head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC4:1.1.1.5 netbsd-11-0-RC3:1.1.1.5 netbsd-11-0-RC2:1.1.1.5 netbsd-11-0-RC1:1.1.1.5 unbound-1-24-2:1.1.1.5 unbound-1-23-1:1.1.1.5 perseant-exfatfs-base-20250801:1.1.1.5 netbsd-11:1.1.1.5.0.10 netbsd-11-base:1.1.1.5 netbsd-10-1-RELEASE:1.1.1.5 perseant-exfatfs-base-20240630:1.1.1.5 perseant-exfatfs:1.1.1.5.0.8 perseant-exfatfs-base:1.1.1.5 netbsd-8-3-RELEASE:1.1.1.1.4.2 netbsd-9-4-RELEASE:1.1.1.3.2.2 netbsd-10-0-RELEASE:1.1.1.5 netbsd-10-0-RC6:1.1.1.5 netbsd-10-0-RC5:1.1.1.5 unbound-1-19-1:1.1.1.5 netbsd-10-0-RC4:1.1.1.5 netbsd-10-0-RC3:1.1.1.5 netbsd-10-0-RC2:1.1.1.5 netbsd-10-0-RC1:1.1.1.5 netbsd-10:1.1.1.5.0.6 netbsd-10-base:1.1.1.5 unbound-1-16-3:1.1.1.5 netbsd-9-3-RELEASE:1.1.1.3.2.1 cjep_sun2x-base1:1.1.1.5 cjep_sun2x:1.1.1.5.0.4 cjep_sun2x-base:1.1.1.5 cjep_staticlib_x-base1:1.1.1.5 netbsd-9-2-RELEASE:1.1.1.3.2.1 cjep_staticlib_x:1.1.1.5.0.2 cjep_staticlib_x-base:1.1.1.5 unbound-1-13-1:1.1.1.5 netbsd-9-1-RELEASE:1.1.1.3.2.1 phil-wifi-20200421:1.1.1.4 phil-wifi-20200411:1.1.1.4 is-mlppp:1.1.1.4.0.2 is-mlppp-base:1.1.1.4 phil-wifi-20200406:1.1.1.4 netbsd-8-2-RELEASE:1.1.1.1.4.2 netbsd-9-0-RELEASE:1.1.1.3.2.1 netbsd-9-0-RC2:1.1.1.3.2.1 unbound-1-9-6:1.1.1.4 netbsd-9-0-RC1:1.1.1.3 phil-wifi-20191119:1.1.1.3 netbsd-9:1.1.1.3.0.2 netbsd-9-base:1.1.1.3 phil-wifi-20190609:1.1.1.3 netbsd-8-1-RELEASE:1.1.1.1.4.2 unbound-1-9-1:1.1.1.3 netbsd-8-1-RC1:1.1.1.1.4.2 pgoyette-compat-merge-20190127:1.1.1.1.2.1 pgoyette-compat-20190127:1.1.1.2 pgoyette-compat-20190118:1.1.1.2 pgoyette-compat-1226:1.1.1.2 pgoyette-compat-1126:1.1.1.2 pgoyette-compat-1020:1.1.1.2 pgoyette-compat-0930:1.1.1.2 pgoyette-compat-0906:1.1.1.2 unbound-1-7-3:1.1.1.2 pgoyette-compat-0728:1.1.1.1 netbsd-8-0-RELEASE:1.1.1.1.4.2 phil-wifi:1.1.1.1.0.6 phil-wifi-base:1.1.1.1 pgoyette-compat-0625:1.1.1.1 netbsd-8-0-RC2:1.1.1.1.4.2 pgoyette-compat-0521:1.1.1.1 pgoyette-compat-0502:1.1.1.1 pgoyette-compat-0422:1.1.1.1 netbsd-8-0-RC1:1.1.1.1.4.2 pgoyette-compat-0415:1.1.1.1 netbsd-8:1.1.1.1.0.4 pgoyette-compat-0407:1.1.1.1 pgoyette-compat-0330:1.1.1.1 pgoyette-compat-0322:1.1.1.1 pgoyette-compat-0315:1.1.1.1 pgoyette-compat:1.1.1.1.0.2 pgoyette-compat-base:1.1.1.1 unbound-1-6-8:1.1.1.1 NLNETLABS:1.1.1; locks; strict; comment @# @; 1.1 date 2018.02.06.02.39.26; author christos; state Exp; branches 1.1.1.1; next ; commitid qeqT9bPzhT9JaKpA; 1.1.1.1 date 2018.02.06.02.39.26; author christos; state Exp; branches 1.1.1.1.2.1 1.1.1.1.4.1 1.1.1.1.6.1; next 1.1.1.2; commitid qeqT9bPzhT9JaKpA; 1.1.1.2 date 2018.09.03.14.09.06; author christos; state Exp; branches; next 1.1.1.3; commitid o0zwx3bWVehagFQA; 1.1.1.3 date 2019.05.25.21.18.03; author christos; state Exp; branches 1.1.1.3.2.1; next 1.1.1.4; commitid N8Uz34hJGvap9DoB; 1.1.1.4 date 2019.12.15.15.28.43; author christos; state Exp; branches; next 1.1.1.5; commitid NCYfiiT7bQUbFOOB; 1.1.1.5 date 2021.03.15.20.01.06; author christos; state Exp; branches; next ; commitid oSEdmWcDkMtAwrLC; 1.1.1.1.2.1 date 2018.09.06.06.51.50; author pgoyette; state Exp; branches; next ; commitid HCi1bXD317XIK0RA; 1.1.1.1.4.1 date 2018.02.06.02.39.26; author msaitoh; state dead; branches; next 1.1.1.1.4.2; commitid t5lnMt5mtvxvK5yA; 1.1.1.1.4.2 date 2018.04.12.01.38.43; author msaitoh; state Exp; branches; next ; commitid t5lnMt5mtvxvK5yA; 1.1.1.1.6.1 date 2019.06.10.21.51.40; author christos; state Exp; branches; next 1.1.1.1.6.2; commitid jtc8rnCzWiEEHGqB; 1.1.1.1.6.2 date 2020.04.08.14.04.15; author martin; state Exp; branches; next ; commitid Qli2aW9E74UFuA3C; 1.1.1.3.2.1 date 2020.01.05.09.51.46; author martin; state Exp; branches; next 1.1.1.3.2.2; commitid 2CiUer1HYuOh8uRB; 1.1.1.3.2.2 date 2024.02.29.11.40.08; author martin; state Exp; branches; next ; commitid JxWuK0x3VE2xYj0F; desc @@ 1.1 log @Initial revision @ text @=================================================================== RCS file: ./RCS/Makefile.in,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./Makefile.in --- ./Makefile.in +++ ./Makefile.in @@@@ -23,6 +23,8 @@@@ CHECKLOCK_OBJ=@@CHECKLOCK_OBJ@@ DNSTAP_SRC=@@DNSTAP_SRC@@ DNSTAP_OBJ=@@DNSTAP_OBJ@@ +FASTRPZ_SRC=@@FASTRPZ_SRC@@ +FASTRPZ_OBJ=@@FASTRPZ_OBJ@@ DNSCRYPT_SRC=@@DNSCRYPT_SRC@@ DNSCRYPT_OBJ=@@DNSCRYPT_OBJ@@ WITH_PYTHONMODULE=@@WITH_PYTHONMODULE@@ @@@@ -125,7 +127,7 @@@@ edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ cachedb/cachedb.c respip/respip.c $(CHECKLOCK_SRC) \ -$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) +$(DNSTAP_SRC) $(FASTRPZ_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ @@@@ -137,7 +139,7 @@@@ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ -$(IPSECMOD_OBJ) +$(FASTRPZ_OBJ) $(DNSCRYPT_OBJ) COMMON_OBJ_WITHOUT_NETCALL+=respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo @@@@ -398,6 +401,11 @@@@ $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h +# fastrpz +rpz.lo rpz.o: $(srcdir)/fastrpz/rpz.c config.h fastrpz/rpz.h fastrpz/librpz.h \ + $(srcdir)/util/config_file.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/util/log.h + # Python Module pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ =================================================================== RCS file: ./RCS/config.h.in,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./config.h.in --- ./config.h.in +++ ./config.h.in @@@@ -1199,4 +1199,11 @@@@ /** the version of unbound-control that this software implements */ #define UNBOUND_CONTROL_VERSION 1 - +/* have __attribute__s used in librpz.h */ +#undef LIBRPZ_HAVE_ATTR +/** fastrpz librpz.so */ +#undef FASTRPZ_LIBRPZ_PATH +/** 0=no fastrpz 1=static link 2=dlopen() */ +#undef FASTRPZ_LIB_OPEN +/** turn on fastrpz response policy zones */ +#undef ENABLE_FASTRPZ =================================================================== RCS file: ./RCS/configure.ac,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./configure.ac --- ./configure.ac +++ ./configure.ac @@@@ -6,6 +6,7 @@@@ sinclude(acx_python.m4) sinclude(ac_pkg_swig.m4) sinclude(dnstap/dnstap.m4) +sinclude(fastrpz/rpz.m4) sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing @@@@ -1352,6 +1353,9 @@@@ ;; esac +# check for Fastrpz with fastrpz/rpz.m4 +ck_FASTRPZ + AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). =================================================================== RCS file: ./daemon/RCS/daemon.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.c --- ./daemon/daemon.c +++ ./daemon/daemon.c @@@@ -89,6 +89,9 @@@@ #include "sldns/keyraw.h" #include "respip/respip.h" #include +#ifdef ENABLE_FASTRPZ +#include "fastrpz/rpz.h" +#endif #ifdef HAVE_SYSTEMD #include @@@@ -451,6 +454,14 @@@@ fatal_exit("dnstap enabled in config but not built with dnstap support"); #endif } + if(daemon->cfg->rpz_enable) { +#ifdef ENABLE_FASTRPZ + rpz_init(&daemon->rpz_clist, &daemon->rpz_client, daemon->cfg); +#else + fatal_exit("fastrpz enabled in config" + " but not built with fastrpz"); +#endif + } for(i=0; inum; i++) { if(!(daemon->workers[i] = worker_create(daemon, i, shufport+numport*i/daemon->num, @@@@ -691,6 +702,9 @@@@ #ifdef USE_DNSTAP dt_delete(daemon->dtenv); #endif +#ifdef ENABLE_FASTRPZ + rpz_delete(&daemon->rpz_clist, &daemon->rpz_client); +#endif daemon->cfg = NULL; } =================================================================== RCS file: ./daemon/RCS/daemon.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.h --- ./daemon/daemon.h +++ ./daemon/daemon.h @@@@ -134,6 +134,11 @@@@ /** the dnscrypt environment */ struct dnsc_env* dnscenv; #endif +#ifdef ENABLE_FASTRPZ + /** global opaque rpz handles */ + struct librpz_clist *rpz_clist; + struct librpz_client *rpz_client; +#endif }; /** =================================================================== RCS file: ./daemon/RCS/worker.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c --- ./daemon/worker.c +++ ./daemon/worker.c @@@@ -73,6 +73,9 @@@@ #include "libunbound/context.h" #include "libunbound/libworker.h" #include "sldns/sbuffer.h" +#ifdef ENABLE_FASTRPZ +#include "fastrpz/rpz.h" +#endif #include "sldns/wire2str.h" #include "util/shm_side/shm_main.h" #include "dnscrypt/dnscrypt.h" @@@@ -526,8 +529,27 @@@@ /* not secure */ secure = 0; break; +#ifdef ENABLE_FASTRPZ + case sec_status_rpz_rewritten: + case sec_status_rpz_drop: + fatal_exit("impossible cached RPZ sec_status"); + break; +#endif } } +#ifdef ENABLE_FASTRPZ + if(repinfo->rpz) { + /* Scan the cached answer for RPZ hits. + * ret=1 use cache entry + * ret=-1 rewritten response already sent or dropped + * ret=0 deny a cached entry exists + */ + int ret = rpz_worker_cache(worker, msg->rep, qinfo, + id, flags, edns, repinfo); + if(ret != 1) + return ret; + } +#endif /* return this delegation from the cache */ edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; @@@@ -688,6 +710,23 @@@@ secure = 0; } } else secure = 0; +#ifdef ENABLE_FASTRPZ + if(repinfo->rpz) { + /* Scan the cached answer for RPZ hits. + * ret=1 use cache entry + * ret=-1 rewritten response already sent or dropped + * ret=0 deny a cached entry exists + */ + int ret = rpz_worker_cache(worker, rep, qinfo, id, flags, edns, + repinfo); + if(ret != 1) { + rrset_array_unlock_touch(worker->env.rrset_cache, + worker->scratchpad, rep->ref, + rep->rrset_count); + return ret; + } + } +#endif edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; @@@@ -1267,6 +1306,15 @@@@ log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", &repinfo->addr, repinfo->addrlen); goto send_reply; +#ifdef ENABLE_FASTRPZ + } else { + /* Start to rewrite for response policy zones. + * This can hit a qname trigger and be done. */ + if(rpz_start(worker, &qinfo, repinfo, &edns)) { + regional_free_all(worker->scratchpad); + return 0; + } +#endif } /* If we've found a local alias, replace the qname with the alias @@@@ -1315,12 +1363,21 @@@@ h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { /* answer from cache - we have acquired a readlock on it */ - if(answer_from_cache(worker, &qinfo, + ret = answer_from_cache(worker, &qinfo, cinfo, &need_drop, &alias_rrset, &partial_rep, (struct reply_info*)e->data, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), repinfo, - &edns)) { + &edns); +#ifdef ENABLE_FASTRPZ + if(ret < 0) { + /* RPZ already dropped or sent a response. */ + lock_rw_unlock(&e->lock); + regional_free_all(worker->scratchpad); + return 0; + } +#endif + if(ret) { /* prefetch it if the prefetch TTL expired. * Note that if there is more than one pass * its qname must be that used for cache @@@@ -1371,11 +1428,19 @@@@ lock_rw_unlock(&e->lock); } if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { - if(answer_norec_from_cache(worker, &qinfo, + ret = answer_norec_from_cache(worker, &qinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), repinfo, - &edns)) { + &edns); + if(ret) { regional_free_all(worker->scratchpad); +#ifdef ENABLE_FASTRPZ + if(ret < 0) { + /* RPZ already dropped + * or sent a response. */ + return 0; + } +#endif goto send_reply; } verbose(VERB_ALGO, "answer norec from cache -- " =================================================================== RCS file: ./doc/RCS/unbound.conf.5.in,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./doc/unbound.conf.5.in --- ./doc/unbound.conf.5.in +++ ./doc/unbound.conf.5.in @@@@ -1446,6 +1446,81 @@@@ .B dns64\-synthall: \fI\fR Debug option, default no. If enabled, synthesize all AAAA records despite the presence of actual AAAA records. +.SS "Response Policy Zone Rewriting" +.LP +Response policy zone rewriting is controlled with the +.B rpz +clause. +It must contain a +.B rpz\-enable: +option, and one or more +.B rpz\-zone: +options. +It will usually also contain +.B rpz\-option: +clauses with general rewriting options or specifying dnsrpzd parameters. +Beneath the surface, the text in +.B rpz\-zone: \fI<"domain">\fR +is converted to \fI"zone domain\\n"\fR and added to the configuration string +given to +\fIlibrpz\fR(3). +The text in +.B rpz-option \fI<"text">\fR +is also added to that configuration string. +.LP +If using chroot, then the chroot directory must contain the \fIdnsrpzd\fR(3) +command and the shared libraries that it uses. +Those can be found with the \fIldd\fR(1) command. +.LP +Resolver zone and rewriting options and response policy zone triggers and +actions are described in \fIlibrpz\fR(3). +The separate control file that specifies the policy zones maintained by +the dnsrpzd daemon is described in \fIdnsrpzd\fR(8). +.LP +Many installations need a local whitelist that exempts local +domains from rewriting. +Whitelist records can be in zones transferred by dnsrpzd from +authorities or in a local zone file. +.TP +.B rpz-enable: \fI +enables Fastrpz. +If not enabled, the other options in the +.B rpz: +clause are ignored. +.TP +.B rpz-zone: \fI<"zone and options"> +specifies a policy zone and optional per-zone rewriting parameters. +.TP +.B rpz-option: \fI<"option"> +specifies general Fastrpz options. +.LP +Fastrpz is available only on POSIX compliant UNIX-like systems with the +\fImmap\fR(2) system call. +.LP +Fastrpz in Unbound differs from rpz and fastrpz in BIND by +.RS 3 +.HP 4 +RPZ-CLIENT-IP triggers can only be used in the first policy zone +specified with +.B rpz-zone: +.HP +Policy zone rewriting is disabled by the DO bit in DNS requests +even when no DNSSEC signatures are supplied by authorities. +.HP +Unbound local zones are not subject to rpz rewriting. +.HP +Like Fastrpz with BIND but unlike classic BIND rpz, +the ADDITIONAL sections of rewritten responses contain the SOA record from +the policy zone used to rewrite the response. +.RE +.P +.nf +# example Fastrpz settings for use with chroot on Freebsd +rpz: + rpz-zone: "rpz.example.org" + rpz-zone: "other.rpz.example.org ip-as-ns yes" + rpz-option: "dnsrpzd ./dnsrpzd" +.fi .SS "DNSCrypt Options" .LP The =================================================================== RCS file: ./fastrpz/RCS/librpz.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./fastrpz/librpz.h --- ./fastrpz/librpz.h +++ ./fastrpz/librpz.h @@@@ -0,0 +1,957 @@@@ +/* + * Define the interface from a DNS resolver to the Response Policy Zone + * library, librpz. + * + * This file should be included only the interface functions between the + * resolver and librpz to avoid name space pollution. + * + * Copyright (c) 2016-2017 Farsight Security, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Fastrpz version 1.2.10 + */ + +#ifndef LIBRPZ_H +#define LIBRPZ_H + +#include +#include +#include +#include +#include +#include + + +/* + * Allow either ordinary or dlopen() linking. + */ +#ifdef LIBRPZ_INTERNAL +#define LIBDEF(t,s) extern t s; +#define LIBDEF_F(f) LIBDEF(librpz_##f##_t, librpz_##f) +#else +#define LIBDEF(t,s) +#define LIBDEF_F(f) +#endif + +/* + * Response Policy Zone triggers. + * Comparisons of trigger precedences require + * LIBRPZ_TRIG_CLIENT_IP < LIBRPZ_TRIG_QNAME < LIBRPZ_TRIG_IP + * < LIBRPZ_TRIG_NSDNAME < LIBRPZ_TRIG_NSIP} + */ +typedef enum { + LIBRPZ_TRIG_BAD =0, + LIBRPZ_TRIG_CLIENT_IP =1, + LIBRPZ_TRIG_QNAME =2, + LIBRPZ_TRIG_IP =3, + LIBRPZ_TRIG_NSDNAME =4, + LIBRPZ_TRIG_NSIP =5 +} librpz_trig_t; +#define LIBRPZ_TRIG_SIZE 3 /* sizeof librpz_trig_t in bits */ +typedef uint8_t librpz_tbit_t; /* one bit for each of the TRIGS_NUM + * trigger types */ + + +/* + * Response Policy Zone Actions or policies + */ +typedef enum { + LIBRPZ_POLICY_UNDEFINED =0, /* an empty entry or no decision yet */ + LIBRPZ_POLICY_DELETED =1, /* placeholder for a deleted policy */ + + LIBRPZ_POLICY_PASSTHRU =2, /* 'passthru': do not rewrite */ + LIBRPZ_POLICY_DROP =3, /* 'drop': do not respond */ + LIBRPZ_POLICY_TCP_ONLY =4, /* 'tcp-only': answer UDP with TC=1 */ + LIBRPZ_POLICY_NXDOMAIN =5, /* 'nxdomain': answer with NXDOMAIN */ + LIBRPZ_POLICY_NODATA =6, /* 'nodata': answer with ANCOUNT=0 */ + LIBRPZ_POLICY_RECORD =7, /* rewrite with the policy's RR */ + + /* only in client configurations to override the zone */ + LIBRPZ_POLICY_GIVEN, /* 'given': what policy record says */ + LIBRPZ_POLICY_DISABLED, /* at most log */ + LIBRPZ_POLICY_CNAME, /* answer with 'cname x' */ +} librpz_policy_t; +#define LIBRPZ_POLICY_BITS 4 + +/* + * Special policies that appear as targets of CNAMEs + * NXDOMAIN is signaled by a CNAME with a "." target. + * NODATA is signaled by a CNAME with a "*." target. + */ +#define LIBRPZ_RPZ_PREFIX "rpz-" +#define LIBRPZ_RPZ_PASSTHRU LIBRPZ_RPZ_PREFIX"passthru" +#define LIBRPZ_RPZ_DROP LIBRPZ_RPZ_PREFIX"drop" +#define LIBRPZ_RPZ_TCP_ONLY LIBRPZ_RPZ_PREFIX"tcp-only" + + +typedef uint16_t librpz_dznum_t; /* dnsrpzd zone # in [0,DZNUM_MAX] */ +typedef uint8_t librpz_cznum_t; /* client zone # in [0,CZNUM_MAX] */ + + +/* + * CIDR block + */ +typedef struct librpz_prefix { + union { + struct in_addr in; + struct in6_addr in6; + } addr; + uint8_t family; + uint8_t len; +} librpz_prefix_t; + +/* + * A domain + */ +typedef uint8_t librpz_dsize_t; +typedef struct librpz_domain { + librpz_dsize_t size; /* of only .d */ + uint8_t d[0]; /* variable length wire format */ +} librpz_domain_t; + +/* + * A maximal domain buffer + */ +typedef struct librpz_domain_buf { + librpz_dsize_t size; + uint8_t d[NS_MAXCDNAME]; +} librpz_domain_buf_t; + +/* + * A resource record without the owner name. + * C compilers say that sizeof(librpz_rr_t)=12 instead of 10. + */ +typedef struct { + uint16_t type; /* network byte order */ + uint16_t class; /* network byte order */ + uint32_t ttl; /* network byte order */ + uint16_t rdlength; /* network byte order */ + uint8_t rdata[0]; /* variable length */ +} librpz_rr_t; + +/* + * The database file might be mapped with different starting addresses + * by concurrent clients (resolvers), and so all pointers are offsets. + */ +typedef uint32_t librpz_idx_t; +#define LIBRPZ_IDX_NULL 0 +#define LIBRPZ_IDX_MIN 1 +#define LIBRPZ_IDX_BAD ((librpz_idx_t)-1) +/** + * Partial decoded results of a set of RPZ queries for a single DNS response + * or interation through the mapped file. + */ +typedef int16_t librpz_result_id_t; +typedef struct librpz_result { + librpz_idx_t next_rr; + librpz_result_id_t hit_id; /* trigger ID from resolver */ + librpz_policy_t zpolicy; /* policy from zone */ + librpz_policy_t policy; /* adjusted by client configuration */ + librpz_dznum_t dznum; /* dnsrpzd zone number */ + librpz_cznum_t cznum; /* librpz client zone number */ + librpz_trig_t trig:LIBRPZ_TRIG_SIZE; + bool log:1; /* log rewrite given librpz_log_level */ +} librpz_result_t; + + +/** + * librpz trace or log levels. + */ +typedef enum { + LIBRPZ_LOG_FATAL =0, /* always print fatal errors */ + LIBRPZ_LOG_ERROR =1, /* errors have this level */ + LIBRPZ_LOG_TRACE1 =2, /* big events such as dnsrpzd starts */ + LIBRPZ_LOG_TRACE2 =3, /* smaller dnsrpzd zone transfers */ + LIBRPZ_LOG_TRACE3 =4, /* librpz hits */ + LIBRPZ_LOG_TRACE4 =5, /* librpz lookups */ + LIBRPZ_LOG_INVALID =999, +} librpz_log_level_t; +typedef librpz_log_level_t (librpz_log_level_val_t)(librpz_log_level_t level); +LIBDEF_F(log_level_val) + +/** + * Logging function that can be supplied by the resolver. + * @@param level is one of librpz_log_level_t + * @@param ctx is for use by the resolver's logging system. + * NULL mean a context-free message. + */ +typedef void(librpz_log_fnc_t)(librpz_log_level_t level, void *ctx, + const char *buf); + +/** + * Point librpz logging functions to the resolver's choice. + */ +typedef void (librpz_set_log_t)(librpz_log_fnc_t *new_log, const char *prog_nm); +LIBDEF_F(set_log) + + +/** + * librpz error messages are put in these buffers. + * Use a structure intead of naked char* to let the compiler check the length. + * A function defined with "foo(char buf[120])" can be called with + * "char sbuf[2]; foo(sbuf)" and suffer a buffer overrun. + */ +typedef struct { + char c[120]; +} librpz_emsg_t; + + +#ifdef LIBRPZ_HAVE_ATTR +#define LIBRPZ_UNUSED __attribute__((unused)) +#define LIBRPZ_PF(f,l) __attribute__((format(printf,f,l))) +#define LIBRPZ_NORET __attribute__((__noreturn__)) +#else +#define LIBRPZ_UNUSED +#define LIBRPZ_PF(f,l) +#define LIBRPZ_NORET +#endif + +#ifdef HAVE_BUILTIN_EXPECT +#define LIBRPZ_LIKELY(c) __builtin_expect(!!(c), 1) +#define LIBRPZ_UNLIKELY(c) __builtin_expect(!!(c), 0) +#else +#define LIBRPZ_LIKELY(c) (c) +#define LIBRPZ_UNLIKELY(c) (c) +#endif + +typedef bool (librpz_parse_log_opt_t)(librpz_emsg_t *emsg, const char *arg); +LIBDEF_F(parse_log_opt) + +typedef void (librpz_vpemsg_t)(librpz_emsg_t *emsg, + const char *p, va_list args); +LIBDEF_F(vpemsg) +typedef void (librpz_pemsg_t)(librpz_emsg_t *emsg, + const char *p, ...) LIBRPZ_PF(2,3); +LIBDEF_F(pemsg) + +typedef void (librpz_vlog_t)(librpz_log_level_t level, void *ctx, + const char *p, va_list args); +LIBDEF_F(vlog) +typedef void (librpz_log_t)(librpz_log_level_t level, void *ctx, + const char *p, ...) LIBRPZ_PF(3,4); +LIBDEF_F(log) + +typedef void (librpz_fatal_t)(int ex_code, + const char *p, ...) LIBRPZ_PF(2,3); +extern void librpz_fatal(int ex_code, + const char *p, ...) LIBRPZ_PF(2,3) LIBRPZ_NORET; + +typedef void (librpz_rpz_assert_t)(const char *file, unsigned line, + const char *p, ...) LIBRPZ_PF(3,4); +extern void librpz_rpz_assert(const char *file, unsigned line, + const char *p, ...) LIBRPZ_PF(3,4) LIBRPZ_NORET; + +typedef void (librpz_rpz_vassert_t)(const char *file, uint line, + const char *p, va_list args); +extern void librpz_rpz_vassert(const char *file, uint line, + const char *p, va_list args) LIBRPZ_NORET; + + +/* + * As far as clients are concerned, all relative pointers or indexes in a + * version of the mapped file except trie node parent pointers remain valid + * forever. A client must release a version so that it can be garbage + * collected by the file system. When dnsrpzd needs to expand the file, + * it copies the old file to a new, larger file. Clients can continue + * using the old file. + * + * Versions can also appear in a single file. Old nodes and trie values + * within the file are not destroyed until all clients using the version + * that contained the old values release the version. + * + * A client is marked as using version by connecting to the deamon. It is + * marked as using all subsequent versions. A client releases all versions + * by closing the connection or a range of versions by updating is slot + * in the shared memory version table. + * + * As far as clients are concerned, there are the following possible librpz + * failures: + * - malloc() or other fatal internal librpz problems indicated by + * a failing return from a librpz function + * All operations will fail until client handle is destroyed and + * recreated with librpz_client_detach() and librpz_client_create(). + * - corrupt database detected by librpz code, corrupt database detected + * by dnsrpzd, or disconnection from the daemon. + * Current operations will fail. + * + * Clients assume that the file has already been unlinked before + * the corrupt flag is set so that they do not race with the server + * over the corruption of a single file. A client that finds the + * corrupt set knows that dnsrpzd has already crashed with + * abort() and is restarting. The client can re-connect to dnsrpzd + * and retransmit its configuration, backing off as usual if anything + * goes wrong. + * + * Searchs of the database by a client do not need locks against dnsrpzd or + * other clients, but a lock is used to protect changes to the connection + * by competing threads in the client. The client provides fuctions + * to serialize the conncurrent use of any single client handle. + * Functions that do nothing are appropriate for applications that are + * not "threaded" or that do not share client handles among threads. + * Otherwise, functions must be provided to librpz_clientcreate(). + * Something like the following works with pthreads: + * + * static void + * lock(void *mutex) { assert(pthread_mutex_lock(mutex) == 0); } + * + * static void + * unlock(void *mutex) { assert(pthread_mutex_unlock(mutex) == 0); } + * + * static void + * mutex_destroy(void *mutex) { assert(pthread_mutex_destroy(mutex) == 0); } + * + * + * + * At every instant, all of the data and pointers in the mapped file are valid. + * Changes to trie node or other data are always made so that it and + * all pointers in and to it remain valid for a time. Old versions are + * eventually discarded. + * + * Dnsrpzd periodically defines a new version by setting asside all changes + * made since the previous version was defined. Subsequent changes + * made (only!) by dnsrpzd will be part of the next version. + * + * To discard an old version, dnsrpzd must know that all clients have stopped + * using that version. Clients do that by using part of the mapped file + * to tell dnsrpzd the oldest version that each client is using. + * Dnsrpzd assigns each connecting client an entry in the cversions array + * in the mapped file. The client puts version numbers into that entry + * to signal to dnsrpzd which versions that can be discarded. + * Dnsrpzd is free, as far as that client is concerned, to discard all + * numerically smaller versions. A client can disclaim all versions with + * the version number VERSIONS_ALL or 0. + * + * The race between a client changing its entry and dnsrpzd discarding a + * version is resolved by allowing dnsrpzd to discard all versions + * smaller or equal to the client's version number. If dnsrpzd is in + * the midst of discarding or about to discard version N when the + * client asserts N, no harm is done. The client depends only on + * the consistency of version N+1. + * + * This version mechanism depends in part on not being exercised too frequently + * Version numbers are 32 bits long and dnsrpzd creates new versions + * at most once every 30 seconds. + */ + + +/* + * Lock functions for concurrent use of a single librpz_client_t client handle. + */ +typedef void(librpz_mutex_t)(void *mutex); + +/* + * List of connections to dnsrpzd daemons. + */ +typedef struct librpz_clist librpz_clist_t; + +/* + * Client's handle on dnsrpzd. + */ +typedef struct librpz_client librpz_client_t; + +/** + * Create the list of connections to the dnsrpzd daemon. + * @@param[out] emsg: error message + * @@param lock: start exclusive access to the client handle + * @@param unlock: end exclusive access to the client handle + * @@param mutex_destroy: release the lock + * @@param mutex: pointer to the lock for the client handle + * @@param log_ctx: NULL or resolver's context log messages + */ +typedef librpz_clist_t *(librpz_clist_create_t)(librpz_emsg_t *emsg, + librpz_mutex_t *lock, + librpz_mutex_t *unlock, + librpz_mutex_t *mutex_destroy, + void *mutex, void *log_ctx); +LIBDEF_F(clist_create) + + +/** + * Release the list of dnsrpzd connections. + */ +typedef void (librpz_clist_detach_t)(librpz_clist_t **clistp); +LIBDEF_F(clist_detach) + +/** + * Create a librpz client handle. + * @@param[out] emsg: error message + * @@param: list of dnsrpzd connections + * @@param cstr: string of configuration settings separated by ';' or '\n' + * @@param use_expired: true to not ignore expired zones + * @@return client handle or NULL if the handle could not be created + */ +typedef librpz_client_t *(librpz_client_create_t)(librpz_emsg_t *emsg, + librpz_clist_t *clist, + const char *cstr, + bool use_expired); +LIBDEF_F(client_create) + +/** + * Start (if necessary) dnsrpzd and connect to it. + * @@param[out] emsg: error message + * @@param client handle + * @@param optional: true if it is ok if starting the daemon is not allowed + */ +typedef bool (librpz_connect_t)(librpz_emsg_t *emsg, librpz_client_t *client, + bool optional); +LIBDEF_F(connect) + +/** + * Start to destroy a librpz client handle. + * It will not be destroyed until the last set of RPZ queries represented + * by a librpz_rsp_t ends. + * @@param client handle to be released + * @@return false on error + */ +typedef void (librpz_client_detach_t)(librpz_client_t **clientp); +LIBDEF_F(client_detach) + +/** + * State for a set of RPZ queries for a single DNS response + * or for listing the database. + */ +typedef struct librpz_rsp librpz_rsp_t; + +/** + * Start a set of RPZ queries for a single DNS response. + * @@param[out] emsg: error message for false return or *rspp=NULL + * @@param[out] rspp created context or NULL + * @@param[out] min_ns_dotsp: NULL or pointer to configured MIN-NS-DOTS value + * @@param client state + * @@param have_rd: RD=1 in the DNS request + * @@param have_do: DO=1 in the DNS request + * @@return false on error + */ +typedef bool (librpz_rsp_create_t)(librpz_emsg_t *emsg, librpz_rsp_t **rspp, + int *min_ns_dotsp, librpz_client_t *client, + bool have_rd, bool have_do); +LIBDEF_F(rsp_create) + +/** + * Finish RPZ work for a DNS response. + */ +typedef void (librpz_rsp_detach_t)(librpz_rsp_t **rspp); +LIBDEF_F(rsp_detach) + +/** + * Get the final, accumulated result of a set of RPZ queries. + * Yield LIBRPZ_POLICY_UNDEFINED if + * - there were no hits, + * - there was a dispositive hit, be we have not recursed and are required + * to recurse so that evil DNS authories will not know we are using RPZ + * - we have a hit and have recursed, but later data such as NSIP could + * override + * @@param[out] emsg + * @@param[out] result describes the hit + * or result->policy=LIBRPZ_POLICY_UNDEFINED without a hit + * @@param[out] result: current policy rewrite values + * @@param recursed: recursion has now been done even if it was not done + * when the hit was found + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_result_t)(librpz_emsg_t *emsg, librpz_result_t *result, + bool recursed, const librpz_rsp_t *rsp); +LIBDEF_F(rsp_result) + +/** + * Might looking for a trigger be worthwhile? + * @@param trig: look for this type of trigger + * @@param ipv6: true if trig is LIBRPZ_TRIG_CLIENT_IP, LIBRPZ_TRIG_IP, + * or LIBRPZ_TRIG_NSIP and the IP address is IPv6 + * @@return: true if looking could be worthwhile + */ +typedef bool (librpz_have_trig_t)(librpz_trig_t trig, bool ipv6, + const librpz_rsp_t *rsp); +LIBDEF_F(have_trig) + +/** + * Might looking for NSDNAME and NSIP triggers be worthwhile? + * @@return: true if looking could be worthwhile + */ +typedef bool (librpz_have_ns_trig_t)(const librpz_rsp_t *rsp); +LIBDEF_F(have_ns_trig) + +/** + * Convert the found client IP trie key to a CIDR block + * @@param[out] emsg + * @@param[out] prefix trigger + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_clientip_prefix_t)(librpz_emsg_t *emsg, + librpz_prefix_t *prefix, + librpz_rsp_t *rsp); +LIBDEF_F(rsp_clientip_prefix) + +/** + * Compute the owner name of the found or result trie key, usually to log it. + * An IP address key might be returned as 8.0.0.0.127.rpz-client-ip. + * example.com. might be a qname trigger. example.com.rpz-nsdname. could + * be an NSDNAME trigger. + * @@param[out] emsg + * @@param[out] owner domain + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_domain_t)(librpz_emsg_t *emsg, + librpz_domain_buf_t *owner, + librpz_rsp_t *rsp); +LIBDEF_F(rsp_domain) + +/** + * Get the next RR of the LIBRPZ_POLICY_RECORD result after an initial use of + * librpz_rsp_result() or librpz_itr_node() or after a previous use of + * librpz_rsp_rr(). The RR is in uncompressed wire format including type, + * class, ttl and length in network byte order. + * @@param[out] emsg + * @@param[out] typep: optional host byte order record type or ns_t_invalid (0) + * @@param[out] classp: class such as ns_c_in + * @@param[out] ttlp: TTL + * @@param[out] rrp: optionall malloc() buffer containting the next RR or + * NULL after the last RR + * @@param[out] result: current policy rewrite values + * @@param qname: used construct a wildcard CNAME + * @@param qname_size + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_rr_t)(librpz_emsg_t *emsg, uint16_t *typep, + uint16_t *classp, uint32_t *ttlp, + librpz_rr_t **rrp, librpz_result_t *result, + const uint8_t *qname, size_t qname_size, + librpz_rsp_t *rsp); +LIBDEF_F(rsp_rr) + +/** + * Get the next RR of the LIBRPZ_POLICY_RECORD result. + * @@param[out] emsg + * @@param[out] ttlp: TTL + * @@param[out] rrp: malloc() buffer with SOA RR without owner name + * @@param[out] result: current policy rewrite values + * @@param[out] origin: SOA owner name + * @@param[out] origin_size + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_soa_t)(librpz_emsg_t *emsg, uint32_t *ttlp, + librpz_rr_t **rrp, librpz_domain_buf_t *origin, + librpz_result_t *result, librpz_rsp_t *rsp); +LIBDEF_F(rsp_soa) + +/** + * Get the SOA serial number for a policy zone to compare with a known value + * to check whether a zone tranfer is complete. + */ +typedef bool (librpz_soa_serial_t)(librpz_emsg_t *emsg, uint32_t *serialp, + const char *domain_nm, librpz_rsp_t *rsp); +LIBDEF_F(soa_serial) + +/** + * Save the current policy checking state. + * @@param[out] emsg + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_push_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); +LIBDEF_F(rsp_push) +#define LIBRPZ_RSP_STACK_DEPTH 3 + +/** + * Restore the previous policy checking state. + * @@param[out] emsg + * @@param[out] result: NULL or restored policy rewrite values + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_pop_t)(librpz_emsg_t *emsg, librpz_result_t *result, + librpz_rsp_t *rsp); +LIBDEF_F(rsp_pop) + +/** + * Discard the most recently save policy checking state. + * @@param[out] emsg + * @@param[out] result: NULL or restored policy rewrite values + * @@return false on error + */ +typedef bool (librpz_rsp_pop_discard_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); +LIBDEF_F(rsp_pop_discard) + +/** + * Disable a zone. + * @@param[out] emsg + * @@param znum + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_forget_zone_t)(librpz_emsg_t *emsg, + librpz_cznum_t znum, librpz_rsp_t *rsp); +LIBDEF_F(rsp_forget_zone) + +/** + * Apply RPZ to an IP address. + * @@param[out] emsg + * @@param addr: address to check + * @@param ipv6: true for 16 byte IPv6 instead of 4 byte IPv4 + * @@param trig LIBRPZ_TRIG_CLIENT_IP, LIBRPZ_TRIG_IP, or LIBRPZ_TRIG_NSIP + * @@param hit_id: caller chosen + * @@param recursed: recursion has been done + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_ck_ip_t)(librpz_emsg_t *emsg, + const void *addr, uint family, + librpz_trig_t trig, librpz_result_id_t hit_id, + bool recursed, librpz_rsp_t *rsp); +LIBDEF_F(ck_ip) + +/** + * Apply RPZ to a wire-format domain. + * @@param[out] emsg + * @@param domain in wire format + * @@param domain_size + * @@param trig LIBRPZ_TRIG_QNAME or LIBRPZ_TRIG_NSDNAME + * @@param hit_id: caller chosen + * @@param recursed: recursion has been done + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_ck_domain_t)(librpz_emsg_t *emsg, + const uint8_t *domain, size_t domain_size, + librpz_trig_t trig, librpz_result_id_t hit_id, + bool recursed, librpz_rsp_t *rsp); +LIBDEF_F(ck_domain) + +/** + * Ask dnsrpzd to refresh a zone. + * @@param[out] emsg error message + * @@param librpz_domain_t domain to refresh + * @@param client context + * @@return false after error + */ +typedef bool (librpz_zone_refresh_t)(librpz_emsg_t *emsg, const char *domain, + librpz_rsp_t *rsp); +LIBDEF_F(zone_refresh) + +/** + * Get a string describing the the databasse + * @@param license: include the license + * @@param cfiles: include the configuration file names + * @@param listens: include the local notify IP addresses + * @@param[out] emsg error message if the result is null + * @@param client context + * @@return malloc'ed string or NULL after error + */ +typedef char *(librpz_db_info_t)(librpz_emsg_t *emsg, + bool license, bool cfiles, bool listens, + librpz_rsp_t *rsp); +LIBDEF_F(db_info) + +/** + * Start a context for listing the nodes and/or zones in the mapped file + * @@param[out] emsg: error message for false return or *rspp=NULL + * @@param[out[ rspp created context or NULL + * @@param client context + * @@return false after error + */ +typedef bool (librpz_itr_start_t)(librpz_emsg_t *emsg, librpz_rsp_t **rspp, + librpz_client_t *client); +LIBDEF_F(itr_start) + +/** + * Get mapped file memory allocation statistics. + * @@param[out] emsg: error message + * @@param rsp state from librpz_itr_start() + * @@return malloc'ed string or NULL after error + */ +typedef char *(librpz_mf_stats_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); +LIBDEF_F(mf_stats) + +/** + * Get versions currently used by clients. + * @@param[out] emsg: error message + * @@param[in,out] rsp: state from librpz_itr_start() + * @@return malloc'ed string or NULL after error + */ +typedef char *(librpz_vers_stats_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); +LIBDEF_F(vers_stats) + +/** + * Allocate a string describing the next zone or "" after the last zone. + * @@param[out] emsg + * @@param all_zones to list all instead of only requested zones + * @@param[in,out] rsp state from librpz_rsp_start() + * @@return malloc'ed string or NULL after error + */ +typedef char *(librpz_itr_zone_t)(librpz_emsg_t *emsg, bool all_zones, + librpz_rsp_t *rsp); +LIBDEF_F(itr_zone) + +/** + * Describe the next trie node while dumping the database. + * @@param[out] emsg + * @@param[out] result describes node + * or result->policy=LIBRPZ_POLICY_UNDEFINED after the last node. + * @@param all_zones to list all instead of only requested zones + * @@param[in,out] rsp state from librpz_itr_start() + * @@return: false on error + */ +typedef bool (librpz_itr_node_t)(librpz_emsg_t *emsg, librpz_result_t *result, + bool all_zones, librpz_rsp_t *rsp); +LIBDEF_F(itr_node) + +/** + * RPZ policy to string with a backup buffer of POLICY2STR_SIZE size + */ +typedef const char *(librpz_policy2str_t)(librpz_policy_t policy, + char *buf, size_t buf_size); +#define POLICY2STR_SIZE sizeof("policy xxxxxx") +LIBDEF_F(policy2str) + +/** + * Trigger type to string. + */ +typedef const char *(librpz_trig2str_t)(librpz_trig_t trig); +LIBDEF_F(trig2str) + +/** + * Convert a number of seconds to a zone file duration string + */ +typedef const char *(librpz_secs2str_t)(time_t secs, + char *buf, size_t buf_size); +#define SECS2STR_SIZE sizeof("1234567w7d24h59m59s") +LIBDEF_F(secs2str) + +/** + * Parse a duration with 's', 'm', 'h', 'd', and 'w' units. + */ +typedef bool (librpz_str2secs_t)(librpz_emsg_t *emsg, time_t *val, + const char *str0); +LIBDEF_F(str2secs) + +/** + * Translate selected rtypes to strings + */ +typedef const char *(librpz_rtype2str_t)(uint type, char *buf, size_t buf_size); +#define RTYPE2STR_SIZE sizeof("type xxxxx") +LIBDEF_F(rtype2str) + +/** + * Local version of ns_name_ntop() for portability. + */ +typedef int (librpz_domain_ntop_t)(const u_char *src, char *dst, size_t dstsiz); +LIBDEF_F(domain_ntop) + +/** + * Local version of ns_name_pton(). + */ +typedef int (librpz_domain_pton2_t)(const char *src, u_char *dst, size_t dstsiz, + size_t *dstlen, bool lower); +LIBDEF_F(domain_pton2) + +typedef union socku socku_t; +typedef socku_t *(librpz_mk_inet_su_t)(socku_t *su, const struct in_addr *addrp, + in_port_t port); +LIBDEF_F(mk_inet_su) + +typedef socku_t *(librpz_mk_inet6_su_t)(socku_t *su, const + struct in6_addr *addrp, + uint32_t scope_id, in_port_t port); +LIBDEF_F(mk_inet6_su) + +typedef bool (librpz_str2su_t)(socku_t *sup, const char *str); +LIBDEF_F(str2su) + +typedef char *(librpz_su2str_t)(char *str, size_t str_len, const socku_t *su); +LIBDEF_F(su2str) +#define SU2STR_SIZE (INET6_ADDRSTRLEN+1+6+1) + + +/** + * default path to dnsrpzd + */ +const char *librpz_dnsrpzd_path; + + +#undef LIBDEF + +/* + * This is the dlopen() interface to librpz. + */ +typedef const struct { + const char *dnsrpzd_path; + const char *version; + librpz_parse_log_opt_t *parse_log_opt; + librpz_log_level_val_t *log_level_val; + librpz_set_log_t *set_log; + librpz_vpemsg_t *vpemsg; + librpz_pemsg_t *pemsg; + librpz_vlog_t *vlog; + librpz_log_t *log; + librpz_fatal_t *fatal LIBRPZ_NORET; + librpz_rpz_assert_t *rpz_assert LIBRPZ_NORET; + librpz_rpz_vassert_t *rpz_vassert LIBRPZ_NORET; + librpz_clist_create_t *clist_create; + librpz_clist_detach_t *clist_detach; + librpz_client_create_t *client_create; + librpz_connect_t *connect; + librpz_client_detach_t *client_detach; + librpz_rsp_create_t *rsp_create; + librpz_rsp_detach_t *rsp_detach; + librpz_rsp_result_t *rsp_result; + librpz_have_trig_t *have_trig; + librpz_have_ns_trig_t *have_ns_trig; + librpz_rsp_clientip_prefix_t *rsp_clientip_prefix; + librpz_rsp_domain_t *rsp_domain; + librpz_rsp_rr_t *rsp_rr; + librpz_rsp_soa_t *rsp_soa; + librpz_soa_serial_t *soa_serial; + librpz_rsp_push_t *rsp_push; + librpz_rsp_pop_t *rsp_pop; + librpz_rsp_pop_discard_t *rsp_pop_discard; + librpz_rsp_forget_zone_t *rsp_forget_zone; + librpz_ck_ip_t *ck_ip; + librpz_ck_domain_t *ck_domain; + librpz_zone_refresh_t *zone_refresh; + librpz_db_info_t *db_info; + librpz_itr_start_t *itr_start; + librpz_mf_stats_t *mf_stats; + librpz_vers_stats_t *vers_stats; + librpz_itr_zone_t *itr_zone; + librpz_itr_node_t *itr_node; + librpz_policy2str_t *policy2str; + librpz_trig2str_t *trig2str; + librpz_secs2str_t *secs2str; + librpz_str2secs_t *str2secs; + librpz_rtype2str_t *rtype2str; + librpz_domain_ntop_t *domain_ntop; + librpz_domain_pton2_t *domain_pton2; + librpz_mk_inet_su_t *mk_inet_su; + librpz_mk_inet6_su_t *mk_inet6_su; + librpz_str2su_t *str2su; + librpz_su2str_t *su2str; +} librpz_0_t; +extern librpz_0_t librpz_def_0; + +/* + * Future versions can be upward compatible by defining LIBRPZ_DEF as + * librpz_X_t. + */ +#define LIBRPZ_DEF librpz_def_0 +#define LIBRPZ_DEF_STR "librpz_def_0" + +typedef librpz_0_t librpz_t; +extern librpz_t *librpz; + + +#if LIBRPZ_LIB_OPEN == 2 +#include + +/** + * link-load librpz + * @@param[out] emsg: error message + * @@param[in,out] dl_handle: NULL or pointer to new dlopen handle + * @@param[in] path: librpz.so path + * @@return address of interface structure or NULL on failure + */ +static inline librpz_t * +librpz_lib_open(librpz_emsg_t *emsg, void **dl_handle, const char *path) +{ + void *handle; + librpz_t *new_librpz; + + emsg->c[0] = '\0'; + + /* + * Close a previously opened handle on librpz.so. + */ + if (dl_handle != NULL && *dl_handle != NULL) { + if (dlclose(*dl_handle) != 0) { + snprintf(emsg->c, sizeof(librpz_emsg_t), + "dlopen(NULL): %s", dlerror()); + return (NULL); + } + *dl_handle = NULL; + } + + /* + * First try the main executable of the process in case it was + * linked to librpz. + * Do not worry if we cannot search the main executable of the process. + */ + handle = dlopen(NULL, RTLD_NOW | RTLD_LOCAL); + if (handle != NULL) { + new_librpz = dlsym(handle, LIBRPZ_DEF_STR); + if (new_librpz != NULL) { + if (dl_handle != NULL) + *dl_handle = handle; + return (new_librpz); + } + if (dlclose(handle) != 0) { + snprintf(emsg->c, sizeof(librpz_emsg_t), + "dlsym(NULL, "LIBRPZ_DEF_STR"): %s", + dlerror()); + return (NULL); + } + } + + if (path == NULL || path[0] == '\0') { + snprintf(emsg->c, sizeof(librpz_emsg_t), + "librpz not linked and no dlopen() path provided"); + return (NULL); + } + + handle = dlopen(path, RTLD_NOW | RTLD_LOCAL); + if (handle == NULL) { + snprintf(emsg->c, sizeof(librpz_emsg_t), "dlopen(%s): %s", + path, dlerror()); + return (NULL); + } + new_librpz = dlsym(handle, LIBRPZ_DEF_STR); + if (new_librpz != NULL) { + if (dl_handle != NULL) + *dl_handle = handle; + return (new_librpz); + } + snprintf(emsg->c, sizeof(librpz_emsg_t), + "dlsym(%s, "LIBRPZ_DEF_STR"): %s", + path, dlerror()); + dlclose(handle); + return (NULL); +} + +#elif defined(LIBRPZ_LIB_OPEN) + +/* + * Statically link to the librpz.so DSO on systems without dlopen() + */ +static inline librpz_t * +librpz_lib_open(librpz_emsg_t *emsg, void **dl_handle, const char *path) +{ + (void)(path); + + if (dl_handle != NULL) + *dl_handle = NULL; + +#if LIBRPZ_LIB_OPEN == 1 + emsg->c[0] = '\0'; + return (&LIBRPZ_DEF); +#else + snprintf(emsg->c, sizeof(librpz_emsg_t), + "librpz not available via ./configure"); + return (NULL); +#endif /* LIBRPZ_LIB_OPEN */ +} +#endif /* LIBRPZ_LIB_OPEN */ + +#endif /* LIBRPZ_H */ =================================================================== RCS file: ./fastrpz/RCS/rpz.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.c --- ./fastrpz/rpz.c +++ ./fastrpz/rpz.c @@@@ -0,0 +1,1357 @@@@ +/* + * fastrpz/rpz.c - interface to the fastrpz response policy zone library + * + * Optimize no-rewrite cases for speed but optimize rewriting for + * simplicity and size. + */ + +#include "config.h" + +#ifdef ENABLE_FASTRPZ +#include "daemon/daemon.h" +#define LIBRPZ_LIB_OPEN FASTRPZ_LIB_OPEN +#include "fastrpz/rpz.h" +#include "daemon/worker.h" +#include "iterator/iter_delegpt.h" +#include "iterator/iter_utils.h" +#include "iterator/iterator.h" +#include "util/data/dname.h" +#include "util/data/msgencode.h" +#include "util/data/msgparse.h" +#include "util/data/msgreply.h" +#include "util/log.h" +#include "util/netevent.h" +#include "util/net_help.h" +#include "util/regional.h" +#include "util/storage/slabhash.h" +#include "services/cache/dns.h" +#include "services/cache/rrset.h" +#include "services/mesh.h" +#include "sldns/sbuffer.h" +#include "sldns/rrdef.h" + + +typedef enum state { + /* No more rewriting */ + st_off = 1, + /* Send SERVFAIL */ + st_servfail, + /* No dispositive hit yet */ + st_unknown, + /* Let the iterator resolve a CNAME or get a delegation point. */ + st_iterate, + /* Let the iterator resolve NS to check NSIP or NSDNAME triggers. */ + st_ck_ns, + /* We have an answer */ + st_rewritten, +} st_t; + + +/* RPZ state pointed to by struct comm_reply */ +typedef struct commreply_rpz { + /* librpz state */ + librpz_rsp_t* rsp; + /* ID for log messages */ + int log_id; + + /* from configuration */ + int min_ns_dots; + + /* Running in the iterator */ + bool iterating; + + /* current and previous state and librpz result */ + st_t st; + st_t saved_st[LIBRPZ_RSP_STACK_DEPTH-1]; + librpz_result_t result; + + /* Stop adding CNAMEs to the prepend list before this owner name. */ + librpz_domain_buf_t cname_hit; + /* It is not the first CNAME */ + bool cname_hit_2nd; + librpz_result_id_t hit_id; +} commreply_rpz_t; + + +/* Generate an ID for log messages. */ +static int log_id; + +librpz_t *librpz; + + +static void LIBRPZ_NORET +rpz_assert(const char *s) +{ + fatal_exit("%s", s); + exit(1); +} +#define RPZ_ASSERT(c) ((c) ? (void)0 : rpz_assert(#c), (void)0) + +/* + * librpz client handle locking + */ +static void +lock_destroy(void* mutex) +{ + lock_basic_destroy(mutex); + free(mutex); +} + +static void +lock(void* mutex) +{ + lock_basic_lock(mutex); +} + +static void +unlock(void* mutex) +{ + lock_basic_unlock(mutex); +} + + +static void +log_fnc(librpz_log_level_t level, void* ATTR_UNUSED(ctx), const char* buf) +{ + char label_buf[sizeof("rpz ")+8]; + + /* Setting librpz_log_level overrides the unbound "verbose" level. */ + if(level > LIBRPZ_LOG_TRACE1 && + level <= librpz->log_level_val(LIBRPZ_LOG_INVALID)) + level = LIBRPZ_LOG_TRACE1; + + switch(level) { + case LIBRPZ_LOG_FATAL: + case LIBRPZ_LOG_ERROR: /* errors */ + default: + log_err("rpz: %s", buf); + break; + + case LIBRPZ_LOG_TRACE1: /* big events such as dnsrpzd starts */ + verbose(VERB_OPS, "rpz: %s", buf); + break; + + case LIBRPZ_LOG_TRACE2: /* smaller dnsrpzd zone transfers */ + verbose(VERB_DETAIL, "rpz: %s", buf); + break; + + case LIBRPZ_LOG_TRACE3: /* librpz hits */ + verbose(VERB_QUERY, "rpz: %s", buf); + break; + + case LIBRPZ_LOG_TRACE4: /* librpz lookups */ + verbose(VERB_CLIENT, "rpz: %s", buf); + break; + } +} + + +/* Release the librpz version. */ +static void +rpz_off(commreply_rpz_t* rpz, st_t st) +{ + if(!rpz) + return; + rpz->st = st; + librpz->rsp_detach(&rpz->rsp); +} + + +static void LIBRPZ_PF(2,3) +log_fail(commreply_rpz_t* rpz, const char* p, ...) +{ + va_list args; + + if(rpz->st == st_servfail) + return; + + va_start(args, p); + librpz->vlog(LIBRPZ_LOG_ERROR, rpz, p, args); + va_end(args); + if(!rpz) + return; + rpz_off(rpz, st_servfail); +} + + +/* Announce a rewrite. */ +static void +log_rewrite(uint8_t* qname, librpz_policy_t policy, const char* msg, + commreply_rpz_t* rpz) +{ + char policy_buf[POLICY2STR_SIZE]; + char qname_nm[LDNS_MAX_DOMAINLEN+1]; + librpz_domain_buf_t tdomain; + char tdomain_nm[LDNS_MAX_DOMAINLEN+1]; + librpz_emsg_t emsg; + + if(rpz->st == st_servfail || !rpz->result.log) + return; + if(librpz->log_level_val(LIBRPZ_LOG_INVALID) < LIBRPZ_LOG_TRACE1) + return; + + dname_str(qname, qname_nm); + + if(!librpz->rsp_domain(&emsg, &tdomain, rpz->rsp)) { + librpz->log(LIBRPZ_LOG_ERROR, rpz, "%s", emsg.c); + return; + } + dname_str(tdomain.d, tdomain_nm); + + librpz->log(LIBRPZ_LOG_TRACE3, rpz, "%srewriting %s via %s %s to %s", + msg, qname_nm, tdomain_nm, + librpz->trig2str(rpz->result.trig), + librpz->policy2str(policy, policy_buf, + sizeof(policy_buf))); +} + + +/* Connect to and start dnsrpzd if necessary for the unbound daemon. + * Require "rpz-conf: path" to specify the rpz configuration file. + * The unbound server directory name is the default rpz working + * directory. If unbound uses chroot, then the dnsrpzd working + * directory must be in the chroot tree. + * The database and socket are closed and re-opened. + */ +void +rpz_init(librpz_clist_t** pclist, librpz_client_t** pclient, + const struct config_file* cfg) +{ + lock_basic_type* mutex; + librpz_emsg_t emsg; + + if(!librpz) { + librpz = librpz_lib_open(&emsg, NULL, FASTRPZ_LIBRPZ_PATH); + if(!librpz) + fatal_exit("rpz: %s", emsg.c); + } + + librpz->set_log(&log_fnc, NULL); + + if(!cfg->rpz_cstr) + fatal_exit("rpz: rpz-zone: not set"); + + librpz->client_detach(pclient); + librpz->clist_detach(pclist); + + mutex = malloc(sizeof(*mutex)); + if(!mutex) + fatal_exit("rpz: no memory for lock"); + lock_basic_init(mutex); + + *pclist = librpz->clist_create(&emsg, &lock, &unlock, &lock_destroy, + mutex, NULL); + if(!pclist) + fatal_exit("rpz: %s", emsg.c); + + *pclient = librpz->client_create(&emsg, *pclist, cfg->rpz_cstr, false); + if(!*pclient) + fatal_exit("rpz: %s", emsg.c); + + if(!librpz->connect(&emsg, *pclient, true)) + fatal_exit("rpz: %s", emsg.c); + + verbose(VERB_OPS, "rpz: librpz version %s", librpz->version); +} + + +/* Stop using librpz on behalf of a worker thread. */ +void +rpz_delete(librpz_clist_t** pclist, librpz_client_t** pclient) +{ + if(librpz) { + librpz->client_detach(pclient); + librpz->clist_detach(pclist); + } +} + + +/* Release the librpz resources held for a DNS client request. */ +void +rpz_end(struct comm_reply* commreply) +{ + if(!commreply->rpz) + return; + rpz_off(commreply->rpz, commreply->rpz->st); + free(commreply->rpz); + commreply->rpz = NULL; +} + + +static bool +push_st(commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + if(rpz->st == st_off || rpz->st == st_servfail) { + librpz->log(LIBRPZ_LOG_ERROR, rpz, + "state %d in push_st()", rpz->st); + return false; + } + if(!librpz->rsp_push(&emsg, rpz->rsp)) + log_fail(rpz, "%s", emsg.c); + memmove(&rpz->saved_st[1], &rpz->saved_st[0], + sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); + rpz->saved_st[0] = rpz->st; + return rpz->st != st_servfail; +} + + +static bool +pop_st(commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + if(rpz->rsp && !librpz->rsp_pop(&emsg, &rpz->result, rpz->rsp)) + log_fail(rpz, "%s", emsg.c); + if(rpz->st != st_servfail) + rpz->st = rpz->saved_st[0]; + memmove(&rpz->saved_st[0], &rpz->saved_st[1], + sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); + return rpz->st != st_servfail; +} + +static bool +pop_discard_st(commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + if(rpz->rsp && !librpz->rsp_pop_discard(&emsg, rpz->rsp)) + log_fail(rpz, "%s", emsg.c); + memmove(&rpz->saved_st[0], &rpz->saved_st[1], + sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); + return rpz->st != st_servfail; +} + +/* Check a rewrite attempt for errors and a disabled zone. */ +static bool /* true=repeat the check */ +ck_after(uint8_t* qname, bool recursed, librpz_trig_t trig, + commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + if(rpz->st == st_servfail) + return false; + + if(!librpz->rsp_result(&emsg, &rpz->result, recursed, rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + return false; + } + + if(rpz->result.policy == LIBRPZ_POLICY_DISABLED) { + /* Log the hit on the disabled zone, do not try the zone again, + * and restore the state from before the check to forget the hit + * before trying again. */ + log_rewrite(qname, rpz->result.zpolicy, "disabled ", rpz); + if(!librpz->rsp_forget_zone(&emsg, rpz->result.cznum, rpz->rsp)) + log_fail(rpz, "%s", emsg.c); + return pop_st(rpz); + } + + /* Complain about and forget client-IP address hit that is not + * dispositive. Client-IP triggers have the highest priority + * within a policy zone, but can be overridden by any hit in a policy + * earlier in the client's (resolver's) list of zones, including + * policies that cannot be hit until after recursion. If we allowed + * client-IP triggers in secondary zones, then than two DNS requests + * that differ only in DNS client-IP addresses could properly + * have differing results. The Unbound iterator treats identical + * DNS requests the same regardless of DNS client-IP address. + * struct query_info would need to be modified to have an optional + * librpz_prefix_t containing the prefix of the client-IP address hit + * from librpz->rsp_clientip_prefix(). Adding to struct query_info + * would require finding and changing the many and obscure places + * including the Unbound tests to memset(0) the struct query_info + * that they create. */ + if(trig == LIBRPZ_TRIG_CLIENT_IP) { + if(rpz->result.cznum != 0) { + log_rewrite(qname, rpz->result.policy, + "ignore secondary ", rpz); + if(!pop_st(rpz)) + log_fail(rpz, "%s", emsg.c); + return (false); + } + } + + /* Forget the state from before the check and keep the new state + * if we do not have a hit on a disabled policy zone. */ + pop_discard_st(rpz); + return false; +} + + +/* Get the next RR from the policy record. */ +static bool +next_rr(librpz_rr_t** rrp, const uint8_t* qname, size_t qname_len, + commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + if(!librpz->rsp_rr(&emsg, NULL, NULL, NULL, rrp, &rpz->result, + qname, qname_len, rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + *rrp = NULL; + return false; + } + return true; +} + + +static bool /* false=fatal error to be logged */ +add_rr(struct sldns_buffer* pkt, const uint8_t* owner, size_t owner_len, + librpz_rr_t* rr, commreply_rpz_t* rpz) +{ + size_t rdlength; + + rdlength = ntohs(rr->rdlength); + + if(!sldns_buffer_available(pkt, owner_len + 10 + rdlength)) { + log_fail(rpz, "comm_reply buffer exhausted"); + free(rr); + return false; + } + sldns_buffer_write(pkt, owner, owner_len); + /* sizeof(librpz_rr_t)=12 instead of 10 */ + sldns_buffer_write(pkt, rr, 10 + rdlength); + return true; +} + + +/* Convert a fake incoming DNS message to an Unbound struct dns_msg */ +static void +pkt2dns_msg(struct dns_msg** dnsmsg, struct sldns_buffer* pkt, + commreply_rpz_t* rpz, struct regional* region) +{ + struct msg_parse* msgparse; + + msgparse = regional_alloc(region, sizeof(*msgparse)); + if(!msgparse) { + log_fail(rpz, "out of memory for msgparse"); + *dnsmsg = NULL; + return; + } + memset(msgparse, 0, sizeof(*msgparse)); + if(parse_packet(pkt, msgparse, region) != LDNS_RCODE_NOERROR) { + log_fail(rpz, "packet parse error"); + *dnsmsg = NULL; + return; + } + *dnsmsg = dns_alloc_msg(pkt, msgparse, region); + if(!