From: George Thessalonikefs Date: Tue, 3 Oct 2023 12:49:40 +0000 (+0200) Subject: - Merge #881: Generalise the proxy protocol code. X-Git-Tag: release-1.19.0rc1~38 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=13d4504dfcd207ca92f6eeda5b271849c6fd415a;p=thirdparty%2Funbound.git - Merge #881: Generalise the proxy protocol code. --- 13d4504dfcd207ca92f6eeda5b271849c6fd415a diff --cc daemon/worker.c index 8c6fa3b9a,46331376d..2433f97dd --- a/daemon/worker.c +++ b/daemon/worker.c @@@ -66,9 -66,9 +66,10 @@@ #include "util/data/msgencode.h" #include "util/data/dname.h" #include "util/fptr_wlist.h" + #include "util/proxy_protocol.h" #include "util/tube.h" #include "util/edns.h" +#include "util/timeval_func.h" #include "iterator/iter_fwd.h" #include "iterator/iter_hints.h" #include "iterator/iter_utils.h" diff --cc doc/Changelog index cc79cc3c8,a5fb8460e..22029a89b --- a/doc/Changelog +++ b/doc/Changelog @@@ -1,250 -1,3 +1,253 @@@ ++3 October 2023: George ++ - Merge #881: Generalise the proxy protocol code. ++ +2 October 2023: George + - Fix misplaced comment. + +22 September 2023: Wouter + - Fix #942: 1.18.0 libunbound DNS regression when built without + OpenSSL. + +18 September 2023: Wouter + - Fix rpz tcp-only action with rpz triggers nsdname and nsip. + +15 September 2023: Wouter + - Merge #936: Check for c99 with autoconf versions prior to 2.70. + - Fix to remove two c99 notations. + +14 September 2023: Wouter + - Fix authority zone answers for obscured DNAMEs and delegations. + +8 September 2023: Wouter + - Fix send of udp retries when ENOBUFS is returned. It stops looping + and also waits for the condition to go away. Reported by Florian + Obser. + +7 September 2023: Wouter + - Fix to scrub resource records of type A and AAAA that have an + inappropriate size. They are removed from responses. + - Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. + - Fix to add EDE text when RRs have been removed due to length. + - Fix to set ede match in unit test for rr length removal. + - Fix to print EDE text in readable form in output logs. + +6 September 2023: Wouter + - Merge #931: Prevent warnings from -Wmissing-prototypes. + +31 August 2023: Wouter + - Fix autoconf 2.69 warnings in configure. + - Fix #927: unbound 1.18.0 make test error. Fix make test without SHA1. + +30 August 2023: Wouter + - Fix for WKS call to getservbyname that creates allocation on exit + in unit test by testing numbers first and testing from the services + list later. + +28 August 2023: Wouter + - Fix for version generation race condition that ignored changes. + +25 August 2023: Wouter + - Fix compile error on NetBSD in util/netevent.h. + +23 August 2023: Wouter + - Tag for 1.18.0rc1 release. This became the 1.18.0 release on + 30 aug 2023, with the fix from 25 aug, fix compile on NetBSD + included. The repository continues with version 1.18.1. + +22 August 2023: Wouter + - Set version number to 1.18.0. + +21 August 2023: Wouter + - Debug Windows ci workflow. + - Fix windows ci workflow to install bison and flex. + - Fix for #925: unbound.service: Main process exited, code=killed, + status=11/SEGV. Fixes cachedb configuration handling. + - Fix #923: processQueryResponse() THROWAWAY should be mindful of + fail_reply. + - Fix unit test for unbound-control to work when threads are disabled, + and fix cache dump check. + +18 August 2023: Wouter + - Fix for iter_dec_attempts that could cause a hang, part of + capsforid and qname minimisation, depending on the settings. + - Fix uninitialized memory passed in padding bytes of cmsg to sendmsg. + - Fix stat_values test to work with dig that enables DNS cookies. + +17 August 2023: Wouter + - Merge PR #762: Downstream DNS Server Cookies a la RFC7873 and + RFC9018. Create server cookies for clients that send client cookies. + This needs to be explicitly turned on in the config file with: + `answer-cookie: yes`. A `cookie-secret:` can be configured for + anycast setups. Without one, a random cookie secret is generated. + The acl option `allow_cookie` allows queries with either a valid + cookie or over a stateful transport. The statistics output has + `queries_cookie_valid` and `queries_cookie_client` and + `queries_cookie_invalid` information. The `ip\-ratelimit\-cookie:` + value determines a rate limit for queries with cookies, if desired. + - Fix regional_alloc_init for potential unaligned source of the copy. + - Fix ip_ratelimit test to work with dig that enables DNS cookies. + +2 August 2023: George + - Move a cache reply callback in worker.c closer to the cache reply + generation. + +1 August 2023: George + - Merge #911 from natalie-reece: Exclude EDE before other EDNS options + when there isn't enough space. + - For #911: Try to trim EXTRA-TEXT (and LDNS_EDE_OTHER options + altogether) before giving up on attaching EDE options. + - More braces and formatting for Fix for EDNS EDE size calculation to + avoid future bugs. + - Fix to use the now cached EDE, if any, for CD_bit queries. + +1 August 2023: Wouter + - Fix for EDNS EDE size calculation. + +31 July 2023: George + - Merge #790 from Tom Carpay: Add support for EDE caching in cachedb + and subnetcache. + +31 July 2023: Wouter + - iana portlist update. + +30 July 2023: George + - Merge #759 from Tom Carpay: Add EDE (RFC8914) caching. + +28 July 2023: George + - Fix unused variable compile warning for kernel timestamps in + netevent.c + +21 July 2023: George + - Merge #857 from eaglegai: fix potential memory leaks when errors + happen. + - For #857: fix mixed declarations and code. + - Merge #118 from mibere: Changed verbosity level for Redis init & + deinit. + - Merge #390 from Frank Riley: Add missing callbacks to the python + module. + - Cleaner failure code for callback functions in interface.i. + - Merge #889 from borisVanhoof: Free memory in error case + remove + unused function. + - For #889: use netcat-openbsd instead of netcat-traditional. + - For #889: Account for num_detached_states before possible + mesh_state_delete when erroring out. + +20 July 2023: George + - Merge #909 from headshog: Numeric truncation when parsing TYPEXX and + CLASSXX representation. + - For #909: Fix return values. + - Merge #901 from Sergei Trofimovich: config: improve handling of + unknown modules. + +20 July 2023: Wouter + - For #909: Fix RR class comparison. + +14 July 2023: George + - More clear description of the different auth-zone behaviors on the + man page. + +13 July 2023: George + - Merge #880 from chipitsine: services/authzone.c: remove redundant + check. + +11 July 2023: George + - Merge #664 from tilan7763: Add prefetch support for subnet cache + entries. + - For #664: Easier code flow for subnetcache prefetching. + - For #664: Add testcase. + - For #664: Rename subnet_prefetch tests to subnet_global_prefetch to + differentiate from the new subnet prefetch support. + +3 July 2023: George + - Merge #739: Add SVCB dohpath support. + - Code cleanup for sldns_str2wire_svcparam_key_lookup. + - Merge #802: add validation EDEs to queries where the CD bit is set. + - For #802: Cleanup comments and add RCODE check for CD bit test case. + - Skip the 00-lint test. splint is not maintained; it either does not + work or produces false positives. Static analysis is handled in the + clang test. + +3 July 2023: Wouter + - Fix #906: warning: ‘Py_SetProgramName’ is deprecated. + - Fix dereference of NULL variable warning in mesh_do_callback. + +29 June 2023: George + - More fixes for reference counting for python module and clean up + failure code. + - Merge #827 from rcmcdonald91: Eliminate unnecessary Python reloading + which causes memory leaks. + +29 June 2023: Wouter + - Fix python modules with multiple scripts, by incrementing reference + counts. + +27 June 2023: George + - Merge #892: Add cachedb hit stat. Introduces 'num.query.cachedb' as + a new statistical counter. + - Remove warning about unknown cast-function-type warning pragma. + +22 June 2023: Wouter + - Merge #903: contrib: add yocto compatible init script. + +15 June 2023: Philip + - Fix for issue #887 (Timeouts to forward servers on BSD based + system with ASLR) + - Probably fixes #516 (Stream reuse does not work on Windows) as well + +14 June 2023: George + - Properly handle all return values of worker_check_request during + early EDE code. + - Do not check the incoming request more than once. + +12 June 2023: Wouter + - Merge #896: Fix: #895: pythonmodule: add all site-packages + directories to sys.path. + - Fix #895: python + sysconfig gives ANOTHER path comparing to + distutils. + - Fix for uncertain unit test for doh buffer size events. + +25 May 2023: Wouter + - Fix unbound-dnstap-socket printout when no query is present. + - Fix unbound-dnstap-socket time fraction conversion for printout. + +19 May 2023: Wouter + - Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR. + - Fix to remove unused variables from RPZ clientip data structure. + +16 May 2023: Wouter + - Fix #888: [FR] Use kernel timestamps for dnstap. + - Fix to print debug log for ancillary data with correct IP address. + +11 May 2023: Wouter + - Fix warning in windows compile, in set_recvtimestamp. + +4 May 2023: Wouter + - Fix #885: Error: util/configlexer.c: No such file or directory, + adds error messages explaining to install flex and bison. + - Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h. + - Fix doxygen in addr_to_nat64 header definition. + +1 May 2023: George + - Merge #722 from David 'eqvinox' Lamparter: NAT64 support. + - For #722: minor fixes, formatting, refactoring. + +1 May 2023: Wouter + - Fix RPZ IP responses with trigger rpz-drop on cache entries, that + they are dropped. + +26 April 2023: Philip + - Fix issue #860: Bad interaction with 0 TTL records and serve-expired + +26 April 2023: Wouter + - Merge #882 from vvfedorenko: Features/dropqueuedpackets, with + sock-queue-timeout option that drops packets that have been in the + socket queue for too long. Added statistics num.queries_timed_out + and query.queue_time_us.max that track the socket queue timeouts. + - Fix for #882: small changes, date updated in Copyright for + util/timeval_func.c and util/timeval_func.h. Man page entries and + example entry. + - Fix for #882: document variable to stop doxygen warning. + 19 April 2023: Wouter - Fix for #878: Invalid IP address in unbound.conf causes Segmentation Fault on OpenBSD. diff --cc testcode/streamtcp.c index 84d2b65f6,0cd9f185f..ef762c161 --- a/testcode/streamtcp.c +++ b/testcode/streamtcp.c @@@ -130,17 -157,23 +157,32 @@@ write_q(int fd, int udp, SSL* ssl, sldn exit(1); } -- /* qtype and qclass */ - qinfo.qtype = sldns_get_rr_type_by_name(strtype); - if(qinfo.qtype == 0 && strcmp(strtype, "TYPE0") != 0) { - printf("cannot parse query type: '%s'\n", strtype); - exit(1); ++ /* qtype */ + if(strncasecmp(strtype, "IXFR=", 5) == 0) { + serial = (uint32_t)atoi(strtype+5); + have_serial = 1; + qinfo.qtype = LDNS_RR_TYPE_IXFR; + } else if(strcasecmp(strtype, "NOTIFY") == 0) { + is_notify = 1; + qinfo.qtype = LDNS_RR_TYPE_SOA; + } else if(strncasecmp(strtype, "NOTIFY=", 7) == 0) { + serial = (uint32_t)atoi(strtype+7); + have_serial = 1; + is_notify = 1; + qinfo.qtype = LDNS_RR_TYPE_SOA; + } else { + qinfo.qtype = sldns_get_rr_type_by_name(strtype); ++ if(qinfo.qtype == 0 && strcmp(strtype, "TYPE0") != 0) { ++ printf("cannot parse query type: '%s'\n", strtype); ++ exit(1); ++ } } ++ /* qclass */ qinfo.qclass = sldns_get_rr_class_by_name(strclass); + if(qinfo.qclass == 0 && strcmp(strclass, "CLASS0") != 0) { + printf("cannot parse query class: '%s'\n", strclass); + exit(1); + } /* clear local alias */ qinfo.local_alias = NULL;