diff options
| author |   sthen <sthen@openbsd.org> | 2015-02-17 10:01:36 +0000 |
|---|---|---|
| committer | sthen <sthen@openbsd.org> | 2015-02-17 10:01:36 +0000 |
| commit | b2cdf21f96a89dbf38494dd42c7c1eaa89143ca9 (patch) | |
| tree | 61255fb0b04e0d55245ae45a828e16e7d8c3ddc8 | |
| parent | Put the _unbound user in "unbound" login class; unbound uses setusercontext (diff) | |
| download | wireguard-openbsd-b2cdf21f96a89dbf38494dd42c7c1eaa89143ca9.tar.xz wireguard-openbsd-b2cdf21f96a89dbf38494dd42c7c1eaa89143ca9.zip | |
Update to unbound 1.5.2rc1, ok brad@
| -rw-r--r-- | usr.sbin/unbound/config.h.in | 15 | ||||
| -rw-r--r-- | usr.sbin/unbound/doc/README | 2 | ||||
| -rw-r--r-- | usr.sbin/unbound/doc/example.conf.in | 12 | ||||
| -rw-r--r-- | usr.sbin/unbound/doc/libunbound.3.in | 4 | ||||
| -rw-r--r-- | usr.sbin/unbound/doc/unbound-anchor.8.in | 2 | ||||
| -rw-r--r-- | usr.sbin/unbound/doc/unbound-checkconf.8.in | 6 | ||||
| -rw-r--r-- | usr.sbin/unbound/doc/unbound-control.8.in | 2 | ||||
| -rwxr-xr-x | usr.sbin/unbound/makedist.sh | 445 | ||||
| -rw-r--r-- | usr.sbin/unbound/services/localzone.c | 29 | ||||
| -rw-r--r-- | usr.sbin/unbound/services/localzone.h | 9 | ||||
| -rw-r--r-- | usr.sbin/unbound/smallapp/unbound-checkconf.c | 22 | ||||
| -rw-r--r-- | usr.sbin/unbound/smallapp/unbound-control.c | 85 | ||||
| -rw-r--r-- | usr.sbin/unbound/util/config_file.h | 12 | ||||
| -rw-r--r-- | usr.sbin/unbound/util/configlexer.lex | 2 | ||||
| -rw-r--r-- | usr.sbin/unbound/util/configparser.y | 31 | ||||
| -rw-r--r-- | usr.sbin/unbound/util/iana_ports.inc | 5 | ||||
| -rw-r--r-- | usr.sbin/unbound/util/rtt.c | 2 | ||||
| -rw-r--r-- | usr.sbin/unbound/util/rtt.h | 2 | ||||
| -rw-r--r-- | usr.sbin/unbound/validator/val_secalgo.c | 3 |
19 files changed, 638 insertions, 52 deletions
diff --git a/usr.sbin/unbound/config.h.in b/usr.sbin/unbound/config.h.in index 2b7770b5c23..c36d4b98b0f 100644 --- a/usr.sbin/unbound/config.h.in +++ b/usr.sbin/unbound/config.h.in @@ -42,7 +42,7 @@ /* Whether the C compiler accepts the "unused" attribute */ #undef HAVE_ATTR_UNUSED -/* Define to 1 if your system has a working `chown' function. */ +/* Define to 1 if you have the `chown' function. */ #undef HAVE_CHOWN /* Define to 1 if you have the `chroot' function. */ @@ -146,6 +146,9 @@ /* Whether getaddrinfo is available */ #undef HAVE_GETADDRINFO +/* Define to 1 if you have the `getauxval' function. */ +#undef HAVE_GETAUXVAL + /* Define to 1 if you have the `getentropy' function. */ #undef HAVE_GETENTROPY @@ -350,6 +353,9 @@ /* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */ #undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST +/* Define to 1 if `sun_len' is a member of `struct sockaddr_un'. */ +#undef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN + /* Define if you have Swig libraries and header files. */ #undef HAVE_SWIG @@ -380,6 +386,9 @@ /* Define to 1 if you have the <sys/uio.h> header file. */ #undef HAVE_SYS_UIO_H +/* Define to 1 if you have the <sys/un.h> header file. */ +#undef HAVE_SYS_UN_H + /* Define to 1 if you have the <sys/wait.h> header file. */ #undef HAVE_SYS_WAIT_H @@ -793,6 +802,10 @@ #define ARG_LL "%I64" #endif +#ifndef AF_LOCAL +#define AF_LOCAL AF_UNIX +#endif + #ifdef HAVE_ATTR_FORMAT diff --git a/usr.sbin/unbound/doc/README b/usr.sbin/unbound/doc/README index df92fccb5d3..1ae9f4f456e 100644 --- a/usr.sbin/unbound/doc/README +++ b/usr.sbin/unbound/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.5.1 +README for Unbound @version@ Copyright 2007 NLnet Labs http://unbound.net diff --git a/usr.sbin/unbound/doc/example.conf.in b/usr.sbin/unbound/doc/example.conf.in index b95b3a6339c..371a66954d6 100644 --- a/usr.sbin/unbound/doc/example.conf.in +++ b/usr.sbin/unbound/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.5.1. +# See unbound.conf(5) man page, version @version@. # # this is a comment. @@ -138,6 +138,9 @@ server: # the time to live (TTL) value for cached roundtrip times, lameness and # EDNS version information for hosts. In seconds. # infra-host-ttl: 900 + + # minimum wait time for responses, increase if uplink is long. In msec. + # infra-cache-min-rtt: 50 # the number of slabs to use for the Infrastructure cache. # the number of slabs must be a power of 2. @@ -437,7 +440,7 @@ server: # the amount of memory to use for the negative cache (used for DLV). # plain value in bytes or you can append k, m or G. default is "1Mb". # neg-cache-size: 1m - + # By default, for a number of zones a small default 'nothing here' # reply is built-in. Query traffic is thus blocked. If you # wish to serve such zone you can unblock them by uncommenting one @@ -497,6 +500,7 @@ server: # o redirect serves the zone data for any subdomain in the zone. # o nodefault can be used to normally resolve AS112 zones. # o typetransparent resolves normally for other types and other names + # o inform resolves normally, but logs client IP address # # defaults