upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Rename tls-additional-ports to tls-additional-port, because every

Browse source 
line adds one port.


git-svn-id: file:///svn/unbound/trunk@4721 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2018-06-12 08:45:57 +00:00
parent 7153c94bd7
commit 23edc18cac
11 changed files with 1158 additions and 1148 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -3,6 +3,8 @@
certificate and key files, access can be restricted with file and certificate and key files, access can be restricted with file and
directory permissions. The option control-use-cert is no longer directory permissions. The option control-use-cert is no longer
used, and ignored if found in unbound.conf. used, and ignored if found in unbound.conf.
- Rename tls-additional-ports to tls-additional-port, because every
line adds one port.
6 June 2018: Wouter 6 June 2018: Wouter
- Patch to fix openwrt for mac os build darwin detection in configure. - Patch to fix openwrt for mac os build darwin detection in configure.

2
doc/example.conf.in
View file

@ -686,7 +686,7 @@ server:
# tls-win-cert: no # tls-win-cert: no
# Also serve tls on these port numbers (eg. 443, ...), by listing # Also serve tls on these port numbers (eg. 443, ...), by listing
# tls-additional-ports: portno for each of the port numbers. # tls-additional-port: portno for each of the port numbers.
# DNS64 prefix. Must be specified when DNS64 is use. # DNS64 prefix. Must be specified when DNS64 is use.
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.

4
doc/unbound.conf.5.in
View file

@ -452,8 +452,8 @@ If no cert bundle, it uses only these certificates. Default is no.
On windows this option uses the certificates from the cert store. Use On windows this option uses the certificates from the cert store. Use
the tls\-cert\-bundle option on other systems. the tls\-cert\-bundle option on other systems.
.TP .TP
.B tls\-additional\-ports: \fI<portnr> .B tls\-additional\-port: \fI<portnr>
List portnumbers as tls\-additional\-ports, and when interfaces are defined, List portnumbers as tls\-additional\-port, and when interfaces are defined,
eg. with the @port suffix, as this port number, they provide dns over TLS eg. with the @port suffix, as this port number, they provide dns over TLS
service. Can list multiple, each on a new statement. service. Can list multiple, each on a new statement.
.TP .TP

