Author: fastrpz@farsightsecurity.com
---
diff --git a/Makefile.in b/Makefile.in
-index 9660c49a..8b078201 100644
+index 721c01b6..56bfb560 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c
COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
outside_network.lo
COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo
-@@ -408,6 +410,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \
+@@ -409,6 +411,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \
$(srcdir)/util/config_file.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h
pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \
pythonmod/interface.h \
diff --git a/config.h.in b/config.h.in
-index d8ec50a6..bf6dc973 100644
+index 8c2aa3b9..efaf6450 100644
--- a/config.h.in
+++ b/config.h.in
-@@ -1319,4 +1319,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
+@@ -1325,4 +1325,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
/** the version of unbound-control that this software implements */
#define UNBOUND_CONTROL_VERSION 1
+/** turn on fastrpz response policy zones */
+#undef ENABLE_FASTRPZ
diff --git a/configure.ac b/configure.ac
-index d8a1ac95..4f1106a0 100644
+index 5276d441..9d74592e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,6 +6,7 @@ sinclude(ax_pthread.m4)
sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
-@@ -1684,6 +1685,9 @@ case "$enable_ipset" in
+@@ -1726,6 +1727,9 @@ case "$enable_ipset" in
;;
esac
# on openBSD, the implicit rule make $< work.
# on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
diff --git a/daemon/daemon.c b/daemon/daemon.c
-index e09138cb..efad0532 100644
+index 0b1200a2..5857c18b 100644
--- a/daemon/daemon.c
+++ b/daemon/daemon.c
@@ -91,6 +91,9 @@
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
-@@ -460,6 +463,14 @@ daemon_create_workers(struct daemon* daemon)
+@@ -458,6 +461,14 @@ daemon_create_workers(struct daemon* daemon)
dt_apply_cfg(daemon->dtenv, daemon->cfg);
#else
fatal_exit("dnstap enabled in config but not built with dnstap support");
#endif
}
for(i=0; i<daemon->num; i++) {
-@@ -726,6 +737,9 @@ daemon_cleanup(struct daemon* daemon)
+@@ -724,6 +735,9 @@ daemon_cleanup(struct daemon* daemon)
#ifdef USE_DNSCRYPT
dnsc_delete(daemon->dnscenv);
daemon->dnscenv = NULL;
/**
diff --git a/daemon/worker.c b/daemon/worker.c
-index 263fcddf..e6bc84bd 100644
+index e2ce0e87..f031c656 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -75,6 +75,9 @@
rep = reply_info_copy(msgrep, env->alloc, NULL);
if(!rep)
diff --git a/services/mesh.c b/services/mesh.c
-index 27f91940..f1bd4e90 100644
+index d4f814d5..624a9d95 100644
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -60,6 +60,9 @@
/**
diff --git a/util/netevent.c b/util/netevent.c
-index c54c570f..c45699d5 100644
+index 980bb8be..d537d288 100644
--- a/util/netevent.c
+++ b/util/netevent.c
@@ -57,6 +57,9 @@
void
@@ -3193,6 +3208,9 @@ comm_point_drop_reply(struct comm_reply* repinfo)
return;
- log_assert(repinfo && repinfo->c);
+ log_assert(repinfo->c);
log_assert(repinfo->c->type != comm_tcp_accept);
+#ifdef ENABLE_FASTRPZ
+ rpz_end(repinfo);
uint8_t client_nonce[crypto_box_HALF_NONCEBYTES];
uint8_t nmkey[crypto_box_BEFORENMBYTES];
diff --git a/validator/validator.c b/validator/validator.c
-index fa8d5419..5628ef0b 100644
+index 4c560a8e..71de3760 100644
--- a/validator/validator.c
+++ b/validator/validator.c
@@ -2755,6 +2755,12 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
projects / thirdparty / unbound.git / commitdiff
