git: 34cf2ab49b01 - stable/13 - unbound: Vendor import 1.16.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 11 Jul 2022 12:55:17 UTC
The branch stable/13 has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=34cf2ab49b016c613b3282cf2000f7c167a2319d
commit 34cf2ab49b016c613b3282cf2000f7c167a2319d
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-06-08 22:08:42 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-07-11 12:55:11 +0000
unbound: Vendor import 1.16.0
Merge commit '5f9f82264b91e041df7cba2406625146e7268ce4' into main
(cherry picked from commit a39a5a6905612447def27b66ffe73b9d11efd80c)
---
contrib/unbound/Makefile.in | 23 +-
contrib/unbound/acx_python.m4 | 57 +++--
contrib/unbound/config.guess | 34 ++-
contrib/unbound/config.h.in | 6 +-
contrib/unbound/configure | 116 ++++++---
contrib/unbound/configure.ac | 18 +-
contrib/unbound/daemon/acl_list.c | 35 +++
contrib/unbound/daemon/acl_list.h | 11 +
contrib/unbound/daemon/cachedump.c | 6 +-
contrib/unbound/daemon/worker.c | 284 ++++++++++++++++++---
contrib/unbound/doc/Changelog | 141 ++++++++++
contrib/unbound/doc/README | 2 +-
contrib/unbound/doc/example.conf.in | 16 +-
contrib/unbound/doc/libunbound.3.in | 4 +-
contrib/unbound/doc/unbound-anchor.8.in | 2 +-
contrib/unbound/doc/unbound-checkconf.8.in | 2 +-
contrib/unbound/doc/unbound-control.8.in | 24 +-
contrib/unbound/doc/unbound-host.1.in | 2 +-
contrib/unbound/doc/unbound.8.in | 4 +-
contrib/unbound/doc/unbound.conf.5.in | 56 +++-
contrib/unbound/edns-subnet/subnetmod.c | 30 ++-
contrib/unbound/edns-subnet/subnetmod.h | 7 +
contrib/unbound/ipset/ipset.c | 71 +++---
contrib/unbound/iterator/iter_delegpt.h | 2 +-
contrib/unbound/iterator/iter_utils.c | 24 +-
contrib/unbound/iterator/iter_utils.h | 6 +-
contrib/unbound/iterator/iterator.c | 41 +--
contrib/unbound/libunbound/libworker.c | 6 +-
contrib/unbound/respip/respip.c | 23 +-
contrib/unbound/respip/respip.h | 5 +-
contrib/unbound/services/authzone.c | 103 ++++++--
contrib/unbound/services/authzone.h | 3 +
contrib/unbound/services/cache/dns.c | 5 +
contrib/unbound/services/listen_dnsport.c | 79 +++++-
contrib/unbound/services/localzone.c | 26 +-
contrib/unbound/services/mesh.c | 181 ++++++++++++-
contrib/unbound/services/mesh.h | 17 +-
contrib/unbound/services/outside_network.c | 5 +-
contrib/unbound/services/rpz.c | 41 ++-
contrib/unbound/services/rpz.h | 4 +-
contrib/unbound/sldns/parseutil.c | 36 ++-
contrib/unbound/sldns/parseutil.h | 4 +-
contrib/unbound/sldns/pkthdr.h | 4 +
contrib/unbound/sldns/rrdef.h | 32 +++
contrib/unbound/sldns/str2wire.c | 38 ++-
contrib/unbound/sldns/wire2str.c | 1 +
contrib/unbound/smallapp/unbound-checkconf.c | 23 ++
contrib/unbound/smallapp/unbound-control.c | 28 +-
contrib/unbound/testcode/unitzonemd.c | 4 +-
.../unbound/testdata/auth_zonemd_file_unknown.rpl | 184 +++++++++++++
contrib/unbound/testdata/ede.tdir/bogus/clean.sh | 1 +
.../testdata/ede.tdir/bogus/dnskey-failures.test | 10 +
.../testdata/ede.tdir/bogus/dnssec-failures.test | 15 ++
.../testdata/ede.tdir/bogus/make-broken-zone.sh | 67 +++++
.../testdata/ede.tdir/bogus/nsec-failures.test | 10 +
.../testdata/ede.tdir/bogus/rrsig-failures.test | 10 +
contrib/unbound/testdata/ede.tdir/ede-auth.conf | 27 ++
contrib/unbound/testdata/ede.tdir/ede.conf | 49 ++++
contrib/unbound/testdata/ede.tdir/ede.dsc | 16 ++
contrib/unbound/testdata/ede.tdir/ede.post | 10 +
contrib/unbound/testdata/ede.tdir/ede.pre | 37 +++
contrib/unbound/testdata/ede.tdir/ede.test | 72 ++++++
contrib/unbound/testdata/ede_acl_refused.rpl | 35 +++
.../unbound/testdata/ede_cache_snoop_noth_auth.rpl | 33 +++
.../testdata/ede_localzone_dname_expansion.rpl | 37 +++
contrib/unbound/testdata/ipset.tdir/ipset.conf | 23 ++
contrib/unbound/testdata/ipset.tdir/ipset.dsc | 16 ++
contrib/unbound/testdata/ipset.tdir/ipset.post | 14 +
contrib/unbound/testdata/ipset.tdir/ipset.pre | 33 +++
contrib/unbound/testdata/ipset.tdir/ipset.test | 155 +++++++++++
contrib/unbound/testdata/ipset.tdir/ipset.testns | 103 ++++++++
contrib/unbound/testdata/iter_cname_minimise.rpl | 179 +++++++++++++
contrib/unbound/testdata/iter_dp_ip6useless.rpl | 168 ++++++++++++
contrib/unbound/testdata/nsid_bogus.rpl | 3 +-
contrib/unbound/testdata/rpz_passthru.rpl | 154 +++++++++++
contrib/unbound/testdata/subnet_prefetch.crpl | 215 ++++++++++++++++
.../testdata/subnet_prefetch_with_client_ecs.crpl | 221 ++++++++++++++++
contrib/unbound/util/config_file.c | 136 +---------
contrib/unbound/util/config_file.h | 57 +----
contrib/unbound/util/configlexer.lex | 4 +
contrib/unbound/util/configparser.y | 58 ++++-
contrib/unbound/util/data/msgparse.c | 3 +-
contrib/unbound/util/data/msgparse.h | 9 +
contrib/unbound/util/data/msgreply.c | 31 +++
contrib/unbound/util/data/msgreply.h | 39 ++-
contrib/unbound/util/module.c | 142 +++++++++++
contrib/unbound/util/module.h | 73 +++++-
contrib/unbound/util/net_help.c | 8 +-
contrib/unbound/util/netevent.c | 29 ++-
contrib/unbound/validator/autotrust.c | 13 +-
contrib/unbound/validator/val_kcache.c | 1 +
contrib/unbound/validator/val_kentry.c | 20 ++
contrib/unbound/validator/val_kentry.h | 19 ++
contrib/unbound/validator/val_nsec.c | 2 +-
contrib/unbound/validator/val_nsec3.c | 11 +-
contrib/unbound/validator/val_nsec3.h | 4 +-
contrib/unbound/validator/val_sigcrypt.c | 99 +++++--
contrib/unbound/validator/val_sigcrypt.h | 49 ++--
contrib/unbound/validator/val_utils.c | 66 ++---
contrib/unbound/validator/val_utils.h | 67 ++---
contrib/unbound/validator/validator.c | 123 +++++++--
contrib/unbound/validator/validator.h | 2 +-
102 files changed, 3983 insertions(+), 671 deletions(-)
diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in
index 55125a441977..7dbe5760033b 100644
--- a/contrib/unbound/Makefile.in
+++ b/contrib/unbound/Makefile.in
@@ -57,7 +57,7 @@ LEX=@LEX@
STRIP=@STRIP@
CC=@CC@
CPPFLAGS=-I. @CPPFLAGS@
-PYTHON_CPPFLAGS=-I. @PYTHON_CPPFLAGS@
+PYTHON_CPPFLAGS=-I. -I$(srcdir) @PYTHON_CPPFLAGS@
CFLAGS=-DSRCDIR=$(srcdir) @CFLAGS@
LDFLAGS=@LDFLAGS@
LIBS=@LIBS@
@@ -344,7 +344,18 @@ longcheck: longtest
test: unittest$(EXEEXT) testbound$(EXEEXT)
./unittest$(EXEEXT)
./testbound$(EXEEXT) -s
- for x in $(srcdir)/testdata/*.rpl; do printf "%s" "$$x "; if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then echo OK; else echo failed; exit 1; fi done
+ for x in $(srcdir)/testdata/*.rpl; do \
+ printf "%s" "$$x "; \
+ if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then \
+ echo OK; \
+ else \
+ echo failed; \
+ ./testbound$(EXEEXT) -p $$x -o -vvvvv; \
+ printf "%s" "$$x "; \
+ echo failed; \
+ exit 1; \
+ fi; \
+ done
@echo test OK
longtest: tests
@@ -556,7 +567,7 @@ pythonmod-install:
pyunbound-install:
$(INSTALL) -m 755 -d $(DESTDIR)$(PYTHON_SITE_PKG)
- $(INSTALL) -c -m 644 $(srcdir)/libunbound/python/unbound.py $(DESTDIR)$(PYTHON_SITE_PKG)/unbound.py
+ $(INSTALL) -c -m 644 libunbound/python/unbound.py $(DESTDIR)$(PYTHON_SITE_PKG)/unbound.py
$(LIBTOOL) --mode=install cp _unbound.la $(DESTDIR)$(PYTHON_SITE_PKG)
$(LIBTOOL) --mode=finish $(DESTDIR)$(PYTHON_SITE_PKG)
@@ -583,6 +594,8 @@ install-lib: lib $(UNBOUND_EVENT_INSTALL)
echo ".so man3/libunbound.3" > $(DESTDIR)$(mandir)/man3/$$mpage.3 ; \
done
$(LIBTOOL) --mode=install cp unbound.h $(DESTDIR)$(includedir)/unbound.h
+ $(INSTALL) -m 755 -d $(DESTDIR)$(libdir)/pkgconfig
+ $(INSTALL) -m 644 contrib/libunbound.pc $(DESTDIR)$(libdir)/pkgconfig
$(LIBTOOL) --mode=install cp libunbound.la $(DESTDIR)$(libdir)
$(LIBTOOL) --mode=finish $(DESTDIR)$(libdir)
@@ -592,8 +605,6 @@ install-all: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL) $(UNBOUND_EVENT_INSTA
$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man8
$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man5
$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man1
- $(INSTALL) -m 755 -d $(DESTDIR)$(libdir)/pkgconfig
- $(INSTALL) -m 644 contrib/libunbound.pc $(DESTDIR)$(libdir)/pkgconfig
$(LIBTOOL) --mode=install cp -f unbound$(EXEEXT) $(DESTDIR)$(sbindir)/unbound$(EXEEXT)
$(LIBTOOL) --mode=install cp -f unbound-checkconf$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-checkconf$(EXEEXT)
$(LIBTOOL) --mode=install cp -f unbound-control$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control$(EXEEXT)
@@ -1248,7 +1259,7 @@ cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon
$(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \
$(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \
$(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
- $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
+ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h $(srcdir)/services/outside_network.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
diff --git a/contrib/unbound/acx_python.m4 b/contrib/unbound/acx_python.m4
index 767db5b65944..16c0c6fd943f 100644
--- a/contrib/unbound/acx_python.m4
+++ b/contrib/unbound/acx_python.m4
@@ -18,27 +18,45 @@ AC_DEFUN([AC_PYTHON_DEVEL],[
print(sys.version.split()[[0]])"`
fi
- #
- # Check if you have distutils, else fail
- #
- AC_MSG_CHECKING([for the distutils Python package])
- if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then
+ # Check if you have sysconfig
+ AC_MSG_CHECKING([for the sysconfig Python module])
+ if ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`; then
AC_MSG_RESULT([yes])
- else
+ sysconfig_module="sysconfig"
+ # if yes, use sysconfig, because distutils is deprecated.
+ else
AC_MSG_RESULT([no])
- AC_MSG_ERROR([cannot import Python module "distutils".
-Please check your Python installation. The error was:
-$ac_distutils_result])
- PYTHON_VERSION=""
- fi
+ # if no, try to use distutils
+
+ #
+ # Check if you have distutils, else fail
+ #
+ AC_MSG_CHECKING([for the distutils Python package])
+ if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ AC_MSG_ERROR([cannot import Python module "distutils".
+ Please check your Python installation. The error was:
+ $ac_distutils_result])
+ PYTHON_VERSION=""
+ fi
+
+ sysconfig_module="distutils.sysconfig"
+ fi
#
# Check for Python include path
#
AC_MSG_CHECKING([for Python include path])
if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import distutils.sysconfig; \
- print(distutils.sysconfig.get_python_inc());"`
+ if test "$sysconfig_module" = "sysconfig"; then
+ python_path=`$PYTHON -c 'import sysconfig; \
+ print(sysconfig.get_path("include"));'`
+ else
+ python_path=`$PYTHON -c "import distutils.sysconfig; \
+ print(distutils.sysconfig.get_python_inc());"`
+ fi
if test -n "${python_path}"; then
python_path="-I$python_path"
fi
@@ -52,14 +70,14 @@ $ac_distutils_result])
#
AC_MSG_CHECKING([for Python library path])
if test -z "$PYTHON_LDFLAGS"; then
- PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \
+ PYTHON_LDFLAGS=`$PYTHON -c "from $sysconfig_module import *; \
print('-L'+get_config_var('LIBDIR')+' -L'+get_config_var('LIBDEST')+' '+get_config_var('BLDLIBRARY'));"`
fi
AC_MSG_RESULT([$PYTHON_LDFLAGS])
AC_SUBST([PYTHON_LDFLAGS])
if test -z "$PYTHON_LIBDIR"; then
- PYTHON_LIBDIR=`$PYTHON -c "from distutils.sysconfig import *; \
+ PYTHON_LIBDIR=`$PYTHON -c "from $sysconfig_module import *; \
print(get_config_var('LIBDIR'));"`
fi
@@ -68,8 +86,13 @@ $ac_distutils_result])
#
AC_MSG_CHECKING([for Python site-packages path])
if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \
- print(distutils.sysconfig.get_python_lib(1,0));"`
+ if test "$sysconfig_module" = "sysconfig"; then
+ PYTHON_SITE_PKG=`$PYTHON -c 'import sysconfig; \
+ print(sysconfig.get_path("platlib"));'`
+ else
+ PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \
+ print(distutils.sysconfig.get_python_lib(1,0));"`
+ fi
fi
AC_MSG_RESULT([$PYTHON_SITE_PKG])
AC_SUBST([PYTHON_SITE_PKG])
diff --git a/contrib/unbound/config.guess b/contrib/unbound/config.guess
index 7f76b6228f73..1817bdce90dc 100755
--- a/contrib/unbound/config.guess
+++ b/contrib/unbound/config.guess
@@ -4,7 +4,7 @@
# shellcheck disable=SC2006,SC2268 # see below for rationale
-timestamp='2022-01-09'
+timestamp='2022-05-25'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -1151,16 +1151,27 @@ EOF
;;
x86_64:Linux:*:*)
set_cc_for_build
+ CPU=$UNAME_MACHINE
LIBCABI=$LIBC
if test "$CC_FOR_BUILD" != no_compiler_found; then
- if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \
- (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
- grep IS_X32 >/dev/null
- then
- LIBCABI=${LIBC}x32
- fi
+ ABI=64
+ sed 's/^ //' << EOF > "$dummy.c"
+ #ifdef __i386__
+ ABI=x86
+ #else
+ #ifdef __ILP32__
+ ABI=x32
+ #endif
+ #endif
+EOF
+ cc_set_abi=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^ABI' | sed 's, ,,g'`
+ eval "$cc_set_abi"
+ case $ABI in
+ x86) CPU=i686 ;;
+ x32) LIBCABI=${LIBC}x32 ;;
+ esac
fi
- GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI
+ GUESS=$CPU-pc-linux-$LIBCABI
;;
xtensa*:Linux:*:*)
GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
@@ -1367,8 +1378,11 @@ EOF
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
GUESS=i586-pc-haiku
;;
- x86_64:Haiku:*:*)
- GUESS=x86_64-unknown-haiku
+ ppc:Haiku:*:*) # Haiku running on Apple PowerPC
+ GUESS=powerpc-apple-haiku
+ ;;
+ *:Haiku:*:*) # Haiku modern gcc (not bound by BeOS compat)
+ GUESS=$UNAME_MACHINE-unknown-haiku
;;
SX-4:SUPER-UX:*:*)
GUESS=sx4-nec-superux$UNAME_RELEASE
diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in
index 197c2838b33f..a080dde0da2e 100644
--- a/contrib/unbound/config.h.in
+++ b/contrib/unbound/config.h.in
@@ -971,6 +971,10 @@
/* Define to 1 if you need to in order for `stat' and other things to work. */
#undef _POSIX_SOURCE
+/* defined to use gcc ansi snprintf and sscanf that understands %lld when
+ compiled for windows. */
+#undef __USE_MINGW_ANSI_STDIO
+
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
@@ -1150,7 +1154,7 @@
#include <ws2tcpip.h>
#endif
-#ifndef USE_WINSOCK
+#if !defined(USE_WINSOCK) || !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) || defined(__USE_MINGW_ANSI_STDIO)
#define ARG_LL "%ll"
#else
#define ARG_LL "%I64"
diff --git a/contrib/unbound/configure b/contrib/unbound/configure
index 48f9c2d02b68..a9ec94479b55 100755
--- a/contrib/unbound/configure
+++ b/contrib/unbound/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for unbound 1.15.0.
+# Generated by GNU Autoconf 2.69 for unbound 1.16.0.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
#
@@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.15.0'
-PACKAGE_STRING='unbound 1.15.0'
+PACKAGE_VERSION='1.16.0'
+PACKAGE_STRING='unbound 1.16.0'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
PACKAGE_URL=''
@@ -813,6 +813,7 @@ infodir
docdir
oldincludedir
includedir
+runstatedir
localstatedir
sharedstatedir
sysconfdir
@@ -964,6 +965,7 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1216,6 +1218,15 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
+ -runstatedir | --runstatedir | --runstatedi | --runstated \
+ | --runstate | --runstat | --runsta | --runst | --runs \
+ | --run | --ru | --r)
+ ac_prev=runstatedir ;;
+ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+ | --run=* | --ru=* | --r=*)
+ runstatedir=$ac_optarg ;;
+
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1353,7 +1364,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir
+ libdir localedir mandir runstatedir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@@ -1466,7 +1477,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures unbound 1.15.0 to adapt to many kinds of systems.