18
services/listen_dnsport.c
View file

@ -1059,7 +1059,7 @@ set_recvpktinfo(int s, int family)
/** see if interface is ssl, its port number == the ssl port number */ /** see if interface is ssl, its port number == the ssl port number */
static int static int
if_is_ssl(const char* ifname, const char* port, int ssl_port, if_is_ssl(const char* ifname, const char* port, int ssl_port,
struct config_strlist* tls_additional_ports) struct config_strlist* tls_additional_port)
{ {
struct config_strlist* s; struct config_strlist* s;
char* p = strchr(ifname, '@'); char* p = strchr(ifname, '@');
@ -1067,7 +1067,7 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port,
return 1; return 1;
if(p && atoi(p+1) == ssl_port) if(p && atoi(p+1) == ssl_port)
return 1; return 1;
for(s = tls_additional_ports; s; s = s->next) { for(s = tls_additional_port; s; s = s->next) {
if(p && atoi(p+1) == atoi(s->str)) if(p && atoi(p+1) == atoi(s->str))
return 1; return 1;
if(!p && atoi(port) == atoi(s->str)) if(!p && atoi(port) == atoi(s->str))
@ -1089,7 +1089,7 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port,
* @param rcv: receive buffer size for UDP * @param rcv: receive buffer size for UDP
* @param snd: send buffer size for UDP * @param snd: send buffer size for UDP
* @param ssl_port: ssl service port number * @param ssl_port: ssl service port number
* @param tls_additional_ports: list of additional ssl service port numbers. * @param tls_additional_port: list of additional ssl service port numbers.
* @param reuseport: try to set SO_REUSEPORT if nonNULL and true. * @param reuseport: try to set SO_REUSEPORT if nonNULL and true.
* set to false on exit if reuseport failed due to no kernel support. * set to false on exit if reuseport failed due to no kernel support.
* @param transparent: set IP_TRANSPARENT socket option. * @param transparent: set IP_TRANSPARENT socket option.
@ -1103,7 +1103,7 @@ static int
ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
struct addrinfo *hints, const char* port, struct listen_port** list, struct addrinfo *hints, const char* port, struct listen_port** list,
size_t rcv, size_t snd, int ssl_port, size_t rcv, size_t snd, int ssl_port,
struct config_strlist* tls_additional_ports, int* reuseport, struct config_strlist* tls_additional_port, int* reuseport,
int transparent, int tcp_mss, int freebind, int use_systemd, int transparent, int tcp_mss, int freebind, int use_systemd,
int dnscrypt_port) int dnscrypt_port)
{ {
@ -1170,7 +1170,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
} }
if(do_tcp) { if(do_tcp) {
int is_ssl = if_is_ssl(ifname, port, ssl_port, int is_ssl = if_is_ssl(ifname, port, ssl_port,
tls_additional_ports); tls_additional_port);
if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1,
&noip6, 0, 0, reuseport, transparent, tcp_mss, &noip6, 0, 0, reuseport, transparent, tcp_mss,
freebind, use_systemd)) == -1) { freebind, use_systemd)) == -1) {
@ -1356,7 +1356,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
do_auto, cfg->do_udp, do_tcp, do_auto, cfg->do_udp, do_tcp,
&hints, portbuf, &list, &hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf, cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->tls_additional_ports, cfg->ssl_port, cfg->tls_additional_port,
reuseport, cfg->ip_transparent, reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) { cfg->dnscrypt_port)) {
@ -1370,7 +1370,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
do_auto, cfg->do_udp, do_tcp, do_auto, cfg->do_udp, do_tcp,
&hints, portbuf, &list, &hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf, cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->tls_additional_ports, cfg->ssl_port, cfg->tls_additional_port,
reuseport, cfg->ip_transparent, reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) { cfg->dnscrypt_port)) {
@ -1386,7 +1386,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
do_tcp, &hints, portbuf, &list, do_tcp, &hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf, cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->tls_additional_ports, cfg->ssl_port, cfg->tls_additional_port,
reuseport, cfg->ip_transparent, reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) { cfg->dnscrypt_port)) {
@ -1400,7 +1400,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
do_tcp, &hints, portbuf, &list, do_tcp, &hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf, cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->tls_additional_ports, cfg->ssl_port, cfg->tls_additional_port,
reuseport, cfg->ip_transparent, reuseport, cfg->ip_transparent,
cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
cfg->dnscrypt_port)) { cfg->dnscrypt_port)) {

9
util/config_file.c
View file

@ -456,8 +456,9 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_NUMBER_NONZERO("ssl-port:", ssl_port) else S_NUMBER_NONZERO("ssl-port:", ssl_port)
else S_STR("tls-cert-bundle:", tls_cert_bundle) else S_STR("tls-cert-bundle:", tls_cert_bundle)
else S_YNO("tls-win-cert:", tls_win_cert) else S_YNO("tls-win-cert:", tls_win_cert)
else S_STRLIST("additional-tls-port:", tls_additional_ports) else S_STRLIST("additional-tls-port:", tls_additional_port)
else S_STRLIST("tls-additional-ports:", tls_additional_ports) else S_STRLIST("tls-additional-ports:", tls_additional_port)
else S_STRLIST("tls-additional-port:", tls_additional_port)
else S_YNO("interface-automatic:", if_automatic) else S_YNO("interface-automatic:", if_automatic)
else S_YNO("use-systemd:", use_systemd) else S_YNO("use-systemd:", use_systemd)
else S_YNO("do-daemonize:", do_daemonize) else S_YNO("do-daemonize:", do_daemonize)
@ -878,7 +879,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "ssl-port", ssl_port) else O_DEC(opt, "ssl-port", ssl_port)
else O_STR(opt, "tls-cert-bundle", tls_cert_bundle) else O_STR(opt, "tls-cert-bundle", tls_cert_bundle)
else O_YNO(opt, "tls-win-cert", tls_win_cert) else O_YNO(opt, "tls-win-cert", tls_win_cert)
else O_LST(opt, "tls-additional-ports", tls_additional_ports) else O_LST(opt, "tls-additional-port", tls_additional_port)
else O_YNO(opt, "use-systemd", use_systemd) else O_YNO(opt, "use-systemd", use_systemd)
else O_YNO(opt, "do-daemonize", do_daemonize) else O_YNO(opt, "do-daemonize", do_daemonize)
else O_STR(opt, "chroot", chrootdir) else O_STR(opt, "chroot", chrootdir)
@ -1302,7 +1303,7 @@ config_delete(struct config_file* cfg)
free(cfg->ssl_service_key); free(cfg->ssl_service_key);
free(cfg->ssl_service_pem); free(cfg->ssl_service_pem);
free(cfg->tls_cert_bundle); free(cfg->tls_cert_bundle);
config_delstrlist(cfg->tls_additional_ports); config_delstrlist(cfg->tls_additional_port);
free(cfg->log_identity); free(cfg->log_identity);
config_del_strarray(cfg->ifs, cfg->num_ifs); config_del_strarray(cfg->ifs, cfg->num_ifs);
config_del_strarray(cfg->out_ifs, cfg->num_out_ifs); config_del_strarray(cfg->out_ifs, cfg->num_out_ifs);

