summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2018-05-12 14:04:48 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2018-05-12 14:04:48 +0000
commit3005e0a300309ec169f8e42181b39865e910da6c (patch)
tree8eaf30afd386bf7a427adf1878fbca0e34c6b2cc
parentd7d1dffb618fb1f6ddba8a8bc71f34bd3b7bf9c2 (diff)
parentfbdb9ac866a647da0919b224f05cca039afc02fa (diff)
downloadsrc-test2-3005e0a300309ec169f8e42181b39865e910da6c.tar.gz
src-test2-3005e0a300309ec169f8e42181b39865e910da6c.zip
Notes
-rw-r--r--contrib/unbound/aclocal.m4326
-rw-r--r--contrib/unbound/compat/arc4_lock.c2
-rw-r--r--contrib/unbound/compat/ctime_r.c2
-rw-r--r--contrib/unbound/config.h37
-rw-r--r--contrib/unbound/config.h.in19
-rwxr-xr-xcontrib/unbound/configure450
-rw-r--r--contrib/unbound/configure.ac49
-rw-r--r--contrib/unbound/contrib/README2
-rw-r--r--contrib/unbound/contrib/unbound.service.in8
-rw-r--r--contrib/unbound/contrib/unbound.socket.in6
-rw-r--r--contrib/unbound/daemon/acl_list.h2
-rw-r--r--contrib/unbound/daemon/daemon.c19
-rw-r--r--contrib/unbound/daemon/remote.c49
-rw-r--r--contrib/unbound/daemon/stats.c7
-rw-r--r--contrib/unbound/daemon/stats.h2
-rw-r--r--contrib/unbound/daemon/unbound.c5
-rw-r--r--contrib/unbound/daemon/worker.c56
-rw-r--r--contrib/unbound/daemon/worker.h2
-rw-r--r--contrib/unbound/dnstap/dnstap.c9
-rw-r--r--contrib/unbound/doc/Changelog98
-rw-r--r--contrib/unbound/doc/README2
-rw-r--r--contrib/unbound/doc/example.conf69
-rw-r--r--contrib/unbound/doc/example.conf.in24
-rw-r--r--contrib/unbound/doc/libunbound.310
-rw-r--r--contrib/unbound/doc/libunbound.3.in8
-rw-r--r--contrib/unbound/doc/unbound-anchor.84
-rw-r--r--contrib/unbound/doc/unbound-anchor.8.in2
-rw-r--r--contrib/unbound/doc/unbound-checkconf.82
-rw-r--r--contrib/unbound/doc/unbound-checkconf.8.in2
-rw-r--r--contrib/unbound/doc/unbound-control.856
-rw-r--r--contrib/unbound/doc/unbound-control.8.in16
-rw-r--r--contrib/unbound/doc/unbound-host.12
-rw-r--r--contrib/unbound/doc/unbound-host.1.in2
-rw-r--r--contrib/unbound/doc/unbound.84
-rw-r--r--contrib/unbound/doc/unbound.8.in4
-rw-r--r--contrib/unbound/doc/unbound.conf.5131
-rw-r--r--contrib/unbound/doc/unbound.conf.5.in52
-rw-r--r--contrib/unbound/iterator/iter_donotq.h2
-rw-r--r--contrib/unbound/iterator/iter_fwd.c8
-rw-r--r--contrib/unbound/iterator/iter_fwd.h4
-rw-r--r--contrib/unbound/iterator/iter_hints.c2
-rw-r--r--contrib/unbound/iterator/iter_hints.h2
-rw-r--r--contrib/unbound/iterator/iter_priv.h4
-rw-r--r--contrib/unbound/iterator/iter_scrub.c4
-rw-r--r--contrib/unbound/iterator/iter_utils.c2
-rw-r--r--contrib/unbound/iterator/iterator.c2
-rw-r--r--contrib/unbound/iterator/iterator.h4
-rw-r--r--contrib/unbound/libunbound/context.c2
-rw-r--r--contrib/unbound/libunbound/context.h16
-rw-r--r--contrib/unbound/libunbound/libunbound.c15
-rw-r--r--contrib/unbound/libunbound/libworker.c2
-rw-r--r--contrib/unbound/libunbound/unbound-event.h5
-rw-r--r--contrib/unbound/libunbound/unbound.h4
-rw-r--r--contrib/unbound/services/cache/dns.c8
-rw-r--r--contrib/unbound/services/cache/dns.h2
-rw-r--r--contrib/unbound/services/cache/infra.c139
-rw-r--r--contrib/unbound/services/cache/infra.h50
-rw-r--r--contrib/unbound/services/cache/rrset.c10
-rw-r--r--contrib/unbound/services/cache/rrset.h2
-rw-r--r--contrib/unbound/services/listen_dnsport.c182
-rw-r--r--contrib/unbound/services/listen_dnsport.h11
-rw-r--r--contrib/unbound/services/localzone.c45
-rw-r--r--contrib/unbound/services/localzone.h14
-rw-r--r--contrib/unbound/services/mesh.c24
-rw-r--r--contrib/unbound/services/mesh.h24
-rw-r--r--contrib/unbound/services/outside_network.c22
-rw-r--r--contrib/unbound/services/outside_network.h20
-rw-r--r--contrib/unbound/services/view.c4
-rw-r--r--contrib/unbound/services/view.h13
-rw-r--r--contrib/unbound/smallapp/unbound-anchor.c5
-rw-r--r--contrib/unbound/smallapp/unbound-control.c15
-rw-r--r--contrib/unbound/systemd.m431
-rw-r--r--contrib/unbound/util/alloc.c25
-rw-r--r--contrib/unbound/util/alloc.h16
-rw-r--r--contrib/unbound/util/config_file.c21
-rw-r--r--contrib/unbound/util/config_file.h16
-rw-r--r--contrib/unbound/util/configlexer.lex6
-rw-r--r--contrib/unbound/util/configparser.y83
-rw-r--r--contrib/unbound/util/data/dname.c8
-rw-r--r--contrib/unbound/util/data/dname.h5
-rw-r--r--contrib/unbound/util/data/msgparse.c30
-rw-r--r--contrib/unbound/util/data/msgparse.h8
-rw-r--r--contrib/unbound/util/data/msgreply.c40
-rw-r--r--contrib/unbound/util/data/msgreply.h25
-rw-r--r--contrib/unbound/util/data/packed_rrset.c4
-rw-r--r--contrib/unbound/util/data/packed_rrset.h12
-rw-r--r--contrib/unbound/util/fptr_wlist.c31
-rw-r--r--contrib/unbound/util/fptr_wlist.h28
-rw-r--r--contrib/unbound/util/iana_ports.inc4
-rw-r--r--contrib/unbound/util/locks.c34
-rw-r--r--contrib/unbound/util/locks.h91
-rw-r--r--contrib/unbound/util/log.c4
-rw-r--r--contrib/unbound/util/mini_event.c2
-rw-r--r--contrib/unbound/util/mini_event.h4
-rw-r--r--contrib/unbound/util/module.c12
-rw-r--r--contrib/unbound/util/module.h20
-rw-r--r--contrib/unbound/util/net_help.c6
-rw-r--r--contrib/unbound/util/netevent.c18
-rw-r--r--contrib/unbound/util/netevent.h16
-rw-r--r--contrib/unbound/util/rbtree.c106
-rw-r--r--contrib/unbound/util/rbtree.h58
-rw-r--r--contrib/unbound/util/storage/dnstree.c30
-rw-r--r--contrib/unbound/util/storage/dnstree.h30
-rw-r--r--contrib/unbound/util/storage/lruhash.c17
-rw-r--r--contrib/unbound/util/storage/lruhash.h48
-rw-r--r--contrib/unbound/util/storage/slabhash.c18
-rw-r--r--contrib/unbound/util/storage/slabhash.h16
-rw-r--r--contrib/unbound/util/tube.c4
-rw-r--r--contrib/unbound/util/tube.h10
-rw-r--r--contrib/unbound/util/winsock_event.c2
-rw-r--r--contrib/unbound/util/winsock_event.h4
-rw-r--r--contrib/unbound/validator/autotrust.c14
-rw-r--r--contrib/unbound/validator/autotrust.h8
-rw-r--r--contrib/unbound/validator/val_anchor.c10
-rw-r--r--contrib/unbound/validator/val_anchor.h8
-rw-r--r--contrib/unbound/validator/val_neg.c12
-rw-r--r--contrib/unbound/validator/val_neg.h10
-rw-r--r--contrib/unbound/validator/val_nsec3.c26
-rw-r--r--contrib/unbound/validator/val_nsec3.h4
-rw-r--r--contrib/unbound/validator/val_secalgo.c22
-rw-r--r--contrib/unbound/validator/val_sigcrypt.c20
-rw-r--r--contrib/unbound/validator/val_sigcrypt.h6
-rw-r--r--contrib/unbound/validator/validator.h2
123 files changed, 2596 insertions, 697 deletions
diff --git a/contrib/unbound/aclocal.m4 b/contrib/unbound/aclocal.m4
index ea5d6e9f8684..f21da5394f73 100644
--- a/contrib/unbound/aclocal.m4
+++ b/contrib/unbound/aclocal.m4
@@ -9044,3 +9044,329 @@ m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])])
m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])])
m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])])
+dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
+dnl serial 11 (pkg-config-0.29.1)
+dnl
+dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program; if not, write to the Free Software
+dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+dnl 02111-1307, USA.
+dnl
+dnl As a special exception to the GNU General Public License, if you
+dnl distribute this file as part of a program that contains a
+dnl configuration script generated by Autoconf, you may include it under
+dnl the same distribution terms that you use for the rest of that
+dnl program.
+
+dnl PKG_PREREQ(MIN-VERSION)
+dnl -----------------------
+dnl Since: 0.29
+dnl
+dnl Verify that the version of the pkg-config macros are at least
+dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
+dnl installed version of pkg-config, this checks the developer's version
+dnl of pkg.m4 when generating configure.
+dnl
+dnl To ensure that this macro is defined, also add:
+dnl m4_ifndef([PKG_PREREQ],
+dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
+dnl
+dnl See the "Since" comment for each macro you use to see what version
+dnl of the macros you require.
+m4_defun([PKG_PREREQ],
+[m4_define([PKG_MACROS_VERSION], [0.29.1])
+m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
+ [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
+])dnl PKG_PREREQ
+
+dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
+dnl ----------------------------------
+dnl Since: 0.16
+dnl
+dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
+dnl first found in the path. Checks that the version of pkg-config found
+dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
+dnl used since that's the first version where most current features of
+dnl pkg-config existed.
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+ AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+ _pkg_min_version=m4_default([$1], [0.9.0])
+ AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+ if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ PKG_CONFIG=""
+ fi
+fi[]dnl
+])dnl PKG_PROG_PKG_CONFIG
+
+dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------------------------------
+dnl Since: 0.18
+dnl
+dnl Check to see whether a particular set of modules exists. Similar to
+dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
+dnl
+dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+dnl only at the first occurence in configure.ac, so if the first place
+dnl it's called might be skipped (such as if it is within an "if", you
+dnl have to call PKG_CHECK_EXISTS manually
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+ m4_default([$2], [:])
+m4_ifvaln([$3], [else
+ $3])dnl
+fi])
+
+dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+dnl ---------------------------------------------
+dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
+dnl pkg_failed based on the result.
+m4_define([_PKG_CONFIG],
+[if test -n "$$1"; then
+ pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+ PKG_CHECK_EXISTS([$3],
+ [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes ],
+ [pkg_failed=yes])
+ else
+ pkg_failed=untried
+fi[]dnl
+])dnl _PKG_CONFIG
+
+dnl _PKG_SHORT_ERRORS_SUPPORTED
+dnl ---------------------------
+dnl Internal check to see if pkg-config supports short errors.
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi[]dnl
+])dnl _PKG_SHORT_ERRORS_SUPPORTED
+
+
+dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl [ACTION-IF-NOT-FOUND])
+dnl --------------------------------------------------------------
+dnl Since: 0.4.0
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
+dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $1])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
+and $1[]_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.])
+
+if test $pkg_failed = yes; then
+ AC_MSG_RESULT([no])
+ _PKG_SHORT_ERRORS_SUPPORTED
+ if test $_pkg_short_errors_supported = yes; then
+ $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
+ else
+ $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+
+ m4_default([$4], [AC_MSG_ERROR(
+[Package requirements ($2) were not met:
+
+$$1_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+_PKG_TEXT])[]dnl
+ ])
+elif test $pkg_failed = untried; then
+ AC_MSG_RESULT([no])
+ m4_default([$4], [AC_MSG_FAILURE(
+[The pkg-config script could not be found or is too old. Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+_PKG_TEXT
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
+ ])
+else
+ $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+ $1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+ AC_MSG_RESULT([yes])
+ $3
+fi[]dnl
+])dnl PKG_CHECK_MODULES
+
+
+dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl [ACTION-IF-NOT-FOUND])
+dnl ---------------------------------------------------------------------
+dnl Since: 0.29
+dnl
+dnl Checks for existence of MODULES and gathers its build flags with
+dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
+dnl and VARIABLE-PREFIX_LIBS from --libs.
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
+dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
+dnl configure.ac.
+AC_DEFUN([PKG_CHECK_MODULES_STATIC],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+_save_PKG_CONFIG=$PKG_CONFIG
+PKG_CONFIG="$PKG_CONFIG --static"
+PKG_CHECK_MODULES($@)
+PKG_CONFIG=$_save_PKG_CONFIG[]dnl
+])dnl PKG_CHECK_MODULES_STATIC
+
+
+dnl PKG_INSTALLDIR([DIRECTORY])
+dnl -------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable pkgconfigdir as the location where a module
+dnl should install pkg-config .pc files. By default the directory is
+dnl $libdir/pkgconfig, but the default can be changed by passing
+dnl DIRECTORY. The user can override through the --with-pkgconfigdir
+dnl parameter.
+AC_DEFUN([PKG_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+ [pkg-config installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([pkgconfigdir],
+ [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
+ [with_pkgconfigdir=]pkg_default)
+AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_INSTALLDIR
+
+
+dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
+dnl --------------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable noarch_pkgconfigdir as the location where a
+dnl module should install arch-independent pkg-config .pc files. By
+dnl default the directory is $datadir/pkgconfig, but the default can be
+dnl changed by passing DIRECTORY. The user can override through the
+dnl --with-noarch-pkgconfigdir parameter.
+AC_DEFUN([PKG_NOARCH_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+ [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([noarch-pkgconfigdir],
+ [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
+ [with_noarch_pkgconfigdir=]pkg_default)
+AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_NOARCH_INSTALLDIR
+
+
+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------
+dnl Since: 0.28
+dnl
+dnl Retrieves the value of the pkg-config variable for the given module.
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])dnl PKG_CHECK_VAR
+
+# AM_CONDITIONAL -*- Autoconf -*-
+
+# Copyright (C) 1997-2014 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ([2.52])dnl
+ m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
+ [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+ $1_TRUE=
+ $1_FALSE='#'
+else
+ $1_TRUE='#'
+ $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+ AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 2006-2014 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# --------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
diff --git a/contrib/unbound/compat/arc4_lock.c b/contrib/unbound/compat/arc4_lock.c
index faa743d15baa..0c45ad01b042 100644
--- a/contrib/unbound/compat/arc4_lock.c
+++ b/contrib/unbound/compat/arc4_lock.c
@@ -48,7 +48,7 @@ void _ARC4_UNLOCK(void)
}
#else /* !THREADS_DISABLED */
-static lock_quick_t arc4lock;
+static lock_quick_type arc4lock;
static int arc4lockinit = 0;
void _ARC4_LOCK(void)
diff --git a/contrib/unbound/compat/ctime_r.c b/contrib/unbound/compat/ctime_r.c
index 2594dc17e76f..87c2609a8408 100644
--- a/contrib/unbound/compat/ctime_r.c
+++ b/contrib/unbound/compat/ctime_r.c
@@ -6,7 +6,7 @@
#include "util/locks.h"
/** the lock for ctime buffer */
-static lock_basic_t ctime_lock;
+static lock_basic_type ctime_lock;
/** has it been inited */
static int ctime_r_init = 0;
diff --git a/contrib/unbound/config.h b/contrib/unbound/config.h
index c8c0cf76f311..efe253200b0a 100644
--- a/contrib/unbound/config.h
+++ b/contrib/unbound/config.h
@@ -69,6 +69,14 @@
if you don't. */
/* #undef HAVE_DECL_ARC4RANDOM_UNIFORM */
+/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you
+ don't. */
+#define HAVE_DECL_INET_NTOP 1
+
+/* Define to 1 if you have the declaration of `inet_pton', and to 0 if you
+ don't. */
+#define HAVE_DECL_INET_PTON 1
+
/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
don't. */
#define HAVE_DECL_NID_SECP384R1 1
@@ -108,6 +116,9 @@
/* Define to 1 if you have the <dlfcn.h> header file. */
#define HAVE_DLFCN_H 1
+/* Define to 1 if you have the `DSA_SIG_set0' function. */
+/* #undef HAVE_DSA_SIG_SET0 */
+
/* Define to 1 if you have the <endian.h> header file. */
/* #undef HAVE_ENDIAN_H */
@@ -144,6 +155,9 @@
/* Define to 1 if you have the `EVP_cleanup' function. */
#define HAVE_EVP_CLEANUP 1
+/* Define to 1 if you have the `EVP_dss1' function. */
+#define HAVE_EVP_DSS1 1
+
/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
/* #undef HAVE_EVP_MD_CTX_NEW */
@@ -345,9 +359,6 @@
/* Define to 1 if you have the `recvmsg' function. */
#define HAVE_RECVMSG 1
-/* define if you have the sbrk() call */
-/* #undef HAVE_SBRK */
-
/* Define to 1 if you have the `sendmsg' function. */
#define HAVE_SENDMSG 1
@@ -396,6 +407,9 @@
/* Define if you have the SSL libraries installed. */
#define HAVE_SSL /**/
+/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */
+/* #undef HAVE_SSL_CTX_SET_SECURITY_LEVEL */
+
/* Define to 1 if you have the <stdarg.h> header file. */
#define HAVE_STDARG_H 1
@@ -441,6 +455,9 @@
/* Define to 1 if you have the <syslog.h> header file. */
#define HAVE_SYSLOG_H 1
+/* Define to 1 if systemd should be used */
+/* #undef HAVE_SYSTEMD */
+
/* Define to 1 if you have the <sys/param.h> header file. */
#define HAVE_SYS_PARAM_H 1
@@ -566,7 +583,7 @@
#define PACKAGE_NAME "unbound"
/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "unbound 1.5.10"
+#define PACKAGE_STRING "unbound 1.6.1"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "unbound"
@@ -575,7 +592,7 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
-#define PACKAGE_VERSION "1.5.10"
+#define PACKAGE_VERSION "1.6.1"
/* default pidfile location */
#define PIDFILE "/var/unbound/unbound.pid"
@@ -594,7 +611,7 @@
#define ROOT_CERT_FILE "/var/unbound/icannbundle.pem"
/* version number for resource files */
-#define RSRC_PACKAGE_VERSION 1,5,10,0
+#define RSRC_PACKAGE_VERSION 1,6,1,0
/* Directory to chdir to */
#define RUN_DIR "/var/unbound"
@@ -1056,6 +1073,14 @@ char *strsep(char **stringp, const char *delim);
int isblank(int c);
#endif
+#if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP
+const char *inet_ntop(int af, const void *src, char *dst, size_t size);
+#endif
+
+#if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON
+int inet_pton(int af, const char* src, void* dst);
+#endif
+
#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS)
#define strptime unbound_strptime
struct tm;
diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in
index 5806b9c75082..3a4f47b5ca79 100644
--- a/contrib/unbound/config.h.in
+++ b/contrib/unbound/config.h.in
@@ -68,6 +68,14 @@
if you don't. */
#undef HAVE_DECL_ARC4RANDOM_UNIFORM
+/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you
+ don't. */
+#undef HAVE_DECL_INET_NTOP
+
+/* Define to 1 if you have the declaration of `inet_pton', and to 0 if you
+ don't. */
+#undef HAVE_DECL_INET_PTON
+
/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
don't. */
#undef HAVE_DECL_NID_SECP384R1
@@ -446,6 +454,9 @@
/* Define to 1 if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
+/* Define to 1 if systemd should be used */
+#undef HAVE_SYSTEMD
+
/* Define to 1 if you have the <sys/param.h> header file. */
#undef HAVE_SYS_PARAM_H
@@ -1061,6 +1072,14 @@ char *strsep(char **stringp, const char *delim);
int isblank(int c);
#endif
+#if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP
+const char *inet_ntop(int af, const void *src, char *dst, size_t size);
+#endif
+
+#if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON
+int inet_pton(int af, const char* src, void* dst);
+#endif
+
#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS)
#define strptime unbound_strptime
struct tm;
diff --git a/contrib/unbound/configure b/contrib/unbound/configure
index 52fd17560e27..f81ed1e86c90 100755
--- a/contrib/unbound/configure
+++ b/contrib/unbound/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for unbound 1.6.0.
+# Generated by GNU Autoconf 2.69 for unbound 1.6.1.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl>.
#
@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.6.0'
-PACKAGE_STRING='unbound 1.6.0'
+PACKAGE_VERSION='1.6.1'
+PACKAGE_STRING='unbound 1.6.1'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
PACKAGE_URL=''
@@ -658,6 +658,15 @@ WIN_DAEMON_SRC
WINAPPS
WINDRES
CHECKLOCK_OBJ
+USE_SYSTEMD_FALSE
+USE_SYSTEMD_TRUE
+SYSTEMD_DAEMON_LIBS
+SYSTEMD_DAEMON_CFLAGS
+SYSTEMD_LIBS
+SYSTEMD_CFLAGS
+PKG_CONFIG_LIBDIR
+PKG_CONFIG_PATH
+PKG_CONFIG
staticexe
PC_LIBEVENT_DEPENDENCY
UNBOUND_EVENT_UNINSTALL
@@ -841,6 +850,7 @@ enable_tfo_server
with_libevent
with_libexpat
enable_static_exe
+enable_systemd
enable_lock_checks
enable_allsymbols
enable_dnstap
@@ -862,7 +872,14 @@ CPP
YACC
YFLAGS
LT_SYS_LIBRARY_PATH
-PYTHON_VERSION'
+PYTHON_VERSION
+PKG_CONFIG
+PKG_CONFIG_PATH
+PKG_CONFIG_LIBDIR
+SYSTEMD_CFLAGS
+SYSTEMD_LIBS
+SYSTEMD_DAEMON_CFLAGS
+SYSTEMD_DAEMON_LIBS'
# Initialize some variables set by options.
@@ -1403,7 +1420,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures unbound 1.6.0 to adapt to many kinds of systems.
+\`configure' configures unbound 1.6.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1468,7 +1485,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of unbound 1.6.0:";;
+ short | recursive ) echo "Configuration of unbound 1.6.1:";;
esac
cat <<\_ACEOF
@@ -1508,6 +1525,7 @@ Optional Features:
--enable-tfo-server Enable TCP Fast Open for server mode
--enable-static-exe enable to compile executables statically against
(event) libs, for debug purposes
+ --enable-systemd compile with systemd support
--enable-lock-checks enable to check lock and unlock calls, for debug
purposes
--enable-allsymbols export all symbols from libunbound and link binaries
@@ -1591,6 +1609,19 @@ Some influential environment variables:
The installed Python version to use, for example '2.3'. This
string will be appended to the Python interpreter canonical
name.
+ PKG_CONFIG path to pkg-config utility
+ PKG_CONFIG_PATH
+ directories to add to pkg-config's search path
+ PKG_CONFIG_LIBDIR
+ path overriding pkg-config's built-in search path
+ SYSTEMD_CFLAGS
+ C compiler flags for SYSTEMD, overriding pkg-config
+ SYSTEMD_LIBS
+ linker flags for SYSTEMD, overriding pkg-config
+ SYSTEMD_DAEMON_CFLAGS
+ C compiler flags for SYSTEMD_DAEMON, overriding pkg-config
+ SYSTEMD_DAEMON_LIBS
+ linker flags for SYSTEMD_DAEMON, overriding pkg-config
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
@@ -1658,7 +1689,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-unbound configure 1.6.0
+unbound configure 1.6.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2367,7 +2398,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by unbound $as_me 1.6.0, which was
+It was created by unbound $as_me 1.6.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2719,11 +2750,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=6
-UNBOUND_VERSION_MICRO=0
+UNBOUND_VERSION_MICRO=1
LIBUNBOUND_CURRENT=6
-LIBUNBOUND_REVISION=3
+LIBUNBOUND_REVISION=4
LIBUNBOUND_AGE=4
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -2774,6 +2805,7 @@ LIBUNBOUND_AGE=4
# 1.5.9 had 6:1:4
# 1.5.10 had 6:2:4
# 1.6.0 had 6:3:4
+# 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -18467,6 +18499,317 @@ if test x_$enable_static_exe = x_yes; then
fi
fi
+# Include systemd.m4 - begin
+# macros for configuring systemd
+# Copyright 2015, Sami Kerola, CloudFlare.
+# BSD licensed.
+# Check whether --enable-systemd was given.
+if test "${enable_systemd+set}" = set; then :
+ enableval=$enable_systemd;
+else
+ enable_systemd=no
+fi
+
+have_systemd=no
+
+
+
+
+
+
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PKG_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PKG_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKG_CONFIG"; then
+ ac_pt_PKG_CONFIG=$PKG_CONFIG
+ # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $ac_pt_PKG_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+if test -n "$ac_pt_PKG_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+$as_echo "$ac_pt_PKG_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_pt_PKG_CONFIG" = x; then
+ PKG_CONFIG=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ PKG_CONFIG=$ac_pt_PKG_CONFIG
+ fi
+else
+ PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+fi
+
+fi
+if test -n "$PKG_CONFIG"; then
+ _pkg_min_version=0.9.0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+ if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ PKG_CONFIG=""
+ fi
+fi
+if test "x$enable_systemd" != xno; then :
+
+
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5
+$as_echo_n "checking for SYSTEMD... " >&6; }
+
+if test -n "$SYSTEMD_CFLAGS"; then
+ pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_SYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "libsystemd" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$SYSTEMD_LIBS"; then
+ pkg_cv_SYSTEMD_LIBS="$SYSTEMD_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_SYSTEMD_LIBS=`$PKG_CONFIG --libs "libsystemd" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd" 2>&1`
+ else
+ SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$SYSTEMD_PKG_ERRORS" >&5
+
+ have_systemd=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ have_systemd=no
+else
+ SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS
+ SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ have_systemd=yes
+fi
+ if test "x$have_systemd" != "xyes"; then :
+
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD_DAEMON" >&5
+$as_echo_n "checking for SYSTEMD_DAEMON... " >&6; }
+
+if test -n "$SYSTEMD_DAEMON_CFLAGS"; then
+ pkg_cv_SYSTEMD_DAEMON_CFLAGS="$SYSTEMD_DAEMON_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_SYSTEMD_DAEMON_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-daemon" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$SYSTEMD_DAEMON_LIBS"; then
+ pkg_cv_SYSTEMD_DAEMON_LIBS="$SYSTEMD_DAEMON_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_SYSTEMD_DAEMON_LIBS=`$PKG_CONFIG --libs "libsystemd-daemon" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-daemon" 2>&1`
+ else
+ SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-daemon" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$SYSTEMD_DAEMON_PKG_ERRORS" >&5
+
+ have_systemd_daemon=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ have_systemd_daemon=no
+else
+ SYSTEMD_DAEMON_CFLAGS=$pkg_cv_SYSTEMD_DAEMON_CFLAGS
+ SYSTEMD_DAEMON_LIBS=$pkg_cv_SYSTEMD_DAEMON_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ have_systemd_daemon=yes
+fi
+ if test "x$have_systemd_daemon" = "xyes"; then :
+ have_systemd=yes
+fi
+
+fi
+ case $enable_systemd:$have_systemd in #(
+ yes:no) :
+ as_fn_error $? "systemd enabled but libsystemd not found" "$LINENO" 5 ;; #(
+ *:yes) :
+
+$as_echo "#define HAVE_SYSTEMD 1" >>confdefs.h
+
+ LIBS="$LIBS $SYSTEMD_LIBS"
+
+ ;; #(
+ *) :
+ ;;
+esac
+
+
+fi
+ if test "x$have_systemd" = xyes; then
+ USE_SYSTEMD_TRUE=
+ USE_SYSTEMD_FALSE='#'
+else
+ USE_SYSTEMD_TRUE='#'
+ USE_SYSTEMD_FALSE=
+fi
+
+
+# Include systemd.m4 - end
+
# set lock checking if requested
# Check whether --enable-lock_checks was given.
if test "${enable_lock_checks+set}" = set; then :
@@ -18973,6 +19316,71 @@ if echo $build_os | grep darwin8 > /dev/null; then
$as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h
fi
+ac_fn_c_check_decl "$LINENO" "inet_pton" "ac_cv_have_decl_inet_pton" "
+$ac_includes_default
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_WINSOCK2_H
+#include <winsock2.h>
+#endif
+
+#ifdef HAVE_WS2TCPIP_H
+#include <ws2tcpip.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_inet_pton" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_INET_PTON $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "inet_ntop" "ac_cv_have_decl_inet_ntop" "
+$ac_includes_default
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_WINSOCK2_H
+#include <winsock2.h>
+#endif
+
+#ifdef HAVE_WS2TCPIP_H
+#include <ws2tcpip.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_inet_ntop" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_INET_NTOP $ac_have_decl
+_ACEOF
+
ac_fn_c_check_func "$LINENO" "inet_aton" "ac_cv_func_inet_aton"
if test "x$ac_cv_func_inet_aton" = xyes; then :
$as_echo "#define HAVE_INET_ATON 1" >>confdefs.h
@@ -19217,8 +19625,8 @@ else
esac
else
- case `uname` in
- Darwin)
+ case "$host" in
+ Darwin|*darwin*)
case " $LIBOBJS " in
*" getentropy_osx.$ac_objext "* ) ;;
*) LIBOBJS="$LIBOBJS getentropy_osx.$ac_objext"
@@ -19226,7 +19634,7 @@ esac
esac
;;
- SunOS)
+ *solaris*|*sunos*|SunOS)
case " $LIBOBJS " in
*" getentropy_solaris.$ac_objext "* ) ;;
*) LIBOBJS="$LIBOBJS getentropy_solaris.$ac_objext"
@@ -19330,7 +19738,7 @@ if test "$ac_res" != no; then :
fi
;;
- Linux|*)
+ *linux*|Linux|*)
case " $LIBOBJS " in
*" getentropy_linux.$ac_objext "* ) ;;
*) LIBOBJS="$LIBOBJS getentropy_linux.$ac_objext"
@@ -19920,12 +20328,12 @@ _ACEOF
-version=1.6.0
+version=1.6.1
date=`date +'%b %e, %Y'`
-ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc"
+ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service"
ac_config_headers="$ac_config_headers config.h"
@@ -20038,6 +20446,10 @@ LIBOBJS=$ac_libobjs
LTLIBOBJS=$ac_ltlibobjs
+if test -z "${USE_SYSTEMD_TRUE}" && test -z "${USE_SYSTEMD_FALSE}"; then
+ as_fn_error $? "conditional \"USE_SYSTEMD\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
: "${CONFIG_STATUS=./config.status}"
ac_write_fail=0
@@ -20435,7 +20847,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by unbound $as_me 1.6.0, which was
+This file was extended by unbound $as_me 1.6.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -20501,7 +20913,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-unbound config.status 1.6.0
+unbound config.status 1.6.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@@ -20924,6 +21336,8 @@ do
"smallapp/unbound-control-setup.sh") CONFIG_FILES="$CONFIG_FILES smallapp/unbound-control-setup.sh" ;;
"dnstap/dnstap_config.h") CONFIG_FILES="$CONFIG_FILES dnstap/dnstap_config.h" ;;
"contrib/libunbound.pc") CONFIG_FILES="$CONFIG_FILES contrib/libunbound.pc" ;;
+ "contrib/unbound.socket") CONFIG_FILES="$CONFIG_FILES contrib/unbound.socket" ;;
+ "contrib/unbound.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound.service" ;;
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac
index d8505393552e..bc465b0ebb94 100644
--- a/contrib/unbound/configure.ac
+++ b/contrib/unbound/configure.ac
@@ -10,14 +10,14 @@ sinclude(dnstap/dnstap.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[6])
-m4_define([VERSION_MICRO],[0])
+m4_define([VERSION_MICRO],[1])
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=6
-LIBUNBOUND_REVISION=3
+LIBUNBOUND_REVISION=4
LIBUNBOUND_AGE=4
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -68,6 +68,7 @@ LIBUNBOUND_AGE=4
# 1.5.9 had 6:1:4
# 1.5.10 had 6:2:4
# 1.6.0 had 6:3:4
+# 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -1053,6 +1054,10 @@ if test x_$enable_static_exe = x_yes; then
fi
fi
+# Include systemd.m4 - begin
+sinclude(systemd.m4)
+# Include systemd.m4 - end
+
# set lock checking if requested
AC_ARG_ENABLE(lock_checks, AC_HELP_STRING([--enable-lock-checks],
[ enable to check lock and unlock calls, for debug purposes ]),
@@ -1151,6 +1156,28 @@ AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
if echo $build_os | grep darwin8 > /dev/null; then
AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work])
fi
+AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [
+AC_INCLUDES_DEFAULT
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_WINSOCK2_H
+#include <winsock2.h>
+#endif
+
+#ifdef HAVE_WS2TCPIP_H
+#include <ws2tcpip.h>
+#endif
+])
AC_REPLACE_FUNCS(inet_aton)
AC_REPLACE_FUNCS(inet_pton)
AC_REPLACE_FUNCS(inet_ntop)
@@ -1188,11 +1215,11 @@ if test "$USE_NSS" = "no"; then
if test "$USE_WINSOCK" = 1; then
AC_LIBOBJ(getentropy_win)
else
- case `uname` in
- Darwin)
+ case "$host" in
+ Darwin|*darwin*)
AC_LIBOBJ(getentropy_osx)
;;
- SunOS)
+ *solaris*|*sunos*|SunOS)
AC_LIBOBJ(getentropy_solaris)
AC_CHECK_HEADERS([sys/sha2.h],, [
AC_CHECK_FUNCS([SHA512_Update],,[
@@ -1205,7 +1232,7 @@ if test "$USE_NSS" = "no"; then
fi
AC_SEARCH_LIBS([clock_gettime], [rt])
;;
- Linux|*)
+ *linux*|Linux|*)
AC_LIBOBJ(getentropy_linux)
AC_CHECK_FUNCS([SHA512_Update],,[
AC_DEFINE([COMPAT_SHA512], [1], [Do sha512 definitions in config.h])
@@ -1463,6 +1490,14 @@ char *strsep(char **stringp, const char *delim);
int isblank(int c);
#endif
+#if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP
+const char *inet_ntop(int af, const void *src, char *dst, size_t size);
+#endif
+
+#if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON
+int inet_pton(int af, const char* src, void* dst);
+#endif
+
#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS)
#define strptime unbound_strptime
struct tm;
@@ -1571,6 +1606,6 @@ dnl if this is a distro tarball, that was already done by makedist.sh
AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO])
AC_SUBST(date, [`date +'%b %e, %Y'`])
-AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc])
+AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service])
AC_CONFIG_HEADER([config.h])
AC_OUTPUT
diff --git a/contrib/unbound/contrib/README b/contrib/unbound/contrib/README
index 8eae9b5b7cfc..7ccae735d797 100644
--- a/contrib/unbound/contrib/README
+++ b/contrib/unbound/contrib/README
@@ -29,3 +29,5 @@ distribution but may be helpful.
Patch from Stephane Lapie for ASAHI Net.
* unbound_smf22.tar.gz: Solaris SMF installation/removal scripts.
Contributed by Yuri Voinov.
+* unbound.socket and unbound.service: systemd files for unbound, install them
+ in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov.
diff --git a/contrib/unbound/contrib/unbound.service.in b/contrib/unbound/contrib/unbound.service.in
new file mode 100644
index 000000000000..b33c3706dd44
--- /dev/null
+++ b/contrib/unbound/contrib/unbound.service.in
@@ -0,0 +1,8 @@
+[Service]
+Type=notify
+NotifyAccess=main
+ExecStart=/home/vagrant/unbound_systemd/unbound
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/contrib/unbound/contrib/unbound.socket.in b/contrib/unbound/contrib/unbound.socket.in
new file mode 100644
index 000000000000..162fb3e02b23
--- /dev/null
+++ b/contrib/unbound/contrib/unbound.socket.in
@@ -0,0 +1,6 @@
+[Socket]
+ListenDatagram=127.0.0.1:1153
+ListenStream=127.0.0.1:1153
+# ListenStream=@UNBOUND_RUN_DIR@/control
+[Install]
+WantedBy=sockets.target
diff --git a/contrib/unbound/daemon/acl_list.h b/contrib/unbound/daemon/acl_list.h
index ca9fd2d4b9d0..d0d42bfaebf6 100644
--- a/contrib/unbound/daemon/acl_list.h
+++ b/contrib/unbound/daemon/acl_list.h
@@ -76,7 +76,7 @@ struct acl_list {
* Tree of the addresses that are allowed/blocked.
* contents of type acl_addr.
