upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-23 08:10:30 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7962 commits 23 branches 209 tags 123 MiB
Commit graph

346 commits

Author SHA1 Message Date
W.C.A. Wijngaards
11d077c826 - Fix some lint type warnings. 2022-05-20 15:32:27 +02:00
W.C.A. Wijngaards
f0d91950ad - Fix #673: DNS over TLS: error: SSL_handshake syscall: No route to 
host.
 2022-05-11 17:10:42 +02:00
Oscar Mira
78aee89201 Replace OpenSSL's ERR_PACK with ERR_GET_REASON 2022-02-17 20:20:18 +01:00
George Thessalonikefs
f0c6d26155 - Better bookkeeping when reclaiming the TCP buffer. 2022-01-25 10:32:37 +01:00
gthess
806a75808d
Merge pull request #562 from NLnetLabs/bugfix/reset-keepalive-per-tcp-session 
Reset keepalive per new tcp session
 2021-12-01 03:57:04 +01:00
George Thessalonikefs
24eded6ef9 - Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event. 2021-11-05 11:21:30 +01:00
George Thessalonikefs
431b749d7a - Fix for #558: fix loop in comm_point->tcp_free when a comm_point is reclaimed 
more than once during callbacks.
 2021-11-05 11:19:08 +01:00
Willem Toorop
53a1677828 Reset keepalive per new tcp session 2021-11-01 21:06:07 +01:00
W.C.A. Wijngaards
9f26f397a9 - Fix crosscompile windows to use libssp when it exists. 
- For the windows compile script disable gost.
- Fix that on windows, use BIO_set_callback_ex instead of deprecated
 2021-09-21 13:51:34 +02:00
W.C.A. Wijngaards
520fa84265 - Fix tcp fastopen failure when disabled, try normal connect instead. 2021-09-01 16:21:10 +02:00
W.C.A. Wijngaards
ad45e9b89e - Fix for #431: Squelch permission denied errors for udp connect, 
and udp send, they are visible at higher verbosity settings.
 2021-08-13 09:27:58 +02:00
W.C.A. Wijngaards
2a0df9e72e - Annotate assertion into error printout; we think it may be an 
error, but the situation looks harmless.
 2021-08-03 14:08:30 +02:00
Wouter Wijngaards
5196ee03e6
Merge pull request #517 from dyunwei/master 
#420 breaks the mesh reply list function that need to reuse the dns answer.
 2021-08-03 13:11:01 +02:00
George Thessalonikefs
a519009378 Merge branch 'master' of github.com:NLnetLabs/unbound 2021-08-03 12:20:45 +02:00
George Thessalonikefs
ca67691092 - Listen to read or write events after the SSL handshake. 
Sticky events on windows would stick on read when write was needed.
 2021-08-03 12:18:58 +02:00
daiyunwei
0784ad7a11 #420 
clear the c->buffer in the comm_point_send_reply does resolve the "can't fit qbuffer in c->buffer" issue, but it breaks the mesh reply list function that need to reuse the answer. because the c->buffer is cleared in the comm_point_send_reply, it cannot be resued again. it means that it is not inappropriate to clear c->buffer in the comm_point_send_reply.

After some investigation, i found it is appropriate to clear c->buffer before use in the http2_query_read_done.
 2021-08-03 11:40:30 +08:00
W.C.A. Wijngaards
b6abcb1508 - For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and 
SSL_get_peer_certificate.
- Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
 2021-07-30 13:54:43 +02:00
W.C.A. Wijngaards
8180ca192f - Fix for #510: in depth, use ifdefs for windows api event calls. 2021-07-16 09:12:06 +02:00
Felipe Gasper
0efccaa1eb Support OpenSSLs that lack SSL_get0_alpn_selected. 2021-04-19 13:05:50 -04:00
W.C.A. Wijngaards
addd21f750 - Fix permission denied sendto log, squelch the log messages 
unless high verbosity is set.
 2021-04-12 11:18:23 +02:00
W.C.A. Wijngaards
ff0c5f863d - Fix #429: Also fix end of transfer for http download of auth zones. 2021-03-25 12:18:49 +01:00
W.C.A. Wijngaards
57d4c3a8a4 - Fix for #447: squelch connection refused tcp connection failures 
from the log, unless verbosity is high.
 2021-03-19 17:43:36 +01:00
Wouter Wijngaards
209dc32624
Merge pull request #367 from NLnetLabs/dnstap-log-local-addr 
DNSTAP log local address
 2021-02-25 11:58:36 +01:00
W.C.A. Wijngaards
40fbc3fa8a - Fix #431: Squelch permission denied errors for tcp connect 2021-02-22 08:24:04 +01:00
W.C.A. Wijngaards
bc4bdbabea - Fix #429: rpz: url: with https: broken (regression in 1.13.1). 2021-02-19 14:42:02 +01:00
W.C.A. Wijngaards
f5339ec7e5 Merge branch 'master' into dnstap-log-local-addr 2021-02-18 13:12:09 +01:00
yunwei
0215500261
Update netevent.c 
#386
I found the root cause of this issue. r_buffer is r->query_reply.c->buffer, used to fill the reply in the mesh_send_reply function, then call comm_point_send_reply, and then call http2_submit_dns_response to send the DOH response. However, the buffer is not cleared after use. If the query length is greater than the last response length, the next dns query in the same H2 session will encounter an error.
This is bug!!!

Clear the buffer after use.
 2021-01-20 14:12:51 +08:00
Anton Lindqvist
422213c171 add missing null check 
I have a unbound forward zone configured on my router for my $DAYJOB.
The address associated with the zone is only accessible when the router
is connected to a VPN. If the VPN connection is absent, trying to
resolve any domain that must be handled by the zone crashes unbound.
Turns out there's a missing NULL check in `comm_point_send_udp_msg()`.
The same routine already has `if (addr) {} else {}` branches so I guess
protecting the call to `log_addr()` using the same conditional is
reasonable

I have also committed the same fix to unbound shipped with OpenBSD[1].

