upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fixup contrib/fastrpz.patch

Browse source
This commit is contained in:
W.C.A. Wijngaards 2019-08-16 12:37:13 +02:00
parent bdb6c153e4
commit c602ba7319
2 changed files with 52 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

100
contrib/fastrpz.patch
View file

@ -2,7 +2,7 @@ Description: based on the included patch contrib/fastrpz.patch
Author: fastrpz@farsightsecurity.com Author: fastrpz@farsightsecurity.com
--- ---
diff --git a/Makefile.in b/Makefile.in diff --git a/Makefile.in b/Makefile.in
index 03a6347..6758bea 100644 index e9042712..870d503b 100644
--- a/Makefile.in --- a/Makefile.in
+++ b/Makefile.in +++ b/Makefile.in
@@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c @@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c
@ -18,8 +18,8 @@ index 03a6347..6758bea 100644
edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \
edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \
cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \
-$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) -$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC)
+$(DNSTAP_SRC) $(FASTRPZ_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) +$(DNSTAP_SRC) $(FASTRPZ_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC)
COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \
@ -27,12 +27,12 @@ index 03a6347..6758bea 100644
validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \
$(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \
-$(IPSECMOD_OBJ) respip.lo -$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo
+$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) respip.lo +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo
COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
outside_network.lo outside_network.lo
COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo
@@ -405,6 +407,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ @@ -408,6 +410,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \
$(srcdir)/util/config_file.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/util/netevent.h
@ -45,10 +45,10 @@ index 03a6347..6758bea 100644
pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \
pythonmod/interface.h \ pythonmod/interface.h \
diff --git a/config.h.in b/config.h.in diff --git a/config.h.in b/config.h.in
index 74c14d1..a18f4ff 100644 index 1bfe4426..0136421d 100644
--- a/config.h.in --- a/config.h.in
+++ b/config.h.in +++ b/config.h.in
@@ -1305,4 +1305,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, @@ -1315,4 +1315,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
/** the version of unbound-control that this software implements */ /** the version of unbound-control that this software implements */
#define UNBOUND_CONTROL_VERSION 1 #define UNBOUND_CONTROL_VERSION 1
@ -62,7 +62,7 @@ index 74c14d1..a18f4ff 100644
+/** turn on fastrpz response policy zones */ +/** turn on fastrpz response policy zones */
+#undef ENABLE_FASTRPZ +#undef ENABLE_FASTRPZ
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index abbecf0..6454274 100644 index 18030728..d6d6e1e7 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) @@ -6,6 +6,7 @@ sinclude(ax_pthread.m4)
@ -73,7 +73,7 @@ index abbecf0..6454274 100644
sinclude(dnscrypt/dnscrypt.m4) sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing # must be numbers. ac_defun because of later processing
@@ -1586,6 +1587,9 @@ case "$enable_ipsecmod" in @@ -1649,6 +1650,9 @@ case "$enable_ipset" in
;; ;;
