diff options
| author |   sthen <sthen@openbsd.org> | 2013-09-22 11:30:36 +0000 |
|---|---|---|
| committer | sthen <sthen@openbsd.org> | 2013-09-22 11:30:36 +0000 |
| commit | 229e174ce6e4d6ef4226ac3c2923a20eb89287ff (patch) | |
| tree | 415d733cadb274af79d3627ae801c435a7abb3bd | |
| parent | Support MSI for virtio. This is useful for bhyve. (diff) | |
| download | wireguard-openbsd-229e174ce6e4d6ef4226ac3c2923a20eb89287ff.tar.xz wireguard-openbsd-229e174ce6e4d6ef4226ac3c2923a20eb89287ff.zip | |
update to Unbound 1.4.21, ok brad@
89 files changed, 2181 insertions, 848 deletions
diff --git a/usr.sbin/unbound/aclocal.m4 b/usr.sbin/unbound/aclocal.m4 index de630d85b48..4e52c652062 100644 --- a/usr.sbin/unbound/aclocal.m4 +++ b/usr.sbin/unbound/aclocal.m4 @@ -1,7 +1,7 @@ -# generated automatically by aclocal 1.11.1 -*- Autoconf -*- +# generated automatically by aclocal 1.12.2 -*- Autoconf -*- + +# Copyright (C) 1996-2012 Free Software Foundation, Inc. -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,8 +14,8 @@ # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, -# Inc. +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives @@ -24,8 +24,8 @@ m4_define([_LT_COPYING], [dnl # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, -# Inc. +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. @@ -159,6 +159,8 @@ AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl +_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl +dnl _LT_DECL([], [host_alias], [0], [The host system])dnl _LT_DECL([], [host], [0])dnl _LT_DECL([], [host_os], [0])dnl @@ -644,7 +646,7 @@ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) configured by $[0], generated by m4_PACKAGE_STRING. -Copyright (C) 2010 Free Software Foundation, Inc. +Copyright (C) 2011 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." @@ -808,6 +810,7 @@ AC_DEFUN([LT_LANG], m4_case([$1], [C], [_LT_LANG(C)], [C++], [_LT_LANG(CXX)], + [Go], [_LT_LANG(GO)], [Java], [_LT_LANG(GCJ)], [Fortran 77], [_LT_LANG(F77)], [Fortran], [_LT_LANG(FC)], @@ -829,6 +832,29 @@ m4_defun([_LT_LANG], ])# _LT_LANG +m4_ifndef([AC_PROG_GO], [ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_GO. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +m4_defun([AC_PROG_GO], +[AC_LANG_PUSH(Go)dnl +AC_ARG_VAR([GOC], [Go compiler command])dnl +AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl +_AC_ARG_VAR_LDFLAGS()dnl +AC_CHECK_TOOL(GOC, gccgo) +if test -z "$GOC"; then + if test -n "$ac_tool_prefix"; then + AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) + fi +fi +if test -z "$GOC"; then + AC_CHECK_PROG(GOC, gccgo, gccgo, false) +fi +])#m4_defun +])#m4_ifndef + + # _LT_LANG_DEFAULT_CONFIG # ----------------------- m4_defun([_LT_LANG_DEFAULT_CONFIG], @@ -859,6 +885,10 @@ AC_PROVIDE_IFELSE([AC_PROG_GCJ], m4_ifdef([LT_PROG_GCJ], [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) +AC_PROVIDE_IFELSE([AC_PROG_GO], + [LT_LANG(GO)], + [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) + AC_PROVIDE_IFELSE([LT_PROG_RC], [LT_LANG(RC)], [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) @@ -961,7 +991,13 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? - if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test $_lt_result -eq 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -969,6 +1005,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ rm -rf libconftest.dylib* rm -f conftest.* fi]) + AC_CACHE_CHECK([for -exported_symbols_list linker flag], [lt_cv_ld_exported_symbols_list], [lt_cv_ld_exported_symbols_list=no @@ -980,6 +1017,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ [lt_cv_ld_exported_symbols_list=no]) LDFLAGS="$save_LDFLAGS" ]) + AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], [lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF @@ -997,7 +1035,9 @@ _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? - if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then lt_cv_ld_force_load=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -1042,8 +1082,8 @@ _LT_EOF ]) -# _LT_DARWIN_LINKER_FEATURES -# -------------------------- +# _LT_DARWIN_LINKER_FEATURES([TAG]) +# --------------------------------- # Checks for linker and compiler features on darwin m4_defun([_LT_DARWIN_LINKER_FEATURES], [ @@ -1054,6 +1094,8 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES], _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported if test "$lt_cv_ld_force_load" = "yes"; then _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], + [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) else _LT_TAGVAR(whole_archive_flag_spec, $1)='' fi @@ -1337,14 +1379,27 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) CFLAGS="$SAVE_CFLAGS" fi ;; -sparc*-*solaris*) +*-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in - yes*) LD="${LD-ld} -m elf64_sparc" ;; + yes*) + case $host in + i?86-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD="${LD-ld}_sol2" + fi + ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" @@ -1421,13 +1476,13 @@ old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac - old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in @@ -1607,6 +1662,11 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl lt_cv_sys_max_cmd_len=196608 ;; + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not @@ -1646,7 +1706,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. - while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \ + while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do @@ -2192,7 +2252,7 @@ need_version=unknown case $host_os in aix3*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH @@ -2201,7 +2261,7 @@ aix3*) ;; aix[[4-9]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes @@ -2266,7 +2326,7 @@ beos*) ;; bsdi[[45]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' @@ -2405,7 +2465,7 @@ m4_if([$1], [],[ ;; dgux*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' @@ -2413,10 +2473,6 @@ dgux*) shlibpath_var=LD_LIBRARY_PATH ;; -freebsd1*) - dynamic_linker=no - ;; - freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. @@ -2424,7 +2480,7 @@ freebsd* | dragonfly*) objformat=`/usr/bin/objformat` else case $host_os in - freebsd[[123]]*) objformat=aout ;; + freebsd[[23]].*) objformat=aout ;; *) objformat=elf ;; esac fi @@ -2442,7 +2498,7 @@ freebsd* | dragonfly*) esac shlibpath_var=LD_LIBRARY_PATH case $host_os in - freebsd2*) + freebsd2.*) shlibpath_overrides_runpath=yes ;; freebsd3.[[01]]* | freebsdelf3.[[01]]*) @@ -2462,17 +2518,18 @@ freebsd* | dragonfly*) ;; gnu*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; haiku*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" @@ -2533,7 +2590,7 @@ hpux9* | hpux10* | hpux11*) ;; interix[[3-9]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' @@ -2549,7 +2606,7 @@ irix5* | irix6* | nonstopux*) nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; @@ -2586,9 +2643,9 @@ linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; -# This must be Linux ELF. +# This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2655,7 +2712,7 @@ netbsd*) ;; newsos6) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes @@ -2724,7 +2781,7 @@ rdos*) ;; solaris*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2749,7 +2806,7 @@ sunos4*) ;; sysv4 | sysv4.3*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH @@ -2773,7 +2830,7 @@ sysv4 | sysv4.3*) sysv4*MP*) if test -d /usr/nec ;then - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH @@ -2804,7 +2861,7 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2814,7 +2871,7 @@ tpf*) ;; uts4*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH @@ -3236,7 +3293,7 @@ irix5* | irix6* | nonstopux*) lt_cv_deplibs_check_method=pass_all ;; -# This must be Linux ELF. +# This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; @@ -3656,6 +3713,7 @@ for ac_symprfx in "" "_"; do # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ @@ -4240,7 +4298,9 @@ m4_if([$1], [CXX], [ case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Xcompiler -fPIC' + if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" + fi ;; esac else @@ -4332,18 +4392,33 @@ m4_if([$1], [CXX], [ ;; *) case `$CC -V 2>&1 | sed 5q` in - *Sun\ F* | *Sun*Fortran*) + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='' ;; + *Sun\ F* | *Sun*Fortran*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; + *Intel*\ [[CF]]*Compiler*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + *Portland\ Group*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; esac ;; esac @@ -4503,7 +4578,9 @@ m4_if([$1], [CXX], [ ;; cygwin* | mingw* | cegcc*) case $cc_basename in - cl*) ;; + cl*) + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] @@ -4528,7 +4605,6 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported @@ -4779,8 +4855,7 @@ _LT_EOF xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ @@ -5075,6 +5150,7 @@ _LT_EOF # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' @@ -5121,10 +5197,6 @@ _LT_EOF _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; - freebsd1*) - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little @@ -5137,7 +5209,7 @@ _LT_EOF ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. - freebsd2*) + freebsd2.*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes @@ -5176,7 +5248,6 @@ _LT_EOF fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes @@ -5618,9 +5689,6 @@ _LT_TAGDECL([], [no_undefined_flag], [1], _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], [Flag to hardcode $libdir into a binary during linking. This must work even if $libdir does not exist]) -_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1], - [[If ld is used when linking, flag to hardcode $libdir into a binary - during linking. This must work even if $libdir does not exist]]) _LT_TAGDECL([], [hardcode_libdir_separator], [1], [Whether we need a single "-rpath" flag with a separated argument]) _LT_TAGDECL([], [hardcode_direct], [0], @@ -5774,7 +5842,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported @@ -6144,7 +6211,7 @@ if test "$_lt_caught_CXX_error" != yes; then esac ;; - freebsd[[12]]*) + freebsd2.*) # C++ shared libraries reported to be fairly broken before # switch to ELF _LT_TAGVAR(ld_shlibs, $1)=no @@ -6905,12 +6972,18 @@ public class foo { } }; _LT_EOF +], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF +package foo +func foo() { +} +_LT_EOF ]) _lt_libdeps_save_CFLAGS=$CFLAGS case "$CC $CFLAGS " in #( *\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; *\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; +*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; esac dnl Parse the compiler output and extract the necessary @@ -7107,7 +7180,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no @@ -7240,7 +7312,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no @@ -7423,6 +7494,73 @@ CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_GCJ_CONFIG +# _LT_LANG_GO_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Go compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_GO_CONFIG], +[AC_REQUIRE([LT_PROG_GO])dnl +AC_LANG_SAVE + +# Source file extension for Go test sources. +ac_ext=go + +# Object file extension for compiled Go test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="package main; func main() { }" + +# Code to be used in simple link tests +lt_simple_link_test_code='package main; func main() { }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GOC-"gccgo"} +CFLAGS=$GOFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)="$LD" +_LT_CC_BASENAME([$compiler]) + +# Go did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GO_CONFIG + + # _LT_LANG_RC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for the Windows resource compiler @@ -7492,6 +7630,13 @@ dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_GCJ], []) +# LT_PROG_GO +# ---------- +AC_DEFUN([LT_PROG_GO], +[AC_CHECK_TOOL(GOC, gccgo,) +]) + + # LT_PROG_RC # ---------- AC_DEFUN([LT_PROG_RC], @@ -8156,9 +8301,24 @@ dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) # MODE is either `yes' or `no'. If omitted, it defaults to `both'. m4_define([_LT_WITH_PIC], [AC_ARG_WITH([pic], - [AS_HELP_STRING([--with-pic], + [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], - [pic_mode="$withval"], + [lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for lt_pkg in $withval; do + IFS="$lt_save_ifs" + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], [pic_mode=default]) test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) @@ -8330,15 +8490,15 @@ m4_define([lt_dict_filter], # @configure_input@ -# serial 3293 ltversion.m4 +# serial 3337 ltversion.m4 # This file is part of GNU Libtool -m4_define([LT_PACKAGE_VERSION], [2.4]) -m4_define([LT_PACKAGE_REVISION], [1.3293]) +m4_define([LT_PACKAGE_VERSION], [2.4.2]) +m4_define([LT_PACKAGE_REVISION], [1.3337]) AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.4' -macro_revision='1.3293' +[macro_version='2.4.2' +macro_revision='1.3337' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) diff --git a/usr.sbin/unbound/acx_nlnetlabs.m4 b/usr.sbin/unbound/acx_nlnetlabs.m4 index e90c81ea02a..90f1315bb6a 100644 --- a/usr.sbin/unbound/acx_nlnetlabs.m4 +++ b/usr.sbin/unbound/acx_nlnetlabs.m4 @@ -2,7 +2,11 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 21 +# Version 25 +# 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes +# 2013-06-25 FLTO has --disable-flto option. +# 2013-05-03 Update W32_SLEEP for newer mingw that links but not defines it. +# 2013-03-22 Fix ACX_RSRC_VERSION for long version numbers. # 2012-02-09 Fix AHX_MEMCMP_BROKEN with undef in compat/memcmp.h. # 2012-01-20 Fix COMPILER_FLAGS_UNBOUND for gcc 4.6.2 assigned-not-used-warns. # 2011-12-05 Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc. @@ -101,7 +105,7 @@ dnl Calculate comma separated windows-resource numbers from package version. dnl Picks the first three(,0) or four numbers out of the name. dnl $1: variable for the result AC_DEFUN([ACX_RSRC_VERSION], -[$1=[`echo $PACKAGE_VERSION | sed -e 's/^[^0-9]*\([0-9]\)[^0-9]*\([0-9]\)[^0-9]*\([0-9]\)[^0-9]*\([0-9]\).*$/\1,\2,\3,\4/' -e 's/^[^0-9]*\([0-9]\)[^0-9]*\([0-9]\)[^0-9]*\([0-9]\)[^0-9]*$/\1,\2,\3,0/' `] +[$1=[`echo $PACKAGE_VERSION | sed -e 's/^[^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\).*$/\1,\2,\3,\4/' -e 's/^[^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9]*$/\1,\2,\3,0/' `] ]) dnl Routine to help check for compiler flags. @@ -116,7 +120,7 @@ AC_MSG_CHECKING(whether $CC supports -$1) cache=`echo $1 | sed 'y%.=/+-%___p_%'` AC_CACHE_VAL(cv_prog_cc_flag_$cache, [ -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -$1 -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else @@ -405,19 +409,22 @@ int test() { dnl Check if CC supports -flto. dnl in a way that supports clang and suncc (that flag does something else, dnl but fails to link). It sets it in CFLAGS if it works. -AC_DEFUN([ACX_CHECK_FLTO], -[AC_MSG_CHECKING([if $CC supports -flto]) -BAKCFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -flto" -AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ - if $CC $CFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then - CFLAGS="$BAKCFLAGS" - AC_MSG_RESULT(no) - else - AC_MSG_RESULT(yes) - fi - rm -f conftest conftest.c conftest.o -], [CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)]) +AC_DEFUN([ACX_CHECK_FLTO], [ + AC_ARG_ENABLE([flto], AS_HELP_STRING([--disable-flto], [Disable link-time optimization])) + AS_IF([test "x$enable_flto" != "xno"], [ + AC_MSG_CHECKING([if $CC supports -flto]) + BAKCFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -flto" + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ + if $CC $CFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then + CFLAGS="$BAKCFLAGS" + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + fi + rm -f conftest conftest.c conftest.o + ], [CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)]) + ]) ]) dnl Check the printf-format attribute (if any) @@ -1208,7 +1215,7 @@ struct tm *gmtime_r(const time_t *timep, struct tm *result); dnl provide w32 compat definition for sleep AC_DEFUN([AHX_CONFIG_W32_SLEEP], [ -#ifndef HAVE_SLEEP +#if !defined(HAVE_SLEEP) || defined(HAVE_WINDOWS_H) #define sleep(x) Sleep((x)*1000) /* on win32 */ #endif /* HAVE_SLEEP */ ]) diff --git a/usr.sbin/unbound/ax_pthread.m4 b/usr.sbin/unbound/ax_pthread.m4 new file mode 100644 index 00000000000..47fe233b20f --- /dev/null +++ b/usr.sbin/unbound/ax_pthread.m4 @@ -0,0 +1,317 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_pthread.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) +# +# DESCRIPTION +# +# This macro figures out how to build C programs using POSIX threads. It +# sets the PTHREAD_LIBS output variable to the threads library and linker +# flags, and the PTHREAD_CFLAGS output variable to any special C compiler +# flags that are needed. (The user can also force certain compiler +# flags/libs to be tested by setting these environment variables.) +# +# Also sets PTHREAD_CC to any special C compiler that is needed for +# multi-threaded programs (defaults to the value of CC otherwise). (This +# is necessary on AIX to use the special cc_r compiler alias.) +# +# NOTE: You are assumed to not only compile your program with these flags, +# but also link it with them as well. e.g. you should link with +# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS +# +# If you are only building threads programs, you may wish to use these +# variables in your default LIBS, CFLAGS, and CC: +# +# LIBS="$PTHREAD_LIBS $LIBS" +# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" +# CC="$PTHREAD_CC" +# +# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant +# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name +# (e.g. PTHREAD_CREATE_UNDETACHED on AIX). +# +# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the +# PTHREAD_PRIO_INHERIT symbol is defined when compiling with +# PTHREAD_CFLAGS. +# +# ACTION-IF-FOUND is a list of shell commands to run if a threads library +# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it +# is not found. If ACTION-IF-FOUND is not specified, the default action +# will define HAVE_PTHREAD. +# +# Please let the authors know if this macro fails on any platform, or if +# you have any other suggestions or comments. This macro was based on work +# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help +# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by +# Alejandro Forero Cuervo to the autoconf macro repository. We are also +# grateful for the helpful feedback of numerous users. +# +# Updated for Autoconf 2.68 by Daniel Richard G. +# +# LICENSE +# +# Copyright (c) 2008 Steven G. Johnson <stevenj@alum.mit.edu> +# Copyright (c) 2011 Daniel Richard G. <skunk@iSKUNK.ORG> +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 20 + +AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) +AC_DEFUN([AX_PTHREAD], [ +AC_REQUIRE([AC_CANONICAL_HOST]) +AC_LANG_PUSH([C]) +ax_pthread_ok=no + +# We used to check for pthread.h first, but this fails if pthread.h +# requires special compiler flags (e.g. on True64 or Sequent). +# It gets checked for in the link test anyway. + +# First of all, check if the user has set any of the PTHREAD_LIBS, +# etcetera environment variables, and if threads linking works using +# them: +if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) + AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes) + AC_MSG_RESULT($ax_pthread_ok) + if test x"$ax_pthread_ok" = xno; then + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" + fi + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" +fi + +# We must check for the threads library under a number of different +# names; the ordering is very important because some systems +# (e.g. DEC) have both -lpthread and -lpthreads, where one of the +# libraries is broken (non-POSIX). + +# Create a list of thread flags to try. Items starting with a "-" are +# C compiler flags, and other items are library names, except for "none" +# which indicates that we try without any flags at all, and "pthread-config" +# which is a program returning the flags for the Pth emulation library. + +ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" + +# The ordering *is* (sometimes) important. Some notes on the +# individual items follow: + +# pthreads: AIX (must check this before -lpthread) +# none: in case threads are in libc; should be tried before -Kthread and +# other compiler flags to prevent continual compiler warnings +# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) +# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) +# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) +# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) +# -pthreads: Solaris/gcc +# -mthreads: Mingw32/gcc, Lynx/gcc +# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it +# doesn't hurt to check since this sometimes defines pthreads too; +# also defines -D_REENTRANT) +# ... -mt is also the pthreads flag for HP/aCC +# pthread: Linux, etcetera +# --thread-safe: KAI C++ +# pthread-config: use pthread-config program (for GNU Pth library) + +case ${host_os} in + solaris*) + + # On Solaris (at least, for some versions), libc contains stubbed + # (non-functional) versions of the pthreads routines, so link-based + # tests will erroneously succeed. (We need to link with -pthreads/-mt/ + # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather + # a function called by this macro, so we could check for that, but + # who knows whether they'll stub that too in a future libc.) So, + # we'll just look for -pthreads and -lpthread first: + + ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" + ;; + + darwin*) + ax_pthread_flags="-pthread $ax_pthread_flags" + ;; +esac + +if test x"$ax_pthread_ok" = xno; then +for flag in $ax_pthread_flags; do + + case $flag in + none) + AC_MSG_CHECKING([whether pthreads work without any flags]) + ;; + + -*) + AC_MSG_CHECKING([whether pthreads work with $flag]) + PTHREAD_CFLAGS="$flag" + ;; + + pthread-config) + AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no) + if test x"$ax_pthread_config" = xno; then continue; fi + PTHREAD_CFLAGS="`pthread-config --cflags`" + PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" + ;; + + *) + AC_MSG_CHECKING([for the pthreads library -l$flag]) + PTHREAD_LIBS="-l$flag" + ;; + esac + + save_LIBS="$LIBS" + save_CFLAGS="$CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Check for various functions. We must include pthread.h, + # since some functions may be macros. (On the Sequent, we + # need a special flag -Kthread to make this header compile.) + # We check for pthread_join because it is in -lpthread on IRIX + # while pthread_create is in libc. We check for pthread_attr_init + # due to DEC craziness with -lpthreads. We check for + # pthread_cleanup_push because it is one of the few pthread + # functions on Solaris that doesn't have a non-functional libc stub. + # We try pthread_create on general principles. + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h> + static void routine(void *a) { *((int*)a) = 0; } + static void *start_routine(void *a) { return a; }], + [pthread_t th; pthread_attr_t attr; + pthread_create(&th, 0, start_routine, 0); + pthread_join(th, 0); + pthread_attr_init(&attr); + pthread_cleanup_push(routine, 0); + pthread_cleanup_pop(0) /* ; */])], + [ax_pthread_ok=yes], + []) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + AC_MSG_RESULT($ax_pthread_ok) + if test "x$ax_pthread_ok" = xyes; then + break; + fi + + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" +done +fi + +# Various other checks: +if test "x$ax_pthread_ok" = xyes; then + save_LIBS="$LIBS" + LIBS="$PTHREAD_LIBS $LIBS" + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + + # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. + AC_MSG_CHECKING([for joinable pthread attribute]) + attr_name=unknown + for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>], + [int attr = $attr; return attr /* ; */])], + [attr_name=$attr; break], + []) + done + AC_MSG_RESULT($attr_name) + if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then + AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, + [Define to necessary symbol if this constant + uses a non-standard name on your system.]) + fi + + AC_MSG_CHECKING([if more special flags are required for pthreads]) + flag=no + case ${host_os} in + aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";; + osf* | hpux*) flag="-D_REENTRANT";; + solaris*) + if test "$GCC" = "yes"; then + flag="-D_REENTRANT" + else + flag="-mt -D_REENTRANT" + fi + ;; + esac + AC_MSG_RESULT(${flag}) + if test "x$flag" != xno; then + PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" + fi + + AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], + ax_cv_PTHREAD_PRIO_INHERIT, [ + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[#include <pthread.h>]], [[int i = PTHREAD_PRIO_INHERIT;]])], + [ax_cv_PTHREAD_PRIO_INHERIT=yes], + [ax_cv_PTHREAD_PRIO_INHERIT=no]) + ]) + AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], + AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.])) + + LIBS="$save_LIBS" + CFLAGS="$save_CFLAGS" + + # More AIX lossage: compile with *_r variant + if test "x$GCC" != xyes; then + case $host_os in + aix*) + AS_CASE(["x/$CC"], + [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6], + [#handle absolute path differently from PATH based program lookup + AS_CASE(["x$CC"], + [x/*], + [AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])], + [AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])]) + ;; + esac + fi +fi + +test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" + +AC_SUBST(PTHREAD_LIBS) +AC_SUBST(PTHREAD_CFLAGS) +AC_SUBST(PTHREAD_CC) + +# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: +if test x"$ax_pthread_ok" = xyes; then + ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) + : +else + ax_pthread_ok=no + $2 +fi +AC_LANG_POP +])dnl AX_PTHREAD diff --git a/usr.sbin/unbound/config.guess b/usr.sbin/unbound/config.guess index dc84c68ef79..c0adba94b2f 100644 --- a/usr.sbin/unbound/config.guess +++ b/usr.sbin/unbound/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 -# Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011, 2012 Free Software Foundation, Inc. -timestamp='2009-11-20' +timestamp='2012-06-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -17,9 +17,7 @@ timestamp='2009-11-20' # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program; if not, see <http://www.gnu.org/licenses/>. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -56,8 +54,9 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 +Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -144,7 +143,7 @@ UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or - # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward @@ -180,7 +179,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in fi ;; *) - os=netbsd + os=netbsd ;; esac # The OS release @@ -223,7 +222,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on @@ -269,7 +268,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - exit ;; + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead @@ -295,7 +297,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in echo s390-ibm-zvmoe exit ;; *:OS400:*:*) - echo powerpc-ibm-os400 + echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} @@ -394,23 +396,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit ;; + exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} - exit ;; + echo m68k-milan-mint${UNAME_RELEASE} + exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} - exit ;; + echo m68k-hades-mint${UNAME_RELEASE} + exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} - exit ;; + echo m68k-unknown-mint${UNAME_RELEASE} + exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; @@ -480,8 +482,8 @@ EOF echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ @@ -494,7 +496,7 @@ EOF else echo i586-dg-dgux${UNAME_RELEASE} fi - exit ;; + exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; @@ -551,7 +553,7 @@ EOF echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[456]) + *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -594,52 +596,52 @@ EOF 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` - sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 - 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 - esac ;; - esac + esac ;; + esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + sed 's/^ //' << EOF >$dummy.c - #define _HPUX_SOURCE - #include <stdlib.h> - #include <unistd.h> + #define _HPUX_SOURCE + #include <stdlib.h> + #include <unistd.h> - int main () - { - #if defined(_SC_KERNEL_BITS) - long bits = sysconf(_SC_KERNEL_BITS); - #endif - long cpu = sysconf (_SC_CPU_VERSION); + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1"); break; - case CPU_PA_RISC2_0: - #if defined(_SC_KERNEL_BITS) - switch (bits) - { - case 64: puts ("hppa2.0w"); break; - case 32: puts ("hppa2.0n"); break; - default: puts ("hppa2.0"); break; - } break; - #else /* !defined(_SC_KERNEL_BITS) */ - puts ("hppa2.0"); break; - #endif - default: puts ("hppa1.0"); break; - } - exit (0); - } + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa @@ -730,22 +732,22 @@ EOF exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd - exit ;; + exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit ;; + exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd - exit ;; + exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd - exit ;; + exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd - exit ;; + exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; @@ -769,14 +771,14 @@ EOF exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} @@ -788,13 +790,12 @@ EOF echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) - case ${UNAME_MACHINE} in - pc98) - echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + UNAME_PROCESSOR=`/usr/bin/uname -p` + case ${UNAME_PROCESSOR} in amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) - echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) @@ -803,15 +804,18 @@ EOF *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; + i*:MSYS*:*) + echo ${UNAME_MACHINE}-pc-msys + exit ;; i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) - case ${UNAME_MACHINE} in + case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; @@ -857,6 +861,13 @@ EOF i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + aarch64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; @@ -866,7 +877,7 @@ EOF EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; - esac + esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} @@ -878,20 +889,29 @@ EOF then echo ${UNAME_MACHINE}-unknown-linux-gnu else - echo ${UNAME_MACHINE}-unknown-linux-gnueabi + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + fi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; cris:Linux:*:*) - echo cris-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-gnu exit ;; crisv32:Linux:*:*) - echo crisv32-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-gnu exit ;; frv:Linux:*:*) - echo frv-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + hexagon:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:Linux:*:*) LIBC=gnu @@ -933,7 +953,7 @@ EOF test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) - echo or32-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; padre:Linux:*:*) echo sparc-unknown-linux-gnu @@ -959,7 +979,7 @@ EOF echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu @@ -967,14 +987,17 @@ EOF sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) - echo x86_64-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -983,11 +1006,11 @@ EOF echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... - # I am not positive that other SVR4 systems won't match this, + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. + # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) @@ -1019,7 +1042,7 @@ EOF fi exit ;; i*86:*:5:[678]*) - # UnixWare 7.x, OpenUNIX and OpenServer 6. + # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; @@ -1047,13 +1070,13 @@ EOF exit ;; pc:*:*:*) # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i586. + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp - exit ;; + exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; @@ -1088,8 +1111,8 @@ EOF /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4; exit; } ;; + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ @@ -1132,10 +1155,10 @@ EOF echo ns32k-sni-sysv fi exit ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says <Richard.M.Bartel@ccMail.Census.GOV> - echo i586-unisys-sysv4 - exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says <Richard.M.Bartel@ccMail.Census.GOV> + echo i586-unisys-sysv4 + exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes <hewes@openmarket.com>. # How about differentiating between stratus architectures? -djm @@ -1161,11 +1184,11 @@ EOF exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} + echo mips-nec-sysv${UNAME_RELEASE} else - echo mips-unknown-sysv${UNAME_RELEASE} + echo mips-unknown-sysv${UNAME_RELEASE} fi - exit ;; + exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; @@ -1230,7 +1253,10 @@ EOF *:QNX:*:4*) echo i386-pc-qnx exit ;; - NSE-?:NONSTOP_KERNEL:*:*) + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; + NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) @@ -1275,13 +1301,13 @@ EOF echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} + echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) - UNAME_MACHINE=`(uname -p) 2>/dev/null` + UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; @@ -1299,6 +1325,9 @@ EOF i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; + x86_64:VMkernel:*:*) + echo ${UNAME_MACHINE}-unknown-esx + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1321,11 +1350,11 @@ main () #include <sys/param.h> printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 - "4" + "4" #else - "" + "" #endif - ); exit (0); + ); exit (0); #endif #endif diff --git a/usr.sbin/unbound/config.h.in b/usr.sbin/unbound/config.h.in index bfadf52da3c..46f38edf35d 100644 --- a/usr.sbin/unbound/config.h.in +++ b/usr.sbin/unbound/config.h.in @@ -220,6 +220,9 @@ /* Define if you have POSIX threads libraries and header files. */ #undef HAVE_PTHREAD +/* Have PTHREAD_PRIO_INHERIT. */ +#undef HAVE_PTHREAD_PRIO_INHERIT + /* Define to 1 if the system has the type `pthread_rwlock_t'. */ #undef HAVE_PTHREAD_RWLOCK_T @@ -549,6 +552,11 @@ `char[]'. */ #undef YYTEXT_POINTER +/* Enable large inode numbers on Mac OS X 10.5. */ +#ifndef _DARWIN_USE_64_BIT_INODE +# define _DARWIN_USE_64_BIT_INODE 1 +#endif + /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS @@ -800,7 +808,7 @@ struct tm *gmtime_r(const time_t *timep, struct tm *result); #endif -#ifndef HAVE_SLEEP +#if !defined(HAVE_SLEEP) || defined(HAVE_WINDOWS_H) #define sleep(x) Sleep((x)*1000) /* on win32 */ #endif /* HAVE_SLEEP */ @@ -866,8 +874,6 @@ char *strptime(const char *s, const char *format, struct tm *tm); # endif #endif /* CHECKED_INET6 */ -/* maximum nesting of included files */ -#define MAXINCLUDES 10 #ifndef HAVE_GETADDRINFO struct sockaddr_storage; #include "compat/fake-rfc2553.h" diff --git a/usr.sbin/unbound/config.sub b/usr.sbin/unbound/config.sub index 2a55a50751c..6205f8423d6 100644 --- a/usr.sbin/unbound/config.sub +++ b/usr.sbin/unbound/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 -# Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011, 2012 Free Software Foundation, Inc. -timestamp='2009-11-20' +timestamp='2012-04-18' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -21,9 +21,7 @@ timestamp='2009-11-20' # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program; if not, see <http://www.gnu.org/licenses/>. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -75,8 +73,9 @@ Report bugs and patches to <config-patches@gnu.org>." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 +Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -123,13 +122,18 @@ esac # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ - uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; + android-linux) + os=-linux-android + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] @@ -156,8 +160,8 @@ case $os in os= basic_machine=$1 ;; - -bluegene*) - os=-cnk + -bluegene*) + os=-cnk ;; -sim | -cisco | -oki | -wec | -winbond) os= @@ -173,10 +177,10 @@ case $os in os=-chorusos basic_machine=$1 ;; - -chorusrdb) - os=-chorusrdb + -chorusrdb) + os=-chorusrdb basic_machine=$1 - ;; + ;; -hiux*) os=-hiuxwe2 ;; @@ -221,6 +225,12 @@ case $os in -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; + -lynx*178) + os=-lynxos178 + ;; + -lynx*5) + os=-lynxos5 + ;; -lynx*) os=-lynxos ;; @@ -245,17 +255,22 @@ case $basic_machine in # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ + | aarch64 | aarch64_be \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ + | be32 | be64 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ + | epiphany \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | mcore | mep | metag \ @@ -281,29 +296,39 @@ case $basic_machine in | moxie \ | mt \ | msp430 \ + | nds32 | nds32le | nds32be \ | nios | nios2 \ | ns16k | ns32k \ + | open8 \ | or32 \ | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ - | rx \ + | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ - | spu | strongarm \ - | tahoe | thumb | tic4x | tic80 | tron \ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ - | v850 | v850e \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | we32k \ - | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ + | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | picochip) - # Motorola 68HC11/12. + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -313,6 +338,21 @@ case $basic_machine in basic_machine=mt-unknown ;; + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; + xgate) + basic_machine=$basic_machine-unknown + os=-none + ;; + xscaleeb) + basic_machine=armeb-unknown + ;; + + xscaleel) + basic_machine=armel-unknown + ;; + # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. @@ -327,21 +367,25 @@ case $basic_machine in # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ + | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | be32-* | be64-* \ | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ @@ -367,25 +411,29 @@ case $basic_machine in | mmix-* \ | mt-* \ | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ + | open8-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ - | romp-* | rs6000-* | rx-* \ + | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ - | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile*-* \ | tron-* \ | ubicom32-* \ - | v850-* | v850e-* | vax-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ | we32k-* \ - | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-* | z80-*) @@ -410,7 +458,7 @@ case $basic_machine in basic_machine=a29k-amd os=-udi ;; - abacus) + abacus) basic_machine=abacus-unknown ;; adobe68k) @@ -480,11 +528,20 @@ case $basic_machine in basic_machine=powerpc-ibm os=-cnk ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; c90) basic_machine=c90-cray os=-unicos ;; - cegcc) + cegcc) basic_machine=arm-unknown os=-cegcc ;; @@ -516,7 +573,7 @@ case $basic_machine in basic_machine=craynv-cray os=-unicosmp ;; - cr16) + cr16 | cr16-*) basic_machine=cr16-unknown os=-elf ;; @@ -674,7 +731,6 @@ case $basic_machine in i370-ibm* | ibm*) basic_machine=i370-ibm ;; -# I'm not sure what "Sysv32" means. Should this be sysv3.2? i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 @@ -732,7 +788,7 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; - microblaze) + microblaze) basic_machine=microblaze-xilinx ;; mingw32) @@ -771,10 +827,18 @@ case $basic_machine in ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; + msys) + basic_machine=i386-pc + os=-msys + ;; mvs) basic_machine=i370-ibm os=-mvs ;; + nacl) + basic_machine=le32-unknown + os=-nacl + ;; ncr3000) basic_machine=i486-ncr os=-sysv4 @@ -839,6 +903,12 @@ case $basic_machine in np1) basic_machine=np1-gould ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; nsr-tandem) basic_machine=nsr-tandem ;; @@ -921,9 +991,10 @@ case $basic_machine in ;; power) basic_machine=power-ibm ;; - ppc) basic_machine=powerpc-unknown + ppc | ppcbe) basic_machine=powerpc-unknown ;; - ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ppc-* | ppcbe-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown @@ -1017,6 +1088,9 @@ case $basic_machine in basic_machine=i860-stratus os=-sysv4 ;; + strongarm-* | thumb-*) + basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; sun2) basic_machine=m68000-sun ;; @@ -1073,20 +1147,8 @@ case $basic_machine in basic_machine=t90-cray os=-unicos ;; - tic54x | c54x*) - basic_machine=tic54x-unknown - os=-coff - ;; - tic55x | c55x*) - basic_machine=tic55x-unknown - os=-coff - ;; - tic6x | c6x*) - basic_machine=tic6x-unknown - os=-coff - ;; tile*) - basic_machine=tile-unknown + basic_machine=$basic_machine-unknown os=-linux-gnu ;; tx39) @@ -1156,6 +1218,9 @@ case $basic_machine in xps | xps100) basic_machine=xps100-honeywell ;; + xscale-* | xscalee[bl]-*) + basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + ;; ymp) basic_machine=ymp-cray os=-unicos @@ -1253,11 +1318,11 @@ esac if [ x"$os" != x"" ] then case $os in - # First match some system type aliases - # that might get confused with valid system types. + # First match some system type aliases + # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. - -auroraux) - os=-auroraux + -auroraux) + os=-auroraux ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` @@ -1293,8 +1358,9 @@ case $os in | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ - | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ @@ -1341,7 +1407,7 @@ case $os in -opened*) os=-openedition ;; - -os400*) + -os400*) os=-os400 ;; -wince*) @@ -1390,7 +1456,7 @@ case $os in -sinix*) os=-sysv4 ;; - -tpf*) + -tpf*) os=-tpf ;; -triton*) @@ -1435,6 +1501,8 @@ case $os in -dicos*) os=-dicos ;; + -nacl*) + ;; -none) ;; *) @@ -1457,10 +1525,10 @@ else # system, and we'll never get to this point. case $basic_machine in - score-*) + score-*) os=-elf ;; - spu-*) + spu-*) os=-elf ;; *-acorn) @@ -1472,8 +1540,20 @@ case $basic_machine in arm*-semi) os=-aout ;; - c4x-* | tic4x-*) - os=-coff + c4x-* | tic4x-*) + os=-coff + ;; + hexagon-*) + os=-elf + ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff ;; # This must come before the *-dec entry. pdp10-*) @@ -1493,14 +1573,11 @@ case $basic_machine in ;; m68000-sun) os=-sunos3 - # This also exists in the configure program, but was not the - # default. - # os=-sunos4 ;; m68*-cisco) os=-aout ;; - mep-*) + mep-*) os=-elf ;; mips*-cisco) @@ -1527,7 +1604,7 @@ case $basic_machine in *-ibm) os=-aix ;; - *-knuth) + *-knuth) os=-mmixware ;; *-wec) diff --git a/usr.sbin/unbound/daemon/cachedump.c b/usr.sbin/unbound/daemon/cachedump.c index 46c625f061a..df6a40188be 100644 --- a/usr.sbin/unbound/daemon/cachedump.c +++ b/usr.sbin/unbound/daemon/cachedump.c @@ -60,7 +60,7 @@ /** convert to ldns rr */ static ldns_rr* to_rr(struct ub_packed_rrset_key* k, struct packed_rrset_data* d, - uint32_t now, size_t i, uint16_t type) + time_t now, size_t i, uint16_t type) { ldns_rr* rr = ldns_rr_new(); ldns_rdf* rdf; @@ -96,7 +96,7 @@ to_rr(struct ub_packed_rrset_key* k, struct packed_rrset_data* d, /** dump one rrset zonefile line */ static int dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, - struct packed_rrset_data* d, uint32_t now, size_t i, uint16_t type) + struct packed_rrset_data* d, time_t now, size_t i, uint16_t type) { char* s; ldns_rr* rr = to_rr(k, d, now, i, type); @@ -119,7 +119,7 @@ dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, /** dump rrset key and data info */ static int dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k, - struct packed_rrset_data* d, uint32_t now) + struct packed_rrset_data* d, time_t now) { size_t i; /* rd lock held by caller */ @@ -127,9 +127,9 @@ dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k, if(d->ttl < now) return 1; /* expired */ /* meta line */ - if(!ssl_printf(ssl, ";rrset%s %u %u %u %d %d\n", + if(!ssl_printf(ssl, ";rrset%s %lld %u %u %d %d\n", (k->rk.flags & PACKED_RRSET_NSEC_AT_APEX)?" nsec_apex":"", - (unsigned)(d->ttl - now), + (long long)(d->ttl - now), (unsigned)d->count, (unsigned)d->rrsig_count, (int)d->trust, (int)d->security )) @@ -149,7 +149,7 @@ dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k, /** dump lruhash rrset cache */ static int -dump_rrset_lruhash(SSL* ssl, struct lruhash* h, uint32_t now) +dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now) { struct lruhash_entry* e; /* lruhash already locked by caller */ @@ -225,7 +225,7 @@ dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k) /** dump message entry */ static int dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d, - uint32_t now) + time_t now) { size_t i; char* nm, *tp, *cl; @@ -259,10 +259,10 @@ dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d, } /* meta line */ - if(!ssl_printf(ssl, "msg %s %s %s %d %d %u %d %u %u %u\n", + if(!ssl_printf(ssl, "msg %s %s %s %d %d %lld %d %u %u %u\n", nm, cl, tp, (int)d->flags, (int)d->qdcount, - (unsigned)(d->ttl-now), (int)d->security, + (long long)(d->ttl-now), (int)d->security, (unsigned)d->an_numrrsets, (unsigned)d->ns_numrrsets, (unsigned)d->ar_numrrsets)) { @@ -387,7 +387,7 @@ read_fixed(SSL* ssl, ldns_buffer* buf, const char* str) static int load_rr(SSL* ssl, ldns_buffer* buf, struct regional* region, struct ub_packed_rrset_key* rk, struct packed_rrset_data* d, - unsigned int i, int is_rrsig, int* go_on, uint32_t now) + unsigned int i, int is_rrsig, int* go_on, time_t now) { ldns_rr* rr; ldns_status status; @@ -489,7 +489,7 @@ move_into_cache(struct ub_packed_rrset_key* k, return 0; } s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) + - sizeof(uint32_t))* num; + sizeof(time_t))* num; for(i=0; i<num; i++) s += d->rr_len[i]; ad = (struct packed_rrset_data*)malloc(s); @@ -505,8 +505,8 @@ move_into_cache(struct ub_packed_rrset_key* k, p += sizeof(size_t)*num; memmove(p, &d->rr_data[0], sizeof(uint8_t*)*num); p += sizeof(uint8_t*)*num; - memmove(p, &d->rr_ttl[0], sizeof(uint32_t)*num); - p += sizeof(uint32_t)*num; + memmove(p, &d->rr_ttl[0], sizeof(time_t)*num); + p += sizeof(time_t)*num; for(i=0; i<num; i++) { memmove(p, d->rr_data[i], d->rr_len[i]); p += d->rr_len[i]; @@ -530,7 +530,8 @@ load_rrset(SSL* ssl, ldns_buffer* buf, struct worker* worker) struct regional* region = worker->scratchpad; struct ub_packed_rrset_key* rk; struct packed_rrset_data* d; - unsigned int ttl, rr_count, rrsig_count, trust, security; + unsigned int rr_count, rrsig_count, trust, security; + long long ttl; unsigned int i; int go_on = 1; regional_free_all(region); @@ -552,7 +553,7 @@ load_rrset(SSL* ssl, ldns_buffer* buf, struct worker* worker) s += 10; rk->rk.flags |= PACKED_RRSET_NSEC_AT_APEX; } - if(sscanf(s, " %u %u %u %u %u", &ttl, &rr_count, &rrsig_count, + if(sscanf(s, " %lld %u %u %u %u", &ttl, &rr_count, &rrsig_count, &trust, &security) != 5) { log_warn("error bad rrset spec %s", s); return 0; @@ -565,12 +566,12 @@ load_rrset(SSL* ssl, ldns_buffer* buf, struct worker* worker) d->rrsig_count = (size_t)rrsig_count; d->security = (enum sec_status)security; d->trust = (enum rrset_trust)trust; - d->ttl = (uint32_t)ttl + *worker->env.now; + d->ttl = (time_t)ttl + *worker->env.now; d->rr_len = regional_alloc_zero(region, sizeof(size_t)*(d->count+d->rrsig_count)); d->rr_ttl = regional_alloc_zero(region, - sizeof(uint32_t)*(d->count+d->rrsig_count)); + sizeof(time_t)*(d->count+d->rrsig_count)); d->rr_data = regional_alloc_zero(region, sizeof(uint8_t*)*(d->count+d->rrsig_count)); if(!d->rr_len || !d->rr_ttl || !d->rr_data) { @@ -718,7 +719,8 @@ load_msg(SSL* ssl, ldns_buffer* buf, struct worker* worker) struct query_info qinf; struct reply_info rep; char* s = (char*)ldns_buffer_begin(buf); - unsigned int flags, qdcount, ttl, security, an, ns, ar; + unsigned int flags, qdcount, security, an, ns, ar; + long long ttl; size_t i; int go_on = 1; @@ -735,14 +737,14 @@ load_msg(SSL* ssl, ldns_buffer* buf, struct worker* worker) } /* read remainder of line */ - if(sscanf(s, " %u %u %u %u %u %u %u", &flags, &qdcount, &ttl, + if(sscanf(s, " %u %u %lld %u %u %u %u", &flags, &qdcount, &ttl, &security, &an, &ns, &ar) != 7) { log_warn("error cannot parse numbers: %s", s); return 0; } rep.flags = (uint16_t)flags; rep.qdcount = (uint16_t)qdcount; - rep.ttl = (uint32_t)ttl; + rep.ttl = (time_t)ttl; rep.prefetch_ttl = PREFETCH_TTL_CALC(rep.ttl); rep.security = (enum sec_status)security; rep.an_numrrsets = (size_t)an; @@ -800,8 +802,9 @@ print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp) { char buf[257]; struct delegpt_addr* a; - int lame, dlame, rlame, rto, edns_vs, to, delay, entry_ttl, + int lame, dlame, rlame, rto, edns_vs, to, delay, tA = 0, tAAAA = 0, tother = 0; + long long entry_ttl; struct rtt_info ri; uint8_t edns_lame_known; for(a = dp->target_list; a; a = a->next_target) { @@ -840,7 +843,7 @@ print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp) return; continue; /* skip stuff not in infra cache */ } - if(!ssl_printf(ssl, "%s%s%s%srto %d msec, ttl %d, ping %d " + if(!ssl_printf(ssl, "%s%s%s%srto %d msec, ttl %lld, ping %d " "var %d rtt %d, tA %d, tAAAA %d, tother %d", lame?"LAME ":"", dlame?"NoDNSSEC ":"", a->lame?"AddrWasParentSide ":"", diff --git a/usr.sbin/unbound/daemon/daemon.c b/usr.sbin/unbound/daemon/daemon.c index b17d5488184..b91683feb91 100644 --- a/usr.sbin/unbound/daemon/daemon.c +++ b/usr.sbin/unbound/daemon/daemon.c @@ -57,7 +57,8 @@ #endif #ifdef HAVE_NSS -#include <nss3/nss.h> +/* nss3 */ +#include "nss.h" #endif #include <ldns/ldns.h> @@ -78,6 +79,7 @@ #include "util/module.h" #include "util/random.h" #include "util/tube.h" +#include "util/net_help.h" #include <signal.h> /** How many quit requests happened. */ @@ -209,6 +211,10 @@ daemon_init(void) comp_meth = (void*)SSL_COMP_get_compression_methods(); # endif (void)SSL_library_init(); +# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) + if(!ub_openssl_lock_init()) + fatal_exit("could not init openssl locks"); +# endif #elif defined(HAVE_NSS) if(NSS_NoDB_Init(NULL) != SECSuccess) fatal_exit("could not init NSS"); @@ -568,6 +574,9 @@ daemon_delete(struct daemon* daemon) ERR_remove_state(0); ERR_free_strings(); RAND_cleanup(); +# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) + ub_openssl_lock_delete(); +# endif #elif defined(HAVE_NSS) NSS_Shutdown(); #endif /* HAVE_SSL or HAVE_NSS */ diff --git a/usr.sbin/unbound/doc/FEATURES b/usr.sbin/unbound/doc/FEATURES index b695eeb9d48..076988ea912 100644 --- a/usr.sbin/unbound/doc/FEATURES +++ b/usr.sbin/unbound/doc/FEATURES @@ -24,6 +24,7 @@ RFC 1034-1035: as a recursive, caching server. Not authoritative. including CNAMEs, referrals, wildcards, classes, ... AAAA type, and IP6 dual stack support. type ANY queries are supported, class ANY queries are supported. +RFC 1123, 6.1 Requirements for DNS of internet hosts. RFC 4033-4035: as a validating caching server (unbound daemon). as a validating stub (libunbound). RFC 1918. @@ -91,10 +92,12 @@ AAAA type 2672: DNAME type. OPT type 3123: APL +3596: AAAA SSHFP type 4025: IPSECKEY 4033-4035: DS, RRSIG, NSEC, DNSKEY 4701: DHCID 5155: NSEC3, NSEC3PARAM 4408: SPF +6944: DNSKEY algorithm status diff --git a/usr.sbin/unbound/doc/README b/usr.sbin/unbound/doc/README index 019b696de16..ebd0518cefc 100644 --- a/usr.sbin/unbound/doc/README +++ b/usr.sbin/unbound/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.4.18 +README for Unbound 1.4.21 Copyright 2007 NLnet Labs http://unbound.net diff --git a/usr.sbin/unbound/doc/example.conf.in b/usr.sbin/unbound/doc/example.conf.in index f53eb3d1ace..a0cffd57fef 100644 --- a/usr.sbin/unbound/doc/example.conf.in +++ b/usr.sbin/unbound/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.4.18. +# See unbound.conf(5) man page, version 1.4.21. # # this is a comment. @@ -67,6 +67,8 @@ server: # Use this to make sure unbound does not grab a UDP port that some # other server on this computer needs. The default is to avoid # IANA-assigned port numbers. + # If multiple outgoing-port-permit and outgoing-port-avoid options + # are present, they are processed in order. # outgoing-port-avoid: "3200-3208" # number of outgoing simultaneous tcp buffers to hold per thread. @@ -87,6 +89,10 @@ server: # is set with msg-buffer-size). 1480 can solve fragmentation (timeouts). # edns-buffer-size: 4096 + # Maximum UDP response size (not applied to TCP response). + # Suggested values are 512 to 4096. Default is 4096. 65536 disables it. + # max-udp-size: 4096 + # buffer size for handling DNS data. No messages larger than this # size can be sent or received, by UDP or TCP. In bytes. # msg-buffer-size: 65552 @@ -424,6 +430,47 @@ server: # plain value in bytes or you can append k, m or G. default is "1Mb". # neg-cache-size: 1m + # By default, for a number of zones a small default 'nothing here' + # reply is built-in. Query traffic is thus blocked. If you + # wish to serve such zone you can unblock them by uncommenting one + # of the nodefault statements below. + # You may also have to use domain-insecure: zone to make DNSSEC work, + # unless you have your own trust anchors for this zone. + # local-zone: "localhost." nodefault + # local-zone: "127.in-addr.arpa." nodefault + # local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault + # local-zone: "10.in-addr.arpa." nodefault + # local-zone: "16.172.in-addr.arpa." nodefault + # local-zone: "17.172.in-addr.arpa." nodefault + # local-zone: "18.172.in-addr.arpa." nodefault + # local-zone: "19.172.in-addr.arpa." nodefault + # local-zone: "20.172.in-addr.arpa." nodefault + # local-zone: "21.172.in-addr.arpa." nodefault + # local-zone: "22.172.in-addr.arpa." nodefault + # local-zone: "23.172.in-addr.arpa." nodefault + # local-zone: "24.172.in-addr.arpa." nodefault + # local-zone: "25.172.in-addr.arpa." nodefault + # local-zone: "26.172.in-addr.arpa." nodefault + # local-zone: "27.172.in-addr.arpa." nodefault + # local-zone: "28.172.in-addr.arpa." nodefault + # local-zone: "29.172.in-addr.arpa." nodefault + # local-zone: "30.172.in-addr.arpa." nodefault + # local-zone: "31.172.in-addr.arpa." nodefault + # local-zone: "168.192.in-addr.arpa." nodefault + # local-zone: "0.in-addr.arpa." nodefault + # local-zone: "254.169.in-addr.arpa." nodefault + # local-zone: "2.0.192.in-addr.arpa." nodefault + # local-zone: "100.51.198.in-addr.arpa." nodefault + # local-zone: "113.0.203.in-addr.arpa." nodefault + # local-zone: "255.255.255.255.in-addr.arpa." nodefault + # local-zone: "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault + # local-zone: "d.f.ip6.arpa." nodefault + # local-zone: "8.e.f.ip6.arpa." nodefault + # local-zone: "9.e.f.ip6.arpa." nodefault + # local-zone: "a.e.f.ip6.arpa." nodefault + # local-zone: "b.e.f.ip6.arpa." nodefault + # local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault + # a number of locally served zones can be configured. # local-zone: <zone> <type> # local-data: "<resource record string>" diff --git a/usr.sbin/unbound/doc/libunbound.3.in b/usr.sbin/unbound/doc/libunbound.3.in index 714fc840fcb..315a2dff30d 100644 --- a/usr.sbin/unbound/doc/libunbound.3.in +++ b/usr.sbin/unbound/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Aug 2, 2012" "NLnet Labs" "unbound 1.4.18" +.TH "libunbound" "3" "Sep 19, 2013" "NLnet Labs" "unbound 1.4.21" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -42,7 +42,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.4.18 functions. +\- Unbound DNS validating resolver 1.4.21 functions. .SH "SYNOPSIS" .LP .B #include <unbound.h> @@ -171,6 +171,9 @@ by default. Use and .B ub_ctx_hosts to read them. +Before you call this, use the openssl functions CRYPTO_set_id_callback and +CRYPTO_set_locking_callback to set up asyncronous operation if you use +lib openssl (the application calls these functions once for initialisation). .TP .B ub_ctx_delete Delete validation context and free associated resources. @@ -203,7 +206,9 @@ At this time it is only possible to set configuration before the first resolve is done. .TP .B ub_ctx_resolvconf -Read list of nameservers to use from the filename given. +By default the root servers are queried and full resolver mode is used, but +you can use this call to read the list of nameservers to use from the +filename given. Usually "/etc/resolv.conf". Uses those nameservers as caching proxies. If they do not support DNSSEC, validation may fail. Only nameservers are picked up, the searchdomain, ndots and other @@ -357,11 +362,12 @@ The result of the DNS resolution and validation is returned as int secure; /* true if result is secure */ int bogus; /* true if a security failure happened */ char* why_bogus; /* string with error if bogus */ + int ttl; /* number of seconds the result is valid */ }; .fi .P If both secure and bogus are false, security was not enabled for the -domain of the query. +domain of the query. Else, they are not both true, one of them is true. .SH "RETURN VALUES" Many routines return an error code. The value 0 (zero) denotes no error happened. Other values can be passed to diff --git a/usr.sbin/unbound/doc/unbound-anchor.8.in b/usr.sbin/unbound/doc/unbound-anchor.8.in index 6479af102a1..8d1a9e523af 100644 --- a/usr.sbin/unbound/doc/unbound-anchor.8.in +++ b/usr.sbin/unbound/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Aug 2, 2012" "NLnet Labs" "unbound 1.4.18" +.TH "unbound-anchor" "8" "Sep 19, 2013" "NLnet Labs" "unbound 1.4.21" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" @@ -45,7 +45,7 @@ all checks are successful, it updates the root anchor file. Otherwise the root anchor file is unchanged. It performs RFC5011 tracking if the DNSSEC information available via the DNS makes that possible. .P -If does not perform an update if the certificate is expired, if the network +It does not perform an update if the certificate is expired, if the network is down or other errors occur. .P The available options are: @@ -77,6 +77,11 @@ The pathname to the root\-anchors.p7s file on the server. (forms URL with \-u). The default is /root\-anchors/root\-anchors.p7s. This file has to be a PKCS7 signature over the xml file, using the pem file (\-c) as trust anchor. .TP +.B \-n \fIname +The emailAddress for the Subject of the signer's certificate from the p7s +signature file. Only signatures from this name are allowed. default is +dnssec@iana.org. If you pass "" then the emailAddress is not checked. +.TP .B \-4 Use IPv4 for domain resolution and contacting the server on https. Default is to use IPv4 and IPv6 where appropriate. @@ -126,9 +131,6 @@ but then ignores the result and goes on to use the xml fallback method. .TP .B \-h Show the version and commandline option help. -.TP -.B \-v -More verbose. Prints output detailing what happens. .SH "EXIT CODE" This tool exits with value 1 if the root anchor was updated using the certificate or if the builtin root-anchor was used. It exits with code diff --git a/usr.sbin/unbound/doc/unbound-checkconf.8.in b/usr.sbin/unbound/doc/unbound-checkconf.8.in index 167d85bd42e..dddad989d10 100644 --- a/usr.sbin/unbound/doc/unbound-checkconf.8.in +++ b/usr.sbin/unbound/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Aug 2, 2012" "NLnet Labs" "unbound 1.4.18" +.TH "unbound-checkconf" "8" "Sep 19, 2013" "NLnet Labs" "unbound 1.4.21" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/usr.sbin/unbound/doc/unbound-control.8.in b/usr.sbin/unbound/doc/unbound-control.8.in index a5c50704a57..dac67214f6a 100644 --- a/usr.sbin/unbound/doc/unbound-control.8.in +++ b/usr.sbin/unbound/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Aug 2, 2012" "NLnet Labs" "unbound 1.4.18" +.TH "unbound-control" "8" "Sep 19, 2013" "NLnet Labs" "unbound 1.4.21" .