summaryrefslogtreecommitdiff
path: root/daemon
diff options
context:
space:
mode:
Diffstat (limited to 'daemon')
-rw-r--r--daemon/cachedump.c47
-rw-r--r--daemon/remote.c68
-rw-r--r--daemon/unbound.c3
-rw-r--r--daemon/worker.c18
4 files changed, 95 insertions, 41 deletions
diff --git a/daemon/cachedump.c b/daemon/cachedump.c
index 46c625f061af..df6a40188bea 100644
--- a/daemon/cachedump.c
+++ b/daemon/cachedump.c
@@ -60,7 +60,7 @@
/** convert to ldns rr */
static ldns_rr*
to_rr(struct ub_packed_rrset_key* k, struct packed_rrset_data* d,
- uint32_t now, size_t i, uint16_t type)
+ time_t now, size_t i, uint16_t type)
{
ldns_rr* rr = ldns_rr_new();
ldns_rdf* rdf;
@@ -96,7 +96,7 @@ to_rr(struct ub_packed_rrset_key* k, struct packed_rrset_data* d,
/** dump one rrset zonefile line */
static int
dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k,
- struct packed_rrset_data* d, uint32_t now, size_t i, uint16_t type)
+ struct packed_rrset_data* d, time_t now, size_t i, uint16_t type)
{
char* s;
ldns_rr* rr = to_rr(k, d, now, i, type);
@@ -119,7 +119,7 @@ dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k,
/** dump rrset key and data info */
static int
dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
- struct packed_rrset_data* d, uint32_t now)
+ struct packed_rrset_data* d, time_t now)
{
size_t i;
/* rd lock held by caller */
@@ -127,9 +127,9 @@ dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
if(d->ttl < now) return 1; /* expired */
/* meta line */
- if(!ssl_printf(ssl, ";rrset%s %u %u %u %d %d\n",
+ if(!ssl_printf(ssl, ";rrset%s %lld %u %u %d %d\n",
(k->rk.flags & PACKED_RRSET_NSEC_AT_APEX)?" nsec_apex":"",
- (unsigned)(d->ttl - now),
+ (long long)(d->ttl - now),
(unsigned)d->count, (unsigned)d->rrsig_count,
(int)d->trust, (int)d->security
))
@@ -149,7 +149,7 @@ dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
/** dump lruhash rrset cache */
static int
-dump_rrset_lruhash(SSL* ssl, struct lruhash* h, uint32_t now)
+dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now)
{
struct lruhash_entry* e;
/* lruhash already locked by caller */
@@ -225,7 +225,7 @@ dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
/** dump message entry */
static int
dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d,
- uint32_t now)
+ time_t now)
{
size_t i;
char* nm, *tp, *cl;
@@ -259,10 +259,10 @@ dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d,
}
/* meta line */
- if(!ssl_printf(ssl, "msg %s %s %s %d %d %u %d %u %u %u\n",
+ if(!ssl_printf(ssl, "msg %s %s %s %d %d %lld %d %u %u %u\n",
nm, cl, tp,
(int)d->flags, (int)d->qdcount,
- (unsigned)(d->ttl-now), (int)d->security,
+ (long long)(d->ttl-now), (int)d->security,
(unsigned)d->an_numrrsets,
(unsigned)d->ns_numrrsets,
(unsigned)d->ar_numrrsets)) {
@@ -387,7 +387,7 @@ read_fixed(SSL* ssl, ldns_buffer* buf, const char* str)
static int
load_rr(SSL* ssl, ldns_buffer* buf, struct regional* region,
struct ub_packed_rrset_key* rk, struct packed_rrset_data* d,
- unsigned int i, int is_rrsig, int* go_on, uint32_t now)
+ unsigned int i, int is_rrsig, int* go_on, time_t now)
{
ldns_rr* rr;
ldns_status status;
@@ -489,7 +489,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
return 0;
}
s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) +
- sizeof(uint32_t))* num;
+ sizeof(time_t))* num;
for(i=0; i<num; i++)
s += d->rr_len[i];
ad = (struct packed_rrset_data*)malloc(s);
@@ -505,8 +505,8 @@ move_into_cache(struct ub_packed_rrset_key* k,
p += sizeof(size_t)*num;
memmove(p, &d->rr_data[0], sizeof(uint8_t*)*num);
p += sizeof(uint8_t*)*num;
- memmove(p, &d->rr_ttl[0], sizeof(uint32_t)*num);
