git: c189b94f8a22 - releng/14.0 - unbound: Vendor import 1.19.1
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 28 Mar 2024 05:06:26 UTC
The branch releng/14.0 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=c189b94f8a22883b086e1908917d97bc79c2b879 commit c189b94f8a22883b086e1908917d97bc79c2b879 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2023-09-19 04:17:09 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2024-03-28 04:59:50 +0000 unbound: Vendor import 1.19.1 Release notes at https://www.nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ Security: CVE-2023-50387, CVE-2023-50868 Security: FreeBSD-SA-24:03.unbound Approved by: so (cherry picked from commit 8f76bb7dad48538c6832c2fb466a433d2a3f8cd5) (cherry picked from commit 1b5982339ced0f39ef588a07a3e960954e87c65e) (cherry picked from commit 948e11aaf420cd7d493cc2e118cacc06d18653fe) (cherry picked from commit 9afc0c849e6e0436351fbdaf6157d1c822793d80) (cherry picked from commit 6e71235e558ef579605e7f35b02f983b9a246a4a) (cherry picked from commit 8a9416b18f8a894c4bb0c3a284746d5e0bc81152) (cherry picked from commit 103ba509e72e3949d22485666949e9705d4af8cd) (cherry picked from commit 4631a5104763c01123dad62546b1325cb16bf44c) (cherry picked from commit 5aab39b24ce7437265b94461ffdd9b12c0723658) (cherry picked from commit a118088ff3741023c24caeff1a4fff7b660817fd) (cherry picked from commit 67267734315c6a48db31697f0a0669fa1f985969) (cherry picked from commit 1318715277325a508ad5b76c8cd9c17c8146693b) (cherry picked from commit b76ef9a7cb8a7c62d10ae8101f41014f34819174) (cherry picked from commit e2b44c401cc2a59da8c4c0515c6bcb533d09cc73) --- contrib/unbound/Makefile.in | 47 +- contrib/unbound/README.md | 8 +- contrib/unbound/acx_nlnetlabs.m4 | 36 +- contrib/unbound/acx_python.m4 | 61 +- contrib/unbound/cachedb/cachedb.c | 68 +- contrib/unbound/cachedb/redis.c | 96 ++- contrib/unbound/compat/getentropy_solaris.c | 2 +- contrib/unbound/config.guess | 62 +- contrib/unbound/config.h.in | 25 +- contrib/unbound/config.sub | 232 +++--- contrib/unbound/configure | 777 ++++++++------------- contrib/unbound/configure.ac | 111 +-- contrib/unbound/contrib/Dockerfile.tests | 4 +- contrib/unbound/contrib/README | 3 + contrib/unbound/contrib/aaaa-filter-iterator.patch | 4 +- contrib/unbound/contrib/unbound.init_yocto | 139 ++++ contrib/unbound/daemon/acl_list.c | 2 + contrib/unbound/daemon/acl_list.h | 8 +- contrib/unbound/daemon/cachedump.c | 28 +- contrib/unbound/daemon/remote.c | 271 ++++--- contrib/unbound/daemon/remote.h | 2 +- contrib/unbound/daemon/stats.c | 53 +- contrib/unbound/daemon/stats.h | 7 + contrib/unbound/daemon/worker.c | 479 ++++++++----- contrib/unbound/dns64/dns64.c | 103 +-- contrib/unbound/dnstap/dnstap.c | 7 +- contrib/unbound/dnstap/dnstap.h | 4 +- contrib/unbound/dnstap/dnstap.m4 | 2 +- contrib/unbound/dnstap/dtstream.c | 8 +- contrib/unbound/dnstap/unbound-dnstap-socket.c | 47 +- contrib/unbound/doc/Changelog | 475 ++++++++++++- contrib/unbound/doc/README | 2 +- contrib/unbound/doc/README.DNS64 | 20 + contrib/unbound/doc/example.conf.in | 41 +- contrib/unbound/doc/libunbound.3.in | 4 +- contrib/unbound/doc/unbound-anchor.8.in | 2 +- contrib/unbound/doc/unbound-checkconf.8.in | 2 +- contrib/unbound/doc/unbound-control.8.in | 58 +- contrib/unbound/doc/unbound-host.1.in | 2 +- contrib/unbound/doc/unbound.8.in | 4 +- contrib/unbound/doc/unbound.conf.5.in | 177 ++++- contrib/unbound/dynlibmod/dynlibmod.c | 3 +- contrib/unbound/edns-subnet/subnetmod.c | 57 +- contrib/unbound/edns-subnet/subnetmod.h | 7 + contrib/unbound/ipset/ipset.c | 4 +- contrib/unbound/iterator/iter_delegpt.c | 39 ++ contrib/unbound/iterator/iter_delegpt.h | 25 + contrib/unbound/iterator/iter_priv.c | 26 +- contrib/unbound/iterator/iter_resptype.c | 20 +- contrib/unbound/iterator/iter_resptype.h | 4 +- contrib/unbound/iterator/iter_scrub.c | 110 ++- contrib/unbound/iterator/iter_scrub.h | 5 +- contrib/unbound/iterator/iter_utils.c | 43 +- contrib/unbound/iterator/iter_utils.h | 7 +- contrib/unbound/iterator/iterator.c | 331 ++++++--- contrib/unbound/iterator/iterator.h | 30 +- contrib/unbound/libunbound/libworker.c | 20 +- contrib/unbound/libunbound/unbound-event.h | 6 +- contrib/unbound/libunbound/unbound.h | 116 +-- contrib/unbound/services/authzone.c | 24 +- contrib/unbound/services/cache/dns.c | 72 +- contrib/unbound/services/cache/dns.h | 9 + contrib/unbound/services/cache/infra.c | 75 +- contrib/unbound/services/cache/infra.h | 5 +- contrib/unbound/services/listen_dnsport.c | 161 +++-- contrib/unbound/services/localzone.c | 20 +- contrib/unbound/services/localzone.h | 2 + contrib/unbound/services/mesh.c | 394 +++++------ contrib/unbound/services/mesh.h | 14 +- contrib/unbound/services/modstack.c | 10 +- contrib/unbound/services/outside_network.c | 28 + contrib/unbound/services/rpz.c | 240 ++++++- contrib/unbound/services/rpz.h | 16 +- contrib/unbound/sldns/rrdef.c | 12 +- contrib/unbound/sldns/rrdef.h | 7 +- contrib/unbound/sldns/str2wire.c | 115 +-- contrib/unbound/sldns/str2wire.h | 4 +- contrib/unbound/sldns/wire2str.c | 101 ++- contrib/unbound/sldns/wire2str.h | 13 + contrib/unbound/smallapp/unbound-anchor.c | 3 +- contrib/unbound/smallapp/unbound-checkconf.c | 19 +- contrib/unbound/smallapp/unbound-control.c | 54 +- contrib/unbound/smallapp/unbound-host.c | 5 +- contrib/unbound/testdata/00-lint.tdir/00-lint.pre | 14 + contrib/unbound/testdata/cachedb_cached_ede.crpl | 91 +++ .../cachedb_no_store.tdir/cachedb_no_store.conf | 29 + .../cachedb_no_store.tdir/cachedb_no_store.dsc | 16 + .../cachedb_no_store.tdir/cachedb_no_store.post | 20 + .../cachedb_no_store.tdir/cachedb_no_store.pre | 36 + .../cachedb_no_store.servfail.testns | 8 + .../cachedb_no_store.tdir/cachedb_no_store.test | 132 ++++ .../cachedb_no_store.tdir/cachedb_no_store.testns | 9 + contrib/unbound/testdata/disable_edns_do.rpl | 164 +++++ .../unbound/testdata/edns_downstream_cookies.rpl | 235 +++++++ .../testdata/ip_ratelimit.tdir/ip_ratelimit.conf | 28 + .../testdata/ip_ratelimit.tdir/ip_ratelimit.dsc | 16 + .../testdata/ip_ratelimit.tdir/ip_ratelimit.post | 13 + .../testdata/ip_ratelimit.tdir/ip_ratelimit.pre | 24 + .../testdata/ip_ratelimit.tdir/ip_ratelimit.test | 165 +++++ .../testdata/ip_ratelimit.tdir/unbound_control.key | 39 ++ .../testdata/ip_ratelimit.tdir/unbound_control.pem | 22 + .../testdata/ip_ratelimit.tdir/unbound_server.key | 39 ++ .../testdata/ip_ratelimit.tdir/unbound_server.pem | 22 + .../unbound/testdata/iter_cname_minimise_nx.rpl | 246 +++++++ contrib/unbound/testdata/iter_failreply.rpl | 132 ++++ contrib/unbound/testdata/iter_ignore_empty.rpl | 248 +++++++ contrib/unbound/testdata/iter_nat64.rpl | 117 ++++ contrib/unbound/testdata/iter_nat64_prefix.rpl | 119 ++++ contrib/unbound/testdata/iter_nat64_prefix48.rpl | 118 ++++ contrib/unbound/testdata/iter_scrub_rr_length.rpl | 298 ++++++++ .../testdata/root_zonemd.tdir/root_zonemd.conf | 34 + .../testdata/root_zonemd.tdir/root_zonemd.dsc | 16 + .../testdata/root_zonemd.tdir/root_zonemd.post | 14 + .../testdata/root_zonemd.tdir/root_zonemd.pre | 50 ++ .../testdata/root_zonemd.tdir/root_zonemd.test | 51 ++ .../testdata/root_zonemd.tdir/root_zonemd.testns | 9 + contrib/unbound/testdata/rpz_cached_cname.rpl | 122 ++++ .../unbound/testdata/serve_expired_0ttl_nodata.rpl | 154 ++++ .../testdata/serve_expired_0ttl_nxdomain.rpl | 154 ++++ .../testdata/serve_expired_0ttl_servfail.rpl | 129 ++++ .../serve_expired_cached_servfail_refresh.rpl | 145 ++++ .../stat_values.tdir/stat_values_cachedb.conf | 36 + .../stat_values_downstream_cookies.conf | 32 + contrib/unbound/testdata/subnet_cached_ede.crpl | 114 +++ .../unbound/testdata/subnet_global_prefetch.crpl | 236 +++++++ .../subnet_global_prefetch_always_forward.crpl | 167 +++++ .../testdata/subnet_global_prefetch_expired.crpl | 241 +++++++ contrib/unbound/testdata/subnet_prezero.crpl | 155 ++++ contrib/unbound/testdata/val_any_negcache.rpl | 243 +++++++ contrib/unbound/testdata/val_scrub_rr_length.rpl | 164 +++++ contrib/unbound/util/config_file.c | 163 +++-- contrib/unbound/util/config_file.h | 71 +- contrib/unbound/util/configlexer.lex | 18 +- contrib/unbound/util/configparser.y | 187 ++++- contrib/unbound/util/data/msgencode.c | 150 +++- contrib/unbound/util/data/msgencode.h | 42 +- contrib/unbound/util/data/msgparse.c | 123 +++- contrib/unbound/util/data/msgparse.h | 36 +- contrib/unbound/util/data/msgreply.c | 95 ++- contrib/unbound/util/data/msgreply.h | 30 +- contrib/unbound/util/edns.c | 59 ++ contrib/unbound/util/edns.h | 59 ++ contrib/unbound/util/fptr_wlist.c | 11 + contrib/unbound/util/iana_ports.inc | 4 + contrib/unbound/util/log.c | 2 +- contrib/unbound/util/module.c | 34 +- contrib/unbound/util/module.h | 24 +- contrib/unbound/util/net_help.c | 176 ++++- contrib/unbound/util/net_help.h | 41 ++ contrib/unbound/util/netevent.c | 425 +++++++---- contrib/unbound/util/netevent.h | 70 +- contrib/unbound/util/proxy_protocol.c | 162 +++-- contrib/unbound/util/proxy_protocol.h | 66 +- contrib/unbound/util/regional.c | 2 +- contrib/unbound/util/rfc_1982.c | 75 ++ contrib/unbound/util/rfc_1982.h | 63 ++ contrib/unbound/util/siphash.c | 192 +++++ contrib/unbound/util/siphash.h | 43 ++ contrib/unbound/util/storage/lruhash.c | 25 +- contrib/unbound/util/storage/lruhash.h | 5 +- contrib/unbound/util/storage/slabhash.c | 18 + contrib/unbound/util/storage/slabhash.h | 9 + contrib/unbound/util/timehist.c | 44 +- contrib/unbound/util/timeval_func.c | 113 +++ contrib/unbound/util/timeval_func.h | 53 ++ contrib/unbound/validator/autotrust.c | 2 + contrib/unbound/validator/val_anchor.c | 21 + contrib/unbound/validator/val_anchor.h | 8 + contrib/unbound/validator/val_kcache.c | 10 +- contrib/unbound/validator/val_kcache.h | 4 +- contrib/unbound/validator/val_kentry.c | 48 +- contrib/unbound/validator/val_kentry.h | 37 +- contrib/unbound/validator/val_neg.c | 7 +- contrib/unbound/validator/val_nsec.c | 20 +- contrib/unbound/validator/val_nsec.h | 5 +- contrib/unbound/validator/val_nsec3.c | 316 +++++++-- contrib/unbound/validator/val_nsec3.h | 60 +- contrib/unbound/validator/val_sigcrypt.c | 80 +-- contrib/unbound/validator/val_sigcrypt.h | 3 +- contrib/unbound/validator/val_utils.c | 41 +- contrib/unbound/validator/val_utils.h | 4 +- contrib/unbound/validator/validator.c | 645 +++++++++++++---- contrib/unbound/validator/validator.h | 18 + lib/libunbound/Makefile | 6 +- lib/libunbound/config.h | 6 +- 185 files changed, 11832 insertions(+), 2604 deletions(-) diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in index bc021aa1eb00..22fb75c123bd 100644 --- a/contrib/unbound/Makefile.in +++ b/contrib/unbound/Makefile.in @@ -122,15 +122,15 @@ iterator/iter_delegpt.c iterator/iter_donotq.c iterator/iter_fwd.c \ iterator/iter_hints.c iterator/iter_priv.c iterator/iter_resptype.c \ iterator/iter_scrub.c iterator/iter_utils.c services/listen_dnsport.c \ services/localzone.c services/mesh.c services/modstack.c services/view.c \ -services/rpz.c \ +services/rpz.c util/rfc_1982.c \ services/outbound_list.c services/outside_network.c util/alloc.c \ util/config_file.c util/configlexer.c util/configparser.c \ util/shm_side/shm_main.c services/authzone.c \ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \ util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \ -util/rtt.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \ +util/rtt.c util/siphash.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \ util/storage/lruhash.c util/storage/slabhash.c util/tcp_conn_limit.c \ -util/timehist.c util/tube.c util/proxy_protocol.c \ +util/timehist.c util/tube.c util/proxy_protocol.c util/timeval_func.c \ util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \ validator/autotrust.c validator/val_anchor.c validator/validator.c \ validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \ @@ -145,14 +145,14 @@ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo view.lo \ outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \ -fptr_wlist.lo edns.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \ +fptr_wlist.lo siphash.lo edns.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \ random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \ slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \ -autotrust.lo val_anchor.lo rpz.lo proxy_protocol.lo \ +autotrust.lo val_anchor.lo rpz.lo rfc_1982.lo proxy_protocol.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ -$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo +$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo timeval_func.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo @@ -198,7 +198,7 @@ CHECKCONF_OBJ=unbound-checkconf.lo worker_cb.lo CHECKCONF_OBJ_LINK=$(CHECKCONF_OBJ) $(COMMON_OBJ_ALL_SYMBOLS) $(SLDNS_OBJ) \ $(COMPAT_OBJ) @WIN_CHECKCONF_OBJ_LINK@ CONTROL_SRC=smallapp/unbound-control.c -CONTROL_OBJ=unbound-control.lo +CONTROL_OBJ=unbound-control.lo CONTROL_OBJ_LINK=$(CONTROL_OBJ) worker_cb.lo $(COMMON_OBJ_ALL_SYMBOLS) \ $(SLDNS_OBJ) $(COMPAT_OBJ) @WIN_CONTROL_OBJ_LINK@ HOST_SRC=smallapp/unbound-host.c @@ -455,6 +455,7 @@ unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnsta dynlibmod.lo dynlibdmod.o: $(srcdir)/dynlibmod/dynlibmod.c config.h $(srcdir)/dynlibmod/dynlibmod.h cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h +timeval_func.lo timeval_func.o: $(srcdir)/util/timeval_func.c $(srcdir)/util/timeval_func.h # dnscrypt dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ @@ -498,6 +499,7 @@ util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h echo "#include \"util/configyyrename.h\"" >> $@ ;\ $(LEX) -t $(srcdir)/util/configlexer.lex >> $@ ;\ fi + @if test ! -f $@; then echo "No $@ : need flex and bison to compile from source repository"; exit 1; fi util/configparser.c util/configparser.h: $(srcdir)/util/configparser.y @-if test ! -d util; then $(INSTALL) -d util; fi @@ -516,7 +518,7 @@ distclean: clean rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5 doc/unbound-host.1 rm -f smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service rm -f $(TEST_BIN) - rm -f Makefile + rm -f Makefile maintainer-clean: distclean rm -f util/configlexer.c util/configparser.c util/configparser.h @@ -649,7 +651,7 @@ uninstall: $(PYTHONMOD_UNINSTALL) $(PYUNBOUND_UNINSTALL) $(UNBOUND_EVENT_UNINSTA iana_update: curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed - if file port-numbers.tmp | grep 'gzip' >/dev/null; then zcat port-numbers.tmp; else cat port-numbers.tmp; fi | awk '/<record>/ {p=0;} /<protocol>udp/ {p=1;} /<protocol>[^u]/ {p=0;} /Decomissioned|Decommissioned|Removed|De-registered|unassigned|Unassigned|Reserved/ {u=1;} /<number>/ { if(u==1) {u=0;} else { if(p==1) { match($$0,/[0-9]+/); print substr($$0, RSTART, RLENGTH) ","}}}' | sort -nu > util/iana_ports.inc + if file port-numbers.tmp | grep 'gzip' >/dev/null; then zcat port-numbers.tmp; else cat port-numbers.tmp; fi | awk '/<record>/ {p=0;} /<protocol>udp/ {p=1;} /<protocol>[^u]/ {p=0;} /Decomissioned|Decommissioned|Removed|De-registered|unassigned|Unassigned|Reserved/ {u=1;} /<number>/ { if(u==1) {u=0;} else { if(p==1) { match($$0,/[0-9]+/); print substr($$0, RSTART, RLENGTH) ","}}}' | sort -nu > util/iana_ports.inc rm -f port-numbers.tmp # dependency generation @@ -736,7 +738,7 @@ msgencode.lo msgencode.o: $(srcdir)/util/data/msgencode.c config.h $(srcdir)/uti msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ @@ -791,7 +793,7 @@ iter_priv.lo iter_priv.o: $(srcdir)/iterator/iter_priv.c config.h $(srcdir)/iter $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h iter_resptype.lo iter_resptype.o: $(srcdir)/iterator/iter_resptype.c config.h \ - $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ + $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iterator.h $(srcdir)/util/log.h \ $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/dname.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h @@ -877,7 +879,7 @@ rpz.lo rpz.o: $(srcdir)/services/rpz.c config.h $(srcdir)/services/rpz.h $(srcdi outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - + outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h \ @@ -915,7 +917,8 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/rrdef.h shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ @@ -928,7 +931,7 @@ shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/ut $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h + $(srcdir)/util/tube.h $(srcdir)/util/timeval_func.h authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ @@ -983,7 +986,7 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/timeval_func.h proxy_protocol.lo proxy_protocol.o: $(srcdir)/util/proxy_protocol.c config.h \ $(srcdir)/util/proxy_protocol.h $(srcdir)/sldns/sbuffer.h net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ @@ -1006,6 +1009,8 @@ rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/itera $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h +siphash.lo siphash.o: $(srcdir)/util/siphash.c +rfc_1982.lo rfc_1982.o: $(srcdir)/util/rfc_1982.c edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/regional.h \ @@ -1186,7 +1191,7 @@ unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/r $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/random.h $(srcdir)/respip/respip.h \ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/services/outside_network.h + $(srcdir)/services/outside_network.h unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ @@ -1321,7 +1326,7 @@ unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/timeval_func.h \ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ @@ -1343,7 +1348,7 @@ testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/test $(srcdir)/daemon/remote.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \ - $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/timeval_func.h $(srcdir)/services/modstack.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ @@ -1357,7 +1362,7 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/timeval_func.h \ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ @@ -1409,7 +1414,7 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ + $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h $(srcdir)/util/timeval_func.h \ $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -1417,7 +1422,7 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h $(srcdir)/util/timeval_func.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ diff --git a/contrib/unbound/README.md b/contrib/unbound/README.md index c3d9bc2492ef..3bbd38b3b78b 100644 --- a/contrib/unbound/README.md +++ b/contrib/unbound/README.md @@ -1,6 +1,6 @@ # Unbound -[![Travis Build Status](https://travis-ci.org/NLnetLabs/unbound.svg?branch=master)](https://travis-ci.org/NLnetLabs/unbound) +[![Github Build Status](https://github.com/NLnetLabs/unbound/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/NLnetLabs/unbound/actions) [![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions) [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound) [![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest) @@ -17,7 +17,9 @@ You can learn more about Unbound by reading our ## Compiling Make sure you have the C toolchain, OpenSSL and its include files, and libexpat -installed. Unbound can be compiled and installed using: +installed. +If building from the repository source you also need flex and bison installed. +Unbound can be compiled and installed using: ``` ./configure && make && make install @@ -27,7 +29,7 @@ You can use libevent if you want. libevent is useful when using many (10000) outgoing ports. By default max 256 ports are opened at the same time and the builtin alternative is equally capable and a little faster. -Use the `--with-libevent=dir` configure option to compile Unbound with libevent +Use the `--with-libevent` configure option to compile Unbound with libevent support. ## Unbound configuration diff --git a/contrib/unbound/acx_nlnetlabs.m4 b/contrib/unbound/acx_nlnetlabs.m4 index cf436ec54bb6..f27615bd8bce 100644 --- a/contrib/unbound/acx_nlnetlabs.m4 +++ b/contrib/unbound/acx_nlnetlabs.m4 @@ -2,7 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 44 +# Version 46 +# 2023-05-04 fix to remove unused whitespace. +# 2023-01-26 fix -Wstrict-prototypes. # 2022-09-01 fix checking if nonblocking sockets work on OpenBSD. # 2021-08-17 fix sed script in ssldir split handling. # 2021-08-17 fix for openssl to detect split version, with ssldir_include @@ -187,7 +189,7 @@ dnl cache=`echo $1 | sed 'y%.=/+- %___p__%'` AC_CACHE_VAL(cv_prog_cc_flag_needed_$cache, [ echo '$2' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -233,7 +235,7 @@ dnl DEPFLAG: set to flag that generates dependencies. AC_DEFUN([ACX_DEPFLAG], [ AC_MSG_CHECKING([$CC dependency flag]) -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then DEPFLAG="-MM" else @@ -272,7 +274,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAUL #include <getopt.h> #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -309,7 +311,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAUL #include <getopt.h> #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -335,7 +337,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG, [ #include <stdbool.h> #include <ctype.h> -int test() { +int test(void) { int a = 0; return a; } @@ -345,7 +347,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE -D_DEFAULT_SOURCE, [ #include <ctype.h> -int test() { +int test(void) { int a; a = isascii(32); return a; @@ -356,7 +358,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE, [ #include <netinet/in.h> -int test() { +int test(void) { struct in6_pktinfo inf; int a = (int)sizeof(inf); return a; @@ -370,7 +372,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE -D_FRSRESGID, [ #include <unistd.h> -int test() { +int test(void) { int a = setresgid(0,0,0); a = setresuid(0,0,0); return a; @@ -385,7 +387,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_POSIX_C_SOURCE=200112, #endif #include <netdb.h> -int test() { +int test(void) { int a = 0; char *t; time_t time = 0; @@ -413,7 +415,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D__EXTENSIONS__, #include <getopt.h> #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -475,7 +477,7 @@ fi dnl Setup ATTR_FORMAT config.h parts. dnl make sure you call ACX_CHECK_FORMAT_ATTRIBUTE also. AC_DEFUN([AHX_CONFIG_FORMAT_ATTRIBUTE], -[ +[ #ifdef HAVE_ATTR_FORMAT # define ATTR_FORMAT(archetype, string_index, first_to_check) \ __attribute__ ((format (archetype, string_index, first_to_check))) @@ -834,7 +836,7 @@ dnl try to see if an additional _LARGEFILE_SOURCE 1 is needed to get fseeko ACX_CHECK_COMPILER_FLAG_NEEDED(-D_LARGEFILE_SOURCE=1, [ #include <stdio.h> -int test() { +int test(void) { int a = fseeko(stdin, 0, 0); return a; } @@ -859,7 +861,7 @@ char* (*f) () = getaddrinfo; #ifdef __cplusplus } #endif -int main() { +int main(void) { ; return 0; } @@ -923,7 +925,7 @@ cache=`echo $1 | sed 'y%.