mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for
using ipv4 filters, because the hosts ip6 netblock /64 is not owned by one operator, and thus reputation is shared.
This commit is contained in:
W.C.A. Wijngaards
parent
f99dd8f6dc
commit
318d4e91cc
9 changed files with 4298 additions and 4197 deletions
|
|
@ -1,3 +1,8 @@
|
||||||
|
25 February 2020: Wouter
|
||||||
|
- Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for
|
||||||
|
using ipv4 filters, because the hosts ip6 netblock /64 is not owned
|
||||||
|
by one operator, and thus reputation is shared.
|
||||||
|
|
||||||
24 February 2020: George
|
24 February 2020: George
|
||||||
- Merge PR #166: Fix typo in unbound.service.in, by glitsj16.
|
- Merge PR #166: Fix typo in unbound.service.in, by glitsj16.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -484,6 +484,63 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env,
|
||||||
got_num = num4ok;
|
got_num = num4ok;
|
||||||
*selected_rtt = num4_lowrtt;
|
*selected_rtt = num4_lowrtt;
|
||||||
}
|
}
|
||||||
|
} else if (env->cfg->prefer_ip4) {
|
||||||
|
int got_num4 = 0;
|
||||||
|
int low_rtt4 = 0;
|
||||||
|
int i;
|
||||||
|
int attempt = -1; /* filter to make sure addresses have
|
||||||
|
less attempts on them than the first, to force round
|
||||||
|
robin when all the IPv4 addresses fail */
|
||||||
|
int num6ok = 0; /* number ip6 at low attempt count */
|
||||||
|
int num6_lowrtt = 0;
|
||||||
|
prev = NULL;
|
||||||
|
a = dp->result_list;
|
||||||
|
for(i = 0; i < got_num; i++) {
|
||||||
|
swap_to_front = 0;
|
||||||
|
if(a->addr.ss_family != AF_INET && attempt == -1) {
|
||||||
|
/* if we only have ip6 at low attempt count,
|
||||||
|
* then ip4 is failing, and we need to
|
||||||
|
* select one of the remaining IPv6 addrs */
|
||||||
|
attempt = a->attempts;
|
||||||
|
num6ok++;
|
||||||
|
num6_lowrtt = a->sel_rtt;
|
||||||
|
} else if(a->addr.ss_family != AF_INET && attempt == a->attempts) {
|
||||||
|
num6ok++;
|
||||||
|
if(num6_lowrtt == 0 || a->sel_rtt < num6_lowrtt) {
|
||||||
|
num6_lowrtt = a->sel_rtt;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(a->addr.ss_family == AF_INET) {
|
||||||
|
if(attempt == -1) {
|
||||||
|
attempt = a->attempts;
|
||||||
|
} else if(a->attempts > attempt) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
got_num4++;
|
||||||
|
swap_to_front = 1;
|
||||||
|
if(low_rtt4 == 0 || a->sel_rtt < low_rtt4) {
|
||||||
|
low_rtt4 = a->sel_rtt;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* swap to front if IPv4, or move to next result */
|
||||||
|
if(swap_to_front && prev) {
|
||||||
|
n = a->next_result;
|
||||||
|
prev->next_result = n;
|
||||||
|
a->next_result = dp->result_list;
|
||||||
|
dp->result_list = a;
|
||||||
|
a = n;
|
||||||
|
} else {
|
||||||
|
prev = a;
|
||||||
|
a = a->next_result;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(got_num4 > 0) {
|
||||||
|
got_num = got_num4;
|
||||||
|
*selected_rtt = low_rtt4;
|
||||||
|
} else if(num6ok > 0) {
|
||||||
|
got_num = num6ok;
|
||||||
|
*selected_rtt = num6_lowrtt;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return got_num;
|
return got_num;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -481,6 +481,8 @@ morechecks(struct config_file* cfg)
|
||||||
fatal_exit("num_threads value weird");
|
fatal_exit("num_threads value weird");
|
||||||
if(!cfg->do_ip4 && !cfg->do_ip6)
|
if(!cfg->do_ip4 && !cfg->do_ip6)
|
||||||
fatal_exit("ip4 and ip6 are both disabled, pointless");
|
fatal_exit("ip4 and ip6 are both disabled, pointless");
|
||||||
|
if(!cfg->do_ip4 && cfg->prefer_ip4)
|
||||||
|
fatal_exit("cannot prefer and disable ip4, pointless");
|
||||||
if(!cfg->do_ip6 && cfg->prefer_ip6)
|
if(!cfg->do_ip6 && cfg->prefer_ip6)
|
||||||
fatal_exit("cannot prefer and disable ip6, pointless");
|
fatal_exit("cannot prefer and disable ip6, pointless");
|
||||||
if(!cfg->do_udp && !cfg->do_tcp)
|