\" .\" unbound-control.8 -- unbound remote control manual .\" @@ -14,7 +14,7 @@ \- Unbound remote server control utility. .SH "SYNOPSIS" .B unbound\-control -.RB [ \-h ] +.RB [ \-hq ] .RB [ \-c .IR cfgfile ] .RB [ \-s @@ -38,6 +38,9 @@ config file @ub_conf_file@ is used. .B \-s \fIserver[@port] IPv4 or IPv6 address of the server to contact. If not given, the address is read from the config file. +.TP +.B \-q +quiet, if the option is given it does not print anything if it works ok. .SH "COMMANDS" There are several commands that the server understands. .TP @@ -167,7 +170,7 @@ harden\-glue, harden\-dnssec\-stripped, harden\-below\-nxdomain, harden\-referral\-path, prefetch, prefetch\-key, log\-queries, hide\-identity, hide\-version, identity, version, val\-log\-level, val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown, -keep\-missing, tcp\-upstream, ssl\-upstream. +keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size. .TP .B get_option \fIopt Get the value of the option. Give the option name without a trailing ':'. @@ -193,6 +196,14 @@ List the local zones in use. These are printed one per line with zone type. .B list_local_data List the local data RRs in use. The resource records are printed. .TP +.B insecure_add \fIzone +Add a \fBdomain\-insecure\fR for the given zone, like the statement in unbound.conf. +Adds to the running unbound without affecting the cache contents (which may +still be bogus, use \fBflush_zone\fR to remove it), does not affect the config file. +.TP +.B insecure_remove \fIzone +Removes domain\-insecure for the given zone. +.TP .B forward_add \fR[\fI+i\fR] \fIzone addr ... Add a new forward zone to running unbound. With +i option also adds a \fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have diff --git a/usr.sbin/unbound/doc/unbound.8.in b/usr.sbin/unbound/doc/unbound.8.in index 025890575d9..60c482cea39 100644 --- a/usr.sbin/unbound/doc/unbound.8.in +++ b/usr.sbin/unbound/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Aug 2, 2012" "NLnet Labs" "unbound 1.4.18" +.TH "unbound" "8" "Sep 19, 2013" "NLnet Labs" "unbound 1.4.21" .\" .\" unbound.8 -- unbound manual .\" @@ -10,7 +10,7 @@ .SH "NAME" .LP .B unbound -\- Unbound DNS validating resolver 1.4.18. +\- Unbound DNS validating resolver 1.4.21. .SH "SYNOPSIS" .LP .B unbound diff --git a/usr.sbin/unbound/doc/unbound.conf.5.in b/usr.sbin/unbound/doc/unbound.conf.5.in index 5aa4a7913b8..6c0cdde4601 100644 --- a/usr.sbin/unbound/doc/unbound.conf.5.in +++ b/usr.sbin/unbound/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Aug 2, 2012" "NLnet Labs" "unbound 1.4.18" +.TH "unbound.conf" "5" "Sep 19, 2013" "NLnet Labs" "unbound 1.4.21" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -71,12 +71,12 @@ is followed by its containing attributes, or a value. .P Files can be included using the .B include: -directive. It can appear anywhere, and takes a single filename as an argument. +directive. It can appear anywhere, it accepts a single file name as argument. Processing continues as if the text from the included file was copied into the config file at that point. If also using chroot, using full path names for the included files works, relative pathnames for the included names work if the directory where the daemon is started equals its chroot/working -directory. +directory. Wildcards can be used to include multiple files, see \fIglob\fR(7). .SS "Server Options" These options are part of the .B server: @@ -183,6 +183,11 @@ stringent path MTU problems, but is seen as extreme, since the amount of TCP fallback generated is excessive (probably also for this resolver, consider tuning the outgoing tcp number). .TP +.B max\-udp\-size: \fI<number> +Maximum UDP response size (not applied to TCP response). 65536 disables the +udp response size maximum, and uses the choice from the client, always. +Suggested values are 512 to 4096. Default is 4096. +.TP .B msg\-buffer\-size: \fI<number> Number of bytes size of the message buffers. Default is 65552 bytes, enough for 64 Kb packets, the maximum DNS message size. No message larger than this @@ -492,7 +497,7 @@ unsigned to badly signed often. If turned off you run the risk of a downgrade attack that disables security for a zone. Default is on. .TP .B harden\-below\-nxdomain: \fI<yes or no> -From draft-vixie-dnsext-resimprove, returns nxdomain to queries for a name +From draft\-vixie\-dnsext\-resimprove, returns nxdomain to queries for a name below another name that is already known to be nxdomain. DNSSEC mandates noerror for empty nonterminals, hence this is possible. Very old software might return nxdomain for empty nonterminals (that usually happen for reverse @@ -994,6 +999,8 @@ the resolver picks up a correct list online. .TP .B stub\-first: \fI<yes or no> If enabled, a query is attempted without the stub clause if it fails. +The data could not be retrieved and would have caused SERVFAIL because +the servers are unreachable, instead it is tried without this clause. The default is no. .SS "Forward Zone Options" .LP @@ -1022,6 +1029,8 @@ To use a nondefault port for DNS communication append '@' with the port number. .TP .B forward\-first: \fI<yes or no> If enabled, a query is attempted without the forward clause if it fails. +The data could not be retrieved and would have caused SERVFAIL because +the servers are unreachable, instead it is tried without this clause. The default is no. .SS "Python Module Options" .LP diff --git a/usr.sbin/unbound/doc/unbound.doxygen b/usr.sbin/unbound/doc/unbound.doxygen index b32316b72a4..199d7ad0de0 100644 --- a/usr.sbin/unbound/doc/unbound.doxygen +++ b/usr.sbin/unbound/doc/unbound.doxygen @@ -487,7 +487,7 @@ SHOW_USED_FILES = YES # then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy # in the documentation. The default is NO. -SHOW_DIRECTORIES = YES +#SHOW_DIRECTORIES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. # This will remove the Files entry from the Quick Index and from the @@ -862,7 +862,7 @@ HTML_TIMESTAMP = YES # files or namespaces will be aligned in HTML using tables. If set to # NO a bullet list will be used. -HTML_ALIGN_MEMBERS = YES +#HTML_ALIGN_MEMBERS = YES # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the @@ -1047,7 +1047,7 @@ GENERATE_TREEVIEW = NO # By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories, # and Class Hierarchy pages using a tree view instead of an ordered list. -USE_INLINE_TREES = NO +#USE_INLINE_TREES = NO # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree diff --git a/usr.sbin/unbound/install-sh b/usr.sbin/unbound/install-sh index 6781b987bdb..377bb8687ff 100644 --- a/usr.sbin/unbound/install-sh +++ b/usr.sbin/unbound/install-sh @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2009-04-28.21; # UTC +scriptversion=2011-11-20.07; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -35,7 +35,7 @@ scriptversion=2009-04-28.21; # UTC # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it +# 'make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written @@ -156,6 +156,10 @@ while test $# -ne 0; do -s) stripcmd=$stripprog;; -t) dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac shift;; -T) no_target_directory=true;; @@ -186,6 +190,10 @@ if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then fi shift # arg dst_arg=$arg + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac done fi @@ -194,13 +202,17 @@ if test $# -eq 0; then echo "$0: no input file specified." >&2 exit 1 fi - # It's OK to call `install-sh -d' without argument. + # It's OK to call 'install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then - trap '(exit $?); exit' 1 2 13 15 + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. @@ -228,9 +240,9 @@ fi for src do - # Protect names starting with `-'. + # Protect names problematic for 'test' and other utilities. case $src in - -*) src=./$src;; + -* | [=\(\)!]) src=./$src;; esac if test -n "$dir_arg"; then @@ -252,12 +264,7 @@ do echo "$0: no destination specified." >&2 exit 1 fi - dst=$dst_arg - # Protect names starting with `-'. - case $dst in - -*) dst=./$dst;; - esac # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. @@ -347,7 +354,7 @@ do if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writeable bit of parent directory when it shouldn't. + # other-writable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in @@ -385,7 +392,7 @@ do case $dstdir in /*) prefix='/';; - -*) prefix='./';; + [-=\(\)!]*) prefix='./';; *) prefix='';; esac @@ -403,7 +410,7 @@ do for d do - test -z "$d" && continue + test X"$d" = X && continue prefix=$prefix$d if test -d "$prefix"; then diff --git a/usr.sbin/unbound/iterator/iter_delegpt.c b/usr.sbin/unbound/iterator/iter_delegpt.c index d2f5d73335d..c204ddfec74 100644 --- a/usr.sbin/unbound/iterator/iter_delegpt.c +++ b/usr.sbin/unbound/iterator/iter_delegpt.c @@ -71,7 +71,7 @@ struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* region) copy->bogus = dp->bogus; copy->has_parent_side_NS = dp->has_parent_side_NS; for(ns = dp->nslist; ns; ns = ns->next) { - if(!delegpt_add_ns(copy, region, ns->name, (int)ns->lame)) + if(!delegpt_add_ns(copy, region, ns->name, ns->lame)) return NULL; copy->nslist->resolved = ns->resolved; copy->nslist->got4 = ns->got4; @@ -98,7 +98,7 @@ delegpt_set_name(struct delegpt* dp, struct regional* region, uint8_t* name) int delegpt_add_ns(struct delegpt* dp, struct regional* region, uint8_t* name, - int lame) + uint8_t lame) { struct delegpt_ns* ns; size_t len; @@ -119,7 +119,7 @@ delegpt_add_ns(struct delegpt* dp, struct regional* region, uint8_t* name, ns->resolved = 0; ns->got4 = 0; ns->got6 = 0; - ns->lame = (uint8_t)lame; + ns->lame = lame; ns->done_pside4 = 0; ns->done_pside6 = 0; return ns->name != 0; @@ -156,7 +156,7 @@ delegpt_find_addr(struct delegpt* dp, struct sockaddr_storage* addr, int delegpt_add_target(struct delegpt* dp, struct regional* region, uint8_t* name, size_t namelen, struct sockaddr_storage* addr, - socklen_t addrlen, int bogus, int lame) + socklen_t addrlen, uint8_t bogus, uint8_t lame) { struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); log_assert(!dp->dp_type_mlc); @@ -176,8 +176,8 @@ delegpt_add_target(struct delegpt* dp, struct regional* region, int delegpt_add_addr(struct delegpt* dp, struct regional* region, - struct sockaddr_storage* addr, socklen_t addrlen, int bogus, - int lame) + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, + uint8_t lame) { struct delegpt_addr* a; log_assert(!dp->dp_type_mlc); @@ -204,6 +204,7 @@ delegpt_add_addr(struct delegpt* dp, struct regional* region, a->attempts = 0; a->bogus = bogus; a->lame = lame; + a->dnsseclame = 0; return 1; } @@ -376,7 +377,7 @@ delegpt_from_message(struct dns_msg* msg, struct regional* region) int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* ns_rrset, int lame) + struct ub_packed_rrset_key* ns_rrset, uint8_t lame) { struct packed_rrset_data* nsdata = (struct packed_rrset_data*) ns_rrset->entry.data; @@ -398,7 +399,7 @@ delegpt_rrset_add_ns(struct delegpt* dp, struct regional* region, int delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* ak, int lame) + struct ub_packed_rrset_key* ak, uint8_t lame) { struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; size_t i; @@ -422,7 +423,7 @@ delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* ak, int lame) + struct ub_packed_rrset_key* ak, uint8_t lame) { struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; size_t i; @@ -446,7 +447,7 @@ delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, int delegpt_add_rrset(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* rrset, int lame) + struct ub_packed_rrset_key* rrset, uint8_t lame) { if(!rrset) return 1; @@ -548,7 +549,7 @@ int delegpt_set_name_mlc(struct delegpt* dp, uint8_t* name) return (dp->name != NULL); } -int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, int lame) +int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame) { struct delegpt_ns* ns; size_t len; @@ -579,7 +580,7 @@ int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, int lame) } int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, - socklen_t addrlen, int bogus, int lame) + socklen_t addrlen, uint8_t bogus, uint8_t lame) { struct delegpt_addr* a; log_assert(dp->dp_type_mlc); @@ -605,11 +606,13 @@ int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, a->attempts = 0; a->bogus = bogus; a->lame = lame; + a->dnsseclame = 0; return 1; } int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, - struct sockaddr_storage* addr, socklen_t addrlen, int bogus, int lame) + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, + uint8_t lame) { struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); log_assert(dp->dp_type_mlc); diff --git a/usr.sbin/unbound/iterator/iter_delegpt.h b/usr.sbin/unbound/iterator/iter_delegpt.h index 7728031aa99..d7e0767d62e 100644 --- a/usr.sbin/unbound/iterator/iter_delegpt.h +++ b/usr.sbin/unbound/iterator/iter_delegpt.h @@ -140,9 +140,13 @@ struct delegpt_addr { int sel_rtt; /** if true, the A or AAAA RR was bogus, so this address is bad. * Also check the dp->bogus to see if everything is bogus. */ - int bogus; + uint8_t bogus; /** if true, this address is dispreferred: it is a lame IP address */ - int lame; + uint8_t lame; + /** if the address is dnsseclame, but this cannot be cached, this + * option is useful to mark the address dnsseclame. + * This value is not copied in addr-copy and dp-copy. */ + uint8_t dnsseclame; }; /** @@ -179,7 +183,7 @@ int delegpt_set_name(struct delegpt* dp, struct regional* regional, * @return false on error. */ int delegpt_add_ns(struct delegpt* dp, struct regional* regional, - uint8_t* name, int lame); + uint8_t* name, uint8_t lame); /** * Add NS rrset; calls add_ns repeatedly. @@ -190,7 +194,7 @@ int delegpt_add_ns(struct delegpt* dp, struct regional* regional, * @return 0 on alloc error. */ int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* ns_rrset, int lame); + struct ub_packed_rrset_key* ns_rrset, uint8_t lame); /** * Add target address to the delegation point. @@ -207,7 +211,7 @@ int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* regional, */ int delegpt_add_target(struct delegpt* dp, struct regional* regional, uint8_t* name, size_t namelen, struct sockaddr_storage* addr, - socklen_t addrlen, int bogus, int lame); + socklen_t addrlen, uint8_t bogus, uint8_t lame); /** * Add A RRset to delegpt. @@ -218,7 +222,7 @@ int delegpt_add_target(struct delegpt* dp, struct regional* regional, * @return 0 on alloc error. */ int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, int lame); + struct ub_packed_rrset_key* rrset, uint8_t lame); /** * Add AAAA RRset to delegpt. @@ -229,7 +233,7 @@ int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional, * @return 0 on alloc error. */ int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, int lame); + struct ub_packed_rrset_key* rrset, uint8_t lame); /** * Add any RRset to delegpt. @@ -241,7 +245,7 @@ int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional, * @return 0 on alloc error. */ int delegpt_add_rrset(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, int lame); + struct ub_packed_rrset_key* rrset, uint8_t lame); /** * Add address to the delegation point. No servername is associated or checked. @@ -254,7 +258,8 @@ int delegpt_add_rrset(struct delegpt* dp, struct regional* regional, * @return false on error. */ int delegpt_add_addr(struct delegpt* dp, struct regional* regional, - struct sockaddr_storage* addr, socklen_t addrlen, int bogus, int lame); + struct sockaddr_storage* addr, socklen_t addrlen, + uint8_t bogus, uint8_t lame); /** * Find NS record in name list of delegation point. @@ -376,7 +381,7 @@ int delegpt_set_name_mlc(struct delegpt* dp, uint8_t* name); * @param lame: the name is lame, disprefer. * @return false on error. */ -int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, int lame); +int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame); /** * add an address to a malloced delegation point. @@ -388,7 +393,7 @@ int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, int lame); * @return false on error. */ int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, - socklen_t addrlen, int bogus, int lame); + socklen_t addrlen, uint8_t bogus, uint8_t lame); /** * Add target address to the delegation point. @@ -403,7 +408,8 @@ int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, * @return false on error. */ int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, - struct sockaddr_storage* addr, socklen_t addrlen, int bogus, int lame); + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, + uint8_t lame); /** get memory in use by dp */ size_t delegpt_get_mem(struct delegpt* dp); diff --git a/usr.sbin/unbound/iterator/iter_fwd.c b/usr.sbin/unbound/iterator/iter_fwd.c index 17ca566746d..b84e5eff60d 100644 --- a/usr.sbin/unbound/iterator/iter_fwd.c +++ b/usr.sbin/unbound/iterator/iter_fwd.c @@ -128,7 +128,9 @@ forwards_insert_data(struct iter_forwards* fwd, uint16_t c, uint8_t* nm, node->namelabs = nmlabs; node->dp = dp; if(!rbtree_insert(fwd->tree, &node->node)) { - log_err("duplicate forward zone ignored."); + char buf[257]; + dname_str(nm, buf); + log_err("duplicate forward zone %s ignored.", buf); delegpt_free_mlc(dp); free(node->name); free(node); @@ -270,25 +272,6 @@ read_forwards(struct iter_forwards* fwd, struct config_file* cfg) return 1; } -/** see if zone needs to have a hole inserted */ -static int -need_hole_insert(rbtree_t* tree, struct iter_forward_zone* zone) -{ - struct iter_forward_zone k; - if(rbtree_search(tree, zone)) - return 0; /* exact match exists */ - k = *zone; - k.node.key = &k; - /* search up the tree */ - do { - dname_remove_label(&k.name, &k.namelen); - k.namelabs --; - if(rbtree_search(tree, &k)) - return 1; /* found an upper forward zone, need hole */ - } while(k.namelabs > 1); - return 0; /* no forwards above, no holes needed */ -} - /** insert a stub hole (if necessary) for stub name */ static int fwd_add_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm) @@ -298,11 +281,8 @@ fwd_add_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm) key.dclass = c; key.name = nm; key.namelabs = dname_count_size_labels(key.name, &key.namelen); - if(need_hole_insert(fwd->tree, &key)) { - return forwards_insert_data(fwd, key.dclass, key.name, - key.namelen, key.namelabs, NULL); - } - return 1; + return forwards_insert_data(fwd, key.dclass, key.name, + key.namelen, key.namelabs, NULL); } /** make NULL entries for stubs */ @@ -345,6 +325,20 @@ forwards_apply_cfg(struct iter_forwards* fwd, struct config_file* cfg) } struct delegpt* +forwards_find(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass) +{ + rbnode_t* res = NULL; + struct iter_forward_zone key; + key.node.key = &key; + key.dclass = qclass; + key.name = qname; + key.namelabs = dname_count_size_labels(qname, &key.namelen); + res = rbtree_search(fwd->tree, &key); + if(res) return ((struct iter_forward_zone*)res)->dp; + return NULL; +} + +struct delegpt* forwards_lookup(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass) { /* lookup the forward zone in the tree */ diff --git a/usr.sbin/unbound/iterator/iter_fwd.h b/usr.sbin/unbound/iterator/iter_fwd.h index dbb84f22612..62408ad52e2 100644 --- a/usr.sbin/unbound/iterator/iter_fwd.h +++ b/usr.sbin/unbound/iterator/iter_fwd.h @@ -105,6 +105,16 @@ void forwards_delete(struct iter_forwards* fwd); int forwards_apply_cfg(struct iter_forwards* fwd, struct config_file* cfg); /** + * Find forward zone exactly by name + * @param fwd: forward storage. + * @param qname: The qname of the query. + * @param qclass: The qclass of the query. + * @return: A delegation point or null. + */ +struct delegpt* forwards_find(struct iter_forwards* fwd, uint8_t* qname, + uint16_t qclass); + +/** * Find forward zone information * For this qname/qclass find forward zone information, returns delegation * point with server names and addresses, or NULL if no forwarding is needed. diff --git a/usr.sbin/unbound/iterator/iter_priv.c b/usr.sbin/unbound/iterator/iter_priv.c index db7dbe5faa6..572f701f350 100644 --- a/usr.sbin/unbound/iterator/iter_priv.c +++ b/usr.sbin/unbound/iterator/iter_priv.c @@ -208,6 +208,28 @@ size_t priv_get_mem(struct iter_priv* priv) return sizeof(*priv) + regional_get_mem(priv->region); } +/** remove RR from msgparse RRset, return true if rrset is entirely bad */ +static int +remove_rr(const char* str, ldns_buffer* pkt, struct rrset_parse* rrset, + struct rr_parse* prev, struct rr_parse** rr, struct sockaddr_storage* addr, socklen_t addrlen) +{ + if(verbosity >= VERB_QUERY && rrset->dname_len <= LDNS_MAX_DOMAINLEN && str) { + uint8_t buf[LDNS_MAX_DOMAINLEN+1]; + dname_pkt_copy(pkt, buf, rrset->dname); + log_name_addr(VERB_QUERY, str, buf, addr, addrlen); + } + if(prev) + prev->next = (*rr)->next; + else rrset->rr_first = (*rr)->next; + if(rrset->rr_last == *rr) + rrset->rr_last = prev; + rrset->rr_count --; + rrset->size -= (*rr)->size; + /* rr struct still exists, but is unlinked, so that in the for loop + * the rr->next works fine to continue. */ + return rrset->rr_count == 0; +} + int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt, struct rrset_parse* rrset) { @@ -221,7 +243,7 @@ int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt, } else { /* so its a public name, check the address */ socklen_t len; - struct rr_parse* rr; + struct rr_parse* rr, *prev = NULL; if(rrset->type == LDNS_RR_TYPE_A) { struct sockaddr_storage addr; struct sockaddr_in sa; @@ -232,13 +254,19 @@ int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt, sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); for(rr = rrset->rr_first; rr; rr = rr->next) { if(ldns_read_uint16(rr->ttl_data+4) - != INET_SIZE) + != INET_SIZE) { + prev = rr; continue; + } memmove(&sa.sin_addr, rr->ttl_data+4+2, INET_SIZE); memmove(&addr, &sa, len); - if(priv_lookup_addr(priv, &addr, len)) - return 1; + if(priv_lookup_addr(priv, &addr, len)) { + if(remove_rr("sanitize: removing public name with private address", pkt, rrset, prev, &rr, &addr, len)) + return 1; + continue; + } + prev = rr; } } else if(rrset->type == LDNS_RR_TYPE_AAAA) { struct sockaddr_storage addr; @@ -249,13 +277,19 @@ int priv_rrset_bad(struct iter_priv* priv, ldns_buffer* pkt, sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); for(rr = rrset->rr_first; rr; rr = rr->next) { if(ldns_read_uint16(rr->ttl_data+4) - != INET6_SIZE) + != INET6_SIZE) { + prev = rr; continue; + } memmove(&sa.sin6_addr, rr->ttl_data+4+2, INET6_SIZE); memmove(&addr, &sa, len); - if(priv_lookup_addr(priv, &addr, len)) - return 1; + if(priv_lookup_addr(priv, &addr, len)) { + if(remove_rr("sanitize: removing public name with private address", pkt, rrset, prev, &rr, &addr, len)) + return 1; + continue; + } + prev = rr; } } } diff --git a/usr.sbin/unbound/iterator/iter_priv.h b/usr.sbin/unbound/iterator/iter_priv.h index f6264f8d0c9..e6e51c159b0 100644 --- a/usr.sbin/unbound/iterator/iter_priv.h +++ b/usr.sbin/unbound/iterator/iter_priv.h @@ -92,6 +92,8 @@ int priv_apply_cfg(struct iter_priv* priv, struct config_file* cfg); /** * See if rrset is bad. + * Will remove individual RRs that are bad (if possible) to + * sanitize the RRset without removing it completely. * @param priv: structure for private address storage. * @param pkt: packet to decompress rrset name in. * @param rrset: the rrset to examine, A or AAAA. diff --git a/usr.sbin/unbound/iterator/iter_scrub.c b/usr.sbin/unbound/iterator/iter_scrub.c index 6147c96a9e3..a2407c27c84 100644 --- a/usr.sbin/unbound/iterator/iter_scrub.c +++ b/usr.sbin/unbound/iterator/iter_scrub.c @@ -62,7 +62,7 @@ static void remove_rrset(const char* str, ldns_buffer* pkt, struct msg_parse* msg, struct rrset_parse* prev, struct rrset_parse** rrset) { - if(verbosity >= VERB_QUERY + if(verbosity >= VERB_QUERY && str && (*rrset)->dname_len <= LDNS_MAX_DOMAINLEN) { uint8_t buf[LDNS_MAX_DOMAINLEN+1]; dname_pkt_copy(pkt, buf, (*rrset)->dname); @@ -520,7 +520,7 @@ store_rrset(ldns_buffer* pkt, struct msg_parse* msg, struct module_env* env, struct ub_packed_rrset_key* k; struct packed_rrset_data* d; struct rrset_ref ref; - uint32_t now = *env->now; + time_t now = *env->now; k = alloc_special_obtain(env->alloc); if(!k) @@ -646,14 +646,16 @@ scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg, /* remove private addresses */ if( (rrset->type == LDNS_RR_TYPE_A || - rrset->type == LDNS_RR_TYPE_AAAA) && - priv_rrset_bad(ie->priv, pkt, rrset)) { + rrset->type == LDNS_RR_TYPE_AAAA)) { /* do not set servfail since this leads to too * many drops of other people using rfc1918 space */ - remove_rrset("sanitize: removing public name with " - "private address", pkt, msg, prev, &rrset); - continue; + /* also do not remove entire rrset, unless all records + * in it are bad */ + if(priv_rrset_bad(ie->priv, pkt, rrset)) { + remove_rrset(NULL, pkt, msg, prev, &rrset); + continue; + } } /* skip DNAME records -- they will always be followed by a diff --git a/usr.sbin/unbound/iterator/iter_utils.c b/usr.sbin/unbound/iterator/iter_utils.c index a500c75e786..28f7dc2415c 100644 --- a/usr.sbin/unbound/iterator/iter_utils.c +++ b/usr.sbin/unbound/iterator/iter_utils.c @@ -177,7 +177,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) */ static int iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, - uint8_t* name, size_t namelen, uint16_t qtype, uint32_t now, + uint8_t* name, size_t namelen, uint16_t qtype, time_t now, struct delegpt_addr* a) { int rtt, lame, reclame, dnsseclame; @@ -217,14 +217,16 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, /* select remainder from worst to best */ else if(reclame) return rtt+USEFUL_SERVER_TOP_TIMEOUT*3; /* nonpref */ - else if(dnsseclame ) + else if(dnsseclame || a->dnsseclame) return rtt+USEFUL_SERVER_TOP_TIMEOUT*2; /* nonpref */ else if(a->lame) return rtt+USEFUL_SERVER_TOP_TIMEOUT+1; /* nonpref */ else return rtt; } /* no server information present */ - if(a->lame) + if(a->dnsseclame) + return UNKNOWN_SERVER_NICENESS+USEFUL_SERVER_TOP_TIMEOUT*2; /* nonpref */ + else if(a->lame) return USEFUL_SERVER_TOP_TIMEOUT+1+UNKNOWN_SERVER_NICENESS; /* nonpref */ return UNKNOWN_SERVER_NICENESS; } @@ -232,7 +234,7 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env, /** lookup RTT information, and also store fastest rtt (if any) */ static int iter_fill_rtt(struct iter_env* iter_env, struct module_env* env, - uint8_t* name, size_t namelen, uint16_t qtype, uint32_t now, + uint8_t* name, size_t namelen, uint16_t qtype, time_t now, struct delegpt* dp, int* best_rtt, struct sock_list* blacklist) { int got_it = 0; @@ -261,7 +263,7 @@ iter_fill_rtt(struct iter_env* iter_env, struct module_env* env, * returns number of best targets (or 0, no suitable targets) */ static int iter_filter_order(struct iter_env* iter_env, struct module_env* env, - uint8_t* name, size_t namelen, uint16_t qtype, uint32_t now, + uint8_t* name, size_t namelen, uint16_t qtype, time_t now, struct delegpt* dp, int* selected_rtt, int open_target, struct sock_list* blacklist) { @@ -420,7 +422,7 @@ dns_copy_msg(struct dns_msg* from, struct regional* region) void iter_dns_store(struct module_env* env, struct query_info* msgqinf, - struct reply_info* msgrep, int is_referral, uint32_t leeway, int pside, + struct reply_info* msgrep, int is_referral, time_t leeway, int pside, struct regional* region) { if(!dns_cache_store(env, msgqinf, msgrep, is_referral, leeway, @@ -768,7 +770,7 @@ void iter_store_parentside_neg(struct module_env* env, /* TTL: NS from referral in iq->deleg_msg, * or first RR from iq->response, * or servfail5secs if !iq->response */ - uint32_t ttl = NORR_TTL; + time_t ttl = NORR_TTL; struct ub_packed_rrset_key* neg; struct packed_rrset_data* newd; if(rep) { @@ -798,7 +800,7 @@ void iter_store_parentside_neg(struct module_env* env, neg->entry.hash = rrset_key_hash(&neg->rk); newd = (struct packed_rrset_data*)regional_alloc_zero(env->scratch, sizeof(struct packed_rrset_data) + sizeof(size_t) + - sizeof(uint8_t*) + sizeof(uint32_t) + sizeof(uint16_t)); + sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t)); if(!newd) { log_err("out of memory in store_parentside_neg"); return; diff --git a/usr.sbin/unbound/iterator/iter_utils.h b/usr.sbin/unbound/iterator/iter_utils.h index 8f5a291af67..2070622d475 100644 --- a/usr.sbin/unbound/iterator/iter_utils.h +++ b/usr.sbin/unbound/iterator/iter_utils.h @@ -131,7 +131,7 @@ struct dns_msg* dns_copy_msg(struct dns_msg* from, struct regional* regional); * but the query resolution can continue without cache storage. */ void iter_dns_store(struct module_env* env, struct query_info* qinf, - struct reply_info* rep, int is_referral, uint32_t leeway, int pside, + struct reply_info* rep, int is_referral, time_t leeway, int pside, struct regional* region); /** diff --git a/usr.sbin/unbound/iterator/iterator.c b/usr.sbin/unbound/iterator/iterator.c index 14f1bc6a064..16048933170 100644 --- a/usr.sbin/unbound/iterator/iterator.c +++ b/usr.sbin/unbound/iterator/iterator.c @@ -1409,6 +1409,35 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, return 1; } +/** see if last resort is possible - does config allow queries to parent */ +static int +can_have_last_resort(struct module_env* env, struct delegpt* dp, + struct iter_qstate* iq) +{ + struct delegpt* fwddp; + struct iter_hints_stub* stub; + /* do not process a last resort (the parent side) if a stub + * or forward is configured, because we do not want to go 'above' + * the configured servers */ + if(!dname_is_root(dp->name) && (stub = (struct iter_hints_stub*) + name_tree_find(&env->hints->tree, dp->name, dp->namelen, + dp->namelabs, iq->qchase.qclass)) && + /* has_parent side is turned off for stub_first, where we + * are allowed to go to the parent */ + stub->dp->has_parent_side_NS) { + verbose(VERB_QUERY, "configured stub servers failed -- returning SERVFAIL"); + return 0; + } + if((fwddp = forwards_find(env->fwds, dp->name, iq->qchase.qclass)) && + /* has_parent_side is turned off for forward_first, where + * we are allowed to go to the parent */ + fwddp->has_parent_side_NS) { + verbose(VERB_QUERY, "configured forward servers failed -- returning SERVFAIL"); + return 0; + } + return 1; +} + /** * Called by processQueryTargets when it would like extra targets to query * but it seems to be out of options. At last resort some less appealing @@ -1430,15 +1459,21 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, verbose(VERB_ALGO, "No more query targets, attempting last resort"); log_assert(iq->dp); + if(!can_have_last_resort(qstate->env, iq->dp, iq)) { + /* fail -- no more targets, no more hope of targets, no hope + * of a response. */ + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); + } if(!iq->dp->has_parent_side_NS && dname_is_root(iq->dp->name)) { struct delegpt* p = hints_lookup_root(qstate->env->hints, iq->qchase.qclass); if(p) { struct delegpt_ns* ns; struct delegpt_addr* a; + iq->chase_flags &= ~BIT_RD; /* go to authorities */ for(ns = p->nslist; ns; ns=ns->next) { (void)delegpt_add_ns(iq->dp, qstate->region, - ns->name, (int)ns->lame); + ns->name, ns->lame); } for(a = p->target_list; a; a=a->next_target) { (void)delegpt_add_addr(iq->dp, qstate->region, @@ -1455,6 +1490,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, /* if: no parent NS in cache - go up one level */ verbose(VERB_ALGO, "try to grab parent NS"); iq->store_parent_NS = iq->dp; + iq->chase_flags &= ~BIT_RD; /* go to authorities */ iq->deleg_msg = NULL; iq->refetch_glue = 1; iq->query_restart_count++; @@ -1878,12 +1914,23 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, && type != RESPONSE_TYPE_UNTYPED) { /* a possible answer, see if it is missing DNSSEC */ /* but not when forwarding, so we dont mark fwder lame */ - /* also make sure the answer is from the zone we expected, - * otherwise, (due to parent,child on same server), we - * might mark the server,zone lame inappropriately */ - if(!iter_msg_has_dnssec(iq->response) && - iter_msg_from_zone(iq->response, iq->dp, type, - iq->qchase.qclass)) { + if(!iter_msg_has_dnssec(iq->response)) { + /* Mark this address as dnsseclame in this dp, + * because that will make serverselection disprefer + * it, but also, once it is the only final option, + * use dnssec-lame-bypass if it needs to query there.*/ + if(qstate->reply) { + struct delegpt_addr* a = delegpt_find_addr( + iq->dp, &qstate->reply->addr, + qstate->reply->addrlen); + if(a) a->dnsseclame = 1; + } + /* test the answer is from the zone we expected, + * otherwise, (due to parent,child on same server), we + * might mark the server,zone lame inappropriately */ + if(!iter_msg_from_zone(iq->response, iq->dp, type, + iq->qchase.qclass)) + qstate->reply = NULL; type = RESPONSE_TYPE_LAME; dnsseclame = 1; } @@ -2115,8 +2162,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, *qstate->env->now, dnsseclame, 0, iq->qchase.qtype)) log_err("mark host lame: out of memory"); - } else log_err("%slame response from cache", - dnsseclame?"DNSSEC ":""); + } } else if(type == RESPONSE_TYPE_REC_LAME) { /* Cache the LAMEness. */ verbose(VERB_DETAIL, "query response REC_LAME: " @@ -2324,12 +2370,12 @@ processTargetResponse(struct module_qstate* qstate, int id, rrset->rk.dname_len)) { /* if dpns->lame then set newcname ns lame too */ if(!delegpt_add_ns(foriq->dp, forq->region, - rrset->rk.dname, (int)dpns->lame)) + rrset->rk.dname, dpns->lame)) log_err("out of memory adding cnamed-ns"); } /* if dpns->lame then set the address(es) lame too */ if(!delegpt_add_rrset(foriq->dp, forq->region, rrset, - (int)dpns->lame)) + dpns->lame)) log_err("out of memory adding targets"); verbose(VERB_ALGO, "added target response"); delegpt_log(VERB_ALGO, foriq->dp); diff --git a/usr.sbin/unbound/libunbound/context.c b/usr.sbin/unbound/libunbound/context.c index f28307971b4..18f34e45414 100644 --- a/usr.sbin/unbound/libunbound/context.c +++ b/usr.sbin/unbound/libunbound/context.c @@ -124,7 +124,7 @@ find_id(struct ub_ctx* ctx, int* id) } struct ctx_query* -context_new(struct ub_ctx* ctx, char* name, int rrtype, int rrclass, +context_new(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, ub_callback_t cb, void* cbarg) { struct ctx_query* q = (struct ctx_query*)calloc(1, sizeof(*q)); diff --git a/usr.sbin/unbound/libunbound/context.h b/usr.sbin/unbound/libunbound/context.h index 8898f3ebfdf..23db869ac75 100644 --- a/usr.sbin/unbound/libunbound/context.h +++ b/usr.sbin/unbound/libunbound/context.h @@ -234,7 +234,7 @@ void context_query_delete(struct ctx_query* q); * @param cbarg: user arg for async queries. * @return new ctx_query or NULL for malloc failure. */ -struct ctx_query* context_new(struct ub_ctx* ctx, char* name, int rrtype, +struct ctx_query* context_new(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, ub_callback_t cb, void* cbarg); /** diff --git a/usr.sbin/unbound/libunbound/libunbound.c b/usr.sbin/unbound/libunbound/libunbound.c index 10d00ddc521..999478ef38a 100644 --- a/usr.sbin/unbound/libunbound/libunbound.c +++ b/usr.sbin/unbound/libunbound/libunbound.c @@ -60,6 +60,9 @@ #include "services/localzone.h" #include "services/cache/infra.h" #include "services/cache/rrset.h" +#ifdef HAVE_PTHREAD +#include <signal.h> +#endif #if defined(UB_ON_WINDOWS) && defined (HAVE_WINDOWS_H) #include <windows.h> @@ -155,11 +158,9 @@ delq(rbnode_t* n, void* ATTR_UNUSED(arg)) context_query_delete(q); } -void -ub_ctx_delete(struct ub_ctx* ctx) +/** stop the bg thread */ +static void ub_stop_bg(struct ub_ctx* ctx) { - struct alloc_cache* a, *na; - if(!ctx) return; /* stop the bg thread */ lock_basic_lock(&ctx->cfglock); if(ctx->created_bg) { @@ -195,7 +196,28 @@ ub_ctx_delete(struct ub_ctx* ctx) else { lock_basic_unlock(&ctx->cfglock); } +} + +void +ub_ctx_delete(struct ub_ctx* ctx) +{ + struct alloc_cache* a, *na; + int do_stop = 1; + if(!ctx) return; + /* see if bg thread is created and if threads have been killed */ + /* no locks, because those may be held by terminated threads */ + /* for processes the read pipe is closed and we see that on read */ +#ifdef HAVE_PTHREAD + if(ctx->created_bg && ctx->dothread) { + if(pthread_kill(ctx->bg_tid, 0) == ESRCH) { + /* thread has been killed */ + do_stop = 0; + } + } +#endif /* HAVE_PTHREAD */ + if(do_stop) + ub_stop_bg(ctx); modstack_desetup(&ctx->mods, ctx->env); a = ctx->alloc_list; @@ -229,7 +251,7 @@ ub_ctx_delete(struct ub_ctx* ctx) } int -ub_ctx_set_option(struct ub_ctx* ctx, char* opt, char* val) +ub_ctx_set_option(struct ub_ctx* ctx, const char* opt, const char* val) { lock_basic_lock(&ctx->cfglock); if(ctx->finalized) { @@ -245,7 +267,7 @@ ub_ctx_set_option(struct ub_ctx* ctx, char* opt, char* val) } int -ub_ctx_get_option(struct ub_ctx* ctx, char* opt, char** str) +ub_ctx_get_option(struct ub_ctx* ctx, const char* opt, char** str) { int r; lock_basic_lock(&ctx->cfglock); @@ -258,7 +280,7 @@ ub_ctx_get_option(struct ub_ctx* ctx, char* opt, char** str) } int -ub_ctx_config(struct ub_ctx* ctx, char* fname) +ub_ctx_config(struct ub_ctx* ctx, const char* fname) { lock_basic_lock(&ctx->cfglock); if(ctx->finalized) { @@ -274,7 +296,7 @@ ub_ctx_config(struct ub_ctx* ctx, char* fname) } int -ub_ctx_add_ta(struct ub_ctx* ctx, char* ta) +ub_ctx_add_ta(struct ub_ctx* ctx, const char* ta) { char* dup = strdup(ta); if(!dup) return UB_NOMEM; @@ -294,7 +316,7 @@ ub_ctx_add_ta(struct ub_ctx* ctx, char* ta) } int -ub_ctx_add_ta_file(struct ub_ctx* ctx, char* fname) +ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname) { char* dup = strdup(fname); if(!dup) return UB_NOMEM; @@ -314,7 +336,7 @@ ub_ctx_add_ta_file(struct ub_ctx* ctx, char* fname) } int -ub_ctx_trustedkeys(struct ub_ctx* ctx, char* fname) +ub_ctx_trustedkeys(struct ub_ctx* ctx, const char* fname) { char* dup = strdup(fname); if(!dup) return UB_NOMEM; @@ -547,7 +569,7 @@ ub_wait(struct ub_ctx* ctx) } int -ub_resolve(struct ub_ctx* ctx, char* name, int rrtype, +ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, struct ub_result** result) { struct ctx_query* q; @@ -591,7 +613,7 @@ ub_resolve(struct ub_ctx* ctx, char* name, int rrtype, } int -ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype, +ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, void* mydata, ub_callback_t callback, int* async_id) { struct ctx_query* q; @@ -732,7 +754,7 @@ ub_strerror(int err) } int -ub_ctx_set_fwd(struct ub_ctx* ctx, char* addr) +ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr) { struct sockaddr_storage storage; socklen_t stlen; @@ -804,7 +826,7 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, char* addr) } int -ub_ctx_resolvconf(struct ub_ctx* ctx, char* fname) +ub_ctx_resolvconf(struct ub_ctx* ctx, const char* fname) { FILE* in; int numserv = 0; @@ -890,7 +912,7 @@ ub_ctx_resolvconf(struct ub_ctx* ctx, char* fname) } int -ub_ctx_hosts(struct ub_ctx* ctx, char* fname) +ub_ctx_hosts(struct ub_ctx* ctx, const char* fname) { FILE* in; char buf[1024], ldata[1024]; @@ -1016,7 +1038,8 @@ int ub_ctx_print_local_zones(struct ub_ctx* ctx) } /* Add a new zone */ -int ub_ctx_zone_add(struct ub_ctx* ctx, char *zone_name, char *zone_type) +int ub_ctx_zone_add(struct ub_ctx* ctx, const char *zone_name, + const char *zone_type) { enum localzone_type t; struct local_zone* z; @@ -1056,7 +1079,7 @@ int ub_ctx_zone_add(struct ub_ctx* ctx, char *zone_name, char *zone_type) } /* Remove zone */ -int ub_ctx_zone_remove(struct ub_ctx* ctx, char *zone_name) +int ub_ctx_zone_remove(struct ub_ctx* ctx, const char *zone_name) { struct local_zone* z; uint8_t* nm; @@ -1082,7 +1105,7 @@ int ub_ctx_zone_remove(struct ub_ctx* ctx, char *zone_name) } /* Add new RR data */ -int ub_ctx_data_add(struct ub_ctx* ctx, char *data) +int ub_ctx_data_add(struct ub_ctx* ctx, const char *data) { ldns_buffer* buf; int res = ub_ctx_finalize(ctx); @@ -1100,7 +1123,7 @@ int ub_ctx_data_add(struct ub_ctx* ctx, char *data) } /* Remove RR data */ -int ub_ctx_data_remove(struct ub_ctx* ctx, char *data) +int ub_ctx_data_remove(struct ub_ctx* ctx, const char *data) { uint8_t* nm; int nmlabs; diff --git a/usr.sbin/unbound/libunbound/unbound.h b/usr.sbin/unbound/libunbound/unbound.h index 085f9f53415..191338706c3 100644 --- a/usr.sbin/unbound/libunbound/unbound.h +++ b/usr.sbin/unbound/libunbound/unbound.h @@ -78,6 +78,10 @@ * ... same as async for non-threaded * ... the callbacks are called in the thread that calls process(ctx) * + * Openssl needs to have locking in place, and the application must set + * it up, because a mere library cannot do this, use the calls + * CRYPTO_set_id_callback and CRYPTO_set_locking_callback. + * * If no threading is compiled in, the above async example uses fork(2) to * create a process to perform the work. The forked process exits when the * calling process exits, or ctx_delete() is called. @@ -97,6 +101,11 @@ extern "C" { #endif +/** the version of this header file */ +#define UNBOUND_VERSION_MAJOR @UNBOUND_VERSION_MAJOR@ +#define UNBOUND_VERSION_MINOR @UNBOUND_VERSION_MINOR@ +#define UNBOUND_VERSION_MICRO @UNBOUND_VERSION_MICRO@ + /** * The validation context is created to hold the resolver status, * validation keys and a small cache (containing messages, rrsets, @@ -193,6 +202,12 @@ struct ub_result { * Is NULL if the result is not bogus. */ char* why_bogus; + + /** + * TTL for the result, in seconds. If the security is bogus, then + * you also cannot trust this value. + */ + int ttl; }; /** @@ -239,7 +254,7 @@ void ub_ctx_delete(struct ub_ctx* ctx); * @param val: value of the option. * @return: 0 if OK, else error. */ -int ub_ctx_set_option(struct ub_ctx* ctx, char* opt, char* val); +int ub_ctx_set_option(struct ub_ctx* ctx, const char* opt, const char* val); /** * Get an option from the context. @@ -255,7 +270,7 @@ int ub_ctx_set_option(struct ub_ctx* ctx, char* opt, char* val); * returned in the string. * @return 0 if OK else an error code (malloc failure, syntax error). */ -int ub_ctx_get_option(struct ub_ctx* ctx, char* opt, char** str); +int ub_ctx_get_option(struct ub_ctx* ctx, const char* opt, char** str); /** * setup configuration for the given context. @@ -267,7 +282,7 @@ int ub_ctx_get_option(struct ub_ctx* ctx, char* opt, char** str); * routines exist. * @return: 0 if OK, else error. */ -int ub_ctx_config(struct ub_ctx* ctx, char* fname); +int ub_ctx_config(struct ub_ctx* ctx, const char* fname); /** * Set machine to forward DNS queries to, the caching resolver to use. @@ -286,7 +301,7 @@ int ub_ctx_config(struct ub_ctx* ctx, char* fname); * If the addr is NULL, forwarding is disabled. * @return 0 if OK, else error. */ -int ub_ctx_set_fwd(struct ub_ctx* ctx, char* addr); +int ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr); /** * Read list of nameservers to use from the filename given. @@ -302,7 +317,7 @@ int ub_ctx_set_fwd(struct ub_ctx* ctx, char* addr); * @param fname: file name string. If NULL "/etc/resolv.conf" is used. * @return 0 if OK, else error. */ -int ub_ctx_resolvconf(struct ub_ctx* ctx, char* fname); +int ub_ctx_resolvconf(struct ub_ctx* ctx, const char* fname); /** * Read list of hosts from the filename given. @@ -315,7 +330,7 @@ int ub_ctx_resolvconf(struct ub_ctx* ctx, char* fname); * @param fname: file name string. If NULL "/etc/hosts" is used. * @return 0 if OK, else error. */ -int ub_ctx_hosts(struct ub_ctx* ctx, char* fname); +int ub_ctx_hosts(struct ub_ctx* ctx, const char* fname); /** * Add a trust anchor to the given context. @@ -328,7 +343,7 @@ int ub_ctx_hosts(struct ub_ctx* ctx, char* fname); * [domainname] [TTL optional] [type] [class optional] [rdata contents] * @return 0 if OK, else error. */ -int ub_ctx_add_ta(struct ub_ctx* ctx, char* ta); +int ub_ctx_add_ta(struct ub_ctx* ctx, const char* ta); /** * Add trust anchors to the given context. @@ -339,7 +354,7 @@ int ub_ctx_add_ta(struct ub_ctx* ctx, char* ta); * @param fname: filename of file with keyfile with trust anchors. * @return 0 if OK, else error. */ -int ub_ctx_add_ta_file(struct ub_ctx* ctx, char* fname); +int ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname); /** * Add trust anchors to the given context. @@ -351,7 +366,7 @@ int ub_ctx_add_ta_file(struct ub_ctx* ctx, char* fname); * anchors. * @return 0 if OK, else error. */ -int ub_ctx_trustedkeys(struct ub_ctx* ctx, char* fname); +int ub_ctx_trustedkeys(struct ub_ctx* ctx, const char* fname); /** * Set debug output (and error output) to the specified stream. @@ -436,7 +451,7 @@ int ub_process(struct ub_ctx* ctx); * in that case (out of memory). * @return 0 if OK, else error. */ -int ub_resolve(struct ub_ctx* ctx, char* name, int rrtype, +int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, struct ub_result** result); /** @@ -467,7 +482,7 @@ int ub_resolve(struct ub_ctx* ctx, char* name, int rrtype, * cancel the query. * @return 0 if OK, else error. */ -int ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype, +int ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, void* mydata, ub_callback_t callback, int* async_id); /** @@ -514,7 +529,8 @@ int ub_ctx_print_local_zones(struct ub_ctx* ctx); * @param zone_type: type of the zone (like for unbound.conf) in text. * @return 0 if OK, else error. */ -int ub_ctx_zone_add(struct ub_ctx* ctx, char *zone_name, char *zone_type); +int ub_ctx_zone_add(struct ub_ctx* ctx, const char *zone_name, + const char *zone_type); /** * Remove zone from local authority info of the library. @@ -523,7 +539,7 @@ int ub_ctx_zone_add(struct ub_ctx* ctx, char *zone_name, char *zone_type); * If it does not exist, nothing happens. * @return 0 if OK, else error. */ -int ub_ctx_zone_remove(struct ub_ctx* ctx, char *zone_name); +int ub_ctx_zone_remove(struct ub_ctx* ctx, const char *zone_name); /** * Add localdata to the library local authority info. @@ -533,7 +549,7 @@ int ub_ctx_zone_remove(struct ub_ctx* ctx, char *zone_name); * "www.example.com IN A 127.0.0.1" * @return 0 if OK, else error. */ -int ub_ctx_data_add(struct ub_ctx* ctx, char *data); +int ub_ctx_data_add(struct ub_ctx* ctx, const char *data); /** * Remove localdata from the library local authority info. @@ -541,7 +557,7 @@ int ub_ctx_data_add(struct ub_ctx* ctx, char *data); * @param data: the name to delete all data from, like "www.example.com". * @return 0 if OK, else error. */ -int ub_ctx_data_remove(struct ub_ctx* ctx, char *data); +int ub_ctx_data_remove(struct ub_ctx* ctx, const char *data); /** * Get a version string from the libunbound implementation. diff --git a/usr.sbin/unbound/ltmain.sh b/usr.sbin/unbound/ltmain.sh index 78cf0175299..63ae69dc6fe 100644 --- a/usr.sbin/unbound/ltmain.sh +++ b/usr.sbin/unbound/ltmain.sh @@ -1,9 +1,9 @@ -# libtool (GNU libtool) 2.4 +# libtool (GNU libtool) 2.4.2 # Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996 # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, -# 2007, 2008, 2009, 2010 Free Software Foundation, Inc. +# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -41,6 +41,7 @@ # --quiet, --silent don't print informational messages # --no-quiet, --no-silent # print informational messages (default) +# --no-warn don't display warning messages # --tag=TAG use configuration variables from tag TAG # -v, --verbose print more informational messages than default # --no-verbose don't print the extra informational messages @@ -69,7 +70,7 @@ # compiler: $LTCC # compiler flags: $LTCFLAGS # linker: $LD (gnu? $with_gnu_ld) -# $progname: (GNU libtool) 2.4 +# $progname: (GNU libtool) 2.4.2 # automake: $automake_version # autoconf: $autoconf_version # @@ -79,9 +80,9 @@ PROGRAM=libtool PACKAGE=libtool -VERSION=2.4 +VERSION=2.4.2 TIMESTAMP="" -package_revision=1.3293 +package_revision=1.3337 # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then @@ -136,15 +137,10 @@ progpath="$0" : ${CP="cp -f"} test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} -: ${EGREP="/bin/grep -E"} -: ${FGREP="/bin/grep -F"} -: ${GREP="/bin/grep"} -: ${LN_S="ln -s"} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} -: ${SED="/bin/sed"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} : ${Xsed="$SED -e 1s/^X//"} @@ -387,7 +383,7 @@ case $progpath in ;; *) save_IFS="$IFS" - IFS=: + IFS=${PATH_SEPARATOR-:} for progdir in $PATH; do IFS="$save_IFS" test -x "$progdir/$progname" && break @@ -771,8 +767,8 @@ func_help () s*\$LTCFLAGS*'"$LTCFLAGS"'* s*\$LD*'"$LD"'* s/\$with_gnu_ld/'"$with_gnu_ld"'/ - s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/ - s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ + s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/ + s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/ p d } @@ -1052,6 +1048,7 @@ opt_finish=false opt_help=false opt_help_all=false opt_silent=: +opt_warning=: opt_verbose=: opt_silent=false opt_verbose=false @@ -1120,6 +1117,10 @@ esac opt_silent=false func_append preserve_args " $opt" ;; + --no-warning|--no-warn) + opt_warning=false +func_append preserve_args " $opt" + ;; --no-verbose) opt_verbose=false func_append preserve_args " $opt" @@ -2059,7 +2060,7 @@ func_mode_compile () *.[cCFSifmso] | \ *.ada | *.adb | *.ads | *.asm | \ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ - *.[fF][09]? | *.for | *.java | *.obj | *.sx | *.cu | *.cup) + *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) func_xform "$libobj" libobj=$func_xform_result ;; @@ -3201,11 +3202,13 @@ func_mode_install () # Set up the ranlib parameters. oldlib="$destdir/$name" + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result func_show_eval "$install_prog \$file \$oldlib" 'exit $?' if test -n "$stripme" && test -n "$old_striplib"; then - func_show_eval "$old_striplib $oldlib" 'exit $?' + func_show_eval "$old_striplib $tool_oldlib" 'exit $?' fi # Do each command in the postinstall commands. @@ -3470,7 +3473,7 @@ static const void *lt_preloaded_setup() { # linked before any other PIC object. But we must not use # pic_flag when linking with -static. The problem exists in # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. - *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; *-*-hpux*) pic_flag_for_symtable=" $pic_flag" ;; @@ -3982,14 +3985,17 @@ func_exec_program_core () # launches target application with the remaining arguments. func_exec_program () { - for lt_wr_arg - do - case \$lt_wr_arg in - --lt-*) ;; - *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; - esac - shift - done + case \" \$* \" in + *\\ --lt-*) + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done ;; + esac func_exec_program_core \${1+\"\$@\"} } @@ -5057,9 +5063,15 @@ void lt_dump_script (FILE* f) { EOF func_emit_wrapper yes | - $SED -e 's/\([\\"]\)/\\\1/g' \ - -e 's/^/ fputs ("/' -e 's/$/\\n", f);/' - + $SED -n -e ' +s/^\(.\{79\}\)\(..*\)/\1\ +\2/ +h +s/\([\\"]\)/\\\1/g +s/$/\\n/ +s/\([^\n]*\).*/ fputs ("\1", f);/p +g +D' cat <<"EOF" } EOF @@ -5643,7 +5655,8 @@ func_mode_link () continue ;; - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" @@ -6147,7 +6160,8 @@ func_mode_link () lib= found=no case $deplib in - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" @@ -6831,7 +6845,7 @@ func_mode_link () test "$hardcode_direct_absolute" = no; then add="$dir/$linklib" elif test "$hardcode_minus_L" = yes; then - add_dir="-L$dir" + add_dir="-L$absdir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in @@ -7316,6 +7330,7 @@ func_mode_link () # which has an extra 1 added just for fun # case $version_type in + # correct linux to gnu/linux during the next big refactor darwin|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result @@ -7432,7 +7447,7 @@ func_mode_link () versuffix="$major.$revision" ;; - linux) + linux) # correct to gnu/linux during the next big refactor func_arith $current - $age major=.$func_arith_result versuffix="$major.$age.$revision" @@ -8020,6 +8035,11 @@ EOF # Test again, we may have decided not to build it any more if test "$build_libtool_libs" = yes; then + # Remove ${wl} instances when linking with ld. + # FIXME: should test the right _cmds variable. + case $archive_cmds in + *\$LD\ *) wl= ;; + esac if test "$hardcode_into_libs" = yes; then # Hardcode the library paths hardcode_libdirs= @@ -8058,11 +8078,7 @@ EOF if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" - if test -n "$hardcode_libdir_flag_spec_ld"; then - eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\" - else - eval dep_rpath=\"$hardcode_libdir_flag_spec\" - fi + eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" fi if test -n "$runpath_var" && test -n "$perm_rpath"; then # We should set the runpath_var. @@ -9152,6 +9168,8 @@ EOF esac done fi + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result eval cmds=\"$old_archive_cmds\" func_len " $cmds" @@ -9261,7 +9279,8 @@ EOF *.la) func_basename "$deplib" name="$func_basename_result" - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + func_resolve_sysroot "$deplib" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` test -z "$libdir" && \ func_fatal_error "\`$deplib' is not a valid libtool archive" func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" diff --git a/usr.sbin/unbound/services/cache/dns.c b/usr.sbin/unbound/services/cache/dns.c index 6e99b7fa4a8..7dadb5c3965 100644 --- a/usr.sbin/unbound/services/cache/dns.c +++ b/usr.sbin/unbound/services/cache/dns.c @@ -66,8 +66,8 @@ * @param region: for qrep allocs. */ static void -store_rrsets(struct module_env* env, struct reply_info* rep, uint32_t now, - uint32_t leeway, int pside, struct reply_info* qrep, +store_rrsets(struct module_env* env, struct reply_info* rep, time_t now, + time_t leeway, int pside, struct reply_info* qrep, struct regional* region) { size_t i; @@ -105,11 +105,11 @@ store_rrsets(struct module_env* env, struct reply_info* rep, uint32_t now, void dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, - hashvalue_t hash, struct reply_info* rep, uint32_t leeway, int pside, + hashvalue_t hash, struct reply_info* rep, time_t leeway, int pside, struct reply_info* qrep, struct regional* region) { struct msgreply_entry* e; - uint32_t ttl = rep->ttl; + time_t ttl = rep->ttl; size_t i; /* store RRsets */ @@ -142,7 +142,7 @@ dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, /** find closest NS or DNAME and returns the rrset (locked) */ static struct ub_packed_rrset_key* find_closest_of_type(struct module_env* env, uint8_t* qname, size_t qnamelen, - uint16_t qclass, uint32_t now, uint16_t searchtype, int stripfront) + uint16_t qclass, time_t now, uint16_t searchtype, int stripfront) { struct ub_packed_rrset_key *rrset; uint8_t lablen; @@ -171,7 +171,7 @@ find_closest_of_type(struct module_env* env, uint8_t* qname, size_t qnamelen, /** add addr to additional section */ static void addr_to_additional(struct ub_packed_rrset_key* rrset, struct regional* region, - struct dns_msg* msg, uint32_t now) + struct dns_msg* msg, time_t now) { if((msg->rep->rrsets[msg->rep->rrset_count] = packed_rrset_copy_region(rrset, region, now))) { @@ -183,7 +183,7 @@ addr_to_additional(struct ub_packed_rrset_key* rrset, struct regional* region, /** lookup message in message cache */ static struct msgreply_entry* msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen, - uint16_t qtype, uint16_t qclass, uint32_t now, int wr) + uint16_t qtype, uint16_t qclass, time_t now, int wr) { struct lruhash_entry* e; struct query_info k; @@ -207,7 +207,7 @@ msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen, /** find and add A and AAAA records for nameservers in delegpt */ static int find_add_addrs(struct module_env* env, uint16_t qclass, - struct regional* region, struct delegpt* dp, uint32_t now, + struct regional* region, struct delegpt* dp, time_t now, struct dns_msg** msg) { struct delegpt_ns* ns; @@ -262,12 +262,12 @@ cache_fill_missing(struct module_env* env, uint16_t qclass, struct delegpt_ns* ns; struct msgreply_entry* neg; struct ub_packed_rrset_key* akey; - uint32_t now = *env->now; + time_t now = *env->now; for(ns = dp->nslist; ns; ns = ns->next) { akey = rrset_cache_lookup(env->rrset_cache, ns->name, ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0); if(akey) { - if(!delegpt_add_rrset_A(dp, region, akey, (int)ns->lame)) { + if(!delegpt_add_rrset_A(dp, region, akey, ns->lame)) { lock_rw_unlock(&akey->entry.lock); return 0; } @@ -285,7 +285,7 @@ cache_fill_missing(struct module_env* env, uint16_t qclass, akey = rrset_cache_lookup(env->rrset_cache, ns->name, ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); if(akey) { - if(!delegpt_add_rrset_AAAA(dp, region, akey, (int)ns->lame)) { + if(!delegpt_add_rrset_AAAA(dp, region, akey, ns->lame)) { lock_rw_unlock(&akey->entry.lock); return 0; } @@ -307,7 +307,7 @@ cache_fill_missing(struct module_env* env, uint16_t qclass, /** find and add DS or NSEC to delegation msg */ static void find_add_ds(struct module_env* env, struct regional* region, - struct dns_msg* msg, struct delegpt* dp, uint32_t now) + struct dns_msg* msg, struct delegpt* dp, time_t now) { /* Lookup the DS or NSEC at the delegation point. */ struct ub_packed_rrset_key* rrset = rrset_cache_lookup( @@ -369,7 +369,7 @@ dns_msg_create(uint8_t* qname, size_t qnamelen, uint16_t qtype, int dns_msg_authadd(struct dns_msg* msg, struct regional* region, - struct ub_packed_rrset_key* rrset, uint32_t now) + struct ub_packed_rrset_key* rrset, time_t now) { if(!(msg->rep->rrsets[msg->rep->rrset_count++] = packed_rrset_copy_region(rrset, region, now))) @@ -381,7 +381,7 @@ dns_msg_authadd(struct dns_msg* msg, struct regional* region, struct delegpt* dns_cache_find_delegation(struct module_env* env, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - struct regional* region, struct dns_msg** msg, uint32_t now) + struct regional* region, struct dns_msg** msg, time_t now) { /* try to find closest NS rrset */ struct ub_packed_rrset_key* nskey; @@ -455,7 +455,7 @@ gen_dns_msg(struct regional* region, struct query_info* q, size_t num) /** generate dns_msg from cached message */ static struct dns_msg* tomsg(struct module_env* env, struct query_info* q, struct reply_info* r, - struct regional* region, uint32_t now, struct regional* scratch) + struct regional* region, time_t now, struct regional* scratch) { struct dns_msg* msg; size_t i; @@ -506,7 +506,7 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r, /** synthesize RRset-only response from cached RRset item */ static struct dns_msg* rrset_msg(struct ub_packed_rrset_key* rrset, struct regional* region, - uint32_t now, struct query_info* q) + time_t now, struct query_info* q) { struct dns_msg* msg; struct packed_rrset_data* d = (struct packed_rrset_data*) @@ -535,7 +535,7 @@ rrset_msg(struct ub_packed_rrset_key* rrset, struct regional* region, /** synthesize DNAME+CNAME response from cached DNAME item */ static struct dns_msg* synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region, - uint32_t now, struct query_info* q) + time_t now, struct query_info* q) { struct dns_msg* msg; struct ub_packed_rrset_key* ck; @@ -599,7 +599,7 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region, ck->entry.hash = rrset_key_hash(&ck->rk); newd = (struct packed_rrset_data*)regional_alloc_zero(region, sizeof(struct packed_rrset_data) + sizeof(size_t) + - sizeof(uint8_t*) + sizeof(uint32_t) + sizeof(uint16_t) + sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t) + newlen); if(!newd) return NULL; @@ -630,7 +630,7 @@ dns_cache_lookup(struct module_env* env, struct lruhash_entry* e; struct query_info k; hashvalue_t h; - uint32_t now = *env->now; + time_t now = *env->now; struct ub_packed_rrset_key* rrset; /* lookup first, this has both NXdomains and ANSWER responses */ @@ -739,7 +739,7 @@ dns_cache_lookup(struct module_env* env, int dns_cache_store(struct module_env* env, struct query_info* msgqinf, - struct reply_info* msgrep, int is_referral, uint32_t leeway, int pside, + struct reply_info* msgrep, int is_referral, time_t leeway, int pside, struct regional* region) { struct reply_info* rep = NULL; diff --git a/usr.sbin/unbound/services/cache/dns.h b/usr.sbin/unbound/services/cache/dns.h index bc9f57c9c0d..508f3444111 100644 --- a/usr.sbin/unbound/services/cache/dns.h +++ b/usr.sbin/unbound/services/cache/dns.h @@ -82,7 +82,7 @@ struct dns_msg { * @return 0 on alloc error (out of memory). */ int dns_cache_store(struct module_env* env, struct query_info* qinf, - struct reply_info* rep, int is_referral, uint32_t leeway, int pside, + struct reply_info* rep, int is_referral, time_t leeway, int pside, struct regional* region); /** @@ -105,7 +105,7 @@ int dns_cache_store(struct module_env* env, struct query_info* qinf, * @param region: to allocate into for qmsg. */ void dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, - hashvalue_t hash, struct reply_info* rep, uint32_t leeway, int pside, + hashvalue_t hash, struct reply_info* rep, time_t leeway, int pside, struct reply_info* qrep, struct regional* region); /** @@ -123,7 +123,7 @@ void dns_cache_store_msg(struct module_env* env, struct query_info* qinfo, */ struct delegpt* dns_cache_find_delegation(struct module_env* env, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - struct regional* region, struct dns_msg** msg, uint32_t timenow); + struct regional* region, struct dns_msg** msg, time_t timenow); /** * Find cached message @@ -177,6 +177,6 @@ struct dns_msg* dns_msg_create(uint8_t* qname, size_t qnamelen, uint16_t qtype, * @return true if worked, false on fail */ int dns_msg_authadd(struct dns_msg* msg, struct regional* region, - struct ub_packed_rrset_key* rrset, uint32_t now); + struct ub_packed_rrset_key* rrset, time_t now); #endif /* SERVICES_CACHE_DNS_H */ diff --git a/usr.sbin/unbound/services/cache/infra.c b/usr.sbin/unbound/services/cache/infra.c index dbbd50326e5..42d6acad1a2 100644 --- a/usr.sbin/unbound/services/cache/infra.c +++ b/usr.sbin/unbound/services/cache/infra.c @@ -189,7 +189,7 @@ infra_lookup_nottl(struct infra_cache* infra, struct sockaddr_storage* addr, /** init the data elements */ static void data_entry_init(struct infra_cache* infra, struct lruhash_entry* e, - uint32_t timenow) + time_t timenow) { struct infra_data* data = (struct infra_data*)e->data; data->ttl = timenow + infra->host_ttl; @@ -218,7 +218,7 @@ data_entry_init(struct infra_cache* infra, struct lruhash_entry* e, */ static struct lruhash_entry* new_entry(struct infra_cache* infra, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* name, size_t namelen, uint32_t tm) + socklen_t addrlen, uint8_t* name, size_t namelen, time_t tm) { struct infra_data* data; struct infra_key* key = (struct infra_key*)malloc(sizeof(*key)); @@ -248,7 +248,7 @@ new_entry(struct infra_cache* infra, struct sockaddr_storage* addr, int infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* nm, size_t nmlen, uint32_t timenow, + socklen_t addrlen, uint8_t* nm, size_t nmlen, time_t timenow, int* edns_vs, uint8_t* edns_lame_known, int* to) { struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, @@ -317,7 +317,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, int infra_set_lame(struct infra_cache* infra, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t* nm, size_t nmlen, uint32_t timenow, + socklen_t addrlen, uint8_t* nm, size_t nmlen, time_t timenow, int dnsseclame, int reclame, uint16_t qtype) { struct infra_data* data; @@ -374,7 +374,7 @@ infra_update_tcp_works(struct infra_cache* infra, int infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* nm, size_t nmlen, int qtype, - int roundtrip, int orig_rtt, uint32_t timenow) + int roundtrip, int orig_rtt, time_t timenow) { struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, nm, nmlen, 1); @@ -403,6 +403,11 @@ infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr, data->timeout_other++; } } else { + /* if we got a reply, but the old timeout was above server + * selection height, delete the timeout so the server is + * fully available again */ + if(rtt_unclamped(&data->rtt) >= USEFUL_SERVER_TOP_TIMEOUT) + rtt_init(&data->rtt); rtt_update(&data->rtt, roundtrip); data->probedelay = 0; if(qtype == LDNS_RR_TYPE_A) @@ -420,19 +425,19 @@ infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr, return rto; } -int infra_get_host_rto(struct infra_cache* infra, +long long infra_get_host_rto(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* nm, - size_t nmlen, struct rtt_info* rtt, int* delay, uint32_t timenow, + size_t nmlen, struct rtt_info* rtt, int* delay, time_t timenow, int* tA, int* tAAAA, int* tother) { struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, nm, nmlen, 0); struct infra_data* data; - int ttl = -2; + long long ttl = -2; if(!e) return -1; data = (struct infra_data*)e->data; if(data->ttl >= timenow) { - ttl = (int)(data->ttl - timenow); + ttl = (long long)(data->ttl - timenow); memmove(rtt, &data->rtt, sizeof(*rtt)); if(timenow < data->probedelay) *delay = (int)(data->probedelay - timenow); @@ -448,7 +453,7 @@ int infra_get_host_rto(struct infra_cache* infra, int infra_edns_update(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* nm, size_t nmlen, int edns_version, - uint32_t timenow) + time_t timenow) { struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, nm, nmlen, 1); @@ -480,7 +485,7 @@ int infra_get_lame_rtt(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name, size_t namelen, uint16_t qtype, - int* lame, int* dnsseclame, int* reclame, int* rtt, uint32_t timenow) + int* lame, int* dnsseclame, int* reclame, int* rtt, time_t timenow) { struct infra_data* host; struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, diff --git a/usr.sbin/unbound/services/cache/infra.h b/usr.sbin/unbound/services/cache/infra.h index 161f5ab4319..d3976aed711 100644 --- a/usr.sbin/unbound/services/cache/infra.h +++ b/usr.sbin/unbound/services/cache/infra.h @@ -68,10 +68,10 @@ struct infra_key { */ struct infra_data { /** TTL value for this entry. absolute time. */ - uint32_t ttl; + time_t ttl; /** time in seconds (absolute) when probing re-commences, 0 disabled */ - uint32_t probedelay; + time_t probedelay; /** round trip times for timeout calculation */ struct rtt_info rtt; @@ -173,7 +173,7 @@ struct lruhash_entry* infra_lookup_nottl(struct infra_cache* infra, */ int infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name, size_t namelen, - uint32_t timenow, int* edns_vs, uint8_t* edns_lame_known, int* to); + time_t timenow, int* edns_vs, uint8_t* edns_lame_known, int* to); /** * Set a host to be lame for the given zone. @@ -192,7 +192,7 @@ int infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, */ int infra_set_lame(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* name, size_t namelen, uint32_t timenow, int dnsseclame, + uint8_t* name, size_t namelen, time_t timenow, int dnsseclame, int reclame, uint16_t qtype); /** @@ -212,7 +212,7 @@ int infra_set_lame(struct infra_cache* infra, */ int infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name, size_t namelen, int qtype, - int roundtrip, int orig_rtt, uint32_t timenow); + int roundtrip, int orig_rtt, time_t timenow); /** * Update information for the host, store that a TCP transaction works. @@ -240,7 +240,7 @@ void infra_update_tcp_works(struct infra_cache* infra, */ int infra_edns_update(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* name, size_t namelen, int edns_version, uint32_t timenow); + uint8_t* name, size_t namelen, int edns_version, time_t timenow); /** * Get Lameness information and average RTT if host is in the cache. @@ -263,7 +263,7 @@ int infra_edns_update(struct infra_cache* infra, int infra_get_lame_rtt(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name, size_t namelen, uint16_t qtype, - int* lame, int* dnsseclame, int* reclame, int* rtt, uint32_t timenow); + int* lame, int* dnsseclame, int* reclame, int* rtt, time_t timenow); /** * Get additional (debug) info on timing. @@ -281,9 +281,9 @@ int infra_get_lame_rtt(struct infra_cache* infra, * @return TTL the infra host element is valid for. If -1: not found in cache. * TTL -2: found but expired. */ -int infra_get_host_rto(struct infra_cache* infra, +long long infra_get_host_rto(struct infra_cache* infra, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* name, - size_t namelen, struct rtt_info* rtt, int* delay, uint32_t timenow, + size_t namelen, struct rtt_info* rtt, int* delay, time_t timenow, int* tA, int* tAAAA, int* tother); /** diff --git a/usr.sbin/unbound/services/cache/rrset.c b/usr.sbin/unbound/services/cache/rrset.c index b9d20db0e5d..64223623112 100644 --- a/usr.sbin/unbound/services/cache/rrset.c +++ b/usr.sbin/unbound/services/cache/rrset.c @@ -120,7 +120,7 @@ rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key, /** see if rrset needs to be updated in the cache */ static int -need_to_update_rrset(void* nd, void* cd, uint32_t timenow, int equal, int ns) +need_to_update_rrset(void* nd, void* cd, time_t timenow, int equal, int ns) { struct packed_rrset_data* newd = (struct packed_rrset_data*)nd; struct packed_rrset_data* cached = (struct packed_rrset_data*)cd; @@ -181,7 +181,7 @@ rrset_update_id(struct rrset_ref* ref, struct alloc_cache* alloc) int rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref, - struct alloc_cache* alloc, uint32_t timenow) + struct alloc_cache* alloc, time_t timenow) { struct lruhash_entry* e; struct ub_packed_rrset_key* k = ref->key; @@ -237,7 +237,7 @@ rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref, struct ub_packed_rrset_key* rrset_cache_lookup(struct rrset_cache* r, uint8_t* qname, size_t qnamelen, - uint16_t qtype, uint16_t qclass, uint32_t flags, uint32_t timenow, + uint16_t qtype, uint16_t qclass, uint32_t flags, time_t timenow, int wr) { struct lruhash_entry* e; @@ -268,7 +268,7 @@ rrset_cache_lookup(struct rrset_cache* r, uint8_t* qname, size_t qnamelen, } int -rrset_array_lock(struct rrset_ref* ref, size_t count, uint32_t timenow) +rrset_array_lock(struct rrset_ref* ref, size_t count, time_t timenow) { size_t i; for(i=0; i<count; i++) { @@ -327,7 +327,7 @@ rrset_array_unlock_touch(struct rrset_cache* r, struct regional* scratch, void rrset_update_sec_status(struct rrset_cache* r, - struct ub_packed_rrset_key* rrset, uint32_t now) + struct ub_packed_rrset_key* rrset, time_t now) { struct packed_rrset_data* updata = (struct packed_rrset_data*)rrset->entry.data; @@ -366,7 +366,7 @@ rrset_update_sec_status(struct rrset_cache* r, void rrset_check_sec_status(struct rrset_cache* r, - struct ub_packed_rrset_key* rrset, uint32_t now) + struct ub_packed_rrset_key* rrset, time_t now) { struct packed_rrset_data* updata = (struct packed_rrset_data*)rrset->entry.data; diff --git a/usr.sbin/unbound/services/cache/rrset.h b/usr.sbin/unbound/services/cache/rrset.h index 22d36719eaf..92ced928b30 100644 --- a/usr.sbin/unbound/services/cache/rrset.h +++ b/usr.sbin/unbound/services/cache/rrset.h @@ -131,7 +131,7 @@ void rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key, * also the rdata is equal (but other parameters in cache are superior). */ int rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref, - struct alloc_cache* alloc, uint32_t timenow); + struct alloc_cache* alloc, time_t timenow); /** * Lookup rrset. You obtain read/write lock. You must unlock before lookup @@ -149,7 +149,7 @@ int rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref, */ struct ub_packed_rrset_key* rrset_cache_lookup(struct rrset_cache* r, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - uint32_t flags, uint32_t timenow, int wr); + uint32_t flags, time_t timenow, int wr); /** * Obtain readlock on a (sorted) list of rrset references. @@ -163,7 +163,7 @@ struct ub_packed_rrset_key* rrset_cache_lookup(struct rrset_cache* r, * RRsets have been purged from the cache. * If true, you hold readlocks on all the ref items. */ -int rrset_array_lock(struct rrset_ref* ref, size_t count, uint32_t timenow); +int rrset_array_lock(struct rrset_ref* ref, size_t count, time_t timenow); /** * Unlock array (sorted) of rrset references. @@ -199,7 +199,7 @@ void rrset_array_unlock_touch(struct rrset_cache* r, struct regional* scratch, * @param now: current time. */ void rrset_update_sec_status(struct rrset_cache* r, - struct ub_packed_rrset_key* rrset, uint32_t now); + struct ub_packed_rrset_key* rrset, time_t now); /** * Looks up security status of an rrset. Looks up the rrset. @@ -211,7 +211,7 @@ void rrset_update_sec_status(struct rrset_cache* r, * @param now: current time. */ void rrset_check_sec_status(struct rrset_cache* r, - struct ub_packed_rrset_key* rrset, uint32_t now); + struct ub_packed_rrset_key* rrset, time_t now); /** * Remove an rrset from the cache, by name and type and flags diff --git a/usr.sbin/unbound/services/localzone.c b/usr.sbin/unbound/services/localzone.c index 98d69433e30..4a2187ec4f2 100644 --- a/usr.sbin/unbound/services/localzone.c +++ b/usr.sbin/unbound/services/localzone.c @@ -225,7 +225,7 @@ lz_enter_zone(struct local_zones* zones, const char* name, const char* type, /** return name and class and rdata of rr; parses string */ static int get_rr_content(const char* str, uint8_t** nm, uint16_t* type, - uint16_t* dclass, uint32_t* ttl, ldns_buffer* rdata) + uint16_t* dclass, time_t* ttl, ldns_buffer* rdata) { ldns_rr* rr = NULL; ldns_status status = ldns_rr_new_frm_str(&rr, str, 3600, NULL, NULL); @@ -244,7 +244,7 @@ get_rr_content(const char* str, uint8_t** nm, uint16_t* type, } *dclass = ldns_rr_get_class(rr); *type = ldns_rr_get_type(rr); - *ttl = (uint32_t)ldns_rr_ttl(rr); + *ttl = (time_t)ldns_rr_ttl(rr); ldns_buffer_clear(rdata); ldns_buffer_skip(rdata, 2); status = ldns_rr_rdata2buffer_wire(rdata, rr); @@ -356,10 +356,10 @@ new_local_rrset(struct regional* region, struct local_data* node, /** insert RR into RRset data structure; Wastes a couple of bytes */ static int insert_rr(struct regional* region, struct packed_rrset_data* pd, - ldns_buffer* buf, uint32_t ttl) + ldns_buffer* buf, time_t ttl) { size_t* oldlen = pd->rr_len; - uint32_t* oldttl = pd->rr_ttl; + time_t* oldttl = pd->rr_ttl; uint8_t** olddata = pd->rr_data; /* add RR to rrset */ @@ -449,8 +449,8 @@ lz_enter_rr_into_zone(struct local_zone* z, ldns_buffer* buf, struct local_data* node; struct local_rrset* rrset; struct packed_rrset_data* pd; - uint16_t rrtype, rrclass; - uint32_t ttl; + uint16_t rrtype = 0, rrclass = 0; + time_t ttl = 0; if(!get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, buf)) { log_err("bad local-data: %s", rrstr); return 0; diff --git a/usr.sbin/unbound/services/mesh.c b/usr.sbin/unbound/services/mesh.c index 5c66caf3236..a8cb115ab93 100644 --- a/usr.sbin/unbound/services/mesh.c +++ b/usr.sbin/unbound/services/mesh.c @@ -321,6 +321,8 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, } #ifdef UNBOUND_DEBUG n = +#else + (void) #endif rbtree_insert(&mesh->all, &s->node); log_assert(n != NULL); @@ -390,6 +392,8 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, } #ifdef UNBOUND_DEBUG n = +#else + (void) #endif rbtree_insert(&mesh->all, &s->node); log_assert(n != NULL); @@ -422,7 +426,7 @@ mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, } void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, - uint16_t qflags, uint32_t leeway) + uint16_t qflags, time_t leeway) { struct mesh_state* s = mesh_area_find(mesh, qinfo, qflags&BIT_RD, 0); #ifdef UNBOUND_DEBUG @@ -450,6 +454,8 @@ void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, } #ifdef UNBOUND_DEBUG n = +#else + (void) #endif rbtree_insert(&mesh->all, &s->node); log_assert(n != NULL); @@ -657,6 +663,8 @@ void mesh_detach_subs(struct module_qstate* qstate) RBTREE_FOR(ref, struct mesh_state_ref*, &qstate->mesh_info->sub_set) { #ifdef UNBOUND_DEBUG n = +#else + (void) #endif rbtree_delete(&ref->s->super_set, &lookup); log_assert(n != NULL); /* must have been present */ @@ -693,6 +701,8 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo, } #ifdef UNBOUND_DEBUG n = +#else + (void) #endif rbtree_insert(&mesh->all, &sub->node); log_assert(n != NULL); @@ -701,6 +711,8 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo, /* set new query state to run */ #ifdef UNBOUND_DEBUG n = +#else + (void) #endif rbtree_insert(&mesh->run, &sub->run_node); log_assert(n != NULL); @@ -749,6 +761,8 @@ int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub) } #ifdef UNBOUND_DEBUG n = +#else + (void) #endif rbtree_insert(&super->sub_set, &subref->node); log_assert(n != NULL); /* we checked above if statement, the reverse @@ -878,8 +892,8 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, m->s.env->mesh->num_reply_addrs--; end_time = *m->s.env->now_tv; timeval_subtract(&duration, &end_time, &r->start_time); - verbose(VERB_ALGO, "query took %d.%6.6d sec", - (int)duration.tv_sec, (int)duration.tv_usec); + verbose(VERB_ALGO, "query took %lld.%6.6d sec", + (long long)duration.tv_sec, (int)duration.tv_usec); m->s.env->mesh->replies_sent++; timeval_add(&m->s.env->mesh->replies_sum_wait, &duration); timehist_insert(m->s.env->mesh->histogram, &duration); @@ -1124,7 +1138,7 @@ mesh_stats(struct mesh_area* mesh, const char* str) timeval_divide(&avg, &mesh->replies_sum_wait, mesh->replies_sent); log_info("average recursion processing time " - "%d.%6.6d sec", (int)avg.tv_sec, (int)avg.tv_usec); + "%lld.%6.6d sec", (long long)avg.tv_sec, (int)avg.tv_usec); log_info("histogram of recursion processing times"); timehist_log(mesh->histogram, "recursions"); } diff --git a/usr.sbin/unbound/services/mesh.h b/usr.sbin/unbound/services/mesh.h index 5f109779a4d..54a3cafecc9 100644 --- a/usr.sbin/unbound/services/mesh.h +++ b/usr.sbin/unbound/services/mesh.h @@ -307,7 +307,7 @@ int mesh_new_callback(struct mesh_area* mesh, struct query_info* qinfo, * @param leeway: TTL leeway what to expire earlier for this update. */ void mesh_new_prefetch(struct mesh_area* mesh, struct query_info* qinfo, - uint16_t qflags, uint32_t leeway); + uint16_t qflags, time_t leeway); /** * Handle new event from the wire. A serviced query has returned. diff --git a/usr.sbin/unbound/services/outside_network.c b/usr.sbin/unbound/services/outside_network.c index ba40d474dd2..373d8f35368 100644 --- a/usr.sbin/unbound/services/outside_network.c +++ b/usr.sbin/unbound/services/outside_network.c @@ -58,7 +58,9 @@ #include "util/net_help.h" #include "util/random.h" #include "util/fptr_wlist.h" +#ifdef HAVE_OPENSSL_SSL_H #include <openssl/ssl.h> +#endif #ifdef HAVE_NETDB_H #include <netdb.h> @@ -1208,6 +1210,8 @@ serviced_create(struct outside_network* outnet, ldns_buffer* buff, int dnssec, sq->to_be_deleted = 0; #ifdef UNBOUND_DEBUG ins = +#else + (void) #endif rbtree_insert(outnet->serviced, &sq->node); log_assert(ins != NULL); /* must not be already present */ @@ -1359,7 +1363,7 @@ serviced_udp_send(struct serviced_query* sq, ldns_buffer* buff) { int rtt, vs; uint8_t edns_lame_known; - uint32_t now = *sq->outnet->now_secs; + time_t now = *sq->outnet->now_secs; if(!infra_host(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone, sq->zonelen, now, &vs, &edns_lame_known, &rtt)) @@ -1441,12 +1445,14 @@ static void serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c, struct comm_reply* rep) { - struct service_callback* p = sq->cblist, *n; + struct service_callback* p; int dobackup = (sq->cblist && sq->cblist->next); /* >1 cb*/ uint8_t *backup_p = NULL; size_t backlen = 0; #ifdef UNBOUND_DEBUG rbnode_t* rem = +#else + (void) #endif /* remove from tree, and schedule for deletion, so that callbacks * can safely deregister themselves and even create new serviced @@ -1500,8 +1506,9 @@ serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c, } sq->outnet->svcd_overhead = backlen; } - while(p) { - n = p->next; + /* test the actual sq->cblist, because the next elem could be deleted*/ + while((p=sq->cblist) != NULL) { + sq->cblist = p->next; /* remove this element */ if(dobackup && c) { ldns_buffer_clear(c->buffer); ldns_buffer_write(c->buffer, backup_p, backlen); @@ -1509,7 +1516,7 @@ serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c, } fptr_ok(fptr_whitelist_serviced_query(p->cb)); (void)(*p->cb)(c, p->cb_arg, error, rep); - p = n; + free(p); } if(backup_p) { free(backup_p); @@ -1564,7 +1571,7 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error, (now.tv_sec == sq->last_sent_time.tv_sec && now.tv_usec > sq->last_sent_time.tv_usec)) { /* convert from microseconds to milliseconds */ - int roundtime = ((int)now.tv_sec - (int)sq->last_sent_time.tv_sec)*1000 + int roundtime = ((int)(now.tv_sec - sq->last_sent_time.tv_sec))*1000 + ((int)now.tv_usec - (int)sq->last_sent_time.tv_usec)/1000; verbose(VERB_ALGO, "measured TCP-time at %d msec", roundtime); log_assert(roundtime >= 0); @@ -1573,7 +1580,7 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error, if(roundtime < TCP_AUTH_QUERY_TIMEOUT*1000) { if(!infra_rtt_update(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone, sq->zonelen, sq->qtype, - roundtime, sq->last_rtt, (uint32_t)now.tv_sec)) + roundtime, sq->last_rtt, (time_t)now.tv_sec)) log_err("out of memory noting rtt."); } } @@ -1665,7 +1672,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, sq->retry++; if(!(rto=infra_rtt_update(outnet->infra, &sq->addr, sq->addrlen, sq->zone, sq->zonelen, sq->qtype, -1, sq->last_rtt, - (uint32_t)now.tv_sec))) + (time_t)now.tv_sec))) log_err("out of memory in UDP exponential backoff"); if(sq->retry < OUTBOUND_UDP_RETRY) { log_name_addr(VERB_ALGO, "retry query", sq->qbuf+10, @@ -1709,7 +1716,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, /* only store noEDNS in cache if domain is noDNSSEC */ if(!sq->want_dnssec) if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen, - sq->zone, sq->zonelen, -1, (uint32_t)now.tv_sec)) { + sq->zone, sq->zonelen, -1, (time_t)now.tv_sec)) { log_err("Out of memory caching no edns for host"); } sq->status = serviced_query_UDP; @@ -1719,7 +1726,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, log_addr(VERB_ALGO, "serviced query: EDNS works for", &sq->addr, sq->addrlen); if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen, - sq->zone, sq->zonelen, 0, (uint32_t)now.tv_sec)) { + sq->zone, sq->zonelen, 0, (time_t)now.tv_sec)) { log_err("Out of memory caching edns works"); } sq->edns_lame_known = 1; @@ -1736,7 +1743,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, log_addr(VERB_ALGO, "serviced query: EDNS fails for", &sq->addr, sq->addrlen); if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen, - sq->zone, sq->zonelen, -1, (uint32_t)now.tv_sec)) { + sq->zone, sq->zonelen, -1, (time_t)now.tv_sec)) { log_err("Out of memory caching no edns for host"); } } else { @@ -1750,7 +1757,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, (now.tv_sec == sq->last_sent_time.tv_sec && now.tv_usec > sq->last_sent_time.tv_usec)) { /* convert from microseconds to milliseconds */ - int roundtime = ((int)now.tv_sec - (int)sq->last_sent_time.tv_sec)*1000 + int roundtime = ((int)(now.tv_sec - sq->last_sent_time.tv_sec))*1000 + ((int)now.tv_usec - (int)sq->last_sent_time.tv_usec)/1000; verbose(VERB_ALGO, "measured roundtrip at %d msec", roundtime); log_assert(roundtime >= 0); @@ -1759,7 +1766,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, if(roundtime < 60000) { if(!infra_rtt_update(outnet->infra, &sq->addr, sq->addrlen, sq->zone, sq->zonelen, sq->qtype, roundtime, - sq->last_rtt, (uint32_t)now.tv_sec)) + sq->last_rtt, (time_t)now.tv_sec)) log_err("out of memory noting rtt."); } } @@ -1783,37 +1790,21 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, return 0; } -/** find callback in list */ -static struct service_callback* -callback_list_find(struct serviced_query* sq, void* cb_arg, - int (*arg_compare)(void*,void*)) -{ - struct service_callback* p; - for(p = sq->cblist; p; p = p->next) { - if(arg_compare(p->cb_arg, cb_arg)) - return p; - } - return NULL; -} - struct serviced_query* outnet_serviced_query(struct outside_network* outnet, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec, int want_dnssec, int tcp_upstream, int ssl_upstream, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, size_t zonelen, comm_point_callback_t* callback, - void* callback_arg, ldns_buffer* buff, int (*arg_compare)(void*,void*)) + void* callback_arg, ldns_buffer* buff) { struct serviced_query* sq; struct service_callback* cb; serviced_gen_query(buff, qname, qnamelen, qtype, qclass, flags); sq = lookup_serviced(outnet, buff, dnssec, addr, addrlen); - if(sq) { - /* see if it is a duplicate notification request for cb_arg */ - if(callback_list_find(sq, callback_arg, arg_compare)) { - return sq; - } - } + /* duplicate entries are included in the callback list, because + * there is a counterpart registration by our caller that needs to + * be doubly-removed (with callbacks perhaps). */ if(!(cb = (struct service_callback*)malloc(sizeof(*cb)))) return NULL; if(!sq) { @@ -1879,6 +1870,8 @@ void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg) if(!sq->cblist && !sq->to_be_deleted) { #ifdef UNBOUND_DEBUG rbnode_t* rem = +#else + (void) #endif rbtree_delete(sq->outnet->serviced, sq); log_assert(rem); /* should be present */ diff --git a/usr.sbin/unbound/services/outside_network.h b/usr.sbin/unbound/services/outside_network.h index ab18d2406e6..87fe8ff108d 100644 --- a/usr.sbin/unbound/services/outside_network.h +++ b/usr.sbin/unbound/services/outside_network.h @@ -63,7 +63,7 @@ struct outside_network { /** Base for select calls */ struct comm_base* base; /** pointer to time in seconds */ - uint32_t* now_secs; + time_t* now_secs; /** pointer to time in microseconds */ struct timeval* now_tv; @@ -279,9 +279,9 @@ struct service_callback { }; /** fallback size for fragmentation for EDNS in IPv4 */ -#define EDNS_FRAG_SIZE_IP4 1480 +#define EDNS_FRAG_SIZE_IP4 1472 /** fallback size for EDNS in IPv6, fits one fragment with ip6-tunnel-ids */ -#define EDNS_FRAG_SIZE_IP6 1260 +#define EDNS_FRAG_SIZE_IP6 1232 /** * Query service record. @@ -468,8 +468,6 @@ void pending_delete(struct outside_network* outnet, struct pending* p); authoritative. * @param zonelen: length of zone. * @param buff: scratch buffer to create query contents in. Empty on exit. - * @param arg_compare: function to compare callback args, return true if - * identical. It is given the callback_arg and args that are listed. * @return 0 on error, or pointer to serviced query that is used to answer * this serviced query may be shared with other callbacks as well. */ @@ -478,8 +476,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, uint16_t flags, int dnssec, int want_dnssec, int tcp_upstream, int ssl_upstream, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone, size_t zonelen, comm_point_callback_t* callback, - void* callback_arg, ldns_buffer* buff, - int (*arg_compare)(void*,void*)); + void* callback_arg, ldns_buffer* buff); /** * Remove service query callback. diff --git a/usr.sbin/unbound/smallapp/unbound-anchor.c b/usr.sbin/unbound/smallapp/unbound-anchor.c index e14ca733fd7..2b6d4232b17 100644 --- a/usr.sbin/unbound/smallapp/unbound-anchor.c +++ b/usr.sbin/unbound/smallapp/unbound-anchor.c @@ -134,6 +134,7 @@ #include <openssl/rand.h> #endif #include <openssl/x509.h> +#include <openssl/x509v3.h> #include <openssl/pem.h> /** name of server in URL to fetch HTTPS from */ @@ -142,6 +143,8 @@ #define XMLNAME "root-anchors/root-anchors.xml" /** path on HTTPS server to p7s file */ #define P7SNAME "root-anchors/root-anchors.p7s" +/** name of the signer of the certificate */ +#define P7SIGNER "dnssec@iana.org" /** port number for https access */ #define HTTPS_PORT 443 @@ -184,6 +187,7 @@ usage() printf("-u name server in https url, default %s\n", URLNAME); printf("-x path pathname to xml in url, default %s\n", XMLNAME); printf("-s path pathname to p7s in url, default %s\n", P7SNAME); + printf("-n name signer's subject emailAddress, default %s\n", P7SIGNER); printf("-4 work using IPv4 only\n"); printf("-6 work using IPv6 only\n"); printf("-f resolv.conf use given resolv.conf to resolve -u name\n"); @@ -540,6 +544,11 @@ resolve_host_ip(struct ub_ctx* ctx, char* host, int port, int tp, int cl, ub_ctx_delete(ctx); exit(0); } + if(!res->havedata || res->rcode || !res->data) { + if(verb) printf("resolve %s %s: no result\n", host, + (tp==LDNS_RR_TYPE_A)?"A":"AAAA"); + return; + } for(i = 0; res->data[i]; i++) { struct ip_list* ip = RR_to_ip(tp, res->data[i], res->len[i], port); @@ -1222,7 +1231,7 @@ xml_charhandle(void *userData, const XML_Char *s, int len) printf("'\n"); } if(strcasecmp(data->tag, "Zone") == 0) { - if(BIO_write(data->czone, s, len) <= 0) { + if(BIO_write(data->czone, s, len) < 0) { if(verb) printf("out of memory in BIO_write\n"); exit(0); } @@ -1233,7 +1242,7 @@ xml_charhandle(void *userData, const XML_Char *s, int len) return; b = xml_selectbio(data, data->tag); if(b) { - if(BIO_write(b, s, len) <= 0) { + if(BIO_write(b, s, len) < 0) { if(verb) printf("out of memory in BIO_write\n"); exit(0); } @@ -1426,7 +1435,7 @@ xml_startelem(void *userData, const XML_Char *name, const XML_Char **atts) static void xml_append_str(BIO* b, const char* s) { - if(BIO_write(b, s, (int)strlen(s)) <= 0) { + if(BIO_write(b, s, (int)strlen(s)) < 0) { if(verb) printf("out of memory in BIO_write\n"); exit(0); } @@ -1450,7 +1459,7 @@ xml_append_bio(BIO* b, BIO* a) z[i] = ' '; } /* write to BIO */ - if(BIO_write(b, z, len) <= 0) { + if(BIO_write(b, z, len) < 0) { if(verb) printf("out of memory in BIO_write\n"); exit(0); } @@ -1498,6 +1507,20 @@ xml_endelem(void *userData, const XML_Char *name) } } +/* Stop the parser when an entity declaration is encountered. For safety. */ +static void +xml_entitydeclhandler(void *userData, + const XML_Char *ATTR_UNUSED(entityName), + int ATTR_UNUSED(is_parameter_entity), + const XML_Char *ATTR_UNUSED(value), int ATTR_UNUSED(value_length), + const XML_Char *ATTR_UNUSED(base), + const XML_Char *ATTR_UNUSED(systemId), + const XML_Char *ATTR_UNUSED(publicId), + const XML_Char *ATTR_UNUSED(notationName)) +{ + (void)XML_StopParser((XML_Parser)userData, XML_FALSE); +} + /** * XML parser setup of the callbacks for the tags */ @@ -1522,10 +1545,11 @@ xml_parse_setup(XML_Parser parser, struct xml_data* data, time_t now) } snprintf(buf, sizeof(buf), "; created by unbound-anchor on %s", ctime(&now)); - if(BIO_write(data->ds, buf, (int)strlen(buf)) <= 0) { + if(BIO_write(data->ds, buf, (int)strlen(buf)) < 0) { if(verb) printf("out of memory\n"); exit(0); } + XML_SetEntityDeclHandler(parser, xml_entitydeclhandler); XML_SetElementHandler(parser, xml_startelem, xml_endelem); XML_SetCharacterDataHandler(parser, xml_charhandle); } @@ -1603,12 +1627,113 @@ xml_parse(BIO* xml, time_t now) } } +/* get key usage out of its extension, returns 0 if no key_usage extension */ +static unsigned long +get_usage_of_ex(X509* cert) +{ + unsigned long val = 0; + ASN1_BIT_STRING* s; + if((s=X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL))) { + if(s->length > 0) { + val = s->data[0]; + if(s->length > 1) + val |= s->data[1] << 8; + } + ASN1_BIT_STRING_free(s); + } + return val; +} + +/** get valid signers from the list of signers in the signature */ +static STACK_OF(X509)* +get_valid_signers(PKCS7* p7, char* p7signer) +{ + int i; + STACK_OF(X509)* validsigners = sk_X509_new_null(); + STACK_OF(X509)* signers = PKCS7_get0_signers(p7, NULL, 0); + unsigned long usage = 0; + if(!validsigners) { + if(verb) printf("out of memory\n"); + sk_X509_free(signers); + return NULL; + } + if(!signers) { + if(verb) printf("no signers in pkcs7 signature\n"); + sk_X509_free(validsigners); + return NULL; + } + for(i=0; i<sk_X509_num(signers); i++) { + X509_NAME* nm = X509_get_subject_name( + sk_X509_value(signers, i)); + char buf[1024]; + if(!nm) { + if(verb) printf("signer %d: cert has no subject name\n", i); + continue; + } + if(verb && nm) { + char* nmline = X509_NAME_oneline(nm, buf, + (int)sizeof(buf)); + printf("signer %d: Subject: %s\n", i, + nmline?nmline:"no subject"); + if(verb >= 3 && X509_NAME_get_text_by_NID(nm, + NID_commonName, buf, (int)sizeof(buf))) + printf("commonName: %s\n", buf); + if(verb >= 3 && X509_NAME_get_text_by_NID(nm, + NID_pkcs9_emailAddress, buf, (int)sizeof(buf))) + printf("emailAddress: %s\n", buf); + } + if(verb) { + int ku_loc = X509_get_ext_by_NID( + sk_X509_value(signers, i), NID_key_usage, -1); + if(verb >= 3 && ku_loc >= 0) { + X509_EXTENSION *ex = X509_get_ext( + sk_X509_value(signers, i), ku_loc); + if(ex) { + printf("keyUsage: "); + X509V3_EXT_print_fp(stdout, ex, 0, 0); + printf("\n"); + } + } + } + if(!p7signer || strcmp(p7signer, "")==0) { + /* there is no name to check, return all records */ + if(verb) printf("did not check commonName of signer\n"); + } else { + if(!X509_NAME_get_text_by_NID(nm, + NID_pkcs9_emailAddress, + buf, (int)sizeof(buf))) { + if(verb) printf("removed cert with no name\n"); + continue; /* no name, no use */ + } + if(strcmp(buf, p7signer) != 0) { + if(verb) printf("removed cert with wrong name\n"); + continue; /* wrong name, skip it */ + } + } + + /* check that the key usage allows digital signatures + * (the p7s) */ + usage = get_usage_of_ex(sk_X509_value(signers, i)); + if(!(usage & KU_DIGITAL_SIGNATURE)) { + if(verb) printf("removed cert with no key usage Digital Signature allowed\n"); + continue; + } + + /* we like this cert, add it to our list of valid + * signers certificates */ + sk_X509_push(validsigners, sk_X509_value(signers, i)); + } + sk_X509_free(signers); + return validsigners; +} + /** verify a PKCS7 signature, false on failure */ static int -verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust) +verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, char* p7signer) { PKCS7* p7; X509_STORE *store = X509_STORE_new(); + STACK_OF(X509)* validsigners; int secure = 0; int i; #ifdef X509_V_FLAG_CHECK_SS_SIGNATURE @@ -1630,6 +1755,9 @@ verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust) #endif return 0; } +#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE + X509_VERIFY_PARAM_free(param); +#endif (void)BIO_reset(p7s); (void)BIO_reset(data); @@ -1654,7 +1782,15 @@ verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust) } if(verb >= 2) printf("setup the X509_STORE\n"); - if(PKCS7_verify(p7, NULL, store, data, NULL, 0) == 1) { + /* check what is in the Subject name of the certificates, + * and build a stack that contains only the right certificates */ + validsigners = get_valid_signers(p7, p7signer); + if(!validsigners) { + X509_STORE_free(store); + PKCS7_free(p7); + return 0; + } + if(PKCS7_verify(p7, validsigners, store, data, NULL, PKCS7_NOINTERN) == 1) { secure = 1; if(verb) printf("the PKCS7 signature verified\n"); } else { @@ -1663,6 +1799,7 @@ verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust) } } + sk_X509_free(validsigners); X509_STORE_free(store); PKCS7_free(p7); return secure; @@ -1723,12 +1860,12 @@ write_root_anchor(char* root_anchor_file, BIO* ds) /** Perform the verification and update of the trustanchor file */ static void verify_and_update_anchor(char* root_anchor_file, BIO* xml, BIO* p7s, - STACK_OF(X509)* cert) + STACK_OF(X509)* cert, char* p7signer) { BIO* ds; /* verify xml file */ - if(!verify_p7sig(xml, p7s, cert)) { + if(!verify_p7sig(xml, p7s, cert, p7signer)) { printf("the PKCS7 signature failed\n"); exit(0); } @@ -1752,7 +1889,7 @@ static void do_wsa_cleanup(void) { WSACleanup(); } /** perform actual certupdate work */ static int do_certupdate(char* root_anchor_file, char* root_cert_file, - char* urlname, char* xmlname, char* p7sname, + char* urlname, char* xmlname, char* p7sname, char* p7signer, char* res_conf, char* root_hints, char* debugconf, int ip4only, int ip6only, int port, struct ub_result* dnskey) { @@ -1785,7 +1922,7 @@ do_certupdate(char* root_anchor_file, char* root_cert_file, p7s = https(ip_list, p7sname, urlname); /* verify and update the root anchor */ - verify_and_update_anchor(root_anchor_file, xml, p7s, cert); + verify_and_update_anchor(root_anchor_file, xml, p7s, cert, p7signer); if(verb) printf("success: the anchor has been updated " "using the cert\n"); @@ -2035,7 +2172,7 @@ probe_date_allows_certupdate(char* root_anchor_file) /** perform the unbound-anchor work */ static int do_root_update_work(char* root_anchor_file, char* root_cert_file, - char* urlname, char* xmlname, char* p7sname, + char* urlname, char* xmlname, char* p7sname, char* p7signer, char* res_conf, char* root_hints, char* debugconf, int ip4only, int ip6only, int force, int port) { @@ -2068,8 +2205,8 @@ do_root_update_work(char* root_anchor_file, char* root_cert_file, if((dnskey->rcode == 0 && probe_date_allows_certupdate(root_anchor_file)) || force) { if(do_certupdate(root_anchor_file, root_cert_file, urlname, - xmlname, p7sname, res_conf, root_hints, debugconf, - ip4only, ip6only, port, dnskey)) + xmlname, p7sname, p7signer, res_conf, root_hints, + debugconf, ip4only, ip6only, port, dnskey)) return 1; return used_builtin; } @@ -2092,12 +2229,13 @@ int main(int argc, char* argv[]) char* urlname = URLNAME; char* xmlname = XMLNAME; char* p7sname = P7SNAME; + char* p7signer = P7SIGNER; char* res_conf = NULL; char* root_hints = NULL; char* debugconf = NULL; int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT; /* parse the options */ - while( (c=getopt(argc, argv, "46C:FP:a:c:f:hlr:s:u:vx:")) != -1) { + while( (c=getopt(argc, argv, "46C:FP:a:c:f:hln:r:s:u:vx:")) != -1) { switch(c) { case 'l': dolist = 1; @@ -2123,6 +2261,9 @@ int main(int argc, char* argv[]) case 's': p7sname = optarg; break; + case 'n': + p7signer = optarg; + break; case 'f': res_conf = optarg; break; @@ -2160,6 +2301,6 @@ int main(int argc, char* argv[]) if(dolist) do_list_builtin(); return do_root_update_work(root_anchor_file, root_cert_file, urlname, - xmlname, p7sname, res_conf, root_hints, debugconf, ip4only, - ip6only, force, port); + xmlname, p7sname, p7signer, res_conf, root_hints, debugconf, + ip4only, ip6only, force, port); } diff --git a/usr.sbin/unbound/smallapp/unbound-control.c b/usr.sbin/unbound/smallapp/unbound-control.c index e438b3d20a1..43a52fd4967 100644 --- a/usr.sbin/unbound/smallapp/unbound-control.c +++ b/usr.sbin/unbound/smallapp/unbound-control.c @@ -68,6 +68,7 @@ usage() printf("Options:\n"); printf(" -c file config file, default is %s\n", CONFIGFILE); printf(" -s ip[@port] server address, if omitted config is used.\n"); + printf(" -q quiet (don't print anything if it works ok).\n"); printf(" -h show this usage help.\n"); printf("Commands:\n"); printf(" start start server; runs unbound(8)\n"); @@ -105,6 +106,8 @@ usage() printf(" list_forwards list forward-zones in use\n"); printf(" list_local_zones list local-zones in use\n"); printf(" list_local_data list local-data RRs in use\n"); + printf(" insecure_add zone add domain-insecure zone\n"); + printf(" insecure_remove zone remove domain-insecure zone\n"); printf(" forward_add [+i] zone addr.. add forward-zone with servers\n"); printf(" forward_remove [+i] zone remove forward zone\n"); printf(" stub_add [+ip] zone addr.. add stub-zone with servers\n"); @@ -263,7 +266,7 @@ send_file(SSL* ssl, FILE* in, char* buf, size_t sz) /** send command and display result */ static int -go_cmd(SSL* ssl, int argc, char* argv[]) +go_cmd(SSL* ssl, int quiet, int argc, char* argv[]) { char pre[10]; const char* space=" "; @@ -297,9 +300,12 @@ go_cmd(SSL* ssl, int argc, char* argv[]) ssl_err("could not SSL_read"); } buf[r] = 0; - printf("%s", buf); - if(first_line && strncmp(buf, "error", 5) == 0) + if(first_line && strncmp(buf, "error", 5) == 0) { + printf("%s", buf); was_error = 1; + } else if (!quiet) + printf("%s", buf); + first_line = 0; } return was_error; @@ -307,7 +313,7 @@ go_cmd(SSL* ssl, int argc, char* argv[]) /** go ahead and read config, contact server and perform command and display */ static int -go(const char* cfgfile, char* svr, int argc, char* argv[]) +go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[]) { struct config_file* cfg; int fd, ret; @@ -328,7 +334,7 @@ go(const char* cfgfile, char* svr, int argc, char* argv[]) ssl = setup_ssl(ctx, fd); /* send command */ - ret = go_cmd(ssl, argc, argv); + ret = go_cmd(ssl, quiet, argc, argv); SSL_free(ssl); #ifndef USE_WINSOCK @@ -350,6 +356,7 @@ extern char* optarg; int main(int argc, char* argv[]) { int c, ret; + int quiet = 0; const char* cfgfile = CONFIGFILE; char* svr = NULL; #ifdef USE_WINSOCK @@ -392,7 +399,7 @@ int main(int argc, char* argv[]) } /* parse the options */ - while( (c=getopt(argc, argv, "c:s:h")) != -1) { + while( (c=getopt(argc, argv, "c:s:qh")) != -1) { switch(c) { case 'c': cfgfile = optarg; @@ -400,6 +407,9 @@ int main(int argc, char* argv[]) case 's': svr = optarg; break; + case 'q': + quiet = 1; + break; case '?': case 'h': default: @@ -418,7 +428,7 @@ int main(int argc, char* argv[]) } } - ret = go(cfgfile, svr, argc, argv); + ret = go(cfgfile, svr, quiet, argc, argv); #ifdef USE_WINSOCK WSACleanup(); diff --git a/usr.sbin/unbound/smallapp/unbound-host.c b/usr.sbin/unbound/smallapp/unbound-host.c index ed52a551f9f..715aa4a6516 100644 --- a/usr.sbin/unbound/smallapp/unbound-host.c +++ b/usr.sbin/unbound/smallapp/unbound-host.c @@ -62,7 +62,8 @@ #include "libunbound/unbound.h" #include <ldns/ldns.h> #ifdef HAVE_NSS -#include <nss3/nss.h> +/* nss3 */ +#include "nss.h" #endif /** verbosity for unbound-host app */ diff --git a/usr.sbin/unbound/util/config_file.c b/usr.sbin/unbound/util/config_file.c index 2f5e988cb7a..1e0bd72df83 100644 --- a/usr.sbin/unbound/util/config_file.c +++ b/usr.sbin/unbound/util/config_file.c @@ -53,6 +53,10 @@ #include "util/regional.h" #include "util/fptr_wlist.h" #include "util/data/dname.h" +#ifdef HAVE_GLOB_H +# include <glob.h> +#endif + /** global config during parsing */ struct config_parser_state* cfg_parser = 0; /** lex in file */ @@ -65,6 +69,8 @@ int ub_c_parse(void); int ub_c_lex(void); /** wrap function */ int ub_c_wrap(void); +/** init lex state */ +void init_cfg_parse(void); /** init ports possible for use */ static void init_outgoing_availports(int* array, int num); @@ -197,6 +203,7 @@ config_create(void) cfg->control_port = UNBOUND_CONTROL_PORT; cfg->minimal_responses = 0; cfg->rrset_roundrobin = 0; + cfg->max_udp_size = 4096; if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) goto error_exit; if(!(cfg->server_cert_file = strdup(RUN_DIR"/unbound_server.pem"))) @@ -286,7 +293,7 @@ struct config_file* config_create_forlib(void) { return cfg_strlist_insert(&cfg->var, strdup(val)); } int config_set_option(struct config_file* cfg, const char* opt, - const char* val) + const char* val) { S_NUMBER_OR_ZERO("verbosity:", verbosity) else if(strcmp(opt, "statistics-interval:") == 0) { @@ -323,7 +330,11 @@ int config_set_option(struct config_file* cfg, const char* opt, cfg->use_syslog = 0; free(cfg->logfile); return (cfg->logfile = strdup(val)) != NULL; - } + } + else if(strcmp(opt, "log-time-ascii:") == 0) + { IS_YES_OR_NO; cfg->log_time_ascii = (strcmp(val, "yes") == 0); + log_set_time_asc(cfg->log_time_ascii); } + else S_SIZET_NONZERO("max-udp-size:", max_udp_size) else S_YNO("use-syslog:", use_syslog) else S_YNO("extended-statistics:", stat_extended) else S_YNO("statistics-cumulative:", stat_cumulative) @@ -354,7 +365,10 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_POW2("rrset-cache-slabs:", rrset_cache_slabs) else S_YNO("prefetch:", prefetch) else S_YNO("prefetch-key:", prefetch_key) - else S_NUMBER_OR_ZERO("cache-max-ttl:", max_ttl) + else if(strcmp(opt, "cache-max-ttl:") == 0) + { IS_NUMBER_OR_ZERO; cfg->max_ttl = atoi(val); MAX_TTL=(time_t)cfg->max_ttl;} + else if(strcmp(opt, "cache-min-ttl:") == 0) + { IS_NUMBER_OR_ZERO; cfg->min_ttl = atoi(val); MIN_TTL=(time_t)cfg->min_ttl;} else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl) else S_POW2("infra-cache-slabs:", infra_cache_slabs) else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts) @@ -413,6 +427,12 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STR("control-cert-file:", control_cert_file) else S_STR("module-config:", module_conf) else S_STR("python-script:", python_script) + /* val_sig_skew_min and max are copied into val_env during init, + * so this does not update val_env with set_option */ + else if(strcmp(opt, "val-sig-skew-min:") == 0) + { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_min = (int32_t)atoi(val); } + else if(strcmp(opt, "val-sig-skew-max:") == 0) + { IS_NUMBER_OR_ZERO; cfg->val_sig_skew_max = (int32_t)atoi(val); } else if (strcmp(opt, "outgoing-interface:") == 0) { char* d = strdup(val); char** oi = (char**)malloc((cfg->num_out_ifs+1)*sizeof(char*)); @@ -458,7 +478,7 @@ void config_collate_func(char* line, void* arg) } int config_get_option_list(struct config_file* cfg, const char* opt, - struct config_strlist** list) + struct config_strlist** list) { struct config_collate_arg m; memset(&m, 0, sizeof(m)); @@ -512,8 +532,9 @@ config_collate_cat(struct config_strlist* list) return NULL; } snprintf(w, left, "%s\n", s->str); - w += this+1; - left -= this+1; + this = strlen(w); + w += this; + left -= this; } return r; } @@ -568,6 +589,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "statistics-cumulative", stat_cumulative) else O_YNO(opt, "extended-statistics", stat_extended) else O_YNO(opt, "use-syslog", use_syslog) + else O_YNO(opt, "log-time-ascii", log_time_ascii) else O_DEC(opt, "num-threads", num_threads) else O_IFC(opt, "interface", num_ifs, ifs) else O_IFC(opt, "outgoing-interface", num_out_ifs, out_ifs) @@ -589,6 +611,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "prefetch-key", prefetch_key) else O_YNO(opt, "prefetch", prefetch) else O_DEC(opt, "cache-max-ttl", max_ttl) + else O_DEC(opt, "cache-min-ttl", min_ttl) else O_DEC(opt, "infra-host-ttl", host_ttl) else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs) else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts) @@ -657,6 +680,10 @@ config_get_option(struct config_file* cfg, const char* opt, else O_UNS(opt, "val-override-date", val_date_override) else O_YNO(opt, "minimal-responses", minimal_responses) else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin) + else O_DEC(opt, "max-udp-size", max_udp_size) + else O_STR(opt, "python-script", python_script) + else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min) + else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max) /* not here: * outgoing-permit, outgoing-avoid - have list of ports * local-zone - zones and nodefault variables @@ -680,6 +707,7 @@ create_cfg_parser(struct config_file* cfg, char* filename, const char* chroot) cfg_parser->errors = 0; cfg_parser->cfg = cfg; cfg_parser->chroot = chroot; + init_cfg_parse(); } int @@ -687,8 +715,69 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot) { FILE *in; char *fname = (char*)filename; +#ifdef HAVE_GLOB + glob_t g; + size_t i; + int r, flags; +#endif if(!fname) return 1; + + /* check for wildcards */ +#ifdef HAVE_GLOB + if(!(!strchr(fname, '*') && !strchr(fname, '?') && !strchr(fname, '[') && + !strchr(fname, '{') && !strchr(fname, '~'))) { + verbose(VERB_QUERY, "wildcard found, processing %s", fname); + flags = 0 +#ifdef GLOB_ERR + | GLOB_ERR +#endif +#ifdef GLOB_NOSORT + | GLOB_NOSORT +#endif +#ifdef GLOB_BRACE + | GLOB_BRACE +#endif +#ifdef GLOB_TILDE + | GLOB_TILDE +#endif + ; + memset(&g, 0, sizeof(g)); + r = glob(fname, flags, NULL, &g); + if(r) { + /* some error */ + globfree(&g); + if(r == GLOB_NOMATCH) { + verbose(VERB_QUERY, "include: " + "no matches for %s", fname); + return 1; + } else if(r == GLOB_NOSPACE) { + log_err("include: %s: " + "fnametern out of memory", fname); + } else if(r == GLOB_ABORTED) { + log_err("wildcard include: %s: expansion " + "aborted (%s)", fname, strerror(errno)); + } else { + log_err("wildcard include: %s: expansion " + "failed (%s)", fname, strerror(errno)); + } + /* ignore globs that yield no files */ + return 1; + } + /* process files found, if any */ + for(i=0; i<(size_t)g.gl_pathc; i++) { + if(!config_read(cfg, g.gl_pathv[i], chroot)) { + log_err("error reading wildcard " + "include: %s", g.gl_pathv[i]); + globfree(&g); + return 0; + } + } + globfree(&g); + return 1; + } +#endif /* HAVE_GLOB */ + in = fopen(fname, "r"); if(!in) { log_err("Could not open %s: %s", fname, strerror(errno)); @@ -975,10 +1064,10 @@ cfg_str2list_insert(struct config_str2list** head, char* item, char* i2) return 1; } -uint32_t +time_t cfg_convert_timeval(const char* str) { - uint32_t t; + time_t t; struct tm tm; memset(&tm, 0, sizeof(tm)); if(strlen(str) < 14) @@ -1003,26 +1092,26 @@ cfg_convert_timeval(const char* str) int cfg_count_numbers(const char* s) { - /* format ::= (sp num)+ sp */ - /* num ::= [-](0-9)+ */ - /* sp ::= (space|tab)* */ - int num = 0; - while(*s) { - while(*s && isspace((int)*s)) - s++; - if(!*s) /* end of string */ - break; - if(*s == '-') - s++; - if(!*s) /* only - not allowed */ - return 0; - if(!isdigit((int)*s)) /* bad character */ - return 0; - while(*s && isdigit((int)*s)) - s++; - num++; - } - return num; + /* format ::= (sp num)+ sp */ + /* num ::= [-](0-9)+ */ + /* sp ::= (space|tab)* */ + int num = 0; + while(*s) { + while(*s && isspace((int)*s)) + s++; + if(!*s) /* end of string */ + break; + if(*s == '-') + s++; + if(!*s) /* only - not allowed */ + return 0; + if(!isdigit((int)*s)) /* bad character */ + return 0; + while(*s && isdigit((int)*s)) + s++; + num++; + } + return num; } /** all digit number */ @@ -1082,8 +1171,8 @@ cfg_parse_memsize(const char* str, size_t* res) void config_apply(struct config_file* config) { - MAX_TTL = (uint32_t)config->max_ttl; - MIN_TTL = (uint32_t)config->min_ttl; + MAX_TTL = (time_t)config->max_ttl; + MIN_TTL = (time_t)config->min_ttl; EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size; MINIMAL_RESPONSES = config->minimal_responses; RRSET_ROUNDROBIN = config->rrset_roundrobin; diff --git a/usr.sbin/unbound/util/config_file.h b/usr.sbin/unbound/util/config_file.h index 69595cb50f2..6161302ecf2 100644 --- a/usr.sbin/unbound/util/config_file.h +++ b/usr.sbin/unbound/util/config_file.h @@ -296,6 +296,9 @@ struct config_file { /* RRSet roundrobin */ int rrset_roundrobin; + + /* maximum UDP response size */ + size_t max_udp_size; }; /** @@ -493,7 +496,7 @@ void config_delstubs(struct config_stub* list); * @param str: string of 14 digits * @return time value or 0 for error. */ -uint32_t cfg_convert_timeval(const char* str); +time_t cfg_convert_timeval(const char* str); /** * Count number of values in the string. diff --git a/usr.sbin/unbound/util/configlexer.lex b/usr.sbin/unbound/util/configlexer.lex index ed808aafc39..d3b08134201 100644 --- a/usr.sbin/unbound/util/configlexer.lex +++ b/usr.sbin/unbound/util/configlexer.lex @@ -11,6 +11,9 @@ #include <ctype.h> #include <string.h> #include <strings.h> +#ifdef HAVE_GLOB_H +# include <glob.h> +#endif #include "util/config_file.h" #include "util/configparser.h" @@ -36,52 +39,127 @@ void ub_c_error(const char *message); struct inc_state { char* filename; int line; + YY_BUFFER_STATE buffer; + struct inc_state* next; }; -static struct inc_state parse_stack[MAXINCLUDES]; -static YY_BUFFER_STATE include_stack[MAXINCLUDES]; -static int config_include_stack_ptr = 0; +static struct inc_state* config_include_stack = NULL; +static int inc_depth = 0; static int inc_prev = 0; static int num_args = 0; +void init_cfg_parse(void) +{ + config_include_stack = NULL; + inc_depth = 0; + inc_prev = 0; + num_args = 0; +} + static void config_start_include(const char* filename) { FILE *input; + struct inc_state* s; + char* nm; + if(inc_depth++ > 100000) { + ub_c_error_msg("too many include files"); + return; + } if(strlen(filename) == 0) { ub_c_error_msg("empty include file name"); return; } - if(config_include_stack_ptr >= MAXINCLUDES) { - ub_c_error_msg("includes nested too deeply, skipped (>%d)", MAXINCLUDES); + s = (struct inc_state*)malloc(sizeof(*s)); + if(!s) { + ub_c_error_msg("include %s: malloc failure", filename); return; } if(cfg_parser->chroot && strncmp(filename, cfg_parser->chroot, strlen(cfg_parser->chroot)) == 0) { filename += strlen(cfg_parser->chroot); } + nm = strdup(filename); + if(!nm) { + ub_c_error_msg("include %s: strdup failure", filename); + free(s); + return; + } input = fopen(filename, "r"); if(!input) { ub_c_error_msg("cannot open include file '%s': %s", filename, strerror(errno)); + free(s); + free(nm); return; } - LEXOUT(("switch_to_include_file(%s) ", filename)); - parse_stack[config_include_stack_ptr].filename = cfg_parser->filename; - parse_stack[config_include_stack_ptr].line = cfg_parser->line; - include_stack[config_include_stack_ptr] = YY_CURRENT_BUFFER; - cfg_parser->filename = strdup(filename); + LEXOUT(("switch_to_include_file(%s)\n", filename)); + s->filename = cfg_parser->filename; + s->line = cfg_parser->line; + s->buffer = YY_CURRENT_BUFFER; + s->next = config_include_stack; + config_include_stack = s; + cfg_parser->filename = nm; cfg_parser->line = 1; yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE)); - ++config_include_stack_ptr; +} + +static void config_start_include_glob(const char* filename) +{ + + /* check for wildcards */ +#ifdef HAVE_GLOB + glob_t g; + size_t i; + int r, flags; + if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') && + !strchr(filename, '{') && !strchr(filename, '~'))) { + flags = 0 +#ifdef GLOB_ERR + | GLOB_ERR +#endif +#ifdef GLOB_NOSORT + | GLOB_NOSORT +#endif +#ifdef GLOB_BRACE + | GLOB_BRACE +#endif +#ifdef GLOB_TILDE + | GLOB_TILDE +#endif + ; + memset(&g, 0, sizeof(g)); + r = glob(filename, flags, NULL, &g); + if(r) { + /* some error */ + globfree(&g); + if(r == GLOB_NOMATCH) + return; /* no matches for pattern */ + config_start_include(filename); /* let original deal with it */ + return; + } + /* process files found, if any */ + for(i=0; i<(size_t)g.gl_pathc; i++) { + config_start_include(g.gl_pathv[i]); + } + globfree(&g); + return; + } +#endif /* HAVE_GLOB */ + + config_start_include(filename); } static void config_end_include(void) { - --config_include_stack_ptr; + struct inc_state* s = config_include_stack; + --inc_depth; + if(!s) return; free(cfg_parser->filename); - cfg_parser->filename = parse_stack[config_include_stack_ptr].filename; - cfg_parser->line = parse_stack[config_include_stack_ptr].line; + cfg_parser->filename = s->filename; + cfg_parser->line = s->line; yy_delete_buffer(YY_CURRENT_BUFFER); - yy_switch_to_buffer(include_stack[config_include_stack_ptr]); + yy_switch_to_buffer(s->buffer); + config_include_stack = s->next; + free(s); } #ifndef yy_set_bol /* compat definition, for flex 2.4.6 */ @@ -243,6 +321,7 @@ python{COLON} { YDVAR(0, VAR_PYTHON) } domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) } minimal-responses{COLON} { YDVAR(1, VAR_MINIMAL_RESPONSES) } rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) } +max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) } <INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } /* Quoted strings. Strip leading and ending quotes */ @@ -299,7 +378,7 @@ rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) } <include>\" { LEXOUT(("IQS ")); BEGIN(include_quoted); } <include>{UNQUOTEDLETTER}* { LEXOUT(("Iunquotedstr(%s) ", yytext)); - config_start_include(yytext); + config_start_include_glob(yytext); BEGIN(inc_prev); } <include_quoted><<EOF>> { @@ -312,12 +391,13 @@ rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) } <include_quoted>\" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; - config_start_include(yytext); + config_start_include_glob(yytext); BEGIN(inc_prev); } <INITIAL,val><<EOF>> { + LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ - if (config_include_stack_ptr == 0) { + if (!config_include_stack) { yyterminate(); } else { fclose(yyin); diff --git a/usr.sbin/unbound/util/configparser.y b/usr.sbin/unbound/util/configparser.y index 0dbee2b498c..4a0cc1697a7 100644 --- a/usr.sbin/unbound/util/configparser.y +++ b/usr.sbin/unbound/util/configparser.y @@ -105,6 +105,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN +%token VAR_MAX_UDP_SIZE %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -161,7 +162,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag | server_log_queries | server_tcp_upstream | server_ssl_upstream | server_ssl_service_key | server_ssl_service_pem | server_ssl_port | - server_minimal_responses | server_rrset_roundrobin + server_minimal_responses | server_rrset_roundrobin | server_max_udp_size ; stubstart: VAR_STUB_ZONE { @@ -1117,6 +1118,13 @@ server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG free($2); } ; +server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG + { + OUTYY(("P(server_max_udp_size:%s)\n", $2)); + cfg_parser->cfg->max_udp_size = atoi($2); + free($2); + } + ; stub_name: VAR_NAME STRING_ARG { OUTYY(("P(name:%s)\n", $2)); diff --git a/usr.sbin/unbound/util/data/msgencode.c b/usr.sbin/unbound/util/data/msgencode.c index 157796deb95..33f14b4dacc 100644 --- a/usr.sbin/unbound/util/data/msgencode.c +++ b/usr.sbin/unbound/util/data/msgencode.c @@ -441,7 +441,7 @@ rrset_belongs_in_reply(ldns_pkt_section s, uint16_t rrtype, uint16_t qtype, /** store rrset in buffer in wireformat, return RETVAL_* */ static int packed_rrset_encode(struct ub_packed_rrset_key* key, ldns_buffer* pkt, - uint16_t* num_rrs, uint32_t timenow, struct regional* region, + uint16_t* num_rrs, time_t timenow, struct regional* region, int do_data, int do_sig, struct compress_tree_node** tree, ldns_pkt_section s, uint16_t qtype, int dnssec, size_t rr_offset) { @@ -528,7 +528,7 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, ldns_buffer* pkt, /** store msg section in wireformat buffer, return RETVAL_* */ static int insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, - ldns_buffer* pkt, size_t rrsets_before, uint32_t timenow, + ldns_buffer* pkt, size_t rrsets_before, time_t timenow, struct regional* region, struct compress_tree_node** tree, ldns_pkt_section s, uint16_t qtype, int dnssec, size_t rr_offset) { @@ -624,7 +624,7 @@ positive_answer(struct reply_info* rep, uint16_t qtype) { int reply_info_encode(struct query_info* qinfo, struct reply_info* rep, - uint16_t id, uint16_t flags, ldns_buffer* buffer, uint32_t timenow, + uint16_t id, uint16_t flags, ldns_buffer* buffer, time_t timenow, struct regional* region, uint16_t udpsize, int dnssec) { uint16_t ancount=0, nscount=0, arcount=0; @@ -658,8 +658,9 @@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, return 0; } } - /* roundrobin offset. using query id for random number */ - rr_offset = RRSET_ROUNDROBIN?id:0; + /* roundrobin offset. using query id for random number. With ntohs + * for different roundrobins for sequential id client senders. */ + rr_offset = RRSET_ROUNDROBIN?ntohs(id):0; /* insert answer section */ if((r=insert_section(rep, rep->an_numrrsets, &ancount, buffer, @@ -708,9 +709,6 @@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, return 0; } ldns_buffer_write_u16_at(buffer, 10, arcount); - } else { - ldns_buffer_write_u16_at(buffer, 8, nscount); - ldns_buffer_write_u16_at(buffer, 10, arcount); } ldns_buffer_flip(buffer); return 1; @@ -750,7 +748,7 @@ attach_edns_record(ldns_buffer* pkt, struct edns_data* edns) int reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, - uint16_t id, uint16_t qflags, ldns_buffer* pkt, uint32_t timenow, + uint16_t id, uint16_t qflags, ldns_buffer* pkt, time_t timenow, int cached, struct regional* region, uint16_t udpsize, struct edns_data* edns, int dnssec, int secure) { diff --git a/usr.sbin/unbound/util/data/msgencode.h b/usr.sbin/unbound/util/data/msgencode.h index 74d6c1fb2dd..13f0c1b4d33 100644 --- a/usr.sbin/unbound/util/data/msgencode.h +++ b/usr.sbin/unbound/util/data/msgencode.h @@ -66,7 +66,7 @@ struct edns_data; * @return: 0 on error (server failure). */ int reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, - uint16_t id, uint16_t qflags, ldns_buffer* dest, uint32_t timenow, + uint16_t id, uint16_t qflags, ldns_buffer* dest, time_t timenow, int cached, struct regional* region, uint16_t udpsize, struct edns_data* edns, int dnssec, int secure); @@ -88,7 +88,7 @@ int reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, * 0 on error: malloc failure (no log_err has been done). */ int reply_info_encode(struct query_info* qinfo, struct reply_info* rep, - uint16_t id, uint16_t flags, ldns_buffer* buffer, uint32_t timenow, + uint16_t id, uint16_t flags, ldns_buffer* buffer, time_t timenow, struct regional* region, uint16_t udpsize, int dnssec); /** diff --git a/usr.sbin/unbound/util/data/msgparse.h b/usr.sbin/unbound/util/data/msgparse.h index 830d68e16cd..83d2aaaa6ea 100644 --- a/usr.sbin/unbound/util/data/msgparse.h +++ b/usr.sbin/unbound/util/data/msgparse.h @@ -71,9 +71,9 @@ struct regional; /** number of buckets in parse rrset hash table. Must be power of 2. */ #define PARSE_TABLE_SIZE 32 /** Maximum TTL that is allowed. */ -extern uint32_t MAX_TTL; +extern time_t MAX_TTL; /** Minimum TTL that is allowed. */ -extern uint32_t MIN_TTL; +extern time_t MIN_TTL; /** Negative cache time (for entries without any RRs.) */ #define NORR_TTL 5 /* seconds */ diff --git a/usr.sbin/unbound/util/data/msgreply.c b/usr.sbin/unbound/util/data/msgreply.c index 6d711fff3a2..004d6c928f5 100644 --- a/usr.sbin/unbound/util/data/msgreply.c +++ b/usr.sbin/unbound/util/data/msgreply.c @@ -53,9 +53,9 @@ #include "util/data/msgencode.h" /** MAX TTL default for messages and rrsets */ -uint32_t MAX_TTL = 3600 * 24 * 10; /* ten days */ +time_t MAX_TTL = 3600 * 24 * 10; /* ten days */ /** MIN TTL default for messages and rrsets */ -uint32_t MIN_TTL = 0; +time_t MIN_TTL = 0; /** allocate qinfo, return 0 on error */ static int @@ -79,7 +79,7 @@ parse_create_qinfo(ldns_buffer* pkt, struct msg_parse* msg, /** constructor for replyinfo */ static struct reply_info* construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, - uint32_t ttl, uint32_t prettl, size_t an, size_t ns, size_t ar, + time_t ttl, time_t prettl, size_t an, size_t ns, size_t ar, size_t total, enum sec_status sec) { struct reply_info* rep; @@ -154,7 +154,7 @@ repinfo_alloc_rrset_keys(struct reply_info* rep, struct alloc_cache* alloc, /** do the rdata copy */ static int rdata_copy(ldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to, - struct rr_parse* rr, uint32_t* rr_ttl, uint16_t type) + struct rr_parse* rr, time_t* rr_ttl, uint16_t type) { uint16_t pkt_len; const ldns_rr_descriptor* desc; @@ -245,7 +245,7 @@ parse_rr_copy(ldns_buffer* pkt, struct rrset_parse* pset, data->rr_len = (size_t*)((uint8_t*)data + sizeof(struct packed_rrset_data)); data->rr_data = (uint8_t**)&(data->rr_len[total]); - data->rr_ttl = (uint32_t*)&(data->rr_data[total]); + data->rr_ttl = (time_t*)&(data->rr_data[total]); nextrdata = (uint8_t*)&(data->rr_ttl[total]); for(i=0; i<data->count; i++) { data->rr_len[i] = rr->size; @@ -278,7 +278,7 @@ parse_create_rrset(ldns_buffer* pkt, struct rrset_parse* pset, /* allocate */ size_t s = sizeof(struct packed_rrset_data) + (pset->rr_count + pset->rrsig_count) * - (sizeof(size_t)+sizeof(uint8_t*)+sizeof(uint32_t)) + + (sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)) + pset->size; if(region) *data = regional_alloc(region, s); @@ -465,7 +465,7 @@ reply_info_sortref(struct reply_info* rep) } void -reply_info_set_ttls(struct reply_info* rep, uint32_t timenow) +reply_info_set_ttls(struct reply_info* rep, time_t timenow) { size_t i, j; rep->ttl += timenow; diff --git a/usr.sbin/unbound/util/data/msgreply.h b/usr.sbin/unbound/util/data/msgreply.h index a32f2b1edab..6087c6b2057 100644 --- a/usr.sbin/unbound/util/data/msgreply.h +++ b/usr.sbin/unbound/util/data/msgreply.h @@ -116,21 +116,21 @@ struct reply_info { */ uint8_t qdcount; + /** 32 bit padding to pad struct member alignment to 64 bits. */ + uint32_t padding; + /** * TTL of the entire reply (for negative caching). * only for use when there are 0 RRsets in this message. * if there are RRsets, check those instead. */ - uint32_t ttl; + time_t ttl; /** * TTL for prefetch. After it has expired, a prefetch is suitable. * Smaller than the TTL, otherwise the prefetch would not happen. */ - uint32_t prefetch_ttl; - - /** 32 bit padding to pad struct member alignment to 64 bits. */ - uint32_t padding; + time_t prefetch_ttl; /** * The security status from DNSSEC validation of this message. @@ -253,7 +253,7 @@ void reply_info_sortref(struct reply_info* rep); * Also refs must be filled in. * @param timenow: the current time. */ -void reply_info_set_ttls(struct reply_info* rep, uint32_t timenow); +void reply_info_set_ttls(struct reply_info* rep, time_t timenow); /** * Delete reply_info and packed_rrsets (while they are not yet added to the diff --git a/usr.sbin/unbound/util/data/packed_rrset.c b/usr.sbin/unbound/util/data/packed_rrset.c index e1fc2e5291e..1bf2e8f00b8 100644 --- a/usr.sbin/unbound/util/data/packed_rrset.c +++ b/usr.sbin/unbound/util/data/packed_rrset.c @@ -183,7 +183,7 @@ packed_rrset_ptr_fixup(struct packed_rrset_data* data) data->rr_len = (size_t*)((uint8_t*)data + sizeof(struct packed_rrset_data)); data->rr_data = (uint8_t**)&(data->rr_len[total]); - data->rr_ttl = (uint32_t*)&(data->rr_data[total]); + data->rr_ttl = (time_t*)&(data->rr_data[total]); nextrdata = (uint8_t*)&(data->rr_ttl[total]); for(i=0; i<total; i++) { data->rr_data[i] = nextrdata; @@ -215,7 +215,7 @@ get_cname_target(struct ub_packed_rrset_key* rrset, uint8_t** dname, } void -packed_rrset_ttl_add(struct packed_rrset_data* data, uint32_t add) +packed_rrset_ttl_add(struct packed_rrset_data* data, time_t add) { size_t i; size_t total = data->count + data->rrsig_count; @@ -266,7 +266,7 @@ void log_rrset_key(enum verbosity_value v, const char* str, ntohs(rrset->rk.type), ntohs(rrset->rk.rrset_class)); } -uint32_t +time_t ub_packed_rrset_ttl(struct ub_packed_rrset_key* key) { struct packed_rrset_data* d = (struct packed_rrset_data*)key-> @@ -276,7 +276,7 @@ ub_packed_rrset_ttl(struct ub_packed_rrset_key* key) struct ub_packed_rrset_key* packed_rrset_copy_region(struct ub_packed_rrset_key* key, - struct regional* region, uint32_t now) + struct regional* region, time_t now) { struct ub_packed_rrset_key* ck = regional_alloc(region, sizeof(struct ub_packed_rrset_key)); @@ -315,7 +315,7 @@ packed_rrset_copy_region(struct ub_packed_rrset_key* key, struct ub_packed_rrset_key* packed_rrset_copy_alloc(struct ub_packed_rrset_key* key, - struct alloc_cache* alloc, uint32_t now) + struct alloc_cache* alloc, time_t now) { struct packed_rrset_data* fd, *dd; struct ub_packed_rrset_key* dk = alloc_special_obtain(alloc); @@ -386,7 +386,7 @@ packed_rrset_heap_data(ldns_rr_list* rrset) /* allocate */ total = count + rrsig_count; - len += sizeof(*data) + total*(sizeof(size_t) + sizeof(uint32_t) + + len += sizeof(*data) + total*(sizeof(size_t) + sizeof(time_t) + sizeof(uint8_t*)); data = (struct packed_rrset_data*)calloc(1, len); if(!data) @@ -399,7 +399,7 @@ packed_rrset_heap_data(ldns_rr_list* rrset) data->rr_len = (size_t*)((uint8_t*)data + sizeof(struct packed_rrset_data)); data->rr_data = (uint8_t**)&(data->rr_len[total]); - data->rr_ttl = (uint32_t*)&(data->rr_data[total]); + data->rr_ttl = (time_t*)&(data->rr_data[total]); nextrdata = (uint8_t*)&(data->rr_ttl[total]); /* fill out len, ttl, fields */ diff --git a/usr.sbin/unbound/util/data/packed_rrset.h b/usr.sbin/unbound/util/data/packed_rrset.h index ad11a804226..9530aa604f1 100644 --- a/usr.sbin/unbound/util/data/packed_rrset.h +++ b/usr.sbin/unbound/util/data/packed_rrset.h @@ -215,7 +215,7 @@ enum sec_status { struct packed_rrset_data { /** TTL (in seconds like time()) of the rrset. * Same for all RRs see rfc2181(5.2). */ - uint32_t ttl; + time_t ttl; /** number of rrs. */ size_t count; /** number of rrsigs, if 0 no rrsigs */ @@ -227,7 +227,7 @@ struct packed_rrset_data { /** length of every rr's rdata, rr_len[i] is size of rr_data[i]. */ size_t* rr_len; /** ttl of every rr. rr_ttl[i] ttl of rr i. */ - uint32_t *rr_ttl; + time_t *rr_ttl; /** * Array of pointers to every rr's rdata. * The rr_data[i] rdata is stored in uncompressed wireformat. @@ -281,7 +281,7 @@ size_t packed_rrset_sizeof(struct packed_rrset_data* data); * @param key: rrset key, with data to examine. * @return ttl value. */ -uint32_t ub_packed_rrset_ttl(struct ub_packed_rrset_key* key); +time_t ub_packed_rrset_ttl(struct ub_packed_rrset_key* key); /** * Calculate memory size of rrset entry. For hash table usage. @@ -343,7 +343,7 @@ void packed_rrset_ptr_fixup(struct packed_rrset_data* data); * @param data: rrset data structure. Otherwise correctly filled in. * @param add: how many seconds to add, pass time(0) for example. */ -void packed_rrset_ttl_add(struct packed_rrset_data* data, uint32_t add); +void packed_rrset_ttl_add(struct packed_rrset_data* data, time_t add); /** * Utility procedure to extract CNAME target name from its rdata. @@ -392,7 +392,7 @@ void log_rrset_key(enum verbosity_value v, const char* str, */ struct ub_packed_rrset_key* packed_rrset_copy_region( struct ub_packed_rrset_key* key, struct regional* region, - uint32_t now); + time_t now); /** * Allocate rrset with malloc (from region or you are holding the lock). @@ -403,7 +403,7 @@ struct ub_packed_rrset_key* packed_rrset_copy_region( */ struct ub_packed_rrset_key* packed_rrset_copy_alloc( struct ub_packed_rrset_key* key, struct alloc_cache* alloc, - uint32_t now); + time_t now); /** * Create a ub_packed_rrset_key allocated on the heap. diff --git a/usr.sbin/unbound/util/iana_ports.inc b/usr.sbin/unbound/util/iana_ports.inc index fcf04c327e1..3d607a7d468 100644 --- a/usr.sbin/unbound/util/iana_ports.inc +++ b/usr.sbin/unbound/util/iana_ports.inc @@ -33,7 +33,6 @@ 48, 49, 50, -51, 52, 53, 54, @@ -692,11 +691,8 @@ 1022, 1025, 1026, -1028, +1027, 1029, -1030, -1031, -1032, 1033, 1034, 1035, @@ -895,6 +891,7 @@ 1229, 1230, 1231, +1232, 1233, 1234, 1235, @@ -3848,6 +3845,7 @@ 4425, 4426, 4430, +4432, 4441, 4442, 4443, @@ -3870,6 +3868,7 @@ 4486, 4488, 4500, +4534, 4535, 4536, 4537, @@ -3957,6 +3956,7 @@ 4743, 4744, 4745, +4747, 4749, 4750, 4751, @@ -3964,6 +3964,7 @@ 4753, 4784, 4785, +4789, 4800, 4801, 4802, @@ -4053,6 +4054,7 @@ 5050, 5051, 5052, +5053, 5055, 5056, 5057, @@ -4090,6 +4092,7 @@ 5111, 5112, 5116, +5120, 5133, 5136, 5137, @@ -4168,6 +4171,7 @@ 5361, 5362, 5363, +5364, 5397, 5398, 5399, @@ -4257,6 +4261,7 @@ 5632, 5633, 5634, +5670, 5671, 5672, 5673, @@ -4270,6 +4275,7 @@ 5681, 5682, 5683, +5684, 5688, 5689, 5713, @@ -4351,6 +4357,7 @@ 6085, 6086, 6087, +6088, 6100, 6101, 6102, @@ -4364,6 +4371,7 @@ 6110, 6111, 6112, +6118, 6122, 6123, 6124, @@ -4399,6 +4407,7 @@ 6306, 6315, 6316, +6317, 6320, 6321, 6322, @@ -4443,6 +4452,7 @@ 6508, 6509, 6510, +6511, 6514, 6515, 6543, @@ -4469,6 +4479,7 @@ 6627, 6628, 6633, +6653, 6657, 6670, 6671, @@ -4488,6 +4499,7 @@ 6769, 6770, 6771, +6784, 6785, 6786, 6787, @@ -4544,6 +4556,7 @@ 7070, 7071, 7080, +7095, 7099, 7100, 7101, @@ -4587,6 +4600,7 @@ 7401, 7402, 7410, +7411, 7421, 7426, 7427, @@ -4654,6 +4668,7 @@ 7799, 7800, 7801, +7802, 7810, 7845, 7846, @@ -4762,6 +4777,7 @@ 8442, 8443, 8444, +8445, 8450, 8472, 8473, @@ -4780,12 +4796,12 @@ 8614, 8675, 8686, -8699, 8732, 8733, 8763, 8764, 8765, +8766, 8770, 8786, 8787, @@ -4871,6 +4887,7 @@ 9217, 9222, 9255, +9277, 9278, 9279, 9280, @@ -5005,10 +5022,12 @@ 10805, 10810, 10860, +10880, 10990, 11000, 11001, 11106, +11108, 11111, 11112, 11161, @@ -5073,9 +5092,11 @@ 13820, 13821, 13822, +13894, 13929, 14000, 14001, +14002, 14033, 14034, 14141, @@ -5153,6 +5174,7 @@ 19539, 19540, 19541, +19788, 19999, 20000, 20001, @@ -5216,6 +5238,7 @@ 24242, 24249, 24321, +24322, 24386, 24465, 24554, @@ -5240,6 +5263,8 @@ 25901, 25902, 25903, +25954, +25955, 26000, 26133, 26208, @@ -5257,11 +5282,15 @@ 27999, 28000, 28119, +28200, 28240, 29167, 30001, 30002, +30003, +30004, 30260, +30832, 30999, 31029, 31416, @@ -5320,6 +5349,7 @@ 42508, 42509, 42510, +43000, 43188, 43189, 43190, @@ -5329,11 +5359,11 @@ 43441, 44321, 44322, -44323, 44544, 44553, 44600, 44818, +44900, 45000, 45054, 45678, @@ -5341,10 +5371,12 @@ 45966, 46999, 47000, +47100, 47557, 47624, 47806, 47808, +47809, 48000, 48001, 48002, diff --git a/usr.sbin/unbound/util/log.c b/usr.sbin/unbound/util/log.c index 8c09c7ce312..9b2daea3208 100644 --- a/usr.sbin/unbound/util/log.c +++ b/usr.sbin/unbound/util/log.c @@ -73,7 +73,7 @@ static const char* ident="unbound"; static int logging_to_syslog = 0; #endif /* HAVE_SYSLOG_H */ /** time to print in log, if NULL, use time(2) */ -static uint32_t* log_now = NULL; +static time_t* log_now = NULL; /** print time in UTC or in secondsfrom1970 */ static int log_time_asc = 0; @@ -151,7 +151,7 @@ void log_ident_set(const char* id) ident = id; } -void log_set_time(uint32_t* t) +void log_set_time(time_t* t) { log_now = t; } @@ -228,7 +228,7 @@ log_vmsg(int pri, const char* type, ident, (int)getpid(), tid?*tid:0, type, message); } else #endif - fprintf(logfile, "[%u] %s[%d:%x] %s: %s\n", (unsigned)now, + fprintf(logfile, "[%lld] %s[%d:%x] %s: %s\n", (long long)now, ident, (int)getpid(), tid?*tid:0, type, message); #ifdef UB_ON_WINDOWS /* line buffering does not work on windows */ diff --git a/usr.sbin/unbound/util/log.h b/usr.sbin/unbound/util/log.h index 270ffc5c180..5ba1a0bc4d7 100644 --- a/usr.sbin/unbound/util/log.h +++ b/usr.sbin/unbound/util/log.h @@ -108,7 +108,7 @@ void log_ident_set(const char* id); * @param t: the point is copied and used to find the time. * if NULL, time(2) is used. */ -void log_set_time(uint32_t* t); +void log_set_time(time_t* t); /** * Set if the time value is printed ascii or decimal in log entries. diff --git a/usr.sbin/unbound/util/mini_event.c b/usr.sbin/unbound/util/mini_event.c index f66214ddb8f..a03edf1b3c7 100644 --- a/usr.sbin/unbound/util/mini_event.c +++ b/usr.sbin/unbound/util/mini_event.c @@ -79,13 +79,13 @@ settime(struct event_base* base) return -1; } #ifndef S_SPLINT_S - *base->time_secs = (uint32_t)base->time_tv->tv_sec; + *base->time_secs = (time_t)base->time_tv->tv_sec; #endif return 0; } /** create event base */ -void *event_init(uint32_t* time_secs, struct timeval* time_tv) +void *event_init(time_t* time_secs, struct timeval* time_tv) { struct event_base* base = (struct event_base*)malloc( sizeof(struct event_base)); diff --git a/usr.sbin/unbound/util/mini_event.h b/usr.sbin/unbound/util/mini_event.h index 248468ada84..b04419123f8 100644 --- a/usr.sbin/unbound/util/mini_event.h +++ b/usr.sbin/unbound/util/mini_event.h @@ -103,7 +103,7 @@ struct event_base /** if we need to exit */ int need_to_exit; /** where to store time in seconds */ - uint32_t* time_secs; + time_t* time_secs; /** where to store time in microseconds */ struct timeval* time_tv; }; @@ -134,7 +134,7 @@ struct event { /* function prototypes (some are as they appear in event.h) */ /** create event base */ -void *event_init(uint32_t* time_secs, struct timeval* time_tv); +void *event_init(time_t* time_secs, struct timeval* time_tv); /** get version */ const char *event_get_version(void); /** get polling method, select */ diff --git a/usr.sbin/unbound/util/module.h b/usr.sbin/unbound/util/module.h index 8fa4ec25960..3ec25524b03 100644 --- a/usr.sbin/unbound/util/module.h +++ b/usr.sbin/unbound/util/module.h @@ -186,7 +186,7 @@ struct module_env { /** random table to generate random numbers */ struct ub_randstate* rnd; /** time in seconds, converted to integer */ - uint32_t* now; + time_t* now; /** time in microseconds. Relatively recent. */ struct timeval* now_tv; /** is validation required for messages, controls client-facing @@ -309,7 +309,7 @@ struct module_qstate { /** mesh related information for this query */ struct mesh_state* mesh_info; /** how many seconds before expiry is this prefetched (0 if not) */ - uint32_t prefetch_leeway; + time_t prefetch_leeway; }; /** diff --git a/usr.sbin/unbound/util/net_help.c b/usr.sbin/unbound/util/net_help.c index d8c624fd665..64bd876dcbb 100644 --- a/usr.sbin/unbound/util/net_help.c +++ b/usr.sbin/unbound/util/net_help.c @@ -725,3 +725,59 @@ void* outgoing_ssl_fd(void* sslctx, int fd) return NULL; #endif } + +#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) +/** global lock list for openssl locks */ +static lock_basic_t *ub_openssl_locks = NULL; + +/** callback that gets thread id for openssl */ +static unsigned long +ub_crypto_id_cb(void) +{ + return (unsigned long)ub_thread_self(); +} + +static void +ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file), + int ATTR_UNUSED(line)) +{ + if((mode&CRYPTO_LOCK)) { + lock_basic_lock(&ub_openssl_locks[type]); + } else { + lock_basic_unlock(&ub_openssl_locks[type]); + } +} +#endif /* OPENSSL_THREADS */ + +int ub_openssl_lock_init(void) +{ +#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) + int i; + ub_openssl_locks = (lock_basic_t*)malloc( + sizeof(lock_basic_t)*CRYPTO_num_locks()); + if(!ub_openssl_locks) + return 0; + for(i=0; i<CRYPTO_num_locks(); i++) { + lock_basic_init(&ub_openssl_locks[i]); + } + CRYPTO_set_id_callback(&ub_crypto_id_cb); + CRYPTO_set_locking_callback(&ub_crypto_lock_cb); +#endif /* OPENSSL_THREADS */ + return 1; +} + +void ub_openssl_lock_delete(void) +{ +#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) + int i; + if(!ub_openssl_locks) + return; + CRYPTO_set_id_callback(NULL); + CRYPTO_set_locking_callback(NULL); + for(i=0; i<CRYPTO_num_locks(); i++) { + lock_basic_destroy(&ub_openssl_locks[i]); + } + free(ub_openssl_locks); +#endif /* OPENSSL_THREADS */ +} + diff --git a/usr.sbin/unbound/util/net_help.h b/usr.sbin/unbound/util/net_help.h index e0c0ebea175..05b5087b412 100644 --- a/usr.sbin/unbound/util/net_help.h +++ b/usr.sbin/unbound/util/net_help.h @@ -369,4 +369,15 @@ void* incoming_ssl_fd(void* sslctx, int fd); */ void* outgoing_ssl_fd(void* sslctx, int fd); +/** + * Initialize openssl locking for thread safety + * @return false on failure (alloc failure). + */ +int ub_openssl_lock_init(void); + +/** + * De-init the allocated openssl locks + */ +void ub_openssl_lock_delete(void); + #endif /* NET_HELP_H */ diff --git a/usr.sbin/unbound/util/random.c b/usr.sbin/unbound/util/random.c index 5b61aef7f3b..5d71fcfa4c1 100644 --- a/usr.sbin/unbound/util/random.c +++ b/usr.sbin/unbound/util/random.c @@ -65,9 +65,11 @@ #include <openssl/rc4.h> #include <openssl/err.h> #elif defined(HAVE_NSS) -#include <nspr4/prerror.h> -#include <nss3/secport.h> -#include <nss3/pk11pub.h> +/* nspr4 */ +#include "prerror.h" +/* nss3 */ +#include "secport.h" +#include "pk11pub.h" #endif /** diff --git a/usr.sbin/unbound/util/storage/lookup3.c b/usr.sbin/unbound/util/storage/lookup3.c index 65e0ad2a57c..7596033bdee 100644 --- a/usr.sbin/unbound/util/storage/lookup3.c +++ b/usr.sbin/unbound/util/storage/lookup3.c @@ -1,4 +1,5 @@ /* + February 2013(Wouter) patch defines for BSD endianness, from Brad Smith. January 2012(Wouter) added randomised initial value, fallout from 28c3. March 2007(Wouter) adapted from lookup3.c original, add config.h include. added #ifdef VALGRIND to remove 298,384,660 'unused variable k8' warnings. @@ -49,12 +50,21 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy. #include <time.h> /* defines time_t for timings in the test */ /*#include <stdint.h> defines uint32_t etc (from config.h) */ #include <sys/param.h> /* attempt to define endianness */ +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> /* attempt to define endianness (solaris) */ +#endif #ifdef linux # include <endian.h> /* attempt to define endianness */ #endif +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) +#include <sys/endian.h> /* attempt to define endianness */ +#endif +#ifdef __OpenBSD__ +#include <machine/endian.h> /* attempt to define endianness */ +#endif /* random initial value */ -static uint32_t raninit = 0xdeadbeef; +static uint32_t raninit = (uint32_t)0xdeadbeef; void hash_set_raninit(uint32_t v) @@ -69,14 +79,24 @@ hash_set_raninit(uint32_t v) #if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \ __BYTE_ORDER == __LITTLE_ENDIAN) || \ (defined(i386) || defined(__i386__) || defined(__i486__) || \ - defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL)) + defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL) || defined(__x86)) # define HASH_LITTLE_ENDIAN 1 # define HASH_BIG_ENDIAN 0 #elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \ __BYTE_ORDER == __BIG_ENDIAN) || \ - (defined(sparc) || defined(POWERPC) || defined(mc68000) || defined(sel)) + (defined(sparc) || defined(__sparc) || defined(__sparc__) || defined(POWERPC) || defined(mc68000) || defined(sel)) # define HASH_LITTLE_ENDIAN 0 # define HASH_BIG_ENDIAN 1 +#elif defined(_MACHINE_ENDIAN_H_) +/* test for machine_endian_h protects failure if some are empty strings */ +# if defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN +# define HASH_LITTLE_ENDIAN 0 +# define HASH_BIG_ENDIAN 1 +# endif +# if defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && _BYTE_ORDER == _LITTLE_ENDIAN +# define HASH_LITTLE_ENDIAN 1 +# define HASH_BIG_ENDIAN 0 +# endif /* _MACHINE_ENDIAN_H_ */ #else # define HASH_LITTLE_ENDIAN 0 # define HASH_BIG_ENDIAN 0 diff --git a/usr.sbin/unbound/util/tube.c b/usr.sbin/unbound/util/tube.c index 28c51d79d16..fde84967fda 100644 --- a/usr.sbin/unbound/util/tube.c +++ b/usr.sbin/unbound/util/tube.c @@ -368,7 +368,7 @@ int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len, return 0; } d = 0; - while(d != (ssize_t)*len) { + while(d < (ssize_t)*len) { if((r=read(fd, (*buf)+d, (size_t)((ssize_t)*len)-d)) == -1) { log_err("tube msg read failed: %s", strerror(errno)); (void)fd_set_nonblock(fd); diff --git a/usr.sbin/unbound/util/winsock_event.c b/usr.sbin/unbound/util/winsock_event.c index ff5c9b0939d..82e9ab06a38 100644 --- a/usr.sbin/unbound/util/winsock_event.c +++ b/usr.sbin/unbound/util/winsock_event.c @@ -71,7 +71,7 @@ settime(struct event_base* base) return -1; } #ifndef S_SPLINT_S - *base->time_secs = (uint32_t)base->time_tv->tv_sec; + *base->time_secs = (time_t)base->time_tv->tv_sec; #endif return 0; } @@ -108,7 +108,7 @@ zero_waitfor(WSAEVENT waitfor[], WSAEVENT x) } } -void *event_init(uint32_t* time_secs, struct timeval* time_tv) +void *event_init(time_t* time_secs, struct timeval* time_tv) { struct event_base* base = (struct event_base*)malloc( sizeof(struct event_base)); @@ -181,8 +181,8 @@ static void handle_timeouts(struct event_base* base, struct timeval* now, wait->tv_usec = p->ev_timeout.tv_usec - now->tv_usec; } - verbose(VERB_CLIENT, "winsock_event wait=%d.%6.6d", - (int)wait->tv_sec, (int)wait->tv_usec); + verbose(VERB_CLIENT, "winsock_event wait=%lld.%6.6d", + (long long)wait->tv_sec, (int)wait->tv_usec); return; } #endif @@ -488,9 +488,9 @@ int event_base_set(struct event_base *base, struct event *ev) int event_add(struct event *ev, struct timeval *tv) { - verbose(VERB_ALGO, "event_add %p added=%d fd=%d tv=%d %s%s%s", + verbose(VERB_ALGO, "event_add %p added=%d fd=%d tv=%lld %s%s%s", ev, ev->added, ev->ev_fd, - (tv?(int)tv->tv_sec*1000+(int)tv->tv_usec/1000:-1), + (tv?(long long)tv->tv_sec*1000+(long long)tv->tv_usec/1000:-1), (ev->ev_events&EV_READ)?" EV_READ":"", (ev->ev_events&EV_WRITE)?" EV_WRITE":"", (ev->ev_events&EV_TIMEOUT)?" EV_TIMEOUT":""); @@ -569,10 +569,10 @@ int event_add(struct event *ev, struct timeval *tv) int event_del(struct event *ev) { - verbose(VERB_ALGO, "event_del %p added=%d fd=%d tv=%d %s%s%s", + verbose(VERB_ALGO, "event_del %p added=%d fd=%d tv=%lld %s%s%s", ev, ev->added, ev->ev_fd, - (ev->ev_events&EV_TIMEOUT)?(int)ev->ev_timeout.tv_sec*1000+ - (int)ev->ev_timeout.tv_usec/1000:-1, + (ev->ev_events&EV_TIMEOUT)?(long long)ev->ev_timeout.tv_sec*1000+ + (long long)ev->ev_timeout.tv_usec/1000:-1, (ev->ev_events&EV_READ)?" EV_READ":"", (ev->ev_events&EV_WRITE)?" EV_WRITE":"", (ev->ev_events&EV_TIMEOUT)?" EV_TIMEOUT":""); diff --git a/usr.sbin/unbound/util/winsock_event.h b/usr.sbin/unbound/util/winsock_event.h index 088283e128a..f51f53478e9 100644 --- a/usr.sbin/unbound/util/winsock_event.h +++ b/usr.sbin/unbound/util/winsock_event.h @@ -129,7 +129,7 @@ struct event_base /** if we need to exit */ int need_to_exit; /** where to store time in seconds */ - uint32_t* time_secs; + time_t* time_secs; /** where to store time in microseconds */ struct timeval* time_tv; /** @@ -194,7 +194,7 @@ struct event { }; /** create event base */ -void *event_init(uint32_t* time_secs, struct timeval* time_tv); +void *event_init(time_t* time_secs, struct timeval* time_tv); /** get version */ const char *event_get_version(void); /** get polling method (select,epoll) */ diff --git a/usr.sbin/unbound/validator/autotrust.c b/usr.sbin/unbound/validator/autotrust.c index a361ab04ba3..3d22637b8c2 100644 --- a/usr.sbin/unbound/validator/autotrust.c +++ b/usr.sbin/unbound/validator/autotrust.c @@ -242,7 +242,7 @@ parse_comments(char* str, struct autr_ta* ta) if (pos < 0 || !timestamp) ta->last_change = 0; else - ta->last_change = (uint32_t)timestamp; + ta->last_change = (time_t)timestamp; free(comment); return 1; @@ -466,7 +466,7 @@ add_trustanchor_frm_str(struct val_anchors* anchors, char* str, * @param anchors: all points. * @param str: comments line * @param fname: filename - * @param origin: $ORIGIN. + * @param origin: the $ORIGIN. * @param prev: passed to ldns. * @param skip: if true, the result is NULL, but not an error, skip it. * @return false on failure, otherwise the tp read. @@ -677,12 +677,12 @@ parse_var_line(char* line, struct val_anchors* anchors, } else if(strncmp(line, ";;query_interval: ", 18) == 0) { if(!tp) return -1; lock_basic_lock(&tp->lock); - tp->autr->query_interval = (uint32_t)parse_int(line+18, &r); + tp->autr->query_interval = (time_t)parse_int(line+18, &r); lock_basic_unlock(&tp->lock); } else if(strncmp(line, ";;retry_time: ", 14) == 0) { if(!tp) return -1; lock_basic_lock(&tp->lock); - tp->autr->retry_time = (uint32_t)parse_int(line+14, &r); + tp->autr->retry_time = (time_t)parse_int(line+14, &r); lock_basic_unlock(&tp->lock); } return r; @@ -881,6 +881,8 @@ print_id(FILE* out, char* fname, struct module_env* env, ldns_buffer_clear(env->scratch_buffer); #ifdef UNBOUND_DEBUG s = +#else + (void) #endif ldns_rdf2buffer_str_dname(env->scratch_buffer, &rdf); log_assert(s == LDNS_STATUS_OK); @@ -976,9 +978,13 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) char* fname = tp->autr->file; char tempf[2048]; log_assert(tp->autr); + if(!env) { + log_err("autr_write_file: Module environment is NULL."); + return; + } /* unique name with pid number and thread number */ snprintf(tempf, sizeof(tempf), "%s.%d-%d", fname, (int)getpid(), - env&&env->worker?*(int*)env->worker:0); + env->worker?*(int*)env->worker:0); verbose(VERB_ALGO, "autotrust: write to disk: %s", tempf); out = fopen(tempf, "w"); if(!out) { @@ -1031,23 +1037,23 @@ verify_dnskey(struct module_env* env, struct val_env* ve, } /** Find minimum expiration interval from signatures */ -static uint32_t +static time_t min_expiry(struct module_env* env, ldns_rr_list* rrset) { size_t i; - uint32_t t, r = 15 * 24 * 3600; /* 15 days max */ + int32_t t, r = 15 * 24 * 3600; /* 15 days max */ for(i=0; i<ldns_rr_list_rr_count(rrset); i++) { ldns_rr* rr = ldns_rr_list_rr(rrset, i); if(ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) continue; t = ldns_rdf2native_int32(ldns_rr_rrsig_expiration(rr)); - if(t - *env->now > 0) { + if((int32_t)t - (int32_t)*env->now > 0) { t -= *env->now; if(t < r) r = t; } } - return r; + return (time_t)r; } /** Is rr self-signed revoked key */ @@ -1239,7 +1245,7 @@ add_key(struct trust_anchor* tp, ldns_rr* rr) } /** get TTL from DNSKEY rrset */ -static uint32_t +static time_t key_ttl(struct ub_packed_rrset_key* k) { struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; @@ -1248,10 +1254,10 @@ key_ttl(struct ub_packed_rrset_key* k) /** update the time values for the trustpoint */ static void -set_tp_times(struct trust_anchor* tp, uint32_t rrsig_exp_interval, - uint32_t origttl, int* changed) +set_tp_times(struct trust_anchor* tp, time_t rrsig_exp_interval, + time_t origttl, int* changed) { - uint32_t x, qi = tp->autr->query_interval, rt = tp->autr->retry_time; + time_t x, qi = tp->autr->query_interval, rt = tp->autr->retry_time; /* x = MIN(15days, ttl/2, expire/2) */ x = 15 * 24 * 3600; @@ -1444,21 +1450,21 @@ update_events(struct module_env* env, struct val_env* ve, * @param holddown: the timer value * @return number of seconds the holddown has passed. */ -static int -check_holddown(struct module_env* env, struct autr_ta* ta, +static time_t +check_holddown(struct module_env* env, struct autr_ta* ta, unsigned int holddown) { - unsigned int elapsed; - if((unsigned)*env->now < (unsigned)ta->last_change) { + time_t elapsed; + if(*env->now < ta->last_change) { log_warn("time goes backwards. delaying key holddown"); return 0; } - elapsed = (unsigned)*env->now - (unsigned)ta->last_change; - if (elapsed > holddown) { - return (int) (elapsed-holddown); + elapsed = *env->now - ta->last_change; + if (elapsed > (time_t)holddown) { + return elapsed-(time_t)holddown; } - verbose_key(ta, VERB_ALGO, "holddown time %d seconds to go", - (int) (holddown-elapsed)); + verbose_key(ta, VERB_ALGO, "holddown time %lld seconds to go", + (long long) ((time_t)holddown-elapsed)); return 0; } @@ -1498,11 +1504,11 @@ do_addtime(struct module_env* env, struct autr_ta* anchor, int* c) /* This not according to RFC, this is 30 days, but the RFC demands * MAX(30days, TTL expire time of first DNSKEY set with this key), * The value may be too small if a very large TTL was used. */ - int exceeded = check_holddown(env, anchor, env->cfg->add_holddown); + time_t exceeded = check_holddown(env, anchor, env->cfg->add_holddown); if (exceeded && anchor->s == AUTR_STATE_ADDPEND) { verbose_key(anchor, VERB_ALGO, "add-holddown time exceeded " - "%d seconds ago, and pending-count %d", exceeded, - anchor->pending_count); + "%lld seconds ago, and pending-count %d", + (long long)exceeded, anchor->pending_count); if(anchor->pending_count >= MIN_PENDINGCOUNT) { set_trustanchor_state(env, anchor, c, AUTR_STATE_VALID); anchor->pending_count = 0; @@ -1517,10 +1523,10 @@ do_addtime(struct module_env* env, struct autr_ta* anchor, int* c) static void do_remtime(struct module_env* env, struct autr_ta* anchor, int* c) { - int exceeded = check_holddown(env, anchor, env->cfg->del_holddown); + time_t exceeded = check_holddown(env, anchor, env->cfg->del_holddown); if(exceeded && anchor->s == AUTR_STATE_REVOKED) { verbose_key(anchor, VERB_ALGO, "del-holddown time exceeded " - "%d seconds ago", exceeded); + "%lld seconds ago", (long long)exceeded); set_trustanchor_state(env, anchor, c, AUTR_STATE_REMOVED); } } @@ -1649,7 +1655,7 @@ remove_missing_trustanchors(struct module_env* env, struct trust_anchor* tp, int* changed) { struct autr_ta* anchor; - int exceeded; + time_t exceeded; int valid = 0; /* see if we have anchors that are valid */ for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { @@ -1697,8 +1703,8 @@ remove_missing_trustanchors(struct module_env* env, struct trust_anchor* tp, * one valid KSK: remove missing trust anchor */ if (exceeded && valid > 0) { verbose_key(anchor, VERB_ALGO, "keep-missing time " - "exceeded %d seconds ago, [%d key(s) VALID]", - exceeded, valid); + "exceeded %lld seconds ago, [%d key(s) VALID]", + (long long)exceeded, valid); set_trustanchor_state(env, anchor, changed, AUTR_STATE_REMOVED); } @@ -1762,15 +1768,15 @@ autr_cleanup_keys(struct trust_anchor* tp) /** calculate next probe time */ static time_t -calc_next_probe(struct module_env* env, uint32_t wait) +calc_next_probe(struct module_env* env, time_t wait) { /* make it random, 90-100% */ - uint32_t rnd, rest; + time_t rnd, rest; if(wait < 3600) wait = 3600; rnd = wait/10; rest = wait-rnd; - rnd = (uint32_t)ub_random_max(env->rnd, (long int)rnd); + rnd = (time_t)ub_random_max(env->rnd, (long int)rnd); return (time_t)(*env->now + rest + rnd); } @@ -1790,7 +1796,7 @@ reset_worker_timer(struct module_env* env) { struct timeval tv; #ifndef S_SPLINT_S - uint32_t next = (uint32_t)wait_probe_time(env->anchors); + time_t next = (time_t)wait_probe_time(env->anchors); /* in case this is libunbound, no timer */ if(!env->probe_timer) return; @@ -1800,7 +1806,7 @@ reset_worker_timer(struct module_env* env) #endif tv.tv_usec = 0; comm_timer_set(env->probe_timer, &tv); - verbose(VERB_ALGO, "scheduled next probe in %d sec", (int)tv.tv_sec); + verbose(VERB_ALGO, "scheduled next probe in %lld sec", (long long)tv.tv_sec); } /** set next probe for trust anchor */ @@ -2156,7 +2162,7 @@ probe_anchor(struct module_env* env, struct trust_anchor* tp) /** fetch first to-probe trust-anchor and lock it and set retrytime */ static struct trust_anchor* -todo_probe(struct module_env* env, uint32_t* next) +todo_probe(struct module_env* env, time_t* next) { struct trust_anchor* tp; rbnode_t* el; @@ -2171,9 +2177,9 @@ todo_probe(struct module_env* env, uint32_t* next) lock_basic_lock(&tp->lock); /* is it eligible? */ - if((uint32_t)tp->autr->next_probe_time > *env->now) { + if((time_t)tp->autr->next_probe_time > *env->now) { /* no more to probe */ - *next = (uint32_t)tp->autr->next_probe_time - *env->now; + *next = (time_t)tp->autr->next_probe_time - *env->now; lock_basic_unlock(&tp->lock); lock_basic_unlock(&env->anchors->lock); return NULL; @@ -2188,11 +2194,11 @@ todo_probe(struct module_env* env, uint32_t* next) return tp; } -uint32_t +time_t autr_probe_timer(struct module_env* env) { struct trust_anchor* tp; - uint32_t next_probe = 3600; + time_t next_probe = 3600; int num = 0; verbose(VERB_ALGO, "autotrust probe timer callback"); /* while there are still anchors to probe */ diff --git a/usr.sbin/unbound/validator/autotrust.h b/usr.sbin/unbound/validator/autotrust.h index 4e88ed32042..193135cb66e 100644 --- a/usr.sbin/unbound/validator/autotrust.h +++ b/usr.sbin/unbound/validator/autotrust.h @@ -104,9 +104,9 @@ struct autr_point_data { time_t next_probe_time; /** when to query if !failed */ - uint32_t query_interval; + time_t query_interval; /** when to retry if failed */ - uint32_t retry_time; + time_t retry_time; /** * How many times did it fail. diagnostic only (has no effect). @@ -151,7 +151,7 @@ size_t autr_get_num_anchors(struct val_anchors* anchors); * @return time of next probe (in seconds from now). * If 0, then there is no next probe anymore (trust points deleted). */ -uint32_t autr_probe_timer(struct module_env* env); +time_t autr_probe_timer(struct module_env* env); /** probe tree compare function */ int probetree_cmp(const void* x, const void* y); diff --git a/usr.sbin/unbound/validator/val_anchor.c b/usr.sbin/unbound/validator/val_anchor.c index fa69df52d68..e710f2f2408 100644 --- a/usr.sbin/unbound/validator/val_anchor.c +++ b/usr.sbin/unbound/validator/val_anchor.c @@ -242,6 +242,8 @@ anchor_new_ta(struct val_anchors* anchors, uint8_t* name, int namelabs, } #ifdef UNBOUND_DEBUG r = +#else + (void) #endif rbtree_insert(anchors->tree, &ta->node); if(lockit) { @@ -836,7 +838,8 @@ anchor_read_bind_file_wild(struct val_anchors* anchors, ldns_buffer* buffer, log_err("wildcard trusted-keys-file %s: expansion " "failed (%s)", pat, strerror(errno)); } - return 0; + /* ignore globs that yield no files */ + return 1; } /* process files found, if any */ for(i=0; i<(size_t)g.gl_pathc; i++) { @@ -899,7 +902,7 @@ assemble_it(struct trust_anchor* ta, size_t num, uint16_t type) free(pkey); return NULL; } - pd->rr_ttl = (uint32_t*)malloc(num*sizeof(uint32_t)); + pd->rr_ttl = (time_t*)malloc(num*sizeof(time_t)); if(!pd->rr_ttl) { free(pd->rr_len); free(pd); diff --git a/usr.sbin/unbound/validator/val_kcache.c b/usr.sbin/unbound/validator/val_kcache.c index 68e8c3f619b..6d4ad8f32a1 100644 --- a/usr.sbin/unbound/validator/val_kcache.c +++ b/usr.sbin/unbound/validator/val_kcache.c @@ -126,7 +126,7 @@ key_cache_search(struct key_cache* kcache, uint8_t* name, size_t namelen, struct key_entry_key* key_cache_obtain(struct key_cache* kcache, uint8_t* name, size_t namelen, - uint16_t key_class, struct regional* region, uint32_t now) + uint16_t key_class, struct regional* region, time_t now) { /* keep looking until we find a nonexpired entry */ while(1) { diff --git a/usr.sbin/unbound/validator/val_kcache.h b/usr.sbin/unbound/validator/val_kcache.h index c37cf1ecbaf..8f562109621 100644 --- a/usr.sbin/unbound/validator/val_kcache.h +++ b/usr.sbin/unbound/validator/val_kcache.h @@ -106,7 +106,7 @@ void key_cache_remove(struct key_cache* kcache, */ struct key_entry_key* key_cache_obtain(struct key_cache* kcache, uint8_t* name, size_t namelen, uint16_t key_class, - struct regional* region, uint32_t now); + struct regional* region, time_t now); /** * Get memory in use by the key cache. diff --git a/usr.sbin/unbound/validator/val_kentry.c b/usr.sbin/unbound/validator/val_kentry.c index ddac140d316..e9144838feb 100644 --- a/usr.sbin/unbound/validator/val_kentry.c +++ b/usr.sbin/unbound/validator/val_kentry.c @@ -275,8 +275,8 @@ key_entry_setup(struct regional* region, struct key_entry_key* key_entry_create_null(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, uint32_t ttl, - uint32_t now) + uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + time_t now) { struct key_entry_key* k; struct key_entry_data* d; @@ -294,7 +294,7 @@ key_entry_create_null(struct regional* region, struct key_entry_key* key_entry_create_rrset(struct regional* region, uint8_t* name, size_t namelen, uint16_t dclass, - struct ub_packed_rrset_key* rrset, uint8_t* sigalg, uint32_t now) + struct ub_packed_rrset_key* rrset, uint8_t* sigalg, time_t now) { struct key_entry_key* k; struct key_entry_data* d; @@ -321,8 +321,8 @@ key_entry_create_rrset(struct regional* region, struct key_entry_key* key_entry_create_bad(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, uint32_t ttl, - uint32_t now) + uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + time_t now) { struct key_entry_key* k; struct key_entry_data* d; diff --git a/usr.sbin/unbound/validator/val_kentry.h b/usr.sbin/unbound/validator/val_kentry.h index d14ffe58801..6a308f160f2 100644 --- a/usr.sbin/unbound/validator/val_kentry.h +++ b/usr.sbin/unbound/validator/val_kentry.h @@ -75,7 +75,7 @@ struct key_entry_key { */ struct key_entry_data { /** the TTL of this entry (absolute time) */ - uint32_t ttl; + time_t ttl; /** the key rrdata. can be NULL to signal keyless name. */ struct packed_rrset_data* rrset_data; /** not NULL sometimes to give reason why bogus */ @@ -169,8 +169,8 @@ char* key_entry_get_reason(struct key_entry_key* kkey); * @return new key entry or NULL on alloc failure */ struct key_entry_key* key_entry_create_null(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, uint32_t ttl, - uint32_t now); + uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + time_t now); /** * Create a key entry from an rrset, in the given region. @@ -185,7 +185,7 @@ struct key_entry_key* key_entry_create_null(struct regional* region, */ struct key_entry_key* key_entry_create_rrset(struct regional* region, uint8_t* name, size_t namelen, uint16_t dclass, - struct ub_packed_rrset_key* rrset, uint8_t* sigalg, uint32_t now); + struct ub_packed_rrset_key* rrset, uint8_t* sigalg, time_t now); /** * Create a bad entry, in the given region. @@ -198,8 +198,8 @@ struct key_entry_key* key_entry_create_rrset(struct regional* region, * @return new key entry or NULL on alloc failure */ struct key_entry_key* key_entry_create_bad(struct regional* region, - uint8_t* name, size_t namelen, uint16_t dclass, uint32_t ttl, - uint32_t now); + uint8_t* name, size_t namelen, uint16_t dclass, time_t ttl, + time_t now); /** * Obtain rrset from a key entry, allocated in region. diff --git a/usr.sbin/unbound/validator/val_neg.c b/usr.sbin/unbound/validator/val_neg.c index eec2eb1b6bb..e8d9d56ad6f 100644 --- a/usr.sbin/unbound/validator/val_neg.c +++ b/usr.sbin/unbound/validator/val_neg.c @@ -494,8 +494,8 @@ static struct val_neg_zone* neg_zone_chain( struct val_neg_zone* p=first, *np; while(p) { np = p->parent; - free(p); free(p->name); + free(p); p = np; } return NULL; @@ -640,8 +640,8 @@ static struct val_neg_data* neg_data_chain( struct val_neg_data* p = first, *np; while(p) { np = p->parent; - free(p); free(p->name); + free(p); p = np; } return NULL; @@ -917,7 +917,7 @@ static int neg_closest_data(struct val_neg_zone* zone, } int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, - uint16_t qclass, struct rrset_cache* rrset_cache, uint32_t now) + uint16_t qclass, struct rrset_cache* rrset_cache, time_t now) { /* lookup closest zone */ struct val_neg_zone* zone; @@ -1138,7 +1138,7 @@ static struct ub_packed_rrset_key* grab_nsec(struct rrset_cache* rrset_cache, uint8_t* qname, size_t qname_len, uint16_t qtype, uint16_t qclass, uint32_t flags, struct regional* region, int checkbit, uint16_t checktype, - uint32_t now) + time_t now) { struct ub_packed_rrset_key* r, *k = rrset_cache_lookup(rrset_cache, qname, qname_len, qtype, qclass, flags, now, 0); @@ -1225,7 +1225,7 @@ neg_params_ok(struct val_neg_zone* zone, struct ub_packed_rrset_key* rrset) static struct ub_packed_rrset_key* neg_nsec3_getnc(struct val_neg_zone* zone, uint8_t* hashnc, size_t nclen, struct rrset_cache* rrset_cache, struct regional* region, - uint32_t now, uint8_t* b32, size_t maxb32) + time_t now, uint8_t* b32, size_t maxb32) { struct ub_packed_rrset_key* nc_rrset; struct val_neg_data* data; @@ -1258,7 +1258,7 @@ neg_nsec3_getnc(struct val_neg_zone* zone, uint8_t* hashnc, size_t nclen, static struct dns_msg* neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len, int qlabs, ldns_buffer* buf, struct rrset_cache* rrset_cache, - struct regional* region, uint32_t now, uint8_t* topname) + struct regional* region, time_t now, uint8_t* topname) { struct dns_msg* msg; struct val_neg_data* data; @@ -1356,7 +1356,7 @@ neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len, * @param zone: val_neg_zone if we have one. * @return false on lookup or alloc failure. */ -static int add_soa(struct rrset_cache* rrset_cache, uint32_t now, +static int add_soa(struct rrset_cache* rrset_cache, time_t now, struct regional* region, struct dns_msg* msg, struct val_neg_zone* zone) { struct ub_packed_rrset_key* soa; @@ -1388,7 +1388,7 @@ static int add_soa(struct rrset_cache* rrset_cache, uint32_t now, struct dns_msg* val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, struct regional* region, struct rrset_cache* rrset_cache, - ldns_buffer* buf, uint32_t now, int addsoa, uint8_t* topname) + ldns_buffer* buf, time_t now, int addsoa, uint8_t* topname) { struct dns_msg* msg; struct ub_packed_rrset_key* rrset; diff --git a/usr.sbin/unbound/validator/val_neg.h b/usr.sbin/unbound/validator/val_neg.h index 01b423e1afb..ec4f42f6ab7 100644 --- a/usr.sbin/unbound/validator/val_neg.h +++ b/usr.sbin/unbound/validator/val_neg.h @@ -229,7 +229,7 @@ void val_neg_addreferral(struct val_neg_cache* neg, struct reply_info* rep, * thus, qname DLV qclass does not exist. */ int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, - uint16_t qclass, struct rrset_cache* rrset_cache, uint32_t now); + uint16_t qclass, struct rrset_cache* rrset_cache, time_t now); /** * For the given query, try to get a reply out of the negative cache. @@ -255,7 +255,7 @@ int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, */ struct dns_msg* val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, struct regional* region, - struct rrset_cache* rrset_cache, ldns_buffer* buf, uint32_t now, + struct rrset_cache* rrset_cache, ldns_buffer* buf, time_t now, int addsoa, uint8_t* topname); diff --git a/usr.sbin/unbound/validator/val_nsec.c b/usr.sbin/unbound/validator/val_nsec.c index 8bda8dabc93..e377ca4b940 100644 --- a/usr.sbin/unbound/validator/val_nsec.c +++ b/usr.sbin/unbound/validator/val_nsec.c @@ -197,7 +197,7 @@ nsec_verify_rrset(struct module_env* env, struct val_env* ve, enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, struct query_info* qinfo, struct reply_info* rep, - struct key_entry_key* kkey, uint32_t* proof_ttl, char** reason) + struct key_entry_key* kkey, time_t* proof_ttl, char** reason) { struct ub_packed_rrset_key* nsec = reply_find_rrset_section_ns( rep, qinfo->qname, qinfo->qname_len, LDNS_RR_TYPE_NSEC, diff --git a/usr.sbin/unbound/validator/val_nsec.h b/usr.sbin/unbound/validator/val_nsec.h index 34f7f63b40e..2e86fa978f7 100644 --- a/usr.sbin/unbound/validator/val_nsec.h +++ b/usr.sbin/unbound/validator/val_nsec.h @@ -73,7 +73,7 @@ struct key_entry_key; enum sec_status val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve, struct query_info* qinfo, struct reply_info* rep, struct key_entry_key* kkey, - uint32_t* proof_ttl, char** reason); + time_t* proof_ttl, char** reason); /** * nsec typemap check, takes an NSEC-type bitmap as argument, checks for type. diff --git a/usr.sbin/unbound/validator/val_nsec3.c b/usr.sbin/unbound/validator/val_nsec3.c index 2a2cfcf9b2d..20580c0d755 100644 --- a/usr.sbin/unbound/validator/val_nsec3.c +++ b/usr.sbin/unbound/validator/val_nsec3.c @@ -46,7 +46,8 @@ #include "openssl/ssl.h" #endif #ifdef HAVE_NSS -#include <nss3/sechash.h> +/* nss3 */ +#include "sechash.h" #endif #include "validator/val_nsec3.h" #include "validator/validator.h" @@ -712,6 +713,8 @@ nsec3_hash_name(rbtree_t* table, struct regional* region, ldns_buffer* buf, return r; #ifdef UNBOUND_DEBUG n = +#else + (void) #endif rbtree_insert(table, &c->node); log_assert(n); /* cannot be duplicate, just did lookup */ diff --git a/usr.sbin/unbound/validator/val_secalgo.c b/usr.sbin/unbound/validator/val_secalgo.c index f3f861ee2a4..92fd0cc4c8c 100644 --- a/usr.sbin/unbound/validator/val_secalgo.c +++ b/usr.sbin/unbound/validator/val_secalgo.c @@ -152,13 +152,8 @@ dnskey_algo_id_is_supported(int id) { switch(id) { case LDNS_RSAMD5: -#ifdef HAVE_FIPS_MODE - /* openssl can return if the system is in FIPS mode, - * which does not allow MD5 hashes for network traffic */ - return !FIPS_mode(); -#else - return 1; -#endif + /* RFC 6725 deprecates RSAMD5 */ + return 0; case LDNS_DSA: case LDNS_DSA_NSEC3: case LDNS_RSASHA1: @@ -558,12 +553,14 @@ verify_canonrrset(ldns_buffer* buf, int algo, unsigned char* sigblock, /**************************************************/ #elif defined(HAVE_NSS) /* libnss implementation */ -#include <nss3/sechash.h> -#include <nss3/pk11pub.h> -#include <nss3/keyhi.h> -#include <nss3/secerr.h> -#include <nss3/cryptohi.h> -#include <nspr4/prerror.h> +/* nss3 */ +#include "sechash.h" +#include "pk11pub.h" +#include "keyhi.h" +#include "secerr.h" +#include "cryptohi.h" +/* nspr4 */ +#include "prerror.h" size_t ds_digest_size_supported(int algo) @@ -621,8 +618,8 @@ dnskey_algo_id_is_supported(int id) /* uses libNSS */ switch(id) { case LDNS_RSAMD5: - /* disable MD5 support if FIPS mode is enabled in libnss */ - return !PK11_IsFIPS(); + /* RFC 6725 deprecates RSAMD5 */ + return 0; case LDNS_DSA: case LDNS_DSA_NSEC3: case LDNS_RSASHA1: @@ -672,12 +669,12 @@ static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo) SECKEYPublicKey* pk; SECItem pub = {siBuffer, NULL, 0}; SECItem params = {siBuffer, NULL, 0}; - unsigned char param256[] = { + static unsigned char param256[] = { /* OBJECTIDENTIFIER 1.2.840.10045.3.1.7 (P-256) * {iso(1) member-body(2) us(840) ansi-x962(10045) curves(3) prime(1) prime256v1(7)} */ 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 }; - unsigned char param384[] = { + static unsigned char param384[] = { /* OBJECTIDENTIFIER 1.3.132.0.34 (P-384) * {iso(1) identified-organization(3) certicom(132) curve(0) ansip384r1(34)} */ 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22 @@ -848,19 +845,19 @@ nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype, /* uses libNSS */ /* hash prefix for md5, RFC2537 */ - unsigned char p_md5[] = {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, + static unsigned char p_md5[] = {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10}; /* hash prefix to prepend to hash output, from RFC3110 */ - unsigned char p_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, + static unsigned char p_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14}; /* from RFC5702 */ - unsigned char p_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, + static unsigned char p_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}; - unsigned char p_sha512[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, + static unsigned char p_sha512[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40}; /* from RFC6234 */ /* for future RSASHA384 .. - unsigned char p_sha384[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, + static unsigned char p_sha384[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30}; */ diff --git a/usr.sbin/unbound/validator/val_sigcrypt.c b/usr.sbin/unbound/validator/val_sigcrypt.c index 79d5e45a237..37e1ce14e21 100644 --- a/usr.sbin/unbound/validator/val_sigcrypt.c +++ b/usr.sbin/unbound/validator/val_sigcrypt.c @@ -579,7 +579,7 @@ dnskey_verify_rrset(struct module_env* env, struct val_env* ve, enum sec_status dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve, - uint32_t now, struct ub_packed_rrset_key* rrset, + time_t now, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, size_t sig_idx, struct rbtree_t** sortree, char** reason) { @@ -808,7 +808,12 @@ canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j) case LDNS_RR_TYPE_MR: case LDNS_RR_TYPE_PTR: case LDNS_RR_TYPE_DNAME: - return query_dname_compare(d->rr_data[i]+2, + /* the wireread function has already checked these + * dname's for correctness, and this double checks */ + if(!dname_valid(d->rr_data[i]+2, d->rr_len[i]-2) || + !dname_valid(d->rr_data[j]+2, d->rr_len[j]-2)) + return 0; + return query_dname_compare(d->rr_data[i]+2, d->rr_data[j]+2); /* These RR types have STR and fixed size rdata fields @@ -1215,12 +1220,12 @@ adjust_ttl(struct val_env* ve, uint32_t unow, * * Use the smallest of these. */ - if(d->ttl > (uint32_t)origttl) { + if(d->ttl > (time_t)origttl) { verbose(VERB_QUERY, "rrset TTL larger than original TTL," " adjusting TTL downwards"); d->ttl = origttl; } - if(expittl > 0 && d->ttl > (uint32_t)expittl) { + if(expittl > 0 && d->ttl > (time_t)expittl) { verbose(VERB_ALGO, "rrset TTL larger than sig expiration ttl," " adjusting TTL downwards"); d->ttl = expittl; @@ -1229,7 +1234,7 @@ adjust_ttl(struct val_env* ve, uint32_t unow, enum sec_status dnskey_verify_rrset_sig(struct regional* region, ldns_buffer* buf, - struct val_env* ve, uint32_t now, + struct val_env* ve, time_t now, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, size_t dnskey_idx, size_t sig_idx, struct rbtree_t** sortree, int* buf_canon, char** reason) diff --git a/usr.sbin/unbound/validator/val_sigcrypt.h b/usr.sbin/unbound/validator/val_sigcrypt.h index c220b0083ac..9859d3c3908 100644 --- a/usr.sbin/unbound/validator/val_sigcrypt.h +++ b/usr.sbin/unbound/validator/val_sigcrypt.h @@ -274,7 +274,7 @@ enum sec_status dnskey_verify_rrset(struct module_env* env, * or unchecked on error. */ enum sec_status dnskeyset_verify_rrset_sig(struct module_env* env, - struct val_env* ve, uint32_t now, struct ub_packed_rrset_key* rrset, + struct val_env* ve, time_t now, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, size_t sig_idx, struct rbtree_t** sortree, char** reason); @@ -298,7 +298,7 @@ enum sec_status dnskeyset_verify_rrset_sig(struct module_env* env, * bogus if it did not validate. */ enum sec_status dnskey_verify_rrset_sig(struct regional* region, - ldns_buffer* buf, struct val_env* ve, uint32_t now, + ldns_buffer* buf, struct val_env* ve, time_t now, struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, size_t dnskey_idx, size_t sig_idx, struct rbtree_t** sortree, int* buf_canon, char** reason); diff --git a/usr.sbin/unbound/validator/val_utils.c b/usr.sbin/unbound/validator/val_utils.c index d4a64464d80..73e7dbd9020 100644 --- a/usr.sbin/unbound/validator/val_utils.c +++ b/usr.sbin/unbound/validator/val_utils.c @@ -486,7 +486,7 @@ val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve, /* Once we see a single DS with a known digestID and * algorithm, we cannot return INSECURE (with a * "null" KeyEntry). */ - has_useful_ds = true; + has_useful_ds = 1; sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset, ds_rrset, i, reason); @@ -596,7 +596,7 @@ val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, /* Once we see a single DS with a known digestID and * algorithm, we cannot return INSECURE (with a * "null" KeyEntry). */ - has_useful_ta = true; + has_useful_ta = 1; sec = verify_dnskeys_with_ds_rr(env, ve, dnskey_rrset, ta_ds, i, reason); @@ -622,7 +622,7 @@ val_verify_DNSKEY_with_TA(struct module_env* env, struct val_env* ve, continue; /* we saw a useful TA */ - has_useful_ta = true; + has_useful_ta = 1; sec = dnskey_verify_rrset(env, ve, dnskey_rrset, ta_dnskey, i, reason); @@ -773,6 +773,8 @@ rrset_has_signer(struct ub_packed_rrset_key* rrset, uint8_t* name, size_t len) for(i = d->count; i< d->count+d->rrsig_count; i++) { if(d->rr_len[i] > 2+18+len) { /* at least rdatalen + signature + signame (+1 sig)*/ + if(!dname_valid(d->rr_data[i]+2+18, d->rr_len[i]-2-18)) + continue; if(query_dname_compare(name, d->rr_data[i]+2+18) == 0) { return 1; diff --git a/usr.sbin/unbound/validator/validator.c b/usr.sbin/unbound/validator/validator.c index d8f9bbcc4b3..ad472cc6a95 100644 --- a/usr.sbin/unbound/validator/validator.c +++ b/usr.sbin/unbound/validator/validator.c @@ -1023,6 +1023,13 @@ validate_cname_response(struct module_env* env, struct val_env* ve, chase_reply->security = sec_status_bogus; return; } + + /* If we have found a CNAME, stop looking for one. + * The iterator has placed the CNAME chain in correct + * order. */ + if (ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME) { + break; + } } /* AUTHORITY section */ @@ -2391,7 +2398,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, subtype == VAL_CLASS_NAMEERROR) { /* NODATA means that the qname exists, but that there was * no DS. This is a pretty normal case. */ - uint32_t proof_ttl = 0; + time_t proof_ttl = 0; enum sec_status sec; /* make sure there are NSECs or NSEC3s with signatures */ |