+\`configure' configures unbound 1.16.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1506,6 +1517,7 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
@@ -1531,7 +1543,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of unbound 1.15.0:";;
+ short | recursive ) echo "Configuration of unbound 1.16.0:";;
esac
cat <<\_ACEOF
@@ -1773,7 +1785,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-unbound configure 1.15.0
+unbound configure 1.16.0
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2482,7 +2494,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by unbound $as_me 1.15.0, which was
+It was created by unbound $as_me 1.16.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2832,13 +2844,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
UNBOUND_VERSION_MAJOR=1
-UNBOUND_VERSION_MINOR=15
+UNBOUND_VERSION_MINOR=16
UNBOUND_VERSION_MICRO=0
LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=15
+LIBUNBOUND_REVISION=16
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -2921,6 +2933,7 @@ LIBUNBOUND_AGE=1
# 1.13.2 had 9:13:1
# 1.14.0 had 9:14:1
# 1.15.0 had 9:15:1
+# 1.16.0 had 9:16:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -17455,22 +17468,38 @@ fi
print(sys.version.split()[0])"`
fi
- #
- # Check if you have distutils, else fail
- #
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5
-$as_echo_n "checking for the distutils Python package... " >&6; }
- if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then
+ # Check if you have sysconfig
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the sysconfig Python module" >&5
+$as_echo_n "checking for the sysconfig Python module... " >&6; }
+ if ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
- else
+ sysconfig_module="sysconfig"
+ # if yes, use sysconfig, because distutils is deprecated.
+ else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
- as_fn_error $? "cannot import Python module \"distutils\".
-Please check your Python installation. The error was:
-$ac_distutils_result" "$LINENO" 5
- PYTHON_VERSION=""
- fi
+ # if no, try to use distutils
+
+ #
+ # Check if you have distutils, else fail
+ #
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5
+$as_echo_n "checking for the distutils Python package... " >&6; }
+ if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ as_fn_error $? "cannot import Python module \"distutils\".
+ Please check your Python installation. The error was:
+ $ac_distutils_result" "$LINENO" 5
+ PYTHON_VERSION=""
+ fi
+
+ sysconfig_module="distutils.sysconfig"
+ fi
#
# Check for Python include path
@@ -17478,8 +17507,13 @@ $ac_distutils_result" "$LINENO" 5
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
$as_echo_n "checking for Python include path... " >&6; }
if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import distutils.sysconfig; \
- print(distutils.sysconfig.get_python_inc());"`
+ if test "$sysconfig_module" = "sysconfig"; then
+ python_path=`$PYTHON -c 'import sysconfig; \
+ print(sysconfig.get_path("include"));'`
+ else
+ python_path=`$PYTHON -c "import distutils.sysconfig; \
+ print(distutils.sysconfig.get_python_inc());"`
+ fi
if test -n "${python_path}"; then
python_path="-I$python_path"
fi
@@ -17495,7 +17529,7 @@ $as_echo "$PYTHON_CPPFLAGS" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
$as_echo_n "checking for Python library path... " >&6; }
if test -z "$PYTHON_LDFLAGS"; then
- PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \
+ PYTHON_LDFLAGS=`$PYTHON -c "from $sysconfig_module import *; \
print('-L'+get_config_var('LIBDIR')+' -L'+get_config_var('LIBDEST')+' '+get_config_var('BLDLIBRARY'));"`
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
@@ -17503,7 +17537,7 @@ $as_echo "$PYTHON_LDFLAGS" >&6; }
if test -z "$PYTHON_LIBDIR"; then
- PYTHON_LIBDIR=`$PYTHON -c "from distutils.sysconfig import *; \
+ PYTHON_LIBDIR=`$PYTHON -c "from $sysconfig_module import *; \
print(get_config_var('LIBDIR'));"`
fi
@@ -17513,8 +17547,13 @@ $as_echo "$PYTHON_LDFLAGS" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
$as_echo_n "checking for Python site-packages path... " >&6; }
if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \
- print(distutils.sysconfig.get_python_lib(1,0));"`
+ if test "$sysconfig_module" = "sysconfig"; then
+ PYTHON_SITE_PKG=`$PYTHON -c 'import sysconfig; \
+ print(sysconfig.get_path("platlib"));'`
+ else
+ PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \
+ print(distutils.sysconfig.get_python_lib(1,0));"`
+ fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
$as_echo "$PYTHON_SITE_PKG" >&6; }
@@ -20181,6 +20220,9 @@ fi
WIN_CHECKCONF_OBJ_LINK="rsrc_unbound_checkconf.o"
+
+$as_echo "#define __USE_MINGW_ANSI_STDIO 1" >>confdefs.h
+
fi
if test $ac_cv_func_getaddrinfo = no; then
case " $LIBOBJS " in
@@ -21678,10 +21720,16 @@ $as_echo_n "checking for libmnl... " >&6; }
withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
fi
for dir in $withval ; do
- if test -f "$dir/include/libmnl/libmnl.h"; then
+ if test -f "$dir/include/libmnl/libmnl.h" -o -f "$dir/include/libmnl/libmnl/libmnl.h"; then
found_libmnl="yes"
- if test "$dir" != "/usr"; then
- CPPFLAGS="$CPPFLAGS -I$dir/include"
+ extralibmnl=""
+ if test -f "$dir/include/libmnl/libmnl/libmnl.h"; then
+ extralibmnl="/libmnl"
+ fi
+ if test "$dir" != "/usr" -o -n "$extralibmnl"; then
+ CPPFLAGS="$CPPFLAGS -I$dir/include$extralibmnl"
+ fi
+ if test "$dir" != "/usr"; then
LDFLAGS="$LDFLAGS -L$dir/lib"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $dir" >&5
@@ -21886,7 +21934,7 @@ _ACEOF
-version=1.15.0
+version=1.16.0
date=`date +'%b %e, %Y'`
@@ -22405,7 +22453,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by unbound $as_me 1.15.0, which was
+This file was extended by unbound $as_me 1.16.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -22471,7 +22519,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-unbound config.status 1.15.0
+unbound config.status 1.16.0
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac
index 5c7da1978131..1453b3a2fe29 100644
--- a/contrib/unbound/configure.ac
+++ b/contrib/unbound/configure.ac
@@ -10,7 +10,7 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
-m4_define([VERSION_MINOR],[15])
+m4_define([VERSION_MINOR],[16])
m4_define([VERSION_MICRO],[0])
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
@@ -18,7 +18,7 @@ AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=15
+LIBUNBOUND_REVISION=16
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -101,6 +101,7 @@ LIBUNBOUND_AGE=1
# 1.13.2 had 9:13:1
# 1.14.0 had 9:14:1
# 1.15.0 had 9:15:1
+# 1.16.0 had 9:16:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -1553,6 +1554,7 @@ if test "$USE_WINSOCK" = 1; then
AC_SUBST(WIN_CONTROL_OBJ_LINK)
WIN_CHECKCONF_OBJ_LINK="rsrc_unbound_checkconf.o"
AC_SUBST(WIN_CHECKCONF_OBJ_LINK)
+ AC_DEFINE(__USE_MINGW_ANSI_STDIO, 1, [defined to use gcc ansi snprintf and sscanf that understands %lld when compiled for windows.])
fi
if test $ac_cv_func_getaddrinfo = no; then
AC_LIBOBJ([fake-rfc2553])
@@ -1878,11 +1880,17 @@ case "$enable_ipset" in
withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
fi
for dir in $withval ; do
- if test -f "$dir/include/libmnl/libmnl.h"; then
+ if test -f "$dir/include/libmnl/libmnl.h" -o -f "$dir/include/libmnl/libmnl/libmnl.h"; then
found_libmnl="yes"
dnl assume /usr is in default path.
+ extralibmnl=""
+ if test -f "$dir/include/libmnl/libmnl/libmnl.h"; then
+ extralibmnl="/libmnl"
+ fi
+ if test "$dir" != "/usr" -o -n "$extralibmnl"; then
+ CPPFLAGS="$CPPFLAGS -I$dir/include$extralibmnl"
+ fi
if test "$dir" != "/usr"; then
- CPPFLAGS="$CPPFLAGS -I$dir/include"
LDFLAGS="$LDFLAGS -L$dir/lib"
fi
AC_MSG_RESULT(found in $dir)
@@ -2060,7 +2068,7 @@ dnl includes
#include <ws2tcpip.h>
#endif
-#ifndef USE_WINSOCK
+#if !defined(USE_WINSOCK) || !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) || defined(__USE_MINGW_ANSI_STDIO)
#define ARG_LL "%ll"
#else
#define ARG_LL "%I64"
diff --git a/contrib/unbound/daemon/acl_list.c b/contrib/unbound/daemon/acl_list.c
index 84324575e718..aecb3e0c6437 100644
--- a/contrib/unbound/daemon/acl_list.c
+++ b/contrib/unbound/daemon/acl_list.c
@@ -487,3 +487,38 @@ acl_list_get_mem(struct acl_list* acl)
if(!acl) return 0;
return sizeof(*acl) + regional_get_mem(acl->region);
}
+
+const char* acl_access_to_str(enum acl_access acl)
+{
+ switch(acl) {
+ case acl_deny: return "deny";
+ case acl_refuse: return "refuse";
+ case acl_deny_non_local: return "deny_non_local";
+ case acl_refuse_non_local: return "refuse_non_local";
+ case acl_allow: return "allow";
+ case acl_allow_snoop: return "allow_snoop";
+ case acl_allow_setrd: return "allow_setrd";
+ default: break;
+ }
+ return "unknown";
+}
+
+void
+log_acl_action(const char* action, struct sockaddr_storage* addr,