esac esac
@ -84,7 +84,7 @@ index abbecf0..6454274 100644
# on openBSD, the implicit rule make $< work. # on openBSD, the implicit rule make $< work.
# on Solaris, it does not work ($? is changed sources, $^ lists dependencies). # on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
diff --git a/daemon/daemon.c b/daemon/daemon.c diff --git a/daemon/daemon.c b/daemon/daemon.c
index 7461a26..706f8f6 100644 index 96cc443e..d08b2e56 100644
--- a/daemon/daemon.c --- a/daemon/daemon.c
+++ b/daemon/daemon.c +++ b/daemon/daemon.c
@@ -91,6 +91,9 @@ @@ -91,6 +91,9 @@
@ -112,7 +112,7 @@ index 7461a26..706f8f6 100644
#endif #endif
} }
for(i=0; i<daemon->num; i++) { for(i=0; i<daemon->num; i++) {
@@ -718,6 +729,9 @@ daemon_cleanup(struct daemon* daemon) @@ -726,6 +737,9 @@ daemon_cleanup(struct daemon* daemon)
#ifdef USE_DNSCRYPT #ifdef USE_DNSCRYPT
dnsc_delete(daemon->dnscenv); dnsc_delete(daemon->dnscenv);
daemon->dnscenv = NULL; daemon->dnscenv = NULL;
@ -123,7 +123,7 @@ index 7461a26..706f8f6 100644
daemon->cfg = NULL; daemon->cfg = NULL;
} }
diff --git a/daemon/daemon.h b/daemon/daemon.h diff --git a/daemon/daemon.h b/daemon/daemon.h
index 5749dbe..64ce230 100644 index 5749dbef..64ce230f 100644
--- a/daemon/daemon.h --- a/daemon/daemon.h
+++ b/daemon/daemon.h +++ b/daemon/daemon.h
@@ -136,6 +136,11 @@ struct daemon { @@ -136,6 +136,11 @@ struct daemon {
@ -139,7 +139,7 @@ index 5749dbe..64ce230 100644
/** /**
diff --git a/daemon/worker.c b/daemon/worker.c diff --git a/daemon/worker.c b/daemon/worker.c
index fc93817..e435226 100644 index 263fcddf..e6bc84bd 100644
--- a/daemon/worker.c --- a/daemon/worker.c
+++ b/daemon/worker.c +++ b/daemon/worker.c
@@ -75,6 +75,9 @@ @@ -75,6 +75,9 @@
@ -204,7 +204,7 @@ index fc93817..e435226 100644
edns_bak = *edns; edns_bak = *edns;
edns->edns_version = EDNS_ADVERTISED_VERSION; edns->edns_version = EDNS_ADVERTISED_VERSION;
@@ -1409,6 +1448,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, @@ -1410,6 +1449,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",
&repinfo->addr, repinfo->addrlen); &repinfo->addr, repinfo->addrlen);
goto send_reply; goto send_reply;
@ -220,7 +220,7 @@ index fc93817..e435226 100644
} }
/* If we've found a local alias, replace the qname with the alias /* If we've found a local alias, replace the qname with the alias
@@ -1457,12 +1505,21 @@ lookup_cache: @@ -1458,12 +1506,21 @@ lookup_cache:
h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2));
if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) {
/* answer from cache - we have acquired a readlock on it */ /* answer from cache - we have acquired a readlock on it */
@ -244,7 +244,7 @@ index fc93817..e435226 100644
/* prefetch it if the prefetch TTL expired. /* prefetch it if the prefetch TTL expired.
* Note that if there is more than one pass * Note that if there is more than one pass
* its qname must be that used for cache * its qname must be that used for cache
@@ -1516,11 +1573,19 @@ lookup_cache: @@ -1518,11 +1575,19 @@ lookup_cache:
lock_rw_unlock(&e->lock); lock_rw_unlock(&e->lock);
} }
if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) {
@ -267,10 +267,10 @@ index fc93817..e435226 100644
} }
verbose(VERB_ALGO, "answer norec from cache -- " verbose(VERB_ALGO, "answer norec from cache -- "
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index c14ee27..0b71eaf 100644 index 083a7c10..1812f2cf 100644
--- a/doc/unbound.conf.5.in --- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in
@@ -1795,6 +1795,81 @@ List domain for which the AAAA records are ignored and the A record is @@ -1799,6 +1799,81 @@ List domain for which the AAAA records are ignored and the A record is
used by dns64 processing instead. Can be entered multiple times, list a used by dns64 processing instead. Can be entered multiple times, list a
new domain for which it applies, one per line. Applies also to names new domain for which it applies, one per line. Applies also to names
underneath the name given. underneath the name given.
@ -354,7 +354,7 @@ index c14ee27..0b71eaf 100644
The The
diff --git a/fastrpz/librpz.h b/fastrpz/librpz.h diff --git a/fastrpz/librpz.h b/fastrpz/librpz.h
new file mode 100644 new file mode 100644
index 0000000..645279d index 00000000..645279d1
--- /dev/null --- /dev/null
+++ b/fastrpz/librpz.h +++ b/fastrpz/librpz.h
@@ -0,0 +1,957 @@ @@ -0,0 +1,957 @@
@ -1317,7 +1317,7 @@ index 0000000..645279d
+#endif /* LIBRPZ_H */ +#endif /* LIBRPZ_H */
diff --git a/fastrpz/rpz.c b/fastrpz/rpz.c diff --git a/fastrpz/rpz.c b/fastrpz/rpz.c
new file mode 100644 new file mode 100644
index 0000000..c5ab780 index 00000000..c5ab7801
--- /dev/null --- /dev/null
+++ b/fastrpz/rpz.c +++ b/fastrpz/rpz.c
@@ -0,0 +1,1352 @@ @@ -0,0 +1,1352 @@
@ -2675,7 +2675,7 @@ index 0000000..c5ab780
+#endif /* ENABLE_FASTRPZ */ +#endif /* ENABLE_FASTRPZ */
diff --git a/fastrpz/rpz.h b/fastrpz/rpz.h diff --git a/fastrpz/rpz.h b/fastrpz/rpz.h
new file mode 100644 new file mode 100644
index 0000000..5d7e31c index 00000000..5d7e31c5
--- /dev/null --- /dev/null
+++ b/fastrpz/rpz.h +++ b/fastrpz/rpz.h
@@ -0,0 +1,138 @@ @@ -0,0 +1,138 @@
@ -2819,7 +2819,7 @@ index 0000000..5d7e31c
+#endif /* UNBOUND_FASTRPZ_RPZ_H */ +#endif /* UNBOUND_FASTRPZ_RPZ_H */
diff --git a/fastrpz/rpz.m4 b/fastrpz/rpz.m4 diff --git a/fastrpz/rpz.m4 b/fastrpz/rpz.m4
new file mode 100644 new file mode 100644
index 0000000..2123535 index 00000000..21235355
--- /dev/null --- /dev/null
+++ b/fastrpz/rpz.m4 +++ b/fastrpz/rpz.m4
@@ -0,0 +1,64 @@ @@ -0,0 +1,64 @@
@ -2888,7 +2888,7 @@ index 0000000..2123535
+ fi + fi
+]) +])
diff --git a/iterator/iterator.c b/iterator/iterator.c diff --git a/iterator/iterator.c b/iterator/iterator.c
index c906c27..55bf218 100644 index c906c271..55bf2180 100644
--- a/iterator/iterator.c --- a/iterator/iterator.c
+++ b/iterator/iterator.c +++ b/iterator/iterator.c
@@ -68,6 +68,9 @@ @@ -68,6 +68,9 @@
@ -3085,7 +3085,7 @@ index c906c27..55bf218 100644
qstate->return_msg = iq->response; qstate->return_msg = iq->response;
return 0; return 0;
diff --git a/iterator/iterator.h b/iterator/iterator.h diff --git a/iterator/iterator.h b/iterator/iterator.h
index a2f1b57..e1e4a73 100644 index a2f1b570..e1e4a738 100644
--- a/iterator/iterator.h --- a/iterator/iterator.h
+++ b/iterator/iterator.h +++ b/iterator/iterator.h
@@ -386,6 +386,16 @@ struct iter_qstate { @@ -386,6 +386,16 @@ struct iter_qstate {
@ -3106,7 +3106,7 @@ index a2f1b57..e1e4a73 100644
* Count number of time-outs. Used to prevent resolving failures when * Count number of time-outs. Used to prevent resolving failures when
* the QNAME minimisation QTYPE is blocked. */ * the QNAME minimisation QTYPE is blocked. */
diff --git a/services/cache/dns.c b/services/cache/dns.c diff --git a/services/cache/dns.c b/services/cache/dns.c
index aa4efec..5dd3412 100644 index aa4efec7..5dd3412e 100644
--- a/services/cache/dns.c --- a/services/cache/dns.c
+++ b/services/cache/dns.c +++ b/services/cache/dns.c
@@ -945,6 +945,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, @@ -945,6 +945,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
@ -3125,7 +3125,7 @@ index aa4efec..5dd3412 100644
rep = reply_info_copy(msgrep, env->alloc, NULL); rep = reply_info_copy(msgrep, env->alloc, NULL);
if(!rep) if(!rep)
diff --git a/services/mesh.c b/services/mesh.c diff --git a/services/mesh.c b/services/mesh.c
index d96289e..2e9f267 100644 index 27f91940..f1bd4e90 100644
--- a/services/mesh.c --- a/services/mesh.c
+++ b/services/mesh.c +++ b/services/mesh.c
@@ -60,6 +60,9 @@ @@ -60,6 +60,9 @@
@ -3138,7 +3138,7 @@ index d96289e..2e9f267 100644
#include "respip/respip.h" #include "respip/respip.h"
#include "services/listen_dnsport.h" #include "services/listen_dnsport.h"
