upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8126 commits 23 branches 209 tags 123 MiB
Commit graph

825 commits

Author SHA1 Message Date
W.C.A. Wijngaards
56a2b564ef Merge commit '92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c' 2024-02-13 13:58:09 +01:00
W.C.A. Wijngaards
9a00877af9 Merge commit '882903f2fa800c4cb6f5e225b728e2887bb7b9ae' 2024-02-13 13:57:56 +01:00
W.C.A. Wijngaards
92f2a1ca69 - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. 2024-02-13 13:02:43 +01:00
W.C.A. Wijngaards
882903f2fa - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to 
exhaust CPU resources and stall DNS resolvers.
 2024-02-13 13:02:08 +01:00
Yorgos Thessalonikefs
8517f49745 - Use the origin (DNAME) TTL for syntesized CNAMEs as per RFC 6672. 2023-12-06 23:40:01 +01:00
W.C.A. Wijngaards
197bf15402 - Fix unit test parse of origin syntax. 2023-11-09 15:26:46 +01:00
W.C.A. Wijngaards
35d0a8a843 - Fix to print detailed errors when an SSL IO routine fails via 
SSL_get_error.
 2023-10-19 11:17:32 +02:00
W.C.A. Wijngaards
eff3e01ec3 Merge branch 'master' into disable-edns-do 2023-10-04 13:34:47 +02:00
George Thessalonikefs
13d4504dfc - Merge #881: Generalise the proxy protocol code. 2023-10-03 14:51:50 +02:00
W.C.A. Wijngaards
4e5b0b7eec - disable-edns-do, unit test checks lookup without EDNS DO flag. 2023-09-22 11:39:39 +02:00
W.C.A. Wijngaards
6e65343895 - Fix authority zone answers for obscured DNAMEs and delegations. 2023-09-14 11:37:49 +02:00
W.C.A. Wijngaards
b1c707e551 - Fix possibly unaligned memory access. 2023-08-16 14:57:38 +02:00
George Thessalonikefs
bab5ad623c - For #762: Introduce stat counters for downstream DNS Cookies per 
thread and total: num.queries_cookie_valid, num.queries_cookie_client,
  num.queries.cookie_invalid.
 2023-08-08 15:19:56 +02:00
George Thessalonikefs
4ccb613396 Merge branch 'master' into features/downstream-cookies 2023-08-05 20:37:48 +02:00
George Thessalonikefs
fbc0256825 - For #762: Cleaner manpage text and uniform use of the term DNS 
Cookies.
 2023-08-05 20:00:37 +02:00
George Thessalonikefs
8580a74b37 - For #762: Introduce rpl testing for DNS Cookies. 2023-08-05 19:50:57 +02:00
George Thessalonikefs
702f485587 - For #762: relocate EDNS cookie code to util/edns and introduce unit 
tests.
 2023-08-04 14:26:08 +02:00
George Thessalonikefs
08e11284fb - For #911: Try to trim EXTRA-TEXT (and LDNS_EDE_OTHER options 
altogether) before giving up on attaching EDE options.
 2023-08-01 09:55:28 +02:00
George Thessalonikefs
40f446a499 - For #857: fix mixed declarations and code. 2023-07-21 14:02:01 +02:00
George Thessalonikefs
e839771ddf Merge branch 'master' of https://github.com/eaglegai/unbound into eaglegai-master 2023-07-21 12:43:47 +02:00
George Thessalonikefs
5b7faca7db For #909: Numeric truncation when parsing TYPEXX and CLASSXX representation 
- Fix return values.
- Formatting nits.
 2023-07-20 11:42:05 +02:00
headshog
0b131d5a31 parse sldns_get_rr_class_by_name and sldns_get_rr_type_by_name return value 0 2023-07-19 18:09:03 +03:00
Vadim Fedorenko
a197aac2f6 timeval_func: move all timeval manipulation to separate file 
There are several definitions of the same functions manipulating timeval
structures. Let's move them to separate file and arrange the code
preperly.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
 2023-04-26 03:23:41 -07:00
W.C.A. Wijngaards
15a2add0f8 streamtcp, implement NOTIFY[=N] that sends a notify packet. 2023-04-26 11:57:10 +02:00
Vadim Fedorenko
648ad4db6f Linting change. 
Remove config parser/lexer code as it's rebuilded every time but can
break adding new config options.
Also clean up the code base to avoid mixing actual code changes and lint
issues.

Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
 2023-04-25 17:05:00 -07:00
W.C.A. Wijngaards
4bcc0a0a7a streamtcp, implement IXFR=N queries, add documentation for proxy option. 2023-04-25 16:44:58 +02:00
George Thessalonikefs
b5cc8b6c59 - Generalise the proxy protocol code 2023-04-24 16:15:56 +02:00
eaglegai
184248eb0e fix memory leak in unbound-streamtcp when open_svr failed 
==1927474== Memcheck, a memory error detector
==1927474== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1927474== Using Valgrind-3.16.0 and LibVEX; rerun with -h for copyright info
==1927474== Command: unbound-streamtcp -f localhost
==1927474==
fatal: bad server specs 'localhost'
==1927474==
==1927474== HEAP SUMMARY:
==1927474==     in use at exit: 131,186 bytes in 4 blocks
==1927474==   total heap usage: 5 allocs, 1 frees, 132,210 bytes allocated
==1927474==
==1927474== 40 bytes in 1 blocks are still reachable in loss record 1 of 4
==1927474==    at 0x483F751: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1927474==    by 0x1E0573: sldns_buffer_new (sbuffer.c:21)
==1927474==    by 0x11ECED: send_em (streamtcp.c:374)
==1927474==    by 0x11E6C1: main (streamtcp.c:585)
==1927474==
==1927474== 40 bytes in 1 blocks are still reachable in loss record 2 of 4
==1927474==    at 0x483F751: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1927474==    by 0x1E0573: sldns_buffer_new (sbuffer.c:21)
==1927474==    by 0x11ECFA: send_em (streamtcp.c:375)
==1927474==    by 0x11E6C1: main (streamtcp.c:585)
==1927474==
==1927474== 65,553 bytes in 1 blocks are still reachable in loss record 3 of 4
==1927474==    at 0x483F751: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1927474==    by 0x1E0583: sldns_buffer_new (sbuffer.c:27)
==1927474==    by 0x11ECED: send_em (streamtcp.c:374)
==1927474==    by 0x11E6C1: main (streamtcp.c:585)
==1927474==
==1927474== 65,553 bytes in 1 blocks are still reachable in loss record 4 of 4
==1927474==    at 0x483F751: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1927474==    by 0x1E0583: sldns_buffer_new (sbuffer.c:27)
==1927474==    by 0x11ECFA: send_em (streamtcp.c:375)
==1927474==    by 0x11E6C1: main (streamtcp.c:585)
==1927474==
==1927474== LEAK SUMMARY:
==1927474==    definitely lost: 0 bytes in 0 blocks
==1927474==    indirectly lost: 0 bytes in 0 blocks
==1927474==      possibly lost: 0 bytes in 0 blocks
==1927474==    still reachable: 131,186 bytes in 4 blocks
==1927474==         suppressed: 0 bytes in 0 blocks
==1927474==
==1927474== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Signed-off-by: eaglegai <eaglegai@163.com>
 2023-03-07 21:49:54 +08:00
W.C.A. Wijngaards
d97c174f50 - Fix for #852: Completion of error handling. 2023-02-23 13:38:29 +01:00
Sergey Kacheev
52a4ccee18 add a metric about the maximum number of collisions in lrushah 2023-01-13 13:33:38 +07:00
Willem Toorop
8df26b132b Merge branch 'master' into devel/merge-master-into-downstream-cookies 2022-11-07 17:09:20 +00:00
W.C.A. Wijngaards
ba8642aeb7 - testcode/dohclient sets log identity to its name. 2022-10-17 16:00:43 +02:00
George Thessalonikefs
a4631a3ecf - Fix unit test to properly test the reuse_write_wait_pop function. 2022-10-07 11:29:46 +02:00
George Thessalonikefs
2569b12b9c - Fix to stop possible loops in the tcp reuse code (write_wait list 
and tcp_wait list). Based on analysis and patch from Prad Seniappan
  and Karthik Umashankar.
 2022-10-07 11:25:36 +02:00
George Thessalonikefs
60db1111c0 - Use DEBUG_TDIR from environment in mini_tdir.sh for debugging. 
- Fix string comparison in mini_tdir.sh.
 2022-10-05 01:13:29 +02:00
Yorgos Thessalonikefs
c4e51a4cfe
PROXYv2 downstream support (#760) 2022-10-03 15:29:47 +02:00
W.C.A. Wijngaards
9842fbf760 - Fix test tdir skip report printout. 2022-10-03 10:26:30 +02:00
Willem Toorop
75f3fbdd65 Downstream DNS Cookies a la RFC7873 and RFC9018 
Create server cookies for clients that send client cookies.
Needs to be turned on in the config file with:

	answer-cookie: yes

A cookie-secret can be configured for anycast setups.
Also adds an access control list that will allow queries with
either a valid cookie or over a stateful transport.
 2022-09-28 10:28:19 +02:00
George Thessalonikefs
5b98816751 - Better output for skipped tdir tests. 2022-09-26 15:51:28 +02:00
George Thessalonikefs
99e12ae4b5 - Remove unused testcode/mini_tpkg.sh file. 2022-09-20 14:47:24 +02:00
George Thessalonikefs
9b1647ebae - Convert tdir tests to use the new skip_test functionality. 2022-09-20 14:45:20 +02:00
George Thessalonikefs
d301bfe4a2 - ACL per interface: refactor, complete testing and a bugfix for 
interface names.
 2022-09-11 20:57:41 +02:00
George Thessalonikefs
fc123303ac - Add functionality to skip tdir tests from the .pre file; 
- Initial tests for interface-* options.
 2022-09-11 20:21:32 +02:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
W.C.A. Wijngaards
07b073ddb3 - Fix unittest for edns subnet change. 2022-08-02 14:43:57 +02:00
George Thessalonikefs
1ceb031b58 - Add debug option to the mini_tdir.sh test code. 2022-06-29 10:47:18 +02:00
W.C.A. Wijngaards
b057d2127a - Fix test program dohclient close to use portability routine. 2022-06-28 09:23:43 +02:00
George Thessalonikefs
7c9177095f - Remove unused LDNS function check for GOST Engine unloading. 2022-06-20 16:27:15 +02:00
W.C.A. Wijngaards
11d077c826 - Fix some lint type warnings. 2022-05-20 15:32:27 +02:00
tcarpay
0ce36e8289
Add the basic EDE (RFC8914) cases (#604) 2022-05-06 12:48:53 +02:00
W.C.A. Wijngaards
e4ca71e85b - Fix zonemd check to allow unsupported algorithms to load. 
If there are only unsupported algorithms, or unsupported schemes,
  and no failed or successful other ZONEMD records, or malformed
  or bad ZONEMD records, the unsupported records allow the zone load.
 2022-04-08 09:29:37 +02:00
W.C.A. Wijngaards
2642319ea6 - please clang analyzer for loop in test code. 2022-02-02 14:11:36 +01:00
George Thessalonikefs
f857af873e - Update ratelimit code for recent serviced_query changes and more 
accurate ratelimit calculation.
 2022-01-29 23:49:38 +01:00
George Thessalonikefs
c3c0186658 - Add serviced_query timer to send upstream queries outside of the mesh 
flow to prevent race conditions.
 2022-01-25 00:01:43 +01:00
George Thessalonikefs
773d1f2911 - Make sure callback changes for EDNS are not lost. 2022-01-14 15:18:43 +01:00
George Thessalonikefs
de1e91fc7f - Fix EDNS to upstream where the same option could be attached more than 
once.
- Add a region to serviced_query for allocations.
 2022-01-14 13:55:34 +01:00
Wouter Wijngaards
9645228f03
Merge pull request #570 from rex4539/typos 
Fix typos
 2021-11-29 11:39:48 +01:00
Dimitris Apostolou
c21d6af617
Fix typos 2021-11-13 16:56:15 +02:00
TCY16
8205c87a96 complete renaming of the modules edns list 2021-11-08 11:50:29 +01:00
Tom Carpay
89d7476539 split edns_data.opt_list in opt_list_in and opt_list_out 
opt_list_in for parsed (incoming) edns options, and
opt_list_out for outgoing (to be encoded) edns options
 2021-11-01 12:48:40 +00:00
W.C.A. Wijngaards
63a406a432 - Fix more initialisation errors reported by gcc sanitizer. 2021-09-10 15:27:05 +02:00
W.C.A. Wijngaards
a64cbe958d - Fix lock debug code for gcc sanitizer reports. 2021-09-10 15:11:30 +02:00
W.C.A. Wijngaards
7d70e3c861 - Fix initialisation errors reported by gcc sanitizer. 2021-09-10 14:30:57 +02:00
W.C.A. Wijngaards
087a7ff95e - Fix asynclook unit test for setup of lockchecks before log. 2021-08-25 16:19:12 +02:00
W.C.A. Wijngaards
c93a7fb38a - Fix the stream wait stream_wait_count_lock and http2 buffer locks 
setup and desetup from race condition.
 2021-08-25 13:37:50 +02:00
gthess
3829faf679
Merge pull request #514 from ziollek/docker_for_run_test 
Docker environment for run tests
 2021-08-12 21:30:36 +02:00
W.C.A. Wijngaards
822a96b29a - Fix libnettle zonemd unit test. 2021-08-04 14:04:31 +02:00
W.C.A. Wijngaards
067954fe8d - Fix out of sourcedir run of zonemd unit tests. 2021-08-04 13:54:38 +02:00
Tomasz Ziolkowski
59552a7a76 reformat 2021-08-04 13:05:21 +02:00
Tomasz Ziolkowski
a922c6d525 merge master 2021-08-04 13:02:20 +02:00
W.C.A. Wijngaards
6dd270d625 - Fix missing locks in zonemd unit test. 2021-08-04 11:05:51 +02:00
W.C.A. Wijngaards
f5d53928a3 - In unit test use openssl set security level to allow keys in test. 2021-08-04 09:58:38 +02:00
Tomasz Ziolkowski
3e310a17be Docker environment for run tests + enhancement for ssl_handshake 2021-07-27 12:06:08 +02:00
gthess
dcd75814b9
Merge pull request #513 from NLnetLabs/tcp_reuse_fix 
Stream reuse, attempt to fix #411, #439, #469
 2021-07-26 16:54:34 +02:00
W.C.A. Wijngaards
e8d28f0a55 - Fix readzone unknown type print for memory resize. 2021-07-26 16:45:33 +02:00
George Thessalonikefs
8ee5aa312f - Fix unittcpreuse.c: properly initialise outnet. 2021-07-26 16:29:57 +02:00
George Thessalonikefs
de73af2da2 - stream reuse, do not explicitly wait for a free pending_tcp if a reuse 
could be used.
 2021-07-26 10:47:20 +02:00
George Thessalonikefs
ab318a8b95 - Add unittest for tcp_reuse functions. 2021-07-24 01:15:00 +02:00
W.C.A. Wijngaards
5f57dbf19b - Insert header into testcode/readzone.c, it was missing. 2021-07-16 17:12:41 +02:00
George Thessalonikefs
ca4d68c64c - Introduce 'http-user-agent:' and 'hide-http-user-agent:' options. 2021-07-16 14:32:18 +02:00
W.C.A. Wijngaards
f693cbc90b Revert "- With hide-version unbound also omits the version from http headers." 
This reverts commit 9d4644b125.
 2021-07-16 14:02:55 +02:00
W.C.A. Wijngaards
9d4644b125 - With hide-version unbound also omits the version from http headers. 2021-07-16 13:45:41 +02:00
George Thessalonikefs
e521b10f32 - Fix clang-analysis warnings for testcode/readzone.c. 2021-07-05 16:51:46 +02:00
George Thessalonikefs
c6fc7adeb1 - Fix Wunused-result compile warnings. 2021-07-04 15:19:24 +02:00
Tom Carpay
ab017cde0f Merge branch 'master' into svcb 2021-07-02 13:37:08 +02:00
tcarpay
e41125495d
Apply suggestions from code review 
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2021-07-01 12:45:14 +02:00
W.C.A. Wijngaards
5e81763e53 Analysis workflow, fixup ctime tests. 2021-06-25 15:27:51 +02:00
W.C.A. Wijngaards
e4e0eaa63e Analysis workflow, fix ctime formatting for autotrust and testbound. 2021-06-25 15:11:10 +02:00
W.C.A. Wijngaards
770a54600c Analysis workflow, check for ctime define. 2021-06-25 14:37:53 +02:00
W.C.A. Wijngaards
e45e73768f Analysis workflow, see if defines are causing ctime changes. 2021-06-25 14:07:11 +02:00
W.C.A. Wijngaards
66e9317edc Analysis workflow, test ctime replacement. 2021-06-25 13:37:26 +02:00
W.C.A. Wijngaards
6ed49bf45f Analysis workflow, debug output. 2021-06-25 10:12:40 +02:00
W.C.A. Wijngaards
358bc0d8bd Analysis workflow, make debug output. 2021-06-25 09:43:02 +02:00
W.C.A. Wijngaards
7d16b2c268 Analysis workflow, output failure cases. 2021-06-25 08:49:30 +02:00
W.C.A. Wijngaards
e24c78efd6 Analysis workflow, remove debug output, strip more whitespace off 
ADDRESS lines in testbound range.
 2021-06-24 22:57:12 +02:00
W.C.A. Wijngaards
8a25ca9651 Fixup ctime test. 2021-06-24 22:11:42 +02:00
W.C.A. Wijngaards
db5bb6270b Fixup unit auth test for windows port. 2021-06-24 21:55:46 +02:00
W.C.A. Wijngaards
d3b2bc501d - Fix warnings reported by the gcc analyzer. 2021-06-23 18:02:02 +02:00
tcarpay
eb9891f4ed
Apply suggestions from code review 
Co-authored-by: Willem Toorop <willem@nlnetlabs.nl>
 2021-06-23 10:53:11 +02:00
W.C.A. Wijngaards
ea4f1ee8a6 - zonemd-check: yesno option, default no, enables the processing 
of ZONEMD records for that zone.
 2021-05-27 14:20:53 +02:00