- Fix contrib/fastrpz.patch to apply cleanly.
W.C.A. Wijngaards
3 years ago
1 | 1 | Author: fastrpz@farsightsecurity.com |
2 | 2 | --- |
3 | 3 | diff --git a/Makefile.in b/Makefile.in |
4 | index a20058cc..495779cc 100644 | |
4 | index bac212df..4824927f 100644 | |
5 | 5 | --- a/Makefile.in |
6 | 6 | +++ b/Makefile.in |
7 | 7 | @@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c |
12 | 12 | +FASTRPZ_OBJ=@FASTRPZ_OBJ@ |
13 | 13 | DNSCRYPT_SRC=@DNSCRYPT_SRC@ |
14 | 14 | DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ |
15 | WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ | |
16 | @@ -127,7 +129,7 @@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ | |
15 | WITH_DYNLIBMODULE=@WITH_DYNLIBMODULE@ | |
16 | @@ -134,7 +136,7 @@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ | |
17 | 17 | edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ |
18 | 18 | edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ |
19 | 19 | cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ |
22 | 22 | COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ |
23 | 23 | as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ |
24 | 24 | iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ |
25 | @@ -140,7 +142,7 @@ autotrust.lo val_anchor.lo rpz.lo \ | |
25 | @@ -147,7 +149,7 @@ autotrust.lo val_anchor.lo rpz.lo \ | |
26 | 26 | validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ |
27 | 27 | val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ |
28 | 28 | $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ |
31 | 31 | COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ |
32 | 32 | outside_network.lo |
33 | 33 | COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo |
34 | @@ -410,6 +412,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ | |
34 | @@ -428,6 +430,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ | |
35 | 35 | $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ |
36 | 36 | $(srcdir)/util/netevent.h |
37 | 37 | |
44 | 44 | pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ |
45 | 45 | pythonmod/interface.h \ |
46 | 46 | diff --git a/config.h.in b/config.h.in |
47 | index 78d47fed..e33073e4 100644 | |
47 | index f7a4095e..d5a4fa01 100644 | |
48 | 48 | --- a/config.h.in |
49 | 49 | +++ b/config.h.in |
50 | @@ -1345,4 +1345,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, | |
50 | @@ -1364,4 +1364,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, | |
51 | 51 | /** the version of unbound-control that this software implements */ |
52 | 52 | #define UNBOUND_CONTROL_VERSION 1 |
53 | 53 | |
61 | 61 | +/** turn on fastrpz response policy zones */ |
62 | 62 | +#undef ENABLE_FASTRPZ |
63 | 63 | diff --git a/configure.ac b/configure.ac |
64 | index 2b91dd3c..e6063d17 100644 | |
64 | index 5c373d9d..e45abd89 100644 | |
65 | 65 | --- a/configure.ac |
66 | 66 | +++ b/configure.ac |
67 | 67 | @@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) |
72 | 72 | sinclude(dnscrypt/dnscrypt.m4) |
73 | 73 | |
74 | 74 | # must be numbers. ac_defun because of later processing |
75 | @@ -1778,6 +1779,9 @@ case "$enable_ipset" in | |
76 | ;; | |
75 | @@ -1819,6 +1820,9 @@ case "$enable_explicit_port_randomisation" in | |
77 | 76 | esac |
77 | ||
78 | 78 | |
79 | 79 | +# check for Fastrpz with fastrpz/rpz.m4 |
80 | 80 | +ck_FASTRPZ |
83 | 83 | # on openBSD, the implicit rule make $< work. |
84 | 84 | # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). |
85 | 85 | diff --git a/daemon/daemon.c b/daemon/daemon.c |
86 | index 8b0fc348..7ffb9221 100644 | |
86 | index 5d427925..f89f1437 100644 | |
87 | 87 | --- a/daemon/daemon.c |
88 | 88 | +++ b/daemon/daemon.c |
89 | 89 | @@ -91,6 +91,9 @@ |
96 | 96 | |
97 | 97 | #ifdef HAVE_SYSTEMD |
98 | 98 | #include <systemd/sd-daemon.h> |
99 | @@ -458,6 +461,14 @@ daemon_create_workers(struct daemon* daemon) | |
100 | dt_apply_cfg(daemon->dtenv, daemon->cfg); | |
99 | @@ -456,6 +459,14 @@ daemon_create_workers(struct daemon* daemon) | |
100 | fatal_exit("dt_create failed"); | |
101 | 101 | #else |
102 | 102 | fatal_exit("dnstap enabled in config but not built with dnstap support"); |
103 | 103 | +#endif |
111 | 111 | #endif |
112 | 112 | } |
113 | 113 | for(i=0; i<daemon->num; i++) { |
114 | @@ -731,6 +742,9 @@ daemon_cleanup(struct daemon* daemon) | |
114 | @@ -729,6 +740,9 @@ daemon_cleanup(struct daemon* daemon) | |
115 | 115 | #ifdef USE_DNSCRYPT |
116 | 116 | dnsc_delete(daemon->dnscenv); |
117 | 117 | daemon->dnscenv = NULL; |
138 | 138 | |
139 | 139 | /** |
140 | 140 | diff --git a/daemon/worker.c b/daemon/worker.c |
141 | index eb7fdf2f..1982228d 100644 | |
141 | index 23e3244c..b63d49b7 100644 | |
142 | 142 | --- a/daemon/worker.c |
143 | 143 | +++ b/daemon/worker.c |
144 | 144 | @@ -76,6 +76,9 @@ |
151 | 151 | #include "sldns/wire2str.h" |
152 | 152 | #include "util/shm_side/shm_main.h" |
153 | 153 | #include "dnscrypt/dnscrypt.h" |
154 | @@ -534,8 +537,27 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, | |
154 | @@ -535,8 +538,27 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, | |
155 | 155 | /* not secure */ |
156 | 156 | secure = 0; |
157 | 157 | break; |
179 | 179 | /* return this delegation from the cache */ |
180 | 180 | edns_bak = *edns; |
181 | 181 | edns->edns_version = EDNS_ADVERTISED_VERSION; |
182 | @@ -710,6 +732,23 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, | |
182 | @@ -711,6 +733,23 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, | |
183 | 183 | *is_secure_answer = 0; |
184 | 184 | } |
185 | 185 | } else *is_secure_answer = 0; |
203 | 203 | |
204 | 204 | edns_bak = *edns; |
205 | 205 | edns->edns_version = EDNS_ADVERTISED_VERSION; |
206 | @@ -1435,6 +1474,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, | |
206 | @@ -1436,6 +1475,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, | |
207 | 207 | log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", |
208 | 208 | &repinfo->addr, repinfo->addrlen); |
209 | 209 | goto send_reply; |
219 | 219 | } |
220 | 220 | |
221 | 221 | /* If we've found a local alias, replace the qname with the alias |
222 | @@ -1485,12 +1533,21 @@ lookup_cache: | |
222 | @@ -1486,12 +1534,21 @@ lookup_cache: | |
223 | 223 | h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); |
224 | 224 | if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { |
225 | 225 | /* answer from cache - we have acquired a readlock on it */ |
243 | 243 | /* prefetch it if the prefetch TTL expired. |
244 | 244 | * Note that if there is more than one pass |
245 | 245 | * its qname must be that used for cache |
246 | @@ -1547,11 +1604,19 @@ lookup_cache: | |
246 | @@ -1548,11 +1605,19 @@ lookup_cache: | |
247 | 247 | lock_rw_unlock(&e->lock); |
248 | 248 | } |
249 | 249 | if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { |
266 | 266 | } |
267 | 267 | verbose(VERB_ALGO, "answer norec from cache -- " |
268 | 268 | diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in |
269 | index 38c2d298..3b07f392 100644 | |
269 | index cd43f04e..b92a1af8 100644 | |
270 | 270 | --- a/doc/unbound.conf.5.in |
271 | 271 | +++ b/doc/unbound.conf.5.in |
272 | @@ -1828,6 +1828,81 @@ List domain for which the AAAA records are ignored and the A record is | |
272 | @@ -1878,6 +1878,81 @@ List domain for which the AAAA records are ignored and the A record is | |
273 | 273 | used by dns64 processing instead. Can be entered multiple times, list a |
274 | 274 | new domain for which it applies, one per line. Applies also to names |
275 | 275 | underneath the name given. |
2887 | 2887 | + fi |
2888 | 2888 | +]) |
2889 | 2889 | diff --git a/iterator/iterator.c b/iterator/iterator.c |
2890 | index 1e0113a8..2fcbf547 100644 | |
2890 | index 23b07ea9..c3d31a33 100644 | |
2891 | 2891 | --- a/iterator/iterator.c |
2892 | 2892 | +++ b/iterator/iterator.c |
2893 | 2893 | @@ -68,6 +68,9 @@ |
2900 | 2900 | |
2901 | 2901 | /* in msec */ |
2902 | 2902 | int UNKNOWN_SERVER_NICENESS = 376; |
2903 | @@ -555,6 +558,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, | |
2903 | @@ -563,6 +566,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, | |
2904 | 2904 | if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && |
2905 | 2905 | query_dname_compare(*mname, r->rk.dname) == 0 && |
2906 | 2906 | !iter_find_rrset_in_prepend_answer(iq, r)) { |
2924 | 2924 | /* Add this relevant CNAME rrset to the prepend list.*/ |
2925 | 2925 | if(!iter_add_prepend_answer(qstate, iq, r)) |
2926 | 2926 | return 0; |
2927 | @@ -563,6 +583,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, | |
2927 | @@ -571,6 +591,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, | |
2928 | 2928 | |
2929 | 2929 | /* Other rrsets in the section are ignored. */ |
2930 | 2930 | } |
2934 | 2934 | /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ |
2935 | 2935 | for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets + |
2936 | 2936 | msg->rep->ns_numrrsets; i++) { |
2937 | @@ -1199,6 +1222,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, | |
2937 | @@ -1231,6 +1254,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, | |
2938 | 2938 | uint8_t* delname; |
2939 | 2939 | size_t delnamelen; |
2940 | 2940 | struct dns_msg* msg = NULL; |
2942 | 2942 | |
2943 | 2943 | log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); |
2944 | 2944 | /* check effort */ |
2945 | @@ -1285,8 +1309,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, | |
2945 | @@ -1317,8 +1341,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, | |
2946 | 2946 | } |
2947 | 2947 | if(msg) { |
2948 | 2948 | /* handle positive cache response */ |
2952 | 2952 | if(verbosity >= VERB_ALGO) { |
2953 | 2953 | log_dns_msg("msg from cache lookup", &msg->qinfo, |
2954 | 2954 | msg->rep); |
2955 | @@ -1294,7 +1317,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, | |
2955 | @@ -1326,7 +1349,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, | |
2956 | 2956 | (int)msg->rep->ttl, |
2957 | 2957 | (int)msg->rep->prefetch_ttl); |
2958 | 2958 | } |
2975 | 2975 | if(type == RESPONSE_TYPE_CNAME) { |
2976 | 2976 | uint8_t* sname = 0; |
2977 | 2977 | size_t slen = 0; |
2978 | @@ -2718,6 +2756,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, | |
2978 | @@ -2801,6 +2839,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, | |
2979 | 2979 | sock_list_insert(&qstate->reply_origin, |
2980 | 2980 | &qstate->reply->addr, qstate->reply->addrlen, |
2981 | 2981 | qstate->region); |
3038 | 3038 | if(iq->minimisation_state != DONOT_MINIMISE_STATE |
3039 | 3039 | && !(iq->chase_flags & BIT_RD)) { |
3040 | 3040 | if(FLAGS_GET_RCODE(iq->response->rep->flags) != |
3041 | @@ -3471,12 +3565,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, | |
3041 | @@ -3563,12 +3657,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, | |
3042 | 3042 | * but only if we did recursion. The nonrecursion referral |
3043 | 3043 | * from cache does not need to be stored in the msg cache. */ |
3044 | 3044 | if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { |
3084 | 3084 | qstate->return_msg = iq->response; |
3085 | 3085 | return 0; |
3086 | 3086 | diff --git a/iterator/iterator.h b/iterator/iterator.h |
3087 | index a2f1b570..e1e4a738 100644 | |
3087 | index 342ac207..49b0ecdd 100644 | |
3088 | 3088 | --- a/iterator/iterator.h |
3089 | 3089 | +++ b/iterator/iterator.h |
3090 | @@ -386,6 +386,16 @@ struct iter_qstate { | |
3090 | @@ -396,6 +396,16 @@ struct iter_qstate { | |
3091 | 3091 | */ |
3092 | 3092 | int minimise_count; |
3093 | 3093 | |
3103 | 3103 | + |
3104 | 3104 | /** |
3105 | 3105 | * Count number of time-outs. Used to prevent resolving failures when |
3106 | * the QNAME minimisation QTYPE is blocked. */ | |
3106 | * the QNAME minimisation QTYPE is blocked. Used to determine if | |
3107 | 3107 | diff --git a/services/cache/dns.c b/services/cache/dns.c |
3108 | index 2a5bca4a..6de8863a 100644 | |
3108 | index 7b6e142c..6d7449f5 100644 | |
3109 | 3109 | --- a/services/cache/dns.c |
3110 | 3110 | +++ b/services/cache/dns.c |
3111 | @@ -967,6 +967,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, | |
3111 | @@ -969,6 +969,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, | |
3112 | 3112 | struct regional* region, uint32_t flags) |
3113 | 3113 | { |
3114 | 3114 | struct reply_info* rep = NULL; |
3124 | 3124 | rep = reply_info_copy(msgrep, env->alloc, NULL); |
3125 | 3125 | if(!rep) |
3126 | 3126 | diff --git a/services/mesh.c b/services/mesh.c |
3127 | index 9114ef4c..3dc518e5 100644 | |
3127 | index 4b0c5db4..eb9cfa5b 100644 | |
3128 | 3128 | --- a/services/mesh.c |
3129 | 3129 | +++ b/services/mesh.c |
3130 | 3130 | @@ -61,6 +61,9 @@ |
3137 | 3137 | #include "respip/respip.h" |
3138 | 3138 | #include "services/listen_dnsport.h" |
3139 | 3139 | |
3140 | @@ -1195,6 +1198,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, | |
3140 | @@ -1207,6 +1210,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, | |
3141 | 3141 | else secure = 0; |
3142 | 3142 | if(!rep && rcode == LDNS_RCODE_NOERROR) |
3143 | 3143 | rcode = LDNS_RCODE_SERVFAIL; |
3151 | 3151 | /* send the reply */ |
3152 | 3152 | /* We don't reuse the encoded answer if either the previous or current |
3153 | 3153 | * response has a local alias. We could compare the alias records |
3154 | @@ -1415,6 +1425,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, | |
3154 | @@ -1434,6 +1444,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, | |
3155 | 3155 | key.s.is_valrec = valrec; |
3156 | 3156 | key.s.qinfo = *qinfo; |
3157 | 3157 | key.s.query_flags = qflags; |
3159 | 3159 | /* We are searching for a similar mesh state when we DO want to |
3160 | 3160 | * aggregate the state. Thus unique is set to NULL. (default when we |
3161 | 3161 | * desire aggregation).*/ |
3162 | @@ -1461,6 +1472,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, | |
3162 | @@ -1480,6 +1491,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, | |
3163 | 3163 | if(!r) |
3164 | 3164 | return 0; |
3165 | 3165 | r->query_reply = *rep; |
3171 | 3171 | if(edns->opt_list) { |
3172 | 3172 | r->edns.opt_list = edns_opt_copy_region(edns->opt_list, |
3173 | 3173 | diff --git a/util/config_file.c b/util/config_file.c |
3174 | index 52ca5a18..0660248f 100644 | |
3174 | index 0e9ee471..a5fd72e0 100644 | |
3175 | 3175 | --- a/util/config_file.c |
3176 | 3176 | +++ b/util/config_file.c |
3177 | @@ -1460,6 +1460,8 @@ config_delete(struct config_file* cfg) | |
3178 | free(cfg->dnstap_socket_path); | |
3177 | @@ -1495,6 +1495,8 @@ config_delete(struct config_file* cfg) | |
3178 | free(cfg->dnstap_tls_client_cert_file); | |
3179 | 3179 | free(cfg->dnstap_identity); |
3180 | 3180 | free(cfg->dnstap_version); |
3181 | 3181 | + if (cfg->rpz_cstr) |
3184 | 3184 | config_deldblstrlist(cfg->ratelimit_below_domain); |
3185 | 3185 | config_delstrlist(cfg->python_script); |
3186 | 3186 | diff --git a/util/config_file.h b/util/config_file.h |
3187 | index 8739ca2a..a2dcf215 100644 | |
3187 | index 66e5025d..504f4f92 100644 | |
3188 | 3188 | --- a/util/config_file.h |
3189 | 3189 | +++ b/util/config_file.h |
3190 | @@ -499,6 +499,11 @@ struct config_file { | |
3190 | @@ -522,6 +522,11 @@ struct config_file { | |
3191 | 3191 | /** true to disable DNSSEC lameness check in iterator */ |
3192 | 3192 | int disable_dnssec_lame_check; |
3193 | 3193 | |
3200 | 3200 | int ip_ratelimit; |
3201 | 3201 | /** number of slabs for ip_ratelimit cache */ |
3202 | 3202 | diff --git a/util/configlexer.lex b/util/configlexer.lex |
3203 | index deedffa5..301458a3 100644 | |
3203 | index 83cea4b9..9a7feea4 100644 | |
3204 | 3204 | --- a/util/configlexer.lex |
3205 | 3205 | +++ b/util/configlexer.lex |
3206 | @@ -446,6 +446,10 @@ dnstap-log-forwarder-query-messages{COLON} { | |
3206 | @@ -467,6 +467,10 @@ dnstap-log-forwarder-query-messages{COLON} { | |
3207 | 3207 | YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } |
3208 | 3208 | dnstap-log-forwarder-response-messages{COLON} { |
3209 | 3209 | YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } |
3215 | 3215 | ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } |
3216 | 3216 | ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } |
3217 | 3217 | diff --git a/util/configparser.y b/util/configparser.y |
3218 | index d471babe..cb6b1d63 100644 | |
3218 | index fe600a99..ce43390f 100644 | |
3219 | 3219 | --- a/util/configparser.y |
3220 | 3220 | +++ b/util/configparser.y |
3221 | @@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser; | |
3221 | @@ -128,6 +128,7 @@ extern struct config_parser_state* cfg_parser; | |
3222 | 3222 | %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES |
3223 | 3223 | %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES |
3224 | 3224 | %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES |
3225 | 3225 | +%token VAR_RPZ VAR_RPZ_ENABLE VAR_RPZ_ZONE VAR_RPZ_OPTION |
3226 | 3226 | %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA |
3227 | 3227 | %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT |
3228 | %token VAR_DISABLE_DNSSEC_LAME_CHECK | |
3229 | @@ -173,7 +174,7 @@ extern struct config_parser_state* cfg_parser; | |
3228 | %token VAR_IP_DSCP | |
3229 | @@ -179,7 +180,7 @@ extern struct config_parser_state* cfg_parser; | |
3230 | 3230 | |
3231 | 3231 | %% |
3232 | 3232 | toplevelvars: /* empty */ | toplevelvars toplevelvar ; |
3235 | 3235 | forwardstart contents_forward | pythonstart contents_py | |
3236 | 3236 | rcstart contents_rc | dtstart contents_dt | viewstart contents_view | |
3237 | 3237 | dnscstart contents_dnsc | cachedbstart contents_cachedb | |
3238 | @@ -2837,6 +2838,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES | |
3238 | @@ -2939,6 +2940,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES | |
3239 | 3239 | free($2); |
3240 | 3240 | } |
3241 | 3241 | ; |
3383 | 3383 | |
3384 | 3384 | /** |
3385 | 3385 | diff --git a/util/netevent.c b/util/netevent.c |
3386 | index 9fe5da2d..037e70d1 100644 | |
3386 | index 3e7a433e..f20d806f 100644 | |
3387 | 3387 | --- a/util/netevent.c |
3388 | 3388 | +++ b/util/netevent.c |
3389 | 3389 | @@ -57,6 +57,9 @@ |
3396 | 3396 | |
3397 | 3397 | /* -------- Start of local definitions -------- */ |
3398 | 3398 | /** if CMSG_ALIGN is not defined on this platform, a workaround */ |
3399 | @@ -590,6 +593,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) | |
3399 | @@ -596,6 +599,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) | |
3400 | 3400 | struct cmsghdr* cmsg; |
3401 | 3401 | #endif /* S_SPLINT_S */ |
3402 | 3402 | |
3406 | 3406 | rep.c = (struct comm_point*)arg; |
3407 | 3407 | log_assert(rep.c->type == comm_udp); |
3408 | 3408 | |
3409 | @@ -679,6 +685,9 @@ comm_point_udp_callback(int fd, short event, void* arg) | |
3409 | @@ -685,6 +691,9 @@ comm_point_udp_callback(int fd, short event, void* arg) | |
3410 | 3410 | int i; |
3411 | 3411 | struct sldns_buffer *buffer; |
3412 | 3412 | |
3416 | 3416 | rep.c = (struct comm_point*)arg; |
3417 | 3417 | log_assert(rep.c->type == comm_udp); |
3418 | 3418 | |
3419 | @@ -722,6 +731,9 @@ comm_point_udp_callback(int fd, short event, void* arg) | |
3419 | @@ -728,6 +737,9 @@ comm_point_udp_callback(int fd, short event, void* arg) | |
3420 | 3420 | (void)comm_point_send_udp_msg(rep.c, buffer, |
3421 | 3421 | (struct sockaddr*)&rep.addr, rep.addrlen); |
3422 | 3422 | } |
3426 | 3426 | if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for |
3427 | 3427 | another UDP port. Note rep.c cannot be reused with TCP fd. */ |
3428 | 3428 | break; |
3429 | @@ -3192,6 +3204,9 @@ comm_point_send_reply(struct comm_reply *repinfo) | |
3429 | @@ -3175,6 +3187,9 @@ comm_point_send_reply(struct comm_reply *repinfo) | |
3430 | 3430 | repinfo->c->tcp_timeout_msec); |
3431 | 3431 | } |
3432 | 3432 | } |
3436 | 3436 | } |
3437 | 3437 | |
3438 | 3438 | void |
3439 | @@ -3201,6 +3216,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) | |
3439 | @@ -3184,6 +3199,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) | |
3440 | 3440 | return; |
3441 | 3441 | log_assert(repinfo->c); |
3442 | 3442 | log_assert(repinfo->c->type != comm_tcp_accept); |
3446 | 3446 | if(repinfo->c->type == comm_udp) |
3447 | 3447 | return; |
3448 | 3448 | if(repinfo->c->tcp_req_info) |
3449 | @@ -3222,6 +3240,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) | |
3449 | @@ -3205,6 +3223,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) | |
3450 | 3450 | { |
3451 | 3451 | verbose(VERB_ALGO, "comm point start listening %d (%d msec)", |
3452 | 3452 | c->fd==-1?newfd:c->fd, msec); |
3457 | 3457 | /* no use to start listening no free slots. */ |
3458 | 3458 | return; |
3459 | 3459 | diff --git a/util/netevent.h b/util/netevent.h |
3460 | index d80c72b3..0233292f 100644 | |
3460 | index bb2cd1e5..666067e8 100644 | |
3461 | 3461 | --- a/util/netevent.h |
3462 | 3462 | +++ b/util/netevent.h |
3463 | 3463 | @@ -120,6 +120,10 @@ struct comm_reply { |