---
Index: unboundfastrpz/Makefile.in
===================================================================
---- unboundfastrpz/Makefile.in (revision 4987)
+--- unboundfastrpz/Makefile.in (revision 5073)
+++ unboundfastrpz/Makefile.in (working copy)
@@ -23,6 +23,8 @@
CHECKLOCK_OBJ=@CHECKLOCK_OBJ@
pythonmod/interface.h \
Index: unboundfastrpz/config.h.in
===================================================================
---- unboundfastrpz/config.h.in (revision 4987)
+--- unboundfastrpz/config.h.in (revision 5073)
+++ unboundfastrpz/config.h.in (working copy)
-@@ -1275,4 +1275,11 @@
+@@ -1293,4 +1293,11 @@
/** the version of unbound-control that this software implements */
#define UNBOUND_CONTROL_VERSION 1
+#undef ENABLE_FASTRPZ
Index: unboundfastrpz/configure.ac
===================================================================
---- unboundfastrpz/configure.ac (revision 4987)
+--- unboundfastrpz/configure.ac (revision 5073)
+++ unboundfastrpz/configure.ac (working copy)
@@ -6,6 +6,7 @@
sinclude(acx_python.m4)
sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
-@@ -1573,6 +1574,9 @@
+@@ -1575,6 +1576,9 @@
;;
esac
# on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
Index: unboundfastrpz/daemon/daemon.c
===================================================================
---- unboundfastrpz/daemon/daemon.c (revision 4987)
+--- unboundfastrpz/daemon/daemon.c (revision 5073)
+++ unboundfastrpz/daemon/daemon.c (working copy)
@@ -91,6 +91,9 @@
#include "sldns/keyraw.h"
Index: unboundfastrpz/daemon/daemon.h
===================================================================
---- unboundfastrpz/daemon/daemon.h (revision 4987)
+--- unboundfastrpz/daemon/daemon.h (revision 5073)
+++ unboundfastrpz/daemon/daemon.h (working copy)
@@ -136,6 +136,11 @@
/** the dnscrypt environment */
/**
Index: unboundfastrpz/daemon/worker.c
===================================================================
---- unboundfastrpz/daemon/worker.c (revision 4987)
+--- unboundfastrpz/daemon/worker.c (revision 5073)
+++ unboundfastrpz/daemon/worker.c (working copy)
@@ -75,6 +75,9 @@
#include "libunbound/context.h"
verbose(VERB_ALGO, "answer norec from cache -- "
Index: unboundfastrpz/doc/unbound.conf.5.in
===================================================================
---- unboundfastrpz/doc/unbound.conf.5.in (revision 4987)
+--- unboundfastrpz/doc/unbound.conf.5.in (revision 5073)
+++ unboundfastrpz/doc/unbound.conf.5.in (working copy)
-@@ -1745,6 +1745,81 @@
+@@ -1781,6 +1781,81 @@
used by dns64 processing instead. Can be entered multiple times, list a
new domain for which it applies, one per line. Applies also to names
underneath the name given.
+])
Index: unboundfastrpz/iterator/iterator.c
===================================================================
---- unboundfastrpz/iterator/iterator.c (revision 4987)
+--- unboundfastrpz/iterator/iterator.c (revision 5073)
+++ unboundfastrpz/iterator/iterator.c (working copy)
@@ -68,6 +68,9 @@
#include "sldns/str2wire.h"
if(type == RESPONSE_TYPE_CNAME) {
uint8_t* sname = 0;
size_t slen = 0;
-@@ -2695,6 +2733,62 @@
+@@ -2694,6 +2732,62 @@
sock_list_insert(&qstate->reply_origin,
&qstate->reply->addr, qstate->reply->addrlen,
qstate->region);
if(iq->minimisation_state != DONOT_MINIMISE_STATE
&& !(iq->chase_flags & BIT_RD)) {
if(FLAGS_GET_RCODE(iq->response->rep->flags) !=
-@@ -3441,6 +3535,10 @@
+@@ -3440,6 +3534,10 @@
* but only if we did recursion. The nonrecursion referral
* from cache does not need to be stored in the msg cache. */
if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) {
iter_dns_store(qstate->env, &qstate->qinfo,
iq->response->rep, 0, qstate->prefetch_leeway,
iq->dp&&iq->dp->has_parent_side_NS,
-@@ -3447,6 +3545,34 @@
+@@ -3446,6 +3544,34 @@
qstate->region, qstate->query_flags);
}
}
return 0;
