Projects
Factory:RISC-V:Base
unbound
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 4
View file
_service:tar_scm:unbound.spec
Changed
@@ -1,7 +1,7 @@ %{!?delete_la: %global delete_la find $RPM_BUILD_ROOT -type f -name "*.la" -delete} Name: unbound -Version: 1.17.0 +Version: 1.17.1 Release: 1 Summary: Unbound is a validating, recursive, caching DNS resolver License: BSD-3-Clause @@ -84,13 +84,13 @@ --enable-relro-now --enable-pie \\\ --enable-subnet --enable-ipsecmod \\\ --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \\\ - --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \\\ + --with-pidfile=%{_rundir}/%{name}/%{name}.pid \\\ --enable-sha2 --disable-gost --enable-ecdsa \\\ --with-rootkey-file=%{_sharedstatedir}/unbound/root.key \\\ --enable-linux-ip-local-port-range pushd %{name}-%{version} -%configure --with-pythonmodule --with-pyunbound PYTHON=%{__python3} \%{configure_args} +%configure --with-pythonmodule --with-pyunbound PYTHON=%{__python3} --disable-sha1 %{configure_args} %make_build %make_build streamtcp popd @@ -124,7 +124,7 @@ %delete_la -install -d $RPM_BUILD_ROOT%{_localstatedir}/run/unbound +install -d $RPM_BUILD_ROOT%{_rundir}/unbound install -d $RPM_BUILD_ROOT%{_sysconfdir}/unbound/{keys.d,conf.d,local.d} install -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/unbound/keys.d/ @@ -181,6 +181,7 @@ %defattr(-,root,root) %doc doc/CREDITS doc/FEATURES doc/README doc/LICENSE %attr(0644,root,root) %{_tmpfilesdir}/unbound.conf +%attr(0755,unbound,unbound) %dir %{_rundir}/%{name} %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/keys.d @@ -233,6 +234,18 @@ %{_mandir}/man* %changelog +* Tue Mar 07 2023 gaihuiying <eaglegai@163.com> - 1.17.1-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update to 1.17.1 + +* Fri Mar 03 2023 gaihuiying <eaglegai@163.com> - 1.17.0-2 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:change run directory from /var/run to /run to fix "/usr/lib/tmpfiles.d/unbound.conf:1: xxxx" + * Tue Nov 08 2022 gaihuiying <eaglegai@163.com> - 1.17.0-1 - Type:requirement - CVE:NA
View file
_service:tar_scm:tmpfiles-unbound.conf
Changed
@@ -1,1 +1,1 @@ -D /var/run/unbound 0755 unbound unbound - +D /run/unbound 0755 unbound unbound -
View file
_service:tar_scm:unbound-1.17.0.tar.gz/testdata/serve_expired_servfail.rpl
Deleted
@@ -1,119 +0,0 @@ -; config options -server: - module-config: "validator iterator" - qname-minimisation: "no" - minimal-responses: no - serve-expired: yes - serve-expired-client-timeout: 1800 - serve-expired-reply-ttl: 123 - log-servfail: yes - ede: yes - ede-serve-expired: yes - - -stub-zone: - name: "example.com" - stub-addr: 1.2.3.4 -CONFIG_END - -SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply -; Scenario overview: -; - query for example.com. IN A -; - check that we get an answer for example.com. IN A with the correct TTL -; - query again right after the TTL expired -; - answer from upstream is servfail -; - check that we get the expired cached answer instead - -; ns.example.com. -RANGE_BEGIN 0 20 - ADDRESS 1.2.3.4 - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN NS - SECTION ANSWER - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END - - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR NOERROR - SECTION QUESTION - example.com. IN A - SECTION ANSWER - example.com. 10 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 - ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 30 100 - ADDRESS 1.2.3.4 - ; response to A query - ENTRY_BEGIN - MATCH opcode qtype qname - ADJUST copy_id - REPLY QR AA SERVFAIL - SECTION QUESTION - example.com. IN A - ENTRY_END -RANGE_END - -; Query with RD flag -STEP 1 QUERY -ENTRY_BEGIN - REPLY RD - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Check that we got the correct answer (should be cached) -STEP 10 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ttl - REPLY QR RD RA NOERROR - SECTION QUESTION - example.com. IN A - SECTION ANSWER - example.com. 10 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. IN A 1.2.3.4 -ENTRY_END - -; Wait for the TTL to expire -STEP 11 TIME_PASSES ELAPSE 3601 - -; Query again -STEP 30 QUERY -ENTRY_BEGIN - REPLY RD DO - SECTION QUESTION - example.com. IN A -ENTRY_END - -; Check that we got a stale answer -STEP 40 CHECK_ANSWER -ENTRY_BEGIN - MATCH all ttl ede=3 - REPLY QR RD RA DO NOERROR - SECTION QUESTION - example.com. IN A - SECTION ANSWER - example.com. 123 IN A 5.6.7.8 - SECTION AUTHORITY - example.com. 123 IN NS ns.example.com. - SECTION ADDITIONAL - ns.example.com. 123 IN A 1.2.3.4 -ENTRY_END - -SCENARIO_END
View file
_service:tar_scm:unbound-1.17.0.tar.gz/Makefile.in -> _service:tar_scm:unbound-1.17.1.tar.gz/Makefile.in
Changed
@@ -616,7 +616,7 @@ $(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5 $(INSTALL) -c -m 644 doc/unbound-host.1 $(DESTDIR)$(mandir)/man1 $(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup - if test ! -e $(DESTDIR)$(configfile); then $(INSTALL) -d `dirname $(DESTDIR)$(configfile)`; $(INSTALL) -c -m 644 doc/example.conf $(DESTDIR)$(configfile); fi + if test ! -e "$(DESTDIR)$(configfile)"; then $(INSTALL) -d `dirname "$(DESTDIR)$(configfile)"`; $(INSTALL) -c -m 644 doc/example.conf "$(DESTDIR)$(configfile)"; fi pythonmod-uninstall: rm -f -- $(DESTDIR)$(PYTHON_SITE_PKG)/unboundmodule.py @@ -645,7 +645,7 @@ rm -f -- $(DESTDIR)$(includedir)/unbound.h $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la @echo - @echo "You still need to remove "`dirname $(DESTDIR)$(configfile)`" , $(DESTDIR)$(configfile) by hand" + @echo "You still need to remove "`dirname "$(DESTDIR)$(configfile)"`" , $(DESTDIR)$(configfile) by hand" iana_update: curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed
View file
_service:tar_scm:unbound-1.17.0.tar.gz/README.md -> _service:tar_scm:unbound-1.17.1.tar.gz/README.md
Changed
@@ -4,6 +4,7 @@ !Packaging status(https://repology.org/badge/tiny-repos/unbound.svg)(https://repology.org/project/unbound/versions) !Fuzzing Status(https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)(https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound) !Documentation Status(https://readthedocs.org/projects/unbound/badge/?version=latest)(https://unbound.readthedocs.io/en/latest/?badge=latest) +!Mastodon Follow(https://img.shields.io/mastodon/follow/109262826617293067?domain=https%3A%2F%2Ffosstodon.org&style=social)(https://fosstodon.org/@nlnetlabs) Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. If you
View file
_service:tar_scm:unbound-1.17.0.tar.gz/cachedb/cachedb.c -> _service:tar_scm:unbound-1.17.1.tar.gz/cachedb/cachedb.c
Changed
@@ -390,6 +390,15 @@ if(!qstate->return_msg || !qstate->return_msg->rep) return 0; + /* do not store failures like SERVFAIL in the cachedb, this avoids + * overwriting expired, valid, content with broken content. */ + if(FLAGS_GET_RCODE(qstate->return_msg->rep->flags) != + LDNS_RCODE_NOERROR && + FLAGS_GET_RCODE(qstate->return_msg->rep->flags) != + LDNS_RCODE_NXDOMAIN && + FLAGS_GET_RCODE(qstate->return_msg->rep->flags) != + LDNS_RCODE_YXDOMAIN) + return 0; /* We don't store the reply if its TTL is 0 unless serve-expired is * enabled. Such a reply won't be reusable and simply be a waste for * the backend. It's also compatible with the default behavior of @@ -542,10 +551,16 @@ verbose(VERB_ALGO, "cachedb msg expired"); /* If serve-expired is enabled, we still use an expired message * setting the TTL to 0. */ - if(qstate->env->cfg->serve_expired) - adjust = -1; - else + if(!qstate->env->cfg->serve_expired || + (FLAGS_GET_RCODE(qstate->return_msg->rep->flags) + != LDNS_RCODE_NOERROR && + FLAGS_GET_RCODE(qstate->return_msg->rep->flags) + != LDNS_RCODE_NXDOMAIN && + FLAGS_GET_RCODE(qstate->return_msg->rep->flags) + != LDNS_RCODE_YXDOMAIN)) return 0; /* message expired */ + else + adjust = -1; } verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust); adjust_msg_ttl(qstate->return_msg, adjust);
View file
_service:tar_scm:unbound-1.17.0.tar.gz/configure -> _service:tar_scm:unbound-1.17.1.tar.gz/configure
Changed
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.17.0. +# Generated by GNU Autoconf 2.69 for unbound 1.17.1. # # Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>. # @@ -591,8 +591,8 @@ # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.17.0' -PACKAGE_STRING='unbound 1.17.0' +PACKAGE_VERSION='1.17.1' +PACKAGE_STRING='unbound 1.17.1' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -1477,7 +1477,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.17.0 to adapt to many kinds of systems. +\`configure' configures unbound 1.17.1 to adapt to many kinds of systems. Usage: $0 OPTION... VAR=VALUE... @@ -1543,7 +1543,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.17.0:";; + short | recursive ) echo "Configuration of unbound 1.17.1:";; esac cat <<\_ACEOF @@ -1785,7 +1785,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.17.0 +unbound configure 1.17.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2494,7 +2494,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.17.0, which was +It was created by unbound $as_me 1.17.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2846,11 +2846,11 @@ UNBOUND_VERSION_MINOR=17 -UNBOUND_VERSION_MICRO=0 +UNBOUND_VERSION_MICRO=1 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=20 +LIBUNBOUND_REVISION=21 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2938,6 +2938,7 @@ # 1.16.2 had 9:18:1 # 1.16.3 had 9:19:1 # 1.17.0 had 9:20:1 +# 1.17.1 had 9:21:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -22085,7 +22086,7 @@ -version=1.17.0 +version=1.17.1 date=`date +'%b %e, %Y'` @@ -22604,7 +22605,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.17.0, which was +This file was extended by unbound $as_me 1.17.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22670,7 +22671,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/\\""\`\$/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.17.0 +unbound config.status 1.17.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\"
View file
_service:tar_scm:unbound-1.17.0.tar.gz/configure.ac -> _service:tar_scm:unbound-1.17.1.tar.gz/configure.ac
Changed
@@ -11,14 +11,14 @@ # must be numbers. ac_defun because of later processing m4_define(VERSION_MAJOR,1) m4_define(VERSION_MINOR,17) -m4_define(VERSION_MICRO,0) +m4_define(VERSION_MICRO,1) AC_INIT(unbound,m4_defn(VERSION_MAJOR).m4_defn(VERSION_MINOR).m4_defn(VERSION_MICRO),unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues,unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, VERSION_MAJOR) AC_SUBST(UNBOUND_VERSION_MINOR, VERSION_MINOR) AC_SUBST(UNBOUND_VERSION_MICRO, VERSION_MICRO) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=20 +LIBUNBOUND_REVISION=21 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -106,6 +106,7 @@ # 1.16.2 had 9:18:1 # 1.16.3 had 9:19:1 # 1.17.0 had 9:20:1 +# 1.17.1 had 9:21:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary
View file
_service:tar_scm:unbound-1.17.0.tar.gz/contrib/unbound.service.in -> _service:tar_scm:unbound-1.17.1.tar.gz/contrib/unbound.service.in
Changed
@@ -42,9 +42,8 @@ Unit Description=Validating, recursive, and caching DNS resolver Documentation=man:unbound(8) -After=network-online.target -Before=nss-lookup.target -Wants=network-online.target nss-lookup.target +After=network.target +Before=network-online.target nss-lookup.target Install WantedBy=multi-user.target
View file
_service:tar_scm:unbound-1.17.0.tar.gz/daemon/cachedump.c -> _service:tar_scm:unbound-1.17.1.tar.gz/daemon/cachedump.c
Changed
@@ -387,7 +387,7 @@ struct rrset_ref ref; uint8_t* p; - ak = alloc_special_obtain(&worker->alloc); + ak = alloc_special_obtain(worker->alloc); if(!ak) { log_warn("error out of memory"); return 0; @@ -398,7 +398,7 @@ ak->rk.dname = (uint8_t*)memdup(k->rk.dname, k->rk.dname_len); if(!ak->rk.dname) { log_warn("error out of memory"); - ub_packed_rrset_parsedelete(ak, &worker->alloc); + ub_packed_rrset_parsedelete(ak, worker->alloc); return 0; } s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) + @@ -408,7 +408,7 @@ ad = (struct packed_rrset_data*)malloc(s); if(!ad) { log_warn("error out of memory"); - ub_packed_rrset_parsedelete(ak, &worker->alloc); + ub_packed_rrset_parsedelete(ak, worker->alloc); return 0; } p = (uint8_t*)ad; @@ -431,7 +431,8 @@ ref.key = ak; ref.id = ak->id; (void)rrset_cache_update(worker->env.rrset_cache, &ref, - &worker->alloc, *worker->env.now); + worker->alloc, *worker->env.now); + return 1; }
View file
_service:tar_scm:unbound-1.17.0.tar.gz/daemon/daemon.c -> _service:tar_scm:unbound-1.17.1.tar.gz/daemon/daemon.c
Changed
@@ -489,6 +489,27 @@ } /** + * Clear and delete per-worker alloc caches, and free memory maintained in + * superalloc. + * The rrset and message caches must be empty at the time of call. + * @param daemon: the daemon that maintains the alloc caches to be cleared. + */ +static void +daemon_clear_allocs(struct daemon* daemon) +{ + int i; + + for(i=0; i<daemon->num; i++) { + alloc_clear(daemon->worker_allocsi); + free(daemon->worker_allocsi); + } + free(daemon->worker_allocs); + daemon->worker_allocs = NULL; + + alloc_clear_special(&daemon->superalloc); +} + +/** * Allocate empty worker structures. With backptr and thread-number, * from 0..numthread initialised. Used as user arguments to new threads. * Creates the daemon random generator if it does not exist yet. @@ -540,6 +561,21 @@ /* the above is not ports/numthr, due to rounding */ fatal_exit("could not create worker"); } + /* create per-worker alloc caches if not reusing existing ones. */ + if(!daemon->worker_allocs) { + daemon->worker_allocs = (struct alloc_cache**)calloc( + (size_t)daemon->num, sizeof(struct alloc_cache*)); + if(!daemon->worker_allocs) + fatal_exit("could not allocate worker allocs"); + for(i=0; i<daemon->num; i++) { + struct alloc_cache* alloc = calloc(1, + sizeof(struct alloc_cache)); + if (!alloc) + fatal_exit("could not allocate worker alloc"); + alloc_init(alloc, &daemon->superalloc, i); + daemon->worker_allocsi = alloc; + } + } free(shufport); } @@ -771,6 +807,7 @@ /* Shutdown SHM */ shm_main_shutdown(daemon); + daemon->reuse_cache = daemon->workers0->reuse_cache; daemon->need_to_exit = daemon->workers0->need_to_exit; } @@ -785,9 +822,16 @@ log_thread_set(NULL); /* clean up caches because * a) RRset IDs will be recycled after a reload, causing collisions - * b) validation config can change, thus rrset, msg, keycache clear */ - slabhash_clear(&daemon->env->rrset_cache->table); - slabhash_clear(daemon->env->msg_cache); + * b) validation config can change, thus rrset, msg, keycache clear + * + * If we are trying to keep the cache as long as possible, we should + * defer the cleanup until we know whether the new configuration allows + * the reuse. (If we're exiting, cleanup should be done here). */ + if(!daemon->reuse_cache || daemon->need_to_exit) { + slabhash_clear(&daemon->env->rrset_cache->table); + slabhash_clear(daemon->env->msg_cache); + } + daemon->old_num = daemon->num; /* save the current num */ local_zones_delete(daemon->local_zones); daemon->local_zones = NULL; respip_set_delete(daemon->respip_set); @@ -802,8 +846,13 @@ worker_delete(daemon->workersi); free(daemon->workers); daemon->workers = NULL; + /* Unless we're trying to keep the cache, worker alloc_caches should be + * cleared and freed here. We do this after deleting workers to + * guarantee that the alloc caches are valid throughout the lifetime + * of workers. */ + if(!daemon->reuse_cache || daemon->need_to_exit) + daemon_clear_allocs(daemon); daemon->num = 0; - alloc_clear_special(&daemon->superalloc); #ifdef USE_DNSTAP dt_delete(daemon->dtenv); daemon->dtenv = NULL; @@ -900,8 +949,42 @@ void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg) { + int new_num = cfg->num_threads?cfg->num_threads:1; + daemon->cfg = cfg; config_apply(cfg); + + /* If this is a reload and we deferred the decision on whether to + * reuse the alloc, RRset, and message caches, then check to see if + * it's safe to keep the caches: + * - changing the number of threads is obviously incompatible with + * keeping the per-thread alloc caches. It also means we have to + * clear RRset and message caches. (note that 'new_num' may be + * adjusted in daemon_create_workers, but for our purpose we can + * simply compare it with 'old_num'; if they are equal here, + * 'new_num' won't be adjusted to a different value than 'old_num'). + * - changing RRset cache size effectively clears any remaining cache + * entries. We could keep their keys in alloc caches, but it would + * be more consistent with the sense of the change to clear allocs + * and free memory. To do so we also have to clear message cache. + * - only changing message cache size does not necessarily affect + * RRset or alloc cache. But almost all new subsequent queries will + * require recursive resolution anyway, so it doesn't help much to + * just keep RRset and alloc caches. For simplicity we clear/free + * the other two, too. */ + if(daemon->worker_allocs && + (new_num != daemon->old_num || + !slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size, + cfg->msg_cache_slabs) || + !slabhash_is_size(&daemon->env->rrset_cache->table, + cfg->rrset_cache_size, cfg->rrset_cache_slabs))) + { + log_warn("cannot reuse caches due to critical config change"); + slabhash_clear(&daemon->env->rrset_cache->table); + slabhash_clear(daemon->env->msg_cache); + daemon_clear_allocs(daemon); + } + if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size, cfg->msg_cache_slabs)) { slabhash_delete(daemon->env->msg_cache);
View file
_service:tar_scm:unbound-1.17.0.tar.gz/daemon/daemon.h -> _service:tar_scm:unbound-1.17.1.tar.gz/daemon/daemon.h
Changed
@@ -99,8 +99,12 @@ void* listen_sslctx, *connect_sslctx; /** num threads allocated */ int num; + /** num threads allocated in the previous config or 0 at first */ + int old_num; /** the worker entries */ struct worker** workers; + /** per-worker allocation cache */ + struct alloc_cache **worker_allocs; /** do we need to exit unbound (or is it only a reload?) */ int need_to_exit; /** master random table ; used for port div between threads on reload*/ @@ -140,6 +144,8 @@ /** the dnscrypt environment */ struct dnsc_env* dnscenv; #endif + /** reuse existing cache on reload if other conditions allow it. */ + int reuse_cache; }; /**
View file
_service:tar_scm:unbound-1.17.0.tar.gz/daemon/remote.c -> _service:tar_scm:unbound-1.17.1.tar.gz/daemon/remote.c
Changed
@@ -105,8 +105,6 @@ /** what to put on statistics lines between var and value, ": " or "=" */ #define SQ "=" -/** if true, inhibits a lot of =0 lines from the stats output */ -static const int inhibit_zero = 1; /** subtract timers and the values do not overflow or become negative */ static void @@ -684,8 +682,9 @@ /** do the reload command */ static void -do_reload(RES* ssl, struct worker* worker) +do_reload(RES* ssl, struct worker* worker, int reuse_cache) { + worker->reuse_cache = reuse_cache; worker->need_to_exit = 0; comm_base_exit(worker->base); send_ok(ssl); @@ -920,7 +919,7 @@ /** print extended stats */ static int -print_ext(RES* ssl, struct ub_stats_info* s) +print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero) { int i; char nm32; @@ -1129,7 +1128,7 @@ return; if(!print_hist(ssl, &total)) return; - if(!print_ext(ssl, &total)) + if(!print_ext(ssl, &total, daemon->cfg->stat_inhibit_zero)) return; } } @@ -1963,6 +1962,8 @@ do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN); do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN); do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SVCB, LDNS_RR_CLASS_IN); + do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_HTTPS, LDNS_RR_CLASS_IN); free(nm); send_ok(ssl); @@ -3029,8 +3030,11 @@ if(cmdcmp(p, "stop", 4)) { do_stop(ssl, worker); return; + } else if(cmdcmp(p, "reload_keep_cache", 17)) { + do_reload(ssl, worker, 1); + return; } else if(cmdcmp(p, "reload", 6)) { - do_reload(ssl, worker); + do_reload(ssl, worker, 0); return; } else if(cmdcmp(p, "stats_noreset", 13)) { do_stats(ssl, worker, 0);
View file
_service:tar_scm:unbound-1.17.0.tar.gz/daemon/worker.c -> _service:tar_scm:unbound-1.17.1.tar.gz/daemon/worker.c
Changed
@@ -133,7 +133,7 @@ rrset = slabhash_get_mem(&worker->env.rrset_cache->table); infra = infra_get_mem(worker->env.infra_cache); mesh = mesh_get_mem(worker->env.mesh); - ac = alloc_get_mem(&worker->alloc); + ac = alloc_get_mem(worker->alloc); superac = alloc_get_mem(&worker->daemon->superalloc); anch = anchors_get_mem(worker->env.anchors); iter = 0; @@ -623,6 +623,14 @@ if(worker->env.cfg->serve_expired_ttl && rep->serve_expired_ttl < timenow) return 0; + /* Ignore expired failure answers */ + if(FLAGS_GET_RCODE(rep->flags) != + LDNS_RCODE_NOERROR && + FLAGS_GET_RCODE(rep->flags) != + LDNS_RCODE_NXDOMAIN && + FLAGS_GET_RCODE(rep->flags) != + LDNS_RCODE_YXDOMAIN) + return 0; if(!rrset_array_lock(rep->ref, rep->rrset_count, 0)) return 0; *is_expired_answer = 1; @@ -730,8 +738,6 @@ goto bail_out; } } else { - /* We don't check the global ede as this is a warning, not - * an error */ if (*is_expired_answer == 1 && worker->env.cfg->ede_serve_expired && worker->env.cfg->ede) { EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out, @@ -2059,15 +2065,14 @@ } server_stats_init(&worker->stats, cfg); - alloc_init(&worker->alloc, &worker->daemon->superalloc, - worker->thread_num); - alloc_set_id_cleanup(&worker->alloc, &worker_alloc_cleanup, worker); + worker->alloc = worker->daemon->worker_allocsworker->thread_num; + alloc_set_id_cleanup(worker->alloc, &worker_alloc_cleanup, worker); worker->env = *worker->daemon->env; comm_base_timept(worker->base, &worker->env.now, &worker->env.now_tv); worker->env.worker = worker; worker->env.worker_base = worker->base; worker->env.send_query = &worker_send_query; - worker->env.alloc = &worker->alloc; + worker->env.alloc = worker->alloc; worker->env.outnet = worker->back; worker->env.rnd = worker->rndstate; /* If case prefetch is triggered, the corresponding mesh will clear @@ -2211,7 +2216,7 @@ #endif /* USE_DNSTAP */ comm_base_delete(worker->base); ub_randfree(worker->rndstate); - alloc_clear(&worker->alloc); + /* don't touch worker->alloc, as it's maintained in daemon */ regional_destroy(worker->env.scratch); regional_destroy(worker->scratchpad); free(worker);
View file
_service:tar_scm:unbound-1.17.0.tar.gz/daemon/worker.h -> _service:tar_scm:unbound-1.17.1.tar.gz/daemon/worker.h
Changed
@@ -118,7 +118,7 @@ /** do we need to restart or quit (on signal) */ int need_to_exit; /** allocation cache for this thread */ - struct alloc_cache alloc; + struct alloc_cache *alloc; /** per thread statistics */ struct ub_server_stats stats; /** thread scratch regional */ @@ -131,6 +131,8 @@ /** dnstap environment, changed for this thread */ struct dt_env dtenv; #endif + /** reuse existing cache on reload if other conditions allow it. */ + int reuse_cache; }; /**
View file
_service:tar_scm:unbound-1.17.0.tar.gz/doc/Changelog -> _service:tar_scm:unbound-1.17.1.tar.gz/doc/Changelog
Changed
@@ -1,7 +1,93 @@ +5 January 2023: Wouter + - Tag for 1.17.1 release. + +2 January 2023: Wouter + - Fix windows compile for libunbound subprocess reap comm point closes. + - Update github workflows to use checkout v3. + +14 December 2022: George + - Merge #569 from JINMEI Tatuya: add keep-cache option to + 'unbound-control reload' to keep caches. + +13 December 2022: George + - Expose 'statistics-inhibit-zero' as a configuration option; the + default value retains Unbound's behavior. + - Expose 'max-sent-count' as a configuration option; the + default value retains Unbound's behavior. + - Merge #461 from Christian Allred: Add max-query-restarts option. + Exposes an internal configuration but the default value retains + Unbound's behavior. + +13 December 2022: Wouter + - Merge #808: Wrap Makefile script's directory variables in quotes. + - Fix to wrap Makefile scripts directory in quotes for uninstall. + +1 December 2022: Wouter + - Fix #773: When used with systemd-networkd, unbound does not start + until systemd-networkd-wait-online.service times out. + +30 November 2022: George + - Add SVCB and HTTPS to the types removed by 'unbound-control flush'. + - Clear documentation for interactivity between the subnet module and + the serve-expired and prefetch configuration options. + +30 November 2022: Wouter + - Fix #782: Segmentation fault in stats.c:404. + +28 November 2022: Wouter + - Fix for the ignore of tcp events for closed comm points, preserve + the use after free protection features. + +23 November 2022: Philip + - Merge #720 from jonathangray: fix use after free when + WSACreateEvent() fails. + +22 November 2022: George + - Ignore expired error responses. + +11 November 2022: Wouter + - Fix #779: doc Missing documention in ub_resolve_event() for + callback parameter was_ratelimited. + +9 November 2022: George + - Complementary fix for distutils.sysconfig deprecation in Python 3.10 + to commit 62c5039ab9da42713e006e840b7578e01d66e7f2. + +8 November 2022: Wouter + - Fix to ignore tcp events for closed comm points. + - Fix to make sure to not read again after a tcp comm point is closed. + - Fix #775: libunbound: subprocess reap causes parent process reap + to hang. + - iana portlist update. + +21 October 2022: George + - Merge #767 from jonathangray: consistently use IPv4/IPv6 in + unbound.conf.5. + +21 October 2022: Wouter + - Fix that cachedb does not store failures in the external cache. + +18 October 2022: George + - Clarify the use of MAX_SENT_COUNT in the iterator code. + +17 October 2022: Wouter + - testcode/dohclient sets log identity to its name. + +14 October 2022: Wouter + - Merge #768 from fobser: Arithmetic on a pointer to void is a GNU + extension. + - In unit test, print python script name list correctly. + +13 October 2022: Wouter + - Tag for 1.17.0 release. The code repository continues with 1.17.1. + 11 October 2022: George - Fix PROXYv2 header read for TCP connections when no proxied addresses are provided. +7 October 2022: Wouter + - Tag for 1.17.0rc1 release. + 7 October 2022: George - Fix to stop possible loops in the tcp reuse code (write_wait list and tcp_wait list). Based on analysis and patch from Prad Seniappan
View file
_service:tar_scm:unbound-1.17.0.tar.gz/doc/README -> _service:tar_scm:unbound-1.17.1.tar.gz/doc/README
Changed
@@ -1,4 +1,4 @@ -README for Unbound 1.17.0 +README for Unbound 1.17.1 Copyright 2007 NLnet Labs http://unbound.net
View file
_service:tar_scm:unbound-1.17.0.tar.gz/doc/example.conf.in -> _service:tar_scm:unbound-1.17.1.tar.gz/doc/example.conf.in
Changed
