mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-11 08:50:00 -04:00
Recreate HTTPS and TLS interfaces only during reconfiguration
The 850e9e59bf commit intended to recreate
the HTTPS and TLS interfaces during reconfiguration, but they are being
recreated also during regular interface re-scans.
Make sure the HTTPS and TLS interfaces are being recreated only during
reconfiguration.
This commit is contained in:
Aram Sargsyan
parent
f999d8f3f5
commit
f595a75cd6
4 changed files with 20 additions and 17 deletions
|
|
@ -6933,7 +6933,7 @@ interface_timer_tick(isc_task_t *task, isc_event_t *event) {
|
|||
UNUSED(task);
|
||||
|
||||
isc_event_free(&event);
|
||||
ns_interfacemgr_scan(server->interfacemgr, false);
|
||||
ns_interfacemgr_scan(server->interfacemgr, false, false);
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
@ -8933,7 +8933,7 @@ load_configuration(const char *filename, named_server_t *server,
|
|||
* to configure the query source, since the dispatcher we use might
|
||||
* be shared with an interface.
|
||||
*/
|
||||
result = ns_interfacemgr_scan(server->interfacemgr, true);
|
||||
result = ns_interfacemgr_scan(server->interfacemgr, true, true);
|
||||
|
||||
/*
|
||||
* Check that named is able to TCP listen on at least one
|
||||
|
|
@ -10411,7 +10411,7 @@ named_server_scan_interfaces(named_server_t *server) {
|
|||
NAMED_LOGMODULE_SERVER, ISC_LOG_DEBUG(1),
|
||||
"automatic interface rescan");
|
||||
|
||||
ns_interfacemgr_scan(server->interfacemgr, true);
|
||||
ns_interfacemgr_scan(server->interfacemgr, true, false);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -131,12 +131,15 @@ ns_interfacemgr_islistening(ns_interfacemgr_t *mgr);
|
|||
*/
|
||||
|
||||
isc_result_t
|
||||
ns_interfacemgr_scan(ns_interfacemgr_t *mgr, bool verbose);
|
||||
ns_interfacemgr_scan(ns_interfacemgr_t *mgr, bool verbose, bool config);
|
||||
/*%<
|
||||
* Scan the operatings system's list of network interfaces
|
||||
* and create listeners when new interfaces are discovered.
|
||||
* Shut down the sockets for interfaces that go away.
|
||||
*
|
||||
* When 'config' is true, also shut down and recreate any existing TLS and HTTPS
|
||||
* interfaces in order to use their new configuration.
|
||||
*
|
||||
* This should be called once on server startup and then
|
||||
* periodically according to the 'interface-interval' option
|
||||
* in named.conf.
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ scan_event(isc_task_t *task, isc_event_t *event) {
|
|||
|
||||
UNUSED(task);
|
||||
|
||||
ns_interfacemgr_scan(mgr, false);
|
||||
ns_interfacemgr_scan(mgr, false, false);
|
||||
isc_event_free(&event);
|
||||
}
|
||||
|
||||
|
|
@ -851,7 +851,7 @@ clearlistenon(ns_interfacemgr_t *mgr) {
|
|||
}
|
||||
|
||||
static isc_result_t
|
||||
do_scan(ns_interfacemgr_t *mgr, bool verbose) {
|
||||
do_scan(ns_interfacemgr_t *mgr, bool verbose, bool config) {
|
||||
isc_interfaceiter_t *iter = NULL;
|
||||
bool scan_ipv4 = false;
|
||||
bool scan_ipv6 = false;
|
||||
|
|
@ -919,10 +919,10 @@ do_scan(ns_interfacemgr_t *mgr, bool verbose) {
|
|||
if (ifp != NULL) {
|
||||
/*
|
||||
* We need to recreate the TLS/HTTPS listeners
|
||||
* because the certificates could have been
|
||||
* changed on reconfiguration.
|
||||
* during reconfiguration because the
|
||||
* certificates could have been changed.
|
||||
*/
|
||||
if (le->sslctx != NULL) {
|
||||
if (config && le->sslctx != NULL) {
|
||||
INSIST(NS_INTERFACE_VALID(ifp));
|
||||
LOCK(&mgr->lock);
|
||||
ISC_LIST_UNLINK(ifp->mgr->interfaces,
|
||||
|
|
@ -1104,10 +1104,10 @@ do_scan(ns_interfacemgr_t *mgr, bool verbose) {
|
|||
if (ifp != NULL) {
|
||||
/*
|
||||
* We need to recreate the TLS/HTTPS listeners
|
||||
* because the certificates could have been
|
||||
* changed on reconfiguration.
|
||||
* during a reconfiguration because the
|
||||
* certificates could have been changed.
|
||||
*/
|
||||
if (le->sslctx != NULL) {
|
||||
if (config && le->sslctx != NULL) {
|
||||
INSIST(NS_INTERFACE_VALID(ifp));
|
||||
LOCK(&mgr->lock);
|
||||
ISC_LIST_UNLINK(ifp->mgr->interfaces,
|
||||
|
|
@ -1207,7 +1207,7 @@ cleanup_iter:
|
|||
}
|
||||
|
||||
static isc_result_t
|
||||
ns_interfacemgr_scan0(ns_interfacemgr_t *mgr, bool verbose) {
|
||||
ns_interfacemgr_scan0(ns_interfacemgr_t *mgr, bool verbose, bool config) {
|
||||
isc_result_t result;
|
||||
bool purge = true;
|
||||
|
||||
|
|
@ -1215,7 +1215,7 @@ ns_interfacemgr_scan0(ns_interfacemgr_t *mgr, bool verbose) {
|
|||
|
||||
mgr->generation++; /* Increment the generation count. */
|
||||
|
||||
result = do_scan(mgr, verbose);
|
||||
result = do_scan(mgr, verbose, config);
|
||||
if ((result != ISC_R_SUCCESS) && (result != ISC_R_ADDRINUSE)) {
|
||||
purge = false;
|
||||
}
|
||||
|
|
@ -1249,7 +1249,7 @@ ns_interfacemgr_islistening(ns_interfacemgr_t *mgr) {
|
|||
}
|
||||
|
||||
isc_result_t
|
||||
ns_interfacemgr_scan(ns_interfacemgr_t *mgr, bool verbose) {
|
||||
ns_interfacemgr_scan(ns_interfacemgr_t *mgr, bool verbose, bool config) {
|
||||
isc_result_t result;
|
||||
bool unlock = false;
|
||||
|
||||
|
|
@ -1263,7 +1263,7 @@ ns_interfacemgr_scan(ns_interfacemgr_t *mgr, bool verbose) {
|
|||
unlock = true;
|
||||
}
|
||||
|
||||
result = ns_interfacemgr_scan0(mgr, verbose);
|
||||
result = ns_interfacemgr_scan0(mgr, verbose, config);
|
||||
|
||||
if (unlock) {
|
||||
isc_task_endexclusive(mgr->excl);
|
||||
|
|
|
|||
|
|
@ -211,7 +211,7 @@ static void
|
|||
scan_interfaces(isc_task_t *task, isc_event_t *event) {
|
||||
UNUSED(task);
|
||||
|
||||
ns_interfacemgr_scan(interfacemgr, true);
|
||||
ns_interfacemgr_scan(interfacemgr, true, false);
|
||||
isc_event_free(&event);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue