git: d4ed4b457f2e - stable/12 - unbound: Vendor import 1.16.1
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 09 Aug 2022 13:31:53 UTC
The branch stable/12 has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=d4ed4b457f2e1252994b1400acbbf9403ab674ce
commit d4ed4b457f2e1252994b1400acbbf9403ab674ce
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-07-13 19:30:14 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-08-09 13:31:19 +0000
unbound: Vendor import 1.16.1
Merge commit 'd57351465531b38689892ec862de2725b52842dd' into unbound/main2
(cherry picked from commit 0a92a9fca737edafbad03ee5a8efebe302851cff)
---
contrib/unbound/Makefile.in | 12 +-
contrib/unbound/config.h.in | 4 +
contrib/unbound/configure | 109 ++++-
contrib/unbound/configure.ac | 11 +-
contrib/unbound/contrib/metrics.awk | 1 +
contrib/unbound/contrib/unbound_munin_ | 3 +-
contrib/unbound/daemon/daemon.c | 2 +-
contrib/unbound/daemon/remote.c | 2 +
contrib/unbound/daemon/stats.c | 2 +
contrib/unbound/daemon/worker.c | 24 +-
contrib/unbound/doc/Changelog | 80 ++-
contrib/unbound/doc/README | 2 +-
contrib/unbound/doc/example.conf.in | 6 +-
contrib/unbound/doc/libunbound.3.in | 4 +-
contrib/unbound/doc/unbound-anchor.8.in | 2 +-
contrib/unbound/doc/unbound-checkconf.8.in | 2 +-
contrib/unbound/doc/unbound-control.8.in | 6 +-
contrib/unbound/doc/unbound-host.1.in | 2 +-
contrib/unbound/doc/unbound.8.in | 6 +-
contrib/unbound/doc/unbound.conf.5.in | 10 +-
contrib/unbound/edns-subnet/subnetmod.c | 49 +-
contrib/unbound/edns-subnet/subnetmod.h | 5 +-
contrib/unbound/iterator/iter_delegpt.c | 21 +-
contrib/unbound/iterator/iter_delegpt.h | 3 +-
contrib/unbound/iterator/iter_utils.c | 6 +-
contrib/unbound/iterator/iterator.c | 204 ++++++--
contrib/unbound/iterator/iterator.h | 29 +-
contrib/unbound/libunbound/unbound.h | 2 +
contrib/unbound/services/authzone.c | 4 +-
contrib/unbound/services/mesh.c | 3 +-
contrib/unbound/services/outside_network.c | 12 +-
contrib/unbound/services/outside_network.h | 2 +
contrib/unbound/sldns/parse.c | 55 ++-
contrib/unbound/smallapp/unbound-control.c | 2 +
contrib/unbound/testcode/readzone.c | 158 ------
contrib/unbound/testcode/unittcpreuse.c | 236 ---------
contrib/unbound/testcode/unitzonemd.c | 537 ---------------------
contrib/unbound/testdata/auth_zonemd_anchor.rpl | 234 ---------
.../unbound/testdata/auth_zonemd_anchor_fail.rpl | 236 ---------
contrib/unbound/testdata/auth_zonemd_chain.rpl | 234 ---------
.../unbound/testdata/auth_zonemd_chain_fail.rpl | 236 ---------
contrib/unbound/testdata/auth_zonemd_file.rpl | 183 -------
contrib/unbound/testdata/auth_zonemd_file_fail.rpl | 185 -------
.../unbound/testdata/auth_zonemd_file_unknown.rpl | 184 -------
contrib/unbound/testdata/auth_zonemd_insecure.rpl | 215 ---------
.../testdata/auth_zonemd_insecure_absent.rpl | 217 ---------
.../auth_zonemd_insecure_absent_reject.rpl | 218 ---------
.../unbound/testdata/auth_zonemd_insecure_fail.rpl | 218 ---------
contrib/unbound/testdata/auth_zonemd_nokey.rpl | 212 --------
.../testdata/auth_zonemd_permissive_mode.rpl | 187 -------
contrib/unbound/testdata/auth_zonemd_xfr.rpl | 238 ---------
.../unbound/testdata/auth_zonemd_xfr_anchor.rpl | 285 -----------
.../testdata/auth_zonemd_xfr_anchor_fail.rpl | 266 ----------
contrib/unbound/testdata/auth_zonemd_xfr_chain.rpl | 310 ------------
.../testdata/auth_zonemd_xfr_chain_fail.rpl | 321 ------------
.../testdata/auth_zonemd_xfr_chain_keyinxfr.rpl | 315 ------------
contrib/unbound/testdata/auth_zonemd_xfr_fail.rpl | 241 ---------
contrib/unbound/testdata/ede.tdir/bogus/clean.sh | 1 -
.../testdata/ede.tdir/bogus/dnskey-failures.test | 10 -
.../testdata/ede.tdir/bogus/dnssec-failures.test | 15 -
.../testdata/ede.tdir/bogus/make-broken-zone.sh | 67 ---
.../testdata/ede.tdir/bogus/nsec-failures.test | 10 -
.../testdata/ede.tdir/bogus/rrsig-failures.test | 10 -