Index: unboundfastrpz/iterator/iterator.h
===================================================================
---- unboundfastrpz/iterator/iterator.h (revision 4987)
+--- unboundfastrpz/iterator/iterator.h (revision 5073)
+++ unboundfastrpz/iterator/iterator.h (working copy)
@@ -386,6 +386,16 @@
*/
* the QNAME minimisation QTYPE is blocked. */
Index: unboundfastrpz/services/cache/dns.c
===================================================================
---- unboundfastrpz/services/cache/dns.c (revision 4987)
+--- unboundfastrpz/services/cache/dns.c (revision 5073)
+++ unboundfastrpz/services/cache/dns.c (working copy)
@@ -939,6 +939,14 @@
struct regional* region, uint32_t flags)
if(!rep)
Index: unboundfastrpz/services/mesh.c
===================================================================
---- unboundfastrpz/services/mesh.c (revision 4987)
+--- unboundfastrpz/services/mesh.c (revision 5073)
+++ unboundfastrpz/services/mesh.c (working copy)
@@ -60,6 +60,9 @@
#include "sldns/wire2str.h"
+#include "fastrpz/rpz.h"
+#endif
#include "respip/respip.h"
+ #include "services/listen_dnsport.h"
- /** subtract timers and the values do not overflow or become negative */
-@@ -1057,6 +1060,13 @@
+@@ -1072,6 +1075,13 @@
else secure = 0;
if(!rep && rcode == LDNS_RCODE_NOERROR)
rcode = LDNS_RCODE_SERVFAIL;
/* send the reply */
/* We don't reuse the encoded answer if either the previous or current
* response has a local alias. We could compare the alias records
-@@ -1230,6 +1240,7 @@
+@@ -1247,6 +1257,7 @@
key.s.is_valrec = valrec;
key.s.qinfo = *qinfo;
key.s.query_flags = qflags;
/* We are searching for a similar mesh state when we DO want to
* aggregate the state. Thus unique is set to NULL. (default when we
* desire aggregation).*/
-@@ -1276,6 +1287,10 @@
+@@ -1293,6 +1304,10 @@
if(!r)
return 0;
r->query_reply = *rep;
r->edns.opt_list = edns_opt_copy_region(edns->opt_list,
Index: unboundfastrpz/util/config_file.c
===================================================================
---- unboundfastrpz/util/config_file.c (revision 4987)
+--- unboundfastrpz/util/config_file.c (revision 5073)
+++ unboundfastrpz/util/config_file.c (working copy)
-@@ -1401,6 +1401,8 @@
+@@ -1418,6 +1418,8 @@
free(cfg->dnstap_socket_path);
free(cfg->dnstap_identity);
free(cfg->dnstap_version);
#ifdef USE_IPSECMOD
Index: unboundfastrpz/util/config_file.h
===================================================================
---- unboundfastrpz/util/config_file.h (revision 4987)
+--- unboundfastrpz/util/config_file.h (revision 5073)
+++ unboundfastrpz/util/config_file.h (working copy)
-@@ -480,6 +480,11 @@
+@@ -490,6 +490,11 @@
/** true to disable DNSSEC lameness check in iterator */
int disable_dnssec_lame_check;
/** number of slabs for ip_ratelimit cache */
Index: unboundfastrpz/util/configlexer.lex
===================================================================
---- unboundfastrpz/util/configlexer.lex (revision 4987)
+--- unboundfastrpz/util/configlexer.lex (revision 5073)
+++ unboundfastrpz/util/configlexer.lex (working copy)
-@@ -434,6 +434,10 @@
+@@ -439,6 +439,10 @@
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) }
dnstap-log-forwarder-response-messages{COLON} {
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) }
ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) }
Index: unboundfastrpz/util/configparser.y
===================================================================
---- unboundfastrpz/util/configparser.y (revision 4987)
+--- unboundfastrpz/util/configparser.y (revision 5073)
+++ unboundfastrpz/util/configparser.y (working copy)
@@ -125,6 +125,7 @@
%token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
%token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
%token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
%token VAR_DISABLE_DNSSEC_LAME_CHECK
-@@ -168,7 +169,7 @@
+@@ -170,7 +171,7 @@
%%
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
forwardstart contents_forward | pythonstart contents_py |
rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
dnscstart contents_dnsc | cachedbstart contents_cachedb |
-@@ -2639,6 +2640,50 @@
- (strcmp($2, "yes")==0);
+@@ -2708,6 +2709,50 @@
+ free($2);
}
;
+rpzstart: VAR_RPZ
OUTYY(("\nP(python:)\n"));
Index: unboundfastrpz/util/data/msgencode.c
===================================================================
---- unboundfastrpz/util/data/msgencode.c (revision 4987)
+--- unboundfastrpz/util/data/msgencode.c (revision 5073)
+++ unboundfastrpz/util/data/msgencode.c (working copy)
@@ -590,6 +590,35 @@
return RETVAL_OK;
return 1;
Index: unboundfastrpz/util/data/packed_rrset.c
===================================================================
---- unboundfastrpz/util/data/packed_rrset.c (revision 4987)
+--- unboundfastrpz/util/data/packed_rrset.c (revision 5073)
+++ unboundfastrpz/util/data/packed_rrset.c (working copy)
@@ -255,6 +255,10 @@
case sec_status_insecure: return "sec_status_insecure";
}
Index: unboundfastrpz/util/data/packed_rrset.h
===================================================================
---- unboundfastrpz/util/data/packed_rrset.h (revision 4987)
+--- unboundfastrpz/util/data/packed_rrset.h (revision 5073)
+++ unboundfastrpz/util/data/packed_rrset.h (working copy)
@@ -193,7 +193,15 @@
sec_status_secure_sentinel_fail,
/**
Index: unboundfastrpz/util/netevent.c
===================================================================
---- unboundfastrpz/util/netevent.c (revision 4987)
+--- unboundfastrpz/util/netevent.c (revision 5073)
+++ unboundfastrpz/util/netevent.c (working copy)
-@@ -56,6 +56,9 @@
+@@ -57,6 +57,9 @@
#ifdef HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
#endif
/* -------- Start of local definitions -------- */
/** if CMSG_ALIGN is not defined on this platform, a workaround */
-@@ -588,6 +591,9 @@
+@@ -590,6 +593,9 @@
struct cmsghdr* cmsg;
#endif /* S_SPLINT_S */
rep.c = (struct comm_point*)arg;
log_assert(rep.c->type == comm_udp);
-@@ -677,6 +683,9 @@
+@@ -679,6 +685,9 @@
int i;
struct sldns_buffer *buffer;
rep.c = (struct comm_point*)arg;
log_assert(rep.c->type == comm_udp);
-@@ -720,6 +729,9 @@
+@@ -722,6 +731,9 @@
(void)comm_point_send_udp_msg(rep.c, buffer,
(struct sockaddr*)&rep.addr, rep.addrlen);
}
if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for
another UDP port. Note rep.c cannot be reused with TCP fd. */
break;
-@@ -3035,6 +3047,9 @@
- comm_point_start_listening(repinfo->c, -1,
- repinfo->c->tcp_timeout_msec);
+@@ -3108,6 +3120,9 @@
+ repinfo->c->tcp_timeout_msec);
+ }
}
+#ifdef ENABLE_FASTRPZ
+ rpz_end(repinfo);
}
void
-@@ -3044,6 +3059,9 @@
+@@ -3117,6 +3132,9 @@
return;
log_assert(repinfo && repinfo->c);
log_assert(repinfo->c->type != comm_tcp_accept);
+#endif
if(repinfo->c->type == comm_udp)
return;
- reclaim_tcp_handler(repinfo->c);
-@@ -3063,6 +3081,9 @@
+ if(repinfo->c->tcp_req_info)
+@@ -3138,6 +3156,9 @@
{
verbose(VERB_ALGO, "comm point start listening %d",
c->fd==-1?newfd:c->fd);
return;
Index: unboundfastrpz/util/netevent.h
===================================================================
---- unboundfastrpz/util/netevent.h (revision 4987)
+--- unboundfastrpz/util/netevent.h (revision 5073)
+++ unboundfastrpz/util/netevent.h (working copy)
@@ -120,6 +120,10 @@
/** return type 0 (none), 4(IP4), 6(IP6) */
uint8_t nmkey[crypto_box_BEFORENMBYTES];
Index: unboundfastrpz/validator/validator.c
===================================================================
---- unboundfastrpz/validator/validator.c (revision 4987)
+--- unboundfastrpz/validator/validator.c (revision 5073)
+++ unboundfastrpz/validator/validator.c (working copy)
@@ -2755,6 +2755,12 @@
default:
projects / thirdparty / unbound.git / commitdiff