[1] https://marc.info/?l=openbsd-cvs&m=160993335615698&w=2
 2021-01-06 12:44:26 +01:00
W.C.A. Wijngaards
44075a06a5 - Fix #379: zone loading over HTTP appears to have buffer issues. 2021-01-06 10:36:23 +01:00
W.C.A. Wijngaards
4d51c6b86e - For #376: Fix that comm point event is not double removed or double 
added to event map.
 2021-01-04 14:05:50 +01:00
George Thessalonikefs
08968baec1 - Fix error cases when udp-connect is set and send() returns an error 
(modified patch from Xin Li @delphij).
 2020-12-16 17:11:41 +01:00
Wouter Wijngaards
48c038391a
Merge pull request #373 from fobser/void-arithmetic 
Warning: arithmetic on a pointer to void is a GNU extension.
 2020-12-11 14:07:30 +01:00
Wouter Wijngaards
29b5b25852
Merge pull request #335 from fobser/static 
Sprinkle in some static to prevent missing prototype warnings.
 2020-12-11 14:03:46 +01:00
Florian Obser
15e1b16da0 Warning: arithmetic on a pointer to void is a GNU extension. 2020-12-11 14:00:20 +01:00
W.C.A. Wijngaards
7077660932 - Fix to squelch permission denied and other errors from remote host, 
they are logged at higher verbosity but not on low verbosity.
 2020-12-11 10:30:54 +01:00
W.C.A. Wijngaards
6bf1293bcd No need for mk_local_addr, can pass the sockaddr structure. 2020-12-09 11:56:35 +01:00
W.C.A. Wijngaards
72d3b588ca For the DoH create_http_handler, also pass the socket. 2020-12-09 11:29:57 +01:00
W.C.A. Wijngaards
31cedb47cb Remove unused whitespace, add missing header change, make it compile 2020-12-09 11:13:58 +01:00
W.C.A. Wijngaards
bdfa65c6ab Import the patches from the files in the tarball in 
issue #365 https://github.com/NLnetLabs/unbound/files/5659923/patches.tar.gz
from iruzanov.  The merge conflicts are fixed, but no changes are made
to the patched code.
 2020-12-09 11:00:51 +01:00
W.C.A. Wijngaards
9eeb95a960 - Fix update, with write event check with streamreuse and fastopen. 2020-12-02 16:17:26 +01:00
W.C.A. Wijngaards
0502ab3026 - Fix for #283: fix stream reuse and tcp fast open. 2020-12-02 15:42:24 +01:00
W.C.A. Wijngaards
e049fb303c - Fix on windows to ignore connection failure on UDP, unless verbose. 2020-12-02 11:58:24 +01:00
W.C.A. Wijngaards
16c496bff6 - Fix #356: deadlock when listening tcp. 2020-12-02 10:10:27 +01:00
W.C.A. Wijngaards
1ebf851bf0 - Fix #360: for the additionally reported TCP Fast Open makes TCP 
connections fail, in that case we print a hint that this is
  happening with the error in the logs.
 2020-12-02 09:51:26 +01:00
W.C.A. Wijngaards
67a0614db7 - Fix that after failed read, the readagain cannot activate. 2020-11-26 12:12:52 +01:00
W.C.A. Wijngaards
4a8669612a - Fix to omit UDP receive errors from log, if verbosity low. 
These happen because of udp-connect.
 2020-11-26 09:39:54 +01:00
W.C.A. Wijngaards
e50152aa1f - Fix readagain and writeagain callback functions for comm point 
cleanup.
 2020-11-25 13:46:28 +01:00
W.C.A. Wijngaards
15e8f5c6d4 - Fix udp-connect on FreeBSD, do send calls on connected UDP socket. 2020-11-25 09:55:01 +01:00
W.C.A. Wijngaards
5924a591be - with udp-connect ignore connection refused with UDP timeouts. 2020-11-25 09:41:06 +01:00
Florian Obser
9fb65e2b9e Sprinkle in some static to prevent missing prototype warnings. 2020-10-28 14:15:23 +01:00
W.C.A. Wijngaards
78e9b8949c Merge branch 'master' into stream-reuse 
Resolved comm_point_start_listening conflict for socket close.
 2020-10-21 09:54:03 +02:00
W.C.A. Wijngaards
531ce9e85c Fixup for clear of tcp handler structure. 2020-10-19 13:36:53 +02:00
W.C.A. Wijngaards
68c57314c4 - Fix to set the tcp handler event toggle flag back to default when 
the handler structure is reused.
 2020-10-19 12:55:43 +02:00
W.C.A. Wijngaards
ab9d732796 - Log ip address when http session recv fails, eg. due to tls fail. 2020-10-19 11:06:55 +02:00
W.C.A. Wijngaards
a3e2bfbb0c - Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. 
This adds the option http-notls-downstream: yesno to change that,
  and the dohclient test code has the -n option.
 2020-10-19 10:24:03 +02:00
Ralph Dolmans
4ae823fbc2 Merge branch 'master' into doh 2020-09-16 18:38:51 +02:00
Ralph Dolmans
42a35ac26e - Final round of DoH review feedback processing. 2020-09-16 18:25:02 +02:00
Ralph Dolmans
a3be2b73b6 Properly handle http_endpoint malloc failure. 2020-09-10 13:05:55 +02:00
W.C.A. Wijngaards
47a5dc8cae - Refactor to use sock_strerr shorthand function. 2020-08-31 09:12:01 +02:00
W.C.A. Wijngaards
a6dc0743b4 - Merge PR #293: Add missing prototype. Also refactor to use the new 
shorthand function to clean up the code.
 2020-08-31 08:41:34 +02:00
W.C.A. Wijngaards
8b43b94b22 Merge branch 'master' into stream-reuse 2020-07-22 09:53:57 +02:00
Ralph Dolmans
14a0433470 - Merge PR #234 - Ensure proper alignment of cmsg buffers by Jérémie 
Courrèges-Anglas.
- Fix PR #234 log_assert sizeof to use union buffer.
 2020-07-17 13:07:03 +02:00
W.C.A. Wijngaards
766005a356 stream reuse, in callbacks, removed whitespace. 2020-07-13 15:45:16 +02:00
W.C.A. Wijngaards
19a35fb839 stream reuse, write and read again if more data can go over the channel, 
this amortizes the event loop mechanism for busy channels, for performance.
 2020-07-13 15:16:59 +02:00
W.C.A. Wijngaards
9914b7216b stream reuse, remove debug output 2020-07-10 16:06:17 +02:00
W.C.A. Wijngaards
7a69ff4182 fix that ssl_handle_it() uses tcp_is_reading in tcp_write_and_read mode. 
fix that netevent tcp_write_and_read mode does not close due to error from
assert that not both write and read happen at the same time.
 2020-07-10 15:37:30 +02:00
W.C.A. Wijngaards
e95edd3d36 debug prints in verbose output. 2020-07-09 13:41:50 +02:00
W.C.A. Wijngaards
ccc9e0749c stream reuse toggle write and read to only read mode when write is done. 
tcp callback from stream read without entry linked.
 2020-07-09 13:41:03 +02:00
W.C.A. Wijngaards
cfe009a31c tcp read and write handling of write events in netevent for tcp and ssl. 2020-06-26 16:05:15 +02:00
W.C.A. Wijngaards
64c8d18814 in tcp write callback routine dont reset read byte count if write and read. 
in tcp write callback and write and read and write is done perform callback.
tcp connection is selected to not toggle readwrite and give closed callback.
 2020-06-26 10:54:13 +02:00
W.C.A. Wijngaards
39a50f30a3 tcp callback handle timeout event for read and reuse keepalive. 2020-06-25 14:26:29 +02:00
Ralph Dolmans
0fbfce4c99 - Add DoH tests 2020-06-24 14:04:34 +02:00
W.C.A. Wijngaards
fd723aed27 tcp connection is stored and picked up for reuse 
fix that comm_point_start_listening does not close the same fd that is started.
 2020-06-03 17:24:26 +02:00
Ralph Dolmans
8fc2320b5c - Add mem.http.query_buffer and mem.http.response_buffer stats 
- Add configurable limits for http-query-buffer-size and
  http-response-buffer-size
- Make http endpoint, max_streams, and TCP_NODELAY for HTTP sockets
  configurable.
 2020-05-12 18:12:19 +02:00
Jeremie Courreges-Anglas
8175161059 Ensure proper alignment of cmsg buffers 
The cmsg macros expect a control message buffer to be aligned like
a struct cmsghdr.  The current layout around those stack-allocated
buffers probably provides the required alignment (usually 4 bytes).
Use a union to enforce proper alignment, in case future changes modify
the stack layout.