=/+-%___p_%'` AC_CACHE_VAL(cv_cc_deprecated_$cache, [ echo '$3' >conftest.c -echo 'void f(){ $2 }' >>conftest.c +echo 'void f(void){ $2 }' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then eval "cv_cc_deprecated_$cache=no" else @@ -1317,7 +1319,7 @@ AC_DEFUN([AHX_CONFIG_W32_FD_SET_T], #ifdef HAVE_WINSOCK2_H #define FD_SET_T (u_int) #else -#define FD_SET_T +#define FD_SET_T #endif ]) @@ -1355,7 +1357,7 @@ dnl $3: define value, 1 AC_DEFUN([AHX_CONFIG_FLAG_OMITTED], [#if defined($1) && !defined($2) #define $2 $3 -[#]endif ]) +[#]endif]) dnl Wrapper for AHX_CONFIG_FLAG_OMITTED for -D style flags dnl $1: the -DNAME or -DNAME=value string. diff --git a/contrib/unbound/acx_python.m4 b/contrib/unbound/acx_python.m4 index 16c0c6fd943f..c945d6c8989e 100644 --- a/contrib/unbound/acx_python.m4 +++ b/contrib/unbound/acx_python.m4 @@ -17,33 +17,62 @@ AC_DEFUN([AC_PYTHON_DEVEL],[ PYTHON_VERSION=`$PYTHON -c "import sys; \ print(sys.version.split()[[0]])"` fi + # calculate the version number components. + [ + v="$PYTHON_VERSION" + PYTHON_VERSION_MAJOR=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_MAJOR"; then PYTHON_VERSION_MAJOR="0"; fi + v=`echo $v | sed -e 's/^[0-9]*$//' -e 's/[0-9]*[^0-9]//'` + PYTHON_VERSION_MINOR=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_MINOR"; then PYTHON_VERSION_MINOR="0"; fi + v=`echo $v | sed -e 's/^[0-9]*$//' -e 's/[0-9]*[^0-9]//'` + PYTHON_VERSION_PATCH=`echo $v | sed 's/[^0-9].*//'` + if test -z "$PYTHON_VERSION_PATCH"; then PYTHON_VERSION_PATCH="0"; fi + ] - # Check if you have sysconfig - AC_MSG_CHECKING([for the sysconfig Python module]) - if ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`; then + # For some systems, sysconfig exists, but has the wrong paths, + # on Debian 10, for python 2.7 and 3.7. So, we check the version, + # and for older versions try distutils.sysconfig first. For newer + # versions>=3.10, where distutils.sysconfig is deprecated, use + # sysconfig first and then attempt the other one. + py_distutils_first="no" + if test $PYTHON_VERSION_MAJOR -lt 3; then + py_distutils_first="yes" + fi + if test $PYTHON_VERSION_MAJOR -eq 3 -a $PYTHON_VERSION_MINOR -lt 10; then + py_distutils_first="yes" + fi + + # Check if you have the first module + if test "$py_distutils_first" = "yes"; then m="distutils"; else m="sysconfig"; fi + sysconfig_module="" + AC_MSG_CHECKING([for the $m Python module]) + if ac_modulecheck_result1=`$PYTHON -c "import $m" 2>&1`; then AC_MSG_RESULT([yes]) - sysconfig_module="sysconfig" - # if yes, use sysconfig, because distutils is deprecated. + sysconfig_module="$m" else AC_MSG_RESULT([no]) - # if no, try to use distutils + fi - # - # Check if you have distutils, else fail - # - AC_MSG_CHECKING([for the distutils Python package]) - if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then + # if not found, try the other one. + if test -z "$sysconfig_module"; then + if test "$py_distutils_first" = "yes"; then m2="sysconfig"; else m2="distutils"; fi + AC_MSG_CHECKING([for the $m2 Python module]) + if ac_modulecheck_result2=`$PYTHON -c "import $m2" 2>&1`; then AC_MSG_RESULT([yes]) + sysconfig_module="$m2" else AC_MSG_RESULT([no]) - AC_MSG_ERROR([cannot import Python module "distutils". - Please check your Python installation. The error was: - $ac_distutils_result]) + AC_MSG_ERROR([cannot import Python module "$m", or "$m2". + Please check your Python installation. The errors are: + $m + $ac_modulecheck_result1 + $m2 + $ac_modulecheck_result2]) PYTHON_VERSION="" fi - - sysconfig_module="distutils.sysconfig" fi + if test "$sysconfig_module" = "distutils"; then sysconfig_module="distutils.sysconfig"; fi # # Check for Python include path diff --git a/contrib/unbound/cachedb/cachedb.c b/contrib/unbound/cachedb/cachedb.c index 245daa986967..b912be8ed54f 100644 --- a/contrib/unbound/cachedb/cachedb.c +++ b/contrib/unbound/cachedb/cachedb.c @@ -102,7 +102,6 @@ static int testframe_init(struct module_env* env, struct cachedb_env* cachedb_env) { struct testframe_moddata* d; - (void)env; verbose(VERB_ALGO, "testframe_init"); d = (struct testframe_moddata*)calloc(1, sizeof(struct testframe_moddata)); @@ -111,6 +110,15 @@ testframe_init(struct module_env* env, struct cachedb_env* cachedb_env) log_err("out of memory"); return 0; } + /* Register an EDNS option (65534) to bypass the worker cache lookup + * for testing */ + if(!edns_register_option(LDNS_EDNS_UNBOUND_CACHEDB_TESTFRAME_TEST, + 1 /* bypass cache */, + 0 /* no aggregation */, env)) { + log_err("testframe_init, could not register test opcode"); + free(d); + return 0; + } lock_basic_init(&d->lock); lock_protect(&d->lock, d, sizeof(*d)); return 1; @@ -218,6 +226,8 @@ static int cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg) { const char* backend_str = cfg->cachedb_backend; + if(!backend_str || *backend_str==0) + return 1; cachedb_env->backend = cachedb_find_backend(backend_str); if(!cachedb_env->backend) { log_err("cachedb: cannot find backend name '%s'", backend_str); @@ -228,7 +238,7 @@ cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg) return 1; } -int +int cachedb_init(struct module_env* env, int id) { struct cachedb_env* cachedb_env = (struct cachedb_env*)calloc(1, @@ -255,11 +265,11 @@ cachedb_init(struct module_env* env, int id) return 0; } cachedb_env->enabled = 1; - if(env->cfg->serve_expired_reply_ttl) + if(env->cfg->serve_expired && env->cfg->serve_expired_reply_ttl) log_warn( "cachedb: serve-expired-reply-ttl is set but not working for data " - "originating from the external cache; 0 TLL is used for those."); - if(env->cfg->serve_expired_client_timeout) + "originating from the external cache; 0 TTL is used for those."); + if(env->cfg->serve_expired && env->cfg->serve_expired_client_timeout) log_warn( "cachedb: serve-expired-client-timeout is set but not working for " "data originating from the external cache; expired data are used " @@ -267,19 +277,16 @@ cachedb_init(struct module_env* env, int id) return 1; } -void +void cachedb_deinit(struct module_env* env, int id) { struct cachedb_env* cachedb_env; if(!env || !env->modinfo[id]) return; cachedb_env = (struct cachedb_env*)env->modinfo[id]; - /* free contents */ - /* TODO */ if(cachedb_env->enabled) { (*cachedb_env->backend->deinit)(env, cachedb_env); } - free(cachedb_env); env->modinfo[id] = NULL; } @@ -406,6 +413,14 @@ prep_data(struct module_qstate* qstate, struct sldns_buffer* buf) if(qstate->return_msg->rep->ttl == 0 && !qstate->env->cfg->serve_expired) return 0; + + /* The EDE is added to the out-list so it is encoded in the cached message */ + if (qstate->env->cfg->ede && qstate->return_msg->rep->reason_bogus != LDNS_EDE_NONE) { + edns_opt_list_append_ede(&edns.opt_list_out, qstate->env->scratch, + qstate->return_msg->rep->reason_bogus, + qstate->return_msg->rep->reason_bogus_str); + } + if(verbosity >= VERB_ALGO) log_dns_msg("cachedb encoding", &qstate->return_msg->qinfo, qstate->return_msg->rep); @@ -502,6 +517,7 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf) { struct msg_parse* prs; struct edns_data edns; + struct edns_option* ede; uint64_t timestamp, expiry; time_t adjust; size_t lim = sldns_buffer_limit(buf); @@ -539,6 +555,24 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf) if(!qstate->return_msg) return 0; + /* We find the EDE in the in-list after parsing */ + if(qstate->env->cfg->ede && + (ede = edns_opt_list_find(edns.opt_list_in, LDNS_EDNS_EDE))) { + if(ede->opt_len >= 2) { + qstate->return_msg->rep->reason_bogus = + sldns_read_uint16(ede->opt_data); + } + /* allocate space and store the error string and it's size */ + if(ede->opt_len > 2) { + size_t ede_len = ede->opt_len - 2; + qstate->return_msg->rep->reason_bogus_str = regional_alloc( + qstate->region, sizeof(char) * (ede_len+1)); + memcpy(qstate->return_msg->rep->reason_bogus_str, + ede->opt_data+2, ede_len); + qstate->return_msg->rep->reason_bogus_str[ede_len] = 0; + } + } + qstate->return_rcode = LDNS_RCODE_NOERROR; /* see how much of the TTL expired, and remove it */ @@ -630,11 +664,15 @@ cachedb_extcache_store(struct module_qstate* qstate, struct cachedb_env* ie) * See if unbound's internal cache can answer the query */ static int -cachedb_intcache_lookup(struct module_qstate* qstate) +cachedb_intcache_lookup(struct module_qstate* qstate, struct cachedb_env* cde) { uint8_t* dpname=NULL; size_t dpnamelen=0; struct dns_msg* msg; + /* for testframe bypass this lookup */ + if(cde->backend == &testframe_backend) { + return 0; + } if(iter_stub_fwd_no_cache(qstate, &qstate->qinfo, &dpname, &dpnamelen)) return 