Date: Sun, 30 Jun 2019 15:01:11 +0000 (UTC) From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r349559 - in vendor/unbound/dist: . cachedb contrib daemon doc edns-subnet iterator libunbound/python pythonmod pythonmod/doc/examples pythonmod/examples services services/cache testcod... Message-ID: <201906301501.x5UF1BQ5040753@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Sun Jun 30 15:01:11 2019 New Revision: 349559 URL: https://svnweb.freebsd.org/changeset/base/349559 Log: Vendor import of Unbound 1.9.2. Added: vendor/unbound/dist/.travis.yml vendor/unbound/dist/README.md vendor/unbound/dist/pythonmod/examples/avahi-resolver.py vendor/unbound/dist/testdata/auth_nsec3_ent.rpl Modified: vendor/unbound/dist/.gitignore vendor/unbound/dist/cachedb/cachedb.c vendor/unbound/dist/config.h.in vendor/unbound/dist/configure vendor/unbound/dist/configure.ac vendor/unbound/dist/contrib/fastrpz.patch vendor/unbound/dist/daemon/unbound.c vendor/unbound/dist/daemon/worker.c vendor/unbound/dist/doc/Changelog vendor/unbound/dist/doc/README vendor/unbound/dist/doc/example.conf.in vendor/unbound/dist/doc/libunbound.3.in vendor/unbound/dist/doc/unbound-anchor.8.in vendor/unbound/dist/doc/unbound-checkconf.8.in vendor/unbound/dist/doc/unbound-control.8.in vendor/unbound/dist/doc/unbound-host.1.in vendor/unbound/dist/doc/unbound.8.in vendor/unbound/dist/doc/unbound.conf.5.in vendor/unbound/dist/doc/unbound.doxygen vendor/unbound/dist/edns-subnet/subnetmod.c vendor/unbound/dist/iterator/iter_utils.c vendor/unbound/dist/iterator/iter_utils.h vendor/unbound/dist/iterator/iterator.c vendor/unbound/dist/libunbound/python/libunbound.i vendor/unbound/dist/pythonmod/doc/examples/example0-1.py vendor/unbound/dist/pythonmod/doc/examples/example0.rst vendor/unbound/dist/pythonmod/examples/edns.py vendor/unbound/dist/pythonmod/examples/inplace_callbacks.py vendor/unbound/dist/pythonmod/interface.i vendor/unbound/dist/services/authzone.c vendor/unbound/dist/services/authzone.h vendor/unbound/dist/services/cache/dns.c vendor/unbound/dist/services/listen_dnsport.c vendor/unbound/dist/services/mesh.c vendor/unbound/dist/services/outside_network.c vendor/unbound/dist/services/outside_network.h vendor/unbound/dist/testcode/fake_event.c vendor/unbound/dist/testdata/auth_nsec3_wild.rpl vendor/unbound/dist/util/alloc.c vendor/unbound/dist/util/data/msgreply.h vendor/unbound/dist/util/fptr_wlist.c vendor/unbound/dist/util/iana_ports.inc vendor/unbound/dist/util/net_help.c vendor/unbound/dist/util/netevent.c vendor/unbound/dist/util/storage/lookup3.c vendor/unbound/dist/util/ub_event.c Modified: vendor/unbound/dist/.gitignore ============================================================================== --- vendor/unbound/dist/.gitignore Sun Jun 30 14:57:08 2019 (r349558) +++ vendor/unbound/dist/.gitignore Sun Jun 30 15:01:11 2019 (r349559) @@ -4,6 +4,7 @@ /Makefile /autom4te.cache/ /config.h +/config.h.in~ /config.log /config.status /dnstap/dnstap_config.h @@ -18,6 +19,7 @@ /doc/unbound.conf.5 /libtool /libunbound.la +/_unbound.la /smallapp/unbound-control-setup.sh /unbound /unbound-anchor @@ -39,4 +41,14 @@ /contrib/libunbound.pc /contrib/unbound.service /contrib/unbound.socket - +/dnstap/dnstap.pb-c.c +/dnstap/dnstap.pb-c.h +/libunbound/python/libunbound_wrap.c +/libunbound/python/unbound.py +/pythonmod/interface.h +/pythonmod/unboundmodule.py +/testdata/result.* +/testdata/.done-* +/testdata/.perfstats.txt +/doc/html +/doc/xml Added: vendor/unbound/dist/.travis.yml ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/unbound/dist/.travis.yml Sun Jun 30 15:01:11 2019 (r349559) @@ -0,0 +1,16 @@ +sudo: false +language: c +compiler: + - gcc +addons: + apt: + packages: + - libssl-dev + - libevent-dev + - libexpat-dev + - clang +script: + - ./configure --enable-debug --disable-flto + - make + - make test + - (cd testdata/clang-analysis.tdir; bash clang-analysis.test) Added: vendor/unbound/dist/README.md ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/unbound/dist/README.md Sun Jun 30 15:01:11 2019 (r349559) @@ -0,0 +1,37 @@ +# Unbound + +[![Travis Build Status](https://travis-ci.org/NLnetLabs/unbound.svg?branch=master)](https://travis-ci.org/NLnetLabs/unbound) +[![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions) + +Unbound is a validating, recursive, caching DNS resolver. It is designed to be +fast and lean and incorporates modern features based on open standards. If you +have any feedback, we would love to hear from you. Don’t hesitate to +[create an issue on Github](https://github.com/NLnetLabs/unbound/issues/new) +or post a message on the [Unbound mailing list](https://nlnetlabs.nl/mailman/listinfo/unbound-users). +You can lean more about Unbound by reading our +[documentation](https://nlnetlabs.nl/documentation/unbound/). + +## Compiling + +Make sure you have the C toolchain, OpenSSL and its include files, and libexpat +installed. Unbound can be compiled and installed using: + +``` +./configure && make && make install +``` + +You can use libevent if you want. libevent is useful when using many (10000) +outgoing ports. By default max 256 ports are opened at the same time and the +builtin alternative is equally capable and a little faster. + +Use the `--with-libevent=dir` configure option to compile Unbound with libevent +support. + +## Unbound configuration + +All of Unbound's configuration options are described in the man pages, which +will be installed and are available on the Unbound +[documentation page](https://nlnetlabs.nl/documentation/unbound/). + +An example configuration file is located in +[doc/example.conf](https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in). Modified: vendor/unbound/dist/cachedb/cachedb.c ============================================================================== --- vendor/unbound/dist/cachedb/cachedb.c Sun Jun 30 14:57:08 2019 (r349558) +++ vendor/unbound/dist/cachedb/cachedb.c Sun Jun 30 15:01:11 2019 (r349559) @@ -72,6 +72,19 @@ # define be64toh(x) OSSwapBigToHostInt64(x) #endif +/* Some compilers do not define __BYTE_ORDER__, like IBM XLC on AIX */ +#ifndef be64toh +#if defined(__sun) || defined(_AIX) +# if __BIG_ENDIAN__ +# define be64toh(n) (n) +# define htobe64(n) (n) +# else +# define be64toh(n) (((uint64_t)htonl((n) & 0xFFFFFFFF) << 32) | htonl((n) >> 32)) +# define htobe64(n) (((uint64_t)htonl((n) & 0xFFFFFFFF) << 32) | htonl((n) >> 32)) +# endif +#endif +#endif /* be64toh */ + /** the unit test testframe for cachedb, its module state contains * a cache for a couple queries (in memory). */ struct testframe_moddata { Modified: vendor/unbound/dist/config.h.in ============================================================================== --- vendor/unbound/dist/config.h.in Sun Jun 30 14:57:08 2019 (r349558) +++ vendor/unbound/dist/config.h.in Sun Jun 30 15:01:11 2019 (r349559) @@ -86,6 +86,10 @@ if you don't. */ #undef HAVE_DECL_ARC4RANDOM_UNIFORM +/* Define to 1 if you have the declaration of `evsignal_assign', and to 0 if + you don't. */ +#undef HAVE_DECL_EVSIGNAL_ASSIGN + /* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you don't. */ #undef HAVE_DECL_INET_NTOP @@ -166,6 +170,9 @@ /* Define to 1 if you have the `ERR_load_crypto_strings' function. */ #undef HAVE_ERR_LOAD_CRYPTO_STRINGS +/* Define to 1 if you have the `event_assign' function. */ +#undef HAVE_EVENT_ASSIGN + /* Define to 1 if you have the `event_base_free' function. */ #undef HAVE_EVENT_BASE_FREE @@ -406,7 +413,7 @@ /* Define to 1 if you have the `RAND_cleanup' function. */ #undef HAVE_RAND_CLEANUP -/* Define to 1 if you have the `reallocarray' function. */ +/* If we have reallocarray(3) */ #undef HAVE_REALLOCARRAY /* Define to 1 if you have the `recvmsg' function. */ @@ -965,8 +972,14 @@ +#ifndef _OPENBSD_SOURCE +#define _OPENBSD_SOURCE 1 +#endif + #ifndef UNBOUND_DEBUG +# ifndef NDEBUG # define NDEBUG +# endif #endif /** Use small-ldns codebase */ Modified: vendor/unbound/dist/configure ============================================================================== --- vendor/unbound/dist/configure Sun Jun 30 14:57:08 2019 (r349558) +++ vendor/unbound/dist/configure Sun Jun 30 15:01:11 2019 (r349559) @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.9.1. +# Generated by GNU Autoconf 2.69 for unbound 1.9.2. # # Report bugs to <unbound-bugs@nlnetlabs.nl>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.9.1' -PACKAGE_STRING='unbound 1.9.1' +PACKAGE_VERSION='1.9.2' +PACKAGE_STRING='unbound 1.9.2' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -1440,7 +1440,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.9.