contrib/unbound/testdata/ede.tdir/ede-auth.conf | 27 --
contrib/unbound/testdata/ede.tdir/ede.conf | 49 --
contrib/unbound/testdata/ede.tdir/ede.dsc | 16 -
contrib/unbound/testdata/ede.tdir/ede.post | 10 -
contrib/unbound/testdata/ede.tdir/ede.pre | 37 --
contrib/unbound/testdata/ede.tdir/ede.test | 72 ---
contrib/unbound/testdata/ede_acl_refused.rpl | 35 --
.../unbound/testdata/ede_cache_snoop_noth_auth.rpl | 33 --
.../testdata/ede_localzone_dname_expansion.rpl | 37 --
.../testdata/edns_attached_once_per_upstream.rpl | 90 ----
contrib/unbound/testdata/fwd_error_retries.rpl | 27 --
.../fwd_udp_with_tcp_upstream.conf | 20 -
.../fwd_udp_with_tcp_upstream.dsc | 16 -
.../fwd_udp_with_tcp_upstream.post | 10 -
.../fwd_udp_with_tcp_upstream.pre | 31 --
.../fwd_udp_with_tcp_upstream.test | 35 --
.../fwd_udp_with_tcp_upstream.testns | 25 -
.../127.0.0.1/example.com.zone | 3 -
.../http_user_agent.tdir/http_user_agent.conf | 24 -
.../http_user_agent.tdir/http_user_agent.dsc | 16 -
.../http_user_agent.tdir/http_user_agent.post | 11 -
.../http_user_agent.tdir/http_user_agent.pre | 37 --
.../http_user_agent.tdir/http_user_agent.test | 103 ----
.../testdata/http_user_agent.tdir/petal.key | 21 -
.../testdata/http_user_agent.tdir/petal.pem | 14 -
.../http_user_agent.tdir/unbound_control.key | 39 --
.../http_user_agent.tdir/unbound_control.pem | 22 -
.../http_user_agent.tdir/unbound_server.key | 39 --
.../http_user_agent.tdir/unbound_server.pem | 22 -
contrib/unbound/testdata/ipset.tdir/ipset.conf | 23 -
contrib/unbound/testdata/ipset.tdir/ipset.dsc | 16 -
contrib/unbound/testdata/ipset.tdir/ipset.post | 14 -
contrib/unbound/testdata/ipset.tdir/ipset.pre | 33 --
contrib/unbound/testdata/ipset.tdir/ipset.test | 155 ------
contrib/unbound/testdata/ipset.tdir/ipset.testns | 103 ----
contrib/unbound/testdata/iter_cname_minimise.rpl | 179 -------
contrib/unbound/testdata/iter_dp_ip6useless.rpl | 168 -------
contrib/unbound/testdata/nsid_bogus.rpl | 175 -------
.../unbound/testdata/ratelimit.tdir/ratelimit.conf | 29 --
.../unbound/testdata/ratelimit.tdir/ratelimit.dsc | 16 -
.../unbound/testdata/ratelimit.tdir/ratelimit.post | 14 -
.../unbound/testdata/ratelimit.tdir/ratelimit.pre | 33 --
.../unbound/testdata/ratelimit.tdir/ratelimit.test | 183 -------
.../testdata/ratelimit.tdir/ratelimit.testns | 13 -
.../testdata/ratelimit.tdir/unbound_control.key | 39 --
.../testdata/ratelimit.tdir/unbound_control.pem | 22 -
.../testdata/ratelimit.tdir/unbound_server.key | 39 --
.../testdata/ratelimit.tdir/unbound_server.pem | 22 -
contrib/unbound/testdata/rpz_clientip.rpl | 264 ----------
contrib/unbound/testdata/rpz_nsdname.rpl | 390 ---------------
contrib/unbound/testdata/rpz_nsip.rpl | 408 ----------------
contrib/unbound/testdata/rpz_passthru.rpl | 154 ------
contrib/unbound/testdata/rpz_qname_tcponly.rpl | 117 -----
contrib/unbound/testdata/rpz_respip_tcponly.rpl | 207 --------
contrib/unbound/testdata/rpz_rootwc.rpl | 162 -------
.../unbound/testdata/rpz_signal_nxdomain_ra.rpl | 254 ----------
.../stub_udp_with_tcp_upstream.conf | 19 -
.../stub_udp_with_tcp_upstream.dsc | 16 -
.../stub_udp_with_tcp_upstream.post | 10 -
.../stub_udp_with_tcp_upstream.pre | 35 --
.../stub_udp_with_tcp_upstream.test | 37 --
.../stub_udp_with_tcp_upstream.testns | 48 --
contrib/unbound/testdata/subnet_prefetch.crpl | 215 ---------
.../testdata/subnet_prefetch_with_client_ecs.crpl | 221 ---------
.../testdata/svcb.tdir/crypto.cloudflare.com.zone | 9 -
contrib/unbound/testdata/svcb.tdir/svcb.dsc | 16 -
.../testdata/svcb.tdir/svcb.failure-cases-01 | 9 -
.../testdata/svcb.tdir/svcb.failure-cases-02 | 8 -
.../testdata/svcb.tdir/svcb.failure-cases-03 | 8 -
.../testdata/svcb.tdir/svcb.failure-cases-04 | 8 -
.../testdata/svcb.tdir/svcb.success-cases.zone | 47 --
.../testdata/svcb.tdir/svcb.success-cases.zone.cmp | 10 -
contrib/unbound/testdata/svcb.tdir/svcb.test | 97 ----
.../testdata/svcb.tdir/svcb.test-vectors-pf.zone | 92 ----