*/
- rbtree_t tree;
+ rbtree_type tree;
};
/**
diff --git a/contrib/unbound/daemon/daemon.c b/contrib/unbound/daemon/daemon.c
index 88c695be3163..4cae4380065a 100644
--- a/contrib/unbound/daemon/daemon.c
+++ b/contrib/unbound/daemon/daemon.c
@@ -88,6 +88,10 @@
#include "sldns/keyraw.h"
#include <signal.h>
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
/** How many quit requests happened. */
static int sig_record_quit = 0;
/** How many reload requests happened. */
@@ -175,8 +179,15 @@ static void
signal_handling_playback(struct worker* wrk)
{
#ifdef SIGHUP
- if(sig_record_reload)
+ if(sig_record_reload) {
+# ifdef HAVE_SYSTEMD
+ sd_notify(0, "RELOADING=1");
+# endif
worker_sighandler(SIGHUP, wrk);
+# ifdef HAVE_SYSTEMD
+ sd_notify(0, "READY=1");
+# endif
+ }
#endif
if(sig_record_quit)
worker_sighandler(SIGTERM, wrk);
@@ -595,8 +606,14 @@ daemon_fork(struct daemon* daemon)
signal_handling_playback(daemon->workers[0]);
/* Start resolver service on main thread. */
+#ifdef HAVE_SYSTEMD
+ sd_notify(0, "READY=1");
+#endif
log_info("start of service (%s).", PACKAGE_STRING);
worker_work(daemon->workers[0]);
+#ifdef HAVE_SYSTEMD
+ sd_notify(0, "STOPPING=1");
+#endif
log_info("service stopped (%s).", PACKAGE_STRING);
/* we exited! a signal happened! Stop other threads */
diff --git a/contrib/unbound/daemon/remote.c b/contrib/unbound/daemon/remote.c
index d4ac833e33d0..681c57906a53 100644
--- a/contrib/unbound/daemon/remote.c
+++ b/contrib/unbound/daemon/remote.c
@@ -381,7 +381,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
if(ip[0] == '/') {
/* This looks like a local socket */
- fd = create_local_accept_sock(ip, &noproto);
+ fd = create_local_accept_sock(ip, &noproto, cfg->use_systemd);
/*
* Change socket ownership and permissions so users other
* than root can access it provided they are in the same
@@ -424,7 +424,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
/* open fd */
fd = create_tcp_accept_sock(res, 1, &noproto, 0,
- cfg->ip_transparent, 0, cfg->ip_freebind);
+ cfg->ip_transparent, 0, cfg->ip_freebind, cfg->use_systemd);
freeaddrinfo(res);
}
@@ -762,6 +762,8 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s)
struct timeval avg;
if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm,
(unsigned long)s->svr.num_queries)) return 0;
+ if(!ssl_printf(ssl, "%s.num.queries_ip_ratelimited"SQ"%lu\n", nm,
+ (unsigned long)s->svr.num_queries_ip_ratelimited)) return 0;
if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%lu\n", nm,
(unsigned long)(s->svr.num_queries
- s->svr.num_queries_missed_cache))) return 0;
@@ -1416,7 +1418,7 @@ static void
do_cache_remove(struct worker* worker, uint8_t* nm, size_t nmlen,
uint16_t t, uint16_t c)
{
- hashvalue_t h;
+ hashvalue_type h;
struct query_info k;
rrset_cache_remove(worker->env.rrset_cache, nm, nmlen, t, c, 0);
if(t == LDNS_RR_TYPE_SOA)
@@ -2559,6 +2561,8 @@ struct ratelimit_list_arg {
time_t now;
};
+#define ip_ratelimit_list_arg ratelimit_list_arg
+
/** list items in the ratelimit table */
static void
rate_list(struct lruhash_entry* e, void* arg)
@@ -2577,6 +2581,24 @@ rate_list(struct lruhash_entry* e, void* arg)
ssl_printf(a->ssl, "%s %d limit %d\n", buf, max, lim);
}
+/** list items in the ip_ratelimit table */
+static void
+ip_rate_list(struct lruhash_entry* e, void* arg)
+{
+ char ip[128];
+ struct ip_ratelimit_list_arg* a = (struct ip_ratelimit_list_arg*)arg;
+ struct ip_rate_key* k = (struct ip_rate_key*)e->key;
+ struct ip_rate_data* d = (struct ip_rate_data*)e->data;
+ int lim = infra_ip_ratelimit;
+ int max = infra_rate_max(d, a->now);
+ if(a->all == 0) {
+ if(max < lim)
+ return;
+ }
+ addr_to_str(&k->addr, k->addrlen, ip, sizeof(ip));
+ ssl_printf(a->ssl, "%s %d limit %d\n", ip, max, lim);
+}
+
/** do the ratelimit_list command */
static void
do_ratelimit_list(SSL* ssl, struct worker* worker, char* arg)
@@ -2595,6 +2617,24 @@ do_ratelimit_list(SSL* ssl, struct worker* worker, char* arg)
slabhash_traverse(a.infra->domain_rates, 0, rate_list, &a);
}
+/** do the ip_ratelimit_list command */
+static void
+do_ip_ratelimit_list(SSL* ssl, struct worker* worker, char* arg)
+{
+ struct ip_ratelimit_list_arg a;
+ a.all = 0;
+ a.infra = worker->env.infra_cache;
+ a.now = *worker->env.now;
+ a.ssl = ssl;
+ arg = skipwhite(arg);
+ if(strcmp(arg, "+a") == 0)
+ a.all = 1;
+ if(a.infra->client_ip_rates==NULL ||
+ (a.all == 0 && infra_ip_ratelimit == 0))
+ return;
+ slabhash_traverse(a.infra->client_ip_rates, 0, ip_rate_list, &a);
+}
+
/** tell other processes to execute the command */
static void
distribute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd)
@@ -2673,6 +2713,9 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
} else if(cmdcmp(p, "ratelimit_list", 14)) {
do_ratelimit_list(ssl, worker, p+14);
return;
+ } else if(cmdcmp(p, "ip_ratelimit_list", 17)) {
+ do_ip_ratelimit_list(ssl, worker, p+17);
+ return;
} else if(cmdcmp(p, "stub_add", 8)) {
/* must always distribute this cmd */
if(rc) distribute_cmd(rc, ssl, cmd);
diff --git a/contrib/unbound/daemon/stats.c b/contrib/unbound/daemon/stats.c
index 0687c0d24b43..a3c3d738976e 100644
--- a/contrib/unbound/daemon/stats.c
+++ b/contrib/unbound/daemon/stats.c
@@ -102,12 +102,14 @@ void server_stats_log(struct server_stats* stats, struct worker* worker,
int threadnum)
{
log_info("server stats for thread %d: %u queries, "
- "%u answers from cache, %u recursions, %u prefetch",
+ "%u answers from cache, %u recursions, %u prefetch, %u rejected by "
+ "ip ratelimiting",
threadnum, (unsigned)stats->num_queries,
(unsigned)(stats->num_queries -
stats->num_queries_missed_cache),
(unsigned)stats->num_queries_missed_cache,
- (unsigned)stats->num_queries_prefetch);
+ (unsigned)stats->num_queries_prefetch,
+ (unsigned)stats->num_queries_ip_ratelimited);
log_info("server stats for thread %d: requestlist max %u avg %g "
"exceeded %u jostled %u", threadnum,
(unsigned)stats->max_query_list_size,
@@ -226,6 +228,7 @@ void server_stats_reply(struct worker* worker, int reset)
void server_stats_add(struct stats_info* total, struct stats_info* a)
{
total->svr.num_queries += a->svr.num_queries;
+ total->svr.num_queries_ip_ratelimited += a->svr.num_queries_ip_ratelimited;
total->svr.num_queries_missed_cache += a->svr.num_queries_missed_cache;
total->svr.num_queries_prefetch += a->svr.num_queries_prefetch;
total->svr.sum_query_list_size += a->svr.sum_query_list_size;
diff --git a/contrib/unbound/daemon/stats.h b/contrib/unbound/daemon/stats.h
index 6c4178fc5317..0b9d77b427d0 100644
--- a/contrib/unbound/daemon/stats.h
+++ b/contrib/unbound/daemon/stats.h
@@ -63,6 +63,8 @@ struct sldns_buffer;
struct server_stats {
/** number of queries from clients received. */
size_t num_queries;
+ /** number of queries that have been dropped/ratelimited by ip. */
+ size_t num_queries_ip_ratelimited;
/** number of queries that had a cache-miss. */
size_t num_queries_missed_cache;
/** number of prefetch queries - cachehits with prefetch */
diff --git a/contrib/unbound/daemon/unbound.c b/contrib/unbound/daemon/unbound.c
index df9504254922..ba7337d8907a 100644
--- a/contrib/unbound/daemon/unbound.c
+++ b/contrib/unbound/daemon/unbound.c
@@ -264,6 +264,11 @@ apply_settings(struct daemon* daemon, struct config_file* cfg,
}
daemon_apply_cfg(daemon, cfg);
checkrlimits(cfg);
+
+ if (cfg->use_systemd && cfg->do_daemonize) {
+ log_warn("use-systemd and do-daemonize should not be enabled at the same time");
+ }
+
log_ident_set_fromdefault(cfg, log_default_identity);
}
diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c
index 09a1465423f3..b23bbab95d92 100644
--- a/contrib/unbound/daemon/worker.c
+++ b/contrib/unbound/daemon/worker.c
@@ -566,7 +566,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
edns->bits &= EDNS_DO;
if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, rep,
LDNS_RCODE_SERVFAIL, edns, worker->scratchpad))
- return 0;
+ goto bail_out;
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
qinfo, id, flags, edns);
rrset_array_unlock_touch(worker->env.rrset_cache,
@@ -599,7 +599,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
edns->bits &= EDNS_DO;
if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, rep,
(int)(flags&LDNS_RCODE_MASK), edns, worker->scratchpad))
- return 0;
+ goto bail_out;
if(!reply_info_answer_encode(qinfo, rep, id, flags,
repinfo->c->buffer, timenow, 1, worker->scratchpad,
udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) {
@@ -787,7 +787,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
{
struct worker* worker = (struct worker*)arg;
int ret;
- hashvalue_t h;
+ hashvalue_type h;
struct lruhash_entry* e;
struct query_info qinfo;
struct edns_data edns;
@@ -825,7 +825,29 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
comm_point_drop_reply(repinfo);
return 0;
}
+
worker->stats.num_queries++;
+
+ /* check if this query should be dropped based on source ip rate limiting */
+ if(!infra_ip_ratelimit_inc(worker->env.infra_cache, repinfo,
+ *worker->env.now)) {
+ /* See if we are passed through with slip factor */
+ if(worker->env.cfg->ip_ratelimit_factor != 0 &&
+ ub_random_max(worker->env.rnd,
+ worker->env.cfg->ip_ratelimit_factor) == 1) {
+
+ char addrbuf[128];
+ addr_to_str(&repinfo->addr, repinfo->addrlen,
+ addrbuf, sizeof(addrbuf));
+ verbose(VERB_OPS, "ip_ratelimit allowed through for ip address %s ",
+ addrbuf);
+ } else {
+ worker->stats.num_queries_ip_ratelimited++;
+ comm_point_drop_reply(repinfo);
+ return 0;
+ }
+ }
+
/* see if query is in the cache */
if(!query_info_parse(&qinfo, c->buffer)) {
verbose(VERB_ALGO, "worker parse request: formerror.");
@@ -860,6 +882,28 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
}
goto send_reply;
}
+ if(qinfo.qtype == LDNS_RR_TYPE_OPT ||
+ qinfo.qtype == LDNS_RR_TYPE_TSIG ||
+ qinfo.qtype == LDNS_RR_TYPE_TKEY ||
+ qinfo.qtype == LDNS_RR_TYPE_MAILA ||
+ qinfo.qtype == LDNS_RR_TYPE_MAILB ||
+ (qinfo.qtype >= 128 && qinfo.qtype <= 248)) {
+ verbose(VERB_ALGO, "worker request: formerror for meta-type.");
+ log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
+ if(worker_err_ratelimit(worker, LDNS_RCODE_FORMERR) == -1) {
+ comm_point_drop_reply(repinfo);
+ return 0;
+ }
+ sldns_buffer_rewind(c->buffer);
+ LDNS_QR_SET(sldns_buffer_begin(c->buffer));
+ LDNS_RCODE_SET(sldns_buffer_begin(c->buffer),
+ LDNS_RCODE_FORMERR);
+ if(worker->stats.extended) {
+ worker->stats.qtype[qinfo.qtype]++;
+ server_stats_insrcode(&worker->stats, c->buffer);
+ }
+ goto send_reply;
+ }
if((ret=parse_edns_from_pkt(c->buffer, &edns, worker->scratchpad)) != 0) {
struct edns_data reply_edns;
verbose(VERB_ALGO, "worker parse edns: formerror.");
@@ -1064,6 +1108,12 @@ send_reply_rc:
dt_msg_send_client_response(&worker->dtenv, &repinfo->addr,
c->type, c->buffer);
#endif
+ if(worker->env.cfg->log_replies)
+ {
+ struct timeval tv = {0, 0};
+ log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen,
+ tv, 1, c->buffer);
+ }
return rc;
}
diff --git a/contrib/unbound/daemon/worker.h b/contrib/unbound/daemon/worker.h
index d6c87c80739c..0d7ce9521610 100644
--- a/contrib/unbound/daemon/worker.h
+++ b/contrib/unbound/daemon/worker.h
@@ -85,7 +85,7 @@ struct worker {
/** global shared daemon structure */
struct daemon* daemon;
/** thread id */
- ub_thread_t thr_id;
+ ub_thread_type thr_id;
/** pipe, for commands for this worker */
struct tube* cmd;
/** the event base this worker works with */
diff --git a/contrib/unbound/dnstap/dnstap.c b/contrib/unbound/dnstap/dnstap.c
index 6df2fef3f312..5d0420f6fbba 100644
--- a/contrib/unbound/dnstap/dnstap.c
+++ b/contrib/unbound/dnstap/dnstap.c
@@ -121,7 +121,9 @@ dt_msg_init(const struct dt_env *env,
struct dt_env *
dt_create(const char *socket_path, unsigned num_workers)
{
+#ifdef UNBOUND_DEBUG
fstrm_res res;
+#endif
struct dt_env *env;
struct fstrm_iothr_options *fopt;
struct fstrm_unix_writer_options *fuwopt;
@@ -138,7 +140,12 @@ dt_create(const char *socket_path, unsigned num_workers)
return NULL;
fwopt = fstrm_writer_options_init();
- res = fstrm_writer_options_add_content_type(fwopt,
+#ifdef UNBOUND_DEBUG
+ res =
+#else
+ (void)
+#endif
+ fstrm_writer_options_add_content_type(fwopt,
DNSTAP_CONTENT_TYPE, sizeof(DNSTAP_CONTENT_TYPE) - 1);
log_assert(res == fstrm_res_success);
diff --git a/contrib/unbound/doc/Changelog b/contrib/unbound/doc/Changelog
index 57a13c8c537d..31c9e4627521 100644
--- a/contrib/unbound/doc/Changelog
+++ b/contrib/unbound/doc/Changelog
@@ -1,5 +1,103 @@
+14 February 2017: Wouter
+ - tag 1.6.1rc3.
+
+13 February 2017: Wouter
+ - Fix autoconf of systemd check for lack of pkg-config.
+
+10 February 2017: Wouter
+ - Fix pythonmod for typedef changes.
+ - Fix dnstap for warning of set but not used.
+ - tag 1.6.1rc2.
+
+9 February 2017: Wouter
+ - tag 1.6.1rc1.
+
+8 February 2017: Wouter
+ - Fix for type name change and fix warning on windows compile.
+
+7 February 2017: Wouter
+ - Include root trust anchor id 20326 in unbound-anchor.
+
+6 February 2017: Wouter
+ - Fix compile on solaris of the fix to use $host detect.
+
+4 February 2017: Wouter
+ - fix root_anchor test for updated icannbundle.pem lower certificates.
+
+26 January 2017: Wouter
+ - Fix 1211: Fix can't enable interface-automatic if no IPv6 with
+ more helpful error message.
+
+20 January 2017: Wouter
+ - Increase MAX_MODULE to 16.
+
+19 January 2017: Wouter
+ - Fix to Rename ub_callback_t to ub_callback_type, because POSIX
+ reserves _t typedefs.
+ - Fix to rename internally used types from _t to _type, because _t
+ type names are reserved by POSIX.
+ - iana portlist update
+
+12 January 2017: Wouter
+ - Fix to also block meta types 128 through to 248 with formerr.
+ - Fix #1206: Some view-related commands are missing from 'unbound-control -h'
+
+9 January 2017: Wouter
+ - Fix #1202: Fix code comment that packed_rrset_data is not always
+ 'packed'.
+
+6 January 2017: Wouter
+ - Fix #1201: Fix missing unlock in answer_from_cache error condition.
+
+5 January 2017: Wouter
+ - Fix to return formerr for queries for meta-types, to avoid
+ packet amplification if this meta-type is sent on to upstream.
+ - Fix #1184: Log DNS replies. This includes the same logging
+ information that DNS queries and response code and response size,
+ patch from Larissa Feng.
+ - Fix #1185: Source IP rate limiting, patch from Larissa Feng.
+
+3 January 2017: Wouter
+ - configure --enable-systemd and lets unbound use systemd sockets if
+ you enable use-systemd: yes in unbound.conf.
+ Also there are contrib/unbound.socket and contrib/unbound.service:
+ systemd files for unbound, install them in /usr/lib/systemd/system.
+ Contributed by Sami Kerola and Pavel Odintsov.
+ - Fix reload chdir failure when also chrooted to that directory.
+
+2 January 2017: Wouter
+ - Fix #1194: Cross build fails when $host isn't `uname` for getentropy.
+
+23 December 2016: Ralph
+ - Fix #1190: Do not echo back EDNS options in local-zone error response.
+ - iana portlist update
+
+21 December 2016: Ralph
+ - Fix #1188: Unresolved symbol 'fake_dsa' in libunbound.so when built
+ with Nettle
+
+19 December 2016: Ralph
+ - Fix #1191: remove comment about view deletion.
+
+15 December 2016: Wouter
+ - iana portlist update
+ - 64bit is default for windows builds.
+ - Fix inet_ntop and inet_pton warnings in windows compile.
+
+14 December 2016: Wouter
+ - Fix #1178: attempt to fix setup error at end, pop result values
+ at end of install.
+
+13 December 2016: Wouter
+ - Fix #1182: Fix Resource leak (socket), at startup.
+ - Fix unbound-control and ipv6 only.
+
+9 December 2016: Wouter
+ - Fix #1176: stack size too small for Alpine Linux.
+
8 December 2016: Wouter
- Fix downcast warnings from visual studio in sldns code.
+ - tag 1.6.0rc1 which became 1.6.0 on 15 dec, and trunk is 1.6.1.
7 December 2016: Ralph
- Add DSA support for OpenSSL 1.1.0
diff --git a/contrib/unbound/doc/README b/contrib/unbound/doc/README
index 661adcbdf236..acffafacc7d5 100644
--- a/contrib/unbound/doc/README
+++ b/contrib/unbound/doc/README
@@ -1,4 +1,4 @@
-README for Unbound 1.6.0
+README for Unbound 1.6.1
Copyright 2007 NLnet Labs
http://unbound.net
diff --git a/contrib/unbound/doc/example.conf b/contrib/unbound/doc/example.conf
index 80c0f3e92988..c9f5dad675f9 100644
--- a/contrib/unbound/doc/example.conf
+++ b/contrib/unbound/doc/example.conf
@@ -1,7 +1,7 @@
#
# Example configuration file.
#
-# See unbound.conf(5) man page, version 1.5.10.
+# See unbound.conf(5) man page, version 1.6.1.
#
# this is a comment.
@@ -52,7 +52,7 @@ server:
# outgoing-interface: 192.0.2.153
# outgoing-interface: 2001:DB8::5
# outgoing-interface: 2001:DB8::6
-
+
# Specify a netblock to use remainder 64 bits as random bits for
# upstream queries. Uses freebind option (Linux).
# outgoing-interface: 2001:DB8::/64
@@ -171,7 +171,7 @@ server:
# the maximum number of hosts that are cached (roundtrip, EDNS, lame).
# infra-cache-numhosts: 10000
-
+
# define a number of tags here, use with local-zone, access-control.
# repeat the define-tag statement to add additional tags.
# define-tag: "tag1 tag2 tag3"
@@ -200,7 +200,11 @@ server:
# Default is 0, system default MSS.
# outgoing-tcp-mss: 0
+ # Use systemd socket activation for UDP, TCP, and control sockets.
+ # use-systemd: no
+
# Detach from the terminal, run in background, "yes" or "no".
+ # Set the value to "no" when unbound runs as systemd service.
# do-daemonize: yes
# control which clients are allowed to make (recursive) queries
@@ -230,6 +234,9 @@ server:
# set redirect data for particular tag for access control element
# access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1"
+ # Set view for access control element
+ # access-control-view: 192.0.2.0/24 viewname
+
# if given, a chroot(2) is done to the given directory.
# i.e. you can chroot to the working directory, for example,
# for extra security, but make sure all files are in that directory.
@@ -272,15 +279,23 @@ server:
# logfile: ""
# Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
- # log to, with identity "unbound". If yes, it overrides the logfile.
+ # log to. If yes, it overrides the logfile.
# use-syslog: yes
+ # Log identity to report. if empty, defaults to the name of argv[0]
+ # (usually "unbound").
+ # log-identity: ""
+
# print UTC timestamp in ascii to logfile, default is epoch in seconds.
# log-time-ascii: no
# print one line with time, IP, name, type, class for every query.
# log-queries: no
+ # print one line per reply, with time, IP, name, type, class, rcode,
+ # timetoresolve, fromcache and responsesize.
+ # log-replies: no
+
# the pid file. Can be an absolute path outside of chroot/work dir.
# pidfile: "/var/unbound/unbound.pid"
@@ -328,7 +343,7 @@ server:
# Harden against queries that fall under dnssec-signed nxdomain names.
# harden-below-nxdomain: no
- # Harden the referral path by performing additional queries for
+ # Harden the referral path by performing additional queries for
# infrastructure data. Validates the replies (if possible).
# Default off, because the lookups burden the server. Experimental
# implementation of draft-wijngaards-dnsext-resolver-side-mitigation.
@@ -344,6 +359,12 @@ server:
# to NS when possible.
# qname-minimisation: no
+ # QNAME minimisation in strict mode. Do not fall-back to sending full
+ # QNAME to potentially broken nameservers. A lot of domains will not be
+ # resolvable when this option in enabled.
+ # This option only has effect when qname-minimisation is enabled.
+ # qname-minimisation-strict: no
+
# Use 0x20-encoded random bits in the query to foil spoof attempts.
# This feature is an experimental implementation of draft dns-0x20.
# use-caps-for-id: no
@@ -477,6 +498,10 @@ server:
# that set CD but cannot validate themselves.
# ignore-cd-flag: no
+ # Serve expired reponses from cache, with TTL 0 in the response,
+ # and then attempt to fetch the data afresh.
+ # serve-expired: no
+
# Have the validator log failed validations for your diagnosis.
# 0: off. 1: A line per failed user query. 2: With reason and bad IP.
# val-log-level: 0
@@ -578,7 +603,7 @@ server:
# o redirect serves the zone data for any subdomain in the zone.
# o nodefault can be used to normally resolve AS112 zones.
# o typetransparent resolves normally for other types and other names
- # o inform resolves normally, but logs client IP address
+ # o inform acts like transparent, but logs client IP address
# o inform_deny drops queries and logs client IP address
# o always_transparent, always_refuse, always_nxdomain, resolve in
# that way but ignore local data for that name.
@@ -649,6 +674,20 @@ server:
# can give this multiple times, the name closest to the zone is used.
# ratelimit-below-domain: com 1000
+ # global query ratelimit for all ip addresses.
+ # feature is experimental.
+ # if 0(default) it is disabled, otherwise states qps allowed per ip address
+ # ip-ratelimit: 0
+
+ # ip ratelimits are tracked in a cache, size in bytes of cache (or k,m).
+ # ip-ratelimit-size: 4m
+ # ip ratelimit cache slabs, reduces lock contention if equal to cpucount.
+ # ip-ratelimit-slabs: 4
+
+ # 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through
+ # ip-ratelimit-factor: 10
+
+
# Python config section. To enable:
# o use --with-pythonmodule to configure before compiling.
# o list python in the module-config string (above) to enable.
@@ -700,6 +739,7 @@ remote-control:
# stub-addr: 192.0.2.68
# stub-prime: no
# stub-first: no
+# stub-ssl-upstream: no
# stub-zone:
# name: "example.org"
# stub-host: ns.example.com.
@@ -715,6 +755,23 @@ remote-control:
# forward-addr: 192.0.2.68
# forward-addr: 192.0.2.73@5355 # forward to port 5355.
# forward-first: no
+# forward-ssl-upstream: no
# forward-zone:
# name: "example.org"
# forward-host: fwd.example.com
+
+# Views
+# Create named views. Name must be unique. Map views to requests using
+# the access-control-view option. Views can contain zero or more local-zone
+# and local-data options. Options from matching views will override global
+# options. Global options will be used if no matching view is found.
+# With view-first yes, it will try to answer using the global local-zone and
+# local-data elements if there is no view specific match.
+# view:
+# name: "viewname"
+# local-zone: "example.com" redirect
+# local-data: "example.com A 192.0.2.3"
+# view-first: no
+# view:
+# name: "anotherview"
+# local-zone: "example.com" refuse
diff --git a/contrib/unbound/doc/example.conf.in b/contrib/unbound/doc/example.conf.in
index 55bbc32e616f..83e7c5c4c4e9 100644
--- a/contrib/unbound/doc/example.conf.in
+++ b/contrib/unbound/doc/example.conf.in
@@ -1,7 +1,7 @@
#
# Example configuration file.
#
-# See unbound.conf(5) man page, version 1.6.0.
+# See unbound.conf(5) man page, version 1.6.1.
#
# this is a comment.
@@ -200,7 +200,11 @@ server:
# Default is 0, system default MSS.
# outgoing-tcp-mss: 0
+ # Use systemd socket activation for UDP, TCP, and control sockets.
+ # use-systemd: no
+
# Detach from the terminal, run in background, "yes" or "no".
+ # Set the value to "no" when unbound runs as systemd service.
# do-daemonize: yes
# control which clients are allowed to make (recursive) queries
@@ -288,6 +292,10 @@ server:
# print one line with time, IP, name, type, class for every query.
# log-queries: no
+ # print one line per reply, with time, IP, name, type, class, rcode,
+ # timetoresolve, fromcache and responsesize.
+ # log-replies: no
+
# the pid file. Can be an absolute path outside of chroot/work dir.
# pidfile: "@UNBOUND_PIDFILE@"
@@ -666,6 +674,20 @@ server:
# can give this multiple times, the name closest to the zone is used.
# ratelimit-below-domain: com 1000
+ # global query ratelimit for all ip addresses.
+ # feature is experimental.
+ # if 0(default) it is disabled, otherwise states qps allowed per ip address
+ # ip-ratelimit: 0
+
+ # ip ratelimits are tracked in a cache, size in bytes of cache (or k,m).
+ # ip-ratelimit-size: 4m
+ # ip ratelimit cache slabs, reduces lock contention if equal to cpucount.
+ # ip-ratelimit-slabs: 4
+
+ # 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through
+ # ip-ratelimit-factor: 10
+
+
# Python config section. To enable:
# o use --with-pythonmodule to configure before compiling.
# o list python in the module-config string (above) to enable.
diff --git a/contrib/unbound/doc/libunbound.3 b/contrib/unbound/doc/libunbound.3
index 1bf3fc2c880b..5be1d9019f57 100644
--- a/contrib/unbound/doc/libunbound.3
+++ b/contrib/unbound/doc/libunbound.3
@@ -1,4 +1,4 @@
-.TH "libunbound" "3" "Sep 27, 2016" "NLnet Labs" "unbound 1.5.10"
+.TH "libunbound" "3" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
@@ -12,7 +12,7 @@
.B unbound.h,
.B ub_ctx,
.B ub_result,
-.B ub_callback_t,
+.B ub_callback_type,
.B ub_ctx_create,
.B ub_ctx_delete,
.B ub_ctx_set_option,
@@ -43,7 +43,7 @@
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
-\- Unbound DNS validating resolver 1.5.10 functions.
+\- Unbound DNS validating resolver 1.6.1 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP
@@ -120,7 +120,7 @@
.br
\fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata,
.br
- \fIub_callback_t\fR callback, \fIint*\fR async_id);
+ \fIub_callback_type\fR callback, \fIint*\fR async_id);
.LP
\fIint\fR
\fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id);
@@ -180,7 +180,7 @@ and
.B ub_ctx_hosts
to read them.
Before you call this, use the openssl functions CRYPTO_set_id_callback and
-CRYPTO_set_locking_callback to set up asyncronous operation if you use
+CRYPTO_set_locking_callback to set up asynchronous operation if you use
lib openssl (the application calls these functions once for initialisation).
Openssl 1.0.0 or later uses the CRYPTO_THREADID_set_callback function.
.TP
diff --git a/contrib/unbound/doc/libunbound.3.in b/contrib/unbound/doc/libunbound.3.in
index 37d63a5d2452..5be1d9019f57 100644
--- a/contrib/unbound/doc/libunbound.3.in
+++ b/contrib/unbound/doc/libunbound.3.in
@@ -1,4 +1,4 @@
-.TH "libunbound" "3" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0"
+.TH "libunbound" "3" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
@@ -12,7 +12,7 @@
.B unbound.h,
.B ub_ctx,
.B ub_result,
-.B ub_callback_t,
+.B ub_callback_type,
.B ub_ctx_create,
.B ub_ctx_delete,
.B ub_ctx_set_option,
@@ -43,7 +43,7 @@
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
-\- Unbound DNS validating resolver 1.6.0 functions.
+\- Unbound DNS validating resolver 1.6.1 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP
@@ -120,7 +120,7 @@
.br
\fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata,
.br
- \fIub_callback_t\fR callback, \fIint*\fR async_id);
+ \fIub_callback_type\fR callback, \fIint*\fR async_id);
.LP
\fIint\fR
\fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id);
diff --git a/contrib/unbound/doc/unbound-anchor.8 b/contrib/unbound/doc/unbound-anchor.8
index fbc7e20306c2..8edf124bf139 100644
--- a/contrib/unbound/doc/unbound-anchor.8
+++ b/contrib/unbound/doc/unbound-anchor.8
@@ -1,4 +1,4 @@
-.TH "unbound-anchor" "8" "Sep 27, 2016" "NLnet Labs" "unbound 1.5.10"
+.TH "unbound-anchor" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"
@@ -67,7 +67,7 @@ List the builtin root key and builtin root update certificate on stdout.
.B \-u \fIname
The server name, it connects to https://name. Specify without https:// prefix.
The default is "data.iana.org". It connects to the port specified with \-P.
-You can pass an IPv4 addres or IPv6 address (no brackets) if you want.
+You can pass an IPv4 address or IPv6 address (no brackets) if you want.
.TP
.B \-x \fIpath
The pathname to the root\-anchors.xml file on the server. (forms URL with \-u).
diff --git a/contrib/unbound/doc/unbound-anchor.8.in b/contrib/unbound/doc/unbound-anchor.8.in
index 31a48c26e1e5..06b0f5c89764 100644
--- a/contrib/unbound/doc/unbound-anchor.8.in
+++ b/contrib/unbound/doc/unbound-anchor.8.in
@@ -1,4 +1,4 @@
-.TH "unbound-anchor" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0"
+.TH "unbound-anchor" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"
diff --git a/contrib/unbound/doc/unbound-checkconf.8 b/contrib/unbound/doc/unbound-checkconf.8
index 3c8198be0e06..00f47857a0ea 100644
--- a/contrib/unbound/doc/unbound-checkconf.8
+++ b/contrib/unbound/doc/unbound-checkconf.8
@@ -1,4 +1,4 @@
-.TH "unbound-checkconf" "8" "Sep 27, 2016" "NLnet Labs" "unbound 1.5.10"
+.TH "unbound-checkconf" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"
diff --git a/contrib/unbound/doc/unbound-checkconf.8.in b/contrib/unbound/doc/unbound-checkconf.8.in
index d9a5b03aea1a..ea1cf4eb89cf 100644
--- a/contrib/unbound/doc/unbound-checkconf.8.in
+++ b/contrib/unbound/doc/unbound-checkconf.8.in
@@ -1,4 +1,4 @@
-.TH "unbound-checkconf" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0"
+.TH "unbound-checkconf" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"
diff --git a/contrib/unbound/doc/unbound-control.8 b/contrib/unbound/doc/unbound-control.8
index 892bbeb724f9..17e6a2502f44 100644
--- a/contrib/unbound/doc/unbound-control.8
+++ b/contrib/unbound/doc/unbound-control.8
@@ -1,4 +1,4 @@
-.TH "unbound-control" "8" "Sep 27, 2016" "NLnet Labs" "unbound 1.5.10"
+.TH "unbound-control" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"
@@ -99,6 +99,22 @@ but if the name has become an empty nonterminal (there is still data in
domain names below the removed name), NOERROR nodata answers are the
result for that name.
.TP
+.B local_zones
+Add local zones read from stdin of unbound\-control. Input is read per line,
+with name space type on a line. For bulk additions.
+.TP
+.B local_zones_remove
+Remove local zones read from stdin of unbound\-control. Input is one name per
+line. For bulk removals.
+.TP
+.B local_datas
+Add local data RRs read from stdin of unbound\-control. Input is one RR per
+line. For bulk additions.
+.TP
+.B local_datas_remove
+Remove local data RRs read from stdin of unbound\-control. Input is one name per
+line. For bulk removals.
+.TP
.B dump_cache
The contents of the cache is printed in a text format to stdout. You can
redirect it to a file to store the cache in a file.
@@ -178,7 +194,7 @@ harden\-referral\-path, prefetch, prefetch\-key, log\-queries,
hide\-identity, hide\-version, identity, version, val\-log\-level,
val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown,
keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size, ratelimit,
-cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl.
+ip\-ratelimit, cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl.
.TP
.B get_option \fIopt
Get the value of the option. Give the option name without a trailing ':'.
@@ -263,6 +279,30 @@ estimated qps and qps limit from config. With +a it prints all domains, not
just the ratelimited domains, with their estimated qps. The ratelimited
domains return an error for uncached (new) queries, but cached queries work
as normal.
+.TP
+.B ip_ratelimit_list \fR[\fI+a\fR]
+List the ip addresses that are ratelimited. Printed one per line with current
+estimated qps and qps limit from config. With +a it prints all ips, not
+just the ratelimited ips, with their estimated qps. The ratelimited
+ips are dropped before checking the cache.
+.TP
+.B view_list_local_zones \fIview\fR
+\fIlist_local_zones\fR for given view.
+.TP
+.B view_local_zone \fIview\fR \fIname\fR \fItype
+\fIlocal_zone\fR for given view.
+.TP
+.B view_local_zone_remove \fIview\fR \fIname
+\fIlocal_zone_remove\fR for given view.
+.TP
+.B view_list_local_data \fIview\fR
+\fIlist_local_data\fR for given view.
+.TP
+.B view_local_data \fIview\fR \fIRR data...
+\fIlocal_data\fR for given view.
+.TP
+.B view_local_data_remove \fIview\fR \fIname
+\fIlocal_data_remove\fR for given view.
.SH "EXIT CODE"
The unbound\-control program exits with status code 1 on error, 0 on success.
.SH "SET UP"
@@ -288,6 +328,9 @@ The \fIstats\fR command shows a number of statistic counters.
.I threadX.num.queries
number of queries received by thread
.TP
+.I threadX.num.queries_ip_ratelimited
+number of queries rate limited by thread
+.TP
.I threadX.num.cachehits
number of queries that were successfully answered using a cache lookup
.TP
@@ -301,6 +344,9 @@ and resulted in recursive processing, taking a slot in the requestlist.
Not part of the recursivereplies (or the histogram thereof) or cachemiss,
as a cache response was sent.
.TP
+.I threadX.num.zero_ttl
+number of replies with ttl zero, because they served an expired cache entry.
+.TP
.I threadX.num.recursivereplies
The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries.
.TP
@@ -350,6 +396,9 @@ summed over threads.
.I total.num.prefetch
summed over threads.
.TP
+.I total.num.zero_ttl
+summed over threads.
+.TP
.I total.num.recursivereplies
summed over threads.
.TP
@@ -384,9 +433,6 @@ uptime since server boot in seconds.
time since last statistics printout, in seconds.
.SH EXTENDED STATISTICS
.TP
-.I mem.total.sbrk
-If sbrk(2) is available, an estimate of the heap size of the program in number of bytes. Close to the total memory used by the program, as reported by top and ps. Could be wrong if the OS allocates memory non\-contiguously.
-.TP
.I mem.cache.rrset
Memory in bytes in use by the RRset cache.
.TP
diff --git a/contrib/unbound/doc/unbound-control.8.in b/contrib/unbound/doc/unbound-control.8.in
index aa801c4bda71..af574d249f7b 100644
--- a/contrib/unbound/doc/unbound-control.8.in
+++ b/contrib/unbound/doc/unbound-control.8.in
@@ -1,4 +1,4 @@
-.TH "unbound-control" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0"
+.TH "unbound-control" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"
@@ -194,7 +194,7 @@ harden\-referral\-path, prefetch, prefetch\-key, log\-queries,
hide\-identity, hide\-version, identity, version, val\-log\-level,
val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown,
keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size, ratelimit,
-cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl.
+ip\-ratelimit, cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl.
.TP
.B get_option \fIopt
Get the value of the option. Give the option name without a trailing ':'.
@@ -280,6 +280,12 @@ just the ratelimited domains, with their estimated qps. The ratelimited
domains return an error for uncached (new) queries, but cached queries work
as normal.
.TP
+.B ip_ratelimit_list \fR[\fI+a\fR]
+List the ip addresses that are ratelimited. Printed one per line with current
+estimated qps and qps limit from config. With +a it prints all ips, not
+just the ratelimited ips, with their estimated qps. The ratelimited
+ips are dropped before checking the cache.
+.TP
.B view_list_local_zones \fIview\fR
\fIlist_local_zones\fR for given view.
.TP
@@ -289,6 +295,9 @@ as normal.
.B view_local_zone_remove \fIview\fR \fIname
\fIlocal_zone_remove\fR for given view.
.TP
+.B view_list_local_data \fIview\fR
+\fIlist_local_data\fR for given view.
+.TP
.B view_local_data \fIview\fR \fIRR data...
\fIlocal_data\fR for given view.
.TP
@@ -319,6 +328,9 @@ The \fIstats\fR command shows a number of statistic counters.
.I threadX.num.queries
number of queries received by thread
.TP
+.I threadX.num.queries_ip_ratelimited
+number of queries rate limited by thread
+.TP
.I threadX.num.cachehits
number of queries that were successfully answered using a cache lookup
.TP
diff --git a/contrib/unbound/doc/unbound-host.1 b/contrib/unbound/doc/unbound-host.1
index ef1eaedaeb52..bcdd4ada5187 100644
--- a/contrib/unbound/doc/unbound-host.1
+++ b/contrib/unbound/doc/unbound-host.1
@@ -1,4 +1,4 @@
-.TH "unbound\-host" "1" "Sep 27, 2016" "NLnet Labs" "unbound 1.5.10"
+.TH "unbound\-host" "1" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound-host.1 -- unbound DNS lookup utility
.\"
diff --git a/contrib/unbound/doc/unbound-host.1.in b/contrib/unbound/doc/unbound-host.1.in
index b7fe345cbe27..eba19e07eb21 100644
--- a/contrib/unbound/doc/unbound-host.1.in
+++ b/contrib/unbound/doc/unbound-host.1.in
@@ -1,4 +1,4 @@
-.TH "unbound\-host" "1" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0"
+.TH "unbound\-host" "1" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound-host.1 -- unbound DNS lookup utility
.\"
diff --git a/contrib/unbound/doc/unbound.8 b/contrib/unbound/doc/unbound.8
index 26abc068dc0a..e33bf6f65f51 100644
--- a/contrib/unbound/doc/unbound.8
+++ b/contrib/unbound/doc/unbound.8
@@ -1,4 +1,4 @@
-.TH "unbound" "8" "Sep 27, 2016" "NLnet Labs" "unbound 1.5.10"
+.TH "unbound" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound.8 -- unbound manual
.\"
@@ -9,7 +9,7 @@
.\"
.SH "NAME"
.B unbound
-\- Unbound DNS validating resolver 1.5.10.
+\- Unbound DNS validating resolver 1.6.1.
.SH "SYNOPSIS"
.B unbound
.RB [ \-h ]
diff --git a/contrib/unbound/doc/unbound.8.in b/contrib/unbound/doc/unbound.8.in
index af2ac111b73e..52cd85341e8d 100644
--- a/contrib/unbound/doc/unbound.8.in
+++ b/contrib/unbound/doc/unbound.8.in
@@ -1,4 +1,4 @@
-.TH "unbound" "8" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0"
+.TH "unbound" "8" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound.8 -- unbound manual
.\"
@@ -9,7 +9,7 @@
.\"
.SH "NAME"
.B unbound
-\- Unbound DNS validating resolver 1.6.0.
+\- Unbound DNS validating resolver 1.6.1.
.SH "SYNOPSIS"
.B unbound
.RB [ \-h ]
diff --git a/contrib/unbound/doc/unbound.conf.5 b/contrib/unbound/doc/unbound.conf.5
index 6897761c1252..3ed2f1675be3 100644
--- a/contrib/unbound/doc/unbound.conf.5
+++ b/contrib/unbound/doc/unbound.conf.5
@@ -1,4 +1,4 @@
-.TH "unbound.conf" "5" "Sep 27, 2016" "NLnet Labs" "unbound 1.5.10"
+.TH "unbound.conf" "5" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
@@ -151,8 +151,8 @@ netblock, or the randomisation will be compromised. Consider combining with
to increase the likelihood of IPv6 nameservers being selected for queries.
On Linux you need these two commands to be able to use the freebind socket
option to receive traffic for the ip6 netblock:
-ip -6 addr add mynetblock/64 dev lo &&
-ip -6 route add local mynetblock/64 dev lo
+ip \-6 addr add mynetblock/64 dev lo &&
+ip \-6 route add local mynetblock/64 dev lo
.TP
.B outgoing\-range: \fI<number>
Number of ports to open. This number of file descriptors can be opened per
@@ -413,9 +413,14 @@ turned off.
The port number on which to provide TCP SSL service, default 853, only
interfaces configured with that port number as @number get the SSL service.
.TP
+.B use\-systemd: \fI<yes or no>
+Enable or disable systemd socket activation.
+Default is no.
+.TP
.B do\-daemonize: \fI<yes or no>
Enable or disable whether the unbound server forks into the background as
-a daemon. Default is yes.
+a daemon. Set the value to \fIno\fR when unbound runs as systemd service.
+Default is yes.
.TP
.B access\-control: \fI<IP netblock> <action>
The netblock is given as an IP4 or IP6 address with /size appended for a
@@ -474,6 +479,9 @@ order of the define-tag values.
.B access\-control\-tag\-data: \fI<IP netblock> <tag> <"resource record string">
Set redirect data for particular tag for given access control element.
.TP
+.B access\-control\-view: \fI<IP netblock> <view name>
+Set view for given access control element.
+.TP
.B chroot: \fI<directory>
If chroot is enabled, you should pass the configfile (from the
commandline) as a full path from the original root. After the
@@ -531,6 +539,13 @@ The log facility LOG_DAEMON is used, with identity "unbound".
The logfile setting is overridden when use\-syslog is turned on.
The default is to log to syslog.
.TP
+.B log\-identity: \fI<string>
+If "" is given (default), then the name of the executable, usually "unbound"
+is used to report to the log. Enter a string to override it
+with that, which is useful on systems that run more than one instance of
+unbound, with different configurations, so that the logs can be easily
+distinguished against.
+.TP
.B log\-time\-ascii: \fI<yes or no>
Sets logfile lines to use a timestamp in UTC ascii. Default is no, which
prints the seconds since 1970 in brackets. No effect if using syslog, in
@@ -542,6 +557,13 @@ name, type and class. Default is no. Note that it takes time to print these
lines which makes the server (significantly) slower. Odd (nonprintable)
characters in names are printed as '?'.
.TP
+.B log\-replies: \fI<yes or no>
+Prints one line per reply to the log, with the log timestamp and IP address,
+name, type, class, return code, time to resolve, from cache and response size.
+Default is no. Note that it takes time to print these
+lines which makes the server (significantly) slower. Odd (nonprintable)
+characters in names are printed as '?'.
+.TP
.B pidfile: \fI<filename>
The process id is written to the file. Default is "/var/unbound/unbound.pid".