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.9.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1505,7 +1505,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.9.1:";; + short | recursive ) echo "Configuration of unbound 1.9.2:";; esac cat <<\_ACEOF @@ -1722,7 +1722,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.9.1 +unbound configure 1.9.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2431,7 +2431,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.9.1, which was +It was created by unbound $as_me 1.9.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2783,11 +2783,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=9 -UNBOUND_VERSION_MICRO=1 +UNBOUND_VERSION_MICRO=2 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=1 +LIBUNBOUND_REVISION=2 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2856,6 +2856,7 @@ LIBUNBOUND_AGE=1 # 1.8.3 had 8:3:0 # 1.9.0 had 9:0:1 # add ub_ctx_set_tls # 1.9.1 had 9:1:1 +# 1.9.2 had 9:2:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -19012,6 +19013,35 @@ _ACEOF fi done # only in libev. (tested on 4.00) + for ac_func in event_assign +do : + ac_fn_c_check_func "$LINENO" "event_assign" "ac_cv_func_event_assign" +if test "x$ac_cv_func_event_assign" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_EVENT_ASSIGN 1 +_ACEOF + +fi +done + # in libevent, for thread-safety + ac_fn_c_check_decl "$LINENO" "evsignal_assign" "ac_cv_have_decl_evsignal_assign" "$ac_includes_default +#ifdef HAVE_EVENT_H +# include <event.h> +#else +# include \"event2/event.h\" +#endif + +" +if test "x$ac_cv_have_decl_evsignal_assign" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_EVSIGNAL_ASSIGN $ac_have_decl +_ACEOF + PC_LIBEVENT_DEPENDENCY="libevent" if test -n "$BAK_LDFLAGS_SET"; then @@ -20114,20 +20144,44 @@ fi LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" -ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray" -if test "x$ac_cv_func_reallocarray" = xyes; then : - $as_echo "#define HAVE_REALLOCARRAY 1" >>confdefs.h +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for reallocarray" >&5 +$as_echo_n "checking for reallocarray... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +#ifndef _OPENBSD_SOURCE +#define _OPENBSD_SOURCE 1 +#endif +#include <stdlib.h> +int main(void) { + void* p = reallocarray(NULL, 10, 100); + free(p); + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_REALLOCARRAY 1" >>confdefs.h + + else - case " $LIBOBJS " in + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + case " $LIBOBJS " in *" reallocarray.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS reallocarray.$ac_objext" ;; esac -fi - +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext if test "$USE_NSS" = "no"; then ac_fn_c_check_func "$LINENO" "arc4random" "ac_cv_func_arc4random" if test "x$ac_cv_func_arc4random" = xyes; then : @@ -21150,7 +21204,7 @@ _ACEOF -version=1.9.1 +version=1.9.2 date=`date +'%b %e, %Y'` @@ -21669,7 +21723,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.9.1, which was +This file was extended by unbound $as_me 1.9.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21735,7 +21789,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.9.1 +unbound config.status 1.9.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Modified: vendor/unbound/dist/configure.ac ============================================================================== --- vendor/unbound/dist/configure.ac Sun Jun 30 14:57:08 2019 (r349558) +++ vendor/unbound/dist/configure.ac Sun Jun 30 15:01:11 2019 (r349559) @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[9]) -m4_define([VERSION_MICRO],[1]) +m4_define([VERSION_MICRO],[2]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=1 +LIBUNBOUND_REVISION=2 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -87,6 +87,7 @@ LIBUNBOUND_AGE=1 # 1.8.3 had 8:3:0 # 1.9.0 had 9:0:1 # add ub_ctx_set_tls # 1.9.1 had 9:1:1 +# 1.9.2 had 9:2:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -1199,6 +1200,14 @@ large outgoing port ranges. ]) AC_CHECK_FUNCS([event_base_get_method]) # only in libevent 1.4.3 and later AC_CHECK_FUNCS([ev_loop]) # only in libev. (tested