diff --git a/config.h.in b/config.h.in index 246f06c2f..f2dc8c8b9 100644 --- a/config.h.in +++ b/config.h.in @@ -378,6 +378,9 @@ /* Define if we have LibreSSL */ #undef HAVE_LIBRESSL +/* If we have atomic_store */ +#undef HAVE_LINK_ATOMIC_STORE + /* Define to 1 if you have the header file. */ #undef HAVE_LINUX_NET_TSTAMP_H diff --git a/configure b/configure index 2225dba1f..0b78d97b1 100755 --- a/configure +++ b/configure @@ -23530,6 +23530,48 @@ if echo $host_os | grep darwin8 > /dev/null; then printf "%s\n" "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for atomic_store" >&5 +printf %s "checking for atomic_store... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +#ifdef HAVE_STDATOMIC_H +#include +#endif + +int +main (void) +{ + + int newvar = 5, var = 0; + atomic_store((_Atomic int*)&var, newvar); + newvar = 0; + /* condition to use the variables. */ + if(var == newvar) return 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define HAVE_LINK_ATOMIC_STORE 1" >>confdefs.h + + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + ac_fn_check_decl "$LINENO" "inet_pton" "ac_cv_have_decl_inet_pton" " $ac_includes_default #ifdef HAVE_NETINET_IN_H diff --git a/configure.ac b/configure.ac index 2383934f8..76239c099 100644 --- a/configure.ac +++ b/configure.ac @@ -1818,6 +1818,25 @@ AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])]) if echo $host_os | grep darwin8 > /dev/null; then AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work]) fi + +AC_MSG_CHECKING([for atomic_store]) +AC_LINK_IFELSE([AC_LANG_PROGRAM(AC_INCLUDES_DEFAULT [[ +#ifdef HAVE_STDATOMIC_H +#include +#endif +]], [[ + int newvar = 5, var = 0; + atomic_store((_Atomic int*)&var, newvar); + newvar = 0; + /* condition to use the variables. */ + if(var == newvar) return 1; +]])], [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_LINK_ATOMIC_STORE, 1, [If we have atomic_store]) +], [ + AC_MSG_RESULT([no]) +]) + AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [ AC_INCLUDES_DEFAULT #ifdef HAVE_NETINET_IN_H diff --git a/daemon/remote.c b/daemon/remote.c index ea6f3d809..89134efc9 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -4264,7 +4264,10 @@ fr_read_config(struct fast_reload_thread* fr, struct config_file** newcfg) if(!config_read(*newcfg, fr->worker->daemon->cfgfile, fr->worker->daemon->chroot)) { config_delete(*newcfg); - if(!fr_output_printf(fr, "config_read %s failed: %s\n", + if(!fr_output_printf(fr, "config_read %s%s%s%s failed: %s\n", + (fr->worker->daemon->chroot?"worker->daemon->chroot?fr->worker->daemon->chroot:""), + (fr->worker->daemon->chroot?"> ":""), fr->worker->daemon->cfgfile, strerror(errno))) return 0; fr_send_notification(fr, fast_reload_notification_printout); @@ -4273,7 +4276,10 @@ fr_read_config(struct fast_reload_thread* fr, struct config_file** newcfg) if(fr_poll_for_quit(fr)) return 1; if(fr->fr_verb >= 1) { - if(!fr_output_printf(fr, "done read config file %s\n", + if(!fr_output_printf(fr, "done read config file %s%s%s%s\n", + (fr->worker->daemon->chroot?"worker->daemon->chroot?fr->worker->daemon->chroot:""), + (fr->worker->daemon->chroot?"> ":""), fr->worker->daemon->cfgfile)) return 0; fr_send_notification(fr, fast_reload_notification_printout); @@ -5446,7 +5452,7 @@ auth_zones_swap(struct auth_zones* az, struct auth_zones* data) * the xfer elements can continue to be their callbacks. */ } -#ifdef ATOMIC_POINTER_LOCK_FREE +#if defined(ATOMIC_POINTER_LOCK_FREE) && defined(HAVE_LINK_ATOMIC_STORE) /** Fast reload thread, if atomics are available, copy the config items * one by one with atomic store operations. */ static void @@ -5815,7 +5821,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg, #endif COPY_VAR_int(ede); } -#endif /* ATOMIC_POINTER_LOCK_FREE */ +#endif /* ATOMIC_POINTER_LOCK_FREE && HAVE_LINK_ATOMIC_STORE */ /** fast reload thread, adjust the cache sizes */ static void @@ -5993,7 +5999,7 @@ fr_reload_config(struct fast_reload_thread* fr, struct config_file* newcfg, lock_basic_lock(&env->anchors->lock); } -#ifdef ATOMIC_POINTER_LOCK_FREE +#if defined(ATOMIC_POINTER_LOCK_FREE) && defined(HAVE_LINK_ATOMIC_STORE) if(fr->fr_nopause) { fr_atomic_copy_cfg(ct->oldcfg, env->cfg, newcfg); } else { @@ -6002,7 +6008,7 @@ fr_reload_config(struct fast_reload_thread* fr, struct config_file* newcfg, *ct->oldcfg = *env->cfg; /* Insert new config elements. */ *env->cfg = *newcfg; -#ifdef