@@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.17.0. +# See unbound.conf(5) man page, version 1.17.1. # # this is a comment. @@ -35,9 +35,14 @@ # statistics-cumulative: no # enable extended statistics (query types, answer codes, status) - # printed from unbound-control. default off, because of speed. + # printed from unbound-control. Default off, because of speed. # extended-statistics: no + # Inhibits selected extended statistics (qtype, qclass, qopcode, rcode, + # rpz-actions) from printing if their value is 0. + # Default on. + # statistics-inhibit-zero: yes + # number of threads to create. 1 disables threading. # num-threads: 1 @@ -173,6 +178,15 @@ # a throwaway response (also timeouts) is received. # outbound-msg-retry: 5 + # Hard limit on the number of outgoing queries Unbound will make while + # resolving a name, making sure large NS sets do not loop. + # It resets on query restarts (e.g., CNAME) and referrals. + # max-sent-count: 32 + + # Hard limit on the number of times Unbound is allowed to restart a + # query upon encountering a CNAME record. + # max-query-restarts: 11 + # msec for waiting for an unknown server to reply. Increase if you # are behind a slow satellite link, to eg. 1128. # unknown-server-time-limit: 376
View file
_service:tar_scm:unbound-1.17.0.tar.gz/doc/libunbound.3.in -> _service:tar_scm:unbound-1.17.1.tar.gz/doc/libunbound.3.in
Changed
@@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0" +.TH "libunbound" "3" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -44,7 +44,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.17.0 functions. +\- Unbound DNS validating resolver 1.17.1 functions. .SH "SYNOPSIS" .B #include <unbound.h> .LP
View file
_service:tar_scm:unbound-1.17.0.tar.gz/doc/unbound-anchor.8.in -> _service:tar_scm:unbound-1.17.1.tar.gz/doc/unbound-anchor.8.in
Changed
@@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0" +.TH "unbound-anchor" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\"
View file
_service:tar_scm:unbound-1.17.0.tar.gz/doc/unbound-checkconf.8.in -> _service:tar_scm:unbound-1.17.1.tar.gz/doc/unbound-checkconf.8.in
Changed
@@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0" +.TH "unbound-checkconf" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\"
View file
_service:tar_scm:unbound-1.17.0.tar.gz/doc/unbound-control.8.in -> _service:tar_scm:unbound-1.17.1.tar.gz/doc/unbound-control.8.in
Changed
@@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0" +.TH "unbound-control" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -54,6 +54,12 @@ .B reload Reload the server. This flushes the cache and reads the config file fresh. .TP +.B reload_keep_cache +Reload the server but try to keep the RRset and message cache if +(re)configuration allows for it. +That means the caches sizes and the number of threads must not change between +reloads. +.TP .B verbosity \fInumber Change verbosity value for logging. Same values as \fBverbosity\fR keyword in \fIunbound.conf\fR(5). This new setting lasts until the server is issued @@ -130,7 +136,7 @@ .TP .B flush \fIname Remove the name from the cache. Removes the types -A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR. +A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR, SVCB and HTTPS. Because that is fast to do. Other record types can be removed using .B flush_type or
View file
_service:tar_scm:unbound-1.17.0.tar.gz/doc/unbound-host.1.in -> _service:tar_scm:unbound-1.17.1.tar.gz/doc/unbound-host.1.in
Changed
@@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0" +.TH "unbound\-host" "1" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\"
View file
_service:tar_scm:unbound-1.17.0.tar.gz/doc/unbound.8.in -> _service:tar_scm:unbound-1.17.1.tar.gz/doc/unbound.8.in
Changed
@@ -1,4 +1,4 @@ -.TH "unbound" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0" +.TH "unbound" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.17.0. +\- Unbound DNS validating resolver 1.17.1. .SH "SYNOPSIS" .B unbound .RB \-h
View file
_service:tar_scm:unbound-1.17.0.tar.gz/doc/unbound.conf.5.in -> _service:tar_scm:unbound-1.17.1.tar.gz/doc/unbound.conf.5.in
Changed
@@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0" +.TH "unbound.conf" "5" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -112,6 +112,14 @@ Default is off, because keeping track of more statistics takes time. The counters are listed in \fIunbound\-control\fR(8). .TP +.B statistics\-inhibit\-zero: \fI<yes or no> +If enabled, selected extended statistics with a value of 0 are inhibited from +printing with \fIunbound\-control\fR(8). +These are query types, query classes, query opcodes, answer rcodes +(except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED) and +RPZ actions. +Default is on. +.TP .B num\-threads: \fI<number> The number of threads to create to serve clients. Use 1 for no threading. .TP @@ -349,7 +357,7 @@ The value of the Differentiated Services Codepoint (DSCP) in the differentiated services field (DS) of the outgoing IP packet headers. The field replaces the outdated IPv4 Type-Of-Service field and the -IPV6 traffic class field. +IPv6 traffic class field. .TP .B rrset\-cache\-size: \fI<number> Number of bytes size of the RRset cache. Default is 4 megabytes. @@ -416,7 +424,7 @@ Enable or disable whether ip6 queries are answered or issued. Default is yes. If disabled, queries are not answered on IPv6, and queries are not sent on IPv6 to the internet nameservers. With this option you can disable the -ipv6 transport for sending DNS traffic, it does not impact the contents of +IPv6 transport for sending DNS traffic, it does not impact the contents of the DNS traffic, which may have ip4 and ip6 addresses in it. .TP .B prefer\-ip4: \fI<yes or no> @@ -1671,7 +1679,7 @@ to redirect as specified by "\fIresource record string\fR". "Resource record string" is similar to that of \fIaccess-control-tag-action\fR, but it must be of either AAAA, A or CNAME types. -If the IP-netblock is an IPv6/IPV4 prefix, the record +If the IP-netblock is an IPv6/IPv4 prefix, the record must be AAAA/A respectively, unless it is a CNAME (which can be used for both versions of IP netblocks). If it is CNAME there must not be more than one \fIresponse-ip-data\fR for the same IP-netblock. @@ -1820,6 +1828,21 @@ the zone. Default is 5. .TP 5 +.B max\-sent\-count: \fI<number> +Hard limit on the number of outgoing queries Unbound will make while resolving +a name, making sure large NS sets do not loop. +Results in SERVFAIL when reached. +It resets on query restarts (e.g., CNAME) and referrals. +Default is 32. +.TP 5 +.B max\-query\-restarts: \fI<number> +Hard limit on the number of times Unbound is allowed to restart a query upon +encountering a CNAME record. +Results in SERVFAIL when reached. +Changing this value needs caution as it can allow long CNAME chains to be +accepted, where Unbound needs to verify (resolve) each link individually. +Default is 11. +.TP 5 .B fast\-server\-permil: \fI<number> Specify how many times out of 1000 to pick from the set of fastest servers. 0 turns the feature off. A value of 900 would pick from the fastest @@ -1853,7 +1876,7 @@ When the \fBval-log-level\fR option is also set to \fB2\fR, responses with Extended DNS Errors concerning DNSSEC failures that are not served from cache, will also contain a descriptive text message about the reason for the failure. -.TP +.TP 5 .B ede\-serve\-expired: \fI<yes or no> If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale Answer as EDNS0 option to the expired response. Note that this will not attach @@ -2358,6 +2381,9 @@ configuration file. On top of that, for each query only 100 different subnets are allowed to be stored for each address family. Exceeding that number, older entries will be purged from cache. +.LP +This module does not interact with the \fBserve\-expired*\fR and +\fBprefetch:\fR options. .TP .B send\-client\-subnet: \fI<IP address>\fR Send client source address to this authority. Append /num to indicate a
View file
_service:tar_scm:unbound-1.17.0.tar.gz/edns-subnet/subnetmod.c -> _service:tar_scm:unbound-1.17.1.tar.gz/edns-subnet/subnetmod.c
Changed
@@ -204,6 +204,17 @@ } alloc_init(&sn_env->alloc, NULL, 0); env->modinfoid = (void*)sn_env; + + /* Warn that serve-expired and prefetch do not work with the subnet + * module cache. */ + if(env->cfg->serve_expired) + log_warn( + "subnetcache: serve-expired is set but not working " + "for data originating from the subnet module cache."); + if(env->cfg->prefetch) + log_warn( + "subnetcache: prefetch is set but not working " + "for data originating from the subnet module cache."); /* Copy msg_cache settings */ sn_env->subnet_msg_cache = slabhash_create(env->cfg->msg_cache_slabs, HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size,
View file
_service:tar_scm:unbound-1.17.0.tar.gz/iterator/iter_utils.c -> _service:tar_scm:unbound-1.17.1.tar.gz/iterator/iter_utils.c
Changed
@@ -175,6 +175,8 @@ iter_env->supports_ipv6 = cfg->do_ip6; iter_env->supports_ipv4 = cfg->do_ip4; iter_env->outbound_msg_retry = cfg->outbound_msg_retry; + iter_env->max_sent_count = cfg->max_sent_count; + iter_env->max_query_restarts = cfg->max_query_restarts; return 1; }
View file
_service:tar_scm:unbound-1.17.0.tar.gz/iterator/iterator.c -> _service:tar_scm:unbound-1.17.1.tar.gz/iterator/iterator.c
Changed
@@ -1314,7 +1314,7 @@ /* We enforce a maximum number of query restarts. This is primarily a * cheap way to prevent CNAME loops. */ - if(iq->query_restart_count > MAX_RESTART_COUNT) { + if(iq->query_restart_count > ie->max_query_restarts) { verbose(VERB_QUERY, "request has exceeded the maximum number" " of query restarts with %d", iq->query_restart_count); errinf(qstate, "request has exceeded the maximum number " @@ -2276,14 +2276,13 @@ iq->num_current_queries, iq->sent_count); /* Make sure that we haven't run away */ - /* FIXME: is this check even necessary? */ if(iq->referral_count > MAX_REFERRAL_COUNT) { verbose(VERB_QUERY, "request has exceeded the maximum " "number of referrrals with %d", iq->referral_count); errinf(qstate, "exceeded the maximum of referrals"); return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } - if(iq->sent_count > MAX_SENT_COUNT) { + if(iq->sent_count > ie->max_sent_count) { verbose(VERB_QUERY, "request has exceeded the maximum " "number of sends with %d", iq->sent_count); errinf(qstate, "exceeded the maximum number of sends"); @@ -2630,7 +2629,7 @@ * the original query is one that matched too, so we have * caps_server+1 number of matching queries now */ if(iq->caps_server+1 >= naddr*3 || - iq->caps_server*2+2 >= MAX_SENT_COUNT) { + iq->caps_server*2+2 >= (size_t)ie->max_sent_count) { /* *2 on sentcount check because ipv6 may fail */ /* we're done, process the response */ verbose(VERB_ALGO, "0x20 fallback had %d responses "
View file
_service:tar_scm:unbound-1.17.0.tar.gz/iterator/iterator.h -> _service:tar_scm:unbound-1.17.1.tar.gz/iterator/iterator.h
Changed
@@ -63,12 +63,8 @@ /** max number of nxdomains allowed for target lookups for a query and * its subqueries when fallback has kicked in */ #define MAX_TARGET_NX_FALLBACK (MAX_TARGET_NX*2) -/** max number of query restarts. Determines max number of CNAME chain. */ -#define MAX_RESTART_COUNT 11 /** max number of referrals. Makes sure resolver does not run away */ #define MAX_REFERRAL_COUNT 130 -/** max number of queries-sent-out. Make sure large NS set does not loop */ -#define MAX_SENT_COUNT 32 /** max number of queries for which to perform dnsseclameness detection, * (rrsigs missing detection) after that, just pick up that response */ #define DNSSEC_LAME_DETECT_COUNT 4 @@ -145,6 +141,12 @@ /** number of retries on outgoing queries */ int outbound_msg_retry; + + /** number of queries_sent */ + int max_sent_count; + + /** max number of query restarts to limit length of CNAME chain */ + int max_query_restarts; }; /**
View file
_service:tar_scm:unbound-1.17.0.tar.gz/libunbound/context.c -> _service:tar_scm:unbound-1.17.1.tar.gz/libunbound/context.c
Changed
@@ -70,6 +70,7 @@ } else { log_init(cfg->logfile, cfg->use_syslog, NULL); } + ctx->pipe_pid = getpid(); cfg_apply_local_port_policy(cfg, 65536); config_apply(cfg); if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env))
View file
_service:tar_scm:unbound-1.17.0.tar.gz/libunbound/context.h -> _service:tar_scm:unbound-1.17.1.tar.gz/libunbound/context.h
Changed
@@ -89,6 +89,12 @@ pid_t bg_pid; /** tid of bg worker thread */ ub_thread_type bg_tid; + /** pid when pipes are created. This was the process when the + * setup was called. Helps with clean up, so we can tell after a fork + * which side of the fork the delete is on. */ + pid_t pipe_pid; + /** when threaded, the worker that exists in the created thread. */ + struct libworker* thread_worker; /** do threading (instead of forking) for async resolution */ int dothread;
View file
_service:tar_scm:unbound-1.17.0.tar.gz/libunbound/libunbound.c -> _service:tar_scm:unbound-1.17.1.tar.gz/libunbound/libunbound.c
Changed
@@ -305,11 +305,31 @@ int do_stop = 1; if(!ctx) return; + /* if the delete is called but it has forked, and before the fork + * the context was finalized, then the bg worker is not stopped + * from here. There is one worker, but two contexts that refer to + * it and only one should clean up, the one with getpid == pipe_pid.*/ + if(ctx->created_bg && ctx->pipe_pid != getpid()) { + do_stop = 0; +#ifndef USE_WINSOCK + /* Stop events from getting deregistered, if the backend is + * epoll, the epoll fd is the same as the other process. + * That process should deregister them. */ + if(ctx->qq_pipe->listen_com) + ctx->qq_pipe->listen_com->event_added = 0; + if(ctx->qq_pipe->res_com) + ctx->qq_pipe->res_com->event_added = 0; + if(ctx->rr_pipe->listen_com) + ctx->rr_pipe->listen_com->event_added = 0; + if(ctx->rr_pipe->res_com) + ctx->rr_pipe->res_com->event_added = 0; +#endif + } /* see if bg thread is created and if threads have been killed */ /* no locks, because those may be held by terminated threads */ /* for processes the read pipe is closed and we see that on read */ #ifdef HAVE_PTHREAD - if(ctx->created_bg && ctx->dothread) { + if(ctx->created_bg && ctx->dothread && do_stop) { if(pthread_kill(ctx->bg_tid, 0) == ESRCH) { /* thread has been killed */ do_stop = 0; @@ -318,6 +338,23 @@ #endif /* HAVE_PTHREAD */ if(do_stop) ub_stop_bg(ctx); + if(ctx->created_bg && ctx->pipe_pid != getpid() && ctx->thread_worker) { + /* This delete is happening from a different process. Delete + * the thread worker from this process memory space. The + * thread is not there to do so, so it is freed here. */ + struct ub_event_base* evbase = comm_base_internal( + ctx->thread_worker->base); + libworker_delete_event(ctx->thread_worker); + ctx->thread_worker = NULL; +#ifdef USE_MINI_EVENT + ub_event_base_free(evbase); +#else + /* cannot event_base_free, because the epoll_fd cleanup + * in libevent could stop the original event_base in the + * other process from working. */ + free(evbase); +#endif + } libworker_delete_event(ctx->event_worker); modstack_desetup(&ctx->mods, ctx->env);
View file
_service:tar_scm:unbound-1.17.0.tar.gz/libunbound/libworker.c -> _service:tar_scm:unbound-1.17.1.tar.gz/libunbound/libworker.c
Changed
@@ -395,6 +395,7 @@ w = libworker_setup(ctx, 1, NULL); if(!w) return UB_NOMEM; w->is_bg_thread = 1; + ctx->thread_worker = w; #ifdef ENABLE_LOCK_CHECKS w->thread_num = 1; /* for nicer DEBUG checklocks */ #endif
View file
_service:tar_scm:unbound-1.17.0.tar.gz/libunbound/unbound-event.h -> _service:tar_scm:unbound-1.17.1.tar.gz/libunbound/unbound-event.h
Changed
@@ -230,7 +230,7 @@ * @param callback: this is called on completion of the resolution. * It is called as: * void callback(void* mydata, int rcode, void* packet, int packet_len, - * int sec, char* why_bogus) + * int sec, char* why_bogus, int was_ratelimited) * with mydata: the same as passed here, you may pass NULL, * with rcode: 0 on no error, nonzero for mostly SERVFAIL situations, * this is a DNS rcode. @@ -241,6 +241,7 @@ * with packet_len: length in bytes of the packet buffer. * with sec: 0 if insecure, 1 if bogus, 2 if DNSSEC secure. * with why_bogus: text string explaining why it is bogus (or NULL). + * with was_ratelimited: if the query was ratelimited. * These point to buffers inside unbound; do not deallocate the packet or * error string. *
View file
_service:tar_scm:unbound-1.17.0.tar.gz/pythonmod/pythonmod.c -> _service:tar_scm:unbound-1.17.1.tar.gz/pythonmod/pythonmod.c
Changed
@@ -255,7 +255,7 @@ int pythonmod_init(struct module_env* env, int id) { int py_mod_idx = py_mod_count++; - + /* Initialize module */ FILE* script_py = NULL; PyObject* py_init_arg, *res; @@ -316,23 +316,37 @@ if (py_mod_count==1) { /* Initialize Python */ - PyRun_SimpleString("import sys \n"); + if(PyRun_SimpleString("import sys \n") < 0 ) { + goto python_init_fail; + } PyRun_SimpleString("sys.path.append('.') \n"); + PyRun_SimpleString("sys.path.append('"RUN_DIR"') \n"); + PyRun_SimpleString("sys.path.append('"SHARE_DIR"') \n"); if(env->cfg->directory && env->cfg->directory0) { char wdir1524; snprintf(wdir, sizeof(wdir), "sys.path.append('%s') \n", env->cfg->directory); PyRun_SimpleString(wdir); } - PyRun_SimpleString("sys.path.append('"RUN_DIR"') \n"); - PyRun_SimpleString("sys.path.append('"SHARE_DIR"') \n"); - PyRun_SimpleString("import distutils.sysconfig \n"); - PyRun_SimpleString("sys.path.append(distutils.sysconfig.get_python_lib(1,0)) \n"); - if (PyRun_SimpleString("from unboundmodule import *\n") < 0) + /* Check if sysconfig is there and use that instead of distutils; + * distutils.sysconfig is deprecated in Python 3.10. */ + if(PyRun_SimpleString("import sysconfig \n") < 0) { + log_info("pythonmod: module sysconfig not available; " + "falling back to distutils.sysconfig."); + if(PyRun_SimpleString("import distutils.sysconfig \n") < 0 + || PyRun_SimpleString("sys.path.append(" + "distutils.sysconfig.get_python_lib(1,0)) \n") < 0) { + goto python_init_fail; + } + } else { + if(PyRun_SimpleString("sys.path.append(" + "sysconfig.get_path('platlib')) \n") < 0) { + goto python_init_fail; + } + } + if(PyRun_SimpleString("from unboundmodule import *\n") < 0) { - log_err("pythonmod: cannot initialize core module: unboundmodule.py"); - PyGILState_Release(gil); - return 0; + goto python_init_fail; } } @@ -480,6 +494,11 @@ PyGILState_Release(gil); return 1; + +python_init_fail: + log_err("pythonmod: cannot initialize core module: unboundmodule.py"); + PyGILState_Release(gil); + return 0; } void pythonmod_deinit(struct module_env* env, int id)
View file
_service:tar_scm:unbound-1.17.0.tar.gz/services/authzone.c -> _service:tar_scm:unbound-1.17.1.tar.gz/services/authzone.c
Changed
@@ -2756,6 +2756,7 @@ == 0) { msg->rep->rrsetsi->rk.dname = newname; msg->rep->rrsetsi->rk.dname_len = newlen; + msg->rep->rrsetsi->entry.hash = rrset_key_hash(&msg->rep->rrsetsi->rk); } } }
View file
_service:tar_scm:unbound-1.17.0.tar.gz/services/cache/dns.c -> _service:tar_scm:unbound-1.17.1.tar.gz/services/cache/dns.c
Changed
@@ -636,6 +636,14 @@ r->serve_expired_ttl < now) { return NULL; } + /* Ignore expired failure answers */ + if(FLAGS_GET_RCODE(r->flags) != + LDNS_RCODE_NOERROR && + FLAGS_GET_RCODE(r->flags) != + LDNS_RCODE_NXDOMAIN && + FLAGS_GET_RCODE(r->flags) != + LDNS_RCODE_YXDOMAIN) + return 0; } else { return NULL; }
View file
_service:tar_scm:unbound-1.17.0.tar.gz/sldns/rrdef.h -> _service:tar_scm:unbound-1.17.1.tar.gz/sldns/rrdef.h
Changed
@@ -196,8 +196,8 @@ LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */ LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest-12 */ - LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */ - LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */ + LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */ + LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */ LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
View file
_service:tar_scm:unbound-1.17.0.tar.gz/smallapp/unbound-control.c -> _service:tar_scm:unbound-1.17.1.tar.gz/smallapp/unbound-control.c
Changed
@@ -102,6 +102,12 @@ printf(" stop stops the server\n"); printf(" reload reloads the server\n"); printf(" (this flushes data, stats, requestlist)\n"); + printf(" reload_keep_cache reloads the server but tries to\n"); + printf(" keep the RRset and message cache\n"); + printf(" if (re)configuration allows for it.\n"); + printf(" That means the caches sizes and\n"); + printf(" the number of threads must not\n"); + printf(" change between reloads.\n"); printf(" stats print statistics\n"); printf(" stats_noreset peek at statistics\n"); #ifdef HAVE_SHMGET @@ -180,8 +186,6 @@ #ifdef HAVE_SHMGET /** what to put on statistics lines between var and value, ": " or "=" */ #define SQ "=" -/** if true, inhibits a lot of =0 lines from the stats output */ -static const int inhibit_zero = 1; /** divide sum of timers to get average */ static void timeval_divide(struct timeval* avg, const struct timeval* sum, long long d) @@ -316,7 +320,7 @@ } /** print extended */ -static void print_extended(struct ub_stats_info* s) +static void print_extended(struct ub_stats_info* s, int inhibit_zero) { int i; char nm16; @@ -439,7 +443,7 @@ if(cfg->stat_extended) { print_mem(shm_stat, &stats0); print_hist(stats); - print_extended(stats); + print_extended(stats, cfg->stat_inhibit_zero); } } #endif /* HAVE_SHMGET */
View file
_service:tar_scm:unbound-1.17.0.tar.gz/testcode/dohclient.c -> _service:tar_scm:unbound-1.17.1.tar.gz/testcode/dohclient.c
Changed
@@ -573,6 +573,7 @@ #endif checklock_start(); log_init(0, 0, 0); + log_ident_set("dohclient"); h2_session = http2_session_create(); if(!h2_session) fatal_exit("out of memory");
View file
_service:tar_scm:unbound-1.17.0.tar.gz/testdata/03-testbound.tdir/03-testbound.test -> _service:tar_scm:unbound-1.17.1.tar.gz/testdata/03-testbound.tdir/03-testbound.test
Changed
@@ -103,6 +103,15 @@ fi fi + # detect if cachedb is needed + if echo $cleaninput | grep cachedb >/dev/null 2>&1; then + if grep "define USE_CACHEDB 1" $PRE/config.h >/dev/null 2>&1; then + : # CACHEDB is supported + else + continue + fi + fi + if test $do_valgrind = "yes"; then echo if (valgrind $VALGRIND_FLAGS $PRE/testbound -p $input >tmpout 2>&1;); then
View file
_service:tar_scm:unbound-1.17.0.tar.gz/testdata/09-unbound-control.tdir/09-unbound-control.conf -> _service:tar_scm:unbound-1.17.1.tar.gz/testdata/09-unbound-control.tdir/09-unbound-control.conf
Changed
@@ -1,6 +1,6 @@ server: verbosity: 2 - # num-threads: 1 + num-threads: 1 interface: 127.0.0.1 port: @PORT@ use-syslog: no @@ -9,6 +9,10 @@ chroot: "" username: "" do-not-query-localhost: no + access-control: 127.0.0.1 allow_snoop + msg-cache-size: 4m + rrset-cache-size: 4m + minimal-responses: yes remote-control: control-enable: yes control-interface: 127.0.0.1 @@ -21,4 +25,3 @@ forward-zone: name: "." forward-addr: "127.0.0.1@@TOPORT@" -
View file
_service:tar_scm:unbound-1.17.0.tar.gz/testdata/09-unbound-control.tdir/09-unbound-control.test -> _service:tar_scm:unbound-1.17.1.tar.gz/testdata/09-unbound-control.tdir/09-unbound-control.test
Changed
@@ -5,364 +5,317 @@ -f .tpkg.var.test && source .tpkg.var.test PRE="../.." +. ../common.sh -# exit value is 1 on usage -$PRE/unbound-control -h -if test $? -ne 1; then - echo "wrong exit value for usage." - exit 1 -else - echo "exit value for usage: OK" -fi - -# use lock-verify if possible - -# test if the server is up. -echo "> dig www.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -echo "> check answer" -if grep "10.20.30.40" outfile; then - echo "OK" -else +# End the test +# $1: exit value +end () { echo "> cat logfiles" cat fwd.log cat unbound.log - echo "Not OK" - exit 1 -fi + exit $1 +} -# exit value is 1 when a bad command is given. -echo "$PRE/unbound-control -c ub.conf blablargh" -$PRE/unbound-control -c ub.conf blablargh -if test $? -ne 1; then - echo "wrong exit value on error." - echo "> cat logfiles" - cat fwd.log - cat unbound.lo - exit 1 -else - echo "correct exit value on error" -fi +# Expect a given exit value of the previous command +# $1: the expected exit value +# $2: optional text to print when failing +expect_exit_value () { + if test $? -ne $1; then + if test -z "$2"; then + if test $1 -eq 1; then + msg="on error" + else + msg="after success" + fi + else + msg="$2" + fi + echo "wrong exit value $msg" + end 1 + fi +} + +# Helper function for quering +# $@: at least the domain name to query and optional dig arguments +query () { + echo "> dig $@" + dig @127.0.0.1 -p $UNBOUND_PORT $@ | tee outfile +} + +# Expect something in the answer +# $1: expected regular expression +expect_answer () { + echo "> check answer for \"$1\"" + if grep "$1" outfile; then + echo "OK" + else + echo "Not OK" + end 1 + fi +} + +# Fail the test for unexpected answers +# $1: unexpected regular expression +fail_answer () { + echo "> \"$1\" should not be in answer" + if grep "$1" outfile; then + echo "Not OK" + end 1 + else + echo "OK" + fi +} + +# Issue an unbound-control command +# $@: command arguments +control_command () { + echo "$PRE/unbound-control $@" + $PRE/unbound-control $@ > outfile +} + +# Dump the cache contents +# $@: optional options to unbound-control +cache_dump () { + echo "$PRE/unbound-control $@ dump_cache > cache.dump" + $PRE/unbound-control $@ dump_cache > cache.dump +} + +# Load cache contents +# $@: optional options to unbound-control +cache_load () { + echo "$PRE/unbound-control $@ load_cache < cache.dump" + $PRE/unbound-control $@ load_cache < cache.dump +} + +# Expect an entry in the cache dump +# $1: expected regular expression +expect_in_cache_dump () { + echo "> check cache dump for \"$1\"" + if grep "$1" cache.dump; then + echo "OK cache dump" + else + echo "Not OK cache dump" + end 1 + fi +} + +# Fail the test for unexpected entry in the cache dump +# $1: unexpected regular expression +fail_in_cache_dump () { + echo "> \"$1\" should not be in cache dump" + if grep "$1" cache.dump; then + echo "Not OK cache dump" + end 1 + else + echo "OK cache dump" + fi +} + +# start the test +cp ub.conf main.conf + +teststep "exit value is 1 on usage" +control_command -h +expect_exit_value 1 "for usage" + +# use lock-verify if possible + +teststep "test if the server is up" +query www.example.com. +expect_answer "10.20.30.40" + +teststep "exit value is 1 when a bad command is given" +control_command -c ub.conf blablargh +expect_exit_value 1 # reload the server. test if the server came up by putting a new # local-data element in the server. +teststep "reload the server" echo "server: local-data: 'afterreload. IN A 5.6.7.8'" >> ub.conf -echo "$PRE/unbound-control -c ub.conf reload" -$PRE/unbound-control -c ub.conf reload -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -echo "> dig afterreload." -dig @127.0.0.1 -p $UNBOUND_PORT afterreload. | tee outfile -echo "> check answer" -if grep "5.6.7.8" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi +control_command -c ub.conf reload +expect_exit_value 0 +query afterreload. +expect_answer "5.6.7.8" -# must have had queries now. 1 since reload. -echo "$PRE/unbound-control -c ub.conf stats" -$PRE/unbound-control -c ub.conf stats > tmp.$$ -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -if grep "^total.num.queries=1-90-9*$" tmp.$$; then - echo "OK" -else - echo "bad stats" - cat tmp.$$