if(!cfg->do_udp && !cfg->do_tcp)
|
||||||
|
|
|
||||||
|
|
@ -85,6 +85,8 @@ struct config_file {
|
||||||
int do_ip4;
|
int do_ip4;
|
||||||
/** do ip6 query support. */
|
/** do ip6 query support. */
|
||||||
int do_ip6;
|
int do_ip6;
|
||||||
|
/** prefer ip4 upstream queries. */
|
||||||
|
int prefer_ip4;
|
||||||
/** prefer ip6 upstream queries. */
|
/** prefer ip6 upstream queries. */
|
||||||
int prefer_ip6;
|
int prefer_ip6;
|
||||||
/** do udp query support. */
|
/** do udp query support. */
|
||||||
|
|
|
||||||
3721
util/configlexer.c
3721
util/configlexer.c
File diff suppressed because it is too large
Load diff
|
|
@ -220,6 +220,7 @@ outgoing-num-tcp{COLON} { YDVAR(1, VAR_OUTGOING_NUM_TCP) }
|
||||||
incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) }
|
incoming-num-tcp{COLON} { YDVAR(1, VAR_INCOMING_NUM_TCP) }
|
||||||
do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) }
|
do-ip4{COLON} { YDVAR(1, VAR_DO_IP4) }
|
||||||
do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) }
|
do-ip6{COLON} { YDVAR(1, VAR_DO_IP6) }
|
||||||
|
prefer-ip4{COLON} { YDVAR(1, VAR_PREFER_IP4) }
|
||||||
prefer-ip6{COLON} { YDVAR(1, VAR_PREFER_IP6) }
|
prefer-ip6{COLON} { YDVAR(1, VAR_PREFER_IP6) }
|
||||||
do-udp{COLON} { YDVAR(1, VAR_DO_UDP) }
|
do-udp{COLON} { YDVAR(1, VAR_DO_UDP) }
|
||||||
do-tcp{COLON} { YDVAR(1, VAR_DO_TCP) }
|
do-tcp{COLON} { YDVAR(1, VAR_DO_TCP) }
|
||||||
|
|
|
||||||
3646
util/configparser.c
3646
util/configparser.c
File diff suppressed because it is too large
Load diff
1048
util/configparser.h
1048
util/configparser.h
File diff suppressed because it is too large
Load diff
|
|
@ -70,7 +70,7 @@ extern struct config_parser_state* cfg_parser;
|
||||||
%token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
|
%token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
|
||||||
%token <str> STRING_ARG
|
%token <str> STRING_ARG
|
||||||
%token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
|
%token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
|
||||||
%token VAR_OUTGOING_RANGE VAR_INTERFACE
|
%token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
|
||||||
%token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
|
%token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
|
||||||
%token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
|
%token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
|
||||||
%token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
|
%token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
|
||||||
|
|
@ -191,7 +191,7 @@ contents_server: contents_server content_server
|
||||||
| ;
|
| ;
|
||||||
content_server: server_num_threads | server_verbosity | server_port |
|
content_server: server_num_threads | server_verbosity | server_port |
|
||||||
server_outgoing_range | server_do_ip4 |
|
server_outgoing_range | server_do_ip4 |
|
||||||
server_do_ip6 | server_prefer_ip6 |
|
server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 |
|
||||||
server_do_udp | server_do_tcp |
|
server_do_udp | server_do_tcp |
|
||||||
server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
|
server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
|
||||||
server_tcp_keepalive | server_tcp_keepalive_timeout |
|
server_tcp_keepalive | server_tcp_keepalive_timeout |
|
||||||
|
|
@ -780,6 +780,15 @@ server_do_tcp: VAR_DO_TCP STRING_ARG
|
||||||
free($2);
|
free($2);
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
|
||||||
|
{
|
||||||
|
OUTYY(("P(server_prefer_ip4:%s)\n", $2));
|
||||||
|
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||||
|
yyerror("expected yes or no.");
|
||||||
|
else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
|
server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
|
||||||
{
|
{
|
||||||
OUTYY(("P(server_prefer_ip6:%s)\n", $2));
|
OUTYY(("P(server_prefer_ip6:%s)\n", $2));
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue