mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-07 00:50:50 +00:00
Vendor import of Unbound 1.13.0.
Security: CVE-2020-28935
This commit is contained in:
parent
4cb89f2eee
commit
c1dbcbf2d1
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor/unbound/dist/; revision=368464 svn path=/vendor/unbound/1.13.0/; revision=368465; tag=vendor/unbound/1.13.0
215
config.guess
vendored
215
config.guess
vendored
|
@ -2,7 +2,7 @@
|
|||
# Attempt to guess a canonical system name.
|
||||
# Copyright 1992-2020 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2020-09-19'
|
||||
timestamp='2020-11-19'
|
||||
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
|
@ -27,12 +27,12 @@ timestamp='2020-09-19'
|
|||
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
|
||||
#
|
||||
# You can get the latest version of this script from:
|
||||
# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
|
||||
# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
|
||||
#
|
||||
# Please send patches to <config-patches@gnu.org>.
|
||||
|
||||
|
||||
me=`echo "$0" | sed -e 's,.*/,,'`
|
||||
me=$(echo "$0" | sed -e 's,.*/,,')
|
||||
|
||||
usage="\
|
||||
Usage: $0 [OPTION]
|
||||
|
@ -103,7 +103,7 @@ set_cc_for_build() {
|
|||
test "$tmp" && return 0
|
||||
: "${TMPDIR=/tmp}"
|
||||
# shellcheck disable=SC2039
|
||||
{ tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
|
||||
{ tmp=$( (umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null) && test -n "$tmp" && test -d "$tmp" ; } ||
|
||||
{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } ||
|
||||
{ tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } ||
|
||||
{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; }
|
||||
|
@ -131,16 +131,14 @@ if test -f /.attbin/uname ; then
|
|||
PATH=$PATH:/.attbin ; export PATH
|
||||
fi
|
||||
|
||||
UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
|
||||
UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
|
||||
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
|
||||
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
|
||||
UNAME_MACHINE=$( (uname -m) 2>/dev/null) || UNAME_MACHINE=unknown
|
||||
UNAME_RELEASE=$( (uname -r) 2>/dev/null) || UNAME_RELEASE=unknown
|
||||
UNAME_SYSTEM=$( (uname -s) 2>/dev/null) || UNAME_SYSTEM=unknown
|
||||
UNAME_VERSION=$( (uname -v) 2>/dev/null) || UNAME_VERSION=unknown
|
||||
|
||||
case "$UNAME_SYSTEM" in
|
||||
Linux|GNU|GNU/*)
|
||||
# If the system lacks a compiler, then just pick glibc.
|
||||
# We could probably try harder.
|
||||
LIBC=gnu
|
||||
LIBC=unknown
|
||||
|
||||
set_cc_for_build
|
||||
cat <<-EOF > "$dummy.c"
|
||||
|
@ -149,16 +147,30 @@ Linux|GNU|GNU/*)
|
|||
LIBC=uclibc
|
||||
#elif defined(__dietlibc__)
|
||||
LIBC=dietlibc
|
||||
#elif defined(__GLIBC__)
|
||||
LIBC=gnu
|
||||
#else
|
||||
#include <stdarg.h>
|
||||
/* First heuristic to detect musl libc. */
|
||||
#ifdef __DEFINED_va_list
|
||||
LIBC=musl
|
||||
#else
|
||||
LIBC=gnu
|
||||
#endif
|
||||
#endif
|
||||
EOF
|
||||
eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`"
|
||||
eval "$($CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g')"
|
||||
|
||||
# Second heuristic to detect musl libc.
|
||||
if [ "$LIBC" = unknown ] &&
|
||||
command -v ldd >/dev/null &&
|
||||
ldd --version 2>&1 | grep -q ^musl; then
|
||||
LIBC=musl
|
||||
fi
|
||||
|
||||
# If the system lacks a compiler, then just pick glibc.
|
||||
# We could probably try harder.
|
||||
if [ "$LIBC" = unknown ]; then
|
||||
LIBC=gnu
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
|
@ -177,19 +189,20 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
|
|||
# Note: NetBSD doesn't particularly care about the vendor
|
||||
# portion of the name. We always set it to "unknown".
|
||||
sysctl="sysctl -n hw.machine_arch"
|
||||
UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
|
||||
UNAME_MACHINE_ARCH=$( (uname -p 2>/dev/null || \
|
||||
"/sbin/$sysctl" 2>/dev/null || \
|
||||
"/usr/sbin/$sysctl" 2>/dev/null || \
|
||||
echo unknown)`
|
||||
echo unknown))
|
||||
case "$UNAME_MACHINE_ARCH" in
|
||||
aarch64eb) machine=aarch64_be-unknown ;;
|
||||
armeb) machine=armeb-unknown ;;
|
||||
arm*) machine=arm-unknown ;;
|
||||
sh3el) machine=shl-unknown ;;
|
||||
sh3eb) machine=sh-unknown ;;
|
||||
sh5el) machine=sh5le-unknown ;;
|
||||
earmv*)
|
||||
arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
|
||||
endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'`
|
||||
arch=$(echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,')
|
||||
endian=$(echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p')
|
||||
machine="${arch}${endian}"-unknown
|
||||
;;
|
||||
*) machine="$UNAME_MACHINE_ARCH"-unknown ;;
|
||||
|
@ -220,7 +233,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
|
|||
case "$UNAME_MACHINE_ARCH" in
|
||||
earm*)
|
||||
expr='s/^earmv[0-9]/-eabi/;s/eb$//'
|
||||
abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"`
|
||||
abi=$(echo "$UNAME_MACHINE_ARCH" | sed -e "$expr")
|
||||
;;
|
||||
esac
|
||||
# The OS release
|
||||
|
@ -233,7 +246,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
|
|||
release='-gnu'
|
||||
;;
|
||||
*)
|
||||
release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2`
|
||||
release=$(echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2)
|
||||
;;
|
||||
esac
|
||||
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
|
||||
|
@ -242,15 +255,15 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
|
|||
echo "$machine-${os}${release}${abi-}"
|
||||
exit ;;
|
||||
*:Bitrig:*:*)
|
||||
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
|
||||
UNAME_MACHINE_ARCH=$(arch | sed 's/Bitrig.//')
|
||||
echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE"
|
||||
exit ;;
|
||||
*:OpenBSD:*:*)
|
||||
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
|
||||
UNAME_MACHINE_ARCH=$(arch | sed 's/OpenBSD.//')
|
||||
echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE"
|
||||
exit ;;
|
||||
*:LibertyBSD:*:*)
|
||||
UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
|
||||
UNAME_MACHINE_ARCH=$(arch | sed 's/^.*BSD\.//')
|
||||
echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE"
|
||||
exit ;;
|
||||
*:MidnightBSD:*:*)
|
||||
|
@ -286,17 +299,17 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
|
|||
alpha:OSF1:*:*)
|
||||
case $UNAME_RELEASE in
|
||||
*4.0)
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
|
||||
UNAME_RELEASE=$(/usr/sbin/sizer -v | awk '{print $3}')
|
||||
;;
|
||||
*5.*)
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
|
||||
UNAME_RELEASE=$(/usr/sbin/sizer -v | awk '{print $4}')
|
||||
;;
|
||||
esac
|
||||
# According to Compaq, /usr/sbin/psrinfo has been available on
|
||||
# OSF/1 and Tru64 systems produced since 1995. I hope that
|
||||
# covers most systems running today. This code pipes the CPU
|
||||
# types through head -n 1, so we only detect the type of CPU 0.
|
||||
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
|
||||
ALPHA_CPU_TYPE=$(/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1)
|
||||
case "$ALPHA_CPU_TYPE" in
|
||||
"EV4 (21064)")
|
||||
UNAME_MACHINE=alpha ;;
|
||||
|
@ -334,7 +347,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
|
|||
# A Tn.n version is a released field test version.
|
||||
# A Xn.n version is an unreleased experimental baselevel.
|
||||
# 1.2 uses "1.2" for uname -r.
|
||||
echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`"
|
||||
echo "$UNAME_MACHINE"-dec-osf"$(echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz)"
|
||||
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
|
||||
exitcode=$?
|
||||
trap '' 0
|
||||
|
@ -368,7 +381,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
|
|||
exit ;;
|
||||
Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
|
||||
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
|
||||
if test "`(/bin/universe) 2>/dev/null`" = att ; then
|
||||
if test "$( (/bin/universe) 2>/dev/null)" = att ; then
|
||||
echo pyramid-pyramid-sysv3
|
||||
else
|
||||
echo pyramid-pyramid-bsd
|
||||
|
@ -381,17 +394,17 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
|
|||
echo sparc-icl-nx6
|
||||
exit ;;
|
||||
DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
|
||||
case `/usr/bin/uname -p` in
|
||||
case $(/usr/bin/uname -p) in
|
||||
sparc) echo sparc-icl-nx7; exit ;;
|
||||
esac ;;
|
||||
s390x:SunOS:*:*)
|
||||
echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
|
||||
echo "$UNAME_MACHINE"-ibm-solaris2"$(echo "$UNAME_RELEASE" | sed -e 's/[^.]*//')"
|
||||
exit ;;
|
||||
sun4H:SunOS:5.*:*)
|
||||
echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
|
||||
echo sparc-hal-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
|
||||
exit ;;
|
||||
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
|
||||
echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
|
||||
echo sparc-sun-solaris2"$(echo "$UNAME_RELEASE" | sed -e 's/[^.]*//')"
|
||||
exit ;;
|
||||
i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
|
||||
echo i386-pc-auroraux"$UNAME_RELEASE"
|
||||
|
@ -410,30 +423,30 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
|
|||
SUN_ARCH=x86_64
|
||||
fi
|
||||
fi
|
||||
echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
|
||||
echo "$SUN_ARCH"-pc-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
|
||||
exit ;;
|
||||
sun4*:SunOS:6*:*)
|
||||
# According to config.sub, this is the proper way to canonicalize
|
||||
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
|
||||
# it's likely to be more like Solaris than SunOS4.
|
||||
echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
|
||||
echo sparc-sun-solaris3"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
|
||||
exit ;;
|
||||
sun4*:SunOS:*:*)
|
||||
case "`/usr/bin/arch -k`" in
|
||||
case "$(/usr/bin/arch -k)" in
|
||||
Series*|S4*)
|
||||
UNAME_RELEASE=`uname -v`
|
||||
UNAME_RELEASE=$(uname -v)
|
||||
;;
|
||||
esac
|
||||
# Japanese Language versions have a version number like `4.1.3-JL'.
|
||||
echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`"
|
||||
echo sparc-sun-sunos"$(echo "$UNAME_RELEASE"|sed -e 's/-/_/')"
|
||||
exit ;;
|
||||
sun3*:SunOS:*:*)
|
||||
echo m68k-sun-sunos"$UNAME_RELEASE"
|
||||
exit ;;
|
||||
sun*:*:4.2BSD:*)
|
||||
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
|
||||
UNAME_RELEASE=$( (sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null)
|
||||
test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3
|
||||
case "`/bin/arch`" in
|
||||
case "$(/bin/arch)" in
|
||||
sun3)
|
||||
echo m68k-sun-sunos"$UNAME_RELEASE"
|
||||
;;
|
||||
|
@ -513,8 +526,8 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
|
|||
}
|
||||
EOF
|
||||
$CC_FOR_BUILD -o "$dummy" "$dummy.c" &&
|
||||
dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` &&
|
||||
SYSTEM_NAME=`"$dummy" "$dummyarg"` &&
|
||||
dummyarg=$(echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p') &&
|
||||
SYSTEM_NAME=$("$dummy" "$dummyarg") &&
|
||||
{ echo "$SYSTEM_NAME"; exit; }
|
||||
echo mips-mips-riscos"$UNAME_RELEASE"
|
||||
exit ;;
|
||||
|
@ -541,7 +554,7 @@ EOF
|
|||
exit ;;
|
||||
AViiON:dgux:*:*)
|
||||
# DG/UX returns AViiON for all architectures
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
UNAME_PROCESSOR=$(/usr/bin/uname -p)
|
||||
if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110
|
||||
then
|
||||
if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \
|
||||
|
@ -569,17 +582,17 @@ EOF
|
|||
echo m68k-tektronix-bsd
|
||||
exit ;;
|
||||
*:IRIX*:*:*)
|
||||
echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`"
|
||||
echo mips-sgi-irix"$(echo "$UNAME_RELEASE"|sed -e 's/-/_/g')"
|
||||
exit ;;
|
||||
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
|
||||
echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
|
||||
exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
|
||||
exit ;; # Note that: echo "'$(uname -s)'" gives 'AIX '
|
||||
i*86:AIX:*:*)
|
||||
echo i386-ibm-aix
|
||||
exit ;;
|
||||
ia64:AIX:*:*)
|
||||
if test -x /usr/bin/oslevel ; then
|
||||
IBM_REV=`/usr/bin/oslevel`
|
||||
IBM_REV=$(/usr/bin/oslevel)
|
||||
else
|
||||
IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
|
||||
fi
|
||||
|
@ -599,7 +612,7 @@ EOF
|
|||
exit(0);
|
||||
}
|
||||
EOF
|
||||
if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"`
|
||||
if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=$("$dummy")
|
||||
then
|
||||
echo "$SYSTEM_NAME"
|
||||
else
|
||||
|
@ -612,15 +625,15 @@ EOF
|
|||
fi
|
||||
exit ;;
|
||||
*:AIX:*:[4567])
|
||||
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
|
||||
IBM_CPU_ID=$(/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }')
|
||||
if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then
|
||||
IBM_ARCH=rs6000
|
||||
else
|
||||
IBM_ARCH=powerpc
|
||||
fi
|
||||
if test -x /usr/bin/lslpp ; then
|
||||
IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
|
||||
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
|
||||
IBM_REV=$(/usr/bin/lslpp -Lqc bos.rte.libc |
|
||||
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/)
|
||||
else
|
||||
IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
|
||||
fi
|
||||
|
@ -648,14 +661,14 @@ EOF
|
|||
echo m68k-hp-bsd4.4
|
||||
exit ;;
|
||||
9000/[34678]??:HP-UX:*:*)
|
||||
HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
|
||||
HPUX_REV=$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//')
|
||||
case "$UNAME_MACHINE" in
|
||||
9000/31?) HP_ARCH=m68000 ;;
|
||||
9000/[34]??) HP_ARCH=m68k ;;
|
||||
9000/[678][0-9][0-9])
|
||||
if test -x /usr/bin/getconf; then
|
||||
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
|
||||
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
|
||||
sc_cpu_version=$(/usr/bin/getconf SC_CPU_VERSION 2>/dev/null)
|
||||
sc_kernel_bits=$(/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null)
|
||||
case "$sc_cpu_version" in
|
||||
523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
|
||||
528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
|
||||
|
@ -702,7 +715,7 @@ EOF
|
|||
exit (0);
|
||||
}
|
||||
EOF
|
||||
(CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"`
|
||||
(CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=$("$dummy")
|
||||
test -z "$HP_ARCH" && HP_ARCH=hppa
|
||||
fi ;;
|
||||
esac
|
||||
|
@ -730,7 +743,7 @@ EOF
|
|||
echo "$HP_ARCH"-hp-hpux"$HPUX_REV"
|
||||
exit ;;
|
||||
ia64:HP-UX:*:*)
|
||||
HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
|
||||
HPUX_REV=$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//')
|
||||
echo ia64-hp-hpux"$HPUX_REV"
|
||||
exit ;;
|
||||
3050*:HI-UX:*:*)
|
||||
|
@ -760,7 +773,7 @@ EOF
|
|||
exit (0);
|
||||
}
|
||||
EOF
|
||||
$CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` &&
|
||||
$CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=$("$dummy") &&
|
||||
{ echo "$SYSTEM_NAME"; exit; }
|
||||
echo unknown-hitachi-hiuxwe2
|
||||
exit ;;
|
||||
|
@ -829,14 +842,14 @@ EOF
|
|||
echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
|
||||
exit ;;
|
||||
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
|
||||
FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
|
||||
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'`
|
||||
FUJITSU_PROC=$(uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz)
|
||||
FUJITSU_SYS=$(uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///')
|
||||
FUJITSU_REL=$(echo "$UNAME_RELEASE" | sed -e 's/ /_/')
|
||||
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
5000:UNIX_System_V:4.*:*)
|
||||
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
|
||||
FUJITSU_SYS=$(uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///')
|
||||
FUJITSU_REL=$(echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/')
|
||||
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
|
||||
|
@ -849,25 +862,25 @@ EOF
|
|||
echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE"
|
||||
exit ;;
|
||||
arm:FreeBSD:*:*)
|
||||
UNAME_PROCESSOR=`uname -p`
|
||||
UNAME_PROCESSOR=$(uname -p)
|
||||
set_cc_for_build
|
||||
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
|
||||
| grep -q __ARM_PCS_VFP
|
||||
then
|
||||
echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabi
|
||||
echo "${UNAME_PROCESSOR}"-unknown-freebsd"$(echo ${UNAME_RELEASE}|sed -e 's/[-(].*//')"-gnueabi
|
||||
else
|
||||
echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabihf
|
||||
echo "${UNAME_PROCESSOR}"-unknown-freebsd"$(echo ${UNAME_RELEASE}|sed -e 's/[-(].*//')"-gnueabihf
|
||||
fi
|
||||
exit ;;
|
||||
*:FreeBSD:*:*)
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
UNAME_PROCESSOR=$(/usr/bin/uname -p)
|
||||
case "$UNAME_PROCESSOR" in
|
||||
amd64)
|
||||
UNAME_PROCESSOR=x86_64 ;;
|
||||
i386)
|
||||
UNAME_PROCESSOR=i586 ;;
|
||||
esac
|
||||
echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
|
||||
echo "$UNAME_PROCESSOR"-unknown-freebsd"$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')"
|
||||
exit ;;
|
||||
i*:CYGWIN*:*)
|
||||
echo "$UNAME_MACHINE"-pc-cygwin
|
||||
|
@ -903,15 +916,15 @@ EOF
|
|||
echo x86_64-pc-cygwin
|
||||
exit ;;
|
||||
prep*:SunOS:5.*:*)
|
||||
echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
|
||||
echo powerpcle-unknown-solaris2"$(echo "$UNAME_RELEASE"|sed -e 's/[^.]*//')"
|
||||
exit ;;
|
||||
*:GNU:*:*)
|
||||
# the GNU system
|
||||
echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`"
|
||||
echo "$(echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,')-unknown-$LIBC$(echo "$UNAME_RELEASE"|sed -e 's,/.*$,,')"
|
||||
exit ;;
|
||||
*:GNU/*:*:*)
|
||||
# other systems with GNU libc and userland
|
||||
echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC"
|
||||
echo "$UNAME_MACHINE-unknown-$(echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]")$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')-$LIBC"
|
||||
exit ;;
|
||||
*:Minix:*:*)
|
||||
echo "$UNAME_MACHINE"-unknown-minix
|
||||
|
@ -924,7 +937,7 @@ EOF
|
|||
echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
|
||||
exit ;;
|
||||
alpha:Linux:*:*)
|
||||
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in
|
||||
case $(sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null) in
|
||||
EV5) UNAME_MACHINE=alphaev5 ;;
|
||||
EV56) UNAME_MACHINE=alphaev56 ;;
|
||||
PCA56) UNAME_MACHINE=alphapca56 ;;
|
||||
|
@ -1033,7 +1046,7 @@ EOF
|
|||
#endif
|
||||
#endif
|
||||
EOF
|
||||
eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`"
|
||||
eval "$($CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI')"
|
||||
test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; }
|
||||
;;
|
||||
mips64el:Linux:*:*)
|
||||
|
@ -1053,7 +1066,7 @@ EOF
|
|||
exit ;;
|
||||
parisc:Linux:*:* | hppa:Linux:*:*)
|
||||
# Look for CPU level
|
||||
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
|
||||
case $(grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2) in
|
||||
PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;;
|
||||
PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;;
|
||||
*) echo hppa-unknown-linux-"$LIBC" ;;
|
||||
|
@ -1143,7 +1156,7 @@ EOF
|
|||
echo "$UNAME_MACHINE"-pc-msdosdjgpp
|
||||
exit ;;
|
||||
i*86:*:4.*:*)
|
||||
UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'`
|
||||
UNAME_REL=$(echo "$UNAME_RELEASE" | sed 's/\/MP$//')
|
||||
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
|
||||
echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL"
|
||||
else
|
||||
|
@ -1152,7 +1165,7 @@ EOF
|
|||
exit ;;
|
||||
i*86:*:5:[678]*)
|
||||
# UnixWare 7.x, OpenUNIX and OpenServer 6.
|
||||
case `/bin/uname -X | grep "^Machine"` in
|
||||
case $(/bin/uname -X | grep "^Machine") in
|
||||
*486*) UNAME_MACHINE=i486 ;;
|
||||
*Pentium) UNAME_MACHINE=i586 ;;
|
||||
*Pent*|*Celeron) UNAME_MACHINE=i686 ;;
|
||||
|
@ -1161,10 +1174,10 @@ EOF
|
|||
exit ;;
|
||||
i*86:*:3.2:*)
|
||||
if test -f /usr/options/cb.name; then
|
||||
UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
|
||||
UNAME_REL=$(sed -n 's/.*Version //p' </usr/options/cb.name)
|
||||
echo "$UNAME_MACHINE"-pc-isc"$UNAME_REL"
|
||||
elif /bin/uname -X 2>/dev/null >/dev/null ; then
|
||||
UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
|
||||
UNAME_REL=$( (/bin/uname -X|grep Release|sed -e 's/.*= //'))
|
||||
(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
|
||||
(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
|
||||
&& UNAME_MACHINE=i586
|
||||
|
@ -1214,7 +1227,7 @@ EOF
|
|||
3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
|
||||
OS_REL=''
|
||||
test -r /etc/.relid \
|
||||
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
|
||||
&& OS_REL=.$(sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid)
|
||||
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
|
||||
&& { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
|
||||
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
|
||||
|
@ -1225,7 +1238,7 @@ EOF
|
|||
NCR*:*:4.2:* | MPRAS*:*:4.2:*)
|
||||
OS_REL='.3'
|
||||
test -r /etc/.relid \
|
||||
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
|
||||
&& OS_REL=.$(sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid)
|
||||
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
|
||||
&& { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
|
||||
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
|
||||
|
@ -1258,7 +1271,7 @@ EOF
|
|||
exit ;;
|
||||
*:SINIX-*:*:*)
|
||||
if uname -p 2>/dev/null >/dev/null ; then
|
||||
UNAME_MACHINE=`(uname -p) 2>/dev/null`
|
||||
UNAME_MACHINE=$( (uname -p) 2>/dev/null)
|
||||
echo "$UNAME_MACHINE"-sni-sysv4
|
||||
else
|
||||
echo ns32k-sni-sysv
|
||||
|
@ -1344,7 +1357,7 @@ EOF
|
|||
echo aarch64-apple-darwin"$UNAME_RELEASE"
|
||||
exit ;;
|
||||
*:Darwin:*:*)
|
||||
UNAME_PROCESSOR=`uname -p`
|
||||
UNAME_PROCESSOR=$(uname -p)
|
||||
case $UNAME_PROCESSOR in
|
||||
unknown) UNAME_PROCESSOR=powerpc ;;
|
||||
esac
|
||||
|
@ -1381,7 +1394,7 @@ EOF
|
|||
echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE"
|
||||
exit ;;
|
||||
*:procnto*:*:* | *:QNX:[0123456789]*:*)
|
||||
UNAME_PROCESSOR=`uname -p`
|
||||
UNAME_PROCESSOR=$(uname -p)
|
||||
if test "$UNAME_PROCESSOR" = x86; then
|
||||
UNAME_PROCESSOR=i386
|
||||
UNAME_MACHINE=pc
|
||||
|
@ -1449,10 +1462,10 @@ EOF
|
|||
echo mips-sei-seiux"$UNAME_RELEASE"
|
||||
exit ;;
|
||||
*:DragonFly:*:*)
|
||||
echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
|
||||
echo "$UNAME_MACHINE"-unknown-dragonfly"$(echo "$UNAME_RELEASE"|sed -e 's/[-(].*//')"
|
||||
exit ;;
|
||||
*:*VMS:*:*)
|
||||
UNAME_MACHINE=`(uname -p) 2>/dev/null`
|
||||
UNAME_MACHINE=$( (uname -p) 2>/dev/null)
|
||||
case "$UNAME_MACHINE" in
|
||||
A*) echo alpha-dec-vms ; exit ;;
|
||||
I*) echo ia64-dec-vms ; exit ;;
|
||||
|
@ -1462,7 +1475,7 @@ EOF
|
|||
echo i386-pc-xenix
|
||||
exit ;;
|
||||
i*86:skyos:*:*)
|
||||
echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`"
|
||||
echo "$UNAME_MACHINE"-pc-skyos"$(echo "$UNAME_RELEASE" | sed -e 's/ .*$//')"
|
||||
exit ;;
|
||||
i*86:rdos:*:*)
|
||||
echo "$UNAME_MACHINE"-pc-rdos
|
||||
|
@ -1520,7 +1533,7 @@ main ()
|
|||
#define __ARCHITECTURE__ "m68k"
|
||||
#endif
|
||||
int version;
|
||||
version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
|
||||
version=$( (hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null);
|
||||
if (version < 4)
|
||||
printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
|
||||
else
|
||||
|
@ -1612,7 +1625,7 @@ main ()
|
|||
}
|
||||
EOF
|
||||
|
||||
$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`$dummy` &&
|
||||
$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=$($dummy) &&
|
||||
{ echo "$SYSTEM_NAME"; exit; }
|
||||
|
||||
# Apollos put the system type in the environment.
|
||||
|
@ -1637,14 +1650,14 @@ This script (version $timestamp), has failed to recognize the
|
|||
operating system you are using. If your script is old, overwrite *all*
|
||||
copies of config.guess and config.sub with the latest versions from:
|
||||
|
||||
https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
|
||||
https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
|
||||
and
|
||||
https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
|
||||
https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
|
||||
EOF
|
||||
|
||||
year=`echo $timestamp | sed 's,-.*,,'`
|
||||
year=$(echo $timestamp | sed 's,-.*,,')
|
||||
# shellcheck disable=SC2003
|
||||
if test "`expr "\`date +%Y\`" - "$year"`" -lt 3 ; then
|
||||
if test "$(expr "$(date +%Y)" - "$year")" -lt 3 ; then
|
||||
cat >&2 <<EOF
|
||||
|
||||
If $0 has already been updated, send the following data and any
|
||||
|
@ -1653,20 +1666,20 @@ provide the necessary information to handle your system.
|
|||
|
||||
config.guess timestamp = $timestamp
|
||||
|
||||
uname -m = `(uname -m) 2>/dev/null || echo unknown`
|
||||
uname -r = `(uname -r) 2>/dev/null || echo unknown`
|
||||
uname -s = `(uname -s) 2>/dev/null || echo unknown`
|
||||
uname -v = `(uname -v) 2>/dev/null || echo unknown`
|
||||
uname -m = $( (uname -m) 2>/dev/null || echo unknown)
|
||||
uname -r = $( (uname -r) 2>/dev/null || echo unknown)
|
||||
uname -s = $( (uname -s) 2>/dev/null || echo unknown)
|
||||
uname -v = $( (uname -v) 2>/dev/null || echo unknown)
|
||||
|
||||
/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
|
||||
/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
|
||||
/usr/bin/uname -p = $( (/usr/bin/uname -p) 2>/dev/null)
|
||||
/bin/uname -X = $( (/bin/uname -X) 2>/dev/null)
|
||||
|
||||
hostinfo = `(hostinfo) 2>/dev/null`
|
||||
/bin/universe = `(/bin/universe) 2>/dev/null`
|
||||
/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
|
||||
/bin/arch = `(/bin/arch) 2>/dev/null`
|
||||
/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
|
||||
/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
|
||||
hostinfo = $( (hostinfo) 2>/dev/null)
|
||||
/bin/universe = $( (/bin/universe) 2>/dev/null)
|
||||
/usr/bin/arch -k = $( (/usr/bin/arch -k) 2>/dev/null)
|
||||
/bin/arch = $( (/bin/arch) 2>/dev/null)
|
||||
/usr/bin/oslevel = $( (/usr/bin/oslevel) 2>/dev/null)
|
||||
/usr/convex/getsysinfo = $( (/usr/convex/getsysinfo) 2>/dev/null)
|
||||
|
||||
UNAME_MACHINE = "$UNAME_MACHINE"
|
||||
UNAME_RELEASE = "$UNAME_RELEASE"
|
||||
|
|
49
config.sub
vendored
49
config.sub
vendored
|
@ -2,7 +2,7 @@
|
|||
# Configuration validation subroutine script.
|
||||
# Copyright 1992-2020 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2020-09-08'
|
||||
timestamp='2020-12-02'
|
||||
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
|
@ -33,7 +33,7 @@ timestamp='2020-09-08'
|
|||
# Otherwise, we print the canonical config type on stdout and succeed.
|
||||
|
||||
# You can get the latest version of this script from:
|
||||
# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
|
||||
# https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
|
||||
|
||||
# This file is supposed to be the same for all GNU packages
|
||||
# and recognize all the CPU types, system types and aliases
|
||||
|
@ -50,7 +50,7 @@ timestamp='2020-09-08'
|
|||
# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
|
||||
# It is wrong to echo any other type of specification.
|
||||
|
||||
me=`echo "$0" | sed -e 's,.*/,,'`
|
||||
me=$(echo "$0" | sed -e 's,.*/,,')
|
||||
|
||||
usage="\
|
||||
Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
|
||||
|
@ -769,22 +769,22 @@ case $basic_machine in
|
|||
vendor=hp
|
||||
;;
|
||||
i*86v32)
|
||||
cpu=`echo "$1" | sed -e 's/86.*/86/'`
|
||||
cpu=$(echo "$1" | sed -e 's/86.*/86/')
|
||||
vendor=pc
|
||||
basic_os=sysv32
|
||||
;;
|
||||
i*86v4*)
|
||||
cpu=`echo "$1" | sed -e 's/86.*/86/'`
|
||||
cpu=$(echo "$1" | sed -e 's/86.*/86/')
|
||||
vendor=pc
|
||||
basic_os=sysv4
|
||||
;;
|
||||
i*86v)
|
||||
cpu=`echo "$1" | sed -e 's/86.*/86/'`
|
||||
cpu=$(echo "$1" | sed -e 's/86.*/86/')
|
||||
vendor=pc
|
||||
basic_os=sysv
|
||||
;;
|
||||
i*86sol2)
|
||||
cpu=`echo "$1" | sed -e 's/86.*/86/'`
|
||||
cpu=$(echo "$1" | sed -e 's/86.*/86/')
|
||||
vendor=pc
|
||||
basic_os=solaris2
|
||||
;;
|
||||
|
@ -917,7 +917,7 @@ case $basic_machine in
|
|||
;;
|
||||
leon-*|leon[3-9]-*)
|
||||
cpu=sparc
|
||||
vendor=`echo "$basic_machine" | sed 's/-.*//'`
|
||||
vendor=$(echo "$basic_machine" | sed 's/-.*//')
|
||||
;;
|
||||
|
||||
*-*)
|
||||
|
@ -1084,7 +1084,7 @@ case $cpu-$vendor in
|
|||
cpu=mipsisa64sb1el
|
||||
;;
|
||||
sh5e[lb]-*)
|
||||
cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'`
|
||||
cpu=$(echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/')
|
||||
;;
|
||||
spur-*)
|
||||
cpu=spur
|
||||
|
@ -1102,7 +1102,7 @@ case $cpu-$vendor in
|
|||
cpu=x86_64
|
||||
;;
|
||||
xscale-* | xscalee[bl]-*)
|
||||
cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
|
||||
cpu=$(echo "$cpu" | sed 's/^xscale/arm/')
|
||||
;;
|
||||
arm64-*)
|
||||
cpu=aarch64
|
||||
|
@ -1241,6 +1241,7 @@ case $cpu-$vendor in
|
|||
| sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \
|
||||
| spu \
|
||||
| tahoe \
|
||||
| thumbv7* \
|
||||
| tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \
|
||||
| tron \
|
||||
| ubicom32 \
|
||||
|
@ -1286,11 +1287,15 @@ then
|
|||
case $basic_os in
|
||||
gnu/linux*)
|
||||
kernel=linux
|
||||
os=`echo $basic_os | sed -e 's|gnu/linux|gnu|'`
|
||||
os=$(echo $basic_os | sed -e 's|gnu/linux|gnu|')
|
||||
;;
|
||||
os2-emx)
|
||||
kernel=os2
|
||||
os=$(echo $basic_os | sed -e 's|os2-emx|emx|')
|
||||
;;
|
||||
nto-qnx*)
|
||||
kernel=nto
|
||||
os=`echo $basic_os | sed -e 's|nto-qnx|qnx|'`
|
||||
os=$(echo $basic_os | sed -e 's|nto-qnx|qnx|')
|
||||
;;
|
||||
*-*)
|
||||
# shellcheck disable=SC2162
|
||||
|
@ -1301,11 +1306,11 @@ EOF
|
|||
# Default OS when just kernel was specified
|
||||
nto*)
|
||||
kernel=nto
|
||||
os=`echo $basic_os | sed -e 's|nto|qnx|'`
|
||||
os=$(echo $basic_os | sed -e 's|nto|qnx|')
|
||||
;;
|
||||
linux*)
|
||||
kernel=linux
|
||||
os=`echo $basic_os | sed -e 's|linux|gnu|'`
|
||||
os=$(echo $basic_os | sed -e 's|linux|gnu|')
|
||||
;;
|
||||
*)
|
||||
kernel=
|
||||
|
@ -1326,7 +1331,7 @@ case $os in
|
|||
os=cnk
|
||||
;;
|
||||
solaris1 | solaris1.*)
|
||||
os=`echo $os | sed -e 's|solaris1|sunos4|'`
|
||||
os=$(echo $os | sed -e 's|solaris1|sunos4|')
|
||||
;;
|
||||
solaris)
|
||||
os=solaris2
|
||||
|
@ -1355,7 +1360,7 @@ case $os in
|
|||
os=sco3.2v4
|
||||
;;
|
||||
sco3.2.[4-9]*)
|
||||
os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
|
||||
os=$(echo $os | sed -e 's/sco3.2./sco3.2v/')
|
||||
;;
|
||||
sco*v* | scout)
|
||||
# Don't match below
|
||||
|
@ -1385,7 +1390,7 @@ case $os in
|
|||
os=lynxos
|
||||
;;
|
||||
mac[0-9]*)
|
||||
os=`echo "$os" | sed -e 's|mac|macos|'`
|
||||
os=$(echo "$os" | sed -e 's|mac|macos|')
|
||||
;;
|
||||
opened*)
|
||||
os=openedition
|
||||
|
@ -1394,10 +1399,10 @@ case $os in
|
|||
os=os400
|
||||
;;
|
||||
sunos5*)
|
||||
os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
|
||||
os=$(echo "$os" | sed -e 's|sunos5|solaris2|')
|
||||
;;
|
||||
sunos6*)
|
||||
os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
|
||||
os=$(echo "$os" | sed -e 's|sunos6|solaris3|')
|
||||
;;
|
||||
wince*)
|
||||
os=wince
|
||||
|
@ -1431,7 +1436,7 @@ case $os in
|
|||
;;
|
||||
# Preserve the version number of sinix5.
|
||||
sinix5.*)
|
||||
os=`echo $os | sed -e 's|sinix|sysv|'`
|
||||
os=$(echo $os | sed -e 's|sinix|sysv|')
|
||||
;;
|
||||
sinix*)
|
||||
os=sysv4
|
||||
|
@ -1716,7 +1721,7 @@ case $os in
|
|||
| skyos* | haiku* | rdos* | toppers* | drops* | es* \
|
||||
| onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
|
||||
| midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
|
||||
| nsk* | powerunix* | genode* | zvmoe* | qnx* )
|
||||
| nsk* | powerunix* | genode* | zvmoe* | qnx* | emx*)
|
||||
;;
|
||||
# This one is extra strict with allowed versions
|
||||
sco3.2v2 | sco3.2v[4-9]* | sco5v6*)
|
||||
|
@ -1747,6 +1752,8 @@ case $kernel-$os in
|
|||
;;
|
||||
nto-qnx*)
|
||||
;;
|
||||
os2-emx)
|
||||
;;
|
||||
*-eabi* | *-gnueabi*)
|
||||
;;
|
||||
-*)
|
||||
|
|
55
configure
vendored
55
configure
vendored
|
@ -1,6 +1,6 @@
|
|||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for unbound 1.12.0.