@@ -1072,6 +1075,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, @@ -1076,6 +1079,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
else secure = 0; else secure = 0;
if(!rep && rcode == LDNS_RCODE_NOERROR) if(!rep && rcode == LDNS_RCODE_NOERROR)
rcode = LDNS_RCODE_SERVFAIL; rcode = LDNS_RCODE_SERVFAIL;
@ -3152,7 +3152,7 @@ index d96289e..2e9f267 100644
/* send the reply */ /* send the reply */
/* We don't reuse the encoded answer if either the previous or current /* We don't reuse the encoded answer if either the previous or current
* response has a local alias. We could compare the alias records * response has a local alias. We could compare the alias records
@@ -1247,6 +1257,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, @@ -1255,6 +1265,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh,
key.s.is_valrec = valrec; key.s.is_valrec = valrec;
key.s.qinfo = *qinfo; key.s.qinfo = *qinfo;
key.s.query_flags = qflags; key.s.query_flags = qflags;
@ -3160,7 +3160,7 @@ index d96289e..2e9f267 100644
/* We are searching for a similar mesh state when we DO want to /* We are searching for a similar mesh state when we DO want to
* aggregate the state. Thus unique is set to NULL. (default when we * aggregate the state. Thus unique is set to NULL. (default when we
* desire aggregation).*/ * desire aggregation).*/
@@ -1293,6 +1304,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, @@ -1301,6 +1312,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns,
if(!r) if(!r)
return 0; return 0;
r->query_reply = *rep; r->query_reply = *rep;
@ -3172,10 +3172,10 @@ index d96289e..2e9f267 100644
if(edns->opt_list) { if(edns->opt_list) {
r->edns.opt_list = edns_opt_copy_region(edns->opt_list, r->edns.opt_list = edns_opt_copy_region(edns->opt_list,
diff --git a/util/config_file.c b/util/config_file.c diff --git a/util/config_file.c b/util/config_file.c
index 9b60254..d791f8f 100644 index 119b2223..ce43a234 100644
--- a/util/config_file.c --- a/util/config_file.c
+++ b/util/config_file.c +++ b/util/config_file.c
@@ -1418,6 +1418,8 @@ config_delete(struct config_file* cfg) @@ -1434,6 +1434,8 @@ config_delete(struct config_file* cfg)
free(cfg->dnstap_socket_path); free(cfg->dnstap_socket_path);
free(cfg->dnstap_identity); free(cfg->dnstap_identity);
free(cfg->dnstap_version); free(cfg->dnstap_version);
@ -3183,12 +3183,12 @@ index 9b60254..d791f8f 100644
+ free(cfg->rpz_cstr); + free(cfg->rpz_cstr);
config_deldblstrlist(cfg->ratelimit_for_domain); config_deldblstrlist(cfg->ratelimit_for_domain);
config_deldblstrlist(cfg->ratelimit_below_domain); config_deldblstrlist(cfg->ratelimit_below_domain);
#ifdef USE_IPSECMOD config_delstrlist(cfg->python_script);
diff --git a/util/config_file.h b/util/config_file.h diff --git a/util/config_file.h b/util/config_file.h
index 3cffdbf..e0fa1c8 100644 index b3ef930a..56173b80 100644
--- a/util/config_file.h --- a/util/config_file.h
+++ b/util/config_file.h +++ b/util/config_file.h
@@ -490,6 +490,11 @@ struct config_file { @@ -494,6 +494,11 @@ struct config_file {
/** true to disable DNSSEC lameness check in iterator */ /** true to disable DNSSEC lameness check in iterator */
int disable_dnssec_lame_check; int disable_dnssec_lame_check;
@ -3201,7 +3201,7 @@ index 3cffdbf..e0fa1c8 100644
int ip_ratelimit; int ip_ratelimit;
/** number of slabs for ip_ratelimit cache */ /** number of slabs for ip_ratelimit cache */
diff --git a/util/configlexer.lex b/util/configlexer.lex diff --git a/util/configlexer.lex b/util/configlexer.lex
index 16b5bc5..038045d 100644 index 7a972908..2d03ffc7 100644
--- a/util/configlexer.lex --- a/util/configlexer.lex
+++ b/util/configlexer.lex +++ b/util/configlexer.lex
@@ -439,6 +439,10 @@ dnstap-log-forwarder-query-messages{COLON} { @@ -439,6 +439,10 @@ dnstap-log-forwarder-query-messages{COLON} {