View file
_service:tar_scm:unbound-1.17.1.tar.gz/testdata/09-unbound-control.tdir/conf.bad_credentials
Added
@@ -0,0 +1,5 @@ +remote-control: + server-key-file: bad_server.key + server-cert-file: bad_server.pem + control-key-file: bad_control.key + control-cert-file: bad_control.pem
View file
_service:tar_scm:unbound-1.17.1.tar.gz/testdata/09-unbound-control.tdir/conf.spoofed_credentials
Added
@@ -0,0 +1,5 @@ +remote-control: + server-key-file: unbound_server.key + server-cert-file: unbound_server.pem + control-key-file: bad_control.key + control-cert-file: bad_control.pem
View file
_service:tar_scm:unbound-1.17.1.tar.gz/testdata/cachedb_servfail_cname.crpl
Added
@@ -0,0 +1,181 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: no + ;serve-expired: yes + module-config: "cachedb iterator" + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb store and servfail reply from cname. +; the servfail reply should not overwrite the cache contents. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns2.example.com. +SECTION ADDITIONAL +ns2.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION AUTHORITY +foo.com. IN NS ns.example.com. +ENTRY_END +RANGE_END + +; ns2.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns2.example.com., now failing +RANGE_BEGIN 20 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME foo.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA SERVFAIL +SECTION QUESTION +foo.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA SERVFAIL +SECTION QUESTION +ns2.example.com. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA SERVFAIL +SECTION QUESTION +ns2.example.com. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END + +; get and entry in cache, to make it expired. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; it is now expired +STEP 20 TIME_PASSES ELAPSE 20 + +; get a servfail in cache for the destination +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +foo.example.com. IN A +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +foo.example.com. IN A +ENTRY_END + +; the query is now a CNAME to servfail. +; there is a valid, but expired, entry in cache. +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME foo.example.com. +ENTRY_END + +SCENARIO_END
View file
_service:tar_scm:unbound-1.17.0.tar.gz/testdata/common.sh -> _service:tar_scm:unbound-1.17.1.tar.gz/testdata/common.sh
Changed
@@ -29,6 +29,7 @@ # wait_server_up_or_fail: wait for server to come up or print a failure string # skip_test x : print message and skip test (must be called in .pre) # kill_pid : kill a server, make sure and wait for it to go down. +# teststep : print the current test step in the output # print error and exit @@ -272,3 +273,8 @@ fi } +# Print the current test step in the output +teststep () { + echo + echo "STEP $1 " +}
View file
_service:tar_scm:unbound-1.17.0.tar.gz/testdata/fwd_0ttlservfail.rpl -> _service:tar_scm:unbound-1.17.1.tar.gz/testdata/fwd_0ttlservfail.rpl
Changed
@@ -2,6 +2,7 @@ ; config options go here. server: serve-expired: yes + prefetch: yes forward-zone: name: "." forward-addr: 216.0.0.1 CONFIG_END @@ -45,7 +46,7 @@ ENTRY_END ; enough to pass by the TTL of the servfail answer in cache -STEP 50 TIME_PASSES ELAPSE 40 +STEP 50 TIME_PASSES ELAPSE 5 ; this query triggers a prefetch STEP 210 QUERY
View file
_service:tar_scm:unbound-1.17.0.tar.gz/testdata/pymod.tdir/pymod.py -> _service:tar_scm:unbound-1.17.1.tar.gz/testdata/pymod.tdir/pymod.py
Changed
@@ -37,7 +37,12 @@ import os def init(id, cfg): - log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script)) + scripts= + s = cfg.python_script + while s != None: + scripts.append(s.str) + s = s.next + log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, scripts)) return True def deinit(id):
View file
_service:tar_scm:unbound-1.17.1.tar.gz/testdata/serve_expired_cached_servfail.rpl
Added
@@ -0,0 +1,130 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 123 + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply +; Scenario overview: +; - query for example.com. IN A +; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5) +; - check that the client gets the SERVFAIL; also cached +; - query again right after the TTL expired +; - cached SERVFAIL should be ignored and upstream queried +; - check that we get the correct answer + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA SERVFAIL + SECTION QUESTION + example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 0 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the SERVFAIL (will be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we get the cached SERVFAIL +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all + REPLY QR RD RA SERVFAIL + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 31 TIME_PASSES ELAPSE 6 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we got the correct answer +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END
View file
_service:tar_scm:unbound-1.17.1.tar.gz/testdata/serve_expired_client_timeout_servfail.rpl
Added
@@ -0,0 +1,119 @@ +; config options +server: + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-expired: yes + serve-expired-client-timeout: 1 + serve-expired-reply-ttl: 123 + log-servfail: yes + ede: yes + ede-serve-expired: yes + + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply +; Scenario overview: +; - query for example.com. IN A +; - check that we get an answer for example.com. IN A with the correct TTL +; - query again right after the TTL expired +; - answer from upstream is servfail +; - check that we get the expired cached answer instead + +; ns.example.com. +RANGE_BEGIN 0 20 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. 10 IN NS + SECTION ANSWER + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 30 70 + ADDRESS 1.2.3.4 + ; response to A query + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR AA SERVFAIL + SECTION QUESTION + example.com. IN A + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 1 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we got the correct answer (should be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; Wait for the TTL to expire +STEP 11 TIME_PASSES ELAPSE 11 + +; Query again +STEP 30 QUERY +ENTRY_BEGIN + REPLY RD DO + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we got a stale answer +STEP 40 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl ede=3 + REPLY QR RD RA DO NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 123 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. 123 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 123 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END
View file
_service:tar_scm:unbound-1.17.1.tar.gz/testdata/subnet_cached_servfail.crpl
Added
@@ -0,0 +1,167 @@ +; Check if an expired SERVFAIL answer stored in the global cache does not block +; ECS queries to reach the ECS cache. + +server: + trust-anchor-signaling: no + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 21 + module-config: "subnetcache iterator" + verbosity: 3 + access-control: 127.0.0.1 allow_snoop + qname-minimisation: no + minimal-responses: no + serve-expired: yes + prefetch: yes + +stub-zone: + name: "example.com." + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache + +; ns.example.com. +RANGE_BEGIN 0 10 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR SERVFAIL + SECTION QUESTION + www.example.com. IN A + ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 11 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ; response to query of interest + ENTRY_BEGIN + MATCH opcode qtype qname ednsdata + ADJUST copy_id copy_ednsdata_assume_clientsubnet + REPLY QR NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 10 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 05 ; option length + 00 01 ; Family + 08 00 ; source mask, scopemask + 7f ; address + HEX_EDNSDATA_END + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; This answer should be in the global cache +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; Bring the cached SERVFAIL to prefetch time +STEP 10 TIME_PASSES ELAPSE 5 + +STEP 11 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 05 ; OPC, optlen + 00 01 08 00 ; ip4, source 8, scope 0 + 7f ; 127.0.0.0/8 +HEX_EDNSDATA_END +ENTRY_END + +; This answer was cached but a prefetch was triggerred +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; Wait for the SERVFAIL to expire +STEP 13 TIME_PASSES ELAPSE 2 + +; Query again to verify that the record was prefetched and stored in the ECS +; cache (because the server replied with ECS this time) +STEP 14 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 05 ; OPC, optlen + 00 01 08 00 ; ip4, source 8, scope 0 + 7f ; 127.0.0.0/8 +HEX_EDNSDATA_END +ENTRY_END + +; This record came from the ECS cache +STEP 15 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3598 IN NS ns.example.com. +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 00 05 ; OPC, optlen + 00 01 08 08 ; ip4, source 8, scope 0 + 7f ; 127.0.0.0/8 +HEX_EDNSDATA_END +ns.example.com. 3598 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END
View file
_service:tar_scm:unbound-1.17.0.tar.gz/util/config_file.c -> _service:tar_scm:unbound-1.17.1.tar.gz/util/config_file.c
Changed
@@ -99,6 +99,7 @@ cfg->stat_interval = 0; cfg->stat_cumulative = 0; cfg->stat_extended = 0; + cfg->stat_inhibit_zero = 1; cfg->num_threads = 1; cfg->port = UNBOUND_DNS_PORT; cfg->do_ip4 = 1; @@ -336,6 +337,8 @@ cfg->ip_ratelimit_backoff = 0; cfg->ratelimit_backoff = 0; cfg->outbound_msg_retry = 5; + cfg->max_sent_count = 32; + cfg->max_query_restarts = 11; cfg->qname_minimisation = 1; cfg->qname_minimisation_strict = 0; cfg->shm_enable = 0; @@ -516,6 +519,7 @@ else S_YNO("use-syslog:", use_syslog) else S_STR("log-identity:", log_identity) else S_YNO("extended-statistics:", stat_extended) + else S_YNO("statistics-inhibit-zero:", stat_inhibit_zero) else S_YNO("statistics-cumulative:", stat_cumulative) else S_YNO("shm-enable:", shm_enable) else S_NUMBER_OR_ZERO("shm-key:", shm_key) @@ -778,6 +782,8 @@ else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff) else S_YNO("ratelimit-backoff:", ratelimit_backoff) else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry) + else S_NUMBER_NONZERO("max-sent-count:", max_sent_count) + else S_NUMBER_NONZERO("max-query-restarts:", max_query_restarts) else S_SIZET_NONZERO("fast-server-num:", fast_server_num) else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil) else S_YNO("qname-minimisation:", qname_minimisation) @@ -996,6 +1002,7 @@ else O_DEC(opt, "statistics-interval", stat_interval) else O_YNO(opt, "statistics-cumulative", stat_cumulative) else O_YNO(opt, "extended-statistics", stat_extended) + else O_YNO(opt, "statistics-inhibit-zero", stat_inhibit_zero) else O_YNO(opt, "shm-enable", shm_enable) else O_DEC(opt, "shm-key", shm_key) else O_YNO(opt, "use-syslog", use_syslog) @@ -1238,6 +1245,8 @@ else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff) else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff) else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry) + else O_UNS(opt, "max-sent-count", max_sent_count) + else O_UNS(opt, "max-query-restarts", max_query_restarts) else O_DEC(opt, "fast-server-num", fast_server_num) else O_DEC(opt, "fast-server-permil", fast_server_permil) else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
View file
_service:tar_scm:unbound-1.17.0.tar.gz/util/config_file.h -> _service:tar_scm:unbound-1.17.1.tar.gz/util/config_file.h
Changed
@@ -76,6 +76,8 @@ int stat_cumulative; /** if true, the statistics are kept in greater detail */ int stat_extended; + /** if true, inhibits a lot of =0 lines from the extended stats output */ + int stat_inhibit_zero; /** number of threads to create */ int num_threads; @@ -608,6 +610,11 @@ /** number of retries on outgoing queries */ int outbound_msg_retry; + /** max sent queries per qstate; resets on query restarts (e.g., + * CNAMES) and referrals */ + int max_sent_count; + /** max number of query restarts; determines max length of CNAME chain */ + int max_query_restarts; /** minimise outgoing QNAME and hide original QTYPE if possible */ int qname_minimisation; /** minimise QNAME in strict mode, minimise according to RFC.
View file
_service:tar_scm:unbound-1.17.0.tar.gz/util/configlexer.c -> _service:tar_scm:unbound-1.17.1.tar.gz/util/configlexer.c
Changed
@@ -354,8 +354,8 @@ (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 369 -#define YY_END_OF_BUFFER 370 +#define YY_NUM_RULES 372 +#define YY_END_OF_BUFFER 373 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -363,409 +363,413 @@ flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static const flex_int16_t yy_accept3646 = +static const flex_int16_t yy_accept3683 = { 0, - 1, 1, 343, 343, 347, 347, 351, 351, 355, 355, - 1, 1, 359, 359, 363, 363, 370, 367, 1, 341, - 341, 368, 2, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 368, 343, 344, 344, 345, - 368, 347, 348, 348, 349, 368, 354, 351, 352, 352, - 353, 368, 355, 356, 356, 357, 368, 366, 342, 2, - 346, 366, 368, 362, 359, 360, 360, 361, 368, 363, - 364, 364, 365, 368, 367, 0, 1, 2, 2, 2, - 2, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 343, - 0, 347, 0, 354, 0, 351, 355, 0, 366, 0, - 2, 2, 366, 362, 0, 359, 363, 0, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 366, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 339, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 133, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 143, 367, 367, 367, 367, - 367, 367, 367, 366, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 115, 367, 338, 367, 367, 367, - 367, 367, 367, 367, 367, 8, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 134, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 148, 367, 367, 366, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 331, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 366, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 69, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 260, 367, 14, - 15, 367, 19, 18, 367, 367, 240, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 141, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 238, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 3, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 366, 367, 367, 367, 367, 367, 367, 367, 325, 367, - 367, 324, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 350, 367, 367, 367, 367, 367, 367, 367, - 367, 68, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 72, 367, - 294, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 332, 333, 367, 367, 367, 367, 367, 367, 367, 367, - 73, 367, 367, 142, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 137, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 227, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 21, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 169, 367, 367, 367, - 367, 367, 366, 350, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 113, 367, 367, 367, 367, - 367, 367, 367, 302, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 196, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 168, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 112, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 35, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 36, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 70, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 140, 367, 367, 367, 366, 367, 367, - 367, 367, 367, 132, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 71, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 264, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 197, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 58, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 282, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 63, 367, 64, 367, 367, - 367, 367, 367, 116, 367, 117, 367, 367, 367, 367, - 367, 114, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 7, 367, 367, 367, 367, - 366, 367, 367, 367, 367, 367, 367, 367, 367, 367, - - 367, 367, 367, 367, 367, 367, 367, 367, 367, 249, - 367, 367, 367, 367, 172, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 265, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367, - 367, 367, 367, 367, 367, 367, 367, 367, 367, 367,
View file
_service:tar_scm:unbound-1.17.0.tar.gz/util/configlexer.lex -> _service:tar_scm:unbound-1.17.1.tar.gz/util/configlexer.lex
Changed
@@ -438,6 +438,7 @@ statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) } statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) } +statistics-inhibit-zero{COLON} { YDVAR(1, VAR_STATISTICS_INHIBIT_ZERO) } shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) } shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) } remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) } @@ -514,6 +515,8 @@ ip-ratelimit-backoff{COLON} { YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) } ratelimit-backoff{COLON} { YDVAR(1, VAR_RATELIMIT_BACKOFF) } outbound-msg-retry{COLON} { YDVAR(1, VAR_OUTBOUND_MSG_RETRY) } +max-sent-count{COLON} { YDVAR(1, VAR_MAX_SENT_COUNT) } +max-query-restarts{COLON} { YDVAR(1, VAR_MAX_QUERY_RESTARTS) } low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) } fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) } low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
View file
_service:tar_scm:unbound-1.17.0.tar.gz/util/configparser.c -> _service:tar_scm:unbound-1.17.1.tar.gz/util/configparser.c
Changed
@@ -328,496 +328,502 @@ YYSYMBOL_VAR_RATELIMIT_SLABS = 200, /* VAR_RATELIMIT_SLABS */ YYSYMBOL_VAR_RATELIMIT_SIZE = 201, /* VAR_RATELIMIT_SIZE */ YYSYMBOL_VAR_OUTBOUND_MSG_RETRY = 202, /* VAR_OUTBOUND_MSG_RETRY */ - YYSYMBOL_VAR_RATELIMIT_FOR_DOMAIN = 203, /* VAR_RATELIMIT_FOR_DOMAIN */ - YYSYMBOL_VAR_RATELIMIT_BELOW_DOMAIN = 204, /* VAR_RATELIMIT_BELOW_DOMAIN */ - YYSYMBOL_VAR_IP_RATELIMIT_FACTOR = 205, /* VAR_IP_RATELIMIT_FACTOR */ - YYSYMBOL_VAR_RATELIMIT_FACTOR = 206, /* VAR_RATELIMIT_FACTOR */ - YYSYMBOL_VAR_IP_RATELIMIT_BACKOFF = 207, /* VAR_IP_RATELIMIT_BACKOFF */ - YYSYMBOL_VAR_RATELIMIT_BACKOFF = 208, /* VAR_RATELIMIT_BACKOFF */ - YYSYMBOL_VAR_SEND_CLIENT_SUBNET = 209, /* VAR_SEND_CLIENT_SUBNET */ - YYSYMBOL_VAR_CLIENT_SUBNET_ZONE = 210, /* VAR_CLIENT_SUBNET_ZONE */ - YYSYMBOL_VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 211, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ - YYSYMBOL_VAR_CLIENT_SUBNET_OPCODE = 212, /* VAR_CLIENT_SUBNET_OPCODE */ - YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV4 = 213, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ - YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV6 = 214, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ - YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV4 = 215, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ - YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV6 = 216, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ - YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV4 = 217, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ - YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV6 = 218, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ - YYSYMBOL_VAR_CAPS_WHITELIST = 219, /* VAR_CAPS_WHITELIST */ - YYSYMBOL_VAR_CACHE_MAX_NEGATIVE_TTL = 220, /* VAR_CACHE_MAX_NEGATIVE_TTL */ - YYSYMBOL_VAR_PERMIT_SMALL_HOLDDOWN = 221, /* VAR_PERMIT_SMALL_HOLDDOWN */ - YYSYMBOL_VAR_QNAME_MINIMISATION = 222, /* VAR_QNAME_MINIMISATION */ - YYSYMBOL_VAR_QNAME_MINIMISATION_STRICT = 223, /* VAR_QNAME_MINIMISATION_STRICT */ - YYSYMBOL_VAR_IP_FREEBIND = 224, /* VAR_IP_FREEBIND */ - YYSYMBOL_VAR_DEFINE_TAG = 225, /* VAR_DEFINE_TAG */ - YYSYMBOL_VAR_LOCAL_ZONE_TAG = 226, /* VAR_LOCAL_ZONE_TAG */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG = 227, /* VAR_ACCESS_CONTROL_TAG */ - YYSYMBOL_VAR_LOCAL_ZONE_OVERRIDE = 228, /* VAR_LOCAL_ZONE_OVERRIDE */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG_ACTION = 229, /* VAR_ACCESS_CONTROL_TAG_ACTION */ - YYSYMBOL_VAR_ACCESS_CONTROL_TAG_DATA = 230, /* VAR_ACCESS_CONTROL_TAG_DATA */ - YYSYMBOL_VAR_VIEW = 231, /* VAR_VIEW */ - YYSYMBOL_VAR_ACCESS_CONTROL_VIEW = 232, /* VAR_ACCESS_CONTROL_VIEW */ - YYSYMBOL_VAR_VIEW_FIRST = 233, /* VAR_VIEW_FIRST */ - YYSYMBOL_VAR_SERVE_EXPIRED = 234, /* VAR_SERVE_EXPIRED */ - YYSYMBOL_VAR_SERVE_EXPIRED_TTL = 235, /* VAR_SERVE_EXPIRED_TTL */ - YYSYMBOL_VAR_SERVE_EXPIRED_TTL_RESET = 236, /* VAR_SERVE_EXPIRED_TTL_RESET */ - YYSYMBOL_VAR_SERVE_EXPIRED_REPLY_TTL = 237, /* VAR_SERVE_EXPIRED_REPLY_TTL */ - YYSYMBOL_VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 238, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ - YYSYMBOL_VAR_EDE_SERVE_EXPIRED = 239, /* VAR_EDE_SERVE_EXPIRED */ - YYSYMBOL_VAR_SERVE_ORIGINAL_TTL = 240, /* VAR_SERVE_ORIGINAL_TTL */ - YYSYMBOL_VAR_FAKE_DSA = 241, /* VAR_FAKE_DSA */ - YYSYMBOL_VAR_FAKE_SHA1 = 242, /* VAR_FAKE_SHA1 */ - YYSYMBOL_VAR_LOG_IDENTITY = 243, /* VAR_LOG_IDENTITY */ - YYSYMBOL_VAR_HIDE_TRUSTANCHOR = 244, /* VAR_HIDE_TRUSTANCHOR */ - YYSYMBOL_VAR_HIDE_HTTP_USER_AGENT = 245, /* VAR_HIDE_HTTP_USER_AGENT */ - YYSYMBOL_VAR_HTTP_USER_AGENT = 246, /* VAR_HTTP_USER_AGENT */ - YYSYMBOL_VAR_TRUST_ANCHOR_SIGNALING = 247, /* VAR_TRUST_ANCHOR_SIGNALING */ - YYSYMBOL_VAR_AGGRESSIVE_NSEC = 248, /* VAR_AGGRESSIVE_NSEC */ - YYSYMBOL_VAR_USE_SYSTEMD = 249, /* VAR_USE_SYSTEMD */ - YYSYMBOL_VAR_SHM_ENABLE = 250, /* VAR_SHM_ENABLE */ - YYSYMBOL_VAR_SHM_KEY = 251, /* VAR_SHM_KEY */ - YYSYMBOL_VAR_ROOT_KEY_SENTINEL = 252, /* VAR_ROOT_KEY_SENTINEL */ - YYSYMBOL_VAR_DNSCRYPT = 253, /* VAR_DNSCRYPT */ - YYSYMBOL_VAR_DNSCRYPT_ENABLE = 254, /* VAR_DNSCRYPT_ENABLE */ - YYSYMBOL_VAR_DNSCRYPT_PORT = 255, /* VAR_DNSCRYPT_PORT */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER = 256, /* VAR_DNSCRYPT_PROVIDER */ - YYSYMBOL_VAR_DNSCRYPT_SECRET_KEY = 257, /* VAR_DNSCRYPT_SECRET_KEY */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT = 258, /* VAR_DNSCRYPT_PROVIDER_CERT */ - YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 259, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ - YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 260, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ - YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 261, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ - YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SIZE = 262, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ - YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SLABS = 263, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ - YYSYMBOL_VAR_PAD_RESPONSES = 264, /* VAR_PAD_RESPONSES */ - YYSYMBOL_VAR_PAD_RESPONSES_BLOCK_SIZE = 265, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ - YYSYMBOL_VAR_PAD_QUERIES = 266, /* VAR_PAD_QUERIES */ - YYSYMBOL_VAR_PAD_QUERIES_BLOCK_SIZE = 267, /* VAR_PAD_QUERIES_BLOCK_SIZE */ - YYSYMBOL_VAR_IPSECMOD_ENABLED = 268, /* VAR_IPSECMOD_ENABLED */ - YYSYMBOL_VAR_IPSECMOD_HOOK = 269, /* VAR_IPSECMOD_HOOK */ - YYSYMBOL_VAR_IPSECMOD_IGNORE_BOGUS = 270, /* VAR_IPSECMOD_IGNORE_BOGUS */ - YYSYMBOL_VAR_IPSECMOD_MAX_TTL = 271, /* VAR_IPSECMOD_MAX_TTL */ - YYSYMBOL_VAR_IPSECMOD_WHITELIST = 272, /* VAR_IPSECMOD_WHITELIST */ - YYSYMBOL_VAR_IPSECMOD_STRICT = 273, /* VAR_IPSECMOD_STRICT */ - YYSYMBOL_VAR_CACHEDB = 274, /* VAR_CACHEDB */ - YYSYMBOL_VAR_CACHEDB_BACKEND = 275, /* VAR_CACHEDB_BACKEND */ - YYSYMBOL_VAR_CACHEDB_SECRETSEED = 276, /* VAR_CACHEDB_SECRETSEED */ - YYSYMBOL_VAR_CACHEDB_REDISHOST = 277, /* VAR_CACHEDB_REDISHOST */ - YYSYMBOL_VAR_CACHEDB_REDISPORT = 278, /* VAR_CACHEDB_REDISPORT */ - YYSYMBOL_VAR_CACHEDB_REDISTIMEOUT = 279, /* VAR_CACHEDB_REDISTIMEOUT */ - YYSYMBOL_VAR_CACHEDB_REDISEXPIRERECORDS = 280, /* VAR_CACHEDB_REDISEXPIRERECORDS */ - YYSYMBOL_VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 281, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ - YYSYMBOL_VAR_FOR_UPSTREAM = 282, /* VAR_FOR_UPSTREAM */ - YYSYMBOL_VAR_AUTH_ZONE = 283, /* VAR_AUTH_ZONE */ - YYSYMBOL_VAR_ZONEFILE = 284, /* VAR_ZONEFILE */ - YYSYMBOL_VAR_MASTER = 285, /* VAR_MASTER */ - YYSYMBOL_VAR_URL = 286, /* VAR_URL */ - YYSYMBOL_VAR_FOR_DOWNSTREAM = 287, /* VAR_FOR_DOWNSTREAM */ - YYSYMBOL_VAR_FALLBACK_ENABLED = 288, /* VAR_FALLBACK_ENABLED */ - YYSYMBOL_VAR_TLS_ADDITIONAL_PORT = 289, /* VAR_TLS_ADDITIONAL_PORT */ - YYSYMBOL_VAR_LOW_RTT = 290, /* VAR_LOW_RTT */ - YYSYMBOL_VAR_LOW_RTT_PERMIL = 291, /* VAR_LOW_RTT_PERMIL */ - YYSYMBOL_VAR_FAST_SERVER_PERMIL = 292, /* VAR_FAST_SERVER_PERMIL */ - YYSYMBOL_VAR_FAST_SERVER_NUM = 293, /* VAR_FAST_SERVER_NUM */ - YYSYMBOL_VAR_ALLOW_NOTIFY = 294, /* VAR_ALLOW_NOTIFY */ - YYSYMBOL_VAR_TLS_WIN_CERT = 295, /* VAR_TLS_WIN_CERT */ - YYSYMBOL_VAR_TCP_CONNECTION_LIMIT = 296, /* VAR_TCP_CONNECTION_LIMIT */ - YYSYMBOL_VAR_FORWARD_NO_CACHE = 297, /* VAR_FORWARD_NO_CACHE */ - YYSYMBOL_VAR_STUB_NO_CACHE = 298, /* VAR_STUB_NO_CACHE */ - YYSYMBOL_VAR_LOG_SERVFAIL = 299, /* VAR_LOG_SERVFAIL */ - YYSYMBOL_VAR_DENY_ANY = 300, /* VAR_DENY_ANY */ - YYSYMBOL_VAR_UNKNOWN_SERVER_TIME_LIMIT = 301, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ - YYSYMBOL_VAR_LOG_TAG_QUERYREPLY = 302, /* VAR_LOG_TAG_QUERYREPLY */ - YYSYMBOL_VAR_STREAM_WAIT_SIZE = 303, /* VAR_STREAM_WAIT_SIZE */ - YYSYMBOL_VAR_TLS_CIPHERS = 304, /* VAR_TLS_CIPHERS */ - YYSYMBOL_VAR_TLS_CIPHERSUITES = 305, /* VAR_TLS_CIPHERSUITES */ - YYSYMBOL_VAR_TLS_USE_SNI = 306, /* VAR_TLS_USE_SNI */ - YYSYMBOL_VAR_IPSET = 307, /* VAR_IPSET */ - YYSYMBOL_VAR_IPSET_NAME_V4 = 308, /* VAR_IPSET_NAME_V4 */ - YYSYMBOL_VAR_IPSET_NAME_V6 = 309, /* VAR_IPSET_NAME_V6 */ - YYSYMBOL_VAR_TLS_SESSION_TICKET_KEYS = 310, /* VAR_TLS_SESSION_TICKET_KEYS */ - YYSYMBOL_VAR_RPZ = 311, /* VAR_RPZ */ - YYSYMBOL_VAR_TAGS = 312, /* VAR_TAGS */ - YYSYMBOL_VAR_RPZ_ACTION_OVERRIDE = 313, /* VAR_RPZ_ACTION_OVERRIDE */ - YYSYMBOL_VAR_RPZ_CNAME_OVERRIDE = 314, /* VAR_RPZ_CNAME_OVERRIDE */ - YYSYMBOL_VAR_RPZ_LOG = 315, /* VAR_RPZ_LOG */ - YYSYMBOL_VAR_RPZ_LOG_NAME = 316, /* VAR_RPZ_LOG_NAME */ - YYSYMBOL_VAR_DYNLIB = 317, /* VAR_DYNLIB */ - YYSYMBOL_VAR_DYNLIB_FILE = 318, /* VAR_DYNLIB_FILE */ - YYSYMBOL_VAR_EDNS_CLIENT_STRING = 319, /* VAR_EDNS_CLIENT_STRING */ - YYSYMBOL_VAR_EDNS_CLIENT_STRING_OPCODE = 320, /* VAR_EDNS_CLIENT_STRING_OPCODE */ - YYSYMBOL_VAR_NSID = 321, /* VAR_NSID */ - YYSYMBOL_VAR_ZONEMD_PERMISSIVE_MODE = 322, /* VAR_ZONEMD_PERMISSIVE_MODE */ - YYSYMBOL_VAR_ZONEMD_CHECK = 323, /* VAR_ZONEMD_CHECK */ - YYSYMBOL_VAR_ZONEMD_REJECT_ABSENCE = 324, /* VAR_ZONEMD_REJECT_ABSENCE */ - YYSYMBOL_VAR_RPZ_SIGNAL_NXDOMAIN_RA = 325, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */ - YYSYMBOL_VAR_INTERFACE_AUTOMATIC_PORTS = 326, /* VAR_INTERFACE_AUTOMATIC_PORTS */ - YYSYMBOL_VAR_EDE = 327, /* VAR_EDE */ - YYSYMBOL_VAR_INTERFACE_ACTION = 328, /* VAR_INTERFACE_ACTION */ - YYSYMBOL_VAR_INTERFACE_VIEW = 329, /* VAR_INTERFACE_VIEW */ - YYSYMBOL_VAR_INTERFACE_TAG = 330, /* VAR_INTERFACE_TAG */ - YYSYMBOL_VAR_INTERFACE_TAG_ACTION = 331, /* VAR_INTERFACE_TAG_ACTION */ - YYSYMBOL_VAR_INTERFACE_TAG_DATA = 332, /* VAR_INTERFACE_TAG_DATA */ - YYSYMBOL_VAR_PROXY_PROTOCOL_PORT = 333, /* VAR_PROXY_PROTOCOL_PORT */ - YYSYMBOL_YYACCEPT = 334, /* $accept */ - YYSYMBOL_toplevelvars = 335, /* toplevelvars */ - YYSYMBOL_toplevelvar = 336, /* toplevelvar */ - YYSYMBOL_force_toplevel = 337, /* force_toplevel */ - YYSYMBOL_serverstart = 338, /* serverstart */ - YYSYMBOL_contents_server = 339, /* contents_server */ - YYSYMBOL_content_server = 340, /* content_server */ - YYSYMBOL_stubstart = 341, /* stubstart */ - YYSYMBOL_contents_stub = 342, /* contents_stub */ - YYSYMBOL_content_stub = 343, /* content_stub */ - YYSYMBOL_forwardstart = 344, /* forwardstart */ - YYSYMBOL_contents_forward = 345, /* contents_forward */ - YYSYMBOL_content_forward = 346, /* content_forward */ - YYSYMBOL_viewstart = 347, /* viewstart */ - YYSYMBOL_contents_view = 348, /* contents_view */ - YYSYMBOL_content_view = 349, /* content_view */ - YYSYMBOL_authstart = 350, /* authstart */ - YYSYMBOL_contents_auth = 351, /* contents_auth */ - YYSYMBOL_content_auth = 352, /* content_auth */ - YYSYMBOL_rpz_tag = 353, /* rpz_tag */ - YYSYMBOL_rpz_action_override = 354, /* rpz_action_override */ - YYSYMBOL_rpz_cname_override = 355, /* rpz_cname_override */ - YYSYMBOL_rpz_log = 356, /* rpz_log */ - YYSYMBOL_rpz_log_name = 357, /* rpz_log_name */ - YYSYMBOL_rpz_signal_nxdomain_ra = 358, /* rpz_signal_nxdomain_ra */ - YYSYMBOL_rpzstart = 359, /* rpzstart */ - YYSYMBOL_contents_rpz = 360, /* contents_rpz */ - YYSYMBOL_content_rpz = 361, /* content_rpz */ - YYSYMBOL_server_num_threads = 362, /* server_num_threads */ - YYSYMBOL_server_verbosity = 363, /* server_verbosity */ - YYSYMBOL_server_statistics_interval = 364, /* server_statistics_interval */ - YYSYMBOL_server_statistics_cumulative = 365, /* server_statistics_cumulative */ - YYSYMBOL_server_extended_statistics = 366, /* server_extended_statistics */ - YYSYMBOL_server_shm_enable = 367, /* server_shm_enable */ - YYSYMBOL_server_shm_key = 368, /* server_shm_key */ - YYSYMBOL_server_port = 369, /* server_port */ - YYSYMBOL_server_send_client_subnet = 370, /* server_send_client_subnet */ - YYSYMBOL_server_client_subnet_zone = 371, /* server_client_subnet_zone */ - YYSYMBOL_server_client_subnet_always_forward = 372, /* server_client_subnet_always_forward */ - YYSYMBOL_server_client_subnet_opcode = 373, /* server_client_subnet_opcode */ - YYSYMBOL_server_max_client_subnet_ipv4 = 374, /* server_max_client_subnet_ipv4 */ - YYSYMBOL_server_max_client_subnet_ipv6 = 375, /* server_max_client_subnet_ipv6 */ - YYSYMBOL_server_min_client_subnet_ipv4 = 376, /* server_min_client_subnet_ipv4 */ - YYSYMBOL_server_min_client_subnet_ipv6 = 377, /* server_min_client_subnet_ipv6 */ - YYSYMBOL_server_max_ecs_tree_size_ipv4 = 378, /* server_max_ecs_tree_size_ipv4 */ - YYSYMBOL_server_max_ecs_tree_size_ipv6 = 379, /* server_max_ecs_tree_size_ipv6 */ - YYSYMBOL_server_interface = 380, /* server_interface */ - YYSYMBOL_server_outgoing_interface = 381, /* server_outgoing_interface */ - YYSYMBOL_server_outgoing_range = 382, /* server_outgoing_range */ - YYSYMBOL_server_outgoing_port_permit = 383, /* server_outgoing_port_permit */ - YYSYMBOL_server_outgoing_port_avoid = 384, /* server_outgoing_port_avoid */ - YYSYMBOL_server_outgoing_num_tcp = 385, /* server_outgoing_num_tcp */ - YYSYMBOL_server_incoming_num_tcp = 386, /* server_incoming_num_tcp */ - YYSYMBOL_server_interface_automatic = 387, /* server_interface_automatic */ - YYSYMBOL_server_interface_automatic_ports = 388, /* server_interface_automatic_ports */ - YYSYMBOL_server_do_ip4 = 389, /* server_do_ip4 */ - YYSYMBOL_server_do_ip6 = 390, /* server_do_ip6 */ - YYSYMBOL_server_do_udp = 391, /* server_do_udp */ - YYSYMBOL_server_do_tcp = 392, /* server_do_tcp */ - YYSYMBOL_server_prefer_ip4 = 393, /* server_prefer_ip4 */ - YYSYMBOL_server_prefer_ip6 = 394, /* server_prefer_ip6 */ - YYSYMBOL_server_tcp_mss = 395, /* server_tcp_mss */ - YYSYMBOL_server_outgoing_tcp_mss = 396, /* server_outgoing_tcp_mss */ - YYSYMBOL_server_tcp_idle_timeout = 397, /* server_tcp_idle_timeout */ - YYSYMBOL_server_max_reuse_tcp_queries = 398, /* server_max_reuse_tcp_queries */
View file
_service:tar_scm:unbound-1.17.0.tar.gz/util/configparser.h -> _service:tar_scm:unbound-1.17.1.tar.gz/util/configparser.h
Changed
@@ -254,137 +254,140 @@ VAR_RATELIMIT_SLABS = 455, /* VAR_RATELIMIT_SLABS */ VAR_RATELIMIT_SIZE = 456, /* VAR_RATELIMIT_SIZE */ VAR_OUTBOUND_MSG_RETRY = 457, /* VAR_OUTBOUND_MSG_RETRY */ - VAR_RATELIMIT_FOR_DOMAIN = 458, /* VAR_RATELIMIT_FOR_DOMAIN */ - VAR_RATELIMIT_BELOW_DOMAIN = 459, /* VAR_RATELIMIT_BELOW_DOMAIN */ - VAR_IP_RATELIMIT_FACTOR = 460, /* VAR_IP_RATELIMIT_FACTOR */ - VAR_RATELIMIT_FACTOR = 461, /* VAR_RATELIMIT_FACTOR */ - VAR_IP_RATELIMIT_BACKOFF = 462, /* VAR_IP_RATELIMIT_BACKOFF */ - VAR_RATELIMIT_BACKOFF = 463, /* VAR_RATELIMIT_BACKOFF */ - VAR_SEND_CLIENT_SUBNET = 464, /* VAR_SEND_CLIENT_SUBNET */ - VAR_CLIENT_SUBNET_ZONE = 465, /* VAR_CLIENT_SUBNET_ZONE */ - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 466, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ - VAR_CLIENT_SUBNET_OPCODE = 467, /* VAR_CLIENT_SUBNET_OPCODE */ - VAR_MAX_CLIENT_SUBNET_IPV4 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ - VAR_MAX_CLIENT_SUBNET_IPV6 = 469, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ - VAR_MIN_CLIENT_SUBNET_IPV4 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ - VAR_MIN_CLIENT_SUBNET_IPV6 = 471, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ - VAR_MAX_ECS_TREE_SIZE_IPV4 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ - VAR_MAX_ECS_TREE_SIZE_IPV6 = 473, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ - VAR_CAPS_WHITELIST = 474, /* VAR_CAPS_WHITELIST */ - VAR_CACHE_MAX_NEGATIVE_TTL = 475, /* VAR_CACHE_MAX_NEGATIVE_TTL */ - VAR_PERMIT_SMALL_HOLDDOWN = 476, /* VAR_PERMIT_SMALL_HOLDDOWN */ - VAR_QNAME_MINIMISATION = 477, /* VAR_QNAME_MINIMISATION */ - VAR_QNAME_MINIMISATION_STRICT = 478, /* VAR_QNAME_MINIMISATION_STRICT */ - VAR_IP_FREEBIND = 479, /* VAR_IP_FREEBIND */ - VAR_DEFINE_TAG = 480, /* VAR_DEFINE_TAG */ - VAR_LOCAL_ZONE_TAG = 481, /* VAR_LOCAL_ZONE_TAG */ - VAR_ACCESS_CONTROL_TAG = 482, /* VAR_ACCESS_CONTROL_TAG */ - VAR_LOCAL_ZONE_OVERRIDE = 483, /* VAR_LOCAL_ZONE_OVERRIDE */ - VAR_ACCESS_CONTROL_TAG_ACTION = 484, /* VAR_ACCESS_CONTROL_TAG_ACTION */ - VAR_ACCESS_CONTROL_TAG_DATA = 485, /* VAR_ACCESS_CONTROL_TAG_DATA */ - VAR_VIEW = 486, /* VAR_VIEW */ - VAR_ACCESS_CONTROL_VIEW = 487, /* VAR_ACCESS_CONTROL_VIEW */ - VAR_VIEW_FIRST = 488, /* VAR_VIEW_FIRST */ - VAR_SERVE_EXPIRED = 489, /* VAR_SERVE_EXPIRED */ - VAR_SERVE_EXPIRED_TTL = 490, /* VAR_SERVE_EXPIRED_TTL */ - VAR_SERVE_EXPIRED_TTL_RESET = 491, /* VAR_SERVE_EXPIRED_TTL_RESET */ - VAR_SERVE_EXPIRED_REPLY_TTL = 492, /* VAR_SERVE_EXPIRED_REPLY_TTL */ - VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 493, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ - VAR_EDE_SERVE_EXPIRED = 494, /* VAR_EDE_SERVE_EXPIRED */ - VAR_SERVE_ORIGINAL_TTL = 495, /* VAR_SERVE_ORIGINAL_TTL */ - VAR_FAKE_DSA = 496, /* VAR_FAKE_DSA */ - VAR_FAKE_SHA1 = 497, /* VAR_FAKE_SHA1 */ - VAR_LOG_IDENTITY = 498, /* VAR_LOG_IDENTITY */ - VAR_HIDE_TRUSTANCHOR = 499, /* VAR_HIDE_TRUSTANCHOR */ - VAR_HIDE_HTTP_USER_AGENT = 500, /* VAR_HIDE_HTTP_USER_AGENT */ - VAR_HTTP_USER_AGENT = 501, /* VAR_HTTP_USER_AGENT */ - VAR_TRUST_ANCHOR_SIGNALING = 502, /* VAR_TRUST_ANCHOR_SIGNALING */ - VAR_AGGRESSIVE_NSEC = 503, /* VAR_AGGRESSIVE_NSEC */ - VAR_USE_SYSTEMD = 504, /* VAR_USE_SYSTEMD */ - VAR_SHM_ENABLE = 505, /* VAR_SHM_ENABLE */ - VAR_SHM_KEY = 506, /* VAR_SHM_KEY */ - VAR_ROOT_KEY_SENTINEL = 507, /* VAR_ROOT_KEY_SENTINEL */ - VAR_DNSCRYPT = 508, /* VAR_DNSCRYPT */ - VAR_DNSCRYPT_ENABLE = 509, /* VAR_DNSCRYPT_ENABLE */ - VAR_DNSCRYPT_PORT = 510, /* VAR_DNSCRYPT_PORT */ - VAR_DNSCRYPT_PROVIDER = 511, /* VAR_DNSCRYPT_PROVIDER */ - VAR_DNSCRYPT_SECRET_KEY = 512, /* VAR_DNSCRYPT_SECRET_KEY */ - VAR_DNSCRYPT_PROVIDER_CERT = 513, /* VAR_DNSCRYPT_PROVIDER_CERT */ - VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 514, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 515, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 516, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 517, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 518, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ - VAR_PAD_RESPONSES = 519, /* VAR_PAD_RESPONSES */ - VAR_PAD_RESPONSES_BLOCK_SIZE = 520, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ - VAR_PAD_QUERIES = 521, /* VAR_PAD_QUERIES */ - VAR_PAD_QUERIES_BLOCK_SIZE = 522, /* VAR_PAD_QUERIES_BLOCK_SIZE */ - VAR_IPSECMOD_ENABLED = 523, /* VAR_IPSECMOD_ENABLED */ - VAR_IPSECMOD_HOOK = 524, /* VAR_IPSECMOD_HOOK */ - VAR_IPSECMOD_IGNORE_BOGUS = 525, /* VAR_IPSECMOD_IGNORE_BOGUS */ - VAR_IPSECMOD_MAX_TTL = 526, /* VAR_IPSECMOD_MAX_TTL */ - VAR_IPSECMOD_WHITELIST = 527, /* VAR_IPSECMOD_WHITELIST */ - VAR_IPSECMOD_STRICT = 528, /* VAR_IPSECMOD_STRICT */ - VAR_CACHEDB = 529, /* VAR_CACHEDB */ - VAR_CACHEDB_BACKEND = 530, /* VAR_CACHEDB_BACKEND */ - VAR_CACHEDB_SECRETSEED = 531, /* VAR_CACHEDB_SECRETSEED */ - VAR_CACHEDB_REDISHOST = 532, /* VAR_CACHEDB_REDISHOST */ - VAR_CACHEDB_REDISPORT = 533, /* VAR_CACHEDB_REDISPORT */ - VAR_CACHEDB_REDISTIMEOUT = 534, /* VAR_CACHEDB_REDISTIMEOUT */ - VAR_CACHEDB_REDISEXPIRERECORDS = 535, /* VAR_CACHEDB_REDISEXPIRERECORDS */ - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 536, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ - VAR_FOR_UPSTREAM = 537, /* VAR_FOR_UPSTREAM */ - VAR_AUTH_ZONE = 538, /* VAR_AUTH_ZONE */ - VAR_ZONEFILE = 539, /* VAR_ZONEFILE */ - VAR_MASTER = 540, /* VAR_MASTER */ - VAR_URL = 541, /* VAR_URL */ - VAR_FOR_DOWNSTREAM = 542, /* VAR_FOR_DOWNSTREAM */ - VAR_FALLBACK_ENABLED = 543, /* VAR_FALLBACK_ENABLED */ - VAR_TLS_ADDITIONAL_PORT = 544, /* VAR_TLS_ADDITIONAL_PORT */ - VAR_LOW_RTT = 545, /* VAR_LOW_RTT */ - VAR_LOW_RTT_PERMIL = 546, /* VAR_LOW_RTT_PERMIL */ - VAR_FAST_SERVER_PERMIL = 547, /* VAR_FAST_SERVER_PERMIL */ - VAR_FAST_SERVER_NUM = 548, /* VAR_FAST_SERVER_NUM */ - VAR_ALLOW_NOTIFY = 549, /* VAR_ALLOW_NOTIFY */ - VAR_TLS_WIN_CERT = 550, /* VAR_TLS_WIN_CERT */ - VAR_TCP_CONNECTION_LIMIT = 551, /* VAR_TCP_CONNECTION_LIMIT */ - VAR_FORWARD_NO_CACHE = 552, /* VAR_FORWARD_NO_CACHE */ - VAR_STUB_NO_CACHE = 553, /* VAR_STUB_NO_CACHE */ - VAR_LOG_SERVFAIL = 554, /* VAR_LOG_SERVFAIL */ - VAR_DENY_ANY = 555, /* VAR_DENY_ANY */ - VAR_UNKNOWN_SERVER_TIME_LIMIT = 556, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ - VAR_LOG_TAG_QUERYREPLY = 557, /* VAR_LOG_TAG_QUERYREPLY */ - VAR_STREAM_WAIT_SIZE = 558, /* VAR_STREAM_WAIT_SIZE */ - VAR_TLS_CIPHERS = 559, /* VAR_TLS_CIPHERS */ - VAR_TLS_CIPHERSUITES = 560, /* VAR_TLS_CIPHERSUITES */ - VAR_TLS_USE_SNI = 561, /* VAR_TLS_USE_SNI */ - VAR_IPSET = 562, /* VAR_IPSET */ - VAR_IPSET_NAME_V4 = 563, /* VAR_IPSET_NAME_V4 */ - VAR_IPSET_NAME_V6 = 564, /* VAR_IPSET_NAME_V6 */ - VAR_TLS_SESSION_TICKET_KEYS = 565, /* VAR_TLS_SESSION_TICKET_KEYS */ - VAR_RPZ = 566, /* VAR_RPZ */ - VAR_TAGS = 567, /* VAR_TAGS */ - VAR_RPZ_ACTION_OVERRIDE = 568, /* VAR_RPZ_ACTION_OVERRIDE */ - VAR_RPZ_CNAME_OVERRIDE = 569, /* VAR_RPZ_CNAME_OVERRIDE */ - VAR_RPZ_LOG = 570, /* VAR_RPZ_LOG */ - VAR_RPZ_LOG_NAME = 571, /* VAR_RPZ_LOG_NAME */ - VAR_DYNLIB = 572, /* VAR_DYNLIB */ - VAR_DYNLIB_FILE = 573, /* VAR_DYNLIB_FILE */ - VAR_EDNS_CLIENT_STRING = 574, /* VAR_EDNS_CLIENT_STRING */ - VAR_EDNS_CLIENT_STRING_OPCODE = 575, /* VAR_EDNS_CLIENT_STRING_OPCODE */ - VAR_NSID = 576, /* VAR_NSID */ - VAR_ZONEMD_PERMISSIVE_MODE = 577, /* VAR_ZONEMD_PERMISSIVE_MODE */ - VAR_ZONEMD_CHECK = 578, /* VAR_ZONEMD_CHECK */ - VAR_ZONEMD_REJECT_ABSENCE = 579, /* VAR_ZONEMD_REJECT_ABSENCE */ - VAR_RPZ_SIGNAL_NXDOMAIN_RA = 580, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */ - VAR_INTERFACE_AUTOMATIC_PORTS = 581, /* VAR_INTERFACE_AUTOMATIC_PORTS */ - VAR_EDE = 582, /* VAR_EDE */ - VAR_INTERFACE_ACTION = 583, /* VAR_INTERFACE_ACTION */ - VAR_INTERFACE_VIEW = 584, /* VAR_INTERFACE_VIEW */ - VAR_INTERFACE_TAG = 585, /* VAR_INTERFACE_TAG */ - VAR_INTERFACE_TAG_ACTION = 586, /* VAR_INTERFACE_TAG_ACTION */ - VAR_INTERFACE_TAG_DATA = 587, /* VAR_INTERFACE_TAG_DATA */ - VAR_PROXY_PROTOCOL_PORT = 588 /* VAR_PROXY_PROTOCOL_PORT */ + VAR_MAX_SENT_COUNT = 458, /* VAR_MAX_SENT_COUNT */ + VAR_MAX_QUERY_RESTARTS = 459, /* VAR_MAX_QUERY_RESTARTS */ + VAR_RATELIMIT_FOR_DOMAIN = 460, /* VAR_RATELIMIT_FOR_DOMAIN */ + VAR_RATELIMIT_BELOW_DOMAIN = 461, /* VAR_RATELIMIT_BELOW_DOMAIN */ + VAR_IP_RATELIMIT_FACTOR = 462, /* VAR_IP_RATELIMIT_FACTOR */ + VAR_RATELIMIT_FACTOR = 463, /* VAR_RATELIMIT_FACTOR */ + VAR_IP_RATELIMIT_BACKOFF = 464, /* VAR_IP_RATELIMIT_BACKOFF */ + VAR_RATELIMIT_BACKOFF = 465, /* VAR_RATELIMIT_BACKOFF */ + VAR_SEND_CLIENT_SUBNET = 466, /* VAR_SEND_CLIENT_SUBNET */ + VAR_CLIENT_SUBNET_ZONE = 467, /* VAR_CLIENT_SUBNET_ZONE */ + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 468, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ + VAR_CLIENT_SUBNET_OPCODE = 469, /* VAR_CLIENT_SUBNET_OPCODE */ + VAR_MAX_CLIENT_SUBNET_IPV4 = 470, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ + VAR_MAX_CLIENT_SUBNET_IPV6 = 471, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ + VAR_MIN_CLIENT_SUBNET_IPV4 = 472, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ + VAR_MIN_CLIENT_SUBNET_IPV6 = 473, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ + VAR_MAX_ECS_TREE_SIZE_IPV4 = 474, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ + VAR_MAX_ECS_TREE_SIZE_IPV6 = 475, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ + VAR_CAPS_WHITELIST = 476, /* VAR_CAPS_WHITELIST */ + VAR_CACHE_MAX_NEGATIVE_TTL = 477, /* VAR_CACHE_MAX_NEGATIVE_TTL */ + VAR_PERMIT_SMALL_HOLDDOWN = 478, /* VAR_PERMIT_SMALL_HOLDDOWN */ + VAR_QNAME_MINIMISATION = 479, /* VAR_QNAME_MINIMISATION */ + VAR_QNAME_MINIMISATION_STRICT = 480, /* VAR_QNAME_MINIMISATION_STRICT */ + VAR_IP_FREEBIND = 481, /* VAR_IP_FREEBIND */ + VAR_DEFINE_TAG = 482, /* VAR_DEFINE_TAG */ + VAR_LOCAL_ZONE_TAG = 483, /* VAR_LOCAL_ZONE_TAG */ + VAR_ACCESS_CONTROL_TAG = 484, /* VAR_ACCESS_CONTROL_TAG */ + VAR_LOCAL_ZONE_OVERRIDE = 485, /* VAR_LOCAL_ZONE_OVERRIDE */ + VAR_ACCESS_CONTROL_TAG_ACTION = 486, /* VAR_ACCESS_CONTROL_TAG_ACTION */ + VAR_ACCESS_CONTROL_TAG_DATA = 487, /* VAR_ACCESS_CONTROL_TAG_DATA */ + VAR_VIEW = 488, /* VAR_VIEW */ + VAR_ACCESS_CONTROL_VIEW = 489, /* VAR_ACCESS_CONTROL_VIEW */ + VAR_VIEW_FIRST = 490, /* VAR_VIEW_FIRST */ + VAR_SERVE_EXPIRED = 491, /* VAR_SERVE_EXPIRED */ + VAR_SERVE_EXPIRED_TTL = 492, /* VAR_SERVE_EXPIRED_TTL */ + VAR_SERVE_EXPIRED_TTL_RESET = 493, /* VAR_SERVE_EXPIRED_TTL_RESET */ + VAR_SERVE_EXPIRED_REPLY_TTL = 494, /* VAR_SERVE_EXPIRED_REPLY_TTL */ + VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 495, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ + VAR_EDE_SERVE_EXPIRED = 496, /* VAR_EDE_SERVE_EXPIRED */ + VAR_SERVE_ORIGINAL_TTL = 497, /* VAR_SERVE_ORIGINAL_TTL */ + VAR_FAKE_DSA = 498, /* VAR_FAKE_DSA */ + VAR_FAKE_SHA1 = 499, /* VAR_FAKE_SHA1 */ + VAR_LOG_IDENTITY = 500, /* VAR_LOG_IDENTITY */ + VAR_HIDE_TRUSTANCHOR = 501, /* VAR_HIDE_TRUSTANCHOR */ + VAR_HIDE_HTTP_USER_AGENT = 502, /* VAR_HIDE_HTTP_USER_AGENT */ + VAR_HTTP_USER_AGENT = 503, /* VAR_HTTP_USER_AGENT */ + VAR_TRUST_ANCHOR_SIGNALING = 504, /* VAR_TRUST_ANCHOR_SIGNALING */ + VAR_AGGRESSIVE_NSEC = 505, /* VAR_AGGRESSIVE_NSEC */ + VAR_USE_SYSTEMD = 506, /* VAR_USE_SYSTEMD */ + VAR_SHM_ENABLE = 507, /* VAR_SHM_ENABLE */ + VAR_SHM_KEY = 508, /* VAR_SHM_KEY */ + VAR_ROOT_KEY_SENTINEL = 509, /* VAR_ROOT_KEY_SENTINEL */ + VAR_DNSCRYPT = 510, /* VAR_DNSCRYPT */ + VAR_DNSCRYPT_ENABLE = 511, /* VAR_DNSCRYPT_ENABLE */ + VAR_DNSCRYPT_PORT = 512, /* VAR_DNSCRYPT_PORT */ + VAR_DNSCRYPT_PROVIDER = 513, /* VAR_DNSCRYPT_PROVIDER */ + VAR_DNSCRYPT_SECRET_KEY = 514, /* VAR_DNSCRYPT_SECRET_KEY */ + VAR_DNSCRYPT_PROVIDER_CERT = 515, /* VAR_DNSCRYPT_PROVIDER_CERT */ + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 516, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 517, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 518, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 519, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 520, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ + VAR_PAD_RESPONSES = 521, /* VAR_PAD_RESPONSES */ + VAR_PAD_RESPONSES_BLOCK_SIZE = 522, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
View file
_service:tar_scm:unbound-1.17.0.tar.gz/util/configparser.y -> _service:tar_scm:unbound-1.17.1.tar.gz/util/configparser.y
Changed
@@ -140,7 +140,7 @@ %token VAR_DISABLE_DNSSEC_LAME_CHECK %token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE %token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE -%token VAR_OUTBOUND_MSG_RETRY +%token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS %token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN %token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR %token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF @@ -193,7 +193,7 @@ %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA -%token VAR_PROXY_PROTOCOL_PORT +%token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -282,6 +282,7 @@ server_ratelimit_below_domain | server_ratelimit_factor | server_ip_ratelimit_factor | server_ratelimit_backoff | server_ip_ratelimit_backoff | server_outbound_msg_retry | + server_max_sent_count | server_max_query_restarts | server_send_client_subnet | server_client_subnet_zone | server_client_subnet_always_forward | server_client_subnet_opcode | server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 | @@ -322,7 +323,7 @@ server_zonemd_permissive_mode | server_max_reuse_tcp_queries | server_tcp_reuse_timeout | server_tcp_auth_query_timeout | server_interface_automatic_ports | server_ede | - server_proxy_protocol_port + server_proxy_protocol_port | server_statistics_inhibit_zero ; stubstart: VAR_STUB_ZONE { @@ -554,6 +555,15 @@ free($2); } ; +server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG + { + OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0); + free($2); + } + ; server_shm_enable: VAR_SHM_ENABLE STRING_ARG { OUTYY(("P(server_shm_enable:%s)\n", $2)); @@ -2636,6 +2646,24 @@ free($2); } ; +server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG + { + OUTYY(("P(server_max_sent_count:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->max_sent_count = atoi($2); + free($2); + } + ; +server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG + { + OUTYY(("P(server_max_query_restarts:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->max_query_restarts = atoi($2); + free($2); + } + ; server_low_rtt: VAR_LOW_RTT STRING_ARG { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
View file
_service:tar_scm:unbound-1.17.0.tar.gz/util/iana_ports.inc -> _service:tar_scm:unbound-1.17.1.tar.gz/util/iana_ports.inc
Changed
@@ -4840,6 +4840,7 @@ 8403, 8416, 8417, +8433, 8442, 8443, 8444,
View file
_service:tar_scm:unbound-1.17.0.tar.gz/util/netevent.c -> _service:tar_scm:unbound-1.17.1.tar.gz/util/netevent.c
Changed
@@ -810,7 +810,7 @@ /* We are reading a whole packet; * Move the rest of the data to overwrite the PROXYv2 header */ /* XXX can we do better to avoid memmove? */ - memmove(header, ((void*)header)+size, + memmove(header, ((char*)header)+size, sldns_buffer_limit(buf)-size); sldns_buffer_set_limit(buf, sldns_buffer_limit(buf)-size); } @@ -2545,8 +2545,9 @@ return 1; } -/** read again to drain buffers when there could be more to read */ -static void +/** read again to drain buffers when there could be more to read, returns 0 + * on failure which means the comm point is closed. */ +static int tcp_req_info_read_again(int fd, struct comm_point* c) { while(c->tcp_req_info->read_again) { @@ -2563,9 +2564,10 @@ (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } - return; + return 0; } } + return 1; } /** read again to drain buffers when there could be more to read */ @@ -2623,6 +2625,9 @@ log_assert(c->type == comm_tcp); ub_comm_base_now(c->ev->base); + if(c->fd == -1 || c->fd != fd) + return; /* duplicate event, but commpoint closed. */ + #ifdef USE_DNSCRYPT /* Initialize if this is a dnscrypt socket */ if(c->tcp_parent) { @@ -2671,8 +2676,10 @@ } return; } - if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) - tcp_req_info_read_again(fd, c); + if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) { + if(!tcp_req_info_read_again(fd, c)) + return; + } if(moreread && *moreread) tcp_more_read_again(fd, c); return; @@ -2690,8 +2697,10 @@ } return; } - if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) - tcp_req_info_read_again(fd, c); + if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) { + if(!tcp_req_info_read_again(fd, c)) + return; + } if(morewrite && *morewrite) tcp_more_write_again(fd, c); return; @@ -4488,6 +4497,11 @@ tcp_req_info_clear(c->tcp_req_info); if(c->h2_session) http2_session_server_delete(c->h2_session); + /* stop the comm point from reading or writing after it is closed. */ + if(c->tcp_more_read_again && *c->tcp_more_read_again) + *c->tcp_more_read_again = 0; + if(c->tcp_more_write_again && *c->tcp_more_write_again) + *c->tcp_more_write_again = 0; /* close fd after removing from event lists, or epoll.. is messed up */ if(c->fd != -1 && !c->do_not_close) {
View file
_service:tar_scm:unbound-1.17.0.tar.gz/util/tube.c -> _service:tar_scm:unbound-1.17.1.tar.gz/util/tube.c
Changed
@@ -45,6 +45,9 @@ #include "util/netevent.h" #include "util/fptr_wlist.h" #include "util/ub_event.h" +#ifdef HAVE_POLL_H +#include <poll.h> +#endif #ifndef USE_WINSOCK /* on unix */ @@ -396,20 +399,28 @@ return 1; } -/** perform a select() on the fd */ +/** perform poll() on the fd */ static int pollit(int fd, struct timeval* t) { - fd_set r; + struct pollfd fds; + int pret; + int msec = -1; + memset(&fds, 0, sizeof(fds)); + fds.fd = fd; + fds.events = POLLIN | POLLERR | POLLHUP; #ifndef S_SPLINT_S - FD_ZERO(&r); - FD_SET(FD_SET_T fd, &r); + if(t) + msec = t->tv_sec*1000 + t->tv_usec/1000; #endif - if(select(fd+1, &r, NULL, NULL, t) == -1) { + + pret = poll(&fds, 1, msec); + + if(pret == -1) return 0; - } - errno = 0; - return (int)(FD_ISSET(fd, &r)); + if(pret != 0) + return 1; + return 0; } int tube_poll(struct tube* tube) @@ -426,24 +437,27 @@ int tube_wait_timeout(struct tube* tube, int msec) { - struct timeval t; - int fd = tube->sr; - fd_set r; - t.tv_sec = msec/1000; - t.tv_usec = (msec%1000)*1000; -#ifndef S_SPLINT_S - FD_ZERO(&r); - FD_SET(FD_SET_T fd, &r); -#endif + int ret = 0; + while(1) { - if(select(fd+1, &r, NULL, NULL, &t) == -1) { + struct pollfd fds; + memset(&fds, 0, sizeof(fds)); + + fds.fd = tube->sr; + fds.events = POLLIN | POLLERR | POLLHUP; + ret = poll(&fds, 1, msec); + + if(ret == -1) { if(errno == EAGAIN || errno == EINTR) continue; return -1; } break; } - return (int)(FD_ISSET(fd, &r)); + + if(ret != 0) + return 1; + return 0; } int tube_read_fd(struct tube* tube) @@ -529,6 +543,7 @@ if(tube->event == WSA_INVALID_EVENT) { free(tube); log_err("WSACreateEvent: %s", wsa_strerror(WSAGetLastError())); + return NULL; } if(!WSAResetEvent(tube->event)) { log_err("WSAResetEvent: %s", wsa_strerror(WSAGetLastError()));
View file
_service:tar_scm:unbound.conf
Changed
@@ -41,6 +41,11 @@ # Needs to be enabled for munin plugin extended-statistics: yes + # Inhibits selected extended statistics (qtype, qclass, qopcode, rcode, + # rpz-actions) from printing if their value is 0. + # Default on. + # statistics-inhibit-zero: yes + # number of threads to create. 1 disables threading. num-threads: 4 @@ -152,7 +157,7 @@ # ip-dscp: 0 # EDNS reassembly buffer to advertise to UDP peers (the actual buffer - # is set with msg-buffer-size). 1472 can solve fragmentation (timeouts) + # is set with msg-buffer-size). # edns-buffer-size: 1232 # Maximum UDP response size (not applied to TCP response). @@ -193,6 +198,15 @@ # a throwaway response (also timeouts) is received. # outbound-msg-retry: 5 + # Hard limit on the number of outgoing queries Unbound will make while + # resolving a name, making sure large NS sets do not loop. + # It resets on query restarts (e.g., CNAME) and referrals. + # max-sent-count: 32 + + # Hard limit on the number of times Unbound is allowed to restart a + # query upon encountering a CNAME record. + # max-query-restarts: 11 + # msec for waiting for an unknown server to reply. Increase if you # are behind a slow satellite link, to eg. 1128. # unknown-server-time-limit: 376 @@ -238,7 +252,8 @@ # the maximum number of hosts that are cached (roundtrip, EDNS, lame). # infra-cache-numhosts: 10000 - # define a number of tags here, use with local-zone, access-control. + # define a number of tags here, use with local-zone, access-control, + # interface-*. # repeat the define-tag statement to add additional tags. # define-tag: "tag1 tag2 tag3" @@ -281,7 +296,9 @@ # Timeout for EDNS TCP keepalive, in msec. # edns-tcp-keepalive-timeout: 120000 - # Fedora note: do not activate this - can cause a crash + # Fedora note: do not activate this - not compiled in because + # it causes frequent unbound crashes. Also, socket activation + # is bad when you have things like dnsmasq also running with libvirt. # Use systemd socket activation for UDP, TCP, and control sockets. # use-systemd: no @@ -297,9 +314,7 @@ # allow_snoop (recursive and nonrecursive ok) # deny_non_local (drop queries unless can be answered from local-data) # refuse_non_local (like deny_non_local but polite error reply). - # access-control: 0.0.0.0/0 refuse # access-control: 127.0.0.0/8 allow - # access-control: ::0/0 refuse # access-control: ::1 allow # access-control: ::ffff:127.0.0.1 allow @@ -595,6 +610,8 @@ # most modules have to be listed at the beginning of the line, # except cachedb(just before iterator), and python (at the beginning, # or, just before the iterator). + # For redis cachedb use: + # "ipsecmod validator cachedb iterator" module-config: "ipsecmod validator iterator" # File with trusted keys, kept uptodate using RFC5011 probes, @@ -602,7 +619,8 @@ # Use several entries, one per domain name, to track multiple zones. # # If you want to perform DNSSEC validation, run unbound-anchor before - # you start Unbound (i.e. in the system boot scripts). And enable: + # you start Unbound (i.e. in the system boot scripts). + # And then enable the auto-trust-anchor-file config item. # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). # auto-trust-anchor-file: "/var/lib/unbound/root.key"
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2