|
||||
# Generated by GNU Autoconf 2.69 for unbound 1.13.0.
|
||||
#
|
||||
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
|
||||
#
|
||||
|
@ -591,8 +591,8 @@ MAKEFLAGS=
|
|||
# Identity of this package.
|
||||
PACKAGE_NAME='unbound'
|
||||
PACKAGE_TARNAME='unbound'
|
||||
PACKAGE_VERSION='1.12.0'
|
||||
PACKAGE_STRING='unbound 1.12.0'
|
||||
PACKAGE_VERSION='1.13.0'
|
||||
PACKAGE_STRING='unbound 1.13.0'
|
||||
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
|
||||
PACKAGE_URL=''
|
||||
|
||||
|
@ -1459,7 +1459,7 @@ if test "$ac_init_help" = "long"; then
|
|||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures unbound 1.12.0 to adapt to many kinds of systems.
|
||||
\`configure' configures unbound 1.13.0 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
|
@ -1524,7 +1524,7 @@ fi
|
|||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of unbound 1.12.0:";;
|
||||
short | recursive ) echo "Configuration of unbound 1.13.0:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
|
@ -1752,7 +1752,7 @@ fi
|
|||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
unbound configure 1.12.0
|
||||
unbound configure 1.13.0
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
|
@ -2461,7 +2461,7 @@ cat >config.log <<_ACEOF
|
|||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by unbound $as_me 1.12.0, which was
|
||||
It was created by unbound $as_me 1.13.0, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
|
@ -2811,13 +2811,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
|
|||
|
||||
UNBOUND_VERSION_MAJOR=1
|
||||
|
||||
UNBOUND_VERSION_MINOR=12
|
||||
UNBOUND_VERSION_MINOR=13
|
||||
|
||||
UNBOUND_VERSION_MICRO=0
|
||||
|
||||
|
||||
LIBUNBOUND_CURRENT=9
|
||||
LIBUNBOUND_REVISION=10
|
||||
LIBUNBOUND_REVISION=11
|
||||
LIBUNBOUND_AGE=1
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
|
@ -2895,6 +2895,7 @@ LIBUNBOUND_AGE=1
|
|||
# 1.10.1 had 9:8:1
|
||||
# 1.11.0 had 9:9:1
|
||||
# 1.12.0 had 9:10:1
|
||||
# 1.13.0 had 9:11:1
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
|
@ -14728,7 +14729,7 @@ $as_echo "no" >&6; }
|
|||
fi
|
||||
|
||||
# Checks for header files.
|
||||
for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h net/if.h
|
||||
for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h
|
||||
do :
|
||||
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
|
||||
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
|
||||
|
@ -14742,6 +14743,34 @@ fi
|
|||
|
||||
done
|
||||
|
||||
# net/if.h portability for Darwin see:
|
||||
# https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Header-Portability.html
|
||||
for ac_header in net/if.h
|
||||
do :
|
||||
ac_fn_c_check_header_compile "$LINENO" "net/if.h" "ac_cv_header_net_if_h" "
|
||||
#include <stdio.h>
|
||||
#ifdef STDC_HEADERS
|
||||
# include <stdlib.h>
|
||||
# include <stddef.h>
|
||||
#else
|
||||
# ifdef HAVE_STDLIB_H
|
||||
# include <stdlib.h>
|
||||
# endif
|
||||
#endif
|
||||
#ifdef HAVE_SYS_SOCKET_H
|
||||
# include <sys/socket.h>
|
||||
#endif
|
||||
|
||||
"
|
||||
if test "x$ac_cv_header_net_if_h" = xyes; then :
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define HAVE_NET_IF_H 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
|
||||
# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH
|
||||
for ac_header in TargetConditionals.h
|
||||
|
@ -21686,7 +21715,7 @@ _ACEOF
|
|||
|
||||
|
||||
|
||||
version=1.12.0
|
||||
version=1.13.0
|
||||
|
||||
date=`date +'%b %e, %Y'`
|
||||
|
||||
|
@ -22205,7 +22234,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by unbound $as_me 1.12.0, which was
|
||||
This file was extended by unbound $as_me 1.13.0, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
|
@ -22271,7 +22300,7 @@ _ACEOF
|
|||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
unbound config.status 1.12.0
|
||||
unbound config.status 1.13.0
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
|
23
configure.ac
23
configure.ac
|
@ -10,7 +10,7 @@ sinclude(dnscrypt/dnscrypt.m4)
|
|||
|
||||
# must be numbers. ac_defun because of later processing
|
||||
m4_define([VERSION_MAJOR],[1])
|
||||
m4_define([VERSION_MINOR],[12])
|
||||
m4_define([VERSION_MINOR],[13])
|
||||
m4_define([VERSION_MICRO],[0])
|
||||
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound)
|
||||
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
||||
|
@ -18,7 +18,7 @@ AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
|||
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
||||
|
||||
LIBUNBOUND_CURRENT=9
|
||||
LIBUNBOUND_REVISION=10
|
||||
LIBUNBOUND_REVISION=11
|
||||
LIBUNBOUND_AGE=1
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
|
@ -96,6 +96,7 @@ LIBUNBOUND_AGE=1
|
|||
# 1.10.1 had 9:8:1
|
||||
# 1.11.0 had 9:9:1
|
||||
# 1.12.0 had 9:10:1
|
||||
# 1.13.0 had 9:11:1
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
|
@ -399,7 +400,23 @@ ACX_LIBTOOL_C_ONLY
|
|||
PKG_PROG_PKG_CONFIG
|
||||
|
||||
# Checks for header files.
|
||||
AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h net/if.h],,, [AC_INCLUDES_DEFAULT])
|
||||
AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h],,, [AC_INCLUDES_DEFAULT])
|
||||
# net/if.h portability for Darwin see:
|
||||
# https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Header-Portability.html
|
||||
AC_CHECK_HEADERS([net/if.h],,, [
|
||||
#include <stdio.h>
|
||||
#ifdef STDC_HEADERS
|
||||
# include <stdlib.h>
|
||||
# include <stddef.h>
|
||||
#else
|
||||
# ifdef HAVE_STDLIB_H
|
||||
# include <stdlib.h>
|
||||
# endif
|
||||
#endif
|
||||
#ifdef HAVE_SYS_SOCKET_H
|
||||
# include <sys/socket.h>
|
||||
#endif
|
||||
])
|
||||
|
||||
# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH
|
||||
AC_CHECK_HEADERS([TargetConditionals.h])
|
||||
|
|
|
@ -53,3 +53,5 @@ distribution but may be helpful.
|
|||
lookups for downstream clients.
|
||||
* drop2rpz: perl script that converts the Spamhaus DROP-List in RPZ-Format,
|
||||
contributed by Andreas Schulze.
|
||||
* metrics.awk: awk script that can convert unbound-control stats to
|
||||
Prometheus metrics format output.
|
||||
|
|
180
contrib/metrics.awk
Normal file
180
contrib/metrics.awk
Normal file
|
@ -0,0 +1,180 @@
|
|||
# read output of unbound-control stats
|
||||
# and output prometheus metrics style output.
|
||||
# use these options:
|
||||
# server: extended-statistics: yes
|
||||
# statistics-cumulative: no
|
||||
# statistics-interval: 0
|
||||
# remote-control: control-enable: yes
|
||||
# Can use it like unbound-control stats | awk -f "metrics.awk"
|
||||
|
||||
BEGIN {
|
||||
FS="=";
|
||||
}
|
||||
# everything like total.num.queries=value is put in val["total.num.queries"]
|
||||
/^.*\..*=/ {
|
||||
val[$1]=$2;
|
||||
}
|
||||
# print the output metrics
|
||||
END {
|
||||
print "# HELP unbound_hits_queries Unbound DNS traffic and cache hits"
|
||||
print "# TYPE unbound_hits_queries gauge"
|
||||
print "unbound_hits_queries{type=\"total.num.queries\"} " val["total.num.queries"];
|
||||
for (x=0; x<99; x++) {
|
||||
if(val["thread" $x ".num.queries"] != "") {
|
||||
print "unbound_hits_queries{type=\"thread" $x ".num.queries\"} " val["thread" $x ".num.queries"];
|
||||
}
|
||||
}
|
||||
print "unbound_hits_queries{type=\"total.num.cachehits\"} " val["total.num.cachehits"];
|
||||
print "unbound_hits_queries{type=\"total.num.prefetch\"} " val["total.num.prefetch"];
|
||||
print "unbound_hits_queries{type=\"num.query.tcp\"} " val["num.query.tcp"];
|
||||
print "unbound_hits_queries{type=\"num.query.tcpout\"} " val["num.query.tcpout"];
|
||||
print "unbound_hits_queries{type=\"num.query.tls\"} " val["num.query.tls"];
|
||||
print "unbound_hits_queries{type=\"num.query.tls.resume\"} " val["num.query.tls.resume"];
|
||||
print "unbound_hits_queries{type=\"num.query.ipv6\"} " val["num.query.ipv6"];
|
||||
print "unbound_hits_queries{type=\"unwanted.queries\"} " val["unwanted.queries"];
|
||||
print ""
|
||||
|
||||
print "# HELP unbound_queue_queries Unbound requestlist size"
|
||||
print "# TYPE unbound_queue_queries gauge"
|
||||
print "unbound_queue_queries{type=\"total.requestlist.avg\"} " val["total.requestlist.avg"];
|
||||
print "unbound_queue_queries{type=\"total.requestlist.max\"} " val["total.requestlist.max"];
|
||||
print "unbound_queue_queries{type=\"total.requestlist.overwritten\"} " val["total.requestlist.overwritten"];
|
||||
print "unbound_queue_queries{type=\"total.requestlist.exceeded\"} " val["total.requestlist.exceeded"];
|
||||
print ""
|
||||
|
||||
print "# HELP unbound_memory_bytes Unbound memory usage"
|
||||
print "# TYPE unbound_memory_bytes gauge"
|
||||
print "unbound_memory_bytes{type=\"mem.cache.rrset\"} " val["mem.cache.rrset"];
|
||||
print "unbound_memory_bytes{type=\"mem.cache.message\"} " val["mem.cache.message"];
|
||||
print "unbound_memory_bytes{type=\"mem.mod.iterator\"} " val["mem.mod.iterator"];
|
||||
if(val["mem.mod.validator"] != "") {
|
||||
print "unbound_memory_bytes{type=\"mem.mod.validator\"} " val["mem.mod.validator"];
|
||||
}
|
||||
if(val["mem.mod.respip"] != "") {
|
||||
print "unbound_memory_bytes{type=\"mem.mod.respip\"} " val["mem.mod.respip"];
|
||||
}
|
||||
if(val["mem.mod.subnet"] != "") {
|
||||
print "unbound_memory_bytes{type=\"mem.mod.subnet\"} " val["mem.mod.subnet"];
|
||||
}
|
||||
if(val["mem.mod.ipsecmod"] != "") {
|
||||
print "unbound_memory_bytes{type=\"mem.mod.ipsecmod\"} " val["mem.mod.ipsecmod"];
|
||||
}
|
||||
if(val["mem.mod.dynlibmod"] != "") {
|
||||
print "unbound_memory_bytes{type=\"mem.mod.dynlibmod\"} " val["mem.mod.dynlibmod"];
|
||||
}
|
||||
print "unbound_memory_bytes{type=\"msg.cache.count\"} " val["msg.cache.count"];
|
||||
print "unbound_memory_bytes{type=\"rrset.cache.count\"} " val["rrset.cache.count"];
|
||||
print "unbound_memory_bytes{type=\"infra.cache.count\"} " val["infra.cache.count"];
|
||||
print "unbound_memory_bytes{type=\"key.cache.count\"} " val["key.cache.count"];
|
||||
print ""
|
||||
|
||||
print "# HELP unbound_by_type_queries Unbound DNS queries by type"
|
||||
print "# TYPE unbound_by_type_queries gauge"
|
||||
for(x in val) {
|
||||
if(x ~ /^num.query.type./) {
|
||||
if(val[x] != "") {
|
||||
split(x, a, ".");
|
||||
print "unbound_by_type_queries{type=\"" a[4] "\"} " val[x];
|
||||
}
|
||||
}
|
||||
}
|
||||
print ""
|
||||
|
||||
print "# HELP unbound_by_class_queries Unbound DNS queries by class"
|
||||
print "# TYPE unbound_by_class_queries gauge"
|
||||
for(x in val) {
|
||||
if(x ~ /^num.query.class./) {
|
||||
if(val[x] != "") {
|
||||
split(x, a, ".");
|
||||
print "unbound_by_class_queries{class=\"" a[4] "\"} " val[x];
|
||||
}
|
||||
}
|
||||
}
|
||||
print ""
|
||||
|
||||
print "# HELP unbound_by_opcode_queries Unbound DNS queries by opcode"
|
||||
print "# TYPE unbound_by_opcode_queries gauge"
|
||||
for(x in val) {
|
||||
if(x ~ /^num.query.opcode./) {
|
||||
if(val[x] != "") {
|
||||
split(x, a, ".");
|
||||
print "unbound_by_opcode_queries{opcode=\"" a[4] "\"} " val[x];
|
||||
}
|
||||
}
|
||||
}
|
||||
print ""
|
||||
|
||||
print "# HELP unbound_by_rcode_queries Unbound DNS answers by rcode"
|
||||
print "# TYPE unbound_by_rcode_queries gauge"
|
||||
for(x in val) {
|
||||
if(x ~ /^num.answer.rcode./) {
|
||||
if(val[x] != "") {
|
||||
split(x, a, ".");
|
||||
print "unbound_by_rcode_queries{rcode=\"" a[4] "\"} " val[x];
|
||||
}
|
||||
}
|
||||
}
|
||||
print ""
|
||||
|
||||
print "# HELP unbound_by_flags_queries Unbound DNS queries by flags"
|
||||
print "# TYPE unbound_by_flags_queries gauge"
|
||||
for(x in val) {
|
||||
if(x ~ /^num.query.flags./) {
|
||||
if(val[x] != "") {
|
||||
split(x, a, ".");
|
||||
print "unbound_by_flags_queries{flag=\"" a[4] "\"} " val[x];
|
||||
}
|
||||
}
|
||||
}
|
||||
if(val["num.query.edns.present"] != "") {
|
||||
print "unbound_by_flags_queries{flag=\"num.query.edns.present\"} " val["num.query.edns.present"];
|
||||
}
|
||||
if(val["num.query.edns.DO"] != "") {
|
||||
print "unbound_by_flags_queries{flag=\"num.query.edns.DO\"} " val["num.query.edns.DO"];
|
||||
}
|
||||
print ""
|
||||
|
||||
print "# HELP unbound_histogram_seconds Unbound DNS histogram of reply time"
|
||||
print "# TYPE unbound_histogram_seconds gauge"
|
||||
print "unbound_histogram_seconds{bucket=\"000000.000000.to.000000.000001\"} " val["histogram.000000.000000.to.000000.000001"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.000001.to.000000.000002\"} " val["histogram.000000.000001.to.000000.000002"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.000002.to.000000.000004\"} " val["histogram.000000.000002.to.000000.000004"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.000004.to.000000.000008\"} " val["histogram.000000.000004.to.000000.000008"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.000008.to.000000.000016\"} " val["histogram.000000.000008.to.000000.000016"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.000016.to.000000.000032\"} " val["histogram.000000.000016.to.000000.000032"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.000032.to.000000.000064\"} " val["histogram.000000.000032.to.000000.000064"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.000064.to.000000.000128\"} " val["histogram.000000.000064.to.000000.000128"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.000128.to.000000.000256\"} " val["histogram.000000.000128.to.000000.000256"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.000256.to.000000.000512\"} " val["histogram.000000.000256.to.000000.000512"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.000512.to.000000.001024\"} " val["histogram.000000.000512.to.000000.001024"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.001024.to.000000.002048\"} " val["histogram.000000.001024.to.000000.002048"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.002048.to.000000.004096\"} " val["histogram.000000.002048.to.000000.004096"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.004096.to.000000.008192\"} " val["histogram.000000.004096.to.000000.008192"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.008192.to.000000.016384\"} " val["histogram.000000.008192.to.000000.016384"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.016384.to.000000.032768\"} " val["histogram.000000.016384.to.000000.032768"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.032768.to.000000.065536\"} " val["histogram.000000.032768.to.000000.065536"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.065536.to.000000.131072\"} " val["histogram.000000.065536.to.000000.131072"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.131072.to.000000.262144\"} " val["histogram.000000.131072.to.000000.262144"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.262144.to.000000.524288\"} " val["histogram.000000.262144.to.000000.524288"];
|
||||
print "unbound_histogram_seconds{bucket=\"000000.524288.to.000001.000000\"} " val["histogram.000000.524288.to.000001.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"000001.000000.to.000002.000000\"} " val["histogram.000001.000000.to.000002.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"000002.000000.to.000004.000000\"} " val["histogram.000002.000000.to.000004.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"000004.000000.to.000008.000000\"} " val["histogram.000004.000000.to.000008.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"000008.000000.to.000016.000000\"} " val["histogram.000008.000000.to.000016.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"000016.000000.to.000032.000000\"} " val["histogram.000016.000000.to.000032.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"000032.000000.to.000064.000000\"} " val["histogram.000032.000000.to.000064.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"000064.000000.to.000128.000000\"} " val["histogram.000064.000000.to.000128.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"000128.000000.to.000256.000000\"} " val["histogram.000128.000000.to.000256.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"000256.000000.to.000512.000000\"} " val["histogram.000256.000000.to.000512.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"000512.000000.to.001024.000000\"} " val["histogram.000512.000000.to.001024.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"001024.000000.to.002048.000000\"} " val["histogram.001024.000000.to.002048.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"002048.000000.to.004096.000000\"} " val["histogram.002048.000000.to.004096.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"004096.000000.to.008192.000000\"} " val["histogram.004096.000000.to.008192.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"008192.000000.to.016384.000000\"} " val["histogram.008192.000000.to.016384.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"016384.000000.to.032768.000000\"} " val["histogram.016384.000000.to.032768.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"032768.000000.to.065536.000000\"} " val["histogram.032768.000000.to.065536.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"065536.000000.to.131072.000000\"} " val["histogram.065536.000000.to.131072.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"131072.000000.to.262144.000000\"} " val["histogram.131072.000000.to.262144.000000"];
|
||||
print "unbound_histogram_seconds{bucket=\"262144.000000.to.524288.000000\"} " val["histogram.262144.000000.to.524288.000000"];
|
||||
print ""
|
||||
}
|
|
@ -66,7 +66,7 @@ ProtectSystem=strict
|
|||
RuntimeDirectory=unbound
|
||||
ConfigurationDirectory=unbound
|
||||
StateDirectory=unbound
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
|
||||
RestrictRealtime=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources
|
||||
|
|
|
@ -38,7 +38,7 @@ ProtectSystem=strict
|
|||
RuntimeDirectory=unbound
|
||||
ConfigurationDirectory=unbound
|
||||
StateDirectory=unbound
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
|
||||
RestrictRealtime=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources
|
||||
|
|
|
@ -291,7 +291,7 @@ daemon_init(void)
|
|||
free(daemon);
|
||||
return NULL;
|
||||
}
|
||||
if(!(daemon->env->edns_tags = edns_tags_create())) {
|
||||
if(!(daemon->env->edns_strings = edns_strings_create())) {
|
||||
auth_zones_delete(daemon->env->auth_zones);
|
||||
acl_list_delete(daemon->acl);
|
||||
tcl_list_delete(daemon->tcl);
|
||||
|
@ -638,9 +638,9 @@ daemon_fork(struct daemon* daemon)
|
|||
&daemon->use_rpz))
|
||||
fatal_exit("auth_zones could not be setup");
|
||||
|
||||
/* Set-up EDNS tags */
|
||||
if(!edns_tags_apply_cfg(daemon->env->edns_tags, daemon->cfg))
|
||||
fatal_exit("Could not set up EDNS tags");
|
||||
/* Set-up EDNS strings */
|
||||
if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg))
|
||||
fatal_exit("Could not set up EDNS strings");
|
||||
|
||||
/* setup modules */
|
||||
daemon_setup_modules(daemon);
|
||||
|
@ -773,7 +773,7 @@ daemon_delete(struct daemon* daemon)
|
|||
rrset_cache_delete(daemon->env->rrset_cache);
|
||||
infra_delete(daemon->env->infra_cache);
|
||||
edns_known_options_delete(daemon->env);
|
||||
edns_tags_delete(daemon->env->edns_tags);
|
||||
edns_strings_delete(daemon->env->edns_strings);
|
||||
auth_zones_delete(daemon->env->auth_zones);
|
||||
}
|
||||
ub_randfree(daemon->rand);
|
||||
|
|
|
@ -337,22 +337,44 @@ readpid (const char* file)
|
|||
/** write pid to file.
|
||||
* @param pidfile: file name of pid file.
|
||||
* @param pid: pid to write to file.
|
||||
* @return false on failure
|
||||
*/
|
||||
static void
|
||||
static int
|
||||
writepid (const char* pidfile, pid_t pid)
|
||||
{
|
||||
FILE* f;
|
||||
int fd;
|
||||
char pidbuf[32];
|
||||
size_t count = 0;
|
||||
snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)pid);
|
||||
|
||||
if ((f = fopen(pidfile, "w")) == NULL ) {
|
||||
if((fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC
|
||||
#ifdef O_NOFOLLOW
|
||||
| O_NOFOLLOW
|
||||
#endif
|
||||
, 0644)) == -1) {
|
||||
log_err("cannot open pidfile %s: %s",
|
||||
pidfile, strerror(errno));
|
||||
return;
|
||||
return 0;
|
||||
}
|
||||
if(fprintf(f, "%lu\n", (unsigned long)pid) < 0) {
|
||||
log_err("cannot write to pidfile %s: %s",
|
||||
pidfile, strerror(errno));
|
||||
while(count < strlen(pidbuf)) {
|
||||
ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count);
|
||||
if(r == -1) {
|
||||
if(errno == EAGAIN || errno == EINTR)
|
||||
continue;
|
||||
log_err("cannot write to pidfile %s: %s",
|
||||
pidfile, strerror(errno));
|
||||
close(fd);
|
||||
return 0;
|
||||
} else if(r == 0) {
|
||||
log_err("cannot write any bytes to pidfile %s: "
|
||||
"write returns 0 bytes written", pidfile);
|
||||
close(fd);
|
||||
return 0;
|
||||
}
|
||||
count += r;
|
||||
}
|
||||
fclose(f);
|
||||
close(fd);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -506,16 +528,17 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
|
|||
/* write new pidfile (while still root, so can be outside chroot) */
|
||||
#ifdef HAVE_KILL
|
||||
if(cfg->pidfile && cfg->pidfile[0] && need_pidfile) {
|
||||
writepid(daemon->pidfile, getpid());
|
||||
if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1 &&
|
||||
pidinchroot) {
|
||||
if(writepid(daemon->pidfile, getpid())) {
|
||||
if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1 &&
|
||||
pidinchroot) {
|
||||
# ifdef HAVE_CHOWN
|
||||
if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) {
|
||||
verbose(VERB_QUERY, "cannot chown %u.%u %s: %s",
|
||||
(unsigned)cfg_uid, (unsigned)cfg_gid,
|
||||
daemon->pidfile, strerror(errno));
|
||||
}
|
||||
if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) {
|
||||
verbose(VERB_QUERY, "cannot chown %u.%u %s: %s",
|
||||
(unsigned)cfg_uid, (unsigned)cfg_gid,
|
||||
daemon->pidfile, strerror(errno));
|
||||
}
|
||||
# endif /* HAVE_CHOWN */
|
||||
}
|
||||
}
|
||||
}
|
||||
#else
|
||||
|
|
|
@ -576,7 +576,7 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo,
|
|||
struct comm_reply* repinfo, struct ub_packed_rrset_key** alias_rrset,
|
||||
struct reply_info** encode_repp, struct auth_zones* az)
|
||||
{
|
||||
struct respip_action_info actinfo = {0};
|
||||
struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL};
|
||||
actinfo.action = respip_none;
|
||||
|
||||
if(qinfo->qtype != LDNS_RR_TYPE_A &&
|
||||
|
@ -1789,8 +1789,8 @@ worker_init(struct worker* worker, struct config_file *cfg,
|
|||
? cfg->tcp_keepalive_timeout
|
||||
: cfg->tcp_idle_timeout,
|
||||
cfg->harden_large_queries, cfg->http_max_streams,
|
||||
cfg->http_endpoint, worker->daemon->tcl,
|
||||
worker->daemon->listen_sslctx,
|
||||
cfg->http_endpoint, cfg->http_notls_downstream,
|
||||
worker->daemon->tcl, worker->daemon->listen_sslctx,
|
||||
dtenv, worker_handle_request, worker);
|
||||
if(!worker->front) {
|
||||
log_err("could not create listening sockets");
|
||||
|
@ -1807,7 +1807,7 @@ worker_init(struct worker* worker, struct config_file *cfg,
|
|||
&worker_alloc_cleanup, worker,
|
||||
cfg->do_udp || cfg->udp_upstream_without_downstream,
|
||||
worker->daemon->connect_sslctx, cfg->delay_close,
|
||||
cfg->tls_use_sni, dtenv);
|
||||
cfg->tls_use_sni, dtenv, cfg->udp_connect);
|
||||
if(!worker->back) {
|
||||
log_err("could not create outgoing sockets");
|
||||
worker_delete(worker);
|
||||
|
|
|
@ -134,15 +134,13 @@ dt_create(struct config_file* cfg)
|
|||
|
||||
if(cfg->dnstap && cfg->dnstap_socket_path && cfg->dnstap_socket_path[0] &&
|
||||
(cfg->dnstap_ip==NULL || cfg->dnstap_ip[0]==0)) {
|
||||
char* p = fname_after_chroot(cfg->dnstap_socket_path, cfg, 1);
|
||||
if(!p) {
|
||||
log_err("malloc failure");
|
||||
return NULL;
|
||||
}
|
||||
char* p = cfg->dnstap_socket_path;
|
||||
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(p,
|
||||
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
|
||||
p += strlen(cfg->chrootdir);
|
||||
verbose(VERB_OPS, "attempting to connect to dnstap socket %s",
|
||||
p);
|
||||
check_socket_file(p);
|
||||
free(p);
|
||||
}
|
||||
|
||||
env = (struct dt_env *) calloc(1, sizeof(struct dt_env));
|
||||
|
|
|
@ -341,15 +341,19 @@ int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, struct config_file *cfg)
|
|||
dtio->is_bidirectional = cfg->dnstap_bidirectional;
|
||||
|
||||
if(dtio->upstream_is_unix) {
|
||||
char* nm;
|
||||
if(!cfg->dnstap_socket_path ||
|
||||
cfg->dnstap_socket_path[0]==0) {
|
||||
log_err("dnstap setup: no dnstap-socket-path for "
|
||||
"socket connect");
|
||||
return 0;
|
||||
}
|
||||
nm = cfg->dnstap_socket_path;
|
||||
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
|
||||
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
|
||||
nm += strlen(cfg->chrootdir);
|
||||
free(dtio->socket_path);
|
||||
dtio->socket_path = fname_after_chroot(cfg->dnstap_socket_path,
|
||||
cfg, 1);
|
||||
dtio->socket_path = strdup(nm);
|
||||
if(!dtio->socket_path) {
|
||||
log_err("dnstap setup: malloc failure");
|
||||
return 0;
|
||||
|
|
163
doc/Changelog
163
doc/Changelog
|
@ -1,3 +1,166 @@
|
|||
30 November 2020: Wouter
|
||||
- Fix assertion failure on double callback when iterator loses
|
||||
interest in query at head of line that then has the tcp stream
|
||||
not kept for reuse.
|
||||
- tag for the 1.13.0rc4 release.
|
||||
|
||||
27 November 2020: Wouter
|
||||
- Fix compile warning for type cast in http2_submit_dns_response.
|
||||
- Fix when use free buffer to initialize rbtree for stream reuse.
|
||||
- Fix compile warnings for windows.
|
||||
- Fix compile warnings in rpz initialization.
|
||||
- Fix contrib/metrics.awk for FreeBSD awk compatibility.
|
||||
- tag for the 1.13.0rc3 release.
|
||||
|
||||
26 November 2020: Wouter
|
||||
- Fix to omit UDP receive errors from log, if verbosity low.
|
||||
These happen because of udp-connect.
|
||||
- For #352: contrib/metrics.awk for Prometheus style metrics output.
|
||||
- Fix that after failed read, the readagain cannot activate.
|
||||
- Clear readagain upon decommission of pending tcp structure.
|
||||
|
||||
25 November 2020: Wouter
|
||||
- with udp-connect ignore connection refused with UDP timeouts.
|
||||
- Fix udp-connect on FreeBSD, do send calls on connected UDP socket.
|
||||
- Better fix for reuse tree comparison for is-tls sockets. Where
|
||||
the tree key identity is preserved after cleanup of the TLS state.
|
||||
- Remove debug commands from reuse tests.
|
||||
- Fix memory leak for edns client tag opcode config element.
|
||||
- Attempt fix for libevent state in tcp reuse cases after a packet
|
||||
is written.
|
||||
- Fix readagain and writeagain callback functions for comm point
|
||||
cleanup.
|
||||
- tag for the 1.13.0rc2 release.
|
||||
|
||||
24 November 2020: Wouter
|
||||
- Merge PR #283 : Stream reuse. This implements upstream stream
|
||||
reuse for performing several queries over the same TCP or TLS
|
||||
channel.
|
||||
- set version of main branch to 1.13.0 for upcoming release.
|
||||
- iana portlist updated.
|
||||
- Fix one port unit test for udp-connect.
|
||||
- tag for the 1.13.0rc1 release.
|
||||
- Fix crash when TLS connection is closed prematurely, when
|
||||
reuse tree comparison is not properly identical to insertion.
|
||||
- Fix padding of struct regional for 32bit systems.
|
||||
|
||||
23 November 2020: George
|
||||
- Merge PR #313 from Ralph Dolmans: Replace edns-client-tag with
|
||||
edns-client-string option.
|
||||
|
||||
23 November 2020: Wouter
|
||||
- Merge #351 from dvzrv: Add AF_NETLINK to set of allowed socket
|
||||
address families.
|
||||
- Fix #350: with the AF_NETLINK permission, to fix 1.12.0 error:
|
||||
failed to list interfaces: getifaddrs: Address family not
|
||||
supported by protocol.
|
||||
- Fix #347: IP_DONTFRAG broken on Apple xcode 12.2.
|
||||
- Option to toggle udp-connect, default is enabled.
|
||||
- Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere
|
||||
with chown of pidfile.
|
||||
- Further fix for it and retvalue 0 fix for it.
|
||||
|
||||
12 November 2020: Wouter
|
||||
- Fix to connect() to UDP destinations, default turned on,
|
||||
this lowers vulnerability to ICMP side channels.
|
||||
- Retry for interfaces with unused ports if possible.
|
||||
|
||||
10 November 2020: Wouter
|
||||
- Fix #341: fixing a possible memory leak.
|
||||
- Fix memory leak after fix for possible memory leak failure.
|
||||
- Fix #343: Fail to build --with-libnghttp2 with error: 'SSIZE_MAX'
|
||||
undeclared.
|
||||
|
||||
27 October 2020: Wouter
|
||||
- In man page note that tls-cert-bundle is read before permission
|
||||
drop and chroot.
|
||||
|
||||
22 October 2020: Wouter
|
||||
- Fix #333: Unbound Segmentation Fault w/ log_info Functions From
|
||||
Python Mod.
|
||||
- Fix that minimal-responses does not remove addresses from a priming
|
||||
query response.
|
||||
|
||||
21 October 2020: George
|
||||
- Fix #327: net/if.h check fails on some darwin versions; contribution by
|
||||
Joshua Root.
|
||||
- Fix #320: potential memory corruption due to size miscomputation upton
|
||||
custom region alloc init.
|
||||
|
||||
21 October 2020: Wouter
|
||||
- Merge PR #228 : infra-keep-probing option to probe hosts that are
|
||||
down. Add infra-keep-probing: yes option. Hosts that are down are
|
||||
probed more frequently.
|
||||
With the option turned on, it probes about every 120 seconds,
|
||||
eventually after exponential backoff, and that keeps that way. If
|
||||
traffic keeps up for the domain. It probes with one at a time, eg.
|
||||
one query is allowed to probe, other queries within that 120 second
|
||||
interval are turned away.
|
||||
|
||||
19 October 2020: George
|
||||
- Merge PR #324 from James Renken: Add modern X.509v3 extensions to
|
||||
unbound-control TLS certificates.
|
||||
- Fix for PR #324 to attach the x509v3 extensions to the client
|
||||
certificate.
|
||||
|
||||
19 October 2020: Ralph
|
||||
- local-zone regional allocations outside of chunk
|
||||
|
||||
19 October 2020: Wouter
|
||||
- Fix that http settings have colon in set_option, for
|
||||
http-endpoint, http-max-streams, http-query-buffer-size,
|
||||
http-response-buffer-size, and http-nodelay.
|
||||
- Fix memory leak of https port string when reading config.
|
||||
- Fix #330: [Feature request] Add unencrypted DNS over HTTPS support.
|
||||
This adds the option http-notls-downstream: yesno to change that,
|
||||
and the dohclient test code has the -n option.
|
||||
- Fix python documentation warning on functions.rst inplace_cb_reply.
|
||||
- Fix dnstap test to wait for log timer to see if queries are logged.
|
||||
- Log ip address when http session recv fails, eg. due to tls fail.
|
||||
- Fix to set the tcp handler event toggle flag back to default when
|
||||
the handler structure is reused.
|
||||
- Clean the fix for out of order TCP processing limits on number
|
||||
of queries. It was tested to work.
|
||||
|
||||
16 October 2020: Wouter
|
||||
- Fix that the out of order TCP processing does not limit the
|
||||
number of outstanding queries over a connection.
|
||||
|
||||
15 October 2020: George
|
||||
- Fix that if there are reply callbacks for the given rcode, those
|
||||
are called per reply and a new message created if that was modified
|
||||
by the call.
|
||||
- Pass the comm_reply information to the inplace_cb_reply* functions
|
||||
during the mesh state and update the documentation on that.
|
||||
|
||||
15 October 2020: Wouter
|
||||
- Merge PR #326 from netblue30: DoH: implement content-length
|
||||
header field
|
||||
- DoH content length, simplify code, remove declaration after
|
||||
statement and fix cast warning.
|
||||
|
||||
14 October 2020: Wouter
|
||||
- Fix for python reply callback to see mesh state reply_list member,
|
||||
it only removes it briefly for the commpoint call so that it does
|
||||
not drop it and attempt to modify the reply list during reply.
|
||||
- Fix that if there are on reply callbacks, those are called per
|
||||
reply and a new message created if that was modified by the call.
|
||||
- Free up auth zone parse region after use for lookup of host
|
||||
|
||||
13 October 2020: Wouter
|
||||
- Fix #323: unbound testsuite fails on mock build in systemd-nspawn
|
||||
if systemd support is build.
|
||||
|
||||
9 October 2020: Wouter
|
||||
- Fix dnstap socket and the chroot not applied properly to the dnstap
|
||||
socket path.
|
||||
- Fix warning in libnss compile, nss_buf2dsa is not used without DSA.
|
||||
|
||||
8 October 2020: Wouter
|
||||
- Tag for 1.12.0 release.
|
||||
- Current repo is version 1.12.1 in development.
|
||||
- Fix #319: potential memory leak on config failure, in rpz config.
|
||||
|
||||
1 October 2020: Wouter
|
||||
- Current repo is version 1.12.0 for release. Tag for 1.12.0rc1.
