upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #567: unbound lists if forward zone is secure or insecure with

Browse source 
+i annotation in output of list_forwards, also for list_stubs
  (for NetworkManager integration.)


git-svn-id: file:///svn/unbound/trunk@3109 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2014-04-10 10:54:21 +00:00
parent 330b3219a0
commit 921c869f28
2 changed files with 35 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
daemon/remote.c
View file

@ -1948,10 +1948,23 @@ do_list_forwards(SSL* ssl, struct worker* worker)
/* since its a per-worker structure no locks needed */ /* since its a per-worker structure no locks needed */
struct iter_forwards* fwds = worker->env.fwds; struct iter_forwards* fwds = worker->env.fwds;
struct iter_forward_zone* z; struct iter_forward_zone* z;
struct trust_anchor* a;
int insecure;
RBTREE_FOR(z, struct iter_forward_zone*, fwds->tree) { RBTREE_FOR(z, struct iter_forward_zone*, fwds->tree) {
if(!z->dp) continue; /* skip empty marker for stub */ if(!z->dp) continue; /* skip empty marker for stub */
if(!ssl_print_name_dp(ssl, "forward", z->name, z->dclass,
z->dp)) /* see if it is insecure */
insecure = 0;
if(worker->env.anchors &&
(a=anchor_find(worker->env.anchors, z->name,
z->namelabs, z->namelen, z->dclass))) {
if(!a->keylist && !a->numDS && !a->numDNSKEY)
insecure = 1;
lock_basic_unlock(&a->lock);
}
if(!ssl_print_name_dp(ssl, (insecure?"forward +i":"forward"),
z->name, z->dclass, z->dp))
return; return;
} }
} }
@ -1961,9 +1974,24 @@ static void
do_list_stubs(SSL* ssl, struct worker* worker) do_list_stubs(SSL* ssl, struct worker* worker)
{ {
struct iter_hints_stub* z; struct iter_hints_stub* z;
struct trust_anchor* a;
int insecure;
char str[32];
RBTREE_FOR(z, struct iter_hints_stub*, &worker->env.hints->tree) { RBTREE_FOR(z, struct iter_hints_stub*, &worker->env.hints->tree) {
if(!ssl_print_name_dp(ssl,
z->noprime?"stub noprime":"stub prime", z->node.name, /* see if it is insecure */
insecure = 0;
if(worker->env.anchors &&
(a=anchor_find(worker->env.anchors, z->node.name,
z->node.labs, z->node.len, z->node.dclass))) {
if(!a->keylist && !a->numDS && !a->numDNSKEY)
insecure = 1;
lock_basic_unlock(&a->lock);
}
snprintf(str, sizeof(str), "stub %sprime%s",
(z->noprime?"no":""), (insecure?" +i":""));
if(!ssl_print_name_dp(ssl, str, z->node.name,
z->node.dclass, z->dp)) z->node.dclass, z->dp))
return; return;
} }

3
doc/Changelog
View file

@ -5,6 +5,9 @@
- Document that dump_requestlist only prints queries from thread 0. - Document that dump_requestlist only prints queries from thread 0.
- unbound-control stats prints num.query.tcpout with number of TCP - unbound-control stats prints num.query.tcpout with number of TCP
outgoing queries made in the previous statistics interval. outgoing queries made in the previous statistics interval.
- Fix #567: unbound lists if forward zone is secure or insecure with
+i annotation in output of list_forwards, also for list_stubs
(for NetworkManager integration.)
8 April 2014: Wouter 8 April 2014: Wouter
- Fix #574: make test fails on Ubuntu 14.04. Disabled remote-control - Fix #574: make test fails on Ubuntu 14.04. Disabled remote-control