on 3.51) AC_CHECK_FUNCS([ev_default_loop]) # only in libev. (tested on 4.00) + AC_CHECK_FUNCS([event_assign]) # in libevent, for thread-safety + AC_CHECK_DECLS([evsignal_assign], [], [], [AC_INCLUDES_DEFAULT +#ifdef HAVE_EVENT_H +# include <event.h> +#else +# include "event2/event.h" +#endif + ]) PC_LIBEVENT_DEPENDENCY="libevent" AC_SUBST(PC_LIBEVENT_DEPENDENCY) if test -n "$BAK_LDFLAGS_SET"; then @@ -1438,7 +1447,24 @@ AC_REPLACE_FUNCS(explicit_bzero) dnl without CTIME, ARC4-functions and without reallocarray. LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" AC_SUBST(LIBOBJ_WITHOUT_CTIMEARC4) -AC_REPLACE_FUNCS(reallocarray) +AC_MSG_CHECKING([for reallocarray]) +AC_LINK_IFELSE([AC_LANG_SOURCE(AC_INCLUDES_DEFAULT +[[ +#ifndef _OPENBSD_SOURCE +#define _OPENBSD_SOURCE 1 +#endif +#include <stdlib.h> +int main(void) { + void* p = reallocarray(NULL, 10, 100); + free(p); + return 0; +} +]])], [AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_REALLOCARRAY, 1, [If we have reallocarray(3)]) +], [ + AC_MSG_RESULT(no) + AC_LIBOBJ(reallocarray) +]) if test "$USE_NSS" = "no"; then AC_REPLACE_FUNCS(arc4random) AC_REPLACE_FUNCS(arc4random_uniform) @@ -1651,8 +1677,14 @@ AHX_CONFIG_EXT_FLAGS dnl includes [ +#ifndef _OPENBSD_SOURCE +#define _OPENBSD_SOURCE 1 +#endif + #ifndef UNBOUND_DEBUG +# ifndef NDEBUG # define NDEBUG +# endif #endif /** Use small-ldns codebase */ Modified: vendor/unbound/dist/contrib/fastrpz.patch ============================================================================== --- vendor/unbound/dist/contrib/fastrpz.patch Sun Jun 30 14:57:08 2019 (r349558) +++ vendor/unbound/dist/contrib/fastrpz.patch Sun Jun 30 15:01:11 2019 (r349559) @@ -1,11 +1,11 @@ Description: based on the included patch contrib/fastrpz.patch Author: fastrpz@farsightsecurity.com --- -Index: unboundfastrpz/Makefile.in -=================================================================== ---- unboundfastrpz/Makefile.in (revision 5073) -+++ unboundfastrpz/Makefile.in (working copy) -@@ -23,6 +23,8 @@ +diff --git a/Makefile.in b/Makefile.in +index 03a6347..6758bea 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c CHECKLOCK_OBJ=@CHECKLOCK_OBJ@ DNSTAP_SRC=@DNSTAP_SRC@ DNSTAP_OBJ=@DNSTAP_OBJ@ @@ -14,7 +14,7 @@ Index: unboundfastrpz/Makefile.in DNSCRYPT_SRC=@DNSCRYPT_SRC@ DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ -@@ -126,7 +128,7 @@ +@@ -126,7 +128,7 @@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ @@ -23,7 +23,7 @@ Index: unboundfastrpz/Makefile.in COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ -@@ -139,7 +141,7 @@ +@@ -139,7 +141,7 @@ autotrust.lo val_anchor.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ @@ -32,7 +32,7 @@ Index: unboundfastrpz/Makefile.in COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo -@@ -405,6 +407,11 @@ +@@ -405,6 +407,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h @@ -44,11 +44,11 @@ Index: unboundfastrpz/Makefile.in # Python Module pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ -Index: unboundfastrpz/config.h.in -=================================================================== ---- unboundfastrpz/config.h.in (revision 5073) -+++ unboundfastrpz/config.h.in (working copy) -@@ -1293,4 +1293,11 @@ +diff --git a/config.h.in b/config.h.in +index 74c14d1..a18f4ff 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -1305,4 +1305,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, /** the version of unbound-control that this software implements */ #define UNBOUND_CONTROL_VERSION 1 @@ -61,11 +61,11 @@ Index: unboundfastrpz/config.h.in +#undef FASTRPZ_LIB_OPEN +/** turn on fastrpz response policy zones */ +#undef ENABLE_FASTRPZ -Index: unboundfastrpz/configure.ac -=================================================================== ---- unboundfastrpz/configure.ac (revision 5073) -+++ unboundfastrpz/configure.ac (working copy) -@@ -6,6 +6,7 @@ +diff --git a/configure.ac b/configure.ac +index abbecf0..6454274 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) sinclude(acx_python.m4) sinclude(ac_pkg_swig.m4) sinclude(dnstap/dnstap.m4) @@ -73,7 +73,7 @@ Index: unboundfastrpz/configure.ac sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing -@@ -1575,6 +1576,9 @@ +@@ -1586,6 +1587,9 @@ case "$enable_ipsecmod" in ;; esac @@ -83,10 +83,10 @@ Index: unboundfastrpz/configure.ac AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). -Index: unboundfastrpz/daemon/daemon.c -=================================================================== ---- unboundfastrpz/daemon/daemon.c (revision 5073) -+++ unboundfastrpz/daemon/daemon.c (working copy) +diff --git a/daemon/daemon.c b/daemon/daemon.c +index 7461a26..706f8f6 100644 +--- a/daemon/daemon.c ++++ b/daemon/daemon.c @@ -91,6 +91,9 @@ #include "sldns/keyraw.h" #include "respip/respip.h" @@ -97,36 +97,36 @@ Index: unboundfastrpz/daemon/daemon.c #ifdef HAVE_SYSTEMD #include <systemd/sd-daemon.h> -@@ -462,6 +465,14 @@ +@@ -460,6 +463,14 @@ daemon_create_workers(struct daemon* daemon) + dt_apply_cfg(daemon->dtenv, daemon->cfg); + #else fatal_exit("dnstap enabled in config but not built with dnstap support"); - #endif - } ++#endif ++ } + if(daemon->cfg->rpz_enable) { +#ifdef ENABLE_FASTRPZ + rpz_init(&daemon->rpz_clist, &daemon->rpz_client, daemon->cfg); +#else + fatal_exit("fastrpz enabled in config" + " but not built with fastrpz"); -+#endif -+ } + #endif + } for(i=0; i<daemon->num; i++) { - if(!(daemon->workers[i] = worker_create(daemon, i, - shufport+numport*i/daemon->num, -@@ -719,6 +730,9 @@ +@@ -718,6 +729,9 @@ daemon_cleanup(struct daemon* daemon) + #ifdef USE_DNSCRYPT dnsc_delete(daemon->dnscenv); daemon->dnscenv = NULL; - #endif ++#endif +#ifdef ENABLE_FASTRPZ + rpz_delete(&daemon->rpz_clist, &daemon->rpz_client); -+#endif + #endif daemon->cfg = NULL; } - -Index: unboundfastrpz/daemon/daemon.h -=================================================================== ---- unboundfastrpz/daemon/daemon.h (revision 5073) -+++ unboundfastrpz/daemon/daemon.h (working copy) -@@ -136,6 +136,11 @@ +diff --git a/daemon/daemon.h b/daemon/daemon.h +index 5749dbe..64ce230 100644 +--- a/daemon/daemon.h ++++ b/daemon/daemon.h +@@ -136,6 +136,11 @@ struct daemon { /** the dnscrypt environment */ struct dnsc_env* dnscenv; #endif @@ -138,10 +138,10 @@ Index: unboundfastrpz/daemon/daemon.h }; /** -Index: unboundfastrpz/daemon/worker.c -=================================================================== ---- unboundfastrpz/daemon/worker.c (revision 5073) -+++ unboundfastrpz/daemon/worker.c (working copy) +diff --git a/daemon/worker.c b/daemon/worker.c +index fc93817..e435226 100644 +--- a/daemon/worker.c ++++ b/daemon/worker.c @@ -75,6 +75,9 @@ #include "libunbound/context.h" #include "libunbound/libworker.h" @@ -152,7 +152,7 @@ Index: unboundfastrpz/daemon/worker.c #include "sldns/wire2str.h" #include "util/shm_side/shm_main.h" #include "dnscrypt/dnscrypt.h" -@@ -533,8 +536,27 @@ +@@ -533,8 +536,27 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, /* not secure */ secure = 0; break; @@ -180,7 +180,7 @@ Index: unboundfastrpz/daemon/worker.c /* return this delegation from the cache */ edns_bak = *edns; edns->edns_version = EDNS_ADVERTISED_VERSION; -@@ -702,6 +724,23 @@ +@@ -699,6 +721,23 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, secure = 0; } } else secure = 0; @@ -204,7 +204,7 @@ Index: unboundfastrpz/daemon/worker.c edns_bak = *edns; edns->edns_version = EDNS_ADVERTISED_VERSION; -@@ -1407,6 +1446,15 @@ +@@ -1409,6 +1448,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", &repinfo->addr, repinfo->addrlen); goto send_reply; @@ -220,7 +220,7 @@ Index: unboundfastrpz/daemon/worker.c } /* If we've found a local alias, replace the qname with the alias -@@ -1455,12 +1503,21 @@ +@@ -1457,12 +1505,21 @@ lookup_cache: h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { /* answer from cache - we have acquired a readlock on it */ @@ -244,7 +244,7 @@ Index: unboundfastrpz/daemon/worker.c /* prefetch it if the prefetch TTL expired. * Note that if there is more than one pass * its qname must be that used for cache -@@ -1514,11 +1571,19 @@ +@@ -1516,11 +1573,19 @@ lookup_cache: lock_rw_unlock(&e->lock); } if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { @@ -266,11 +266,11 @@ Index: unboundfastrpz/daemon/worker.c goto send_reply; } verbose(VERB_ALGO, "answer norec from cache -- " -Index: unboundfastrpz/doc/unbound.conf.5.in -=================================================================== ---- unboundfastrpz/doc/unbound.conf.5.in (revision 5073) -+++ unboundfastrpz/doc/unbound.conf.5.in (working copy) -@@ -1781,6 +1781,81 @@ +diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in +index c14ee27..0b71eaf 100644 +--- a/doc/unbound.conf.5.in ++++ b/doc/unbound.conf.5.in +@@ -1795,6 +1795,81 @@ List domain for which the AAAA records are ignored and the A record is used by dns64 processing instead. Can be entered multiple times, list a new domain for which it applies, one per line. Applies also to names underneath the name given. @@ -352,10 +352,11 @@ Index: unboundfastrpz/doc/unbound.conf.5.in .SS "DNSCrypt Options" .LP The -Index: unboundfastrpz/fastrpz/librpz.h -=================================================================== ---- unboundfastrpz/fastrpz/librpz.h (nonexistent) -+++ unboundfastrpz/fastrpz/librpz.h (working copy) +diff --git a/fastrpz/librpz.h b/fastrpz/librpz.h +new file mode 100644 +index 0000000..645279d +--- /dev/null ++++ b/fastrpz/librpz.h @@ -0,0 +1,957 @@ +/* + * Define the interface from a DNS resolver to the Response Policy Zone @@ -1314,10 +1315,11 @@ Index: unboundfastrpz/fastrpz/librpz.h +#endif /* LIBRPZ_LIB_OPEN */ + +#endif /* LIBRPZ_H */ -Index: unboundfastrpz/fastrpz/rpz.c -=================================================================== ---- unboundfastrpz/fastrpz/rpz.c (nonexistent) -+++ unboundfastrpz/fastrpz/rpz.c (working copy) +diff --git a/fastrpz/rpz.c b/fastrpz/rpz.c +new file mode 100644 +index 0000000..c5ab780 +--- /dev/null ++++ b/fastrpz/rpz.c @@ -0,0 +1,1352 @@ +/* + * fastrpz/rpz.c - interface to the fastrpz response policy zone library @@ -2671,10 +2673,11 @@ Index: unboundfastrpz/fastrpz/rpz.c +} + +#endif /* ENABLE_FASTRPZ */ -Index: unboundfastrpz/fastrpz/rpz.h -=================================================================== ---- unboundfastrpz/fastrpz/rpz.h (nonexistent) -+++ unboundfastrpz/fastrpz/rpz.h (working copy) +diff --git a/fastrpz/rpz.h b/fastrpz/rpz.h +new file mode 100644 +index 0000000..5d7e31c +--- /dev/null ++++ b/fastrpz/rpz.h @@ -0,0 +1,138 @@ +/* + * fastrpz/rpz.h - interface to the fastrpz response policy zone library @@ -2814,10 +2817,11 @@ Index: unboundfastrpz/fastrpz/rpz.h + +#endif /* ENABLE_FASTRPZ */ +#endif /* UNBOUND_FASTRPZ_RPZ_H */ -Index: unboundfastrpz/fastrpz/rpz.m4 -=================================================================== ---- unboundfastrpz/fastrpz/rpz.m4 (nonexistent) -+++ unboundfastrpz/fastrpz/rpz.m4 (working copy) +diff --git a/fastrpz/rpz.m4 b/fastrpz/rpz.m4 +new file mode 100644 +index 0000000..2123535 +--- /dev/null ++++ b/fastrpz/rpz.m4 @@ -0,0 +1,64 @@ +# fastrpz/rpz.m4 + @@ -2883,10 +2887,10 @@ Index: unboundfastrpz/fastrpz/rpz.m4 + AC_MSG_WARN([[dlopen and librpz.so needed for fastrpz]]) + fi +]) -Index: unboundfastrpz/iterator/iterator.c -=================================================================== ---- unboundfastrpz/iterator/iterator.c (revision 5073) -+++ unboundfastrpz/iterator/iterator.c (working copy) +diff --git a/iterator/iterator.c b/iterator/iterator.c +index c906c27..55bf218 100644 +--- a/iterator/iterator.c ++++ b/iterator/iterator.c @@ -68,6 +68,9 @@ #include "sldns/str2wire.h" #include "sldns/parseutil.h" @@ -2897,7 +2901,7 @@ Index: unboundfastrpz/iterator/iterator.c /* in msec */ int UNKNOWN_SERVER_NICENESS = 376; -@@ -551,6 +554,23 @@ +@@ -551,6 +554,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && query_dname_compare(*mname, r->rk.dname) == 0 && !iter_find_rrset_in_prepend_answer(iq, r)) { @@ -2921,7 +2925,7 @@ Index: unboundfastrpz/iterator/iterator.c /* Add this relevant CNAME rrset to the prepend list.*/ if(!iter_add_prepend_answer(qstate, iq, r)) return 0; -@@ -559,6 +579,9 @@ +@@ -559,6 +579,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, /* Other rrsets in the section are ignored. */ } @@ -2931,7 +2935,7 @@ Index: unboundfastrpz/iterator/iterator.c /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets + msg->rep->ns_numrrsets; i++) { -@@ -1195,6 +1218,7 @@ +@@ -1195,6 +1218,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, uint8_t* delname; size_t delnamelen; struct dns_msg* msg = NULL; @@ -2939,7 +2943,7 @@ Index: unboundfastrpz/iterator/iterator.c log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); /* check effort */ -@@ -1281,8 +1305,7 @@ +@@ -1281,8 +1305,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, } if(msg) { /* handle positive cache response */ @@ -2949,7 +2953,7 @@ Index: unboundfastrpz/iterator/iterator.c if(verbosity >= VERB_ALGO) { log_dns_msg("msg from cache lookup", &msg->qinfo, msg->rep); -@@ -1290,7 +1313,22 @@ +@@ -1290,7 +1313,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, (int)msg->rep->ttl, (int)msg->rep->prefetch_ttl); } @@ -2972,7 +2976,7 @@ Index: unboundfastrpz/iterator/iterator.c if(type == RESPONSE_TYPE_CNAME) { uint8_t* sname = 0; size_t slen = 0; -@@ -2694,6 +2732,62 @@ +@@ -2714,6 +2752,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, sock_list_insert(&qstate->reply_origin, &qstate->reply->addr, qstate->reply->addrlen, qstate->region); @@ -3035,7 +3039,7 @@ Index: unboundfastrpz/iterator/iterator.c if(iq->minimisation_state != DONOT_MINIMISE_STATE && !(iq->chase_flags & BIT_RD)) { if(FLAGS_GET_RCODE(iq->response->rep->flags) != -@@ -3440,6 +3534,10 @@ +@@ -3467,12 +3561,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, * but only if we did recursion. The nonrecursion referral * from cache does not need to be stored in the msg cache. */ if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { @@ -3046,7 +3050,6 @@ Index: unboundfastrpz/iterator/iterator.c iter_dns_store(qstate->env, &qstate->qinfo, iq->response->rep, 0, qstate->prefetch_leeway, iq->dp&&iq->dp->has_parent_side_NS, -@@ -3446,6 +3544,34 @@ qstate->region, qstate->query_flags); } } @@ -3081,11 +3084,11 @@ Index: unboundfastrpz/iterator/iterator.c qstate->return_rcode = LDNS_RCODE_NOERROR; qstate->return_msg = iq->response; return 0; -Index: unboundfastrpz/iterator/iterator.h -=================================================================== ---- unboundfastrpz/iterator/iterator.h (revision 5073) -+++ unboundfastrpz/iterator/iterator.h (working copy) -@@ -386,6 +386,16 @@ +diff --git a/iterator/iterator.h b/iterator/iterator.h +index a2f1b57..e1e4a73 100644 +--- a/iterator/iterator.h ++++ b/iterator/iterator.h +@@ -386,6 +386,16 @@ struct iter_qstate { */ int minimise_count; @@ -3102,11 +3105,11 @@ Index: unboundfastrpz/iterator/iterator.h /** * Count number of time-outs. Used to prevent resolving failures when * the QNAME minimisation QTYPE is blocked. */ -Index: unboundfastrpz/services/cache/dns.c -=================================================================== ---- unboundfastrpz/services/cache/dns.c (revision 5073) -+++ unboundfastrpz/services/cache/dns.c (working copy) -@@ -939,6 +939,14 @@ +diff --git a/services/cache/dns.c b/services/cache/dns.c +index aa4efec..5dd3412 100644 +--- a/services/cache/dns.c ++++ b/services/cache/dns.c +@@ -945,6 +945,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, struct regional* region, uint32_t flags) { struct reply_info* rep = NULL; @@ -3121,10 +3124,10 @@ Index: unboundfastrpz/services/cache/dns.c /* alloc, malloc properly (not in region, like msg is) */ rep = reply_info_copy(msgrep, env->alloc, NULL); if(!rep) -Index: unboundfastrpz/services/mesh.c -=================================================================== ---- unboundfastrpz/services/mesh.c (revision 5073) -+++ unboundfastrpz/services/mesh.c (working copy) +diff --git a/services/mesh.c b/services/mesh.c +index d96289e..2e9f267 100644 +--- a/services/mesh.c ++++ b/services/mesh.c @@ -60,6 +60,9 @@ #include "sldns/wire2str.h" #include "services/localzone.h" @@ -3135,7 +3138,7 @@ Index: unboundfastrpz/services/mesh.c #include "respip/respip.h" #include "services/listen_dnsport.h" -@@ -1072,6 +1075,13 @@ +@@ -1072,6 +1075,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, else secure = 0; if(!rep && rcode == LDNS_RCODE_NOERROR) rcode = LDNS_RCODE_SERVFAIL; @@ -3149,7 +3152,7 @@ Index: unboundfastrpz/services/mesh.c /* send the reply */ /* We don't reuse the encoded answer if either the previous or current * response has a local alias. We could compare the alias records -@@ -1247,6 +1257,7 @@ +@@ -1247,6 +1257,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, key.s.is_valrec = valrec; key.s.qinfo = *qinfo; key.s.query_flags = qflags; @@ -3157,7 +3160,7 @@ Index: unboundfastrpz/services/mesh.c /* We are searching for a similar mesh state when we DO want to * aggregate the state. Thus unique is set to NULL. (default when we * desire aggregation).