.../testdata/svcb.tdir/svcb.test-vectors-wf.zone | 232 ---------
contrib/unbound/testdata/zonemd.example1.zone | 4 -
contrib/unbound/testdata/zonemd.example10.zone | 35 --
contrib/unbound/testdata/zonemd.example11.zone | 33 --
contrib/unbound/testdata/zonemd.example12.zone | 35 --
contrib/unbound/testdata/zonemd.example13.zone | 33 --
contrib/unbound/testdata/zonemd.example14.zone | 35 --
contrib/unbound/testdata/zonemd.example15.zone | 35 --
contrib/unbound/testdata/zonemd.example16.zone | 11 -
contrib/unbound/testdata/zonemd.example17.zone | 11 -
contrib/unbound/testdata/zonemd.example2.zone | 15 -
contrib/unbound/testdata/zonemd.example3.zone | 34 --
contrib/unbound/testdata/zonemd.example4.zone | 36 --
contrib/unbound/testdata/zonemd.example5.zone | 34 --
contrib/unbound/testdata/zonemd.example6.zone | 36 --
contrib/unbound/testdata/zonemd.example7.zone | 31 --
contrib/unbound/testdata/zonemd.example8.zone | 34 --
contrib/unbound/testdata/zonemd.example9.zone | 35 --
contrib/unbound/testdata/zonemd.example_a1.zone | 6 -
contrib/unbound/testdata/zonemd.example_a2.zone | 25 -
contrib/unbound/testdata/zonemd.example_a3.zone | 30 --
contrib/unbound/testdata/zonemd.example_a4.zone | 127 -----
contrib/unbound/testdata/zonemd.example_a5.zone | 48 --
.../testdata/zonemd_reload.tdir/zonemd_reload.conf | 23 -
.../testdata/zonemd_reload.tdir/zonemd_reload.dsc | 16 -
.../testdata/zonemd_reload.tdir/zonemd_reload.post | 14 -
.../testdata/zonemd_reload.tdir/zonemd_reload.pre | 35 --
.../testdata/zonemd_reload.tdir/zonemd_reload.test | 74 ---
.../zonemd_reload.tdir/zonemd_reload.testns | 27 --
.../testdata/zonemd_reload.tdir/zonemd_reload.zone | 8 -
contrib/unbound/util/iana_ports.inc | 9 +
contrib/unbound/util/net_help.c | 10 +-
contrib/unbound/validator/val_secalgo.c | 127 +++--
contrib/unbound/validator/val_sigcrypt.c | 148 +++---
contrib/unbound/validator/val_utils.c | 2 +-
172 files changed, 728 insertions(+), 12244 deletions(-)
diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in
index 7dbe5760033b..3189731ad52f 100644
--- a/contrib/unbound/Makefile.in
+++ b/contrib/unbound/Makefile.in
@@ -345,14 +345,12 @@ test: unittest$(EXEEXT) testbound$(EXEEXT)
./unittest$(EXEEXT)
./testbound$(EXEEXT) -s
for x in $(srcdir)/testdata/*.rpl; do \
- printf "%s" "$$x "; \
- if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then \
- echo OK; \
+ output=`./testbound$(EXEEXT) -p $$x -o -vvvvv 2>&1`; \
+ if test $$? -eq 0; then \
+ printf "%s OK\n" "$$x "; \
else \
- echo failed; \
- ./testbound$(EXEEXT) -p $$x -o -vvvvv; \
- printf "%s" "$$x "; \
- echo failed; \
+ printf "%s\n" "$$output "; \
+ printf "%s failed\n" "$$x "; \
exit 1; \
fi; \
done
diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in
index a080dde0da2e..cc1fbe864818 100644
--- a/contrib/unbound/config.h.in
+++ b/contrib/unbound/config.h.in
@@ -222,6 +222,10 @@
/* Define to 1 if you have the `EVP_cleanup' function. */
#undef HAVE_EVP_CLEANUP
+/* Define to 1 if you have the `EVP_default_properties_is_fips_enabled'
+ function. */
+#undef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED
+
/* Define to 1 if you have the `EVP_DigestVerify' function. */
#undef HAVE_EVP_DIGESTVERIFY
diff --git a/contrib/unbound/configure b/contrib/unbound/configure
index a9ec94479b55..0029d5b42782 100755
--- a/contrib/unbound/configure
+++ b/contrib/unbound/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for unbound 1.16.0.
+# Generated by GNU Autoconf 2.69 for unbound 1.16.1.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
#
@@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.16.0'
-PACKAGE_STRING='unbound 1.16.0'
+PACKAGE_VERSION='1.16.1'
+PACKAGE_STRING='unbound 1.16.1'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
PACKAGE_URL=''
@@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures unbound 1.16.0 to adapt to many kinds of systems.
+\`configure' configures unbound 1.16.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1543,7 +1543,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of unbound 1.16.0:";;
+ short | recursive ) echo "Configuration of unbound 1.16.1:";;
esac
cat <<\_ACEOF
@@ -1785,7 +1785,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-unbound configure 1.16.0
+unbound configure 1.16.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by unbound $as_me 1.16.0, which was
+It was created by unbound $as_me 1.16.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2846,11 +2846,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=16
-UNBOUND_VERSION_MICRO=0
+UNBOUND_VERSION_MICRO=1
LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=16
+LIBUNBOUND_REVISION=17
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -2934,6 +2934,7 @@ LIBUNBOUND_AGE=1
# 1.14.0 had 9:14:1
# 1.15.0 had 9:15:1
# 1.16.0 had 9:16:1
+# 1.16.1 had 9:17:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -18545,7 +18546,7 @@ fi
done
-for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex
+for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -19967,7 +19968,46 @@ if test x_$enable_static_exe = x_yes; then
else
LIBS="$LIBS -lgdi32"
fi
- LIBS="$LIBS -lz"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for compress in -lz" >&5
+$as_echo_n "checking for compress in -lz... " >&6; }
+if ${ac_cv_lib_z_compress+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lz $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char compress ();
+int
+main ()
+{
+return compress ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_z_compress=yes
+else
+ ac_cv_lib_z_compress=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_compress" >&5
+$as_echo "$ac_cv_lib_z_compress" >&6; }
+if test "x$ac_cv_lib_z_compress" = xyes; then :
+ LIBS="$LIBS -lz"
+fi
+
LIBS="$LIBS -l:libssp.a"
fi
fi
@@ -19987,7 +20027,46 @@ if test x_$enable_fully_static = x_yes; then
else
LIBS="$LIBS -lgdi32"
fi
- LIBS="$LIBS -lz"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for compress in -lz" >&5
+$as_echo_n "checking for compress in -lz... " >&6; }
+if ${ac_cv_lib_z_compress+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lz $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char compress ();
+int
+main ()
+{
+return compress ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_z_compress=yes
+else
+ ac_cv_lib_z_compress=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_compress" >&5
+$as_echo "$ac_cv_lib_z_compress" >&6; }
+if test "x$ac_cv_lib_z_compress" = xyes; then :
+ LIBS="$LIBS -lz"
+fi
+
LIBS="$LIBS -l:libssp.a"
fi
fi
@@ -21934,7 +22013,7 @@ _ACEOF
-version=1.16.0
+version=1.16.1
date=`date +'%b %e, %Y'`
@@ -22453,7 +22532,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by unbound $as_me 1.16.0, which was
+This file was extended by unbound $as_me 1.16.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -22519,7 +22598,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-unbound config.status 1.16.0
+unbound config.status 1.16.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac
index 1453b3a2fe29..e41c811ae826 100644
--- a/contrib/unbound/configure.ac
+++ b/contrib/unbound/configure.ac
@@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[16])
-m4_define([VERSION_MICRO],[0])
+m4_define([VERSION_MICRO],[1])
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=16
+LIBUNBOUND_REVISION=17
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -102,6 +102,7 @@ LIBUNBOUND_AGE=1
# 1.14.0 had 9:14:1
# 1.15.0 had 9:15:1
# 1.16.0 had 9:16:1
+# 1.16.1 had 9:17:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -906,7 +907,7 @@ else
AC_MSG_RESULT([no])
fi
AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex])
+AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex])
# these check_funcs need -lssl
BAKLIBS="$LIBS"
@@ -1499,7 +1500,7 @@ if test x_$enable_static_exe = x_yes; then
else
LIBS="$LIBS -lgdi32"
fi
- LIBS="$LIBS -lz"
+ AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ])
LIBS="$LIBS -l:libssp.a"
fi
fi
@@ -1516,7 +1517,7 @@ if test x_$enable_fully_static = x_yes; then
else
LIBS="$LIBS -lgdi32"
fi
- LIBS="$LIBS -lz"
+ AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ])
LIBS="$LIBS -l:libssp.a"
fi
fi
diff --git a/contrib/unbound/contrib/metrics.awk b/contrib/unbound/contrib/metrics.awk
index 5a7a2569c29a..ca48c035aa0e 100644
--- a/contrib/unbound/contrib/metrics.awk
+++ b/contrib/unbound/contrib/metrics.awk
@@ -28,6 +28,7 @@ END {
print "unbound_hits_queries{type=\"total.num.prefetch\"} " val["total.num.prefetch"];
print "unbound_hits_queries{type=\"num.query.tcp\"} " val["num.query.tcp"];
print "unbound_hits_queries{type=\"num.query.tcpout\"} " val["num.query.tcpout"];
+ print "unbound_hits_queries{type=\"num.query.udpout\"} " val["num.query.udpout"];
print "unbound_hits_queries{type=\"num.query.tls\"} " val["num.query.tls"];
print "unbound_hits_queries{type=\"num.query.tls.resume\"} " val["num.query.tls.resume"];
print "unbound_hits_queries{type=\"num.query.ipv6\"} " val["num.query.ipv6"];
diff --git a/contrib/unbound/contrib/unbound_munin_ b/contrib/unbound/contrib/unbound_munin_
index 5037527580e2..a756a5d1ca20 100755