2
util/config_file.h
View file

@ -105,7 +105,7 @@ struct config_file {
/** should the system certificate store get added to the cert bundle */ /** should the system certificate store get added to the cert bundle */
int tls_win_cert; int tls_win_cert;
/** additional tls ports */ /** additional tls ports */
struct config_strlist* tls_additional_ports; struct config_strlist* tls_additional_port;
/** outgoing port range number of ports (per thread) */ /** outgoing port range number of ports (per thread) */
int outgoing_num_ports; int outgoing_num_ports;

2236
util/configlexer.c
View file

File diff suppressed because it is too large Load diff

7
util/configlexer.lex
View file

@ -239,9 +239,10 @@ tls-port{COLON} { YDVAR(1, VAR_SSL_PORT) }
ssl-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) } ssl-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
tls-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) } tls-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) }
tls-win-cert{COLON} { YDVAR(1, VAR_TLS_WIN_CERT) } tls-win-cert{COLON} { YDVAR(1, VAR_TLS_WIN_CERT) }
additional-ssl-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) } additional-ssl-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
additional-tls-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) } additional-tls-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
tls-additional-ports{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) } tls-additional-ports{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
tls-additional-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) } use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) }
do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) } do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) }
interface{COLON} { YDVAR(1, VAR_INTERFACE) } interface{COLON} { YDVAR(1, VAR_INTERFACE) }

12
util/configparser.c
View file

@ -361,7 +361,7 @@ extern int yydebug;
VAR_URL = 490, VAR_URL = 490,
VAR_FOR_DOWNSTREAM = 491, VAR_FOR_DOWNSTREAM = 491,
VAR_FALLBACK_ENABLED = 492, VAR_FALLBACK_ENABLED = 492,
VAR_TLS_ADDITIONAL_PORTS = 493, VAR_TLS_ADDITIONAL_PORT = 493,
VAR_LOW_RTT = 494, VAR_LOW_RTT = 494,
VAR_LOW_RTT_PERMIL = 495, VAR_LOW_RTT_PERMIL = 495,
VAR_ALLOW_NOTIFY = 496, VAR_ALLOW_NOTIFY = 496,
@ -604,7 +604,7 @@ extern int yydebug;
#define VAR_URL 490 #define VAR_URL 490
#define VAR_FOR_DOWNSTREAM 491 #define VAR_FOR_DOWNSTREAM 491
#define VAR_FALLBACK_ENABLED 492 #define VAR_FALLBACK_ENABLED 492
#define VAR_TLS_ADDITIONAL_PORTS 493 #define VAR_TLS_ADDITIONAL_PORT 493
#define VAR_LOW_RTT 494 #define VAR_LOW_RTT 494
#define VAR_LOW_RTT_PERMIL 495 #define VAR_LOW_RTT_PERMIL 495
#define VAR_ALLOW_NOTIFY 496 #define VAR_ALLOW_NOTIFY 496
@ -1103,7 +1103,7 @@ static const char *const yytname[] =
"VAR_CACHEDB_REDISTIMEOUT", "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", "VAR_CACHEDB_REDISTIMEOUT", "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM",
"VAR_FOR_UPSTREAM", "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER", "VAR_FOR_UPSTREAM", "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER",
"VAR_URL", "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED", "VAR_URL", "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED",
"VAR_TLS_ADDITIONAL_PORTS", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL", "VAR_TLS_ADDITIONAL_PORT", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL",
"VAR_ALLOW_NOTIFY", "VAR_TLS_WIN_CERT", "$accept", "toplevelvars", "VAR_ALLOW_NOTIFY", "VAR_TLS_WIN_CERT", "$accept", "toplevelvars",
"toplevelvar", "serverstart", "contents_server", "content_server", "toplevelvar", "serverstart", "contents_server", "content_server",
"stubstart", "contents_stub", "content_stub", "forwardstart", "stubstart", "contents_stub", "content_stub", "forwardstart",
@ -1124,7 +1124,7 @@ static const char *const yytname[] =
"server_udp_upstream_without_downstream", "server_ssl_upstream", "server_udp_upstream_without_downstream", "server_ssl_upstream",
"server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port", "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port",
"server_tls_cert_bundle", "server_tls_win_cert", "server_tls_cert_bundle", "server_tls_win_cert",
"server_tls_additional_ports", "server_use_systemd", "server_tls_additional_port", "server_use_systemd",
"server_do_daemonize", "server_use_syslog", "server_log_time_ascii", "server_do_daemonize", "server_use_syslog", "server_log_time_ascii",
"server_log_queries", "server_log_replies", "server_chroot", "server_log_queries", "server_log_replies", "server_chroot",
"server_username", "server_directory", "server_logfile", "server_username", "server_directory", "server_logfile",
@ -3022,8 +3022,8 @@ yyreduce:
case 260: case 260:
#line 701 "./util/configparser.y" /* yacc.c:1646 */ #line 701 "./util/configparser.y" /* yacc.c:1646 */
{ {
OUTYY(("P(server_tls_additional_ports:%s)\n", (yyvsp[0].str))); OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str)));
if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_ports, if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
(yyvsp[0].str))) (yyvsp[0].str)))
yyerror("out of memory"); yyerror("out of memory");
} }