So,
@@ -614,14 +636,15 @@ unsigned to badly signed often. If turned off you run the risk of a
downgrade attack that disables security for a zone. Default is on.
.TP
.B harden\-below\-nxdomain: \fI<yes or no>
-From draft\-vixie\-dnsext\-resimprove, returns nxdomain to queries for a name
+From RFC 8020 (with title "NXDOMAIN: There Really Is Nothing Underneath"),
+returns nxdomain to queries for a name
below another name that is already known to be nxdomain. DNSSEC mandates
noerror for empty nonterminals, hence this is possible. Very old software
might return nxdomain for empty nonterminals (that usually happen for reverse
IP address lookups), and thus may be incompatible with this. To try to avoid
this only DNSSEC-secure nxdomains are used, because the old software does not
have DNSSEC. Default is off.
-Currently, draft\-ietf\-dnsop\-nxdomain\-cut promotes this technique.
+The nxdomain must be secure, this means nsec3 with optout is insufficient.
.TP
.B harden\-referral\-path: \fI<yes or no>
Harden the referral path by performing additional queries for
@@ -658,8 +681,15 @@ Can be given multiple times, for different domains.
.B qname\-minimisation: \fI<yes or no>
Send minimum amount of information to upstream servers to enhance privacy.
Only sent minimum required labels of the QNAME and set QTYPE to NS when
-possible. Best effort approach, full QNAME and original QTYPE will be sent when
-upstream replies with a RCODE other than NOERROR. Default is off.
+possible. Best effort approach; full QNAME and original QTYPE will be sent when
+upstream replies with a RCODE other than NOERROR, except when receiving
+NXDOMAIN from a DNSSEC signed zone. Default is off.
+.TP
+.B qname\-minimisation\-strict: \fI<yes or no>
+QNAME minimisation in strict mode. Do not fall-back to sending full QNAME to
+potentially broken nameservers. A lot of domains will not be resolvable when
+this option in enabled. Only use if you know what you are doing.
+This option only has effect when qname-minimisation is enabled. Default is off.
.TP
.B private\-address: \fI<IP address or subnet>
Give IPv4 of IPv6 addresses or classless subnets. These are addresses
@@ -859,6 +889,11 @@ servers that set the CD flag but cannot validate DNSSEC themselves are
the clients, and then unbound provides them with DNSSEC protection.
The default value is "no".
.TP
+.B serve\-expired: \fI<yes or no>
+If enabled, unbound attempts to serve old responses from cache with a
+TTL of 0 in the response without waiting for the actual resolution to finish.
+The actual resolution answer ends up in the cache later on. Default is "no".
+.TP
.B val\-nsec3\-keysize\-iterations: \fI<"list of values">
List of keysize and iteration count values, separated by spaces, surrounded
by quotes. Default is "1024 150 2048 500 4096 2500". This determines the
@@ -978,11 +1013,11 @@ queries for www.example.com and www.foo.example.com are redirected, so
that users with web browsers cannot access sites with suffix example.com.
.TP 10
\h'5'\fIinform\fR
-The query is answered normally. The client IP address (@portnumber)
-is printed to the logfile. The log message is: timestamp, unbound-pid,
-info: zonename inform IP@port queryname type class. This option can be
-used for normal resolution, but machines looking up infected names are
-logged, eg. to run antivirus on them.
+The query is answered normally, same as transparent. The client IP
+address (@portnumber) is printed to the logfile. The log message is:
+timestamp, unbound-pid, info: zonename inform IP@port queryname type
+class. This option can be used for normal resolution, but machines
+looking up infected names are logged, eg. to run antivirus on them.
.TP 10
\h'5'\fIinform_deny\fR
The query is dropped, like 'deny', and logged, like 'inform'. Ie. find
@@ -1170,6 +1205,34 @@ in different parts of the namespace. The closest matching suffix is used
to determine the qps limit. The rate for the exact matching domain name
is not changed, use ratelimit\-for\-domain to set that, you might want
to use different settings for a top\-level\-domain and subdomains.
+.TP 5
+.B ip\-ratelimit: \fI<number or 0>
+Enable global ratelimiting of queries accepted per ip address.
+If 0, the default, it is disabled. This option is experimental at this time.
+The ratelimit is in queries per second that are allowed. More queries are
+completely dropped and will not receive a reply, SERVFAIL or otherwise.
+IP ratelimiting happens before looking in the cache. This may be useful for
+mitigating amplification attacks.
+.TP 5
+.B ip\-ratelimit\-size: \fI<memory size>
+Give the size of the data structure in which the current ongoing rates are
+kept track in. Default 4m. In bytes or use m(mega), k(kilo), g(giga).
+The ip ratelimit structure is small, so this data structure likely does
+not need to be large.
+.TP 5
+.B ip\-ratelimit\-slabs: \fI<number>
+Give power of 2 number of slabs, this is used to reduce lock contention
+in the ip ratelimit tracking data structure. Close to the number of cpus is
+a fairly good setting.
+.TP 5
+.B ip\-ratelimit\-factor: \fI<number>
+Set the amount of queries to rate limit when the limit is exceeded.
+If set to 0, all queries are dropped for addresses where the limit is
+exceeded. If set to another value, 1 in that number is allowed through
+to complete. Default is 10, allowing 1/10 traffic to flow normally.
+This can make ordinary queries complete (if repeatedly queried for),
+and enter the cache, whilst also mitigating the traffic flow by the
+factor given.
.SS "Remote Control Options"
In the
.B remote\-control:
@@ -1280,6 +1343,10 @@ If enabled, a query is attempted without the stub clause if it fails.
The data could not be retrieved and would have caused SERVFAIL because
the servers are unreachable, instead it is tried without this clause.
The default is no.
+.TP
+.B stub\-ssl\-upstream: \fI<yes or no>
+Enabled or disable whether the queries to this stub use SSL for transport.
+Default is no.
.SS "Forward Zone Options"
.LP
There may be multiple
@@ -1310,6 +1377,36 @@ If enabled, a query is attempted without the forward clause if it fails.
The data could not be retrieved and would have caused SERVFAIL because
the servers are unreachable, instead it is tried without this clause.
The default is no.
+.TP
+.B forward\-ssl\-upstream: \fI<yes or no>
+Enabled or disable whether the queries to this forwarder use SSL for transport.
+Default is no.
+.SS "View Options"
+.LP
+There may be multiple
+.B view:
+clauses. Each with a \fBname:\fR and zero or more \fBlocal\-zone\fR and
+\fBlocal\-data\fR elements. View can be mapped to requests by specifying the view
+name in an \fBaccess\-control\-view\fR element. Options from matching views will
+override global options. Global options will be used if no matching view
+is found.
+.TP
+.B name: \fI<view name>
+Name of the view. Must be unique. This name is used in access\-control\-view
+elements.
+.TP
+.B local\-zone: \fI<zone> <type>
+View specific local\-zone elements. Has the same types and behaviour as the
+global local\-zone elements.
+.TP
+.B local\-data: \fI"<resource record string>"
+View specific local\-data elements. Has the same behaviour as the global
+local\-data elements.
+.TP
+.B view\-first: \fI<yes or no>
+If enabled, it attempts to use the global local\-zone and local\-data if there
+is no match in the view specific options.
+The default is no.
.SS "Python Module Options"
.LP
The
@@ -1319,9 +1416,15 @@ acts like the iterator and validator modules do, on queries and answers.
To enable the script module it has to be compiled into the daemon,
and the word "python" has to be put in the \fBmodule\-config:\fR option
(usually first, or between the validator and iterator).
+.LP
+If the \fBchroot:\fR option is enabled, you should make sure Python's
+library directory structure is bind mounted in the new root environment, see
+\fImount\fR(8). Also the \fBpython\-script:\fR path should be specified as an
+absolute path relative to the new root, or as a relative path to the working
+directory.
.TP
.B python\-script: \fI<python file>\fR
-The script file to load.
+The script file to load.
.SS "DNS64 Module Options"
.LP
The dns64 module must be configured in the \fBmodule\-config:\fR "dns64
diff --git a/contrib/unbound/doc/unbound.conf.5.in b/contrib/unbound/doc/unbound.conf.5.in
index 39ce95c57993..45248ac58c4f 100644
--- a/contrib/unbound/doc/unbound.conf.5.in
+++ b/contrib/unbound/doc/unbound.conf.5.in
@@ -1,4 +1,4 @@
-.TH "unbound.conf" "5" "Dec 15, 2016" "NLnet Labs" "unbound 1.6.0"
+.TH "unbound.conf" "5" "Feb 21, 2017" "NLnet Labs" "unbound 1.6.1"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
@@ -413,9 +413,14 @@ turned off.
The port number on which to provide TCP SSL service, default 853, only
interfaces configured with that port number as @number get the SSL service.
.TP
+.B use\-systemd: \fI<yes or no>
+Enable or disable systemd socket activation.
+Default is no.
+.TP
.B do\-daemonize: \fI<yes or no>
Enable or disable whether the unbound server forks into the background as
-a daemon. Default is yes.
+a daemon. Set the value to \fIno\fR when unbound runs as systemd service.
+Default is yes.
.TP
.B access\-control: \fI<IP netblock> <action>
The netblock is given as an IP4 or IP6 address with /size appended for a
@@ -552,6 +557,13 @@ name, type and class. Default is no. Note that it takes time to print these
lines which makes the server (significantly) slower. Odd (nonprintable)
characters in names are printed as '?'.
.TP
+.B log\-replies: \fI<yes or no>
+Prints one line per reply to the log, with the log timestamp and IP address,
+name, type, class, return code, time to resolve, from cache and response size.
+Default is no. Note that it takes time to print these
+lines which makes the server (significantly) slower. Odd (nonprintable)
+characters in names are printed as '?'.
+.TP
.B pidfile: \fI<filename>
The process id is written to the file. Default is "@UNBOUND_PIDFILE@".
So,
@@ -1193,6 +1205,34 @@ in different parts of the namespace. The closest matching suffix is used
to determine the qps limit. The rate for the exact matching domain name
is not changed, use ratelimit\-for\-domain to set that, you might want
to use different settings for a top\-level\-domain and subdomains.
+.TP 5
+.B ip\-ratelimit: \fI<number or 0>
+Enable global ratelimiting of queries accepted per ip address.
+If 0, the default, it is disabled. This option is experimental at this time.
+The ratelimit is in queries per second that are allowed. More queries are
+completely dropped and will not receive a reply, SERVFAIL or otherwise.
+IP ratelimiting happens before looking in the cache. This may be useful for
+mitigating amplification attacks.
+.TP 5
+.B ip\-ratelimit\-size: \fI<memory size>
+Give the size of the data structure in which the current ongoing rates are
+kept track in. Default 4m. In bytes or use m(mega), k(kilo), g(giga).
+The ip ratelimit structure is small, so this data structure likely does
+not need to be large.
+.TP 5
+.B ip\-ratelimit\-slabs: \fI<number>
+Give power of 2 number of slabs, this is used to reduce lock contention
+in the ip ratelimit tracking data structure. Close to the number of cpus is
+a fairly good setting.
+.TP 5
+.B ip\-ratelimit\-factor: \fI<number>
+Set the amount of queries to rate limit when the limit is exceeded.
+If set to 0, all queries are dropped for addresses where the limit is
+exceeded. If set to another value, 1 in that number is allowed through
+to complete. Default is 10, allowing 1/10 traffic to flow normally.
+This can make ordinary queries complete (if repeatedly queried for),
+and enter the cache, whilst also mitigating the traffic flow by the
+factor given.
.SS "Remote Control Options"
In the
.B remote\-control:
@@ -1376,9 +1416,15 @@ acts like the iterator and validator modules do, on queries and answers.
To enable the script module it has to be compiled into the daemon,
and the word "python" has to be put in the \fBmodule\-config:\fR option
(usually first, or between the validator and iterator).
+.LP
+If the \fBchroot:\fR option is enabled, you should make sure Python's
+library directory structure is bind mounted in the new root environment, see
+\fImount\fR(8). Also the \fBpython\-script:\fR path should be specified as an
+absolute path relative to the new root, or as a relative path to the working
+directory.
.TP
.B python\-script: \fI<python file>\fR
-The script file to load.
+The script file to load.
.SS "DNS64 Module Options"
.LP
The dns64 module must be configured in the \fBmodule\-config:\fR "dns64
diff --git a/contrib/unbound/iterator/iter_donotq.h b/contrib/unbound/iterator/iter_donotq.h
index 429e5a3dd26d..14105073aa37 100644
--- a/contrib/unbound/iterator/iter_donotq.h
+++ b/contrib/unbound/iterator/iter_donotq.h
@@ -58,7 +58,7 @@ struct iter_donotq {
* contents of type addr_tree_node. Each node is an address span
* that must not be used to send queries to.
*/
- rbtree_t tree;
+ rbtree_type tree;
};
/**
diff --git a/contrib/unbound/iterator/iter_fwd.c b/contrib/unbound/iterator/iter_fwd.c
index 1c40d41641da..0ba6c6ddfa9e 100644
--- a/contrib/unbound/iterator/iter_fwd.c
+++ b/contrib/unbound/iterator/iter_fwd.c
@@ -82,7 +82,7 @@ static void fwd_zone_free(struct iter_forward_zone* n)
free(n);
}
-static void delfwdnode(rbnode_t* n, void* ATTR_UNUSED(arg))
+static void delfwdnode(rbnode_type* n, void* ATTR_UNUSED(arg))
{
struct iter_forward_zone* node = (struct iter_forward_zone*)n;
fwd_zone_free(node);
@@ -332,7 +332,7 @@ forwards_apply_cfg(struct iter_forwards* fwd, struct config_file* cfg)
struct delegpt*
forwards_find(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass)
{
- rbnode_t* res = NULL;
+ rbnode_type* res = NULL;
struct iter_forward_zone key;
key.node.key = &key;
key.dclass = qclass;
@@ -347,7 +347,7 @@ struct delegpt*
forwards_lookup(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass)
{
/* lookup the forward zone in the tree */
- rbnode_t* res = NULL;
+ rbnode_type* res = NULL;
struct iter_forward_zone *result;
struct iter_forward_zone key;
key.node.key = &key;
@@ -388,7 +388,7 @@ int
forwards_next_root(struct iter_forwards* fwd, uint16_t* dclass)
{
struct iter_forward_zone key;
- rbnode_t* n;
+ rbnode_type* n;
struct iter_forward_zone* p;
if(*dclass == 0) {
/* first root item is first item in tree */
diff --git a/contrib/unbound/iterator/iter_fwd.h b/contrib/unbound/iterator/iter_fwd.h
index 20113a395ecc..e90b74c16a5d 100644
--- a/contrib/unbound/iterator/iter_fwd.h
+++ b/contrib/unbound/iterator/iter_fwd.h
@@ -57,7 +57,7 @@ struct iter_forwards {
* match which gives the ancestor needed.
* contents of type iter_forward_zone.
*/
- rbtree_t* tree;
+ rbtree_type* tree;
};
/**
@@ -65,7 +65,7 @@ struct iter_forwards {
*/
struct iter_forward_zone {
/** redblacktree node, key is this structure: class and name */
- rbnode_t node;
+ rbnode_type node;
/** name */
uint8_t* name;
/** length of name */
diff --git a/contrib/unbound/iterator/iter_hints.c b/contrib/unbound/iterator/iter_hints.c
index 7fb665200c63..74869d355472 100644
--- a/contrib/unbound/iterator/iter_hints.c
+++ b/contrib/unbound/iterator/iter_hints.c
@@ -67,7 +67,7 @@ static void hints_stub_free(struct iter_hints_stub* s)
free(s);
}
-static void delhintnode(rbnode_t* n, void* ATTR_UNUSED(arg))
+static void delhintnode(rbnode_type* n, void* ATTR_UNUSED(arg))
{
struct iter_hints_stub* node = (struct iter_hints_stub*)n;
hints_stub_free(node);
diff --git a/contrib/unbound/iterator/iter_hints.h b/contrib/unbound/iterator/iter_hints.h
index 715ec9f41063..06b4b9667d13 100644
--- a/contrib/unbound/iterator/iter_hints.h
+++ b/contrib/unbound/iterator/iter_hints.h
@@ -59,7 +59,7 @@ struct iter_hints {
* contents of type iter_hints_stub. The class IN root is in here.
* uses name_tree_node from dnstree.h.
*/
- rbtree_t tree;
+ rbtree_type tree;
};
/**
diff --git a/contrib/unbound/iterator/iter_priv.h b/contrib/unbound/iterator/iter_priv.h
index 6fa84900bf18..0430d57e3e3b 100644
--- a/contrib/unbound/iterator/iter_priv.h
+++ b/contrib/unbound/iterator/iter_priv.h
@@ -60,14 +60,14 @@ struct iter_priv {
* contents of type addr_tree_node.
* No further data need, only presence or absence.
*/
- rbtree_t a;
+ rbtree_type a;
/**
* Tree of the domains spans that are allowed to contain
* the blocked address spans.
* contents of type name_tree_node.
* No further data need, only presence or absence.
*/
- rbtree_t n;
+ rbtree_type n;
};
/**
diff --git a/contrib/unbound/iterator/iter_scrub.c b/contrib/unbound/iterator/iter_scrub.c
index 8a3fc170c053..1bee85c0b991 100644
--- a/contrib/unbound/iterator/iter_scrub.c
+++ b/contrib/unbound/iterator/iter_scrub.c
@@ -161,8 +161,8 @@ mark_additional_rrset(sldns_buffer* pkt, struct msg_parse* msg,
for(rr = rrset->rr_first; rr; rr = rr->next) {
if(get_additional_name(rrset, rr, &nm, &nmlen, pkt)) {
/* mark A */
- hashvalue_t h = pkt_hash_rrset(pkt, nm, LDNS_RR_TYPE_A,
- rrset->rrset_class, 0);
+ hashvalue_type h = pkt_hash_rrset(pkt, nm,
+ LDNS_RR_TYPE_A, rrset->rrset_class, 0);
struct rrset_parse* r = msgparse_hashtable_lookup(
msg, pkt, h, 0, nm, nmlen,
LDNS_RR_TYPE_A, rrset->rrset_class);
diff --git a/contrib/unbound/iterator/iter_utils.c b/contrib/unbound/iterator/iter_utils.c
index 344b6aafd7fb..0b1b456113f7 100644
--- a/contrib/unbound/iterator/iter_utils.c
+++ b/contrib/unbound/iterator/iter_utils.c
@@ -108,7 +108,7 @@ read_fetch_policy(struct iter_env* ie, const char* str)
/** apply config caps whitelist items to name tree */
static int
-caps_white_apply_cfg(rbtree_t* ntree, struct config_file* cfg)
+caps_white_apply_cfg(rbtree_type* ntree, struct config_file* cfg)
{
struct config_strlist* p;
for(p=cfg->caps_whitelist; p; p=p->next) {
diff --git a/contrib/unbound/iterator/iterator.c b/contrib/unbound/iterator/iterator.c
index f60893323a10..99ce96f384ee 100644
--- a/contrib/unbound/iterator/iterator.c
+++ b/contrib/unbound/iterator/iterator.c
@@ -88,7 +88,7 @@ iter_init(struct module_env* env, int id)
/** delete caps_whitelist element */
static void
-caps_free(struct rbnode_t* n, void* ATTR_UNUSED(d))
+caps_free(struct rbnode_type* n, void* ATTR_UNUSED(d))
{
if(n) {
free(((struct name_tree_node*)n)->name);
diff --git a/contrib/unbound/iterator/iterator.h b/contrib/unbound/iterator/iterator.h
index 5585f578958d..37b0ab0dc24a 100644
--- a/contrib/unbound/iterator/iterator.h
+++ b/contrib/unbound/iterator/iterator.h
@@ -51,7 +51,7 @@ struct iter_forwards;
struct iter_donotq;
struct iter_prep_list;
struct iter_priv;
-struct rbtree_t;
+struct rbtree_type;
/** max number of targets spawned for a query and its subqueries */
#define MAX_TARGET_COUNT 64
@@ -115,7 +115,7 @@ struct iter_env {
struct iter_priv* priv;
/** whitelist for capsforid names */
- struct rbtree_t* caps_white;
+ struct rbtree_type* caps_white;
/** The maximum dependency depth that this resolver will pursue. */
int max_dependency_depth;
diff --git a/contrib/unbound/libunbound/context.c b/contrib/unbound/libunbound/context.c
index 94a2472ae531..e203111b70d8 100644
--- a/contrib/unbound/libunbound/context.c
+++ b/contrib/unbound/libunbound/context.c
@@ -127,7 +127,7 @@ find_id(struct ub_ctx* ctx, int* id)
struct ctx_query*
context_new(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass,
- ub_callback_t cb, void* cbarg)
+ ub_callback_type cb, void* cbarg)
{
struct ctx_query* q = (struct ctx_query*)calloc(1, sizeof(*q));
if(!q) return NULL;
diff --git a/contrib/unbound/libunbound/context.h b/contrib/unbound/libunbound/context.h
index d32c0b00aa03..1761c4d87216 100644
--- a/contrib/unbound/libunbound/context.h
+++ b/contrib/unbound/libunbound/context.h
@@ -61,17 +61,17 @@ struct ub_event_base;
struct ub_ctx {
/* --- pipes --- */
/** mutex on query write pipe */
- lock_basic_t qqpipe_lock;
+ lock_basic_type qqpipe_lock;
/** the query write pipe */
struct tube* qq_pipe;
/** mutex on result read pipe */
- lock_basic_t rrpipe_lock;
+ lock_basic_type rrpipe_lock;
/** the result read pipe */
struct tube* rr_pipe;
/* --- shared data --- */
/** mutex for access to env.cfg, finalized and dothread */
- lock_basic_t cfglock;
+ lock_basic_type cfglock;
/**
* The context has been finalized
* This is after config when the first resolve is done.
@@ -84,7 +84,7 @@ struct ub_ctx {
/** pid of bg worker process */
pid_t bg_pid;
/** tid of bg worker thread */
- ub_thread_t bg_tid;
+ ub_thread_type bg_tid;
/** do threading (instead of forking) for async resolution */
int dothread;
@@ -129,7 +129,7 @@ struct ub_ctx {
* Used to see if querynum is free for use.
* Content of type ctx_query.
*/
- rbtree_t queries;
+ rbtree_type queries;
};
/**
@@ -140,7 +140,7 @@ struct ub_ctx {
*/
struct ctx_query {
/** node in rbtree, must be first entry, key is ptr to the querynum */
- struct rbnode_t node;
+ struct rbnode_type node;
/** query id number, key for node */
int querynum;
/** was this an async query? */
@@ -149,7 +149,7 @@ struct ctx_query {
int cancelled;
/** for async query, the callback function */
- ub_callback_t cb;
+ ub_callback_type cb;
/** for async query, the callback user arg */
void* cb_arg;
@@ -242,7 +242,7 @@ void context_query_delete(struct ctx_query* q);
* @return new ctx_query or NULL for malloc failure.
*/
struct ctx_query* context_new(struct ub_ctx* ctx, const char* name, int rrtype,
- int rrclass, ub_callback_t cb, void* cbarg);
+ int rrclass, ub_callback_type cb, void* cbarg);
/**
* Get a new alloc. Creates a new one or uses a cached one.
diff --git a/contrib/unbound/libunbound/libunbound.c b/contrib/unbound/libunbound/libunbound.c
index aaaaec08ce9e..727b27522019 100644
--- a/contrib/unbound/libunbound/libunbound.c
+++ b/contrib/unbound/libunbound/libunbound.c
@@ -215,7 +215,7 @@ ub_ctx_create_event(struct event_base* eb)
/** delete q */
static void
-delq(rbnode_t* n, void* ATTR_UNUSED(arg))
+delq(rbnode_type* n, void* ATTR_UNUSED(arg))
{
struct ctx_query* q = (struct ctx_query*)n;
context_query_delete(q);
@@ -500,7 +500,7 @@ ub_fd(struct ub_ctx* ctx)
/** process answer from bg worker */
static int
process_answer_detail(struct ub_ctx* ctx, uint8_t* msg, uint32_t len,
- ub_callback_t* cb, void** cbarg, int* err,
+ ub_callback_type* cb, void** cbarg, int* err,
struct ub_result** res)
{
struct ctx_query* q;
@@ -567,7 +567,7 @@ static int
process_answer(struct ub_ctx* ctx, uint8_t* msg, uint32_t len)
{
int err;
- ub_callback_t cb;
+ ub_callback_type cb;
void* cbarg;
struct ub_result* res;
int r;
@@ -610,7 +610,7 @@ int
ub_wait(struct ub_ctx* ctx)
{
int err;
- ub_callback_t cb;
+ ub_callback_type cb;
void* cbarg;
struct ub_result* res;
int r;
@@ -706,7 +706,8 @@ ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype,
int
ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype,
- int rrclass, void* mydata, ub_event_callback_t callback, int* async_id)
+ int rrclass, void* mydata, ub_event_callback_type callback,
+ int* async_id)
{
struct ctx_query* q;
int r;
@@ -734,7 +735,7 @@ ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype,
ub_comm_base_now(ctx->event_worker->base);
/* create new ctx_query and attempt to add to the list */
- q = context_new(ctx, name, rrtype, rrclass, (ub_callback_t)callback,
+ q = context_new(ctx, name, rrtype, rrclass, (ub_callback_type)callback,
mydata);
if(!q)
return UB_NOMEM;
@@ -748,7 +749,7 @@ ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype,
int
ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype,
- int rrclass, void* mydata, ub_callback_t callback, int* async_id)
+ int rrclass, void* mydata, ub_callback_type callback, int* async_id)
{
struct ctx_query* q;
uint8_t* msg = NULL;
diff --git a/contrib/unbound/libunbound/libworker.c b/contrib/unbound/libunbound/libworker.c
index c90101956d51..b42ba0bd8e78 100644
--- a/contrib/unbound/libunbound/libworker.c
+++ b/contrib/unbound/libunbound/libworker.c
@@ -639,7 +639,7 @@ libworker_event_done_cb(void* arg, int rcode, sldns_buffer* buf,
enum sec_status s, char* why_bogus)
{
struct ctx_query* q = (struct ctx_query*)arg;
- ub_event_callback_t cb = (ub_event_callback_t)q->cb;
+ ub_event_callback_type cb = (ub_event_callback_type)q->cb;
void* cb_arg = q->cb_arg;
int cancelled = q->cancelled;
diff --git a/contrib/unbound/libunbound/unbound-event.h b/contrib/unbound/libunbound/unbound-event.h
index 432750d77495..d5f0b1a36fe7 100644
--- a/contrib/unbound/libunbound/unbound-event.h
+++ b/contrib/unbound/libunbound/unbound-event.h
@@ -170,7 +170,7 @@ struct ub_event {
struct ub_event_vmt* vmt;
};
-typedef void (*ub_event_callback_t)(void*, int, void*, int, int, char*);
+typedef void (*ub_event_callback_type)(void*, int, void*, int, int, char*);
/**
* Create a resolving and validation context.
@@ -254,7 +254,8 @@ int ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base);
* @return 0 if OK, else error.
*/
int ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype,
- int rrclass, void* mydata, ub_event_callback_t callback, int* async_id);
+ int rrclass, void* mydata, ub_event_callback_type callback,
+ int* async_id);
#ifdef __cplusplus
}
diff --git a/contrib/unbound/libunbound/unbound.h b/contrib/unbound/libunbound/unbound.h
index 9c828fc292bc..9a076927f9a6 100644
--- a/contrib/unbound/libunbound/unbound.h
+++ b/contrib/unbound/libunbound/unbound.h
@@ -223,7 +223,7 @@ struct ub_result {
* This structure is allocated on the heap and needs to be
* freed with ub_resolve_free(result);
*/
-typedef void (*ub_callback_t)(void*, int, struct ub_result*);
+typedef void (*ub_callback_type)(void*, int, struct ub_result*);
/**
* Create a resolving and validation context.
@@ -519,7 +519,7 @@ int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype,
* @return 0 if OK, else error.
*/
int ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype,
- int rrclass, void* mydata, ub_callback_t callback, int* async_id);
+ int rrclass, void* mydata, ub_callback_type callback, int* async_id);
/**
* Cancel an async query in progress.
diff --git a/contrib/unbound/services/cache/dns.c b/contrib/unbound/services/cache/dns.c
index 148b5cb875ab..7beb76164986 100644
--- a/contrib/unbound/services/cache/dns.c
+++ b/contrib/unbound/services/cache/dns.c
@@ -106,7 +106,7 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now,
void
dns_cache_store_msg(struct module_env* env, struct query_info* qinfo,
- hashvalue_t hash, struct reply_info* rep, time_t leeway, int pside,
+ hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside,
struct reply_info* qrep, struct regional* region)
{
struct msgreply_entry* e;
@@ -188,7 +188,7 @@ msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen,
{
struct lruhash_entry* e;
struct query_info k;
- hashvalue_t h;
+ hashvalue_type h;
k.qname = qname;
k.qname_len = qnamelen;
@@ -709,7 +709,7 @@ dns_cache_lookup(struct module_env* env,
{
struct lruhash_entry* e;
struct query_info k;
- hashvalue_t h;
+ hashvalue_type h;
time_t now = *env->now;
struct ub_packed_rrset_key* rrset;
@@ -865,7 +865,7 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
} else {
/* store msg, and rrsets */
struct query_info qinf;
- hashvalue_t h;
+ hashvalue_type h;
qinf = *msgqinf;
qinf.qname = memdup(msgqinf->qname, msgqinf->qname_len);
diff --git a/contrib/unbound/services/cache/dns.h b/contrib/unbound/services/cache/dns.h
index 69796c2eb204..15a4a236b028 100644
--- a/contrib/unbound/services/cache/dns.h
+++ b/contrib/unbound/services/cache/dns.h
@@ -106,7 +106,7 @@ int dns_cache_store(struct module_env* env, struct query_info* qinf,
* @param region: to allocate into for qmsg.
*/
void dns_cache_store_msg(struct module_env* env, struct query_info* qinfo,
- hashvalue_t hash, struct reply_info* rep, time_t leeway, int pside,
+ hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside,
struct reply_info* qrep, struct regional* region);
/**
diff --git a/contrib/unbound/services/cache/infra.c b/contrib/unbound/services/cache/infra.c
index c0049d8b6a8b..79cced505ae7 100644
--- a/contrib/unbound/services/cache/infra.c
+++ b/contrib/unbound/services/cache/infra.c
@@ -61,6 +61,10 @@
/** ratelimit value for delegation point */
int infra_dp_ratelimit = 0;
+/** ratelimit value for client ip addresses,
+ * in queries per second. */
+int infra_ip_ratelimit = 0;
+
size_t
infra_sizefunc(void* k, void* ATTR_UNUSED(d))
{
@@ -244,11 +248,19 @@ infra_create(struct config_file* cfg)
}
name_tree_init_parents(&infra->domain_limits);
}
+ infra_ip_ratelimit = cfg->ip_ratelimit;
+ infra->client_ip_rates = slabhash_create(cfg->ratelimit_slabs,
+ INFRA_HOST_STARTSIZE, cfg->ip_ratelimit_size, &ip_rate_sizefunc,
+ &ip_rate_compfunc, &ip_rate_delkeyfunc, &ip_rate_deldatafunc, NULL);
+ if(!infra->client_ip_rates) {
+ infra_delete(infra);
+ return NULL;
+ }
return infra;
}
/** delete domain_limit entries */
-static void domain_limit_free(rbnode_t* n, void* ATTR_UNUSED(arg))
+static void domain_limit_free(rbnode_type* n, void* ATTR_UNUSED(arg))
{
if(n) {
free(((struct domain_limit_data*)n)->node.name);
@@ -264,6 +276,7 @@ infra_delete(struct infra_cache* infra)
slabhash_delete(infra->hosts);
slabhash_delete(infra->domain_rates);
traverse_postorder(&infra->domain_limits, domain_limit_free, NULL);
+ slabhash_delete(infra->client_ip_rates);
free(infra);
}
@@ -284,31 +297,38 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg)
return infra;
}
-/** calculate the hash value for a host key */
-static hashvalue_t
-hash_addr(struct sockaddr_storage* addr, socklen_t addrlen)
+/** calculate the hash value for a host key
+ * set use_port to a non-0 number to use the port in
+ * the hash calculation; 0 to ignore the port.*/
+static hashvalue_type
+hash_addr(struct sockaddr_storage* addr, socklen_t addrlen,
+ int use_port)
{
- hashvalue_t h = 0xab;
+ hashvalue_type h = 0xab;
/* select the pieces to hash, some OS have changing data inside */
if(addr_is_ip6(addr, addrlen)) {
struct sockaddr_in6* in6 = (struct sockaddr_in6*)addr;
h = hashlittle(&in6->sin6_family, sizeof(in6->sin6_family), h);
- h = hashlittle(&in6->sin6_port, sizeof(in6->sin6_port), h);
+ if(use_port){
+ h = hashlittle(&in6->sin6_port, sizeof(in6->sin6_port), h);
+ }
h = hashlittle(&in6->sin6_addr, INET6_SIZE, h);
} else {
struct sockaddr_in* in = (struct sockaddr_in*)addr;
h = hashlittle(&in->sin_family, sizeof(in->sin_family), h);
- h = hashlittle(&in->sin_port, sizeof(in->sin_port), h);
+ if(use_port){
+ h = hashlittle(&in->sin_port, sizeof(in->sin_port), h);
+ }
h = hashlittle(&in->sin_addr, INET_SIZE, h);
}
return h;
}
/** calculate infra hash for a key */
-static hashvalue_t
+static hashvalue_type
hash_infra(struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name)
{
- return dname_query_hash(name, hash_addr(addr, addrlen));
+ return dname_query_hash(name, hash_addr(addr, addrlen, 1));
}
/** lookup version that does not check host ttl (you check it) */
@@ -726,12 +746,36 @@ int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
return infra_dp_ratelimit;
}
+size_t ip_rate_sizefunc(void* k, void* ATTR_UNUSED(d))
+{
+ struct ip_rate_key* key = (struct ip_rate_key*)k;
+ return sizeof(*key) + sizeof(struct ip_rate_data)
+ + lock_get_mem(&key->entry.lock);
+}
+
+int ip_rate_compfunc(void* key1, void* key2)
+{
+ struct ip_rate_key* k1 = (struct ip_rate_key*)key1;
+ struct ip_rate_key* k2 = (struct ip_rate_key*)key2;
+ return sockaddr_cmp_addr(&k1->addr, k1->addrlen,
+ &k2->addr, k2->addrlen);
+}
+
+void ip_rate_delkeyfunc(void* k, void* ATTR_UNUSED(arg))
+{
+ struct ip_rate_key* key = (struct ip_rate_key*)k;
+ if(!key)
+ return;
+ lock_rw_destroy(&key->entry.lock);
+ free(key);
+}
+
/** find data item in array, for write access, caller unlocks */
static struct lruhash_entry* infra_find_ratedata(struct infra_cache* infra,
uint8_t* name, size_t namelen, int wr)
{
struct rate_key key;
- hashvalue_t h = dname_query_hash(name, 0xab);
+ hashvalue_type h = dname_query_hash(name, 0xab);
memset(&key, 0, sizeof(key));
key.name = name;
key.namelen = namelen;
@@ -739,11 +783,25 @@ static struct lruhash_entry* infra_find_ratedata(struct infra_cache* infra,
return slabhash_lookup(infra->domain_rates, h, &key, wr);
}
+/** find data item in array for ip addresses */
+static struct lruhash_entry* infra_find_ip_ratedata(struct infra_cache* infra,
+ struct comm_reply* repinfo, int wr)
+{
+ struct ip_rate_key key;
+ hashvalue_type h = hash_addr(&(repinfo->addr),
+ repinfo->addrlen, 0);
+ memset(&key, 0, sizeof(key));
+ key.addr = repinfo->addr;
+ key.addrlen = repinfo->addrlen;
+ key.entry.hash = h;
+ return slabhash_lookup(infra->client_ip_rates, h, &key, wr);
+}
+
/** create rate data item for name, number 1 in now */
static void infra_create_ratedata(struct infra_cache* infra,
uint8_t* name, size_t namelen, time_t timenow)
{
- hashvalue_t h = dname_query_hash(name, 0xab);
+ hashvalue_type h = dname_query_hash(name, 0xab);
struct rate_key* k = (struct rate_key*)calloc(1, sizeof(*k));
struct rate_data* d = (struct rate_data*)calloc(1, sizeof(*d));
if(!k || !d) {
@@ -767,6 +825,30 @@ static void infra_create_ratedata(struct infra_cache* infra,
slabhash_insert(infra->domain_rates, h, &k->entry, d, NULL);
}
+/** create rate data item for ip address */
+static void infra_ip_create_ratedata(struct infra_cache* infra,
+ struct comm_reply* repinfo, time_t timenow)
+{
+ hashvalue_type h = hash_addr(&(repinfo->addr),
+ repinfo->addrlen, 0);
+ struct ip_rate_key* k = (struct ip_rate_key*)calloc(1, sizeof(*k));
+ struct ip_rate_data* d = (struct ip_rate_data*)calloc(1, sizeof(*d));
+ if(!k || !d) {
+ free(k);
+ free(d);
+ return; /* alloc failure */
+ }
+ k->addr = repinfo->addr;
+ k->addrlen = repinfo->addrlen;
+ lock_rw_init(&k->entry.lock);
+ k->entry.hash = h;
+ k->entry.key = k;
+ k->entry.data = d;
+ d->qps[0] = 1;
+ d->timestamp[0] = timenow;
+ slabhash_insert(infra->client_ip_rates, h, &k->entry, d, NULL);
+}
+
/** find the second and return its rate counter, if none, remove oldest */
static int* infra_rate_find_second(void* data, time_t t)
{
@@ -875,6 +957,41 @@ infra_get_mem(struct infra_cache* infra)
{
size_t s = sizeof(*infra) + slabhash_get_mem(infra->hosts);
if(infra->domain_rates) s += slabhash_get_mem(infra->domain_rates);
+ if(infra->client_ip_rates) s += slabhash_get_mem(infra->client_ip_rates);
/* ignore domain_limits because walk through tree is big */
return s;
}
+
+int infra_ip_ratelimit_inc(struct infra_cache* infra,
+ struct comm_reply* repinfo, time_t timenow)
+{
+ int max;
+ struct lruhash_entry* entry;
+
+ /* not enabled */
+ if(!infra_ip_ratelimit) {
+ return 1;
+ }
+ /* find or insert ratedata */
+ entry = infra_find_ip_ratedata(infra, repinfo, 1);
+ if(entry) {
+ int premax = infra_rate_max(entry->data, timenow);
+ int* cur = infra_rate_find_second(entry->data, timenow);
+ (*cur)++;
+ max = infra_rate_max(entry->data, timenow);
+ lock_rw_unlock(&entry->lock);
+
+ if(premax < infra_ip_ratelimit && max >= infra_ip_ratelimit) {
+ char client_ip[128];
+ addr_to_str((struct sockaddr_storage *)&repinfo->addr,
+ repinfo->addrlen, client_ip, sizeof(client_ip));
+ verbose(VERB_OPS, "ratelimit exceeded %s %d", client_ip,
+ infra_ip_ratelimit);
+ }
+ return (max <= infra_ip_ratelimit);
+ }
+
+ /* create */
+ infra_ip_create_ratedata(infra, repinfo, timenow);
+ return 1;
+}
diff --git a/contrib/unbound/services/cache/infra.h b/contrib/unbound/services/cache/infra.h
index fc7abb7c4dd1..6f9471a3941c 100644
--- a/contrib/unbound/services/cache/infra.h
+++ b/contrib/unbound/services/cache/infra.h
@@ -36,7 +36,10 @@
/**
* \file
*
- * This file contains the infrastructure cache.
+ * This file contains the infrastructure cache, as well as rate limiting.
+ * Note that there are two sorts of rate-limiting here:
+ * - Pre-cache, per-query rate limiting (query ratelimits)
+ * - Post-cache, per-domain name rate limiting (infra-ratelimits)
*/
#ifndef SERVICES_CACHE_INFRA_H
@@ -44,6 +47,8 @@
#include "util/storage/lruhash.h"
#include "util/storage/dnstree.h"
#include "util/rtt.h"
+#include "util/netevent.h"
+#include "util/data/msgreply.h"
struct slabhash;
struct config_file;
@@ -112,7 +117,9 @@ struct infra_cache {
/** hash table with query rates per name: rate_key, rate_data */
struct slabhash* domain_rates;
/** ratelimit settings for domains, struct domain_limit_data */
- rbtree_t domain_limits;
+ rbtree_type domain_limits;
+ /** hash table with query rates per client ip: ip_rate_key, ip_rate_data */
+ struct slabhash* client_ip_rates;
};
/** ratelimit, unless overridden by domain_limits, 0 is off */
@@ -142,6 +149,21 @@ struct rate_key {
size_t namelen;
};
+/** ip ratelimit, 0 is off */
+extern int infra_ip_ratelimit;
+
+/**
+ * key for ip_ratelimit lookups, a source IP.
+ */
+struct ip_rate_key {
+ /** lruhash key entry */
+ struct lruhash_entry entry;
+ /** client ip information */
+ struct sockaddr_storage addr;
+ /** length of address */
+ socklen_t addrlen;
+};
+
/** number of seconds to track qps rate */
#define RATE_WINDOW 2
@@ -160,6 +182,8 @@ struct rate_data {
time_t timestamp[RATE_WINDOW];
};
+#define ip_rate_data rate_data
+
/** infra host cache default hash lookup size */
#define INFRA_HOST_STARTSIZE 32
/** bytes per zonename reserved in the hostcache, dnamelen(zonename.com.) */
@@ -381,6 +405,16 @@ int infra_rate_max(void* data, time_t now);
int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
size_t namelen);
+/** Update query ratelimit hash and decide
+ * whether or not a query should be dropped.
+ * @param infra: infra cache
+ * @param repinfo: information about client
+ * @param timenow: what time it is now.
+ * @return 1 if it could be incremented. 0 if the increment overshot the
+ * ratelimit and the query should be dropped. */
+int infra_ip_ratelimit_inc(struct infra_cache* infra,
+ struct comm_reply* repinfo, time_t timenow);
+
/**
* Get memory used by the infra cache.
* @param infra: infrastructure cache.
@@ -413,4 +447,16 @@ void rate_delkeyfunc(void* k, void* arg);
/** delete data */
void rate_deldatafunc(void* d, void* arg);
+/* calculate size for the client ip hashtable */
+size_t ip_rate_sizefunc(void* k, void* d);
+
+/* compare two addresses */
+int ip_rate_compfunc(void* key1, void* key2);
+
+/* delete key, and destroy the lock */
+void ip_rate_delkeyfunc(void* d, void* arg);
+
+/* delete data */
+#define ip_rate_deldatafunc rate_deldatafunc
+
#endif /* SERVICES_CACHE_INFRA_H */
diff --git a/contrib/unbound/services/cache/rrset.c b/contrib/unbound/services/cache/rrset.c
index 2f6a1b506712..7e5732b760f2 100644
--- a/contrib/unbound/services/cache/rrset.c
+++ b/contrib/unbound/services/cache/rrset.c
@@ -91,7 +91,7 @@ struct rrset_cache* rrset_cache_adjust(struct rrset_cache *r,
void
rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key,
- hashvalue_t hash, rrset_id_t id)
+ hashvalue_type hash, rrset_id_type id)
{
struct lruhash* table = slabhash_gettable(&r->table, hash);
/*
@@ -186,7 +186,7 @@ rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref,
{
struct lruhash_entry* e;
struct ub_packed_rrset_key* k = ref->key;
- hashvalue_t h = k->entry.hash;
+ hashvalue_type h = k->entry.hash;
uint16_t rrset_type = ntohs(k->rk.type);
int equal = 0;
log_assert(ref->id != 0 && k->id != 0);
@@ -303,10 +303,10 @@ void
rrset_array_unlock_touch(struct rrset_cache* r, struct regional* scratch,
struct rrset_ref* ref, size_t count)
{
- hashvalue_t* h;
+ hashvalue_type* h;
size_t i;
- if(count > RR_COUNT_MAX || !(h = (hashvalue_t*)regional_alloc(scratch,
- sizeof(hashvalue_t)*count))) {
+ if(count > RR_COUNT_MAX || !(h = (hashvalue_type*)regional_alloc(
+ scratch, sizeof(hashvalue_type)*count))) {
log_warn("rrset LRU: memory allocation failed");
h = NULL;
} else /* store hash values */
diff --git a/contrib/unbound/services/cache/rrset.h b/contrib/unbound/services/cache/rrset.h
index 98e44a4e5268..d5439ef085b7 100644
--- a/contrib/unbound/services/cache/rrset.h
+++ b/contrib/unbound/services/cache/rrset.h
@@ -102,7 +102,7 @@ struct rrset_cache* rrset_cache_adjust(struct rrset_cache* r,
* @param id: used to check that the item is unchanged and not deleted.
*/
void rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key,
- hashvalue_t hash, rrset_id_t id);
+ hashvalue_type hash, rrset_id_type id);
/**
* Update an rrset in the rrset cache. Stores the information for later use.
diff --git a/contrib/unbound/services/listen_dnsport.c b/contrib/unbound/services/listen_dnsport.c
index 6637483b9dcf..0132ce45f781 100644
--- a/contrib/unbound/services/listen_dnsport.c
+++ b/contrib/unbound/services/listen_dnsport.c
@@ -63,6 +63,10 @@
#include <sys/un.h>
#endif
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
/** number of queued TCP connections for listen() */
#define TCP_BACKLOG 256
@@ -96,11 +100,71 @@ verbose_print_addr(struct addrinfo *addr)
}
}
+#ifdef HAVE_SYSTEMD
+static int
+systemd_get_activated(int family, int socktype, int listen,
+ struct sockaddr *addr, socklen_t addrlen,
+ const char *path)
+{
+ int i = 0;
+ int r = 0;
+ int s = -1;
+ const char* listen_pid, *listen_fds;
+
+ /* We should use "listen" option only for stream protocols. For UDP it should be -1 */
+
+ if((r = sd_booted()) < 1) {
+ if(r == 0)
+ log_warn("systemd is not running");
+ else
+ log_err("systemd sd_booted(): %s", strerror(-r));
+ return -1;
+ }
+
+ listen_pid = getenv("LISTEN_PID");
+ listen_fds = getenv("LISTEN_FDS");
+
+ if (!listen_pid) {
+ log_warn("Systemd mandatory ENV variable is not defined: LISTEN_PID");
+ return -1;
+ }
+
+ if (!listen_fds) {
+ log_warn("Systemd mandatory ENV variable is not defined: LISTEN_FDS");
+ return -1;
+ }
+
+ if((r = sd_listen_fds(0)) < 1) {
+ if(r == 0)
+ log_warn("systemd: did not return socket, check unit configuration");
+ else
+ log_err("systemd sd_listen_fds(): %s", strerror(-r));
+ return -1;
+ }
+
+ for(i = 0; i < r; i++) {
+ if(sd_is_socket(SD_LISTEN_FDS_START + i, family, socktype, listen)) {
+ s = SD_LISTEN_FDS_START + i;
+ break;
+ }
+ }
+ if (s == -1) {
+ if (addr)
+ log_err_addr("systemd sd_listen_fds()",
+ "no such socket",
+ (struct sockaddr_storage *)addr, addrlen);
+ else
+ log_err("systemd sd_listen_fds(): %s", path);
+ }
+ return s;
+}
+#endif
+
int
create_udp_sock(int family, int socktype, struct sockaddr* addr,
socklen_t addrlen, int v6only, int* inuse, int* noproto,
int rcv, int snd, int listen, int* reuseport, int transparent,
- int freebind)
+ int freebind, int use_systemd)
{
int s;
#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND)
@@ -124,6 +188,16 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
#if !defined(IP_FREEBIND)
(void)freebind;
#endif
+#ifdef HAVE_SYSTEMD
+ int got_fd_from_systemd = 0;
+
+ if (!use_systemd
+ || (use_systemd
+ && (s = systemd_get_activated(family, socktype, -1, addr,
+ addrlen, NULL)) == -1)) {
+#else
+ (void)use_systemd;
+#endif
if((s = socket(family, socktype, 0)) == -1) {
*inuse = 0;
#ifndef USE_WINSOCK
@@ -144,6 +218,11 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
*noproto = 0;
return -1;
}
+#ifdef HAVE_SYSTEMD
+ } else {
+ got_fd_from_systemd = 1;
+ }
+#endif
if(listen) {
#ifdef SO_REUSEADDR
if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
@@ -465,7 +544,11 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
}
# endif /* IPv4 MTU */
}
- if(bind(s, (struct sockaddr*)addr, addrlen) != 0) {
+ if(
+#ifdef HAVE_SYSTEMD
+ !got_fd_from_systemd &&
+#endif
+ bind(s, (struct sockaddr*)addr, addrlen) != 0) {
*noproto = 0;
*inuse = 0;
#ifndef USE_WINSOCK
@@ -488,7 +571,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
(struct sockaddr_storage*)addr, addrlen);
}
closesocket(s);
-#endif
+#endif /* USE_WINSOCK */
return -1;
}
if(!fd_set_nonblock(s)) {
@@ -506,12 +589,15 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
int
create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
- int* reuseport, int transparent, int mss, int freebind)
+ int* reuseport, int transparent, int mss, int freebind, int use_systemd)
{
int s;
#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND)
int on = 1;
#endif
+#ifdef HAVE_SYSTEMD
+ int got_fd_from_systemd = 0;
+#endif
#ifdef USE_TCP_FASTOPEN
int qlen;
#endif
@@ -523,6 +609,15 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
#endif
verbose_print_addr(addr);
*noproto = 0;
+#ifdef HAVE_SYSTEMD
+ if (!use_systemd ||
+ (use_systemd
+ && (s = systemd_get_activated(addr->ai_family, addr->ai_socktype, 1,
+ addr->ai_addr, addr->ai_addrlen,
+ NULL)) == -1)) {
+#else
+ (void)use_systemd;
+#endif
if((s = socket(addr->ai_family, addr->ai_socktype, 0)) == -1) {
#ifndef USE_WINSOCK
if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) {
@@ -560,6 +655,11 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
log_warn(" setsockopt(TCP_MAXSEG) unsupported");
#endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */
}
+#ifdef HAVE_SYSTEMD
+ } else {
+ got_fd_from_systemd = 1;
+ }
+#endif
#ifdef SO_REUSEADDR
if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
(socklen_t)sizeof(on)) < 0) {
@@ -637,7 +737,11 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
(addr->ai_family==AF_INET6?"V6":""), strerror(errno));
}
#endif /* IP_TRANSPARENT || IP_BINDANY */
- if(bind(s, addr->ai_addr, addr->ai_addrlen) != 0) {
+ if(
+#ifdef HAVE_SYSTEMD
+ !got_fd_from_systemd &&
+#endif
+ bind(s, addr->ai_addr, addr->ai_addrlen) != 0) {
#ifndef USE_WINSOCK
/* detect freebsd jail with no ipv6 permission */
if(addr->ai_family==AF_INET6 && errno==EINVAL)
@@ -695,11 +799,21 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
}
int
-create_local_accept_sock(const char *path, int* noproto)
+create_local_accept_sock(const char *path, int* noproto, int use_systemd)
{
+#ifdef HAVE_SYSTEMD
+ int ret;
+
+ if (use_systemd && (ret = systemd_get_activated(AF_LOCAL, SOCK_STREAM, 1, NULL, 0, path)) != -1)
+ return ret;
+ else {
+#endif
#ifdef HAVE_SYS_UN_H
int s;
struct sockaddr_un usock;
+#ifndef HAVE_SYSTEMD
+ (void)use_systemd;
+#endif
verbose(VERB_ALGO, "creating unix socket %s", path);
#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
@@ -720,29 +834,42 @@ create_local_accept_sock(const char *path, int* noproto)
/* The socket already exists and cannot be removed */
log_err("Cannot remove old local socket %s (%s)",
path, strerror(errno));
- return -1;
+ goto err;
}
if (bind(s, (struct sockaddr *)&usock,
(socklen_t)sizeof(struct sockaddr_un)) == -1) {
log_err("Cannot bind local socket %s (%s)",
path, strerror(errno));
- return -1;
+ goto err;
}
if (!fd_set_nonblock(s)) {
log_err("Cannot set non-blocking mode");
- return -1;
+ goto err;
}
if (listen(s, TCP_BACKLOG) == -1) {
log_err("can't listen: %s", strerror(errno));
- return -1;
+ goto err;
}
(void)noproto; /*unused*/
return s;
+
+err:
+#ifndef USE_WINSOCK
+ close(s);
+#else
+ closesocket(s);
+#endif
+ return -1;
+
+#ifdef HAVE_SYSTEMD
+ }
+#endif
#else
+ (void)use_systemd;
(void)path;
log_err("Local sockets are not supported");
*noproto = 1;
@@ -757,7 +884,7 @@ create_local_accept_sock(const char *path, int* noproto)
static int
make_sock(int stype, const char* ifname, const char* port,
struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd,
- int* reuseport, int transparent, int tcp_mss, int freebind)
+ int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd)
{
struct addrinfo *res = NULL;
int r, s, inuse, noproto;
@@ -785,7 +912,7 @@ make_sock(int stype, const char* ifname, const char* port,
s = create_udp_sock(res->ai_family, res->ai_socktype,
(struct sockaddr*)res->ai_addr, res->ai_addrlen,
v6only, &inuse, &noproto, (int)rcv, (int)snd, 1,
- reuseport, transparent, freebind);
+ reuseport, transparent, freebind, use_systemd);
if(s == -1 && inuse) {
log_err("bind: address already in use");
} else if(s == -1 && noproto && hints->ai_family == AF_INET6){
@@ -793,7 +920,7 @@ make_sock(int stype, const char* ifname, const char* port,
}
} else {
s = create_tcp_accept_sock(res, v6only, &noproto, reuseport,
- transparent, tcp_mss, freebind);
+ transparent, tcp_mss, freebind, use_systemd);
if(s == -1 && noproto && hints->ai_family == AF_INET6){
*noip6 = 1;
}
@@ -806,7 +933,7 @@ make_sock(int stype, const char* ifname, const char* port,
static int
make_sock_port(int stype, const char* ifname, const char* port,
struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd,
- int* reuseport, int transparent, int tcp_mss, int freebind)
+ int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd)
{
char* s = strchr(ifname, '@');
if(s) {
@@ -828,10 +955,10 @@ make_sock_port(int stype, const char* ifname, const char* port,
(void)strlcpy(p, s+1, sizeof(p));
p[strlen(s+1)]=0;
return make_sock(stype, newif, p, hints, v6only, noip6,
- rcv, snd, reuseport, transparent, tcp_mss, freebind);
+ rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd);
}
return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd,
- reuseport, transparent, tcp_mss, freebind);
+ reuseport, transparent, tcp_mss, freebind, use_systemd);
}
/**
@@ -881,7 +1008,7 @@ set_recvpktinfo(int s, int family)
}
# else
log_err("no IPV6_RECVPKTINFO and no IPV6_PKTINFO option, please "
- "disable interface-automatic in config");
+ "disable interface-automatic or do-ip6 in config");
return 0;
# endif /* defined IPV6_RECVPKTINFO */
@@ -902,7 +1029,7 @@ set_recvpktinfo(int s, int family)
}
# else
log_err("no IP_SENDSRCADDR or IP_PKTINFO option, please disable "
- "interface-automatic in config");
+ "interface-automatic or do-ip4 in config");
return 0;
# endif /* IP_PKTINFO */
@@ -928,13 +1055,14 @@ set_recvpktinfo(int s, int family)
* @param transparent: set IP_TRANSPARENT socket option.
* @param tcp_mss: maximum segment size of tcp socket. default if zero.
* @param freebind: set IP_FREEBIND socket option.
+ * @param use_systemd: if true, fetch sockets from systemd.
* @return: returns false on error.
*/
static int
ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
struct addrinfo *hints, const char* port, struct listen_port** list,
size_t rcv, size_t snd, int ssl_port, int* reuseport, int transparent,
- int tcp_mss, int freebind)
+ int tcp_mss, int freebind, int use_systemd)
{
int s, noip6=0;
if(!do_udp && !do_tcp)
@@ -942,7 +1070,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
if(do_auto) {
if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1,
&noip6, rcv, snd, reuseport, transparent,
- tcp_mss, freebind)) == -1) {
+ tcp_mss, freebind, use_systemd)) == -1) {
if(noip6) {
log_warn("IPv6 protocol not available");
return 1;
@@ -970,7 +1098,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
/* regular udp socket */
if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1,
&noip6, rcv, snd, reuseport, transparent,
- tcp_mss, freebind)) == -1) {
+ tcp_mss, freebind, use_systemd)) == -1) {
if(noip6) {
log_warn("IPv6 protocol not available");
return 1;
@@ -992,7 +1120,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
(!strchr(ifname, '@') && atoi(port) == ssl_port));
if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1,
&noip6, 0, 0, reuseport, transparent, tcp_mss,
- freebind)) == -1) {
+ freebind, use_systemd)) == -1) {
if(noip6) {
/*log_warn("IPv6 protocol not available");*/
return 1;
@@ -1036,7 +1164,7 @@ listen_cp_insert(struct comm_point* c, struct listen_dnsport* front)
struct listen_dnsport*
listen_create(struct comm_base* base, struct listen_port* ports,
size_t bufsize, int tcp_accept_count, void* sslctx,
- struct dt_env* dtenv, comm_point_callback_t* cb, void *cb_arg)
+ struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg)
{
struct listen_dnsport* front = (struct listen_dnsport*)
malloc(sizeof(struct listen_dnsport));
@@ -1150,7 +1278,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, reuseport,
cfg->ip_transparent,
- cfg->tcp_mss, cfg->ip_freebind)) {
+ cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd)) {
listening_ports_free(list);
return NULL;
}
@@ -1163,7 +1291,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, reuseport,
cfg->ip_transparent,
- cfg->tcp_mss, cfg->ip_freebind)) {
+ cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd)) {
listening_ports_free(list);
return NULL;
}
@@ -1178,7 +1306,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, reuseport,
cfg->ip_transparent,
- cfg->tcp_mss, cfg->ip_freebind)) {
+ cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd)) {
listening_ports_free(list);
return NULL;
}
@@ -1191,7 +1319,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
cfg->so_rcvbuf, cfg->so_sndbuf,
cfg->ssl_port, reuseport,
cfg->ip_transparent,
- cfg->tcp_mss, cfg->ip_freebind)) {
+ cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd)) {
listening_ports_free(list);
return NULL;
}
diff --git a/contrib/unbound/services/listen_dnsport.h b/contrib/unbound/services/listen_dnsport.h
index fbaa48321d0f..93d2ef7148e2 100644
--- a/contrib/unbound/services/listen_dnsport.h
+++ b/contrib/unbound/services/listen_dnsport.h
@@ -137,7 +137,7 @@ void listening_ports_free(struct listen_port* list);
*/
struct listen_dnsport* listen_create(struct comm_base* base,
struct listen_port* ports, size_t bufsize, int tcp_accept_count,
- void* sslctx, struct dt_env *dtenv, comm_point_callback_t* cb,
+ void* sslctx, struct dt_env *dtenv, comm_point_callback_type* cb,
void* cb_arg);
/**
@@ -191,11 +191,12 @@ void listen_start_accept(struct listen_dnsport* listen);
* listening UDP port. Set to false on return if it failed to do so.
* @param transparent: set IP_TRANSPARENT socket option.
* @param freebind: set IP_FREEBIND socket option.
+ * @param use_systemd: if true, fetch sockets from systemd.
* @return: the socket. -1 on error.
*/
int create_udp_sock(int family, int socktype, struct sockaddr* addr,
socklen_t addrlen, int v6only, int* inuse, int* noproto, int rcv,
- int snd, int listen, int* reuseport, int transparent, int freebind);
+ int snd, int listen, int* reuseport, int transparent, int freebind, int use_systemd);
/**
* Create and bind TCP listening socket
@@ -207,18 +208,20 @@ int create_udp_sock(int family, int socktype, struct sockaddr* addr,
* @param transparent: set IP_TRANSPARENT socket option.
* @param mss: maximum segment size of the socket. if zero, leaves the default.
* @param freebind: set IP_FREEBIND socket option.
+ * @param use_systemd: if true, fetch sockets from systemd.
* @return: the socket. -1 on error.
*/
int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
- int* reuseport, int transparent, int mss, int freebind);
+ int* reuseport, int transparent, int mss, int freebind, int use_systemd);
/**
* Create and bind local listening socket
* @param path: path to the socket.
* @param noproto: on error, this is set true if cause is that local sockets
* are not supported.
+ * @param use_systemd: if true, fetch sockets from systemd.
* @return: the socket. -1 on error.
*/
-int create_local_accept_sock(const char* path, int* noproto);
+int create_local_accept_sock(const char* path, int* noproto, int use_systemd);
#endif /* LISTEN_DNSPORT_H */
diff --git a/contrib/unbound/services/localzone.c b/contrib/unbound/services/localzone.c
index 0ea74d856873..d813ab586172 100644
--- a/contrib/unbound/services/localzone.c
+++ b/contrib/unbound/services/localzone.c
@@ -74,7 +74,7 @@ local_zones_create(void)
/** helper traverse to delete zones */
static void
-lzdel(rbnode_t* n, void* ATTR_UNUSED(arg))
+lzdel(rbnode_type* n, void* ATTR_UNUSED(arg))
{
struct local_zone* z = (struct local_zone*)n->key;
local_zone_delete(z);
@@ -165,7 +165,7 @@ local_zone_create(uint8_t* nm, size_t len, int labs,
return NULL;
}
rbtree_init(&z->data, &local_data_cmp);
- lock_protect(&z->lock, &z->parent, sizeof(*z)-sizeof(rbnode_t));
+ lock_protect(&z->lock, &z->parent, sizeof(*z)-sizeof(rbnode_type));
/* also the zones->lock protects node, parent, name*, class */
return z;
}
@@ -629,7 +629,7 @@ lz_enter_override(struct local_zones* zones, char* zname, char* netblock,
/* create netblock addr_tree if not present yet */
if(!z->override_tree) {
- z->override_tree = (struct rbtree_t*)regional_alloc_zero(
+ z->override_tree = (struct rbtree_type*)regional_alloc_zero(
z->region, sizeof(*z->override_tree));
if(!z->override_tree) {
lock_rw_unlock(&z->lock);
@@ -1060,7 +1060,7 @@ local_zones_tags_lookup(struct local_zones* zones,
uint8_t* name, size_t len, int labs, uint16_t dclass,
uint8_t* taglist, size_t taglen, int ignoretags)
{
- rbnode_t* res = NULL;
+ rbnode_type* res = NULL;
struct local_zone *result;
struct local_zone key;
int m;
@@ -1214,6 +1214,24 @@ local_encode(struct query_info* qinfo, struct module_env* env,
return 1;
}
+/** encode local error answer */
+static void
+local_error_encode(struct query_info* qinfo, struct module_env* env,
+ struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
+ int rcode, int r)
+{
+ edns->edns_version = EDNS_ADVERTISED_VERSION;
+ edns->udp_size = EDNS_ADVERTISED_SIZE;
+ edns->ext_rcode = 0;
+ edns->bits &= EDNS_DO;
+
+ if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
+ rcode, edns, temp))
+ edns->opt_list = NULL;
+ error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf),
+ sldns_buffer_read_u16_at(buf, 2), edns);
+}
+
/** find local data tag string match for the given type in the list */
static int
find_tag_datas(struct query_info* qinfo, struct config_strlist* list,
@@ -1414,9 +1432,8 @@ lz_zone_answer(struct local_zone* z, struct module_env* env,
return 1;
} else if(lz_type == local_zone_refuse
|| lz_type == local_zone_always_refuse) {
- error_encode(buf, (LDNS_RCODE_REFUSED|BIT_AA), qinfo,
- *(uint16_t*)sldns_buffer_begin(buf),
- sldns_buffer_read_u16_at(buf, 2), edns);
+ local_error_encode(qinfo, env, edns, buf, temp,
+ LDNS_RCODE_REFUSED, (LDNS_RCODE_REFUSED|BIT_AA));
return 1;
} else if(lz_type == local_zone_static ||
lz_type == local_zone_redirect ||
@@ -1433,9 +1450,8 @@ lz_zone_answer(struct local_zone* z, struct module_env* env,
if(z->soa)
return local_encode(qinfo, env, edns, buf, temp,
z->soa, 0, rcode);
- error_encode(buf, (rcode|BIT_AA), qinfo,
- *(uint16_t*)sldns_buffer_begin(buf),
- sldns_buffer_read_u16_at(buf, 2), edns);
+ local_error_encode(qinfo, env, edns, buf, temp, rcode,
+ (rcode|BIT_AA));
return 1;
} else if(lz_type == local_zone_typetransparent
|| lz_type == local_zone_always_transparent) {
@@ -1451,9 +1467,8 @@ lz_zone_answer(struct local_zone* z, struct module_env* env,
if(z->soa)
return local_encode(qinfo, env, edns, buf, temp,
z->soa, 0, rcode);
- error_encode(buf, (rcode|BIT_AA), qinfo,
- *(uint16_t*)sldns_buffer_begin(buf),
- sldns_buffer_read_u16_at(buf, 2), edns);
+ local_error_encode(qinfo, env, edns, buf, temp, rcode,
+ (rcode|BIT_AA));
return 1;
}
@@ -1479,8 +1494,8 @@ lz_inform_print(struct local_zone* z, struct query_info* qinfo,
static enum localzone_type
lz_type(uint8_t *taglist, size_t taglen, uint8_t *taglist2, size_t taglen2,
uint8_t *tagactions, size_t tagactionssize, enum localzone_type lzt,
- struct comm_reply* repinfo, struct rbtree_t* override_tree, int* tag,
- char** tagname, int num_tags)
+ struct comm_reply* repinfo, struct rbtree_type* override_tree,
+ int* tag, char** tagname, int num_tags)
{
size_t i, j;
uint8_t tagmatch;
diff --git a/contrib/unbound/services/localzone.h b/contrib/unbound/services/localzone.h
index 6db9b3dd97db..bf9c9bf489cb 100644
--- a/contrib/unbound/services/localzone.h
+++ b/contrib/unbound/services/localzone.h
@@ -95,9 +95,9 @@ enum localzone_type {
*/
struct local_zones {
/** lock on the localzone tree */
- lock_rw_t lock;
+ lock_rw_type lock;
/** rbtree of struct local_zone */
- rbtree_t ztree;
+ rbtree_type ztree;
};
/**
@@ -105,7 +105,7 @@ struct local_zones {
*/
struct local_zone {
/** rbtree node, key is name and class */
- rbnode_t node;
+ rbnode_type node;
/** parent zone, if any. */
struct local_zone* parent;
@@ -123,7 +123,7 @@ struct local_zone {
* For the node, parent, name, namelen, namelabs, dclass, you
* need to also hold the zones_tree lock to change them (or to
* delete this zone) */
- lock_rw_t lock;
+ lock_rw_type lock;
/** how to process zone */
enum localzone_type type;
@@ -133,14 +133,14 @@ struct local_zone {
size_t taglen;
/** netblock addr_tree with struct local_zone_override information
* or NULL if there are no override elements */
- struct rbtree_t* override_tree;
+ struct rbtree_type* override_tree;
/** in this region the zone's data is allocated.
* the struct local_zone itself is malloced. */
struct regional* region;
/** local data for this zone
* rbtree of struct local_data */
- rbtree_t data;
+ rbtree_type data;
/** if data contains zone apex SOA data, this is a ptr to it. */
struct ub_packed_rrset_key* soa;
};
@@ -150,7 +150,7 @@ struct local_zone {
*/
struct local_data {
/** rbtree node, key is name only */
- rbnode_t node;
+ rbnode_type node;
/** domain name */
uint8_t* name;
/** length of name */
diff --git a/contrib/unbound/services/mesh.c b/contrib/unbound/services/mesh.c
index 83a01ede82af..f5a193ac2d48 100644
--- a/contrib/unbound/services/mesh.c
+++ b/contrib/unbound/services/mesh.c
@@ -203,7 +203,7 @@ mesh_create(struct module_stack* stack, struct module_env* env)
/** help mesh delete delete mesh states */
static void
-mesh_delete_helper(rbnode_t* n)
+mesh_delete_helper(rbnode_type* n)
{
struct mesh_state* mstate = (struct mesh_state*)n->key;
/* perform a full delete, not only 'cleanup' routine,
@@ -321,7 +321,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
/* see if it already exists, if not, create one */
if(!s) {
#ifdef UNBOUND_DEBUG
- struct rbnode_t* n;
+ struct rbnode_type* n;
#endif
s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0);
if(!s) {
@@ -409,7 +409,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
int
mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo,
uint16_t qflags, struct edns_data* edns, sldns_buffer* buf,
- uint16_t qid, mesh_cb_func_t cb, void* cb_arg)
+ uint16_t qid, mesh_cb_func_type cb, void* cb_arg)
{
struct mesh_state* s = NULL;
int unique = edns_unique_mesh_state(edns->opt_list, mesh->env);
@@ -423,7 +423,7 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo,
/* see if it already exists, if not, create one */
if(!s) {
#ifdef UNBOUND_DEBUG
- struct rbnode_t* n;
+ struct rbnode_type* n;
#endif
s = mesh_state_create(mesh->env, qinfo, qflags&(BIT_RD|BIT_CD), 0, 0);
if(!s) {
@@ -479,7 +479,7 @@ void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo,
struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&(BIT_RD|BIT_CD),
0, 0);
#ifdef UNBOUND_DEBUG
- struct rbnode_t* n;
+ struct rbnode_type* n;
#endif
/* already exists, and for a different purpose perhaps.
* if mesh_no_list, keep it that way. */
@@ -729,7 +729,7 @@ void mesh_detach_subs(struct module_qstate* qstate)
struct mesh_area* mesh = qstate->env->mesh;
struct mesh_state_ref* ref, lookup;
#ifdef UNBOUND_DEBUG
- struct rbnode_t* n;
+ struct rbnode_type* n;
#endif
lookup.node.key = &lookup;
lookup.s = qstate->mesh_info;
@@ -764,7 +764,7 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
}
if(!sub) {
#ifdef UNBOUND_DEBUG
- struct rbnode_t* n;
+ struct rbnode_type* n;
#endif
/* create a new one */
sub = mesh_state_create(qstate->env, qinfo, qflags, prime, valrec);
@@ -809,7 +809,7 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub)
{
#ifdef UNBOUND_DEBUG
- struct rbnode_t* n;
+ struct rbnode_type* n;
#endif
struct mesh_state_ref* subref; /* points to sub, inserted in super */
struct mesh_state_ref* superref; /* points to super, inserted in sub */
@@ -1019,6 +1019,12 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
query_reply.c->buffer)) == 0)
m->s.env->mesh->ans_nodata++;
}
+ /* Log reply sent */
+ if(m->s.env->cfg->log_replies) {
+ log_reply_info(0, &m->s.qinfo, &r->query_reply.addr,
+ r->query_reply.addrlen, duration, 0,
+ r->query_reply.c->buffer);
+ }
}
void mesh_query_done(struct mesh_state* mstate)
@@ -1074,7 +1080,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh,
}
int mesh_state_add_cb(struct mesh_state* s, struct edns_data* edns,
- sldns_buffer* buf, mesh_cb_func_t cb, void* cb_arg,
+ sldns_buffer* buf, mesh_cb_func_type cb, void* cb_arg,
uint16_t qid, uint16_t qflags)
{
struct mesh_cb* r = regional_alloc(s->s.region,
diff --git a/contrib/unbound/services/mesh.h b/contrib/unbound/services/mesh.h
index 7dd62ef19b62..435f89c689d5 100644
--- a/contrib/unbound/services/mesh.h
+++ b/contrib/unbound/services/mesh.h
@@ -83,9 +83,9 @@ struct mesh_area {
struct module_env* env;
/** set of runnable queries (mesh_state.run_node) */
- rbtree_t run;
+ rbtree_type run;
/** rbtree of all current queries (mesh_state.node)*/
- rbtree_t all;
+ rbtree_type all;
/** count of the total number of mesh_reply entries */
size_t num_reply_addrs;
@@ -154,9 +154,9 @@ struct mesh_area {
*/
struct mesh_state {
/** node in mesh_area all tree, key is this struct. Must be first. */
- rbnode_t node;
+ rbnode_type node;
/** node in mesh_area runnable tree, key is this struct */
- rbnode_t run_node;
+ rbnode_type run_node;
/** the query state. Note that the qinfo and query_flags
* may not change. */
struct module_qstate s;
@@ -166,10 +166,10 @@ struct mesh_state {
struct mesh_cb* cb_list;
/** set of superstates (that want this state's result)
* contains struct mesh_state_ref* */
- rbtree_t super_set;
+ rbtree_type super_set;
/** set of substates (that this state needs to continue)
* contains struct mesh_state_ref* */
- rbtree_t sub_set;
+ rbtree_type sub_set;
/** number of activations for the mesh state */
size_t num_activated;
@@ -193,7 +193,7 @@ struct mesh_state {
*/
struct mesh_state_ref {
/** node in rbtree for set, key is this structure */
- rbnode_t node;
+ rbnode_type node;
/** the mesh state */
struct mesh_state* s;
};
@@ -224,7 +224,7 @@ struct mesh_reply {
* Mesh result callback func.
* called as func(cb_arg, rcode, buffer_with_reply, security, why_bogus);
*/
-typedef void (*mesh_cb_func_t)(void*, int, struct sldns_buffer*, enum sec_status,
+typedef void (*mesh_cb_func_type)(void*, int, struct sldns_buffer*, enum sec_status,
char*);
/**
@@ -245,7 +245,7 @@ struct mesh_cb {
/** callback routine for results. if rcode != 0 buf has message.
* called as cb(cb_arg, rcode, buf, sec_state);
*/
- mesh_cb_func_t cb;
+ mesh_cb_func_type cb;
/** user arg for callback */
void* cb_arg;
};
@@ -300,7 +300,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo,
*/
int mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo,
uint16_t qflags, struct edns_data* edns, struct sldns_buffer* buf,
- uint16_t qid, mesh_cb_func_t cb, void* cb_arg);
+ uint16_t qid, mesh_cb_func_type cb, void* cb_arg);
/**
* New prefetch message. Create new query state if needed.
@@ -498,8 +498,8 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns,
* @return: 0 on alloc error.
*/
int mesh_state_add_cb(struct mesh_state* s, struct edns_data* edns,
- struct sldns_buffer* buf, mesh_cb_func_t cb, void* cb_arg, uint16_t qid,
- uint16_t qflags);
+ struct sldns_buffer* buf, mesh_cb_func_type cb, void* cb_arg,
+ uint16_t qid, uint16_t qflags);
/**
* Run the mesh. Run all runnable mesh states. Which can create new
diff --git a/contrib/unbound/services/outside_network.c b/contrib/unbound/services/outside_network.c
index eba019520700..88fc5a9168e9 100644
--- a/contrib/unbound/services/outside_network.c
+++ b/contrib/unbound/services/outside_network.c
@@ -334,7 +334,7 @@ use_free_buffer(struct outside_network* outnet)
if(outnet->tcp_wait_last == w)
outnet->tcp_wait_last = NULL;
if(!outnet_tcp_take_into_use(w, w->pkt, w->pkt_len)) {
- comm_point_callback_t* cb = w->cb;
+ comm_point_callback_type* cb = w->cb;
void* cb_arg = w->cb_arg;
waiting_tcp_delete(w);
fptr_ok(fptr_whitelist_pending_tcp(cb));
@@ -775,7 +775,7 @@ outside_network_create(struct comm_base *base, size_t bufsize,
/** helper pending delete */
static void
-pending_node_del(rbnode_t* node, void* arg)
+pending_node_del(rbnode_type* node, void* arg)
{
struct pending* pend = (struct pending*)node;
struct outside_network* outnet = (struct outside_network*)arg;
@@ -784,7 +784,7 @@ pending_node_del(rbnode_t* node, void* arg)
/** helper serviced delete */
static void
-serviced_node_del(rbnode_t* node, void* ATTR_UNUSED(arg))
+serviced_node_del(rbnode_type* node, void* ATTR_UNUSED(arg))
{
struct serviced_query* sq = (struct serviced_query*)node;
struct service_callback* p = sq->cblist, *np;
@@ -966,13 +966,13 @@ udp_sockport(struct sockaddr_storage* addr, socklen_t addrlen, int pfxlen,
}
fd = create_udp_sock(AF_INET6, SOCK_DGRAM,
(struct sockaddr*)&sa, addrlen, 1, inuse, &noproto,
- 0, 0, 0, NULL, 0, freebind);
+ 0, 0, 0, NULL, 0, freebind, 0);
} else {
struct sockaddr_in* sa = (struct sockaddr_in*)addr;
sa->sin_port = (in_port_t)htons((uint16_t)port);
fd = create_udp_sock(AF_INET, SOCK_DGRAM,
(struct sockaddr*)addr, addrlen, 1, inuse, &noproto,
- 0, 0, 0, NULL, 0, 0);
+ 0, 0, 0, NULL, 0, 0, 0);
}
return fd;
}
@@ -1124,7 +1124,7 @@ randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout)
struct pending*
pending_udp_query(struct serviced_query* sq, struct sldns_buffer* packet,
- int timeout, comm_point_callback_t* cb, void* cb_arg)
+ int timeout, comm_point_callback_type* cb, void* cb_arg)
{
struct pending* pend = (struct pending*)calloc(1, sizeof(*pend));
if(!pend) return NULL;
@@ -1174,7 +1174,7 @@ outnet_tcptimer(void* arg)
{
struct waiting_tcp* w = (struct waiting_tcp*)arg;
struct outside_network* outnet = w->outnet;
- comm_point_callback_t* cb;
+ comm_point_callback_type* cb;
void* cb_arg;
if(w->pkt) {
/* it is on the waiting list */
@@ -1197,7 +1197,7 @@ outnet_tcptimer(void* arg)
struct waiting_tcp*
pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet,
- int timeout, comm_point_callback_t* callback, void* callback_arg)
+ int timeout, comm_point_callback_type* callback, void* callback_arg)
{
struct pending_tcp* pend = sq->outnet->tcp_free;
struct waiting_tcp* w;
@@ -1301,7 +1301,7 @@ serviced_create(struct outside_network* outnet, sldns_buffer* buff, int dnssec,
{
struct serviced_query* sq = (struct serviced_query*)malloc(sizeof(*sq));
#ifdef UNBOUND_DEBUG
- rbnode_t* ins;
+ rbnode_type* ins;
#endif
if(!sq)
return NULL;
@@ -1587,7 +1587,7 @@ serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c,
uint8_t *backup_p = NULL;
size_t backlen = 0;
#ifdef UNBOUND_DEBUG
- rbnode_t* rem =
+ rbnode_type* rem =
#else
(void)
#endif
@@ -1990,7 +1990,7 @@ outnet_serviced_query(struct outside_network* outnet,
int nocaps, int tcp_upstream, int ssl_upstream,
struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
size_t zonelen, struct module_qstate* qstate,
- comm_point_callback_t* callback, void* callback_arg, sldns_buffer* buff,
+ comm_point_callback_type* callback, void* callback_arg, sldns_buffer* buff,
struct module_env* env)
{
struct serviced_query* sq;
diff --git a/contrib/unbound/services/outside_network.h b/contrib/unbound/services/outside_network.h
index f006b04cb734..befd512f0dad 100644
--- a/contrib/unbound/services/outside_network.h
+++ b/contrib/unbound/services/outside_network.h
@@ -123,9 +123,9 @@ struct outside_network {
struct pending* udp_wait_last;
/** pending udp answers. sorted by id, addr */
- rbtree_t* pending;
+ rbtree_type* pending;
/** serviced queries, sorted by qbuf, addr, dnssec */
- rbtree_t* serviced;
+ rbtree_type* serviced;
/** host cache, pointer but not owned by outnet. */
struct infra_cache* infra;
/** where to get random numbers */
@@ -210,7 +210,7 @@ struct port_comm {
*/
struct pending {
/** redblacktree entry, key is the pending struct(id, addr). */
- rbnode_t node;
+ rbnode_type node;
/** the ID for the query. int so that a value out of range can
* be used to signify a pending that is for certain not present in
* the rbtree. (and for which deletion is safe). */
@@ -224,7 +224,7 @@ struct pending {
/** timeout event */
struct comm_timer* timer;
/** callback for the timeout, error or reply to the message */
- comm_point_callback_t* cb;
+ comm_point_callback_type* cb;
/** callback user argument */
void* cb_arg;
/** the outside network it is part of */
@@ -285,7 +285,7 @@ struct waiting_tcp {
/** length of query packet. */
size_t pkt_len;
/** callback for the timeout, error or reply to the message */
- comm_point_callback_t* cb;
+ comm_point_callback_type* cb;
/** callback user argument */
void* cb_arg;
/** if it uses ssl upstream */
@@ -299,7 +299,7 @@ struct service_callback {
/** next in callback list */
struct service_callback* next;
/** callback function */
- comm_point_callback_t* cb;
+ comm_point_callback_type* cb;
/** user argument for callback function */
void* cb_arg;
};
@@ -317,7 +317,7 @@ struct service_callback {
*/
struct serviced_query {
/** The rbtree node, key is this record */
- rbnode_t node;
+ rbnode_type node;
/** The query that needs to be answered. Starts with flags u16,
* then qdcount, ..., including qname, qtype, qclass. Does not include
* EDNS record. */
@@ -443,7 +443,7 @@ void outside_network_quit_prepare(struct outside_network* outnet);
* @return: NULL on error for malloc or socket. Else the pending query object.
*/
struct pending* pending_udp_query(struct serviced_query* sq,
- struct sldns_buffer* packet, int timeout, comm_point_callback_t* callback,
+ struct sldns_buffer* packet, int timeout, comm_point_callback_type* callback,
void* callback_arg);
/**
@@ -459,7 +459,7 @@ struct pending* pending_udp_query(struct serviced_query* sq,
* @return: false on error for malloc or socket. Else the pending TCP object.
