upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into doh

Browse source
This commit is contained in:
Ralph Dolmans 2020-09-16 18:38:51 +02:00
commit 4ae823fbc2
207 changed files with 10351 additions and 12992 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

134
aclocal.m4 vendored
View file

@ -736,7 +736,6 @@ _LT_CONFIG_SAVE_COMMANDS([
cat <<_LT_EOF >> "$cfgfile"
#! $SHELL
# Generated automatically by $as_me ($PACKAGE) $VERSION
# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
# Provide generalized library-building support services.
@ -1048,8 +1047,8 @@ int forced_loaded() { return 2;}
_LT_EOF
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
$AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
$AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
$RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
cat > conftest.c << _LT_EOF
@ -1499,7 +1498,7 @@ need_locks=$enable_libtool_lock
m4_defun([_LT_PROG_AR],
[AC_CHECK_TOOLS(AR, [ar], false)
: ${AR=ar}
: ${AR_FLAGS=cru}
: ${AR_FLAGS=cr}
_LT_DECL([], [AR], [1], [The archiver])
_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
@ -2873,9 +2872,6 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
# before this can be enabled.
hardcode_into_libs=yes
# Add ABI-specific directories to the system library path.
sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
# Ideally, we could use ldconfig to report *all* directores which are
# searched for libraries, however this is still not possible. Aside from not
# being certain /sbin/ldconfig is available, command
@ -2884,7 +2880,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
# appending ld.so.conf contents (and includes) to the search path.
if test -f /etc/ld.so.conf; then
lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra"
sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
fi
# We used to test for /lib/ld.so.1 and disable shared libraries on
@ -2896,6 +2892,18 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
dynamic_linker='GNU/Linux ld.so'
;;
netbsdelf*-gnu)
version_type=linux
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
dynamic_linker='NetBSD ld.elf_so'
;;
netbsd*)
version_type=sunos
need_lib_prefix=no
@ -3555,7 +3563,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
lt_cv_deplibs_check_method=pass_all
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
else
@ -4061,7 +4069,8 @@ _LT_EOF
if AC_TRY_EVAL(ac_compile); then
# Now try to grab the symbols.
nlist=conftest.nm
if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
$ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD
if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then
# Try sorting and uniquifying the output.
if sort "$nlist" | uniq > "$nlist"T; then
mv -f "$nlist"T "$nlist"
@ -4433,7 +4442,7 @@ m4_if([$1], [CXX], [
;;
esac
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
;;
*qnx* | *nto*)
# QNX uses GNU C++, but need to define -shared option too, otherwise
@ -4701,6 +4710,12 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
;;
# flang / f18. f95 an alias for gfortran or flang on Debian
flang* | f18* | f95*)
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
;;
# icc used to be incompatible with GCC.
# ICC 10 doesn't accept -KPIC any more.
icc* | ifort*)
@ -4945,6 +4960,9 @@ m4_if([$1], [CXX], [
;;
esac
;;
linux* | k*bsd*-gnu | gnu*)
_LT_TAGVAR(link_all_deplibs, $1)=no
;;
*)
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
;;
@ -5007,6 +5025,9 @@ dnl Note also adjust exclude_expsyms for C++ above.
openbsd* | bitrig*)
with_gnu_ld=no
;;
linux* | k*bsd*-gnu | gnu*)
_LT_TAGVAR(link_all_deplibs, $1)=no
;;
esac
_LT_TAGVAR(ld_shlibs, $1)=yes
@ -5261,7 +5282,7 @@ _LT_EOF
fi
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
wlarc=
@ -5782,6 +5803,7 @@ _LT_EOF
if test yes = "$lt_cv_irix_exported_symbol"; then
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
fi
_LT_TAGVAR(link_all_deplibs, $1)=no
else
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
@ -5803,7 +5825,7 @@ _LT_EOF
esac
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
else
@ -6425,7 +6447,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
GXX=no
@ -6800,7 +6822,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
if test yes = "$GXX"; then
@ -6865,7 +6887,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
if test yes = "$GXX"; then
@ -7204,7 +7226,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
# FIXME: insert proper C++ library support
@ -7288,7 +7310,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
# g++ 2.7 appears to require '-G' NOT '-shared' on this
# platform.
@ -7299,7 +7321,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
fi
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
@ -9044,9 +9066,9 @@ m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])])
m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])])
m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])])
# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
# serial 11 (pkg-config-0.29.1)
dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
dnl serial 11 (pkg-config-0.29.1)
dnl
dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
dnl
@ -9320,74 +9342,6 @@ AS_VAR_COPY([$1], [pkg_cv_][$1])
AS_VAR_IF([$1], [""], [$5], [$4])dnl
])dnl PKG_CHECK_VAR
dnl PKG_WITH_MODULES(VARIABLE-PREFIX, MODULES,
dnl [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND],
dnl [DESCRIPTION], [DEFAULT])
dnl ------------------------------------------
dnl
dnl Prepare a "--with-" configure option using the lowercase
dnl [VARIABLE-PREFIX] name, merging the behaviour of AC_ARG_WITH and
dnl PKG_CHECK_MODULES in a single macro.
AC_DEFUN([PKG_WITH_MODULES],
[
m4_pushdef([with_arg], m4_tolower([$1]))
m4_pushdef([description],
[m4_default([$5], [build with ]with_arg[ support])])
m4_pushdef([def_arg], [m4_default([$6], [auto])])
m4_pushdef([def_action_if_found], [AS_TR_SH([with_]with_arg)=yes])
m4_pushdef([def_action_if_not_found], [AS_TR_SH([with_]with_arg)=no])
m4_case(def_arg,
[yes],[m4_pushdef([with_without], [--without-]with_arg)],
[m4_pushdef([with_without],[--with-]with_arg)])
AC_ARG_WITH(with_arg,
AS_HELP_STRING(with_without, description[ @<:@default=]def_arg[@:>@]),,
[AS_TR_SH([with_]with_arg)=def_arg])
AS_CASE([$AS_TR_SH([with_]with_arg)],
[yes],[PKG_CHECK_MODULES([$1],[$2],$3,$4)],
[auto],[PKG_CHECK_MODULES([$1],[$2],
[m4_n([def_action_if_found]) $3],
[m4_n([def_action_if_not_found]) $4])])
m4_popdef([with_arg])
m4_popdef([description])
m4_popdef([def_arg])
])dnl PKG_WITH_MODULES
dnl PKG_HAVE_WITH_MODULES(VARIABLE-PREFIX, MODULES,
dnl [DESCRIPTION], [DEFAULT])
dnl -----------------------------------------------
dnl
dnl Convenience macro to trigger AM_CONDITIONAL after PKG_WITH_MODULES
dnl check._[VARIABLE-PREFIX] is exported as make variable.
AC_DEFUN([PKG_HAVE_WITH_MODULES],
[
PKG_WITH_MODULES([$1],[$2],,,[$3],[$4])
AM_CONDITIONAL([HAVE_][$1],
[test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"])
])dnl PKG_HAVE_WITH_MODULES
dnl PKG_HAVE_DEFINE_WITH_MODULES(VARIABLE-PREFIX, MODULES,
dnl [DESCRIPTION], [DEFAULT])
dnl ------------------------------------------------------
dnl
dnl Convenience macro to run AM_CONDITIONAL and AC_DEFINE after
dnl PKG_WITH_MODULES check. HAVE_[VARIABLE-PREFIX] is exported as make
dnl and preprocessor variable.
AC_DEFUN([PKG_HAVE_DEFINE_WITH_MODULES],
[
PKG_HAVE_WITH_MODULES([$1],[$2],[$3],[$4])
AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"],
[AC_DEFINE([HAVE_][$1], 1, [Enable ]m4_tolower([$1])[ support])])
])dnl PKG_HAVE_DEFINE_WITH_MODULES
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2018 Free Software Foundation, Inc.

37
acx_nlnetlabs.m4
View file

@ -2,7 +2,8 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 34
# Version 35
# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0).
# 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0.
# 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0).
# 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20
@ -673,16 +674,16 @@ AC_DEFUN([ACX_SSL_CHECKS], [
ACX_RUNTIME_PATH_ADD([$ssldir/lib])
fi
AC_MSG_CHECKING([for HMAC_Update in -lcrypto])
AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
LIBS="$LIBS -lcrypto"
LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
AC_TRY_LINK(, [
int HMAC_Update(void);
(void)HMAC_Update();
int EVP_sha256(void);
(void)EVP_sha256();
], [
AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
], [
AC_MSG_RESULT(no)
# check if -lwsock32 or -lgdi32 are needed.
@ -692,11 +693,11 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32"
AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
int EVP_sha256(void);
(void)EVP_sha256();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@ -706,11 +707,11 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
AC_MSG_CHECKING([if -lcrypto needs -ldl])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
int EVP_sha256(void);
(void)EVP_sha256();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@ -720,11 +721,11 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
AC_TRY_LINK([], [
int HMAC_Update(void);
(void)HMAC_Update();
int EVP_sha256(void);
(void)EVP_sha256();
],[
AC_DEFINE([HAVE_HMAC_UPDATE], 1,
[If you have HMAC_Update])
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)

26
config.h.in
View file

@ -225,6 +225,9 @@
/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */
#undef HAVE_EVP_ENCRYPTINIT_EX
/* Define to 1 if you have the `EVP_MAC_CTX_set_params' function. */
#undef HAVE_EVP_MAC_CTX_SET_PARAMS
/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
#undef HAVE_EVP_MD_CTX_NEW
@ -273,6 +276,9 @@
/* Define to 1 if you have the `getentropy' function. */
#undef HAVE_GETENTROPY
/* Define to 1 if you have the `getifaddrs' function. */
#undef HAVE_GETIFADDRS
/* Define to 1 if you have the <getopt.h> header file. */
#undef HAVE_GETOPT_H
@ -300,12 +306,12 @@
/* Define to 1 if you have the `HMAC_Init_ex' function. */
#undef HAVE_HMAC_INIT_EX
/* If you have HMAC_Update */
#undef HAVE_HMAC_UPDATE
/* If we have htobe64 */
#undef HAVE_HTOBE64
/* Define to 1 if you have the <ifaddrs.h> header file. */
#undef HAVE_IFADDRS_H
/* Define to 1 if you have the `inet_aton' function. */
#undef HAVE_INET_ATON
@ -375,6 +381,9 @@
/* Define to 1 if you have the <nettle/eddsa.h> header file. */
#undef HAVE_NETTLE_EDDSA_H
/* Define to 1 if you have the <net/if.h> header file. */
#undef HAVE_NET_IF_H
/* Define this to use nghttp2 client. */
#undef HAVE_NGHTTP2
@ -396,6 +405,9 @@
/* Define to 1 if you have the <openssl/conf.h> header file. */
#undef HAVE_OPENSSL_CONF_H
/* Define to 1 if you have the <openssl/core_names.h> header file. */
#undef HAVE_OPENSSL_CORE_NAMES_H
/* Define to 1 if you have the <openssl/dh.h> header file. */
#undef HAVE_OPENSSL_DH_H
@ -513,8 +525,9 @@
/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */
#undef HAVE_SSL_CTX_SET_SECURITY_LEVEL
/* Define to 1 if you have the `SSL_CTX_set_tlsext_ticket_key_cb' function. */
#undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_CB
/* Define to 1 if you have the `SSL_CTX_set_tlsext_ticket_key_evp_cb'
function. */
#undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB
/* Define to 1 if you have the `SSL_get0_peername' function. */
#undef HAVE_SSL_GET0_PEERNAME
@ -582,6 +595,9 @@
/* Define to 1 if you have the <sys/resource.h> header file. */
#undef HAVE_SYS_RESOURCE_H
/* Define to 1 if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H
/* Define to 1 if you have the <sys/sha2.h> header file. */
#undef HAVE_SYS_SHA2_H

118
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unbound 1.10.2.
# Generated by GNU Autoconf 2.69 for unbound 1.11.1.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
#
@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
PACKAGE_VERSION='1.10.2'
PACKAGE_STRING='unbound 1.10.2'
PACKAGE_VERSION='1.11.1'
PACKAGE_STRING='unbound 1.11.1'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
PACKAGE_URL=''
@ -1470,7 +1470,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures unbound 1.10.2 to adapt to many kinds of systems.
\`configure' configures unbound 1.11.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1536,7 +1536,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of unbound 1.10.2:";;
short | recursive ) echo "Configuration of unbound 1.11.1:";;
esac
cat <<\_ACEOF
@ -1764,7 +1764,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
unbound configure 1.10.2
unbound configure 1.11.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2473,7 +2473,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by unbound $as_me 1.10.2, which was
It was created by unbound $as_me 1.11.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2823,13 +2823,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=10
UNBOUND_VERSION_MINOR=11
UNBOUND_VERSION_MICRO=2
UNBOUND_VERSION_MICRO=1
LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=9
LIBUNBOUND_REVISION=10
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -2905,7 +2905,8 @@ LIBUNBOUND_AGE=1
# 1.9.6 had 9:6:1
# 1.10.0 had 9:7:1
# 1.10.1 had 9:8:1
# 1.10.2 had 9:9:1
# 1.11.0 had 9:9:1
# 1.11.1 had 9:10:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -8080,7 +8081,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
lt_cv_deplibs_check_method=pass_all
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
else
@ -8442,7 +8443,7 @@ esac
fi
: ${AR=ar}
: ${AR_FLAGS=cru}
: ${AR_FLAGS=cr}
@ -8985,11 +8986,8 @@ _LT_EOF
test $ac_status = 0; }; then
# Now try to grab the symbols.
nlist=conftest.nm
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5
(eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && test -s "$nlist"; then
$ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5
if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then
# Try sorting and uniquifying the output.
if sort "$nlist" | uniq > "$nlist"T; then
mv -f "$nlist"T "$nlist"
@ -10208,8 +10206,8 @@ int forced_loaded() { return 2;}
_LT_EOF
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
echo "$AR cru libconftest.a conftest.o" >&5
$AR cru libconftest.a conftest.o 2>&5
echo "$AR cr libconftest.a conftest.o" >&5
$AR cr libconftest.a conftest.o 2>&5
echo "$RANLIB libconftest.a" >&5
$RANLIB libconftest.a 2>&5
cat > conftest.c << _LT_EOF
@ -11069,6 +11067,12 @@ lt_prog_compiler_static=
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-static'
;;
# flang / f18. f95 an alias for gfortran or flang on Debian
flang* | f18* | f95*)
lt_prog_compiler_wl='-Wl,'
lt_prog_compiler_pic='-fPIC'
lt_prog_compiler_static='-static'
;;
# icc used to be incompatible with GCC.
# ICC 10 doesn't accept -KPIC any more.
icc* | ifort*)
@ -11545,6 +11549,9 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie
openbsd* | bitrig*)
with_gnu_ld=no
;;
linux* | k*bsd*-gnu | gnu*)
link_all_deplibs=no
;;
esac
ld_shlibs=yes
@ -11799,7 +11806,7 @@ _LT_EOF
fi
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
wlarc=
@ -12469,6 +12476,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
if test yes = "$lt_cv_irix_exported_symbol"; then
archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
fi
link_all_deplibs=no
else
archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
@ -12490,7 +12498,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
esac
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
else
@ -13585,9 +13593,6 @@ fi
# before this can be enabled.
hardcode_into_libs=yes
# Add ABI-specific directories to the system library path.
sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
# Ideally, we could use ldconfig to report *all* directores which are
# searched for libraries, however this is still not possible. Aside from not
# being certain /sbin/ldconfig is available, command
@ -13596,7 +13601,7 @@ fi
# appending ld.so.conf contents (and includes) to the search path.
if test -f /etc/ld.so.conf; then
lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra"
sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
fi
# We used to test for /lib/ld.so.1 and disable shared libraries on
@ -13608,6 +13613,18 @@ fi
dynamic_linker='GNU/Linux ld.so'
;;
netbsdelf*-gnu)
version_type=linux
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
dynamic_linker='NetBSD ld.elf_so'
;;
netbsd*)
version_type=sunos
need_lib_prefix=no
@ -14739,7 +14756,7 @@ $as_echo "no" >&6; }
fi
# Checks for header files.
for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h
for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h net/if.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
@ -17956,8 +17973,8 @@ $as_echo "found in $ssldir" >&6; }
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for HMAC_Update in -lcrypto" >&5
$as_echo_n "checking for HMAC_Update in -lcrypto... " >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_sha256 in -lcrypto" >&5
$as_echo_n "checking for EVP_sha256 in -lcrypto... " >&6; }
LIBS="$LIBS -lcrypto"
LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@ -17967,8 +17984,8 @@ int
main ()
{
int HMAC_Update(void);
(void)HMAC_Update();
int EVP_sha256(void);
(void)EVP_sha256();
;
return 0;
@ -17979,7 +17996,7 @@ if ac_fn_c_try_link "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h
$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
else
@ -18000,8 +18017,8 @@ int
main ()
{
int HMAC_Update(void);
(void)HMAC_Update();
int EVP_sha256(void);
(void)EVP_sha256();
;
return 0;
@ -18010,7 +18027,7 @@ _ACEOF
if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h
$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
@ -18032,8 +18049,8 @@ int
main ()
{
int HMAC_Update(void);
(void)HMAC_Update();
int EVP_sha256(void);
(void)EVP_sha256();
;
return 0;
@ -18042,7 +18059,7 @@ _ACEOF
if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h
$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
@ -18064,8 +18081,8 @@ int
main ()
{
int HMAC_Update(void);
(void)HMAC_Update();
int EVP_sha256(void);
(void)EVP_sha256();
;
return 0;
@ -18074,7 +18091,7 @@ _ACEOF
if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h
$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
@ -18259,11 +18276,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
#ifdef __cplusplus
extern "C"
#endif
char HMAC_Update ();
char EVP_sha256 ();
int
main ()
{
return HMAC_Update ();
return EVP_sha256 ();
;
return 0;
}
@ -18340,7 +18357,7 @@ else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h
for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
@ -18354,7 +18371,7 @@ fi
done
for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback
for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -18370,7 +18387,7 @@ done
# these check_funcs need -lssl
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_alpn_select_cb
for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -20301,7 +20318,7 @@ if test "$ac_res" != no; then :
fi
for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4
for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -21697,7 +21714,7 @@ _ACEOF
version=1.10.2
version=1.11.1
date=`date +'%b %e, %Y'`
@ -22216,7 +22233,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by unbound $as_me 1.10.2, which was
This file was extended by unbound $as_me 1.11.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -22282,7 +22299,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
unbound config.status 1.10.2
unbound config.status 1.11.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@ -23275,7 +23292,6 @@ $as_echo "$as_me: executing $ac_file commands" >&6;}
cat <<_LT_EOF >> "$cfgfile"
#! $SHELL
# Generated automatically by $as_me ($PACKAGE) $VERSION
# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
# Provide generalized library-building support services.

21
configure.ac
View file

@ -10,15 +10,15 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[10])
m4_define([VERSION_MICRO],[2])
m4_define([VERSION_MINOR],[11])
m4_define([VERSION_MICRO],[1])
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound)
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9
LIBUNBOUND_REVISION=9
LIBUNBOUND_REVISION=10
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@ -94,7 +94,8 @@ LIBUNBOUND_AGE=1
# 1.9.6 had 9:6:1
# 1.10.0 had 9:7:1
# 1.10.1 had 9:8:1
# 1.10.2 had 9:9:1
# 1.11.0 had 9:9:1
# 1.11.1 had 9:10:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@ -398,7 +399,7 @@ ACX_LIBTOOL_C_ONLY
PKG_PROG_PKG_CONFIG
# Checks for header files.
AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h net/if.h],,, [AC_INCLUDES_DEFAULT])
# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH
AC_CHECK_HEADERS([TargetConditionals.h])
@ -831,7 +832,7 @@ AC_SUBST(PC_CRYPTO_DEPENDENCY)
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
AC_MSG_CHECKING([if libssl needs -lcrypt32])
AC_TRY_LINK_FUNC([HMAC_Update], [
AC_TRY_LINK_FUNC([EVP_sha256], [
AC_MSG_RESULT([no])
LIBS="$BAKLIBS"
], [
@ -850,13 +851,13 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/
else
AC_MSG_RESULT([no])
fi
AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback])
AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params])
# these check_funcs need -lssl
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_alpn_select_cb])
AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb])
LIBS="$BAKLIBS"
AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
@ -1584,7 +1585,7 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([
AC_MSG_RESULT(no))
AC_SEARCH_LIBS([setusercontext], [util])
AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4])
AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs])
AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])])
AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])

164
contrib/aaaa-filter-iterator.patch
View file

@ -1,10 +1,10 @@
Index: trunk/doc/unbound.conf.5.in
===================================================================
--- trunk/doc/unbound.conf.5.in (revision 4357)
+++ trunk/doc/unbound.conf.5.in (working copy)
@@ -701,6 +701,13 @@
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index f426ac5f..147fbfa9 100644
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -872,6 +872,13 @@ potentially broken nameservers. A lot of domains will not be resolvable when
this option in enabled. Only use if you know what you are doing.
This option only has effect when qname-minimisation is enabled. Default is off.
This option only has effect when qname-minimisation is enabled. Default is no.
.TP
+.B aaaa\-filter: \fI<yes or no>
+Activate behavior similar to BIND's AAAA-filter.
@ -16,14 +16,15 @@ Index: trunk/doc/unbound.conf.5.in
.B aggressive\-nsec: \fI<yes or no>
Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
and other denials, using information from previous NXDOMAINs answers.
Index: trunk/iterator/iter_scrub.c
===================================================================
--- trunk/iterator/iter_scrub.c (revision 4357)
+++ trunk/iterator/iter_scrub.c (working copy)
@@ -617,6 +617,32 @@
diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c
index aae934dd..55c55de0 100644
--- a/iterator/iter_scrub.c
+++ b/iterator/iter_scrub.c
@@ -667,6 +667,32 @@ static int sanitize_nsec_is_overreach(struct rrset_parse* rrset,
return 0;
}
/**
+/**
+ * ASN: Lookup A records from rrset cache.
+ * @param qinfo: the question originally asked.
+ * @param env: module environment with config and cache.
@ -49,11 +50,10 @@ Index: trunk/iterator/iter_scrub.c
+ return 0;
+}
+
+/**
/**
* Given a response event, remove suspect RRsets from the response.
* "Suspect" rrsets are potentially poison. Note that this routine expects
* the response to be in a "normalized" state -- that is, all "irrelevant"
@@ -635,6 +661,7 @@
@@ -686,6 +712,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
struct query_info* qinfo, uint8_t* zonename, struct module_env* env,
struct iter_env* ie)
{
@ -61,7 +61,7 @@ Index: trunk/iterator/iter_scrub.c
int del_addi = 0; /* if additional-holding rrsets are deleted, we
do not trust the normalized additional-A-AAAA any more */
struct rrset_parse* rrset, *prev;
@@ -670,6 +697,13 @@
@@ -721,6 +748,13 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
rrset = rrset->rrset_all_next;
}
@ -75,11 +75,10 @@ Index: trunk/iterator/iter_scrub.c
/* At this point, we brutally remove ALL rrsets that aren't
* children of the originating zone. The idea here is that,
* as far as we know, the server that we contacted is ONLY
@@ -680,6 +714,24 @@
prev = NULL;
@@ -732,6 +766,24 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
rrset = msg->rrset_first;
while(rrset) {
+
+ /* ASN: For AAAA records only... */
+ if((ie->aaaa_filter) && (rrset->type == LDNS_RR_TYPE_AAAA)) {
+ /* ASN: If this is not a AAAA query, then remove AAAA
@ -97,14 +96,15 @@ Index: trunk/iterator/iter_scrub.c
+ LDNS_RR_TYPE_AAAA, qinfo->qclass);
+ }
+ /* ASN: End of added code */
+
/* remove private addresses */
if( (rrset->type == LDNS_RR_TYPE_A ||
Index: trunk/iterator/iter_utils.c
===================================================================
--- trunk/iterator/iter_utils.c (revision 4357)
+++ trunk/iterator/iter_utils.c (working copy)
@@ -175,6 +175,7 @@
rrset->type == LDNS_RR_TYPE_AAAA)) {
diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c
index 7bc67da6..e10f547a 100644
--- a/iterator/iter_utils.c
+++ b/iterator/iter_utils.c
@@ -175,6 +175,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
}
iter_env->supports_ipv6 = cfg->do_ip6;
iter_env->supports_ipv4 = cfg->do_ip4;
@ -112,11 +112,11 @@ Index: trunk/iterator/iter_utils.c
return 1;
}
Index: trunk/iterator/iterator.c
===================================================================
--- trunk/iterator/iterator.c (revision 4357)
+++ trunk/iterator/iterator.c (working copy)
@@ -1847,6 +1847,53 @@
diff --git a/iterator/iterator.c b/iterator/iterator.c
index 23b07ea9..ca29b48c 100644
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -2127,6 +2127,53 @@ processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id)
return 0;
}
@ -170,7 +170,7 @@ Index: trunk/iterator/iterator.c
/**
* This is the request event state where the request will be sent to one of
@@ -1894,6 +1941,13 @@
@@ -2186,6 +2233,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
}
@ -184,7 +184,7 @@ Index: trunk/iterator/iterator.c
/* Make sure we have a delegation point, otherwise priming failed
* or another failure occurred */
if(!iq->dp) {
@@ -3095,6 +3149,61 @@
@@ -3574,6 +3628,61 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
return 0;
}
@ -246,7 +246,7 @@ Index: trunk/iterator/iterator.c
/*
* Return priming query results to interested super querystates.
*
@@ -3114,6 +3223,9 @@
@@ -3593,6 +3702,9 @@ iter_inform_super(struct module_qstate* qstate, int id,
else if(super->qinfo.qtype == LDNS_RR_TYPE_DS && ((struct iter_qstate*)
super->minfo[id])->state == DSNS_FIND_STATE)
processDSNSResponse(qstate, id, super);
@ -256,7 +256,7 @@ Index: trunk/iterator/iterator.c
else if(qstate->return_rcode != LDNS_RCODE_NOERROR)
error_supers(qstate, id, super);
else if(qstate->is_priming)
@@ -3151,6 +3263,9 @@
@@ -3630,6 +3742,9 @@ iter_handle(struct module_qstate* qstate, struct iter_qstate* iq,
case INIT_REQUEST_3_STATE:
cont = processInitRequest3(qstate, iq, id);
break;
@ -266,7 +266,7 @@ Index: trunk/iterator/iterator.c
case QUERYTARGETS_STATE:
cont = processQueryTargets(qstate, iq, ie, id);
break;
@@ -3460,6 +3575,8 @@
@@ -3961,6 +4076,8 @@ iter_state_to_string(enum iter_state state)
return "INIT REQUEST STATE (stage 2)";
case INIT_REQUEST_3_STATE:
return "INIT REQUEST STATE (stage 3)";
@ -275,7 +275,7 @@ Index: trunk/iterator/iterator.c
case QUERYTARGETS_STATE :
return "QUERY TARGETS STATE";
case PRIME_RESP_STATE :
@@ -3484,6 +3601,7 @@
@@ -3985,6 +4102,7 @@ iter_state_is_responsestate(enum iter_state s)
case INIT_REQUEST_STATE :
case INIT_REQUEST_2_STATE :
case INIT_REQUEST_3_STATE :
@ -283,11 +283,11 @@ Index: trunk/iterator/iterator.c
case QUERYTARGETS_STATE :
case COLLECT_CLASS_STATE :
return 0;
Index: trunk/iterator/iterator.h
===================================================================
--- trunk/iterator/iterator.h (revision 4357)
+++ trunk/iterator/iterator.h (working copy)
@@ -130,6 +130,9 @@
diff --git a/iterator/iterator.h b/iterator/iterator.h
index 342ac207..731948d1 100644
--- a/iterator/iterator.h
+++ b/iterator/iterator.h
@@ -135,6 +135,9 @@ struct iter_env {
*/
int* target_fetch_policy;
@ -297,10 +297,11 @@ Index: trunk/iterator/iterator.h
/** lock on ratelimit counter */
lock_basic_type queries_ratelimit_lock;
/** number of queries that have been ratelimited */
@@ -182,6 +185,14 @@
@@ -186,6 +189,14 @@ enum iter_state {
*/
INIT_REQUEST_3_STATE,
/**
+ /**
+ * This state is responsible for intercepting AAAA queries,
+ * and launch a A subquery on the same target, to populate the
+ * cache with A records, so the AAAA filter scrubbing logic can
@ -308,29 +309,28 @@ Index: trunk/iterator/iterator.h
+ */
+ ASN_FETCH_A_FOR_AAAA_STATE,
+
+ /**
/**
* Each time a delegation point changes for a given query or a
* query times out and/or wakes up, this state is (re)visited.
* This state is responsible for iterating through a list of
@@ -364,6 +375,13 @@
* be used when creating the state. A higher one will be attempted.
@@ -375,6 +386,13 @@ struct iter_qstate {
*/
int refetch_glue;
+
+ /**
+ * ASN: This is a flag that, if true, means that this query is
+ * for fetching A records to populate cache and determine if we must
+ * return AAAA records or not.
+ */
+ int fetch_a_for_aaaa;
+
/** list of pending queries to authoritative servers. */
struct outbound_list outlist;
Index: trunk/pythonmod/interface.i
===================================================================
--- trunk/pythonmod/interface.i (revision 4357)
+++ trunk/pythonmod/interface.i (working copy)
@@ -851,6 +851,7 @@
diff --git a/pythonmod/interface.i b/pythonmod/interface.i
index f08b575d..47f1bb2e 100644
--- a/pythonmod/interface.i
+++ b/pythonmod/interface.i
@@ -975,6 +975,7 @@ struct config_file {
int harden_dnssec_stripped;
int harden_referral_path;
int use_caps_bits_for_id;
@ -338,11 +338,11 @@ Index: trunk/pythonmod/interface.i
struct config_strlist* private_address;
struct config_strlist* private_domain;
size_t unwanted_threshold;
Index: trunk/util/config_file.c
===================================================================
--- trunk/util/config_file.c (revision 4357)
+++ trunk/util/config_file.c (working copy)
@@ -195,6 +195,7 @@
diff --git a/util/config_file.c b/util/config_file.c
index 0ab8614a..729fb147 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -218,6 +218,7 @@ config_create(void)
cfg->harden_referral_path = 0;
cfg->harden_algo_downgrade = 0;
cfg->use_caps_bits_for_id = 0;
@ -350,11 +350,11 @@ Index: trunk/util/config_file.c
cfg->caps_whitelist = NULL;
cfg->private_address = NULL;
cfg->private_domain = NULL;
Index: trunk/util/config_file.h
===================================================================
--- trunk/util/config_file.h (revision 4357)
+++ trunk/util/config_file.h (working copy)
@@ -209,6 +209,8 @@
diff --git a/util/config_file.h b/util/config_file.h
index e61257a3..dabaa7bb 100644
--- a/util/config_file.h
+++ b/util/config_file.h
@@ -260,6 +260,8 @@ struct config_file {
int harden_algo_downgrade;
/** use 0x20 bits in query as random ID bits */
int use_caps_bits_for_id;
@ -363,11 +363,11 @@ Index: trunk/util/config_file.h
/** 0x20 whitelist, domains that do not use capsforid */
struct config_strlist* caps_whitelist;
/** strip away these private addrs from answers, no DNS Rebinding */
Index: trunk/util/configlexer.lex
===================================================================
--- trunk/util/configlexer.lex (revision 4357)
+++ trunk/util/configlexer.lex (working copy)
@@ -279,6 +279,7 @@
diff --git a/util/configlexer.lex b/util/configlexer.lex
index 79a0edca..4eaec678 100644
--- a/util/configlexer.lex
+++ b/util/configlexer.lex
@@ -304,6 +304,7 @@ harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) }
use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) }
caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) }
unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) }
@ -375,11 +375,11 @@ Index: trunk/util/configlexer.lex
private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) }
private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) }
prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) }
Index: trunk/util/configparser.y
===================================================================
--- trunk/util/configparser.y (revision 4357)
+++ trunk/util/configparser.y (working copy)
@@ -95,6 +95,7 @@
diff --git a/util/configparser.y b/util/configparser.y
index 1d0e8658..f284dd43 100644
--- a/util/configparser.y
+++ b/util/configparser.y
@@ -97,6 +97,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
%token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
%token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
@ -387,7 +387,7 @@ Index: trunk/util/configparser.y
%token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
%token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
%token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
@@ -203,6 +204,7 @@
@@ -233,6 +234,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
server_harden_referral_path | server_private_address |
server_private_domain | server_extended_statistics |
@ -395,12 +395,10 @@ Index: trunk/util/configparser.y
server_local_data_ptr | server_jostle_timeout |
server_unwanted_reply_threshold | server_log_time_ascii |
server_domain_insecure | server_val_sig_skew_min |
@@ -1183,6 +1185,15 @@
OUTYY(("P(server_caps_whitelist:%s)\n", $2));
if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
@@ -1563,6 +1565,15 @@ server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
yyerror("out of memory");
+ }
+ ;
}
;
+server_aaaa_filter: VAR_AAAA_FILTER STRING_ARG
+ {
+ OUTYY(("P(server_aaaa_filter:%s)\n", $2));
@ -408,6 +406,8 @@ Index: trunk/util/configparser.y
+ yyerror("expected yes or no.");
+ else cfg_parser->cfg->aaaa_filter = (strcmp($2, "yes")==0);
+ free($2);
}
;
+ }
+ ;
server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
{
OUTYY(("P(server_private_address:%s)\n", $2));