4
util/configparser.h
View file

@ -280,7 +280,7 @@ extern int yydebug;
VAR_URL = 490, VAR_URL = 490,
VAR_FOR_DOWNSTREAM = 491, VAR_FOR_DOWNSTREAM = 491,
VAR_FALLBACK_ENABLED = 492, VAR_FALLBACK_ENABLED = 492,
VAR_TLS_ADDITIONAL_PORTS = 493, VAR_TLS_ADDITIONAL_PORT = 493,
VAR_LOW_RTT = 494, VAR_LOW_RTT = 494,
VAR_LOW_RTT_PERMIL = 495, VAR_LOW_RTT_PERMIL = 495,
VAR_ALLOW_NOTIFY = 496, VAR_ALLOW_NOTIFY = 496,
@ -523,7 +523,7 @@ extern int yydebug;
#define VAR_URL 490 #define VAR_URL 490
#define VAR_FOR_DOWNSTREAM 491 #define VAR_FOR_DOWNSTREAM 491
#define VAR_FALLBACK_ENABLED 492 #define VAR_FALLBACK_ENABLED 492
#define VAR_TLS_ADDITIONAL_PORTS 493 #define VAR_TLS_ADDITIONAL_PORT 493
#define VAR_LOW_RTT 494 #define VAR_LOW_RTT 494
#define VAR_LOW_RTT_PERMIL 495 #define VAR_LOW_RTT_PERMIL 495
#define VAR_ALLOW_NOTIFY 496 #define VAR_ALLOW_NOTIFY 496

10
util/configparser.y
View file

@ -156,7 +156,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
%token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
%token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
%token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORTS VAR_LOW_RTT VAR_LOW_RTT_PERMIL %token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
%token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT
%% %%
@ -248,7 +248,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl | server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
server_ipsecmod_whitelist | server_ipsecmod_strict | server_ipsecmod_whitelist | server_ipsecmod_strict |
server_udp_upstream_without_downstream | server_aggressive_nsec | server_udp_upstream_without_downstream | server_aggressive_nsec |
server_tls_cert_bundle | server_tls_additional_ports | server_low_rtt | server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
server_low_rtt_permil | server_tls_win_cert server_low_rtt_permil | server_tls_win_cert
; ;
stubstart: VAR_STUB_ZONE stubstart: VAR_STUB_ZONE
@ -697,10 +697,10 @@ server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
free($2); free($2);
} }
; ;
server_tls_additional_ports: VAR_TLS_ADDITIONAL_PORTS STRING_ARG server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
{ {
OUTYY(("P(server_tls_additional_ports:%s)\n", $2)); OUTYY(("P(server_tls_additional_port:%s)\n", $2));
if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_ports, if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
$2)) $2))
yyerror("out of memory"); yyerror("out of memory");
} }