- Fix #1435: Please allow UDP to be disabled separately upstream and

downstream.


git-svn-id: file:///svn/unbound/trunk@4349 be551aaa-1e26-0410-a405-d3ace91eadb9

daemon/worker.c

@@ -1633,7 +1633,8 @@ worker_init(struct worker* worker, struct config_file *cfg,
 		cfg->use_caps_bits_for_id, worker->ports, worker->numports,
 		cfg->unwanted_threshold, cfg->outgoing_tcp_mss,
 		&worker_alloc_cleanup, worker,
-		cfg->do_udp, worker->daemon->connect_sslctx, cfg->delay_close,
+		cfg->do_udp || cfg->udp_upstream_without_downstream,
+		worker->daemon->connect_sslctx, cfg->delay_close,
 		dtenv);
 	if(!worker->back) {
 		log_err("could not create outgoing sockets");

doc/Changelog

@@ -2,6 +2,8 @@
 	- tag 1.6.6 (is 1.6.6rc2)
 	- Fix that looping modules always stop the query, and don't pass
 	  control.
+	- Fix #1435: Please allow UDP to be disabled separately upstream and
+	  downstream.
 
 15 September 2017: Wouter
 	- Fix unbound-host to report error for DNSSEC state of failed lookups.

doc/example.conf.in

@@ -200,6 +200,10 @@ server:
 	# useful for tunneling scenarios, default no.
 	# tcp-upstream: no
 	
+	# upstream connections also use UDP (even if do-udp is no).
+	# useful if if you want UDP upstream, but don't provide UDP downstream.
+	# udp-upstream-without-downstream: no
+
 	# Maximum segment size (MSS) of TCP socket on which the server
 	# responds to queries. Default is 0, system default MSS.
 	# tcp-mss: 0

libunbound/libworker.c

@@ -232,8 +232,8 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb)
 		cfg->do_tcp?cfg->outgoing_num_tcp:0,
 		w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id,
 		ports, numports, cfg->unwanted_threshold,
-		cfg->outgoing_tcp_mss,
-		&libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx,
+		cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w,
+		cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx,
 		cfg->delay_close, NULL);
 	if(!w->is_bg || w->is_bg_thread) {
 		lock_basic_unlock(&ctx->cfglock);

util/config_file.c

@@ -101,6 +101,7 @@ config_create(void)
 	cfg->do_udp = 1;
 	cfg->do_tcp = 1;
 	cfg->tcp_upstream = 0;
+	cfg->udp_upstream_without_downstream = 0;
 	cfg->tcp_mss = 0;
 	cfg->outgoing_tcp_mss = 0;
 	cfg->ssl_service_key = NULL;
@@ -426,6 +427,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	else S_YNO("do-udp:", do_udp)
 	else S_YNO("do-tcp:", do_tcp)
 	else S_YNO("tcp-upstream:", tcp_upstream)
+	else S_YNO("udp-upstream-without-downstream:",
+		udp_upstream_without_downstream)
 	else S_NUMBER_NONZERO("tcp-mss:", tcp_mss)
 	else S_NUMBER_NONZERO("outgoing-tcp-mss:", outgoing_tcp_mss)
 	else S_YNO("ssl-upstream:", ssl_upstream)
@@ -828,6 +831,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_YNO(opt, "do-udp", do_udp)
 	else O_YNO(opt, "do-tcp", do_tcp)
 	else O_YNO(opt, "tcp-upstream", tcp_upstream)
+	else O_YNO(opt, "udp-upstream-without-downstream", udp_upstream_without_downstream)
 	else O_DEC(opt, "tcp-mss", tcp_mss)
 	else O_DEC(opt, "outgoing-tcp-mss", outgoing_tcp_mss)
 	else O_YNO(opt, "ssl-upstream", ssl_upstream)

util/config_file.h

@@ -84,6 +84,8 @@ struct config_file {
 	int do_tcp;
 	/** tcp upstream queries (no UDP upstream queries) */
 	int tcp_upstream;
+	/** udp upstream enabled when no UDP downstream is enabled (do_udp no)*/
+	int udp_upstream_without_downstream;
 	/** maximum segment size of tcp socket which queries are answered */
 	int tcp_mss;
 	/** maximum segment size of tcp socket for outgoing queries */

util/configlexer.lex

@@ -430,6 +430,7 @@ ipsecmod-strict{COLON}		{ YDVAR(1, VAR_IPSECMOD_STRICT) }
 cachedb{COLON}			{ YDVAR(0, VAR_CACHEDB) }
 backend{COLON}			{ YDVAR(1, VAR_CACHEDB_BACKEND) }
 secret-seed{COLON}		{ YDVAR(1, VAR_CACHEDB_SECRETSEED) }
+udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) }
 <INITIAL,val>{NEWLINE}		{ LEXOUT(("NL\n")); cfg_parser->line++; }
 
 	/* Quoted strings. Strip leading and ending quotes */

util/configparser.h

@@ -262,7 +262,8 @@ extern int yydebug;
     VAR_IPSECMOD_STRICT = 472,
     VAR_CACHEDB = 473,
     VAR_CACHEDB_BACKEND = 474,
-    VAR_CACHEDB_SECRETSEED = 475
+    VAR_CACHEDB_SECRETSEED = 475,
+    VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 476
   };
 #endif
 /* Tokens.  */
@@ -484,6 +485,7 @@ extern int yydebug;
 #define VAR_CACHEDB 473
 #define VAR_CACHEDB_BACKEND 474
 #define VAR_CACHEDB_SECRETSEED 475
+#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 476
 
 /* Value type.  */
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@@ -494,7 +496,7 @@ union YYSTYPE
 
 	char*	str;
 
-#line 498 "util/configparser.h" /* yacc.c:1909  */
+#line 500 "util/configparser.h" /* yacc.c:1909  */
 };
 
 typedef union YYSTYPE YYSTYPE;

util/configparser.y

@@ -149,6 +149,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
+%token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM
 
 %%
 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -237,7 +238,8 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_hide_trustanchor | server_trust_anchor_signaling |
 	server_ipsecmod_enabled | server_ipsecmod_hook |
 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
-	server_ipsecmod_whitelist | server_ipsecmod_strict
+	server_ipsecmod_whitelist | server_ipsecmod_strict |
+	server_udp_upstream_without_downstream
 	;
 stubstart: VAR_STUB_ZONE
 	{
@@ -606,6 +608,15 @@ server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG
 		free($2);
 	}
 	;
+server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG
+	{
+		OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", $2));
+		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+			yyerror("expected yes or no.");
+		else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp($2, "yes")==0);
+		free($2);
+	}
+	;
 server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG
 	{
 		OUTYY(("P(server_ssl_upstream:%s)\n", $2));