diff options
43 files changed, 849 insertions, 498 deletions
diff --git a/Makefile.in b/Makefile.in index 1f035725dd28..03a63476a74b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1075,8 +1075,7 @@ unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/util/log.h \ - $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ diff --git a/config.h.in b/config.h.in index 545536d63126..f0eb7d6aa9f8 100644 --- a/config.h.in +++ b/config.h.in @@ -69,6 +69,9 @@ /* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ #undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA +/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */ +#undef HAVE_CRYPTO_THREADID_SET_CALLBACK + /* Define to 1 if you have the `ctime_r' function. */ #undef HAVE_CTIME_R diff --git a/configure b/configure index 6d8611192abf..45a251285273 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.9.0. +# Generated by GNU Autoconf 2.69 for unbound 1.9.1. # # Report bugs to <unbound-bugs@nlnetlabs.nl>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.9.0' -PACKAGE_STRING='unbound 1.9.0' +PACKAGE_VERSION='1.9.1' +PACKAGE_STRING='unbound 1.9.1' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -694,9 +694,6 @@ swig SWIG_LIB SWIG PC_PY_DEPENDENCY -PKG_CONFIG_LIBDIR -PKG_CONFIG_PATH -PKG_CONFIG PY_MAJOR_VERSION PYTHON_SITE_PKG PYTHON_LDFLAGS @@ -710,6 +707,9 @@ PTHREAD_CC ax_pthread_config RUNTIME_PATH LIBOBJS +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH +PKG_CONFIG LT_SYS_LIBRARY_PATH OTOOL64 OTOOL @@ -892,10 +892,10 @@ CPP YACC YFLAGS LT_SYS_LIBRARY_PATH -PYTHON_VERSION PKG_CONFIG PKG_CONFIG_PATH PKG_CONFIG_LIBDIR +PYTHON_VERSION SYSTEMD_CFLAGS SYSTEMD_LIBS SYSTEMD_DAEMON_CFLAGS @@ -1440,7 +1440,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.9.0 to adapt to many kinds of systems. +\`configure' configures unbound 1.9.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1505,7 +1505,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.9.0:";; + short | recursive ) echo "Configuration of unbound 1.9.1:";; esac cat <<\_ACEOF @@ -1638,15 +1638,15 @@ Some influential environment variables: default value of `-d' given by some make applications. LT_SYS_LIBRARY_PATH User-defined run-time library search path. - PYTHON_VERSION - The installed Python version to use, for example '2.3'. This - string will be appended to the Python interpreter canonical - name. PKG_CONFIG path to pkg-config utility PKG_CONFIG_PATH directories to add to pkg-config's search path PKG_CONFIG_LIBDIR path overriding pkg-config's built-in search path + PYTHON_VERSION + The installed Python version to use, for example '2.3'. This + string will be appended to the Python interpreter canonical + name. SYSTEMD_CFLAGS C compiler flags for SYSTEMD, overriding pkg-config SYSTEMD_LIBS @@ -1722,7 +1722,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.9.0 +unbound configure 1.9.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2431,7 +2431,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.9.0, which was +It was created by unbound $as_me 1.9.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2783,11 +2783,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=9 -UNBOUND_VERSION_MICRO=0 +UNBOUND_VERSION_MICRO=1 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=0 +LIBUNBOUND_REVISION=1 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2854,7 +2854,8 @@ LIBUNBOUND_AGE=1 # 1.8.1 had 8:1:0 # 1.8.2 had 8:2:0 # 1.8.3 had 8:3:0 -# 1.8.4 had 9:0:1 # add ub_ctx_set_tls +# 1.9.0 had 9:0:1 # add ub_ctx_set_tls +# 1.9.1 had 9:1:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -14558,6 +14559,127 @@ CC=$lt_save_CC + + + + + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi + # Checks for header files. for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h do : @@ -17015,126 +17137,6 @@ $as_echo "#define HAVE_PYTHON 1" >>confdefs.h CPPFLAGS="$PYTHON_CPPFLAGS" fi ub_have_python=yes - - - - - - - -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PKG_CONFIG=$ac_cv_path_PKG_CONFIG -if test -n "$PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 -$as_echo "$PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_path_PKG_CONFIG"; then - ac_pt_PKG_CONFIG=$PKG_CONFIG - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $ac_pt_PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG -if test -n "$ac_pt_PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 -$as_echo "$ac_pt_PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_pt_PKG_CONFIG" = x; then - PKG_CONFIG="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - PKG_CONFIG=$ac_pt_PKG_CONFIG - fi -else - PKG_CONFIG="$ac_cv_path_PKG_CONFIG" -fi - -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=0.9.0 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 -$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - PKG_CONFIG="" - fi -fi if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\"python\${PY_MAJOR_VERSION}\"\""; } >&5 ($PKG_CONFIG --exists --print-errors ""python${PY_MAJOR_VERSION}"") 2>&5 @@ -17993,7 +17995,7 @@ fi done -for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex +for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -21148,7 +21150,7 @@ _ACEOF -version=1.9.0 +version=1.9.1 date=`date +'%b %e, %Y'` @@ -21667,7 +21669,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.9.0, which was +This file was extended by unbound $as_me 1.9.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21733,7 +21735,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.9.0 +unbound config.status 1.9.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index e071dc398989..ff6f05ad75a1 100644 --- a/configure.ac +++ b/configure.ac @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[9]) -m4_define([VERSION_MICRO],[0]) +m4_define([VERSION_MICRO],[1]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=0 +LIBUNBOUND_REVISION=1 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -85,7 +85,8 @@ LIBUNBOUND_AGE=1 # 1.8.1 had 8:1:0 # 1.8.2 had 8:2:0 # 1.8.3 had 8:3:0 -# 1.8.4 had 9:0:1 # add ub_ctx_set_tls +# 1.9.0 had 9:0:1 # add ub_ctx_set_tls +# 1.9.1 had 9:1:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -382,6 +383,8 @@ AC_CHECK_PROG(doxygen, doxygen, doxygen) AC_CHECK_TOOL(STRIP, strip) ACX_LIBTOOL_C_ONLY +PKG_PROG_PKG_CONFIG + # Checks for header files. AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h],,, [AC_INCLUDES_DEFAULT]) @@ -641,7 +644,6 @@ if test x_$ub_test_python != x_no; then CPPFLAGS="$PYTHON_CPPFLAGS" fi ub_have_python=yes - PKG_PROG_PKG_CONFIG PKG_CHECK_EXISTS(["python${PY_MAJOR_VERSION}"], [PC_PY_DEPENDENCY="python${PY_MAJOR_VERSION}"], [PC_PY_DEPENDENCY="python"]) @@ -781,7 +783,7 @@ else AC_MSG_RESULT([no]) fi AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback]) # these check_funcs need -lssl BAKLIBS="$LIBS" diff --git a/contrib/libunbound.so.conf b/contrib/libunbound.so.conf index 3b78fca7f378..7cf26fee492e 100644 --- a/contrib/libunbound.so.conf +++ b/contrib/libunbound.so.conf @@ -14,6 +14,7 @@ int ub_ctx_set_option(ub_ctx*, string, string); int ub_ctx_get_option(ub_ctx*, string, +string*); int ub_ctx_config(ub_ctx*, string); int ub_ctx_set_fwd(ub_ctx*, string); +int ub_ctx_set_tls(ub_ctx*, bool(int)); int ub_ctx_set_stub(ub_ctx*, string, string, bool(int)); int ub_ctx_resolvconf(ub_ctx*, string); int ub_ctx_hosts(ub_ctx*, string); diff --git a/contrib/unbound.init b/contrib/unbound.init index 747f94e932dd..cccadeccf5b7 100644 --- a/contrib/unbound.init +++ b/contrib/unbound.init @@ -39,13 +39,13 @@ start() { # setup root jail if [ -s /etc/localtime ]; then [ -d ${rootdir}/etc ] || mkdir -p ${rootdir}/etc ; - if [ ! -e ${rootdir}/etc/localtime ] || /usr/bin/cmp -s /etc/localtime ${rootdir}/etc/localtime; then + if [ ! -e ${rootdir}/etc/localtime ] || ! /usr/bin/cmp -s /etc/localtime ${rootdir}/etc/localtime; then cp -fp /etc/localtime ${rootdir}/etc/localtime fi; fi; if [ -s /etc/resolv.conf ]; then [ -d ${rootdir}/etc ] || mkdir -p ${rootdir}/etc ; - if [ ! -e ${rootdir}/etc/resolv.conf ] || /usr/bin/cmp -s /etc/resolv.conf ${rootdir}/etc/resolv.conf; then + if [ ! -e ${rootdir}/etc/resolv.conf ] || ! /usr/bin/cmp -s /etc/resolv.conf ${rootdir}/etc/resolv.conf; then cp -fp /etc/resolv.conf ${rootdir}/etc/resolv.conf fi; fi; diff --git a/daemon/daemon.c b/daemon/daemon.c index e14edb99df05..7461a26e2104 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -770,7 +770,7 @@ daemon_delete(struct daemon* daemon) # endif # ifdef HAVE_OPENSSL_CONFIG EVP_cleanup(); -# if OPENSSL_VERSION_NUMBER < 0x10100000 +# if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) ENGINE_cleanup(); # endif CONF_modules_free(); diff --git a/daemon/remote.c b/daemon/remote.c index 48efba7409c8..1689154f5721 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -1987,7 +1987,7 @@ parse_delegpt(RES* ssl, char* args, uint8_t* nm, int allow_names) return NULL; } } else { -#ifndef HAVE_SSL_SET1_HOST +#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) if(auth_name) log_err("no name verification functionality in " "ssl library, ignored name for %s", todo); diff --git a/daemon/worker.c b/daemon/worker.c index c9504dd207be..433b96fd527a 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -1171,7 +1171,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, /* check if this query should be dropped based on source ip rate limiting */ if(!infra_ip_ratelimit_inc(worker->env.infra_cache, repinfo, - *worker->env.now)) { + *worker->env.now, c->buffer)) { /* See if we are passed through with slip factor */ if(worker->env.cfg->ip_ratelimit_factor != 0 && ub_random_max(worker->env.rnd, @@ -1559,8 +1559,17 @@ send_reply_rc: if(worker->env.cfg->log_replies) { struct timeval tv = {0, 0}; - log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, - tv, 1, c->buffer); + if(qinfo.local_alias && qinfo.local_alias->rrset && + qinfo.local_alias->rrset->rk.dname) { + /* log original qname, before the local alias was + * used to resolve that CNAME to something else */ + qinfo.qname = qinfo.local_alias->rrset->rk.dname; + log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, + tv, 1, c->buffer); + } else { + log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, + tv, 1, c->buffer); + } } #ifdef USE_DNSCRYPT if(!dnsc_handle_uncurved_request(repinfo)) { diff --git a/doc/Changelog b/doc/Changelog index 2c029484f612..ac7c2acde6e9 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,85 @@ -5 February 2019: Wouter - - Fix tls-ciphers spelling in example.conf +1 March 2019: Wouter + - output forwarder log in ssl_req_order test. + +28 February 2019: Wouter + - Remove memory leak on pythonmod python2 script file init. + - Remove swig gcc8 python function cast warnings, they are ignored. + - Print correct module that failed when module-config is wrong. + +27 February 2019: Wouter + - Fix #4229: Unbound man pages lack information, about access-control + order and local zone tags, and elements in views. + - Fix #14: contrib/unbound.init: Fix wrong comparison judgment + before copying. + - Fix for python module on Windows, fix fopen. + +25 February 2019: Wouter + - Fix #4227: pair event del and add for libevent for tcp_req_info. + +21 February 2019: Wouter + - Fix the error for unknown module in module-config is understandable, + and explains it was not compiled in and where to see the list. + - In example.conf explain where to put cachedb module in module-config. + - In man page and example config explain that most modules have to + be listed at the start of module-config. + +20 February 2019: Wouter + - Fix pythonmod include and sockaddr_un ifdefs for compile on + Windows, and for libunbound. + +18 February 2019: Wouter + - Print query name with ip_ratelimit exceeded log lines. + - Spaces instead of tabs in that log message. + - Print query name and IP address when domain rate limit exceeded. + +14 February 2019: Wouter + - Fix capsforid canonical sort qsort callback. + +11 February 