diff options
Diffstat (limited to 'smallapp')
| -rw-r--r-- | smallapp/unbound-anchor.c | 4 | ||||
| -rw-r--r-- | smallapp/unbound-checkconf.c | 29 | ||||
| -rw-r--r-- | smallapp/unbound-control.c | 20 |
3 files changed, 47 insertions, 6 deletions
diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index 19ee85b1aaaa..c060ad394c1d 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -2326,7 +2326,9 @@ int main(int argc, char* argv[]) #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) ERR_load_SSL_strings(); +#endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) OpenSSL_add_all_algorithms(); #else @@ -2337,7 +2339,7 @@ int main(int argc, char* argv[]) #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) (void)SSL_library_init(); #else - (void)OPENSSL_init_ssl(0, NULL); + (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); #endif if(dolist) do_list_builtin(); diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index 11df4415c5c5..7e9cb4740ae3 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -71,6 +71,9 @@ #ifdef WITH_PYTHONMODULE #include "pythonmod/pythonmod.h" #endif +#ifdef CLIENT_SUBNET +#include "edns-subnet/subnet-whitelist.h" +#endif /** Give checkconf usage, and exit (1). */ static void @@ -345,6 +348,20 @@ check_chroot_filelist_wild(const char* desc, struct config_strlist* list, } } +#ifdef CLIENT_SUBNET +/** check ECS configuration */ +static void +ecs_conf_checks(struct config_file* cfg) +{ + struct ecs_whitelist* whitelist = NULL; + if(!(whitelist = ecs_whitelist_create())) + fatal_exit("Could not create ednssubnet whitelist: out of memory"); + if(!ecs_whitelist_apply_cfg(whitelist, cfg)) + fatal_exit("Could not setup ednssubnet whitelist"); + ecs_whitelist_delete(whitelist); +} +#endif /* CLIENT_SUBNET */ + /** check configuration for errors */ static void morechecks(struct config_file* cfg, const char* fname) @@ -427,8 +444,11 @@ morechecks(struct config_file* cfg, const char* fname) check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file, cfg->chrootdir, cfg); #ifdef USE_IPSECMOD - check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook, cfg->chrootdir, - cfg); + if(cfg->ipsecmod_enabled && strstr(cfg->module_conf, "ipsecmod")) { + /* only check hook if enabled */ + check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook, + cfg->chrootdir, cfg); + } #endif /* remove chroot setting so that modules are not stripping pathnames*/ free(cfg->chrootdir); @@ -474,6 +494,8 @@ morechecks(struct config_file* cfg, const char* fname) #ifdef CLIENT_SUBNET && strcmp(cfg->module_conf, "subnetcache iterator") != 0 && strcmp(cfg->module_conf, "subnetcache validator iterator") != 0 + && strcmp(cfg->module_conf, "dns64 subnetcache iterator") != 0 + && strcmp(cfg->module_conf, "dns64 subnetcache validator iterator") != 0 #endif #if defined(WITH_PYTHONMODULE) && defined(CLIENT_SUBNET) && strcmp(cfg->module_conf, "python subnetcache iterator") != 0 @@ -524,6 +546,9 @@ morechecks(struct config_file* cfg, const char* fname) localzonechecks(cfg); view_and_respipchecks(cfg); +#ifdef CLIENT_SUBNET + ecs_conf_checks(cfg); +#endif } /** check forwards */ diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index aa2db4a61dfb..4b3efc134dc0 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -207,7 +207,7 @@ static void pr_stats(const char* nm, struct ub_stats_info* s) PR_UL_NM("num.dnscrypt.cleartext", s->svr.num_query_dnscrypt_cleartext); PR_UL_NM("num.dnscrypt.malformed", s->svr.num_query_dnscrypt_crypted_malformed); -#endif +#endif /* USE_DNSCRYPT */ printf("%s.requestlist.avg"SQ"%g\n", nm, (s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)? (double)s->svr.sum_query_list_size/ @@ -251,6 +251,10 @@ static void print_mem(struct ub_shm_stat_info* shm_stat) #ifdef USE_IPSECMOD PR_LL("mem.mod.ipsecmod", shm_stat->mem.ipsecmod); #endif +#ifdef USE_DNSCRYPT + PR_LL("mem.cache.dnscrypt_shared_secret", + shm_stat->mem.dnscrypt_shared_secret); +#endif } /** print histogram */ @@ -337,6 +341,8 @@ static void print_extended(struct ub_stats_info* s) if(!inhibit_zero || s->svr.ans_rcode_nodata) { PR_UL("num.answer.rcode.nodata", s->svr.ans_rcode_nodata); } + /* iteration */ + PR_UL("num.query.ratelimited", s->svr.queries_ratelimited); /* validation */ PR_UL("num.answer.secure", s->svr.ans_secure); PR_UL("num.answer.bogus", s->svr.ans_bogus); @@ -349,6 +355,12 @@ static void print_extended(struct ub_stats_info* s) PR_UL("rrset.cache.count", s->svr.rrset_cache_count); PR_UL("infra.cache.count", s->svr.infra_cache_count); PR_UL("key.cache.count", s->svr.key_cache_count); +#ifdef USE_DNSCRYPT + PR_UL("dnscrypt_shared_secret.cache.count", + s->svr.shared_secret_cache_count); + PR_UL("num.query.dnscrypt.shared_secret.cachemiss", + s->svr.num_query_dnscrypt_secret_missed_cache); +#endif /* USE_DNSCRYPT */ } /** print statistics out of memory structures */ @@ -356,7 +368,7 @@ static void do_stats_shm(struct config_file* cfg, struct ub_stats_info* stats, struct ub_shm_stat_info* shm_stat) { int i; - char nm[16]; + char nm[32]; for(i=0; i<cfg->num_threads; i++) { snprintf(nm, sizeof(nm), "thread%d", i); pr_stats(nm, &stats[i+1]); @@ -763,7 +775,9 @@ int main(int argc, char* argv[]) #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) ERR_load_SSL_strings(); +#endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) OpenSSL_add_all_algorithms(); #else @@ -774,7 +788,7 @@ int main(int argc, char* argv[]) #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) (void)SSL_library_init(); #else - (void)OPENSSL_init_ssl(0, NULL); + (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); #endif if(!RAND_status()) { |