*/
struct waiting_tcp* pending_tcp_query(struct serviced_query* sq,
- struct sldns_buffer* packet, int timeout, comm_point_callback_t* callback,
+ struct sldns_buffer* packet, int timeout, comm_point_callback_type* callback,
void* callback_arg);
/**
@@ -504,7 +504,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
int nocaps, int tcp_upstream, int ssl_upstream,
struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
size_t zonelen, struct module_qstate* qstate,
- comm_point_callback_t* callback, void* callback_arg,
+ comm_point_callback_type* callback, void* callback_arg,
struct sldns_buffer* buff, struct module_env* env);
/**
diff --git a/contrib/unbound/services/view.c b/contrib/unbound/services/view.c
index b2d86513d4f4..c9dfc3c87383 100644
--- a/contrib/unbound/services/view.c
+++ b/contrib/unbound/services/view.c
@@ -78,7 +78,7 @@ view_delete(struct view* v)
}
static void
-delviewnode(rbnode_t* n, void* ATTR_UNUSED(arg))
+delviewnode(rbnode_type* n, void* ATTR_UNUSED(arg))
{
struct view* v = (struct view*)n;
view_delete(v);
@@ -107,7 +107,7 @@ view_create(char* name)
return NULL;
}
lock_rw_init(&v->lock);
- lock_protect(&v->lock, &v->name, sizeof(*v)-sizeof(rbnode_t));
+ lock_protect(&v->lock, &v->name, sizeof(*v)-sizeof(rbnode_type));
return v;
}
diff --git a/contrib/unbound/services/view.h b/contrib/unbound/services/view.h
index f64b2461e305..ce4b69d6c510 100644
--- a/contrib/unbound/services/view.h
+++ b/contrib/unbound/services/view.h
@@ -54,9 +54,9 @@ struct config_view;
*/
struct views {
/** lock on the view tree */
- lock_rw_t lock;
+ lock_rw_type lock;
/** rbtree of struct view */
- rbtree_t vtree;
+ rbtree_type vtree;
};
/**
@@ -64,7 +64,7 @@ struct views {
*/
struct view {
/** rbtree node, key is name */
- rbnode_t node;
+ rbnode_type node;
/** view name.
* Has to be right after rbnode_t due to pointer arithmatic in
* view_create's lock protect */
@@ -75,10 +75,9 @@ struct view {
* specific tree. 1 for yes, 0 for no */
int isfirst;
/** lock on the data in the structure
- * For the node and name you
- * need to also hold the views_tree lock to change them (or to
- * delete this view) */
- lock_rw_t lock;
+ * For the node and name you need to also hold the views_tree lock to
+ * change them. */
+ lock_rw_type lock;
};
diff --git a/contrib/unbound/smallapp/unbound-anchor.c b/contrib/unbound/smallapp/unbound-anchor.c
index 68e8e405f714..59eeaac195b3 100644
--- a/contrib/unbound/smallapp/unbound-anchor.c
+++ b/contrib/unbound/smallapp/unbound-anchor.c
@@ -241,7 +241,10 @@ static const char*
get_builtin_ds(void)
{
return
-". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n";
+/* anchor 19036 is from 2010 */
+/* anchor 20326 is from 2017 */
+". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n"
+". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n";
}
/** print hex data */
diff --git a/contrib/unbound/smallapp/unbound-control.c b/contrib/unbound/smallapp/unbound-control.c
index 20a7c16499a7..af4b45ee7820 100644
--- a/contrib/unbound/smallapp/unbound-control.c
+++ b/contrib/unbound/smallapp/unbound-control.c
@@ -124,7 +124,14 @@ usage(void)
printf(" or off to turn off root forwarding\n");
printf(" or give list of ip addresses\n");
printf(" ratelimit_list [+a] list ratelimited domains\n");
+ printf(" ip_ratelimit_list [+a] list ratelimited ip addresses\n");
printf(" +a list all, also not ratelimited\n");
+ printf(" view_list_local_zones view list local-zones in view\n");
+ printf(" view_list_local_data view list local-data RRs in view\n");
+ printf(" view_local_zone view name type add local-zone in view\n");
+ printf(" view_local_zone_remove view name remove local-zone in view\n");
+ printf(" view_local_data view RR... add local-data in view\n");
+ printf(" view_local_data_remove view name remove local-data in view\n");
printf("Version %s\n", PACKAGE_VERSION);
printf("BSD licensed, see LICENSE in source package for details.\n");
printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
@@ -195,9 +202,13 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
int fd;
/* use svr or the first config entry */
if(!svr) {
- if(cfg->control_ifs)
+ if(cfg->control_ifs) {
svr = cfg->control_ifs->str;
- else svr = "127.0.0.1";
+ } else if(cfg->do_ip4) {
+ svr = "127.0.0.1";
+ } else {
+ svr = "::1";
+ }
/* config 0 addr (everything), means ask localhost */
if(strcmp(svr, "0.0.0.0") == 0)
svr = "127.0.0.1";
diff --git a/contrib/unbound/systemd.m4 b/contrib/unbound/systemd.m4
new file mode 100644
index 000000000000..e5d4e27f6deb
--- /dev/null
+++ b/contrib/unbound/systemd.m4
@@ -0,0 +1,31 @@
+# macros for configuring systemd
+# Copyright 2015, Sami Kerola, CloudFlare.
+# BSD licensed.
+AC_ARG_ENABLE([systemd],
+ [AS_HELP_STRING([--enable-systemd], [compile with systemd support])],
+ [], [enable_systemd=no])
+have_systemd=no
+AS_IF([test "x$enable_systemd" != xno], [
+ ifdef([PKG_CHECK_MODULES], [
+ dnl systemd v209 or newer
+ PKG_CHECK_MODULES([SYSTEMD], [libsystemd], [have_systemd=yes], [have_systemd=no])
+ dnl old systemd library
+ AS_IF([test "x$have_systemd" != "xyes"], [
+ PKG_CHECK_MODULES([SYSTEMD_DAEMON], [libsystemd-daemon],
+ [have_systemd_daemon=yes], [have_systemd_daemon=no])
+ AS_IF([test "x$have_systemd_daemon" = "xyes"],
+ [have_systemd=yes])
+ ])
+ AS_CASE([$enable_systemd:$have_systemd],
+ [yes:no],
+ [AC_MSG_ERROR([systemd enabled but libsystemd not found])],
+ [*:yes],
+ [AC_DEFINE([HAVE_SYSTEMD], [1], [Define to 1 if systemd should be used])
+ LIBS="$LIBS $SYSTEMD_LIBS"
+ ]
+ )
+ ], [
+ AC_MSG_ERROR([systemd enabled but need pkg-config to configure for it])
+ ])
+])
+AM_CONDITIONAL([USE_SYSTEMD], [test "x$have_systemd" = xyes])
diff --git a/contrib/unbound/util/alloc.c b/contrib/unbound/util/alloc.c
index a1152a7cf9fa..2c6e1a23f6c0 100644
--- a/contrib/unbound/util/alloc.c
+++ b/contrib/unbound/util/alloc.c
@@ -52,7 +52,7 @@
/** setup new special type */
static void
-alloc_setup_special(alloc_special_t* t)
+alloc_setup_special(alloc_special_type* t)
{
memset(t, 0, sizeof(*t));
lock_rw_init(&t->entry.lock);
@@ -66,10 +66,11 @@ alloc_setup_special(alloc_special_t* t)
static void
prealloc_setup(struct alloc_cache* alloc)
{
- alloc_special_t* p;
+ alloc_special_type* p;
int i;
for(i=0; i<ALLOC_SPECIAL_MAX; i++) {
- if(!(p = (alloc_special_t*)malloc(sizeof(alloc_special_t)))) {
+ if(!(p = (alloc_special_type*)malloc(
+ sizeof(alloc_special_type)))) {
log_err("prealloc: out of memory");
return;
}
@@ -128,7 +129,7 @@ alloc_init(struct alloc_cache* alloc, struct alloc_cache* super,
void
alloc_clear(struct alloc_cache* alloc)
{
- alloc_special_t* p, *np;
+ alloc_special_type* p, *np;
struct regional* r, *nr;
if(!alloc)
return;
@@ -187,10 +188,10 @@ alloc_get_id(struct alloc_cache* alloc)
return id;
}
-alloc_special_t*
+alloc_special_type*
alloc_special_obtain(struct alloc_cache* alloc)
{
- alloc_special_t* p;
+ alloc_special_type* p;
log_assert(alloc);
/* see if in local cache */
if(alloc->quar) {
@@ -217,7 +218,7 @@ alloc_special_obtain(struct alloc_cache* alloc)
}
/* allocate new */
prealloc_setup(alloc);
- if(!(p = (alloc_special_t*)malloc(sizeof(alloc_special_t)))) {
+ if(!(p = (alloc_special_type*)malloc(sizeof(alloc_special_type)))) {
log_err("alloc_special_obtain: out of memory");
return NULL;
}
@@ -228,10 +229,10 @@ alloc_special_obtain(struct alloc_cache* alloc)
/** push mem and some more items to the super */
static void
-pushintosuper(struct alloc_cache* alloc, alloc_special_t* mem)
+pushintosuper(struct alloc_cache* alloc, alloc_special_type* mem)
{
int i;
- alloc_special_t *p = alloc->quar;
+ alloc_special_type *p = alloc->quar;
log_assert(p);
log_assert(alloc && alloc->super &&
alloc->num_quar >= ALLOC_SPECIAL_MAX);
@@ -253,7 +254,7 @@ pushintosuper(struct alloc_cache* alloc, alloc_special_t* mem)
}
void
-alloc_special_release(struct alloc_cache* alloc, alloc_special_t* mem)
+alloc_special_release(struct alloc_cache* alloc, alloc_special_type* mem)
{
log_assert(alloc);
if(!mem)
@@ -286,12 +287,12 @@ alloc_stats(struct alloc_cache* alloc)
size_t alloc_get_mem(struct alloc_cache* alloc)
{
- alloc_special_t* p;
+ alloc_special_type* p;
size_t s = sizeof(*alloc);
if(!alloc->super) {
lock_quick_lock(&alloc->lock); /* superalloc needs locking */
}
- s += sizeof(alloc_special_t) * alloc->num_quar;
+ s += sizeof(alloc_special_type) * alloc->num_quar;
for(p = alloc->quar; p; p = alloc_special_next(p)) {
s += lock_get_mem(&p->entry.lock);
}
diff --git a/contrib/unbound/util/alloc.h b/contrib/unbound/util/alloc.h
index 43fc30f98f21..9839a4550175 100644
--- a/contrib/unbound/util/alloc.h
+++ b/contrib/unbound/util/alloc.h
@@ -53,11 +53,11 @@ struct ub_packed_rrset_key;
struct regional;
/** The special type, packed rrset. Not allowed to be used for other memory */
-typedef struct ub_packed_rrset_key alloc_special_t;
+typedef struct ub_packed_rrset_key alloc_special_type;
/** clean the special type. Pass pointer. */
#define alloc_special_clean(x) (x)->id = 0;
/** access next pointer. (in available spot). Pass pointer. */
-#define alloc_special_next(x) ((alloc_special_t*)((x)->entry.overflow_next))
+#define alloc_special_next(x) ((alloc_special_type*)((x)->entry.overflow_next))
/** set next pointer. (in available spot). Pass pointers. */
#define alloc_set_special_next(x, y) \
((x)->entry.overflow_next) = (struct lruhash_entry*)(y);
@@ -71,11 +71,11 @@ typedef struct ub_packed_rrset_key alloc_special_t;
*/
struct alloc_cache {
/** lock, only used for the super. */
- lock_quick_t lock;
+ lock_quick_type lock;
/** global allocator above this one. NULL for none (malloc/free) */
struct alloc_cache* super;
/** singly linked lists of special type. These are free for use. */
- alloc_special_t* quar;
+ alloc_special_type* quar;
/** number of items in quarantine. */
size_t num_quar;
/** thread number for id creation */
@@ -116,20 +116,20 @@ void alloc_init(struct alloc_cache* alloc, struct alloc_cache* super,
void alloc_clear(struct alloc_cache* alloc);
/**
- * Get a new special_t element.
+ * Get a new special_type element.
* @param alloc: where to alloc it.
* @return: memory block. Will not return NULL (instead fatal_exit).
* The block is zeroed.
*/
-alloc_special_t* alloc_special_obtain(struct alloc_cache* alloc);
+alloc_special_type* alloc_special_obtain(struct alloc_cache* alloc);
/**
- * Return special_t back to pool.
+ * Return special_type back to pool.
* The block is cleaned up (zeroed) which also invalidates the ID inside.
* @param alloc: where to alloc it.
* @param mem: block to free.
*/
-void alloc_special_release(struct alloc_cache* alloc, alloc_special_t* mem);
+void alloc_special_release(struct alloc_cache* alloc, alloc_special_type* mem);
/**
* Set ID number of special type to a fresh new ID number.
diff --git a/contrib/unbound/util/config_file.c b/contrib/unbound/util/config_file.c
index 887c726b2bca..ef760b9bb508 100644
--- a/contrib/unbound/util/config_file.c
+++ b/contrib/unbound/util/config_file.c
@@ -108,6 +108,7 @@ config_create(void)
cfg->log_identity = NULL; /* changed later with argv[0] */
cfg->log_time_ascii = 0;
cfg->log_queries = 0;
+ cfg->log_replies = 0;
#ifndef USE_WINSOCK
# ifdef USE_MINI_EVENT
/* select max 1024 sockets */
@@ -158,6 +159,7 @@ config_create(void)
cfg->donotqueryaddrs = NULL;
cfg->donotquery_localhost = 1;
cfg->root_hints = NULL;
+ cfg->use_systemd = 0;
cfg->do_daemonize = 1;
cfg->if_automatic = 0;
cfg->so_rcvbuf = 0;
@@ -243,11 +245,15 @@ config_create(void)
goto error_exit;
#endif
cfg->disable_dnssec_lame_check = 0;
+ cfg->ip_ratelimit = 0;
cfg->ratelimit = 0;
+ cfg->ip_ratelimit_slabs = 4;
cfg->ratelimit_slabs = 4;
+ cfg->ip_ratelimit_size = 4*1024*1024;
cfg->ratelimit_size = 4*1024*1024;
cfg->ratelimit_for_domain = NULL;
cfg->ratelimit_below_domain = NULL;
+ cfg->ip_ratelimit_factor = 10;
cfg->ratelimit_factor = 10;
cfg->qname_minimisation = 0;
cfg->qname_minimisation_strict = 0;
@@ -386,6 +392,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_STR("ssl-service-pem:", ssl_service_pem)
else S_NUMBER_NONZERO("ssl-port:", ssl_port)
else S_YNO("interface-automatic:", if_automatic)
+ else S_YNO("use-systemd:", use_systemd)
else S_YNO("do-daemonize:", do_daemonize)
else S_NUMBER_NONZERO("port:", port)
else S_NUMBER_NONZERO("outgoing-range:", outgoing_num_ports)
@@ -456,6 +463,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_NUMBER_OR_ZERO("val-log-level:", val_log_level)
else S_YNO("val-log-squelch:", val_log_squelch)
else S_YNO("log-queries:", log_queries)
+ else S_YNO("log-replies:", log_replies)
else S_YNO("val-permissive-mode:", val_permissive_mode)
else S_YNO("ignore-cd-flag:", ignore_cd)
else S_YNO("serve-expired:", serve_expired)
@@ -484,12 +492,19 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_STR("module-config:", module_conf)
else S_STR("python-script:", python_script)
else S_YNO("disable-dnssec-lame-check:", disable_dnssec_lame_check)
+ else if(strcmp(opt, "ip-ratelimit:") == 0) {
+ IS_NUMBER_OR_ZERO; cfg->ip_ratelimit = atoi(val);
+ infra_ip_ratelimit=cfg->ip_ratelimit;
+ }
else if(strcmp(opt, "ratelimit:") == 0) {
IS_NUMBER_OR_ZERO; cfg->ratelimit = atoi(val);
infra_dp_ratelimit=cfg->ratelimit;
}
+ else S_MEMSIZE("ip-ratelimit-size:", ip_ratelimit_size)
else S_MEMSIZE("ratelimit-size:", ratelimit_size)
+ else S_POW2("ip-ratelimit-slabs:", ip_ratelimit_slabs)
else S_POW2("ratelimit-slabs:", ratelimit_slabs)
+ else S_NUMBER_OR_ZERO("ip-ratelimit-factor:", ip_ratelimit_factor)
else S_NUMBER_OR_ZERO("ratelimit-factor:", ratelimit_factor)
else S_YNO("qname-minimisation:", qname_minimisation)
else S_YNO("qname-minimisation-strict:", qname_minimisation_strict)
@@ -727,12 +742,14 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_STR(opt, "ssl-service-key", ssl_service_key)
else O_STR(opt, "ssl-service-pem", ssl_service_pem)
else O_DEC(opt, "ssl-port", ssl_port)
+ else O_YNO(opt, "use-systemd", use_systemd)
else O_YNO(opt, "do-daemonize", do_daemonize)
else O_STR(opt, "chroot", chrootdir)
else O_STR(opt, "username", username)
else O_STR(opt, "directory", directory)
else O_STR(opt, "logfile", logfile)
else O_YNO(opt, "log-queries", log_queries)
+ else O_YNO(opt, "log-replies", log_replies)
else O_STR(opt, "pidfile", pidfile)
else O_YNO(opt, "hide-identity", hide_identity)
else O_YNO(opt, "hide-version", hide_version)
@@ -792,11 +809,15 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "max-udp-size", max_udp_size)
else O_STR(opt, "python-script", python_script)
else O_YNO(opt, "disable-dnssec-lame-check", disable_dnssec_lame_check)
+ else O_DEC(opt, "ip-ratelimit", ip_ratelimit)
else O_DEC(opt, "ratelimit", ratelimit)
+ else O_MEM(opt, "ip-ratelimit-size", ip_ratelimit_size)
else O_MEM(opt, "ratelimit-size", ratelimit_size)
+ else O_DEC(opt, "ip-ratelimit-slabs", ip_ratelimit_slabs)
else O_DEC(opt, "ratelimit-slabs", ratelimit_slabs)
else O_LS2(opt, "ratelimit-for-domain", ratelimit_for_domain)
else O_LS2(opt, "ratelimit-below-domain", ratelimit_below_domain)
+ else O_DEC(opt, "ip-ratelimit-factor", ip_ratelimit_factor)
else O_DEC(opt, "ratelimit-factor", ratelimit_factor)
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max)
diff --git a/contrib/unbound/util/config_file.h b/contrib/unbound/util/config_file.h
index 071b408e7c34..d52c2f48104d 100644
--- a/contrib/unbound/util/config_file.h
+++ b/contrib/unbound/util/config_file.h
@@ -229,6 +229,8 @@ struct config_file {
int log_time_ascii;
/** log queries with one line per query */
int log_queries;
+ /** log replies with one line per reply */
+ int log_replies;
/** log identity to report */
char* log_identity;
@@ -344,6 +346,9 @@ struct config_file {
/** Python script file */
char* python_script;
+ /** Use systemd socket activation. */
+ int use_systemd;
+
/** daemonize, i.e. fork into the background. */
int do_daemonize;
@@ -391,7 +396,16 @@ struct config_file {
/** true to disable DNSSEC lameness check in iterator */
int disable_dnssec_lame_check;
- /** ratelimit 0 is off, otherwise qps (unless overridden) */
+ /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */
+ int ip_ratelimit;
+ /** number of slabs for ip_ratelimit cache */
+ size_t ip_ratelimit_slabs;
+ /** memory size in bytes for ip_ratelimit cache */
+ size_t ip_ratelimit_size;
+ /** ip_ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */
+ int ip_ratelimit_factor;
+
+ /** ratelimit for domains. 0 is off, otherwise qps (unless overridden) */
int ratelimit;
/** number of slabs for ratelimit cache */
size_t ratelimit_slabs;
diff --git a/contrib/unbound/util/configlexer.lex b/contrib/unbound/util/configlexer.lex
index c608eaa7cdcb..bd391813f1e6 100644
--- a/contrib/unbound/util/configlexer.lex
+++ b/contrib/unbound/util/configlexer.lex
@@ -234,6 +234,7 @@ ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) }
ssl-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) }
ssl-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) }
ssl-port{COLON} { YDVAR(1, VAR_SSL_PORT) }
+use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) }
do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) }
interface{COLON} { YDVAR(1, VAR_INTERFACE) }
ip-address{COLON} { YDVAR(1, VAR_INTERFACE) }
@@ -334,6 +335,7 @@ use-syslog{COLON} { YDVAR(1, VAR_USE_SYSLOG) }
log-identity{COLON} { YDVAR(1, VAR_LOG_IDENTITY) }
log-time-ascii{COLON} { YDVAR(1, VAR_LOG_TIME_ASCII) }
log-queries{COLON} { YDVAR(1, VAR_LOG_QUERIES) }
+log-replies{COLON} { YDVAR(1, VAR_LOG_REPLIES) }
local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) }
local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) }
local-data-ptr{COLON} { YDVAR(1, VAR_LOCAL_DATA_PTR) }
@@ -386,11 +388,15 @@ dnstap-log-forwarder-query-messages{COLON} {
dnstap-log-forwarder-response-messages{COLON} {
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) }
disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) }
+ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) }
ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) }
+ip-ratelimit-slabs{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SLABS) }
ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) }
+ip-ratelimit-size{COLON} { YDVAR(1, VAR_IP_RATELIMIT_SIZE) }
ratelimit-size{COLON} { YDVAR(1, VAR_RATELIMIT_SIZE) }
ratelimit-for-domain{COLON} { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) }
ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) }
+ip-ratelimit-factor{COLON} { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) }
ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) }
<INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; }
diff --git a/contrib/unbound/util/configparser.y b/contrib/unbound/util/configparser.y
index 530e52881601..e6e3fb4744f5 100644
--- a/contrib/unbound/util/configparser.y
+++ b/contrib/unbound/util/configparser.y
@@ -104,7 +104,8 @@ extern struct config_parser_state* cfg_parser;
%token VAR_AUTO_TRUST_ANCHOR_FILE VAR_KEEP_MISSING VAR_ADD_HOLDDOWN
%token VAR_DEL_HOLDDOWN VAR_SO_RCVBUF VAR_EDNS_BUFFER_SIZE VAR_PREFETCH
%token VAR_PREFETCH_KEY VAR_SO_SNDBUF VAR_SO_REUSEPORT VAR_HARDEN_BELOW_NXDOMAIN
-%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
+%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES
+%token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
%token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
@@ -123,8 +124,10 @@ extern struct config_parser_state* cfg_parser;
%token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
%token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
%token VAR_DISABLE_DNSSEC_LAME_CHECK
+%token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
-%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN VAR_RATELIMIT_FACTOR
+%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
+%token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL VAR_PERMIT_SMALL_HOLDDOWN
%token VAR_QNAME_MINIMISATION VAR_QNAME_MINIMISATION_STRICT VAR_IP_FREEBIND
%token VAR_DEFINE_TAG VAR_LOCAL_ZONE_TAG VAR_ACCESS_CONTROL_TAG
@@ -132,6 +135,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
%token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA
%token VAR_LOG_IDENTITY
+%token VAR_USE_SYSTEMD
%%
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -189,16 +193,19 @@ content_server: server_num_threads | server_verbosity | server_port |
server_del_holddown | server_keep_missing | server_so_rcvbuf |
server_edns_buffer_size | server_prefetch | server_prefetch_key |
server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
- server_log_queries | server_tcp_upstream | server_ssl_upstream |
+ server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
server_so_reuseport | server_delay_close |
server_unblock_lan_zones | server_insecure_lan_zones |
server_dns64_prefix | server_dns64_synthall |
server_infra_cache_min_rtt | server_harden_algo_downgrade |
- server_ip_transparent | server_ratelimit | server_ratelimit_slabs |
- server_ratelimit_size | server_ratelimit_for_domain |
+ server_ip_transparent | server_ip_ratelimit | server_ratelimit |
+ server_ip_ratelimit_slabs | server_ratelimit_slabs |
+ server_ip_ratelimit_size | server_ratelimit_size |
+ server_ratelimit_for_domain |
server_ratelimit_below_domain | server_ratelimit_factor |
+ server_ip_ratelimit_factor |
server_caps_whitelist | server_cache_max_negative_ttl |
server_permit_small_holddown | server_qname_minimisation |
server_ip_freebind | server_define_tag | server_local_zone_tag |
@@ -206,7 +213,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_local_zone_override | server_access_control_tag_action |
server_access_control_tag_data | server_access_control_view |
server_qname_minimisation_strict | server_serve_expired |
- server_fake_dsa | server_log_identity
+ server_fake_dsa | server_log_identity | server_use_systemd
;
stubstart: VAR_STUB_ZONE
{
@@ -502,6 +509,15 @@ server_ssl_port: VAR_SSL_PORT STRING_ARG
free($2);
}
;
+server_use_systemd: VAR_USE_SYSTEMD STRING_ARG
+ {
+ OUTYY(("P(server_use_systemd:%s)\n", $2));
+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ yyerror("expected yes or no.");
+ else cfg_parser->cfg->use_systemd = (strcmp($2, "yes")==0);
+ free($2);
+ }
+ ;
server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG
{
OUTYY(("P(server_do_daemonize:%s)\n", $2));
@@ -543,6 +559,15 @@ server_log_queries: VAR_LOG_QUERIES STRING_ARG
free($2);
}
;
+server_log_replies: VAR_LOG_REPLIES STRING_ARG
+ {
+ OUTYY(("P(server_log_replies:%s)\n", $2));
+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ yyerror("expected yes or no.");
+ else cfg_parser->cfg->log_replies = (strcmp($2, "yes")==0);
+ free($2);
+ }
+ ;
server_chroot: VAR_CHROOT STRING_ARG
{
OUTYY(("P(server_chroot:%s)\n", $2));
@@ -575,9 +600,11 @@ server_directory: VAR_DIRECTORY STRING_ARG
strncmp(d, cfg_parser->chroot, strlen(
cfg_parser->chroot)) == 0)
d += strlen(cfg_parser->chroot);
- if(chdir(d))
+ if(d[0]) {
+ if(chdir(d))
log_err("cannot chdir to directory: %s (%s)",
d, strerror(errno));
+ }
}
}
;
@@ -1201,9 +1228,11 @@ server_fake_dsa: VAR_FAKE_DSA STRING_ARG
OUTYY(("P(server_fake_dsa:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
+#ifdef HAVE_SSL
else fake_dsa = (strcmp($2, "yes")==0);
if(fake_dsa)
log_warn("test option fake_dsa is enabled");
+#endif
free($2);
}
;
@@ -1480,6 +1509,16 @@ server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG
}
}
;
+server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG
+ {
+ OUTYY(("P(server_ip_ratelimit:%s)\n", $2));
+ if(atoi($2) == 0 && strcmp($2, "0") != 0)
+ yyerror("number expected");
+ else cfg_parser->cfg->ip_ratelimit = atoi($2);
+ free($2);
+ }
+ ;
+
server_ratelimit: VAR_RATELIMIT STRING_ARG
{
OUTYY(("P(server_ratelimit:%s)\n", $2));
@@ -1489,6 +1528,14 @@ server_ratelimit: VAR_RATELIMIT STRING_ARG
free($2);
}
;
+server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG
+ {
+ OUTYY(("P(server_ip_ratelimit_size:%s)\n", $2));
+ if(!cfg_parse_memsize($2, &cfg_parser->cfg->ip_ratelimit_size))
+ yyerror("memory size expected");
+ free($2);
+ }
+ ;
server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
{
OUTYY(("P(server_ratelimit_size:%s)\n", $2));
@@ -1497,6 +1544,19 @@ server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
free($2);
}
;
+server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG
+ {
+ OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", $2));
+ if(atoi($2) == 0)
+ yyerror("number expected");
+ else {
+ cfg_parser->cfg->ip_ratelimit_slabs = atoi($2);
+ if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs))
+ yyerror("must be a power of 2");
+ }
+ free($2);
+ }
+ ;
server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
{
OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
@@ -1536,6 +1596,15 @@ server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
}
}
;
+server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG
+ {
+ OUTYY(("P(server_ip_ratelimit_factor:%s)\n", $2));
+ if(atoi($2) == 0 && strcmp($2, "0") != 0)
+ yyerror("number expected");
+ else cfg_parser->cfg->ip_ratelimit_factor = atoi($2);
+ free($2);
+ }
+ ;
server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
{
OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
diff --git a/contrib/unbound/util/data/dname.c b/contrib/unbound/util/data/dname.c
index 8fc475f7f3f1..517af2843e2c 100644
--- a/contrib/unbound/util/data/dname.c
+++ b/contrib/unbound/util/data/dname.c
@@ -270,8 +270,8 @@ dname_pkt_compare(sldns_buffer* pkt, uint8_t* d1, uint8_t* d2)
return 0;
}
-hashvalue_t
-dname_query_hash(uint8_t* dname, hashvalue_t h)
+hashvalue_type
+dname_query_hash(uint8_t* dname, hashvalue_type h)
{
uint8_t labuf[LDNS_MAX_LABELLEN+1];
uint8_t lablen;
@@ -294,8 +294,8 @@ dname_query_hash(uint8_t* dname, hashvalue_t h)
return h;
}
-hashvalue_t
-dname_pkt_hash(sldns_buffer* pkt, uint8_t* dname, hashvalue_t h)
+hashvalue_type
+dname_pkt_hash(sldns_buffer* pkt, uint8_t* dname, hashvalue_type h)
{
uint8_t labuf[LDNS_MAX_LABELLEN+1];
uint8_t lablen;
diff --git a/contrib/unbound/util/data/dname.h b/contrib/unbound/util/data/dname.h
index ae2fbadc1d85..53b341bf7ef7 100644
--- a/contrib/unbound/util/data/dname.h
+++ b/contrib/unbound/util/data/dname.h
@@ -127,7 +127,7 @@ int dname_pkt_compare(struct sldns_buffer* pkt, uint8_t* d1, uint8_t* d2);
* @param h: initial hash value.
* @return: result hash value.
*/
-hashvalue_t dname_query_hash(uint8_t* dname, hashvalue_t h);
+hashvalue_type dname_query_hash(uint8_t* dname, hashvalue_type h);
/**
* Hash dname, label by label, lowercasing, into hashvalue.
@@ -139,7 +139,8 @@ hashvalue_t dname_query_hash(uint8_t* dname, hashvalue_t h);
* @return: result hash value.
* Result is the same as dname_query_hash, even if compression is used.
*/
-hashvalue_t dname_pkt_hash(struct sldns_buffer* pkt, uint8_t* dname, hashvalue_t h);
+hashvalue_type dname_pkt_hash(struct sldns_buffer* pkt, uint8_t* dname,
+ hashvalue_type h);
/**
* Copy over a valid dname and decompress it.
diff --git a/contrib/unbound/util/data/msgparse.c b/contrib/unbound/util/data/msgparse.c
index 3774054f5700..5381500e1523 100644
--- a/contrib/unbound/util/data/msgparse.c
+++ b/contrib/unbound/util/data/msgparse.c
@@ -71,7 +71,7 @@ smart_compare(sldns_buffer* pkt, uint8_t* dnow,
*/
static struct rrset_parse*
new_rrset(struct msg_parse* msg, uint8_t* dname, size_t dnamelen,
- uint16_t type, uint16_t dclass, hashvalue_t hash,
+ uint16_t type, uint16_t dclass, hashvalue_type hash,
uint32_t rrset_flags, sldns_pkt_section section,
struct regional* region)
{
@@ -159,13 +159,13 @@ pkt_rrset_flags(sldns_buffer* pkt, uint16_t type, sldns_pkt_section sec)
return f;
}
-hashvalue_t
+hashvalue_type
pkt_hash_rrset(sldns_buffer* pkt, uint8_t* dname, uint16_t type,
uint16_t dclass, uint32_t rrset_flags)
{
/* note this MUST be identical to rrset_key_hash in packed_rrset.c */
/* this routine handles compressed names */
- hashvalue_t h = 0xab;
+ hashvalue_type h = 0xab;
h = dname_pkt_hash(pkt, dname, h);
h = hashlittle(&type, sizeof(type), h); /* host order */
h = hashlittle(&dclass, sizeof(dclass), h); /* netw order */
@@ -174,25 +174,25 @@ pkt_hash_rrset(sldns_buffer* pkt, uint8_t* dname, uint16_t type,
}
/** create partial dname hash for rrset hash */
-static hashvalue_t
+static hashvalue_type
pkt_hash_rrset_first(sldns_buffer* pkt, uint8_t* dname)
{
/* works together with pkt_hash_rrset_rest */
/* note this MUST be identical to rrset_key_hash in packed_rrset.c */
/* this routine handles compressed names */
- hashvalue_t h = 0xab;
+ hashvalue_type h = 0xab;
h = dname_pkt_hash(pkt, dname, h);
return h;
}
/** create a rrset hash from a partial dname hash */
-static hashvalue_t
-pkt_hash_rrset_rest(hashvalue_t dname_h, uint16_t type, uint16_t dclass,
+static hashvalue_type
+pkt_hash_rrset_rest(hashvalue_type dname_h, uint16_t type, uint16_t dclass,
uint32_t rrset_flags)
{
/* works together with pkt_hash_rrset_first */
/* note this MUST be identical to rrset_key_hash in packed_rrset.c */
- hashvalue_t h;
+ hashvalue_type h;
h = hashlittle(&type, sizeof(type), dname_h); /* host order */
h = hashlittle(&dclass, sizeof(dclass), h); /* netw order */
h = hashlittle(&rrset_flags, sizeof(uint32_t), h);
@@ -201,7 +201,7 @@ pkt_hash_rrset_rest(hashvalue_t dname_h, uint16_t type, uint16_t dclass,
/** compare rrset_parse with data */
static int
-rrset_parse_equals(struct rrset_parse* p, sldns_buffer* pkt, hashvalue_t h,
+rrset_parse_equals(struct rrset_parse* p, sldns_buffer* pkt, hashvalue_type h,
uint32_t rrset_flags, uint8_t* dname, size_t dnamelen,
uint16_t type, uint16_t dclass)
{
@@ -215,8 +215,8 @@ rrset_parse_equals(struct rrset_parse* p, sldns_buffer* pkt, hashvalue_t h,
struct rrset_parse*
msgparse_hashtable_lookup(struct msg_parse* msg, sldns_buffer* pkt,
- hashvalue_t h, uint32_t rrset_flags, uint8_t* dname, size_t dnamelen,
- uint16_t type, uint16_t dclass)
+ hashvalue_type h, uint32_t rrset_flags, uint8_t* dname,
+ size_t dnamelen, uint16_t type, uint16_t dclass)
{
struct rrset_parse* p = msg->hashtable[h & (PARSE_TABLE_SIZE-1)];
while(p) {
@@ -388,7 +388,7 @@ change_rrsig_rrset(struct rrset_parse* sigset, struct msg_parse* msg,
int hasother, sldns_pkt_section section, struct regional* region)
{
struct rrset_parse* dataset = sigset;
- hashvalue_t hash = pkt_hash_rrset(pkt, sigset->dname, datatype,
+ hashvalue_type hash = pkt_hash_rrset(pkt, sigset->dname, datatype,
sigset->rrset_class, rrset_flags);
log_assert( sigset->type == LDNS_RR_TYPE_RRSIG );
log_assert( datatype != LDNS_RR_TYPE_RRSIG );
@@ -455,14 +455,14 @@ change_rrsig_rrset(struct rrset_parse* sigset, struct msg_parse* msg,
*/
static int
find_rrset(struct msg_parse* msg, sldns_buffer* pkt, uint8_t* dname,
- size_t dnamelen, uint16_t type, uint16_t dclass, hashvalue_t* hash,
+ size_t dnamelen, uint16_t type, uint16_t dclass, hashvalue_type* hash,
uint32_t* rrset_flags,
uint8_t** prev_dname_first, uint8_t** prev_dname_last,
size_t* prev_dnamelen, uint16_t* prev_type,
uint16_t* prev_dclass, struct rrset_parse** rrset_prev,
sldns_pkt_section section, struct regional* region)
{
- hashvalue_t dname_h = pkt_hash_rrset_first(pkt, dname);
+ hashvalue_type dname_h = pkt_hash_rrset_first(pkt, dname);
uint16_t covtype;
if(*rrset_prev) {
/* check if equal to previous item */
@@ -824,7 +824,7 @@ parse_section(sldns_buffer* pkt, struct msg_parse* msg,
uint16_t type, prev_type = 0;
uint16_t dclass, prev_dclass = 0;
uint32_t rrset_flags = 0;
- hashvalue_t hash = 0;
+ hashvalue_type hash = 0;
struct rrset_parse* rrset = NULL;
int r;
diff --git a/contrib/unbound/util/data/msgparse.h b/contrib/unbound/util/data/msgparse.h
index 594517b2db11..e21f8504ea7d 100644
--- a/contrib/unbound/util/data/msgparse.h
+++ b/contrib/unbound/util/data/msgparse.h
@@ -138,7 +138,7 @@ struct rrset_parse {
/** next in list of all rrsets */
struct rrset_parse* rrset_all_next;
/** hash value of rrset */
- hashvalue_t hash;
+ hashvalue_type hash;
/** which section was it found in: one of
* LDNS_SECTION_ANSWER, LDNS_SECTION_AUTHORITY, LDNS_SECTION_ADDITIONAL
*/
@@ -296,8 +296,8 @@ int parse_edns_from_pkt(struct sldns_buffer* pkt, struct edns_data* edns,
* @param rrset_flags: rrset flags (same as packed_rrset flags).
* @return hash value
*/
-hashvalue_t pkt_hash_rrset(struct sldns_buffer* pkt, uint8_t* dname, uint16_t type,
- uint16_t dclass, uint32_t rrset_flags);
+hashvalue_type pkt_hash_rrset(struct sldns_buffer* pkt, uint8_t* dname,
+ uint16_t type, uint16_t dclass, uint32_t rrset_flags);
/**
* Lookup in msg hashtable to find a rrset.
@@ -312,7 +312,7 @@ hashvalue_t pkt_hash_rrset(struct sldns_buffer* pkt, uint8_t* dname, uint16_t ty
* @return NULL or the rrset_parse if found.
*/
struct rrset_parse* msgparse_hashtable_lookup(struct msg_parse* msg,
- struct sldns_buffer* pkt, hashvalue_t h, uint32_t rrset_flags,
+ struct sldns_buffer* pkt, hashvalue_type h, uint32_t rrset_flags,
uint8_t* dname, size_t dnamelen, uint16_t type, uint16_t dclass);
/**
diff --git a/contrib/unbound/util/data/msgreply.c b/contrib/unbound/util/data/msgreply.c
index 2caee7789fde..8869716b6793 100644
--- a/contrib/unbound/util/data/msgreply.c
+++ b/contrib/unbound/util/data/msgreply.c
@@ -608,10 +608,10 @@ reply_info_delete(void* d, void* ATTR_UNUSED(arg))
free(r);
}
-hashvalue_t
+hashvalue_type
query_info_hash(struct query_info *q, uint16_t flags)
{
- hashvalue_t h = 0xab;
+ hashvalue_type h = 0xab;
h = hashlittle(&q->qtype, sizeof(q->qtype), h);
if(q->qtype == LDNS_RR_TYPE_AAAA && (flags&BIT_CD))
h++;
@@ -622,7 +622,7 @@ query_info_hash(struct query_info *q, uint16_t flags)
struct msgreply_entry*
query_info_entrysetup(struct query_info* q, struct reply_info* r,
- hashvalue_t h)
+ hashvalue_type h)
{
struct msgreply_entry* e = (struct msgreply_entry*)malloc(
sizeof(struct msgreply_entry));
@@ -819,7 +819,39 @@ log_dns_msg(const char* str, struct query_info* qinfo, struct reply_info* rep)
regional_destroy(region);
}
-void
+void
+log_reply_info(enum verbosity_value v, struct query_info *qinf,
+ struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur,
+ int cached, struct sldns_buffer *rmsg)
+{
+ char qname_buf[LDNS_MAX_DOMAINLEN+1];
+ char clientip_buf[128];
+ char rcode_buf[16];
+ char type_buf[16];
+ char class_buf[16];
+ size_t pktlen;
+ uint16_t rcode = FLAGS_GET_RCODE(sldns_buffer_read_u16_at(rmsg, 2));
+
+ if(verbosity < v)
+ return;
+
+ sldns_wire2str_rcode_buf((int)rcode, rcode_buf, sizeof(rcode_buf));
+ addr_to_str(addr, addrlen, clientip_buf, sizeof(clientip_buf));
+ if(rcode == LDNS_RCODE_FORMERR)
+ {
+ log_info("%s - - - %s - - - ", clientip_buf, rcode_buf);
+ } else {
+ dname_str(qinf->qname, qname_buf);
+ pktlen = sldns_buffer_limit(rmsg);
+ sldns_wire2str_type_buf(qinf->qtype, type_buf, sizeof(type_buf));
+ sldns_wire2str_class_buf(qinf->qclass, class_buf, sizeof(class_buf));
+ log_info("%s %s %s %s %s " ARG_LL "d.%6.6d %d %d",
+ clientip_buf, qname_buf, type_buf, class_buf,
+ rcode_buf, (long long)dur.tv_sec, (int)dur.tv_usec, cached, (int)pktlen);
+ }
+}
+
+void
log_query_info(enum verbosity_value v, const char* str,
struct query_info* qinf)
{
diff --git a/contrib/unbound/util/data/msgreply.h b/contrib/unbound/util/data/msgreply.h
index cc0216133377..485d49afa87d 100644
--- a/contrib/unbound/util/data/msgreply.h
+++ b/contrib/unbound/util/data/msgreply.h
@@ -105,7 +105,7 @@ struct rrset_ref {
/** the key with lock, and ptr to packed data. */
struct ub_packed_rrset_key* key;
/** id needed */
- rrset_id_t id;
+ rrset_id_type id;
};
/**
@@ -330,7 +330,7 @@ void reply_info_delete(void* d, void* arg);
/** calculate hash value of query_info, lowercases the qname,
* uses CD flag for AAAA qtype */
-hashvalue_t query_info_hash(struct query_info *q, uint16_t flags);
+hashvalue_type query_info_hash(struct query_info *q, uint16_t flags);
/**
* Setup query info entry
@@ -340,7 +340,7 @@ hashvalue_t query_info_hash(struct query_info *q, uint16_t flags);
* @return: newly allocated message reply cache item.