--- a/contrib/unbound/contrib/unbound_munin_
+++ b/contrib/unbound/contrib/unbound_munin_
@@ -253,6 +253,7 @@ if test "$1" = "config" ; then
p_config "total.num.prefetch" "cache prefetch" "ABSOLUTE"
p_config "num.query.tcp" "TCP queries" "ABSOLUTE"
p_config "num.query.tcpout" "TCP out queries" "ABSOLUTE"
+ p_config "num.query.udpout" "UDP out queries" "ABSOLUTE"
p_config "num.query.tls" "TLS queries" "ABSOLUTE"
p_config "num.query.tls.resume" "TLS resumes" "ABSOLUTE"
p_config "num.query.ipv6" "IPv6 queries" "ABSOLUTE"
@@ -452,7 +453,7 @@ hits)
for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state |
sed -e 's/=.*//'` total.num.queries \
total.num.cachehits total.num.prefetch num.query.tcp \
- num.query.tcpout num.query.tls num.query.tls.resume \
+ num.query.tcpout num.query.udpout num.query.tls num.query.tls.resume \
num.query.ipv6 unwanted.queries \
unwanted.replies; do
if grep "^"$x"=" $state >/dev/null 2>&1; then
diff --git a/contrib/unbound/daemon/daemon.c b/contrib/unbound/daemon/daemon.c
index 0e3923b4e9f2..4ed531855ee6 100644
--- a/contrib/unbound/daemon/daemon.c
+++ b/contrib/unbound/daemon/daemon.c
@@ -795,7 +795,7 @@ daemon_delete(struct daemon* daemon)
ub_c_lex_destroy();
/* libcrypto cleanup */
#ifdef HAVE_SSL
-# if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST)
+# if defined(USE_GOST)
sldns_key_EVP_unload_gost();
# endif
# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE
diff --git a/contrib/unbound/daemon/remote.c b/contrib/unbound/daemon/remote.c
index 675ef43970d1..ec7a4d5d93f4 100644
--- a/contrib/unbound/daemon/remote.c
+++ b/contrib/unbound/daemon/remote.c
@@ -988,6 +988,8 @@ print_ext(RES* ssl, struct ub_stats_info* s)
(unsigned long)s->svr.qtcp)) return 0;
if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n",
(unsigned long)s->svr.qtcp_outgoing)) return 0;
+ if(!ssl_printf(ssl, "num.query.udpout"SQ"%lu\n",
+ (unsigned long)s->svr.qudp_outgoing)) return 0;
if(!ssl_printf(ssl, "num.query.tls"SQ"%lu\n",
(unsigned long)s->svr.qtls)) return 0;
if(!ssl_printf(ssl, "num.query.tls.resume"SQ"%lu\n",
diff --git a/contrib/unbound/daemon/stats.c b/contrib/unbound/daemon/stats.c
index d08f18dbb137..57c42827161c 100644
--- a/contrib/unbound/daemon/stats.c
+++ b/contrib/unbound/daemon/stats.c
@@ -281,6 +281,7 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
/* values from outside network */
s->svr.unwanted_replies = (long long)worker->back->unwanted_replies;
s->svr.qtcp_outgoing = (long long)worker->back->num_tcp_outgoing;
+ s->svr.qudp_outgoing = (long long)worker->back->num_udp_outgoing;
/* get and reset validator rrset bogus number */
s->svr.rrset_bogus = (long long)get_rrset_bogus(worker, reset);
@@ -424,6 +425,7 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a)
total->svr.qclass_big += a->svr.qclass_big;
total->svr.qtcp += a->svr.qtcp;
total->svr.qtcp_outgoing += a->svr.qtcp_outgoing;
+ total->svr.qudp_outgoing += a->svr.qudp_outgoing;
total->svr.qtls += a->svr.qtls;
total->svr.qtls_resume += a->svr.qtls_resume;
total->svr.qhttps += a->svr.qhttps;
diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c
index bf8c5d6b6763..27626ce938ca 100644
--- a/contrib/unbound/daemon/worker.c
+++ b/contrib/unbound/daemon/worker.c
@@ -1639,10 +1639,11 @@ lookup_cache:
is_secure_answer = 0;
h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2));
if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) {
+ struct reply_info* rep = (struct reply_info*)e->data;
/* answer from cache - we have acquired a readlock on it */
- if(answer_from_cache(worker, &qinfo,
- cinfo, &need_drop, &is_expired_answer, &is_secure_answer,
- &alias_rrset, &partial_rep, (struct reply_info*)e->data,
+ if(answer_from_cache(worker, &qinfo, cinfo, &need_drop,
+ &is_expired_answer, &is_secure_answer,
+ &alias_rrset, &partial_rep, rep,
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
sldns_buffer_read_u16_at(c->buffer, 2), repinfo,
&edns)) {
@@ -1650,15 +1651,13 @@ lookup_cache:
* Note that if there is more than one pass
* its qname must be that used for cache
* lookup. */
- if((worker->env.cfg->prefetch && *worker->env.now >=
- ((struct reply_info*)e->data)->prefetch_ttl) ||
- (worker->env.cfg->serve_expired &&
- *worker->env.now >= ((struct reply_info*)e->data)->ttl)) {
-
- time_t leeway = ((struct reply_info*)e->
- data)->ttl - *worker->env.now;
- if(((struct reply_info*)e->data)->ttl
- < *worker->env.now)
+ if((worker->env.cfg->prefetch &&
+ *worker->env.now >= rep->prefetch_ttl) ||
+ (worker->env.cfg->serve_expired &&
+ *worker->env.now > rep->ttl)) {
+
+ time_t leeway = rep->ttl - *worker->env.now;
+ if(rep->ttl < *worker->env.now)
leeway = 0;
lock_rw_unlock(&e->lock);
@@ -2218,6 +2217,7 @@ void worker_stats_clear(struct worker* worker)
mesh_stats_clear(worker->env.mesh);
worker->back->unwanted_replies = 0;
worker->back->num_tcp_outgoing = 0;
+ worker->back->num_udp_outgoing = 0;
}
void worker_start_accept(void* arg)
diff --git a/contrib/unbound/doc/Changelog b/contrib/unbound/doc/Changelog
index 8df5f367c4e1..d3573190e7e2 100644
--- a/contrib/unbound/doc/Changelog
+++ b/contrib/unbound/doc/Changelog
@@ -1,6 +1,84 @@
+4 July 2022: George
+ - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
+ one loop pass'.
+ - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
+ outbound tcp sockets.
+
+4 July 2022: Wouter
+ - Tag for 1.16.1rc1 release.
+
+3 July 2022: George
+ - Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS
+ mode on openssl3.
+ - Merge PR #660 from Petr Menšík: Sha1 runtime insecure.
+ - For #660: formatting, less verbose logging, add EDE information.
+ - Fix for correct openssl error when adding windows CA certificates to
+ the openssl trust store.
+ - Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
+ - Reintroduce documentation and more EDE support for
+ val_sigcrypt.c::dnskeyset_verify_rrset_sig.
+
+1 July 2022: George
+ - Merge PR #706: NXNS fallback.
+ - From #706: Cached NXDOMAIN does not increase the target nx
+ responses.
+ - From #706: Don't generate parent side queries if we already
+ have the lame records in cache.
+ - From #706: When a lame address is the best choice, don't try to
+ generate target queries when the missing targets are all lame.
+
+29 June 2022: Wouter
+ - iana portlist update.
+ - Fix detection of libz on windows compile with static option.
+ - Fix compile warning for windows compile.
+
+29 June 2022: George
+ - Add debug option to the mini_tdir.sh test code.
+ - Fix #704: [FR] Statistics counter for number of outgoing UDP queries
+ sent; introduces 'num.query.udpout' to the 'unbound-control stats'
+ command.
+ - Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
+ - Allow fallback to the parent side when MAX_TARGET_NX is reached.
+ This will also allow MAX_TARGET_NX more NXDOMAINs.
+
+28 June 2022: George
+ - Show the output of the exact .rpl run that failed with 'make test'.
+ - Fix for cached 0 TTL records to not trigger prefetching when
+ serve-expired-client-timeout is set.
+
+28 June 2022: Wouter
+ - Fix test program dohclient close to use portability routine.
+
+23 June 2022: Tom
+ - Clarify -v flag manpage entry (#705)
+
+22 June 2022: Philip
+ - Fix #663: use after free issue with edns options.
+
+21 June 2022: Philip
+ - Fix for loading locally stored zones that have lines with blanks or
+ blanks and comments.
+
+20 June 2022: George
+ - Remove unused LDNS function check for GOST Engine unloading.
+
+14 June 2022: George
+ - Merge PR #688: Rpz url notify issue.
+ - Note in the unbound.conf text that NOTIFY is allowed from the url:
+ addresses for auth and rpz zones.
+
+3 June 2022: George
+ - Fix for edns client subnet to respect not looking in its cache when
+ instructed to do so (e.g., prefetch).
+
+3 June 2022: Wouter
+ - makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
+
27 May 2022: Wouter
- Fix #684: [FTBS] configure script error with libmnl on openSUSE 15.3 (and possibly other distributions)
- - Version is set to 1.16.0 for release. Release tag 1.16.0rc1.
+ - Version is set to 1.16.0 for release. Release tag 1.16.0rc1. This
+ became release 1.16.0 on 2 June 2022. The source code branch
+ continues with version 1.16.1 under development.
20 May 2022: Wouter
- Fix to silence test for ede error output to the console from the
diff --git a/contrib/unbound/doc/README b/contrib/unbound/doc/README
index ea93afddcd5f..13992ac7f9ec 100644
--- a/contrib/unbound/doc/README
+++ b/contrib/unbound/doc/README
@@ -1,4 +1,4 @@
-README for Unbound 1.16.0
+README for Unbound 1.16.1
Copyright 2007 NLnet Labs
http://unbound.net
diff --git a/contrib/unbound/doc/example.conf.in b/contrib/unbound/doc/example.conf.in
index 64adfe9e5e9c..b01d2c58dbfe 100644
--- a/contrib/unbound/doc/example.conf.in
+++ b/contrib/unbound/doc/example.conf.in
@@ -1,7 +1,7 @@
#
# Example configuration file.
#
-# See unbound.conf(5) man page, version 1.16.0.
+# See unbound.conf(5) man page, version 1.16.1.
#
# this is a comment.
@@ -1045,8 +1045,8 @@ remote-control:
# has a copy of the root for local usage. The second serves example.org
# authoritatively. zonefile: reads from file (and writes to it if you also
# download it), primary: fetches with AXFR and IXFR, or url to zonefile.
-# With allow-notify: you can give additional (apart from primaries) sources of
-# notifies.
+# With allow-notify: you can give additional (apart from primaries and urls)
+# sources of notifies.
# auth-zone:
# name: "."
# primary: 199.9.14.201 # b.root-servers.net
diff --git a/contrib/unbound/doc/libunbound.3.in b/contrib/unbound/doc/libunbound.3.in
index b1be90ce0f0f..8049e3ae29d3 100644
--- a/contrib/unbound/doc/libunbound.3.in
+++ b/contrib/unbound/doc/libunbound.3.in
@@ -1,4 +1,4 @@
-.TH "libunbound" "3" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0"
+.TH "libunbound" "3" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
@@ -44,7 +44,7 @@
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
-\- Unbound DNS validating resolver 1.16.0 functions.
+\- Unbound DNS validating resolver 1.16.1 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP
diff --git a/contrib/unbound/doc/unbound-anchor.8.in b/contrib/unbound/doc/unbound-anchor.8.in
index 4da37b1d5ff9..85b71fd30b8e 100644
--- a/contrib/unbound/doc/unbound-anchor.8.in
+++ b/contrib/unbound/doc/unbound-anchor.8.in
@@ -1,4 +1,4 @@
-.TH "unbound-anchor" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0"
+.TH "unbound-anchor" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"
diff --git a/contrib/unbound/doc/unbound-checkconf.8.in b/contrib/unbound/doc/unbound-checkconf.8.in
index 4c607a231b9f..8133feeaa364 100644
--- a/contrib/unbound/doc/unbound-checkconf.8.in
+++ b/contrib/unbound/doc/unbound-checkconf.8.in
@@ -1,4 +1,4 @@
-.TH "unbound-checkconf" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0"
+.TH "unbound-checkconf" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"
diff --git a/contrib/unbound/doc/unbound-control.8.in b/contrib/unbound/doc/unbound-control.8.in
index 3ef1d659f58a..128101e2f887 100644
--- a/contrib/unbound/doc/unbound-control.8.in
+++ b/contrib/unbound/doc/unbound-control.8.in
@@ -1,4 +1,4 @@
-.TH "unbound-control" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0"
+.TH "unbound-control" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"
@@ -552,6 +552,10 @@ Number of queries that were made using TCP towards the Unbound server.
Number of queries that the Unbound server made using TCP outgoing towards
other servers.
.TP
+.I num.query.udpout
+Number of queries that the Unbound server made using UDP outgoing towards
+other servers.
+.TP
.I num.query.tls
Number of queries that were made using TLS towards the Unbound server.
These are also counted in num.query.tcp, because TLS uses TCP.
diff --git a/contrib/unbound/doc/unbound-host.1.in b/contrib/unbound/doc/unbound-host.1.in
index a30d1dfd216f..fb73e625df47 100644
--- a/contrib/unbound/doc/unbound-host.1.in
+++ b/contrib/unbound/doc/unbound-host.1.in
@@ -1,4 +1,4 @@
-.TH "unbound\-host" "1" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0"
+.TH "unbound\-host" "1" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
.\"
.\" unbound-host.1 -- unbound DNS lookup utility
.\"
diff --git a/contrib/unbound/doc/unbound.8.in b/contrib/unbound/doc/unbound.8.in
index e3492724c95d..bc768c6a151b 100644
--- a/contrib/unbound/doc/unbound.8.in
+++ b/contrib/unbound/doc/unbound.8.in
@@ -1,4 +1,4 @@
-.TH "unbound" "8" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0"
+.TH "unbound" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
.\"
.\" unbound.8 -- unbound manual
.\"
@@ -9,7 +9,7 @@
.\"
.SH "NAME"
.B unbound
-\- Unbound DNS validating resolver 1.16.0.
+\- Unbound DNS validating resolver 1.16.1.
.SH "SYNOPSIS"
.B unbound
.RB [ \-h ]
@@ -75,7 +75,7 @@ concurrently.
.TP
.B \-v
Increase verbosity. If given multiple times, more information is logged.
-This is in addition to the verbosity (if any) from the config file.
+This is added to the verbosity (if any) from the config file.
.TP
.B \-V
Show the version number and build options, and exit.
diff --git a/contrib/unbound/doc/unbound.conf.5.in b/contrib/unbound/doc/unbound.conf.5.in
index 3c891aa59e28..1157a2d1975f 100644
--- a/contrib/unbound/doc/unbound.conf.5.in
+++ b/contrib/unbound/doc/unbound.conf.5.in
@@ -1,4 +1,4 @@
-.TH "unbound.conf" "5" "Jun 2, 2022" "NLnet Labs" "unbound 1.16.0"
+.TH "unbound.conf" "5" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
@@ -2067,8 +2067,8 @@ With allow\-notify you can specify additional sources of notifies.
When notified, the server attempts to first probe and then zone transfer.
If the notify is from a primary, it first attempts that primary. Otherwise
other primaries are attempted. If there are no primaries, but only urls, the
-file is downloaded when notified. The primaries from primary: statements are
-allowed notify by default.
+file is downloaded when notified. The primaries from primary: and url:
+statements are allowed notify by default.
.TP
.B fallback\-enabled: \fI<yes or no>
Default no. If enabled, Unbound falls back to querying the internet as
@@ -2682,8 +2682,8 @@ With allow\-notify you can specify additional sources of notifies.
When notified, the server attempts to first probe and then zone transfer.