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
README for Unbound 1.12.0
|
||||
README for Unbound 1.13.0
|
||||
Copyright 2007 NLnet Labs
|
||||
http://unbound.net
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#
|
||||
# Example configuration file.
|
||||
#
|
||||
# See unbound.conf(5) man page, version 1.12.0.
|
||||
# See unbound.conf(5) man page, version 1.13.0.
|
||||
#
|
||||
# this is a comment.
|
||||
|
||||
|
@ -161,6 +161,9 @@ server:
|
|||
# msec to wait before close of port on timeout UDP. 0 disables.
|
||||
# delay-close: 0
|
||||
|
||||
# perform connect for UDP sockets to mitigate ICMP side channel.
|
||||
# udp-connect: yes
|
||||
|
||||
# msec for waiting for an unknown server to reply. Increase if you
|
||||
# are behind a slow satellite link, to eg. 1128.
|
||||
# unknown-server-time-limit: 376
|
||||
|
@ -192,6 +195,9 @@ server:
|
|||
# minimum wait time for responses, increase if uplink is long. In msec.
|
||||
# infra-cache-min-rtt: 50
|
||||
|
||||
# enable to make server probe down hosts more frequently.
|
||||
# infra-keep-probing: no
|
||||
|
||||
# the number of slabs to use for the Infrastructure cache.
|
||||
# the number of slabs must be a power of 2.
|
||||
# more slabs reduce lock contention, but fragment memory usage.
|
||||
|
@ -788,6 +794,9 @@ server:
|
|||
# service.
|
||||
# http-nodelay: yes
|
||||
|
||||
# Disable TLS for DNS-over-HTTP downstream service.
|
||||
# http-notls-downstream: no
|
||||
|
||||
# DNS64 prefix. Must be specified when DNS64 is use.
|
||||
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
|
||||
# dns64-prefix: 64:ff9b::0/96
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "libunbound" "3" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
|
||||
.TH "libunbound" "3" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
|
||||
.\"
|
||||
.\" libunbound.3 -- unbound library functions manual
|
||||
.\"
|
||||
|
@ -44,7 +44,7 @@
|
|||
.B ub_ctx_zone_remove,
|
||||
.B ub_ctx_data_add,
|
||||
.B ub_ctx_data_remove
|
||||
\- Unbound DNS validating resolver 1.12.0 functions.
|
||||
\- Unbound DNS validating resolver 1.13.0 functions.
|
||||
.SH "SYNOPSIS"
|
||||
.B #include <unbound.h>
|
||||
.LP
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound-anchor" "8" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
|
||||
.TH "unbound-anchor" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
|
||||
.\"
|
||||
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
||||
.\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound-checkconf" "8" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
|
||||
.TH "unbound-checkconf" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
|
||||
.\"
|
||||
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
||||
.\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound-control" "8" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
|
||||
.TH "unbound-control" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
|
||||
.\"
|
||||
.\" unbound-control.8 -- unbound remote control manual
|
||||
.\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound\-host" "1" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
|
||||
.TH "unbound\-host" "1" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
|
||||
.\"
|
||||
.\" unbound-host.1 -- unbound DNS lookup utility
|
||||
.\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound" "8" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
|
||||
.TH "unbound" "8" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
|
||||
.\"
|
||||
.\" unbound.8 -- unbound manual
|
||||
.\"
|
||||
|
@ -9,7 +9,7 @@
|
|||
.\"
|
||||
.SH "NAME"
|
||||
.B unbound
|
||||
\- Unbound DNS validating resolver 1.12.0.
|
||||
\- Unbound DNS validating resolver 1.13.0.
|
||||
.SH "SYNOPSIS"
|
||||
.B unbound
|
||||
.RB [ \-h ]
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound.conf" "5" "Oct 8, 2020" "NLnet Labs" "unbound 1.12.0"
|
||||
.TH "unbound.conf" "5" "Dec 3, 2020" "NLnet Labs" "unbound 1.13.0"
|
||||
.\"
|
||||
.\" unbound.conf.5 -- unbound.conf manual
|
||||
.\"
|
||||
|
@ -274,6 +274,10 @@ eg. 1500 msec. When timeouts happen you need extra sockets, it checks
|
|||
the ID and remote IP of packets, and unwanted packets are added to the
|
||||
unwanted packet counter.
|
||||
.TP
|
||||
.B udp\-connect: \fI<yes or no>
|
||||
Perform connect for UDP sockets that mitigates ICMP side channel leakage.
|
||||
Default is yes.
|
||||
.TP
|
||||
.B unknown\-server\-time\-limit: \fI<msec>
|
||||
The wait time in msec for waiting for an unknown server to reply.
|
||||
Increase this if you are behind a slow satellite link, to eg. 1128.
|
||||
|
@ -382,6 +386,12 @@ Lower limit for dynamic retransmit timeout calculation in infrastructure
|
|||
cache. Default is 50 milliseconds. Increase this value if using forwarders
|
||||
needing more time to do recursive name resolution.
|
||||
.TP
|
||||
.B infra\-keep\-probing: \fI<yes or no>
|
||||
If enabled the server keeps probing hosts that are down, in the one probe
|
||||
at a time regime. Default is no. Hosts that are down, eg. they did
|
||||
not respond during the one probe at a time period, are marked as down and
|
||||
it may take \fBinfra\-host\-ttl\fR time to get probed again.
|
||||
.TP
|
||||
.B define\-tag: \fI<"list of tags">
|
||||
Define the tags that can be used with local\-zone and access\-control.
|
||||
Enclose the list between quotes ("") and put spaces between tags.
|
||||
|
@ -516,7 +526,8 @@ Alternate syntax for \fBtls\-port\fR.
|
|||
If null or "", no file is used. Set it to the certificate bundle file,
|
||||
for example "/etc/pki/tls/certs/ca\-bundle.crt". These certificates are used
|
||||
for authenticating connections made to outside peers. For example auth\-zone
|
||||
urls, and also DNS over TLS connections.
|
||||
urls, and also DNS over TLS connections. It is read at start up before
|
||||
permission drop and chroot.
|
||||
.TP
|
||||
.B ssl\-cert\-bundle: \fI<file>
|
||||
Alternate syntax for \fBtls\-cert\-bundle\fR.
|
||||
|
@ -587,6 +598,10 @@ megabytes or gigabytes (1024*1024 bytes in a megabyte).
|
|||
Set TCP_NODELAY socket option on sockets used to provide DNS-over-HTTPS service.
|
||||
Ignored if the option is not available. Default is yes.
|
||||
.TP
|
||||
.B http\-notls\-downstream: \fI<yes or no>
|
||||
Disable use of TLS for the downstream DNS-over-HTTP connections. Useful for
|
||||
local back end servers. Default is no.
|
||||
.TP
|
||||
.B use\-systemd: \fI<yes or no>
|
||||
Enable or disable systemd socket activation.
|
||||
Default is no.
|
||||
|
@ -1535,15 +1550,15 @@ Set the number of servers that should be used for fast server selection. Only
|
|||
use the fastest specified number of servers with the fast\-server\-permil
|
||||
option, that turns this on or off. The default is to use the fastest 3 servers.
|
||||
.TP 5
|
||||
.B edns\-client\-tag: \fI<IP netblock> <tag data>
|
||||
Include an edns-client-tag option in queries with destination address matching
|
||||
the configured IP netblock. This configuration option can be used multiple
|
||||
times. The most specific match will be used. The tag data is configured in
|
||||
decimal format, from 0 to 65535.
|
||||
.B edns\-client\-string: \fI<IP netblock> <string>
|
||||
Include an EDNS0 option containing configured ascii string in queries with
|
||||
destination address matching the configured IP netblock. This configuration
|
||||
option can be used multiple times. The most specific match will be used.
|
||||
.TP 5
|
||||
.B edns\-client\-tag\-opcode: \fI<opcode>
|
||||
EDNS0 option code for the edns-client-tag option, from 0 to 65535. Default is
|
||||
16, as assigned by IANA.
|
||||
.B edns\-client\-string\-opcode: \fI<opcode>
|
||||
EDNS0 option code for the \fIedns\-client\-string\fR option, from 0 to 65535.
|
||||
A value from the `Reserved for Local/Experimental` range (65001-65534) should
|
||||
be used. Default is 65001.
|
||||
.SS "Remote Control Options"
|
||||
In the
|
||||
.B remote\-control:
|
||||
|
|
|
@ -80,7 +80,7 @@ context_finalize(struct ub_ctx* ctx)
|
|||
return UB_INITFAIL;
|
||||
if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz))
|
||||
return UB_INITFAIL;
|
||||
if(!edns_tags_apply_cfg(ctx->env->edns_tags, cfg))
|
||||
if(!edns_strings_apply_cfg(ctx->env->edns_strings, cfg))
|
||||
return UB_INITFAIL;
|
||||
if(!slabhash_is_size(ctx->env->msg_cache, cfg->msg_cache_size,
|
||||
cfg->msg_cache_slabs)) {
|
||||
|
|
|
@ -154,8 +154,8 @@ static struct ub_ctx* ub_ctx_create_nopipe(void)
|
|||
errno = ENOMEM;
|
||||
return NULL;
|
||||
}
|
||||
ctx->env->edns_tags = edns_tags_create();
|
||||
if(!ctx->env->edns_tags) {
|
||||
ctx->env->edns_strings = edns_strings_create();
|
||||
if(!ctx->env->edns_strings) {
|
||||
auth_zones_delete(ctx->env->auth_zones);
|
||||
edns_known_options_delete(ctx->env);
|
||||
config_delete(ctx->env->cfg);
|
||||
|
@ -186,7 +186,7 @@ ub_ctx_create(void)
|
|||
config_delete(ctx->env->cfg);
|
||||
modstack_desetup(&ctx->mods, ctx->env);
|
||||
edns_known_options_delete(ctx->env);
|
||||
edns_tags_delete(ctx->env->edns_tags);
|
||||
edns_strings_delete(ctx->env->edns_strings);
|
||||
free(ctx->env);
|
||||
free(ctx);
|
||||
errno = e;
|
||||
|
@ -199,7 +199,7 @@ ub_ctx_create(void)
|
|||
config_delete(ctx->env->cfg);
|
||||
modstack_desetup(&ctx->mods, ctx->env);
|
||||
edns_known_options_delete(ctx->env);
|
||||
edns_tags_delete(ctx->env->edns_tags);
|
||||
edns_strings_delete(ctx->env->edns_strings);
|
||||
free(ctx->env);
|
||||
free(ctx);
|
||||
errno = e;
|
||||
|
@ -338,7 +338,7 @@ ub_ctx_delete(struct ub_ctx* ctx)
|
|||
infra_delete(ctx->env->infra_cache);
|
||||
config_delete(ctx->env->cfg);
|
||||
edns_known_options_delete(ctx->env);
|
||||
edns_tags_delete(ctx->env->edns_tags);
|
||||
edns_strings_delete(ctx->env->edns_strings);
|
||||
auth_zones_delete(ctx->env->auth_zones);
|
||||
free(ctx->env);
|
||||
}
|
||||
|
|
|
@ -238,7 +238,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb)
|
|||
ports, numports, cfg->unwanted_threshold,
|
||||
cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w,
|
||||
cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx,
|
||||
cfg->delay_close, cfg->tls_use_sni, NULL);
|
||||
cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect);
|
||||
w->env->outnet = w->back;
|
||||
if(!w->is_bg || w->is_bg_thread) {
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
|
|
|
@ -60,7 +60,6 @@ The callback function's prototype is the following:
|
|||
:param **kwargs: Dictionary that may contain parameters added in a future
|
||||
release. Current parameters:
|
||||
``repinfo``: Reply information for a communication point (comm_reply).
|
||||
It is None when the callback happens in the mesh states.
|
||||
|
||||
:return: True on success, False on failure.
|
||||
|
||||
|
@ -105,8 +104,6 @@ The callback function's prototype is the following:
|
|||
:param **kwargs: Dictionary that may contain parameters added in a future
|
||||
release. Current parameters:
|
||||
``repinfo``: Reply information for a communication point (comm_reply).
|
||||
It is None when the callback happens in the mesh
|
||||
states(modules).
|
||||
|
||||
:return: True on success, False on failure.
|
||||
|
||||
|
@ -154,8 +151,6 @@ The callback function's prototype is the following:
|
|||
:param **kwargs: Dictionary that may contain parameters added in a future
|
||||
release. Current parameters:
|
||||
``repinfo``: Reply information for a communication point (comm_reply).
|
||||
It is None when the callback happens in the mesh
|
||||
states(modules).
|
||||
|
||||
:return: True on success, False on failure.
|
||||
|
||||
|
@ -201,8 +196,6 @@ The callback function's prototype is the following:
|
|||
:param **kwargs: Dictionary that may contain parameters added in a future
|
||||
release. Current parameters:
|
||||
``repinfo``: Reply information for a communication point (comm_reply).
|
||||
It is None when the callback happens in the mesh
|
||||
states(modules).
|
||||
|
||||
:return: True on success, False on failure.
|
||||
|
||||
|
|
|
@ -89,7 +89,7 @@ EDNS options
|
|||
Inplace callbacks
|
||||
-----------------
|
||||
|
||||
.. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region)
|
||||
.. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region, \*\*kwargs)
|
||||
|
||||
Function prototype for callback functions used in
|
||||
`register_inplace_cb_reply`_, `register_inplace_cb_reply_cache`_,
|
||||
|
@ -102,6 +102,9 @@ Inplace callbacks
|
|||
:param edns: :class:`edns_data`
|
||||
:param opt_list_out: :class:`edns_option`. EDNS option list to append options to.
|
||||
:param region: :class:`regional`
|
||||
:param \*\*kwargs: Dictionary that may contain parameters added in a future
|
||||
release. Current parameters:
|
||||
``repinfo``: :class:`comm_reply`. Reply information for a communication point.
|
||||
|
||||
.. function:: inplace_cb_query(qinfo, flags, qstate, addr, zone, region)
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
# This query returns SERVFAIL as the txt record of bogus.nlnetlabs.nl is
|
||||
# intentionally bogus. The reply will contain an empty EDNS option
|
||||
# with option code 65003.
|
||||
# Unbound will also log the source address(es) of the client(s) that made
|
||||
# Unbound will also log the source address of the client that made
|
||||
# the request.
|
||||
# (unbound needs to be validating for this example to work)
|
||||
|
||||
|
@ -91,8 +91,6 @@ def inplace_reply_callback(qinfo, qstate, rep, rcode, edns, opt_list_out,
|
|||
:param **kwargs: Dictionary that may contain parameters added in a future
|
||||
release. Current parameters:
|
||||
``repinfo``: Reply information for a communication point (comm_reply).
|
||||
It is None when the callback happens in the mesh
|
||||
states(modules).
|
||||
|
||||
:return: True on success, False on failure.
|
||||
|
||||
|
@ -121,8 +119,6 @@ def inplace_cache_callback(qinfo, qstate, rep, rcode, edns, opt_list_out,
|
|||
:param **kwargs: Dictionary that may contain parameters added in a future
|
||||
release. Current parameters:
|
||||
``repinfo``: Reply information for a communication point (comm_reply).
|
||||
It is None when the callback happens in the mesh
|
||||
states(modules).
|
||||
|
||||
:return: True on success, False on failure.
|
||||
|
||||
|
@ -173,8 +169,6 @@ def inplace_local_callback(qinfo, qstate, rep, rcode, edns, opt_list_out,
|
|||
:param **kwargs: Dictionary that may contain parameters added in a future
|
||||
release. Current parameters:
|
||||
``repinfo``: Reply information for a communication point (comm_reply).
|
||||
It is None when the callback happens in the mesh
|
||||
states(modules).
|
||||
|
||||
:return: True on success, False on failure.
|
||||
|
||||
|
@ -205,13 +199,11 @@ def inplace_servfail_callback(qinfo, qstate, rep, rcode, edns, opt_list_out,
|
|||
:param **kwargs: Dictionary that may contain parameters added in a future
|
||||
release. Current parameters:
|
||||
``repinfo``: Reply information for a communication point (comm_reply).
|
||||
It is None when the callback happens in the mesh
|
||||
states(modules).
|
||||
|
||||
:return: True on success, False on failure.
|
||||
|
||||
For demonstration purposes we want to reply with an empty EDNS code '65003'
|
||||
and log the IP address(es) of the client(s).
|
||||
and log the IP address of the client.
|
||||
|
||||
"""
|
||||
log_info("python: called back while servfail.")
|
||||
|
@ -219,30 +211,14 @@ def inplace_servfail_callback(qinfo, qstate, rep, rcode, edns, opt_list_out,
|
|||
b = bytearray.fromhex("")
|
||||
edns_opt_list_append(opt_list_out, 65003, b, region)
|
||||
|
||||
# Log the client(s) IP address(es)
|
||||
# Log the client's IP address
|
||||
comm_reply = kwargs['repinfo']
|
||||
if comm_reply:
|
||||
# If it is not None this callback was called before the query reached
|
||||
# the mesh states(modules). There is only one client associated with
|
||||
# this query.
|
||||
addr = comm_reply.addr
|
||||
port = comm_reply.port
|
||||
addr_family = comm_reply.family
|
||||
log_info("python: Client IP: {}({}), port: {}"
|
||||
"".format(addr, addr_family, port))
|
||||
else:
|
||||
# If it is not None this callback was called while the query is in the
|
||||
# mesh states(modules). In this case they may be multiple clients
|
||||
# waiting for this query.
|
||||
# The following code is the same as with the resip.py example.
|
||||
rl = qstate.mesh_info.reply_list
|
||||
while (rl):
|
||||
if rl.query_reply:
|
||||
q = rl.query_reply
|
||||
log_info("python: Client IP: {}({}), port: {}"
|
||||
"".format(q.addr, q.family, q.port))
|
||||
rl = rl.next
|
||||
|
||||
|
||||
return True
|
||||
|
||||
|
|
|
@ -1413,6 +1413,19 @@ struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t n
|
|||
/******************************
|
||||
* Various debugging functions *
|
||||
******************************/
|
||||
|
||||
/* rename the variadic functions because python does the formatting already*/
|
||||
%rename (unbound_log_info) log_info;
|
||||
%rename (unbound_log_err) log_err;
|
||||
%rename (unbound_log_warn) log_warn;
|
||||
%rename (unbound_verbose) verbose;
|
||||
/* provide functions that take one string as argument, so python can cook
|
||||
the string */
|
||||
%rename (log_info) pymod_log_info;
|
||||
%rename (log_warn) pymod_log_warn;
|
||||
%rename (log_err) pymod_log_err;
|
||||
%rename (verbose) pymod_verbose;
|
||||
|
||||
void verbose(enum verbosity_value level, const char* format, ...);
|
||||
void log_info(const char* format, ...);
|
||||
void log_err(const char* format, ...);
|
||||
|
@ -1422,6 +1435,19 @@ void log_dns_msg(const char* str, struct query_info* qinfo, struct reply_info* r
|
|||
void log_query_info(enum verbosity_value v, const char* str, struct query_info* qinf);
|
||||
void regional_log_stats(struct regional *r);
|
||||
|
||||
/* the one argument string log functions */
|
||||
void pymod_log_info(const char* str);
|
||||
void pymod_log_err(const char* str);
|
||||
void pymod_log_warn(const char* str);
|
||||
void pymod_verbose(enum verbosity_value level, const char* str);
|
||||
%{
|
||||
void pymod_log_info(const char* str) { log_info("%s", str); }
|
||||
void pymod_log_err(const char* str) { log_err("%s", str); }
|
||||
void pymod_log_warn(const char* str) { log_warn("%s", str); }
|
||||
void pymod_verbose(enum verbosity_value level, const char* str) {
|
||||
verbose(level, "%s", str); }
|
||||
%}
|
||||
|
||||
/***************************************************************************
|
||||
* Free allocated memory from marked sources returning corresponding types *
|
||||
***************************************************************************/
|
||||
|
|
|
@ -914,7 +914,7 @@ respip_rewrite_reply(const struct query_info* qinfo,
|
|||
int ret = 1;
|
||||
struct ub_packed_rrset_key* redirect_rrset = NULL;
|
||||
struct rpz* r;
|
||||
struct auth_zone* a;
|
||||
struct auth_zone* a = NULL;
|
||||
struct ub_packed_rrset_key* data = NULL;
|
||||
int rpz_used = 0;
|
||||
int rpz_log = 0;
|
||||
|
@ -1109,7 +1109,7 @@ respip_operate(struct module_qstate* qstate, enum module_ev event, int id,
|
|||
qstate->return_msg && qstate->return_msg->rep) {
|
||||
struct reply_info* new_rep = qstate->return_msg->rep;
|
||||
struct ub_packed_rrset_key* alias_rrset = NULL;
|
||||
struct respip_action_info actinfo = {0};
|
||||
struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL};
|
||||
actinfo.action = respip_none;
|
||||
|
||||
if(!respip_rewrite_reply(&qstate->qinfo,
|
||||
|
@ -1170,7 +1170,7 @@ respip_merge_cname(struct reply_info* base_rep,
|
|||
struct ub_packed_rrset_key* alias_rrset = NULL; /* ditto */
|
||||
uint16_t tgt_rcode;
|
||||
size_t i, j;
|
||||
struct respip_action_info actinfo = {0};
|
||||
struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL};
|
||||
actinfo.action = respip_none;
|
||||
|
||||
/* If the query for the CNAME target would result in an unusual rcode,
|
||||
|
|
|
@ -5387,6 +5387,7 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
|
|||
verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has no answer", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
|
||||
}
|
||||
}
|
||||
regional_free_all(temp);
|
||||
} else {
|
||||
if(verbosity >= VERB_ALGO) {
|
||||
char zname[255+1];
|
||||
|
@ -6444,6 +6445,7 @@ void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
|
|||
verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has no address", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
|
||||
}
|
||||
}
|
||||
regional_free_all(temp);
|
||||
} else {
|
||||
if(verbosity >= VERB_ALGO) {
|
||||
char zname[255+1];
|
||||
|
|
28
services/cache/infra.c
vendored
28
services/cache/infra.c
vendored
|
@ -244,6 +244,7 @@ infra_create(struct config_file* cfg)
|
|||
return NULL;
|
||||
}
|
||||
infra->host_ttl = cfg->host_ttl;
|
||||
infra->infra_keep_probing = cfg->infra_keep_probing;
|
||||
infra_dp_ratelimit = cfg->ratelimit;
|
||||
infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
|
||||
INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
|
||||
|
@ -297,6 +298,7 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg)
|
|||
if(!infra)
|
||||
return infra_create(cfg);
|
||||
infra->host_ttl = cfg->host_ttl;
|
||||
infra->infra_keep_probing = cfg->infra_keep_probing;
|
||||
infra_dp_ratelimit = cfg->ratelimit;
|
||||
infra_ip_ratelimit = cfg->ip_ratelimit;
|
||||
maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+
|
||||
|
@ -445,6 +447,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
|
|||
if(e && ((struct infra_data*)e->data)->ttl < timenow) {
|
||||
/* it expired, try to reuse existing entry */
|
||||
int old = ((struct infra_data*)e->data)->rtt.rto;
|
||||
time_t tprobe = ((struct infra_data*)e->data)->probedelay;
|
||||
uint8_t tA = ((struct infra_data*)e->data)->timeout_A;
|
||||
uint8_t tAAAA = ((struct infra_data*)e->data)->timeout_AAAA;
|
||||
uint8_t tother = ((struct infra_data*)e->data)->timeout_other;
|
||||
|
@ -460,6 +463,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
|
|||
if(old >= USEFUL_SERVER_TOP_TIMEOUT) {
|
||||
((struct infra_data*)e->data)->rtt.rto
|
||||
= USEFUL_SERVER_TOP_TIMEOUT;
|
||||
((struct infra_data*)e->data)->probedelay = tprobe;
|
||||
((struct infra_data*)e->data)->timeout_A = tA;
|
||||
((struct infra_data*)e->data)->timeout_AAAA = tAAAA;
|
||||
((struct infra_data*)e->data)->timeout_other = tother;
|
||||
|
@ -482,7 +486,8 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
|
|||
*edns_vs = data->edns_version;
|
||||
*edns_lame_known = data->edns_lame_known;
|
||||
*to = rtt_timeout(&data->rtt);
|
||||
if(*to >= PROBE_MAXRTO && rtt_notimeout(&data->rtt)*4 <= *to) {
|
||||
if(*to >= PROBE_MAXRTO && (infra->infra_keep_probing ||
|
||||
rtt_notimeout(&data->rtt)*4 <= *to)) {
|
||||
/* delay other queries, this is the probe query */
|
||||
if(!wr) {
|
||||
lock_rw_unlock(&e->lock);
|
||||
|
@ -566,18 +571,27 @@ infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr,
|
|||
struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen,
|
||||
nm, nmlen, 1);
|
||||
struct infra_data* data;
|
||||
int needtoinsert = 0;
|
||||
int needtoinsert = 0, expired = 0;
|
||||
int rto = 1;
|
||||
time_t oldprobedelay = 0;
|
||||
if(!e) {
|
||||
if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow)))
|
||||
return 0;
|
||||
needtoinsert = 1;
|
||||
} else if(((struct infra_data*)e->data)->ttl < timenow) {
|
||||
oldprobedelay = ((struct infra_data*)e->data)->probedelay;
|
||||
data_entry_init(infra, e, timenow);
|
||||
expired = 1;
|
||||
}
|
||||
/* have an entry, update the rtt */
|
||||
data = (struct infra_data*)e->data;
|
||||
if(roundtrip == -1) {
|
||||
if(needtoinsert || expired) {
|
||||
/* timeout on entry that has expired before the timer
|
||||
* keep old timeout from the function caller */
|
||||
data->rtt.rto = orig_rtt;
|
||||
data->probedelay = oldprobedelay;
|
||||
}
|
||||
rtt_lost(&data->rtt, orig_rtt);
|
||||
if(qtype == LDNS_RR_TYPE_A) {
|
||||
if(data->timeout_A < TIMEOUT_COUNT_MAX)
|
||||
|
@ -681,7 +695,12 @@ infra_get_lame_rtt(struct infra_cache* infra,
|
|||
return 0;
|
||||
host = (struct infra_data*)e->data;
|
||||
*rtt = rtt_unclamped(&host->rtt);
|
||||
if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay
|
||||
if(host->rtt.rto >= PROBE_MAXRTO && timenow >= host->probedelay
|
||||
&& infra->infra_keep_probing) {
|
||||
/* single probe, keep probing */
|
||||
if(*rtt >= USEFUL_SERVER_TOP_TIMEOUT)
|
||||
*rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
|
||||
} else if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay
|
||||
&& rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) {
|
||||
/* single probe for this domain, and we are not probing */
|
||||
/* unless the query type allows a probe to happen */
|
||||
|
@ -704,7 +723,8 @@ infra_get_lame_rtt(struct infra_cache* infra,
|
|||
/* see if this can be a re-probe of an unresponsive server */
|
||||
/* minus 1000 because that is outside of the RTTBAND, so
|
||||
* blacklisted servers stay blacklisted if this is chosen */
|
||||
if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
|
||||
if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT ||
|
||||
infra->infra_keep_probing) {
|
||||
lock_rw_unlock(&e->lock);
|
||||
*rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
|
||||
*lame = 0;
|
||||
|
|
2
services/cache/infra.h
vendored
2
services/cache/infra.h
vendored
|
@ -114,6 +114,8 @@ struct infra_cache {
|
|||
struct slabhash* hosts;
|
||||
/** TTL value for host information, in seconds */
|
||||
int host_ttl;
|
||||
/** the hosts that are down are kept probed for recovery */
|
||||
int infra_keep_probing;
|
||||
/** hash table with query rates per name: rate_key, rate_data */
|
||||
struct slabhash* domain_rates;
|
||||
/** ratelimit settings for domains, struct domain_limit_data */
|
||||
|
|
|
@ -43,6 +43,7 @@
|
|||
# include <sys/types.h>
|
||||
#endif
|
||||
#include <sys/time.h>
|
||||
#include <limits.h>
|
||||
#ifdef USE_TCP_FASTOPEN
|
||||
#include <netinet/tcp.h>
|
||||
#endif
|
||||
|
@ -81,9 +82,6 @@
|
|||
/** number of queued TCP connections for listen() */
|
||||
#define TCP_BACKLOG 256
|
||||
|
||||
/** number of simultaneous requests a client can have */
|
||||
#define TCP_MAX_REQ_SIMULTANEOUS 32
|
||||
|
||||
#ifndef THREADS_DISABLED
|
||||
/** lock on the counter of stream buffer memory */
|
||||
static lock_basic_type stream_wait_count_lock;
|
||||
|
@ -533,7 +531,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
|||
return -1;
|
||||
}
|
||||
}
|
||||
# elif defined(IP_DONTFRAG)
|
||||
# elif defined(IP_DONTFRAG) && !defined(__APPLE__)
|
||||
/* the IP_DONTFRAG option if defined in the 11.0 OSX headers,
|
||||
* but does not work on that version, so we exclude it */
|
||||
int off = 0;
|
||||
if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG,
|
||||
&off, (socklen_t)sizeof(off)) < 0) {
|
||||
|
@ -1244,8 +1244,9 @@ struct listen_dnsport*
|
|||
listen_create(struct comm_base* base, struct listen_port* ports,
|
||||
size_t bufsize, int tcp_accept_count, int tcp_idle_timeout,
|
||||
int harden_large_queries, uint32_t http_max_streams,
|
||||
char* http_endpoint, struct tcl_list* tcp_conn_limit, void* sslctx,
|
||||
struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg)
|
||||
char* http_endpoint, int http_notls, struct tcl_list* tcp_conn_limit,
|
||||
void* sslctx, struct dt_env* dtenv, comm_point_callback_type* cb,
|
||||
void *cb_arg)
|
||||
{
|
||||
struct listen_dnsport* front = (struct listen_dnsport*)
|
||||
malloc(sizeof(struct listen_dnsport));
|
||||
|
@ -1295,15 +1296,19 @@ listen_create(struct comm_base* base, struct listen_port* ports,
|
|||
http_max_streams, http_endpoint,
|
||||
tcp_conn_limit, bufsize, front->udp_buff,
|
||||
ports->ftype, cb, cb_arg);
|
||||
cp->ssl = sslctx;
|
||||
if(http_notls && ports->ftype == listen_type_http)
|
||||
cp->ssl = NULL;
|
||||
else
|
||||
cp->ssl = sslctx;
|
||||
if(ports->ftype == listen_type_http) {
|
||||
if(!sslctx) {
|
||||
log_warn("HTTPS port configured, but no TLS "
|
||||
if(!sslctx && !http_notls) {
|
||||
log_warn("HTTPS port configured, but no TLS "
|
||||
"tls-service-key or tls-service-pem "
|
||||
"set");
|
||||
}
|
||||
#ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
|
||||
log_warn("Unbound is not compiled with an "
|
||||
if(!http_notls)
|
||||
log_warn("Unbound is not compiled with an "
|
||||
"OpenSSL version supporting ALPN "
|
||||
" (OpenSSL >= 1.0.2). This is required "
|
||||
"to use DNS-over-HTTPS");
|
||||
|
@ -1402,6 +1407,7 @@ static int
|
|||
resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addresses, int *ip_addresses_size)
|
||||
{
|
||||
struct ifaddrs *ifa;
|
||||
void *tmpbuf;
|
||||
int last_ip_addresses_size = *ip_addresses_size;
|
||||
|
||||
for(ifa = ifas; ifa != NULL; ifa = ifa->ifa_next) {
|
||||
|
@ -1466,10 +1472,12 @@ resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addres
|
|||
}
|
||||
verbose(4, "interface %s has address %s", search_ifa, addr_buf);
|
||||
|
||||
*ip_addresses = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1));
|
||||
if(!*ip_addresses) {
|
||||
tmpbuf = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1));
|
||||
if(!tmpbuf) {
|
||||
log_err("realloc failed: out of memory");
|
||||
return 0;
|
||||
} else {
|
||||
*ip_addresses = tmpbuf;
|
||||
}
|
||||
(*ip_addresses)[*ip_addresses_size] = strdup(addr_buf);
|
||||
if(!(*ip_addresses)[*ip_addresses_size]) {
|
||||
|
@ -1480,10 +1488,12 @@ resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addres
|
|||
}
|
||||
|
||||
if (*ip_addresses_size == last_ip_addresses_size) {
|
||||
*ip_addresses = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1));
|
||||
if(!*ip_addresses) {
|
||||
tmpbuf = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1));
|
||||
if(!tmpbuf) {
|
||||
log_err("realloc failed: out of memory");
|
||||
return 0;
|
||||
} else {
|
||||
*ip_addresses = tmpbuf;
|
||||
}
|
||||
(*ip_addresses)[*ip_addresses_size] = strdup(search_ifa);
|
||||
if(!(*ip_addresses)[*ip_addresses_size]) {
|
||||
|
@ -1804,8 +1814,7 @@ tcp_req_info_setup_listen(struct tcp_req_info* req)
|
|||
|
||||
if(!req->cp->tcp_is_reading)
|
||||
wr = 1;
|
||||
if(req->num_open_req + req->num_done_req < TCP_MAX_REQ_SIMULTANEOUS &&
|
||||
!req->read_is_closed)
|
||||
if(!req->read_is_closed)
|
||||
rd = 1;
|
||||
|
||||
if(wr) {
|
||||
|
@ -2177,9 +2186,10 @@ int http2_submit_dns_response(struct http2_session* h2_session)
|
|||
int ret;
|
||||
nghttp2_data_provider data_prd;
|
||||
char status[4];
|
||||
nghttp2_nv headers[2];
|
||||
nghttp2_nv headers[3];
|
||||
struct http2_stream* h2_stream = h2_session->c->h2_stream;
|
||||
size_t rlen;
|
||||
char rlen_str[32];
|
||||
|
||||
if(h2_stream->rbuffer) {
|
||||
log_err("http2 submit response error: rbuffer already "
|
||||
|
@ -2198,6 +2208,8 @@ int http2_submit_dns_response(struct http2_session* h2_session)
|
|||
}
|
||||
|
||||
rlen = sldns_buffer_remaining(h2_session->c->buffer);
|
||||
snprintf(rlen_str, sizeof(rlen_str), "%u", (unsigned)rlen);
|
||||
|
||||
lock_basic_lock(&http2_response_buffer_count_lock);
|
||||
if(http2_response_buffer_count + rlen > http2_response_buffer_max) {
|
||||
lock_basic_unlock(&http2_response_buffer_count_lock);
|
||||
|
@ -2228,13 +2240,11 @@ int http2_submit_dns_response(struct http2_session* h2_session)
|
|||
headers[1].valuelen = 23;
|
||||
headers[1].flags = NGHTTP2_NV_FLAG_NONE;
|
||||
|
||||
/*TODO be nice and add the content-length header
|
||||
headers[2].name = (uint8_t*)"content-length";
|
||||
headers[2].namelen = 14;
|
||||
headers[2].value =
|
||||
headers[2].valuelen =
|
||||
headers[2].value = (uint8_t*)rlen_str;
|
||||
headers[2].valuelen = strlen(rlen_str);
|
||||
headers[2].flags = NGHTTP2_NV_FLAG_NONE;
|
||||
*/
|
||||
|
||||
sldns_buffer_write(h2_stream->rbuffer,
|
||||
sldns_buffer_current(h2_session->c->buffer),
|
||||
|
@ -2244,7 +2254,7 @@ int http2_submit_dns_response(struct http2_session* h2_session)
|
|||
data_prd.source.ptr = h2_session;
|
||||
data_prd.read_callback = http2_submit_response_read_callback;
|
||||
ret = nghttp2_submit_response(h2_session->session, h2_stream->stream_id,
|
||||
headers, 2, &data_prd);
|
||||
headers, 3, &data_prd);
|
||||
if(ret) {
|
||||
verbose(VERB_QUERY, "http2: set_stream_user_data failed, "
|
||||
"error: %s", nghttp2_strerror(ret));
|
||||
|
|
|
@ -159,6 +159,7 @@ int resolve_interface_names(struct config_file* cfg, char*** resif,
|
|||
* @param harden_large_queries: whether query size should be limited.
|
||||
* @param http_max_streams: maximum number of HTTP/2 streams per connection.
|
||||
* @param http_endpoint: HTTP endpoint to service queries on
|
||||
* @param http_notls: no TLS for http downstream
|
||||
* @param tcp_conn_limit: TCP connection limit info.
|
||||
* @param sslctx: nonNULL if ssl context.
|
||||
* @param dtenv: nonNULL if dnstap enabled.
|
||||
|
@ -171,8 +172,9 @@ struct listen_dnsport*
|
|||
listen_create(struct comm_base* base, struct listen_port* ports,
|
||||
size_t bufsize, int tcp_accept_count, int tcp_idle_timeout,
|
||||
int harden_large_queries, uint32_t http_max_streams,
|
||||
char* http_endpoint, struct tcl_list* tcp_conn_limit, void* sslctx,
|
||||
struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg);
|
||||
char* http_endpoint, int http_notls, struct tcl_list* tcp_conn_limit,
|
||||
void* sslctx, struct dt_env* dtenv, comm_point_callback_type* cb,
|
||||
void *cb_arg);
|
||||
|
||||
/**
|
||||
* delete the listening structure
|
||||
|
|
|
@ -157,7 +157,7 @@ local_zone_create(uint8_t* nm, size_t len, int labs,
|
|||
z->namelen = len;
|
||||
z->namelabs = labs;
|
||||
lock_rw_init(&z->lock);
|
||||
z->region = regional_create_custom(sizeof(struct regional));
|
||||
z->region = regional_create_nochunk(sizeof(struct regional));
|
||||
if(!z->region) {
|
||||
free(z);
|
||||
return NULL;
|
||||
|
|
|
@ -1196,6 +1196,12 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
|
|||
/* Copy the client's EDNS for later restore, to make sure the edns
|
||||
* compare is with the correct edns options. */
|
||||
struct edns_data edns_bak = r->edns;
|
||||
/* briefly set the replylist to null in case the
|
||||
* meshsendreply calls tcpreqinfo sendreply that
|
||||
* comm_point_drops because of size, and then the
|
||||
* null stops the mesh state remove and thus
|
||||
* reply_list modification and accounting */
|
||||
struct mesh_reply* rlist = m->reply_list;
|
||||
/* examine security status */
|
||||
if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) ||
|
||||
m->s.env->cfg->ignore_cd) && rep &&
|
||||
|
@ -1218,15 +1224,21 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
|
|||
r->h2_stream->mesh_state = NULL;
|
||||
}
|
||||
/* send the reply */
|
||||
/* We don't reuse the encoded answer if either the previous or current
|
||||
* response has a local alias. We could compare the alias records
|
||||
* and still reuse the previous answer if they are the same, but that
|
||||
* would be complicated and error prone for the relatively minor case.
|
||||
* So we err on the side of safety. */
|
||||
if(prev && prev_buffer && prev->qflags == r->qflags &&
|
||||
/* We don't reuse the encoded answer if:
|
||||
* - either the previous or current response has a local alias. We could
|
||||
* compare the alias records and still reuse the previous answer if they
|
||||
* are the same, but that would be complicated and error prone for the
|
||||
* relatively minor case. So we err on the side of safety.
|
||||
* - there are registered callback functions for the given rcode, as these
|
||||
* need to be called for each reply. */
|
||||
if(((rcode != LDNS_RCODE_SERVFAIL &&
|
||||
!m->s.env->inplace_cb_lists[inplace_cb_reply]) ||
|
||||
(rcode == LDNS_RCODE_SERVFAIL &&
|
||||
!m->s.env->inplace_cb_lists[inplace_cb_reply_servfail])) &&
|
||||
prev && prev_buffer && prev->qflags == r->qflags &&
|
||||
!prev->local_alias && !r->local_alias &&
|
||||
prev->edns.edns_present == r->edns.edns_present &&
|
||||
prev->edns.bits == r->edns.bits &&
|
||||
prev->edns.edns_present == r->edns.edns_present &&
|
||||
prev->edns.bits == r->edns.bits &&
|
||||
prev->edns.udp_size == r->edns.udp_size &&
|
||||
edns_opt_list_compare(prev->edns.opt_list, r->edns.opt_list)
|
||||
== 0) {
|
||||
|
@ -1236,22 +1248,26 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
|
|||
sldns_buffer_write_at(r_buffer, 0, &r->qid, sizeof(uint16_t));
|
||||
sldns_buffer_write_at(r_buffer, 12, r->qname,
|
||||
m->s.qinfo.qname_len);
|
||||
m->reply_list = NULL;
|
||||
comm_point_send_reply(&r->query_reply);
|
||||
m->reply_list = rlist;
|
||||
} else if(rcode) {
|
||||
m->s.qinfo.qname = r->qname;
|
||||
m->s.qinfo.local_alias = r->local_alias;
|
||||
if(rcode == LDNS_RCODE_SERVFAIL) {
|
||||
if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
|
||||
rep, rcode, &r->edns, NULL, m->s.region))
|
||||
rep, rcode, &r->edns, &r->query_reply, m->s.region))
|
||||
r->edns.opt_list = NULL;
|
||||
} else {
|
||||
if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode,
|
||||
&r->edns, NULL, m->s.region))
|
||||
&r->edns, &r->query_reply, m->s.region))
|
||||
r->edns.opt_list = NULL;
|
||||
}
|
||||
error_encode(r_buffer, rcode, &m->s.qinfo, r->qid,
|
||||
r->qflags, &r->edns);
|
||||
m->reply_list = NULL;
|
||||
comm_point_send_reply(&r->query_reply);
|
||||
m->reply_list = rlist;
|
||||
} else {
|
||||
size_t udp_size = r->edns.udp_size;
|
||||
r->edns.edns_version = EDNS_ADVERTISED_VERSION;
|
||||
|
@ -1261,7 +1277,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
|
|||
m->s.qinfo.qname = r->qname;
|
||||
m->s.qinfo.local_alias = r->local_alias;
|
||||
if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep,
|
||||
LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region) ||
|
||||
LDNS_RCODE_NOERROR, &r->edns, &r->query_reply, m->s.region) ||
|
||||
!apply_edns_options(&r->edns, &edns_bak,
|
||||
m->s.env->cfg, r->query_reply.c,
|
||||
m->s.region) ||
|
||||
|
@ -1271,13 +1287,15 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
|
|||
secure))
|
||||
{
|
||||
if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
|
||||
rep, LDNS_RCODE_SERVFAIL, &r->edns, NULL, m->s.region))
|
||||
rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region))
|
||||
r->edns.opt_list = NULL;
|
||||
error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
|
||||
&m->s.qinfo, r->qid, r->qflags, &r->edns);
|
||||
}
|
||||
r->edns = edns_bak;
|
||||
m->reply_list = NULL;
|
||||
comm_point_send_reply(&r->query_reply);
|
||||
m->reply_list = rlist;
|
||||
}
|
||||
/* account */
|
||||
log_assert(m->s.env->mesh->num_reply_addrs > 0);
|
||||
|
@ -1365,20 +1383,12 @@ void mesh_query_done(struct mesh_state* mstate)
|
|||
mstate->reply_list = reply_list;
|
||||
} else {
|
||||
struct sldns_buffer* r_buffer = r->query_reply.c->buffer;
|
||||
struct mesh_reply* rlist = mstate->reply_list;
|
||||
if(r->query_reply.c->tcp_req_info) {
|
||||
r_buffer = r->query_reply.c->tcp_req_info->spool_buffer;
|
||||
prev_buffer = NULL;
|
||||
}
|
||||
/* briefly set the replylist to null in case the
|
||||
* meshsendreply calls tcpreqinfo sendreply that
|
||||
* comm_point_drops because of size, and then the
|
||||
* null stops the mesh state remove and thus
|
||||
* reply_list modification and accounting */
|
||||
mstate->reply_list = NULL;
|
||||
mesh_send_reply(mstate, mstate->s.return_rcode, rep,
|
||||
r, r_buffer, prev, prev_buffer);
|
||||
mstate->reply_list = rlist;
|
||||
if(r->query_reply.c->tcp_req_info) {
|
||||
tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate);
|
||||
r_buffer = NULL;
|
||||
|
@ -1894,7 +1904,7 @@ mesh_serve_expired_callback(void* arg)
|
|||
{
|
||||
struct mesh_state* mstate = (struct mesh_state*) arg;
|
||||
struct module_qstate* qstate = &mstate->s;
|
||||
struct mesh_reply* r, *rlist;
|
||||
struct mesh_reply* r;
|
||||
struct mesh_area* mesh = qstate->env->mesh;
|
||||
struct dns_msg* msg;
|
||||
struct mesh_cb* c;
|
||||
|
@ -1999,15 +2009,8 @@ mesh_serve_expired_callback(void* arg)
|
|||
r_buffer = r->query_reply.c->buffer;
|
||||
if(r->query_reply.c->tcp_req_info)
|
||||
r_buffer = r->query_reply.c->tcp_req_info->spool_buffer;
|
||||
/* briefly set the replylist to null in case the meshsendreply
|
||||
* calls tcpreqinfo sendreply that comm_point_drops because
|
||||
* of size, and then the null stops the mesh state remove and
|
||||
* thus reply_list modification and accounting */
|
||||
rlist = mstate->reply_list;
|
||||
mstate->reply_list = NULL;
|
||||
mesh_send_reply(mstate, LDNS_RCODE_NOERROR, msg->rep,
|
||||
r, r_buffer, prev, prev_buffer);
|
||||
mstate->reply_list = rlist;
|
||||
if(r->query_reply.c->tcp_req_info)
|
||||
tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate);
|
||||
prev = r;
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -52,6 +52,7 @@ struct ub_randstate;
|
|||
struct pending_tcp;
|
||||
struct waiting_tcp;
|
||||
struct waiting_udp;
|
||||
struct reuse_tcp;
|
||||
struct infra_cache;
|
||||
struct port_comm;
|
||||
struct port_if;
|
||||
|
@ -106,6 +107,9 @@ struct outside_network {
|
|||
int delayclose;
|
||||
/** timeout for delayclose */
|
||||
struct timeval delay_tv;
|
||||
/** if we perform udp-connect, connect() for UDP socket to mitigate
|
||||
* ICMP side channel leakage */
|
||||
int udp_connect;
|
||||
|
||||
/** array of outgoing IP4 interfaces */
|
||||
struct port_if* ip4_ifs;
|
||||
|
@ -154,6 +158,21 @@ struct outside_network {
|
|||
size_t num_tcp;
|
||||
/** number of tcp communication points in use. */
|
||||
size_t num_tcp_outgoing;
|
||||
/**
|
||||
* tree of still-open and waiting tcp connections for reuse.
|
||||
* can be closed and reopened to get a new tcp connection.
|
||||
* or reused to the same destination again. with timeout to close.
|
||||
* Entries are of type struct reuse_tcp.
|
||||
* The entries are both active and empty connections.
|
||||
*/
|
||||
rbtree_type tcp_reuse;
|
||||
/** max number of tcp_reuse entries we want to keep open */
|
||||
size_t tcp_reuse_max;
|
||||
/** first and last(oldest) in lru list of reuse connections.
|
||||
* the oldest can be closed to get a new free pending_tcp if needed
|
||||
* The list contains empty connections, that wait for timeout or
|
||||
* a new query that can use the existing connection. */
|
||||
struct reuse_tcp* tcp_reuse_first, *tcp_reuse_last;
|
||||
/** list of tcp comm points that are free for use */
|
||||
struct pending_tcp* tcp_free;
|
||||
/** list of tcp queries waiting for a buffer */
|
||||
|
@ -211,6 +230,76 @@ struct port_comm {
|
|||
struct comm_point* cp;
|
||||
};
|
||||
|
||||
/**
|
||||
* Reuse TCP connection, still open can be used again.
|
||||
*/
|
||||
struct reuse_tcp {
|
||||
/** rbtree node with links in tcp_reuse tree. key is NULL when not
|
||||
* in tree. Both active and empty connections are in the tree.
|
||||
* key is a pointer to this structure, the members used to compare
|
||||
* are the sockaddr and and then is-ssl bool, and then ptr value is
|
||||
* used in case the same address exists several times in the tree
|
||||
* when there are multiple connections to the same destination to
|
||||
* make the rbtree items unique. */
|
||||
rbnode_type node;
|
||||
/** the key for the tcp_reuse tree. address of peer, ip4 or ip6,
|
||||
* and port number of peer */
|
||||
struct sockaddr_storage addr;
|
||||
/** length of addr */
|
||||
socklen_t addrlen;
|
||||
/** also key for tcp_reuse tree, if ssl is used */
|
||||
int is_ssl;
|
||||
/** lru chain, so that the oldest can be removed to get a new
|
||||
* connection when all are in (re)use. oldest is last in list.
|
||||
* The lru only contains empty connections waiting for reuse,
|
||||
* the ones with active queries are not on the list because they
|
||||
* do not need to be closed to make space for others. They already
|
||||
* service a query so the close for another query does not help
|
||||
* service a larger number of queries. */
|
||||
struct reuse_tcp* lru_next, *lru_prev;
|
||||
/** true if the reuse_tcp item is on the lru list with empty items */
|
||||
int item_on_lru_list;
|
||||
/** the connection to reuse, the fd is non-1 and is open.
|
||||
* the addr and port determine where the connection is going,
|
||||
* and is key to the rbtree. The SSL ptr determines if it is
|
||||
* a TLS connection or a plain TCP connection there. And TLS
|
||||
* or not is also part of the key to the rbtree.
|
||||
* There is a timeout and read event on the fd, to close it. */
|
||||
struct pending_tcp* pending;
|
||||
/**
|
||||
* The more read again value pointed to by the commpoint
|
||||
* tcp_more_read_again pointer, so that it exists after commpoint
|
||||
* delete
|
||||
*/
|
||||
int cp_more_read_again;
|
||||
/**
|
||||
* The more write again value pointed to by the commpoint
|
||||
* tcp_more_write_again pointer, so that it exists after commpoint
|
||||
* delete
|
||||
*/
|
||||
int cp_more_write_again;
|
||||
/** rbtree with other queries waiting on the connection, by ID number,
|
||||
* of type struct waiting_tcp. It is for looking up received
|
||||
* answers to the structure for callback. And also to see if ID
|
||||
* numbers are unused and can be used for a new query.
|
||||
* The write_wait elements are also in the tree, so that ID numbers
|
||||
* can be looked up also for them. They are bool write_wait_queued. */
|
||||
rbtree_type tree_by_id;
|
||||
/** list of queries waiting to be written on the channel,
|
||||
* if NULL no queries are waiting to be written and the pending->query
|
||||
* is the query currently serviced. The first is the next in line.
|
||||
* They are also in the tree_by_id. Once written, the are removed
|
||||
* from this list, but stay in the tree. */
|
||||
struct waiting_tcp* write_wait_first, *write_wait_last;
|
||||
/** the outside network it is part of */
|
||||
struct outside_network* outnet;
|
||||
};
|
||||
|
||||
/** max number of queries on a reuse connection */
|
||||
#define MAX_REUSE_TCP_QUERIES 200
|
||||
/** timeout for REUSE entries in milliseconds. */
|
||||
#define REUSE_TIMEOUT 60000
|
||||
|
||||
/**
|
||||
* A query that has an answer pending for it.
|
||||
*/
|
||||
|
@ -255,12 +344,15 @@ struct pending {
|
|||
struct pending_tcp {
|
||||
/** next in list of free tcp comm points, or NULL. */
|
||||
struct pending_tcp* next_free;
|
||||
/** the ID for the query; checked in reply */
|
||||
uint16_t id;
|
||||
/** tcp comm point it was sent on (and reply must come back on). */
|
||||
struct comm_point* c;
|
||||
/** the query being serviced, NULL if the pending_tcp is unused. */
|
||||
struct waiting_tcp* query;
|
||||
/** the pre-allocated reuse tcp structure. if ->pending is nonNULL
|
||||
* it is in use and the connection is waiting for reuse.
|
||||
* It is here for memory pre-allocation, and used to make this
|
||||
* pending_tcp wait for reuse. */
|
||||
struct reuse_tcp reuse;
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -269,12 +361,27 @@ struct pending_tcp {
|
|||
struct waiting_tcp {
|
||||
/**
|
||||
* next in waiting list.
|
||||
* if pkt==0, this points to the pending_tcp structure.
|
||||
* if on_tcp_waiting_list==0, this points to the pending_tcp structure.
|
||||
*/
|
||||
struct waiting_tcp* next_waiting;
|
||||
/** if true the item is on the tcp waiting list and next_waiting
|
||||
* is used for that. If false, the next_waiting points to the
|
||||
* pending_tcp */
|
||||
int on_tcp_waiting_list;
|
||||
/** next and prev in query waiting list for stream connection */
|
||||
struct waiting_tcp* write_wait_prev, *write_wait_next;
|
||||
/** true if the waiting_tcp structure is on the write_wait queue */
|
||||
int write_wait_queued;
|
||||
/** entry in reuse.tree_by_id, if key is NULL, not in tree, otherwise,
|
||||
* this struct is key and sorted by ID (from waiting_tcp.id). */
|
||||
rbnode_type id_node;
|
||||
/** the ID for the query; checked in reply */
|
||||
uint16_t id;
|
||||
/** timeout event; timer keeps running whether the query is
|
||||
* waiting for a buffer or the tcp reply is pending */
|
||||
struct comm_timer* timer;
|
||||
/** timeout in msec */
|
||||
int timeout;
|
||||
/** the outside network it is part of */
|
||||
struct outside_network* outnet;
|
||||
/** remote address. */
|
||||
|
@ -284,13 +391,14 @@ struct waiting_tcp {
|
|||
/**
|
||||
* The query itself, the query packet to send.
|
||||
* allocated after the waiting_tcp structure.
|
||||
* set to NULL when the query is serviced and it part of pending_tcp.
|
||||
* if this is NULL, the next_waiting points to the pending_tcp.
|
||||
*/
|
||||
uint8_t* pkt;
|
||||
/** length of query packet. */
|
||||
size_t pkt_len;
|
||||
/** callback for the timeout, error or reply to the message */
|
||||
/** callback for the timeout, error or reply to the message,
|
||||
* or NULL if no user is waiting. the entry uses an ID number.
|
||||
* a query that was written is no longer needed, but the ID number
|
||||
* and a reply will come back and can be ignored if NULL */
|
||||
comm_point_callback_type* cb;
|
||||
/** callback user argument */
|
||||
void* cb_arg;
|
||||
|
@ -298,6 +406,8 @@ struct waiting_tcp {
|
|||
int ssl_upstream;
|
||||
/** ref to the tls_auth_name from the serviced_query */
|
||||
char* tls_auth_name;
|
||||
/** the packet was involved in an error, to stop looping errors */
|
||||
int error_count;
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -421,6 +531,7 @@ struct serviced_query {
|
|||
* msec to wait on timeouted udp sockets.
|
||||
* @param tls_use_sni: if SNI is used for TLS connections.
|
||||
* @param dtenv: environment to send dnstap events with (if enabled).
|
||||
* @param udp_connect: if the udp_connect option is enabled.
|
||||
* @return: the new structure (with no pending answers) or NULL on error.
|
||||
*/
|
||||
struct outside_network* outside_network_create(struct comm_base* base,
|
||||
|
@ -429,7 +540,8 @@ struct outside_network* outside_network_create(struct comm_base* base,
|
|||
struct ub_randstate* rnd, int use_caps_for_id, int* availports,
|
||||
int numavailports, size_t unwanted_threshold, int tcp_mss,
|
||||
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
|
||||
void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv);
|
||||
void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv,
|
||||
int udp_connect);
|
||||
|
||||
/**
|
||||
* Delete outside_network structure.
|
||||
|
@ -546,6 +658,19 @@ size_t outnet_get_mem(struct outside_network* outnet);
|
|||
*/
|
||||
size_t serviced_get_mem(struct serviced_query* sq);
|
||||
|
||||
/** Pick random ID value for a tcp stream, avoids existing IDs. */
|
||||
uint16_t reuse_tcp_select_id(struct reuse_tcp* reuse,
|
||||
struct outside_network* outnet);
|
||||
|
||||
/** find element in tree by id */
|
||||
struct waiting_tcp* reuse_tcp_by_id_find(struct reuse_tcp* reuse, uint16_t id);
|
||||
|
||||
/** insert element in tree by id */
|
||||
void reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w);
|
||||
|
||||
/** delete readwait waiting_tcp elements, deletes the elements in the list */
|
||||
void reuse_del_readwait(rbtree_type* tree_by_id);
|
||||
|
||||
/** get TCP file descriptor for address, returns -1 on failure,
|
||||
* tcp_mss is 0 or maxseg size to set for TCP packets. */
|
||||
int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int dscp);
|
||||
|
@ -643,4 +768,10 @@ int pending_cmp(const void* key1, const void* key2);
|
|||
/** compare function of serviced query rbtree */
|
||||
int serviced_cmp(const void* key1, const void* key2);
|
||||
|
||||
/** compare function of reuse_tcp rbtree in outside_network struct */
|
||||
int reuse_cmp(const void* key1, const void* key2);
|
||||
|
||||
/** compare function of reuse_tcp tree_by_id rbtree */
|
||||
int reuse_id_cmp(const void* key1, const void* key2);
|
||||
|
||||
#endif /* OUTSIDE_NETWORK_H */
|
||||
|
|
|
@ -440,6 +440,8 @@ rpz_create(struct config_auth* p)
|
|||
respip_set_delete(r->respip_set);
|
||||
if(r->taglist)
|
||||
free(r->taglist);
|
||||
if(r->region)
|
||||
regional_destroy(r->region);
|
||||
free(r);
|
||||
}
|
||||
return NULL;
|
||||
|
|
|
@ -120,12 +120,19 @@ if [ ! -f "$SVR_BASE.key" ]; then
|
|||
fi
|
||||
|
||||
cat >server.cnf <<EOF
|
||||
[req]
|
||||
default_bits=$BITS
|
||||
default_md=$HASH
|
||||
prompt=no
|
||||
distinguished_name=req_distinguished_name
|
||||
x509_extensions=v3_ca
|
||||
[req_distinguished_name]
|
||||
commonName=$SERVERNAME
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
basicConstraints=critical,CA:TRUE,pathlen:0
|
||||
subjectAltName=DNS:$SERVERNAME
|
||||
EOF
|
||||
|
||||
[ -f server.cnf ] || fatal "cannot create openssl configuration"
|
||||
|
@ -156,8 +163,12 @@ default_bits=$BITS
|
|||
default_md=$HASH
|
||||
prompt=no
|
||||
distinguished_name=req_distinguished_name
|
||||
req_extensions=v3_req
|
||||
[req_distinguished_name]
|
||||
commonName=$CLIENTNAME
|
||||
[v3_req]
|
||||
basicConstraints=critical,CA:FALSE
|
||||
subjectAltName=DNS:$CLIENTNAME
|
||||
EOF
|
||||
|
||||
[ -f client.cnf ] || fatal "cannot create openssl configuration"
|
||||
|
@ -179,6 +190,8 @@ if [ ! -f "$CTL_BASE.pem" -o $RECREATE -eq 1 ]; then
|
|||
-CAkey "$SVR_BASE.key" \
|
||||
-CAcreateserial \
|
||||
-$HASH \
|
||||
-extfile client.cnf \
|
||||
-extensions v3_req \
|
||||
-out "$CTL_BASE.pem"
|
||||
|
||||
[ ! -f "CTL_BASE.pem" ] || fatal "cannot create signed client certificate"
|
||||
|
|
|
@ -29,6 +29,9 @@ else
|
|||
HAVE_MINGW=no
|
||||
fi
|
||||
|
||||
# stop tests from notifying systemd, if that is compiled in.
|
||||
export -n NOTIFY_SOCKET
|
||||
|
||||
cd testdata;
|
||||
sh ../testcode/mini_tdir.sh clean
|
||||
rm -f .perfstats.txt
|
||||
|
|
|
@ -90,6 +90,7 @@ static void usage(char* argv[])
|
|||
printf("-e HTTP endpoint, default: /dns-query\n");
|
||||
printf("-c Content-type in request, default: "
|
||||
"application/dns-message\n");
|
||||
printf("-n no-tls, TLS is disabled\n");
|
||||
printf("-h This help text\n");
|
||||
exit(1);
|
||||
}
|
||||
|
@ -185,7 +186,10 @@ submit_query(struct http2_session* h2_session, struct sldns_buffer* buf)
|
|||
headers[1].name = (uint8_t*)":path";
|
||||
headers[1].value = (uint8_t*)h2_stream->path;
|
||||
headers[2].name = (uint8_t*)":scheme";
|
||||
headers[2].value = (uint8_t*)"https";
|
||||
if(h2_session->ssl)
|
||||
headers[2].value = (uint8_t*)"https";
|
||||
else
|
||||
headers[2].value = (uint8_t*)"http";
|
||||
headers[3].name = (uint8_t*)":authority";
|
||||
headers[3].value = (uint8_t*)h2_session->authority;
|
||||
headers[4].name = (uint8_t*)"content-type";
|
||||
|
@ -246,6 +250,7 @@ static ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session),
|
|||
{
|
||||
struct http2_session* h2_session = (struct http2_session*)cb_arg;
|
||||
int r;
|
||||
ssize_t ret;
|
||||
struct timeval tv, *waittv;
|
||||
fd_set rfd;
|
||||
ERR_clear_error();
|
||||
|
@ -267,35 +272,58 @@ static ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session),
|
|||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
}
|
||||
|
||||
r = SSL_read(h2_session->ssl, buf, len);
|
||||
if(r <= 0) {
|
||||
int want = SSL_get_error(h2_session->ssl, r);
|
||||
if(want == SSL_ERROR_ZERO_RETURN) {
|
||||
if(h2_session->ssl) {
|
||||
r = SSL_read(h2_session->ssl, buf, len);
|
||||
if(r <= 0) {
|
||||
int want = SSL_get_error(h2_session->ssl, r);
|
||||
if(want == SSL_ERROR_ZERO_RETURN) {
|
||||
return NGHTTP2_ERR_EOF;
|
||||
}
|
||||
log_crypto_err("could not SSL_read");
|
||||
return NGHTTP2_ERR_EOF;
|
||||
}
|
||||
log_crypto_err("could not SSL_read");
|
||||
return r;
|
||||
}
|
||||
|
||||
ret = read(h2_session->fd, buf, len);
|
||||
if(ret == 0) {
|
||||
return NGHTTP2_ERR_EOF;
|
||||
} else if(ret < 0) {
|
||||
log_err("could not http2 read: %s", strerror(errno));
|
||||
return NGHTTP2_ERR_EOF;
|
||||
}
|
||||
return r;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static ssize_t http2_send_cb(nghttp2_session* ATTR_UNUSED(session),
|
||||
const uint8_t* buf, size_t len, int ATTR_UNUSED(flags), void* cb_arg)
|
||||
{
|
||||
struct http2_session* h2_session = (struct http2_session*)cb_arg;
|
||||
ssize_t ret;
|
||||
|
||||
int r;
|
||||
ERR_clear_error();
|
||||
r = SSL_write(h2_session->ssl, buf, len);
|
||||
if(r <= 0) {
|
||||
int want = SSL_get_error(h2_session->ssl, r);
|
||||
if(want == SSL_ERROR_ZERO_RETURN) {
|
||||
if(h2_session->ssl) {
|
||||
int r;
|
||||
ERR_clear_error();
|
||||
r = SSL_write(h2_session->ssl, buf, len);
|
||||
if(r <= 0) {
|
||||
int want = SSL_get_error(h2_session->ssl, r);
|
||||
if(want == SSL_ERROR_ZERO_RETURN) {
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
log_crypto_err("could not SSL_write");
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
log_crypto_err("could not SSL_write");
|
||||
return r;
|
||||
}
|
||||
|
||||
ret = write(h2_session->fd, buf, len);
|
||||
if(ret == 0) {
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
} else if(ret < 0) {
|
||||
log_err("could not http2 write: %s", strerror(errno));
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
return r;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int http2_stream_close_cb(nghttp2_session* ATTR_UNUSED(session),
|
||||
|
@ -459,7 +487,7 @@ http2_read(struct http2_session* h2_session)
|
|||
}
|
||||
|
||||
static void
|
||||
run(struct http2_session* h2_session, int port, int count, char** q)
|
||||
run(struct http2_session* h2_session, int port, int no_tls, int count, char** q)
|
||||
{
|
||||
int i;
|
||||
SSL_CTX* ctx = NULL;
|
||||
|
@ -470,26 +498,28 @@ run(struct http2_session* h2_session, int port, int count, char** q)
|
|||
fd = open_svr(h2_session->authority, port);
|
||||
h2_session->fd = fd;
|
||||
|
||||
ctx = connect_sslctx_create(NULL, NULL, NULL, 0);
|
||||
if(!ctx) fatal_exit("cannot create ssl ctx");
|
||||
SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3);
|
||||
ssl = outgoing_ssl_fd(ctx, fd);
|
||||
if(!ssl) {
|
||||
printf("cannot create ssl\n");
|
||||
exit(1);
|
||||
}
|
||||
h2_session->ssl = ssl;
|
||||
while(1) {
|
||||
int r;
|
||||
ERR_clear_error();
|
||||
if( (r=SSL_do_handshake(ssl)) == 1)
|
||||
break;
|
||||
r = SSL_get_error(ssl, r);
|
||||
if(r != SSL_ERROR_WANT_READ &&
|
||||
r != SSL_ERROR_WANT_WRITE) {
|
||||
log_crypto_err("could not ssl_handshake");
|
||||
if(!no_tls) {
|
||||
ctx = connect_sslctx_create(NULL, NULL, NULL, 0);
|
||||
if(!ctx) fatal_exit("cannot create ssl ctx");
|
||||
SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3);
|
||||
ssl = outgoing_ssl_fd(ctx, fd);
|
||||
if(!ssl) {
|
||||
printf("cannot create ssl\n");
|
||||
exit(1);
|
||||
}
|
||||
h2_session->ssl = ssl;
|
||||
while(1) {
|
||||
int r;
|
||||
ERR_clear_error();
|
||||
if( (r=SSL_do_handshake(ssl)) == 1)
|
||||
break;
|
||||
r = SSL_get_error(ssl, r);
|
||||
if(r != SSL_ERROR_WANT_READ &&
|
||||
r != SSL_ERROR_WANT_WRITE) {
|
||||
log_crypto_err("could not ssl_handshake");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
http2_submit_setting(h2_session);
|
||||
|
@ -511,9 +541,13 @@ run(struct http2_session* h2_session, int port, int count, char** q)
|
|||
|
||||
/* shutdown */
|
||||
http2_session_delete(h2_session);
|
||||
SSL_shutdown(ssl);
|
||||
SSL_free(ssl);
|
||||
SSL_CTX_free(ctx);
|
||||
if(ssl) {
|
||||
SSL_shutdown(ssl);
|
||||
SSL_free(ssl);
|
||||
}
|
||||
if(ctx) {
|
||||
SSL_CTX_free(ctx);
|
||||
}
|
||||
close(fd);
|
||||
}
|
||||
|
||||
|
@ -524,10 +558,21 @@ extern char* optarg;
|
|||
int main(int argc, char** argv)
|
||||
{
|
||||
int c;
|
||||
int port = UNBOUND_DNS_OVER_HTTPS_PORT;
|
||||
struct http2_session* h2_session = http2_session_create();
|
||||
if(!h2_session) fatal_exit("out of memory");
|
||||
int port = UNBOUND_DNS_OVER_HTTPS_PORT, no_tls = 0;
|
||||
struct http2_session* h2_session;
|
||||
|
||||
#ifdef USE_WINSOCK
|
||||
WSADATA wsa_data;
|
||||
if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) {
|
||||
printf("WSAStartup failed\n");
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
log_init(0, 0, 0);
|
||||
checklock_start();
|
||||
|
||||
h2_session = http2_session_create();
|
||||
if(!h2_session) fatal_exit("out of memory");
|
||||
if(argc == 1) {
|
||||
usage(argv);
|
||||
}
|
||||
|
@ -537,7 +582,7 @@ int main(int argc, char** argv)
|
|||
h2_session->endpoint = "/dns-query";
|
||||
h2_session->content_type = "application/dns-message";
|
||||
|
||||
while((c=getopt(argc, argv, "c:e:hs:p:P")) != -1) {
|
||||
while((c=getopt(argc, argv, "c:e:hns:p:P")) != -1) {
|
||||
switch(c) {
|
||||
case 'c':
|
||||
h2_session->content_type = optarg;
|
||||
|
@ -545,6 +590,9 @@ int main(int argc, char** argv)
|
|||
case 'e':
|
||||
h2_session->endpoint = optarg;
|
||||
break;
|
||||
case 'n':
|
||||
no_tls = 1;
|
||||
break;
|
||||
case 'p':
|
||||
if(atoi(optarg)==0 && strcmp(optarg,"0")!=0) {
|
||||
printf("error parsing port, "
|
||||
|
@ -573,8 +621,12 @@ int main(int argc, char** argv)
|
|||
}
|
||||
|
||||
|
||||
run(h2_session, port, argc, argv);
|
||||
run(h2_session, port, no_tls, argc, argv);
|
||||
|
||||
checklock_stop();
|
||||
#ifdef USE_WINSOCK
|
||||
WSACleanup();
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
|
|
|
@ -872,6 +872,7 @@ listen_create(struct comm_base* base, struct listen_port* ATTR_UNUSED(ports),
|
|||
int ATTR_UNUSED(harden_large_queries),
|
||||
uint32_t ATTR_UNUSED(http_max_streams),
|
||||
char* ATTR_UNUSED(http_endpoint),
|
||||
int ATTR_UNUSED(http_notls),
|
||||
struct tcl_list* ATTR_UNUSED(tcp_conn_limit),
|
||||
void* ATTR_UNUSED(sslctx), struct dt_env* ATTR_UNUSED(dtenv),
|
||||
comm_point_callback_type* cb, void *cb_arg)
|
||||
|
@ -1044,7 +1045,7 @@ outside_network_create(struct comm_base* base, size_t bufsize,
|
|||
void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param),
|
||||
int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx),
|
||||
int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni),
|
||||
struct dt_env* ATTR_UNUSED(dtenv))
|
||||
struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect))
|
||||
{
|
||||
struct replay_runtime* runtime = (struct replay_runtime*)base;
|
||||
struct outside_network* outnet = calloc(1,
|
||||
|
@ -1213,7 +1214,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
|
|||
sldns_buffer_flip(pend->buffer);
|
||||
if(1) {
|
||||
struct edns_data edns;
|
||||
struct edns_tag_addr* client_tag_addr;
|
||||
struct edns_string_addr* client_string_addr;
|
||||
if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen,
|
||||
zone, zonelen, qstate, qstate->region)) {
|
||||
free(pend);
|
||||
|
@ -1227,13 +1228,13 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
|
|||
edns.bits = 0;
|
||||
if(dnssec)
|
||||
edns.bits = EDNS_DO;
|
||||
if((client_tag_addr = edns_tag_addr_lookup(
|
||||
&env->edns_tags->client_tags,
|
||||
if((client_string_addr = edns_string_addr_lookup(
|
||||
&env->edns_strings->client_strings,
|
||||
addr, addrlen))) {
|
||||
uint16_t client_tag = htons(client_tag_addr->tag_data);
|
||||
edns_opt_list_append(&qstate->edns_opts_back_out,
|
||||
env->edns_tags->client_tag_opcode, 2,
|
||||
(uint8_t*)&client_tag, qstate->region);
|
||||
env->edns_strings->client_string_opcode,
|
||||
client_string_addr->string_len,
|
||||
client_string_addr->string, qstate->region);
|
||||
}
|
||||
edns.opt_list = qstate->edns_opts_back_out;
|
||||
attach_edns_record(pend->buffer, &edns);
|
||||
|
@ -1510,6 +1511,18 @@ int serviced_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b))
|
|||
return 0;
|
||||
}
|
||||
|
||||
int reuse_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b))
|
||||
{
|
||||
log_assert(0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int reuse_id_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b))
|
||||
{
|
||||
log_assert(0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* timers in testbound for autotrust. statistics tested in tdir. */
|
||||
struct comm_timer* comm_timer_create(struct comm_base* base,
|
||||
void (*cb)(void*), void* cb_arg)
|
||||
|
|
|
@ -40,6 +40,8 @@ cleanup() {
|
|||
exit 0
|
||||
}
|
||||
trap cleanup INT
|
||||
# stop tests from notifying systemd, if that is compiled in.
|
||||
export -n NOTIFY_SOCKET
|
||||
|
||||
for t in $RUNLIST
|
||||
do
|
||||
|
|
|
@ -362,6 +362,10 @@ main(int argc, char* argv[])
|
|||
/* we do not want the test to depend on the timezone */
|
||||
(void)putenv("TZ=UTC");
|
||||
memset(pass_argv, 0, sizeof(pass_argv));
|
||||
#ifdef HAVE_SYSTEMD
|
||||
/* we do not want the test to use systemd daemon startup notification*/
|
||||
(void)unsetenv("NOTIFY_SOCKET");
|
||||
#endif /* HAVE_SYSTEMD */
|
||||
|
||||
log_init(NULL, 0, NULL);
|
||||
/* determine commandline options for the daemon */
|
||||
|
|
|
@ -839,6 +839,52 @@ static void respip_test(void)
|
|||
respip_conf_actions_test();
|
||||
}
|
||||
|
||||
#include "services/outside_network.h"
|
||||
/** add number of new IDs to the reuse tree, randomly chosen */
|
||||
static void tcpid_addmore(struct reuse_tcp* reuse,
|
||||
struct outside_network* outnet, unsigned int addnum)
|
||||
{
|
||||
unsigned int i;
|
||||
struct waiting_tcp* w;
|
||||
for(i=0; i<addnum; i++) {
|
||||
uint16_t id = reuse_tcp_select_id(reuse, outnet);
|
||||
unit_assert(!reuse_tcp_by_id_find(reuse, id));
|
||||
w = calloc(1, sizeof(*w));
|
||||
unit_assert(w);
|
||||
w->id = id;
|
||||
w->outnet = outnet;
|
||||
w->next_waiting = (void*)reuse->pending;
|
||||
reuse_tree_by_id_insert(reuse, w);
|
||||
}
|
||||
}
|
||||
|
||||
/** fill up the reuse ID tree and test assertions */
|
||||
static void tcpid_fillup(struct reuse_tcp* reuse,
|
||||
struct outside_network* outnet)
|
||||
{
|
||||
int t, numtest=3;
|
||||
for(t=0; t<numtest; t++) {
|
||||
rbtree_init(&reuse->tree_by_id, reuse_id_cmp);
|
||||
tcpid_addmore(reuse, outnet, 65535);
|
||||
reuse_del_readwait(&reuse->tree_by_id);
|
||||
}
|
||||
}
|
||||
|
||||
/** test TCP ID selection */
|
||||
static void tcpid_test(void)
|
||||
{
|
||||
struct pending_tcp pend;
|
||||
struct outside_network outnet;
|
||||
unit_show_func("services/outside_network.c", "reuse_tcp_select_id");
|
||||
memset(&pend, 0, sizeof(pend));
|
||||
pend.reuse.pending = &pend;
|
||||
memset(&outnet, 0, sizeof(outnet));
|
||||
outnet.rnd = ub_initstate(NULL);
|
||||
rbtree_init(&pend.reuse.tree_by_id, reuse_id_cmp);
|
||||
tcpid_fillup(&pend.reuse, &outnet);
|
||||
ub_randfree(outnet.rnd);
|
||||
}
|
||||
|
||||
void unit_show_func(const char* file, const char* func)
|
||||
{
|
||||
printf("test %s:%s\n", file, func);
|
||||
|
@ -907,6 +953,7 @@ main(int argc, char* argv[])
|
|||
infra_test();
|
||||
ldns_test();
|
||||
msgparse_test();
|
||||
tcpid_test();
|
||||
#ifdef CLIENT_SUBNET
|
||||
ecs_test();
|
||||
#endif /* CLIENT_SUBNET */
|
||||
|
|
2
testdata/dnstap.tdir/dnstap.pre
vendored
2
testdata/dnstap.tdir/dnstap.pre
vendored
|
@ -45,7 +45,7 @@ fi
|
|||
# make config file
|
||||
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < dnstap.conf > ub.conf
|
||||
# start unbound in the background
|
||||
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
|
||||
$PRE/unbound -d -c ub.conf -vvvv >unbound.log 2>&1 &
|
||||
UNBOUND_PID=$!
|
||||
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
|
||||
|
||||
|
|
2
testdata/dnstap.tdir/dnstap.test
vendored
2
testdata/dnstap.tdir/dnstap.test
vendored
|
@ -59,6 +59,8 @@ dig @127.0.0.1 -p $UNBOUND_PORT q7.example.net.
|
|||
dig @127.0.0.1 -p $UNBOUND_PORT q8.example.net.