2019: Wouter + - Note default for module-config in man page. + - Fix recursion lame test for qname minimisation asked queries, + that were not present in the set of prepared answers. + - Fix #13: Remove left-over requirements on OpenSSL >= 1.1.0 for + cert name matching, from man page. + - make depend, with newer gcc, nicer layout. + +7 February 2019: Wouter + - Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2. + - Fix that qname minimisation does not skip a label when missing + nameserver targets need to be fetched. + - Fix #4225: clients seem to erroneously receive no answer with + DNS-over-TLS and qname-minimisation. + +4 February 2019: Wouter + - Fix that log-replies prints the correct name for local-alias + names, for names that have a CNAME in local-data configuration. + It logs the original query name, not the target of the CNAME. + - Add local-zone type inform_redirect, which logs like type inform, + and redirects like type redirect. + - Perform canonical sort for 0x20 capsforid compare of replies, + this sorts rrsets in the authority and additional section before + comparison, so that out of order rrsets do not cause failure. + +31 January 2019: Wouter + - Set ub_ctx_set_tls call signature in ltrace config file for + libunbound in contrib/libunbound.so.conf. + - improve documentation for tls-service-key and forward-first. + - #10: fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of + conditional section, fixes systemd builds, from Enrico Scholz. + - #9: For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks, + still supports the set_id_callback previous API. And for 1.1.0 + no locking callbacks are needed. + - #8: Fix OpenSSL without ENGINE support compilation. + - Wipe TLS session key data from memory on exit. + +30 January 2019: Ralph + - Fix case in which query timeout can result in marking delegation + as edns_lame_known. + +29 January 2019: Wouter + - Fix spelling of tls-ciphers in example.conf.in. + - Fix #4224: auth_xfr_notify.rpl test broken due to typo + - Fix locking for libunbound context setup with broken port config. 28 January 2019: Wouter - ub_ctx_set_tls call for libunbound that enables DoT for the machines @@ -8,7 +88,9 @@ - List example config for root zone copy locally hosted with auth-zone as suggested from draft-ietf-dnsop-7706-bis-02. But with updated B root address. - - set version to 1.9.0 for release. + - set version to 1.9.0 for release. And this was released with the + spelling for tls-ciphers fix as 1.9.0 on Feb 5. Trunk has 1.9.1 in + development. 25 January 2019: Wouter - Fix that tcp for auth zone and outgoing does not remove and diff --git a/doc/README b/doc/README index 0afef47bee24..f6bb52672d28 100644 --- a/doc/README +++ b/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.9.0 +README for Unbound 1.9.1 Copyright 2007 NLnet Labs http://unbound.net diff --git a/doc/example.conf.in b/doc/example.conf.in index bbfaf66ddaed..bd68f715f972 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.9.0. +# See unbound.conf(5) man page, version 1.9.1. # # this is a comment. @@ -475,6 +475,9 @@ server: # module configuration of the server. A string with identifiers # separated by spaces. Syntax: "[dns64] [validator] iterator" + # most modules have to be listed at the beginning of the line, + # except cachedb(just before iterator), and python (at the beginning, + # or, just before the iterator). # module-config: "validator iterator" # File with trusted keys, kept uptodate using RFC5011 probes, @@ -673,6 +676,7 @@ server: # o typetransparent resolves normally for other types and other names # o inform acts like transparent, but logs client IP address # o inform_deny drops queries and logs client IP address + # o inform_redirect redirects queries and logs client IP address # o always_transparent, always_refuse, always_nxdomain, resolve in # that way but ignore local data for that name # o noview breaks out of that view towards global local-zones. @@ -822,6 +826,8 @@ server: # Python config section. To enable: # o use --with-pythonmodule to configure before compiling. # o list python in the module-config string (above) to enable. +# It can be at the start, it gets validated results, or just before +# the iterator and process before DNSSEC validation. # o and give a python-script to run. python: # Script file to load @@ -972,7 +978,7 @@ remote-control: # Enable external backend DB as auxiliary cache. Specify the backend name # (default is "testframe", which has no use other than for debugging and # testing) and backend-specific options. The 'cachedb' module must be -# included in module-config. +# included in module-config, just before the iterator module. # cachedb: # backend: "testframe" # # secret seed string to calculate hashed keys diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in index 6115a977a501..fc53e0934f4e 100644 --- a/doc/libunbound.3.in +++ b/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Feb 5, 2019" "NLnet Labs" "unbound 1.9.0" +.TH "libunbound" "3" "Mar 12, 2019" "NLnet Labs" "unbound 1.9.1" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -44,7 +44,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.9.0 functions. +\- Unbound DNS validating resolver 1.9.1 functions. .SH "SYNOPSIS" .B #include <unbound.h> .LP diff --git a/doc/unbound-anchor.8.in b/doc/unbound-anchor.8.in index 226297f34dce..41bc62483641 100644 --- a/doc/unbound-anchor.8.in +++ b/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Feb 5, 2019" "NLnet Labs" "unbound 1.9.0" +.TH "unbound-anchor" "8" "Mar 12, 2019" "NLnet Labs" "unbound 1.9.1" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/doc/unbound-checkconf.8.in b/doc/unbound-checkconf.8.in index 9e5df52c98a1..04421e72dd99 100644 --- a/doc/unbound-checkconf.8.in +++ b/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Feb 5, 2019" "NLnet Labs" "unbound 1.9.0" +.TH "unbound-checkconf" "8" "Mar 12, 2019" "NLnet Labs" "unbound 1.9.1" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index f7558e5a9ed2..d713d2acbeeb 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Feb 5, 2019" "NLnet Labs" "unbound 1.9.0" +.TH "unbound-control" "8" "Mar 12, 2019" "NLnet Labs" "unbound 1.9.1" .\" .\" unbound-control.8 -- unbound remote control manual .\" diff --git a/doc/unbound-host.1.in b/doc/unbound-host.1.in index 1c24aa601d09..668de37c7a79 100644 --- a/doc/unbound-host.1.in +++ b/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Feb 5, 2019" "NLnet Labs" "unbound 1.9.0" +.TH "unbound\-host" "1" "Mar 12, 2019" "NLnet Labs" "unbound 1.9.1" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/doc/unbound.8.in b/doc/unbound.8.in index 999ac24fcacf..ed55005a54fe 100644 --- a/doc/unbound.8.in +++ b/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Feb 5, 2019" "NLnet Labs" "unbound 1.9.0" +.TH "unbound" "8" "Mar 12, 2019" "NLnet Labs" "unbound 1.9.1" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.9.0. +\- Unbound DNS validating resolver 1.9.1. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 2710100da9bf..8cdc2da7e3b6 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Feb 5, 2019" "NLnet Labs" "unbound 1.9.0" +.TH "unbound.conf" "5" "Mar 12, 2019" "NLnet Labs" "unbound 1.9.1" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -458,14 +458,15 @@ Alternate syntax for \fBtls\-upstream\fR. If both are present in the config file the last is used. .TP .B tls\-service\-key: \fI<file> -If enabled, the server provides TLS service on its TCP sockets. The clients -have to use tls\-upstream: yes. The file is the private key for the TLS -session. The public certificate is in the tls\-service\-pem file. Default -is "", turned off. Requires a restart (a reload is not enough) if changed, -because the private key is read while root permissions are held and before -chroot (if any). Normal DNS TCP service is not provided and gives errors, -this service is best run with a different \fBport:\fR config or \fI@port\fR -suffixes in the \fBinterface\fR config. +If enabled, the server provides TLS service on the TCP ports marked +implicitly or explicitly for TLS service with tls\-port. The file must +contain the private key for the TLS session, the public certificate is in +the tls\-service\-pem file and it must also be specified if tls\-service\-key +is specified. The default is "", turned off. Enabling or disabling +this service requires a restart (a reload is not enough), because the +key is read while root permissions are held and before chroot (if any). +The ports enabled implicitly or explicitly via \fBtls\-port:\fR do not provide +normal DNS TCP service. .TP .B ssl\-service\-key: \fI<file> Alternate syntax for \fBtls\-service\-key\fR. @@ -545,6 +546,7 @@ classless network block. The action can be \fIdeny\fR, \fIrefuse\fR, \fIallow\fR, \fIallow_setrd\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or \fIrefuse_non_local\fR. The most specific netblock match is used, if none match \fIdeny\fR is used. +The order of the access\-control statements therefore does not matter. .IP The action \fIdeny\fR stops queries from hosts from that netblock. .IP @@ -929,6 +931,12 @@ Setting this to "iterator" will result in a non\-validating server. Setting this to "validator iterator" will turn on DNSSEC validation. The ordering of the modules is important. You must also set trust\-anchors for validation to be useful. +The default is "validator iterator". When the server is built with +EDNS client subnet support the default is "subnetcache validator iterator". +Most modules that need to be listed here have to be listed at the beginning +of the line. The cachedb module has to be listed just before the iterator. +The python module can be listed in different places, it then processes the +output of the module it is just before. .TP .B trust\-anchor\-file: \fI<filename> File with trusted keys for validation. Both DS and DNSKEY entries can appear @@ -1140,7 +1148,7 @@ address space are not validated. This is usually required whenever Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, transparent, redirect, nodefault, typetransparent, inform, inform_deny, -always_transparent, always_refuse, always_nxdomain, noview, +inform_redirect, always_transparent, always_refuse, always_nxdomain, noview, and are explained below. After that the default settings are listed. Use local\-data: to enter data into the local zone. Answers for local zones are authoritative DNS answers. By default the zones are class IN. @@ -1201,6 +1209,10 @@ looking up infected names are logged, eg. to run antivirus on them. The query is dropped, like 'deny', and logged, like 'inform'. Ie. find infected machines without answering the queries. .TP 10 +\h'5'\fIinform_redirect\fR +The query is redirected, like 'redirect', and logged, like 'inform'. +Ie. answer queries with fixed data and also log the machines that ask. +.TP 10 \h'5'\fIalways_transparent\fR Like transparent, but ignores local data and resolves normally. .TP 10 @@ -1356,7 +1368,8 @@ TTL can be inserted like this: "2001:DB8::4 7200 www.example.com" Assign tags to localzones. Tagged localzones will only be applied when the used access-control element has a matching tag. Tags must be defined in \fIdefine\-tags\fR. Enclose list of tags in quotes ("") and put spaces between -tags. +tags. When there are multiple tags it checks if the intersection of the +list of tags for the query and local\-zone\-tag is non-empty. .TP 5 .B local\-zone\-override: \fI<zone> <IP netblock> <type> Override the localzone type for queries from addresses matching netblock. @@ -1614,13 +1627,11 @@ the '@' and '#', the '@' comes first. At high verbosity it logs the TLS certificate, with TLS enabled. If you leave out the '#' and auth name from the forward\-addr, any name is accepted. The cert must also match a CA from the tls\-cert\-bundle. -The cert name match code needs OpenSSL 1.1.0 or later to be enabled. .TP .B forward\-first: \fI<yes or no> -If enabled, a query is attempted without the forward clause if it fails. -The data could not be retrieved and would have caused SERVFAIL because -the servers are unreachable, instead it is tried without this clause. -The default is no. +If a forwarded query is met with a SERVFAIL error, and this option is +enabled, unbound will fall back to normal recursive resolution for this +query as if no query forwarding had been specified. The default is "no". .TP .B forward\-tls\-upstream: \fI<yes or no> Enabled or disable whether the queries to this forwarder use TLS for transport. @@ -1715,7 +1726,9 @@ data (eg. from the master servers). There may be multiple .B view: clauses. Each with a \fBname:\fR and zero or more \fBlocal\-zone\fR and -\fBlocal\-data\fR elements. View can be mapped to requests by specifying the +\fBlocal\-data\fR elements. Views can also contain view\-first, +response\-ip, response\-ip\-data and local\-data\-ptr elements. +View can be mapped to requests by specifying the view name in an \fBaccess\-control\-view\fR element. Options from matching views will override global options. Global options will be used if no matching view is found, or when the matching view does not have the option specified. diff --git a/iterator/iter_fwd.c b/iterator/iter_fwd.c index 4eb0eb718607..ea3d70e07320 100644 --- a/iterator/iter_fwd.c +++ b/iterator/iter_fwd.c @@ -239,7 +239,7 @@ read_fwds_addr(struct config_stub* s, struct delegpt* dp) s->name, p->str); return 0; } -#ifndef HAVE_SSL_SET1_HOST +#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) if(tls_auth_name) log_err("no name verification functionality in " "ssl library, ignored name for %s", p->str); diff --git a/iterator/iter_hints.c b/iterator/iter_hints.c index 0b35a9d9e24f..60e518122ed1 100644 --- a/iterator/iter_hints.c +++ b/iterator/iter_hints.c @@ -252,7 +252,7 @@ read_stubs_addr(struct config_stub* s, struct delegpt* dp) s->name, p->str); return 0; } -#ifndef HAVE_SSL_SET1_HOST +#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) if(auth_name) log_err("no name verification functionality in " "ssl library, ignored name for %s", p->str); diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c index 4ac8efd0d17a..be7965a60e39 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -882,10 +882,35 @@ rrset_equal(struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2) return 1; } +/** compare rrsets and sort canonically. Compares rrset name, type, class. + * return 0 if equal, +1 if x > y, and -1 if x < y. + */ +static int +rrset_canonical_sort_cmp(const void* x, const void* y) +{ + struct ub_packed_rrset_key* rrx = *(struct ub_packed_rrset_key**)x; + struct ub_packed_rrset_key* rry = *(struct ub_packed_rrset_key**)y; + int r = dname_canonical_compare(rrx->rk.dname, rry->rk.dname); + if(r != 0) + return r; + if(rrx->rk.type != rry->rk.type) { + if(ntohs(rrx->rk.type) > ntohs(rry->rk.type)) + return 1; + else return -1; + } + if(rrx->rk.rrset_class != rry->rk.rrset_class) { + if(ntohs(rrx->rk.rrset_class) > ntohs(rry->rk.rrset_class)) + return 1; + else return -1; + } + return 0; +} + int reply_equal(struct reply_info* p, struct reply_info* q, struct regional* region) { size_t i; + struct ub_packed_rrset_key** sorted_p, **sorted_q; if(p->flags != q->flags || p->qdcount != q->qdcount || /* do not check TTL, this may differ */ @@ -899,16 +924,43 @@ reply_equal(struct reply_info* p, struct reply_info* q, struct regional* region) p->ar_numrrsets != q->ar_numrrsets || p->rrset_count != q->rrset_count) return 0; + /* sort the rrsets in the authority and additional sections before + * compare, the query and answer sections are ordered in the sequence + * they should have (eg. one after the other for aliases). */ + sorted_p = (struct ub_packed_rrset_key**)regional_alloc_init( + region, p->rrsets, sizeof(*sorted_p)*p->rrset_count); + if(!sorted_p) return 0; + log_assert(p->an_numrrsets + p->ns_numrrsets + p->ar_numrrsets <= + p->rrset_count); + qsort(sorted_p + p->an_numrrsets, p->ns_numrrsets, + sizeof(*sorted_p), rrset_canonical_sort_cmp); + qsort(sorted_p + p->an_numrrsets + p->ns_numrrsets, p->ar_numrrsets, + sizeof(*sorted_p), rrset_canonical_sort_cmp); + + sorted_q = (struct ub_packed_rrset_key**)regional_alloc_init( + region, q->rrsets, sizeof(*sorted_q)*q->rrset_count); + if(!sorted_q) { + regional_free_all(region); + return 0; + } + log_assert(q->an_numrrsets + q->ns_numrrsets + q->ar_numrrsets <= + q->rrset_count); + qsort(sorted_q + q->an_numrrsets, q->ns_numrrsets, + sizeof(*sorted_q), rrset_canonical_sort_cmp); + qsort(sorted_q + q->an_numrrsets + q->ns_numrrsets, q->ar_numrrsets, + sizeof(*sorted_q), rrset_canonical_sort_cmp); + + /* compare the rrsets */ for(i=0; i<p->rrset_count; i++) { - if(!rrset_equal(p->rrsets[i], q->rrsets[i])) { - if(!rrset_canonical_equal(region, p->rrsets[i], - q->rrsets[i])) { + if(!rrset_equal(sorted_p[i], sorted_q[i])) { + if(!rrset_canonical_equal(region, sorted_p[i], + sorted_q[i])) { regional_free_all(region); return 0; } - regional_free_all(region); } } + regional_free_all(region); return 1; } diff --git a/iterator/iterator.c b/iterator/iterator.c index 8312dfd53313..c73fb5177489 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -1448,7 +1448,8 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, * now will also exceed the rate, keeping cache fresh */ (void)infra_ratelimit_inc(qstate->env->infra_cache, iq->dp->name, iq->dp->namelen, - *qstate->env->now); + *qstate->env->now, &qstate->qinfo, + qstate->reply); /* see if we are passed through with slip factor */ if(qstate->env->cfg->ratelimit_factor != 0 && ub_random_max(qstate->env->rnd, @@ -2105,6 +2106,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, struct delegpt_addr* target; struct outbound_entry* outq; int auth_fallback = 0; + uint8_t* qout_orig = NULL; + size_t qout_orig_len = 0; /* NOTE: a request will encounter this state for each target it * needs to send a query to. That is, at least one per referral, @@ -2178,6 +2181,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, int labdiff = qchaselabs - dname_count_labels(iq->qinfo_out.qname); + qout_orig = iq->qinfo_out.qname; + qout_orig_len = iq->qinfo_out.qname_len; iq->qinfo_out.qname = iq->qchase.qname; iq->qinfo_out.qname_len = iq->qchase.qname_len; iq->minimise_count++; @@ -2330,6 +2335,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, /* wait to get all targets, we want to try em */ verbose(VERB_ALGO, "wait for all targets for fallback"); qstate->ext_state[id] = module_wait_reply; + /* undo qname minimise step because we'll get back here + * to do it again */ + if(qout_orig && iq->minimise_count > 0) { + iq->minimise_count--; + iq->qinfo_out.qname = qout_orig; + iq->qinfo_out.qname_len = qout_orig_len; + } return 0; } /* did we do enough fallback queries already? */ @@ -2463,13 +2475,21 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, iq->num_current_queries); qstate->ext_state[id] = module_wait_reply; } + /* undo qname minimise step because we'll get back here + * to do it again */ + if(qout_orig && iq->minimise_count > 0) { + iq->minimise_count--; + iq->qinfo_out.qname = qout_orig; + iq->qinfo_out.qname_len = qout_orig_len; + } return 0; } /* if not forwarding, check ratelimits per delegationpoint name */ if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) { if(!infra_ratelimit_inc(qstate->env->infra_cache, iq->dp->name, - iq->dp->namelen, *qstate->env->now)) { + iq->dp->namelen, *qstate->env->now, &qstate->qinfo, + qstate->reply)) { lock_basic_lock(&ie->queries_ratelimit_lock); ie->num_queries_ratelimited++; lock_basic_unlock(&ie->queries_ratelimit_lock); diff --git a/libunbound/libworker.c b/libunbound/libworker.c index a886f9a88113..01621927eb5b 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -222,11 +222,10 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) } numports = cfg_condense_ports(cfg, &ports); if(numports == 0) { - int locked = !w->is_bg || w->is_bg_thread; - libworker_delete(w); - if(locked) { + if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); } + libworker_delete(w); return NULL; } w->back = outside_network_create(w->base, cfg->msg_buffer_size, diff --git a/libunbound/python/libunbound.i b/libunbound/python/libunbound.i index 84a536929421..6196a3979c4a 100644 --- a/libunbound/python/libunbound.i +++ b/libunbound/python/libunbound.i @@ -33,12 +33,26 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ +%begin %{ +/* store state of warning output, restored at later pop */ +#pragma GCC diagnostic push +/* ignore gcc8 METH_NOARGS function cast warnings for swig function pointers */ +#pragma GCC diagnostic ignored "-Wcast-function-type" +%} %module unbound %{ +/* restore state of warning output, remove the functioncast ignore */ +#pragma GCC diagnostic pop #include <sys/types.h> + #ifdef HAVE_SYS_SOCKET_H #include <sys/socket.h> + #endif + #ifdef HAVE_NETINET_IN_H #include <netinet/in.h> + #endif + #ifdef HAVE_ARPA_INET_H #include <arpa/inet.h> + #endif #include "libunbound/unbound.h" %} @@ -108,7 +122,7 @@ %inline %{ void ub_ctx_free_dbg (struct ub_ctx* c) { - printf("******** UB_CTX free 0x%lX ************\n", (long unsigned int)c); + printf("******** UB_CTX free 0x%p ************\n", c); ub_ctx_delete(c); } @@ -648,7 +662,7 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104'] %inline %{ void ub_resolve_free_dbg (struct ub_result* r) { - printf("******** UB_RESOLVE free 0x%lX ************\n", (long unsigned int)r); + printf("******** UB_RESOLVE free 0x%p ************\n", r); ub_resolve_free(r); } %} diff --git a/pythonmod/interface.i b/pythonmod/interface.i index 5f2559bacffa..f9fd07b513d6 100644 --- a/pythonmod/interface.i +++ b/pythonmod/interface.i @@ -1,19 +1,37 @@ /* * interface.i: unbound python module */ +%begin %{ +/* store state of warning output, restored at later pop */ +#pragma GCC diagnostic push +/* ignore gcc8 METH_NOARGS function cast warnings for swig function pointers */ +#pragma GCC diagnostic ignored "-Wcast-function-type" +%} %module unboundmodule %{ +/* restore state of warning output, remove the functioncast ignore */ +#pragma GCC diagnostic pop /** * \file * This is the interface between the unbound server and a python module * called to perform operations on queries. */ #include <sys/types.h> + #ifdef HAVE_SYS_SOCKET_H #include <sys/socket.h> + #endif + #ifdef HAVE_NETINET_IN_H #include <netinet/in.h> + #endif + #ifdef HAVE_ARPA_INET_H #include <arpa/inet.h> + #endif + #ifdef HAVE_NETDB_H #include <netdb.h> + #endif + #ifdef HAVE_SYS_UN_H #include <sys/un.h> + #endif #include <stdarg.h> #include "config.h" #include "util/log.h" @@ -449,7 +467,9 @@ struct sockaddr_storage {}; switch (ss->ss_family) { case AF_INET: return sizeof(struct sockaddr_in); case AF_INET6: return sizeof(struct sockaddr_in6); +#ifdef HAVE_SYS_UN_H case AF_UNIX: return sizeof(struct sockaddr_un); +#endif default: return 0; } @@ -515,10 +535,12 @@ struct sockaddr_storage {}; return PyBytes_FromStringAndSize((const char *)raw, sizeof(*raw)); } +#ifdef HAVE_SYS_UN_H if (ss->ss_family == AF_UNIX) { const struct sockaddr_un *sa = (struct sockaddr_un *)ss; return PyBytes_FromString(sa->sun_path); } +#endif return Py_None; } diff --git a/pythonmod/pythonmod.c b/pythonmod/pythonmod.c index a668ecc23cc7..9009a28daaa0 100644 --- a/pythonmod/pythonmod.c +++ b/pythonmod/pythonmod.c @@ -247,6 +247,9 @@ int pythonmod_init(struct module_env* env, int id) PyObject* py_init_arg, *res; PyGILState_STATE gil; int init_standard = 1; +#if PY_MAJOR_VERSION < 3 + PyObject* PyFileObject = NULL; +#endif struct pythonmod_env* pe = (struct pythonmod_env*)calloc(1, sizeof(struct pythonmod_env)); if (!pe) @@ -307,7 +310,15 @@ int pythonmod_init(struct module_env* env, int id) } /* Check Python file load */ - if ((script_py = fopen(pe->fname, "r")) == NULL) + /* uses python to open the file, this works on other platforms, + * eg. Windows, to open the file in the correct mode for python */ +#if PY_MAJOR_VERSION < 3 + PyFileObject = PyFile_FromString((char*)pe->fname, "r"); + script_py = PyFile_AsFile(PyFileObject); +#else + script_py = _Py_fopen(pe->fname, "r"); +#endif + if (script_py == NULL) { log_err("pythonmod: can't open file %s for reading", pe->fname); PyGILState_Release(gil); @@ -343,7 +354,11 @@ int pythonmod_init(struct module_env* env, int id) PyGILState_Release(gil); return 0; } +#if PY_MAJOR_VERSION < 3 + Py_XDECREF(PyFileObject); +#else fclose(script_py); +#endif if ((pe->func_init = PyDict_GetItemString(pe->dict, "init_standard")) == NULL) { @@ -517,8 +532,7 @@ void pythonmod_clear(struct module_qstate* qstate, int id) return; pq = (struct pythonmod_qstate*)qstate->minfo[id]; - verbose(VERB_ALGO, "pythonmod: clear, id: %d, pq:%lX", id, - (unsigned long int)pq); + verbose(VERB_ALGO, "pythonmod: clear, id: %d, pq:%p", id, pq); if(pq != NULL) { PyGILState_STATE gil = PyGILState_Ensure(); @@ -534,8 +548,7 @@ void pythonmod_clear(struct module_qstate* qstate, int id) size_t pythonmod_get_mem(struct module_env* env, int id) { struct pythonmod_env* pe = (struct pythonmod_env*)env->modinfo[id]; - verbose(VERB_ALGO, "pythonmod: get_mem, id: %d, pe:%lX", id, - (unsigned long int)pe); + verbose(VERB_ALGO, "pythonmod: get_mem, id: %d, pe:%p", id, pe); if(!pe) return 0; return sizeof(*pe); diff --git a/respip/respip.c b/respip/respip.c index bcb31f89224d..d61877b556cd 100644 --- a/respip/respip.c +++ b/respip/respip.c @@ -183,6 +183,8 @@ respip_action_cfg(struct respip_set* set, const char* ipstr, action = respip_inform; else if(strcmp(actnstr, "inform_deny") == 0) action = respip_inform_deny; + else if(strcmp(actnstr, "inform_redirect") == 0) + action = respip_inform_redirect; else if(strcmp(actnstr, "always_transparent") == 0) action = respip_always_transparent; else if(strcmp(actnstr, "always_refuse") == 0) @@ -245,7 +247,8 @@ respip_enter_rr(struct regional* region, struct resp_addr* raddr, struct packed_rrset_data* pd; struct sockaddr* sa; int ret; - if(raddr->action != respip_redirect) { + if(raddr->action != respip_redirect + && raddr->action != respip_inform_redirect) { log_err("cannot parse response-ip-data %s: response-ip " "action for %s is not redirect", rrstr, netblock); return 0; @@ -750,7 +753,8 @@ respip_nodata_answer(uint16_t qtype, enum respip_action action, *new_repp = new_rep; return 1; } else if(action == respip_static || action == respip_redirect || - action == respip_always_nxdomain) { + action == respip_always_nxdomain || + action == respip_inform_redirect) { /* Since we don't know about other types of the owner name, * we generally return NOERROR/NODATA unless an NXDOMAIN action * is explicitly specified. */ diff --git a/services/cache/infra.c b/services/cache/infra.c index 07c41928d67e..c2484a9f1aa8 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -41,6 +41,8 @@ #include "config.h" #include "sldns/rrdef.h" #include "sldns/str2wire.h" +#include "sldns/sbuffer.h" +#include "sldns/wire2str.h" #include "services/cache/infra.h" #include "util/storage/slabhash.h" #include "util/storage/lookup3.h" @@ -907,7 +909,8 @@ int infra_rate_max(void* data, time_t now) } int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name, - size_t namelen, time_t timenow) + size_t namelen, time_t timenow, struct query_info* qinfo, + struct comm_reply* replylist) { int lim, max; struct lruhash_entry* entry; @@ -930,9 +933,19 @@ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name, lock_rw_unlock(&entry->lock); if(premax < lim && max >= lim) { - char buf[257]; + char buf[257], qnm[257], ts[12], cs[12], ip[128]; dname_str(name, buf); - verbose(VERB_OPS, "ratelimit exceeded %s %d", buf, lim); + dname_str(qinfo->qname, qnm); + sldns_wire2str_type_buf(qinfo->qtype, ts, sizeof(ts)); + sldns_wire2str_class_buf(qinfo->qclass, cs, sizeof(cs)); + ip[0]=0; + if(replylist) { + addr_to_str((struct sockaddr_storage *)&replylist->addr, + replylist->addrlen, ip, sizeof(ip)); + verbose(VERB_OPS, "ratelimit exceeded %s %d query %s %s %s from %s", buf, lim, qnm, cs, ts, ip); + } else { + verbose(VERB_OPS, "ratelimit exceeded %s %d query %s %s %s", buf, lim, qnm, cs, ts); + } } return (max < lim); } @@ -991,7 +1004,7 @@ infra_get_mem(struct infra_cache* infra) } int infra_ip_ratelimit_inc(struct infra_cache* infra, - struct comm_reply* repinfo, time_t timenow) + struct comm_reply* repinfo, time_t timenow, struct sldns_buffer* buffer) { int max; struct lruhash_entry* entry; @@ -1010,11 +1023,28 @@ int infra_ip_ratelimit_inc(struct infra_cache* infra, lock_rw_unlock(&entry->lock); if(premax < infra_ip_ratelimit && max >= infra_ip_ratelimit) { - char client_ip[128]; + char client_ip[128], qnm[LDNS_MAX_DOMAINLEN+1+12+12]; addr_to_str((struct sockaddr_storage *)&repinfo->addr, repinfo->addrlen, client_ip, sizeof(client_ip)); - verbose(VERB_OPS, "ip_ratelimit exceeded %s %d", - client_ip, infra_ip_ratelimit); + qnm[0]=0; + if(sldns_buffer_limit(buffer)>LDNS_HEADER_SIZE && + LDNS_QDCOUNT(sldns_buffer_begin(buffer))!=0) { + (void)sldns_wire2str_rrquestion_buf( + sldns_buffer_at(buffer, LDNS_HEADER_SIZE), + sldns_buffer_limit(buffer)-LDNS_HEADER_SIZE, + qnm, sizeof(qnm)); + if(strlen(qnm)>0 && qnm[strlen(qnm)-1]=='\n') + qnm[strlen(qnm)-1] = 0; /*remove newline*/ + if(strchr(qnm, '\t')) + *strchr(qnm, '\t') = ' '; + if(strchr(qnm, '\t')) + *strchr(qnm, '\t') = ' '; + verbose(VERB_OPS, "ip_ratelimit exceeded %s %d %s", + client_ip, infra_ip_ratelimit, qnm); + } else { + verbose(VERB_OPS, "ip_ratelimit exceeded %s %d (no query name)", + client_ip, infra_ip_ratelimit); + } } return (max <= infra_ip_ratelimit); } diff --git a/services/cache/infra.h b/services/cache/infra.h index 10db796bfcdd..e33f2a6c04ee 100644 --- a/services/cache/infra.h +++ b/services/cache/infra.h @@ -366,12 +366,15 @@ long long infra_get_host_rto(struct infra_cache* infra, * @param name: zone name * @param namelen: zone name length * @param timenow: what time it is now. + * @param qinfo: for logging, query name. + * @param replylist: for logging, querier's address (if any). * @return 1 if it could be incremented. 0 if the increment overshot the * ratelimit or if in the previous second the ratelimit was exceeded. * Failures like alloc failures are not returned (probably as 1). */ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name, - size_t namelen, time_t timenow); + size_t namelen, time_t timenow, struct query_info* qinfo, + struct comm_reply* replylist); /** * Decrement the query rate counter for a delegation point. @@ -410,10 +413,12 @@ int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, * @param infra: infra cache * @param repinfo: information about client * @param timenow: what time it is now. + * @param buffer: with query for logging. * @return 1 if it could be incremented. 0 if the increment overshot the * ratelimit and the query should be dropped. */ int infra_ip_ratelimit_inc(struct infra_cache* infra, - struct comm_reply* repinfo, time_t timenow); + struct comm_reply* repinfo, time_t timenow, + struct sldns_buffer* buffer); /** * Get memory used by the infra cache. diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index f86a83d96736..e74d1abcffc5 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -1636,10 +1636,12 @@ tcp_req_info_setup_listen(struct tcp_req_info* req) if(wr) { req->cp->tcp_is_reading = 0; + comm_point_stop_listening(req->cp); comm_point_start_listening(req->cp, -1, req->cp->tcp_timeout_msec); } else if(rd) { req->cp->tcp_is_reading = 1; + comm_point_stop_listening(req->cp); comm_point_start_listening(req->cp, -1, req->cp->tcp_timeout_msec); /* and also read it (from SSL stack buffers), so @@ -1647,6 +1649,7 @@ tcp_req_info_setup_listen(struct tcp_req_info* req) * the TLS frame is sitting in the buffers. */ req->read_again = 1; } else { + comm_point_stop_listening(req->cp); comm_point_start_listening(req->cp, -1, req->cp->tcp_timeout_msec); comm_point_listen_for_rw(req->cp, 0, 0); @@ -1759,6 +1762,7 @@ tcp_req_info_handle_readdone(struct tcp_req_info* req) * clear to write to */ send_it: c->tcp_is_reading = 0; + comm_point_stop_listening(c); comm_point_start_listening(c, -1, c->tcp_timeout_msec); return; } @@ -1779,6 +1783,12 @@ tcp_req_info_handle_readdone(struct tcp_req_info* req) /* If mesh failed(mallocfail) and called commpoint_send_reply with * something like servfail then we pick up that reply below. */ if(req->is_reply) { + /* reply from mesh is in the spool_buffer */ + sldns_buffer_clear(c->buffer); + sldns_buffer_write(c->buffer, + sldns_buffer_begin(req->spool_buffer), + sldns_buffer_limit(req->spool_buffer)); + sldns_buffer_flip(c->buffer); goto send_it; } diff --git a/services/localzone.c b/services/localzone.c index 902a29f21d48..6295b17e2fc5 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -464,7 +464,8 @@ lz_enter_rr_into_zone(struct local_zone* z, const char* rrstr) return 0; } log_assert(z->dclass == rrclass); - if(z->type == local_zone_redirect && + if((z->type == local_zone_redirect || + z->type == local_zone_inform_redirect) && query_dname_compare(z->name, nm) != 0) { log_err("local-data in redirect zone must reside at top of zone" ", not at %s", rrstr); @@ -481,7 +482,8 @@ lz_enter_rr_into_zone(struct local_zone* z, const char* rrstr) /* Reject it if we would end up having CNAME and other data (including * another CNAME) for a redirect zone. */ - if(z->type == local_zone_redirect && node->rrsets) { + if((z->type == local_zone_redirect || + z->type == local_zone_inform_redirect) && node->rrsets) { const char* othertype = NULL; if (rrtype == LDNS_RR_TYPE_CNAME) othertype = "other"; @@ -1323,7 +1325,8 @@ local_data_answer(struct local_zone* z, struct module_env* env, key.name = qinfo->qname; key.namelen = qinfo->qname_len; key.namelabs = labs; - if(lz_type == local_zone_redirect) { + if(lz_type == local_zone_redirect || + lz_type == local_zone_inform_redirect) { key.name = z->name; key.namelen = z->namelen; key.namelabs = z->namelabs; @@ -1355,7 +1358,8 @@ local_data_answer(struct local_zone* z, struct module_env* env, return 0; /* Special case for alias matching. See local_data_answer(). */ - if(lz_type == local_zone_redirect && + if((lz_type == local_zone_redirect || + lz_type == local_zone_inform_redirect) && qinfo->qtype != LDNS_RR_TYPE_CNAME && lr->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) { qinfo->local_alias = @@ -1370,7 +1374,8 @@ local_data_answer(struct local_zone* z, struct module_env* env, qinfo->local_alias->rrset->rk.dname_len = qinfo->qname_len; return 1; } - if(lz_type == local_zone_redirect) { + if(lz_type == local_zone_redirect || + lz_type == local_zone_inform_redirect) { /* convert rrset name to query name; like a wildcard */ struct ub_packed_rrset_key r = *lr->rrset; r.rk.dname = qinfo->qname; @@ -1442,6 +1447,7 @@ lz_zone_answer(struct local_zone* z, struct module_env* env, return 1; } else if(lz_type == local_zone_static || lz_type == local_zone_redirect || + lz_type == local_zone_inform_redirect || lz_type == local_zone_always_nxdomain) { /* for static, reply nodata or nxdomain * for redirect, reply nodata */ @@ -1450,7 +1456,8 @@ lz_zone_answer(struct local_zone* z, struct module_env* env, * or using closest match for NSEC. * or using closest match for returning delegation downwards */ - int rcode = (ld || lz_type == local_zone_redirect)? + int rcode = (ld || lz_type == local_zone_redirect || + lz_type == local_zone_inform_redirect)? LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN; if(z->soa) return local_encode(qinfo, env, edns, repinfo, buf, temp, @@ -1624,7 +1631,9 @@ local_zones_answer(struct local_zones* zones, struct module_env* env, } } if((env->cfg->log_local_actions || - lzt == local_zone_inform || lzt == local_zone_inform_deny) + lzt == local_zone_inform || + lzt == local_zone_inform_deny || + lzt == local_zone_inform_redirect) && repinfo) lz_inform_print(z, qinfo, repinfo); @@ -1656,6 +1665,7 @@ const char* local_zone_type2str(enum localzone_type t) case local_zone_nodefault: return "nodefault"; case local_zone_inform: return "inform"; case local_zone_inform_deny: return "inform_deny"; + case local_zone_inform_redirect: return "inform_redirect"; case local_zone_always_transparent: return "always_transparent"; case local_zone_always_refuse: return "always_refuse"; case local_zone_always_nxdomain: return "always_nxdomain"; @@ -1682,6 +1692,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t) *t = local_zone_inform; else if(strcmp(type, "inform_deny") == 0) *t = local_zone_inform_deny; + else if(strcmp(type, "inform_redirect") == 0) + *t = local_zone_inform_redirect; else if(strcmp(type, "always_transparent") == 0) *t = local_zone_always_transparent; else if(strcmp(type, "always_refuse") == 0) diff --git a/services/localzone.h b/services/localzone.h index dd7aa584c461..1d6caeff2c74 100644 --- a/services/localzone.h +++ b/services/localzone.h @@ -83,6 +83,8 @@ enum localzone_type { local_zone_inform, /** log client address, and block (drop) */ local_zone_inform_deny, + /** log client address, and direct */ + local_zone_inform_redirect, /** resolve normally, even when there is local data */ local_zone_always_transparent, /** answer with error, even when there is local data */ @@ -491,6 +493,8 @@ enum respip_action { respip_inform = local_zone_inform, /** log query source and don't answer query */ respip_inform_deny = local_zone_inform_deny, + /** log query source and redirect */ + respip_inform_redirect = local_zone_inform_redirect, /** resolve normally, even when there is response-ip data */ respip_always_transparent = local_zone_always_transparent, /** answer with 'refused' response */ diff --git a/services/modstack.c b/services/modstack.c index 136245a96838..05b949d1e330 100644 --- a/services/modstack.c +++ b/services/modstack.c @@ -113,8 +113,14 @@ modstack_config(struct module_stack* stack, const char* module_conf) for(i=0; i<stack->num; i++) { stack->mod[i] = module_factory(&module_conf); if(!stack->mod[i]) { - log_err("Unknown value for next module: '%s'", - module_conf); + char md[256]; + snprintf(md, sizeof(md), "%s", module_conf); + if(strchr(md, ' ')) *(strchr(md, ' ')) = 0; + if(strchr(md, '\t')) *(strchr(md, '\t')) = 0; + log_err("Unknown value in module-config, module: '%s'." + " This module is not present (not compiled in)," + " See the list of linked modules with unbound -h", + md); return 0; } } diff --git a/services/outside_network.c b/services/outside_network.c index 8ed5de375852..16d63df4395a 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -1964,7 +1964,6 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, struct serviced_query* sq = (struct serviced_query*)arg; struct outside_network* outnet = sq->outnet; struct timeval now = *sq->outnet->now_tv; - int fallback_tcp = 0; sq->pending = NULL; /* removed after callback */ if(error == NETEVENT_TIMEOUT) { @@ -1996,14 +1995,8 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, } return 0; } - if(rto >= RTT_MAX_TIMEOUT) { - /* fallback_tcp = 1; */ - /* UDP does not work, fallback to TCP below */ - } else { - serviced_callbacks(sq, NETEVENT_TIMEOUT, c, rep); - return 0; - } - } else if(error != NETEVENT_NOERROR) { + } + if(error != NETEVENT_NOERROR) { /* udp returns error (due to no ID or interface available) */ serviced_callbacks(sq, error, c, rep); return 0; @@ -2016,9 +2009,8 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen, &sq->last_sent_time, sq->outnet->now_tv, c->buffer); #endif - if(!fallback_tcp) { - if( (sq->status == serviced_query_UDP_EDNS - ||sq->status == serviced_query_UDP_EDNS_FRAG) + if( (sq->status == serviced_query_UDP_EDNS + ||sq->status == serviced_query_UDP_EDNS_FRAG) && (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) == LDNS_RCODE_FORMERR || LDNS_RCODE_WIRE( sldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOTIMPL @@ -2032,7 +2024,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, serviced_callbacks(sq, NETEVENT_CLOSED, c, rep); } return 0; - } else if(sq->status == serviced_query_UDP_EDNS && + } else if(sq->status == serviced_query_UDP_EDNS && !sq->edns_lame_known) { /* now we know that edns queries received answers store that */ log_addr(VERB_ALGO, "serviced query: EDNS works for", @@ -2042,7 +2034,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, log_err("Out of memory caching edns works"); } sq->edns_lame_known = 1; - } else if(sq->status == serviced_query_UDP_EDNS_fallback && + } else if(sq->status == serviced_query_UDP_EDNS_fallback && !sq->edns_lame_known && (LDNS_RCODE_WIRE( sldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOERROR || LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) == @@ -2060,12 +2052,12 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, } } else { log_addr(VERB_ALGO, "serviced query: EDNS fails, but " - "not stored because need DNSSEC for", &sq->addr, + "not stored because need DNSSEC for", &sq->addr, sq->addrlen); } sq->status = serviced_query_UDP; - } - if(now.tv_sec > sq->last_sent_time.tv_sec || + } + if(now.tv_sec > sq->last_sent_time.tv_sec || (now.tv_sec == sq->last_sent_time.tv_sec && now.tv_usec > sq->last_sent_time.tv_usec)) { /* convert from microseconds to milliseconds */ @@ -2081,11 +2073,10 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, sq->last_rtt, (time_t)now.tv_sec)) log_err("out of memory noting rtt."); } - } - } /* end of if_!fallback_tcp */ + } /* perform TC flag check and TCP fallback after updating our * cache entries for EDNS status and RTT times */ - if(LDNS_TC_WIRE(sldns_buffer_begin(c->buffer)) || fallback_tcp) { + if(LDNS_TC_WIRE(sldns_buffer_begin(c->buffer))) { /* fallback to TCP */ /* this discards partial UDP contents */ if(sq->status == serviced_query_UDP_EDNS || diff --git a/testdata/auth_xfr_notify.rpl b/testdata/auth_xfr_notify.rpl index 3603a223fbbc..d7af5ae50ae3 100644 --- a/testdata/auth_xfr_notify.rpl +++ b/testdata/auth_xfr_notify.rpl @@ -195,7 +195,7 @@ ENTRY_END RANGE_END ; lookups for notify hostnames. -STEP 1 TIME_PASSES ELAPSED 0 +STEP 1 TIME_PASSES ELAPSE 0 ; now the query STEP 2 QUERY diff --git a/testdata/iter_ranoaa_lame.rpl b/testdata/iter_ranoaa_lame.rpl index efb38a5907ec..4808b25a9a16 100644 --- a/testdata/iter_ranoaa_lame.rpl +++ b/testdata/iter_ranoaa_lame.rpl @@ -158,6 +158,16 @@ MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.55 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION ns.example.net. IN AAAA SECTION AUTHORITY example.net. IN NS ns.example.net. diff --git a/testdata/iter_reclame_two.rpl b/testdata/iter_reclame_two.rpl index f30edd941472..de4ef4165550 100644 --- a/testdata/iter_reclame_two.rpl +++ b/testdata/iter_reclame_two.rpl @@ -110,6 +110,26 @@ MATCH opcode qtype qname ADJUST copy_id REPLY QR RA NOERROR SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RA NOERROR +SECTION QUESTION +lame.example.com. IN A +SECTION ANSWER +lame.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RA NOERROR +SECTION QUESTION www.example.com. IN A SECTION ANSWER www.example.com. IN A 10.20.30.40 diff --git a/testdata/ssl_req_order.tdir/ssl_req_order.post b/testdata/ssl_req_order.tdir/ssl_req_order.post index bba50e309196..45067e10f479 100644 --- a/testdata/ssl_req_order.tdir/ssl_req_order.post +++ b/testdata/ssl_req_order.tdir/ssl_req_order.post @@ -9,3 +9,4 @@ kill_pid $FWD_PID kill_pid $UNBOUND_PID cat unbound.log +cat fwd.log diff --git a/util/configparser.c b/util/configparser.c index b93319fae678..ef9fb061b58f 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -1047,22 +1047,22 @@ static const yytype_uint16 yyrline[] = 1459, 1468, 1477, 1484, 1494, 1514, 1521, 1539, 1552, 1565, 1574, 1583, 1592, 1601, 1611, 1621, 1632, 1641, 1650, 1659, 1668, 1681, 1694, 1703, 1710, 1719, 1728, 1737, 1746, 1754, - 1767, 1775, 1806, 1813, 1828, 1838, 1848, 1855, 1862, 1869, - 1878, 1886, 1900, 1921, 1942, 1954, 1966, 1978, 1987, 2008, - 2018, 2027, 2035, 2043, 2056, 2069, 2084, 2099, 2108, 2117, - 2123, 2132, 2141, 2151, 2161, 2174, 2187, 2199, 2213, 2225, - 2239, 2249, 2256, 2263, 2272, 2281, 2291, 2301, 2311, 2318, - 2325, 2334, 2343, 2353, 2363, 2370, 2377, 2384, 2392, 2402, - 2412, 2422, 2432, 2464, 2474, 2482, 2490, 2505, 2514, 2519, - 2520, 2521, 2521, 2521, 2522, 2522, 2522, 2523, 2523, 2525, - 2535, 2544, 2551, 2558, 2565, 2572, 2579, 2586, 2591, 2592, - 2593, 2593, 2594, 2594, 2595, 2595, 2596, 2597, 2598, 2599, - 2600, 2601, 2603, 2612, 2619, 2628, 2637, 2644, 2651, 2661, - 2671, 2681, 2691, 2701, 2711, 2716, 2717, 2718, 2720, 2726, - 2736, 2743, 2752, 2760, 2765, 2766, 2768, 2768, 2768, 2769, - 2769, 2770, 2771, 2772, 2773, 2774, 2776, 2786, 2795, 2802, - 2811, 2818, 2827, 2835, 2848, 2856, 2869, 2874, 2875, 2876, - 2876, 2877, 2877, 2877, 2879, 2894, 2909, 2921, 2936, 2949 + 1767, 1775, 1808, 1815, 1830, 1840, 1850, 1857, 1864, 1871, + 1880, 1888, 1902, 1923, 1944, 1956, 1968, 1980, 1989, 2010, + 2020, 2029, 2037, 2045, 2058, 2071, 2086, 2101, 2110, 2119, + 2125, 2134, 2143, 2153, 2163, 2176, 2189, 2201, 2215, 2227, + 2241, 2251, 2258, 2265, 2274, 2283, 2293, 2303, 2313, 2320, + 2327, 2336, 2345, 2355, 2365, 2372, 2379, 2386, 2394, 2404, + 2414, 2424, 2434, 2466, 2476, 2484, 2492, 2507, 2516, 2521, + 2522, 2523, 2523, 2523, 2524, 2524, 2524, 2525, 2525, 2527, + 2537, 2546, 2553, 2560, 2567, 2574, 2581, 2588, 2593, 2594, + 2595, 2595, 2596, 2596, 2597, 2597, 2598, 2599, 2600, 2601, + 2602, 2603, 2605, 2614, 2621, 2630, 2639, 2646, 2653, 2663, + 2673, 2683, 2693, 2703, 2713, 2718, 2719, 2720, 2722, 2728, + 2738, 2745, 2754, 2762, 2767, 2768, 2770, 2770, 2770, 2771, + 2771, 2772, 2773, 2774, 2775, 2776, 2778, 2788, 2797, 2804, + 2813, 2820, 2829, 2837, 2850, 2858, 2871, 2876, 2877, 2878, + 2878, 2879, 2879, 2879, 2881, 2896, 2911, 2923, 2938, 2951 }; #endif @@ -4532,12 +4532,14 @@ yyreduce: && strcmp((yyvsp[0].str), "always_refuse")!=0 && strcmp((yyvsp[0].str), "always_nxdomain")!=0 && strcmp((yyvsp[0].str), "noview")!=0 - && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0) { + && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0 + && strcmp((yyvsp[0].str), "inform_redirect") != 0) { yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " - "always_transparent, always_refuse, " - "always_nxdomain, noview or nodefault"); + "inform_redirect, always_transparent, " + "always_refuse, always_nxdomain, noview " + "or nodefault"); free((yyvsp[-1].str)); free((yyvsp[0].str)); } else if(strcmp((yyvsp[0].str), "nodefault")==0) { @@ -4551,21 +4553,21 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 4555 "util/configparser.c" /* yacc.c:1648 */ +#line 4557 "util/configparser.c" /* yacc.c:1648 */ break; case 392: -#line 1807 "util/configparser.y" /* yacc.c:1648 */ +#line 1809 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 4565 "util/configparser.c" /* yacc.c:1648 */ +#line 4567 "util/configparser.c" /* yacc.c:1648 */ break; case 393: -#line 1814 "util/configparser.y" /* yacc.c:1648 */ +#line 1816 "util/configparser.y" /* yacc.c:1648 */ { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -4579,11 +4581,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 4583 "util/configparser.c" /* yacc.c:1648 */ +#line 4585 "util/configparser.c" /* yacc.c:1648 */ break; case 394: -#line 1829 "util/configparser.y" /* yacc.c:1648 */ +#line 1831 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4592,11 +4594,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4596 "util/configparser.c" /* yacc.c:1648 */ +#line 4598 "util/configparser.c" /* yacc.c:1648 */ break; case 395: -#line 1839 "util/configparser.y" /* yacc.c:1648 */ +#line 1841 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4605,41 +4607,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4609 "util/configparser.c" /* yacc.c:1648 */ +#line 4611 "util/configparser.c" /* yacc.c:1648 */ break; case 396: -#line 1849 "util/configparser.y" /* yacc.c:1648 */ +#line 1851 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4619 "util/configparser.c" /* yacc.c:1648 */ +#line 4621 "util/configparser.c" /* yacc.c:1648 */ break; case 397: -#line 1856 "util/configparser.y" /* yacc.c:1648 */ +#line 1858 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4629 "util/configparser.c" /* yacc.c:1648 */ +#line 4631 "util/configparser.c" /* yacc.c:1648 */ break; case 398: -#line 1863 "util/configparser.y" /* yacc.c:1648 */ +#line 1865 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 4639 "util/configparser.c" /* yacc.c:1648 */ +#line 4641 "util/configparser.c" /* yacc.c:1648 */ break; case 399: -#line 1870 "util/configparser.y" /* yacc.c:1648 */ +#line 1872 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4647,22 +4649,22 @@ yyreduce: else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4651 "util/configparser.c" /* yacc.c:1648 */ +#line 4653 "util/configparser.c" /* yacc.c:1648 */ break; case 400: -#line 1879 "util/configparser.y" /* yacc.c:1648 */ +#line 1881 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, (yyvsp[0].str))) fatal_exit("out of memory adding dns64-ignore-aaaa"); } -#line 4662 "util/configparser.c" /* yacc.c:1648 */ +#line 4664 "util/configparser.c" /* yacc.c:1648 */ break; case 401: -#line 1887 "util/configparser.y" /* yacc.c:1648 */ +#line 1889 "util/configparser.y" /* yacc.c:1648 */ { char* p, *s = (yyvsp[0].str); OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); @@ -4675,11 +4677,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4679 "util/configparser.c" /* yacc.c:1648 */ +#line 4681 "util/configparser.c" /* yacc.c:1648 */ break; case 402: -#line 1901 "util/configparser.y" /* yacc.c:1648 */ +#line 1903 "util/configparser.y" /* yacc.c:1648 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4699,11 +4701,11 @@ yyreduce: } } } -#line 4703 "util/configparser.c" /* yacc.c:1648 */ +#line 4705 "util/configparser.c" /* yacc.c:1648 */ break; case 403: -#line 1922 "util/configparser.y" /* yacc.c:1648 */ +#line 1924 "util/configparser.y" /* yacc.c:1648 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4723,11 +4725,11 @@ yyreduce: } } } -#line 4727 "util/configparser.c" /* yacc.c:1648 */ +#line 4729 "util/configparser.c" /* yacc.c:1648 */ break; case 404: -#line 1943 "util/configparser.y" /* yacc.c:1648 */ +#line 1945 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, @@ -4738,11 +4740,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4742 "util/configparser.c" /* yacc.c:1648 */ +#line 4744 "util/configparser.c" /* yacc.c:1648 */ break; case 405: -#line 1955 "util/configparser.y" /* yacc.c:1648 */ +#line 1957 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, @@ -4753,11 +4755,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4757 "util/configparser.c" /* yacc.c:1648 */ +#line 4759 "util/configparser.c" /* yacc.c:1648 */ break; case 406: -#line 1967 "util/configparser.y" /* yacc.c:1648 */ +#line 1969 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, @@ -4768,11 +4770,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4772 "util/configparser.c" /* yacc.c:1648 */ +#line 4774 "util/configparser.c" /* yacc.c:1648 */ break; case 407: -#line 1979 "util/configparser.y" /* yacc.c:1648 */ +#line 1981 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, @@ -4780,11 +4782,11 @@ yyreduce: yyerror("out of memory"); } } -#line 4784 "util/configparser.c" /* yacc.c:1648 */ +#line 4786 "util/configparser.c" /* yacc.c:1648 */ break; case 408: -#line 1988 "util/configparser.y" /* yacc.c:1648 */ +#line 1990 "util/configparser.y" /* yacc.c:1648 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4804,11 +4806,11 @@ yyreduce: } } } -#line 4808 "util/configparser.c" /* yacc.c:1648 */ +#line 4810 "util/configparser.c" /* yacc.c:1648 */ break; case 409: -#line 2009 "util/configparser.y" /* yacc.c:1648 */ +#line 2011 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4816,11 +4818,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4820 "util/configparser.c" /* yacc.c:1648 */ +#line 4822 "util/configparser.c" /* yacc.c:1648 */ break; case 410: -#line 2019 "util/configparser.y" /* yacc.c:1648 */ +#line 2021 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4828,33 +4830,33 @@ yyreduce: else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4832 "util/configparser.c" /* yacc.c:1648 */ +#line 4834 "util/configparser.c" /* yacc.c:1648 */ break; case 411: -#line 2028 "util/configparser.y" /* yacc.c:1648 */ +#line 2030 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4843 "util/configparser.c" /* yacc.c:1648 */ +#line 4845 "util/configparser.c" /* yacc.c:1648 */ break; case 412: -#line 2036 "util/configparser.y" /* yacc.c:1648 */ +#line 2038 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4854 "util/configparser.c" /* yacc.c:1648 */ +#line 4856 "util/configparser.c" /* yacc.c:1648 */ break; case 413: -#line 2044 "util/configparser.y" /* yacc.c:1648 */ +#line 2046 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4866,11 +4868,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4870 "util/configparser.c" /* yacc.c:1648 */ +#line 4872 "util/configparser.c" /* yacc.c:1648 */ break; case 414: -#line 2057 "util/configparser.y" /* yacc.c:1648 */ +#line 2059 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4882,11 +4884,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4886 "util/configparser.c" /* yacc.c:1648 */ +#line 4888 "util/configparser.c" /* yacc.c:1648 */ break; case 415: -#line 2070 "util/configparser.y" /* yacc.c:1648 */ +#line 2072 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -4900,11 +4902,11 @@ yyreduce: "ratelimit-for-domain"); } } -#line 4904 "util/configparser.c" /* yacc.c:1648 */ +#line 4906 "util/configparser.c" /* yacc.c:1648 */ break; case 416: -#line 2085 "util/configparser.y" /* yacc.c:1648 */ +#line 2087 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -4918,11 +4920,11 @@ yyreduce: "ratelimit-below-domain"); } } -#line 4922 "util/configparser.c" /* yacc.c:1648 */ +#line 4924 "util/configparser.c" /* yacc.c:1648 */ break; case 417: -#line 2100 "util/configparser.y" /* yacc.c:1648 */ +#line 2102 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4930,11 +4932,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4934 "util/configparser.c" /* yacc.c:1648 */ +#line 4936 "util/configparser.c" /* yacc.c:1648 */ break; case 418: -#line 2109 "util/configparser.y" /* yacc.c:1648 */ +#line 2111 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4942,20 +4944,20 @@ yyreduce: else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4946 "util/configparser.c" /* yacc.c:1648 */ +#line 4948 "util/configparser.c" /* yacc.c:1648 */ break; case 419: -#line 2118 "util/configparser.y" /* yacc.c:1648 */ +#line 2120 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); free((yyvsp[0].str)); } -#line 4955 "util/configparser.c" /* yacc.c:1648 */ +#line 4957 "util/configparser.c" /* yacc.c:1648 */ break; case 420: -#line 2124 "util/configparser.y" /* yacc.c:1648 */ +#line 2126 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) <= 0) @@ -4963,11 +4965,11 @@ yyreduce: else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4967 "util/configparser.c" /* yacc.c:1648 */ +#line 4969 "util/configparser.c" /* yacc.c:1648 */ break; case 421: -#line 2133 "util/configparser.y" /* yacc.c:1648 */ +#line 2135 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4975,11 +4977,11 @@ yyreduce: else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4979 "util/configparser.c" /* yacc.c:1648 */ +#line 4981 "util/configparser.c" /* yacc.c:1648 */ break; case 422: -#line 2142 "util/configparser.y" /* yacc.c:1648 */ +#line 2144 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4988,11 +4990,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4992 "util/configparser.c" /* yacc.c:1648 */ +#line 4994 "util/configparser.c" /* yacc.c:1648 */ break; case 423: -#line 2152 "util/configparser.y" /* yacc.c:1648 */ +#line 2154 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5001,11 +5003,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5005 "util/configparser.c" /* yacc.c:1648 */ +#line 5007 "util/configparser.c" /* yacc.c:1648 */ break; case 424: -#line 2162 "util/configparser.y" /* yacc.c:1648 */ +#line 2164 "util/configparser.y" /* yacc.c:1648 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); @@ -5017,11 +5019,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5021 "util/configparser.c" /* yacc.c:1648 */ +#line 5023 "util/configparser.c" /* yacc.c:1648 */ break; case 425: -#line 2175 "util/configparser.y" /* yacc.c:1648 */ +#line 2177 "util/configparser.y" /* yacc.c:1648 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); @@ -5033,11 +5035,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5037 "util/configparser.c" /* yacc.c:1648 */ +#line 5039 "util/configparser.c" /* yacc.c:1648 */ break; case 426: -#line 2188 "util/configparser.y" /* yacc.c:1648 */ +#line 2190 "util/configparser.y" /* yacc.c:1648 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); @@ -5048,11 +5050,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5052 "util/configparser.c" /* yacc.c:1648 */ +#line 5054 "util/configparser.c" /* yacc.c:1648 */ break; case 427: -#line 2200 "util/configparser.y" /* yacc.c:1648 */ +#line 2202 "util/configparser.y" /* yacc.c:1648 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); @@ -5065,11 +5067,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5069 "util/configparser.c" /* yacc.c:1648 */ +#line 5071 "util/configparser.c" /* yacc.c:1648 */ break; case 428: -#line 2214 "util/configparser.y" /* yacc.c:1648 */ +#line 2216 "util/configparser.y" /* yacc.c:1648 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); @@ -5080,11 +5082,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5084 "util/configparser.c" /* yacc.c:1648 */ +#line 5086 "util/configparser.c" /* yacc.c:1648 */ break; case 429: -#line 2226 "util/configparser.y" /* yacc.c:1648 */ +#line 2228 "util/configparser.y" /* yacc.c:1648 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); @@ -5097,11 +5099,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5101 "util/configparser.c" /* yacc.c:1648 */ +#line 5103 "util/configparser.c" /* yacc.c:1648 */ break; case 430: -#line 2240 "util/configparser.y" /* yacc.c:1648 */ +#line 2242 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) @@ -5110,31 +5112,31 @@ yyreduce: free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 5114 "util/configparser.c" /* yacc.c:1648 */ +#line 5116 "util/configparser.c" /* yacc.c:1648 */ break; case 431: -#line 2250 "util/configparser.y" /* yacc.c:1648 */ +#line 2252 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5124 "util/configparser.c" /* yacc.c:1648 */ +#line 5126 "util/configparser.c" /* yacc.c:1648 */ break; case 432: -#line 2257 "util/configparser.y" /* yacc.c:1648 */ +#line 2259 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5134 "util/configparser.c" /* yacc.c:1648 */ +#line 5136 "util/configparser.c" /* yacc.c:1648 */ break; case 433: -#line 2264 "util/configparser.y" /* yacc.c:1648 */ +#line 2266 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5142,11 +5144,11 @@ yyreduce: else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5146 "util/configparser.c" /* yacc.c:1648 */ +#line 5148 "util/configparser.c" /* yacc.c:1648 */ break; case 434: -#line 2273 "util/configparser.y" /* yacc.c:1648 */ +#line 2275 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5154,11 +5156,11 @@ yyreduce: else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5158 "util/configparser.c" /* yacc.c:1648 */ +#line 5160 "util/configparser.c" /* yacc.c:1648 */ break; case 435: -#line 2282 "util/configparser.y" /* yacc.c:1648 */ +#line 2284 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5167,11 +5169,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5171 "util/configparser.c" /* yacc.c:1648 */ +#line 5173 "util/configparser.c" /* yacc.c:1648 */ break; case 436: -#line 2292 "util/configparser.y" /* yacc.c:1648 */ +#line 2294 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5180,11 +5182,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5184 "util/configparser.c" /* yacc.c:1648 */ +#line 5186 "util/configparser.c" /* yacc.c:1648 */ break; case 437: -#line 2302 "util/configparser.y" /* yacc.c:1648 */ +#line 2304 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) @@ -5193,31 +5195,31 @@ yyreduce: free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 5197 "util/configparser.c" /* yacc.c:1648 */ +#line 5199 "util/configparser.c" /* yacc.c:1648 */ break; case 438: -#line 2312 "util/configparser.y" /* yacc.c:1648 */ +#line 2314 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5207 "util/configparser.c" /* yacc.c:1648 */ +#line 5209 "util/configparser.c" /* yacc.c:1648 */ break; case 439: -#line 2319 "util/configparser.y" /* yacc.c:1648 */ +#line 2321 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5217 "util/configparser.c" /* yacc.c:1648 */ +#line 5219 "util/configparser.c" /* yacc.c:1648 */ break; case 440: -#line 2326 "util/configparser.y" /* yacc.c:1648 */ +#line 2328 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5225,11 +5227,11 @@ yyreduce: else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5229 "util/configparser.c" /* yacc.c:1648 */ +#line 5231 "util/configparser.c" /* yacc.c:1648 */ break; case 441: -#line 2335 "util/configparser.y" /* yacc.c:1648 */ +#line 2337 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5237,11 +5239,11 @@ yyreduce: else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5241 "util/configparser.c" /* yacc.c:1648 */ +#line 5243 "util/configparser.c" /* yacc.c:1648 */ break; case 442: -#line 2344 "util/configparser.y" /* yacc.c:1648 */ +#line 2346 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5250,11 +5252,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5254 "util/configparser.c" /* yacc.c:1648 */ +#line 5256 "util/configparser.c" /* yacc.c:1648 */ break; case 443: -#line 2354 "util/configparser.y" /* yacc.c:1648 */ +#line 2356 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->auths->name) @@ -5263,52 +5265,52 @@ yyreduce: free(cfg_parser->cfg->auths->name); cfg_parser->cfg->auths->name = (yyvsp[0].str); } -#line 5267 "util/configparser.c" /* yacc.c:1648 */ +#line 5269 "util/configparser.c" /* yacc.c:1648 */ break; case 444: -#line 2364 "util/configparser.y" /* yacc.c:1648 */ +#line 2366 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->zonefile); cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); } -#line 5277 "util/configparser.c" /* yacc.c:1648 */ +#line 5279 "util/configparser.c" /* yacc.c:1648 */ break; case 445: -#line 2371 "util/configparser.y" /* yacc.c:1648 */ +#line 2373 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(master:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5287 "util/configparser.c" /* yacc.c:1648 */ +#line 5289 "util/configparser.c" /* yacc.c:1648 */ break; case 446: -#line 2378 "util/configparser.y" /* yacc.c:1648 */ +#line 2380 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(url:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5297 "util/configparser.c" /* yacc.c:1648 */ +#line 5299 "util/configparser.c" /* yacc.c:1648 */ break; case 447: -#line 2385 "util/configparser.y" /* yacc.c:1648 */ +#line 2387 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5308 "util/configparser.c" /* yacc.c:1648 */ +#line 5310 "util/configparser.c" /* yacc.c:1648 */ break; case 448: -#line 2393 "util/configparser.y" /* yacc.c:1648 */ +#line 2395 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5317,11 +5319,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5321 "util/configparser.c" /* yacc.c:1648 */ +#line 5323 "util/configparser.c" /* yacc.c:1648 */ break; case 449: -#line 2403 "util/configparser.y" /* yacc.c:1648 */ +#line 2405 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5330,11 +5332,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5334 "util/configparser.c" /* yacc.c:1648 */ +#line 5336 "util/configparser.c" /* yacc.c:1648 */ break; case 450: -#line 2413 "util/configparser.y" /* yacc.c:1648 */ +#line 2415 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5343,11 +5345,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5347 "util/configparser.c" /* yacc.c:1648 */ +#line 5349 "util/configparser.c" /* yacc.c:1648 */ break; case 451: -#line 2423 "util/configparser.y" /* yacc.c:1648 */ +#line 2425 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->views->name) @@ -5356,11 +5358,11 @@ yyreduce: free(cfg_parser->cfg->views->name); cfg_parser->cfg->views->name = (yyvsp[0].str); } -#line 5360 "util/configparser.c" /* yacc.c:1648 */ +#line 5362 "util/configparser.c" /* yacc.c:1648 */ break; case 452: -#line 2433 "util/configparser.y" /* yacc.c:1648 */ +#line 2435 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -5391,11 +5393,11 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 5395 "util/configparser.c" /* yacc.c:1648 */ +#line 5397 "util/configparser.c" /* yacc.c:1648 */ break; case 453: -#line 2465 "util/configparser.y" /* yacc.c:1648 */ +#line 2467 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5404,33 +5406,33 @@ yyreduce: fatal_exit("out of memory adding per-view " "response-ip action"); } -#line 5408 "util/configparser.c" /* yacc.c:1648 */ +#line 5410 "util/configparser.c" /* yacc.c:1648 */ break; case 454: -#line 2475 "util/configparser.y" /* yacc.c:1648 */ +#line 2477 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert( &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5419 "util/configparser.c" /* yacc.c:1648 */ +#line 5421 "util/configparser.c" /* yacc.c:1648 */ break; case 455: -#line 2483 "util/configparser.y" /* yacc.c:1648 */ +#line 2485 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { fatal_exit("out of memory adding local-data"); } } -#line 5430 "util/configparser.c" /* yacc.c:1648 */ +#line 5432 "util/configparser.c" /* yacc.c:1648 */ break; case 456: -#line 2491 "util/configparser.y" /* yacc.c:1648 */ +#line 2493 "util/configparser.y" /* yacc.c:1648 */ { char* ptr; OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -5444,11 +5446,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 5448 "util/configparser.c" /* yacc.c:1648 */ +#line 5450 "util/configparser.c" /* yacc.c:1648 */ break; case 457: -#line 2506 "util/configparser.y" /* yacc.c:1648 */ +#line 2508 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5456,19 +5458,19 @@ yyreduce: else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5460 "util/configparser.c" /* yacc.c:1648 */ +#line 5462 "util/configparser.c" /* yacc.c:1648 */ break; case 458: -#line 2515 "util/configparser.y" /* yacc.c:1648 */ +#line 2517 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("\nP(remote-control:)\n")); } -#line 5468 "util/configparser.c" /* yacc.c:1648 */ +#line 5470 "util/configparser.c" /* yacc.c:1648 */ break; case 469: -#line 2526 "util/configparser.y" /* yacc.c:1648 */ +#line 2528 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5477,11 +5479,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5481 "util/configparser.c" /* yacc.c:1648 */ +#line 5483 "util/configparser.c" /* yacc.c:1648 */ break; case 470: -#line 2536 "util/configparser.y" /* yacc.c:1648 */ +#line 2538 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5489,79 +5491,79 @@ yyreduce: else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5493 "util/configparser.c" /* yacc.c:1648 */ +#line 5495 "util/configparser.c" /* yacc.c:1648 */ break; case 471: -#line 2545 "util/configparser.y" /* yacc.c:1648 */ +#line 2547 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5503 "util/configparser.c" /* yacc.c:1648 */ +#line 5505 "util/configparser.c" /* yacc.c:1648 */ break; case 472: -#line 2552 "util/configparser.y" /* yacc.c:1648 */ +#line 2554 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5513 "util/configparser.c" /* yacc.c:1648 */ +#line 5515 "util/configparser.c" /* yacc.c:1648 */ break; case 473: -#line 2559 "util/configparser.y" /* yacc.c:1648 */ +#line 2561 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 5523 "util/configparser.c" /* yacc.c:1648 */ +#line 5525 "util/configparser.c" /* yacc.c:1648 */ break; case 474: -#line 2566 "util/configparser.y" /* yacc.c:1648 */ +#line 2568 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 5533 "util/configparser.c" /* yacc.c:1648 */ +#line 5535 "util/configparser.c" /* yacc.c:1648 */ break; case 475: -#line 2573 "util/configparser.y" /* yacc.c:1648 */ +#line 2575 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 5543 "util/configparser.c" /* yacc.c:1648 */ +#line 5545 "util/configparser.c" /* yacc.c:1648 */ break; case 476: -#line 2580 "util/configparser.y" /* yacc.c:1648 */ +#line 2582 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 5553 "util/configparser.c" /* yacc.c:1648 */ +#line 5555 "util/configparser.c" /* yacc.c:1648 */ break; case 477: -#line 2587 "util/configparser.y" /* yacc.c:1648 */ +#line 2589 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("\nP(dnstap:)\n")); } -#line 5561 "util/configparser.c" /* yacc.c:1648 */ +#line 5563 "util/configparser.c" /* yacc.c:1648 */ break; case 492: -#line 2604 "util/configparser.y" /* yacc.c:1648 */ +#line 2606 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5569,21 +5571,21 @@ yyreduce: else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5573 "util/configparser.c" /* yacc.c:1648 */ +#line 5575 "util/configparser.c" /* yacc.c:1648 */ break; case 493: -#line 2613 "util/configparser.y" /* yacc.c:1648 */ +#line 2615 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 5583 "util/configparser.c" /* yacc.c:1648 */ +#line 5585 "util/configparser.c" /* yacc.c:1648 */ break; case 494: -#line 2620 "util/configparser.y" /* yacc.c:1648 */ +#line 2622 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5591,11 +5593,11 @@ yyreduce: else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5595 "util/configparser.c" /* yacc.c:1648 */ +#line 5597 "util/configparser.c" /* yacc.c:1648 */ break; case 495: -#line 2629 "util/configparser.y" /* yacc.c:1648 */ +#line 2631 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5603,31 +5605,31 @@ yyreduce: else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5607 "util/configparser.c" /* yacc.c:1648 */ +#line 5609 "util/configparser.c" /* yacc.c:1648 */ break; case 496: -#line 2638 "util/configparser.y" /* yacc.c:1648 */ +#line 2640 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 5617 "util/configparser.c" /* yacc.c:1648 */ +#line 5619 "util/configparser.c" /* yacc.c:1648 */ break; case 497: -#line 2645 "util/configparser.y" /* yacc.c:1648 */ +#line 2647 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 5627 "util/configparser.c" /* yacc.c:1648 */ +#line 5629 "util/configparser.c" /* yacc.c:1648 */ break; case 498: -#line 2652 "util/configparser.y" /* yacc.c:1648 */ +#line 2654 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5636,11 +5638,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5640 "util/configparser.c" /* yacc.c:1648 */ +#line 5642 "util/configparser.c" /* yacc.c:1648 */ break; case 499: -#line 2662 "util/configparser.y" /* yacc.c:1648 */ +#line 2664 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5649,11 +5651,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5653 "util/configparser.c" /* yacc.c:1648 */ +#line 5655 "util/configparser.c" /* yacc.c:1648 */ break; case 500: -#line 2672 "util/configparser.y" /* yacc.c:1648 */ +#line 2674 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5662,11 +5664,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5666 "util/configparser.c" /* yacc.c:1648 */ +#line 5668 "util/configparser.c" /* yacc.c:1648 */ break; case 501: -#line 2682 "util/configparser.y" /* yacc.c:1648 */ +#line 2684 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5675,11 +5677,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5679 "util/configparser.c" /* yacc.c:1648 */ +#line 5681 "util/configparser.c" /* yacc.c:1648 */ break; case 502: -#line 2692 "util/configparser.y" /* yacc.c:1648 */ +#line 2694 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5688,11 +5690,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5692 "util/configparser.c" /* yacc.c:1648 */ +#line 5694 "util/configparser.c" /* yacc.c:1648 */ break; case 503: -#line 2702 "util/configparser.y" /* yacc.c:1648 */ +#line 2704 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5701,29 +5703,29 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5705 "util/configparser.c" /* yacc.c:1648 */ +#line 5707 "util/configparser.c" /* yacc.c:1648 */ break; case 504: -#line 2712 "util/configparser.y" /* yacc.c:1648 */ +#line 2714 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("\nP(python:)\n")); } -#line 5713 "util/configparser.c" /* yacc.c:1648 */ +#line 5715 "util/configparser.c" /* yacc.c:1648 */ break; case 508: -#line 2721 "util/configparser.y" /* yacc.c:1648 */ +#line 2723 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->python_script); cfg_parser->cfg->python_script = (yyvsp[0].str); } -#line 5723 "util/configparser.c" /* yacc.c:1648 */ +#line 5725 "util/configparser.c" /* yacc.c:1648 */ break; case 509: -#line 2727 "util/configparser.y" /* yacc.c:1648 */ +#line 2729 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5732,21 +5734,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5736 "util/configparser.c" /* yacc.c:1648 */ +#line 5738 "util/configparser.c" /* yacc.c:1648 */ break; case 510: -#line 2737 "util/configparser.y" /* yacc.c:1648 */ +#line 2739 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->log_identity); cfg_parser->cfg->log_identity = (yyvsp[0].str); } -#line 5746 "util/configparser.c" /* yacc.c:1648 */ +#line 5748 "util/configparser.c" /* yacc.c:1648 */ break; case 511: -#line 2744 "util/configparser.y" /* yacc.c:1648 */ +#line 2746 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5754,30 +5756,30 @@ yyreduce: (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip"); } -#line 5758 "util/configparser.c" /* yacc.c:1648 */ +#line 5760 "util/configparser.c" /* yacc.c:1648 */ break; case 512: -#line 2753 "util/configparser.y" /* yacc.c:1648 */ +#line 2755 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5769 "util/configparser.c" /* yacc.c:1648 */ +#line 5771 "util/configparser.c" /* yacc.c:1648 */ break; case 513: -#line 2761 "util/configparser.y" /* yacc.c:1648 */ +#line 2763 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("\nP(dnscrypt:)\n")); } -#line 5777 "util/configparser.c" /* yacc.c:1648 */ +#line 5779 "util/configparser.c" /* yacc.c:1648 */ break; case 526: -#line 2777 "util/configparser.y" /* yacc.c:1648 */ +#line 2779 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5785,11 +5787,11 @@ yyreduce: else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5789 "util/configparser.c" /* yacc.c:1648 */ +#line 5791 "util/configparser.c" /* yacc.c:1648 */ break; case 527: -#line 2787 "util/configparser.y" /* yacc.c:1648 */ +#line 2789 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5797,21 +5799,21 @@ yyreduce: else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5801 "util/configparser.c" /* yacc.c:1648 */ +#line 5803 "util/configparser.c" /* yacc.c:1648 */ break; case 528: -#line 2796 "util/configparser.y" /* yacc.c:1648 */ +#line 2798 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnscrypt_provider); cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); } -#line 5811 "util/configparser.c" /* yacc.c:1648 */ +#line 5813 "util/configparser.c" /* yacc.c:1648 */ break; case 529: -#line 2803 "util/configparser.y" /* yacc.c:1648 */ +#line 2805 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) @@ -5819,21 +5821,21 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert"); } -#line 5823 "util/configparser.c" /* yacc.c:1648 */ +#line 5825 "util/configparser.c" /* yacc.c:1648 */ break; case 530: -#line 2812 "util/configparser.y" /* yacc.c:1648 */ +#line 2814 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); } -#line 5833 "util/configparser.c" /* yacc.c:1648 */ +#line 5835 "util/configparser.c" /* yacc.c:1648 */ break; case 531: -#line 2819 "util/configparser.y" /* yacc.c:1648 */ +#line 2821 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) @@ -5841,22 +5843,22 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-secret-key"); } -#line 5845 "util/configparser.c" /* yacc.c:1648 */ +#line 5847 "util/configparser.c" /* yacc.c:1648 */ break; case 532: -#line 2828 "util/configparser.y" /* yacc.c:1648 */ +#line 2830 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5856 "util/configparser.c" /* yacc.c:1648 */ +#line 5858 "util/configparser.c" /* yacc.c:1648 */ break; case 533: -#line 2836 "util/configparser.y" /* yacc.c:1648 */ +#line 2838 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5868,22 +5870,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5872 "util/configparser.c" /* yacc.c:1648 */ +#line 5874 "util/configparser.c" /* yacc.c:1648 */ break; case 534: -#line 2849 "util/configparser.y" /* yacc.c:1648 */ +#line 2851 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5883 "util/configparser.c" /* yacc.c:1648 */ +#line 5885 "util/configparser.c" /* yacc.c:1648 */ break; case 535: -#line 2857 "util/configparser.y" /* yacc.c:1648 */ +#line 2859 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5895,19 +5897,19 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5899 "util/configparser.c" /* yacc.c:1648 */ +#line 5901 "util/configparser.c" /* yacc.c:1648 */ break; case 536: -#line 2870 "util/configparser.y" /* yacc.c:1648 */ +#line 2872 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("\nP(cachedb:)\n")); } -#line 5907 "util/configparser.c" /* yacc.c:1648 */ +#line 5909 "util/configparser.c" /* yacc.c:1648 */ break; case 544: -#line 2880 "util/configparser.y" /* yacc.c:1648 */ +#line 2882 "util/configparser.y" /* yacc.c:1648 */ { #ifdef USE_CACHEDB OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); @@ -5921,11 +5923,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5925 "util/configparser.c" /* yacc.c:1648 */ +#line 5927 "util/configparser.c" /* yacc.c:1648 */ break; case 545: -#line 2895 "util/configparser.y" /* yacc.c:1648 */ +#line 2897 "util/configparser.y" /* yacc.c:1648 */ { #ifdef USE_CACHEDB OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); @@ -5939,11 +5941,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5943 "util/configparser.c" /* yacc.c:1648 */ +#line 5945 "util/configparser.c" /* yacc.c:1648 */ break; case 546: -#line 2910 "util/configparser.y" /* yacc.c:1648 */ +#line 2912 "util/configparser.y" /* yacc.c:1648 */ { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str))); @@ -5954,11 +5956,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5958 "util/configparser.c" /* yacc.c:1648 */ +#line 5960 "util/configparser.c" /* yacc.c:1648 */ break; case 547: -#line 2922 "util/configparser.y" /* yacc.c:1648 */ +#line 2924 "util/configparser.y" /* yacc.c:1648 */ { #if defined(USE_CACHEDB) && defined(USE_REDIS) int port; @@ -5972,11 +5974,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5976 "util/configparser.c" /* yacc.c:1648 */ +#line 5978 "util/configparser.c" /* yacc.c:1648 */ break; case 548: -#line 2937 "util/configparser.y" /* yacc.c:1648 */ +#line 2939 "util/configparser.y" /* yacc.c:1648 */ { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str))); @@ -5988,11 +5990,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5992 "util/configparser.c" /* yacc.c:1648 */ +#line 5994 "util/configparser.c" /* yacc.c:1648 */ break; case 549: -#line 2950 "util/configparser.y" /* yacc.c:1648 */ +#line 2952 "util/configparser.y" /* yacc.c:1648 */ { OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if (atoi((yyvsp[0].str)) < 0) @@ -6002,11 +6004,11 @@ yyreduce: fatal_exit("out of memory adding tcp connection limit"); } } -#line 6006 "util/configparser.c" /* yacc.c:1648 */ +#line 6008 "util/configparser.c" /* yacc.c:1648 */ break; -#line 6010 "util/configparser.c" /* yacc.c:1648 */ +#line 6012 "util/configparser.c" /* yacc.c:1648 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -6234,7 +6236,7 @@ yyreturn: #endif return yyresult; } -#line 2960 "util/configparser.y" /* yacc.c:1907 */ +#line 2962 "util/configparser.y" /* yacc.c:1907 */ /* parse helper routines could be here */ diff --git a/util/configparser.y b/util/configparser.y index 5f52f4d77847..c7b916966e24 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -1783,12 +1783,14 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG && strcmp($3, "always_refuse")!=0 && strcmp($3, "always_nxdomain")!=0 && strcmp($3, "noview")!=0 - && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) { + && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0 + && strcmp($3, "inform_redirect") != 0) { yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " - "always_transparent, always_refuse, " - "always_nxdomain, noview or nodefault"); + "inform_redirect, always_transparent, " + "always_refuse, always_nxdomain, noview " + "or nodefault"); free($2); free($3); } else if(strcmp($3, "nodefault")==0) { diff --git a/util/net_help.c b/util/net_help.c index 1a4fa8a58e6f..2b1be92460ba 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -1049,11 +1049,19 @@ void* outgoing_ssl_fd(void* sslctx, int fd) static lock_basic_type *ub_openssl_locks = NULL; /** callback that gets thread id for openssl */ +#ifdef HAVE_CRYPTO_THREADID_SET_CALLBACK +static void +ub_crypto_id_cb(CRYPTO_THREADID *id) +{ + CRYPTO_THREADID_set_numeric(id, (unsigned long)log_thread_get()); +} +#else static unsigned long ub_crypto_id_cb(void) { return (unsigned long)log_thread_get(); } +#endif static void ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file), @@ -1078,7 +1086,11 @@ int ub_openssl_lock_init(void) for(i=0; i<CRYPTO_num_locks(); i++) { lock_basic_init(&ub_openssl_locks[i]); } +# ifdef HAVE_CRYPTO_THREADID_SET_CALLBACK + CRYPTO_THREADID_set_callback(&ub_crypto_id_cb); +# else CRYPTO_set_id_callback(&ub_crypto_id_cb); +# endif CRYPTO_set_locking_callback(&ub_crypto_lock_cb); #endif /* OPENSSL_THREADS */ return 1; @@ -1090,7 +1102,11 @@ void ub_openssl_lock_delete(void) int i; if(!ub_openssl_locks) return; +# ifdef HAVE_CRYPTO_THREADID_SET_CALLBACK + CRYPTO_THREADID_set_callback(NULL); +# else CRYPTO_set_id_callback(NULL); +# endif CRYPTO_set_locking_callback(NULL); for(i=0; i<CRYPTO_num_locks(); i++) { lock_basic_destroy(&ub_openssl_locks[i]); @@ -1219,6 +1235,7 @@ listen_sslctx_delete_ticket_keys(void) struct tls_session_ticket_key *key; if(!ticket_keys) return; for(key = ticket_keys; key->key_name != NULL; key++) { + memset(key->key_name, 0xdd, 80); /* wipe key data from memory*/ free(key->key_name); } free(ticket_keys); diff --git a/util/netevent.c b/util/netevent.c index a507faf7e411..f33e44058b11 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -989,10 +989,10 @@ tcp_callback_writer(struct comm_point* c) c->tcp_is_reading = 1; c->tcp_byte_count = 0; /* switch from listening(write) to listening(read) */ - comm_point_stop_listening(c); if(c->tcp_req_info) { tcp_req_info_handle_writedone(c->tcp_req_info); } else { + comm_point_stop_listening(c); comm_point_start_listening(c, -1, -1); } } @@ -1006,11 +1006,11 @@ tcp_callback_reader(struct comm_point* c) if(c->tcp_do_toggle_rw) c->tcp_is_reading = 0; c->tcp_byte_count = 0; - if(c->type == comm_tcp) - comm_point_stop_listening(c); if(c->tcp_req_info) { tcp_req_info_handle_readdone(c->tcp_req_info); } else { + if(c->type == comm_tcp) + comm_point_stop_listening(c); fptr_ok(fptr_whitelist_comm_point(c->callback)); if( (*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &c->repinfo) ) { comm_point_start_listening(c, -1, c->tcp_timeout_msec); |