From: W.C.A. Wijngaards Date: Mon, 1 Jul 2024 12:36:33 +0000 (+0200) Subject: Merge branch 'master' of https://github.com/madroach/unbound into ipset-pf-support X-Git-Tag: release-1.21.0rc1~48^2~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3953f827fb9532d00955259a09c0a1c0390f57ae;p=thirdparty%2Funbound.git Merge branch 'master' of https://github.com/madroach/unbound into ipset-pf-support --- 3953f827fb9532d00955259a09c0a1c0390f57ae diff --cc cachedb/cachedb.c index 0b355e0d3,e2a714cb0..d610c4f19 --- a/cachedb/cachedb.c +++ b/cachedb/cachedb.c @@@ -240,8 -228,8 +240,8 @@@ cachedb_apply_cfg(struct cachedb_env* c return 1; } -int +int - cachedb_init(struct module_env* env, int id) + cachedb_setup(struct module_env* env, int id) { struct cachedb_env* cachedb_env = (struct cachedb_env*)calloc(1, sizeof(struct cachedb_env)); @@@ -270,8 -258,17 +270,8 @@@ return 1; } -void +void - cachedb_deinit(struct module_env* env, int id) + cachedb_desetup(struct module_env* env, int id) { struct cachedb_env* cachedb_env; if(!env || !env->modinfo[id]) diff --cc config.h.in index 2ffb487a5,77a8a87d7..88347fe4d --- a/config.h.in +++ b/config.h.in @@@ -406,6 -384,9 +406,9 @@@ /* Define to 1 if you have the header file. */ #undef HAVE_NET_IF_H ++/* Define to 1 if you have the header file. */ ++#undef HAVE_NET_PFVAR_H ++ /* Define this to use nghttp2 client. */ #undef HAVE_NGHTTP2 diff --cc configure index f343fac9f,91575b2f5..9dc603045 --- a/configure +++ b/configure @@@ -24317,44 -21553,58 +24317,62 @@@ printf "%s\n" "#define USE_IPSET 1" >>c IPSET_OBJ="ipset.lo" - # mnl + # BSD's pf - for ac_header in net/pfvar.h ++ for ac_header in net/pfvar.h + do : + ac_fn_c_check_header_compile "$LINENO" "net/pfvar.h" "ac_cv_header_net_pfvar_h" " + #include + #include + + " -if test "x$ac_cv_header_net_pfvar_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NET_PFVAR_H 1 -_ACEOF ++if test "x$ac_cv_header_net_pfvar_h" = xyes ++then : ++ printf "%s\n" "#define HAVE_NET_PFVAR_H 1" >>confdefs.h + -else ++else $as_nop + - # mnl ++ # mnl # Check whether --with-libmnl was given. -if test "${with_libmnl+set}" = set; then : +if test ${with_libmnl+y} +then : withval=$with_libmnl; -else +else $as_nop withval="yes" fi - found_libmnl="no" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libmnl" >&5 - found_libmnl="no" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libmnl" >&5 -$as_echo_n "checking for libmnl... " >&6; } - if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" - fi - for dir in $withval ; do - if test -f "$dir/include/libmnl/libmnl.h"; then - found_libmnl="yes" - if test "$dir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$dir/include" - LDFLAGS="$LDFLAGS -L$dir/lib" - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $dir" >&5 -$as_echo "found in $dir" >&6; } - LIBS="$LIBS -lmnl" - break; - fi - done - if test x_$found_libmnl != x_yes - then ++ found_libmnl="no" ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libmnl" >&5 +printf %s "checking for libmnl... " >&6; } - if test x_$withval = x_ -o x_$withval = x_yes; then ++ if test x_$withval = x_ -o x_$withval = x_yes; then + withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" - fi - for dir in $withval ; do ++ fi ++ for dir in $withval ; do + if test -f "$dir/include/libmnl/libmnl.h" -o -f "$dir/include/libmnl/libmnl/libmnl.h"; then + found_libmnl="yes" + extralibmnl="" + if test -f "$dir/include/libmnl/libmnl/libmnl.h"; then + extralibmnl="/libmnl" + fi + if test "$dir" != "/usr" -o -n "$extralibmnl"; then + CPPFLAGS="$CPPFLAGS -I$dir/include$extralibmnl" + fi + if test "$dir" != "/usr"; then + LDFLAGS="$LDFLAGS -L$dir/lib" + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: found in $dir" >&5 +printf "%s\n" "found in $dir" >&6; } + LIBS="$LIBS -lmnl" + break; + fi - done - if test x_$found_libmnl != x_yes; then - as_fn_error $? "Could not find libmnl, libmnl.h" "$LINENO" 5 - fi ++ done ++ if test x_$found_libmnl != x_yes; then + as_fn_error $? "Could not find libmnl, libmnl.h" "$LINENO" 5 - fi ++ fi + + fi + + done - ;; no|*) # nothing diff --cc configure.ac index 88c4ff1cc,3fd070188..5597abb88 --- a/configure.ac +++ b/configure.ac @@@ -1931,36 -1809,36 +1931,42 @@@ case "$enable_ipset" i IPSET_OBJ="ipset.lo" AC_SUBST(IPSET_OBJ) - # mnl - AC_ARG_WITH(libmnl, AS_HELP_STRING([--with-libmnl=path],[specify explicit path for libmnl.]), + # BSD's pf + AC_CHECK_HEADERS([net/pfvar.h], [], [ - # mnl - AC_ARG_WITH(libmnl, AS_HELP_STRING([--with-libmnl=path],[specify explicit path for libmnl.]), - [ ],[ withval="yes" ]) - found_libmnl="no" - AC_MSG_CHECKING(for libmnl) - if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" - fi - for dir in $withval ; do - if test -f "$dir/include/libmnl/libmnl.h"; then - found_libmnl="yes" - dnl assume /usr is in default path. - if test "$dir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$dir/include" - LDFLAGS="$LDFLAGS -L$dir/lib" - fi - AC_MSG_RESULT(found in $dir) - LIBS="$LIBS -lmnl" - break; - fi - done - if test x_$found_libmnl != x_yes; then ++ # mnl ++ AC_ARG_WITH(libmnl, AS_HELP_STRING([--with-libmnl=path],[specify explicit path for libmnl.]), + [ ],[ withval="yes" ]) - found_libmnl="no" - AC_MSG_CHECKING(for libmnl) - if test x_$withval = x_ -o x_$withval = x_yes; then ++ found_libmnl="no" ++ AC_MSG_CHECKING(for libmnl) ++ if test x_$withval = x_ -o x_$withval = x_yes; then + withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" - fi - for dir in $withval ; do ++ fi ++ for dir in $withval ; do + if test -f "$dir/include/libmnl/libmnl.h" -o -f "$dir/include/libmnl/libmnl/libmnl.h"; then + found_libmnl="yes" + dnl assume /usr is in default path. + extralibmnl="" + if test -f "$dir/include/libmnl/libmnl/libmnl.h"; then + extralibmnl="/libmnl" + fi + if test "$dir" != "/usr" -o -n "$extralibmnl"; then + CPPFLAGS="$CPPFLAGS -I$dir/include$extralibmnl" + fi + if test "$dir" != "/usr"; then + LDFLAGS="$LDFLAGS -L$dir/lib" + fi + AC_MSG_RESULT(found in $dir) + LIBS="$LIBS -lmnl" + break; + fi - done - if test x_$found_libmnl != x_yes; then - AC_MSG_ERROR([Could not find libmnl, libmnl.h]) - fi ++ done ++ if test x_$found_libmnl != x_yes; then + AC_MSG_ERROR([Could not find libmnl, libmnl.h]) - fi ++ fi + ], [ + #include + #include + ]) ;; no|*) # nothing diff --cc daemon/daemon.c index dbb6db060,be57be42c..15102b9d2 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@@ -323,28 -303,7 +323,28 @@@ daemon_init(void return daemon; } +static int setup_acl_for_ports(struct acl_list* list, + struct listen_port* port_list) +{ + struct acl_addr* acl_node; + for(; port_list; port_list=port_list->next) { + if(!port_list->socket) { + /* This is mainly for testbound where port_list is + * empty. */ + continue; + } + if(!(acl_node = acl_interface_insert(list, + (struct sockaddr_storage*)port_list->socket->addr, + port_list->socket->addrlen, + acl_refuse))) { + return 0; + } + port_list->socket->acl = acl_node; + } + return 1; +} + - int + int daemon_open_shared_ports(struct daemon* daemon) { log_assert(daemon); diff --cc edns-subnet/subnetmod.c index 1dff429ac,28e0e7a02..61672be59 --- a/edns-subnet/subnetmod.c +++ b/edns-subnet/subnetmod.c @@@ -995,8 -861,10 +995,10 @@@ subnetmod_get_mem(struct module_env *en * The module function block */ static struct module_func_block subnetmod_block = { - "subnetcache", &subnetmod_init, &subnetmod_deinit, &subnetmod_operate, - &subnetmod_inform_super, &subnetmod_clear, &subnetmod_get_mem - "subnet", ++ "subnetcache", + &module_dummy_init, &module_dummy_init, &subnetmod_setup, + &subnetmod_desetup, &subnetmod_operate, &subnetmod_inform_super, + &subnetmod_clear, &subnetmod_get_mem }; struct module_func_block* diff --cc ipset/ipset.c index af55de8d6,347512406..59fd9ce9f --- a/ipset/ipset.c +++ b/ipset/ipset.c @@@ -137,11 -225,11 +225,11 @@@ ipset_add_rrset_data(struct ipset_env * static int ipset_check_zones_for_rrset(struct module_env *env, struct ipset_env *ie, - struct mnl_socket *mnl, struct ub_packed_rrset_key *rrset, - const char *qname, const int qlen, const char *setname, int af) - struct ub_packed_rrset_key *rrset, ++ struct ub_packed_rrset_key *rrset, const char *qname, const int qlen, + const char *setname, int af) { static char dname[BUFF_LEN]; - const char *s; + const char *ds, *qs; int dlen, plen; struct config_strlist *p; @@@ -152,73 -240,71 +240,78 @@@ log_err("bad domain name"); return -1; } + if (dname[dlen - 1] == '.') { + dlen--; + } for (p = env->cfg->local_zones_ipset; p; p = p->next) { + ds = NULL; + qs = NULL; plen = strlen(p->str); + if (p->str[plen - 1] == '.') { + plen--; + } - if (dlen >= plen) { - s = dname + (dlen - plen); - - if (strncasecmp(p->str, s, plen) == 0) { - d = (struct packed_rrset_data*)rrset->entry.data; - ipset_add_rrset_data(ie, d, setname, - af, dname); - break; - } + if (dlen == plen || (dlen > plen && dname[dlen - plen - 1] == '.' )) { + ds = dname + (dlen - plen); + } + if (qlen == plen || (qlen > plen && qname[qlen - plen - 1] == '.' )) { + qs = qname + (qlen - plen); + } + if ((ds && strncasecmp(p->str, ds, plen) == 0) + || (qs && strncasecmp(p->str, qs, plen) == 0)) { + d = (struct packed_rrset_data*)rrset->entry.data; - ipset_add_rrset_data(ie, mnl, d, setname, - af, dname); ++ ipset_add_rrset_data(ie, d, setname, af, dname); + break; } } return 0; } -static int ipset_update(struct module_env *env, struct dns_msg *return_msg, struct ipset_env *ie) { +static int ipset_update(struct module_env *env, struct dns_msg *return_msg, + struct query_info qinfo, struct ipset_env *ie) - { - struct mnl_socket *mnl; size_t i; - const char *setname; - struct ub_packed_rrset_key *rrset; - int af; + static char qname[BUFF_LEN]; + int qlen; - mnl = (struct mnl_socket *)ie->mnl; - if (!mnl) { - /* retry to create mnl socket */ - mnl = open_mnl_socket(); - if (!mnl) { + #ifdef HAVE_NET_PFVAR_H + #else + if (!ie->dev) { + // retry to create mnl socket + ie->dev = open_filter(); + if (!ie->dev) { + log_warn("ipset open_filter failed"); return -1; } - ie->mnl = mnl; } + #endif - for (i = 0; i < return_msg->rep->rrset_count; ++i) { - setname = NULL; + qlen = sldns_wire2str_dname_buf(qinfo.qname, qinfo.qname_len, + qname, BUFF_LEN); + if(qlen == 0) { + log_err("bad domain name"); + return -1; + } + for(i = 0; i < return_msg->rep->rrset_count; i++) { + setname = NULL; rrset = return_msg->rep->rrsets[i]; - - if (rrset->rk.type == htons(LDNS_RR_TYPE_A)) { + if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_A && + ie->v4_enabled == 1) { af = AF_INET; - if (ie->v4_enabled == 1) { - setname = ie->name_v4; - } - } else { + setname = ie->name_v4; + } else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_AAAA && + ie->v6_enabled == 1) { af = AF_INET6; - if (ie->v6_enabled == 1) { - setname = ie->name_v6; - } + setname = ie->name_v6; } if (setname) { - if(ipset_check_zones_for_rrset(env, ie, mnl, rrset, - qname, qlen, setname, af) == -1) - if(ipset_check_zones_for_rrset(env, ie, rrset, - setname, af) == -1) ++ if(ipset_check_zones_for_rrset(env, ie, rrset, qname, ++ qlen, setname, af) == -1) return -1; } } diff --cc libunbound/context.c index a319f59cd,b7f5bb605..51f4474bb --- a/libunbound/context.c +++ b/libunbound/context.c @@@ -72,12 -69,11 +72,14 @@@ context_finalize(struct ub_ctx* ctx } else { log_init(cfg->logfile, cfg->use_syslog, NULL); } + ctx->pipe_pid = getpid(); + cfg_apply_local_port_policy(cfg, 65536); config_apply(cfg); + if(!modstack_init(&ctx->mods, cfg->module_conf, ctx->env)) + return UB_INITFAIL; if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env)) return UB_INITFAIL; + listen_setup_locks(); log_edns_known_options(VERB_ALGO, ctx->env); ctx->local_zones = local_zones_create(); if(!ctx->local_zones) diff --cc libunbound/libunbound.c index 3c8955149,acab120c5..8a5e0188f --- a/libunbound/libunbound.c +++ b/libunbound/libunbound.c @@@ -172,8 -169,7 +172,8 @@@ static struct ub_ctx* ub_ctx_create_nop ctx->env->alloc = &ctx->superalloc; ctx->env->worker = NULL; ctx->env->need_to_validate = 0; - modstack_init(&ctx->mods); + memset(&ctx->mods, 0, sizeof(ctx->mods)); + ctx->env->modstack = &ctx->mods; rbtree_init(&ctx->queries, &context_query_cmp); return ctx; }