122
contrib/fastrpz.patch
View file

@ -2,7 +2,7 @@ Description: based on the included patch contrib/fastrpz.patch
Author: fastrpz@farsightsecurity.com
---
diff --git a/Makefile.in b/Makefile.in
index a20058cc..495779cc 100644
index bac212df..4824927f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c
@ -13,8 +13,8 @@ index a20058cc..495779cc 100644
+FASTRPZ_OBJ=@FASTRPZ_OBJ@
DNSCRYPT_SRC=@DNSCRYPT_SRC@
DNSCRYPT_OBJ=@DNSCRYPT_OBJ@
WITH_PYTHONMODULE=@WITH_PYTHONMODULE@
@@ -127,7 +129,7 @@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \
WITH_DYNLIBMODULE=@WITH_DYNLIBMODULE@
@@ -134,7 +136,7 @@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \
edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \
edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \
cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \
@ -23,16 +23,16 @@ index a20058cc..495779cc 100644
COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \
@@ -140,7 +142,7 @@ autotrust.lo val_anchor.lo rpz.lo \
@@ -147,7 +149,7 @@ autotrust.lo val_anchor.lo rpz.lo \
validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \
$(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \
-$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo
+$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo
-$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo
+$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo
COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
outside_network.lo
COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo
@@ -410,6 +412,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \
@@ -428,6 +430,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \
$(srcdir)/util/config_file.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h
@ -45,10 +45,10 @@ index a20058cc..495779cc 100644
pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \
pythonmod/interface.h \
diff --git a/config.h.in b/config.h.in
index 78d47fed..e33073e4 100644
index f7a4095e..d5a4fa01 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1345,4 +1345,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
@@ -1364,4 +1364,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
/** the version of unbound-control that this software implements */
#define UNBOUND_CONTROL_VERSION 1
@ -62,7 +62,7 @@ index 78d47fed..e33073e4 100644
+/** turn on fastrpz response policy zones */
+#undef ENABLE_FASTRPZ
diff --git a/configure.ac b/configure.ac
index 2b91dd3c..e6063d17 100644
index 5c373d9d..e45abd89 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,6 +6,7 @@ sinclude(ax_pthread.m4)
@ -73,10 +73,10 @@ index 2b91dd3c..e6063d17 100644
sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
@@ -1778,6 +1779,9 @@ case "$enable_ipset" in
;;
@@ -1819,6 +1820,9 @@ case "$enable_explicit_port_randomisation" in
esac
+# check for Fastrpz with fastrpz/rpz.m4
+ck_FASTRPZ
+
@ -84,7 +84,7 @@ index 2b91dd3c..e6063d17 100644
# on openBSD, the implicit rule make $< work.
# on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
diff --git a/daemon/daemon.c b/daemon/daemon.c
index 8b0fc348..7ffb9221 100644
index 5d427925..f89f1437 100644
--- a/daemon/daemon.c
+++ b/daemon/daemon.c
@@ -91,6 +91,9 @@
@ -97,8 +97,8 @@ index 8b0fc348..7ffb9221 100644
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
@@ -458,6 +461,14 @@ daemon_create_workers(struct daemon* daemon)
dt_apply_cfg(daemon->dtenv, daemon->cfg);
@@ -456,6 +459,14 @@ daemon_create_workers(struct daemon* daemon)
fatal_exit("dt_create failed");
#else
fatal_exit("dnstap enabled in config but not built with dnstap support");
+#endif
@ -112,7 +112,7 @@ index 8b0fc348..7ffb9221 100644
#endif
}
for(i=0; i<daemon->num; i++) {
@@ -731,6 +742,9 @@ daemon_cleanup(struct daemon* daemon)
@@ -729,6 +740,9 @@ daemon_cleanup(struct daemon* daemon)
#ifdef USE_DNSCRYPT
dnsc_delete(daemon->dnscenv);
daemon->dnscenv = NULL;
@ -139,7 +139,7 @@ index 3effbafb..4d4c34da 100644
/**
diff --git a/daemon/worker.c b/daemon/worker.c
index eb7fdf2f..1982228d 100644
index 23e3244c..b63d49b7 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -76,6 +76,9 @@
@ -152,7 +152,7 @@ index eb7fdf2f..1982228d 100644
#include "sldns/wire2str.h"
#include "util/shm_side/shm_main.h"
#include "dnscrypt/dnscrypt.h"
@@ -534,8 +537,27 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
@@ -535,8 +538,27 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
/* not secure */
secure = 0;
break;
@ -180,7 +180,7 @@ index eb7fdf2f..1982228d 100644
/* return this delegation from the cache */
edns_bak = *edns;
edns->edns_version = EDNS_ADVERTISED_VERSION;
@@ -710,6 +732,23 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
@@ -711,6 +733,23 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
*is_secure_answer = 0;
}
} else *is_secure_answer = 0;
@ -204,7 +204,7 @@ index eb7fdf2f..1982228d 100644
edns_bak = *edns;
edns->edns_version = EDNS_ADVERTISED_VERSION;
@@ -1435,6 +1474,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
@@ -1436,6 +1475,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",
&repinfo->addr, repinfo->addrlen);
goto send_reply;
@ -220,7 +220,7 @@ index eb7fdf2f..1982228d 100644
}
/* If we've found a local alias, replace the qname with the alias
@@ -1485,12 +1533,21 @@ lookup_cache:
@@ -1486,12 +1534,21 @@ lookup_cache:
h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2));
if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) {
/* answer from cache - we have acquired a readlock on it */
@ -244,7 +244,7 @@ index eb7fdf2f..1982228d 100644
/* prefetch it if the prefetch TTL expired.
* Note that if there is more than one pass
* its qname must be that used for cache
@@ -1547,11 +1604,19 @@ lookup_cache:
@@ -1548,11 +1605,19 @@ lookup_cache:
lock_rw_unlock(&e->lock);
}
if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) {
@ -267,10 +267,10 @@ index eb7fdf2f..1982228d 100644
}
verbose(VERB_ALGO, "answer norec from cache -- "
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index 38c2d298..3b07f392 100644
index cd43f04e..b92a1af8 100644
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -1828,6 +1828,81 @@ List domain for which the AAAA records are ignored and the A record is
@@ -1878,6 +1878,81 @@ List domain for which the AAAA records are ignored and the A record is
used by dns64 processing instead. Can be entered multiple times, list a
new domain for which it applies, one per line. Applies also to names
underneath the name given.
@ -2888,7 +2888,7 @@ index 00000000..21235355
+ fi
+])
diff --git a/iterator/iterator.c b/iterator/iterator.c
index 1e0113a8..2fcbf547 100644
index 23b07ea9..c3d31a33 100644
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -68,6 +68,9 @@
@ -2901,7 +2901,7 @@ index 1e0113a8..2fcbf547 100644
/* in msec */
int UNKNOWN_SERVER_NICENESS = 376;
@@ -555,6 +558,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
@@ -563,6 +566,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME &&
query_dname_compare(*mname, r->rk.dname) == 0 &&
!iter_find_rrset_in_prepend_answer(iq, r)) {
@ -2925,7 +2925,7 @@ index 1e0113a8..2fcbf547 100644
/* Add this relevant CNAME rrset to the prepend list.*/
if(!iter_add_prepend_answer(qstate, iq, r))
return 0;
@@ -563,6 +583,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
@@ -571,6 +591,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
/* Other rrsets in the section are ignored. */
}
@ -2935,7 +2935,7 @@ index 1e0113a8..2fcbf547 100644
/* add authority rrsets to authority prepend, for wildcarded CNAMEs */
for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets +
msg->rep->ns_numrrsets; i++) {
@@ -1199,6 +1222,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
@@ -1231,6 +1254,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
uint8_t* delname;
size_t delnamelen;
struct dns_msg* msg = NULL;
@ -2943,7 +2943,7 @@ index 1e0113a8..2fcbf547 100644
log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo);
/* check effort */
@@ -1285,8 +1309,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
@@ -1317,8 +1341,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
}
if(msg) {
/* handle positive cache response */
@ -2953,7 +2953,7 @@ index 1e0113a8..2fcbf547 100644
if(verbosity >= VERB_ALGO) {
log_dns_msg("msg from cache lookup", &msg->qinfo,
msg->rep);
@@ -1294,7 +1317,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
@@ -1326,7 +1349,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
(int)msg->rep->ttl,
(int)msg->rep->prefetch_ttl);
}
@ -2976,7 +2976,7 @@ index 1e0113a8..2fcbf547 100644
if(type == RESPONSE_TYPE_CNAME) {
uint8_t* sname = 0;
size_t slen = 0;
@@ -2718,6 +2756,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
@@ -2801,6 +2839,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
sock_list_insert(&qstate->reply_origin,
&qstate->reply->addr, qstate->reply->addrlen,
qstate->region);
@ -3039,7 +3039,7 @@ index 1e0113a8..2fcbf547 100644
if(iq->minimisation_state != DONOT_MINIMISE_STATE
&& !(iq->chase_flags & BIT_RD)) {
if(FLAGS_GET_RCODE(iq->response->rep->flags) !=
@@ -3471,12 +3565,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
@@ -3563,12 +3657,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
* but only if we did recursion. The nonrecursion referral
* from cache does not need to be stored in the msg cache. */
if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) {
@ -3085,10 +3085,10 @@ index 1e0113a8..2fcbf547 100644
qstate->return_msg = iq->response;
return 0;
diff --git a/iterator/iterator.h b/iterator/iterator.h
index a2f1b570..e1e4a738 100644
index 342ac207..49b0ecdd 100644
--- a/iterator/iterator.h
+++ b/iterator/iterator.h
@@ -386,6 +386,16 @@ struct iter_qstate {
@@ -396,6 +396,16 @@ struct iter_qstate {
*/
int minimise_count;
@ -3104,12 +3104,12 @@ index a2f1b570..e1e4a738 100644
+
/**
* Count number of time-outs. Used to prevent resolving failures when
* the QNAME minimisation QTYPE is blocked. */
* the QNAME minimisation QTYPE is blocked. Used to determine if
diff --git a/services/cache/dns.c b/services/cache/dns.c
index 2a5bca4a..6de8863a 100644
index 7b6e142c..6d7449f5 100644
--- a/services/cache/dns.c
+++ b/services/cache/dns.c
@@ -967,6 +967,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
@@ -969,6 +969,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
struct regional* region, uint32_t flags)
{
struct reply_info* rep = NULL;
@ -3125,7 +3125,7 @@ index 2a5bca4a..6de8863a 100644
rep = reply_info_copy(msgrep, env->alloc, NULL);
if(!rep)
diff --git a/services/mesh.c b/services/mesh.c
index 9114ef4c..3dc518e5 100644
index 4b0c5db4..eb9cfa5b 100644
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -61,6 +61,9 @@
@ -3138,7 +3138,7 @@ index 9114ef4c..3dc518e5 100644
#include "respip/respip.h"
#include "services/listen_dnsport.h"
@@ -1195,6 +1198,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
@@ -1207,6 +1210,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
else secure = 0;
if(!rep && rcode == LDNS_RCODE_NOERROR)
rcode = LDNS_RCODE_SERVFAIL;
@ -3152,7 +3152,7 @@ index 9114ef4c..3dc518e5 100644
/* send the reply */
/* We don't reuse the encoded answer if either the previous or current
* response has a local alias. We could compare the alias records
@@ -1415,6 +1425,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh,
@@ -1434,6 +1444,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh,
key.s.is_valrec = valrec;
key.s.qinfo = *qinfo;
key.s.query_flags = qflags;
@ -3160,7 +3160,7 @@ index 9114ef4c..3dc518e5 100644
/* We are searching for a similar mesh state when we DO want to
* aggregate the state. Thus unique is set to NULL. (default when we
* desire aggregation).*/
@@ -1461,6 +1472,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns,
@@ -1480,6 +1491,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns,
if(!r)
return 0;
r->query_reply = *rep;
@ -3172,11 +3172,11 @@ index 9114ef4c..3dc518e5 100644
if(edns->opt_list) {
r->edns.opt_list = edns_opt_copy_region(edns->opt_list,
diff --git a/util/config_file.c b/util/config_file.c
index 52ca5a18..0660248f 100644
index 0e9ee471..a5fd72e0 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -1460,6 +1460,8 @@ config_delete(struct config_file* cfg)
free(cfg->dnstap_socket_path);
@@ -1495,6 +1495,8 @@ config_delete(struct config_file* cfg)
free(cfg->dnstap_tls_client_cert_file);
free(cfg->dnstap_identity);
free(cfg->dnstap_version);
+ if (cfg->rpz_cstr)
@ -3185,10 +3185,10 @@ index 52ca5a18..0660248f 100644
config_deldblstrlist(cfg->ratelimit_below_domain);
config_delstrlist(cfg->python_script);
diff --git a/util/config_file.h b/util/config_file.h
index 8739ca2a..a2dcf215 100644
index 66e5025d..504f4f92 100644
--- a/util/config_file.h
+++ b/util/config_file.h
@@ -499,6 +499,11 @@ struct config_file {
@@ -522,6 +522,11 @@ struct config_file {
/** true to disable DNSSEC lameness check in iterator */
int disable_dnssec_lame_check;
@ -3201,10 +3201,10 @@ index 8739ca2a..a2dcf215 100644
int ip_ratelimit;
/** number of slabs for ip_ratelimit cache */
diff --git a/util/configlexer.lex b/util/configlexer.lex
index deedffa5..301458a3 100644
index 83cea4b9..9a7feea4 100644
--- a/util/configlexer.lex
+++ b/util/configlexer.lex
@@ -446,6 +446,10 @@ dnstap-log-forwarder-query-messages{COLON} {
@@ -467,6 +467,10 @@ dnstap-log-forwarder-query-messages{COLON} {
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) }
dnstap-log-forwarder-response-messages{COLON} {
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) }
@ -3216,18 +3216,18 @@ index deedffa5..301458a3 100644
ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) }
ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) }
diff --git a/util/configparser.y b/util/configparser.y
index d471babe..cb6b1d63 100644
index fe600a99..ce43390f 100644
--- a/util/configparser.y
+++ b/util/configparser.y
@@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser;
@@ -128,6 +128,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
%token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
%token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
+%token VAR_RPZ VAR_RPZ_ENABLE VAR_RPZ_ZONE VAR_RPZ_OPTION
%token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
%token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
%token VAR_DISABLE_DNSSEC_LAME_CHECK
@@ -173,7 +174,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_IP_DSCP
@@ -179,7 +180,7 @@ extern struct config_parser_state* cfg_parser;
%%
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@ -3236,7 +3236,7 @@ index d471babe..cb6b1d63 100644
forwardstart contents_forward | pythonstart contents_py |
rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
dnscstart contents_dnsc | cachedbstart contents_cachedb |
@@ -2837,6 +2838,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES
@@ -2939,6 +2940,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES
free($2);
}
;
@ -3384,7 +3384,7 @@ index 729877ba..ccd1a0c2 100644
/**
diff --git a/util/netevent.c b/util/netevent.c
index 9fe5da2d..037e70d1 100644
index 3e7a433e..f20d806f 100644
--- a/util/netevent.c
+++ b/util/netevent.c
@@ -57,6 +57,9 @@
@ -3397,7 +3397,7 @@ index 9fe5da2d..037e70d1 100644
/* -------- Start of local definitions -------- */
/** if CMSG_ALIGN is not defined on this platform, a workaround */
@@ -590,6 +593,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg)
@@ -596,6 +599,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg)
struct cmsghdr* cmsg;
#endif /* S_SPLINT_S */
@ -3407,7 +3407,7 @@ index 9fe5da2d..037e70d1 100644
rep.c = (struct comm_point*)arg;
log_assert(rep.c->type == comm_udp);
@@ -679,6 +685,9 @@ comm_point_udp_callback(int fd, short event, void* arg)
@@ -685,6 +691,9 @@ comm_point_udp_callback(int fd, short event, void* arg)
int i;
struct sldns_buffer *buffer;
@ -3417,7 +3417,7 @@ index 9fe5da2d..037e70d1 100644
rep.c = (struct comm_point*)arg;
log_assert(rep.c->type == comm_udp);
@@ -722,6 +731,9 @@ comm_point_udp_callback(int fd, short event, void* arg)
@@ -728,6 +737,9 @@ comm_point_udp_callback(int fd, short event, void* arg)
(void)comm_point_send_udp_msg(rep.c, buffer,
(struct sockaddr*)&rep.addr, rep.addrlen);
}
@ -3427,7 +3427,7 @@ index 9fe5da2d..037e70d1 100644
if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for
another UDP port. Note rep.c cannot be reused with TCP fd. */
break;
@@ -3192,6 +3204,9 @@ comm_point_send_reply(struct comm_reply *repinfo)
@@ -3175,6 +3187,9 @@ comm_point_send_reply(struct comm_reply *repinfo)
repinfo->c->tcp_timeout_msec);
}
}
@ -3437,7 +3437,7 @@ index 9fe5da2d..037e70d1 100644
}
void
@@ -3201,6 +3216,9 @@ comm_point_drop_reply(struct comm_reply* repinfo)
@@ -3184,6 +3199,9 @@ comm_point_drop_reply(struct comm_reply* repinfo)
return;
log_assert(repinfo->c);
log_assert(repinfo->c->type != comm_tcp_accept);
@ -3447,7 +3447,7 @@ index 9fe5da2d..037e70d1 100644
if(repinfo->c->type == comm_udp)
return;
if(repinfo->c->tcp_req_info)
@@ -3222,6 +3240,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec)
@@ -3205,6 +3223,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec)
{
verbose(VERB_ALGO, "comm point start listening %d (%d msec)",
c->fd==-1?newfd:c->fd, msec);
@ -3458,7 +3458,7 @@ index 9fe5da2d..037e70d1 100644
/* no use to start listening no free slots. */
return;
diff --git a/util/netevent.h b/util/netevent.h
index d80c72b3..0233292f 100644
index bb2cd1e5..666067e8 100644
--- a/util/netevent.h
+++ b/util/netevent.h
@@ -120,6 +120,10 @@ struct comm_reply {

6
contrib/unbound.service.in
View file

@ -42,9 +42,9 @@
[Unit]
Description=Validating, recursive, and caching DNS resolver
Documentation=man:unbound(8)
After=network.target
Before=network-online.target nss-lookup.target
Wants=nss-lookup.target
After=network-online.target
Before=nss-lookup.target
Wants=network-online.target nss-lookup.target
[Install]
WantedBy=multi-user.target

4
contrib/unbound_munin_
View file

@ -174,11 +174,11 @@ get_state ( ) {
if test "$1" = "autoconf" ; then
if test ! -f $conf; then
echo no "($conf does not exist)"
exit 1
exit 0
fi
if test ! -d `dirname $state`; then
echo no "(`dirname $state` directory does not exist)"
exit 1
exit 0
fi
echo yes
exit 0

2
daemon/acl_list.c
View file

@ -273,7 +273,7 @@ check_data(const char* data, const struct config_strlist* head)
if(res == 0)
return 1;
log_err("rr data [char %d] parse error %s",
(int)LDNS_WIREPARSE_OFFSET(res)-13,
(int)LDNS_WIREPARSE_OFFSET(res)-2,
sldns_get_errorstr_parse(res));
return 0;
}

26
daemon/daemon.c
View file

@ -77,6 +77,7 @@
#include "util/storage/lookup3.h"
#include "util/storage/slabhash.h"
#include "util/tcp_conn_limit.h"
#include "util/edns.h"
#include "services/listen_dnsport.h"
#include "services/cache/rrset.h"
#include "services/cache/infra.h"
@ -290,6 +291,15 @@ daemon_init(void)
free(daemon);
return NULL;
}
if(!(daemon->env->edns_tags = edns_tags_create())) {
auth_zones_delete(daemon->env->auth_zones);
acl_list_delete(daemon->acl);
tcl_list_delete(daemon->tcl);
edns_known_options_delete(daemon->env);
free(daemon->env);
free(daemon);
return NULL;
}
return daemon;
}
@ -298,6 +308,8 @@ daemon_open_shared_ports(struct daemon* daemon)
{
log_assert(daemon);
if(daemon->cfg->port != daemon->listening_port) {
char** resif = NULL;
int num_resif = 0;
size_t i;
struct listen_port* p0;
daemon->reuseport = 0;
@ -308,15 +320,18 @@ daemon_open_shared_ports(struct daemon* daemon)
free(daemon->ports);
daemon->ports = NULL;
}
if(!resolve_interface_names(daemon->cfg, &resif, &num_resif))
return 0;
/* see if we want to reuseport */
#ifdef SO_REUSEPORT
if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0)
daemon->reuseport = 1;
#endif
/* try to use reuseport */
p0 = listening_ports_open(daemon->cfg, &daemon->reuseport);
p0 = listening_ports_open(daemon->cfg, resif, num_resif, &daemon->reuseport);
if(!p0) {
listening_ports_free(p0);
config_del_strarray(resif, num_resif);
return 0;
}
if(daemon->reuseport) {
@ -330,6 +345,7 @@ daemon_open_shared_ports(struct daemon* daemon)
if(!(daemon->ports = (struct listen_port**)calloc(
daemon->num_ports, sizeof(*daemon->ports)))) {
listening_ports_free(p0);
config_del_strarray(resif, num_resif);
return 0;
}
daemon->ports[0] = p0;
@ -338,16 +354,19 @@ daemon_open_shared_ports(struct daemon* daemon)
for(i=1; i<daemon->num_ports; i++) {
if(!(daemon->ports[i]=
listening_ports_open(daemon->cfg,
resif, num_resif,
&daemon->reuseport))
|| !daemon->reuseport ) {
for(i=0; i<daemon->num_ports; i++)
listening_ports_free(daemon->ports[i]);
free(daemon->ports);
daemon->ports = NULL;
config_del_strarray(resif, num_resif);
return 0;
}
}
}
config_del_strarray(resif, num_resif);
daemon->listening_port = daemon->cfg->port;
}
if(!daemon->cfg->remote_control_enable && daemon->rc_port) {
@ -619,6 +638,10 @@ daemon_fork(struct daemon* daemon)
&daemon->use_rpz))
fatal_exit("auth_zones could not be setup");
/* Set-up EDNS tags */
if(!edns_tags_apply_cfg(daemon->env->edns_tags, daemon->cfg))
fatal_exit("Could not set up EDNS tags");
/* setup modules */
daemon_setup_modules(daemon);
@ -750,6 +773,7 @@ daemon_delete(struct daemon* daemon)
rrset_cache_delete(daemon->env->rrset_cache);
infra_delete(daemon->env->infra_cache);
edns_known_options_delete(daemon->env);
edns_tags_delete(daemon->env->edns_tags);
auth_zones_delete(daemon->env->auth_zones);
}
ub_randfree(daemon->rand);