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT q9.example.net.
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT q10.example.net.
|
||||
echo "> wait for log to happen on timer"
|
||||
sleep 3
|
||||
for x in q1 q2 q3 q4 5 q6 q7 q8 q9 q10; do
|
||||
if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi
|
||||
if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi
|
||||
|
|
28
testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf
vendored
Normal file
28
testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf
vendored
Normal file
|
@ -0,0 +1,28 @@
|
|||
server:
|
||||
verbosity: 2
|
||||
# num-threads: 1
|
||||
interface: 127.0.0.1@@PORT@
|
||||
https-port: @PORT@
|
||||
tls-service-key: "unbound_server.key"
|
||||
tls-service-pem: "unbound_server.pem"
|
||||
use-syslog: no
|
||||
directory: .
|
||||
pidfile: "unbound.pid"
|
||||
chroot: ""
|
||||
username: ""
|
||||
do-not-query-localhost: no
|
||||
http-query-buffer-size: 1G
|
||||
http-response-buffer-size: 1G
|
||||
http-max-streams: 200
|
||||
http-notls-downstream: yes
|
||||
|
||||
local-zone: "example.net" static
|
||||
local-data: "www1.example.net. IN A 1.2.3.1"
|
||||
local-data: "www2.example.net. IN A 1.2.3.2"
|
||||
local-data: "www3.example.net. IN A 1.2.3.3"
|
||||
local-zone: "drop.net" deny
|
||||
tcp-upstream: yes
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: "127.0.0.1@@TOPORT@"
|
16
testdata/doh_downstream_notls.tdir/doh_downstream_notls.dsc
vendored
Normal file
16
testdata/doh_downstream_notls.tdir/doh_downstream_notls.dsc
vendored
Normal file
|
@ -0,0 +1,16 @@
|
|||
BaseName: doh_downstream_notls
|
||||
Version: 1.0
|
||||
Description: Test DNS-over-HTTP query processing with no-tls
|
||||
CreationDate: Mon Jun 12 12:00:00 CET 2020
|
||||
Maintainer:
|
||||
Category:
|
||||
Component:
|
||||
CmdDepends:
|
||||
Depends:
|
||||
Help:
|
||||
Pre: doh_downstream_notls.pre
|
||||
Post: doh_downstream_notls.post
|
||||
Test: doh_downstream_notls.test
|
||||
AuxFiles:
|
||||
Passed:
|
||||
Failure:
|
13
testdata/doh_downstream_notls.tdir/doh_downstream_notls.post
vendored
Normal file
13
testdata/doh_downstream_notls.tdir/doh_downstream_notls.post
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
# #-- doh_downstream_notls.post --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# source the test var file when it's there
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
#
|
||||
# do your teardown here
|
||||
PRE="../.."
|
||||
if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
|
||||
. ../common.sh
|
||||
kill_pid $FWD_PID
|
||||
kill_pid $UNBOUND_PID
|
||||
cat unbound.log
|
33
testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre
vendored
Normal file
33
testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre
vendored
Normal file
|
@ -0,0 +1,33 @@
|
|||
# #-- doh_downstream_notls.pre--#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
PRE="../.."
|
||||
. ../common.sh
|
||||
if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
|
||||
|
||||
get_random_port 2
|
||||
UNBOUND_PORT=$RND_PORT
|
||||
FWD_PORT=$(($RND_PORT + 1))
|
||||
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
|
||||
echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
|
||||
|
||||
# start forwarder
|
||||
get_ldns_testns
|
||||
$LDNS_TESTNS -p $FWD_PORT doh_downstream_notls.testns >fwd.log 2>&1 &
|
||||
FWD_PID=$!
|
||||
echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
|
||||
|
||||
# make config file
|
||||
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_notls.conf > ub.conf
|
||||
# start unbound in the background
|
||||
$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 &
|
||||
UNBOUND_PID=$!
|
||||
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
|
||||
|
||||
cat .tpkg.var.test
|
||||
wait_ldns_testns_up fwd.log
|
||||
wait_unbound_up unbound.log
|
||||
|
339
testdata/doh_downstream_notls.tdir/doh_downstream_notls.test
vendored
Normal file
339
testdata/doh_downstream_notls.tdir/doh_downstream_notls.test
vendored
Normal file
|
@ -0,0 +1,339 @@
|
|||
# #-- doh_downstream_notls.test --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
PRE="../.."
|
||||
. ../common.sh
|
||||
if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi
|
||||
get_make
|
||||
(cd $PRE; $MAKE dohclient)
|
||||
|
||||
|
||||
# this test query should just work (server is up)
|
||||
echo "> query www1.example.net."
|
||||
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www1.example.net" outfile | grep "1.2.3.1"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
echo "OK"
|
||||
|
||||
# multiple requests (from localdata)
|
||||
echo "> query www1.example.net. www2.example.net. www3.example.net."
|
||||
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www1.example.net" outfile | grep "1.2.3.1"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www2.example.net" outfile | grep "1.2.3.2"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www3.example.net" outfile | grep "1.2.3.3"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# out of order requests, the example.com elements take 2 seconds to wait.
|
||||
echo ""
|
||||
echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net."
|
||||
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www1.example.net" outfile | grep "1.2.3.1"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www2.example.net" outfile | grep "1.2.3.2"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www3.example.net" outfile | grep "1.2.3.3"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www.example.com" outfile | grep "10.20.30.40"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www2.example.com" outfile | grep "10.20.30.42"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# out of order requests, the example.com elements take 2 seconds to wait.
|
||||
# www.example.com present twice, answered twice.
|
||||
echo ""
|
||||
echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net."
|
||||
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www1.example.net" outfile | grep "1.2.3.1"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www2.example.net" outfile | grep "1.2.3.2"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www3.example.net" outfile | grep "1.2.3.3"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www.example.com" outfile | grep "10.20.30.40"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# out of order requests, the example.com elements take 2 seconds to wait.
|
||||
# www3.example.com present twice, answered twice.
|
||||
echo ""
|
||||
echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net."
|
||||
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www1.example.net" outfile | grep "1.2.3.1"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www2.example.net" outfile | grep "1.2.3.2"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www3.example.net" outfile | grep "1.2.3.3"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www3.example.com" outfile | grep "10.20.30.43"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "> query www4.example.com. www3.example.net."
|
||||
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www3.example.net" outfile | grep "1.2.3.3"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www4.example.com" outfile | grep "10.20.30.44"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
echo ""
|
||||
echo "> query a1.example.com. - a90.example.com."
|
||||
$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
num_ans=$(grep -B 3 "a.example.com. IN A" outfile | grep "rcode: NOERROR" | wc -l )
|
||||
if test "$num_ans" -ne 90; then
|
||||
echo "number of answers not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "OK"
|
||||
exit 0
|
74
testdata/doh_downstream_notls.tdir/doh_downstream_notls.testns
vendored
Normal file
74
testdata/doh_downstream_notls.tdir/doh_downstream_notls.testns
vendored
Normal file
|
@ -0,0 +1,74 @@
|
|||
; nameserver test file
|
||||
$ORIGIN example.com.
|
||||
$TTL 3600
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
REPLY QR AA NOERROR
|
||||
ADJUST copy_id sleep=2
|
||||
SECTION QUESTION
|
||||
www IN A
|
||||
SECTION ANSWER
|
||||
www IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
REPLY QR AA NOERROR
|
||||
ADJUST copy_id
|
||||
SECTION QUESTION
|
||||
www2 IN A
|
||||
SECTION ANSWER
|
||||
www2 IN A 10.20.30.42
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
REPLY QR AA NOERROR
|
||||
ADJUST copy_id
|
||||
SECTION QUESTION
|
||||
www3 IN A
|
||||
SECTION ANSWER
|
||||
www3 IN A 10.20.30.43
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
REPLY QR AA NOERROR
|
||||
ADJUST copy_id sleep=2
|
||||
SECTION QUESTION
|
||||
www4 IN A
|
||||
SECTION ANSWER
|
||||
www4 IN A 10.20.30.44
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
REPLY QR AA NOERROR
|
||||
ADJUST copy_id sleep=2
|
||||
SECTION QUESTION
|
||||
www5 IN A
|
||||
SECTION ANSWER
|
||||
www5 IN A 10.20.30.45
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
REPLY QR AA NOERROR
|
||||
ADJUST copy_id sleep=2
|
||||
SECTION QUESTION
|
||||
www6 IN A
|
||||
SECTION ANSWER
|
||||
www6 IN A 10.20.30.46
|
||||
ENTRY_END
|
||||
|
||||
; lots of noerror/nodata answers for other queries (a.. queries)
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype subdomain
|
||||
REPLY QR AA NOERROR
|
||||
ADJUST copy_id copy_query
|
||||
SECTION QUESTION
|
||||
a.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN SOA ns hostmaster 2019 28800 7200 604800 3600
|
||||
ENTRY_END
|
15
testdata/doh_downstream_notls.tdir/unbound_server.key
vendored
Normal file
15
testdata/doh_downstream_notls.tdir/unbound_server.key
vendored
Normal file
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
|
||||
3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
|
||||
RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
|
||||
AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
|
||||
6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
|
||||
sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
|
||||
XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
|
||||
fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
|
||||
CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
|
||||
0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
|
||||
oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
|
||||
In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
|
||||
LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
|
||||
-----END RSA PRIVATE KEY-----
|
11
testdata/doh_downstream_notls.tdir/unbound_server.pem
vendored
Normal file
11
testdata/doh_downstream_notls.tdir/unbound_server.pem
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
|
||||
bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE
|
||||
AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS
|
||||
y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/
|
||||
/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu
|
||||
g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ
|
||||
9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG
|
||||
l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH
|
||||
Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg==
|
||||
-----END CERTIFICATE-----
|
|
@ -1,14 +1,14 @@
|
|||
; config options
|
||||
server:
|
||||
edns-client-tag: 10.0.0.0/24 1234
|
||||
edns-client-tag: 10.0.0.10/32 5678
|
||||
edns-client-string: 10.0.0.0/24 "abc d"
|
||||
edns-client-string: 10.0.0.10/32 "123AbC!"
|
||||
|
||||
stub-zone:
|
||||
name: "tag1234."
|
||||
name: "edns-string-abc."
|
||||
stub-addr: 10.0.0.1
|
||||
|
||||
stub-zone:
|
||||
name: "tag5678."
|
||||
name: "edns-string-123."
|
||||
stub-addr: 10.0.0.10
|
||||
|
||||
stub-zone:
|
||||
|
@ -17,7 +17,7 @@ stub-zone:
|
|||
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test EDNS client tag option
|
||||
SCENARIO_BEGIN Test EDNS string tag option
|
||||
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 10.0.0.1
|
||||
|
@ -26,9 +26,9 @@ MATCH opcode qtype qname
|
|||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
tag1234. IN A
|
||||
edns-string-abc. IN A
|
||||
SECTION ANSWER
|
||||
tag1234. IN A 10.20.30.40
|
||||
edns-string-abc. IN A 10.20.30.40
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
@ -40,9 +40,9 @@ MATCH opcode qtype qname
|
|||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
tag5678. IN A
|
||||
edns-string-123. IN A
|
||||
SECTION ANSWER
|
||||
tag5678. IN A 10.20.30.40
|
||||
edns-string-123. IN A 10.20.30.40
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
@ -65,19 +65,19 @@ STEP 10 QUERY
|
|||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
tag1234. IN A
|
||||
edns-string-abc. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 20 CHECK_OUT_QUERY
|
||||
ENTRY_BEGIN
|
||||
MATCH qname qtype opcode ednsdata
|
||||
SECTION QUESTION
|
||||
tag1234. IN A
|
||||
edns-string-abc. IN A
|
||||
SECTION ADDITIONAL
|
||||
HEX_EDNSDATA_BEGIN
|
||||
00 10 ; Opcode 16
|
||||
00 02 ; Length 2
|
||||
04 d2 ; 1234
|
||||
fd e9 ; Opcode 65001
|
||||
00 05 ; Length 5
|
||||
61 62 63 20 64 ; "abc d"
|
||||
HEX_EDNSDATA_END
|
||||
ENTRY_END
|
||||
|
||||
|
@ -86,28 +86,29 @@ ENTRY_BEGIN
|
|||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
tag1234. IN A
|
||||
edns-string-abc. IN A
|
||||
SECTION ANSWER
|
||||
tag1234. IN A 10.20.30.40
|
||||
edns-string-abc. IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
|
||||
STEP 110 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
tag5678. IN A
|
||||
edns-string-123. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 120 CHECK_OUT_QUERY
|
||||
ENTRY_BEGIN
|
||||
MATCH qname qtype opcode ednsdata
|
||||
SECTION QUESTION
|
||||
tag5678. IN A
|
||||
edns-string-123. IN A
|
||||
SECTION ADDITIONAL
|
||||
HEX_EDNSDATA_BEGIN
|
||||
00 10 ; Opcode 16
|
||||
00 02 ; Length 2
|
||||
16 2e ; 5678
|
||||
fd e9 ; Opcode 65001
|
||||
00 07 ; Length 7
|
||||
31 32 33 41 62 ; "123Ab"
|
||||
43 21 ; "C!"
|
||||
HEX_EDNSDATA_END
|
||||
ENTRY_END
|
||||
|
||||
|
@ -116,9 +117,9 @@ ENTRY_BEGIN
|
|||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
tag5678. IN A
|
||||
edns-string-123. IN A
|
||||
SECTION ANSWER
|
||||
tag5678. IN A 10.20.30.40
|
||||
edns-string-123. IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
|
||||
STEP 210 QUERY
|
153
testdata/edns_client_string_opcode.rpl
vendored
Normal file
153
testdata/edns_client_string_opcode.rpl
vendored
Normal file
|
@ -0,0 +1,153 @@
|
|||
; config options
|
||||
server:
|
||||
edns-client-string: 10.0.0.0/24 "abc d"
|
||||
edns-client-string: 10.0.0.10/32 "123AbC!"
|
||||
edns-client-string-opcode: 65432
|
||||
|
||||
stub-zone:
|
||||
name: "edns-string-abc."
|
||||
stub-addr: 10.0.0.1
|
||||
|
||||
stub-zone:
|
||||
name: "edns-string-123."
|
||||
stub-addr: 10.0.0.10
|
||||
|
||||
stub-zone:
|
||||
name: "notag."
|
||||
stub-addr: 10.10.0.1
|
||||
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test EDNS string tag option
|
||||
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 10.0.0.1
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
edns-string-abc. IN A
|
||||
SECTION ANSWER
|
||||
edns-string-abc. IN A 10.20.30.40
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 10.0.0.10
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
edns-string-123. IN A
|
||||
SECTION ANSWER
|
||||
edns-string-123. IN A 10.20.30.40
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
RANGE_BEGIN 0 1000
|
||||
ADDRESS 10.10.0.1
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
notag. IN A
|
||||
SECTION ANSWER
|
||||
notag. IN A 10.20.30.40
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 10 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
edns-string-abc. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 20 CHECK_OUT_QUERY
|
||||
ENTRY_BEGIN
|
||||
MATCH qname qtype opcode ednsdata
|
||||
SECTION QUESTION
|
||||
edns-string-abc. IN A
|
||||
SECTION ADDITIONAL
|
||||
HEX_EDNSDATA_BEGIN
|
||||
ff 98 ; Opcode 65432
|
||||
00 05 ; Length 5
|
||||
61 62 63 20 64 ; "abc d"
|
||||
HEX_EDNSDATA_END
|
||||
ENTRY_END
|
||||
|
||||
STEP 30 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
edns-string-abc. IN A
|
||||
SECTION ANSWER
|
||||
edns-string-abc. IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
|
||||
STEP 110 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
edns-string-123. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 120 CHECK_OUT_QUERY
|
||||
ENTRY_BEGIN
|
||||
MATCH qname qtype opcode ednsdata
|
||||
SECTION QUESTION
|
||||
edns-string-123. IN A
|
||||
SECTION ADDITIONAL
|
||||
HEX_EDNSDATA_BEGIN
|
||||
ff 98 ; Opcode 65432
|
||||
00 07 ; Length 7
|
||||
31 32 33 41 62 ; "123Ab"
|
||||
43 21 ; "C!"
|
||||
HEX_EDNSDATA_END
|
||||
ENTRY_END
|
||||
|
||||
STEP 130 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
edns-string-123. IN A
|
||||
SECTION ANSWER
|
||||
edns-string-123. IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
|
||||
STEP 210 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
notag. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 220 CHECK_OUT_QUERY
|
||||
ENTRY_BEGIN
|
||||
MATCH qname qtype opcode ednsdata
|
||||
SECTION QUESTION
|
||||
notag. IN A
|
||||
SECTION ADDITIONAL
|
||||
HEX_EDNSDATA_BEGIN
|
||||
HEX_EDNSDATA_END
|
||||
ENTRY_END
|
||||
|
||||
STEP 230 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
notag. IN A
|
||||
SECTION ANSWER
|
||||
notag. IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
1
testdata/fwd_oneport.tdir/fwd_oneport.conf
vendored
1
testdata/fwd_oneport.tdir/fwd_oneport.conf
vendored
|
@ -13,6 +13,7 @@ server:
|
|||
num-queries-per-thread: 1024
|
||||
use-syslog: no
|
||||
do-not-query-localhost: no
|
||||
udp-connect: no
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: "127.0.0.1@@TOPORT@"
|
||||
|
|
17
testdata/tcp_reuse.tdir/tcp_reuse.conf
vendored
Normal file
17
testdata/tcp_reuse.tdir/tcp_reuse.conf
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
server:
|
||||
verbosity: 5
|
||||
# num-threads: 1
|
||||
interface: 127.0.0.1
|
||||
port: @PORT@
|
||||
use-syslog: no
|
||||
directory: .
|
||||
pidfile: "unbound.pid"
|
||||
chroot: ""
|
||||
username: ""
|
||||
do-not-query-localhost: no
|
||||
|
||||
tcp-upstream: yes
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: "127.0.0.1@@TOPORT@"
|
39
testdata/tcp_reuse.tdir/tcp_reuse.conf2
vendored
Normal file
39
testdata/tcp_reuse.tdir/tcp_reuse.conf2
vendored
Normal file
|
@ -0,0 +1,39 @@
|
|||
# this is the upstream server that has pipelining and responds to queries.
|
||||
server:
|
||||
verbosity: 1
|
||||
# num-threads: 1
|
||||
interface: 127.0.0.1
|
||||
port: @PORT@
|
||||
use-syslog: no
|
||||
directory: .
|
||||
pidfile: "unbound2.pid"
|
||||
chroot: ""
|
||||
username: ""
|
||||
do-not-query-localhost: no
|
||||
tcp-idle-timeout: 10000
|
||||
|
||||
log-queries: yes
|
||||
log-replies: yes
|
||||
log-identity: "upstream"
|
||||
|
||||
local-zone: "." refuse
|
||||
local-zone: "example.com" static
|
||||
local-data: "www.example.com A 10.20.30.40"
|
||||
local-data: "www1.example.com A 10.20.30.41"
|
||||
local-data: "www2.example.com A 10.20.30.42"
|
||||
local-data: "www3.example.com A 10.20.30.43"
|
||||
local-data: "www4.example.com A 10.20.30.44"
|
||||
local-data: "www5.example.com A 10.20.30.45"
|
||||
local-data: "www6.example.com A 10.20.30.46"
|
||||
local-data: "www7.example.com A 10.20.30.47"
|
||||
|
||||
local-zone: "drop.net" deny
|
||||
local-zone: "refuse.net" refuse
|
||||
|
||||
local-zone: "more.net" redirect
|
||||
local-data: "more.net A 10.20.30.40"
|
||||
|
||||
# if queries escape, send them to localhost
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: "127.0.0.1@@TOPORT@"
|
16
testdata/tcp_reuse.tdir/tcp_reuse.dsc
vendored
Normal file
16
testdata/tcp_reuse.tdir/tcp_reuse.dsc
vendored
Normal file
|
@ -0,0 +1,16 @@
|
|||
BaseName: tcp_reuse
|
||||
Version: 1.0
|
||||
Description: Test tcp stream reuse.
|
||||
CreationDate: Wed Jun 03 09:37:00 CET 2020
|
||||
Maintainer: Wouter Wijngaards
|
||||
Category:
|
||||
Component:
|
||||
CmdDepends:
|
||||
Depends:
|
||||
Help:
|
||||
Pre: tcp_reuse.pre
|
||||
Post: tcp_reuse.post
|
||||
Test: tcp_reuse.test
|
||||
AuxFiles:
|
||||
Passed:
|
||||
Failure:
|
19
testdata/tcp_reuse.tdir/tcp_reuse.post
vendored
Normal file
19
testdata/tcp_reuse.tdir/tcp_reuse.post
vendored
Normal file
|
@ -0,0 +1,19 @@
|
|||
# #-- tcp_reuse.post --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# source the test var file when it's there
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
#
|
||||
# do your teardown here
|
||||
. ../common.sh
|
||||
kill_pid `cat unbound2.pid`
|
||||
if test -f unbound2.log; then
|
||||
echo ">>> upstream log"
|
||||
cat unbound2.log
|
||||
fi
|
||||
#kill_pid $UNBOUND_PID
|
||||
kill_pid `cat unbound.pid`
|
||||
if test -f unbound.log; then
|
||||
echo ">>> unbound log"
|
||||
cat unbound.log
|
||||
fi
|
34
testdata/tcp_reuse.tdir/tcp_reuse.pre
vendored
Normal file
34
testdata/tcp_reuse.tdir/tcp_reuse.pre
vendored
Normal file
|
@ -0,0 +1,34 @@
|
|||
# #-- tcp_reuse.pre--#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
PRE="../.."
|
||||
. ../common.sh
|
||||
get_random_port 2
|
||||
UNBOUND_PORT=$RND_PORT
|
||||
UPSTREAM_PORT=$(($RND_PORT + 1))
|
||||
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
|
||||
echo "UPSTREAM_PORT=$UPSTREAM_PORT" >> .tpkg.var.test
|
||||
|
||||
# make config file
|
||||
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tcp_reuse.conf > ub.conf
|
||||
# start unbound in the background
|
||||
#$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
|
||||
$PRE/unbound -d -c ub.conf 2>&1 | tee unbound.log &
|
||||
UNBOUND_PID=$!
|
||||
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
|
||||
wait_unbound_up unbound.log
|
||||
|
||||
# make upstream config file
|
||||
sed -e 's/@PORT\@/'$UPSTREAM_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tcp_reuse.conf2 > ub2.conf
|
||||
# start upstream unbound in the background
|
||||
#$PRE/unbound -d -c ub2.conf >unbound2.log 2>&1 &
|
||||
$PRE/unbound -d -c ub2.conf 2>&1 | tee unbound2.log &
|
||||
UPSTREAM_PID=$!
|
||||
echo "UPSTREAM_PID=$UPSTREAM_PID" >> .tpkg.var.test
|
||||
wait_unbound_up unbound2.log
|
||||
|
||||
cat .tpkg.var.test
|
||||
|
309
testdata/tcp_reuse.tdir/tcp_reuse.test
vendored
Normal file
309
testdata/tcp_reuse.tdir/tcp_reuse.test
vendored
Normal file
|
@ -0,0 +1,309 @@
|
|||
# #-- tcp_reuse.test --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
PRE="../.."
|
||||
. ../common.sh
|
||||
|
||||
get_make
|
||||
(cd $PRE; $MAKE streamtcp)
|
||||
|
||||
echo "> query www1.example.com."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www1.example.com" outfile | grep "10.20.30.41"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www1.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www1.example.com"
|
||||
exit 1
|
||||
fi
|
||||
echo "OK"
|
||||
echo ""
|
||||
|
||||
# this should be reused on the same tcp stream:
|
||||
echo "> query www2.example.com."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www2.example.com" outfile | grep "10.20.30.42"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www2.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www2.example.com"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "> query refuse.net."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT refuse.net. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "rcode: SERVFAIL" outfile; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for refuse.net"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for refuse.net"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "> query www3.example.com."
|
||||
echo "> query www4.example.com."
|
||||
echo "> query www5.example.com."
|
||||
echo "> query www6.example.com."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www3.example.com. A IN >outfile3 2>&1 &
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN >outfile4 2>&1 &
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN >outfile5 2>&1 &
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN >outfile6 2>&1 &
|
||||
wait
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile3
|
||||
cat outfile4
|
||||
cat outfile5
|
||||
cat outfile6
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www3.example.com" outfile3 | grep "10.20.30.43"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www3.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile3
|
||||
cat outfile4
|
||||
cat outfile5
|
||||
cat outfile6
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www3.example.com"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www4.example.com" outfile4 | grep "10.20.30.44"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www4.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile3
|
||||
cat outfile4
|
||||
cat outfile5
|
||||
cat outfile6
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www4.example.com"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www5.example.com" outfile5 | grep "10.20.30.45"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www5.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile3
|
||||
cat outfile4
|
||||
cat outfile5
|
||||
cat outfile6
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www5.example.com"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www6.example.com" outfile6 | grep "10.20.30.46"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www6.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile3
|
||||
cat outfile4
|
||||
cat outfile5
|
||||
cat outfile6
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www6.example.com"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "> query a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net"
|
||||
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a1.more.net A IN a2.more.net A IN a3.more.net A IN a4.more.net A IN a5.more.net A IN >outfile 2>&1
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
cat outfile
|
||||
for x in a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net; do
|
||||
if grep "$x" outfile | grep "10.20.30.40"; then
|
||||
echo "content OK for $x"
|
||||
else
|
||||
echo "result contents not OK, for $x"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for $x"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# make the server timeout to drop the upstream connection
|
||||
echo "> sleep 15"
|
||||
sleep 15
|
||||
# see if we are still up.
|
||||
echo "> query a7.more.net"
|
||||
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a7.more.net A IN >outfile 2>&1
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
cat outfile
|
||||
for x in a7.more.net; do
|
||||
if grep "$x" outfile | grep "10.20.30.40"; then
|
||||
echo "content OK for $x"
|
||||
else
|
||||
echo "result contents not OK, for $x"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for $x"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# dropconn.drop.net make the server drop the connection.
|
||||
echo "> query a11.more.net a12.more.net dropconn.drop.net a14.more.net a15.more.net"
|
||||
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a11.more.net A IN a12.more.net A IN dropconn.drop.net A IN a14.more.net A IN a15.more.net A IN >outfile 2>&1
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
cat outfile
|
||||
# cannot really check outfile, because it may or may not have answers depending
|
||||
# on how fast the other server responds or the drop happens, but there are
|
||||
# a bunch of connection drops, whilst resolving the other queries.
|
||||
|
||||
echo "> query drop.net."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT drop.net. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "rcode: SERVFAIL" outfile; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for drop.net"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for drop.net"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# timeouts at the end. (so that the server is not marked as failed for
|
||||
# the other tests).
|
||||
echo "> query q1.drop.net."
|
||||
echo "> query q2.drop.net."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q1.drop.net. A IN >outfile1 2>&1 &
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q2.drop.net. A IN >outfile2 2>&1 &
|
||||
wait
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile1
|
||||
cat outfile2
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
cat outfile1
|
||||
cat outfile2
|
||||
if grep "rcode: SERVFAIL" outfile1; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for q1.drop.net"
|
||||
echo "> cat logfiles"
|
||||
cat outfile1
|
||||
cat outfile2
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for q1.drop.net"
|
||||
exit 1
|
||||
fi
|
||||
if grep "rcode: SERVFAIL" outfile2; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for q2.drop.net"
|
||||
echo "> cat logfiles"
|
||||
cat outfile1
|
||||
cat outfile2
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for q2.drop.net"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "OK"
|
||||
exit 0
|
18
testdata/tls_reuse.tdir/tls_reuse.conf
vendored
Normal file
18
testdata/tls_reuse.tdir/tls_reuse.conf
vendored
Normal file
|
@ -0,0 +1,18 @@
|
|||
server:
|
||||
verbosity: 5
|
||||
# num-threads: 1
|
||||
interface: 127.0.0.1
|
||||
port: @PORT@
|
||||
use-syslog: no
|
||||
directory: .
|
||||
pidfile: "unbound.pid"
|
||||
chroot: ""
|
||||
username: ""
|
||||
do-not-query-localhost: no
|
||||
|
||||
tls-cert-bundle: "unbound_server.pem"
|
||||
tls-upstream: yes
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: "127.0.0.1@@TOPORT@#unbound"
|
43
testdata/tls_reuse.tdir/tls_reuse.conf2
vendored
Normal file
43
testdata/tls_reuse.tdir/tls_reuse.conf2
vendored
Normal file
|
@ -0,0 +1,43 @@
|
|||
# this is the upstream server that has pipelining and responds to queries.
|
||||
server:
|
||||
verbosity: 1
|
||||
# num-threads: 1
|
||||
interface: 127.0.0.1@@PORT@
|
||||
port: @PORT@
|
||||
use-syslog: no
|
||||
directory: .
|
||||
pidfile: "unbound2.pid"
|
||||
chroot: ""
|
||||
username: ""
|
||||
do-not-query-localhost: no
|
||||
tls-port: @PORT@
|
||||
tls-service-key: "unbound_server.key"
|
||||
tls-service-pem: "unbound_server.pem"
|
||||
tcp-idle-timeout: 10000
|
||||
|
||||
log-queries: yes
|
||||
log-replies: yes
|
||||
log-identity: "upstream"
|
||||
|
||||
local-zone: "." refuse
|
||||
local-zone: "example.com" static
|
||||
local-data: "www.example.com A 10.20.30.40"
|
||||
local-data: "www1.example.com A 10.20.30.41"
|
||||
local-data: "www2.example.com A 10.20.30.42"
|
||||
local-data: "www3.example.com A 10.20.30.43"
|
||||
local-data: "www4.example.com A 10.20.30.44"
|
||||
local-data: "www5.example.com A 10.20.30.45"
|
||||
local-data: "www6.example.com A 10.20.30.46"
|
||||
local-data: "www7.example.com A 10.20.30.47"
|
||||
|
||||
local-zone: "drop.net" deny
|
||||
local-zone: "refuse.net" refuse
|
||||
|
||||
local-zone: "more.net" redirect
|
||||
local-data: "more.net A 10.20.30.40"
|
||||
|
||||
# if queries escape, send them to localhost
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: "127.0.0.1@@TOPORT@"
|
16
testdata/tls_reuse.tdir/tls_reuse.dsc
vendored
Normal file
16
testdata/tls_reuse.tdir/tls_reuse.dsc
vendored
Normal file
|
@ -0,0 +1,16 @@
|
|||
BaseName: tls_reuse
|
||||
Version: 1.0
|
||||
Description: Test tls stream reuse.
|
||||
CreationDate: Wed Jun 30 16:37:00 CET 2020
|
||||
Maintainer: Wouter Wijngaards
|
||||
Category:
|
||||
Component:
|
||||
CmdDepends:
|
||||
Depends:
|
||||
Help:
|
||||
Pre: tls_reuse.pre
|
||||
Post: tls_reuse.post
|
||||
Test: tls_reuse.test
|
||||
AuxFiles:
|
||||
Passed:
|
||||
Failure:
|
19
testdata/tls_reuse.tdir/tls_reuse.post
vendored
Normal file
19
testdata/tls_reuse.tdir/tls_reuse.post
vendored
Normal file
|
@ -0,0 +1,19 @@
|
|||
# #-- tls_reuse.post --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# source the test var file when it's there
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
#
|
||||
# do your teardown here
|
||||
. ../common.sh
|
||||
kill_pid `cat unbound2.pid`
|
||||
if test -f unbound2.log; then
|
||||
echo ">>> upstream log"
|
||||
cat unbound2.log
|
||||
fi
|
||||
#kill_pid $UNBOUND_PID
|
||||
kill_pid `cat unbound.pid`
|
||||
if test -f unbound.log; then
|
||||
echo ">>> unbound log"
|
||||
cat unbound.log
|
||||
fi
|
34
testdata/tls_reuse.tdir/tls_reuse.pre
vendored
Normal file
34
testdata/tls_reuse.tdir/tls_reuse.pre
vendored
Normal file
|
@ -0,0 +1,34 @@
|
|||
# #-- tls_reuse.pre--#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
PRE="../.."
|
||||
. ../common.sh
|
||||
get_random_port 2
|
||||
UNBOUND_PORT=$RND_PORT
|
||||
UPSTREAM_PORT=$(($RND_PORT + 1))
|
||||
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
|
||||
echo "UPSTREAM_PORT=$UPSTREAM_PORT" >> .tpkg.var.test
|
||||
|
||||
# make config file
|
||||
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tls_reuse.conf > ub.conf
|
||||
# start unbound in the background
|
||||
#$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
|
||||
$PRE/unbound -d -c ub.conf 2>&1 | tee unbound.log &
|
||||
UNBOUND_PID=$!
|
||||
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
|
||||
wait_unbound_up unbound.log
|
||||
|
||||
# make upstream config file
|
||||
sed -e 's/@PORT\@/'$UPSTREAM_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tls_reuse.conf2 > ub2.conf
|
||||
# start upstream unbound in the background
|
||||
#$PRE/unbound -d -c ub2.conf >unbound2.log 2>&1 &
|
||||
$PRE/unbound -d -c ub2.conf 2>&1 | tee unbound2.log &
|
||||
UPSTREAM_PID=$!
|
||||
echo "UPSTREAM_PID=$UPSTREAM_PID" >> .tpkg.var.test
|
||||
wait_unbound_up unbound2.log
|
||||
|
||||
cat .tpkg.var.test
|
||||
|
308
testdata/tls_reuse.tdir/tls_reuse.test
vendored
Normal file
308
testdata/tls_reuse.tdir/tls_reuse.test
vendored
Normal file
|
@ -0,0 +1,308 @@
|
|||
# #-- tls_reuse.test --#
|
||||
# source the master var file when it's there
|
||||
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
||||
# use .tpkg.var.test for in test variable passing
|
||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
PRE="../.."
|
||||
. ../common.sh
|
||||
|
||||
get_make
|
||||
(cd $PRE; $MAKE streamtcp)
|
||||
|
||||
echo "> query www1.example.com."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www1.example.com" outfile | grep "10.20.30.41"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www1.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www1.example.com"
|
||||
exit 1
|
||||
fi
|
||||
echo "OK"
|
||||
echo ""
|
||||
|
||||
# this should be reused on the same tcp stream:
|
||||
echo "> query www2.example.com."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www2.example.com" outfile | grep "10.20.30.42"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www2.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www2.example.com"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "> query refuse.net."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT refuse.net. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "rcode: SERVFAIL" outfile; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for refuse.net"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for refuse.net"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "> query www3.example.com."
|
||||
echo "> query www4.example.com."
|
||||
echo "> query www5.example.com."
|
||||
echo "> query www6.example.com."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www3.example.com. A IN >outfile3 2>&1 &
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN >outfile4 2>&1 &
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN >outfile5 2>&1 &
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN >outfile6 2>&1 &
|
||||
wait
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile3
|
||||
cat outfile4
|
||||
cat outfile5
|
||||
cat outfile6
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www3.example.com" outfile3 | grep "10.20.30.43"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www3.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile3
|
||||
cat outfile4
|
||||
cat outfile5
|
||||
cat outfile6
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www3.example.com"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www4.example.com" outfile4 | grep "10.20.30.44"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www4.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile3
|
||||
cat outfile4
|
||||
cat outfile5
|
||||
cat outfile6
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www4.example.com"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www5.example.com" outfile5 | grep "10.20.30.45"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www5.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile3
|
||||
cat outfile4
|
||||
cat outfile5
|
||||
cat outfile6
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www5.example.com"
|
||||
exit 1
|
||||
fi
|
||||
if grep "www6.example.com" outfile6 | grep "10.20.30.46"; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for www6.example.com"
|
||||
echo "> cat logfiles"
|
||||
cat outfile3
|
||||
cat outfile4
|
||||
cat outfile5
|
||||
cat outfile6
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for www6.example.com"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "> query a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net"
|
||||
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a1.more.net A IN a2.more.net A IN a3.more.net A IN a4.more.net A IN a5.more.net A IN >outfile 2>&1
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
cat outfile
|
||||
for x in a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net; do
|
||||
if grep "$x" outfile | grep "10.20.30.40"; then
|
||||
echo "content OK for $x"
|
||||
else
|
||||
echo "result contents not OK, for $x"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for $x"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# make the server timeout to drop the upstream connection
|
||||
echo "> sleep 15"
|
||||
sleep 15
|
||||
# see if we are still up.
|
||||
echo "> query a7.more.net"
|
||||
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a7.more.net A IN >outfile 2>&1
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
cat outfile
|
||||
for x in a7.more.net; do
|
||||
if grep "$x" outfile | grep "10.20.30.40"; then
|
||||
echo "content OK for $x"
|
||||
else
|
||||
echo "result contents not OK, for $x"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for $x"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# dropconn.drop.net make the server drop the connection.
|
||||
echo "> query a11.more.net a12.more.net dropconn.drop.net a14.more.net a15.more.net"
|
||||
$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a11.more.net A IN a12.more.net A IN dropconn.drop.net A IN a14.more.net A IN a15.more.net A IN >outfile 2>&1
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
cat outfile
|
||||
# cannot really check outfile, because it may or may not have answers depending
|
||||
# on how fast the other server responds or the drop happens, but there are
|
||||
# a bunch of connection drops, whilst resolving the other queries.
|
||||
|
||||
echo "> query drop.net."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT drop.net. A IN >outfile 2>&1
|
||||
cat outfile
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "rcode: SERVFAIL" outfile; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for drop.net"
|
||||
echo "> cat logfiles"
|
||||
cat outfile
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for drop.net"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# timeouts at the end. (so that the server is not marked as failed for
|
||||
# the other tests).
|
||||
echo "> query q1.drop.net."
|
||||
echo "> query q2.drop.net."