@ -3216,7 +3216,7 @@ index 16b5bc5..038045d 100644
ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) }
ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) }
diff --git a/util/configparser.y b/util/configparser.y diff --git a/util/configparser.y b/util/configparser.y
index c7b9169..bef15b5 100644 index 10227a2f..a519fcc7 100644
--- a/util/configparser.y --- a/util/configparser.y
+++ b/util/configparser.y +++ b/util/configparser.y
@@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser; @@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser;
@ -3227,7 +3227,7 @@ index c7b9169..bef15b5 100644
%token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
%token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
%token VAR_DISABLE_DNSSEC_LAME_CHECK %token VAR_DISABLE_DNSSEC_LAME_CHECK
@@ -170,7 +171,7 @@ extern struct config_parser_state* cfg_parser; @@ -171,7 +172,7 @@ extern struct config_parser_state* cfg_parser;
%% %%
toplevelvars: /* empty */ | toplevelvars toplevelvar ; toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@ -3236,7 +3236,7 @@ index c7b9169..bef15b5 100644
forwardstart contents_forward | pythonstart contents_py | forwardstart contents_forward | pythonstart contents_py |
rcstart contents_rc | dtstart contents_dt | viewstart contents_view | rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
dnscstart contents_dnsc | cachedbstart contents_cachedb | dnscstart contents_dnsc | cachedbstart contents_cachedb |
@@ -2710,6 +2711,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES @@ -2726,6 +2727,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES
free($2); free($2);
} }
; ;
@ -3288,7 +3288,7 @@ index c7b9169..bef15b5 100644
{ {
OUTYY(("\nP(python:)\n")); OUTYY(("\nP(python:)\n"));
diff --git a/util/data/msgencode.c b/util/data/msgencode.c diff --git a/util/data/msgencode.c b/util/data/msgencode.c
index 4c0a555..e51e9b8 100644 index 0be99c04..4056706e 100644
--- a/util/data/msgencode.c --- a/util/data/msgencode.c
+++ b/util/data/msgencode.c +++ b/util/data/msgencode.c
@@ -590,6 +590,35 @@ insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, @@ -590,6 +590,35 @@ insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs,
@ -3327,10 +3327,10 @@ index 4c0a555..e51e9b8 100644
/** store query section in wireformat buffer, return RETVAL */ /** store query section in wireformat buffer, return RETVAL */
static int static int
insert_query(struct query_info* qinfo, struct compress_tree_node** tree, insert_query(struct query_info* qinfo, struct compress_tree_node** tree,
@@ -753,6 +782,19 @@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, @@ -777,6 +806,19 @@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep,
return 0;
} }
sldns_buffer_write_u16_at(buffer, 10, arcount); sldns_buffer_write_u16_at(buffer, 10, arcount);
}
+#ifdef ENABLE_FASTRPZ +#ifdef ENABLE_FASTRPZ
+ } else if(rep->security == sec_status_rpz_rewritten) { + } else if(rep->security == sec_status_rpz_rewritten) {
+ /* Insert the RPZ SOA for rpz even with MINIMAL_RESPONSES */ + /* Insert the RPZ SOA for rpz even with MINIMAL_RESPONSES */
@ -3348,7 +3348,7 @@ index 4c0a555..e51e9b8 100644
sldns_buffer_flip(buffer); sldns_buffer_flip(buffer);
return 1; return 1;
diff --git a/util/data/packed_rrset.c b/util/data/packed_rrset.c diff --git a/util/data/packed_rrset.c b/util/data/packed_rrset.c
index 7b9d549..e44b2ce 100644 index 7b9d5494..e44b2ce5 100644
--- a/util/data/packed_rrset.c --- a/util/data/packed_rrset.c
+++ b/util/data/packed_rrset.c +++ b/util/data/packed_rrset.c
@@ -255,6 +255,10 @@ sec_status_to_string(enum sec_status s) @@ -255,6 +255,10 @@ sec_status_to_string(enum sec_status s)
@ -3363,7 +3363,7 @@ index 7b9d549..e44b2ce 100644
return "unknown_sec_status_value"; return "unknown_sec_status_value";