32
daemon/remote.c
View file

@ -349,11 +349,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
/* alloc */
n = (struct listen_port*)calloc(1, sizeof(*n));
if(!n) {
#ifndef USE_WINSOCK
close(fd);
#else
closesocket(fd);
#endif
sock_close(fd);
log_err("out of memory");
return 0;
}
@ -462,11 +458,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err,
if(rc->active >= rc->max_active) {
log_warn("drop incoming remote control: too many connections");
close_exit:
#ifndef USE_WINSOCK
close(newfd);
#else
closesocket(newfd);
#endif
sock_close(newfd);
return 0;
}
@ -575,11 +567,8 @@ ssl_print_text(RES* res, const char* text)
if(r == -1) {
if(errno == EAGAIN || errno == EINTR)
continue;
#ifndef USE_WINSOCK
log_err("could not send: %s", strerror(errno));
#else
log_err("could not send: %s", wsa_strerror(WSAGetLastError()));
#endif
log_err("could not send: %s",
sock_strerror(errno));
return 0;
}
at += r;
@ -636,11 +625,8 @@ ssl_read_line(RES* res, char* buf, size_t max)
}
if(errno == EINTR || errno == EAGAIN)
continue;
#ifndef USE_WINSOCK
log_err("could not recv: %s", strerror(errno));
#else
log_err("could not recv: %s", wsa_strerror(WSAGetLastError()));
#endif
log_err("could not recv: %s",
sock_strerror(errno));
return 0;
}
break;
@ -3125,11 +3111,7 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res)
if(rr == 0) return;
if(errno == EINTR || errno == EAGAIN)
continue;
#ifndef USE_WINSOCK
log_err("could not recv: %s", strerror(errno));
#else
log_err("could not recv: %s", wsa_strerror(WSAGetLastError()));
#endif
log_err("could not recv: %s", sock_strerror(errno));
return;
}
r = (int)rr;

1
daemon/stats.c
View file

@ -271,6 +271,7 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
s->svr.ans_secure += (long long)worker->env.mesh->ans_secure;
s->svr.ans_bogus += (long long)worker->env.mesh->ans_bogus;
s->svr.ans_rcode_nodata += (long long)worker->env.mesh->ans_nodata;
s->svr.ans_expired += (long long)worker->env.mesh->ans_expired;
for(i=0; i<UB_STATS_RCODE_NUM; i++)
s->svr.ans_rcode[i] += (long long)worker->env.mesh->ans_rcode[i];
for(i=0; i<UB_STATS_RPZ_ACTION_NUM; i++)

4
daemon/unbound.c
View file

@ -92,7 +92,7 @@
#include <TargetConditionals.h>
#endif
#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH)
#if (defined(TARGET_OS_TV) && TARGET_OS_TV) || (defined(TARGET_OS_WATCH) && TARGET_OS_WATCH)
#undef HAVE_FORK
#endif
@ -534,6 +534,8 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0)
log_warn("unable to setusercontext %s: %s",
cfg->username, strerror(errno));
#else
(void)pwd;
#endif /* HAVE_SETUSERCONTEXT */
}
#endif /* HAVE_GETPWNAM */

11
daemon/worker.c
View file

@ -1219,7 +1219,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
LDNS_QR_SET(sldns_buffer_begin(c->buffer));
LDNS_RCODE_SET(sldns_buffer_begin(c->buffer),
LDNS_RCODE_FORMERR);
server_stats_insrcode(&worker->stats, c->buffer);
goto send_reply;
}
if(worker->env.cfg->log_queries) {
@ -1237,7 +1236,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
LDNS_RCODE_REFUSED);
if(worker->stats.extended) {
worker->stats.qtype[qinfo.qtype]++;
server_stats_insrcode(&worker->stats, c->buffer);
}
goto send_reply;
}
@ -1259,7 +1257,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
LDNS_RCODE_FORMERR);
if(worker->stats.extended) {
worker->stats.qtype[qinfo.qtype]++;
server_stats_insrcode(&worker->stats, c->buffer);
}
goto send_reply;
}
@ -1275,7 +1272,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
sldns_buffer_read_u16_at(c->buffer, 2), &reply_edns);
regional_free_all(worker->scratchpad);
server_stats_insrcode(&worker->stats, c->buffer);
goto send_reply;
}
if(edns.edns_present) {
@ -1354,7 +1350,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
edns.udp_size = 65535; /* max size for TCP replies */
if(qinfo.qclass == LDNS_RR_CLASS_CH && answer_chaos(worker, &qinfo,
&edns, repinfo, c->buffer)) {
server_stats_insrcode(&worker->stats, c->buffer);
regional_free_all(worker->scratchpad);
goto send_reply;
}
@ -1375,7 +1370,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
comm_point_drop_reply(repinfo);
return 0;
}
server_stats_insrcode(&worker->stats, c->buffer);
goto send_reply;
}
if(worker->env.auth_zones &&
@ -1387,7 +1381,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
comm_point_drop_reply(repinfo);
return 0;
}
server_stats_insrcode(&worker->stats, c->buffer);
goto send_reply;
}
if(worker->env.auth_zones &&
@ -1403,7 +1396,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
if(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer)) &&
acl != acl_deny_non_local && acl != acl_refuse_non_local)
LDNS_RA_SET(sldns_buffer_begin(c->buffer));
server_stats_insrcode(&worker->stats, c->buffer);
goto send_reply;
}
@ -1432,7 +1424,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
sldns_buffer_read_u16_at(c->buffer, 2), NULL);
regional_free_all(worker->scratchpad);
server_stats_insrcode(&worker->stats, c->buffer);
log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",
&repinfo->addr, repinfo->addrlen);
goto send_reply;
@ -1588,9 +1579,9 @@ send_reply_rc:
if(is_expired_answer) {
worker->stats.ans_expired++;
}
server_stats_insrcode(&worker->stats, c->buffer);
if(worker->stats.extended) {
if(is_secure_answer) worker->stats.ans_secure++;
server_stats_insrcode(&worker->stats, repinfo->c->buffer);
}
#ifdef USE_DNSTAP
if(worker->dtenv.log_client_response_messages)

10
dnstap/dnstap.c
View file

@ -134,9 +134,15 @@ dt_create(struct config_file* cfg)
if(cfg->dnstap && cfg->dnstap_socket_path && cfg->dnstap_socket_path[0] &&
(cfg->dnstap_ip==NULL || cfg->dnstap_ip[0]==0)) {
char* p = fname_after_chroot(cfg->dnstap_socket_path, cfg, 1);
if(!p) {
log_err("malloc failure");
return NULL;
}
verbose(VERB_OPS, "attempting to connect to dnstap socket %s",
cfg->dnstap_socket_path);
check_socket_file(cfg->dnstap_socket_path);
p);
check_socket_file(p);
free(p);
}
env = (struct dt_env *) calloc(1, sizeof(struct dt_env));

28
dnstap/dnstap_fstrm.c
View file

@ -92,6 +92,34 @@ void* fstrm_create_control_frame_stop(size_t* len)
return control;
}
void* fstrm_create_control_frame_ready(char* contenttype, size_t* len)
{
uint32_t* control;
size_t n;
/* start bidirectional stream:
* 4 bytes 0 escape
* 4 bytes bigendian length of frame
* 4 bytes bigendian type READY
* 4 bytes bigendian frame option content type
* 4 bytes bigendian length of string
* string of content type.
*/
/* len includes the escape and framelength */
n = 4+4+4+4+4+strlen(contenttype);
control = malloc(n);
if(!control) {
return NULL;
}
control[0] = 0;
control[1] = htonl(4+4+4+strlen(contenttype));
control[2] = htonl(FSTRM_CONTROL_FRAME_READY);
control[3] = htonl(FSTRM_CONTROL_FIELD_TYPE_CONTENT_TYPE);
control[4] = htonl(strlen(contenttype));
memmove(&control[5], contenttype, strlen(contenttype));
*len = n;
return control;
}
void* fstrm_create_control_frame_accept(char* contenttype, size_t* len)
{
uint32_t* control;

15
dnstap/dnstap_fstrm.h
View file

@ -127,6 +127,21 @@
*/
void* fstrm_create_control_frame_start(char* contenttype, size_t* len);
/**
* This creates an FSTRM control frame of type READY.
* @param contenttype: a zero delimited string with the content type.
* eg. use the constant DNSTAP_CONTENT_TYPE, which is defined as
* "protobuf:dnstap.Dnstap", for a dnstap frame stream.
* @param len: if a buffer is returned this is the length of that buffer.
* @return NULL on malloc failure. Returns a malloced buffer with the
* protocol message. The buffer starts with the 4 bytes of 0 that indicate
* a control frame. The buffer should be sent without preceding it with
* the 'len' variable (like data frames are), but straight the content of the
* buffer, because the lengths are included in the buffer. This is so that
* the zero control indicator can be included before the control frame length.
*/
void* fstrm_create_control_frame_ready(char* contenttype, size_t* len);
/**
* This creates an FSTRM control frame of type STOP.
* @param len: if a buffer is returned this is the length of that buffer.

435
dnstap/dtstream.c
View file

@ -48,6 +48,7 @@
#include "util/ub_event.h"
#include "util/net_help.h"
#include "services/outside_network.h"
#include "sldns/sbuffer.h"
#ifdef HAVE_SYS_UN_H
#include <sys/un.h>
#endif
@ -68,6 +69,9 @@
/** the msec to wait for reconnect slow, to stop busy spinning on reconnect */
#define DTIO_RECONNECT_TIMEOUT_SLOW 1000
/** maximum length of received frame */
#define DTIO_RECV_FRAME_MAX_LEN 1000
struct stop_flush_info;
/** DTIO command channel commands */
enum {
@ -85,9 +89,13 @@ static int dtio_add_output_event_write(struct dt_io_thread* dtio);
static void dtio_reconnect_enable(struct dt_io_thread* dtio);
/** stop from stop_flush event loop */
static void dtio_stop_flush_exit(struct stop_flush_info* info);
/** setup a start control message */
static int dtio_control_start_send(struct dt_io_thread* dtio);
#ifdef HAVE_SSL
/** enable briefly waiting for a read event, for SSL negotiation */
static int dtio_enable_brief_read(struct dt_io_thread* dtio);
/** enable briefly waiting for a write event, for SSL negotiation */
static int dtio_enable_brief_write(struct dt_io_thread* dtio);
#endif
struct dt_msg_queue*
@ -141,15 +149,14 @@ static void dtio_wakeup(struct dt_io_thread* dtio)
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
continue;
log_err("dnstap io wakeup: write: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEINPROGRESS)
continue;
if(WSAGetLastError() == WSAEWOULDBLOCK)
continue;
log_err("dnstap io stop: write: %s",
wsa_strerror(WSAGetLastError()));
#endif
log_err("dnstap io wakeup: write: %s",
sock_strerror(errno));
break;
}
break;
@ -261,6 +268,7 @@ int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, struct config_file *cfg)
} else {
dtio->upstream_is_unix = 1;
}
dtio->is_bidirectional = cfg->dnstap_bidirectional;
if(dtio->upstream_is_unix) {
if(!cfg->dnstap_socket_path ||
@ -270,7 +278,8 @@ int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, struct config_file *cfg)
return 0;
}
free(dtio->socket_path);
dtio->socket_path = strdup(cfg->dnstap_socket_path);
dtio->socket_path = fname_after_chroot(cfg->dnstap_socket_path,
cfg, 1);
if(!dtio->socket_path) {
log_err("dnstap setup: malloc failure");
return 0;
@ -551,6 +560,20 @@ static void dtio_cur_msg_free(struct dt_io_thread* dtio)
dtio->cur_msg_len_done = 0;
}
/** delete the buffer and counters used to read frame */
static void dtio_read_frame_free(struct dt_frame_read_buf* rb)
{
if(rb->buf) {
free(rb->buf);
rb->buf = NULL;
}
rb->buf_count = 0;
rb->buf_cap = 0;
rb->frame_len = 0;
rb->frame_len_done = 0;
rb->control_frame = 0;
}
/** del the output file descriptor event for listening */
static void dtio_del_output_event(struct dt_io_thread* dtio)
{
@ -564,11 +587,7 @@ static void dtio_del_output_event(struct dt_io_thread* dtio)
/** close dtio socket and set it to -1 */
static void dtio_close_fd(struct dt_io_thread* dtio)
{
#ifndef USE_WINSOCK
close(dtio->fd);
#else
closesocket(dtio->fd);
#endif
sock_close(dtio->fd);
dtio->fd = -1;
}
@ -594,6 +613,11 @@ static void dtio_close_output(struct dt_io_thread* dtio)
if(dtio->cur_msg) {
dtio_cur_msg_free(dtio);
}
dtio->ready_frame_sent = 0;
dtio->accept_frame_received = 0;
dtio_read_frame_free(&dtio->read_frame);
dtio_reconnect_enable(dtio);
}
@ -631,13 +655,8 @@ static int dtio_check_nb_connect(struct dt_io_thread* dtio)
char* to = dtio->socket_path;
if(!to) to = dtio->ip_str;
if(!to) to = "";
#ifndef USE_WINSOCK
log_err("dnstap io: failed to connect to \"%s\": %s",
to, strerror(error));
#else
log_err("dnstap io: failed to connect to \"%s\": %s",
to, wsa_strerror(error));
#endif
to, sock_strerror(error));
return -1; /* error, close it */
}
@ -714,7 +733,6 @@ static int dtio_write_buf(struct dt_io_thread* dtio, uint8_t* buf,
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
return 0;
log_err("dnstap io: failed send: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEINPROGRESS)
return 0;
@ -724,9 +742,8 @@ static int dtio_write_buf(struct dt_io_thread* dtio, uint8_t* buf,
UB_EV_WRITE);
return 0;
}
log_err("dnstap io: failed send: %s",
wsa_strerror(WSAGetLastError()));
#endif
log_err("dnstap io: failed send: %s", sock_strerror(errno));
return -1;
}
return ret;
@ -750,7 +767,6 @@ static int dtio_write_with_writev(struct dt_io_thread* dtio)
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
return 0;
log_err("dnstap io: failed writev: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEINPROGRESS)
return 0;
@ -760,9 +776,8 @@ static int dtio_write_with_writev(struct dt_io_thread* dtio)
UB_EV_WRITE);
return 0;
}
log_err("dnstap io: failed writev: %s",
wsa_strerror(WSAGetLastError()));
#endif
log_err("dnstap io: failed writev: %s", sock_strerror(errno));
/* close the channel */
dtio_del_output_event(dtio);
dtio_close_output(dtio);
@ -855,6 +870,94 @@ static int dtio_write_more(struct dt_io_thread* dtio)
return 1;
}
/** Receive bytes from dtio->fd, store in buffer. Returns 0: closed,
* -1: continue, >0: number of bytes read into buffer */
static ssize_t receive_bytes(struct dt_io_thread* dtio, void* buf, size_t len) {
ssize_t r;
r = recv(dtio->fd, (void*)buf, len, 0);
if(r == -1) {
char* to = dtio->socket_path;
if(!to) to = dtio->ip_str;
if(!to) to = "";
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
return -1; /* try later */
#else
if(WSAGetLastError() == WSAEINPROGRESS) {
return -1; /* try later */
} else if(WSAGetLastError() == WSAEWOULDBLOCK) {
ub_winsock_tcp_wouldblock(
(dtio->stop_flush_event?
dtio->stop_flush_event:dtio->event),
UB_EV_READ);
return -1; /* try later */
}
#endif
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN &&
verbosity < 4)
return 0; /* no log retries on low verbosity */
log_err("dnstap io: output closed, recv %s: %s", to,
strerror(errno));
/* and close below */
return 0;
}
if(r == 0) {
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN &&
verbosity < 4)
return 0; /* no log retries on low verbosity */
verbose(VERB_DETAIL, "dnstap io: output closed by the other side");
/* and close below */
return 0;
}
/* something was received */
return r;
}
#ifdef HAVE_SSL
/** Receive bytes over TLS from dtio->fd, store in buffer. Returns 0: closed,
* -1: continue, >0: number of bytes read into buffer */
static int ssl_read_bytes(struct dt_io_thread* dtio, void* buf, size_t len)
{
int r;
ERR_clear_error();
r = SSL_read(dtio->ssl, buf, len);
if(r <= 0) {
int want = SSL_get_error(dtio->ssl, r);
if(want == SSL_ERROR_ZERO_RETURN) {
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN &&
verbosity < 4)
return 0; /* no log retries on low verbosity */
verbose(VERB_DETAIL, "dnstap io: output closed by the "
"other side");
return 0;
} else if(want == SSL_ERROR_WANT_READ) {
/* continue later */
return -1;
} else if(want == SSL_ERROR_WANT_WRITE) {
(void)dtio_enable_brief_write(dtio);
return -1;
} else if(want == SSL_ERROR_SYSCALL) {
#ifdef ECONNRESET
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN &&
errno == ECONNRESET && verbosity < 4)
return 0; /* silence reset by peer */
#endif
if(errno != 0)
log_err("SSL_read syscall: %s",
strerror(errno));
verbose(VERB_DETAIL, "dnstap io: output closed by the "
"other side");
return 0;
}
log_crypto_err("could not SSL_read");
verbose(VERB_DETAIL, "dnstap io: output closed by the "
"other side");
return 0;
}
return r;
}
#endif /* HAVE_SSL */
/** check if the output fd has been closed,
* it returns false if the stream is closed. */
static int dtio_check_close(struct dt_io_thread* dtio)
@ -864,44 +967,17 @@ static int dtio_check_close(struct dt_io_thread* dtio)
* packets is okay for the framestream protocol. And also, the
* read call can return that the stream has been closed by the
* other side. */
ssize_t r;
uint8_t buf[1024];
int r = -1;
if(dtio->fd == -1) return 0;
while(1) {
r = recv(dtio->fd, (void*)buf, sizeof(buf), 0);
if(r == -1) {
char* to = dtio->socket_path;
if(!to) to = dtio->ip_str;
if(!to) to = "";
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
return 1; /* try later */
#else
if(WSAGetLastError() == WSAEINPROGRESS) {
return 1; /* try later */
} else if(WSAGetLastError() == WSAEWOULDBLOCK) {
ub_winsock_tcp_wouldblock(
(dtio->stop_flush_event?
dtio->stop_flush_event:dtio->event),
UB_EV_READ);
return 1; /* try later */
}
#endif
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && verbosity < 4)
break; /* no log retries on low verbosity */
log_err("dnstap io: output closed, recv %s: %s", to,
strerror(errno));
/* and close below */
break;
}
if(r == 0) {
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && verbosity < 4)
break; /* no log retries on low verbosity */
verbose(VERB_DETAIL, "dnstap io: output closed by the other side");
/* and close below */
break;
}
/* something was received, ignore it */
while(r != 0) {
/* not interested in buffer content, overwrite */
r = receive_bytes(dtio, (void*)buf, sizeof(buf));
if(r == -1)
return 1;
}
/* the other end has been closed */
/* close the channel */
@ -910,6 +986,143 @@ static int dtio_check_close(struct dt_io_thread* dtio)
return 0;
}
/** Read accept frame. Returns -1: continue reading, 0: closed,
* 1: valid accept received. */
static int dtio_read_accept_frame(struct dt_io_thread* dtio)
{
int r;
size_t read_frame_done;
while(dtio->read_frame.frame_len_done < 4) {
#ifdef HAVE_SSL
if(dtio->ssl) {
r = ssl_read_bytes(dtio,
(uint8_t*)&dtio->read_frame.frame_len+
dtio->read_frame.frame_len_done,
4-dtio->read_frame.frame_len_done);
} else {
#endif
r = receive_bytes(dtio,
(uint8_t*)&dtio->read_frame.frame_len+
dtio->read_frame.frame_len_done,
4-dtio->read_frame.frame_len_done);
#ifdef HAVE_SSL
}
#endif
if(r == -1)
return -1; /* continue reading */
if(r == 0) {
/* connection closed */
goto close_connection;
}
dtio->read_frame.frame_len_done += r;
if(dtio->read_frame.frame_len_done < 4)
return -1; /* continue reading */
if(dtio->read_frame.frame_len == 0) {
dtio->read_frame.frame_len_done = 0;
dtio->read_frame.control_frame = 1;
continue;
}
dtio->read_frame.frame_len = ntohl(dtio->read_frame.frame_len);
if(dtio->read_frame.frame_len > DTIO_RECV_FRAME_MAX_LEN) {
verbose(VERB_OPS, "dnstap: received frame exceeds max "
"length of %d bytes, closing connection",
DTIO_RECV_FRAME_MAX_LEN);
goto close_connection;
}
dtio->read_frame.buf = calloc(1, dtio->read_frame.frame_len);
dtio->read_frame.buf_cap = dtio->read_frame.frame_len;
if(!dtio->read_frame.buf) {
log_err("dnstap io: out of memory (creating read "
"buffer)");
goto close_connection;
}
}
if(dtio->read_frame.buf_count < dtio->read_frame.frame_len) {
#ifdef HAVE_SSL
if(dtio->ssl) {
r = ssl_read_bytes(dtio, dtio->read_frame.buf+
dtio->read_frame.buf_count,
dtio->read_frame.buf_cap-
dtio->read_frame.buf_count);
} else {
#endif
r = receive_bytes(dtio, dtio->read_frame.buf+
dtio->read_frame.buf_count,
dtio->read_frame.buf_cap-
dtio->read_frame.buf_count);
#ifdef HAVE_SSL
}
#endif
if(r == -1)
return -1; /* continue reading */
if(r == 0) {
/* connection closed */
goto close_connection;
}
dtio->read_frame.buf_count += r;
if(dtio->read_frame.buf_count < dtio->read_frame.frame_len)
return -1; /* continue reading */
}
/* Complete frame received, check if this is a valid ACCEPT control
* frame. */
if(dtio->read_frame.frame_len < 4) {
verbose(VERB_OPS, "dnstap: invalid data received");
goto close_connection;
}
if(sldns_read_uint32(dtio->read_frame.buf) !=
FSTRM_CONTROL_FRAME_ACCEPT) {
verbose(VERB_ALGO, "dnstap: invalid control type received, "
"ignored");
dtio->ready_frame_sent = 0;
dtio->accept_frame_received = 0;
dtio_read_frame_free(&dtio->read_frame);
return -1;
}
read_frame_done = 4; /* control frame type */
/* Iterate over control fields, ignore unknown types.
* Need to be able to read at least 8 bytes (control field type +
* length). */
while(read_frame_done+8 < dtio->read_frame.frame_len) {
uint32_t type = sldns_read_uint32(dtio->read_frame.buf +
read_frame_done);
uint32_t len = sldns_read_uint32(dtio->read_frame.buf +
read_frame_done + 4);
if(type == FSTRM_CONTROL_FIELD_TYPE_CONTENT_TYPE) {
if(len == strlen(DNSTAP_CONTENT_TYPE) &&
read_frame_done+8+len <=
dtio->read_frame.frame_len &&
memcmp(dtio->read_frame.buf + read_frame_done +
+ 8, DNSTAP_CONTENT_TYPE, len) == 0) {
if(!dtio_control_start_send(dtio)) {
verbose(VERB_OPS, "dnstap io: out of "
"memory while sending START frame");
goto close_connection;
}
dtio->accept_frame_received = 1;
return 1;
} else {
/* unknow content type */
verbose(VERB_ALGO, "dnstap: ACCEPT frame "
"contains unknown content type, "
"closing connection");
goto close_connection;
}
}
/* unknown option, try next */
read_frame_done += 8+len;
}
close_connection:
dtio_del_output_event(dtio);
dtio_reconnect_slow(dtio, DTIO_RECONNECT_TIMEOUT_SLOW);
dtio_close_output(dtio);
return 0;
}
/** add the output file descriptor event for listening, read only */
static int dtio_add_output_event_read(struct dt_io_thread* dtio)
{
@ -1002,6 +1215,24 @@ static int dtio_disable_brief_read(struct dt_io_thread* dtio)
}
#endif /* HAVE_SSL */
#ifdef HAVE_SSL
/** enable the brief write condition */
static int dtio_enable_brief_write(struct dt_io_thread* dtio)
{
dtio->ssl_brief_write = 1;
return dtio_add_output_event_write(dtio);
}
#endif /* HAVE_SSL */
#ifdef HAVE_SSL
/** disable the brief write condition */
static int dtio_disable_brief_write(struct dt_io_thread* dtio)
{
dtio->ssl_brief_write = 0;
return dtio_add_output_event_read(dtio);
}
#endif /* HAVE_SSL */
#ifdef HAVE_SSL
/** check peer verification after ssl handshake connection, false if closed*/
static int dtio_ssl_check_peer(struct dt_io_thread* dtio)
@ -1175,8 +1406,13 @@ void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg)
}
#endif
if((bits&UB_EV_READ)) {
if(!dtio_check_close(dtio))
if((bits&UB_EV_READ || dtio->ssl_brief_write)) {
if(dtio->ssl_brief_write)
(void)dtio_disable_brief_write(dtio);
if(dtio->ready_frame_sent && !dtio->accept_frame_received) {
if(dtio_read_accept_frame(dtio) <= 0)
return;
} else if(!dtio_check_close(dtio))
return;
}
@ -1208,6 +1444,15 @@ void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg)
/* done with the current message */
dtio_cur_msg_free(dtio);
/* If this is a bidirectional stream the first message will be
* the READY control frame. We can only continue writing after
* receiving an ACCEPT control frame. */
if(dtio->is_bidirectional && !dtio->ready_frame_sent) {
dtio->ready_frame_sent = 1;
(void)dtio_add_output_event_read(dtio);
break;
}
}
}
@ -1224,15 +1469,13 @@ void dtio_cmd_cb(int fd, short ATTR_UNUSED(bits), void* arg)
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
return; /* ignore this */
log_err("dnstap io: failed to read: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEINPROGRESS)
return;
if(WSAGetLastError() == WSAEWOULDBLOCK)
return;
log_err("dnstap io: failed to read: %s",
wsa_strerror(WSAGetLastError()));
#endif
log_err("dnstap io: failed to read: %s", sock_strerror(errno));
/* and then fall through to quit the thread */
} else if(r == 0) {
verbose(VERB_ALGO, "dnstap io: cmd channel closed");
@ -1240,6 +1483,13 @@ void dtio_cmd_cb(int fd, short ATTR_UNUSED(bits), void* arg)
verbose(VERB_ALGO, "dnstap io: cmd channel cmd quit");
} else if(r == 1 && cmd == DTIO_COMMAND_WAKEUP) {
verbose(VERB_ALGO, "dnstap io: cmd channel cmd wakeup");
if(dtio->is_bidirectional && !dtio->accept_frame_received) {
verbose(VERB_ALGO, "dnstap io: cmd wakeup ignored, "
"waiting for ACCEPT control frame");
return;
}
/* reregister event */
if(!dtio_add_output_event_write(dtio))
return;
@ -1561,6 +1811,25 @@ static int dtio_control_start_send(struct dt_io_thread* dtio)
return 1;
}
/** setup a ready control message */
static int dtio_control_ready_send(struct dt_io_thread* dtio)
{
log_assert(dtio->cur_msg == NULL && dtio->cur_msg_len == 0);
dtio->cur_msg = fstrm_create_control_frame_ready(DNSTAP_CONTENT_TYPE,
&dtio->cur_msg_len);
if(!dtio->cur_msg) {
return 0;
}
/* setup to send the control message */
/* set that the buffer needs to be sent, but the length
* of that buffer is already written, that way the buffer can
* start with 0 length and then the length of the control frame
* in it */
dtio->cur_msg_done = 0;
dtio->cur_msg_len_done = 4;
return 1;
}
/** open the output file descriptor for af_local */
static int dtio_open_output_local(struct dt_io_thread* dtio)
{
@ -1568,13 +1837,8 @@ static int dtio_open_output_local(struct dt_io_thread* dtio)
struct sockaddr_un s;
dtio->fd = socket(AF_LOCAL, SOCK_STREAM, 0);
if(dtio->fd == -1) {
#ifndef USE_WINSOCK
log_err("dnstap io: failed to create socket: %s",
strerror(errno));
#else
log_err("dnstap io: failed to create socket: %s",
wsa_strerror(WSAGetLastError()));
#endif
sock_strerror(errno));
return 0;
}
memset(&s, 0, sizeof(s));
@ -1589,13 +1853,13 @@ static int dtio_open_output_local(struct dt_io_thread* dtio)
if(connect(dtio->fd, (struct sockaddr*)&s, (socklen_t)sizeof(s))
== -1) {
char* to = dtio->socket_path;
#ifndef USE_WINSOCK
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN &&
verbosity < 4) {
dtio_close_fd(dtio);
return 0; /* no log retries on low verbosity */
}
log_err("dnstap io: failed to connect to \"%s\": %s",
to, strerror(errno));
#else
log_err("dnstap io: failed to connect to \"%s\": %s",
to, wsa_strerror(WSAGetLastError()));
#endif
to, sock_strerror(errno));
dtio_close_fd(dtio);
return 0;
}
@ -1620,18 +1884,18 @@ static int dtio_open_output_tcp(struct dt_io_thread* dtio)
}
dtio->fd = socket(addr.ss_family, SOCK_STREAM, 0);
if(dtio->fd == -1) {
#ifndef USE_WINSOCK
log_err("can't create socket: %s", strerror(errno));
#else
log_err("can't create socket: %s",
wsa_strerror(WSAGetLastError()));
#endif
log_err("can't create socket: %s", sock_strerror(errno));
return 0;
}
fd_set_nonblock(dtio->fd);
if(connect(dtio->fd, (struct sockaddr*)&addr, addrlen) == -1) {
if(errno == EINPROGRESS)
return 1; /* wait until connect done*/
if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN &&
verbosity < 4) {
dtio_close_fd(dtio);
return 0; /* no log retries on low verbosity */
}
#ifndef USE_WINSOCK
if(tcp_connect_errno_needs_log(
(struct sockaddr *)&addr, addrlen)) {
@ -1693,7 +1957,8 @@ static void dtio_open_output(struct dt_io_thread* dtio)
}
dtio->check_nb_connect = 1;
/* the EV_READ is to catch channel close, write to write packets */
/* the EV_READ is to read ACCEPT control messages, and catch channel
* close. EV_WRITE is to write packets */
ev = ub_event_new(dtio->event_base, dtio->fd,
UB_EV_READ | UB_EV_WRITE | UB_EV_PERSIST, &dtio_output_cb,
dtio);
@ -1712,7 +1977,8 @@ static void dtio_open_output(struct dt_io_thread* dtio)
dtio->event = ev;
/* setup protocol control message to start */
if(!dtio_control_start_send(dtio)) {
if((!dtio->is_bidirectional && !dtio_control_start_send(dtio)) ||
(dtio->is_bidirectional && !dtio_control_ready_send(dtio)) ) {
log_err("dnstap io: out of memory");
ub_event_free(dtio->event);
dtio->event = NULL;
@ -1811,15 +2077,14 @@ void dt_io_thread_stop(struct dt_io_thread* dtio)
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
continue;
log_err("dnstap io stop: write: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEINPROGRESS)
continue;
if(WSAGetLastError() == WSAEWOULDBLOCK)
continue;
log_err("dnstap io stop: write: %s",
wsa_strerror(WSAGetLastError()));
#endif
log_err("dnstap io stop: write: %s",
sock_strerror(errno));
break;
}
break;

34
dnstap/dtstream.h
View file

@ -88,6 +88,27 @@ struct dt_msg_entry {
size_t len;
};
/**
* Containing buffer and counter for reading DNSTAP frames.
*/
struct dt_frame_read_buf {
/** Buffer containing frame, except length counter(s). */
void* buf;
/** Number of bytes written to buffer. */
size_t buf_count;
/** Capacity of the buffer. */
size_t buf_cap;
/** Frame length field. Will contain the 2nd length field for control
* frames. */
uint32_t frame_len;
/** Number of bytes that have been written to the frame_length field. */
size_t frame_len_done;
/** Set to 1 if this is a control frame, 0 otherwise (ie data frame). */
int control_frame;
};
/**
* IO thread that reads from the queues and writes them.
*/
@ -130,6 +151,9 @@ struct dt_io_thread {
* This happens during negotiation, we then do not want to write,
* but wait for a read event. */
int ssl_brief_read;
/** true if SSL_read is waiting for a write event. Set back to 0 after
* single write event is handled. */
int ssl_brief_write;
/** the buffer that currently getting written, or NULL if no
* (partial) message written now */
@ -171,6 +195,16 @@ struct dt_io_thread {
* and client certificates can be used for authentication. */
int upstream_is_tls;
/** Perform bidirectional Frame Streams handshake before sending
* messages. */
int is_bidirectional;
/** Set if the READY control frame has been sent. */
int ready_frame_sent;
/** Set if valid ACCEPT frame is received. */
int accept_frame_received;
/** (partially) read frame */
struct dt_frame_read_buf read_frame;
/** the file path for unix socket (or NULL) */
char* socket_path;
/** the ip address and port number (or NULL) */

94
dnstap/unbound-dnstap-socket.c
View file

@ -278,57 +278,31 @@ static int make_tcp_accept(char* ip)
}
if((s = socket(addr.ss_family, SOCK_STREAM, 0)) == -1) {
#ifndef USE_WINSOCK
log_err("can't create socket: %s", strerror(errno));
#else
log_err("can't create socket: %s",
wsa_strerror(WSAGetLastError()));
#endif
log_err("can't create socket: %s", sock_strerror(errno));
return -1;
}
#ifdef SO_REUSEADDR
if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
(socklen_t)sizeof(on)) < 0) {
#ifndef USE_WINSOCK
log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
strerror(errno));
close(s);
#else
log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
#endif
sock_strerror(errno));
sock_close(s);
return -1;
}
#endif /* SO_REUSEADDR */
if(bind(s, (struct sockaddr*)&addr, len) != 0) {
#ifndef USE_WINSOCK
log_err_addr("can't bind socket", strerror(errno),
log_err_addr("can't bind socket", sock_strerror(errno),
&addr, len);
close(s);
#else
log_err_addr("can't bind socket",
wsa_strerror(WSAGetLastError()), &addr, len);
closesocket(s);
#endif
sock_close(s);
return -1;
}
if(!fd_set_nonblock(s)) {
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
sock_close(s);
return -1;
}
if(listen(s, LISTEN_BACKLOG) == -1) {
#ifndef USE_WINSOCK
log_err("can't listen: %s", strerror(errno));
close(s);
#else
log_err("can't listen: %s", wsa_strerror(WSAGetLastError()));
closesocket(s);
#endif
log_err("can't listen: %s", sock_strerror(errno));
sock_close(s);
return -1;
}
return s;
@ -654,7 +628,6 @@ static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf,
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
return -1;
log_err("could not recv: %s", strerror(errno));
#else /* USE_WINSOCK */
if(WSAGetLastError() == WSAEINPROGRESS)
return -1;
@ -662,9 +635,8 @@ static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf,
ub_winsock_tcp_wouldblock(data->ev, UB_EV_READ);
return -1;
}
log_err("could not recv: %s",
wsa_strerror(WSAGetLastError()));
#endif
log_err("could not recv: %s", sock_strerror(errno));
if(verbosity) log_info("dnstap client stream closed from %s",
(data->id?data->id:""));
return 0;
@ -770,10 +742,11 @@ void tap_data_free(struct tap_data* data)
/** reply with ACCEPT control frame to bidirectional client,
* returns 0 on error */
static int reply_with_accept(int fd)
static int reply_with_accept(struct tap_data* data)
{
#ifdef USE_DNSTAP
/* len includes the escape and framelength */
int r;
size_t len = 0;
void* acceptframe = fstrm_create_control_frame_accept(
DNSTAP_CONTENT_TYPE, &len);
@ -782,26 +755,34 @@ static int reply_with_accept(int fd)
return 0;
}
fd_set_block(fd);
if(send(fd, acceptframe, len, 0) == -1) {
#ifndef USE_WINSOCK
log_err("send failed: %s", strerror(errno));
#else
log_err("send failed: %s", wsa_strerror(WSAGetLastError()));
#endif
fd_set_nonblock(fd);
free(acceptframe);
return 0;
fd_set_block(data->fd);
if(data->ssl) {
if((r=SSL_write(data->ssl, acceptframe, len)) <= 0) {
if(SSL_get_error(data->ssl, r) == SSL_ERROR_ZERO_RETURN)
log_err("SSL_write, peer closed connection");
else
log_err("could not SSL_write");
fd_set_nonblock(data->fd);
free(acceptframe);
return 0;
}
} else {
if(send(data->fd, acceptframe, len, 0) == -1) {
log_err("send failed: %s", sock_strerror(errno));
fd_set_nonblock(data->fd);
free(acceptframe);
return 0;
}
}
if(verbosity) log_info("sent control frame(accept) content-type:(%s)",
DNSTAP_CONTENT_TYPE);
fd_set_nonblock(fd);
fd_set_nonblock(data->fd);
free(acceptframe);
return 1;
#else
log_err("no dnstap compiled, no reply");
(void)fd;
(void)data;
return 0;
#endif
}
@ -820,11 +801,7 @@ static int reply_with_finish(int fd)
fd_set_block(fd);
if(send(fd, finishframe, len, 0) == -1) {
#ifndef USE_WINSOCK
log_err("send failed: %s", strerror(errno));
#else
log_err("send failed: %s", wsa_strerror(WSAGetLastError()));
#endif
log_err("send failed: %s", sock_strerror(errno));
fd_set_nonblock(fd);
free(finishframe);
return 0;
@ -1033,7 +1010,7 @@ void dtio_tap_callback(int fd, short ATTR_UNUSED(bits), void* arg)
FSTRM_CONTROL_FRAME_READY) {
data->is_bidirectional = 1;
if(verbosity) log_info("bidirectional stream");
if(!reply_with_accept(fd)) {
if(!reply_with_accept(data)) {
tap_data_free(data);
}
} else if(data->len >= 4 && sldns_read_uint32(data->frame) ==
@ -1080,7 +1057,6 @@ void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg)
#endif /* EPROTO */
)
return;
log_err_addr("accept failed", strerror(errno), &addr, addrlen);
#else /* USE_WINSOCK */
if(WSAGetLastError() == WSAEINPROGRESS ||
WSAGetLastError() == WSAECONNRESET)
@ -1089,9 +1065,9 @@ void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg)
ub_winsock_tcp_wouldblock(maindata->ev, UB_EV_READ);
return;
}
log_err_addr("accept failed", wsa_strerror(WSAGetLastError()),
&addr, addrlen);
#endif
log_err_addr("accept failed", sock_strerror(errno), &addr,
addrlen);
return;
}
fd_set_nonblock(s);

146
doc/Changelog
View file

@ -1,3 +1,149 @@
15 September 2020: George
- Introduce test for statistics.
15 September 2020: Wouter
- Spelling fix.
11 September 2020: Wouter
- Remove x file mode on ipset/ipset.c and h files.
9 September 2020: Wouter
- Fix num.expired statistics output.
31 August 2020: Wouter
- Merge PR #293: Add missing prototype. Also refactor to use the new
shorthand function to clean up the code.
- Refactor to use sock_strerr shorthand function.
- Fix #296: systemd nss-lookup.target is reached before unbound can
successfully answer queries. Changed contrib/unbound.service.in.
27 August 2020: Wouter
- Similar to NSD PR#113, implement that interface names can be used,
eg. something like interface: eth0 is resolved at server start and
uses the IP addresses for that named interface.
- Review fix, doxygen and assign null in case of error free.
26 August 2020: George
- Update documentation in python example code.
24 August 2020: Wouter
- Fix that dnstap reconnects do not spam the log with the repeated
attempts. Attempts on the timer are only logged on high verbosity,
if they produce a connection failure error.
- Fix to apply chroot to dnstap-socket-path, if chroot is enabled.
- Change configure to use EVP_sha256 instead of HMAC_Update for
openssl-3.0.0.
20 August 2020: Ralph
- Fix stats double count issue (#289).
13 August 2020: Ralph
- Create and init edns tags data for libunbound.
10 August 2020: Ralph
- Merge (modified) PR #277, use EVP_MAC_CTX_set_params if available,
by Vítězslav Čížek.
10 August 2020: Wouter
- Fix #287: doc typo: "Additionaly".
- Rerun autoconf
6 August 2020: Wouter
- Merge PR #284 and Fix #246: Remove DLV entirely from Unbound.
The DLV has been decommisioned and in unbound 1.5.4, in 2015, there
was advise to stop using it. The current code base does not contain
DLV code any more. The use of dlv options displays a warning.
5 August 2020: Wouter
- contrib/aaaa-filter-iterator.patch file renewed diff content to
apply cleanly to the current coderepo for the current code version.
5 August 2020: Ralph
- Merge PR #272: Add EDNS client tag functionality.
4 August 2020: George
- Improve error log message when inserting rpz RR.
- Merge PR #280, Make tvOS & watchOS checks verify truthiness as well as
definedness, by Felipe Gasper.
4 August 2020: Wouter
- Fix mini_event.h on OpenBSD cannot find fd_set.
31 July 2020: Wouter
- Fix doxygen comment for no ssl for tls session ticket key callback
routine.
27 July 2020: George
- Merge PR #268, draft-ietf-dnsop-serve-stale-10 has become RFC 8767 on
March 2020, by and0x000.
27 July 2020: Ralph
- Merge PR #269, Fix python module len() implementations, by Torbjörn
Lönnemark
27 July 2020: Wouter
- branch now named 1.11.1. 1.11.0rc1 became the 1.11.0 release.
- Merge PR #270 from cgzones: munin plugin: always exit 0 in autoconf
20 July 2020: Wouter
- Fix streamtcp to print packet data to stdout. This makes the
stdout and stderr not mix together lines, when parsing its output.
- Fix contrib/fastrpz.patch to apply cleanly. It fixes for changes
due to added libdynmod, but it does not compile, it conflicts with
new rpz code.
- branch now named 1.11.0 and 1.11.0rc1 tag.
17 July 2020: Wouter
- Fix libnettle compile for session ticket key callback function
changes.
- Fix lock dependency cycle in rpz zone config setup.
17 July 2020: Ralph
- Merge PR #234 - Ensure proper alignment of cmsg buffers by Jérémie
Courrèges-Anglas.
- Fix PR #234 log_assert sizeof to use union buffer.
16 July 2020: Wouter
- Fix check conf test for referencing installation paths.
- Fix unused variable warning for clang analyzer.
16 July 2020: George
- Introduce 'include-toplevel:' configuration option.
16 July 2020: Ralph
- Add bidirectional frame streams support.
8 July 2020: Wouter
- Fix add missing DSA header, for compilation without deprecated
OpenSSL APIs.
- Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL
3.0.0-alpha4.
- Longer keys for the test set, this avoids weak crypto errors.
7 July 2020: Wouter
- Fix #259: Fix unbound-checkconf does not check view existence.
unbound-checkconf checks access-control-view, access-control-tags,
access-control-tag-actions and access-control-tag-datas.
- Fix offset of error printout for access-control-tag-datas.
- Review fixes for checkconf #259 change.
6 July 2020: Wouter
- run_vm cleanup better and removes trailing slash on single argument.
29 June 2020: Wouter
- Move reply list clean for serve expired mesh callback to after
the reply is sent, so that script callbacks have reply_info.
- Also move reply list clean for mesh callbacks to the scrip callback
can see the reply_info.
- Fix for mesh accounting if the reply list already empty to begin
with.
- Fix for mesh accounting when rpz decides to drop a reply with a
tcp stream waiting for it.
- Review fix for number of detached states due to use of variable
after end of loop.
- Fix tcp req info drop due to size call into mesh accounting
removal of mesh state during mesh send reply.
24 June 2020: Wouter
- iana portlist updated.
- doxygen file comments for dynlibmodule.

17
doc/example.conf.in
View file

@ -5,9 +5,13 @@
#
# this is a comment.
#Use this to include other text into the file.
# Use this anywhere in the file to include other text into this file.
#include: "otherfile.conf"
# Use this anywhere in the file to include other text, that explicitly starts a
# clause, into this file. Text after this directive needs to start a clause.
#include-toplevel: "otherfile.conf"
# The server clause sets the main parameters.
server:
# whitespace is not necessary, but looks cleaner.
@ -505,11 +509,6 @@ server:
# Root key trust anchor sentinel (draft-ietf-dnsop-kskroll-sentinel)
# root-key-sentinel: yes
# File with DLV trusted keys. Same format as trust-anchor-file.
# There can be only one DLV configured, it is trusted from root down.
# DLV is going to be decommissioned. Please do not use it any more.
# dlv-anchor-file: "dlv.isc.org.key"
# File with trusted keys for validation. Specify more than one file
# with several entries, one file per entry.
# Zone file format, with DS and DNSKEY entries.
@ -585,7 +584,7 @@ server:
#
# Time in milliseconds before replying to the client with expired data.
# This essentially enables the serve-stale behavior as specified in
# draft-ietf-dnsop-serve-stale-10 that first tries to resolve before
# RFC 8767 that first tries to resolve before
# immediately responding with expired data. 0 disables this behavior.
# A recommended value is 1800.
# serve-expired-client-timeout: 0
@ -623,7 +622,7 @@ server:
# more slabs reduce lock contention, but fragment memory usage.
# key-cache-slabs: 4
# the amount of memory to use for the negative cache (used for DLV).
# the amount of memory to use for the negative cache.
# plain value in bytes or you can append k, m or G. default is "1Mb".
# neg-cache-size: 1m
@ -1064,6 +1063,8 @@ remote-control:
# upstream log destination, by socket path, TCP or TLS destination.
# dnstap:
# dnstap-enable: no
# # if set to yes frame streams will be used in bidirectional mode
# dnstap-bidirectional: yes
# dnstap-socket-path: "@DNSTAP_SOCKET_PATH@"
# # if "" use the unix socket in dnstap-socket-path, otherwise,
# # set it to "IPaddress[@port]" of the destination.

46
doc/unbound.conf.5.in
View file

@ -77,6 +77,12 @@ for the included files works, relative pathnames for the included names work
if the directory where the daemon is started equals its chroot/working
directory or is specified before the include statement with directory: dir.
Wildcards can be used to include multiple files, see \fIglob\fR(7).
.P
For a more structural include option, the
.B include\-toplevel:
directive can be used. This closes whatever clause is currently active (if any)
and forces the use of clauses in the included files and right after this
directive.
.SS "Server Options"
These options are part of the
.B server:
@ -116,7 +122,8 @@ The port number, default 53, on which the server responds to queries.
Interface to use to connect to the network. This interface is listened to
for queries from clients, and answers to clients are given from it.
Can be given multiple times to work on several interfaces. If none are
given the default is to listen to localhost.
given the default is to listen to localhost. If an interface name is used
instead of an ip address, the list of ip addresses on that interface are used.
The interfaces are not changed on a reload (kill \-HUP) but only on restart.
A port number can be specified with @port (without spaces between
interface and port number), if not specified the default port (from
@ -1034,26 +1041,11 @@ Send RFC8145 key tag query after trust anchor priming. Default is yes.
.B root\-key\-sentinel: \fI<yes or no>
Root key trust anchor sentinel. Default is yes.
.TP
.B dlv\-anchor\-file: \fI<filename>
This option was used during early days DNSSEC deployment when no parent-side
DS record registrations were easily available. Nowadays, it is best to have
DS records registered with the parent zone (many top level zones are signed).
File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and
DNSKEY entries can be used in the file, in the same format as for
\fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more
would be slow. The DLV configured is used as a root trusted DLV, this
means that it is a lookaside for the root. Default is "", or no dlv anchor
file. DLV is going to be decommissioned. Please do not use it any more.
.TP
.B dlv\-anchor: \fI<"Resource Record">
Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline.
DLV is going to be decommissioned. Please do not use it any more.
.TP
.B domain\-insecure: \fI<domain name>
Sets domain name to be insecure, DNSSEC chain of trust is ignored towards
the domain name. So a trust anchor above the domain name can not make the
domain secure with a DS record, such a DS record is then ignored.
Also keys from DLV are ignored for the domain. Can be given multiple times
Can be given multiple times
to specify multiple domains that are treated as if unsigned. If you set
trust anchors for the domain they override this setting (and the domain
is secured).
@ -1132,7 +1124,7 @@ later on. Default is "no".
.B serve\-expired\-ttl: \fI<seconds>
Limit serving of expired responses to configured seconds after expiration. 0
disables the limit. This option only applies when \fBserve\-expired\fR is
enabled. A suggested value per draft-ietf-dnsop-serve-stale-10 is between
enabled. A suggested value per RFC 8767 is between
86400 (1 day) and 259200 (3 days). The default is 0.
.TP
.B serve\-expired\-ttl\-reset: \fI<yes or no>
@ -1144,14 +1136,14 @@ expired records will be served as long as there are queries for it. Default is
.B serve\-expired\-reply\-ttl: \fI<seconds>
TTL value to use when replying with expired data. If
\fBserve\-expired\-client\-timeout\fR is also used then it is RECOMMENDED to
use 30 as the value (draft-ietf-dnsop-serve-stale-10). The default is 30.
use 30 as the value (RFC 8767). The default is 30.
.TP
.B serve\-expired\-client\-timeout: \fI<msec>
Time in milliseconds before replying to the client with expired data. This
essentially enables the serve-stale behavior as specified in
draft-ietf-dnsop-serve-stale-10 that first tries to resolve before immediately
RFC 8767 that first tries to resolve before immediately
responding with expired data. A recommended value per
draft-ietf-dnsop-serve-stale-10 is 1800. Setting this to 0 will disable this
RFC 8767 is 1800. Setting this to 0 will disable this
behavior. Default is 0.
.TP
.B val\-nsec3\-keysize\-iterations: \fI<"list of values">
@ -1540,6 +1532,12 @@ servers set. The default for fast\-server\-permil is 0.
Set the number of servers that should be used for fast server selection. Only
use the fastest specified number of servers with the fast\-server\-permil
option, that turns this on or off. The default is to use the fastest 3 servers.
.TP 5
.B edns\-client\-tag: \fI<IP netblock> <tag data>
Include an edns-client-tag option in queries with destination address matching
the configured IP netblock. This configuration option can be used multiple
times. The most specific match will be used. The tag data is configured in
decimal format, from 0 to 65535.
.SS "Remote Control Options"
In the
.B remote\-control:
@ -2134,7 +2132,7 @@ even if some data have expired in terms of DNS TTL or the Redis server has
cached too much data;
if necessary the Redis server must be configured to limit the cache size,
preferably with some kind of least-recently-used eviction policy.
Additionaly, the \fBredis\-expire\-records\fR option can be used in order to
Additionally, the \fBredis\-expire\-records\fR option can be used in order to
set the relative DNS TTL of the message as timeout to the Redis records; keep
in mind that some additional memory is used per key and that the expire
information is stored as absolute Unix timestamps in Redis (computer time must
@ -2213,6 +2211,10 @@ If dnstap is enabled. Default no. If yes, it connects to the dnstap server
and if any of the dnstap-log-..-messages options is enabled it sends logs
for those messages to the server.
.TP
.B dnstap-bidirectional: \fI<yes or no>
Use frame streams in bidirectional mode to transfer DNSTAP messages. Default is
yes.
.TP
.B dnstap-socket-path: \fI<file name>
Sets the unix socket file name for connecting to the server that is
listening on that socket. Default is "@DNSTAP_SOCKET_PATH@".

0
ipset/ipset.c Executable file → Normal file
View file

0
ipset/ipset.h Executable file → Normal file
View file

2
iterator/iterator.c
View file

@ -3191,7 +3191,7 @@ processPrimeResponse(struct module_qstate* qstate, int id)
/* validate the root or stub after priming (if enabled).
* This is the same query as the prime query, but with validation.
* Now that we are primed, the additional queries that validation
* may need can be resolved, such as DLV. */
* may need can be resolved. */
if(qstate->env->cfg->harden_referral_path) {
struct module_qstate* subq = NULL;
log_nametypeclass(VERB_ALGO, "schedule prime validation",

3
libunbound/context.c
View file

@ -50,6 +50,7 @@
#include "services/authzone.h"
#include "util/data/msgreply.h"
#include "util/storage/slabhash.h"
#include "util/edns.h"
#include "sldns/sbuffer.h"
int
@ -79,6 +80,8 @@ context_finalize(struct ub_ctx* ctx)
return UB_INITFAIL;
if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz))
return UB_INITFAIL;
if(!edns_tags_apply_cfg(ctx->env->edns_tags, cfg))
return UB_INITFAIL;
if(!slabhash_is_size(ctx->env->msg_cache, cfg->msg_cache_size,
cfg->msg_cache_slabs)) {
slabhash_delete(ctx->env->msg_cache);

13
libunbound/libunbound.c
View file

@ -58,6 +58,7 @@
#include "util/net_help.h"
#include "util/tube.h"
#include "util/ub_event.h"
#include "util/edns.h"
#include "services/modstack.h"
#include "services/localzone.h"
#include "services/cache/infra.h"
@ -153,6 +154,18 @@ static struct ub_ctx* ub_ctx_create_nopipe(void)
errno = ENOMEM;
return NULL;
}
ctx->env->edns_tags = edns_tags_create();
if(!ctx->env->edns_tags) {
auth_zones_delete(ctx->env->auth_zones);
edns_known_options_delete(ctx->env);
config_delete(ctx->env->cfg);
free(ctx->env);
ub_randfree(ctx->seed_rnd);
free(ctx);
errno = ENOMEM;
return NULL;
}
ctx->env->alloc = &ctx->superalloc;
ctx->env->worker = NULL;
ctx->env->need_to_validate = 0;

2
libunbound/libworker.c
View file

@ -78,7 +78,7 @@
#include <TargetConditionals.h>
#endif
#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH)
#if (defined(TARGET_OS_TV) && TARGET_OS_TV) || (defined(TARGET_OS_WATCH) && TARGET_OS_WATCH)
#undef HAVE_FORK
#endif

8
pythonmod/doc/modules/config.rst
View file

@ -256,14 +256,6 @@ config_file
Files with trusted DNSKEYs in named.conf format, list.
.. attribute:: dlv_anchor_file
DLV anchor file.
.. attribute:: dlv_anchor_list
DLV anchor inline.
.. attribute:: max_ttl
The number of seconds maximal TTL used for RRsets and messages.

2
pythonmod/examples/avahi-resolver.py
View file

@ -59,6 +59,8 @@
# | num-threads: 32
# | cache-max-negative-ttl: 60
# | cache-max-ttl: 60
# | python:
# | python-script: path/to/this/file
#
#
# The plugin can also be run interactively. Provide the name and

12
pythonmod/interface.i
View file

@ -314,16 +314,16 @@ struct packed_rrset_data {
class RRSetData_RRLen:
def __init__(self, obj): self.obj = obj
def __getitem__(self, index): return _unboundmodule._get_data_rr_len(self.obj, index)
def __len__(self): return obj.count + obj.rrsig_count
def __len__(self): return self.obj.count + self.obj.rrsig_count
class RRSetData_RRTTL:
def __init__(self, obj): self.obj = obj
def __getitem__(self, index): return _unboundmodule._get_data_rr_ttl(self.obj, index)
def __setitem__(self, index, value): _unboundmodule._set_data_rr_ttl(self.obj, index, value)
def __len__(self): return obj.count + obj.rrsig_count
def __len__(self): return self.obj.count + self.obj.rrsig_count
class RRSetData_RRData:
def __init__(self, obj): self.obj = obj
def __getitem__(self, index): return _unboundmodule._get_data_rr_data(self.obj, index)
def __len__(self): return obj.count + obj.rrsig_count
def __len__(self): return self.obj.count + self.obj.rrsig_count
%}
%inline %{
@ -404,12 +404,12 @@ struct dns_msg {
class ReplyInfo_RRSet:
def __init__(self, obj): self.obj = obj
def __getitem__(self, index): return _unboundmodule._rrset_rrsets_get(self.obj, index)
def __len__(self): return obj.rrset_count
def __len__(self): return self.obj.rrset_count
class ReplyInfo_Ref:
def __init__(self, obj): self.obj = obj
def __getitem__(self, index): return _unboundmodule._rrset_ref_get(self.obj, index)
def __len__(self): return obj.rrset_count
def __len__(self): return self.obj.rrset_count
%}
%inline %{
@ -992,8 +992,6 @@ struct config_file {
struct config_strlist* trust_anchor_file_list;
struct config_strlist* trust_anchor_list;
struct config_strlist* trusted_keys_file_list;
char* dlv_anchor_file;
struct config_strlist* dlv_anchor_list;
int max_ttl;
int32_t val_date_override;
int bogus_ttl;

18
services/authzone.c
View file

@ -1866,15 +1866,26 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c)
struct auth_xfer* x = NULL;
/* create zone */
if(c->isrpz) {
/* if the rpz lock is needed, grab it before the other
* locks to avoid a lock dependency cycle */
lock_rw_wrlock(&az->rpz_lock);
}
lock_rw_wrlock(&az->lock);
if(!(z=auth_zones_find_or_add_zone(az, c->name))) {
lock_rw_unlock(&az->lock);
if(c->isrpz) {
lock_rw_unlock(&az->rpz_lock);
}
return 0;
}
if(c->masters || c->urls) {
if(!(x=auth_zones_find_or_add_xfer(az, z))) {
lock_rw_unlock(&az->lock);
lock_rw_unlock(&z->lock);
if(c->isrpz) {
lock_rw_unlock(&az->rpz_lock);
}
return 0;
}
}
@ -1889,6 +1900,9 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c)
lock_basic_unlock(&x->lock);
}
lock_rw_unlock(&z->lock);
if(c->isrpz) {
lock_rw_unlock(&az->rpz_lock);
}
return 0;
}
z->for_downstream = c->for_downstream;
@ -1900,11 +1914,13 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c)
return 0;
}
lock_protect(&z->lock, &z->rpz->local_zones, sizeof(*z->rpz));
lock_rw_wrlock(&az->rpz_lock);
/* the az->rpz_lock is locked above */
z->rpz_az_next = az->rpz_first;
if(az->rpz_first)
az->rpz_first->rpz_az_prev = z;
az->rpz_first = z;
}
if(c->isrpz) {
lock_rw_unlock(&az->rpz_lock);
}

5
services/cache/dns.c vendored
View file

@ -890,9 +890,8 @@ dns_cache_lookup(struct module_env* env,
lock_rw_unlock(&rrset->entry.lock);
}
/* construct DS, DNSKEY, DLV messages from rrset cache. */
if((qtype == LDNS_RR_TYPE_DS || qtype == LDNS_RR_TYPE_DNSKEY ||
qtype == LDNS_RR_TYPE_DLV) &&
/* construct DS, DNSKEY messages from rrset cache. */
if((qtype == LDNS_RR_TYPE_DS || qtype == LDNS_RR_TYPE_DNSKEY) &&
(rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen,
qtype, qclass, 0, now, 0))) {
/* if the rrset is from the additional section, and the

403
services/listen_dnsport.c
View file

@ -71,6 +71,13 @@
#include <systemd/sd-daemon.h>
#endif
#ifdef HAVE_IFADDRS_H
#include <ifaddrs.h>
#endif
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif
/** number of queued TCP connections for listen() */
#define TCP_BACKLOG 256
@ -234,16 +241,14 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
*noproto = 1;
return -1;
}
log_err("can't create socket: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEAFNOSUPPORT ||
WSAGetLastError() == WSAEPROTONOSUPPORT) {
*noproto = 1;
return -1;
}
log_err("can't create socket: %s",
wsa_strerror(WSAGetLastError()));
#endif
log_err("can't create socket: %s", sock_strerror(errno));
*noproto = 0;
return -1;
}
@ -256,9 +261,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
#ifdef SO_REUSEADDR
if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
(socklen_t)sizeof(on)) < 0) {
#ifndef USE_WINSOCK
log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
strerror(errno));
sock_strerror(errno));
#ifndef USE_WINSOCK
if(errno != ENOSYS) {
close(s);
*noproto = 0;
@ -266,8 +271,6 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
return -1;
}
#else
log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
*noproto = 0;
*inuse = 0;
@ -359,16 +362,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv,
(socklen_t)sizeof(rcv)) < 0) {
if(errno != EPERM) {
# ifndef USE_WINSOCK
log_err("setsockopt(..., SO_RCVBUFFORCE, "
"...) failed: %s", strerror(errno));
close(s);
# else
log_err("setsockopt(..., SO_RCVBUFFORCE, "
"...) failed: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
# endif
"...) failed: %s", sock_strerror(errno));
sock_close(s);
*noproto = 0;
*inuse = 0;
return -1;
@ -376,16 +372,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
# endif /* SO_RCVBUFFORCE */
if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv,
(socklen_t)sizeof(rcv)) < 0) {
# ifndef USE_WINSOCK
log_err("setsockopt(..., SO_RCVBUF, "
"...) failed: %s", strerror(errno));
close(s);
# else
log_err("setsockopt(..., SO_RCVBUF, "
"...) failed: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
# endif
"...) failed: %s", sock_strerror(errno));
sock_close(s);
*noproto = 0;
*inuse = 0;
return -1;
@ -418,16 +407,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd,
(socklen_t)sizeof(snd)) < 0) {
if(errno != EPERM) {
# ifndef USE_WINSOCK
log_err("setsockopt(..., SO_SNDBUFFORCE, "
"...) failed: %s", strerror(errno));
close(s);
# else
log_err("setsockopt(..., SO_SNDBUFFORCE, "
"...) failed: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
# endif
"...) failed: %s", sock_strerror(errno));
sock_close(s);
*noproto = 0;
*inuse = 0;
return -1;
@ -435,16 +417,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
# endif /* SO_SNDBUFFORCE */
if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd,
(socklen_t)sizeof(snd)) < 0) {
# ifndef USE_WINSOCK
log_err("setsockopt(..., SO_SNDBUF, "
"...) failed: %s", strerror(errno));
close(s);
# else
log_err("setsockopt(..., SO_SNDBUF, "
"...) failed: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
# endif
"...) failed: %s", sock_strerror(errno));
sock_close(s);
*noproto = 0;
*inuse = 0;
return -1;
@ -474,16 +449,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
int val=(v6only==2)?0:1;
if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
(void*)&val, (socklen_t)sizeof(val)) < 0) {
#ifndef USE_WINSOCK
log_err("setsockopt(..., IPV6_V6ONLY"
", ...) failed: %s", strerror(errno));
close(s);
#else
log_err("setsockopt(..., IPV6_V6ONLY"
", ...) failed: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
#endif
", ...) failed: %s", sock_strerror(errno));
sock_close(s);
*noproto = 0;
*inuse = 0;
return -1;
@ -501,16 +469,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
*/
if (setsockopt(s, IPPROTO_IPV6, IPV6_USE_MIN_MTU,
(void*)&on, (socklen_t)sizeof(on)) < 0) {
# ifndef USE_WINSOCK
log_err("setsockopt(..., IPV6_USE_MIN_MTU, "
"...) failed: %s", strerror(errno));
close(s);
# else
log_err("setsockopt(..., IPV6_USE_MIN_MTU, "
"...) failed: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
# endif
"...) failed: %s", sock_strerror(errno));
sock_close(s);
*noproto = 0;
*inuse = 0;
return -1;
@ -523,15 +484,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
*/
if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU,
(void*)&mtu, (socklen_t)sizeof(mtu)) < 0) {
# ifndef USE_WINSOCK
log_err("setsockopt(..., IPV6_MTU, ...) failed: %s",
strerror(errno));
close(s);
# else
log_err("setsockopt(..., IPV6_MTU, ...) failed: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
# endif
sock_strerror(errno));
sock_close(s);
*noproto = 0;
*inuse = 0;
return -1;
@ -555,12 +510,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
if (errno != EINVAL) {
log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s",
strerror(errno));
# ifndef USE_WINSOCK
close(s);
# else
closesocket(s);
# endif
sock_close(s);
*noproto = 0;
*inuse = 0;
return -1;
@ -577,11 +527,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
&action, (socklen_t)sizeof(action)) < 0) {
log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s",
strerror(errno));
# ifndef USE_WINSOCK
close(s);
# else
closesocket(s);
# endif
sock_close(s);
*noproto = 0;
*inuse = 0;
return -1;
@ -593,11 +539,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
&off, (socklen_t)sizeof(off)) < 0) {
log_err("setsockopt(..., IP_DONTFRAG, ...) failed: %s",
strerror(errno));
# ifndef USE_WINSOCK
close(s);
# else
closesocket(s);
# endif
sock_close(s);
*noproto = 0;
*inuse = 0;
return -1;
@ -627,7 +569,6 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
(struct sockaddr_storage*)addr, addrlen);
}
#endif /* EADDRINUSE */
close(s);
#else /* USE_WINSOCK */
if(WSAGetLastError() != WSAEADDRINUSE &&
WSAGetLastError() != WSAEADDRNOTAVAIL &&
@ -636,18 +577,14 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
wsa_strerror(WSAGetLastError()),
(struct sockaddr_storage*)addr, addrlen);
}
closesocket(s);
#endif /* USE_WINSOCK */
sock_close(s);
return -1;
}
if(!fd_set_nonblock(s)) {
*noproto = 0;
*inuse = 0;
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
sock_close(s);
return -1;
}
return s;
@ -692,16 +629,14 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
*noproto = 1;
return -1;
}
log_err("can't create socket: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEAFNOSUPPORT ||
WSAGetLastError() == WSAEPROTONOSUPPORT) {
*noproto = 1;
return -1;
}
log_err("can't create socket: %s",
wsa_strerror(WSAGetLastError()));
#endif
log_err("can't create socket: %s", sock_strerror(errno));
return -1;
}
if(nodelay) {
@ -724,13 +659,8 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
#if defined(IPPROTO_TCP) && defined(TCP_MAXSEG)
if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, (void*)&mss,
(socklen_t)sizeof(mss)) < 0) {
#ifndef USE_WINSOCK
log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s",
strerror(errno));
#else
log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s",
wsa_strerror(WSAGetLastError()));
#endif
sock_strerror(errno));
} else {
verbose(VERB_ALGO,
" tcp socket mss set to %d", mss);
@ -747,15 +677,9 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
#ifdef SO_REUSEADDR
if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
(socklen_t)sizeof(on)) < 0) {
#ifndef USE_WINSOCK
log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
strerror(errno));
close(s);
#else
log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
#endif
sock_strerror(errno));
sock_close(s);
return -1;
}
#endif /* SO_REUSEADDR */
@ -790,15 +714,9 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
if(addr->ai_family == AF_INET6 && v6only) {
if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
(void*)&on, (socklen_t)sizeof(on)) < 0) {
#ifndef USE_WINSOCK
log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s",
strerror(errno));
close(s);
#else
log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
#endif
sock_strerror(errno));
sock_close(s);
return -1;
}
}
@ -845,32 +763,22 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
(struct sockaddr_storage*)addr->ai_addr,
addr->ai_addrlen);
}
close(s);
#else
log_err_addr("can't bind socket",
wsa_strerror(WSAGetLastError()),
(struct sockaddr_storage*)addr->ai_addr,
addr->ai_addrlen);
closesocket(s);
#endif
sock_close(s);
return -1;
}
if(!fd_set_nonblock(s)) {
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
sock_close(s);
return -1;
}
if(listen(s, TCP_BACKLOG) == -1) {
#ifndef USE_WINSOCK
log_err("can't listen: %s", strerror(errno));
close(s);
#else
log_err("can't listen: %s", wsa_strerror(WSAGetLastError()));
closesocket(s);
#endif
log_err("can't listen: %s", sock_strerror(errno));
sock_close(s);
return -1;
}
#ifdef USE_TCP_FASTOPEN
@ -925,34 +833,6 @@ set_ip_dscp(int socket, int addrfamily, int dscp)
return NULL;
}
# ifndef USE_WINSOCK
char*
sock_strerror(int errn)
{
return strerror(errn);
}
void
sock_close(int socket)
{
close(socket);
}
# else
char*
sock_strerror(int ATTR_UNUSED(errn))
{
return wsa_strerror(WSAGetLastError());
}
void
sock_close(int socket)
{
closesocket(socket);
}
# endif /* USE_WINSOCK */
int
create_local_accept_sock(const char *path, int* noproto, int use_systemd)
{
@ -1013,11 +893,7 @@ create_local_accept_sock(const char *path, int* noproto, int use_systemd)
return s;
err:
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
sock_close(s);
return -1;
#ifdef HAVE_SYSTEMD
@ -1289,20 +1165,12 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
}
/* getting source addr packet info is highly non-portable */
if(!set_recvpktinfo(s, hints->ai_family)) {
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
sock_close(s);
return 0;
}
if(!port_insert(list, s,
is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) {
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
sock_close(s);
return 0;
}
} else if(do_udp) {
@ -1318,11 +1186,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
}
if(!port_insert(list, s,
is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) {
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
sock_close(s);
return 0;
}
}
@ -1350,11 +1214,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
if(is_ssl)
verbose(VERB_ALGO, "setup TCP for SSL service");
if(!port_insert(list, s, port_type)) {
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
sock_close(s);
return 0;
}
}
@ -1537,8 +1397,163 @@ listen_delete(struct listen_dnsport* front)
}
}
#ifdef HAVE_GETIFADDRS
static int
resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addresses, int *ip_addresses_size)
{
struct ifaddrs *ifa;
int last_ip_addresses_size = *ip_addresses_size;
for(ifa = ifas; ifa != NULL; ifa = ifa->ifa_next) {
sa_family_t family;
const char* atsign;
#ifdef INET6 /* | address ip | % | ifa name | @ | port | nul */
char addr_buf[INET6_ADDRSTRLEN + 1 + IF_NAMESIZE + 1 + 16 + 1];
#else
char addr_buf[INET_ADDRSTRLEN + 1 + 16 + 1];
#endif
if((atsign=strrchr(search_ifa, '@')) != NULL) {
if(strlen(ifa->ifa_name) != (size_t)(atsign-search_ifa)
|| strncmp(ifa->ifa_name, search_ifa,
atsign-search_ifa) != 0)
continue;
} else {
if(strcmp(ifa->ifa_name, search_ifa) != 0)
continue;
atsign = "";
}
if(ifa->ifa_addr == NULL)
continue;
family = ifa->ifa_addr->sa_family;
if(family == AF_INET) {
char a4[INET_ADDRSTRLEN + 1];
struct sockaddr_in *in4 = (struct sockaddr_in *)
ifa->ifa_addr;
if(!inet_ntop(family, &in4->sin_addr, a4, sizeof(a4))) {
log_err("inet_ntop failed");
return 0;
}
snprintf(addr_buf, sizeof(addr_buf), "%s%s",
a4, atsign);
}
#ifdef INET6
else if(family == AF_INET6) {
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)
ifa->ifa_addr;
char a6[INET6_ADDRSTRLEN + 1];
char if_index_name[IF_NAMESIZE + 1];
if_index_name[0] = 0;
if(!inet_ntop(family, &in6->sin6_addr, a6, sizeof(a6))) {
log_err("inet_ntop failed");
return 0;
}
if_indextoname(in6->sin6_scope_id,
(char *)if_index_name);
if (strlen(if_index_name) != 0) {
snprintf(addr_buf, sizeof(addr_buf),
"%s%%%s%s", a6, if_index_name, atsign);
} else {
snprintf(addr_buf, sizeof(addr_buf), "%s%s",
a6, atsign);
}
}
#endif
else {
continue;
}
verbose(4, "interface %s has address %s", search_ifa, addr_buf);
*ip_addresses = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1));
if(!*ip_addresses) {
log_err("realloc failed: out of memory");
return 0;
}
(*ip_addresses)[*ip_addresses_size] = strdup(addr_buf);
if(!(*ip_addresses)[*ip_addresses_size]) {
log_err("strdup failed: out of memory");
return 0;
}
(*ip_addresses_size)++;
}
if (*ip_addresses_size == last_ip_addresses_size) {
*ip_addresses = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1));
if(!*ip_addresses) {
log_err("realloc failed: out of memory");
return 0;
}
(*ip_addresses)[*ip_addresses_size] = strdup(search_ifa);
if(!(*ip_addresses)[*ip_addresses_size]) {
log_err("strdup failed: out of memory");
return 0;
}
(*ip_addresses_size)++;
}
return 1;
}
#endif /* HAVE_GETIFADDRS */
int resolve_interface_names(struct config_file* cfg, char*** resif,
int* num_resif)
{
#ifdef HAVE_GETIFADDRS
int i;
struct ifaddrs *addrs = NULL;
if(cfg->num_ifs == 0) {
*resif = NULL;
*num_resif = 0;
return 1;
}
if(getifaddrs(&addrs) == -1) {
log_err("failed to list interfaces: getifaddrs: %s",
strerror(errno));
freeifaddrs(addrs);
return 0;
}
for(i=0; i<cfg->num_ifs; i++) {
if(!resolve_ifa_name(addrs, cfg->ifs[i], resif, num_resif)) {
freeifaddrs(addrs);
config_del_strarray(*resif, *num_resif);
*resif = NULL;
*num_resif = 0;
return 0;
}
}
freeifaddrs(addrs);
return 1;
#else
int i;
if(cfg->num_ifs == 0) {
*resif = NULL;
*num_resif = 0;
return 1;
}
*num_resif = cfg->num_ifs;
*resif = calloc(*num_resif, sizeof(**resif));
if(!*resif) {
log_err("out of memory");
return 0;
}
for(i=0; i<*num_resif; i++) {
(*resif)[i] = strdup(cfg->ifs[i]);
if(!((*resif)[i])) {
log_err("out of memory");
config_del_strarray(*resif, *num_resif);
*resif = NULL;
*num_resif = 0;
return 0;
}
}
return 1;
#endif /* HAVE_GETIFADDRS */
}
struct listen_port*
listening_ports_open(struct config_file* cfg, int* reuseport)
listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs,
int* reuseport)
{
struct listen_port* list = NULL;
struct addrinfo hints;
@ -1557,7 +1572,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_PASSIVE;
/* no name lookups on our listening ports */
if(cfg->num_ifs > 0)
if(num_ifs > 0)
hints.ai_flags |= AI_NUMERICHOST;
hints.ai_family = AF_UNSPEC;
#ifndef INET6
@ -1567,7 +1582,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
return NULL;
}
/* create ip4 and ip6 ports so that return addresses are nice. */
if(do_auto || cfg->num_ifs == 0) {
if(do_auto || num_ifs == 0) {
if(do_ip6) {
hints.ai_family = AF_INET6;
if(!ports_create_if(do_auto?"::0":"::1",
@ -1598,12 +1613,12 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
return NULL;
}
}
} else for(i = 0; i<cfg->num_ifs; i++) {
if(str_is_ip6(cfg->ifs[i])) {
} else for(i = 0; i<num_ifs; i++) {
if(str_is_ip6(ifs[i])) {
if(!do_ip6)
continue;
hints.ai_family = AF_INET6;
if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
if(!ports_create_if(ifs[i], 0, cfg->do_udp,
do_tcp, &hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->tls_additional_port,
@ -1618,7 +1633,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
if(!do_ip4)
continue;
hints.ai_family = AF_INET;
if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp,
if(!ports_create_if(ifs[i], 0, cfg->do_udp,
do_tcp, &hints, portbuf, &list,
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, cfg->tls_additional_port,
@ -1640,11 +1655,7 @@ void listening_ports_free(struct listen_port* list)
while(list) {
nx = list->next;
if(list->fd != -1) {
#ifndef USE_WINSOCK
close(list->fd);
#else
closesocket(list->fd);
#endif
sock_close(list->fd);
}
free(list);
list = nx;

16
services/listen_dnsport.h
View file

@ -121,19 +121,32 @@ struct listen_port {
* interfaces for IP4 and/or IP6, for UDP and/or TCP.
* On the given port number. It creates the sockets.
* @param cfg: settings on what ports to open.
* @param ifs: interfaces to open, array of IP addresses, "ip[@port]".
* @param num_ifs: length of ifs.
* @param reuseport: set to true if you want reuseport, or NULL to not have it,
* set to false on exit if reuseport failed to apply (because of no
* kernel support).
* @return: linked list of ports or NULL on error.
*/
struct listen_port* listening_ports_open(struct config_file* cfg,
int* reuseport);
char** ifs, int num_ifs, int* reuseport);
/**
* Close and delete the (list of) listening ports.
*/
void listening_ports_free(struct listen_port* list);
/**
* Resolve interface names in config and store result IP addresses
* @param cfg: config
* @param resif: string array (malloced array of malloced strings) with
* result. NULL if cfg has none.
* @param num_resif: length of resif. Zero if cfg has zero num_ifs.
* @return 0 on failure.
*/
int resolve_interface_names(struct config_file* cfg, char*** resif,
int* num_resif);
/**
* Create commpoints with for this thread for the shared ports.
* @param base: the comm_base that provides event functionality.
@ -408,6 +421,5 @@ int http2_submit_dns_response(void* v);
#endif /* HAVE_NGHTTP2 */
char* set_ip_dscp(int socket, int addrfamily, int ds);
char* sock_strerror(int errn);
#endif /* LISTEN_DNSPORT_H */

81
services/mesh.c
View file

@ -1306,7 +1306,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
void mesh_query_done(struct mesh_state* mstate)
{
struct mesh_reply* r, *reply_list = NULL;
struct mesh_reply* r;
struct mesh_reply* prev = NULL;
struct sldns_buffer* prev_buffer = NULL;
struct mesh_cb* c;
@ -1330,27 +1330,7 @@ void mesh_query_done(struct mesh_state* mstate)
free(err);
}
}
if(mstate->reply_list) {
/* set the reply_list to NULL during the mesh_query_done
* processing, so that calls back into the mesh from
* tcp_req_info (deciding to drop the reply and thus
* unregister the mesh_reply from the mstate) are stopped
* because the list is empty.
* The mstate is then likely not a reply_state, and maybe
* also a detached_state.
*/
reply_list = mstate->reply_list;
mstate->reply_list = NULL;
if(!mstate->reply_list && !mstate->cb_list) {
/* was a reply state, not anymore */
log_assert(mstate->s.env->mesh->num_reply_states > 0);
mstate->s.env->mesh->num_reply_states--;
}
if(!mstate->reply_list && !mstate->cb_list &&
mstate->super_set.count == 0)
mstate->s.env->mesh->num_detached_states++;
}
for(r = reply_list; r; r = r->next) {
for(r = mstate->reply_list; r; r = r->next) {
/* if a response-ip address block has been stored the
* information should be logged for each client. */
if(mstate->s.respip_action_info &&
@ -1374,15 +1354,31 @@ void mesh_query_done(struct mesh_state* mstate)
/* if this query is determined to be dropped during the
* mesh processing, this is the point to take that action. */
if(mstate->s.is_drop) {
/* briefly set the reply_list to NULL, so that the
* tcp req info cleanup routine that calls the mesh
* to deregister the meshstate for it is not done
* because the list is NULL and also accounting is not
* done there, but instead we do that here. */
struct mesh_reply* reply_list = mstate->reply_list;
mstate->reply_list = NULL;
comm_point_drop_reply(&r->query_reply);
mstate->reply_list = reply_list;
} else {
struct sldns_buffer* r_buffer = r->query_reply.c->buffer;
struct mesh_reply* rlist = mstate->reply_list;
if(r->query_reply.c->tcp_req_info) {
r_buffer = r->query_reply.c->tcp_req_info->spool_buffer;
prev_buffer = NULL;
}
/* briefly set the replylist to null in case the
* meshsendreply calls tcpreqinfo sendreply that
* comm_point_drops because of size, and then the
* null stops the mesh state remove and thus
* reply_list modification and accounting */
mstate->reply_list = NULL;
mesh_send_reply(mstate, mstate->s.return_rcode, rep,
r, r_buffer, prev, prev_buffer);
mstate->reply_list = rlist;
if(r->query_reply.c->tcp_req_info) {
tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate);
r_buffer = NULL;
@ -1391,6 +1387,17 @@ void mesh_query_done(struct mesh_state* mstate)
prev_buffer = r_buffer;
}
}
if(mstate->reply_list) {
mstate->reply_list = NULL;
if(!mstate->reply_list && !mstate->cb_list) {
/* was a reply state, not anymore */
log_assert(mstate->s.env->mesh->num_reply_states > 0);
mstate->s.env->mesh->num_reply_states--;
}
if(!mstate->reply_list && !mstate->cb_list &&
mstate->super_set.count == 0)
mstate->s.env->mesh->num_detached_states++;
}
mstate->replies_sent = 1;
while((c = mstate->cb_list) != NULL) {
/* take this cb off the list; so that the list can be
@ -1887,7 +1894,7 @@ mesh_serve_expired_callback(void* arg)
{
struct mesh_state* mstate = (struct mesh_state*) arg;
struct module_qstate* qstate = &mstate->s;
struct mesh_reply* r;
struct mesh_reply* r, *rlist;
struct mesh_area* mesh = qstate->env->mesh;
struct dns_msg* msg;
struct mesh_cb* c;
@ -1970,16 +1977,7 @@ mesh_serve_expired_callback(void* arg)
if(verbosity >= VERB_ALGO)
log_dns_msg("Serve expired lookup", &qstate->qinfo, msg->rep);
r = mstate->reply_list;
mstate->reply_list = NULL;
if(!mstate->reply_list && !mstate->cb_list && r) {
log_assert(mesh->num_reply_states > 0);
mesh->num_reply_states--;
if(mstate->super_set.count == 0) {
mesh->num_detached_states++;
}
}
for(; r; r = r->next) {
for(r = mstate->reply_list; r; r = r->next) {
/* If address info is returned, it means the action should be an
* 'inform' variant and the information should be logged. */
if(actinfo.addrinfo) {
@ -2001,8 +1999,15 @@ mesh_serve_expired_callback(void* arg)
r_buffer = r->query_reply.c->buffer;
if(r->query_reply.c->tcp_req_info)
r_buffer = r->query_reply.c->tcp_req_info->spool_buffer;
/* briefly set the replylist to null in case the meshsendreply
* calls tcpreqinfo sendreply that comm_point_drops because
* of size, and then the null stops the mesh state remove and
* thus reply_list modification and accounting */
rlist = mstate->reply_list;
mstate->reply_list = NULL;
mesh_send_reply(mstate, LDNS_RCODE_NOERROR, msg->rep,
r, r_buffer, prev, prev_buffer);
mstate->reply_list = rlist;
if(r->query_reply.c->tcp_req_info)
tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate);
prev = r;
@ -2012,6 +2017,16 @@ mesh_serve_expired_callback(void* arg)
mesh->ans_expired++;
}
if(mstate->reply_list) {
mstate->reply_list = NULL;
if(!mstate->reply_list && !mstate->cb_list) {
log_assert(mesh->num_reply_states > 0);
mesh->num_reply_states--;
if(mstate->super_set.count == 0) {
mesh->num_detached_states++;
}
}
}
while((c = mstate->cb_list) != NULL) {
/* take this cb off the list; so that the list can be
* changed, eg. by adds from the callback routine */

35
services/outside_network.c
View file

@ -58,6 +58,7 @@
#include "util/net_help.h"
#include "util/random.h"
#include "util/fptr_wlist.h"
#include "util/edns.h"
#include "sldns/sbuffer.h"
#include "dnstap/dnstap.h"
#ifdef HAVE_OPENSSL_SSL_H
@ -165,11 +166,7 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s)
if(num == 0) {
log_err("no TCP outgoing interfaces of family");
log_addr(VERB_OPS, "for addr", &w->addr, w->addrlen);
#ifndef USE_WINSOCK
close(s);
#else
closesocket(s);
#endif
sock_close(s);
return 0;
}
#ifdef INET6
@ -188,14 +185,8 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s)
((struct sockaddr_in6*)&pi->addr)->sin6_port = 0;
else ((struct sockaddr_in*)&pi->addr)->sin_port = 0;
if(bind(s, (struct sockaddr*)&pi->addr, pi->addrlen) != 0) {
#ifndef USE_WINSOCK
log_err("outgoing tcp: bind: %s", strerror(errno));
close(s);
#else
log_err("outgoing tcp: bind: %s",
wsa_strerror(WSAGetLastError()));
closesocket(s);
#endif
log_err("outgoing tcp: bind: %s", sock_strerror(errno));
sock_close(s);
return 0;
}
log_addr(VERB_ALGO, "tcp bound to src", &pi->addr, pi->addrlen);
@ -225,13 +216,8 @@ outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss,
s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
}
if(s == -1) {
#ifndef USE_WINSOCK
log_err_addr("outgoing tcp: socket", strerror(errno),
log_err_addr("outgoing tcp: socket", sock_strerror(errno),
addr, addrlen);
#else
log_err_addr("outgoing tcp: socket",
wsa_strerror(WSAGetLastError()), addr, addrlen);
#endif
return -1;
}
@ -2111,9 +2097,20 @@ outnet_serviced_query(struct outside_network* outnet,
{
struct serviced_query* sq;
struct service_callback* cb;
struct edns_tag_addr* client_tag_addr;
if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, zone, zonelen,
qstate, qstate->region))
return NULL;
if((client_tag_addr = edns_tag_addr_lookup(&env->edns_tags->client_tags,
addr, addrlen))) {
uint16_t client_tag = htons(client_tag_addr->tag_data);
edns_opt_list_append(&qstate->edns_opts_back_out,
LDNS_EDNS_CLIENT_TAG, 2,
(uint8_t*)&client_tag, qstate->region);
}
serviced_gen_query(buff, qinfo->qname, qinfo->qname_len, qinfo->qtype,
qinfo->qclass, flags);
sq = lookup_serviced(outnet, buff, dnssec, addr, addrlen,

14
services/rpz.c
View file

@ -597,8 +597,18 @@ rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dname,
uint8_t* policydname;
if(!dname_subdomain_c(dname, azname)) {
log_err("RPZ: name of record to insert into RPZ is not a "
"subdomain of the configured name of the RPZ zone");
char* dname_str = sldns_wire2str_dname(dname, dnamelen);
char* azname_str = sldns_wire2str_dname(azname, aznamelen);
if(dname_str && azname_str) {
log_err("RPZ: name of record (%s) to insert into RPZ is not a "
"subdomain of the configured name of the RPZ zone (%s)",
dname_str, azname_str);
} else {
log_err("RPZ: name of record to insert into RPZ is not a "
"subdomain of the configured name of the RPZ zone");
}
free(dname_str);
free(azname_str);
return 0;
}

3
sldns/rrdef.h
View file

@ -426,7 +426,8 @@ enum sldns_enum_edns_option
LDNS_EDNS_N3U = 7, /* RFC6975 */
LDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */
LDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/
LDNS_EDNS_PADDING = 12 /* RFC7830 */
LDNS_EDNS_PADDING = 12, /* RFC7830 */
LDNS_EDNS_CLIENT_TAG = 16 /* draft-bellis-dnsop-edns-tags-01 */
};
typedef enum sldns_enum_edns_option sldns_edns_option;

92
smallapp/unbound-checkconf.c
View file

@ -58,6 +58,7 @@
#include "services/authzone.h"
#include "respip/respip.h"
#include "sldns/sbuffer.h"
#include "sldns/str2wire.h"
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
@ -194,6 +195,94 @@ localzonechecks(struct config_file* cfg)
local_zones_delete(zs);
}
/** checks for acl and views */
static void
acl_view_tag_checks(struct config_file* cfg, struct views* views)
{
int d;
struct sockaddr_storage a;
socklen_t alen;
struct config_str2list* acl;
struct config_str3list* s3;
struct config_strbytelist* sb;
/* acl_view */
for(acl=cfg->acl_view; acl; acl = acl->next) {
struct view* v;
if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen,
&d)) {
fatal_exit("cannot parse access-control-view "
"address %s %s", acl->str, acl->str2);
}
v = views_find_view(views, acl->str2, 0);
if(!v) {
fatal_exit("cannot find view for "
"access-control-view: %s %s",
acl->str, acl->str2);
}
lock_rw_unlock(&v->lock);
}
/* acl_tags */
for(sb=cfg->acl_tags; sb; sb = sb->next) {
if(!netblockstrtoaddr(sb->str, UNBOUND_DNS_PORT, &a, &alen,
&d)) {
fatal_exit("cannot parse access-control-tags "
"address %s", sb->str);
}
}
/* acl_tag_actions */
for(s3=cfg->acl_tag_actions; s3; s3 = s3->next) {
enum localzone_type t;
if(!netblockstrtoaddr(s3->str, UNBOUND_DNS_PORT, &a, &alen,
&d)) {
fatal_exit("cannot parse access-control-tag-actions "
"address %s %s %s",
s3->str, s3->str2, s3->str3);
}
if(find_tag_id(cfg, s3->str2) == -1) {
fatal_exit("cannot parse tag %s (define-tag it), "
"for access-control-tag-actions: %s %s %s",
s3->str2, s3->str, s3->str2, s3->str3);
}
if(!local_zone_str2type(s3->str3, &t)) {
fatal_exit("cannot parse access control action type %s"
" for access-control-tag-actions: %s %s %s",
s3->str3, s3->str, s3->str2, s3->str3);
}
}
/* acl_tag_datas */
for(s3=cfg->acl_tag_datas; s3; s3 = s3->next) {
char buf[65536];
uint8_t rr[LDNS_RR_BUF_SIZE];
size_t len = sizeof(rr);
int res;
if(!netblockstrtoaddr(s3->str, UNBOUND_DNS_PORT, &a, &alen,
&d)) {
fatal_exit("cannot parse access-control-tag-datas address %s %s '%s'",
s3->str, s3->str2, s3->str3);
}
if(find_tag_id(cfg, s3->str2) == -1) {
fatal_exit("cannot parse tag %s (define-tag it), "
"for access-control-tag-datas: %s %s '%s'",
s3->str2, s3->str, s3->str2, s3->str3);
}
/* '.' is sufficient for validation, and it makes the call to
* sldns_wirerr_get_type() simpler below. */
snprintf(buf, sizeof(buf), "%s %s", ".", s3->str3);
res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, NULL,
0, NULL, 0);
if(res != 0) {
fatal_exit("cannot parse rr data [char %d] parse error %s, for access-control-tag-datas: %s %s '%s'",
(int)LDNS_WIREPARSE_OFFSET(res)-2,
sldns_get_errorstr_parse(res),
s3->str, s3->str2, s3->str3);
}
}
}
/** check view and response-ip configuration */
static void
view_and_respipchecks(struct config_file* cfg)
@ -211,6 +300,7 @@ view_and_respipchecks(struct config_file* cfg)
fatal_exit("Could not setup respip set");
if(!respip_views_apply_cfg(views, cfg, &ignored))
fatal_exit("Could not setup per-view respip sets");
acl_view_tag_checks(cfg, views);
views_delete(views);
respip_set_delete(respip);
}
@ -534,8 +624,6 @@ morechecks(struct config_file* cfg)
cfg->auto_trust_anchor_file_list, cfg->chrootdir, cfg);
check_chroot_filelist_wild("trusted-keys-file",
cfg->trusted_keys_file_list, cfg->chrootdir, cfg);
check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file,
cfg->chrootdir, cfg);
#ifdef USE_IPSECMOD
if(cfg->ipsecmod_enabled && strstr(cfg->module_conf, "ipsecmod")) {
/* only check hook if enabled */

26
smallapp/unbound-control.c
View file

@ -596,11 +596,7 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
addrfamily = addr_is_ip6(&addr, addrlen)?PF_INET6:PF_INET;
fd = socket(addrfamily, SOCK_STREAM, proto);
if(fd == -1) {
#ifndef USE_WINSOCK
fatal_exit("socket: %s", strerror(errno));
#else
fatal_exit("socket: %s", wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("socket: %s", sock_strerror(errno));
}
if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) {
#ifndef USE_WINSOCK
@ -684,11 +680,7 @@ remote_read(SSL* ssl, int fd, char* buf, size_t len)
/* EOF */
return 0;
}
#ifndef USE_WINSOCK
fatal_exit("could not recv: %s", strerror(errno));
#else
fatal_exit("could not recv: %s", wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("could not recv: %s", sock_strerror(errno));
}
buf[rr] = 0;
}
@ -704,11 +696,7 @@ remote_write(SSL* ssl, int fd, const char* buf, size_t len)
ssl_err("could not SSL_write");
} else {
if(send(fd, buf, len, 0) < (ssize_t)len) {
#ifndef USE_WINSOCK
fatal_exit("could not send: %s", strerror(errno));
#else
fatal_exit("could not send: %s", wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("could not send: %s", sock_strerror(errno));
}
}
}
@ -827,11 +815,7 @@ go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[])
ret = go_cmd(ssl, fd, quiet, argc, argv);
if(ssl) SSL_free(ssl);
#ifndef USE_WINSOCK
close(fd);
#else
closesocket(fd);
#endif
sock_close(fd);
if(ctx) SSL_CTX_free(ctx);
config_delete(cfg);
return ret;
@ -889,7 +873,7 @@ int main(int argc, char* argv[])
if(argc == 0)
usage();
if(argc >= 1 && strcmp(argv[0], "start")==0) {
#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH)
#if (defined(TARGET_OS_TV) && TARGET_OS_TV) || (defined(TARGET_OS_WATCH) && TARGET_OS_WATCH)
fatal_exit("could not exec unbound: %s",
strerror(ENOSYS));
#else

115
testcode/delayer.c
View file

@ -372,11 +372,7 @@ service_send(struct ringbuf* ring, struct timeval* now, sldns_buffer* pkt,
sldns_buffer_limit(pkt), 0,
(struct sockaddr*)srv_addr, srv_len);
if(sent == -1) {
#ifndef USE_WINSOCK
log_err("sendto: %s", strerror(errno));
#else
log_err("sendto: %s", wsa_strerror(WSAGetLastError()));
#endif
log_err("sendto: %s", sock_strerror(errno));
} else if(sent != (ssize_t)sldns_buffer_limit(pkt)) {
log_err("sendto: partial send");
}
@ -398,13 +394,12 @@ do_proxy(struct proxy* p, int retsock, sldns_buffer* pkt)
#ifndef USE_WINSOCK
if(errno == EAGAIN || errno == EINTR)
return;
log_err("recv: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEINPROGRESS ||
WSAGetLastError() == WSAEWOULDBLOCK)
return;
log_err("recv: %s", wsa_strerror(WSAGetLastError()));
#endif
log_err("recv: %s", sock_strerror(errno));
return;
}
sldns_buffer_set_limit(pkt, (size_t)r);
@ -414,11 +409,7 @@ do_proxy(struct proxy* p, int retsock, sldns_buffer* pkt)
r = sendto(retsock, (void*)sldns_buffer_begin(pkt), (size_t)r,
0, (struct sockaddr*)&p->addr, p->addr_len);
if(r == -1) {
#ifndef USE_WINSOCK
log_err("sendto: %s", strerror(errno));
#else
log_err("sendto: %s", wsa_strerror(WSAGetLastError()));
#endif
log_err("sendto: %s", sock_strerror(errno));
}
}
}
@ -469,11 +460,7 @@ find_create_proxy(struct sockaddr_storage* from, socklen_t from_len,
if(!p) fatal_exit("out of memory");
p->s = socket(serv_ip6?AF_INET6:AF_INET, SOCK_DGRAM, 0);
if(p->s == -1) {
#ifndef USE_WINSOCK
fatal_exit("socket: %s", strerror(errno));
#else
fatal_exit("socket: %s", wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("socket: %s", sock_strerror(errno));
}
fd_set_nonblock(p->s);
memmove(&p->addr, from, from_len);
@ -507,14 +494,12 @@ service_recv(int s, struct ringbuf* ring, sldns_buffer* pkt,
#ifndef USE_WINSOCK
if(errno == EAGAIN || errno == EINTR)
return;
fatal_exit("recvfrom: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEWOULDBLOCK ||
WSAGetLastError() == WSAEINPROGRESS)
return;
fatal_exit("recvfrom: %s",
wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("recvfrom: %s", sock_strerror(errno));
}
sldns_buffer_set_limit(pkt, (size_t)len);
/* find its proxy element */
@ -550,15 +535,9 @@ tcp_proxy_delete(struct tcp_proxy* p)
free(s);
s = sn;
}
#ifndef USE_WINSOCK
close(p->client_s);
sock_close(p->client_s);
if(p->server_s != -1)
close(p->server_s);
#else
closesocket(p->client_s);
if(p->server_s != -1)
closesocket(p->server_s);
#endif
sock_close(p->server_s);
free(p);
}
@ -577,14 +556,13 @@ service_tcp_listen(int s, fd_set* rorig, int* max, struct tcp_proxy** proxies,
#ifndef USE_WINSOCK
if(errno == EAGAIN || errno == EINTR)
return;
fatal_exit("accept: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEWOULDBLOCK ||
WSAGetLastError() == WSAEINPROGRESS ||
WSAGetLastError() == WSAECONNRESET)
return;
fatal_exit("accept: %s", wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("accept: %s", sock_strerror(errno));
}
p = (struct tcp_proxy*)calloc(1, sizeof(*p));
if(!p) fatal_exit("out of memory");
@ -595,11 +573,7 @@ service_tcp_listen(int s, fd_set* rorig, int* max, struct tcp_proxy** proxies,
p->server_s = socket(addr_is_ip6(srv_addr, srv_len)?AF_INET6:AF_INET,
SOCK_STREAM, 0);
if(p->server_s == -1) {
#ifndef USE_WINSOCK
fatal_exit("tcp socket: %s", strerror(errno));
#else
fatal_exit("tcp socket: %s", wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("tcp socket: %s", sock_strerror(errno));
}
fd_set_nonblock(p->client_s);
fd_set_nonblock(p->server_s);
@ -607,16 +581,14 @@ service_tcp_listen(int s, fd_set* rorig, int* max, struct tcp_proxy** proxies,
#ifndef USE_WINSOCK
if(errno != EINPROGRESS) {
log_err("tcp connect: %s", strerror(errno));
close(p->server_s);
close(p->client_s);
#else
if(WSAGetLastError() != WSAEWOULDBLOCK &&
WSAGetLastError() != WSAEINPROGRESS) {
log_err("tcp connect: %s",
wsa_strerror(WSAGetLastError()));
closesocket(p->server_s);
closesocket(p->client_s);
#endif
sock_close(p->server_s);
sock_close(p->client_s);
free(p);
return;
}
@ -650,13 +622,12 @@ tcp_relay_read(int s, struct tcp_send_list** first,
#ifndef USE_WINSOCK
if(errno == EINTR || errno == EAGAIN)
return 1;
log_err("tcp read: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEINPROGRESS ||
WSAGetLastError() == WSAEWOULDBLOCK)
return 1;
log_err("tcp read: %s", wsa_strerror(WSAGetLastError()));
#endif
log_err("tcp read: %s", sock_strerror(errno));
return 0;
} else if(r == 0) {
/* connection closed */
@ -708,14 +679,12 @@ tcp_relay_write(int s, struct tcp_send_list** first,
#ifndef USE_WINSOCK
if(errno == EAGAIN || errno == EINTR)
return 1;
log_err("tcp write: %s", strerror(errno));
#else
if(WSAGetLastError() == WSAEWOULDBLOCK ||
WSAGetLastError() == WSAEINPROGRESS)
return 1;
log_err("tcp write: %s",
wsa_strerror(WSAGetLastError()));
#endif
log_err("tcp write: %s", sock_strerror(errno));
return 0;
} else if(r == 0) {
/* closed */
@ -769,11 +738,7 @@ service_tcp_relay(struct tcp_proxy** tcp_proxies, struct timeval* now,
log_addr(1, "read tcp answer", &p->addr, p->addr_len);
if(!tcp_relay_read(p->server_s, &p->answerlist,
&p->answerlast, now, delay, pkt)) {
#ifndef USE_WINSOCK
close(p->server_s);
#else
closesocket(p->server_s);
#endif
sock_close(p->server_s);
FD_CLR(FD_SET_T p->server_s, worig);
FD_CLR(FD_SET_T p->server_s, rorig);
p->server_s = -1;
@ -901,11 +866,7 @@ proxy_list_clear(struct proxy* p)
"%u returned\n", i++, from, port, (int)p->numreuse+1,
(unsigned)p->numwait, (unsigned)p->numsent,
(unsigned)p->numreturn);
#ifndef USE_WINSOCK
close(p->s);
#else
closesocket(p->s);
#endif
sock_close(p->s);
free(p);
p = np;
}
@ -1034,11 +995,7 @@ service(const char* bind_str, int bindport, const char* serv_str,
/* bind UDP port */
if((s = socket(str_is_ip6(bind_str)?AF_INET6:AF_INET,
SOCK_DGRAM, 0)) == -1) {
#ifndef USE_WINSOCK
fatal_exit("socket: %s", strerror(errno));
#else
fatal_exit("socket: %s", wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("socket: %s", sock_strerror(errno));
}
i=0;
if(bindport == 0) {
@ -1051,11 +1008,7 @@ service(const char* bind_str, int bindport, const char* serv_str,
exit(1);
}
if(bind(s, (struct sockaddr*)&bind_addr, bind_len) == -1) {
#ifndef USE_WINSOCK
log_err("bind: %s", strerror(errno));
#else
log_err("bind: %s", wsa_strerror(WSAGetLastError()));
#endif
log_err("bind: %s", sock_strerror(errno));
if(i--==0)
fatal_exit("cannot bind any port");
bindport = 1024 + ((int)arc4random())%64000;
@ -1065,39 +1018,22 @@ service(const char* bind_str, int bindport, const char* serv_str,
/* and TCP port */
if((listen_s = socket(str_is_ip6(bind_str)?AF_INET6:AF_INET,
SOCK_STREAM, 0)) == -1) {
#ifndef USE_WINSOCK
fatal_exit("tcp socket: %s", strerror(errno));
#else
fatal_exit("tcp socket: %s", wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("tcp socket: %s", sock_strerror(errno));
}
#ifdef SO_REUSEADDR
if(1) {
int on = 1;
if(setsockopt(listen_s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
(socklen_t)sizeof(on)) < 0)
#ifndef USE_WINSOCK
fatal_exit("setsockopt(.. SO_REUSEADDR ..) failed: %s",
strerror(errno));
#else
fatal_exit("setsockopt(.. SO_REUSEADDR ..) failed: %s",
wsa_strerror(WSAGetLastError()));
#endif
sock_strerror(errno));
}
#endif
if(bind(listen_s, (struct sockaddr*)&bind_addr, bind_len) == -1) {
#ifndef USE_WINSOCK
fatal_exit("tcp bind: %s", strerror(errno));
#else
fatal_exit("tcp bind: %s", wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("tcp bind: %s", sock_strerror(errno));
}
if(listen(listen_s, 5) == -1) {
#ifndef USE_WINSOCK
fatal_exit("tcp listen: %s", strerror(errno));
#else
fatal_exit("tcp listen: %s", wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("tcp listen: %s", sock_strerror(errno));
}
fd_set_nonblock(listen_s);
printf("listening on port: %d\n", bindport);
@ -1109,13 +1045,8 @@ service(const char* bind_str, int bindport, const char* serv_str,
/* cleanup */
verbose(1, "cleanup");
#ifndef USE_WINSOCK
close(s);
close(listen_s);
#else
closesocket(s);
closesocket(listen_s);
#endif
sock_close(s);
sock_close(listen_s);
sldns_buffer_free(pkt);
ring_delete(ring);
}

21
testcode/fake_event.c
View file

@ -52,6 +52,7 @@
#include "util/data/msgreply.h"
#include "util/data/msgencode.h"
#include "util/data/dname.h"
#include "util/edns.h"
#include "util/config_file.h"
#include "services/listen_dnsport.h"
#include "services/outside_network.h"
@ -1183,7 +1184,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
socklen_t addrlen, uint8_t* zone, size_t zonelen,
struct module_qstate* qstate, comm_point_callback_type* callback,
void* callback_arg, sldns_buffer* ATTR_UNUSED(buff),
struct module_env* ATTR_UNUSED(env))
struct module_env* env)
{
struct replay_runtime* runtime = (struct replay_runtime*)outnet->base;
struct fake_pending* pend = (struct fake_pending*)calloc(1,
@ -1212,6 +1213,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
sldns_buffer_flip(pend->buffer);
if(1) {
struct edns_data edns;
struct edns_tag_addr* client_tag_addr;
if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen,
zone, zonelen, qstate, qstate->region)) {
free(pend);
@ -1223,9 +1225,17 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
edns.edns_version = EDNS_ADVERTISED_VERSION;
edns.udp_size = EDNS_ADVERTISED_SIZE;
edns.bits = 0;
edns.opt_list = qstate->edns_opts_back_out;
if(dnssec)
edns.bits = EDNS_DO;
if((client_tag_addr = edns_tag_addr_lookup(
&env->edns_tags->client_tags,
addr, addrlen))) {
uint16_t client_tag = htons(client_tag_addr->tag_data);
edns_opt_list_append(&qstate->edns_opts_back_out,
LDNS_EDNS_CLIENT_TAG, 2,
(uint8_t*)&client_tag, qstate->region);
}
edns.opt_list = qstate->edns_opts_back_out;
attach_edns_record(pend->buffer, &edns);
}
memcpy(&pend->addr, addr, addrlen);
@ -1293,7 +1303,14 @@ void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg)
log_info("double delete of pending serviced query");
}
int resolve_interface_names(struct config_file* ATTR_UNUSED(cfg),
char*** ATTR_UNUSED(resif), int* ATTR_UNUSED(num_resif))
{
return 1;
}
struct listen_port* listening_ports_open(struct config_file* ATTR_UNUSED(cfg),
char** ATTR_UNUSED(ifs), int ATTR_UNUSED(num_ifs),
int* ATTR_UNUSED(reuseport))
{
return calloc(1, 1);

25
testcode/perf.c
View file

@ -233,12 +233,7 @@ perfsetup(struct perfinfo* info)
addr_is_ip6(&info->dest, info->destlen)?
AF_INET6:AF_INET, SOCK_DGRAM, 0);
if(info->io[i].fd == -1) {
#ifndef USE_WINSOCK
fatal_exit("socket: %s", strerror(errno));
#else
fatal_exit("socket: %s",
wsa_strerror(WSAGetLastError()));
#endif
fatal_exit("socket: %s", sock_strerror(errno));
}
if(info->io[i].fd > info->maxfd)
info->maxfd = info->io[i].fd;
@ -260,11 +255,7 @@ perffree(struct perfinfo* info)
if(!info) return;
if(info->io) {
for(i=0; i<info->io_num; i++) {
#ifndef USE_WINSOCK
close(info->io[i].fd);
#else
closesocket(info->io[i].fd);
#endif
sock_close(info->io[i].fd);
}
free(info->io);
}
@ -285,11 +276,7 @@ perfsend(struct perfinfo* info, size_t n, struct timeval* now)
/*log_hex("send", info->qlist_data[info->qlist_idx],
info->qlist_len[info->qlist_idx]);*/
if(r == -1) {
#ifndef USE_WINSOCK
log_err("sendto: %s", strerror(errno));
#else
log_err("sendto: %s", wsa_strerror(WSAGetLastError()));
#endif
log_err("sendto: %s", sock_strerror(errno));
} else if(r != (ssize_t)info->qlist_len[info->qlist_idx]) {
log_err("partial sendto");
}
@ -309,11 +296,7 @@ perfreply(struct perfinfo* info, size_t n, struct timeval* now)
r = recv(info->io[n].fd, (void*)sldns_buffer_begin(info->buf),
sldns_buffer_capacity(info->buf), 0);
if(r == -1) {
#ifndef USE_WINSOCK
log_err("recv: %s", strerror(errno));
#else
log_err("recv: %s", wsa_strerror(WSAGetLastError()));
#endif
log_err("recv: %s", sock_strerror(errno));
} else {
info->by_rcode[LDNS_RCODE_WIRE(sldns_buffer_begin(
info->buf))]++;

9
testcode/run_vm.sh
View file

@ -26,12 +26,17 @@ cd testdata
TPKG=../testcode/mini_tdir.sh
#RUNLIST=`(ls -1d *.tdir|grep -v '^0[016]')`
RUNLIST=`(ls -1d *.tdir)`
if test "$#" = "1"; then RUNLIST="$1"; fi
if test "$#" = "1"; then
RUNLIST="$1";
if echo "$RUNLIST" | grep '/$' >/dev/null; then
RUNLIST=`echo "$RUNLIST" | sed -e 's?/$??'`
fi
fi
# fix up tdir that was edited on keyboard interrupt.
cleanup() {
echo cleanup
if test -f "$t.bak"; then mv "$t.bak" "$t"; fi
if test -f "$t.bak"; then rm -fr "${t}"; mv "$t.bak" "$t"; fi
exit 0
}
trap cleanup INT

15
testcode/streamtcp.c
View file

@ -200,6 +200,7 @@ write_q(int fd, int udp, SSL* ssl, sldns_buffer* buf, uint16_t id,
static void
recv_one(int fd, int udp, SSL* ssl, sldns_buffer* buf)
{
size_t i;
char* pktstr;
uint16_t len;
if(!udp) {
@ -270,7 +271,13 @@ recv_one(int fd, int udp, SSL* ssl, sldns_buffer* buf)
len = (size_t)l;
}
printf("\nnext received packet\n");
log_buf(0, "data", buf);
printf("data[%d] ", (int)sldns_buffer_limit(buf));
for(i=0; i<sldns_buffer_limit(buf); i++) {
const char* hex = "0123456789ABCDEF";
printf("%c%c", hex[(sldns_buffer_read_u8_at(buf, i)&0xf0)>>4],
hex[sldns_buffer_read_u8_at(buf, i)&0x0f]);
}
printf("\n");
pktstr = sldns_wire2str_pkt(sldns_buffer_begin(buf), len);
printf("%s", pktstr);
@ -381,11 +388,7 @@ send_em(const char* svr, int udp, int usessl, int noanswer, int onarrival,
SSL_free(ssl);
SSL_CTX_free(ctx);
}
#ifndef USE_WINSOCK
close(fd);
#else
closesocket(fd);
#endif
sock_close(fd);
sldns_buffer_free(buf);
printf("orderly exit\n");
}

1
testdata/04-checkconf.tdir/bad.badfwd vendored
View file

@ -2,6 +2,7 @@ server:
# to make sure the check doesn't fail on username or chrootdir.
username: ""
chroot: ""
directory: ""
forward-zone:
name: "example.com"

3
testdata/04-checkconf.tdir/bad.include-toplevel.1 vendored Normal file
View file

@ -0,0 +1,3 @@
include-toplevel: include.withoutclauses.*
server:
identity: "top 1"

5
testdata/04-checkconf.tdir/bad.include-toplevel.2 vendored Normal file
View file

@ -0,0 +1,5 @@
include-toplevel: include.withclauses.*
server:
identity: "top 1"
include: include.withoutclauses.*
include-toplevel: include.withoutclauses.*

6
testdata/04-checkconf.tdir/bad.include-toplevel.3 vendored Normal file
View file

@ -0,0 +1,6 @@
include-toplevel: include.withclauses.*
server:
identity: "top 1"
include: include.withoutclauses.*
include-toplevel: include.withclauses.*
include: include.withoutclauses.*

7
testdata/04-checkconf.tdir/bad.include-toplevel.4 vendored Normal file
View file

@ -0,0 +1,7 @@
include-toplevel: include.withclauses.*
server:
identity: "top 1"
include: include.withoutclauses.*
include-toplevel: include.withclauses.*
include: include.withclauses.*
include-toplevel: include.withoutclauses.*

8
testdata/04-checkconf.tdir/bad.include-toplevel.5 vendored Normal file
View file

@ -0,0 +1,8 @@
include-toplevel: include.withclauses.*
server:
identity: "top 1"
include: include.withoutclauses.*
include-toplevel: include.withsomeclauses.*
include: include.withclauses.*
include-toplevel: include.withclauses.*
server: identity: "top 2"

10
testdata/04-checkconf.tdir/bad.include-toplevel.6 vendored Normal file
View file

@ -0,0 +1,10 @@
include-toplevel: include.withclauses.*
include-toplevel: include.withclauses.*
server:
identity: "top 1"
include: include.withoutclauses.*
include-toplevel: include.withclauses.*
include: include.withclauses.*
include-toplevel: include.withclauses.*
server: identity: "top 2"
include-toplevel: include.includetop.withoutclauses.*

11
testdata/04-checkconf.tdir/bad.include-toplevel.7 vendored Normal file
View file

@ -0,0 +1,11 @@
include-toplevel: include.withclauses.*
include-toplevel: include.withclauses.*
server:
identity: "top 1"
include: include.withoutclauses.*
include-toplevel: include.withclauses.*
include: include.withclauses.*
include-toplevel: include.withclauses.*
server: identity: "top 2"
include-toplevel: include.includetop.withclauses.*
include-toplevel: include.include.withoutclauses.*

2
testdata/04-checkconf.tdir/bad.user vendored
View file

@ -1,2 +1,4 @@
server:
username: blabla_noexist_user
chroot: ""
directory: ""

16
testdata/04-checkconf.tdir/good.include-toplevel vendored Normal file
View file

@ -0,0 +1,16 @@
include-toplevel: include.withclauses.*
include-toplevel: include.withclauses.*
server:
identity: "top 1"
include: include.withoutclauses.*
include-toplevel: include.withclauses.*
include: include.withclauses.*
include-toplevel: include.withclauses.*
server: identity: "top 2"
include-toplevel: include.includetop.withclauses.*
include-toplevel: include.include.withclauses.*
include-toplevel: include.include.withclauses.*
server:
chroot: ""
directory: ""
username: ""

1
testdata/04-checkconf.tdir/include.include.withclauses.1 vendored Normal file
View file

@ -0,0 +1 @@
include: include.withclauses.*

1
testdata/04-checkconf.tdir/include.include.withclauses.2 vendored Normal file
View file

@ -0,0 +1 @@
include: include.withclauses.*

1
testdata/04-checkconf.tdir/include.include.withclauses.3 vendored Normal file
View file

@ -0,0 +1 @@
include: include.withclauses.*

1
testdata/04-checkconf.tdir/include.include.withoutclauses.1 vendored Normal file
View file

@ -0,0 +1 @@
include: include.withoutclauses.*

1
testdata/04-checkconf.tdir/include.include.withoutclauses.2 vendored Normal file
View file

@ -0,0 +1 @@
include: include.withoutclauses.*

1
testdata/04-checkconf.tdir/include.include.withoutclauses.3 vendored Normal file
View file

@ -0,0 +1 @@
include: include.withoutclauses.*

1
testdata/04-checkconf.tdir/include.includetop.withclauses.1 vendored Normal file
View file

@ -0,0 +1 @@
include-toplevel: include.withclauses.*

1
testdata/04-checkconf.tdir/include.includetop.withclauses.2 vendored Normal file
View file

@ -0,0 +1 @@
include-toplevel: include.withclauses.*

1
testdata/04-checkconf.tdir/include.includetop.withclauses.3 vendored Normal file
View file

@ -0,0 +1 @@
include-toplevel: include.withclauses.*

1
testdata/04-checkconf.tdir/include.includetop.withoutclauses.1 vendored Normal file
View file

@ -0,0 +1 @@
include-toplevel: include.withoutclauses.*

1
testdata/04-checkconf.tdir/include.includetop.withoutclauses.2 vendored Normal file
View file

@ -0,0 +1 @@
include-toplevel: include.withoutclauses.*

1
testdata/04-checkconf.tdir/include.includetop.withoutclauses.3 vendored Normal file
View file

@ -0,0 +1 @@
include-toplevel: include.withoutclauses.*

1
testdata/04-checkconf.tdir/include.withclauses.1 vendored Normal file
View file

@ -0,0 +1 @@
server: identity: "withclauses1"

1
testdata/04-checkconf.tdir/include.withclauses.2 vendored Normal file
View file

@ -0,0 +1 @@
server: identity: "withclauses2"

1
testdata/04-checkconf.tdir/include.withclauses.3 vendored Normal file
View file

@ -0,0 +1 @@
server: identity: "withclauses3"

1
testdata/04-checkconf.tdir/include.withoutclauses.1 vendored Normal file
View file

@ -0,0 +1 @@
identity: "withoutclauses1"

1
testdata/04-checkconf.tdir/include.withoutclauses.2 vendored Normal file
View file

@ -0,0 +1 @@
identity: "withoutclauses2"

1
testdata/04-checkconf.tdir/include.withoutclauses.3 vendored Normal file
View file

@ -0,0 +1 @@
identity: "withoutclauses3"

1
testdata/04-checkconf.tdir/include.withsomeclauses.1 vendored Normal file
View file

@ -0,0 +1 @@
server: identity: "withsomeclauses1"

1
testdata/04-checkconf.tdir/include.withsomeclauses.2 vendored Normal file
View file

@ -0,0 +1 @@
identity: "withsomeclauses2"

1
testdata/04-checkconf.tdir/include.withsomeclauses.3 vendored Normal file
View file

@ -0,0 +1 @@
identity: "withsomeclauses3"

50
testdata/09-unbound-control.tdir/bad_control.key vendored
View file

@ -1,15 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDti51Z6qASvAjPFFhLLlq8BwtsnmfqMPMn57dKAghb4OifeL4G
SLOE02/hKDkdkOvaUG2UqDNh2OoPTuJk4A+mG2LJoziFhHKlIebo9v2YiFWOBVtO
DWc3tXPT1IlSEN0xnAGelMmeLcPeCPe+A5IDlIHzF/+YiDgS38S9dL17owIDAQAB
AoGAG3w/DatfMCu/nS5OdQx9BSqPgNbnUSqux9xA0fhgPTlN0T3oRtPcqa7JUDUW
PryI/a62ry+zGkw98N2AxolCZg3N7Z3vuRx2FMcKKNwpTzDmcZW7TmMk5FPof6gE
PnYl/ff0w+kxqA+L2EexH3Xi6ApLSZcjyzKWj+dL2AuT9gkCQQD3dPitwITxgCAD
IaHw23e3FRkM/hw1Gp8bt6nbuxitVxxpO96q1EQ+fCy/mf0bMEJDp3xzMEIfP3r4
GmNbaxa1AkEA9b8LeBLbQ2cm2+UMeUgygBsRirdUQ786auqH38Jbvi/j6S9sDl2x
q1vRtikEBZJWfkhsOzrzwFDKe1bI/EEn9wJAAzOwRA9JqRZPU7sLrWIpmmTbfh+L
neRKSsGFoSI6n4ORCouLxgoZF/XjXldPvxpQwS9ZnOPy9xSLMsqknno0QQJAeDtA
IT8Yh6GwIWWu9KeeDY8wxe1sDLlCm4yjbZZpzGMh3rSU6XJtuqjxsW3fydoO9zn3
ugLdvvnIFxAexUwbgQJBANyM13xcObfUJOj9rjlGCh0CDh/04ONl8SH8HBnM8guA
RJI5S6vBHweVRopEZcF1sQm6wMf3ej/sGkyyNvJxRkY=
MIIG5AIBAAKCAYEAt/3PPZGM7eSdCnEQ04f6Y+Xnmp105gtxqoHxHfyGFG8ljNSd
T1hKBjrg1BRVszTg+Td5V+Y4vAHW25Etvuvg0DQBNDKtrMTTbTZKQbT6A7Xgyp42
Oj8EyXFWs8BNx/joI1sAMUiCjPKpKAI5bIHV18It4n28MXWTVX5mfwcj82XPTQlO
6OhTXtA45idPLFKkCp4H879EIfIo1sfk+OTLjoSNLXFN3BoI9CIT6WZKrY0pAieL
jdotSlirx/UpwpojAp6IVxzjZ2PHnJZbBwHxVPYnysMogcKQ9CyL1jBT2phWVe2J
YJFwwGgziJH5CJEGVgWkctEtguKubzSCIf9RuX6j/n32ZRtAechm2Oi2WwxGr9tF
uzLXgYsu/MQ+AhzcFP1MEGlyCkyL2fxgDry34Rq7RVQQL9PolhBYk2orYTlsjCVR
kGzXvpFIF8OPDEEsXz2TTM2nkiCla1GqsGXL3xuPFjGD+CEMI5jB7U+j1uL2+xb/
gVUMAxvpNHADcW1/AgMBAAECggGAFEXF8N25rniTCRR+KyB/aURqqXGR8MrwAj6B
B7HMQDIi7Ap9LsHmnhscrKF08+Luqub+2r2GIMj/GIA9jxzET4x7WXoAAtpJBW6G
7gh3x7LhitG13eMVrvBrAjE9ILx/L24Wblez8r3F/5+HHjqMClLd5We/NZ/j1Pax
amup/WaJWc6dwDHhBcBhlJJeOd79LiJNdADuC+N3tnqd8wKanyBhwdELKCZCOEwM
75mSvt6f1xnuWXnhpaBxhP2xVTzQUNz1jxA2j/ybDbnBdhjLn9QlBY604t8nwRz8
dwCV6NRFbj85C1Fkw3FSzLSKzkzLGxYBvLpq6vjXiUHuY17bVDskCrgHOx/q0SXb
ivPdmJWhThfPUMRgSTQXXvWpQfEdBP9FDXLFPN6yI9Xocxa4oaalNaK+xIJyXt9w
ZkLb+ZB8+m4JqvgdrQiO0yEXM498aCdRfVnZV/e+GdbB90FW9SFf4/guca/I4SPD
sFpA96LOyxkX4h5AQxyeoDDriKopAoHBAOEQXDMIXxp9gmkZNRo/mW7RvnmUyDic
eCwCbcsLGjay/hKpyOTelXSF7bxdi6GuO5N9UWBQX2FK+//T/uT1kHjmUYTeLa47
iSDJG73TT6ZSwI0D8Ak+4GEneS3xjldpPW1oFZt/kwuji6yfUFw6orsPa/l5Uf7/
MCOzoFObtvDZKgd0BkBrQhlIG+u6jicrGfrVkCDX/ONqoQXr3a21b4nl52/r+ezj
N2kKSQOTll5pUQ00+M0SPDwytFJbhbkTpQKBwQDRSCzHPTGVW5R+8BPQY2mRRyjp
Pr1BmJXG05f2wjXeGhafWJ91RCwP7mOBbJDA15w3KoY9N64Rk6Mv5q0Ywwna7+Ea
pTXCfzeuoC+sLL6llCA4kbpJsvrLAeCYyvMuiPjgXfDo2S8qMqAnZ+ZKD16OjBzE
W6H2OI7Zmwjy7+C683Ac2kX+lIvbBeOu9oVtaSw/5nudScUi4njDz89Ha3g3j1AI
98crCLQdjTO94d5k4Mx4FFVdbxPwSa5iZcHWo1MCgcAnHI25PKIyW09Xbk8BIb5L
ON3uCQIGfIKRu1ZTK7nBebeXjLPhuiCk4EVhL6x9S2cFCYkjwLPil4JVggTQyy/x
Iq1V9rpfhe8dqHVOtrMnx0e4+c8z/B5II/D2H/1JiXtoUOc4X6IxKpmyRPlVHcd7
1IFCGGg8dSJrgeLBxNS05DhelTYk6b7R3+siOwhLHD1mjsh+PKqw5q3W9pdOgbJB
d5eRpqOHHDFb6rKnkXVXMNwp/GOkV5/qIjGeAlOpxxUCgcEAlXLFB0Jbthy/3iXz
AEz9hhEa1fVHkSA1VNalHkFx1jkrDn9q34LfNEE4LaQpeox9sadcVTr9wu97CSnh
Ul11HDNQvIZd7ZaLXNhnMryBKByvJbZrIVX+YhnlGTdUkVae4xoyfxUY6TldxMYd
XaW8EG9d25rT/dBFsn9T1KgYA2j0FqaIdVP+y1lZTggdIBSK1NbyT0/uxwqS0sID
cyz7nDFrJfxK7iA4/yFmYaJ5/e/KE7Xxf9dilaUIMpwX3/6hAoHBAIYjfpbPfK21
AwHgZiopxOODsjbMuO/f4VCaMhkt8bm7LRmbsNl/Sk9paTNKf20fttKLi2cSUIn8
sP8iuwdrUNNhVd4cfsh+ncF4GitRs3WrZXEz8AB7m8frpzNr2pYcqVTPL8yl9i8t
ix0XEoVwMWgFroWaN/G+ujEoPZUgXI9z5DuArkNOiLgbpcqVJ8e/+SWTeKILIkWT
ZrFABevmFIaXSZLjI9Avk7cTqEKOVeZy9gag9lmbtVAzFFitdR4aWA==
-----END RSA PRIVATE KEY-----

29
testdata/09-unbound-control.tdir/bad_control.pem vendored
View file

@ -1,11 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIBozCCAQwCCQDd5/rocjG5vDANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
bmJvdW5kMB4XDTA4MDkyNjEyMjQ0NFoXDTI4MDYxMzEyMjQ0NFowGjEYMBYGA1UE
AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDt
i51Z6qASvAjPFFhLLlq8BwtsnmfqMPMn57dKAghb4OifeL4GSLOE02/hKDkdkOva
UG2UqDNh2OoPTuJk4A+mG2LJoziFhHKlIebo9v2YiFWOBVtODWc3tXPT1IlSEN0x
nAGelMmeLcPeCPe+A5IDlIHzF/+YiDgS38S9dL17owIDAQABMA0GCSqGSIb3DQEB
BQUAA4GBAHpvcKqY48X9WsqogV16L+zT7iXhZ4tySA9EBk1a+0gud/iDPKSBi7mK
4rzphVfb4S207dVmTG+1WNpa6l3pTGML6XLElxqIu/kr7w4cF0rKvZxWPsBRqYjH
5HrK8CrQ0+YvUHXiu7IaACLGvKXY4Tqa3HQyvEtzLWJ4HhOrGx8F
MIIDszCCAhsCFEm6EpzKglG+V66IyIlx6Q2y3y8nMA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMzA3WhcNNDAwMzI1MTMzMzA3
WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
A4IBjwAwggGKAoIBgQC3/c89kYzt5J0KcRDTh/pj5eeanXTmC3GqgfEd/IYUbyWM
1J1PWEoGOuDUFFWzNOD5N3lX5ji8AdbbkS2+6+DQNAE0Mq2sxNNtNkpBtPoDteDK
njY6PwTJcVazwE3H+OgjWwAxSIKM8qkoAjlsgdXXwi3ifbwxdZNVfmZ/ByPzZc9N
CU7o6FNe0DjmJ08sUqQKngfzv0Qh8ijWx+T45MuOhI0tcU3cGgj0IhPpZkqtjSkC
J4uN2i1KWKvH9SnCmiMCnohXHONnY8ecllsHAfFU9ifKwyiBwpD0LIvWMFPamFZV
7YlgkXDAaDOIkfkIkQZWBaRy0S2C4q5vNIIh/1G5fqP+ffZlG0B5yGbY6LZbDEav
20W7MteBiy78xD4CHNwU/UwQaXIKTIvZ/GAOvLfhGrtFVBAv0+iWEFiTaithOWyM
JVGQbNe+kUgXw48MQSxfPZNMzaeSIKVrUaqwZcvfG48WMYP4IQwjmMHtT6PW4vb7
Fv+BVQwDG+k0cANxbX8CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEATI+xHWEiq3SK
9Dw2FBiD7GPaaPAh/u5h+QxaLS9G5a6Djh6F9RT3To+gRVeiaAaIPg53asGM5TGR
ojv9nI8cIvi3dL6VKhHSdomldFjfQYmF/uSKEYsHaggceGE/GsG8J8g79HXGRp2y
m5hkACKFh5ZcSHeJBplv7agDbBZ6w5qQaY6QsnYLrAK7B3Jo1Xx+JEKzmgnp4TwV
Ni4wezgLiG+buJ5lXEYr2Rm7HR/cxLRN7CFrpUoavFUvqLKNpXO8MJFx+BkO5/JT
pgv0O/ll9aT+kuegUpf9kcUzhpsw1N4W/JzZOyJAdxrrQ88aNZm+7d433wDBt/WF
BCV4d5wEASxfQALEQa+/1FebIsDfQyBAOHdTAVkupZ00oeNerKe+mHFmNjj04vn8
LwGgVuADCBJVCDhEqHLEXUqiGeSHJhAJO9pjma7r7H81OtAs/xVC8j8hqe8wLBKg
XNjWQ9QmNXt9VVQCMomro9lmoDozr9k1vsGtUsT3yQEAABQYwIjp
-----END CERTIFICATE-----

50
testdata/09-unbound-control.tdir/bad_server.key vendored
View file

@ -1,15 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQC9hurNHBtB7QFEuPJOnCylUWUF2/US3v9yQQQXnstuXMQXRaq1
1uviLmwaGurV9tngX59HITsBT74NQrtFKfEDLViLrm2arAM9Ozsn4tnv30HXPRDj
UOc1M05Q7UzjaSrOv+TkPEqyhtUyaP1DYo0bcmbxtSkYc2ZEWCwhPklUwQIDAQAB
AoGATjzZxN4ramWaNnJapJTX4U7eczK/0pB3xwSL2exVcjOdRzYdKH+WVIJxYb1m
3/jNLFCNAeH356yxeevoPr73nG75YJ9I1ZWQWTnS3SDK6JD1+3pmAD0bQWFoitpf
FoSH9H4X5gFB5vCZ99YVoYH1UXWPcgvUHwxz0voImt6lCKECQQD4YQ4A3M0+Ki8v
Hl+5FKULnS0UtBkweCvkF/X1zZRjjYr6hLnqldFkkgTBKWe17pUXX0nwRMbP1YZX
i+vDq5JNAkEAw1eYsmC0nVAMawo57N6LYavGv/n5u1cvpTpKDtn4cXH0Uqq13Kyu
2FUTzan2NhCEK78UzbWaeewBJmxYda1+RQJAdShKk6uTAEyjnwUjv8h2JWlJN2fQ
LeWxRlDrCruiz+aW9J4gl/99GoQpy/c83TshhjnDRZsbcDNWv/rXBZ/rTQJAFQva
CtX6f7yBKgM3DHtJvyM3zbVMH9Ab9QxbsE/xwZ9KeKGl6Hm+eNZpxM3cFiUfaGs0
/ZjkZOB1m0MvILaplQJAXC3PJ/E+87banGZRJl5qtS6/HoX5lH9TPkL8Essy7ANO
2BT2OTQawD1A+VKIrQHXs085Of8tQUfrfHHt7s3Kqg==
MIIG4wIBAAKCAYEAr7FId+AlZUWP6MK9xfV0hJ9ooJdcL0sm9yZsWY4UYOlqcTGE
Rah/XvQmsOaKcMg8Wof24LAvo2vmariBYZoS61AAi6MeHHrPh8M2ZDMZQgW4nZC8
A0biro93nMLU1VxgycSVmj29p18IdNzsYWxC7t+/6AWQSlwD+9YFOYrVWQYxEcSZ
7gZqoh08mDsNRjnVs7nagPAbk/B9jj9zhvgp+0d5h25Ms7Td22t7DfsGlL8Ei3ew
FwaqjThhhVHEVwARBLYGb2ZsZS5EMJv2W/V0k6yQZ+rV07+i0oZQ0cGxOuUy9TNO
7HfiI4ri2x26Wm0YH1qgK5miUIAkbL2E/iWVxMfQOdEAZuOmUpUFOFpm/XHL1/pC
yiqOb98jjLE93UoNPZdsjrbjfQ/WPkap+vtigVZJJPet6F9x4S5XvrhXkV2JWIYM
vhnrs9NpveCOe1lcxNVSsIAtMxsZKi2dIq+mRhfm9/UGoOmj8UxIQUepJJv1IHcd
ASWkTAMmUSyF7z7DAgMBAAECggGAKwY+GeURI1C6oiR2drDaPNQQuir2zzoXK7UE
GZY6lVTz1Q5sNubBck5V30JFqsLOTNk48uMSd3Gn9oCCZpVlhqyLxaZHbHACvFto
yXbd+5YNFMDp2d+VCWxmvUPU/P7nUOHMRP5ToFYcawni9SSe64Jtq3MZV6xa6WQK
2YGPJ4Llp1U+4NQ/br28JgdoA8eL9rxPrv2ds0fUZ25Qa0AAf+GL+Edhjyx+nAoh
E1Zi0TBJ+6FuxOTEBVtGPnC8pRWFrYDfiMX4y8qkbbanAQCNgLn0PC0JdKpFAtk/
hnpGsZ4/oh0D3ogi6o5Xnn9Gl5+1uqqaEs/n6A4kojcJ/Z0uO7zJultSUDeggbA9
VoTQucFY1Cqj68d56Rf3kS5FGgAOx7Q6LVCIH7C9+bfs7N6z/2zl6sF72ey88kpK
ZxsPjGUw2OHnwdrkfZHVMjiNUgrEH+KYe8EVmoBxoafGvxcs9mppqeczP3zbf5WX
8LBLQcIqNaSWAsuKQbJTNsbKEIT5AoHBANcs1QPluTGTY3BXvGMwjl3dDyf1h10u
iaGi1tDB60YtF++RnwOl40Zi1Gu8GqmmzY9j32EG5moRO6IhuZ2U+lZcK/AiwY00
+4hnzc0hBInFlq3lLRa6zVj4rEeQJxuKXykJGLQyKtSqtppcAo7hWE08ZZ6DlnvP
4o4R9ii6gCZcajhr5Bh9FxZOHv+5gMRzOVWmMF0JSjnVToCi0UUY6b3roRdH/U+M
3EOVCOUT1WE7cGuZffkcQ3jQEsC9zRHFFwKBwQDRBsKIfm0FMjP2Z0aQDpHO5wR6
Vcjw2kmVukTPqlYPcDGaYbUVuQJIR7+ffd8xk0YbIeOfO/bXGngLAjKSGz20JIIW
E/B5RkVycwjD/WeD5NMvKc3NaiT3aiXmnwz1YUzxDHByAtskAKsoXE/GIsyVCbV2
vDaBn3MCywTvcC9RR4KYeTepKMvd4N8KLgP9n/+hKd1ElsBVnPJUyYabmaOC1tpx
DUyWu3dbhKBKcfEcyt1+YT1bPrfRnG9oxyRStzUCgcA8R9sFVH4lXV0mQ+4K+7dm
pF9yml5pxHfaSHxVz33SEx/5hZo+s2KQfW91HyV5EbnUye3yiLRUUq+aJEiT1QCs
4PWOOK5wmL8+35XQOcfDsQ8deG7BR2Pv4PqiscfC92jhXiMFmGhXW9v8Mnqk/Ix4
VstBNSwbU4nssyt7DYSJOqqnU9J66dBl90zH53gjkQQm8n/qEIgy24c6kmJ+MRSK
mFBw7UIR3yx14nKzenL04moEOuQHvdtJJUGbrZCdwdECgcBCra9cr0fDwpIE5kkC
J0OoBtXM2JSzEE8s7jCJNkMhxZ5tKwIDHfN2bzzXeeW7AMn6WcMsxoolcBIfIOJU
7U+vqX294Tpy1VHOApgnPSzKTDJ59xHplxSXwEq62L3fgNx0gI1WMUcKoxP2Wgww
nmU4ndI/QCb7Dow3td+rKdROT0t/rBtvYM43x0YfDzLCs0luddZZzOUp6lj7ZxYD
iO06DaO9MIrgAok+rn4bgWFy19v0NrzF4KnuucJoYC5cHIkCgcEAzG+0oppa1L+e
Tw+511VtO070XJ0Kx4DNKjP2F5nFSqTkDAyEEiLoIArO5dYGG5nHy3lXSoj+wvOe
1+3KTZPeFA7ZByceehFXrULT4GbHwbsimzLWBXAF2Dgzb2OZYMnKuFR/tjlW0+vP
OP86cEkQXNJm4SsxxeFjJAcxxif305OzgL8oqndOsohopB+XCbKUP231HBMGJ4MR
EljQHXm63wWWiBUmrX0ZYzWkX5KiAbDlfhvde80fKsDOUrzZfoBw
-----END RSA PRIVATE KEY-----

