEW_OBJ=pktview.lo
|
||||
PKTVIEW_OBJ_LINK=$(PKTVIEW_OBJ) worker_cb.lo readhex.lo $(COMMON_OBJ) \
|
||||
@ -348,10 +356,22 @@ signit$(EXEEXT): testcode/signit.c
|
||||
unbound.h: $(srcdir)/libunbound/unbound.h
|
||||
sed -e 's/@''UNBOUND_VERSION_MAJOR@/$(UNBOUND_VERSION_MAJOR)/' -e 's/@''UNBOUND_VERSION_MINOR@/$(UNBOUND_VERSION_MINOR)/' -e 's/@''UNBOUND_VERSION_MICRO@/$(UNBOUND_VERSION_MICRO)/' < $(srcdir)/libunbound/unbound.h > $@
|
||||
|
||||
unbound-control-setup: $(srcdir)/smallapp/unbound-control-setup.sh
|
||||
sed -e 's:^DESTDIR=.*$$:DESTDIR=$(UNBOUND_RUN_DIR):' < $(srcdir)/smallapp/unbound-control-setup.sh > $@
|
||||
unbound-control-setup: smallapp/unbound-control-setup.sh
|
||||
cp smallapp/unbound-control-setup.sh $@
|
||||
-chmod +x $@
|
||||
|
||||
# dnstap
|
||||
dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h dnstap/dnstap_config.h \
|
||||
dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h $(srcdir)/dnstap/dnstap.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/net_help.h
|
||||
|
||||
dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto
|
||||
@-if test ! -d dnstap; then $(INSTALL) -d dnstap; fi
|
||||
$(PROTOC_C) --c_out=. $(srcdir)/dnstap/dnstap.proto
|
||||
|
||||
dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h
|
||||
|
||||
# Python Module
|
||||
pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \
|
||||
pythonmod/interface.h \
|
||||
@ -377,7 +397,7 @@ libunbound/python/libunbound_wrap.c: $(srcdir)/libunbound/python/libunbound.i un
|
||||
|
||||
# Pyunbound python unbound wrapper
|
||||
_unbound.la: libunbound_wrap.lo libunbound.la
|
||||
$(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -module -version-info @LIBUNBOUND_CURRENT@:@LIBUNBOUND_REVISION@:@LIBUNBOUND_AGE@ -no-undefined -o $@ libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) L. -L.libs -lunbound $(LIBS)
|
||||
$(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@ libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) L. -L.libs -lunbound
|
||||
|
||||
util/config_file.c: util/configparser.h
|
||||
util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h
|
||||
@ -412,7 +432,7 @@ realclean: clean
|
||||
$(LINT) $(LINTFLAGS) -I. -I$(srcdir) $<
|
||||
touch $@
|
||||
|
||||
util/configparser.lint util/configlexer.lint pythonmod/pythonmod.lint libunbound/python/libunbound_wrap.lint:
|
||||
util/configparser.lint util/configlexer.lint pythonmod/pythonmod.lint libunbound/python/libunbound_wrap.lint dnstap/dnstap.pb-c.lint:
|
||||
# skip lint for generated code
|
||||
touch $@
|
||||
|
||||
@ -495,7 +515,7 @@ install-all: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL) $(UNBOUND_EVENT_INSTA
|
||||
$(INSTALL) -c -m 644 doc/unbound-control.8 $(DESTDIR)$(mandir)/man8/unbound-control-setup.8
|
||||
$(INSTALL) -c -m 644 doc/unbound-anchor.8 $(DESTDIR)$(mandir)/man8
|
||||
$(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5
|
||||
$(INSTALL) -c -m 644 $(srcdir)/doc/unbound-host.1 $(DESTDIR)$(mandir)/man1
|
||||
$(INSTALL) -c -m 644 doc/unbound-host.1 $(DESTDIR)$(mandir)/man1
|
||||
$(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup
|
||||
if test ! -e $(DESTDIR)$(configfile); then $(INSTALL) -d `dirname $(DESTDIR)$(configfile)`; $(INSTALL) -c -m 644 doc/example.conf $(DESTDIR)$(configfile); fi
|
||||
|
||||
@ -572,3 +592,617 @@ depend:
|
||||
rm -f $(DEPEND_TMP) $(DEPEND_TMP2)
|
||||
|
||||
# Dependencies
|
||||
dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h
|
||||
infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h
|
||||
rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/config_file.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h
|
||||
dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/storage/lookup3.h $(srcdir)/ldns/sbuffer.h
|
||||
msgencode.lo msgencode.o: $(srcdir)/util/data/msgencode.c config.h $(srcdir)/util/data/msgencode.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/ldns/sbuffer.h
|
||||
msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/parseutil.h \
|
||||
$(srcdir)/ldns/wire2str.h
|
||||
msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h
|
||||
packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h
|
||||
iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterator/iterator.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/iterator/iter_utils.h \
|
||||
$(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \
|
||||
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \
|
||||
$(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/config_file.h $(srcdir)/ldns/wire2str.h \
|
||||
$(srcdir)/ldns/parseutil.h $(srcdir)/ldns/sbuffer.h
|
||||
iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/sbuffer.h
|
||||
iter_donotq.lo iter_donotq.o: $(srcdir)/iterator/iter_donotq.c config.h $(srcdir)/iterator/iter_donotq.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h
|
||||
iter_fwd.lo iter_fwd.o: $(srcdir)/iterator/iter_fwd.c config.h $(srcdir)/iterator/iter_fwd.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/str2wire.h
|
||||
iter_hints.lo iter_hints.o: $(srcdir)/iterator/iter_hints.c config.h $(srcdir)/iterator/iter_hints.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/str2wire.h \
|
||||
$(srcdir)/ldns/wire2str.h
|
||||
iter_priv.lo iter_priv.o: $(srcdir)/iterator/iter_priv.c config.h $(srcdir)/iterator/iter_priv.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/sbuffer.h
|
||||
iter_resptype.lo iter_resptype.o: $(srcdir)/iterator/iter_resptype.c config.h \
|
||||
$(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/pkthdr.h
|
||||
iter_scrub.lo iter_scrub.o: $(srcdir)/iterator/iter_scrub.c config.h $(srcdir)/iterator/iter_scrub.h \
|
||||
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/iterator/iter_priv.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/alloc.h $(srcdir)/ldns/sbuffer.h
|
||||
iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/iterator/iter_utils.h \
|
||||
$(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \
|
||||
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
|
||||
$(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
|
||||
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/ldns/sbuffer.h
|
||||
listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/outside_network.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/ldns/sbuffer.h
|
||||
localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/ldns/sbuffer.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h
|
||||
mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h
|
||||
modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
|
||||
outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/netevent.h
|
||||
outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \
|
||||
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h \
|
||||
|
||||
alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
||||
config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/parseutil.h \
|
||||
$(srcdir)/util/iana_ports.inc
|
||||
configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \
|
||||
$(srcdir)/util/config_file.h util/configparser.h
|
||||
configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
|
||||
fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \
|
||||
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \
|
||||
$(srcdir)/validator/autotrust.h $(srcdir)/util/storage/dnstree.h $(srcdir)/libunbound/libworker.h \
|
||||
$(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h $(srcdir)/util/config_file.h
|
||||
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
|
||||
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/ldns/sbuffer.h
|
||||
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
||||
module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h
|
||||
netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
|
||||
net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/ldns/parseutil.h \
|
||||
$(srcdir)/ldns/wire2str.h \
|
||||
|
||||
random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h
|
||||
rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
||||
regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h
|
||||
rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h
|
||||
dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/net_help.h
|
||||
lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/storage/lookup3.h
|
||||
lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/modstack.h
|
||||
slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
|
||||
timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h
|
||||
tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/services/mesh.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
||||
winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h
|
||||
autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h \
|
||||
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h \
|
||||
$(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/keyraw.h \
|
||||
|
||||
val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/str2wire.h
|
||||
validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/validator/val_kcache.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h \
|
||||
$(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/autotrust.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/ldns/wire2str.h
|
||||
val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h
|
||||
val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/keyraw.h \
|
||||
|
||||
val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \
|
||||
$(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/sbuffer.h
|
||||
val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h \
|
||||
$(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kentry.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/validator/val_nsec.h $(srcdir)/ldns/sbuffer.h
|
||||
val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/validator/val_nsec.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/validator/val_utils.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
|
||||
val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/validator/val_secalgo.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/keyraw.h \
|
||||
$(srcdir)/ldns/sbuffer.h \
|
||||
|
||||
val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \
|
||||
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/ldns/keyraw.h \
|
||||
$(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/parseutil.h $(srcdir)/ldns/wire2str.h \
|
||||
|
||||
val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/validator/val_kentry.h \
|
||||
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h
|
||||
dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/regional.h
|
||||
checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/testcode/checklocks.h
|
||||
unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \
|
||||
$(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/rrdef.h
|
||||
unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h
|
||||
unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h
|
||||
unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/keyraw.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/random.h
|
||||
unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/testcode/readhex.h \
|
||||
$(srcdir)/testcode/testpkts.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/wire2str.h
|
||||
unitneg.lo unitneg.o: $(srcdir)/testcode/unitneg.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/ldns/rrdef.h
|
||||
unitregional.lo unitregional.o: $(srcdir)/testcode/unitregional.c config.h $(srcdir)/testcode/unitmain.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/regional.h
|
||||
unitslabhash.lo unitslabhash.o: $(srcdir)/testcode/unitslabhash.c config.h $(srcdir)/testcode/unitmain.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
|
||||
unitverify.lo unitverify.o: $(srcdir)/testcode/unitverify.c config.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/validator/val_secalgo.h \
|
||||
$(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/validator/val_utils.h \
|
||||
$(srcdir)/testcode/testpkts.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/keyraw.h \
|
||||
$(srcdir)/ldns/str2wire.h $(srcdir)/ldns/wire2str.h
|
||||
readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/parseutil.h
|
||||
testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/str2wire.h $(srcdir)/ldns/wire2str.h
|
||||
unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \
|
||||
$(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/wire2str.h
|
||||
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h
|
||||
cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \
|
||||
$(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
|
||||
$(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h \
|
||||
$(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h
|
||||
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/ldns/keyraw.h
|
||||
remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \
|
||||
$(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
|
||||
$(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/services/outside_network.h $(srcdir)/ldns/str2wire.h \
|
||||
$(srcdir)/ldns/parseutil.h $(srcdir)/ldns/wire2str.h
|
||||
stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/daemon/daemon.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/outside_network.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
|
||||
unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/mini_event.h \
|
||||
$(srcdir)/util/rbtree.h
|
||||
worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \
|
||||
$(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/libunbound/libworker.h
|
||||
testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
|
||||
$(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \
|
||||
$(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/ldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
|
||||
testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/str2wire.h $(srcdir)/ldns/wire2str.h
|
||||
worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \
|
||||
$(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/libunbound/libworker.h
|
||||
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h
|
||||
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/ldns/keyraw.h
|
||||
stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/daemon/daemon.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/outside_network.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
|
||||
replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/testcode/testpkts.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h
|
||||
fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h \
|
||||
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h
|
||||
lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h
|
||||
pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/ldns/parseutil.h
|
||||
readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/parseutil.h
|
||||
memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h
|
||||
unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c config.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/ldns/sbuffer.h
|
||||
worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h
|
||||
context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/ldns/sbuffer.h
|
||||
libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/libworker.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/ldns/sbuffer.h
|
||||
libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
|
||||
$(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h \
|
||||
$(srcdir)/ldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \
|
||||
$(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h $(srcdir)/ldns/str2wire.h
|
||||
unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/wire2str.h
|
||||
asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/ldns/rrdef.h
|
||||
streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/ldns/str2wire.h $(srcdir)/ldns/wire2str.h \
|
||||
|
||||
perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h
|
||||
delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h
|
||||
unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h
|
||||
unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/ldns/rrdef.h \
|
||||
|
||||
petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \
|
||||
|
||||
pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/ldns/sbuffer.h
|
||||
win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/winsock_event.h
|
||||
w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h
|
||||
unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \
|
||||
$(srcdir)/winrc/w_inst.h
|
||||
unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-service-remove.c config.h \
|
||||
$(srcdir)/winrc/w_inst.h
|
||||
anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/wire2str.h
|
||||
keyraw.lo keyraw.o: $(srcdir)/ldns/keyraw.c config.h $(srcdir)/ldns/keyraw.h \
|
||||
$(srcdir)/ldns/rrdef.h \
|
||||
|
||||
sbuffer.lo sbuffer.o: $(srcdir)/ldns/sbuffer.c config.h $(srcdir)/ldns/sbuffer.h
|
||||
wire2str.lo wire2str.o: $(srcdir)/ldns/wire2str.c config.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h \
|
||||
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/parseutil.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/keyraw.h \
|
||||
|
||||
parse.lo parse.o: $(srcdir)/ldns/parse.c config.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/parseutil.h \
|
||||
$(srcdir)/ldns/sbuffer.h
|
||||
parseutil.lo parseutil.o: $(srcdir)/ldns/parseutil.c config.h $(srcdir)/ldns/parseutil.h
|
||||
rrdef.lo rrdef.o: $(srcdir)/ldns/rrdef.c config.h $(srcdir)/ldns/rrdef.h $(srcdir)/ldns/parseutil.h
|
||||
str2wire.lo str2wire.o: $(srcdir)/ldns/str2wire.c config.h $(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h \
|
||||
$(srcdir)/ldns/wire2str.h $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/parseutil.h
|
||||
ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
|
||||
fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h
|
||||
gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h
|
||||
inet_aton.lo inet_aton.o: $(srcdir)/compat/inet_aton.c config.h
|
||||
inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
|
||||
inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
|
||||
malloc.lo malloc.o: $(srcdir)/compat/malloc.c config.h
|
||||
memcmp.lo memcmp.o: $(srcdir)/compat/memcmp.c config.h
|
||||
memmove.lo memmove.o: $(srcdir)/compat/memmove.c config.h
|
||||
snprintf.lo snprintf.o: $(srcdir)/compat/snprintf.c config.h
|
||||
strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h
|
||||
strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
|
||||
strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h
|
||||
getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \
|
||||
|
||||
getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
|
||||
getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
|
||||
getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
|
||||
explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
|
||||
arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
|
||||
arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h
|
||||
arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h $(srcdir)/util/locks.h
|
||||
sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
|
||||
|
17
contrib/unbound/aclocal.m4
vendored
17
contrib/unbound/aclocal.m4
vendored
@ -1,6 +1,6 @@
|
||||
# generated automatically by aclocal 1.12.2 -*- Autoconf -*-
|
||||
# generated automatically by aclocal 1.13.4 -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1996-2012 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
|
||||
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
@ -11,6 +11,7 @@
|
||||
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
# PARTICULAR PURPOSE.
|
||||
|
||||
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
|
||||
# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
|
||||
#
|
||||
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
|
||||
@ -1317,7 +1318,7 @@ ia64-*-hpux*)
|
||||
rm -rf conftest*
|
||||
;;
|
||||
|
||||
x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
|
||||
x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
|
||||
s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
|
||||
# Find out which ABI we are using.
|
||||
echo 'int i;' > conftest.$ac_ext
|
||||
@ -1331,7 +1332,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
|
||||
x86_64-*linux*)
|
||||
LD="${LD-ld} -m elf_i386"
|
||||
;;
|
||||
ppc64-*linux*|powerpc64-*linux*)
|
||||
powerpc64le-*linux*)
|
||||
LD="${LD-ld} -m elf32lppclinux"
|
||||
;;
|
||||
powerpc64-*linux*)
|
||||
LD="${LD-ld} -m elf32ppclinux"
|
||||
;;
|
||||
s390x-*linux*)
|
||||
@ -1350,7 +1354,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
|
||||
x86_64-*linux*)
|
||||
LD="${LD-ld} -m elf_x86_64"
|
||||
;;
|
||||
ppc*-*linux*|powerpc*-*linux*)
|
||||
powerpcle-*linux*)
|
||||
LD="${LD-ld} -m elf64lppc"
|
||||
;;
|
||||
powerpc-*linux*)
|
||||
LD="${LD-ld} -m elf64ppc"
|
||||
;;
|
||||
s390*-*linux*|s390*-*tpf*)
|
||||
|
@ -14,57 +14,10 @@ AC_DEFUN([AC_PYTHON_DEVEL],[
|
||||
fi
|
||||
|
||||
if test -z "$PYTHON_VERSION"; then
|
||||
PYTHON_VERSION=`$PYTHON -c "import sys, string; \
|
||||
print string.split(sys.version)[[0]]"`
|
||||
PYTHON_VERSION=`$PYTHON -c "import sys; \
|
||||
print(sys.version.split()[[0]])"`
|
||||
fi
|
||||
|
||||
#
|
||||
# Check for a version of Python >= 2.1.0
|
||||
#
|
||||
AC_MSG_CHECKING([for a version of Python >= '2.1.0'])
|
||||
ac_supports_python_ver=`$PYTHON -c "import sys, string; \
|
||||
ver = string.split(sys.version)[[0]]; \
|
||||
print ver >= '2.1.0'"`
|
||||
if test "$ac_supports_python_ver" != "True"; then
|
||||
if test -z "$PYTHON_NOVERSIONCHECK"; then
|
||||
AC_MSG_RESULT([no])
|
||||
AC_MSG_FAILURE([
|
||||
This version of the AC@&t@_PYTHON_DEVEL macro
|
||||
doesn't work properly with versions of Python before
|
||||
2.1.0. You may need to re-run configure, setting the
|
||||
variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
|
||||
PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
|
||||
Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
|
||||
to something else than an empty string.
|
||||
])
|
||||
else
|
||||
AC_MSG_RESULT([skip at user request])
|
||||
fi
|
||||
else
|
||||
AC_MSG_RESULT([yes])
|
||||
fi
|
||||
|
||||
#
|
||||
# if the macro parameter ``version'' is set, honour it
|
||||
#
|
||||
if test -n "$1"; then
|
||||
AC_MSG_CHECKING([for a version of Python $1])
|
||||
ac_supports_python_ver=`$PYTHON -c "import sys, string; \
|
||||
ver = string.split(sys.version)[[0]]; \
|
||||
print ver $1"`
|
||||
if test "$ac_supports_python_ver" = "True"; then
|
||||
AC_MSG_RESULT([yes])
|
||||
else
|
||||
AC_MSG_RESULT([no])
|
||||
AC_MSG_ERROR([this package requires Python $1.
|
||||
If you have it installed, but it isn't the default Python
|
||||
interpreter in your system path, please pass the PYTHON_VERSION
|
||||
variable to configure. See ``configure --help'' for reference.
|
||||
])
|
||||
PYTHON_VERSION=""
|
||||
fi
|
||||
fi
|
||||
|
||||
#
|
||||
# Check if you have distutils, else fail
|
||||
#
|
||||
@ -86,7 +39,7 @@ $ac_distutils_result])
|
||||
AC_MSG_CHECKING([for Python include path])
|
||||
if test -z "$PYTHON_CPPFLAGS"; then
|
||||
python_path=`$PYTHON -c "import distutils.sysconfig; \
|
||||
print distutils.sysconfig.get_python_inc();"`
|
||||
print(distutils.sysconfig.get_python_inc());"`
|
||||
if test -n "${python_path}"; then
|
||||
python_path="-I$python_path"
|
||||
fi
|
||||
@ -100,25 +53,8 @@ $ac_distutils_result])
|
||||
#
|
||||
AC_MSG_CHECKING([for Python library path])
|
||||
if test -z "$PYTHON_LDFLAGS"; then
|
||||
# (makes two attempts to ensure we've got a version number
|
||||
# from the interpreter)
|
||||
py_version=`$PYTHON -c "from distutils.sysconfig import *; \
|
||||
from string import join; \
|
||||
print join(get_config_vars('VERSION'))"`
|
||||
if test "$py_version" = "[None]"; then
|
||||
if test -n "$PYTHON_VERSION"; then
|
||||
py_version=$PYTHON_VERSION
|
||||
else
|
||||
py_version=`$PYTHON -c "import sys; \
|
||||
print sys.version[[:3]]"`
|
||||
fi
|
||||
fi
|
||||
|
||||
PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \
|
||||
from string import join; \
|
||||
print '-L' + get_python_lib(0,1), \
|
||||
'-L' + os.path.dirname(get_python_lib(0,1)), \
|
||||
'-lpython';"`$py_version
|
||||
print(get_config_var('BLDLIBRARY'));"`
|
||||
fi
|
||||
AC_MSG_RESULT([$PYTHON_LDFLAGS])
|
||||
AC_SUBST([PYTHON_LDFLAGS])
|
||||
@ -129,35 +65,11 @@ $ac_distutils_result])
|
||||
AC_MSG_CHECKING([for Python site-packages path])
|
||||
if test -z "$PYTHON_SITE_PKG"; then
|
||||
PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \
|
||||
print distutils.sysconfig.get_python_lib(1,0);"`
|
||||
print(distutils.sysconfig.get_python_lib(1,0));"`
|
||||
fi
|
||||
AC_MSG_RESULT([$PYTHON_SITE_PKG])
|
||||
AC_SUBST([PYTHON_SITE_PKG])
|
||||
|
||||
#
|
||||
# libraries which must be linked in when embedding
|
||||
#
|
||||
AC_MSG_CHECKING(python extra libraries)
|
||||
if test -z "$PYTHON_EXTRA_LIBS"; then
|
||||
PYTHON_EXTRA_LIBS=`$PYTHON -c "import distutils.sysconfig; \
|
||||
conf = distutils.sysconfig.get_config_var; \
|
||||
print conf('LOCALMODLIBS'), conf('LIBS')"`
|
||||
fi
|
||||
AC_MSG_RESULT([$PYTHON_EXTRA_LIBS])
|
||||
AC_SUBST(PYTHON_EXTRA_LIBS)
|
||||
|
||||
#
|
||||
# linking flags needed when embedding
|
||||
#
|
||||
AC_MSG_CHECKING(python extra linking flags)
|
||||
if test -z "$PYTHON_EXTRA_LDFLAGS"; then
|
||||
PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import distutils.sysconfig; \
|
||||
conf = distutils.sysconfig.get_config_var; \
|
||||
print conf('LINKFORSHARED')"`
|
||||
fi
|
||||
AC_MSG_RESULT([$PYTHON_EXTRA_LDFLAGS])
|
||||
AC_SUBST(PYTHON_EXTRA_LDFLAGS)
|
||||
|
||||
#
|
||||
# final check to see if everything compiles alright
|
||||
#
|
||||
|
67
contrib/unbound/compat/arc4_lock.c
Normal file
67
contrib/unbound/compat/arc4_lock.c
Normal file
@ -0,0 +1,67 @@
|
||||
/* arc4_lock.c - global lock for arc4random
|
||||
*
|
||||
* Copyright (c) 2014, NLnet Labs. All rights reserved.
|
||||
*
|
||||
* This software is open source.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "config.h"
|
||||
#define LOCKRET(func) func
|
||||
#include "util/locks.h"
|
||||
|
||||
void _ARC4_LOCK(void);
|
||||
void _ARC4_UNLOCK(void);
|
||||
|
||||
#ifdef THREADS_DISABLED
|
||||
void _ARC4_LOCK(void)
|
||||
{
|
||||
}
|
||||
|
||||
void _ARC4_UNLOCK(void)
|
||||
{
|
||||
}
|
||||
#else /* !THREADS_DISABLED */
|
||||
|
||||
static lock_quick_t arc4lock;
|
||||
static int arc4lockinit = 0;
|
||||
|
||||
void _ARC4_LOCK(void)
|
||||
{
|
||||
if(!arc4lockinit) {
|
||||
arc4lockinit = 1;
|
||||
lock_quick_init(&arc4lock);
|
||||
}
|
||||
lock_quick_lock(&arc4lock);
|
||||
}
|
||||
|
||||
void _ARC4_UNLOCK(void)
|
||||
{
|
||||
lock_quick_unlock(&arc4lock);
|
||||
}
|
||||
#endif /* THREADS_DISABLED */
|
231
contrib/unbound/compat/arc4random.c
Normal file
231
contrib/unbound/compat/arc4random.c
Normal file
@ -0,0 +1,231 @@
|
||||
/* $OpenBSD: arc4random.c,v 1.41 2014/07/12 13:24:54 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1996, David Mazieres <dm@uun.org>
|
||||
* Copyright (c) 2008, Damien Miller <djm@openbsd.org>
|
||||
* Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "config.h"
|
||||
|
||||
/*
|
||||
* ChaCha based random number generator for OpenBSD.
|
||||
*/
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <limits.h>
|
||||
#include <signal.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/time.h>
|
||||
#ifndef UB_ON_WINDOWS
|
||||
#include <sys/mman.h>
|
||||
#endif
|
||||
|
||||
#define KEYSTREAM_ONLY
|
||||
#include "chacha_private.h"
|
||||
|
||||
#define arc4_min(a, b) ((a) < (b) ? (a) : (b))
|
||||
#ifdef __GNUC__
|
||||
#define inline __inline
|
||||
#else /* !__GNUC__ */
|
||||
#define inline
|
||||
#endif /* !__GNUC__ */
|
||||
|
||||
#define KEYSZ 32
|
||||
#define IVSZ 8
|
||||
#define BLOCKSZ 64
|
||||
#define RSBUFSZ (16*BLOCKSZ)
|
||||
|
||||
/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
|
||||
static struct {
|
||||
size_t rs_have; /* valid bytes at end of rs_buf */
|
||||
size_t rs_count; /* bytes till reseed */
|
||||
} *rs;
|
||||
|
||||
/* Preserved in fork children. */
|
||||
static struct {
|
||||
chacha_ctx rs_chacha; /* chacha context for random keystream */
|
||||
u_char rs_buf[RSBUFSZ]; /* keystream blocks */
|
||||
} *rsx;
|
||||
|
||||
static inline void _rs_rekey(u_char *dat, size_t datlen);
|
||||
|
||||
static inline void
|
||||
_rs_init(u_char *buf, size_t n)
|
||||
{
|
||||
if (n < KEYSZ + IVSZ)
|
||||
return;
|
||||
|
||||
if (rs == NULL) {
|
||||
#ifndef UB_ON_WINDOWS
|
||||
if ((rs = mmap(NULL, sizeof(*rs), PROT_READ|PROT_WRITE,
|
||||
MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
|
||||
abort();
|
||||
#ifdef MAP_INHERIT_ZERO
|
||||
if (minherit(rs, sizeof(*rs), MAP_INHERIT_ZERO) == -1)
|
||||
abort();
|
||||
#endif
|
||||
#else /* WINDOWS */
|
||||
rs = malloc(sizeof(*rs));
|
||||
if(!rs)
|
||||
abort();
|
||||
#endif
|
||||
}
|
||||
if (rsx == NULL) {
|
||||
#ifndef UB_ON_WINDOWS
|
||||
if ((rsx = mmap(NULL, sizeof(*rsx), PROT_READ|PROT_WRITE,
|
||||
MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
|
||||
abort();
|
||||
#else /* WINDOWS */
|
||||
rsx = malloc(sizeof(*rsx));
|
||||
if(!rsx)
|
||||
abort();
|
||||
#endif
|
||||
}
|
||||
|
||||
chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0);
|
||||
chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ);
|
||||
}
|
||||
|
||||
static void
|
||||
_rs_stir(void)
|
||||
{
|
||||
u_char rnd[KEYSZ + IVSZ];
|
||||
|
||||
if (getentropy(rnd, sizeof rnd) == -1) {
|
||||
#ifdef SIGKILL
|
||||
raise(SIGKILL);
|
||||
#else
|
||||
exit(9); /* windows */
|
||||
#endif
|
||||
}
|
||||
|
||||
if (!rs)
|
||||
_rs_init(rnd, sizeof(rnd));
|
||||
else
|
||||
_rs_rekey(rnd, sizeof(rnd));
|
||||
explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */
|
||||
|
||||
/* invalidate rs_buf */
|
||||
rs->rs_have = 0;
|
||||
memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
|
||||
|
||||
rs->rs_count = 1600000;
|
||||
}
|
||||
|
||||
static inline void
|
||||
_rs_stir_if_needed(size_t len)
|
||||
{
|
||||
#ifndef MAP_INHERIT_ZERO
|
||||
static pid_t _rs_pid = 0;
|
||||
pid_t pid = getpid();
|
||||
|
||||
/* If a system lacks MAP_INHERIT_ZERO, resort to getpid() */
|
||||
if (_rs_pid == 0 || _rs_pid != pid) {
|
||||
_rs_pid = pid;
|
||||
if (rs)
|
||||
rs->rs_count = 0;
|
||||
}
|
||||
#endif
|
||||
if (!rs || rs->rs_count <= len)
|
||||
_rs_stir();
|
||||
if (rs->rs_count <= len)
|
||||
rs->rs_count = 0;
|
||||
else
|
||||
rs->rs_count -= len;
|
||||
}
|
||||
|
||||
static inline void
|
||||
_rs_rekey(u_char *dat, size_t datlen)
|
||||
{
|
||||
#ifndef KEYSTREAM_ONLY
|
||||
memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
|
||||
#endif
|
||||
/* fill rs_buf with the keystream */
|
||||
chacha_encrypt_bytes(&rsx->rs_chacha, rsx->rs_buf,
|
||||
rsx->rs_buf, sizeof(rsx->rs_buf));
|
||||
/* mix in optional user provided data */
|
||||
if (dat) {
|
||||
size_t i, m;
|
||||
|
||||
m = arc4_min(datlen, KEYSZ + IVSZ);
|
||||
for (i = 0; i < m; i++)
|
||||
rsx->rs_buf[i] ^= dat[i];
|
||||
}
|
||||
/* immediately reinit for backtracking resistance */
|
||||
_rs_init(rsx->rs_buf, KEYSZ + IVSZ);
|
||||
memset(rsx->rs_buf, 0, KEYSZ + IVSZ);
|
||||
rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ;
|
||||
}
|
||||
|
||||
static inline void
|
||||
_rs_random_buf(void *_buf, size_t n)
|
||||
{
|
||||
u_char *buf = (u_char *)_buf;
|
||||
u_char *keystream;
|
||||
size_t m;
|
||||
|
||||
_rs_stir_if_needed(n);
|
||||
while (n > 0) {
|
||||
if (rs->rs_have > 0) {
|
||||
m = arc4_min(n, rs->rs_have);
|
||||
keystream = rsx->rs_buf + sizeof(rsx->rs_buf)
|
||||
- rs->rs_have;
|
||||
memcpy(buf, keystream, m);
|
||||
memset(keystream, 0, m);
|
||||
buf += m;
|
||||
n -= m;
|
||||
rs->rs_have -= m;
|
||||
}
|
||||
if (rs->rs_have == 0)
|
||||
_rs_rekey(NULL, 0);
|
||||
}
|
||||
}
|
||||
|
||||
static inline void
|
||||
_rs_random_u32(uint32_t *val)
|
||||
{
|
||||
u_char *keystream;
|
||||
_rs_stir_if_needed(sizeof(*val));
|
||||
if (rs->rs_have < sizeof(*val))
|
||||
_rs_rekey(NULL, 0);
|
||||
keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - rs->rs_have;
|
||||
memcpy(val, keystream, sizeof(*val));
|
||||
memset(keystream, 0, sizeof(*val));
|
||||
rs->rs_have -= sizeof(*val);
|
||||
}
|
||||
|
||||
uint32_t
|
||||
arc4random(void)
|
||||
{
|
||||
uint32_t val;
|
||||
|
||||
_ARC4_LOCK();
|
||||
_rs_random_u32(&val);
|
||||
_ARC4_UNLOCK();
|
||||
return val;
|
||||
}
|
||||
|
||||
void
|
||||
arc4random_buf(void *buf, size_t n)
|
||||
{
|
||||
_ARC4_LOCK();
|
||||
_rs_random_buf(buf, n);
|
||||
_ARC4_UNLOCK();
|
||||
}
|
57
contrib/unbound/compat/arc4random_uniform.c
Normal file
57
contrib/unbound/compat/arc4random_uniform.c
Normal file
@ -0,0 +1,57 @@
|
||||
/* $OpenBSD: arc4random_uniform.c,v 1.1 2014/07/12 13:24:54 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2008, Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
#include <sys/types.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
/*
|
||||
* Calculate a uniformly distributed random number less than upper_bound
|
||||
* avoiding "modulo bias".
|
||||
*
|
||||
* Uniformity is achieved by generating new random numbers until the one
|
||||
* returned is outside the range [0, 2**32 % upper_bound). This
|
||||
* guarantees the selected random number will be inside
|
||||
* [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
|
||||
* after reduction modulo upper_bound.
|
||||
*/
|
||||
uint32_t
|
||||
arc4random_uniform(uint32_t upper_bound)
|
||||
{
|
||||
uint32_t r, min;
|
||||
|
||||
if (upper_bound < 2)
|
||||
return 0;
|
||||
|
||||
/* 2**32 % x == (2**32 - x) % x */
|
||||
min = -upper_bound % upper_bound;
|
||||
|
||||
/*
|
||||
* This could theoretically loop forever but each retry has
|
||||
* p > 0.5 (worst case, usually far better) of selecting a
|
||||
* number inside the range we need, so it should rarely need
|
||||
* to re-roll.
|
||||
*/
|
||||
for (;;) {
|
||||
r = arc4random();
|
||||
if (r >= min)
|
||||
break;
|
||||
}
|
||||
|
||||
return r % upper_bound;
|
||||
}
|
222
contrib/unbound/compat/chacha_private.h
Normal file
222
contrib/unbound/compat/chacha_private.h
Normal file
@ -0,0 +1,222 @@
|
||||
/*
|
||||
chacha-merged.c version 20080118
|
||||
D. J. Bernstein
|
||||
Public domain.
|
||||
*/
|
||||
|
||||
/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */
|
||||
|
||||
typedef unsigned char u8;
|
||||
typedef unsigned int u32;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
u32 input[16]; /* could be compressed */
|
||||
} chacha_ctx;
|
||||
|
||||
#define U8C(v) (v##U)
|
||||
#define U32C(v) (v##U)
|
||||
|
||||
#define U8V(v) ((u8)(v) & U8C(0xFF))
|
||||
#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
|
||||
|
||||
#define ROTL32(v, n) \
|
||||
(U32V((v) << (n)) | ((v) >> (32 - (n))))
|
||||
|
||||
#define U8TO32_LITTLE(p) \
|
||||
(((u32)((p)[0]) ) | \
|
||||
((u32)((p)[1]) << 8) | \
|
||||
((u32)((p)[2]) << 16) | \
|
||||
((u32)((p)[3]) << 24))
|
||||
|
||||
#define U32TO8_LITTLE(p, v) \
|
||||
do { \
|
||||
(p)[0] = U8V((v) ); \
|
||||
(p)[1] = U8V((v) >> 8); \
|
||||
(p)[2] = U8V((v) >> 16); \
|
||||
(p)[3] = U8V((v) >> 24); \
|
||||
} while (0)
|
||||
|
||||
#define ROTATE(v,c) (ROTL32(v,c))
|
||||
#define XOR(v,w) ((v) ^ (w))
|
||||
#define PLUS(v,w) (U32V((v) + (w)))
|
||||
#define PLUSONE(v) (PLUS((v),1))
|
||||
|
||||
#define QUARTERROUND(a,b,c,d) \
|
||||
a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
|
||||
c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
|
||||
a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
|
||||
c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
|
||||
|
||||
static const char sigma[16] = "expand 32-byte k";
|
||||
static const char tau[16] = "expand 16-byte k";
|
||||
|
||||
static void
|
||||
chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ATTR_UNUSED(ivbits))
|
||||
{
|
||||
const char *constants;
|
||||
|
||||
x->input[4] = U8TO32_LITTLE(k + 0);
|
||||
x->input[5] = U8TO32_LITTLE(k + 4);
|
||||
x->input[6] = U8TO32_LITTLE(k + 8);
|
||||
x->input[7] = U8TO32_LITTLE(k + 12);
|
||||
if (kbits == 256) { /* recommended */
|
||||
k += 16;
|
||||
constants = sigma;
|
||||
} else { /* kbits == 128 */
|
||||
constants = tau;
|
||||
}
|
||||
x->input[8] = U8TO32_LITTLE(k + 0);
|
||||
x->input[9] = U8TO32_LITTLE(k + 4);
|
||||
x->input[10] = U8TO32_LITTLE(k + 8);
|
||||
x->input[11] = U8TO32_LITTLE(k + 12);
|
||||
x->input[0] = U8TO32_LITTLE(constants + 0);
|
||||
x->input[1] = U8TO32_LITTLE(constants + 4);
|
||||
x->input[2] = U8TO32_LITTLE(constants + 8);
|
||||
x->input[3] = U8TO32_LITTLE(constants + 12);
|
||||
}
|
||||
|
||||
static void
|
||||
chacha_ivsetup(chacha_ctx *x,const u8 *iv)
|
||||
{
|
||||
x->input[12] = 0;
|
||||
x->input[13] = 0;
|
||||
x->input[14] = U8TO32_LITTLE(iv + 0);
|
||||
x->input[15] = U8TO32_LITTLE(iv + 4);
|
||||
}
|
||||
|
||||
static void
|
||||
chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
|
||||
{
|
||||
u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
|
||||
u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
|
||||
u8 *ctarget = NULL;
|
||||
u8 tmp[64];
|
||||
u_int i;
|
||||
|
||||
if (!bytes) return;
|
||||
|
||||
j0 = x->input[0];
|
||||
j1 = x->input[1];
|
||||
j2 = x->input[2];
|
||||
j3 = x->input[3];
|
||||
j4 = x->input[4];
|
||||
j5 = x->input[5];
|
||||
j6 = x->input[6];
|
||||
j7 = x->input[7];
|
||||
j8 = x->input[8];
|
||||
j9 = x->input[9];
|
||||
j10 = x->input[10];
|
||||
j11 = x->input[11];
|
||||
j12 = x->input[12];
|
||||
j13 = x->input[13];
|
||||
j14 = x->input[14];
|
||||
j15 = x->input[15];
|
||||
|
||||
for (;;) {
|
||||
if (bytes < 64) {
|
||||
for (i = 0;i < bytes;++i) tmp[i] = m[i];
|
||||
m = tmp;
|
||||
ctarget = c;
|
||||
c = tmp;
|
||||
}
|
||||
x0 = j0;
|
||||
x1 = j1;
|
||||
x2 = j2;
|
||||
x3 = j3;
|
||||
x4 = j4;
|
||||
x5 = j5;
|
||||
x6 = j6;
|
||||
x7 = j7;
|
||||
x8 = j8;
|
||||
x9 = j9;
|
||||
x10 = j10;
|
||||
x11 = j11;
|
||||
x12 = j12;
|
||||
x13 = j13;
|
||||
x14 = j14;
|
||||
x15 = j15;
|
||||
for (i = 20;i > 0;i -= 2) {
|
||||
QUARTERROUND( x0, x4, x8,x12)
|
||||
QUARTERROUND( x1, x5, x9,x13)
|
||||
QUARTERROUND( x2, x6,x10,x14)
|
||||
QUARTERROUND( x3, x7,x11,x15)
|
||||
QUARTERROUND( x0, x5,x10,x15)
|
||||
QUARTERROUND( x1, x6,x11,x12)
|
||||
QUARTERROUND( x2, x7, x8,x13)
|
||||
QUARTERROUND( x3, x4, x9,x14)
|
||||
}
|
||||
x0 = PLUS(x0,j0);
|
||||
x1 = PLUS(x1,j1);
|
||||
x2 = PLUS(x2,j2);
|
||||
x3 = PLUS(x3,j3);
|
||||
x4 = PLUS(x4,j4);
|
||||
x5 = PLUS(x5,j5);
|
||||
x6 = PLUS(x6,j6);
|
||||
x7 = PLUS(x7,j7);
|
||||
x8 = PLUS(x8,j8);
|
||||
x9 = PLUS(x9,j9);
|
||||
x10 = PLUS(x10,j10);
|
||||
x11 = PLUS(x11,j11);
|
||||
x12 = PLUS(x12,j12);
|
||||
x13 = PLUS(x13,j13);
|
||||
x14 = PLUS(x14,j14);
|
||||
x15 = PLUS(x15,j15);
|
||||
|
||||
#ifndef KEYSTREAM_ONLY
|
||||
x0 = XOR(x0,U8TO32_LITTLE(m + 0));
|
||||
x1 = XOR(x1,U8TO32_LITTLE(m + 4));
|
||||
x2 = XOR(x2,U8TO32_LITTLE(m + 8));
|
||||
x3 = XOR(x3,U8TO32_LITTLE(m + 12));
|
||||
x4 = XOR(x4,U8TO32_LITTLE(m + 16));
|
||||
x5 = XOR(x5,U8TO32_LITTLE(m + 20));
|
||||
x6 = XOR(x6,U8TO32_LITTLE(m + 24));
|
||||
x7 = XOR(x7,U8TO32_LITTLE(m + 28));
|
||||
x8 = XOR(x8,U8TO32_LITTLE(m + 32));
|
||||
x9 = XOR(x9,U8TO32_LITTLE(m + 36));
|
||||
x10 = XOR(x10,U8TO32_LITTLE(m + 40));
|
||||
x11 = XOR(x11,U8TO32_LITTLE(m + 44));
|
||||
x12 = XOR(x12,U8TO32_LITTLE(m + 48));
|
||||
x13 = XOR(x13,U8TO32_LITTLE(m + 52));
|
||||
x14 = XOR(x14,U8TO32_LITTLE(m + 56));
|
||||
x15 = XOR(x15,U8TO32_LITTLE(m + 60));
|
||||
#endif
|
||||
|
||||
j12 = PLUSONE(j12);
|
||||
if (!j12) {
|
||||
j13 = PLUSONE(j13);
|
||||
/* stopping at 2^70 bytes per nonce is user's responsibility */
|
||||
}
|
||||
|
||||
U32TO8_LITTLE(c + 0,x0);
|
||||
U32TO8_LITTLE(c + 4,x1);
|
||||
U32TO8_LITTLE(c + 8,x2);
|
||||
U32TO8_LITTLE(c + 12,x3);
|
||||
U32TO8_LITTLE(c + 16,x4);
|
||||
U32TO8_LITTLE(c + 20,x5);
|
||||
U32TO8_LITTLE(c + 24,x6);
|
||||
U32TO8_LITTLE(c + 28,x7);
|
||||
U32TO8_LITTLE(c + 32,x8);
|
||||
U32TO8_LITTLE(c + 36,x9);
|
||||
U32TO8_LITTLE(c + 40,x10);
|
||||
U32TO8_LITTLE(c + 44,x11);
|
||||
U32TO8_LITTLE(c + 48,x12);
|
||||
U32TO8_LITTLE(c + 52,x13);
|
||||
U32TO8_LITTLE(c + 56,x14);
|
||||
U32TO8_LITTLE(c + 60,x15);
|
||||
|
||||
if (bytes <= 64) {
|
||||
if (bytes < 64) {
|
||||
for (i = 0;i < bytes;++i) ctarget[i] = c[i];
|
||||
}
|
||||
x->input[12] = j12;
|
||||
x->input[13] = j13;
|
||||
return;
|
||||
}
|
||||
bytes -= 64;
|
||||
c += 64;
|
||||
#ifndef KEYSTREAM_ONLY
|
||||
m += 64;
|
||||
#endif
|
||||
}
|
||||
}
|
22
contrib/unbound/compat/explicit_bzero.c
Normal file
22
contrib/unbound/compat/explicit_bzero.c
Normal file
@ -0,0 +1,22 @@
|
||||
/* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
|
||||
/*
|
||||
* Public domain.
|
||||
* Written by Matthew Dempsky.
|
||||
*/
|
||||
#include "config.h"
|
||||
#include <string.h>
|
||||
|
||||
__attribute__((weak)) void
|
||||
__explicit_bzero_hook(void *ATTR_UNUSED(buf), size_t ATTR_UNUSED(len))
|
||||
{
|
||||
}
|
||||
|
||||
void
|
||||
explicit_bzero(void *buf, size_t len)
|
||||
{
|
||||
#ifdef UB_ON_WINDOWS
|
||||
SecureZeroMemory(buf, len);
|
||||
#endif
|
||||
memset(buf, 0, len);
|
||||
__explicit_bzero_hook(buf, len);
|
||||
}
|
@ -120,12 +120,10 @@ addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints)
|
||||
{
|
||||
struct addrinfo *ai;
|
||||
|
||||
ai = malloc(sizeof(*ai) + sizeof(struct sockaddr_in));
|
||||
ai = calloc(1, sizeof(*ai) + sizeof(struct sockaddr_in));
|
||||
if (ai == NULL)
|
||||
return (NULL);
|
||||
|
||||
memset(ai, '\0', sizeof(*ai) + sizeof(struct sockaddr_in));
|
||||
|
||||
ai->ai_addr = (struct sockaddr *)(ai + 1);
|
||||
/* XXX -- ssh doesn't use sa_len */
|
||||
ai->ai_addrlen = sizeof(struct sockaddr_in);
|
||||
|
505
contrib/unbound/compat/getentropy_linux.c
Normal file
505
contrib/unbound/compat/getentropy_linux.c
Normal file
@ -0,0 +1,505 @@
|
||||
/* $OpenBSD: getentropy_linux.c,v 1.20 2014/07/12 15:43:49 beck Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
|
||||
* Copyright (c) 2014 Bob Beck <beck@obtuse.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "config.h"
|
||||
|
||||
/*
|
||||
#define _POSIX_C_SOURCE 199309L
|
||||
#define _GNU_SOURCE 1
|
||||
*/
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/resource.h>
|
||||
#include <sys/syscall.h>
|
||||
#ifdef HAVE_SYS_SYSCTL_H
|
||||
#include <sys/sysctl.h>
|
||||
#endif
|
||||
#include <sys/statvfs.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/mman.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/time.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <termios.h>
|
||||
#include <fcntl.h>
|
||||
#include <signal.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#include <time.h>
|
||||
#include <openssl/sha.h>
|
||||
|
||||
#include <linux/types.h>
|
||||
#include <linux/random.h>
|
||||
#include <linux/sysctl.h>
|
||||
#ifdef HAVE_GETAUXVAL
|
||||
#include <sys/auxv.h>
|
||||
#endif
|
||||
#include <sys/vfs.h>
|
||||
|
||||
#define REPEAT 5
|
||||
#define min(a, b) (((a) < (b)) ? (a) : (b))
|
||||
|
||||
#define HX(a, b) \
|
||||
do { \
|
||||
if ((a)) \
|
||||
HD(errno); \
|
||||
else \
|
||||
HD(b); \
|
||||
} while (0)
|
||||
|
||||
#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
|
||||
#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
|
||||
#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
|
||||
|
||||
int getentropy(void *buf, size_t len);
|
||||
|
||||
#ifdef CAN_REFERENCE_MAIN
|
||||
extern int main(int, char *argv[]);
|
||||
#endif
|
||||
static int gotdata(char *buf, size_t len);
|
||||
static int getentropy_urandom(void *buf, size_t len);
|
||||
#ifdef SYS__sysctl
|
||||
static int getentropy_sysctl(void *buf, size_t len);
|
||||
#endif
|
||||
static int getentropy_fallback(void *buf, size_t len);
|
||||
|
||||
int
|
||||
getentropy(void *buf, size_t len)
|
||||
{
|
||||
int ret = -1;
|
||||
|
||||
if (len > 256) {
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Try to get entropy with /dev/urandom
|
||||
*
|
||||
* This can fail if the process is inside a chroot or if file
|
||||
* descriptors are exhausted.
|
||||
*/
|
||||
ret = getentropy_urandom(buf, len);
|
||||
if (ret != -1)
|
||||
return (ret);
|
||||
|
||||
#ifdef SYS__sysctl
|
||||
/*
|
||||
* Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
|
||||
* sysctl is a failsafe API, so it guarantees a result. This
|
||||
* should work inside a chroot, or when file descriptors are
|
||||
* exhuasted.
|
||||
*
|
||||
* However this can fail if the Linux kernel removes support
|
||||
* for sysctl. Starting in 2007, there have been efforts to
|
||||
* deprecate the sysctl API/ABI, and push callers towards use
|
||||
* of the chroot-unavailable fd-using /proc mechanism --
|
||||
* essentially the same problems as /dev/urandom.
|
||||
*
|
||||
* Numerous setbacks have been encountered in their deprecation
|
||||
* schedule, so as of June 2014 the kernel ABI still exists on
|
||||
* most Linux architectures. The sysctl() stub in libc is missing
|
||||
* on some systems. There are also reports that some kernels
|
||||
* spew messages to the console.
|
||||
*/
|
||||
ret = getentropy_sysctl(buf, len);
|
||||
if (ret != -1)
|
||||
return (ret);
|
||||
#endif /* SYS__sysctl */
|
||||
|
||||
/*
|
||||
* Entropy collection via /dev/urandom and sysctl have failed.
|
||||
*
|
||||
* No other API exists for collecting entropy. See the large
|
||||
* comment block above.
|
||||
*
|
||||
* We have very few options:
|
||||
* - Even syslog_r is unsafe to call at this low level, so
|
||||
* there is no way to alert the user or program.
|
||||
* - Cannot call abort() because some systems have unsafe
|
||||
* corefiles.
|
||||
* - Could raise(SIGKILL) resulting in silent program termination.
|
||||
* - Return EIO, to hint that arc4random's stir function
|
||||
* should raise(SIGKILL)
|
||||
* - Do the best under the circumstances....
|
||||
*
|
||||
* This code path exists to bring light to the issue that Linux
|
||||
* does not provide a failsafe API for entropy collection.
|
||||
*
|
||||
* We hope this demonstrates that Linux should either retain their
|
||||
* sysctl ABI, or consider providing a new failsafe API which
|
||||
* works in a chroot or when file descriptors are exhausted.
|
||||
*/
|
||||
#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
|
||||
#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
|
||||
raise(SIGKILL);
|
||||
#endif
|
||||
ret = getentropy_fallback(buf, len);
|
||||
if (ret != -1)
|
||||
return (ret);
|
||||
|
||||
errno = EIO;
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*
|
||||
* Basic sanity checking; wish we could do better.
|
||||
*/
|
||||
static int
|
||||
gotdata(char *buf, size_t len)
|
||||
{
|
||||
char any_set = 0;
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < len; ++i)
|
||||
any_set |= buf[i];
|
||||
if (any_set == 0)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
getentropy_urandom(void *buf, size_t len)
|
||||
{
|
||||
struct stat st;
|
||||
size_t i;
|
||||
int fd, cnt, flags;
|
||||
int save_errno = errno;
|
||||
|
||||
start:
|
||||
|
||||
flags = O_RDONLY;
|
||||
#ifdef O_NOFOLLOW
|
||||
flags |= O_NOFOLLOW;
|
||||
#endif
|
||||
#ifdef O_CLOEXEC
|
||||
flags |= O_CLOEXEC;
|
||||
#endif
|
||||
fd = open("/dev/urandom", flags, 0);
|
||||
if (fd == -1) {
|
||||
if (errno == EINTR)
|
||||
goto start;
|
||||
goto nodevrandom;
|
||||
}
|
||||
#ifndef O_CLOEXEC
|
||||
fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
|
||||
#endif
|
||||
|
||||
/* Lightly verify that the device node looks sane */
|
||||
if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
|
||||
close(fd);
|
||||
goto nodevrandom;
|
||||
}
|
||||
if (ioctl(fd, RNDGETENTCNT, &cnt) == -1) {
|
||||
close(fd);
|
||||
goto nodevrandom;
|
||||
}
|
||||
for (i = 0; i < len; ) {
|
||||
size_t wanted = len - i;
|
||||
ssize_t ret = read(fd, (char*)buf + i, wanted);
|
||||
|
||||
if (ret == -1) {
|
||||
if (errno == EAGAIN || errno == EINTR)
|
||||
continue;
|
||||
close(fd);
|
||||
goto nodevrandom;
|
||||
}
|
||||
i += ret;
|
||||
}
|
||||
close(fd);
|
||||
if (gotdata(buf, len) == 0) {
|
||||
errno = save_errno;
|
||||
return 0; /* satisfied */
|
||||
}
|
||||
nodevrandom:
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef SYS__sysctl
|
||||
static int
|
||||
getentropy_sysctl(void *buf, size_t len)
|
||||
{
|
||||
static int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
|
||||
size_t i;
|
||||
int save_errno = errno;
|
||||
|
||||
for (i = 0; i < len; ) {
|
||||
size_t chunk = min(len - i, 16);
|
||||
|
||||
/* SYS__sysctl because some systems already removed sysctl() */
|
||||
struct __sysctl_args args = {
|
||||
.name = mib,
|
||||
.nlen = 3,
|
||||
.oldval = buf + i,
|
||||
.oldlenp = &chunk,
|
||||
};
|
||||
if (syscall(SYS__sysctl, &args) != 0)
|
||||
goto sysctlfailed;
|
||||
i += chunk;
|
||||
}
|
||||
if (gotdata(buf, len) == 0) {
|
||||
errno = save_errno;
|
||||
return (0); /* satisfied */
|
||||
}
|
||||
sysctlfailed:
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
||||
#endif /* SYS__sysctl */
|
||||
|
||||
static int cl[] = {
|
||||
CLOCK_REALTIME,
|
||||
#ifdef CLOCK_MONOTONIC
|
||||
CLOCK_MONOTONIC,
|
||||
#endif
|
||||
#ifdef CLOCK_MONOTONIC_RAW
|
||||
CLOCK_MONOTONIC_RAW,
|
||||
#endif
|
||||
#ifdef CLOCK_TAI
|
||||
CLOCK_TAI,
|
||||
#endif
|
||||
#ifdef CLOCK_VIRTUAL
|
||||
CLOCK_VIRTUAL,
|
||||
#endif
|
||||
#ifdef CLOCK_UPTIME
|
||||
CLOCK_UPTIME,
|
||||
#endif
|
||||
#ifdef CLOCK_PROCESS_CPUTIME_ID
|
||||
CLOCK_PROCESS_CPUTIME_ID,
|
||||
#endif
|
||||
#ifdef CLOCK_THREAD_CPUTIME_ID
|
||||
CLOCK_THREAD_CPUTIME_ID,
|
||||
#endif
|
||||
};
|
||||
|
||||
static int
|
||||
getentropy_fallback(void *buf, size_t len)
|
||||
{
|
||||
uint8_t results[SHA512_DIGEST_LENGTH];
|
||||
int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
|
||||
static int cnt;
|
||||
struct timespec ts;
|
||||
struct timeval tv;
|
||||
struct rusage ru;
|
||||
sigset_t sigset;
|
||||
struct stat st;
|
||||
SHA512_CTX ctx;
|
||||
static pid_t lastpid;
|
||||
pid_t pid;
|
||||
size_t i, ii, m;
|
||||
char *p;
|
||||
|
||||
pid = getpid();
|
||||
if (lastpid == pid) {
|
||||
faster = 1;
|
||||
repeat = 2;
|
||||
} else {
|
||||
faster = 0;
|
||||
lastpid = pid;
|
||||
repeat = REPEAT;
|
||||
}
|
||||
for (i = 0; i < len; ) {
|
||||
int j;
|
||||
SHA512_Init(&ctx);
|
||||
for (j = 0; j < repeat; j++) {
|
||||
HX((e = gettimeofday(&tv, NULL)) == -1, tv);
|
||||
if (e != -1) {
|
||||
cnt += (int)tv.tv_sec;
|
||||
cnt += (int)tv.tv_usec;
|
||||
}
|
||||
|
||||
for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
|
||||
HX(clock_gettime(cl[ii], &ts) == -1, ts);
|
||||
|
||||
HX((pid = getpid()) == -1, pid);
|
||||
HX((pid = getsid(pid)) == -1, pid);
|
||||
HX((pid = getppid()) == -1, pid);
|
||||
HX((pid = getpgid(0)) == -1, pid);
|
||||
HX((e = getpriority(0, 0)) == -1, e);
|
||||
|
||||
if (!faster) {
|
||||
ts.tv_sec = 0;
|
||||
ts.tv_nsec = 1;
|
||||
(void) nanosleep(&ts, NULL);
|
||||
}
|
||||
|
||||
HX(sigpending(&sigset) == -1, sigset);
|
||||
HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
|
||||
sigset);
|
||||
|
||||
#ifdef CAN_REFERENCE_MAIN
|
||||
HF(main); /* an addr in program */
|
||||
#endif
|
||||
HF(getentropy); /* an addr in this library */
|
||||
HF(printf); /* an addr in libc */
|
||||
p = (char *)&p;
|
||||
HD(p); /* an addr on stack */
|
||||
p = (char *)&errno;
|
||||
HD(p); /* the addr of errno */
|
||||
|
||||
if (i == 0) {
|
||||
struct sockaddr_storage ss;
|
||||
struct statvfs stvfs;
|
||||
struct termios tios;
|
||||
struct statfs stfs;
|
||||
socklen_t ssl;
|
||||
off_t off;
|
||||
|
||||
/*
|
||||
* Prime-sized mappings encourage fragmentation;
|
||||
* thus exposing some address entropy.
|
||||
*/
|
||||
struct mm {
|
||||
size_t npg;
|
||||
void *p;
|
||||
} mm[] = {
|
||||
{ 17, MAP_FAILED }, { 3, MAP_FAILED },
|
||||
{ 11, MAP_FAILED }, { 2, MAP_FAILED },
|
||||
{ 5, MAP_FAILED }, { 3, MAP_FAILED },
|
||||
{ 7, MAP_FAILED }, { 1, MAP_FAILED },
|
||||
{ 57, MAP_FAILED }, { 3, MAP_FAILED },
|
||||
{ 131, MAP_FAILED }, { 1, MAP_FAILED },
|
||||
};
|
||||
|
||||
for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
|
||||
HX(mm[m].p = mmap(NULL,
|
||||
mm[m].npg * pgs,
|
||||
PROT_READ|PROT_WRITE,
|
||||
MAP_PRIVATE|MAP_ANON, -1,
|
||||
(off_t)0), mm[m].p);
|
||||
if (mm[m].p != MAP_FAILED) {
|
||||
size_t mo;
|
||||
|
||||
/* Touch some memory... */
|
||||
p = mm[m].p;
|
||||
mo = cnt %
|
||||
(mm[m].npg * pgs - 1);
|
||||
p[mo] = 1;
|
||||
cnt += (int)((long)(mm[m].p)
|
||||
/ pgs);
|
||||
}
|
||||
|
||||
/* Check cnts and times... */
|
||||
for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
|
||||
ii++) {
|
||||
HX((e = clock_gettime(cl[ii],
|
||||
&ts)) == -1, ts);
|
||||
if (e != -1)
|
||||
cnt += (int)ts.tv_nsec;
|
||||
}
|
||||
|
||||
HX((e = getrusage(RUSAGE_SELF,
|
||||
&ru)) == -1, ru);
|
||||
if (e != -1) {
|
||||
cnt += (int)ru.ru_utime.tv_sec;
|
||||
cnt += (int)ru.ru_utime.tv_usec;
|
||||
}
|
||||
}
|
||||
|
||||
for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
|
||||
if (mm[m].p != MAP_FAILED)
|
||||
munmap(mm[m].p, mm[m].npg * pgs);
|
||||
mm[m].p = MAP_FAILED;
|
||||
}
|
||||
|
||||
HX(stat(".", &st) == -1, st);
|
||||
HX(statvfs(".", &stvfs) == -1, stvfs);
|
||||
HX(statfs(".", &stfs) == -1, stfs);
|
||||
|
||||
HX(stat("/", &st) == -1, st);
|
||||
HX(statvfs("/", &stvfs) == -1, stvfs);
|
||||
HX(statfs("/", &stfs) == -1, stfs);
|
||||
|
||||
HX((e = fstat(0, &st)) == -1, st);
|
||||
if (e == -1) {
|
||||
if (S_ISREG(st.st_mode) ||
|
||||
S_ISFIFO(st.st_mode) ||
|
||||
S_ISSOCK(st.st_mode)) {
|
||||
HX(fstatvfs(0, &stvfs) == -1,
|
||||
stvfs);
|
||||
HX(fstatfs(0, &stfs) == -1,
|
||||
stfs);
|
||||
HX((off = lseek(0, (off_t)0,
|
||||
SEEK_CUR)) < 0, off);
|
||||
}
|
||||
if (S_ISCHR(st.st_mode)) {
|
||||
HX(tcgetattr(0, &tios) == -1,
|
||||
tios);
|
||||
} else if (S_ISSOCK(st.st_mode)) {
|
||||
memset(&ss, 0, sizeof ss);
|
||||
ssl = sizeof(ss);
|
||||
HX(getpeername(0,
|
||||
(void *)&ss, &ssl) == -1,
|
||||
ss);
|
||||
}
|
||||
}
|
||||
|
||||
HX((e = getrusage(RUSAGE_CHILDREN,
|
||||
&ru)) == -1, ru);
|
||||
if (e != -1) {
|
||||
cnt += (int)ru.ru_utime.tv_sec;
|
||||
cnt += (int)ru.ru_utime.tv_usec;
|
||||
}
|
||||
} else {
|
||||
/* Subsequent hashes absorb previous result */
|
||||
HD(results);
|
||||
}
|
||||
|
||||
HX((e = gettimeofday(&tv, NULL)) == -1, tv);
|
||||
if (e != -1) {
|
||||
cnt += (int)tv.tv_sec;
|
||||
cnt += (int)tv.tv_usec;
|
||||
}
|
||||
|
||||
HD(cnt);
|
||||
}
|
||||
#ifdef AT_RANDOM
|
||||
/* Not as random as you think but we take what we are given */
|
||||
p = (char *) getauxval(AT_RANDOM);
|
||||
if (p)
|
||||
HR(p, 16);
|
||||
#endif
|
||||
#ifdef AT_SYSINFO_EHDR
|
||||
p = (char *) getauxval(AT_SYSINFO_EHDR);
|
||||
if (p)
|
||||
HR(p, pgs);
|
||||
#endif
|
||||
#ifdef AT_BASE
|
||||
p = (char *) getauxval(AT_BASE);
|
||||
if (p)
|
||||
HD(p);
|
||||
#endif
|
||||
|
||||
SHA512_Final(results, &ctx);
|
||||
memcpy((char*)buf + i, results, min(sizeof(results), len - i));
|
||||
i += min(sizeof(results), len - i);
|
||||
}
|
||||
memset(results, 0, sizeof results);
|
||||
if (gotdata(buf, len) == 0) {
|
||||
errno = save_errno;
|
||||
return 0; /* satisfied */
|
||||
}
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
432
contrib/unbound/compat/getentropy_osx.c
Normal file
432
contrib/unbound/compat/getentropy_osx.c
Normal file
@ -0,0 +1,432 @@
|
||||
/* $OpenBSD: getentropy_osx.c,v 1.3 2014/07/12 14:48:00 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
|
||||
* Copyright (c) 2014 Bob Beck <beck@obtuse.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "config.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/resource.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/statvfs.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/mman.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/time.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <termios.h>
|
||||
#include <fcntl.h>
|
||||
#include <signal.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#include <time.h>
|
||||
#include <mach/mach_time.h>
|
||||
#include <mach/mach_host.h>
|
||||
#include <mach/host_info.h>
|
||||
#include <sys/socketvar.h>
|
||||
#include <sys/vmmeter.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <netinet/udp.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/tcp_var.h>
|
||||
#include <netinet/udp_var.h>
|
||||
#include <CommonCrypto/CommonDigest.h>
|
||||
#define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c)))
|
||||
#define SHA512_Init(xxx) (CC_SHA512_Init((xxx)))
|
||||
#define SHA512_Final(xxx, yyy) (CC_SHA512_Final((xxx), (yyy)))
|
||||
#define SHA512_CTX CC_SHA512_CTX
|
||||
#define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH
|
||||
|
||||
#define REPEAT 5
|
||||
#define min(a, b) (((a) < (b)) ? (a) : (b))
|
||||
|
||||
#define HX(a, b) \
|
||||
do { \
|
||||
if ((a)) \
|
||||
HD(errno); \
|
||||
else \
|
||||
HD(b); \
|
||||
} while (0)
|
||||
|
||||
#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
|
||||
#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
|
||||
#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
|
||||
|
||||
int getentropy(void *buf, size_t len);
|
||||
|
||||
#ifdef CAN_REFERENCE_MAIN
|
||||
extern int main(int, char *argv[]);
|
||||
#endif
|
||||
static int gotdata(char *buf, size_t len);
|
||||
static int getentropy_urandom(void *buf, size_t len);
|
||||
static int getentropy_fallback(void *buf, size_t len);
|
||||
|
||||
int
|
||||
getentropy(void *buf, size_t len)
|
||||
{
|
||||
int ret = -1;
|
||||
|
||||
if (len > 256) {
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Try to get entropy with /dev/urandom
|
||||
*
|
||||
* This can fail if the process is inside a chroot or if file
|
||||
* descriptors are exhausted.
|
||||
*/
|
||||
ret = getentropy_urandom(buf, len);
|
||||
if (ret != -1)
|
||||
return (ret);
|
||||
|
||||
/*
|
||||
* Entropy collection via /dev/urandom and sysctl have failed.
|
||||
*
|
||||
* No other API exists for collecting entropy, and we have
|
||||
* no failsafe way to get it on OSX that is not sensitive
|
||||
* to resource exhaustion.
|
||||
*
|
||||
* We have very few options:
|
||||
* - Even syslog_r is unsafe to call at this low level, so
|
||||
* there is no way to alert the user or program.
|
||||
* - Cannot call abort() because some systems have unsafe
|
||||
* corefiles.
|
||||
* - Could raise(SIGKILL) resulting in silent program termination.
|
||||
* - Return EIO, to hint that arc4random's stir function
|
||||
* should raise(SIGKILL)
|
||||
* - Do the best under the circumstances....
|
||||
*
|
||||
* This code path exists to bring light to the issue that OSX
|
||||
* does not provide a failsafe API for entropy collection.
|
||||
*
|
||||
* We hope this demonstrates that OSX should consider
|
||||
* providing a new failsafe API which works in a chroot or
|
||||
* when file descriptors are exhausted.
|
||||
*/
|
||||
#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
|
||||
#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
|
||||
raise(SIGKILL);
|
||||
#endif
|
||||
ret = getentropy_fallback(buf, len);
|
||||
if (ret != -1)
|
||||
return (ret);
|
||||
|
||||
errno = EIO;
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*
|
||||
* Basic sanity checking; wish we could do better.
|
||||
*/
|
||||
static int
|
||||
gotdata(char *buf, size_t len)
|
||||
{
|
||||
char any_set = 0;
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < len; ++i)
|
||||
any_set |= buf[i];
|
||||
if (any_set == 0)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
getentropy_urandom(void *buf, size_t len)
|
||||
{
|
||||
struct stat st;
|
||||
size_t i;
|
||||
int fd, flags;
|
||||
int save_errno = errno;
|
||||
|
||||
start:
|
||||
|
||||
flags = O_RDONLY;
|
||||
#ifdef O_NOFOLLOW
|
||||
flags |= O_NOFOLLOW;
|
||||
#endif
|
||||
#ifdef O_CLOEXEC
|
||||
flags |= O_CLOEXEC;
|
||||
#endif
|
||||
fd = open("/dev/urandom", flags, 0);
|
||||
if (fd == -1) {
|
||||
if (errno == EINTR)
|
||||
goto start;
|
||||
goto nodevrandom;
|
||||
}
|
||||
#ifndef O_CLOEXEC
|
||||
fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
|
||||
#endif
|
||||
|
||||
/* Lightly verify that the device node looks sane */
|
||||
if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
|
||||
close(fd);
|
||||
goto nodevrandom;
|
||||
}
|
||||
for (i = 0; i < len; ) {
|
||||
size_t wanted = len - i;
|
||||
ssize_t ret = read(fd, (char*)buf + i, wanted);
|
||||
|
||||
if (ret == -1) {
|
||||
if (errno == EAGAIN || errno == EINTR)
|
||||
continue;
|
||||
close(fd);
|
||||
goto nodevrandom;
|
||||
}
|
||||
i += ret;
|
||||
}
|
||||
close(fd);
|
||||
if (gotdata(buf, len) == 0) {
|
||||
errno = save_errno;
|
||||
return 0; /* satisfied */
|
||||
}
|
||||
nodevrandom:
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
||||
|
||||
static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS };
|
||||
static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS };
|
||||
static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS };
|
||||
static int kmib[] = { CTL_KERN, KERN_USRSTACK };
|
||||
static int hwmib[] = { CTL_HW, HW_USERMEM };
|
||||
|
||||
static int
|
||||
getentropy_fallback(void *buf, size_t len)
|
||||
{
|
||||
uint8_t results[SHA512_DIGEST_LENGTH];
|
||||
int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
|
||||
static int cnt;
|
||||
struct timespec ts;
|
||||
struct timeval tv;
|
||||
struct rusage ru;
|
||||
sigset_t sigset;
|
||||
struct stat st;
|
||||
SHA512_CTX ctx;
|
||||
static pid_t lastpid;
|
||||
pid_t pid;
|
||||
size_t i, ii, m;
|
||||
char *p;
|
||||
struct tcpstat tcpstat;
|
||||
struct udpstat udpstat;
|
||||
struct ipstat ipstat;
|
||||
u_int64_t mach_time;
|
||||
unsigned int idata;
|
||||
void *addr;
|
||||
|
||||
pid = getpid();
|
||||
if (lastpid == pid) {
|
||||
faster = 1;
|
||||
repeat = 2;
|
||||
} else {
|
||||
faster = 0;
|
||||
lastpid = pid;
|
||||
repeat = REPEAT;
|
||||
}
|
||||
for (i = 0; i < len; ) {
|
||||
int j;
|
||||
SHA512_Init(&ctx);
|
||||
for (j = 0; j < repeat; j++) {
|
||||
HX((e = gettimeofday(&tv, NULL)) == -1, tv);
|
||||
if (e != -1) {
|
||||
cnt += (int)tv.tv_sec;
|
||||
cnt += (int)tv.tv_usec;
|
||||
}
|
||||
|
||||
mach_time = mach_absolute_time();
|
||||
HD(mach_time);
|
||||
|
||||
ii = sizeof(addr);
|
||||
HX(sysctl(kmib, sizeof(kmib) / sizeof(kmib[0]),
|
||||
&addr, &ii, NULL, 0) == -1, addr);
|
||||
|
||||
ii = sizeof(idata);
|
||||
HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]),
|
||||
&idata, &ii, NULL, 0) == -1, idata);
|
||||
|
||||
ii = sizeof(tcpstat);
|
||||
HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]),
|
||||
&tcpstat, &ii, NULL, 0) == -1, tcpstat);
|
||||
|
||||
ii = sizeof(udpstat);
|
||||
HX(sysctl(udpmib, sizeof(udpmib) / sizeof(udpmib[0]),
|
||||
&udpstat, &ii, NULL, 0) == -1, udpstat);
|
||||
|
||||
ii = sizeof(ipstat);
|
||||
HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]),
|
||||
&ipstat, &ii, NULL, 0) == -1, ipstat);
|
||||
|
||||
HX((pid = getpid()) == -1, pid);
|
||||
HX((pid = getsid(pid)) == -1, pid);
|
||||
HX((pid = getppid()) == -1, pid);
|
||||
HX((pid = getpgid(0)) == -1, pid);
|
||||
HX((e = getpriority(0, 0)) == -1, e);
|
||||
|
||||
if (!faster) {
|
||||
ts.tv_sec = 0;
|
||||
ts.tv_nsec = 1;
|
||||
(void) nanosleep(&ts, NULL);
|
||||
}
|
||||
|
||||
HX(sigpending(&sigset) == -1, sigset);
|
||||
HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
|
||||
sigset);
|
||||
|
||||
#ifdef CAN_REFERENCE_MAIN
|
||||
HF(main); /* an addr in program */
|
||||
#endif
|
||||
HF(getentropy); /* an addr in this library */
|
||||
HF(printf); /* an addr in libc */
|
||||
p = (char *)&p;
|
||||
HD(p); /* an addr on stack */
|
||||
p = (char *)&errno;
|
||||
HD(p); /* the addr of errno */
|
||||
|
||||
if (i == 0) {
|
||||
struct sockaddr_storage ss;
|
||||
struct statvfs stvfs;
|
||||
struct termios tios;
|
||||
struct statfs stfs;
|
||||
socklen_t ssl;
|
||||
off_t off;
|
||||
|
||||
/*
|
||||
* Prime-sized mappings encourage fragmentation;
|
||||
* thus exposing some address entropy.
|
||||
*/
|
||||
struct mm {
|
||||
size_t npg;
|
||||
void *p;
|
||||
} mm[] = {
|
||||
{ 17, MAP_FAILED }, { 3, MAP_FAILED },
|
||||
{ 11, MAP_FAILED }, { 2, MAP_FAILED },
|
||||
{ 5, MAP_FAILED }, { 3, MAP_FAILED },
|
||||
{ 7, MAP_FAILED }, { 1, MAP_FAILED },
|
||||
{ 57, MAP_FAILED }, { 3, MAP_FAILED },
|
||||
{ 131, MAP_FAILED }, { 1, MAP_FAILED },
|
||||
};
|
||||
|
||||
for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
|
||||
HX(mm[m].p = mmap(NULL,
|
||||
mm[m].npg * pgs,
|
||||
PROT_READ|PROT_WRITE,
|
||||
MAP_PRIVATE|MAP_ANON, -1,
|
||||
(off_t)0), mm[m].p);
|
||||
if (mm[m].p != MAP_FAILED) {
|
||||
size_t mo;
|
||||
|
||||
/* Touch some memory... */
|
||||
p = mm[m].p;
|
||||
mo = cnt %
|
||||
(mm[m].npg * pgs - 1);
|
||||
p[mo] = 1;
|
||||
cnt += (int)((long)(mm[m].p)
|
||||
/ pgs);
|
||||
}
|
||||
|
||||
/* Check cnts and times... */
|
||||
mach_time = mach_absolute_time();
|
||||
HD(mach_time);
|
||||
cnt += (int)mach_time;
|
||||
|
||||
HX((e = getrusage(RUSAGE_SELF,
|
||||
&ru)) == -1, ru);
|
||||
if (e != -1) {
|
||||
cnt += (int)ru.ru_utime.tv_sec;
|
||||
cnt += (int)ru.ru_utime.tv_usec;
|
||||
}
|
||||
}
|
||||
|
||||
for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
|
||||
if (mm[m].p != MAP_FAILED)
|
||||
munmap(mm[m].p, mm[m].npg * pgs);
|
||||
mm[m].p = MAP_FAILED;
|
||||
}
|
||||
|
||||
HX(stat(".", &st) == -1, st);
|
||||
HX(statvfs(".", &stvfs) == -1, stvfs);
|
||||
HX(statfs(".", &stfs) == -1, stfs);
|
||||
|
||||
HX(stat("/", &st) == -1, st);
|
||||
HX(statvfs("/", &stvfs) == -1, stvfs);
|
||||
HX(statfs("/", &stfs) == -1, stfs);
|
||||
|
||||
HX((e = fstat(0, &st)) == -1, st);
|
||||
if (e == -1) {
|
||||
if (S_ISREG(st.st_mode) ||
|
||||
S_ISFIFO(st.st_mode) ||
|
||||
S_ISSOCK(st.st_mode)) {
|
||||
HX(fstatvfs(0, &stvfs) == -1,
|
||||
stvfs);
|
||||
HX(fstatfs(0, &stfs) == -1,
|
||||
stfs);
|
||||
HX((off = lseek(0, (off_t)0,
|
||||
SEEK_CUR)) < 0, off);
|
||||
}
|
||||
if (S_ISCHR(st.st_mode)) {
|
||||
HX(tcgetattr(0, &tios) == -1,
|
||||
tios);
|
||||
} else if (S_ISSOCK(st.st_mode)) {
|
||||
memset(&ss, 0, sizeof ss);
|
||||
ssl = sizeof(ss);
|
||||
HX(getpeername(0,
|
||||
(void *)&ss, &ssl) == -1,
|
||||
ss);
|
||||
}
|
||||
}
|
||||
|
||||
HX((e = getrusage(RUSAGE_CHILDREN,
|
||||
&ru)) == -1, ru);
|
||||
if (e != -1) {
|
||||
cnt += (int)ru.ru_utime.tv_sec;
|
||||
cnt += (int)ru.ru_utime.tv_usec;
|
||||
}
|
||||
} else {
|
||||
/* Subsequent hashes absorb previous result */
|
||||
HD(results);
|
||||
}
|
||||
|
||||
HX((e = gettimeofday(&tv, NULL)) == -1, tv);
|
||||
if (e != -1) {
|
||||
cnt += (int)tv.tv_sec;
|
||||
cnt += (int)tv.tv_usec;
|
||||
}
|
||||
|
||||
HD(cnt);
|
||||
}
|
||||
|
||||
SHA512_Final(results, &ctx);
|
||||
memcpy((char*)buf + i, results, min(sizeof(results), len - i));
|
||||
i += min(sizeof(results), len - i);
|
||||
}
|
||||
memset(results, 0, sizeof results);
|
||||
if (gotdata(buf, len) == 0) {
|
||||
errno = save_errno;
|
||||
return 0; /* satisfied */
|
||||
}
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
435
contrib/unbound/compat/getentropy_solaris.c
Normal file
435
contrib/unbound/compat/getentropy_solaris.c
Normal file
@ -0,0 +1,435 @@
|
||||
/* $OpenBSD: getentropy_solaris.c,v 1.3 2014/07/12 14:46:31 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
|
||||
* Copyright (c) 2014 Bob Beck <beck@obtuse.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "config.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/resource.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <sys/statvfs.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/mman.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/time.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <termios.h>
|
||||
#include <fcntl.h>
|
||||
#include <signal.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#include <time.h>
|
||||
#include <sys/sha2.h>
|
||||
#define SHA512_Init SHA512Init
|
||||
#define SHA512_Update SHA512Update
|
||||
#define SHA512_Final SHA512Final
|
||||
|
||||
#include <sys/vfs.h>
|
||||
#include <sys/statfs.h>
|
||||
#include <sys/loadavg.h>
|
||||
|
||||
#define REPEAT 5
|
||||
#define min(a, b) (((a) < (b)) ? (a) : (b))
|
||||
|
||||
#define HX(a, b) \
|
||||
do { \
|
||||
if ((a)) \
|
||||
HD(errno); \
|
||||
else \
|
||||
HD(b); \
|
||||
} while (0)
|
||||
|
||||
#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
|
||||
#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
|
||||
#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
|
||||
|
||||
int getentropy(void *buf, size_t len);
|
||||
|
||||
#ifdef CAN_REFERENCE_MAIN
|
||||
extern int main(int, char *argv[]);
|
||||
#endif
|
||||
static int gotdata(char *buf, size_t len);
|
||||
static int getentropy_urandom(void *buf, size_t len, const char *path,
|
||||
int devfscheck);
|
||||
static int getentropy_fallback(void *buf, size_t len);
|
||||
|
||||
int
|
||||
getentropy(void *buf, size_t len)
|
||||
{
|
||||
int ret = -1;
|
||||
|
||||
if (len > 256) {
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Try to get entropy with /dev/urandom
|
||||
*
|
||||
* Solaris provides /dev/urandom as a symbolic link to
|
||||
* /devices/pseudo/random@0:urandom which is provided by
|
||||
* a devfs filesystem. Best practice is to use O_NOFOLLOW,
|
||||
* so we must try the unpublished name directly.
|
||||
*
|
||||
* This can fail if the process is inside a chroot which lacks
|
||||
* the devfs mount, or if file descriptors are exhausted.
|
||||
*/
|
||||
ret = getentropy_urandom(buf, len,
|
||||
"/devices/pseudo/random@0:urandom", 1);
|
||||
if (ret != -1)
|
||||
return (ret);
|
||||
|
||||
/*
|
||||
* Unfortunately, chroot spaces on Solaris are sometimes setup
|
||||
* with direct device node of the well-known /dev/urandom name
|
||||
* (perhaps to avoid dragging all of devfs into the space).
|
||||
*
|
||||
* This can fail if the process is inside a chroot or if file
|
||||
* descriptors are exhausted.
|
||||
*/
|
||||
ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
|
||||
if (ret != -1)
|
||||
return (ret);
|
||||
|
||||
/*
|
||||
* Entropy collection via /dev/urandom has failed.
|
||||
*
|
||||
* No other API exists for collecting entropy, and we have
|
||||
* no failsafe way to get it on Solaris that is not sensitive
|
||||
* to resource exhaustion.
|
||||
*
|
||||
* We have very few options:
|
||||
* - Even syslog_r is unsafe to call at this low level, so
|
||||
* there is no way to alert the user or program.
|
||||
* - Cannot call abort() because some systems have unsafe
|
||||
* corefiles.
|
||||
* - Could raise(SIGKILL) resulting in silent program termination.
|
||||
* - Return EIO, to hint that arc4random's stir function
|
||||
* should raise(SIGKILL)
|
||||
* - Do the best under the circumstances....
|
||||
*
|
||||
* This code path exists to bring light to the issue that Solaris
|
||||
* does not provide a failsafe API for entropy collection.
|
||||
*
|
||||
* We hope this demonstrates that Solaris should consider
|
||||
* providing a new failsafe API which works in a chroot or
|
||||
* when file descriptors are exhausted.
|
||||
*/
|
||||
#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
|
||||
#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
|
||||
raise(SIGKILL);
|
||||
#endif
|
||||
ret = getentropy_fallback(buf, len);
|
||||
if (ret != -1)
|
||||
return (ret);
|
||||
|
||||
errno = EIO;
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*
|
||||
* Basic sanity checking; wish we could do better.
|
||||
*/
|
||||
static int
|
||||
gotdata(char *buf, size_t len)
|
||||
{
|
||||
char any_set = 0;
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < len; ++i)
|
||||
any_set |= buf[i];
|
||||
if (any_set == 0)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
|
||||
{
|
||||
struct stat st;
|
||||
size_t i;
|
||||
int fd, flags;
|
||||
int save_errno = errno;
|
||||
|
||||
start:
|
||||
|
||||
flags = O_RDONLY;
|
||||
#ifdef O_NOFOLLOW
|
||||
flags |= O_NOFOLLOW;
|
||||
#endif
|
||||
#ifdef O_CLOEXEC
|
||||
flags |= O_CLOEXEC;
|
||||
#endif
|
||||
fd = open(path, flags, 0);
|
||||
if (fd == -1) {
|
||||
if (errno == EINTR)
|
||||
goto start;
|
||||
goto nodevrandom;
|
||||
}
|
||||
#ifndef O_CLOEXEC
|
||||
fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
|
||||
#endif
|
||||
|
||||
/* Lightly verify that the device node looks sane */
|
||||
if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode) ||
|
||||
(devfscheck && (strcmp(st.st_fstype, "devfs") != 0))) {
|
||||
close(fd);
|
||||
goto nodevrandom;
|
||||
}
|
||||
for (i = 0; i < len; ) {
|
||||
size_t wanted = len - i;
|
||||
ssize_t ret = read(fd, (char*)buf + i, wanted);
|
||||
|
||||
if (ret == -1) {
|
||||
if (errno == EAGAIN || errno == EINTR)
|
||||
continue;
|
||||
close(fd);
|
||||
goto nodevrandom;
|
||||
}
|
||||
i += ret;
|
||||
}
|
||||
close(fd);
|
||||
if (gotdata(buf, len) == 0) {
|
||||
errno = save_errno;
|
||||
return 0; /* satisfied */
|
||||
}
|
||||
nodevrandom:
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
||||
|
||||
static const int cl[] = {
|
||||
CLOCK_REALTIME,
|
||||
#ifdef CLOCK_MONOTONIC
|
||||
CLOCK_MONOTONIC,
|
||||
#endif
|
||||
#ifdef CLOCK_MONOTONIC_RAW
|
||||
CLOCK_MONOTONIC_RAW,
|
||||
#endif
|
||||
#ifdef CLOCK_TAI
|
||||
CLOCK_TAI,
|
||||
#endif
|
||||
#ifdef CLOCK_VIRTUAL
|
||||
CLOCK_VIRTUAL,
|
||||
#endif
|
||||
#ifdef CLOCK_UPTIME
|
||||
CLOCK_UPTIME,
|
||||
#endif
|
||||
#ifdef CLOCK_PROCESS_CPUTIME_ID
|
||||
CLOCK_PROCESS_CPUTIME_ID,
|
||||
#endif
|
||||
#ifdef CLOCK_THREAD_CPUTIME_ID
|
||||
CLOCK_THREAD_CPUTIME_ID,
|
||||
#endif
|
||||
};
|
||||
|
||||
static int
|
||||
getentropy_fallback(void *buf, size_t len)
|
||||
{
|
||||
uint8_t results[SHA512_DIGEST_LENGTH];
|
||||
int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
|
||||
static int cnt;
|
||||
struct timespec ts;
|
||||
struct timeval tv;
|
||||
double loadavg[3];
|
||||
struct rusage ru;
|
||||
sigset_t sigset;
|
||||
struct stat st;
|
||||
SHA512_CTX ctx;
|
||||
static pid_t lastpid;
|
||||
pid_t pid;
|
||||
size_t i, ii, m;
|
||||
char *p;
|
||||
|
||||
pid = getpid();
|
||||
if (lastpid == pid) {
|
||||
faster = 1;
|
||||
repeat = 2;
|
||||
} else {
|
||||
faster = 0;
|
||||
lastpid = pid;
|
||||
repeat = REPEAT;
|
||||
}
|
||||
for (i = 0; i < len; ) {
|
||||
int j;
|
||||
SHA512_Init(&ctx);
|
||||
for (j = 0; j < repeat; j++) {
|
||||
HX((e = gettimeofday(&tv, NULL)) == -1, tv);
|
||||
if (e != -1) {
|
||||
cnt += (int)tv.tv_sec;
|
||||
cnt += (int)tv.tv_usec;
|
||||
}
|
||||
|
||||
for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
|
||||
HX(clock_gettime(cl[ii], &ts) == -1, ts);
|
||||
|
||||
HX((pid = getpid()) == -1, pid);
|
||||
HX((pid = getsid(pid)) == -1, pid);
|
||||
HX((pid = getppid()) == -1, pid);
|
||||
HX((pid = getpgid(0)) == -1, pid);
|
||||
HX((e = getpriority(0, 0)) == -1, e);
|
||||
HX((getloadavg(loadavg, 3) == -1), loadavg);
|
||||
|
||||
if (!faster) {
|
||||
ts.tv_sec = 0;
|
||||
ts.tv_nsec = 1;
|
||||
(void) nanosleep(&ts, NULL);
|
||||
}
|
||||
|
||||
HX(sigpending(&sigset) == -1, sigset);
|
||||
HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
|
||||
sigset);
|
||||
|
||||
#ifdef CAN_REFERENCE_MAIN
|
||||
HF(main); /* an addr in program */
|
||||
#endif
|
||||
HF(getentropy); /* an addr in this library */
|
||||
HF(printf); /* an addr in libc */
|
||||
p = (char *)&p;
|
||||
HD(p); /* an addr on stack */
|
||||
p = (char *)&errno;
|
||||
HD(p); /* the addr of errno */
|
||||
|
||||
if (i == 0) {
|
||||
struct sockaddr_storage ss;
|
||||
struct statvfs stvfs;
|
||||
struct termios tios;
|
||||
socklen_t ssl;
|
||||
off_t off;
|
||||
|
||||
/*
|
||||
* Prime-sized mappings encourage fragmentation;
|
||||
* thus exposing some address entropy.
|
||||
*/
|
||||
struct mm {
|
||||
size_t npg;
|
||||
void *p;
|
||||
} mm[] = {
|
||||
{ 17, MAP_FAILED }, { 3, MAP_FAILED },
|
||||
{ 11, MAP_FAILED }, { 2, MAP_FAILED },
|
||||
{ 5, MAP_FAILED }, { 3, MAP_FAILED },
|
||||
{ 7, MAP_FAILED }, { 1, MAP_FAILED },
|
||||
{ 57, MAP_FAILED }, { 3, MAP_FAILED },
|
||||
{ 131, MAP_FAILED }, { 1, MAP_FAILED },
|
||||
};
|
||||
|
||||
for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
|
||||
HX(mm[m].p = mmap(NULL,
|
||||
mm[m].npg * pgs,
|
||||
PROT_READ|PROT_WRITE,
|
||||
MAP_PRIVATE|MAP_ANON, -1,
|
||||
(off_t)0), mm[m].p);
|
||||
if (mm[m].p != MAP_FAILED) {
|
||||
size_t mo;
|
||||
|
||||
/* Touch some memory... */
|
||||
p = mm[m].p;
|
||||
mo = cnt %
|
||||
(mm[m].npg * pgs - 1);
|
||||
p[mo] = 1;
|
||||
cnt += (int)((long)(mm[m].p)
|
||||
/ pgs);
|
||||
}
|
||||
|
||||
/* Check cnts and times... */
|
||||
for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
|
||||
ii++) {
|
||||
HX((e = clock_gettime(cl[ii],
|
||||
&ts)) == -1, ts);
|
||||
if (e != -1)
|
||||
cnt += (int)ts.tv_nsec;
|
||||
}
|
||||
|
||||
HX((e = getrusage(RUSAGE_SELF,
|
||||
&ru)) == -1, ru);
|
||||
if (e != -1) {
|
||||
cnt += (int)ru.ru_utime.tv_sec;
|
||||
cnt += (int)ru.ru_utime.tv_usec;
|
||||
}
|
||||
}
|
||||
|
||||
for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
|
||||
if (mm[m].p != MAP_FAILED)
|
||||
munmap(mm[m].p, mm[m].npg * pgs);
|
||||
mm[m].p = MAP_FAILED;
|
||||
}
|
||||
|
||||
HX(stat(".", &st) == -1, st);
|
||||
HX(statvfs(".", &stvfs) == -1, stvfs);
|
||||
|
||||
HX(stat("/", &st) == -1, st);
|
||||
HX(statvfs("/", &stvfs) == -1, stvfs);
|
||||
|
||||
HX((e = fstat(0, &st)) == -1, st);
|
||||
if (e == -1) {
|
||||
if (S_ISREG(st.st_mode) ||
|
||||
S_ISFIFO(st.st_mode) ||
|
||||
S_ISSOCK(st.st_mode)) {
|
||||
HX(fstatvfs(0, &stvfs) == -1,
|
||||
stvfs);
|
||||
HX((off = lseek(0, (off_t)0,
|
||||
SEEK_CUR)) < 0, off);
|
||||
}
|
||||
if (S_ISCHR(st.st_mode)) {
|
||||
HX(tcgetattr(0, &tios) == -1,
|
||||
tios);
|
||||
} else if (S_ISSOCK(st.st_mode)) {
|
||||
memset(&ss, 0, sizeof ss);
|
||||
ssl = sizeof(ss);
|
||||
HX(getpeername(0,
|
||||
(void *)&ss, &ssl) == -1,
|
||||
ss);
|
||||
}
|
||||
}
|
||||
|
||||
HX((e = getrusage(RUSAGE_CHILDREN,
|
||||
&ru)) == -1, ru);
|
||||
if (e != -1) {
|
||||
cnt += (int)ru.ru_utime.tv_sec;
|
||||
cnt += (int)ru.ru_utime.tv_usec;
|
||||
}
|
||||
} else {
|
||||
/* Subsequent hashes absorb previous result */
|
||||
HD(results);
|
||||
}
|
||||
|
||||
HX((e = gettimeofday(&tv, NULL)) == -1, tv);
|
||||
if (e != -1) {
|
||||
cnt += (int)tv.tv_sec;
|
||||
cnt += (int)tv.tv_usec;
|
||||
}
|
||||
|
||||
HD(cnt);
|
||||
}
|
||||
SHA512_Final(results, &ctx);
|
||||
memcpy((char*)buf + i, results, min(sizeof(results), len - i));
|
||||
i += min(sizeof(results), len - i);
|
||||
}
|
||||
memset(results, 0, sizeof results);
|
||||
if (gotdata(buf, len) == 0) {
|
||||
errno = save_errno;
|
||||
return 0; /* satisfied */
|
||||
}
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
56
contrib/unbound/compat/getentropy_win.c
Normal file
56
contrib/unbound/compat/getentropy_win.c
Normal file
@ -0,0 +1,56 @@
|
||||
/* $OpenBSD$ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
|
||||
* Copyright (c) 2014, Bob Beck <beck@obtuse.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <windows.h>
|
||||
#include <errno.h>
|
||||
#include <stdint.h>
|
||||
#include <sys/types.h>
|
||||
#include <wincrypt.h>
|
||||
#include <process.h>
|
||||
|
||||
int getentropy(void *buf, size_t len);
|
||||
|
||||
/*
|
||||
* On Windows, CryptGenRandom is supposed to be a well-seeded
|
||||
* cryptographically strong random number generator.
|
||||
*/
|
||||
int
|
||||
getentropy(void *buf, size_t len)
|
||||
{
|
||||
HCRYPTPROV provider;
|
||||
|
||||
if (len > 256) {
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
|
||||
CRYPT_VERIFYCONTEXT) == 0)
|
||||
goto fail;
|
||||
if (CryptGenRandom(provider, len, buf) == 0) {
|
||||
CryptReleaseContext(provider, 0);
|
||||
goto fail;
|
||||
}
|
||||
CryptReleaseContext(provider, 0);
|
||||
return (0);
|
||||
|
||||
fail:
|
||||
errno = EIO;
|
||||
return (-1);
|
||||
}
|
@ -103,7 +103,7 @@ inet_aton(const char *cp, struct in_addr *addr)
|
||||
* Values are specified as for C:
|
||||
* 0x=hex, 0=octal, isdigit=decimal.
|
||||
*/
|
||||
if (!isdigit(c))
|
||||
if (!isdigit((unsigned char)c))
|
||||
return (0);
|
||||
val = 0; base = 10;
|
||||
if (c == '0') {
|
||||
@ -114,12 +114,12 @@ inet_aton(const char *cp, struct in_addr *addr)
|
||||
base = 8;
|
||||
}
|
||||
for (;;) {
|
||||
if (isascii(c) && isdigit(c)) {
|
||||
if (isascii((unsigned char)c) && isdigit((unsigned char)c)) {
|
||||
val = (val * base) + (c - '0');
|
||||
c = *++cp;
|
||||
} else if (base == 16 && isascii(c) && isxdigit(c)) {
|
||||
} else if (base == 16 && isascii((unsigned char)c) && isxdigit((unsigned char)c)) {
|
||||
val = (val << 4) |
|
||||
(c + 10 - (islower(c) ? 'a' : 'A'));
|
||||
(c + 10 - (islower((unsigned char)c) ? 'a' : 'A'));
|
||||
c = *++cp;
|
||||
} else
|
||||
break;
|
||||
@ -141,7 +141,7 @@ inet_aton(const char *cp, struct in_addr *addr)
|
||||
/*
|
||||
* Check for trailing characters.
|
||||
*/
|
||||
if (c != '\0' && (!isascii(c) || !isspace(c)))
|
||||
if (c != '\0' && (!isascii((unsigned char)c) || !isspace((unsigned char)c)))
|
||||
return (0);
|
||||
/*
|
||||
* Concoct the address according to
|
||||
|
@ -28,7 +28,7 @@ void *memmove(void *dest, const void *src, size_t n)
|
||||
to[i] = from[i];
|
||||
return dest;
|
||||
}
|
||||
if (from > to && from-to < (int)n) {
|
||||
if (from > to && from-to < (int)n) {
|
||||
/* to overlaps with from */
|
||||
/* <from......> */
|
||||
/* <to........> */
|
||||
|
477
contrib/unbound/compat/sha512.c
Normal file
477
contrib/unbound/compat/sha512.c
Normal file
@ -0,0 +1,477 @@
|
||||
/*
|
||||
* FILE: sha2.c
|
||||
* AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/
|
||||
*
|
||||
* Copyright (c) 2000-2001, Aaron D. Gifford
|
||||
* All rights reserved.
|
||||
*
|
||||
* Modified by Jelte Jansen to fit in ldns, and not clash with any
|
||||
* system-defined SHA code.
|
||||
* Changes:
|
||||
* - Renamed (external) functions and constants to fit ldns style
|
||||
* - Removed _End and _Data functions
|
||||
* - Added ldns_shaX(data, len, digest) convenience functions
|
||||
* - Removed prototypes of _Transform functions and made those static
|
||||
* Modified by Wouter, and trimmed, to provide SHA512 for getentropy_fallback.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the copyright holder nor the names of contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
|
||||
*/
|
||||
#include "config.h"
|
||||
|
||||
#include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
|
||||
#include <assert.h> /* assert() */
|
||||
|
||||
/* do we have sha512 header defs */
|
||||
#ifndef SHA512_DIGEST_LENGTH
|
||||
#define SHA512_BLOCK_LENGTH 128
|
||||
#define SHA512_DIGEST_LENGTH 64
|
||||
#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1)
|
||||
typedef struct _SHA512_CTX {
|
||||
uint64_t state[8];
|
||||
uint64_t bitcount[2];
|
||||
uint8_t buffer[SHA512_BLOCK_LENGTH];
|
||||
} SHA512_CTX;
|
||||
#endif /* do we have sha512 header defs */
|
||||
|
||||
void SHA512_Init(SHA512_CTX*);
|
||||
void SHA512_Update(SHA512_CTX*, void*, size_t);
|
||||
void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
|
||||
unsigned char *SHA512(void *data, unsigned int data_len, unsigned char *digest);
|
||||
|
||||
|
||||
/*** SHA-256/384/512 Machine Architecture Definitions *****************/
|
||||
/*
|
||||
* BYTE_ORDER NOTE:
|
||||
*
|
||||
* Please make sure that your system defines BYTE_ORDER. If your
|
||||
* architecture is little-endian, make sure it also defines
|
||||
* LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
|
||||
* equivilent.
|
||||
*
|
||||
* If your system does not define the above, then you can do so by
|
||||
* hand like this:
|
||||
*
|
||||
* #define LITTLE_ENDIAN 1234
|
||||
* #define BIG_ENDIAN 4321
|
||||
*
|
||||
* And for little-endian machines, add:
|
||||
*
|
||||
* #define BYTE_ORDER LITTLE_ENDIAN
|
||||
*
|
||||
* Or for big-endian machines:
|
||||
*
|
||||
* #define BYTE_ORDER BIG_ENDIAN
|
||||
*
|
||||
* The FreeBSD machine this was written on defines BYTE_ORDER
|
||||
* appropriately by including <sys/types.h> (which in turn includes
|
||||
* <machine/endian.h> where the appropriate definitions are actually
|
||||
* made).
|
||||
*/
|
||||
#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
|
||||
#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
|
||||
#endif
|
||||
|
||||
typedef uint8_t sha2_byte; /* Exactly 1 byte */
|
||||
typedef uint32_t sha2_word32; /* Exactly 4 bytes */
|
||||
#ifdef S_SPLINT_S
|
||||
typedef unsigned long long sha2_word64; /* lint 8 bytes */
|
||||
#else
|
||||
typedef uint64_t sha2_word64; /* Exactly 8 bytes */
|
||||
#endif
|
||||
|
||||
/*** SHA-256/384/512 Various Length Definitions ***********************/
|
||||
#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
|
||||
|
||||
|
||||
/*** ENDIAN REVERSAL MACROS *******************************************/
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
#define REVERSE32(w,x) { \
|
||||
sha2_word32 tmp = (w); \
|
||||
tmp = (tmp >> 16) | (tmp << 16); \
|
||||
(x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
|
||||
}
|
||||
#ifndef S_SPLINT_S
|
||||
#define REVERSE64(w,x) { \
|
||||
sha2_word64 tmp = (w); \
|
||||
tmp = (tmp >> 32) | (tmp << 32); \
|
||||
tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
|
||||
((tmp & 0x00ff00ff00ff00ffULL) << 8); \
|
||||
(x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
|
||||
((tmp & 0x0000ffff0000ffffULL) << 16); \
|
||||
}
|
||||
#else /* splint */
|
||||
#define REVERSE64(w,x) /* splint */
|
||||
#endif /* splint */
|
||||
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
|
||||
|
||||
/*
|
||||
* Macro for incrementally adding the unsigned 64-bit integer n to the
|
||||
* unsigned 128-bit integer (represented using a two-element array of
|
||||
* 64-bit words):
|
||||
*/
|
||||
#define ADDINC128(w,n) { \
|
||||
(w)[0] += (sha2_word64)(n); \
|
||||
if ((w)[0] < (n)) { \
|
||||
(w)[1]++; \
|
||||
} \
|
||||
}
|
||||
#ifdef S_SPLINT_S
|
||||
#undef ADDINC128
|
||||
#define ADDINC128(w,n) /* splint */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Macros for copying blocks of memory and for zeroing out ranges
|
||||
* of memory. Using these macros makes it easy to switch from
|
||||
* using memset()/memcpy() and using bzero()/bcopy().
|
||||
*
|
||||
* Please define either SHA2_USE_MEMSET_MEMCPY or define
|
||||
* SHA2_USE_BZERO_BCOPY depending on which function set you
|
||||
* choose to use:
|
||||
*/
|
||||
#if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
|
||||
/* Default to memset()/memcpy() if no option is specified */
|
||||
#define SHA2_USE_MEMSET_MEMCPY 1
|
||||
#endif
|
||||
#if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
|
||||
/* Abort with an error if BOTH options are defined */
|
||||
#error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
|
||||
#endif
|
||||
|
||||
#ifdef SHA2_USE_MEMSET_MEMCPY
|
||||
#define MEMSET_BZERO(p,l) memset((p), 0, (l))
|
||||
#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
|
||||
#endif
|
||||
#ifdef SHA2_USE_BZERO_BCOPY
|
||||
#define MEMSET_BZERO(p,l) bzero((p), (l))
|
||||
#define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
|
||||
#endif
|
||||
|
||||
|
||||
/*** THE SIX LOGICAL FUNCTIONS ****************************************/
|
||||
/*
|
||||
* Bit shifting and rotation (used by the six SHA-XYZ logical functions:
|
||||
*
|
||||
* NOTE: The naming of R and S appears backwards here (R is a SHIFT and
|
||||
* S is a ROTATION) because the SHA-256/384/512 description document
|
||||
* (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
|
||||
* same "backwards" definition.
|
||||
*/
|
||||
/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
|
||||
#define R(b,x) ((x) >> (b))
|
||||
/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
|
||||
#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
|
||||
|
||||
/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
|
||||
#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
|
||||
#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
|
||||
|
||||
/* Four of six logical functions used in SHA-384 and SHA-512: */
|
||||
#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
|
||||
#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
|
||||
#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
|
||||
#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
|
||||
|
||||
/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
|
||||
/* Hash constant words K for SHA-384 and SHA-512: */
|
||||
static const sha2_word64 K512[80] = {
|
||||
0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
|
||||
0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
|
||||
0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
|
||||
0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
|
||||
0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
|
||||
0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
|
||||
0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
|
||||
0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
|
||||
0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
|
||||
0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
|
||||
0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
|
||||
0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
|
||||
0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
|
||||
0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
|
||||
0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
|
||||
0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
|
||||
0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
|
||||
0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
|
||||
0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
|
||||
0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
|
||||
0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
|
||||
0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
|
||||
0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
|
||||
0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
|
||||
0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
|
||||
0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
|
||||
0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
|
||||
0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
|
||||
0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
|
||||
0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
|
||||
0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
|
||||
0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
|
||||
0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
|
||||
0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
|
||||
0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
|
||||
0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
|
||||
0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
|
||||
0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
|
||||
0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
|
||||
0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
|
||||
};
|
||||
|
||||
/* initial hash value H for SHA-512 */
|
||||
static const sha2_word64 sha512_initial_hash_value[8] = {
|
||||
0x6a09e667f3bcc908ULL,
|
||||
0xbb67ae8584caa73bULL,
|
||||
0x3c6ef372fe94f82bULL,
|
||||
0xa54ff53a5f1d36f1ULL,
|
||||
0x510e527fade682d1ULL,
|
||||
0x9b05688c2b3e6c1fULL,
|
||||
0x1f83d9abfb41bd6bULL,
|
||||
0x5be0cd19137e2179ULL
|
||||
};
|
||||
|
||||
typedef union _ldns_sha2_buffer_union {
|
||||
uint8_t* theChars;
|
||||
uint64_t* theLongs;
|
||||
} ldns_sha2_buffer_union;
|
||||
|
||||
/*** SHA-512: *********************************************************/
|
||||
void SHA512_Init(SHA512_CTX* context) {
|
||||
if (context == (SHA512_CTX*)0) {
|
||||
return;
|
||||
}
|
||||
MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
|
||||
MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH);
|
||||
context->bitcount[0] = context->bitcount[1] = 0;
|
||||
}
|
||||
|
||||
static void SHA512_Transform(SHA512_CTX* context,
|
||||
const sha2_word64* data) {
|
||||
sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
|
||||
sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer;
|
||||
int j;
|
||||
|
||||
/* initialize registers with the prev. intermediate value */
|
||||
a = context->state[0];
|
||||
b = context->state[1];
|
||||
c = context->state[2];
|
||||
d = context->state[3];
|
||||
e = context->state[4];
|
||||
f = context->state[5];
|
||||
g = context->state[6];
|
||||
h = context->state[7];
|
||||
|
||||
j = 0;
|
||||
do {
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
/* Convert TO host byte order */
|
||||
REVERSE64(*data++, W512[j]);
|
||||
/* Apply the SHA-512 compression function to update a..h */
|
||||
T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
|
||||
#else /* BYTE_ORDER == LITTLE_ENDIAN */
|
||||
/* Apply the SHA-512 compression function to update a..h with copy */
|
||||
T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
|
||||
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
|
||||
T2 = Sigma0_512(a) + Maj(a, b, c);
|
||||
h = g;
|
||||
g = f;
|
||||
f = e;
|
||||
e = d + T1;
|
||||
d = c;
|
||||
c = b;
|
||||
b = a;
|
||||
a = T1 + T2;
|
||||
|
||||
j++;
|
||||
} while (j < 16);
|
||||
|
||||
do {
|
||||
/* Part of the message block expansion: */
|
||||
s0 = W512[(j+1)&0x0f];
|
||||
s0 = sigma0_512(s0);
|
||||
s1 = W512[(j+14)&0x0f];
|
||||
s1 = sigma1_512(s1);
|
||||
|
||||
/* Apply the SHA-512 compression function to update a..h */
|
||||
T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
|
||||
(W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
|
||||
T2 = Sigma0_512(a) + Maj(a, b, c);
|
||||
h = g;
|
||||
g = f;
|
||||
f = e;
|
||||
e = d + T1;
|
||||
d = c;
|
||||
c = b;
|
||||
b = a;
|
||||
a = T1 + T2;
|
||||
|
||||
j++;
|
||||
} while (j < 80);
|
||||
|
||||
/* Compute the current intermediate hash value */
|
||||
context->state[0] += a;
|
||||
context->state[1] += b;
|
||||
context->state[2] += c;
|
||||
context->state[3] += d;
|
||||
context->state[4] += e;
|
||||
context->state[5] += f;
|
||||
context->state[6] += g;
|
||||
context->state[7] += h;
|
||||
|
||||
/* Clean up */
|
||||
a = b = c = d = e = f = g = h = T1 = T2 = 0;
|
||||
}
|
||||
|
||||
void SHA512_Update(SHA512_CTX* context, void *datain, size_t len) {
|
||||
size_t freespace, usedspace;
|
||||
const sha2_byte* data = (const sha2_byte*)datain;
|
||||
|
||||
if (len == 0) {
|
||||
/* Calling with no data is valid - we do nothing */
|
||||
return;
|
||||
}
|
||||
|
||||
/* Sanity check: */
|
||||
assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);
|
||||
|
||||
usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
|
||||
if (usedspace > 0) {
|
||||
/* Calculate how much free space is available in the buffer */
|
||||
freespace = SHA512_BLOCK_LENGTH - usedspace;
|
||||
|
||||
if (len >= freespace) {
|
||||
/* Fill the buffer completely and process it */
|
||||
MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
|
||||
ADDINC128(context->bitcount, freespace << 3);
|
||||
len -= freespace;
|
||||
data += freespace;
|
||||
SHA512_Transform(context, (sha2_word64*)context->buffer);
|
||||
} else {
|
||||
/* The buffer is not yet full */
|
||||
MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
|
||||
ADDINC128(context->bitcount, len << 3);
|
||||
/* Clean up: */
|
||||
usedspace = freespace = 0;
|
||||
return;
|
||||
}
|
||||
}
|
||||
while (len >= SHA512_BLOCK_LENGTH) {
|
||||
/* Process as many complete blocks as we can */
|
||||
SHA512_Transform(context, (sha2_word64*)data);
|
||||
ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
|
||||
len -= SHA512_BLOCK_LENGTH;
|
||||
data += SHA512_BLOCK_LENGTH;
|
||||
}
|
||||
if (len > 0) {
|
||||
/* There's left-overs, so save 'em */
|
||||
MEMCPY_BCOPY(context->buffer, data, len);
|
||||
ADDINC128(context->bitcount, len << 3);
|
||||
}
|
||||
/* Clean up: */
|
||||
usedspace = freespace = 0;
|
||||
}
|
||||
|
||||
static void SHA512_Last(SHA512_CTX* context) {
|
||||
size_t usedspace;
|
||||
ldns_sha2_buffer_union cast_var;
|
||||
|
||||
usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
/* Convert FROM host byte order */
|
||||
REVERSE64(context->bitcount[0],context->bitcount[0]);
|
||||
REVERSE64(context->bitcount[1],context->bitcount[1]);
|
||||
#endif
|
||||
if (usedspace > 0) {
|
||||
/* Begin padding with a 1 bit: */
|
||||
context->buffer[usedspace++] = 0x80;
|
||||
|
||||
if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
|
||||
/* Set-up for the last transform: */
|
||||
MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
|
||||
} else {
|
||||
if (usedspace < SHA512_BLOCK_LENGTH) {
|
||||
MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
|
||||
}
|
||||
/* Do second-to-last transform: */
|
||||
SHA512_Transform(context, (sha2_word64*)context->buffer);
|
||||
|
||||
/* And set-up for the last transform: */
|
||||
MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
|
||||
}
|
||||
} else {
|
||||
/* Prepare for final transform: */
|
||||
MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
|
||||
|
||||
/* Begin padding with a 1 bit: */
|
||||
*context->buffer = 0x80;
|
||||
}
|
||||
/* Store the length of input data (in bits): */
|
||||
cast_var.theChars = context->buffer;
|
||||
cast_var.theLongs[SHA512_SHORT_BLOCK_LENGTH / 8] = context->bitcount[1];
|
||||
cast_var.theLongs[SHA512_SHORT_BLOCK_LENGTH / 8 + 1] = context->bitcount[0];
|
||||
|
||||
/* final transform: */
|
||||
SHA512_Transform(context, (sha2_word64*)context->buffer);
|
||||
}
|
||||
|
||||
void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
|
||||
sha2_word64 *d = (sha2_word64*)digest;
|
||||
|
||||
/* Sanity check: */
|
||||
assert(context != (SHA512_CTX*)0);
|
||||
|
||||
/* If no digest buffer is passed, we don't bother doing this: */
|
||||
if (digest != (sha2_byte*)0) {
|
||||
SHA512_Last(context);
|
||||
|
||||
/* Save the hash data for output: */
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
{
|
||||
/* Convert TO host byte order */
|
||||
int j;
|
||||
for (j = 0; j < 8; j++) {
|
||||
REVERSE64(context->state[j],context->state[j]);
|
||||
*d++ = context->state[j];
|
||||
}
|
||||
}
|
||||
#else
|
||||
MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Zero out state data */
|
||||
MEMSET_BZERO(context, sizeof(SHA512_CTX));
|
||||
}
|
||||
|
||||
unsigned char *
|
||||
SHA512(void *data, unsigned int data_len, unsigned char *digest)
|
||||
{
|
||||
SHA512_CTX ctx;
|
||||
SHA512_Init(&ctx);
|
||||
SHA512_Update(&ctx, data, data_len);
|
||||
SHA512_Final(digest, &ctx);
|
||||
return digest;
|
||||
}
|
@ -89,7 +89,7 @@ str2int(const char **buf, int max)
|
||||
{
|
||||
int ret=0, count=0;
|
||||
|
||||
while (*buf[0] != '\0' && isdigit(*buf[0]) && count<max) {
|
||||
while (*buf[0] != '\0' && isdigit((unsigned char)*buf[0]) && count<max) {
|
||||
ret = ret*10 + (*buf[0] - '0');
|
||||
(*buf)++;
|
||||
count++;
|
||||
@ -111,11 +111,11 @@ unbound_strptime(const char *s, const char *format, struct tm *tm)
|
||||
|
||||
while ((c = *format) != '\0') {
|
||||
/* whitespace, literal or format */
|
||||
if (isspace(c)) { /* whitespace */
|
||||
if (isspace((unsigned char)c)) { /* whitespace */
|
||||
/** whitespace matches zero or more whitespace characters in the
|
||||
* input string.
|
||||
**/
|
||||
while (isspace(*s))
|
||||
while (isspace((unsigned char)*s))
|
||||
s++;
|
||||
}
|
||||
else if (c == '%') { /* format */
|
||||
@ -221,7 +221,7 @@ unbound_strptime(const char *s, const char *format, struct tm *tm)
|
||||
break;
|
||||
case 'n': /* arbitrary whitespace */
|
||||
case 't':
|
||||
while (isspace(*s))
|
||||
while (isspace((unsigned char)*s))
|
||||
s++;
|
||||
break;
|
||||
case 'p': /* am pm */
|
||||
|
182
contrib/unbound/config.guess
vendored
182
contrib/unbound/config.guess
vendored
@ -1,14 +1,12 @@
|
||||
#! /bin/sh
|
||||
# Attempt to guess a canonical system name.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
|
||||
# 2011, 2012 Free Software Foundation, Inc.
|
||||
# Copyright 1992-2013 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2012-06-10'
|
||||
timestamp='2013-06-10'
|
||||
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
@ -22,19 +20,17 @@ timestamp='2012-06-10'
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
# configuration script generated by Autoconf, you may include it under
|
||||
# the same distribution terms that you use for the rest of that program.
|
||||
|
||||
|
||||
# Originally written by Per Bothner. Please send patches (context
|
||||
# diff format) to <config-patches@gnu.org> and include a ChangeLog
|
||||
# entry.
|
||||
# the same distribution terms that you use for the rest of that
|
||||
# program. This Exception is an additional permission under section 7
|
||||
# of the GNU General Public License, version 3 ("GPLv3").
|
||||
#
|
||||
# This script attempts to guess a canonical system name similar to
|
||||
# config.sub. If it succeeds, it prints the system name on stdout, and
|
||||
# exits with 0. Otherwise, it exits with 1.
|
||||
# Originally written by Per Bothner.
|
||||
#
|
||||
# You can get the latest version of this script from:
|
||||
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
|
||||
#
|
||||
# Please send patches with a ChangeLog entry to config-patches@gnu.org.
|
||||
|
||||
|
||||
me=`echo "$0" | sed -e 's,.*/,,'`
|
||||
|
||||
@ -54,9 +50,7 @@ version="\
|
||||
GNU config.guess ($timestamp)
|
||||
|
||||
Originally written by Per Bothner.
