From 5423af18365d0511666a9e30a184c9c54c160cb7 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Thu, 12 Nov 2009 16:27:11 +0000 Subject: [PATCH] review fixes. git-svn-id: file:///svn/unbound/trunk@1901 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 3 +++ doc/libunbound.3.in | 8 ++++---- doc/unbound-checkconf.8.in | 8 ++++---- doc/unbound-control.8.in | 21 +++++++++++---------- doc/unbound.conf.5.in | 24 ++++++++++++------------ validator/autotrust.c | 16 ++++++++++------ 6 files changed, 44 insertions(+), 36 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index ab408c276..d5f009e6d 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,8 @@ 12 November 2009: Wouter - iana portlist updated. + - fix manpage errors reported by debian lintian. + - review comments. + - fixup very long vallog2 level error strings. 11 November 2009: Wouter - ldns tarball updated (to 1.6.2). diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in index 0d79254e2..8fa67afb0 100644 --- a/doc/libunbound.3.in +++ b/doc/libunbound.3.in @@ -219,7 +219,7 @@ ub_ctx_add_ta Add a trust anchor to the given context. At this time it is only possible to add trusted keys before the first resolve is done. -The format is a string, similar to the zone-file format, +The format is a string, similar to the zone\-file format, [domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted. .TP .B ub_ctx_add_ta_file @@ -230,13 +230,13 @@ first resolve is done. .TP .B ub_ctx_trustedkeys Add trust anchors to the given context. -Pass the name of a bind-style config file with trusted-keys{}. +Pass the name of a bind\-style config file with trusted\-keys{}. At this time it is only possible to add trusted keys before the first resolve is done. .TP .B ub_ctx_debugout Set debug and error log output to the given stream. Pass NULL to disable -output. Default is stderr. File-names or using syslog can be enabled +output. Default is stderr. File\-names or using syslog can be enabled using config options, this routine is for using your own stream. .TP .B ub_ctx_debuglevel @@ -369,7 +369,7 @@ returns NULL on an error (a malloc failure). .B ub_poll returns true if some information may be available, false otherwise. .B ub_fd -returns a file descriptor or -1 on error. +returns a file descriptor or \-1 on error. .SH "SEE ALSO" \fIunbound.conf\fR(5), \fIunbound\fR(8). diff --git a/doc/unbound-checkconf.8.in b/doc/unbound-checkconf.8.in index 23635e979..9b4521222 100644 --- a/doc/unbound-checkconf.8.in +++ b/doc/unbound-checkconf.8.in @@ -9,16 +9,16 @@ .\" .SH "NAME" .LP -unbound-checkconf +unbound\-checkconf \- Check unbound configuration file for errors. .SH "SYNOPSIS" -.B unbound-checkconf +.B unbound\-checkconf .RB [ \-h ] .RB [ \-o .IR option ] .RI [ cfgfile ] .SH "DESCRIPTION" -.B Unbound-checkconf +.B Unbound\-checkconf checks the configuration file for the \fIunbound\fR(8) DNS resolver for syntax and other errors. @@ -38,7 +38,7 @@ printed to stdout. For "" (disabled) options an empty line is printed. The config file to read with settings for unbound. It is checked. If omitted, the config file at the default location is checked. .SH "EXIT CODE" -The unbound-checkconf program exits with status code 1 on error, +The unbound\-checkconf program exits with status code 1 on error, 0 for a correct config file. .SH "FILES" .TP diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index 56dad0786..ad402c40d 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -9,10 +9,11 @@ .\" .SH "NAME" .LP -unbound-control +.B unbound\-control, +.B unbound\-control\-setup \- Unbound remote server control utility. .SH "SYNOPSIS" -.B unbound-control +.B unbound\-control .RB [ \-h ] .RB [ \-c .IR cfgfile ] @@ -20,7 +21,7 @@ unbound-control .IR server ] .IR command .SH "DESCRIPTION" -.B Unbound-control +.B Unbound\-control performs remote administration on the \fIunbound\fR(8) DNS server. It reads the configuration file, contacts the unbound server over SSL sends the command and displays the result. @@ -142,11 +143,11 @@ nameservers, should go to the internet root nameservers itself, or show the current config. You could pass the nameservers after a DHCP update. .IP Without arguments the current list of addresses used to forward all queries -to is printed. On startup this is from the forward-zone "." configuration. +to is printed. On startup this is from the forward\-zone "." configuration. Afterwards it shows the status. It prints off when no forwarding is used. .IP If \fIoff\fR is passed, forwarding is disabled and the root nameservers -are used. This can be used to avoid to avoid buggy or non-DNSSEC supporting +are used. This can be used to avoid to avoid buggy or non\-DNSSEC supporting nameservers returned from DHCP. But may not work in hotels or hotspots. .IP If one or more IPv4 or IPv6 addresses are given, those are then used to forward @@ -157,7 +158,7 @@ By default the forwarder information from the config file for the root "." is used. The config file is not changed, so after a reload these changes are gone. Other forward zones from the config file are not affected by this command. .SH "EXIT CODE" -The unbound-control program exits with status code 1 on error, 0 on success. +The unbound\-control program exits with status code 1 on error, 0 on success. .SH "SET UP" The setup requires a self\-signed certificate and private keys for both the server and client. The script \fIunbound\-control\-setup\fR generates @@ -171,7 +172,7 @@ If you have not configured a username in unbound.conf, the keys need read permission for the user credentials under which the daemon is started. The script preserves private keys present in the directory. -After running the script as root, turn on \fBcontrol-enable\fR in +After running the script as root, turn on \fBcontrol\-enable\fR in \fIunbound.conf\fR. .SH "STATISTIC COUNTERS" The \fIstats\fR command shows a number of statistic counters. @@ -285,13 +286,13 @@ Printed for the other query types as well, but only for the types for which queries were received, thus =0 entries are omitted for brevity. .TP .I num.query.type.other -Number of queries with query types 256-65535. +Number of queries with query types 256\-65535. .TP .I num.query.class.IN The total number of queries over all threads with query class IN (internet). Also printed for other classes (such as CH (CHAOS) sometimes used for debugging), or NONE, ANY, used by dynamic update. -num.query.class.other is printed for classes 256-65535. +num.query.class.other is printed for classes 256\-65535. .TP .I num.query.opcode.QUERY The total number of queries over all threads with query opcode QUERY. @@ -357,7 +358,7 @@ unbound configuration file. .TP .I @UNBOUND_RUN_DIR@ directory with private keys (unbound_server.key and unbound_control.key) and -self-signed certificates (unbound_server.pem and unbound_control.pem). +self\-signed certificates (unbound_server.pem and unbound_control.pem). .SH "SEE ALSO" \fIunbound.conf\fR(5), \fIunbound\fR(8). diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 6e4c29c66..dea7023f4 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -52,8 +52,8 @@ server: username: unbound # make sure unbound can access entropy from inside the chroot. # e.g. on linux the use these commands (on BSD, devfs(8) is used): - # mount --bind -n /dev/random /etc/unbound/dev/random - # and mount --bind -n /dev/log /etc/unbound/dev/log + # mount \-\-bind \-n /dev/random /etc/unbound/dev/random + # and mount \-\-bind \-n /dev/log /etc/unbound/dev/log chroot: "/etc/unbound" # logfile: "/etc/unbound/unbound.log" #uncomment to use logfile. pidfile: "/etc/unbound/unbound.pid" @@ -115,10 +115,10 @@ Can be given multiple times to work on several interfaces. If none are given the default is to listen to localhost. The interfaces are not changed on a reload (kill \-HUP) but only on restart. .TP -.B interface-automatic: \fI +.B interface\-automatic: \fI Detect source interface on UDP queries and copy them to replies. This feature is experimental, and needs support in your OS for IPv6 -(and its socket options) and IPv4 (and have source-interface socket options). +(and its socket options) and IPv4 (and have source\-interface socket options). Default value is no. .TP .B outgoing\-interface: \fI @@ -142,7 +142,7 @@ Permit unbound to open this port or range of ports for use to send queries. A larger number of permitted outgoing ports increases resilience against spoofing attempts. Make sure these ports are not needed by other daemons. By default only ports above 1024 that have not been assigned by IANA are used. -Give a port number or a range of the form "low-high", without spaces. +Give a port number or a range of the form "low\-high", without spaces. .IP The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements are processed in the line order of the config file, adding the permitted ports @@ -155,7 +155,7 @@ Do not permit unbound to open this port or range of ports for use to send queries. Use this to make sure unbound does not grab a port that another daemon needs. The port is avoided on all outgoing interfaces, both IP4 and IP6. By default only ports above 1024 that have not been assigned by IANA are used. -Give a port number or a range of the form "low-high", without spaces. +Give a port number or a range of the form "low\-high", without spaces. .TP .B outgoing\-num\-tcp: \fI Number of outgoing TCP buffers to allocate per thread. Default is 10. If set @@ -454,7 +454,7 @@ not RFC standard, and could lead to performance problems because of the extra query load that is generated. Experimental