+ socklen_t addrlen, enum acl_access acl, struct acl_addr* acladdr)
+{
+ char a[128], n[128];
+ uint16_t port;
+ addr_to_str(addr, addrlen, a, sizeof(a));
+ port = ntohs(((struct sockaddr_in*)addr)->sin_port);
+ if(acladdr) {
+ addr_to_str(&acladdr->node.addr, acladdr->node.addrlen,
+ n, sizeof(n));
+ verbose(VERB_ALGO, "%s query from %s port %d because of "
+ "%s/%d %s", action, a, (int)port, n, acladdr->node.net,
+ acl_access_to_str(acl));
+ } else {
+ verbose(VERB_ALGO, "%s query from %s port %d", action, a,
+ (int)port);
+ }
+}
diff --git a/contrib/unbound/daemon/acl_list.h b/contrib/unbound/daemon/acl_list.h
index 3a3b94bc5879..c09e832a1def 100644
--- a/contrib/unbound/daemon/acl_list.h
+++ b/contrib/unbound/daemon/acl_list.h
@@ -154,4 +154,15 @@ acl_addr_lookup(struct acl_list* acl, struct sockaddr_storage* addr,
*/
size_t acl_list_get_mem(struct acl_list* acl);
+/*
+ * Get string for acl access specification
+ * @param acl: access type value
+ * @return string
+ */
+const char* acl_access_to_str(enum acl_access acl);
+
+/* log acl and addr for action */
+void log_acl_action(const char* action, struct sockaddr_storage* addr,
+ socklen_t addrlen, enum acl_access acl, struct acl_addr* acladdr);
+
#endif /* DAEMON_ACL_LIST_H */
diff --git a/contrib/unbound/daemon/cachedump.c b/contrib/unbound/daemon/cachedump.c
index b1ce53b596b6..b929f909bab2 100644
--- a/contrib/unbound/daemon/cachedump.c
+++ b/contrib/unbound/daemon/cachedump.c
@@ -47,10 +47,12 @@
#include "services/cache/rrset.h"
#include "services/cache/dns.h"
#include "services/cache/infra.h"
+#include "services/outside_network.h"
#include "util/data/msgreply.h"
#include "util/regional.h"
#include "util/net_help.h"
#include "util/data/dname.h"
+#include "util/config_file.h"
#include "iterator/iterator.h"
#include "iterator/iter_delegpt.h"
#include "iterator/iter_utils.h"
@@ -854,7 +856,9 @@ int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
"cache; goes to configured roots\n");
}
/* go up? */
- if(iter_dp_is_useless(&qinfo, BIT_RD, dp)) {
+ if(iter_dp_is_useless(&qinfo, BIT_RD, dp,
+ (worker->env.cfg->do_ip4 && worker->back->num_ip4 != 0),
+ (worker->env.cfg->do_ip6 && worker->back->num_ip6 != 0))) {
print_dp_main(ssl, dp, msg);
print_dp_details(ssl, worker, dp);
if(!ssl_printf(ssl, "cache delegation was "
diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c
index 862affb24e9a..bf8c5d6b6763 100644
--- a/contrib/unbound/daemon/worker.c
+++ b/contrib/unbound/daemon/worker.c
@@ -98,7 +98,7 @@
/** ratelimit for error responses */
#define ERROR_RATELIMIT 100 /* qps */
-/**
+/**
* seconds to add to prefetch leeway. This is a TTL that expires old rrsets
* earlier than they should in order to put the new update into the cache.
* This additional value is to make sure that if not all TTLs are equal in
@@ -484,6 +484,12 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
msg->rep, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
worker->env.now_tv))
return 0;
+ /* TODO store the reason for the bogus reply in cache
+ * and implement in here instead of the hardcoded EDE */
+ if (worker->env.cfg->ede) {
+ EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
+ worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, "");
+ }
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
&msg->qinfo, id, flags, edns);
if(worker->stats.extended) {
@@ -553,7 +559,7 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo,
return 1;
if(!respip_rewrite_reply(qinfo, cinfo, rep, encode_repp, &actinfo,
- alias_rrset, 0, worker->scratchpad, az))
+ alias_rrset, 0, worker->scratchpad, az, NULL))
return 0;
/* xxx_deny actions mean dropping the reply, unless the original reply
@@ -654,6 +660,12 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
worker->env.now_tv))
goto bail_out;
+ /* TODO store the reason for the bogus reply in cache
+ * and implement in here instead of the hardcoded EDE */
+ if (worker->env.cfg->ede) {
+ EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
+ worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, "");
+ }
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
qinfo, id, flags, edns);
rrset_array_unlock_touch(worker->env.rrset_cache,
@@ -716,15 +728,25 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
if(!*partial_repp)
goto bail_out;
}
- } else if(!reply_info_answer_encode(qinfo, encode_rep, id, flags,
- repinfo->c->buffer, timenow, 1, worker->scratchpad,
- udpsize, edns, (int)(edns->bits & EDNS_DO), *is_secure_answer)) {
- if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL,
- LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
- worker->env.now_tv))
- edns->opt_list_inplace_cb_out = NULL;
- error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
- qinfo, id, flags, edns);
+ } else {
+ /* We don't check the global ede as this is a warning, not
+ * an error */
+ if (*is_expired_answer == 1 &&
+ worker->env.cfg->ede_serve_expired && worker->env.cfg->ede) {
+ EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
+ worker->scratchpad, LDNS_EDE_STALE_ANSWER, "");
+ }
+ if(!reply_info_answer_encode(qinfo, encode_rep, id, flags,
+ repinfo->c->buffer, timenow, 1, worker->scratchpad,
+ udpsize, edns, (int)(edns->bits & EDNS_DO),
+ *is_secure_answer)) {
+ if(!inplace_cb_reply_servfail_call(&worker->env, qinfo,
+ NULL, NULL, LDNS_RCODE_SERVFAIL, edns, repinfo,
+ worker->scratchpad, worker->env.now_tv))
+ edns->opt_list_inplace_cb_out = NULL;
+ error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
+ qinfo, id, flags, edns);
+ }
}
/* cannot send the reply right now, because blocking network syscall
* is bad while holding locks. */
@@ -741,10 +763,12 @@ bail_out:
/** Reply to client and perform prefetch to keep cache up to date. */
static void
-reply_and_prefetch(struct worker* worker, struct query_info* qinfo,
- uint16_t flags, struct comm_reply* repinfo, time_t leeway, int noreply)
+reply_and_prefetch(struct worker* worker, struct query_info* qinfo,
+ uint16_t flags, struct comm_reply* repinfo, time_t leeway, int noreply,
+ int rpz_passthru, struct edns_option* opt_list)
{
- /* first send answer to client to keep its latency
+ (void)opt_list;
+ /* first send answer to client to keep its latency
* as small as a cachereply */
if(!noreply) {
if(repinfo->c->tcp_req_info) {
@@ -755,13 +779,23 @@ reply_and_prefetch(struct worker* worker, struct query_info* qinfo,
comm_point_send_reply(repinfo);
}
server_stats_prefetch(&worker->stats, worker);
-
+#ifdef CLIENT_SUBNET
+ /* Check if the subnet module is enabled. In that case pass over the
+ * comm_reply information for ECS generation later. The mesh states are
+ * unique when subnet is enabled. */
+ if(modstack_find(&worker->env.mesh->mods, "subnetcache") != -1
+ && worker->env.unique_mesh) {
+ mesh_new_prefetch(worker->env.mesh, qinfo, flags, leeway +
+ PREFETCH_EXPIRY_ADD, rpz_passthru, repinfo, opt_list);
+ return;
+ }
+#endif
/* create the prefetch in the mesh as a normal lookup without
* client addrs waiting, which has the cache blacklisted (to bypass
* the cache and go to the network for the data). */
/* this (potentially) runs the mesh for the new query */
- mesh_new_prefetch(worker->env.mesh, qinfo, flags, leeway +
- PREFETCH_EXPIRY_ADD);
+ mesh_new_prefetch(worker->env.mesh, qinfo, flags, leeway +
+ PREFETCH_EXPIRY_ADD, rpz_passthru, NULL, NULL);
}
/**
@@ -1012,32 +1046,178 @@ answer_notify(struct worker* w, struct query_info* qinfo,
static int
deny_refuse(struct comm_point* c, enum acl_access acl,
enum acl_access deny, enum acl_access refuse,
- struct worker* worker, struct comm_reply* repinfo)
+ struct worker* worker, struct comm_reply* repinfo,
+ struct acl_addr* acladdr, int ede)
{
if(acl == deny) {
+ if(verbosity >= VERB_ALGO) {
+ log_acl_action("dropped", &repinfo->addr,
+ repinfo->addrlen, acl, acladdr);
+ log_buf(VERB_ALGO, "dropped", c->buffer);
+ }
comm_point_drop_reply(repinfo);
if(worker->stats.extended)
worker->stats.unwanted_queries++;
return 0;
} else if(acl == refuse) {
- log_addr(VERB_ALGO, "refused query from",
- &repinfo->addr, repinfo->addrlen);
- log_buf(VERB_ALGO, "refuse", c->buffer);
+ size_t opt_rr_mark;
+
+ if(verbosity >= VERB_ALGO) {
+ log_acl_action("refused", &repinfo->addr,
+ repinfo->addrlen, acl, acladdr);
+ log_buf(VERB_ALGO, "refuse", c->buffer);
+ }
+
if(worker->stats.extended)
worker->stats.unwanted_queries++;
if(worker_check_request(c->buffer, worker) == -1) {
comm_point_drop_reply(repinfo);
return 0; /* discard this */
}
- sldns_buffer_set_limit(c->buffer, LDNS_HEADER_SIZE);
- sldns_buffer_write_at(c->buffer, 4,
- (uint8_t*)"\0\0\0\0\0\0\0\0", 8);
+ /* worker_check_request() above guarantees that the buffer contains at
+ * least a header and that qdcount == 1
+ */
*** 7450 LINES SKIPPED ***