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
|
||||
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
|
||||
Free Software Foundation, Inc.
|
||||
Copyright 1992-2013 Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
@ -138,6 +132,27 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
|
||||
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
|
||||
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
|
||||
|
||||
case "${UNAME_SYSTEM}" in
|
||||
Linux|GNU|GNU/*)
|
||||
# If the system lacks a compiler, then just pick glibc.
|
||||
# We could probably try harder.
|
||||
LIBC=gnu
|
||||
|
||||
eval $set_cc_for_build
|
||||
cat <<-EOF > $dummy.c
|
||||
#include <features.h>
|
||||
#if defined(__UCLIBC__)
|
||||
LIBC=uclibc
|
||||
#elif defined(__dietlibc__)
|
||||
LIBC=dietlibc
|
||||
#else
|
||||
LIBC=gnu
|
||||
#endif
|
||||
EOF
|
||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
|
||||
;;
|
||||
esac
|
||||
|
||||
# Note: order is significant - the case branches are not exclusive.
|
||||
|
||||
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
@ -200,6 +215,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
|
||||
echo "${machine}-${os}${release}"
|
||||
exit ;;
|
||||
*:Bitrig:*:*)
|
||||
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
|
||||
echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:OpenBSD:*:*)
|
||||
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
|
||||
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
|
||||
@ -302,7 +321,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
|
||||
echo arm-acorn-riscix${UNAME_RELEASE}
|
||||
exit ;;
|
||||
arm:riscos:*:*|arm:RISCOS:*:*)
|
||||
arm*:riscos:*:*|arm*:RISCOS:*:*)
|
||||
echo arm-unknown-riscos
|
||||
exit ;;
|
||||
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
|
||||
@ -801,6 +820,9 @@ EOF
|
||||
i*:CYGWIN*:*)
|
||||
echo ${UNAME_MACHINE}-pc-cygwin
|
||||
exit ;;
|
||||
*:MINGW64*:*)
|
||||
echo ${UNAME_MACHINE}-pc-mingw64
|
||||
exit ;;
|
||||
*:MINGW*:*)
|
||||
echo ${UNAME_MACHINE}-pc-mingw32
|
||||
exit ;;
|
||||
@ -852,21 +874,21 @@ EOF
|
||||
exit ;;
|
||||
*:GNU:*:*)
|
||||
# the GNU system
|
||||
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
|
||||
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
|
||||
exit ;;
|
||||
*:GNU/*:*:*)
|
||||
# other systems with GNU libc and userland
|
||||
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
|
||||
exit ;;
|
||||
i*86:Minix:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-minix
|
||||
exit ;;
|
||||
aarch64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
aarch64_be:Linux:*:*)
|
||||
UNAME_MACHINE=aarch64_be
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
alpha:Linux:*:*)
|
||||
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
|
||||
@ -879,59 +901,54 @@ EOF
|
||||
EV68*) UNAME_MACHINE=alphaev68 ;;
|
||||
esac
|
||||
objdump --private-headers /bin/sh | grep -q ld.so.1
|
||||
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
|
||||
if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
arc:Linux:*:* | arceb:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
arm*:Linux:*:*)
|
||||
eval $set_cc_for_build
|
||||
if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
|
||||
| grep -q __ARM_EABI__
|
||||
then
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
else
|
||||
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
|
||||
| grep -q __ARM_PCS_VFP
|
||||
then
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnueabi
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
|
||||
else
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf
|
||||
fi
|
||||
fi
|
||||
exit ;;
|
||||
avr32*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
cris:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-axis-linux-gnu
|
||||
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
|
||||
exit ;;
|
||||
crisv32:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-axis-linux-gnu
|
||||
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
|
||||
exit ;;
|
||||
frv:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
hexagon:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
i*86:Linux:*:*)
|
||||
LIBC=gnu
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
#ifdef __dietlibc__
|
||||
LIBC=dietlibc
|
||||
#endif
|
||||
EOF
|
||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
|
||||
echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
|
||||
echo ${UNAME_MACHINE}-pc-linux-${LIBC}
|
||||
exit ;;
|
||||
ia64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
m32r*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
m68*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
mips:Linux:*:* | mips64:Linux:*:*)
|
||||
eval $set_cc_for_build
|
||||
@ -950,54 +967,63 @@ EOF
|
||||
#endif
|
||||
EOF
|
||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
|
||||
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
|
||||
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
|
||||
;;
|
||||
or1k:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
or32:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
padre:Linux:*:*)
|
||||
echo sparc-unknown-linux-gnu
|
||||
echo sparc-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
parisc64:Linux:*:* | hppa64:Linux:*:*)
|
||||
echo hppa64-unknown-linux-gnu
|
||||
echo hppa64-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
parisc:Linux:*:* | hppa:Linux:*:*)
|
||||
# Look for CPU level
|
||||
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
|
||||
PA7*) echo hppa1.1-unknown-linux-gnu ;;
|
||||
PA8*) echo hppa2.0-unknown-linux-gnu ;;
|
||||
*) echo hppa-unknown-linux-gnu ;;
|
||||
PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
|
||||
PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
|
||||
*) echo hppa-unknown-linux-${LIBC} ;;
|
||||
esac
|
||||
exit ;;
|
||||
ppc64:Linux:*:*)
|
||||
echo powerpc64-unknown-linux-gnu
|
||||
echo powerpc64-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
ppc:Linux:*:*)
|
||||
echo powerpc-unknown-linux-gnu
|
||||
echo powerpc-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
ppc64le:Linux:*:*)
|
||||
echo powerpc64le-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
ppcle:Linux:*:*)
|
||||
echo powerpcle-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
s390:Linux:*:* | s390x:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-ibm-linux
|
||||
echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
|
||||
exit ;;
|
||||
sh64*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
sh*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
sparc:Linux:*:* | sparc64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
tile*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
vax:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-dec-linux-gnu
|
||||
echo ${UNAME_MACHINE}-dec-linux-${LIBC}
|
||||
exit ;;
|
||||
x86_64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
xtensa*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
i*86:DYNIX/ptx:4*:*)
|
||||
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
|
||||
@ -1201,6 +1227,9 @@ EOF
|
||||
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
|
||||
echo i586-pc-haiku
|
||||
exit ;;
|
||||
x86_64:Haiku:*:*)
|
||||
echo x86_64-unknown-haiku
|
||||
exit ;;
|
||||
SX-4:SUPER-UX:*:*)
|
||||
echo sx4-nec-superux${UNAME_RELEASE}
|
||||
exit ;;
|
||||
@ -1227,19 +1256,21 @@ EOF
|
||||
exit ;;
|
||||
*:Darwin:*:*)
|
||||
UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
|
||||
case $UNAME_PROCESSOR in
|
||||
i386)
|
||||
eval $set_cc_for_build
|
||||
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
|
||||
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
|
||||
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
|
||||
grep IS_64BIT_ARCH >/dev/null
|
||||
then
|
||||
UNAME_PROCESSOR="x86_64"
|
||||
fi
|
||||
fi ;;
|
||||
unknown) UNAME_PROCESSOR=powerpc ;;
|
||||
esac
|
||||
eval $set_cc_for_build
|
||||
if test "$UNAME_PROCESSOR" = unknown ; then
|
||||
UNAME_PROCESSOR=powerpc
|
||||
fi
|
||||
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
|
||||
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
|
||||
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
|
||||
grep IS_64BIT_ARCH >/dev/null
|
||||
then
|
||||
case $UNAME_PROCESSOR in
|
||||
i386) UNAME_PROCESSOR=x86_64 ;;
|
||||
powerpc) UNAME_PROCESSOR=powerpc64 ;;
|
||||
esac
|
||||
fi
|
||||
fi
|
||||
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:procnto*:*:* | *:QNX:[0123456789]*:*)
|
||||
@ -1330,9 +1361,6 @@ EOF
|
||||
exit ;;
|
||||
esac
|
||||
|
||||
#echo '(No uname command or uname output not recognized.)' 1>&2
|
||||
#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
|
||||
|
||||
eval $set_cc_for_build
|
||||
cat >$dummy.c <<EOF
|
||||
#ifdef _SEQUENT_
|
||||
|
@ -4,6 +4,9 @@
|
||||
/* Directory to chroot to */
|
||||
#define CHROOT_DIR "/var/unbound"
|
||||
|
||||
/* Do sha512 definitions in config.h */
|
||||
/* #undef COMPAT_SHA512 */
|
||||
|
||||
/* Pathname to the Unbound configuration file */
|
||||
#define CONFIGFILE "/var/unbound/unbound.conf"
|
||||
|
||||
@ -14,6 +17,9 @@
|
||||
/* Whether daemon is deprecated */
|
||||
/* #undef DEPRECATED_DAEMON */
|
||||
|
||||
/* default dnstap socket path */
|
||||
/* #undef DNSTAP_SOCKET_PATH */
|
||||
|
||||
/* Define if you want to use debug lock checking (slow). */
|
||||
/* #undef ENABLE_LOCK_CHECKS */
|
||||
|
||||
@ -22,6 +28,12 @@
|
||||
internal symbols */
|
||||
/* #undef EXPORT_ALL_SYMBOLS */
|
||||
|
||||
/* Define to 1 if you have the `arc4random' function. */
|
||||
#define HAVE_ARC4RANDOM 1
|
||||
|
||||
/* Define to 1 if you have the `arc4random_uniform' function. */
|
||||
#define HAVE_ARC4RANDOM_UNIFORM 1
|
||||
|
||||
/* Define to 1 if you have the <arpa/inet.h> header file. */
|
||||
#define HAVE_ARPA_INET_H 1
|
||||
|
||||
@ -43,6 +55,14 @@
|
||||
/* Define to 1 if you have the `daemon' function. */
|
||||
#define HAVE_DAEMON 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `arc4random', and to 0 if you
|
||||
don't. */
|
||||
/* #undef HAVE_DECL_ARC4RANDOM */
|
||||
|
||||
/* Define to 1 if you have the declaration of `arc4random_uniform', and to 0
|
||||
if you don't. */
|
||||
/* #undef HAVE_DECL_ARC4RANDOM_UNIFORM */
|
||||
|
||||
/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_NID_SECP384R1 1
|
||||
@ -59,9 +79,20 @@
|
||||
`SSL_COMP_get_compression_methods', and to 0 if you don't. */
|
||||
#define HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `strlcat', and to 0 if you
|
||||
don't. */
|
||||
/* #undef HAVE_DECL_STRLCAT */
|
||||
|
||||
/* Define to 1 if you have the declaration of `strlcpy', and to 0 if you
|
||||
don't. */
|
||||
/* #undef HAVE_DECL_STRLCPY */
|
||||
|
||||
/* Define to 1 if you have the <dlfcn.h> header file. */
|
||||
#define HAVE_DLFCN_H 1
|
||||
|
||||
/* Define to 1 if you have the <endian.h> header file. */
|
||||
/* #undef HAVE_ENDIAN_H */
|
||||
|
||||
/* Define to 1 if you have the `endprotoent' function. */
|
||||
#define HAVE_ENDPROTOENT 1
|
||||
|
||||
@ -116,6 +147,9 @@
|
||||
/* Whether getaddrinfo is available */
|
||||
#define HAVE_GETADDRINFO 1
|
||||
|
||||
/* Define to 1 if you have the `getentropy' function. */
|
||||
/* #undef HAVE_GETENTROPY */
|
||||
|
||||
/* Define to 1 if you have the <getopt.h> header file. */
|
||||
#define HAVE_GETOPT_H 1
|
||||
|
||||
@ -164,6 +198,9 @@
|
||||
/* Define to 1 if you have the `kill' function. */
|
||||
#define HAVE_KILL 1
|
||||
|
||||
/* Define if we have LibreSSL */
|
||||
/* #undef HAVE_LIBRESSL */
|
||||
|
||||
/* Define to 1 if you have the `localtime_r' function. */
|
||||
#define HAVE_LOCALTIME_R 1
|
||||
|
||||
@ -257,6 +294,9 @@
|
||||
/* Define to 1 if you have the `setusercontext' function. */
|
||||
#define HAVE_SETUSERCONTEXT 1
|
||||
|
||||
/* Define to 1 if you have the `SHA512_Update' function. */
|
||||
/* #undef HAVE_SHA512_UPDATE */
|
||||
|
||||
/* Define to 1 if you have the `sigprocmask' function. */
|
||||
#define HAVE_SIGPROCMASK 1
|
||||
|
||||
@ -323,12 +363,18 @@
|
||||
/* Define to 1 if you have the <sys/resource.h> header file. */
|
||||
#define HAVE_SYS_RESOURCE_H 1
|
||||
|
||||
/* Define to 1 if you have the <sys/sha2.h> header file. */
|
||||
/* #undef HAVE_SYS_SHA2_H */
|
||||
|
||||
/* Define to 1 if you have the <sys/socket.h> header file. */
|
||||
#define HAVE_SYS_SOCKET_H 1
|
||||
|
||||
/* Define to 1 if you have the <sys/stat.h> header file. */
|
||||
#define HAVE_SYS_STAT_H 1
|
||||
|
||||
/* Define to 1 if you have the <sys/sysctl.h> header file. */
|
||||
/* #undef HAVE_SYS_SYSCTL_H */
|
||||
|
||||
/* Define to 1 if you have the <sys/types.h> header file. */
|
||||
#define HAVE_SYS_TYPES_H 1
|
||||
|
||||
@ -383,8 +429,7 @@
|
||||
/* if lex has yylex_destroy */
|
||||
#define LEX_HAS_YYLEX_DESTROY 1
|
||||
|
||||
/* Define to the sub-directory in which libtool stores uninstalled libraries.
|
||||
*/
|
||||
/* Define to the sub-directory where libtool stores uninstalled libraries. */
|
||||
#define LT_OBJDIR ".libs/"
|
||||
|
||||
/* Define to the maximum message length to pass to syslog. */
|
||||
@ -431,7 +476,7 @@
|
||||
#define PACKAGE_NAME "unbound"
|
||||
|
||||
/* Define to the full name and version of this package. */
|
||||
#define PACKAGE_STRING "unbound 1.4.22"
|
||||
#define PACKAGE_STRING "unbound 1.5.1"
|
||||
|
||||
/* Define to the one symbol short name of this package. */
|
||||
#define PACKAGE_TARNAME "unbound"
|
||||
@ -440,7 +485,7 @@
|
||||
#define PACKAGE_URL ""
|
||||
|
||||
/* Define to the version of this package. */
|
||||
#define PACKAGE_VERSION "1.4.22"
|
||||
#define PACKAGE_VERSION "1.5.1"
|
||||
|
||||
/* default pidfile location */
|
||||
#define PIDFILE "/var/unbound/unbound.pid"
|
||||
@ -459,7 +504,7 @@
|
||||
#define ROOT_CERT_FILE "/var/unbound/icannbundle.pem"
|
||||
|
||||
/* version number for resource files */
|
||||
#define RSRC_PACKAGE_VERSION 1,4,22,0
|
||||
#define RSRC_PACKAGE_VERSION 1,5,1,0
|
||||
|
||||
/* Directory to chdir to */
|
||||
#define RUN_DIR "/var/unbound"
|
||||
@ -494,6 +539,9 @@
|
||||
/* define this to enable debug checks. */
|
||||
/* #undef UNBOUND_DEBUG */
|
||||
|
||||
/* Define to 1 to enable dnstap support */
|
||||
/* #undef USE_DNSTAP */
|
||||
|
||||
/* Define this to enable ECDSA support. */
|
||||
#define USE_ECDSA 1
|
||||
|
||||
@ -880,6 +928,50 @@ struct tm;
|
||||
char *strptime(const char *s, const char *format, struct tm *tm);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBRESSL
|
||||
# if !HAVE_DECL_STRLCPY
|
||||
size_t strlcpy(char *dst, const char *src, size_t siz);
|
||||
# endif
|
||||
# if !HAVE_DECL_STRLCAT
|
||||
size_t strlcat(char *dst, const char *src, size_t siz);
|
||||
# endif
|
||||
# if !HAVE_DECL_ARC4RANDOM && defined(HAVE_ARC4RANDOM)
|
||||
uint32_t arc4random(void);
|
||||
# endif
|
||||
# if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM)
|
||||
uint32_t arc4random_uniform(uint32_t upper_bound);
|
||||
# endif
|
||||
#endif /* HAVE_LIBRESSL */
|
||||
#ifndef HAVE_ARC4RANDOM
|
||||
void explicit_bzero(void* buf, size_t len);
|
||||
int getentropy(void* buf, size_t len);
|
||||
uint32_t arc4random(void);
|
||||
void arc4random_buf(void* buf, size_t n);
|
||||
void _ARC4_LOCK(void);
|
||||
void _ARC4_UNLOCK(void);
|
||||
#endif
|
||||
#ifndef HAVE_ARC4RANDOM_UNIFORM
|
||||
uint32_t arc4random_uniform(uint32_t upper_bound);
|
||||
#endif
|
||||
#ifdef COMPAT_SHA512
|
||||
#ifndef SHA512_DIGEST_LENGTH
|
||||
#define SHA512_BLOCK_LENGTH 128
|
||||
#define SHA512_DIGEST_LENGTH 64
|
||||
#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1)
|
||||
typedef struct _SHA512_CTX {
|
||||
uint64_t state[8];
|
||||
uint64_t bitcount[2];
|
||||
uint8_t buffer[SHA512_BLOCK_LENGTH];
|
||||
} SHA512_CTX;
|
||||
#endif /* SHA512_DIGEST_LENGTH */
|
||||
void SHA512_Init(SHA512_CTX*);
|
||||
void SHA512_Update(SHA512_CTX*, void*, size_t);
|
||||
void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
|
||||
unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest);
|
||||
#endif /* COMPAT_SHA512 */
|
||||
|
||||
|
||||
|
||||
#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && (defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS))
|
||||
/* using version of libevent that is not threadsafe. */
|
||||
# define LIBEVENT_SIGNAL_PROBLEM 1
|
||||
|
@ -3,6 +3,9 @@
|
||||
/* Directory to chroot to */
|
||||
#undef CHROOT_DIR
|
||||
|
||||
/* Do sha512 definitions in config.h */
|
||||
#undef COMPAT_SHA512
|
||||
|
||||
/* Pathname to the Unbound configuration file */
|
||||
#undef CONFIGFILE
|
||||
|
||||
@ -13,6 +16,9 @@
|
||||
/* Whether daemon is deprecated */
|
||||
#undef DEPRECATED_DAEMON
|
||||
|
||||
/* default dnstap socket path */
|
||||
#undef DNSTAP_SOCKET_PATH
|
||||
|
||||
/* Define if you want to use debug lock checking (slow). */
|
||||
#undef ENABLE_LOCK_CHECKS
|
||||
|
||||
@ -21,6 +27,12 @@
|
||||
internal symbols */
|
||||
#undef EXPORT_ALL_SYMBOLS
|
||||
|
||||
/* Define to 1 if you have the `arc4random' function. */
|
||||
#undef HAVE_ARC4RANDOM
|
||||
|
||||
/* Define to 1 if you have the `arc4random_uniform' function. */
|
||||
#undef HAVE_ARC4RANDOM_UNIFORM
|
||||
|
||||
/* Define to 1 if you have the <arpa/inet.h> header file. */
|
||||
#undef HAVE_ARPA_INET_H
|
||||
|
||||
@ -42,6 +54,14 @@
|
||||
/* Define to 1 if you have the `daemon' function. */
|
||||
#undef HAVE_DAEMON
|
||||
|
||||
/* Define to 1 if you have the declaration of `arc4random', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_ARC4RANDOM
|
||||
|
||||
/* Define to 1 if you have the declaration of `arc4random_uniform', and to 0
|
||||
if you don't. */
|
||||
#undef HAVE_DECL_ARC4RANDOM_UNIFORM
|
||||
|
||||
/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_NID_SECP384R1
|
||||
@ -58,9 +78,20 @@
|
||||
`SSL_COMP_get_compression_methods', and to 0 if you don't. */
|
||||
#undef HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
|
||||
|
||||
/* Define to 1 if you have the declaration of `strlcat', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_STRLCAT
|
||||
|
||||
/* Define to 1 if you have the declaration of `strlcpy', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_STRLCPY
|
||||
|
||||
/* Define to 1 if you have the <dlfcn.h> header file. */
|
||||
#undef HAVE_DLFCN_H
|
||||
|
||||
/* Define to 1 if you have the <endian.h> header file. */
|
||||
#undef HAVE_ENDIAN_H
|
||||
|
||||
/* Define to 1 if you have the `endprotoent' function. */
|
||||
#undef HAVE_ENDPROTOENT
|
||||
|
||||
@ -115,6 +146,9 @@
|
||||
/* Whether getaddrinfo is available */
|
||||
#undef HAVE_GETADDRINFO
|
||||
|
||||
/* Define to 1 if you have the `getentropy' function. */
|
||||
#undef HAVE_GETENTROPY
|
||||
|
||||
/* Define to 1 if you have the <getopt.h> header file. */
|
||||
#undef HAVE_GETOPT_H
|
||||
|
||||
@ -163,6 +197,9 @@
|
||||
/* Define to 1 if you have the `kill' function. */
|
||||
#undef HAVE_KILL
|
||||
|
||||
/* Define if we have LibreSSL */
|
||||
#undef HAVE_LIBRESSL
|
||||
|
||||
/* Define to 1 if you have the `localtime_r' function. */
|
||||
#undef HAVE_LOCALTIME_R
|
||||
|
||||
@ -256,6 +293,9 @@
|
||||
/* Define to 1 if you have the `setusercontext' function. */
|
||||
#undef HAVE_SETUSERCONTEXT
|
||||
|
||||
/* Define to 1 if you have the `SHA512_Update' function. */
|
||||
#undef HAVE_SHA512_UPDATE
|
||||
|
||||
/* Define to 1 if you have the `sigprocmask' function. */
|
||||
#undef HAVE_SIGPROCMASK
|
||||
|
||||
@ -322,12 +362,18 @@
|
||||
/* Define to 1 if you have the <sys/resource.h> header file. */
|
||||
#undef HAVE_SYS_RESOURCE_H
|
||||
|
||||
/* Define to 1 if you have the <sys/sha2.h> header file. */
|
||||
#undef HAVE_SYS_SHA2_H
|
||||
|
||||
/* Define to 1 if you have the <sys/socket.h> header file. */
|
||||
#undef HAVE_SYS_SOCKET_H
|
||||
|
||||
/* Define to 1 if you have the <sys/stat.h> header file. */
|
||||
#undef HAVE_SYS_STAT_H
|
||||
|
||||
/* Define to 1 if you have the <sys/sysctl.h> header file. */
|
||||
#undef HAVE_SYS_SYSCTL_H
|
||||
|
||||
/* Define to 1 if you have the <sys/types.h> header file. */
|
||||
#undef HAVE_SYS_TYPES_H
|
||||
|
||||
@ -382,8 +428,7 @@
|
||||
/* if lex has yylex_destroy */
|
||||
#undef LEX_HAS_YYLEX_DESTROY
|
||||
|
||||
/* Define to the sub-directory in which libtool stores uninstalled libraries.
|
||||
*/
|
||||
/* Define to the sub-directory where libtool stores uninstalled libraries. */
|
||||
#undef LT_OBJDIR
|
||||
|
||||
/* Define to the maximum message length to pass to syslog. */
|
||||
@ -493,6 +538,9 @@
|
||||
/* define this to enable debug checks. */
|
||||
#undef UNBOUND_DEBUG
|
||||
|
||||
/* Define to 1 to enable dnstap support */
|
||||
#undef USE_DNSTAP
|
||||
|
||||
/* Define this to enable ECDSA support. */
|
||||
#undef USE_ECDSA
|
||||
|
||||
@ -879,6 +927,50 @@ struct tm;
|
||||
char *strptime(const char *s, const char *format, struct tm *tm);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBRESSL
|
||||
# if !HAVE_DECL_STRLCPY
|
||||
size_t strlcpy(char *dst, const char *src, size_t siz);
|
||||
# endif
|
||||
# if !HAVE_DECL_STRLCAT
|
||||
size_t strlcat(char *dst, const char *src, size_t siz);
|
||||
# endif
|
||||
# if !HAVE_DECL_ARC4RANDOM && defined(HAVE_ARC4RANDOM)
|
||||
uint32_t arc4random(void);
|
||||
# endif
|
||||
# if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM)
|
||||
uint32_t arc4random_uniform(uint32_t upper_bound);
|
||||
# endif
|
||||
#endif /* HAVE_LIBRESSL */
|
||||
#ifndef HAVE_ARC4RANDOM
|
||||
void explicit_bzero(void* buf, size_t len);
|
||||
int getentropy(void* buf, size_t len);
|
||||
uint32_t arc4random(void);
|
||||
void arc4random_buf(void* buf, size_t n);
|
||||
void _ARC4_LOCK(void);
|
||||
void _ARC4_UNLOCK(void);
|
||||
#endif
|
||||
#ifndef HAVE_ARC4RANDOM_UNIFORM
|
||||
uint32_t arc4random_uniform(uint32_t upper_bound);
|
||||
#endif
|
||||
#ifdef COMPAT_SHA512
|
||||
#ifndef SHA512_DIGEST_LENGTH
|
||||
#define SHA512_BLOCK_LENGTH 128
|
||||
#define SHA512_DIGEST_LENGTH 64
|
||||
#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1)
|
||||
typedef struct _SHA512_CTX {
|
||||
uint64_t state[8];
|
||||
uint64_t bitcount[2];
|
||||
uint8_t buffer[SHA512_BLOCK_LENGTH];
|
||||
} SHA512_CTX;
|
||||
#endif /* SHA512_DIGEST_LENGTH */
|
||||
void SHA512_Init(SHA512_CTX*);
|
||||
void SHA512_Update(SHA512_CTX*, void*, size_t);
|
||||
void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
|
||||
unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest);
|
||||
#endif /* COMPAT_SHA512 */
|
||||
|
||||
|
||||
|
||||
#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && (defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS))
|
||||
/* using version of libevent that is not threadsafe. */
|
||||
# define LIBEVENT_SIGNAL_PROBLEM 1
|
||||
|
99
contrib/unbound/config.sub
vendored
99
contrib/unbound/config.sub
vendored
@ -1,24 +1,18 @@
|
||||
#! /bin/sh
|
||||
# Configuration validation subroutine script.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
|
||||
# 2011, 2012 Free Software Foundation, Inc.
|
||||
# Copyright 1992-2013 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2012-04-18'
|
||||
timestamp='2013-08-10'
|
||||
|
||||
# This file is (in principle) common to ALL GNU software.
|
||||
# The presence of a machine in this file suggests that SOME GNU software
|
||||
# can handle that machine. It does not imply ALL GNU software can.
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
@ -26,11 +20,12 @@ timestamp='2012-04-18'
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
# configuration script generated by Autoconf, you may include it under
|
||||
# the same distribution terms that you use for the rest of that program.
|
||||
# the same distribution terms that you use for the rest of that
|
||||
# program. This Exception is an additional permission under section 7
|
||||
# of the GNU General Public License, version 3 ("GPLv3").
|
||||
|
||||
|
||||
# Please send patches to <config-patches@gnu.org>. Submit a context
|
||||
# diff and a properly formatted GNU ChangeLog entry.
|
||||
# Please send patches with a ChangeLog entry to config-patches@gnu.org.
|
||||
#
|
||||
# Configuration subroutine to validate and canonicalize a configuration type.
|
||||
# Supply the specified configuration type as an argument.
|
||||
@ -73,9 +68,7 @@ Report bugs and patches to <config-patches@gnu.org>."
|
||||
version="\
|
||||
GNU config.sub ($timestamp)
|
||||
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
|
||||
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
|
||||
Free Software Foundation, Inc.
|
||||
Copyright 1992-2013 Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
@ -123,7 +116,7 @@ esac
|
||||
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
|
||||
case $maybe_os in
|
||||
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
|
||||
linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
|
||||
linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
|
||||
knetbsd*-gnu* | netbsd*-gnu* | \
|
||||
kopensolaris*-gnu* | \
|
||||
storm-chaos* | os2-emx* | rtmk-nova*)
|
||||
@ -156,7 +149,7 @@ case $os in
|
||||
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
|
||||
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
|
||||
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
|
||||
-apple | -axis | -knuth | -cray | -microblaze)
|
||||
-apple | -axis | -knuth | -cray | -microblaze*)
|
||||
os=
|
||||
basic_machine=$1
|
||||
;;
|
||||
@ -259,10 +252,12 @@ case $basic_machine in
|
||||
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
|
||||
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
|
||||
| am33_2.0 \
|
||||
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
|
||||
| be32 | be64 \
|
||||
| arc | arceb \
|
||||
| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
|
||||
| avr | avr32 \
|
||||
| be32 | be64 \
|
||||
| bfin \
|
||||
| c4x | clipper \
|
||||
| c4x | c8051 | clipper \
|
||||
| d10v | d30v | dlx | dsp16xx \
|
||||
| epiphany \
|
||||
| fido | fr30 | frv \
|
||||
@ -273,7 +268,7 @@ case $basic_machine in
|
||||
| le32 | le64 \
|
||||
| lm32 \
|
||||
| m32c | m32r | m32rle | m68000 | m68k | m88k \
|
||||
| maxq | mb | microblaze | mcore | mep | metag \
|
||||
| maxq | mb | microblaze | microblazeel | mcore | mep | metag \
|
||||
| mips | mipsbe | mipseb | mipsel | mipsle \
|
||||
| mips16 \
|
||||
| mips64 | mips64el \
|
||||
@ -291,16 +286,17 @@ case $basic_machine in
|
||||
| mipsisa64r2 | mipsisa64r2el \
|
||||
| mipsisa64sb1 | mipsisa64sb1el \
|
||||
| mipsisa64sr71k | mipsisa64sr71kel \
|
||||
| mipsr5900 | mipsr5900el \
|
||||
| mipstx39 | mipstx39el \
|
||||
| mn10200 | mn10300 \
|
||||
| moxie \
|
||||
| mt \
|
||||
| msp430 \
|
||||
| nds32 | nds32le | nds32be \
|
||||
| nios | nios2 \
|
||||
| nios | nios2 | nios2eb | nios2el \
|
||||
| ns16k | ns32k \
|
||||
| open8 \
|
||||
| or32 \
|
||||
| or1k | or32 \
|
||||
| pdp10 | pdp11 | pj | pjl \
|
||||
| powerpc | powerpc64 | powerpc64le | powerpcle \
|
||||
| pyramid \
|
||||
@ -370,13 +366,13 @@ case $basic_machine in
|
||||
| aarch64-* | aarch64_be-* \
|
||||
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
|
||||
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
|
||||
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
|
||||
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
|
||||
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
|
||||
| avr-* | avr32-* \
|
||||
| be32-* | be64-* \
|
||||
| bfin-* | bs2000-* \
|
||||
| c[123]* | c30-* | [cjt]90-* | c4x-* \
|
||||
| clipper-* | craynv-* | cydra-* \
|
||||
| c8051-* | clipper-* | craynv-* | cydra-* \
|
||||
| d10v-* | d30v-* | dlx-* \
|
||||
| elxsi-* \
|
||||
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
|
||||
@ -389,7 +385,8 @@ case $basic_machine in
|
||||
| lm32-* \
|
||||
| m32c-* | m32r-* | m32rle-* \
|
||||
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
|
||||
| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
|
||||
| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
|
||||
| microblaze-* | microblazeel-* \
|
||||
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
|
||||
| mips16-* \
|
||||
| mips64-* | mips64el-* \
|
||||
@ -407,12 +404,13 @@ case $basic_machine in
|
||||
| mipsisa64r2-* | mipsisa64r2el-* \
|
||||
| mipsisa64sb1-* | mipsisa64sb1el-* \
|
||||
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
|
||||
| mipsr5900-* | mipsr5900el-* \
|
||||
| mipstx39-* | mipstx39el-* \
|
||||
| mmix-* \
|
||||
| mt-* \
|
||||
| msp430-* \
|
||||
| nds32-* | nds32le-* | nds32be-* \
|
||||
| nios-* | nios2-* \
|
||||
| nios-* | nios2-* | nios2eb-* | nios2el-* \
|
||||
| none-* | np1-* | ns16k-* | ns32k-* \
|
||||
| open8-* \
|
||||
| orion-* \
|
||||
@ -788,11 +786,15 @@ case $basic_machine in
|
||||
basic_machine=ns32k-utek
|
||||
os=-sysv
|
||||
;;
|
||||
microblaze)
|
||||
microblaze*)
|
||||
basic_machine=microblaze-xilinx
|
||||
;;
|
||||
mingw64)
|
||||
basic_machine=x86_64-pc
|
||||
os=-mingw64
|
||||
;;
|
||||
mingw32)
|
||||
basic_machine=i386-pc
|
||||
basic_machine=i686-pc
|
||||
os=-mingw32
|
||||
;;
|
||||
mingw32ce)
|
||||
@ -828,7 +830,7 @@ case $basic_machine in
|
||||
basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
|
||||
;;
|
||||
msys)
|
||||
basic_machine=i386-pc
|
||||
basic_machine=i686-pc
|
||||
os=-msys
|
||||
;;
|
||||
mvs)
|
||||
@ -1004,7 +1006,7 @@ case $basic_machine in
|
||||
;;
|
||||
ppc64) basic_machine=powerpc64-unknown
|
||||
;;
|
||||
ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
ppc64-* | ppc64p7-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
ppc64le | powerpc64little | ppc64-le | powerpc64-little)
|
||||
basic_machine=powerpc64le-unknown
|
||||
@ -1019,7 +1021,11 @@ case $basic_machine in
|
||||
basic_machine=i586-unknown
|
||||
os=-pw32
|
||||
;;
|
||||
rdos)
|
||||
rdos | rdos64)
|
||||
basic_machine=x86_64-pc
|
||||
os=-rdos
|
||||
;;
|
||||
rdos32)
|
||||
basic_machine=i386-pc
|
||||
os=-rdos
|
||||
;;
|
||||
@ -1346,21 +1352,21 @@ case $os in
|
||||
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
|
||||
| -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
|
||||
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
|
||||
| -sym* | -kopensolaris* \
|
||||
| -sym* | -kopensolaris* | -plan9* \
|
||||
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
|
||||
| -aos* | -aros* \
|
||||
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
|
||||
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
|
||||
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
|
||||
| -openbsd* | -solidbsd* \
|
||||
| -bitrig* | -openbsd* | -solidbsd* \
|
||||
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
|
||||
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
|
||||
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
|
||||
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
|
||||
| -chorusos* | -chorusrdb* | -cegcc* \
|
||||
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
||||
| -mingw32* | -linux-gnu* | -linux-android* \
|
||||
| -linux-newlib* | -linux-uclibc* \
|
||||
| -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
|
||||
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
|
||||
| -uxpv* | -beos* | -mpeix* | -udk* \
|
||||
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
|
||||
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
|
||||
@ -1492,9 +1498,6 @@ case $os in
|
||||
-aros*)
|
||||
os=-aros
|
||||
;;
|
||||
-kaos*)
|
||||
os=-kaos
|
||||
;;
|
||||
-zvmoe)
|
||||
os=-zvmoe
|
||||
;;
|
||||
@ -1543,6 +1546,9 @@ case $basic_machine in
|
||||
c4x-* | tic4x-*)
|
||||
os=-coff
|
||||
;;
|
||||
c8051-*)
|
||||
os=-elf
|
||||
;;
|
||||
hexagon-*)
|
||||
os=-elf
|
||||
;;
|
||||
@ -1586,6 +1592,9 @@ case $basic_machine in
|
||||
mips*-*)
|
||||
os=-elf
|
||||
;;
|
||||
or1k-*)
|
||||
os=-elf
|
||||
;;
|
||||
or32-*)
|
||||
os=-coff
|
||||
;;
|
||||
|
2225
contrib/unbound/configure
vendored
2225
contrib/unbound/configure
vendored
File diff suppressed because it is too large
Load Diff
@ -5,19 +5,20 @@ sinclude(acx_nlnetlabs.m4)
|
||||
sinclude(ax_pthread.m4)
|
||||
sinclude(acx_python.m4)
|
||||
sinclude(ac_pkg_swig.m4)
|
||||
sinclude(dnstap/dnstap.m4)
|
||||
|
||||
# must be numbers. ac_defun because of later processing
|
||||
m4_define([VERSION_MAJOR],[1])
|
||||
m4_define([VERSION_MINOR],[4])
|
||||
m4_define([VERSION_MICRO],[22])
|
||||
m4_define([VERSION_MINOR],[5])
|
||||
m4_define([VERSION_MICRO],[1])
|
||||
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
|
||||
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
||||
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
||||
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
||||
|
||||
LIBUNBOUND_CURRENT=4
|
||||
LIBUNBOUND_REVISION=1
|
||||
LIBUNBOUND_AGE=2
|
||||
LIBUNBOUND_CURRENT=5
|
||||
LIBUNBOUND_REVISION=3
|
||||
LIBUNBOUND_AGE=3
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
# 1.0.2 had 0:14:0
|
||||
@ -54,6 +55,9 @@ LIBUNBOUND_AGE=2
|
||||
# 1.4.19 had 3:4:1
|
||||
# 1.4.20 had 4:0:2 # adds libunbound.ttl # but shipped 3:5:1
|
||||
# 1.4.21 had 4:1:2
|
||||
# 1.4.22 had 4:1:2
|
||||
# 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr
|
||||
# 1.5.1 had 5:4:3
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
@ -262,7 +266,7 @@ AC_CHECK_TOOL(STRIP, strip)
|
||||
ACX_LIBTOOL_C_ONLY
|
||||
|
||||
# Checks for header files.
|
||||
AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h],,, [AC_INCLUDES_DEFAULT])
|
||||
AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h],,, [AC_INCLUDES_DEFAULT])
|
||||
|
||||
# check for types.
|
||||
# Using own tests for int64* because autoconf builtin only give 32bit.
|
||||
@ -314,7 +318,7 @@ AC_DEFUN([AC_CHECK_STRPTIME_WORKS],
|
||||
AC_MSG_CHECKING(whether strptime works)
|
||||
if test c${cross_compiling} = cno; then
|
||||
AC_RUN_IFELSE([AC_LANG_SOURCE([[
|
||||
#define _XOPEN_SOURCE
|
||||
#define _XOPEN_SOURCE 600
|
||||
#include <time.h>
|
||||
int main(void) { struct tm tm; char *res;
|
||||
res = strptime("2010-07-15T00:00:00+00:00", "%t%Y%t-%t%m%t-%t%d%tT%t%H%t:%t%M%t:%t%S%t", &tm);
|
||||
@ -462,7 +466,7 @@ if test x_$ub_test_python != x_no; then
|
||||
ac_save_LIBS="$LIBS" dnl otherwise AC_PYTHON_DEVEL thrashes $LIBS
|
||||
AC_PYTHON_DEVEL
|
||||
if test ! -z "$PYTHON_VERSION"; then
|
||||
if test `$PYTHON -c "print '$PYTHON_VERSION' >= '2.4.0'"` = "False"; then
|
||||
if test `$PYTHON -c "print('$PYTHON_VERSION' >= '2.4.0')"` = "False"; then
|
||||
AC_ERROR([Python version >= 2.4.0 is required])
|
||||
fi
|
||||
|
||||
@ -554,6 +558,16 @@ AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path],
|
||||
if test $USE_NSS = "no"; then
|
||||
ACX_WITH_SSL
|
||||
ACX_LIB_SSL
|
||||
AC_MSG_CHECKING([for LibreSSL])
|
||||
if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
|
||||
AC_MSG_RESULT([yes])
|
||||
AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL])
|
||||
# libressl provides these compat functions, but they may also be
|
||||
# declared by the OS in libc. See if they have been declared.
|
||||
AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform])
|
||||
else
|
||||
AC_MSG_RESULT([no])
|
||||
fi
|
||||
AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
|
||||
AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
|
||||
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode])
|
||||
@ -719,10 +733,15 @@ case "$enable_ecdsa" in
|
||||
])
|
||||
# see if OPENSSL 1.0.0 or later (has EVP MD and Verify independency)
|
||||
AC_MSG_CHECKING([if openssl supports SHA2 and ECDSA with EVP])
|
||||
if grep OPENSSL_VERSION_NUMBER $ssldir/include/openssl/opensslv.h | grep 0x0 >/dev/null; then
|
||||
AC_MSG_RESULT([no])
|
||||
AC_DEFINE_UNQUOTED([USE_ECDSA_EVP_WORKAROUND], [1], [Define this to enable an EVP workaround for older openssl])
|
||||
if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "OpenSSL" >/dev/null; then
|
||||
if grep OPENSSL_VERSION_NUMBER $ssldir/include/openssl/opensslv.h | grep 0x0 >/dev/null; then
|
||||
AC_MSG_RESULT([no])
|
||||
AC_DEFINE_UNQUOTED([USE_ECDSA_EVP_WORKAROUND], [1], [Define this to enable an EVP workaround for older openssl])
|
||||
else
|
||||
AC_MSG_RESULT([yes])
|
||||
fi
|
||||
else
|
||||
# not OpenSSL, thus likely LibreSSL, which supports it
|
||||
AC_MSG_RESULT([yes])
|
||||
fi
|
||||
fi
|
||||
@ -966,6 +985,48 @@ AC_REPLACE_FUNCS(strlcat)
|
||||
AC_REPLACE_FUNCS(strlcpy)
|
||||
AC_REPLACE_FUNCS(memmove)
|
||||
AC_REPLACE_FUNCS(gmtime_r)
|
||||
LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS"
|
||||
AC_SUBST(LIBOBJ_WITHOUT_CTIMEARC4)
|
||||
if test "$USE_NSS" = "no"; then
|
||||
AC_REPLACE_FUNCS(arc4random)
|
||||
AC_REPLACE_FUNCS(arc4random_uniform)
|
||||
if test "$ac_cv_func_arc4random" = "no"; then
|
||||
AC_LIBOBJ(explicit_bzero)
|
||||
AC_LIBOBJ(arc4_lock)
|
||||
AC_CHECK_FUNCS([getentropy],,[
|
||||
if test "$USE_WINSOCK" = 1; then
|
||||
AC_LIBOBJ(getentropy_win)
|
||||
else
|
||||
case `uname` in
|
||||
Darwin)
|
||||
AC_LIBOBJ(getentropy_osx)
|
||||
;;
|
||||
SunOS)
|
||||
AC_LIBOBJ(getentropy_solaris)
|
||||
AC_CHECK_HEADERS([sys/sha2.h],, [
|
||||
AC_CHECK_FUNCS([SHA512_Update],,[
|
||||
AC_LIBOBJ(sha512)
|
||||
])
|
||||
], [AC_INCLUDES_DEFAULT])
|
||||
if test "$ac_cv_header_sys_sha2_h" = "yes"; then
|
||||
# this lib needed for sha2 on solaris
|
||||
LIBS="$LIBS -lmd"
|
||||
fi
|
||||
;;
|
||||
Linux|*)
|
||||
AC_LIBOBJ(getentropy_linux)
|
||||
AC_CHECK_FUNCS([SHA512_Update],,[
|
||||
AC_DEFINE([COMPAT_SHA512], [1], [Do sha512 definitions in config.h])
|
||||
AC_LIBOBJ(sha512)
|
||||
])
|
||||
AC_CHECK_HEADERS([sys/sysctl.h],,, [AC_INCLUDES_DEFAULT])
|
||||
AC_SEARCH_LIBS([clock_gettime], [rt])
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
])
|
||||
fi
|
||||
fi
|
||||
LIBOBJ_WITHOUT_CTIME="$LIBOBJS"
|
||||
AC_SUBST(LIBOBJ_WITHOUT_CTIME)
|
||||
AC_REPLACE_FUNCS(ctime_r)
|
||||
@ -1002,6 +1063,25 @@ if test x_$enable_lock_checks = x_yes; then
|
||||
echo checklock_thrjoin >> clubsyms.def
|
||||
fi
|
||||
|
||||
# check for dnstap if requested
|
||||
dt_DNSTAP([$UNBOUND_RUN_DIR/dnstap.sock],
|
||||
[
|
||||
AC_DEFINE([USE_DNSTAP], [1], [Define to 1 to enable dnstap support])
|
||||
AC_SUBST([ENABLE_DNSTAP], [1])
|
||||
|
||||
AC_SUBST([opt_dnstap_socket_path])
|
||||
ACX_ESCAPE_BACKSLASH($opt_dnstap_socket_path, hdr_dnstap_socket_path)
|
||||
AC_DEFINE_UNQUOTED(DNSTAP_SOCKET_PATH,
|
||||
["$hdr_dnstap_socket_path"], [default dnstap socket path])
|
||||
|
||||
AC_SUBST([DNSTAP_SRC], ["dnstap/dnstap.c dnstap/dnstap.pb-c.c"])
|
||||
AC_SUBST([DNSTAP_OBJ], ["dnstap.lo dnstap.pb-c.lo"])
|
||||
],
|
||||
[
|
||||
AC_SUBST([ENABLE_DNSTAP], [0])
|
||||
]
|
||||
)
|
||||
|
||||
AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope])
|
||||
# on openBSD, the implicit rule make $< work.
|
||||
# on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
|
||||
@ -1159,6 +1239,50 @@ struct tm;
|
||||
char *strptime(const char *s, const char *format, struct tm *tm);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBRESSL
|
||||
# if !HAVE_DECL_STRLCPY
|
||||
size_t strlcpy(char *dst, const char *src, size_t siz);
|
||||
# endif
|
||||
# if !HAVE_DECL_STRLCAT
|
||||
size_t strlcat(char *dst, const char *src, size_t siz);
|
||||
# endif
|
||||
# if !HAVE_DECL_ARC4RANDOM && defined(HAVE_ARC4RANDOM)
|
||||
uint32_t arc4random(void);
|
||||
# endif
|
||||
# if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM)
|
||||
uint32_t arc4random_uniform(uint32_t upper_bound);
|
||||
# endif
|
||||
#endif /* HAVE_LIBRESSL */
|
||||
#ifndef HAVE_ARC4RANDOM
|
||||
void explicit_bzero(void* buf, size_t len);
|
||||
int getentropy(void* buf, size_t len);
|
||||
uint32_t arc4random(void);
|
||||
void arc4random_buf(void* buf, size_t n);
|
||||
void _ARC4_LOCK(void);
|
||||
void _ARC4_UNLOCK(void);
|
||||
#endif
|
||||
#ifndef HAVE_ARC4RANDOM_UNIFORM
|
||||
uint32_t arc4random_uniform(uint32_t upper_bound);
|
||||
#endif
|
||||
#ifdef COMPAT_SHA512
|
||||
#ifndef SHA512_DIGEST_LENGTH
|
||||
#define SHA512_BLOCK_LENGTH 128
|
||||
#define SHA512_DIGEST_LENGTH 64
|
||||
#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1)
|
||||
typedef struct _SHA512_CTX {
|
||||
uint64_t state[8];
|
||||
uint64_t bitcount[2];
|
||||
uint8_t buffer[SHA512_BLOCK_LENGTH];
|
||||
} SHA512_CTX;
|
||||
#endif /* SHA512_DIGEST_LENGTH */
|
||||
void SHA512_Init(SHA512_CTX*);
|
||||
void SHA512_Update(SHA512_CTX*, void*, size_t);
|
||||
void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
|
||||
unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest);
|
||||
#endif /* COMPAT_SHA512 */
|
||||
|
||||
|
||||
|
||||
#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && (defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS))
|
||||
/* using version of libevent that is not threadsafe. */
|
||||
# define LIBEVENT_SIGNAL_PROBLEM 1
|
||||
@ -1209,6 +1333,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
|
||||
|
||||
])
|
||||
|
||||
AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 smallapp/unbound-control-setup.sh])
|
||||
dnl if we build from source tree, the man pages need @date@ and @version@
|
||||
dnl if this is a distro tarball, that was already done by makedist.sh
|
||||
AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO])
|
||||
AC_SUBST(date, [`date +'%b %e, %Y'`])
|
||||
|
||||
AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h])
|
||||
AC_CONFIG_HEADER([config.h])
|
||||
AC_OUTPUT
|
||||
|
@ -664,7 +664,7 @@ load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
if(!go_on)
|
||||
return 1; /* skip this one, not all references satisfied */
|
||||
|
||||
if(!dns_cache_store(&worker->env, &qinf, &rep, 0, 0, 0, NULL)) {
|
||||
if(!dns_cache_store(&worker->env, &qinf, &rep, 0, 0, 0, NULL, flags)) {
|
||||
log_warn("error out of memory");
|
||||
return 0;
|
||||
}
|
||||
|
@ -109,8 +109,9 @@ int ub_c_lex_destroy(void);
|
||||
static RETSIGTYPE record_sigh(int sig)
|
||||
{
|
||||
#ifdef LIBEVENT_SIGNAL_PROBLEM
|
||||
verbose(VERB_OPS, "quit on signal, no cleanup and statistics, "
|
||||
"because installed libevent version is not threadsafe");
|
||||
/* cannot log, verbose here because locks may be held */
|
||||
/* quit on signal, no cleanup and statistics,
|
||||
because installed libevent version is not threadsafe */
|
||||
exit(0);
|
||||
#endif
|
||||
switch(sig)
|
||||
@ -135,7 +136,8 @@ static RETSIGTYPE record_sigh(int sig)
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
log_err("ignoring signal %d", sig);
|
||||
/* ignoring signal */
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -256,8 +258,8 @@ daemon_open_shared_ports(struct daemon* daemon)
|
||||
log_assert(daemon);
|
||||
if(daemon->cfg->port != daemon->listening_port) {
|
||||
size_t i;
|
||||
int reuseport = 0;
|
||||
struct listen_port* p0;
|
||||
daemon->reuseport = 0;
|
||||
/* free and close old ports */
|
||||
if(daemon->ports != NULL) {
|
||||
for(i=0; i<daemon->num_ports; i++)
|
||||
@ -266,17 +268,17 @@ daemon_open_shared_ports(struct daemon* daemon)
|
||||
daemon->ports = NULL;
|
||||
}
|
||||
/* see if we want to reuseport */
|
||||
#if defined(__linux__) && defined(SO_REUSEPORT)
|
||||
#ifdef SO_REUSEPORT
|
||||
if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0)
|
||||
reuseport = 1;
|
||||
daemon->reuseport = 1;
|
||||
#endif
|
||||
/* try to use reuseport */
|
||||
p0 = listening_ports_open(daemon->cfg, &reuseport);
|
||||
p0 = listening_ports_open(daemon->cfg, &daemon->reuseport);
|
||||
if(!p0) {
|
||||
listening_ports_free(p0);
|
||||
return 0;
|
||||
}
|
||||
if(reuseport) {
|
||||
if(daemon->reuseport) {
|
||||
/* reuseport was successful, allocate for it */
|
||||
daemon->num_ports = (size_t)daemon->cfg->num_threads;
|
||||
} else {
|
||||
@ -290,12 +292,13 @@ daemon_open_shared_ports(struct daemon* daemon)
|
||||
return 0;
|
||||
}
|
||||
daemon->ports[0] = p0;
|
||||
if(reuseport) {
|
||||
if(daemon->reuseport) {
|
||||
/* continue to use reuseport */
|
||||
for(i=1; i<daemon->num_ports; i++) {
|
||||
if(!(daemon->ports[i]=
|
||||
listening_ports_open(daemon->cfg,
|
||||
&reuseport)) || !reuseport ) {
|
||||
&daemon->reuseport))
|
||||
|| !daemon->reuseport ) {
|
||||
for(i=0; i<daemon->num_ports; i++)
|
||||
listening_ports_free(daemon->ports[i]);
|
||||
free(daemon->ports);
|
||||
@ -398,6 +401,17 @@ daemon_create_workers(struct daemon* daemon)
|
||||
daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1);
|
||||
daemon->workers = (struct worker**)calloc((size_t)daemon->num,
|
||||
sizeof(struct worker*));
|
||||
if(daemon->cfg->dnstap) {
|
||||
#ifdef USE_DNSTAP
|
||||
daemon->dtenv = dt_create(daemon->cfg->dnstap_socket_path,
|
||||
(unsigned int)daemon->num);
|
||||
if (!daemon->dtenv)
|
||||
fatal_exit("dt_create failed");
|
||||
dt_apply_cfg(daemon->dtenv, daemon->cfg);
|
||||
#else
|
||||
fatal_exit("dnstap enabled in config but not built with dnstap support");
|
||||
#endif
|
||||
}
|
||||
for(i=0; i<daemon->num; i++) {
|
||||
if(!(daemon->workers[i] = worker_create(daemon, i,
|
||||
shufport+numport*i/daemon->num,
|
||||
@ -448,7 +462,7 @@ thread_start(void* arg)
|
||||
tube_close_write(worker->cmd);
|
||||
close_other_pipes(worker->daemon, worker->thread_num);
|
||||
#endif
|
||||
#if defined(__linux__) && defined(SO_REUSEPORT)
|
||||
#ifdef SO_REUSEPORT
|
||||
if(worker->daemon->cfg->so_reuseport)
|
||||
port_num = worker->thread_num;
|
||||
else
|
||||
@ -582,6 +596,9 @@ daemon_cleanup(struct daemon* daemon)
|
||||
free(daemon->workers);
|
||||
daemon->workers = NULL;
|
||||
daemon->num = 0;
|
||||
#ifdef USE_DNSTAP
|
||||
dt_delete(daemon->dtenv);
|
||||
#endif
|
||||
daemon->cfg = NULL;
|
||||
}
|
||||
|
||||
|
@ -59,6 +59,11 @@ struct local_zones;
|
||||
struct ub_randstate;
|
||||
struct daemon_remote;
|
||||
|
||||
#include "dnstap/dnstap_config.h"
|
||||
#ifdef USE_DNSTAP
|
||||
struct dt_env;
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Structure holding worker list.
|
||||
* Holds globally visible information.
|
||||
@ -77,6 +82,8 @@ struct daemon {
|
||||
struct listen_port** ports;
|
||||
/** size of ports array */
|
||||
size_t num_ports;
|
||||
/** reuseport is enabled if true */
|
||||
int reuseport;
|
||||
/** port number for remote that has ports opened. */
|
||||
int rc_port;
|
||||
/** listening ports for remote control */
|
||||
@ -107,6 +114,10 @@ struct daemon {
|
||||
struct timeval time_last_stat;
|
||||
/** time when daemon started */
|
||||
struct timeval time_boot;
|
||||
#ifdef USE_DNSTAP
|
||||
/** the dnstap environment master value, copied and changed by threads*/
|
||||
struct dt_env* dtenv;
|
||||
#endif
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -38,8 +38,8 @@
|
||||
*
|
||||
* This file contains the remote control functionality for the daemon.
|
||||
* The remote control can be performed using either the commandline
|
||||
* unbound-control tool, or a SSLv3/TLS capable web browser.
|
||||
* The channel is secured using SSLv3 or TLSv1, and certificates.
|
||||
* unbound-control tool, or a TLS capable web browser.
|
||||
* The channel is secured using TLSv1, and certificates.
|
||||
* Both the server and the client(control tool) have their own keys.
|
||||
*/
|
||||
#include "config.h"
|
||||
@ -154,12 +154,17 @@ daemon_remote_create(struct config_file* cfg)
|
||||
free(rc);
|
||||
return NULL;
|
||||
}
|
||||
/* no SSLv2 because has defects */
|
||||
/* no SSLv2, SSLv3 because has defects */
|
||||
if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
|
||||
log_crypto_err("could not set SSL_OP_NO_SSLv2");
|
||||
daemon_remote_delete(rc);
|
||||
return NULL;
|
||||
}
|
||||
if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){
|
||||
log_crypto_err("could not set SSL_OP_NO_SSLv3");
|
||||
daemon_remote_delete(rc);
|
||||
return NULL;
|
||||
}
|
||||
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
|
||||
s_key = fname_after_chroot(cfg->server_key_file, cfg, 1);
|
||||
if(!s_cert || !s_key) {
|
||||
@ -558,7 +563,7 @@ static char*
|
||||
skipwhite(char* str)
|
||||
{
|
||||
/* EOS \0 is not a space */
|
||||
while( isspace(*str) )
|
||||
while( isspace((unsigned char)*str) )
|
||||
str++;
|
||||
return str;
|
||||
}
|
||||
@ -605,32 +610,32 @@ static int
|
||||
print_stats(SSL* ssl, const char* nm, struct stats_info* s)
|
||||
{
|
||||
struct timeval avg;
|
||||
if(!ssl_printf(ssl, "%s.num.queries"SQ"%u\n", nm,
|
||||
(unsigned)s->svr.num_queries)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%u\n", nm,
|
||||
(unsigned)(s->svr.num_queries
|
||||
if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm,
|
||||
(unsigned long)s->svr.num_queries)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%lu\n", nm,
|
||||
(unsigned long)(s->svr.num_queries
|
||||
- s->svr.num_queries_missed_cache))) return 0;
|
||||
if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%u\n", nm,
|
||||
(unsigned)s->svr.num_queries_missed_cache)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%u\n", nm,
|
||||
(unsigned)s->svr.num_queries_prefetch)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%u\n", nm,
|
||||
(unsigned)s->mesh_replies_sent)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%lu\n", nm,
|
||||
(unsigned long)s->svr.num_queries_missed_cache)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%lu\n", nm,
|
||||
(unsigned long)s->svr.num_queries_prefetch)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm,
|
||||
(unsigned long)s->mesh_replies_sent)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm,
|
||||
(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
|
||||
(double)s->svr.sum_query_list_size/
|
||||
(s->svr.num_queries_missed_cache+
|
||||
s->svr.num_queries_prefetch) : 0.0)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%u\n", nm,
|
||||
(unsigned)s->svr.max_query_list_size)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.requestlist.overwritten"SQ"%u\n", nm,
|
||||
(unsigned)s->mesh_jostled)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.requestlist.exceeded"SQ"%u\n", nm,
|
||||
(unsigned)s->mesh_dropped)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.requestlist.current.all"SQ"%u\n", nm,
|
||||
(unsigned)s->mesh_num_states)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%u\n", nm,
|
||||
(unsigned)s->mesh_num_reply_states)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%lu\n", nm,
|
||||
(unsigned long)s->svr.max_query_list_size)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.requestlist.overwritten"SQ"%lu\n", nm,
|
||||
(unsigned long)s->mesh_jostled)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.requestlist.exceeded"SQ"%lu\n", nm,
|
||||
(unsigned long)s->mesh_dropped)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.requestlist.current.all"SQ"%lu\n", nm,
|
||||
(unsigned long)s->mesh_num_states)) return 0;
|
||||
if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%lu\n", nm,
|
||||
(unsigned long)s->mesh_num_reply_states)) return 0;
|
||||
timeval_divide(&avg, &s->mesh_replies_sum_wait, s->mesh_replies_sent);
|
||||
if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ ARG_LL "d.%6.6d\n", nm,
|
||||
(long long)avg.tv_sec, (int)avg.tv_usec)) return 0;
|
||||
@ -660,7 +665,7 @@ print_longnum(SSL* ssl, const char* desc, size_t x)
|
||||
return ssl_printf(ssl, "%s%u%6.6u\n", desc,
|
||||
(unsigned)front, (unsigned)back);
|
||||
} else {
|
||||
return ssl_printf(ssl, "%s%u\n", desc, (unsigned)x);
|
||||
return ssl_printf(ssl, "%s%lu\n", desc, (unsigned long)x);
|
||||
}
|
||||
}
|
||||
|
||||
@ -739,12 +744,12 @@ print_hist(SSL* ssl, struct stats_info* s)
|
||||
timehist_import(hist, s->svr.hist, NUM_BUCKETS_HIST);
|
||||
for(i=0; i<hist->num; i++) {
|
||||
if(!ssl_printf(ssl,
|
||||
"histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%u\n",
|
||||
"histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%lu\n",
|
||||
(int)hist->buckets[i].lower.tv_sec,
|
||||
(int)hist->buckets[i].lower.tv_usec,
|
||||
(int)hist->buckets[i].upper.tv_sec,
|
||||
(int)hist->buckets[i].upper.tv_usec,
|
||||
(unsigned)hist->buckets[i].count)) {
|
||||
(unsigned long)hist->buckets[i].count)) {
|
||||
timehist_delete(hist);
|
||||
return 0;
|
||||
}
|
||||
@ -781,12 +786,12 @@ print_ext(SSL* ssl, struct stats_info* s)
|
||||
} else {
|
||||
snprintf(nm, sizeof(nm), "TYPE%d", i);
|
||||
}
|
||||
if(!ssl_printf(ssl, "num.query.type.%s"SQ"%u\n",
|
||||
nm, (unsigned)s->svr.qtype[i])) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.type.%s"SQ"%lu\n",
|
||||
nm, (unsigned long)s->svr.qtype[i])) return 0;
|
||||
}
|
||||
if(!inhibit_zero || s->svr.qtype_big) {
|
||||
if(!ssl_printf(ssl, "num.query.type.other"SQ"%u\n",
|
||||
(unsigned)s->svr.qtype_big)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.type.other"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qtype_big)) return 0;
|
||||
}
|
||||
/* CLASS */
|
||||
for(i=0; i<STATS_QCLASS_NUM; i++) {
|
||||
@ -798,12 +803,12 @@ print_ext(SSL* ssl, struct stats_info* s)
|
||||
} else {
|
||||
snprintf(nm, sizeof(nm), "CLASS%d", i);
|
||||
}
|
||||
if(!ssl_printf(ssl, "num.query.class.%s"SQ"%u\n",
|
||||
nm, (unsigned)s->svr.qclass[i])) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.class.%s"SQ"%lu\n",
|
||||
nm, (unsigned long)s->svr.qclass[i])) return 0;
|
||||
}
|
||||
if(!inhibit_zero || s->svr.qclass_big) {
|
||||
if(!ssl_printf(ssl, "num.query.class.other"SQ"%u\n",
|
||||
(unsigned)s->svr.qclass_big)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.class.other"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qclass_big)) return 0;
|
||||
}
|
||||
/* OPCODE */
|
||||
for(i=0; i<STATS_OPCODE_NUM; i++) {
|
||||
@ -815,39 +820,42 @@ print_ext(SSL* ssl, struct stats_info* s)
|
||||
} else {
|
||||
snprintf(nm, sizeof(nm), "OPCODE%d", i);
|
||||
}
|
||||
if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%u\n",
|
||||
nm, (unsigned)s->svr.qopcode[i])) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%lu\n",
|
||||
nm, (unsigned long)s->svr.qopcode[i])) return 0;
|
||||
}
|
||||
/* transport */
|
||||
if(!ssl_printf(ssl, "num.query.tcp"SQ"%u\n",
|
||||
(unsigned)s->svr.qtcp)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.ipv6"SQ"%u\n",
|
||||
(unsigned)s->svr.qipv6)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.tcp"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qtcp)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qtcp_outgoing)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.ipv6"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qipv6)) return 0;
|
||||
/* flags */
|
||||
if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%u\n",
|
||||
(unsigned)s->svr.qbit_QR)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%u\n",
|
||||
(unsigned)s->svr.qbit_AA)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%u\n",
|
||||
(unsigned)s->svr.qbit_TC)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%u\n",
|
||||
(unsigned)s->svr.qbit_RD)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%u\n",
|
||||
(unsigned)s->svr.qbit_RA)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%u\n",
|
||||
(unsigned)s->svr.qbit_Z)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%u\n",
|
||||
(unsigned)s->svr.qbit_AD)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%u\n",
|
||||
(unsigned)s->svr.qbit_CD)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.edns.present"SQ"%u\n",
|
||||
(unsigned)s->svr.qEDNS)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%u\n",
|
||||
(unsigned)s->svr.qEDNS_DO)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qbit_QR)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qbit_AA)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qbit_TC)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qbit_RD)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qbit_RA)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qbit_Z)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qbit_AD)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qbit_CD)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.edns.present"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qEDNS)) return 0;
|
||||
if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%lu\n",
|
||||
(unsigned long)s->svr.qEDNS_DO)) return 0;
|
||||
|
||||
/* RCODE */
|
||||
for(i=0; i<STATS_RCODE_NUM; i++) {
|
||||
if(inhibit_zero && s->svr.ans_rcode[i] == 0)
|
||||
/* Always include RCODEs 0-5 */
|
||||
if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0)
|
||||
continue;
|
||||
lt = sldns_lookup_by_id(sldns_rcodes, i);
|
||||
if(lt && lt->name) {
|
||||
@ -855,25 +863,34 @@ print_ext(SSL* ssl, struct stats_info* s)
|
||||
} else {
|
||||
snprintf(nm, sizeof(nm), "RCODE%d", i);
|
||||
}
|
||||
if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%u\n",
|
||||
nm, (unsigned)s->svr.ans_rcode[i])) return 0;
|
||||
if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%lu\n",
|
||||
nm, (unsigned long)s->svr.ans_rcode[i])) return 0;
|
||||
}
|
||||
if(!inhibit_zero || s->svr.ans_rcode_nodata) {
|
||||
if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%u\n",
|
||||
(unsigned)s->svr.ans_rcode_nodata)) return 0;
|
||||
if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%lu\n",
|
||||
(unsigned long)s->svr.ans_rcode_nodata)) return 0;
|
||||
}
|
||||
/* validation */
|
||||
if(!ssl_printf(ssl, "num.answer.secure"SQ"%u\n",
|
||||
(unsigned)s->svr.ans_secure)) return 0;
|
||||
if(!ssl_printf(ssl, "num.answer.bogus"SQ"%u\n",
|
||||
(unsigned)s->svr.ans_bogus)) return 0;
|
||||
if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%u\n",
|
||||
(unsigned)s->svr.rrset_bogus)) return 0;
|
||||
if(!ssl_printf(ssl, "num.answer.secure"SQ"%lu\n",
|
||||
(unsigned long)s->svr.ans_secure)) return 0;
|
||||
if(!ssl_printf(ssl, "num.answer.bogus"SQ"%lu\n",
|
||||
(unsigned long)s->svr.ans_bogus)) return 0;
|
||||
if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n",
|
||||
(unsigned long)s->svr.rrset_bogus)) return 0;
|
||||
/* threat detection */
|
||||
if(!ssl_printf(ssl, "unwanted.queries"SQ"%u\n",
|
||||
(unsigned)s->svr.unwanted_queries)) return 0;
|
||||
if(!ssl_printf(ssl, "unwanted.replies"SQ"%u\n",
|
||||
(unsigned)s->svr.unwanted_replies)) return 0;
|
||||
if(!ssl_printf(ssl, "unwanted.queries"SQ"%lu\n",
|
||||
(unsigned long)s->svr.unwanted_queries)) return 0;
|
||||
if(!ssl_printf(ssl, "unwanted.replies"SQ"%lu\n",
|
||||
(unsigned long)s->svr.unwanted_replies)) return 0;
|
||||
/* cache counts */
|
||||
if(!ssl_printf(ssl, "msg.cache.count"SQ"%u\n",
|
||||
(unsigned)s->svr.msg_cache_count)) return 0;
|
||||
if(!ssl_printf(ssl, "rrset.cache.count"SQ"%u\n",
|
||||
(unsigned)s->svr.rrset_cache_count)) return 0;
|
||||
if(!ssl_printf(ssl, "infra.cache.count"SQ"%u\n",
|
||||
(unsigned)s->svr.infra_cache_count)) return 0;
|
||||
if(!ssl_printf(ssl, "key.cache.count"SQ"%u\n",
|
||||
(unsigned)s->svr.key_cache_count)) return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -1078,8 +1095,13 @@ do_cache_remove(struct worker* worker, uint8_t* nm, size_t nmlen,
|
||||
k.qname_len = nmlen;
|
||||
k.qtype = t;
|
||||
k.qclass = c;
|
||||
h = query_info_hash(&k);
|
||||
h = query_info_hash(&k, 0);
|
||||
slabhash_remove(worker->env.msg_cache, h, &k);
|
||||
if(t == LDNS_RR_TYPE_AAAA) {
|
||||
/* for AAAA also flush dns64 bit_cd packet */
|
||||
h = query_info_hash(&k, BIT_CD);
|
||||
slabhash_remove(worker->env.msg_cache, h, &k);
|
||||
}
|
||||
}
|
||||
|
||||
/** flush a type */
|
||||
@ -1286,9 +1308,9 @@ do_flush_zone(SSL* ssl, struct worker* worker, char* arg)
|
||||
|
||||
free(nm);
|
||||
|
||||
(void)ssl_printf(ssl, "ok removed %u rrsets, %u messages "
|
||||
"and %u key entries\n", (unsigned)inf.num_rrsets,
|
||||
(unsigned)inf.num_msgs, (unsigned)inf.num_keys);
|
||||
(void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
|
||||
"and %lu key entries\n", (unsigned long)inf.num_rrsets,
|
||||
(unsigned long)inf.num_msgs, (unsigned long)inf.num_keys);
|
||||
}
|
||||
|
||||
/** callback to delete bogus rrsets */
|
||||
@ -1330,7 +1352,7 @@ bogus_del_kcache(struct lruhash_entry* e, void* arg)
|
||||
}
|
||||
}
|
||||
|
||||
/** remove all rrsets and keys from zone from cache */
|
||||
/** remove all bogus rrsets, msgs and keys from cache */
|
||||
static void
|
||||
do_flush_bogus(SSL* ssl, struct worker* worker)
|
||||
{
|
||||
@ -1354,9 +1376,85 @@ do_flush_bogus(SSL* ssl, struct worker* worker)
|
||||
&bogus_del_kcache, &inf);
|
||||
}
|
||||
|
||||
(void)ssl_printf(ssl, "ok removed %u rrsets, %u messages "
|
||||
"and %u key entries\n", (unsigned)inf.num_rrsets,
|
||||
(unsigned)inf.num_msgs, (unsigned)inf.num_keys);
|
||||
(void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
|
||||
"and %lu key entries\n", (unsigned long)inf.num_rrsets,
|
||||
(unsigned long)inf.num_msgs, (unsigned long)inf.num_keys);
|
||||
}
|
||||
|
||||
/** callback to delete negative and servfail rrsets */
|
||||
static void
|
||||
negative_del_rrset(struct lruhash_entry* e, void* arg)
|
||||
{
|
||||
/* entry is locked */
|
||||
struct del_info* inf = (struct del_info*)arg;
|
||||
struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)e->key;
|
||||
struct packed_rrset_data* d = (struct packed_rrset_data*)e->data;
|
||||
/* delete the parentside negative cache rrsets,
|
||||
* these are namerserver rrsets that failed lookup, rdata empty */
|
||||
if((k->rk.flags & PACKED_RRSET_PARENT_SIDE) && d->count == 1 &&
|
||||
d->rrsig_count == 0 && d->rr_len[0] == 0) {
|
||||
d->ttl = inf->expired;
|
||||
inf->num_rrsets++;
|
||||
}
|
||||
}
|
||||
|
||||
/** callback to delete negative and servfail messages */
|
||||
static void
|
||||
negative_del_msg(struct lruhash_entry* e, void* arg)
|
||||
{
|
||||
/* entry is locked */
|
||||
struct del_info* inf = (struct del_info*)arg;
|
||||
struct reply_info* d = (struct reply_info*)e->data;
|
||||
/* rcode not NOERROR: NXDOMAIN, SERVFAIL, ..: an nxdomain or error
|
||||
* or NOERROR rcode with ANCOUNT==0: a NODATA answer */
|
||||
if(FLAGS_GET_RCODE(d->flags) != 0 || d->an_numrrsets == 0) {
|
||||
d->ttl = inf->expired;
|
||||
inf->num_msgs++;
|
||||
}
|
||||
}
|
||||
|
||||
/** callback to delete negative key entries */
|
||||
static void
|
||||
negative_del_kcache(struct lruhash_entry* e, void* arg)
|
||||
{
|
||||
/* entry is locked */
|
||||
struct del_info* inf = (struct del_info*)arg;
|
||||
struct key_entry_data* d = (struct key_entry_data*)e->data;
|
||||
/* could be bad because of lookup failure on the DS, DNSKEY, which
|
||||
* was nxdomain or servfail, and thus a result of negative lookups */
|
||||
if(d->isbad) {
|
||||
d->ttl = inf->expired;
|
||||
inf->num_keys++;
|
||||
}
|
||||
}
|
||||
|
||||
/** remove all negative(NODATA,NXDOMAIN), and servfail messages from cache */
|
||||
static void
|
||||
do_flush_negative(SSL* ssl, struct worker* worker)
|
||||
{
|
||||
struct del_info inf;
|
||||
/* what we do is to set them all expired */
|
||||
inf.worker = worker;
|
||||
inf.now = *worker->env.now;
|
||||
inf.expired = *worker->env.now;
|
||||
inf.expired -= 3; /* handle 3 seconds skew between threads */
|
||||
inf.num_rrsets = 0;
|
||||
inf.num_msgs = 0;
|
||||
inf.num_keys = 0;
|
||||
slabhash_traverse(&worker->env.rrset_cache->table, 1,
|
||||
&negative_del_rrset, &inf);
|
||||
|
||||
slabhash_traverse(worker->env.msg_cache, 1, &negative_del_msg, &inf);
|
||||
|
||||
/* and validator cache */
|
||||
if(worker->env.key_cache) {
|
||||
slabhash_traverse(worker->env.key_cache->slab, 1,
|
||||
&negative_del_kcache, &inf);
|
||||
}
|
||||
|
||||
(void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
|
||||
"and %lu key entries\n", (unsigned long)inf.num_rrsets,
|
||||
(unsigned long)inf.num_msgs, (unsigned long)inf.num_keys);
|
||||
}
|
||||
|
||||
/** remove name rrset from cache */
|
||||
@ -1395,7 +1493,7 @@ ssl_print_name_dp(SSL* ssl, const char* str, uint8_t* nm, uint16_t dclass,
|
||||
if(str) { /* print header for forward, stub */
|
||||
char* c = sldns_wire2str_class(dclass);
|
||||
dname_str(nm, buf);
|
||||
if(!ssl_printf(ssl, "%s %s %s: ", buf, (c?c:"CLASS??"), str)) {
|
||||
if(!ssl_printf(ssl, "%s %s %s ", buf, (c?c:"CLASS??"), str)) {
|
||||
free(c);
|
||||
return 0;
|
||||
}
|
||||
@ -1730,6 +1828,10 @@ do_status(SSL* ssl, struct worker* worker)
|
||||
uptime = (time_t)time(NULL) - (time_t)worker->daemon->time_boot.tv_sec;
|
||||
if(!ssl_printf(ssl, "uptime: " ARG_LL "d seconds\n", (long long)uptime))
|
||||
return;
|
||||
if(!ssl_printf(ssl, "options:%s%s\n" ,
|
||||
(worker->daemon->reuseport?" reuseport":""),
|
||||
(worker->daemon->rc->accept_list?" control(ssl)":"")))
|
||||
return;
|
||||
if(!ssl_printf(ssl, "unbound (pid %d) is running...\n",
|
||||
(int)getpid()))
|
||||
return;
|
||||
@ -1852,6 +1954,9 @@ struct infra_arg {
|
||||
SSL* ssl;
|
||||
/** the time now */
|
||||
time_t now;
|
||||
/** ssl failure? stop writing and skip the rest. If the tcp
|
||||
* connection is broken, and writes fail, we then stop writing. */
|
||||
int ssl_failed;
|
||||
};
|
||||
|
||||
/** callback for every host element in the infra cache */
|
||||
@ -1863,27 +1968,34 @@ dump_infra_host(struct lruhash_entry* e, void* arg)
|
||||
struct infra_data* d = (struct infra_data*)e->data;
|
||||
char ip_str[1024];
|
||||
char name[257];
|
||||
if(a->ssl_failed)
|
||||
return;
|
||||
addr_to_str(&k->addr, k->addrlen, ip_str, sizeof(ip_str));
|
||||
dname_str(k->zonename, name);
|
||||
/* skip expired stuff (only backed off) */
|
||||
if(d->ttl < a->now) {
|
||||
if(d->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
|
||||
if(!ssl_printf(a->ssl, "%s %s expired rto %d\n", ip_str,
|
||||
name, d->rtt.rto)) return;
|
||||
name, d->rtt.rto)) {
|
||||
a->ssl_failed = 1;
|
||||
return;
|
||||
}
|
||||
}
|
||||
return;
|
||||
}
|
||||
if(!ssl_printf(a->ssl, "%s %s ttl %d ping %d var %d rtt %d rto %d "
|
||||
if(!ssl_printf(a->ssl, "%s %s ttl %lu ping %d var %d rtt %d rto %d "
|
||||
"tA %d tAAAA %d tother %d "
|
||||
"ednsknown %d edns %d delay %d lame dnssec %d rec %d A %d "
|
||||
"other %d\n", ip_str, name, (int)(d->ttl - a->now),
|
||||
"other %d\n", ip_str, name, (unsigned long)(d->ttl - a->now),
|
||||
d->rtt.srtt, d->rtt.rttvar, rtt_notimeout(&d->rtt), d->rtt.rto,
|
||||
d->timeout_A, d->timeout_AAAA, d->timeout_other,
|
||||
(int)d->edns_lame_known, (int)d->edns_version,
|
||||
(int)(a->now<d->probedelay?d->probedelay-a->now:0),
|
||||
(int)d->isdnsseclame, (int)d->rec_lame, (int)d->lame_type_A,
|
||||
(int)d->lame_other))
|
||||
(int)d->lame_other)) {
|
||||
a->ssl_failed = 1;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/** do the dump_infra command */
|
||||
@ -1894,6 +2006,7 @@ do_dump_infra(SSL* ssl, struct worker* worker)
|
||||
arg.infra = worker->env.infra_cache;
|
||||
arg.ssl = ssl;
|
||||
arg.now = *worker->env.now;
|
||||
arg.ssl_failed = 0;
|
||||
slabhash_traverse(arg.infra->hosts, 0, &dump_infra_host, (void*)&arg);
|
||||
}
|
||||
|
||||
@ -1946,10 +2059,23 @@ do_list_forwards(SSL* ssl, struct worker* worker)
|
||||
/* since its a per-worker structure no locks needed */
|
||||
struct iter_forwards* fwds = worker->env.fwds;
|
||||
struct iter_forward_zone* z;
|
||||
struct trust_anchor* a;
|
||||
int insecure;
|
||||
RBTREE_FOR(z, struct iter_forward_zone*, fwds->tree) {
|
||||
if(!z->dp) continue; /* skip empty marker for stub */
|
||||
if(!ssl_print_name_dp(ssl, "forward", z->name, z->dclass,
|
||||
z->dp))
|
||||
|
||||
/* see if it is insecure */
|
||||
insecure = 0;
|
||||
if(worker->env.anchors &&
|
||||
(a=anchor_find(worker->env.anchors, z->name,
|
||||
z->namelabs, z->namelen, z->dclass))) {
|
||||
if(!a->keylist && !a->numDS && !a->numDNSKEY)
|
||||
insecure = 1;
|
||||
lock_basic_unlock(&a->lock);
|
||||
}
|
||||
|
||||
if(!ssl_print_name_dp(ssl, (insecure?"forward +i":"forward"),
|
||||
z->name, z->dclass, z->dp))
|
||||
return;
|
||||
}
|
||||
}
|
||||
@ -1959,9 +2085,24 @@ static void
|
||||
do_list_stubs(SSL* ssl, struct worker* worker)
|
||||
{
|
||||
struct iter_hints_stub* z;
|
||||
struct trust_anchor* a;
|
||||
int insecure;
|
||||
char str[32];
|
||||
RBTREE_FOR(z, struct iter_hints_stub*, &worker->env.hints->tree) {
|
||||
if(!ssl_print_name_dp(ssl,
|
||||
z->noprime?"stub noprime":"stub prime", z->node.name,
|
||||
|
||||
/* see if it is insecure */
|
||||
insecure = 0;
|
||||
if(worker->env.anchors &&
|
||||
(a=anchor_find(worker->env.anchors, z->node.name,
|
||||
z->node.labs, z->node.len, z->node.dclass))) {
|
||||
if(!a->keylist && !a->numDS && !a->numDNSKEY)
|
||||
insecure = 1;
|
||||
lock_basic_unlock(&a->lock);
|
||||
}
|
||||
|
||||
snprintf(str, sizeof(str), "stub %sprime%s",
|
||||
(z->noprime?"no":""), (insecure?" +i":""));
|
||||
if(!ssl_print_name_dp(ssl, str, z->node.name,
|
||||
z->node.dclass, z->dp))
|
||||
return;
|
||||
}
|
||||
@ -1978,8 +2119,13 @@ do_list_local_zones(SSL* ssl, struct worker* worker)
|
||||
RBTREE_FOR(z, struct local_zone*, &zones->ztree) {
|
||||
lock_rw_rdlock(&z->lock);
|
||||
dname_str(z->name, buf);
|
||||
(void)ssl_printf(ssl, "%s %s\n", buf,
|
||||
local_zone_type2str(z->type));
|
||||
if(!ssl_printf(ssl, "%s %s\n", buf,
|
||||
local_zone_type2str(z->type))) {
|
||||
/* failure to print */
|
||||
lock_rw_unlock(&z->lock);
|
||||
lock_rw_unlock(&zones->lock);
|
||||
return;
|
||||
}
|
||||
lock_rw_unlock(&z->lock);
|
||||
}
|
||||
lock_rw_unlock(&zones->lock);
|
||||
@ -2173,6 +2319,8 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
|
||||
do_get_option(ssl, worker, skipwhite(p+10));
|
||||
} else if(cmdcmp(p, "flush_bogus", 11)) {
|
||||
do_flush_bogus(ssl, worker);
|
||||
} else if(cmdcmp(p, "flush_negative", 14)) {
|
||||
do_flush_negative(ssl, worker);
|
||||
} else {
|
||||
(void)ssl_printf(ssl, "error unknown command '%s'\n", p);
|
||||
}
|
||||
|
@ -56,6 +56,9 @@
|
||||
#include "util/net_help.h"
|
||||
#include "validator/validator.h"
|
||||
#include "ldns/sbuffer.h"
|
||||
#include "services/cache/rrset.h"
|
||||
#include "services/cache/infra.h"
|
||||
#include "validator/val_kcache.h"
|
||||
|
||||
/** add timers and the values do not overflow or become negative */
|
||||
static void
|
||||
@ -158,10 +161,19 @@ server_stats_compile(struct worker* worker, struct stats_info* s, int reset)
|
||||
NUM_BUCKETS_HIST);
|
||||
/* values from outside network */
|
||||
s->svr.unwanted_replies = worker->back->unwanted_replies;
|
||||
s->svr.qtcp_outgoing = worker->back->num_tcp_outgoing;
|
||||
|
||||
/* get and reset validator rrset bogus number */
|
||||
s->svr.rrset_bogus = get_rrset_bogus(worker);
|
||||
|
||||
/* get cache sizes */
|
||||
s->svr.msg_cache_count = count_slabhash_entries(worker->env.msg_cache);
|
||||
s->svr.rrset_cache_count = count_slabhash_entries(&worker->env.rrset_cache->table);
|
||||
s->svr.infra_cache_count = count_slabhash_entries(worker->env.infra_cache->hosts);
|
||||
if(worker->env.key_cache)
|
||||
s->svr.key_cache_count = count_slabhash_entries(worker->env.key_cache->slab);
|
||||
else s->svr.key_cache_count = 0;
|
||||
|
||||
if(reset && !worker->env.cfg->stat_cumulative) {
|
||||
worker_stats_clear(worker);
|
||||
}
|
||||
@ -217,6 +229,7 @@ void server_stats_add(struct stats_info* total, struct stats_info* a)
|
||||
total->svr.qtype_big += a->svr.qtype_big;
|
||||
total->svr.qclass_big += a->svr.qclass_big;
|
||||
total->svr.qtcp += a->svr.qtcp;
|
||||
total->svr.qtcp_outgoing += a->svr.qtcp_outgoing;
|
||||
total->svr.qipv6 += a->svr.qipv6;
|
||||
total->svr.qbit_QR += a->svr.qbit_QR;
|
||||
total->svr.qbit_AA += a->svr.qbit_AA;
|
||||
|
@ -91,6 +91,8 @@ struct server_stats {
|
||||
size_t qopcode[STATS_OPCODE_NUM];
|
||||
/** number of queries over TCP */
|
||||
size_t qtcp;
|
||||
/** number of outgoing queries over TCP */
|
||||
size_t qtcp_outgoing;
|
||||
/** number of queries over IPv6 */
|
||||
size_t qipv6;
|
||||
/** number of queries with QR bit */
|
||||
@ -133,6 +135,15 @@ struct server_stats {
|
||||
* if all histograms are same size (is so by default) then
|
||||
* adding up works well. */
|
||||
size_t hist[NUM_BUCKETS_HIST];
|
||||
|
||||
/** number of message cache entries */
|
||||
size_t msg_cache_count;
|
||||
/** number of rrset cache entries */
|
||||
size_t rrset_cache_count;
|
||||
/** number of infra cache entries */
|
||||
size_t infra_cache_count;
|
||||
/** number of key cache entries */
|
||||
size_t key_cache_count;
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -84,7 +84,13 @@
|
||||
# include "util/mini_event.h"
|
||||
# endif
|
||||
#else
|
||||
# include <event.h>
|
||||
# ifdef HAVE_EVENT_H
|
||||
# include <event.h>
|
||||
# else
|
||||
# include "event2/event.h"
|
||||
# include "event2/event_struct.h"
|
||||
# include "event2/event_compat.h"
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifdef UB_ON_WINDOWS
|
||||
@ -263,8 +269,6 @@ checkrlimits(struct config_file* cfg)
|
||||
#ifdef HAVE_SETRLIMIT
|
||||
if(setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
|
||||
log_warn("setrlimit: %s", strerror(errno));
|
||||
#else
|
||||
if(1) {
|
||||
#endif
|
||||
log_warn("cannot increase max open fds from %u to %u",
|
||||
(unsigned)avail, (unsigned)total+10);
|
||||
@ -280,8 +284,10 @@ checkrlimits(struct config_file* cfg)
|
||||
log_warn("increase ulimit or decrease threads, "
|
||||
"ports in config to remove this warning");
|
||||
return;
|
||||
#ifdef HAVE_SETRLIMIT
|
||||
}
|
||||
log_warn("increased limit(open files) from %u to %u",
|
||||
#endif
|
||||
verbose(VERB_ALGO, "increased limit(open files) from %u to %u",
|
||||
(unsigned)avail, (unsigned)total+10);
|
||||
}
|
||||
#else
|
||||
@ -293,10 +299,14 @@ checkrlimits(struct config_file* cfg)
|
||||
/** set verbosity, check rlimits, cache settings */
|
||||
static void
|
||||
apply_settings(struct daemon* daemon, struct config_file* cfg,
|
||||
int cmdline_verbose)
|
||||
int cmdline_verbose, int debug_mode)
|
||||
{
|
||||
/* apply if they have changed */
|
||||
verbosity = cmdline_verbose + cfg->verbosity;
|
||||
if (debug_mode > 1) {
|
||||
cfg->use_syslog = 0;
|
||||
cfg->logfile = NULL;
|
||||
}
|
||||
daemon_apply_cfg(daemon, cfg);
|
||||
checkrlimits(cfg);
|
||||
}
|
||||
@ -655,7 +665,7 @@ run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode)
|
||||
cfgfile);
|
||||
log_warn("Continuing with default config settings");
|
||||
}
|
||||
apply_settings(daemon, cfg, cmdline_verbose);
|
||||
apply_settings(daemon, cfg, cmdline_verbose, debug_mode);
|
||||
|
||||
/* prepare */
|
||||
if(!daemon_open_shared_ports(daemon))
|
||||
@ -735,7 +745,7 @@ main(int argc, char* argv[])
|
||||
verbosity++;
|
||||
break;
|
||||
case 'd':
|
||||
debug_mode = 1;
|
||||
debug_mode++;
|
||||
break;
|
||||
case 'w':
|
||||
winopt = optarg;
|
||||
|
@ -777,16 +777,24 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
struct query_info qinfo;
|
||||
struct edns_data edns;
|
||||
enum acl_access acl;
|
||||
int rc = 0;
|
||||
|
||||
if(error != NETEVENT_NOERROR) {
|
||||
/* some bad tcp query DNS formats give these error calls */
|
||||
verbose(VERB_ALGO, "handle request called with err=%d", error);
|
||||
return 0;
|
||||
}
|
||||
#ifdef USE_DNSTAP
|
||||
if(worker->dtenv.log_client_query_messages)
|
||||
dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, c->type,
|
||||
c->buffer);
|
||||
#endif
|
||||
acl = acl_list_lookup(worker->daemon->acl, &repinfo->addr,
|
||||
repinfo->addrlen);
|
||||
if((ret=deny_refuse_all(c, acl, worker, repinfo)) != -1)
|
||||
{
|
||||
if(ret == 1)
|
||||
goto send_reply;
|
||||
return ret;
|
||||
}
|
||||
if((ret=worker_check_request(c->buffer, worker)) != 0) {
|
||||
@ -810,7 +818,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
LDNS_RCODE_SET(sldns_buffer_begin(c->buffer),
|
||||
LDNS_RCODE_FORMERR);
|
||||
server_stats_insrcode(&worker->stats, c->buffer);
|
||||
return 1;
|
||||
goto send_reply;
|
||||
}
|
||||
if(worker->env.cfg->log_queries) {
|
||||
char ip[128];
|
||||
@ -829,7 +837,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
worker->stats.qtype[qinfo.qtype]++;
|
||||
server_stats_insrcode(&worker->stats, c->buffer);
|
||||
}
|
||||
return 1;
|
||||
goto send_reply;
|
||||
}
|
||||
if((ret=parse_edns_from_pkt(c->buffer, &edns)) != 0) {
|
||||
verbose(VERB_ALGO, "worker parse edns: formerror.");
|
||||
@ -838,7 +846,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
LDNS_QR_SET(sldns_buffer_begin(c->buffer));
|
||||
LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), ret);
|
||||
server_stats_insrcode(&worker->stats, c->buffer);
|
||||
return 1;
|
||||
goto send_reply;
|
||||
}
|
||||
if(edns.edns_present && edns.edns_version != 0) {
|
||||
edns.ext_rcode = (uint8_t)(EDNS_RCODE_BADVERS>>4);
|
||||
@ -848,10 +856,10 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
verbose(VERB_ALGO, "query with bad edns version.");
|
||||
log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
|
||||
error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo,
|
||||
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
|
||||
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
|
||||
sldns_buffer_read_u16_at(c->buffer, 2), NULL);
|
||||
attach_edns_record(c->buffer, &edns);
|
||||
return 1;
|
||||
goto send_reply;
|
||||
}
|
||||
if(edns.edns_present && edns.udp_size < NORMAL_UDP_SIZE &&
|
||||
worker->daemon->cfg->harden_short_bufsize) {
|
||||
@ -879,7 +887,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
sldns_buffer_write_at(c->buffer, 4,
|
||||
(uint8_t*)"\0\0\0\0\0\0\0\0", 8);
|
||||
sldns_buffer_flip(c->buffer);
|
||||
return 1;
|
||||
goto send_reply;
|
||||
}
|
||||
if(worker->stats.extended)
|
||||
server_stats_insquery(&worker->stats, c, qinfo.qtype,
|
||||
@ -889,7 +897,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
if(qinfo.qclass == LDNS_RR_CLASS_CH && answer_chaos(worker, &qinfo,
|
||||
&edns, c->buffer)) {
|
||||
server_stats_insrcode(&worker->stats, c->buffer);
|
||||
return 1;
|
||||
goto send_reply;
|
||||
}
|
||||
if(local_zones_answer(worker->daemon->local_zones, &qinfo, &edns,
|
||||
c->buffer, worker->scratchpad)) {
|
||||
@ -899,13 +907,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
return 0;
|
||||
}
|
||||
server_stats_insrcode(&worker->stats, c->buffer);
|
||||
return 1;
|
||||
goto send_reply;
|
||||
}
|
||||
|
||||
/* We've looked in our local zones. If the answer isn't there, we
|
||||
* might need to bail out based on ACLs now. */
|
||||
if((ret=deny_refuse_non_local(c, acl, worker, repinfo)) != -1)
|
||||
{
|
||||
if(ret == 1)
|
||||
goto send_reply;
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -923,9 +933,9 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
server_stats_insrcode(&worker->stats, c->buffer);
|
||||
log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",
|
||||
&repinfo->addr, repinfo->addrlen);
|
||||
return 1;
|
||||
goto send_reply;
|
||||
}
|
||||
h = query_info_hash(&qinfo);
|
||||
h = query_info_hash(&qinfo, sldns_buffer_read_u16_at(c->buffer, 2));
|
||||
if((e=slabhash_lookup(worker->env.msg_cache, h, &qinfo, 0))) {
|
||||
/* answer from cache - we have acquired a readlock on it */
|
||||
if(answer_from_cache(worker, &qinfo,
|
||||
@ -942,10 +952,11 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
reply_and_prefetch(worker, &qinfo,
|
||||
sldns_buffer_read_u16_at(c->buffer, 2),
|
||||
repinfo, leeway);
|
||||
return 0;
|
||||
rc = 0;
|
||||
goto send_reply_rc;
|
||||
}
|
||||
lock_rw_unlock(&e->lock);
|
||||
return 1;
|
||||
goto send_reply;
|
||||
}
|
||||
verbose(VERB_ALGO, "answer from the cache failed");
|
||||
lock_rw_unlock(&e->lock);
|
||||
@ -955,7 +966,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
|
||||
sldns_buffer_read_u16_at(c->buffer, 2), repinfo,
|
||||
&edns)) {
|
||||
return 1;
|
||||
goto send_reply;
|
||||
}
|
||||
verbose(VERB_ALGO, "answer norec from cache -- "
|
||||
"need to validate or not primed");
|
||||
@ -974,45 +985,49 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
||||
/* grab a work request structure for this new request */
|
||||
mesh_new_client(worker->env.mesh, &qinfo,
|
||||
sldns_buffer_read_u16_at(c->buffer, 2),
|
||||
&edns, repinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer));
|
||||
&edns, repinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer));
|
||||
worker_mem_report(worker, NULL);
|
||||
return 0;
|
||||
|
||||
send_reply:
|
||||
rc = 1;
|
||||
send_reply_rc:
|
||||
#ifdef USE_DNSTAP
|
||||
if(worker->dtenv.log_client_response_messages)
|
||||
dt_msg_send_client_response(&worker->dtenv, &repinfo->addr,
|
||||
c->type, c->buffer);
|
||||
#endif
|
||||
return rc;
|
||||
}
|
||||
|
||||
void
|
||||
worker_sighandler(int sig, void* arg)
|
||||
{
|
||||
/* note that log, print, syscalls here give race conditions. */
|
||||
/* we still print DETAIL logs, because this is extensive per message
|
||||
* logging anyway, and the operator may then have an interest
|
||||
* in the cause for unbound to exit */
|
||||
/* note that log, print, syscalls here give race conditions.
|
||||
* And cause hangups if the log-lock is held by the application. */
|
||||
struct worker* worker = (struct worker*)arg;
|
||||
switch(sig) {
|
||||
#ifdef SIGHUP
|
||||
case SIGHUP:
|
||||
verbose(VERB_QUERY, "caught signal SIGHUP");
|
||||
comm_base_exit(worker->base);
|
||||
break;
|
||||
#endif
|
||||
case SIGINT:
|
||||
verbose(VERB_QUERY, "caught signal SIGINT");
|
||||
worker->need_to_exit = 1;
|
||||
comm_base_exit(worker->base);
|
||||
break;
|
||||
#ifdef SIGQUIT
|
||||
case SIGQUIT:
|
||||
verbose(VERB_QUERY, "caught signal SIGQUIT");
|
||||
worker->need_to_exit = 1;
|
||||
comm_base_exit(worker->base);
|
||||
break;
|
||||
#endif
|
||||
case SIGTERM:
|
||||
verbose(VERB_QUERY, "caught signal SIGTERM");
|
||||
worker->need_to_exit = 1;
|
||||
comm_base_exit(worker->base);
|
||||
break;
|
||||
default:
|
||||
log_err("unknown signal: %d, ignored", sig);
|
||||
/* unknown signal, ignored */
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -1090,6 +1105,14 @@ worker_create(struct daemon* daemon, int id, int* ports, int n)
|
||||
return NULL;
|
||||
}
|
||||
seed = 0;
|
||||
#ifdef USE_DNSTAP
|
||||
if(daemon->cfg->dnstap) {
|
||||
log_assert(daemon->dtenv != NULL);
|
||||
memcpy(&worker->dtenv, daemon->dtenv, sizeof(struct dt_env));
|
||||
if(!dt_init(&worker->dtenv))
|
||||
fatal_exit("dt_init failed");
|
||||
}
|
||||
#endif
|
||||
return worker;
|
||||
}
|
||||
|
||||
@ -1097,6 +1120,11 @@ int
|
||||
worker_init(struct worker* worker, struct config_file *cfg,
|
||||
struct listen_port* ports, int do_sigs)
|
||||
{
|
||||
#ifdef USE_DNSTAP
|
||||
struct dt_env* dtenv = &worker->dtenv;
|
||||
#else
|
||||
void* dtenv = NULL;
|
||||
#endif
|
||||
worker->need_to_exit = 0;
|
||||
worker->base = comm_base_create(do_sigs);
|
||||
if(!worker->base) {
|
||||
@ -1145,7 +1173,8 @@ worker_init(struct worker* worker, struct config_file *cfg,
|
||||
}
|
||||
worker->front = listen_create(worker->base, ports,
|
||||
cfg->msg_buffer_size, (int)cfg->incoming_num_tcp,
|
||||
worker->daemon->listen_sslctx, worker_handle_request, worker);
|
||||
worker->daemon->listen_sslctx, dtenv, worker_handle_request,
|
||||
worker);
|
||||
if(!worker->front) {
|
||||
log_err("could not create listening sockets");
|
||||
worker_delete(worker);
|
||||
@ -1158,7 +1187,8 @@ worker_init(struct worker* worker, struct config_file *cfg,
|
||||
worker->daemon->env->infra_cache, worker->rndstate,
|
||||
cfg->use_caps_bits_for_id, worker->ports, worker->numports,
|
||||
cfg->unwanted_threshold, &worker_alloc_cleanup, worker,
|
||||
cfg->do_udp, worker->daemon->connect_sslctx, cfg->delay_close);
|
||||
cfg->do_udp, worker->daemon->connect_sslctx, cfg->delay_close,
|
||||
dtenv);
|
||||
if(!worker->back) {
|
||||
log_err("could not create outgoing sockets");
|
||||
worker_delete(worker);
|
||||
@ -1293,8 +1323,8 @@ worker_delete(struct worker* worker)
|
||||
struct outbound_entry*
|
||||
worker_send_query(uint8_t* qname, size_t qnamelen, uint16_t qtype,
|
||||
uint16_t qclass, uint16_t flags, int dnssec, int want_dnssec,
|
||||
struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
|
||||
size_t zonelen, struct module_qstate* q)
|
||||
int nocaps, struct sockaddr_storage* addr, socklen_t addrlen,
|
||||
uint8_t* zone, size_t zonelen, struct module_qstate* q)
|
||||
{
|
||||
struct worker* worker = q->env->worker;
|
||||
struct outbound_entry* e = (struct outbound_entry*)regional_alloc(
|
||||
@ -1303,7 +1333,7 @@ worker_send_query(uint8_t* qname, size_t qnamelen, uint16_t qtype,
|
||||
return NULL;
|
||||
e->qstate = q;
|
||||
e->qsent = outnet_serviced_query(worker->back, qname,
|
||||
qnamelen, qtype, qclass, flags, dnssec, want_dnssec,
|
||||
qnamelen, qtype, qclass, flags, dnssec, want_dnssec, nocaps,
|
||||
q->env->cfg->tcp_upstream, q->env->cfg->ssl_upstream, addr,
|
||||
addrlen, zone, zonelen, worker_handle_service_reply, e,
|
||||
worker->back->udp_buff);
|
||||
@ -1326,6 +1356,7 @@ void worker_stats_clear(struct worker* worker)
|
||||
server_stats_init(&worker->stats, worker->env.cfg);
|
||||
mesh_stats_clear(worker->env.mesh);
|
||||
worker->back->unwanted_replies = 0;
|
||||
worker->back->num_tcp_outgoing = 0;
|
||||
}
|
||||
|
||||
void worker_start_accept(void* arg)
|
||||
@ -1349,7 +1380,7 @@ struct outbound_entry* libworker_send_query(uint8_t* ATTR_UNUSED(qname),
|
||||
size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype),
|
||||
uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),
|
||||
int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
|
||||
struct sockaddr_storage* ATTR_UNUSED(addr),
|
||||
int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr),
|
||||
socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
|
||||
size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
|
||||
{
|
||||
|
@ -51,6 +51,7 @@
|
||||
#include "util/data/msgparse.h"
|
||||
#include "daemon/stats.h"
|
||||
#include "util/module.h"
|
||||
#include "dnstap/dnstap.h"
|
||||
struct listen_dnsport;
|
||||
struct outside_network;
|
||||
struct config_file;
|
||||
@ -116,6 +117,11 @@ struct worker {
|
||||
|
||||
/** module environment passed to modules, changed for this thread */
|
||||
struct module_env env;
|
||||
|
||||
#ifdef USE_DNSTAP
|
||||
/** dnstap environment, changed for this thread */
|
||||
struct dt_env dtenv;
|
||||
#endif
|
||||
};
|
||||
|
||||
/**
|
||||
|
867
contrib/unbound/dns64/dns64.c
Normal file
867
contrib/unbound/dns64/dns64.c
Normal file
@ -0,0 +1,867 @@
|
||||
/*
|
||||
* dns64/dns64.c - DNS64 module
|
||||
*
|
||||
* Copyright (c) 2009, Viagénie. All rights reserved.
|
||||
*
|
||||
* This software is open source.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* Neither the name of Viagénie nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file
|
||||
*
|
||||
* This file contains a module that performs DNS64 query processing.
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
#include "dns64/dns64.h"
|
||||
#include "services/cache/dns.h"
|
||||
#include "services/cache/rrset.h"
|
||||
#include "util/config_file.h"
|
||||
#include "util/data/msgreply.h"
|
||||
#include "util/fptr_wlist.h"
|
||||
#include "util/net_help.h"
|
||||
#include "util/regional.h"
|
||||
|
||||
/******************************************************************************
|
||||
* *
|
||||
* STATIC CONSTANTS *
|
||||
* *
|
||||
******************************************************************************/
|
||||
|
||||
/**
|
||||
* This is the default DNS64 prefix that is used whent he dns64 module is listed
|
||||
* in module-config but when the dns64-prefix variable is not present.
|
||||
*/
|
||||
static const char DEFAULT_DNS64_PREFIX[] = "64:ff9b::/96";
|
||||
|
||||
/**
|
||||
* Maximum length of a domain name in a PTR query in the .in-addr.arpa tree.
|
||||
*/
|
||||
#define MAX_PTR_QNAME_IPV4 30
|
||||
|
||||
/**
|
||||
* Per-query module-specific state. This is usually a dynamically-allocated
|
||||
* structure, but in our case we only need to store one variable describing the
|
||||
* state the query is in. So we repurpose the minfo pointer by storing an
|
||||
* integer in there.
|
||||
*/
|
||||
enum dns64_qstate {
|
||||
DNS64_INTERNAL_QUERY, /**< Internally-generated query, no DNS64
|
||||
processing. */
|
||||
DNS64_NEW_QUERY, /**< Query for which we're the first module in
|
||||
line. */
|
||||
DNS64_SUBQUERY_FINISHED /**< Query for which we generated a sub-query, and
|
||||
for which this sub-query is finished. */
|
||||
};
|
||||
|
||||
|
||||
/******************************************************************************
|
||||
* *
|
||||
* STRUCTURES *
|
||||
* *
|
||||
******************************************************************************/
|
||||
|
||||
/**
|
||||
* This structure contains module configuration information. One instance of
|
||||
* this structure exists per instance of the module. Normally there is only one
|
||||
* instance of the module.
|
||||
*/
|
||||
struct dns64_env {
|
||||
/**
|
||||
* DNS64 prefix address. We're using a full sockaddr instead of just an
|
||||
* in6_addr because we can reuse Unbound's generic string parsing functions.
|
||||
* It will always contain a sockaddr_in6, and only the sin6_addr member will
|
||||
* ever be used.
|
||||
*/
|
||||
struct sockaddr_storage prefix_addr;
|
||||
|
||||
/**
|
||||
* This is always sizeof(sockaddr_in6).
|
||||
*/
|
||||
socklen_t prefix_addrlen;
|
||||
|
||||
/**
|
||||
* This is the CIDR length of the prefix. It needs to be between 0 and 96.
|
||||
*/
|
||||
int prefix_net;
|
||||
};
|
||||
|
||||
|
||||
/******************************************************************************
|
||||
* *
|
||||
* UTILITY FUNCTIONS *
|
||||
* *
|
||||
******************************************************************************/
|
||||
|
||||
/**
|
||||
* Generic macro for swapping two variables.
|
||||
*
|
||||
* \param t Type of the variables. (e.g. int)
|
||||
* \param a First variable.
|
||||
* \param b Second variable.
|
||||
*
|
||||
* \warning Do not attempt something foolish such as swap(int,a++,b++)!
|
||||
*/
|
||||
#define swap(t,a,b) do {t x = a; a = b; b = x;} while(0)
|
||||
|
||||
/**
|
||||
* Reverses a string.
|
||||
*
|
||||
* \param begin Points to the first character of the string.
|
||||
* \param end Points one past the last character of the string.
|
||||
*/
|
||||
static void
|
||||
reverse(char* begin, char* end)
|
||||
{
|
||||
while ( begin < --end ) {
|
||||
swap(char, *begin, *end);
|
||||
++begin;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert an unsigned integer to a string. The point of this function is that
|
||||
* of being faster than sprintf().
|
||||
*
|
||||
* \param n The number to be converted.
|
||||
* \param s The result will be written here. Must be large enough, be careful!
|
||||
*
|
||||
* \return The number of characters written.
|
||||
*/
|
||||
static int
|
||||
uitoa(unsigned n, char* s)
|
||||
{
|
||||
char* ss = s;
|
||||
do {
|
||||
*ss++ = '0' + n % 10;
|
||||
} while (n /= 10);
|
||||
reverse(s, ss);
|
||||
return ss - s;
|
||||
}
|
||||
|
||||
/**
|
||||
* Extract an IPv4 address embedded in the IPv6 address \a ipv6 at offset \a
|
||||
* offset (in bits). Note that bits are not necessarily aligned on bytes so we
|
||||
* need to be careful.
|
||||
*
|
||||
* \param ipv6 IPv6 address represented as a 128-bit array in big-endian
|
||||
* order.
|
||||
* \param offset Index of the MSB of the IPv4 address embedded in the IPv6
|
||||
* address.
|
||||
*/
|
||||
static uint32_t
|
||||
extract_ipv4(const uint8_t ipv6[16], const int offset)
|
||||
{
|
||||
uint32_t ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8))
|
||||
| (uint32_t)ipv6[offset/8+1] << (16 + (offset%8))
|
||||
| (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8))
|
||||
| (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8));
|
||||
if (offset/8+4 < 16)
|
||||
ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8);
|
||||
return ipv4;
|
||||
}
|
||||
|
||||
/**
|
||||
* Builds the PTR query name corresponding to an IPv4 address. For example,
|
||||
* given the number 3,464,175,361, this will build the string
|
||||
* "\03206\03123\0231\011\07in-addr\04arpa".
|
||||
*
|
||||
* \param ipv4 IPv4 address represented as an unsigned 32-bit number.
|
||||
* \param ptr The result will be written here. Must be large enough, be
|
||||
* careful!
|
||||
*
|
||||
* \return The number of characters written.
|
||||
*/
|
||||
static size_t
|
||||
ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4])
|
||||
{
|
||||
static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa";
|
||||
int i;
|
||||
char* c = ptr;
|
||||
|
||||
for (i = 0; i < 4; ++i) {
|
||||
*c = uitoa((unsigned int)(ipv4 % 256), c + 1);
|
||||
c += *c + 1;
|
||||
ipv4 /= 256;
|
||||
}
|
||||
|
||||
memmove(c, IPV4_PTR_SUFFIX, sizeof(IPV4_PTR_SUFFIX));
|
||||
|
||||
return c + sizeof(IPV4_PTR_SUFFIX) - ptr;
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts an IPv6-related domain name string from a PTR query into an IPv6
|
||||
* address represented as a 128-bit array.
|
||||
*
|
||||
* \param ptr The domain name. (e.g. "\011[...]\010\012\016\012\03ip6\04arpa")
|
||||
* \param ipv6 The result will be written here, in network byte order.
|
||||
*
|
||||
* \return 1 on success, 0 on failure.
|
||||
*/
|
||||
static int
|
||||
ptr_to_ipv6(const char* ptr, uint8_t ipv6[16])
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 64; i++) {
|
||||
int x;
|
||||
|
||||
if (ptr[i++] != 1)
|
||||
return 0;
|
||||
|
||||
if (ptr[i] >= '0' && ptr[i] <= '9') {
|
||||
x = ptr[i] - '0';
|
||||
} else if (ptr[i] >= 'a' && ptr[i] <= 'f') {
|
||||
x = ptr[i] - 'a' + 10;
|
||||
} else if (ptr[i] >= 'A' && ptr[i] <= 'F') {
|
||||
x = ptr[i] - 'A' + 10;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
|
||||
ipv6[15-i/4] |= x << (2 * ((i-1) % 4));
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Synthesize an IPv6 address based on an IPv4 address and the DNS64 prefix.
|
||||
*
|
||||
* \param prefix_addr DNS64 prefix address.
|
||||
* \param prefix_net CIDR length of the DNS64 prefix. Must be between 0 and 96.
|
||||
* \param a IPv4 address.
|
||||
* \param aaaa IPv6 address. The result will be written here.
|
||||
*/
|
||||
static void
|
||||
synthesize_aaaa(const uint8_t prefix_addr[16], int prefix_net,
|
||||
const uint8_t a[4], uint8_t aaaa[16])
|
||||
{
|
||||
memcpy(aaaa, prefix_addr, 16);
|
||||
aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8);
|
||||
aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8);
|
||||
aaaa[prefix_net/8+1] |= a[1] >> (0+prefix_net%8);
|
||||
aaaa[prefix_net/8+2] |= a[1] << (8-prefix_net%8);
|
||||
aaaa[prefix_net/8+2] |= a[2] >> (0+prefix_net%8);
|
||||
aaaa[prefix_net/8+3] |= a[2] << (8-prefix_net%8);
|
||||
aaaa[prefix_net/8+3] |= a[3] >> (0+prefix_net%8);
|
||||
if (prefix_net/8+4 < 16) /* <-- my beautiful symmetry is destroyed! */
|
||||
aaaa[prefix_net/8+4] |= a[3] << (8-prefix_net%8);
|
||||
}
|
||||
|
||||
|
||||
/******************************************************************************
|
||||
* *
|
||||
* DNS64 MODULE FUNCTIONS *
|
||||
* *
|
||||
******************************************************************************/
|
||||
|
||||
/**
|
||||
* This function applies the configuration found in the parsed configuration
|
||||
* file \a cfg to this instance of the dns64 module. Currently only the DNS64
|
||||
* prefix (a.k.a. Pref64) is configurable.
|
||||
*
|
||||
* \param dns64_env Module-specific global parameters.
|
||||
* \param cfg Parsed configuration file.
|
||||
*/
|
||||
static int
|
||||
dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg)
|
||||
{
|
||||
verbose(VERB_ALGO, "dns64-prefix: %s", cfg->dns64_prefix);
|
||||
if (!netblockstrtoaddr(cfg->dns64_prefix ? cfg->dns64_prefix :
|
||||
DEFAULT_DNS64_PREFIX, 0, &dns64_env->prefix_addr,
|
||||
&dns64_env->prefix_addrlen, &dns64_env->prefix_net)) {
|
||||
log_err("cannot parse dns64-prefix netblock: %s", cfg->dns64_prefix);
|
||||
return 0;
|
||||
}
|
||||
if (!addr_is_ip6(&dns64_env->prefix_addr, dns64_env->prefix_addrlen)) {
|
||||
log_err("dns64_prefix is not IPv6: %s", cfg->dns64_prefix);
|
||||
return 0;
|
||||
}
|
||||
if (dns64_env->prefix_net < 0 || dns64_env->prefix_net > 96) {
|
||||
log_err("dns64-prefix length it not between 0 and 96: %s",
|
||||
cfg->dns64_prefix);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Initializes this instance of the dns64 module.
|
||||
*
|
||||
* \param env Global state of all module instances.
|
||||
* \param id This instance's ID number.
|
||||
*/
|
||||
int
|
||||
dns64_init(struct module_env* env, int id)
|
||||
{
|
||||
struct dns64_env* dns64_env =
|
||||
(struct dns64_env*)calloc(1, sizeof(struct dns64_env));
|
||||
if (!dns64_env) {
|
||||
log_err("malloc failure");
|
||||
return 0;
|
||||
}
|
||||
env->modinfo[id] = (void*)dns64_env;
|
||||
if (!dns64_apply_cfg(dns64_env, env->cfg)) {
|
||||
log_err("dns64: could not apply configuration settings.");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Deinitializes this instance of the dns64 module.
|
||||
*
|
||||
* \param env Global state of all module instances.
|
||||
* \param id This instance's ID number.
|
||||
*/
|
||||
void
|
||||
dns64_deinit(struct module_env* env, int id)
|
||||
{
|
||||
if (!env)
|
||||
return;
|
||||
free(env->modinfo[id]);
|
||||
env->modinfo[id] = NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle PTR queries for IPv6 addresses. If the address belongs to the DNS64
|
||||
* prefix, we must do a PTR query for the corresponding IPv4 address instead.
|
||||
*
|
||||
* \param qstate Query state structure.
|
||||
* \param id This module instance's ID number.
|
||||
*
|
||||
* \return The new state of the query.
|
||||
*/
|
||||
static enum module_ext_state
|
||||
handle_ipv6_ptr(struct module_qstate* qstate, int id)
|
||||
{
|
||||
struct dns64_env* dns64_env = (struct dns64_env*)qstate->env->modinfo[id];
|
||||
struct module_qstate* subq = NULL;
|
||||
struct query_info qinfo;
|
||||
struct sockaddr_in6 sin6;
|
||||
|
||||
/* Convert the PTR query string to an IPv6 address. */
|
||||
memset(&sin6, 0, sizeof(sin6));
|
||||
sin6.sin6_family = AF_INET6;
|
||||
if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr))
|
||||
return module_wait_module; /* Let other module handle this. */
|
||||
|
||||
/*
|
||||
* If this IPv6 address is not part of our DNS64 prefix, then we don't need
|
||||
* to do anything. Let another module handle the query.
|
||||
*/
|
||||
if (addr_in_common((struct sockaddr_storage*)&sin6, 128,
|
||||
&dns64_env->prefix_addr, dns64_env->prefix_net,
|
||||
(socklen_t)sizeof(sin6)) != dns64_env->prefix_net)
|
||||
return module_wait_module;
|
||||
|
||||
verbose(VERB_ALGO, "dns64: rewrite PTR record");
|
||||
|
||||
/*
|
||||
* Create a new PTR query info for the domain name corresponding to the IPv4
|
||||
* address corresponding to the IPv6 address corresponding to the original
|
||||
* PTR query domain name.
|
||||
*/
|
||||
qinfo = qstate->qinfo;
|
||||
if (!(qinfo.qname = regional_alloc(qstate->region, MAX_PTR_QNAME_IPV4)))
|
||||
return module_error;
|
||||
qinfo.qname_len = ipv4_to_ptr(extract_ipv4(sin6.sin6_addr.s6_addr,
|
||||
dns64_env->prefix_net), (char*)qinfo.qname);
|
||||
|
||||
/* Create the new sub-query. */
|
||||
fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
|
||||
if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0, 0,
|
||||
&subq))
|
||||
return module_error;
|
||||
if (subq) {
|
||||
subq->curmod = id;
|
||||
subq->ext_state[id] = module_state_initial;
|
||||
subq->minfo[id] = NULL;
|
||||
}
|
||||
|
||||
return module_wait_subquery;
|
||||
}
|
||||
|
||||
/** allocate (special) rrset keys, return 0 on error */
|
||||
static int
|
||||
repinfo_alloc_rrset_keys(struct reply_info* rep,
|
||||
struct regional* region)
|
||||
{
|
||||
size_t i;
|
||||
for(i=0; i<rep->rrset_count; i++) {
|
||||
if(region) {
|
||||
rep->rrsets[i] = (struct ub_packed_rrset_key*)
|
||||
regional_alloc(region,
|
||||
sizeof(struct ub_packed_rrset_key));
|
||||
if(rep->rrsets[i]) {
|
||||
memset(rep->rrsets[i], 0,
|
||||
sizeof(struct ub_packed_rrset_key));
|
||||
rep->rrsets[i]->entry.key = rep->rrsets[i];
|
||||
}
|
||||
}
|
||||
else return 0;/* rep->rrsets[i] = alloc_special_obtain(alloc);*/
|
||||
if(!rep->rrsets[i])
|
||||
return 0;
|
||||
rep->rrsets[i]->entry.data = NULL;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static enum module_ext_state
|
||||
generate_type_A_query(struct module_qstate* qstate, int id)
|
||||
{
|
||||
struct module_qstate* subq = NULL;
|
||||
struct query_info qinfo;
|
||||
|
||||
verbose(VERB_ALGO, "dns64: query A record");
|
||||
|
||||
/* Create a new query info. */
|
||||
qinfo = qstate->qinfo;
|
||||
qinfo.qtype = LDNS_RR_TYPE_A;
|
||||
|
||||
/* Start the sub-query. */
|
||||
fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
|
||||
if(!(*qstate->env->attach_sub)(qstate, &qinfo, qstate->query_flags, 0,
|
||||
0, &subq))
|
||||
{
|
||||
verbose(VERB_ALGO, "dns64: sub-query creation failed");
|
||||
return module_error;
|
||||
}
|
||||
if (subq) {
|
||||
subq->curmod = id;
|
||||
subq->ext_state[id] = module_state_initial;
|
||||
subq->minfo[id] = NULL;
|
||||
}
|
||||
|
||||
return module_wait_subquery;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handles the "pass" event for a query. This event is received when a new query
|
||||
* is received by this module. The query may have been generated internally by
|
||||
* another module, in which case we don't want to do any special processing
|
||||
* (this is an interesting discussion topic), or it may be brand new, e.g.
|
||||
* received over a socket, in which case we do want to apply DNS64 processing.
|
||||
*
|
||||
* \param qstate A structure representing the state of the query that has just
|
||||
* received the "pass" event.
|
||||
* \param id This module's instance ID.
|
||||
*
|
||||
* \return The new state of the query.
|
||||
*/
|
||||
static enum module_ext_state
|
||||
handle_event_pass(struct module_qstate* qstate, int id)
|
||||
{
|
||||
if ((uintptr_t)qstate->minfo[id] == DNS64_NEW_QUERY
|
||||
&& qstate->qinfo.qtype == LDNS_RR_TYPE_PTR
|
||||
&& qstate->qinfo.qname_len == 74
|
||||
&& !strcmp((char*)&qstate->qinfo.qname[64], "\03ip6\04arpa"))
|
||||
/* Handle PTR queries for IPv6 addresses. */
|
||||
return handle_ipv6_ptr(qstate, id);
|
||||
|
||||
if (qstate->env->cfg->dns64_synthall &&
|
||||
(uintptr_t)qstate->minfo[id] == DNS64_NEW_QUERY
|
||||
&& qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA)
|
||||
return generate_type_A_query(qstate, id);
|
||||
|
||||
/* We are finished when our sub-query is finished. */
|
||||
if ((uintptr_t)qstate->minfo[id] == DNS64_SUBQUERY_FINISHED)
|
||||
return module_finished;
|
||||
|
||||
/* Otherwise, pass request to next module. */
|
||||
verbose(VERB_ALGO, "dns64: pass to next module");
|
||||
return module_wait_module;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handles the "done" event for a query. We need to analyze the response and
|
||||
* maybe issue a new sub-query for the A record.
|
||||
*
|
||||
* \param qstate A structure representing the state of the query that has just
|
||||
* received the "pass" event.
|
||||
* \param id This module's instance ID.
|
||||
*
|
||||
* \return The new state of the query.
|
||||
*/
|
||||
static enum module_ext_state
|
||||
handle_event_moddone(struct module_qstate* qstate, int id)
|
||||
{
|
||||
/*
|
||||
* In many cases we have nothing special to do. From most to least common:
|
||||
*
|
||||
* - An internal query.
|
||||
* - A query for a record type other than AAAA.
|
||||
* - CD FLAG was set on querier
|
||||
* - An AAAA query for which an error was returned.
|
||||
* - A successful AAAA query with an answer.
|
||||
*/
|
||||
if ( (enum dns64_qstate)qstate->minfo[id] == DNS64_INTERNAL_QUERY
|
||||
|| qstate->qinfo.qtype != LDNS_RR_TYPE_AAAA
|
||||
|| (qstate->query_flags & BIT_CD)
|
||||
|| qstate->return_rcode != LDNS_RCODE_NOERROR
|
||||
|| (qstate->return_msg &&
|
||||
qstate->return_msg->rep &&
|
||||
reply_find_answer_rrset(&qstate->qinfo,
|
||||
qstate->return_msg->rep)))
|
||||
return module_finished;
|
||||
|
||||
/* So, this is a AAAA noerror/nodata answer */
|
||||
return generate_type_A_query(qstate, id);
|
||||
}
|
||||
|
||||
/**
|
||||
* This is the module's main() function. It gets called each time a query
|
||||
* receives an event which we may need to handle. We respond by updating the
|
||||
* state of the query.
|
||||
*
|
||||
* \param qstate Structure containing the state of the query.
|
||||
* \param event Event that has just been received.
|
||||
* \param id This module's instance ID.
|
||||
* \param outbound State of a DNS query on an authoritative server. We never do
|
||||
* our own queries ourselves (other modules do it for us), so
|
||||
* this is unused.
|
||||
*/
|
||||
void
|
||||
dns64_operate(struct module_qstate* qstate, enum module_ev event, int id,
|
||||
struct outbound_entry* outbound)
|
||||
{
|
||||
(void)outbound;
|
||||
verbose(VERB_QUERY, "dns64[module %d] operate: extstate:%s event:%s",
|
||||
id, strextstate(qstate->ext_state[id]),
|
||||
strmodulevent(event));
|
||||
log_query_info(VERB_QUERY, "dns64 operate: query", &qstate->qinfo);
|
||||
|
||||
switch(event) {
|
||||
case module_event_new:
|
||||
/* Tag this query as being new and fall through. */
|
||||
qstate->minfo[id] = (void*)DNS64_NEW_QUERY;
|
||||
case module_event_pass:
|
||||
qstate->ext_state[id] = handle_event_pass(qstate, id);
|
||||
break;
|
||||
case module_event_moddone:
|
||||
qstate->ext_state[id] = handle_event_moddone(qstate, id);
|
||||
break;
|
||||
default:
|
||||
qstate->ext_state[id] = module_finished;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,
|
||||
const struct packed_rrset_data* fd,
|
||||
struct ub_packed_rrset_key *dk,
|
||||
struct packed_rrset_data **dd_out, struct regional *region,
|
||||
struct dns64_env* dns64_env )
|
||||
{
|
||||
struct packed_rrset_data *dd;
|
||||
size_t i;
|
||||
/*
|
||||
* Create synthesized AAAA RR set data. We need to allocated extra memory
|
||||
* for the RRs themselves. Each RR has a length, TTL, pointer to wireformat
|
||||
* data, 2 bytes of data length, and 16 bytes of IPv6 address.
|
||||
*/
|
||||
if (!(dd = *dd_out = regional_alloc(region,
|
||||
sizeof(struct packed_rrset_data)
|
||||
+ fd->count * (sizeof(size_t) + sizeof(time_t) +
|
||||
sizeof(uint8_t*) + 2 + 16)))) {
|
||||
log_err("out of memory");
|
||||
return;
|
||||
}
|
||||
|
||||
/* Copy attributes from A RR set. */
|
||||
dd->ttl = fd->ttl;
|
||||
dd->count = fd->count;
|
||||
dd->rrsig_count = 0;
|
||||
dd->trust = fd->trust;
|
||||
dd->security = fd->security;
|
||||
|
||||
/*
|
||||
* Synthesize AAAA records. Adjust pointers in structure.
|
||||
*/
|
||||
dd->rr_len =
|
||||
(size_t*)((uint8_t*)dd + sizeof(struct packed_rrset_data));
|
||||
dd->rr_data = (uint8_t**)&dd->rr_len[dd->count];
|
||||
dd->rr_ttl = (time_t*)&dd->rr_data[dd->count];
|
||||
for(i = 0; i < fd->count; ++i) {
|
||||
if (fd->rr_len[i] != 6 || fd->rr_data[i][0] != 0
|
||||
|| fd->rr_data[i][1] != 4)
|
||||
return;
|
||||
dd->rr_len[i] = 18;
|
||||
dd->rr_data[i] =
|
||||
(uint8_t*)&dd->rr_ttl[dd->count] + 18*i;
|
||||
dd->rr_data[i][0] = 0;
|
||||
dd->rr_data[i][1] = 16;
|
||||
synthesize_aaaa(
|
||||
((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr,
|
||||
dns64_env->prefix_net, &fd->rr_data[i][2],
|
||||
&dd->rr_data[i][2] );
|
||||
dd->rr_ttl[i] = fd->rr_ttl[i];
|
||||
}
|
||||
|
||||
/*
|
||||
* Create synthesized AAAA RR set key. This is mostly just bookkeeping,
|
||||
* nothing interesting here.
|
||||
*/
|
||||
if(!dk) {
|
||||
log_err("no key");
|
||||
return;
|
||||
}
|
||||
|
||||
dk->rk.dname = (uint8_t*)regional_alloc_init(region,
|
||||
fk->rk.dname, fk->rk.dname_len);
|
||||
|
||||
if(!dk->rk.dname) {
|
||||
log_err("out of memory");
|
||||
return;
|
||||
}
|
||||
|
||||
dk->rk.type = htons(LDNS_RR_TYPE_AAAA);
|
||||
memset(&dk->entry, 0, sizeof(dk->entry));
|
||||
dk->entry.key = dk;
|
||||
dk->entry.hash = rrset_key_hash(&dk->rk);
|
||||
dk->entry.data = dd;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Synthesize an AAAA RR set from an A sub-query's answer and add it to the
|
||||
* original empty response.
|
||||
*
|
||||
* \param id This module's instance ID.
|
||||
* \param super Original AAAA query.
|
||||
* \param qstate A query.
|
||||
*/
|
||||
static void
|
||||
dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate)
|
||||
{
|
||||
struct dns64_env* dns64_env = (struct dns64_env*)super->env->modinfo[id];
|
||||
struct reply_info *rep, *cp;
|
||||
size_t i, s;
|
||||
struct packed_rrset_data* fd, *dd;
|
||||
struct ub_packed_rrset_key* fk, *dk;
|
||||
|
||||
verbose(VERB_ALGO, "converting A answers to AAAA answers");
|
||||
|
||||
log_assert(super->region);
|
||||
log_assert(qstate->return_msg);
|
||||
log_assert(qstate->return_msg->rep);
|
||||
|
||||
/* If dns64-synthall is enabled, return_msg is not initialized */
|
||||
if(!super->return_msg) {
|
||||
super->return_msg = (struct dns_msg*)regional_alloc(
|
||||
super->region, sizeof(struct dns_msg));
|
||||
if(!super->return_msg)
|
||||
return;
|
||||
memset(super->return_msg, 0, sizeof(*super->return_msg));
|
||||
super->return_msg->qinfo = super->qinfo;
|
||||
}
|
||||
|
||||
rep = qstate->return_msg->rep;
|
||||
|
||||
/*
|
||||
* Build the actual reply.
|
||||
*/
|
||||
cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount,
|
||||
rep->ttl, rep->prefetch_ttl, rep->an_numrrsets, rep->ns_numrrsets,
|
||||
rep->ar_numrrsets, rep->rrset_count, rep->security);
|
||||
if(!cp)
|
||||
return;
|
||||
|
||||
/* allocate ub_key structures special or not */
|
||||
if(!repinfo_alloc_rrset_keys(cp, super->region)) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* copy everything and replace A by AAAA */
|
||||
for(i=0; i<cp->rrset_count; i++) {
|
||||
fk = rep->rrsets[i];
|
||||
dk = cp->rrsets[i];
|
||||
fd = (struct packed_rrset_data*)fk->entry.data;
|
||||
dk->rk = fk->rk;
|
||||
dk->id = fk->id;
|
||||
|
||||
if(i<rep->an_numrrsets && fk->rk.type == htons(LDNS_RR_TYPE_A)) {
|
||||
/* also sets dk->entry.hash */
|
||||
dns64_synth_aaaa_data(fk, fd, dk, &dd, super->region, dns64_env);
|
||||
/* Delete negative AAAA record from cache stored by
|
||||
* the iterator module */
|
||||
rrset_cache_remove(super->env->rrset_cache, dk->rk.dname,
|
||||
dk->rk.dname_len, LDNS_RR_TYPE_AAAA,
|
||||
LDNS_RR_CLASS_IN, 0);
|
||||
} else {
|
||||
dk->entry.hash = fk->entry.hash;
|
||||
dk->rk.dname = (uint8_t*)regional_alloc_init(super->region,
|
||||
fk->rk.dname, fk->rk.dname_len);
|
||||
|
||||
if(!dk->rk.dname)
|
||||
return;
|
||||
|
||||
s = packed_rrset_sizeof(fd);
|
||||
dd = (struct packed_rrset_data*)regional_alloc_init(
|
||||
super->region, fd, s);
|
||||
|
||||
if(!dd)
|
||||
return;
|
||||
}
|
||||
|
||||
packed_rrset_ptr_fixup(dd);
|
||||
dk->entry.data = (void*)dd;
|
||||
}
|
||||
|
||||
/* Commit changes. */
|
||||
super->return_msg->rep = cp;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a response for the original IPv6 PTR query based on an IPv4 PTR
|
||||
* sub-query's response.
|
||||
*
|
||||
* \param qstate IPv4 PTR sub-query.
|
||||
* \param super Original IPv6 PTR query.
|
||||
*/
|
||||
static void
|
||||
dns64_adjust_ptr(struct module_qstate* qstate, struct module_qstate* super)
|
||||
{
|
||||
struct ub_packed_rrset_key* answer;
|
||||
|
||||
verbose(VERB_ALGO, "adjusting PTR reply");
|
||||
|
||||
/* Copy the sub-query's reply to the parent. */
|
||||
if (!(super->return_msg = (struct dns_msg*)regional_alloc(super->region,
|
||||
sizeof(struct dns_msg))))
|
||||
return;
|
||||
super->return_msg->qinfo = super->qinfo;
|
||||
super->return_msg->rep = reply_info_copy(qstate->return_msg->rep, NULL,
|
||||
super->region);
|
||||
|
||||
/*
|
||||
* Adjust the domain name of the answer RR set so that it matches the
|
||||
* initial query's domain name.
|
||||
*/
|
||||
answer = reply_find_answer_rrset(&qstate->qinfo, super->return_msg->rep);
|
||||
log_assert(answer);
|
||||
answer->rk.dname = super->qinfo.qname;
|
||||
answer->rk.dname_len = super->qinfo.qname_len;
|
||||
}
|
||||
|
||||
/**
|
||||
* This function is called when a sub-query finishes to inform the parent query.
|
||||
*
|
||||
* We issue two kinds of sub-queries: PTR and A.
|
||||
*
|
||||
* \param qstate State of the sub-query.
|
||||
* \param id This module's instance ID.
|
||||
* \param super State of the super-query.
|
||||
*/
|
||||
void
|
||||
dns64_inform_super(struct module_qstate* qstate, int id,
|
||||
struct module_qstate* super)
|
||||
{
|
||||
log_query_info(VERB_ALGO, "dns64: inform_super, sub is",
|
||||
&qstate->qinfo);
|
||||
log_query_info(VERB_ALGO, "super is", &super->qinfo);
|
||||
|
||||
/*
|
||||
* Signal that the sub-query is finished, no matter whether we are
|
||||
* successful or not. This lets the state machine terminate.
|
||||
*/
|
||||
super->minfo[id] = (void*)DNS64_SUBQUERY_FINISHED;
|
||||
|
||||
/* If there is no successful answer, we're done. */
|
||||
if (qstate->return_rcode != LDNS_RCODE_NOERROR
|
||||
|| !qstate->return_msg
|
||||
|| !qstate->return_msg->rep
|
||||
|| !reply_find_answer_rrset(&qstate->qinfo,
|
||||
qstate->return_msg->rep))
|
||||
return;
|
||||
|
||||
/* Generate a response suitable for the original query. */
|
||||
if (qstate->qinfo.qtype == LDNS_RR_TYPE_A) {
|
||||
dns64_adjust_a(id, super, qstate);
|
||||
} else {
|
||||
log_assert(qstate->qinfo.qtype == LDNS_RR_TYPE_PTR);
|
||||
dns64_adjust_ptr(qstate, super);
|
||||
}
|
||||
|
||||
/* Store the generated response in cache. */
|
||||
if (!dns_cache_store(super->env, &super->qinfo, super->return_msg->rep,
|
||||
0, 0, 0, NULL, super->query_flags))
|
||||
log_err("out of memory");
|
||||
}
|
||||
|
||||
/**
|
||||
* Clear module-specific data from query state. Since we do not allocate memory,
|
||||
* it's just a matter of setting a pointer to NULL.
|
||||
*
|
||||
* \param qstate Query state.
|
||||
* \param id This module's instance ID.
|
||||
*/
|
||||
void
|
||||
dns64_clear(struct module_qstate* qstate, int id)
|
||||
{
|
||||
qstate->minfo[id] = NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the amount of global memory that this module uses, not including
|
||||
* per-query data.
|
||||
*
|
||||
* \param env Module environment.
|
||||
* \param id This module's instance ID.
|
||||
*/
|
||||
size_t
|
||||
dns64_get_mem(struct module_env* env, int id)
|
||||
{
|
||||
struct dns64_env* dns64_env = (struct dns64_env*)env->modinfo[id];
|
||||
if (!dns64_env)
|
||||
return 0;
|
||||
return sizeof(*dns64_env);
|
||||
}
|
||||
|
||||
/**
|
||||
* The dns64 function block.
|
||||
*/
|
||||
static struct module_func_block dns64_block = {
|
||||
"dns64",
|
||||
&dns64_init, &dns64_deinit, &dns64_operate, &dns64_inform_super,
|
||||
&dns64_clear, &dns64_get_mem
|
||||
};
|
||||
|
||||
/**
|
||||
* Function for returning the above function block.
|
||||
*/
|
||||
struct module_func_block *
|
||||
dns64_get_funcblock()
|
||||
{
|
||||
return &dns64_block;
|
||||
}
|
71
contrib/unbound/dns64/dns64.h
Normal file
71
contrib/unbound/dns64/dns64.h
Normal file
@ -0,0 +1,71 @@
|
||||
/*
|
||||
* dns64/dns64.h - DNS64 module
|
||||
*
|
||||
* Copyright (c) 2009, Viagénie. All rights reserved.
|
||||
*
|
||||
* This software is open source.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file
|
||||
*
|
||||
* This file contains a module that performs DNS64 query processing.
|
||||
*/
|
||||
|
||||
#ifndef DNS64_DNS64_H
|
||||
#define DNS64_DNS64_H
|
||||
#include "util/module.h"
|
||||
|
||||
/**
|
||||
* Get the dns64 function block.
|
||||
* @return: function block with function pointers to dns64 methods.
|
||||
*/
|
||||
struct module_func_block *dns64_get_funcblock(void);
|
||||
|
||||
/** dns64 init */
|
||||
int dns64_init(struct module_env* env, int id);
|
||||
|
||||
/** dns64 deinit */
|
||||
void dns64_deinit(struct module_env* env, int id);
|
||||
|
||||
/** dns64 operate on a query */
|
||||
void dns64_operate(struct module_qstate* qstate, enum module_ev event, int id,
|
||||
struct outbound_entry* outbound);
|
||||
|
||||
void dns64_inform_super(struct module_qstate* qstate, int id,
|
||||
struct module_qstate* super);
|
||||
|
||||
/** dns64 cleanup query state */
|
||||
void dns64_clear(struct module_qstate* qstate, int id);
|
||||
|
||||
/** dns64 alloc size routine */
|
||||
size_t dns64_get_mem(struct module_env* env, int id);
|
||||
|
||||
#endif /* DNS64_DNS64_H */
|
510
contrib/unbound/dnstap/dnstap.c
Normal file
510
contrib/unbound/dnstap/dnstap.c
Normal file
@ -0,0 +1,510 @@
|
||||
/* dnstap support for Unbound */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2013-2014, Farsight Security, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the copyright holder nor the names of its
|
||||
* contributors may be used to endorse or promote products derived from
|
||||
* this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "dnstap/dnstap_config.h"
|
||||
|
||||
#ifdef USE_DNSTAP
|
||||
|
||||
#include "config.h"
|
||||
#include <string.h>
|
||||
#include <sys/time.h>
|
||||
#include "ldns/sbuffer.h"
|
||||
#include "util/config_file.h"
|
||||
#include "util/net_help.h"
|
||||
#include "util/netevent.h"
|
||||
#include "util/log.h"
|
||||
|
||||
#include <fstrm.h>
|
||||
#include <protobuf-c/protobuf-c.h>
|
||||
|
||||
#include "dnstap/dnstap.h"
|
||||
#include "dnstap/dnstap.pb-c.h"
|
||||
|
||||
#define DNSTAP_CONTENT_TYPE "protobuf:dnstap.Dnstap"
|
||||
#define DNSTAP_INITIAL_BUF_SIZE 256
|
||||
|
||||
struct dt_msg {
|
||||
void *buf;
|
||||
size_t len_buf;
|
||||
Dnstap__Dnstap d;
|
||||
Dnstap__Message m;
|
||||
};
|
||||
|
||||
static int
|
||||
dt_pack(const Dnstap__Dnstap *d, void **buf, size_t *sz)
|
||||
{
|
||||
ProtobufCBufferSimple sbuf;
|
||||
|
||||
memset(&sbuf, 0, sizeof(sbuf));
|
||||
sbuf.base.append = protobuf_c_buffer_simple_append;
|
||||
sbuf.len = 0;
|
||||
sbuf.alloced = DNSTAP_INITIAL_BUF_SIZE;
|
||||
sbuf.data = malloc(sbuf.alloced);
|
||||
if (sbuf.data == NULL)
|
||||
return 0;
|
||||
sbuf.must_free_data = 1;
|
||||
|
||||
*sz = dnstap__dnstap__pack_to_buffer(d, (ProtobufCBuffer *) &sbuf);
|
||||
if (sbuf.data == NULL)
|
||||
return 0;
|
||||
*buf = sbuf.data;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void
|
||||
dt_send(const struct dt_env *env, void *buf, size_t len_buf)
|
||||
{
|
||||
fstrm_res res;
|
||||
if (!buf)
|
||||
return;
|
||||
res = fstrm_iothr_submit(env->iothr, env->ioq, buf, len_buf,
|
||||
fstrm_free_wrapper, NULL);
|
||||
if (res != fstrm_res_success)
|
||||
free(buf);
|
||||
}
|
||||
|
||||
static void
|
||||
dt_msg_init(const struct dt_env *env,
|
||||
struct dt_msg *dm,
|
||||
Dnstap__Message__Type mtype)
|
||||
{
|
||||
memset(dm, 0, sizeof(*dm));
|
||||
dm->d.base.descriptor = &dnstap__dnstap__descriptor;
|
||||
dm->m.base.descriptor = &dnstap__message__descriptor;
|
||||
dm->d.type = DNSTAP__DNSTAP__TYPE__MESSAGE;
|
||||
dm->d.message = &dm->m;
|
||||
dm->m.type = mtype;
|
||||
if (env->identity != NULL) {
|
||||
dm->d.identity.data = (uint8_t *) env->identity;
|
||||
dm->d.identity.len = (size_t) env->len_identity;
|
||||
dm->d.has_identity = 1;
|
||||
}
|
||||
if (env->version != NULL) {
|
||||
dm->d.version.data = (uint8_t *) env->version;
|
||||
dm->d.version.len = (size_t) env->len_version;
|
||||
dm->d.has_version = 1;
|
||||
}
|
||||
}
|
||||
|
||||
struct dt_env *
|
||||
dt_create(const char *socket_path, unsigned num_workers)
|
||||
{
|
||||
fstrm_res res;
|
||||
struct dt_env *env;
|
||||
struct fstrm_iothr_options *fopt;
|
||||
struct fstrm_unix_writer_options *fuwopt;
|
||||
struct fstrm_writer *fw;
|
||||
struct fstrm_writer_options *fwopt;
|
||||
|
||||
verbose(VERB_OPS, "opening dnstap socket %s", socket_path);
|
||||
log_assert(socket_path != NULL);
|
||||
log_assert(num_workers > 0);
|
||||
|
||||
env = (struct dt_env *) calloc(1, sizeof(struct dt_env));
|
||||
if (!env)
|
||||
return NULL;
|
||||
|
||||
fwopt = fstrm_writer_options_init();
|
||||
res = fstrm_writer_options_add_content_type(fwopt,
|
||||
DNSTAP_CONTENT_TYPE, sizeof(DNSTAP_CONTENT_TYPE) - 1);
|
||||
log_assert(res == fstrm_res_success);
|
||||
|
||||
fuwopt = fstrm_unix_writer_options_init();
|
||||
fstrm_unix_writer_options_set_socket_path(fuwopt, socket_path);
|
||||
|
||||
fw = fstrm_unix_writer_init(fuwopt, fwopt);
|
||||
log_assert(fw != NULL);
|
||||
|
||||
fopt = fstrm_iothr_options_init();
|
||||
fstrm_iothr_options_set_num_input_queues(fopt, num_workers);
|
||||
env->iothr = fstrm_iothr_init(fopt, &fw);
|
||||
if (env->iothr == NULL) {
|
||||
verbose(VERB_DETAIL, "dt_create: fstrm_iothr_init() failed");
|
||||
fstrm_writer_destroy(&fw);
|
||||
free(env);
|
||||
env = NULL;
|
||||
}
|
||||
fstrm_iothr_options_destroy(&fopt);
|
||||
fstrm_unix_writer_options_destroy(&fuwopt);
|
||||
fstrm_writer_options_destroy(&fwopt);
|
||||
|
||||
return env;
|
||||
}
|
||||
|
||||
static void
|
||||
dt_apply_identity(struct dt_env *env, struct config_file *cfg)
|
||||
{
|
||||
char buf[MAXHOSTNAMELEN+1];
|
||||
if (!cfg->dnstap_send_identity)
|
||||
return;
|
||||
free(env->identity);
|
||||
if (cfg->dnstap_identity == NULL || cfg->dnstap_identity[0] == 0) {
|
||||
if (gethostname(buf, MAXHOSTNAMELEN) == 0) {
|
||||
buf[MAXHOSTNAMELEN] = 0;
|
||||
env->identity = strdup(buf);
|
||||
} else {
|
||||
fatal_exit("dt_apply_identity: gethostname() failed");
|
||||
}
|
||||
} else {
|
||||
env->identity = strdup(cfg->dnstap_identity);
|
||||
}
|
||||
if (env->identity == NULL)
|
||||
fatal_exit("dt_apply_identity: strdup() failed");
|
||||
env->len_identity = (unsigned int)strlen(env->identity);
|
||||
verbose(VERB_OPS, "dnstap identity field set to \"%s\"",
|
||||
env->identity);
|
||||
}
|
||||
|
||||
static void
|
||||
dt_apply_version(struct dt_env *env, struct config_file *cfg)
|
||||
{
|
||||
if (!cfg->dnstap_send_version)
|
||||
return;
|
||||
free(env->version);
|
||||
if (cfg->dnstap_version == NULL || cfg->dnstap_version[0] == 0)
|
||||
env->version = strdup(PACKAGE_STRING);
|
||||
else
|
||||
env->version = strdup(cfg->dnstap_version);
|
||||
if (env->version == NULL)
|
||||
fatal_exit("dt_apply_version: strdup() failed");
|
||||
env->len_version = (unsigned int)strlen(env->version);
|
||||
verbose(VERB_OPS, "dnstap version field set to \"%s\"",
|
||||
env->version);
|
||||
}
|
||||
|
||||
void
|
||||
dt_apply_cfg(struct dt_env *env, struct config_file *cfg)
|
||||
{
|
||||
if (!cfg->dnstap)
|
||||
return;
|
||||
|
||||
dt_apply_identity(env, cfg);
|
||||
dt_apply_version(env, cfg);
|
||||
if ((env->log_resolver_query_messages = (unsigned int)
|
||||
cfg->dnstap_log_resolver_query_messages))
|
||||
{
|
||||
verbose(VERB_OPS, "dnstap Message/RESOLVER_QUERY enabled");
|
||||
}
|
||||
if ((env->log_resolver_response_messages = (unsigned int)
|
||||
cfg->dnstap_log_resolver_response_messages))
|
||||
{
|
||||
verbose(VERB_OPS, "dnstap Message/RESOLVER_RESPONSE enabled");
|
||||
}
|
||||
if ((env->log_client_query_messages = (unsigned int)
|
||||
cfg->dnstap_log_client_query_messages))
|
||||
{
|
||||
verbose(VERB_OPS, "dnstap Message/CLIENT_QUERY enabled");
|
||||
}
|
||||
if ((env->log_client_response_messages = (unsigned int)
|
||||
cfg->dnstap_log_client_response_messages))
|
||||
{
|
||||
verbose(VERB_OPS, "dnstap Message/CLIENT_RESPONSE enabled");
|
||||
}
|
||||
if ((env->log_forwarder_query_messages = (unsigned int)
|
||||
cfg->dnstap_log_forwarder_query_messages))
|
||||
{
|
||||
verbose(VERB_OPS, "dnstap Message/FORWARDER_QUERY enabled");
|
||||
}
|
||||
if ((env->log_forwarder_response_messages = (unsigned int)
|
||||
cfg->dnstap_log_forwarder_response_messages))
|
||||
{
|
||||
verbose(VERB_OPS, "dnstap Message/FORWARDER_RESPONSE enabled");
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
dt_init(struct dt_env *env)
|
||||
{
|
||||
env->ioq = fstrm_iothr_get_input_queue(env->iothr);
|
||||
if (env->ioq == NULL)
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
void
|
||||
dt_delete(struct dt_env *env)
|
||||
{
|
||||
if (!env)
|
||||
return;
|
||||
verbose(VERB_OPS, "closing dnstap socket");
|
||||
fstrm_iothr_destroy(&env->iothr);
|
||||
free(env->identity);
|
||||
free(env->version);
|
||||
free(env);
|
||||
}
|
||||
|
||||
static void
|
||||
dt_fill_timeval(const struct timeval *tv,
|
||||
uint64_t *time_sec, protobuf_c_boolean *has_time_sec,
|
||||
uint32_t *time_nsec, protobuf_c_boolean *has_time_nsec)
|
||||
{
|
||||
#ifndef S_SPLINT_S
|
||||
*time_sec = tv->tv_sec;
|
||||
*time_nsec = tv->tv_usec * 1000;
|
||||
#endif
|
||||
*has_time_sec = 1;
|
||||
*has_time_nsec = 1;
|
||||
}
|
||||
|
||||
static void
|
||||
dt_fill_buffer(sldns_buffer *b, ProtobufCBinaryData *p, protobuf_c_boolean *has)
|
||||
{
|
||||
log_assert(b != NULL);
|
||||
p->len = sldns_buffer_limit(b);
|
||||
p->data = sldns_buffer_begin(b);
|
||||
*has = 1;
|
||||
}
|
||||
|
||||
static void
|
||||
dt_msg_fill_net(struct dt_msg *dm,
|
||||
struct sockaddr_storage *ss,
|
||||
enum comm_point_type cptype,
|
||||
ProtobufCBinaryData *addr, protobuf_c_boolean *has_addr,
|
||||
uint32_t *port, protobuf_c_boolean *has_port)
|
||||
{
|
||||
log_assert(ss->ss_family == AF_INET6 || ss->ss_family == AF_INET);
|
||||
if (ss->ss_family == AF_INET6) {
|
||||
struct sockaddr_in6 *s = (struct sockaddr_in6 *) ss;
|
||||
|
||||
/* socket_family */
|
||||
dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET6;
|
||||
dm->m.has_socket_family = 1;
|
||||
|
||||
/* addr: query_address or response_address */
|
||||
addr->data = s->sin6_addr.s6_addr;
|
||||
addr->len = 16; /* IPv6 */
|
||||
*has_addr = 1;
|
||||
|
||||
/* port: query_port or response_port */
|
||||
*port = ntohs(s->sin6_port);
|
||||
*has_port = 1;
|
||||
} else if (ss->ss_family == AF_INET) {
|
||||
struct sockaddr_in *s = (struct sockaddr_in *) ss;
|
||||
|
||||
/* socket_family */
|
||||
dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET;
|
||||
dm->m.has_socket_family = 1;
|
||||
|
||||
/* addr: query_address or response_address */
|
||||
addr->data = (uint8_t *) &s->sin_addr.s_addr;
|
||||
addr->len = 4; /* IPv4 */
|
||||
*has_addr = 1;
|
||||
|
||||
/* port: query_port or response_port */
|
||||
*port = ntohs(s->sin_port);
|
||||
*has_port = 1;
|
||||
}
|
||||
|
||||
log_assert(cptype == comm_udp || cptype == comm_tcp);
|
||||
if (cptype == comm_udp) {
|
||||
/* socket_protocol */
|
||||
dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__UDP;
|
||||
dm->m.has_socket_protocol = 1;
|
||||
} else if (cptype == comm_tcp) {
|
||||
/* socket_protocol */
|
||||
dm->m.socket_protocol = DNSTAP__SOCKET_PROTOCOL__TCP;
|
||||
dm->m.has_socket_protocol = 1;
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
dt_msg_send_client_query(struct dt_env *env,
|
||||
struct sockaddr_storage *qsock,
|
||||
enum comm_point_type cptype,
|
||||
sldns_buffer *qmsg)
|
||||
{
|
||||
struct dt_msg dm;
|
||||
struct timeval qtime;
|
||||
|
||||
gettimeofday(&qtime, NULL);
|
||||
|
||||
/* type */
|
||||
dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__CLIENT_QUERY);
|
||||
|
||||
/* query_time */
|
||||
dt_fill_timeval(&qtime,
|
||||
&dm.m.query_time_sec, &dm.m.has_query_time_sec,
|
||||
&dm.m.query_time_nsec, &dm.m.has_query_time_nsec);
|
||||
|
||||
/* query_message */
|
||||
dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message);
|
||||
|
||||
/* socket_family, socket_protocol, query_address, query_port */
|
||||
log_assert(cptype == comm_udp || cptype == comm_tcp);
|
||||
dt_msg_fill_net(&dm, qsock, cptype,
|
||||
&dm.m.query_address, &dm.m.has_query_address,
|
||||
&dm.m.query_port, &dm.m.has_query_port);
|
||||
|
||||
if (dt_pack(&dm.d, &dm.buf, &dm.len_buf))
|
||||
dt_send(env, dm.buf, dm.len_buf);
|
||||
}
|
||||
|
||||
void
|
||||
dt_msg_send_client_response(struct dt_env *env,
|
||||
struct sockaddr_storage *qsock,
|
||||
enum comm_point_type cptype,
|
||||
sldns_buffer *rmsg)
|
||||
{
|
||||
struct dt_msg dm;
|
||||
struct timeval rtime;
|
||||
|
||||
gettimeofday(&rtime, NULL);
|
||||
|
||||
/* type */
|
||||
dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__CLIENT_RESPONSE);
|
||||
|
||||
/* response_time */
|
||||
dt_fill_timeval(&rtime,
|
||||
&dm.m.response_time_sec, &dm.m.has_response_time_sec,
|
||||
&dm.m.response_time_nsec, &dm.m.has_response_time_nsec);
|
||||
|
||||
/* response_message */
|
||||
dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message);
|
||||
|
||||
/* socket_family, socket_protocol, query_address, query_port */
|
||||
log_assert(cptype == comm_udp || cptype == comm_tcp);
|
||||
dt_msg_fill_net(&dm, qsock, cptype,
|
||||
&dm.m.query_address, &dm.m.has_query_address,
|
||||
&dm.m.query_port, &dm.m.has_query_port);
|
||||
|
||||
if (dt_pack(&dm.d, &dm.buf, &dm.len_buf))
|
||||
dt_send(env, dm.buf, dm.len_buf);
|
||||
}
|
||||
|
||||
void
|
||||
dt_msg_send_outside_query(struct dt_env *env,
|
||||
struct sockaddr_storage *rsock,
|
||||
enum comm_point_type cptype,
|
||||
uint8_t *zone, size_t zone_len,
|
||||
sldns_buffer *qmsg)
|
||||
{
|
||||
struct dt_msg dm;
|
||||
struct timeval qtime;
|
||||
uint16_t qflags;
|
||||
|
||||
gettimeofday(&qtime, NULL);
|
||||
qflags = sldns_buffer_read_u16_at(qmsg, 2);
|
||||
|
||||
/* type */
|
||||
if (qflags & BIT_RD) {
|
||||
if (!env->log_forwarder_query_messages)
|
||||
return;
|
||||
dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY);
|
||||
} else {
|
||||
if (!env->log_resolver_query_messages)
|
||||
return;
|
||||
dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__RESOLVER_QUERY);
|
||||
}
|
||||
|
||||
/* query_zone */
|
||||
dm.m.query_zone.data = zone;
|
||||
dm.m.query_zone.len = zone_len;
|
||||
dm.m.has_query_zone = 1;
|
||||
|
||||
/* query_time_sec, query_time_nsec */
|
||||
dt_fill_timeval(&qtime,
|
||||
&dm.m.query_time_sec, &dm.m.has_query_time_sec,
|
||||
&dm.m.query_time_nsec, &dm.m.has_query_time_nsec);
|
||||
|
||||
/* query_message */
|
||||
dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message);
|
||||
|
||||
/* socket_family, socket_protocol, response_address, response_port */
|
||||
log_assert(cptype == comm_udp || cptype == comm_tcp);
|
||||
dt_msg_fill_net(&dm, rsock, cptype,
|
||||
&dm.m.response_address, &dm.m.has_response_address,
|
||||
&dm.m.response_port, &dm.m.has_response_port);
|
||||
|
||||
if (dt_pack(&dm.d, &dm.buf, &dm.len_buf))
|
||||
dt_send(env, dm.buf, dm.len_buf);
|
||||
}
|
||||
|
||||
void
|
||||
dt_msg_send_outside_response(struct dt_env *env,
|
||||
struct sockaddr_storage *rsock,
|
||||
enum comm_point_type cptype,
|
||||
uint8_t *zone, size_t zone_len,
|
||||
uint8_t *qbuf, size_t qbuf_len,
|
||||
const struct timeval *qtime,
|
||||
const struct timeval *rtime,
|
||||
sldns_buffer *rmsg)
|
||||
{
|
||||
struct dt_msg dm;
|
||||
uint16_t qflags;
|
||||
|
||||
log_assert(qbuf_len >= sizeof(qflags));
|
||||
memcpy(&qflags, qbuf, sizeof(qflags));
|
||||
qflags = ntohs(qflags);
|
||||
|
||||
/* type */
|
||||
if (qflags & BIT_RD) {
|
||||
if (!env->log_forwarder_response_messages)
|
||||
return;
|
||||
dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE);
|
||||
} else {
|
||||
if (!env->log_resolver_query_messages)
|
||||
return;
|
||||
dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__RESOLVER_RESPONSE);
|
||||
}
|
||||
|
||||
/* query_zone */
|
||||
dm.m.query_zone.data = zone;
|
||||
dm.m.query_zone.len = zone_len;
|
||||
dm.m.has_query_zone = 1;
|
||||
|
||||
/* query_time_sec, query_time_nsec */
|
||||
dt_fill_timeval(qtime,
|
||||
&dm.m.query_time_sec, &dm.m.has_query_time_sec,
|
||||
&dm.m.query_time_nsec, &dm.m.has_query_time_nsec);
|
||||
|
||||
/* response_time_sec, response_time_nsec */
|
||||
dt_fill_timeval(rtime,
|
||||
&dm.m.response_time_sec, &dm.m.has_response_time_sec,
|
||||
&dm.m.response_time_nsec, &dm.m.has_response_time_nsec);
|
||||
|
||||
/* response_message */
|
||||
dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message);
|
||||
|
||||
/* socket_family, socket_protocol, response_address, response_port */
|
||||
log_assert(cptype == comm_udp || cptype == comm_tcp);
|
||||
dt_msg_fill_net(&dm, rsock, cptype,
|
||||
&dm.m.response_address, &dm.m.has_response_address,
|
||||
&dm.m.response_port, &dm.m.has_response_port);
|
||||
|
||||
if (dt_pack(&dm.d, &dm.buf, &dm.len_buf))
|
||||
dt_send(env, dm.buf, dm.len_buf);
|
||||
}
|
||||
|
||||
#endif /* USE_DNSTAP */
|
188
contrib/unbound/dnstap/dnstap.h
Normal file
188
contrib/unbound/dnstap/dnstap.h
Normal file
@ -0,0 +1,188 @@
|
||||
/* dnstap support for Unbound */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2013-2014, Farsight Security, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the copyright holder nor the names of its
|
||||
* contributors may be used to endorse or promote products derived from
|
||||
* this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
|
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef UNBOUND_DNSTAP_H
|
||||
#define UNBOUND_DNSTAP_H
|
||||
|
||||
#include "dnstap/dnstap_config.h"
|
||||
|
||||
#ifdef USE_DNSTAP
|
||||
|
||||
struct config_file;
|
||||
struct fstrm_io;
|
||||
struct fstrm_queue;
|
||||
struct sldns_buffer;
|
||||
|
||||
struct dt_env {
|
||||
/** dnstap I/O thread */
|
||||
struct fstrm_iothr *iothr;
|
||||
|
||||
/** dnstap I/O thread input queue */
|
||||
struct fstrm_iothr_queue *ioq;
|
||||
|
||||
/** dnstap "identity" field, NULL if disabled */
|
||||
char *identity;
|
||||
|
||||
/** dnstap "version" field, NULL if disabled */
|
||||
char *version;
|
||||
|
||||
/** length of "identity" field */
|
||||
unsigned len_identity;
|
||||
|
||||
/** length of "version" field */
|
||||
unsigned len_version;
|
||||
|
||||
/** whether to log Message/RESOLVER_QUERY */
|
||||
unsigned log_resolver_query_messages : 1;
|
||||
/** whether to log Message/RESOLVER_RESPONSE */
|
||||
unsigned log_resolver_response_messages : 1;
|
||||
/** whether to log Message/CLIENT_QUERY */
|
||||
unsigned log_client_query_messages : 1;
|
||||
/** whether to log Message/CLIENT_RESPONSE */
|
||||
unsigned log_client_response_messages : 1;
|
||||
/** whether to log Message/FORWARDER_QUERY */
|
||||
unsigned log_forwarder_query_messages : 1;
|
||||
/** whether to log Message/FORWARDER_RESPONSE */
|
||||
unsigned log_forwarder_response_messages : 1;
|
||||
};
|
||||
|
||||
/**
|
||||
* Create dnstap environment object. Afterwards, call dt_apply_cfg() to fill in
|
||||
* the config variables and dt_init() to fill in the per-worker state. Each
|
||||
* worker needs a copy of this object but with its own I/O queue (the fq field
|
||||
* of the structure) to ensure lock-free access to its own per-worker circular
|
||||
* queue. Duplicate the environment object if more than one worker needs to
|
||||
* share access to the dnstap I/O socket.
|
||||
* @param socket_path: path to dnstap logging socket, must be non-NULL.
|
||||
* @param num_workers: number of worker threads, must be > 0.
|
||||
* @return dt_env object, NULL on failure.
|
||||
*/
|
||||
struct dt_env *
|
||||
dt_create(const char *socket_path, unsigned num_workers);
|
||||
|
||||
/**
|
||||
* Apply config settings.
|
||||
* @param env: dnstap environment object.
|
||||
* @param cfg: new config settings.
|
||||
*/
|
||||
void
|
||||
dt_apply_cfg(struct dt_env *env, struct config_file *cfg);
|
||||
|
||||
/**
|
||||
* Initialize per-worker state in dnstap environment object.
|
||||
* @param env: dnstap environment object to initialize, created with dt_create().
|
||||
* @return: true on success, false on failure.
|
||||
*/
|
||||
int
|
||||
dt_init(struct dt_env *env);
|
||||
|
||||
/**
|
||||
* Delete dnstap environment object. Closes dnstap I/O socket and deletes all
|
||||
* per-worker I/O queues.
|
||||
*/
|
||||
void
|
||||
dt_delete(struct dt_env *env);
|
||||
|
||||
/**
|
||||
* Create and send a new dnstap "Message" event of type CLIENT_QUERY.
|
||||
* @param env: dnstap environment object.
|
||||
* @param qsock: address/port of client.
|
||||
* @param cptype: comm_udp or comm_tcp.
|
||||
* @param qmsg: query message.
|
||||
*/
|
||||
void
|
||||
dt_msg_send_client_query(struct dt_env *env,
|
||||
struct sockaddr_storage *qsock,
|
||||
enum comm_point_type cptype,
|
||||
struct sldns_buffer *qmsg);
|
||||
|
||||
/**
|
||||
* Create and send a new dnstap "Message" event of type CLIENT_RESPONSE.
|
||||
* @param env: dnstap environment object.
|
||||
* @param qsock: address/port of client.
|
||||
* @param cptype: comm_udp or comm_tcp.
|
||||
* @param rmsg: response message.
|
||||
*/
|
||||
void
|
||||
dt_msg_send_client_response(struct dt_env *env,
|
||||
struct sockaddr_storage *qsock,
|
||||
enum comm_point_type cptype,
|
||||
struct sldns_buffer *rmsg);
|
||||
|
||||
/**
|
||||
* Create and send a new dnstap "Message" event of type RESOLVER_QUERY or
|
||||
* FORWARDER_QUERY. The type used is dependent on the value of the RD bit
|
||||
* in the query header.
|
||||
* @param env: dnstap environment object.
|
||||
* @param rsock: address/port of server the query is being sent to.
|
||||
* @param cptype: comm_udp or comm_tcp.
|
||||
* @param zone: query zone.
|
||||
* @param zone_len: length of zone.
|
||||
* @param qmsg: query message.
|
||||
*/
|
||||
void
|
||||
dt_msg_send_outside_query(struct dt_env *env,
|
||||
struct sockaddr_storage *rsock,
|
||||
enum comm_point_type cptype,
|
||||
uint8_t *zone, size_t zone_len,
|
||||
struct sldns_buffer *qmsg);
|
||||
|
||||
/**
|
||||
* Create and send a new dnstap "Message" event of type RESOLVER_RESPONSE or
|
||||
* FORWARDER_RESPONSE. The type used is dependent on the value of the RD bit
|
||||
* in the query header.
|
||||
* @param env: dnstap environment object.
|
||||
* @param rsock: address/port of server the response was received from.
|
||||
* @param cptype: comm_udp or comm_tcp.
|
||||
* @param zone: query zone.
|
||||
* @param zone_len: length of zone.
|
||||
* @param qbuf: outside_network's qbuf key.
|
||||
* @param qbuf_len: length of outside_network's qbuf key.
|
||||
* @param qtime: time query message was sent.
|
||||
* @param rtime: time response message was sent.
|
||||
* @param rmsg: response message.
|
||||
*/
|
||||
void
|
||||
dt_msg_send_outside_response(struct dt_env *env,
|
||||
struct sockaddr_storage *rsock,
|
||||
enum comm_point_type cptype,
|
||||
uint8_t *zone, size_t zone_len,
|
||||
uint8_t *qbuf, size_t qbuf_len,
|
||||
const struct timeval *qtime,
|
||||
const struct timeval *rtime,
|
||||
struct sldns_buffer *rmsg);
|
||||
|
||||
#endif /* USE_DNSTAP */
|
||||
|
||||
#endif /* UNBOUND_DNSTAP_H */
|
56
contrib/unbound/dnstap/dnstap.m4
Normal file
56
contrib/unbound/dnstap/dnstap.m4
Normal file
@ -0,0 +1,56 @@
|
||||
# dnstap.m4
|
||||
|
||||
# dt_DNSTAP(default_dnstap_socket_path, [action-if-true], [action-if-false])
|
||||
# --------------------------------------------------------------------------
|
||||
# Check for required dnstap libraries and add dnstap configure args.
|
||||
AC_DEFUN([dt_DNSTAP],
|
||||
[
|
||||
AC_ARG_ENABLE([dnstap],
|
||||
AS_HELP_STRING([--enable-dnstap],
|
||||
[Enable dnstap support (requires fstrm, protobuf-c)]),
|
||||
[opt_dnstap=$enableval], [opt_dnstap=no])
|
||||
|
||||
AC_ARG_WITH([dnstap-socket-path],
|
||||
AS_HELP_STRING([--with-dnstap-socket-path=pathname],
|
||||
[set default dnstap socket path]),
|
||||
[opt_dnstap_socket_path=$withval], [opt_dnstap_socket_path="$1"])
|
||||
|
||||
if test "x$opt_dnstap" != "xno"; then
|
||||
AC_PATH_PROG([PROTOC_C], [protoc-c])
|
||||
if test -z "$PROTOC_C"; then
|
||||
AC_MSG_ERROR([The protoc-c program was not found. Please install protobuf-c!])
|
||||
fi
|
||||
AC_ARG_WITH([protobuf-c], AC_HELP_STRING([--with-protobuf-c=path],
|
||||
[Path where protobuf-c is installed, for dnstap]), [
|
||||
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
|
||||
if test -f $withval/include/google/protobuf-c/protobuf-c.h; then
|
||||
CFLAGS="$CFLAGS -I$withval/include/google"
|
||||
else
|
||||
CFLAGS="$CFLAGS -I$withval/include"
|
||||
fi
|
||||
LDFLAGS="$LDFLAGS -L$withval/lib"
|
||||
], [
|
||||
# workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
|
||||
if test -f /usr/include/google/protobuf-c/protobuf-c.h; then
|
||||
CFLAGS="$CFLAGS -I/usr/include/google"
|
||||
else
|
||||
if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then
|
||||
CFLAGS="$CFLAGS -I/usr/local/include/google"
|
||||
LDFLAGS="$LDFLAGS -L/usr/local/lib"
|
||||
fi
|
||||
fi
|
||||
])
|
||||
AC_ARG_WITH([libfstrm], AC_HELP_STRING([--with-libfstrm=path],
|
||||
[Path where libfstrm is installed, for dnstap]), [
|
||||
CFLAGS="$CFLAGS -I$withval/include"
|
||||
LDFLAGS="$LDFLAGS -L$withval/lib"
|
||||
])
|
||||
AC_SEARCH_LIBS([fstrm_iothr_init], [fstrm], [],
|
||||
AC_MSG_ERROR([The fstrm library was not found. Please install fstrm!]))
|
||||
AC_SEARCH_LIBS([protobuf_c_message_pack], [protobuf-c], [],
|
||||
AC_MSG_ERROR([The protobuf-c library was not found. Please install protobuf-c!]))
|
||||
$2
|
||||
else
|
||||
$3
|
||||
fi
|
||||
])
|
262
contrib/unbound/dnstap/dnstap.proto
Normal file
262
contrib/unbound/dnstap/dnstap.proto
Normal file
@ -0,0 +1,262 @@
|
||||
// dnstap: flexible, structured event replication format for DNS software
|
||||
//
|
||||
// This file contains the protobuf schemas for the "dnstap" structured event
|
||||
// replication format for DNS software.
|
||||
|
||||
// Written in 2013-2014 by Farsight Security, Inc.
|
||||
//
|
||||
// To the extent possible under law, the author(s) have dedicated all
|
||||
// copyright and related and neighboring rights to this file to the public
|
||||
// domain worldwide. This file is distributed without any warranty.
|
||||
//
|
||||
// You should have received a copy of the CC0 Public Domain Dedication along
|
||||
// with this file. If not, see:
|
||||
//
|
||||
// <http://creativecommons.org/publicdomain/zero/1.0/>.
|
||||
|
||||
package dnstap;
|
||||
|
||||
// "Dnstap": this is the top-level dnstap type, which is a "union" type that
|
||||
// contains other kinds of dnstap payloads, although currently only one type
|
||||
// of dnstap payload is defined.
|
||||
// See: https://developers.google.com/protocol-buffers/docs/techniques#union
|
||||
message Dnstap {
|
||||
// DNS server identity.
|
||||
// If enabled, this is the identity string of the DNS server which generated
|
||||
// this message. Typically this would be the same string as returned by an
|
||||
// "NSID" (RFC 5001) query.
|
||||
optional bytes identity = 1;
|
||||
|
||||
// DNS server version.
|
||||
// If enabled, this is the version string of the DNS server which generated
|
||||
// this message. Typically this would be the same string as returned by a
|
||||
// "version.bind" query.
|
||||
optional bytes version = 2;
|
||||
|
||||
// Extra data for this payload.
|
||||
// This field can be used for adding an arbitrary byte-string annotation to
|
||||
// the payload. No encoding or interpretation is applied or enforced.
|
||||
optional bytes extra = 3;
|
||||
|
||||
// Identifies which field below is filled in.
|
||||
enum Type {
|
||||
MESSAGE = 1;
|
||||
}
|
||||
required Type type = 15;
|
||||
|
||||
// One of the following will be filled in.
|
||||
optional Message message = 14;
|
||||
}
|
||||
|
||||
// SocketFamily: the network protocol family of a socket. This specifies how
|
||||
// to interpret "network address" fields.
|
||||
enum SocketFamily {
|
||||
INET = 1; // IPv4 (RFC 791)
|
||||
INET6 = 2; // IPv6 (RFC 2460)
|
||||
}
|
||||
|
||||
// SocketProtocol: the transport protocol of a socket. This specifies how to
|
||||
// interpret "transport port" fields.
|
||||
enum SocketProtocol {
|
||||
UDP = 1; // User Datagram Protocol (RFC 768)
|
||||
TCP = 2; // Transmission Control Protocol (RFC 793)
|
||||
}
|
||||
|
||||
// Message: a wire-format (RFC 1035 section 4) DNS message and associated
|
||||
// metadata. Applications generating "Message" payloads should follow
|
||||
// certain requirements based on the MessageType, see below.
|
||||
message Message {
|
||||
|
||||
// There are eight types of "Message" defined that correspond to the
|
||||
// four arrows in the following diagram, slightly modified from RFC 1035
|
||||
// section 2:
|
||||
|
||||
// +---------+ +----------+ +--------+
|
||||
// | | query | | query | |
|
||||
// | Stub |-SQ--------CQ->| Recursive|-RQ----AQ->| Auth. |
|
||||
// | Resolver| | Server | | Name |
|
||||
// | |<-SR--------CR-| |<-RR----AR-| Server |
|
||||
// +---------+ response | | response | |
|
||||
// +----------+ +--------+
|
||||
|
||||
// Each arrow has two Type values each, one for each "end" of each arrow,
|
||||
// because these are considered to be distinct events. Each end of each
|
||||
// arrow on the diagram above has been marked with a two-letter Type
|
||||
// mnemonic. Clockwise from upper left, these mnemonic values are:
|
||||
//
|
||||
// SQ: STUB_QUERY
|
||||
// CQ: CLIENT_QUERY
|
||||
// RQ: RESOLVER_QUERY
|
||||
// AQ: AUTH_QUERY
|
||||
// AR: AUTH_RESPONSE
|
||||
// RR: RESOLVER_RESPONSE
|
||||
// CR: CLIENT_RESPONSE
|
||||
// SR: STUB_RESPONSE
|
||||
|
||||
// Two additional types of "Message" have been defined for the
|
||||
// "forwarding" case where an upstream DNS server is responsible for
|
||||
// further recursion. These are not shown on the diagram above, but have
|
||||
// the following mnemonic values:
|
||||
|
||||
// FQ: FORWARDER_QUERY
|
||||
// FR: FORWARDER_RESPONSE
|
||||
|
||||
// The "Message" Type values are defined below.
|
||||
|
||||
enum Type {
|
||||
// AUTH_QUERY is a DNS query message received from a resolver by an
|
||||
// authoritative name server, from the perspective of the authorative
|
||||
// name server.
|
||||
AUTH_QUERY = 1;
|
||||
|
||||
// AUTH_RESPONSE is a DNS response message sent from an authoritative
|
||||
// name server to a resolver, from the perspective of the authoritative
|
||||
// name server.
|
||||
AUTH_RESPONSE = 2;
|
||||
|
||||
// RESOLVER_QUERY is a DNS query message sent from a resolver to an
|
||||
// authoritative name server, from the perspective of the resolver.
|
||||
// Resolvers typically clear the RD (recursion desired) bit when
|
||||
// sending queries.
|
||||
RESOLVER_QUERY = 3;
|
||||
|
||||
// RESOLVER_RESPONSE is a DNS response message received from an
|
||||
// authoritative name server by a resolver, from the perspective of
|
||||
// the resolver.
|
||||
RESOLVER_RESPONSE = 4;
|
||||
|
||||
// CLIENT_QUERY is a DNS query message sent from a client to a DNS
|
||||
// server which is expected to perform further recursion, from the
|
||||
// perspective of the DNS server. The client may be a stub resolver or
|
||||
// forwarder or some other type of software which typically sets the RD
|
||||
// (recursion desired) bit when querying the DNS server. The DNS server
|
||||
// may be a simple forwarding proxy or it may be a full recursive
|
||||
// resolver.
|
||||
CLIENT_QUERY = 5;
|
||||
|
||||
// CLIENT_RESPONSE is a DNS response message sent from a DNS server to
|
||||
// a client, from the perspective of the DNS server. The DNS server
|
||||
// typically sets the RA (recursion available) bit when responding.
|
||||
CLIENT_RESPONSE = 6;
|
||||
|
||||
// FORWARDER_QUERY is a DNS query message sent from a downstream DNS
|
||||
// server to an upstream DNS server which is expected to perform
|
||||
// further recursion, from the perspective of the downstream DNS
|
||||
// server.
|
||||
FORWARDER_QUERY = 7;
|
||||
|
||||
// FORWARDER_RESPONSE is a DNS response message sent from an upstream
|
||||
// DNS server performing recursion to a downstream DNS server, from the
|
||||
// perspective of the downstream DNS server.
|
||||
FORWARDER_RESPONSE = 8;
|
||||
|
||||
// STUB_QUERY is a DNS query message sent from a stub resolver to a DNS
|
||||
// server, from the perspective of the stub resolver.
|
||||
STUB_QUERY = 9;
|
||||
|
||||
// STUB_RESPONSE is a DNS response message sent from a DNS server to a
|
||||
// stub resolver, from the perspective of the stub resolver.
|
||||
STUB_RESPONSE = 10;
|
||||
}
|
||||
|
||||
// One of the Type values described above.
|
||||
required Type type = 1;
|
||||
|
||||
// One of the SocketFamily values described above.
|
||||
optional SocketFamily socket_family = 2;
|
||||
|
||||
// One of the SocketProtocol values described above.
|
||||
optional SocketProtocol socket_protocol = 3;
|
||||
|
||||
// The network address of the message initiator.
|
||||
// For SocketFamily INET, this field is 4 octets (IPv4 address).
|
||||
// For SocketFamily INET6, this field is 16 octets (IPv6 address).
|
||||
optional bytes query_address = 4;
|
||||
|
||||
// The network address of the message responder.
|
||||
// For SocketFamily INET, this field is 4 octets (IPv4 address).
|
||||
// For SocketFamily INET6, this field is 16 octets (IPv6 address).
|
||||
optional bytes response_address = 5;
|
||||
|
||||
// The transport port of the message initiator.
|
||||
// This is a 16-bit UDP or TCP port number, depending on SocketProtocol.
|
||||
optional uint32 query_port = 6;
|
||||
|
||||
// The transport port of the message responder.
|
||||
// This is a 16-bit UDP or TCP port number, depending on SocketProtocol.
|
||||
optional uint32 response_port = 7;
|
||||
|
||||
// The time at which the DNS query message was sent or received, depending
|
||||
// on whether this is an AUTH_QUERY, RESOLVER_QUERY, or CLIENT_QUERY.
|
||||
// This is the number of seconds since the UNIX epoch.
|
||||
optional uint64 query_time_sec = 8;
|
||||
|
||||
// The time at which the DNS query message was sent or received.
|
||||
// This is the seconds fraction, expressed as a count of nanoseconds.
|
||||
optional fixed32 query_time_nsec = 9;
|
||||
|
||||
// The initiator's original wire-format DNS query message, verbatim.
|
||||
optional bytes query_message = 10;
|
||||
|
||||
// The "zone" or "bailiwick" pertaining to the DNS query message.
|
||||
// This is a wire-format DNS domain name.
|
||||
optional bytes query_zone = 11;
|
||||
|
||||
// The time at which the DNS response message was sent or received,
|
||||
// depending on whether this is an AUTH_RESPONSE, RESOLVER_RESPONSE, or
|
||||
// CLIENT_RESPONSE.
|
||||
// This is the number of seconds since the UNIX epoch.
|
||||
optional uint64 response_time_sec = 12;
|
||||
|
||||
// The time at which the DNS response message was sent or received.
|
||||
// This is the seconds fraction, expressed as a count of nanoseconds.
|
||||
optional fixed32 response_time_nsec = 13;
|
||||
|
||||
// The responder's original wire-format DNS response message, verbatim.
|
||||
optional bytes response_message = 14;
|
||||
}
|
||||
|
||||
// All fields except for 'type' in the Message schema are optional.
|
||||
// It is recommended that at least the following fields be filled in for
|
||||
// particular types of Messages.
|
||||
|
||||
// AUTH_QUERY:
|
||||
// socket_family, socket_protocol
|
||||
// query_address, query_port
|
||||
// query_message
|
||||
// query_time_sec, query_time_nsec
|
||||
|
||||
// AUTH_RESPONSE:
|
||||
// socket_family, socket_protocol
|
||||
// query_address, query_port
|
||||
// query_time_sec, query_time_nsec
|
||||
// response_message
|
||||
// response_time_sec, response_time_nsec
|
||||
|
||||
// RESOLVER_QUERY:
|
||||
// socket_family, socket_protocol
|
||||
// query_name, query_type, query_class
|
||||
// query_message
|
||||
// query_time_sec, query_time_nsec
|
||||
// query_zone
|
||||
// response_address, response_port
|
||||
|
||||
// RESOLVER_RESPONSE:
|
||||
// socket_family, socket_protocol
|
||||
// query_name, query_type, query_class
|
||||
// query_time_sec, query_time_nsec
|
||||
// query_zone
|
||||
// response_address, response_port
|
||||
// response_message
|
||||
// response_time_sec, response_time_nsec
|
||||
|
||||
// CLIENT_QUERY:
|
||||
// socket_family, socket_protocol
|
||||
// query_message
|
||||
// query_time_sec, query_time_nsec
|
||||
|
||||
// CLIENT_RESPONSE:
|
||||
// socket_family, socket_protocol
|
||||
// query_time_sec, query_time_nsec
|
||||
// response_message
|
||||
// response_time_sec, response_time_nsec
|
17
contrib/unbound/dnstap/dnstap_config.h.in
Normal file
17
contrib/unbound/dnstap/dnstap_config.h.in
Normal file
@ -0,0 +1,17 @@
|
||||
#ifndef UNBOUND_DNSTAP_CONFIG_H
|
||||
#define UNBOUND_DNSTAP_CONFIG_H
|
||||
|
||||
/*
|
||||
* Process this file (dnstap_config.h.in) with AC_CONFIG_FILES to generate
|
||||
* dnstap_config.h.
|
||||
*
|
||||
* This file exists so that USE_DNSTAP can be used without including config.h.
|
||||
*/
|
||||
|
||||
#if @ENABLE_DNSTAP@ /* ENABLE_DNSTAP */
|
||||
# ifndef USE_DNSTAP
|
||||
# define USE_DNSTAP 1
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#endif /* UNBOUND_DNSTAP_CONFIG_H */
|
@ -19,3 +19,5 @@ Brett Carr - windows beta testing.
|
||||
Luca Bruno - patch for windows support in libunbound hosts and resolvconf().
|
||||
Tom Hendrikx - contributed split-itar.sh a useful script to 5011-track ITAR.
|
||||
Daisuke HIGASHI - patch for rrset-roundrobin and minimal-responses.
|
||||
Simon Perrault - DNS64 module.
|
||||
Robert Edmonds - dnstap code.
|
||||
|
@ -1,5 +1,367 @@
|
||||
8 December 2014: Wouter
|
||||
- Fix CVE-2014-8602: denial of service by making resolver chase
|
||||
endless series of delegations.
|
||||
|
||||
1 December 2014: Wouter
|
||||
- Fix bug#632: unbound fails to build on AArch64, protects
|
||||
getentropy compat code from calling sysctl if it is has been removed.
|
||||
|
||||
29 November 2014: Wouter
|
||||
- Add include to getentropy_linux.c, hopefully fixing debian build.
|
||||
|
||||
28 November 2014: Wouter
|
||||
- Fix makefile for build from noexec source tree.
|
||||
|
||||
26 November 2014: Wouter
|
||||
- Fix libunbound undefined symbol errors for main.
|
||||
Referencing main does not seem to be possible for libunbound.
|
||||
|
||||
24 November 2014: Wouter
|
||||
- Fix log at high verbosity and memory allocation failure.
|
||||
- iana portlist update.
|
||||
|
||||
21 November 2014: Wouter
|
||||
- Fix crash on multiple thread random usage on systems without
|
||||
arc4random.
|
||||
|
||||
20 November 2014: Wouter
|
||||
- fix compat/getentropy_win.c check if CryptGenRandom works and no
|
||||
immediate exit on windows.
|
||||
|
||||
19 November 2014: Wouter
|
||||
- Fix cdflag dns64 processing.
|
||||
|
||||
18 November 2014: Wouter
|
||||
- Fix that CD flag disables DNS64 processing, returning the DNSSEC
|
||||
signed AAAA denial.
|
||||
- iana portlist update.
|
||||
|
||||
17 November 2014: Wouter
|
||||
- Fix #627: SSL_CTX_load_verify_locations return code not properly
|
||||
checked.
|
||||
|
||||
14 November 2014: Wouter
|
||||
- parser with bison 2.7
|
||||
|
||||
13 November 2014: Wouter
|
||||
- Patch from Stephane Lapie for ASAHI Net that implements aaaa-filter,
|
||||
added to contrib/aaaa-filter-iterator.patch.
|
||||
|
||||
12 November 2014: Wouter
|
||||
- trunk has 1.5.1 in development.
|
||||
- Patch from Robert Edmonds to build pyunbound python module
|
||||
differently. No versioninfo, with -shared and without $(LIBS).
|
||||
- Patch from Robert Edmonds fixes hyphens in unbound-anchor man page.
|
||||
- Removed 'increased limit open files' log message that is written
|
||||
to console. It is only written on verbosity 4 and higher.
|
||||
This keeps system bootup console cleaner.
|
||||
- Patch from James Raftery, always print stats for rcodes 0..5.
|
||||
|
||||
11 November 2014: Wouter
|
||||
- iana portlist update.
|
||||
- Fix bug where forward or stub addresses with same address but
|
||||
different port number were not tried.
|
||||
- version number in svn trunk is 1.5.0
|
||||
- tag 1.5.0rc1
|
||||
- review fix from Ralph.
|
||||
|
||||
7 November 2014: Wouter
|
||||
- dnstap fixes by Robert Edmonds:
|
||||
dnstap/dnstap.m4: cosmetic fixes
|
||||
dnstap/: Remove compiled protoc-c output files
|
||||
dnstap/dnstap.m4: Error out if required libraries are not found
|
||||
dnstap: Fix ProtobufCBufferSimple usage that is incorrect as of
|
||||
protobuf-c 1.0.0
|
||||
dnstap/: Adapt to API changes in latest libfstrm (>= 0.2.0)
|
||||
|
||||
4 November 2014: Wouter
|
||||
- Add ub_ctx_add_ta_autr function to add a RFC5011 automatically
|
||||
tracked trust anchor to libunbound.
|
||||
- Redefine internal minievent symbols to unique symbols that helps
|
||||
linking on platforms where the linker leaks names across modules.
|
||||
|
||||
27 October 2014: Wouter
|
||||
- Disabled use of SSLv3 in remote-control and ssl-upstream.
|
||||
- iana portlist update.
|
||||
|
||||
16 October 2014: Wouter
|
||||
- Documented dns64 configuration in unbound.conf man page.
|
||||
|
||||
13 October 2014: Wouter
|
||||
- Fix #617: in ldns in unbound, lowercase WKS services.
|
||||
- Fix ctype invocation casts.
|
||||
|
||||
10 October 2014: Wouter
|
||||
- Fix unbound-checkconf check for module config with dns64 module.
|
||||
- Fix unbound capsforid fallback, it ignores TTLs in comparison.
|
||||
|
||||
6 October 2014: Wouter
|
||||
- Fix #614: man page variable substitution bug.
|
||||
6 October 2014: Willem
|
||||
- Whitespaces after $ORIGIN are not part of the origin dname (ldns).
|
||||
- $TTL's value starts at position 5 (ldns).
|
||||
|
||||
1 October 2014: Wouter
|
||||
- fix #613: Allow tab ws in var length last rdfs (in ldns str2wire).
|
||||
|
||||
29 September 2014: Wouter
|
||||
- Fix #612: create service with service.conf in present directory and
|
||||
auto load it.
|
||||
- Fix for mingw compile openssl ranlib.
|
||||
|
||||
25 September 2014: Wouter
|
||||
- updated configure and aclocal with newer autoconf 1.13.
|
||||
|
||||
22 September 2014: Wouter
|
||||
- Fix swig and python examples for Python 3.x.
|
||||
- Fix for mingw compile with openssl-1.0.1i.
|
||||
|
||||
19 September 2014: Wouter
|
||||
- improve python configuration detection to build on Fedora 22.
|
||||
|
||||
18 September 2014: Wouter
|
||||
- patches to also build with Python 3.x (from Pavel Simerda).
|
||||
|
||||
16 September 2014: Wouter
|
||||
- Fix tcp timer waiting list removal code.
|
||||
- iana portlist update.
|
||||
- Updated the TCP_BACLOG from 5 to 256, so that the tcp accept queue
|
||||
is longer and more tcp connections can be handled.
|
||||
|
||||
15 September 2014: Wouter
|
||||
- Fix unit test for CDS typecode.
|
||||
|
||||
5 September 2014: Wouter
|
||||
- type CDS and CDNSKEY types in sldns.
|
||||
|
||||
25 August 2014: Wouter
|
||||
- Fixup checklock code for log lock and its mutual initialization
|
||||
dependency.
|
||||
- iana portlist update.
|
||||
- Removed necessity for pkg-config from the dnstap.m4, new are
|
||||
the --with-libfstrm and --with-protobuf-c configure options.
|
||||
|
||||
19 August 2014: Wouter
|
||||
- Update unbound manpage with more explanation (from Florian Obser).
|
||||
|
||||
18 August 2014: Wouter
|
||||
- Fix #603: unbound-checkconf -o <option> should skip verification
|
||||
checks.
|
||||
- iana portlist update.
|
||||
- Fixup doc/unbound.doxygen to remove obsolete 1.8.7 settings.
|
||||
|
||||
5 August 2014: Wouter
|
||||
- dnstap support, with a patch from Farsight Security, written by
|
||||
Robert Edmonds. The --enable-dnstap needs libfstrm and protobuf-c.
|
||||
It is BSD licensed (see dnstap/dnstap.c).
|
||||
Building with --enable-dnstap needs pkg-config with this patch.
|
||||
- Noted dnstap in doc/README and doc/CREDITS.
|
||||
- Changes to the dnstap patch.
|
||||
- lint fixes.
|
||||
- dnstap/dnstap_config.h should not have been added to the repo,
|
||||
because is it generated.
|
||||
|
||||
1 August 2014: Wouter
|
||||
- Patch add msg, rrset, infra and key cache sizes to stats command
|
||||
from Maciej Soltysiak.
|
||||
- iana portlist update.
|
||||
|
||||
31 July 2014: Wouter
|
||||
- DNS64 from Viagenie (BSD Licensed), written by Simon Perrault.
|
||||
Initial commit of the patch from the FreeBSD base (with its fixes).
|
||||
This adds a module (for module-config in unbound.conf) dns64 that
|
||||
performs DNS64 processing, see README.DNS64.
|
||||
- Changes from DNS64:
|
||||
strcpy changed to memmove.
|
||||
arraybound check fixed from prefix_net/8/4 to prefix_net/8+4.
|
||||
allocation of result consistently in the correct region.
|
||||
time_t is now used for ttl in unbound (since the patch's version).
|
||||
- testdata/dns64_lookup.rpl for unit test for dns64 functionality.
|
||||
|
||||
29 July 2014: Wouter
|
||||
- Patch from Dag-Erling Smorgrav that implements feature, unbound -dd
|
||||
does not fork in the background and also logs to stderr.
|
||||
|
||||
21 July 2014: Wouter
|
||||
- Fix endian.h include for OpenBSD.
|
||||
|
||||
16 July 2014: Wouter
|
||||
- And Fix#596: Bail out of unbound-control dump_infra when ssl
|
||||
write fails.
|
||||
|
||||
15 July 2014: Wouter
|
||||
- Fix #596: Bail out of unbound-control list_local_zones when ssl
|
||||
write fails.
|
||||
- iana portlist update.
|
||||
|
||||
13 July 2014: Wouter
|
||||
- Configure tests if main can be linked to from getentropy compat.
|
||||
|
||||
12 July 2014: Wouter
|
||||
- Fix getentropy compat code, function refs were not portable.
|
||||
- Fix to check openssl version number only for OpenSSL.
|
||||
- LibreSSL provides compat items, check for that in configure.
|
||||
- Fix bug in fix for log locks that caused deadlock in signal handler.
|
||||
- update compat/getentropy and arc4random to the most recent ones from OpenBSD.
|
||||
|
||||
11 July 2014: Matthijs
|
||||
- fake-rfc2553 patch (thanks Benjamin Baier).
|
||||
|
||||
11 July 2014: Wouter
|
||||
- arc4random in compat/ and getentropy, explicit_bzero, chacha for
|
||||
dependencies, from OpenBSD. arc4_lock and sha512 in compat.
|
||||
This makes arc4random available on all platforms, except when
|
||||
compiled with LIBNSS (it uses libNSS crypto random).
|
||||
- fix strptime implicit declaration error on OpenBSD.
|
||||
- arc4random, getentropy and explicit_bzero compat for Windows.
|
||||
|
||||
4 July 2014: Wouter
|
||||
- Fix #593: segfault or crash upon rotating logfile.
|
||||
|
||||
3 July 2014: Wouter
|
||||
- DLV tests added.
|
||||
- signit tool fixup for compile with libldns library.
|
||||
- iana portlist updated.
|
||||
|
||||
27 June 2014: Wouter
|
||||
- so-reuseport is available on BSDs(such as FreeBSD 10) and OS/X.
|
||||
|
||||
26 June 2014: Wouter
|
||||
- unbound-control status reports if so-reuseport was successful.
|
||||
- iana portlist updated.
|
||||
|
||||
24 June 2014: Wouter
|
||||
- Fix caps-for-id fallback, and added fallback attempt when servers
|
||||
drop 0x20 perturbed queries.
|
||||
- Fixup testsetup for VM tests (run testcode/run_vm.sh).
|
||||
|
||||
17 June 2014: Wouter
|
||||
- iana portlist updated.
|
||||
|
||||
3 June 2014: Wouter
|
||||
- Add AAAA for B root server to default root hints.
|
||||
|
||||
2 June 2014: Wouter
|
||||
- Remove unused define from iterator.h
|
||||
|
||||
30 May 2014: Wouter
|
||||
- Fixup sldns_enum_edns_option typedef definition.
|
||||
|
||||
28 May 2014: Wouter
|
||||
- Code cleanup patch from Dag-Erling Smorgrav, with compiler issue
|
||||
fixes from FreeBSD's copy of Unbound, he notes:
|
||||
Generate unbound-control-setup.sh at build time so it respects
|
||||
prefix and sysconfdir from the configure script. Also fix the
|
||||
umask to match the comment, and the comment to match the umask.
|
||||
Add const and static where needed. Use unions instead of
|
||||
playing pointer poker. Move declarations that are needed in
|
||||
multiple source files into a shared header. Move sldns_bgetc()
|
||||
from parse.c to buffer.c where it belongs. Introduce a new
|
||||
header file, worker.h, which declares the callbacks that
|
||||
all workers must define. Remove those declarations from
|
||||
libworker.h. Include the correct headers in the correct places.
|
||||
Fix a few dummy callbacks that don't match their prototype.
|
||||
Fix some casts. Hide the sbrk madness behind #ifdef HAVE_SBRK.
|
||||
Remove a useless printf which breaks reproducible builds.
|
||||
Get rid of CONFIGURE_{TARGET,DATE,BUILD_WITH} now that they're
|
||||
no longer used. Add unbound-control-setup.sh to the list of
|
||||
generated files. The prototype for libworker_event_done_cb()
|
||||
needs to be moved from libunbound/libworker.h to
|
||||
libunbound/worker.h.
|
||||
- Fixup out-of-directory compile with unbound-control-setup.sh.in.
|
||||
- make depend.
|
||||
|
||||
23 May 2014: Wouter
|
||||
- unbound-host -D enabled dnssec and reads root trust anchor from
|
||||
the default root key file that was compiled in.
|
||||
|
||||
20 May 2014: Wouter
|
||||
- Feature, unblock-lan-zones: yesno that you can use to make unbound
|
||||
perform 10.0.0.0/8 and other reverse lookups normally, for use if
|
||||
unbound is running service for localhost on localhost.
|
||||
|
||||
16 May 2014: Wouter
|
||||
- Updated create_unbound_ad_servers and unbound_cache scripts from
|
||||
Yuri Voinov in the source/contrib directory. Added
|
||||
warmup.cmd (and .sh): warm up the DNS cache with your MRU domains.
|
||||
|
||||
9 May 2014: Wouter
|
||||
- Implement draft-ietf-dnsop-rfc6598-rfc6303-01.
|
||||
- iana portlist updated.
|
||||
|
||||
8 May 2014: Wouter
|
||||
- Contrib windows scripts from Yuri Voinov added to src/contrib:
|
||||
create_unbound_ad_servers.cmd: enters anti-ad server lists.
|
||||
unbound_cache.cmd: saves and loads the cache.
|
||||
- Added unbound-control-setup.cmd from Yuri Voinov to the windows
|
||||
unbound distribution set. It requires openssl installed in %PATH%.
|
||||
|
||||
6 May 2014: Wouter
|
||||
- Change MAX_SENT_COUNT from 16 to 32 to resolve some cases easier.
|
||||
|
||||
5 May 2014: Wouter
|
||||
- More #567: remove : from output of stub and forward lists, this is
|
||||
easier to parse.
|
||||
|
||||
29 April 2014: Wouter
|
||||
- iana portlist updated.
|
||||
- Add unbound-control flush_negative that flushed nxdomains, nodata,
|
||||
and errors from the cache. For dnssec-trigger and NetworkManager,
|
||||
fixes cases where network changes have localdata that was already
|
||||
negatively cached from the previous network.
|
||||
|
||||
23 April 2014: Wouter
|
||||
- Patch from Jeremie Courreges-Anglas to use arc4random_uniform
|
||||
if available on the OS, it gets entropy from the OS.
|
||||
|
||||
15 April 2014: Wouter
|
||||
- Fix compile with libevent2 on FreeBSD.
|
||||
|
||||
11 April 2014: Wouter
|
||||
- Fix #502: explain that do-ip6 disable does not stop AAAA lookups,
|
||||
but it stops the use of the ipv6 transport layer for DNS traffic.
|
||||
- iana portlist updated.
|
||||
|
||||
10 April 2014: Wouter
|
||||
- iana portlist updated.
|
||||
- Patch from Hannes Frederic Sowa for Linux 3.15 fragmentation
|
||||
option for DNS fragmentation defense.
|
||||
- Document that dump_requestlist only prints queries from thread 0.
|
||||
- unbound-control stats prints num.query.tcpout with number of TCP
|
||||
outgoing queries made in the previous statistics interval.
|
||||
- Fix #567: unbound lists if forward zone is secure or insecure with
|
||||
+i annotation in output of list_forwards, also for list_stubs
|
||||
(for NetworkManager integration.)
|
||||
- Fix #554: use unsigned long to print 64bit statistics counters on
|
||||
64bit systems.
|
||||
- Fix #558: failed prefetch lookup does not remove cached response
|
||||
but delays next prefetch (in lieu of caching a SERVFAIL).
|
||||
- Fix #545: improved logging, the ip address of the error is printed
|
||||
on the same log-line as the error.
|
||||
|
||||
8 April 2014: Wouter
|
||||
- Fix #574: make test fails on Ubuntu 14.04. Disabled remote-control
|
||||
in testbound scripts.
|
||||
- iana portlist updated.
|
||||
|
||||
7 April 2014: Wouter
|
||||
- C.ROOT-SERVERS.NET has an IPv6 address, and we updated the root
|
||||
hints (patch from Anand Buddhdev).
|
||||
- Fix #572: Fix unit test failure for systems with different
|
||||
/etc/services.
|
||||
|
||||
28 March 2014: Wouter
|
||||
- Fix #569: do_tcp is do-tcp in unbound.conf man page.
|
||||
|
||||
25 March 2014: Wouter
|
||||
- Patch from Stuart Henderson to build unbound-host man from .1.in.
|
||||
|
||||
24 March 2014: Wouter
|
||||
- Fix print filename of encompassing config file on read failure.
|
||||
|
||||
12 March 2014: Wouter
|
||||
- tag 1.4.22
|
||||
- trunk has 1.4.23 in development.
|
||||
|
||||
10 March 2014: Wouter
|
||||
- Fix bug#561: contrib/cacti plugin did not report SERVFAIL rcodes
|
||||
|
@ -1,8 +1,10 @@
|
||||
README for Unbound 1.4.22
|
||||
README for Unbound 1.5.1
|
||||
Copyright 2007 NLnet Labs
|
||||
http://unbound.net
|
||||
|
||||
This software is under BSD license, see LICENSE for details.
|
||||
The DNS64 module has BSD license in dns64/dns64.c.
|
||||
The DNSTAP code has BSD license in dnstap/dnstap.c.
|
||||
|
||||
* Download the latest release version of this software from
|
||||
http://unbound.net
|
||||
|
30
contrib/unbound/doc/README.DNS64
Normal file
30
contrib/unbound/doc/README.DNS64
Normal file
@ -0,0 +1,30 @@
|
||||
The DNS64 code was written by Viagenie, 2009, by Simon Perrault as part
|
||||
of the Ecdysis project. The code is copyright by them, and has the BSD
|
||||
license (see the dns64/dns64.c file).
|
||||
|
||||
To enable DNS64 functionality in Unbound, two directives in unbound.conf must
|
||||
be edited:
|
||||
|
||||
1. The "module-config" directive must start with "dns64". For example:
|
||||
|
||||
module-config: "dns64 validator iterator"
|
||||
|
||||
If you're not using DNSSEC then you may remove "validator".
|
||||
|
||||
2. The "dns64-prefix" directive indicates your DNS64 prefix. For example:
|
||||
|
||||
dns64-prefix: 64:FF9B::/96
|
||||
|
||||
The prefix must be a /96 or shorter.
|
||||
|
||||
To test that things are working right, perform a query against Unbound for a
|
||||
domain name for which no AAAA record exists. You should see a AAAA record in
|
||||
the answer section. The corresponding IPv6 address will be inside the DNS64
|
||||
prefix. For example:
|
||||
|
||||
$ unbound -c unbound.conf
|
||||
$ dig @localhost jazz-v4.viagenie.ca aaaa
|
||||
[...]
|
||||
;; ANSWER SECTION:
|
||||
jazz-v4.viagenie.ca. 86400 IN AAAA 64:ff9b::ce7b:1f02
|
||||
|
@ -1,6 +1,6 @@
|
||||
README.svn
|
||||
|
||||
For a svn checkout
|
||||
For a svn checkout:
|
||||
* configure script, aclocal.m4, as well as yacc/lex output files are
|
||||
committed to the repository.
|
||||
* use --enable-debug flag for configure to enable dependency tracking and
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# Example configuration file.
|
||||
#
|
||||
# See unbound.conf(5) man page, version 1.4.22.
|
||||
# See unbound.conf(5) man page, version 1.5.1.
|
||||
#
|
||||
# this is a comment.
|
||||
|
||||
@ -85,7 +85,7 @@ server:
|
||||
# 0 is system default. Use 4m to handle spikes on very busy servers.
|
||||
# so-sndbuf: 0
|
||||
|
||||
# on Linux(3.9+) use SO_REUSEPORT to distribute queries over threads.
|
||||
# use SO_REUSEPORT to distribute queries over threads.
|
||||
# so-reuseport: no
|
||||
|
||||
# EDNS reassembly buffer to advertise to UDP peers (the actual buffer
|
||||
@ -331,7 +331,7 @@ server:
|
||||
# minimal-responses: no
|
||||
|
||||
# module configuration of the server. A string with identifiers
|
||||
# separated by spaces. "iterator" or "validator iterator"
|
||||
# separated by spaces. Syntax: "[dns64] [validator] iterator"
|
||||
# module-config: "validator iterator"
|
||||
|
||||
# File with trusted keys, kept uptodate using RFC5011 probes,
|
||||
@ -438,13 +438,6 @@ server:
|
||||
# plain value in bytes or you can append k, m or G. default is "1Mb".
|
||||
# neg-cache-size: 1m
|
||||
|
||||
# if unbound is running service for the local host then it is useful
|
||||
# to perform lan-wide lookups to the upstream, and unblock the
|
||||
# long list of local-zones above. If this unbound is a dns server
|
||||
# for a network of computers, disabled is better and stops information
|
||||
# leakage of local lan information.
|
||||
# unblock-lan-zones: no
|
||||
|
||||
# By default, for a number of zones a small default 'nothing here'
|
||||
# reply is built-in. Query traffic is thus blocked. If you
|
||||
# wish to serve such zone you can unblock them by uncommenting one
|
||||
@ -485,6 +478,14 @@ server:
|
||||
# local-zone: "a.e.f.ip6.arpa." nodefault
|
||||
# local-zone: "b.e.f.ip6.arpa." nodefault
|
||||
# local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault
|
||||
# And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa.
|
||||
|
||||
# if unbound is running service for the local host then it is useful
|
||||
# to perform lan-wide lookups to the upstream, and unblock the
|
||||
# long list of local-zones above. If this unbound is a dns server
|
||||
# for a network of computers, disabled is better and stops information
|
||||
# leakage of local lan information.
|
||||
# unblock-lan-zones: no
|
||||
|
||||
# a number of locally served zones can be configured.
|
||||
# local-zone: <zone> <type>
|
||||
@ -533,6 +534,10 @@ server:
|
||||
# Default is no. Can be turned on and off with unbound-control.
|
||||
# ssl-upstream: no
|
||||
|
||||
# DNS64 prefix. Must be specified when DNS64 is use.
|
||||
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
|
||||
# dns64-prefix: 64:ff9b::0/96
|
||||
|
||||
# Python config section. To enable:
|
||||
# o use --with-pythonmodule to configure before compiling.
|
||||
# o list python in the module-config string (above) to enable.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "libunbound" "3" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "libunbound" "3" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" libunbound.3 -- unbound library functions manual
|
||||
.\"
|
||||
@ -8,7 +8,6 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B libunbound,
|
||||
.B unbound.h,
|
||||
.B ub_ctx,
|
||||
@ -23,6 +22,7 @@
|
||||
.B ub_ctx_resolvconf,
|
||||
.B ub_ctx_hosts,
|
||||
.B ub_ctx_add_ta,
|
||||
.B ub_ctx_add_ta_autr,
|
||||
.B ub_ctx_add_ta_file,
|
||||
.B ub_ctx_trustedkeys,
|
||||
.B ub_ctx_debugout,
|
||||
@ -42,9 +42,8 @@
|
||||
.B ub_ctx_zone_remove,
|
||||
.B ub_ctx_data_add,
|
||||
.B ub_ctx_data_remove
|
||||
\- Unbound DNS validating resolver 1.4.22 functions.
|
||||
\- Unbound DNS validating resolver 1.5.1 functions.
|
||||
.SH "SYNOPSIS"
|
||||
.LP
|
||||
.B #include <unbound.h>
|
||||
.LP
|
||||
\fIstruct ub_ctx *\fR
|
||||
@ -75,6 +74,9 @@
|
||||
\fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta);
|
||||
.LP
|
||||
\fIint\fR
|
||||
\fBub_ctx_add_ta_autr\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
|
||||
.LP
|
||||
\fIint\fR
|
||||
\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
|
||||
.LP
|
||||
\fIint\fR
|
||||
@ -137,7 +139,6 @@
|
||||
\fIint\fR
|
||||
\fBub_ctx_data_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
|
||||
.SH "DESCRIPTION"
|
||||
.LP
|
||||
.B Unbound
|
||||
is an implementation of a DNS resolver, that does caching and
|
||||
DNSSEC validation. This is the library API, for using the \-lunbound library.
|
||||
@ -234,6 +235,15 @@ first resolve is done.
|
||||
The format is a string, similar to the zone\-file format,
|
||||
[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted.
|
||||
.TP
|
||||
.B ub_ctx_add_ta_autr
|
||||
Add filename with automatically tracked trust anchor to the given context.
|
||||
Pass name of a file with the managed trust anchor. You can create this
|
||||
file with \fIunbound\-anchor\fR(8) for the root anchor. You can also
|
||||
create it with an initial file with one line with a DNSKEY or DS record.
|
||||
If the file is writable, it is updated when the trust anchor changes.
|
||||
At this time it is only possible to add trusted keys before the
|
||||
first resolve is done.
|
||||
.TP
|
||||
.B ub_ctx_add_ta_file
|
||||
Add trust anchors to the given context.
|
||||
Pass name of a file with DS and DNSKEY records in zone file format.
|
||||
@ -342,7 +352,6 @@ Add resource record data to local authority info, like local\-data
|
||||
.B ub_ctx_data_remove
|
||||
Delete local authority data from the name given.
|
||||
.SH "RESULT DATA STRUCTURE"
|
||||
.LP
|
||||
The result of the DNS resolution and validation is returned as
|
||||
\fIstruct ub_result\fR. The result structure contains the following entries.
|
||||
.P
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "libunbound" "3" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "libunbound" "3" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" libunbound.3 -- unbound library functions manual
|
||||
.\"
|
||||
@ -8,7 +8,6 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B libunbound,
|
||||
.B unbound.h,
|
||||
.B ub_ctx,
|
||||
@ -23,6 +22,7 @@
|
||||
.B ub_ctx_resolvconf,
|
||||
.B ub_ctx_hosts,
|
||||
.B ub_ctx_add_ta,
|
||||
.B ub_ctx_add_ta_autr,
|
||||
.B ub_ctx_add_ta_file,
|
||||
.B ub_ctx_trustedkeys,
|
||||
.B ub_ctx_debugout,
|
||||
@ -42,9 +42,8 @@
|
||||
.B ub_ctx_zone_remove,
|
||||
.B ub_ctx_data_add,
|
||||
.B ub_ctx_data_remove
|
||||
\- Unbound DNS validating resolver 1.4.22 functions.
|
||||
\- Unbound DNS validating resolver 1.5.1 functions.
|
||||
.SH "SYNOPSIS"
|
||||
.LP
|
||||
.B #include <unbound.h>
|
||||
.LP
|
||||
\fIstruct ub_ctx *\fR
|
||||
@ -75,6 +74,9 @@
|
||||
\fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta);
|
||||
.LP
|
||||
\fIint\fR
|
||||
\fBub_ctx_add_ta_autr\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
|
||||
.LP
|
||||
\fIint\fR
|
||||
\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
|
||||
.LP
|
||||
\fIint\fR
|
||||
@ -137,7 +139,6 @@
|
||||
\fIint\fR
|
||||
\fBub_ctx_data_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
|
||||
.SH "DESCRIPTION"
|
||||
.LP
|
||||
.B Unbound
|
||||
is an implementation of a DNS resolver, that does caching and
|
||||
DNSSEC validation. This is the library API, for using the \-lunbound library.
|
||||
@ -234,6 +235,15 @@ first resolve is done.
|
||||
The format is a string, similar to the zone\-file format,
|
||||
[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted.
|
||||
.TP
|
||||
.B ub_ctx_add_ta_autr
|
||||
Add filename with automatically tracked trust anchor to the given context.
|
||||
Pass name of a file with the managed trust anchor. You can create this
|
||||
file with \fIunbound\-anchor\fR(8) for the root anchor. You can also
|
||||
create it with an initial file with one line with a DNSKEY or DS record.
|
||||
If the file is writable, it is updated when the trust anchor changes.
|
||||
At this time it is only possible to add trusted keys before the
|
||||
first resolve is done.
|
||||
.TP
|
||||
.B ub_ctx_add_ta_file
|
||||
Add trust anchors to the given context.
|
||||
Pass name of a file with DS and DNSKEY records in zone file format.
|
||||
@ -342,7 +352,6 @@ Add resource record data to local authority info, like local\-data
|
||||
.B ub_ctx_data_remove
|
||||
Delete local authority data from the name given.
|
||||
.SH "RESULT DATA STRUCTURE"
|
||||
.LP
|
||||
The result of the DNS resolution and validation is returned as
|
||||
\fIstruct ub_result\fR. The result structure contains the following entries.
|
||||
.P
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-anchor" "8" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "unbound-anchor" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
||||
.\"
|
||||
@ -8,7 +8,6 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B unbound\-anchor
|
||||
\- Unbound anchor utility.
|
||||
.SH "SYNOPSIS"
|
||||
@ -25,14 +24,14 @@ Suggested usage:
|
||||
.nf
|
||||
# in the init scripts.
|
||||
# provide or update the root anchor (if necessary)
|
||||
unbound-anchor -a "/var/unbound/root.key"
|
||||
unbound-anchor \-a "/var/unbound/root.key"
|
||||
# Please note usage of this root anchor is at your own risk
|
||||
# and under the terms of our LICENSE (see source).
|
||||
#
|
||||
# start validating resolver
|
||||
# the unbound.conf contains:
|
||||
# auto-trust-anchor-file: "/var/unbound/root.key"
|
||||
unbound -c unbound.conf
|
||||
unbound \-c unbound.conf
|
||||
.fi
|
||||
.P
|
||||
This tool provides builtin default contents for the root anchor and root
|
||||
@ -139,7 +138,7 @@ tracking, or if an error occurred.
|
||||
.P
|
||||
You can check the exit value in this manner:
|
||||
.nf
|
||||
unbound-anchor -a "root.key" || logger "Please check root.key"
|
||||
unbound-anchor \-a "root.key" || logger "Please check root.key"
|
||||
.fi
|
||||
Or something more suitable for your operational environment.
|
||||
.SH "TRUST"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-anchor" "8" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "unbound-anchor" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
||||
.\"
|
||||
@ -8,7 +8,6 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B unbound\-anchor
|
||||
\- Unbound anchor utility.
|
||||
.SH "SYNOPSIS"
|
||||
@ -25,14 +24,14 @@ Suggested usage:
|
||||
.nf
|
||||
# in the init scripts.
|
||||
# provide or update the root anchor (if necessary)
|
||||
unbound-anchor -a "@UNBOUND_ROOTKEY_FILE@"
|
||||
unbound-anchor \-a "@UNBOUND_ROOTKEY_FILE@"
|
||||
# Please note usage of this root anchor is at your own risk
|
||||
# and under the terms of our LICENSE (see source).
|
||||
#
|
||||
# start validating resolver
|
||||
# the unbound.conf contains:
|
||||
# auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
|
||||
unbound -c unbound.conf
|
||||
unbound \-c unbound.conf
|
||||
.fi
|
||||
.P
|
||||
This tool provides builtin default contents for the root anchor and root
|
||||
@ -139,7 +138,7 @@ tracking, or if an error occurred.
|
||||
.P
|
||||
You can check the exit value in this manner:
|
||||
.nf
|
||||
unbound-anchor -a "root.key" || logger "Please check root.key"
|
||||
unbound-anchor \-a "root.key" || logger "Please check root.key"
|
||||
.fi
|
||||
Or something more suitable for your operational environment.
|
||||
.SH "TRUST"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-checkconf" "8" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "unbound-checkconf" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
||||
.\"
|
||||
@ -8,7 +8,6 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
unbound\-checkconf
|
||||
\- Check unbound configuration file for errors.
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-checkconf" "8" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "unbound-checkconf" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
||||
.\"
|
||||
@ -8,7 +8,6 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
unbound\-checkconf
|
||||
\- Check unbound configuration file for errors.
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-control" "8" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "unbound-control" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" unbound-control.8 -- unbound remote control manual
|
||||
.\"
|
||||
@ -8,7 +8,6 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B unbound\-control,
|
||||
.B unbound\-control\-setup
|
||||
\- Unbound remote server control utility.
|
||||
@ -133,6 +132,12 @@ This needs to walk and inspect the entire cache, and is a slow operation.
|
||||
.B flush_bogus
|
||||
Remove all bogus data from the cache.
|
||||
.TP
|
||||
.B flush_negative
|
||||
Remove all negative data from the cache. This is nxdomain answers,
|
||||
nodata answers and servfail answers. Also removes bad key entries
|
||||
(which could be due to failed lookups) from the dnssec key cache, and
|
||||
iterator last-resort lookup failures from the rrset cache.
|
||||
.TP
|
||||
.B flush_stats
|
||||
Reset statistics to zero.
|
||||
.TP
|
||||
@ -147,6 +152,8 @@ such as a higher verbosity level.
|
||||
Show what is worked on. Prints all queries that the server is currently
|
||||
working on. Prints the time that users have been waiting. For internal
|
||||
requests, no time is printed. And then prints out the module status.
|
||||
This prints the queries from the first thread, and not queries that are
|
||||
being serviced from other threads.
|
||||
.TP
|
||||
.B flush_infra \fIall|IP
|
||||
If all then entire infra cache is emptied. If a specific IP address, the
|
||||
@ -401,6 +408,10 @@ Also printed for other opcodes, UPDATE, ...
|
||||
.I num.query.tcp
|
||||
Number of queries that were made using TCP towards the unbound server.
|
||||
.TP
|
||||
.I num.query.tcpout
|
||||
Number of queries that the unbound server made using TCP outgoing towards
|
||||
other servers.
|
||||
.TP
|
||||
.I num.query.ipv6
|
||||
Number of queries that were made using IPv6 towards the unbound server.
|
||||
.TP
|
||||
@ -451,6 +462,21 @@ Replies that were unwanted or unsolicited. Could have been random traffic,
|
||||
delayed duplicates, very late answers, or could be spoofing attempts.
|
||||
Some low level of late answers and delayed duplicates are to be expected
|
||||
with the UDP protocol. Very high values could indicate a threat (spoofing).
|
||||
.TP
|
||||
.I msg.cache.count
|
||||
The number of items (DNS replies) in the message cache.
|
||||
.TP
|
||||
.I rrset.cache.count
|
||||
The number of RRsets in the rrset cache. This includes rrsets used by
|
||||
the messages in the message cache, but also delegation information.
|
||||
.TP
|
||||
.I infra.cache.count
|
||||
The number of items in the infra cache. These are IP addresses with their
|
||||
timing and protocol support information.
|
||||
.TP
|
||||
.I key.cache.count
|
||||
The number of items in the key cache. These are DNSSEC keys, one item
|
||||
per delegation point, and their validation status.
|
||||
.SH "FILES"
|
||||
.TP
|
||||
.I /var/unbound/unbound.conf
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-control" "8" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "unbound-control" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" unbound-control.8 -- unbound remote control manual
|
||||
.\"
|
||||
@ -8,7 +8,6 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B unbound\-control,
|
||||
.B unbound\-control\-setup
|
||||
\- Unbound remote server control utility.
|
||||
@ -133,6 +132,12 @@ This needs to walk and inspect the entire cache, and is a slow operation.
|
||||
.B flush_bogus
|
||||
Remove all bogus data from the cache.
|
||||
.TP
|
||||
.B flush_negative
|
||||
Remove all negative data from the cache. This is nxdomain answers,
|
||||
nodata answers and servfail answers. Also removes bad key entries
|
||||
(which could be due to failed lookups) from the dnssec key cache, and
|
||||
iterator last-resort lookup failures from the rrset cache.
|
||||
.TP
|
||||
.B flush_stats
|
||||
Reset statistics to zero.
|
||||
.TP
|
||||
@ -147,6 +152,8 @@ such as a higher verbosity level.
|
||||
Show what is worked on. Prints all queries that the server is currently
|
||||
working on. Prints the time that users have been waiting. For internal
|
||||
requests, no time is printed. And then prints out the module status.
|
||||
This prints the queries from the first thread, and not queries that are
|
||||
being serviced from other threads.
|
||||
.TP
|
||||
.B flush_infra \fIall|IP
|
||||
If all then entire infra cache is emptied. If a specific IP address, the
|
||||
@ -401,6 +408,10 @@ Also printed for other opcodes, UPDATE, ...
|
||||
.I num.query.tcp
|
||||
Number of queries that were made using TCP towards the unbound server.
|
||||
.TP
|
||||
.I num.query.tcpout
|
||||
Number of queries that the unbound server made using TCP outgoing towards
|
||||
other servers.
|
||||
.TP
|
||||
.I num.query.ipv6
|
||||
Number of queries that were made using IPv6 towards the unbound server.
|
||||
.TP
|
||||
@ -451,6 +462,21 @@ Replies that were unwanted or unsolicited. Could have been random traffic,
|
||||
delayed duplicates, very late answers, or could be spoofing attempts.
|
||||
Some low level of late answers and delayed duplicates are to be expected
|
||||
with the UDP protocol. Very high values could indicate a threat (spoofing).
|
||||
.TP
|
||||
.I msg.cache.count
|
||||
The number of items (DNS replies) in the message cache.
|
||||
.TP
|
||||
.I rrset.cache.count
|
||||
The number of RRsets in the rrset cache. This includes rrsets used by
|
||||
the messages in the message cache, but also delegation information.
|
||||
.TP
|
||||
.I infra.cache.count
|
||||
The number of items in the infra cache. These are IP addresses with their
|
||||
timing and protocol support information.
|
||||
.TP
|
||||
.I key.cache.count
|
||||
The number of items in the key cache. These are DNSSEC keys, one item
|
||||
per delegation point, and their validation status.
|
||||
.SH "FILES"
|
||||
.TP
|
||||
.I @ub_conf_file@
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound\-host" "1" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "unbound\-host" "1" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" unbound-host.1 -- unbound DNS lookup utility
|
||||
.\"
|
||||
@ -8,13 +8,11 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B unbound\-host
|
||||
\- unbound DNS lookup utility
|
||||
.SH "SYNOPSIS"
|
||||
.LP
|
||||
.B unbound\-host
|
||||
.RB [ \-vdhr46 ]
|
||||
.RB [ \-vdhr46D ]
|
||||
.RB [ \-c
|
||||
.IR class ]
|
||||
.RB [ \-t
|
||||
@ -29,7 +27,6 @@
|
||||
.RB [ \-C
|
||||
.IR configfile ]
|
||||
.SH "DESCRIPTION"
|
||||
.LP
|
||||
.B Unbound\-host
|
||||
uses the unbound validating resolver to query for the hostname and display
|
||||
results. With the \fB\-v\fR option it displays validation
|
||||
@ -74,6 +71,10 @@ of trust that is built up from the trust anchor to the response, in order
|
||||
to validate the response message. Can be given as a DS or DNSKEY record.
|
||||
For example \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD".
|
||||
.TP
|
||||
.B \-D
|
||||
Enables DNSSEC validation. Reads the root anchor from the default configured
|
||||
root anchor at the default location, \fI@UNBOUND_ROOTKEY_FILE@\fR.
|
||||
.TP
|
||||
.B \-f \fIkeyfile
|
||||
Reads keys from a file. Every line has a DS or DNSKEY record, in the format
|
||||
as for \-y. The zone file format, the same as dig and drill produce.
|
||||
@ -98,7 +99,6 @@ Use solely the IPv4 network for sending packets.
|
||||
.B \-6
|
||||
Use solely the IPv6 network for sending packets.
|
||||
.SH "EXAMPLES"
|
||||
.LP
|
||||
Some examples of use. The keys shown below are fakes, thus a security failure
|
||||
is encountered.
|
||||
.P
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound" "8" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "unbound" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" unbound.8 -- unbound manual
|
||||
.\"
|
||||
@ -8,22 +8,47 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B unbound
|
||||
\- Unbound DNS validating resolver 1.4.22.
|
||||
\- Unbound DNS validating resolver 1.5.1.
|
||||
.SH "SYNOPSIS"
|
||||
.LP
|
||||
.B unbound
|
||||
.RB [ \-h ]
|
||||
.RB [ \-d ]
|
||||
.RB [ \-v ]
|
||||
.RB [ \-c
|
||||
.RB [ \-c
|
||||
.IR cfgfile ]
|
||||
.SH "DESCRIPTION"
|
||||
.LP
|
||||
.B Unbound
|
||||
is an implementation of a DNS resolver, that does caching and
|
||||
DNSSEC validation.
|
||||
.B Unbound
|
||||
is a caching DNS resolver.
|
||||
.P
|
||||
It uses a built in list of authoritative nameservers for the root zone (.),
|
||||
the so called root hints.
|
||||
On receiving a DNS query it will ask the root nameservers for
|
||||
an answer and will in almost all cases receive a delegation to a top level
|
||||
domain (TLD) authoritative nameserver.
|
||||
It will then ask that nameserver for an answer.
|
||||
It will recursively continue until an answer is found or no answer is
|
||||
available (NXDOMAIN).
|
||||
For performance and efficiency reasons that answer is cached for a
|
||||
certain time (the answer's time\-to\-live or TTL).
|
||||
A second query for the same name will then be answered from the cache.
|
||||
Unbound can also do DNSSEC validation.
|
||||
.P
|
||||
To use a locally running
|
||||
.B Unbound
|
||||
for resolving put
|
||||
.sp
|
||||
.RS 6n
|
||||
nameserver 127.0.0.1
|
||||
.RE
|
||||
.sp
|
||||
into
|
||||
.IR resolv.conf (5).
|
||||
.P
|
||||
If authoritative DNS is needed as well using
|
||||
.IR nsd (8),
|
||||
careful setup is required because authoritative nameservers and
|
||||
resolvers are using the same port number (53).
|
||||
.P
|
||||
The available options are:
|
||||
.TP
|
||||
@ -31,21 +56,24 @@ The available options are:
|
||||
Show the version and commandline option help.
|
||||
.TP
|
||||
.B \-c\fI cfgfile
|
||||
Set the config file with settings for unbound to read instead of reading the
|
||||
Set the config file with settings for unbound to read instead of reading the
|
||||
file at the default location, /var/unbound/unbound.conf. The syntax is
|
||||
described in \fIunbound.conf\fR(5).
|
||||
.TP
|
||||
.B \-d
|
||||
Debug flag, do not fork into the background, but stay attached to the
|
||||
console. This flag will also delay writing to the logfile until the
|
||||
thread\-spawn time. So that most config and setup errors appear on stderr.
|
||||
Debug flag: do not fork into the background, but stay attached to
|
||||
the console. This flag will also delay writing to the log file until
|
||||
the thread\-spawn time, so that most config and setup errors appear on
|
||||
stderr. If given twice or more, logging does not switch to the log file
|
||||
or to syslog, but the log messages are printed to stderr all the time.
|
||||
.TP
|
||||
.B \-v
|
||||
Increase verbosity. If given multiple times, more information is logged.
|
||||
This is in addition to the verbosity (if any) from the config file.
|
||||
.SH "SEE ALSO"
|
||||
\fIunbound.conf\fR(5),
|
||||
\fIunbound\-checkconf\fR(8).
|
||||
\fIunbound.conf\fR(5),
|
||||
\fIunbound\-checkconf\fR(8),
|
||||
\fInsd\fR(8).
|
||||
.SH "AUTHORS"
|
||||
.B Unbound
|
||||
developers are mentioned in the CREDITS file in the distribution.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound" "8" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "unbound" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" unbound.8 -- unbound manual
|
||||
.\"
|
||||
@ -8,22 +8,47 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B unbound
|
||||
\- Unbound DNS validating resolver 1.4.22.
|
||||
\- Unbound DNS validating resolver 1.5.1.
|
||||
.SH "SYNOPSIS"
|
||||
.LP
|
||||
.B unbound
|
||||
.RB [ \-h ]
|
||||
.RB [ \-d ]
|
||||
.RB [ \-v ]
|
||||
.RB [ \-c
|
||||
.RB [ \-c
|
||||
.IR cfgfile ]
|
||||
.SH "DESCRIPTION"
|
||||
.LP
|
||||
.B Unbound
|
||||
is an implementation of a DNS resolver, that does caching and
|
||||
DNSSEC validation.
|
||||
.B Unbound
|
||||
is a caching DNS resolver.
|
||||
.P
|
||||
It uses a built in list of authoritative nameservers for the root zone (.),
|
||||
the so called root hints.
|
||||
On receiving a DNS query it will ask the root nameservers for
|
||||
an answer and will in almost all cases receive a delegation to a top level
|
||||
domain (TLD) authoritative nameserver.
|
||||
It will then ask that nameserver for an answer.
|
||||
It will recursively continue until an answer is found or no answer is
|
||||
available (NXDOMAIN).
|
||||
For performance and efficiency reasons that answer is cached for a
|
||||
certain time (the answer's time\-to\-live or TTL).
|
||||
A second query for the same name will then be answered from the cache.
|
||||
Unbound can also do DNSSEC validation.
|
||||
.P
|
||||
To use a locally running
|
||||
.B Unbound
|
||||
for resolving put
|
||||
.sp
|
||||
.RS 6n
|
||||
nameserver 127.0.0.1
|
||||
.RE
|
||||
.sp
|
||||
into
|
||||
.IR resolv.conf (5).
|
||||
.P
|
||||
If authoritative DNS is needed as well using
|
||||
.IR nsd (8),
|
||||
careful setup is required because authoritative nameservers and
|
||||
resolvers are using the same port number (53).
|
||||
.P
|
||||
The available options are:
|
||||
.TP
|
||||
@ -31,21 +56,24 @@ The available options are:
|
||||
Show the version and commandline option help.
|
||||
.TP
|
||||
.B \-c\fI cfgfile
|
||||
Set the config file with settings for unbound to read instead of reading the
|
||||
Set the config file with settings for unbound to read instead of reading the
|
||||
file at the default location, @ub_conf_file@. The syntax is
|
||||
described in \fIunbound.conf\fR(5).
|
||||
.TP
|
||||
.B \-d
|
||||
Debug flag, do not fork into the background, but stay attached to the
|
||||
console. This flag will also delay writing to the logfile until the
|
||||
thread\-spawn time. So that most config and setup errors appear on stderr.
|
||||
Debug flag: do not fork into the background, but stay attached to
|
||||
the console. This flag will also delay writing to the log file until
|
||||
the thread\-spawn time, so that most config and setup errors appear on
|
||||
stderr. If given twice or more, logging does not switch to the log file
|
||||
or to syslog, but the log messages are printed to stderr all the time.
|
||||
.TP
|
||||
.B \-v
|
||||
Increase verbosity. If given multiple times, more information is logged.
|
||||
This is in addition to the verbosity (if any) from the config file.
|
||||
.SH "SEE ALSO"
|
||||
\fIunbound.conf\fR(5),
|
||||
\fIunbound\-checkconf\fR(8).
|
||||
\fIunbound.conf\fR(5),
|
||||
\fIunbound\-checkconf\fR(8),
|
||||
\fInsd\fR(8).
|
||||
.SH "AUTHORS"
|
||||
.B Unbound
|
||||
developers are mentioned in the CREDITS file in the distribution.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound.conf" "5" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "unbound.conf" "5" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" unbound.conf.5 -- unbound.conf manual
|
||||
.\"
|
||||
@ -8,14 +8,11 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B unbound.conf
|
||||
\- Unbound configuration file.
|
||||
.SH "SYNOPSIS"
|
||||
.LP
|
||||
.B unbound.conf
|
||||
.SH "DESCRIPTION"
|
||||
.LP
|
||||
.B unbound.conf
|
||||
is used to configure
|
||||
\fIunbound\fR(8).
|
||||
@ -65,7 +62,6 @@ server:
|
||||
access\-control: 2001:DB8::/64 allow
|
||||
.fi
|
||||
.SH "FILE FORMAT"
|
||||
.LP
|
||||
There must be whitespace between keywords. Attribute keywords end with a colon ':'. An attribute
|
||||
is followed by its containing attributes, or a value.
|
||||
.P
|
||||
@ -169,11 +165,11 @@ Give a port number or a range of the form "low\-high", without spaces.
|
||||
.TP
|
||||
.B outgoing\-num\-tcp: \fI<number>
|
||||
Number of outgoing TCP buffers to allocate per thread. Default is 10. If set
|
||||
to 0, or if do_tcp is "no", no TCP queries to authoritative servers are done.
|
||||
to 0, or if do\-tcp is "no", no TCP queries to authoritative servers are done.
|
||||
.TP
|
||||
.B incoming\-num\-tcp: \fI<number>
|
||||
Number of incoming TCP buffers to allocate per thread. Default is 10. If set
|
||||
to 0, or if do_tcp is "no", no TCP queries from clients are accepted.
|
||||
to 0, or if do\-tcp is "no", no TCP queries from clients are accepted.
|
||||
.TP
|
||||
.B edns\-buffer\-size: \fI<number>
|
||||
Number of bytes size to advertise as the EDNS reassembly buffer size.
|
||||
@ -262,8 +258,9 @@ to so\-rcvbuf.
|
||||
.B so\-reuseport: \fI<yes or no>
|
||||
If yes, then open dedicated listening sockets for incoming queries for each
|
||||
thread and try to set the SO_REUSEPORT socket option on each socket. May
|
||||
distribute incoming queries to threads more evenly. Default is no. Only
|
||||
supported on Linux >= 3.9. You can enable it (on any platform and kernel),
|
||||
distribute incoming queries to threads more evenly. Default is no. On Linux
|
||||
it is supported in kernels >= 3.9. On other systems, FreeBSD, OSX it may
|
||||
also work. You can enable it (on any platform and kernel),
|
||||
it then attempts to open the port and passes the option if it was available
|
||||
at compile time, if that works it is used, if it fails, it continues
|
||||
silently (unless verbosity 3) without the option.
|
||||
@ -310,7 +307,9 @@ Enable or disable whether ip4 queries are answered or issued. Default is yes.
|
||||
.B do\-ip6: \fI<yes or no>
|
||||
Enable or disable whether ip6 queries are answered or issued. Default is yes.
|
||||
If disabled, queries are not answered on IPv6, and queries are not sent on
|
||||
IPv6 to the internet nameservers.
|
||||
IPv6 to the internet nameservers. With this option you can disable the
|
||||
ipv6 transport for sending DNS traffic, it does not impact the contents of
|
||||
the DNS traffic, which may have ip4 and ip6 addresses in it.
|
||||
.TP
|
||||
.B do\-udp: \fI<yes or no>
|
||||
Enable or disable whether UDP queries are answered or issued. Default is yes.
|
||||
@ -905,6 +904,7 @@ records are provided.
|
||||
Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa,
|
||||
2.0.192.in\-addr.arpa (TEST NET 1), 100.51.198.in\-addr.arpa (TEST NET 2),
|
||||
113.0.203.in\-addr.arpa (TEST NET 3), 255.255.255.255.in\-addr.arpa.
|
||||
And from 64.100.in\-addr.arpa to 127.100.in\-addr.arpa (Shared Address Space).
|
||||
.TP 10
|
||||
\h'5'\fIreverse RFC4291 IP6 unspecified\fR
|
||||
Reverse data for zone
|
||||
@ -1082,6 +1082,19 @@ and the word "python" has to be put in the \fBmodule\-config:\fR option
|
||||
.TP
|
||||
.B python\-script: \fI<python file>\fR
|
||||
The script file to load.
|
||||
.SS "DNS64 Module Options"
|
||||
.LP
|
||||
The dns64 module must be configured in the \fBmodule\-config:\fR "dns64
|
||||
validator iterator" directive and be compiled into the daemon to be
|
||||
enabled. These settings go in the \fBserver:\fR section.
|
||||
.TP
|
||||
.B dns64\-prefix: \fI<IPv6 prefix>\fR
|
||||
This sets the DNS64 prefix to use to synthesize AAAA records with.
|
||||
It must be /96 or shorter. The default prefix is 64:ff9b::/96.
|
||||
.TP
|
||||
.B dns64\-synthall: \fI<yes or no>\fR
|
||||
Debug option, default no. If enabled, synthesize all AAAA records
|
||||
despite the presence of actual AAAA records.
|
||||
.SH "MEMORY CONTROL EXAMPLE"
|
||||
In the example config settings below memory usage is reduced. Some service
|
||||
levels are lower, notable very large data and a high TCP load are no longer
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound.conf" "5" "Mar 12, 2014" "NLnet Labs" "unbound 1.4.22"
|
||||
.TH "unbound.conf" "5" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
|
||||
.\"
|
||||
.\" unbound.conf.5 -- unbound.conf manual
|
||||
.\"
|
||||
@ -8,14 +8,11 @@
|
||||
.\"
|
||||
.\"
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B unbound.conf
|
||||
\- Unbound configuration file.
|
||||
.SH "SYNOPSIS"
|
||||
.LP
|
||||
.B unbound.conf
|
||||
.SH "DESCRIPTION"
|
||||
.LP
|
||||
.B unbound.conf
|
||||
is used to configure
|
||||
\fIunbound\fR(8).
|
||||
@ -65,7 +62,6 @@ server:
|
||||
access\-control: 2001:DB8::/64 allow
|
||||
.fi
|
||||
.SH "FILE FORMAT"
|
||||
.LP
|
||||
There must be whitespace between keywords. Attribute keywords end with a colon ':'. An attribute
|
||||
is followed by its containing attributes, or a value.
|
||||
.P
|
||||
@ -169,11 +165,11 @@ Give a port number or a range of the form "low\-high", without spaces.
|
||||
.TP
|
||||
.B outgoing\-num\-tcp: \fI<number>
|
||||
Number of outgoing TCP buffers to allocate per thread. Default is 10. If set
|
||||
to 0, or if do_tcp is "no", no TCP queries to authoritative servers are done.
|
||||
to 0, or if do\-tcp is "no", no TCP queries to authoritative servers are done.
|
||||
.TP
|
||||
.B incoming\-num\-tcp: \fI<number>
|
||||
Number of incoming TCP buffers to allocate per thread. Default is 10. If set
|
||||
to 0, or if do_tcp is "no", no TCP queries from clients are accepted.
|
||||
to 0, or if do\-tcp is "no", no TCP queries from clients are accepted.
|
||||
.TP
|
||||
.B edns\-buffer\-size: \fI<number>
|
||||
Number of bytes size to advertise as the EDNS reassembly buffer size.
|
||||
@ -262,8 +258,9 @@ to so\-rcvbuf.
|
||||
.B so\-reuseport: \fI<yes or no>
|
||||
If yes, then open dedicated listening sockets for incoming queries for each
|
||||
thread and try to set the SO_REUSEPORT socket option on each socket. May
|
||||
distribute incoming queries to threads more evenly. Default is no. Only
|
||||
supported on Linux >= 3.9. You can enable it (on any platform and kernel),
|
||||
distribute incoming queries to threads more evenly. Default is no. On Linux
|
||||
it is supported in kernels >= 3.9. On other systems, FreeBSD, OSX it may
|
||||
also work. You can enable it (on any platform and kernel),
|
||||
it then attempts to open the port and passes the option if it was available
|
||||
at compile time, if that works it is used, if it fails, it continues
|
||||
silently (unless verbosity 3) without the option.
|
||||
@ -310,7 +307,9 @@ Enable or disable whether ip4 queries are answered or issued. Default is yes.
|
||||
.B do\-ip6: \fI<yes or no>
|
||||
Enable or disable whether ip6 queries are answered or issued. Default is yes.
|
||||
If disabled, queries are not answered on IPv6, and queries are not sent on
|
||||
IPv6 to the internet nameservers.
|
||||
IPv6 to the internet nameservers. With this option you can disable the
|
||||
ipv6 transport for sending DNS traffic, it does not impact the contents of
|
||||
the DNS traffic, which may have ip4 and ip6 addresses in it.
|
||||
.TP
|
||||
.B do\-udp: \fI<yes or no>
|
||||
Enable or disable whether UDP queries are answered or issued. Default is yes.
|
||||
@ -905,6 +904,7 @@ records are provided.
|
||||
Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa,
|
||||
2.0.192.in\-addr.arpa (TEST NET 1), 100.51.198.in\-addr.arpa (TEST NET 2),
|
||||
113.0.203.in\-addr.arpa (TEST NET 3), 255.255.255.255.in\-addr.arpa.
|
||||
And from 64.100.in\-addr.arpa to 127.100.in\-addr.arpa (Shared Address Space).
|
||||
.TP 10
|
||||
\h'5'\fIreverse RFC4291 IP6 unspecified\fR
|
||||
Reverse data for zone
|
||||
@ -1082,6 +1082,19 @@ and the word "python" has to be put in the \fBmodule\-config:\fR option
|
||||
.TP
|
||||
.B python\-script: \fI<python file>\fR
|
||||
The script file to load.
|
||||
.SS "DNS64 Module Options"
|
||||
.LP
|
||||
The dns64 module must be configured in the \fBmodule\-config:\fR "dns64
|
||||
validator iterator" directive and be compiled into the daemon to be
|
||||
enabled. These settings go in the \fBserver:\fR section.
|
||||
.TP
|
||||
.B dns64\-prefix: \fI<IPv6 prefix>\fR
|
||||
This sets the DNS64 prefix to use to synthesize AAAA records with.
|
||||
It must be /96 or shorter. The default prefix is 64:ff9b::/96.
|
||||
.TP
|
||||
.B dns64\-synthall: \fI<yes or no>\fR
|
||||
Debug option, default no. If enabled, synthesize all AAAA records
|
||||
despite the presence of actual AAAA records.
|
||||
.SH "MEMORY CONTROL EXAMPLE"
|
||||
In the example config settings below memory usage is reduced. Some service
|
||||
levels are lower, notable very large data and a high TCP load are no longer
|
||||
|
@ -287,7 +287,7 @@ TYPEDEF_HIDES_STRUCT = NO
|
||||
# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0,
|
||||
# corresponding to a cache size of 2^16 = 65536 symbols
|
||||
|
||||
SYMBOL_CACHE_SIZE = 0
|
||||
#SYMBOL_CACHE_SIZE = 0
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Build related configuration options
|
||||
@ -1272,13 +1272,13 @@ XML_OUTPUT = xml
|
||||
# which can be used by a validating XML parser to check the
|
||||
# syntax of the XML files.
|
||||
|
||||
XML_SCHEMA =
|
||||
#XML_SCHEMA =
|
||||
|
||||
# The XML_DTD tag can be used to specify an XML DTD,
|
||||
# which can be used by a validating XML parser to check the
|
||||
# syntax of the XML files.
|
||||
|
||||
XML_DTD =
|
||||
#XML_DTD =
|
||||
|
||||
# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
|
||||
# dump the program listings (including syntax highlighting
|
||||
@ -1497,7 +1497,7 @@ HAVE_DOT = NO
|
||||
# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory
|
||||
# containing the font.
|
||||
|
||||
DOT_FONTNAME = FreeSans.ttf
|
||||
#DOT_FONTNAME = FreeSans.ttf
|
||||
|
||||
# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs.