option. .TP .B use\-caps\-for\-id: \fI -Use 0x20-encoded random bits in the query to foil spoof attempts. +Use 0x20\-encoded random bits in the query to foil spoof attempts. This perturbs the lowercase and uppercase of query names sent to authority servers and checks if the reply still has the correct casing. Disabled by default. @@ -465,7 +465,7 @@ Give IPv4 of IPv6 addresses or classless subnets. These are addresses on your private network, and are not allowed to be returned for public internet names. Any occurence of such addresses are removed from DNS answers. Additionally, the DNSSEC validator may mark the answers -bogus. This protects against so-called DNS Rebinding, where a user browser +bogus. This protects against so\-called DNS Rebinding, where a user browser is turned into a network proxy, allowing remote access through the browser to other parts of your private network. Some names can be allowed to contain your private addresses, by default all the \fBlocal\-data\fR @@ -776,7 +776,7 @@ Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa. Reverse data for zone 8.B.D.0.1.0.0.2.ip6.arpa. This zone is used for tutorials and examples. You can remove the block on this zone with: .nf - local-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault + local\-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault .fi This also works with the other default zones. .\" End of local-zone listing. @@ -806,7 +806,7 @@ enabled, the \fIunbound\-control\fR(8) utility can be used to send commands to the running unbound server. The server uses these clauses to setup SSLv3 / TLSv1 security for the connection. The \fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR -section for options. To setup the correct self-signed certificates use the +section for options. To setup the correct self\-signed certificates use the \fIunbound\-control\-setup\fR(8) utility. .TP 5 .B control\-enable: \fI @@ -893,7 +893,7 @@ There may be multiple clauses. Each with a \fBname:\fR and zero or more hostnames or IP addresses. For the forward zone this list of nameservers is used to forward the queries to. The servers listed as \fBforward\-host:\fR and -\fBforward-addr:\fR have to handle further recursion for the query. Thus, +\fBforward\-addr:\fR have to handle further recursion for the query. Thus, those servers are not authority servers, but are (just like unbound is) recursive servers too; unbound does not perform recursion itself for the forward zone, it lets the remote server do it. Class IN is assumed. @@ -929,7 +929,7 @@ supported. Very large data and high TCP loads are exceptional for the DNS. DNSSEC validation is enabled, just add trust anchors. If you do not have to worry about programs using more than 3 Mb of memory, the below example is not for you. Use the defaults to receive full service, -which on BSD-32bit tops out at 30-40 Mb after heavy usage. +which on BSD\-32bit tops out at 30\-40 Mb after heavy usage. .P .nf # example settings that reduce memory usage diff --git a/validator/autotrust.c b/validator/autotrust.c index 1e68abacb..2d97b0bff 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -551,7 +551,7 @@ autr_assemble(struct trust_anchor* tp) } /* we have prepared the new keys so nothing can go wrong any more. * And we are sure we cannot be left without trustanchor after - * an errors. Put in the new keys and remove old ones. */ + * any errors. Put in the new keys and remove old ones. */ /* free the old data */ autr_rrset_delete(tp->ds_rrset); @@ -593,10 +593,12 @@ parse_id(struct val_anchors* anchors, char* line) uint16_t dclass; /* read the owner name */ char* next = strchr(line, ' '); - if(!next) return NULL; + if(!next) + return NULL; next[0] = 0; rdf = ldns_dname_new_frm_str(line); - if(!rdf) return NULL; + if(!rdf) + return NULL; labs = dname_count_size_labels(ldns_rdf_data(rdf), &len); log_assert(len == ldns_rdf_size(rdf)); @@ -707,6 +709,8 @@ read_multiline(char* buf, size_t len, FILE* in, int* linenr) (*linenr)++; /* check what the new depth is after the line */ + /* this routine cannot handle braces inside quotes, + say for TXT records, but this routine only has to read keys */ for(i=0; i *env->now) { + if(t - *env->now > 0) { t -= *env->now; if(t < r) r = t; @@ -1052,8 +1056,8 @@ ldns_rr_compare_wire_skip_revbit(ldns_buffer* rr1_buf, ldns_buffer* rr2_buf) offset = 0; while (offset < rr1_len && *ldns_buffer_at(rr1_buf, offset) != 0) offset += *ldns_buffer_at(rr1_buf, offset) + 1; - /* jump to rdata section (PAST the rdata length field */ - offset += 11; + /* jump to rdata section (PAST the rdata length field) */ + offset += 11; /* 0-dname-end + type + class + ttl + rdatalen */ min_len = (rr1_len < rr2_len) ? rr1_len : rr2_len; /* compare RRs RDATA byte for byte. */ for(i = offset; i < min_len; i++)