Spotted when chasing an unrelated bug with Otto Moerbeek (@omoerbeek).
 2020-05-10 17:23:33 +02:00
Ralph Dolmans
e7601870cc Merge branch 'master' into doh 2020-05-07 17:12:26 +02:00
Ralph Dolmans
8dae5d9f81 - Add DNS-over-HTTPS support 2020-05-07 16:36:26 +02:00
Willem Toorop
af0bd5b0b4 Send tcp_req_info->spool_buffer as dnstap CLIENT_RESPONSE 
When tcp_req_info exists. This fixes that dnstap CLIENT_RESPONSE messages did not contain the response message when answering on statful transport for uncached responses.
 2020-03-30 12:19:17 +02:00
Willem Toorop
9d9eee8402 Fix uncached CLIENT_RESPONSE'es on stateful transports 
Because repinfo->c->buffer does not contain the response when the it did not came from cache.
Only after tcp_req_info_send_reply is called, is the response on the buffer which is used to fill the dnstap protobuf's.
 2020-03-30 11:39:07 +02:00
W.C.A. Wijngaards
25a88d6d54 dnstap io, check peer verification in dtstream dtio_ssl_handshake. 2020-02-12 15:23:58 +01:00
W.C.A. Wijngaards
dc31cf3652 dnstap unbound-dnstap-sock, read from TLS. 2020-01-31 14:03:28 +01:00
W.C.A. Wijngaards
6c0a863584 - Fix to silence the tls handshake errors for broken pipe and reset 
by peer, unless verbosity is set to 2 or higher.
 2020-01-28 14:32:06 +01:00
Havard Eidnes
dc0b1699e5 In tcp_callback_writer(), don't disable time-out when changing to read. 2019-11-26 00:02:34 +01:00
W.C.A. Wijngaards
3a49e683ed - Fix Enum Name not Used, reported by X41 D-Sec. 2019-11-20 14:22:06 +01:00
W.C.A. Wijngaards
3907876eac - Fix Unrequired Checks, reported by X41 D-Sec. 2019-11-20 14:05:54 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
W.C.A. Wijngaards
05b9f4fd28 - Fix #71: fix openssl error squelch commit compilation error. 2019-09-04 08:44:19 +02:00
W.C.A. Wijngaards
1089fd6dc1 - squelch DNS over TLS errors 'ssl handshake failed crypto error' 
on low verbosity, they show on verbosity 3 (query details), because
  there is a high volume and the operator cannot do anything for the
  remote failure.  Specifically filters the high volume errors.
 2019-09-03 09:47:27 +02:00
W.C.A. Wijngaards
af6c5dea43 - Fix another spoolbuf storage code point, in prefetch. 2019-06-12 08:32:45 +02:00
W.C.A. Wijngaards
a95f5fd5cb - Squelch log messages from tcp send about connection reset by peer. 
They can be enabled with verbosity at higher values for diagnosing
  network connectivity issues.
 2019-05-13 10:39:39 +02:00
Wouter Wijngaards
ab6f1d0fc7 - Fix tls write event for read state change to re-call SSL_write and 
not resume the TLS handshake.


git-svn-id: file:///svn/unbound/trunk@5159 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-15 11:52:21 +00:00
Wouter Wijngaards
c8a56bfa8f - Squelch SSL read and write connection reset by peer and broken pipe 
messages.  Verbosity 2 and higher enables them.


git-svn-id: file:///svn/unbound/trunk@5158 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 15:04:32 +00:00
Wouter Wijngaards
c6369e9ffa - Fix that auth zone fails over to next master for timeout in tcp. 
git-svn-id: file:///svn/unbound/trunk@5155 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-11 13:41:53 +00:00
Wouter Wijngaards
348cbab016 - Fix to reinit event structure for accepted TCP (and TLS) sockets. 
git-svn-id: file:///svn/unbound/trunk@5148 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-05 14:11:28 +00:00
Wouter Wijngaards
a777329b7f - Fix spelling error in log output for event method. 
git-svn-id: file:///svn/unbound/trunk@5147 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-04 14:28:39 +00:00
Wouter Wijngaards
225534e5ab - Fix #4227: pair event del and add for libevent for tcp_req_info. 
git-svn-id: file:///svn/unbound/trunk@5122 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-02-25 15:48:27 +00:00
Wouter Wijngaards
f11d6653d6 - Fix that tcp for auth zone and outgoing does not remove and 
then gets the ssl read again applied to the deleted commpoint.


git-svn-id: file:///svn/unbound/trunk@5074 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-25 12:46:15 +00:00
Wouter Wijngaards
f5dcd84d27 Fix reread of buffer data, better, also for TCP. 
git-svn-id: file:///svn/unbound/trunk@5045 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 14:14:12 +00:00
Wouter Wijngaards
be4583ac84 - Fix that multiple dns fragments can be carried in one TLS frame. 
git-svn-id: file:///svn/unbound/trunk@5043 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-21 13:41:13 +00:00
Wouter Wijngaards
dd19026e91 - Initial commit for out-of-order processing for TCP and TLS. 
git-svn-id: file:///svn/unbound/trunk@5032 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-11 14:12:27 +00:00