mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- contrib/fastrpz.patch updated to apply for current code.
This commit is contained in:
W.C.A. Wijngaards
parent
5ac9bf3f9b
commit
d4c904d091
2 changed files with 23 additions and 22 deletions
|
|
@ -2,7 +2,7 @@ Description: based on the included patch contrib/fastrpz.patch
|
||||||
Author: fastrpz@farsightsecurity.com
|
Author: fastrpz@farsightsecurity.com
|
||||||
---
|
---
|
||||||
diff --git a/Makefile.in b/Makefile.in
|
diff --git a/Makefile.in b/Makefile.in
|
||||||
index e9042712..870d503b 100644
|
index 9660c49a..8b078201 100644
|
||||||
--- a/Makefile.in
|
--- a/Makefile.in
|
||||||
+++ b/Makefile.in
|
+++ b/Makefile.in
|
||||||
@@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c
|
@@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c
|
||||||
|
|
@ -45,10 +45,10 @@ index e9042712..870d503b 100644
|
||||||
pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \
|
pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \
|
||||||
pythonmod/interface.h \
|
pythonmod/interface.h \
|
||||||
diff --git a/config.h.in b/config.h.in
|
diff --git a/config.h.in b/config.h.in
|
||||||
index 1bfe4426..0136421d 100644
|
index d8ec50a6..bf6dc973 100644
|
||||||
--- a/config.h.in
|
--- a/config.h.in
|
||||||
+++ b/config.h.in
|
+++ b/config.h.in
|
||||||
@@ -1315,4 +1315,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
|
@@ -1319,4 +1319,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
|
||||||
/** the version of unbound-control that this software implements */
|
/** the version of unbound-control that this software implements */
|
||||||
#define UNBOUND_CONTROL_VERSION 1
|
#define UNBOUND_CONTROL_VERSION 1
|
||||||
|
|
||||||
|
|
@ -62,7 +62,7 @@ index 1bfe4426..0136421d 100644
|
||||||
+/** turn on fastrpz response policy zones */
|
+/** turn on fastrpz response policy zones */
|
||||||
+#undef ENABLE_FASTRPZ
|
+#undef ENABLE_FASTRPZ
|
||||||
diff --git a/configure.ac b/configure.ac
|
diff --git a/configure.ac b/configure.ac
|
||||||
index 811ad007..a8346f11 100644
|
index d8a1ac95..4f1106a0 100644
|
||||||
--- a/configure.ac
|
--- a/configure.ac
|
||||||
+++ b/configure.ac
|
+++ b/configure.ac
|
||||||
@@ -6,6 +6,7 @@ sinclude(ax_pthread.m4)
|
@@ -6,6 +6,7 @@ sinclude(ax_pthread.m4)
|
||||||
|
|
@ -73,7 +73,7 @@ index 811ad007..a8346f11 100644
|
||||||
sinclude(dnscrypt/dnscrypt.m4)
|
sinclude(dnscrypt/dnscrypt.m4)
|
||||||
|
|
||||||
# must be numbers. ac_defun because of later processing
|
# must be numbers. ac_defun because of later processing
|
||||||
@@ -1649,6 +1650,9 @@ case "$enable_ipset" in
|
@@ -1684,6 +1685,9 @@ case "$enable_ipset" in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
@ -84,7 +84,7 @@ index 811ad007..a8346f11 100644
|
||||||
# on openBSD, the implicit rule make $< work.
|
# on openBSD, the implicit rule make $< work.
|
||||||
# on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
|
# on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
|
||||||
diff --git a/daemon/daemon.c b/daemon/daemon.c
|
diff --git a/daemon/daemon.c b/daemon/daemon.c
|
||||||
index 96cc443e..d08b2e56 100644
|
index e09138cb..efad0532 100644
|
||||||
--- a/daemon/daemon.c
|
--- a/daemon/daemon.c
|
||||||
+++ b/daemon/daemon.c
|
+++ b/daemon/daemon.c
|
||||||
@@ -91,6 +91,9 @@
|
@@ -91,6 +91,9 @@
|
||||||
|
|
@ -267,7 +267,7 @@ index 263fcddf..e6bc84bd 100644
|
||||||
}
|
}
|
||||||
verbose(VERB_ALGO, "answer norec from cache -- "
|
verbose(VERB_ALGO, "answer norec from cache -- "
|
||||||
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
|
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
|
||||||
index b1d8c790..10c0aa58 100644
|
index 4bdfcd56..69e70627 100644
|
||||||
--- a/doc/unbound.conf.5.in
|
--- a/doc/unbound.conf.5.in
|
||||||
+++ b/doc/unbound.conf.5.in
|
+++ b/doc/unbound.conf.5.in
|
||||||
@@ -1801,6 +1801,81 @@ List domain for which the AAAA records are ignored and the A record is
|
@@ -1801,6 +1801,81 @@ List domain for which the AAAA records are ignored and the A record is
|
||||||
|
|
@ -2888,7 +2888,7 @@ index 00000000..21235355
|
||||||
+ fi
|
+ fi
|
||||||
+])
|
+])
|
||||||
diff --git a/iterator/iterator.c b/iterator/iterator.c
|
diff --git a/iterator/iterator.c b/iterator/iterator.c
|
||||||
index c906c271..55bf2180 100644
|
index 1e0113a8..2fcbf547 100644
|
||||||
--- a/iterator/iterator.c
|
--- a/iterator/iterator.c
|
||||||
+++ b/iterator/iterator.c
|
+++ b/iterator/iterator.c
|
||||||
@@ -68,6 +68,9 @@
|
@@ -68,6 +68,9 @@
|
||||||
|
|
@ -2901,7 +2901,7 @@ index c906c271..55bf2180 100644
|
||||||
|
|
||||||
/* in msec */
|
/* in msec */
|
||||||
int UNKNOWN_SERVER_NICENESS = 376;
|
int UNKNOWN_SERVER_NICENESS = 376;
|
||||||
@@ -551,6 +554,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
|
@@ -555,6 +558,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||||
if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME &&
|
if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME &&
|
||||||
query_dname_compare(*mname, r->rk.dname) == 0 &&
|
query_dname_compare(*mname, r->rk.dname) == 0 &&
|
||||||
!iter_find_rrset_in_prepend_answer(iq, r)) {
|
!iter_find_rrset_in_prepend_answer(iq, r)) {
|
||||||
|
|
@ -2925,7 +2925,7 @@ index c906c271..55bf2180 100644
|
||||||
/* Add this relevant CNAME rrset to the prepend list.*/
|
/* Add this relevant CNAME rrset to the prepend list.*/
|
||||||
if(!iter_add_prepend_answer(qstate, iq, r))
|
if(!iter_add_prepend_answer(qstate, iq, r))
|
||||||
return 0;
|
return 0;
|
||||||
@@ -559,6 +579,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
|
@@ -563,6 +583,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||||
|
|
||||||
/* Other rrsets in the section are ignored. */
|
/* Other rrsets in the section are ignored. */
|
||||||
}
|
}
|
||||||
|
|
@ -2935,7 +2935,7 @@ index c906c271..55bf2180 100644
|
||||||
/* add authority rrsets to authority prepend, for wildcarded CNAMEs */
|
/* add authority rrsets to authority prepend, for wildcarded CNAMEs */
|
||||||
for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets +
|
for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets +
|
||||||
msg->rep->ns_numrrsets; i++) {
|
msg->rep->ns_numrrsets; i++) {
|
||||||
@@ -1195,6 +1218,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
@@ -1199,6 +1222,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||||