ATOMIC_POINTER_LOCK_FREE +#if defined(ATOMIC_POINTER_LOCK_FREE) && defined(HAVE_LINK_ATOMIC_STORE) } #endif @@ -6011,7 +6017,7 @@ fr_reload_config(struct fast_reload_thread* fr, struct config_file* newcfg, log_ident_set_or_default(env->cfg->log_identity); } /* the newcfg elements are in env->cfg, so should not be freed here. */ -#ifdef ATOMIC_POINTER_LOCK_FREE +#if defined(ATOMIC_POINTER_LOCK_FREE) && defined(HAVE_LINK_ATOMIC_STORE) /* if used, the routine that copies the config has zeroed items. */ if(!fr->fr_nopause) #endif diff --git a/daemon/worker.c b/daemon/worker.c index 54ba2d76c..ead20938e 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -2055,13 +2055,13 @@ send_reply_rc: &repinfo->client_addr, repinfo->client_addrlen, tv, 1, c->buffer, (worker->env.cfg->log_destaddr?(void*)repinfo->c->socket->addr:NULL), - c->type); + c->type, c->ssl); } else { log_reply_info(NO_VERBOSE, &qinfo, &repinfo->client_addr, repinfo->client_addrlen, tv, 1, c->buffer, (worker->env.cfg->log_destaddr?(void*)repinfo->c->socket->addr:NULL), - c->type); + c->type, c->ssl); } } #ifdef USE_DNSCRYPT diff --git a/doc/Changelog b/doc/Changelog index 488b107c0..56634766a 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -8,11 +8,16 @@ 11 April 2025: Yorgos - Merge #1265: Fix WSAPoll. +10 April 2025: Wouter + - Fix for print of connection type in log-replies for dot and doh. + 9 April 2025: Wouter + - Fix to detect if atomic_store links in configure. - Fix #1264: unbound 1.22.0 leaks memory when doing DoH. 8 April 2025: Wouter - Tag for 1.23.0rc1. + - Fix fast_reload to print chroot with config file name. 7 April 2025: Yorgos - Merge #902: DNS Error Reporting (RFC 9567). Introduces new diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index 8f0d125a7..8adaf7d6d 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -77,32 +77,85 @@ values and new ones while trying to fast_reload. Zones loaded from disk (authority zones and RPZ zones) are included in such memory needs. .IP -Not all options are changed, but it changes like forwards, stubs and -local zones. Also access-control and interface-action and similar options, -also tcp-connection-limits, views. It can reload some define-tag changes. -It does not work with interface, outgoing-interface changes, also not with -remote-control, outgoing-port-permit, outgoing-port-avoid, msg-buffer-size, -slabs options and statistics-interval changes. +Options that can be changed are for +forwards, +stubs, +views, +authority zones, +RPZ zones and +local zones. .IP -The fast reload also works on the options: insecure-lan-zones, domain-insecure, -trust-anchor-file, trust-anchor, trusted-key-file, auto-trust-anchor-file, -auth-zone and its options, rpz and its options, edns-strings, respip_set, -view and its options, access-control options, tcp-connection-limit, -log-identity, infra-cache-numhosts, msg-cache-size, rrset-cache-size, -key-cache-size, ratelimit-size, neg-cache-size, num-queries-per-thread, -jostle-timeout, use-caps-for-id, unwanted-reply-threshold, tls-use-sni, -outgoing-tcp-mss, ip-dscp, max-reuse-tcp-queries, tcp-reuse-timeout, -tcp-auth-query-timeout, delay-close. +Also +access-control and similar options, +interface-action and similar options and +tcp-connection-limit. +It can reload some +define-tag +changes, more on that below. +Further options include +insecure-lan-zones, +domain-insecure, +trust-anchor-file, +trust-anchor, +trusted-keys-file, +auto-trust-anchor-file, +edns-client-string, +ipset, +log-identity, +infra-cache-numhosts, +msg-cache-size, +rrset-cache-size, +key-cache-size, +ratelimit-size, +neg-cache-size, +num-queries-per-thread, +jostle-timeout, +use-caps-for-id, +unwanted-reply-threshold, +tls-use-sni, +outgoing-tcp-mss, +ip-dscp, +max-reuse-tcp-queries, +tcp-reuse-timeout, +tcp-auth-query-timeout, +delay-close. .IP -For dnstap, the options can be changed: dnstap-log-resolver-query-messages, -dnstap-log-resolver-response-messages, dnstap-log-client-query-messages, -dnstap-log-client-response-messages, dnstap-log-forwarder-query-messages -and dnstap-log-forwarder-response-messages. It does not work with -these options: dnstap-enable, dnstap-bidirectional, dnstap-socket-path, -dnstap-ip, dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle, -dnstap-tls-client-key-file and dnstap-tls-client-cert-file. The options -dnstap-send-identity, dnstap-send-version, dnstap-identity, and -dnstap-version can be loaded when '+p' is not used. +It does not work with +interface and +outgoing-interface changes, +also not with +remote control, +outgoing-port-permit, +outgoing-port-avoid, +msg-buffer-size, +any **\*-slabs** options and +statistics-interval changes. +.IP +For dnstap these options can be changed: +dnstap-log-resolver-query-messages, +dnstap-log-resolver-response-messages, +dnstap-log-client-query-messages, +dnstap-log-client-response-messages, +dnstap-log-forwarder-query-messages and +dnstap-log-forwarder-response-messages. +.IP +It does not work with these options: +dnstap-enable, +dnstap-bidirectional, +dnstap-socket-path, +dnstap-ip, +dnstap-tls, +dnstap-tls-server-name, +dnstap-tls-cert-bundle, +dnstap-tls-client-key-file and +dnstap-tls-client-cert-file. +.IP +The options +dnstap-send-identity, +dnstap-send-version, +dnstap-identity, and +dnstap-version can be loaded +when ``+p`` is not used. .IP The '+v' option makes the output verbose which includes the time it took to do the reload. @@ -128,7 +181,7 @@ worker thread. .IP With the nopause option, the reload does not work to reload some options, that fast reload works on without the nopause option: val-bogus-ttl, -val-date-override, val-sig-key-min, val-sig-skew-max, val-max-restart, +val-override-date, val-sig-skew-min, val-sig-skew-max, val-max-restart, val-nsec3-keysize-iterations, target-fetch-policy, outbound-msg-retry, max-sent-count, max-query-restarts, do-not-query-address, do-not-query-localhost, private-address, private-domain, caps-exempt, @@ -142,7 +195,7 @@ so that users keep getting answers for those queries that are currently processed. The drop makes it so that queries during the life time of the query processing see only old, or only new config options. .IP -When there are changes to the config tags, from \fBdefine\-tag\fR config, +When there are changes to the config tags, from the \fBdefine\-tag\fR option, then the '+d' option is implicitly turned on with a warning printout, and queries are dropped. This is to stop references to the old tag information, by the old diff --git a/services/mesh.c b/services/mesh.c index 1d19e7c7d..8a52fe4a6 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -1579,7 +1579,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, &r->query_reply.client_addr, r->query_reply.client_addrlen, duration, 0, r_buffer, (m->s.env->cfg->log_destaddr?(void*)r->query_reply.c->socket->addr:NULL), - r->query_reply.c->type); + r->query_reply.c->type, r->query_reply.c->ssl); } } diff --git a/util/data/msgreply.c b/util/data/msgreply.c index 530eee701..e98dce133 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -965,7 +965,7 @@ void log_reply_info(enum verbosity_value v, struct query_info *qinf, struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur, int cached, struct sldns_buffer *rmsg, struct sockaddr_storage* daddr, - enum comm_point_type tp) + enum comm_point_type tp, void* ssl) { char clientip_buf[128]; char rcode_buf[16]; @@ -1000,9 +1000,9 @@ log_reply_info(enum verbosity_value v, struct query_info *qinf, (int)daddr->ss_family); } comm = "udp"; - if(tp == comm_tcp) comm = "tcp"; - else if(tp == comm_tcp_accept) comm = "tcp"; - else if(tp == comm_http) comm = "dot"; + if(tp == comm_tcp) comm = (ssl?"dot":"tcp"); + else if(tp == comm_tcp_accept) comm = (ssl?"dot":"tcp"); + else if(tp == comm_http) comm = "doh"; else if(tp == comm_local) comm = "unix"; else if(tp == comm_raw) comm = "raw"; snprintf(dest_buf, sizeof(dest_buf), " on %s %s %d", diff --git a/util/data/msgreply.h b/util/data/msgreply.h index d1c2bfa4b..9c701f07d 100644 --- a/util/data/msgreply.h +++ b/util/data/msgreply.h @@ -554,11 +554,13 @@ void log_dns_msg(const char* str, struct query_info* qinfo, * @param rmsg: sldns buffer packet. * @param daddr: if not NULL, the destination address and port are logged. * @param tp: type of the comm point for logging destination connection type. + * @param ssl: the SSL pointer of the connection, to see if the connection + * type is tcp or dot. */ void log_reply_info(enum verbosity_value v, struct query_info *qinf, struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur, int cached, struct sldns_buffer *rmsg, struct sockaddr_storage* daddr, - enum comm_point_type tp); + enum comm_point_type tp, void* ssl); /** * Print string with neat domain name, type, class from query info.