are localhost address, reverse for 127.0.0.1 and ::1 # and nxdomain for AS112 zones. If you configure one of these zones @@ -552,6 +556,10 @@ remote-control: # set up the keys and certificates with unbound-control-setup. # control-enable: no + # Set to no and use an absolute path as control-interface to use + # a unix local named pipe for unbound-control. + # control-use-cert: yes + # what interfaces are listened to for remote control. # give 0.0.0.0 and ::0 to listen to all interfaces. # control-interface: 127.0.0.1 diff --git a/usr.sbin/unbound/doc/libunbound.3.in b/usr.sbin/unbound/doc/libunbound.3.in index 55a9cb286e6..7f693e95076 100644 --- a/usr.sbin/unbound/doc/libunbound.3.in +++ b/usr.sbin/unbound/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1" +.TH "libunbound" "3" "@date@" "NLnet Labs" "unbound @version@" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -42,7 +42,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.5.1 functions. +\- Unbound DNS validating resolver @version@ functions. .SH "SYNOPSIS" .B #include <unbound.h> .LP diff --git a/usr.sbin/unbound/doc/unbound-anchor.8.in b/usr.sbin/unbound/doc/unbound-anchor.8.in index 80a3438dcaa..3d743a734c3 100644 --- a/usr.sbin/unbound/doc/unbound-anchor.8.in +++ b/usr.sbin/unbound/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1" +.TH "unbound-anchor" "8" "@date@" "NLnet Labs" "unbound @version@" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/usr.sbin/unbound/doc/unbound-checkconf.8.in b/usr.sbin/unbound/doc/unbound-checkconf.8.in index 5ab53480b6f..6f35812b34b 100644 --- a/usr.sbin/unbound/doc/unbound-checkconf.8.in +++ b/usr.sbin/unbound/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1" +.TH "unbound-checkconf" "8" "@date@" "NLnet Labs" "unbound @version@" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" @@ -13,6 +13,7 @@ unbound\-checkconf .SH "SYNOPSIS" .B unbound\-checkconf .RB [ \-h ] +.RB [ \-f ] .RB [ \-o .IR option ] .RI [ cfgfile ] @@ -29,6 +30,9 @@ The available options are: .B \-h Show the version and commandline option help. .TP +.B \-f +Print full pathname, with chroot applied to it. Use with the -o option. +.TP .B \-o\fI option If given, after checking the config file the value of this option is printed to stdout. For "" (disabled) options an empty line is printed. diff --git a/usr.sbin/unbound/doc/unbound-control.8.in b/usr.sbin/unbound/doc/unbound-control.8.in index 92d2d1a9343..b050ac7b46f 100644 --- a/usr.sbin/unbound/doc/unbound-control.8.in +++ b/usr.sbin/unbound/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1" +.TH "unbound-control" "8" "@date@" "NLnet Labs" "unbound @version@" .\" .\" unbound-control.8 -- unbound remote control manual .\" diff --git a/usr.sbin/unbound/makedist.sh b/usr.sbin/unbound/makedist.sh new file mode 100755 index 00000000000..6ece326056e --- /dev/null +++ b/usr.sbin/unbound/makedist.sh @@ -0,0 +1,445 @@ +#!/bin/sh + +# Build unbound distribution tar from the SVN repository. +# +# Copyright (c) 2007, NLnet Labs. All rights reserved. +# +# This software is open source. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# Neither the name of the NLNET LABS nor the names of its contributors may +# be used to endorse or promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Abort script on unexpected errors. +set -e + +# Remember the current working directory. +cwd=`pwd` + +# Utility functions. +usage () { + cat >&2 <<EOF +Usage $0: [-h] [-s] [-d SVN_root] [-w ...args...] +Generate a distribution tar file for unbound. + + -h This usage information. + -s Build a snapshot distribution file. The current date is + automatically appended to the current unbound version number. + -rc <nr> Build a release candidate, the given string will be added + to the version number + (which will then be unbound-<version>rc<number>) + -d SVN_root Retrieve the unbound source from the specified repository. + Detected from svn working copy if not specified. + -wssl openssl.xx.tar.gz Also build openssl from tarball for windows dist. + -wxp expat.xx.tar.gz Also build expat from tarball for windows dist. + -w ... Build windows binary dist. last args passed to configure. +EOF + exit 1 +} + +info () { + echo "$0: info: $1" +} + +error () { + echo "$0: error: $1" >&2 + exit 1 +} + +question () { + printf "%s (y/n) " "$*" + read answer + case "$answer" in + [Yy]|[Yy][Ee][Ss]) + return 0 + ;; + *) + return 1 + ;; + esac +} + +# Only use cleanup and error_cleanup after generating the temporary +# working directory. +cleanup () { + info "Deleting temporary working directory." + cd $cwd && rm -rf $temp_dir +} + +error_cleanup () { + echo "$0: error: $1" >&2 + cleanup + exit 1 +} + +replace_text () { + (cp "$1" "$1".orig && \ + sed -e "s/$2/$3/g" < "$1".orig > "$1" && \ + rm "$1".orig) || error_cleanup "Replacement for $1 failed." +} + +replace_all () { + info "Updating '$1' with the version number." + replace_text "$1" "@version@" "$version" + info "Updating '$1' with today's date." + replace_text "$1" "@date@" "`date +'%b %e, %Y'`" +} + +replace_version () { + local v1=`echo $2 | sed -e 's/^.