} }
diff --git a/util/data/packed_rrset.h b/util/data/packed_rrset.h diff --git a/util/data/packed_rrset.h b/util/data/packed_rrset.h
index 3a5335d..2011321 100644 index 3a5335dd..20113217 100644
--- a/util/data/packed_rrset.h --- a/util/data/packed_rrset.h
+++ b/util/data/packed_rrset.h +++ b/util/data/packed_rrset.h
@@ -193,7 +193,15 @@ enum sec_status { @@ -193,7 +193,15 @@ enum sec_status {
@ -3384,7 +3384,7 @@ index 3a5335d..2011321 100644
/** /**
diff --git a/util/netevent.c b/util/netevent.c diff --git a/util/netevent.c b/util/netevent.c
index b8b2a09..5ccc29a 100644 index 9e2ba92b..06ede4e6 100644
--- a/util/netevent.c --- a/util/netevent.c
+++ b/util/netevent.c +++ b/util/netevent.c
@@ -57,6 +57,9 @@ @@ -57,6 +57,9 @@
@ -3427,7 +3427,7 @@ index b8b2a09..5ccc29a 100644
if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for
another UDP port. Note rep.c cannot be reused with TCP fd. */ another UDP port. Note rep.c cannot be reused with TCP fd. */
break; break;
@@ -3142,6 +3154,9 @@ comm_point_send_reply(struct comm_reply *repinfo) @@ -3152,6 +3164,9 @@ comm_point_send_reply(struct comm_reply *repinfo)
repinfo->c->tcp_timeout_msec); repinfo->c->tcp_timeout_msec);
} }
} }
@ -3437,7 +3437,7 @@ index b8b2a09..5ccc29a 100644
} }
void void
@@ -3151,6 +3166,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) @@ -3161,6 +3176,9 @@ comm_point_drop_reply(struct comm_reply* repinfo)
return; return;
log_assert(repinfo && repinfo->c); log_assert(repinfo && repinfo->c);
log_assert(repinfo->c->type != comm_tcp_accept); log_assert(repinfo->c->type != comm_tcp_accept);
@ -3447,7 +3447,7 @@ index b8b2a09..5ccc29a 100644
if(repinfo->c->type == comm_udp) if(repinfo->c->type == comm_udp)
return; return;
if(repinfo->c->tcp_req_info) if(repinfo->c->tcp_req_info)
@@ -3172,6 +3190,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) @@ -3182,6 +3200,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec)
{ {
verbose(VERB_ALGO, "comm point start listening %d (%d msec)", verbose(VERB_ALGO, "comm point start listening %d (%d msec)",
c->fd==-1?newfd:c->fd, msec); c->fd==-1?newfd:c->fd, msec);
@ -3458,7 +3458,7 @@ index b8b2a09..5ccc29a 100644
/* no use to start listening no free slots. */ /* no use to start listening no free slots. */
return; return;
diff --git a/util/netevent.h b/util/netevent.h diff --git a/util/netevent.h b/util/netevent.h
index d80c72b..0233292 100644 index d80c72b3..0233292f 100644
--- a/util/netevent.h --- a/util/netevent.h
+++ b/util/netevent.h +++ b/util/netevent.h
@@ -120,6 +120,10 @@ struct comm_reply { @@ -120,6 +120,10 @@ struct comm_reply {
@ -3473,7 +3473,7 @@ index d80c72b..0233292 100644
uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; uint8_t client_nonce[crypto_box_HALF_NONCEBYTES];
uint8_t nmkey[crypto_box_BEFORENMBYTES]; uint8_t nmkey[crypto_box_BEFORENMBYTES];
diff --git a/validator/validator.c b/validator/validator.c diff --git a/validator/validator.c b/validator/validator.c
index fa8d541..5628ef0 100644 index fa8d5419..5628ef0b 100644
--- a/validator/validator.c --- a/validator/validator.c
+++ b/validator/validator.c +++ b/validator/validator.c
@@ -2755,6 +2755,12 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, @@ -2755,6 +2755,12 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,

1
doc/Changelog
View file

@ -7,6 +7,7 @@
valgrinds --expensive-definedness-checks=yes can stop this false valgrinds --expensive-definedness-checks=yes can stop this false
positive. positive.
- Please doxygen's parser for "@" occurrence in doxygen comment. - Please doxygen's parser for "@" occurrence in doxygen comment.
- Fixup contrib/fastrpz.patch
15 August 2019: Wouter 15 August 2019: Wouter
- iana portlist updated. - iana portlist updated.