29
testdata/09-unbound-control.tdir/bad_server.pem vendored
View file

@ -1,11 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIBmzCCAQQCCQCDugnhq8B6LzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
bmJvdW5kMB4XDTA4MDkyNjEyMjQ0M1oXDTI4MDYxMzEyMjQ0M1owEjEQMA4GA1UE
AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvYbqzRwbQe0B
RLjyTpwspVFlBdv1Et7/ckEEF57LblzEF0Wqtdbr4i5sGhrq1fbZ4F+fRyE7AU++
DUK7RSnxAy1Yi65tmqwDPTs7J+LZ799B1z0Q41DnNTNOUO1M42kqzr/k5DxKsobV
Mmj9Q2KNG3Jm8bUpGHNmRFgsIT5JVMECAwEAATANBgkqhkiG9w0BAQUFAAOBgQCy
zGMW35/9xXoEWsuLFWUOaEKVq5DXuXtXbcMpDW6k2ELoraa305vh7Zwhj5JSqfcm
O0xyqIzXvz/cYdyOTgEkdMDZ/EvQsxKTwvj6eA4614yB1r3Ju5eZd4Gpo6BHhSpu
oqsrr0duJ+JOANTyaBplIxM1sjHbR4FGtmrFknBYBQ==
MIIDqzCCAhMCFFzmVNbhjiApmjK3VeO/j9TBp8yOMA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMzA3WhcNNDAwMzI1MTMzMzA3
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAr7FId+AlZUWP6MK9xfV0hJ9ooJdcL0sm9yZsWY4UYOlqcTGERah/XvQm
sOaKcMg8Wof24LAvo2vmariBYZoS61AAi6MeHHrPh8M2ZDMZQgW4nZC8A0biro93
nMLU1VxgycSVmj29p18IdNzsYWxC7t+/6AWQSlwD+9YFOYrVWQYxEcSZ7gZqoh08
mDsNRjnVs7nagPAbk/B9jj9zhvgp+0d5h25Ms7Td22t7DfsGlL8Ei3ewFwaqjThh
hVHEVwARBLYGb2ZsZS5EMJv2W/V0k6yQZ+rV07+i0oZQ0cGxOuUy9TNO7HfiI4ri
2x26Wm0YH1qgK5miUIAkbL2E/iWVxMfQOdEAZuOmUpUFOFpm/XHL1/pCyiqOb98j
jLE93UoNPZdsjrbjfQ/WPkap+vtigVZJJPet6F9x4S5XvrhXkV2JWIYMvhnrs9Np
veCOe1lcxNVSsIAtMxsZKi2dIq+mRhfm9/UGoOmj8UxIQUepJJv1IHcdASWkTAMm
USyF7z7DAgMBAAEwDQYJKoZIhvcNAQELBQADggGBAG+IhOsdEiaVCOB8PBRGJQ8F
/kyeQOtE7pPPkH57qYwAW9cxdSoiIxrvase30IGLWmOzjiAc/igf1qz/bVpwFXQr
XohzyeQJ2znlGzUbo67c8rocvWxHzvZwFuQEysJp/E9ft5kiWwoU/xVpoK5p9sxW
zRTTdpA24x6rqvk1ZFzwWGSg0yhjOYfwvwg3kGCbwe3GzAk1J65E+uJPFoLySbNL
p3eUDA2rUKDjVobJOEhtV8k/l+hB0kKwiz/A2sbMT/OoByWMNFKSkmDbNi5m5gJH
FHsZsucbL6ppLy7fmOiPlx6xejbiTR3uAn0aQImdHA5kyfAXLKhTkyYdjWHiHqdQ
XMxi0Ci7/HO9mRupbcjRZEPs//ozMxjOAg4VNasDLdnDI4EKrClqYPjsfoXXXiZf
YTPH9QypxJFGmGEH865BNacEjDBeag8ck1ZTiK/GlrAJMqfV5/60GWBGRQVV/Tvd
WXWY2x0gVp2fxtxF8JCvHKAcfUg2+LrUS7fbMx2Niw==
-----END CERTIFICATE-----

50
testdata/09-unbound-control.tdir/unbound_control.key vendored
View file

@ -1,15 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa
rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH
ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB
AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z
WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG
DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr
4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m
Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr
p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg
P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+
aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe
YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9
DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE=
MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
-----END RSA PRIVATE KEY-----

29
testdata/09-unbound-control.tdir/unbound_control.pem vendored
View file

@ -1,11 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE
AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD
6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3
qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US
J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB
BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B
9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC
iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq
MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
-----END CERTIFICATE-----

50
testdata/09-unbound-control.tdir/unbound_server.key vendored
View file

@ -1,15 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
-----END RSA PRIVATE KEY-----

29
testdata/09-unbound-control.tdir/unbound_server.pem vendored
View file

@ -1,11 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE
AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS
y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/
/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu
g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ
9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG
l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH
Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg==
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
-----END CERTIFICATE-----

26
testdata/10-unbound-anchor.tdir/keys/test_cert.pem vendored
View file

@ -1,15 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICWTCCAYKgAwIBAgIJAN5YIkuCvJf5MA0GCSqGSIb3DQEBBQUAMCYxDjAMBgNV
BAMTBXBldGFsMRQwEgYJKoZIhvcNAQkBFgVwZXRhbDAeFw0xMzAxMTcxMTUyNDVa
Fw0zMjEwMDQxMTUyNDVaMCYxDjAMBgNVBAMTBXBldGFsMRQwEgYJKoZIhvcNAQkB
FgVwZXRhbDCB3zANBgkqhkiG9w0BAQEFAAOBzQAwgckCgcEAuPBoYZiFOuk2SnN0
IsheC+W7JvAJcv8tksyz/hgAnqStDnDrQ4trF607aCQ7xjj2fSAqpiMvLv0P3Ctu
rcTRHmRXApS3GBf1PjWqoxMK8JBxCIHN4PKpyq4czOtSPH6AFlU+3KsRRwymLgpT
SE15NYv/2M6Z3/cL1SkOdVvVDrZv1gO4OCAxwrgI6HMsjQtwe16mGsBQzrHTCOGV
u4QtISEUDrwZL272PFsZrEpHXd9LtSpqCEoOMujr54pKxBEJAgMBAAGjDzANMAsG
A1UdDwQEAwIChDANBgkqhkiG9w0BAQUFAAOBwQCaA3ys5hDPMNV1oXIxH6u2KfAX
C9tYJId/SR0x8whsZuNaSEZAgImdM5dnyWdjey8Pio772E9/F2aUBGFkdadZx4My
d7hBfEi/NECEKs86k9g0ijbin41NKtnajb6GwyNQ9vDx7Z5FS8BZ3CD0BZIdCQUE
gKuDSWBROQU3tqrjdk2QTwGQkj2mgzT871Jn1MwZw0mczPjS1y469Ejym8wi3uCd
EboDOoGBCpmUQbxBv6JI75cUCdmNNEwjQjZ0XQw=
MIICZDCCAY2gAwIBAgIURC8vM7SbxPTMmosTyBzLlqxgsUAwDQYJKoZIhvcNAQEF
BQAwJjEOMAwGA1UEAwwFcGV0YWwxFDASBgkqhkiG9w0BCQEWBXBldGFsMB4XDTIw
MDcwODE0MDk0MloXDTQwMDMyNTE0MDk0MlowJjEOMAwGA1UEAwwFcGV0YWwxFDAS
BgkqhkiG9w0BCQEWBXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC4
8GhhmIU66TZKc3QiyF4L5bsm8Aly/y2SzLP+GACepK0OcOtDi2sXrTtoJDvGOPZ9
ICqmIy8u/Q/cK26txNEeZFcClLcYF/U+NaqjEwrwkHEIgc3g8qnKrhzM61I8foAW
VT7cqxFHDKYuClNITXk1i//Yzpnf9wvVKQ51W9UOtm/WA7g4IDHCuAjocyyNC3B7
XqYawFDOsdMI4ZW7hC0hIRQOvBkvbvY8WxmsSkdd30u1KmoISg4y6OvnikrEEQkC
AwEAAaMPMA0wCwYDVR0PBAQDAgKEMA0GCSqGSIb3DQEBBQUAA4HBAHX0rIirg2Rt
+rp7BnR3riq81b0cWm4Y/UUdGmLtbPTJLuZogfLZhb9hf+185ub/8ZbuwuUFaiUY
zEcAjaOlPjBeRbNku1xnAVhlgtCIsCOyI37Ey+65OuJxL+0Rpwsyfh0WuR8SdBE5
OdJ2DuH2yRkTd2JEsNi+DZVIEeaKwXtLGUvsqYWu0GrnXORwGsezfiLM4uAJW+tp
VA95CKpfS98l1MJIHtlcpffAjfRVZAJnGcXv+P/DtefC8aNukoiqvA==
-----END CERTIFICATE-----

2
testdata/10-unbound-anchor.tdir/keys/unbound-control-setup vendored
View file

@ -46,7 +46,7 @@ CLIENTNAME=unbound-anchor
DAYS=7200
# size of keys in bits
BITS=1536
BITS=3072
# hash algorithm
HASH=sha1

56
testdata/10-unbound-anchor.tdir/keys/unbound_control.key vendored
View file

@ -1,21 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIDfAIBAAKBwQC2p0MTVVEfvOpaWlI6rLKGxaHfw/4JUxXCwDHRkkyB0hkISRMx
8imB+io0aY2Uck9zl0BTgPaKtFeA0+lukZk75keOuATPFZwbCGs+6Tx5AoN4+NzI
aVay5AuO8E1u6AVdmcAqByP+R92yz5f3T93/cSsYzqPZ6Y1wO9sabtrkGTYwnfMg
nSttyvlBIhRDWbEO+rWL2CCi0JtrnpiK8sa2ysQCq9Y6ZiGjT9PEWIZwkxQ6y5TI
WVtyitoknpDheZcCAwEAAQKBwAgeXSPh2e5ANmZ3t0n2XSUSacSJcKQ3djMm2dAH
4bCvhv9QSDMjIWcumGul+W4Muq1XnrtXcx3tMCqAwNJyVE5OSQX19fjCbCLjd+je
8xop23AoF6As1nazHjRnR/nTBD7QNx2xbaW8RNbaGpTe2G2lpdbg9myRpyqiB8Pk
73x/AQcPqm4SHBJS+kU/Q9k9yZRHGQ/PhYlvAmY0SCndew28Pcs+IdCI32k7e/aP
SCEQvVqKeIiSJ0Zj8RSk8Pz1cQJhANtNsvcEa2V8NxI9yL2zwvBXwoBuU+d9Pszt
Ooqc/kmvU0FV06HgiIPtTSoHLI7Zh9h5Xn4DFGmtS8WeGhwSVCN1iwcW9F2ldgAw
LXcoXjEK21KXYFNAYeo07vul/Ly/yQJhANU3lM8hAqq7FB4R5zgUCcp08FOVA8tl
kEK1JoAdfp6Wv4M2xGJ6tmKcf92r0F8zBDV6oZX/dtPwFzWhBZUi+zaA8PcEqbwt
CJtmM5ycoX6kkkIfXtAVNZiTIYHn01beXwJgQBFA+V03KtzREeku3gzIJILe9bpF
lNlIIYIkmh4nQ8uOnQW/4AjCmRgYdPDHmav/PcSnUFUB/6V6/26i3hSUtA9A4H9a
QIl4IbHxdmA6tEUhsc07fNbQRCXWs3nYjiPRAmEAjDe4MhsYYOUUzs2hTFzJL46F
ucHGtA0/uM7e2eQLsAmdOpJaxhTDOsiGwmXKa8DmJLFX8IgHQkujR850GGbf5DEZ
xqkXYrwO6/tjN7w97EYYNUniFV/NVmBz6bVmY7trAmAvvg7MoBlb/o6nwoCQqnUM
QyjIy9A0t8+KHNMFSQwUldG+HIwiU4/7y2zCqBYJg8NOjrdj/3+73A24rP8wRp15
zqQCS7mLLWmYx7pWE1ZHN8eY3xGoHmr7LzlB+dzYG+w=
MIIG4gIBAAKCAYEAzDESJ2lpIno7KpSrYBeBshT8H5dbtNF9rVBONsCmwSSqclLR
ixZ62OKrUKMVCEpZ0zj4yZOu3DGTfL9V9pEk3dCD8mFmylidYeLh5GHGMcDVWOzD
VPsnQ9y43KWYeURpGy4QSCxYDb5rrPysleSZwuN5D4lbs/AKdpubAHj6z37Zbrs2
GjofHp6TaD6ck7jyRXDtqShrnsVXq9U1CadYDOPiE4aZ1TvusRzhhjmDm8GQXalr
tIBJ5j5EcmRamFhONGLshfj5ECZrKo9L17kOd8PyRMaXNfvl2tpx1qtMxmp7FDpb
oGGIzP7F7hyaWMI/zAzkTMAtjGkAJWqHgTbSfvlVul23RLvovM3fD/ZiugBuTWY/
CRpmN7CQFFV6iFyLGjRp8vV7BojUIQX7is8QTxSqW12SsElMXOuUmcCnuIaoGF4n
AoG6vNLFECtSdLTjQ0uXawIp7dOww4zS8j1/dZzXsVF4G4V7GjeWD8eX7n+HNWoc
3ojjuYzbWfWvLIQbAgMBAAECggGANUTD8KYuOEFc+BHK14mqWxPgZjltQjG4sKMX
lG8T0aVIFgUHB1r492XCvYmd7gi/gDwHo0a0wlromA2uVmGtFXTVR0EjuLv/as7u
kU70jnw47DbwClZu+uQ1EdLdgR1Ysi+FLd7rpcI8gudz+rKlblM7fNMfqkR/5ktX
13q4K7Ny89FBHvx0q99Ao1xaKquAAJ+iUJPr54KiCYDYkkkmzk4Q53kg3qEA9xGK
wCJ29AY+LEELiQ5CuR8baiBGBiJa5QegeThbQox0jBlezNWAMOg1seCchpbZ4tHm
zuM+IRjZ9GRgkxNctQu8nx3Z6QcClpNFW2WfdThI4nzjqvE9C2nQBR+i/a+v0D90
bX3LbCcPBE5Hr6sdI+pSQ0C3eFOuGZaCdfRxVs6ymWti3STdlMtTgaEOsCswmU0e
DasWVYbezyPHImb34r0/q1ux4BZkxon1AqjLLYOCF5LQ91v868jdwOIITGL3gviN
/TYW0ObbJ3Szav860B9vlGUtG86JAoHBAPNcY2LLCVMWkzrsmkyLL8+MmF1dChsF
/rVt8QIiiStZkV2q3f3F522kVVvH3dYwh6MyzBNPFBAAXHmaY2IjczL3gKWEz0OA
YlKv5+KoEBlRtonJIHSs6GCjdnl6EJ9NyF8NHq/tgpab326Dpb7RyXzMv2EZV5uY
kp3WVqJZONa1xEHYud9SOA7TA3X/7td7bC49b07n0SidH2N93ZZMd+oApjsHx97q
9J1BxCbaJdPX7mK15pPPWD7vPZqsxyeSjQKBwQDWy+hH1jrr26UUAdIq6SgQxPXh
Y2+epVbHGD0UK51Io0rAg0m3Nlaxr28EPc/MLfjwzwPs6cHdM1j1FMqwGCYiO8mw
CV+XqPVDc6Xqzklf+awMqhn71j+M4Y4Dr6K71fXQ9ek5X+9I47I6iuVLOOegLm29
qSlg/x1fOkQUKnJNQw6aEJmPj7mi6q693E+oa6hzVO160AGe4tAJoidaR7ifwKU1
ySOhXtugs2I2P7lc07UtkIwftiYS69d1CRE2G0cCgcA41hj4F8dDuoAEQQIAYnl2
FbX4CCS2Dv5fzR9+iiZTE4YZxDA4dqIIP1sYJmOvBIKJIPH8iHl9CziNxfr0Dqd2
/crz3UKy1ycffKnBi9LGtwjUwT5tQXy8JTEkSdfb/MSRPnUuTWA0YI8cNm7dVA2k
sgT4XnzRgB6t8kMlg4T80FLXthAjEga5n5qtUmqrtM2dNwfp+8YjoB6Wk+zOj2lq
I2CvZK/PZjxfBd8T29r90O6B603As6o+eI2AtF2G5nkCgcAuhHBkhleyVpoUkCRk
2KOtpgod6rv0npgBfBVWNe/VGFALCyO+wszZpEWlpIFJFbew5xRRjXpHnmQoh30x
z7kKdupB7nW+UX/0QKpxBIXNfDOvdnM0H/0ZVIu97p6OkVKwE2GT5Fvc7DrgBM6N
kOBQx11K0sS8VeOViPfPajXg16Hk6a1n8tdgGfUH9xtlPRN5Dq5zh3KiZzpoq65c
FeY86qqc0FegDfwAfHjLiNdq7ApzuLcv8vGh7WN23CTXE+cCgcAhhnUawfKcOvwh
3+Tt+vX6dBU7x+JVUiaI27zirE4dbKAsNN8MY7hT5pEwYYArtS9szWqmce3VT8dN
t5kJdn0ZLh4tnZcWd8z+xTXjgxgKeSqoUqPjOd9V8f4ceiPeLGnDV/6xPiVdCrHi
/R/fLidzApQKg7kGDyB1IX0gW+9mT24/zD+M52TjRdmYL6E7/1nZlNlr2JWfIdb+
RLg/+EujuZo36hR59XQVEnvuhZFQ+MQeHC82yP4gjG0ADpLQ3cY=
-----END RSA PRIVATE KEY-----

29
testdata/10-unbound-anchor.tdir/keys/unbound_control.pem vendored
View file

@ -1,14 +1,19 @@
-----BEGIN CERTIFICATE-----
MIICNjCCAV8CCQCbt2WrJa/ewzANBgkqhkiG9w0BAQUFADAmMQ4wDAYDVQQDEwVw
ZXRhbDEUMBIGCSqGSIb3DQEJARYFcGV0YWwwHhcNMTMwMTE3MTE1MjQ1WhcNMzIx
MDA0MTE1MjQ1WjAZMRcwFQYDVQQDEw51bmJvdW5kLWFuY2hvcjCB3zANBgkqhkiG
9w0BAQEFAAOBzQAwgckCgcEAtqdDE1VRH7zqWlpSOqyyhsWh38P+CVMVwsAx0ZJM
gdIZCEkTMfIpgfoqNGmNlHJPc5dAU4D2irRXgNPpbpGZO+ZHjrgEzxWcGwhrPuk8
eQKDePjcyGlWsuQLjvBNbugFXZnAKgcj/kfdss+X90/d/3ErGM6j2emNcDvbGm7a
5Bk2MJ3zIJ0rbcr5QSIUQ1mxDvq1i9ggotCba56YivLGtsrEAqvWOmYho0/TxFiG
cJMUOsuUyFlbcoraJJ6Q4XmXAgMBAAEwDQYJKoZIhvcNAQEFBQADgcEAhc3wYcbD
Uu9Osbu3bhbxLCkhedq/3weEO8RDU3AyB8diioAikagIOb99UeVE3WIds+JIPD6J
mK5UvS+lPR8SEOMRd0H91bEEp1Zn+gHAS/Z7k/x9t38Xk1N0jOnElc6n4vl42KLO
z2laJWcte7YXjzFjaNxP9fsGgEx1vRxcjtpXQWSY+oj+RVm5kRs5WKX5MCyD/p+y
Xitg7/a0ITKbW1GpVwaX6nPaeoze68m3qmy64l080XCna3igbhi3h2ay
MIIDBTCCAi4CFG36qDt2k02biKtMYGtLy9khnP+eMA0GCSqGSIb3DQEBBQUAMCYx
DjAMBgNVBAMMBXBldGFsMRQwEgYJKoZIhvcNAQkBFgVwZXRhbDAeFw0yMDA3MDgx
NDA5NDJaFw00MDAzMjUxNDA5NDJaMBkxFzAVBgNVBAMMDnVuYm91bmQtYW5jaG9y
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzDESJ2lpIno7KpSrYBeB
shT8H5dbtNF9rVBONsCmwSSqclLRixZ62OKrUKMVCEpZ0zj4yZOu3DGTfL9V9pEk
3dCD8mFmylidYeLh5GHGMcDVWOzDVPsnQ9y43KWYeURpGy4QSCxYDb5rrPysleSZ
wuN5D4lbs/AKdpubAHj6z37Zbrs2GjofHp6TaD6ck7jyRXDtqShrnsVXq9U1CadY
DOPiE4aZ1TvusRzhhjmDm8GQXalrtIBJ5j5EcmRamFhONGLshfj5ECZrKo9L17kO
d8PyRMaXNfvl2tpx1qtMxmp7FDpboGGIzP7F7hyaWMI/zAzkTMAtjGkAJWqHgTbS
fvlVul23RLvovM3fD/ZiugBuTWY/CRpmN7CQFFV6iFyLGjRp8vV7BojUIQX7is8Q
TxSqW12SsElMXOuUmcCnuIaoGF4nAoG6vNLFECtSdLTjQ0uXawIp7dOww4zS8j1/
dZzXsVF4G4V7GjeWD8eX7n+HNWoc3ojjuYzbWfWvLIQbAgMBAAEwDQYJKoZIhvcN
AQEFBQADgcEAPz9Iw956A8piiC5y3hJXAEJ0JYdNrpsgdj7n6iAXRU2EY+juzcKU
D+zcNEcebQJJxayr4eEMfUOUO1wH5uPkWBhKOC/qm6T6i/+/xNsksOeHm12G4/vH
VYPXTxMS+K+mz5HLmLcR0kuQMnCK22FFQj86fhr2vHBGHqINR6MxwvLCES37FWvr
qVZSseK6/6IwRgsjN101JUpaSnM88cMDpuUcqQrAbSSBRKDvjYMkcYcYuvchab26
G0jEU4KgxaOs
-----END CERTIFICATE-----

56
testdata/10-unbound-anchor.tdir/keys/unbound_server.key vendored
View file

@ -1,21 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIDfQIBAAKBwQC1xQ/Kca6zszZbcCtdOTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJ
RuN+Rm304SonpwghfP2/ULZNnuDgpG03/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1
QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ867K029ypjOQtAJ85qdO3mERy7TGtdUcu
O6hLeVet419YeQ2F8cfNxn63d7bOzNGLPW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeU
J/i4YDWexFYSL+ECAwEAAQKBwCLXXQl+9O+5AEhSnd1Go1Jh0pSA7eBJOuXQcebG
Rb7ykp+6C4G2NtDziwwPRNdI6wQQQ0sym18RfyVQHydGr78/nbiIbB3HCn5e92Mh
mefzW6ow9Kvm2txLzGKA1lvoyRbNm81jnG/eygi3u7Nqd5PNv+4dHj2RkTlmxOeh
qnDMVP5md8uZPv6lYNnrnIzvLCR5vnPNdVwn89AqzI85IcDZdy0R9ZX4NBbsDgAU
6ig6uXuRXvSGiyJ/OUXSrnogaQJhAOjvkHUhVZQkPOxO90TNH4j0GdKKtbSWxIdz
lKfuJeBAEqs0TL+C6vbS81Xw3W1alyDdUBk3rJMOBqW6Ryq5HNL+j5H+Jfsh7fvc
Yle+5wHGci0P9zCFZCrY8It7n9XFIwJhAMfEi6oJa2G8waPJ1bQhxka82Tf9pnKM
XCn/1BBOFjVIx5F842cpA+zp5a62GENTGYPQTTRBB/2/ZwnW5aIkrlg54AtmbqBZ
Oh+2kJdJQD/tfoVmc5soUE2ScTHadK5RKwJhAN4w9kjkXS+MSZjX0kIMsBIBVkhh
C+aREjJqa9ir7/Ey7RvmLXdYuCxtGLRXp7/R8+rjcK49Tx6O+IRJZe042mfhbq3C
EhS1Tr86f4xXix9EXlDhs9bSxrOgcAN9Dv/opQJhAK7eBcPaav0rVfYh/8emqQHS
3fJ9Pu6WnzbEksWTFS2ff9KDGCx9YspIFJ5TF/oXDAaumGZdZrlgirm6O1kr8tGY
F97i04PZl1+bWAaWQH+1TUNI43m2WFUPE7coG2tb8QJgcddDg9VlXliZqgcETZfJ
kJmYETxrcSn3ao6v116N8yxhEgUgjkmsCTiFgx36iDVnXwK6PIt+sIu8MC7eYNa3
berrv/M21K0LRn20IWRxvUobG070weHCAgkko7fTWgr2
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
-----END RSA PRIVATE KEY-----

32
testdata/10-unbound-anchor.tdir/keys/unbound_server.pem vendored
View file

@ -1,14 +1,22 @@
-----BEGIN CERTIFICATE-----
MIICFzCCAUACCQDO660L5y5LGDANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVw
ZXRhbDAeFw0xMDA5MzAxMzQzMDFaFw0zMDA2MTcxMzQzMDFaMBAxDjAMBgNVBAMT
BXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC1xQ/Kca6zszZbcCtd
OTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJRuN+Rm304SonpwghfP2/ULZNnuDgpG03
/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ8
67K029ypjOQtAJ85qdO3mERy7TGtdUcuO6hLeVet419YeQ2F8cfNxn63d7bOzNGL
PW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeUJ/i4YDWexFYSL+ECAwEAATANBgkqhkiG
9w0BAQUFAAOBwQBBkX9KDP2RXbg+xPmdJ4P6CwvA5x1LZwC++ydVx4NlvT0pWicD
ZUnXjcWAJlkeOuUBAqFG7WHTrXpUUAjmdqFVq2yFjteUYBdrFz0RDB2jM9feeKYO
mTgxdZyT9a6humxCxt5VfgT02axLjm/2AqCyFPMbf4PASoJDln01AEuZLZ8Xl2gV
bYHMnHTGoD1Hu6FNEzRgkMC6XT8X3YjHvzQhpc/qL5wEfEsinQGdX4twsuWbf8xd
q7miNnkO8vd0maw=
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
-----END CERTIFICATE-----

50
testdata/ctrl_itr.tdir/unbound_control.key vendored
View file

@ -1,15 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa
rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH
ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB
AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z
WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG
DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr
4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m
Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr
p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg
P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+
aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe
YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9
DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE=
MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
-----END RSA PRIVATE KEY-----

29
testdata/ctrl_itr.tdir/unbound_control.pem vendored
View file

@ -1,11 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE
AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD
6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3
qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US
J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB
BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B
9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC
iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq
MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
-----END CERTIFICATE-----

50
testdata/ctrl_itr.tdir/unbound_server.key vendored
View file

@ -1,15 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
-----END RSA PRIVATE KEY-----

29
testdata/ctrl_itr.tdir/unbound_server.pem vendored
View file

@ -1,11 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE
AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS
y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/
/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu
g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ
9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG
l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH
Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg==
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
-----END CERTIFICATE-----

50
testdata/ctrl_pipe.tdir/unbound_control.key vendored
View file

@ -1,15 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa
rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH
ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB
AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z
WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG
DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr
4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m
Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr
p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg
P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+
aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe
YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9
DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE=
MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
-----END RSA PRIVATE KEY-----

29
testdata/ctrl_pipe.tdir/unbound_control.pem vendored
View file

@ -1,11 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE
AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD
6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3
qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US
J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB
BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B
9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC
iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq
MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
-----END CERTIFICATE-----

50
testdata/ctrl_pipe.tdir/unbound_server.key vendored
View file

@ -1,15 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
-----END RSA PRIVATE KEY-----

Some files were not shown because too many files have changed in this diff Show more