- Fix unbound-control commands that read stdin in multi-process
operation (local_zones_remove, local_zones, local_datas_remove,
local_datas, view_local_datas_remove, view_local_datas). They will
be properly distributed to all processes. dump_cache and load_cache
are no longer supported in multi-process operation.
- Remove testdata/remote-threaded.tdir. testdata/09-unbound-control.tdir
now checks both single and multi process/thread operation.
---------
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
fast reload, move most of the locking management to iter_fwd and
iter_hints methods. The caller still has the ability to handle its
own locking, if desired, for atomic operations on sets of different
structs.
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
forward_add and forward_delete should be distributed to other processes,
but when threaded, they should not be distributed to other threads because
the structure is not thread specific any more.
Add counter `num_queries_timed_out` meaning queries that were sitting in the
socket queue and waiting to being processed too long. There is no reason
to process such queries, so let's drop it in the very beginning of the
pipeline.
Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
There are several definitions of the same functions manipulating timeval
structures. Let's move them to separate file and arrange the code
preperly.
Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
Remove config parser/lexer code as it's rebuilded every time but can
break adding new config options.
Also clean up the code base to avoid mixing actual code changes and lint
issues.
Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
Change mode first when configuring remote control unix socket. Some
security systems might strip capability of changing other user's system
even to process with effective uid 0. That is done on Fedora by SELinux
policy and systemd for example. SELinux audit then shows errors, because
unbound tries modifying permissions of not own file. Fix just by mode
change as first step, make it owned by unbound:unbound user as the last
step only.
Related: rhbz#1905441
- Add configurable limits for http-query-buffer-size and
http-response-buffer-size
- Make http endpoint, max_streams, and TCP_NODELAY for HTTP sockets
configurable.