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q1.drop.net. A IN >outfile1 2>&1 &
|
||||
$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q2.drop.net. A IN >outfile2 2>&1 &
|
||||
wait
|
||||
if test "$?" -ne 0; then
|
||||
echo "exit status not OK"
|
||||
echo "> cat logfiles"
|
||||
cat outfile1
|
||||
cat outfile2
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
cat outfile1
|
||||
cat outfile2
|
||||
if grep "rcode: SERVFAIL" outfile1; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for q1.drop.net"
|
||||
echo "> cat logfiles"
|
||||
cat outfile1
|
||||
cat outfile2
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for q1.drop.net"
|
||||
exit 1
|
||||
fi
|
||||
if grep "rcode: SERVFAIL" outfile2; then
|
||||
echo "content OK"
|
||||
else
|
||||
echo "result contents not OK, for q2.drop.net"
|
||||
echo "> cat logfiles"
|
||||
cat outfile1
|
||||
cat outfile2
|
||||
cat unbound2.log
|
||||
cat unbound.log
|
||||
echo "result contents not OK, for q2.drop.net"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "OK"
|
||||
exit 0
|
39
testdata/tls_reuse.tdir/unbound_control.key
vendored
Normal file
39
testdata/tls_reuse.tdir/unbound_control.key
vendored
Normal file
|
@ -0,0 +1,39 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
|
||||
1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
|
||||
F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
|
||||
ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
|
||||
vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
|
||||
IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
|
||||
cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
|
||||
lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
|
||||
15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
|
||||
LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
|
||||
Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
|
||||
YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
|
||||
whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
|
||||
lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
|
||||
tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
|
||||
U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
|
||||
Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
|
||||
Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
|
||||
ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
|
||||
1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
|
||||
b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
|
||||
ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
|
||||
TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
|
||||
tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
|
||||
aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
|
||||
A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
|
||||
LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
|
||||
R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
|
||||
7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
|
||||
7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
|
||||
jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
|
||||
BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
|
||||
kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
|
||||
qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
|
||||
VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
|
||||
MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
|
||||
C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
|
||||
-----END RSA PRIVATE KEY-----
|
22
testdata/tls_reuse.tdir/unbound_control.pem
vendored
Normal file
22
testdata/tls_reuse.tdir/unbound_control.pem
vendored
Normal file
|
@ -0,0 +1,22 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
|
||||
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
|
||||
WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
|
||||
A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
|
||||
OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
|
||||
1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
|
||||
NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
|
||||
A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
|
||||
Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
|
||||
TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
|
||||
nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
|
||||
+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
|
||||
4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
|
||||
hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
|
||||
9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
|
||||
ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
|
||||
pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
|
||||
72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
|
||||
muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
|
||||
uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
|
||||
-----END CERTIFICATE-----
|
39
testdata/tls_reuse.tdir/unbound_server.key
vendored
Normal file
39
testdata/tls_reuse.tdir/unbound_server.key
vendored
Normal file
|
@ -0,0 +1,39 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
|
||||
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
|
||||
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
|
||||
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
|
||||
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
|
||||
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
|
||||
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
|
||||
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
|
||||
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
|
||||
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
|
||||
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
|
||||
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
|
||||
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
|
||||
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
|
||||
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
|
||||
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
|
||||
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
|
||||
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
|
||||
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
|
||||
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
|
||||
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
|
||||
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
|
||||
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
|
||||
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
|
||||
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
|
||||
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
|
||||
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
|
||||
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
|
||||
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
|
||||
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
|
||||
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
|
||||
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
|
||||
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
|
||||
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
|
||||
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
|
||||
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
|
||||
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
|
||||
-----END RSA PRIVATE KEY-----
|
22
testdata/tls_reuse.tdir/unbound_server.pem
vendored
Normal file
22
testdata/tls_reuse.tdir/unbound_server.pem
vendored
Normal file
|
@ -0,0 +1,22 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
|
||||
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
|
||||
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
|
||||
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
|
||||
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
|
||||
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
|
||||
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
|
||||
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
|
||||
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
|
||||
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
|
||||
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
|
||||
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
|
||||
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
|
||||
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
|
||||
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
|
||||
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
|
||||
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
|
||||
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
|
||||
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
|
||||
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
|
||||
-----END CERTIFICATE-----
|
|
@ -170,7 +170,9 @@ config_create(void)
|
|||
cfg->infra_cache_slabs = 4;
|
||||
cfg->infra_cache_numhosts = 10000;
|
||||
cfg->infra_cache_min_rtt = 50;
|
||||
cfg->infra_keep_probing = 0;
|
||||
cfg->delay_close = 0;
|
||||
cfg->udp_connect = 1;
|
||||
if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int))))
|
||||
goto error_exit;
|
||||
init_outgoing_availports(cfg->outgoing_avail_ports, 65536);
|
||||
|
@ -321,8 +323,8 @@ config_create(void)
|
|||
cfg->qname_minimisation_strict = 0;
|
||||
cfg->shm_enable = 0;
|
||||
cfg->shm_key = 11777;
|
||||
cfg->edns_client_tags = NULL;
|
||||
cfg->edns_client_tag_opcode = LDNS_EDNS_CLIENT_TAG;
|
||||
cfg->edns_client_strings = NULL;
|
||||
cfg->edns_client_string_opcode = 65001;
|
||||
cfg->dnscrypt = 0;
|
||||
cfg->dnscrypt_port = 0;
|
||||
cfg->dnscrypt_provider = NULL;
|
||||
|
@ -522,11 +524,12 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
else S_STR("tls-ciphersuites:", tls_ciphersuites)
|
||||
else S_YNO("tls-use-sni:", tls_use_sni)
|
||||
else S_NUMBER_NONZERO("https-port:", https_port)
|
||||
else S_STR("http-endpoint", http_endpoint)
|
||||
else S_NUMBER_NONZERO("http-max-streams", http_max_streams)
|
||||
else S_MEMSIZE("http-query-buffer-size", http_query_buffer_size)
|
||||
else S_MEMSIZE("http-response-buffer-size", http_response_buffer_size)
|
||||
else S_YNO("http-nodelay", http_nodelay)
|
||||
else S_STR("http-endpoint:", http_endpoint)
|
||||
else S_NUMBER_NONZERO("http-max-streams:", http_max_streams)
|
||||
else S_MEMSIZE("http-query-buffer-size:", http_query_buffer_size)
|
||||
else S_MEMSIZE("http-response-buffer-size:", http_response_buffer_size)
|
||||
else S_YNO("http-nodelay:", http_nodelay)
|
||||
else S_YNO("http-notls-downstream:", http_notls_downstream)
|
||||
else S_YNO("interface-automatic:", if_automatic)
|
||||
else S_YNO("use-systemd:", use_systemd)
|
||||
else S_YNO("do-daemonize:", do_daemonize)
|
||||
|
@ -562,10 +565,12 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val);
|
||||
RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt;
|
||||
}
|
||||
else S_YNO("infra-keep-probing:", infra_keep_probing)
|
||||
else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl)
|
||||
else S_POW2("infra-cache-slabs:", infra_cache_slabs)
|
||||
else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts)
|
||||
else S_NUMBER_OR_ZERO("delay-close:", delay_close)
|
||||
else S_YNO("udp-connect:", udp_connect)
|
||||
else S_STR("chroot:", chrootdir)
|
||||
else S_STR("username:", username)
|
||||
else S_STR("directory:", directory)
|
||||
|
@ -958,8 +963,10 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
else O_DEC(opt, "infra-host-ttl", host_ttl)
|
||||
else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs)
|
||||
else O_DEC(opt, "infra-cache-min-rtt", infra_cache_min_rtt)
|
||||
else O_YNO(opt, "infra-keep-probing", infra_keep_probing)
|
||||
else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts)
|
||||
else O_UNS(opt, "delay-close", delay_close)
|
||||
else O_YNO(opt, "udp-connect", udp_connect)
|
||||
else O_YNO(opt, "do-ip4", do_ip4)
|
||||
else O_YNO(opt, "do-ip6", do_ip6)
|
||||
else O_YNO(opt, "do-udp", do_udp)
|
||||
|
@ -990,6 +997,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
else O_MEM(opt, "http-query-buffer-size", http_query_buffer_size)
|
||||
else O_MEM(opt, "http-response-buffer-size", http_response_buffer_size)
|
||||
else O_YNO(opt, "http-nodelay", http_nodelay)
|
||||
else O_YNO(opt, "http-notls-downstream", http_notls_downstream)
|
||||
else O_YNO(opt, "use-systemd", use_systemd)
|
||||
else O_YNO(opt, "do-daemonize", do_daemonize)
|
||||
else O_STR(opt, "chroot", chrootdir)
|
||||
|
@ -1150,7 +1158,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
else O_LS3(opt, "access-control-tag-action", acl_tag_actions)
|
||||
else O_LS3(opt, "access-control-tag-data", acl_tag_datas)
|
||||
else O_LS2(opt, "access-control-view", acl_view)
|
||||
else O_LS2(opt, "edns-client-tags", edns_client_tags)
|
||||
else O_LS2(opt, "edns-client-strings", edns_client_strings)
|
||||
#ifdef USE_IPSECMOD
|
||||
else O_YNO(opt, "ipsecmod-enabled", ipsecmod_enabled)
|
||||
else O_YNO(opt, "ipsecmod-ignore-bogus", ipsecmod_ignore_bogus)
|
||||
|
@ -1519,7 +1527,7 @@ config_delete(struct config_file* cfg)
|
|||
config_deldblstrlist(cfg->ratelimit_below_domain);
|
||||
config_delstrlist(cfg->python_script);
|
||||
config_delstrlist(cfg->dynlib_file);
|
||||
config_deldblstrlist(cfg->edns_client_tags);
|
||||
config_deldblstrlist(cfg->edns_client_strings);
|
||||
#ifdef USE_IPSECMOD
|
||||
free(cfg->ipsecmod_hook);
|
||||
config_delstrlist(cfg->ipsecmod_whitelist);
|
||||
|
|
|
@ -143,6 +143,8 @@ struct config_file {
|
|||
size_t http_response_buffer_size;
|
||||
/** set TCP_NODELAY option for http sockets */
|
||||
int http_nodelay;
|
||||
/** Disable TLS for http sockets downstream */
|
||||
int http_notls_downstream;
|
||||
|
||||
/** outgoing port range number of ports (per thread) */
|
||||
int outgoing_num_ports;
|
||||
|
@ -179,8 +181,12 @@ struct config_file {
|
|||
size_t infra_cache_numhosts;
|
||||
/** min value for infra cache rtt */
|
||||
int infra_cache_min_rtt;
|
||||
/** keep probing hosts that are down */
|
||||
int infra_keep_probing;
|
||||
/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */
|
||||
int delay_close;
|
||||
/** udp_connect enable uses UDP connect to mitigate ICMP side channel */
|
||||
int udp_connect;
|
||||
|
||||
/** the target fetch policy for the iterator */
|
||||
char* target_fetch_policy;
|
||||
|
@ -562,10 +568,10 @@ struct config_file {
|
|||
/** SHM data - key for the shm */
|
||||
int shm_key;
|
||||
|
||||
/** list of EDNS client tag entries, linked list */
|
||||
struct config_str2list* edns_client_tags;
|
||||
/** EDNS opcode to use for EDNS client tags */
|
||||
uint16_t edns_client_tag_opcode;
|
||||
/** list of EDNS client string entries, linked list */
|
||||
struct config_str2list* edns_client_strings;
|
||||
/** EDNS opcode to use for EDNS client strings */
|
||||
uint16_t edns_client_string_opcode;
|
||||
|
||||
/** DNSCrypt */
|
||||
/** true to enable dnscrypt */
|
||||
|
|
6346
util/configlexer.c
6346
util/configlexer.c
File diff suppressed because it is too large
Load diff
|
@ -262,6 +262,7 @@ http-max-streams{COLON} { YDVAR(1, VAR_HTTP_MAX_STREAMS) }
|
|||
http-query-buffer-size{COLON} { YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) }
|
||||
http-response-buffer-size{COLON} { YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) }
|
||||
http-nodelay{COLON} { YDVAR(1, VAR_HTTP_NODELAY) }
|
||||
http-notls-downstream{COLON} { YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) }
|
||||
use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) }
|
||||
do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) }
|
||||
interface{COLON} { YDVAR(1, VAR_INTERFACE) }
|
||||
|
@ -296,9 +297,11 @@ infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) }
|
|||
infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }
|
||||
infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }
|
||||
infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) }
|
||||
infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) }
|
||||
num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
|
||||
jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
|
||||
delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) }
|
||||
udp-connect{COLON} { YDVAR(1, VAR_UDP_CONNECT) }
|
||||
target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) }
|
||||
harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) }
|
||||
harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) }
|
||||
|
@ -526,8 +529,8 @@ name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) }
|
|||
name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) }
|
||||
udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) }
|
||||
tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) }
|
||||
edns-client-tag{COLON} { YDVAR(2, VAR_EDNS_CLIENT_TAG) }
|
||||
edns-client-tag-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_TAG_OPCODE) }
|
||||
edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) }
|
||||
edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) }
|
||||
<INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; }
|
||||
|
||||
/* Quoted strings. Strip leading and ending quotes */
|
||||
|
|
3579
util/configparser.c
3579
util/configparser.c
File diff suppressed because it is too large
Load diff
|
@ -194,158 +194,161 @@ extern int yydebug;
|
|||
VAR_HTTP_QUERY_BUFFER_SIZE = 400,
|
||||
VAR_HTTP_RESPONSE_BUFFER_SIZE = 401,
|
||||
VAR_HTTP_NODELAY = 402,
|
||||
VAR_STUB_FIRST = 403,
|
||||
VAR_MINIMAL_RESPONSES = 404,
|
||||
VAR_RRSET_ROUNDROBIN = 405,
|
||||
VAR_MAX_UDP_SIZE = 406,
|
||||
VAR_DELAY_CLOSE = 407,
|
||||
VAR_UNBLOCK_LAN_ZONES = 408,
|
||||
VAR_INSECURE_LAN_ZONES = 409,
|
||||
VAR_INFRA_CACHE_MIN_RTT = 410,
|
||||
VAR_DNS64_PREFIX = 411,
|
||||
VAR_DNS64_SYNTHALL = 412,
|
||||
VAR_DNS64_IGNORE_AAAA = 413,
|
||||
VAR_DNSTAP = 414,
|
||||
VAR_DNSTAP_ENABLE = 415,
|
||||
VAR_DNSTAP_SOCKET_PATH = 416,
|
||||
VAR_DNSTAP_IP = 417,
|
||||
VAR_DNSTAP_TLS = 418,
|
||||
VAR_DNSTAP_TLS_SERVER_NAME = 419,
|
||||
VAR_DNSTAP_TLS_CERT_BUNDLE = 420,
|
||||
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 421,
|
||||
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 422,
|
||||
VAR_DNSTAP_SEND_IDENTITY = 423,
|
||||
VAR_DNSTAP_SEND_VERSION = 424,
|
||||
VAR_DNSTAP_BIDIRECTIONAL = 425,
|
||||
VAR_DNSTAP_IDENTITY = 426,
|
||||
VAR_DNSTAP_VERSION = 427,
|
||||
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 428,
|
||||
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 429,
|
||||
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 430,
|
||||
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 431,
|
||||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 432,
|
||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 433,
|
||||
VAR_RESPONSE_IP_TAG = 434,
|
||||
VAR_RESPONSE_IP = 435,
|
||||
VAR_RESPONSE_IP_DATA = 436,
|
||||
VAR_HARDEN_ALGO_DOWNGRADE = 437,
|
||||
VAR_IP_TRANSPARENT = 438,
|
||||
VAR_IP_DSCP = 439,
|
||||
VAR_DISABLE_DNSSEC_LAME_CHECK = 440,
|
||||
VAR_IP_RATELIMIT = 441,
|
||||
VAR_IP_RATELIMIT_SLABS = 442,
|
||||
VAR_IP_RATELIMIT_SIZE = 443,
|
||||
VAR_RATELIMIT = 444,
|
||||
VAR_RATELIMIT_SLABS = 445,
|
||||
VAR_RATELIMIT_SIZE = 446,
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 447,
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 448,
|
||||
VAR_IP_RATELIMIT_FACTOR = 449,
|
||||
VAR_RATELIMIT_FACTOR = 450,
|
||||
VAR_SEND_CLIENT_SUBNET = 451,
|
||||
VAR_CLIENT_SUBNET_ZONE = 452,
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 453,
|
||||
VAR_CLIENT_SUBNET_OPCODE = 454,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 455,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 456,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 457,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 458,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 459,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 460,
|
||||
VAR_CAPS_WHITELIST = 461,
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 462,
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 463,
|
||||
VAR_QNAME_MINIMISATION = 464,
|
||||
VAR_QNAME_MINIMISATION_STRICT = 465,
|
||||
VAR_IP_FREEBIND = 466,
|
||||
VAR_DEFINE_TAG = 467,
|
||||
VAR_LOCAL_ZONE_TAG = 468,
|
||||
VAR_ACCESS_CONTROL_TAG = 469,
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 470,
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 471,
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 472,
|
||||
VAR_VIEW = 473,
|
||||
VAR_ACCESS_CONTROL_VIEW = 474,
|
||||
VAR_VIEW_FIRST = 475,
|
||||
VAR_SERVE_EXPIRED = 476,
|
||||
VAR_SERVE_EXPIRED_TTL = 477,
|
||||
VAR_SERVE_EXPIRED_TTL_RESET = 478,
|
||||
VAR_SERVE_EXPIRED_REPLY_TTL = 479,
|
||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 480,
|
||||
VAR_FAKE_DSA = 481,
|
||||
VAR_FAKE_SHA1 = 482,
|
||||
VAR_LOG_IDENTITY = 483,
|
||||
VAR_HIDE_TRUSTANCHOR = 484,
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 485,
|
||||
VAR_AGGRESSIVE_NSEC = 486,
|
||||
VAR_USE_SYSTEMD = 487,
|
||||
VAR_SHM_ENABLE = 488,
|
||||
VAR_SHM_KEY = 489,
|
||||
VAR_ROOT_KEY_SENTINEL = 490,
|
||||
VAR_DNSCRYPT = 491,
|
||||
VAR_DNSCRYPT_ENABLE = 492,
|
||||
VAR_DNSCRYPT_PORT = 493,
|
||||
VAR_DNSCRYPT_PROVIDER = 494,
|
||||
VAR_DNSCRYPT_SECRET_KEY = 495,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 496,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 497,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 498,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 499,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 500,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 501,
|
||||
VAR_IPSECMOD_ENABLED = 502,
|
||||
VAR_IPSECMOD_HOOK = 503,
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 504,
|
||||
VAR_IPSECMOD_MAX_TTL = 505,
|
||||
VAR_IPSECMOD_WHITELIST = 506,
|
||||
VAR_IPSECMOD_STRICT = 507,
|
||||
VAR_CACHEDB = 508,
|
||||
VAR_CACHEDB_BACKEND = 509,
|
||||
VAR_CACHEDB_SECRETSEED = 510,
|
||||
VAR_CACHEDB_REDISHOST = 511,
|
||||
VAR_CACHEDB_REDISPORT = 512,
|
||||
VAR_CACHEDB_REDISTIMEOUT = 513,
|
||||
VAR_CACHEDB_REDISEXPIRERECORDS = 514,
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 515,
|
||||
VAR_FOR_UPSTREAM = 516,
|
||||
VAR_AUTH_ZONE = 517,
|
||||
VAR_ZONEFILE = 518,
|
||||
VAR_MASTER = 519,
|
||||
VAR_URL = 520,
|
||||
VAR_FOR_DOWNSTREAM = 521,
|
||||
VAR_FALLBACK_ENABLED = 522,
|
||||
VAR_TLS_ADDITIONAL_PORT = 523,
|
||||
VAR_LOW_RTT = 524,
|
||||
VAR_LOW_RTT_PERMIL = 525,
|
||||
VAR_FAST_SERVER_PERMIL = 526,
|
||||
VAR_FAST_SERVER_NUM = 527,
|
||||
VAR_ALLOW_NOTIFY = 528,
|
||||
VAR_TLS_WIN_CERT = 529,
|
||||
VAR_TCP_CONNECTION_LIMIT = 530,
|
||||
VAR_FORWARD_NO_CACHE = 531,
|
||||
VAR_STUB_NO_CACHE = 532,
|
||||
VAR_LOG_SERVFAIL = 533,
|
||||
VAR_DENY_ANY = 534,
|
||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 535,
|
||||
VAR_LOG_TAG_QUERYREPLY = 536,
|
||||
VAR_STREAM_WAIT_SIZE = 537,
|
||||
VAR_TLS_CIPHERS = 538,
|
||||
VAR_TLS_CIPHERSUITES = 539,
|
||||
VAR_TLS_USE_SNI = 540,
|
||||
VAR_IPSET = 541,
|
||||
VAR_IPSET_NAME_V4 = 542,
|
||||
VAR_IPSET_NAME_V6 = 543,
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 544,
|
||||
VAR_RPZ = 545,
|
||||
VAR_TAGS = 546,
|
||||
VAR_RPZ_ACTION_OVERRIDE = 547,
|
||||
VAR_RPZ_CNAME_OVERRIDE = 548,
|
||||
VAR_RPZ_LOG = 549,
|
||||
VAR_RPZ_LOG_NAME = 550,
|
||||
VAR_DYNLIB = 551,
|
||||
VAR_DYNLIB_FILE = 552,
|
||||
VAR_EDNS_CLIENT_TAG = 553,
|
||||
VAR_EDNS_CLIENT_TAG_OPCODE = 554
|
||||
VAR_HTTP_NOTLS_DOWNSTREAM = 403,
|
||||
VAR_STUB_FIRST = 404,
|
||||
VAR_MINIMAL_RESPONSES = 405,
|
||||
VAR_RRSET_ROUNDROBIN = 406,
|
||||
VAR_MAX_UDP_SIZE = 407,
|
||||
VAR_DELAY_CLOSE = 408,
|
||||
VAR_UDP_CONNECT = 409,
|
||||
VAR_UNBLOCK_LAN_ZONES = 410,
|
||||
VAR_INSECURE_LAN_ZONES = 411,
|
||||
VAR_INFRA_CACHE_MIN_RTT = 412,
|
||||
VAR_INFRA_KEEP_PROBING = 413,
|
||||
VAR_DNS64_PREFIX = 414,
|
||||
VAR_DNS64_SYNTHALL = 415,
|
||||
VAR_DNS64_IGNORE_AAAA = 416,
|
||||
VAR_DNSTAP = 417,
|
||||
VAR_DNSTAP_ENABLE = 418,
|
||||
VAR_DNSTAP_SOCKET_PATH = 419,
|
||||
VAR_DNSTAP_IP = 420,
|
||||
VAR_DNSTAP_TLS = 421,
|
||||
VAR_DNSTAP_TLS_SERVER_NAME = 422,
|
||||
VAR_DNSTAP_TLS_CERT_BUNDLE = 423,
|
||||
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424,
|
||||
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425,
|
||||
VAR_DNSTAP_SEND_IDENTITY = 426,
|
||||
VAR_DNSTAP_SEND_VERSION = 427,
|
||||
VAR_DNSTAP_BIDIRECTIONAL = 428,
|
||||
VAR_DNSTAP_IDENTITY = 429,
|
||||
VAR_DNSTAP_VERSION = 430,
|
||||
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431,
|
||||
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432,
|
||||
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433,
|
||||
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434,
|
||||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435,
|
||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436,
|
||||
VAR_RESPONSE_IP_TAG = 437,
|
||||
VAR_RESPONSE_IP = 438,
|
||||
VAR_RESPONSE_IP_DATA = 439,
|
||||
VAR_HARDEN_ALGO_DOWNGRADE = 440,
|
||||
VAR_IP_TRANSPARENT = 441,
|
||||
VAR_IP_DSCP = 442,
|
||||
VAR_DISABLE_DNSSEC_LAME_CHECK = 443,
|
||||
VAR_IP_RATELIMIT = 444,
|
||||
VAR_IP_RATELIMIT_SLABS = 445,
|
||||
VAR_IP_RATELIMIT_SIZE = 446,
|
||||
VAR_RATELIMIT = 447,
|
||||
VAR_RATELIMIT_SLABS = 448,
|
||||
VAR_RATELIMIT_SIZE = 449,
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 450,
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 451,
|
||||
VAR_IP_RATELIMIT_FACTOR = 452,
|
||||
VAR_RATELIMIT_FACTOR = 453,
|
||||
VAR_SEND_CLIENT_SUBNET = 454,
|
||||
VAR_CLIENT_SUBNET_ZONE = 455,
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456,
|
||||
VAR_CLIENT_SUBNET_OPCODE = 457,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 458,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 459,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 460,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 461,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 462,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 463,
|
||||
VAR_CAPS_WHITELIST = 464,
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 465,
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 466,
|
||||
VAR_QNAME_MINIMISATION = 467,
|
||||
VAR_QNAME_MINIMISATION_STRICT = 468,
|
||||
VAR_IP_FREEBIND = 469,
|
||||
VAR_DEFINE_TAG = 470,
|
||||
VAR_LOCAL_ZONE_TAG = 471,
|
||||
VAR_ACCESS_CONTROL_TAG = 472,
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 473,
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 474,
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 475,
|
||||
VAR_VIEW = 476,
|
||||
VAR_ACCESS_CONTROL_VIEW = 477,
|
||||
VAR_VIEW_FIRST = 478,
|
||||
VAR_SERVE_EXPIRED = 479,
|
||||
VAR_SERVE_EXPIRED_TTL = 480,
|
||||
VAR_SERVE_EXPIRED_TTL_RESET = 481,
|
||||
VAR_SERVE_EXPIRED_REPLY_TTL = 482,
|
||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483,
|
||||
VAR_FAKE_DSA = 484,
|
||||
VAR_FAKE_SHA1 = 485,
|
||||
VAR_LOG_IDENTITY = 486,
|
||||
VAR_HIDE_TRUSTANCHOR = 487,
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 488,
|
||||
VAR_AGGRESSIVE_NSEC = 489,
|
||||
VAR_USE_SYSTEMD = 490,
|
||||
VAR_SHM_ENABLE = 491,
|
||||
VAR_SHM_KEY = 492,
|
||||
VAR_ROOT_KEY_SENTINEL = 493,
|
||||
VAR_DNSCRYPT = 494,
|
||||
VAR_DNSCRYPT_ENABLE = 495,
|
||||
VAR_DNSCRYPT_PORT = 496,
|
||||
VAR_DNSCRYPT_PROVIDER = 497,
|
||||
VAR_DNSCRYPT_SECRET_KEY = 498,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 499,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 500,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 501,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 502,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 503,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 504,
|
||||
VAR_IPSECMOD_ENABLED = 505,
|
||||
VAR_IPSECMOD_HOOK = 506,
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 507,
|
||||
VAR_IPSECMOD_MAX_TTL = 508,
|
||||
VAR_IPSECMOD_WHITELIST = 509,
|
||||
VAR_IPSECMOD_STRICT = 510,
|
||||
VAR_CACHEDB = 511,
|
||||
VAR_CACHEDB_BACKEND = 512,
|
||||
VAR_CACHEDB_SECRETSEED = 513,
|
||||
VAR_CACHEDB_REDISHOST = 514,
|
||||
VAR_CACHEDB_REDISPORT = 515,
|
||||
VAR_CACHEDB_REDISTIMEOUT = 516,
|
||||
VAR_CACHEDB_REDISEXPIRERECORDS = 517,
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 518,
|
||||
VAR_FOR_UPSTREAM = 519,
|
||||
VAR_AUTH_ZONE = 520,
|
||||
VAR_ZONEFILE = 521,
|
||||
VAR_MASTER = 522,
|
||||
VAR_URL = 523,
|
||||
VAR_FOR_DOWNSTREAM = 524,
|
||||
VAR_FALLBACK_ENABLED = 525,
|
||||
VAR_TLS_ADDITIONAL_PORT = 526,
|
||||
VAR_LOW_RTT = 527,
|
||||
VAR_LOW_RTT_PERMIL = 528,
|
||||
VAR_FAST_SERVER_PERMIL = 529,
|
||||
VAR_FAST_SERVER_NUM = 530,
|
||||
VAR_ALLOW_NOTIFY = 531,
|
||||
VAR_TLS_WIN_CERT = 532,
|