If the notify is from a primary, it first attempts that primary. Otherwise
other primaries are attempted. If there are no primaries, but only urls, the
-file is downloaded when notified. The primaries from primary: statements are
-allowed notify by default.
+file is downloaded when notified. The primaries from primary: and url:
+statements are allowed notify by default.
.TP
.B zonefile: \fI<filename>
The filename where the zone is stored. If not given then no zonefile is used.
diff --git a/contrib/unbound/edns-subnet/subnetmod.c b/contrib/unbound/edns-subnet/subnetmod.c
index 25190b040d45..75446113b742 100644
--- a/contrib/unbound/edns-subnet/subnetmod.c
+++ b/contrib/unbound/edns-subnet/subnetmod.c
@@ -93,13 +93,14 @@ subnet_new_qstate(struct module_qstate *qstate, int id)
qstate->minfo[id] = sq;
memset(sq, 0, sizeof(*sq));
sq->started_no_cache_store = qstate->no_cache_store;
+ sq->started_no_cache_lookup = qstate->no_cache_lookup;
return 1;
}
/** Add ecs struct to edns list, after parsing it to wire format. */
void
subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list,
- struct module_qstate *qstate)
+ struct module_qstate *qstate, struct regional *region)
{
size_t sn_octs, sn_octs_remainder;
sldns_buffer* buf = qstate->env->scratch_buffer;
@@ -131,7 +132,7 @@ subnet_ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list,
edns_opt_list_append(list,
qstate->env->cfg->client_subnet_opcode,
sn_octs + sn_octs_remainder + 4,
- sldns_buffer_begin(buf), qstate->region);
+ sldns_buffer_begin(buf), region);
}
}
@@ -139,7 +140,7 @@ int ecs_whitelist_check(struct query_info* qinfo,
uint16_t ATTR_UNUSED(flags), struct module_qstate* qstate,
struct sockaddr_storage* addr, socklen_t addrlen,
uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen),
- struct regional* ATTR_UNUSED(region), int id, void* ATTR_UNUSED(cbargs))
+ struct regional *region, int id, void* ATTR_UNUSED(cbargs))
{
struct subnet_qstate *sq;
struct subnet_env *sn_env;
@@ -165,7 +166,7 @@ int ecs_whitelist_check(struct query_info* qinfo,
if(!edns_opt_list_find(qstate->edns_opts_back_out,
qstate->env->cfg->client_subnet_opcode)) {
subnet_ecs_opt_list_append(&sq->ecs_server_out,
- &qstate->edns_opts_back_out, qstate);
+ &qstate->edns_opts_back_out, qstate, region);
}
sq->subnet_sent = 1;
}
@@ -331,9 +332,11 @@ update_cache(struct module_qstate *qstate, int id)
struct ecs_data *edns = &sq->ecs_client_in;
size_t i;
- /* We already calculated hash upon lookup */
- hashvalue_type h = qstate->minfo[id] ?
- ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash :
+ /* We already calculated hash upon lookup (lookup_and_reply) if we were
+ * allowed to look in the ECS cache */
+ hashvalue_type h = qstate->minfo[id] &&
+ ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash_calculated?
+ ((struct subnet_qstate*)qstate->minfo[id])->qinfo_hash :
query_info_hash(&qstate->qinfo, qstate->query_flags);
/* Step 1, general qinfo lookup */
struct lruhash_entry *lru_entry = slabhash_lookup(subnet_msg_cache, h,
@@ -416,7 +419,10 @@ lookup_and_reply(struct module_qstate *qstate, int id, struct subnet_qstate *sq)
memset(&sq->ecs_client_out, 0, sizeof(sq->ecs_client_out));
- if (sq) sq->qinfo_hash = h; /* Might be useful on cache miss */
+ if (sq) {
+ sq->qinfo_hash = h; /* Might be useful on cache miss */
+ sq->qinfo_hash_calculated = 1;
+ }
e = slabhash_lookup(sne->subnet_msg_cache, h, &qstate->qinfo, 1);
if (!e) return 0; /* qinfo not in cache */
data = e->data;
@@ -758,18 +764,21 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
return;
}
- lock_rw_wrlock(&sne->biglock);
- if (lookup_and_reply(qstate, id, sq)) {
- sne->num_msg_cache++;
- lock_rw_unlock(&sne->biglock);
- verbose(VERB_QUERY, "subnetcache: answered from cache");
- qstate->ext_state[id] = module_finished;
+ if(!sq->started_no_cache_lookup && !qstate->blacklist) {
+ lock_rw_wrlock(&sne->biglock);
+ if(lookup_and_reply(qstate, id, sq)) {
+ sne->num_msg_cache++;
+ lock_rw_unlock(&sne->biglock);
+ verbose(VERB_QUERY, "subnetcache: answered from cache");
+ qstate->ext_state[id] = module_finished;
- subnet_ecs_opt_list_append(&sq->ecs_client_out,
- &qstate->edns_opts_front_out, qstate);
- return;
+ subnet_ecs_opt_list_append(&sq->ecs_client_out,
+ &qstate->edns_opts_front_out, qstate,
+ qstate->region);
+ return;
+ }
+ lock_rw_unlock(&sne->biglock);
}
- lock_rw_unlock(&sne->biglock);
sq->ecs_server_out.subnet_addr_fam =
sq->ecs_client_in.subnet_addr_fam;
*** 14045 LINES SKIPPED ***