uint8_t* delname;
|
uint8_t* delname;
|
||||||
size_t delnamelen;
|
size_t delnamelen;
|
||||||
struct dns_msg* msg = NULL;
|
struct dns_msg* msg = NULL;
|
||||||
|
|
@ -2943,7 +2943,7 @@ index c906c271..55bf2180 100644
|
||||||
|
|
||||||
log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo);
|
log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo);
|
||||||
/* check effort */
|
/* check effort */
|
||||||
@@ -1281,8 +1305,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
@@ -1285,8 +1309,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||||
}
|
}
|
||||||
if(msg) {
|
if(msg) {
|
||||||
/* handle positive cache response */
|
/* handle positive cache response */
|
||||||
|
|
@ -2953,7 +2953,7 @@ index c906c271..55bf2180 100644
|
||||||
if(verbosity >= VERB_ALGO) {
|
if(verbosity >= VERB_ALGO) {
|
||||||
log_dns_msg("msg from cache lookup", &msg->qinfo,
|
log_dns_msg("msg from cache lookup", &msg->qinfo,
|
||||||
msg->rep);
|
msg->rep);
|
||||||
@@ -1290,7 +1313,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
@@ -1294,7 +1317,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||||
(int)msg->rep->ttl,
|
(int)msg->rep->ttl,
|
||||||
(int)msg->rep->prefetch_ttl);
|
(int)msg->rep->prefetch_ttl);
|
||||||
}
|
}
|
||||||
|
|
@ -2976,7 +2976,7 @@ index c906c271..55bf2180 100644
|
||||||
if(type == RESPONSE_TYPE_CNAME) {
|
if(type == RESPONSE_TYPE_CNAME) {
|
||||||
uint8_t* sname = 0;
|
uint8_t* sname = 0;
|
||||||
size_t slen = 0;
|
size_t slen = 0;
|
||||||
@@ -2714,6 +2752,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
@@ -2718,6 +2756,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||||
sock_list_insert(&qstate->reply_origin,
|
sock_list_insert(&qstate->reply_origin,
|
||||||
&qstate->reply->addr, qstate->reply->addrlen,
|
&qstate->reply->addr, qstate->reply->addrlen,
|
||||||
qstate->region);
|
qstate->region);
|
||||||
|
|
@ -3039,7 +3039,7 @@ index c906c271..55bf2180 100644
|
||||||
if(iq->minimisation_state != DONOT_MINIMISE_STATE
|
if(iq->minimisation_state != DONOT_MINIMISE_STATE
|
||||||
&& !(iq->chase_flags & BIT_RD)) {
|
&& !(iq->chase_flags & BIT_RD)) {
|
||||||
if(FLAGS_GET_RCODE(iq->response->rep->flags) !=
|
if(FLAGS_GET_RCODE(iq->response->rep->flags) !=
|
||||||
@@ -3467,12 +3561,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
|
@@ -3471,12 +3565,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||||
* but only if we did recursion. The nonrecursion referral
|
* but only if we did recursion. The nonrecursion referral
|
||||||
* from cache does not need to be stored in the msg cache. */
|
* from cache does not need to be stored in the msg cache. */
|
||||||
if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) {
|
if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) {
|
||||||
|
|
@ -3201,10 +3201,10 @@ index b3ef930a..56173b80 100644
|
||||||
int ip_ratelimit;
|
int ip_ratelimit;
|
||||||
/** number of slabs for ip_ratelimit cache */
|
/** number of slabs for ip_ratelimit cache */
|
||||||
diff --git a/util/configlexer.lex b/util/configlexer.lex
|
diff --git a/util/configlexer.lex b/util/configlexer.lex
|
||||||
index 7a972908..2d03ffc7 100644
|
index a86ddf55..b56bcfb4 100644
|
||||||
--- a/util/configlexer.lex
|
--- a/util/configlexer.lex
|
||||||
+++ b/util/configlexer.lex
|
+++ b/util/configlexer.lex
|
||||||
@@ -439,6 +439,10 @@ dnstap-log-forwarder-query-messages{COLON} {
|
@@ -438,6 +438,10 @@ dnstap-log-forwarder-query-messages{COLON} {
|
||||||
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) }
|
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) }
|
||||||