||||
VAR_TCP_CONNECTION_LIMIT = 533,
|
||||
VAR_FORWARD_NO_CACHE = 534,
|
||||
VAR_STUB_NO_CACHE = 535,
|
||||
VAR_LOG_SERVFAIL = 536,
|
||||
VAR_DENY_ANY = 537,
|
||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 538,
|
||||
VAR_LOG_TAG_QUERYREPLY = 539,
|
||||
VAR_STREAM_WAIT_SIZE = 540,
|
||||
VAR_TLS_CIPHERS = 541,
|
||||
VAR_TLS_CIPHERSUITES = 542,
|
||||
VAR_TLS_USE_SNI = 543,
|
||||
VAR_IPSET = 544,
|
||||
VAR_IPSET_NAME_V4 = 545,
|
||||
VAR_IPSET_NAME_V6 = 546,
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 547,
|
||||
VAR_RPZ = 548,
|
||||
VAR_TAGS = 549,
|
||||
VAR_RPZ_ACTION_OVERRIDE = 550,
|
||||
VAR_RPZ_CNAME_OVERRIDE = 551,
|
||||
VAR_RPZ_LOG = 552,
|
||||
VAR_RPZ_LOG_NAME = 553,
|
||||
VAR_DYNLIB = 554,
|
||||
VAR_DYNLIB_FILE = 555,
|
||||
VAR_EDNS_CLIENT_STRING = 556,
|
||||
VAR_EDNS_CLIENT_STRING_OPCODE = 557
|
||||
};
|
||||
#endif
|
||||
/* Tokens. */
|
||||
|
@ -494,158 +497,161 @@ extern int yydebug;
|
|||
#define VAR_HTTP_QUERY_BUFFER_SIZE 400
|
||||
#define VAR_HTTP_RESPONSE_BUFFER_SIZE 401
|
||||
#define VAR_HTTP_NODELAY 402
|
||||
#define VAR_STUB_FIRST 403
|
||||
#define VAR_MINIMAL_RESPONSES 404
|
||||
#define VAR_RRSET_ROUNDROBIN 405
|
||||
#define VAR_MAX_UDP_SIZE 406
|
||||
#define VAR_DELAY_CLOSE 407
|
||||
#define VAR_UNBLOCK_LAN_ZONES 408
|
||||
#define VAR_INSECURE_LAN_ZONES 409
|
||||
#define VAR_INFRA_CACHE_MIN_RTT 410
|
||||
#define VAR_DNS64_PREFIX 411
|
||||
#define VAR_DNS64_SYNTHALL 412
|
||||
#define VAR_DNS64_IGNORE_AAAA 413
|
||||
#define VAR_DNSTAP 414
|
||||
#define VAR_DNSTAP_ENABLE 415
|
||||
#define VAR_DNSTAP_SOCKET_PATH 416
|
||||
#define VAR_DNSTAP_IP 417
|
||||
#define VAR_DNSTAP_TLS 418
|
||||
#define VAR_DNSTAP_TLS_SERVER_NAME 419
|
||||
#define VAR_DNSTAP_TLS_CERT_BUNDLE 420
|
||||
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 421
|
||||
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 422
|
||||
#define VAR_DNSTAP_SEND_IDENTITY 423
|
||||
#define VAR_DNSTAP_SEND_VERSION 424
|
||||
#define VAR_DNSTAP_BIDIRECTIONAL 425
|
||||
#define VAR_DNSTAP_IDENTITY 426
|
||||
#define VAR_DNSTAP_VERSION 427
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 428
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 429
|
||||
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 430
|
||||
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 431
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 432
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 433
|
||||
#define VAR_RESPONSE_IP_TAG 434
|
||||
#define VAR_RESPONSE_IP 435
|
||||
#define VAR_RESPONSE_IP_DATA 436
|
||||
#define VAR_HARDEN_ALGO_DOWNGRADE 437
|
||||
#define VAR_IP_TRANSPARENT 438
|
||||
#define VAR_IP_DSCP 439
|
||||
#define VAR_DISABLE_DNSSEC_LAME_CHECK 440
|
||||
#define VAR_IP_RATELIMIT 441
|
||||
#define VAR_IP_RATELIMIT_SLABS 442
|
||||
#define VAR_IP_RATELIMIT_SIZE 443
|
||||
#define VAR_RATELIMIT 444
|
||||
#define VAR_RATELIMIT_SLABS 445
|
||||
#define VAR_RATELIMIT_SIZE 446
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 447
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 448
|
||||
#define VAR_IP_RATELIMIT_FACTOR 449
|
||||
#define VAR_RATELIMIT_FACTOR 450
|
||||
#define VAR_SEND_CLIENT_SUBNET 451
|
||||
#define VAR_CLIENT_SUBNET_ZONE 452
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 453
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 454
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 455
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 456
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 457
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 458
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 459
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 460
|
||||
#define VAR_CAPS_WHITELIST 461
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 462
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 463
|
||||
#define VAR_QNAME_MINIMISATION 464
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 465
|
||||
#define VAR_IP_FREEBIND 466
|
||||
#define VAR_DEFINE_TAG 467
|
||||
#define VAR_LOCAL_ZONE_TAG 468
|
||||
#define VAR_ACCESS_CONTROL_TAG 469
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 470
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 471
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 472
|
||||
#define VAR_VIEW 473
|
||||
#define VAR_ACCESS_CONTROL_VIEW 474
|
||||
#define VAR_VIEW_FIRST 475
|
||||
#define VAR_SERVE_EXPIRED 476
|
||||
#define VAR_SERVE_EXPIRED_TTL 477
|
||||
#define VAR_SERVE_EXPIRED_TTL_RESET 478
|
||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 479
|
||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 480
|
||||
#define VAR_FAKE_DSA 481
|
||||
#define VAR_FAKE_SHA1 482
|
||||
#define VAR_LOG_IDENTITY 483
|
||||
#define VAR_HIDE_TRUSTANCHOR 484
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 485
|
||||
#define VAR_AGGRESSIVE_NSEC 486
|
||||
#define VAR_USE_SYSTEMD 487
|
||||
#define VAR_SHM_ENABLE 488
|
||||
#define VAR_SHM_KEY 489
|
||||
#define VAR_ROOT_KEY_SENTINEL 490
|
||||
#define VAR_DNSCRYPT 491
|
||||
#define VAR_DNSCRYPT_ENABLE 492
|
||||
#define VAR_DNSCRYPT_PORT 493
|
||||
#define VAR_DNSCRYPT_PROVIDER 494
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 495
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 496
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 497
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 498
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 499
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 500
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 501
|
||||
#define VAR_IPSECMOD_ENABLED 502
|
||||
#define VAR_IPSECMOD_HOOK 503
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 504
|
||||
#define VAR_IPSECMOD_MAX_TTL 505
|
||||
#define VAR_IPSECMOD_WHITELIST 506
|
||||
#define VAR_IPSECMOD_STRICT 507
|
||||
#define VAR_CACHEDB 508
|
||||
#define VAR_CACHEDB_BACKEND 509
|
||||
#define VAR_CACHEDB_SECRETSEED 510
|
||||
#define VAR_CACHEDB_REDISHOST 511
|
||||
#define VAR_CACHEDB_REDISPORT 512
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 513
|
||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 514
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 515
|
||||
#define VAR_FOR_UPSTREAM 516
|
||||
#define VAR_AUTH_ZONE 517
|
||||
#define VAR_ZONEFILE 518
|
||||
#define VAR_MASTER 519
|
||||
#define VAR_URL 520
|
||||
#define VAR_FOR_DOWNSTREAM 521
|
||||
#define VAR_FALLBACK_ENABLED 522
|
||||
#define VAR_TLS_ADDITIONAL_PORT 523
|
||||
#define VAR_LOW_RTT 524
|
||||
#define VAR_LOW_RTT_PERMIL 525
|
||||
#define VAR_FAST_SERVER_PERMIL 526
|
||||
#define VAR_FAST_SERVER_NUM 527
|
||||
#define VAR_ALLOW_NOTIFY 528
|
||||
#define VAR_TLS_WIN_CERT 529
|
||||
#define VAR_TCP_CONNECTION_LIMIT 530
|
||||
#define VAR_FORWARD_NO_CACHE 531
|
||||
#define VAR_STUB_NO_CACHE 532
|
||||
#define VAR_LOG_SERVFAIL 533
|
||||
#define VAR_DENY_ANY 534
|
||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 535
|
||||
#define VAR_LOG_TAG_QUERYREPLY 536
|
||||
#define VAR_STREAM_WAIT_SIZE 537
|
||||
#define VAR_TLS_CIPHERS 538
|
||||
#define VAR_TLS_CIPHERSUITES 539
|
||||
#define VAR_TLS_USE_SNI 540
|
||||
#define VAR_IPSET 541
|
||||
#define VAR_IPSET_NAME_V4 542
|
||||
#define VAR_IPSET_NAME_V6 543
|
||||
#define VAR_TLS_SESSION_TICKET_KEYS 544
|
||||
#define VAR_RPZ 545
|
||||
#define VAR_TAGS 546
|
||||
#define VAR_RPZ_ACTION_OVERRIDE 547
|
||||
#define VAR_RPZ_CNAME_OVERRIDE 548
|
||||
#define VAR_RPZ_LOG 549
|
||||
#define VAR_RPZ_LOG_NAME 550
|
||||
#define VAR_DYNLIB 551
|
||||
#define VAR_DYNLIB_FILE 552
|
||||
#define VAR_EDNS_CLIENT_TAG 553
|
||||
#define VAR_EDNS_CLIENT_TAG_OPCODE 554
|
||||
#define VAR_HTTP_NOTLS_DOWNSTREAM 403
|
||||
#define VAR_STUB_FIRST 404
|
||||
#define VAR_MINIMAL_RESPONSES 405
|
||||
#define VAR_RRSET_ROUNDROBIN 406
|
||||
#define VAR_MAX_UDP_SIZE 407
|
||||
#define VAR_DELAY_CLOSE 408
|
||||
#define VAR_UDP_CONNECT 409
|
||||
#define VAR_UNBLOCK_LAN_ZONES 410
|
||||
#define VAR_INSECURE_LAN_ZONES 411
|
||||
#define VAR_INFRA_CACHE_MIN_RTT 412
|
||||
#define VAR_INFRA_KEEP_PROBING 413
|
||||
#define VAR_DNS64_PREFIX 414
|
||||
#define VAR_DNS64_SYNTHALL 415
|
||||
#define VAR_DNS64_IGNORE_AAAA 416
|
||||
#define VAR_DNSTAP 417
|
||||
#define VAR_DNSTAP_ENABLE 418
|
||||
#define VAR_DNSTAP_SOCKET_PATH 419
|
||||
#define VAR_DNSTAP_IP 420
|
||||
#define VAR_DNSTAP_TLS 421
|
||||
#define VAR_DNSTAP_TLS_SERVER_NAME 422
|
||||
#define VAR_DNSTAP_TLS_CERT_BUNDLE 423
|
||||
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424
|
||||
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425
|
||||
#define VAR_DNSTAP_SEND_IDENTITY 426
|
||||
#define VAR_DNSTAP_SEND_VERSION 427
|
||||
#define VAR_DNSTAP_BIDIRECTIONAL 428
|
||||
#define VAR_DNSTAP_IDENTITY 429
|
||||
#define VAR_DNSTAP_VERSION 430
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432
|
||||
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433
|
||||
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436
|
||||
#define VAR_RESPONSE_IP_TAG 437
|
||||
#define VAR_RESPONSE_IP 438
|
||||
#define VAR_RESPONSE_IP_DATA 439
|
||||
#define VAR_HARDEN_ALGO_DOWNGRADE 440
|
||||
#define VAR_IP_TRANSPARENT 441
|
||||
#define VAR_IP_DSCP 442
|
||||
#define VAR_DISABLE_DNSSEC_LAME_CHECK 443
|
||||
#define VAR_IP_RATELIMIT 444
|
||||
#define VAR_IP_RATELIMIT_SLABS 445
|
||||
#define VAR_IP_RATELIMIT_SIZE 446
|
||||
#define VAR_RATELIMIT 447
|
||||
#define VAR_RATELIMIT_SLABS 448
|
||||
#define VAR_RATELIMIT_SIZE 449
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 450
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 451
|
||||
#define VAR_IP_RATELIMIT_FACTOR 452
|
||||
#define VAR_RATELIMIT_FACTOR 453
|
||||
#define VAR_SEND_CLIENT_SUBNET 454
|
||||
#define VAR_CLIENT_SUBNET_ZONE 455
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 457
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 458
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 459
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 460
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 461
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 462
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 463
|
||||
#define VAR_CAPS_WHITELIST 464
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 465
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 466
|
||||
#define VAR_QNAME_MINIMISATION 467
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 468
|
||||
#define VAR_IP_FREEBIND 469
|
||||
#define VAR_DEFINE_TAG 470
|
||||
#define VAR_LOCAL_ZONE_TAG 471
|
||||
#define VAR_ACCESS_CONTROL_TAG 472
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 473
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 474
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 475
|
||||
#define VAR_VIEW 476
|
||||
#define VAR_ACCESS_CONTROL_VIEW 477
|
||||
#define VAR_VIEW_FIRST 478
|
||||
#define VAR_SERVE_EXPIRED 479
|
||||
#define VAR_SERVE_EXPIRED_TTL 480
|
||||
#define VAR_SERVE_EXPIRED_TTL_RESET 481
|
||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 482
|
||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483
|
||||
#define VAR_FAKE_DSA 484
|
||||
#define VAR_FAKE_SHA1 485
|
||||
#define VAR_LOG_IDENTITY 486
|
||||
#define VAR_HIDE_TRUSTANCHOR 487
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 488
|
||||
#define VAR_AGGRESSIVE_NSEC 489
|
||||
#define VAR_USE_SYSTEMD 490
|
||||
#define VAR_SHM_ENABLE 491
|
||||
#define VAR_SHM_KEY 492
|
||||
#define VAR_ROOT_KEY_SENTINEL 493
|
||||
#define VAR_DNSCRYPT 494
|
||||
#define VAR_DNSCRYPT_ENABLE 495
|
||||
#define VAR_DNSCRYPT_PORT 496
|
||||
#define VAR_DNSCRYPT_PROVIDER 497
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 498
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 499
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 500
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 501
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 502
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 503
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 504
|
||||
#define VAR_IPSECMOD_ENABLED 505
|
||||
#define VAR_IPSECMOD_HOOK 506
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 507
|
||||
#define VAR_IPSECMOD_MAX_TTL 508
|
||||
#define VAR_IPSECMOD_WHITELIST 509
|
||||
#define VAR_IPSECMOD_STRICT 510
|
||||
#define VAR_CACHEDB 511
|
||||
#define VAR_CACHEDB_BACKEND 512
|
||||
#define VAR_CACHEDB_SECRETSEED 513
|
||||
#define VAR_CACHEDB_REDISHOST 514
|
||||
#define VAR_CACHEDB_REDISPORT 515
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 516
|
||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 517
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 518
|
||||
#define VAR_FOR_UPSTREAM 519
|
||||
#define VAR_AUTH_ZONE 520
|
||||
#define VAR_ZONEFILE 521
|
||||
#define VAR_MASTER 522
|
||||
#define VAR_URL 523
|
||||
#define VAR_FOR_DOWNSTREAM 524
|
||||
#define VAR_FALLBACK_ENABLED 525
|
||||
#define VAR_TLS_ADDITIONAL_PORT 526
|
||||
#define VAR_LOW_RTT 527
|
||||
#define VAR_LOW_RTT_PERMIL 528
|
||||
#define VAR_FAST_SERVER_PERMIL 529
|
||||
#define VAR_FAST_SERVER_NUM 530
|
||||
#define VAR_ALLOW_NOTIFY 531
|
||||
#define VAR_TLS_WIN_CERT 532
|
||||
#define VAR_TCP_CONNECTION_LIMIT 533
|
||||
#define VAR_FORWARD_NO_CACHE 534
|
||||
#define VAR_STUB_NO_CACHE 535
|
||||
#define VAR_LOG_SERVFAIL 536
|
||||
#define VAR_DENY_ANY 537
|
||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 538
|
||||
#define VAR_LOG_TAG_QUERYREPLY 539
|
||||
#define VAR_STREAM_WAIT_SIZE 540
|
||||
#define VAR_TLS_CIPHERS 541
|
||||
#define VAR_TLS_CIPHERSUITES 542
|
||||
#define VAR_TLS_USE_SNI 543
|
||||
#define VAR_IPSET 544
|
||||
#define VAR_IPSET_NAME_V4 545
|
||||
#define VAR_IPSET_NAME_V6 546
|
||||
#define VAR_TLS_SESSION_TICKET_KEYS 547
|
||||
#define VAR_RPZ 548
|
||||
#define VAR_TAGS 549
|
||||
#define VAR_RPZ_ACTION_OVERRIDE 550
|
||||
#define VAR_RPZ_CNAME_OVERRIDE 551
|
||||
#define VAR_RPZ_LOG 552
|
||||
#define VAR_RPZ_LOG_NAME 553
|
||||
#define VAR_DYNLIB 554
|
||||
#define VAR_DYNLIB_FILE 555
|
||||
#define VAR_EDNS_CLIENT_STRING 556
|
||||
#define VAR_EDNS_CLIENT_STRING_OPCODE 557
|
||||
|
||||
/* Value type. */
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
|
@ -655,7 +661,7 @@ union YYSTYPE
|
|||
|
||||
char* str;
|
||||
|
||||
#line 659 "util/configparser.h"
|
||||
#line 665 "util/configparser.h"
|
||||
|
||||
};
|
||||
typedef union YYSTYPE YYSTYPE;
|
||||
|
|
|
@ -114,11 +114,11 @@ extern struct config_parser_state* cfg_parser;
|
|||
%token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
|
||||
%token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
|
||||
%token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
|
||||
%token VAR_HTTP_NODELAY
|
||||
%token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
|
||||
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
|
||||
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
|
||||
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
|
||||
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
|
||||
%token VAR_INFRA_CACHE_MIN_RTT
|
||||
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
|
||||
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
|
||||
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
|
||||
%token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
|
||||
|
@ -178,7 +178,8 @@ extern struct config_parser_state* cfg_parser;
|
|||
%token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6
|
||||
%token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE
|
||||
%token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME
|
||||
%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_TAG VAR_EDNS_CLIENT_TAG_OPCODE
|
||||
%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING
|
||||
%token VAR_EDNS_CLIENT_STRING_OPCODE
|
||||
|
||||
%%
|
||||
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
|
||||
|
@ -249,14 +250,14 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||
server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
|
||||
server_https_port | server_http_endpoint | server_http_max_streams |
|
||||
server_http_query_buffer_size | server_http_response_buffer_size |
|
||||
server_http_nodelay |
|
||||
server_http_nodelay | server_http_notls_downstream |
|
||||
server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
|
||||
server_so_reuseport | server_delay_close |
|
||||
server_so_reuseport | server_delay_close | server_udp_connect |
|
||||
server_unblock_lan_zones | server_insecure_lan_zones |
|
||||
server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
|
||||
server_infra_cache_min_rtt | server_harden_algo_downgrade |
|
||||
server_ip_transparent | server_ip_ratelimit | server_ratelimit |
|
||||
server_ip_dscp |
|
||||
server_ip_dscp | server_infra_keep_probing |
|
||||
server_ip_ratelimit_slabs | server_ratelimit_slabs |
|
||||
server_ip_ratelimit_size | server_ratelimit_size |
|
||||
server_ratelimit_for_domain |
|
||||
|
@ -291,8 +292,8 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||
server_unknown_server_time_limit | server_log_tag_queryreply |
|
||||
server_stream_wait_size | server_tls_ciphers |
|
||||
server_tls_ciphersuites | server_tls_session_ticket_keys |
|
||||
server_tls_use_sni | server_edns_client_tag |
|
||||
server_edns_client_tag_opcode
|
||||
server_tls_use_sni | server_edns_client_string |
|
||||
server_edns_client_string_opcode
|
||||
;
|
||||
stubstart: VAR_STUB_ZONE
|
||||
{
|
||||
|
@ -982,6 +983,7 @@ server_https_port: VAR_HTTPS_PORT STRING_ARG
|
|||
if(atoi($2) == 0)
|
||||
yyerror("port number expected");
|
||||
else cfg_parser->cfg->https_port = atoi($2);
|
||||
free($2);
|
||||
};
|
||||
server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
|
||||
{
|
||||
|
@ -1030,6 +1032,14 @@ server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG
|
|||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0);
|
||||
free($2);
|
||||
}
|
||||
server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_http_notls_downstream:%s)\n", $2));
|
||||
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0);
|
||||
free($2);
|
||||
};
|
||||
server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
|
||||
{
|
||||
|
@ -1434,6 +1444,15 @@ server_delay_close: VAR_DELAY_CLOSE STRING_ARG
|
|||
free($2);
|
||||
}
|
||||
;
|
||||
server_udp_connect: VAR_UDP_CONNECT STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_udp_connect:%s)\n", $2));
|
||||
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
|
||||
|
@ -1531,6 +1550,16 @@ server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
|
|||
free($2);
|
||||
}
|
||||
;
|
||||
server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
|
||||
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->infra_keep_probing =
|
||||
(strcmp($2, "yes")==0);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
|
||||
|
@ -2465,29 +2494,24 @@ server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG
|
|||
#endif
|
||||
}
|
||||
;
|
||||
server_edns_client_tag: VAR_EDNS_CLIENT_TAG STRING_ARG STRING_ARG
|
||||
server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG
|
||||
{
|
||||
int tag_data;
|
||||
OUTYY(("P(server_edns_client_tag:%s %s)\n", $2, $3));
|
||||
tag_data = atoi($3);
|
||||
if(tag_data > 65535 || tag_data < 0 ||
|
||||
(tag_data == 0 && (strlen($3) != 1 || $3[0] != '0')))
|
||||
yyerror("edns-client-tag data invalid, needs to be a "
|
||||
"number from 0 to 65535");
|
||||
OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3));
|
||||
if(!cfg_str2list_insert(
|
||||
&cfg_parser->cfg->edns_client_tags, $2, $3))
|
||||
&cfg_parser->cfg->edns_client_strings, $2, $3))
|
||||
fatal_exit("out of memory adding "
|
||||
"edns-client-tag");
|
||||
"edns-client-string");
|
||||
}
|
||||
;
|
||||
server_edns_client_tag_opcode: VAR_EDNS_CLIENT_TAG_OPCODE STRING_ARG
|
||||
server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG
|
||||
{
|
||||
OUTYY(("P(edns_client_tag_opcode:%s)\n", $2));
|
||||
OUTYY(("P(edns_client_string_opcode:%s)\n", $2));
|
||||
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||
yyerror("option code expected");
|
||||
else if(atoi($2) > 65535 || atoi($2) < 0)
|
||||
yyerror("option code must be in interval [0, 65535]");
|
||||
else cfg_parser->cfg->edns_client_tag_opcode = atoi($2);
|
||||
else cfg_parser->cfg->edns_client_string_opcode = atoi($2);
|
||||
free($2);
|
||||
|
||||
}
|
||||
;
|
||||
|
|
|
@ -624,6 +624,9 @@ positive_answer(struct reply_info* rep, uint16_t qtype) {
|
|||
|
||||
for(i=0;i<rep->an_numrrsets; i++) {
|
||||
if(ntohs(rep->rrsets[i]->rk.type) == qtype) {
|
||||
/* for priming queries, type NS, include addresses */
|
||||
if(qtype == LDNS_RR_TYPE_NS)
|
||||
return 0;
|
||||
/* in case it is a wildcard with DNSSEC, there will
|
||||
* be NSEC/NSEC3 records in the authority section
|
||||
* that we cannot remove */
|
||||
|
|
|
@ -552,7 +552,7 @@ struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code);
|
|||
* @param rep: Reply info. Could be NULL.
|
||||
* @param rcode: return code.
|
||||
* @param edns: edns data of the reply.
|
||||
* @param repinfo: comm_reply. NULL.
|
||||
* @param repinfo: comm_reply. Reply information for a communication point.
|
||||
* @param region: region to store data.
|
||||
* @return false on failure (a callback function returned an error).
|
||||
*/
|
||||
|
|
73
util/edns.c
73
util/edns.c
|
@ -48,81 +48,84 @@
|
|||
#include "util/data/msgparse.h"
|
||||
#include "util/data/msgreply.h"
|
||||
|
||||
struct edns_tags* edns_tags_create(void)
|
||||
struct edns_strings* edns_strings_create(void)
|
||||
{
|
||||
struct edns_tags* edns_tags = calloc(1, sizeof(struct edns_tags));
|
||||
if(!edns_tags)
|
||||
struct edns_strings* edns_strings = calloc(1,
|
||||
sizeof(struct edns_strings));
|
||||
if(!edns_strings)
|
||||
return NULL;
|
||||
if(!(edns_tags->region = regional_create())) {
|
||||
edns_tags_delete(edns_tags);
|
||||
if(!(edns_strings->region = regional_create())) {
|
||||
edns_strings_delete(edns_strings);
|
||||
return NULL;
|
||||
}
|
||||
return edns_tags;
|
||||
return edns_strings;
|
||||
}
|
||||
|
||||
void edns_tags_delete(struct edns_tags* edns_tags)
|
||||
void edns_strings_delete(struct edns_strings* edns_strings)
|
||||
{
|
||||
if(!edns_tags)
|
||||
if(!edns_strings)
|
||||
return;
|
||||
regional_destroy(edns_tags->region);
|
||||
free(edns_tags);
|
||||
regional_destroy(edns_strings->region);
|
||||
free(edns_strings);
|
||||
}
|
||||
|
||||
static int
|
||||
edns_tags_client_insert(struct edns_tags* edns_tags,
|
||||
edns_strings_client_insert(struct edns_strings* edns_strings,
|
||||
struct sockaddr_storage* addr, socklen_t addrlen, int net,
|
||||
uint16_t tag_data)
|
||||
const char* string)
|
||||
{
|
||||
struct edns_tag_addr* eta = regional_alloc_zero(edns_tags->region,
|
||||
sizeof(struct edns_tag_addr));
|
||||
if(!eta)
|
||||
struct edns_string_addr* esa = regional_alloc_zero(edns_strings->region,
|
||||
sizeof(struct edns_string_addr));
|
||||
if(!esa)
|
||||
return 0;
|
||||
eta->tag_data = tag_data;
|
||||
if(!addr_tree_insert(&edns_tags->client_tags, &eta->node, addr, addrlen,
|
||||
net)) {
|
||||
verbose(VERB_QUERY, "duplicate EDNS client tag ignored.");
|
||||
esa->string_len = strlen(string);
|
||||
esa->string = regional_alloc_init(edns_strings->region, string,
|
||||
esa->string_len);
|
||||
if(!esa->string)
|
||||
return 0;
|
||||
if(!addr_tree_insert(&edns_strings->client_strings, &esa->node, addr,
|
||||
addrlen, net)) {
|
||||
verbose(VERB_QUERY, "duplicate EDNS client string ignored.");
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int edns_tags_apply_cfg(struct edns_tags* edns_tags,
|
||||
int edns_strings_apply_cfg(struct edns_strings* edns_strings,
|
||||
struct config_file* config)
|
||||
{
|
||||
struct config_str2list* c;
|
||||
regional_free_all(edns_tags->region);
|
||||
addr_tree_init(&edns_tags->client_tags);
|
||||
regional_free_all(edns_strings->region);
|
||||
addr_tree_init(&edns_strings->client_strings);
|
||||
|
||||
for(c=config->edns_client_tags; c; c=c->next) {
|
||||
for(c=config->edns_client_strings; c; c=c->next) {
|
||||
struct sockaddr_storage addr;
|
||||
socklen_t addrlen;
|
||||
int net;
|
||||
uint16_t tag_data;
|
||||
log_assert(c->str && c->str2);
|
||||
|
||||
if(!netblockstrtoaddr(c->str, UNBOUND_DNS_PORT, &addr, &addrlen,
|
||||
&net)) {
|
||||
log_err("cannot parse EDNS client tag IP netblock: %s",
|
||||
c->str);
|
||||
log_err("cannot parse EDNS client string IP netblock: "
|
||||
"%s", c->str);
|
||||
return 0;
|
||||
}
|
||||
tag_data = atoi(c->str2); /* validated in config parser */
|
||||
if(!edns_tags_client_insert(edns_tags, &addr, addrlen, net,
|
||||
tag_data)) {
|
||||
log_err("out of memory while adding EDNS tags");
|
||||
if(!edns_strings_client_insert(edns_strings, &addr, addrlen,
|
||||
net, c->str2)) {
|
||||
log_err("out of memory while adding EDNS strings");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
edns_tags->client_tag_opcode = config->edns_client_tag_opcode;
|
||||
edns_strings->client_string_opcode = config->edns_client_string_opcode;
|
||||
|
||||
addr_tree_init_parents(&edns_tags->client_tags);
|
||||
addr_tree_init_parents(&edns_strings->client_strings);
|
||||
return 1;
|
||||
}
|
||||
|
||||
struct edns_tag_addr*
|
||||
edns_tag_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
|
||||
struct edns_string_addr*
|
||||
edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
|
||||
socklen_t addrlen)
|
||||
{
|
||||
return (struct edns_tag_addr*)addr_tree_lookup(tree, addr, addrlen);
|
||||
return (struct edns_string_addr*)addr_tree_lookup(tree, addr, addrlen);
|
||||
}
|
||||
|
||||
static int edns_keepalive(struct edns_data* edns_out, struct edns_data* edns_in,
|
||||
|
|
52
util/edns.h
52
util/edns.h
|
@ -50,58 +50,60 @@ struct comm_point;
|
|||
struct regional;
|
||||
|
||||
/**
|
||||
* Structure containing all EDNS tags.
|
||||
* Structure containing all EDNS strings.
|
||||
*/
|
||||
struct edns_tags {
|
||||
/** Tree of EDNS client tags to use in upstream queries, per address
|
||||
* prefix. Contains nodes of type edns_tag_addr. */
|
||||
rbtree_type client_tags;
|
||||
/** EDNS opcode to use for client tags */
|
||||
uint16_t client_tag_opcode;
|
||||
struct edns_strings {
|
||||
/** Tree of EDNS client strings to use in upstream queries, per address
|
||||
* prefix. Contains nodes of type edns_string_addr. */
|
||||
rbtree_type client_strings;
|
||||
/** EDNS opcode to use for client strings */
|
||||
uint16_t client_string_opcode;
|
||||
/** region to allocate tree nodes in */
|
||||
struct regional* region;
|
||||
};
|
||||
|
||||
/**
|
||||
* EDNS tag. Node of rbtree, containing tag and prefix.
|
||||
* EDNS string. Node of rbtree, containing string and prefix.
|
||||
*/
|
||||
struct edns_tag_addr {
|
||||
struct edns_string_addr {
|
||||
/** node in address tree, used for tree lookups. Need to be the first
|
||||
* member of this struct. */
|
||||
struct addr_tree_node node;
|
||||
/** tag data, in host byte ordering */
|
||||
uint16_t tag_data;
|
||||
/** string, ascii format */
|
||||
uint8_t* string;
|
||||
/** length of string */
|
||||
size_t string_len;
|
||||
};
|
||||
|
||||
/**
|
||||
* Create structure to hold EDNS tags
|
||||
* @return: newly created edns_tags, NULL on alloc failure.
|
||||
* Create structure to hold EDNS strings
|
||||
* @return: newly created edns_strings, NULL on alloc failure.
|
||||
*/
|
||||
struct edns_tags* edns_tags_create(void);
|
||||
struct edns_strings* edns_strings_create(void);
|
||||
|
||||
/** Delete EDNS tags structure
|
||||
* @param edns_tags: struct to delete
|
||||
/** Delete EDNS strings structure
|
||||
* @param edns_strings: struct to delete
|
||||
*/
|
||||
void edns_tags_delete(struct edns_tags* edns_tags);
|
||||
void edns_strings_delete(struct edns_strings* edns_strings);
|
||||
|
||||
/**
|
||||
* Add configured EDNS tags
|
||||
* @param edns_tags: edns tags to apply config to
|
||||
* @param config: struct containing EDNS tags configuration
|
||||
* Add configured EDNS strings
|
||||
* @param edns_strings: edns strings to apply config to
|
||||
* @param config: struct containing EDNS strings configuration
|
||||
* @return 0 on error
|
||||
*/
|
||||
int edns_tags_apply_cfg(struct edns_tags* edns_tags,
|
||||
int edns_strings_apply_cfg(struct edns_strings* edns_strings,
|
||||
struct config_file* config);
|
||||
|
||||
/**
|
||||
* Find tag for address.
|
||||
* @param tree: tree containing EDNS tags per address prefix.
|
||||
* Find string for address.
|
||||
* @param tree: tree containing EDNS strings per address prefix.