*/ -@@ -1293,6 +1304,10 @@ +@@ -1293,6 +1304,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, if(!r) return 0; r->query_reply = *rep; @@ -3168,11 +3171,11 @@ Index: unboundfastrpz/services/mesh.c r->edns = *edns; if(edns->opt_list) { r->edns.opt_list = edns_opt_copy_region(edns->opt_list, -Index: unboundfastrpz/util/config_file.c -=================================================================== ---- unboundfastrpz/util/config_file.c (revision 5073) -+++ unboundfastrpz/util/config_file.c (working copy) -@@ -1418,6 +1418,8 @@ +diff --git a/util/config_file.c b/util/config_file.c +index 9b60254..d791f8f 100644 +--- a/util/config_file.c ++++ b/util/config_file.c +@@ -1418,6 +1418,8 @@ config_delete(struct config_file* cfg) free(cfg->dnstap_socket_path); free(cfg->dnstap_identity); free(cfg->dnstap_version); @@ -3181,11 +3184,11 @@ Index: unboundfastrpz/util/config_file.c config_deldblstrlist(cfg->ratelimit_for_domain); config_deldblstrlist(cfg->ratelimit_below_domain); #ifdef USE_IPSECMOD -Index: unboundfastrpz/util/config_file.h -=================================================================== ---- unboundfastrpz/util/config_file.h (revision 5073) -+++ unboundfastrpz/util/config_file.h (working copy) -@@ -490,6 +490,11 @@ +diff --git a/util/config_file.h b/util/config_file.h +index 3cffdbf..e0fa1c8 100644 +--- a/util/config_file.h ++++ b/util/config_file.h +@@ -490,6 +490,11 @@ struct config_file { /** true to disable DNSSEC lameness check in iterator */ int disable_dnssec_lame_check; @@ -3197,11 +3200,11 @@ Index: unboundfastrpz/util/config_file.h /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ int ip_ratelimit; /** number of slabs for ip_ratelimit cache */ -Index: unboundfastrpz/util/configlexer.lex -=================================================================== ---- unboundfastrpz/util/configlexer.lex (revision 5073) -+++ unboundfastrpz/util/configlexer.lex (working copy) -@@ -439,6 +439,10 @@ +diff --git a/util/configlexer.lex b/util/configlexer.lex +index 16b5bc5..038045d 100644 +--- a/util/configlexer.lex ++++ b/util/configlexer.lex +@@ -439,6 +439,10 @@ dnstap-log-forwarder-query-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } @@ -3212,11 +3215,11 @@ Index: unboundfastrpz/util/configlexer.lex disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } -Index: unboundfastrpz/util/configparser.y -=================================================================== ---- unboundfastrpz/util/configparser.y (revision 5073) -+++ unboundfastrpz/util/configparser.y (working copy) -@@ -125,6 +125,7 @@ +diff --git a/util/configparser.y b/util/configparser.y +index c7b9169..bef15b5 100644 +--- a/util/configparser.y ++++ b/util/configparser.y +@@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES @@ -3224,7 +3227,7 @@ Index: unboundfastrpz/util/configparser.y %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT %token VAR_DISABLE_DNSSEC_LAME_CHECK -@@ -170,7 +171,7 @@ +@@ -170,7 +171,7 @@ extern struct config_parser_state* cfg_parser; %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -3233,7 +3236,7 @@ Index: unboundfastrpz/util/configparser.y forwardstart contents_forward | pythonstart contents_py | rcstart contents_rc | dtstart contents_dt | viewstart contents_view | dnscstart contents_dnsc | cachedbstart contents_cachedb | -@@ -2708,6 +2709,50 @@ +@@ -2710,6 +2711,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES free($2); } ; @@ -3284,11 +3287,11 @@ Index: unboundfastrpz/util/configparser.y pythonstart: VAR_PYTHON { OUTYY(("\nP(python:)\n")); -Index: unboundfastrpz/util/data/msgencode.c -=================================================================== ---- unboundfastrpz/util/data/msgencode.c (revision 5073) -+++ unboundfastrpz/util/data/msgencode.c (working copy) -@@ -590,6 +590,35 @@ +diff --git a/util/data/msgencode.c b/util/data/msgencode.c +index 4c0a555..e51e9b8 100644 +--- a/util/data/msgencode.c ++++ b/util/data/msgencode.c +@@ -590,6 +590,35 @@ insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, return RETVAL_OK; } *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906301501.x5UF1BQ5040753>