*/
struct msgreply_entry* query_info_entrysetup(struct query_info* q,
- struct reply_info* r, hashvalue_t h);
+ struct reply_info* r, hashvalue_type h);
/**
* Copy reply_info and all rrsets in it and allocate.
@@ -448,10 +448,27 @@ struct ub_packed_rrset_key* reply_find_rrset(struct reply_info* rep,
* @param qinfo: query section.
* @param rep: rest of message.
*/
-void log_dns_msg(const char* str, struct query_info* qinfo,
+void log_dns_msg(const char* str, struct query_info* qinfo,
struct reply_info* rep);
/**
+ * Print string with neat domain name, type, class,
+ * status code from, and size of a query response.
+ *
+ * @param v: at what verbosity level to print this.
+ * @param qinf: query section.
+ * @param addr: address of the client.
+ * @param addrlen: length of the client address.
+ * @param dur: how long it took to complete the query.
+ * @param cached: whether or not the reply is coming from
+ * the cache, or an outside network.
+ * @param rmsg: sldns buffer packet.
+ */
+void log_reply_info(enum verbosity_value v, struct query_info *qinf,
+ struct sockaddr_storage *addr, socklen_t addrlen, struct timeval dur,
+ int cached, struct sldns_buffer *rmsg);
+
+/**
* Print string with neat domain name, type, class from query info.
* @param v: at what verbosity level to print this.
* @param str: string of message.
diff --git a/contrib/unbound/util/data/packed_rrset.c b/contrib/unbound/util/data/packed_rrset.c
index 66399085a65e..9944087cbf51 100644
--- a/contrib/unbound/util/data/packed_rrset.c
+++ b/contrib/unbound/util/data/packed_rrset.c
@@ -158,14 +158,14 @@ rrsetdata_equal(struct packed_rrset_data* d1, struct packed_rrset_data* d2)
return 1;
}
-hashvalue_t
+hashvalue_type
rrset_key_hash(struct packed_rrset_key* key)
{
/* type is hashed in host order */
uint16_t t = ntohs(key->type);
/* Note this MUST be identical to pkt_hash_rrset in msgparse.c */
/* this routine does not have a compressed name */
- hashvalue_t h = 0xab;
+ hashvalue_type h = 0xab;
h = dname_query_hash(key->dname, h);
h = hashlittle(&t, sizeof(t), h);
h = hashlittle(&key->rrset_class, sizeof(uint16_t), h);
diff --git a/contrib/unbound/util/data/packed_rrset.h b/contrib/unbound/util/data/packed_rrset.h
index 6039aef242ca..a2f116afba43 100644
--- a/contrib/unbound/util/data/packed_rrset.h
+++ b/contrib/unbound/util/data/packed_rrset.h
@@ -47,7 +47,7 @@ struct regional;
/** type used to uniquely identify rrsets. Cannot be reused without
* clearing the cache. */
-typedef uint64_t rrset_id_t;
+typedef uint64_t rrset_id_type;
/** this rrset is NSEC and is at zone apex (at child side of zonecut) */
#define PACKED_RRSET_NSEC_AT_APEX 0x1
@@ -114,7 +114,7 @@ struct ub_packed_rrset_key {
* The other values in this struct may only be altered after changing
* the id (which needs a writelock on entry.lock).
*/
- rrset_id_t id;
+ rrset_id_type id;
/** key data: dname, type and class */
struct packed_rrset_key rk;
};
@@ -191,6 +191,12 @@ enum sec_status {
* RRset data.
*
* The data is packed, stored contiguously in memory.
+ *
+ * It is not always stored contiguously, in that case, an unpacked-packed
+ * rrset has the arrays separate. A bunch of routines work on that, but
+ * the packed rrset that is contiguous is for the rrset-cache and the
+ * cache-response routines in daemon/worker.c.
+ *
* memory layout:
* o base struct
* o rr_len size_t array
@@ -334,7 +340,7 @@ void rrset_data_delete(void* data, void* userdata);
* @param key: the rrset key with name, type, class, flags.
* @return hash value.
*/
-hashvalue_t rrset_key_hash(struct packed_rrset_key* key);
+hashvalue_type rrset_key_hash(struct packed_rrset_key* key);
/**
* Fixup pointers in fixed data packed_rrset_data blob.
diff --git a/contrib/unbound/util/fptr_wlist.c b/contrib/unbound/util/fptr_wlist.c
index cbcf8f5f5487..8bd7b973c2f7 100644
--- a/contrib/unbound/util/fptr_wlist.c
+++ b/contrib/unbound/util/fptr_wlist.c
@@ -84,7 +84,7 @@
#endif
int
-fptr_whitelist_comm_point(comm_point_callback_t *fptr)
+fptr_whitelist_comm_point(comm_point_callback_type *fptr)
{
if(fptr == &worker_handle_request) return 1;
else if(fptr == &outnet_udp_cb) return 1;
@@ -94,7 +94,7 @@ fptr_whitelist_comm_point(comm_point_callback_t *fptr)
}
int
-fptr_whitelist_comm_point_raw(comm_point_callback_t *fptr)
+fptr_whitelist_comm_point_raw(comm_point_callback_type *fptr)
{
if(fptr == &tube_handle_listen) return 1;
else if(fptr == &tube_handle_write) return 1;
@@ -156,7 +156,7 @@ fptr_whitelist_event(void (*fptr)(int, short, void *))
}
int
-fptr_whitelist_pending_udp(comm_point_callback_t *fptr)
+fptr_whitelist_pending_udp(comm_point_callback_type *fptr)
{
if(fptr == &serviced_udp_callback) return 1;
else if(fptr == &worker_handle_reply) return 1;
@@ -165,7 +165,7 @@ fptr_whitelist_pending_udp(comm_point_callback_t *fptr)
}
int
-fptr_whitelist_pending_tcp(comm_point_callback_t *fptr)
+fptr_whitelist_pending_tcp(comm_point_callback_type *fptr)
{
if(fptr == &serviced_tcp_callback) return 1;
else if(fptr == &worker_handle_reply) return 1;
@@ -174,7 +174,7 @@ fptr_whitelist_pending_tcp(comm_point_callback_t *fptr)
}
int
-fptr_whitelist_serviced_query(comm_point_callback_t *fptr)
+fptr_whitelist_serviced_query(comm_point_callback_type *fptr)
{
if(fptr == &worker_handle_service_reply) return 1;
else if(fptr == &libworker_handle_service_reply) return 1;
@@ -209,43 +209,46 @@ fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *))
}
int
-fptr_whitelist_hash_sizefunc(lruhash_sizefunc_t fptr)
+fptr_whitelist_hash_sizefunc(lruhash_sizefunc_type fptr)
{
if(fptr == &msgreply_sizefunc) return 1;
else if(fptr == &ub_rrset_sizefunc) return 1;
else if(fptr == &infra_sizefunc) return 1;
else if(fptr == &key_entry_sizefunc) return 1;
else if(fptr == &rate_sizefunc) return 1;
+ else if(fptr == &ip_rate_sizefunc) return 1;
else if(fptr == &test_slabhash_sizefunc) return 1;
return 0;
}
int
-fptr_whitelist_hash_compfunc(lruhash_compfunc_t fptr)
+fptr_whitelist_hash_compfunc(lruhash_compfunc_type fptr)
{
if(fptr == &query_info_compare) return 1;
else if(fptr == &ub_rrset_compare) return 1;
else if(fptr == &infra_compfunc) return 1;
else if(fptr == &key_entry_compfunc) return 1;
else if(fptr == &rate_compfunc) return 1;
+ else if(fptr == &ip_rate_compfunc) return 1;
else if(fptr == &test_slabhash_compfunc) return 1;
return 0;
}
int
-fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_t fptr)
+fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_type fptr)
{
if(fptr == &query_entry_delete) return 1;
else if(fptr == &ub_rrset_key_delete) return 1;
else if(fptr == &infra_delkeyfunc) return 1;
else if(fptr == &key_entry_delkeyfunc) return 1;
else if(fptr == &rate_delkeyfunc) return 1;
+ else if(fptr == &ip_rate_delkeyfunc) return 1;
else if(fptr == &test_slabhash_delkey) return 1;
return 0;
}
int
-fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_t fptr)
+fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_type fptr)
{
if(fptr == &reply_info_delete) return 1;
else if(fptr == &rrset_data_delete) return 1;
@@ -257,7 +260,7 @@ fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_t fptr)
}
int
-fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_t fptr)
+fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_type fptr)
{
if(fptr == NULL) return 1;
else if(fptr == &rrset_markdel) return 1;
@@ -409,14 +412,14 @@ fptr_whitelist_alloc_cleanup(void (*fptr)(void*))
return 0;
}
-int fptr_whitelist_tube_listen(tube_callback_t* fptr)
+int fptr_whitelist_tube_listen(tube_callback_type* fptr)
{
if(fptr == &worker_handle_control_cmd) return 1;
else if(fptr == &libworker_handle_control_cmd) return 1;
return 0;
}
-int fptr_whitelist_mesh_cb(mesh_cb_func_t fptr)
+int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr)
{
if(fptr == &libworker_fg_done_cb) return 1;
else if(fptr == &libworker_bg_done_cb) return 1;
@@ -433,7 +436,7 @@ int fptr_whitelist_print_func(void (*fptr)(char*,void*))
return 0;
}
-int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_t* fptr,
+int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr,
enum inplace_cb_list_type type)
{
#ifndef WITH_PYTHONMODULE
@@ -459,7 +462,7 @@ int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_t* fptr,
return 0;
}
-int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_t* ATTR_UNUSED(fptr))
+int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* ATTR_UNUSED(fptr))
{
return 0;
}
diff --git a/contrib/unbound/util/fptr_wlist.h b/contrib/unbound/util/fptr_wlist.h
index 57eec99a8df7..5ab69f88758c 100644
--- a/contrib/unbound/util/fptr_wlist.h
+++ b/contrib/unbound/util/fptr_wlist.h
@@ -80,7 +80,7 @@
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_comm_point(comm_point_callback_t *fptr);
+int fptr_whitelist_comm_point(comm_point_callback_type *fptr);
/**
* Check function pointer whitelist for raw comm_point callback values.
@@ -88,7 +88,7 @@ int fptr_whitelist_comm_point(comm_point_callback_t *fptr);
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_comm_point_raw(comm_point_callback_t *fptr);
+int fptr_whitelist_comm_point_raw(comm_point_callback_type *fptr);
/**
* Check function pointer whitelist for comm_timer callback values.
@@ -137,7 +137,7 @@ int fptr_whitelist_event(void (*fptr)(int, short, void *));
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_pending_udp(comm_point_callback_t *fptr);
+int fptr_whitelist_pending_udp(comm_point_callback_type *fptr);
/**
* Check function pointer whitelist for pending tcp callback values.
@@ -145,7 +145,7 @@ int fptr_whitelist_pending_udp(comm_point_callback_t *fptr);
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_pending_tcp(comm_point_callback_t *fptr);
+int fptr_whitelist_pending_tcp(comm_point_callback_type *fptr);
/**
* Check function pointer whitelist for serviced query callback values.
@@ -153,7 +153,7 @@ int fptr_whitelist_pending_tcp(comm_point_callback_t *fptr);
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_serviced_query(comm_point_callback_t *fptr);
+int fptr_whitelist_serviced_query(comm_point_callback_type *fptr);
/**
* Check function pointer whitelist for rbtree cmp callback values.
@@ -169,7 +169,7 @@ int fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *));
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_hash_sizefunc(lruhash_sizefunc_t fptr);
+int fptr_whitelist_hash_sizefunc(lruhash_sizefunc_type fptr);
/**
* Check function pointer whitelist for lruhash compfunc callback values.
@@ -177,7 +177,7 @@ int fptr_whitelist_hash_sizefunc(lruhash_sizefunc_t fptr);
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_hash_compfunc(lruhash_compfunc_t fptr);
+int fptr_whitelist_hash_compfunc(lruhash_compfunc_type fptr);
/**
* Check function pointer whitelist for lruhash delkeyfunc callback values.
@@ -185,7 +185,7 @@ int fptr_whitelist_hash_compfunc(lruhash_compfunc_t fptr);
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_t fptr);
+int fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_type fptr);
/**
* Check function pointer whitelist for lruhash deldata callback values.
@@ -193,7 +193,7 @@ int fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_t fptr);
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_t fptr);
+int fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_type fptr);
/**
* Check function pointer whitelist for lruhash markdel callback values.
@@ -201,7 +201,7 @@ int fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_t fptr);
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_t fptr);
+int fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_type fptr);
/**
* Check function pointer whitelist for module_env send_query callback values.
@@ -316,7 +316,7 @@ int fptr_whitelist_alloc_cleanup(void (*fptr)(void*));
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_tube_listen(tube_callback_t* fptr);
+int fptr_whitelist_tube_listen(tube_callback_type* fptr);
/**
* Check function pointer whitelist for mesh state callback values.
@@ -324,7 +324,7 @@ int fptr_whitelist_tube_listen(tube_callback_t* fptr);
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_mesh_cb(mesh_cb_func_t fptr);
+int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr);
/**
* Check function pointer whitelist for config_get_option func values.
@@ -341,7 +341,7 @@ int fptr_whitelist_print_func(void (*fptr)(char*,void*));
* @param type: the type of the callback function.
* @return false if not in whitelist.
*/
-int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_t* fptr,
+int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr,
enum inplace_cb_list_type type);
/**
@@ -349,7 +349,7 @@ int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_t* fptr,
* @param fptr: function pointer to check.
* @return false if not in whitelist.
*/
-int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_t* fptr);
+int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* fptr);
/** Due to module breakage by fptr wlist, these test app declarations
* are presented here */
diff --git a/contrib/unbound/util/iana_ports.inc b/contrib/unbound/util/iana_ports.inc
index 9bf65ef8fdb8..5709a4976c19 100644
--- a/contrib/unbound/util/iana_ports.inc
+++ b/contrib/unbound/util/iana_ports.inc
@@ -3946,6 +3946,7 @@
4700,
4701,
4702,
+4711,
4725,
4726,
4727,
@@ -4849,6 +4850,7 @@
8793,
8800,
8804,
+8808,
8873,
8880,
8883,
@@ -5352,6 +5354,7 @@
30260,
30832,
30999,
+31016,
31029,
31416,
31457,
@@ -5392,6 +5395,7 @@
34980,
35001,
35004,
+35100,
35355,
36001,
36411,
diff --git a/contrib/unbound/util/locks.c b/contrib/unbound/util/locks.c
index adfb6c062fcd..b65a02bdc8df 100644
--- a/contrib/unbound/util/locks.c
+++ b/contrib/unbound/util/locks.c
@@ -110,15 +110,15 @@ void ub_thread_sig_unblock(int sig)
* @param arg: user argument to func.
*/
void
-ub_thr_fork_create(ub_thread_t* thr, void* (*func)(void*), void* arg)
+ub_thr_fork_create(ub_thread_type* thr, void* (*func)(void*), void* arg)
{
pid_t pid = fork();
switch(pid) {
default: /* main */
- *thr = (ub_thread_t)pid;
+ *thr = (ub_thread_type)pid;
return;
case 0: /* child */
- *thr = (ub_thread_t)getpid();
+ *thr = (ub_thread_type)getpid();
(void)(*func)(arg);
exit(0);
case -1: /* error */
@@ -128,10 +128,10 @@ ub_thr_fork_create(ub_thread_t* thr, void* (*func)(void*), void* arg)
/**
* There is no threading. Wait for a process to terminate.
- * Note that ub_thread_t is defined as pid_t.
+ * Note that ub_thread_type is defined as pid_t.
* @param thread: the process id to wait for.
*/
-void ub_thr_fork_wait(ub_thread_t thread)
+void ub_thr_fork_wait(ub_thread_type thread)
{
int status = 0;
if(waitpid((pid_t)thread, &status, 0) == -1)
@@ -143,7 +143,7 @@ void ub_thr_fork_wait(ub_thread_t thread)
#endif /* !defined(HAVE_PTHREAD) && !defined(HAVE_SOLARIS_THREADS) && !defined(HAVE_WINDOWS_THREADS) */
#ifdef HAVE_SOLARIS_THREADS
-void* ub_thread_key_get(ub_thread_key_t key)
+void* ub_thread_key_get(ub_thread_key_type key)
{
void* ret=NULL;
LOCKRET(thr_getspecific(key, &ret));
@@ -167,19 +167,19 @@ static void log_win_err(const char* str, DWORD err)
LocalFree(buf);
}
-void lock_basic_init(lock_basic_t* lock)
+void lock_basic_init(lock_basic_type* lock)
{
/* implement own lock, because windows HANDLE as Mutex usage
* uses too many handles and would bog down the whole system. */
(void)InterlockedExchange(lock, 0);
}
-void lock_basic_destroy(lock_basic_t* lock)
+void lock_basic_destroy(lock_basic_type* lock)
{
(void)InterlockedExchange(lock, 0);
}
-void lock_basic_lock(lock_basic_t* lock)
+void lock_basic_lock(lock_basic_type* lock)
{
LONG wait = 1; /* wait 1 msec at first */
@@ -191,13 +191,13 @@ void lock_basic_lock(lock_basic_t* lock)
/* the old value was 0, but we inserted 1, we locked it! */
}
-void lock_basic_unlock(lock_basic_t* lock)
+void lock_basic_unlock(lock_basic_type* lock)
{
/* unlock it by inserting the value of 0. xchg for cache coherency. */
(void)InterlockedExchange(lock, 0);
}
-void ub_thread_key_create(ub_thread_key_t* key, void* f)
+void ub_thread_key_create(ub_thread_key_type* key, void* f)
{
*key = TlsAlloc();
if(*key == TLS_OUT_OF_INDEXES) {
@@ -207,14 +207,14 @@ void ub_thread_key_create(ub_thread_key_t* key, void* f)
else ub_thread_key_set(*key, f);
}
-void ub_thread_key_set(ub_thread_key_t key, void* v)
+void ub_thread_key_set(ub_thread_key_type key, void* v)
{
if(!TlsSetValue(key, v)) {
log_win_err("TlsSetValue failed", GetLastError());
}
}
-void* ub_thread_key_get(ub_thread_key_t key)
+void* ub_thread_key_get(ub_thread_key_type key)
{
void* ret = (void*)TlsGetValue(key);
if(ret == NULL && GetLastError() != ERROR_SUCCESS) {
@@ -223,7 +223,7 @@ void* ub_thread_key_get(ub_thread_key_t key)
return ret;
}
-void ub_thread_create(ub_thread_t* thr, void* (*func)(void*), void* arg)
+void ub_thread_create(ub_thread_type* thr, void* (*func)(void*), void* arg)
{
#ifndef HAVE__BEGINTHREADEX
*thr = CreateThread(NULL, /* default security (no inherit handle) */
@@ -233,7 +233,7 @@ void ub_thread_create(ub_thread_t* thr, void* (*func)(void*), void* arg)
NULL); /* do not store thread identifier anywhere */
#else
/* the beginthreadex routine setups for the C lib; aligns stack */
- *thr=(ub_thread_t)_beginthreadex(NULL, 0, (void*)func, arg, 0, NULL);
+ *thr=(ub_thread_type)_beginthreadex(NULL, 0, (void*)func, arg, 0, NULL);
#endif
if(*thr == NULL) {
log_win_err("CreateThread failed", GetLastError());
@@ -241,12 +241,12 @@ void ub_thread_create(ub_thread_t* thr, void* (*func)(void*), void* arg)
}
}
-ub_thread_t ub_thread_self(void)
+ub_thread_type ub_thread_self(void)
{
return GetCurrentThread();
}
-void ub_thread_join(ub_thread_t thr)
+void ub_thread_join(ub_thread_type thr)
{
DWORD ret = WaitForSingleObject(thr, INFINITE);
if(ret == WAIT_FAILED) {
diff --git a/contrib/unbound/util/locks.h b/contrib/unbound/util/locks.h
index 3776912aaca2..d86ee4923f73 100644
--- a/contrib/unbound/util/locks.h
+++ b/contrib/unbound/util/locks.h
@@ -95,7 +95,7 @@
/******************* PTHREAD ************************/
/** use pthread mutex for basic lock */
-typedef pthread_mutex_t lock_basic_t;
+typedef pthread_mutex_t lock_basic_type;
/** small front for pthread init func, NULL is default attrs. */
#define lock_basic_init(lock) LOCKRET(pthread_mutex_init(lock, NULL))
#define lock_basic_destroy(lock) LOCKRET(pthread_mutex_destroy(lock))
@@ -104,7 +104,7 @@ typedef pthread_mutex_t lock_basic_t;
#ifndef HAVE_PTHREAD_RWLOCK_T
/** in case rwlocks are not supported, use a mutex. */
-typedef pthread_mutex_t lock_rw_t;
+typedef pthread_mutex_t lock_rw_type;
#define lock_rw_init(lock) LOCKRET(pthread_mutex_init(lock, NULL))
#define lock_rw_destroy(lock) LOCKRET(pthread_mutex_destroy(lock))
#define lock_rw_rdlock(lock) LOCKRET(pthread_mutex_lock(lock))
@@ -112,7 +112,7 @@ typedef pthread_mutex_t lock_rw_t;
#define lock_rw_unlock(lock) LOCKRET(pthread_mutex_unlock(lock))
#else /* HAVE_PTHREAD_RWLOCK_T */
/** we use the pthread rwlock */
-typedef pthread_rwlock_t lock_rw_t;
+typedef pthread_rwlock_t lock_rw_type;
/** small front for pthread init func, NULL is default attrs. */
#define lock_rw_init(lock) LOCKRET(pthread_rwlock_init(lock, NULL))
#define lock_rw_destroy(lock) LOCKRET(pthread_rwlock_destroy(lock))
@@ -123,7 +123,7 @@ typedef pthread_rwlock_t lock_rw_t;
#ifndef HAVE_PTHREAD_SPINLOCK_T
/** in case spinlocks are not supported, use a mutex. */
-typedef pthread_mutex_t lock_quick_t;
+typedef pthread_mutex_t lock_quick_type;
/** small front for pthread init func, NULL is default attrs. */
#define lock_quick_init(lock) LOCKRET(pthread_mutex_init(lock, NULL))
#define lock_quick_destroy(lock) LOCKRET(pthread_mutex_destroy(lock))
@@ -132,7 +132,7 @@ typedef pthread_mutex_t lock_quick_t;
#else /* HAVE_PTHREAD_SPINLOCK_T */
/** use pthread spinlock for the quick lock */
-typedef pthread_spinlock_t lock_quick_t;
+typedef pthread_spinlock_t lock_quick_type;
/**
* allocate process private since this is available whether
* Thread Process-Shared Synchronization is supported or not.
@@ -148,14 +148,31 @@ typedef pthread_spinlock_t lock_quick_t;
#endif /* HAVE SPINLOCK */
/** Thread creation */
-typedef pthread_t ub_thread_t;
-/** Pass where to store tread_t in thr. Use default NULL attributes. */
-#define ub_thread_create(thr, func, arg) LOCKRET(pthread_create(thr, NULL, func, arg))
+typedef pthread_t ub_thread_type;
+/** On alpine linux default thread stack size is 80 Kb. See
+http://wiki.musl-libc.org/wiki/Functional_differences_from_glibc#Thread_stack_size
+This is not enough and cause segfault. Other linux distros have 2 Mb at least.
+Wrapper for set up thread stack size */
+#define PTHREADSTACKSIZE 2*1024*1024
+#define PTHREADCREATE(thr, stackrequired, func, arg) do {\
+ pthread_attr_t attr; \
+ size_t stacksize; \
+ LOCKRET(pthread_attr_init(&attr)); \
+ LOCKRET(pthread_attr_getstacksize(&attr, &stacksize)); \
+ if (stacksize < stackrequired) { \
+ LOCKRET(pthread_attr_setstacksize(&attr, stackrequired)); \
+ LOCKRET(pthread_create(thr, &attr, func, arg)); \
+ LOCKRET(pthread_attr_getstacksize(&attr, &stacksize)); \
+ verbose(VERB_ALGO, "Thread stack size set to %u", (unsigned)stacksize); \
+ } else {LOCKRET(pthread_create(thr, NULL, func, arg));} \
+ } while(0)
+/** Use wrapper for set thread stack size on attributes. */
+#define ub_thread_create(thr, func, arg) PTHREADCREATE(thr, PTHREADSTACKSIZE, func, arg)
/** get self id. */
#define ub_thread_self() pthread_self()
/** wait for another thread to terminate */
#define ub_thread_join(thread) LOCKRET(pthread_join(thread, NULL))
-typedef pthread_key_t ub_thread_key_t;
+typedef pthread_key_t ub_thread_key_type;
#define ub_thread_key_create(key, f) LOCKRET(pthread_key_create(key, f))
#define ub_thread_key_set(key, v) LOCKRET(pthread_setspecific(key, v))
#define ub_thread_key_get(key) pthread_getspecific(key)
@@ -167,7 +184,7 @@ typedef pthread_key_t ub_thread_key_t;
#include <synch.h>
#include <thread.h>
-typedef rwlock_t lock_rw_t;
+typedef rwlock_t lock_rw_type;
#define lock_rw_init(lock) LOCKRET(rwlock_init(lock, USYNC_THREAD, NULL))
#define lock_rw_destroy(lock) LOCKRET(rwlock_destroy(lock))
#define lock_rw_rdlock(lock) LOCKRET(rw_rdlock(lock))
@@ -175,28 +192,28 @@ typedef rwlock_t lock_rw_t;
#define lock_rw_unlock(lock) LOCKRET(rw_unlock(lock))
/** use basic mutex */
-typedef mutex_t lock_basic_t;
+typedef mutex_t lock_basic_type;
#define lock_basic_init(lock) LOCKRET(mutex_init(lock, USYNC_THREAD, NULL))
#define lock_basic_destroy(lock) LOCKRET(mutex_destroy(lock))
#define lock_basic_lock(lock) LOCKRET(mutex_lock(lock))
#define lock_basic_unlock(lock) LOCKRET(mutex_unlock(lock))
/** No spinlocks in solaris threads API. Use a mutex. */
-typedef mutex_t lock_quick_t;
+typedef mutex_t lock_quick_type;
#define lock_quick_init(lock) LOCKRET(mutex_init(lock, USYNC_THREAD, NULL))
#define lock_quick_destroy(lock) LOCKRET(mutex_destroy(lock))
#define lock_quick_lock(lock) LOCKRET(mutex_lock(lock))
#define lock_quick_unlock(lock) LOCKRET(mutex_unlock(lock))
/** Thread creation, create a default thread. */
-typedef thread_t ub_thread_t;
+typedef thread_t ub_thread_type;
#define ub_thread_create(thr, func, arg) LOCKRET(thr_create(NULL, NULL, func, arg, NULL, thr))
#define ub_thread_self() thr_self()
#define ub_thread_join(thread) LOCKRET(thr_join(thread, NULL, NULL))
-typedef thread_key_t ub_thread_key_t;
+typedef thread_key_t ub_thread_key_type;
#define ub_thread_key_create(key, f) LOCKRET(thr_keycreate(key, f))
#define ub_thread_key_set(key, v) LOCKRET(thr_setspecific(key, v))
-void* ub_thread_key_get(ub_thread_key_t key);
+void* ub_thread_key_get(ub_thread_key_type key);
#else /* we do not HAVE_SOLARIS_THREADS and no PTHREADS */
@@ -205,7 +222,7 @@ void* ub_thread_key_get(ub_thread_key_t key);
#include <windows.h>
/* Use a mutex */
-typedef LONG lock_rw_t;
+typedef LONG lock_rw_type;
#define lock_rw_init(lock) lock_basic_init(lock)
#define lock_rw_destroy(lock) lock_basic_destroy(lock)
#define lock_rw_rdlock(lock) lock_basic_lock(lock)
@@ -213,35 +230,35 @@ typedef LONG lock_rw_t;
#define lock_rw_unlock(lock) lock_basic_unlock(lock)
/** the basic lock is a mutex, implemented opaquely, for error handling. */
-typedef LONG lock_basic_t;
-void lock_basic_init(lock_basic_t* lock);
-void lock_basic_destroy(lock_basic_t* lock);
-void lock_basic_lock(lock_basic_t* lock);
-void lock_basic_unlock(lock_basic_t* lock);
+typedef LONG lock_basic_type;
+void lock_basic_init(lock_basic_type* lock);
+void lock_basic_destroy(lock_basic_type* lock);
+void lock_basic_lock(lock_basic_type* lock);
+void lock_basic_unlock(lock_basic_type* lock);
/** on windows no spinlock, use mutex too. */
-typedef LONG lock_quick_t;
+typedef LONG lock_quick_type;
#define lock_quick_init(lock) lock_basic_init(lock)
#define lock_quick_destroy(lock) lock_basic_destroy(lock)
#define lock_quick_lock(lock) lock_basic_lock(lock)
#define lock_quick_unlock(lock) lock_basic_unlock(lock)
/** Thread creation, create a default thread. */
-typedef HANDLE ub_thread_t;
-void ub_thread_create(ub_thread_t* thr, void* (*func)(void*), void* arg);
-ub_thread_t ub_thread_self(void);
-void ub_thread_join(ub_thread_t thr);
-typedef DWORD ub_thread_key_t;
-void ub_thread_key_create(ub_thread_key_t* key, void* f);
-void ub_thread_key_set(ub_thread_key_t key, void* v);
-void* ub_thread_key_get(ub_thread_key_t key);
+typedef HANDLE ub_thread_type;
+void ub_thread_create(ub_thread_type* thr, void* (*func)(void*), void* arg);
+ub_thread_type ub_thread_self(void);
+void ub_thread_join(ub_thread_type thr);
+typedef DWORD ub_thread_key_type;
+void ub_thread_key_create(ub_thread_key_type* key, void* f);
+void ub_thread_key_set(ub_thread_key_type key, void* v);
+void* ub_thread_key_get(ub_thread_key_type key);
#else /* we do not HAVE_SOLARIS_THREADS, PTHREADS or WINDOWS_THREADS */
/******************* NO THREADS ************************/
#define THREADS_DISABLED 1
/** In case there is no thread support, define locks to do nothing */
-typedef int lock_rw_t;
+typedef int lock_rw_type;
#define lock_rw_init(lock) /* nop */
#define lock_rw_destroy(lock) /* nop */
#define lock_rw_rdlock(lock) /* nop */
@@ -249,30 +266,30 @@ typedef int lock_rw_t;
#define lock_rw_unlock(lock) /* nop */
/** define locks to do nothing */
-typedef int lock_basic_t;
+typedef int lock_basic_type;
#define lock_basic_init(lock) /* nop */
#define lock_basic_destroy(lock) /* nop */
#define lock_basic_lock(lock) /* nop */
#define lock_basic_unlock(lock) /* nop */
/** define locks to do nothing */
-typedef int lock_quick_t;
+typedef int lock_quick_type;
#define lock_quick_init(lock) /* nop */
#define lock_quick_destroy(lock) /* nop */
#define lock_quick_lock(lock) /* nop */
#define lock_quick_unlock(lock) /* nop */
/** Thread creation, threads do not exist */
-typedef pid_t ub_thread_t;
+typedef pid_t ub_thread_type;
/** ub_thread_create is simulated with fork (extremely heavy threads,
* with no shared memory). */
#define ub_thread_create(thr, func, arg) \
ub_thr_fork_create(thr, func, arg)
#define ub_thread_self() getpid()
#define ub_thread_join(thread) ub_thr_fork_wait(thread)
-void ub_thr_fork_wait(ub_thread_t thread);
-void ub_thr_fork_create(ub_thread_t* thr, void* (*func)(void*), void* arg);
-typedef void* ub_thread_key_t;
+void ub_thr_fork_wait(ub_thread_type thread);
+void ub_thr_fork_create(ub_thread_type* thr, void* (*func)(void*), void* arg);
+typedef void* ub_thread_key_type;
#define ub_thread_key_create(key, f) (*(key)) = NULL
#define ub_thread_key_set(key, v) (key) = (v)
#define ub_thread_key_get(key) (key)
diff --git a/contrib/unbound/util/log.c b/contrib/unbound/util/log.c
index 3ebd12025af9..439541a7ce4a 100644
--- a/contrib/unbound/util/log.c
+++ b/contrib/unbound/util/log.c
@@ -67,10 +67,10 @@ static FILE* logfile = 0;
/** if key has been created */
static int key_created = 0;
/** pthread key for thread ids in logfile */
-static ub_thread_key_t logkey;
+static ub_thread_key_type logkey;
#ifndef THREADS_DISABLED
/** pthread mutex to protect FILE* */
-static lock_quick_t log_lock;
+static lock_quick_type log_lock;
#endif
/** the identity of this executable/process */
static const char* ident="unbound";
diff --git a/contrib/unbound/util/mini_event.c b/contrib/unbound/util/mini_event.c
index 98d15f677b0a..14e9efe4790d 100644
--- a/contrib/unbound/util/mini_event.c
+++ b/contrib/unbound/util/mini_event.c
@@ -147,7 +147,7 @@ static void handle_timeouts(struct event_base* base, struct timeval* now,
wait->tv_sec = (time_t)-1;
#endif
- while((rbnode_t*)(p = (struct event*)rbtree_first(base->times))
+ while((rbnode_type*)(p = (struct event*)rbtree_first(base->times))
!=RBTREE_NULL) {
#ifndef S_SPLINT_S
if(p->ev_timeout.tv_sec > now->tv_sec ||
diff --git a/contrib/unbound/util/mini_event.h b/contrib/unbound/util/mini_event.h
index 1a5bcb445ae0..204894d97af2 100644
--- a/contrib/unbound/util/mini_event.h
+++ b/contrib/unbound/util/mini_event.h
@@ -96,7 +96,7 @@
struct event_base
{
/** sorted by timeout (absolute), ptr */
- rbtree_t* times;
+ rbtree_type* times;
/** array of 0 - maxfd of ptr to event for it */
struct event** fds;
/** max fd in use */
@@ -128,7 +128,7 @@ struct event_base
*/
struct event {
/** node in timeout rbtree */
- rbnode_t node;
+ rbnode_type node;
/** is event already added */
int added;
diff --git a/contrib/unbound/util/module.c b/contrib/unbound/util/module.c
index cc3328b13c9b..91983b18274d 100644
--- a/contrib/unbound/util/module.c
+++ b/contrib/unbound/util/module.c
@@ -124,7 +124,7 @@ edns_register_option(uint16_t opt_code, int bypass_cache_stage,
}
static int
-inplace_cb_reply_register_generic(inplace_cb_reply_func_t* cb,
+inplace_cb_reply_register_generic(inplace_cb_reply_func_type* cb,
enum inplace_cb_list_type type, void* cb_arg, struct module_env* env)
{
struct inplace_cb_reply* callback;
@@ -153,7 +153,7 @@ inplace_cb_reply_register_generic(inplace_cb_reply_func_t* cb,
}
int
-inplace_cb_reply_register(inplace_cb_reply_func_t* cb, void* cb_arg,
+inplace_cb_reply_register(inplace_cb_reply_func_type* cb, void* cb_arg,
struct module_env* env)
{
return inplace_cb_reply_register_generic(cb, inplace_cb_reply, cb_arg,
@@ -161,7 +161,7 @@ inplace_cb_reply_register(inplace_cb_reply_func_t* cb, void* cb_arg,
}
int
-inplace_cb_reply_cache_register(inplace_cb_reply_func_t* cb, void* cb_arg,
+inplace_cb_reply_cache_register(inplace_cb_reply_func_type* cb, void* cb_arg,
struct module_env* env)
{
return inplace_cb_reply_register_generic(cb, inplace_cb_reply_cache,
@@ -169,7 +169,7 @@ inplace_cb_reply_cache_register(inplace_cb_reply_func_t* cb, void* cb_arg,
}
int
-inplace_cb_reply_local_register(inplace_cb_reply_func_t* cb, void* cb_arg,
+inplace_cb_reply_local_register(inplace_cb_reply_func_type* cb, void* cb_arg,
struct module_env* env)
{
return inplace_cb_reply_register_generic(cb, inplace_cb_reply_local,
@@ -177,7 +177,7 @@ inplace_cb_reply_local_register(inplace_cb_reply_func_t* cb, void* cb_arg,
}
int
-inplace_cb_reply_servfail_register(inplace_cb_reply_func_t* cb, void* cb_arg,
+inplace_cb_reply_servfail_register(inplace_cb_reply_func_type* cb, void* cb_arg,
struct module_env* env)
{
return inplace_cb_reply_register_generic(cb, inplace_cb_reply_servfail,
@@ -216,7 +216,7 @@ void inplace_cb_reply_servfail_delete(struct module_env* env)
}
int
-inplace_cb_query_register(inplace_cb_query_func_t* cb, void* cb_arg,
+inplace_cb_query_register(inplace_cb_query_func_type* cb, void* cb_arg,
struct module_env* env)
{
struct inplace_cb_query* callback;
diff --git a/contrib/unbound/util/module.h b/contrib/unbound/util/module.h
index 0e27e6a56d71..d3db3eaec151 100644
--- a/contrib/unbound/util/module.h
+++ b/contrib/unbound/util/module.h
@@ -176,7 +176,7 @@ struct iter_forwards;
struct iter_hints;
/** Maximum number of modules in operation */
-#define MAX_MODULE 5
+#define MAX_MODULE 16
/** Maximum number of known edns options */
#define MAX_KNOWN_EDNS_OPTS 256
@@ -226,7 +226,7 @@ struct edns_known_option {
* region: region to store data.
* python_callback: only used for registering a python callback function.
*/
-typedef int inplace_cb_reply_func_t(struct query_info* qinfo,
+typedef int inplace_cb_reply_func_type(struct query_info* qinfo,
struct module_qstate* qstate, struct reply_info* rep, int rcode,
struct edns_data* edns, struct edns_option** opt_list_out,
struct regional* region, void* python_callback);
@@ -244,7 +244,7 @@ struct inplace_cb_reply {
* opt_list_out, region, python_callback);
* python_callback is only used for registering a python callback function.
*/
- inplace_cb_reply_func_t* cb;
+ inplace_cb_reply_func_type* cb;
void* cb_arg;
};
@@ -265,7 +265,7 @@ struct inplace_cb_reply {
* region: region to store data.
* python_callback: only used for registering a python callback function.
*/
-typedef int inplace_cb_query_func_t(struct query_info* qinfo, uint16_t flags,
+typedef int inplace_cb_query_func_type(struct query_info* qinfo, uint16_t flags,
struct module_qstate* qstate, struct sockaddr_storage* addr,
socklen_t addrlen, uint8_t* zone, size_t zonelen, struct regional* region,
void* python_callback);
@@ -283,7 +283,7 @@ struct inplace_cb_query {
* region, python_callback);
* python_callback is only used for registering a python callback function.
*/
- inplace_cb_query_func_t* cb;
+ inplace_cb_query_func_type* cb;
void* cb_arg;
};
@@ -688,7 +688,7 @@ int edns_register_option(uint16_t opt_code, int bypass_cache_stage,
* @return true on success, false on failure (out of memory or trying to
* register after the environment is copied to the threads.)
*/
-int inplace_cb_reply_register(inplace_cb_reply_func_t* cb, void* cb_arg,
+int inplace_cb_reply_register(inplace_cb_reply_func_type* cb, void* cb_arg,
struct module_env* env);
/**
@@ -699,7 +699,7 @@ int inplace_cb_reply_register(inplace_cb_reply_func_t* cb, void* cb_arg,
* @return true on success, false on failure (out of memory or trying to
* register after the environment is copied to the threads.)
*/
-int inplace_cb_reply_cache_register(inplace_cb_reply_func_t* cb, void* cb_arg,
+int inplace_cb_reply_cache_register(inplace_cb_reply_func_type* cb, void* cb_arg,
struct module_env* env);
/**
@@ -711,7 +711,7 @@ int inplace_cb_reply_cache_register(inplace_cb_reply_func_t* cb, void* cb_arg,
* @return true on success, false on failure (out of memory or trying to
* register after the environment is copied to the threads.)
*/
-int inplace_cb_reply_local_register(inplace_cb_reply_func_t* cb, void* cb_arg,
+int inplace_cb_reply_local_register(inplace_cb_reply_func_type* cb, void* cb_arg,
struct module_env* env);
/**
@@ -722,7 +722,7 @@ int inplace_cb_reply_local_register(inplace_cb_reply_func_t* cb, void* cb_arg,
* @return true on success, false on failure (out of memory or trying to
* register after the environment is copied to the threads.)
*/
-int inplace_cb_reply_servfail_register(inplace_cb_reply_func_t* cb,
+int inplace_cb_reply_servfail_register(inplace_cb_reply_func_type* cb,
void* cb_arg, struct module_env* env);
/**
@@ -751,7 +751,7 @@ void inplace_cb_reply_servfail_delete(struct module_env* env);
* @return true on success, false on failure (out of memory or trying to
* register after the environment is copied to the threads.)
*/
-int inplace_cb_query_register(inplace_cb_query_func_t* cb, void* cb_arg,
+int inplace_cb_query_register(inplace_cb_query_func_type* cb, void* cb_arg,
struct module_env* env);
/**
diff --git a/contrib/unbound/util/net_help.c b/contrib/unbound/util/net_help.c
index 248598918b8e..6c0d68e312b8 100644
--- a/contrib/unbound/util/net_help.c
+++ b/contrib/unbound/util/net_help.c
@@ -785,7 +785,7 @@ void* outgoing_ssl_fd(void* sslctx, int fd)
#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) && defined(CRYPTO_LOCK) && OPENSSL_VERSION_NUMBER < 0x10100000L
/** global lock list for openssl locks */
-static lock_basic_t *ub_openssl_locks = NULL;
+static lock_basic_type *ub_openssl_locks = NULL;
/** callback that gets thread id for openssl */
static unsigned long
@@ -810,8 +810,8 @@ int ub_openssl_lock_init(void)
{
#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) && defined(CRYPTO_LOCK) && OPENSSL_VERSION_NUMBER < 0x10100000L
int i;
- ub_openssl_locks = (lock_basic_t*)reallocarray(
- NULL, (size_t)CRYPTO_num_locks(), sizeof(lock_basic_t));
+ ub_openssl_locks = (lock_basic_type*)reallocarray(
+ NULL, (size_t)CRYPTO_num_locks(), sizeof(lock_basic_type));
if(!ub_openssl_locks)
return 0;
for(i=0; i<CRYPTO_num_locks(); i++) {
diff --git a/contrib/unbound/util/netevent.c b/contrib/unbound/util/netevent.c
index 8960b362c78d..8e66b9045fa1 100644
--- a/contrib/unbound/util/netevent.c
+++ b/contrib/unbound/util/netevent.c
@@ -146,7 +146,7 @@ struct internal_signal {
/** create a tcp handler with a parent */
static struct comm_point* comm_point_create_tcp_handler(
struct comm_base *base, struct comm_point* parent, size_t bufsize,
- comm_point_callback_t* callback, void* callback_arg);
+ comm_point_callback_type* callback, void* callback_arg);
/* -------- End of local definitions -------- */
@@ -654,7 +654,7 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg)
(void)fd;
(void)event;
(void)arg;
- fatal_exit("recvmsg: No support for IPV6_PKTINFO. "
+ fatal_exit("recvmsg: No support for IPV6_PKTINFO; IP_PKTINFO or IP_RECVDSTADDR. "
"Please disable interface-automatic");
#endif /* AF_INET6 && IPV6_PKTINFO && HAVE_RECVMSG */
}
@@ -1573,7 +1573,7 @@ void comm_point_raw_handle_callback(int ATTR_UNUSED(fd),
struct comm_point*
comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer,
- comm_point_callback_t* callback, void* callback_arg)
+ comm_point_callback_type* callback, void* callback_arg)
{
struct comm_point* c = (struct comm_point*)calloc(1,
sizeof(struct comm_point));
@@ -1628,7 +1628,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer,
struct comm_point*
comm_point_create_udp_ancil(struct comm_base *base, int fd,
sldns_buffer* buffer,
- comm_point_callback_t* callback, void* callback_arg)
+ comm_point_callback_type* callback, void* callback_arg)
{
struct comm_point* c = (struct comm_point*)calloc(1,
sizeof(struct comm_point));
@@ -1683,7 +1683,7 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd,
static struct comm_point*
comm_point_create_tcp_handler(struct comm_base *base,
struct comm_point* parent, size_t bufsize,
- comm_point_callback_t* callback, void* callback_arg)
+ comm_point_callback_type* callback, void* callback_arg)
{
struct comm_point* c = (struct comm_point*)calloc(1,
sizeof(struct comm_point));
@@ -1749,7 +1749,7 @@ comm_point_create_tcp_handler(struct comm_base *base,
struct comm_point*
comm_point_create_tcp(struct comm_base *base, int fd, int num, size_t bufsize,
- comm_point_callback_t* callback, void* callback_arg)
+ comm_point_callback_type* callback, void* callback_arg)
{
struct comm_point* c = (struct comm_point*)calloc(1,
sizeof(struct comm_point));
@@ -1820,7 +1820,7 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, size_t bufsize,
struct comm_point*
comm_point_create_tcp_out(struct comm_base *base, size_t bufsize,
- comm_point_callback_t* callback, void* callback_arg)
+ comm_point_callback_type* callback, void* callback_arg)
{
struct comm_point* c = (struct comm_point*)calloc(1,
sizeof(struct comm_point));
@@ -1877,7 +1877,7 @@ comm_point_create_tcp_out(struct comm_base *base, size_t bufsize,
struct comm_point*
comm_point_create_local(struct comm_base *base, int fd, size_t bufsize,
- comm_point_callback_t* callback, void* callback_arg)
+ comm_point_callback_type* callback, void* callback_arg)
{
struct comm_point* c = (struct comm_point*)calloc(1,
sizeof(struct comm_point));
@@ -1938,7 +1938,7 @@ comm_point_create_local(struct comm_base *base, int fd, size_t bufsize,
struct comm_point*
comm_point_create_raw(struct comm_base* base, int fd, int writing,
- comm_point_callback_t* callback, void* callback_arg)
+ comm_point_callback_type* callback, void* callback_arg)
{
struct comm_point* c = (struct comm_point*)calloc(1,
sizeof(struct comm_point));
diff --git a/contrib/unbound/util/netevent.h b/contrib/unbound/util/netevent.h
index 1d7ac0bc118b..2ce716b850e9 100644
--- a/contrib/unbound/util/netevent.h
+++ b/contrib/unbound/util/netevent.h
@@ -71,7 +71,7 @@ struct internal_base;
struct internal_timer; /* A sub struct of the comm_timer super struct */
/** callback from communication point function type */
-typedef int comm_point_callback_t(struct comm_point*, void*, int,
+typedef int comm_point_callback_type(struct comm_point*, void*, int,
struct comm_reply*);
/** to pass no_error to callback function */
@@ -264,7 +264,7 @@ struct comm_point {
For UDP this is done without changing the commpoint.
In TCP it sets write state.
*/
- comm_point_callback_t* callback;
+ comm_point_callback_type* callback;
/** argument to pass to callback. */
void *cb_arg;
};
@@ -382,7 +382,7 @@ struct ub_event_base* comm_base_internal(struct comm_base* b);
*/
struct comm_point* comm_point_create_udp(struct comm_base* base,
int fd, struct sldns_buffer* buffer,
- comm_point_callback_t* callback, void* callback_arg);
+ comm_point_callback_type* callback, void* callback_arg);
/**
* Create an UDP with ancillary data comm point. Calls malloc.
@@ -398,7 +398,7 @@ struct comm_point* comm_point_create_udp(struct comm_base* base,
*/
struct comm_point* comm_point_create_udp_ancil(struct comm_base* base,
int fd, struct sldns_buffer* buffer,
- comm_point_callback_t* callback, void* callback_arg);
+ comm_point_callback_type* callback, void* callback_arg);
/**
* Create a TCP listener comm point. Calls malloc.
@@ -419,7 +419,7 @@ struct comm_point* comm_point_create_udp_ancil(struct comm_base* base,
*/
struct comm_point* comm_point_create_tcp(struct comm_base* base,
int fd, int num, size_t bufsize,
- comm_point_callback_t* callback, void* callback_arg);
+ comm_point_callback_type* callback, void* callback_arg);
/**
* Create an outgoing TCP commpoint. No file descriptor is opened, left at -1.
@@ -430,7 +430,7 @@ struct comm_point* comm_point_create_tcp(struct comm_base* base,
* @return: the commpoint or NULL on error.
*/
struct comm_point* comm_point_create_tcp_out(struct comm_base* base,
- size_t bufsize, comm_point_callback_t* callback, void* callback_arg);
+ size_t bufsize, comm_point_callback_type* callback, void* callback_arg);
/**
* Create commpoint to listen to a local domain file descriptor.
@@ -443,7 +443,7 @@ struct comm_point* comm_point_create_tcp_out(struct comm_base* base,
*/
struct comm_point* comm_point_create_local(struct comm_base* base,
int fd, size_t bufsize,
- comm_point_callback_t* callback, void* callback_arg);
+ comm_point_callback_type* callback, void* callback_arg);
/**
* Create commpoint to listen to a local domain pipe descriptor.
@@ -456,7 +456,7 @@ struct comm_point* comm_point_create_local(struct comm_base* base,
*/
struct comm_point* comm_point_create_raw(struct comm_base* base,
int fd, int writing,
- comm_point_callback_t* callback, void* callback_arg);
+ comm_point_callback_type* callback, void* callback_arg);
/**
* Close a comm point fd.
diff --git a/contrib/unbound/util/rbtree.c b/contrib/unbound/util/rbtree.c
index ee5446f6cb56..f031c9a13faf 100644
--- a/contrib/unbound/util/rbtree.c
+++ b/contrib/unbound/util/rbtree.c
@@ -50,7 +50,7 @@
#define RED 1
/** the NULL node, global alloc */
-rbnode_t rbtree_null_node = {
+rbnode_type rbtree_null_node = {
RBTREE_NULL, /* Parent. */
RBTREE_NULL, /* Left. */
RBTREE_NULL, /* Right. */
@@ -59,13 +59,14 @@ rbnode_t rbtree_null_node = {
};
/** rotate subtree left (to preserve redblack property) */
-static void rbtree_rotate_left(rbtree_t *rbtree, rbnode_t *node);
+static void rbtree_rotate_left(rbtree_type *rbtree, rbnode_type *node);
/** rotate subtree right (to preserve redblack property) */
-static void rbtree_rotate_right(rbtree_t *rbtree, rbnode_t *node);
+static void rbtree_rotate_right(rbtree_type *rbtree, rbnode_type *node);
/** Fixup node colours when insert happened */
-static void rbtree_insert_fixup(rbtree_t *rbtree, rbnode_t *node);
+static void rbtree_insert_fixup(rbtree_type *rbtree, rbnode_type *node);
/** Fixup node colours when delete happened */
-static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* child_parent);
+static void rbtree_delete_fixup(rbtree_type* rbtree, rbnode_type* child,
+ rbnode_type* child_parent);
/*
* Creates a new red black tree, initializes and returns a pointer to it.
@@ -73,13 +74,13 @@ static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* chi
* Return NULL on failure.
*
*/
-rbtree_t *
+rbtree_type *
rbtree_create (int (*cmpf)(const void *, const void *))
{
- rbtree_t *rbtree;
+ rbtree_type *rbtree;
/* Allocate memory for it */
- rbtree = (rbtree_t *) malloc(sizeof(rbtree_t));
+ rbtree = (rbtree_type *) malloc(sizeof(rbtree_type));
if (!rbtree) {
return NULL;
}
@@ -91,7 +92,7 @@ rbtree_create (int (*cmpf)(const void *, const void *))
}
void
-rbtree_init(rbtree_t *rbtree, int (*cmpf)(const void *, const void *))
+rbtree_init(rbtree_type *rbtree, int (*cmpf)(const void *, const void *))
{
/* Initialize it */
rbtree->root = RBTREE_NULL;
@@ -104,9 +105,9 @@ rbtree_init(rbtree_t *rbtree, int (*cmpf)(const void *, const void *))
*
*/
static void
-rbtree_rotate_left(rbtree_t *rbtree, rbnode_t *node)
+rbtree_rotate_left(rbtree_type *rbtree, rbnode_type *node)
{
- rbnode_t *right = node->right;
+ rbnode_type *right = node->right;
node->right = right->left;
if (right->left != RBTREE_NULL)
right->left->parent = node;
@@ -131,9 +132,9 @@ rbtree_rotate_left(rbtree_t *rbtree, rbnode_t *node)
*
*/
static void
-rbtree_rotate_right(rbtree_t *rbtree, rbnode_t *node)
+rbtree_rotate_right(rbtree_type *rbtree, rbnode_type *node)
{
- rbnode_t *left = node->left;
+ rbnode_type *left = node->left;
node->left = left->right;
if (left->right != RBTREE_NULL)
left->right->parent = node;
@@ -154,9 +155,9 @@ rbtree_rotate_right(rbtree_t *rbtree, rbnode_t *node)
}
static void
-rbtree_insert_fixup(rbtree_t *rbtree, rbnode_t *node)
+rbtree_insert_fixup(rbtree_type *rbtree, rbnode_type *node)
{
- rbnode_t *uncle;
+ rbnode_type *uncle;
/* While not at the root and need fixing... */
while (node != rbtree->root && node->parent->color == RED) {
@@ -223,15 +224,15 @@ rbtree_insert_fixup(rbtree_t *rbtree, rbnode_t *node)
* Returns NULL on failure or the pointer to the newly added node
* otherwise.
*/
-rbnode_t *
-rbtree_insert (rbtree_t *rbtree, rbnode_t *data)
+rbnode_type *
+rbtree_insert (rbtree_type *rbtree, rbnode_type *data)
{
/* XXX Not necessary, but keeps compiler quiet... */
int r = 0;
/* We start at the root of the tree */
- rbnode_t *node = rbtree->root;
- rbnode_t *parent = RBTREE_NULL;
+ rbnode_type *node = rbtree->root;
+ rbnode_type *parent = RBTREE_NULL;
fptr_ok(fptr_whitelist_rbtree_cmp(rbtree->cmp));
/* Lets find the new parent... */
@@ -276,10 +277,10 @@ rbtree_insert (rbtree_t *rbtree, rbnode_t *data)
* Searches the red black tree, returns the data if key is found or NULL otherwise.
*
*/
-rbnode_t *
-rbtree_search (rbtree_t *rbtree, const void *key)
+rbnode_type *
+rbtree_search (rbtree_type *rbtree, const void *key)
{
- rbnode_t *node;
+ rbnode_type *node;
if (rbtree_find_less_equal(rbtree, key, &node)) {
return node;
@@ -295,13 +296,14 @@ static void swap_int8(uint8_t* x, uint8_t* y)
}
/** helpers for delete: swap node pointers */
-static void swap_np(rbnode_t** x, rbnode_t** y)
+static void swap_np(rbnode_type** x, rbnode_type** y)
{
- rbnode_t* t = *x; *x = *y; *y = t;
+ rbnode_type* t = *x; *x = *y; *y = t;
}
/** Update parent pointers of child trees of 'parent' */
-static void change_parent_ptr(rbtree_t* rbtree, rbnode_t* parent, rbnode_t* old, rbnode_t* new)
+static void change_parent_ptr(rbtree_type* rbtree, rbnode_type* parent,
+ rbnode_type* old, rbnode_type* new)
{
if(parent == RBTREE_NULL)
{
@@ -315,18 +317,19 @@ static void change_parent_ptr(rbtree_t* rbtree, rbnode_t* parent, rbnode_t* old,
if(parent->right == old) parent->right = new;
}
/** Update parent pointer of a node 'child' */
-static void change_child_ptr(rbnode_t* child, rbnode_t* old, rbnode_t* new)
+static void change_child_ptr(rbnode_type* child, rbnode_type* old,
+ rbnode_type* new)
{
if(child == RBTREE_NULL) return;
log_assert(child->parent == old || child->parent == new);
if(child->parent == old) child->parent = new;
}
-rbnode_t*
-rbtree_delete(rbtree_t *rbtree, const void *key)
+rbnode_type*
+rbtree_delete(rbtree_type *rbtree, const void *key)
{
- rbnode_t *to_delete;
- rbnode_t *child;
+ rbnode_type *to_delete;
+ rbnode_type *child;
if((to_delete = rbtree_search(rbtree, key)) == 0) return 0;
rbtree->count--;
@@ -334,11 +337,11 @@ rbtree_delete(rbtree_t *rbtree, const void *key)
if(to_delete->left != RBTREE_NULL && to_delete->right != RBTREE_NULL)
{
/* swap with smallest from right subtree (or largest from left) */
- rbnode_t *smright = to_delete->right;
+ rbnode_type *smright = to_delete->right;
while(smright->left != RBTREE_NULL)
smright = smright->left;
/* swap the smright and to_delete elements in the tree,
- * but the rbnode_t is first part of user data struct
+ * but the rbnode_type is first part of user data struct
* so cannot just swap the keys and data pointers. Instead
* readjust the pointers left,right,parent */
@@ -400,9 +403,10 @@ rbtree_delete(rbtree_t *rbtree, const void *key)
return to_delete;
}
-static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* child_parent)
+static void rbtree_delete_fixup(rbtree_type* rbtree, rbnode_type* child,
+ rbnode_type* child_parent)
{
- rbnode_t* sibling;
+ rbnode_type* sibling;
int go_up = 1;
/* determine sibling to the node that is one-black short */
@@ -504,10 +508,11 @@ static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* chi
}
int
-rbtree_find_less_equal(rbtree_t *rbtree, const void *key, rbnode_t **result)
+rbtree_find_less_equal(rbtree_type *rbtree, const void *key,
+ rbnode_type **result)
{
int r;
- rbnode_t *node;
+ rbnode_type *node;
log_assert(result);
@@ -540,19 +545,19 @@ rbtree_find_less_equal(rbtree_t *rbtree, const void *key, rbnode_t **result)
* Finds the first element in the red black tree
*
*/
-rbnode_t *
-rbtree_first (rbtree_t *rbtree)
+rbnode_type *
+rbtree_first (rbtree_type *rbtree)
{
- rbnode_t *node;
+ rbnode_type *node;
for (node = rbtree->root; node->left != RBTREE_NULL; node = node->left);
return node;
}
-rbnode_t *
-rbtree_last (rbtree_t *rbtree)
+rbnode_type *
+rbtree_last (rbtree_type *rbtree)
{
- rbnode_t *node;
+ rbnode_type *node;
for (node = rbtree->root; node->right != RBTREE_NULL; node = node->right);
return node;
@@ -562,10 +567,10 @@ rbtree_last (rbtree_t *rbtree)
* Returns the next node...
*
*/
-rbnode_t *
-rbtree_next (rbnode_t *node)
+rbnode_type *
+rbtree_next (rbnode_type *node)
{
- rbnode_t *parent;
+ rbnode_type *parent;
if (node->right != RBTREE_NULL) {
/* One right, then keep on going left... */
@@ -581,10 +586,10 @@ rbtree_next (rbnode_t *node)
return node;
}
-rbnode_t *
-rbtree_previous(rbnode_t *node)
+rbnode_type *
+rbtree_previous(rbnode_type *node)
{
- rbnode_t *parent;
+ rbnode_type *parent;
if (node->left != RBTREE_NULL) {
/* One left, then keep on going right... */
@@ -602,7 +607,7 @@ rbtree_previous(rbnode_t *node)
/** recursive descent traverse */
static void
-traverse_post(void (*func)(rbnode_t*, void*), void* arg, rbnode_t* node)
+traverse_post(void (*func)(rbnode_type*, void*), void* arg, rbnode_type* node)
{
if(!node || node == RBTREE_NULL)
return;
@@ -614,7 +619,8 @@ traverse_post(void (*func)(rbnode_t*, void*), void* arg, rbnode_t* node)
}
void
-traverse_postorder(rbtree_t* tree, void (*func)(rbnode_t*, void*), void* arg)
+traverse_postorder(rbtree_type* tree, void (*func)(rbnode_type*, void*),
+ void* arg)
{
traverse_post(func, arg, tree->root);
}
diff --git a/contrib/unbound/util/rbtree.h b/contrib/unbound/util/rbtree.h
index 50c84bbab385..dfcf09ac6a89 100644
--- a/contrib/unbound/util/rbtree.h
+++ b/contrib/unbound/util/rbtree.h
@@ -45,40 +45,40 @@
/**
* This structure must be the first member of the data structure in
- * the rbtree. This allows easy casting between an rbnode_t and the
+ * the rbtree. This allows easy casting between an rbnode_type and the
* user data (poor man's inheritance).
*/
-typedef struct rbnode_t rbnode_t;
+typedef struct rbnode_type rbnode_type;
/**
- * The rbnode_t struct definition.
+ * The rbnode_type struct definition.
*/
-struct rbnode_t {
+struct rbnode_type {
/** parent in rbtree, RBTREE_NULL for root */
- rbnode_t *parent;
+ rbnode_type *parent;
/** left node (smaller items) */
- rbnode_t *left;
+ rbnode_type *left;
/** right node (larger items) */
- rbnode_t *right;
+ rbnode_type *right;
/** pointer to sorting key */
- const void *key;
+ const void *key;
/** colour of this node */
- uint8_t color;
+ uint8_t color;
};
/** The nullpointer, points to empty node */
#define RBTREE_NULL &rbtree_null_node
/** the global empty node */
-extern rbnode_t rbtree_null_node;
+extern rbnode_type rbtree_null_node;
/** An entire red black tree */
-typedef struct rbtree_t rbtree_t;
+typedef struct rbtree_type rbtree_type;
/** definition for tree struct */
-struct rbtree_t {
+struct rbtree_type {
/** The root of the red-black tree */
- rbnode_t *root;
+ rbnode_type *root;
/** The number of the nodes in the tree */
- size_t count;
+ size_t count;
/**
* Key compare function. <0,0,>0 like strcmp.
@@ -92,14 +92,14 @@ struct rbtree_t {
* @param cmpf: compare function (like strcmp) takes pointers to two keys.
* @return: new tree, empty.
*/
-rbtree_t *rbtree_create(int (*cmpf)(const void *, const void *));
+rbtree_type *rbtree_create(int (*cmpf)(const void *, const void *));
/**
* Init a new tree (malloced by caller) with given key compare function.
* @param rbtree: uninitialised memory for new tree, returned empty.
* @param cmpf: compare function (like strcmp) takes pointers to two keys.
*/
-void rbtree_init(rbtree_t *rbtree, int (*cmpf)(const void *, const void *));
+void rbtree_init(rbtree_type *rbtree, int (*cmpf)(const void *, const void *));
/**
* Insert data into the tree.
@@ -107,7 +107,7 @@ void rbtree_init(rbtree_t *rbtree, int (*cmpf)(const void *, const void *));
* @param data: element to insert.
* @return: data ptr or NULL if key already present.
*/
-rbnode_t *rbtree_insert(rbtree_t *rbtree, rbnode_t *data);
+rbnode_type *rbtree_insert(rbtree_type *rbtree, rbnode_type *data);
/**
* Delete element from tree.
@@ -116,7 +116,7 @@ rbnode_t *rbtree_insert(rbtree_t *rbtree, rbnode_t *data);
* @return: node that is now unlinked from the tree. User to delete it.
* returns 0 if node not present
*/
-rbnode_t *rbtree_delete(rbtree_t *rbtree, const void *key);
+rbnode_type *rbtree_delete(rbtree_type *rbtree, const void *key);
/**
* Find key in tree. Returns NULL if not found.
@@ -124,7 +124,7 @@ rbnode_t *rbtree_delete(rbtree_t *rbtree, const void *key);
* @param key: key that must match.
* @return: node that fits or NULL.
*/
-rbnode_t *rbtree_search(rbtree_t *rbtree, const void *key);
+rbnode_type *rbtree_search(rbtree_type *rbtree, const void *key);
/**
* Find, but match does not have to be exact.
@@ -135,45 +135,45 @@ rbnode_t *rbtree_search(rbtree_t *rbtree, const void *key);
* @return: true if exact match in result. Else result points to <= element,
* or NULL if key is smaller than the smallest key.
*/
-int rbtree_find_less_equal(rbtree_t *rbtree, const void *key,
- rbnode_t **result);
+int rbtree_find_less_equal(rbtree_type *rbtree, const void *key,
+ rbnode_type **result);
/**
* Returns first (smallest) node in the tree
* @param rbtree: tree
* @return: smallest element or NULL if tree empty.
*/
-rbnode_t *rbtree_first(rbtree_t *rbtree);
+rbnode_type *rbtree_first(rbtree_type *rbtree);
/**
* Returns last (largest) node in the tree
* @param rbtree: tree
* @return: largest element or NULL if tree empty.
*/
-rbnode_t *rbtree_last(rbtree_t *rbtree);
+rbnode_type *rbtree_last(rbtree_type *rbtree);
/**
* Returns next larger node in the tree
* @param rbtree: tree
* @return: next larger element or NULL if no larger in tree.
*/
-rbnode_t *rbtree_next(rbnode_t *rbtree);
+rbnode_type *rbtree_next(rbnode_type *rbtree);
/**
* Returns previous smaller node in the tree
* @param rbtree: tree
* @return: previous smaller element or NULL if no previous in tree.
*/
-rbnode_t *rbtree_previous(rbnode_t *rbtree);
+rbnode_type *rbtree_previous(rbnode_type *rbtree);
/**
- * Call with node=variable of struct* with rbnode_t as first element.
+ * Call with node=variable of struct* with rbnode_type as first element.
* with type is the type of a pointer to that struct.
*/
#define RBTREE_FOR(node, type, rbtree) \
for(node=(type)rbtree_first(rbtree); \
- (rbnode_t*)node != RBTREE_NULL; \
- node = (type)rbtree_next((rbnode_t*)node))
+ (rbnode_type*)node != RBTREE_NULL; \
+ node = (type)rbtree_next((rbnode_type*)node))
/**
* Call function for all elements in the redblack tree, such that
@@ -186,7 +186,7 @@ rbnode_t *rbtree_previous(rbnode_t *rbtree);
* The function must not alter the rbtree.
* @param arg: user argument.
*/
-void traverse_postorder(rbtree_t* tree, void (*func)(rbnode_t*, void*),
+void traverse_postorder(rbtree_type* tree, void (*func)(rbnode_type*, void*),
void* arg);
#endif /* UTIL_RBTREE_H_ */
diff --git a/contrib/unbound/util/storage/dnstree.c b/contrib/unbound/util/storage/dnstree.c
index 7664c479d47a..190369d851c8 100644
--- a/contrib/unbound/util/storage/dnstree.c
+++ b/contrib/unbound/util/storage/dnstree.c
@@ -71,17 +71,17 @@ int addr_tree_compare(const void* k1, const void* k2)
return 0;
}
-void name_tree_init(rbtree_t* tree)
+void name_tree_init(rbtree_type* tree)
{
rbtree_init(tree, &name_tree_compare);
}
-void addr_tree_init(rbtree_t* tree)
+void addr_tree_init(rbtree_type* tree)
{
rbtree_init(tree, &addr_tree_compare);
}
-int name_tree_insert(rbtree_t* tree, struct name_tree_node* node,
+int name_tree_insert(rbtree_type* tree, struct name_tree_node* node,
uint8_t* name, size_t len, int labs, uint16_t dclass)
{
node->node.key = node;
@@ -93,7 +93,7 @@ int name_tree_insert(rbtree_t* tree, struct name_tree_node* node,
return rbtree_insert(tree, &node->node) != NULL;
}
-int addr_tree_insert(rbtree_t* tree, struct addr_tree_node* node,
+int addr_tree_insert(rbtree_type* tree, struct addr_tree_node* node,
struct sockaddr_storage* addr, socklen_t addrlen, int net)
{
node->node.key = node;
@@ -104,7 +104,7 @@ int addr_tree_insert(rbtree_t* tree, struct addr_tree_node* node,
return rbtree_insert(tree, &node->node) != NULL;
}
-void addr_tree_init_parents(rbtree_t* tree)
+void addr_tree_init_parents(rbtree_type* tree)
{
struct addr_tree_node* node, *prev = NULL, *p;
int m;
@@ -130,7 +130,7 @@ void addr_tree_init_parents(rbtree_t* tree)
}
}
-void name_tree_init_parents(rbtree_t* tree)
+void name_tree_init_parents(rbtree_type* tree)
{
struct name_tree_node* node, *prev = NULL, *p;
int m;
@@ -156,7 +156,7 @@ void name_tree_init_parents(rbtree_t* tree)
}
}
-struct name_tree_node* name_tree_find(rbtree_t* tree, uint8_t* name,
+struct name_tree_node* name_tree_find(rbtree_type* tree, uint8_t* name,
size_t len, int labs, uint16_t dclass)
{
struct name_tree_node key;
@@ -168,10 +168,10 @@ struct name_tree_node* name_tree_find(rbtree_t* tree, uint8_t* name,
return (struct name_tree_node*)rbtree_search(tree, &key);
}
-struct name_tree_node* name_tree_lookup(rbtree_t* tree, uint8_t* name,
+struct name_tree_node* name_tree_lookup(rbtree_type* tree, uint8_t* name,
size_t len, int labs, uint16_t dclass)
{
- rbnode_t* res = NULL;
+ rbnode_type* res = NULL;
struct name_tree_node *result;
struct name_tree_node key;
key.node.key = &key;
@@ -200,10 +200,10 @@ struct name_tree_node* name_tree_lookup(rbtree_t* tree, uint8_t* name,
return result;
}
-struct addr_tree_node* addr_tree_lookup(rbtree_t* tree,
+struct addr_tree_node* addr_tree_lookup(rbtree_type* tree,
struct sockaddr_storage* addr, socklen_t addrlen)
{
- rbnode_t* res = NULL;
+ rbnode_type* res = NULL;
struct addr_tree_node* result;
struct addr_tree_node key;
key.node.key = &key;
@@ -231,10 +231,10 @@ struct addr_tree_node* addr_tree_lookup(rbtree_t* tree,
return result;
}
-struct addr_tree_node* addr_tree_find(rbtree_t* tree,
+struct addr_tree_node* addr_tree_find(rbtree_type* tree,
struct sockaddr_storage* addr, socklen_t addrlen, int net)
{
- rbnode_t* res = NULL;
+ rbnode_type* res = NULL;
struct addr_tree_node key;
key.node.key = &key;
memcpy(&key.addr, addr, addrlen);
@@ -245,10 +245,10 @@ struct addr_tree_node* addr_tree_find(rbtree_t* tree,
}
int
-name_tree_next_root(rbtree_t* tree, uint16_t* dclass)
+name_tree_next_root(rbtree_type* tree, uint16_t* dclass)
{
struct name_tree_node key;
- rbnode_t* n;
+ rbnode_type* n;
struct name_tree_node* p;
if(*dclass == 0) {
/* first root item is first item in tree */
diff --git a/contrib/unbound/util/storage/dnstree.h b/contrib/unbound/util/storage/dnstree.h
index b4595e19ee0f..782644b633e9 100644
--- a/contrib/unbound/util/storage/dnstree.h
+++ b/contrib/unbound/util/storage/dnstree.h
@@ -49,12 +49,12 @@
* This is not sorted canonically, but fast.
* This can be looked up to obtain a closest encloser parent name.
*
- * The tree itself is a rbtree_t.
+ * The tree itself is a rbtree_type.
* This is the element node put as first entry in the client structure.
*/
struct name_tree_node {
/** rbtree node, key is this struct : dclass and name */
- rbnode_t node;
+ rbnode_type node;
/** parent in tree */
struct name_tree_node* parent;
/** name in uncompressed wireformat */
@@ -71,12 +71,12 @@ struct name_tree_node {
* Tree of IP addresses. Sorted first by protocol, then by bits.
* This can be looked up to obtain the enclosing subnet.
*
- * The tree itself is a rbtree_t.
+ * The tree itself is a rbtree_type.
* This is the element node put as first entry in the client structure.
*/
struct addr_tree_node {
/** rbtree node, key is this struct : proto and subnet */
- rbnode_t node;
+ rbnode_type node;
/** parent in tree */
struct addr_tree_node* parent;
/** address */
@@ -91,7 +91,7 @@ struct addr_tree_node {
* Init a name tree to be empty
* @param tree: to init.
*/
-void name_tree_init(rbtree_t* tree);
+void name_tree_init(rbtree_type* tree);
/**
* insert element into name tree.
@@ -105,7 +105,7 @@ void name_tree_init(rbtree_t* tree);
* @param dclass: class of name
* @return false on error (duplicate element).
*/
-int name_tree_insert(rbtree_t* tree, struct name_tree_node* node,
+int name_tree_insert(rbtree_type* tree, struct name_tree_node* node,
uint8_t* name, size_t len, int labs, uint16_t dclass);
/**
@@ -113,7 +113,7 @@ int name_tree_insert(rbtree_t* tree, struct name_tree_node* node,
* Should be performed after insertions are done, before lookups
* @param tree: name tree
*/
-void name_tree_init_parents(rbtree_t* tree);
+void name_tree_init_parents(rbtree_type* tree);
/**
* Lookup exact match in name tree
@@ -124,7 +124,7 @@ void name_tree_init_parents(rbtree_t* tree);
* @param dclass: class of name
* @return node or NULL if not found.
*/
-struct name_tree_node* name_tree_find(rbtree_t* tree, uint8_t* name,
+struct name_tree_node* name_tree_find(rbtree_type* tree, uint8_t* name,
size_t len, int labs, uint16_t dclass);
/**
@@ -136,7 +136,7 @@ struct name_tree_node* name_tree_find(rbtree_t* tree, uint8_t* name,
* @param dclass: class of name
* @return closest enclosing node (could be equal) or NULL if not found.
*/
-struct name_tree_node* name_tree_lookup(rbtree_t* tree, uint8_t* name,
+struct name_tree_node* name_tree_lookup(rbtree_type* tree, uint8_t* name,
size_t len, int labs, uint16_t dclass);
/**
@@ -145,13 +145,13 @@ struct name_tree_node* name_tree_lookup(rbtree_t* tree, uint8_t* name,
* @param dclass: the class to look for next (or higher).
* @return false if no classes found, true means class put into c.
*/
-int name_tree_next_root(rbtree_t* tree, uint16_t* dclass);
+int name_tree_next_root(rbtree_type* tree, uint16_t* dclass);
/**
* Init addr tree to be empty.
* @param tree: to init.
*/
-void addr_tree_init(rbtree_t* tree);
+void addr_tree_init(rbtree_type* tree);
/**
* insert element into addr tree.
@@ -163,7 +163,7 @@ void addr_tree_init(rbtree_t* tree);
* @param net: size of subnet.
* @return false on error (duplicate element).
*/
-int addr_tree_insert(rbtree_t* tree, struct addr_tree_node* node,
+int addr_tree_insert(rbtree_type* tree, struct addr_tree_node* node,
struct sockaddr_storage* addr, socklen_t addrlen, int net);
/**
@@ -171,7 +171,7 @@ int addr_tree_insert(rbtree_t* tree, struct addr_tree_node* node,
* Should be performed after insertions are done, before lookups
* @param tree: addr tree
*/
-void addr_tree_init_parents(rbtree_t* tree);
+void addr_tree_init_parents(rbtree_type* tree);
/**
* Lookup closest encloser in addr tree.
@@ -180,7 +180,7 @@ void addr_tree_init_parents(rbtree_t* tree);
* @param addrlen: length of addr
* @return closest enclosing node (could be equal) or NULL if not found.
*/
-struct addr_tree_node* addr_tree_lookup(rbtree_t* tree,
+struct addr_tree_node* addr_tree_lookup(rbtree_type* tree,
struct sockaddr_storage* addr, socklen_t addrlen);
/**
@@ -191,7 +191,7 @@ struct addr_tree_node* addr_tree_lookup(rbtree_t* tree,
* @param net: size of subnet
* @return addr tree element, or NULL if not found.
*/
-struct addr_tree_node* addr_tree_find(rbtree_t* tree,
+struct addr_tree_node* addr_tree_find(rbtree_type* tree,
struct sockaddr_storage* addr, socklen_t addrlen, int net);
/** compare name tree nodes */
diff --git a/contrib/unbound/util/storage/lruhash.c b/contrib/unbound/util/storage/lruhash.c
index 2c987a2e5634..97e99960562d 100644
--- a/contrib/unbound/util/storage/lruhash.c
+++ b/contrib/unbound/util/storage/lruhash.c
@@ -59,9 +59,10 @@ bin_init(struct lruhash_bin* array, size_t size)
}
struct lruhash*
-lruhash_create(size_t start_size, size_t maxmem, lruhash_sizefunc_t sizefunc,
- lruhash_compfunc_t compfunc, lruhash_delkeyfunc_t delkeyfunc,
- lruhash_deldatafunc_t deldatafunc, void* arg)
+lruhash_create(size_t start_size, size_t maxmem,
+ lruhash_sizefunc_type sizefunc, lruhash_compfunc_type compfunc,
+ lruhash_delkeyfunc_type delkeyfunc,
+ lruhash_deldatafunc_type deldatafunc, void* arg)
{
struct lruhash* table = (struct lruhash*)calloc(1,
sizeof(struct lruhash));
@@ -215,7 +216,7 @@ reclaim_space(struct lruhash* table, struct lruhash_entry** list)
struct lruhash_entry*
bin_find_entry(struct lruhash* table,
- struct lruhash_bin* bin, hashvalue_t hash, void* key)
+ struct lruhash_bin* bin, hashvalue_type hash, void* key)
{
struct lruhash_entry* p = bin->overflow_list;
while(p) {
@@ -296,7 +297,7 @@ lru_touch(struct lruhash* table, struct lruhash_entry* entry)
}
void
-lruhash_insert(struct lruhash* table, hashvalue_t hash,
+lruhash_insert(struct lruhash* table, hashvalue_type hash,
struct lruhash_entry* entry, void* data, void* cb_arg)
{
struct lruhash_bin* bin;
@@ -352,7 +353,7 @@ lruhash_insert(struct lruhash* table, hashvalue_t hash,
}
struct lruhash_entry*
-lruhash_lookup(struct lruhash* table, hashvalue_t hash, void* key, int wr)
+lruhash_lookup(struct lruhash* table, hashvalue_type hash, void* key, int wr)
{
struct lruhash_entry* entry;
struct lruhash_bin* bin;
@@ -374,7 +375,7 @@ lruhash_lookup(struct lruhash* table, hashvalue_t hash, void* key, int wr)
}
void
-lruhash_remove(struct lruhash* table, hashvalue_t hash, void* key)
+lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key)
{
struct lruhash_entry* entry;
struct lruhash_bin* bin;
@@ -512,7 +513,7 @@ lruhash_get_mem(struct lruhash* table)
}
void
-lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_t md)
+lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_type md)
{
lock_quick_lock(&table->lock);
table->markdelfunc = md;
diff --git a/contrib/unbound/util/storage/lruhash.h b/contrib/unbound/util/storage/lruhash.h
index 30377d8e701e..c39374082328 100644
--- a/contrib/unbound/util/storage/lruhash.h
+++ b/contrib/unbound/util/storage/lruhash.h
@@ -116,7 +116,7 @@ struct lruhash_entry;
#define HASH_DEFAULT_MAXMEM 4*1024*1024 /* bytes */
/** the type of a hash value */
-typedef uint32_t hashvalue_t;
+typedef uint32_t hashvalue_type;
/**
* Type of function that calculates the size of an entry.
@@ -124,39 +124,39 @@ typedef uint32_t hashvalue_t;
* Keys that are identical must also calculate to the same size.
* size = func(key, data).
*/
-typedef size_t (*lruhash_sizefunc_t)(void*, void*);
+typedef size_t (*lruhash_sizefunc_type)(void*, void*);
/** type of function that compares two keys. return 0 if equal. */
-typedef int (*lruhash_compfunc_t)(void*, void*);
+typedef int (*lruhash_compfunc_type)(void*, void*);
/** old keys are deleted.
* The RRset type has to revoke its ID number, markdel() is used first.
* This function is called: func(key, userarg) */
-typedef void (*lruhash_delkeyfunc_t)(void*, void*);
+typedef void (*lruhash_delkeyfunc_type)(void*, void*);
/** old data is deleted. This function is called: func(data, userarg). */
-typedef void (*lruhash_deldatafunc_t)(void*, void*);
+typedef void (*lruhash_deldatafunc_type)(void*, void*);
/** mark a key as pending to be deleted (and not to be used by anyone).
* called: func(key) */
-typedef void (*lruhash_markdelfunc_t)(void*);
+typedef void (*lruhash_markdelfunc_type)(void*);
/**
* Hash table that keeps LRU list of entries.
*/
struct lruhash {
/** lock for exclusive access, to the lookup array */
- lock_quick_t lock;
+ lock_quick_type lock;
/** the size function for entries in this table */
- lruhash_sizefunc_t sizefunc;
+ lruhash_sizefunc_type sizefunc;
/** the compare function for entries in this table. */
- lruhash_compfunc_t compfunc;
+ lruhash_compfunc_type compfunc;
/** how to delete keys. */
- lruhash_delkeyfunc_t delkeyfunc;
+ lruhash_delkeyfunc_type delkeyfunc;
/** how to delete data. */
- lruhash_deldatafunc_t deldatafunc;
+ lruhash_deldatafunc_type deldatafunc;
/** how to mark a key pending deletion */
- lruhash_markdelfunc_t markdelfunc;
+ lruhash_markdelfunc_type markdelfunc;
/** user argument for user functions */
void* cb_arg;
@@ -188,7 +188,7 @@ struct lruhash_bin {
* Lock for exclusive access to the linked list
* This lock makes deletion of items safe in this overflow list.
*/
- lock_quick_t lock;
+ lock_quick_type lock;
/** linked list of overflow entries */
struct lruhash_entry* overflow_list;
};
@@ -207,7 +207,7 @@ struct lruhash_entry {
* Even with a writelock, you cannot change hash and key.
* You need to delete it to change hash or key.
*/
- lock_rw_t lock;
+ lock_rw_type lock;
/** next entry in overflow chain. Covered by hashlock and binlock. */
struct lruhash_entry* overflow_next;
/** next entry in lru chain. covered by hashlock. */
@@ -215,7 +215,7 @@ struct lruhash_entry {
/** prev entry in lru chain. covered by hashlock. */
struct lruhash_entry* lru_prev;
/** hash value of the key. It may not change, until entry deleted. */
- hashvalue_t hash;
+ hashvalue_type hash;
/** key */
void* key;
/** data */
@@ -236,9 +236,9 @@ struct lruhash_entry {
* @return: new hash table or NULL on malloc failure.
*/
struct lruhash* lruhash_create(size_t start_size, size_t maxmem,
- lruhash_sizefunc_t sizefunc, lruhash_compfunc_t compfunc,
- lruhash_delkeyfunc_t delkeyfunc, lruhash_deldatafunc_t deldatafunc,
- void* arg);
+ lruhash_sizefunc_type sizefunc, lruhash_compfunc_type compfunc,
+ lruhash_delkeyfunc_type delkeyfunc,
+ lruhash_deldatafunc_type deldatafunc, void* arg);
/**
* Delete hash table. Entries are all deleted.
@@ -269,7 +269,7 @@ void lruhash_clear(struct lruhash* table);
* @param data: the data.
* @param cb_override: if not null overrides the cb_arg for the deletefunc.
*/
-void lruhash_insert(struct lruhash* table, hashvalue_t hash,
+void lruhash_insert(struct lruhash* table, hashvalue_type hash,
struct lruhash_entry* entry, void* data, void* cb_override);
/**
@@ -285,8 +285,8 @@ void lruhash_insert(struct lruhash* table, hashvalue_t hash,
* @return: pointer to the entry or NULL. The entry is locked.
* The user must unlock the entry when done.
*/
-struct lruhash_entry* lruhash_lookup(struct lruhash* table, hashvalue_t hash,
- void* key, int wr);
+struct lruhash_entry* lruhash_lookup(struct lruhash* table,
+ hashvalue_type hash, void* key, int wr);
/**
* Touch entry, so it becomes the most recently used in the LRU list.
@@ -299,7 +299,7 @@ void lru_touch(struct lruhash* table, struct lruhash_entry* entry);
/**
* Set the markdelfunction (or NULL)
*/
-void lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_t md);
+void lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_type md);
/************************* Internal functions ************************/
/*** these are only exposed for unit tests. ***/
@@ -311,7 +311,7 @@ void lruhash_setmarkdel(struct lruhash* table, lruhash_markdelfunc_t md);
* @param hash: hash of key.
* @param key: what to look for.
*/
-void lruhash_remove(struct lruhash* table, hashvalue_t hash, void* key);
+void lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key);
/** init the hash bins for the table */
void bin_init(struct lruhash_bin* array, size_t size);
@@ -328,7 +328,7 @@ void bin_delete(struct lruhash* table, struct lruhash_bin* bin);
* @return: the entry or NULL if not found.
*/
struct lruhash_entry* bin_find_entry(struct lruhash* table,
- struct lruhash_bin* bin, hashvalue_t hash, void* key);
+ struct lruhash_bin* bin, hashvalue_type hash, void* key);
/**
* Remove entry from bin overflow chain.
diff --git a/contrib/unbound/util/storage/slabhash.c b/contrib/unbound/util/storage/slabhash.c
index 0618b4c7295c..ae63b97727ee 100644
--- a/contrib/unbound/util/storage/slabhash.c
+++ b/contrib/unbound/util/storage/slabhash.c
@@ -46,9 +46,9 @@
#include "util/storage/slabhash.h"
struct slabhash* slabhash_create(size_t numtables, size_t start_size,
- size_t maxmem, lruhash_sizefunc_t sizefunc,
- lruhash_compfunc_t compfunc, lruhash_delkeyfunc_t delkeyfunc,
- lruhash_deldatafunc_t deldatafunc, void* arg)
+ size_t maxmem, lruhash_sizefunc_type sizefunc,
+ lruhash_compfunc_type compfunc, lruhash_delkeyfunc_type delkeyfunc,
+ lruhash_deldatafunc_type deldatafunc, void* arg)
{
size_t i;
struct slabhash* sl = (struct slabhash*)calloc(1,
@@ -108,24 +108,24 @@ void slabhash_clear(struct slabhash* sl)
/** helper routine to calculate the slabhash index */
static unsigned int
-slab_idx(struct slabhash* sl, hashvalue_t hash)
+slab_idx(struct slabhash* sl, hashvalue_type hash)
{
return ((hash & sl->mask) >> sl->shift);
}
-void slabhash_insert(struct slabhash* sl, hashvalue_t hash,
+void slabhash_insert(struct slabhash* sl, hashvalue_type hash,
struct lruhash_entry* entry, void* data, void* arg)
{
lruhash_insert(sl->array[slab_idx(sl, hash)], hash, entry, data, arg);
}
struct lruhash_entry* slabhash_lookup(struct slabhash* sl,
- hashvalue_t hash, void* key, int wr)
+ hashvalue_type hash, void* key, int wr)
{
return lruhash_lookup(sl->array[slab_idx(sl, hash)], hash, key, wr);
}
-void slabhash_remove(struct slabhash* sl, hashvalue_t hash, void* key)
+void slabhash_remove(struct slabhash* sl, hashvalue_type hash, void* key)
{
lruhash_remove(sl->array[slab_idx(sl, hash)], hash, key);
}
@@ -163,7 +163,7 @@ size_t slabhash_get_mem(struct slabhash* sl)
return total;
}
-struct lruhash* slabhash_gettable(struct slabhash* sl, hashvalue_t hash)
+struct lruhash* slabhash_gettable(struct slabhash* sl, hashvalue_type hash)
{
return sl->array[slab_idx(sl, hash)];
}
@@ -202,7 +202,7 @@ void test_slabhash_deldata(void* data, void* ATTR_UNUSED(arg))
deldata((struct slabhash_testdata*)data);
}
-void slabhash_setmarkdel(struct slabhash* sl, lruhash_markdelfunc_t md)
+void slabhash_setmarkdel(struct slabhash* sl, lruhash_markdelfunc_type md)
{
size_t i;
for(i=0; i<sl->size; i++) {
diff --git a/contrib/unbound/util/storage/slabhash.h b/contrib/unbound/util/storage/slabhash.h
index 031a9da0fac6..d00983fc1552 100644
--- a/contrib/unbound/util/storage/slabhash.h
+++ b/contrib/unbound/util/storage/slabhash.h
@@ -80,9 +80,9 @@ struct slabhash {
* @return: new hash table or NULL on malloc failure.
*/
struct slabhash* slabhash_create(size_t numtables, size_t start_size,
- size_t maxmem, lruhash_sizefunc_t sizefunc,
- lruhash_compfunc_t compfunc, lruhash_delkeyfunc_t delkeyfunc,
- lruhash_deldatafunc_t deldatafunc, void* arg);
+ size_t maxmem, lruhash_sizefunc_type sizefunc,
+ lruhash_compfunc_type compfunc, lruhash_delkeyfunc_type delkeyfunc,
+ lruhash_deldatafunc_type deldatafunc, void* arg);
/**
* Delete hash table. Entries are all deleted.
@@ -109,7 +109,7 @@ void slabhash_clear(struct slabhash* table);
* @param data: the data.
* @param cb_override: if not NULL overrides the cb_arg for deletfunc.
*/
-void slabhash_insert(struct slabhash* table, hashvalue_t hash,
+void slabhash_insert(struct slabhash* table, hashvalue_type hash,
struct lruhash_entry* entry, void* data, void* cb_override);
/**
@@ -126,7 +126,7 @@ void slabhash_insert(struct slabhash* table, hashvalue_t hash,
* The user must unlock the entry when done.
*/
struct lruhash_entry* slabhash_lookup(struct slabhash* table,
- hashvalue_t hash, void* key, int wr);
+ hashvalue_type hash, void* key, int wr);
/**
* Remove entry from hashtable. Does nothing if not found in hashtable.
@@ -135,7 +135,7 @@ struct lruhash_entry* slabhash_lookup(struct slabhash* table,
* @param hash: hash of key.
* @param key: what to look for.
*/
-void slabhash_remove(struct slabhash* table, hashvalue_t hash, void* key);
+void slabhash_remove(struct slabhash* table, hashvalue_type hash, void* key);
/**
* Output debug info to the log as to state of the hash table.
@@ -165,14 +165,14 @@ size_t slabhash_get_mem(struct slabhash* table);
* @param hash: hash value.
* @return the lru hash table.
*/
-struct lruhash* slabhash_gettable(struct slabhash* table, hashvalue_t hash);
+struct lruhash* slabhash_gettable(struct slabhash* table, hashvalue_type hash);
/**
* Set markdel function
* @param table: slabbed hash table.
* @param md: markdel function ptr.
*/
-void slabhash_setmarkdel(struct slabhash* table, lruhash_markdelfunc_t md);
+void slabhash_setmarkdel(struct slabhash* table, lruhash_markdelfunc_type md);
/**
* Traverse a slabhash.
diff --git a/contrib/unbound/util/tube.c b/contrib/unbound/util/tube.c
index e525f1ccd8aa..f42d22cb3f20 100644
--- a/contrib/unbound/util/tube.c
+++ b/contrib/unbound/util/tube.c
@@ -426,7 +426,7 @@ int tube_read_fd(struct tube* tube)
}
int tube_setup_bg_listen(struct tube* tube, struct comm_base* base,
- tube_callback_t* cb, void* arg)
+ tube_callback_type* cb, void* arg)
{
tube->listen_cb = cb;
tube->listen_arg = arg;
@@ -667,7 +667,7 @@ tube_handle_write(struct comm_point* ATTR_UNUSED(c), void* ATTR_UNUSED(arg),
}
int tube_setup_bg_listen(struct tube* tube, struct comm_base* base,
- tube_callback_t* cb, void* arg)
+ tube_callback_type* cb, void* arg)
{
tube->listen_cb = cb;
tube->listen_arg = arg;
diff --git a/contrib/unbound/util/tube.h b/contrib/unbound/util/tube.h
index 7971b776ae1f..5b1fdb8e8f46 100644
--- a/contrib/unbound/util/tube.h
+++ b/contrib/unbound/util/tube.h
@@ -55,7 +55,7 @@ struct tube_res_list;
* void mycallback(tube, msg, len, error, user_argument);
* if error is true (NETEVENT_*), msg is probably NULL.
*/
-typedef void tube_callback_t(struct tube*, uint8_t*, size_t, int, void*);
+typedef void tube_callback_type(struct tube*, uint8_t*, size_t, int, void*);
/**
* A pipe
@@ -70,7 +70,7 @@ struct tube {
/** listen commpoint */
struct comm_point* listen_com;
/** listen callback */
- tube_callback_t* listen_cb;
+ tube_callback_type* listen_cb;
/** listen callback user arg */
void* listen_arg;
/** are we currently reading a command, 0 if not, else bytecount */
@@ -92,7 +92,7 @@ struct tube {
#else /* USE_WINSOCK */
/** listen callback */
- tube_callback_t* listen_cb;
+ tube_callback_type* listen_cb;
/** listen callback user arg */
void* listen_arg;
/** the windows sockets event (signaled if items in pipe) */
@@ -101,7 +101,7 @@ struct tube {
struct ub_event* ev_listen;
/** lock on the list of outstanding items */
- lock_basic_t res_lock;
+ lock_basic_type res_lock;
/** list of outstanding results on pipe */
struct tube_res_list* res_list;
/** last in list */
@@ -222,7 +222,7 @@ int tube_read_fd(struct tube* tube);
* @return true if successful, false on error.
*/
int tube_setup_bg_listen(struct tube* tube, struct comm_base* base,
- tube_callback_t* cb, void* arg);
+ tube_callback_type* cb, void* arg);
/**
* Remove bg listen setup from event base.
diff --git a/contrib/unbound/util/winsock_event.c b/contrib/unbound/util/winsock_event.c
index 9aad27edc0bc..63d98796d19f 100644
--- a/contrib/unbound/util/winsock_event.c
+++ b/contrib/unbound/util/winsock_event.c
@@ -169,7 +169,7 @@ static void handle_timeouts(struct event_base* base, struct timeval* now,
#endif
verbose(VERB_CLIENT, "winsock_event handle_timeouts");
- while((rbnode_t*)(p = (struct event*)rbtree_first(base->times))
+ while((rbnode_type*)(p = (struct event*)rbtree_first(base->times))
!=RBTREE_NULL) {
#ifndef S_SPLINT_S
if(p->ev_timeout.tv_sec > now->tv_sec ||
diff --git a/contrib/unbound/util/winsock_event.h b/contrib/unbound/util/winsock_event.h
index d386a699fa52..d6dafac8c5c0 100644
--- a/contrib/unbound/util/winsock_event.h
+++ b/contrib/unbound/util/winsock_event.h
@@ -132,7 +132,7 @@
struct event_base
{
/** sorted by timeout (absolute), ptr */
- rbtree_t* times;
+ rbtree_type* times;
/** array (first part in use) of handles to work on */
struct event** items;
/** number of items in use in array */
@@ -169,7 +169,7 @@ struct event_base
*/
struct event {
/** node in timeout rbtree */
- rbnode_t node;
+ rbnode_type node;
/** is event already added */
int added;
diff --git a/contrib/unbound/validator/autotrust.c b/contrib/unbound/validator/autotrust.c
index 416f48fa986d..a533733c7a67 100644
--- a/contrib/unbound/validator/autotrust.c
+++ b/contrib/unbound/validator/autotrust.c
@@ -1064,7 +1064,7 @@ int autr_read_file(struct val_anchors* anchors, const char* nm)
/** string for a trustanchor state */
static const char*
-trustanchor_state2str(autr_state_t s)
+trustanchor_state2str(autr_state_type s)
{
switch (s) {
case AUTR_STATE_START: return " START ";
@@ -1571,11 +1571,6 @@ key_matches_a_ds(struct module_env* env, struct val_env* ve,
verbose(VERB_ALGO, "DS match attempt failed");
continue;
}
- /* match of hash is sufficient for bootstrap of trust point */
- (void)reason;
- (void)ve;
- return 1;
- /* no need to check RRSIG, DS hash already matched with source
if(dnskey_verify_rrset(env, ve, dnskey_rrset,
dnskey_rrset, key_idx, &reason) == sec_status_secure) {
return 1;
@@ -1583,7 +1578,6 @@ key_matches_a_ds(struct module_env* env, struct val_env* ve,
verbose(VERB_ALGO, "DS match failed because the key "
"does not verify the keyset: %s", reason);
}
- */
}
return 0;
}
@@ -1685,7 +1679,7 @@ reset_holddown(struct module_env* env, struct autr_ta* ta, int* changed)
/** Set the state for this trust anchor */
static void
set_trustanchor_state(struct module_env* env, struct autr_ta* ta, int* changed,
- autr_state_t s)
+ autr_state_type s)
{
verbose_key(ta, VERB_ALGO, "update: %s to %s",
trustanchor_state2str(ta->s), trustanchor_state2str(s));
@@ -1995,7 +1989,7 @@ calc_next_probe(struct module_env* env, time_t wait)
static time_t
wait_probe_time(struct val_anchors* anchors)
{
- rbnode_t* t = rbtree_first(&anchors->autr->probe);
+ rbnode_type* t = rbtree_first(&anchors->autr->probe);
if(t != RBTREE_NULL)
return ((struct trust_anchor*)t->key)->autr->next_probe_time;
return 0;
@@ -2369,7 +2363,7 @@ static struct trust_anchor*
todo_probe(struct module_env* env, time_t* next)
{
struct trust_anchor* tp;
- rbnode_t* el;
+ rbnode_type* el;
/* get first one */
lock_basic_lock(&env->anchors->lock);
if( (el=rbtree_first(&env->anchors->autr->probe)) == RBTREE_NULL) {
diff --git a/contrib/unbound/validator/autotrust.h b/contrib/unbound/validator/autotrust.h
index ae61f8a872b4..dbaf5126a0b8 100644
--- a/contrib/unbound/validator/autotrust.h
+++ b/contrib/unbound/validator/autotrust.h
@@ -58,7 +58,7 @@ typedef enum {
AUTR_STATE_MISSING = 3,
AUTR_STATE_REVOKED = 4,
AUTR_STATE_REMOVED = 5
-} autr_state_t;
+} autr_state_type;
/**
* Autotrust metadata for one trust anchor key.
@@ -73,7 +73,7 @@ struct autr_ta {
/** last update of key state (new pending count keeps date the same) */
time_t last_change;
/** 5011 state */
- autr_state_t s;
+ autr_state_type s;
/** pending count */
uint8_t pending_count;
/** fresh TA was seen */
@@ -90,7 +90,7 @@ struct autr_point_data {
/** file to store the trust point in. chrootdir already applied. */
char* file;
/** rbtree node for probe sort, key is struct trust_anchor */
- rbnode_t pnode;
+ rbnode_type pnode;
/** the keys */
struct autr_ta* keys;
@@ -126,7 +126,7 @@ struct autr_point_data {
struct autr_global_data {
/** rbtree of autotrust anchors sorted by next probe time.
* When time is equal, sorted by anchor class, name. */
- rbtree_t probe;
+ rbtree_type probe;
};
/**
diff --git a/contrib/unbound/validator/val_anchor.c b/contrib/unbound/validator/val_anchor.c
index 4d470b69227d..2a7e0beeb6c5 100644
--- a/contrib/unbound/validator/val_anchor.c
+++ b/contrib/unbound/validator/val_anchor.c
@@ -113,7 +113,7 @@ assembled_rrset_delete(struct ub_packed_rrset_key* pkey)
/** destroy locks in tree and delete autotrust anchors */
static void
-anchors_delfunc(rbnode_t* elem, void* ATTR_UNUSED(arg))
+anchors_delfunc(rbnode_type* elem, void* ATTR_UNUSED(arg))
{
struct trust_anchor* ta = (struct trust_anchor*)elem;
if(!ta) return;
@@ -198,7 +198,7 @@ anchor_find(struct val_anchors* anchors, uint8_t* name, int namelabs,
size_t namelen, uint16_t dclass)
{
struct trust_anchor key;
- rbnode_t* n;
+ rbnode_type* n;
if(!name) return NULL;
key.node.key = &key;
key.name = name;
@@ -222,7 +222,7 @@ anchor_new_ta(struct val_anchors* anchors, uint8_t* name, int namelabs,
size_t namelen, uint16_t dclass, int lockit)
{
#ifdef UNBOUND_DEBUG
- rbnode_t* r;
+ rbnode_type* r;
#endif
struct trust_anchor* ta = (struct trust_anchor*)malloc(
sizeof(struct trust_anchor));
@@ -990,7 +990,7 @@ anchors_assemble_rrsets(struct val_anchors* anchors)
size_t nods, nokey;
lock_basic_lock(&anchors->lock);
ta=(struct trust_anchor*)rbtree_first(anchors->tree);
- while((rbnode_t*)ta != RBTREE_NULL) {
+ while((rbnode_type*)ta != RBTREE_NULL) {
next = (struct trust_anchor*)rbtree_next(&ta->node);
lock_basic_lock(&ta->lock);
if(ta->autr || (ta->numDS == 0 && ta->numDNSKEY == 0)) {
@@ -1164,7 +1164,7 @@ anchors_lookup(struct val_anchors* anchors,
{
struct trust_anchor key;
struct trust_anchor* result;
- rbnode_t* res = NULL;
+ rbnode_type* res = NULL;
key.node.key = &key;
key.name = qname;
key.namelabs = dname_count_labels(qname);
diff --git a/contrib/unbound/validator/val_anchor.h b/contrib/unbound/validator/val_anchor.h
index 4951b9996cb0..226165514c5a 100644
--- a/contrib/unbound/validator/val_anchor.h
+++ b/contrib/unbound/validator/val_anchor.h
@@ -59,14 +59,14 @@ struct sldns_buffer;
*/
struct val_anchors {
/** lock on trees */
- lock_basic_t lock;
+ lock_basic_type lock;
/**
* Anchors are store in this tree. Sort order is chosen, so that
* dnames are in nsec-like order. A lookup on class, name will return
* an exact match of the closest match, with the ancestor needed.
* contents of type trust_anchor.
*/
- rbtree_t* tree;
+ rbtree_type* tree;
/** The DLV trust anchor (if one is configured, else NULL) */
struct trust_anchor* dlv_anchor;
/** Autotrust global data, anchors sorted by next probe time */
@@ -93,9 +93,9 @@ struct ta_key {
*/
struct trust_anchor {
/** rbtree node, key is this structure */
- rbnode_t node;
+ rbnode_type node;
/** lock on the entire anchor and its keys; for autotrust changes */
- lock_basic_t lock;
+ lock_basic_type lock;
/** name of this trust anchor */
uint8_t* name;
/** length of name */
diff --git a/contrib/unbound/validator/val_neg.c b/contrib/unbound/validator/val_neg.c
index 272c5e027ac7..fe57ac2c442e 100644
--- a/contrib/unbound/validator/val_neg.c
+++ b/contrib/unbound/validator/val_neg.c
@@ -111,7 +111,7 @@ size_t val_neg_get_mem(struct val_neg_cache* neg)
/** clear datas on cache deletion */
static void
-neg_clear_datas(rbnode_t* n, void* ATTR_UNUSED(arg))
+neg_clear_datas(rbnode_type* n, void* ATTR_UNUSED(arg))
{
struct val_neg_data* d = (struct val_neg_data*)n;
free(d->name);
@@ -120,7 +120,7 @@ neg_clear_datas(rbnode_t* n, void* ATTR_UNUSED(arg))
/** clear zones on cache deletion */
static void
-neg_clear_zones(rbnode_t* n, void* ATTR_UNUSED(arg))
+neg_clear_zones(rbnode_type* n, void* ATTR_UNUSED(arg))
{
struct val_neg_zone* z = (struct val_neg_zone*)n;
/* delete all the rrset entries in the tree */
@@ -371,7 +371,7 @@ static struct val_neg_zone* neg_closest_zone_parent(struct val_neg_cache* neg,
{
struct val_neg_zone key;
struct val_neg_zone* result;
- rbnode_t* res = NULL;
+ rbnode_type* res = NULL;
key.node.key = &key;
key.name = nm;
key.len = nm_len;
@@ -411,7 +411,7 @@ static struct val_neg_data* neg_closest_data_parent(
{
struct val_neg_data key;
struct val_neg_data* result;
- rbnode_t* res = NULL;
+ rbnode_type* res = NULL;
key.node.key = &key;
key.name = nm;
key.len = nm_len;
@@ -677,7 +677,7 @@ static void wipeout(struct val_neg_cache* neg, struct val_neg_zone* zone,
uint8_t* end;
size_t end_len;
int end_labs, m;
- rbnode_t* walk, *next;
+ rbnode_type* walk, *next;
struct val_neg_data* cur;
uint8_t buf[257];
/* get endpoint */
@@ -911,7 +911,7 @@ static int neg_closest_data(struct val_neg_zone* zone,
uint8_t* qname, size_t len, int labs, struct val_neg_data** data)
{
struct val_neg_data key;
- rbnode_t* r;
+ rbnode_type* r;
key.node.key = &key;
key.name = qname;
key.len = len;
diff --git a/contrib/unbound/validator/val_neg.h b/contrib/unbound/validator/val_neg.h
index bf3a2471c784..6ae71306c378 100644
--- a/contrib/unbound/validator/val_neg.h
+++ b/contrib/unbound/validator/val_neg.h
@@ -67,9 +67,9 @@ struct ub_packed_rrset_key;
struct val_neg_cache {
/** the big lock on the negative cache. Because we use a rbtree
* for the data (quick lookup), we need a big lock */
- lock_basic_t lock;
+ lock_basic_type lock;
/** The zone rbtree. contents sorted canonical, type val_neg_zone */
- rbtree_t tree;
+ rbtree_type tree;
/** the first in linked list of LRU of val_neg_data */
struct val_neg_data* first;
/** last in lru (least recently used element) */
@@ -87,7 +87,7 @@ struct val_neg_cache {
*/
struct val_neg_zone {
/** rbtree node element, key is this struct: the name, class */
- rbnode_t node;
+ rbnode_type node;
/** name; the key */
uint8_t* name;
/** length of name */
@@ -114,7 +114,7 @@ struct val_neg_zone {
/** tree of NSEC data for this zone, sorted canonical
* by NSEC owner name */
- rbtree_t tree;
+ rbtree_type tree;
/** class of node; host order */
uint16_t dclass;
@@ -135,7 +135,7 @@ struct val_neg_zone {
*/
struct val_neg_data {
/** rbtree node element, key is this struct: the name */
- rbnode_t node;
+ rbnode_type node;
/** name; the key */
uint8_t* name;
/** length of name */
diff --git a/contrib/unbound/validator/val_nsec3.c b/contrib/unbound/validator/val_nsec3.c
index cd850c098248..4d978372aaac 100644
--- a/contrib/unbound/validator/val_nsec3.c
+++ b/contrib/unbound/validator/val_nsec3.c
@@ -623,14 +623,14 @@ nsec3_calc_b32(struct regional* region, sldns_buffer* buf,
}
int
-nsec3_hash_name(rbtree_t* table, struct regional* region, sldns_buffer* buf,
+nsec3_hash_name(rbtree_type* table, struct regional* region, sldns_buffer* buf,
struct ub_packed_rrset_key* nsec3, int rr, uint8_t* dname,
size_t dname_len, struct nsec3_cached_hash** hash)
{
struct nsec3_cached_hash* c;
struct nsec3_cached_hash looki;
#ifdef UNBOUND_DEBUG
- rbnode_t* n;
+ rbnode_type* n;
#endif
int r;
looki.node.key = &looki;
@@ -730,7 +730,7 @@ nsec3_hash_matches_owner(struct nsec3_filter* flt,
*/
static int
find_matching_nsec3(struct module_env* env, struct nsec3_filter* flt,
- rbtree_t* ct, uint8_t* nm, size_t nmlen,
+ rbtree_type* ct, uint8_t* nm, size_t nmlen,
struct ub_packed_rrset_key** rrset, int* rr)
{
size_t i_rs;
@@ -823,7 +823,7 @@ nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash,
*/
static int
find_covering_nsec3(struct module_env* env, struct nsec3_filter* flt,
- rbtree_t* ct, uint8_t* nm, size_t nmlen,
+ rbtree_type* ct, uint8_t* nm, size_t nmlen,
struct ub_packed_rrset_key** rrset, int* rr)
{
size_t i_rs;
@@ -869,7 +869,7 @@ find_covering_nsec3(struct module_env* env, struct nsec3_filter* flt,
*/
static int
nsec3_find_closest_encloser(struct module_env* env, struct nsec3_filter* flt,
- rbtree_t* ct, struct query_info* qinfo, struct ce_response* ce)
+ rbtree_type* ct, struct query_info* qinfo, struct ce_response* ce)
{
uint8_t* nm = qinfo->qname;
size_t nmlen = qinfo->qname_len;
@@ -936,7 +936,7 @@ next_closer(uint8_t* qname, size_t qnamelen, uint8_t* ce,
*/
static enum sec_status
nsec3_prove_closest_encloser(struct module_env* env, struct nsec3_filter* flt,
- rbtree_t* ct, struct query_info* qinfo, int prove_does_not_exist,
+ rbtree_type* ct, struct query_info* qinfo, int prove_does_not_exist,
struct ce_response* ce)
{
uint8_t* nc;
@@ -1016,7 +1016,7 @@ nsec3_ce_wildcard(struct regional* region, uint8_t* ce, size_t celen,
/** Do the name error proof */
static enum sec_status
nsec3_do_prove_nameerror(struct module_env* env, struct nsec3_filter* flt,
- rbtree_t* ct, struct query_info* qinfo)
+ rbtree_type* ct, struct query_info* qinfo)
{
struct ce_response ce;
uint8_t* wc;
@@ -1062,7 +1062,7 @@ nsec3_prove_nameerror(struct module_env* env, struct val_env* ve,
struct ub_packed_rrset_key** list, size_t num,
struct query_info* qinfo, struct key_entry_key* kkey)
{
- rbtree_t ct;
+ rbtree_type ct;
struct nsec3_filter flt;
if(!list || num == 0 || !kkey || !key_entry_isgood(kkey))
@@ -1086,7 +1086,7 @@ nsec3_prove_nameerror(struct module_env* env, struct val_env* ve,
/** Do the nodata proof */
static enum sec_status
nsec3_do_prove_nodata(struct module_env* env, struct nsec3_filter* flt,
- rbtree_t* ct, struct query_info* qinfo)
+ rbtree_type* ct, struct query_info* qinfo)
{
struct ce_response ce;
uint8_t* wc;
@@ -1221,7 +1221,7 @@ nsec3_prove_nodata(struct module_env* env, struct val_env* ve,
struct ub_packed_rrset_key** list, size_t num,
struct query_info* qinfo, struct key_entry_key* kkey)
{
- rbtree_t ct;
+ rbtree_type ct;
struct nsec3_filter flt;
if(!list || num == 0 || !kkey || !key_entry_isgood(kkey))
@@ -1240,7 +1240,7 @@ nsec3_prove_wildcard(struct module_env* env, struct val_env* ve,
struct ub_packed_rrset_key** list, size_t num,
struct query_info* qinfo, struct key_entry_key* kkey, uint8_t* wc)
{
- rbtree_t ct;
+ rbtree_type ct;
struct nsec3_filter flt;
struct ce_response ce;
uint8_t* nc;
@@ -1314,7 +1314,7 @@ nsec3_prove_nods(struct module_env* env, struct val_env* ve,
struct ub_packed_rrset_key** list, size_t num,
struct query_info* qinfo, struct key_entry_key* kkey, char** reason)
{
- rbtree_t ct;
+ rbtree_type ct;
struct nsec3_filter flt;
struct ce_response ce;
struct ub_packed_rrset_key* rrset;
@@ -1403,7 +1403,7 @@ nsec3_prove_nxornodata(struct module_env* env, struct val_env* ve,
struct query_info* qinfo, struct key_entry_key* kkey, int* nodata)
{
enum sec_status sec, secnx;
- rbtree_t ct;
+ rbtree_type ct;
struct nsec3_filter flt;
*nodata = 0;
diff --git a/contrib/unbound/validator/val_nsec3.h b/contrib/unbound/validator/val_nsec3.h
index 69ba78d8323b..27e9f9eac192 100644
--- a/contrib/unbound/validator/val_nsec3.h
+++ b/contrib/unbound/validator/val_nsec3.h
@@ -224,7 +224,7 @@ nsec3_prove_nxornodata(struct module_env* env, struct val_env* ve,
*/
struct nsec3_cached_hash {
/** rbtree node, key is this structure */
- rbnode_t node;
+ rbnode_type node;
/** where are the parameters for conversion, in this rrset data */
struct ub_packed_rrset_key* nsec3;
/** where are the parameters for conversion, this RR number in data */
@@ -271,7 +271,7 @@ int nsec3_hash_cmp(const void* c1, const void* c2);
* 0 on a malloc failure.
* -1 if the NSEC3 rr was badly formatted (i.e. formerr).
*/
-int nsec3_hash_name(rbtree_t* table, struct regional* region,
+int nsec3_hash_name(rbtree_type* table, struct regional* region,
struct sldns_buffer* buf, struct ub_packed_rrset_key* nsec3, int rr,
uint8_t* dname, size_t dname_len, struct nsec3_cached_hash** hash);
diff --git a/contrib/unbound/validator/val_secalgo.c b/contrib/unbound/validator/val_secalgo.c
index f117f7f7336a..302820fc2f97 100644
--- a/contrib/unbound/validator/val_secalgo.c
+++ b/contrib/unbound/validator/val_secalgo.c
@@ -1387,7 +1387,7 @@ _verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock,
unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
{
uint8_t digest[SHA1_DIGEST_SIZE];
- uint8_t key_t;
+ uint8_t key_t_value;
int res = 0;
size_t offset;
struct dsa_public_key pubkey;
@@ -1426,8 +1426,8 @@ _verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock,
}
/* Validate T values constraints - RFC 2536 sec. 2 & sec. 3 */
- key_t = key[0];
- if (key_t > 8) {
+ key_t_value = key[0];
+ if (key_t_value > 8) {
return "invalid T value in DSA pubkey";
}
@@ -1438,9 +1438,9 @@ _verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock,
expected_len = 1 + /* T */
20 + /* Q */
- (64 + key_t*8) + /* P */
- (64 + key_t*8) + /* G */
- (64 + key_t*8); /* Y */
+ (64 + key_t_value*8) + /* P */
+ (64 + key_t_value*8) + /* G */
+ (64 + key_t_value*8); /* Y */
if (keylen != expected_len ) {
return "invalid DSA pubkey length";
}
@@ -1450,11 +1450,11 @@ _verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock,
offset = 1;
nettle_mpz_set_str_256_u(pubkey.q, 20, key+offset);
offset += 20;
- nettle_mpz_set_str_256_u(pubkey.p, (64 + key_t*8), key+offset);
- offset += (64 + key_t*8);
- nettle_mpz_set_str_256_u(pubkey.g, (64 + key_t*8), key+offset);
- offset += (64 + key_t*8);
- nettle_mpz_set_str_256_u(pubkey.y, (64 + key_t*8), key+offset);
+ nettle_mpz_set_str_256_u(pubkey.p, (64 + key_t_value*8), key+offset);
+ offset += (64 + key_t_value*8);
+ nettle_mpz_set_str_256_u(pubkey.g, (64 + key_t_value*8), key+offset);
+ offset += (64 + key_t_value*8);
+ nettle_mpz_set_str_256_u(pubkey.y, (64 + key_t_value*8), key+offset);
/* Digest content of "buf" and verify its DSA signature in "sigblock"*/
res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf),
diff --git a/contrib/unbound/validator/val_sigcrypt.c b/contrib/unbound/validator/val_sigcrypt.c
index c79a73d2a1cc..b0b2e970ff25 100644
--- a/contrib/unbound/validator/val_sigcrypt.c
+++ b/contrib/unbound/validator/val_sigcrypt.c
@@ -483,7 +483,7 @@ dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve,
{
enum sec_status sec;
size_t i, num;
- rbtree_t* sortree = NULL;
+ rbtree_type* sortree = NULL;
/* make sure that for all DNSKEY algorithms there are valid sigs */
struct algo_needs needs;
int alg;
@@ -551,7 +551,7 @@ dnskey_verify_rrset(struct module_env* env, struct val_env* ve,
{
enum sec_status sec;
size_t i, num, numchecked = 0;
- rbtree_t* sortree = NULL;
+ rbtree_type* sortree = NULL;
int buf_canon = 0;
uint16_t tag = dnskey_calc_keytag(dnskey, dnskey_idx);
int algo = dnskey_get_algo(dnskey, dnskey_idx);
@@ -585,7 +585,7 @@ enum sec_status
dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve,
time_t now, struct ub_packed_rrset_key* rrset,
struct ub_packed_rrset_key* dnskey, size_t sig_idx,
- struct rbtree_t** sortree, char** reason)
+ struct rbtree_type** sortree, char** reason)
{
/* find matching keys and check them */
enum sec_status sec = sec_status_bogus;
@@ -627,7 +627,7 @@ dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve,
*/
struct canon_rr {
/** rbtree node, key is this structure */
- rbnode_t node;
+ rbnode_type node;
/** rrset the RR is in */
struct ub_packed_rrset_key* rrset;
/** which RR in the rrset */
@@ -885,7 +885,7 @@ canonical_tree_compare(const void* k1, const void* k2)
*/
static void
canonical_sort(struct ub_packed_rrset_key* rrset, struct packed_rrset_data* d,
- rbtree_t* sortree, struct canon_rr* rrs)
+ rbtree_type* sortree, struct canon_rr* rrs)
{
size_t i;
/* insert into rbtree to sort and detect duplicates */
@@ -1043,7 +1043,7 @@ canonicalize_rdata(sldns_buffer* buf, struct ub_packed_rrset_key* rrset,
int rrset_canonical_equal(struct regional* region,
struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2)
{
- struct rbtree_t sortree1, sortree2;
+ struct rbtree_type sortree1, sortree2;
struct canon_rr *rrs1, *rrs2, *p1, *p2;
struct packed_rrset_data* d1=(struct packed_rrset_data*)k1->entry.data;
struct packed_rrset_data* d2=(struct packed_rrset_data*)k2->entry.data;
@@ -1120,7 +1120,7 @@ int rrset_canonical_equal(struct regional* region,
static int
rrset_canonical(struct regional* region, sldns_buffer* buf,
struct ub_packed_rrset_key* k, uint8_t* sig, size_t siglen,
- struct rbtree_t** sortree)
+ struct rbtree_type** sortree)
{
struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
uint8_t* can_owner = NULL;
@@ -1129,8 +1129,8 @@ rrset_canonical(struct regional* region, sldns_buffer* buf,
struct canon_rr* rrs;
if(!*sortree) {
- *sortree = (struct rbtree_t*)regional_alloc(region,
- sizeof(rbtree_t));
+ *sortree = (struct rbtree_type*)regional_alloc(region,
+ sizeof(rbtree_type));
if(!*sortree)
return 0;
if(d->count > RR_COUNT_MAX)
@@ -1312,7 +1312,7 @@ dnskey_verify_rrset_sig(struct regional* region, sldns_buffer* buf,
struct val_env* ve, time_t now,
struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
size_t dnskey_idx, size_t sig_idx,
- struct rbtree_t** sortree, int* buf_canon, char** reason)
+ struct rbtree_type** sortree, int* buf_canon, char** reason)
{
enum sec_status sec;
uint8_t* sig; /* RRSIG rdata */
diff --git a/contrib/unbound/validator/val_sigcrypt.h b/contrib/unbound/validator/val_sigcrypt.h
index 68aa9a445ae8..5a975acff4da 100644
--- a/contrib/unbound/validator/val_sigcrypt.h
+++ b/contrib/unbound/validator/val_sigcrypt.h
@@ -47,7 +47,7 @@
struct val_env;
struct module_env;
struct ub_packed_rrset_key;
-struct rbtree_t;
+struct rbtree_type;
struct regional;
struct sldns_buffer;
@@ -277,7 +277,7 @@ enum sec_status dnskey_verify_rrset(struct module_env* env,
enum sec_status dnskeyset_verify_rrset_sig(struct module_env* env,
struct val_env* ve, time_t now, struct ub_packed_rrset_key* rrset,
struct ub_packed_rrset_key* dnskey, size_t sig_idx,
- struct rbtree_t** sortree, char** reason);
+ struct rbtree_type** sortree, char** reason);
/**
* verify rrset, with specific dnskey(from set), for a specific rrsig
@@ -302,7 +302,7 @@ enum sec_status dnskey_verify_rrset_sig(struct regional* region,
struct sldns_buffer* buf, struct val_env* ve, time_t now,
struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
size_t dnskey_idx, size_t sig_idx,
- struct rbtree_t** sortree, int* buf_canon, char** reason);
+ struct rbtree_type** sortree, int* buf_canon, char** reason);
/**
* canonical compare for two tree entries
diff --git a/contrib/unbound/validator/validator.h b/contrib/unbound/validator/validator.h
index 20f806adab35..23d3072427a2 100644
--- a/contrib/unbound/validator/validator.h
+++ b/contrib/unbound/validator/validator.h
@@ -126,7 +126,7 @@ struct val_env {
size_t* nsec3_maxiter;
/** lock on bogus counter */
- lock_basic_t bogus_lock;
+ lock_basic_type bogus_lock;
/** number of times rrsets marked bogus */
size_t num_rrset_bogus;
};