- p += sizeof(uint32_t)*num;
+ memmove(p, &d->rr_ttl[0], sizeof(time_t)*num);
+ p += sizeof(time_t)*num;
for(i=0; i<num; i++) {
memmove(p, d->rr_data[i], d->rr_len[i]);
p += d->rr_len[i];
@@ -530,7 +530,8 @@ load_rrset(SSL* ssl, ldns_buffer* buf, struct worker* worker)
struct regional* region = worker->scratchpad;
struct ub_packed_rrset_key* rk;
struct packed_rrset_data* d;
- unsigned int ttl, rr_count, rrsig_count, trust, security;
+ unsigned int rr_count, rrsig_count, trust, security;
+ long long ttl;
unsigned int i;
int go_on = 1;
regional_free_all(region);
@@ -552,7 +553,7 @@ load_rrset(SSL* ssl, ldns_buffer* buf, struct worker* worker)
s += 10;
rk->rk.flags |= PACKED_RRSET_NSEC_AT_APEX;
}
- if(sscanf(s, " %u %u %u %u %u", &ttl, &rr_count, &rrsig_count,
+ if(sscanf(s, " %lld %u %u %u %u", &ttl, &rr_count, &rrsig_count,
&trust, &security) != 5) {
log_warn("error bad rrset spec %s", s);
return 0;
@@ -565,12 +566,12 @@ load_rrset(SSL* ssl, ldns_buffer* buf, struct worker* worker)
d->rrsig_count = (size_t)rrsig_count;
d->security = (enum sec_status)security;
d->trust = (enum rrset_trust)trust;
- d->ttl = (uint32_t)ttl + *worker->env.now;
+ d->ttl = (time_t)ttl + *worker->env.now;
d->rr_len = regional_alloc_zero(region,
sizeof(size_t)*(d->count+d->rrsig_count));
d->rr_ttl = regional_alloc_zero(region,
- sizeof(uint32_t)*(d->count+d->rrsig_count));
+ sizeof(time_t)*(d->count+d->rrsig_count));
d->rr_data = regional_alloc_zero(region,
sizeof(uint8_t*)*(d->count+d->rrsig_count));
if(!d->rr_len || !d->rr_ttl || !d->rr_data) {
@@ -718,7 +719,8 @@ load_msg(SSL* ssl, ldns_buffer* buf, struct worker* worker)
struct query_info qinf;
struct reply_info rep;
char* s = (char*)ldns_buffer_begin(buf);
- unsigned int flags, qdcount, ttl, security, an, ns, ar;
+ unsigned int flags, qdcount, security, an, ns, ar;
+ long long ttl;
size_t i;
int go_on = 1;
@@ -735,14 +737,14 @@ load_msg(SSL* ssl, ldns_buffer* buf, struct worker* worker)
}
/* read remainder of line */
- if(sscanf(s, " %u %u %u %u %u %u %u", &flags, &qdcount, &ttl,
+ if(sscanf(s, " %u %u %lld %u %u %u %u", &flags, &qdcount, &ttl,
&security, &an, &ns, &ar) != 7) {
log_warn("error cannot parse numbers: %s", s);
return 0;
}
rep.flags = (uint16_t)flags;
rep.qdcount = (uint16_t)qdcount;
- rep.ttl = (uint32_t)ttl;
+ rep.ttl = (time_t)ttl;
rep.prefetch_ttl = PREFETCH_TTL_CALC(rep.ttl);
rep.security = (enum sec_status)security;
rep.an_numrrsets = (size_t)an;
@@ -800,8 +802,9 @@ print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
{
char buf[257];
struct delegpt_addr* a;
- int lame, dlame, rlame, rto, edns_vs, to, delay, entry_ttl,
+ int lame, dlame, rlame, rto, edns_vs, to, delay,
tA = 0, tAAAA = 0, tother = 0;
+ long long entry_ttl;
struct rtt_info ri;
uint8_t edns_lame_known;
for(a = dp->target_list; a; a = a->next_target) {
@@ -840,7 +843,7 @@ print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
return;
continue; /* skip stuff not in infra cache */
}
- if(!ssl_printf(ssl, "%s%s%s%srto %d msec, ttl %d, ping %d "
+ if(!ssl_printf(ssl, "%s%s%s%srto %d msec, ttl %lld, ping %d "
"var %d rtt %d, tA %d, tAAAA %d, tother %d",
lame?"LAME ":"", dlame?"NoDNSSEC ":"",
a->lame?"AddrWasParentSide ":"",
diff --git a/daemon/remote.c b/daemon/remote.c
index 5dc05c5fa49f..615050225c5f 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -629,8 +629,8 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s)
if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%u\n", nm,
(unsigned)s->mesh_num_reply_states)) return 0;
timeval_divide(&avg, &s->mesh_replies_sum_wait, s->mesh_replies_sent);
- if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ"%d.%6.6d\n", nm,
- (int)avg.tv_sec, (int)avg.tv_usec)) return 0;
+ if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ"%lld.%6.6d\n", nm,
+ (long long)avg.tv_sec, (int)avg.tv_usec)) return 0;
if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm,
s->mesh_time_median)) return 0;
return 1;
@@ -713,12 +713,12 @@ print_uptime(SSL* ssl, struct worker* worker, int reset)
timeval_subtract(&dt, &now, &worker->daemon->time_last_stat);
if(reset)
worker->daemon->time_last_stat = now;
- if(!ssl_printf(ssl, "time.now"SQ"%d.%6.6d\n",
- (unsigned)now.tv_sec, (unsigned)now.tv_usec)) return 0;
- if(!ssl_printf(ssl, "time.up"SQ"%d.%6.6d\n",
- (unsigned)up.tv_sec, (unsigned)up.tv_usec)) return 0;
- if(!ssl_printf(ssl, "time.elapsed"SQ"%d.%6.6d\n",
- (unsigned)dt.tv_sec, (unsigned)dt.tv_usec)) return 0;
+ if(!ssl_printf(ssl, "time.now"SQ"%lld.%6.6d\n",
+ (long long)now.tv_sec, (unsigned)now.tv_usec)) return 0;
+ if(!ssl_printf(ssl, "time.up"SQ"%lld.%6.6d\n",
+ (long long)up.tv_sec, (unsigned)up.tv_usec)) return 0;
+ if(!ssl_printf(ssl, "time.elapsed"SQ"%lld.%6.6d\n",
+ (long long)dt.tv_sec, (unsigned)dt.tv_usec)) return 0;
return 1;
}
@@ -1118,9 +1118,9 @@ struct del_info {
/** labels */
int labs;
/** now */
- uint32_t now;
+ time_t now;
/** time to invalidate to */
- uint32_t expired;
+ time_t expired;
/** number of rrsets removed */
size_t num_rrsets;
/** number of msgs removed */
@@ -1663,6 +1663,38 @@ do_stub_remove(SSL* ssl, struct worker* worker, char* args)
send_ok(ssl);
}
+/** do the insecure_add command */
+static void
+do_insecure_add(SSL* ssl, struct worker* worker, char* arg)
+{
+ size_t nmlen;
+ int nmlabs;
+ uint8_t* nm = NULL;
+ if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
+ return;
+ if(!anchors_add_insecure(worker->env.anchors, LDNS_RR_CLASS_IN, nm)) {
+ (void)ssl_printf(ssl, "error out of memory\n");
+ free(nm);
+ return;
+ }
+ free(nm);
+ send_ok(ssl);
+}
+
+/** do the insecure_remove command */
+static void
+do_insecure_remove(SSL* ssl, struct worker* worker, char* arg)
+{
+ size_t nmlen;
+ int nmlabs;
+ uint8_t* nm = NULL;
+ if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
+ return;
+ anchors_delete_insecure(worker->env.anchors, LDNS_RR_CLASS_IN, nm);
+ free(nm);
+ send_ok(ssl);
+}
+
/** do the status command */
static void
do_status(SSL* ssl, struct worker* worker)
@@ -1684,7 +1716,7 @@ do_status(SSL* ssl, struct worker* worker)
if(!ssl_printf(ssl, " ]\n"))
return;
uptime = (time_t)time(NULL) - (time_t)worker->daemon->time_boot.tv_sec;
- if(!ssl_printf(ssl, "uptime: %u seconds\n", (unsigned)uptime))
+ if(!ssl_printf(ssl, "uptime: %lld seconds\n", (long long)uptime))
return;
if(!ssl_printf(ssl, "unbound (pid %d) is running...\n",
(int)getpid()))
@@ -1703,7 +1735,7 @@ get_mesh_age(struct mesh_state* m, char* buf, size_t len,
while(r && r->next)
r = r->next;
timeval_subtract(&d, env->now_tv, &r->start_time);
- snprintf(buf, len, "%d.%6.6d", (int)d.tv_sec, (int)d.tv_usec);
+ snprintf(buf, len, "%lld.%6.6d", (long long)d.tv_sec, (int)d.tv_usec);
} else {
snprintf(buf, len, "-");
}
@@ -1804,7 +1836,7 @@ struct infra_arg {
/** the SSL connection */
SSL* ssl;
/** the time now */
- uint32_t now;
+ time_t now;
};
/** callback for every host element in the infra cache */
@@ -2050,6 +2082,16 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
if(rc) distribute_cmd(rc, ssl, cmd);
do_forward_remove(ssl, worker, skipwhite(p+14));
return;
+ } else if(cmdcmp(p, "insecure_add", 12)) {
+ /* must always distribute this cmd */
+ if(rc) distribute_cmd(rc, ssl, cmd);
+ do_insecure_add(ssl, worker, skipwhite(p+12));
+ return;
+ } else if(cmdcmp(p, "insecure_remove", 15)) {
+ /* must always distribute this cmd */
+ if(rc) distribute_cmd(rc, ssl, cmd);
+ do_insecure_remove(ssl, worker, skipwhite(p+15));
+ return;
} else if(cmdcmp(p, "forward", 7)) {
/* must always distribute this cmd */
if(rc) distribute_cmd(rc, ssl, cmd);
diff --git a/daemon/unbound.c b/daemon/unbound.c
index cd08c9c3f185..28ea17355bf1 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -521,7 +521,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
/* setusercontext does initgroups, setuid, setgid, and
* also resource limits from login config, but we
* still call setresuid, setresgid to be sure to set all uid*/
- if(setusercontext(NULL, pwd, uid,
+ if(setusercontext(NULL, pwd, uid, (unsigned)
LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0)
log_warn("unable to setusercontext %s: %s",
cfg->username, strerror(errno));
@@ -714,6 +714,7 @@ main(int argc, char* argv[])
#endif
log_init(NULL, 0, NULL);
+ log_ident_set(strrchr(argv[0],'/')?strrchr(argv[0],'/')+1:argv[0]);
/* parse the options */
while( (c=getopt(argc, argv, "c:dhvw:")) != -1) {
switch(c) {
diff --git a/daemon/worker.c b/daemon/worker.c
index eeb323c8426a..37d019dff0e4 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -449,7 +449,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
*/
uint16_t udpsize = edns->udp_size;
int secure = 0;
- uint32_t timenow = *worker->env.now;
+ time_t timenow = *worker->env.now;
int must_validate = (!(flags&BIT_CD) || worker->env.cfg->ignore_cd)
&& worker->env.need_to_validate;
struct dns_msg *msg = NULL;
@@ -524,7 +524,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
struct reply_info* rep, uint16_t id, uint16_t flags,
struct comm_reply* repinfo, struct edns_data* edns)
{
- uint32_t timenow = *worker->env.now;
+ time_t timenow = *worker->env.now;
uint16_t udpsize = edns->udp_size;
int secure;
int must_validate = (!(flags&BIT_CD) || worker->env.cfg->ignore_cd)
@@ -614,7 +614,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
/** Reply to client and perform prefetch to keep cache up to date */
static void
reply_and_prefetch(struct worker* worker, struct query_info* qinfo,
- uint16_t flags, struct comm_reply* repinfo, uint32_t leeway)
+ uint16_t flags, struct comm_reply* repinfo, time_t leeway)
{
/* first send answer to client to keep its latency
* as small as a cachereply */
@@ -831,7 +831,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
edns.udp_size = NORMAL_UDP_SIZE;
}
- if(edns.edns_present && edns.udp_size < LDNS_HEADER_SIZE) {
+ if(edns.udp_size > worker->daemon->cfg->max_udp_size &&
+ c->type == comm_udp) {
+ verbose(VERB_QUERY,
+ "worker request: max UDP reply size modified"
+ " (%d to max-udp-size)", (int)edns.udp_size);
+ log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
+ edns.udp_size = worker->daemon->cfg->max_udp_size;
+ }
+ if(edns.udp_size < LDNS_HEADER_SIZE) {
verbose(VERB_ALGO, "worker request: edns is too small.");
log_addr(VERB_CLIENT, "from", &repinfo->addr, repinfo->addrlen);
LDNS_QR_SET(ldns_buffer_begin(c->buffer));
@@ -889,7 +897,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
/* prefetch it if the prefetch TTL expired */
if(worker->env.cfg->prefetch && *worker->env.now >=
((struct reply_info*)e->data)->prefetch_ttl) {
- uint32_t leeway = ((struct reply_info*)e->
+ time_t leeway = ((struct reply_info*)e->
data)->ttl - *worker->env.now;
lock_rw_unlock(&e->lock);
reply_and_prefetch(worker, &qinfo,
generated by cgit v1.3 (git 2.53.0) at 2026-04-07 11:57:21 +0000