From: W.C.A. Wijngaards Date: Wed, 9 Oct 2024 08:16:09 +0000 (+0200) Subject: Merge branch 'master' into dnsoverquic X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e805751a4fb448330ab998fa3e7230a2dda27876;p=thirdparty%2Funbound.git Merge branch 'master' into dnsoverquic --- e805751a4fb448330ab998fa3e7230a2dda27876 diff --cc daemon/daemon.h index fe2520210,5c3a114cc..fc1bde713 --- a/daemon/daemon.h +++ b/daemon/daemon.h @@@ -58,7 -58,7 +58,8 @@@ struct ub_randstate struct daemon_remote; struct respip_set; struct shm_main_info; +struct doq_table; + struct cookie_secrets; #include "dnstap/dnstap_config.h" #ifdef USE_DNSTAP @@@ -145,10 -147,10 +148,12 @@@ struct daemon /** the dnscrypt environment */ struct dnsc_env* dnscenv; #endif + /** the doq connection table */ + struct doq_table* doq_table; /** reuse existing cache on reload if other conditions allow it. */ int reuse_cache; + /** the EDNS cookie secrets from the cookie-secret-file */ + struct cookie_secrets* cookie_secrets; }; /** diff --cc services/listen_dnsport.c index 22cea48d5,6c0691f2a..078a344d3 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@@ -697,9 -673,9 +699,9 @@@ create_udp_sock(int family, int socktyp int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, int* reuseport, int transparent, int mss, int nodelay, int freebind, - int use_systemd, int dscp) + int use_systemd, int dscp, const char* additional) { - int s; + int s = -1; char* err; #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined(SO_BINDANY) int on = 1; diff --cc testcode/checklocks.c index de9e8f96a,d1c877467..fdc1b8af1 --- a/testcode/checklocks.c +++ b/testcode/checklocks.c @@@ -68,8 -68,17 +68,19 @@@ static struct thr_check* thread_infos[T int check_locking_order = 1; /** the pid of this runset, reasonably unique. */ static pid_t check_lock_pid; +/** the name of the output file */ +static const char* output_name = "ublocktrace"; + /** + * Should checklocks print a trace of the lock and unlock calls. + * It uses fprintf for that because the log function uses a lock and that + * would loop otherwise. + */ + static int verbose_locking = 0; + /** + * Assume lock 0 0 (create_thread, create_instance), is the log lock and + * do not print for that. Otherwise the output is full of log lock accesses. + */ + static int verbose_locking_not_loglock = 1; /** print all possible debug info on the state of the system */ static void total_debug_info(void); diff --cc util/configparser.y index 32e84fc80,2ca16f81c..9978e12f9 --- a/util/configparser.y +++ b/util/configparser.y @@@ -198,10 -203,11 +203,12 @@@ extern struct config_parser_state* cfg_ %token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE %token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG %token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA +%token VAR_QUIC_PORT VAR_QUIC_SIZE %token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO %token VAR_HARDEN_UNKNOWN_ADDITIONAL VAR_DISABLE_EDNS_DO VAR_CACHEDB_NO_STORE - %token VAR_LOG_DESTADDR + %token VAR_LOG_DESTADDR VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED + %token VAR_COOKIE_SECRET_FILE VAR_ITER_SCRUB_NS VAR_ITER_SCRUB_CNAME + %token VAR_MAX_GLOBAL_QUOTA VAR_HARDEN_UNVERIFIED_GLUE VAR_LOG_TIME_ISO %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; diff --cc util/netevent.h index 6ecd5f8f0,6f43ce56c..acc4887b1 --- a/util/netevent.h +++ b/util/netevent.h @@@ -1019,106 -955,9 +1019,109 @@@ void http2_session_add_stream(struct ht void http2_stream_add_meshstate(struct http2_stream* h2_stream, struct mesh_area* mesh, struct mesh_state* m); + /** Remove mesh state from stream. When the mesh state has been removed. */ + void http2_stream_remove_mesh_state(struct http2_stream* h2_stream); + +/** + * DoQ socket address storage for IP4 or IP6 address. Smaller than + * the sockaddr_storage because not with af_unix pathnames. + */ +struct doq_addr_storage { + union { + struct sockaddr_in in; +#ifdef AF_INET6 + struct sockaddr_in6 in6; +#endif + } sockaddr; +}; + +/** + * The DoQ server socket information, for DNS over QUIC. + */ +struct doq_server_socket { + /** the doq connection table */ + struct doq_table* table; + /** random generator */ + struct ub_randstate* rnd; + /** if address validation is enabled */ + uint8_t validate_addr; + /** the ssl service key file */ + char* ssl_service_key; + /** the ssl service pem file */ + char* ssl_service_pem; + /** the ssl verify pem file */ + char* ssl_verify_pem; + /** the server scid length */ + int sv_scidlen; + /** the idle timeout in nanoseconds */ + uint64_t idle_timeout; + /** the static secret for the server */ + uint8_t* static_secret; + /** length of the static secret */ + size_t static_secret_len; + /** ssl context, SSL_CTX* */ + void* ctx; +#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT + /** quic method functions, SSL_QUIC_METHOD* */ + void* quic_method; +#endif + /** the comm point for this doq server socket */ + struct comm_point* cp; + /** the buffer for packets, doq in and out */ + struct sldns_buffer* pkt_buf; + /** the current doq connection when we are in callbacks to worker, + * so that we have the already locked structure at our disposal. */ + struct doq_conn* current_conn; + /** if the callback event on the fd has write flags */ + uint8_t event_has_write; + /** if there is a blocked packet in the blocked_pkt buffer */ + int have_blocked_pkt; + /** store blocked packet, a packet that could not be send on the + * nonblocking socket. It has to be sent later, when the write on + * the udp socket unblocks. */ + struct sldns_buffer* blocked_pkt; +#ifdef HAVE_NGTCP2 + /** the ecn info for the blocked packet, congestion information. */ + struct ngtcp2_pkt_info blocked_pkt_pi; +#endif + /** the packet destination for the blocked packet. */ + struct doq_pkt_addr* blocked_paddr; + /** timer for this worker on this comm_point to wait on. */ + struct comm_timer* timer; + /** the timer that is marked by the doq_socket as waited on. */ + struct timeval marked_time; + /** the current time for use by time functions, time_t. */ + time_t* now_tt; + /** the current time for use by time functions, timeval. */ + struct timeval* now_tv; + /** config file for the worker. */ + struct config_file* cfg; +}; + +/** + * DoQ packet address information. From pktinfo, stores local and remote + * address and ifindex, so the packet can be sent there. + */ +struct doq_pkt_addr { + /** the remote addr, and local addr */ + struct doq_addr_storage addr, localaddr; + /** length of addr and length of localaddr */ + socklen_t addrlen, localaddrlen; + /** interface index from pktinfo ancillary information */ + int ifindex; +}; + +/** Initialize the pkt addr with lengths set to sizeof. That is ready for + * a call to recv. */ +void doq_pkt_addr_init(struct doq_pkt_addr* paddr); + +/** send doq packet over UDP. */ +void doq_send_pkt(struct comm_point* c, struct doq_pkt_addr* paddr, + uint32_t ecn); + +/** doq timer callback function. */ +void doq_timer_cb(void* arg); + /** * This routine is published for checks and tests, and is only used internally. * handle libevent callback for timer comm.