0; /* no cache for these queries */ @@ -693,6 +731,7 @@ cachedb_handle_query(struct module_qstate* qstate, struct cachedb_qstate* ATTR_UNUSED(iq), struct cachedb_env* ie, int id) { + qstate->is_cachedb_answer = 0; /* check if we are enabled, and skip if so */ if(!ie->enabled) { /* pass request to next module */ @@ -709,7 +748,7 @@ cachedb_handle_query(struct module_qstate* qstate, /* lookup inside unbound's internal cache. * This does not look for expired entries. */ - if(cachedb_intcache_lookup(qstate)) { + if(cachedb_intcache_lookup(qstate, ie)) { if(verbosity >= VERB_ALGO) { if(qstate->return_msg->rep) log_dns_msg("cachedb internal cache lookup", @@ -746,6 +785,7 @@ cachedb_handle_query(struct module_qstate* qstate, qstate->ext_state[id] = module_wait_module; return; } + qstate->is_cachedb_answer = 1; /* we are done with the query */ qstate->ext_state[id] = module_finished; return; @@ -768,12 +808,18 @@ static void cachedb_handle_response(struct module_qstate* qstate, struct cachedb_qstate* ATTR_UNUSED(iq), struct cachedb_env* ie, int id) { + qstate->is_cachedb_answer = 0; /* check if we are not enabled or instructed to not cache, and skip */ if(!ie->enabled || qstate->no_cache_store) { /* we are done with the query */ qstate->ext_state[id] = module_finished; return; } + if(qstate->env->cfg->cachedb_no_store) { + /* do not store the item in the external cache */ + qstate->ext_state[id] = module_finished; + return; + } /* store the item into the backend cache */ cachedb_extcache_store(qstate, ie); diff --git a/contrib/unbound/cachedb/redis.c b/contrib/unbound/cachedb/redis.c index 16c3741f786b..6cc975901df2 100644 --- a/contrib/unbound/cachedb/redis.c +++ b/contrib/unbound/cachedb/redis.c @@ -56,19 +56,43 @@ struct redis_moddata { int numctxs; /* number of ctx entries */ const char* server_host; /* server's IP address or host name */ int server_port; /* server's TCP port */ + const char* server_path; /* server's unix path, or "", NULL if unused */ + const char* server_password; /* server's AUTH password, or "", NULL if unused */ struct timeval timeout; /* timeout for connection setup and commands */ + int logical_db; /* the redis logical database to use */ }; static redisReply* redis_command(struct module_env*, struct cachedb_env*, const char*, const uint8_t*, size_t); +static void +moddata_clean(struct redis_moddata** moddata) { + if(!moddata || !*moddata) + return; + if((*moddata)->ctxs) { + int i; + for(i = 0; i < (*moddata)->numctxs; i++) { + if((*moddata)->ctxs[i]) + redisFree((*moddata)->ctxs[i]); + } + free((*moddata)->ctxs); + } + free(*moddata); + *moddata = NULL; +} + static redisContext* redis_connect(const struct redis_moddata* moddata) { redisContext* ctx; - ctx = redisConnectWithTimeout(moddata->server_host, - moddata->server_port, moddata->timeout); + if(moddata->server_path && moddata->server_path[0]!=0) { + ctx = redisConnectUnixWithTimeout(moddata->server_path, + moddata->timeout); + } else { + ctx = redisConnectWithTimeout(moddata->server_host, + moddata->server_port, moddata->timeout); + } if(!ctx || ctx->err) { const char *errstr = "out of memory"; if(ctx) @@ -80,9 +104,31 @@ redis_connect(const struct redis_moddata* moddata) log_err("failed to set redis timeout"); goto fail; } + if(moddata->server_password && moddata->server_password[0]!=0) { + redisReply* rep; + rep = redisCommand(ctx, "AUTH %s", moddata->server_password); + if(!rep || rep->type == REDIS_REPLY_ERROR) { + log_err("failed to authenticate with password"); + freeReplyObject(rep); + goto fail; + } + freeReplyObject(rep); + } + if(moddata->logical_db > 0) { + redisReply* rep; + rep = redisCommand(ctx, "SELECT %d", moddata->logical_db); + if(!rep || rep->type == REDIS_REPLY_ERROR) { + log_err("failed to set logical database (%d)", + moddata->logical_db); + freeReplyObject(rep); + goto fail; + } + freeReplyObject(rep); + } + verbose(VERB_OPS, "Connection to Redis established"); return ctx; - fail: +fail: if(ctx) redisFree(ctx); return NULL; @@ -94,28 +140,36 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env) int i; struct redis_moddata* moddata = NULL; - verbose(VERB_ALGO, "redis_init"); + verbose(VERB_OPS, "Redis initialization"); moddata = calloc(1, sizeof(struct redis_moddata)); if(!moddata) { log_err("out of memory"); - return 0; + goto fail; } moddata->numctxs = env->cfg->num_threads; moddata->ctxs = calloc(env->cfg->num_threads, sizeof(redisContext*)); *** 24570 LINES SKIPPED ***