*\..*\.//'` + local v2=`echo $3 | sed -e 's/^.*\..*\.//'` + replace_text "$1" "VERSION_MICRO\],\[$v1" "VERSION_MICRO\],\[$v2" +} + +check_svn_root () { + # Check if SVNROOT is specified. + if [ -z "$SVNROOT" ]; then + if svn info 2>&1 | grep "not a working copy" >/dev/null; then + if test -z "$SVNROOT"; then + error "SVNROOT must be specified (using -d)" + fi + else + eval `svn info | grep 'URL:' | sed -e 's/URL: /url=/' | head -1` + SVNROOT="$url" + fi + fi +} + +create_temp_dir () { + # Creating temp directory + info "Creating temporary working directory" + temp_dir=`mktemp -d unbound-dist-XXXXXX` + info "Directory '$temp_dir' created." + cd $temp_dir +} + + +SNAPSHOT="no" +RC="no" +DOWIN="no" +WINSSL="" +WINEXPAT="" + +# Parse the command line arguments. +while [ "$1" ]; do + case "$1" in + "-h") + usage + ;; + "-d") + SVNROOT="$2" + shift + ;; + "-s") + SNAPSHOT="yes" + ;; + "-wssl") + WINSSL="$2" + shift + ;; + "-wxp") + WINEXPAT="$2" + shift + ;; + "-w") + DOWIN="yes" + shift + break + ;; + "-rc") + RC="$2" + shift + ;; + *) + error "Unrecognized argument -- $1" + ;; + esac + shift +done + +if [ "$DOWIN" = "yes" ]; then + # detect crosscompile, from Fedora13 at this point. + if test "`uname`" = "Linux"; then + info "Crosscompile windows dist" + cross="yes" + configure="mingw32-configure" + strip="i686-w64-mingw32-strip" + makensis="makensis" # from mingw32-nsis package + # flags for crosscompiled dependency libraries + cross_flag="" + + check_svn_root + create_temp_dir + + # crosscompile openssl for windows. + if test -n "$WINSSL"; then + info "Cross compile $WINSSL" + info "winssl tar unpack" + (cd ..; gzip -cd $WINSSL) | tar xf - || error_cleanup "tar unpack of $WINSSL failed" + sslinstall="`pwd`/sslinstall" + cd openssl-* || error_cleanup "no openssl-X dir in tarball" + # configure for crosscompile, without CAPI because it fails + # cross-compilation and it is not used anyway + # before 1.0.1i need --cross-compile-prefix=i686-w64-mingw32- + sslflags="no-asm -DOPENSSL_NO_CAPIENG mingw" + info "winssl: Configure $sslflags" + CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar RANLIB=i686-w64-mingw32-ranlib ./Configure --prefix="$sslinstall" $sslflags || error_cleanup "OpenSSL Configure failed" + info "winssl: make" + make || error_cleanup "OpenSSL crosscompile failed" + # only install sw not docs, which take a long time. + info "winssl: make install_sw" + make install_sw || error_cleanup "OpenSSL install failed" + cross_flag="$cross_flag --with-ssl=$sslinstall" + cd .. + fi + + if test -n "$WINEXPAT"; then + info "Cross compile $WINEXPAT" + info "wxp: tar unpack" + (cd ..; gzip -cd $WINEXPAT) | tar xf - || error_cleanup "tar unpack of $WINEXPAT failed" + wxpinstall="`pwd`/wxpinstall" + cd expat-* || error_cleanup "no expat-X dir in tarball" + info "wxp: configure" + mingw32-configure --prefix="$wxpinstall" --exec-prefix="$wxpinstall" --bindir="$wxpinstall/bin" --includedir="$wxpinstall/include" --mandir="$wxpinstall/man" --libdir="$wxpinstall/lib" || error_cleanup "libexpat configure failed" + #info "wxp: make" + #make || error_cleanup "libexpat crosscompile failed" + info "wxp: make installlib" + make installlib || error_cleanup "libexpat install failed" + cross_flag="$cross_flag --with-libexpat=$wxpinstall" + cd .. + fi + + info "Exporting source from SVN." + svn export "$SVNROOT" unbound || error_cleanup "SVN command failed" + cd unbound || error_cleanup "Unbound not exported correctly from SVN" + + # on a re-configure the cache may no longer be valid... + if test -f mingw32-config.cache; then rm mingw32-config.cache; fi + else + cross="no" # mingw and msys + cross_flag="" + configure="./configure" + strip="strip" + makensis="c:/Program Files/NSIS/makensis.exe" # http://nsis.sf.net + fi + + # version gets compiled into source, edit the configure to set it + version=`./configure --version | head -1 | awk '{ print $3 }'` \ + || error_cleanup "Cannot determine version number." + if [ "$RC" != "no" -o "$SNAPSHOT" != "no" ]; then + if [ "$RC" != "no" ]; then + version2=`echo $version | sed -e 's/rc.*$//' -e 's/_20.*$//'` + version2=`echo $version2 | sed -e 's/rc.*//'`"rc$RC" + fi + if [ "$SNAPSHOT" != "no" ]; then + version2=`echo $version | sed -e 's/rc.*$//' -e 's/_20.*$//'` + version2="${version2}_`date +%Y%m%d`" + fi + replace_version "configure.ac" "$version" "$version2" + version="$version2" + info "Rebuilding configure script (autoconf) snapshot." + autoconf || error_cleanup "Autoconf failed." + autoheader || error_cleanup "Autoheader failed." + rm -r autom4te* || echo "ignored" + fi + + # procedure for making unbound installer on mingw. + info "Creating windows dist unbound $version" + info "Calling configure" + echo "$configure"' --enable-debug --enable-static-exe '"$* $cross_flag" + $configure --enable-debug --enable-static-exe $* $cross_flag \ + || error_cleanup "Could not configure" + info "Calling make" + make || error_cleanup "Could not make" + info "Make complete" + + info "Unbound version: $version" + file="unbound-$version.zip" + rm -f $file + info "Creating $file" + mkdir tmp.$$ + $strip unbound.exe + $strip anchor-update.exe + $strip unbound-control.exe + $strip unbound-host.exe + $strip unbound-anchor.exe + $strip unbound-checkconf.exe + $strip unbound-service-install.exe + $strip unbound-service-remove.exe + cd tmp.$$ + cp ../doc/example.conf example.conf + cp ../unbound.exe ../unbound-anchor.exe ../unbound-host.exe ../unbound-control.exe ../unbound-checkconf.exe ../unbound-service-install.exe ../unbound-service-remove.exe ../LICENSE ../winrc/unbound-control-setup.cmd ../winrc/unbound-website.url ../winrc/service.conf ../winrc/README.txt . + # zipfile + zip ../$file LICENSE README.txt unbound.exe unbound-anchor.exe unbound-host.exe unbound-control.exe unbound-checkconf.exe unbound-service-install.exe unbound-service-remove.exe unbound-control-setup.cmd example.conf service.conf unbound-website.url + info "Testing $file" + (cd .. ; zip -T $file ) + # installer + info "Creating installer" + quadversion=`cat ../config.h | grep RSRC_PACKAGE_VERSION | sed -e 's/#define RSRC_PACKAGE_VERSION //' -e 's/,/\\./g'` + cat ../winrc/setup.nsi | sed -e 's/define VERSION.*$/define VERSION "'$version'"/' -e 's/define QUADVERSION.*$/define QUADVERSION "'$quadversion'"/' > ../winrc/setup_ed.nsi + "$makensis" ../winrc/setup_ed.nsi + info "Created installer" + cd .. + rm -rf tmp.$$ + mv winrc/unbound_setup_$version.exe . + if test "$cross" = "yes"; then + mv unbound_setup_$version.exe $cwd/. + mv unbound-$version.zip $cwd/. + cleanup + fi + ls -lG unbound_setup_$version.exe + ls -lG unbound-$version.zip + info "Done" + exit 0 +fi + +check_svn_root + +# Start the packaging process. +info "SVNROOT is $SVNROOT" +info "SNAPSHOT is $SNAPSHOT" + +#question "Do you wish to continue with these settings?" || error "User abort." + +create_temp_dir + +info "Exporting source from SVN." +svn export "$SVNROOT" unbound || error_cleanup "SVN command failed" + +cd unbound || error_cleanup "Unbound not exported correctly from SVN" + +info "Adding libtool utils (libtoolize)." +libtoolize -c --install || libtoolize -c || error_cleanup "Libtoolize failed." + +info "Building configure script (autoreconf)." +autoreconf || error_cleanup "Autoconf failed." + +rm -r autom4te* || error_cleanup "Failed to remove autoconf cache directory." + +info "Building lexer and parser." +echo "#include \"config.h\"" > util/configlexer.c || error_cleanup "Failed to create configlexer" +echo "#include \"util/configyyrename.h\"" >> util/configlexer.c || error_cleanup "Failed to create configlexer" +flex -i -t util/configlexer.lex >> util/configlexer.c || error_cleanup "Failed to create configlexer" +if test -x `which bison` 2>&1; then YACC=bison; else YACC=yacc; fi +$YACC -y -d -o util/configparser.c util/configparser.y || error_cleanup "Failed to create configparser" + +find . -name .c-mode-rc.el -exec rm {} \; +find . -name .cvsignore -exec rm {} \; +rm makedist.sh || error_cleanup "Failed to remove makedist.sh." + +info "Determining Unbound version." +version=`./configure --version | head -1 | awk '{ print $3 }'` || \ + error_cleanup "Cannot determine version number." + +info "Unbound version: $version" + +RECONFIGURE="no" + +if [ "$RC" != "no" ]; then + info "Building Unbound release candidate $RC." + version2="${version}rc$RC" + info "Version number: $version2" + + replace_version "configure.ac" "$version" "$version2" + version="$version2" + RECONFIGURE="yes" +fi + +if [ "$SNAPSHOT" = "yes" ]; then + info "Building Unbound snapshot." + version2="${version}_`date +%Y%m%d`" + info "Snapshot version number: $version2" + + replace_version "configure.ac" "$version" "$version2" + version="$version2" + RECONFIGURE="yes" +fi + +if [ "$RECONFIGURE" = "yes" ]; then + info "Rebuilding configure script (autoconf) snapshot." + autoreconf || error_cleanup "Autoconf failed." + rm -r autom4te* || error_cleanup "Failed to remove autoconf cache directory." +fi + +replace_all doc/README +replace_all doc/unbound.8.in +replace_all doc/unbound.conf.5.in +replace_all doc/unbound-checkconf.8.in +replace_all doc/unbound-control.8.in +replace_all doc/unbound-anchor.8.in +replace_all doc/unbound-host.1.in +replace_all doc/example.conf.in +replace_all doc/libunbound.3.in + +info "Renaming Unbound directory to unbound-$version." +cd .. +mv unbound unbound-$version || error_cleanup "Failed to rename unbound directory." + +tarfile="../unbound-$version.tar.gz" + +if [ -f $tarfile ]; then + (question "The file $tarfile already exists. Overwrite?" \ + && rm -f $tarfile) || error_cleanup "User abort." +fi + +info "Creating tar unbound-$version.tar.gz" +tar czf ../unbound-$version.tar.gz unbound-$version || error_cleanup "Failed to create tar file." + +cleanup + +case $OSTYPE in + linux*) + sha=`sha1sum unbound-$version.tar.gz | awk '{ print $1 }'` + sha256=`sha256sum unbound-$version.tar.gz | awk '{ print $1 }'` + ;; + freebsd*) + sha=`sha1 unbound-$version.tar.gz | awk '{ print $5 }'` + sha256=`sha256 unbound-$version.tar.gz | awk '{ print $5 }'` + ;; + *) + # in case $OSTYPE is gone. + case `uname` in + Linux*) + sha=`sha1sum unbound-$version.tar.gz | awk '{ print $1 }'` + sha256=`sha256sum unbound-$version.tar.gz | awk '{ print $1 }'` + ;; + FreeBSD*) + sha=`sha1 unbound-$version.tar.gz | awk '{ print $5 }'` + sha256=`sha256 unbound-$version.tar.gz | awk '{ print $5 }'` + ;; + *) + sha=`sha1sum unbound-$version.tar.gz | awk '{ print $1 }'` + sha256=`sha256sum unbound-$version.tar.gz | awk '{ print $1 }'` + ;; + esac + ;; +esac +echo $sha > unbound-$version.tar.gz.sha1 +echo $sha256 > unbound-$version.tar.gz.sha256 + +info "Unbound distribution created successfully." +info "SHA1sum: $sha" + diff --git a/usr.sbin/unbound/services/localzone.c b/usr.sbin/unbound/services/localzone.c index d285a127cbb..57510bd2736 100644 --- a/usr.sbin/unbound/services/localzone.c +++ b/usr.sbin/unbound/services/localzone.c @@ -48,6 +48,7 @@ #include "util/data/packed_rrset.h" #include "util/data/msgencode.h" #include "util/net_help.h" +#include "util/netevent.h" #include "util/data/msgreply.h" #include "util/data/msgparse.h" @@ -1022,6 +1023,10 @@ void local_zones_print(struct local_zones* zones) log_nametypeclass(0, "static zone", z->name, 0, z->dclass); break; + case local_zone_inform: + log_nametypeclass(0, "inform zone", + z->name, 0, z->dclass); + break; default: log_nametypeclass(0, "badtyped zone", z->name, 0, z->dclass); @@ -1169,9 +1174,25 @@ lz_zone_answer(struct local_zone* z, struct query_info* qinfo, return 0; } +/** print log information for an inform zone query */ +static void +lz_inform_print(struct local_zone* z, struct query_info* qinfo, + struct comm_reply* repinfo) +{ + char ip[128], txt[512]; + char zname[LDNS_MAX_DOMAINLEN+1]; + uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port); + dname_str(z->name, zname); + addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); + snprintf(txt, sizeof(txt), "%s inform %s@%u", zname, ip, + (unsigned)port); + log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); +} + int local_zones_answer(struct local_zones* zones, struct query_info* qinfo, - struct edns_data* edns, sldns_buffer* buf, struct regional* temp) + struct edns_data* edns, sldns_buffer* buf, struct regional* temp, + struct comm_reply* repinfo) { /* see if query is covered by a zone, * if so: - try to match (exact) local data @@ -1190,6 +1211,9 @@ local_zones_answer(struct local_zones* zones, struct query_info* qinfo, lock_rw_rdlock(&z->lock); lock_rw_unlock(&zones->lock); + if(z->type == local_zone_inform && repinfo) + lz_inform_print(z, qinfo, repinfo); + if(local_data_answer(z, qinfo, edns, buf, temp, labs, &ld)) { lock_rw_unlock(&z->lock); return 1; @@ -1209,6 +1233,7 @@ const char* local_zone_type2str(enum localzone_type t) case local_zone_typetransparent: return "typetransparent"; case local_zone_static: return "static"; case local_zone_nodefault: return "nodefault"; + case local_zone_inform: return "inform"; } return "badtyped"; } @@ -1227,6 +1252,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t) *t = local_zone_typetransparent; else if(strcmp(type, "redirect") == 0) *t = local_zone_redirect; + else if(strcmp(type, "inform") == 0) + *t = local_zone_inform; else return 0; return 1; } diff --git a/usr.sbin/unbound/services/localzone.h b/usr.sbin/unbound/services/localzone.h index 788fbfb3ba2..29ba8663fd0 100644 --- a/usr.sbin/unbound/services/localzone.h +++ b/usr.sbin/unbound/services/localzone.h @@ -49,6 +49,7 @@ struct config_file; struct edns_data; struct query_info; struct sldns_buffer; +struct comm_reply; /** * Local zone type @@ -70,7 +71,9 @@ enum localzone_type { local_zone_redirect, /** remove default AS112 blocking contents for zone * nodefault is used in config not during service. */ - local_zone_nodefault + local_zone_nodefault, + /** log client address, but no block (transparent) */ + local_zone_inform }; /** @@ -220,12 +223,14 @@ void local_zones_print(struct local_zones* zones); * @param edns: edns info (parsed). * @param buf: buffer with query ID and flags, also for reply. * @param temp: temporary storage region. + * @param repinfo: source address for checks. may be NULL. * @return true if answer is in buffer. false if query is not answered * by authority data. If the reply should be dropped altogether, the return * value is true, but the buffer is cleared (empty). */ int local_zones_answer(struct local_zones* zones, struct query_info* qinfo, - struct edns_data* edns, struct sldns_buffer* buf, struct regional* temp); + struct edns_data* edns, struct sldns_buffer* buf, struct regional* temp, + struct comm_reply* repinfo); /** * Parse the string into localzone type. diff --git a/usr.sbin/unbound/smallapp/unbound-checkconf.c b/usr.sbin/unbound/smallapp/unbound-checkconf.c index e83867f2684..b5d7b9f4441 100644 --- a/usr.sbin/unbound/smallapp/unbound-checkconf.c +++ b/usr.sbin/unbound/smallapp/unbound-checkconf.c @@ -78,6 +78,7 @@ usage() printf(" Checks unbound configuration file for errors.\n"); printf("file if omitted %s is used.\n", CONFIGFILE); printf("-o option print value of option to stdout.\n"); + printf("-f output full pathname with chroot applied, eg. with -o pidfile.\n"); printf("-h show this usage help.\n"); printf("Version %s\n", PACKAGE_VERSION); printf("BSD licensed, see LICENSE in source package for details.\n"); @@ -90,10 +91,15 @@ usage() * @param cfg: config * @param opt: option name without trailing :. * This is different from config_set_option. + * @param final: if final pathname with chroot applied has to be printed. */ static void -print_option(struct config_file* cfg, const char* opt) +print_option(struct config_file* cfg, const char* opt, int final) { + if(strcmp(opt, "pidfile") == 0 && final) { + printf("%s\n", fname_after_chroot(cfg->pidfile, cfg, 1)); + return; + } if(!config_get_option(cfg, opt, config_print_func, stdout)) fatal_exit("cannot print option '%s'", opt); } @@ -416,7 +422,7 @@ morechecks(struct config_file* cfg, const char* fname) endpwent(); } #endif - if(cfg->remote_control_enable) { + if(cfg->remote_control_enable && cfg->remote_control_use_cert) { check_chroot_string("server-key-file", &cfg->server_key_file, cfg->chrootdir, cfg); check_chroot_string("server-cert-file", &cfg->server_cert_file, @@ -456,7 +462,7 @@ check_hints(struct config_file* cfg) /** check config file */ static void -checkconf(const char* cfgfile, const char* opt) +checkconf(const char* cfgfile, const char* opt, int final) { struct config_file* cfg = config_create(); if(!cfg) @@ -467,7 +473,7 @@ checkconf(const char* cfgfile, const char* opt) exit(1); } if(opt) { - print_option(cfg, opt); + print_option(cfg, opt, final); config_delete(cfg); return; } @@ -493,6 +499,7 @@ extern char* optarg; int main(int argc, char* argv[]) { int c; + int final = 0; const char* f; const char* opt = NULL; const char* cfgfile = CONFIGFILE; @@ -505,8 +512,11 @@ int main(int argc, char* argv[]) cfgfile = CONFIGFILE; #endif /* USE_WINSOCK */ /* parse the options */ - while( (c=getopt(argc, argv, "ho:")) != -1) { + while( (c=getopt(argc, argv, "fho:")) != -1) { switch(c) { + case 'f': + final = 1; + break; case 'o': opt = optarg; break; @@ -523,7 +533,7 @@ int main(int argc, char* argv[]) if(argc == 1) f = argv[0]; else f = cfgfile; - checkconf(f, opt); + checkconf(f, opt, final); checklock_stop(); return 0; } diff --git a/usr.sbin/unbound/smallapp/unbound-control.c b/usr.sbin/unbound/smallapp/unbound-control.c index ff86184a816..3b47d3bf885 100644 --- a/usr.sbin/unbound/smallapp/unbound-control.c +++ b/usr.sbin/unbound/smallapp/unbound-control.c @@ -59,6 +59,10 @@ #include "util/locks.h" #include "util/net_help.h" +#ifdef HAVE_SYS_UN_H +#include <sys/un.h> +#endif + /** Give unbound-control usage, and exit (1). */ static void usage() @@ -136,32 +140,40 @@ static void ssl_err(const char* s) static SSL_CTX* setup_ctx(struct config_file* cfg) { - char* s_cert, *c_key, *c_cert; + char* s_cert=NULL, *c_key=NULL, *c_cert=NULL; SSL_CTX* ctx; - s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1); - c_key = fname_after_chroot(cfg->control_key_file, cfg, 1); - c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1); - if(!s_cert || !c_key || !c_cert) - fatal_exit("out of memory"); + if(cfg->remote_control_use_cert) { + s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1); + c_key = fname_after_chroot(cfg->control_key_file, cfg, 1); + c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1); + if(!s_cert || !c_key || !c_cert) + fatal_exit("out of memory"); + } ctx = SSL_CTX_new(SSLv23_client_method()); if(!ctx) ssl_err("could not allocate SSL_CTX pointer"); if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) ssl_err("could not set SSL_OP_NO_SSLv2"); - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) - ssl_err("could not set SSL_OP_NO_SSLv3"); - if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) || - !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM) - || !SSL_CTX_check_private_key(ctx)) - ssl_err("Error setting up SSL_CTX client key and cert"); - if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1) - ssl_err("Error setting up SSL_CTX verify, server cert"); - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + if(cfg->remote_control_use_cert) { + if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) + ssl_err("could not set SSL_OP_NO_SSLv3"); + if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) || + !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM) + || !SSL_CTX_check_private_key(ctx)) + ssl_err("Error setting up SSL_CTX client key and cert"); + if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1) + ssl_err("Error setting up SSL_CTX verify, server cert"); + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); - free(s_cert); - free(c_key); - free(c_cert); + free(s_cert); + free(c_key); + free(c_cert); + } else { + /* Use ciphers that don't require authentication */ + if(!SSL_CTX_set_cipher_list(ctx, "aNULL")) + ssl_err("Error setting NULL cipher!"); + } return ctx; } @@ -171,6 +183,7 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd) { struct sockaddr_storage addr; socklen_t addrlen; + int addrfamily = 0; int fd; /* use svr or the first config entry */ if(!svr) { @@ -189,12 +202,25 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd) if(strchr(svr, '@')) { if(!extstrtoaddr(svr, &addr, &addrlen)) fatal_exit("could not parse IP@port: %s", svr); +#ifdef HAVE_SYS_UN_H + } else if(svr[0] == '/') { + struct sockaddr_un* usock = (struct sockaddr_un *) &addr; + usock->sun_family = AF_LOCAL; +#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN + usock->sun_len = (socklen_t)sizeof(usock); +#endif + (void)strlcpy(usock->sun_path, svr, sizeof(usock->sun_path)); + addrlen = (socklen_t)sizeof(struct sockaddr_un); + addrfamily = AF_LOCAL; +#endif } else { if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen)) fatal_exit("could not parse IP: %s", svr); } - fd = socket(addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET, - SOCK_STREAM, 0); + + if(addrfamily == 0) + addrfamily = addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET; + fd = socket(addrfamily, SOCK_STREAM, 0); if(fd == -1) { #ifndef USE_WINSOCK fatal_exit("socket: %s", strerror(errno)); @@ -223,7 +249,7 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd) /** setup SSL on the connection */ static SSL* -setup_ssl(SSL_CTX* ctx, int fd) +setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg) { SSL* ssl; X509* x; @@ -249,10 +275,13 @@ setup_ssl(SSL_CTX* ctx, int fd) /* check authenticity of server */ if(SSL_get_verify_result(ssl) != X509_V_OK) ssl_err("SSL verification failed"); - x = SSL_get_peer_certificate(ssl); - if(!x) - ssl_err("Server presented no peer certificate"); - X509_free(x); + if(cfg->remote_control_use_cert) { + x = SSL_get_peer_certificate(ssl); + if(!x) + ssl_err("Server presented no peer certificate"); + X509_free(x); + } + return ssl; } @@ -330,11 +359,11 @@ go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[]) if(!cfg->remote_control_enable) log_warn("control-enable is 'no' in the config file."); ctx = setup_ctx(cfg); - + /* contact server */ fd = contact_server(svr, cfg, argc>0&&strcmp(argv[0],"status")==0); - ssl = setup_ssl(ctx, fd); - + ssl = setup_ssl(ctx, fd, cfg); + /* send command */ ret = go_cmd(ssl, quiet, argc, argv); diff --git a/usr.sbin/unbound/util/config_file.h b/usr.sbin/unbound/util/config_file.h index 49ffbdde4a5..7ffc00a02d2 100644 --- a/usr.sbin/unbound/util/config_file.h +++ b/usr.sbin/unbound/util/config_file.h @@ -119,6 +119,8 @@ struct config_file { size_t infra_cache_slabs; /** max number of hosts in the infra cache */ size_t infra_cache_numhosts; + /** min value for infra cache rtt */ + int infra_cache_min_rtt; /** delay close of udp-timeouted ports, if 0 no delayclose. in msec */ int delay_close; @@ -192,6 +194,8 @@ struct config_file { char* chrootdir; /** username to change to, if not "". */ char* username; + uid_t uid; + gid_t gid; /** working directory */ char* directory; /** filename to log to. */ @@ -282,6 +286,8 @@ struct config_file { struct config_strlist* control_ifs; /** port number for the control port */ int control_port; + /** use certificates for remote control */ + int remote_control_use_cert; /** private key file for server */ char* server_key_file; /** certificate file for server */ @@ -423,6 +429,12 @@ void config_delete(struct config_file* config); void config_apply(struct config_file* config); /** + * Find username, sets uid and gid. + * @param config: the config structure. + */ +void config_lookup_uid(struct config_file* config); + +/** * Set the given keyword to the given value. * @param config: where to store config * @param option: option name, including the ':' character. diff --git a/usr.sbin/unbound/util/configlexer.lex b/usr.sbin/unbound/util/configlexer.lex index 7ee7b9bd9a9..dbde8113c49 100644 --- a/usr.sbin/unbound/util/configlexer.lex +++ b/usr.sbin/unbound/util/configlexer.lex @@ -245,6 +245,7 @@ infra-lame-ttl{COLON} { YDVAR(1, VAR_INFRA_LAME_TTL) } infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) } infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } +infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) } delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) } @@ -315,6 +316,7 @@ remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) } control-enable{COLON} { YDVAR(1, VAR_CONTROL_ENABLE) } control-interface{COLON} { YDVAR(1, VAR_CONTROL_INTERFACE) } control-port{COLON} { YDVAR(1, VAR_CONTROL_PORT) } +control-use-cert{COLON} { YDVAR(1, VAR_CONTROL_USE_CERT) } server-key-file{COLON} { YDVAR(1, VAR_SERVER_KEY_FILE) } server-cert-file{COLON} { YDVAR(1, VAR_SERVER_CERT_FILE) } control-key-file{COLON} { YDVAR(1, VAR_CONTROL_KEY_FILE) } diff --git a/usr.sbin/unbound/util/configparser.y b/usr.sbin/unbound/util/configparser.y index 7a92d9ee789..396ea3c64d6 100644 --- a/usr.sbin/unbound/util/configparser.y +++ b/usr.sbin/unbound/util/configparser.y @@ -95,6 +95,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE +%token VAR_CONTROL_USE_CERT %token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT %token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII %token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN @@ -106,6 +107,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UNBLOCK_LAN_ZONES +%token VAR_INFRA_CACHE_MIN_RTT %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH %token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION @@ -174,7 +176,8 @@ content_server: server_num_threads | server_verbosity | server_port | server_ssl_service_key | server_ssl_service_pem | server_ssl_port | server_minimal_responses | server_rrset_roundrobin | server_max_udp_size | server_so_reuseport | server_delay_close | server_unblock_lan_zones | - server_dns64_prefix | server_dns64_synthall + server_dns64_prefix | server_dns64_synthall | + server_infra_cache_min_rtt ; stubstart: VAR_STUB_ZONE { @@ -767,6 +770,15 @@ server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG free($2); } ; +server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG + { + OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->infra_cache_min_rtt = atoi($2); + free($2); + } + ; server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG { OUTYY(("P(server_target_fetch_policy:%s)\n", $2)); @@ -1104,10 +1116,11 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 && strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 && strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0 - && strcmp($3, "typetransparent")!=0) + && strcmp($3, "typetransparent")!=0 && + strcmp($3, "inform")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " - "typetransparent or nodefault"); + "typetransparent, inform or nodefault"); else if(strcmp($3, "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_zones_nodefault, $2)) @@ -1270,7 +1283,7 @@ contents_rc: contents_rc content_rc | ; content_rc: rc_control_enable | rc_control_interface | rc_control_port | rc_server_key_file | rc_server_cert_file | rc_control_key_file | - rc_control_cert_file + rc_control_cert_file | rc_control_use_cert ; rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG { @@ -1298,6 +1311,16 @@ rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG yyerror("out of memory"); } ; +rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG + { + OUTYY(("P(control_use_cert:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->remote_control_use_cert = + (strcmp($2, "yes")==0); + free($2); + } + ; rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG { OUTYY(("P(rc_server_key_file:%s)\n", $2)); diff --git a/usr.sbin/unbound/util/iana_ports.inc b/usr.sbin/unbound/util/iana_ports.inc index d318477e56f..99e5a654351 100644 --- a/usr.sbin/unbound/util/iana_ports.inc +++ b/usr.sbin/unbound/util/iana_ports.inc @@ -3819,6 +3819,7 @@ 4359, 4361, 4362, +4366, 4368, 4369, 4370, @@ -4399,6 +4400,7 @@ 6163, 6200, 6201, +6209, 6222, 6241, 6242, @@ -4488,6 +4490,8 @@ 6628, 6633, 6634, +6635, +6636, 6653, 6657, 6670, @@ -4671,6 +4675,7 @@ 7778, 7779, 7781, +7784, 7786, 7787, 7789, diff --git a/usr.sbin/unbound/util/rtt.c b/usr.sbin/unbound/util/rtt.c index 4b44fca5060..5d86f13378e 100644 --- a/usr.sbin/unbound/util/rtt.c +++ b/usr.sbin/unbound/util/rtt.c @@ -42,6 +42,8 @@ #include "config.h" #include "util/rtt.h" +/* overwritten by config: infra_cache_min_rtt: */ +int RTT_MIN_TIMEOUT = 50; /** calculate RTO from rtt information */ static int calc_rto(const struct rtt_info* rtt) diff --git a/usr.sbin/unbound/util/rtt.h b/usr.sbin/unbound/util/rtt.h index 57e904d1407..d6da9860650 100644 --- a/usr.sbin/unbound/util/rtt.h +++ b/usr.sbin/unbound/util/rtt.h @@ -56,7 +56,7 @@ struct rtt_info { }; /** min retransmit timeout value, in milliseconds */ -#define RTT_MIN_TIMEOUT 50 +extern int RTT_MIN_TIMEOUT; /** max retransmit timeout value, in milliseconds */ #define RTT_MAX_TIMEOUT 120000 diff --git a/usr.sbin/unbound/validator/val_secalgo.c b/usr.sbin/unbound/validator/val_secalgo.c index d89675f835b..3437c8da604 100644 --- a/usr.sbin/unbound/validator/val_secalgo.c +++ b/usr.sbin/unbound/validator/val_secalgo.c @@ -41,8 +41,9 @@ * and do the library calls (for the crypto library in use). */ #include "config.h" -#include "validator/val_secalgo.h" +/* packed_rrset on top to define enum types (forced by c99 standard) */ #include "util/data/packed_rrset.h" +#include "validator/val_secalgo.h" #include "util/log.h" #include "ldns/rrdef.h" #include "ldns/keyraw.h" |