dnstap-log-forwarder-response-messages{COLON} {
|
dnstap-log-forwarder-response-messages{COLON} {
|
||||||
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) }
|
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) }
|
||||||
|
|
@ -3216,7 +3216,7 @@ index 7a972908..2d03ffc7 100644
|
||||||
ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) }
|
ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) }
|
||||||
ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) }
|
ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) }
|
||||||
diff --git a/util/configparser.y b/util/configparser.y
|
diff --git a/util/configparser.y b/util/configparser.y
|
||||||
index 10227a2f..a519fcc7 100644
|
index 10227a2f..cdbcf7cd 100644
|
||||||
--- a/util/configparser.y
|
--- a/util/configparser.y
|
||||||
+++ b/util/configparser.y
|
+++ b/util/configparser.y
|
||||||
@@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser;
|
@@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser;
|
||||||
|
|
@ -3384,7 +3384,7 @@ index 3a5335dd..20113217 100644
|
||||||
|
|
||||||
/**
|
/**
|
||||||
diff --git a/util/netevent.c b/util/netevent.c
|
diff --git a/util/netevent.c b/util/netevent.c
|
||||||
index 9e2ba92b..06ede4e6 100644
|
index c54c570f..c45699d5 100644
|
||||||
--- a/util/netevent.c
|
--- a/util/netevent.c
|
||||||
+++ b/util/netevent.c
|
+++ b/util/netevent.c
|
||||||
@@ -57,6 +57,9 @@
|
@@ -57,6 +57,9 @@
|
||||||
|
|
@ -3427,7 +3427,7 @@ index 9e2ba92b..06ede4e6 100644
|
||||||
if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for
|
if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for
|
||||||
another UDP port. Note rep.c cannot be reused with TCP fd. */
|
another UDP port. Note rep.c cannot be reused with TCP fd. */
|
||||||
break;
|
break;
|
||||||
@@ -3152,6 +3164,9 @@ comm_point_send_reply(struct comm_reply *repinfo)
|
@@ -3184,6 +3196,9 @@ comm_point_send_reply(struct comm_reply *repinfo)
|
||||||
repinfo->c->tcp_timeout_msec);
|
repinfo->c->tcp_timeout_msec);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -3437,7 +3437,7 @@ index 9e2ba92b..06ede4e6 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
@@ -3161,6 +3176,9 @@ comm_point_drop_reply(struct comm_reply* repinfo)
|
@@ -3193,6 +3208,9 @@ comm_point_drop_reply(struct comm_reply* repinfo)
|
||||||
return;
|
return;
|
||||||
log_assert(repinfo && repinfo->c);
|
log_assert(repinfo && repinfo->c);
|
||||||
log_assert(repinfo->c->type != comm_tcp_accept);
|
log_assert(repinfo->c->type != comm_tcp_accept);
|
||||||
|
|
@ -3447,7 +3447,7 @@ index 9e2ba92b..06ede4e6 100644
|
||||||
if(repinfo->c->type == comm_udp)
|
if(repinfo->c->type == comm_udp)
|
||||||
return;
|
return;
|
||||||
if(repinfo->c->tcp_req_info)
|
if(repinfo->c->tcp_req_info)
|
||||||
@@ -3182,6 +3200,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec)
|
@@ -3214,6 +3232,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec)
|
||||||
{
|
{
|
||||||
verbose(VERB_ALGO, "comm point start listening %d (%d msec)",
|
verbose(VERB_ALGO, "comm point start listening %d (%d msec)",
|
||||||
c->fd==-1?newfd:c->fd, msec);
|
c->fd==-1?newfd:c->fd, msec);
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
13 November 2019: Wouter
|
13 November 2019: Wouter
|
||||||
- iana portlist updated.
|
- iana portlist updated.
|
||||||
|
- contrib/fastrpz.patch updated to apply for current code.
|
||||||
|
|
||||||
11 November 2019: Wouter
|
11 November 2019: Wouter
|
||||||
- Fix #109: check number of arguments for stdin-pipes in
|
- Fix #109: check number of arguments for stdin-pipes in
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue