upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7750 commits 23 branches 209 tags 123 MiB
Commit graph

186 commits

Author SHA1 Message Date
Wouter Wijngaards
ad21dbd1c2
Cookie secret file (#1090) 
* - cookie-secret-file, define struct.

* - cookie-secret-file, add config option, create, read and delete struct.

* - cookie-secret-file, check cookie secrets for cookie validation.

* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
  activate_cookie_secret and print_cookie_secrets.

* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
  staging cookies get a fresh cookie and spelling in error message.

* - cookie-secret-file, remove unused variable from cookie file unit test.

* Remove unshare and faketime dependencies for cookie_file test; documentation nits.

---------

Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
 2024-08-02 13:32:08 +02:00
W.C.A. Wijngaards
a335e601e4 ipset-pf-support, move startup and destartup to the front of the module 
func block functions, modstack call deinit function names, and detect
module change when no startup functions are needed.
 2024-07-03 13:53:44 +02:00
W.C.A. Wijngaards
65e7253d19 ipset-pf-support, simplification of code. 2024-07-02 09:08:27 +02:00
W.C.A. Wijngaards
ff653a7ef8 Call module init init again, and new function startup and destartup. 
NULL can be used if the function is not used. Open shared ports during
reload. Deinit is called during reload.
 2024-07-01 16:10:07 +02:00
W.C.A. Wijngaards
3953f827fb Merge branch 'master' of https://github.com/madroach/unbound into ipset-pf-support 2024-07-01 14:36:33 +02:00
Yorgos Thessalonikefs
486985fbdf - Fix memory leak when reload_keep_cache is used and num-threads changes. 2024-05-31 12:09:35 +02:00
W.C.A. Wijngaards
7c5e765b3b - Fix cachedb with serve-expired-client-timeout disabled. The edns 
subnet module deletes global cache and cachedb cache when it
  stores a result, and serve-expired is enabled, so that the global
  reply, that is older than the ecs reply, does not return after
  the ecs reply expires.
 2024-04-26 13:32:15 +02:00
Wouter Wijngaards
ced9762b14
Merge pull request #1041 from NLnetLabs/stubfwd-unshare 
Stub and Forward unshare
 2024-04-25 11:11:00 +02:00
W.C.A. Wijngaards
d98c7b9ae3 - Implement cachedb-check-when-serve-expired: yes option, default 
is enabled. When serve expired is enabled with cachedb, it first
  checks cachedb before serving the expired response.
 2024-04-10 11:21:28 +02:00
W.C.A. Wijngaards
48113cfaba - fast-reload, unshared stub hints, making the structure locked, with an rwlock. 2024-04-03 13:55:57 +02:00
W.C.A. Wijngaards
f2fb498c69 - fast-reload, unshare forwards, making the structure locked, with an rwlock. 2024-04-03 13:55:54 +02:00
W.C.A. Wijngaards
2993437eaa - Fix that addrinfo is not kept around but copied and freed, so that 
log-destaddr uses a copy of the information, much like NSD does.
 2024-03-15 13:39:49 +01:00
George Thessalonikefs
857d6ce3a1 Merge branch 'reuse-caches-on-reload' of https://github.com/jinmeiib/unbound-1 into jinmeiib-reuse-caches-on-reload 2022-12-13 16:42:38 +01:00
George Thessalonikefs
d301bfe4a2 - ACL per interface: refactor, complete testing and a bugfix for 
interface names.
 2022-09-11 20:57:41 +02:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
JINMEI Tatuya
fccb2eb2e8 prevent memory leak in case cache isn't reused 2022-07-22 14:33:21 -07:00
George Thessalonikefs
7c9177095f - Remove unused LDNS function check for GOST Engine unloading. 2022-06-20 16:27:15 +02:00
JINMEI Tatuya
5b2eda28e3 add keep-cache option to unbound-control reload to keep caches 2021-11-11 10:47:08 -08:00
W.C.A. Wijngaards
a64cbe958d - Fix lock debug code for gcc sanitizer reports. 2021-09-10 15:11:30 +02:00
W.C.A. Wijngaards
c93a7fb38a - Fix the stream wait stream_wait_count_lock and http2 buffer locks 
setup and desetup from race condition.
 2021-08-25 13:37:50 +02:00
W.C.A. Wijngaards
6cd77933a3 - Fix: Resolve interface names on control-interface too. 2021-02-26 13:54:10 +01:00
W.C.A. Wijngaards
b7a633fdc0 Merge branch 'master' into zonemd 2021-02-04 16:08:11 +01:00
Christopher Zimmermann
1d23e0c920 Merge remote-tracking branch 'upstream/master' 2021-02-03 13:19:19 +01:00
W.C.A. Wijngaards
e09873e0c8 zonemd, zonemds are checked at start 2020-10-22 12:10:46 +02:00
Ralph Dolmans
eb799026ff Replace edns-client-tag with edns-client-string option 2020-09-30 23:17:53 +02:00
W.C.A. Wijngaards
f6a527c25a - Similar to NSD PR#113, implement that interface names can be used, 
eg. something like interface: eth0 is resolved at server start and
  uses the IP addresses for that named interface.
 2020-08-27 14:53:33 +02:00
Ralph Dolmans
16029281a8 Start of EDNS client tags implementation. 2020-07-23 17:17:44 +02:00
Christopher Zimmermann
c96e4ca121 allow privileged initialisation of modules 2020-05-10 22:30:25 +02:00
Ralph Dolmans
90040b24ce - Fix link error when OpenSSL is configured with no-engine, thanks noloader. 2020-03-02 14:06:10 +01:00
W.C.A. Wijngaards
4d3524f496 dnstap io, test for TLS and reconnect for that. And fix unused parameters 
for dt_create and fix check of socket path when using IP address.
 2020-02-14 14:44:02 +01:00
W.C.A. Wijngaards
8dd683768b Merge branch 'master' into framestreams 2020-01-30 16:22:12 +01:00
W.C.A. Wijngaards
efc79beb2d iothread work. 2020-01-21 17:01:25 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
W.C.A. Wijngaards
da4d6ffee3 - Fix Bad Randomness in Seed, reported by X41 D-Sec. 2019-11-20 14:40:50 +01:00
W.C.A. Wijngaards
d8809c672a - Fix Weak Entropy Used For Nettle, 
reported by X41 D-Sec.
 2019-11-20 11:28:53 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
Maryse47
ce0e9bef45 Consistently use /dev/urandom instead of /dev/random in scripts and docs 
Unbound code call /dev/urandom (see below)  but various docs and scripts
mention /dev/random which may be confusing.

https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/arc4random.c#L107
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_linux.c#L251
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_osx.c
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_solaris.c#L116
 2019-09-19 17:40:49 +02:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
W.C.A. Wijngaards
8cb3656b3e - Fix warning for unused variable for compilation without systemd. 2019-08-14 16:08:19 +02:00
George Thessalonikefs
a90f173875 - Fix #59, when compiled with systemd support check that we can properly 
communicate with systemd through the `NOTIFY_SOCKET`.
 2019-08-14 15:51:28 +02:00
Ralph Dolmans
a8d6147ae4 - Added RPZ response IP support 2019-07-16 18:43:16 +02:00
Wouter Wijngaards
b34a6defc1 - Fix OpenSSL without ENGINE support compilation. 
git-svn-id: file:///svn/unbound/trunk@5096 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 12:33:28 +00:00
Wouter Wijngaards
8cf5eae166 - Fix OpenSSL without ENGINE support compilation. 
git-svn-id: file:///svn/unbound/trunk@5095 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 11:34:11 +00:00
Wouter Wijngaards
d3f397c686 More fixes, statistic counter at end of struct for backwards compatibility, man page, free at exit, indent. 
git-svn-id: file:///svn/unbound/trunk@5062 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 10:19:04 +00:00
Wouter Wijngaards
216759e955 - Fix #4156: Fix systemd service manager state change notification. 
git-svn-id: file:///svn/unbound/trunk@4913 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-09-17 12:30:22 +00:00
Wouter Wijngaards
586b811b87 - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). 
This limits the number of simultaneous TCP client connections
  from a nominated netblock.
And a simple test for TCP connection limit.


git-svn-id: file:///svn/unbound/trunk@4835 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-07 11:57:42 +00:00
Wouter Wijngaards
27023b3f21 - Fix for #4136: Fix to unconditionally call destroy in daemon.c. 
git-svn-id: file:///svn/unbound/trunk@4830 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-06 07:18:05 +00:00
Wouter Wijngaards
37e9f5591a - Revert previous change for #4136: because it introduces build 
problems.


git-svn-id: file:///svn/unbound/trunk@4826 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-08-03 09:47:53 +00:00
Wouter Wijngaards
10c085f81d - Fix #4136: insufficiency from mismatch of FLEX capability between 
released tarball and build host.


git-svn-id: file:///svn/unbound/trunk@4801 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-30 09:58:05 +00:00
Wouter Wijngaards
40abe08ac8 - Fix use-systemd readiness signalling, only when use-systemd is yes 
and not in signal handler.


git-svn-id: file:///svn/unbound/trunk@4797 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-07-23 13:05:39 +00:00