Merge branch 'branch-1.23.0'

2025-12-20 23:00:56 -05:00 · 2025-04-24 10:14:02 +02:00 · 2025-04-24 10:14:02 +02:00 · db53ebb798
commit db53ebb798
parent fe835f9d52 30c13d0351
10 changed files with 171 additions and 41 deletions
--- a/config.h.in
+++ b/config.h.in
@ -378,6 +378,9 @@
 /* Define if we have LibreSSL */
 #undef HAVE_LIBRESSL

+/* If we have atomic_store */
+#undef HAVE_LINK_ATOMIC_STORE
+
 /* Define to 1 if you have the <linux/net_tstamp.h> header file. */
 #undef HAVE_LINUX_NET_TSTAMP_H

--- a/42
+++ b/42
@ -23530,6 +23530,48 @@ if echo $host_os | grep darwin8 > /dev/null; then
 printf "%s\n" "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h

 fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for atomic_store" >&5
+printf %s "checking for atomic_store... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+#ifdef HAVE_STDATOMIC_H
+#include <stdatomic.h>
+#endif
+
+int
+main (void)
+{
+
+	int newvar = 5, var = 0;
+	atomic_store((_Atomic int*)&var, newvar);
+	newvar = 0;
+	/* condition to use the variables. */
+	if(var == newvar) return 1;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+
+printf "%s\n" "#define HAVE_LINK_ATOMIC_STORE 1" >>confdefs.h
+
+
+else $as_nop
+
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+
 ac_fn_check_decl "$LINENO" "inet_pton" "ac_cv_have_decl_inet_pton" "
 $ac_includes_default
 #ifdef HAVE_NETINET_IN_H
--- a/configure.ac
+++ b/configure.ac
@ -1818,6 +1818,25 @@ AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
 if echo $host_os | grep darwin8 > /dev/null; then
 	AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work])
 fi
+
+AC_MSG_CHECKING([for atomic_store])
+AC_LINK_IFELSE([AC_LANG_PROGRAM(AC_INCLUDES_DEFAULT [[
+#ifdef HAVE_STDATOMIC_H
+#include <stdatomic.h>
+#endif
+]], [[
+	int newvar = 5, var = 0;
+	atomic_store((_Atomic int*)&var, newvar);
+	newvar = 0;
+	/* condition to use the variables. */
+	if(var == newvar) return 1;
+]])], [
+	AC_MSG_RESULT(yes)
+	AC_DEFINE(HAVE_LINK_ATOMIC_STORE, 1, [If we have atomic_store])
+], [
+	AC_MSG_RESULT([no])
+])
+
 AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [
 AC_INCLUDES_DEFAULT
 #ifdef HAVE_NETINET_IN_H
--- a/daemon/remote.c
+++ b/daemon/remote.c
@ -4264,7 +4264,10 @@ fr_read_config(struct fast_reload_thread* fr, struct config_file** newcfg)
 	if(!config_read(*newcfg, fr->worker->daemon->cfgfile,
 		fr->worker->daemon->chroot)) {
 		config_delete(*newcfg);
-		if(!fr_output_printf(fr, "config_read %s failed: %s\n",
+		if(!fr_output_printf(fr, "config_read %s%s%s%s failed: %s\n",
+			(fr->worker->daemon->chroot?"<chroot:":""),
+			(fr->worker->daemon->chroot?fr->worker->daemon->chroot:""),
+			(fr->worker->daemon->chroot?"> ":""),
 			fr->worker->daemon->cfgfile, strerror(errno)))
 			return 0;
 		fr_send_notification(fr, fast_reload_notification_printout);
@ -4273,7 +4276,10 @@ fr_read_config(struct fast_reload_thread* fr, struct config_file** newcfg)
 	if(fr_poll_for_quit(fr))
 		return 1;
 	if(fr->fr_verb >= 1) {
-		if(!fr_output_printf(fr, "done read config file %s\n",
+		if(!fr_output_printf(fr, "done read config file %s%s%s%s\n",
+			(fr->worker->daemon->chroot?"<chroot:":""),
+			(fr->worker->daemon->chroot?fr->worker->daemon->chroot:""),
+			(fr->worker->daemon->chroot?"> ":""),
 			fr->worker->daemon->cfgfile))
 			return 0;
 		fr_send_notification(fr, fast_reload_notification_printout);
@ -5446,7 +5452,7 @@ auth_zones_swap(struct auth_zones* az, struct auth_zones* data)
 	 * the xfer elements can continue to be their callbacks. */
 }

-#ifdef ATOMIC_POINTER_LOCK_FREE
+#if defined(ATOMIC_POINTER_LOCK_FREE) && defined(HAVE_LINK_ATOMIC_STORE)
 /** Fast reload thread, if atomics are available, copy the config items
 * one by one with atomic store operations. */
 static void
@ -5815,7 +5821,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg,
 #endif
 	COPY_VAR_int(ede);
 }
-#endif /* ATOMIC_POINTER_LOCK_FREE */
+#endif /* ATOMIC_POINTER_LOCK_FREE && HAVE_LINK_ATOMIC_STORE */

 /** fast reload thread, adjust the cache sizes */
 static void
@ -5993,7 +5999,7 @@ fr_reload_config(struct fast_reload_thread* fr, struct config_file* newcfg,
 		lock_basic_lock(&env->anchors->lock);
 	}

-#ifdef ATOMIC_POINTER_LOCK_FREE
+#if defined(ATOMIC_POINTER_LOCK_FREE) && defined(HAVE_LINK_ATOMIC_STORE)
 	if(fr->fr_nopause) {
 		fr_atomic_copy_cfg(ct->oldcfg, env->cfg, newcfg);
 	} else {
@ -6002,7 +6008,7 @@ fr_reload_config(struct fast_reload_thread* fr, struct config_file* newcfg,
 		*ct->oldcfg = *env->cfg;
 		/* Insert new config elements. */
 		*env->cfg = *newcfg;
-#ifdef ATOMIC_POINTER_LOCK_FREE
+#if defined(ATOMIC_POINTER_LOCK_FREE) && defined(HAVE_LINK_ATOMIC_STORE)
 	}
 #endif

@ -6011,7 +6017,7 @@ fr_reload_config(struct fast_reload_thread* fr, struct config_file* newcfg,
 		log_ident_set_or_default(env->cfg->log_identity);
 	}
 	/* the newcfg elements are in env->cfg, so should not be freed here. */
-#ifdef ATOMIC_POINTER_LOCK_FREE
+#if defined(ATOMIC_POINTER_LOCK_FREE) && defined(HAVE_LINK_ATOMIC_STORE)
 	/* if used, the routine that copies the config has zeroed items. */
 	if(!fr->fr_nopause)
 #endif
--- a/daemon/worker.c
+++ b/daemon/worker.c
@ -2055,13 +2055,13 @@ send_reply_rc:
 				&repinfo->client_addr, repinfo->client_addrlen,
 				tv, 1, c->buffer,
 				(worker->env.cfg->log_destaddr?(void*)repinfo->c->socket->addr:NULL),
-				c->type);
+				c->type, c->ssl);
 		} else {
 			log_reply_info(NO_VERBOSE, &qinfo,
 				&repinfo->client_addr, repinfo->client_addrlen,
 				tv, 1, c->buffer,
 				(worker->env.cfg->log_destaddr?(void*)repinfo->c->socket->addr:NULL),
-				c->type);
+				c->type, c->ssl);
 		}
 	}
 #ifdef USE_DNSCRYPT
--- a/doc/Changelog
+++ b/doc/Changelog
@ -8,11 +8,16 @@
 11 April 2025: Yorgos
 	- Merge #1265: Fix WSAPoll.

+10 April 2025: Wouter
+	- Fix for print of connection type in log-replies for dot and doh.
+
 9 April 2025: Wouter
+	- Fix to detect if atomic_store links in configure.
 	- Fix #1264: unbound 1.22.0 leaks memory when doing DoH.

 8 April 2025: Wouter
 	- Tag for 1.23.0rc1.
+	- Fix fast_reload to print chroot with config file name.

 7 April 2025: Yorgos
 	- Merge #902: DNS Error Reporting (RFC 9567). Introduces new
--- a/doc/unbound-control.8.in
+++ b/doc/unbound-control.8.in
@ -77,32 +77,85 @@ values and new ones while trying to fast_reload.
 Zones loaded from disk (authority zones and RPZ zones) are included in such
 memory needs.
 .IP
-Not all options are changed, but it changes like forwards, stubs and
-local zones. Also access-control and interface-action and similar options,
-also tcp-connection-limits, views. It can reload some define-tag changes.
-It does not work with interface, outgoing-interface changes, also not with
-remote-control, outgoing-port-permit, outgoing-port-avoid, msg-buffer-size,
-slabs options and statistics-interval changes.
+Options that can be changed are for
+forwards,
+stubs,
+views,
+authority zones,
+RPZ zones and
+local zones.
 .IP
-The fast reload also works on the options: insecure-lan-zones, domain-insecure,
-trust-anchor-file, trust-anchor, trusted-key-file, auto-trust-anchor-file,
-auth-zone and its options, rpz and its options, edns-strings, respip_set,
-view and its options, access-control options, tcp-connection-limit,
-log-identity, infra-cache-numhosts, msg-cache-size, rrset-cache-size,
-key-cache-size, ratelimit-size, neg-cache-size, num-queries-per-thread,
-jostle-timeout, use-caps-for-id, unwanted-reply-threshold, tls-use-sni,
-outgoing-tcp-mss, ip-dscp, max-reuse-tcp-queries, tcp-reuse-timeout,
-tcp-auth-query-timeout, delay-close.
+Also
+access-control and similar options,
+interface-action and similar options and
+tcp-connection-limit.
+It can reload some
+define-tag
+changes, more on that below.
+Further options include
+insecure-lan-zones,
+domain-insecure,
+trust-anchor-file,
+trust-anchor,
+trusted-keys-file,
+auto-trust-anchor-file,
+edns-client-string,
+ipset,
+log-identity,
+infra-cache-numhosts,
+msg-cache-size,
+rrset-cache-size,
+key-cache-size,
+ratelimit-size,
+neg-cache-size,
+num-queries-per-thread,
+jostle-timeout,
+use-caps-for-id,
+unwanted-reply-threshold,
+tls-use-sni,
+outgoing-tcp-mss,
+ip-dscp,
+max-reuse-tcp-queries,
+tcp-reuse-timeout,
+tcp-auth-query-timeout,
+delay-close.
 .IP
-For dnstap, the options can be changed: dnstap-log-resolver-query-messages,
-dnstap-log-resolver-response-messages, dnstap-log-client-query-messages,
-dnstap-log-client-response-messages, dnstap-log-forwarder-query-messages
-and dnstap-log-forwarder-response-messages. It does not work with
-these options: dnstap-enable, dnstap-bidirectional, dnstap-socket-path,
-dnstap-ip, dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
-dnstap-tls-client-key-file and dnstap-tls-client-cert-file. The options
-dnstap-send-identity, dnstap-send-version, dnstap-identity, and
-dnstap-version can be loaded when '+p' is not used.
+It does not work with
+interface and
+outgoing-interface changes,
+also not with
+remote control,
+outgoing-port-permit,
+outgoing-port-avoid,
+msg-buffer-size,
+any **\*-slabs** options and
+statistics-interval changes.
+.IP
+For dnstap these options can be changed:
+dnstap-log-resolver-query-messages,
+dnstap-log-resolver-response-messages,
+dnstap-log-client-query-messages,
+dnstap-log-client-response-messages,
+dnstap-log-forwarder-query-messages and
+dnstap-log-forwarder-response-messages.
+.IP
+It does not work with these options:
+dnstap-enable,
+dnstap-bidirectional,
+dnstap-socket-path,
+dnstap-ip,
+dnstap-tls,
+dnstap-tls-server-name,
+dnstap-tls-cert-bundle,
+dnstap-tls-client-key-file and
+dnstap-tls-client-cert-file.
+.IP
+The options
+dnstap-send-identity,
+dnstap-send-version,
+dnstap-identity, and
+dnstap-version can be loaded
+when ``+p`` is not used.
 .IP
 The '+v' option makes the output verbose which includes the time it took to do
 the reload.
@ -128,7 +181,7 @@ worker thread.
 .IP
 With the nopause option, the reload does not work to reload some options,
 that fast reload works on without the nopause option: val-bogus-ttl,
-val-date-override, val-sig-key-min, val-sig-skew-max, val-max-restart,
+val-override-date, val-sig-skew-min, val-sig-skew-max, val-max-restart,
 val-nsec3-keysize-iterations, target-fetch-policy, outbound-msg-retry,
 max-sent-count, max-query-restarts, do-not-query-address,
 do-not-query-localhost, private-address, private-domain, caps-exempt,
@ -142,7 +195,7 @@ so that users keep getting answers for those queries that are currently
 processed. The drop makes it so that queries during the life time of the
 query processing see only old, or only new config options.
 .IP
-When there are changes to the config tags, from \fBdefine\-tag\fR config,
+When there are changes to the config tags, from the \fBdefine\-tag\fR option,
 then the '+d' option is implicitly turned on with a warning printout, and
 queries are dropped.
 This is to stop references to the old tag information, by the old
--- a/services/mesh.c
+++ b/services/mesh.c
@ -1579,7 +1579,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
 			&r->query_reply.client_addr,
 			r->query_reply.client_addrlen, duration, 0, r_buffer,
 			(m->s.env->cfg->log_destaddr?(void*)r->query_reply.c->socket->addr:NULL),
-			r->query_reply.c->type);
+			r->query_reply.c->type, r->query_reply.c->ssl);
 	}
 }

--- a/util/data/msgreply.c
+++ b/util/data/msgreply.c
@ -965,7 +965,7 @@ void
 log_reply_info(enum verbosity_value v, struct query_info *qinf,
 	struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur,
 	int cached, struct sldns_buffer *rmsg, struct sockaddr_storage* daddr,
-	enum comm_point_type tp)
+	enum comm_point_type tp, void* ssl)
 {
 	char clientip_buf[128];
 	char rcode_buf[16];
@ -1000,9 +1000,9 @@ log_reply_info(enum verbosity_value v, struct query_info *qinf,
 				(int)daddr->ss_family);
 		}
 		comm = "udp";
-		if(tp == comm_tcp) comm = "tcp";
-		else if(tp == comm_tcp_accept) comm = "tcp";
-		else if(tp == comm_http) comm = "dot";
+		if(tp == comm_tcp) comm = (ssl?"dot":"tcp");
+		else if(tp == comm_tcp_accept) comm = (ssl?"dot":"tcp");
+		else if(tp == comm_http) comm = "doh";
 		else if(tp == comm_local) comm = "unix";
 		else if(tp == comm_raw) comm = "raw";
 		snprintf(dest_buf, sizeof(dest_buf), " on %s %s %d",
--- a/util/data/msgreply.h
+++ b/util/data/msgreply.h
@ -554,11 +554,13 @@ void log_dns_msg(const char* str, struct query_info* qinfo,
 * @param rmsg: sldns buffer packet.
 * @param daddr: if not NULL, the destination address and port are logged.
 * @param tp: type of the comm point for logging destination connection type.
+ * @param ssl: the SSL pointer of the connection, to see if the connection
+ *	type is tcp or dot.
 */
 void log_reply_info(enum verbosity_value v, struct query_info *qinf,
 	struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur,
 	int cached, struct sldns_buffer *rmsg, struct sockaddr_storage* daddr,
-	enum comm_point_type tp);
+	enum comm_point_type tp, void* ssl);

 /**
 * Print string with neat domain name, type, class from query info.