|
||||
# The default size is 10pt.
|
||||
|
@ -147,7 +147,9 @@ delegpt_find_addr(struct delegpt* dp, struct sockaddr_storage* addr,
|
||||
{
|
||||
struct delegpt_addr* p = dp->target_list;
|
||||
while(p) {
|
||||
if(sockaddr_cmp_addr(addr, addrlen, &p->addr, p->addrlen)==0) {
|
||||
if(sockaddr_cmp_addr(addr, addrlen, &p->addr, p->addrlen)==0
|
||||
&& ((struct sockaddr_in*)addr)->sin_port ==
|
||||
((struct sockaddr_in*)&p->addr)->sin_port) {
|
||||
return p;
|
||||
}
|
||||
p = p->next_target;
|
||||
|
@ -144,6 +144,8 @@ compile_time_root_prime(int do_ip4, int do_ip6)
|
||||
}
|
||||
if(do_ip6) {
|
||||
if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) goto failed;
|
||||
if(!ah(dp, "B.ROOT-SERVERS.NET.", "2001:500:84::b")) goto failed;
|
||||
if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed;
|
||||
if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed;
|
||||
if(!ah(dp, "F.ROOT-SERVERS.NET.", "2001:500:2f::f")) goto failed;
|
||||
if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::803f:235")) goto failed;
|
||||
|
@ -425,10 +425,10 @@ dns_copy_msg(struct dns_msg* from, struct regional* region)
|
||||
void
|
||||
iter_dns_store(struct module_env* env, struct query_info* msgqinf,
|
||||
struct reply_info* msgrep, int is_referral, time_t leeway, int pside,
|
||||
struct regional* region)
|
||||
struct regional* region, uint16_t flags)
|
||||
{
|
||||
if(!dns_cache_store(env, msgqinf, msgrep, is_referral, leeway,
|
||||
pside, region))
|
||||
pside, region, flags))
|
||||
log_err("out of memory: cannot store data in cache");
|
||||
}
|
||||
|
||||
@ -457,7 +457,8 @@ causes_cycle(struct module_qstate* qstate, uint8_t* name, size_t namelen,
|
||||
fptr_ok(fptr_whitelist_modenv_detect_cycle(
|
||||
qstate->env->detect_cycle));
|
||||
return (*qstate->env->detect_cycle)(qstate, &qinf,
|
||||
(uint16_t)(BIT_RD|BIT_CD), qstate->is_priming);
|
||||
(uint16_t)(BIT_RD|BIT_CD), qstate->is_priming,
|
||||
qstate->is_valrec);
|
||||
}
|
||||
|
||||
void
|
||||
@ -666,7 +667,7 @@ rrset_equal(struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2)
|
||||
k1->rk.rrset_class != k2->rk.rrset_class ||
|
||||
query_dname_compare(k1->rk.dname, k2->rk.dname) != 0)
|
||||
return 0;
|
||||
if(d1->ttl != d2->ttl ||
|
||||
if( /* do not check ttl: d1->ttl != d2->ttl || */
|
||||
d1->count != d2->count ||
|
||||
d1->rrsig_count != d2->rrsig_count ||
|
||||
d1->trust != d2->trust ||
|
||||
@ -675,7 +676,7 @@ rrset_equal(struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2)
|
||||
t = d1->count + d1->rrsig_count;
|
||||
for(i=0; i<t; i++) {
|
||||
if(d1->rr_len[i] != d2->rr_len[i] ||
|
||||
d1->rr_ttl[i] != d2->rr_ttl[i] ||
|
||||
/* no ttl check: d1->rr_ttl[i] != d2->rr_ttl[i] ||*/
|
||||
memcmp(d1->rr_data[i], d2->rr_data[i],
|
||||
d1->rr_len[i]) != 0)
|
||||
return 0;
|
||||
@ -689,8 +690,11 @@ reply_equal(struct reply_info* p, struct reply_info* q, struct regional* region)
|
||||
size_t i;
|
||||
if(p->flags != q->flags ||
|
||||
p->qdcount != q->qdcount ||
|
||||
/* do not check TTL, this may differ */
|
||||
/*
|
||||
p->ttl != q->ttl ||
|
||||
p->prefetch_ttl != q->prefetch_ttl ||
|
||||
*/
|
||||
p->security != q->security ||
|
||||
p->an_numrrsets != q->an_numrrsets ||
|
||||
p->ns_numrrsets != q->ns_numrrsets ||
|
||||
|
@ -124,6 +124,7 @@ struct dns_msg* dns_copy_msg(struct dns_msg* from, struct regional* regional);
|
||||
* @param pside: true if dp is parentside, thus message is 'fresh' and NS
|
||||
* can be prefetch-updates.
|
||||
* @param region: to copy modified (cache is better) rrs back to.
|
||||
* @param flags: with BIT_CD for dns64 AAAA translated queries.
|
||||
* @return void, because we are not interested in alloc errors,
|
||||
* the iterator and validator can operate on the results in their
|
||||
* scratch space (the qstate.region) and are not dependent on the cache.
|
||||
@ -132,7 +133,7 @@ struct dns_msg* dns_copy_msg(struct dns_msg* from, struct regional* regional);
|
||||
*/
|
||||
void iter_dns_store(struct module_env* env, struct query_info* qinf,
|
||||
struct reply_info* rep, int is_referral, time_t leeway, int pside,
|
||||
struct regional* region);
|
||||
struct regional* region, uint16_t flags);
|
||||
|
||||
/**
|
||||
* Select randomly with n/m probability.
|
||||
|
@ -254,6 +254,14 @@ error_response_cache(struct module_qstate* qstate, int id, int rcode)
|
||||
{
|
||||
/* store in cache */
|
||||
struct reply_info err;
|
||||
if(qstate->prefetch_leeway > NORR_TTL) {
|
||||
verbose(VERB_ALGO, "error response for prefetch in cache");
|
||||
/* attempt to adjust the cache entry prefetch */
|
||||
if(dns_cache_prefetch_adjust(qstate->env, &qstate->qinfo,
|
||||
NORR_TTL, qstate->query_flags))
|
||||
return error_response(qstate, id, rcode);
|
||||
/* if that fails (not in cache), fall through to store err */
|
||||
}
|
||||
memset(&err, 0, sizeof(err));
|
||||
err.flags = (uint16_t)(BIT_QR | BIT_RA);
|
||||
FLAGS_SET_RCODE(err.flags, rcode);
|
||||
@ -263,7 +271,8 @@ error_response_cache(struct module_qstate* qstate, int id, int rcode)
|
||||
/* do not waste time trying to validate this servfail */
|
||||
err.security = sec_status_indeterminate;
|
||||
verbose(VERB_ALGO, "store error response in message cache");
|
||||
iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL);
|
||||
iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL,
|
||||
qstate->query_flags);
|
||||
return error_response(qstate, id, rcode);
|
||||
}
|
||||
|
||||
@ -499,6 +508,7 @@ generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype,
|
||||
uint16_t qflags = 0; /* OPCODE QUERY, no flags */
|
||||
struct query_info qinf;
|
||||
int prime = (finalstate == PRIME_RESP_STATE)?1:0;
|
||||
int valrec = 0;
|
||||
qinf.qname = qname;
|
||||
qinf.qname_len = qnamelen;
|
||||
qinf.qtype = qtype;
|
||||
@ -512,12 +522,15 @@ generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype,
|
||||
* the resolution chain, which might have a validator. We are
|
||||
* uninterested in validating things not on the direct resolution
|
||||
* path. */
|
||||
if(!v)
|
||||
if(!v) {
|
||||
qflags |= BIT_CD;
|
||||
valrec = 1;
|
||||
}
|
||||
|
||||
/* attach subquery, lookup existing or make a new one */
|
||||
fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
|
||||
if(!(*qstate->env->attach_sub)(qstate, &qinf, qflags, prime, &subq)) {
|
||||
if(!(*qstate->env->attach_sub)(qstate, &qinf, qflags, prime, valrec,
|
||||
&subq)) {
|
||||
return 0;
|
||||
}
|
||||
*subq_ret = subq;
|
||||
@ -955,7 +968,8 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
} else {
|
||||
msg = dns_cache_lookup(qstate->env, iq->qchase.qname,
|
||||
iq->qchase.qname_len, iq->qchase.qtype,
|
||||
iq->qchase.qclass, qstate->region, qstate->env->scratch);
|
||||
iq->qchase.qclass, qstate->query_flags,
|
||||
qstate->region, qstate->env->scratch);
|
||||
if(!msg && qstate->env->neg_cache) {
|
||||
/* lookup in negative cache; may result in
|
||||
* NOERROR/NODATA or NXDOMAIN answers that need validation */
|
||||
@ -1888,8 +1902,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
iq->qchase.qname, iq->qchase.qname_len,
|
||||
iq->qchase.qtype, iq->qchase.qclass,
|
||||
iq->chase_flags | (iq->chase_to_rd?BIT_RD:0), EDNS_DO|BIT_CD,
|
||||
iq->dnssec_expected, &target->addr, target->addrlen,
|
||||
iq->dp->name, iq->dp->namelen, qstate);
|
||||
iq->dnssec_expected, iq->caps_fallback, &target->addr,
|
||||
target->addrlen, iq->dp->name, iq->dp->namelen, qstate);
|
||||
if(!outq) {
|
||||
log_addr(VERB_DETAIL, "error sending query to auth server",
|
||||
&target->addr, target->addrlen);
|
||||
@ -2025,7 +2039,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
iter_dns_store(qstate->env, &iq->response->qinfo,
|
||||
iq->response->rep, 0, qstate->prefetch_leeway,
|
||||
iq->dp&&iq->dp->has_parent_side_NS,
|
||||
qstate->region);
|
||||
qstate->region, qstate->query_flags);
|
||||
/* close down outstanding requests to be discarded */
|
||||
outbound_list_clear(&iq->outlist);
|
||||
iq->num_current_queries = 0;
|
||||
@ -2063,7 +2077,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
/* Store the referral under the current query */
|
||||
/* no prefetch-leeway, since its not the answer */
|
||||
iter_dns_store(qstate->env, &iq->response->qinfo,
|
||||
iq->response->rep, 1, 0, 0, NULL);
|
||||
iq->response->rep, 1, 0, 0, NULL, 0);
|
||||
if(iq->store_parent_NS)
|
||||
iter_store_parentside_NS(qstate->env,
|
||||
iq->response->rep);
|
||||
@ -2162,7 +2176,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
/* prefetchleeway applied because this updates answer parts */
|
||||
iter_dns_store(qstate->env, &iq->response->qinfo,
|
||||
iq->response->rep, 1, qstate->prefetch_leeway,
|
||||
iq->dp&&iq->dp->has_parent_side_NS, NULL);
|
||||
iq->dp&&iq->dp->has_parent_side_NS, NULL,
|
||||
qstate->query_flags);
|
||||
/* set the current request's qname to the new value. */
|
||||
iq->qchase.qname = sname;
|
||||
iq->qchase.qname_len = snamelen;
|
||||
@ -2243,7 +2258,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
}
|
||||
|
||||
/**
|
||||
* Return priming query results to interestes super querystates.
|
||||
* Return priming query results to interested super querystates.
|
||||
*
|
||||
* Sets the delegation point and delegation message (not nonRD queries).
|
||||
* This is a callback from walk_supers.
|
||||
@ -2674,7 +2689,7 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
iter_dns_store(qstate->env, &qstate->qinfo,
|
||||
iq->response->rep, 0, qstate->prefetch_leeway,
|
||||
iq->dp&&iq->dp->has_parent_side_NS,
|
||||
qstate->region);
|
||||
qstate->region, qstate->query_flags);
|
||||
}
|
||||
}
|
||||
qstate->return_rcode = LDNS_RCODE_NOERROR;
|
||||
@ -2799,6 +2814,21 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
iq->response = NULL;
|
||||
iq->state = QUERY_RESP_STATE;
|
||||
if(event == module_event_noreply || event == module_event_error) {
|
||||
if(event == module_event_noreply && iq->sent_count >= 3 &&
|
||||
qstate->env->cfg->use_caps_bits_for_id &&
|
||||
!iq->caps_fallback) {
|
||||
/* start fallback */
|
||||
iq->caps_fallback = 1;
|
||||
iq->caps_server = 0;
|
||||
iq->caps_reply = NULL;
|
||||
iq->state = QUERYTARGETS_STATE;
|
||||
iq->num_current_queries--;
|
||||
/* need fresh attempts for the 0x20 fallback, if
|
||||
* that was the cause for the failure */
|
||||
iter_dec_attempts(iq->dp, 3);
|
||||
verbose(VERB_DETAIL, "Capsforid: timeouts, starting fallback");
|
||||
goto handle_it;
|
||||
}
|
||||
goto handle_it;
|
||||
}
|
||||
if( (event != module_event_reply && event != module_event_capsfail)
|
||||
@ -2847,7 +2877,7 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
log_dns_msg("incoming scrubbed packet:", &iq->response->qinfo,
|
||||
iq->response->rep);
|
||||
|
||||
if(event == module_event_capsfail) {
|
||||
if(event == module_event_capsfail || iq->caps_fallback) {
|
||||
if(!iq->caps_fallback) {
|
||||
/* start fallback */
|
||||
iq->caps_fallback = 1;
|
||||
@ -2859,7 +2889,11 @@ process_response(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
goto handle_it;
|
||||
} else {
|
||||
/* check if reply is the same, otherwise, fail */
|
||||
if(!reply_equal(iq->response->rep, iq->caps_reply,
|
||||
if(!iq->caps_reply) {
|
||||
iq->caps_reply = iq->response->rep;
|
||||
iq->caps_server = -1; /*become zero at ++,
|
||||
so that we start the full set of trials */
|
||||
} else if(!reply_equal(iq->response->rep, iq->caps_reply,
|
||||
qstate->env->scratch)) {
|
||||
verbose(VERB_DETAIL, "Capsforid fallback: "
|
||||
"getting different replies, failed");
|
||||
|
@ -59,7 +59,7 @@ struct iter_priv;
|
||||
/** max number of referrals. Makes sure resolver does not run away */
|
||||
#define MAX_REFERRAL_COUNT 130
|
||||
/** max number of queries-sent-out. Make sure large NS set does not loop */
|
||||
#define MAX_SENT_COUNT 16
|
||||
#define MAX_SENT_COUNT 32
|
||||
/** at what query-sent-count to stop target fetch policy */
|
||||
#define TARGET_FETCH_STOP 3
|
||||
/** how nice is a server without further information, in msec
|
||||
@ -71,10 +71,6 @@ struct iter_priv;
|
||||
* Equals RTT_MAX_TIMEOUT
|
||||
*/
|
||||
#define USEFUL_SERVER_TOP_TIMEOUT 120000
|
||||
/** Number of lost messages in a row that get a host blacklisted.
|
||||
* With 16, a couple different queries have to time out and no working
|
||||
* queries are happening */
|
||||
#define USEFUL_SERVER_MAX_LOST 16
|
||||
/** number of retries on outgoing queries */
|
||||
#define OUTBOUND_MSG_RETRY 5
|
||||
/** RTT band, within this amount from the best, servers are chosen randomly.
|
||||
@ -236,7 +232,8 @@ struct iter_qstate {
|
||||
int caps_fallback;
|
||||
/** state for capsfail: current server number to try */
|
||||
size_t caps_server;
|
||||
/** state for capsfail: stored query for comparisons */
|
||||
/** state for capsfail: stored query for comparisons. Can be NULL if
|
||||
* no response had been seen prior to starting the fallback. */
|
||||
struct reply_info* caps_reply;
|
||||
|
||||
/** Current delegation message - returned for non-RD queries */
|
||||
|
@ -324,8 +324,10 @@ sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
|
||||
ec = EC_KEY_new_by_curve_name(NID_secp384r1);
|
||||
} else ec = NULL;
|
||||
if(!ec) return NULL;
|
||||
if(keylen+1 > sizeof(buf))
|
||||
return NULL; /* sanity check */
|
||||
if(keylen+1 > sizeof(buf)) { /* sanity check */
|
||||
EC_KEY_free(ec);
|
||||
return NULL;
|
||||
}
|
||||
/* prepend the 0x02 (from docs) (or actually 0x04 from implementation
|
||||
* of openssl) for uncompressed data */
|
||||
buf[0] = POINT_CONVERSION_UNCOMPRESSED;
|
||||
|
@ -288,9 +288,9 @@ sldns_parse_escape(uint8_t *ch_p, const char** str_p)
|
||||
{
|
||||
uint16_t val;
|
||||
|
||||
if ((*str_p)[0] && isdigit((*str_p)[0]) &&
|
||||
(*str_p)[1] && isdigit((*str_p)[1]) &&
|
||||
(*str_p)[2] && isdigit((*str_p)[2])) {
|
||||
if ((*str_p)[0] && isdigit((unsigned char)(*str_p)[0]) &&
|
||||
(*str_p)[1] && isdigit((unsigned char)(*str_p)[1]) &&
|
||||
(*str_p)[2] && isdigit((unsigned char)(*str_p)[2])) {
|
||||
|
||||
val = (uint16_t)(((*str_p)[0] - '0') * 100 +
|
||||
((*str_p)[1] - '0') * 10 +
|
||||
@ -303,7 +303,7 @@ sldns_parse_escape(uint8_t *ch_p, const char** str_p)
|
||||
*str_p += 3;
|
||||
return 1;
|
||||
|
||||
} else if ((*str_p)[0] && !isdigit((*str_p)[0])) {
|
||||
} else if ((*str_p)[0] && !isdigit((unsigned char)(*str_p)[0])) {
|
||||
|
||||
*ch_p = (uint8_t)*(*str_p)++;
|
||||
return 1;
|
||||
@ -467,7 +467,7 @@ sldns_b32_pton_base(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz,
|
||||
ch = *src++;
|
||||
--src_sz;
|
||||
|
||||
} while (isspace(ch) && src_sz > 0);
|
||||
} while (isspace((unsigned char)ch) && src_sz > 0);
|
||||
|
||||
if (ch == '=' || ch == '\0')
|
||||
break;
|
||||
@ -572,7 +572,7 @@ sldns_b32_pton_base(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz,
|
||||
ch = *src++;
|
||||
src_sz--;
|
||||
|
||||
} while (isspace(ch));
|
||||
} while (isspace((unsigned char)ch));
|
||||
|
||||
if (ch != '=')
|
||||
return -1;
|
||||
|
@ -359,14 +359,10 @@ static sldns_rr_descriptor rdata_field_descriptors[] = {
|
||||
/* 58 */
|
||||
{LDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 },
|
||||
|
||||
#ifdef DRAFT_RRTYPES
|
||||
/* 59 */
|
||||
{LDNS_RR_TYPE_CDS, "CDS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||
#else
|
||||
{LDNS_RR_TYPE_NULL, "TYPE59", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||
#endif
|
||||
|
||||
{LDNS_RR_TYPE_NULL, "TYPE60", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||
/* 60 */
|
||||
{LDNS_RR_TYPE_CDNSKEY, "CDNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||
{LDNS_RR_TYPE_NULL, "TYPE61", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||
{LDNS_RR_TYPE_NULL, "TYPE62", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||
{LDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||
|
@ -191,8 +191,8 @@ enum sldns_enum_rr_type
|
||||
LDNS_RR_TYPE_RKEY = 57,
|
||||
/** draft-ietf-dnsop-trust-history */
|
||||
LDNS_RR_TYPE_TALINK = 58,
|
||||
/** draft-barwood-dnsop-ds-publis */
|
||||
LDNS_RR_TYPE_CDS = 59,
|
||||
LDNS_RR_TYPE_CDS = 59, /** RFC 7344 */
|
||||
LDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */
|
||||
|
||||
LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
|
||||
|
||||
@ -419,7 +419,7 @@ enum sldns_enum_edns_option
|
||||
LDNS_EDNS_N3U = 7, /* RFC6975 */
|
||||
LDNS_EDNS_CLIENT_SUBNET = 8 /* draft-vandergaast-edns-client-subnet */
|
||||
};
|
||||
typedef enum sldns_edns_option sldns_edns_option;
|
||||
typedef enum sldns_enum_edns_option sldns_edns_option;
|
||||
|
||||
#define LDNS_EDNS_MASK_DO_BIT 0x8000
|
||||
|
||||
|
@ -35,9 +35,9 @@ INLINE uint16_t
|
||||
sldns_read_uint16(const void *src)
|
||||
{
|
||||
#ifdef ALLOW_UNALIGNED_ACCESSES
|
||||
return ntohs(*(uint16_t *) src);
|
||||
return ntohs(*(const uint16_t *) src);
|
||||
#else
|
||||
uint8_t *p = (uint8_t *) src;
|
||||
const uint8_t *p = (const uint8_t *) src;
|
||||
return ((uint16_t) p[0] << 8) | (uint16_t) p[1];
|
||||
#endif
|
||||
}
|
||||
@ -46,9 +46,9 @@ INLINE uint32_t
|
||||
sldns_read_uint32(const void *src)
|
||||
{
|
||||
#ifdef ALLOW_UNALIGNED_ACCESSES
|
||||
return ntohl(*(uint32_t *) src);
|
||||
return ntohl(*(const uint32_t *) src);
|
||||
#else
|
||||
uint8_t *p = (uint8_t *) src;
|
||||
const uint8_t *p = (const uint8_t *) src;
|
||||
return ( ((uint32_t) p[0] << 24)
|
||||
| ((uint32_t) p[1] << 16)
|
||||
| ((uint32_t) p[2] << 8)
|
||||
|
@ -245,7 +245,7 @@ rrinternal_get_ttl(sldns_buffer* strbuf, char* token, size_t token_len,
|
||||
}
|
||||
*ttl = (uint32_t) sldns_str2period(token, &endptr);
|
||||
|
||||
if (strlen(token) > 0 && !isdigit((int)token[0])) {
|
||||
if (strlen(token) > 0 && !isdigit((unsigned char)token[0])) {
|
||||
*not_there = 1;
|
||||
/* ah, it's not there or something */
|
||||
if (default_ttl == 0) {
|
||||
@ -337,7 +337,7 @@ rrinternal_get_delims(sldns_rdf_type rdftype, uint16_t r_cnt, uint16_t r_max)
|
||||
case LDNS_RDF_TYPE_WKS : /* it is the last rd field. */
|
||||
case LDNS_RDF_TYPE_IPSECKEY :
|
||||
case LDNS_RDF_TYPE_NSEC : if (r_cnt == r_max - 1) {
|
||||
return "\n\t";
|
||||
return "\n";
|
||||
}
|
||||
break;
|
||||
default : break;
|
||||
@ -384,11 +384,11 @@ rrinternal_spool_hex(char* token, uint8_t* rr, size_t rr_len,
|
||||
{
|
||||
char* p = token;
|
||||
while(*p) {
|
||||
if(isspace(*p)) {
|
||||
if(isspace((unsigned char)*p)) {
|
||||
p++;
|
||||
continue;
|
||||
}
|
||||
if(!isxdigit(*p))
|
||||
if(!isxdigit((unsigned char)*p))
|
||||
return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_RDATA,
|
||||
p-token);
|
||||
if(*cur_hex_data_size >= hex_data_size)
|
||||
@ -827,6 +827,20 @@ const char* sldns_get_errorstr_parse(int e)
|
||||
return lt?lt->name:"unknown error";
|
||||
}
|
||||
|
||||
/* Strip whitespace from the start and the end of <line>. */
|
||||
static char *
|
||||
sldns_strip_ws(char *line)
|
||||
{
|
||||
char *s = line, *e;
|
||||
|
||||
for (s = line; *s && isspace((unsigned char)*s); s++)
|
||||
;
|
||||
for (e = strchr(s, 0); e > s+2 && isspace((unsigned char)e[-1]) && e[-2] != '\\'; e--)
|
||||
;
|
||||
*e = 0;
|
||||
return s;
|
||||
}
|
||||
|
||||
int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
|
||||
struct sldns_file_parse_state* parse_state)
|
||||
{
|
||||
@ -852,28 +866,23 @@ int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
|
||||
return LDNS_WIREPARSE_ERR_OK;
|
||||
}
|
||||
|
||||
if(strncmp(line, "$ORIGIN", 7) == 0 && isspace(line[7])) {
|
||||
size_t off = 8;
|
||||
if(strncmp(line, "$ORIGIN", 7) == 0 && isspace((unsigned char)line[7])) {
|
||||
int s;
|
||||
*len = 0;
|
||||
*dname_len = 0;
|
||||
if(!parse_state) return LDNS_WIREPARSE_ERR_OK;
|
||||
while(isspace(line[off]))
|
||||
off++;
|
||||
parse_state->origin_len = sizeof(parse_state->origin);
|
||||
s = sldns_str2wire_dname_buf(line+off, parse_state->origin,
|
||||
&parse_state->origin_len);
|
||||
s = sldns_str2wire_dname_buf(sldns_strip_ws(line+8),
|
||||
parse_state->origin, &parse_state->origin_len);
|
||||
if(s) parse_state->origin_len = 0;
|
||||
return s;
|
||||
} else if(strncmp(line, "$TTL", 4) == 0 && isspace(line[4])) {
|
||||
} else if(strncmp(line, "$TTL", 4) == 0 && isspace((unsigned char)line[4])) {
|
||||
const char* end = NULL;
|
||||
size_t off = 8;
|
||||
*len = 0;
|
||||
*dname_len = 0;
|
||||
if(!parse_state) return LDNS_WIREPARSE_ERR_OK;
|
||||
while(isspace(line[off]))
|
||||
off++;
|
||||
parse_state->default_ttl = sldns_str2period(line+off, &end);
|
||||
parse_state->default_ttl = sldns_str2period(
|
||||
sldns_strip_ws(line+5), &end);
|
||||
} else if (strncmp(line, "$INCLUDE", 8) == 0) {
|
||||
*len = 0;
|
||||
*dname_len = 0;
|
||||
@ -1188,11 +1197,11 @@ int sldns_str2wire_hex_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
const char* s = str;
|
||||
size_t dlen = 0; /* number of hexdigits parsed */
|
||||
while(*s) {
|
||||
if(isspace(*s)) {
|
||||
if(isspace((unsigned char)*s)) {
|
||||
s++;
|
||||
continue;
|
||||
}
|
||||
if(!isxdigit(*s))
|
||||
if(!isxdigit((unsigned char)*s))
|
||||
return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str);
|
||||
if(*len < dlen/2 + 1)
|
||||
return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL,
|
||||
@ -1392,7 +1401,7 @@ static int
|
||||
loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e)
|
||||
{
|
||||
uint32_t meters = 0, cm = 0, val;
|
||||
while (isblank(*my_str)) {
|
||||
while (isblank((unsigned char)*my_str)) {
|
||||
my_str++;
|
||||
}
|
||||
meters = (uint32_t)strtol(my_str, &my_str, 10);
|
||||
@ -1443,17 +1452,17 @@ int sldns_str2wire_loc_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
|
||||
char *my_str = (char *) str;
|
||||
|
||||
if (isdigit((int) *my_str)) {
|
||||
if (isdigit((unsigned char) *my_str)) {
|
||||
h = (uint32_t) strtol(my_str, &my_str, 10);
|
||||
} else {
|
||||
return LDNS_WIREPARSE_ERR_INVALID_STR;
|
||||
}
|
||||
|
||||
while (isblank((int) *my_str)) {
|
||||
while (isblank((unsigned char) *my_str)) {
|
||||
my_str++;
|
||||
}
|
||||
|
||||
if (isdigit((int) *my_str)) {
|
||||
if (isdigit((unsigned char) *my_str)) {
|
||||
m = (uint32_t) strtol(my_str, &my_str, 10);
|
||||
} else if (*my_str == 'N' || *my_str == 'S') {
|
||||
goto north;
|
||||
@ -1461,16 +1470,16 @@ int sldns_str2wire_loc_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
return LDNS_WIREPARSE_ERR_INVALID_STR;
|
||||
}
|
||||
|
||||
while (isblank((int) *my_str)) {
|
||||
while (isblank((unsigned char) *my_str)) {
|
||||
my_str++;
|
||||
}
|
||||
|
||||
if (isdigit((int) *my_str)) {
|
||||
if (isdigit((unsigned char) *my_str)) {
|
||||
s = strtod(my_str, &my_str);
|
||||
}
|
||||
|
||||
/* skip blanks before norterness */
|
||||
while (isblank((int) *my_str)) {
|
||||
while (isblank((unsigned char) *my_str)) {
|
||||
my_str++;
|
||||
}
|
||||
|
||||
@ -1497,21 +1506,21 @@ int sldns_str2wire_loc_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
} else {
|
||||
latitude = equator - latitude;
|
||||
}
|
||||
while (isblank(*my_str)) {
|
||||
while (isblank((unsigned char)*my_str)) {
|
||||
my_str++;
|
||||
}
|
||||
|
||||
if (isdigit((int) *my_str)) {
|
||||
if (isdigit((unsigned char) *my_str)) {
|
||||
h = (uint32_t) strtol(my_str, &my_str, 10);
|
||||
} else {
|
||||
return LDNS_WIREPARSE_ERR_INVALID_STR;
|
||||
}
|
||||
|
||||
while (isblank((int) *my_str)) {
|
||||
while (isblank((unsigned char) *my_str)) {
|
||||
my_str++;
|
||||
}
|
||||
|
||||
if (isdigit((int) *my_str)) {
|
||||
if (isdigit((unsigned char) *my_str)) {
|
||||
m = (uint32_t) strtol(my_str, &my_str, 10);
|
||||
} else if (*my_str == 'E' || *my_str == 'W') {
|
||||
goto east;
|
||||
@ -1519,16 +1528,16 @@ int sldns_str2wire_loc_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
return LDNS_WIREPARSE_ERR_INVALID_STR;
|
||||
}
|
||||
|
||||
while (isblank(*my_str)) {
|
||||
while (isblank((unsigned char)*my_str)) {
|
||||
my_str++;
|
||||
}
|
||||
|
||||
if (isdigit((int) *my_str)) {
|
||||
if (isdigit((unsigned char) *my_str)) {
|
||||
s = strtod(my_str, &my_str);
|
||||
}
|
||||
|
||||
/* skip blanks before easterness */
|
||||
while (isblank(*my_str)) {
|
||||
while (isblank((unsigned char)*my_str)) {
|
||||
my_str++;
|
||||
}
|
||||
|
||||
@ -1591,6 +1600,17 @@ int sldns_str2wire_loc_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
return LDNS_WIREPARSE_ERR_OK;
|
||||
}
|
||||
|
||||
static void
|
||||
ldns_tolower_str(char* s)
|
||||
{
|
||||
if(s) {
|
||||
while(*s) {
|
||||
*s = (char)tolower((unsigned char)*s);
|
||||
s++;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int sldns_str2wire_wks_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
{
|
||||
int rd_len = 1;
|
||||
@ -1605,6 +1625,7 @@ int sldns_str2wire_wks_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
|
||||
|
||||
while(sldns_bget_token(&strbuf, token, "\t\n ", sizeof(token)) > 0) {
|
||||
ldns_tolower_str(token);
|
||||
if(!have_proto) {
|
||||
struct protoent *p = getprotobyname(token);
|
||||
have_proto = 1;
|
||||
@ -1682,11 +1703,11 @@ int sldns_str2wire_nsap_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
if(slen > LDNS_MAX_RDFLEN*2)
|
||||
return LDNS_WIREPARSE_ERR_LABEL_OVERFLOW;
|
||||
while(*s) {
|
||||
if(isspace(*s) || *s == '.') {
|
||||
if(isspace((unsigned char)*s) || *s == '.') {
|
||||
s++;
|
||||
continue;
|
||||
}
|
||||
if(!isxdigit(*s))
|
||||
if(!isxdigit((unsigned char)*s))
|
||||
return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str);
|
||||
if(*len < dlen/2 + 1)
|
||||
return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL,
|
||||
@ -1713,11 +1734,11 @@ int sldns_str2wire_atma_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
if(slen > LDNS_MAX_RDFLEN*2)
|
||||
return LDNS_WIREPARSE_ERR_LABEL_OVERFLOW;
|
||||
while(*s) {
|
||||
if(isspace(*s) || *s == '.') {
|
||||
if(isspace((unsigned char)*s) || *s == '.') {
|
||||
s++;
|
||||
continue;
|
||||
}
|
||||
if(!isxdigit(*s))
|
||||
if(!isxdigit((unsigned char)*s))
|
||||
return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_HEX, s-str);
|
||||
if(*len < dlen/2 + 1)
|
||||
return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL,
|
||||
@ -1820,7 +1841,8 @@ int sldns_str2wire_nsec3_salt_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
|
||||
rd[0] = (uint8_t) (salt_length_str / 2);
|
||||
for (i = 0; i < salt_length_str; i += 2) {
|
||||
if (isxdigit((int)str[i]) && isxdigit((int)str[i+1])) {
|
||||
if (isxdigit((unsigned char)str[i]) &&
|
||||
isxdigit((unsigned char)str[i+1])) {
|
||||
rd[1+i/2] = (uint8_t)(sldns_hexdigit_to_int(str[i])*16
|
||||
+ sldns_hexdigit_to_int(str[i+1]));
|
||||
} else {
|
||||
@ -1907,7 +1929,7 @@ int sldns_str2wire_tag_buf(const char* str, uint8_t* rd, size_t* len)
|
||||
if(*len < slen+1)
|
||||
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
|
||||
for (ptr = str; *ptr; ptr++) {
|
||||
if(!isalnum(*ptr))
|
||||
if(!isalnum((unsigned char)*ptr))
|
||||
return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_TAG, ptr-str);
|
||||
}
|
||||
rd[0] = slen;
|
||||
|
@ -722,7 +722,7 @@ static int dname_char_print(char** s, size_t* slen, uint8_t c)
|
||||
{
|
||||
if(c == '.' || c == ';' || c == '(' || c == ')' || c == '\\')
|
||||
return sldns_str_print(s, slen, "\\%c", c);
|
||||
else if(!(isascii((int)c) && isgraph((int)c)))
|
||||
else if(!(isascii((unsigned char)c) && isgraph((unsigned char)c)))
|
||||
return sldns_str_print(s, slen, "\\%03u", (unsigned)c);
|
||||
/* plain printout */
|
||||
if(*slen) {
|
||||
@ -1064,7 +1064,7 @@ int sldns_wire2str_aaaa_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
|
||||
/** printout escaped TYPE_STR character */
|
||||
static int str_char_print(char** s, size_t* sl, uint8_t c)
|
||||
{
|
||||
if(isprint((int)c) || c == '\t') {
|
||||
if(isprint((unsigned char)c) || c == '\t') {
|
||||
if(c == '\"' || c == '\\')
|
||||
return sldns_str_print(s, sl, "\\%c", c);
|
||||
if(*sl) {
|
||||
@ -1625,7 +1625,7 @@ int sldns_wire2str_tag_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
|
||||
if(*dl < 1+n)
|
||||
return -1;
|
||||
for(i=0; i<n; i++)
|
||||
if(!isalnum((int)(*d)[i]))
|
||||
if(!isalnum((unsigned char)(*d)[i]))
|
||||
return -1;
|
||||
for(i=0; i<n; i++)
|
||||
w += sldns_str_print(s, sl, "%c", (char)(*d)[i]);
|
||||
@ -1713,7 +1713,7 @@ int sldns_wire2str_edns_nsid_print(char** s, size_t* sl, uint8_t* data,
|
||||
size_t i, printed=0;
|
||||
w += print_hex_buf(s, sl, data, len);
|
||||
for(i=0; i<len; i++) {
|
||||
if(isprint((int)data[i]) || data[i] == '\t') {
|
||||
if(isprint((unsigned char)data[i]) || data[i] == '\t') {
|
||||
if(!printed) {
|
||||
w += sldns_str_print(s, sl, " (");
|
||||
printed = 1;
|
||||
|
@ -363,6 +363,26 @@ ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname)
|
||||
return UB_NOERROR;
|
||||
}
|
||||
|
||||
int ub_ctx_add_ta_autr(struct ub_ctx* ctx, const char* fname)
|
||||
{
|
||||
char* dup = strdup(fname);
|
||||
if(!dup) return UB_NOMEM;
|
||||
lock_basic_lock(&ctx->cfglock);
|
||||
if(ctx->finalized) {
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
free(dup);
|
||||
return UB_AFTERFINAL;
|
||||
}
|
||||
if(!cfg_strlist_insert(&ctx->env->cfg->auto_trust_anchor_file_list,
|
||||
dup)) {
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
free(dup);
|
||||
return UB_NOMEM;
|
||||
}
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
return UB_NOERROR;
|
||||
}
|
||||
|
||||
int
|
||||
ub_ctx_trustedkeys(struct ub_ctx* ctx, const char* fname)
|
||||
{
|
||||
@ -959,7 +979,7 @@ ub_ctx_resolvconf(struct ub_ctx* ctx, const char* fname)
|
||||
parse++;
|
||||
addr = parse;
|
||||
/* skip [0-9a-fA-F.:]*, i.e. IP4 and IP6 address */
|
||||
while(isxdigit(*parse) || *parse=='.' || *parse==':')
|
||||
while(isxdigit((unsigned char)*parse) || *parse=='.' || *parse==':')
|
||||
parse++;
|
||||
/* terminate after the address, remove newline */
|
||||
*parse = 0;
|
||||
@ -1031,7 +1051,7 @@ ub_ctx_hosts(struct ub_ctx* ctx, const char* fname)
|
||||
/* format: <addr> spaces <name> spaces <name> ... */
|
||||
addr = parse;
|
||||
/* skip addr */
|
||||
while(isxdigit(*parse) || *parse == '.' || *parse == ':')
|
||||
while(isxdigit((unsigned char)*parse) || *parse == '.' || *parse == ':')
|
||||
parse++;
|
||||
if(*parse == '\n' || *parse == 0)
|
||||
continue;
|
||||
|
@ -233,7 +233,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct event_base* eb)
|
||||
w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id,
|
||||
ports, numports, cfg->unwanted_threshold,
|
||||
&libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx,
|
||||
cfg->delay_close);
|
||||
cfg->delay_close, NULL);
|
||||
if(!w->is_bg || w->is_bg_thread) {
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
}
|
||||
@ -821,8 +821,9 @@ void libworker_alloc_cleanup(void* arg)
|
||||
|
||||
struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen,
|
||||
uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
|
||||
int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
|
||||
uint8_t* zone, size_t zonelen, struct module_qstate* q)
|
||||
int want_dnssec, int nocaps, struct sockaddr_storage* addr,
|
||||
socklen_t addrlen, uint8_t* zone, size_t zonelen,
|
||||
struct module_qstate* q)
|
||||
{
|
||||
struct libworker* w = (struct libworker*)q->env->worker;
|
||||
struct outbound_entry* e = (struct outbound_entry*)regional_alloc(
|
||||
@ -831,7 +832,7 @@ struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen,
|
||||
return NULL;
|
||||
e->qstate = q;
|
||||
e->qsent = outnet_serviced_query(w->back, qname,
|
||||
qnamelen, qtype, qclass, flags, dnssec, want_dnssec,
|
||||
qnamelen, qtype, qclass, flags, dnssec, want_dnssec, nocaps,
|
||||
q->env->cfg->tcp_upstream, q->env->cfg->ssl_upstream, addr,
|
||||
addrlen, zone, zonelen, libworker_handle_service_reply, e,
|
||||
w->back->udp_buff);
|
||||
@ -953,7 +954,7 @@ struct outbound_entry* worker_send_query(uint8_t* ATTR_UNUSED(qname),
|
||||
size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype),
|
||||
uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),
|
||||
int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
|
||||
struct sockaddr_storage* ATTR_UNUSED(addr),
|
||||
int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr),
|
||||
socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
|
||||
size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
|
||||
{
|
||||
|
@ -39,9 +39,9 @@
|
||||
ctx.resolvconf("/etc/resolv.conf")
|
||||
|
||||
def call_back(my_data,status,result):
|
||||
print "Call_back:", my_data
|
||||
print("Call_back:", my_data)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result:", result.data.address_list
|
||||
print("Result:", result.data.address_list)
|
||||
my_data['done_flag'] = True
|
||||
|
||||
|
||||
@ -53,4 +53,4 @@ def call_back(my_data,status,result):
|
||||
time.sleep(0.1)
|
||||
|
||||
if (status != 0):
|
||||
print "Resolve error:", unbound.ub_strerror(status)
|
||||
print("Resolve error:", unbound.ub_strerror(status))
|
||||
|
@ -39,6 +39,6 @@
|
||||
|
||||
status, result = ctx.resolve("www.nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result:", result.data.address_list
|
||||
print("Result:", result.data.address_list)
|
||||
elif status != 0:
|
||||
print "Error:", unbound.ub_strerror(status)
|
||||
print("Error:", unbound.ub_strerror(status))
|
||||
|
@ -48,12 +48,12 @@
|
||||
status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
|
||||
print "Result:", result.data.address_list
|
||||
print("Result:", result.data.address_list)
|
||||
|
||||
if result.secure:
|
||||
print "Result is secure"
|
||||
print("Result is secure")
|
||||
elif result.bogus:
|
||||
print "Result is bogus"
|
||||
print("Result is bogus")
|
||||
else:
|
||||
print "Result is insecure"
|
||||
print("Result is insecure")
|
||||
|
||||
|
@ -3,27 +3,27 @@
|
||||
import ldns
|
||||
|
||||
def dnssecParse(domain, rrType=RR_TYPE_A):
|
||||
print "Resolving domain", domain
|
||||
print("Resolving domain", domain)
|
||||
s, r = resolver.resolve(domain)
|
||||
print "status: %s, secure: %s, rcode: %s, havedata: %s, answer_len; %s" % (s, r.secure, r.rcode_str, r.havedata, r.answer_len)
|
||||
print("status: %s, secure: %s, rcode: %s, havedata: %s, answer_len; %s" % (s, r.secure, r.rcode_str, r.havedata, r.answer_len))
|
||||
|
||||
s, pkt = ldns.ldns_wire2pkt(r.packet)
|
||||
if s != 0:
|
||||
raise RuntimeError("Error parsing DNS packet")
|
||||
|
||||
rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER)
|
||||
print "RRSIGs from answer:", rrsigs
|
||||
print("RRSIGs from answer:", rrsigs)
|
||||
|
||||
rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_AUTHORITY)
|
||||
print "RRSIGs from authority:", rrsigs
|
||||
print("RRSIGs from authority:", rrsigs)
|
||||
|
||||
nsecs = pkt.rr_list_by_type(RR_TYPE_NSEC, ldns.LDNS_SECTION_AUTHORITY)
|
||||
print "NSECs:", nsecs
|
||||
print("NSECs:", nsecs)
|
||||
|
||||
nsec3s = pkt.rr_list_by_type(RR_TYPE_NSEC3, ldns.LDNS_SECTION_AUTHORITY)
|
||||
print "NSEC3s:", nsec3s
|
||||
print("NSEC3s:", nsec3s)
|
||||
|
||||
print "---"
|
||||
print("---")
|
||||
|
||||
|
||||
resolver = ub_ctx()
|
||||
|
@ -40,22 +40,22 @@
|
||||
|
||||
status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result:"
|
||||
print " raw data:", result.data
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.mx_list:
|
||||
print " priority:%d address:%s" % k
|
||||
print(" priority:%d address:%s" % k)
|
||||
|
||||
status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result:"
|
||||
print " raw data:", result.data
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.address_list:
|
||||
print " address:%s" % k
|
||||
print(" address:%s" % k)
|
||||
|
||||
status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_NS, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result:"
|
||||
print " raw data:", result.data
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.domain_list:
|
||||
print " host: %s" % k
|
||||
print(" host: %s" % k)
|
||||
|
||||
|
@ -43,20 +43,20 @@
|
||||
#The unicode IDN string is automatically converted (if necessary)
|
||||
status, result = ctx.resolve(u"www.háčkyčárky.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result:"
|
||||
print " raw data:", result.data
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.address_list:
|
||||
print " address:%s" % k
|
||||
print(" address:%s" % k)
|
||||
|
||||
status, result = ctx.resolve(u"háčkyčárky.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result:"
|
||||
print " raw data:", result.data
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.mx_list_idn:
|
||||
print " priority:%d address:%s" % k
|
||||
print(" priority:%d address:%s" % k)
|
||||
|
||||
status, result = ctx.resolve(unbound.reverse('217.31.204.66')+'.in-addr.arpa', unbound.RR_TYPE_PTR, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result.data:", result.data
|
||||
print("Result.data:", result.data)
|
||||
for k in result.data.domain_list_idn:
|
||||
print " dname:%s" % k
|
||||
print(" dname:%s" % k)
|
||||
|
@ -40,14 +40,14 @@
|
||||
|
||||
status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result:"
|
||||
print " raw data:", result.data
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.mx_list:
|
||||
print " priority:%d address:%s" % k
|
||||
print(" priority:%d address:%s" % k)
|
||||
|
||||
status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result:"
|
||||
print " raw data:", result.data
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.address_list:
|
||||
print " address:%s" % k
|
||||
print(" address:%s" % k)
|
||||
|
@ -40,8 +40,8 @@
|
||||
|
||||
status, result = ctx.resolve("vutbr.cz", unbound.RR_TYPE_NS, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result:"
|
||||
print " raw data:", result.data
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.domain_list:
|
||||
print " host: %s" % k
|
||||
print(" host: %s" % k)
|
||||
|
||||
|
@ -39,5 +39,5 @@
|
||||
|
||||
status, result = ctx.resolve(unbound.reverse("74.125.43.147") + ".in-addr.arpa.", unbound.RR_TYPE_PTR, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print "Result.data:", result.data, result.data.domain_list
|
||||
print("Result.data:", result.data, result.data.domain_list)
|
||||
|
||||
|
@ -44,6 +44,15 @@
|
||||
|
||||
%pythoncode %{
|
||||
import encodings.idna
|
||||
|
||||
# Ensure compatibility with older python versions
|
||||
if 'bytes' not in vars():
|
||||
bytes = str
|
||||
|
||||
def ord(s):
|
||||
if isinstance(s, int):
|
||||
return s
|
||||
return __builtins__.ord(s)
|
||||
%}
|
||||
|
||||
//%include "doc.i"
|
||||
@ -559,10 +568,10 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104']
|
||||
:returns: * (int) 0 if OK, else error.
|
||||
* (:class:`ub_result`) the result data is returned in a newly allocated result structure. May be None on return, return value is set to an error in that case (out of memory).
|
||||
"""
|
||||
if isinstance(name, unicode): #probably IDN
|
||||
return _unbound.ub_resolve(self,idn2dname(name),rrtype,rrclass)
|
||||
else:
|
||||
if isinstance(name, bytes): #probably IDN
|
||||
return _unbound.ub_resolve(self,name,rrtype,rrclass)
|
||||
else:
|
||||
return _unbound.ub_resolve(self,idn2dname(name),rrtype,rrclass)
|
||||
#parameters: struct ub_ctx *,char *,int,int,
|
||||
#retvals: int,struct ub_result **
|
||||
|
||||
@ -597,10 +606,10 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104']
|
||||
* `result` - the result structure. The result may be None, in that case err is set.
|
||||
|
||||
"""
|
||||
if isinstance(name, unicode): #probably IDN
|
||||
return _unbound._ub_resolve_async(self,idn2dname(name),rrtype,rrclass,mydata,callback)
|
||||
else:
|
||||
if isinstance(name, bytes): #probably IDN
|
||||
return _unbound._ub_resolve_async(self,name,rrtype,rrclass,mydata,callback)
|
||||
else:
|
||||
return _unbound._ub_resolve_async(self,idn2dname(name),rrtype,rrclass,mydata,callback)
|
||||
#parameters: struct ub_ctx *,char *,int,int,void *,ub_callback_t,
|
||||
#retvals: int, int
|
||||
|
||||
@ -689,7 +698,8 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104']
|
||||
idx = ofs
|
||||
while (idx < slen):
|
||||
complen = ord(s[idx])
|
||||
res.append(s[idx+1:idx+1+complen])
|
||||
# In python 3.x `str()` converts the string to unicode which is the expected text string type
|
||||
res.append(str(s[idx+1:idx+1+complen]))
|
||||
idx += complen + 1
|
||||
|
||||
return res
|
||||
@ -764,13 +774,13 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104']
|
||||
|
||||
list = PyList_New(cnt);
|
||||
for (i=0;i<cnt;i++)
|
||||
PyList_SetItem(list, i, PyString_FromStringAndSize(result->data[i],result->len[i]));
|
||||
PyList_SetItem(list, i, PyBytes_FromStringAndSize(result->data[i],result->len[i]));
|
||||
|
||||
return list;
|
||||
}
|
||||
|
||||
PyObject* _packet() {
|
||||
return PyString_FromStringAndSize($self->answer_packet, $self->answer_len);
|
||||
return PyBytes_FromStringAndSize($self->answer_packet, $self->answer_len);
|
||||
}
|
||||
|
||||
%pythoncode %{
|
||||
|
@ -8,6 +8,7 @@ ub_ctx_set_fwd
|
||||
ub_ctx_resolvconf
|
||||
ub_ctx_hosts
|
||||
ub_ctx_add_ta
|
||||
ub_ctx_add_ta_autr
|
||||
ub_ctx_add_ta_file
|
||||
ub_ctx_trustedkeys
|
||||
ub_ctx_debugout
|
||||
|
@ -356,6 +356,21 @@ int ub_ctx_add_ta(struct ub_ctx* ctx, const char* ta);
|
||||
*/
|
||||
int ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname);
|
||||
|
||||
/**
|
||||
* Add trust anchor to the given context that is tracked with RFC5011
|
||||
* automated trust anchor maintenance. The file is written to when the
|
||||
* trust anchor is changed.
|
||||
* Pass the name of a file that was output from eg. unbound-anchor,
|
||||
* or you can start it by providing a trusted DNSKEY or DS record on one
|
||||
* line in the file.
|
||||
* @param ctx: context.
|
||||
* At this time it is only possible to add trusted keys before the
|
||||
* first resolve is done.
|
||||
* @param fname: filename of file with trust anchor.
|
||||
* @return 0 if OK, else error.
|
||||
*/
|
||||
int ub_ctx_add_ta_autr(struct ub_ctx* ctx, const char* fname);
|
||||
|
||||
/**
|
||||
* Add trust anchors to the given context.
|
||||
* Pass the name of a bind-style config file with trusted-keys{}.
|
||||
@ -508,7 +523,7 @@ void ub_resolve_free(struct ub_result* result);
|
||||
|
||||
/**
|
||||
* Convert error value to a human readable string.
|
||||
* @param err: error code from one of the ub_val* functions.
|
||||
* @param err: error code from one of the libunbound functions.
|
||||
* @return pointer to constant text string, zero terminated.
|
||||
*/
|
||||
const char* ub_strerror(int err);
|
||||
|
@ -58,6 +58,7 @@ struct tube;
|
||||
* @param flags: host order flags word, with opcode and CD bit.
|
||||
* @param dnssec: if set, EDNS record will have DO bit set.
|
||||
* @param want_dnssec: signatures needed.
|
||||
* @param nocaps: ignore capsforid(if in config), do not perturb qname.
|
||||
* @param addr: where to.
|
||||
* @param addrlen: length of addr.
|
||||
* @param zone: delegation point name.
|
||||
@ -68,8 +69,9 @@ struct tube;
|
||||
*/
|
||||
struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen,
|
||||
uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
|
||||
int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
|
||||
uint8_t* zone, size_t zonelen, struct module_qstate* q);
|
||||
int want_dnssec, int nocaps, struct sockaddr_storage* addr,
|
||||
socklen_t addrlen, uint8_t* zone, size_t zonelen,
|
||||
struct module_qstate* q);
|
||||
|
||||
/** process incoming replies from the network */
|
||||
int libworker_handle_reply(struct comm_point* c, void* arg, int error,
|
||||
@ -111,6 +113,7 @@ void worker_sighandler(int sig, void* arg);
|
||||
* @param flags: host order flags word, with opcode and CD bit.
|
||||
* @param dnssec: if set, EDNS record will have DO bit set.
|
||||
* @param want_dnssec: signatures needed.
|
||||
* @param nocaps: ignore capsforid(if in config), do not perturb qname.
|
||||
* @param addr: where to.
|
||||
* @param addrlen: length of addr.
|
||||
* @param zone: wireformat dname of the zone.
|
||||
@ -121,8 +124,9 @@ void worker_sighandler(int sig, void* arg);
|
||||
*/
|
||||
struct outbound_entry* worker_send_query(uint8_t* qname, size_t qnamelen,
|
||||
uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
|
||||
int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
|
||||
uint8_t* zone, size_t zonelen, struct module_qstate* q);
|
||||
int want_dnssec, int nocaps, struct sockaddr_storage* addr,
|
||||
socklen_t addrlen, uint8_t* zone, size_t zonelen,
|
||||
struct module_qstate* q);
|
||||
|
||||
/**
|
||||
* process control messages from the main thread. Frees the control
|
||||
|
49
contrib/unbound/services/cache/dns.c
vendored
49
contrib/unbound/services/cache/dns.c
vendored
@ -184,7 +184,7 @@ addr_to_additional(struct ub_packed_rrset_key* rrset, struct regional* region,
|
||||
/** lookup message in message cache */
|
||||
static struct msgreply_entry*
|
||||
msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen,
|
||||
uint16_t qtype, uint16_t qclass, time_t now, int wr)
|
||||
uint16_t qtype, uint16_t qclass, uint16_t flags, time_t now, int wr)
|
||||
{
|
||||
struct lruhash_entry* e;
|
||||
struct query_info k;
|
||||
@ -194,7 +194,7 @@ msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen,
|
||||
k.qname_len = qnamelen;
|
||||
k.qtype = qtype;
|
||||
k.qclass = qclass;
|
||||
h = query_info_hash(&k);
|
||||
h = query_info_hash(&k, flags);
|
||||
e = slabhash_lookup(env->msg_cache, h, &k, wr);
|
||||
|
||||
if(!e) return NULL;
|
||||
@ -226,8 +226,10 @@ find_add_addrs(struct module_env* env, uint16_t qclass,
|
||||
addr_to_additional(akey, region, *msg, now);
|
||||
lock_rw_unlock(&akey->entry.lock);
|
||||
} else {
|
||||
/* BIT_CD on false because delegpt lookup does
|
||||
* not use dns64 translation */
|
||||
neg = msg_cache_lookup(env, ns->name, ns->namelen,
|
||||
LDNS_RR_TYPE_A, qclass, now, 0);
|
||||
LDNS_RR_TYPE_A, qclass, 0, now, 0);
|
||||
if(neg) {
|
||||
delegpt_add_neg_msg(dp, neg);
|
||||
lock_rw_unlock(&neg->entry.lock);
|
||||
@ -244,8 +246,10 @@ find_add_addrs(struct module_env* env, uint16_t qclass,
|
||||
addr_to_additional(akey, region, *msg, now);
|
||||
lock_rw_unlock(&akey->entry.lock);
|
||||
} else {
|
||||
/* BIT_CD on false because delegpt lookup does
|
||||
* not use dns64 translation */
|
||||
neg = msg_cache_lookup(env, ns->name, ns->namelen,
|
||||
LDNS_RR_TYPE_AAAA, qclass, now, 0);
|
||||
LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
|
||||
if(neg) {
|
||||
delegpt_add_neg_msg(dp, neg);
|
||||
lock_rw_unlock(&neg->entry.lock);
|
||||
@ -276,8 +280,10 @@ cache_fill_missing(struct module_env* env, uint16_t qclass,
|
||||
ns->name, LDNS_RR_TYPE_A, qclass);
|
||||
lock_rw_unlock(&akey->entry.lock);
|
||||
} else {
|
||||
/* BIT_CD on false because delegpt lookup does
|
||||
* not use dns64 translation */
|
||||
neg = msg_cache_lookup(env, ns->name, ns->namelen,
|
||||
LDNS_RR_TYPE_A, qclass, now, 0);
|
||||
LDNS_RR_TYPE_A, qclass, 0, now, 0);
|
||||
if(neg) {
|
||||
delegpt_add_neg_msg(dp, neg);
|
||||
lock_rw_unlock(&neg->entry.lock);
|
||||
@ -294,8 +300,10 @@ cache_fill_missing(struct module_env* env, uint16_t qclass,
|
||||
ns->name, LDNS_RR_TYPE_AAAA, qclass);
|
||||
lock_rw_unlock(&akey->entry.lock);
|
||||
} else {
|
||||
/* BIT_CD on false because delegpt lookup does
|
||||
* not use dns64 translation */
|
||||
neg = msg_cache_lookup(env, ns->name, ns->namelen,
|
||||
LDNS_RR_TYPE_AAAA, qclass, now, 0);
|
||||
LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
|
||||
if(neg) {
|
||||
delegpt_add_neg_msg(dp, neg);
|
||||
lock_rw_unlock(&neg->entry.lock);
|
||||
@ -626,7 +634,7 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region,
|
||||
struct dns_msg*
|
||||
dns_cache_lookup(struct module_env* env,
|
||||
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||
struct regional* region, struct regional* scratch)
|
||||
uint16_t flags, struct regional* region, struct regional* scratch)
|
||||
{
|
||||
struct lruhash_entry* e;
|
||||
struct query_info k;
|
||||
@ -639,7 +647,7 @@ dns_cache_lookup(struct module_env* env,
|
||||
k.qname_len = qnamelen;
|
||||
k.qtype = qtype;
|
||||
k.qclass = qclass;
|
||||
h = query_info_hash(&k);
|
||||
h = query_info_hash(&k, flags);
|
||||
e = slabhash_lookup(env->msg_cache, h, &k, 0);
|
||||
if(e) {
|
||||
struct msgreply_entry* key = (struct msgreply_entry*)e->key;
|
||||
@ -716,7 +724,7 @@ dns_cache_lookup(struct module_env* env,
|
||||
if(env->cfg->harden_below_nxdomain)
|
||||
while(!dname_is_root(k.qname)) {
|
||||
dname_remove_label(&k.qname, &k.qname_len);
|
||||
h = query_info_hash(&k);
|
||||
h = query_info_hash(&k, flags);
|
||||
e = slabhash_lookup(env->msg_cache, h, &k, 0);
|
||||
if(e) {
|
||||
struct reply_info* data = (struct reply_info*)e->data;
|
||||
@ -741,7 +749,7 @@ dns_cache_lookup(struct module_env* env,
|
||||
int
|
||||
dns_cache_store(struct module_env* env, struct query_info* msgqinf,
|
||||
struct reply_info* msgrep, int is_referral, time_t leeway, int pside,
|
||||
struct regional* region)
|
||||
struct regional* region, uint16_t flags)
|
||||
{
|
||||
struct reply_info* rep = NULL;
|
||||
/* alloc, malloc properly (not in region, like msg is) */
|
||||
@ -786,7 +794,7 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
|
||||
* Not AA from cache. Not CD in cache (depends on client bit). */
|
||||
rep->flags |= (BIT_RA | BIT_QR);
|
||||
rep->flags &= ~(BIT_AA | BIT_CD);
|
||||
h = query_info_hash(&qinf);
|
||||
h = query_info_hash(&qinf, flags);
|
||||
dns_cache_store_msg(env, &qinf, h, rep, leeway, pside, msgrep,
|
||||
region);
|
||||
/* qname is used inside query_info_entrysetup, and set to
|
||||
@ -795,3 +803,22 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
dns_cache_prefetch_adjust(struct module_env* env, struct query_info* qinfo,
|
||||
time_t adjust, uint16_t flags)
|
||||
{
|
||||
struct msgreply_entry* msg;
|
||||
msg = msg_cache_lookup(env, qinfo->qname, qinfo->qname_len,
|
||||
qinfo->qtype, qinfo->qclass, flags, *env->now, 1);
|
||||
if(msg) {
|
||||
struct reply_info* rep = (struct reply_info*)msg->entry.data;
|
||||
if(rep) {
|
||||
rep->prefetch_ttl += adjust;
|
||||
lock_rw_unlock(&msg->entry.lock);
|
||||
return 1;
|
||||
}
|
||||
lock_rw_unlock(&msg->entry.lock);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
19
contrib/unbound/services/cache/dns.h
vendored
19
contrib/unbound/services/cache/dns.h
vendored
@ -79,11 +79,12 @@ struct dns_msg {
|
||||
* can be updated to full TTL even in prefetch situations.
|
||||
* @param region: region to allocate better entries from cache into.
|
||||
* (used when is_referral is false).
|
||||
* @param flags: flags with BIT_CD for AAAA queries in dns64 translation.
|
||||
* @return 0 on alloc error (out of memory).
|
||||
*/
|
||||
int dns_cache_store(struct module_env* env, struct query_info* qinf,
|
||||
struct reply_info* rep, int is_referral, time_t leeway, int pside,
|
||||
struct regional* region);
|
||||
struct regional* region, uint16_t flags);
|
||||
|
||||
/**
|
||||
* Store message in the cache. Stores in message cache and rrset cache.
|
||||
@ -132,6 +133,7 @@ struct delegpt* dns_cache_find_delegation(struct module_env* env,
|
||||
* @param qnamelen: length of qname.
|
||||
* @param qtype: query type.
|
||||
* @param qclass: query class.
|
||||
* @param flags: flags with BIT_CD for AAAA queries in dns64 translation.
|
||||
* @param region: where to allocate result.
|
||||
* @param scratch: where to allocate temporary data.
|
||||
* @return new response message (alloced in region, rrsets do not have IDs).
|
||||
@ -140,7 +142,7 @@ struct delegpt* dns_cache_find_delegation(struct module_env* env,
|
||||
*/
|
||||
struct dns_msg* dns_cache_lookup(struct module_env* env,
|
||||
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||
struct regional* region, struct regional* scratch);
|
||||
uint16_t flags, struct regional* region, struct regional* scratch);
|
||||
|
||||
/**
|
||||
* find and add A and AAAA records for missing nameservers in delegpt
|
||||
@ -179,4 +181,17 @@ struct dns_msg* dns_msg_create(uint8_t* qname, size_t qnamelen, uint16_t qtype,
|
||||
int dns_msg_authadd(struct dns_msg* msg, struct regional* region,
|
||||
struct ub_packed_rrset_key* rrset, time_t now);
|
||||
|
||||
/**
|
||||
* Adjust the prefetch_ttl for a cached message. This adds a value to the
|
||||
* prefetch ttl - postponing the time when it will be prefetched for future
|
||||
* incoming queries.
|
||||
* @param env: module environment with caches and time.
|
||||
* @param qinfo: query info for the query that needs adjustment.
|
||||
* @param adjust: time in seconds to add to the prefetch_leeway.
|
||||
* @param flags: flags with BIT_CD for AAAA queries in dns64 translation.
|
||||
* @return false if not in cache. true if added.
|
||||
*/
|
||||
int dns_cache_prefetch_adjust(struct module_env* env, struct query_info* qinfo,
|
||||
time_t adjust, uint16_t flags);
|
||||
|
||||
#endif /* SERVICES_CACHE_DNS_H */
|
||||
|
@ -57,7 +57,7 @@
|
||||
#include <fcntl.h>
|
||||
|
||||
/** number of queued TCP connections for listen() */
|
||||
#define TCP_BACKLOG 5
|
||||
#define TCP_BACKLOG 256
|
||||
|
||||
/**
|
||||
* Debug print of the getaddrinfo returned address.
|
||||
@ -153,8 +153,8 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
||||
#endif
|
||||
}
|
||||
#endif /* SO_REUSEADDR */
|
||||
#if defined(__linux__) && defined(SO_REUSEPORT)
|
||||
/* Linux specific: try to set SO_REUSEPORT so that incoming
|
||||
#ifdef SO_REUSEPORT
|
||||
/* try to set SO_REUSEPORT so that incoming
|
||||
* queries are distributed evenly among the receiving threads.
|
||||
* Each thread must have its own socket bound to the same port,
|
||||
* with SO_REUSEPORT set on each socket.
|
||||
@ -172,7 +172,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
||||
}
|
||||
#else
|
||||
(void)reuseport;
|
||||
#endif /* defined(__linux__) && defined(SO_REUSEPORT) */
|
||||
#endif /* defined(SO_REUSEPORT) */
|
||||
}
|
||||
if(rcv) {
|
||||
#ifdef SO_RCVBUF
|
||||
@ -362,11 +362,26 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
||||
# endif /* IPv6 MTU */
|
||||
} else if(family == AF_INET) {
|
||||
# if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
|
||||
/* linux 3.15 has IP_PMTUDISC_OMIT, Hannes Frederic Sowa made it so that
|
||||
* PMTU information is not accepted, but fragmentation is allowed
|
||||
* if and only if the packet size exceeds the outgoing interface MTU
|
||||
* (and also uses the interface mtu to determine the size of the packets).
|
||||
* So there won't be any EMSGSIZE error. Against DNS fragmentation attacks.
|
||||
* FreeBSD already has same semantics without setting the option. */
|
||||
# if defined(IP_PMTUDISC_OMIT)
|
||||
int action = IP_PMTUDISC_OMIT;
|
||||
# else
|
||||
int action = IP_PMTUDISC_DONT;
|
||||
# endif
|
||||
if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
|
||||
&action, (socklen_t)sizeof(action)) < 0) {
|
||||
log_err("setsockopt(..., IP_MTU_DISCOVER, "
|
||||
"IP_PMTUDISC_DONT...) failed: %s",
|
||||
# if defined(IP_PMTUDISC_OMIT)
|
||||
"IP_PMTUDISC_OMIT"
|
||||
# else
|
||||
"IP_PMTUDISC_DONT"
|
||||
# endif
|
||||
"...) failed: %s",
|
||||
strerror(errno));
|
||||
# ifndef USE_WINSOCK
|
||||
close(s);
|
||||
@ -404,8 +419,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
||||
if(family==AF_INET6 && errno==EINVAL)
|
||||
*noproto = 1;
|
||||
else if(errno != EADDRINUSE) {
|
||||
log_err("can't bind socket: %s", strerror(errno));
|
||||
log_addr(0, "failed address",
|
||||
log_err_addr("can't bind socket", strerror(errno),
|
||||
(struct sockaddr_storage*)addr, addrlen);
|
||||
}
|
||||
#endif /* EADDRINUSE */
|
||||
@ -413,9 +427,8 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
||||
#else /* USE_WINSOCK */
|
||||
if(WSAGetLastError() != WSAEADDRINUSE &&
|
||||
WSAGetLastError() != WSAEADDRNOTAVAIL) {
|
||||
log_err("can't bind socket: %s",
|
||||
wsa_strerror(WSAGetLastError()));
|
||||
log_addr(0, "failed address",
|
||||
log_err_addr("can't bind socket",
|
||||
wsa_strerror(WSAGetLastError()),
|
||||
(struct sockaddr_storage*)addr, addrlen);
|
||||
}
|
||||
closesocket(s);
|
||||
@ -478,8 +491,8 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
|
||||
return -1;
|
||||
}
|
||||
#endif /* SO_REUSEADDR */
|
||||
#if defined(__linux__) && defined(SO_REUSEPORT)
|
||||
/* Linux specific: try to set SO_REUSEPORT so that incoming
|
||||
#ifdef SO_REUSEPORT
|
||||
/* try to set SO_REUSEPORT so that incoming
|
||||
* connections are distributed evenly among the receiving threads.
|
||||
* Each thread must have its own socket bound to the same port,
|
||||
* with SO_REUSEPORT set on each socket.
|
||||
@ -497,7 +510,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
|
||||
}
|
||||
#else
|
||||
(void)reuseport;
|
||||
#endif /* defined(__linux__) && defined(SO_REUSEPORT) */
|
||||
#endif /* defined(SO_REUSEPORT) */
|
||||
#if defined(IPV6_V6ONLY)
|
||||
if(addr->ai_family == AF_INET6 && v6only) {
|
||||
if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
|
||||
@ -523,16 +536,14 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
|
||||
if(addr->ai_family==AF_INET6 && errno==EINVAL)
|
||||
*noproto = 1;
|
||||
else {
|
||||
log_err("can't bind socket: %s", strerror(errno));
|
||||
log_addr(0, "failed address",
|
||||
log_err_addr("can't bind socket", strerror(errno),
|
||||
(struct sockaddr_storage*)addr->ai_addr,
|
||||
addr->ai_addrlen);
|
||||
}
|
||||
close(s);
|
||||
#else
|
||||
log_err("can't bind socket: %s",
|
||||
wsa_strerror(WSAGetLastError()));
|
||||
log_addr(0, "failed address",
|
||||
log_err_addr("can't bind socket",
|
||||
wsa_strerror(WSAGetLastError()),
|
||||
(struct sockaddr_storage*)addr->ai_addr,
|
||||
addr->ai_addrlen);
|
||||
closesocket(s);
|
||||
@ -837,7 +848,7 @@ listen_cp_insert(struct comm_point* c, struct listen_dnsport* front)
|
||||
struct listen_dnsport*
|
||||
listen_create(struct comm_base* base, struct listen_port* ports,
|
||||
size_t bufsize, int tcp_accept_count, void* sslctx,
|
||||
comm_point_callback_t* cb, void *cb_arg)
|
||||
struct dt_env* dtenv, comm_point_callback_t* cb, void *cb_arg)
|
||||
{
|
||||
struct listen_dnsport* front = (struct listen_dnsport*)
|
||||
malloc(sizeof(struct listen_dnsport));
|
||||
@ -871,6 +882,7 @@ listen_create(struct comm_base* base, struct listen_port* ports,
|
||||
listen_delete(front);
|
||||
return NULL;
|
||||
}
|
||||
cp->dtenv = dtenv;
|
||||
cp->do_not_close = 1;
|
||||
if(!listen_cp_insert(cp, front)) {
|
||||
log_err("malloc failed");
|
||||
|
@ -129,6 +129,7 @@ void listening_ports_free(struct listen_port* list);
|
||||
* @param tcp_accept_count: max number of simultaneous TCP connections
|
||||
* from clients.
|
||||
* @param sslctx: nonNULL if ssl context.
|
||||
* @param dtenv: nonNULL if dnstap enabled.
|
||||
* @param cb: callback function when a request arrives. It is passed
|
||||
* the packet and user argument. Return true to send a reply.
|
||||
* @param cb_arg: user data argument for callback function.
|
||||
@ -136,7 +137,8 @@ void listening_ports_free(struct listen_port* list);
|
||||
*/
|
||||
struct listen_dnsport* listen_create(struct comm_base* base,
|
||||
struct listen_port* ports, size_t bufsize, int tcp_accept_count,
|
||||
void* sslctx, comm_point_callback_t* cb, void* cb_arg);
|
||||
void* sslctx, struct dt_env *dtenv, comm_point_callback_t* cb,
|
||||
void* cb_arg);
|
||||
|
||||
/**
|
||||
* delete the listening structure
|
||||
|
@ -679,6 +679,70 @@ lz_enter_defaults(struct local_zones* zones, struct config_file* cfg)
|
||||
!add_as112_default(zones, cfg, "31.172.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "168.192.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "0.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "64.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "65.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "66.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "67.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "68.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "69.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "70.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "71.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "72.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "73.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "74.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "75.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "76.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "77.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "78.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "79.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "80.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "81.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "82.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "83.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "84.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "85.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "86.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "87.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "88.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "89.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "90.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "91.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "92.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "93.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "94.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "95.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "96.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "97.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "98.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "99.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "100.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "101.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "102.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "103.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "104.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "105.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "106.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "107.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "108.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "109.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "110.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "111.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "112.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "113.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "114.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "115.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "116.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "117.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "118.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "119.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "120.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "121.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "122.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "123.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "124.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "125.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "126.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "127.100.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "254.169.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "2.0.192.in-addr.arpa.") ||
|
||||
!add_as112_default(zones, cfg, "100.51.198.in-addr.arpa.") ||
|
||||
|
@ -132,6 +132,11 @@ mesh_state_compare(const void* ap, const void* bp)
|
||||
if(!a->s.is_priming && b->s.is_priming)
|
||||
return 1;
|
||||
|
||||
if(a->s.is_valrec && !b->s.is_valrec)
|
||||
return -1;
|
||||
if(!a->s.is_valrec && b->s.is_valrec)
|
||||
return 1;
|
||||
|
||||
if((a->s.query_flags&BIT_RD) && !(b->s.query_flags&BIT_RD))
|
||||
return -1;
|
||||
if(!(a->s.query_flags&BIT_RD) && (b->s.query_flags&BIT_RD))
|
||||
@ -277,11 +282,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
|
||||
uint16_t qflags, struct edns_data* edns, struct comm_reply* rep,
|
||||
uint16_t qid)
|
||||
{
|
||||
/* do not use CD flag from user for mesh state, we want the CD-query
|
||||
* to receive validation anyway, to protect out cache contents and
|
||||
* avoid bad-data in this cache that a downstream validator cannot
|
||||
* remove from this cache */
|
||||
struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&BIT_RD, 0);
|
||||
struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0);
|
||||
int was_detached = 0;
|
||||
int was_noreply = 0;
|
||||
int added = 0;
|
||||
@ -311,7 +312,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
|
||||
#ifdef UNBOUND_DEBUG
|
||||
struct rbnode_t* n;
|
||||
#endif
|
||||
s = mesh_state_create(mesh->env, qinfo, qflags&BIT_RD, 0);
|
||||
s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0);
|
||||
if(!s) {
|
||||
log_err("mesh_state_create: out of memory; SERVFAIL");
|
||||
error_encode(rep->c->buffer, LDNS_RCODE_SERVFAIL,
|
||||
@ -375,7 +376,7 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo,
|
||||
uint16_t qflags, struct edns_data* edns, sldns_buffer* buf,
|
||||
uint16_t qid, mesh_cb_func_t cb, void* cb_arg)
|
||||
{
|
||||
struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&BIT_RD, 0);
|
||||
struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0);
|
||||
int was_detached = 0;
|
||||
int was_noreply = 0;
|
||||
int added = 0;
|
||||
@ -386,7 +387,7 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo,
|
||||
#ifdef UNBOUND_DEBUG
|
||||
struct rbnode_t* n;
|
||||
#endif
|
||||
s = mesh_state_create(mesh->env, qinfo, qflags&BIT_RD, 0);
|
||||
s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0);
|
||||
if(!s) {
|
||||
return 0;
|
||||
}
|
||||
@ -428,7 +429,7 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo,
|
||||
void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo,
|
||||
uint16_t qflags, time_t leeway)
|
||||
{
|
||||
struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&BIT_RD, 0);
|
||||
struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0);
|
||||
#ifdef UNBOUND_DEBUG
|
||||
struct rbnode_t* n;
|
||||
#endif
|
||||
@ -447,7 +448,7 @@ void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo,
|
||||
mesh->stats_dropped ++;
|
||||
return;
|
||||
}
|
||||
s = mesh_state_create(mesh->env, qinfo, qflags&BIT_RD, 0);
|
||||
s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0);
|
||||
if(!s) {
|
||||
log_err("prefetch mesh_state_create: out of memory");
|
||||
return;
|
||||
@ -496,7 +497,7 @@ void mesh_report_reply(struct mesh_area* mesh, struct outbound_entry* e,
|
||||
|
||||
struct mesh_state*
|
||||
mesh_state_create(struct module_env* env, struct query_info* qinfo,
|
||||
uint16_t qflags, int prime)
|
||||
uint16_t qflags, int prime, int valrec)
|
||||
{
|
||||
struct regional* region = alloc_reg_obtain(env->alloc);
|
||||
struct mesh_state* mstate;
|
||||
@ -533,6 +534,7 @@ mesh_state_create(struct module_env* env, struct query_info* qinfo,
|
||||
/* remove all weird bits from qflags */
|
||||
mstate->s.query_flags = (qflags & (BIT_RD|BIT_CD));
|
||||
mstate->s.is_priming = prime;
|
||||
mstate->s.is_valrec = valrec;
|
||||
mstate->s.reply = NULL;
|
||||
mstate->s.region = region;
|
||||
mstate->s.curmod = 0;
|
||||
@ -679,11 +681,12 @@ void mesh_detach_subs(struct module_qstate* qstate)
|
||||
}
|
||||
|
||||
int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
||||
uint16_t qflags, int prime, struct module_qstate** newq)
|
||||
uint16_t qflags, int prime, int valrec, struct module_qstate** newq)
|
||||
{
|
||||
/* find it, if not, create it */
|
||||
struct mesh_area* mesh = qstate->env->mesh;
|
||||
struct mesh_state* sub = mesh_area_find(mesh, qinfo, qflags, prime);
|
||||
struct mesh_state* sub = mesh_area_find(mesh, qinfo, qflags, prime,
|
||||
valrec);
|
||||
int was_detached;
|
||||
if(mesh_detect_cycle_found(qstate, sub)) {
|
||||
verbose(VERB_ALGO, "attach failed, cycle detected");
|
||||
@ -694,7 +697,8 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
||||
struct rbnode_t* n;
|
||||
#endif
|
||||
/* create a new one */
|
||||
sub = mesh_state_create(qstate->env, qinfo, qflags, prime);
|
||||
sub = mesh_state_create(qstate->env, qinfo, qflags, prime,
|
||||
valrec);
|
||||
if(!sub) {
|
||||
log_err("mesh_attach_sub: out of memory");
|
||||
return 0;
|
||||
@ -941,13 +945,14 @@ void mesh_walk_supers(struct mesh_area* mesh, struct mesh_state* mstate)
|
||||
}
|
||||
|
||||
struct mesh_state* mesh_area_find(struct mesh_area* mesh,
|
||||
struct query_info* qinfo, uint16_t qflags, int prime)
|
||||
struct query_info* qinfo, uint16_t qflags, int prime, int valrec)
|
||||
{
|
||||
struct mesh_state key;
|
||||
struct mesh_state* result;
|
||||
|
||||
key.node.key = &key;
|
||||
key.s.is_priming = prime;
|
||||
key.s.is_valrec = valrec;
|
||||
key.s.qinfo = *qinfo;
|
||||
key.s.query_flags = qflags;
|
||||
|
||||
@ -1107,8 +1112,9 @@ mesh_log_list(struct mesh_area* mesh)
|
||||
struct mesh_state* m;
|
||||
int num = 0;
|
||||
RBTREE_FOR(m, struct mesh_state*, &mesh->all) {
|
||||
snprintf(buf, sizeof(buf), "%d%s%s%s%s%s mod%d %s%s",
|
||||
snprintf(buf, sizeof(buf), "%d%s%s%s%s%s%s mod%d %s%s",
|
||||
num++, (m->s.is_priming)?"p":"", /* prime */
|
||||
(m->s.is_valrec)?"v":"", /* prime */
|
||||
(m->s.query_flags&BIT_RD)?"RD":"",
|
||||
(m->s.query_flags&BIT_CD)?"CD":"",
|
||||
(m->super_set.count==0)?"d":"", /* detached */
|
||||
@ -1178,10 +1184,11 @@ mesh_get_mem(struct mesh_area* mesh)
|
||||
|
||||
int
|
||||
mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo,
|
||||
uint16_t flags, int prime)
|
||||
uint16_t flags, int prime, int valrec)
|
||||
{
|
||||
struct mesh_area* mesh = qstate->env->mesh;
|
||||
struct mesh_state* dep_m = mesh_area_find(mesh, qinfo, flags, prime);
|
||||
struct mesh_state* dep_m = mesh_area_find(mesh, qinfo, flags, prime,
|
||||
valrec);
|
||||
return mesh_detect_cycle_found(qstate, dep_m);
|
||||
}
|
||||
|
||||
|
@ -353,12 +353,13 @@ void mesh_detach_subs(struct module_qstate* qstate);
|
||||
* @param qinfo: what to query for (copied).
|
||||
* @param qflags: what flags to use (RD / CD flag or not).
|
||||
* @param prime: if it is a (stub) priming query.
|
||||
* @param valrec: if it is a validation recursion query (lookup of key, DS).
|
||||
* @param newq: If the new subquery needs initialisation, it is returned,
|
||||
* otherwise NULL is returned.
|
||||
* @return: false on error, true if success (and init may be needed).
|
||||
*/
|
||||
int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
||||
uint16_t qflags, int prime, struct module_qstate** newq);
|
||||
uint16_t qflags, int prime, int valrec, struct module_qstate** newq);
|
||||
|
||||
/**
|
||||
* Query state is done, send messages to reply entries.
|
||||
@ -406,10 +407,12 @@ void mesh_state_delete(struct module_qstate* qstate);
|
||||
* @param qinfo: query info that the mesh is for.
|
||||
* @param qflags: flags for query (RD / CD flag).
|
||||
* @param prime: if true, it is a priming query, set is_priming on mesh state.
|
||||
* @param valrec: if true, it is a validation recursion query, and sets
|
||||
* is_valrec on the mesh state.
|
||||
* @return: new mesh state or NULL on allocation error.
|
||||
*/
|
||||
struct mesh_state* mesh_state_create(struct module_env* env,
|
||||
struct query_info* qinfo, uint16_t qflags, int prime);
|
||||
struct query_info* qinfo, uint16_t qflags, int prime, int valrec);
|
||||
|
||||
/**
|
||||
* Cleanup a mesh state and its query state. Does not do rbtree or
|
||||
@ -432,10 +435,11 @@ void mesh_delete_all(struct mesh_area* mesh);
|
||||
* @param qinfo: what query
|
||||
* @param qflags: if RD / CD bit is set or not.
|
||||
* @param prime: if it is a priming query.
|
||||
* @param valrec: if it is a validation-recursion query.
|
||||
* @return: mesh state or NULL if not found.
|
||||
*/
|
||||
struct mesh_state* mesh_area_find(struct mesh_area* mesh,
|
||||
struct query_info* qinfo, uint16_t qflags, int prime);
|
||||
struct query_info* qinfo, uint16_t qflags, int prime, int valrec);
|
||||
|
||||
/**
|
||||
* Setup attachment super/sub relation between super and sub mesh state.
|
||||
@ -523,13 +527,14 @@ size_t mesh_get_mem(struct mesh_area* mesh);
|
||||
* @param qinfo: query info for dependency.
|
||||
* @param flags: query flags of dependency.
|
||||
* @param prime: if dependency is a priming query or not.
|
||||
* @param valrec: if it is a validation recursion query (lookup of key, DS).
|
||||
* @return true if the name,type,class exists and the given qstate mesh exists
|
||||
* as a dependency of that name. Thus if qstate becomes dependent on
|
||||
* name,type,class then a cycle is created, this is return value 1.
|
||||
* Too large to search is value 2 (also true).
|
||||
*/
|
||||
int mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo,
|
||||
uint16_t flags, int prime);
|
||||
uint16_t flags, int prime, int valrec);
|
||||
|
||||
/** compare two mesh_states */
|
||||
int mesh_state_compare(const void* ap, const void* bp);
|
||||
|
@ -43,6 +43,7 @@
|
||||
#include "services/modstack.h"
|
||||
#include "util/module.h"
|
||||
#include "util/fptr_wlist.h"
|
||||
#include "dns64/dns64.h"
|
||||
#include "iterator/iterator.h"
|
||||
#include "validator/validator.h"
|
||||
|
||||
@ -59,12 +60,12 @@ count_modules(const char* s)
|
||||
return 0;
|
||||
while(*s) {
|
||||
/* skip whitespace */
|
||||
while(*s && isspace((int)*s))
|
||||
while(*s && isspace((unsigned char)*s))
|
||||
s++;
|
||||
if(*s && !isspace((int)*s)) {
|
||||
if(*s && !isspace((unsigned char)*s)) {
|
||||
/* skip identifier */
|
||||
num++;
|
||||
while(*s && !isspace((int)*s))
|
||||
while(*s && !isspace((unsigned char)*s))
|
||||
s++;
|
||||
}
|
||||
}
|
||||
@ -116,6 +117,7 @@ module_list_avail(void)
|
||||
{
|
||||
/* these are the modules available */
|
||||
static const char* names[] = {
|
||||
"dns64",
|
||||
#ifdef WITH_PYTHONMODULE
|
||||
"python",
|
||||
#endif
|
||||
@ -133,6 +135,7 @@ static fbgetfunctype*
|
||||
module_funcs_avail(void)
|
||||
{
|
||||
static struct module_func_block* (*fb[])(void) = {
|
||||
&dns64_get_funcblock,
|
||||
#ifdef WITH_PYTHONMODULE
|
||||
&pythonmod_get_funcblock,
|
||||
#endif
|
||||
@ -149,7 +152,7 @@ module_func_block* module_factory(const char** str)
|
||||
const char* s = *str;
|
||||
const char** names = module_list_avail();
|
||||
fbgetfunctype* fb = module_funcs_avail();
|
||||
while(*s && isspace((int)*s))
|
||||
while(*s && isspace((unsigned char)*s))
|
||||
s++;
|
||||
while(names[i]) {
|
||||
if(strncmp(names[i], s, strlen(names[i])) == 0) {
|
||||
|
@ -58,6 +58,7 @@
|
||||
#include "util/random.h"
|
||||
#include "util/fptr_wlist.h"
|
||||
#include "ldns/sbuffer.h"
|
||||
#include "dnstap/dnstap.h"
|
||||
#ifdef HAVE_OPENSSL_SSL_H
|
||||
#include <openssl/ssl.h>
|
||||
#endif
|
||||
@ -75,11 +76,14 @@
|
||||
#define OUTBOUND_UDP_RETRY 1
|
||||
|
||||
/** initiate TCP transaction for serviced query */
|
||||
static void serviced_tcp_initiate(struct outside_network* outnet,
|
||||
struct serviced_query* sq, sldns_buffer* buff);
|
||||
static void serviced_tcp_initiate(struct serviced_query* sq, sldns_buffer* buff);
|
||||
/** with a fd available, randomize and send UDP */
|
||||
static int randomize_and_send_udp(struct outside_network* outnet,
|
||||
struct pending* pend, sldns_buffer* packet, int timeout);
|
||||
static int randomize_and_send_udp(struct pending* pend, sldns_buffer* packet,
|
||||
int timeout);
|
||||
|
||||
/** remove waiting tcp from the outnet waiting list */
|
||||
static void waiting_list_remove(struct outside_network* outnet,
|
||||
struct waiting_tcp* w);
|
||||
|
||||
int
|
||||
pending_cmp(const void* key1, const void* key2)
|
||||
@ -210,12 +214,12 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
|
||||
s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
|
||||
if(s == -1) {
|
||||
#ifndef USE_WINSOCK
|
||||
log_err("outgoing tcp: socket: %s", strerror(errno));
|
||||
log_err_addr("outgoing tcp: socket", strerror(errno),
|
||||
&w->addr, w->addrlen);
|
||||
#else
|
||||
log_err("outgoing tcp: socket: %s",
|
||||
wsa_strerror(WSAGetLastError()));
|
||||
log_err_addr("outgoing tcp: socket",
|
||||
wsa_strerror(WSAGetLastError()), &w->addr, w->addrlen);
|
||||
#endif
|
||||
log_addr(0, "failed address", &w->addr, w->addrlen);
|
||||
return 0;
|
||||
}
|
||||
if(!pick_outgoing_tcp(w, s))
|
||||
@ -231,15 +235,14 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
|
||||
#endif
|
||||
if(tcp_connect_errno_needs_log(
|
||||
(struct sockaddr*)&w->addr, w->addrlen))
|
||||
log_err("outgoing tcp: connect: %s",
|
||||
strerror(errno));
|
||||
log_err_addr("outgoing tcp: connect",
|
||||
strerror(errno), &w->addr, w->addrlen);
|
||||
close(s);
|
||||
#else /* USE_WINSOCK */
|
||||
if(WSAGetLastError() != WSAEINPROGRESS &&
|
||||
WSAGetLastError() != WSAEWOULDBLOCK) {
|
||||
closesocket(s);
|
||||
#endif
|
||||
log_addr(0, "failed address", &w->addr, w->addrlen);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
@ -258,6 +261,7 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
|
||||
w->pkt = NULL;
|
||||
w->next_waiting = (void*)pend;
|
||||
pend->id = LDNS_ID_WIRE(pkt);
|
||||
w->outnet->num_tcp_outgoing++;
|
||||
w->outnet->tcp_free = pend->next_free;
|
||||
pend->next_free = NULL;
|
||||
pend->query = w;
|
||||
@ -378,7 +382,7 @@ outnet_send_wait_udp(struct outside_network* outnet)
|
||||
free(pend->pkt); /* freeing now makes get_mem correct */
|
||||
pend->pkt = NULL;
|
||||
pend->pkt_len = 0;
|
||||
if(!randomize_and_send_udp(outnet, pend, outnet->udp_buff,
|
||||
if(!randomize_and_send_udp(pend, outnet->udp_buff,
|
||||
pend->timeout)) {
|
||||
/* callback error on pending */
|
||||
if(pend->cb) {
|
||||
@ -588,7 +592,7 @@ outside_network_create(struct comm_base *base, size_t bufsize,
|
||||
struct ub_randstate* rnd, int use_caps_for_id, int* availports,
|
||||
int numavailports, size_t unwanted_threshold,
|
||||
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
|
||||
void* sslctx, int delayclose)
|
||||
void* sslctx, int delayclose, struct dt_env* dtenv)
|
||||
{
|
||||
struct outside_network* outnet = (struct outside_network*)
|
||||
calloc(1, sizeof(struct outside_network));
|
||||
@ -600,9 +604,15 @@ outside_network_create(struct comm_base *base, size_t bufsize,
|
||||
comm_base_timept(base, &outnet->now_secs, &outnet->now_tv);
|
||||
outnet->base = base;
|
||||
outnet->num_tcp = num_tcp;
|
||||
outnet->num_tcp_outgoing = 0;
|
||||
outnet->infra = infra;
|
||||
outnet->rnd = rnd;
|
||||
outnet->sslctx = sslctx;
|
||||
#ifdef USE_DNSTAP
|
||||
outnet->dtenv = dtenv;
|
||||
#else
|
||||
(void)dtenv;
|
||||
#endif
|
||||
outnet->svcd_overhead = 0;
|
||||
outnet->want_to_quit = 0;
|
||||
outnet->unwanted_threshold = unwanted_threshold;
|
||||
@ -991,10 +1001,10 @@ select_ifport(struct outside_network* outnet, struct pending* pend,
|
||||
}
|
||||
|
||||
static int
|
||||
randomize_and_send_udp(struct outside_network* outnet, struct pending* pend,
|
||||
sldns_buffer* packet, int timeout)
|
||||
randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout)
|
||||
{
|
||||
struct timeval tv;
|
||||
struct outside_network* outnet = pend->sq->outnet;
|
||||
|
||||
/* select id */
|
||||
if(!select_id(outnet, pend, packet)) {
|
||||
@ -1027,30 +1037,38 @@ randomize_and_send_udp(struct outside_network* outnet, struct pending* pend,
|
||||
tv.tv_usec = (timeout%1000)*1000;
|
||||
#endif
|
||||
comm_timer_set(pend->timer, &tv);
|
||||
|
||||
#ifdef USE_DNSTAP
|
||||
if(outnet->dtenv &&
|
||||
(outnet->dtenv->log_resolver_query_messages ||
|
||||
outnet->dtenv->log_forwarder_query_messages))
|
||||
dt_msg_send_outside_query(outnet->dtenv, &pend->addr, comm_udp,
|
||||
pend->sq->zone, pend->sq->zonelen, packet);
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
struct pending*
|
||||
pending_udp_query(struct outside_network* outnet, sldns_buffer* packet,
|
||||
struct sockaddr_storage* addr, socklen_t addrlen, int timeout,
|
||||
comm_point_callback_t* cb, void* cb_arg)
|
||||
pending_udp_query(struct serviced_query* sq, struct sldns_buffer* packet,
|
||||
int timeout, comm_point_callback_t* cb, void* cb_arg)
|
||||
{
|
||||
struct pending* pend = (struct pending*)calloc(1, sizeof(*pend));
|
||||
if(!pend) return NULL;
|
||||
pend->outnet = outnet;
|
||||
pend->addrlen = addrlen;
|
||||
memmove(&pend->addr, addr, addrlen);
|
||||
pend->outnet = sq->outnet;
|
||||
pend->sq = sq;
|
||||
pend->addrlen = sq->addrlen;
|
||||
memmove(&pend->addr, &sq->addr, sq->addrlen);
|
||||
pend->cb = cb;
|
||||
pend->cb_arg = cb_arg;
|
||||
pend->node.key = pend;
|
||||
pend->timer = comm_timer_create(outnet->base, pending_udp_timer_cb,
|
||||
pend->timer = comm_timer_create(sq->outnet->base, pending_udp_timer_cb,
|
||||
pend);
|
||||
if(!pend->timer) {
|
||||
free(pend);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if(outnet->unused_fds == NULL) {
|
||||
if(sq->outnet->unused_fds == NULL) {
|
||||
/* no unused fd, cannot create a new port (randomly) */
|
||||
verbose(VERB_ALGO, "no fds available, udp query waiting");
|
||||
pend->timeout = timeout;
|
||||
@ -1063,15 +1081,15 @@ pending_udp_query(struct outside_network* outnet, sldns_buffer* packet,
|
||||
return NULL;
|
||||
}
|
||||
/* put at end of waiting list */
|
||||
if(outnet->udp_wait_last)
|
||||
outnet->udp_wait_last->next_waiting = pend;
|
||||
if(sq->outnet->udp_wait_last)
|
||||
sq->outnet->udp_wait_last->next_waiting = pend;
|
||||
else
|
||||
outnet->udp_wait_first = pend;
|
||||
outnet->udp_wait_last = pend;
|
||||
sq->outnet->udp_wait_first = pend;
|
||||
sq->outnet->udp_wait_last = pend;
|
||||
return pend;
|
||||
}
|
||||
if(!randomize_and_send_udp(outnet, pend, packet, timeout)) {
|
||||
pending_delete(outnet, pend);
|
||||
if(!randomize_and_send_udp(pend, packet, timeout)) {
|
||||
pending_delete(sq->outnet, pend);
|
||||
return NULL;
|
||||
}
|
||||
return pend;
|
||||
@ -1086,17 +1104,7 @@ outnet_tcptimer(void* arg)
|
||||
void* cb_arg;
|
||||
if(w->pkt) {
|
||||
/* it is on the waiting list */
|
||||
struct waiting_tcp* p=outnet->tcp_wait_first, *prev=NULL;
|
||||
while(p) {
|
||||
if(p == w) {
|
||||
if(prev) prev->next_waiting = w->next_waiting;
|
||||
else outnet->tcp_wait_first=w->next_waiting;
|
||||
outnet->tcp_wait_last = prev;
|
||||
break;
|
||||
}
|
||||
prev = p;
|
||||
p=p->next_waiting;
|
||||
}
|
||||
waiting_list_remove(outnet, w);
|
||||
} else {
|
||||
/* it was in use */
|
||||
struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting;
|
||||
@ -1113,12 +1121,11 @@ outnet_tcptimer(void* arg)
|
||||
use_free_buffer(outnet);
|
||||
}
|
||||
|
||||
struct waiting_tcp*
|
||||
pending_tcp_query(struct outside_network* outnet, sldns_buffer* packet,
|
||||
struct sockaddr_storage* addr, socklen_t addrlen, int timeout,
|
||||
comm_point_callback_t* callback, void* callback_arg, int ssl_upstream)
|
||||
struct waiting_tcp*
|
||||
pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet,
|
||||
int timeout, comm_point_callback_t* callback, void* callback_arg)
|
||||
{
|
||||
struct pending_tcp* pend = outnet->tcp_free;
|
||||
struct pending_tcp* pend = sq->outnet->tcp_free;
|
||||
struct waiting_tcp* w;
|
||||
struct timeval tv;
|
||||
uint16_t id;
|
||||
@ -1128,20 +1135,20 @@ pending_tcp_query(struct outside_network* outnet, sldns_buffer* packet,
|
||||
if(!w) {
|
||||
return NULL;
|
||||
}
|
||||
if(!(w->timer = comm_timer_create(outnet->base, outnet_tcptimer, w))) {
|
||||
if(!(w->timer = comm_timer_create(sq->outnet->base, outnet_tcptimer, w))) {
|
||||
free(w);
|
||||
return NULL;
|
||||
}
|
||||
w->pkt = NULL;
|
||||
w->pkt_len = 0;
|
||||
id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff;
|
||||
id = ((unsigned)ub_random(sq->outnet->rnd)>>8) & 0xffff;
|
||||
LDNS_ID_SET(sldns_buffer_begin(packet), id);
|
||||
memcpy(&w->addr, addr, addrlen);
|
||||
w->addrlen = addrlen;
|
||||
w->outnet = outnet;
|
||||
memcpy(&w->addr, &sq->addr, sq->addrlen);
|
||||
w->addrlen = sq->addrlen;
|
||||
w->outnet = sq->outnet;
|
||||
w->cb = callback;
|
||||
w->cb_arg = callback_arg;
|
||||
w->ssl_upstream = ssl_upstream;
|
||||
w->ssl_upstream = sq->ssl_upstream;
|
||||
#ifndef S_SPLINT_S
|
||||
tv.tv_sec = timeout;
|
||||
tv.tv_usec = 0;
|
||||
@ -1154,16 +1161,23 @@ pending_tcp_query(struct outside_network* outnet, sldns_buffer* packet,
|
||||
waiting_tcp_delete(w);
|
||||
return NULL;
|
||||
}
|
||||
#ifdef USE_DNSTAP
|
||||
if(sq->outnet->dtenv &&
|
||||
(sq->outnet->dtenv->log_resolver_query_messages ||
|
||||
sq->outnet->dtenv->log_forwarder_query_messages))
|
||||
dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr,
|
||||
comm_tcp, sq->zone, sq->zonelen, packet);
|
||||
#endif
|
||||
} else {
|
||||
/* queue up */
|
||||
w->pkt = (uint8_t*)w + sizeof(struct waiting_tcp);
|
||||
w->pkt_len = sldns_buffer_limit(packet);
|
||||
memmove(w->pkt, sldns_buffer_begin(packet), w->pkt_len);
|
||||
w->next_waiting = NULL;
|
||||
if(outnet->tcp_wait_last)
|
||||
outnet->tcp_wait_last->next_waiting = w;
|
||||
else outnet->tcp_wait_first = w;
|
||||
outnet->tcp_wait_last = w;
|
||||
if(sq->outnet->tcp_wait_last)
|
||||
sq->outnet->tcp_wait_last->next_waiting = w;
|
||||
else sq->outnet->tcp_wait_first = w;
|
||||
sq->outnet->tcp_wait_last = w;
|
||||
}
|
||||
return w;
|
||||
}
|
||||
@ -1205,7 +1219,7 @@ lookup_serviced(struct outside_network* outnet, sldns_buffer* buff, int dnssec,
|
||||
/** Create new serviced entry */
|
||||
static struct serviced_query*
|
||||
serviced_create(struct outside_network* outnet, sldns_buffer* buff, int dnssec,
|
||||
int want_dnssec, int tcp_upstream, int ssl_upstream,
|
||||
int want_dnssec, int nocaps, int tcp_upstream, int ssl_upstream,
|
||||
struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
|
||||
size_t zonelen, int qtype)
|
||||
{
|
||||
@ -1232,6 +1246,7 @@ serviced_create(struct outside_network* outnet, sldns_buffer* buff, int dnssec,
|
||||
sq->qtype = qtype;
|
||||
sq->dnssec = dnssec;
|
||||
sq->want_dnssec = want_dnssec;
|
||||
sq->nocaps = nocaps;
|
||||
sq->tcp_upstream = tcp_upstream;
|
||||
sq->ssl_upstream = ssl_upstream;
|
||||
memcpy(&sq->addr, addr, addrlen);
|
||||
@ -1319,16 +1334,16 @@ serviced_perturb_qname(struct ub_randstate* rnd, uint8_t* qbuf, size_t len)
|
||||
while(lablen) {
|
||||
while(lablen--) {
|
||||
/* only perturb A-Z, a-z */
|
||||
if(isalpha((int)*d)) {
|
||||
if(isalpha((unsigned char)*d)) {
|
||||
/* get a random bit */
|
||||
if(bits == 0) {
|
||||
random = ub_random(rnd);
|
||||
bits = 30;
|
||||
}
|
||||
if(random & 0x1) {
|
||||
*d = (uint8_t)toupper((int)*d);
|
||||
*d = (uint8_t)toupper((unsigned char)*d);
|
||||
} else {
|
||||
*d = (uint8_t)tolower((int)*d);
|
||||
*d = (uint8_t)tolower((unsigned char)*d);
|
||||
}
|
||||
random >>= 1;
|
||||
bits--;
|
||||
@ -1349,7 +1364,7 @@ static void
|
||||
serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns)
|
||||
{
|
||||
/* if we are using 0x20 bits for ID randomness, perturb them */
|
||||
if(sq->outnet->use_caps_for_id) {
|
||||
if(sq->outnet->use_caps_for_id && !sq->nocaps) {
|
||||
serviced_perturb_qname(sq->outnet->rnd, sq->qbuf, sq->qbuflen);
|
||||
}
|
||||
/* generate query */
|
||||
@ -1424,8 +1439,8 @@ serviced_udp_send(struct serviced_query* sq, sldns_buffer* buff)
|
||||
sq->last_sent_time = *sq->outnet->now_tv;
|
||||
sq->edns_lame_known = (int)edns_lame_known;
|
||||
verbose(VERB_ALGO, "serviced query UDP timeout=%d msec", rtt);
|
||||
sq->pending = pending_udp_query(sq->outnet, buff, &sq->addr,
|
||||
sq->addrlen, rtt, serviced_udp_callback, sq);
|
||||
sq->pending = pending_udp_query(sq, buff, rtt,
|
||||
serviced_udp_callback, sq);
|
||||
if(!sq->pending)
|
||||
return 0;
|
||||
return 1;
|
||||
@ -1574,13 +1589,21 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error,
|
||||
if(error==NETEVENT_NOERROR)
|
||||
infra_update_tcp_works(sq->outnet->infra, &sq->addr,
|
||||
sq->addrlen, sq->zone, sq->zonelen);
|
||||
#ifdef USE_DNSTAP
|
||||
if(sq->outnet->dtenv &&
|
||||
(sq->outnet->dtenv->log_resolver_response_messages ||
|
||||
sq->outnet->dtenv->log_forwarder_response_messages))
|
||||
dt_msg_send_outside_response(sq->outnet->dtenv, &sq->addr,
|
||||
c->type, sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen,
|
||||
&sq->last_sent_time, sq->outnet->now_tv, c->buffer);
|
||||
#endif
|
||||
if(error==NETEVENT_NOERROR && sq->status == serviced_query_TCP_EDNS &&
|
||||
(LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) ==
|
||||
LDNS_RCODE_FORMERR || LDNS_RCODE_WIRE(sldns_buffer_begin(
|
||||
c->buffer)) == LDNS_RCODE_NOTIMPL) ) {
|
||||
/* attempt to fallback to nonEDNS */
|
||||
sq->status = serviced_query_TCP_EDNS_fallback;
|
||||
serviced_tcp_initiate(sq->outnet, sq, c->buffer);
|
||||
serviced_tcp_initiate(sq, c->buffer);
|
||||
return 0;
|
||||
} else if(error==NETEVENT_NOERROR &&
|
||||
sq->status == serviced_query_TCP_EDNS_fallback &&
|
||||
@ -1632,16 +1655,14 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error,
|
||||
}
|
||||
|
||||
static void
|
||||
serviced_tcp_initiate(struct outside_network* outnet,
|
||||
struct serviced_query* sq, sldns_buffer* buff)
|
||||
serviced_tcp_initiate(struct serviced_query* sq, sldns_buffer* buff)
|
||||
{
|
||||
verbose(VERB_ALGO, "initiate TCP query %s",
|
||||
sq->status==serviced_query_TCP_EDNS?"EDNS":"");
|
||||
serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS);
|
||||
sq->last_sent_time = *sq->outnet->now_tv;
|
||||
sq->pending = pending_tcp_query(outnet, buff, &sq->addr,
|
||||
sq->addrlen, TCP_AUTH_QUERY_TIMEOUT, serviced_tcp_callback,
|
||||
sq, sq->ssl_upstream);
|
||||
sq->pending = pending_tcp_query(sq, buff, TCP_AUTH_QUERY_TIMEOUT,
|
||||
serviced_tcp_callback, sq);
|
||||
if(!sq->pending) {
|
||||
/* delete from tree so that a retry by above layer does not
|
||||
* clash with this entry */
|
||||
@ -1665,9 +1686,8 @@ serviced_tcp_send(struct serviced_query* sq, sldns_buffer* buff)
|
||||
else sq->status = serviced_query_TCP;
|
||||
serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS);
|
||||
sq->last_sent_time = *sq->outnet->now_tv;
|
||||
sq->pending = pending_tcp_query(sq->outnet, buff, &sq->addr,
|
||||
sq->addrlen, TCP_AUTH_QUERY_TIMEOUT, serviced_tcp_callback,
|
||||
sq, sq->ssl_upstream);
|
||||
sq->pending = pending_tcp_query(sq, buff, TCP_AUTH_QUERY_TIMEOUT,
|
||||
serviced_tcp_callback, sq);
|
||||
return sq->pending != NULL;
|
||||
}
|
||||
|
||||
@ -1728,6 +1748,14 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
|
||||
serviced_callbacks(sq, error, c, rep);
|
||||
return 0;
|
||||
}
|
||||
#ifdef USE_DNSTAP
|
||||
if(outnet->dtenv &&
|
||||
(outnet->dtenv->log_resolver_response_messages ||
|
||||
outnet->dtenv->log_forwarder_response_messages))
|
||||
dt_msg_send_outside_response(outnet->dtenv, &sq->addr, c->type,
|
||||
sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen,
|
||||
&sq->last_sent_time, sq->outnet->now_tv, c->buffer);
|
||||
#endif
|
||||
if(!fallback_tcp) {
|
||||
if( (sq->status == serviced_query_UDP_EDNS
|
||||
||sq->status == serviced_query_UDP_EDNS_FRAG)
|
||||
@ -1816,7 +1844,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
|
||||
/* if we have unfinished EDNS_fallback, start again */
|
||||
sq->status = serviced_query_TCP_EDNS;
|
||||
else sq->status = serviced_query_TCP;
|
||||
serviced_tcp_initiate(outnet, sq, c->buffer);
|
||||
serviced_tcp_initiate(sq, c->buffer);
|
||||
return 0;
|
||||
}
|
||||
/* yay! an answer */
|
||||
@ -1827,10 +1855,11 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
|
||||
struct serviced_query*
|
||||
outnet_serviced_query(struct outside_network* outnet,
|
||||
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||
uint16_t flags, int dnssec, int want_dnssec, int tcp_upstream,
|
||||
int ssl_upstream, struct sockaddr_storage* addr, socklen_t addrlen,
|
||||
uint8_t* zone, size_t zonelen, comm_point_callback_t* callback,
|
||||
void* callback_arg, sldns_buffer* buff)
|
||||
uint16_t flags, int dnssec, int want_dnssec, int nocaps,
|
||||
int tcp_upstream, int ssl_upstream, struct sockaddr_storage* addr,
|
||||
socklen_t addrlen, uint8_t* zone, size_t zonelen,
|
||||
comm_point_callback_t* callback, void* callback_arg,
|
||||
sldns_buffer* buff)
|
||||
{
|
||||
struct serviced_query* sq;
|
||||
struct service_callback* cb;
|
||||
@ -1843,7 +1872,7 @@ outnet_serviced_query(struct outside_network* outnet,
|
||||
return NULL;
|
||||
if(!sq) {
|
||||
/* make new serviced query entry */
|
||||
sq = serviced_create(outnet, buff, dnssec, want_dnssec,
|
||||
sq = serviced_create(outnet, buff, dnssec, want_dnssec, nocaps,
|
||||
tcp_upstream, ssl_upstream, addr, addrlen, zone,
|
||||
zonelen, (int)qtype);
|
||||
if(!sq) {
|
||||
|
@ -45,6 +45,7 @@
|
||||
|
||||
#include "util/rbtree.h"
|
||||
#include "util/netevent.h"
|
||||
#include "dnstap/dnstap_config.h"
|
||||
struct pending;
|
||||
struct pending_timeout;
|
||||
struct ub_randstate;
|
||||
@ -55,6 +56,8 @@ struct infra_cache;
|
||||
struct port_comm;
|
||||
struct port_if;
|
||||
struct sldns_buffer;
|
||||
struct serviced_query;
|
||||
struct dt_env;
|
||||
|
||||
/**
|
||||
* Send queries to outside servers and wait for answers from servers.
|
||||
@ -125,6 +128,10 @@ struct outside_network {
|
||||
struct ub_randstate* rnd;
|
||||
/** ssl context to create ssl wrapped TCP with DNS connections */
|
||||
void* sslctx;
|
||||
#ifdef USE_DNSTAP
|
||||
/** dnstap environment */
|
||||
struct dt_env* dtenv;
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Array of tcp pending used for outgoing TCP connections.
|
||||
@ -135,6 +142,8 @@ struct outside_network {
|
||||
struct pending_tcp **tcp_conns;
|
||||
/** number of tcp communication points. */
|
||||
size_t num_tcp;
|
||||
/** number of tcp communication points in use. */
|
||||
size_t num_tcp_outgoing;
|
||||
/** list of tcp comm points that are free for use */
|
||||
struct pending_tcp* tcp_free;
|
||||
/** list of tcp queries waiting for a buffer */
|
||||
@ -210,6 +219,8 @@ struct pending {
|
||||
void* cb_arg;
|
||||
/** the outside network it is part of */
|
||||
struct outside_network* outnet;
|
||||
/** the corresponding serviced_query */
|
||||
struct serviced_query* sq;
|
||||
|
||||
/*---- filled if udp pending is waiting -----*/
|
||||
/** next in waiting list. */
|
||||
@ -307,6 +318,8 @@ struct serviced_query {
|
||||
int dnssec;
|
||||
/** We want signatures, or else the answer is likely useless */
|
||||
int want_dnssec;
|
||||
/** ignore capsforid */
|
||||
int nocaps;
|
||||
/** tcp upstream used, use tcp, or ssl_upstream for SSL */
|
||||
int tcp_upstream, ssl_upstream;
|
||||
/** where to send it */
|
||||
@ -383,6 +396,7 @@ struct serviced_query {
|
||||
* @param sslctx: context to create outgoing connections with (if enabled).
|
||||
* @param delayclose: if not 0, udp sockets are delayed before timeout closure.
|
||||
* msec to wait on timeouted udp sockets.
|
||||
* @param dtenv: environment to send dnstap events with (if enabled).
|
||||
* @return: the new structure (with no pending answers) or NULL on error.
|
||||
*/
|
||||
struct outside_network* outside_network_create(struct comm_base* base,
|
||||
@ -391,7 +405,7 @@ struct outside_network* outside_network_create(struct comm_base* base,
|
||||
struct ub_randstate* rnd, int use_caps_for_id, int* availports,
|
||||
int numavailports, size_t unwanted_threshold,
|
||||
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
|
||||
void* sslctx, int delayclose);
|
||||
void* sslctx, int delayclose, struct dt_env *dtenv);
|
||||
|
||||
/**
|
||||
* Delete outside_network structure.
|
||||
@ -408,39 +422,32 @@ void outside_network_quit_prepare(struct outside_network* outnet);
|
||||
/**
|
||||
* Send UDP query, create pending answer.
|
||||
* Changes the ID for the query to be random and unique for that destination.
|
||||
* @param outnet: provides the event handling
|
||||
* @param sq: serviced query.
|
||||
* @param packet: wireformat query to send to destination.
|
||||
* @param addr: address to send to.
|
||||
* @param addrlen: length of addr.
|
||||
* @param timeout: in milliseconds from now.
|
||||
* @param callback: function to call on error, timeout or reply.
|
||||
* @param callback_arg: user argument for callback function.
|
||||
* @return: NULL on error for malloc or socket. Else the pending query object.
|
||||
*/
|
||||
struct pending* pending_udp_query(struct outside_network* outnet,
|
||||
struct sldns_buffer* packet, struct sockaddr_storage* addr,
|
||||
socklen_t addrlen, int timeout, comm_point_callback_t* callback,
|
||||
struct pending* pending_udp_query(struct serviced_query* sq,
|
||||
struct sldns_buffer* packet, int timeout, comm_point_callback_t* callback,
|
||||
void* callback_arg);
|
||||
|
||||
/**
|
||||
* Send TCP query. May wait for TCP buffer. Selects ID to be random, and
|
||||
* checks id.
|
||||
* @param outnet: provides the event handling.
|
||||
* @param sq: serviced query.
|
||||
* @param packet: wireformat query to send to destination. copied from.
|
||||
* @param addr: address to send to.
|
||||
* @param addrlen: length of addr.
|
||||
* @param timeout: in seconds from now.
|
||||
* Timer starts running now. Timer may expire if all buffers are used,
|
||||
* without any query been sent to the server yet.
|
||||
* @param callback: function to call on error, timeout or reply.
|
||||
* @param callback_arg: user argument for callback function.
|
||||
* @param ssl_upstream: if the tcp connection must use SSL.
|
||||
* @return: false on error for malloc or socket. Else the pending TCP object.
|
||||
*/
|
||||
struct waiting_tcp* pending_tcp_query(struct outside_network* outnet,
|
||||
struct sldns_buffer* packet, struct sockaddr_storage* addr,
|
||||
socklen_t addrlen, int timeout, comm_point_callback_t* callback,
|
||||
void* callback_arg, int ssl_upstream);
|
||||
struct waiting_tcp* pending_tcp_query(struct serviced_query* sq,
|
||||
struct sldns_buffer* packet, int timeout, comm_point_callback_t* callback,
|
||||
void* callback_arg);
|
||||
|
||||
/**
|
||||
* Delete pending answer.
|
||||
@ -464,6 +471,7 @@ void pending_delete(struct outside_network* outnet, struct pending* p);
|
||||
* If the value includes BIT_DO, DO bit is set when in EDNS queries.
|
||||
* @param want_dnssec: signatures are needed, without EDNS the answer is
|
||||
* likely to be useless.
|
||||
* @param nocaps: ignore use_caps_for_id and use unperturbed qname.
|
||||
* @param tcp_upstream: use TCP for upstream queries.
|
||||
* @param ssl_upstream: use SSL for upstream queries.
|
||||
* @param callback: callback function.
|
||||
@ -480,10 +488,11 @@ void pending_delete(struct outside_network* outnet, struct pending* p);
|
||||
*/
|
||||
struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
|
||||
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||
uint16_t flags, int dnssec, int want_dnssec, int tcp_upstream,
|
||||
int ssl_upstream, struct sockaddr_storage* addr, socklen_t addrlen,
|
||||
uint8_t* zone, size_t zonelen, comm_point_callback_t* callback,
|
||||
void* callback_arg, struct sldns_buffer* buff);
|
||||
uint16_t flags, int dnssec, int want_dnssec, int nocaps,
|
||||
int tcp_upstream, int ssl_upstream, struct sockaddr_storage* addr,
|
||||
socklen_t addrlen, uint8_t* zone, size_t zonelen,
|
||||
comm_point_callback_t* callback, void* callback_arg,
|
||||
struct sldns_buffer* buff);
|
||||
|
||||
/**
|
||||
* Remove service query callback.
|
||||
|
@ -667,15 +667,6 @@ count_unused(struct ip_list* p)
|
||||
return num;
|
||||
}
|
||||
|
||||
static int get_random(void)
|
||||
{
|
||||
int r;
|
||||
if (RAND_bytes((unsigned char*)&r, (int)sizeof(r)) == 1) {
|
||||
return r;
|
||||
}
|
||||
return (int)random();
|
||||
}
|
||||
|
||||
/** pick random unused element from IP list */
|
||||
static struct ip_list*
|
||||
pick_random_ip(struct ip_list* list)
|
||||
@ -685,7 +676,7 @@ pick_random_ip(struct ip_list* list)
|
||||
int sel;
|
||||
if(num == 0) return NULL;
|
||||
/* not perfect, but random enough */
|
||||
sel = get_random() % num;
|
||||
sel = (int)arc4random_uniform((uint32_t)num);
|
||||
/* skip over unused elements that we did not select */
|
||||
while(sel > 0 && p) {
|
||||
if(!p->used) sel--;
|
||||
|
@ -392,10 +392,17 @@ morechecks(struct config_file* cfg, const char* fname)
|
||||
|
||||
if(strcmp(cfg->module_conf, "iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "validator iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "dns64 validator iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "dns64 iterator") != 0
|
||||
#ifdef WITH_PYTHONMODULE
|
||||
&& strcmp(cfg->module_conf, "python iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "python validator iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "validator python iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "dns64 python iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "dns64 python validator iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "dns64 validator python iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "python dns64 iterator") != 0
|
||||
&& strcmp(cfg->module_conf, "python dns64 validator iterator") != 0
|
||||
#endif
|
||||
) {
|
||||
fatal_exit("module conf '%s' is not known to work",
|
||||
@ -459,6 +466,11 @@ checkconf(const char* cfgfile, const char* opt)
|
||||
config_delete(cfg);
|
||||
exit(1);
|
||||
}
|
||||
if(opt) {
|
||||
print_option(cfg, opt);
|
||||
config_delete(cfg);
|
||||
return;
|
||||
}
|
||||
morechecks(cfg, cfgfile);
|
||||
check_mod(cfg, iter_get_funcblock());
|
||||
check_mod(cfg, val_get_funcblock());
|
||||
@ -468,8 +480,7 @@ checkconf(const char* cfgfile, const char* opt)
|
||||
#endif
|
||||
check_fwd(cfg);
|
||||
check_hints(cfg);
|
||||
if(opt) print_option(cfg, opt);
|
||||
else printf("unbound-checkconf: no errors in %s\n", cfgfile);
|
||||
printf("unbound-checkconf: no errors in %s\n", cfgfile);
|
||||
config_delete(cfg);
|
||||
}
|
||||
|
||||
|
@ -95,6 +95,7 @@ usage()
|
||||
printf(" flush_zone <name> flush everything at or under name\n");
|
||||
printf(" from rr and dnssec caches\n");
|
||||
printf(" flush_bogus flush all bogus data\n");
|
||||
printf(" flush_negative flush all negative data\n");
|
||||
printf(" flush_stats flush statistics, make zero\n");
|
||||
printf(" flush_requestlist drop queries that are worked on\n");
|
||||
printf(" dump_requestlist show what is worked on\n");
|
||||
@ -148,6 +149,8 @@ setup_ctx(struct config_file* cfg)
|
||||
ssl_err("could not allocate SSL_CTX pointer");
|
||||
if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
|
||||
ssl_err("could not set SSL_OP_NO_SSLv2");
|
||||
if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3))
|
||||
ssl_err("could not set SSL_OP_NO_SSLv3");
|
||||
if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
|
||||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|
||||
|| !SSL_CTX_check_private_key(ctx))
|
||||
@ -200,15 +203,14 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||
#endif
|
||||
}
|
||||
if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) {
|
||||
log_addr(0, "address", &addr, addrlen);
|
||||
#ifndef USE_WINSOCK
|
||||
log_err("connect: %s", strerror(errno));
|
||||
log_err_addr("connect", strerror(errno), &addr, addrlen);
|
||||
if(errno == ECONNREFUSED && statuscmd) {
|
||||
printf("unbound is stopped\n");
|
||||
exit(3);
|
||||
}
|
||||
#else
|
||||
log_err("connect: %s", wsa_strerror(WSAGetLastError()));
|
||||
log_err_addr("connect", wsa_strerror(WSAGetLastError()), &addr, addrlen);
|
||||
if(WSAGetLastError() == WSAECONNREFUSED && statuscmd) {
|
||||
printf("unbound is stopped\n");
|
||||
exit(3);
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user