upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into rpz-triggers

Browse source
This commit is contained in:
W.C.A. Wijngaards 2021-08-05 13:37:22 +02:00
commit f232562430
106 changed files with 9333 additions and 6343 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

346
.github/workflows/analysis_ports.yml vendored Normal file
View file

@ -0,0 +1,346 @@
name: Analysis and Ports
on:
workflow_dispatch:
inputs:
start:
description: 'Start analysis and port workflow'
default: 'yes'
required: true
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- name: GCC on Linux
os: ubuntu-latest
config: "--enable-debug --disable-flto"
make_test: "yes"
- name: Clang-analyzer
os: ubuntu-latest
config: "CC=clang --enable-debug --disable-flto --disable-static"
make_test: "yes"
clang_analysis: "yes"
- name: libevent
os: ubuntu-latest
install_libevent: "yes"
config: "CC=clang --enable-debug --disable-flto --with-libevent --disable-static"
make_test: "yes"
clang_analysis: "yes"
- name: OS X
os: macos-latest
install_expat: "yes"
config: "--enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl --with-libexpat=/usr/local/opt/expat"
make_test: "yes"
- name: Clang on OS X
os: macos-latest
install_expat: "yes"
config: "CC=clang --enable-debug --disable-flto --with-ssl=/usr/local/opt/openssl --with-libexpat=/usr/local/opt/expat --disable-static"
make_test: "yes"
clang_analysis: "yes"
- name: ubsan (gcc undefined behaviour sanitizer)
os: ubuntu-latest
config: 'CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover=all" --disable-flto --disable-static'
make_test: "yes"
- name: asan (gcc address sanitizer)
os: ubuntu-latest
config: 'CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=address" --disable-flto --disable-static'
make_test: "yes"
- name: Apple iPhone on iOS, armv7
os: macos-latest
AUTOTOOLS_HOST: armv7-apple-ios
OPENSSL_HOST: ios-cross
IOS_SDK: iPhoneOS
IOS_CPU: armv7s
test_ios: "yes"
config: "no"
make: "no"
- name: Apple iPhone on iOS, arm64
os: macos-latest
AUTOTOOLS_HOST: aarch64-apple-ios
OPENSSL_HOST: ios64-cross
IOS_SDK: iPhoneOS
IOS_CPU: arm64
test_ios: "yes"
config: "no"
make: "no"
- name: Apple TV on iOS, arm64
os: macos-latest
AUTOTOOLS_HOST: aarch64-apple-ios
OPENSSL_HOST: ios64-cross
IOS_SDK: AppleTVOS
IOS_CPU: arm64
test_ios: "yes"
config: "no"
make: "no"
- name: Apple Watch on iOS, armv7
os: macos-latest
AUTOTOOLS_HOST: armv7-apple-ios
OPENSSL_HOST: ios-cross
IOS_SDK: WatchOS
IOS_CPU: armv7k
test_ios: "yes"
config: "no"
make: "no"
- name: iPhoneSimulator on OS X, i386
os: macos-latest
AUTOTOOLS_HOST: i386-apple-ios
OPENSSL_HOST: iphoneos-cross
IOS_SDK: iPhoneSimulator
IOS_CPU: i386
test_ios: "yes"
config: "no"
make: "no"
- name: iPhoneSimulator on OS X, x86_64
os: macos-latest
AUTOTOOLS_HOST: x86_64-apple-ios
OPENSSL_HOST: iphoneos-cross
IOS_SDK: iPhoneSimulator
IOS_CPU: x86_64
test_ios: "yes"
config: "no"
make: "no"
- name: AppleTVSimulator on OS X, x86_64
os: macos-latest
AUTOTOOLS_HOST: x86_64-apple-ios
OPENSSL_HOST: iphoneos-cross
IOS_SDK: AppleTVSimulator
IOS_CPU: x86_64
test_ios: "yes"
config: "no"
make: "no"
- name: WatchSimulator on OS X, i386
os: macos-latest
AUTOTOOLS_HOST: i386-apple-ios
OPENSSL_HOST: iphoneos-cross
IOS_SDK: WatchSimulator
IOS_CPU: i386
test_ios: "yes"
config: "no"
make: "no"
- name: Android armv7a
os: ubuntu-latest
AUTOTOOLS_HOST: armv7a-linux-androidabi
OPENSSL_HOST: android-arm
ANDROID_CPU: armv7a
ANDROID_API: 23
test_android: "yes"
config: "no"
make: "no"
- name: Android aarch64
os: ubuntu-latest
AUTOTOOLS_HOST: aarch64-linux-android
OPENSSL_HOST: android-arm64
ANDROID_CPU: aarch64
ANDROID_API: 23
test_android: "yes"
config: "no"
make: "no"
- name: Android x86
os: ubuntu-latest
AUTOTOOLS_HOST: i686-linux-android
OPENSSL_HOST: android-x86
ANDROID_CPU: x86
ANDROID_API: 23
test_android: "yes"
config: "no"
make: "no"
- name: Android x86_64
os: ubuntu-latest
AUTOTOOLS_HOST: x86_64-linux-android
OPENSSL_HOST: android-x86_64
ANDROID_CPU: x86_64
ANDROID_API: 23
test_android: "yes"
config: "no"
make: "no"
- name: Windows
os: windows-latest
test_windows: "yes"
config: "no"
make: "no"
steps:
- uses: actions/checkout@v2
with:
submodules: false
- name: test_windows
if: ${{ matrix.test_windows == 'yes' }}
shell: bash
run: |
export unboundpath=`pwd`
echo unboundpath=${unboundpath}
cd ..
export prepath=`pwd`
echo prepath=${prepath}
#echo "curl cpanm"
#curl -L -k -s -S -o cpanm https://cpanmin.us/
#echo "perl cpanm Pod::Usage"
#perl cpanm Pod::Usage
mkdir openssl
echo "curl openssl"
curl -L -k -s -S -o openssl-1.1.1j.tar.gz https://www.openssl.org/source/openssl-1.1.1j.tar.gz
tar xzf openssl-1.1.1j.tar.gz
cd openssl-1.1.1j
# remove pod::Usage because we do not need -help or -man output
# from the Configure script
echo "Fixup ./Configure by removing use Pod::Usage require"
sed -e 's/use Pod::Usage//' < Configure > Configure.fix
echo "./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl\"""
./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl"
# make the libs only, build faster
echo "make build_libs"
#make
make build_libs
mv Makefile Makefile.orig
# fixup \\ in the installtop to /.
echo "fixup INSTALLTOP"
sed -e 's?^INSTALLTOP=.*$?INSTALLTOP='"$prepath"'/openssl?' < Makefile.orig > Makefile
# install the includes and libs only, build faster
echo "make install_dev"
#make install_sw
make install_dev
cd ..
mkdir expat
echo "curl expat"
curl -L -k -s -S -o expat-2.2.10.tar.gz https://github.com/libexpat/libexpat/releases/download/R_2_2_10/expat-2.2.10.tar.gz
tar xzf expat-2.2.10.tar.gz
cd expat-2.2.10
echo "./configure SHELL=/usr/bin/bash CONFIG_SHELL=/usr/bin/bash --prefix=\"$prepath/expat\" --exec-prefix=\"$prepath/expat\" --bindir=\"$prepath/expat/bin\" --includedir=\"$prepath/expat/include\" --mandir=\"$prepath/expat/man\" --libdir=\"$prepath/expat/lib\""
./configure SHELL=/usr/bin/bash CONFIG_SHELL=/usr/bin/bash --prefix="$prepath/expat" --exec-prefix="$prepath/expat" --bindir="$prepath/expat/bin" --includedir="$prepath/expat/include" --mandir="$prepath/expat/man" --libdir="$prepath/expat/lib"
# fixup SHELL is treated specially, but SHELZZ is not by make.
echo "Fixup Makefiles by renaming SHELL to SHELLZZ"
mv Makefile Makefile.orig
sed -e 's/SHELL/SHELLZZ/g' < Makefile.orig > Makefile
mv lib/Makefile lib/Makefile.orig
sed -e 's/SHELL/SHELLZZ/g' < lib/Makefile.orig > lib/Makefile
mv doc/Makefile doc/Makefile.orig
sed -e 's/SHELL/SHELLZZ/g' < doc/Makefile.orig > doc/Makefile
mv examples/Makefile examples/Makefile.orig
sed -e 's/SHELL/SHELLZZ/g' < examples/Makefile.orig > examples/Makefile
mv tests/Makefile tests/Makefile.orig
sed -e 's/SHELL/SHELLZZ/g' < tests/Makefile.orig > tests/Makefile
mv xmlwf/Makefile xmlwf/Makefile.orig
sed -e 's/SHELL/SHELLZZ/g' < xmlwf/Makefile.orig > xmlwf/Makefile
echo "make"
make
echo "make install"
make install
cd ..
echo "unbound"
cd unbound
echo "./configure --enable-debug --enable-static-exe --disable-flto \"--with-ssl=$prepath/openssl\" --with-libexpat=\"$prepath/expat\" --disable-shared"
./configure --enable-debug --enable-static-exe --disable-flto "--with-ssl=$prepath/openssl" --with-libexpat="$prepath/expat" --disable-shared
make
# specific test output
#make testbound.exe; ./testbound.exe -s
#make testbound; ./testbound.exe -p testdata/acl.rpl -o -vvvv
make test
- name: test_android
if: ${{ matrix.test_android == 'yes' }}
env:
AUTOTOOLS_HOST: ${{ matrix.AUTOTOOLS_HOST }}
OPENSSL_HOST: ${{ matrix.OPENSSL_HOST }}
ANDROID_API: ${{ matrix.ANDROID_API }}
ANDROID_CPU: ${{ matrix.ANDROID_CPU }}
run: |
#(already installed) ./contrib/android/install_tools.sh
export ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU"
echo ANDROID_PREFIX=${ANDROID_PREFIX}
export ANDROID_SDK_ROOT="$HOME/android-sdk"
echo ANDROID_SDK_ROOT=${ANDROID_SDK_ROOT}
export ANDROID_NDK_ROOT="$HOME/android-ndk"
echo ANDROID_NDK_ROOT=${ANDROID_NDK_ROOT}
export AUTOTOOLS_BUILD="$(./config.guess)"
echo AUTOTOOLS_BUILD=${AUTOTOOLS_BUILD}
export PKG_CONFIG_PATH="$ANDROID_PREFIX/lib/pkgconfig"
echo PKG_CONFIG_PATH=${PKG_CONFIG_PATH}
export CONFIG_OPTS="--build=$AUTOTOOLS_BUILD --host=$AUTOTOOLS_HOST --prefix=$ANDROID_PREFIX --with-ssl=$ANDROID_PREFIX --disable-gost --with-libexpat=$ANDROID_PREFIX"
echo CONFIG_OPTS=${CONFIG_OPTS}
echo "::group::install_ndk"
echo "./contrib/android/install_ndk.sh"
./contrib/android/install_ndk.sh
echo "::endgroup::"
echo "::group::setenv_android.sh"
echo "./contrib/android/setenv_android.sh"
source ./contrib/android/setenv_android.sh
echo "::endgroup::"
echo "::group::install_openssl"
echo "./contrib/android/install_openssl.sh"
./contrib/android/install_openssl.sh
echo "::endgroup::"
echo "::group::install_expat"
echo "./contrib/android/install_expat.sh"
./contrib/android/install_expat.sh
echo "::endgroup::"
echo "::group::configure"
echo "./configure ${CONFIG_OPTS}"
./configure ${CONFIG_OPTS}
echo "::endgroup::"
echo "::group::make"
# make is here to preserve environment variables
make
echo "::endgroup::"
echo "::group::make install"
make install
echo "::endgroup::"
- name: test ios
if: ${{ matrix.test_ios == 'yes' }}
env:
AUTOTOOLS_HOST: ${{ matrix.AUTOTOOLS_HOST }}
OPENSSL_HOST: ${{ matrix.OPENSSL_HOST }}
IOS_SDK: ${{ matrix.IOS_SDK }}
IOS_CPU: ${{ matrix.IOS_CPU }}
run: |
#(already installed) ./contrib/ios/install_tools.sh
export AUTOTOOLS_BUILD="$(./config.guess)"
echo AUTOTOOLS_BUILD=${AUTOTOOLS_BUILD}
export IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU"
echo IOS_PREFIX=${IOS_PREFIX}
export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig"
echo PKG_CONFIG_PATH=${PKG_CONFIG_PATH}
export CONFIG_OPTS="--build=$AUTOTOOLS_BUILD --host=$AUTOTOOLS_HOST --prefix=$IOS_PREFIX --with-ssl=$IOS_PREFIX --disable-gost --with-libexpat=$IOS_PREFIX"
echo CONFIG_OPTS=${CONFIG_OPTS}
echo "::group::setenv_ios.sh"
echo "./contrib/ios/setenv_ios.sh"
source ./contrib/ios/setenv_ios.sh
echo "::endgroup::"
echo "::group::install_openssl"
echo "./contrib/ios/install_openssl.sh"
./contrib/ios/install_openssl.sh
echo "::endgroup::"
echo "::group::install_expat"
echo "./contrib/ios/install_expat.sh"
./contrib/ios/install_expat.sh
echo "::endgroup::"
echo "::group::configure"
echo "./configure ${CONFIG_OPTS}"
./configure ${CONFIG_OPTS}
echo "::endgroup::"
echo "::group::make"
# make is here to preserve environment variables
make
echo "::endgroup::"
echo "::group::make install"
make install
echo "::endgroup::"
- name: install libevent
if: ${{ matrix.install_libevent == 'yes' }}
run: sudo apt-get install libevent-dev
- name: install expat
if: ${{ matrix.install_expat == 'yes' }}
run: brew install expat
- name: configure
if: ${{ matrix.config != 'no' }}
run: ./configure ${{ matrix.config }}
- name: make
if: ${{ matrix.make != 'no' }}
run: make
- name: make test
if: ${{ matrix.make_test == 'yes' }}
run: make test
- name: clang-analysis
if: ${{ matrix.clang_analysis == 'yes' }}
run: (cd testdata/clang-analysis.tdir; bash clang-analysis.test)

21
.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,21 @@
name: ci
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: configure
run: ./configure --enable-debug
- name: make
run: make
- name: make test
run: make test

496
Makefile.in
View file

@ -175,10 +175,12 @@ UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \
testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \
testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \
testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \
testcode/unitecs.c testcode/unitauth.c testcode/unitzonemd.c
testcode/unitecs.c testcode/unitauth.c testcode/unitzonemd.c \
testcode/unittcpreuse.c
UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \
unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \
readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo unitzonemd.lo
readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo unitzonemd.lo \
unittcpreuse.lo
UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \
$(COMPAT_OBJ)
DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \
@ -244,6 +246,9 @@ DELAYER_SRC=testcode/delayer.c
DELAYER_OBJ=delayer.lo
DELAYER_OBJ_LINK=$(DELAYER_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \
$(SLDNS_OBJ)
READZONE_SRC=testcode/readzone.c
READZONE_OBJ=readzone.lo
READZONE_OBJ_LINK=$(READZONE_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) $(SLDNS_OBJ)
IPSET_SRC=@IPSET_SRC@
IPSET_OBJ=@IPSET_OBJ@
DNSTAP_SOCKET_SRC=dnstap/unbound-dnstap-socket.c
@ -280,7 +285,7 @@ ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \
$(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) $(DNSTAP_SOCKET_SRC)\
$(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \
$(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) \
$(DOHCLIENT_SRC)
$(DOHCLIENT_SRC) $(READZONE_SRC)
ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \
$(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \
@ -289,7 +294,7 @@ ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \
$(CONTROL_OBJ) $(UBANCHOR_OBJ) $(PETAL_OBJ) $(DNSTAP_SOCKET_OBJ)\
$(COMPAT_OBJ) $(PYUNBOUND_OBJ) \
$(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) \
$(DOHCLIENT_OBJ)
$(DOHCLIENT_OBJ) $(READZONE_OBJ)
COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@
LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS)
@ -327,7 +332,7 @@ TEST_BIN=asynclook$(EXEEXT) delayer$(EXEEXT) \
lock-verify$(EXEEXT) memstats$(EXEEXT) perf$(EXEEXT) \
petal$(EXEEXT) pktview$(EXEEXT) streamtcp$(EXEEXT) \
$(DNSTAP_SOCKET_TESTBIN) dohclient$(EXEEXT) \
testbound$(EXEEXT) unittest$(EXEEXT)
testbound$(EXEEXT) unittest$(EXEEXT) readzone$(EXEEXT)
tests: all $(TEST_BIN)
check: test
@ -405,6 +410,9 @@ perf$(EXEEXT): $(PERF_OBJ_LINK)
delayer$(EXEEXT): $(DELAYER_OBJ_LINK)
$(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS)
readzone$(EXEEXT): $(READZONE_OBJ_LINK)
$(LINK) -o $@ $(READZONE_OBJ_LINK) $(SSLLIB) $(LIBS)
signit$(EXEEXT): testcode/signit.c
$(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ -o $@ testcode/signit.c $(LDFLAGS) -lldns $(SSLLIB) $(LIBS)
@ -701,7 +709,8 @@ infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrde
rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h \
$(srcdir)/util/alloc.h $(srcdir)/util/net_help.h
as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h
dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \
@ -790,7 +799,8 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i
$(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/outside_network.h \
$(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
$(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
@ -837,11 +847,7 @@ modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/service
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
$(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
$(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) $(srcdir)/cachedb/cachedb.h \
$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h
$(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
@ -872,8 +878,7 @@ outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c confi
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
$(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h
alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
@ -894,8 +899,7 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/edns-subnet/edns-subnet.h \
$(srcdir)/util/iana_ports.inc
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc
configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \
$(srcdir)/util/config_file.h util/configparser.h
configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \
@ -924,8 +928,9 @@ authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/service
$(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
$(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_secalgo.h
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h $(srcdir)/validator/val_nsec3.h \
$(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/val_sigcrypt.h \
$(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h
fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
@ -934,7 +939,7 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/
$(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/outside_network.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
@ -942,13 +947,18 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \
$(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \
$(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \
$(srcdir)/libunbound/worker.h $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) \
$(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \
$(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h $(srcdir)/dnstap/dtstream.h
$(srcdir)/libunbound/worker.h
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
@ -961,14 +971,12 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve
$(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h
net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h
rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
@ -1022,8 +1030,7 @@ tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/u
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/ub_event.h
ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/tube.h \
$(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \
$(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
@ -1033,8 +1040,7 @@ ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c
$(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h
autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
@ -1047,8 +1053,7 @@ autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/val
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \
$(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h
val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h \
@ -1078,13 +1083,11 @@ val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/
val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \
$(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
$(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h
val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h
val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \
@ -1102,17 +1105,15 @@ val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/valida
val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \
$(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
$(srcdir)/sldns/sbuffer.h \
$(srcdir)/sldns/sbuffer.h
val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_secalgo.h \
$(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
$(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h \
$(srcdir)/sldns/wire2str.h
val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
@ -1133,43 +1134,13 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
$(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \
$(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \
$(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
$(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
$(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/respip/respip.h $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h \
$(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h
edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h
subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h
addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h
subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
$(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/cachedb/redis.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h \
$(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h \
$(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h \
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h
redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h $(srcdir)/cachedb/cachedb.h \
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h \
$(srcdir)/sldns/sbuffer.h
subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h
respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
@ -1182,42 +1153,8 @@ respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localz
$(srcdir)/util/regional.h
checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/testcode/checklocks.h
dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/dnstap/dnstap.h \
$(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h dnstap/dnstap.pb-c.h
dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h \
dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h
dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \
$(srcdir)/util/net_help.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/sldns/sbuffer.h \
ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
$(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h
ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \
$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \
$(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \
$(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
$(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h
ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h
ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h
unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \
$(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h
@ -1226,8 +1163,7 @@ unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \
$(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h
unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
$(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/iterator/iterator.h \
$(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
@ -1268,14 +1204,7 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod
unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/parseutil.h
unitzonemd.lo unitzonemd.o: $(srcdir)/testcode/unitzonemd.c config.h $(srcdir)/services/authzone.h
unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \
$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \
$(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \
$(srcdir)/edns-subnet/edns-subnet.h
unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h
unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \
@ -1286,49 +1215,58 @@ unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/service
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/testcode/unitmain.h \
$(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h \
$(srcdir)/sldns/wire2str.h
unitzonemd.lo unitzonemd.o: $(srcdir)/testcode/unitzonemd.c config.h $(srcdir)/util/log.h \
$(srcdir)/testcode/unitmain.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/authzone.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h \
$(srcdir)/validator/val_anchor.h
unittcpreuse.lo unittcpreuse.o: $(srcdir)/testcode/unittcpreuse.c config.h $(srcdir)/services/outside_network.h \
$(srcdir)/util/random.h
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
$(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \
$(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
$(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/str2wire.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h \
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
$(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
$(srcdir)/sldns/keyraw.h
remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \
$(srcdir)/daemon/remote.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \
$(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \
$(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \
$(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \
$(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \
$(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \
$(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \
$(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h
remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/alloc.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
$(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \
$(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
@ -1353,21 +1291,19 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s
$(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \
$(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
$(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h
unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \
$(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
$(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h
$(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
$(srcdir)/util/ub_event.h
worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
$(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
@ -1375,32 +1311,32 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
$(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
$(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
$(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
$(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \
$(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
$(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
$(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \
$(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
$(srcdir)/daemon/remote.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \
$(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h
$(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h
testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \
$(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
@ -1411,39 +1347,38 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
$(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
$(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
$(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
$(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \
$(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
$(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
$(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h \
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
$(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
$(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
$(srcdir)/sldns/keyraw.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \
$(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \
$(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \
$(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h
stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
@ -1457,9 +1392,7 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s
$(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
$(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \
$(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
$(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h
replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \
@ -1476,7 +1409,7 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/daemon/remote.h
lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
@ -1511,8 +1444,7 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c
$(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \
$(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h
$(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h
worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
@ -1546,70 +1478,72 @@ libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbou
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
$(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h
libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
$(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
$(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h \
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/storage/lookup3.h \
$(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h
libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
$(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
$(srcdir)/sldns/str2wire.h
unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h
streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
$(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \
$(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
$(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/modstack.h $(srcdir)/respip/respip.h
unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \
$(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
$(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/services/modstack.h $(srcdir)/respip/respip.h \
$(srcdir)/services/listen_dnsport.h
unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h
petal.lo petal.o: $(srcdir)/testcode/petal.c config.h
unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h \
$(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h \
$(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \
dnstap/dnstap.pb-c.h \
$(srcdir)/util/config_file.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/config_file.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/daemon/worker.h \
$(srcdir)/libunbound/worker.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
$(srcdir)/daemon/remote.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
$(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
$(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \
$(srcdir)/libunbound/unbound-event.h
pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h \
$(srcdir)/pythonmod/pythonmod_utils.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/net_help.h \
$(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
$(srcdir)/util/regional.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h
win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/worker.h \
@ -1617,8 +1551,8 @@ win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \
$(srcdir)/util/net_help.h
w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h
unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \
$(srcdir)/winrc/w_inst.h
@ -1626,14 +1560,12 @@ unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-serv
$(srcdir)/winrc/w_inst.h
anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h
keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \
$(srcdir)/sldns/rrdef.h \
keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h
sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h
wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/sldns/keyraw.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/sldns/keyraw.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h
parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \
$(srcdir)/sldns/sbuffer.h
parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h
@ -1644,8 +1576,8 @@ dohclient.lo dohclient.o: $(srcdir)/testcode/dohclient.c config.h $(srcdir)/sldn
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h \
$(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h
readzone.lo readzone.o: $(srcdir)/testcode/readzone.c
ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h
gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h
@ -1660,11 +1592,9 @@ strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h
strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h
getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c
getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \
getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c
getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \
getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h

12
acx_nlnetlabs.m4
View file

@ -2,7 +2,9 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 39
# Version 41
# 2021-07-30 fix for openssl use of lib64 directory.
# 2021-06-14 fix nonblocking test to use host instead of target for mingw test.
# 2021-05-17 fix nonblocking socket test from grep on mingw32 to mingw for
# 64bit compatibility.
# 2021-03-24 fix ACX_FUNC_DEPRECATED to use CPPFLAGS and CFLAGS.
@ -668,10 +670,16 @@ AC_DEFUN([ACX_SSL_CHECKS], [
HAVE_SSL=yes
dnl assume /usr is already in the lib and dynlib paths.
if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
LDFLAGS="$LDFLAGS -L$ssldir/lib64"
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64"
ACX_RUNTIME_PATH_ADD([$ssldir/lib64])
else
LDFLAGS="$LDFLAGS -L$ssldir/lib"
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
ACX_RUNTIME_PATH_ADD([$ssldir/lib])
fi
fi
AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
LIBS="$LIBS -lcrypto"
@ -917,7 +925,7 @@ dnl a nonblocking socket do not work, a new call to select is necessary.
AC_DEFUN([ACX_CHECK_NONBLOCKING_BROKEN],
[
AC_MSG_CHECKING([if nonblocking sockets work])
if echo $target | grep mingw >/dev/null; then
if echo $host | grep mingw >/dev/null; then
AC_MSG_RESULT([no (windows)])
AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).])
else

2
compat/ctime_r.c
View file

@ -38,5 +38,5 @@ char *ctime_r(const time_t *timep, char *buf)
strcpy(buf, result);
}
lock_basic_unlock(&ctime_lock);
return result;
return buf;
}

17
config.h.in
View file

@ -429,6 +429,9 @@
/* Define to 1 if you have the `OPENSSL_init_ssl' function. */
#undef HAVE_OPENSSL_INIT_SSL
/* Define to 1 if you have the <openssl/param_build.h> header file. */
#undef HAVE_OPENSSL_PARAM_BUILD_H
/* Define to 1 if you have the <openssl/rand.h> header file. */
#undef HAVE_OPENSSL_RAND_H
@ -438,6 +441,9 @@
/* Define to 1 if you have the <openssl/ssl.h> header file. */
#undef HAVE_OPENSSL_SSL_H
/* Define to 1 if you have the `OSSL_PARAM_BLD_new' function. */
#undef HAVE_OSSL_PARAM_BLD_NEW
/* Define if you have POSIX threads libraries and header files. */
#undef HAVE_PTHREAD
@ -541,6 +547,9 @@
/* Define to 1 if you have the `SSL_get0_peername' function. */
#undef HAVE_SSL_GET0_PEERNAME
/* Define to 1 if you have the `SSL_get1_peer_certificate' function. */
#undef HAVE_SSL_GET1_PEER_CERTIFICATE
/* Define to 1 if you have the `SSL_set1_host' function. */
#undef HAVE_SSL_SET1_HOST
@ -856,6 +865,14 @@
/* Define if you enable libevent */
#undef USE_LIBEVENT
/* Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a
default outgoing port range. This is only for the libunbound on Linux and
does not affect unbound resolving daemon itself. This may severely limit
the number of available outgoing ports and thus decrease randomness. Define
this only when the target system restricts (e.g. some of SELinux enabled
distributions) the use of non-ephemeral ports. */
#undef USE_LINUX_IP_LOCAL_PORT_RANGE
/* Define if you want to use internal select based events */
#undef USE_MINI_EVENT

66
configure vendored
View file

@ -901,6 +901,7 @@ enable_ipsecmod
enable_ipset
with_libmnl
enable_explicit_port_randomisation
enable_linux_ip_local_port_range
with_libunbound_only
'
ac_precious_vars='build_alias
@ -1593,6 +1594,16 @@ Optional Features:
--disable-explicit-port-randomisation
disable explicit source port randomisation and rely
on the kernel to provide random source ports
--enable-linux-ip-local-port-range
Define this to enable use of
/proc/sys/net/ipv4/ip_local_port_range as a default
outgoing port range. This is only for the libunbound
on Linux and does not affect unbound resolving
daemon itself. This may severely limit the number of
available outgoing ports and thus decrease
randomness. Define this only when the target system
restricts (e.g. some of SELinux enabled
distributions) the use of non-ephemeral ports.
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@ -4206,7 +4217,7 @@ esac
# are we on MinGW?
if uname -s 2>&1 | grep MINGW >/dev/null; then on_mingw="yes"
else
if echo $host $target | grep mingw >/dev/null; then on_mingw="yes"
if echo $host | grep mingw >/dev/null; then on_mingw="yes"
else on_mingw="no"; fi
fi
@ -14616,6 +14627,8 @@ CC=$lt_save_CC
# pkg-config is only needed for these options, do not require it otherwise
if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
@ -14736,6 +14749,7 @@ $as_echo "no" >&6; }
PKG_CONFIG=""
fi
fi
fi
# Checks for header files.
for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h
@ -15927,7 +15941,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if nonblocking sockets work" >&5
$as_echo_n "checking if nonblocking sockets work... " >&6; }
if echo $target | grep mingw >/dev/null; then
if echo $host | grep mingw >/dev/null; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no (windows)" >&5
$as_echo "no (windows)" >&6; }
@ -16195,7 +16209,10 @@ done
# check if we can use SO_REUSEPORT
if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then
reuseport_default=0
if echo "$host" | $GREP -i -e linux >/dev/null; then reuseport_default=1; fi
if echo "$host" | $GREP -i -e dragonfly >/dev/null; then reuseport_default=1; fi
if test "$reuseport_default" = 1; then
$as_echo "#define REUSEPORT_DEFAULT 1" >>confdefs.h
@ -18002,6 +18019,17 @@ _ACEOF
$as_echo "found in $ssldir" >&6; }
HAVE_SSL=yes
if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
LDFLAGS="$LDFLAGS -L$ssldir/lib64"
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64"
if test "x$enable_rpath" = xyes; then
if echo "$ssldir/lib64" | grep "^/" >/dev/null; then
RUNTIME_PATH="$RUNTIME_PATH -R$ssldir/lib64"
fi
fi
else
LDFLAGS="$LDFLAGS -L$ssldir/lib"
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
@ -18012,6 +18040,7 @@ $as_echo "found in $ssldir" >&6; }
fi
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_sha256 in -lcrypto" >&5
$as_echo_n "checking for EVP_sha256 in -lcrypto... " >&6; }
@ -18393,7 +18422,7 @@ else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h
for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
@ -18407,7 +18436,7 @@ fi
done
for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params
for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -18423,7 +18452,7 @@ done
# these check_funcs need -lssl
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos
for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos SSL_get1_peer_certificate
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -19178,8 +19207,8 @@ fi
case "$enable_tfo_client" in
yes)
case `uname` in
Linux) ac_fn_c_check_decl "$LINENO" "MSG_FASTOPEN" "ac_cv_have_decl_MSG_FASTOPEN" "$ac_includes_default
case "$host_os" in
linux*) ac_fn_c_check_decl "$LINENO" "MSG_FASTOPEN" "ac_cv_have_decl_MSG_FASTOPEN" "$ac_includes_default
#include <netinet/tcp.h>
"
@ -19196,7 +19225,7 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
;;
Darwin) ac_fn_c_check_decl "$LINENO" "CONNECT_RESUME_ON_READ_WRITE" "ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" "$ac_includes_default
darwin*) ac_fn_c_check_decl "$LINENO" "CONNECT_RESUME_ON_READ_WRITE" "ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" "$ac_includes_default
#include <sys/socket.h>
"
@ -20429,7 +20458,7 @@ done
# check if setreuid en setregid fail, on MacOSX10.4(darwin8).
if echo $target_os | grep darwin8 > /dev/null; then
if echo $host_os | grep darwin8 > /dev/null; then
$as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h
@ -21614,6 +21643,23 @@ $as_echo "#define DISABLE_EXPLICIT_PORT_RANDOMISATION 1" >>confdefs.h
;;
esac
if echo "$host" | $GREP -i -e linux >/dev/null; then
# Check whether --enable-linux-ip-local-port-range was given.
if test "${enable_linux_ip_local_port_range+set}" = set; then :
enableval=$enable_linux_ip_local_port_range;
fi
case "$enable_linux_ip_local_port_range" in
yes)
$as_echo "#define USE_LINUX_IP_LOCAL_PORT_RANGE 1" >>confdefs.h
;;
no|*)
;;
esac
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5
$as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; }

35
configure.ac
View file

@ -149,7 +149,7 @@ esac
# are we on MinGW?
if uname -s 2>&1 | grep MINGW >/dev/null; then on_mingw="yes"
else
if echo $host $target | grep mingw >/dev/null; then on_mingw="yes"
if echo $host | grep mingw >/dev/null; then on_mingw="yes"
else on_mingw="no"; fi
fi
@ -385,7 +385,10 @@ AC_CHECK_PROG(doxygen, doxygen, doxygen)
AC_CHECK_TOOL(STRIP, strip)
ACX_LIBTOOL_C_ONLY
# pkg-config is only needed for these options, do not require it otherwise
if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
PKG_PROG_PKG_CONFIG
fi
# Checks for header files.
AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h],,, [AC_INCLUDES_DEFAULT])
@ -490,7 +493,10 @@ ACX_MKDIR_ONE_ARG
AC_CHECK_FUNCS([strptime],[AC_CHECK_STRPTIME_WORKS],[AC_LIBOBJ([strptime])])
# check if we can use SO_REUSEPORT
if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then
reuseport_default=0
if echo "$host" | $GREP -i -e linux >/dev/null; then reuseport_default=1; fi
if echo "$host" | $GREP -i -e dragonfly >/dev/null; then reuseport_default=1; fi
if test "$reuseport_default" = 1; then
AC_DEFINE(REUSEPORT_DEFAULT, 1, [if REUSEPORT is enabled by default])
else
AC_DEFINE(REUSEPORT_DEFAULT, 0, [if REUSEPORT is enabled by default])
@ -853,13 +859,13 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/
else
AC_MSG_RESULT([no])
fi
AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params])
AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new])
# these check_funcs need -lssl
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos])
AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos SSL_get1_peer_certificate])
LIBS="$BAKLIBS"
AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
@ -1216,15 +1222,15 @@ esac
AC_ARG_ENABLE(tfo-client, AS_HELP_STRING([--enable-tfo-client],[Enable TCP Fast Open for client mode]))
case "$enable_tfo_client" in
yes)
case `uname` in
Linux) AC_CHECK_DECL([MSG_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])],
case "$host_os" in
linux*) AC_CHECK_DECL([MSG_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])],
[AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])],
[AC_INCLUDES_DEFAULT
#include <netinet/tcp.h>
])
AC_DEFINE_UNQUOTED([USE_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.])
;;
Darwin) AC_CHECK_DECL([CONNECT_RESUME_ON_READ_WRITE], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])],
darwin*) AC_CHECK_DECL([CONNECT_RESUME_ON_READ_WRITE], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])],
[AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])],
[AC_INCLUDES_DEFAULT
#include <sys/socket.h>
@ -1593,7 +1599,7 @@ AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])])
AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
# check if setreuid en setregid fail, on MacOSX10.4(darwin8).
if echo $target_os | grep darwin8 > /dev/null; then
if echo $host_os | grep darwin8 > /dev/null; then
AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work])
fi
AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [
@ -1856,6 +1862,17 @@ case "$enable_explicit_port_randomisation" in
;;
esac
if echo "$host" | $GREP -i -e linux >/dev/null; then
AC_ARG_ENABLE(linux-ip-local-port-range, AC_HELP_STRING([--enable-linux-ip-local-port-range], [Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a default outgoing port range. This is only for the libunbound on Linux and does not affect unbound resolving daemon itself. This may severely limit the number of available outgoing ports and thus decrease randomness. Define this only when the target system restricts (e.g. some of SELinux enabled distributions) the use of non-ephemeral ports.]))
case "$enable_linux_ip_local_port_range" in
yes)
AC_DEFINE([USE_LINUX_IP_LOCAL_PORT_RANGE], [1], [Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a default outgoing port range. This is only for the libunbound on Linux and does not affect unbound resolving daemon itself. This may severely limit the number of available outgoing ports and thus decrease randomness. Define this only when the target system restricts (e.g. some of SELinux enabled distributions) the use of non-ephemeral ports.])
;;
no|*)
;;
esac
fi
AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope])
# on openBSD, the implicit rule make $< work.

4
contrib/unbound.service.in
View file

@ -60,8 +60,12 @@ NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true
ProtectClock=true
ProtectControlGroups=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
RuntimeDirectory=unbound
ConfigurationDirectory=unbound

20
contrib/unbound.spec
View file

@ -1,15 +1,14 @@
Summary: Validating, recursive, and caching DNS resolver
Name: unbound
Version: 1.4.18
Version: 1.13.1
Release: 1%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/unbound/
Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
Source: http://www.nlnetlabs.nl/downloads/unbound/%{name}-%{version}.tar.gz
#Source1: unbound.init
Group: System Environment/Daemons
Requires: ldns
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: flex, openssl-devel, expat-devel, ldns-devel
BuildRequires: flex, openssl-devel, expat-devel
%description
Unbound is a validating, recursive, and caching DNS resolver.
@ -42,7 +41,7 @@ install -d 0700 %{buildroot}%{_localstatedir}/%{name}
install -d 0755 %{buildroot}%{_initrddir}
install -m 0755 contrib/unbound.init %{buildroot}%{_initrddir}/unbound
# add symbolic link from /etc/unbound.conf -> /var/unbound/unbound.conf
ln -s %{_localstatedir}/unbound/unbound.conf %{buildroot}%{_sysconfdir}/unbound.conf
ln -s ../%{_localstatedir}/unbound/unbound.conf %{buildroot}%{_sysconfdir}/unbound.conf
# remove static library from install (fedora packaging guidelines)
rm -f %{buildroot}%{_libdir}/libunbound.a %{buildroot}%{_libdir}/libunbound.la
@ -55,11 +54,12 @@ rm -rf ${RPM_BUILD_ROOT}
%attr(0755,root,root) %{_initrddir}/%{name}
%attr(0700,%{name},%{name}) %dir %{_localstatedir}/%{name}
%attr(0644,%{name},%{name}) %config(noreplace) %{_localstatedir}/%{name}/unbound.conf
%attr(0644,%{name},%{name}) %config(noreplace) %{_sysconfdir}/unbound.conf
%config(noreplace) %{_sysconfdir}/unbound.conf
%{_sbindir}/*
%{_mandir}/*/*
%{_includedir}/*
%{_libdir}/libunbound*
%{_libdir}/pkgconfig/libunbound*
%pre
getent group unbound >/dev/null || groupadd -r unbound
@ -89,7 +89,13 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
* Thu Jul 13 2011 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.4.8
* Thu Jun 10 2021 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.13.1
- ldns and ldns-devel no longer required. Fixed date. Version to 1.13.1.
- Removed symlink attr mode, made unbound.conf symlink relative.
- Added pkgconfig/libunbound.pc to the packaged files.
- fixed download url to nlnetlabs.nl download.
* Wed Jul 13 2011 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.4.8
- ldns required and ldns-devel required for build, no more ldns-builtin.
* Thu Mar 17 2011 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.4.8

69
contrib/unbound_munin_
View file

@ -14,7 +14,6 @@
# Run the command unbound-control-setup to generate the key files.
#
# Environment variables for this script
# statefile - where to put temporary statefile.
# unbound_conf - where the unbound.conf file is located.
# unbound_control - where to find unbound-control executable.
# spoof_warn - what level to warn about spoofing
@ -24,7 +23,6 @@
# with:
# [unbound*]
# user root
# env.statefile /usr/local/var/munin/plugin-state/unbound-state
# env.unbound_conf /usr/local/etc/unbound/unbound.conf
# env.unbound_control /usr/local/sbin/unbound-control
# env.spoof_warn 1000
@ -66,7 +64,6 @@ System with unbound daemon.
[unbound*]
user root
env.statefile /usr/local/var/munin/plugin-state/unbound-state
env.unbound_conf /usr/local/etc/unbound/unbound.conf
env.unbound_control /usr/local/sbin/unbound-control
env.spoof_warn 1000
@ -98,7 +95,8 @@ BSD
=cut
state=${statefile:-/usr/local/var/munin/plugin-state/unbound-state}
state="${MUNIN_PLUGSTATE}/unbound.state"
seentags="${MUNIN_PLUGSTATE}/unbound-seentags.state"
conf=${unbound_conf:-/usr/local/etc/unbound/unbound.conf}
ctrl=${unbound_control:-/usr/local/sbin/unbound-control}
warn=${spoof_warn:-1000}
@ -121,6 +119,18 @@ get_value ( ) {
fi
}
# Update list of seen query types etc to seentags file. This is run while
# holding the lock, after the state file is updated.
update_seentags() {
tmplist="$(cat ${seentags} 2> /dev/null)
num.query.type.A
num.query.class.IN
num.query.opcode.QUERY
num.answer.rcode.NOERROR
"
(echo "${tmplist}"; grep ^num ${state} | sed -e 's/=.*//') | sort -u > ${seentags}
}
# download the state from the unbound server.
get_state ( ) {
# obtain lock for fetching the state
@ -168,6 +178,7 @@ get_state ( ) {
rm -f $lock
exit 1
fi
update_seentags
rm -f $lock
}
@ -232,7 +243,7 @@ if test "$1" = "config" ; then
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
echo "graph_category dns"
for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state |
sed -e 's/=.*//'`; do
exist_config $x "queries handled by `basename $x .num.queries`"
@ -256,7 +267,7 @@ if test "$1" = "config" ; then
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel number of queries"
echo "graph_scale no"
echo "graph_category DNS"
echo "graph_category dns"
p_config "total.requestlist.avg" "Average size of queue on insert" "GAUGE"
p_config "total.requestlist.max" "Max size of queue (in 5 min)" "GAUGE"
p_config "total.requestlist.overwritten" "Number of queries replaced by new ones" "GAUGE"
@ -267,7 +278,7 @@ if test "$1" = "config" ; then
echo "graph_title Unbound memory usage"
echo "graph_args --base 1024 -l 0"
echo "graph_vlabel memory used in bytes"
echo "graph_category DNS"
echo "graph_category dns"
p_config "mem.cache.rrset" "RRset cache memory" "GAUGE"
p_config "mem.cache.message" "Message cache memory" "GAUGE"
p_config "mem.mod.iterator" "Iterator module memory" "GAUGE"
@ -283,9 +294,8 @@ if test "$1" = "config" ; then
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
for x in `grep "^num.query.type" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
echo "graph_category dns"
for nm in `grep "^num.query.type" $seentags`; do
tp=`echo $nm | sed -e s/num.query.type.//`
p_config "$nm" "$tp" "ABSOLUTE"
done
@ -296,9 +306,8 @@ if test "$1" = "config" ; then
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
for x in `grep "^num.query.class" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
echo "graph_category dns"
for nm in `grep "^num.query.class" $seentags`; do
tp=`echo $nm | sed -e s/num.query.class.//`
p_config "$nm" "$tp" "ABSOLUTE"
done
@ -309,9 +318,8 @@ if test "$1" = "config" ; then
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
for x in `grep "^num.query.opcode" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
echo "graph_category dns"
for nm in `grep "^num.query.opcode" $seentags`; do
tp=`echo $nm | sed -e s/num.query.opcode.//`
p_config "$nm" "$tp" "ABSOLUTE"
done
@ -322,9 +330,8 @@ if test "$1" = "config" ; then
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel answer packets / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
for x in `grep "^num.answer.rcode" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
echo "graph_category dns"
for nm in `grep "^num.answer.rcode" $seentags`; do
tp=`echo $nm | sed -e s/num.answer.rcode.//`
p_config "$nm" "$tp" "ABSOLUTE"
done
@ -338,7 +345,7 @@ if test "$1" = "config" ; then
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
echo "graph_category dns"
p_config "num.query.flags.QR" "QR (query reply) flag" "ABSOLUTE"
p_config "num.query.flags.AA" "AA (auth answer) flag" "ABSOLUTE"
p_config "num.query.flags.TC" "TC (truncated) flag" "ABSOLUTE"
@ -356,7 +363,7 @@ if test "$1" = "config" ; then
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel queries / \${graph_period}"
echo "graph_scale no"
echo "graph_category DNS"
echo "graph_category dns"
echo hcache.label "cache hits"
echo hcache.min 0
echo hcache.type ABSOLUTE
@ -467,27 +474,23 @@ memory)
done
;;
by_type)
for x in `grep "^num.query.type" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
print_value_line $nm $x
for nm in `grep "^num.query.type" $seentags`; do
print_value $nm
done
;;
by_class)
for x in `grep "^num.query.class" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
print_value_line $nm $x
for nm in `grep "^num.query.class" $seentags`; do
print_value $nm
done
;;
by_opcode)
for x in `grep "^num.query.opcode" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
print_value_line $nm $x
for nm in `grep "^num.query.opcode" $seentags`; do
print_value $nm
done
;;
by_rcode)
for x in `grep "^num.answer.rcode" $state`; do
nm=`echo $x | sed -e 's/=.*$//'`
print_value_line $nm $x
for nm in `grep "^num.answer.rcode" $seentags`; do
print_value $nm
done
print_value "num.answer.secure"
print_value "num.answer.bogus"

42
daemon/remote.c
View file

@ -1304,10 +1304,35 @@ do_zones_remove(RES* ssl, struct local_zones* zones)
(void)ssl_printf(ssl, "removed %d zones\n", num);
}
/** check syntax of newly added RR */
static int
check_RR_syntax(RES* ssl, char* str, int line)
{
uint8_t rr[LDNS_RR_BUF_SIZE];
size_t len = sizeof(rr), dname_len = 0;
int s = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600,
NULL, 0, NULL, 0);
if(s != 0) {
char linestr[32];
if(line == 0)
linestr[0]=0;
else snprintf(linestr, sizeof(linestr), "line %d ", line);
if(!ssl_printf(ssl, "error parsing local-data at %sposition %d '%s': %s\n",
linestr, LDNS_WIREPARSE_OFFSET(s), str,
sldns_get_errorstr_parse(s)))
return 0;
return 0;
}
return 1;
}
/** Add new RR data */
static int
perform_data_add(RES* ssl, struct local_zones* zones, char* arg)
perform_data_add(RES* ssl, struct local_zones* zones, char* arg, int line)
{
if(!check_RR_syntax(ssl, arg, line)) {
return 0;
}
if(!local_zones_add_RR(zones, arg)) {
ssl_printf(ssl,"error in syntax or out of memory, %s\n", arg);
return 0;
@ -1319,7 +1344,7 @@ perform_data_add(RES* ssl, struct local_zones* zones, char* arg)
static void
do_data_add(RES* ssl, struct local_zones* zones, char* arg)
{
if(!perform_data_add(ssl, zones, arg))
if(!perform_data_add(ssl, zones, arg, 0))
return;
send_ok(ssl);
}
@ -1329,15 +1354,12 @@ static void
do_datas_add(RES* ssl, struct local_zones* zones)
{
char buf[2048];
int num = 0;
int num = 0, line = 0;
while(ssl_read_line(ssl, buf, sizeof(buf))) {
if(buf[0] == 0x04 && buf[1] == 0)
break; /* end of transmission */
if(!perform_data_add(ssl, zones, buf)) {
if(!ssl_printf(ssl, "error for input line: %s\n", buf))
return;
}
else
line++;
if(perform_data_add(ssl, zones, buf, line))
num++;
}
(void)ssl_printf(ssl, "added %d datas\n", num);
@ -3316,7 +3338,11 @@ int remote_control_callback(struct comm_point* c, void* arg, int err,
if (!rc->use_cert) {
verbose(VERB_ALGO, "unauthenticated remote control connection");
} else if(SSL_get_verify_result(s->ssl) == X509_V_OK) {
#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
X509* x = SSL_get1_peer_certificate(s->ssl);
#else
X509* x = SSL_get_peer_certificate(s->ssl);
#endif
if(!x) {
verbose(VERB_DETAIL, "remote control connection "
"provided no client certificate");

2
daemon/unbound.c
View file

@ -222,7 +222,7 @@ checkrlimits(struct config_file* cfg)
#endif
if(getrlimit(RLIMIT_DATA, &rlim) == 0) {
if(rlim.rlim_cur != (rlim_t)RLIM_INFINITY &&
rlim.rlim_cur < memsize_expect) {
rlim.rlim_cur < (rlim_t)memsize_expect) {
log_warn("the ulimit(data seg size) is smaller than the expected memory usage (added size of caches). %u < %u bytes", (unsigned)rlim.rlim_cur, (unsigned)memsize_expect);
}
}

2
dnstap/dnstap.c
View file

@ -519,7 +519,7 @@ dt_msg_send_outside_response(struct dt_env *env,
struct dt_msg dm;
uint16_t qflags;
log_assert(qbuf_len >= sizeof(qflags));
(void)qbuf_len; log_assert(qbuf_len >= sizeof(qflags));
memcpy(&qflags, qbuf, sizeof(qflags));
qflags = ntohs(qflags);

10
dnstap/unbound-dnstap-socket.c
View file

@ -1012,6 +1012,7 @@ void dtio_tap_callback(int fd, short ATTR_UNUSED(bits), void* arg)
if(verbosity) log_info("bidirectional stream");
if(!reply_with_accept(data)) {
tap_data_free(data);
return;
}
} else if(data->len >= 4 && sldns_read_uint32(data->frame) ==
FSTRM_CONTROL_FRAME_STOP && data->is_bidirectional) {
@ -1166,8 +1167,13 @@ int sig_quit = 0;
/** signal handler for user quit */
static RETSIGTYPE main_sigh(int sig)
{
if(!sig_quit)
fprintf(stderr, "exit on signal %d\n", sig);
if(!sig_quit) {
char str[] = "exit on signal \n";
str[15] = '0' + (sig/10)%10;
str[16] = '0' + sig%10;
/* simple cast to void will not silence Wunused-result */
(void)!write(STDERR_FILENO, str, strlen(str));
}
if(sig_base) {
ub_event_base_loopexit(sig_base);
sig_base = NULL;

145
doc/Changelog
View file

@ -1,3 +1,148 @@
5 August 2021: Wouter
- Tag for 1.13.2rc1 release.
4 August 2021: George
- Merge PR #415 from sibeream: Use
/proc/sys/net/ipv4/ip_local_port_range to determine available outgoing
ports. (New --enable-linux-ip-local-port-range configuration option)
- Bump MAX_RESTART_COUNT to 11 from 8; in relation to #438. This
allows longer CNAME chains in Unbound.
4 August 2021: Wouter
- In unit test use openssl set security level to allow keys in test.
- Fix static analysis warnings about localzone locks that are unused.
- Fix missing locks in zonemd unit test.
- Fix readzone compile under debug config.
- Fix out of sourcedir run of zonemd unit tests.
- Fix libnettle zonemd unit test.
- Fix unit test zonemd_reload for use in run_vm.
3 August 2021: George
- Listen to read or write events after the SSL handshake.
Sticky events on windows would stick on read when write was needed.
3 August 2021: Wouter
- Merge PR #517 from dyunwei: #420 breaks the mesh reply list
function that need to reuse the dns answer.
- Annotate assertion into error printout; we think it may be an
error, but the situation looks harmless.
- Fix sign comparison warning on FreeBSD.
2 August 2021: Wouter
- Prepare for OpenSSL 3.0.0 provider API usage, move the sldns
keyraw functions to produce EVP_PKEY results.
- Move RSA and DSA to use OpenSSL 3.0.0 API.
- Move ECDSA functions to use OpenSSL 3.0.0 API.
- iana portlist update.
- Fix verbose printout failure in tcp reuse unit test.
30 July 2021: Wouter
- Fix #515: Compilation against openssl 3.0.0 beta2 is failing to
build unbound.
- For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and
SSL_get_peer_certificate.
- Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
26 July 2021: George
- Merge #513: Stream reuse, attempt to fix #411, #439, #469. This
introduces a couple of fixes for the stream reuse functionality
that could result in broken internal structures.
26 July 2021: Wouter
- Merge #512: unbound.service.in: upgrade hardening to latest
standards.
- Fix readzone unknown type print for memory resize.
21 July 2021: Wouter
- Fix that ldns_zone_new_frm_fp_l counts the line number for an empty
line after a comment.
16 July 2021: George
- Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.
16 July 2021: Wouter
- Merge #510 from ndptech: Don't call a function which hasn't been
defined.
- Fix for #510: in depth, use ifdefs for windows api event calls.
- Fix spelling in doc/unbound.doxygen comment.
- Fix spelling in localzone.h comment.
- Fix unbound-control local_data and local_datas to print detailed
syntax errors.
- review fix to remove duplicate error printout.
- Insert header into testcode/readzone.c, it was missing.
- Fix from lint for ignored return value.
- Fix for older parsers for function call in serve expired get cached.
6 July 2021: Wouter
- iana portlist update.
5 July 2021: George
- Fix compiler warnings for #491.
- Fix clang-analysis warnings for testcode/readzone.c.
4 July 2021: George
- Fix Wunused-result compile warnings.
2 July 2021: Tom
- Merge PR #491: Add SVCB and HTTPS types and handling according to
draft-ietf-dnsop-svcb-https.
2 July 2021: Wouter
- Fix #506: Python Module Seems to Leak Memory if it Experiences an
Unhandled Exception.
25 June 2021: Wouter
- Fix up permissions on rpl data file in tests.
- Fix testbound newline treatment in moment_read and tempfile write.
- Fix configure grep for reuseport default for failure.
- Fix compat ctime_r return value
- Fix configure does not require pkg-config if not needed.
- Fix unit test in the ctime_r calls for autotrust and in testbound.
- Fix auth zone download on windows to unlink before rename.
24 June 2021: Wouter
- Add analyzer and port compile github workflow.
23 June 2021: Wouter
- Fix #503: DNS over HTTPS response truncated.
- Fix warnings reported by the gcc analyzer.
21 June 2021: George
- Fix #495: Documentation or implementation of "verbosity" option.
18 June 2021: Wouter
- Fix a number of warnings reported by the gcc analyzer.
15 June 2021: George
- Merge #440 by kimheino: Various fixes to contrib/unbound_munin_ file.
14 June 2021: Wouter
- Fix configure nonblocking test and onmingw test to use host.
10 June 2021: Wouter
- Fix #500: SPEC file in version 1.13.1 references version 1.4;
unable to build RPM from source.
- Fix contrib/unbound.spec, fixed url and comment.
9 June 2021: George
- Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable.
- Generated lexer and parser for #486; updated example.conf.
- Fix #413 (based on patch by k-ronny): unbound: does not compile
on macOS 11.1-x86_64 host.
- Use host_os instead of target_os in configure for Darwin8 build.
8 June 2021: George
- Fix unused variable warning when compiling with --enable-dnstap.
7 June 2021: George
- Merge #448 from shoeper: Update unbound-control.8.in, fix
rpz_disable typo.
- Fix #425: Document auth-zone supports communication with DNS
primary on nondefault port.
1 June 2021: George
- Fix test for zonemd-check option.
27 May 2021: Wouter
- Merge #496 from banburybill: Use build system endianness if
available, otherwise try to work it out.

11
doc/example.conf.in
View file

@ -371,6 +371,9 @@ server:
# enable to not answer trustanchor.unbound queries.
# hide-trustanchor: no
# enable to not set the User-Agent HTTP header.
# hide-http-user-agent: no
# the identity to report. Leave "" or default to return hostname.
# identity: ""
@ -380,6 +383,10 @@ server:
# NSID identity (hex string, or "ascii_somestring"). default disabled.
# nsid: "aabbccdd"
# User-Agent HTTP header to use. Leave "" or default to use package name
# and version.
# http-user-agent: ""
# the target fetch policy.
# series of integers describing the policy per dependency depth.
# The number of values in the list determines the maximum dependency
@ -557,6 +564,10 @@ server:
# val-sig-skew-min: 3600
# val-sig-skew-max: 86400
# The maximum number the validator should restart validation with
# another authority in case of failed validation.
# val-max-restart: 5
# Should additional section of secure message also be kept clean of
# unsecure data. Useful to shield the users of this validator from
# potential bogus data in the additional section. All unsigned data

5
doc/unbound-control.8.in
View file

@ -89,8 +89,7 @@ it. If the zone does not exist, the command succeeds.
Add new local data, the given resource record. Like \fBlocal\-data\fR
config statement, except for when no covering zone exists. In that case
this remote control command creates a transparent zone with the same
name as this record. This command is not good at returning detailed syntax
errors.
name as this record.
.TP
.B local_data_remove \fIname
Remove all RR data from local name. If the name already has no items,
@ -308,7 +307,7 @@ serial check). And then the zone is transferred for a newer zone version.
.B rpz_enable \fIzone\fR
Enable the RPZ zone if it had previously been disabled.
.TP
.B rpz_enable \fIzone\fR
.B rpz_disable \fIzone\fR
Disable the RPZ zone.
.TP
.B view_list_local_zones \fIview\fR

34
doc/unbound.conf.5.in
View file

@ -91,9 +91,9 @@ clause.
.B verbosity: \fI<number>
The verbosity number, level 0 means no verbosity, only errors. Level 1
gives operational information. Level 2 gives detailed operational
information. Level 3 gives query level information, output per query.
Level 4 gives algorithm level information. Level 5 logs client
identification for cache misses. Default is level 1.
information including short information per query. Level 3 gives query level
information, output per query. Level 4 gives algorithm level information.
Level 5 logs client identification for cache misses. Default is level 1.
The verbosity can also be increased from the commandline, see \fIunbound\fR(8).
.TP
.B statistics\-interval: \fI<seconds>
@ -852,6 +852,17 @@ If enabled version.server and version.bind queries are refused.
Set the version to report. If set to "", the default, then the package
version is returned.
.TP
.B hide\-http\-user\-agent: \fI<yes or no>
If enabled the HTTP header User-Agent is not set. Use with caution as some
webserver configurations may reject HTTP requests lacking this header.
If needed, it is better to explicitly set the
.B http\-user\-agent
below.
.TP
.B http\-user\-agent: \fI<string>
Set the HTTP User-Agent header for outgoing HTTP requests. If set to "",
the default, then the package name and version are used.
.TP
.B nsid:\fR <string>
Add the specified nsid to the EDNS section of the answer when queried
with an NSID EDNS enabled packet. As a sequence of hex characters or
@ -1140,6 +1151,10 @@ min and max very low disables the clock skew allowances. Setting both
min and max very high makes the validator check the signature timestamps
less strictly.
.TP
.B val\-max\-restart: \fI<number>
The maximum number the validator should restart validation with
another authority in case of failed validation. Default is 5.
.TP
.B val\-bogus\-ttl: \fI<number>
The time to live for bogus data. This is data that has failed validation;
due to invalid signatures or other checks. The TTL from that data cannot be
@ -1923,7 +1938,9 @@ Name of the authority zone.
.B primary: \fI<IP address or host name>
Where to download a copy of the zone from, with AXFR and IXFR. Multiple
primaries can be specified. They are all tried if one fails.
With the "ip#name" notation a AXFR over TLS can be used.
To use a nondefault port for DNS communication append '@' with the port number.
You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name. If you combine
the '@' and '#', the '@' comes first.
If you point it at another Unbound instance, it would not work because
that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
the zonefile as a text file from a webserver that would work.
@ -2539,6 +2556,15 @@ Name of the authority zone.
.B primary: \fI<IP address or host name>
Where to download a copy of the zone from, with AXFR and IXFR. Multiple
primaries can be specified. They are all tried if one fails.
To use a nondefault port for DNS communication append '@' with the port number.
You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name. If you combine
the '@' and '#', the '@' comes first.
If you point it at another Unbound instance, it would not work because
that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
the zonefile as a text file from a webserver that would work.
If you specify the hostname, you cannot use the domain from the zonefile,
because it may not have that when retrieving that data, instead use a plain
IP address to avoid a circular dependency on retrieving that IP address.
.TP
.B master: \fI<IP address or host name>
Alternate syntax for \fBprimary\fR.

2
doc/unbound.doxygen
View file

@ -1076,7 +1076,7 @@ TREEVIEW_WIDTH = 250
FORMULA_FONTSIZE = 10
# Use the FORMULA_TRANPARENT tag to determine whether or not the images
# Use the FORMULA_TRANSPARENT tag to determine whether or not the images
# generated for formulas are transparent PNGs. Transparent PNGs are
# not supported properly for IE 6.0, but are supported on all modern browsers.
# Note that when changing this option you need to delete any form_*.png files

2
iterator/iter_utils.c
View file

@ -440,6 +440,7 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env,
prev = NULL;
a = dp->result_list;
for(i = 0; i < got_num; i++) {
if(!a) break; /* robustness */
swap_to_front = 0;
if(a->addr.ss_family != AF_INET6 && attempt == -1) {
/* if we only have ip4 at low attempt count,
@ -497,6 +498,7 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env,
prev = NULL;
a = dp->result_list;
for(i = 0; i < got_num; i++) {
if(!a) break; /* robustness */
swap_to_front = 0;
if(a->addr.ss_family != AF_INET && attempt == -1) {
/* if we only have ip6 at low attempt count,

2
iterator/iterator.h
View file

@ -61,7 +61,7 @@ struct rbtree_type;
* its subqueries */
#define MAX_TARGET_NX 5
/** max number of query restarts. Determines max number of CNAME chain. */
#define MAX_RESTART_COUNT 8
#define MAX_RESTART_COUNT 11
/** max number of referrals. Makes sure resolver does not run away */
#define MAX_REFERRAL_COUNT 130
/** max number of queries-sent-out. Make sure large NS set does not loop */

1
libunbound/context.c
View file

@ -69,6 +69,7 @@ context_finalize(struct ub_ctx* ctx)
} else {
log_init(cfg->logfile, cfg->use_syslog, NULL);
}
cfg_apply_local_port_policy(cfg, 65536);
config_apply(cfg);
if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env))
return UB_INITFAIL;

30
libunbound/libworker.c
View file

@ -456,8 +456,15 @@ fill_res(struct ub_result* res, struct ub_packed_rrset_key* answer,
if(rep->rrset_count != 0)
res->ttl = (int)rep->ttl;
res->data = (char**)calloc(1, sizeof(char*));
if(!res->data)
return 0; /* out of memory */
res->len = (int*)calloc(1, sizeof(int));
return (res->data && res->len);
if(!res->len) {
free(res->data);
res->data = NULL;
return 0; /* out of memory */
}
return 1;
}
data = (struct packed_rrset_data*)answer->entry.data;
if(query_dname_compare(rq->qname, answer->rk.dname) != 0) {
@ -465,16 +472,31 @@ fill_res(struct ub_result* res, struct ub_packed_rrset_key* answer,
return 0; /* out of memory */
} else res->canonname = NULL;
res->data = (char**)calloc(data->count+1, sizeof(char*));
res->len = (int*)calloc(data->count+1, sizeof(int));
if(!res->data || !res->len)
if(!res->data)
return 0; /* out of memory */
res->len = (int*)calloc(data->count+1, sizeof(int));
if(!res->len) {
free(res->data);
res->data = NULL;
return 0; /* out of memory */
}
for(i=0; i<data->count; i++) {
/* remove rdlength from rdata */
res->len[i] = (int)(data->rr_len[i] - 2);
res->data[i] = memdup(data->rr_data[i]+2, (size_t)res->len[i]);
if(!res->data[i])
if(!res->data[i]) {
size_t j;
for(j=0; j<i; j++) {
free(res->data[j]);
res->data[j] = NULL;
}
free(res->data);
res->data = NULL;
free(res->len);
res->len = NULL;
return 0; /* out of memory */
}
}
/* ttl for positive answers, from CNAME and answer RRs */
if(data->count != 0) {
size_t j;

2
libunbound/python/libunbound.i
View file

@ -936,6 +936,8 @@ int _ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype, int rrclass, v
int r;
struct cb_data* id;
id = (struct cb_data*) malloc(sizeof(struct cb_data));
if(!id)
return -2; /* UB_NOMEM */
id->data = mydata;
id->func = pyfunc;

27
pythonmod/interface.i
View file

@ -1546,7 +1546,7 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len,
{
PyObject *func, *py_edns, *py_qstate, *py_opt_list_out, *py_qinfo;
PyObject *py_rep, *py_repinfo, *py_region;
PyObject *py_args, *py_kwargs, *result;
PyObject *py_args = NULL, *py_kwargs = NULL, *result = NULL;
int res = 0;
double py_start_time = ((double)start_time->tv_sec) + ((double)start_time->tv_usec) / 1.0e6;
@ -1561,11 +1561,20 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len,
py_rep = SWIG_NewPointerObj((void*) rep, SWIGTYPE_p_reply_info, 0);
py_repinfo = SWIG_NewPointerObj((void*) repinfo, SWIGTYPE_p_comm_reply, 0);
py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0);
if(py_qinfo && py_qstate && py_rep && py_edns && py_opt_list_out
&& py_region && py_repinfo) {
py_args = Py_BuildValue("(OOOiOOO)", py_qinfo, py_qstate, py_rep,
rcode, py_edns, py_opt_list_out, py_region);
py_kwargs = Py_BuildValue("{s:O,s:d}", "repinfo", py_repinfo, "start_time",
py_start_time);
if(py_args && py_kwargs) {
result = PyObject_Call(func, py_args, py_kwargs);
} else {
log_err("pythonmod: malloc failure in python_inplace_cb_reply_generic");
}
} else {
log_err("pythonmod: malloc failure in python_inplace_cb_reply_generic");
}
Py_XDECREF(py_edns);
Py_XDECREF(py_qstate);
Py_XDECREF(py_opt_list_out);
@ -1624,6 +1633,7 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len,
{
int res = 0;
PyObject *func = python_callback;
PyObject *py_args = NULL, *py_kwargs = NULL, *result = NULL;
PyGILState_STATE gstate = PyGILState_Ensure();
@ -1632,13 +1642,20 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len,
PyObject *py_addr = SWIG_NewPointerObj((void *) addr, SWIGTYPE_p_sockaddr_storage, 0);
PyObject *py_zone = PyBytes_FromStringAndSize((const char *)zone, zonelen);
PyObject *py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0);
PyObject *py_args = Py_BuildValue("(OiOOOO)", py_qinfo, flags, py_qstate, py_addr, py_zone, py_region);
PyObject *py_kwargs = Py_BuildValue("{}");
PyObject *result = PyObject_Call(func, py_args, py_kwargs);
if(py_qinfo && py_qstate && py_addr && py_zone && py_region) {
py_args = Py_BuildValue("(OiOOOO)", py_qinfo, flags, py_qstate, py_addr, py_zone, py_region);
py_kwargs = Py_BuildValue("{}");
if(py_args && py_kwargs) {
result = PyObject_Call(func, py_args, py_kwargs);
if (result) {
res = PyInt_AsLong(result);
}
} else {
log_err("pythonmod: malloc failure in python_inplace_cb_query_generic");
}
} else {
log_err("pythonmod: malloc failure in python_inplace_cb_query_generic");
}
Py_XDECREF(py_qinfo);
Py_XDECREF(py_qstate);

15
pythonmod/pythonmod.c
View file

@ -245,6 +245,11 @@ cleanup:
/* clear the exception, by not restoring it */
/* Restore the exception state */
/* PyErr_Restore(exc_typ, exc_val, exc_tb); */
/* when using PyErr_Restore there is no need to Py_XDECREF for
* these 3 pointers. */
Py_XDECREF(exc_typ);
Py_XDECREF(exc_val);
Py_XDECREF(exc_tb);
}
int pythonmod_init(struct module_env* env, int id)
@ -561,9 +566,19 @@ void pythonmod_operate(struct module_qstate* qstate, enum module_ev event,
{
/* create qstate */
pq = qstate->minfo[id] = malloc(sizeof(struct pythonmod_qstate));
if(!pq) {
log_err("pythonmod_operate: malloc failure for qstate");
PyGILState_Release(gil);
return;
}
/* Initialize per query data */
pq->data = PyDict_New();
if(!pq->data) {
log_err("pythonmod_operate: malloc failure for query data dict");
PyGILState_Release(gil);
return;
}
}
/* Call operate */

2
respip/respip.c
View file

@ -130,7 +130,7 @@ respip_sockaddr_delete(struct respip_set* set, struct resp_addr* node)
struct resp_addr* prev;
prev = (struct resp_addr*)rbtree_previous((struct rbnode_type*)node);
lock_rw_destroy(&node->lock);
rbtree_delete(&set->ip_tree, node);
(void)rbtree_delete(&set->ip_tree, node);
/* no free'ing, all allocated in region */
if(!prev)
addr_tree_init_parents((rbtree_type*)set);

8
services/authzone.c
View file

@ -5163,6 +5163,9 @@ xfr_write_after_update(struct auth_xfer* xfr, struct module_env* env)
lock_rw_unlock(&z->lock);
return;
}
#ifdef UB_ON_WINDOWS
(void)unlink(zfilename); /* windows does not replace file with rename() */
#endif
if(rename(tmpfile, zfilename) < 0) {
log_err("could not rename(%s, %s): %s", tmpfile, zfilename,
strerror(errno));
@ -5434,7 +5437,7 @@ xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env)
xfr->task_transfer->cp = outnet_comm_point_for_http(
env->outnet, auth_xfer_transfer_http_callback, xfr,
&addr, addrlen, -1, master->ssl, master->host,
master->file);
master->file, env->cfg);
if(!xfr->task_transfer->cp) {
char zname[255+1], as[256];
dname_str(xfr->name, zname);
@ -7179,12 +7182,14 @@ xfer_set_masters(struct auth_master** list, struct config_auth* c,
if(with_http)
for(p = c->urls; p; p = p->next) {
m = auth_master_new(&list);
if(!m) return 0;
m->http = 1;
if(!parse_url(p->str, &m->host, &m->file, &m->port, &m->ssl))
return 0;
}
for(p = c->masters; p; p = p->next) {
m = auth_master_new(&list);
if(!m) return 0;
m->ixfr = 1; /* this flag is not configurable */
m->host = strdup(p->str);
if(!m->host) {
@ -7194,6 +7199,7 @@ xfer_set_masters(struct auth_master** list, struct config_auth* c,
}
for(p = c->allow_notify; p; p = p->next) {
m = auth_master_new(&list);
if(!m) return 0;
m->allow_notify = 1;
m->host = strdup(p->str);
if(!m->host) {

3
services/cache/infra.c vendored
View file

@ -236,6 +236,9 @@ infra_create(struct config_file* cfg)
sizeof(struct infra_cache));
size_t maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+
sizeof(struct infra_data)+INFRA_BYTES_NAME);
if(!infra) {
return NULL;
}
infra->hosts = slabhash_create(cfg->infra_cache_slabs,
INFRA_HOST_STARTSIZE, maxmem, &infra_sizefunc, &infra_compfunc,
&infra_delkeyfunc, &infra_deldatafunc, NULL);

31
services/listen_dnsport.c
View file

@ -2477,6 +2477,10 @@ static int http2_query_read_done(struct http2_session* h2_session,
"buffer already assigned to stream");
return -1;
}
/* the c->buffer might be used by mesh_send_reply and no be cleard
* need to be cleared before use */
sldns_buffer_clear(h2_session->c->buffer);
if(sldns_buffer_remaining(h2_session->c->buffer) <
sldns_buffer_remaining(h2_stream->qbuffer)) {
/* qbuffer will be free'd in frame close cb */
@ -2678,6 +2682,32 @@ static int http2_buffer_uri_query(struct http2_session* h2_session,
return 0;
}
if(sldns_b64_contains_nonurl((char const*)start, length)) {
char buf[65536+4];
verbose(VERB_ALGO, "HTTP2 stream contains wrong b64 encoding");
/* copy to the scratch buffer temporarily to terminate the
* string with a zero */
if(length+1 > sizeof(buf)) {
/* too long */
lock_basic_lock(&http2_query_buffer_count_lock);
http2_query_buffer_count -= expectb64len;
lock_basic_unlock(&http2_query_buffer_count_lock);
sldns_buffer_free(h2_stream->qbuffer);
h2_stream->qbuffer = NULL;
return 1;
}
memmove(buf, start, length);
buf[length] = 0;
if(!(b64len = sldns_b64_pton(buf, sldns_buffer_current(
h2_stream->qbuffer), expectb64len)) || b64len < 0) {
lock_basic_lock(&http2_query_buffer_count_lock);
http2_query_buffer_count -= expectb64len;
lock_basic_unlock(&http2_query_buffer_count_lock);
sldns_buffer_free(h2_stream->qbuffer);
h2_stream->qbuffer = NULL;
return 1;
}
} else {
if(!(b64len = sldns_b64url_pton(
(char const *)start, length,
sldns_buffer_current(h2_stream->qbuffer),
@ -2691,6 +2721,7 @@ static int http2_buffer_uri_query(struct http2_session* h2_session,
* unknown POST */
return 1;
}
}
sldns_buffer_skip(h2_stream->qbuffer, (size_t)b64len);
return 1;
}

16
services/localzone.c
View file

@ -745,9 +745,15 @@ static int
lz_enter_zones(struct local_zones* zones, struct config_file* cfg)
{
struct config_str2list* p;
#ifndef THREADS_DISABLED
struct local_zone* z;
#endif
for(p = cfg->local_zones; p; p = p->next) {
if(!(z=lz_enter_zone(zones, p->str, p->str2,
if(!(
#ifndef THREADS_DISABLED
z=
#endif
lz_enter_zone(zones, p->str, p->str2,
LDNS_RR_CLASS_IN)))
return 0;
lock_rw_unlock(&z->lock);
@ -1027,7 +1033,9 @@ lz_setup_implicit(struct local_zones* zones, struct config_file* cfg)
}
if(have_name) {
uint8_t* n2;
#ifndef THREADS_DISABLED
struct local_zone* z;
#endif
/* allocate zone of smallest shared topdomain to contain em */
n2 = nm;
dname_remove_labels(&n2, &nmlen, nmlabs - match);
@ -1039,7 +1047,11 @@ lz_setup_implicit(struct local_zones* zones, struct config_file* cfg)
}
log_nametypeclass(VERB_ALGO, "implicit transparent local-zone",
n2, 0, dclass);
if(!(z=lz_enter_zone_dname(zones, n2, nmlen, match,
if(!(
#ifndef THREADS_DISABLED
z=
#endif
lz_enter_zone_dname(zones, n2, nmlen, match,
local_zone_transparent, dclass))) {
return 0;
}

2
services/localzone.h
View file

@ -160,7 +160,7 @@ struct local_zone {
rbtree_type data;
/** if data contains zone apex SOA data, this is a ptr to it. */
struct ub_packed_rrset_key* soa;
/** if data contains zone apex SOA data, this is a prt to an
/** if data contains zone apex SOA data, this is a ptr to an
* artificial negative SOA rrset (TTL is the minimum of the TTL and the
* SOA.MINIMUM). */
struct ub_packed_rrset_key* soa_negative;

4
services/mesh.c
View file

@ -439,7 +439,7 @@ mesh_serve_expired_init(struct mesh_state* mstate, int timeout)
mstate->s.serve_expired_data->get_cached_answer =
mstate->s.serve_expired_data->get_cached_answer?
mstate->s.serve_expired_data->get_cached_answer:
mesh_serve_expired_lookup;
&mesh_serve_expired_lookup;
/* In case this timer already popped, start it again */
if(!mstate->s.serve_expired_data->timer) {
@ -1967,7 +1967,7 @@ mesh_serve_expired_callback(void* arg)
while(1) {
fptr_ok(fptr_whitelist_serve_expired_lookup(
qstate->serve_expired_data->get_cached_answer));
msg = qstate->serve_expired_data->get_cached_answer(qstate,
msg = (*qstate->serve_expired_data->get_cached_answer)(qstate,
lookup_qinfo);
if(!msg)
return;

246
services/outside_network.c
View file

@ -90,10 +90,6 @@ static int randomize_and_send_udp(struct pending* pend, sldns_buffer* packet,
static void waiting_list_remove(struct outside_network* outnet,
struct waiting_tcp* w);
/** remove reused element from tree and lru list */
static void reuse_tcp_remove_tree_list(struct outside_network* outnet,
struct reuse_tcp* reuse);
/** select a DNS ID for a TCP stream */
static uint16_t tcp_select_id(struct outside_network* outnet,
struct reuse_tcp* reuse);
@ -351,6 +347,8 @@ log_reuse_tcp(enum verbosity_value v, const char* msg, struct reuse_tcp* reuse)
uint16_t port;
char addrbuf[128];
if(verbosity < v) return;
if(!reuse || !reuse->pending || !reuse->pending->c)
return;
addr_to_str(&reuse->addr, reuse->addrlen, addrbuf, sizeof(addrbuf));
port = ntohs(((struct sockaddr_in*)&reuse->addr)->sin_port);
verbose(v, "%s %s#%u fd %d", msg, addrbuf, (unsigned)port,
@ -370,6 +368,8 @@ static struct waiting_tcp* reuse_write_wait_pop(struct reuse_tcp* reuse)
w->write_wait_next->write_wait_prev = NULL;
else reuse->write_wait_last = NULL;
w->write_wait_queued = 0;
w->write_wait_next = NULL;
w->write_wait_prev = NULL;
return w;
}
@ -377,6 +377,8 @@ static struct waiting_tcp* reuse_write_wait_pop(struct reuse_tcp* reuse)
static void reuse_write_wait_remove(struct reuse_tcp* reuse,
struct waiting_tcp* w)
{
log_assert(w);
log_assert(w->write_wait_queued);
if(!w)
return;
if(!w->write_wait_queued)
@ -384,10 +386,16 @@ static void reuse_write_wait_remove(struct reuse_tcp* reuse,
if(w->write_wait_prev)
w->write_wait_prev->write_wait_next = w->write_wait_next;
else reuse->write_wait_first = w->write_wait_next;
log_assert(!w->write_wait_prev ||
w->write_wait_prev->write_wait_next != w->write_wait_prev);
if(w->write_wait_next)
w->write_wait_next->write_wait_prev = w->write_wait_prev;
else reuse->write_wait_last = w->write_wait_prev;
log_assert(!w->write_wait_next
|| w->write_wait_next->write_wait_prev != w->write_wait_next);
w->write_wait_queued = 0;
w->write_wait_next = NULL;
w->write_wait_prev = NULL;
}
/** push the element after the last on the writewait list */
@ -398,6 +406,8 @@ static void reuse_write_wait_push_back(struct reuse_tcp* reuse,
log_assert(!w->write_wait_queued);
if(reuse->write_wait_last) {
reuse->write_wait_last->write_wait_next = w;
log_assert(reuse->write_wait_last->write_wait_next !=
reuse->write_wait_last);
w->write_wait_prev = reuse->write_wait_last;
} else {
reuse->write_wait_first = w;
@ -447,34 +457,45 @@ tree_by_id_get_id(rbnode_type* node)
}
/** insert into reuse tcp tree and LRU, false on failure (duplicate) */
static int
int
reuse_tcp_insert(struct outside_network* outnet, struct pending_tcp* pend_tcp)
{
log_reuse_tcp(VERB_CLIENT, "reuse_tcp_insert", &pend_tcp->reuse);
if(pend_tcp->reuse.item_on_lru_list) {
if(!pend_tcp->reuse.node.key)
log_err("internal error: reuse_tcp_insert: on lru list without key");
log_err("internal error: reuse_tcp_insert: "
"in lru list without key");
return 1;
}
pend_tcp->reuse.node.key = &pend_tcp->reuse;
pend_tcp->reuse.pending = pend_tcp;
if(!rbtree_insert(&outnet->tcp_reuse, &pend_tcp->reuse.node)) {
/* this is a duplicate connection, close this one */
verbose(VERB_CLIENT, "reuse_tcp_insert: duplicate connection");
pend_tcp->reuse.node.key = NULL;
return 0;
/* We are not in the LRU list but we are already in the
* tcp_reuse tree, strange.
* Continue to add ourselves to the LRU list. */
log_err("internal error: reuse_tcp_insert: in lru list but "
"not in the tree");
}
/* insert into LRU, first is newest */
pend_tcp->reuse.lru_prev = NULL;
if(outnet->tcp_reuse_first) {
pend_tcp->reuse.lru_next = outnet->tcp_reuse_first;
log_assert(pend_tcp->reuse.lru_next != &pend_tcp->reuse);
outnet->tcp_reuse_first->lru_prev = &pend_tcp->reuse;
log_assert(outnet->tcp_reuse_first->lru_prev !=
outnet->tcp_reuse_first);
} else {
pend_tcp->reuse.lru_next = NULL;
outnet->tcp_reuse_last = &pend_tcp->reuse;
}
outnet->tcp_reuse_first = &pend_tcp->reuse;
pend_tcp->reuse.item_on_lru_list = 1;
log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
(outnet->tcp_reuse_first && outnet->tcp_reuse_last));
log_assert(outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_next &&
outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_prev);
log_assert(outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_next &&
outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_prev);
return 1;
}
@ -712,28 +733,65 @@ outnet_tcp_take_into_use(struct waiting_tcp* w)
/** Touch the lru of a reuse_tcp element, it is in use.
* This moves it to the front of the list, where it is not likely to
* be closed. Items at the back of the list are closed to make space. */
static void
void
reuse_tcp_lru_touch(struct outside_network* outnet, struct reuse_tcp* reuse)
{
if(!reuse->item_on_lru_list) {
log_err("internal error: we need to touch the lru_list but item not in list");
return; /* not on the list, no lru to modify */
}
log_assert(reuse->lru_prev ||
(!reuse->lru_prev && outnet->tcp_reuse_first == reuse));
if(!reuse->lru_prev)
return; /* already first in the list */
/* remove at current position */
/* since it is not first, there is a previous element */
reuse->lru_prev->lru_next = reuse->lru_next;
log_assert(reuse->lru_prev->lru_next != reuse->lru_prev);
if(reuse->lru_next)
reuse->lru_next->lru_prev = reuse->lru_prev;
else outnet->tcp_reuse_last = reuse->lru_prev;
log_assert(!reuse->lru_next || reuse->lru_next->lru_prev != reuse->lru_next);
log_assert(outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_next &&
outnet->tcp_reuse_last != outnet->tcp_reuse_last->lru_prev);
/* insert at the front */
reuse->lru_prev = NULL;
reuse->lru_next = outnet->tcp_reuse_first;
if(outnet->tcp_reuse_first) {
outnet->tcp_reuse_first->lru_prev = reuse;
}
log_assert(reuse->lru_next != reuse);
/* since it is not first, it is not the only element and
* lru_next is thus not NULL and thus reuse is now not the last in
* the list, so outnet->tcp_reuse_last does not need to be modified */
outnet->tcp_reuse_first = reuse;
log_assert(outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_next &&
outnet->tcp_reuse_first != outnet->tcp_reuse_first->lru_prev);
log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
(outnet->tcp_reuse_first && outnet->tcp_reuse_last));
}
/** Snip the last reuse_tcp element off of the LRU list */
struct reuse_tcp*
reuse_tcp_lru_snip(struct outside_network* outnet)
{
struct reuse_tcp* reuse = outnet->tcp_reuse_last;
if(!reuse) return NULL;
/* snip off of LRU */
log_assert(reuse->lru_next == NULL);
if(reuse->lru_prev) {
outnet->tcp_reuse_last = reuse->lru_prev;
reuse->lru_prev->lru_next = NULL;
} else {
outnet->tcp_reuse_last = NULL;
outnet->tcp_reuse_first = NULL;
}
log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
(outnet->tcp_reuse_first && outnet->tcp_reuse_last));
reuse->item_on_lru_list = 0;
reuse->lru_next = NULL;
reuse->lru_prev = NULL;
return reuse;
}
/** call callback on waiting_tcp, if not NULL */
@ -747,21 +805,71 @@ waiting_tcp_callback(struct waiting_tcp* w, struct comm_point* c, int error,
}
}
/** add waiting_tcp element to the outnet tcp waiting list */
static void
outnet_add_tcp_waiting(struct outside_network* outnet, struct waiting_tcp* w)
{
struct timeval tv;
log_assert(!w->on_tcp_waiting_list);
if(w->on_tcp_waiting_list)
return;
w->next_waiting = NULL;
if(outnet->tcp_wait_last)
outnet->tcp_wait_last->next_waiting = w;
else outnet->tcp_wait_first = w;
outnet->tcp_wait_last = w;
w->on_tcp_waiting_list = 1;
#ifndef S_SPLINT_S
tv.tv_sec = w->timeout/1000;
tv.tv_usec = (w->timeout%1000)*1000;
#endif
comm_timer_set(w->timer, &tv);
}
/** add waiting_tcp element as first to the outnet tcp waiting list */
static void
outnet_add_tcp_waiting_first(struct outside_network* outnet,
struct waiting_tcp* w, int reset_timer)
{
struct timeval tv;
log_assert(!w->on_tcp_waiting_list);
if(w->on_tcp_waiting_list)
return;
w->next_waiting = outnet->tcp_wait_first;
if(!outnet->tcp_wait_last)
outnet->tcp_wait_last = w;
outnet->tcp_wait_first = w;
w->on_tcp_waiting_list = 1;
if(reset_timer) {
#ifndef S_SPLINT_S
tv.tv_sec = w->timeout/1000;
tv.tv_usec = (w->timeout%1000)*1000;
#endif
comm_timer_set(w->timer, &tv);
}
log_assert(
(!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
(outnet->tcp_reuse_first && outnet->tcp_reuse_last));
}
/** see if buffers can be used to service TCP queries */
static void
use_free_buffer(struct outside_network* outnet)
{
struct waiting_tcp* w;
while(outnet->tcp_free && outnet->tcp_wait_first
&& !outnet->want_to_quit) {
while(outnet->tcp_wait_first && !outnet->want_to_quit) {
#ifdef USE_DNSTAP
struct pending_tcp* pend_tcp = NULL;
#endif
struct reuse_tcp* reuse = NULL;
w = outnet->tcp_wait_first;
log_assert(w->on_tcp_waiting_list);
outnet->tcp_wait_first = w->next_waiting;
if(outnet->tcp_wait_last == w)
outnet->tcp_wait_last = NULL;
log_assert(
(!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
(outnet->tcp_reuse_first && outnet->tcp_reuse_last));
w->on_tcp_waiting_list = 0;
reuse = reuse_tcp_find(outnet, &w->addr, w->addrlen,
w->ssl_upstream);
@ -790,7 +898,7 @@ use_free_buffer(struct outside_network* outnet)
reuse->pending->c->fd, reuse->pending,
w);
}
} else {
} else if(outnet->tcp_free) {
struct pending_tcp* pend = w->outnet->tcp_free;
rbtree_init(&pend->reuse.tree_by_id, reuse_id_cmp);
pend->reuse.pending = pend;
@ -807,6 +915,10 @@ use_free_buffer(struct outside_network* outnet)
#ifdef USE_DNSTAP
pend_tcp = pend;
#endif
} else {
/* no reuse and no free buffer, put back at the start */
outnet_add_tcp_waiting_first(outnet, w, 0);
break;
}
#ifdef USE_DNSTAP
if(outnet->dtenv && pend_tcp && w && w->sq &&
@ -822,26 +934,6 @@ use_free_buffer(struct outside_network* outnet)
}
}
/** add waiting_tcp element to the outnet tcp waiting list */
static void
outnet_add_tcp_waiting(struct outside_network* outnet, struct waiting_tcp* w)
{
struct timeval tv;
if(w->on_tcp_waiting_list)
return;
w->next_waiting = NULL;
if(outnet->tcp_wait_last)
outnet->tcp_wait_last->next_waiting = w;
else outnet->tcp_wait_first = w;
outnet->tcp_wait_last = w;
w->on_tcp_waiting_list = 1;
#ifndef S_SPLINT_S
tv.tv_sec = w->timeout/1000;
tv.tv_usec = (w->timeout%1000)*1000;
#endif
comm_timer_set(w->timer, &tv);
}
/** delete element from tree by id */
static void
reuse_tree_by_id_delete(struct reuse_tcp* reuse, struct waiting_tcp* w)
@ -915,7 +1007,7 @@ reuse_move_writewait_away(struct outside_network* outnet,
}
/** remove reused element from tree and lru list */
static void
void
reuse_tcp_remove_tree_list(struct outside_network* outnet,
struct reuse_tcp* reuse)
{
@ -941,21 +1033,38 @@ reuse_tcp_remove_tree_list(struct outside_network* outnet,
* and thus have a pending pointer to the struct */
log_assert(reuse->lru_prev->pending);
reuse->lru_prev->lru_next = reuse->lru_next;
log_assert(reuse->lru_prev->lru_next != reuse->lru_prev);
} else {
log_assert(!reuse->lru_next || reuse->lru_next->pending);
outnet->tcp_reuse_first = reuse->lru_next;
log_assert(!outnet->tcp_reuse_first ||
(outnet->tcp_reuse_first !=
outnet->tcp_reuse_first->lru_next &&
outnet->tcp_reuse_first !=
outnet->tcp_reuse_first->lru_prev));
}
if(reuse->lru_next) {
/* assert that members of the lru list are waiting
* and thus have a pending pointer to the struct */
log_assert(reuse->lru_next->pending);
reuse->lru_next->lru_prev = reuse->lru_prev;
log_assert(reuse->lru_next->lru_prev != reuse->lru_next);
} else {
log_assert(!reuse->lru_prev || reuse->lru_prev->pending);
outnet->tcp_reuse_last = reuse->lru_prev;
log_assert(!outnet->tcp_reuse_last ||
(outnet->tcp_reuse_last !=
outnet->tcp_reuse_last->lru_next &&
outnet->tcp_reuse_last !=
outnet->tcp_reuse_last->lru_prev));
}
log_assert((!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
(outnet->tcp_reuse_first && outnet->tcp_reuse_last));
reuse->item_on_lru_list = 0;
reuse->lru_next = NULL;
reuse->lru_prev = NULL;
}
reuse->pending = NULL;
}
/** helper function that deletes an element from the tree of readwait
@ -982,8 +1091,12 @@ decommission_pending_tcp(struct outside_network* outnet,
struct pending_tcp* pend)
{
verbose(VERB_CLIENT, "decommission_pending_tcp");
/* A certain code path can lead here twice for the same pending_tcp
* creating a loop in the free pending_tcp list. */
if(outnet->tcp_free != pend) {
pend->next_free = outnet->tcp_free;
outnet->tcp_free = pend;
}
if(pend->reuse.node.key) {
/* needs unlink from the reuse tree to get deleted */
reuse_tcp_remove_tree_list(outnet, &pend->reuse);
@ -1069,6 +1182,7 @@ outnet_tcp_cb(struct comm_point* c, void* arg, int error,
struct pending_tcp* pend = (struct pending_tcp*)arg;
struct outside_network* outnet = pend->reuse.outnet;
struct waiting_tcp* w = NULL;
log_assert(pend->reuse.item_on_lru_list && pend->reuse.node.key);
verbose(VERB_ALGO, "outnettcp cb");
if(error == NETEVENT_TIMEOUT) {
if(pend->c->tcp_write_and_read) {
@ -1680,22 +1794,19 @@ outside_network_delete(struct outside_network* outnet)
size_t i;
for(i=0; i<outnet->num_tcp; i++)
if(outnet->tcp_conns[i]) {
if(outnet->tcp_conns[i]->query &&
!outnet->tcp_conns[i]->query->
on_tcp_waiting_list) {
struct pending_tcp* pend;
pend = outnet->tcp_conns[i];
if(pend->reuse.item_on_lru_list) {
/* delete waiting_tcp elements that
* the tcp conn is working on */
struct pending_tcp* pend =
(struct pending_tcp*)outnet->
tcp_conns[i]->query->
next_waiting;
decommission_pending_tcp(outnet, pend);
}
comm_point_delete(outnet->tcp_conns[i]->c);
waiting_tcp_delete(outnet->tcp_conns[i]->query);
free(outnet->tcp_conns[i]);
outnet->tcp_conns[i] = NULL;
}
free(outnet->tcp_conns);
outnet->tcp_conns = NULL;
}
if(outnet->tcp_wait_first) {
struct waiting_tcp* p = outnet->tcp_wait_first, *np;
@ -2093,24 +2204,12 @@ outnet_tcptimer(void* arg)
static void
reuse_tcp_close_oldest(struct outside_network* outnet)
{
struct pending_tcp* pend;
struct reuse_tcp* reuse;
verbose(VERB_CLIENT, "reuse_tcp_close_oldest");
if(!outnet->tcp_reuse_last) return;
pend = outnet->tcp_reuse_last->pending;
/* snip off of LRU */
log_assert(pend->reuse.lru_next == NULL);
if(pend->reuse.lru_prev) {
outnet->tcp_reuse_last = pend->reuse.lru_prev;
pend->reuse.lru_prev->lru_next = NULL;
} else {
outnet->tcp_reuse_last = NULL;
outnet->tcp_reuse_first = NULL;
}
pend->reuse.item_on_lru_list = 0;
reuse = reuse_tcp_lru_snip(outnet);
if(!reuse) return;
/* free up */
reuse_cb_and_decommission(outnet, pend, NETEVENT_CLOSED);
reuse_cb_and_decommission(outnet, reuse->pending, NETEVENT_CLOSED);
}
static uint16_t
@ -2216,6 +2315,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet,
reuse_tcp_lru_touch(sq->outnet, reuse);
}
log_assert(!reuse || (reuse && pend));
/* if !pend but we have reuse streams, close a reuse stream
* to be able to open a new one to this target, no use waiting
* to reuse a file descriptor while another query needs to use
@ -2223,6 +2323,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet,
if(!pend) {
reuse_tcp_close_oldest(sq->outnet);
pend = sq->outnet->tcp_free;
log_assert(!reuse || (pend == reuse->pending));
}
/* allocate space to store query */
@ -2261,6 +2362,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet,
if(pend) {
/* we have a buffer available right now */
if(reuse) {
log_assert(reuse == &pend->reuse);
/* reuse existing fd, write query and continue */
/* store query in tree by id */
verbose(VERB_CLIENT, "pending_tcp_query: reuse, store");
@ -2447,6 +2549,9 @@ waiting_list_remove(struct outside_network* outnet, struct waiting_tcp* w)
prev = p;
p = p->next_waiting;
}
/* waiting_list_remove is currently called only with items that are
* already in the waiting list. */
log_assert(0);
}
/** reuse tcp stream, remove serviced query from stream,
@ -3434,15 +3539,28 @@ outnet_comm_point_for_tcp(struct outside_network* outnet,
return cp;
}
/** setup the User-Agent HTTP header based on http-user-agent configuration */
static void
setup_http_user_agent(sldns_buffer* buf, struct config_file* cfg)
{
if(cfg->hide_http_user_agent) return;
if(cfg->http_user_agent==NULL || cfg->http_user_agent[0] == 0) {
sldns_buffer_printf(buf, "User-Agent: %s/%s\r\n", PACKAGE_NAME,
PACKAGE_VERSION);
} else {
sldns_buffer_printf(buf, "User-Agent: %s\r\n", cfg->http_user_agent);
}
}
/** setup http request headers in buffer for sending query to destination */
static int
setup_http_request(sldns_buffer* buf, char* host, char* path)
setup_http_request(sldns_buffer* buf, char* host, char* path,
struct config_file* cfg)
{
sldns_buffer_clear(buf);
sldns_buffer_printf(buf, "GET /%s HTTP/1.1\r\n", path);
sldns_buffer_printf(buf, "Host: %s\r\n", host);
sldns_buffer_printf(buf, "User-Agent: unbound/%s\r\n",
PACKAGE_VERSION);
setup_http_user_agent(buf, cfg);
/* We do not really do multiple queries per connection,
* but this header setting is also not needed.
* sldns_buffer_printf(buf, "Connection: close\r\n") */
@ -3458,7 +3576,7 @@ struct comm_point*
outnet_comm_point_for_http(struct outside_network* outnet,
comm_point_callback_type* cb, void* cb_arg,
struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout,
int ssl, char* host, char* path)
int ssl, char* host, char* path, struct config_file* cfg)
{
/* cp calls cb with err=NETEVENT_DONE when transfer is done */
struct comm_point* cp;
@ -3494,7 +3612,7 @@ outnet_comm_point_for_http(struct outside_network* outnet,
comm_point_start_listening(cp, fd, timeout);
/* setup http request in cp->buffer */
if(!setup_http_request(cp->buffer, host, path)) {
if(!setup_http_request(cp->buffer, host, path, cfg)) {
log_err("error setting up http request");
comm_point_delete(cp);
return NULL;

22
services/outside_network.h
View file

@ -63,6 +63,7 @@ struct edns_option;
struct module_env;
struct module_qstate;
struct query_info;
struct config_file;
/**
* Send queries to outside servers and wait for answers from servers.
@ -681,12 +682,28 @@ struct waiting_tcp* reuse_tcp_by_id_find(struct reuse_tcp* reuse, uint16_t id);
/** insert element in tree by id */
void reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w);
/** insert element in tcp_reuse tree and LRU list */
int reuse_tcp_insert(struct outside_network* outnet,
struct pending_tcp* pend_tcp);
/** touch the LRU of the element */
void reuse_tcp_lru_touch(struct outside_network* outnet,
struct reuse_tcp* reuse);
/** remove element from tree and LRU list */
void reuse_tcp_remove_tree_list(struct outside_network* outnet,
struct reuse_tcp* reuse);
/** snip the last reuse_tcp element off of the LRU list if any */
struct reuse_tcp* reuse_tcp_lru_snip(struct outside_network* outnet);
/** delete readwait waiting_tcp elements, deletes the elements in the list */
void reuse_del_readwait(rbtree_type* tree_by_id);
/** get TCP file descriptor for address, returns -1 on failure,
* tcp_mss is 0 or maxseg size to set for TCP packets. */
int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int dscp);
int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen,
int tcp_mss, int dscp);
/**
* Create udp commpoint suitable for sending packets to the destination.
@ -740,12 +757,13 @@ struct comm_point* outnet_comm_point_for_tcp(struct outside_network* outnet,
* @param ssl: set to true for https.
* @param host: hostname to use for the destination. part of http request.
* @param path: pathname to lookup, eg. name of the file on the destination.
* @param cfg: running configuration for User-Agent setup.
* @return http_out commpoint, or NULL.
*/
struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet,
comm_point_callback_type* cb, void* cb_arg,
struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout,
int ssl, char* host, char* path);
int ssl, char* host, char* path, struct config_file* cfg);
/** connect tcp connection to addr, 0 on failure */
int outnet_tcp_connect(int s, struct sockaddr_storage* addr, socklen_t addrlen);

323
sldns/keyraw.c
View file

@ -26,12 +26,16 @@
#ifdef HAVE_OPENSSL_BN_H
#include <openssl/bn.h>
#endif
#ifdef HAVE_OPENSSL_PARAM_BUILD_H
# include <openssl/param_build.h>
#else
# ifdef HAVE_OPENSSL_RSA_H
# include <openssl/rsa.h>
# endif
# ifdef HAVE_OPENSSL_DSA_H
# include <openssl/dsa.h>
# endif
#endif
#endif /* HAVE_SSL */
size_t
@ -191,45 +195,59 @@ void sldns_key_EVP_unload_gost(void)
}
#endif /* USE_GOST */
DSA *
sldns_key_buf2dsa_raw(unsigned char* key, size_t len)
/* Retrieve params as BIGNUM from raw buffer */
static int
sldns_key_dsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** p,
BIGNUM** q, BIGNUM** g, BIGNUM** y)
{
uint8_t T;
uint16_t length;
uint16_t offset;
DSA *dsa;
BIGNUM *Q; BIGNUM *P;
BIGNUM *G; BIGNUM *Y;
if(len == 0)
return NULL;
return 0;
T = (uint8_t)key[0];
length = (64 + T * 8);
offset = 1;
if (T > 8) {
return NULL;
return 0;
}
if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length)
return NULL;
return 0;
Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
*q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
offset += SHA_DIGEST_LENGTH;
P = BN_bin2bn(key+offset, (int)length, NULL);
*p = BN_bin2bn(key+offset, (int)length, NULL);
offset += length;
G = BN_bin2bn(key+offset, (int)length, NULL);
*g = BN_bin2bn(key+offset, (int)length, NULL);
offset += length;
Y = BN_bin2bn(key+offset, (int)length, NULL);
*y = BN_bin2bn(key+offset, (int)length, NULL);
if(!*q || !*p || !*g || !*y) {
BN_free(*q);
BN_free(*p);
BN_free(*g);
BN_free(*y);
return 0;
}
return 1;
}
#ifndef HAVE_OSSL_PARAM_BLD_NEW
DSA *
sldns_key_buf2dsa_raw(unsigned char* key, size_t len)
{
DSA *dsa;
BIGNUM *Q=NULL, *P=NULL, *G=NULL, *Y=NULL;
if(!sldns_key_dsa_buf_bignum(key, len, &P, &Q, &G, &Y)) {
return NULL;
}
/* create the key and set its properties */
if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
BN_free(Q);
BN_free(P);
BN_free(G);
BN_free(Y);
if(!(dsa = DSA_new())) {
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
@ -261,22 +279,111 @@ sldns_key_buf2dsa_raw(unsigned char* key, size_t len)
return dsa;
}
#endif /* HAVE_OSSL_PARAM_BLD_NEW */
RSA *
sldns_key_buf2rsa_raw(unsigned char* key, size_t len)
EVP_PKEY *sldns_key_dsa2pkey_raw(unsigned char* key, size_t len)
{
#ifdef HAVE_OSSL_PARAM_BLD_NEW
EVP_PKEY* evp_key = NULL;
EVP_PKEY_CTX* ctx;
BIGNUM *p=NULL, *q=NULL, *g=NULL, *y=NULL;
OSSL_PARAM_BLD* param_bld;
OSSL_PARAM* params = NULL;
if(!sldns_key_dsa_buf_bignum(key, len, &p, &q, &g, &y)) {
return NULL;
}
param_bld = OSSL_PARAM_BLD_new();
if(!param_bld) {
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return NULL;
}
if(!OSSL_PARAM_BLD_push_BN(param_bld, "p", p) ||
!OSSL_PARAM_BLD_push_BN(param_bld, "g", g) ||
!OSSL_PARAM_BLD_push_BN(param_bld, "q", q) ||
!OSSL_PARAM_BLD_push_BN(param_bld, "pub", y)) {
OSSL_PARAM_BLD_free(param_bld);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return NULL;
}
params = OSSL_PARAM_BLD_to_param(param_bld);
OSSL_PARAM_BLD_free(param_bld);
ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
if(!ctx) {
OSSL_PARAM_free(params);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return NULL;
}
if(EVP_PKEY_fromdata_init(ctx) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return NULL;
}
if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return NULL;
}
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(y);
return evp_key;
#else
DSA* dsa;
EVP_PKEY* evp_key = EVP_PKEY_new();
if(!evp_key) {
return NULL;
}
dsa = sldns_key_buf2dsa_raw(key, len);
if(!dsa) {
EVP_PKEY_free(evp_key);
return NULL;
}
if(EVP_PKEY_assign_DSA(evp_key, dsa) == 0) {
DSA_free(dsa);
EVP_PKEY_free(evp_key);
return NULL;
}
return evp_key;
#endif
}
/* Retrieve params as BIGNUM from raw buffer, n is modulus, e is exponent */
static int
sldns_key_rsa_buf_bignum(unsigned char* key, size_t len, BIGNUM** n,
BIGNUM** e)
{
uint16_t offset;
uint16_t exp;
uint16_t int16;
RSA *rsa;
BIGNUM *modulus;
BIGNUM *exponent;
if (len == 0)
return NULL;
return 0;
if (key[0] == 0) {
if(len < 3)
return NULL;
return 0;
memmove(&int16, key+1, 2);
exp = ntohs(int16);
offset = 3;
@ -287,23 +394,34 @@ sldns_key_buf2rsa_raw(unsigned char* key, size_t len)
/* key length at least one */
if(len < (size_t)offset + exp + 1)
return NULL;
return 0;
/* Exponent */
exponent = BN_new();
if(!exponent) return NULL;
(void) BN_bin2bn(key+offset, (int)exp, exponent);
*e = BN_new();
if(!*e) return 0;
(void) BN_bin2bn(key+offset, (int)exp, *e);
offset += exp;
/* Modulus */
modulus = BN_new();
if(!modulus) {
BN_free(exponent);
return NULL;
*n = BN_new();
if(!*n) {
BN_free(*e);
return 0;
}
/* length of the buffer must match the key length! */
(void) BN_bin2bn(key+offset, (int)(len - offset), modulus);
(void) BN_bin2bn(key+offset, (int)(len - offset), *n);
return 1;
}
#ifndef HAVE_OSSL_PARAM_BLD_NEW
RSA *
sldns_key_buf2rsa_raw(unsigned char* key, size_t len)
{
BIGNUM* modulus = NULL;
BIGNUM* exponent = NULL;
RSA *rsa;
if(!sldns_key_rsa_buf_bignum(key, len, &modulus, &exponent))
return NULL;
rsa = RSA_new();
if(!rsa) {
BN_free(exponent);
@ -327,6 +445,88 @@ sldns_key_buf2rsa_raw(unsigned char* key, size_t len)
return rsa;
}
#endif /* HAVE_OSSL_PARAM_BLD_NEW */
EVP_PKEY* sldns_key_rsa2pkey_raw(unsigned char* key, size_t len)
{
#ifdef HAVE_OSSL_PARAM_BLD_NEW
EVP_PKEY* evp_key = NULL;
EVP_PKEY_CTX* ctx;
BIGNUM *n=NULL, *e=NULL;
OSSL_PARAM_BLD* param_bld;
OSSL_PARAM* params = NULL;
if(!sldns_key_rsa_buf_bignum(key, len, &n, &e)) {
return NULL;
}
param_bld = OSSL_PARAM_BLD_new();
if(!param_bld) {
BN_free(n);
BN_free(e);
return NULL;
}
if(!OSSL_PARAM_BLD_push_BN(param_bld, "n", n)) {
OSSL_PARAM_BLD_free(param_bld);
BN_free(n);
BN_free(e);
return NULL;
}
if(!OSSL_PARAM_BLD_push_BN(param_bld, "e", e)) {
OSSL_PARAM_BLD_free(param_bld);
BN_free(n);
BN_free(e);
return NULL;
}
params = OSSL_PARAM_BLD_to_param(param_bld);
OSSL_PARAM_BLD_free(param_bld);
ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
if(!ctx) {
OSSL_PARAM_free(params);
BN_free(n);
BN_free(e);
return NULL;
}
if(EVP_PKEY_fromdata_init(ctx) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(n);
BN_free(e);
return NULL;
}
if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(n);
BN_free(e);
return NULL;
}
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
BN_free(n);
BN_free(e);
return evp_key;
#else
RSA* rsa;
EVP_PKEY *evp_key = EVP_PKEY_new();
if(!evp_key) {
return NULL;
}
rsa = sldns_key_buf2rsa_raw(key, len);
if(!rsa) {
EVP_PKEY_free(evp_key);
return NULL;
}
if(EVP_PKEY_assign_RSA(evp_key, rsa) == 0) {
RSA_free(rsa);
EVP_PKEY_free(evp_key);
return NULL;
}
return evp_key;
#endif
}
#ifdef USE_GOST
EVP_PKEY*
@ -357,6 +557,62 @@ sldns_gost2pkey_raw(unsigned char* key, size_t keylen)
EVP_PKEY*
sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
{
#ifdef HAVE_OSSL_PARAM_BLD_NEW
unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
EVP_PKEY *evp_key = NULL;
EVP_PKEY_CTX* ctx;
OSSL_PARAM_BLD* param_bld;
OSSL_PARAM* params = NULL;
char* group = NULL;
/* check length, which uncompressed must be 2 bignums */
if(algo == LDNS_ECDSAP256SHA256) {
if(keylen != 2*256/8) return NULL;
group = "prime256v1";
} else if(algo == LDNS_ECDSAP384SHA384) {
if(keylen != 2*384/8) return NULL;
group = "P-384";
} else {
return NULL;
}
if(keylen+1 > sizeof(buf)) { /* sanity check */
return NULL;
}
/* prepend the 0x04 for uncompressed format */
buf[0] = POINT_CONVERSION_UNCOMPRESSED;
memmove(buf+1, key, keylen);
param_bld = OSSL_PARAM_BLD_new();
if(!param_bld) {
return NULL;
}
if(!OSSL_PARAM_BLD_push_utf8_string(param_bld, "group", group, 0) ||
!OSSL_PARAM_BLD_push_octet_string(param_bld, "pub", buf, keylen+1)) {
OSSL_PARAM_BLD_free(param_bld);
return NULL;
}
params = OSSL_PARAM_BLD_to_param(param_bld);
OSSL_PARAM_BLD_free(param_bld);
ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
if(!ctx) {
OSSL_PARAM_free(params);
return NULL;
}
if(EVP_PKEY_fromdata_init(ctx) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
return NULL;
}
if(EVP_PKEY_fromdata(ctx, &evp_key, EVP_PKEY_PUBLIC_KEY, params) <= 0) {
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
return NULL;
}
EVP_PKEY_CTX_free(ctx);
OSSL_PARAM_free(params);
return evp_key;
#else
unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
const unsigned char* pp = buf;
EVP_PKEY *evp_key;
@ -393,6 +649,7 @@ sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
return NULL;
}
return evp_key;
#endif /* HAVE_OSSL_PARAM_BLD_NEW */
}
#endif /* USE_ECDSA */

20
sldns/keyraw.h
View file

@ -57,6 +57,7 @@ int sldns_key_EVP_load_gost_id(void);
/** Release the engine reference held for the GOST engine. */
void sldns_key_EVP_unload_gost(void);
#ifndef HAVE_OSSL_PARAM_BLD_NEW
/**
* Like sldns_key_buf2dsa, but uses raw buffer.
* \param[in] key the uncompressed wireformat of the key.
@ -64,6 +65,15 @@ void sldns_key_EVP_unload_gost(void);
* \return a DSA * structure with the key material
*/
DSA *sldns_key_buf2dsa_raw(unsigned char* key, size_t len);
#endif
/**
* Converts a holding buffer with DSA key material to EVP PKEY in openssl.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return the key or NULL on error.
*/
EVP_PKEY *sldns_key_dsa2pkey_raw(unsigned char* key, size_t len);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.
@ -84,6 +94,7 @@ EVP_PKEY* sldns_gost2pkey_raw(unsigned char* key, size_t keylen);
*/
EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
#ifndef HAVE_OSSL_PARAM_BLD_NEW
/**
* Like sldns_key_buf2rsa, but uses raw buffer.
* \param[in] key the uncompressed wireformat of the key.
@ -91,6 +102,15 @@ EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
* \return a RSA * structure with the key material
*/
RSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len);
#endif
/**
* Converts a holding buffer with RSA key material to EVP PKEY in openssl.
* \param[in] key the uncompressed wireformat of the key.
* \param[in] len length of key data
* \return the key or NULL on error.
*/
EVP_PKEY* sldns_key_rsa2pkey_raw(unsigned char* key, size_t len);
/**
* Converts a holding buffer with key material to EVP PKEY in openssl.

3
sldns/parse.c
View file

@ -149,6 +149,9 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
if (c != '\0' && c != '\n') {
*t++ = c;
}
if (c == '\n' && line_nr) {
*line_nr = *line_nr + 1;
}
if (c == '\\' && prev_c == '\\')
prev_c = 0;
else prev_c = c;

15
sldns/parseutil.c
View file

@ -790,3 +790,18 @@ int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
}
return sldns_b64_pton_base(src, srcsize, target, targsize, 1);
}
int sldns_b64_contains_nonurl(char const *src, size_t srcsize)
{
const char* s = src;
while(*s && srcsize) {
char d = *s++;
srcsize--;
/* the '+' and the '/' and padding '=' is not allowed in b64
* url encoding */
if(d == '+' || d == '/' || d == '=') {
return 1;
}
}
return 0;
}

1
sldns/parseutil.h
View file

@ -102,6 +102,7 @@ size_t sldns_b64_pton_calculate_size(size_t srcsize);
int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
size_t targsize);
int sldns_b64_contains_nonurl(char const *src, size_t srcsize);
/**
* calculates the size needed to store the result of b32_ntop

9
sldns/rrdef.c
View file

@ -153,6 +153,9 @@ static const sldns_rdf_type type_csync_wireformat[] = {
static const sldns_rdf_type type_zonemd_wireformat[] = {
LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX
};
static const sldns_rdf_type type_svcb_wireformat[] = {
LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME
};
/* nsec3 is some vars, followed by same type of data of nsec */
static const sldns_rdf_type type_nsec3_wireformat[] = {
/* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/
@ -377,8 +380,10 @@ static sldns_rr_descriptor rdata_field_descriptors[] = {
{LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
/* 63 */
{LDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{(enum sldns_enum_rr_type)0, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{(enum sldns_enum_rr_type)0, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
/* 64 */
{LDNS_RR_TYPE_SVCB, "SVCB", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 },
/* 65 */
{LDNS_RR_TYPE_HTTPS, "HTTPS", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 },
{(enum sldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{(enum sldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{(enum sldns_enum_rr_type)0, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },

9
sldns/rrdef.h
View file

@ -196,6 +196,8 @@ enum sldns_enum_rr_type
LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest-12 */
LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */
LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */
LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
@ -353,8 +355,13 @@ enum sldns_enum_rdf_type
/** TSIG extended 16bit error value */
LDNS_RDF_TYPE_TSIGERROR,
/* draft-ietf-dnsop-svcb-https-05:
* each SvcParam consisting of a SvcParamKey=SvcParamValue pair or
* a standalone SvcParamKey */
LDNS_RDF_TYPE_SVCPARAM,
/* Aliases */
LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC
LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC,
};
typedef enum sldns_enum_rdf_type sldns_rdf_type;

673
sldns/str2wire.c
View file

@ -29,7 +29,6 @@
#define RET_ERR(e, off) ((int)((e)|((off)<<LDNS_WIREPARSE_SHIFT)))
/** Move parse error but keep its ID */
#define RET_ERR_SHIFT(e, move) RET_ERR(LDNS_WIREPARSE_ERROR(e), LDNS_WIREPARSE_OFFSET(e)+(move));
#define LDNS_IP6ADDRLEN (128/8)
/*
* No special care is taken, all dots are translated into
@ -615,6 +614,122 @@ sldns_affix_token(sldns_buffer* strbuf, char* token, size_t* token_len,
return 1;
}
static int sldns_str2wire_svcparam_key_cmp(const void *a, const void *b)
{
return sldns_read_uint16(*(uint8_t**) a)
- sldns_read_uint16(*(uint8_t**) b);
}
/**
* Add constraints to the SVCB RRs which involve the whole set
*/
static int sldns_str2wire_check_svcbparams(uint8_t* rdata, uint16_t rdata_len)
{
size_t nparams = 0, i;
uint8_t new_rdata[LDNS_MAX_RDFLEN];
uint8_t* new_rdata_ptr = new_rdata;
uint8_t* svcparams[MAX_NUMBER_OF_SVCPARAMS];
uint8_t* rdata_ptr = rdata;
uint16_t rdata_remaining = rdata_len;
/* find the SvcParams */
while (rdata_remaining) {
uint16_t svcbparam_len;
svcparams[nparams] = rdata_ptr;
if (rdata_remaining < 4)
return LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA;
svcbparam_len = sldns_read_uint16(rdata_ptr + 2);
rdata_remaining -= 4;
rdata_ptr += 4;
if (rdata_remaining < svcbparam_len)
return LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA;
rdata_remaining -= svcbparam_len;
rdata_ptr += svcbparam_len;
nparams += 1;
if (nparams >= MAX_NUMBER_OF_SVCPARAMS)
return LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS;
}
/* In draft-ietf-dnsop-svcb-https-06 Section 7:
*
* In wire format, the keys are represented by their numeric
* values in network byte order, concatenated in ascending order.
*/
qsort((void *)svcparams
,nparams
,sizeof(uint8_t*)
,sldns_str2wire_svcparam_key_cmp);
/* The code below revolves around sematic errors in the SVCParam set.
* So long as we do not distinguish between running Unbound as a primary
* or as a secondary, we default to secondary behavior and we ignore the
* sematic errors. */
#ifdef SVCB_SEMANTIC_ERRORS
{
uint8_t* mandatory = NULL;
/* In draft-ietf-dnsop-svcb-https-06 Section 7:
*
* Keys (...) MUST NOT appear more than once.
*
* If they key has already been seen, we have a duplicate
*/
for(i=0; i < nparams; i++) {
uint16_t key = sldns_read_uint16(svcparams[i]);
if(i + 1 < nparams && key == sldns_read_uint16(svcparams[i+1]))
return LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS;
if(key == SVCB_KEY_MANDATORY)
mandatory = svcparams[i];
}
/* 4. verify that all the SvcParamKeys in mandatory are present */
if(mandatory) {
/* Divide by sizeof(uint16_t)*/
uint16_t mandatory_nkeys = sldns_read_uint16(mandatory + 2) / sizeof(uint16_t);
/* Guaranteed by sldns_str2wire_svcparam_key_value */
assert(mandatory_nkeys > 0);
for(i=0; i < mandatory_nkeys; i++) {
uint16_t mandatory_key = sldns_read_uint16(
mandatory
+ 2 * sizeof(uint16_t)
+ i * sizeof(uint16_t));
uint8_t found = 0;
size_t j;
for(j=0; j < nparams; j++) {
if(mandatory_key == sldns_read_uint16(svcparams[j])) {
found = 1;
break;
}
}
if(!found)
return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM;
}
}
}
#endif
/* Write rdata in correct order */
for (i = 0; i < nparams; i++) {
uint16_t svcparam_len = sldns_read_uint16(svcparams[i] + 2)
+ 2 * sizeof(uint16_t);
if ((unsigned)(new_rdata_ptr - new_rdata) + svcparam_len > sizeof(new_rdata))
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
memcpy(new_rdata_ptr, svcparams[i], svcparam_len);
new_rdata_ptr += svcparam_len;
}
memcpy(rdata, new_rdata, rdata_len);
return LDNS_WIREPARSE_ERR_OK;
}
/** parse rdata from string into rr buffer(-remainder after dname). */
static int
rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len,
@ -712,6 +827,42 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len,
/* write rdata length */
sldns_write_uint16(rr+dname_len+8, (uint16_t)(rr_cur_len-dname_len-10));
*rr_len = rr_cur_len;
/* SVCB/HTTPS handling */
if (rr_type == LDNS_RR_TYPE_SVCB || rr_type == LDNS_RR_TYPE_HTTPS) {
size_t rdata_len = rr_cur_len - dname_len - 10;
uint8_t *rdata = rr+dname_len + 10;
/* skip 1st rdata field SvcPriority (uint16_t) */
if (rdata_len < sizeof(uint16_t))
return LDNS_WIREPARSE_ERR_OK;
rdata_len -= sizeof(uint16_t);
rdata += sizeof(uint16_t);
/* skip 2nd rdata field dname */
while (rdata_len && *rdata != 0) {
uint8_t label_len;
if (*rdata & 0xC0)
return LDNS_WIREPARSE_ERR_OK;
label_len = *rdata + 1;
if (rdata_len < label_len)
return LDNS_WIREPARSE_ERR_OK;
rdata_len -= label_len;
rdata += label_len;
}
/* The root label is one more character, so smaller
* than 1 + 1 means no Svcparam Keys */
if (rdata_len < 2 || *rdata != 0)
return LDNS_WIREPARSE_ERR_OK;
rdata_len -= 1;
rdata += 1;
return sldns_str2wire_check_svcbparams(rdata, rdata_len);
}
return LDNS_WIREPARSE_ERR_OK;
}
@ -938,6 +1089,524 @@ int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
return LDNS_WIREPARSE_ERR_OK;
}
static int
sldns_str2wire_svcparam_key_lookup(const char *key, size_t key_len)
{
char buf[64];
char *endptr;
unsigned long int key_value;
if (key_len >= 4 && key_len <= 8 && !strncmp(key, "key", 3)) {
memcpy(buf, key + 3, key_len - 3);
buf[key_len - 3] = 0;
key_value = strtoul(buf, &endptr, 10);
if (endptr > buf /* digits seen */
&& *endptr == 0 /* no non-digit chars after digits */
&& key_value <= 65535) /* no overflow */
return key_value;
} else switch (key_len) {
case sizeof("mandatory")-1:
if (!strncmp(key, "mandatory", sizeof("mandatory")-1))
return SVCB_KEY_MANDATORY;
if (!strncmp(key, "echconfig", sizeof("echconfig")-1))
return SVCB_KEY_ECH; /* allow "echconfig as well as "ech" */
break;
case sizeof("alpn")-1:
if (!strncmp(key, "alpn", sizeof("alpn")-1))
return SVCB_KEY_ALPN;
if (!strncmp(key, "port", sizeof("port")-1))
return SVCB_KEY_PORT;
break;
case sizeof("no-default-alpn")-1:
if (!strncmp( key , "no-default-alpn"
, sizeof("no-default-alpn")-1))
return SVCB_KEY_NO_DEFAULT_ALPN;
break;
case sizeof("ipv4hint")-1:
if (!strncmp(key, "ipv4hint", sizeof("ipv4hint")-1))
return SVCB_KEY_IPV4HINT;
if (!strncmp(key, "ipv6hint", sizeof("ipv6hint")-1))
return SVCB_KEY_IPV6HINT;
break;
case sizeof("ech")-1:
if (!strncmp(key, "ech", sizeof("ech")-1))
return SVCB_KEY_ECH;
break;
default:
break;
}
/* Although the returned value might be used by the caller,
* the parser has erred, so the zone will not be loaded.
*/
return -1;
}
static int
sldns_str2wire_svcparam_port(const char* val, uint8_t* rd, size_t* rd_len)
{
unsigned long int port;
char *endptr;
if (*rd_len < 6)
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
port = strtoul(val, &endptr, 10);
if (endptr > val /* digits seen */
&& *endptr == 0 /* no non-digit chars after digits */
&& port <= 65535) { /* no overflow */
sldns_write_uint16(rd, SVCB_KEY_PORT);
sldns_write_uint16(rd + 2, sizeof(uint16_t));
sldns_write_uint16(rd + 4, port);
*rd_len = 6;
return LDNS_WIREPARSE_ERR_OK;
}
return LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX;
}
static int
sldns_str2wire_svcbparam_ipv4hint(const char* val, uint8_t* rd, size_t* rd_len)
{
size_t count;
char ip_str[INET_ADDRSTRLEN+1];
char *next_ip_str;
size_t i;
for (i = 0, count = 1; val[i]; i++) {
if (val[i] == ',')
count += 1;
if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
return LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES;
}
}
if (*rd_len < (LDNS_IP4ADDRLEN * count) + 4)
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
/* count is number of comma's in val + 1; so the actual number of IPv4
* addresses in val
*/
sldns_write_uint16(rd, SVCB_KEY_IPV4HINT);
sldns_write_uint16(rd + 2, LDNS_IP4ADDRLEN * count);
*rd_len = 4;
while (count) {
if (!(next_ip_str = strchr(val, ','))) {
if (inet_pton(AF_INET, val, rd + *rd_len) != 1)
break;
*rd_len += LDNS_IP4ADDRLEN;
assert(count == 1);
} else if (next_ip_str - val >= (int)sizeof(ip_str))
break;
else {
memcpy(ip_str, val, next_ip_str - val);
ip_str[next_ip_str - val] = 0;
if (inet_pton(AF_INET, ip_str, rd + *rd_len) != 1) {
break;
}
*rd_len += LDNS_IP4ADDRLEN;
val = next_ip_str + 1;
}
count--;
}
if (count) /* verify that we parsed all values */
return LDNS_WIREPARSE_ERR_SYNTAX_IP4;
return LDNS_WIREPARSE_ERR_OK;
}
static int
sldns_str2wire_svcbparam_ipv6hint(const char* val, uint8_t* rd, size_t* rd_len)
{
size_t count;
char ip_str[INET6_ADDRSTRLEN+1];
char *next_ip_str;
size_t i;
for (i = 0, count = 1; val[i]; i++) {
if (val[i] == ',')
count += 1;
if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
return LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES;
}
}
if (*rd_len < (LDNS_IP6ADDRLEN * count) + 4)
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
/* count is number of comma's in val + 1; so the actual number of IPv6
* addresses in val
*/
sldns_write_uint16(rd, SVCB_KEY_IPV6HINT);
sldns_write_uint16(rd + 2, LDNS_IP6ADDRLEN * count);
*rd_len = 4;
while (count) {
if (!(next_ip_str = strchr(val, ','))) {
if (inet_pton(AF_INET6, val, rd + *rd_len) != 1)
break;
*rd_len += LDNS_IP6ADDRLEN;
assert(count == 1);
} else if (next_ip_str - val >= (int)sizeof(ip_str))
break;
else {
memcpy(ip_str, val, next_ip_str - val);
ip_str[next_ip_str - val] = 0;
if (inet_pton(AF_INET6, ip_str, rd + *rd_len) != 1) {
break;
}
*rd_len += LDNS_IP6ADDRLEN;
val = next_ip_str + 1;
}
count--;
}
if (count) /* verify that we parsed all values */
return LDNS_WIREPARSE_ERR_SYNTAX_IP6;
return LDNS_WIREPARSE_ERR_OK;
}
/* compare function used for sorting uint16_t's */
static int
sldns_network_uint16_cmp(const void *a, const void *b)
{
return ((int)sldns_read_uint16(a)) - ((int)sldns_read_uint16(b));
}
static int
sldns_str2wire_svcbparam_mandatory(const char* val, uint8_t* rd, size_t* rd_len)
{
size_t i, count, val_len;
char* next_key;
val_len = strlen(val);
for (i = 0, count = 1; val[i]; i++) {
if (val[i] == ',')
count += 1;
if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS;
}
}
if (sizeof(uint16_t) * (count + 2) > *rd_len)
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
sldns_write_uint16(rd, SVCB_KEY_MANDATORY);
sldns_write_uint16(rd + 2, sizeof(uint16_t) * count);
*rd_len = 4;
while (1) {
int svcparamkey;
if (!(next_key = strchr(val, ','))) {
svcparamkey = sldns_str2wire_svcparam_key_lookup(val, val_len);
if (svcparamkey < 0) {
return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
}
sldns_write_uint16(rd + *rd_len, svcparamkey);
*rd_len += 2;
break;
} else {
svcparamkey = sldns_str2wire_svcparam_key_lookup(val, next_key - val);
if (svcparamkey < 0) {
return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
}
sldns_write_uint16(rd + *rd_len,
svcparamkey);
*rd_len += 2;
}
val_len -= next_key - val + 1;
val = next_key + 1; /* skip the comma */
}
/* In draft-ietf-dnsop-svcb-https-06 Section 7:
*
* "In wire format, the keys are represented by their numeric
* values in network byte order, concatenated in ascending order."
*/
qsort((void *)(rd + 4), count, sizeof(uint16_t), sldns_network_uint16_cmp);
/* The code below revolves around sematic errors in the SVCParam set.
* So long as we do not distinguish between running Unbound as a primary
* or as a secondary, we default to secondary behavior and we ignore the
* semantic errors. */
#ifdef SVCB_SEMANTIC_ERRORS
/* In draft-ietf-dnsop-svcb-https-06 Section 8
* automatically mandatory MUST NOT appear in its own value-list
*/
if (sldns_read_uint16(rd + 4) == SVCB_KEY_MANDATORY)
return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY;
/* Guarantee key uniqueness. After the sort we only need to
* compare neighbouring keys */
if (count > 1) {
for (i = 0; i < count - 1; i++) {
uint8_t* current_pos = (rd + 4 + (sizeof(uint16_t) * i));
uint16_t key = sldns_read_uint16(current_pos);
if (key == sldns_read_uint16(current_pos + 2)) {
return LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY;
}
}
}
#endif
return LDNS_WIREPARSE_ERR_OK;
}
static int
sldns_str2wire_svcbparam_ech_value(const char* val, uint8_t* rd, size_t* rd_len)
{
uint8_t buffer[LDNS_MAX_RDFLEN];
int wire_len;
/* single 0 represents empty buffer */
if(strcmp(val, "0") == 0) {
if (*rd_len < 4)
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
sldns_write_uint16(rd, SVCB_KEY_ECH);
sldns_write_uint16(rd + 2, 0);
return LDNS_WIREPARSE_ERR_OK;
}
wire_len = sldns_b64_pton(val, buffer, LDNS_MAX_RDFLEN);
if (wire_len <= 0) {
return LDNS_WIREPARSE_ERR_SYNTAX_B64;
} else if ((unsigned)wire_len + 4 > *rd_len) {
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
} else {
sldns_write_uint16(rd, SVCB_KEY_ECH);
sldns_write_uint16(rd + 2, wire_len);
memcpy(rd + 4, buffer, wire_len);
*rd_len = 4 + wire_len;
return LDNS_WIREPARSE_ERR_OK;
}
}
static const char*
sldns_str2wire_svcbparam_parse_next_unescaped_comma(const char *val)
{
while (*val) {
/* Only return when the comma is not escaped*/
if (*val == '\\'){
++val;
if (!*val)
break;
} else if (*val == ',')
return val;
val++;
}
return NULL;
}
/* The source is already properly unescaped, this double unescaping is purely to allow for
* comma's in comma seperated alpn lists.
*
* In draft-ietf-dnsop-svcb-https-06 Section 7:
* To enable simpler parsing, this SvcParamValue MUST NOT contain escape sequences.
*/
static size_t
sldns_str2wire_svcbparam_parse_copy_unescaped(uint8_t *dst,
const char *src, size_t len)
{
uint8_t *orig_dst = dst;
while (len) {
if (*src == '\\') {
src++;
len--;
if (!len)
break;
}
*dst++ = *src++;
len--;
}
return (size_t)(dst - orig_dst);
}
static int
sldns_str2wire_svcbparam_alpn_value(const char* val,
uint8_t* rd, size_t* rd_len)
{
uint8_t unescaped_dst[LDNS_MAX_RDFLEN];
uint8_t *dst = unescaped_dst;
const char *next_str;
size_t str_len;
size_t dst_len;
size_t val_len;
val_len = strlen(val);
if (val_len > sizeof(unescaped_dst)) {
return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE;
}
while (val_len) {
size_t key_len;
str_len = (next_str = sldns_str2wire_svcbparam_parse_next_unescaped_comma(val))
? (size_t)(next_str - val) : val_len;
if (str_len > 255) {
return LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE;
}
key_len = sldns_str2wire_svcbparam_parse_copy_unescaped(dst + 1, val, str_len);
*dst++ = key_len;
dst += key_len;
if (!next_str)
break;
/* skip the comma in the next iteration */
val_len -= next_str - val + 1;
val = next_str + 1;
}
dst_len = dst - unescaped_dst;
if (*rd_len < 4 + dst_len)
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
sldns_write_uint16(rd, SVCB_KEY_ALPN);
sldns_write_uint16(rd + 2, dst_len);
memcpy(rd + 4, unescaped_dst, dst_len);
*rd_len = 4 + dst_len;
return LDNS_WIREPARSE_ERR_OK;
}
static int
sldns_str2wire_svcparam_value(const char *key, size_t key_len,
const char *val, uint8_t* rd, size_t* rd_len)
{
size_t str_len;
int svcparamkey = sldns_str2wire_svcparam_key_lookup(key, key_len);
if (svcparamkey < 0) {
return LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY;
}
/* key without value */
if (val == NULL) {
switch (svcparamkey) {
#ifdef SVCB_SEMANTIC_ERRORS
case SVCB_KEY_MANDATORY:
case SVCB_KEY_ALPN:
case SVCB_KEY_PORT:
case SVCB_KEY_IPV4HINT:
case SVCB_KEY_IPV6HINT:
return LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM;
#endif
default:
if (*rd_len < 4)
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
sldns_write_uint16(rd, svcparamkey);
sldns_write_uint16(rd + 2, 0);
*rd_len = 4;
return LDNS_WIREPARSE_ERR_OK;
}
}
/* value is non-empty */
switch (svcparamkey) {
case SVCB_KEY_PORT:
return sldns_str2wire_svcparam_port(val, rd, rd_len);
case SVCB_KEY_IPV4HINT:
return sldns_str2wire_svcbparam_ipv4hint(val, rd, rd_len);
case SVCB_KEY_IPV6HINT:
return sldns_str2wire_svcbparam_ipv6hint(val, rd, rd_len);
case SVCB_KEY_MANDATORY:
return sldns_str2wire_svcbparam_mandatory(val, rd, rd_len);
#ifdef SVCB_SEMANTIC_ERRORS
case SVCB_KEY_NO_DEFAULT_ALPN:
return LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE;
#endif
case SVCB_KEY_ECH:
return sldns_str2wire_svcbparam_ech_value(val, rd, rd_len);
case SVCB_KEY_ALPN:
return sldns_str2wire_svcbparam_alpn_value(val, rd, rd_len);
default:
str_len = strlen(val);
if (*rd_len < 4 + str_len)
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
sldns_write_uint16(rd, svcparamkey);
sldns_write_uint16(rd + 2, str_len);
memcpy(rd + 4, val, str_len);
*rd_len = 4 + str_len;
return LDNS_WIREPARSE_ERR_OK;
}
return LDNS_WIREPARSE_ERR_GENERAL;
}
int sldns_str2wire_svcparam_buf(const char* str, uint8_t* rd, size_t* rd_len)
{
const char* eq_pos;
char unescaped_val[LDNS_MAX_RDFLEN];
char* val_out = unescaped_val;
const char* val_in;
eq_pos = strchr(str, '=');
/* case: key=value */
if (eq_pos != NULL && eq_pos[1]) {
val_in = eq_pos + 1;
/* unescape characters and "" blocks */
if (*val_in == '"') {
val_in++;
while (*val_in != '"'
&& (unsigned)(val_out - unescaped_val + 1) < sizeof(unescaped_val)
&& sldns_parse_char( (uint8_t*) val_out, &val_in)) {
val_out++;
}
} else {
while ((unsigned)(val_out - unescaped_val + 1) < sizeof(unescaped_val)
&& sldns_parse_char( (uint8_t*) val_out, &val_in)) {
val_out++;
}
}
*val_out = 0;
return sldns_str2wire_svcparam_value(str, eq_pos - str,
unescaped_val[0] ? unescaped_val : NULL, rd, rd_len);
}
/* case: key= */
else if (eq_pos != NULL && !(eq_pos[1])) {
return sldns_str2wire_svcparam_value(str, eq_pos - str, NULL, rd, rd_len);
}
/* case: key */
else {
return sldns_str2wire_svcparam_value(str, strlen(str), NULL, rd, rd_len);
}
}
int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len,
sldns_rdf_type rdftype)
{
@ -1010,6 +1679,8 @@ int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len,
return sldns_str2wire_hip_buf(str, rd, len);
case LDNS_RDF_TYPE_INT16_DATA:
return sldns_str2wire_int16_data_buf(str, rd, len);
case LDNS_RDF_TYPE_SVCPARAM:
return sldns_str2wire_svcparam_buf(str, rd, len);
case LDNS_RDF_TYPE_UNKNOWN:
case LDNS_RDF_TYPE_SERVICE:
return LDNS_WIREPARSE_ERR_NOT_IMPL;

31
sldns/str2wire.h
View file

@ -23,10 +23,27 @@ extern "C" {
#endif
struct sldns_struct_lookup_table;
#define LDNS_IP4ADDRLEN (32/8)
#define LDNS_IP6ADDRLEN (128/8)
/** buffer to read an RR, cannot be larger than 64K because of packet size */
#define LDNS_RR_BUF_SIZE 65535 /* bytes */
#define LDNS_DEFAULT_TTL 3600
/* SVCB keys currently defined in draft-ietf-dnsop-svcb-https */
#define SVCB_KEY_MANDATORY 0
#define SVCB_KEY_ALPN 1
#define SVCB_KEY_NO_DEFAULT_ALPN 2
#define SVCB_KEY_PORT 3
#define SVCB_KEY_IPV4HINT 4
#define SVCB_KEY_ECH 5
#define SVCB_KEY_IPV6HINT 6
#define SVCPARAMKEY_COUNT 7
#define MAX_NUMBER_OF_SVCPARAMS 64
#define SVCB_MAX_COMMA_SEPARATED_VALUES 1000
/*
* To convert class and type to string see
* sldns_get_rr_class_by_name(str)
@ -204,6 +221,20 @@ uint8_t* sldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len);
#define LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW 370
#define LDNS_WIREPARSE_ERR_INCLUDE 371
#define LDNS_WIREPARSE_ERR_PARENTHESIS 372
#define LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY 373
#define LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM 374
#define LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS 375
#define LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS 376
#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS 377
#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM 378
#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 379
#define LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 380
#define LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX 381
#define LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES 382
#define LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES 383
#define LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE 384
#define LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE 385
#define LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA 386
/**
* Get reference to a constant string for the (parse) error.

279
sldns/wire2str.c
View file

@ -149,6 +149,30 @@ static sldns_lookup_table sldns_wireparse_errors_data[] = {
{ LDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer overflow" },
{ LDNS_WIREPARSE_ERR_INCLUDE, "$INCLUDE directive was seen in the zone" },
{ LDNS_WIREPARSE_ERR_PARENTHESIS, "Parse error, parenthesis mismatch" },
{ LDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY, "Unknown SvcParamKey"},
{ LDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM, "SvcParam is missing a SvcParamValue"},
{ LDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS, "Duplicate SVCB key found"},
{ LDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS, "Too many keys in mandatory" },
{ LDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS,
"Too many SvcParams. Unbound only allows 63 entries" },
{ LDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM,
"Mandatory SvcParamKey is missing"},
{ LDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY,
"Keys in SvcParam mandatory MUST be unique" },
{ LDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY,
"mandatory MUST not be included as mandatory parameter" },
{ LDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX,
"Could not parse port SvcParamValue" },
{ LDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES,
"Too many IPv4 addresses in ipv4hint" },
{ LDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES,
"Too many IPv6 addresses in ipv6hint" },
{ LDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE,
"Alpn strings need to be smaller than 255 chars"},
{ LDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE,
"No-default-alpn should not have a value" },
{ LDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA,
"General SVCParam error" },
{ 0, NULL }
};
sldns_lookup_table* sldns_wireparse_errors = sldns_wireparse_errors_data;
@ -196,6 +220,12 @@ static sldns_lookup_table sldns_tsig_errors_data[] = {
};
sldns_lookup_table* sldns_tsig_errors = sldns_tsig_errors_data;
/* draft-ietf-dnsop-svcb-https-06: 6. Initial SvcParamKeys */
const char *svcparamkey_strs[] = {
"mandatory", "alpn", "no-default-alpn", "port",
"ipv4hint", "ech", "ipv6hint"
};
char* sldns_wire2str_pkt(uint8_t* data, size_t len)
{
size_t slen = (size_t)sldns_wire2str_pkt_buf(data, len, NULL, 0);
@ -940,6 +970,253 @@ int sldns_wire2str_ttl_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
return sldns_str_print(s, slen, "%u", (unsigned)ttl);
}
static int
sldns_print_svcparamkey(char** s, size_t* slen, uint16_t svcparamkey)
{
if (svcparamkey < SVCPARAMKEY_COUNT) {
return sldns_str_print(s, slen, "%s", svcparamkey_strs[svcparamkey]);
}
else {
return sldns_str_print(s, slen, "key%d", (int)svcparamkey);
}
}
static int sldns_wire2str_svcparam_port2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
int w = 0;
if (data_len != 2)
return -1; /* wireformat error, a short is 2 bytes */
w = sldns_str_print(s, slen, "=%d", (int)sldns_read_uint16(data));
return w;
}
static int sldns_wire2str_svcparam_ipv4hint2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
char ip_str[INET_ADDRSTRLEN + 1];
int w = 0;
assert(data_len > 0);
if ((data_len % LDNS_IP4ADDRLEN) == 0) {
if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL)
return -1; /* wireformat error, incorrect size or inet family */
w += sldns_str_print(s, slen, "=%s", ip_str);
data += LDNS_IP4ADDRLEN;
while ((data_len -= LDNS_IP4ADDRLEN) > 0) {
if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL)
return -1; /* wireformat error, incorrect size or inet family */
w += sldns_str_print(s, slen, ",%s", ip_str);
data += LDNS_IP4ADDRLEN;
}
} else
return -1;
return w;
}
static int sldns_wire2str_svcparam_ipv6hint2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
char ip_str[INET6_ADDRSTRLEN + 1];
int w = 0;
assert(data_len > 0);
if ((data_len % LDNS_IP6ADDRLEN) == 0) {
if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL)
return -1; /* wireformat error, incorrect size or inet family */
w += sldns_str_print(s, slen, "=%s", ip_str);
data += LDNS_IP6ADDRLEN;
while ((data_len -= LDNS_IP6ADDRLEN) > 0) {
if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL)
return -1; /* wireformat error, incorrect size or inet family */
w += sldns_str_print(s, slen, ",%s", ip_str);
data += LDNS_IP6ADDRLEN;
}
} else
return -1;
return w;
}
static int sldns_wire2str_svcparam_mandatory2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
int w = 0;
assert(data_len > 0);
if (data_len % sizeof(uint16_t))
return -1; // wireformat error, data_len must be multiple of shorts
w += sldns_str_print(s, slen, "=");
w += sldns_print_svcparamkey(s, slen, sldns_read_uint16(data));
data += 2;
while ((data_len -= sizeof(uint16_t))) {
w += sldns_str_print(s, slen, ",");
w += sldns_print_svcparamkey(s, slen, sldns_read_uint16(data));
data += 2;
}
return w;
}
static int sldns_wire2str_svcparam_alpn2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
uint8_t *dp = (void *)data;
int w = 0;
assert(data_len > 0); /* Guaranteed by sldns_wire2str_svcparam_scan */
w += sldns_str_print(s, slen, "=\"");
while (data_len) {
/* alpn is list of length byte (str_len) followed by a string of that size */
uint8_t i, str_len = *dp++;
if (str_len > --data_len)
return -1;
for (i = 0; i < str_len; i++) {
if (dp[i] == '"' || dp[i] == '\\')
w += sldns_str_print(s, slen, "\\\\\\%c", dp[i]);
else if (dp[i] == ',')
w += sldns_str_print(s, slen, "\\\\%c", dp[i]);
else if (!isprint(dp[i]))
w += sldns_str_print(s, slen, "\\%03u", (unsigned) dp[i]);
else
w += sldns_str_print(s, slen, "%c", dp[i]);
}
dp += str_len;
if ((data_len -= str_len))
w += sldns_str_print(s, slen, "%s", ",");
}
w += sldns_str_print(s, slen, "\"");
return w;
}
static int sldns_wire2str_svcparam_ech2str(char** s,
size_t* slen, uint16_t data_len, uint8_t* data)
{
int size;
int w = 0;
assert(data_len > 0); /* Guaranteed by sldns_wire2str_svcparam_scan */
w += sldns_str_print(s, slen, "=\"");
if ((size = sldns_b64_ntop(data, data_len, *s, *slen)) < 0)
return -1;
(*s) += size;
(*slen) -= size;
w += sldns_str_print(s, slen, "\"");
return w + size;
}
int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
{
uint8_t ch;
uint16_t svcparamkey, data_len;
int written_chars = 0;
int r, i;
/* verify that we have enough data to read svcparamkey and data_len */
if(*dlen < 4)
return -1;
svcparamkey = sldns_read_uint16(*d);
data_len = sldns_read_uint16(*d+2);
*d += 4;
*dlen -= 4;
/* verify that we have data_len data */
if (data_len > *dlen)
return -1;
written_chars += sldns_print_svcparamkey(s, slen, svcparamkey);
if (!data_len) {
/* Some SvcParams MUST have values */
switch (svcparamkey) {
case SVCB_KEY_ALPN:
case SVCB_KEY_PORT:
case SVCB_KEY_IPV4HINT:
case SVCB_KEY_IPV6HINT:
case SVCB_KEY_MANDATORY:
return -1;
default:
return written_chars;
}
}
switch (svcparamkey) {
case SVCB_KEY_PORT:
r = sldns_wire2str_svcparam_port2str(s, slen, data_len, *d);
break;
case SVCB_KEY_IPV4HINT:
r = sldns_wire2str_svcparam_ipv4hint2str(s, slen, data_len, *d);
break;
case SVCB_KEY_IPV6HINT:
r = sldns_wire2str_svcparam_ipv6hint2str(s, slen, data_len, *d);
break;
case SVCB_KEY_MANDATORY:
r = sldns_wire2str_svcparam_mandatory2str(s, slen, data_len, *d);
break;
case SVCB_KEY_NO_DEFAULT_ALPN:
return -1; /* wireformat error, should not have a value */
case SVCB_KEY_ALPN:
r = sldns_wire2str_svcparam_alpn2str(s, slen, data_len, *d);
break;
case SVCB_KEY_ECH:
r = sldns_wire2str_svcparam_ech2str(s, slen, data_len, *d);
break;
default:
r = sldns_str_print(s, slen, "=\"");
for (i = 0; i < data_len; i++) {
ch = (*d)[i];
if (ch == '"' || ch == '\\')
r += sldns_str_print(s, slen, "\\%c", ch);
else if (!isprint(ch))
r += sldns_str_print(s, slen, "\\%03u", (unsigned) ch);
else
r += sldns_str_print(s, slen, "%c", ch);
}
r += sldns_str_print(s, slen, "\"");
break;
}
if (r <= 0)
return -1; /* wireformat error */
written_chars += r;
*d += data_len;
*dlen -= data_len;
return written_chars;
}
int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
int rdftype, uint8_t* pkt, size_t pktlen, int* comprloop)
{
@ -1017,6 +1294,8 @@ int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
return sldns_wire2str_tag_scan(d, dlen, s, slen);
case LDNS_RDF_TYPE_LONG_STR:
return sldns_wire2str_long_str_scan(d, dlen, s, slen);
case LDNS_RDF_TYPE_SVCPARAM:
return sldns_wire2str_svcparam_scan(d, dlen, s, slen);
case LDNS_RDF_TYPE_TSIGERROR:
return sldns_wire2str_tsigerror_scan(d, dlen, s, slen);
}

12
sldns/wire2str.h
View file

@ -494,6 +494,18 @@ int sldns_wire2str_opcode_buf(int opcode, char* str, size_t len);
int sldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str,
size_t len);
/**
* Convert wire SVCB to a string with user buffer.
* @param d: the SVCB data in uncompressed wireformat.
* @param dlen: length of the SVCB data.
* @param s: the string to write to.
* @param slen: length of string.
* @return the number of characters for this element, excluding zerobyte.
* Is larger or equal than str_len if output was truncated.
*/
int sldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s,
size_t* slen);
/**
* Scan wireformat rdf field to string, with user buffers.
* It shifts the arguments to move along (see sldns_wire2str_pkt_scan).

4
smallapp/unbound-control.c
View file

@ -499,9 +499,7 @@ static void ssl_path_err(const char* s, const char *path)
{
unsigned long err;
err = ERR_peek_error();
if (ERR_GET_LIB(err) == ERR_LIB_SYS &&
(ERR_GET_FUNC(err) == SYS_F_FOPEN ||
ERR_GET_FUNC(err) == SYS_F_FREAD) ) {
if (ERR_GET_LIB(err) == ERR_LIB_SYS) {
fprintf(stderr, "error: %s\n%s: %s\n",
s, path, ERR_reason_error_string(err));
exit(1);

6
testcode/delayer.c
View file

@ -347,7 +347,11 @@ static volatile int do_quit = 0;
/** signal handler for user quit */
static RETSIGTYPE delayer_sigh(int sig)
{
printf("exit on signal %d\n", sig);
char str[] = "exit on signal \n";
str[15] = '0' + (sig/10)%10;
str[16] = '0' + sig%10;
/* simple cast to void will not silence Wunused-result */
(void)!write(STDOUT_FILENO, str, strlen(str));
do_quit = 1;
}

1
testcode/dohclient.c
View file

@ -423,6 +423,7 @@ http2_session_create()
if(nghttp2_session_callbacks_new(&callbacks) == NGHTTP2_ERR_NOMEM) {
log_err("failed to initialize nghttp2 callback");
free(h2_session);
return NULL;
}
nghttp2_session_callbacks_set_recv_callback(callbacks, http2_recv_cb);

17
testcode/fake_event.c
View file

@ -451,6 +451,8 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo)
struct comm_reply repinfo;
memset(&repinfo, 0, sizeof(repinfo));
repinfo.c = (struct comm_point*)calloc(1, sizeof(struct comm_point));
if(!repinfo.c)
fatal_exit("out of memory in fake_front_query");
repinfo.addrlen = (socklen_t)sizeof(struct sockaddr_in);
if(todo->addrlen != 0) {
repinfo.addrlen = todo->addrlen;
@ -597,7 +599,7 @@ autotrust_check(struct replay_runtime* runtime, struct replay_moment* mom)
log_err("should be: %s", p->str);
fatal_exit("autotrust_check failed");
}
if(line[0]) line[strlen(line)-1] = 0; /* remove newline */
strip_end_white(line);
expanded = macro_process(runtime->vars, runtime, p->str);
if(!expanded)
fatal_exit("could not expand macro line %d", lineno);
@ -650,7 +652,7 @@ tempfile_check(struct replay_runtime* runtime, struct replay_moment* mom)
log_err("should be: %s", p->str);
fatal_exit("tempfile_check failed");
}
if(line[0]) line[strlen(line)-1] = 0; /* remove newline */
strip_end_white(line);
expanded = macro_process(runtime->vars, runtime, p->str);
if(!expanded)
fatal_exit("could not expand macro line %d", lineno);
@ -909,6 +911,8 @@ comm_base_create(int ATTR_UNUSED(sigs))
/* we return the runtime structure instead. */
struct replay_runtime* runtime = (struct replay_runtime*)
calloc(1, sizeof(struct replay_runtime));
if(!runtime)
fatal_exit("out of memory in fake_event.c:comm_base_create");
runtime->scenario = saved_scenario;
runtime->vars = macro_store_create();
if(!runtime->vars) fatal_exit("out of memory");
@ -1534,6 +1538,8 @@ struct comm_timer* comm_timer_create(struct comm_base* base,
{
struct replay_runtime* runtime = (struct replay_runtime*)base;
struct fake_timer* t = (struct fake_timer*)calloc(1, sizeof(*t));
if(!t)
fatal_exit("out of memory in fake_event.c:comm_timer_create");
t->cb = cb;
t->cb_arg = cb_arg;
fptr_ok(fptr_whitelist_comm_timer(t->cb)); /* check in advance */
@ -1711,7 +1717,7 @@ struct comm_point* outnet_comm_point_for_tcp(struct outside_network* outnet,
addr_to_str((struct sockaddr_storage*)to_addr, to_addrlen,
addrbuf, sizeof(addrbuf));
if(verbosity >= VERB_ALGO) {
if(buf[0] != 0) buf[strlen(buf)-1] = 0; /* del newline*/
strip_end_white(buf);
log_info("tcp to %s: %s", addrbuf, buf);
}
log_assert(sldns_buffer_limit(query)-LDNS_HEADER_SIZE >= 2);
@ -1743,7 +1749,7 @@ struct comm_point* outnet_comm_point_for_tcp(struct outside_network* outnet,
struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet,
comm_point_callback_type* cb, void* cb_arg,
struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout,
int ssl, char* host, char* path)
int ssl, char* host, char* path, struct config_file* cfg)
{
struct replay_runtime* runtime = (struct replay_runtime*)
outnet->base;
@ -1765,6 +1771,7 @@ struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet,
(void)ssl;
(void)host;
(void)path;
(void)cfg;
/* handle http comm point and return contents from test script */
return (struct comm_point*)fc;
@ -1801,7 +1808,7 @@ int comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet,
addr_to_str((struct sockaddr_storage*)addr, addrlen,
addrbuf, sizeof(addrbuf));
if(verbosity >= VERB_ALGO) {
if(buf[0] != 0) buf[strlen(buf)-1] = 0; /* del newline*/
strip_end_white(buf);
log_info("udp to %s: %s", addrbuf, buf);
}
log_assert(sldns_buffer_limit(packet)-LDNS_HEADER_SIZE >= 2);

3
testcode/petal.c
View file

@ -238,6 +238,9 @@ setup_ctx(char* key, char* cert)
(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
#endif
(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
SSL_CTX_set_security_level(ctx, 0); /* for keys in tests */
#endif
if(!SSL_CTX_use_certificate_chain_file(ctx, cert))
print_exit("cannot read cert");
if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM))

158
testcode/readzone.c Normal file
View file

@ -0,0 +1,158 @@
/*
* testcode/readzone.c - readzone tool reads zonefiles
*
* Copyright (c) 2021, NLnet Labs. All rights reserved.
*
* This software is open source.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of the NLNET LABS nor the names of its contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* \file
* Command to read and echo a zonefile.
*/
#include "config.h"
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <stdint.h>
#include "sldns/str2wire.h"
#include "sldns/wire2str.h"
int print_usage(FILE *out, const char *progname)
{
fprintf(out, "usage: %s [ -u ] <zonefile> [<origin>]\n", progname);
fprintf(out, "\t-u\tprint in unknown type (RFC3597) format\n");
return out == stdout ? EXIT_SUCCESS : EXIT_FAILURE;
}
int main(int argc, char *const *argv)
{
char *progname = argv[0];
uint8_t rr[LDNS_RR_BUF_SIZE];
char *str = malloc(1024 * 1024);
size_t str_len = sizeof(str);
struct sldns_file_parse_state state;
FILE *in = NULL;
int s = -1;
int opt;
int print_in_unknown_type_format = 0;
while ((opt = getopt(argc, argv, "hu")) != -1) {
switch (opt) {
case 'h':
free(str);
return print_usage(stdout, progname);
case 'u':
print_in_unknown_type_format = 1;
break;
default:
free(str);
return print_usage(stderr, progname);
}
}
argc -= optind;
argv += optind;
memset(&state, 0, sizeof(state));
state.default_ttl = 3600;
state.lineno = 1;
if (argc == 2) {
state.origin_len = sizeof(state.origin);
s = sldns_str2wire_dname_buf(argv[1], state.origin
, &state.origin_len);
if (s) {
fprintf(stderr, "Error parsing origin: %s\n"
, sldns_get_errorstr_parse(s));
free(str);
return EXIT_FAILURE;
}
s = -1;
}
if (!str)
fprintf(stderr, "Memory allocation error: %s\n"
, strerror(errno));
else if (argc != 1 && argc != 2) {
free(str);
return print_usage(stderr, progname);
}
else if (!(in = fopen(argv[0], "r")))
fprintf(stderr, "Error opening \"%s\": %s\n"
, argv[0], strerror(errno));
else while (!feof(in)) {
size_t rr_len = sizeof(rr), dname_len = 0;
size_t written;
s = sldns_fp2wire_rr_buf(in, rr, &rr_len, &dname_len, &state);
if (s) {
fprintf( stderr, "parse error %d:%d: %s\n"
, state.lineno, LDNS_WIREPARSE_OFFSET(s)
, sldns_get_errorstr_parse(s));
break;
}
if (rr_len == 0)
continue;
if (print_in_unknown_type_format)
written = sldns_wire2str_rr_unknown_buf(
rr, rr_len, str, str_len);
else
written = sldns_wire2str_rr_buf(
rr, rr_len, str, str_len);
if (written > str_len) {
while (written > str_len)
str_len *= 2;
free(str);
if (!(str = malloc(str_len))) {
fprintf(stderr, "Memory allocation error: %s\n"
, strerror(errno));
s = -1;
break;
}
if (print_in_unknown_type_format)
(void) sldns_wire2str_rr_unknown_buf(
rr, rr_len, str, str_len);
else
(void) sldns_wire2str_rr_buf(
rr, rr_len, str, str_len);
}
fprintf(stdout, "%s", str);
}
if (in)
fclose(in);
free(str);
return !in || s ? EXIT_FAILURE : EXIT_SUCCESS;
}

25
testcode/replay.c
View file

@ -124,8 +124,7 @@ replay_range_delete(struct replay_range* rng)
free(rng);
}
/** strip whitespace from end of string */
static void
void
strip_end_white(char* p)
{
size_t i;
@ -227,7 +226,7 @@ read_file_content(FILE* in, int* lineno, struct replay_moment* mom)
if(strncmp(line, "FILE_END", 8) == 0) {
return;
}
if(line[0]) line[strlen(line)-1] = 0; /* remove newline */
strip_end_white(line);
if(!cfg_strlist_insert(last, strdup(line)))
fatal_exit("malloc failure");
last = &( (*last)->next );
@ -249,7 +248,7 @@ read_assign_step(char* remain, struct replay_moment* mom)
if(eq != '=')
fatal_exit("no '=' in assign: %s", remain);
remain += skip;
if(remain[0]) remain[strlen(remain)-1]=0; /* remove newline */
strip_end_white(remain);
mom->string = strdup(remain);
if(!mom->variable || !mom->string)
fatal_exit("out of memory");
@ -318,8 +317,7 @@ replay_moment_read(char* remain, FILE* in, const char* name,
mom->evt_type = repevt_autotrust_check;
while(isspace((unsigned char)*remain))
remain++;
if(strlen(remain)>0 && remain[strlen(remain)-1]=='\n')
remain[strlen(remain)-1] = 0;
strip_end_white(remain);
mom->autotrust_id = strdup(remain);
if(!mom->autotrust_id) fatal_exit("out of memory");
read_file_content(in, &pstate->lineno, mom);
@ -327,8 +325,7 @@ replay_moment_read(char* remain, FILE* in, const char* name,
mom->evt_type = repevt_tempfile_check;
while(isspace((unsigned char)*remain))
remain++;
if(strlen(remain)>0 && remain[strlen(remain)-1]=='\n')
remain[strlen(remain)-1] = 0;
strip_end_white(remain);
mom->autotrust_id = strdup(remain);
if(!mom->autotrust_id) fatal_exit("out of memory");
read_file_content(in, &pstate->lineno, mom);
@ -359,8 +356,7 @@ replay_moment_read(char* remain, FILE* in, const char* name,
m++;
if(!extstrtoaddr(s, &mom->addr, &mom->addrlen))
fatal_exit("bad infra_rtt address %s", s);
if(strlen(m)>0 && m[strlen(m)-1]=='\n')
m[strlen(m)-1] = 0;
strip_end_white(m);
mom->variable = strdup(remain);
mom->string = strdup(m);
if(!mom->string) fatal_exit("out of memory");
@ -375,8 +371,7 @@ replay_moment_read(char* remain, FILE* in, const char* name,
if(parse_keyword(&remain, "ADDRESS")) {
while(isspace((unsigned char)*remain))
remain++;
if(strlen(remain) > 0) /* remove \n */
remain[strlen(remain)-1] = 0;
strip_end_white(remain);
if(!extstrtoaddr(remain, &mom->addr, &mom->addrlen)) {
log_err("line %d: could not parse ADDRESS: %s",
pstate->lineno, remain);
@ -693,7 +688,11 @@ do_macro_ctime(char* arg)
return NULL;
}
ctime_r(&tt, buf);
if(buf[0]) buf[strlen(buf)-1]=0; /* remove trailing newline */
#ifdef USE_WINSOCK
if(strlen(buf) > 10 && buf[7]==' ' && buf[8]=='0')
buf[8]=' '; /* fix error in windows ctime */
#endif
strip_end_white(buf);
return strdup(buf);
}

3
testcode/replay.h
View file

@ -425,6 +425,9 @@ int replay_var_compare(const void* a, const void* b);
/** get oldest enabled fake timer */
struct fake_timer* replay_get_oldest_timer(struct replay_runtime* runtime);
/** strip whitespace from end of string */
void strip_end_white(char* p);
/**
* Create variable storage
* @return new or NULL on failure.

10
testcode/streamtcp.c
View file

@ -397,11 +397,17 @@ send_em(const char* svr, int udp, int usessl, int noanswer, int onarrival,
/** SIGPIPE handler */
static RETSIGTYPE sigh(int sig)
{
char str[] = "Got unhandled signal \n";
if(sig == SIGPIPE) {
printf("got SIGPIPE, remote connection gone\n");
char* strpipe = "got SIGPIPE, remote connection gone\n";
/* simple cast to void will not silence Wunused-result */
(void)!write(STDOUT_FILENO, strpipe, strlen(strpipe));
exit(1);
}
printf("Got unhandled signal %d\n", sig);
str[21] = '0' + (sig/10)%10;
str[22] = '0' + sig%10;
/* simple cast to void will not silence Wunused-result */
(void)!write(STDOUT_FILENO, str, strlen(str));
exit(1);
}
#endif /* SIGPIPE */

8
testcode/testbound.c
View file

@ -168,7 +168,7 @@ spool_temp_file_name(int* lineno, FILE* cfg, char* id)
id++;
if(*id == '\0')
fatal_exit("TEMPFILE_NAME must have id, line %d", *lineno);
id[strlen(id)-1]=0; /* remove newline */
strip_end_white(id);
fake_temp_file("_temp_", id, line, sizeof(line));
fprintf(cfg, "\"%s\"\n", line);
}
@ -185,7 +185,7 @@ spool_temp_file(FILE* in, int* lineno, char* id)
id++;
if(*id == '\0')
fatal_exit("TEMPFILE_CONTENTS must have id, line %d", *lineno);
id[strlen(id)-1]=0; /* remove newline */
strip_end_white(id);
fake_temp_file("_temp_", id, line, sizeof(line));
/* open file and spool to it */
spool = fopen(line, "w");
@ -205,7 +205,7 @@ spool_temp_file(FILE* in, int* lineno, char* id)
char* tid = parse+17;
while(isspace((unsigned char)*tid))
tid++;
tid[strlen(tid)-1]=0; /* remove newline */
strip_end_white(tid);
fake_temp_file("_temp_", tid, l2, sizeof(l2));
snprintf(line, sizeof(line), "$INCLUDE %s\n", l2);
}
@ -230,7 +230,7 @@ spool_auto_file(FILE* in, int* lineno, FILE* cfg, char* id)
id++;
if(*id == '\0')
fatal_exit("AUTROTRUST_FILE must have id, line %d", *lineno);
id[strlen(id)-1]=0; /* remove newline */
strip_end_white(id);
fake_temp_file("_auto_", id, line, sizeof(line));
/* add option for the file */
fprintf(cfg, "server: auto-trust-anchor-file: \"%s\"\n", line);

10
testcode/unitauth.c
View file

@ -468,8 +468,13 @@ tmpfilecleanup(void)
int i;
char buf[256];
for(i=0; i<tempno; i++) {
#ifdef USE_WINSOCK
snprintf(buf, sizeof(buf), "unbound.unittest.%u.%d",
(unsigned)getpid(), i);
#else
snprintf(buf, sizeof(buf), "/tmp/unbound.unittest.%u.%d",
(unsigned)getpid(), i);
#endif
if(vbmp) printf("cleanup: unlink %s\n", buf);
unlink(buf);
}
@ -483,8 +488,13 @@ create_tmp_file(const char* s)
char *fname;
FILE *out;
size_t r;
#ifdef USE_WINSOCK
snprintf(buf, sizeof(buf), "unbound.unittest.%u.%d",
(unsigned)getpid(), tempno++);
#else
snprintf(buf, sizeof(buf), "/tmp/unbound.unittest.%u.%d",
(unsigned)getpid(), tempno++);
#endif
fname = strdup(buf);
if(!fname) fatal_exit("out of memory");
/* if no string, just make the name */

48
testcode/unitmain.c
View file

@ -839,52 +839,6 @@ static void respip_test(void)
respip_conf_actions_test();
}
#include "services/outside_network.h"
/** add number of new IDs to the reuse tree, randomly chosen */
static void tcpid_addmore(struct reuse_tcp* reuse,
struct outside_network* outnet, unsigned int addnum)
{
unsigned int i;
struct waiting_tcp* w;
for(i=0; i<addnum; i++) {
uint16_t id = reuse_tcp_select_id(reuse, outnet);
unit_assert(!reuse_tcp_by_id_find(reuse, id));
w = calloc(1, sizeof(*w));
unit_assert(w);
w->id = id;
w->outnet = outnet;
w->next_waiting = (void*)reuse->pending;
reuse_tree_by_id_insert(reuse, w);
}
}
/** fill up the reuse ID tree and test assertions */
static void tcpid_fillup(struct reuse_tcp* reuse,
struct outside_network* outnet)
{
int t, numtest=3;
for(t=0; t<numtest; t++) {
rbtree_init(&reuse->tree_by_id, reuse_id_cmp);
tcpid_addmore(reuse, outnet, 65535);
reuse_del_readwait(&reuse->tree_by_id);
}
}
/** test TCP ID selection */
static void tcpid_test(void)
{
struct pending_tcp pend;
struct outside_network outnet;
unit_show_func("services/outside_network.c", "reuse_tcp_select_id");
memset(&pend, 0, sizeof(pend));
pend.reuse.pending = &pend;
memset(&outnet, 0, sizeof(outnet));
outnet.rnd = ub_initstate(NULL);
rbtree_init(&pend.reuse.tree_by_id, reuse_id_cmp);
tcpid_fillup(&pend.reuse, &outnet);
ub_randfree(outnet.rnd);
}
void unit_show_func(const char* file, const char* func)
{
printf("test %s:%s\n", file, func);
@ -953,8 +907,8 @@ main(int argc, char* argv[])
infra_test();
ldns_test();
zonemd_test();
tcpreuse_test();
msgparse_test();
tcpid_test();
#ifdef CLIENT_SUBNET
ecs_test();
#endif /* CLIENT_SUBNET */

2
testcode/unitmain.h
View file

@ -82,5 +82,7 @@ void ldns_test(void);
void authzone_test(void);
/** unit test for zonemd functions */
void zonemd_test(void);
/** unit test for tcp_reuse functions */
void tcpreuse_test(void);
#endif /* TESTCODE_UNITMAIN_H */

236
testcode/unittcpreuse.c Normal file
View file

@ -0,0 +1,236 @@
/*
* testcode/unittcpreuse.c - unit test for tcp_reuse.
*
* Copyright (c) 2021, NLnet Labs. All rights reserved.
*
* This software is open source.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of the NLNET LABS nor the names of its contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* \file
* Tests the tcp_reuse functionality.
*/
#include "config.h"
#include "testcode/unitmain.h"
#include "util/log.h"
#include "util/random.h"
#include "services/outside_network.h"
/** add number of new IDs to the reuse tree, randomly chosen */
static void tcpid_addmore(struct reuse_tcp* reuse,
struct outside_network* outnet, unsigned int addnum)
{
unsigned int i;
struct waiting_tcp* w;
for(i=0; i<addnum; i++) {
uint16_t id = reuse_tcp_select_id(reuse, outnet);
unit_assert(!reuse_tcp_by_id_find(reuse, id));
w = calloc(1, sizeof(*w));
unit_assert(w);
w->id = id;
w->outnet = outnet;
w->next_waiting = (void*)reuse->pending;
reuse_tree_by_id_insert(reuse, w);
}
}
/** fill up the reuse ID tree and test assertions */
static void tcpid_fillup(struct reuse_tcp* reuse,
struct outside_network* outnet)
{
int t, numtest=3;
for(t=0; t<numtest; t++) {
rbtree_init(&reuse->tree_by_id, reuse_id_cmp);
tcpid_addmore(reuse, outnet, 65535);
reuse_del_readwait(&reuse->tree_by_id);
}
}
/** test TCP ID selection */
static void tcpid_test(void)
{
struct pending_tcp pend;
struct outside_network outnet;
unit_show_func("services/outside_network.c", "reuse_tcp_select_id");
memset(&pend, 0, sizeof(pend));
pend.reuse.pending = &pend;
memset(&outnet, 0, sizeof(outnet));
outnet.rnd = ub_initstate(NULL);
rbtree_init(&pend.reuse.tree_by_id, reuse_id_cmp);
tcpid_fillup(&pend.reuse, &outnet);
ub_randfree(outnet.rnd);
}
/** check that the tree has present number of nodes and the LRU is linked
* properly. */
static void check_tree_and_list(struct outside_network* outnet, int present)
{
int i;
struct reuse_tcp *reuse, *next_reuse;
unit_assert(present == (int)outnet->tcp_reuse.count);
if(present < 1) {
unit_assert(outnet->tcp_reuse_first == NULL);
unit_assert(outnet->tcp_reuse_last == NULL);
return;
}
unit_assert(outnet->tcp_reuse_first->item_on_lru_list);
unit_assert(!outnet->tcp_reuse_first->lru_prev);
reuse = outnet->tcp_reuse_first;
for(i=0; i<present-1; i++) {
unit_assert(reuse->item_on_lru_list);
unit_assert(reuse->lru_next);
unit_assert(reuse->lru_next != reuse);
next_reuse = reuse->lru_next;
unit_assert(next_reuse->lru_prev == reuse);
reuse = next_reuse;
}
unit_assert(!reuse->lru_next);
unit_assert(outnet->tcp_reuse_last->item_on_lru_list);
unit_assert(outnet->tcp_reuse_last == reuse);
}
/** creates pending_tcp. Copy of outside_network.c:create_pending_tcp without
* the comm_point creation */
static int create_pending_tcp(struct outside_network* outnet)
{
size_t i;
if(outnet->num_tcp == 0)
return 1; /* no tcp needed, nothing to do */
if(!(outnet->tcp_conns = (struct pending_tcp **)calloc(
outnet->num_tcp, sizeof(struct pending_tcp*))))
return 0;
for(i=0; i<outnet->num_tcp; i++) {
if(!(outnet->tcp_conns[i] = (struct pending_tcp*)calloc(1,
sizeof(struct pending_tcp))))
return 0;
outnet->tcp_conns[i]->next_free = outnet->tcp_free;
outnet->tcp_free = outnet->tcp_conns[i];
}
return 1;
}
/** empty the tcp_reuse tree and LRU list */
static void empty_tree(struct outside_network* outnet)
{
size_t i;
struct reuse_tcp* reuse;
reuse = outnet->tcp_reuse_first;
i = outnet->tcp_reuse.count;
while(reuse) {
reuse_tcp_remove_tree_list(outnet, reuse);
check_tree_and_list(outnet, --i);
reuse = outnet->tcp_reuse_first;
}
}
/** check removal of the LRU element on the given position of total elements */
static void check_removal(struct outside_network* outnet, int position, int total)
{
int i;
struct reuse_tcp* reuse;
empty_tree(outnet);
for(i=0; i<total; i++) {
reuse_tcp_insert(outnet, outnet->tcp_conns[i]);
}
check_tree_and_list(outnet, total);
reuse = outnet->tcp_reuse_first;
for(i=0; i<position; i++) reuse = reuse->lru_next;
reuse_tcp_remove_tree_list(outnet, reuse);
check_tree_and_list(outnet, total-1);
}
/** check snipping off the last element of the LRU with total elements */
static void check_snip(struct outside_network* outnet, int total)
{
int i;
struct reuse_tcp* reuse;
empty_tree(outnet);
for(i=0; i<total; i++) {
reuse_tcp_insert(outnet, outnet->tcp_conns[i]);
}
check_tree_and_list(outnet, total);
reuse = reuse_tcp_lru_snip(outnet);
while(reuse) {
reuse_tcp_remove_tree_list(outnet, reuse);
check_tree_and_list(outnet, --total);
reuse = reuse_tcp_lru_snip(outnet);
}
unit_assert(outnet->tcp_reuse_first == NULL);
unit_assert(outnet->tcp_reuse_last == NULL);
unit_assert(outnet->tcp_reuse.count == 0);
}
/** test tcp_reuse tree and LRU list functions */
static void tcp_reuse_tree_list_test(void)
{
size_t i;
struct outside_network outnet;
struct reuse_tcp* reuse;
memset(&outnet, 0, sizeof(outnet));
rbtree_init(&outnet.tcp_reuse, reuse_cmp);
outnet.num_tcp = 5;
outnet.tcp_reuse_max = outnet.num_tcp;
if(!create_pending_tcp(&outnet)) fatal_exit("out of memory");
/* add all to the tree */
unit_show_func("services/outside_network.c", "reuse_tcp_insert");
for(i=0; i<outnet.num_tcp; i++) {
reuse_tcp_insert(&outnet, outnet.tcp_conns[i]);
check_tree_and_list(&outnet, i+1);
}
/* check touching */
unit_show_func("services/outside_network.c", "reuse_tcp_lru_touch");
for(i=0; i<outnet.tcp_reuse.count; i++) {
for(reuse = outnet.tcp_reuse_first; reuse->lru_next; reuse = reuse->lru_next);
reuse_tcp_lru_touch(&outnet, reuse);
check_tree_and_list(&outnet, outnet.num_tcp);
}
/* check removal */
unit_show_func("services/outside_network.c", "reuse_tcp_remove_tree_list");
check_removal(&outnet, 2, 5);
check_removal(&outnet, 1, 3);
check_removal(&outnet, 1, 2);
/* check snip */
unit_show_func("services/outside_network.c", "reuse_tcp_lru_snip");
check_snip(&outnet, 4);
for(i=0; i<outnet.num_tcp; i++)
if(outnet.tcp_conns[i]) {
free(outnet.tcp_conns[i]);
}
free(outnet.tcp_conns);
}
void tcpreuse_test(void)
{
unit_show_feature("tcp_reuse");
tcpid_test();
tcp_reuse_tree_list_test();
}

105
testcode/unitzonemd.c
View file

@ -48,6 +48,10 @@
#include "util/regional.h"
#include "validator/val_anchor.h"
#define xstr(s) str(s)
#define str(s) #s
#define SRCDIRSTR xstr(SRCDIR)
/** Add zone from file for testing */
struct auth_zone* authtest_addzone(struct auth_zones* az, const char* name,
char* fname);
@ -82,7 +86,9 @@ static void zonemd_generate_test(const char* zname, char* zfile,
/* read file */
z = authtest_addzone(az, zname, zfile);
unit_assert(z);
lock_rw_wrlock(&z->lock);
z->zonemd_check = 1;
lock_rw_unlock(&z->lock);
/* create zonemd digest */
result = auth_zone_generate_zonemd_hash(z, scheme, hashalgo,
@ -130,37 +136,37 @@ static void zonemd_generate_test(const char* zname, char* zfile,
static void zonemd_generate_tests(void)
{
unit_show_func("services/authzone.c", "auth_zone_generate_zonemd_hash");
zonemd_generate_test("example.org", "testdata/zonemd.example1.zone",
zonemd_generate_test("example.org", SRCDIRSTR "/testdata/zonemd.example1.zone",
1, 2, "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D481B7");
/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
* from section A.1 */
zonemd_generate_test("example", "testdata/zonemd.example_a1.zone",
zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a1.zone",
1, 1, "c68090d90a7aed716bc459f9340e3d7c1370d4d24b7e2fc3a1ddc0b9a87153b9a9713b3c9ae5cc27777f98b8e730044c");
/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
* from section A.2 */
zonemd_generate_test("example", "testdata/zonemd.example_a2.zone",
zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a2.zone",
1, 1, "31cefb03814f5062ad12fa951ba0ef5f8da6ae354a415767246f7dc932ceb1e742a2108f529db6a33a11c01493de358d");
/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
* from section A.3 SHA384 digest */
zonemd_generate_test("example", "testdata/zonemd.example_a3.zone",
zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a3.zone",
1, 1, "62e6cf51b02e54b9b5f967d547ce43136792901f9f88e637493daaf401c92c279dd10f0edb1c56f8080211f8480ee306");
/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
* from section A.3 SHA512 digest*/
zonemd_generate_test("example", "testdata/zonemd.example_a3.zone",
zonemd_generate_test("example", SRCDIRSTR "/testdata/zonemd.example_a3.zone",
1, 2, "08cfa1115c7b948c4163a901270395ea226a930cd2cbcf2fa9a5e6eb85f37c8a4e114d884e66f176eab121cb02db7d652e0cc4827e7a3204f166b47e5613fd27");
/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
* from section A.4 */
zonemd_generate_test("uri.arpa", "testdata/zonemd.example_a4.zone",
zonemd_generate_test("uri.arpa", SRCDIRSTR "/testdata/zonemd.example_a4.zone",
1, 1, "1291b78ddf7669b1a39d014d87626b709b55774c5d7d58fadc556439889a10eaf6f11d615900a4f996bd46279514e473");
/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12
* from section A.5 */
zonemd_generate_test("root-servers.net", "testdata/zonemd.example_a5.zone",
zonemd_generate_test("root-servers.net", SRCDIRSTR "/testdata/zonemd.example_a5.zone",
1, 1, "f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a978a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79");
}
@ -168,7 +174,7 @@ static void zonemd_generate_tests(void)
static void zonemd_check_test(void)
{
const char* zname = "example.org";
char* zfile = "testdata/zonemd.example1.zone";
char* zfile = SRCDIRSTR "/testdata/zonemd.example1.zone";
int scheme = 1;
int hashalgo = 2;
const char* digest = "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D481B7";
@ -197,7 +203,9 @@ static void zonemd_check_test(void)
/* read file */
z = authtest_addzone(az, zname, zfile);
unit_assert(z);
lock_rw_wrlock(&z->lock);
z->zonemd_check = 1;
lock_rw_unlock(&z->lock);
hashlen = sizeof(hash);
if(sldns_str2wire_hex_buf(digest, hash, &hashlen) != 0) {
unit_assert(0); /* parse failure */
@ -337,25 +345,25 @@ static void zonemd_verify_tests(void)
unit_show_func("services/authzone.c", "auth_zone_verify_zonemd");
/* give trustanchor for unsigned zone, should fail */
zonemd_verify_test("example.org",
"testdata/zonemd.example1.zone",
SRCDIRSTR "/testdata/zonemd.example1.zone",
"example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20180302005009",
"verify DNSKEY RRset with trust anchor failed: have trust anchor, but zone has no DNSKEY");
/* unsigned zone without ZONEMD in it */
zonemd_verify_test("example.org",
"testdata/zonemd.example1.zone",
SRCDIRSTR "/testdata/zonemd.example1.zone",
NULL,
"20180302005009",
"no ZONEMD present");
/* no trust anchor, so it succeeds for zone with a correct ZONEMD */
zonemd_verify_test("example.com",
"testdata/zonemd.example2.zone",
SRCDIRSTR "/testdata/zonemd.example2.zone",
NULL,
"20180302005009",
"ZONEMD verification successful");
/* trust anchor for another zone, so it is indeterminate */
zonemd_verify_test("example.com",
"testdata/zonemd.example2.zone",
SRCDIRSTR "/testdata/zonemd.example2.zone",
"example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20180302005009",
"ZONEMD verification successful");
@ -364,7 +372,7 @@ static void zonemd_verify_tests(void)
/* this zonefile has an incorrect ZONEMD digest, with correct
* DNSSEC signature. */
zonemd_verify_test("example.com",
"testdata/zonemd.example3.zone",
SRCDIRSTR "/testdata/zonemd.example3.zone",
NULL,
"20180302005009",
"incorrect digest");
@ -372,7 +380,7 @@ static void zonemd_verify_tests(void)
/* this zonefile has an incorrect ZONEMD digest, with correct
* DNSSEC signature. */
zonemd_verify_test("example.com",
"testdata/zonemd.example4.zone",
SRCDIRSTR "/testdata/zonemd.example4.zone",
NULL,
"20180302005009",
"incorrect digest");
@ -380,91 +388,116 @@ static void zonemd_verify_tests(void)
/* this zonefile has a correct ZONEMD digest and
* correct DNSSEC signature */
zonemd_verify_test("example.com",
"testdata/zonemd.example5.zone",
SRCDIRSTR "/testdata/zonemd.example5.zone",
NULL,
"20180302005009",
"ZONEMD verification successful");
/* valid zonemd, in dnssec NSEC3 zone, no trust anchor*/
zonemd_verify_test("example.com",
"testdata/zonemd.example6.zone",
SRCDIRSTR "/testdata/zonemd.example6.zone",
NULL,
"20180302005009",
"ZONEMD verification successful");
/* load a DNSSEC signed zone with a trust anchor, valid ZONEMD */
zonemd_verify_test("example.com",
"testdata/zonemd.example5.zone",
SRCDIRSTR "/testdata/zonemd.example5.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"ZONEMD verification successful");
/* load a DNSSEC NSEC3 signed zone with a trust anchor, valid ZONEMD */
zonemd_verify_test("example.com",
"testdata/zonemd.example6.zone",
SRCDIRSTR "/testdata/zonemd.example6.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"ZONEMD verification successful");
/* load a DNSSEC NSEC zone without ZONEMD */
zonemd_verify_test("example.com",
"testdata/zonemd.example7.zone",
SRCDIRSTR "/testdata/zonemd.example7.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC verified nonexistence of ZONEMD");
/* load a DNSSEC NSEC3 zone without ZONEMD */
zonemd_verify_test("example.com",
"testdata/zonemd.example8.zone",
SRCDIRSTR "/testdata/zonemd.example8.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC verified nonexistence of ZONEMD");
/* load DNSSEC zone but RRSIG on ZONEMD is wrong */
zonemd_verify_test("example.com",
"testdata/zonemd.example9.zone",
SRCDIRSTR "/testdata/zonemd.example9.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC verify failed for ZONEMD RRset: signature crypto failed");
#ifdef HAVE_SSL
"DNSSEC verify failed for ZONEMD RRset: signature crypto failed"
#else /* HAVE_NETTLE */
"DNSSEC verify failed for ZONEMD RRset: RSA signature verification failed"
#endif
);
/* load DNSSEC zone but RRSIG on SOA is wrong */
zonemd_verify_test("example.com",
"testdata/zonemd.example10.zone",
SRCDIRSTR "/testdata/zonemd.example10.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC verify failed for SOA RRset: signature crypto failed");
#ifdef HAVE_SSL
"DNSSEC verify failed for SOA RRset: signature crypto failed"
#else /* HAVE_NETTLE */
"DNSSEC verify failed for SOA RRset: RSA signature verification failed"
#endif
);
/* load DNSSEC zone without ZONEMD, but NSEC bitmap says it exists */
zonemd_verify_test("example.com",
"testdata/zonemd.example11.zone",
SRCDIRSTR "/testdata/zonemd.example11.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC NSEC bitmap says type ZONEMD exists");
/* load DNSSEC zone without ZONEMD, but NSEC3 bitmap says it exists */
zonemd_verify_test("example.com",
"testdata/zonemd.example12.zone",
SRCDIRSTR "/testdata/zonemd.example12.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC NSEC3 bitmap says type ZONEMD exists");
/* load DNSSEC zone without ZONEMD, but RRSIG on NSEC not okay */
zonemd_verify_test("example.com",
"testdata/zonemd.example13.zone",
SRCDIRSTR "/testdata/zonemd.example13.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC verify failed for NSEC RRset: signature crypto failed");
#ifdef HAVE_SSL
"DNSSEC verify failed for NSEC RRset: signature crypto failed"
#else /* HAVE_NETTLE */
"DNSSEC verify failed for NSEC RRset: RSA signature verification failed"
#endif
);
/* load DNSSEC zone without ZONEMD, but RRSIG on NSEC3 not okay */
zonemd_verify_test("example.com",
"testdata/zonemd.example14.zone",
SRCDIRSTR "/testdata/zonemd.example14.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC verify failed for NSEC3 RRset: signature crypto failed");
#ifdef HAVE_SSL
"DNSSEC verify failed for NSEC3 RRset: signature crypto failed"
#else /* HAVE_NETTLE */
"DNSSEC verify failed for NSEC3 RRset: RSA signature verification failed"
#endif
);
/* load DNSSEC zone, with ZONEMD, but DNSKEY RRSIG is not okay. */
zonemd_verify_test("example.com",
"testdata/zonemd.example15.zone",
SRCDIRSTR "/testdata/zonemd.example15.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"verify DNSKEY RRset with trust anchor failed: signature crypto failed");
#ifdef HAVE_SSL
"verify DNSKEY RRset with trust anchor failed: signature crypto failed"
#else /* HAVE_NETTLE */
"verify DNSKEY RRset with trust anchor failed: RSA signature verification failed"
#endif
);
/* load DNSSEC zone, but trust anchor mismatches DNSKEY */
zonemd_verify_test("example.com",
"testdata/zonemd.example5.zone",
SRCDIRSTR "/testdata/zonemd.example5.zone",
/* okay anchor is
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", */
"example.com. IN DS 55566 8 2 0000000000111111222223333444444dfcf92595148022f2c2fd98e5deee90af",
@ -473,7 +506,7 @@ static void zonemd_verify_tests(void)
/* load DNSSEC zone, but trust anchor fails because the zone
* has expired signatures. We set the date for it */
zonemd_verify_test("example.com",
"testdata/zonemd.example5.zone",
SRCDIRSTR "/testdata/zonemd.example5.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
/* okay date: "20201020135527", */
"20221020135527",
@ -481,14 +514,14 @@ static void zonemd_verify_tests(void)
/* duplicate zonemd with same scheme and algorithm */
zonemd_verify_test("example.com",
"testdata/zonemd.example16.zone",
SRCDIRSTR "/testdata/zonemd.example16.zone",
NULL,
"20180302005009",
"ZONEMD RRSet contains more than one RR with the same scheme and hash algorithm");
/* different capitalisation of ns name and owner names, should
* be canonicalized. */
zonemd_verify_test("example.com",
"testdata/zonemd.example17.zone",
SRCDIRSTR "/testdata/zonemd.example17.zone",
NULL,
"20180302005009",
"ZONEMD verification successful");

3
testdata/http_user_agent.tdir/127.0.0.1/example.com.zone vendored Normal file
View file

@ -0,0 +1,3 @@
example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
example.com. IN NS ns.example.net.
www.example.com. IN A 1.2.3.4

24
testdata/http_user_agent.tdir/http_user_agent.conf vendored Normal file
View file

@ -0,0 +1,24 @@
auth-zone:
name: "example.com"
for-upstream: yes
for-downstream: yes
url: "https://127.0.0.1:@TOPORT@/example.com.zone"
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: @CONTROL_PORT@
server-key-file: "unbound_server.key"
server-cert-file: "unbound_server.pem"
control-key-file: "unbound_control.key"
control-cert-file: "unbound_control.pem"
server:
verbosity: 7
interface: 127.0.0.1
port: @PORT@
use-syslog: no
directory: ""
pidfile: "unbound.pid"
chroot: ""
username: ""
do-not-query-localhost: no
use-caps-for-id: yes

16
testdata/http_user_agent.tdir/http_user_agent.dsc vendored Normal file
View file

@ -0,0 +1,16 @@
BaseName: http_user_agent
Version: 1.0
Description: Check the http-user-agent configuration
CreationDate: Wed 2 Jun 13:59:26 CEST 2021
Maintainer:
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: http_user_agent.pre
Post: http_user_agent.post
Test: http_user_agent.test
AuxFiles:
Passed:
Failure:

11
testdata/http_user_agent.tdir/http_user_agent.post vendored Normal file
View file

@ -0,0 +1,11 @@
# #-- http_user_agent.post --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# source the test var file when it's there
[ -f .tpkg.var.test ] && source .tpkg.var.test
#
# do your teardown here
PRE="../.."
. ../common.sh
kill_pid $UNBOUND_PID
kill_pid $PETAL_PID

37
testdata/http_user_agent.tdir/http_user_agent.pre vendored Normal file
View file

@ -0,0 +1,37 @@
# #-- http_user_agent.pre--#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
get_random_port 3
UNBOUND_PORT=$RND_PORT
PETAL_PORT=$(($RND_PORT + 1))
CONTROL_PORT=$(($RND_PORT + 3))
echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
echo "PETAL_PORT=$PETAL_PORT" >> .tpkg.var.test
echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
get_make
(cd $PRE; $MAKE petal)
# start https daemon
# More verbosity because we need to see the HTTP headers
$PRE/petal -vv -a "127.0.0.1" -p $PETAL_PORT >petal.log 2>&1 &
PETAL_PID=$!
echo "PETAL_PID=$PETAL_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_petal_up petal.log
# make config file
sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$PETAL_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/'< http_user_agent.conf > ub.conf
# start unbound in the background
$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
UNBOUND_PID=$!
echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
cat .tpkg.var.test
wait_unbound_up unbound.log

103
testdata/http_user_agent.tdir/http_user_agent.test vendored Normal file
View file

@ -0,0 +1,103 @@
# #-- http_user_agent.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
# Query and check check that we get the correct answer from the auth_zone
query () {
echo "> dig www.example.com."
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
if grep SERVFAIL outfile; then
echo "> try again"
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 1
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
fi
if grep SERVFAIL outfile; then
echo "> try again"
sleep 10
dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile
fi
echo "> check answer"
if grep "1.2.3.4" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
}
# Reload the configuration and retransfer the zone
reload_and_retransfer () {
echo "> Reloading Unbound"
echo "$PRE/unbound-control -c ub.conf reload"
$PRE/unbound-control -c ub.conf reload
if test $? -ne 0; then
echo "wrong exit value from unbound-control"
exit 1
fi
echo "> Refetching example.com"
echo "$PRE/unbound-control -c ub.conf auth_zone_transfer example.com"
$PRE/unbound-control -c ub.conf auth_zone_transfer example.com
if test $? -ne 0; then
echo "wrong exit value from unbound-control"
exit 1
fi
}
# do the test
query
# add custom http-user-agent
echo "server: http-user-agent: customUA" >> ub.conf
reload_and_retransfer
query
# hide http-user-agent
echo "server: hide-http-user-agent: yes" >> ub.conf
reload_and_retransfer
query
echo "> cat logfiles"
cat petal.log
cat unbound.log
# check petal.log for the correct number of occurences.
# It should be 2 User-Agents, one being the custom.
echo "> check User-Agent occurences"
occurences=`grep "User-Agent:" petal.log | wc -l`
echo $occurences
if test $occurences -eq 2; then
echo "OK"
else
echo "Not OK"
exit 1
fi
echo "> check custom User-Agent"
if grep "User-Agent: customUA" petal.log; then
echo "OK"
else
echo "Not OK"
exit 1
fi
exit 0

21
testdata/http_user_agent.tdir/petal.key vendored Normal file
View file

@ -0,0 +1,21 @@
-----BEGIN RSA PRIVATE KEY-----
MIIDfQIBAAKBwQC1xQ/Kca6zszZbcCtdOTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJ
RuN+Rm304SonpwghfP2/ULZNnuDgpG03/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1
QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ867K029ypjOQtAJ85qdO3mERy7TGtdUcu
O6hLeVet419YeQ2F8cfNxn63d7bOzNGLPW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeU
J/i4YDWexFYSL+ECAwEAAQKBwCLXXQl+9O+5AEhSnd1Go1Jh0pSA7eBJOuXQcebG
Rb7ykp+6C4G2NtDziwwPRNdI6wQQQ0sym18RfyVQHydGr78/nbiIbB3HCn5e92Mh
mefzW6ow9Kvm2txLzGKA1lvoyRbNm81jnG/eygi3u7Nqd5PNv+4dHj2RkTlmxOeh
qnDMVP5md8uZPv6lYNnrnIzvLCR5vnPNdVwn89AqzI85IcDZdy0R9ZX4NBbsDgAU
6ig6uXuRXvSGiyJ/OUXSrnogaQJhAOjvkHUhVZQkPOxO90TNH4j0GdKKtbSWxIdz
lKfuJeBAEqs0TL+C6vbS81Xw3W1alyDdUBk3rJMOBqW6Ryq5HNL+j5H+Jfsh7fvc
Yle+5wHGci0P9zCFZCrY8It7n9XFIwJhAMfEi6oJa2G8waPJ1bQhxka82Tf9pnKM
XCn/1BBOFjVIx5F842cpA+zp5a62GENTGYPQTTRBB/2/ZwnW5aIkrlg54AtmbqBZ
Oh+2kJdJQD/tfoVmc5soUE2ScTHadK5RKwJhAN4w9kjkXS+MSZjX0kIMsBIBVkhh
C+aREjJqa9ir7/Ey7RvmLXdYuCxtGLRXp7/R8+rjcK49Tx6O+IRJZe042mfhbq3C
EhS1Tr86f4xXix9EXlDhs9bSxrOgcAN9Dv/opQJhAK7eBcPaav0rVfYh/8emqQHS
3fJ9Pu6WnzbEksWTFS2ff9KDGCx9YspIFJ5TF/oXDAaumGZdZrlgirm6O1kr8tGY
F97i04PZl1+bWAaWQH+1TUNI43m2WFUPE7coG2tb8QJgcddDg9VlXliZqgcETZfJ
kJmYETxrcSn3ao6v116N8yxhEgUgjkmsCTiFgx36iDVnXwK6PIt+sIu8MC7eYNa3
berrv/M21K0LRn20IWRxvUobG070weHCAgkko7fTWgr2
-----END RSA PRIVATE KEY-----

14
testdata/http_user_agent.tdir/petal.pem vendored Normal file
View file

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICFzCCAUACCQDO660L5y5LGDANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVw
ZXRhbDAeFw0xMDA5MzAxMzQzMDFaFw0zMDA2MTcxMzQzMDFaMBAxDjAMBgNVBAMT
BXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC1xQ/Kca6zszZbcCtd
OTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJRuN+Rm304SonpwghfP2/ULZNnuDgpG03
/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ8
67K029ypjOQtAJ85qdO3mERy7TGtdUcuO6hLeVet419YeQ2F8cfNxn63d7bOzNGL
PW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeUJ/i4YDWexFYSL+ECAwEAATANBgkqhkiG
9w0BAQUFAAOBwQBBkX9KDP2RXbg+xPmdJ4P6CwvA5x1LZwC++ydVx4NlvT0pWicD
ZUnXjcWAJlkeOuUBAqFG7WHTrXpUUAjmdqFVq2yFjteUYBdrFz0RDB2jM9feeKYO
mTgxdZyT9a6humxCxt5VfgT02axLjm/2AqCyFPMbf4PASoJDln01AEuZLZ8Xl2gV
bYHMnHTGoD1Hu6FNEzRgkMC6XT8X3YjHvzQhpc/qL5wEfEsinQGdX4twsuWbf8xd
q7miNnkO8vd0maw=
-----END CERTIFICATE-----

39
testdata/http_user_agent.tdir/unbound_control.key vendored Normal file
View file

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
-----END RSA PRIVATE KEY-----

22
testdata/http_user_agent.tdir/unbound_control.pem vendored Normal file
View file

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
-----END CERTIFICATE-----

39
testdata/http_user_agent.tdir/unbound_server.key vendored Normal file
View file

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
-----END RSA PRIVATE KEY-----

22
testdata/http_user_agent.tdir/unbound_server.pem vendored Normal file
View file

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
-----END CERTIFICATE-----

0
testdata/root_key_sentinel.rpl vendored Executable file → Normal file
View file

9
testdata/svcb.tdir/crypto.cloudflare.com.zone vendored Normal file
View file

@ -0,0 +1,9 @@
crypto.cloudflare.com. 3600 IN SOA jobs.ns.cloudflare.com. dns.cloudflare.com. (
2037099480 ; serial
10000 ; refresh (2 hours 46 minutes 40 seconds)
2400 ; retry (40 minutes)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
crypto.cloudflare.com. 300 IN HTTPS 1 . alpn=h2 ipv4hint=162.159.135.79,162.159.136.79 echconfig=AEj+CgBETwAgACDeVpr34JzYHDGNFoGWhksj5mpBxradonbqH3X9+h7jHgAEAAEAAQAAABNjbG91ZGZsYXJlLWVzbmkuY29tAAA= ipv6hint=2606:4700:7::a29f:874f,2606:4700:7::a29f:884f

16
testdata/svcb.tdir/svcb.dsc vendored Normal file
View file

@ -0,0 +1,16 @@
BaseName: svcb
Version: 1.0
Description: Test SVCB and HTTPS parsing
CreationDate: Fri May 25 12:51:22 UTC 2021
Maintainer: Tom Carpay
Category:
Component:
CmdDepends:
Depends:
Help:
Pre:
Post:
Test: svcb.test
AuxFiles:
Passed:
Failure:

9
testdata/svcb.tdir/svcb.failure-cases-01 vendored Normal file
View file

@ -0,0 +1,9 @@
$ORIGIN failure-cases.
$TTL 3600
@ SOA primary admin 0 0 0 0 0
; Here there are multiple instances of the same SvcParamKey in the mandatory list
f21 HTTPS 1 foo.example.com. ech="123"
f21 HTTPS 1 foo.example.com. echconfig="123"

8
testdata/svcb.tdir/svcb.failure-cases-02 vendored Normal file
View file

@ -0,0 +1,8 @@
$ORIGIN failure-cases.
$TTL 3600
@ SOA primary admin 0 0 0 0 0
; Port must be a positive number < 65536
f22 HTTPS 1 foo.example.com. port=65536

8
testdata/svcb.tdir/svcb.failure-cases-03 vendored Normal file
View file

@ -0,0 +1,8 @@
$ORIGIN failure-cases.
$TTL 3600
@ SOA primary admin 0 0 0 0 0
; 65 SvcParams is too many SvcParams; the limit is 64
f23 HTTPS 1 foo.example.com. ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a key164=a key165=a )

8
testdata/svcb.tdir/svcb.failure-cases-04 vendored Normal file
View file

@ -0,0 +1,8 @@
$ORIGIN failure-cases.
$TTL 3600
@ SOA primary admin 0 0 0 0 0
; 256 is too many characters for an alpn; maximum is 255
f23 HTTPS 1 foo.example.com. ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" )

47
testdata/svcb.tdir/svcb.success-cases.zone vendored Normal file
View file

@ -0,0 +1,47 @@
$ORIGIN success-cases.
$TTL 3600
@ SOA primary admin 0 0 0 0 0
; A particular key does not need to have a value
s01 SVCB 0 . key123
; echconfig does not need to have a value
s02 SVCB 0 . echconfig
; When "no-default-alpn" is specified in an RR, "alpn" must also be specified
; in order for the RR to be "self-consistent"
s03 HTTPS 0 . alpn="h2,h3" no-default-alpn
; SHOULD is not MUST (so allowed)
; Zone-file implementations SHOULD enforce self-consistency
s04 HTTPS 0 . no-default-alpn
; SHOULD is not MUST (so allowed)
; (port and no-default-alpn are automatically mandatory keys with HTTPS)
; Other automatically mandatory keys SHOULD NOT appear in the list either.
s05 HTTPS 0 . alpn="dot" no-default-alpn port=853 mandatory=port
; Any valid base64 is okay for ech
s06 HTTPS 0 . ech="aGVsbG93b3JsZCE="
; echconfig is an alias for ech
s07 HTTPS 0 . echconfig="aGVsbG93b3JsZCE="
; maximum size allowed in a svcb rdata set (63 SvcParams)
s08 HTTPS 0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a)
; maximum alpn size allowed (255 characters)
s09 HTTPS 0 . ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" )

10
testdata/svcb.tdir/svcb.success-cases.zone.cmp vendored Normal file
View file

@ -0,0 +1,10 @@
success-cases. 3600 IN SOA primary.success-cases. admin.success-cases. 0 0 0 0 0
s01.success-cases. 3600 IN SVCB 0 . key123
s02.success-cases. 3600 IN SVCB 0 . ech
s03.success-cases. 3600 IN HTTPS 0 . alpn="h2,h3" no-default-alpn
s04.success-cases. 3600 IN HTTPS 0 . no-default-alpn
s05.success-cases. 3600 IN HTTPS 0 . mandatory=port alpn="dot" no-default-alpn port=853
s06.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE="
s07.success-cases. 3600 IN HTTPS 0 . ech="aGVsbG93b3JsZCE="
s08.success-cases. 3600 IN HTTPS 0 . key11="a" key12="a" key13="a" key14="a" key15="a" key16="a" key17="a" key18="a" key19="a" key110="a" key111="a" key112="a" key113="a" key114="a" key115="a" key116="a" key117="a" key118="a" key119="a" key120="a" key121="a" key122="a" key123="a" key124="a" key125="a" key126="a" key127="a" key128="a" key129="a" key130="a" key131="a" key132="a" key133="a" key134="a" key135="a" key136="a" key137="a" key138="a" key139="a" key140="a" key141="a" key142="a" key143="a" key144="a" key145="a" key146="a" key147="a" key148="a" key149="a" key150="a" key151="a" key152="a" key153="a" key154="a" key155="a" key156="a" key157="a" key158="a" key159="a" key160="a" key161="a" key162="a" key163="a"
s09.success-cases. 3600 IN HTTPS 0 . alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

97
testdata/svcb.tdir/svcb.test vendored Normal file
View file

@ -0,0 +1,97 @@
# #-- svcb.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
# check and write the test vectors in their respective formats
PRE=../..
if ! $PRE/readzone svcb.test-vectors-pf.zone > svcb.test-vectors-pf.zone.out
then
echo "Could not parse presentation format zone"
exit 1
elif ! $PRE/readzone svcb.test-vectors-pf.zone.out > svcb.test-vectors-pf.zone.out.out
then
echo "Could not parse output from presentation format zone"
exit 1
elif ! $PRE/readzone svcb.test-vectors-wf.zone > svcb.test-vectors-wf.zone.out
then
echo "Could not parse RFC3597 formatted zone"
exit 1
elif ! $PRE/readzone svcb.test-vectors-wf.zone.out > svcb.test-vectors-wf.zone.out.out
then
echo "Could not parse output from RFC3597 formatted zone"
exit 1
else
echo "All test zones parsed successfully"
fi
# check the formatting of the written files
if ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-pf.zone.out.out
then
echo "Parsing inconsistency 1"
exit 1
elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out
then
echo "Parsing inconsistency 2"
exit 1
elif ! diff svcb.test-vectors-pf.zone.out svcb.test-vectors-wf.zone.out.out
then
echo "Parsing inconsistency 3"
exit 1
else
echo "Parsing of SVCB and HTTPS was consistent"
fi
# check all the failure cases
if $PRE/readzone svcb.failure-cases-01
then
echo "Failure case 01: ech value is not base64 encoded"
echo "Incorrectly succeeded"
exit 1
elif $PRE/readzone svcb.failure-cases-02
then
echo "Failure case 02: port value needs to be a positive integer < 65536"
echo "Incorrectly succeeded"
exit 1
elif $PRE/readzone svcb.failure-cases-03
then
echo "Failure case 02: 65 SvcParams is too many SvcParams; the limit is 64"
echo "Incorrectly succeeded"
exit 1
elif $PRE/readzone svcb.failure-cases-04
then
echo "Failure case 04: 256 is too many characters for an alpn; maximum is 255"
echo "Incorrectly succeeded"
exit 1
else
echo "All failure cases test successfully"
fi
# check all the succes and write them
if ! $PRE/readzone svcb.success-cases.zone > svcb.success-cases.zone.out
then
echo "Some particular success cases did not succeed to parse"
exit 1
elif ! diff svcb.success-cases.zone.out svcb.success-cases.zone.cmp
then
echo "Some success cases could not be printed"
exit 1
else
echo "All particular success cases parsed and printed successfully"
fi

92
testdata/svcb.tdir/svcb.test-vectors-pf.zone vendored Normal file
View file

@ -0,0 +1,92 @@
$ORIGIN test-vectors.
$TTL 3600
@ SOA primary admin 1 3600 1800 7200 3600
NS primary
primary A 127.0.0.1
; D.1. AliasForm
v01 SVCB 0 foo.example.com.
; D.2. ServiceForm
; The first form is the simple "use the ownername".
v02 SVCB 1 .
; This vector only has a port.
v03 SVCB 16 foo.example.com. port=53
; This example has a key that is not registered, its value is unquoted.
v04 SVCB 1 foo.example.com. key667=hello
; This example has a key that is not registered, its value is quoted and
; contains a decimal-escaped character.
v05 SVCB 1 foo.example.com. key667="hello\210qoo"
; Here, two IPv6 hints are quoted in the presentation format.
v06 SVCB 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1"
; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format.
v07 SVCB 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100"
; In the next vector, neither the SvcParamValues nor the mandatory keys are
; sorted in presentation format, but are correctly sorted in the wire-format.
v08 SVCB 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn
ipv4hint=192.0.2.1)
; This last (two) vectors has an alpn value with an escaped comma and an
; escaped backslash in two presentation formats.
v09 SVCB 16 foo.example.org. alpn="f\\\\oo\\,bar,h2"
v10 SVCB 16 foo.example.org. alpn=f\\\092oo\092,bar,h2
; D.1. AliasForm
v11 HTTPS 0 foo.example.com.
; D.2. ServiceForm
; The first form is the simple "use the ownername".
v12 HTTPS 1 .
; This vector only has a port.
v13 HTTPS 16 foo.example.com. port=53
; This example has a key that is not registered, its value is unquoted.
v14 HTTPS 1 foo.example.com. key667=hello
; This example has a key that is not registered, its value is quoted and
; contains a decimal-escaped character.
v15 HTTPS 1 foo.example.com. key667="hello\210qoo"
; Here, two IPv6 hints are quoted in the presentation format.
v16 HTTPS 1 foo.example.com. ipv6hint="2001:db8::1,2001:db8::53:1"
; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format.
v17 HTTPS 1 example.com. ipv6hint="2001:db8:ffff:ffff:ffff:ffff:198.51.100.100"
; In the next vector, neither the SvcParamValues nor the mandatory keys are
; sorted in presentation format, but are correctly sorted in the wire-format.
v18 HTTPS 16 foo.example.org. (alpn=h2,h3-19 mandatory=ipv4hint,alpn
ipv4hint=192.0.2.1)
; This last (two) vectors has an alpn value with an escaped comma and an
; escaped backslash in two presentation formats.
v19 HTTPS 16 foo.example.org. alpn="f\\\\oo\\,bar,h2"
v20 HTTPS 16 foo.example.org. alpn=f\\\092oo\092,bar,h2

232
testdata/svcb.tdir/svcb.test-vectors-wf.zone vendored Normal file
View file

@ -0,0 +1,232 @@
$ORIGIN test-vectors.
$TTL 3600
@ SOA primary admin 1 3600 1800 7200 3600
NS primary
primary A 127.0.0.1
; D.1. AliasForm
v01 SVCB \# 19 (
00 00 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
)
; D.2. ServiceForm
; The first form is the simple "use the ownername".
v02 SVCB \# 3 (
00 01 ; priority
00 ; target (root label)
)
; This vector only has a port.
v03 SVCB \# 25 (
00 10 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
00 03 ; key 3
00 02 ; length 2
00 35 ; value
)
; This example has a key that is not registered, its value is unquoted.
v04 SVCB \# 28 (
00 01 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
02 9b ; key 667
00 05 ; length 5
68 65 6c 6c 6f ; value
)
; This example has a key that is not registered, its value is quoted and
; contains a decimal-escaped character.
v05 SVCB \# 32 (
00 01 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
02 9b ; key 667
00 09 ; length 9
68 65 6c 6c 6f d2 71 6f 6f ; value
)
; Here, two IPv6 hints are quoted in the presentation format.
v06 SVCB \# 55 (
00 01 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
00 06 ; key 6
00 20 ; length 32
20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address
20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address
)
; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format.
v07 SVCB \# 35 (
00 01 ; priority
07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
00 06 ; key 6
00 10 ; length 16
20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address
)
; In the next vector, neither the SvcParamValues nor the mandatory keys are
; sorted in presentation format, but are correctly sorted in the wire-format.
v08 SVCB \# 48 (
00 10 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
00 00 ; key 0
00 04 ; param length 4
00 01 ; value: key 1
00 04 ; value: key 4
00 01 ; key 1
00 09 ; param length 9
02 ; alpn length 2
68 32 ; alpn value
05 ; alpn length 5
68 33 2d 31 39 ; alpn value
00 04 ; key 4
00 04 ; param length 4
c0 00 02 01 ; param value
)
; This last (two) vectors has an alpn value with an escaped comma and an
; escaped backslash in two presentation formats.
v09 SVCB \# 35 (
00 10 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
00 01 ; key 1
00 0c ; param length 12
08 ; alpn length 8
66 5c 6f 6f 2c 62 61 72 ; alpn value
02 ; alpn length 2
68 32 ; alpn value
)
v10 SVCB \# 35 (
00 10 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
00 01 ; key 1
00 0c ; param length 12
08 ; alpn length 8
66 5c 6f 6f 2c 62 61 72 ; alpn value
02 ; alpn length 2
68 32 ; alpn value
)
; D.1. AliasForm
v11 HTTPS \# 19 (
00 00 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
)
; D.2. ServiceForm
; The first form is the simple "use the ownername".
v12 HTTPS \# 3 (
00 01 ; priority
00 ; target (root label)
)
; This vector only has a port.
v13 HTTPS \# 25 (
00 10 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
00 03 ; key 3
00 02 ; length 2
00 35 ; value
)
; This example has a key that is not registered, its value is unquoted.
v14 HTTPS \# 28 (
00 01 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
02 9b ; key 667
00 05 ; length 5
68 65 6c 6c 6f ; value
)
; This example has a key that is not registered, its value is quoted and
; contains a decimal-escaped character.
v15 HTTPS \# 32 (
00 01 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
02 9b ; key 667
00 09 ; length 9
68 65 6c 6c 6f d2 71 6f 6f ; value
)
; Here, two IPv6 hints are quoted in the presentation format.
v16 HTTPS \# 55 (
00 01 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
00 06 ; key 6
00 20 ; length 32
20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01 ; first address
20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 ; second address
)
; This example shows a single IPv6 hint in IPv4 mapped IPv6 presentation format.
v17 HTTPS \# 35 (
00 01 ; priority
07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ; target
00 06 ; key 6
00 10 ; length 16
20 01 0d b8 ff ff ff ff ff ff ff ff c6 33 64 64 ; address
)
; In the next vector, neither the SvcParamValues nor the mandatory keys are
; sorted in presentation format, but are correctly sorted in the wire-format.
v18 HTTPS \# 48 (
00 10 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
00 00 ; key 0
00 04 ; param length 4
00 01 ; value: key 1
00 04 ; value: key 4
00 01 ; key 1
00 09 ; param length 9
02 ; alpn length 2
68 32 ; alpn value
05 ; alpn length 5
68 33 2d 31 39 ; alpn value
00 04 ; key 4
00 04 ; param length 4
c0 00 02 01 ; param value
)
; This last (two) vectors has an alpn value with an escaped comma and an
; escaped backslash in two presentation formats.
v19 HTTPS \# 35 (
00 10 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
00 01 ; key 1
00 0c ; param length 12
08 ; alpn length 8
66 5c 6f 6f 2c 62 61 72 ; alpn value
02 ; alpn length 2
68 32 ; alpn value
)
v20 HTTPS \# 35 (
00 10 ; priority
03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
00 01 ; key 1
00 0c ; param length 12
08 ; alpn length 8
66 5c 6f 6f 2c 62 61 72 ; alpn value
02 ; alpn length 2
68 32 ; alpn value
)

1
testdata/zonemd_reload.tdir/zonemd_reload.conf vendored
View file

@ -19,4 +19,5 @@ auth-zone:
for-upstream: yes
for-downstream: yes
zonefile: "zonemd_reload.zone"
zonemd-check: yes
#master: "127.0.0.1@@TOPORT@"

2
testdata/zonemd_reload.tdir/zonemd_reload.test vendored
View file

@ -41,7 +41,7 @@ echo "> cat logfiles"
cat fwd.log
cat unbound.log
echo "> check answer"
if grep www.example.com outfile | grep "127.0.0.1"; then
if grep www.example.com outfile | grep "192.0.2.1"; then
echo "OK"
else
echo "Not OK"

6
testdata/zonemd_reload.tdir/zonemd_reload.zone vendored
View file

@ -1,8 +1,8 @@
example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
example.com. IN NS ns.example.com.
example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
www.example.com. IN A 127.0.0.1
ns.example.com. IN A 127.0.0.1
example.com. IN ZONEMD 200154054 1 2 D207FBBD1403DC8FDDC0159AB1F4B4C54A2FEB814E5CB1E82841C51D1372E78E4F6C75F7A9D710CC78C54E2DB3B92D07C72990644F93E1C44AC356EACA3980C5
www.example.com. IN A 192.0.2.1
ns.example.com. IN A 192.0.2.1
bar.example.com. IN A 1.2.3.4
ding.example.com. IN A 1.2.3.4
foo.example.com. IN A 1.2.3.4

46
util/config_file.c
View file

@ -238,8 +238,10 @@ config_create(void)
cfg->hide_identity = 0;
cfg->hide_version = 0;
cfg->hide_trustanchor = 0;
cfg->hide_http_user_agent = 0;
cfg->identity = NULL;
cfg->version = NULL;
cfg->http_user_agent = NULL;
cfg->nsid_cfg_str = NULL;
cfg->nsid = NULL;
cfg->nsid_len = 0;
@ -253,6 +255,7 @@ config_create(void)
cfg->val_date_override = 0;
cfg->val_sig_skew_min = 3600; /* at least daylight savings trouble */
cfg->val_sig_skew_max = 86400; /* at most timezone settings trouble */
cfg->val_max_restart = 5;
cfg->val_clean_additional = 1;
cfg->val_log_level = 0;
cfg->val_log_squelch = 0;
@ -594,8 +597,10 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("hide-identity:", hide_identity)
else S_YNO("hide-version:", hide_version)
else S_YNO("hide-trustanchor:", hide_trustanchor)
else S_YNO("hide-http-user-agent:", hide_http_user_agent)
else S_STR("identity:", identity)
else S_STR("version:", version)
else S_STR("http-user-agent:", http_user_agent)
else if(strcmp(opt, "nsid:") == 0) {
free(cfg->nsid_cfg_str);
if (!(cfg->nsid_cfg_str = strdup(val)))
@ -764,12 +769,14 @@ int config_set_option(struct config_file* cfg, const char* opt,
#endif
else if(strcmp(opt, "define-tag:") ==0) {
return config_add_tag(cfg, val);
/* val_sig_skew_min and max are copied into val_env during init,
* so this does not update val_env with set_option */
/* val_sig_skew_min, max and val_max_restart are copied into val_env
* during init so this does not update val_env with set_option */
} else if(strcmp(opt, "val-sig-skew-min:") == 0)
{ IS_NUMBER_OR_ZERO; cfg->val_sig_skew_min = (int32_t)atoi(val); }
else if(strcmp(opt, "val-sig-skew-max:") == 0)
{ IS_NUMBER_OR_ZERO; cfg->val_sig_skew_max = (int32_t)atoi(val); }
else if(strcmp(opt, "val-max-restart:") == 0)
{ IS_NUMBER_OR_ZERO; cfg->val_max_restart = (int32_t)atoi(val); }
else if (strcmp(opt, "outgoing-interface:") == 0) {
char* d = strdup(val);
char** oi =
@ -1052,8 +1059,10 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "hide-identity", hide_identity)
else O_YNO(opt, "hide-version", hide_version)
else O_YNO(opt, "hide-trustanchor", hide_trustanchor)
else O_YNO(opt, "hide-http-user-agent", hide_http_user_agent)
else O_STR(opt, "identity", identity)
else O_STR(opt, "version", version)
else O_STR(opt, "http-user-agent", http_user_agent)
else O_STR(opt, "nsid", nsid_cfg_str)
else O_STR(opt, "target-fetch-policy", target_fetch_policy)
else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize)
@ -1190,6 +1199,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "fast-server-permil", fast_server_permil)
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max)
else O_DEC(opt, "val-max-restart", val_max_restart)
else O_YNO(opt, "qname-minimisation", qname_minimisation)
else O_YNO(opt, "qname-minimisation-strict", qname_minimisation_strict)
else O_IFC(opt, "define-tag", num_tags, tagname)
@ -1528,6 +1538,7 @@ config_delete(struct config_file* cfg)
#endif
free(cfg->identity);
free(cfg->version);
free(cfg->http_user_agent);
free(cfg->nsid_cfg_str);
free(cfg->nsid);
free(cfg->module_conf);
@ -1693,6 +1704,37 @@ int cfg_condense_ports(struct config_file* cfg, int** avail)
return num;
}
void cfg_apply_local_port_policy(struct config_file* cfg, int num) {
(void)cfg;
(void)num;
#ifdef USE_LINUX_IP_LOCAL_PORT_RANGE
{
int i = 0;
FILE* range_fd;
if ((range_fd = fopen(LINUX_IP_LOCAL_PORT_RANGE_PATH, "r")) != NULL) {
int min_port = 0;
int max_port = num - 1;
if (fscanf(range_fd, "%d %d", &min_port, &max_port) == 2) {
for(i=0; i<min_port; i++) {
cfg->outgoing_avail_ports[i] = 0;
}
for(i=max_port+1; i<num; i++) {
cfg->outgoing_avail_ports[i] = 0;
}
} else {
log_err("unexpected port range in %s",
LINUX_IP_LOCAL_PORT_RANGE_PATH);
}
fclose(range_fd);
} else {
log_err("failed to read from file: %s (%s)",
LINUX_IP_LOCAL_PORT_RANGE_PATH,
strerror(errno));
}
}
#endif
}
/** print error with file and line number */
static void ub_c_error_va_list(const char *fmt, va_list args)
{

17
util/config_file.h
View file

@ -340,10 +340,14 @@ struct config_file {
int hide_version;
/** do not report trustanchor (trustanchor.unbound) */
int hide_trustanchor;
/** do not report the User-Agent HTTP header */
int hide_http_user_agent;
/** identity, hostname is returned if "". */
char* identity;
/** version, package version returned if "". */
char* version;
/** User-Agent for HTTP header */
char* http_user_agent;
/** nsid */
char *nsid_cfg_str;
uint8_t *nsid;
@ -373,6 +377,8 @@ struct config_file {
int32_t val_sig_skew_min;
/** the maximum for signature clock skew */
int32_t val_sig_skew_max;
/** max number of query restarts, number of IPs to probe */
int32_t val_max_restart;
/** this value sets the number of seconds before revalidating bogus */
int bogus_ttl;
/** should validator clean additional section for secure msgs */
@ -1184,6 +1190,13 @@ int cfg_mark_ports(const char* str, int allow, int* avail, int num);
*/
int cfg_condense_ports(struct config_file* cfg, int** avail);
/**
* Apply system specific port range policy.
* @param cfg: config file.
* @param num: size of the array (65536).
*/
void cfg_apply_local_port_policy(struct config_file* cfg, int num);
/**
* Scan ports available
* @param avail: the array from cfg.
@ -1323,5 +1336,9 @@ int if_is_https(const char* ifname, const char* port, int https_port);
*/
int cfg_has_https(struct config_file* cfg);
#ifdef USE_LINUX_IP_LOCAL_PORT_RANGE
#define LINUX_IP_LOCAL_PORT_RANGE_PATH "/proc/sys/net/ipv4/ip_local_port_range"
#endif
#endif /* UTIL_CONFIG_FILE_H */

5003
util/configlexer.c
View file

File diff suppressed because it is too large Load diff

3
util/configlexer.lex
View file

@ -371,8 +371,10 @@ max-ecs-tree-size-ipv6{COLON} { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) }
hide-identity{COLON} { YDVAR(1, VAR_HIDE_IDENTITY) }
hide-version{COLON} { YDVAR(1, VAR_HIDE_VERSION) }
hide-trustanchor{COLON} { YDVAR(1, VAR_HIDE_TRUSTANCHOR) }
hide-http-user-agent{COLON} { YDVAR(1, VAR_HIDE_HTTP_USER_AGENT) }
identity{COLON} { YDVAR(1, VAR_IDENTITY) }
version{COLON} { YDVAR(1, VAR_VERSION) }
http-user-agent{COLON} { YDVAR(1, VAR_HTTP_USER_AGENT) }
module-config{COLON} { YDVAR(1, VAR_MODULE_CONF) }
dlv-anchor{COLON} { YDVAR(1, VAR_DLV_ANCHOR) }
dlv-anchor-file{COLON} { YDVAR(1, VAR_DLV_ANCHOR_FILE) }
@ -385,6 +387,7 @@ root-key-sentinel{COLON} { YDVAR(1, VAR_ROOT_KEY_SENTINEL) }
val-override-date{COLON} { YDVAR(1, VAR_VAL_OVERRIDE_DATE) }
val-sig-skew-min{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) }
val-sig-skew-max{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) }
val-max-restart{COLON} { YDVAR(1, VAR_VAL_MAX_RESTART) }
val-bogus-ttl{COLON} { YDVAR(1, VAR_BOGUS_TTL) }
val-clean-additional{COLON} { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) }
val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) }

4833
util/configparser.c
View file

File diff suppressed because it is too large Load diff

799
util/configparser.h
View file

@ -1,4 +1,4 @@
/* A Bison parser, made by GNU Bison 3.6.4. */
/* A Bison parser, made by GNU Bison 3.7.4. */
/* Bison interface for Yacc-like parsers in C
@ -169,207 +169,211 @@ extern int yydebug;
VAR_PYTHON_SCRIPT = 370, /* VAR_PYTHON_SCRIPT */
VAR_VAL_SIG_SKEW_MIN = 371, /* VAR_VAL_SIG_SKEW_MIN */
VAR_VAL_SIG_SKEW_MAX = 372, /* VAR_VAL_SIG_SKEW_MAX */
VAR_CACHE_MIN_TTL = 373, /* VAR_CACHE_MIN_TTL */
VAR_VAL_LOG_LEVEL = 374, /* VAR_VAL_LOG_LEVEL */
VAR_AUTO_TRUST_ANCHOR_FILE = 375, /* VAR_AUTO_TRUST_ANCHOR_FILE */
VAR_KEEP_MISSING = 376, /* VAR_KEEP_MISSING */
VAR_ADD_HOLDDOWN = 377, /* VAR_ADD_HOLDDOWN */
VAR_DEL_HOLDDOWN = 378, /* VAR_DEL_HOLDDOWN */
VAR_SO_RCVBUF = 379, /* VAR_SO_RCVBUF */
VAR_EDNS_BUFFER_SIZE = 380, /* VAR_EDNS_BUFFER_SIZE */
VAR_PREFETCH = 381, /* VAR_PREFETCH */
VAR_PREFETCH_KEY = 382, /* VAR_PREFETCH_KEY */
VAR_SO_SNDBUF = 383, /* VAR_SO_SNDBUF */
VAR_SO_REUSEPORT = 384, /* VAR_SO_REUSEPORT */
VAR_HARDEN_BELOW_NXDOMAIN = 385, /* VAR_HARDEN_BELOW_NXDOMAIN */
VAR_IGNORE_CD_FLAG = 386, /* VAR_IGNORE_CD_FLAG */
VAR_LOG_QUERIES = 387, /* VAR_LOG_QUERIES */
VAR_LOG_REPLIES = 388, /* VAR_LOG_REPLIES */
VAR_LOG_LOCAL_ACTIONS = 389, /* VAR_LOG_LOCAL_ACTIONS */
VAR_TCP_UPSTREAM = 390, /* VAR_TCP_UPSTREAM */
VAR_SSL_UPSTREAM = 391, /* VAR_SSL_UPSTREAM */
VAR_TCP_AUTH_QUERY_TIMEOUT = 392, /* VAR_TCP_AUTH_QUERY_TIMEOUT */
VAR_SSL_SERVICE_KEY = 393, /* VAR_SSL_SERVICE_KEY */
VAR_SSL_SERVICE_PEM = 394, /* VAR_SSL_SERVICE_PEM */
VAR_SSL_PORT = 395, /* VAR_SSL_PORT */
VAR_FORWARD_FIRST = 396, /* VAR_FORWARD_FIRST */
VAR_STUB_SSL_UPSTREAM = 397, /* VAR_STUB_SSL_UPSTREAM */
VAR_FORWARD_SSL_UPSTREAM = 398, /* VAR_FORWARD_SSL_UPSTREAM */
VAR_TLS_CERT_BUNDLE = 399, /* VAR_TLS_CERT_BUNDLE */
VAR_HTTPS_PORT = 400, /* VAR_HTTPS_PORT */
VAR_HTTP_ENDPOINT = 401, /* VAR_HTTP_ENDPOINT */
VAR_HTTP_MAX_STREAMS = 402, /* VAR_HTTP_MAX_STREAMS */
VAR_HTTP_QUERY_BUFFER_SIZE = 403, /* VAR_HTTP_QUERY_BUFFER_SIZE */
VAR_HTTP_RESPONSE_BUFFER_SIZE = 404, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
VAR_HTTP_NODELAY = 405, /* VAR_HTTP_NODELAY */
VAR_HTTP_NOTLS_DOWNSTREAM = 406, /* VAR_HTTP_NOTLS_DOWNSTREAM */
VAR_STUB_FIRST = 407, /* VAR_STUB_FIRST */
VAR_MINIMAL_RESPONSES = 408, /* VAR_MINIMAL_RESPONSES */
VAR_RRSET_ROUNDROBIN = 409, /* VAR_RRSET_ROUNDROBIN */
VAR_MAX_UDP_SIZE = 410, /* VAR_MAX_UDP_SIZE */
VAR_DELAY_CLOSE = 411, /* VAR_DELAY_CLOSE */
VAR_UDP_CONNECT = 412, /* VAR_UDP_CONNECT */
VAR_UNBLOCK_LAN_ZONES = 413, /* VAR_UNBLOCK_LAN_ZONES */
VAR_INSECURE_LAN_ZONES = 414, /* VAR_INSECURE_LAN_ZONES */
VAR_INFRA_CACHE_MIN_RTT = 415, /* VAR_INFRA_CACHE_MIN_RTT */
VAR_INFRA_KEEP_PROBING = 416, /* VAR_INFRA_KEEP_PROBING */
VAR_DNS64_PREFIX = 417, /* VAR_DNS64_PREFIX */
VAR_DNS64_SYNTHALL = 418, /* VAR_DNS64_SYNTHALL */
VAR_DNS64_IGNORE_AAAA = 419, /* VAR_DNS64_IGNORE_AAAA */
VAR_DNSTAP = 420, /* VAR_DNSTAP */
VAR_DNSTAP_ENABLE = 421, /* VAR_DNSTAP_ENABLE */
VAR_DNSTAP_SOCKET_PATH = 422, /* VAR_DNSTAP_SOCKET_PATH */
VAR_DNSTAP_IP = 423, /* VAR_DNSTAP_IP */
VAR_DNSTAP_TLS = 424, /* VAR_DNSTAP_TLS */
VAR_DNSTAP_TLS_SERVER_NAME = 425, /* VAR_DNSTAP_TLS_SERVER_NAME */
VAR_DNSTAP_TLS_CERT_BUNDLE = 426, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 427, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 428, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
VAR_DNSTAP_SEND_IDENTITY = 429, /* VAR_DNSTAP_SEND_IDENTITY */
VAR_DNSTAP_SEND_VERSION = 430, /* VAR_DNSTAP_SEND_VERSION */
VAR_DNSTAP_BIDIRECTIONAL = 431, /* VAR_DNSTAP_BIDIRECTIONAL */
VAR_DNSTAP_IDENTITY = 432, /* VAR_DNSTAP_IDENTITY */
VAR_DNSTAP_VERSION = 433, /* VAR_DNSTAP_VERSION */
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 434, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 435, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 436, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 437, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 438, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 439, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
VAR_RESPONSE_IP_TAG = 440, /* VAR_RESPONSE_IP_TAG */
VAR_RESPONSE_IP = 441, /* VAR_RESPONSE_IP */
VAR_RESPONSE_IP_DATA = 442, /* VAR_RESPONSE_IP_DATA */
VAR_HARDEN_ALGO_DOWNGRADE = 443, /* VAR_HARDEN_ALGO_DOWNGRADE */
VAR_IP_TRANSPARENT = 444, /* VAR_IP_TRANSPARENT */
VAR_IP_DSCP = 445, /* VAR_IP_DSCP */
VAR_DISABLE_DNSSEC_LAME_CHECK = 446, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
VAR_IP_RATELIMIT = 447, /* VAR_IP_RATELIMIT */
VAR_IP_RATELIMIT_SLABS = 448, /* VAR_IP_RATELIMIT_SLABS */
VAR_IP_RATELIMIT_SIZE = 449, /* VAR_IP_RATELIMIT_SIZE */
VAR_RATELIMIT = 450, /* VAR_RATELIMIT */
VAR_RATELIMIT_SLABS = 451, /* VAR_RATELIMIT_SLABS */
VAR_RATELIMIT_SIZE = 452, /* VAR_RATELIMIT_SIZE */
VAR_RATELIMIT_FOR_DOMAIN = 453, /* VAR_RATELIMIT_FOR_DOMAIN */
VAR_RATELIMIT_BELOW_DOMAIN = 454, /* VAR_RATELIMIT_BELOW_DOMAIN */
VAR_IP_RATELIMIT_FACTOR = 455, /* VAR_IP_RATELIMIT_FACTOR */
VAR_RATELIMIT_FACTOR = 456, /* VAR_RATELIMIT_FACTOR */
VAR_SEND_CLIENT_SUBNET = 457, /* VAR_SEND_CLIENT_SUBNET */
VAR_CLIENT_SUBNET_ZONE = 458, /* VAR_CLIENT_SUBNET_ZONE */
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 459, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
VAR_CLIENT_SUBNET_OPCODE = 460, /* VAR_CLIENT_SUBNET_OPCODE */
VAR_MAX_CLIENT_SUBNET_IPV4 = 461, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
VAR_MAX_CLIENT_SUBNET_IPV6 = 462, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
VAR_MIN_CLIENT_SUBNET_IPV4 = 463, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
VAR_MIN_CLIENT_SUBNET_IPV6 = 464, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
VAR_MAX_ECS_TREE_SIZE_IPV4 = 465, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
VAR_MAX_ECS_TREE_SIZE_IPV6 = 466, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
VAR_CAPS_WHITELIST = 467, /* VAR_CAPS_WHITELIST */
VAR_CACHE_MAX_NEGATIVE_TTL = 468, /* VAR_CACHE_MAX_NEGATIVE_TTL */
VAR_PERMIT_SMALL_HOLDDOWN = 469, /* VAR_PERMIT_SMALL_HOLDDOWN */
VAR_QNAME_MINIMISATION = 470, /* VAR_QNAME_MINIMISATION */
VAR_QNAME_MINIMISATION_STRICT = 471, /* VAR_QNAME_MINIMISATION_STRICT */
VAR_IP_FREEBIND = 472, /* VAR_IP_FREEBIND */
VAR_DEFINE_TAG = 473, /* VAR_DEFINE_TAG */
VAR_LOCAL_ZONE_TAG = 474, /* VAR_LOCAL_ZONE_TAG */
VAR_ACCESS_CONTROL_TAG = 475, /* VAR_ACCESS_CONTROL_TAG */
VAR_LOCAL_ZONE_OVERRIDE = 476, /* VAR_LOCAL_ZONE_OVERRIDE */
VAR_ACCESS_CONTROL_TAG_ACTION = 477, /* VAR_ACCESS_CONTROL_TAG_ACTION */
VAR_ACCESS_CONTROL_TAG_DATA = 478, /* VAR_ACCESS_CONTROL_TAG_DATA */
VAR_VIEW = 479, /* VAR_VIEW */
VAR_ACCESS_CONTROL_VIEW = 480, /* VAR_ACCESS_CONTROL_VIEW */
VAR_VIEW_FIRST = 481, /* VAR_VIEW_FIRST */
VAR_SERVE_EXPIRED = 482, /* VAR_SERVE_EXPIRED */
VAR_SERVE_EXPIRED_TTL = 483, /* VAR_SERVE_EXPIRED_TTL */
VAR_SERVE_EXPIRED_TTL_RESET = 484, /* VAR_SERVE_EXPIRED_TTL_RESET */
VAR_SERVE_EXPIRED_REPLY_TTL = 485, /* VAR_SERVE_EXPIRED_REPLY_TTL */
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 486, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
VAR_SERVE_ORIGINAL_TTL = 487, /* VAR_SERVE_ORIGINAL_TTL */
VAR_FAKE_DSA = 488, /* VAR_FAKE_DSA */
VAR_FAKE_SHA1 = 489, /* VAR_FAKE_SHA1 */
VAR_LOG_IDENTITY = 490, /* VAR_LOG_IDENTITY */
VAR_HIDE_TRUSTANCHOR = 491, /* VAR_HIDE_TRUSTANCHOR */
VAR_TRUST_ANCHOR_SIGNALING = 492, /* VAR_TRUST_ANCHOR_SIGNALING */
VAR_AGGRESSIVE_NSEC = 493, /* VAR_AGGRESSIVE_NSEC */
VAR_USE_SYSTEMD = 494, /* VAR_USE_SYSTEMD */
VAR_SHM_ENABLE = 495, /* VAR_SHM_ENABLE */
VAR_SHM_KEY = 496, /* VAR_SHM_KEY */
VAR_ROOT_KEY_SENTINEL = 497, /* VAR_ROOT_KEY_SENTINEL */
VAR_DNSCRYPT = 498, /* VAR_DNSCRYPT */
VAR_DNSCRYPT_ENABLE = 499, /* VAR_DNSCRYPT_ENABLE */
VAR_DNSCRYPT_PORT = 500, /* VAR_DNSCRYPT_PORT */
VAR_DNSCRYPT_PROVIDER = 501, /* VAR_DNSCRYPT_PROVIDER */
VAR_DNSCRYPT_SECRET_KEY = 502, /* VAR_DNSCRYPT_SECRET_KEY */
VAR_DNSCRYPT_PROVIDER_CERT = 503, /* VAR_DNSCRYPT_PROVIDER_CERT */
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 504, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 505, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 506, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 507, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 508, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
VAR_PAD_RESPONSES = 509, /* VAR_PAD_RESPONSES */
VAR_PAD_RESPONSES_BLOCK_SIZE = 510, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
VAR_PAD_QUERIES = 511, /* VAR_PAD_QUERIES */
VAR_PAD_QUERIES_BLOCK_SIZE = 512, /* VAR_PAD_QUERIES_BLOCK_SIZE */
VAR_IPSECMOD_ENABLED = 513, /* VAR_IPSECMOD_ENABLED */
VAR_IPSECMOD_HOOK = 514, /* VAR_IPSECMOD_HOOK */
VAR_IPSECMOD_IGNORE_BOGUS = 515, /* VAR_IPSECMOD_IGNORE_BOGUS */
VAR_IPSECMOD_MAX_TTL = 516, /* VAR_IPSECMOD_MAX_TTL */
VAR_IPSECMOD_WHITELIST = 517, /* VAR_IPSECMOD_WHITELIST */
VAR_IPSECMOD_STRICT = 518, /* VAR_IPSECMOD_STRICT */
VAR_CACHEDB = 519, /* VAR_CACHEDB */
VAR_CACHEDB_BACKEND = 520, /* VAR_CACHEDB_BACKEND */
VAR_CACHEDB_SECRETSEED = 521, /* VAR_CACHEDB_SECRETSEED */
VAR_CACHEDB_REDISHOST = 522, /* VAR_CACHEDB_REDISHOST */
VAR_CACHEDB_REDISPORT = 523, /* VAR_CACHEDB_REDISPORT */
VAR_CACHEDB_REDISTIMEOUT = 524, /* VAR_CACHEDB_REDISTIMEOUT */
VAR_CACHEDB_REDISEXPIRERECORDS = 525, /* VAR_CACHEDB_REDISEXPIRERECORDS */
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 526, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
VAR_FOR_UPSTREAM = 527, /* VAR_FOR_UPSTREAM */
VAR_AUTH_ZONE = 528, /* VAR_AUTH_ZONE */
VAR_ZONEFILE = 529, /* VAR_ZONEFILE */
VAR_MASTER = 530, /* VAR_MASTER */
VAR_URL = 531, /* VAR_URL */
VAR_FOR_DOWNSTREAM = 532, /* VAR_FOR_DOWNSTREAM */
VAR_FALLBACK_ENABLED = 533, /* VAR_FALLBACK_ENABLED */
VAR_TLS_ADDITIONAL_PORT = 534, /* VAR_TLS_ADDITIONAL_PORT */
VAR_LOW_RTT = 535, /* VAR_LOW_RTT */
VAR_LOW_RTT_PERMIL = 536, /* VAR_LOW_RTT_PERMIL */
VAR_FAST_SERVER_PERMIL = 537, /* VAR_FAST_SERVER_PERMIL */
VAR_FAST_SERVER_NUM = 538, /* VAR_FAST_SERVER_NUM */
VAR_ALLOW_NOTIFY = 539, /* VAR_ALLOW_NOTIFY */
VAR_TLS_WIN_CERT = 540, /* VAR_TLS_WIN_CERT */
VAR_TCP_CONNECTION_LIMIT = 541, /* VAR_TCP_CONNECTION_LIMIT */
VAR_FORWARD_NO_CACHE = 542, /* VAR_FORWARD_NO_CACHE */
VAR_STUB_NO_CACHE = 543, /* VAR_STUB_NO_CACHE */
VAR_LOG_SERVFAIL = 544, /* VAR_LOG_SERVFAIL */
VAR_DENY_ANY = 545, /* VAR_DENY_ANY */
VAR_UNKNOWN_SERVER_TIME_LIMIT = 546, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
VAR_LOG_TAG_QUERYREPLY = 547, /* VAR_LOG_TAG_QUERYREPLY */
VAR_STREAM_WAIT_SIZE = 548, /* VAR_STREAM_WAIT_SIZE */
VAR_TLS_CIPHERS = 549, /* VAR_TLS_CIPHERS */
VAR_TLS_CIPHERSUITES = 550, /* VAR_TLS_CIPHERSUITES */
VAR_TLS_USE_SNI = 551, /* VAR_TLS_USE_SNI */
VAR_IPSET = 552, /* VAR_IPSET */
VAR_IPSET_NAME_V4 = 553, /* VAR_IPSET_NAME_V4 */
VAR_IPSET_NAME_V6 = 554, /* VAR_IPSET_NAME_V6 */
VAR_TLS_SESSION_TICKET_KEYS = 555, /* VAR_TLS_SESSION_TICKET_KEYS */
VAR_RPZ = 556, /* VAR_RPZ */
VAR_TAGS = 557, /* VAR_TAGS */
VAR_RPZ_ACTION_OVERRIDE = 558, /* VAR_RPZ_ACTION_OVERRIDE */
VAR_RPZ_CNAME_OVERRIDE = 559, /* VAR_RPZ_CNAME_OVERRIDE */
VAR_RPZ_LOG = 560, /* VAR_RPZ_LOG */
VAR_RPZ_LOG_NAME = 561, /* VAR_RPZ_LOG_NAME */
VAR_DYNLIB = 562, /* VAR_DYNLIB */
VAR_DYNLIB_FILE = 563, /* VAR_DYNLIB_FILE */
VAR_EDNS_CLIENT_STRING = 564, /* VAR_EDNS_CLIENT_STRING */
VAR_EDNS_CLIENT_STRING_OPCODE = 565, /* VAR_EDNS_CLIENT_STRING_OPCODE */
VAR_NSID = 566, /* VAR_NSID */
VAR_ZONEMD_PERMISSIVE_MODE = 567, /* VAR_ZONEMD_PERMISSIVE_MODE */
VAR_ZONEMD_CHECK = 568, /* VAR_ZONEMD_CHECK */
VAR_ZONEMD_REJECT_ABSENCE = 569 /* VAR_ZONEMD_REJECT_ABSENCE */
VAR_VAL_MAX_RESTART = 373, /* VAR_VAL_MAX_RESTART */
VAR_CACHE_MIN_TTL = 374, /* VAR_CACHE_MIN_TTL */
VAR_VAL_LOG_LEVEL = 375, /* VAR_VAL_LOG_LEVEL */
VAR_AUTO_TRUST_ANCHOR_FILE = 376, /* VAR_AUTO_TRUST_ANCHOR_FILE */
VAR_KEEP_MISSING = 377, /* VAR_KEEP_MISSING */
VAR_ADD_HOLDDOWN = 378, /* VAR_ADD_HOLDDOWN */
VAR_DEL_HOLDDOWN = 379, /* VAR_DEL_HOLDDOWN */
VAR_SO_RCVBUF = 380, /* VAR_SO_RCVBUF */
VAR_EDNS_BUFFER_SIZE = 381, /* VAR_EDNS_BUFFER_SIZE */
VAR_PREFETCH = 382, /* VAR_PREFETCH */
VAR_PREFETCH_KEY = 383, /* VAR_PREFETCH_KEY */
VAR_SO_SNDBUF = 384, /* VAR_SO_SNDBUF */
VAR_SO_REUSEPORT = 385, /* VAR_SO_REUSEPORT */
VAR_HARDEN_BELOW_NXDOMAIN = 386, /* VAR_HARDEN_BELOW_NXDOMAIN */
VAR_IGNORE_CD_FLAG = 387, /* VAR_IGNORE_CD_FLAG */
VAR_LOG_QUERIES = 388, /* VAR_LOG_QUERIES */
VAR_LOG_REPLIES = 389, /* VAR_LOG_REPLIES */
VAR_LOG_LOCAL_ACTIONS = 390, /* VAR_LOG_LOCAL_ACTIONS */
VAR_TCP_UPSTREAM = 391, /* VAR_TCP_UPSTREAM */
VAR_SSL_UPSTREAM = 392, /* VAR_SSL_UPSTREAM */
VAR_TCP_AUTH_QUERY_TIMEOUT = 393, /* VAR_TCP_AUTH_QUERY_TIMEOUT */
VAR_SSL_SERVICE_KEY = 394, /* VAR_SSL_SERVICE_KEY */
VAR_SSL_SERVICE_PEM = 395, /* VAR_SSL_SERVICE_PEM */
VAR_SSL_PORT = 396, /* VAR_SSL_PORT */
VAR_FORWARD_FIRST = 397, /* VAR_FORWARD_FIRST */
VAR_STUB_SSL_UPSTREAM = 398, /* VAR_STUB_SSL_UPSTREAM */
VAR_FORWARD_SSL_UPSTREAM = 399, /* VAR_FORWARD_SSL_UPSTREAM */
VAR_TLS_CERT_BUNDLE = 400, /* VAR_TLS_CERT_BUNDLE */
VAR_HTTPS_PORT = 401, /* VAR_HTTPS_PORT */
VAR_HTTP_ENDPOINT = 402, /* VAR_HTTP_ENDPOINT */
VAR_HTTP_MAX_STREAMS = 403, /* VAR_HTTP_MAX_STREAMS */
VAR_HTTP_QUERY_BUFFER_SIZE = 404, /* VAR_HTTP_QUERY_BUFFER_SIZE */
VAR_HTTP_RESPONSE_BUFFER_SIZE = 405, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */
VAR_HTTP_NODELAY = 406, /* VAR_HTTP_NODELAY */
VAR_HTTP_NOTLS_DOWNSTREAM = 407, /* VAR_HTTP_NOTLS_DOWNSTREAM */
VAR_STUB_FIRST = 408, /* VAR_STUB_FIRST */
VAR_MINIMAL_RESPONSES = 409, /* VAR_MINIMAL_RESPONSES */
VAR_RRSET_ROUNDROBIN = 410, /* VAR_RRSET_ROUNDROBIN */
VAR_MAX_UDP_SIZE = 411, /* VAR_MAX_UDP_SIZE */
VAR_DELAY_CLOSE = 412, /* VAR_DELAY_CLOSE */
VAR_UDP_CONNECT = 413, /* VAR_UDP_CONNECT */
VAR_UNBLOCK_LAN_ZONES = 414, /* VAR_UNBLOCK_LAN_ZONES */
VAR_INSECURE_LAN_ZONES = 415, /* VAR_INSECURE_LAN_ZONES */
VAR_INFRA_CACHE_MIN_RTT = 416, /* VAR_INFRA_CACHE_MIN_RTT */
VAR_INFRA_KEEP_PROBING = 417, /* VAR_INFRA_KEEP_PROBING */
VAR_DNS64_PREFIX = 418, /* VAR_DNS64_PREFIX */
VAR_DNS64_SYNTHALL = 419, /* VAR_DNS64_SYNTHALL */
VAR_DNS64_IGNORE_AAAA = 420, /* VAR_DNS64_IGNORE_AAAA */
VAR_DNSTAP = 421, /* VAR_DNSTAP */
VAR_DNSTAP_ENABLE = 422, /* VAR_DNSTAP_ENABLE */
VAR_DNSTAP_SOCKET_PATH = 423, /* VAR_DNSTAP_SOCKET_PATH */
VAR_DNSTAP_IP = 424, /* VAR_DNSTAP_IP */
VAR_DNSTAP_TLS = 425, /* VAR_DNSTAP_TLS */
VAR_DNSTAP_TLS_SERVER_NAME = 426, /* VAR_DNSTAP_TLS_SERVER_NAME */
VAR_DNSTAP_TLS_CERT_BUNDLE = 427, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 428, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 429, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
VAR_DNSTAP_SEND_IDENTITY = 430, /* VAR_DNSTAP_SEND_IDENTITY */
VAR_DNSTAP_SEND_VERSION = 431, /* VAR_DNSTAP_SEND_VERSION */
VAR_DNSTAP_BIDIRECTIONAL = 432, /* VAR_DNSTAP_BIDIRECTIONAL */
VAR_DNSTAP_IDENTITY = 433, /* VAR_DNSTAP_IDENTITY */
VAR_DNSTAP_VERSION = 434, /* VAR_DNSTAP_VERSION */
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 437, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 438, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 439, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 440, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
VAR_RESPONSE_IP_TAG = 441, /* VAR_RESPONSE_IP_TAG */
VAR_RESPONSE_IP = 442, /* VAR_RESPONSE_IP */
VAR_RESPONSE_IP_DATA = 443, /* VAR_RESPONSE_IP_DATA */
VAR_HARDEN_ALGO_DOWNGRADE = 444, /* VAR_HARDEN_ALGO_DOWNGRADE */
VAR_IP_TRANSPARENT = 445, /* VAR_IP_TRANSPARENT */
VAR_IP_DSCP = 446, /* VAR_IP_DSCP */
VAR_DISABLE_DNSSEC_LAME_CHECK = 447, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
VAR_IP_RATELIMIT = 448, /* VAR_IP_RATELIMIT */
VAR_IP_RATELIMIT_SLABS = 449, /* VAR_IP_RATELIMIT_SLABS */
VAR_IP_RATELIMIT_SIZE = 450, /* VAR_IP_RATELIMIT_SIZE */
VAR_RATELIMIT = 451, /* VAR_RATELIMIT */
VAR_RATELIMIT_SLABS = 452, /* VAR_RATELIMIT_SLABS */
VAR_RATELIMIT_SIZE = 453, /* VAR_RATELIMIT_SIZE */
VAR_RATELIMIT_FOR_DOMAIN = 454, /* VAR_RATELIMIT_FOR_DOMAIN */
VAR_RATELIMIT_BELOW_DOMAIN = 455, /* VAR_RATELIMIT_BELOW_DOMAIN */
VAR_IP_RATELIMIT_FACTOR = 456, /* VAR_IP_RATELIMIT_FACTOR */
VAR_RATELIMIT_FACTOR = 457, /* VAR_RATELIMIT_FACTOR */
VAR_SEND_CLIENT_SUBNET = 458, /* VAR_SEND_CLIENT_SUBNET */
VAR_CLIENT_SUBNET_ZONE = 459, /* VAR_CLIENT_SUBNET_ZONE */
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 460, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
VAR_CLIENT_SUBNET_OPCODE = 461, /* VAR_CLIENT_SUBNET_OPCODE */
VAR_MAX_CLIENT_SUBNET_IPV4 = 462, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
VAR_MAX_CLIENT_SUBNET_IPV6 = 463, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
VAR_MIN_CLIENT_SUBNET_IPV4 = 464, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
VAR_MIN_CLIENT_SUBNET_IPV6 = 465, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
VAR_MAX_ECS_TREE_SIZE_IPV4 = 466, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
VAR_MAX_ECS_TREE_SIZE_IPV6 = 467, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
VAR_CAPS_WHITELIST = 468, /* VAR_CAPS_WHITELIST */
VAR_CACHE_MAX_NEGATIVE_TTL = 469, /* VAR_CACHE_MAX_NEGATIVE_TTL */
VAR_PERMIT_SMALL_HOLDDOWN = 470, /* VAR_PERMIT_SMALL_HOLDDOWN */
VAR_QNAME_MINIMISATION = 471, /* VAR_QNAME_MINIMISATION */
VAR_QNAME_MINIMISATION_STRICT = 472, /* VAR_QNAME_MINIMISATION_STRICT */
VAR_IP_FREEBIND = 473, /* VAR_IP_FREEBIND */
VAR_DEFINE_TAG = 474, /* VAR_DEFINE_TAG */
VAR_LOCAL_ZONE_TAG = 475, /* VAR_LOCAL_ZONE_TAG */
VAR_ACCESS_CONTROL_TAG = 476, /* VAR_ACCESS_CONTROL_TAG */
VAR_LOCAL_ZONE_OVERRIDE = 477, /* VAR_LOCAL_ZONE_OVERRIDE */
VAR_ACCESS_CONTROL_TAG_ACTION = 478, /* VAR_ACCESS_CONTROL_TAG_ACTION */
VAR_ACCESS_CONTROL_TAG_DATA = 479, /* VAR_ACCESS_CONTROL_TAG_DATA */
VAR_VIEW = 480, /* VAR_VIEW */
VAR_ACCESS_CONTROL_VIEW = 481, /* VAR_ACCESS_CONTROL_VIEW */
VAR_VIEW_FIRST = 482, /* VAR_VIEW_FIRST */
VAR_SERVE_EXPIRED = 483, /* VAR_SERVE_EXPIRED */
VAR_SERVE_EXPIRED_TTL = 484, /* VAR_SERVE_EXPIRED_TTL */
VAR_SERVE_EXPIRED_TTL_RESET = 485, /* VAR_SERVE_EXPIRED_TTL_RESET */
VAR_SERVE_EXPIRED_REPLY_TTL = 486, /* VAR_SERVE_EXPIRED_REPLY_TTL */
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 487, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
VAR_SERVE_ORIGINAL_TTL = 488, /* VAR_SERVE_ORIGINAL_TTL */
VAR_FAKE_DSA = 489, /* VAR_FAKE_DSA */
VAR_FAKE_SHA1 = 490, /* VAR_FAKE_SHA1 */
VAR_LOG_IDENTITY = 491, /* VAR_LOG_IDENTITY */
VAR_HIDE_TRUSTANCHOR = 492, /* VAR_HIDE_TRUSTANCHOR */
VAR_HIDE_HTTP_USER_AGENT = 493, /* VAR_HIDE_HTTP_USER_AGENT */
VAR_HTTP_USER_AGENT = 494, /* VAR_HTTP_USER_AGENT */
VAR_TRUST_ANCHOR_SIGNALING = 495, /* VAR_TRUST_ANCHOR_SIGNALING */
VAR_AGGRESSIVE_NSEC = 496, /* VAR_AGGRESSIVE_NSEC */
VAR_USE_SYSTEMD = 497, /* VAR_USE_SYSTEMD */
VAR_SHM_ENABLE = 498, /* VAR_SHM_ENABLE */
VAR_SHM_KEY = 499, /* VAR_SHM_KEY */
VAR_ROOT_KEY_SENTINEL = 500, /* VAR_ROOT_KEY_SENTINEL */
VAR_DNSCRYPT = 501, /* VAR_DNSCRYPT */
VAR_DNSCRYPT_ENABLE = 502, /* VAR_DNSCRYPT_ENABLE */
VAR_DNSCRYPT_PORT = 503, /* VAR_DNSCRYPT_PORT */
VAR_DNSCRYPT_PROVIDER = 504, /* VAR_DNSCRYPT_PROVIDER */
VAR_DNSCRYPT_SECRET_KEY = 505, /* VAR_DNSCRYPT_SECRET_KEY */
VAR_DNSCRYPT_PROVIDER_CERT = 506, /* VAR_DNSCRYPT_PROVIDER_CERT */
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 507, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 508, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 509, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 510, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 511, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
VAR_PAD_RESPONSES = 512, /* VAR_PAD_RESPONSES */
VAR_PAD_RESPONSES_BLOCK_SIZE = 513, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
VAR_PAD_QUERIES = 514, /* VAR_PAD_QUERIES */
VAR_PAD_QUERIES_BLOCK_SIZE = 515, /* VAR_PAD_QUERIES_BLOCK_SIZE */
VAR_IPSECMOD_ENABLED = 516, /* VAR_IPSECMOD_ENABLED */
VAR_IPSECMOD_HOOK = 517, /* VAR_IPSECMOD_HOOK */
VAR_IPSECMOD_IGNORE_BOGUS = 518, /* VAR_IPSECMOD_IGNORE_BOGUS */
VAR_IPSECMOD_MAX_TTL = 519, /* VAR_IPSECMOD_MAX_TTL */
VAR_IPSECMOD_WHITELIST = 520, /* VAR_IPSECMOD_WHITELIST */
VAR_IPSECMOD_STRICT = 521, /* VAR_IPSECMOD_STRICT */
VAR_CACHEDB = 522, /* VAR_CACHEDB */
VAR_CACHEDB_BACKEND = 523, /* VAR_CACHEDB_BACKEND */
VAR_CACHEDB_SECRETSEED = 524, /* VAR_CACHEDB_SECRETSEED */
VAR_CACHEDB_REDISHOST = 525, /* VAR_CACHEDB_REDISHOST */
VAR_CACHEDB_REDISPORT = 526, /* VAR_CACHEDB_REDISPORT */
VAR_CACHEDB_REDISTIMEOUT = 527, /* VAR_CACHEDB_REDISTIMEOUT */
VAR_CACHEDB_REDISEXPIRERECORDS = 528, /* VAR_CACHEDB_REDISEXPIRERECORDS */
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 529, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
VAR_FOR_UPSTREAM = 530, /* VAR_FOR_UPSTREAM */
VAR_AUTH_ZONE = 531, /* VAR_AUTH_ZONE */
VAR_ZONEFILE = 532, /* VAR_ZONEFILE */
VAR_MASTER = 533, /* VAR_MASTER */
VAR_URL = 534, /* VAR_URL */
VAR_FOR_DOWNSTREAM = 535, /* VAR_FOR_DOWNSTREAM */
VAR_FALLBACK_ENABLED = 536, /* VAR_FALLBACK_ENABLED */
VAR_TLS_ADDITIONAL_PORT = 537, /* VAR_TLS_ADDITIONAL_PORT */
VAR_LOW_RTT = 538, /* VAR_LOW_RTT */
VAR_LOW_RTT_PERMIL = 539, /* VAR_LOW_RTT_PERMIL */
VAR_FAST_SERVER_PERMIL = 540, /* VAR_FAST_SERVER_PERMIL */
VAR_FAST_SERVER_NUM = 541, /* VAR_FAST_SERVER_NUM */
VAR_ALLOW_NOTIFY = 542, /* VAR_ALLOW_NOTIFY */
VAR_TLS_WIN_CERT = 543, /* VAR_TLS_WIN_CERT */
VAR_TCP_CONNECTION_LIMIT = 544, /* VAR_TCP_CONNECTION_LIMIT */
VAR_FORWARD_NO_CACHE = 545, /* VAR_FORWARD_NO_CACHE */
VAR_STUB_NO_CACHE = 546, /* VAR_STUB_NO_CACHE */
VAR_LOG_SERVFAIL = 547, /* VAR_LOG_SERVFAIL */
VAR_DENY_ANY = 548, /* VAR_DENY_ANY */
VAR_UNKNOWN_SERVER_TIME_LIMIT = 549, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
VAR_LOG_TAG_QUERYREPLY = 550, /* VAR_LOG_TAG_QUERYREPLY */
VAR_STREAM_WAIT_SIZE = 551, /* VAR_STREAM_WAIT_SIZE */
VAR_TLS_CIPHERS = 552, /* VAR_TLS_CIPHERS */
VAR_TLS_CIPHERSUITES = 553, /* VAR_TLS_CIPHERSUITES */
VAR_TLS_USE_SNI = 554, /* VAR_TLS_USE_SNI */
VAR_IPSET = 555, /* VAR_IPSET */
VAR_IPSET_NAME_V4 = 556, /* VAR_IPSET_NAME_V4 */
VAR_IPSET_NAME_V6 = 557, /* VAR_IPSET_NAME_V6 */
VAR_TLS_SESSION_TICKET_KEYS = 558, /* VAR_TLS_SESSION_TICKET_KEYS */
VAR_RPZ = 559, /* VAR_RPZ */
VAR_TAGS = 560, /* VAR_TAGS */
VAR_RPZ_ACTION_OVERRIDE = 561, /* VAR_RPZ_ACTION_OVERRIDE */
VAR_RPZ_CNAME_OVERRIDE = 562, /* VAR_RPZ_CNAME_OVERRIDE */
VAR_RPZ_LOG = 563, /* VAR_RPZ_LOG */
VAR_RPZ_LOG_NAME = 564, /* VAR_RPZ_LOG_NAME */
VAR_DYNLIB = 565, /* VAR_DYNLIB */
VAR_DYNLIB_FILE = 566, /* VAR_DYNLIB_FILE */
VAR_EDNS_CLIENT_STRING = 567, /* VAR_EDNS_CLIENT_STRING */
VAR_EDNS_CLIENT_STRING_OPCODE = 568, /* VAR_EDNS_CLIENT_STRING_OPCODE */
VAR_NSID = 569, /* VAR_NSID */
VAR_ZONEMD_PERMISSIVE_MODE = 570, /* VAR_ZONEMD_PERMISSIVE_MODE */
VAR_ZONEMD_CHECK = 571, /* VAR_ZONEMD_CHECK */
VAR_ZONEMD_REJECT_ABSENCE = 572 /* VAR_ZONEMD_REJECT_ABSENCE */
};
typedef enum yytokentype yytoken_kind_t;
#endif
/* Token kinds. */
#define YYEMPTY -2
#define YYEOF 0
#define YYerror 256
#define YYUNDEF 257
@ -488,203 +492,206 @@ extern int yydebug;
#define VAR_PYTHON_SCRIPT 370
#define VAR_VAL_SIG_SKEW_MIN 371
#define VAR_VAL_SIG_SKEW_MAX 372
#define VAR_CACHE_MIN_TTL 373
#define VAR_VAL_LOG_LEVEL 374
#define VAR_AUTO_TRUST_ANCHOR_FILE 375
#define VAR_KEEP_MISSING 376
#define VAR_ADD_HOLDDOWN 377
#define VAR_DEL_HOLDDOWN 378
#define VAR_SO_RCVBUF 379
#define VAR_EDNS_BUFFER_SIZE 380
#define VAR_PREFETCH 381
#define VAR_PREFETCH_KEY 382
#define VAR_SO_SNDBUF 383
#define VAR_SO_REUSEPORT 384
#define VAR_HARDEN_BELOW_NXDOMAIN 385
#define VAR_IGNORE_CD_FLAG 386
#define VAR_LOG_QUERIES 387
#define VAR_LOG_REPLIES 388
#define VAR_LOG_LOCAL_ACTIONS 389
#define VAR_TCP_UPSTREAM 390
#define VAR_SSL_UPSTREAM 391
#define VAR_TCP_AUTH_QUERY_TIMEOUT 392
#define VAR_SSL_SERVICE_KEY 393
#define VAR_SSL_SERVICE_PEM 394
#define VAR_SSL_PORT 395
#define VAR_FORWARD_FIRST 396
#define VAR_STUB_SSL_UPSTREAM 397
#define VAR_FORWARD_SSL_UPSTREAM 398
#define VAR_TLS_CERT_BUNDLE 399
#define VAR_HTTPS_PORT 400
#define VAR_HTTP_ENDPOINT 401
#define VAR_HTTP_MAX_STREAMS 402
#define VAR_HTTP_QUERY_BUFFER_SIZE 403
#define VAR_HTTP_RESPONSE_BUFFER_SIZE 404
#define VAR_HTTP_NODELAY 405
#define VAR_HTTP_NOTLS_DOWNSTREAM 406
#define VAR_STUB_FIRST 407
#define VAR_MINIMAL_RESPONSES 408
#define VAR_RRSET_ROUNDROBIN 409
#define VAR_MAX_UDP_SIZE 410
#define VAR_DELAY_CLOSE 411
#define VAR_UDP_CONNECT 412
#define VAR_UNBLOCK_LAN_ZONES 413
#define VAR_INSECURE_LAN_ZONES 414
#define VAR_INFRA_CACHE_MIN_RTT 415
#define VAR_INFRA_KEEP_PROBING 416
#define VAR_DNS64_PREFIX 417
#define VAR_DNS64_SYNTHALL 418
#define VAR_DNS64_IGNORE_AAAA 419
#define VAR_DNSTAP 420
#define VAR_DNSTAP_ENABLE 421
#define VAR_DNSTAP_SOCKET_PATH 422
#define VAR_DNSTAP_IP 423
#define VAR_DNSTAP_TLS 424
#define VAR_DNSTAP_TLS_SERVER_NAME 425
#define VAR_DNSTAP_TLS_CERT_BUNDLE 426
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 427
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 428
#define VAR_DNSTAP_SEND_IDENTITY 429
#define VAR_DNSTAP_SEND_VERSION 430
#define VAR_DNSTAP_BIDIRECTIONAL 431
#define VAR_DNSTAP_IDENTITY 432
#define VAR_DNSTAP_VERSION 433
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 434
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 435
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 436
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 437
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 438
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 439
#define VAR_RESPONSE_IP_TAG 440
#define VAR_RESPONSE_IP 441
#define VAR_RESPONSE_IP_DATA 442
#define VAR_HARDEN_ALGO_DOWNGRADE 443
#define VAR_IP_TRANSPARENT 444
#define VAR_IP_DSCP 445
#define VAR_DISABLE_DNSSEC_LAME_CHECK 446
#define VAR_IP_RATELIMIT 447
#define VAR_IP_RATELIMIT_SLABS 448
#define VAR_IP_RATELIMIT_SIZE 449
#define VAR_RATELIMIT 450
#define VAR_RATELIMIT_SLABS 451
#define VAR_RATELIMIT_SIZE 452
#define VAR_RATELIMIT_FOR_DOMAIN 453
#define VAR_RATELIMIT_BELOW_DOMAIN 454
#define VAR_IP_RATELIMIT_FACTOR 455
#define VAR_RATELIMIT_FACTOR 456
#define VAR_SEND_CLIENT_SUBNET 457
#define VAR_CLIENT_SUBNET_ZONE 458
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 459
#define VAR_CLIENT_SUBNET_OPCODE 460
#define VAR_MAX_CLIENT_SUBNET_IPV4 461
#define VAR_MAX_CLIENT_SUBNET_IPV6 462
#define VAR_MIN_CLIENT_SUBNET_IPV4 463
#define VAR_MIN_CLIENT_SUBNET_IPV6 464
#define VAR_MAX_ECS_TREE_SIZE_IPV4 465
#define VAR_MAX_ECS_TREE_SIZE_IPV6 466
#define VAR_CAPS_WHITELIST 467
#define VAR_CACHE_MAX_NEGATIVE_TTL 468
#define VAR_PERMIT_SMALL_HOLDDOWN 469
#define VAR_QNAME_MINIMISATION 470
#define VAR_QNAME_MINIMISATION_STRICT 471
#define VAR_IP_FREEBIND 472
#define VAR_DEFINE_TAG 473
#define VAR_LOCAL_ZONE_TAG 474
#define VAR_ACCESS_CONTROL_TAG 475
#define VAR_LOCAL_ZONE_OVERRIDE 476
#define VAR_ACCESS_CONTROL_TAG_ACTION 477
#define VAR_ACCESS_CONTROL_TAG_DATA 478
#define VAR_VIEW 479
#define VAR_ACCESS_CONTROL_VIEW 480
#define VAR_VIEW_FIRST 481
#define VAR_SERVE_EXPIRED 482
#define VAR_SERVE_EXPIRED_TTL 483
#define VAR_SERVE_EXPIRED_TTL_RESET 484
#define VAR_SERVE_EXPIRED_REPLY_TTL 485
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 486
#define VAR_SERVE_ORIGINAL_TTL 487
#define VAR_FAKE_DSA 488
#define VAR_FAKE_SHA1 489
#define VAR_LOG_IDENTITY 490
#define VAR_HIDE_TRUSTANCHOR 491
#define VAR_TRUST_ANCHOR_SIGNALING 492
#define VAR_AGGRESSIVE_NSEC 493
#define VAR_USE_SYSTEMD 494
#define VAR_SHM_ENABLE 495
#define VAR_SHM_KEY 496
#define VAR_ROOT_KEY_SENTINEL 497
#define VAR_DNSCRYPT 498
#define VAR_DNSCRYPT_ENABLE 499
#define VAR_DNSCRYPT_PORT 500
#define VAR_DNSCRYPT_PROVIDER 501
#define VAR_DNSCRYPT_SECRET_KEY 502
#define VAR_DNSCRYPT_PROVIDER_CERT 503
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 504
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 505
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 506
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 507
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 508
#define VAR_PAD_RESPONSES 509
#define VAR_PAD_RESPONSES_BLOCK_SIZE 510
#define VAR_PAD_QUERIES 511
#define VAR_PAD_QUERIES_BLOCK_SIZE 512
#define VAR_IPSECMOD_ENABLED 513
#define VAR_IPSECMOD_HOOK 514
#define VAR_IPSECMOD_IGNORE_BOGUS 515
#define VAR_IPSECMOD_MAX_TTL 516
#define VAR_IPSECMOD_WHITELIST 517
#define VAR_IPSECMOD_STRICT 518
#define VAR_CACHEDB 519
#define VAR_CACHEDB_BACKEND 520
#define VAR_CACHEDB_SECRETSEED 521
#define VAR_CACHEDB_REDISHOST 522
#define VAR_CACHEDB_REDISPORT 523
#define VAR_CACHEDB_REDISTIMEOUT 524
#define VAR_CACHEDB_REDISEXPIRERECORDS 525
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 526
#define VAR_FOR_UPSTREAM 527
#define VAR_AUTH_ZONE 528
#define VAR_ZONEFILE 529
#define VAR_MASTER 530
#define VAR_URL 531
#define VAR_FOR_DOWNSTREAM 532
#define VAR_FALLBACK_ENABLED 533
#define VAR_TLS_ADDITIONAL_PORT 534
#define VAR_LOW_RTT 535
#define VAR_LOW_RTT_PERMIL 536
#define VAR_FAST_SERVER_PERMIL 537
#define VAR_FAST_SERVER_NUM 538
#define VAR_ALLOW_NOTIFY 539
#define VAR_TLS_WIN_CERT 540
#define VAR_TCP_CONNECTION_LIMIT 541
#define VAR_FORWARD_NO_CACHE 542
#define VAR_STUB_NO_CACHE 543
#define VAR_LOG_SERVFAIL 544
#define VAR_DENY_ANY 545
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 546
#define VAR_LOG_TAG_QUERYREPLY 547
#define VAR_STREAM_WAIT_SIZE 548
#define VAR_TLS_CIPHERS 549
#define VAR_TLS_CIPHERSUITES 550
#define VAR_TLS_USE_SNI 551
#define VAR_IPSET 552
#define VAR_IPSET_NAME_V4 553
#define VAR_IPSET_NAME_V6 554
#define VAR_TLS_SESSION_TICKET_KEYS 555
#define VAR_RPZ 556
#define VAR_TAGS 557
#define VAR_RPZ_ACTION_OVERRIDE 558
#define VAR_RPZ_CNAME_OVERRIDE 559
#define VAR_RPZ_LOG 560
#define VAR_RPZ_LOG_NAME 561
#define VAR_DYNLIB 562
#define VAR_DYNLIB_FILE 563
#define VAR_EDNS_CLIENT_STRING 564
#define VAR_EDNS_CLIENT_STRING_OPCODE 565
#define VAR_NSID 566
#define VAR_ZONEMD_PERMISSIVE_MODE 567
#define VAR_ZONEMD_CHECK 568
#define VAR_ZONEMD_REJECT_ABSENCE 569
#define VAR_VAL_MAX_RESTART 373
#define VAR_CACHE_MIN_TTL 374
#define VAR_VAL_LOG_LEVEL 375
#define VAR_AUTO_TRUST_ANCHOR_FILE 376
#define VAR_KEEP_MISSING 377
#define VAR_ADD_HOLDDOWN 378
#define VAR_DEL_HOLDDOWN 379
#define VAR_SO_RCVBUF 380
#define VAR_EDNS_BUFFER_SIZE 381
#define VAR_PREFETCH 382
#define VAR_PREFETCH_KEY 383
#define VAR_SO_SNDBUF 384
#define VAR_SO_REUSEPORT 385
#define VAR_HARDEN_BELOW_NXDOMAIN 386
#define VAR_IGNORE_CD_FLAG 387
#define VAR_LOG_QUERIES 388
#define VAR_LOG_REPLIES 389
#define VAR_LOG_LOCAL_ACTIONS 390
#define VAR_TCP_UPSTREAM 391
#define VAR_SSL_UPSTREAM 392
#define VAR_TCP_AUTH_QUERY_TIMEOUT 393
#define VAR_SSL_SERVICE_KEY 394
#define VAR_SSL_SERVICE_PEM 395
#define VAR_SSL_PORT 396
#define VAR_FORWARD_FIRST 397
#define VAR_STUB_SSL_UPSTREAM 398
#define VAR_FORWARD_SSL_UPSTREAM 399
#define VAR_TLS_CERT_BUNDLE 400
#define VAR_HTTPS_PORT 401
#define VAR_HTTP_ENDPOINT 402
#define VAR_HTTP_MAX_STREAMS 403
#define VAR_HTTP_QUERY_BUFFER_SIZE 404
#define VAR_HTTP_RESPONSE_BUFFER_SIZE 405
#define VAR_HTTP_NODELAY 406
#define VAR_HTTP_NOTLS_DOWNSTREAM 407
#define VAR_STUB_FIRST 408
#define VAR_MINIMAL_RESPONSES 409
#define VAR_RRSET_ROUNDROBIN 410
#define VAR_MAX_UDP_SIZE 411
#define VAR_DELAY_CLOSE 412
#define VAR_UDP_CONNECT 413
#define VAR_UNBLOCK_LAN_ZONES 414
#define VAR_INSECURE_LAN_ZONES 415
#define VAR_INFRA_CACHE_MIN_RTT 416
#define VAR_INFRA_KEEP_PROBING 417
#define VAR_DNS64_PREFIX 418
#define VAR_DNS64_SYNTHALL 419
#define VAR_DNS64_IGNORE_AAAA 420
#define VAR_DNSTAP 421
#define VAR_DNSTAP_ENABLE 422
#define VAR_DNSTAP_SOCKET_PATH 423
#define VAR_DNSTAP_IP 424
#define VAR_DNSTAP_TLS 425
#define VAR_DNSTAP_TLS_SERVER_NAME 426
#define VAR_DNSTAP_TLS_CERT_BUNDLE 427
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 428
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 429
#define VAR_DNSTAP_SEND_IDENTITY 430
#define VAR_DNSTAP_SEND_VERSION 431
#define VAR_DNSTAP_BIDIRECTIONAL 432
#define VAR_DNSTAP_IDENTITY 433
#define VAR_DNSTAP_VERSION 434
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 435
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 436
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 437
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 438
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 439
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 440
#define VAR_RESPONSE_IP_TAG 441
#define VAR_RESPONSE_IP 442
#define VAR_RESPONSE_IP_DATA 443
#define VAR_HARDEN_ALGO_DOWNGRADE 444
#define VAR_IP_TRANSPARENT 445
#define VAR_IP_DSCP 446
#define VAR_DISABLE_DNSSEC_LAME_CHECK 447
#define VAR_IP_RATELIMIT 448
#define VAR_IP_RATELIMIT_SLABS 449
#define VAR_IP_RATELIMIT_SIZE 450
#define VAR_RATELIMIT 451
#define VAR_RATELIMIT_SLABS 452
#define VAR_RATELIMIT_SIZE 453
#define VAR_RATELIMIT_FOR_DOMAIN 454
#define VAR_RATELIMIT_BELOW_DOMAIN 455
#define VAR_IP_RATELIMIT_FACTOR 456
#define VAR_RATELIMIT_FACTOR 457
#define VAR_SEND_CLIENT_SUBNET 458
#define VAR_CLIENT_SUBNET_ZONE 459
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 460
#define VAR_CLIENT_SUBNET_OPCODE 461
#define VAR_MAX_CLIENT_SUBNET_IPV4 462
#define VAR_MAX_CLIENT_SUBNET_IPV6 463
#define VAR_MIN_CLIENT_SUBNET_IPV4 464
#define VAR_MIN_CLIENT_SUBNET_IPV6 465
#define VAR_MAX_ECS_TREE_SIZE_IPV4 466
#define VAR_MAX_ECS_TREE_SIZE_IPV6 467
#define VAR_CAPS_WHITELIST 468
#define VAR_CACHE_MAX_NEGATIVE_TTL 469
#define VAR_PERMIT_SMALL_HOLDDOWN 470
#define VAR_QNAME_MINIMISATION 471
#define VAR_QNAME_MINIMISATION_STRICT 472
#define VAR_IP_FREEBIND 473
#define VAR_DEFINE_TAG 474
#define VAR_LOCAL_ZONE_TAG 475
#define VAR_ACCESS_CONTROL_TAG 476
#define VAR_LOCAL_ZONE_OVERRIDE 477
#define VAR_ACCESS_CONTROL_TAG_ACTION 478
#define VAR_ACCESS_CONTROL_TAG_DATA 479
#define VAR_VIEW 480
#define VAR_ACCESS_CONTROL_VIEW 481
#define VAR_VIEW_FIRST 482
#define VAR_SERVE_EXPIRED 483
#define VAR_SERVE_EXPIRED_TTL 484
#define VAR_SERVE_EXPIRED_TTL_RESET 485
#define VAR_SERVE_EXPIRED_REPLY_TTL 486
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 487
#define VAR_SERVE_ORIGINAL_TTL 488
#define VAR_FAKE_DSA 489
#define VAR_FAKE_SHA1 490
#define VAR_LOG_IDENTITY 491
#define VAR_HIDE_TRUSTANCHOR 492
#define VAR_HIDE_HTTP_USER_AGENT 493
#define VAR_HTTP_USER_AGENT 494
#define VAR_TRUST_ANCHOR_SIGNALING 495
#define VAR_AGGRESSIVE_NSEC 496
#define VAR_USE_SYSTEMD 497
#define VAR_SHM_ENABLE 498
#define VAR_SHM_KEY 499
#define VAR_ROOT_KEY_SENTINEL 500
#define VAR_DNSCRYPT 501
#define VAR_DNSCRYPT_ENABLE 502
#define VAR_DNSCRYPT_PORT 503
#define VAR_DNSCRYPT_PROVIDER 504
#define VAR_DNSCRYPT_SECRET_KEY 505
#define VAR_DNSCRYPT_PROVIDER_CERT 506
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 507
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 508
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 509
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 510
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 511
#define VAR_PAD_RESPONSES 512
#define VAR_PAD_RESPONSES_BLOCK_SIZE 513
#define VAR_PAD_QUERIES 514
#define VAR_PAD_QUERIES_BLOCK_SIZE 515
#define VAR_IPSECMOD_ENABLED 516
#define VAR_IPSECMOD_HOOK 517
#define VAR_IPSECMOD_IGNORE_BOGUS 518
#define VAR_IPSECMOD_MAX_TTL 519
#define VAR_IPSECMOD_WHITELIST 520
#define VAR_IPSECMOD_STRICT 521
#define VAR_CACHEDB 522
#define VAR_CACHEDB_BACKEND 523
#define VAR_CACHEDB_SECRETSEED 524
#define VAR_CACHEDB_REDISHOST 525
#define VAR_CACHEDB_REDISPORT 526
#define VAR_CACHEDB_REDISTIMEOUT 527
#define VAR_CACHEDB_REDISEXPIRERECORDS 528
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 529
#define VAR_FOR_UPSTREAM 530
#define VAR_AUTH_ZONE 531
#define VAR_ZONEFILE 532
#define VAR_MASTER 533
#define VAR_URL 534
#define VAR_FOR_DOWNSTREAM 535
#define VAR_FALLBACK_ENABLED 536
#define VAR_TLS_ADDITIONAL_PORT 537
#define VAR_LOW_RTT 538
#define VAR_LOW_RTT_PERMIL 539
#define VAR_FAST_SERVER_PERMIL 540
#define VAR_FAST_SERVER_NUM 541
#define VAR_ALLOW_NOTIFY 542
#define VAR_TLS_WIN_CERT 543
#define VAR_TCP_CONNECTION_LIMIT 544
#define VAR_FORWARD_NO_CACHE 545
#define VAR_STUB_NO_CACHE 546
#define VAR_LOG_SERVFAIL 547
#define VAR_DENY_ANY 548
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 549
#define VAR_LOG_TAG_QUERYREPLY 550
#define VAR_STREAM_WAIT_SIZE 551
#define VAR_TLS_CIPHERS 552
#define VAR_TLS_CIPHERSUITES 553
#define VAR_TLS_USE_SNI 554
#define VAR_IPSET 555
#define VAR_IPSET_NAME_V4 556
#define VAR_IPSET_NAME_V6 557
#define VAR_TLS_SESSION_TICKET_KEYS 558
#define VAR_RPZ 559
#define VAR_TAGS 560
#define VAR_RPZ_ACTION_OVERRIDE 561
#define VAR_RPZ_CNAME_OVERRIDE 562
#define VAR_RPZ_LOG 563
#define VAR_RPZ_LOG_NAME 564
#define VAR_DYNLIB 565
#define VAR_DYNLIB_FILE 566
#define VAR_EDNS_CLIENT_STRING 567
#define VAR_EDNS_CLIENT_STRING_OPCODE 568
#define VAR_NSID 569
#define VAR_ZONEMD_PERMISSIVE_MODE 570
#define VAR_ZONEMD_CHECK 571
#define VAR_ZONEMD_REJECT_ABSENCE 572
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -694,7 +701,7 @@ union YYSTYPE
char* str;
#line 698 "util/configparser.h"
#line 705 "util/configparser.h"
};
typedef union YYSTYPE YYSTYPE;

49
util/configparser.y
View file

@ -104,13 +104,14 @@ extern struct config_parser_state* cfg_parser;
%token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
%token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
%token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
%token VAR_VAL_SIG_SKEW_MAX VAR_CACHE_MIN_TTL VAR_VAL_LOG_LEVEL
%token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
%token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
%token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS
%token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT
%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
%token VAR_VAL_SIG_SKEW_MAX VAR_VAL_MAX_RESTART VAR_CACHE_MIN_TTL
%token VAR_VAL_LOG_LEVEL VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING
%token VAR_ADD_HOLDDOWN VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE
%token VAR_PREFETCH VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT
%token VAR_HARDEN_BELOW_NXDOMAIN VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES
%token VAR_LOG_REPLIES VAR_LOG_LOCAL_ACTIONS VAR_TCP_UPSTREAM
%token VAR_SSL_UPSTREAM VAR_TCP_AUTH_QUERY_TIMEOUT VAR_SSL_SERVICE_KEY
%token VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
%token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE
%token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS
%token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
@ -153,6 +154,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL
%token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA
%token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
%token VAR_HIDE_HTTP_USER_AGENT VAR_HTTP_USER_AGENT
%token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD
%token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL
%token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
@ -224,6 +226,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_harden_short_bufsize | server_harden_large_queries |
server_do_not_query_address | server_hide_identity |
server_hide_version | server_identity | server_version |
server_hide_http_user_agent | server_http_user_agent |
server_harden_glue | server_module_conf | server_trust_anchor_file |
server_trust_anchor | server_val_override_date | server_bogus_ttl |
server_val_clean_additional | server_val_permissive_mode |
@ -243,7 +246,8 @@ content_server: server_num_threads | server_verbosity | server_port |
server_local_data_ptr | server_jostle_timeout |
server_unwanted_reply_threshold | server_log_time_ascii |
server_domain_insecure | server_val_sig_skew_min |
server_val_sig_skew_max | server_cache_min_ttl | server_val_log_level |
server_val_sig_skew_max | server_val_max_restart |
server_cache_min_ttl | server_val_log_level |
server_auto_trust_anchor_file | server_add_holddown |
server_del_holddown | server_keep_missing | server_so_rcvbuf |
server_edns_buffer_size | server_prefetch | server_prefetch_key |
@ -1335,6 +1339,15 @@ server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
free($2);
}
;
server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG
{
OUTYY(("P(server_hide_user_agent:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->hide_http_user_agent = (strcmp($2, "yes")==0);
free($2);
}
;
server_identity: VAR_IDENTITY STRING_ARG
{
OUTYY(("P(server_identity:%s)\n", $2));
@ -1349,6 +1362,13 @@ server_version: VAR_VERSION STRING_ARG
cfg_parser->cfg->version = $2;
}
;
server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG
{
OUTYY(("P(server_http_user_agent:%s)\n", $2));
free(cfg_parser->cfg->http_user_agent);
cfg_parser->cfg->http_user_agent = $2;
}
;
server_nsid: VAR_NSID STRING_ARG
{
OUTYY(("P(server_nsid:%s)\n", $2));
@ -1853,6 +1873,19 @@ server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG
free($2);
}
;
server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG
{
OUTYY(("P(server_val_max_restart:%s)\n", $2));
if(*$2 == '\0' || strcmp($2, "0") == 0) {
cfg_parser->cfg->val_max_restart = 0;
} else {
cfg_parser->cfg->val_max_restart = atoi($2);
if(!cfg_parser->cfg->val_max_restart)
yyerror("number expected");
}
free($2);
}
;
server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
{
OUTYY(("P(server_cache_max_ttl:%s)\n", $2));

12
util/data/msgreply.c
View file

@ -355,7 +355,10 @@ parse_create_rrset(sldns_buffer* pkt, struct rrset_parse* pset,
return 0;
/* copy & decompress */
if(!parse_rr_copy(pkt, pset, *data)) {
if(!region) free(*data);
if(!region) {
free(*data);
*data = NULL;
}
return 0;
}
return 1;
@ -420,8 +423,13 @@ parse_copy_decompress_rrset(sldns_buffer* pkt, struct msg_parse* msg,
pk->rk.type = htons(pset->type);
pk->rk.rrset_class = pset->rrset_class;
/** read data part. */
if(!parse_create_rrset(pkt, pset, &data, region))
if(!parse_create_rrset(pkt, pset, &data, region)) {
if(!region) {
free(pk->rk.dname);
pk->rk.dname = NULL;
}
return 0;
}
pk->entry.data = (void*)data;
pk->entry.key = (void*)pk;
pk->entry.hash = pset->hash;

2
util/iana_ports.inc
View file

@ -4244,6 +4244,7 @@
5504,
5505,
5506,
5540,
5553,
5554,
5555,
@ -5377,6 +5378,7 @@
30999,
31016,
31029,
31337,
31416,
31457,
31620,

26
util/netevent.c
View file

@ -1214,7 +1214,7 @@ ssl_handshake(struct comm_point* c)
int r;
if(c->ssl_shake_state == comm_ssl_shake_hs_read) {
/* read condition satisfied back to writing */
comm_point_listen_for_rw(c, 1, 1);
comm_point_listen_for_rw(c, 0, 1);
c->ssl_shake_state = comm_ssl_shake_none;
return 1;
}
@ -1271,7 +1271,11 @@ ssl_handshake(struct comm_point* c)
if((SSL_get_verify_mode(c->ssl)&SSL_VERIFY_PEER)) {
/* verification */
if(SSL_get_verify_result(c->ssl) == X509_V_OK) {
#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
X509* x = SSL_get1_peer_certificate(c->ssl);
#else
X509* x = SSL_get_peer_certificate(c->ssl);
#endif
if(!x) {
log_addr(VERB_ALGO, "SSL connection failed: "
"no certificate",
@ -1297,7 +1301,11 @@ ssl_handshake(struct comm_point* c)
#endif
X509_free(x);
} else {
#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
X509* x = SSL_get1_peer_certificate(c->ssl);
#else
X509* x = SSL_get_peer_certificate(c->ssl);
#endif
if(x) {
log_cert(VERB_ALGO, "peer certificate", x);
X509_free(x);
@ -1333,7 +1341,7 @@ ssl_handshake(struct comm_point* c)
if(c->ssl_shake_state != comm_ssl_shake_read)
comm_point_listen_for_rw(c, 1, 0);
} else {
comm_point_listen_for_rw(c, 1, 1);
comm_point_listen_for_rw(c, 0, 1);
}
c->ssl_shake_state = comm_ssl_shake_none;
return 1;
@ -1364,7 +1372,9 @@ ssl_handle_read(struct comm_point* c)
return tcp_req_info_handle_read_close(c->tcp_req_info);
return 0; /* shutdown, closed */
} else if(want == SSL_ERROR_WANT_READ) {
#ifdef USE_WINSOCK
ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ);
#endif
return 1; /* read more later */
} else if(want == SSL_ERROR_WANT_WRITE) {
c->ssl_shake_state = comm_ssl_shake_hs_write;
@ -1412,7 +1422,9 @@ ssl_handle_read(struct comm_point* c)
return tcp_req_info_handle_read_close(c->tcp_req_info);
return 0; /* shutdown, closed */
} else if(want == SSL_ERROR_WANT_READ) {
#ifdef USE_WINSOCK
ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ);
#endif
return 1; /* read more later */
} else if(want == SSL_ERROR_WANT_WRITE) {
c->ssl_shake_state = comm_ssl_shake_hs_write;
@ -1505,7 +1517,9 @@ ssl_handle_write(struct comm_point* c)
comm_point_listen_for_rw(c, 1, 0);
return 1; /* wait for read condition */
} else if(want == SSL_ERROR_WANT_WRITE) {
#ifdef USE_WINSOCK
ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE);
#endif
return 1; /* write more later */
} else if(want == SSL_ERROR_SYSCALL) {
#ifdef EPIPE
@ -1555,7 +1569,9 @@ ssl_handle_write(struct comm_point* c)
comm_point_listen_for_rw(c, 1, 0);
return 1; /* wait for read condition */
} else if(want == SSL_ERROR_WANT_WRITE) {
#ifdef USE_WINSOCK
ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE);
#endif
return 1; /* write more later */
} else if(want == SSL_ERROR_SYSCALL) {
#ifdef EPIPE
@ -1711,7 +1727,8 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok)
(int)sldns_buffer_limit(c->buffer));
}
log_assert(sldns_buffer_remaining(c->buffer) > 0);
if(sldns_buffer_remaining(c->buffer) == 0)
log_err("in comm_point_tcp_handle_read buffer_remaining is not > 0 as expected, continuing with (harmless) 0 length recv");
r = recv(fd, (void*)sldns_buffer_current(c->buffer),
sldns_buffer_remaining(c->buffer), 0);
if(r == 0) {
@ -3940,11 +3957,13 @@ comm_point_close(struct comm_point* c)
/* close fd after removing from event lists, or epoll.. is messed up */
if(c->fd != -1 && !c->do_not_close) {
#ifdef USE_WINSOCK
if(c->type == comm_tcp || c->type == comm_http) {
/* delete sticky events for the fd, it gets closed */
ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ);
ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE);
}
#endif
verbose(VERB_ALGO, "close fd %d", c->fd);
sock_close(c->fd);
}
@ -4045,7 +4064,6 @@ comm_point_send_reply(struct comm_reply *repinfo)
}
repinfo->c->h2_stream = NULL;
repinfo->c->tcp_is_reading = 0;
sldns_buffer_clear(repinfo->c->buffer);
comm_point_stop_listening(repinfo->c);
comm_point_start_listening(repinfo->c, -1,
adjusted_tcp_timeout(repinfo->c));

6
util/shm_side/shm_main.c
View file

@ -130,6 +130,7 @@ int shm_main_init(struct daemon* daemon)
/* Just release memory unused */
free(daemon->shm_info);
daemon->shm_info = NULL;
return 0;
}
@ -143,6 +144,7 @@ int shm_main_init(struct daemon* daemon)
/* Just release memory unused */
free(daemon->shm_info);
daemon->shm_info = NULL;
return 0;
}
@ -156,6 +158,7 @@ int shm_main_init(struct daemon* daemon)
/* Just release memory unused */
free(daemon->shm_info);
daemon->shm_info = NULL;
return 0;
}
@ -170,6 +173,7 @@ int shm_main_init(struct daemon* daemon)
/* Just release memory unused */
free(daemon->shm_info);
daemon->shm_info = NULL;
return 0;
}
@ -210,6 +214,8 @@ void shm_main_shutdown(struct daemon* daemon)
if (daemon->shm_info->ptr_arr)
shmdt(daemon->shm_info->ptr_arr);
free(daemon->shm_info);
daemon->shm_info = NULL;
#else
(void)daemon;
#endif /* HAVE_SHMGET */

Some files were not shown because too many files have changed in this diff Show more