|
||||
* @param addr: address to use for tree lookup
|
||||
* @param addrlen: length of address
|
||||
* @return: matching tree node, NULL otherwise
|
||||
*/
|
||||
struct edns_tag_addr*
|
||||
edns_tag_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
|
||||
struct edns_string_addr*
|
||||
edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
|
||||
socklen_t addrlen);
|
||||
|
||||
/**
|
||||
|
|
|
@ -229,6 +229,8 @@ fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *))
|
|||
else if(fptr == &fwd_cmp) return 1;
|
||||
else if(fptr == &pending_cmp) return 1;
|
||||
else if(fptr == &serviced_cmp) return 1;
|
||||
else if(fptr == &reuse_cmp) return 1;
|
||||
else if(fptr == &reuse_id_cmp) return 1;
|
||||
else if(fptr == &name_tree_compare) return 1;
|
||||
else if(fptr == &order_lock_cmp) return 1;
|
||||
else if(fptr == &codeline_cmp) return 1;
|
||||
|
|
|
@ -5290,6 +5290,7 @@
|
|||
22005,
|
||||
22273,
|
||||
22305,
|
||||
22333,
|
||||
22335,
|
||||
22343,
|
||||
22347,
|
||||
|
|
|
@ -520,8 +520,8 @@ struct module_env {
|
|||
struct edns_known_option* edns_known_options;
|
||||
/* Number of known edns options */
|
||||
size_t edns_known_options_num;
|
||||
/** EDNS client tag information */
|
||||
struct edns_tags* edns_tags;
|
||||
/** EDNS client string information */
|
||||
struct edns_strings* edns_strings;
|
||||
|
||||
/* Make every mesh state unique, do not aggregate mesh states. */
|
||||
int unique_mesh;
|
||||
|
|
539
util/netevent.c
539
util/netevent.c
|
@ -341,10 +341,15 @@ comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet,
|
|||
if(sldns_buffer_remaining(packet) == 0)
|
||||
log_err("error: send empty UDP packet");
|
||||
#endif
|
||||
log_assert(addr && addrlen > 0);
|
||||
sent = sendto(c->fd, (void*)sldns_buffer_begin(packet),
|
||||
sldns_buffer_remaining(packet), 0,
|
||||
addr, addrlen);
|
||||
if(addr) {
|
||||
log_assert(addr && addrlen > 0);
|
||||
sent = sendto(c->fd, (void*)sldns_buffer_begin(packet),
|
||||
sldns_buffer_remaining(packet), 0,
|
||||
addr, addrlen);
|
||||
} else {
|
||||
sent = send(c->fd, (void*)sldns_buffer_begin(packet),
|
||||
sldns_buffer_remaining(packet), 0);
|
||||
}
|
||||
if(sent == -1) {
|
||||
/* try again and block, waiting for IO to complete,
|
||||
* we want to send the answer, and we will wait for
|
||||
|
@ -574,6 +579,32 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet,
|
|||
#endif /* AF_INET6 && IPV6_PKTINFO && HAVE_SENDMSG */
|
||||
}
|
||||
|
||||
/** return true is UDP receive error needs to be logged */
|
||||
static int udp_recv_needs_log(int err)
|
||||
{
|
||||
switch(err) {
|
||||
case ECONNREFUSED:
|
||||
# ifdef ENETUNREACH
|
||||
case ENETUNREACH:
|
||||
# endif
|
||||
# ifdef EHOSTDOWN
|
||||
case EHOSTDOWN:
|
||||
# endif
|
||||
# ifdef EHOSTUNREACH
|
||||
case EHOSTUNREACH:
|
||||
# endif
|
||||
# ifdef ENETDOWN
|
||||
case ENETDOWN:
|
||||
# endif
|
||||
if(verbosity >= VERB_ALGO)
|
||||
return 1;
|
||||
return 0;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
void
|
||||
comm_point_udp_ancil_callback(int fd, short event, void* arg)
|
||||
{
|
||||
|
@ -616,7 +647,8 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg)
|
|||
msg.msg_flags = 0;
|
||||
rcv = recvmsg(fd, &msg, 0);
|
||||
if(rcv == -1) {
|
||||
if(errno != EAGAIN && errno != EINTR) {
|
||||
if(errno != EAGAIN && errno != EINTR
|
||||
&& udp_recv_needs_log(errno)) {
|
||||
log_err("recvmsg failed: %s", strerror(errno));
|
||||
}
|
||||
return;
|
||||
|
@ -697,7 +729,8 @@ comm_point_udp_callback(int fd, short event, void* arg)
|
|||
(struct sockaddr*)&rep.addr, &rep.addrlen);
|
||||
if(rcv == -1) {
|
||||
#ifndef USE_WINSOCK
|
||||
if(errno != EAGAIN && errno != EINTR)
|
||||
if(errno != EAGAIN && errno != EINTR
|
||||
&& udp_recv_needs_log(errno))
|
||||
log_err("recvfrom %d failed: %s",
|
||||
fd, strerror(errno));
|
||||
#else
|
||||
|
@ -965,6 +998,10 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg)
|
|||
/* clear leftover flags from previous use, and then set the
|
||||
* correct event base for the event structure for libevent */
|
||||
ub_event_free(c_hdl->ev->ev);
|
||||
if((c_hdl->type == comm_tcp && c_hdl->tcp_req_info) ||
|
||||
c_hdl->type == comm_local || c_hdl->type == comm_raw)
|
||||
c_hdl->tcp_do_toggle_rw = 0;
|
||||
else c_hdl->tcp_do_toggle_rw = 1;
|
||||
|
||||
if(c_hdl->type == comm_http) {
|
||||
#ifdef HAVE_NGHTTP2
|
||||
|
@ -978,6 +1015,10 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg)
|
|||
log_warn("failed to submit http2 settings");
|
||||
return;
|
||||
}
|
||||
if(!c->ssl) {
|
||||
c_hdl->tcp_do_toggle_rw = 0;
|
||||
c_hdl->use_h2 = 1;
|
||||
}
|
||||
#endif
|
||||
c_hdl->ev->ev = ub_event_new(c_hdl->ev->base->eb->base, -1,
|
||||
UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT,
|
||||
|
@ -1042,6 +1083,8 @@ reclaim_tcp_handler(struct comm_point* c)
|
|||
comm_point_start_listening(c->tcp_parent, -1, -1);
|
||||
}
|
||||
}
|
||||
c->tcp_more_read_again = NULL;
|
||||
c->tcp_more_write_again = NULL;
|
||||
}
|
||||
|
||||
/** do the callback when writing is done */
|
||||
|
@ -1049,16 +1092,27 @@ static void
|
|||
tcp_callback_writer(struct comm_point* c)
|
||||
{
|
||||
log_assert(c->type == comm_tcp);
|
||||
sldns_buffer_clear(c->buffer);
|
||||
if(!c->tcp_write_and_read) {
|
||||
sldns_buffer_clear(c->buffer);
|
||||
c->tcp_byte_count = 0;
|
||||
}
|
||||
if(c->tcp_do_toggle_rw)
|
||||
c->tcp_is_reading = 1;
|
||||
c->tcp_byte_count = 0;
|
||||
/* switch from listening(write) to listening(read) */
|
||||
if(c->tcp_req_info) {
|
||||
tcp_req_info_handle_writedone(c->tcp_req_info);
|
||||
} else {
|
||||
comm_point_stop_listening(c);
|
||||
comm_point_start_listening(c, -1, c->tcp_timeout_msec);
|
||||
if(c->tcp_write_and_read) {
|
||||
fptr_ok(fptr_whitelist_comm_point(c->callback));
|
||||
if( (*c->callback)(c, c->cb_arg, NETEVENT_PKT_WRITTEN,
|
||||
&c->repinfo) ) {
|
||||
comm_point_start_listening(c, -1,
|
||||
c->tcp_timeout_msec);
|
||||
}
|
||||
} else {
|
||||
comm_point_start_listening(c, -1, c->tcp_timeout_msec);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1361,10 +1415,28 @@ ssl_handle_write(struct comm_point* c)
|
|||
}
|
||||
/* ignore return, if fails we may simply block */
|
||||
(void)SSL_set_mode(c->ssl, (long)SSL_MODE_ENABLE_PARTIAL_WRITE);
|
||||
if(c->tcp_byte_count < sizeof(uint16_t)) {
|
||||
uint16_t len = htons(sldns_buffer_limit(c->buffer));
|
||||
if((c->tcp_write_and_read?c->tcp_write_byte_count:c->tcp_byte_count) < sizeof(uint16_t)) {
|
||||
uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(c->buffer));
|
||||
ERR_clear_error();
|
||||
if(sizeof(uint16_t)+sldns_buffer_remaining(c->buffer) <
|
||||
if(c->tcp_write_and_read) {
|
||||
if(c->tcp_write_pkt_len + 2 < LDNS_RR_BUF_SIZE) {
|
||||
/* combine the tcp length and the query for
|
||||
* write, this emulates writev */
|
||||
uint8_t buf[LDNS_RR_BUF_SIZE];
|
||||
memmove(buf, &len, sizeof(uint16_t));
|
||||
memmove(buf+sizeof(uint16_t),
|
||||
c->tcp_write_pkt,
|
||||
c->tcp_write_pkt_len);
|
||||
r = SSL_write(c->ssl,
|
||||
(void*)(buf+c->tcp_write_byte_count),
|
||||
c->tcp_write_pkt_len + 2 -
|
||||
c->tcp_write_byte_count);
|
||||
} else {
|
||||
r = SSL_write(c->ssl,
|
||||
(void*)(((uint8_t*)&len)+c->tcp_write_byte_count),
|
||||
(int)(sizeof(uint16_t)-c->tcp_write_byte_count));
|
||||
}
|
||||
} else if(sizeof(uint16_t)+sldns_buffer_remaining(c->buffer) <
|
||||
LDNS_RR_BUF_SIZE) {
|
||||
/* combine the tcp length and the query for write,
|
||||
* this emulates writev */
|
||||
|
@ -1406,20 +1478,32 @@ ssl_handle_write(struct comm_point* c)
|
|||
log_crypto_err("could not SSL_write");
|
||||
return 0;
|
||||
}
|
||||
c->tcp_byte_count += r;
|
||||
if(c->tcp_byte_count < sizeof(uint16_t))
|
||||
return 1;
|
||||
sldns_buffer_set_position(c->buffer, c->tcp_byte_count -
|
||||
sizeof(uint16_t));
|
||||
if(sldns_buffer_remaining(c->buffer) == 0) {
|
||||
if(c->tcp_write_and_read) {
|
||||
c->tcp_write_byte_count += r;
|
||||
if(c->tcp_write_byte_count < sizeof(uint16_t))
|
||||
return 1;
|
||||
} else {
|
||||
c->tcp_byte_count += r;
|
||||
if(c->tcp_byte_count < sizeof(uint16_t))
|
||||
return 1;
|
||||
sldns_buffer_set_position(c->buffer, c->tcp_byte_count -
|
||||
sizeof(uint16_t));
|
||||
}
|
||||
if((!c->tcp_write_and_read && sldns_buffer_remaining(c->buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) {
|
||||
tcp_callback_writer(c);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
log_assert(sldns_buffer_remaining(c->buffer) > 0);
|
||||
log_assert(c->tcp_write_and_read || sldns_buffer_remaining(c->buffer) > 0);
|
||||
log_assert(!c->tcp_write_and_read || c->tcp_write_byte_count < c->tcp_write_pkt_len + 2);
|
||||
ERR_clear_error();
|
||||
r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer),
|
||||
(int)sldns_buffer_remaining(c->buffer));
|
||||
if(c->tcp_write_and_read) {
|
||||
r = SSL_write(c->ssl, (void*)(c->tcp_write_pkt + c->tcp_write_byte_count - 2),
|
||||
(int)(c->tcp_write_pkt_len + 2 - c->tcp_write_byte_count));
|
||||
} else {
|
||||
r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer),
|
||||
(int)sldns_buffer_remaining(c->buffer));
|
||||
}
|
||||
if(r <= 0) {
|
||||
int want = SSL_get_error(c->ssl, r);
|
||||
if(want == SSL_ERROR_ZERO_RETURN) {
|
||||
|
@ -1444,9 +1528,13 @@ ssl_handle_write(struct comm_point* c)
|
|||
log_crypto_err("could not SSL_write");
|
||||
return 0;
|
||||
}
|
||||
sldns_buffer_skip(c->buffer, (ssize_t)r);
|
||||
if(c->tcp_write_and_read) {
|
||||
c->tcp_write_byte_count += r;
|
||||
} else {
|
||||
sldns_buffer_skip(c->buffer, (ssize_t)r);
|
||||
}
|
||||
|
||||
if(sldns_buffer_remaining(c->buffer) == 0) {
|
||||
if((!c->tcp_write_and_read && sldns_buffer_remaining(c->buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) {
|
||||
tcp_callback_writer(c);
|
||||
}
|
||||
return 1;
|
||||
|
@ -1458,9 +1546,17 @@ ssl_handle_write(struct comm_point* c)
|
|||
|
||||
/** handle ssl tcp connection with dns contents */
|
||||
static int
|
||||
ssl_handle_it(struct comm_point* c)
|
||||
ssl_handle_it(struct comm_point* c, int is_write)
|
||||
{
|
||||
if(c->tcp_is_reading)
|
||||
/* handle case where renegotiation wants read during write call
|
||||
* or write during read calls */
|
||||
if(is_write && c->ssl_shake_state == comm_ssl_shake_hs_write)
|
||||
return ssl_handle_read(c);
|
||||
else if(!is_write && c->ssl_shake_state == comm_ssl_shake_hs_read)
|
||||
return ssl_handle_write(c);
|
||||
/* handle read events for read operation and write events for a
|
||||
* write operation */
|
||||
else if(!is_write)
|
||||
return ssl_handle_read(c);
|
||||
return ssl_handle_write(c);
|
||||
}
|
||||
|
@ -1477,8 +1573,8 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok)
|
|||
ssize_t r;
|
||||
log_assert(c->type == comm_tcp || c->type == comm_local);
|
||||
if(c->ssl)
|
||||
return ssl_handle_it(c);
|
||||
if(!c->tcp_is_reading)
|
||||
return ssl_handle_it(c, 0);
|
||||
if(!c->tcp_is_reading && !c->tcp_write_and_read)
|
||||
return 0;
|
||||
|
||||
log_assert(fd != -1);
|
||||
|
@ -1581,10 +1677,10 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
|
|||
#else
|
||||
buffer = c->buffer;
|
||||
#endif
|
||||
if(c->tcp_is_reading && !c->ssl)
|
||||
if(c->tcp_is_reading && !c->ssl && !c->tcp_write_and_read)
|
||||
return 0;
|
||||
log_assert(fd != -1);
|
||||
if(c->tcp_byte_count == 0 && c->tcp_check_nb_connect) {
|
||||
if(((!c->tcp_write_and_read && c->tcp_byte_count == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == 0)) && c->tcp_check_nb_connect) {
|
||||
/* check for pending error from nonblocking connect */
|
||||
/* from Stevens, unix network programming, vol1, 3rd ed, p450*/
|
||||
int error = 0;
|
||||
|
@ -1625,7 +1721,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
|
|||
}
|
||||
}
|
||||
if(c->ssl)
|
||||
return ssl_handle_it(c);
|
||||
return ssl_handle_it(c, 1);
|
||||
|
||||
#ifdef USE_MSG_FASTOPEN
|
||||
/* Only try this on first use of a connection that uses tfo,
|
||||
|
@ -1634,15 +1730,22 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
|
|||
if(c->tcp_do_fastopen == 1) {
|
||||
/* this form of sendmsg() does both a connect() and send() so need to
|
||||
look for various flavours of error*/
|
||||
uint16_t len = htons(sldns_buffer_limit(buffer));
|
||||
uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(buffer));
|
||||
struct msghdr msg;
|
||||
struct iovec iov[2];
|
||||
c->tcp_do_fastopen = 0;
|
||||
memset(&msg, 0, sizeof(msg));
|
||||
iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count;
|
||||
iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count;
|
||||
iov[1].iov_base = sldns_buffer_begin(buffer);
|
||||
iov[1].iov_len = sldns_buffer_limit(buffer);
|
||||
if(c->tcp_write_and_read) {
|
||||
iov[0].iov_base = (uint8_t*)&len + c->tcp_write_byte_count;
|
||||
iov[0].iov_len = sizeof(uint16_t) - c->tcp_write_byte_count;
|
||||
iov[1].iov_base = c->tcp_write_pkt;
|
||||
iov[1].iov_len = c->tcp_write_pkt_len;
|
||||
} else {
|
||||
iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count;
|
||||
iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count;
|
||||
iov[1].iov_base = sldns_buffer_begin(buffer);
|
||||
iov[1].iov_len = sldns_buffer_limit(buffer);
|
||||
}
|
||||
log_assert(iov[0].iov_len > 0);
|
||||
msg.msg_name = &c->repinfo.addr;
|
||||
msg.msg_namelen = c->repinfo.addrlen;
|
||||
|
@ -1688,12 +1791,18 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
|
|||
}
|
||||
|
||||
} else {
|
||||
c->tcp_byte_count += r;
|
||||
if(c->tcp_byte_count < sizeof(uint16_t))
|
||||
return 1;
|
||||
sldns_buffer_set_position(buffer, c->tcp_byte_count -
|
||||
sizeof(uint16_t));
|
||||
if(sldns_buffer_remaining(buffer) == 0) {
|
||||
if(c->tcp_write_and_read) {
|
||||
c->tcp_write_byte_count += r;
|
||||
if(c->tcp_write_byte_count < sizeof(uint16_t))
|
||||
return 1;
|
||||
} else {
|
||||
c->tcp_byte_count += r;
|
||||
if(c->tcp_byte_count < sizeof(uint16_t))
|
||||
return 1;
|
||||
sldns_buffer_set_position(buffer, c->tcp_byte_count -
|
||||
sizeof(uint16_t));
|
||||
}
|
||||
if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) {
|
||||
tcp_callback_writer(c);
|
||||
return 1;
|
||||
}
|
||||
|
@ -1701,19 +1810,31 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
|
|||
}
|
||||
#endif /* USE_MSG_FASTOPEN */
|
||||
|
||||
if(c->tcp_byte_count < sizeof(uint16_t)) {
|
||||
uint16_t len = htons(sldns_buffer_limit(buffer));
|
||||
if((c->tcp_write_and_read?c->tcp_write_byte_count:c->tcp_byte_count) < sizeof(uint16_t)) {
|
||||
uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(buffer));
|
||||
#ifdef HAVE_WRITEV
|
||||
struct iovec iov[2];
|
||||
iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count;
|
||||
iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count;
|
||||
iov[1].iov_base = sldns_buffer_begin(buffer);
|
||||
iov[1].iov_len = sldns_buffer_limit(buffer);
|
||||
if(c->tcp_write_and_read) {
|
||||
iov[0].iov_base = (uint8_t*)&len + c->tcp_write_byte_count;
|
||||
iov[0].iov_len = sizeof(uint16_t) - c->tcp_write_byte_count;
|
||||
iov[1].iov_base = c->tcp_write_pkt;
|
||||
iov[1].iov_len = c->tcp_write_pkt_len;
|
||||
} else {
|
||||
iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count;
|
||||
iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count;
|
||||
iov[1].iov_base = sldns_buffer_begin(buffer);
|
||||
iov[1].iov_len = sldns_buffer_limit(buffer);
|
||||
}
|
||||
log_assert(iov[0].iov_len > 0);
|
||||
r = writev(fd, iov, 2);
|
||||
#else /* HAVE_WRITEV */
|
||||
r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_byte_count),
|
||||
sizeof(uint16_t)-c->tcp_byte_count, 0);
|
||||
if(c->tcp_write_and_read) {
|
||||
r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_write_byte_count),
|
||||
sizeof(uint16_t)-c->tcp_write_byte_count, 0);
|
||||
} else {
|
||||
r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_byte_count),
|
||||
sizeof(uint16_t)-c->tcp_byte_count, 0);
|
||||
}
|
||||
#endif /* HAVE_WRITEV */
|
||||
if(r == -1) {
|
||||
#ifndef USE_WINSOCK
|
||||
|
@ -1752,19 +1873,31 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
|
|||
#endif
|
||||
return 0;
|
||||
}
|
||||
c->tcp_byte_count += r;
|
||||
if(c->tcp_byte_count < sizeof(uint16_t))
|
||||
return 1;
|
||||
sldns_buffer_set_position(buffer, c->tcp_byte_count -
|
||||
sizeof(uint16_t));
|
||||
if(sldns_buffer_remaining(buffer) == 0) {
|
||||
if(c->tcp_write_and_read) {
|
||||
c->tcp_write_byte_count += r;
|
||||
if(c->tcp_write_byte_count < sizeof(uint16_t))
|
||||
return 1;
|
||||
} else {
|
||||
c->tcp_byte_count += r;
|
||||
if(c->tcp_byte_count < sizeof(uint16_t))
|
||||
return 1;
|
||||
sldns_buffer_set_position(buffer, c->tcp_byte_count -
|
||||
sizeof(uint16_t));
|
||||
}
|
||||
if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) {
|
||||
tcp_callback_writer(c);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
log_assert(sldns_buffer_remaining(buffer) > 0);
|
||||
r = send(fd, (void*)sldns_buffer_current(buffer),
|
||||
sldns_buffer_remaining(buffer), 0);
|
||||
log_assert(c->tcp_write_and_read || sldns_buffer_remaining(buffer) > 0);
|
||||
log_assert(!c->tcp_write_and_read || c->tcp_write_byte_count < c->tcp_write_pkt_len + 2);
|
||||
if(c->tcp_write_and_read) {
|
||||
r = send(fd, (void*)c->tcp_write_pkt + c->tcp_write_byte_count - 2,
|
||||
c->tcp_write_pkt_len + 2 - c->tcp_write_byte_count, 0);
|
||||
} else {
|
||||
r = send(fd, (void*)sldns_buffer_current(buffer),
|
||||
sldns_buffer_remaining(buffer), 0);
|
||||
}
|
||||
if(r == -1) {
|
||||
#ifndef USE_WINSOCK
|
||||
if(errno == EINTR || errno == EAGAIN)
|
||||
|
@ -1787,9 +1920,13 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
|
|||
&c->repinfo.addr, c->repinfo.addrlen);
|
||||
return 0;
|
||||
}
|
||||
sldns_buffer_skip(buffer, r);
|
||||
if(c->tcp_write_and_read) {
|
||||
c->tcp_write_byte_count += r;
|
||||
} else {
|
||||
sldns_buffer_skip(buffer, r);
|
||||
}
|
||||
|
||||
if(sldns_buffer_remaining(buffer) == 0) {
|
||||
if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) {
|
||||
tcp_callback_writer(c);
|
||||
}
|
||||
|
||||
|
@ -1819,6 +1956,54 @@ tcp_req_info_read_again(int fd, struct comm_point* c)
|
|||
}
|
||||
}
|
||||
|
||||
/** read again to drain buffers when there could be more to read */
|
||||
static void
|
||||
tcp_more_read_again(int fd, struct comm_point* c)
|
||||
{
|
||||
/* if the packet is done, but another one could be waiting on
|
||||
* the connection, the callback signals this, and we try again */
|
||||
/* this continues until the read routines get EAGAIN or so,
|
||||
* and thus does not call the callback, and the bool is 0 */
|
||||
int* moreread = c->tcp_more_read_again;
|
||||
while(moreread && *moreread) {
|
||||
*moreread = 0;
|
||||
if(!comm_point_tcp_handle_read(fd, c, 0)) {
|
||||
reclaim_tcp_handler(c);
|
||||
if(!c->tcp_do_close) {
|
||||
fptr_ok(fptr_whitelist_comm_point(
|
||||
c->callback));
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
NETEVENT_CLOSED, NULL);
|
||||
}
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/** write again to fill up when there could be more to write */
|
||||
static void
|
||||
tcp_more_write_again(int fd, struct comm_point* c)
|
||||
{
|
||||
/* if the packet is done, but another is waiting to be written,
|
||||
* the callback signals it and we try again. */
|
||||
/* this continues until the write routines get EAGAIN or so,
|
||||
* and thus does not call the callback, and the bool is 0 */
|
||||
int* morewrite = c->tcp_more_write_again;
|
||||
while(morewrite && *morewrite) {
|
||||
*morewrite = 0;
|
||||
if(!comm_point_tcp_handle_write(fd, c)) {
|
||||
reclaim_tcp_handler(c);
|
||||
if(!c->tcp_do_close) {
|
||||
fptr_ok(fptr_whitelist_comm_point(
|
||||
c->callback));
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
NETEVENT_CLOSED, NULL);
|
||||
}
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
||||
{
|
||||
|
@ -1839,7 +2024,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
|||
if(!c->tcp_do_close) {
|
||||
fptr_ok(fptr_whitelist_comm_point(
|
||||
c->callback));
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
NETEVENT_CLOSED, NULL);
|
||||
}
|
||||
return;
|
||||
|
@ -1857,34 +2042,46 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
|||
}
|
||||
return;
|
||||
}
|
||||
if(event&UB_EV_READ) {
|
||||
if(event&UB_EV_READ
|
||||
#ifdef USE_MSG_FASTOPEN
|
||||
&& !(c->tcp_do_fastopen && (event&UB_EV_WRITE))
|
||||
#endif
|
||||
) {
|
||||
int has_tcpq = (c->tcp_req_info != NULL);
|
||||
int* moreread = c->tcp_more_read_again;
|
||||
if(!comm_point_tcp_handle_read(fd, c, 0)) {
|
||||
reclaim_tcp_handler(c);
|
||||
if(!c->tcp_do_close) {
|
||||
fptr_ok(fptr_whitelist_comm_point(
|
||||
c->callback));
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
NETEVENT_CLOSED, NULL);
|
||||
}
|
||||
return;
|
||||
}
|
||||
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
|
||||
tcp_req_info_read_again(fd, c);
|
||||
if(moreread && *moreread)
|
||||
tcp_more_read_again(fd, c);
|
||||
return;
|
||||
}
|
||||
if(event&UB_EV_WRITE) {
|
||||
int has_tcpq = (c->tcp_req_info != NULL);
|
||||
int* morewrite = c->tcp_more_write_again;
|
||||
if(!comm_point_tcp_handle_write(fd, c)) {
|
||||
reclaim_tcp_handler(c);
|
||||
if(!c->tcp_do_close) {
|
||||
fptr_ok(fptr_whitelist_comm_point(
|
||||
c->callback));
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
NETEVENT_CLOSED, NULL);
|
||||
}
|
||||
return;
|
||||
}
|
||||
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
|
||||
tcp_req_info_read_again(fd, c);
|
||||
if(morewrite && *morewrite)
|
||||
tcp_more_write_again(fd, c);
|
||||
return;
|
||||
}
|
||||
log_err("Ignored event %d for tcphdl.", event);
|
||||
|
@ -2359,48 +2556,76 @@ int http2_stream_close_cb(nghttp2_session* ATTR_UNUSED(session),
|
|||
ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), uint8_t* buf,
|
||||
size_t len, int ATTR_UNUSED(flags), void* cb_arg)
|
||||
{
|
||||
#ifdef HAVE_SSL
|
||||
struct http2_session* h2_session = (struct http2_session*)cb_arg;
|
||||
int r;
|
||||
ssize_t ret;
|
||||
|
||||
log_assert(h2_session->c->type == comm_http);
|
||||
log_assert(h2_session->c->h2_session);
|
||||
|
||||
if(!h2_session->c->ssl)
|
||||
return 0;
|
||||
|
||||
ERR_clear_error();
|
||||
r = SSL_read(h2_session->c->ssl, buf, len);
|
||||
if(r <= 0) {
|
||||
int want = SSL_get_error(h2_session->c->ssl, r);
|
||||
if(want == SSL_ERROR_ZERO_RETURN) {
|
||||
return NGHTTP2_ERR_EOF;
|
||||
} else if(want == SSL_ERROR_WANT_READ) {
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
} else if(want == SSL_ERROR_WANT_WRITE) {
|
||||
h2_session->c->ssl_shake_state = comm_ssl_shake_hs_write;
|
||||
comm_point_listen_for_rw(h2_session->c, 0, 1);
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
} else if(want == SSL_ERROR_SYSCALL) {
|
||||
#ifdef HAVE_SSL
|
||||
if(h2_session->c->ssl) {
|
||||
int r;
|
||||
ERR_clear_error();
|
||||
r = SSL_read(h2_session->c->ssl, buf, len);
|
||||
if(r <= 0) {
|
||||
int want = SSL_get_error(h2_session->c->ssl, r);
|
||||
if(want == SSL_ERROR_ZERO_RETURN) {
|
||||
return NGHTTP2_ERR_EOF;
|
||||
} else if(want == SSL_ERROR_WANT_READ) {
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
} else if(want == SSL_ERROR_WANT_WRITE) {
|
||||
h2_session->c->ssl_shake_state = comm_ssl_shake_hs_write;
|
||||
comm_point_listen_for_rw(h2_session->c, 0, 1);
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
} else if(want == SSL_ERROR_SYSCALL) {
|
||||
#ifdef ECONNRESET
|
||||
if(errno == ECONNRESET && verbosity < 2)
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
if(errno == ECONNRESET && verbosity < 2)
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
#endif
|
||||
if(errno != 0)
|
||||
log_err("SSL_read syscall: %s",
|
||||
strerror(errno));
|
||||
if(errno != 0)
|
||||
log_err("SSL_read syscall: %s",
|
||||
strerror(errno));
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
log_crypto_err("could not SSL_read");
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
log_crypto_err("could not SSL_read");
|
||||
return r;
|
||||
}
|
||||
#endif /* HAVE_SSL */
|
||||
|
||||
ret = recv(h2_session->c->fd, buf, len, 0);
|
||||
if(ret == 0) {
|
||||
return NGHTTP2_ERR_EOF;
|
||||
} else if(ret < 0) {
|
||||
#ifndef USE_WINSOCK
|
||||
if(errno == EINTR || errno == EAGAIN)
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
#ifdef ECONNRESET
|
||||
if(errno == ECONNRESET && verbosity < 2)
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
#endif
|
||||
log_err_addr("could not http2 recv: %s", strerror(errno),
|
||||
&h2_session->c->repinfo.addr,
|
||||
h2_session->c->repinfo.addrlen);
|
||||
#else /* USE_WINSOCK */
|
||||
if(WSAGetLastError() == WSAECONNRESET)
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
if(WSAGetLastError() == WSAEINPROGRESS)
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
if(WSAGetLastError() == WSAEWOULDBLOCK) {
|
||||
ub_winsock_tcp_wouldblock(h2_session->c->ev->ev,
|
||||
UB_EV_READ);
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
}
|
||||
log_err_addr("could not http2 recv: %s",
|
||||
wsa_strerror(WSAGetLastError()),
|
||||
&h2_session->c->repinfo.addr,
|
||||
h2_session->c->repinfo.addrlen);
|
||||
#endif
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
return r;
|
||||
#else
|
||||
(void)buf;
|
||||
(void)len;
|
||||
(void)cb_arg;
|
||||
return -1;
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_NGHTTP2 */
|
||||
|
||||
|
@ -2411,15 +2636,17 @@ comm_point_http2_handle_read(int ATTR_UNUSED(fd), struct comm_point* c)
|
|||
#ifdef HAVE_NGHTTP2
|
||||
int ret;
|
||||
log_assert(c->h2_session);
|
||||
log_assert(c->ssl);
|
||||
|
||||
/* reading until recv cb returns NGHTTP2_ERR_WOULDBLOCK */
|
||||
ret = nghttp2_session_recv(c->h2_session->session);
|
||||
if(ret) {
|
||||
if(ret != NGHTTP2_ERR_EOF &&
|
||||
ret != NGHTTP2_ERR_CALLBACK_FAILURE) {
|
||||
verbose(VERB_QUERY, "http2: session_recv failed, "
|
||||
"error: %s", nghttp2_strerror(ret));
|
||||
char a[256];
|
||||
addr_to_str(&c->repinfo.addr, c->repinfo.addrlen,
|
||||
a, sizeof(a));
|
||||
verbose(VERB_QUERY, "http2: session_recv from %s failed, "
|
||||
"error: %s", a, nghttp2_strerror(ret));
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -2648,47 +2875,81 @@ http_write_more(int fd, struct comm_point* c)
|
|||
ssize_t http2_send_cb(nghttp2_session* ATTR_UNUSED(session), const uint8_t* buf,
|
||||
size_t len, int ATTR_UNUSED(flags), void* cb_arg)
|
||||
{
|
||||
#ifdef HAVE_SSL
|
||||
int r;
|
||||
ssize_t ret;
|
||||
struct http2_session* h2_session = (struct http2_session*)cb_arg;
|
||||
log_assert(h2_session->c->type == comm_http);
|
||||
log_assert(h2_session->c->h2_session);
|
||||
|
||||
if(!h2_session->c->ssl)
|
||||
return 0;
|
||||
|
||||
ERR_clear_error();
|
||||
r = SSL_write(h2_session->c->ssl, buf, len);
|
||||
if(r <= 0) {
|
||||
int want = SSL_get_error(h2_session->c->ssl, r);
|
||||
if(want == SSL_ERROR_ZERO_RETURN) {
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
} else if(want == SSL_ERROR_WANT_READ) {
|
||||
h2_session->c->ssl_shake_state = comm_ssl_shake_hs_read;
|
||||
comm_point_listen_for_rw(h2_session->c, 1, 0);
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
} else if(want == SSL_ERROR_WANT_WRITE) {
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
} else if(want == SSL_ERROR_SYSCALL) {
|
||||
#ifdef EPIPE
|
||||
if(errno == EPIPE && verbosity < 2)
|
||||
#ifdef HAVE_SSL
|
||||
if(h2_session->c->ssl) {
|
||||
int r;
|
||||
ERR_clear_error();
|
||||
r = SSL_write(h2_session->c->ssl, buf, len);
|
||||
if(r <= 0) {
|
||||
int want = SSL_get_error(h2_session->c->ssl, r);
|
||||
if(want == SSL_ERROR_ZERO_RETURN) {
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
} else if(want == SSL_ERROR_WANT_READ) {
|
||||
h2_session->c->ssl_shake_state = comm_ssl_shake_hs_read;
|
||||
comm_point_listen_for_rw(h2_session->c, 1, 0);
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
} else if(want == SSL_ERROR_WANT_WRITE) {
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
} else if(want == SSL_ERROR_SYSCALL) {
|
||||
#ifdef EPIPE
|
||||
if(errno == EPIPE && verbosity < 2)
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
#endif
|
||||
if(errno != 0)
|
||||
log_err("SSL_write syscall: %s",
|
||||
strerror(errno));
|
||||
if(errno != 0)
|
||||
log_err("SSL_write syscall: %s",
|
||||
strerror(errno));
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
log_crypto_err("could not SSL_write");
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
log_crypto_err("could not SSL_write");
|
||||
return r;
|
||||
}
|
||||
#endif /* HAVE_SSL */
|
||||
|
||||
ret = send(h2_session->c->fd, buf, len, 0);
|
||||
if(ret == 0) {
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
} else if(ret < 0) {
|
||||
#ifndef USE_WINSOCK
|
||||
if(errno == EINTR || errno == EAGAIN)
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
#ifdef EPIPE
|
||||
if(errno == EPIPE && verbosity < 2)
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
#endif
|
||||
#ifdef ECONNRESET
|
||||
if(errno == ECONNRESET && verbosity < 2)
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
#endif
|
||||
log_err_addr("could not http2 write: %s", strerror(errno),
|
||||
&h2_session->c->repinfo.addr,
|
||||
h2_session->c->repinfo.addrlen);
|
||||
#else /* USE_WINSOCK */
|
||||
if(WSAGetLastError() == WSAENOTCONN)
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
if(WSAGetLastError() == WSAEINPROGRESS)
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
if(WSAGetLastError() == WSAEWOULDBLOCK) {
|
||||
ub_winsock_tcp_wouldblock(h2_session->c->ev->ev,
|
||||
UB_EV_WRITE);
|
||||
return NGHTTP2_ERR_WOULDBLOCK;
|
||||
}
|
||||
if(WSAGetLastError() == WSAECONNRESET && verbosity < 2)
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
log_err_addr("could not http2 write: %s",
|
||||
wsa_strerror(WSAGetLastError()),
|
||||
&h2_session->c->repinfo.addr,
|
||||
h2_session->c->repinfo.addrlen);
|
||||
#endif
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
return r;
|
||||
#else
|
||||
(void)buf;
|
||||
(void)len;
|
||||
(void)cb_arg;
|
||||
return -1;
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_NGHTTP2 */
|
||||
|
||||
|
@ -2699,7 +2960,6 @@ comm_point_http2_handle_write(int ATTR_UNUSED(fd), struct comm_point* c)
|
|||
#ifdef HAVE_NGHTTP2
|
||||
int ret;
|
||||
log_assert(c->h2_session);
|
||||
log_assert(c->ssl);
|
||||
|
||||
ret = nghttp2_session_send(c->h2_session->session);
|
||||
if(ret) {
|
||||
|
@ -2811,7 +3071,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg)
|
|||
if(!c->tcp_do_close) {
|
||||
fptr_ok(fptr_whitelist_comm_point(
|
||||
c->callback));
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
NETEVENT_CLOSED, NULL);
|
||||
}
|
||||
}
|
||||
|
@ -2823,7 +3083,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg)
|
|||
if(!c->tcp_do_close) {
|
||||
fptr_ok(fptr_whitelist_comm_point(
|
||||
c->callback));
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
(void)(*c->callback)(c, c->cb_arg,
|
||||
NETEVENT_CLOSED, NULL);
|
||||
}
|
||||
}
|
||||
|
@ -3555,6 +3815,7 @@ comm_point_close(struct comm_point* c)
|
|||
if(!c)
|
||||
return;
|
||||
if(c->fd != -1) {
|
||||
verbose(5, "comm_point_close of %d: event_del", c->fd);
|
||||
if(ub_event_del(c->ev->ev) != 0) {
|
||||
log_err("could not event_del on close");
|
||||
}
|
||||
|
@ -3736,12 +3997,20 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec)
|
|||
}
|
||||
if(c->type == comm_tcp || c->type == comm_http) {
|
||||
ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE);
|
||||
if(c->tcp_is_reading)
|
||||
if(c->tcp_write_and_read) {
|
||||
verbose(5, "startlistening %d mode rw", (newfd==-1?c->fd:newfd));
|
||||
ub_event_add_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE);
|
||||
} else if(c->tcp_is_reading) {
|
||||
verbose(5, "startlistening %d mode r", (newfd==-1?c->fd:newfd));
|
||||
ub_event_add_bits(c->ev->ev, UB_EV_READ);
|
||||
else ub_event_add_bits(c->ev->ev, UB_EV_WRITE);
|
||||
} else {
|
||||
verbose(5, "startlistening %d mode w", (newfd==-1?c->fd:newfd));
|
||||
ub_event_add_bits(c->ev->ev, UB_EV_WRITE);
|
||||
}
|
||||
}
|
||||
if(newfd != -1) {
|
||||
if(c->fd != -1) {
|
||||
if(c->fd != -1 && c->fd != newfd) {
|
||||
verbose(5, "cpsl close of fd %d for %d", c->fd, newfd);
|
||||
sock_close(c->fd);
|
||||
}
|
||||
c->fd = newfd;
|
||||
|
|
|
@ -95,6 +95,9 @@ typedef int comm_point_callback_type(struct comm_point*, void*, int,
|
|||
#define NETEVENT_CAPSFAIL -3
|
||||
/** to pass done transfer to callback function; http file is complete */
|
||||
#define NETEVENT_DONE -4
|
||||
/** to pass write of the write packet is done to callback function
|
||||
* used when tcp_write_and_read is enabled */
|
||||
#define NETEVENT_PKT_WRITTEN -5
|
||||
|
||||
/** timeout to slow accept calls when not possible, in msec. */
|
||||
#define NETEVENT_SLOW_ACCEPT_TIME 2000
|
||||
|
@ -276,6 +279,44 @@ struct comm_point {
|
|||
and after read/write completes. No callback is done. */
|
||||
int tcp_do_close;
|
||||
|
||||
/** flag that indicates the stream is both written and read from. */
|
||||
int tcp_write_and_read;
|
||||
|
||||
/** byte count for written length over write channel, for when
|
||||
* tcp_write_and_read is enabled. When tcp_write_and_read is enabled,
|
||||
* this is the counter for writing, the one for reading is in the
|
||||
* commpoint.buffer sldns buffer. The counter counts from 0 to
|
||||
* 2+tcp_write_pkt_len, and includes the tcp length bytes. */
|
||||
size_t tcp_write_byte_count;
|
||||
|
||||
/** packet to write currently over the write channel. for when
|
||||
* tcp_write_and_read is enabled. When tcp_write_and_read is enabled,
|
||||
* this is the buffer for the written packet, the commpoint.buffer
|
||||
* sldns buffer is the buffer for the received packet. */
|
||||
uint8_t* tcp_write_pkt;
|
||||
/** length of tcp_write_pkt in bytes */
|
||||
size_t tcp_write_pkt_len;
|
||||
|
||||
/** if set try to read another packet again (over connection with
|
||||
* multiple packets), once set, tries once, then zero again,
|
||||
* so set it in the packet complete section.
|
||||
* The pointer itself has to be set before the callback is invoked,
|
||||
* when you set things up, and continue to exist also after the
|
||||
* commpoint is closed and deleted in your callback. So that after
|
||||
* the callback cleans up netevent can see what it has to do.
|
||||
* Or leave NULL if it is not used at all. */
|
||||
int* tcp_more_read_again;
|
||||
|
||||
/** if set try to write another packet (over connection with
|
||||
* multiple packets), once set, tries once, then zero again,
|
||||
* so set it in the packet complete section.
|
||||
* The pointer itself has to be set before the callback is invoked,
|
||||
* when you set things up, and continue to exist also after the
|
||||
* commpoint is closed and deleted in your callback. So that after
|
||||
* the callback cleans up netevent can see what it has to do.
|
||||
* Or leave NULL if it is not used at all. */
|
||||
int* tcp_more_write_again;
|
||||
|
||||
/** if set, read/write completes:
|
||||
read/write state of tcp is toggled.
|
||||
buffer reset/bytecount reset.
|
||||
|
@ -589,7 +630,8 @@ void comm_point_drop_reply(struct comm_reply* repinfo);
|
|||
* Send an udp message over a commpoint.
|
||||
* @param c: commpoint to send it from.
|
||||
* @param packet: what to send.
|
||||
* @param addr: where to send it to.
|
||||
* @param addr: where to send it to. If NULL, send is performed,
|
||||
* for connected sockets, to the connected address.
|
||||
* @param addrlen: length of addr.
|
||||
* @return: false on a failure.
|
||||
*/
|
||||
|
|
|
@ -80,18 +80,39 @@ regional_init(struct regional* r)
|
|||
r->total_large = 0;
|
||||
}
|
||||
|
||||
struct regional*
|
||||
regional_create_custom(size_t size)
|
||||
/**
|
||||
* Create a new region, with custom first block and large-object sizes.
|
||||
* @param size: length of first block.
|
||||
* @param large_object_size: outside of chunk allocation threshold.
|
||||
* @return: newly allocated regional.
|
||||
*/
|
||||
static struct regional*
|
||||
regional_create_custom_large_object(size_t size, size_t large_object_size)
|
||||
{
|
||||
struct regional* r = (struct regional*)malloc(size);
|
||||
struct regional* r;
|
||||
size = ALIGN_UP(size, ALIGNMENT);
|
||||
r = (struct regional*)malloc(size);
|
||||
log_assert(sizeof(struct regional) <= size);
|
||||
if(!r) return NULL;
|
||||
r->first_size = size;
|
||||
r->large_object_size = large_object_size;
|
||||
regional_init(r);
|
||||
return r;
|
||||
}
|
||||
|
||||
struct regional*
|
||||
regional_create_custom(size_t size)
|
||||
{
|
||||
return regional_create_custom_large_object(size,
|
||||
REGIONAL_LARGE_OBJECT_SIZE);
|
||||
}
|
||||
|
||||
struct regional*
|
||||
regional_create_nochunk(size_t size)
|
||||
{
|
||||
return regional_create_custom_large_object(size, 0);
|
||||
}
|
||||
|
||||
void
|
||||
regional_free_all(struct regional *r)
|
||||
{
|
||||
|
@ -134,7 +155,7 @@ regional_alloc(struct regional *r, size_t size)
|
|||
malloc and ALIGN_UP */
|
||||
a = ALIGN_UP(size, ALIGNMENT);
|
||||
/* large objects */
|
||||
if(a > REGIONAL_LARGE_OBJECT_SIZE) {
|
||||
if(a > r->large_object_size) {
|
||||
s = malloc(ALIGNMENT + size);
|
||||
if(!s) return NULL;
|
||||
r->total_large += ALIGNMENT+size;
|
||||
|
@ -219,7 +240,7 @@ regional_log_stats(struct regional *r)
|
|||
/* some basic assertions put here (non time critical code) */
|
||||
log_assert(ALIGNMENT >= sizeof(char*));
|
||||
log_assert(REGIONAL_CHUNK_SIZE > ALIGNMENT);
|
||||
log_assert(REGIONAL_CHUNK_SIZE-ALIGNMENT > REGIONAL_LARGE_OBJECT_SIZE);
|
||||
log_assert(REGIONAL_CHUNK_SIZE-ALIGNMENT > r->large_object_size);
|
||||
log_assert(REGIONAL_CHUNK_SIZE >= sizeof(struct regional));
|
||||
/* debug print */
|
||||
log_info("regional %u chunks, %u large",
|
||||
|
|
|
@ -74,6 +74,11 @@ struct regional
|
|||
size_t available;
|
||||
/** current chunk data position. */
|
||||
char* data;
|
||||
/** threshold for outside of chunk allocations */
|
||||
size_t large_object_size;
|
||||
/** padding for sizeof8 alignment of sizeof(struct regional)
|
||||
* for 32bit systems */
|
||||
size_t padding;
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -88,6 +93,14 @@ struct regional* regional_create(void);
|
|||
* @return: newly allocated regional.
|
||||
*/
|
||||
struct regional* regional_create_custom(size_t size);
|
||||
|
||||
/**
|
||||
* Create a new region, with custom settings, that will allocate everything
|
||||
* outside the region chunk.
|
||||
* @param size: length of first block.
|
||||
* @return: newly allocated regional.
|
||||
*/
|
||||
struct regional* regional_create_nochunk(size_t size);
|
||||
|
||||
/**
|
||||
* Free all memory associated with regional. Only keeps the first block with
|
||||
|
|
|
@ -990,6 +990,7 @@ static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo)
|
|||
return pk;
|
||||
}
|
||||
|
||||
#if defined(USE_DSA) && defined(USE_SHA1)
|
||||
static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len)
|
||||
{
|
||||
SECKEYPublicKey* pk;
|
||||
|
@ -1050,6 +1051,7 @@ static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len)
|
|||
}
|
||||
return pk;
|
||||
}
|
||||
#endif /* USE_DSA && USE_SHA1 */
|
||||
|
||||
static SECKEYPublicKey* nss_buf2rsa(unsigned char* key, size_t len)
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue