Merge tag 'upstream/1.9.3'
Upstream version 1.9.3
Robert Edmonds
4 years ago
0 | 0 | #! /bin/sh |
1 | 1 | # Guess values for system-dependent variables and create Makefiles. |
2 | # Generated by GNU Autoconf 2.69 for unbound 1.9.3rc1. | |
2 | # Generated by GNU Autoconf 2.69 for unbound 1.9.3. | |
3 | 3 | # |
4 | 4 | # Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>. |
5 | 5 | # |
590 | 590 | # Identity of this package. |
591 | 591 | PACKAGE_NAME='unbound' |
592 | 592 | PACKAGE_TARNAME='unbound' |
593 | PACKAGE_VERSION='1.9.3rc1' | |
594 | PACKAGE_STRING='unbound 1.9.3rc1' | |
593 | PACKAGE_VERSION='1.9.3' | |
594 | PACKAGE_STRING='unbound 1.9.3' | |
595 | 595 | PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' |
596 | 596 | PACKAGE_URL='' |
597 | 597 | |
666 | 666 | WINAPPS |
667 | 667 | WINDRES |
668 | 668 | CHECKLOCK_OBJ |
669 | USE_SYSTEMD_FALSE | |
670 | USE_SYSTEMD_TRUE | |
671 | SYSTEMD_DAEMON_LIBS | |
672 | SYSTEMD_DAEMON_CFLAGS | |
673 | SYSTEMD_LIBS | |
674 | SYSTEMD_CFLAGS | |
675 | 669 | staticexe |
676 | 670 | PC_LIBEVENT_DEPENDENCY |
677 | 671 | UNBOUND_EVENT_UNINSTALL |
707 | 701 | PTHREAD_LIBS |
708 | 702 | PTHREAD_CC |
709 | 703 | ax_pthread_config |
704 | USE_SYSTEMD_FALSE | |
705 | USE_SYSTEMD_TRUE | |
706 | SYSTEMD_DAEMON_LIBS | |
707 | SYSTEMD_DAEMON_CFLAGS | |
708 | SYSTEMD_LIBS | |
709 | SYSTEMD_CFLAGS | |
710 | 710 | RUNTIME_PATH |
711 | 711 | LIBOBJS |
712 | 712 | PKG_CONFIG_LIBDIR |
843 | 843 | enable_libtool_lock |
844 | 844 | enable_rpath |
845 | 845 | enable_largefile |
846 | enable_systemd | |
846 | 847 | enable_alloc_checks |
847 | 848 | enable_alloc_lite |
848 | 849 | enable_alloc_nonregional |
869 | 870 | with_libexpat |
870 | 871 | with_libhiredis |
871 | 872 | enable_static_exe |
872 | enable_systemd | |
873 | 873 | enable_lock_checks |
874 | 874 | enable_allsymbols |
875 | 875 | enable_dnstap |
899 | 899 | PKG_CONFIG |
900 | 900 | PKG_CONFIG_PATH |
901 | 901 | PKG_CONFIG_LIBDIR |
902 | PYTHON_VERSION | |
903 | 902 | SYSTEMD_CFLAGS |
904 | 903 | SYSTEMD_LIBS |
905 | 904 | SYSTEMD_DAEMON_CFLAGS |
906 | SYSTEMD_DAEMON_LIBS' | |
905 | SYSTEMD_DAEMON_LIBS | |
906 | PYTHON_VERSION' | |
907 | 907 | |
908 | 908 | |
909 | 909 | # Initialize some variables set by options. |
1444 | 1444 | # Omit some internal or obsolete options to make the list less imposing. |
1445 | 1445 | # This message is too long to be a string in the A/UX 3.1 sh. |
1446 | 1446 | cat <<_ACEOF |
1447 | \`configure' configures unbound 1.9.3rc1 to adapt to many kinds of systems. | |
1447 | \`configure' configures unbound 1.9.3 to adapt to many kinds of systems. | |
1448 | 1448 | |
1449 | 1449 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1450 | 1450 | |
1509 | 1509 | |
1510 | 1510 | if test -n "$ac_init_help"; then |
1511 | 1511 | case $ac_init_help in |
1512 | short | recursive ) echo "Configuration of unbound 1.9.3rc1:";; | |
1512 | short | recursive ) echo "Configuration of unbound 1.9.3:";; | |
1513 | 1513 | esac |
1514 | 1514 | cat <<\_ACEOF |
1515 | 1515 | |
1531 | 1531 | --disable-libtool-lock avoid locking (might break parallel builds) |
1532 | 1532 | --disable-rpath disable hardcoded rpath (default=enabled) |
1533 | 1533 | --disable-largefile omit support for large files |
1534 | --enable-systemd compile with systemd support | |
1534 | 1535 | --enable-alloc-checks enable to memory allocation statistics, for debug |
1535 | 1536 | purposes |
1536 | 1537 | --enable-alloc-lite enable for lightweight alloc assertions, for debug |
1557 | 1558 | --enable-tfo-server Enable TCP Fast Open for server mode |
1558 | 1559 | --enable-static-exe enable to compile executables statically against |
1559 | 1560 | (event) libs, for debug purposes |
1560 | --enable-systemd compile with systemd support | |
1561 | 1561 | --enable-lock-checks enable to check lock and unlock calls, for debug |
1562 | 1562 | purposes |
1563 | 1563 | --enable-allsymbols export all symbols from libunbound and link binaries |
1649 | 1649 | directories to add to pkg-config's search path |
1650 | 1650 | PKG_CONFIG_LIBDIR |
1651 | 1651 | path overriding pkg-config's built-in search path |
1652 | PYTHON_VERSION | |
1653 | The installed Python version to use, for example '2.3'. This | |
1654 | string will be appended to the Python interpreter canonical | |
1655 | name. | |
1656 | 1652 | SYSTEMD_CFLAGS |
1657 | 1653 | C compiler flags for SYSTEMD, overriding pkg-config |
1658 | 1654 | SYSTEMD_LIBS |
1661 | 1657 | C compiler flags for SYSTEMD_DAEMON, overriding pkg-config |
1662 | 1658 | SYSTEMD_DAEMON_LIBS |
1663 | 1659 | linker flags for SYSTEMD_DAEMON, overriding pkg-config |
1660 | PYTHON_VERSION | |
1661 | The installed Python version to use, for example '2.3'. This | |
1662 | string will be appended to the Python interpreter canonical | |
1663 | name. | |
1664 | 1664 | |
1665 | 1665 | Use these variables to override the choices made by `configure' or to help |
1666 | 1666 | it to find libraries and programs with nonstandard names/locations. |
1728 | 1728 | test -n "$ac_init_help" && exit $ac_status |
1729 | 1729 | if $ac_init_version; then |
1730 | 1730 | cat <<\_ACEOF |
1731 | unbound configure 1.9.3rc1 | |
1731 | unbound configure 1.9.3 | |
1732 | 1732 | generated by GNU Autoconf 2.69 |
1733 | 1733 | |
1734 | 1734 | Copyright (C) 2012 Free Software Foundation, Inc. |
2437 | 2437 | This file contains any messages produced by compilers while |
2438 | 2438 | running configure, to aid debugging if configure makes a mistake. |
2439 | 2439 | |
2440 | It was created by unbound $as_me 1.9.3rc1, which was | |
2440 | It was created by unbound $as_me 1.9.3, which was | |
2441 | 2441 | generated by GNU Autoconf 2.69. Invocation command line was |
2442 | 2442 | |
2443 | 2443 | $ $0 $@ |
2789 | 2789 | |
2790 | 2790 | UNBOUND_VERSION_MINOR=9 |
2791 | 2791 | |
2792 | UNBOUND_VERSION_MICRO=3rc1 | |
2792 | UNBOUND_VERSION_MICRO=3 | |
2793 | 2793 | |
2794 | 2794 | |
2795 | 2795 | LIBUNBOUND_CURRENT=9 |
16118 | 16118 | |
16119 | 16119 | fi |
16120 | 16120 | |
16121 | # Include systemd.m4 - begin | |
16122 | # macros for configuring systemd | |
16123 | # Copyright 2015, Sami Kerola, CloudFlare. | |
16124 | # BSD licensed. | |
16125 | # Check whether --enable-systemd was given. | |
16126 | if test "${enable_systemd+set}" = set; then : | |
16127 | enableval=$enable_systemd; | |
16128 | else | |
16129 | enable_systemd=no | |
16130 | fi | |
16131 | ||
16132 | have_systemd=no | |
16133 | if test "x$enable_systemd" != xno; then : | |
16134 | ||
16135 | ||
16136 | ||
16137 | pkg_failed=no | |
16138 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5 | |
16139 | $as_echo_n "checking for SYSTEMD... " >&6; } | |
16140 | ||
16141 | if test -n "$SYSTEMD_CFLAGS"; then | |
16142 | pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS" | |
16143 | elif test -n "$PKG_CONFIG"; then | |
16144 | if test -n "$PKG_CONFIG" && \ | |
16145 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 | |
16146 | ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 | |
16147 | ac_status=$? | |
16148 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
16149 | test $ac_status = 0; }; then | |
16150 | pkg_cv_SYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "libsystemd" 2>/dev/null` | |
16151 | test "x$?" != "x0" && pkg_failed=yes | |
16152 | else | |
16153 | pkg_failed=yes | |
16154 | fi | |
16155 | else | |
16156 | pkg_failed=untried | |
16157 | fi | |
16158 | if test -n "$SYSTEMD_LIBS"; then | |
16159 | pkg_cv_SYSTEMD_LIBS="$SYSTEMD_LIBS" | |
16160 | elif test -n "$PKG_CONFIG"; then | |
16161 | if test -n "$PKG_CONFIG" && \ | |
16162 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 | |
16163 | ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 | |
16164 | ac_status=$? | |
16165 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
16166 | test $ac_status = 0; }; then | |
16167 | pkg_cv_SYSTEMD_LIBS=`$PKG_CONFIG --libs "libsystemd" 2>/dev/null` | |
16168 | test "x$?" != "x0" && pkg_failed=yes | |
16169 | else | |
16170 | pkg_failed=yes | |
16171 | fi | |
16172 | else | |
16173 | pkg_failed=untried | |
16174 | fi | |
16175 | ||
16176 | ||
16177 | ||
16178 | if test $pkg_failed = yes; then | |
16179 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
16180 | $as_echo "no" >&6; } | |
16181 | ||
16182 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then | |
16183 | _pkg_short_errors_supported=yes | |
16184 | else | |
16185 | _pkg_short_errors_supported=no | |
16186 | fi | |
16187 | if test $_pkg_short_errors_supported = yes; then | |
16188 | SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd" 2>&1` | |
16189 | else | |
16190 | SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd" 2>&1` | |
16191 | fi | |
16192 | # Put the nasty error message in config.log where it belongs | |
16193 | echo "$SYSTEMD_PKG_ERRORS" >&5 | |
16194 | ||
16195 | have_systemd=no | |
16196 | elif test $pkg_failed = untried; then | |
16197 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
16198 | $as_echo "no" >&6; } | |
16199 | have_systemd=no | |
16200 | else | |
16201 | SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS | |
16202 | SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS | |
16203 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | |
16204 | $as_echo "yes" >&6; } | |
16205 | have_systemd=yes | |
16206 | fi | |
16207 | if test "x$have_systemd" != "xyes"; then : | |
16208 | ||
16209 | ||
16210 | pkg_failed=no | |
16211 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD_DAEMON" >&5 | |
16212 | $as_echo_n "checking for SYSTEMD_DAEMON... " >&6; } | |
16213 | ||
16214 | if test -n "$SYSTEMD_DAEMON_CFLAGS"; then | |
16215 | pkg_cv_SYSTEMD_DAEMON_CFLAGS="$SYSTEMD_DAEMON_CFLAGS" | |
16216 | elif test -n "$PKG_CONFIG"; then | |
16217 | if test -n "$PKG_CONFIG" && \ | |
16218 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5 | |
16219 | ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5 | |
16220 | ac_status=$? | |
16221 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
16222 | test $ac_status = 0; }; then | |
16223 | pkg_cv_SYSTEMD_DAEMON_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-daemon" 2>/dev/null` | |
16224 | test "x$?" != "x0" && pkg_failed=yes | |
16225 | else | |
16226 | pkg_failed=yes | |
16227 | fi | |
16228 | else | |
16229 | pkg_failed=untried | |
16230 | fi | |
16231 | if test -n "$SYSTEMD_DAEMON_LIBS"; then | |
16232 | pkg_cv_SYSTEMD_DAEMON_LIBS="$SYSTEMD_DAEMON_LIBS" | |
16233 | elif test -n "$PKG_CONFIG"; then | |
16234 | if test -n "$PKG_CONFIG" && \ | |
16235 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5 | |
16236 | ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5 | |
16237 | ac_status=$? | |
16238 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
16239 | test $ac_status = 0; }; then | |
16240 | pkg_cv_SYSTEMD_DAEMON_LIBS=`$PKG_CONFIG --libs "libsystemd-daemon" 2>/dev/null` | |
16241 | test "x$?" != "x0" && pkg_failed=yes | |
16242 | else | |
16243 | pkg_failed=yes | |
16244 | fi | |
16245 | else | |
16246 | pkg_failed=untried | |
16247 | fi | |
16248 | ||
16249 | ||
16250 | ||
16251 | if test $pkg_failed = yes; then | |
16252 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
16253 | $as_echo "no" >&6; } | |
16254 | ||
16255 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then | |
16256 | _pkg_short_errors_supported=yes | |
16257 | else | |
16258 | _pkg_short_errors_supported=no | |
16259 | fi | |
16260 | if test $_pkg_short_errors_supported = yes; then | |
16261 | SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-daemon" 2>&1` | |
16262 | else | |
16263 | SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-daemon" 2>&1` | |
16264 | fi | |
16265 | # Put the nasty error message in config.log where it belongs | |
16266 | echo "$SYSTEMD_DAEMON_PKG_ERRORS" >&5 | |
16267 | ||
16268 | have_systemd_daemon=no | |
16269 | elif test $pkg_failed = untried; then | |
16270 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
16271 | $as_echo "no" >&6; } | |
16272 | have_systemd_daemon=no | |
16273 | else | |
16274 | SYSTEMD_DAEMON_CFLAGS=$pkg_cv_SYSTEMD_DAEMON_CFLAGS | |
16275 | SYSTEMD_DAEMON_LIBS=$pkg_cv_SYSTEMD_DAEMON_LIBS | |
16276 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | |
16277 | $as_echo "yes" >&6; } | |
16278 | have_systemd_daemon=yes | |
16279 | fi | |
16280 | if test "x$have_systemd_daemon" = "xyes"; then : | |
16281 | have_systemd=yes | |
16282 | fi | |
16283 | ||
16284 | fi | |
16285 | case $enable_systemd:$have_systemd in #( | |
16286 | yes:no) : | |
16287 | as_fn_error $? "systemd enabled but libsystemd not found" "$LINENO" 5 ;; #( | |
16288 | *:yes) : | |
16289 | ||
16290 | $as_echo "#define HAVE_SYSTEMD 1" >>confdefs.h | |
16291 | ||
16292 | LIBS="$LIBS $SYSTEMD_LIBS" | |
16293 | ||
16294 | ;; #( | |
16295 | *) : | |
16296 | ;; | |
16297 | esac | |
16298 | ||
16299 | ||
16300 | fi | |
16301 | if test "x$have_systemd" = xyes; then | |
16302 | USE_SYSTEMD_TRUE= | |
16303 | USE_SYSTEMD_FALSE='#' | |
16304 | else | |
16305 | USE_SYSTEMD_TRUE='#' | |
16306 | USE_SYSTEMD_FALSE= | |
16307 | fi | |
16308 | ||
16309 | ||
16310 | # Include systemd.m4 - end | |
16311 | ||
16121 | 16312 | # set memory allocation checking if requested |
16122 | 16313 | # Check whether --enable-alloc-checks was given. |
16123 | 16314 | if test "${enable_alloc_checks+set}" = set; then : |
19209 | 19400 | fi |
19210 | 19401 | fi |
19211 | 19402 | |
19212 | # Include systemd.m4 - begin | |
19213 | # macros for configuring systemd | |
19214 | # Copyright 2015, Sami Kerola, CloudFlare. | |
19215 | # BSD licensed. | |
19216 | # Check whether --enable-systemd was given. | |
19217 | if test "${enable_systemd+set}" = set; then : | |
19218 | enableval=$enable_systemd; | |
19219 | else | |
19220 | enable_systemd=no | |
19221 | fi | |
19222 | ||
19223 | have_systemd=no | |
19224 | if test "x$enable_systemd" != xno; then : | |
19225 | ||
19226 | ||
19227 | ||
19228 | pkg_failed=no | |
19229 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5 | |
19230 | $as_echo_n "checking for SYSTEMD... " >&6; } | |
19231 | ||
19232 | if test -n "$SYSTEMD_CFLAGS"; then | |
19233 | pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS" | |
19234 | elif test -n "$PKG_CONFIG"; then | |
19235 | if test -n "$PKG_CONFIG" && \ | |
19236 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 | |
19237 | ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 | |
19238 | ac_status=$? | |
19239 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
19240 | test $ac_status = 0; }; then | |
19241 | pkg_cv_SYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "libsystemd" 2>/dev/null` | |
19242 | test "x$?" != "x0" && pkg_failed=yes | |
19243 | else | |
19244 | pkg_failed=yes | |
19245 | fi | |
19246 | else | |
19247 | pkg_failed=untried | |
19248 | fi | |
19249 | if test -n "$SYSTEMD_LIBS"; then | |
19250 | pkg_cv_SYSTEMD_LIBS="$SYSTEMD_LIBS" | |
19251 | elif test -n "$PKG_CONFIG"; then | |
19252 | if test -n "$PKG_CONFIG" && \ | |
19253 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 | |
19254 | ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 | |
19255 | ac_status=$? | |
19256 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
19257 | test $ac_status = 0; }; then | |
19258 | pkg_cv_SYSTEMD_LIBS=`$PKG_CONFIG --libs "libsystemd" 2>/dev/null` | |
19259 | test "x$?" != "x0" && pkg_failed=yes | |
19260 | else | |
19261 | pkg_failed=yes | |
19262 | fi | |
19263 | else | |
19264 | pkg_failed=untried | |
19265 | fi | |
19266 | ||
19267 | ||
19268 | ||
19269 | if test $pkg_failed = yes; then | |
19270 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
19271 | $as_echo "no" >&6; } | |
19272 | ||
19273 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then | |
19274 | _pkg_short_errors_supported=yes | |
19275 | else | |
19276 | _pkg_short_errors_supported=no | |
19277 | fi | |
19278 | if test $_pkg_short_errors_supported = yes; then | |
19279 | SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd" 2>&1` | |
19280 | else | |
19281 | SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd" 2>&1` | |
19282 | fi | |
19283 | # Put the nasty error message in config.log where it belongs | |
19284 | echo "$SYSTEMD_PKG_ERRORS" >&5 | |
19285 | ||
19286 | have_systemd=no | |
19287 | elif test $pkg_failed = untried; then | |
19288 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
19289 | $as_echo "no" >&6; } | |
19290 | have_systemd=no | |
19291 | else | |
19292 | SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS | |
19293 | SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS | |
19294 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | |
19295 | $as_echo "yes" >&6; } | |
19296 | have_systemd=yes | |
19297 | fi | |
19298 | if test "x$have_systemd" != "xyes"; then : | |
19299 | ||
19300 | ||
19301 | pkg_failed=no | |
19302 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD_DAEMON" >&5 | |
19303 | $as_echo_n "checking for SYSTEMD_DAEMON... " >&6; } | |
19304 | ||
19305 | if test -n "$SYSTEMD_DAEMON_CFLAGS"; then | |
19306 | pkg_cv_SYSTEMD_DAEMON_CFLAGS="$SYSTEMD_DAEMON_CFLAGS" | |
19307 | elif test -n "$PKG_CONFIG"; then | |
19308 | if test -n "$PKG_CONFIG" && \ | |
19309 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5 | |
19310 | ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5 | |
19311 | ac_status=$? | |
19312 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
19313 | test $ac_status = 0; }; then | |
19314 | pkg_cv_SYSTEMD_DAEMON_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-daemon" 2>/dev/null` | |
19315 | test "x$?" != "x0" && pkg_failed=yes | |
19316 | else | |
19317 | pkg_failed=yes | |
19318 | fi | |
19319 | else | |
19320 | pkg_failed=untried | |
19321 | fi | |
19322 | if test -n "$SYSTEMD_DAEMON_LIBS"; then | |
19323 | pkg_cv_SYSTEMD_DAEMON_LIBS="$SYSTEMD_DAEMON_LIBS" | |
19324 | elif test -n "$PKG_CONFIG"; then | |
19325 | if test -n "$PKG_CONFIG" && \ | |
19326 | { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5 | |
19327 | ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5 | |
19328 | ac_status=$? | |
19329 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | |
19330 | test $ac_status = 0; }; then | |
19331 | pkg_cv_SYSTEMD_DAEMON_LIBS=`$PKG_CONFIG --libs "libsystemd-daemon" 2>/dev/null` | |
19332 | test "x$?" != "x0" && pkg_failed=yes | |
19333 | else | |
19334 | pkg_failed=yes | |
19335 | fi | |
19336 | else | |
19337 | pkg_failed=untried | |
19338 | fi | |
19339 | ||
19340 | ||
19341 | ||
19342 | if test $pkg_failed = yes; then | |
19343 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
19344 | $as_echo "no" >&6; } | |
19345 | ||
19346 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then | |
19347 | _pkg_short_errors_supported=yes | |
19348 | else | |
19349 | _pkg_short_errors_supported=no | |
19350 | fi | |
19351 | if test $_pkg_short_errors_supported = yes; then | |
19352 | SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-daemon" 2>&1` | |
19353 | else | |
19354 | SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-daemon" 2>&1` | |
19355 | fi | |
19356 | # Put the nasty error message in config.log where it belongs | |
19357 | echo "$SYSTEMD_DAEMON_PKG_ERRORS" >&5 | |
19358 | ||
19359 | have_systemd_daemon=no | |
19360 | elif test $pkg_failed = untried; then | |
19361 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | |
19362 | $as_echo "no" >&6; } | |
19363 | have_systemd_daemon=no | |
19364 | else | |
19365 | SYSTEMD_DAEMON_CFLAGS=$pkg_cv_SYSTEMD_DAEMON_CFLAGS | |
19366 | SYSTEMD_DAEMON_LIBS=$pkg_cv_SYSTEMD_DAEMON_LIBS | |
19367 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | |
19368 | $as_echo "yes" >&6; } | |
19369 | have_systemd_daemon=yes | |
19370 | fi | |
19371 | if test "x$have_systemd_daemon" = "xyes"; then : | |
19372 | have_systemd=yes | |
19373 | fi | |
19374 | ||
19375 | fi | |
19376 | case $enable_systemd:$have_systemd in #( | |
19377 | yes:no) : | |
19378 | as_fn_error $? "systemd enabled but libsystemd not found" "$LINENO" 5 ;; #( | |
19379 | *:yes) : | |
19380 | ||
19381 | $as_echo "#define HAVE_SYSTEMD 1" >>confdefs.h | |
19382 | ||
19383 | LIBS="$LIBS $SYSTEMD_LIBS" | |
19384 | ||
19385 | ;; #( | |
19386 | *) : | |
19387 | ;; | |
19388 | esac | |
19389 | ||
19390 | ||
19391 | fi | |
19392 | if test "x$have_systemd" = xyes; then | |
19393 | USE_SYSTEMD_TRUE= | |
19394 | USE_SYSTEMD_FALSE='#' | |
19395 | else | |
19396 | USE_SYSTEMD_TRUE='#' | |
19397 | USE_SYSTEMD_FALSE= | |
19398 | fi | |
19399 | ||
19400 | ||
19401 | # Include systemd.m4 - end | |
19402 | ||
19403 | 19403 | # set lock checking if requested |
19404 | 19404 | # Check whether --enable-lock_checks was given. |
19405 | 19405 | if test "${enable_lock_checks+set}" = set; then : |
21272 | 21272 | |
21273 | 21273 | |
21274 | 21274 | |
21275 | version=1.9.3rc1 | |
21275 | version=1.9.3 | |
21276 | 21276 | |
21277 | 21277 | date=`date +'%b %e, %Y'` |
21278 | 21278 | |
21791 | 21791 | # report actual input values of CONFIG_FILES etc. instead of their |
21792 | 21792 | # values after options handling. |
21793 | 21793 | ac_log=" |
21794 | This file was extended by unbound $as_me 1.9.3rc1, which was | |
21794 | This file was extended by unbound $as_me 1.9.3, which was | |
21795 | 21795 | generated by GNU Autoconf 2.69. Invocation command line was |
21796 | 21796 | |
21797 | 21797 | CONFIG_FILES = $CONFIG_FILES |
21857 | 21857 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
21858 | 21858 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
21859 | 21859 | ac_cs_version="\\ |
21860 | unbound config.status 1.9.3rc1 | |
21860 | unbound config.status 1.9.3 | |
21861 | 21861 | configured by $0, generated by GNU Autoconf 2.69, |
21862 | 21862 | with options \\"\$ac_cs_config\\" |
21863 | 21863 |
10 | 10 | # must be numbers. ac_defun because of later processing |
11 | 11 | m4_define([VERSION_MAJOR],[1]) |
12 | 12 | m4_define([VERSION_MINOR],[9]) |
13 | m4_define([VERSION_MICRO],[3rc1]) | |
13 | m4_define([VERSION_MICRO],[3]) | |
14 | 14 | AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound) |
15 | 15 | AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) |
16 | 16 | AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) |
479 | 479 | AC_DEFINE(REUSEPORT_DEFAULT, 0, [if REUSEPORT is enabled by default]) |
480 | 480 | fi |
481 | 481 | |
482 | # Include systemd.m4 - begin | |
483 | sinclude(systemd.m4) | |
484 | # Include systemd.m4 - end | |
485 | ||
482 | 486 | # set memory allocation checking if requested |
483 | 487 | AC_ARG_ENABLE(alloc-checks, AC_HELP_STRING([--enable-alloc-checks], |
484 | 488 | [ enable to memory allocation statistics, for debug purposes ]), |
1300 | 1304 | fi |
1301 | 1305 | fi |
1302 | 1306 | |
1303 | # Include systemd.m4 - begin | |
1304 | sinclude(systemd.m4) | |
1305 | # Include systemd.m4 - end | |
1306 | ||
1307 | 1307 | # set lock checking if requested |
1308 | 1308 | AC_ARG_ENABLE(lock_checks, AC_HELP_STRING([--enable-lock-checks], |
1309 | 1309 | [ enable to check lock and unlock calls, for debug purposes ]), |
1 | 1 | Author: fastrpz@farsightsecurity.com |
2 | 2 | --- |
3 | 3 | diff --git a/Makefile.in b/Makefile.in |
4 | index 03a6347..6758bea 100644 | |
4 | index e9042712..870d503b 100644 | |
5 | 5 | --- a/Makefile.in |
6 | 6 | +++ b/Makefile.in |
7 | 7 | @@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c |
17 | 17 | edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ |
18 | 18 | edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ |
19 | 19 | cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ |
20 | -$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) | |
21 | +$(DNSTAP_SRC) $(FASTRPZ_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) | |
20 | -$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) | |
21 | +$(DNSTAP_SRC) $(FASTRPZ_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) | |
22 | 22 | COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ |
23 | 23 | as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ |
24 | 24 | iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ |
26 | 26 | validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ |
27 | 27 | val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ |
28 | 28 | $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ |
29 | -$(IPSECMOD_OBJ) respip.lo | |
30 | +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) respip.lo | |
29 | -$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo | |
30 | +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo | |
31 | 31 | COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ |
32 | 32 | outside_network.lo |
33 | 33 | COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo |
34 | @@ -405,6 +407,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ | |
34 | @@ -408,6 +410,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ | |
35 | 35 | $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ |
36 | 36 | $(srcdir)/util/netevent.h |
37 | 37 | |
44 | 44 | pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ |
45 | 45 | pythonmod/interface.h \ |
46 | 46 | diff --git a/config.h.in b/config.h.in |
47 | index 74c14d1..a18f4ff 100644 | |
47 | index 1bfe4426..0136421d 100644 | |
48 | 48 | --- a/config.h.in |
49 | 49 | +++ b/config.h.in |
50 | @@ -1305,4 +1305,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, | |
50 | @@ -1315,4 +1315,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, | |
51 | 51 | /** the version of unbound-control that this software implements */ |
52 | 52 | #define UNBOUND_CONTROL_VERSION 1 |
53 | 53 | |
61 | 61 | +/** turn on fastrpz response policy zones */ |
62 | 62 | +#undef ENABLE_FASTRPZ |
63 | 63 | diff --git a/configure.ac b/configure.ac |
64 | index abbecf0..6454274 100644 | |
64 | index 811ad007..a8346f11 100644 | |
65 | 65 | --- a/configure.ac |
66 | 66 | +++ b/configure.ac |
67 | 67 | @@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) |
72 | 72 | sinclude(dnscrypt/dnscrypt.m4) |
73 | 73 | |
74 | 74 | # must be numbers. ac_defun because of later processing |
75 | @@ -1586,6 +1587,9 @@ case "$enable_ipsecmod" in | |
75 | @@ -1649,6 +1650,9 @@ case "$enable_ipset" in | |
76 | 76 | ;; |
77 | 77 | esac |
78 | 78 | |
83 | 83 | # on openBSD, the implicit rule make $< work. |
84 | 84 | # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). |
85 | 85 | diff --git a/daemon/daemon.c b/daemon/daemon.c |
86 | index 7461a26..706f8f6 100644 | |
86 | index 96cc443e..d08b2e56 100644 | |
87 | 87 | --- a/daemon/daemon.c |
88 | 88 | +++ b/daemon/daemon.c |
89 | 89 | @@ -91,6 +91,9 @@ |
111 | 111 | #endif |
112 | 112 | } |
113 | 113 | for(i=0; i<daemon->num; i++) { |
114 | @@ -718,6 +729,9 @@ daemon_cleanup(struct daemon* daemon) | |
114 | @@ -726,6 +737,9 @@ daemon_cleanup(struct daemon* daemon) | |
115 | 115 | #ifdef USE_DNSCRYPT |
116 | 116 | dnsc_delete(daemon->dnscenv); |
117 | 117 | daemon->dnscenv = NULL; |
122 | 122 | daemon->cfg = NULL; |
123 | 123 | } |
124 | 124 | diff --git a/daemon/daemon.h b/daemon/daemon.h |
125 | index 5749dbe..64ce230 100644 | |
125 | index 5749dbef..64ce230f 100644 | |
126 | 126 | --- a/daemon/daemon.h |
127 | 127 | +++ b/daemon/daemon.h |
128 | 128 | @@ -136,6 +136,11 @@ struct daemon { |
138 | 138 | |
139 | 139 | /** |
140 | 140 | diff --git a/daemon/worker.c b/daemon/worker.c |
141 | index fc93817..e435226 100644 | |
141 | index 263fcddf..e6bc84bd 100644 | |
142 | 142 | --- a/daemon/worker.c |
143 | 143 | +++ b/daemon/worker.c |
144 | 144 | @@ -75,6 +75,9 @@ |
203 | 203 | |
204 | 204 | edns_bak = *edns; |
205 | 205 | edns->edns_version = EDNS_ADVERTISED_VERSION; |
206 | @@ -1409,6 +1448,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, | |
206 | @@ -1410,6 +1449,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, | |
207 | 207 | log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", |
208 | 208 | &repinfo->addr, repinfo->addrlen); |
209 | 209 | goto send_reply; |
219 | 219 | } |
220 | 220 | |
221 | 221 | /* If we've found a local alias, replace the qname with the alias |
222 | @@ -1457,12 +1505,21 @@ lookup_cache: | |
222 | @@ -1458,12 +1506,21 @@ lookup_cache: | |
223 | 223 | h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); |
224 | 224 | if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { |
225 | 225 | /* answer from cache - we have acquired a readlock on it */ |
243 | 243 | /* prefetch it if the prefetch TTL expired. |
244 | 244 | * Note that if there is more than one pass |
245 | 245 | * its qname must be that used for cache |
246 | @@ -1516,11 +1573,19 @@ lookup_cache: | |
246 | @@ -1518,11 +1575,19 @@ lookup_cache: | |
247 | 247 | lock_rw_unlock(&e->lock); |
248 | 248 | } |
249 | 249 | if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { |
266 | 266 | } |
267 | 267 | verbose(VERB_ALGO, "answer norec from cache -- " |
268 | 268 | diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in |
269 | index c14ee27..0b71eaf 100644 | |
269 | index b1d8c790..10c0aa58 100644 | |
270 | 270 | --- a/doc/unbound.conf.5.in |
271 | 271 | +++ b/doc/unbound.conf.5.in |
272 | @@ -1795,6 +1795,81 @@ List domain for which the AAAA records are ignored and the A record is | |
272 | @@ -1801,6 +1801,81 @@ List domain for which the AAAA records are ignored and the A record is | |
273 | 273 | used by dns64 processing instead. Can be entered multiple times, list a |
274 | 274 | new domain for which it applies, one per line. Applies also to names |
275 | 275 | underneath the name given. |
353 | 353 | The |
354 | 354 | diff --git a/fastrpz/librpz.h b/fastrpz/librpz.h |
355 | 355 | new file mode 100644 |
356 | index 0000000..645279d | |
356 | index 00000000..645279d1 | |
357 | 357 | --- /dev/null |
358 | 358 | +++ b/fastrpz/librpz.h |
359 | 359 | @@ -0,0 +1,957 @@ |
1316 | 1316 | +#endif /* LIBRPZ_H */ |
1317 | 1317 | diff --git a/fastrpz/rpz.c b/fastrpz/rpz.c |
1318 | 1318 | new file mode 100644 |
1319 | index 0000000..c5ab780 | |
1319 | index 00000000..c5ab7801 | |
1320 | 1320 | --- /dev/null |
1321 | 1321 | +++ b/fastrpz/rpz.c |
1322 | 1322 | @@ -0,0 +1,1352 @@ |
2674 | 2674 | +#endif /* ENABLE_FASTRPZ */ |
2675 | 2675 | diff --git a/fastrpz/rpz.h b/fastrpz/rpz.h |
2676 | 2676 | new file mode 100644 |
2677 | index 0000000..5d7e31c | |
2677 | index 00000000..5d7e31c5 | |
2678 | 2678 | --- /dev/null |
2679 | 2679 | +++ b/fastrpz/rpz.h |
2680 | 2680 | @@ -0,0 +1,138 @@ |
2818 | 2818 | +#endif /* UNBOUND_FASTRPZ_RPZ_H */ |
2819 | 2819 | diff --git a/fastrpz/rpz.m4 b/fastrpz/rpz.m4 |
2820 | 2820 | new file mode 100644 |
2821 | index 0000000..2123535 | |
2821 | index 00000000..21235355 | |
2822 | 2822 | --- /dev/null |
2823 | 2823 | +++ b/fastrpz/rpz.m4 |
2824 | 2824 | @@ -0,0 +1,64 @@ |
2887 | 2887 | + fi |
2888 | 2888 | +]) |
2889 | 2889 | diff --git a/iterator/iterator.c b/iterator/iterator.c |
2890 | index c906c27..55bf218 100644 | |
2890 | index c906c271..55bf2180 100644 | |
2891 | 2891 | --- a/iterator/iterator.c |
2892 | 2892 | +++ b/iterator/iterator.c |
2893 | 2893 | @@ -68,6 +68,9 @@ |
3084 | 3084 | qstate->return_msg = iq->response; |
3085 | 3085 | return 0; |
3086 | 3086 | diff --git a/iterator/iterator.h b/iterator/iterator.h |
3087 | index a2f1b57..e1e4a73 100644 | |
3087 | index a2f1b570..e1e4a738 100644 | |
3088 | 3088 | --- a/iterator/iterator.h |
3089 | 3089 | +++ b/iterator/iterator.h |
3090 | 3090 | @@ -386,6 +386,16 @@ struct iter_qstate { |
3105 | 3105 | * Count number of time-outs. Used to prevent resolving failures when |
3106 | 3106 | * the QNAME minimisation QTYPE is blocked. */ |
3107 | 3107 | diff --git a/services/cache/dns.c b/services/cache/dns.c |
3108 | index aa4efec..5dd3412 100644 | |
3108 | index aa4efec7..5dd3412e 100644 | |
3109 | 3109 | --- a/services/cache/dns.c |
3110 | 3110 | +++ b/services/cache/dns.c |
3111 | 3111 | @@ -945,6 +945,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, |
3124 | 3124 | rep = reply_info_copy(msgrep, env->alloc, NULL); |
3125 | 3125 | if(!rep) |
3126 | 3126 | diff --git a/services/mesh.c b/services/mesh.c |
3127 | index d96289e..2e9f267 100644 | |
3127 | index 27f91940..f1bd4e90 100644 | |
3128 | 3128 | --- a/services/mesh.c |
3129 | 3129 | +++ b/services/mesh.c |
3130 | 3130 | @@ -60,6 +60,9 @@ |
3137 | 3137 | #include "respip/respip.h" |
3138 | 3138 | #include "services/listen_dnsport.h" |
3139 | 3139 | |
3140 | @@ -1072,6 +1075,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, | |
3140 | @@ -1076,6 +1079,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, | |
3141 | 3141 | else secure = 0; |
3142 | 3142 | if(!rep && rcode == LDNS_RCODE_NOERROR) |
3143 | 3143 | rcode = LDNS_RCODE_SERVFAIL; |
3151 | 3151 | /* send the reply */ |
3152 | 3152 | /* We don't reuse the encoded answer if either the previous or current |
3153 | 3153 | * response has a local alias. We could compare the alias records |
3154 | @@ -1247,6 +1257,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, | |
3154 | @@ -1255,6 +1265,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, | |
3155 | 3155 | key.s.is_valrec = valrec; |
3156 | 3156 | key.s.qinfo = *qinfo; |
3157 | 3157 | key.s.query_flags = qflags; |
3159 | 3159 | /* We are searching for a similar mesh state when we DO want to |
3160 | 3160 | * aggregate the state. Thus unique is set to NULL. (default when we |
3161 | 3161 | * desire aggregation).*/ |
3162 | @@ -1293,6 +1304,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, | |
3162 | @@ -1301,6 +1312,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, | |
3163 | 3163 | if(!r) |
3164 | 3164 | return 0; |
3165 | 3165 | r->query_reply = *rep; |
3171 | 3171 | if(edns->opt_list) { |
3172 | 3172 | r->edns.opt_list = edns_opt_copy_region(edns->opt_list, |
3173 | 3173 | diff --git a/util/config_file.c b/util/config_file.c |
3174 | index 9b60254..d791f8f 100644 | |
3174 | index 119b2223..ce43a234 100644 | |
3175 | 3175 | --- a/util/config_file.c |
3176 | 3176 | +++ b/util/config_file.c |
3177 | @@ -1418,6 +1418,8 @@ config_delete(struct config_file* cfg) | |
3177 | @@ -1434,6 +1434,8 @@ config_delete(struct config_file* cfg) | |
3178 | 3178 | free(cfg->dnstap_socket_path); |
3179 | 3179 | free(cfg->dnstap_identity); |
3180 | 3180 | free(cfg->dnstap_version); |
3182 | 3182 | + free(cfg->rpz_cstr); |
3183 | 3183 | config_deldblstrlist(cfg->ratelimit_for_domain); |
3184 | 3184 | config_deldblstrlist(cfg->ratelimit_below_domain); |
3185 | #ifdef USE_IPSECMOD | |
3185 | config_delstrlist(cfg->python_script); | |
3186 | 3186 | diff --git a/util/config_file.h b/util/config_file.h |
3187 | index 3cffdbf..e0fa1c8 100644 | |
3187 | index b3ef930a..56173b80 100644 | |
3188 | 3188 | --- a/util/config_file.h |
3189 | 3189 | +++ b/util/config_file.h |
3190 | @@ -490,6 +490,11 @@ struct config_file { | |
3190 | @@ -494,6 +494,11 @@ struct config_file { | |
3191 | 3191 | /** true to disable DNSSEC lameness check in iterator */ |
3192 | 3192 | int disable_dnssec_lame_check; |
3193 | 3193 | |
3200 | 3200 | int ip_ratelimit; |
3201 | 3201 | /** number of slabs for ip_ratelimit cache */ |
3202 | 3202 | diff --git a/util/configlexer.lex b/util/configlexer.lex |
3203 | index 16b5bc5..038045d 100644 | |
3203 | index 7a972908..2d03ffc7 100644 | |
3204 | 3204 | --- a/util/configlexer.lex |
3205 | 3205 | +++ b/util/configlexer.lex |
3206 | 3206 | @@ -439,6 +439,10 @@ dnstap-log-forwarder-query-messages{COLON} { |
3215 | 3215 | ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } |
3216 | 3216 | ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } |
3217 | 3217 | diff --git a/util/configparser.y b/util/configparser.y |
3218 | index c7b9169..bef15b5 100644 | |
3218 | index 10227a2f..a519fcc7 100644 | |
3219 | 3219 | --- a/util/configparser.y |
3220 | 3220 | +++ b/util/configparser.y |
3221 | 3221 | @@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser; |
3226 | 3226 | %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA |
3227 | 3227 | %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT |
3228 | 3228 | %token VAR_DISABLE_DNSSEC_LAME_CHECK |
3229 | @@ -170,7 +171,7 @@ extern struct config_parser_state* cfg_parser; | |
3229 | @@ -171,7 +172,7 @@ extern struct config_parser_state* cfg_parser; | |
3230 | 3230 | |
3231 | 3231 | %% |
3232 | 3232 | toplevelvars: /* empty */ | toplevelvars toplevelvar ; |
3235 | 3235 | forwardstart contents_forward | pythonstart contents_py | |
3236 | 3236 | rcstart contents_rc | dtstart contents_dt | viewstart contents_view | |
3237 | 3237 | dnscstart contents_dnsc | cachedbstart contents_cachedb | |
3238 | @@ -2710,6 +2711,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES | |
3238 | @@ -2726,6 +2727,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES | |
3239 | 3239 | free($2); |
3240 | 3240 | } |
3241 | 3241 | ; |
3287 | 3287 | { |
3288 | 3288 | OUTYY(("\nP(python:)\n")); |
3289 | 3289 | diff --git a/util/data/msgencode.c b/util/data/msgencode.c |
3290 | index 4c0a555..e51e9b8 100644 | |
3290 | index a51a4b9b..475dfce9 100644 | |
3291 | 3291 | --- a/util/data/msgencode.c |
3292 | 3292 | +++ b/util/data/msgencode.c |
3293 | 3293 | @@ -590,6 +590,35 @@ insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, |
3326 | 3326 | /** store query section in wireformat buffer, return RETVAL */ |
3327 | 3327 | static int |
3328 | 3328 | insert_query(struct query_info* qinfo, struct compress_tree_node** tree, |
3329 | @@ -753,6 +782,19 @@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, | |
3330 | return 0; | |
3329 | @@ -777,6 +806,19 @@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, | |
3330 | } | |
3331 | sldns_buffer_write_u16_at(buffer, 10, arcount); | |
3331 | 3332 | } |
3332 | sldns_buffer_write_u16_at(buffer, 10, arcount); | |
3333 | 3333 | +#ifdef ENABLE_FASTRPZ |
3334 | 3334 | + } else if(rep->security == sec_status_rpz_rewritten) { |
3335 | 3335 | + /* Insert the RPZ SOA for rpz even with MINIMAL_RESPONSES */ |
3347 | 3347 | sldns_buffer_flip(buffer); |
3348 | 3348 | return 1; |
3349 | 3349 | diff --git a/util/data/packed_rrset.c b/util/data/packed_rrset.c |
3350 | index 7b9d549..e44b2ce 100644 | |
3350 | index 7b9d5494..e44b2ce5 100644 | |
3351 | 3351 | --- a/util/data/packed_rrset.c |
3352 | 3352 | +++ b/util/data/packed_rrset.c |
3353 | 3353 | @@ -255,6 +255,10 @@ sec_status_to_string(enum sec_status s) |
3362 | 3362 | return "unknown_sec_status_value"; |
3363 | 3363 | } |
3364 | 3364 | diff --git a/util/data/packed_rrset.h b/util/data/packed_rrset.h |
3365 | index 3a5335d..2011321 100644 | |
3365 | index 3a5335dd..20113217 100644 | |
3366 | 3366 | --- a/util/data/packed_rrset.h |
3367 | 3367 | +++ b/util/data/packed_rrset.h |
3368 | 3368 | @@ -193,7 +193,15 @@ enum sec_status { |
3383 | 3383 | |
3384 | 3384 | /** |
3385 | 3385 | diff --git a/util/netevent.c b/util/netevent.c |
3386 | index b8b2a09..5ccc29a 100644 | |
3386 | index 9e2ba92b..06ede4e6 100644 | |
3387 | 3387 | --- a/util/netevent.c |
3388 | 3388 | +++ b/util/netevent.c |
3389 | 3389 | @@ -57,6 +57,9 @@ |
3426 | 3426 | if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for |
3427 | 3427 | another UDP port. Note rep.c cannot be reused with TCP fd. */ |
3428 | 3428 | break; |
3429 | @@ -3142,6 +3154,9 @@ comm_point_send_reply(struct comm_reply *repinfo) | |
3429 | @@ -3152,6 +3164,9 @@ comm_point_send_reply(struct comm_reply *repinfo) | |
3430 | 3430 | repinfo->c->tcp_timeout_msec); |
3431 | 3431 | } |
3432 | 3432 | } |
3436 | 3436 | } |
3437 | 3437 | |
3438 | 3438 | void |
3439 | @@ -3151,6 +3166,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) | |
3439 | @@ -3161,6 +3176,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) | |
3440 | 3440 | return; |
3441 | 3441 | log_assert(repinfo && repinfo->c); |
3442 | 3442 | log_assert(repinfo->c->type != comm_tcp_accept); |
3446 | 3446 | if(repinfo->c->type == comm_udp) |
3447 | 3447 | return; |
3448 | 3448 | if(repinfo->c->tcp_req_info) |
3449 | @@ -3172,6 +3190,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) | |
3449 | @@ -3182,6 +3200,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) | |
3450 | 3450 | { |
3451 | 3451 | verbose(VERB_ALGO, "comm point start listening %d (%d msec)", |
3452 | 3452 | c->fd==-1?newfd:c->fd, msec); |
3457 | 3457 | /* no use to start listening no free slots. */ |
3458 | 3458 | return; |
3459 | 3459 | diff --git a/util/netevent.h b/util/netevent.h |
3460 | index d80c72b..0233292 100644 | |
3460 | index d80c72b3..0233292f 100644 | |
3461 | 3461 | --- a/util/netevent.h |
3462 | 3462 | +++ b/util/netevent.h |
3463 | 3463 | @@ -120,6 +120,10 @@ struct comm_reply { |
3472 | 3472 | uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; |
3473 | 3473 | uint8_t nmkey[crypto_box_BEFORENMBYTES]; |
3474 | 3474 | diff --git a/validator/validator.c b/validator/validator.c |
3475 | index fa8d541..5628ef0 100644 | |
3475 | index fa8d5419..5628ef0b 100644 | |
3476 | 3476 | --- a/validator/validator.c |
3477 | 3477 | +++ b/validator/validator.c |
3478 | 3478 | @@ -2755,6 +2755,12 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, |
121 | 121 | #ifdef USE_DNSCRYPT |
122 | 122 | printf("DNSCrypt feature available\n"); |
123 | 123 | #endif |
124 | #ifdef USE_TCP_FASTOPEN | |
125 | printf("TCP Fastopen feature available\n"); | |
126 | #endif | |
124 | 127 | ub_event_base_free(base); |
125 | 128 | printf("\nBSD licensed, see LICENSE in source package for details.\n"); |
126 | 129 | printf("Report bugs to %s\n", PACKAGE_BUGREPORT); |
0 | 22 August 2019: Wouter | |
1 | - Fix that pkg-config is setup before --enable-systemd needs it. | |
2 | - 1.9.3rc2 release candidate tag. | |
3 | ||
4 | 21 August 2019: Wouter | |
5 | - Fix log_dns_msg to log irrespective of minimal responses config. | |
6 | ||
7 | 19 August 2019: Ralph | |
8 | - Document limitation of pidfile removal outside of chroot directory. | |
9 | ||
10 | 16 August 2019: Wouter | |
11 | - Fix unittest valgrind false positive uninitialised value report, | |
12 | where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0 | |
13 | issues an uninitialised value for the token buffer at the str2wire.c | |
14 | rrinternal_get_owner() strcmp with the '@' value. Rewritten to use | |
15 | straight character comparisons removes the false positive. Also | |
16 | valgrinds --expensive-definedness-checks=yes can stop this false | |
17 | positive. | |
18 | - Please doxygen's parser for "@" occurrence in doxygen comment. | |
19 | - Fixup contrib/fastrpz.patch | |
20 | - Remove warning about unknown cast-function-type warning pragma. | |
21 | ||
0 | 22 | 15 August 2019: Wouter |
1 | 23 | - iana portlist updated. |
2 | 24 | - Fix autotrust temp file uniqueness windows compile. |
4 | 26 | - escape commandline contents for -V. |
5 | 27 | - Fix character buffer size in ub_ctx_hosts. |
6 | 28 | - 1.9.3rc1 release candidate tag. |
29 | - Option -V prints if TCP fastopen is available. | |
7 | 30 | |
8 | 31 | 14 August 2019: George |
9 | 32 | - Fix #59, when compiled with systemd support check that we can properly |
0 | README for Unbound 1.9.3rc1 | |
0 | README for Unbound 1.9.3 | |
1 | 1 | Copyright 2007 NLnet Labs |
2 | 2 | http://unbound.net |
3 | 3 |
0 | 0 | # |
1 | 1 | # Example configuration file. |
2 | 2 | # |
3 | # See unbound.conf(5) man page, version 1.9.3rc1. | |
3 | # See unbound.conf(5) man page, version 1.9.3. | |
4 | 4 | # |
5 | 5 | # this is a comment. |
6 | 6 |
0 | .TH "libunbound" "3" "Aug 15, 2019" "NLnet Labs" "unbound 1.9.3rc1" | |
0 | .TH "libunbound" "3" "Aug 27, 2019" "NLnet Labs" "unbound 1.9.3" | |
1 | 1 | .\" |
2 | 2 | .\" libunbound.3 -- unbound library functions manual |
3 | 3 | .\" |
43 | 43 | .B ub_ctx_zone_remove, |
44 | 44 | .B ub_ctx_data_add, |
45 | 45 | .B ub_ctx_data_remove |
46 | \- Unbound DNS validating resolver 1.9.3rc1 functions. | |
46 | \- Unbound DNS validating resolver 1.9.3 functions. | |
47 | 47 | .SH "SYNOPSIS" |
48 | 48 | .B #include <unbound.h> |
49 | 49 | .LP |
0 | .TH "unbound-anchor" "8" "Aug 15, 2019" "NLnet Labs" "unbound 1.9.3rc1" | |
0 | .TH "unbound-anchor" "8" "Aug 27, 2019" "NLnet Labs" "unbound 1.9.3" | |
1 | 1 | .\" |
2 | 2 | .\" unbound-anchor.8 -- unbound anchor maintenance utility manual |
3 | 3 | .\" |
0 | .TH "unbound-checkconf" "8" "Aug 15, 2019" "NLnet Labs" "unbound 1.9.3rc1" | |
0 | .TH "unbound-checkconf" "8" "Aug 27, 2019" "NLnet Labs" "unbound 1.9.3" | |
1 | 1 | .\" |
2 | 2 | .\" unbound-checkconf.8 -- unbound configuration checker manual |
3 | 3 | .\" |
0 | .TH "unbound-control" "8" "Aug 15, 2019" "NLnet Labs" "unbound 1.9.3rc1" | |
0 | .TH "unbound-control" "8" "Aug 27, 2019" "NLnet Labs" "unbound 1.9.3" | |
1 | 1 | .\" |
2 | 2 | .\" unbound-control.8 -- unbound remote control manual |
3 | 3 | .\" |
0 | .TH "unbound\-host" "1" "Aug 15, 2019" "NLnet Labs" "unbound 1.9.3rc1" | |
0 | .TH "unbound\-host" "1" "Aug 27, 2019" "NLnet Labs" "unbound 1.9.3" | |
1 | 1 | .\" |
2 | 2 | .\" unbound-host.1 -- unbound DNS lookup utility |
3 | 3 | .\" |
0 | .TH "unbound" "8" "Aug 15, 2019" "NLnet Labs" "unbound 1.9.3rc1" | |
0 | .TH "unbound" "8" "Aug 27, 2019" "NLnet Labs" "unbound 1.9.3" | |
1 | 1 | .\" |
2 | 2 | .\" unbound.8 -- unbound manual |
3 | 3 | .\" |
8 | 8 | .\" |
9 | 9 | .SH "NAME" |
10 | 10 | .B unbound |
11 | \- Unbound DNS validating resolver 1.9.3rc1. | |
11 | \- Unbound DNS validating resolver 1.9.3. | |
12 | 12 | .SH "SYNOPSIS" |
13 | 13 | .B unbound |
14 | 14 | .RB [ \-h ] |
0 | .TH "unbound.conf" "5" "Aug 15, 2019" "NLnet Labs" "unbound 1.9.3rc1" | |
0 | .TH "unbound.conf" "5" "Aug 27, 2019" "NLnet Labs" "unbound 1.9.3" | |
1 | 1 | .\" |
2 | 2 | .\" unbound.conf.5 -- unbound.conf manual |
3 | 3 | .\" |
628 | 628 | The pidfile can be either a relative path to the working directory, or |
629 | 629 | an absolute path relative to the original root. It is written just prior |
630 | 630 | to chroot and dropping permissions. This allows the pidfile to be |
631 | /var/run/unbound.pid and the chroot to be /var/unbound, for example. | |
631 | /var/run/unbound.pid and the chroot to be /var/unbound, for example. Note that | |
632 | Unbound is not able to remove the pidfile after termination when it is located | |
633 | outside of the chroot directory. | |
632 | 634 | .IP |
633 | 635 | Additionally, unbound may need to access /dev/random (for entropy) |
634 | 636 | from inside the chroot. |
3 | 3 | %begin %{ |
4 | 4 | /* store state of warning output, restored at later pop */ |
5 | 5 | #pragma GCC diagnostic push |
6 | /* ignore warnings for pragma below, where for older GCC it can produce a | |
7 | warning if the cast-function-type warning is absent. */ | |
8 | #pragma GCC diagnostic ignored "-Wpragmas" | |
6 | 9 | /* ignore gcc8 METH_NOARGS function cast warnings for swig function pointers */ |
7 | 10 | #pragma GCC diagnostic ignored "-Wcast-function-type" |
8 | 11 | %} |
186 | 186 | sldns_buffer_position(strbuf)); |
187 | 187 | } |
188 | 188 | |
189 | if(strcmp(token, "@") == 0) { | |
189 | if(token[0]=='@' && token[1]=='\0') { | |
190 | 190 | uint8_t* tocopy; |
191 | 191 | if (origin) { |
192 | 192 | *dname_len = origin_len; |
145 | 145 | edns_known_options_delete(&env); |
146 | 146 | } |
147 | 147 | |
148 | /** true if addr is a localhost address, 127.0.0.1 or ::1 (@port) */ | |
148 | /** true if addr is a localhost address, 127.0.0.1 or ::1 (with maybe "@port" | |
149 | * after it) */ | |
149 | 150 | static int |
150 | 151 | str_addr_is_localhost(const char* a) |
151 | 152 | { |
178 | 178 | /* encode a couple times */ |
179 | 179 | for(i=0; i<max; i++) { |
180 | 180 | ret = reply_info_encode(qi, rep, id, flags, out, timenow, |
181 | r2, 65535, (int)(edns->bits & EDNS_DO) ); | |
181 | r2, 65535, (int)(edns->bits & EDNS_DO), 0); | |
182 | 182 | unit_assert(ret != 0); /* udp packets should fit */ |
183 | 183 | attach_edns_record(out, edns); |
184 | 184 | regional_free_all(r2); |
341 | 341 | } else if(!check_formerr_gone) { |
342 | 342 | const size_t lim = 512; |
343 | 343 | ret = reply_info_encode(&qi, rep, id, flags, out, timenow, |
344 | region, 65535, (int)(edns.bits & EDNS_DO) ); | |
344 | region, 65535, (int)(edns.bits & EDNS_DO), 0); | |
345 | 345 | unit_assert(ret != 0); /* udp packets should fit */ |
346 | 346 | attach_edns_record(out, &edns); |
347 | 347 | if(vbmp) printf("inlen %u outlen %u\n", |
356 | 356 | ret = reply_info_encode(&qi, rep, id, flags, out, |
357 | 357 | timenow, region, |
358 | 358 | lim - calc_edns_field_size(&edns), |
359 | (int)(edns.bits & EDNS_DO)); | |
359 | (int)(edns.bits & EDNS_DO), 0); | |
360 | 360 | unit_assert(ret != 0); /* should fit, but with TC */ |
361 | 361 | attach_edns_record(out, &edns); |
362 | 362 | if( LDNS_QDCOUNT(sldns_buffer_begin(out)) != |
663 | 663 | int |
664 | 664 | reply_info_encode(struct query_info* qinfo, struct reply_info* rep, |
665 | 665 | uint16_t id, uint16_t flags, sldns_buffer* buffer, time_t timenow, |
666 | struct regional* region, uint16_t udpsize, int dnssec) | |
666 | struct regional* region, uint16_t udpsize, int dnssec, int minimise) | |
667 | 667 | { |
668 | 668 | uint16_t ancount=0, nscount=0, arcount=0; |
669 | 669 | struct compress_tree_node* tree = 0; |
743 | 743 | sldns_buffer_write_u16_at(buffer, 6, ancount); |
744 | 744 | |
745 | 745 | /* if response is positive answer, auth/add sections are not required */ |
746 | if( ! (MINIMAL_RESPONSES && positive_answer(rep, qinfo->qtype)) ) { | |
746 | if( ! (minimise && positive_answer(rep, qinfo->qtype)) ) { | |
747 | 747 | /* insert auth section */ |
748 | 748 | if((r=insert_section(rep, rep->ns_numrrsets, &nscount, buffer, |
749 | 749 | rep->an_numrrsets, timenow, region, &tree, |
760 | 760 | } |
761 | 761 | sldns_buffer_write_u16_at(buffer, 8, nscount); |
762 | 762 | |
763 | if(! (MINIMAL_RESPONSES && negative_answer(rep))) { | |
763 | if(! (minimise && negative_answer(rep))) { | |
764 | 764 | /* insert add section */ |
765 | 765 | if((r=insert_section(rep, rep->ar_numrrsets, &arcount, buffer, |
766 | 766 | rep->an_numrrsets + rep->ns_numrrsets, timenow, region, |
873 | 873 | } |
874 | 874 | |
875 | 875 | if(!reply_info_encode(qinf, rep, id, flags, pkt, timenow, region, |
876 | udpsize, dnssec)) { | |
876 | udpsize, dnssec, MINIMAL_RESPONSES)) { | |
877 | 877 | log_err("reply encode: out of memory"); |
878 | 878 | return 0; |
879 | 879 | } |
84 | 84 | * @param region: to store temporary data in. |
85 | 85 | * @param udpsize: size of the answer, 512, from EDNS, or 64k for TCP. |
86 | 86 | * @param dnssec: if 0 DNSSEC records are omitted from the answer. |
87 | * @param minimise: if true, the answer is a minimal response, with | |
88 | * authority and additional removed if possible. | |
87 | 89 | * @return: nonzero is success, or |
88 | 90 | * 0 on error: malloc failure (no log_err has been done). |
89 | 91 | */ |
90 | 92 | int reply_info_encode(struct query_info* qinfo, struct reply_info* rep, |
91 | 93 | uint16_t id, uint16_t flags, struct sldns_buffer* buffer, time_t timenow, |
92 | struct regional* region, uint16_t udpsize, int dnssec); | |
94 | struct regional* region, uint16_t udpsize, int dnssec, int minimise); | |
93 | 95 | |
94 | 96 | /** |
95 | 97 | * Encode query packet. Assumes the buffer is large enough. |
818 | 818 | sldns_buffer* buf = sldns_buffer_new(65535); |
819 | 819 | struct regional* region = regional_create(); |
820 | 820 | if(!reply_info_encode(qinfo, rep, 0, rep->flags, buf, 0, |
821 | region, 65535, 1)) { | |
821 | region, 65535, 1, 0)) { | |
822 | 822 | log_info("%s: log_dns_msg: out of memory", str); |
823 | 823 | } else { |
824 | 824 | char* s = sldns_wire2str_pkt(sldns_buffer_begin(buf), |