*dnsmsg) { + log_fail(rpz, "dns_alloc_msg() failed"); + *dnsmsg = NULL; + return; + } + (*dnsmsg)->rep->security = sec_status_rpz_rewritten; +} + + +static bool /* false=SERVFAIL */ +ck_ip_rrset(const void* vdata, int family, librpz_trig_t trig, + uint8_t* qname, commreply_rpz_t* rpz) +{ + const struct packed_rrset_data* data; + uint rr_n; + size_t len; + librpz_emsg_t emsg; + + data = vdata; + + /* Loop to ignore disabled zones. */ + do { + if(!push_st(rpz)) + return false; + for(rr_n = 0; rr_n < data->count; ++rr_n) { + len = data->rr_len[rr_n]; + /* Skip bogus including negative placeholding rdata. */ + if((family == AF_INET && + len != sizeof(struct in_addr)+2) || + (family == AF_INET6 && + len != sizeof(struct in6_addr)+2)) + continue; + if(!librpz->ck_ip(&emsg, data->rr_data[rr_n]+2, + family, trig, rpz->hit_id, true, + rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + return false; + } + } + } while(ck_after(qname, true, trig, rpz)); + return rpz->st != st_servfail; +} + + +static bool /* false=SERVFAIL */ +ck_dname(uint8_t* dname, size_t dname_size, librpz_trig_t trig, + uint8_t* qname, bool recursed, commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + /* Refuse to check the root. */ + if(dname_is_root(dname)) + return rpz->st != st_servfail; + + /* Loop to ignore disabled zones. */ + do { + if(!push_st(rpz)) + return false; + if(!librpz->ck_domain(&emsg, dname, dname_size, trig, + rpz->hit_id, recursed, rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + return false; + } + } while(ck_after(qname, recursed, trig, rpz)); + + return rpz->st != st_servfail; +} + + +/* Check the IPv4 or IPv6 addresses for one NS name. */ +static bool /* false=st_servfail */ +ck_1nsip(uint8_t* nsname, size_t nsname_size, int family, int qtype, + bool* have_ns, commreply_rpz_t* rpz, struct module_env* env) +{ + struct ub_packed_rrset_key* akey; + + akey = rrset_cache_lookup(env->rrset_cache, nsname, nsname_size, + qtype, LDNS_RR_CLASS_IN, 0, 0, 0); + if(akey) { + *have_ns = true; + + if(!ck_ip_rrset(akey->entry.data, family, LIBRPZ_TRIG_NSIP, + nsname, rpz)) { + lock_rw_unlock(&akey->entry.lock); + return false; + } + lock_rw_unlock(&akey->entry.lock); + } + return true; +} + + +static bool /* false=st_servfail */ +ck_qname(uint8_t* qname, size_t qname_len, + bool recursed, /* recursion done */ + bool wait_ns, /* willing to iterate for NS data */ + commreply_rpz_t* rpz, struct module_env* env) +{ + uint8_t* dname; + size_t dname_size; + int cur_lab; + struct ub_packed_rrset_key* nskey; + const struct packed_rrset_data* nsdata; + uint8_t* nsname; + size_t nsname_size; + uint rr_n; + bool have_ns, tried_ns; + + if(!ck_dname(qname, qname_len, LIBRPZ_TRIG_QNAME, qname, false, rpz)) + return false; + + /* Do not waste time looking for NSDNAME and NSIP hits when there + * are no currently relevant triggers. */ + if(!librpz->have_ns_trig(rpz->rsp)) + return true; + + have_ns = false; + tried_ns = false; + dname = qname; + dname_size = qname_len; + for(cur_lab = dname_count_labels(dname) - 2; + cur_lab > rpz->min_ns_dots; + --cur_lab) { + tried_ns = true; + dname_remove_label(&dname, &dname_size); + nskey = rrset_cache_lookup(env->rrset_cache, dname, dname_size, + LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN, + 0, 0, 0); + if(!nskey) + continue; + + nsdata = (const struct packed_rrset_data*)nskey->entry.data; + for(rr_n = 0; + rr_n < nsdata->count && rpz->st == st_unknown; + ++rr_n) { + nsname = nsdata->rr_data[rr_n]+2; + nsname_size = nsdata->rr_len[rr_n]; + if(nsname_size <= 2) + continue; + nsname_size -= 2; + if(!ck_dname(nsname, nsname_size, LIBRPZ_TRIG_NSDNAME, + qname, recursed, rpz)) + return false; + if(!ck_1nsip(nsname, nsname_size, AF_INET, + LDNS_RR_TYPE_A, &have_ns, rpz, env)) + return false; + if(!ck_1nsip(nsname, nsname_size, AF_INET6, + LDNS_RR_TYPE_AAAA, &have_ns, rpz, env)) + return false; + } + lock_rw_unlock(&nskey->entry.lock); + } + + /* If we failed to find NS records, then stop building the response + * before a CNAME with this owner name. */ + if(!have_ns && tried_ns && (!recursed || wait_ns)) { + rpz->cname_hit.size = qname_len; + RPZ_ASSERT(rpz->cname_hit.size <= sizeof(rpz->cname_hit.d)); + memcpy(rpz->cname_hit.d, qname, qname_len); + rpz->result.hit_id = rpz->hit_id; + rpz->st = st_ck_ns; + } + return true; +} + + +/* + * Are we ready to rewrite the response? + */ +static bool /* true=send rewritten response */ +ck_result(uint8_t* qname, bool recursed, + commreply_rpz_t* rpz, const struct comm_point* commpoint) +{ + librpz_emsg_t emsg; + + switch(rpz->st) { + case st_off: + case st_servfail: + case st_rewritten: + return false; + case st_unknown: + break; + case st_iterate: + return false; + case st_ck_ns: + /* An NSDNAME or NSIP check failed for lack of cached data. */ + return false; +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wunreachable-code" + default: + fatal_exit("impossible RPZ state %d in rpz_worker_cache()", + rpz->st); +#pragma clang diagnostic pop + } + + /* Wait for a trigger. */ + if(rpz->result.policy == LIBRPZ_POLICY_UNDEFINED) { + if(recursed && + rpz->result.zpolicy != LIBRPZ_POLICY_UNDEFINED && + !librpz->rsp_result(&emsg, &rpz->result, true, rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + return false; + } + if(rpz->result.policy == LIBRPZ_POLICY_UNDEFINED) + return false; + } + + if(rpz->result.policy == LIBRPZ_POLICY_PASSTHRU) { + log_rewrite(qname, rpz->result.policy, "", rpz); + rpz_off(rpz, st_off); + return false; + } + + /* The TCP-only policy answers UDP requests with truncated responses. */ + if(rpz->result.policy == LIBRPZ_POLICY_TCP_ONLY && + commpoint->type == comm_tcp) { + rpz_off(rpz, st_off); + return false; + } + + return true; +} + + +/* + * Convert an RPZ hit to a struct dns_msg + */ +static void +get_result_msg(struct dns_msg** dnsmsg, struct query_info* qinfo, + uint16_t id, uint16_t flags, bool recursed, commreply_rpz_t* rpz, + struct comm_point* commpoint, struct regional* region) +{ + librpz_rr_t* rr; + librpz_domain_buf_t origin; + struct sldns_buffer* pkt; + uint16_t num_rrs; + librpz_emsg_t emsg; + + *dnsmsg = NULL; + if(!ck_result(qinfo->qname, recursed, rpz, commpoint)) + return; + + rpz->st = st_rewritten; + + if(rpz->result.policy == LIBRPZ_POLICY_DROP) { + log_rewrite(qinfo->qname, rpz->result.policy, "", rpz); + /* Make a fake cached message to carry + * sec_status_rpz_drop and be dropped. */ + error_encode(commpoint->buffer, LDNS_RCODE_NOERROR, + qinfo, id, flags, NULL); + pkt2dns_msg(dnsmsg, commpoint->buffer, rpz, region); + (*dnsmsg)->rep->security = sec_status_rpz_drop; + return; + } + + /* Create a DNS message of the RPZ data. + * In many cases that message could be sent directly to the DNS client, + * but sometimes iteration must be used to resolve a CNAME. + * This need not be fast, because rewriting responses should be rare. + * Therefore, use the simpler but slower tactic of generating a + * parsed version of the message. */ + + flags &= ~BIT_AA; + flags |= BIT_QR | BIT_RA; + rr = NULL; + + /* The TCP-only policy answers UDP requests with truncated responses. */ + if(rpz->result.policy == LIBRPZ_POLICY_TCP_ONLY) { + flags |= BIT_TC; + + } else if(rpz->result.policy == LIBRPZ_POLICY_NXDOMAIN) { + flags |= LDNS_RCODE_NXDOMAIN; + + } else if(rpz->result.policy == LIBRPZ_POLICY_CNAME) { + if(!rpz->iterating && + qinfo->qtype != LDNS_RR_TYPE_CNAME) { + /* The new DNS message would be a CNAME and + * the external request was not for a CNAME. + * The worker must punt to the iterator so that + * the iterator can resolve the CNAME. */ + rpz->st = st_iterate; + return; + } + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); + + } else if(rpz->result.policy == LIBRPZ_POLICY_RECORD || + rpz->result.policy == LIBRPZ_POLICY_NODATA) { + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); + /* Punt to the iterator if the new DNS message would + * be a CNAME that must be resolved. */ + if(!rpz->iterating && + qinfo->qtype != LDNS_RR_TYPE_CNAME && + rr && rr->type == ntohs(LDNS_RR_TYPE_CNAME)) { + free(rr); + rpz->st = st_iterate; + return; + } + } + log_rewrite(qinfo->qname, rpz->result.policy, "", rpz); + + /* Make a buffer containing a DNS message with the RPZ data. */ + pkt = commpoint->buffer; + sldns_buffer_clear(pkt); + if(sldns_buffer_remaining(pkt) < LDNS_HEADER_SIZE) { + log_fail(rpz, "comm_reply buffer too small for header"); + if(rr) + free(rr); + return; + } + + /* Install ID, flags, QDCOUNT=1, ANCOUNT=# of RPZ RRs, NSCOUNT=0, + * and ARCOUNT=1 for the RPZ SOA. */ + sldns_buffer_write_u16(pkt, id); + sldns_buffer_write_u16(pkt, flags); + sldns_buffer_write_u16(pkt, 1); /* QDCOUNT */ + sldns_buffer_write_u16(pkt, 0); /* ANCOUNT will be set later */ + sldns_buffer_write_u16(pkt, 0); /* NSCOUNT */ + sldns_buffer_write_u16(pkt, 1); /* ARCOUNT */ + + /* Install the question with the LDNS_RR_CLASS_RPZ bit to + * to distinguish this supposed cache entry from the real deal. */ + sldns_buffer_write(pkt, qinfo->qname, qinfo->qname_len); + sldns_buffer_write_u16(pkt, qinfo->qtype); + sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_IN); + + /* Install the RPZ RRs in the answer section */ + num_rrs = 0; + while(rr) { + /* Include only the requested RRs. */ + if(qinfo->qtype == LDNS_RR_TYPE_ANY || + rr->type == htons(qinfo->qtype) || + rr->type == htons(LDNS_RR_TYPE_CNAME)) { + if(!add_rr(pkt, qinfo->qname, qinfo->qname_len, + rr, rpz)) + return; + + ++num_rrs; + } + free(rr); + + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); + } + /* Finish ANCOUNT. */ + if(num_rrs != 0) + sldns_buffer_write_u16_at(pkt, 6, num_rrs); + + /* All rewritten responses have an identifying SOA record in the + * additional section. */ + if(!librpz->rsp_soa(&emsg, NULL, &rr, &origin, + &rpz->result, rpz->rsp)) { + log_fail(rpz, "no soa"); + return; + } + if(!add_rr(pkt, origin.d, origin.size, rr, rpz)) + return; + free(rr); + + /* Create a dns_msg representation of the fake incoming message. */ + sldns_buffer_flip(pkt); + pkt2dns_msg(dnsmsg, pkt, rpz, region); +} + + +/* Check the RRs in the ANSWER section of a reply_info. */ +static void +ck_reply(struct reply_info* reply, uint8_t* qname, bool wait_ns, + commreply_rpz_t* rpz, struct module_env* env) +{ + struct ub_packed_rrset_key* rrset; + enum sldns_enum_rr_type type; + uint rrset_n; + + /* Check the RRs in the ANSWER section. */ + rpz->cname_hit.size = 0; + rpz->cname_hit_2nd = false; + for(rrset_n = 0; rrset_n < reply->an_numrrsets; ++rrset_n) { + /* Check all of the RRs before deciding. */ + if(rpz->st != st_unknown) + return; + + rrset = reply->rrsets[rrset_n]; + if(ntohs(rrset->rk.rrset_class) != LDNS_RR_CLASS_IN) + continue; + type = ntohs(rrset->rk.type); + + if(type == LDNS_RR_TYPE_A) { + if(!ck_ip_rrset(rrset->entry.data, AF_INET, + LIBRPZ_TRIG_IP, qname, rpz)) + break; + + } else if(type == LDNS_RR_TYPE_AAAA) { + if(!ck_ip_rrset(rrset->entry.data, AF_INET6, + LIBRPZ_TRIG_IP, qname, rpz)) + break; + + } else if(type == LDNS_RR_TYPE_CNAME) { + /* Check CNAME owners unless we already have a hit. */ + ++rpz->hit_id; + if(!ck_qname(rrset->rk.dname, rrset->rk.dname_len, + true, wait_ns, rpz, env)) + break; + + /* Do not worry about the CNAME if it did not hit, + * but note the miss so that it can be prepended + * if we do hit. */ + if(rpz->result.hit_id != rpz->hit_id) { + rpz->cname_hit_2nd = true; + continue; + } + + /* Stop after hitting a CNAME. + * The iterator must be used to include CNAMEs before + * the CNAME that hit in the rewritten response. */ + rpz->cname_hit.size = rrset->rk.dname_len; + RPZ_ASSERT(rpz->cname_hit.size <= sizeof(rpz->cname_hit.d)); + memcpy(rpz->cname_hit.d, rrset->rk.dname, + rpz->cname_hit.size); + break; + } + } +} + + +static void +worker_servfail(struct worker* worker, struct query_info* qinfo, + uint16_t id, uint16_t flags, struct comm_reply* commreply) +{ + error_encode(commreply->c->buffer, LDNS_RCODE_SERVFAIL, + qinfo, id, flags, NULL); + regional_free_all(worker->scratchpad); + comm_point_send_reply(commreply); +} + + +/* Send an RPZ answer before the iterator has started. + * @@return: 1=continue normal unbound processing + * 0=punt to the iterator + * -1=rewritten response already sent or dropped. */ +static int +worker_send(struct dns_msg* dnsmsg, struct worker* worker, + struct query_info* qinfo, uint16_t id, uint16_t flags, + struct edns_data* edns, struct comm_reply* commreply) +{ + switch (commreply->rpz->st) { + case st_off: + return 1; + case st_servfail: + worker_servfail(worker, qinfo, id, flags, commreply); + return -1; + case st_unknown: + return 1; + case st_iterate: + case st_ck_ns: + return 0; /* punt to the iterator */ + case st_rewritten: + break; + default: + fatal_exit("impossible RPZ state %d in worker_send()", + commreply->rpz->st); + } + + if(dnsmsg->rep->security == sec_status_rpz_drop) { + regional_free_all(worker->scratchpad); + comm_point_drop_reply(commreply); + return -1; + } + + edns->edns_version = EDNS_ADVERTISED_VERSION; + edns->udp_size = EDNS_ADVERTISED_SIZE; + edns->ext_rcode = 0; + edns->bits = 0; /* rewritten response cannot verify. */ + if(!reply_info_answer_encode(qinfo, dnsmsg->rep, + id, flags | BIT_QR, + commreply->c->buffer, 0, 1, + worker->scratchpad, + edns->udp_size, edns, 0, 0)) { + worker_servfail(worker, qinfo, id, flags, commreply); + } else { + regional_free_all(worker->scratchpad); + comm_point_send_reply(commreply); + } + return -1; +} + + +/* Set commreply to an RPZ context if the response might be rewritten. + * Try to answer now with a hit allowed before recursion (iteration). */ +bool /* true=response sent or dropped */ +rpz_start(struct worker* worker, struct query_info* qinfo, + struct comm_reply* commreply, struct edns_data* edns) +{ + commreply_rpz_t* rpz; + uint16_t id, flags; + struct dns_msg* dnsmsg; + int family; + const void* addr; + librpz_emsg_t emsg; + + /* Quit if rpz not configured. */ + if(!worker->daemon->rpz_client) + return false; + + /* Rewrite only the Internet class */ + if(qinfo->qclass != LDNS_RR_CLASS_IN) + return false; + + rpz = commreply->rpz; + RPZ_ASSERT(!rpz); + + dnsmsg = NULL; + id = htons(sldns_buffer_read_u16_at(commreply->c->buffer, 0)); + flags = sldns_buffer_read_u16_at(commreply->c->buffer, 2); + + rpz = malloc(sizeof(*rpz)); + if(!rpz) { + librpz->log(LIBRPZ_LOG_ERROR, NULL, "no memory for rpz"); + return 0 > worker_send(dnsmsg, worker, qinfo, + id, flags, edns, commreply); + } + memset(rpz, 0, sizeof(*rpz)); + rpz->st = st_unknown; + commreply->rpz = rpz; + + /* Make a new ID for log messages */ + rpz->log_id = __sync_add_and_fetch(&log_id, 1); + + /* Get access to the librpz data. */ + if(!librpz->rsp_create(&emsg, &rpz->rsp, &rpz->min_ns_dots, + worker->daemon->rpz_client, + (flags & BIT_RD) != 0, + (edns->bits & EDNS_DO) != 0)) { + log_fail(rpz, "%s", emsg.c); + return false; + } + /* Quit if benign reasons prevent rewriting. */ + if(!rpz->rsp) { + rpz->st = st_off; + librpz->log(LIBRPZ_LOG_TRACE1, rpz, "%s", emsg.c); + return false; + } + + /* Check the client IP address. + * Do not use commreply->srctype because it is often 0. */ + family = ((struct sockaddr*)&commreply->addr)->sa_family; + switch(family) { + case AF_INET: + addr = &((struct sockaddr_in*)&commreply->addr)->sin_addr; + break; + case AF_INET6: + addr = &((struct sockaddr_in6*)&commreply->addr)->sin6_addr; + break; + default: + /* Maybe the client is on a UNIX domain socket. */ + librpz->log(LIBRPZ_LOG_TRACE2, rpz, + "unknown client address family %d", family); + addr = NULL; + break; + } + /* Loop to ignore disabled zones. */ + while(addr) { + if(!push_st(rpz)) + break; + if(!librpz->ck_ip(&emsg, addr, family, LIBRPZ_TRIG_CLIENT_IP, + rpz->hit_id, true, rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + break; + } + if(!ck_after(qinfo->qname, false, LIBRPZ_TRIG_CLIENT_IP, rpz)) + break; + } + if(rpz->st == st_servfail) + return 0 > worker_send(dnsmsg, worker, qinfo, + id, flags, edns, commreply); + + /* Check the QNAME and possibly replace a client-IP hit. */ + ck_qname(qinfo->qname, qinfo->qname_len, false, true, + rpz, &worker->env); + + get_result_msg(&dnsmsg, qinfo, id, flags, false, + rpz, commreply->c, worker->scratchpad); + return 0 > worker_send(dnsmsg, worker, qinfo, + id, flags, edns, commreply); +} + + +/* Check a cached reply before iteration. + * @@return: 1=use cache entry + * 0=deny a cached entry exists in order to punt to the iterator + * -1=rewritten response already sent or dropped */ +int +rpz_worker_cache(struct worker* worker, struct reply_info* reply, + struct query_info* qinfo, uint16_t id, uint16_t flags, + struct edns_data* edns, struct comm_reply* commreply) +{ + commreply_rpz_t* rpz; + struct dns_msg* dnsmsg; + st_t new_st; + librpz_rr_t* rr; + + dnsmsg = NULL; + + rpz = commreply->rpz; + switch(rpz->st) { + case st_off: + return 1; /* Send the cache entry. */ + case st_servfail: + return worker_send(dnsmsg, worker, qinfo, id, flags, + edns, commreply); + case st_unknown: + break; + case st_iterate: + case st_ck_ns: + return 0; /* Punt to the iterator. */ + case st_rewritten: + default: + fatal_exit("impossible RPZ state %d in rpz_worker_cache()", + rpz->st); + } + + /* Check the RRs in the ANSWER section. */ + if(!push_st(rpz)) + return worker_send(dnsmsg, worker, qinfo, id, flags, edns, + commreply); + + ck_reply(reply, qinfo->qname, true, rpz, &worker->env); + if(!ck_result(qinfo->qname, true, rpz, commreply->c)) + return worker_send(dnsmsg, worker, qinfo, id, flags, edns, + commreply); + + if(rpz->cname_hit.size != 0) { + /* Punt to the iterator if leading CNAMEs must be + * included in the rewritten response. */ + rpz->cname_hit.size = 0; + new_st = st_iterate; + + } else if(rpz->result.policy == LIBRPZ_POLICY_CNAME) { + /* Punt if the rewritten response is to a CNAME. */ + new_st = st_iterate; + + } else { + if(rpz->result.policy == LIBRPZ_POLICY_RECORD) { + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); + if(rr) { + /* Punt we are rewriting to a CNAME. */ + if(rr->type == ntohs(LDNS_RR_TYPE_CNAME)) { + free(rr); + rpz->st = st_iterate; + } else { + free(rr); + } + } + } + get_result_msg(&dnsmsg, qinfo, id, flags, true, + rpz, commreply->c, worker->scratchpad); + new_st = rpz->st; + } + + switch(new_st) { + case st_off: + case st_servfail: + break; + case st_unknown: + pop_discard_st(rpz); + break; + case st_iterate: + case st_ck_ns: + if(pop_st(rpz)) + rpz->st = new_st; + break; + case st_rewritten: + pop_discard_st(rpz); + break; + default: + fatal_exit("impossible RPZ state %d in rpz_worker_cache()", + rpz->st); + } + + return worker_send(dnsmsg, worker, qinfo, id, flags, edns, commreply); +} + + +/* Check a cache hit or miss for the iterator. + * A cache miss can already have a QNAME hit that was ignored before checking + * the iterator because of "QNAME-WAIT-RECURSE yes". + * Cache hits are treated like responses from authorities. */ +bool /* false=SERVFAIL */ +rpz_iter_cache(struct dns_msg** msg, enum response_type* type, + struct module_qstate* qstate, struct iter_qstate* iq) +{ + struct comm_reply* commreply; + commreply_rpz_t* rpz; + struct dns_msg* dnsmsg; + + commreply = &qstate->mesh_info->reply_list->query_reply; + rpz = commreply->rpz; + + rpz->iterating = true; + + switch(rpz->st) { + case st_off: + iq->rpz_rewritten = 1; /* RPZ has nothing to say. */ + return true; + case st_servfail: + return false; + case st_unknown: + break; + case st_iterate: + case st_ck_ns: + rpz->st = st_unknown; + if(!ck_qname(iq->qchase.qname, iq->qchase.qname_len, + *msg != NULL, true, rpz, qstate->env)) + return false; + /* If we must recurse regardless and if NSIP/NSDNAME + * checking failed, then delay in the hope that + * recursion will also get NS data. */ + if(rpz->st == st_ck_ns) + return true; + break; + case st_rewritten: + default: + fatal_exit("impossible RPZ state %d in rpz_iter_cache()", + rpz->st); + } + + push_st(rpz); + + /* Check the cache hit. */ + if(*msg) + ck_reply((*msg)->rep, iq->qchase.qname, true, rpz, qstate->env); + + /* The DNS ID does not matter, because the generated dns_msg + * is nominally from an authority and not to the DNS client. */ + get_result_msg(&dnsmsg, &iq->qchase, 1, qstate->query_flags, true, + rpz, commreply->c, qstate->region); + + switch(rpz->st) { + case st_off: + iq->rpz_rewritten = 1; /* RPZ has nothing to say. */ + return true; + case st_servfail: + return false; + case st_unknown: + /* RPZ has nothing to say yet. Maybe there will be a hit + * later in the CNAME chain. */ + return pop_discard_st(rpz); + case st_ck_ns: + /* Try to get NS data for a CNAME found by ck_reply() */ + *type = RESPONSE_TYPE_CNAME; + return pop_discard_st(rpz); + case st_iterate: + default: + fatal_exit("impossible RPZ state %d in rpz_iter_cache()", + rpz->st); + case st_rewritten: + break; + } + + if(*msg && rpz->cname_hit.size != 0 && rpz->cname_hit_2nd) { + /* We hit a CNAME owner in the cached msg after not hitting one + * or more CNAME owners. We need to add those leading CNAMEs + * to the prepend list. Tell the iterator to treat the cached + * message as a RESPONSE_TYPE_CNAME even if it contains answers. + * handle_cname_response() will stop prepending CNAMEs before + * the triggering CNAME. handle_cname_response() will cause + * a restart to resolve the target of the preceding CNAME, + * which is the same as the hit CNAME owner. */ + rpz->st = st_unknown; + *type = RESPONSE_TYPE_CNAME; + return pop_discard_st(rpz); + } + + *msg = dnsmsg; + iq->rpz_security = dnsmsg->rep->security; + + if(dnsmsg && dnsmsg->rep->an_numrrsets != 0 && + dnsmsg->rep->rrsets[0]->rk.type == htons(LDNS_RR_TYPE_CNAME)) { + /* The cached msg triggered a rule that rewrites to a + * CNAME that must be resolved. + * We have a replacement dns_msg with that CNAME and also + * an SOA RR in the ADDITIONAL section that the iterator + * will lose as it adds the CNAME to the prepend list. + * Save the SOA RR in iq->rpz_soa. */ + iq->rpz_soa = dnsmsg->rep->rrsets[1]; + iq->rpz_rewritten = 1; + *type = RESPONSE_TYPE_CNAME; + return true; + } + + /* Otherwise we have rewritten to zero or more non-CNAME RRs. + * (DNAMEs are not supported.) + * Tell the iterator to send the rewritten message. */ + *type = RESPONSE_TYPE_ANSWER; + iq->rpz_rewritten = 1; + return true; +} + + +/* Check a RESPONSE_TYPE_ANSWER response from an authority in the iterator. */ +rpz_iter_resp_t +rpz_iter_resp(struct module_qstate* qstate, struct iter_qstate* iq, + struct dns_msg** resp, bool* is_cname) +{ + struct comm_reply* commreply; + commreply_rpz_t* rpz; + struct reply_info* rep; + + *is_cname = false; + + commreply = &qstate->mesh_info->reply_list->query_reply; + rpz = commreply->rpz; + switch(rpz->st) { + case st_off: + case st_servfail: + case st_iterate: + case st_rewritten: + default: + fatal_exit("impossible RPZ state %d in rpz_iter_resp()", + rpz->st); + case st_ck_ns: + case st_unknown: + break; + } + + /* We know !iq->rpz_rewritten and so the response was after a simple + * cache miss when the original QNAME did not trigger a response + * or after a CNAME whose owner name did hit but was then forgotten + * with pop_st(). + * In either case, it is necessary to check the QNAME here. + * Checking the QNAME will not lose a better hit. */ + rpz->st = st_unknown; + ck_qname(iq->qchase.qname, iq->qchase.qname_len, true, false, + rpz, qstate->env); + + /* Check the RRs in the ANSWER section. */ + if(!push_st(rpz)) + return rpz_iter_resp_fail; + ck_reply(iq->response->rep, iq->qchase.qname, false, rpz, qstate->env); + get_result_msg(resp, &qstate->qinfo, 1, qstate->query_flags, true, + rpz, commreply->c, qstate->region); + switch(rpz->st) { + case st_off: + iq->rpz_rewritten = 1; /* Do not come back. */ + return rpz_iter_resp_done; + case st_servfail: /* Send SERVFAIL */ + return rpz_iter_resp_fail; + case st_unknown: + case st_ck_ns: + return rpz_iter_resp_done; /* continue without change */ + case st_iterate: + default: + fatal_exit("impossible RPZ state %d in rpz_iter_resp()", + rpz->st); + case st_rewritten: + /* Tell the iterator to use handle_cname_response() to + * prepend any preceding CNAMEs. + * We have a replacement dns_msg that also has an SOA RR in the + * ADDITIONAL section that the iterator will lose if it is a + * CNAME. Save that SOA in that case. */ + rep = (*resp)->rep; + if(rep->an_numrrsets != 0 && + rep->rrsets[0]->rk.type == ntohs(LDNS_RR_TYPE_CNAME)) { + *is_cname = true; + iq->rpz_soa = rep->rrsets[1]; + } + return rpz_iter_resp_rewrite; + } +} + + +/* Tell handle_cname_response() to stop adding to the answer prepend list + * after adding CNAME with a target that hits a QNAME trigger. + * Do not change any RPZ state, but expect the call of handle_cname_response() + * to try to resolve the CNAME and hit the same QNAME trigger and rewrite + * the response. */ +rpz_cname_t +rpz_cname(struct module_qstate* qstate, + uint8_t* oname, size_t oname_size) +{ + struct mesh_reply* reply_list; + struct comm_reply* commreply; + commreply_rpz_t* rpz; + rpz_cname_t ret; + + /* Quit if RPZ is off */ + reply_list = qstate->mesh_info->reply_list; + if(!reply_list) + return rpz_cname_prepend; + commreply = &reply_list->query_reply; + rpz = commreply->rpz; + + if(!rpz || rpz->st == st_off) + return rpz_cname_prepend; + + /* Stop on a 2nd or later CNAME for rpz_iter_resp(). */ + if(rpz->cname_hit.size != 0) { + if(!query_dname_compare(rpz->cname_hit.d, oname)) + return rpz_cname_stop; + return rpz_cname_prepend; + } + + if(rpz->st != st_unknown) + fatal_exit("impossible RPZ state %d in rpz_cname()", rpz->st); + + ret = rpz_cname_prepend; + if(!push_st(rpz)) + return rpz_cname_fail; + /* Stop before prepending a CNAME that would preempt a + * rewritten response or before a possible NSDNAME or NSIP trigger. */ + ++rpz->hit_id; + ck_qname(oname, oname_size, true, true, rpz, qstate->env); + if(rpz->st != st_unknown) + ret = rpz_cname_stop; + if(!pop_st(rpz)) + return rpz_cname_fail; + return ret; +} + +#endif /* ENABLE_FASTRPZ */ =================================================================== RCS file: ./fastrpz/RCS/rpz.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.h --- ./fastrpz/rpz.h +++ ./fastrpz/rpz.h @@@@ -0,0 +1,138 @@@@ +/* + * fastrpz/rpz.h - interface to the fastrpz response policy zone library + * + * Copyright (c) 2016 Farsight Security, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef UNBOUND_FASTRPZ_RPZ_H +#define UNBOUND_FASTRPZ_RPZ_H + +#ifndef PACKAGE_VERSION +/* Ensure that config.h has been included to correctly set ENABLE_FASTRPZ */ +#include "config.h" +#endif + +#ifdef ENABLE_FASTRPZ + +#include "librpz.h" + +#include "daemon/daemon.h" +#include "util/config_file.h" + +struct comm_point; /* forward references */ +struct comm_reply; +struct dns_msg; +struct edns_data; +struct iter_qstate; +struct query_info; +struct reply_info; +enum response_type; /* iterator/iter_utils.h */ + + +struct commreply_rpz; + +/** + * Connect to the librpz database. + * @@param pclist: future pointer to opaque librpz client data + * @@param pclient: future pointer to opaque librpz client data + * @@param cfg: parsed unbound configuration + */ +void rpz_init(librpz_clist_t** pclist, librpz_client_t** pclient, + const struct config_file* cfg); + +/** + * Disconnect from the librpz database + * @@param client: opaque librpz client data + */ +void rpz_delete(librpz_clist_t** pclist, librpz_client_t** pclient); + +/** + * Start working on a DNS request and check for client IP address triggers. + * @@param worker: the DNS request context + * @@param qinfo: the DNS question + * @@param[in,out] commreply: the answer + * @@param c: where to send the response + * @@param[in,out] edns for the DO flag + * @@return true if response already sent or dropped + */ +bool rpz_start(struct worker* worker, struct query_info* qinfo, + struct comm_reply* commreply, struct edns_data* edns); + +/** + * Release resources held for a DNS request + * @@param rspp: pointer to pointer to rpz client context. + */ +void rpz_end(struct comm_reply* comm_rep); + +/** + * Check a cached reply for RPZ hits before iteration + * @@param worker: the DNS request context + * @@param casheresp: cache reply + * @@param qinfo: the DNS question + * @@param id from the DNS request + * @@param flags from the DNS request + * @@param[in,out] edns for the DO flag + * @@param[in,out] commreply: RPZ state + * @@return 1=use cache entry, -1=rewritten response already sent or dropped, + * 0=deny a cached entry exists + */ +int rpz_worker_cache(struct worker* worker, struct reply_info* cacheresp, + struct query_info* qinfo, uint16_t id, uint16_t flags, + struct edns_data* edns, struct comm_reply* commreply); + +/** + * Check for an existing RPZ CNAME rewrite with "QNAME-WAIT-RECURSE no" + * that needs to be resolved before resolving the external request. + * @@param[out] msg: rewritten CNAME response. + * @@param qstate: query state. + * @@param iq: iterator query state. + * @@return false=send SERVFAIL + */ +bool rpz_iter_cache(struct dns_msg** msg, enum response_type* type, + struct module_qstate* qstate, struct iter_qstate* iq); + +/** + * Check a response from an authority in the iterator. + * @@param[out] type: of the final response + * @@param qstate: query state. + * @@param iq: iterator query state. + * @@param is_cname: true if the rewritten response is a CNAME + * @@return one of rpz_resp_t + */ +typedef enum { + rpz_iter_resp_fail, /* Send SERVFAIL. */ + rpz_iter_resp_rewrite, /* We rewrote the response. */ + rpz_iter_resp_done, /* Restart to refetch glue. */ +} rpz_iter_resp_t; +rpz_iter_resp_t rpz_iter_resp(struct module_qstate* qstate, + struct iter_qstate* iq, struct dns_msg** resp, + bool* is_cname); + +/** + * Check a CNAME RR + * @@param qstate: query state. + * @@param oname: cname owner name + * @@param oname_size: length of oname + * @@return: one of rpz_cname_t + */ +typedef enum { + rpz_cname_fail, /* send SERVFAIL */ + rpz_cname_prepend, /* prepend CNAME as usual */ + rpz_cname_stop, /* stop before prepending this CNAME */ +} rpz_cname_t; +rpz_cname_t rpz_cname(struct module_qstate* qstate, + uint8_t* oname, size_t oname_size); + +#endif /* ENABLE_FASTRPZ */ +#endif /* UNBOUND_FASTRPZ_RPZ_H */ =================================================================== RCS file: ./fastrpz/RCS/rpz.m4,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.m4 --- ./fastrpz/rpz.m4 +++ ./fastrpz/rpz.m4 @@@@ -0,0 +1,64 @@@@ +# fastrpz/rpz.m4 + +# ck_FASTRPZ +# -------------------------------------------------------------------------- +# check for Fastrpz +# --enable-fastrpz enable Fastrpz response policy zones +# --enable-fastrpz-dl Fastrpz delayed link [default=have dlopen] +# --with-fastrpz-dir directory containing librpz.so +# +# Fastrpz can be compiled into Unbound everywhere with a reasonably +# modern C compiler. It is enabled on systems with dlopen() and librpz.so. + +AC_DEFUN([ck_FASTRPZ], +[ + fastrpz_avail=yes + AC_MSG_CHECKING([for librpz __attribute__s]) + AC_TRY_COMPILE(,[ + extern void f(char *p __attribute__((unused)), ...) + __attribute__((format(printf,1,2))) __attribute__((__noreturn__));], + librpz_have_attr=yes + AC_DEFINE([LIBRPZ_HAVE_ATTR], 1, [have __attribute__s used in librpz.h]) + AC_MSG_RESULT([yes]), + librpz_have_attr=no + AC_MSG_RESULT([no])) + + AC_SEARCH_LIBS(dlopen, dl) + librpz_dl=yes + AC_CHECK_FUNCS(dlopen dlclose dlsym,,librpz_dl=no) + AC_ARG_ENABLE([fastrpz-dl], + [ --enable-fastrpz-dl Fastrpz delayed link [[default=$librpz_dl]]], + [enable_librpz_dl="$enableval"], + [enable_librpz_dl="$librpz_dl"]) + AC_ARG_WITH([fastrpz-dir], + [ --with-fastrpz-dir directory containing librpz.so], + [librpz_path="$withval/librpz.so"], [librpz_path="librpz.so"]) + AC_DEFINE_UNQUOTED([FASTRPZ_LIBRPZ_PATH], ["$librpz_path"], + [fastrpz librpz.so]) + if test "x$enable_librpz_dl" = "xyes"; then + fastrpz_lib_open=2 + else + fastrpz_lib_open=1 + # Add librpz.so to linked libraries if we are not using dlopen() + AC_SEARCH_LIBS([librpz_client_create], [rpz], [], + [fastrpz_lib_open=0 + fastrpz_avail=no]) + fi + AC_DEFINE_UNQUOTED([FASTRPZ_LIB_OPEN], [$fastrpz_lib_open], + [0=no fastrpz 1=static link 2=dlopen()]) + + AC_ARG_ENABLE([fastrpz], + AS_HELP_STRING([--enable-fastrpz],[enable Fastrpz response policy zones]), + [enable_fastrpz=$enableval],[enable_fastrpz=$fastrpz_avail]) + if test "x$enable_fastrpz" = xyes; then + AC_DEFINE([ENABLE_FASTRPZ], [1], [Enable fastrpz]) + if test "x$fastrpz_lib_open" = "x0"; then + AC_MSG_ERROR([[dlopen and librpz.so needed for fastrpz]]) + fi + # used in Makefile.in + AC_SUBST([FASTRPZ_SRC], [fastrpz/rpz.c]) + AC_SUBST([FASTRPZ_OBJ], [rpz.lo]) + elif test "x$fastrpz_avail" = "x0"; then + AC_MSG_WARN([[dlopen and librpz.so needed for fastrpz]]) + fi +]) =================================================================== RCS file: ./iterator/RCS/iterator.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c --- ./iterator/iterator.c +++ ./iterator/iterator.c @@@@ -67,6 +67,9 @@@@ #include "sldns/str2wire.h" #include "sldns/parseutil.h" #include "sldns/sbuffer.h" +#ifdef ENABLE_FASTRPZ +#include "fastrpz/rpz.h" +#endif int iter_init(struct module_env* env, int id) @@@@ -487,6 +490,23 @@@@ if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && query_dname_compare(*mname, r->rk.dname) == 0 && !iter_find_rrset_in_prepend_answer(iq, r)) { +#ifdef ENABLE_FASTRPZ + /* Stop adding CNAME rrsets to the prepend list + * before defining an RPZ hit. */ + if(!iq->rpz_rewritten) { + switch (rpz_cname(qstate, *mname, *mname_len)) { + case rpz_cname_fail: + /* send SERVFAIL */ + return 0; + case rpz_cname_prepend: + /* save the CNAME. */ + break; + case rpz_cname_stop: + /* Pause before adding the CNAME. */ + goto stop_short; + } + } +#endif /* Add this relevant CNAME rrset to the prepend list.*/ if(!iter_add_prepend_answer(qstate, iq, r)) return 0; @@@@ -495,6 +515,9 @@@@ /* Other rrsets in the section are ignored. */ } +#ifdef ENABLE_FASTRPZ +stop_short: ; +#endif /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ for(i=msg->rep->an_numrrsets; irep->an_numrrsets + msg->rep->ns_numrrsets; i++) { @@@@ -996,6 +1019,7 @@@@ uint8_t* delname; size_t delnamelen; struct dns_msg* msg = NULL; + enum response_type type; log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); /* check effort */ @@@@ -1056,8 +1080,7 @@@@ } if(msg) { /* handle positive cache response */ - enum response_type type = response_type_from_cache(msg, - &iq->qchase); + type = response_type_from_cache(msg, &iq->qchase); if(verbosity >= VERB_ALGO) { log_dns_msg("msg from cache lookup", &msg->qinfo, msg->rep); @@@@ -1065,7 +1088,22 @@@@ (int)msg->rep->ttl, (int)msg->rep->prefetch_ttl); } +#ifdef ENABLE_FASTRPZ + } + /* Check for an RPZ hit in the cached DNS message or an existing + * RPZ CNAME rewrite that can be resolved now after a hit on the QNAME + * or client IP address. This can involve a creating a fake cache + * hit. It can also involve overriding an RESPONSE_TYPE_ANSWER + * result from response_type_from_cache(). Or it can ignore + * the cached result to refetch glue. */ + if(!iq->rpz_rewritten && + qstate->mesh_info->reply_list && + qstate->mesh_info->reply_list->query_reply.rpz && + !rpz_iter_cache(&msg, &type, qstate, iq)) + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + if(msg) { +#endif if(type == RESPONSE_TYPE_CNAME) { uint8_t* sname = 0; size_t slen = 0; @@@@ -2321,6 +2359,62 @@@@ sock_list_insert(&qstate->reply_origin, &qstate->reply->addr, qstate->reply->addrlen, qstate->region); +#ifdef ENABLE_FASTRPZ + /* Check the response for an RPZ hit. The response has already + * been saved in the cache. This should have the same effect + * as finding that response in the cache. + * We have already used rpz_iter_cache() at least once. */ + if(!iq->rpz_rewritten && + qstate->mesh_info->reply_list && + qstate->mesh_info->reply_list->query_reply.rpz) { + struct dns_msg* resp; + bool is_cname; + uint8_t* sname; + size_t slen; + + switch (rpz_iter_resp(qstate, iq, &resp, &is_cname)) { + case rpz_iter_resp_fail: + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + case rpz_iter_resp_rewrite: + /* Prepend any initial CNAMEs from the original + * response up to a hit. */ + if(!handle_cname_response(qstate, iq, + iq->response, + &sname, &slen)) + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + if (resp) { + iq->response = resp; + iq->rpz_security = resp->rep->security; + iq->rpz_rewritten = 1; + + /* Send the rewritten record if it + * is not a CNAME. */ + if(!is_cname) + break; + + /* Prepend the new CNAME + * and restart to resolve it. */ + if(!handle_cname_response(qstate, iq, + resp, &sname, &slen)) + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + } + iq->qchase.qname = sname; + iq->qchase.qname_len = slen; + iq->dp = NULL; + iq->refetch_glue = 0; + iq->query_restart_count++; + iq->sent_count = 0; + iq->state = INIT_REQUEST_STATE; + return 1; + + case rpz_iter_resp_done: + break; + } + } +#endif if(iq->minimisation_state != DONOT_MINIMISE_STATE) { if(FLAGS_GET_RCODE(iq->response->rep->flags) != LDNS_RCODE_NOERROR) { @@@@ -3022,12 +3116,44 @@@@ * but only if we did recursion. The nonrecursion referral * from cache does not need to be stored in the msg cache. */ if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { +#ifdef ENABLE_FASTRPZ + /* Do not save RPZ rewritten messages. */ + if(!iq->rpz_rewritten) +#endif iter_dns_store(qstate->env, &qstate->qinfo, iq->response->rep, 0, qstate->prefetch_leeway, iq->dp&&iq->dp->has_parent_side_NS, qstate->region, qstate->query_flags); } } +#ifdef ENABLE_FASTRPZ + if(iq->rpz_rewritten) { + /* Restore RPZ marks on a rewritten response. The marks + * are lost if the rewrite is to a CNAME. */ + iq->response->rep->security = iq->rpz_security; + + /* Append the RPZ SOA to rewritten CNAME chains. */ + if(iq->rpz_soa) { + struct ub_packed_rrset_key** sets; + uint n; + + n = iq->response->rep->rrset_count; + sets = regional_alloc(qstate->region, + (1+n) * sizeof(*sets)); + if(!sets) { + log_err("append RPZ SOA: out of memory"); + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + } + memcpy(sets, iq->response->rep->rrsets, + n * sizeof(struct ub_packed_rrset_key*)); + sets[n] = iq->rpz_soa; + iq->response->rep->rrsets = sets; + ++iq->response->rep->rrset_count; + ++iq->response->rep->ar_numrrsets; + } + } +#endif qstate->return_rcode = LDNS_RCODE_NOERROR; qstate->return_msg = iq->response; return 0; =================================================================== RCS file: ./iterator/RCS/iterator.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.h --- ./iterator/iterator.h +++ ./iterator/iterator.h @@@@ -381,6 +381,16 @@@@ */ int minimise_count; + +#ifdef ENABLE_FASTRPZ + /** The response has been rewritten by RPZ. */ + int rpz_rewritten; + /** RPZ SOA RR for the ADDITIONAL section */ + struct ub_packed_rrset_key* rpz_soa; + /** sec_status_rpz_rewritten or sec_status_rpz_drop if rewritten. */ + enum sec_status rpz_security; +#endif + /** * Count number of time-outs. Used to prevent resolving failures when * the QNAME minimisation QTYPE is blocked. */ =================================================================== RCS file: ./services/cache/RCS/dns.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./services/cache/dns.c --- ./services/cache/dns.c +++ ./services/cache/dns.c @@@@ -838,6 +838,14 @@@@ struct regional* region, uint16_t flags) { struct reply_info* rep = NULL; + +#ifdef ENABLE_FASTRPZ + /* Never save RPZ rewritten data. */ + if (msgrep->security == sec_status_rpz_drop || + msgrep->security == sec_status_rpz_rewritten) + return 1; +#endif + /* alloc, malloc properly (not in region, like msg is) */ rep = reply_info_copy(msgrep, env->alloc, NULL); if(!rep) =================================================================== RCS file: ./services/RCS/mesh.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./services/mesh.c --- ./services/mesh.c +++ ./services/mesh.c @@@@ -59,6 +59,9 @@@@ #include "sldns/wire2str.h" #include "services/localzone.h" #include "util/data/dname.h" +#ifdef ENABLE_FASTRPZ +#include "fastrpz/rpz.h" +#endif #include "respip/respip.h" /** subtract timers and the values do not overflow or become negative */ @@@@ -1011,6 +1014,13 @@@@ else secure = 0; if(!rep && rcode == LDNS_RCODE_NOERROR) rcode = LDNS_RCODE_SERVFAIL; +#ifdef ENABLE_FASTRPZ + /* Drop the response here for LIBRPZ_POLICY_DROP after iteration. */ + if(rep && rep->security == sec_status_rpz_drop) { + log_query_info(VERB_QUERY, "rpz drop", &m->s.qinfo); + secure = 0; + } else +#endif /* send the reply */ /* We don't reuse the encoded answer if either the previous or current * response has a local alias. We could compare the alias records @@@@ -1160,6 +1170,7 @@@@ key.s.is_valrec = valrec; key.s.qinfo = *qinfo; key.s.query_flags = qflags; + key.reply_list = NULL; /* We are searching for a similar mesh state when we DO want to * aggregate the state. Thus unique is set to NULL. (default when we * desire aggregation).*/ @@@@ -1206,6 +1217,10 @@@@ if(!r) return 0; r->query_reply = *rep; +#ifdef ENABLE_FASTRPZ + /* The new reply structure owns the RPZ state. */ + rep->rpz = NULL; +#endif r->edns = *edns; if(edns->opt_list) { r->edns.opt_list = edns_opt_copy_region(edns->opt_list, =================================================================== RCS file: ./util/RCS/config_file.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/config_file.c --- ./util/config_file.c +++ ./util/config_file.c @@@@ -1167,6 +1167,8 @@@@ free(cfg->dnstap_socket_path); free(cfg->dnstap_identity); free(cfg->dnstap_version); + if (cfg->rpz_cstr) + free(cfg->rpz_cstr); config_deldblstrlist(cfg->ratelimit_for_domain); config_deldblstrlist(cfg->ratelimit_below_domain); free(cfg); =================================================================== RCS file: ./util/RCS/config_file.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/config_file.h --- ./util/config_file.h +++ ./util/config_file.h @@@@ -416,6 +416,11 @@@@ /** true to disable DNSSEC lameness check in iterator */ int disable_dnssec_lame_check; + /** true to enable RPZ */ + int rpz_enable; + /** RPZ configuration */ + char* rpz_cstr; + /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ int ip_ratelimit; /** number of slabs for ip_ratelimit cache */ =================================================================== RCS file: ./util/RCS/configlexer.lex,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/configlexer.lex --- ./util/configlexer.lex +++ ./util/configlexer.lex @@@@ -395,6 +395,10 @@@@ YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } +rpz{COLON} { YDVAR(0, VAR_RPZ) } +rpz-enable{COLON} { YDVAR(1, VAR_RPZ_ENABLE) } +rpz-zone{COLON} { YDVAR(1, VAR_RPZ_ZONE) } +rpz-option{COLON} { YDVAR(1, VAR_RPZ_OPTION) } disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } =================================================================== RCS file: ./util/RCS/configparser.y,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/configparser.y --- ./util/configparser.y +++ ./util/configparser.y @@@@ -124,6 +124,7 @@@@ %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES +%token VAR_RPZ VAR_RPZ_ENABLE VAR_RPZ_ZONE VAR_RPZ_OPTION %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT %token VAR_DISABLE_DNSSEC_LAME_CHECK @@@@ -153,7 +154,7 @@@@ toplevelvar: serverstart contents_server | stubstart contents_stub | forwardstart contents_forward | pythonstart contents_py | rcstart contents_rc | dtstart contents_dt | viewstart - contents_view | + contents_view | rpzstart contents_rpz | dnscstart contents_dnsc | cachedbstart contents_cachedb ; @@@@ -2160,6 +2161,50 @@@@ (strcmp($2, "yes")==0); } ; +rpzstart: VAR_RPZ + { + OUTYY(("\nP(rpz:)\n")); + } + ; +contents_rpz: contents_rpz content_rpz + | ; +content_rpz: rpz_enable | rpz_zone | rpz_option + ; +rpz_enable: VAR_RPZ_ENABLE STRING_ARG + { + OUTYY(("P(rpz_enable:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->rpz_enable = (strcmp($2, "yes")==0); + free($2); + } + ; +rpz_zone: VAR_RPZ_ZONE STRING_ARG + { + char *new_cstr, *old_cstr; + + OUTYY(("P(rpz_zone:%s)\n", $2)); + old_cstr = cfg_parser->cfg->rpz_cstr; + asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2); + if(!new_cstr) + yyerror("out of memory"); + free(old_cstr); + cfg_parser->cfg->rpz_cstr = new_cstr; + } + ; +rpz_option: VAR_RPZ_OPTION STRING_ARG + { + char *new_cstr, *old_cstr; + + OUTYY(("P(rpz_option:%s)\n", $2)); + old_cstr = cfg_parser->cfg->rpz_cstr; + asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2); + if(!new_cstr) + yyerror("out of memory"); + free(old_cstr); + cfg_parser->cfg->rpz_cstr = new_cstr; + } + ; pythonstart: VAR_PYTHON { OUTYY(("\nP(python:)\n")); =================================================================== RCS file: ./util/data/RCS/msgencode.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/data/msgencode.c --- ./util/data/msgencode.c +++ ./util/data/msgencode.c @@@@ -585,6 +585,35 @@@@ return RETVAL_OK; } +#ifdef ENABLE_FASTRPZ +/* Insert the RPZ SOA even with MINIMAL_RESPONSES */ +static int +insert_rpz_soa(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, + sldns_buffer* pkt, size_t rrsets_before, time_t timenow, + struct regional* region, struct compress_tree_node** tree, + size_t rr_offset) +{ + int r; + size_t i, setstart; + + *num_rrs = 0; + for(i=0; irrsets[rrsets_before+i]->rk.type != LDNS_RR_TYPE_SOA) + continue; + setstart = sldns_buffer_position(pkt); + if((r=packed_rrset_encode(rep->rrsets[rrsets_before+i], + pkt, num_rrs, timenow, region, + 1, 0, tree, LDNS_SECTION_ADDITIONAL, + LDNS_RR_TYPE_ANY, 0, rr_offset)) + != RETVAL_OK) { + sldns_buffer_set_position(pkt, setstart); + return r; + } + } + return RETVAL_OK; +} + +#endif /** store query section in wireformat buffer, return RETVAL */ static int insert_query(struct query_info* qinfo, struct compress_tree_node** tree, @@@@ -748,6 +777,19 @@@@ return 0; } sldns_buffer_write_u16_at(buffer, 10, arcount); +#ifdef ENABLE_FASTRPZ + } else if(rep->security == sec_status_rpz_rewritten) { + /* Insert the RPZ SOA for rpz even with MINIMAL_RESPONSES */ + r = insert_rpz_soa(rep, rep->ar_numrrsets, &arcount, buffer, + rep->an_numrrsets + rep->ns_numrrsets, + timenow, region, &tree, rr_offset); + if(r!= RETVAL_OK) { + if(r != RETVAL_TRUNC) + return 0; + /* no need to set TC bit, this is the additional */ + sldns_buffer_write_u16_at(buffer, 10, arcount); + } +#endif } sldns_buffer_flip(buffer); return 1; =================================================================== RCS file: ./util/data/RCS/packed_rrset.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.c --- ./util/data/packed_rrset.c +++ ./util/data/packed_rrset.c @@@@ -254,6 +254,10 @@@@ case sec_status_indeterminate: return "sec_status_indeterminate"; case sec_status_insecure: return "sec_status_insecure"; case sec_status_secure: return "sec_status_secure"; +#ifdef ENABLE_FASTRPZ + case sec_status_rpz_rewritten: return "sec_status_rpz_rewritten"; + case sec_status_rpz_drop: return "sec_status_rpz_drop"; +#endif } return "unknown_sec_status_value"; } =================================================================== RCS file: ./util/data/RCS/packed_rrset.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.h --- ./util/data/packed_rrset.h +++ ./util/data/packed_rrset.h @@@@ -189,7 +189,15 @@@@ sec_status_insecure, /** SECURE means that the object (RRset or message) validated * according to local policy. */ - sec_status_secure + sec_status_secure, +#ifdef ENABLE_FASTRPZ + /** RPZ_REWRITTEN means that the response has been rewritten by + * rpz and so cannot be verified. */ + sec_status_rpz_rewritten, + /** RPZ_DROP means that the response has been rewritten by rpz + * as silence. */ + sec_status_rpz_drop +#endif }; /** =================================================================== RCS file: ./util/RCS/netevent.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/netevent.c --- ./util/netevent.c +++ ./util/netevent.c @@@@ -54,6 +54,9 @@@@ #ifdef HAVE_OPENSSL_ERR_H #include #endif +#ifdef ENABLE_FASTRPZ +#include "fastrpz/rpz.h" +#endif /* -------- Start of local definitions -------- */ /** if CMSG_ALIGN is not defined on this platform, a workaround */ @@@@ -579,6 +582,9 @@@@ struct cmsghdr* cmsg; #endif /* S_SPLINT_S */ +#ifdef ENABLE_FASTRPZ + rep.rpz = NULL; +#endif rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); @@@@ -668,6 +674,9 @@@@ int i; struct sldns_buffer *buffer; +#ifdef ENABLE_FASTRPZ + rep.rpz = NULL; +#endif rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); @@@@ -711,6 +720,9 @@@@ (void)comm_point_send_udp_msg(rep.c, buffer, (struct sockaddr*)&rep.addr, rep.addrlen); } +#ifdef ENABLE_FASTRPZ + rpz_end(&rep); +#endif if(rep.c->fd != fd) /* commpoint closed to -1 or reused for another UDP port. Note rep.c cannot be reused with TCP fd. */ break; @@@@ -2145,6 +2157,9 @@@@ comm_point_start_listening(repinfo->c, -1, repinfo->c->tcp_timeout_msec); } +#ifdef ENABLE_FASTRPZ + rpz_end(repinfo); +#endif } void @@@@ -2154,6 +2169,9 @@@@ return; log_assert(repinfo && repinfo->c); log_assert(repinfo->c->type != comm_tcp_accept); +#ifdef ENABLE_FASTRPZ + rpz_end(repinfo); +#endif if(repinfo->c->type == comm_udp) return; reclaim_tcp_handler(repinfo->c); @@@@ -2173,6 +2191,9 @@@@ { verbose(VERB_ALGO, "comm point start listening %d", c->fd==-1?newfd:c->fd); +#ifdef ENABLE_FASTRPZ + rpz_end(&c->repinfo); +#endif if(c->type == comm_tcp_accept && !c->tcp_free) { /* no use to start listening no free slots. */ return; =================================================================== RCS file: ./util/RCS/netevent.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/netevent.h --- ./util/netevent.h +++ ./util/netevent.h @@@@ -117,6 +117,10 @@@@ /** return type 0 (none), 4(IP4), 6(IP6) */ int srctype; /* DnsCrypt context */ +#ifdef ENABLE_FASTRPZ + /** per-request RPZ state */ + struct commreply_rpz* rpz; +#endif #ifdef USE_DNSCRYPT uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; uint8_t nmkey[crypto_box_BEFORENMBYTES]; =================================================================== RCS file: ./validator/RCS/validator.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./validator/validator.c --- ./validator/validator.c +++ ./validator/validator.c @@@@ -2552,6 +2552,12 @@@@ default: /* NSEC proof did not work, try next */ break; +#ifdef ENABLE_FASTRPZ + case sec_status_rpz_rewritten: + case sec_status_rpz_drop: + fatal_exit("impossible RPZ sec_status"); + break; +#endif } sec = nsec3_prove_nods(qstate->env, ve, @@@@ -2584,6 +2590,12 @@@@ default: /* NSEC3 proof did not work */ break; +#ifdef ENABLE_FASTRPZ + case sec_status_rpz_rewritten: + case sec_status_rpz_drop: + fatal_exit("impossible RPZ sec_status"); + break; +#endif } /* Apparently, no available NSEC/NSEC3 proved NODATA, so @ 1.1.1.1 log @Unbound 1.6.8 Download: unbound-1.6.8.tar.gz SHA1 checksum: 492737be9647c26ee39d4d198f2755062803b412 SHA256 checksum: e3b428e33f56a45417107448418865fe08d58e0e7fea199b855515f60884dd49 PGP signature: unbound-1.6.8.tar.gz.asc Date: 19 Jan, 2018 Bug Fixes Fix for CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records. Older versions Unbound 1.6.7 Download: unbound-1.6.7.tar.gz SHA1 checksum: 098f8acfc3e9d1cab54f07863e61eabbb67c80dc SHA256 checksum: 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f PGP signature: unbound-1.6.7.tar.gz.asc Date: 10 Oct, 2017 Features Set trust-anchor-signaling default to yes #1440: [dnscrypt] client nonce cache. #1435: Allow UDP to be disabled separately upstream and downstream. Bug Fixes Fix that looping modules always stop the query, and don't pass control. Fix unbound-host to report error for DNSSEC state of failed lookups. Spelling fixes, from Josh Soref. Fix #1400: allowing use of global cache on ECS-forwarding unless always-forward. use a cachedb answer even if it's "expired" when serve-expired is yes (patch from Jinmei Tatuya). trigger refetching of the answer in that case (this will bypass cachedb lookup) allow storing a 0-TTL answer from cachedb in the in-memory message cache when serve-expired is yes Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff. Log name of looping module Fix #1450: Generate again patch contrib/aaaa-filter-iterator.patch (by Danilo G. Baio). Fix param unused warning for windows exportsymbol compile. Use RCODE from A query on DNS64 synthesized answer. Fix trust-anchor-signaling works in libunbound. Fix spelling in unbound-control man page. Unbound 1.6.6 Download: unbound-1.6.6.tar.gz SHA1 checksum: d205c03a402f5d900d5bad3d036849a12804a49e SHA256 checksum: 972b14dc33093e672652a7b2b5f159bab2198b0fe9c9e1c5707e1895d4d4b390 PGP signature: unbound-1.6.6.tar.gz.asc Date: 18 Sep, 2017 Features unbound-control dump_infra prints port number for address if not 53. Fix #1344: RFC6761-reserved domains: test. and invalid. Fix #1349: allow suppression of pidfiles (from Daniel Kahn Gillmor). With the -p option unbound does not create a pidfile. Added stats for queries that have been ratelimited by domain recursion. Patch to show DNSCrypt status in help output, from Carsten Strotmann. Fix #1407: Add ECS options check to unbound-checkconf. Fix #1415: [dnscrypt] shared secret cache, patch from Manu Bretelle. Bug Fixes fixup of dnscrypt_cert_chacha test (from Manu Bretelle). First fix for zero b64 and hex text zone format in sldns. Better fixup of dnscrypt_cert_chacha test for different escapes. Fix that infra cache host hash does not change after reconfig. Fix python example0 return module wait instead of error for pass. enhancement for hardened-tls for DNS over TLS. Removed duplicated security settings. Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned on. Fix #1331: libunbound segfault in threaded mode when context is deleted. Fix pythonmod link line option flag. Fix openssl 1.1.0 load of ssl error strings from ssl init. Fix 1332: Bump verbosity of failed chown'ing of the control socket. Redirect all localhost names to localhost address for RFC6761. Fix #1350: make cachedb backend configurable (from JINMEI Tatuya). Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg. upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), config.sub(2016-09-05). annotate case statement fallthrough for gcc 7.1.1. flex output from flex 2.6.1. snprintf of thread number does not warn about truncated string. squelch TCP fast open error on FreeBSD when kernel has it disabled, unless verbosity is high. remove warning from windows compile. Fix compile with libnettle Fix DSA configure switch (--disable dsa) for libnettle and libnss. Fix #1365: Add Ed25519 support using libnettle. Fix #1394: mix of serve-expired and response-ip could cause a crash. Remove unused iter_env member (ip6arpa_dname) Do not reset rrset.bogus stats when called using stats_noreset. Do not add rrset_bogus and query ratelimiting stats per thread, these module stats are global. Fix #1397: Recursive DS lookups for AS112 zones names should recurse. Fix #1398: make cachedb secret configurable. Remove spaces from Makefile. Fix issue on macOX 10.10 where TCP fast open is detected but not implemented causing TCP to fail. The fix allows fallback to regular TCP in this case and is also more robust for cases where connectx() fails for some reason. Fix #1402: squelch invalid argument error for fd_set_block on windows. Fix to reclaim tcp handler when it is closed due to dnscrypt buffer allocation failure. Fix #1415: patch to free dnscrypt environment on reload. iana portlist update Small fixes for the shared secret cache patch. Fix WKS records on kvm autobuild host, with default protobyname entries for udp and tcp. Fix #1414: fix segfault on parse failure and log_replies. zero qinfo in handle_request, this zeroes local_alias and also the qname member. new keys and certs for dnscrypt tests. fixup WKS test on buildhost without servicebyname. updated contrib/fastrpz.patch to apply with configparser changes. Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs. Fix #1424: cachedb:testframe is not thread safe. Fix #1417: [dnscrypt] shared secret cache counters, and works when dnscrypt is not enabled. And cache size configuration option. Fix #1418: [ip ratelimit] initialize slabhash using ip-ratelimit-slabs. Recommend 1472 buffer size in unbound.conf Fix #1412: QNAME minimisation strict mode not honored Fix #1434: Fix windows openssl 1.1.0 linking. Add dns64 for client-subnet in unbound-checkconf. Unbound 1.6.5 Download: unbound-1.6.5.tar.gz SHA1 checksum: ecb260b94d139d84fae2bff80f9701f53a329e26 SHA256 checksum: e297aa1229015f25bf24e4923cb1dadf1f29b84f82a353205006421f82cc104e PGP signature: unbound-1.6.5.tar.gz.asc Date: 21 Aug, 2017 Bug Fixes Fix install of trust anchor when two anchors are present, makes both valid. Checks hash of DS but not signature of new key. This fixes the root.key file if created when unbound is installed between sep11 and oct11 2017. Unbound 1.6.4 Download: unbound-1.6.4.tar.gz SHA1 checksum: 836ecc48518b9159f600a738c276423ef1f95021 SHA256 checksum: df0a88816ec31ccb8284c9eb132e1166fbf6d9cde71fbc4b8cd08a91ee777fed PGP signature: unbound-1.6.4.tar.gz.asc Date: 27 Jun, 2017 Features Implemented trust anchor signaling using key tag query. unbound-checkconf -o allows query of dnstap config variables. Also unbound-control get_option. Also for dnscrypt. unbound.h exports the shm stats structures. They use type long long and no ifdefs, and ub_ before the typenames. Implemented opportunistic IPsec support module (ipsecmod). Added redirect-bogus.patch to contrib directory. Support for the ED25519 algorithm with openssl (from openssl 1.1.1). renumbering B-Root's IPv6 address to 2001:500:200::b. Fix #1276: [dnscrypt] add XChaCha20-Poly1305 cipher. Fix #1277: disable domain ratelimit by setting value to 0. Added fastrpz patch to contrib Bug Fixes Added ECS unit test (from Manu Bretelle). ECS documentation fix (from Manu Bretelle). Fix #1252: more indentation inconsistencies. Fix #1253: unused variable in edns-subnet/addrtree.c:getbit(). Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle). iana portlist update Based on #1257: check parse limit before t increment in sldns RR string parse routine. Fix #1258: Windows 10 X64 unbound 1.6.2 service will not start. and fix that 64bit getting installed in C:\Program Files (x86). Fix #1259: "--disable-ecdsa" argument overwritten by "#ifdef SHA256_DIGEST_LENGTH@@daemon/remote.c". iana portlist update Added test for leak of stub information. Fix sldns wire2str printout of RR type CAA tags. Fix sldns int16_data parse. Fix sldns parse and printout of TSIG RRs. sldns SMIMEA and AVC definitions, same as getdns definitions. Fix tcp-mss failure printout text. Set SO_REUSEADDR on outgoing tcp connections to fix the bind before connect limited tcp connections. With the option tcp connections can share the same source port (for different destinations). Add 'c' to getopt() in testbound. Adjust servfail by iterator to not store in cache when serve-expired is enabled, to avoid overwriting useful information there. Fix queries for nameservers under a stub leaking to the internet. document trust-anchor-signaling in example config file. updated configure, dependencies and flex output. better module memory lookup, fix of unbound-control shm names for module memory printout of statistics. Fix type AVC sldns rrdef. Some whitespace fixup. Fix #1265: contrib/unbound.service contains hardcoded path. Fix #1265 to use /bin/kill. Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs, and compatibility with BoringSSL. Fix #1268: SIGSEGV after log_reopen. exec_prefix is by default equal to prefix. printout localzone for duplicate local-zone warnings. Fix assertion for low buffer size and big edns payload when worker overrides udpsize. Support for openssl EVP_DigestVerify. Fix #1269: inconsistent use of built-in local zones with views. Add defaults for new local-zone trees added to views using unbound-control. Fix #1273: cachedb.c doesn't compile with -Wextra. If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write. Also use global local-zones when there is a matching view that does not have any local-zone specified. Fix fastopen EPIPE fallthrough to perform connect. Fix #1274: automatically trim chroot path from dnscrypt key/cert paths (from Manu Bretelle). Fix #1275: cached data in cachedb is never used. Fix that unbound-control can set val_clean_additional and val_permissive_mode. Add dnscrypt XChaCha20 tests. Detect chacha for dnscrypt at configure time. dnscrypt unit tests with chacha. Added domain name based ECS whitelist. Fix #1278: Incomplete wildcard proof. Fix #1279: Memory leak on reload when python module is enabled. Fix #1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly. More fixes in depth for buffer checks in 0x20 qname checks. Fix stub zone queries leaking to the internet for harden-referral-path ns checks. Fix query for refetch_glue of stub leaking to internet. Fix #1301: memory leak in respip and tests. Free callback in edns-subnetmod on exit and restart. Fix memory leak in sldns_buffer_new_frm_data. Fix memory leak in dnscrypt config read. Fix dnscrypt chacha cert support ifdefs. Fix dnscrypt chacha cert unit test escapes in grep. Fix to unlock view in view test. Fix warning in pythonmod under clang compiler. Fix lintian typo. Fix #1316: heap read buffer overflow in parse_edns_options. Unbound 1.6.3 Download: unbound-1.6.3.tar.gz SHA1 checksum: 4477627c31e8728058565f3bae3a12a1544d8a9c SHA256 checksum: 4c7e655c1d0d2d133fdeb81bc1ab3aa5c155700f66c9f5fb53fa6a5c3ea9845f PGP signature: unbound-1.6.3.tar.gz.asc Date: 13 Jun, 2017 Bug Fixes Fix #1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly. Unbound 1.6.2 Download: unbound-1.6.2.tar.gz SHA1 checksum: de370b1ac8e260db9c4c1504453752713dd8818f SHA256 checksum: 1a323d72c32180b7141c9e6ebf199fc68a0208dfebad4640cd2c4c27235e3b9c PGP signature: unbound-1.6.2.tar.gz.asc Date: 24 Apr, 2017 Features Add trustanchor.unbound CH TXT that gets a response with a number of TXT RRs with a string like "example.com. 2345 1234" with the trust anchors and their keytags. Patch for view functionality for local-data-ptr from Björn Ketelaars. Response actions based on IP address from Jinmei Tatuya (Infoblox). Patch from Luiz Fernando Softov for Stats Shared Memory. unbound-control stats_shm command prints stats using shared memory, which uses less cpu. --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and DS records. NSEC3 is not disabled. #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then enabled in the config file from Manu Bretelle. Merge EDNS Client subnet implementation from feature branch into main branch, using new EDNS processing framework. harden-algo-downgrade: no also makes unbound more lenient about digest algorithms in DS records. Bug Fixes sldns has ED25519 and ED448 algorithm number and name for display. sldns updated for vfixed and buffer resize indication from getdns. iana portlist update Fix #1224: Fix that defaults should not fall back to "Program Files (x86) if Unbound is 64bit by default on windows. Fix doc/CNAME-basedRedirectionDesignNotes.pdf zone static to redirect. make depend, autoconf, doxygen and lint fixed up. include sys/time.h for new shm code on NetBSD. Fix #1227: Fix that Unbound control allows weak ciphersuits. Fix #1226: provide official 32bit binary for windows. For #1227: if we have sha256, set the cipher list to have no known vulns. Fix testpkts.c, check if DO bit is set, not only if there is an OPT record. Fix #1229: Systemd service sandboxing in contrib/unbound.service. Fix #1230: swig version 2.0.1 is required for pythonmod, with 1.3.40 it crashes when running repeatly unbound-control reload. fix enum conversion warnings fake-sha1 test option; print warning if used. To make unit tests. unbound-control list local zone and data commands listed in the help output. Fix #1234: shortening DNAME loop produces duplicate DNAME records in ANSWER section. testbound understands Deckard MATCH rcode question answer commands. Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead of YXDOMAIN + query loop, reported by Petr Spacek. Fix that SHM is not inited if not enabled. Fix that looped DNAMEs do not cause unbound to spend effort. trustanchor tags are sorted. reusable routine to fetch taglist. Fix #1237 - Wrong resolving in chain, for norec queries that get SERVFAIL returned. make depend, autoconf, remove warnings about statement before var. lru_demote and lruhash_insert_or_retrieve functions for getdns. fixup for lruhash (whitespace and header file comment). dnscrypt tests. Fix doxygen for dnscrypt files. Fix #1238: segmentation fault when adding through the remote interface a per-view local zone to a view with no previous (configured) local zones. Fix #1229: Systemd service sandboxing, options in wrong sections. Fix #1239: configure fails to find python distutils if python prints warning. Fix to prevent non-referal query from being cached as referal when the no_cache_store flag was set. Remove (now unused) event2 include from dnscrypt code. Fix #1217: Add metrics to unbound-control interface showing crypted, cert request, plaintext and malformed queries (from Manu Bretelle). Do not add current time twice to TTL before ECS cache store. Do not touch rrset cache after ECS cache message generation. Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode. Fix #1244: document that use of chroot requires trust anchor file to be under chroot. Small fixup for documentation. Fix respip for braces when locks arent used. Fix pythonmod for cb changes. Generalise inplace callback (de)registration (de)register inplace callbacks for module id No unbound-control set_option for ECS options Deprecated client-subnet-opcode config option Introduced client-subnet-always-forward config option Changed max-client-subnet-ipv6 default to 56 (as in RFC) Removed extern ECS config options module_restart_next now calls clear on all following modules Also create ECS module qstate on module_event_pass event remove malloc from inplace_cb_register Unlock view in respip unit test Some whitespace fixup. Remove ECS option after REFUSED answer. Fix small memory leak in edns_opt_copy_alloc. Respip dereference after NULL check. Zero initialize addrtree allocation. Use correct identifier for SHM destroy. Display ECS module memory usage. Fix #1247: unbound does not shorten source prefix length when forwarding ECS. Properly check for allocation failure in local_data_find_tag_datas. Fix #1249: unbound doesn't return FORMERR to bogus ECS. Set SHM ECS memory usage to 0 when module not loaded. subnet mem value is available in shm, also when not enabled, to make the struct easier to memmap by other applications, independent of the configuration of unbound. Fix #1250: inconsistent indentation in services/listen_dnsport.c. Unbound 1.6.1 Download: unbound-1.6.1.tar.gz SHA1 checksum: 41369fcfd37844b02b7293b37ec78e69f0db34c7 SHA256 checksum: 42df63f743c0fe8424aeafcf003ad4b880b46c14149d696057313f5c1ef51400 PGP signature: unbound-1.6.1.tar.gz.asc Date: 21 Feb, 2017 Features configure --enable-systemd and lets unbound use systemd sockets if you enable use-systemd: yes in unbound.conf. Also there are contrib/unbound.socket and contrib/unbound.service: systemd files for unbound, install them in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov. [bugzilla: 1187 ] Source IP rate limiting, patch from Larissa Feng. [bugzilla: 1184 ] Log DNS replies. This includes the same logging information that DNS queries and response code and response size, patch from Larissa Feng. Include root trust anchor id 20326 in unbound-anchor. 64bit is default for windows builds. Bug Fixes [bugzilla: 1176 ] Fix stack size too small for Alpine Linux. Fix unbound-control and ipv6 only. [bugzilla: 1182 ] Fix Resource leak (socket), at startup. [bugzilla: 1178 ] Fix attempt to fix setup error at end, pop result values at end of install. iana portlist update Fix inet_ntop and inet_pton warnings in windows compile. [bugzilla: 1191 ] Fix remove comment about view deletion. [bugzilla: 1188 ] Fix unresolved symbol 'fake_dsa' in libunbound.so when built with Nettle [bugzilla: 1190 ] Fix to not echo back EDNS options in local-zone error response. [bugzilla: 1194 ] Fix if cross build fails when $host isn't `uname` for getentropy. Fix reload chdir failure when also chrooted to that directory. Fix to return formerr for queries for meta-types, to avoid packet amplification if this meta-type is sent on to upstream. [bugzilla: 1201 ] Fix missing unlock in answer_from_cache error condition. [bugzilla: 1202 ] Fix code comment that packed_rrset_data is not always 'packed'. Fix to also block meta types 128 through to 248 with formerr. [bugzilla: 1206 ] Fix that some view-related commands are missing from 'unbound-control -h' Fix to rename ub_callback_t to ub_callback_type, because POSIX reserves _t typedefs. Fix to rename internally used types from _t to _type, because _t type names are reserved by POSIX. Increase MAX_MODULE to 16. [bugzilla: 1211 ] Fix can't enable interface-automatic if no IPv6 with more helpful error message. fix root_anchor test for updated icannbundle.pem lower certificates. Fix compile on solaris of the fix to use $host detect. Fix for type name change and fix warning on windows compile. Fix pythonmod for typedef changes. Fix dnstap for warning of set but not used. Fix autoconf of systemd check for lack of pkg-config. Unbound 1.6.0 Download: unbound-1.6.0.tar.gz SHA1 checksum: 9b7606b016b447dc837efc108cee94f3fecf4ede SHA256 checksum: 6b7db874e6debda742fee8869d722e5a17faf1086e93c911b8564532aeeffab7 PGP signature: unbound-1.6.0.tar.gz.asc Date: 15 Dec, 2016 Features Added generic EDNS code for registering known EDNS option codes, bypassing the cache response stage and uniquifying mesh states. Four EDNS option lists were added to module_qstate (module_qstate.edns_opts_*) to store EDNS options from/to front/back side. Added two flags to module_qstate (no_cache_lookup, no_cache_store) that control the modules' cache interactions. Added code for registering inplace callback functions. The registered functions can be called just before replying with local data or Chaos, replying from cache, replying with SERVFAIL, replying with a resolved query, sending a query to a nameserver. The functions can inspect the available data and maybe change response/query related data (i.e. append EDNS options). Updated Python module for the above. Updated Python documentation. Added views functionality. Added qname-minimisation-strict config option. Patch that resolves CNAMEs entered in local-data conf statements that point to data on the internet, from Jinmei Tatuya (Infoblox). serve-expired config option: serve expired responses with TTL 0. .gitattributes line for githubs code language display. log-identity: config option to set sys log identity, patch from "Robin H. Johnson" (robbat2@@gentoo.org). Added stub-ssl-upstream and forward-ssl-upstream options. Added local-zones and local-data bulk addition and removal functionality in unbound-control (local_zones, local_zones_remove, local_datas and local_datas_remove). Bug Fixes Fix #836: unbound could echo back EDNS options in an error response. Fix #838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX. Fix #839: Memory grows unexpectedly with large RPZ files. Fix #840: infinite loop in unbound_munin_ plugin on unowned lockfile. Fix #841: big local-zone's make it consume large amounts of memory. Fix dnstap relaying "random" messages instead of resolver/forwarder responses, from Nikolay Edigaryev. Fix Nits for 1.5.10 reported by Dag-Erling Smorgrav. Fix #1117: spelling errors, from Robert Edmonds. iana portlist update. fix memoryleak logfile when in debug mode. Re-fix #839 from view commit overwrite. Fixup const void cast warning. Removed patch comments from acllist.c and msgencode.c Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf, from Jinmei Tatuya (Infoblox). Fix #1125: unbound could reuse an answer packet incorrectly for clients with different EDNS parameters, from Jinmei Tatuya. Fix #1118: libunbound.pc sets strange Libs, Libs.private values. Added Requires line to libunbound.pc Fix #1130: whitespace in example.conf.in more consistent. suppress compile warning in lex files. init lzt variable, for older gcc compiler warnings. fix --enable-dsa to work, instead of copying ecdsa enable. Fix DNSSEC validation of query type ANY with DNAME answers. Fixup query_info local_alias init. Ported tests for local_cname unit test to testbound framework. g.root-servers.net has AAAA address. Fix #1134: unbound-control set_option -- val-override-date: -1 works immediately to ignore datetime, or back to 0 to enable it again. The -- is to ignore the '-1' as an option flag. Patch for server.num.zero_ttl stats for count of expired replies, from Pavel Odintsov. Fix failure to build on arm64 with no sbrk. Set OpenSSL security level to 0 when using aNULL ciphers. configure detects ssl security level API function in the autoconf manner. Every function on its own, so that other libraries (eg. LibreSSL) can develop their API without hindrance. Fix #1154: segfault when reading config with duplicate zones. Note that for harden-below-nxdomain the nxdomain must be secure, this means nsec3 with optout is insufficient. Fix #1155: test status code of unbound-control in 04-checkconf, not the status code from the tee command. Fix #1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing Underneath" for the harden-below-nxdomain option. patch from Dag-Erling Smorgrav that removes code that relies on sbrk(). Make access-control-tag-data RDATA absolute. This makes the RDATA origin consistent between local-data and access-control-tag-data. Fix NSEC ENT wildcard check. Matching wildcard does not have to be a subdomain of the NSEC owner. QNAME minimisation uses QTYPE=A, therefore always check cache for this type in harden-below-nxdomain functionality. Added unit test for QNAME minimisation + harden below nxdomain synergy. Fix that with openssl 1.1 control-use-cert: no uses less cpu, by using no encryption over the unix socket. hyphen as minus fix, by Andreas Schulze Fix #1170: document that 'inform' local-zone uses local-data. Fix #1173: differ local-zone type deny from unset tag_actions element. Add DSA support for OpenSSL 1.1.0 Fix remote control without cert for LibreSSL Fix downcast warnings from visual studio in sldns code. Unbound 1.5.10 Download: unbound-1.5.10.tar.gz SHA1 checksum: 6102849c400db3a4195b1f16df8f312568a6ec57 SHA256 checksum: a39b8b4fcca2a2b35a2daa53fe35150cc3f09038dc9acede09c912fc248a9486 PGP signature: unbound-1.5.10.tar.gz.asc Date: 27 Sep, 2016 Features Create a pkg-config file for libunbound in contrib. TCP Fast open patch from Sara Dickinson. Finegrained localzone control with define-tag, access-control-tag, access-control-tag-action, access-control-tag-data, local-zone-tag, and local-zone-override. And added types always_transparent, always_refuse, always_nxdomain with that. If more than half of tcp connections are in use, a shorter timeout is used (200 msec, vs 2 minutes) to pressure tcp for new connects. [bugzilla: 787 ] Fix #787: outgoing-interface netblock/64 ipv6 option to use linux freebind to use 64bits of entropy for every query with random local part. For #787: prefer-ip6 option for unbound.conf prefers to send upstream queries to ipv6 servers. Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e. keep debug symbols in windows build. Bug Fixes [bugzilla: 778 ] Fix unbound 1.5.9: -h segfault (null deref). Fix unbound-anchor.exe file location defaults to Program Files with (x86) appended. Fix to not ignore return value of chown() in daemon startup. Better help text from -h (from Ray Griffith). [bugzilla: 773 ] Fix Non-standard Python location build failure with pyunbound. Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures. Revert fix for NetworkService account on windows due to breakage it causes. Fix that windows install will not overwrite existing service.conf file (and ignore gui config choices if it exists). And delete service.conf.shipped on uninstall. In unbound.conf directory: dir immediately changes to that directory, so that include: file below that is relative to that directory. With chroot, make the directory an absolute path inside chroot. do not delete service.conf on windows uninstall. document directory immediate fix and allow EXECUTABLE syntax in it on windows. Fix directory: fix for unbound-checkconf, it restores cwd. Use QTYPE=A for QNAME minimisation. Keep track of number of time-outs when performing QNAME minimisation. Stop minimising when number of time-outs for a QNAME/QTYPE pair is more than three. [bugzilla: 775 ] Fix unbound-host and unbound-anchor crash on windows, ignore null delete for wsaevent. Fix spelling in freebind option man page text. Fix windows link of ssl with crypt32. [bugzilla: 779 ] Fix Union casting is non-portable. [bugzilla: 780 ] Fix MAP_ANON not defined in HP-UX 11.31. [bugzilla: 781 ] Fix prealloc() is an HP-UX system library call. Decrease dp attempts at each QNAME minimisation iteration [bugzilla: 784 ] Fix Build configure assumess that having getpwnam means there is endpwent function available. Updated repository with newer flex and bison output. Fix static compile on windows missing gdi32. Fix dynamic link of anchor-update.exe on windows. Fix detect of mingw for MXE package build. Fixes for 64bit windows compile. [bugzilla: 788 ] Fix for nettle 3.0: Failed to build with Nettle >= 3.0 and --with-libunbound-only --with-nettle. Fixed unbound.doxygen for 1.8.11. [bugzilla: 798 ] Fix Client-side TCP fast open fails (Linux). [bugzilla: 801 ] Fix missing error condition handling in daemon_create_workers(). [bugzilla: 802 ] Fix workaround for function parameters that are "unused" without log_assert. [bugzilla: 803 ] Fix confusing (and incorrect) code comment in daemon_cleanup(). [bugzilla: 806 ] Fix wrong comment removed. use sendmsg instead of sendto for TFO. [bugzilla: 807 ] Fix workaround for possible some "unused" function parameters in test code, from Jinmei Tatuya. Note that OPENPGPKEY type is RFC 7929. [bugzilla: 804 ] Fix #804: unbound stops responding after outage. Fixes queries that attempt to wait for an empty list of subqueries. Fix for #804: lower num_target_queries for iterator also for failed lookups. [bugzilla: 820 ] Fix set sldns_str2wire_rr_buf() dual meaning len parameter in each iteration in find_tag_datas(). [bugzilla: 777 ] Fix OpenSSL 1.1.0 compatibility, patch from Sebastian A. Siewior. RFC 7958 is now out, updated docs for unbound-anchor. Fix for compile without warnings with openssl 1.1.0. [bugzilla: 826 ] Fix refuse_non_local could result in a broken response. iana portlist update. Fix compile with openssl 1.1.0 with api=1.1.0. [bugzilla: 829 ] Fix doc of sldns_wire2str_rdata_buf() return value has an off-by-one typo, from Jinmei Tatuya (Infoblox). Fix incomplete prototypes reported by Dag-Erling Smørgrav. [bugzilla: 828 ] Fix missing type in access-control-tag-action redirect results in NXDOMAIN. Take configured minimum TTL into consideration when reducing TTL to original TTL from RRSIG. [bugzilla: 831 ] Fix workaround for spurious fread_chk warning against petal.c Silenced flex-generated sign-unsigned warning print with gcc diagnostic pragma. Fix for new splint on FreeBSD. Fix cast for sockaddr_un.sun_len. fix potential memory leak in daemon/remote.c and nullpointer dereference in validator/autotrust. [bugzilla: 883 ] Fix error for duplicate local zone entry. [bugzilla: 835 ] Fix --disable-dsa with nettle verify. @ text @@ 1.1.1.1.6.1 log @Sync with HEAD @ text @a0 4 Description: based on the included patch contrib/fastrpz.patch Author: fastrpz@@farsightsecurity.com --- Index: unboundfastrpz/Makefile.in d2 5 a6 2 --- unboundfastrpz/Makefile.in (revision 5073) +++ unboundfastrpz/Makefile.in (working copy) d16 1 a16 1 @@@@ -126,7 +128,7 @@@@ d19 1 a19 1 cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ d25 1 a25 1 @@@@ -139,7 +141,7 @@@@ d27 1 a27 1 val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ d29 3 a31 2 -$(IPSECMOD_OBJ) respip.lo +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) respip.lo d34 1 a34 2 COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo @@@@ -405,6 +407,11 @@@@ a45 1 Index: unboundfastrpz/config.h.in d47 6 a52 3 --- unboundfastrpz/config.h.in (revision 5073) +++ unboundfastrpz/config.h.in (working copy) @@@@ -1293,4 +1293,11 @@@@ a64 1 Index: unboundfastrpz/configure.ac d66 5 a70 2 --- unboundfastrpz/configure.ac (revision 5073) +++ unboundfastrpz/configure.ac (working copy) d79 2 a80 2 @@@@ -1575,6 +1576,9 @@@@ ;; a88 1 Index: unboundfastrpz/daemon/daemon.c d90 6 a95 3 --- unboundfastrpz/daemon/daemon.c (revision 5073) +++ unboundfastrpz/daemon/daemon.c (working copy) @@@@ -91,6 +91,9 @@@@ d105 1 a105 1 @@@@ -462,6 +465,14 @@@@ d120 3 a122 3 @@@@ -719,6 +730,9 @@@@ dnsc_delete(daemon->dnscenv); daemon->dnscenv = NULL; a129 1 Index: unboundfastrpz/daemon/daemon.h d131 6 a136 3 --- unboundfastrpz/daemon/daemon.h (revision 5073) +++ unboundfastrpz/daemon/daemon.h (working copy) @@@@ -136,6 +136,11 @@@@ a147 1 Index: unboundfastrpz/daemon/worker.c d149 6 a154 3 --- unboundfastrpz/daemon/worker.c (revision 5073) +++ unboundfastrpz/daemon/worker.c (working copy) @@@@ -75,6 +75,9 @@@@ d164 1 a164 1 @@@@ -533,8 +536,27 @@@@ a189 1 edns_bak = *edns; d191 2 a192 1 @@@@ -702,6 +724,23 @@@@ a213 1 edns_bak = *edns; d215 2 a216 1 @@@@ -1407,6 +1446,15 @@@@ d232 1 a232 1 @@@@ -1455,12 +1503,21 @@@@ d236 2 a237 2 - if(answer_from_cache(worker, &qinfo, + ret = answer_from_cache(worker, &qinfo, d239 3 a241 3 (struct reply_info*)e->data, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), repinfo, d256 1 a256 1 @@@@ -1514,11 +1571,19 @@@@ a277 1 Index: unboundfastrpz/doc/unbound.conf.5.in d279 9 a287 6 --- unboundfastrpz/doc/unbound.conf.5.in (revision 5073) +++ unboundfastrpz/doc/unbound.conf.5.in (working copy) @@@@ -1781,6 +1781,81 @@@@ used by dns64 processing instead. Can be entered multiple times, list a new domain for which it applies, one per line. Applies also to names underneath the name given. a365 1 Index: unboundfastrpz/fastrpz/librpz.h d367 5 a371 2 --- unboundfastrpz/fastrpz/librpz.h (nonexistent) +++ unboundfastrpz/fastrpz/librpz.h (working copy) a1329 1 Index: unboundfastrpz/fastrpz/rpz.c d1331 6 a1336 3 --- unboundfastrpz/fastrpz/rpz.c (nonexistent) +++ unboundfastrpz/fastrpz/rpz.c (working copy) @@@@ -0,0 +1,1352 @@@@ d1452 2 d1963 2 d1968 1 a2693 1 Index: unboundfastrpz/fastrpz/rpz.h d2695 5 a2699 2 --- unboundfastrpz/fastrpz/rpz.h (nonexistent) +++ unboundfastrpz/fastrpz/rpz.h (working copy) a2838 1 Index: unboundfastrpz/fastrpz/rpz.m4 d2840 5 a2844 2 --- unboundfastrpz/fastrpz/rpz.m4 (nonexistent) +++ unboundfastrpz/fastrpz/rpz.m4 (working copy) a2909 1 Index: unboundfastrpz/iterator/iterator.c d2911 6 a2916 3 --- unboundfastrpz/iterator/iterator.c (revision 5073) +++ unboundfastrpz/iterator/iterator.c (working copy) @@@@ -68,6 +68,9 @@@@ d2924 3 a2926 3 /* in msec */ int UNKNOWN_SERVER_NICENESS = 376; @@@@ -551,6 +554,23 @@@@ d2950 1 a2950 1 @@@@ -559,6 +579,9 @@@@ d2960 1 a2960 1 @@@@ -1195,6 +1218,7 @@@@ d2968 1 a2968 1 @@@@ -1281,8 +1305,7 @@@@ d2978 1 a2978 1 @@@@ -1290,7 +1313,22 @@@@ d3001 1 a3001 1 @@@@ -2694,6 +2732,62 @@@@ d3061 1 a3061 2 if(iq->minimisation_state != DONOT_MINIMISE_STATE && !(iq->chase_flags & BIT_RD)) { d3063 2 a3064 1 @@@@ -3440,6 +3534,10 @@@@ a3074 1 @@@@ -3446,6 +3544,34 @@@@ a3108 1 Index: unboundfastrpz/iterator/iterator.h d3110 6 a3115 3 --- unboundfastrpz/iterator/iterator.h (revision 5073) +++ unboundfastrpz/iterator/iterator.h (working copy) @@@@ -386,6 +386,16 @@@@ a3131 1 Index: unboundfastrpz/services/cache/dns.c d3133 7 a3139 4 --- unboundfastrpz/services/cache/dns.c (revision 5073) +++ unboundfastrpz/services/cache/dns.c (working copy) @@@@ -939,6 +939,14 @@@@ struct regional* region, uint32_t flags) d3142 1 a3142 1 + a3152 1 Index: unboundfastrpz/services/mesh.c d3154 6 a3159 3 --- unboundfastrpz/services/mesh.c (revision 5073) +++ unboundfastrpz/services/mesh.c (working copy) @@@@ -60,6 +60,9 @@@@ a3166 1 #include "services/listen_dnsport.h" d3168 2 a3169 1 @@@@ -1072,6 +1075,13 @@@@ d3183 1 a3183 1 @@@@ -1247,6 +1257,7 @@@@ d3191 1 a3191 1 @@@@ -1293,6 +1304,10 @@@@ a3201 1 Index: unboundfastrpz/util/config_file.c d3203 6 a3208 3 --- unboundfastrpz/util/config_file.c (revision 5073) +++ unboundfastrpz/util/config_file.c (working copy) @@@@ -1418,6 +1418,8 @@@@ d3216 1 a3216 2 #ifdef USE_IPSECMOD Index: unboundfastrpz/util/config_file.h d3218 6 a3223 3 --- unboundfastrpz/util/config_file.h (revision 5073) +++ unboundfastrpz/util/config_file.h (working copy) @@@@ -490,6 +490,11 @@@@ a3234 1 Index: unboundfastrpz/util/configlexer.lex d3236 6 a3241 3 --- unboundfastrpz/util/configlexer.lex (revision 5073) +++ unboundfastrpz/util/configlexer.lex (working copy) @@@@ -439,6 +439,10 @@@@ a3251 1 Index: unboundfastrpz/util/configparser.y d3253 6 a3258 3 --- unboundfastrpz/util/configparser.y (revision 5073) +++ unboundfastrpz/util/configparser.y (working copy) @@@@ -125,6 +125,7 @@@@ d3266 2 a3267 6 @@@@ -170,7 +171,7 @@@@ %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; -toplevelvar: serverstart contents_server | stubstart contents_stub | +toplevelvar: serverstart contents_server | stubstart contents_stub | rpzstart contents_rpz | d3269 8 a3276 4 rcstart contents_rc | dtstart contents_dt | viewstart contents_view | dnscstart contents_dnsc | cachedbstart contents_cachedb | @@@@ -2708,6 +2709,50 @@@@ free($2); d3303 1 a3303 1 + (void)asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2); d3316 1 a3316 1 + (void)asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2); a3325 1 Index: unboundfastrpz/util/data/msgencode.c d3327 6 a3332 3 --- unboundfastrpz/util/data/msgencode.c (revision 5073) +++ unboundfastrpz/util/data/msgencode.c (working copy) @@@@ -590,6 +590,35 @@@@ d3368 1 a3368 1 @@@@ -753,6 +782,19 @@@@ a3387 1 Index: unboundfastrpz/util/data/packed_rrset.c d3389 7 a3395 3 --- unboundfastrpz/util/data/packed_rrset.c (revision 5073) +++ unboundfastrpz/util/data/packed_rrset.c (working copy) @@@@ -255,6 +255,10 @@@@ a3396 1 case sec_status_secure_sentinel_fail: return "sec_status_secure_sentinel_fail"; a3404 1 Index: unboundfastrpz/util/data/packed_rrset.h d3406 7 a3412 4 --- unboundfastrpz/util/data/packed_rrset.h (revision 5073) +++ unboundfastrpz/util/data/packed_rrset.h (working copy) @@@@ -193,7 +193,15 @@@@ sec_status_secure_sentinel_fail, a3427 1 Index: unboundfastrpz/util/netevent.c d3429 6 a3434 3 --- unboundfastrpz/util/netevent.c (revision 5073) +++ unboundfastrpz/util/netevent.c (working copy) @@@@ -57,6 +57,9 @@@@ d3444 1 a3444 1 @@@@ -590,6 +593,9 @@@@ d3454 1 a3454 1 @@@@ -679,6 +685,9 @@@@ d3456 1 a3456 1 struct sldns_buffer *buffer; d3464 1 a3464 1 @@@@ -722,6 +731,9 @@@@ d3471 1 a3471 1 if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for d3474 3 a3476 3 @@@@ -3108,6 +3120,9 @@@@ repinfo->c->tcp_timeout_msec); } d3484 1 a3484 1 @@@@ -3117,6 +3132,9 @@@@ d3493 2 a3494 2 if(repinfo->c->tcp_req_info) @@@@ -3138,6 +3156,9 @@@@ a3503 1 Index: unboundfastrpz/util/netevent.h d3505 6 a3510 3 --- unboundfastrpz/util/netevent.h (revision 5073) +++ unboundfastrpz/util/netevent.h (working copy) @@@@ -120,6 +120,10 @@@@ a3520 1 Index: unboundfastrpz/validator/validator.c d3522 6 a3527 3 --- unboundfastrpz/validator/validator.c (revision 5073) +++ unboundfastrpz/validator/validator.c (working copy) @@@@ -2755,6 +2755,12 @@@@ d3540 1 a3540 1 @@@@ -2788,6 +2794,12 @@@@ @ 1.1.1.1.6.2 log @Merge changes from current as of 20200406 @ text @d4 5 a8 5 diff --git a/Makefile.in b/Makefile.in index 721c01b6..56bfb560 100644 --- a/Makefile.in +++ b/Makefile.in @@@@ -23,6 +23,8 @@@@ CHECKLOCK_SRC=testcode/checklocks.c d17 1 a17 1 @@@@ -126,7 +128,7 @@@@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ d21 2 a22 2 -$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) +$(DNSTAP_SRC) $(FASTRPZ_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) d26 1 a26 1 @@@@ -139,7 +141,7 @@@@ autotrust.lo val_anchor.lo \ d30 2 a31 2 -$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo d35 1 a35 1 @@@@ -409,6 +411,11 @@@@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ d47 5 a51 5 diff --git a/config.h.in b/config.h.in index 8c2aa3b9..efaf6450 100644 --- a/config.h.in +++ b/config.h.in @@@@ -1325,4 +1325,11 @@@@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, d64 5 a68 5 diff --git a/configure.ac b/configure.ac index 5276d441..9d74592e 100644 --- a/configure.ac +++ b/configure.ac @@@@ -6,6 +6,7 @@@@ sinclude(ax_pthread.m4) d76 1 a76 1 @@@@ -1726,6 +1727,9 @@@@ case "$enable_ipset" in d86 4 a89 4 diff --git a/daemon/daemon.c b/daemon/daemon.c index 0b1200a2..5857c18b 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c d100 1 a100 3 @@@@ -458,6 +461,14 @@@@ daemon_create_workers(struct daemon* daemon) dt_apply_cfg(daemon->dtenv, daemon->cfg); #else d102 2 a103 2 +#endif + } d110 2 a111 2 #endif } d113 3 a115 2 @@@@ -724,6 +735,9 @@@@ daemon_cleanup(struct daemon* daemon) #ifdef USE_DNSCRYPT d118 1 a118 1 +#endif d121 1 a121 1 #endif d124 6 a129 5 diff --git a/daemon/daemon.h b/daemon/daemon.h index 5749dbef..64ce230f 100644 --- a/daemon/daemon.h +++ b/daemon/daemon.h @@@@ -136,6 +136,11 @@@@ struct daemon { d141 4 a144 4 diff --git a/daemon/worker.c b/daemon/worker.c index e2ce0e87..f031c656 100644 --- a/daemon/worker.c +++ b/daemon/worker.c d155 1 a155 1 @@@@ -533,8 +536,27 @@@@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, d183 1 a183 1 @@@@ -699,6 +721,23 @@@@ answer_from_cache(struct worker* worker, struct query_info* qinfo, d207 1 a207 1 @@@@ -1410,6 +1449,15 @@@@ worker_handle_request(struct comm_point* c, void* arg, int error, d223 1 a223 1 @@@@ -1458,12 +1506,21 @@@@ lookup_cache: d247 1 a247 1 @@@@ -1518,11 +1575,19 @@@@ lookup_cache: d269 5 a273 5 diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 4bdfcd56..69e70627 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@@@ -1801,6 +1801,81 @@@@ List domain for which the AAAA records are ignored and the A record is d355 4 a358 5 diff --git a/fastrpz/librpz.h b/fastrpz/librpz.h new file mode 100644 index 00000000..645279d1 --- /dev/null +++ b/fastrpz/librpz.h d1317 4 a1320 5 diff --git a/fastrpz/rpz.c b/fastrpz/rpz.c new file mode 100644 index 00000000..c5ab7801 --- /dev/null +++ b/fastrpz/rpz.c d2674 4 a2677 5 diff --git a/fastrpz/rpz.h b/fastrpz/rpz.h new file mode 100644 index 00000000..5d7e31c5 --- /dev/null +++ b/fastrpz/rpz.h d2817 4 a2820 5 diff --git a/fastrpz/rpz.m4 b/fastrpz/rpz.m4 new file mode 100644 index 00000000..21235355 --- /dev/null +++ b/fastrpz/rpz.m4 d2886 4 a2889 4 diff --git a/iterator/iterator.c b/iterator/iterator.c index 1e0113a8..2fcbf547 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c d2900 1 a2900 1 @@@@ -555,6 +558,23 @@@@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, d2924 1 a2924 1 @@@@ -563,6 +583,9 @@@@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, d2934 1 a2934 1 @@@@ -1199,6 +1222,7 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2942 1 a2942 1 @@@@ -1285,8 +1309,7 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2952 1 a2952 1 @@@@ -1294,7 +1317,22 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2975 1 a2975 1 @@@@ -2718,6 +2756,62 @@@@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, d3038 1 a3038 1 @@@@ -3471,12 +3565,44 @@@@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, d3049 1 d3084 5 a3088 5 diff --git a/iterator/iterator.h b/iterator/iterator.h index a2f1b570..e1e4a738 100644 --- a/iterator/iterator.h +++ b/iterator/iterator.h @@@@ -386,6 +386,16 @@@@ struct iter_qstate { d3105 5 a3109 5 diff --git a/services/cache/dns.c b/services/cache/dns.c index aa4efec7..5dd3412e 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@@@ -945,6 +945,14 @@@@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, d3124 4 a3127 4 diff --git a/services/mesh.c b/services/mesh.c index d4f814d5..624a9d95 100644 --- a/services/mesh.c +++ b/services/mesh.c d3138 1 a3138 1 @@@@ -1076,6 +1079,13 @@@@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, d3152 1 a3152 1 @@@@ -1255,6 +1265,7 @@@@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, d3160 1 a3160 1 @@@@ -1301,6 +1312,10 @@@@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, d3171 5 a3175 5 diff --git a/util/config_file.c b/util/config_file.c index 119b2223..ce43a234 100644 --- a/util/config_file.c +++ b/util/config_file.c @@@@ -1434,6 +1434,8 @@@@ config_delete(struct config_file* cfg) d3183 6 a3188 6 config_delstrlist(cfg->python_script); diff --git a/util/config_file.h b/util/config_file.h index b3ef930a..56173b80 100644 --- a/util/config_file.h +++ b/util/config_file.h @@@@ -494,6 +494,11 @@@@ struct config_file { d3200 5 a3204 5 diff --git a/util/configlexer.lex b/util/configlexer.lex index a86ddf55..b56bcfb4 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@@@ -438,6 +438,10 @@@@ dnstap-log-forwarder-query-messages{COLON} { d3215 5 a3219 5 diff --git a/util/configparser.y b/util/configparser.y index 10227a2f..cdbcf7cd 100644 --- a/util/configparser.y +++ b/util/configparser.y @@@@ -125,6 +125,7 @@@@ extern struct config_parser_state* cfg_parser; d3227 1 a3227 1 @@@@ -171,7 +172,7 @@@@ extern struct config_parser_state* cfg_parser; d3236 1 a3236 1 @@@@ -2726,6 +2727,50 @@@@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES d3264 2 a3265 2 + if(asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2) == -1) {new_cstr = NULL; yyerror("out of memory");} + else if(!new_cstr) d3277 2 a3278 2 + if(asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2) == -1) {new_cstr = NULL; yyerror("out of memory");} + else if(!new_cstr) d3287 5 a3291 5 diff --git a/util/data/msgencode.c b/util/data/msgencode.c index a51a4b9b..475dfce9 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@@@ -590,6 +590,35 @@@@ insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, d3327 2 a3328 3 @@@@ -777,6 +806,19 @@@@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, } sldns_buffer_write_u16_at(buffer, 10, arcount); d3330 1 d3347 5 a3351 5 diff --git a/util/data/packed_rrset.c b/util/data/packed_rrset.c index 7b9d5494..e44b2ce5 100644 --- a/util/data/packed_rrset.c +++ b/util/data/packed_rrset.c @@@@ -255,6 +255,10 @@@@ sec_status_to_string(enum sec_status s) d3362 5 a3366 5 diff --git a/util/data/packed_rrset.h b/util/data/packed_rrset.h index 3a5335dd..20113217 100644 --- a/util/data/packed_rrset.h +++ b/util/data/packed_rrset.h @@@@ -193,7 +193,15 @@@@ enum sec_status { d3383 4 a3386 4 diff --git a/util/netevent.c b/util/netevent.c index 980bb8be..d537d288 100644 --- a/util/netevent.c +++ b/util/netevent.c d3397 1 a3397 1 @@@@ -590,6 +593,9 @@@@ comm_point_udp_ancil_callback(int fd, short event, void* arg) d3407 1 a3407 1 @@@@ -679,6 +685,9 @@@@ comm_point_udp_callback(int fd, short event, void* arg) d3417 1 a3417 1 @@@@ -722,6 +731,9 @@@@ comm_point_udp_callback(int fd, short event, void* arg) d3427 1 a3427 1 @@@@ -3184,6 +3196,9 @@@@ comm_point_send_reply(struct comm_reply *repinfo) d3437 1 a3437 1 @@@@ -3193,6 +3208,9 @@@@ comm_point_drop_reply(struct comm_reply* repinfo) d3439 1 a3439 1 log_assert(repinfo->c); d3447 1 a3447 1 @@@@ -3214,6 +3232,9 @@@@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) d3449 2 a3450 2 verbose(VERB_ALGO, "comm point start listening %d (%d msec)", c->fd==-1?newfd:c->fd, msec); d3457 5 a3461 5 diff --git a/util/netevent.h b/util/netevent.h index d80c72b3..0233292f 100644 --- a/util/netevent.h +++ b/util/netevent.h @@@@ -120,6 +120,10 @@@@ struct comm_reply { d3472 5 a3476 5 diff --git a/validator/validator.c b/validator/validator.c index 4c560a8e..71de3760 100644 --- a/validator/validator.c +++ b/validator/validator.c @@@@ -2755,6 +2755,12 @@@@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, d3489 1 a3489 1 @@@@ -2788,6 +2794,12 @@@@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, @ 1.1.1.1.2.1 log @Sync with HEAD Resolve a couple of conflicts (result of the uimin/uimax changes) @ text @a0 4 Description: based on the included patch contrib/fastrpz.patch Author: fastrpz@@farsightsecurity.com --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ d4 4 a7 5 Index: unbound-1.7.0~rc1/Makefile.in =================================================================== --- unbound-1.7.0~rc1.orig/Makefile.in +++ unbound-1.7.0~rc1/Makefile.in @@@@ -23,6 +23,8 @@@@ CHECKLOCK_SRC=testcode/checklocks.c d16 1 a16 1 @@@@ -125,7 +127,7 @@@@ validator/val_sigcrypt.c validator/val_u d19 1 a19 1 cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ d25 1 a25 1 @@@@ -137,7 +139,7 @@@@ slabhash.lo timehist.lo tube.lo winsock_ d27 1 a27 1 val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo\ d29 3 a31 2 -$(IPSECMOD_OBJ) respip.lo +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) respip.lo d34 1 a34 2 COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo @@@@ -400,6 +402,11 @@@@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscry a45 1 Index: unbound-1.7.0~rc1/config.h.in d47 6 a52 3 --- unbound-1.7.0~rc1.orig/config.h.in +++ unbound-1.7.0~rc1/config.h.in @@@@ -1228,4 +1228,11 @@@@ void *unbound_stat_realloc_log(void *ptr a64 1 Index: unbound-1.7.0~rc1/configure.ac d66 6 a71 3 --- unbound-1.7.0~rc1.orig/configure.ac +++ unbound-1.7.0~rc1/configure.ac @@@@ -6,6 +6,7 @@@@ sinclude(ax_pthread.m4) d79 2 a80 2 @@@@ -1453,6 +1454,9 @@@@ case "$enable_ipsecmod" in ;; a88 1 Index: unbound-1.7.0~rc1/daemon/daemon.c d90 6 a95 3 --- unbound-1.7.0~rc1.orig/daemon/daemon.c +++ unbound-1.7.0~rc1/daemon/daemon.c @@@@ -90,6 +90,9 @@@@ d105 1 a105 1 @@@@ -461,6 +464,14 @@@@ daemon_create_workers(struct daemon* dae d120 3 a122 3 @@@@ -710,6 +721,9 @@@@ daemon_cleanup(struct daemon* daemon) #ifdef USE_DNSCRYPT dnsc_delete(daemon->dnscenv); a129 1 Index: unbound-1.7.0~rc1/daemon/daemon.h d131 6 a136 3 --- unbound-1.7.0~rc1.orig/daemon/daemon.h +++ unbound-1.7.0~rc1/daemon/daemon.h @@@@ -134,6 +134,11 @@@@ struct daemon { a147 1 Index: unbound-1.7.0~rc1/daemon/worker.c d149 6 a154 3 --- unbound-1.7.0~rc1.orig/daemon/worker.c +++ unbound-1.7.0~rc1/daemon/worker.c @@@@ -74,6 +74,9 @@@@ d164 1 a164 1 @@@@ -527,8 +530,27 @@@@ answer_norec_from_cache(struct worker* w d192 1 a192 1 @@@@ -689,6 +711,23 @@@@ answer_from_cache(struct worker* worker, d216 1 a216 1 @@@@ -1291,6 +1330,15 @@@@ worker_handle_request(struct comm_point* d232 1 a232 1 @@@@ -1339,12 +1387,21 @@@@ lookup_cache: d236 2 a237 2 - if(answer_from_cache(worker, &qinfo, + ret = answer_from_cache(worker, &qinfo, d239 3 a241 3 (struct reply_info*)e->data, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), repinfo, d256 1 a256 1 @@@@ -1398,11 +1455,19 @@@@ lookup_cache: a277 1 Index: unbound-1.7.0~rc1/doc/unbound.conf.5.in d279 6 a284 3 --- unbound-1.7.0~rc1.orig/doc/unbound.conf.5.in +++ unbound-1.7.0~rc1/doc/unbound.conf.5.in @@@@ -1581,6 +1581,81 @@@@ It must be /96 or shorter. The default a365 1 Index: unbound-1.7.0~rc1/fastrpz/librpz.h d367 5 a371 2 --- /dev/null +++ unbound-1.7.0~rc1/fastrpz/librpz.h a1329 1 Index: unbound-1.7.0~rc1/fastrpz/rpz.c d1331 5 a1335 2 --- /dev/null +++ unbound-1.7.0~rc1/fastrpz/rpz.c a2693 1 Index: unbound-1.7.0~rc1/fastrpz/rpz.h d2695 5 a2699 2 --- /dev/null +++ unbound-1.7.0~rc1/fastrpz/rpz.h a2838 1 Index: unbound-1.7.0~rc1/fastrpz/rpz.m4 d2840 5 a2844 2 --- /dev/null +++ unbound-1.7.0~rc1/fastrpz/rpz.m4 a2909 1 Index: unbound-1.7.0~rc1/iterator/iterator.c d2911 6 a2916 3 --- unbound-1.7.0~rc1.orig/iterator/iterator.c +++ unbound-1.7.0~rc1/iterator/iterator.c @@@@ -68,6 +68,9 @@@@ d2926 1 a2926 1 @@@@ -511,6 +514,23 @@@@ handle_cname_response(struct module_qsta d2950 1 a2950 1 @@@@ -519,6 +539,9 @@@@ handle_cname_response(struct module_qsta d2960 1 a2960 1 @@@@ -1148,6 +1171,7 @@@@ processInitRequest(struct module_qstate* d2968 1 a2968 1 @@@@ -1223,8 +1247,7 @@@@ processInitRequest(struct module_qstate* d2978 1 a2978 1 @@@@ -1232,7 +1255,22 @@@@ processInitRequest(struct module_qstate* d3001 1 a3001 1 @@@@ -2552,6 +2590,62 @@@@ processQueryResponse(struct module_qstat d3064 1 a3064 1 @@@@ -3273,12 +3367,44 @@@@ processFinished(struct module_qstate* qs a3108 1 Index: unbound-1.7.0~rc1/iterator/iterator.h d3110 6 a3115 3 --- unbound-1.7.0~rc1.orig/iterator/iterator.h +++ unbound-1.7.0~rc1/iterator/iterator.h @@@@ -383,6 +383,16 @@@@ struct iter_qstate { a3131 1 Index: unbound-1.7.0~rc1/services/cache/dns.c d3133 7 a3139 4 --- unbound-1.7.0~rc1.orig/services/cache/dns.c +++ unbound-1.7.0~rc1/services/cache/dns.c @@@@ -876,6 +876,14 @@@@ dns_cache_store(struct module_env* env, struct regional* region, uint32_t flags) d3142 1 a3142 1 + a3152 1 Index: unbound-1.7.0~rc1/services/mesh.c d3154 5 a3158 2 --- unbound-1.7.0~rc1.orig/services/mesh.c +++ unbound-1.7.0~rc1/services/mesh.c d3169 1 a3169 1 @@@@ -1050,6 +1053,13 @@@@ mesh_send_reply(struct mesh_state* m, in d3183 1 a3183 1 @@@@ -1199,6 +1209,7 @@@@ struct mesh_state* mesh_area_find(struct d3191 1 a3191 1 @@@@ -1245,6 +1256,10 @@@@ int mesh_state_add_reply(struct mesh_sta a3201 1 Index: unbound-1.7.0~rc1/util/config_file.c d3203 6 a3208 3 --- unbound-1.7.0~rc1.orig/util/config_file.c +++ unbound-1.7.0~rc1/util/config_file.c @@@@ -1323,6 +1323,8 @@@@ config_delete(struct config_file* cfg) d3216 1 a3216 2 #ifdef USE_IPSECMOD Index: unbound-1.7.0~rc1/util/config_file.h d3218 6 a3223 3 --- unbound-1.7.0~rc1.orig/util/config_file.h +++ unbound-1.7.0~rc1/util/config_file.h @@@@ -431,6 +431,11 @@@@ struct config_file { a3234 1 Index: unbound-1.7.0~rc1/util/configlexer.lex d3236 6 a3241 3 --- unbound-1.7.0~rc1.orig/util/configlexer.lex +++ unbound-1.7.0~rc1/util/configlexer.lex @@@@ -412,6 +412,10 @@@@ dnstap-log-forwarder-query-messages{COLO a3251 1 Index: unbound-1.7.0~rc1/util/configparser.y d3253 6 a3258 3 --- unbound-1.7.0~rc1.orig/util/configparser.y +++ unbound-1.7.0~rc1/util/configparser.y @@@@ -124,6 +124,7 @@@@ extern struct config_parser_state* cfg_p d3266 2 a3267 6 @@@@ -158,7 +159,7 @@@@ extern struct config_parser_state* cfg_p %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; -toplevelvar: serverstart contents_server | stubstart contents_stub | +toplevelvar: serverstart contents_server | stubstart contents_stub | rpzstart contents_rpz | d3269 7 a3275 3 rcstart contents_rc | dtstart contents_dt | viewstart contents_view | dnscstart contents_dnsc | cachedbstart contents_cachedb | @@@@ -2384,6 +2385,50 @@@@ dt_dnstap_log_forwarder_response_message a3325 1 Index: unbound-1.7.0~rc1/util/data/msgencode.c d3327 6 a3332 3 --- unbound-1.7.0~rc1.orig/util/data/msgencode.c +++ unbound-1.7.0~rc1/util/data/msgencode.c @@@@ -585,6 +585,35 @@@@ insert_section(struct reply_info* rep, s d3368 1 a3368 1 @@@@ -750,6 +779,19 @@@@ reply_info_encode(struct query_info* qin a3387 1 Index: unbound-1.7.0~rc1/util/data/packed_rrset.c d3389 6 a3394 3 --- unbound-1.7.0~rc1.orig/util/data/packed_rrset.c +++ unbound-1.7.0~rc1/util/data/packed_rrset.c @@@@ -254,6 +254,10 @@@@ sec_status_to_string(enum sec_status s) a3404 1 Index: unbound-1.7.0~rc1/util/data/packed_rrset.h d3406 6 a3411 3 --- unbound-1.7.0~rc1.orig/util/data/packed_rrset.h +++ unbound-1.7.0~rc1/util/data/packed_rrset.h @@@@ -189,7 +189,15 @@@@ enum sec_status { a3427 1 Index: unbound-1.7.0~rc1/util/netevent.c d3429 5 a3433 2 --- unbound-1.7.0~rc1.orig/util/netevent.c +++ unbound-1.7.0~rc1/util/netevent.c d3444 1 a3444 1 @@@@ -585,6 +588,9 @@@@ comm_point_udp_ancil_callback(int fd, sh d3454 1 a3454 1 @@@@ -674,6 +680,9 @@@@ comm_point_udp_callback(int fd, short ev d3456 1 a3456 1 struct sldns_buffer *buffer; d3464 1 a3464 1 @@@@ -717,6 +726,9 @@@@ comm_point_udp_callback(int fd, short ev d3471 1 a3471 1 if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for d3474 1 a3474 1 @@@@ -2956,6 +2968,9 @@@@ comm_point_send_reply(struct comm_reply d3484 1 a3484 1 @@@@ -2965,6 +2980,9 @@@@ comm_point_drop_reply(struct comm_reply* d3494 1 a3494 1 @@@@ -2984,6 +3002,9 @@@@ comm_point_start_listening(struct comm_p a3503 1 Index: unbound-1.7.0~rc1/util/netevent.h d3505 6 a3510 3 --- unbound-1.7.0~rc1.orig/util/netevent.h +++ unbound-1.7.0~rc1/util/netevent.h @@@@ -119,6 +119,10 @@@@ struct comm_reply { a3520 1 Index: unbound-1.7.0~rc1/validator/validator.c d3522 6 a3527 3 --- unbound-1.7.0~rc1.orig/validator/validator.c +++ unbound-1.7.0~rc1/validator/validator.c @@@@ -2688,6 +2688,12 @@@@ ds_response_to_ke(struct module_qstate* d3540 1 a3540 1 @@@@ -2721,6 +2727,12 @@@@ ds_response_to_ke(struct module_qstate* a3552 1 @ 1.1.1.2 log @Import unbound-1.7.3 19 June 2018: Wouter - Fix for unbound-control on Windows and set TCP socket parameters more closely. - Fix windows unbound-control no cert bad file descriptor error. 18 June 2018: Wouter - Fix that control-use-cert: no works for 127.0.0.1 to disable certs. - Fix unbound-checkconf for control-use-cert. 15 June 2018: Wouter - tag for 1.7.3rc1. 14 June 2018: Wouter - #4103: Fix that auth-zone does not insist on SOA record first in file for url downloads. - Fix that first control-interface determines if TLS is used. Warn when IP address interfaces are used without TLS. - Fix nettle compile. 12 June 2018: Ralph - Don't count CNAME response types received during qname minimisation as query restart. 12 June 2018: Wouter - #4102 for NSD, but for Unbound. Named unix pipes do not use certificate and key files, access can be restricted with file and directory permissions. The option control-use-cert is no longer used, and ignored if found in unbound.conf. - Rename tls-additional-ports to tls-additional-port, because every line adds one port. - Fix buffer size warning in unit test. - remade dependencies in the Makefile. 6 June 2018: Wouter - Patch to fix openwrt for mac os build darwin detection in configure. 5 June 2018: Wouter - Fix crash if ratelimit taken into use with unbound-control instead of with unbound.conf. 4 June 2018: Wouter - Fix deadlock caused by incoming notify for auth-zone. - tag for 1.7.2rc1, became 1.7.2 release on 11 June 2018, trunk is 1.7.3 in development from this point. - #4100: Fix stub reprime when it becomes useless. 1 June 2018: Wouter - Rename additional-tls-port to tls-additional-ports. The older name is accepted for backwards compatibility. 30 May 2018: Wouter - Patch from Syzdek: Add ability to ignore RD bit and treat all requests as if the RD bit is set. 29 May 2018: Wouter - in compat/arc4random call getentropy_urandom when getentropy fails with ENOSYS. - Fix that fallback for windows port. 28 May 2018: Wouter - Fix windows tcp and tls spin on events. - Add routine from getdns to add windows cert store to the SSL_CTX. - tls-win-cert option that adds the system certificate store for authenticating DNS-over-TLS connections. It can be used instead of the tls-cert-bundle option, or with it to add certificates. 25 May 2018: Wouter - For TCP and TLS connections that don't establish, perform address update in infra cache, so future selections can exclude them. - Fix that tcp sticky events are removed for closed fd on windows. - Fix close events for tcp only. 24 May 2018: Wouter - Fix that libunbound can do DNS-over-TLS, when configured. - Fix that windows unbound service can use DNS-over-TLS. - unbound-host initializes ssl (for potential DNS-over-TLS usage inside libunbound), when ssl upstream or a cert-bundle is configured. 23 May 2018: Wouter - Use accept4 to speed up incoming TCP (and TLS) connections, available on Linux, FreeBSD and OpenBSD. 17 May 2018: Ralph - Qname minimisation default changed to yes. 15 May 2018: Wouter - Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand. 11 May 2018: Wouter - Fix contrib/libunbound.pc for libssl libcrypto references, from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226914 7 May 2018: Wouter - Fix windows to not have sticky TLS events for TCP. - Fix read of DNS over TLS length and data in one read call. - Fix mesh state assertion failure due to callback removal. 3 May 2018: Wouter - Fix that configure --with-libhiredis also turns on cachedb. - Fix gcc 8 buffer warning in testcode. - Fix function type cast warning in libunbound context callback type. 2 May 2018: Wouter - Fix fail to reject dead peers in forward-zone, with ssl-upstream. 1 May 2018: Wouter - Fix that unbound-control reload frees the rrset keys and returns the memory pages to the system. 30 April 2018: Wouter - Fix spelling error in man page and note defaults as no instead of off. 26 April 2018: Wouter - Fix for crash in daemon_cleanup with dnstap during reload, from Saksham Manchanda. - Also that for dnscrypt. - tag for 1.7.1rc1 release. Became 1.7.1 release on 3 May, trunk is from here 1.7.2 in development. 25 April 2018: Ralph - Fix memory leak when caching wildcard records for aggressive NSEC use 24 April 2018: Wouter - Fix contrib/fastrpz.patch for this release. - Fix auth https for libev. 24 April 2018: Ralph - Added root-key-sentinel support 23 April 2018: Wouter - makedist uses bz2 for expat code, instead of tar.gz. - Fix #4092: libunbound: use-caps-for-id lacks colon in config_set_option. - auth zone http download stores exact copy of downloaded file, including comments in the file. - Fix sldns parse failure for CDS alternate delete syntax empty hex. - Attempt for auth zone fix; add of callback in mesh gets from callback does not skip callback of result. - Fix cname classification with qname minimisation enabled. - list_auth_zones unbound-control command. 20 April 2018: Wouter - man page documentation for dns-over-tls forward-addr '#' notation. - removed free from failed parse case. - Fix #4091: Fix that reload of auth-zone does not merge the zonefile with the previous contents. - Delete auth zone when removed from config. 19 April 2018: Wouter - Can set tls authentication with forward-addr: IP#tls.auth.name And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem". such as forward-addr: 9.9.9.9@@853#dns.quad9.net or 1.1.1.1@@853#cloudflare-dns.com - Fix #658: unbound using TLS in a forwarding configuration does not verify the server's certificate (RFC 8310 support). - For addr with #authname and no @@port notation, the default is 853. 18 April 2018: Wouter - Fix auth-zone retry timer to be on schedule with retry timeout, with backoff. Also time a refresh at the zone expiry. 17 April 2018: Wouter - auth zone notify work. - allow-notify: config statement for auth-zones. - unit test for allow-notify 16 April 2018: Wouter - Fix auth zone target lookup iterator. - auth zone notify with prefix - auth zone notify work. 13 April 2018: Wouter - Fix for max include depth for authzones. - Fix memory free on fail for $INCLUDE in authzone. - Fix that an internal error to look up the wrong rr type for auth zone gets stopped, before trying to send there. - auth zone notify work. 10 April 2018: Ralph - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN statistics counters. 10 April 2018: Wouter - documentation for low-rtt and low-rtt-pct. - auth zone notify work. 9 April 2018: Wouter - Fix that flush_zone sets prefetch ttl expired, so that with serve-expired enabled it'll start prefetching those entries. - num.query.authzone.up and num.query.authzone.down statistics counters. - Fix downstream auth zone, only fallback when auth zone fails to answer and fallback is enabled. - Accept both option names with and without colon for get_option and set_option. - low-rtt and low-rtt-pct in unbound.conf enable the server selection of fast servers for some percentage of the time. 5 April 2018: Wouter - Combine write of tcp length and tcp query for dns over tls. - nitpick fixes in example.conf. - Fix above stub queries for type NS and useless delegation point. - Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3 tls_choose_sigalg routine does not allow the ciphers for the pipe, so use TLSv1.2. - ED448 support. 3 April 2018: Wouter - Fix #4043: make test fails due to v6 presentation issue in macOS. - Fix unable to resolve after new WLAN connection, due to auth-zone failing with a forwarder set. Now, auth-zone is only used for answers (not referrals) when a forwarder is set. 29 March 2018: Ralph - Check "result" in dup_all(), by Florian Obser. 23 March 2018: Ralph - Fix unbound-control get_option aggressive-nsec 21 March 2018: Ralph - Do not use cached NSEC records to generate negative answers for domains under DNSSEC Negative Trust Anchors. 19 March 2018: Wouter - iana port update. 16 March 2018: Wouter - corrected a minor typo in the changelog. - move htobe64/be64toh portability code to cachedb.c. 15 March 2018: Wouter - Add --with-libhiredis, unbound support for a new cachedb backend that uses a Redis server as the storage. This implementation depends on the hiredis client library (https://redislabs.com/lp/hiredis/). And unbound should be built with both --enable-cachedb and --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h should exist). Patch from Jinmei Tatuya (Infoblox). - Fix #3817: core dump happens in libunbound delete, when queued servfail hits deleted message queue. - Create additional tls service interfaces by opening them on other portnumbers and listing the portnumbers as additional-tls-port: nr. 13 March 2018: Wouter - Fix typo in documentation. - Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually flushed with serve-expired on. 12 March 2018: Wouter - Added documentation for aggressive-nsec: yes. - tag 1.7.0rc3. That became the 1.7.0 release on 15 Mar, trunk now has 1.7.1 in development. - Fix #3727: Protocol name is TLS, options have been renamed but documentation is not consistent. - Check IXFR start serial. 9 March 2018: Wouter - Fix #3598: Fix swig build issue on rhel6 based system. configure --disable-swig-version-check stops the swig version check. 8 March 2018: Wouter - tag 1.7.0rc2. 7 March 2018: Wouter - Fixed contrib/fastrpz.patch, even though this already applied cleanly for me, now also for others. - patch to log creates keytag queries, from A. Schulze. - patch suggested by Debian lintian: allow to -> allow one to, from A. Schulze. - Attempt to remove warning about trailing whitespace. 6 March 2018: Wouter - Reverted fix for #3512, this may not be the best way forward; although it could be changed at a later time, to stay similar to other implementations. - svn trunk contains 1.7.0, this is the number for the next release. - Fix for windows compile. - tag 1.7.0rc1. 5 March 2018: Wouter - Fix to check define of DSA for when openssl is without deprecated. - iana port update. - Fix #3582: Squelch address already in use log when reuseaddr option causes same port to be used twice for tcp connections. 27 February 2018: Wouter - Fixup contrib/fastrpz.patch so that it applies. - Fix compile without threads, and remove unused variable. - Fix compile with staticexe and python module. - Fix nettle compile. 22 February 2018: Ralph - Save wildcard RRset from answer with original owner for use in aggressive NSEC. 21 February 2018: Wouter - Fix #3512: unbound incorrectly reports SERVFAIL for CAA query when there is a CNAME loop. - Fix validation for CNAME loops. When it detects a cname loop, by finding the cname, cname in the existing list, it returns the partial result with the validation result up to then. - more robust cachedump rrset routine. 19 February 2018: Wouter - Fix #3505: Documentation for default local zones references wrong RFC. - Fix #3494: local-zone noview can be used to break out of the view to the global local zone contents, for queries for that zone. - Fix for more maintainable code in localzone. 16 February 2018: Wouter - Fixes for clang static analyzer, the missing ; in edns-subnet/addrtree.c after the assert made clang analyzer produce a failure to analyze it. 13 February 2018: Ralph - Aggressive NSEC tests 13 February 2018: Wouter - tls-cert-bundle option in unbound.conf enables TLS authentication. - iana port update. 12 February 2018: Wouter - Unit test for auth zone https url download. 12 February 2018: Ralph - Added tests with wildcard expanded NSEC records (CVE-2017-15105 test) - Processed aggressive NSEC code review remarks Wouter 8 February 2018: Ralph - Aggressive use of NSEC implementation. Use cached NSEC records to generate NXDOMAIN, NODATA and positive wildcard answers. 8 February 2018: Wouter - iana port update. - auth zone url config. 5 February 2018: Wouter - Fix #3451: dnstap not building when you have a separate build dir. And removed protoc warning, set dnstap.proto syntax to proto2. - auth-zone provides a way to configure RFC7706 from unbound.conf, eg. with auth-zone: name: "." for-downstream: no for-upstream: yes fallback-enabled: yes and masters or a zonefile with data. 2 February 2018: Wouter - Fix unfreed locks in log and arc4random at exit of unbound. - unit test with valgrind - Fix lock race condition in dns cache dname synthesis. - lock subnet new item before insertion to please checklocks, no modification of critical regions outside of lock region. 1 February 2018: Wouter - fix unaligned structure making a false positive in checklock unitialised memory. 29 January 2018: Ralph - Use NSEC with longest ce to prove wildcard absence. - Only use *.ce to prove wildcard absence, no longer names. 25 January 2018: Wouter - ltrace.conf file for libunbound in contrib. 23 January 2018: Wouter - Fix that unbound-checkconf -f flag works with auto-trust-anchor-file for startup scripts to get the full pathname(s) of anchor file(s). - Print fatal errors about remote control setup before log init, so that it is printed to console. 22 January 2018: Wouter - Accept tls-upstream in unbound.conf, the ssl-upstream keyword is also recognized and means the same. Also for tls-port, tls-service-key, tls-service-pem, stub-tls-upstream and forward-tls-upstream. - Fix #3397: Fix that cachedb could return a partial CNAME chain. - Fix #3397: Fix that when the cache contains an unsigned DNAME in the middle of a cname chain, a result without the DNAME could be returned. @ text @a0 4 Description: based on the included patch contrib/fastrpz.patch Author: fastrpz@@farsightsecurity.com --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ d4 4 a7 5 Index: unbound-1.7.0~rc1/Makefile.in =================================================================== --- unbound-1.7.0~rc1.orig/Makefile.in +++ unbound-1.7.0~rc1/Makefile.in @@@@ -23,6 +23,8 @@@@ CHECKLOCK_SRC=testcode/checklocks.c d16 1 a16 1 @@@@ -125,7 +127,7 @@@@ validator/val_sigcrypt.c validator/val_u d19 1 a19 1 cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ d25 1 a25 1 @@@@ -137,7 +139,7 @@@@ slabhash.lo timehist.lo tube.lo winsock_ d27 1 a27 1 val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo\ d29 3 a31 2 -$(IPSECMOD_OBJ) respip.lo +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) respip.lo d34 1 a34 2 COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo @@@@ -400,6 +402,11 @@@@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscry a45 1 Index: unbound-1.7.0~rc1/config.h.in d47 6 a52 3 --- unbound-1.7.0~rc1.orig/config.h.in +++ unbound-1.7.0~rc1/config.h.in @@@@ -1228,4 +1228,11 @@@@ void *unbound_stat_realloc_log(void *ptr a64 1 Index: unbound-1.7.0~rc1/configure.ac d66 6 a71 3 --- unbound-1.7.0~rc1.orig/configure.ac +++ unbound-1.7.0~rc1/configure.ac @@@@ -6,6 +6,7 @@@@ sinclude(ax_pthread.m4) d79 2 a80 2 @@@@ -1453,6 +1454,9 @@@@ case "$enable_ipsecmod" in ;; a88 1 Index: unbound-1.7.0~rc1/daemon/daemon.c d90 6 a95 3 --- unbound-1.7.0~rc1.orig/daemon/daemon.c +++ unbound-1.7.0~rc1/daemon/daemon.c @@@@ -90,6 +90,9 @@@@ d105 1 a105 1 @@@@ -461,6 +464,14 @@@@ daemon_create_workers(struct daemon* dae d120 3 a122 3 @@@@ -710,6 +721,9 @@@@ daemon_cleanup(struct daemon* daemon) #ifdef USE_DNSCRYPT dnsc_delete(daemon->dnscenv); a129 1 Index: unbound-1.7.0~rc1/daemon/daemon.h d131 6 a136 3 --- unbound-1.7.0~rc1.orig/daemon/daemon.h +++ unbound-1.7.0~rc1/daemon/daemon.h @@@@ -134,6 +134,11 @@@@ struct daemon { a147 1 Index: unbound-1.7.0~rc1/daemon/worker.c d149 6 a154 3 --- unbound-1.7.0~rc1.orig/daemon/worker.c +++ unbound-1.7.0~rc1/daemon/worker.c @@@@ -74,6 +74,9 @@@@ d164 1 a164 1 @@@@ -527,8 +530,27 @@@@ answer_norec_from_cache(struct worker* w d192 1 a192 1 @@@@ -689,6 +711,23 @@@@ answer_from_cache(struct worker* worker, d216 1 a216 1 @@@@ -1291,6 +1330,15 @@@@ worker_handle_request(struct comm_point* d232 1 a232 1 @@@@ -1339,12 +1387,21 @@@@ lookup_cache: d236 2 a237 2 - if(answer_from_cache(worker, &qinfo, + ret = answer_from_cache(worker, &qinfo, d239 3 a241 3 (struct reply_info*)e->data, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), repinfo, d256 1 a256 1 @@@@ -1398,11 +1455,19 @@@@ lookup_cache: a277 1 Index: unbound-1.7.0~rc1/doc/unbound.conf.5.in d279 6 a284 3 --- unbound-1.7.0~rc1.orig/doc/unbound.conf.5.in +++ unbound-1.7.0~rc1/doc/unbound.conf.5.in @@@@ -1581,6 +1581,81 @@@@ It must be /96 or shorter. The default a365 1 Index: unbound-1.7.0~rc1/fastrpz/librpz.h d367 5 a371 2 --- /dev/null +++ unbound-1.7.0~rc1/fastrpz/librpz.h a1329 1 Index: unbound-1.7.0~rc1/fastrpz/rpz.c d1331 5 a1335 2 --- /dev/null +++ unbound-1.7.0~rc1/fastrpz/rpz.c a2693 1 Index: unbound-1.7.0~rc1/fastrpz/rpz.h d2695 5 a2699 2 --- /dev/null +++ unbound-1.7.0~rc1/fastrpz/rpz.h a2838 1 Index: unbound-1.7.0~rc1/fastrpz/rpz.m4 d2840 5 a2844 2 --- /dev/null +++ unbound-1.7.0~rc1/fastrpz/rpz.m4 a2909 1 Index: unbound-1.7.0~rc1/iterator/iterator.c d2911 6 a2916 3 --- unbound-1.7.0~rc1.orig/iterator/iterator.c +++ unbound-1.7.0~rc1/iterator/iterator.c @@@@ -68,6 +68,9 @@@@ d2926 1 a2926 1 @@@@ -511,6 +514,23 @@@@ handle_cname_response(struct module_qsta d2950 1 a2950 1 @@@@ -519,6 +539,9 @@@@ handle_cname_response(struct module_qsta d2960 1 a2960 1 @@@@ -1148,6 +1171,7 @@@@ processInitRequest(struct module_qstate* d2968 1 a2968 1 @@@@ -1223,8 +1247,7 @@@@ processInitRequest(struct module_qstate* d2978 1 a2978 1 @@@@ -1232,7 +1255,22 @@@@ processInitRequest(struct module_qstate* d3001 1 a3001 1 @@@@ -2552,6 +2590,62 @@@@ processQueryResponse(struct module_qstat d3064 1 a3064 1 @@@@ -3273,12 +3367,44 @@@@ processFinished(struct module_qstate* qs a3108 1 Index: unbound-1.7.0~rc1/iterator/iterator.h d3110 6 a3115 3 --- unbound-1.7.0~rc1.orig/iterator/iterator.h +++ unbound-1.7.0~rc1/iterator/iterator.h @@@@ -383,6 +383,16 @@@@ struct iter_qstate { a3131 1 Index: unbound-1.7.0~rc1/services/cache/dns.c d3133 7 a3139 4 --- unbound-1.7.0~rc1.orig/services/cache/dns.c +++ unbound-1.7.0~rc1/services/cache/dns.c @@@@ -876,6 +876,14 @@@@ dns_cache_store(struct module_env* env, struct regional* region, uint32_t flags) d3142 1 a3142 1 + a3152 1 Index: unbound-1.7.0~rc1/services/mesh.c d3154 5 a3158 2 --- unbound-1.7.0~rc1.orig/services/mesh.c +++ unbound-1.7.0~rc1/services/mesh.c d3169 1 a3169 1 @@@@ -1050,6 +1053,13 @@@@ mesh_send_reply(struct mesh_state* m, in d3183 1 a3183 1 @@@@ -1199,6 +1209,7 @@@@ struct mesh_state* mesh_area_find(struct d3191 1 a3191 1 @@@@ -1245,6 +1256,10 @@@@ int mesh_state_add_reply(struct mesh_sta a3201 1 Index: unbound-1.7.0~rc1/util/config_file.c d3203 6 a3208 3 --- unbound-1.7.0~rc1.orig/util/config_file.c +++ unbound-1.7.0~rc1/util/config_file.c @@@@ -1323,6 +1323,8 @@@@ config_delete(struct config_file* cfg) d3216 1 a3216 2 #ifdef USE_IPSECMOD Index: unbound-1.7.0~rc1/util/config_file.h d3218 6 a3223 3 --- unbound-1.7.0~rc1.orig/util/config_file.h +++ unbound-1.7.0~rc1/util/config_file.h @@@@ -431,6 +431,11 @@@@ struct config_file { a3234 1 Index: unbound-1.7.0~rc1/util/configlexer.lex d3236 6 a3241 3 --- unbound-1.7.0~rc1.orig/util/configlexer.lex +++ unbound-1.7.0~rc1/util/configlexer.lex @@@@ -412,6 +412,10 @@@@ dnstap-log-forwarder-query-messages{COLO a3251 1 Index: unbound-1.7.0~rc1/util/configparser.y d3253 6 a3258 3 --- unbound-1.7.0~rc1.orig/util/configparser.y +++ unbound-1.7.0~rc1/util/configparser.y @@@@ -124,6 +124,7 @@@@ extern struct config_parser_state* cfg_p d3266 2 a3267 6 @@@@ -158,7 +159,7 @@@@ extern struct config_parser_state* cfg_p %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; -toplevelvar: serverstart contents_server | stubstart contents_stub | +toplevelvar: serverstart contents_server | stubstart contents_stub | rpzstart contents_rpz | d3269 7 a3275 3 rcstart contents_rc | dtstart contents_dt | viewstart contents_view | dnscstart contents_dnsc | cachedbstart contents_cachedb | @@@@ -2384,6 +2385,50 @@@@ dt_dnstap_log_forwarder_response_message a3325 1 Index: unbound-1.7.0~rc1/util/data/msgencode.c d3327 6 a3332 3 --- unbound-1.7.0~rc1.orig/util/data/msgencode.c +++ unbound-1.7.0~rc1/util/data/msgencode.c @@@@ -585,6 +585,35 @@@@ insert_section(struct reply_info* rep, s d3368 1 a3368 1 @@@@ -750,6 +779,19 @@@@ reply_info_encode(struct query_info* qin a3387 1 Index: unbound-1.7.0~rc1/util/data/packed_rrset.c d3389 6 a3394 3 --- unbound-1.7.0~rc1.orig/util/data/packed_rrset.c +++ unbound-1.7.0~rc1/util/data/packed_rrset.c @@@@ -254,6 +254,10 @@@@ sec_status_to_string(enum sec_status s) a3404 1 Index: unbound-1.7.0~rc1/util/data/packed_rrset.h d3406 6 a3411 3 --- unbound-1.7.0~rc1.orig/util/data/packed_rrset.h +++ unbound-1.7.0~rc1/util/data/packed_rrset.h @@@@ -189,7 +189,15 @@@@ enum sec_status { a3427 1 Index: unbound-1.7.0~rc1/util/netevent.c d3429 5 a3433 2 --- unbound-1.7.0~rc1.orig/util/netevent.c +++ unbound-1.7.0~rc1/util/netevent.c d3444 1 a3444 1 @@@@ -585,6 +588,9 @@@@ comm_point_udp_ancil_callback(int fd, sh d3454 1 a3454 1 @@@@ -674,6 +680,9 @@@@ comm_point_udp_callback(int fd, short ev d3456 1 a3456 1 struct sldns_buffer *buffer; d3464 1 a3464 1 @@@@ -717,6 +726,9 @@@@ comm_point_udp_callback(int fd, short ev d3471 1 a3471 1 if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for d3474 1 a3474 1 @@@@ -2956,6 +2968,9 @@@@ comm_point_send_reply(struct comm_reply d3484 1 a3484 1 @@@@ -2965,6 +2980,9 @@@@ comm_point_drop_reply(struct comm_reply* d3494 1 a3494 1 @@@@ -2984,6 +3002,9 @@@@ comm_point_start_listening(struct comm_p a3503 1 Index: unbound-1.7.0~rc1/util/netevent.h d3505 6 a3510 3 --- unbound-1.7.0~rc1.orig/util/netevent.h +++ unbound-1.7.0~rc1/util/netevent.h @@@@ -119,6 +119,10 @@@@ struct comm_reply { a3520 1 Index: unbound-1.7.0~rc1/validator/validator.c d3522 6 a3527 3 --- unbound-1.7.0~rc1.orig/validator/validator.c +++ unbound-1.7.0~rc1/validator/validator.c @@@@ -2688,6 +2688,12 @@@@ ds_response_to_ke(struct module_qstate* d3540 1 a3540 1 @@@@ -2721,6 +2727,12 @@@@ ds_response_to_ke(struct module_qstate* a3552 1 @ 1.1.1.3 log @Import 1.9.1: 1 March 2019: Wouter - output forwarder log in ssl_req_order test. 28 February 2019: Wouter - Remove memory leak on pythonmod python2 script file init. - Remove swig gcc8 python function cast warnings, they are ignored. - Print correct module that failed when module-config is wrong. 27 February 2019: Wouter - Fix #4229: Unbound man pages lack information, about access-control order and local zone tags, and elements in views. - Fix #14: contrib/unbound.init: Fix wrong comparison judgment before copying. - Fix for python module on Windows, fix fopen. 25 February 2019: Wouter - Fix #4227: pair event del and add for libevent for tcp_req_info. 21 February 2019: Wouter - Fix the error for unknown module in module-config is understandable, and explains it was not compiled in and where to see the list. - In example.conf explain where to put cachedb module in module-config. - In man page and example config explain that most modules have to be listed at the start of module-config. 20 February 2019: Wouter - Fix pythonmod include and sockaddr_un ifdefs for compile on Windows, and for libunbound. 18 February 2019: Wouter - Print query name with ip_ratelimit exceeded log lines. - Spaces instead of tabs in that log message. - Print query name and IP address when domain rate limit exceeded. 14 February 2019: Wouter - Fix capsforid canonical sort qsort callback. 11 February 2019: Wouter - Note default for module-config in man page. - Fix recursion lame test for qname minimisation asked queries, that were not present in the set of prepared answers. - Fix #13: Remove left-over requirements on OpenSSL >= 1.1.0 for cert name matching, from man page. - make depend, with newer gcc, nicer layout. 7 February 2019: Wouter - Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2. - Fix that qname minimisation does not skip a label when missing nameserver targets need to be fetched. - Fix #4225: clients seem to erroneously receive no answer with DNS-over-TLS and qname-minimisation. 4 February 2019: Wouter - Fix that log-replies prints the correct name for local-alias names, for names that have a CNAME in local-data configuration. It logs the original query name, not the target of the CNAME. - Add local-zone type inform_redirect, which logs like type inform, and redirects like type redirect. - Perform canonical sort for 0x20 capsforid compare of replies, this sorts rrsets in the authority and additional section before comparison, so that out of order rrsets do not cause failure. 31 January 2019: Wouter - Set ub_ctx_set_tls call signature in ltrace config file for libunbound in contrib/libunbound.so.conf. - improve documentation for tls-service-key and forward-first. - #10: fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of conditional section, fixes systemd builds, from Enrico Scholz. - #9: For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks, still supports the set_id_callback previous API. And for 1.1.0 no locking callbacks are needed. - #8: Fix OpenSSL without ENGINE support compilation. - Wipe TLS session key data from memory on exit. 30 January 2019: Ralph - Fix case in which query timeout can result in marking delegation as edns_lame_known. 29 January 2019: Wouter - Fix spelling of tls-ciphers in example.conf.in. - Fix #4224: auth_xfr_notify.rpl test broken due to typo - Fix locking for libunbound context setup with broken port config. 28 January 2019: Wouter - ub_ctx_set_tls call for libunbound that enables DoT for the machines set with ub_ctx_set_fwd. Patch from Florian Obser. - Set build system for added call in the libunbound API. - List example config for root zone copy locally hosted with auth-zone as suggested from draft-ietf-dnsop-7706-bis-02. But with updated B root address. - set version to 1.9.0 for release. And this was released with the spelling for tls-ciphers fix as 1.9.0 on Feb 5. Trunk has 1.9.1 in development. 25 January 2019: Wouter - Fix that tcp for auth zone and outgoing does not remove and then gets the ssl read again applied to the deleted commpoint. - updated contrib/fastrpz.patch to cleanly diff. - no lock when threads disabled in tcp request buffer count. - remove compile warnings from libnettle compile. - output of newer lex 2.6.1 and bison 3.0.5. 24 January 2019: Wouter - Newer aclocal and libtoolize used for generating configure scripts, aclocal 1.16.1 and libtoolize 2.4.6. - Fix unit test for python 3.7 new keyword 'async'. - clang analysis fixes, assert arc4random buffer in init, no check for already checked delegation pointer in iterator, in testcode check for NULL packet matches, in perf do not copy from NULL start list when growing capacity. Adjust host and file only when present in test header read to please checker. In testcode for unknown macro operand give zero result. Initialise the passed argv array in test code. In test code add EDNS data segment copy only when nonempty. - Patch from Florian Obser fixes some compiler warnings: include mini_event.h to have a prototype for mini_ev_cmp include edns.h to have a prototype for apply_edns_options sldns_wire2str_edns_keepalive_print is only called in the wire2str, module declare it static to get rid of compiler warning: no previous prototype for function infra_find_ip_ratedata() is only called in the infra module, declare it static to get rid of compiler warning: no previous prototype for function do not shadow local variable buf in authzone auth_chunks_delete and az_nsec3_findnode are only called in the authzone module, declare them static to get rid of compiler warning: no previous prototype for function... copy_rrset() is only called in the respip module, declare it static to get rid of compiler warning: no previous prototype for function 'copy_rrset' no need for another variable "r"; gets rid of compiler warning: declaration shadows a local variable in libunbound.c no need for another variable "ns"; gets rid of compiler warning: declaration shadows a local variable in iterator.c - Moved includes and make depend. 23 January 2019: Wouter - Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites options for unbound.conf. - Fixes for the patch, and man page entry. - Fix configure to detect SSL_CTX_set_ciphersuites, for better library compatibility when compiling. - Patch for TLS session resumption from Manabu Sonoda, enable with tls-session-ticket-keys in unbound.conf. - Fixes for patch (includes, declarations, warnings). Free at end and keep config options in order read from file to keep the first one as the first one. - Fix for IXFR fallback to reset counter when IXFR does not timeout. 22 January 2019: Wouter - Fix space calculation for tcp req buffer size. - Doc for stream-wait-size and unit test. - unbound-control stats has mem.streamwait that counts TCP and TLS waiting result buffers. - Fix for #4219: secondaries not updated after serial change, unbound falls back to AXFR after IXFR gives several timeout failures. - Fix that auth zone after IXFR fallback tries the same master. 21 January 2019: Wouter - Fix tcp idle timeout test, for difference in the tcp reply code. - Unit test for tcp request reorder and timeouts. - Unit tests for ssl out of order processing. - Fix that multiple dns fragments can be carried in one TLS frame. - Add stream-wait-size: 4m config option to limit the maximum memory used by waiting tcp and tls stream replies. This avoids a denial of service where these replies use up all of the memory. 17 January 2019: Wouter - For caps-for-id fallback, use the whitelist to avoid timeout starting a fallback sequence for it. - increase mesh max activation count for capsforid long fetches. 16 January 2019: Ralph - Get ready for the DNS flag day: remove EDNS lame procedure, do not re-query without EDNS after timeout. 15 January 2019: Wouter - In the out of order processing, reset byte count for (potential) partial read. - Review fixes in out of order processing. 14 January 2019: Wouter - streamtcp option -a send queries consecutively and prints answers as they arrive. - Fix for out of order processing administration quit cleanup. - unit test for tcp out of order processing. 11 January 2019: Wouter - Initial commit for out-of-order processing for TCP and TLS. 9 January 2019: Wouter - Log query name for looping module errors. 8 January 2019: Wouter - Fix syntax in comment of local alias processing. - Fix NSEC3 record that is returned in wildcard replies from auth-zone zones with NSEC3 and wildcards. 7 January 2019: Wouter - On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN, and server tcp fastopen is enabled at compile time. - Document interaction between the tls-upstream option in the server section and forward-tls-upstream option in the forward-zone sections. - Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews, the patch adds a program used for fuzzing. 12 December 2018: Wouter - Fix for crash in dns64 module if response is null. 10 December 2018: Wouter - Fix config parser memory leaks. - ip-ratelimit-factor of 1 allows all traffic through, instead of the previous blocking everything. - Fix for FreeBSD port make with dnscrypt and dnstap enabled. - Fix #4206: support openssl 1.0.2 for TLS hostname verification, alongside the 1.1.0 and later support that is already there. - Fixup openssl 1.0.2 compile 6 December 2018: Wouter - Fix dns64 allocation in wrong region for returned internal queries. 3 December 2018: Wouter - Fix icon, no ragged edges and nicer resolutions available, for eg. Win 7 and Windows 10 display. - cache-max-ttl also defines upperbound of initial TTL in response. 30 November 2018: Wouter - Patch for typo in unbound.conf man page. - log-tag-queryreply: yes in unbound.conf tags the log-queries and log-replies in the log file for easier log filter maintenance. 29 November 2018: Wouter - iana portlist updated. - Fix chroot auth-zone fix to remove chroot prefix. - tag for 1.8.2rc1, which became 1.8.2 on 4 dec 2018, with icon updated. Trunk contains 1.8.3 in development. Which became 1.8.3 on 11 december with only the dns64 fix of 6 dec. Trunk then became 1.8.4 in development. - Fix that unbound-checkconf does not complains if the config file is not placed inside the chroot. - Refuse to start with no ports. - Remove clang analysis warnings. 28 November 2018: Wouter - Fix leak in chroot fix for auth-zone. - Fix clang analysis for outside directory build test. 27 November 2018: Wouter - Fix DNS64 to not store intermediate results in cache, this avoids other threads from picking up the wrong data. The module restores the previous no_cache_store setting when the the module is finished. - Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work. - New and better fix for Fix #4193: Fix that prefetch failure does not overwrite valid cache entry with SERVFAIL. - auth-zone give SERVFAIL when expired, fallback activates when expired, and this is documented in the man page. - stat count SERVFAIL downstream auth-zone queries for expired zones. - Put new logos into windows installer. - Fix windows compile for new rrset roundrobin fix. - Update contrib fastrpz patch for latest release. 26 November 2018: Wouter - Fix to not set GLOB_NOSORT so the unbound.conf include: files are sorted and in a predictable order. - Fix #4193: Fix that prefetch failure does not overwrite valid cache entry with SERVFAIL. - Add unbound-control view_local_datas command, like local_datas. - Fix that unbound-control can send file for view_local_datas. 22 November 2018: Wouter - With ./configure --with-pyunbound --with-pythonmodule PYTHON_VERSION=3.6 or with 2.7 unbound can compile and unit tests succeed for the python module. - pythonmod logs the python error and traceback on failure. - ignore debug python module for test in doxygen output. - review fixes for python module. - Fix #4209: Crash in libunbound when called from getdns. - auth zone zonefiles can be in a chroot, the chroot directory components are removed before use. - Fix that empty zonefile means the zonefile is not set and not used. - make depend. 21 November 2018: Wouter - Scrub NS records from NODATA responses as well. 20 November 2018: Wouter - Scrub NS records from NXDOMAIN responses to stop fragmentation poisoning of the cache. - Add patch from Jan Vcelak for pythonmod, add sockaddr_storage getters, add support for query callbacks, allow raw address access via comm_reply and update API documentation. - Removed compile warnings in pythonmod sockaddr routines. 19 November 2018: Wouter - Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes option in unbound.conf. 6 November 2018: Ralph - Bugfix min-client-subnet-ipv6 25 October 2018: Ralph - Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options. 25 October 2018: Wouter - Fix #4191: NXDOMAIN vs SERVFAIL during dns64 PTR query. - Fix #4190: Please create a "ANY" deny option, adds the option deny-any: yes in unbound.conf. This responds with an empty message to queries of type ANY. - Fix #4141: More randomness to rrset-roundrobin. - Fix #4132: Openness/closeness of RANGE intervals in rpl files. - Fix #4126: RTT_band too low on VSAT links with 600+ms latency, adds the option unknown-server-time-limit to unbound.conf that can be increased to avoid the problem. - remade makefile dependencies. - Fix #4152: Logs shows wrong time when using log-time-ascii: yes. 24 October 2018: Ralph - Add markdel function to ECS slabhash. - Limit ECS scope returned to client to the scope used for caching. - Make lint like previous #4154 fix. 22 October 2018: Wouter - Fix #4192: unbound-control-setup generates keys not readable by group. - check that the dnstap socket file can be opened and exists, print error if not. - Fix #4154: make ECS_MAX_TREESIZE configurable, with the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options. 22 October 2018: Ralph - Change fast-server-num default to 3. 8 October 2018: Ralph - Add fast-server-permil and fast-server-num options. - Deprecate low-rtt and low-rtt-permil options. 8 October 2018: Wouter - Squelch log of failed to tcp initiate after TCP Fastopen failure. 5 October 2018: Wouter - Squelch EADDRNOTAVAIL errors when the interface goes away, this omits 'can't assign requested address' errors unless verbosity is set to a high value. - Set default for so-reuseport to no for FreeBSD. It is enabled by default for Linux and DragonFlyBSD. The setting can be configured in unbound.conf to override the default. - iana port update. 2 October 2018: Wouter - updated contrib/fastrpz.patch to apply for this version - dnscrypt.c removed sizeof to get array bounds. - Fix testlock code to set noreturn on error routine. - Remove unused variable from contrib fastrpz/rpz.c and remove unused diagnostic pragmas that themselves generate warnings - clang analyze test is used only when assertions are enabled. 1 October 2018: Wouter - tag for release 1.8.1rc1. Became release 1.8.1 on 8 oct, with fastrpz.patch fix included. Trunk has 1.8.2 in development. 27 September 2018: Wouter - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, fixes qname minimisation with a forwarder when connectivity has issues from rejecting responses. 25 September 2018: Wouter - Perform TLS SNI indication of the host that is being contacted for DNS over TLS service. It sets the configured tls auth name. This is useful for hosts that apart from the DNS over TLS services also provide other (web) services. - Fix #4149: Add SSL cleanup for tcp timeout. 17 September 2018: Wouter - Fix compile on Mac for unbound, provide explicit_bzero when libc does not have it. - Fix unbound for openssl in FIPS mode, it uses the digests with the EVP call contexts. - Fix that with harden-below-nxdomain and qname minisation enabled some iterator states for nonresponsive domains can get into a state where they waited for an empty list. - Stop UDP to TCP failover after timeouts that causes the ping count to be reset by the TCP time measurement (that exists for TLS), because that causes the UDP part to not be measured as timeout. - Fix #4156: Fix systemd service manager state change notification. 13 September 2018: Wouter - Fix seed for random backup code to use explicit zero when wiped. - exit log routine is annotated as noreturn function. - free memory leaks in config strlist and str2list insert functions. - do not move unused argv variable after getopt. - Remove unused if clause in testcode. - in testcode, free async ids, initialise array, and check for null pointer during test of the test. And use exit for return to note irregular program stop. - Free memory leak in config strlist append. - make sure nsec3 comparison salt is initialized. - unit test has clang analysis. - remove unused variable assignment from iterator scrub routine. - check for null in delegation point during iterator refetch in forward zone. - neater pointer cast in libunbound context quit routine. - initialize statistics totals for printout. - in authzone check that node exists before adding rrset. - in unbound-anchor, use readwrite memory BIO. - assertion in autotrust that packed rrset is formed correctly. - Fix memory leak when message parse fails partway through copy. - remove unused udpsize assignment in message encode. - nicer bio free code in unbound-anchor. - annotate exit functions with noreturn in unbound-control. 11 September 2018: Wouter - Fixed unused return value warnings in contrib/fastrpz.patch for asprintf. - Fix to squelch respip warning in unit test, it is printed at higher verbosity settings. - Fix spelling errors. - Fix initialisation in remote.c 10 September 2018: Wouter - 1.8.1 in svn trunk. (changes from 4,5,.. sep apply). - iana port update. 5 September 2018: Wouter - Fix spelling error in header, from getdns commit by Andreas Gelmini. 4 September 2018: Ralph - More explicitly mention the type of ratelimit when applying ip-ratelimit. 4 September 2018: Wouter - Tag for 1.8.0rc1 release, became 1.8.0 release on 10 Sep 2018. 31 August 2018: Wouter - Disable minimal-responses in subnet unit tests. 30 August 2018: Wouter - Fix that a local-zone with a local-zone-type that is transparent in a view with view-first, makes queries check for answers from the local-zones defined outside of views. 28 August 2018: Ralph - Disable minimal-responses in ipsecmod unit tests. - Added serve-expired-ttl and serve-expired-ttl-reset options. 27 August 2018: Wouter - Set defaults to yes for a number of options to increase speed and resilience of the server. The so-reuseport, harden-below-nxdomain, and minimal-responses options are enabled by default. They used to be disabled by default, waiting to make sure they worked. They are enabled by default now, and can be disabled explicitly by setting them to "no" in the unbound.conf config file. The reuseport and minimal options increases speed of the server, and should be otherwise harmless. The harden-below-nxdomain option works well together with the recently default enabled qname minimisation, this causes more fetches to use information from the cache. - next release is called 1.8.0. - Fix lintflags for lint on FreeBSD. 22 August 2018: George - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This gives access to reply information for the client's communication point when the callback is called before the mesh state (modules). Changes to C and Python's inplace_callback signatures were also necessary. 21 August 2018: Wouter - log-local-actions: yes option for unbound.conf that logs all the local zone actions, a patch from Saksham Manchanda (Secure64). - #4146: num.query.subnet and num.query.subnet_cache counters. - Fix only misc failure from log-servfail when val-log-level is not enabled. 17 August 2018: Ralph - Fix classification for QTYPE=CNAME queries when QNAME minimisation is enabled. 17 August 2018: Wouter - Set libunbound to increase current, because the libunbound change to the event callback function signature. That needs programs, that use it, to recompile against the new header definition. - print servfail info to log as error. - added more servfail printout statements, to the iterator. - log-servfail: yes prints log lines that say why queries are returning SERVFAIL to clients. 16 August 2018: Wouter - Fix warning on compile without threads. - Fix contrib/fastrpz.patch. 15 August 2018: Wouter - Fix segfault in auth-zone read and reorder of RRSIGs. 14 August 2018: Wouter - Fix that printout of error for cycle targets is a verbosity 4 printout and does not wrongly print it is a memory error. - Upgraded crosscompile script to include libunbound DLL in the zipfile. 10 August 2018: Wouter - Fix #4144: dns64 module caches wrong (negative) information. 9 August 2018: Wouter - unbound-checkconf checks if modules exist and prints if they are not compiled in the name of the wrong module. - document --enable-subnet in doc/README. - Patch for stub-no-cache and forward-no-cache options that disable caching for the contents of that stub or forward, for when you want immediate changes visible, from Bjoern A. Zeeb. 7 August 2018: Ralph - Make capsforid fallback QNAME minimisation aware. 7 August 2018: Wouter - Fix #4142: unbound.service.in: improvements and fixes. Add unit dependency ordering (based on systemd-resolved). Add 'CAP_SYS_RESOURCE' to 'CapabilityBoundingSet' (fixes warnings about missing privileges during startup). Add 'AF_INET6' to 'RestrictAddressFamilies' (without it IPV6 can't work). From Guido Shanahan. - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). This limits the number of simultaneous TCP client connections from a nominated netblock. - make depend, yacc, lex, doc, headers. And log the limit exceeded message only on high verbosity, so as to not spam the logs when it is busy. 6 August 2018: Wouter - Fix for #4136: Fix to unconditionally call destroy in daemon.c. 3 August 2018: George - Expose if a query (or a subquery) was ratelimited (not src IP ratelimiting) to libunbound under 'ub_result.was_ratelimited'. This also introduces a change to 'ub_event_callback_type' in libunbound/unbound-event.h. - Tidy pylib tests. 3 August 2018: Wouter - Revert previous change for #4136: because it introduces build problems. - New fix for #4136: This one ignores lex without without yylex_destroy. 1 August 2018: Wouter - Fix to remove systemd sockaddr function check, that is not always present. Make socket activation more lenient. But not different when socket activation is not used. - iana port list update. 31 July 2018: Wouter - Patches from Jim Hague (Sinodun) for EDNS KeepAlive. - Sort out test runs when the build directory isn't the project root directory. - Add config tcp-idle-timeout (default 30s). This applies to client connections only; the timeout on TCP connections upstream is unaffected. - Error if EDNS Keepalive received over UDP. - Add edns-tcp-keepalive and edns-tcp-keepalive timeout options and implement option in client responses. - Correct and expand manual page entries for keepalive and idle timeout. - Implement progressive backoff of TCP idle/keepalive timeout. - Fix 'make depend' to work when build dir is not project root. - Add delay parameter to streamtcp, -d secs. To be used when testing idle timeout. - From Wouter: make depend, the dependencies in the patches did not apply cleanly. Also remade yacc and lex. - Fix mesh.c incompatible pointer pass. - Please doxygen so it passes. - Fix #4139: Fix unbound-host leaks memory on ANY. 30 July 2018: Wouter - Fix #4136: insufficiency from mismatch of FLEX capability between released tarball and build host. 27 July 2018: Wouter - Fix man page, say that chroot is enabled by default. 26 July 2018: Wouter - Fix #4135: 64-bit Windows Installer Creates Entries Under The Wrong Registry Key, reported by Brian White. 23 July 2018: Wouter - Fix use-systemd readiness signalling, only when use-systemd is yes and not in signal handler. 20 July 2018: Wouter - Fix #4130: print text describing -dd and unbound-checkconf on config file read error at startup, the errors may have been moved away by the startup process. - Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared. 19 July 2018: Wouter - Fix #4129 unbound-control error message with wrong cert permissions is too cryptic. 17 July 2018: Wouter - Fix #4127 unbound -h does not list -p help. - Print error if SSL name verification configured but not available in the ssl library. - Fix that ratelimit and ip-ratelimit are applied after reload of changed config file. - Resize ratelimit and ip-ratelimit caches if changed on reload. 16 July 2018: Wouter - Fix qname minimisation NXDOMAIN validation lookup failures causing error_supers assertion fails. - Squelch can't bind socket errors with Permission denied unless verbosity is 4 or higher, for UDP outgoing sockets. 12 July 2018: Wouter - Fix to improve systemd socket activation code file descriptor assignment. - Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more easily changed to adjust default rtt assumptions. 10 July 2018: Wouter - Note in documentation that the cert name match code needs OpenSSL 1.1.0 or later to be enabled. 6 July 2018: Wouter - Fix documentation ambiguity for tls-win-cert in tls-upstream and forward-tls-upstream docs. - iana port update. - Note RFC8162 support. SMIMEA record type can be read in by the zone record parser. - Fix round robin for failed addresses with prefer-ip6: yes 4 July 2018: Wouter - Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass if DNSSEC is not enabled. New option -R allows fallback from resolv.conf to direct queries. 3 July 2018: Wouter - Better documentation for unblock-lan-zones and insecure-lan-zones config statements. - Fix permission denied printed for auth zone probe random port nrs. 2 July 2018: Wouter - Fix checking for libhiredis printout in configure output. - Fix typo on man page in ip-address description. - Update libunbound/python/examples/dnssec_test.py example code to also set the 20326 trust anchor for the root in the example code. 29 June 2018: Wouter - dns64-ignore-aaaa: config option to list domain names for which the existing AAAA is ignored and dns64 processing is used on the A record. 28 June 2018: Wouter - num.queries.tls counter for queries over TLS. - log port number with err_addr logs. 27 June 2018: Wouter - #4109: Fix that package config depends on python unconditionally. - Patch, do not export python from pkg-config, from Petr Menšík. 26 June 2018: Wouter - Partial fix for permission denied on IPv6 address on FreeBSD. - Fix that auth-zone master reply with current SOA serial does not stop scan of masters for an updated zone. - Fix that auth-zone does not start the wait timer without checking if the wait timer has already been started. 21 June 2018: Wouter - #4108: systemd reload hang fix. - Fix usage printout for unbound-host, hostname has to be last argument on BSDs and Windows. @ text @d4 1 a4 1 Index: unboundfastrpz/Makefile.in d6 7 a12 3 --- unboundfastrpz/Makefile.in (revision 5073) +++ unboundfastrpz/Makefile.in (working copy) @@@@ -23,6 +23,8 @@@@ d21 1 a21 1 @@@@ -126,7 +128,7 @@@@ d30 1 a30 1 @@@@ -139,7 +141,7 @@@@ d32 1 a32 1 val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ d39 1 a39 1 @@@@ -405,6 +407,11 @@@@ d51 1 a51 1 Index: unboundfastrpz/config.h.in d53 3 a55 3 --- unboundfastrpz/config.h.in (revision 5073) +++ unboundfastrpz/config.h.in (working copy) @@@@ -1293,4 +1293,11 @@@@ d68 1 a68 1 Index: unboundfastrpz/configure.ac d70 3 a72 3 --- unboundfastrpz/configure.ac (revision 5073) +++ unboundfastrpz/configure.ac (working copy) @@@@ -6,6 +6,7 @@@@ d80 1 a80 1 @@@@ -1575,6 +1576,9 @@@@ d90 1 a90 1 Index: unboundfastrpz/daemon/daemon.c d92 3 a94 3 --- unboundfastrpz/daemon/daemon.c (revision 5073) +++ unboundfastrpz/daemon/daemon.c (working copy) @@@@ -91,6 +91,9 @@@@ d104 1 a104 1 @@@@ -462,6 +465,14 @@@@ d119 2 a120 1 @@@@ -719,6 +730,9 @@@@ a121 1 daemon->dnscenv = NULL; d129 1 a129 1 Index: unboundfastrpz/daemon/daemon.h d131 3 a133 3 --- unboundfastrpz/daemon/daemon.h (revision 5073) +++ unboundfastrpz/daemon/daemon.h (working copy) @@@@ -136,6 +136,11 @@@@ d145 1 a145 1 Index: unboundfastrpz/daemon/worker.c d147 3 a149 3 --- unboundfastrpz/daemon/worker.c (revision 5073) +++ unboundfastrpz/daemon/worker.c (working copy) @@@@ -75,6 +75,9 @@@@ d159 1 a159 1 @@@@ -533,8 +536,27 @@@@ a184 1 edns_bak = *edns; d186 2 a187 1 @@@@ -702,6 +724,23 @@@@ a208 1 edns_bak = *edns; d210 2 a211 1 @@@@ -1407,6 +1446,15 @@@@ d227 1 a227 1 @@@@ -1455,12 +1503,21 @@@@ d251 1 a251 1 @@@@ -1514,11 +1571,19 @@@@ d273 1 a273 1 Index: unboundfastrpz/doc/unbound.conf.5.in d275 6 a280 6 --- unboundfastrpz/doc/unbound.conf.5.in (revision 5073) +++ unboundfastrpz/doc/unbound.conf.5.in (working copy) @@@@ -1781,6 +1781,81 @@@@ used by dns64 processing instead. Can be entered multiple times, list a new domain for which it applies, one per line. Applies also to names underneath the name given. d359 1 a359 1 Index: unboundfastrpz/fastrpz/librpz.h d361 2 a362 2 --- unboundfastrpz/fastrpz/librpz.h (nonexistent) +++ unboundfastrpz/fastrpz/librpz.h (working copy) d1321 1 a1321 1 Index: unboundfastrpz/fastrpz/rpz.c d1323 3 a1325 3 --- unboundfastrpz/fastrpz/rpz.c (nonexistent) +++ unboundfastrpz/fastrpz/rpz.c (working copy) @@@@ -0,0 +1,1352 @@@@ d1441 2 d1952 2 d1957 1 d2683 1 a2683 1 Index: unboundfastrpz/fastrpz/rpz.h d2685 2 a2686 2 --- unboundfastrpz/fastrpz/rpz.h (nonexistent) +++ unboundfastrpz/fastrpz/rpz.h (working copy) d2826 1 a2826 1 Index: unboundfastrpz/fastrpz/rpz.m4 d2828 2 a2829 2 --- unboundfastrpz/fastrpz/rpz.m4 (nonexistent) +++ unboundfastrpz/fastrpz/rpz.m4 (working copy) d2895 1 a2895 1 Index: unboundfastrpz/iterator/iterator.c d2897 2 a2898 2 --- unboundfastrpz/iterator/iterator.c (revision 5073) +++ unboundfastrpz/iterator/iterator.c (working copy) d2907 3 a2909 3 /* in msec */ int UNKNOWN_SERVER_NICENESS = 376; @@@@ -551,6 +554,23 @@@@ d2933 1 a2933 1 @@@@ -559,6 +579,9 @@@@ d2943 1 a2943 1 @@@@ -1195,6 +1218,7 @@@@ d2951 1 a2951 1 @@@@ -1281,8 +1305,7 @@@@ d2961 1 a2961 1 @@@@ -1290,7 +1313,22 @@@@ d2984 1 a2984 1 @@@@ -2694,6 +2732,62 @@@@ d3044 1 a3044 2 if(iq->minimisation_state != DONOT_MINIMISE_STATE && !(iq->chase_flags & BIT_RD)) { d3046 2 a3047 1 @@@@ -3440,6 +3534,10 @@@@ a3057 1 @@@@ -3446,6 +3544,34 @@@@ d3092 1 a3092 1 Index: unboundfastrpz/iterator/iterator.h d3094 3 a3096 3 --- unboundfastrpz/iterator/iterator.h (revision 5073) +++ unboundfastrpz/iterator/iterator.h (working copy) @@@@ -386,6 +386,16 @@@@ d3113 1 a3113 1 Index: unboundfastrpz/services/cache/dns.c d3115 3 a3117 3 --- unboundfastrpz/services/cache/dns.c (revision 5073) +++ unboundfastrpz/services/cache/dns.c (working copy) @@@@ -939,6 +939,14 @@@@ d3132 1 a3132 1 Index: unboundfastrpz/services/mesh.c d3134 3 a3136 3 --- unboundfastrpz/services/mesh.c (revision 5073) +++ unboundfastrpz/services/mesh.c (working copy) @@@@ -60,6 +60,9 @@@@ a3143 1 #include "services/listen_dnsport.h" d3145 2 a3146 1 @@@@ -1072,6 +1075,13 @@@@ d3160 1 a3160 1 @@@@ -1247,6 +1257,7 @@@@ d3168 1 a3168 1 @@@@ -1293,6 +1304,10 @@@@ d3179 1 a3179 1 Index: unboundfastrpz/util/config_file.c d3181 3 a3183 3 --- unboundfastrpz/util/config_file.c (revision 5073) +++ unboundfastrpz/util/config_file.c (working copy) @@@@ -1418,6 +1418,8 @@@@ d3192 1 a3192 1 Index: unboundfastrpz/util/config_file.h d3194 3 a3196 3 --- unboundfastrpz/util/config_file.h (revision 5073) +++ unboundfastrpz/util/config_file.h (working copy) @@@@ -490,6 +490,11 @@@@ d3208 1 a3208 1 Index: unboundfastrpz/util/configlexer.lex d3210 3 a3212 3 --- unboundfastrpz/util/configlexer.lex (revision 5073) +++ unboundfastrpz/util/configlexer.lex (working copy) @@@@ -439,6 +439,10 @@@@ d3223 1 a3223 1 Index: unboundfastrpz/util/configparser.y d3225 3 a3227 3 --- unboundfastrpz/util/configparser.y (revision 5073) +++ unboundfastrpz/util/configparser.y (working copy) @@@@ -125,6 +125,7 @@@@ d3235 1 a3235 1 @@@@ -170,7 +171,7 @@@@ d3244 2 a3245 2 @@@@ -2708,6 +2709,50 @@@@ free($2); d3272 1 a3272 1 + (void)asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2); d3285 1 a3285 1 + (void)asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2); d3295 1 a3295 1 Index: unboundfastrpz/util/data/msgencode.c d3297 3 a3299 3 --- unboundfastrpz/util/data/msgencode.c (revision 5073) +++ unboundfastrpz/util/data/msgencode.c (working copy) @@@@ -590,6 +590,35 @@@@ d3335 1 a3335 1 @@@@ -753,6 +782,19 @@@@ d3355 1 a3355 1 Index: unboundfastrpz/util/data/packed_rrset.c d3357 4 a3360 3 --- unboundfastrpz/util/data/packed_rrset.c (revision 5073) +++ unboundfastrpz/util/data/packed_rrset.c (working copy) @@@@ -255,6 +255,10 @@@@ a3361 1 case sec_status_secure_sentinel_fail: return "sec_status_secure_sentinel_fail"; d3370 1 a3370 1 Index: unboundfastrpz/util/data/packed_rrset.h d3372 4 a3375 4 --- unboundfastrpz/util/data/packed_rrset.h (revision 5073) +++ unboundfastrpz/util/data/packed_rrset.h (working copy) @@@@ -193,7 +193,15 @@@@ sec_status_secure_sentinel_fail, d3391 1 a3391 1 Index: unboundfastrpz/util/netevent.c d3393 3 a3395 3 --- unboundfastrpz/util/netevent.c (revision 5073) +++ unboundfastrpz/util/netevent.c (working copy) @@@@ -57,6 +57,9 @@@@ d3405 1 a3405 1 @@@@ -590,6 +593,9 @@@@ d3415 1 a3415 1 @@@@ -679,6 +685,9 @@@@ d3425 1 a3425 1 @@@@ -722,6 +731,9 @@@@ d3435 3 a3437 3 @@@@ -3108,6 +3120,9 @@@@ repinfo->c->tcp_timeout_msec); } d3445 1 a3445 1 @@@@ -3117,6 +3132,9 @@@@ d3454 2 a3455 2 if(repinfo->c->tcp_req_info) @@@@ -3138,6 +3156,9 @@@@ d3465 1 a3465 1 Index: unboundfastrpz/util/netevent.h d3467 3 a3469 3 --- unboundfastrpz/util/netevent.h (revision 5073) +++ unboundfastrpz/util/netevent.h (working copy) @@@@ -120,6 +120,10 @@@@ d3480 1 a3480 1 Index: unboundfastrpz/validator/validator.c d3482 3 a3484 3 --- unboundfastrpz/validator/validator.c (revision 5073) +++ unboundfastrpz/validator/validator.c (working copy) @@@@ -2755,6 +2755,12 @@@@ d3497 1 a3497 1 @@@@ -2788,6 +2794,12 @@@@ d3510 1 @ 1.1.1.3.2.1 log @Pull up the following, requested by christos in ticket #604: external/bsd/unbound/dist/ipset/ipset.c up to 1.1.1.1 external/bsd/unbound/dist/ipset/ipset.h up to 1.1.1.1 external/bsd/unbound/dist/compat/getentropy_freebsd.c up to 1.1.1.1 external/bsd/unbound/dist/contrib/drop-tld.diff up to 1.1.1.1 external/bsd/unbound/dist/contrib/unbound-fuzzers.tar.bz2 up to 1.1.1.1 external/bsd/unbound/dist/doc/README.ipset.md up to 1.1.1.1 external/bsd/unbound/dist/pythonmod/examples/avahi-resolver.py up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_nsec3_ent.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_minimal.rpl up to 1.1.1.1 external/bsd/unbound/dist/.travis.yml up to 1.1.1.1 external/bsd/unbound/dist/README.md up to 1.1.1.1 external/bsd/unbound/dist/.gitattributes delete external/bsd/unbound/dist/.gitignore delete external/bsd/unbound/dist/Makefile.in up to 1.1.1.5 external/bsd/unbound/dist/aclocal.m4 up to 1.1.1.4 external/bsd/unbound/dist/config.guess up to 1.4 external/bsd/unbound/dist/config.h.in up to 1.1.1.5 external/bsd/unbound/dist/config.sub up to 1.4 external/bsd/unbound/dist/configure up to 1.1.1.5 external/bsd/unbound/dist/configure.ac up to 1.1.1.5 external/bsd/unbound/dist/install-sh up to 1.1.1.3 external/bsd/unbound/dist/cachedb/cachedb.c up to 1.1.1.5 external/bsd/unbound/dist/compat/getentropy_linux.c up to 1.1.1.3 external/bsd/unbound/dist/compat/getentropy_osx.c up to 1.1.1.2 external/bsd/unbound/dist/compat/getentropy_solaris.c up to 1.1.1.2 external/bsd/unbound/dist/compat/getentropy_win.c up to 1.1.1.2 external/bsd/unbound/dist/compat/malloc.c up to 1.1.1.2 external/bsd/unbound/dist/compat/sha512.c up to 1.1.1.3 external/bsd/unbound/dist/compat/snprintf.c up to 1.1.1.2 external/bsd/unbound/dist/contrib/README up to 1.1.1.5 external/bsd/unbound/dist/contrib/create_unbound_ad_servers.sh up to 1.1.1.2 external/bsd/unbound/dist/contrib/fastrpz.patch up to 1.1.1.4 external/bsd/unbound/dist/contrib/unbound.init up to 1.1.1.3 external/bsd/unbound/dist/contrib/unbound.init_fedora up to 1.1.1.2 external/bsd/unbound/dist/contrib/unbound.service.in up to 1.1.1.3 external/bsd/unbound/dist/daemon/daemon.c up to 1.1.1.5 external/bsd/unbound/dist/daemon/remote.c up to 1.1.1.5 external/bsd/unbound/dist/daemon/stats.c up to 1.1.1.5 external/bsd/unbound/dist/daemon/unbound.c up to 1.1.1.5 external/bsd/unbound/dist/daemon/worker.c up to 1.1.1.5 external/bsd/unbound/dist/dns64/dns64.c up to 1.1.1.4 external/bsd/unbound/dist/dnscrypt/dnscrypt.c up to 1.1.1.4 external/bsd/unbound/dist/doc/Changelog up to 1.1.1.5 external/bsd/unbound/dist/doc/README up to 1.1.1.5 external/bsd/unbound/dist/doc/TODO up to 1.1.1.2 external/bsd/unbound/dist/doc/example.conf.in up to 1.1.1.5 external/bsd/unbound/dist/doc/libunbound.3.in up to 1.1.1.5 external/bsd/unbound/dist/doc/unbound-anchor.8.in up to 1.1.1.5 external/bsd/unbound/dist/doc/unbound-checkconf.8.in up to 1.1.1.5 external/bsd/unbound/dist/doc/unbound-control.8.in up to 1.1.1.5 external/bsd/unbound/dist/doc/unbound-host.1.in up to 1.1.1.5 external/bsd/unbound/dist/doc/unbound.8.in up to 1.1.1.5 external/bsd/unbound/dist/doc/unbound.conf.5.in up to 1.1.1.5 external/bsd/unbound/dist/doc/unbound.doxygen up to 1.1.1.4 external/bsd/unbound/dist/edns-subnet/subnetmod.c up to 1.1.1.4 external/bsd/unbound/dist/ipsecmod/ipsecmod.c up to 1.1.1.3 external/bsd/unbound/dist/iterator/iter_scrub.c up to 1.1.1.5 external/bsd/unbound/dist/iterator/iter_utils.c up to 1.1.1.5 external/bsd/unbound/dist/iterator/iter_utils.h up to 1.1.1.5 external/bsd/unbound/dist/iterator/iterator.c up to 1.1.1.5 external/bsd/unbound/dist/libunbound/context.c up to 1.1.1.5 external/bsd/unbound/dist/libunbound/context.h up to 1.1.1.4 external/bsd/unbound/dist/libunbound/libunbound.c up to 1.1.1.5 external/bsd/unbound/dist/libunbound/libworker.c up to 1.1.1.5 external/bsd/unbound/dist/libunbound/python/libunbound.i up to 1.1.1.3 external/bsd/unbound/dist/pythonmod/interface.i up to 1.1.1.5 external/bsd/unbound/dist/pythonmod/pythonmod.c up to 1.1.1.4 external/bsd/unbound/dist/pythonmod/doc/examples/example0-1.py up to 1.1.1.3 external/bsd/unbound/dist/pythonmod/doc/examples/example0.rst up to 1.1.1.3 external/bsd/unbound/dist/pythonmod/examples/calc.py up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/examples/edns.py up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/examples/inplace_callbacks.py up to 1.1.1.3 external/bsd/unbound/dist/respip/respip.c up to 1.1.1.3 external/bsd/unbound/dist/services/authzone.c up to 1.1.1.4 external/bsd/unbound/dist/services/authzone.h up to 1.1.1.4 external/bsd/unbound/dist/services/listen_dnsport.c up to 1.1.1.5 external/bsd/unbound/dist/services/localzone.c up to 1.1.1.5 external/bsd/unbound/dist/services/mesh.c up to 1.1.1.5 external/bsd/unbound/dist/services/modstack.c up to 1.1.1.4 external/bsd/unbound/dist/services/outside_network.c up to 1.1.1.5 external/bsd/unbound/dist/services/outside_network.h up to 1.1.1.5 external/bsd/unbound/dist/services/cache/dns.c up to 1.1.1.5 external/bsd/unbound/dist/sldns/parse.c up to 1.1.1.3 external/bsd/unbound/dist/sldns/rrdef.c up to 1.1.1.4 external/bsd/unbound/dist/sldns/sbuffer.c up to 1.1.1.3 external/bsd/unbound/dist/sldns/sbuffer.h up to 1.1.1.4 external/bsd/unbound/dist/sldns/str2wire.c up to 1.1.1.4 external/bsd/unbound/dist/sldns/wire2str.c up to 1.1.1.5 external/bsd/unbound/dist/sldns/wire2str.h up to 1.1.1.4 external/bsd/unbound/dist/smallapp/unbound-anchor.c up to 1.1.1.4 external/bsd/unbound/dist/smallapp/unbound-checkconf.c up to 1.1.1.5 external/bsd/unbound/dist/smallapp/unbound-control.c up to 1.1.1.5 external/bsd/unbound/dist/smallapp/unbound-host.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/asynclook.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/delayer.c up to 1.1.1.3 external/bsd/unbound/dist/testcode/fake_event.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/memstats.c up to 1.1.1.3 external/bsd/unbound/dist/testcode/mini_tdir.sh up to 1.1.1.2 external/bsd/unbound/dist/testcode/perf.c up to 1.1.1.4 external/bsd/unbound/dist/testcode/petal.c up to 1.1.1.4 external/bsd/unbound/dist/testcode/streamtcp.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/testbound.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/testpkts.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/unitmain.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/unitmsgparse.c up to 1.1.1.3 external/bsd/unbound/dist/testcode/unitregional.c up to 1.1.1.2 external/bsd/unbound/dist/testdata/auth_nsec3_wild.rpl up to 1.1.1.2 external/bsd/unbound/dist/util/alloc.c up to 1.1.1.4 external/bsd/unbound/dist/util/config_file.c up to 1.1.1.5 external/bsd/unbound/dist/util/config_file.h up to 1.1.1.5 external/bsd/unbound/dist/util/configlexer.c up to 1.1.1.5 external/bsd/unbound/dist/util/configlexer.lex up to 1.1.1.5 external/bsd/unbound/dist/util/configparser.c up to 1.1.1.5 external/bsd/unbound/dist/util/configparser.h up to 1.1.1.5 external/bsd/unbound/dist/util/configparser.y up to 1.1.1.5 external/bsd/unbound/dist/util/fptr_wlist.c up to 1.1.1.5 external/bsd/unbound/dist/util/iana_ports.inc up to 1.1.1.5 external/bsd/unbound/dist/util/log.c up to 1.1.1.5 external/bsd/unbound/dist/util/mini_event.c up to 1.3 external/bsd/unbound/dist/util/net_help.c up to 1.1.1.5 external/bsd/unbound/dist/util/net_help.h up to 1.1.1.5 external/bsd/unbound/dist/util/netevent.c up to 1.3 external/bsd/unbound/dist/util/random.c up to 1.1.1.2 external/bsd/unbound/dist/util/random.h up to 1.1.1.2 external/bsd/unbound/dist/util/regional.c up to 1.1.1.2 external/bsd/unbound/dist/util/ub_event.c up to 1.1.1.4 external/bsd/unbound/dist/util/ub_event_pluggable.c up to 1.1.1.3 external/bsd/unbound/dist/util/winsock_event.c up to 1.1.1.3 external/bsd/unbound/dist/util/data/dname.c up to 1.1.1.4 external/bsd/unbound/dist/util/data/msgencode.c up to 1.1.1.4 external/bsd/unbound/dist/util/data/msgencode.h up to 1.1.1.2 external/bsd/unbound/dist/util/data/msgparse.c up to 1.1.1.4 external/bsd/unbound/dist/util/data/msgreply.c up to 1.1.1.5 external/bsd/unbound/dist/util/data/msgreply.h up to 1.1.1.5 external/bsd/unbound/dist/util/shm_side/shm_main.c up to 1.1.1.2 external/bsd/unbound/dist/util/storage/lookup3.c up to 1.1.1.3 external/bsd/unbound/dist/validator/autotrust.c up to 1.1.1.4 external/bsd/unbound/dist/validator/val_anchor.c up to 1.1.1.4 external/bsd/unbound/dist/validator/val_secalgo.c up to 1.1.1.5 external/bsd/unbound/dist/validator/val_sigcrypt.c up to 1.1.1.4 external/bsd/unbound/dist/validator/validator.c up to 1.1.1.5 external/bsd/unbound/include/config.h up to 1.7 doc/3RDPARTY (manually edited) Import unbound 1.9.6: 6 December 2019: Wouter - Fix ipsecmod compile. - Fix Makefile.in for ipset module compile, from Adi Prasaja. 5 December 2019: Wouter - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 replacements for unbound-fuzzme.c that gets created after applying the contrib/unbound-fuzzme.patch. They are contributed by Eric Sesterhenn from X41 D-Sec. - tag for 1.9.6rc1. 4 December 2019: Wouter - Fix lock type for memory purify log lock deletion. - Fix testbound for alloccheck runs, memory purify and lock checks. - update contrib/fastrpz.patch to apply more cleanly. - Fix Make Test Fails when Configured With --enable-alloc-nonregional, reported by X41 D-Sec. 3 December 2019: Wouter - Merge pull request #124 from rmetrich: Changed log lock from 'quick' to 'basic' because this is an I/O lock. - Fix text around serial arithmatic used for RRSIG times to refer to correct RFC number. - Fix Assert Causing DoS in synth_cname(), reported by X41 D-Sec. - Fix similar code in auth_zone synth cname to add the extra checks. - Fix Assert Causing DoS in dname_pkt_copy(), reported by X41 D-Sec. - Fix OOB Read in sldns_wire2str_dname_scan(), reported by X41 D-Sec. - Fix Out of Bounds Write in sldns_str2wire_str_buf(), reported by X41 D-Sec. - Fix Out of Bounds Write in sldns_b64_pton(), fixed by check in sldns_str2wire_int16_data_buf(), reported by X41 D-Sec. - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), reported by X41 D-Sec. - Fix Out of Bound Write Compressed Names in rdata_copy(), reported by X41 D-Sec. - Fix Hang in sldns_wire2str_pkt_scan(), reported by X41 D-Sec. This further lowers the max to 256. - Fix snprintf() supports the n-specifier, reported by X41 D-Sec. - Fix Bad Indentation, in dnscrypt.c, reported by X41 D-Sec. - Fix Client NONCE Generation used for Server NONCE, reported by X41 D-Sec. - Fix compile error in dnscrypt. - Fix _vfixed not Used, removed from sbuffer code, reported by X41 D-Sec. - Fix Hardcoded Constant, reported by X41 D-Sec. - make depend 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), don't disable time-out when changing to read. 22 November 2019: George - Fix compiler warnings. 22 November 2019: Wouter - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. - Add make distclean that removes everything configure produced, and make maintainer-clean that removes bison and flex output. 20 November 2019: Wouter - Fix Out of Bounds Read in rrinternal_get_owner(), reported by X41 D-Sec. - Fix Race Condition in autr_tp_create(), reported by X41 D-Sec. - Fix Shared Memory World Writeable, reported by X41 D-Sec. - Adjust unbound-control to make stats_shm a read only operation. - Fix Weak Entropy Used For Nettle, reported by X41 D-Sec. - Fix Randomness Error not Handled Properly, reported by X41 D-Sec. - Fix Out-of-Bounds Read in dname_valid(), reported by X41 D-Sec. - Fix Config Injection in create_unbound_ad_servers.sh, reported by X41 D-Sec. - Fix Local Memory Leak in cachedb_init(), reported by X41 D-Sec. - Fix Integer Underflow in Regional Allocator, reported by X41 D-Sec. - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. - Synchronize compat/getentropy_win.c with version 1.5 from OpenBSD, no changes but makes the file, comments, identical. - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD. - Changes to compat/getentropy files for, no link to openssl if using nettle, and hence config.h for HAVE_NETTLE variable. compat definition of MAP_ANON, for older systems. ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. - Fix Terminating Quotes not Written, reported by X41 D-Sec. - Fix Useless memset() in validator, reported by X41 D-Sec. - Fix Unrequired Checks, reported by X41 D-Sec. - Fix Enum Name not Used, reported by X41 D-Sec. - Fix NULL Pointer Dereference via Control Port, reported by X41 D-Sec. - Fix Bad Randomness in Seed, reported by X41 D-Sec. - Fix python examples/calc.py for eval, reported by X41 D-Sec. - Fix comments for doxygen in dns64. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. - Fix authzone printout buffer length check. - Fixes to please lint checks. - Fix Integer Overflow in Regional Allocator, reported by X41 D-Sec. - Fix Unchecked NULL Pointer in dns64_inform_super() and ipsecmod_new(), reported by X41 D-Sec. - Fix Out-of-bounds Read in rr_comment_dnskey(), reported by X41 D-Sec. - Fix Integer Overflows in Size Calculations, reported by X41 D-Sec. - Fix Integer Overflow to Buffer Overflow in sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec. - Fix Out of Bounds Read in sldns_str2wire_dname(), reported by X41 D-Sec. - Fix Out of Bounds Write in sldns_bget_token_par(), reported by X41 D-Sec. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please code checkers. - update to bison output of 3.4.1 in code repository. - Provide a prototype for compat malloc to remove compile warning. - Portable grep usage for reuseport configure test. - Check return type of HMAC_Init_ex for openssl 0.9.8. - gitignore .source tempfile used for compatible make. 13 November 2019: Wouter - iana portlist updated. - contrib/fastrpz.patch updated to apply for current code. - fixes for splint cleanliness, long vs int in SSL set_mode. 11 November 2019: Wouter - Fix #109: check number of arguments for stdin-pipes in unbound-control and fail if too many arguments. - Merge #102 from jrtc27: Add getentropy emulation for FreeBSD. 24 October 2019: Wouter - Fix #99: Memory leak in ub_ctx (event_base will never be freed). 23 October 2019: George - Add new configure option `--enable-fully-static` to enable full static build if requested; in relation to #91. 23 October 2019: Wouter - Merge #97: manpage: Add missing word on unbound.conf, from Erethon. 22 October 2019: Wouter - drop-tld.diff: adds option drop-tld: yesno that drops 2 label queries, to stop random floods. Apply with patch -p1 < contrib/drop-tld.diff and compile. From Saksham Manchanda (Secure64). Please note that we think this will drop DNSKEY and DS lookups for tlds and hence break DNSSEC lookups for downstream clients. 7 October 2019: Wouter - Add doxygen comments to unbound-anchor source address code, in #86. 3 October 2019: Wouter - Merge #90 from vcunat: fix build with nettle-3.5. - Merge 1.9.4 release with fix for vulnerability CVE-2019-16866. - Continue with development of 1.9.5. - Merge #86 from psquarejho: Added -b source address option to smallapp/unbound-anchor.c, from Lukas Wunner. 26 September 2019: Wouter - Merge #87 from hardfalcon: Fix contrib/unbound.service.in, Drop CAP_KILL, use + prefix for ExecReload= instead. 25 September 2019: Wouter - The unbound.conf includes are sorted ascending, for include statements with a '*' from glob. 23 September 2019: Wouter - Merge #85 for #84 from sam-lunt: Add kill capability to systemd service file to fix that systemctl reload fails. 20 September 2019: Wouter - Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW in unbound.service. - Merge #81 from Maryse47: Consistently use /dev/urandom instead of /dev/random in scripts and docs. - Merge #83 from Maryse47: contrib/unbound.service.in: do not fork into the background. 19 September 2019: Wouter - Fix #78: Memory leak in outside_network.c. - Merge pull request #76 from Maryse47: Improvements and fixes for systemd unbound.service. - oss-fuzz badge on README.md. - Fix fix for #78 to also free service callback struct. - Fix for oss-fuzz build warning. - Fix wrong response ttl for prepended short CNAME ttls, this would create a wrong zero_ttl response count with serve-expired enabled. - Merge #80 from stasic: Improve wording in man page. 11 September 2019: Wouter - Use explicit bzero for wiping clear buffer of hash in cachedb, reported by Eric Sesterhenn from X41 D-Sec. 9 September 2019: Wouter - Fix #72: configure --with-syslog-facility=LOCAL0-7 with default LOG_DAEMON (as before) can set the syslog facility that the server uses to log messages. 4 September 2019: Wouter - Fix #71: fix openssl error squelch commit compilation error. 3 September 2019: Wouter - squelch DNS over TLS errors 'ssl handshake failed crypto error' on low verbosity, they show on verbosity 3 (query details), because there is a high volume and the operator cannot do anything for the remote failure. Specifically filters the high volume errors. 2 September 2019: Wouter - ipset module #28: log that an address is added, when verbosity high. - ipset: refactor long routine into three smaller ones. - updated Makefile dependencies. 23 August 2019: Wouter - Fix contrib/fastrpz.patch asprintf return value checks. 22 August 2019: Wouter - Fix that pkg-config is setup before --enable-systemd needs it. - 1.9.3rc2 release candidate tag. And this became the 1.9.3 release. Master is 1.9.4 in development. 21 August 2019: Wouter - Fix log_dns_msg to log irrespective of minimal responses config. 19 August 2019: Ralph - Document limitation of pidfile removal outside of chroot directory. 16 August 2019: Wouter - Fix unittest valgrind false positive uninitialised value report, where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0 issues an uninitialised value for the token buffer at the str2wire.c rrinternal_get_owner() strcmp with the '@@' value. Rewritten to use straight character comparisons removes the false positive. Also valgrinds --expensive-definedness-checks=yes can stop this false positive. - Please doxygen's parser for "@@" occurrence in doxygen comment. - Fixup contrib/fastrpz.patch - Remove warning about unknown cast-function-type warning pragma. 15 August 2019: Wouter - iana portlist updated. - Fix autotrust temp file uniqueness windows compile. - avoid warning about upcast on 32bit systems for autotrust. - escape commandline contents for -V. - Fix character buffer size in ub_ctx_hosts. - 1.9.3rc1 release candidate tag. - Option -V prints if TCP fastopen is available. 14 August 2019: George - Fix #59, when compiled with systemd support check that we can properly communicate with systemd through the `NOTIFY_SOCKET`. 14 August 2019: Wouter - Generate configlexer with newer flex. - Fix warning for unused variable for compilation without systemd. 12 August 2019: George - Introduce `-V` option to print the version number and build options. Previously reported build options like linked libs and linked modules are now moved from `-h` to `-V` as well for consistency. - PACKAGE_BUGREPORT now also includes link to GitHub issues. 1 August 2019: Wouter - For #52 #53, second context does not close logfile override. - Fix #52 #53, fix for example fail program. - Fix to return after failed auth zone http chunk write. - Fix to remove unused test for task_probe existance. - Fix to timeval_add for remaining second in microseconds. - Check repinfo in worker_handle_request, if null, drop it. 29 July 2019: Wouter - Add verbose log message when auth zone file is written, at level 4. - Add hex print of trust anchor pointer to trust anchor file temp name to make it unique, for libunbound created multiple contexts. 23 July 2019: Wouter - Fix question section mismatch in local zone redirect. 19 July 2019: Wouter - Fix #49: Set no renegotiation on the SSL context to stop client session renegotiation. 12 July 2019: Wouter - Fix #48: Unbound returns additional records on NODATA response, if minimal-responses is enabled, also the additional for negative responses is removed. 9 July 2019: Ralph - Fix in respip addrtree selection. Absence of addr_tree_init_parents() call made it impossible to go up the tree when the matching netmask is too specific. 5 July 2019: Ralph - Fix for possible assertion failure when answering respip CNAME from cache. 25 June 2019: Wouter - For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf when do-not-query-localhost is turned on, or at default on, unbound-checkconf prints a warning if it is found in forward-addr or stub-addr statements. 24 June 2019: Wouter - Fix memleak in unit test, reported from the clang 8.0 static analyzer. 18 June 2019: Wouter - PR #28: IPSet module, by Kevin Chou. Created a module to support the ipset that could add the domain's ip to a list easily. Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md. - Fix to omit RRSIGs from addition to the ipset. - Fix to make unbound-control with ipset, remove unused variable, use unsigned type because of comparison, and assign null instead of compare with it. Remade lex and yacc output. - make depend - Added documentation to the ipset files (for doxygen output). - Merge PR #6: Python module: support multiple instances - Merge PR #5: Python module: define constant MODULE_RESTART_NEXT - Merge PR #4: Python module: assign something useful to the per-query data store 'qdata' - Fix python dict reference and double free in config. 17 June 2019: Wouter - Master contains version 1.9.3 in development. - Fix #39: In libunbound, leftover logfile is close()d unpredictably. - Fix for #24: Fix abort due to scan of auth zone masters using old address from previous scan. 12 June 2019: Wouter - Fix another spoolbuf storage code point, in prefetch. - 1.9.2rc3 release candidate tag. Which became the 1.9.2 release on 17 June 2019. 11 June 2019: Wouter - Fix that fixes the Fix that spoolbuf is not used to store tcp pipelined response between mesh send and callback end, this fixes error cases that did not use the correct spoolbuf. - 1.9.2rc2 release candidate tag. 6 June 2019: Wouter - 1.9.2rc1 release candidate tag. 4 June 2019: Wouter - iana portlist updated. 29 May 2019: Wouter - Fix to guard _OPENBSD_SOURCE from redefinition. 28 May 2019: Wouter - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD. - gitignore config.h.in~. 27 May 2019: Wouter - Fix double file close in tcp pipelined response code. 24 May 2019: Wouter - Fix that spoolbuf is not used to store tcp pipelined response between mesh send and callback end. 20 May 2019: Wouter - Note that so-reuseport at extreme load is better turned off, otherwise queries are not distributed evenly, on Linux 4.4.x. 16 May 2019: Wouter - Fix #31: swig 4.0 and python module. 13 May 2019: Wouter - Squelch log messages from tcp send about connection reset by peer. They can be enabled with verbosity at higher values for diagnosing network connectivity issues. - Attempt to fix malformed tcp response. 9 May 2019: Wouter - Revert fix for oss-fuzz, error is in that build script that unconditionally includes .o files detected by configure, also when the machine architecture uses different LIBOBJS files. 8 May 2019: Wouter - Attempt to fix build failure in oss-fuzz because of reallocarray. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14648. Does not omit compile flags from commandline. 7 May 2019: Wouter - Fix edns-subnet locks, in error cases the lock was not unlocked. - Fix doxygen output error on readme markdown vignettes. 6 May 2019: Wouter - Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64. - Fix #30: AddressSanitizer finding in lookup3.c. This sets the hash function to use a slower but better auditable code that does not read beyond array boundaries. This makes code better security checkable, and is better for security. It is fixed to be slower, but not read outside of the array. 2 May 2019: Wouter - contrib/fastrpz.patch updated for code changes, and with git diff. - Fix .gitignore, add pythonmod and dnstap generated files. And unit test generated files, and generated doc files. 1 May 2019: Wouter - Update makedist for git. - Nicer travis output for clang analysis. - PR #16: XoT support, AXFR over TLS, turn it on with master: # in unbound.conf. This uses TLS to download the AXFR (or IXFR). 25 April 2019: Wouter - Fix wrong query name in local zone redirect answers with a CNAME, the copy of the local alias is in unpacked form. 18 April 2019: Ralph - Scrub RRs from answer section when reusing NXDOMAIN message for subdomain answers. - For harden-below-nxdomain: do not consider a name to be non-exitent when message contains a CNAME record. 18 April 2019: Wouter - travis build file. 16 April 2019: Wouter - Better braces in if statement in TCP fastopen code. - iana portlist updated. 15 April 2019: Wouter - Fix tls write event for read state change to re-call SSL_write and not resume the TLS handshake. 11 April 2019: George - Update python documentation for init_standard(). - Typos. 11 April 2019: Wouter - Fix that auth zone uses correct network type for sockets for SOA serial probes. This fixes that probes fail because earlier probe addresses are unreachable. - Fix that auth zone fails over to next master for timeout in tcp. - Squelch SSL read and write connection reset by peer and broken pipe messages. Verbosity 2 and higher enables them. 8 April 2019: Wouter - Fix to use event_assign with libevent for thread-safety. - verbose information about auth zone lookup process, also lookup start, timeout and fail. - Fix #17: Add python module example from Jan Janak, that is a plugin for the Unbound DNS resolver to resolve DNS records in multicast DNS [RFC 6762] via Avahi. The plugin communicates with Avahi via DBus. The comment section at the beginning of the file contains detailed documentation. - Fix to wipe ssl ticket keys from memory with explicit_bzero, if available. 5 April 2019: Wouter - Fix to reinit event structure for accepted TCP (and TLS) sockets. 4 April 2019: Wouter - Fix spelling error in log output for event method. 3 April 2019: Wouter - Move goto label in answer_from_cache to the end of the function where it is more visible. - Fix auth-zone NSEC3 response for wildcard nodata answers, include the closest encloser in the answer. 2 April 2019: Wouter - Fix auth-zone NSEC3 response for empty nonterminals with exact match nsec3 records. - Fix for out of bounds integers, thanks to OSTIF audit. It is in allocation debug code. - Fix for auth zone nsec3 ent fix for wildcard nodata. 25 March 2019: Wouter - Fix that tls-session-ticket-keys: "" on its own in unbound.conf disables the tls session ticker key calls into the OpenSSL API. - Fix crash if tls-servic-pem not filled in when necessary. 21 March 2019: Wouter - Fix #4240: Fix whitespace cleanup in example.conf. 19 March 2019: Wouter - add type CAA to libpyunbound (accessing libunbound from python). 18 March 2019: Wouter - Add log message, at verbosity 4, that says the query is encrypted with TLS, if that is enabled for the query. - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482. 7 March 2019: Wouter - Fix for #4233: guard use of NDEBUG, so that it can be passed in CFLAGS into configure. @ text @d4 5 a8 5 diff --git a/Makefile.in b/Makefile.in index 721c01b6..56bfb560 100644 --- a/Makefile.in +++ b/Makefile.in @@@@ -23,6 +23,8 @@@@ CHECKLOCK_SRC=testcode/checklocks.c d17 1 a17 1 @@@@ -126,7 +128,7 @@@@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ d21 2 a22 2 -$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) +$(DNSTAP_SRC) $(FASTRPZ_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) d26 1 a26 1 @@@@ -139,7 +141,7 @@@@ autotrust.lo val_anchor.lo \ d30 2 a31 2 -$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo d35 1 a35 1 @@@@ -409,6 +411,11 @@@@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ d47 5 a51 5 diff --git a/config.h.in b/config.h.in index 8c2aa3b9..efaf6450 100644 --- a/config.h.in +++ b/config.h.in @@@@ -1325,4 +1325,11 @@@@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, d64 5 a68 5 diff --git a/configure.ac b/configure.ac index 5276d441..9d74592e 100644 --- a/configure.ac +++ b/configure.ac @@@@ -6,6 +6,7 @@@@ sinclude(ax_pthread.m4) d76 1 a76 1 @@@@ -1726,6 +1727,9 @@@@ case "$enable_ipset" in d86 4 a89 4 diff --git a/daemon/daemon.c b/daemon/daemon.c index 0b1200a2..5857c18b 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c d100 1 a100 3 @@@@ -458,6 +461,14 @@@@ daemon_create_workers(struct daemon* daemon) dt_apply_cfg(daemon->dtenv, daemon->cfg); #else d102 2 a103 2 +#endif + } d110 2 a111 2 #endif } d113 3 a115 2 @@@@ -724,6 +735,9 @@@@ daemon_cleanup(struct daemon* daemon) #ifdef USE_DNSCRYPT d118 1 a118 1 +#endif d121 1 a121 1 #endif d124 6 a129 5 diff --git a/daemon/daemon.h b/daemon/daemon.h index 5749dbef..64ce230f 100644 --- a/daemon/daemon.h +++ b/daemon/daemon.h @@@@ -136,6 +136,11 @@@@ struct daemon { d141 4 a144 4 diff --git a/daemon/worker.c b/daemon/worker.c index e2ce0e87..f031c656 100644 --- a/daemon/worker.c +++ b/daemon/worker.c d155 1 a155 1 @@@@ -533,8 +536,27 @@@@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, d183 1 a183 1 @@@@ -699,6 +721,23 @@@@ answer_from_cache(struct worker* worker, struct query_info* qinfo, d207 1 a207 1 @@@@ -1410,6 +1449,15 @@@@ worker_handle_request(struct comm_point* c, void* arg, int error, d223 1 a223 1 @@@@ -1458,12 +1506,21 @@@@ lookup_cache: d247 1 a247 1 @@@@ -1518,11 +1575,19 @@@@ lookup_cache: d269 5 a273 5 diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 4bdfcd56..69e70627 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@@@ -1801,6 +1801,81 @@@@ List domain for which the AAAA records are ignored and the A record is d355 4 a358 5 diff --git a/fastrpz/librpz.h b/fastrpz/librpz.h new file mode 100644 index 00000000..645279d1 --- /dev/null +++ b/fastrpz/librpz.h d1317 4 a1320 5 diff --git a/fastrpz/rpz.c b/fastrpz/rpz.c new file mode 100644 index 00000000..c5ab7801 --- /dev/null +++ b/fastrpz/rpz.c d2674 4 a2677 5 diff --git a/fastrpz/rpz.h b/fastrpz/rpz.h new file mode 100644 index 00000000..5d7e31c5 --- /dev/null +++ b/fastrpz/rpz.h d2817 4 a2820 5 diff --git a/fastrpz/rpz.m4 b/fastrpz/rpz.m4 new file mode 100644 index 00000000..21235355 --- /dev/null +++ b/fastrpz/rpz.m4 d2886 4 a2889 4 diff --git a/iterator/iterator.c b/iterator/iterator.c index 1e0113a8..2fcbf547 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c d2900 1 a2900 1 @@@@ -555,6 +558,23 @@@@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, d2924 1 a2924 1 @@@@ -563,6 +583,9 @@@@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, d2934 1 a2934 1 @@@@ -1199,6 +1222,7 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2942 1 a2942 1 @@@@ -1285,8 +1309,7 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2952 1 a2952 1 @@@@ -1294,7 +1317,22 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2975 1 a2975 1 @@@@ -2718,6 +2756,62 @@@@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, d3038 1 a3038 1 @@@@ -3471,12 +3565,44 @@@@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, d3049 1 d3084 5 a3088 5 diff --git a/iterator/iterator.h b/iterator/iterator.h index a2f1b570..e1e4a738 100644 --- a/iterator/iterator.h +++ b/iterator/iterator.h @@@@ -386,6 +386,16 @@@@ struct iter_qstate { d3105 5 a3109 5 diff --git a/services/cache/dns.c b/services/cache/dns.c index aa4efec7..5dd3412e 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@@@ -945,6 +945,14 @@@@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, d3124 4 a3127 4 diff --git a/services/mesh.c b/services/mesh.c index d4f814d5..624a9d95 100644 --- a/services/mesh.c +++ b/services/mesh.c d3138 1 a3138 1 @@@@ -1076,6 +1079,13 @@@@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, d3152 1 a3152 1 @@@@ -1255,6 +1265,7 @@@@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, d3160 1 a3160 1 @@@@ -1301,6 +1312,10 @@@@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, d3171 5 a3175 5 diff --git a/util/config_file.c b/util/config_file.c index 119b2223..ce43a234 100644 --- a/util/config_file.c +++ b/util/config_file.c @@@@ -1434,6 +1434,8 @@@@ config_delete(struct config_file* cfg) d3183 6 a3188 6 config_delstrlist(cfg->python_script); diff --git a/util/config_file.h b/util/config_file.h index b3ef930a..56173b80 100644 --- a/util/config_file.h +++ b/util/config_file.h @@@@ -494,6 +494,11 @@@@ struct config_file { d3200 5 a3204 5 diff --git a/util/configlexer.lex b/util/configlexer.lex index a86ddf55..b56bcfb4 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@@@ -438,6 +438,10 @@@@ dnstap-log-forwarder-query-messages{COLON} { d3215 5 a3219 5 diff --git a/util/configparser.y b/util/configparser.y index 10227a2f..cdbcf7cd 100644 --- a/util/configparser.y +++ b/util/configparser.y @@@@ -125,6 +125,7 @@@@ extern struct config_parser_state* cfg_parser; d3227 1 a3227 1 @@@@ -171,7 +172,7 @@@@ extern struct config_parser_state* cfg_parser; d3236 1 a3236 1 @@@@ -2726,6 +2727,50 @@@@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES d3264 2 a3265 2 + if(asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2) == -1) {new_cstr = NULL; yyerror("out of memory");} + else if(!new_cstr) d3277 2 a3278 2 + if(asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2) == -1) {new_cstr = NULL; yyerror("out of memory");} + else if(!new_cstr) d3287 5 a3291 5 diff --git a/util/data/msgencode.c b/util/data/msgencode.c index a51a4b9b..475dfce9 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@@@ -590,6 +590,35 @@@@ insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, d3327 2 a3328 3 @@@@ -777,6 +806,19 @@@@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, } sldns_buffer_write_u16_at(buffer, 10, arcount); d3330 1 d3347 5 a3351 5 diff --git a/util/data/packed_rrset.c b/util/data/packed_rrset.c index 7b9d5494..e44b2ce5 100644 --- a/util/data/packed_rrset.c +++ b/util/data/packed_rrset.c @@@@ -255,6 +255,10 @@@@ sec_status_to_string(enum sec_status s) d3362 5 a3366 5 diff --git a/util/data/packed_rrset.h b/util/data/packed_rrset.h index 3a5335dd..20113217 100644 --- a/util/data/packed_rrset.h +++ b/util/data/packed_rrset.h @@@@ -193,7 +193,15 @@@@ enum sec_status { d3383 4 a3386 4 diff --git a/util/netevent.c b/util/netevent.c index 980bb8be..d537d288 100644 --- a/util/netevent.c +++ b/util/netevent.c d3397 1 a3397 1 @@@@ -590,6 +593,9 @@@@ comm_point_udp_ancil_callback(int fd, short event, void* arg) d3407 1 a3407 1 @@@@ -679,6 +685,9 @@@@ comm_point_udp_callback(int fd, short event, void* arg) d3417 1 a3417 1 @@@@ -722,6 +731,9 @@@@ comm_point_udp_callback(int fd, short event, void* arg) d3427 1 a3427 1 @@@@ -3184,6 +3196,9 @@@@ comm_point_send_reply(struct comm_reply *repinfo) d3437 1 a3437 1 @@@@ -3193,6 +3208,9 @@@@ comm_point_drop_reply(struct comm_reply* repinfo) d3439 1 a3439 1 log_assert(repinfo->c); d3447 1 a3447 1 @@@@ -3214,6 +3232,9 @@@@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) d3449 2 a3450 2 verbose(VERB_ALGO, "comm point start listening %d (%d msec)", c->fd==-1?newfd:c->fd, msec); d3457 5 a3461 5 diff --git a/util/netevent.h b/util/netevent.h index d80c72b3..0233292f 100644 --- a/util/netevent.h +++ b/util/netevent.h @@@@ -120,6 +120,10 @@@@ struct comm_reply { d3472 5 a3476 5 diff --git a/validator/validator.c b/validator/validator.c index 4c560a8e..71de3760 100644 --- a/validator/validator.c +++ b/validator/validator.c @@@@ -2755,6 +2755,12 @@@@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, d3489 1 a3489 1 @@@@ -2788,6 +2794,12 @@@@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, @ 1.1.1.3.2.2 log @Pull up the following, requested by christos in ticket #1803: external/bsd/nsd/dist/compat/cpuset.c up to 1.1.1.1 external/bsd/nsd/dist/compat/cpuset.h up to 1.1.1.2 external/bsd/nsd/dist/compat/setproctitle.c up to 1.1.1.1 external/bsd/nsd/dist/compat/explicit_bzero.c up to 1.1.1.1 external/bsd/nsd/dist/doc/NSD-VERIFY-MODS up to 1.1.1.1 external/bsd/nsd/dist/util/proxy_protocol.c up to 1.1.1.1 external/bsd/nsd/dist/util/proxy_protocol.h up to 1.1.1.1 external/bsd/nsd/dist/contrib/patch_for_s6_startup_and_other_service_supervisors.diff up to 1.1.1.1 external/bsd/nsd/dist/contrib/autocomplete_nsd-control.bash up to 1.1.1.1 external/bsd/nsd/dist/bitset.c up to 1.1.1.1 external/bsd/nsd/dist/README.md up to 1.1.1.4 external/bsd/nsd/dist/aclocal.m4 up to 1.1.1.1 external/bsd/nsd/dist/bitset.h up to 1.1.1.2 external/bsd/nsd/dist/popen3.c up to 1.1.1.2 external/bsd/nsd/dist/popen3.h up to 1.1.1.3 external/bsd/nsd/dist/ixfr.c up to 1.1.1.2 external/bsd/nsd/dist/ixfr.h up to 1.1.1.2 external/bsd/nsd/dist/ixfrcreate.c up to 1.1.1.2 external/bsd/nsd/dist/ixfrcreate.h up to 1.1.1.2 external/bsd/nsd/dist/siphash.c up to 1.1.1.1 external/bsd/nsd/dist/verify.c up to 1.1.1.2 external/bsd/nsd/dist/verify.h up to 1.1.1.2 external/bsd/nsd/dist/SECURITY.md up to 1.1.1.1 external/bsd/nsd/dist/configyyrename.h delete external/bsd/nsd/dist/udbradtree.c delete external/bsd/nsd/dist/udbradtree.h delete external/bsd/nsd/dist/udbzone.c delete external/bsd/nsd/dist/udbzone.h delete external/bsd/nsd/dist/contrib/nsd.service delete external/bsd/nsd/dist/contrib/nsd.socket delete external/bsd/nsd/Makefile.inc up to 1.8 external/bsd/nsd/dist/Makefile.in up to 1.1.1.9 external/bsd/nsd/dist/acx_nlnetlabs.m4 up to 1.1.1.4 external/bsd/nsd/dist/answer.c up to 1.1.1.2 external/bsd/nsd/dist/answer.h up to 1.1.1.2 external/bsd/nsd/dist/axfr.c up to 1.1.1.5 external/bsd/nsd/dist/axfr.h up to 1.1.1.3 external/bsd/nsd/dist/buffer.h up to 1.1.1.2 external/bsd/nsd/dist/config.guess up to 1.2 external/bsd/nsd/dist/config.h.in up to 1.1.1.9 external/bsd/nsd/dist/configlexer.c up to 1.9 external/bsd/nsd/dist/configlexer.lex up to 1.1.1.8 external/bsd/nsd/dist/configparser.c up to 1.9 external/bsd/nsd/dist/configparser.h up to 1.9 external/bsd/nsd/dist/configparser.y up to 1.1.1.8 external/bsd/nsd/dist/configure up to 1.3 external/bsd/nsd/dist/configure.ac up to 1.6 external/bsd/nsd/dist/dbaccess.c up to 1.1.1.6 external/bsd/nsd/dist/dbcreate.c up to 1.1.1.6 external/bsd/nsd/dist/difffile.c up to 1.1.1.8 external/bsd/nsd/dist/difffile.h up to 1.1.1.4 external/bsd/nsd/dist/dname.c up to 1.1.1.3 external/bsd/nsd/dist/dname.h up to 1.1.1.2 external/bsd/nsd/dist/dns.c up to 1.1.1.6 external/bsd/nsd/dist/dns.h up to 1.1.1.6 external/bsd/nsd/dist/edns.c up to 1.1.1.4 external/bsd/nsd/dist/edns.h up to 1.1.1.3 external/bsd/nsd/dist/ipc.c up to 1.1.1.8 external/bsd/nsd/dist/iterated_hash.c up to 1.1.1.2 external/bsd/nsd/dist/lookup3.c up to 1.1.1.3 external/bsd/nsd/dist/mini_event.c up to 1.1.1.4 external/bsd/nsd/dist/mini_event.h up to 1.1.1.4 external/bsd/nsd/dist/namedb.c up to 1.1.1.6 external/bsd/nsd/dist/namedb.h up to 1.1.1.5 external/bsd/nsd/dist/netio.h up to 1.1.1.2 external/bsd/nsd/dist/nsd-checkconf.8.in up to 1.1.1.9 external/bsd/nsd/dist/nsd-checkconf.c up to 1.1.1.8 external/bsd/nsd/dist/nsd-checkzone.8.in up to 1.1.1.9 external/bsd/nsd/dist/nsd-checkzone.c up to 1.1.1.6 external/bsd/nsd/dist/nsd-control-setup.sh.in up to 1.1.1.4 external/bsd/nsd/dist/nsd-control.8.in up to 1.1.1.9 external/bsd/nsd/dist/nsd-control.c up to 1.1.1.9 external/bsd/nsd/dist/nsd-mem.c up to 1.1.1.5 external/bsd/nsd/dist/nsd.8.in up to 1.1.1.9 external/bsd/nsd/dist/nsd.c up to 1.1.1.9 external/bsd/nsd/dist/nsd.conf.5.in up to 1.1.1.9 external/bsd/nsd/dist/nsd.conf.sample.in up to 1.1.1.8 external/bsd/nsd/dist/nsd.h up to 1.1.1.8 external/bsd/nsd/dist/nsec3.c up to 1.1.1.7 external/bsd/nsd/dist/nsec3.h up to 1.1.1.4 external/bsd/nsd/dist/options.c up to 1.5 external/bsd/nsd/dist/options.h up to 1.1.1.9 external/bsd/nsd/dist/packet.c up to 1.1.1.3 external/bsd/nsd/dist/packet.h up to 1.1.1.5 external/bsd/nsd/dist/query.c up to 1.1.1.8 external/bsd/nsd/dist/query.h up to 1.1.1.5 external/bsd/nsd/dist/radtree.c up to 1.1.1.5 external/bsd/nsd/dist/rbtree.h up to 1.1.1.3 external/bsd/nsd/dist/rdata.c up to 1.1.1.4 external/bsd/nsd/dist/rdata.h up to 1.1.1.3 external/bsd/nsd/dist/region-allocator.c up to 1.1.1.4 external/bsd/nsd/dist/region-allocator.h up to 1.1.1.2 external/bsd/nsd/dist/remote.c up to 1.1.1.9 external/bsd/nsd/dist/remote.h up to 1.1.1.4 external/bsd/nsd/dist/rrl.c up to 1.1.1.4 external/bsd/nsd/dist/rrl.h up to 1.1.1.3 external/bsd/nsd/dist/server.c up to 1.8 external/bsd/nsd/dist/tsig-openssl.c up to 1.1.1.3 external/bsd/nsd/dist/tsig-openssl.h up to 1.1.1.3 external/bsd/nsd/dist/tsig.c up to 1.1.1.5 external/bsd/nsd/dist/tsig.h up to 1.1.1.2 external/bsd/nsd/dist/udb.c up to 1.1.1.5 external/bsd/nsd/dist/udb.h up to 1.1.1.5 external/bsd/nsd/dist/util.c up to 1.1.1.6 external/bsd/nsd/dist/util.h up to 1.8 external/bsd/nsd/dist/xfr-inspect.c up to 1.1.1.3 external/bsd/nsd/dist/xfrd-disk.c up to 1.1.1.6 external/bsd/nsd/dist/xfrd-notify.c up to 1.1.1.3 external/bsd/nsd/dist/xfrd-tcp.c up to 1.1.1.6 external/bsd/nsd/dist/xfrd-tcp.h up to 1.1.1.3 external/bsd/nsd/dist/xfrd.c up to 1.1.1.8 external/bsd/nsd/dist/xfrd.h up to 1.1.1.5 external/bsd/nsd/dist/zlexer.c up to 1.8 external/bsd/nsd/dist/zlexer.lex up to 1.1.1.6 external/bsd/nsd/dist/zonec.c up to 1.1.1.7 external/bsd/nsd/dist/zonec.h up to 1.1.1.6 external/bsd/nsd/dist/zparser.c up to 1.8 external/bsd/nsd/dist/zparser.h up to 1.6 external/bsd/nsd/dist/zparser.y up to 1.1.1.7 external/bsd/nsd/dist/compat/b64_pton.c up to 1.1.1.2 external/bsd/nsd/dist/compat/fake-rfc2553.h up to 1.1.1.2 external/bsd/nsd/dist/contrib/README up to 1.1.1.4 external/bsd/nsd/dist/contrib/nsd_munin_ up to 1.1.1.2 external/bsd/nsd/dist/dnstap/dnstap.c up to 1.1.1.4 external/bsd/nsd/dist/dnstap/dnstap.h up to 1.1.1.3 external/bsd/nsd/dist/dnstap/dnstap.m4 up to 1.1.1.2 external/bsd/nsd/dist/dnstap/dnstap_collector.c up to 1.1.1.3 external/bsd/nsd/dist/dnstap/dnstap_collector.h up to 1.1.1.2 external/bsd/nsd/dist/doc/CREDITS up to 1.1.1.3 external/bsd/nsd/dist/doc/ChangeLog up to 1.1.1.9 external/bsd/nsd/dist/doc/README up to 1.3 external/bsd/nsd/dist/doc/README.svn up to 1.1.1.2 external/bsd/nsd/dist/doc/RELNOTES up to 1.1.1.9 external/bsd/nsd/dist/doc/REQUIREMENTS up to 1.2 external/bsd/nsd/include/config.h up to 1.12 external/bsd/nsd/lib/libnsd/Makefile up to 1.6 external/bsd/nsd/sbin/nsd/Makefile up to 1.2 external/bsd/nsd/sbin/nsd-checkzone/Makefile up to 1.2 external/bsd/nsd/sbin/nsd-control/Makefile up to 1.2 external/bsd/unbound/dist/contrib/ios/15-ios.conf up to 1.1.1.1 external/bsd/unbound/dist/contrib/ios/install_expat.sh up to 1.1.1.1 external/bsd/unbound/dist/contrib/ios/install_openssl.sh up to 1.1.1.1 external/bsd/unbound/dist/contrib/ios/install_tools.sh up to 1.1.1.2 external/bsd/unbound/dist/contrib/ios/openssl.patch up to 1.1.1.1 external/bsd/unbound/dist/contrib/ios/setenv_ios.sh up to 1.1.1.1 external/bsd/unbound/dist/contrib/android/15-android.conf up to 1.1.1.1 external/bsd/unbound/dist/contrib/android/install_expat.sh up to 1.1.1.1 external/bsd/unbound/dist/contrib/android/install_ndk.sh up to 1.1.1.1 external/bsd/unbound/dist/contrib/android/install_openssl.sh up to 1.1.1.1 external/bsd/unbound/dist/contrib/android/install_tools.sh up to 1.1.1.1 external/bsd/unbound/dist/contrib/android/setenv_android.sh up to 1.1.1.1 external/bsd/unbound/dist/contrib/drop2rpz up to 1.1.1.2 external/bsd/unbound/dist/contrib/metrics.awk up to 1.1.1.2 external/bsd/unbound/dist/contrib/unbound_portable.service.in up to 1.1.1.1 external/bsd/unbound/dist/contrib/unbound_smf23.tar.gz up to 1.1.1.1 external/bsd/unbound/dist/contrib/Dockerfile.tests up to 1.1.1.2 external/bsd/unbound/dist/contrib/unbound.init_yocto up to 1.1.1.1 external/bsd/unbound/dist/dnstap/dnstap_fstrm.c up to 1.1.1.1 external/bsd/unbound/dist/dnstap/dnstap_fstrm.h up to 1.1.1.1 external/bsd/unbound/dist/dnstap/dtstream.c up to 1.1.1.3 external/bsd/unbound/dist/dnstap/dtstream.h up to 1.1.1.1 external/bsd/unbound/dist/dnstap/unbound-dnstap-socket.c up to 1.1.1.3 external/bsd/unbound/dist/services/rpz.c up to 1.1.1.3 external/bsd/unbound/dist/services/rpz.h up to 1.1.1.3 external/bsd/unbound/dist/testcode/dohclient.c up to 1.1.1.3 external/bsd/unbound/dist/testcode/readzone.c up to 1.1.1.1 external/bsd/unbound/dist/testcode/unittcpreuse.c up to 1.1.1.2 external/bsd/unbound/dist/testcode/unitzonemd.c up to 1.1.1.1 external/bsd/unbound/dist/testdata/00-lint.tdir/00-lint.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap.tdir/dnstap.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap.tdir/dnstap.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap.tdir/dnstap.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap.tdir/dnstap.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap.tdir/dnstap.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap.tdir/dnstap.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_client_string.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_client_string_opcode.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/nsid_ascii.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/nsid_hex.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/nsid_not_set.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/rpz_axfr.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/rpz_ixfr.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/rpz_qname.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/rpz_qname_override.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/rpz_respip.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/rpz_respip_override.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/serve_expired_client_timeout.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/serve_expired_ttl.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tcp.tdir/dnstap_tcp.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tcp.tdir/dnstap_tcp.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tcp.tdir/dnstap_tcp.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tcp.tdir/dnstap_tcp.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tcp.tdir/dnstap_tcp.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tcp.tdir/dnstap_tcp.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tcp.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tcp.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tcp.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tcp.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.dscp up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.include-toplevel.1 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.include-toplevel.2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.include-toplevel.3 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.include-toplevel.4 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.include-toplevel.5 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.include-toplevel.6 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/good.min up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.include-toplevel.7 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/good.include-toplevel up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.include.withclauses.1 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.include.withclauses.2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.include.withclauses.3 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.include.withoutclauses.1 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.include.withoutclauses.2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.include.withoutclauses.3 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.includetop.withclauses.1 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.includetop.withclauses.2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.includetop.withclauses.3 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.includetop.withoutclauses.1 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.includetop.withoutclauses.2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.includetop.withoutclauses.3 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.withclauses.1 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.withclauses.2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.withclauses.3 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.withoutclauses.1 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.withoutclauses.2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.withoutclauses.3 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.withsomeclauses.1 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.withsomeclauses.2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/include.withsomeclauses.3 up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.proxy-and-dnscrypt up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.proxy-and-https up to 1.1.1.1 external/bsd/unbound/dist/testdata/07-confroot.tdir/07-confroot.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/conf.bad_credentials up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/conf.spoofed_credentials up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/bogus/dnskey-failures.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/bogus/dnssec-failures.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/bogus/make-broken-zone.sh up to 1.1.1.2 external/bsd/unbound/dist/testdata/ede.tdir/bogus/nsec-failures.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/bogus/rrsig-failures.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/bogus/dnskey-failures.test.signed up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/bogus/dnssec-failures.test.signed up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/bogus/nsec-failures.test.signed up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/bogus/rrsig-failures.test.signed up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/bogus/trust-anchors up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/ede-auth.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/ede.conf up to 1.1.1.2 external/bsd/unbound/dist/testdata/ede.tdir/ede.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/ede.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede.tdir/ede.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/ede.tdir/ede.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls.tdir/dnstap_tls.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls.tdir/dnstap_tls.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls.tdir/dnstap_tls.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls.tdir/dnstap_tls.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls.tdir/dnstap_tls.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls.tdir/dnstap_tls.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_reply_ttl.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/nss_compile.tdir/nss_compile.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_anchor.tdir/root_anchor.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_hints.tdir/root_hints.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/clang-analysis.tdir/clang-analysis.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_cached_ede.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_ttl_client_timeout.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_zerottl.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/serve_original_ttl.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_reconnect.tdir/dnstap_reconnect.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_reconnect.tdir/dnstap_reconnect.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_reconnect.tdir/dnstap_reconnect.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_reconnect.tdir/dnstap_reconnect.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_reconnect.tdir/dnstap_reconnect.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_reconnect.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_reconnect.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_reconnect.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_reconnect.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badcert.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badcert.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badcert.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badcert.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badname.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badname.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badname.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_badname.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_clientauth.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_clientauth.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_clientauth.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_clientauth.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_peername.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_peername.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_peername.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnstap_tls_peername.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream.tdir/doh_downstream.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream.tdir/doh_downstream.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream.tdir/doh_downstream.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream.tdir/doh_downstream.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream.tdir/doh_downstream.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream.tdir/doh_downstream.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_buffer_size.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_buffer_size.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_endpoint.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_endpoint.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_notls.tdir/doh_downstream_notls.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_notls.tdir/doh_downstream_notls.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_notls.tdir/doh_downstream_notls.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_notls.tdir/doh_downstream_notls.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_notls.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_notls.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_post.tdir/doh_downstream_post.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_post.tdir/doh_downstream_post.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_post.tdir/doh_downstream_post.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_post.tdir/doh_downstream_post.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/doh_downstream_post.tdir/doh_downstream_post.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_post.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/doh_downstream_post.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dynlibmod.tdir/dynlibmod.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/dynlibmod.tdir/dynlibmod.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/dynlibmod.tdir/dynlibmod.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/dynlibmod.tdir/dynlibmod.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/dynlibmod.tdir/dynlibmod.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/dynlibmod.tdir/dynlibmod.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/dynlibmod.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dynlibmod.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/dynlibmod.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/dynlibmod.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/padding.tdir/padding.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/padding.tdir/padding.conf2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/padding.tdir/padding.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/padding.tdir/padding.msgsizes up to 1.1.1.1 external/bsd/unbound/dist/testdata/padding.tdir/padding.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/padding.tdir/padding.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/padding.tdir/padding.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/padding.tdir/padding.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/padding.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/padding.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/padding.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/padding.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.conf up to 1.1.1.2 external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.test up to 1.1.1.3 external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.testexpiredns up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.testns up to 1.1.1.2 external/bsd/unbound/dist/testdata/stat_values.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_values.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_values.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_values.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values_cachedb.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values_downstream_cookies.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_reuse.tdir/tcp_reuse.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_reuse.tdir/tcp_reuse.conf2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_reuse.tdir/tcp_reuse.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_reuse.tdir/tcp_reuse.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_reuse.tdir/tcp_reuse.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_reuse.tdir/tcp_reuse.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse.tdir/tls_reuse.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse.tdir/tls_reuse.conf2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse.tdir/tls_reuse.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse.tdir/tls_reuse.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse.tdir/tls_reuse.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse.tdir/tls_reuse.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/tls_reuse.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_anchor.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_anchor_fail.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_chain.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_chain_fail.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_file.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_file_fail.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_file_unknown.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_cached_zone.tdir/blanks.example.com.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_cached_zone.tdir/blanks_cached_zone.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_cached_zone.tdir/blanks_cached_zone.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_cached_zone.tdir/blanks_cached_zone.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_cached_zone.tdir/blanks_cached_zone.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_cached_zone.tdir/blanks_cached_zone.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_insecure.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_insecure_absent.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_insecure_absent_reject.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_insecure_fail.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_nokey.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_permissive_mode.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_xfr.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_xfr_anchor.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_xfr_anchor_fail.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_xfr_chain.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_xfr_chain_fail.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_xfr_chain_keyinxfr.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/auth_zonemd_xfr_fail.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede_acl_refused.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_ignore_empty.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede_localzone_dname_expansion.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_attached_once_per_upstream.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_error_retries.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_cname_minimise.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_dp_ip6useless.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_ghost_sub.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_ghost_timewindow.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_nxns_cached.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_nxns_fallback.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_nxns_parentside.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/nsid_bogus.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/rpz_clientip.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/rpz_nsdname.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/ipset.tdir/ipset.conf up to 1.1.1.2 external/bsd/unbound/dist/testdata/ipset.tdir/ipset.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/ipset.tdir/ipset.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/ipset.tdir/ipset.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/ipset.tdir/ipset.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/ipset.tdir/ipset.testns up to 1.1.1.2 external/bsd/unbound/dist/testdata/rpz_nsip.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/rpz_passthru.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/rpz_qname_tcponly.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/rpz_respip_tcponly.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/rpz_rootwc.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/rpz_signal_nxdomain_ra.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_client_timeout_no_prefetch.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_prefetch.crpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/subnet_prezero.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example1.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example10.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example11.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example12.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example13.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example14.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/acl_interface.tdir/acl_interface.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/acl_interface.tdir/acl_interface.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/acl_interface.tdir/acl_interface.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/acl_interface.tdir/acl_interface.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/acl_interface.tdir/acl_interface.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/acl_interface.tdir/acl_interface.test.scenario up to 1.1.1.1 external/bsd/unbound/dist/testdata/acl_interface.tdir/acl_interface.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/acl_interface.tdir/acl_interface.testns2 up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example15.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example16.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example17.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example2.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example3.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example4.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example5.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example6.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example7.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example8.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example9.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example_a1.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example_a2.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example_a3.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example_a4.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd.example_a5.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_https.tdir/127.0.0.1/blanks.example.com.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_https.tdir/blanks_https.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_https.tdir/blanks_https.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_https.tdir/blanks_https.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_https.tdir/blanks_https.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_https.tdir/blanks_https.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_https.tdir/petal.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/blanks_https.tdir/petal.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/cachedb_cached_ede.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/cachedb_servfail_cname.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/127.0.0.1/example.com.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/http_user_agent.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/http_user_agent.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/http_user_agent.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/http_user_agent.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/http_user_agent.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/petal.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/petal.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/http_user_agent.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/ratelimit.tdir/ratelimit.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/ratelimit.tdir/ratelimit.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/ratelimit.tdir/ratelimit.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/ratelimit.tdir/ratelimit.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/ratelimit.tdir/ratelimit.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/ratelimit.tdir/ratelimit.testns up to 1.1.1.2 external/bsd/unbound/dist/testdata/ratelimit.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/ratelimit.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/ratelimit.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/ratelimit.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp_with_tcp_upstream.tdir/stub_udp_with_tcp_upstream.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/svcb.tdir/crypto.cloudflare.com.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/svcb.tdir/svcb.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/svcb.tdir/svcb.failure-cases-01 up to 1.1.1.2 external/bsd/unbound/dist/testdata/svcb.tdir/svcb.failure-cases-02 up to 1.1.1.1 external/bsd/unbound/dist/testdata/svcb.tdir/svcb.failure-cases-03 up to 1.1.1.1 external/bsd/unbound/dist/testdata/svcb.tdir/svcb.failure-cases-04 up to 1.1.1.1 external/bsd/unbound/dist/testdata/svcb.tdir/svcb.success-cases.zone up to 1.1.1.2 external/bsd/unbound/dist/testdata/svcb.tdir/svcb.success-cases.zone.cmp up to 1.1.1.2 external/bsd/unbound/dist/testdata/svcb.tdir/svcb.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/svcb.tdir/svcb.test-vectors-pf.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/svcb.tdir/svcb.test-vectors-wf.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd_reload.tdir/zonemd_reload.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd_reload.tdir/zonemd_reload.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd_reload.tdir/zonemd_reload.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd_reload.tdir/zonemd_reload.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd_reload.tdir/zonemd_reload.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd_reload.tdir/zonemd_reload.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/zonemd_reload.tdir/zonemd_reload.zone up to 1.1.1.1 external/bsd/unbound/dist/testdata/disable_edns_do.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/ede_cache_snoop_not_auth.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_downstream_cookies.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_auth_tc.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_cname_minimise_nx.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_failreply.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_scopezero.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_nat64.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_nat64_prefix.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_nat64_prefix48.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_scrub_rr_length.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/rpz_cached_cname.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_0ttl_nodata.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_0ttl_nxdomain.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_0ttl_servfail.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_cached_servfail.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_cached_servfail_refresh.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/serve_expired_client_timeout_servfail.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_cached_servfail.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_global_prefetch.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_global_prefetch_always_forward.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_global_prefetch_expired.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_global_prefetch_with_client_ecs.crpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/val_any_negcache.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/val_scrub_rr_length.rpl up to 1.1.1.1 external/bsd/unbound/dist/testdata/cachedb_no_store.tdir/cachedb_no_store.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/cachedb_no_store.tdir/cachedb_no_store.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/cachedb_no_store.tdir/cachedb_no_store.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/cachedb_no_store.tdir/cachedb_no_store.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/cachedb_no_store.tdir/cachedb_no_store.servfail.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/cachedb_no_store.tdir/cachedb_no_store.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/cachedb_no_store.tdir/cachedb_no_store.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/ip_ratelimit.tdir/ip_ratelimit.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/ip_ratelimit.tdir/ip_ratelimit.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/ip_ratelimit.tdir/ip_ratelimit.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/ip_ratelimit.tdir/ip_ratelimit.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/ip_ratelimit.tdir/ip_ratelimit.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/ip_ratelimit.tdir/unbound_control.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/ip_ratelimit.tdir/unbound_control.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/ip_ratelimit.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/ip_ratelimit.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/proxy_protocol.tdir/proxy_protocol.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/proxy_protocol.tdir/proxy_protocol.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/proxy_protocol.tdir/proxy_protocol.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/proxy_protocol.tdir/proxy_protocol.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/proxy_protocol.tdir/proxy_protocol.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/proxy_protocol.tdir/proxy_protocol.test.scenario up to 1.1.1.1 external/bsd/unbound/dist/testdata/proxy_protocol.tdir/proxy_protocol.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/proxy_protocol.tdir/unbound_server.key up to 1.1.1.1 external/bsd/unbound/dist/testdata/proxy_protocol.tdir/unbound_server.pem up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_zonemd.tdir/root_zonemd.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_zonemd.tdir/root_zonemd.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_zonemd.tdir/root_zonemd.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_zonemd.tdir/root_zonemd.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_zonemd.tdir/root_zonemd.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_zonemd.tdir/root_zonemd.testns up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_auth_tc.tdir/stub_auth_tc.conf up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_auth_tc.tdir/stub_auth_tc.dsc up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_auth_tc.tdir/stub_auth_tc.post up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_auth_tc.tdir/stub_auth_tc.pre up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_auth_tc.tdir/stub_auth_tc.test up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_auth_tc.tdir/stub_auth_tc.testns up to 1.1.1.1 external/bsd/unbound/dist/util/proxy_protocol.c up to 1.1.1.1 external/bsd/unbound/dist/util/proxy_protocol.h up to 1.1.1.1 external/bsd/unbound/dist/util/rfc_1982.c up to 1.1.1.1 external/bsd/unbound/dist/util/rfc_1982.h up to 1.1.1.1 external/bsd/unbound/dist/util/siphash.c up to 1.1.1.1 external/bsd/unbound/dist/util/siphash.h up to 1.1.1.1 external/bsd/unbound/dist/util/timeval_func.c up to 1.1.1.1 external/bsd/unbound/dist/util/timeval_func.h up to 1.1.1.1 external/bsd/unbound/dist/SECURITY.md up to 1.1.1.1 external/bsd/unbound/dist/README-Travis.md up to 1.1.1.2 external/bsd/unbound/dist/dynlibmod/examples/helloworld.c up to 1.1.1.1 external/bsd/unbound/dist/dynlibmod/dynlibmod.c up to 1.1.1.2 external/bsd/unbound/dist/dynlibmod/dynlibmod.h up to 1.1.1.1 external/bsd/unbound/dist/contrib/unbound_smf22.tar.gz delete external/bsd/unbound/dist/testcode/mini_tpkg.sh delete external/bsd/unbound/dist/testdata/dlv_anchor.rpl delete external/bsd/unbound/dist/testdata/dlv_ask_higher.rpl delete external/bsd/unbound/dist/testdata/dlv_below_ta.rpl delete external/bsd/unbound/dist/testdata/dlv_delegation.rpl delete external/bsd/unbound/dist/testdata/dlv_ds_lookup.rpl delete external/bsd/unbound/dist/testdata/dlv_insecure.rpl delete external/bsd/unbound/dist/testdata/dlv_insecure_negcache.rpl delete external/bsd/unbound/dist/testdata/dlv_keyretry.rpl delete external/bsd/unbound/dist/testdata/dlv_negnx.rpl delete external/bsd/unbound/dist/testdata/dlv_optout.rpl delete external/bsd/unbound/dist/testdata/dlv_remove.rpl delete external/bsd/unbound/dist/testdata/dlv_remove_empty.rpl delete external/bsd/unbound/dist/testdata/dlv_remove_nodel.rpl delete external/bsd/unbound/dist/testdata/dlv_remove_pos.rpl delete external/bsd/unbound/dist/testdata/dlv_unused.rpl delete external/bsd/unbound/dist/testdata/domain_insec_dlv.rpl delete external/bsd/unbound/dist/testdata/fwddlv_parse.rpl delete external/bsd/unbound/dist/testdata/val_unalgo_dlv.rpl delete external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/precheck.sh delete external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/precheck.sh delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/1.cert delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/1.key delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/2.cert delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/1_chacha.cert delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/1_salsa.cert delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/2.key delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/2_chacha.cert delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/2_salsa.cert delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.conf delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.dsc delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.post delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.pre delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.test delete external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.testns delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/precheck.sh delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/1.key delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/2.key delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/2_salsa.cert delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.conf delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.dsc delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.post delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.pre delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.test delete external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.testns delete external/bsd/unbound/dist/.travis.yml delete external/bsd/unbound/Makefile.inc up to 1.5 external/bsd/unbound/dist/Makefile.in up to 1.1.1.8 external/bsd/unbound/dist/README.md up to 1.1.1.4 external/bsd/unbound/dist/aclocal.m4 up to 1.1.1.5 external/bsd/unbound/dist/acx_nlnetlabs.m4 up to 1.1.1.5 external/bsd/unbound/dist/acx_python.m4 up to 1.1.1.5 external/bsd/unbound/dist/config.guess up to 1.8 external/bsd/unbound/dist/config.h.in up to 1.1.1.8 external/bsd/unbound/dist/config.sub up to 1.7 external/bsd/unbound/dist/configure up to 1.1.1.8 external/bsd/unbound/dist/configure.ac up to 1.1.1.8 external/bsd/unbound/dist/install-sh up to 1.1.1.4 external/bsd/unbound/dist/cachedb/cachedb.c up to 1.1.1.8 external/bsd/unbound/dist/cachedb/cachedb.h up to 1.1.1.3 external/bsd/unbound/dist/cachedb/redis.c up to 1.1.1.3 external/bsd/unbound/dist/compat/arc4random.c up to 1.1.1.5 external/bsd/unbound/dist/compat/ctime_r.c up to 1.1.1.3 external/bsd/unbound/dist/compat/getentropy_solaris.c up to 1.1.1.4 external/bsd/unbound/dist/contrib/README up to 1.1.1.7 external/bsd/unbound/dist/contrib/aaaa-filter-iterator.patch up to 1.1.1.5 external/bsd/unbound/dist/contrib/fastrpz.patch up to 1.1.1.5 external/bsd/unbound/dist/contrib/libunbound.pc.in up to 1.1.1.4 external/bsd/unbound/dist/contrib/unbound.service.in up to 1.1.1.6 external/bsd/unbound/dist/contrib/unbound.spec up to 1.1.1.2 external/bsd/unbound/dist/contrib/unbound_munin_ up to 1.1.1.4 external/bsd/unbound/dist/daemon/acl_list.c up to 1.1.1.6 external/bsd/unbound/dist/daemon/acl_list.h up to 1.1.1.5 external/bsd/unbound/dist/daemon/cachedump.c up to 1.1.1.6 external/bsd/unbound/dist/daemon/daemon.c up to 1.1.1.8 external/bsd/unbound/dist/daemon/daemon.h up to 1.1.1.5 external/bsd/unbound/dist/daemon/remote.c up to 1.1.1.8 external/bsd/unbound/dist/daemon/remote.h up to 1.1.1.4 external/bsd/unbound/dist/daemon/stats.c up to 1.1.1.8 external/bsd/unbound/dist/daemon/stats.h up to 1.1.1.3 external/bsd/unbound/dist/daemon/unbound.c up to 1.1.1.7 external/bsd/unbound/dist/daemon/worker.c up to 1.1.1.8 external/bsd/unbound/dist/daemon/worker.h up to 1.1.1.3 external/bsd/unbound/dist/dns64/dns64.c up to 1.1.1.7 external/bsd/unbound/dist/dnscrypt/dnscrypt.c up to 1.1.1.5 external/bsd/unbound/dist/dnscrypt/dnscrypt.h up to 1.1.1.3 external/bsd/unbound/dist/dnscrypt/dnscrypt.m4 up to 1.1.1.3 external/bsd/unbound/dist/dnstap/dnstap.c up to 1.1.1.6 external/bsd/unbound/dist/dnstap/dnstap.h up to 1.1.1.4 external/bsd/unbound/dist/dnstap/dnstap.m4 up to 1.1.1.3 external/bsd/unbound/dist/doc/Changelog up to 1.1.1.8 external/bsd/unbound/dist/doc/FEATURES up to 1.1.1.2 external/bsd/unbound/dist/doc/README up to 1.1.1.8 external/bsd/unbound/dist/doc/README.DNS64 up to 1.1.1.2 external/bsd/unbound/dist/doc/README.tests up to 1.1.1.2 external/bsd/unbound/dist/doc/TODO up to 1.1.1.3 external/bsd/unbound/dist/doc/example.conf.in up to 1.1.1.8 external/bsd/unbound/dist/doc/libunbound.3.in up to 1.1.1.8 external/bsd/unbound/dist/doc/unbound-anchor.8.in up to 1.1.1.8 external/bsd/unbound/dist/doc/unbound-checkconf.8.in up to 1.1.1.8 external/bsd/unbound/dist/doc/unbound-control.8.in up to 1.1.1.8 external/bsd/unbound/dist/doc/unbound-host.1.in up to 1.1.1.8 external/bsd/unbound/dist/doc/unbound.8.in up to 1.1.1.8 external/bsd/unbound/dist/doc/unbound.conf.5.in up to 1.1.1.8 external/bsd/unbound/dist/doc/unbound.doxygen up to 1.1.1.6 external/bsd/unbound/dist/edns-subnet/addrtree.c up to 1.1.1.4 external/bsd/unbound/dist/edns-subnet/addrtree.h up to 1.1.1.3 external/bsd/unbound/dist/edns-subnet/edns-subnet.h up to 1.1.1.2 external/bsd/unbound/dist/edns-subnet/subnetmod.c up to 1.1.1.7 external/bsd/unbound/dist/edns-subnet/subnetmod.h up to 1.1.1.5 external/bsd/unbound/dist/ipsecmod/ipsecmod.c up to 1.1.1.4 external/bsd/unbound/dist/ipsecmod/ipsecmod.h up to 1.1.1.2 external/bsd/unbound/dist/ipset/ipset.c up to 1.1.1.3 external/bsd/unbound/dist/iterator/iter_delegpt.c up to 1.1.1.6 external/bsd/unbound/dist/iterator/iter_delegpt.h up to 1.1.1.7 external/bsd/unbound/dist/iterator/iter_fwd.c up to 1.1.1.5 external/bsd/unbound/dist/iterator/iter_hints.c up to 1.1.1.6 external/bsd/unbound/dist/iterator/iter_priv.c up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_resptype.c up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_resptype.h up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_scrub.c up to 1.1.1.8 external/bsd/unbound/dist/iterator/iter_scrub.h up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_utils.c up to 1.1.1.8 external/bsd/unbound/dist/iterator/iter_utils.h up to 1.1.1.7 external/bsd/unbound/dist/iterator/iterator.c up to 1.1.1.8 external/bsd/unbound/dist/iterator/iterator.h up to 1.1.1.7 external/bsd/unbound/dist/libunbound/context.c up to 1.1.1.8 external/bsd/unbound/dist/libunbound/context.h up to 1.1.1.6 external/bsd/unbound/dist/libunbound/libunbound.c up to 1.1.1.8 external/bsd/unbound/dist/libunbound/libworker.c up to 1.1.1.8 external/bsd/unbound/dist/libunbound/unbound-event.h up to 1.1.1.5 external/bsd/unbound/dist/libunbound/unbound.h up to 1.5 external/bsd/unbound/dist/libunbound/worker.h up to 1.1.1.5 external/bsd/unbound/dist/libunbound/python/libunbound.i up to 1.1.1.5 external/bsd/unbound/dist/libunbound/python/doc/examples/example4.rst up to 1.1.1.3 external/bsd/unbound/dist/pythonmod/interface.i up to 1.1.1.8 external/bsd/unbound/dist/pythonmod/pythonmod.c up to 1.1.1.6 external/bsd/unbound/dist/pythonmod/pythonmod.h up to 1.1.1.5 external/bsd/unbound/dist/pythonmod/pythonmod_utils.c up to 1.1.1.5 external/bsd/unbound/dist/pythonmod/pythonmod_utils.h up to 1.1.1.3 external/bsd/unbound/dist/pythonmod/ubmodule-msg.py up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/ubmodule-tst.py up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/usecase.rst up to 1.1.1.3 external/bsd/unbound/dist/pythonmod/doc/examples/example0-1.py up to 1.1.1.4 external/bsd/unbound/dist/pythonmod/doc/examples/example0.rst up to 1.1.1.4 external/bsd/unbound/dist/pythonmod/doc/examples/example5.rst up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/examples/example6.rst up to 1.1.1.3 external/bsd/unbound/dist/pythonmod/doc/modules/config.rst up to 1.1.1.3 external/bsd/unbound/dist/pythonmod/doc/modules/env.rst up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/modules/functions.rst up to 1.1.1.5 external/bsd/unbound/dist/pythonmod/doc/modules/struct.rst up to 1.1.1.4 external/bsd/unbound/dist/pythonmod/examples/avahi-resolver.py up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/examples/edns.py up to 1.1.1.4 external/bsd/unbound/dist/pythonmod/examples/inplace_callbacks.py up to 1.1.1.6 external/bsd/unbound/dist/pythonmod/examples/log.py up to 1.1.1.2 external/bsd/unbound/dist/respip/respip.c up to 1.1.1.6 external/bsd/unbound/dist/respip/respip.h up to 1.1.1.4 external/bsd/unbound/dist/services/authzone.c up to 1.3 external/bsd/unbound/dist/services/authzone.h up to 1.1.1.6 external/bsd/unbound/dist/services/listen_dnsport.c up to 1.1.1.8 external/bsd/unbound/dist/services/listen_dnsport.h up to 1.1.1.6 external/bsd/unbound/dist/services/localzone.c up to 1.1.1.8 external/bsd/unbound/dist/services/localzone.h up to 1.1.1.7 external/bsd/unbound/dist/services/mesh.c up to 1.1.1.8 external/bsd/unbound/dist/services/mesh.h up to 1.1.1.6 external/bsd/unbound/dist/services/modstack.c up to 1.1.1.7 external/bsd/unbound/dist/services/outbound_list.h up to 1.1.1.2 external/bsd/unbound/dist/services/outside_network.c up to 1.1.1.8 external/bsd/unbound/dist/services/outside_network.h up to 1.1.1.8 external/bsd/unbound/dist/services/view.c up to 1.1.1.3 external/bsd/unbound/dist/services/cache/dns.c up to 1.1.1.8 external/bsd/unbound/dist/services/cache/dns.h up to 1.1.1.7 external/bsd/unbound/dist/services/cache/infra.c up to 1.1.1.7 external/bsd/unbound/dist/services/cache/infra.h up to 1.1.1.6 external/bsd/unbound/dist/services/cache/rrset.c up to 1.1.1.5 external/bsd/unbound/dist/services/cache/rrset.h up to 1.1.1.4 external/bsd/unbound/dist/sldns/keyraw.c up to 1.1.1.4 external/bsd/unbound/dist/sldns/keyraw.h up to 1.1.1.4 external/bsd/unbound/dist/sldns/parse.c up to 1.1.1.5 external/bsd/unbound/dist/sldns/parse.h up to 1.1.1.3 external/bsd/unbound/dist/sldns/parseutil.c up to 1.1.1.4 external/bsd/unbound/dist/sldns/parseutil.h up to 1.1.1.4 external/bsd/unbound/dist/sldns/pkthdr.h up to 1.1.1.2 external/bsd/unbound/dist/sldns/rrdef.c up to 1.1.1.6 external/bsd/unbound/dist/sldns/rrdef.h up to 1.1.1.6 external/bsd/unbound/dist/sldns/sbuffer.h up to 1.1.1.5 external/bsd/unbound/dist/sldns/str2wire.c up to 1.1.1.7 external/bsd/unbound/dist/sldns/str2wire.h up to 1.1.1.5 external/bsd/unbound/dist/sldns/wire2str.c up to 1.1.1.7 external/bsd/unbound/dist/sldns/wire2str.h up to 1.1.1.6 external/bsd/unbound/dist/smallapp/unbound-anchor.c up to 1.1.1.7 external/bsd/unbound/dist/smallapp/unbound-checkconf.c up to 1.1.1.8 external/bsd/unbound/dist/smallapp/unbound-control-setup.sh.in up to 1.1.1.3 external/bsd/unbound/dist/smallapp/unbound-control.c up to 1.1.1.8 external/bsd/unbound/dist/smallapp/unbound-host.c up to 1.1.1.7 external/bsd/unbound/dist/smallapp/worker_cb.c up to 1.1.1.6 external/bsd/unbound/dist/testcode/asynclook.c up to 1.1.1.6 external/bsd/unbound/dist/testcode/delayer.c up to 1.1.1.6 external/bsd/unbound/dist/testcode/do-tests.sh up to 1.1.1.5 external/bsd/unbound/dist/testcode/fake_event.c up to 1.1.1.8 external/bsd/unbound/dist/testcode/lock_verify.c up to 1.1.1.4 external/bsd/unbound/dist/testcode/mini_tdir.sh up to 1.1.1.4 external/bsd/unbound/dist/testcode/perf.c up to 1.1.1.7 external/bsd/unbound/dist/testcode/petal.c up to 1.1.1.6 external/bsd/unbound/dist/testcode/replay.c up to 1.1.1.6 external/bsd/unbound/dist/testcode/replay.h up to 1.1.1.6 external/bsd/unbound/dist/testcode/run_vm.sh up to 1.1.1.3 external/bsd/unbound/dist/testcode/streamtcp.1 up to 1.1.1.3 external/bsd/unbound/dist/testcode/streamtcp.c up to 1.1.1.8 external/bsd/unbound/dist/testcode/testbound.c up to 1.1.1.7 external/bsd/unbound/dist/testcode/testpkts.c up to 1.1.1.8 external/bsd/unbound/dist/testcode/testpkts.h up to 1.1.1.5 external/bsd/unbound/dist/testcode/unitauth.c up to 1.1.1.5 external/bsd/unbound/dist/testcode/unitdname.c up to 1.1.1.2 external/bsd/unbound/dist/testcode/unitecs.c up to 1.1.1.3 external/bsd/unbound/dist/testcode/unitldns.c up to 1.1.1.4 external/bsd/unbound/dist/testcode/unitlruhash.c up to 1.1.1.3 external/bsd/unbound/dist/testcode/unitmain.c up to 1.1.1.8 external/bsd/unbound/dist/testcode/unitmain.h up to 1.1.1.3 external/bsd/unbound/dist/testcode/unitmsgparse.c up to 1.1.1.4 external/bsd/unbound/dist/testcode/unitverify.c up to 1.1.1.6 external/bsd/unbound/dist/testdata/auth_xfr_host.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/auth_xfr_ixfrmismatch.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/auth_zonefile_dnssec.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/auth_zonefile_dnssec_fail.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/auth_zonefile_down.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/autotrust_10key.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/autotrust_init_fail.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/autotrust_init_failsig.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/autotrust_probefail.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/autotrust_probefailsig.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/autotrust_revtp.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/autotrust_revtp_read.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/autotrust_revtp_use.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/black_data.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/black_ds_entry.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/black_key_entry.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/black_prime.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/black_prime_entry.rpl up to 1.1.1.6 external/bsd/unbound/dist/testdata/common.sh up to 1.1.1.4 external/bsd/unbound/dist/testdata/dns64_lookup.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/edns_keepalive.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/fetch_glue.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/fetch_glue_cname.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/fwd.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_0ttlservfail.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_any.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_error.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_timeout.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_dnsseclame_bug.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_dnsseclame_ds.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_dnsseclame_ta.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_donotq127.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/iter_emptydp.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/iter_emptydp_for_glue.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/iter_lame_aaaa.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_lame_noaa.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_lame_nosoa.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/iter_lamescrub.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/iter_ns_badip.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_pcnamech.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/iter_pcnamechrec.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/iter_prefetch_change.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/iter_primenoglue.rpl up to 1.1.1.6 external/bsd/unbound/dist/testdata/iter_privaddr.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_ranoaa_lame.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_reclame_one.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_reclame_two.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_recurse.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/iter_scrub_dname_rev.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/iter_scrub_dname_sec.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/iter_scrub_ns.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_scrub_ns_fwd.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_scrub_ns_side.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_stublastresort.rpl up to 1.1.1.2 external/bsd/unbound/dist/testdata/localdata.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/root_key_sentinel.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/rrset_updated.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/subnet_cached.crpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/subnet_derived.crpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/subnet_format_ip4.crpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/subnet_not_whitelisted.crpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/subnet_val_positive.crpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/subnet_val_positive_client.crpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/subnet_without_validator.crpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/test_ldnsrr.5 up to 1.1.1.3 external/bsd/unbound/dist/testdata/test_ldnsrr.c5 up to 1.1.1.3 external/bsd/unbound/dist/testdata/ttl_msg.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/val_any.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_any_dname.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_cnametocloser_nosig.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_cnametocnamewctoposwc.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_cnametoinsecure.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/val_cnametonodata_nonsec.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_cnametooptout.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/val_cnametoposnowc.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_deleg_nons.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_dnamewc.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_ds_cname.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_faildnskey.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_faildnskey_ok.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_keyprefetch_verify.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_nodata_failsig.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_nodata_failwc.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/val_nokeyprime.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_b1_nameerror_nowc.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_nsec3_b2_nodata_nons.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_b3_optout.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_nsec3_b3_optout_negcache.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_nsec3_b3_optout_noce.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_b3_optout_nonc.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_b4_wild.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_b4_wild_wr.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_b5_wcnodata.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_b5_wcnodata_noce.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_b5_wcnodata_nonc.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_b5_wcnodata_nowc.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_cnametocnamewctoposwc.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_entnodata_optout_badopt.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nsec3_nods_badsig.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_nsec3_optout_cache.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/val_nsec3_wcany.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_nx_failwc.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/val_nx_nsec3_collision.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_nx_overreach.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_positive_nosigs.rpl up to 1.1.1.3 external/bsd/unbound/dist/testdata/val_refer_unsignadd.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_referglue.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_secds_nosig.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_stub_noroot.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/val_ta_algo_missing.rpl up to 1.1.1.5 external/bsd/unbound/dist/testdata/val_twocname.rpl up to 1.1.1.4 external/bsd/unbound/dist/testdata/00-lint.tdir/00-lint.dsc up to 1.1.1.2 external/bsd/unbound/dist/testdata/01-doc.tdir/01-doc.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/03-testbound.tdir/03-testbound.test up to 1.1.1.3 external/bsd/unbound/dist/testdata/04-checkconf.tdir/04-checkconf.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.badfwd up to 1.1.1.2 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.user up to 1.1.1.2 external/bsd/unbound/dist/testdata/04-checkconf.tdir/good.all up to 1.1.1.2 external/bsd/unbound/dist/testdata/07-confroot.tdir/07-confroot.dsc up to 1.1.1.2 external/bsd/unbound/dist/testdata/07-confroot.tdir/07-confroot.test up to 1.1.1.3 external/bsd/unbound/dist/testdata/08-host-lib.tdir/08-host-lib.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/08-host-lib.tdir/08-host-lib.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.conf up to 1.1.1.2 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/bad_control.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/bad_control.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/bad_server.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/bad_server.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/unbound_control.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/unbound_control.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/unbound_server.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/unbound_server.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/test_cert.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/unbound-control-setup up to 1.1.1.3 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/unbound_control.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/unbound_control.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/unbound_server.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/unbound_server.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/auth_https.tdir/auth_https.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/clang-analysis.tdir/clang-analysis.dsc up to 1.1.1.2 external/bsd/unbound/dist/testdata/clang-analysis.tdir/clang-analysis.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/unbound_control.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/unbound_control.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/unbound_server.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/unbound_server.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/unbound_control.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/unbound_control.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/unbound_server.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/unbound_server.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/dnscrypt_cert.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/dnscrypt_cert.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/dnscrypt_cert.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.post up to 1.1.1.3 external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/unbound_control.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/unbound_control.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/unbound_server.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/unbound_server.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.conf up to 1.1.1.3 external/bsd/unbound/dist/testdata/fwd_oneport.tdir/fwd_oneport.conf up to 1.1.1.2 external/bsd/unbound/dist/testdata/fwd_zero.tdir/fwd_zero.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/nss_compile.tdir/nss_compile.dsc up to 1.1.1.2 external/bsd/unbound/dist/testdata/nss_compile.tdir/nss_compile.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.lookup.conf up to 1.1.1.2 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.lookup.py up to 1.1.1.3 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.post up to 1.1.1.3 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.pre up to 1.1.1.3 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.test up to 1.1.1.4 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.testns up to 1.1.1.2 external/bsd/unbound/dist/testdata/pymod.tdir/pymod.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/pymod.tdir/pymod.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/pymod.tdir/pymod.py up to 1.1.1.3 external/bsd/unbound/dist/testdata/pymod.tdir/pymod.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.post up to 1.1.1.2 external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.pre up to 1.1.1.2 external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.py up to 1.1.1.3 external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_control.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_control.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_server.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_server.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/root_anchor.tdir/root_anchor.dsc up to 1.1.1.2 external/bsd/unbound/dist/testdata/root_anchor.tdir/root_anchor.test up to 1.1.1.3 external/bsd/unbound/dist/testdata/root_hints.tdir/root_hints.dsc up to 1.1.1.2 external/bsd/unbound/dist/testdata/root_hints.tdir/root_hints.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/speed_local.tdir/speed_local.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/ssl_req_order.tdir/ssl_req_order.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/ssl_req_order.tdir/unbound_server.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/ssl_req_order.tdir/unbound_server.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/ssl_req_timeout.tdir/ssl_req_timeout.test up to 1.1.1.2 external/bsd/unbound/dist/testdata/ssl_req_timeout.tdir/unbound_server.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/ssl_req_timeout.tdir/unbound_server.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/stream_ssl.tdir/stream_ssl.clie.conf up to 1.1.1.3 external/bsd/unbound/dist/testdata/stream_ssl.tdir/stream_ssl.serv.conf up to 1.1.1.4 external/bsd/unbound/dist/testdata/stream_ssl.tdir/stream_ssl.test up to 1.1.1.3 external/bsd/unbound/dist/testdata/stream_ssl.tdir/unbound_control.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/stream_ssl.tdir/unbound_control.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/stream_ssl.tdir/unbound_server.key up to 1.1.1.2 external/bsd/unbound/dist/testdata/stream_ssl.tdir/unbound_server.pem up to 1.1.1.2 external/bsd/unbound/dist/testdata/tcp_req_size.tdir/tcp_req_size.test up to 1.1.1.2 external/bsd/unbound/dist/util/config_file.c up to 1.1.1.8 external/bsd/unbound/dist/util/config_file.h up to 1.1.1.8 external/bsd/unbound/dist/util/configlexer.c up to 1.1.1.8 external/bsd/unbound/dist/util/configlexer.lex up to 1.1.1.8 external/bsd/unbound/dist/util/configparser.c up to 1.1.1.8 external/bsd/unbound/dist/util/configparser.h up to 1.1.1.8 external/bsd/unbound/dist/util/configparser.y up to 1.1.1.8 external/bsd/unbound/dist/util/configyyrename.h up to 1.1.1.2 external/bsd/unbound/dist/util/edns.c up to 1.1.1.4 external/bsd/unbound/dist/util/edns.h up to 1.1.1.4 external/bsd/unbound/dist/util/fptr_wlist.c up to 1.1.1.8 external/bsd/unbound/dist/util/fptr_wlist.h up to 1.1.1.5 external/bsd/unbound/dist/util/iana_ports.inc up to 1.1.1.8 external/bsd/unbound/dist/util/log.c up to 1.1.1.7 external/bsd/unbound/dist/util/log.h up to 1.1.1.4 external/bsd/unbound/dist/util/mini_event.c up to 1.5 external/bsd/unbound/dist/util/mini_event.h up to 1.1.1.3 external/bsd/unbound/dist/util/module.c up to 1.1.1.5 external/bsd/unbound/dist/util/module.h up to 1.1.1.7 external/bsd/unbound/dist/util/net_help.c up to 1.1.1.8 external/bsd/unbound/dist/util/net_help.h up to 1.1.1.8 external/bsd/unbound/dist/util/netevent.c up to 1.6 external/bsd/unbound/dist/util/netevent.h up to 1.1.1.7 external/bsd/unbound/dist/util/random.c up to 1.1.1.3 external/bsd/unbound/dist/util/regional.c up to 1.1.1.5 external/bsd/unbound/dist/util/regional.h up to 1.1.1.2 external/bsd/unbound/dist/util/rtt.c up to 1.1.1.3 external/bsd/unbound/dist/util/rtt.h up to 1.1.1.2 external/bsd/unbound/dist/util/timehist.c up to 1.1.1.3 external/bsd/unbound/dist/util/tube.c up to 1.1.1.5 external/bsd/unbound/dist/util/tube.h up to 1.1.1.3 external/bsd/unbound/dist/util/ub_event.c up to 1.1.1.6 external/bsd/unbound/dist/util/ub_event_pluggable.c up to 1.1.1.4 external/bsd/unbound/dist/util/data/dname.c up to 1.1.1.5 external/bsd/unbound/dist/util/data/dname.h up to 1.1.1.5 external/bsd/unbound/dist/util/data/msgencode.c up to 1.1.1.7 external/bsd/unbound/dist/util/data/msgencode.h up to 1.1.1.3 external/bsd/unbound/dist/util/data/msgparse.c up to 1.1.1.7 external/bsd/unbound/dist/util/data/msgparse.h up to 1.1.1.6 external/bsd/unbound/dist/util/data/msgreply.c up to 1.1.1.8 external/bsd/unbound/dist/util/data/msgreply.h up to 1.1.1.8 external/bsd/unbound/dist/util/data/packed_rrset.c up to 1.1.1.4 external/bsd/unbound/dist/util/data/packed_rrset.h up to 1.1.1.5 external/bsd/unbound/dist/util/shm_side/shm_main.c up to 1.1.1.4 external/bsd/unbound/dist/util/storage/dnstree.c up to 1.1.1.4 external/bsd/unbound/dist/util/storage/dnstree.h up to 1.1.1.4 external/bsd/unbound/dist/util/storage/lookup3.c up to 1.1.1.4 external/bsd/unbound/dist/util/storage/lruhash.c up to 1.1.1.4 external/bsd/unbound/dist/util/storage/lruhash.h up to 1.1.1.3 external/bsd/unbound/dist/util/storage/slabhash.c up to 1.1.1.4 external/bsd/unbound/dist/util/storage/slabhash.h up to 1.1.1.4 external/bsd/unbound/dist/validator/autotrust.c up to 1.1.1.7 external/bsd/unbound/dist/validator/val_anchor.c up to 1.1.1.7 external/bsd/unbound/dist/validator/val_anchor.h up to 1.1.1.5 external/bsd/unbound/dist/validator/val_kcache.c up to 1.1.1.4 external/bsd/unbound/dist/validator/val_kcache.h up to 1.1.1.2 external/bsd/unbound/dist/validator/val_kentry.c up to 1.1.1.3 external/bsd/unbound/dist/validator/val_kentry.h up to 1.1.1.3 external/bsd/unbound/dist/validator/val_neg.c up to 1.1.1.6 external/bsd/unbound/dist/validator/val_neg.h up to 1.1.1.4 external/bsd/unbound/dist/validator/val_nsec.c up to 1.1.1.6 external/bsd/unbound/dist/validator/val_nsec.h up to 1.1.1.4 external/bsd/unbound/dist/validator/val_nsec3.c up to 1.1.1.5 external/bsd/unbound/dist/validator/val_nsec3.h up to 1.1.1.4 external/bsd/unbound/dist/validator/val_secalgo.c up to 1.1.1.7 external/bsd/unbound/dist/validator/val_secalgo.h up to 1.1.1.2 external/bsd/unbound/dist/validator/val_sigcrypt.c up to 1.1.1.7 external/bsd/unbound/dist/validator/val_sigcrypt.h up to 1.1.1.4 external/bsd/unbound/dist/validator/val_utils.c up to 1.1.1.5 external/bsd/unbound/dist/validator/val_utils.h up to 1.1.1.5 external/bsd/unbound/dist/validator/validator.c up to 1.1.1.8 external/bsd/unbound/dist/validator/validator.h up to 1.1.1.6 external/bsd/unbound/include/config.h up to 1.12 external/bsd/unbound/lib/libunbound/Makefile up to 1.9 external/bsd/unbound/lib/libunbound/shlib_version up to 1.6 external/bsd/wpa/dist/hostapd/README-MULTI-AP up to 1.1.1.1 external/bsd/wpa/dist/src/ap/airtime_policy.c up to 1.1.1.1 external/bsd/wpa/dist/src/ap/airtime_policy.h up to 1.1.1.1 external/bsd/wpa/dist/src/ap/wpa_auth_kay.c up to 1.1.1.1 external/bsd/wpa/dist/src/ap/wpa_auth_kay.h up to 1.1.1.1 external/bsd/wpa/dist/src/common/dragonfly.c up to 1.1.1.1 external/bsd/wpa/dist/src/common/dragonfly.h up to 1.1.1.1 external/bsd/wpa/dist/src/common/ocv.c up to 1.1.1.1 external/bsd/wpa/dist/src/common/ocv.h up to 1.1.1.1 external/bsd/wpa/dist/src/crypto/sha512.c up to 1.1.1.1 external/bsd/wpa/dist/src/eap_common/eap_teap_common.c up to 1.1.1.1 external/bsd/wpa/dist/src/eap_common/eap_teap_common.h up to 1.1.1.1 external/bsd/wpa/dist/src/eap_peer/eap_teap.c up to 1.1.1.1 external/bsd/wpa/dist/src/eap_peer/eap_teap_pac.c up to 1.1.1.1 external/bsd/wpa/dist/src/eap_peer/eap_teap_pac.h up to 1.1.1.1 external/bsd/wpa/dist/src/eap_server/eap_server_teap.c up to 1.1.1.1 external/bsd/wpa/dist/wpa_supplicant/README-DPP up to 1.1.1.1 external/bsd/wpa/dist/src/crypto/.gitignore delete external/bsd/wpa/dist/src/drivers/.gitignore delete external/bsd/wpa/dist/src/radius/.gitignore delete external/bsd/wpa/dist/src/tls/.gitignore delete external/bsd/wpa/dist/src/utils/.gitignore delete external/bsd/wpa/dist/wpa_supplicant/.gitignore delete external/bsd/wpa/dist/wpa_supplicant/doc/docbook/.gitignore delete external/bsd/wpa/dist/wpa_supplicant/dbus/.gitignore delete external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_old.c delete external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_old.h delete external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_old_handlers.c delete external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_old_handlers.h delete external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_old_handlers_wps.c delete external/bsd/wpa/dist/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in delete external/bsd/wpa/dist/wpa_supplicant/examples/wpas-test.py delete external/bsd/wpa/dist/wpa_supplicant/wpa_gui-qt4/.gitignore delete external/bsd/wpa/dist/wpa_supplicant/wpa_gui-qt4/lang/.gitignore delete external/bsd/wpa/bin/hostapd/Makefile up to 1.17 external/bsd/wpa/bin/wpa_passphrase/Makefile up to 1.6 external/bsd/wpa/bin/wpa_supplicant/Makefile up to 1.11 external/bsd/wpa/bin/wpa_supplicant/wpa_supplicant.8 up to 1.10 external/bsd/wpa/dist/CONTRIBUTIONS up to 1.1.1.5 external/bsd/wpa/dist/COPYING up to 1.1.1.6 external/bsd/wpa/dist/README up to 1.1.1.8 external/bsd/wpa/dist/hostapd/Android.mk up to 1.1.1.7 external/bsd/wpa/dist/hostapd/ChangeLog up to 1.1.1.10 external/bsd/wpa/dist/hostapd/Makefile up to 1.1.1.9 external/bsd/wpa/dist/hostapd/README up to 1.1.1.8 external/bsd/wpa/dist/hostapd/android.config up to 1.1.1.6 external/bsd/wpa/dist/hostapd/config_file.c up to 1.1.1.8 external/bsd/wpa/dist/hostapd/ctrl_iface.c up to 1.1.1.9 external/bsd/wpa/dist/hostapd/defconfig up to 1.1.1.8 external/bsd/wpa/dist/hostapd/eap_register.c up to 1.1.1.5 external/bsd/wpa/dist/hostapd/hostapd.conf up to 1.1.1.9 external/bsd/wpa/dist/hostapd/hostapd.wpa_psk up to 1.1.1.2 external/bsd/wpa/dist/hostapd/hostapd_cli.c up to 1.11 external/bsd/wpa/dist/hostapd/main.c up to 1.6 external/bsd/wpa/dist/hostapd/wps-ap-nfc.py up to 1.1.1.2 external/bsd/wpa/dist/hs20/client/Makefile up to 1.1.1.3 external/bsd/wpa/dist/hs20/client/est.c up to 1.1.1.4 external/bsd/wpa/dist/hs20/client/osu_client.c up to 1.1.1.5 external/bsd/wpa/dist/src/lib.rules up to 1.1.1.3 external/bsd/wpa/dist/src/ap/Makefile up to 1.1.1.5 external/bsd/wpa/dist/src/ap/accounting.c up to 1.1.1.7 external/bsd/wpa/dist/src/ap/acs.c up to 1.1.1.5 external/bsd/wpa/dist/src/ap/ap_config.c up to 1.1.1.9 external/bsd/wpa/dist/src/ap/ap_config.h up to 1.1.1.8 external/bsd/wpa/dist/src/ap/ap_drv_ops.c up to 1.6 external/bsd/wpa/dist/src/ap/ap_drv_ops.h up to 1.1.1.8 external/bsd/wpa/dist/src/ap/authsrv.c up to 1.1.1.8 external/bsd/wpa/dist/src/ap/beacon.c up to 1.1.1.9 external/bsd/wpa/dist/src/ap/ctrl_iface_ap.c up to 1.1.1.8 external/bsd/wpa/dist/src/ap/dfs.c up to 1.1.1.5 external/bsd/wpa/dist/src/ap/dhcp_snoop.c up to 1.1.1.4 external/bsd/wpa/dist/src/ap/dpp_hostapd.c up to 1.1.1.2 external/bsd/wpa/dist/src/ap/dpp_hostapd.h up to 1.1.1.2 external/bsd/wpa/dist/src/ap/drv_callbacks.c up to 1.6 external/bsd/wpa/dist/src/ap/eap_user_db.c up to 1.1.1.5 external/bsd/wpa/dist/src/ap/fils_hlp.c up to 1.1.1.2 external/bsd/wpa/dist/src/ap/gas_serv.c up to 1.1.1.6 external/bsd/wpa/dist/src/ap/gas_serv.h up to 1.1.1.5 external/bsd/wpa/dist/src/ap/hostapd.c up to 1.5 external/bsd/wpa/dist/src/ap/hostapd.h up to 1.5 external/bsd/wpa/dist/src/ap/hs20.c up to 1.1.1.4 external/bsd/wpa/dist/src/ap/hw_features.c up to 1.1.1.8 external/bsd/wpa/dist/src/ap/ieee802_11.c up to 1.5 external/bsd/wpa/dist/src/ap/ieee802_11.h up to 1.1.1.9 external/bsd/wpa/dist/src/ap/ieee802_11_auth.c up to 1.1.1.7 external/bsd/wpa/dist/src/ap/ieee802_11_he.c up to 1.1.1.2 external/bsd/wpa/dist/src/ap/ieee802_11_shared.c up to 1.1.1.7 external/bsd/wpa/dist/src/ap/ieee802_11_vht.c up to 1.1.1.6 external/bsd/wpa/dist/src/ap/ieee802_1x.c up to 1.1.1.9 external/bsd/wpa/dist/src/ap/ieee802_1x.h up to 1.1.1.6 external/bsd/wpa/dist/src/ap/neighbor_db.c up to 1.1.1.3 external/bsd/wpa/dist/src/ap/neighbor_db.h up to 1.1.1.3 external/bsd/wpa/dist/src/ap/rrm.c up to 1.1.1.3 external/bsd/wpa/dist/src/ap/sta_info.c up to 1.1.1.8 external/bsd/wpa/dist/src/ap/sta_info.h up to 1.1.1.8 external/bsd/wpa/dist/src/ap/vlan_full.c up to 1.1.1.2 external/bsd/wpa/dist/src/ap/vlan_init.c up to 1.1.1.8 external/bsd/wpa/dist/src/ap/wmm.c up to 1.4 external/bsd/wpa/dist/src/ap/wnm_ap.c up to 1.1.1.6 external/bsd/wpa/dist/src/ap/wpa_auth.c up to 1.12 external/bsd/wpa/dist/src/ap/wpa_auth.h up to 1.4 external/bsd/wpa/dist/src/ap/wpa_auth_ft.c up to 1.4 external/bsd/wpa/dist/src/ap/wpa_auth_glue.c up to 1.1.1.9 external/bsd/wpa/dist/src/ap/wpa_auth_i.h up to 1.4 external/bsd/wpa/dist/src/ap/wpa_auth_ie.c up to 1.1.1.8 external/bsd/wpa/dist/src/ap/wpa_auth_ie.h up to 1.1.1.5 external/bsd/wpa/dist/src/ap/wps_hostapd.c up to 1.1.1.9 external/bsd/wpa/dist/src/common/common_module_tests.c up to 1.1.1.4 external/bsd/wpa/dist/src/common/defs.h up to 1.1.1.8 external/bsd/wpa/dist/src/common/dpp.c up to 1.2 external/bsd/wpa/dist/src/common/dpp.h up to 1.1.1.2 external/bsd/wpa/dist/src/common/hw_features_common.c up to 1.1.1.4 external/bsd/wpa/dist/src/common/hw_features_common.h up to 1.1.1.4 external/bsd/wpa/dist/src/common/ieee802_11_common.c up to 1.1.1.8 external/bsd/wpa/dist/src/common/ieee802_11_common.h up to 1.1.1.8 external/bsd/wpa/dist/src/common/ieee802_11_defs.h up to 1.1.1.8 external/bsd/wpa/dist/src/common/linux_bridge.h up to 1.1.1.2 external/bsd/wpa/dist/src/common/qca-vendor.h up to 1.1.1.5 external/bsd/wpa/dist/src/common/sae.c up to 1.10 external/bsd/wpa/dist/src/common/sae.h up to 1.1.1.5 external/bsd/wpa/dist/src/common/version.h up to 1.1.1.10 external/bsd/wpa/dist/src/common/wpa_common.c up to 1.1.1.8 external/bsd/wpa/dist/src/common/wpa_common.h up to 1.5 external/bsd/wpa/dist/src/common/wpa_ctrl.c up to 1.1.1.7 external/bsd/wpa/dist/src/common/wpa_ctrl.h up to 1.1.1.9 external/bsd/wpa/dist/src/crypto/Makefile up to 1.1.1.8 external/bsd/wpa/dist/src/crypto/aes-internal-enc.c up to 1.1.1.4 external/bsd/wpa/dist/src/crypto/aes_i.h up to 1.1.1.3 external/bsd/wpa/dist/src/crypto/crypto.h up to 1.1.1.6 external/bsd/wpa/dist/src/crypto/crypto_gnutls.c up to 1.1.1.4 external/bsd/wpa/dist/src/crypto/crypto_internal-modexp.c up to 1.1.1.4 external/bsd/wpa/dist/src/crypto/crypto_internal.c up to 1.1.1.5 external/bsd/wpa/dist/src/crypto/crypto_libtomcrypt.c up to 1.1.1.4 external/bsd/wpa/dist/src/crypto/crypto_linux.c up to 1.1.1.2 external/bsd/wpa/dist/src/crypto/crypto_nettle.c up to 1.1.1.2 external/bsd/wpa/dist/src/crypto/crypto_openssl.c up to 1.5 external/bsd/wpa/dist/src/crypto/crypto_wolfssl.c up to 1.1.1.2 external/bsd/wpa/dist/src/crypto/dh_groups.c up to 1.1.1.8 external/bsd/wpa/dist/src/crypto/md4-internal.c up to 1.1.1.4 external/bsd/wpa/dist/src/crypto/random.c up to 1.1.1.6 external/bsd/wpa/dist/src/crypto/sha1-internal.c up to 1.1.1.6 external/bsd/wpa/dist/src/crypto/sha1-prf.c up to 1.1.1.3 external/bsd/wpa/dist/src/crypto/sha1-tlsprf.c up to 1.1.1.4 external/bsd/wpa/dist/src/crypto/sha1-tprf.c up to 1.1.1.4 external/bsd/wpa/dist/src/crypto/sha1.c up to 1.1.1.4 external/bsd/wpa/dist/src/crypto/sha256-kdf.c up to 1.1.1.4 external/bsd/wpa/dist/src/crypto/sha256-prf.c up to 1.1.1.5 external/bsd/wpa/dist/src/crypto/sha256-tlsprf.c up to 1.1.1.2 external/bsd/wpa/dist/src/crypto/sha256.h up to 1.1.1.6 external/bsd/wpa/dist/src/crypto/sha384-kdf.c up to 1.1.1.2 external/bsd/wpa/dist/src/crypto/sha384-prf.c up to 1.1.1.3 external/bsd/wpa/dist/src/crypto/sha512-internal.c up to 1.1.1.2 external/bsd/wpa/dist/src/crypto/sha512-kdf.c up to 1.1.1.2 external/bsd/wpa/dist/src/crypto/sha512-prf.c up to 1.1.1.2 external/bsd/wpa/dist/src/crypto/tls.h up to 1.1.1.8 external/bsd/wpa/dist/src/crypto/tls_gnutls.c up to 1.1.1.8 external/bsd/wpa/dist/src/crypto/tls_internal.c up to 1.1.1.8 external/bsd/wpa/dist/src/crypto/tls_none.c up to 1.1.1.7 external/bsd/wpa/dist/src/crypto/tls_openssl.c up to 1.1.1.9 external/bsd/wpa/dist/src/crypto/tls_wolfssl.c up to 1.1.1.2 external/bsd/wpa/dist/src/drivers/driver.h up to 1.5 external/bsd/wpa/dist/src/drivers/driver_atheros.c up to 1.1.1.9 external/bsd/wpa/dist/src/drivers/driver_bsd.c up to 1.39 external/bsd/wpa/dist/src/drivers/driver_common.c up to 1.1.1.7 external/bsd/wpa/dist/src/drivers/driver_hostap.c up to 1.1.1.7 external/bsd/wpa/dist/src/drivers/driver_macsec_linux.c up to 1.1.1.2 external/bsd/wpa/dist/src/drivers/driver_macsec_qca.c up to 1.1.1.5 external/bsd/wpa/dist/src/drivers/driver_ndis.c up to 1.1.1.7 external/bsd/wpa/dist/src/drivers/driver_nl80211.c up to 1.1.1.9 external/bsd/wpa/dist/src/drivers/driver_nl80211.h up to 1.1.1.4 external/bsd/wpa/dist/src/drivers/driver_nl80211_capa.c up to 1.1.1.4 external/bsd/wpa/dist/src/drivers/driver_nl80211_event.c up to 1.1.1.4 external/bsd/wpa/dist/src/drivers/driver_nl80211_scan.c up to 1.1.1.4 external/bsd/wpa/dist/src/drivers/driver_openbsd.c up to 1.1.1.2 external/bsd/wpa/dist/src/drivers/driver_privsep.c up to 1.1.1.6 external/bsd/wpa/dist/src/drivers/driver_roboswitch.c up to 1.1.1.7 external/bsd/wpa/dist/src/drivers/driver_wext.c up to 1.1.1.8 external/bsd/wpa/dist/src/drivers/drivers.mak up to 1.1.1.8 external/bsd/wpa/dist/src/drivers/drivers.mk up to 1.1.1.7 external/bsd/wpa/dist/src/drivers/linux_ioctl.c up to 1.1.1.6 external/bsd/wpa/dist/src/drivers/nl80211_copy.h up to 1.1.1.8 external/bsd/wpa/dist/src/eap_common/eap_defs.h up to 1.1.1.7 external/bsd/wpa/dist/src/eap_common/eap_eke_common.c up to 1.1.1.4 external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c up to 1.6 external/bsd/wpa/dist/src/eap_common/eap_pwd_common.h up to 1.3 external/bsd/wpa/dist/src/eap_common/eap_sake_common.c up to 1.1.1.4 external/bsd/wpa/dist/src/eap_common/eap_sake_common.h up to 1.1.1.3 external/bsd/wpa/dist/src/eap_common/eap_sim_common.c up to 1.1.1.6 external/bsd/wpa/dist/src/eap_common/eap_sim_common.h up to 1.1.1.4 external/bsd/wpa/dist/src/eap_peer/eap.c up to 1.1.1.9 external/bsd/wpa/dist/src/eap_peer/eap.h up to 1.1.1.8 external/bsd/wpa/dist/src/eap_peer/eap_aka.c up to 1.1.1.8 external/bsd/wpa/dist/src/eap_peer/eap_config.h up to 1.2 external/bsd/wpa/dist/src/eap_peer/eap_eke.c up to 1.1.1.4 external/bsd/wpa/dist/src/eap_peer/eap_fast.c up to 1.1.1.8 external/bsd/wpa/dist/src/eap_peer/eap_leap.c up to 1.1.1.7 external/bsd/wpa/dist/src/eap_peer/eap_methods.h up to 1.1.1.6 external/bsd/wpa/dist/src/eap_peer/eap_mschapv2.c up to 1.1.1.8 external/bsd/wpa/dist/src/eap_peer/eap_peap.c up to 1.2 external/bsd/wpa/dist/src/eap_peer/eap_pwd.c up to 1.9 external/bsd/wpa/dist/src/eap_peer/eap_sake.c up to 1.1.1.7 external/bsd/wpa/dist/src/eap_peer/eap_sim.c up to 1.1.1.8 external/bsd/wpa/dist/src/eap_peer/eap_tls.c up to 1.1.1.6 external/bsd/wpa/dist/src/eap_peer/eap_tls_common.c up to 1.2 external/bsd/wpa/dist/src/eap_peer/eap_tls_common.h up to 1.2 external/bsd/wpa/dist/src/eap_peer/eap_ttls.c up to 1.1.1.8 external/bsd/wpa/dist/src/eap_peer/eap_wsc.c up to 1.1.1.8 external/bsd/wpa/dist/src/eap_server/eap.h up to 1.1.1.8 external/bsd/wpa/dist/src/eap_server/eap_i.h up to 1.1.1.8 external/bsd/wpa/dist/src/eap_server/eap_methods.h up to 1.1.1.6 external/bsd/wpa/dist/src/eap_server/eap_server.c up to 1.5 external/bsd/wpa/dist/src/eap_server/eap_server_aka.c up to 1.1.1.9 external/bsd/wpa/dist/src/eap_server/eap_server_gpsk.c up to 1.1.1.8 external/bsd/wpa/dist/src/eap_server/eap_server_mschapv2.c up to 1.1.1.8 external/bsd/wpa/dist/src/eap_server/eap_server_pax.c up to 1.1.1.8 external/bsd/wpa/dist/src/eap_server/eap_server_peap.c up to 1.1.1.7 external/bsd/wpa/dist/src/eap_server/eap_server_pwd.c up to 1.9 external/bsd/wpa/dist/src/eap_server/eap_server_sake.c up to 1.1.1.8 external/bsd/wpa/dist/src/eap_server/eap_server_sim.c up to 1.1.1.9 external/bsd/wpa/dist/src/eap_server/eap_server_tls.c up to 1.1.1.7 external/bsd/wpa/dist/src/eap_server/eap_server_tls_common.c up to 1.9 external/bsd/wpa/dist/src/eap_server/eap_server_ttls.c up to 1.1.1.9 external/bsd/wpa/dist/src/eap_server/eap_tls_common.h up to 1.1.1.7 external/bsd/wpa/dist/src/eapol_auth/eapol_auth_sm.c up to 1.1.1.8 external/bsd/wpa/dist/src/eapol_auth/eapol_auth_sm.h up to 1.1.1.8 external/bsd/wpa/dist/src/eapol_supp/eapol_supp_sm.c up to 1.1.1.9 external/bsd/wpa/dist/src/eapol_supp/eapol_supp_sm.h up to 1.1.1.7 external/bsd/wpa/dist/src/fst/fst.h up to 1.1.1.2 external/bsd/wpa/dist/src/p2p/p2p.c up to 1.5 external/bsd/wpa/dist/src/p2p/p2p.h up to 1.1.1.7 external/bsd/wpa/dist/src/p2p/p2p_build.c up to 1.1.1.6 external/bsd/wpa/dist/src/p2p/p2p_go_neg.c up to 1.1.1.8 external/bsd/wpa/dist/src/p2p/p2p_group.c up to 1.1.1.7 external/bsd/wpa/dist/src/p2p/p2p_i.h up to 1.1.1.8 external/bsd/wpa/dist/src/p2p/p2p_invitation.c up to 1.1.1.7 external/bsd/wpa/dist/src/p2p/p2p_utils.c up to 1.1.1.6 external/bsd/wpa/dist/src/pae/ieee802_1x_cp.c up to 1.1.1.4 external/bsd/wpa/dist/src/pae/ieee802_1x_cp.h up to 1.1.1.3 external/bsd/wpa/dist/src/pae/ieee802_1x_kay.c up to 1.1.1.5 external/bsd/wpa/dist/src/pae/ieee802_1x_kay.h up to 1.1.1.4 external/bsd/wpa/dist/src/pae/ieee802_1x_kay_i.h up to 1.1.1.4 external/bsd/wpa/dist/src/pae/ieee802_1x_key.c up to 1.1.1.2 external/bsd/wpa/dist/src/pae/ieee802_1x_key.h up to 1.1.1.2 external/bsd/wpa/dist/src/pae/ieee802_1x_secy_ops.c up to 1.1.1.4 external/bsd/wpa/dist/src/pae/ieee802_1x_secy_ops.h up to 1.1.1.4 external/bsd/wpa/dist/src/radius/radius_client.c up to 1.3 external/bsd/wpa/dist/src/radius/radius_server.c up to 1.1.1.8 external/bsd/wpa/dist/src/radius/radius_server.h up to 1.1.1.8 external/bsd/wpa/dist/src/rsn_supp/pmksa_cache.c up to 1.1.1.9 external/bsd/wpa/dist/src/rsn_supp/tdls.c up to 1.4 external/bsd/wpa/dist/src/rsn_supp/wpa.c up to 1.5 external/bsd/wpa/dist/src/rsn_supp/wpa.h up to 1.1.1.8 external/bsd/wpa/dist/src/rsn_supp/wpa_ft.c up to 1.4 external/bsd/wpa/dist/src/rsn_supp/wpa_i.h up to 1.4 external/bsd/wpa/dist/src/rsn_supp/wpa_ie.c up to 1.1.1.8 external/bsd/wpa/dist/src/rsn_supp/wpa_ie.h up to 1.1.1.7 external/bsd/wpa/dist/src/tls/asn1.c up to 1.1.1.5 external/bsd/wpa/dist/src/tls/bignum.c up to 1.1.1.3 external/bsd/wpa/dist/src/tls/libtommath.c up to 1.1.1.7 external/bsd/wpa/dist/src/tls/tlsv1_client.c up to 1.1.1.8 external/bsd/wpa/dist/src/tls/tlsv1_client.h up to 1.1.1.5 external/bsd/wpa/dist/src/tls/tlsv1_client_read.c up to 1.1.1.8 external/bsd/wpa/dist/src/tls/tlsv1_client_write.c up to 1.1.1.7 external/bsd/wpa/dist/src/tls/tlsv1_server.c up to 1.1.1.8 external/bsd/wpa/dist/src/tls/tlsv1_server.h up to 1.1.1.5 external/bsd/wpa/dist/src/tls/tlsv1_server_i.h up to 1.1.1.5 external/bsd/wpa/dist/src/tls/tlsv1_server_read.c up to 1.1.1.7 external/bsd/wpa/dist/src/tls/tlsv1_server_write.c up to 1.1.1.6 external/bsd/wpa/dist/src/tls/x509v3.c up to 1.1.1.9 external/bsd/wpa/dist/src/utils/Makefile up to 1.1.1.5 external/bsd/wpa/dist/src/utils/base64.c up to 1.1.1.6 external/bsd/wpa/dist/src/utils/browser.c up to 1.1.1.2 external/bsd/wpa/dist/src/utils/common.c up to 1.6 external/bsd/wpa/dist/src/utils/common.h up to 1.7 external/bsd/wpa/dist/src/utils/eloop.c up to 1.14 external/bsd/wpa/dist/src/utils/http_curl.c up to 1.1.1.5 external/bsd/wpa/dist/src/utils/json.c up to 1.1.1.2 external/bsd/wpa/dist/src/utils/list.h up to 1.1.1.5 external/bsd/wpa/dist/src/utils/os_internal.c up to 1.1.1.7 external/bsd/wpa/dist/src/utils/os_none.c up to 1.1.1.8 external/bsd/wpa/dist/src/utils/os_unix.c up to 1.6 external/bsd/wpa/dist/src/utils/trace.c up to 1.1.1.7 external/bsd/wpa/dist/src/utils/utils_module_tests.c up to 1.1.1.5 external/bsd/wpa/dist/src/utils/wpa_debug.c up to 1.1.1.8 external/bsd/wpa/dist/src/wps/wps.c up to 1.1.1.9 external/bsd/wpa/dist/src/wps/wps.h up to 1.1.1.8 external/bsd/wpa/dist/src/wps/wps_attr_build.c up to 1.1.1.7 external/bsd/wpa/dist/src/wps/wps_attr_parse.c up to 1.1.1.7 external/bsd/wpa/dist/src/wps/wps_attr_parse.h up to 1.1.1.4 external/bsd/wpa/dist/src/wps/wps_common.c up to 1.1.1.9 external/bsd/wpa/dist/src/wps/wps_defs.h up to 1.1.1.8 external/bsd/wpa/dist/src/wps/wps_dev_attr.c up to 1.1.1.5 external/bsd/wpa/dist/src/wps/wps_dev_attr.h up to 1.1.1.5 external/bsd/wpa/dist/src/wps/wps_enrollee.c up to 1.1.1.9 external/bsd/wpa/dist/src/wps/wps_er.c up to 1.1.1.8 external/bsd/wpa/dist/src/wps/wps_i.h up to 1.1.1.7 external/bsd/wpa/dist/src/wps/wps_registrar.c up to 1.1.1.10 external/bsd/wpa/dist/src/wps/wps_upnp.c up to 1.1.1.8 external/bsd/wpa/dist/src/wps/wps_validate.c up to 1.1.1.5 external/bsd/wpa/dist/wpa_supplicant/Android.mk up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/ChangeLog up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/Makefile up to 1.5 external/bsd/wpa/dist/wpa_supplicant/README up to 1.5 external/bsd/wpa/dist/wpa_supplicant/README-P2P up to 1.1.1.6 external/bsd/wpa/dist/wpa_supplicant/android.config up to 1.1.1.6 external/bsd/wpa/dist/wpa_supplicant/ap.c up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/ap.h up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/bss.c up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/bss.h up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/config.c up to 1.8 external/bsd/wpa/dist/wpa_supplicant/config.h up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/config_file.c up to 1.1.1.9 external/bsd/wpa/dist/wpa_supplicant/config_ssid.h up to 1.1.1.9 external/bsd/wpa/dist/wpa_supplicant/config_winreg.c up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/ctrl_iface.c up to 1.6 external/bsd/wpa/dist/wpa_supplicant/ctrl_iface_unix.c up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/defconfig up to 1.5 external/bsd/wpa/dist/wpa_supplicant/dpp_supplicant.c up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/dpp_supplicant.h up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/driver_i.h up to 1.4 external/bsd/wpa/dist/wpa_supplicant/eap_register.c up to 1.1.1.5 external/bsd/wpa/dist/wpa_supplicant/eapol_test.c up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/eapol_test.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/events.c up to 1.9 external/bsd/wpa/dist/wpa_supplicant/gas_query.c up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/gas_query.h up to 1.1.1.6 external/bsd/wpa/dist/wpa_supplicant/hs20_supplicant.c up to 1.1.1.6 external/bsd/wpa/dist/wpa_supplicant/hs20_supplicant.h up to 1.1.1.6 external/bsd/wpa/dist/wpa_supplicant/ibss_rsn.c up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/interworking.c up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/main.c up to 1.5 external/bsd/wpa/dist/wpa_supplicant/mbo.c up to 1.1.1.3 external/bsd/wpa/dist/wpa_supplicant/mesh.c up to 1.1.1.4 external/bsd/wpa/dist/wpa_supplicant/mesh_mpm.c up to 1.1.1.4 external/bsd/wpa/dist/wpa_supplicant/mesh_rsn.c up to 1.1.1.4 external/bsd/wpa/dist/wpa_supplicant/notify.c up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/notify.h up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/op_classes.c up to 1.3 external/bsd/wpa/dist/wpa_supplicant/p2p_supplicant.c up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/p2p_supplicant.h up to 1.1.1.6 external/bsd/wpa/dist/wpa_supplicant/preauth_test.c up to 1.1.1.6 external/bsd/wpa/dist/wpa_supplicant/rrm.c up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/scan.c up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/sme.c up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/sme.h up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/wmm_ac.c up to 1.1.1.3 external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c up to 1.6 external/bsd/wpa/dist/wpa_supplicant/wpa_cli.c up to 1.11 external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c up to 1.12 external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.conf up to 1.2 external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant_i.h up to 1.6 external/bsd/wpa/dist/wpa_supplicant/wpas_glue.c up to 1.1.1.9 external/bsd/wpa/dist/wpa_supplicant/wpas_kay.c up to 1.1.1.4 external/bsd/wpa/dist/wpa_supplicant/wps_supplicant.c up to 1.1.1.9 external/bsd/wpa/dist/wpa_supplicant/wps_supplicant.h up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/dbus/Makefile up to 1.1.1.4 external/bsd/wpa/dist/wpa_supplicant/dbus/dbus-wpa_supplicant.conf up to 1.1.1.3 external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_common.c up to 1.1.1.5 external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_new.c up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_new.h up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers.c up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers.h up to 1.1.1.9 external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers_p2p.c up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers_p2p.h up to 1.1.1.6 external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers_wps.c up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_new_helpers.c up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/eapol_test.8 up to 1.1.1.5 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/eapol_test.sgml up to 1.1.1.5 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_background.8 up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_background.sgml up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_cli.8 up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_cli.sgml up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_gui.8 up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_gui.sgml up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_passphrase.8 up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_passphrase.sgml up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_priv.8 up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_priv.sgml up to 1.1.1.7 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.8 up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 up to 1.1.1.10 external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.sgml up to 1.1.1.8 external/bsd/wpa/dist/wpa_supplicant/examples/dbus-listen-preq.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/dpp-qrcode.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/p2p-nfc.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/wpas-dbus-new-getall.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/wpas-dbus-new-signals.py up to 1.1.1.3 external/bsd/wpa/dist/wpa_supplicant/examples/wpas-dbus-new-wps.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/wpas-dbus-new.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/wps-nfc.py up to 1.1.1.3 external/bsd/wpa/dist/wpa_supplicant/examples/p2p/p2p_connect.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/p2p/p2p_disconnect.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/p2p/p2p_find.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/p2p/p2p_flush.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/p2p/p2p_group_add.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/p2p/p2p_invite.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/p2p/p2p_listen.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/examples/p2p/p2p_stop_find.py up to 1.1.1.2 external/bsd/wpa/dist/wpa_supplicant/systemd/wpa_supplicant.service.in up to 1.1.1.3 external/bsd/wpa/dist/wpa_supplicant/utils/log2pcap.py up to 1.1.1.2 external/mpl/dhcp/dist/common/tests/domain_name_test.c up to 1.2 external/mpl/dhcp/dist/dhcpctl/cltest2.c up to 1.2 external/mpl/dhcp/dist/relay/tests/Atffile up to 1.1.1.1 external/mpl/dhcp/dist/relay/tests/Kyuafile up to 1.1.1.1 external/mpl/dhcp/dist/relay/tests/Makefile.am up to 1.1.1.1 external/mpl/dhcp/dist/relay/tests/Makefile.in up to 1.1.1.3 external/mpl/dhcp/dist/relay/tests/relay_unittests.c up to 1.4 external/mpl/dhcp/dist/CONTRIBUTING.md up to 1.1.1.2 external/mpl/dhcp/dist/keama/tests/badduid.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/README up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/samples/example.conf up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/samples/example.json up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/samples/runall.sh up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/samples/runone.sh up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/samples/simple.conf up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/samples/simple.json up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/samples/test-a6.conf up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/samples/test-a6.json up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/samples/vmnet8.conf up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/samples/vmnet8.json up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badcasexsc.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badcasexsc.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badclass.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badclass2.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badclass2.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/baddecl2array.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/baddecl2array.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/baddecl2record.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/baddecl2record.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/baddeclBt.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/baddeclBt.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/baddefaultxsc.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/baddefaultxsc.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/baddomain.notyet up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badduid.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/env up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badinclude.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badinclude.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badoption66.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badoption66.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badoptionD6.notyet up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badoptionDc4.notyet up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badoptionI4.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badoptionI4.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badoptiond4.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badoptiond4.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badstatusdir.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badstatusdir.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badsubclass.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/badsubclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/bintadx6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/bintadx6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/bootfilename4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/bootfilename4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/charcasedx4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/checkall.sh up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/charcasedx4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/checkone.sh up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/class4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/class4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/class4empty.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/class4empty.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/class6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/class6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/class6empty.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/class6empty.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/classbadmatch.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/classbadmatch.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/classbadmatchif.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/classbadmatchif.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/classinclass.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/classinclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/concatdx4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/concatdx4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/concatnulldx4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/concatnulldx4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/docsis4.dir up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/configdata4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/configdata4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/dbtimeformat4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/dbtimeformat4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/dbtimeformat6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/dbtimeformat6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/ddnsupdstyle6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/ddnsupdstyle6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/defaultexpr6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/defaultexpr6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/denyunknown6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/denyunknown6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/docsis6.dir up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duid2.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duid2.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duiden6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duiden6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidennoid.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidennoid.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidennonum.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidennonum.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidll6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidll6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidllbadtype.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidllbadtype.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidllhw6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidllhw6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidllnohw.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidllnohw.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidllt6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidllt6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidlltbadtype.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidlltbadtype.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidlltnohw.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidlltnohw.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidlltnotime.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidlltnotime.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidlltthw4.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidlltthw4.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidlltthw6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidlltthw6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidnoid.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/duidnoid.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/enableupdates6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/enableupdates6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/encodedx6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/encodedx6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/escapestring4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/escapestring4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/execstatement4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/execstatement4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/execstatement6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/execstatement6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/existsbx4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/existsbx4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/filename4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/filename4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/filenamedx4.notyet up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/fixedaddressinroot4.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/fixedaddressinroot4.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/fixedaddressinroot6.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/fixedaddressinroot6.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/fixedprefixinroot.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/fixedprefixinroot.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/fqdncompressed.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/fqdncompressed.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/gethostdx4.notyet up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/global4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/global4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/global6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/global6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupclass4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupclass4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupclass6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupclass6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupgroup4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupgroup4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/grouphost4.inn up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/grouphost4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupinclass.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupinclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupsubnet4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupsubnet4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupsubnet6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupsubnet6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupsubnetif.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/groupsubnetif.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hardware2dx4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hardware2dx4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hardwaredx4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hardwaredx4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hardwareinroot.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hardwareinroot.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/host6.notyet up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostidentifier4.inl up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostidentifier4.outl up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostnum.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostinclass.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostinclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostinhost.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostinhost.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostname4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostname4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostnum.errF up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostuid4.inn up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/hostuid4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/ifxsc4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/ifxsc4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/ipaddr6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/ipaddr6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/ipaddrhost4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/ipaddrhost4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/ipaddrs4.notyet4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/lifetime4.ind up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/lifetime4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/lifetime6.inD up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/lifetime6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/lifetimedef4.ind up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/lifetimedef4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/lifetimedef6.inD up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/lifetimedef6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/listarray.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/listarray.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/minimal4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/minimal4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/minimal6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/minimal6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/mixedarray.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/mixedarray.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/nestarray.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/nestarray.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/noauth4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/noauth4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/noauth6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/noauth6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/noclass.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/noclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/noinclude.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/noinclude.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/notbx4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/nosubclass.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/nosubclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/nosuperclass.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/nosuperclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/notbx4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/notnotbx4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/notnotbx4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/nxdomainnx6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/nxdomainnx6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/onxsc4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/onxsc4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optdatagrouppool4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optdatagrouppool4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondata4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondata4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondata6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondata6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondatapool4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondatapool4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondatapool6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondatapool6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondecl4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondecl4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondecl6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondecl6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondeclBat4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optiondeclBat4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionencap4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionencap4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionencap6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionencap6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionexpr4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionexpr4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionspace4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionspace4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionspace6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionspace6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionvendor4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionvendor4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionvendor6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/optionvendor6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/orphan4.inn up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/orphan4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/orphan6.inN up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/orphan6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/packetdx4.notyet up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/permitauth4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/permitauth4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/permitauth6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/permitauth6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/permitknown4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/permitknown4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/pickdx6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/pickdx6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/pool4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/pool4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/pool42.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/pool42.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/pool6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/pool6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/pool6in4.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/pool6in4.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/poolinroot4.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/poolinroot4.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/poolinroot6.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/poolinroot6.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/preferred6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/preferred6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/prefix0.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/prefix0.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/prefix128.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/prefix128.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/prefix6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/prefix6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/prefix62.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/prefix62.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/prefixinroot6.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/prefixinroot6.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/qualifyingsuffix4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/qualifyingsuffix4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/qualifyingsuffix6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/qualifyingsuffix6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/range4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/range4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/range6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/range6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/range6in4.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/range6in4.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/rangeinroot4.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/rangeinroot4.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/rangeinroot6.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/rangeinroot6.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/reversedx6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/reversedx6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/runall.sh up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/runone.sh up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/share0.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/share0.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/share2if.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/share2if.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareempty.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareempty.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareinclass.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareinclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareinhost.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareinhost.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareinshare.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareinshare.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareinsubnet4.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareinsubnet4.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareinsubnet6.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareinsubnet6.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/sharenoname.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/sharenoname.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareone4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareone4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareone6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/shareone6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/sharepools4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/sharepools4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/sharetwo4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/sharetwo4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/sharetwo6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/sharetwo6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/sname4.notyet up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/spawning6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/spawning6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclass4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclass4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclass6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclass6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclassbinsel4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclassbinsel4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclassbinsel6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclassbinsel6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclassguard4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclassguard4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclassguard6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subclassguard6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet42if.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet42if.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4auth.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4auth.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4badmask.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4badmask.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4inclass.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4inclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4inhost.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4inhost.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4nomask.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet4nomask.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet62if.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet62if.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6auth.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6auth.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6inclass.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6inclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6one.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6inhost.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6inhost.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6multi.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6multi.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6nolen.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6nolen.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6noslash.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6noslash.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnet6one.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnetinsubnet4.err4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnetinsubnet4.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnetinsubnet6.err6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/subnetinsubnet6.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/substringdx4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/substringdx4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/suffixdx4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/suffixdx4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/switchxsc4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/switchxsc4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/switchxsc6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/switchxsc6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/tautology.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/tautology.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/tautologyhexa.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/tautologyhexa.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/tautologysub.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/tautologysub.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/temporary6.in6 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/temporary6.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/textarray.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/textarray.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/unknownoption.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/unknownoption.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/unknownspace.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/unknownspace.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/userclass.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/userclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/vendorclass.err up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/vendorclass.msg up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/vendorspace4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/vendorspace4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/zone4.in4 up to 1.1.1.1 external/mpl/dhcp/dist/keama/tests/zone4.out up to 1.1.1.1 external/mpl/dhcp/dist/keama/ChangeLog.md up to 1.1.1.2 external/mpl/dhcp/dist/keama/Makefile.am up to 1.1.1.1 external/mpl/dhcp/dist/keama/Makefile.in up to 1.1.1.3 external/mpl/dhcp/dist/keama/README.md up to 1.1.1.1 external/mpl/dhcp/dist/keama/conflex.c up to 1.3 external/mpl/dhcp/dist/keama/confparse.c up to 1.3 external/mpl/dhcp/dist/keama/data.c up to 1.3 external/mpl/dhcp/dist/keama/data.h up to 1.3 external/mpl/dhcp/dist/keama/dhctoken.h up to 1.3 external/mpl/dhcp/dist/keama/doc.txt up to 1.1.1.1 external/mpl/dhcp/dist/keama/eval.c up to 1.3 external/mpl/dhcp/dist/keama/json.c up to 1.3 external/mpl/dhcp/dist/keama/keama.8 up to 1.3 external/mpl/dhcp/dist/keama/keama.c up to 1.3 external/mpl/dhcp/dist/keama/keama.h up to 1.3 external/mpl/dhcp/dist/keama/options.c up to 1.3 external/mpl/dhcp/dist/keama/parse.c up to 1.3 external/mpl/dhcp/dist/keama/print.c up to 1.3 external/mpl/dhcp/dist/keama/reduce.c up to 1.3 external/mpl/dhcp/bind/dist/lib/dns/dst_api.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/Kyuafile up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/acl.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/adb.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/badcache.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/byaddr.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/cache.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/callbacks.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/catz.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/client.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/clientinfo.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/compress.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/db.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dbiterator.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dbtable.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/diff.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dispatch.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dlz.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dns64.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dnsrps.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dnssec.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dnstap.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dnstap.proto up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/ds.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/tsig_p.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dst_internal.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dst_openssl.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dst_parse.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dst_parse.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dst_pkcs11.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dst_result.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/dyndb.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/ecdb.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/ecs.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/fixedname.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/forward.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/gen-unix.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/gen-win32.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/gen.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/geoip2.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/gssapi_link.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/gssapictx.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/hmac_link.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/ipkeylist.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/iptable.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/journal.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/kasp.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/key.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/keydata.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/time.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/keymgr.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/keytable.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/lib.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/log.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/lookup.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/mapapi up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/master.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/masterdump.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/message.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/name.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/ncache.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/nsec.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/nsec3.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/nta.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/openssl_link.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/openssldh_link.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/opensslecdsa_link.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/openssleddsa_link.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/opensslrsa_link.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/order.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/peer.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/pkcs11.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/pkcs11ecdsa_link.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/pkcs11eddsa_link.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/pkcs11rsa_link.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/portlist.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/private.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rbt.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rbtdb.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rbtdb.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rcode.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdatalist.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdatalist_p.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdataset.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdatasetiter.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdataslab.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/request.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/resolver.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/result.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rootns.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rpz.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rriterator.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rrl.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/sdb.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/sdlz.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/soa.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/ssu.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/ssu_external.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/stats.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/timer.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/tcpmsg.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/tkey.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/tsec.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/tsig.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/ttl.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/update.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/validator.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/version.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/view.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/xfrin.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/zone.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/acl.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/adb.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/badcache.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/bit.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/byaddr.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/cache.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/callbacks.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/catz.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/cert.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/client.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/clientinfo.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/compress.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/db.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/dbiterator.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/dbtable.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/diff.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/dispatch.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/dlz.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/dlz_dlopen.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/dns64.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/dnsrps.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/dnssec.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/dnstap.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/ds.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/dsdigest.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/dyndb.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/ecdb.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/ecs.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/edns.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/events.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/fixedname.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/forward.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/geoip.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/ipkeylist.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/iptable.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/journal.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/kasp.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/keydata.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/keyflags.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/keymgr.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/keytable.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/keyvalues.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/lib.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/librpz.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/lmdb.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/log.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/lookup.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/master.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/masterdump.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/message.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/name.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/ncache.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/nsec.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/nsec3.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/nta.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/opcode.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/order.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/peer.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/portlist.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/private.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rbt.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rcode.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rdata.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rdataclass.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rdatalist.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rdataset.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rdatasetiter.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rdataslab.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rdatatype.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/request.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/resolver.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/result.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rootns.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rpz.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rriterator.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/rrl.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/sdb.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/sdlz.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/secalg.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/secproto.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/soa.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/ssu.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/stats.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/tcpmsg.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/time.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/timer.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/tkey.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/tsec.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/tsig.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/ttl.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/types.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/update.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/validator.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/version.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/view.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/xfrin.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/zone.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/zonekey.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/zoneverify.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dns/zt.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dst/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dst/dst.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dst/gssapi.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/dst/result.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/include/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/zone_p.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/zonekey.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/zoneverify.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/zt.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/any_255/tsig_250.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/any_255/tsig_250.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/rdatastructpre.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/rdatastructsuf.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/ch_3/a_1.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/ch_3/a_1.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/afsdb_18.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/afsdb_18.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/amtrelay_260.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/amtrelay_260.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/avc_258.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/avc_258.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/caa_257.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/caa_257.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/cdnskey_60.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/cdnskey_60.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/cds_59.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/cds_59.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/cert_37.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/cert_37.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/cname_5.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/cname_5.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/csync_62.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/csync_62.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/dlv_32769.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/dlv_32769.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/dname_39.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ds_43.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/dname_39.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/dnskey_48.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/dnskey_48.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/doa_259.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/doa_259.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ds_43.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/eui48_108.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/eui48_108.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/eui64_109.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/eui64_109.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/gpos_27.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/gpos_27.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/hinfo_13.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/hinfo_13.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/hip_55.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/hip_55.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ipseckey_45.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ipseckey_45.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/isdn_20.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/isdn_20.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/key_25.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/key_25.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/keydata_65533.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/keydata_65533.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/l32_105.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/l32_105.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/l64_106.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/l64_106.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/loc_29.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/loc_29.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/lp_107.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/lp_107.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/mb_7.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/mb_7.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/md_3.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/md_3.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/mf_4.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/mf_4.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/mg_8.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/mg_8.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/minfo_14.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/minfo_14.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/mr_9.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/mr_9.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/mx_15.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/mx_15.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/naptr_35.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/naptr_35.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/nid_104.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/nid_104.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ninfo_56.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ninfo_56.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ns_2.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ns_2.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/nsec3_50.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/nsec3_50.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/nsec3param_51.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/nsec3param_51.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/nsec_47.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/nsec_47.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/null_10.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/null_10.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/nxt_30.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/nxt_30.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/openpgpkey_61.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/openpgpkey_61.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/opt_41.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/opt_41.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/proforma.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/proforma.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ptr_12.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ptr_12.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/rkey_57.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/rkey_57.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/rp_17.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/rp_17.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/rrsig_46.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/rrsig_46.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/rt_21.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/rt_21.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/sig_24.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/sig_24.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/sink_40.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/sink_40.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/smimea_53.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/smimea_53.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/soa_6.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/soa_6.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/spf_99.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/spf_99.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/sshfp_44.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/sshfp_44.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ta_32768.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ta_32768.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/talink_58.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/talink_58.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/tkey_249.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/tkey_249.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/tlsa_52.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/tlsa_52.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/txt_16.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/txt_16.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/uri_256.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/uri_256.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/x25_19.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/x25_19.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/zonemd_63.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/zonemd_63.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/hs_4/a_1.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/hs_4/a_1.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/a6_38.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/a6_38.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/a_1.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/a_1.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/aaaa_28.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/aaaa_28.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/apl_42.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/apl_42.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/atma_34.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/atma_34.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/dhcid_49.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/dhcid_49.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/eid_31.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/eid_31.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/https_65.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/https_65.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/kx_36.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/kx_36.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/nimloc_32.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/nimloc_32.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/nsap-ptr_23.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/nsap-ptr_23.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/nsap_22.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/nsap_22.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/px_26.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/px_26.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/srv_33.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/srv_33.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/svcb_64.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/svcb_64.h up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/wks_11.c up to 1.1 external/mpl/dhcp/bind/dist/lib/dns/rdata/in_1/wks_11.h up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/include/irs/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/include/irs/context.h up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/include/irs/dnsconf.h up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/include/irs/netdb.h.in up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/include/irs/platform.h.in up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/include/irs/resconf.h up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/include/irs/types.h up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/include/irs/version.h up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/include/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/Kyuafile up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/context.c up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/dnsconf.c up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/gai_strerror.c up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/getaddrinfo.c up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/getnameinfo.c up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/resconf.c up to 1.1 external/mpl/dhcp/bind/dist/lib/irs/version.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/aes.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/app.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/assertions.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/astack.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/atomic.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/backtrace.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/barrier.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/base32.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/base64.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/bind9.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/buffer.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/bufferlist.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/cmocka.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/commandline.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/counter.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/crc64.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/deprecated.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/endian.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/errno.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/error.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/event.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/eventclass.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/file.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/formatcheck.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/fsaccess.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/fuzz.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/hash.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/heap.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/hex.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/hmac.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/ht.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/httpd.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/interfaceiter.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/iterated_hash.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/lang.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/lex.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/lfsr.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/lib.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/likely.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/list.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/log.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/magic.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/managers.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/md.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/mem.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/meminfo.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/mutexblock.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/netaddr.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/netmgr.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/netscope.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/nonce.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/os.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/parseint.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/platform.h.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/pool.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/portset.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/print.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/quota.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/radix.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/random.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/ratelimiter.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/refcount.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/regex.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/region.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/resource.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/result.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/resultclass.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/rwlock.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/safe.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/serial.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/siphash.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/sockaddr.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/socket.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/stats.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/stdio.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/strerr.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/string.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/symtab.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/task.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/taskpool.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/timer.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/tm.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/types.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/url.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/utf8.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/util.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/isc/version.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/pk11/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/pk11/constants.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/pk11/internal.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/pk11/pk11.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/pk11/result.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/pk11/site.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/pkcs11/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/include/pkcs11/pkcs11.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/Kyuafile up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/aes.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/app.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/assertions.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/astack.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/backtrace-emptytbl.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/backtrace.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/base32.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/base64.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/bind9.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/buffer.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/bufferlist.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/commandline.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/counter.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/crc64.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/entropy.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/entropy_private.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/error.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/event.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/fsaccess.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/hash.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/heap.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/hex.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/hmac.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/ht.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/httpd.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/iterated_hash.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/lex.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/lfsr.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/lib.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/lib_p.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/log.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/managers.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/md.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/mem.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/mem_p.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/mutexblock.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netaddr.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netmgr_p.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netscope.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/nonce.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/openssl_shim.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/openssl_shim.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/parseint.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pk11.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pk11_result.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pool.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/portset.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/quota.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/radix.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/random.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/ratelimiter.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/regex.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/region.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/result.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/rwlock.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/safe.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/serial.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/siphash.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/sockaddr.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/stats.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/string.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/symtab.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/task.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/task_p.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/taskpool.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/timer.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/timer_p.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/tls.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/tls_p.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/tm.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/trampoline.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/trampoline_p.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/url.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/utf8.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/version.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/xoshiro128starstar.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netmgr/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netmgr/netmgr-int.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netmgr/netmgr.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netmgr/tcp.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netmgr/tcpdns.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netmgr/udp.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netmgr/uv-compat.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netmgr/uv-compat.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/netmgr/uverr2result.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pthreads/include/isc/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pthreads/include/isc/condition.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pthreads/include/isc/mutex.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pthreads/include/isc/once.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pthreads/include/isc/thread.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pthreads/include/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pthreads/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pthreads/condition.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pthreads/mutex.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/pthreads/thread.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/isc/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/isc/align.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/isc/dir.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/isc/net.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/isc/netdb.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/isc/offset.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/isc/stat.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/isc/stdatomic.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/isc/stdtime.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/isc/syslog.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/isc/time.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/include/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/dir.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/errno.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/errno2result.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/errno2result.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/file.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/fsaccess.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/ifiter_getifaddrs.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/interfaceiter.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/meminfo.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/net.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/os.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/pk11_api.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/resource.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/socket.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/socket_p.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/stdio.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/stdtime.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/syslog.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isc/unix/time.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/include/isccfg/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/include/isccfg/aclconf.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/include/isccfg/cfg.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/include/isccfg/dnsconf.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/include/isccfg/grammar.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/include/isccfg/kaspconf.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/include/isccfg/log.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/include/isccfg/namedconf.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/include/isccfg/version.h up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/include/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/Kyuafile up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/Makefile.in up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/aclconf.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/dnsconf.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/kaspconf.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/log.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/namedconf.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/parser.c up to 1.1 external/mpl/dhcp/bind/dist/lib/isccfg/version.c up to 1.1 external/mpl/dhcp/bind/dist/version up to 1.1 external/mpl/dhcp/bind/Makefile up to 1.1 external/mpl/dhcp/bind/Makefile.inc up to 1.1 external/mpl/dhcp/bind/include/dns/enumclass.h up to 1.1 external/mpl/dhcp/bind/include/dns/code.h up to 1.1 external/mpl/dhcp/bind/include/dns/enumtype.h up to 1.1 external/mpl/dhcp/bind/include/dns/rdatastruct.h up to 1.1 external/mpl/dhcp/bind/include/irs/netdb.h up to 1.1 external/mpl/dhcp/bind/include/irs/platform.h up to 1.1 external/mpl/dhcp/bind/include/config.h up to 1.1 external/mpl/dhcp/bind/include/isc/atomic.h up to 1.1 external/mpl/dhcp/bind/include/isc/platform.h up to 1.1 external/mpl/dhcp/bind/include/isc/stdatomic.h up to 1.1 external/mpl/dhcp/bind/lib/libdns/Makefile up to 1.1 external/mpl/dhcp/bind/lib/Makefile up to 1.1 external/mpl/dhcp/bind/lib/Makefile.inc up to 1.1 external/mpl/dhcp/bind/lib/libirs/Makefile up to 1.1 external/mpl/dhcp/bind/lib/libisc/Makefile up to 1.1 external/mpl/dhcp/bind/lib/libisc/isc.map up to 1.1 external/mpl/dhcp/bind/lib/libisccfg/Makefile up to 1.1 external/mpl/dhcp/Makefile up to 1.2 external/mpl/dhcp/Makefile.inc up to 1.13 external/mpl/dhcp/dhcp2netbsd up to 1.3 external/mpl/dhcp/bin/relay/Makefile up to 1.3 external/mpl/dhcp/bin/server/Makefile up to 1.10 external/mpl/dhcp/dist/LICENSE up to 1.1.1.4 external/mpl/dhcp/dist/Makefile.am up to 1.1.1.2 external/mpl/dhcp/dist/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/README up to 1.1.1.4 external/mpl/dhcp/dist/RELNOTES up to 1.2 external/mpl/dhcp/dist/aclocal.m4 up to 1.1.1.4 external/mpl/dhcp/dist/config.guess up to 1.3 external/mpl/dhcp/dist/configure up to 1.1.1.4 external/mpl/dhcp/dist/configure.ac up to 1.1.1.4 external/mpl/dhcp/dist/configure.ac+lt up to 1.1.1.3 external/mpl/dhcp/dist/client/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/client/client_tables.c up to 1.3 external/mpl/dhcp/dist/client/clparse.c up to 1.4 external/mpl/dhcp/dist/client/dhc6.c up to 1.4 external/mpl/dhcp/dist/client/dhclient-script.8 up to 1.3 external/mpl/dhcp/dist/client/dhclient.8 up to 1.4 external/mpl/dhcp/dist/client/dhclient.c up to 1.5 external/mpl/dhcp/dist/client/dhclient.conf.5 up to 1.3 external/mpl/dhcp/dist/client/dhclient.leases.5 up to 1.3 external/mpl/dhcp/dist/client/scripts/linux up to 1.1.1.2 external/mpl/dhcp/dist/client/tests/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/client/tests/duid_unittest.c up to 1.3 external/mpl/dhcp/dist/common/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/common/alloc.c up to 1.3 external/mpl/dhcp/dist/common/bpf.c up to 1.5 external/mpl/dhcp/dist/common/comapi.c up to 1.3 external/mpl/dhcp/dist/common/conflex.c up to 1.3 external/mpl/dhcp/dist/common/ctrace.c up to 1.3 external/mpl/dhcp/dist/common/dhcp-eval.5 up to 1.3 external/mpl/dhcp/dist/common/dhcp-options.5 up to 1.4 external/mpl/dhcp/dist/common/dhcp4o6.c up to 1.3 external/mpl/dhcp/dist/common/discover.c up to 1.5 external/mpl/dhcp/dist/common/dispatch.c up to 1.5 external/mpl/dhcp/dist/common/dlpi.c up to 1.3 external/mpl/dhcp/dist/common/dns.c up to 1.5 external/mpl/dhcp/dist/common/ethernet.c up to 1.3 external/mpl/dhcp/dist/common/execute.c up to 1.4 external/mpl/dhcp/dist/common/fddi.c up to 1.3 external/mpl/dhcp/dist/common/icmp.c up to 1.3 external/mpl/dhcp/dist/common/inet.c up to 1.3 external/mpl/dhcp/dist/common/lpf.c up to 1.4 external/mpl/dhcp/dist/common/memory.c up to 1.3 external/mpl/dhcp/dist/common/nit.c up to 1.3 external/mpl/dhcp/dist/common/ns_name.c up to 1.4 external/mpl/dhcp/dist/common/options.c up to 1.7 external/mpl/dhcp/dist/common/packet.c up to 1.4 external/mpl/dhcp/dist/common/parse.c up to 1.5 external/mpl/dhcp/dist/common/print.c up to 1.3 external/mpl/dhcp/dist/common/raw.c up to 1.4 external/mpl/dhcp/dist/common/resolv.c up to 1.3 external/mpl/dhcp/dist/common/socket.c up to 1.5 external/mpl/dhcp/dist/common/tables.c up to 1.4 external/mpl/dhcp/dist/common/tr.c up to 1.3 external/mpl/dhcp/dist/common/tree.c up to 1.3 external/mpl/dhcp/dist/common/upf.c up to 1.3 external/mpl/dhcp/dist/common/tests/Kyuafile up to 1.1.1.2 external/mpl/dhcp/dist/common/tests/Makefile.am up to 1.1.1.2 external/mpl/dhcp/dist/common/tests/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/common/tests/option_unittest.c up to 1.5 external/mpl/dhcp/dist/contrib/dhcp-lease-list.pl up to 1.1.1.2 external/mpl/dhcp/dist/dhcpctl/Makefile.am up to 1.1.1.2 external/mpl/dhcp/dist/dhcpctl/Makefile.am.in up to 1.1.1.2 external/mpl/dhcp/dist/dhcpctl/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/dhcpctl/callback.c up to 1.3 external/mpl/dhcp/dist/dhcpctl/cltest.c up to 1.3 external/mpl/dhcp/dist/dhcpctl/dhcpctl.3 up to 1.3 external/mpl/dhcp/dist/dhcpctl/dhcpctl.c up to 1.3 external/mpl/dhcp/dist/dhcpctl/dhcpctl.h up to 1.3 external/mpl/dhcp/dist/dhcpctl/omshell.1 up to 1.3 external/mpl/dhcp/dist/dhcpctl/omshell.c up to 1.3 external/mpl/dhcp/dist/dhcpctl/remote.c up to 1.3 external/mpl/dhcp/dist/doc/Makefile up to 1.1.1.2 external/mpl/dhcp/dist/doc/References.html up to 1.1.1.2 external/mpl/dhcp/dist/doc/References.txt up to 1.1.1.2 external/mpl/dhcp/dist/doc/References.xml up to 1.1.1.2 external/mpl/dhcp/dist/doc/devel/atf.dox up to 1.1.1.2 external/mpl/dhcp/dist/doc/ja_JP.eucJP/dhclient-script.8 up to 1.3 external/mpl/dhcp/dist/doc/ja_JP.eucJP/dhclient.8 up to 1.3 external/mpl/dhcp/dist/doc/ja_JP.eucJP/dhclient.conf.5 up to 1.3 external/mpl/dhcp/dist/doc/ja_JP.eucJP/dhclient.leases.5 up to 1.3 external/mpl/dhcp/dist/doc/ja_JP.eucJP/dhcp-eval.5 up to 1.3 external/mpl/dhcp/dist/doc/ja_JP.eucJP/dhcp-options.5 up to 1.3 external/mpl/dhcp/dist/includes/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/includes/cdefs.h up to 1.3 external/mpl/dhcp/dist/includes/config.h.in up to 1.1.1.2 external/mpl/dhcp/dist/includes/ctrace.h up to 1.3 external/mpl/dhcp/dist/includes/dhcp.h up to 1.3 external/mpl/dhcp/dist/includes/dhcp6.h up to 1.3 external/mpl/dhcp/dist/includes/dhcpd.h up to 1.4 external/mpl/dhcp/dist/includes/dhctoken.h up to 1.3 external/mpl/dhcp/dist/includes/failover.h up to 1.3 external/mpl/dhcp/dist/includes/inet.h up to 1.3 external/mpl/dhcp/dist/includes/ldap_casa.h up to 1.3 external/mpl/dhcp/dist/includes/ns_name.h up to 1.4 external/mpl/dhcp/dist/includes/osdep.h up to 1.4 external/mpl/dhcp/dist/includes/site.h up to 1.3 external/mpl/dhcp/dist/includes/statement.h up to 1.3 external/mpl/dhcp/dist/includes/tree.h up to 1.3 external/mpl/dhcp/dist/includes/arpa/nameser.h up to 1.3 external/mpl/dhcp/dist/includes/netinet/udp.h up to 1.3 external/mpl/dhcp/dist/includes/omapip/alloc.h up to 1.3 external/mpl/dhcp/dist/includes/omapip/buffer.h up to 1.3 external/mpl/dhcp/dist/includes/omapip/convert.h up to 1.3 external/mpl/dhcp/dist/includes/omapip/hash.h up to 1.3 external/mpl/dhcp/dist/includes/omapip/isclib.h up to 1.5 external/mpl/dhcp/dist/includes/omapip/omapip.h up to 1.3 external/mpl/dhcp/dist/includes/omapip/omapip_p.h up to 1.4 external/mpl/dhcp/dist/includes/omapip/result.h up to 1.4 external/mpl/dhcp/dist/includes/omapip/trace.h up to 1.3 external/mpl/dhcp/dist/omapip/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/omapip/alloc.c up to 1.3 external/mpl/dhcp/dist/omapip/array.c up to 1.3 external/mpl/dhcp/dist/omapip/auth.c up to 1.3 external/mpl/dhcp/dist/omapip/buffer.c up to 1.5 external/mpl/dhcp/dist/omapip/connection.c up to 1.4 external/mpl/dhcp/dist/omapip/convert.c up to 1.3 external/mpl/dhcp/dist/omapip/dispatch.c up to 1.5 external/mpl/dhcp/dist/omapip/errwarn.c up to 1.5 external/mpl/dhcp/dist/omapip/generic.c up to 1.3 external/mpl/dhcp/dist/omapip/handle.c up to 1.3 external/mpl/dhcp/dist/omapip/hash.c up to 1.3 external/mpl/dhcp/dist/omapip/isclib.c up to 1.8 external/mpl/dhcp/dist/omapip/listener.c up to 1.3 external/mpl/dhcp/dist/omapip/message.c up to 1.3 external/mpl/dhcp/dist/omapip/omapi.3 up to 1.3 external/mpl/dhcp/dist/omapip/protocol.c up to 1.3 external/mpl/dhcp/dist/omapip/result.c up to 1.4 external/mpl/dhcp/dist/omapip/support.c up to 1.3 external/mpl/dhcp/dist/omapip/test.c up to 1.3 external/mpl/dhcp/dist/omapip/toisc.c up to 1.3 external/mpl/dhcp/dist/omapip/trace.c up to 1.3 external/mpl/dhcp/dist/relay/Makefile.am up to 1.1.1.2 external/mpl/dhcp/dist/relay/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/relay/dhcrelay.8 up to 1.3 external/mpl/dhcp/dist/relay/dhcrelay.c up to 1.6 external/mpl/dhcp/dist/server/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/server/bootp.c up to 1.3 external/mpl/dhcp/dist/server/class.c up to 1.4 external/mpl/dhcp/dist/server/confpars.c up to 1.4 external/mpl/dhcp/dist/server/db.c up to 1.3 external/mpl/dhcp/dist/server/ddns.c up to 1.4 external/mpl/dhcp/dist/server/dhcp.c up to 1.4 external/mpl/dhcp/dist/server/dhcpd.8 up to 1.3 external/mpl/dhcp/dist/server/dhcpd.c up to 1.5 external/mpl/dhcp/dist/server/dhcpd.conf.5 up to 1.4 external/mpl/dhcp/dist/server/dhcpd.leases.5 up to 1.3 external/mpl/dhcp/dist/server/dhcpleasequery.c up to 1.3 external/mpl/dhcp/dist/server/dhcpv6.c up to 1.4 external/mpl/dhcp/dist/server/failover.c up to 1.4 external/mpl/dhcp/dist/server/ldap.c up to 1.4 external/mpl/dhcp/dist/server/ldap_casa.c up to 1.3 external/mpl/dhcp/dist/server/leasechain.c up to 1.3 external/mpl/dhcp/dist/server/mdb.c up to 1.4 external/mpl/dhcp/dist/server/mdb6.c up to 1.7 external/mpl/dhcp/dist/server/omapi.c up to 1.3 external/mpl/dhcp/dist/server/salloc.c up to 1.3 external/mpl/dhcp/dist/server/stables.c up to 1.4 external/mpl/dhcp/dist/server/tests/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/server/tests/hash_unittest.c up to 1.3 external/mpl/dhcp/dist/tests/Makefile.in up to 1.1.1.4 external/mpl/dhcp/dist/tests/DHCPv6/000-badmsgtype.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/010-solicit-noclientid.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/011-solicit-serverid.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/020-advertise-mcast.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/030-request-noclientid.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/031-request-noserverid.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/032-request-badduid.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/110-information-request-ia_na.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/111-information-request-ia_ta.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/112-badduid.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/210-solicit-nohost.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/211-solicit-opt-in-na.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/212-solicit-opt-in-na-norapidcommit.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/280-release-nohost.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/281-release-bad-address.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/282-release-no-address.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/283-release.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/290-decline-nohost.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/291-decline-bad-address.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/292-decline-no-address.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/293-decline.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/dhcp_client.pm up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/stubcli-opt-in-na.pl up to 1.1.1.2 external/mpl/dhcp/dist/tests/DHCPv6/stubcli.pl up to 1.1.1.2 external/mpl/dhcp/include/config.h up to 1.4 external/mpl/dhcp/lib/common/Makefile up to 1.3 share/mk/bsd.prog.mk 1.348 (via patch) distrib/sets/lists/base/shl.mi 1.975 distrib/sets/lists/debug/shl.mi 1.336 doc/3RDPARTY (manually edited) nsd(8): update to 4.8.0 (fixes various CVEs) unbound(8): update to 1.19.1 (fixes various CVEs) wpa_supplicant(8): fix CVE-2023-52160 dhcpd(8): decouple from bind version. @ text @d5 1 a5 1 index bac212df..4824927f 100644 d16 2 a17 2 WITH_DYNLIBMODULE=@@WITH_DYNLIBMODULE@@ @@@@ -134,7 +136,7 @@@@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ d26 1 a26 1 @@@@ -147,7 +149,7 @@@@ autotrust.lo val_anchor.lo rpz.lo \ d30 2 a31 2 -$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo d35 1 a35 1 @@@@ -428,6 +430,11 @@@@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ d48 1 a48 1 index f7a4095e..d5a4fa01 100644 d51 1 a51 1 @@@@ -1364,4 +1364,11 @@@@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, d65 1 a65 1 index 5c373d9d..e45abd89 100644 d76 2 a77 1 @@@@ -1819,6 +1820,9 @@@@ case "$enable_explicit_port_randomisation" in a79 1 d87 1 a87 1 index 5d427925..f89f1437 100644 d100 2 a101 2 @@@@ -456,6 +459,14 @@@@ daemon_create_workers(struct daemon* daemon) fatal_exit("dt_create failed"); d115 1 a115 1 @@@@ -729,6 +740,9 @@@@ daemon_cleanup(struct daemon* daemon) d126 1 a126 1 index 3effbafb..4d4c34da 100644 d129 1 a129 1 @@@@ -138,6 +138,11 @@@@ struct daemon { d142 1 a142 1 index 23e3244c..b63d49b7 100644 d145 1 a145 1 @@@@ -76,6 +76,9 @@@@ d155 1 a155 1 @@@@ -535,8 +538,27 @@@@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, d183 2 a184 2 @@@@ -711,6 +733,23 @@@@ answer_from_cache(struct worker* worker, struct query_info* qinfo, *is_secure_answer = 0; d186 1 a186 1 } else *is_secure_answer = 0; d207 1 a207 1 @@@@ -1436,6 +1475,15 @@@@ worker_handle_request(struct comm_point* c, void* arg, int error, d223 1 a223 1 @@@@ -1486,12 +1534,21 @@@@ lookup_cache: d229 2 a230 2 cinfo, &need_drop, &is_expired_answer, &is_secure_answer, &alias_rrset, &partial_rep, (struct reply_info*)e->data, d247 1 a247 1 @@@@ -1548,11 +1605,19 @@@@ lookup_cache: d270 1 a270 1 index cd43f04e..b92a1af8 100644 d273 1 a273 1 @@@@ -1878,6 +1878,81 @@@@ List domain for which the AAAA records are ignored and the A record is d2891 1 a2891 1 index 23b07ea9..c3d31a33 100644 d2904 1 a2904 1 @@@@ -563,6 +566,23 @@@@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, d2928 1 a2928 1 @@@@ -571,6 +591,9 @@@@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, d2938 1 a2938 1 @@@@ -1231,6 +1254,7 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2946 1 a2946 1 @@@@ -1317,8 +1341,7 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2956 1 a2956 1 @@@@ -1326,7 +1349,22 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2979 1 a2979 1 @@@@ -2801,6 +2839,62 @@@@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, d3042 1 a3042 1 @@@@ -3563,12 +3657,44 @@@@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, d3088 1 a3088 1 index 342ac207..49b0ecdd 100644 d3091 1 a3091 1 @@@@ -396,6 +396,16 @@@@ struct iter_qstate { d3107 1 a3107 1 * the QNAME minimisation QTYPE is blocked. Used to determine if d3109 1 a3109 1 index 7b6e142c..6d7449f5 100644 d3112 1 a3112 1 @@@@ -969,6 +969,14 @@@@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, d3128 1 a3128 1 index 4b0c5db4..eb9cfa5b 100644 d3131 1 a3131 1 @@@@ -61,6 +61,9 @@@@ d3141 1 a3141 1 @@@@ -1207,6 +1210,13 @@@@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, d3155 1 a3155 1 @@@@ -1434,6 +1444,7 @@@@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, d3163 1 a3163 1 @@@@ -1480,6 +1491,10 @@@@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, d3175 1 a3175 1 index 0e9ee471..a5fd72e0 100644 d3178 2 a3179 2 @@@@ -1495,6 +1495,8 @@@@ config_delete(struct config_file* cfg) free(cfg->dnstap_tls_client_cert_file); d3188 1 a3188 1 index 66e5025d..504f4f92 100644 d3191 1 a3191 1 @@@@ -522,6 +522,11 @@@@ struct config_file { d3204 1 a3204 1 index 83cea4b9..9a7feea4 100644 d3207 1 a3207 1 @@@@ -467,6 +467,10 @@@@ dnstap-log-forwarder-query-messages{COLON} { d3219 1 a3219 1 index fe600a99..ce43390f 100644 d3222 1 a3222 1 @@@@ -128,6 +128,7 @@@@ extern struct config_parser_state* cfg_parser; d3229 2 a3230 2 %token VAR_IP_DSCP @@@@ -179,7 +180,7 @@@@ extern struct config_parser_state* cfg_parser; d3239 1 a3239 1 @@@@ -2939,6 +2940,50 @@@@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES d3291 1 a3291 1 index be69f628..f10773aa 100644 d3294 1 a3294 1 @@@@ -592,6 +592,35 @@@@ insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, d3330 1 a3330 1 @@@@ -779,6 +808,19 @@@@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, d3351 1 a3351 1 index 4b0294f9..3b3838f6 100644 d3354 1 a3354 1 @@@@ -256,6 +256,10 @@@@ sec_status_to_string(enum sec_status s) d3366 1 a3366 1 index 729877ba..ccd1a0c2 100644 d3387 1 a3387 1 index 3e7a433e..f20d806f 100644 d3400 1 a3400 1 @@@@ -596,6 +599,9 @@@@ comm_point_udp_ancil_callback(int fd, short event, void* arg) d3410 1 a3410 1 @@@@ -685,6 +691,9 @@@@ comm_point_udp_callback(int fd, short event, void* arg) d3420 1 a3420 1 @@@@ -728,6 +737,9 @@@@ comm_point_udp_callback(int fd, short event, void* arg) d3430 1 a3430 1 @@@@ -3175,6 +3187,9 @@@@ comm_point_send_reply(struct comm_reply *repinfo) d3440 1 a3440 1 @@@@ -3184,6 +3199,9 @@@@ comm_point_drop_reply(struct comm_reply* repinfo) d3450 1 a3450 1 @@@@ -3205,6 +3223,9 @@@@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) d3461 1 a3461 1 index bb2cd1e5..666067e8 100644 d3476 1 a3476 1 index c3ca0a27..15251988 100644 d3479 1 a3479 1 @@@@ -2761,6 +2761,12 @@@@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, d3492 1 a3492 1 @@@@ -2794,6 +2800,12 @@@@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, @ 1.1.1.4 log @Import unbound 1.9.6: 6 December 2019: Wouter - Fix ipsecmod compile. - Fix Makefile.in for ipset module compile, from Adi Prasaja. 5 December 2019: Wouter - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 replacements for unbound-fuzzme.c that gets created after applying the contrib/unbound-fuzzme.patch. They are contributed by Eric Sesterhenn from X41 D-Sec. - tag for 1.9.6rc1. 4 December 2019: Wouter - Fix lock type for memory purify log lock deletion. - Fix testbound for alloccheck runs, memory purify and lock checks. - update contrib/fastrpz.patch to apply more cleanly. - Fix Make Test Fails when Configured With --enable-alloc-nonregional, reported by X41 D-Sec. 3 December 2019: Wouter - Merge pull request #124 from rmetrich: Changed log lock from 'quick' to 'basic' because this is an I/O lock. - Fix text around serial arithmatic used for RRSIG times to refer to correct RFC number. - Fix Assert Causing DoS in synth_cname(), reported by X41 D-Sec. - Fix similar code in auth_zone synth cname to add the extra checks. - Fix Assert Causing DoS in dname_pkt_copy(), reported by X41 D-Sec. - Fix OOB Read in sldns_wire2str_dname_scan(), reported by X41 D-Sec. - Fix Out of Bounds Write in sldns_str2wire_str_buf(), reported by X41 D-Sec. - Fix Out of Bounds Write in sldns_b64_pton(), fixed by check in sldns_str2wire_int16_data_buf(), reported by X41 D-Sec. - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), reported by X41 D-Sec. - Fix Out of Bound Write Compressed Names in rdata_copy(), reported by X41 D-Sec. - Fix Hang in sldns_wire2str_pkt_scan(), reported by X41 D-Sec. This further lowers the max to 256. - Fix snprintf() supports the n-specifier, reported by X41 D-Sec. - Fix Bad Indentation, in dnscrypt.c, reported by X41 D-Sec. - Fix Client NONCE Generation used for Server NONCE, reported by X41 D-Sec. - Fix compile error in dnscrypt. - Fix _vfixed not Used, removed from sbuffer code, reported by X41 D-Sec. - Fix Hardcoded Constant, reported by X41 D-Sec. - make depend 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), don't disable time-out when changing to read. 22 November 2019: George - Fix compiler warnings. 22 November 2019: Wouter - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. - Add make distclean that removes everything configure produced, and make maintainer-clean that removes bison and flex output. 20 November 2019: Wouter - Fix Out of Bounds Read in rrinternal_get_owner(), reported by X41 D-Sec. - Fix Race Condition in autr_tp_create(), reported by X41 D-Sec. - Fix Shared Memory World Writeable, reported by X41 D-Sec. - Adjust unbound-control to make stats_shm a read only operation. - Fix Weak Entropy Used For Nettle, reported by X41 D-Sec. - Fix Randomness Error not Handled Properly, reported by X41 D-Sec. - Fix Out-of-Bounds Read in dname_valid(), reported by X41 D-Sec. - Fix Config Injection in create_unbound_ad_servers.sh, reported by X41 D-Sec. - Fix Local Memory Leak in cachedb_init(), reported by X41 D-Sec. - Fix Integer Underflow in Regional Allocator, reported by X41 D-Sec. - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. - Synchronize compat/getentropy_win.c with version 1.5 from OpenBSD, no changes but makes the file, comments, identical. - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD. - Changes to compat/getentropy files for, no link to openssl if using nettle, and hence config.h for HAVE_NETTLE variable. compat definition of MAP_ANON, for older systems. ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. - Fix Terminating Quotes not Written, reported by X41 D-Sec. - Fix Useless memset() in validator, reported by X41 D-Sec. - Fix Unrequired Checks, reported by X41 D-Sec. - Fix Enum Name not Used, reported by X41 D-Sec. - Fix NULL Pointer Dereference via Control Port, reported by X41 D-Sec. - Fix Bad Randomness in Seed, reported by X41 D-Sec. - Fix python examples/calc.py for eval, reported by X41 D-Sec. - Fix comments for doxygen in dns64. 19 November 2019: Wouter - Fix CVE-2019-18934, shell execution in ipsecmod. - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. - Fix authzone printout buffer length check. - Fixes to please lint checks. - Fix Integer Overflow in Regional Allocator, reported by X41 D-Sec. - Fix Unchecked NULL Pointer in dns64_inform_super() and ipsecmod_new(), reported by X41 D-Sec. - Fix Out-of-bounds Read in rr_comment_dnskey(), reported by X41 D-Sec. - Fix Integer Overflows in Size Calculations, reported by X41 D-Sec. - Fix Integer Overflow to Buffer Overflow in sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec. - Fix Out of Bounds Read in sldns_str2wire_dname(), reported by X41 D-Sec. - Fix Out of Bounds Write in sldns_bget_token_par(), reported by X41 D-Sec. 18 November 2019: Wouter - In unbound-host use separate variable for get_option to please code checkers. - update to bison output of 3.4.1 in code repository. - Provide a prototype for compat malloc to remove compile warning. - Portable grep usage for reuseport configure test. - Check return type of HMAC_Init_ex for openssl 0.9.8. - gitignore .source tempfile used for compatible make. 13 November 2019: Wouter - iana portlist updated. - contrib/fastrpz.patch updated to apply for current code. - fixes for splint cleanliness, long vs int in SSL set_mode. 11 November 2019: Wouter - Fix #109: check number of arguments for stdin-pipes in unbound-control and fail if too many arguments. - Merge #102 from jrtc27: Add getentropy emulation for FreeBSD. 24 October 2019: Wouter - Fix #99: Memory leak in ub_ctx (event_base will never be freed). 23 October 2019: George - Add new configure option `--enable-fully-static` to enable full static build if requested; in relation to #91. 23 October 2019: Wouter - Merge #97: manpage: Add missing word on unbound.conf, from Erethon. 22 October 2019: Wouter - drop-tld.diff: adds option drop-tld: yesno that drops 2 label queries, to stop random floods. Apply with patch -p1 < contrib/drop-tld.diff and compile. From Saksham Manchanda (Secure64). Please note that we think this will drop DNSKEY and DS lookups for tlds and hence break DNSSEC lookups for downstream clients. 7 October 2019: Wouter - Add doxygen comments to unbound-anchor source address code, in #86. 3 October 2019: Wouter - Merge #90 from vcunat: fix build with nettle-3.5. - Merge 1.9.4 release with fix for vulnerability CVE-2019-16866. - Continue with development of 1.9.5. - Merge #86 from psquarejho: Added -b source address option to smallapp/unbound-anchor.c, from Lukas Wunner. 26 September 2019: Wouter - Merge #87 from hardfalcon: Fix contrib/unbound.service.in, Drop CAP_KILL, use + prefix for ExecReload= instead. 25 September 2019: Wouter - The unbound.conf includes are sorted ascending, for include statements with a '*' from glob. 23 September 2019: Wouter - Merge #85 for #84 from sam-lunt: Add kill capability to systemd service file to fix that systemctl reload fails. 20 September 2019: Wouter - Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW in unbound.service. - Merge #81 from Maryse47: Consistently use /dev/urandom instead of /dev/random in scripts and docs. - Merge #83 from Maryse47: contrib/unbound.service.in: do not fork into the background. 19 September 2019: Wouter - Fix #78: Memory leak in outside_network.c. - Merge pull request #76 from Maryse47: Improvements and fixes for systemd unbound.service. - oss-fuzz badge on README.md. - Fix fix for #78 to also free service callback struct. - Fix for oss-fuzz build warning. - Fix wrong response ttl for prepended short CNAME ttls, this would create a wrong zero_ttl response count with serve-expired enabled. - Merge #80 from stasic: Improve wording in man page. 11 September 2019: Wouter - Use explicit bzero for wiping clear buffer of hash in cachedb, reported by Eric Sesterhenn from X41 D-Sec. 9 September 2019: Wouter - Fix #72: configure --with-syslog-facility=LOCAL0-7 with default LOG_DAEMON (as before) can set the syslog facility that the server uses to log messages. 4 September 2019: Wouter - Fix #71: fix openssl error squelch commit compilation error. 3 September 2019: Wouter - squelch DNS over TLS errors 'ssl handshake failed crypto error' on low verbosity, they show on verbosity 3 (query details), because there is a high volume and the operator cannot do anything for the remote failure. Specifically filters the high volume errors. 2 September 2019: Wouter - ipset module #28: log that an address is added, when verbosity high. - ipset: refactor long routine into three smaller ones. - updated Makefile dependencies. 23 August 2019: Wouter - Fix contrib/fastrpz.patch asprintf return value checks. 22 August 2019: Wouter - Fix that pkg-config is setup before --enable-systemd needs it. - 1.9.3rc2 release candidate tag. And this became the 1.9.3 release. Master is 1.9.4 in development. 21 August 2019: Wouter - Fix log_dns_msg to log irrespective of minimal responses config. 19 August 2019: Ralph - Document limitation of pidfile removal outside of chroot directory. 16 August 2019: Wouter - Fix unittest valgrind false positive uninitialised value report, where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0 issues an uninitialised value for the token buffer at the str2wire.c rrinternal_get_owner() strcmp with the '@@' value. Rewritten to use straight character comparisons removes the false positive. Also valgrinds --expensive-definedness-checks=yes can stop this false positive. - Please doxygen's parser for "@@" occurrence in doxygen comment. - Fixup contrib/fastrpz.patch - Remove warning about unknown cast-function-type warning pragma. 15 August 2019: Wouter - iana portlist updated. - Fix autotrust temp file uniqueness windows compile. - avoid warning about upcast on 32bit systems for autotrust. - escape commandline contents for -V. - Fix character buffer size in ub_ctx_hosts. - 1.9.3rc1 release candidate tag. - Option -V prints if TCP fastopen is available. 14 August 2019: George - Fix #59, when compiled with systemd support check that we can properly communicate with systemd through the `NOTIFY_SOCKET`. 14 August 2019: Wouter - Generate configlexer with newer flex. - Fix warning for unused variable for compilation without systemd. 12 August 2019: George - Introduce `-V` option to print the version number and build options. Previously reported build options like linked libs and linked modules are now moved from `-h` to `-V` as well for consistency. - PACKAGE_BUGREPORT now also includes link to GitHub issues. 1 August 2019: Wouter - For #52 #53, second context does not close logfile override. - Fix #52 #53, fix for example fail program. - Fix to return after failed auth zone http chunk write. - Fix to remove unused test for task_probe existance. - Fix to timeval_add for remaining second in microseconds. - Check repinfo in worker_handle_request, if null, drop it. 29 July 2019: Wouter - Add verbose log message when auth zone file is written, at level 4. - Add hex print of trust anchor pointer to trust anchor file temp name to make it unique, for libunbound created multiple contexts. 23 July 2019: Wouter - Fix question section mismatch in local zone redirect. 19 July 2019: Wouter - Fix #49: Set no renegotiation on the SSL context to stop client session renegotiation. 12 July 2019: Wouter - Fix #48: Unbound returns additional records on NODATA response, if minimal-responses is enabled, also the additional for negative responses is removed. 9 July 2019: Ralph - Fix in respip addrtree selection. Absence of addr_tree_init_parents() call made it impossible to go up the tree when the matching netmask is too specific. 5 July 2019: Ralph - Fix for possible assertion failure when answering respip CNAME from cache. 25 June 2019: Wouter - For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf when do-not-query-localhost is turned on, or at default on, unbound-checkconf prints a warning if it is found in forward-addr or stub-addr statements. 24 June 2019: Wouter - Fix memleak in unit test, reported from the clang 8.0 static analyzer. 18 June 2019: Wouter - PR #28: IPSet module, by Kevin Chou. Created a module to support the ipset that could add the domain's ip to a list easily. Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md. - Fix to omit RRSIGs from addition to the ipset. - Fix to make unbound-control with ipset, remove unused variable, use unsigned type because of comparison, and assign null instead of compare with it. Remade lex and yacc output. - make depend - Added documentation to the ipset files (for doxygen output). - Merge PR #6: Python module: support multiple instances - Merge PR #5: Python module: define constant MODULE_RESTART_NEXT - Merge PR #4: Python module: assign something useful to the per-query data store 'qdata' - Fix python dict reference and double free in config. 17 June 2019: Wouter - Master contains version 1.9.3 in development. - Fix #39: In libunbound, leftover logfile is close()d unpredictably. - Fix for #24: Fix abort due to scan of auth zone masters using old address from previous scan. 12 June 2019: Wouter - Fix another spoolbuf storage code point, in prefetch. - 1.9.2rc3 release candidate tag. Which became the 1.9.2 release on 17 June 2019. 11 June 2019: Wouter - Fix that fixes the Fix that spoolbuf is not used to store tcp pipelined response between mesh send and callback end, this fixes error cases that did not use the correct spoolbuf. - 1.9.2rc2 release candidate tag. 6 June 2019: Wouter - 1.9.2rc1 release candidate tag. 4 June 2019: Wouter - iana portlist updated. 29 May 2019: Wouter - Fix to guard _OPENBSD_SOURCE from redefinition. 28 May 2019: Wouter - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD. - gitignore config.h.in~. 27 May 2019: Wouter - Fix double file close in tcp pipelined response code. 24 May 2019: Wouter - Fix that spoolbuf is not used to store tcp pipelined response between mesh send and callback end. 20 May 2019: Wouter - Note that so-reuseport at extreme load is better turned off, otherwise queries are not distributed evenly, on Linux 4.4.x. 16 May 2019: Wouter - Fix #31: swig 4.0 and python module. 13 May 2019: Wouter - Squelch log messages from tcp send about connection reset by peer. They can be enabled with verbosity at higher values for diagnosing network connectivity issues. - Attempt to fix malformed tcp response. 9 May 2019: Wouter - Revert fix for oss-fuzz, error is in that build script that unconditionally includes .o files detected by configure, also when the machine architecture uses different LIBOBJS files. 8 May 2019: Wouter - Attempt to fix build failure in oss-fuzz because of reallocarray. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14648. Does not omit compile flags from commandline. 7 May 2019: Wouter - Fix edns-subnet locks, in error cases the lock was not unlocked. - Fix doxygen output error on readme markdown vignettes. 6 May 2019: Wouter - Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64. - Fix #30: AddressSanitizer finding in lookup3.c. This sets the hash function to use a slower but better auditable code that does not read beyond array boundaries. This makes code better security checkable, and is better for security. It is fixed to be slower, but not read outside of the array. 2 May 2019: Wouter - contrib/fastrpz.patch updated for code changes, and with git diff. - Fix .gitignore, add pythonmod and dnstap generated files. And unit test generated files, and generated doc files. 1 May 2019: Wouter - Update makedist for git. - Nicer travis output for clang analysis. - PR #16: XoT support, AXFR over TLS, turn it on with master: # in unbound.conf. This uses TLS to download the AXFR (or IXFR). 25 April 2019: Wouter - Fix wrong query name in local zone redirect answers with a CNAME, the copy of the local alias is in unpacked form. 18 April 2019: Ralph - Scrub RRs from answer section when reusing NXDOMAIN message for subdomain answers. - For harden-below-nxdomain: do not consider a name to be non-exitent when message contains a CNAME record. 18 April 2019: Wouter - travis build file. 16 April 2019: Wouter - Better braces in if statement in TCP fastopen code. - iana portlist updated. 15 April 2019: Wouter - Fix tls write event for read state change to re-call SSL_write and not resume the TLS handshake. 11 April 2019: George - Update python documentation for init_standard(). - Typos. 11 April 2019: Wouter - Fix that auth zone uses correct network type for sockets for SOA serial probes. This fixes that probes fail because earlier probe addresses are unreachable. - Fix that auth zone fails over to next master for timeout in tcp. - Squelch SSL read and write connection reset by peer and broken pipe messages. Verbosity 2 and higher enables them. 8 April 2019: Wouter - Fix to use event_assign with libevent for thread-safety. - verbose information about auth zone lookup process, also lookup start, timeout and fail. - Fix #17: Add python module example from Jan Janak, that is a plugin for the Unbound DNS resolver to resolve DNS records in multicast DNS [RFC 6762] via Avahi. The plugin communicates with Avahi via DBus. The comment section at the beginning of the file contains detailed documentation. - Fix to wipe ssl ticket keys from memory with explicit_bzero, if available. 5 April 2019: Wouter - Fix to reinit event structure for accepted TCP (and TLS) sockets. 4 April 2019: Wouter - Fix spelling error in log output for event method. 3 April 2019: Wouter - Move goto label in answer_from_cache to the end of the function where it is more visible. - Fix auth-zone NSEC3 response for wildcard nodata answers, include the closest encloser in the answer. 2 April 2019: Wouter - Fix auth-zone NSEC3 response for empty nonterminals with exact match nsec3 records. - Fix for out of bounds integers, thanks to OSTIF audit. It is in allocation debug code. - Fix for auth zone nsec3 ent fix for wildcard nodata. 25 March 2019: Wouter - Fix that tls-session-ticket-keys: "" on its own in unbound.conf disables the tls session ticker key calls into the OpenSSL API. - Fix crash if tls-servic-pem not filled in when necessary. 21 March 2019: Wouter - Fix #4240: Fix whitespace cleanup in example.conf. 19 March 2019: Wouter - add type CAA to libpyunbound (accessing libunbound from python). 18 March 2019: Wouter - Add log message, at verbosity 4, that says the query is encrypted with TLS, if that is enabled for the query. - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482. 7 March 2019: Wouter - Fix for #4233: guard use of NDEBUG, so that it can be passed in CFLAGS into configure. @ text @d4 5 a8 5 diff --git a/Makefile.in b/Makefile.in index 721c01b6..56bfb560 100644 --- a/Makefile.in +++ b/Makefile.in @@@@ -23,6 +23,8 @@@@ CHECKLOCK_SRC=testcode/checklocks.c d17 1 a17 1 @@@@ -126,7 +128,7 @@@@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ d21 2 a22 2 -$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) +$(DNSTAP_SRC) $(FASTRPZ_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) d26 1 a26 1 @@@@ -139,7 +141,7 @@@@ autotrust.lo val_anchor.lo \ d30 2 a31 2 -$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo d35 1 a35 1 @@@@ -409,6 +411,11 @@@@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ d47 5 a51 5 diff --git a/config.h.in b/config.h.in index 8c2aa3b9..efaf6450 100644 --- a/config.h.in +++ b/config.h.in @@@@ -1325,4 +1325,11 @@@@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, d64 5 a68 5 diff --git a/configure.ac b/configure.ac index 5276d441..9d74592e 100644 --- a/configure.ac +++ b/configure.ac @@@@ -6,6 +6,7 @@@@ sinclude(ax_pthread.m4) d76 1 a76 1 @@@@ -1726,6 +1727,9 @@@@ case "$enable_ipset" in d86 4 a89 4 diff --git a/daemon/daemon.c b/daemon/daemon.c index 0b1200a2..5857c18b 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c d100 1 a100 3 @@@@ -458,6 +461,14 @@@@ daemon_create_workers(struct daemon* daemon) dt_apply_cfg(daemon->dtenv, daemon->cfg); #else d102 2 a103 2 +#endif + } d110 2 a111 2 #endif } d113 3 a115 2 @@@@ -724,6 +735,9 @@@@ daemon_cleanup(struct daemon* daemon) #ifdef USE_DNSCRYPT d118 1 a118 1 +#endif d121 1 a121 1 #endif d124 6 a129 5 diff --git a/daemon/daemon.h b/daemon/daemon.h index 5749dbef..64ce230f 100644 --- a/daemon/daemon.h +++ b/daemon/daemon.h @@@@ -136,6 +136,11 @@@@ struct daemon { d141 4 a144 4 diff --git a/daemon/worker.c b/daemon/worker.c index e2ce0e87..f031c656 100644 --- a/daemon/worker.c +++ b/daemon/worker.c d155 1 a155 1 @@@@ -533,8 +536,27 @@@@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, d183 1 a183 1 @@@@ -699,6 +721,23 @@@@ answer_from_cache(struct worker* worker, struct query_info* qinfo, d207 1 a207 1 @@@@ -1410,6 +1449,15 @@@@ worker_handle_request(struct comm_point* c, void* arg, int error, d223 1 a223 1 @@@@ -1458,12 +1506,21 @@@@ lookup_cache: d247 1 a247 1 @@@@ -1518,11 +1575,19 @@@@ lookup_cache: d269 5 a273 5 diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 4bdfcd56..69e70627 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@@@ -1801,6 +1801,81 @@@@ List domain for which the AAAA records are ignored and the A record is d355 4 a358 5 diff --git a/fastrpz/librpz.h b/fastrpz/librpz.h new file mode 100644 index 00000000..645279d1 --- /dev/null +++ b/fastrpz/librpz.h d1317 4 a1320 5 diff --git a/fastrpz/rpz.c b/fastrpz/rpz.c new file mode 100644 index 00000000..c5ab7801 --- /dev/null +++ b/fastrpz/rpz.c d2674 4 a2677 5 diff --git a/fastrpz/rpz.h b/fastrpz/rpz.h new file mode 100644 index 00000000..5d7e31c5 --- /dev/null +++ b/fastrpz/rpz.h d2817 4 a2820 5 diff --git a/fastrpz/rpz.m4 b/fastrpz/rpz.m4 new file mode 100644 index 00000000..21235355 --- /dev/null +++ b/fastrpz/rpz.m4 d2886 4 a2889 4 diff --git a/iterator/iterator.c b/iterator/iterator.c index 1e0113a8..2fcbf547 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c d2900 1 a2900 1 @@@@ -555,6 +558,23 @@@@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, d2924 1 a2924 1 @@@@ -563,6 +583,9 @@@@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, d2934 1 a2934 1 @@@@ -1199,6 +1222,7 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2942 1 a2942 1 @@@@ -1285,8 +1309,7 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2952 1 a2952 1 @@@@ -1294,7 +1317,22 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2975 1 a2975 1 @@@@ -2718,6 +2756,62 @@@@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, d3038 1 a3038 1 @@@@ -3471,12 +3565,44 @@@@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, d3049 1 d3084 5 a3088 5 diff --git a/iterator/iterator.h b/iterator/iterator.h index a2f1b570..e1e4a738 100644 --- a/iterator/iterator.h +++ b/iterator/iterator.h @@@@ -386,6 +386,16 @@@@ struct iter_qstate { d3105 5 a3109 5 diff --git a/services/cache/dns.c b/services/cache/dns.c index aa4efec7..5dd3412e 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@@@ -945,6 +945,14 @@@@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, d3124 4 a3127 4 diff --git a/services/mesh.c b/services/mesh.c index d4f814d5..624a9d95 100644 --- a/services/mesh.c +++ b/services/mesh.c d3138 1 a3138 1 @@@@ -1076,6 +1079,13 @@@@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, d3152 1 a3152 1 @@@@ -1255,6 +1265,7 @@@@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, d3160 1 a3160 1 @@@@ -1301,6 +1312,10 @@@@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, d3171 5 a3175 5 diff --git a/util/config_file.c b/util/config_file.c index 119b2223..ce43a234 100644 --- a/util/config_file.c +++ b/util/config_file.c @@@@ -1434,6 +1434,8 @@@@ config_delete(struct config_file* cfg) d3183 6 a3188 6 config_delstrlist(cfg->python_script); diff --git a/util/config_file.h b/util/config_file.h index b3ef930a..56173b80 100644 --- a/util/config_file.h +++ b/util/config_file.h @@@@ -494,6 +494,11 @@@@ struct config_file { d3200 5 a3204 5 diff --git a/util/configlexer.lex b/util/configlexer.lex index a86ddf55..b56bcfb4 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@@@ -438,6 +438,10 @@@@ dnstap-log-forwarder-query-messages{COLON} { d3215 5 a3219 5 diff --git a/util/configparser.y b/util/configparser.y index 10227a2f..cdbcf7cd 100644 --- a/util/configparser.y +++ b/util/configparser.y @@@@ -125,6 +125,7 @@@@ extern struct config_parser_state* cfg_parser; d3227 1 a3227 1 @@@@ -171,7 +172,7 @@@@ extern struct config_parser_state* cfg_parser; d3236 1 a3236 1 @@@@ -2726,6 +2727,50 @@@@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES d3264 2 a3265 2 + if(asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2) == -1) {new_cstr = NULL; yyerror("out of memory");} + else if(!new_cstr) d3277 2 a3278 2 + if(asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2) == -1) {new_cstr = NULL; yyerror("out of memory");} + else if(!new_cstr) d3287 5 a3291 5 diff --git a/util/data/msgencode.c b/util/data/msgencode.c index a51a4b9b..475dfce9 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@@@ -590,6 +590,35 @@@@ insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, d3327 2 a3328 3 @@@@ -777,6 +806,19 @@@@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, } sldns_buffer_write_u16_at(buffer, 10, arcount); d3330 1 d3347 5 a3351 5 diff --git a/util/data/packed_rrset.c b/util/data/packed_rrset.c index 7b9d5494..e44b2ce5 100644 --- a/util/data/packed_rrset.c +++ b/util/data/packed_rrset.c @@@@ -255,6 +255,10 @@@@ sec_status_to_string(enum sec_status s) d3362 5 a3366 5 diff --git a/util/data/packed_rrset.h b/util/data/packed_rrset.h index 3a5335dd..20113217 100644 --- a/util/data/packed_rrset.h +++ b/util/data/packed_rrset.h @@@@ -193,7 +193,15 @@@@ enum sec_status { d3383 4 a3386 4 diff --git a/util/netevent.c b/util/netevent.c index 980bb8be..d537d288 100644 --- a/util/netevent.c +++ b/util/netevent.c d3397 1 a3397 1 @@@@ -590,6 +593,9 @@@@ comm_point_udp_ancil_callback(int fd, short event, void* arg) d3407 1 a3407 1 @@@@ -679,6 +685,9 @@@@ comm_point_udp_callback(int fd, short event, void* arg) d3417 1 a3417 1 @@@@ -722,6 +731,9 @@@@ comm_point_udp_callback(int fd, short event, void* arg) d3427 1 a3427 1 @@@@ -3184,6 +3196,9 @@@@ comm_point_send_reply(struct comm_reply *repinfo) d3437 1 a3437 1 @@@@ -3193,6 +3208,9 @@@@ comm_point_drop_reply(struct comm_reply* repinfo) d3439 1 a3439 1 log_assert(repinfo->c); d3447 1 a3447 1 @@@@ -3214,6 +3232,9 @@@@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) d3449 2 a3450 2 verbose(VERB_ALGO, "comm point start listening %d (%d msec)", c->fd==-1?newfd:c->fd, msec); d3457 5 a3461 5 diff --git a/util/netevent.h b/util/netevent.h index d80c72b3..0233292f 100644 --- a/util/netevent.h +++ b/util/netevent.h @@@@ -120,6 +120,10 @@@@ struct comm_reply { d3472 5 a3476 5 diff --git a/validator/validator.c b/validator/validator.c index 4c560a8e..71de3760 100644 --- a/validator/validator.c +++ b/validator/validator.c @@@@ -2755,6 +2755,12 @@@@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, d3489 1 a3489 1 @@@@ -2788,6 +2794,12 @@@@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, @ 1.1.1.5 log @Import unbound 1.13.1 4 February 2021: Wouter - release 1.13.1rc2 tag on branch-1.13.1 with added changes of 2 feb. This became 1.13.1 release tag on 9 feb. The main branch is set to version 1.13.2. 2 February 2021: Wouter - branch-1.13.1 is created, with release-1.13.1rc1 tag. - Fix dynlibmod link on rhel8 for -ldl inclusion. - Fix windows dependency on libssp.dll because of default stack protector in mingw. - Fix indentation of root anchor for use by windows install script. 1 February 2021: George - Attempt to fix NULL keys in the reuse_tcp tree; relates to #411. 29 January 2021: Wouter - Fix for doxygen 1.8.20 compatibility. 28 January 2021: Wouter - Annotate that we ignore the return value of if_indextoname. - Fix to use correct type for label count in rpz routine. - Fix empty clause warning in config_file nsid parse. - Fix to use correct type for label count in ipdnametoaddr rpz routine. - Fix empty clause warning in edns pass for padding. - Fix fwd ancil test post script when not supported. 26 January 2021: George - Merge PR #408 from fobser: Prevent a few more yacc clashes. - Merge PR #275 from Roland van Rijswijk-Deij: Add feature to return the original instead of a decrementing TTL ('serve-original-ttl') - Merge PR #355 from noloader: Make ICANN Update CA and DS Trust Anchor static data. - Ignore cache blacklisting when trying to reply with expired data from cache (#394). 26 January 2021: Wouter - Fix compile of unbound-dnstap-socket without dnstap installed. 22 January 2021: Willem - Padding of queries and responses with DNS over TLS as specified in RFC7830 and RFC8467. 22 January 2021: George - Fix TTL of SOA record for negative answers (localzone and authzone data) to be the minimum of the SOA TTL and the SOA.MINIMUM. 19 January 2021: Willem - Support for RFC5001: DNS Name Server Identifier (NSID) Option with the nsid: option in unbound.conf 18 January 2021: Wouter - Fix #404: DNS query with small edns bufsize fail. - Fix declaration before statement and signed comparison warning in dns64. 15 January 2021: Wouter - Merge #402 from fobser: Implement IPv4-Embedded addresses according to RFC6052. 14 January 2021: Wouter - Fix for #93: dynlibmodule import library is named libunbound.dll.a. 13 January 2021: Wouter - Merge #399 from xiangbao227: The lock of lruhash table should unlocked after markdel entry. - Fix for #93: dynlibmodule link fix for Windows. 12 January 2021: Wouter - Fix #397: [Feature request] add new type always_null to local-zone similar to always_nxdomain. - Fix so local zone types always_nodata and always_deny can be used from the config file. 8 January 2021: Wouter - Merge PR #391 from fhriley: Add start_time to reply callbacks so modules can compute the response time. - For #391: use struct timeval* start_time for callback information. - For #391: fix indentation. - For #391: more double casts in python start time calculation. - Add comment documentation. - Fix clang analysis warning. 6 January 2021: Wouter - Fix #379: zone loading over HTTP appears to have buffer issues. - Merge PR #395 from mptre: add missing null check. - Fix #387: client-subnet-always-forward seems to effectively bypass any caching? 5 January 2021: Wouter - Fix #385: autoconf 2.70 impacts unbound build - Merge PR #375 by fhriley: Add rpz_enable and rpz_disable commands to unbound-control. 4 January 2021: Wouter - For #376: Fix that comm point event is not double removed or double added to event map. - iana portlist updated. 16 December 2020: George - Fix error cases when udp-connect is set and send() returns an error (modified patch from Xin Li @@delphij). 11 December 2020: Wouter - Fix #371: unbound-control timeout when Unbound is not running. - Fix to squelch permission denied and other errors from remote host, they are logged at higher verbosity but not on low verbosity. - Merge PR #335 from fobser: Sprinkle in some static to prevent missing prototype warnings. - Merge PR #373 from fobser: Warning: arithmetic on a pointer to void is a GNU extension. - Fix missing prototypes in the code. 3 December 2020: Wouter - make depend. - iana portlist updated. 2 December 2020: Wouter - Fix #360: for the additionally reported TCP Fast Open makes TCP connections fail, in that case we print a hint that this is happening with the error in the logs. - Fix #356: deadlock when listening tcp. - Fix unbound-dnstap-socket to not use log routine from interrupt handler and not print so frequently when invoked in sequence. - Fix on windows to ignore connection failure on UDP, unless verbose. - Fix for #283: fix stream reuse and tcp fast open. - Fix update, with write event check with streamreuse and fastopen. 1 December 2020: Wouter - Fix #358: Squelch udp connect 'no route to host' errors on low verbosity. 30 November 2020: Wouter - Fix assertion failure on double callback when iterator loses interest in query at head of line that then has the tcp stream not kept for reuse. - tag for the 1.13.0rc4 release. This also became the 1.13.0 release version on 3 dec 2020 with the streamreuse and fastopen fix from 2 dec 2020. The code repo continues for 1.13.1 in development. 27 November 2020: Wouter - Fix compile warning for type cast in http2_submit_dns_response. - Fix when use free buffer to initialize rbtree for stream reuse. - Fix compile warnings for windows. - Fix compile warnings in rpz initialization. - Fix contrib/metrics.awk for FreeBSD awk compatibility. - tag for the 1.13.0rc3 release. 26 November 2020: Wouter - Fix to omit UDP receive errors from log, if verbosity low. These happen because of udp-connect. - For #352: contrib/metrics.awk for Prometheus style metrics output. - Fix that after failed read, the readagain cannot activate. - Clear readagain upon decommission of pending tcp structure. 25 November 2020: Wouter - with udp-connect ignore connection refused with UDP timeouts. - Fix udp-connect on FreeBSD, do send calls on connected UDP socket. - Better fix for reuse tree comparison for is-tls sockets. Where the tree key identity is preserved after cleanup of the TLS state. - Remove debug commands from reuse tests. - Fix memory leak for edns client tag opcode config element. - Attempt fix for libevent state in tcp reuse cases after a packet is written. - Fix readagain and writeagain callback functions for comm point cleanup. - tag for the 1.13.0rc2 release. 24 November 2020: Wouter - Merge PR #283 : Stream reuse. This implements upstream stream reuse for performing several queries over the same TCP or TLS channel. - set version of main branch to 1.13.0 for upcoming release. - iana portlist updated. - Fix one port unit test for udp-connect. - tag for the 1.13.0rc1 release. - Fix crash when TLS connection is closed prematurely, when reuse tree comparison is not properly identical to insertion. - Fix padding of struct regional for 32bit systems. 23 November 2020: George - Merge PR #313 from Ralph Dolmans: Replace edns-client-tag with edns-client-string option. 23 November 2020: Wouter - Merge #351 from dvzrv: Add AF_NETLINK to set of allowed socket address families. - Fix #350: with the AF_NETLINK permission, to fix 1.12.0 error: failed to list interfaces: getifaddrs: Address family not supported by protocol. - Fix #347: IP_DONTFRAG broken on Apple xcode 12.2. - Option to toggle udp-connect, default is enabled. - Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere with chown of pidfile. - Further fix for it and retvalue 0 fix for it. 12 November 2020: Wouter - Fix to connect() to UDP destinations, default turned on, this lowers vulnerability to ICMP side channels. - Retry for interfaces with unused ports if possible. 10 November 2020: Wouter - Fix #341: fixing a possible memory leak. - Fix memory leak after fix for possible memory leak failure. - Fix #343: Fail to build --with-libnghttp2 with error: 'SSIZE_MAX' undeclared. 27 October 2020: Wouter - In man page note that tls-cert-bundle is read before permission drop and chroot. 22 October 2020: Wouter - Fix #333: Unbound Segmentation Fault w/ log_info Functions From Python Mod. - Fix that minimal-responses does not remove addresses from a priming query response. 21 October 2020: George - Fix #327: net/if.h check fails on some darwin versions; contribution by Joshua Root. - Fix #320: potential memory corruption due to size miscomputation upton custom region alloc init. 21 October 2020: Wouter - Merge PR #228 : infra-keep-probing option to probe hosts that are down. Add infra-keep-probing: yes option. Hosts that are down are probed more frequently. With the option turned on, it probes about every 120 seconds, eventually after exponential backoff, and that keeps that way. If traffic keeps up for the domain. It probes with one at a time, eg. one query is allowed to probe, other queries within that 120 second interval are turned away. 19 October 2020: George - Merge PR #324 from James Renken: Add modern X.509v3 extensions to unbound-control TLS certificates. - Fix for PR #324 to attach the x509v3 extensions to the client certificate. 19 October 2020: Ralph - local-zone regional allocations outside of chunk 19 October 2020: Wouter - Fix that http settings have colon in set_option, for http-endpoint, http-max-streams, http-query-buffer-size, http-response-buffer-size, and http-nodelay. - Fix memory leak of https port string when reading config. - Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. This adds the option http-notls-downstream: yesno to change that, and the dohclient test code has the -n option. - Fix python documentation warning on functions.rst inplace_cb_reply. - Fix dnstap test to wait for log timer to see if queries are logged. - Log ip address when http session recv fails, eg. due to tls fail. - Fix to set the tcp handler event toggle flag back to default when the handler structure is reused. - Clean the fix for out of order TCP processing limits on number of queries. It was tested to work. 16 October 2020: Wouter - Fix that the out of order TCP processing does not limit the number of outstanding queries over a connection. 15 October 2020: George - Fix that if there are reply callbacks for the given rcode, those are called per reply and a new message created if that was modified by the call. - Pass the comm_reply information to the inplace_cb_reply* functions during the mesh state and update the documentation on that. 15 October 2020: Wouter - Merge PR #326 from netblue30: DoH: implement content-length header field - DoH content length, simplify code, remove declaration after statement and fix cast warning. 14 October 2020: Wouter - Fix for python reply callback to see mesh state reply_list member, it only removes it briefly for the commpoint call so that it does not drop it and attempt to modify the reply list during reply. - Fix that if there are on reply callbacks, those are called per reply and a new message created if that was modified by the call. - Free up auth zone parse region after use for lookup of host 13 October 2020: Wouter - Fix #323: unbound testsuite fails on mock build in systemd-nspawn if systemd support is build. 9 October 2020: Wouter - Fix dnstap socket and the chroot not applied properly to the dnstap socket path. - Fix warning in libnss compile, nss_buf2dsa is not used without DSA. 8 October 2020: Wouter - Tag for 1.12.0 release. - Current repo is version 1.12.1 in development. - Fix #319: potential memory leak on config failure, in rpz config. 1 October 2020: Wouter - Current repo is version 1.12.0 for release. Tag for 1.12.0rc1. 30 September 2020: Wouter - Fix doh tests when not compiled in. - Add dohclient test executable to gitignore. - Fix stream_ssl, ssl_req_order and ssl_req_timeout tests for alloc check debug output. - Easier kill of unbound-dnstap-socket tool in test. - Fix memory leak of edns tags at libunbound context delete. - Fix double loopexit for unbound-dnstap-socket after sigterm. 29 September 2020: Ralph - DNS Flag Day 2020: change edns-buffer-size default to 1232. 28 September 2020: Wouter - Fix unit test for dnstap changes, so that it waits for the timer. 23 September 2020: Wouter - Fix #305: dnstap logging significantly affects unbound performance (regression in 1.11). - Fix #305: only wake up thread when threshold reached. - Fix to ifdef fptr wlist item for dnstap. 23 September 2020: Ralph - Fix edns-client-tags get_option typo - Add edns-client-tag-opcode option - Use inclusive language in configuration 21 September 2020: Ralph - Fix #304: dnstap logging not recovering after dnstap process restarts 21 September 2020: Wouter - Merge PR #311 by luismerino: Dynlibmod leak. - Error message is logged for dynlibmod malloc failures. - iana portlist updated. 18 September 2020: Wouter - Fix that prefer-ip4 and prefer-ip6 can be get and set with unbound-control, with libunbound and the unbound-checkconf option output function. - iana portlist updated. 15 September 2020: George - Introduce test for statistics. 15 September 2020: Wouter - Spelling fix. 11 September 2020: Wouter - Remove x file mode on ipset/ipset.c and h files. 9 September 2020: Wouter - Fix num.expired statistics output. 31 August 2020: Wouter - Merge PR #293: Add missing prototype. Also refactor to use the new shorthand function to clean up the code. - Refactor to use sock_strerr shorthand function. - Fix #296: systemd nss-lookup.target is reached before unbound can successfully answer queries. Changed contrib/unbound.service.in. 27 August 2020: Wouter - Similar to NSD PR#113, implement that interface names can be used, eg. something like interface: eth0 is resolved at server start and uses the IP addresses for that named interface. - Review fix, doxygen and assign null in case of error free. 26 August 2020: George - Update documentation in python example code. 24 August 2020: Wouter - Fix that dnstap reconnects do not spam the log with the repeated attempts. Attempts on the timer are only logged on high verbosity, if they produce a connection failure error. - Fix to apply chroot to dnstap-socket-path, if chroot is enabled. - Change configure to use EVP_sha256 instead of HMAC_Update for openssl-3.0.0. 20 August 2020: Ralph - Fix stats double count issue (#289). 13 August 2020: Ralph - Create and init edns tags data for libunbound. 10 August 2020: Ralph - Merge (modified) PR #277, use EVP_MAC_CTX_set_params if available, by Vít#zslav #í#ek. 10 August 2020: Wouter - Fix #287: doc typo: "Additionaly". - Rerun autoconf 6 August 2020: Wouter - Merge PR #284 and Fix #246: Remove DLV entirely from Unbound. The DLV has been decommisioned and in unbound 1.5.4, in 2015, there was advise to stop using it. The current code base does not contain DLV code any more. The use of dlv options displays a warning. 5 August 2020: Wouter - contrib/aaaa-filter-iterator.patch file renewed diff content to apply cleanly to the current coderepo for the current code version. 5 August 2020: Ralph - Merge PR #272: Add EDNS client tag functionality. 4 August 2020: George - Improve error log message when inserting rpz RR. - Merge PR #280, Make tvOS & watchOS checks verify truthiness as well as definedness, by Felipe Gasper. 4 August 2020: Wouter - Fix mini_event.h on OpenBSD cannot find fd_set. 31 July 2020: Wouter - Fix doxygen comment for no ssl for tls session ticket key callback routine. 27 July 2020: George - Merge PR #268, draft-ietf-dnsop-serve-stale-10 has become RFC 8767 on March 2020, by and0x000. 27 July 2020: Ralph - Merge PR #269, Fix python module len() implementations, by Torbjörn Lönnemark 27 July 2020: Wouter - branch now named 1.11.1. 1.11.0rc1 became the 1.11.0 release. - Merge PR #270 from cgzones: munin plugin: always exit 0 in autoconf 20 July 2020: Wouter - Fix streamtcp to print packet data to stdout. This makes the stdout and stderr not mix together lines, when parsing its output. - Fix contrib/fastrpz.patch to apply cleanly. It fixes for changes due to added libdynmod, but it does not compile, it conflicts with new rpz code. - branch now named 1.11.0 and 1.11.0rc1 tag. 17 July 2020: Wouter - Fix libnettle compile for session ticket key callback function changes. - Fix lock dependency cycle in rpz zone config setup. 17 July 2020: Ralph - Merge PR #234 - Ensure proper alignment of cmsg buffers by Jérémie Courrèges-Anglas. - Fix PR #234 log_assert sizeof to use union buffer. 16 July 2020: Wouter - Fix check conf test for referencing installation paths. - Fix unused variable warning for clang analyzer. 16 July 2020: George - Introduce 'include-toplevel:' configuration option. 16 July 2020: Ralph - Add bidirectional frame streams support. 8 July 2020: Wouter - Fix add missing DSA header, for compilation without deprecated OpenSSL APIs. - Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL 3.0.0-alpha4. - Longer keys for the test set, this avoids weak crypto errors. 7 July 2020: Wouter - Fix #259: Fix unbound-checkconf does not check view existence. unbound-checkconf checks access-control-view, access-control-tags, access-control-tag-actions and access-control-tag-datas. - Fix offset of error printout for access-control-tag-datas. - Review fixes for checkconf #259 change. 6 July 2020: Wouter - run_vm cleanup better and removes trailing slash on single argument. 29 June 2020: Wouter - Move reply list clean for serve expired mesh callback to after the reply is sent, so that script callbacks have reply_info. - Also move reply list clean for mesh callbacks to the scrip callback can see the reply_info. - Fix for mesh accounting if the reply list already empty to begin with. - Fix for mesh accounting when rpz decides to drop a reply with a tcp stream waiting for it. - Review fix for number of detached states due to use of variable after end of loop. - Fix tcp req info drop due to size call into mesh accounting removal of mesh state during mesh send reply. 24 June 2020: Wouter - iana portlist updated. - doxygen file comments for dynlibmodule. 17 June 2020: Wouter - Fix default explanation in man page for qname-minimisation-strict. - Fix display of event loop method with libev. 8 June 2020: Wouter - Mention tls name possible when tls is enabled for stub-addr in the man page. 27 May 2020: George - Merge PR #241 by Robert Edmonds: contrib/libunbound.pc.in: Do not use "Requires:". 25 May 2020: George - Update contrib/aaaa-filter-iterator.patch for the recent generate_sub_request() change and to apply cleanly. 21 May 2020: George - Fix for integer overflow when printing RDF_TYPE_TIME. 19 May 2020: Wouter - CVE-2020-12662 Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target. - CVE-2020-12663 Malformed answers from upstream name servers can be used to make Unbound unresponsive. - Release 1.10.1 is 1.10.0 with fixes, code repository continues, including those fixes, towards the next release. Configure has version 1.10.2 version number in it. - For PR #93: windows compile warnings removal - windows compile warnings removal for ip dscp option code. - For PR #93: unit test for dynlib module. 18 May 2020: Wouter - For PR #93: dynlibmod can handle reloads and deinit and inits again, with dlclose and dlopen of the library again. Also for multiple modules. Fix memory leak by not closing dlopened content. Fix to allow one dynlibmod instance by unbound-checkconf. - For PR #93: checkconf allows multiple dynlib in module-config, for a couple cases. - For PR #93: checkconf allows python dynlib in module-config, for a couple cases. - For PR #93: man page spelling reference fix. - For PR #93: fix link of other executables for dynlibmod dependency. 15 May 2020: Wouter - Merge PR #93: Add dynamic library support. - Fixed conflicts for PR #93 and make configure, yacc, lex. - For PR #93: Fix warnings for dynlibmodule. 15 May 2020: Ralph - Cache ECS answers with longest scope of CNAME chain. 22 April 2020: George - Explicitly use 'rrset-roundrobin: no' for test cases. 21 April 2020: Wouter - Merge #225 from akhait: KSK-2010 has been revoked. It removes the KSK-2010 from the default list in unbound-anchor, now that the revocation period is over. KSK-2017 is the only trust anchor in the shipped default now. 21 April 2020: George - Change default value for 'rrset-roundrobin' to yes. - Fix tests for new rrset-roundrobin default. 20 April 2020: Wouter - Fix #222: --enable-rpath, fails to rpath python lib. - Fix for count of reply states in the mesh. - Remove unneeded was_mesh_reply check. 17 April 2020: George - Add SNI support on more TLS connections (fixes #193). - Add SNI support to unbound-anchor. 16 April 2020: George - Add doxygen documentation for DSCP. 16 April 2020: Wouter - Fix help return code in unbound-control-setup script. - Fix for posix shell syntax for trap in nsd-control-setup. - Fix for posix shell syntax for trap in run_msg.sh test script. 15 April 2020: George - Fix #220: auth-zone section in config may lead to segfault. 7 April 2020: Wouter - Merge PR #214 from gearnode: unbound-control-setup recreate certificates. With the -r option the certificates are created again, without it, only the files that do not exist are created. 6 April 2020: Ralph - Keep track of number of timeouts. Use this counter to determine if capsforid fallback should be started. 6 April 2020: George - More documentation for redis-expire-records option. 1 April 2020: George - Merge PR #206: Redis TTL, by Talkabout. 30 March 2020: Wouter - Merge PR #207: Clarify if-automatic listens on 0.0.0.0 and :: - Merge PR #208: Fix uncached CLIENT_RESPONSE'es on stateful transports. 27 March 2020: Wouter - Merge PR #203 from noloader: Update README-Travis.md with current procedures. 27 March 2020: Ralph - Make unbound-control error returned on missing domain name more user friendly. 26 March 2020: Ralph - Fix RPZ concurrency issue when using auth_zone_reload. 25 March 2020: George - Merge PR #201 from noloader: Fix OpenSSL cross-compaile warnings. - Fix on #201. 24 March 2020: Wouter - Merge PR #200 from yarikk: add ip-dscp option to specify the DSCP tag for outgoing packets. - Fixes on #200. - Travis fix for ios by omitting tools from install. 23 March 2020: Wouter - Fix compile on Solaris for unbound-checkconf. 20 March 2020: George - Merge PR #198 from fobser: Declare lz_enter_rr_into_zone() static, it's only used in this file. 20 March 2020: Wouter - Merge PR #197 from fobser: Make log_ident_revert_to_default() a proper prototype. 19 March 2020: Ralph - Merge PR#191: Update iOS testing on Travis, by Jeffrey Walton. - Fix #158: open tls-session-ticket-keys as binary, for Windows. By Daisuke HIGASHI. - Merge PR#134, Allow the kernel to provide random source ports. By Florian Obser. - Log warning when using outgoing-port-permit and outgoing-port-avoid while explicit port randomisation is disabled. - Merge PR#194: Add libevent testing to Travis, by Jeffrey Walton. - Fix .travis.yml error, missing 'env' option. 16 March 2020: Wouter - Fix #192: In the unbound-checkconf tool, the module config of dns64 subnetcache respip validator iterator is whitelisted, it was reported it seems to work. 12 March 2020: Wouter - Fix compile of test tools without protobuf. 11 March 2020: Ralph - Add check to make sure RPZ records are subdomains of configured zone origin. 11 March 2020: George - Fix #189: mini_event.h:142:17: error: field 'ev_timeout' has incomplete type, by noloader. - Changelog entry for (Fix #189, Merge PR #190). 11 March 2020: Wouter - Fix #188: unbound-control.c:882:6: error: 'execlp' is unavailable: not available on tvOS. 6 March 2020: George - Merge PR #186, fix #183: Fix unrecognized 'echo -n' option on OS X, by noloader 5 March 2020: Wouter - Fix PR #182 from noloader: Add iOS testing to Travis. 4 March 2020: Ralph - Update README-Travis.md (from PR #179), by Jeffrey Walton. 4 March 2020: George - Merge PR #181 from noloader: Fix OpenSSL -pie warning on Android. 4 March 2020: Wouter - Merge PR #180 from noloader: Avoid calling exit in Travis script. 3 March 2020: George - Upgrade config.guess(2020-01-01) and config.sub(2020-01-01). 2 March 2020: Ralph - Fix #175, Merge PR #176: fix link error when OpenSSL is configured with no-engine, thanks noloader. 2 March 2020: George - Fix compiler warning in dns64/dns64.c - Merge PR #174: Add Android to Travis testing, by noloader. - Move android build scripts to contrib/ and allow android tests to fail. 2 March 2020: Wouter - Fix #177: dnstap does not build on macOS. 28 February 2020: Ralph - Merge PR #172: Add IBM s390x arch for testing, by noloader. 28 February 2020: Wouter - Merge PR #173: updated makedist.sh for config.guess and config.sub and sha256 digest for gpg, by noloader. - Merge PR #164: Framestreams, this branch implements dnstap unidirectional connectivity in unbound. This has a number of new features. The dependency on libfstrm is removed. The fstrm protocol code resides in dnstap/dnstap_fstrm.h and dnstap/dnstap_fstrm.c. This contains a brief definition of what unbound needs. The make unbound-dnstap-socket builds a debug tool, unbound-dnstap-socket. It can listen, accept multiple DNSTAP streams and print information. Commandline options control it. Unbound can reconnect if the unix domain socket file socket is closed. This uses exponential backoff after which it uses a one second timer to throttle cpu down. There is also support to use TCP and TLS for connecting to the log server. There are new config options to turn them on, in the dnstap section in the man page and example config file. dnstap-ip with IP address of server for TCP or TLS use. dnstap-tls to turn on TLS. And dnstap-tls-server-name, dnstap-tls-cert-bundle, dnstap-tls-client-key-file and dnstap-tls-client-cert-file to configure the certificates for server authentication and client authentication, or leave at "" to not use that. 27 February 2020: George - Merge PR #171: Add additional compilers and platforms to Travis testing, by noloader. 27 February 2020: Wouter - Fix #169: Fix warning for daemon/remote.c output may be truncated from snprintf. - Fix #170: Fix gcc undefined sanitizer signed integer overflow warning in signature expiry RFC1982 serial number arithmetic. - Fix more undefined sanitizer issues, in respip copy_rrset null dname, and in the client_info_compare routine for null memcmp. 26 February 2020: Wouter - iana portlist updated. 25 February 2020: Wouter - Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for using ipv4 filters, because the hosts ip6 netblock /64 is not owned by one operator, and thus reputation is shared. 24 February 2020: George - Merge PR #166: Fix typo in unbound.service.in, by glitsj16. 20 February 2020: Wouter - Updated contrib/unbound_smf23.tar.gz with Solaris SMF service for Unbound from Yuri Voinov. - master branch has 1.10.1 version. 18 February 2020: Wouter - protect X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS with ifdef for different openssl versions. 17 February 2020: Wouter - changelog point where the tag for 1.10.0rc2 release is. And with the unbound_smf23 commit added to it, that is the 1.10.0 release. 17 February 2020: Ralph - Add respip to supported module-config options in unbound-checkconf. 17 February 2020: George - Remove unused variable. 17 February 2020: Wouter - contrib/drop2rpz: perl script that converts the Spamhaus DROP-List in RPZ-Format, contributed by Andreas Schulze. 14 February 2020: Wouter - Fix spelling in unbound.conf.5.in. - Stop unbound-checkconf from insisting that auth-zone and rpz zonefiles have to exist. They can not exist, and download later. 13 February 2020: Wouter - tag for 1.10.0rc1 release. 12 February 2020: Wouter - Fix with libnettle make test with dsa disabled. - Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale fixes, but it does not compile, conflicts with new rpz code. - Fix to clean memory leak of respip_addr.lock when ip_tree deleted. - Fix compile warning when threads disabled. - updated version number to 1.10.0. 10 February 2020: George - Document 'ub_result.was_ratelimited' in libunbound. - Fix use after free on log-identity after a reload; Fixes #163. 6 February 2020: George - Fix num_reply_states and num_detached_states counting with serve_expired_callback. - Cleaner code in mesh_serve_expired_lookup. - Document in unbound.conf manpage that configuration clauses can be repeated in the configuration file. 6 February 2020: Wouter - Fix num_reply_addr counting in mesh and tcp drop due to size after serve_stale commit. - Fix to create and destroy rpz_lock in auth_zones structure. - Fix to lock zone before adding rpz qname trigger. - Fix to lock and release once in mesh_serve_expired_lookup. - Fix to put braces around empty if body when threading is disabled. 5 February 2020: George - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend. 3 February 2020: Ralph - Add assertion to please static analyzer 31 January 2020: Wouter - Fix fclose on error in TLS session ticket code. 30 January 2020: Ralph - Fix memory leak in error condition remote.c - Fix double free in error condition view.c - Fix memory leak in do_auth_zone_transfer on success - Merge RPZ support into master. Only QNAME and Response IP triggers are supported. - Stop working on socket when socket() call returns an error. - Check malloc return values in TLS session ticket code 30 January 2020: Wouter - Fix subnet tests for disabled DSA algorithm by default. - Update contrib/fastrpz.patch for clean diff with current code. - Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds and Frzk. Updates the unbound.service systemd file and adds a portable systemd service file. - updated .gitignore for added contrib file. - Add build rule for ipset to Makefile - Add getentropy_freebsd.o to Makefile dependencies. 29 January 2020: Ralph - Merge PR#156 from Alexander Berkes; Added unbound-control view_local_datas_remove command. 29 January 2020: Wouter - Fix #157: undefined reference to `htobe64'. 28 January 2020: Ralph - Merge PR#147; change rfc reference for reserved top level dns names. 28 January 2020: Wouter - iana portlist updated. - Fix to silence the tls handshake errors for broken pipe and reset by peer, unless verbosity is set to 2 or higher. 27 January 2020: Ralph - Merge PR#154; Allow use of libbsd functions with configure option --with-libbsd. By Robert Edmonds and Steven Chamberlain. - Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai. 27 January 2020: Wouter - Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies. - Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance. 23 January 2020: Wouter - Merge PR#150 from Frzk: Systemd unit without chroot. It add contrib/unbound_nochroot.service.in, a systemd file for use with chroot: "", see comments in the file, it uses systemd protections instead. 14 January 2020: Wouter - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, because dnscrypt-proxy (2.0.36) does not support the test setup any more, and also the config file format does not seem to have the appropriate keys to recreate that setup. - Fix crash after reload where a stats lookup could reference old key cache and neg cache structures. - Fix for memory leak when edns subnet config options are read when compiled without edns subnet support. - Fix auth zone support for NSEC3 records without salt. 10 January 2020: Wouter - Fix the relationship between serve-expired and prefetch options, patch from Saksham Manchanda from Secure64. - Fix unreachable code in ssl set options code. 8 January 2020: Ralph - Fix #138: stop binding pidfile inside chroot dir in systemd service file. 8 January 2020: Wouter - Fix 'make test' to work for --disable-sha1 configure option. - Fix out-of-bounds null-byte write in sldns_bget_token_par while parsing type WKS, reported by Luis Merino from X41 D-Sec. - Updated sldns_bget_token_par fix for also space for the zero delimiter after the character. And update for more spare space. 6 January 2020: George - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. The dl_iterate_phdr() function introduced in newer versions raises compilation errors on solaris 10. - Changes to compat/getentropy_solaris.c for, ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. 6 January 2020: Wouter - Merge #135 from Florian Obser: Use passed in neg and key cache if non-NULL. - Fix #140: Document slave not downloading new zonefile upon update. 16 December 2019: George - Update mailing list URL. 12 December 2019: Ralph - Master is 1.9.7 in development. - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by Florian Obser 10 December 2019: Wouter - Fix to make auth zone IXFR to fallback to AXFR if a single response RR is received over TCP with the SOA in it. @ text @d5 1 a5 1 index bac212df..4824927f 100644 d16 2 a17 2 WITH_DYNLIBMODULE=@@WITH_DYNLIBMODULE@@ @@@@ -134,7 +136,7 @@@@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ d26 1 a26 1 @@@@ -147,7 +149,7 @@@@ autotrust.lo val_anchor.lo rpz.lo \ d30 2 a31 2 -$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo d35 1 a35 1 @@@@ -428,6 +430,11 @@@@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ d48 1 a48 1 index f7a4095e..d5a4fa01 100644 d51 1 a51 1 @@@@ -1364,4 +1364,11 @@@@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, d65 1 a65 1 index 5c373d9d..e45abd89 100644 d76 2 a77 1 @@@@ -1819,6 +1820,9 @@@@ case "$enable_explicit_port_randomisation" in a79 1 d87 1 a87 1 index 5d427925..f89f1437 100644 d100 2 a101 2 @@@@ -456,6 +459,14 @@@@ daemon_create_workers(struct daemon* daemon) fatal_exit("dt_create failed"); d115 1 a115 1 @@@@ -729,6 +740,9 @@@@ daemon_cleanup(struct daemon* daemon) d126 1 a126 1 index 3effbafb..4d4c34da 100644 d129 1 a129 1 @@@@ -138,6 +138,11 @@@@ struct daemon { d142 1 a142 1 index 23e3244c..b63d49b7 100644 d145 1 a145 1 @@@@ -76,6 +76,9 @@@@ d155 1 a155 1 @@@@ -535,8 +538,27 @@@@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, d183 2 a184 2 @@@@ -711,6 +733,23 @@@@ answer_from_cache(struct worker* worker, struct query_info* qinfo, *is_secure_answer = 0; d186 1 a186 1 } else *is_secure_answer = 0; d207 1 a207 1 @@@@ -1436,6 +1475,15 @@@@ worker_handle_request(struct comm_point* c, void* arg, int error, d223 1 a223 1 @@@@ -1486,12 +1534,21 @@@@ lookup_cache: d229 2 a230 2 cinfo, &need_drop, &is_expired_answer, &is_secure_answer, &alias_rrset, &partial_rep, (struct reply_info*)e->data, d247 1 a247 1 @@@@ -1548,11 +1605,19 @@@@ lookup_cache: d270 1 a270 1 index cd43f04e..b92a1af8 100644 d273 1 a273 1 @@@@ -1878,6 +1878,81 @@@@ List domain for which the AAAA records are ignored and the A record is d2891 1 a2891 1 index 23b07ea9..c3d31a33 100644 d2904 1 a2904 1 @@@@ -563,6 +566,23 @@@@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, d2928 1 a2928 1 @@@@ -571,6 +591,9 @@@@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, d2938 1 a2938 1 @@@@ -1231,6 +1254,7 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2946 1 a2946 1 @@@@ -1317,8 +1341,7 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2956 1 a2956 1 @@@@ -1326,7 +1349,22 @@@@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, d2979 1 a2979 1 @@@@ -2801,6 +2839,62 @@@@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, d3042 1 a3042 1 @@@@ -3563,12 +3657,44 @@@@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, d3088 1 a3088 1 index 342ac207..49b0ecdd 100644 d3091 1 a3091 1 @@@@ -396,6 +396,16 @@@@ struct iter_qstate { d3107 1 a3107 1 * the QNAME minimisation QTYPE is blocked. Used to determine if d3109 1 a3109 1 index 7b6e142c..6d7449f5 100644 d3112 1 a3112 1 @@@@ -969,6 +969,14 @@@@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, d3128 1 a3128 1 index 4b0c5db4..eb9cfa5b 100644 d3131 1 a3131 1 @@@@ -61,6 +61,9 @@@@ d3141 1 a3141 1 @@@@ -1207,6 +1210,13 @@@@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, d3155 1 a3155 1 @@@@ -1434,6 +1444,7 @@@@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, d3163 1 a3163 1 @@@@ -1480,6 +1491,10 @@@@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, d3175 1 a3175 1 index 0e9ee471..a5fd72e0 100644 d3178 2 a3179 2 @@@@ -1495,6 +1495,8 @@@@ config_delete(struct config_file* cfg) free(cfg->dnstap_tls_client_cert_file); d3188 1 a3188 1 index 66e5025d..504f4f92 100644 d3191 1 a3191 1 @@@@ -522,6 +522,11 @@@@ struct config_file { d3204 1 a3204 1 index 83cea4b9..9a7feea4 100644 d3207 1 a3207 1 @@@@ -467,6 +467,10 @@@@ dnstap-log-forwarder-query-messages{COLON} { d3219 1 a3219 1 index fe600a99..ce43390f 100644 d3222 1 a3222 1 @@@@ -128,6 +128,7 @@@@ extern struct config_parser_state* cfg_parser; d3229 2 a3230 2 %token VAR_IP_DSCP @@@@ -179,7 +180,7 @@@@ extern struct config_parser_state* cfg_parser; d3239 1 a3239 1 @@@@ -2939,6 +2940,50 @@@@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES d3291 1 a3291 1 index be69f628..f10773aa 100644 d3294 1 a3294 1 @@@@ -592,6 +592,35 @@@@ insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, d3330 1 a3330 1 @@@@ -779,6 +808,19 @@@@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, d3351 1 a3351 1 index 4b0294f9..3b3838f6 100644 d3354 1 a3354 1 @@@@ -256,6 +256,10 @@@@ sec_status_to_string(enum sec_status s) d3366 1 a3366 1 index 729877ba..ccd1a0c2 100644 d3387 1 a3387 1 index 3e7a433e..f20d806f 100644 d3400 1 a3400 1 @@@@ -596,6 +599,9 @@@@ comm_point_udp_ancil_callback(int fd, short event, void* arg) d3410 1 a3410 1 @@@@ -685,6 +691,9 @@@@ comm_point_udp_callback(int fd, short event, void* arg) d3420 1 a3420 1 @@@@ -728,6 +737,9 @@@@ comm_point_udp_callback(int fd, short event, void* arg) d3430 1 a3430 1 @@@@ -3175,6 +3187,9 @@@@ comm_point_send_reply(struct comm_reply *repinfo) d3440 1 a3440 1 @@@@ -3184,6 +3199,9 @@@@ comm_point_drop_reply(struct comm_reply* repinfo) d3450 1 a3450 1 @@@@ -3205,6 +3223,9 @@@@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) d3461 1 a3461 1 index bb2cd1e5..666067e8 100644 d3476 1 a3476 1 index c3ca0a27..15251988 100644 d3479 1 a3479 1 @@@@ -2761,6 +2761,12 @@@@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, d3492 1 a3492 1 @@@@ -2794,6 +2800,12 @@@@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, @ 1.1.1.1.4.1 log @file fastrpz.patch was added on branch netbsd-8 on 2018-04-12 01:38:43 +0000 @ text @d1 3552 @ 1.1.1.1.4.2 log @Pull up following revision(s) (requested by snj in ticket #744): doc/3RDPARTY: 1.1502 distrib/sets/lists/base/shl.mi: 1.829 distrib/sets/lists/debug/shl.mi: 1.191 external/bsd/unbound/Makefile.inc: up to 1.4 external/bsd/unbound/dist/.gitattributes: up to 1.1.1.1 external/bsd/unbound/dist/.gitignore: up to 1.1.1.2 external/bsd/unbound/dist/Makefile.in: up to 1.1.1.2 external/bsd/unbound/dist/ac_pkg_swig.m4: up to 1.1.1.2 external/bsd/unbound/dist/aclocal.m4: up to 1.1.1.2 external/bsd/unbound/dist/acx_nlnetlabs.m4: up to 1.1.1.2 external/bsd/unbound/dist/acx_python.m4: up to 1.1.1.2 external/bsd/unbound/dist/cachedb/cachedb.c: up to 1.1.1.2 external/bsd/unbound/dist/compat/arc4_lock.c: up to 1.1.1.2 external/bsd/unbound/dist/compat/arc4random.c: up to 1.1.1.2 external/bsd/unbound/dist/compat/ctime_r.c: up to 1.1.1.2 external/bsd/unbound/dist/compat/getentropy_linux.c: up to 1.1.1.2 external/bsd/unbound/dist/config.h.in: up to 1.1.1.2 external/bsd/unbound/dist/configure: up to 1.1.1.2 external/bsd/unbound/dist/configure.ac: up to 1.1.1.2 external/bsd/unbound/dist/contrib/README: up to 1.1.1.2 external/bsd/unbound/dist/contrib/aaaa-filter-iterator.patch: up to 1.1.1.2 external/bsd/unbound/dist/contrib/fastrpz.patch: up to 1.1.1.1 external/bsd/unbound/dist/contrib/libunbound.pc.in: up to 1.1.1.1 external/bsd/unbound/dist/contrib/parseunbound.pl: up to 1.1.1.2 external/bsd/unbound/dist/contrib/redirect-bogus.patch: up to 1.1.1.1 external/bsd/unbound/dist/contrib/unbound.service.in: up to 1.1.1.1 external/bsd/unbound/dist/contrib/unbound.socket.in: up to 1.1.1.1 external/bsd/unbound/dist/contrib/unbound_munin_: up to 1.1.1.2 external/bsd/unbound/dist/daemon/acl_list.c: up to 1.1.1.2 external/bsd/unbound/dist/daemon/acl_list.h: up to 1.1.1.2 external/bsd/unbound/dist/daemon/cachedump.c: up to 1.1.1.2 external/bsd/unbound/dist/daemon/daemon.c: up to 1.1.1.2 external/bsd/unbound/dist/daemon/daemon.h: up to 1.1.1.2 external/bsd/unbound/dist/daemon/remote.c: up to 1.1.1.2 external/bsd/unbound/dist/daemon/remote.h: up to 1.1.1.2 external/bsd/unbound/dist/daemon/stats.c: up to 1.1.1.2 external/bsd/unbound/dist/daemon/stats.h: up to 1.1.1.2 external/bsd/unbound/dist/daemon/unbound.c: up to 1.1.1.2 external/bsd/unbound/dist/daemon/worker.c: up to 1.1.1.2 external/bsd/unbound/dist/daemon/worker.h: up to 1.1.1.2 external/bsd/unbound/dist/dns64/dns64.c: up to 1.1.1.2 external/bsd/unbound/dist/dnscrypt/cert.h: up to 1.1.1.1 external/bsd/unbound/dist/dnscrypt/dnscrypt.c: up to 1.1.1.1 external/bsd/unbound/dist/dnscrypt/dnscrypt.h: up to 1.1.1.1 external/bsd/unbound/dist/dnscrypt/dnscrypt.m4: up to 1.1.1.1 external/bsd/unbound/dist/dnscrypt/dnscrypt_config.h.in: up to 1.1.1.1 external/bsd/unbound/dist/dnscrypt/testdata/gencert.sh: up to 1.1.1.1 external/bsd/unbound/dist/dnscrypt/testdata/keys1/public.key: up to 1.1.1.1 external/bsd/unbound/dist/dnscrypt/testdata/keys1/secret.key: up to 1.1.1.1 external/bsd/unbound/dist/dnscrypt/testdata/keys2/public.key: up to 1.1.1.1 external/bsd/unbound/dist/dnscrypt/testdata/keys2/secret.key: up to 1.1.1.1 external/bsd/unbound/dist/dnstap/dnstap.c: up to 1.1.1.2 external/bsd/unbound/dist/doc/CNAME-basedRedirectionDesignNotes.pdf: up to 1.1.1.1 external/bsd/unbound/dist/doc/Changelog: up to 1.1.1.2 external/bsd/unbound/dist/doc/IP-BasedActions.pdf: up to 1.1.1.1 external/bsd/unbound/dist/doc/README: up to 1.1.1.2 external/bsd/unbound/dist/doc/example.conf.in: up to 1.1.1.2 external/bsd/unbound/dist/doc/libunbound.3.in: up to 1.1.1.2 external/bsd/unbound/dist/doc/requirements.txt: up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound-anchor.8.in: up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound-checkconf.8.in: up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound-control.8.in: up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound-host.1.in: up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound.8.in: up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound.conf.5.in: up to 1.1.1.2 external/bsd/unbound/dist/doc/unbound.doxygen: up to 1.1.1.2 external/bsd/unbound/dist/edns-subnet/addrtree.c: up to 1.1.1.1 external/bsd/unbound/dist/edns-subnet/addrtree.h: up to 1.1.1.1 external/bsd/unbound/dist/edns-subnet/edns-subnet.c: up to 1.1.1.1 external/bsd/unbound/dist/edns-subnet/edns-subnet.h: up to 1.1.1.1 external/bsd/unbound/dist/edns-subnet/subnet-whitelist.c: up to 1.1.1.1 external/bsd/unbound/dist/edns-subnet/subnet-whitelist.h: up to 1.1.1.1 external/bsd/unbound/dist/edns-subnet/subnetmod.c: up to 1.1.1.1 external/bsd/unbound/dist/edns-subnet/subnetmod.h: up to 1.1.1.1 external/bsd/unbound/dist/ipsecmod/ipsecmod-whitelist.c: up to 1.1.1.1 external/bsd/unbound/dist/ipsecmod/ipsecmod-whitelist.h: up to 1.1.1.1 external/bsd/unbound/dist/ipsecmod/ipsecmod.c: up to 1.1.1.1 external/bsd/unbound/dist/ipsecmod/ipsecmod.h: up to 1.1.1.1 external/bsd/unbound/dist/iterator/iter_delegpt.c: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_delegpt.h: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_donotq.h: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_fwd.c: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_fwd.h: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_hints.c: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_hints.h: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_priv.h: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_scrub.c: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_utils.c: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iter_utils.h: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iterator.c: up to 1.1.1.2 external/bsd/unbound/dist/iterator/iterator.h: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/context.c: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/context.h: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/libunbound.c: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/libworker.c: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/libworker.h: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/conf.py: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/examples/example1a.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/examples/example1b.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/examples/example2.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/examples/example3.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/examples/example4.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/examples/example5.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/examples/example6.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/examples/example7.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/examples/example8.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/examples/index.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/install.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/python/doc/intro.rst: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/unbound-event.h: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/unbound.h: up to 1.1.1.2 external/bsd/unbound/dist/libunbound/worker.h: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/conf.py: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/examples/example0-1.py: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/examples/example0.rst: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/examples/example1.rst: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/examples/example2.rst: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/examples/example3.rst: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/examples/example4.rst: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/examples/example5.rst: up to 1.1.1.1 external/bsd/unbound/dist/pythonmod/doc/examples/example6.rst: up to 1.1.1.1 external/bsd/unbound/dist/pythonmod/doc/examples/index.rst: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/install.rst: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/modules/functions.rst: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/modules/struct.rst: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/doc/usecase.rst: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/examples/edns.py: up to 1.1.1.1 external/bsd/unbound/dist/pythonmod/examples/inplace_callbacks.py: up to 1.1.1.1 external/bsd/unbound/dist/pythonmod/interface.i: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/pythonmod.c: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/pythonmod.h: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/pythonmod_utils.c: up to 1.1.1.2 external/bsd/unbound/dist/pythonmod/test-edns.conf: up to 1.1.1.1 external/bsd/unbound/dist/pythonmod/test-inplace_callbacks.conf: up to 1.1.1.1 external/bsd/unbound/dist/respip/respip.c: up to 1.1.1.1 external/bsd/unbound/dist/respip/respip.h: up to 1.1.1.1 external/bsd/unbound/dist/services/authzone.c: up to 1.1.1.1 external/bsd/unbound/dist/services/authzone.h: up to 1.1.1.1 external/bsd/unbound/dist/services/cache/dns.c: up to 1.1.1.2 external/bsd/unbound/dist/services/cache/dns.h: up to 1.1.1.2 external/bsd/unbound/dist/services/cache/infra.c: up to 1.1.1.2 external/bsd/unbound/dist/services/cache/infra.h: up to 1.1.1.2 external/bsd/unbound/dist/services/cache/rrset.c: up to 1.1.1.2 external/bsd/unbound/dist/services/cache/rrset.h: up to 1.1.1.2 external/bsd/unbound/dist/services/listen_dnsport.c: up to 1.1.1.2 external/bsd/unbound/dist/services/listen_dnsport.h: up to 1.1.1.2 external/bsd/unbound/dist/services/localzone.c: up to 1.1.1.2 external/bsd/unbound/dist/services/localzone.h: up to 1.1.1.2 external/bsd/unbound/dist/services/mesh.c: up to 1.1.1.2 external/bsd/unbound/dist/services/mesh.h: up to 1.1.1.2 external/bsd/unbound/dist/services/modstack.c: up to 1.1.1.2 external/bsd/unbound/dist/services/modstack.h: up to 1.1.1.2 external/bsd/unbound/dist/services/outside_network.c: up to 1.1.1.2 external/bsd/unbound/dist/services/outside_network.h: up to 1.1.1.2 external/bsd/unbound/dist/services/view.c: up to 1.1.1.1 external/bsd/unbound/dist/services/view.h: up to 1.1.1.1 external/bsd/unbound/dist/sldns/keyraw.c: up to 1.1.1.2 external/bsd/unbound/dist/sldns/keyraw.h: up to 1.1.1.2 external/bsd/unbound/dist/sldns/parse.c: up to 1.1.1.2 external/bsd/unbound/dist/sldns/parse.h: up to 1.1.1.2 external/bsd/unbound/dist/sldns/parseutil.c: up to 1.1.1.2 external/bsd/unbound/dist/sldns/parseutil.h: up to 1.1.1.2 external/bsd/unbound/dist/sldns/rrdef.c: up to 1.1.1.2 external/bsd/unbound/dist/sldns/rrdef.h: up to 1.1.1.2 external/bsd/unbound/dist/sldns/sbuffer.c: up to 1.1.1.2 external/bsd/unbound/dist/sldns/sbuffer.h: up to 1.1.1.2 external/bsd/unbound/dist/sldns/str2wire.c: up to 1.1.1.2 external/bsd/unbound/dist/sldns/str2wire.h: up to 1.1.1.2 external/bsd/unbound/dist/sldns/wire2str.c: up to 1.1.1.2 external/bsd/unbound/dist/sldns/wire2str.h: up to 1.1.1.2 external/bsd/unbound/dist/smallapp/unbound-anchor.c: up to 1.1.1.2 external/bsd/unbound/dist/smallapp/unbound-checkconf.c: up to 1.1.1.2 external/bsd/unbound/dist/smallapp/unbound-control.c: up to 1.1.1.2 external/bsd/unbound/dist/smallapp/unbound-host.c: up to 1.1.1.2 external/bsd/unbound/dist/smallapp/worker_cb.c: up to 1.1.1.2 external/bsd/unbound/dist/systemd.m4: up to 1.1.1.1 external/bsd/unbound/dist/testcode/asynclook.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/checklocks.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/checklocks.h: up to 1.1.1.2 external/bsd/unbound/dist/testcode/do-tests.sh: up to 1.1.1.2 external/bsd/unbound/dist/testcode/fake_event.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/lock_verify.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/memstats.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/mini_tdir.sh: up to 1.1.1.1 external/bsd/unbound/dist/testcode/perf.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/petal.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/replay.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/replay.h: up to 1.1.1.2 external/bsd/unbound/dist/testcode/run_vm.sh: up to 1.1.1.2 external/bsd/unbound/dist/testcode/signit.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/streamtcp.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/testbound.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/testpkts.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/testpkts.h: up to 1.1.1.2 external/bsd/unbound/dist/testcode/unitauth.c: up to 1.1.1.1 external/bsd/unbound/dist/testcode/unitecs.c: up to 1.1.1.1 external/bsd/unbound/dist/testcode/unitlruhash.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/unitmain.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/unitmain.h: up to 1.1.1.2 external/bsd/unbound/dist/testcode/unitneg.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/unitslabhash.c: up to 1.1.1.2 external/bsd/unbound/dist/testcode/unitverify.c: up to 1.1.1.2 external/bsd/unbound/dist/testdata/00-lint.tdir/00-lint.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/00-lint.tdir/00-lint.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/00-lint.tpkg delete external/bsd/unbound/dist/testdata/01-doc.tdir/01-doc.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/01-doc.tdir/01-doc.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/01-doc.tpkg delete external/bsd/unbound/dist/testdata/02-unittest.tdir/02-unittest.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/02-unittest.tdir/02-unittest.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/02-unittest.tpkg delete external/bsd/unbound/dist/testdata/03-testbound.tdir/03-testbound.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/03-testbound.tdir/03-testbound.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/03-testbound.tpkg delete external/bsd/unbound/dist/testdata/04-checkconf.tdir/04-checkconf.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/04-checkconf.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.badfwd: up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.badif: up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.badip: up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.bind: up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/bad.user: up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/good.all: up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/good.ifport: up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/good.include: up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tdir/warn.algo: up to 1.1.1.1 external/bsd/unbound/dist/testdata/04-checkconf.tpkg delete external/bsd/unbound/dist/testdata/05-asynclook.tdir/05-asynclook.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/05-asynclook.tdir/05-asynclook.hosts: up to 1.1.1.1 external/bsd/unbound/dist/testdata/05-asynclook.tdir/05-asynclook.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/05-asynclook.tdir/05-asynclook.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/05-asynclook.tdir/05-asynclook.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/05-asynclook.tdir/05-asynclook.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/05-asynclook.tpkg delete external/bsd/unbound/dist/testdata/06-ianaports.tdir/06-ianaports.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/06-ianaports.tdir/06-ianaports.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/06-ianaports.tpkg delete external/bsd/unbound/dist/testdata/07-confroot.tdir/07-confroot.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/07-confroot.tdir/07-confroot.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/07-confroot.tpkg delete external/bsd/unbound/dist/testdata/08-host-lib.tdir/08-host-lib.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/08-host-lib.tdir/08-host-lib.hosts: up to 1.1.1.1 external/bsd/unbound/dist/testdata/08-host-lib.tdir/08-host-lib.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/08-host-lib.tdir/08-host-lib.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/08-host-lib.tdir/08-host-lib.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/08-host-lib.tdir/08-host-lib.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/08-host-lib.tpkg delete external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/bad_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/bad_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/bad_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/bad_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/local_data: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/local_data_remove: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/local_zones: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/local_zones_remove: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/unbound_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/unbound_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/unbound_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tdir/unbound_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/09-unbound-control.tpkg delete external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/10-unbound-anchor.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/10-unbound-anchor.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/10-unbound-anchor.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/10-unbound-anchor.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/10-unbound-anchor.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/10-unbound-anchor.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/127.0.0.1/bad.p7s: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/127.0.0.1/bad.xml: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/127.0.0.1/no_more_keys.p7s: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/127.0.0.1/no_more_keys.xml: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/127.0.0.1/root.p7s: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/127.0.0.1/root.xml: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/K.+005+37348.ds: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/K.+005+37348.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/K.+005+37348.private: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/test_cert.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/test_cert.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/unbound-control-setup: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/unbound_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/unbound_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/unbound_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/keys/unbound_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/petal.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/petal.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/signit: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/test_cert.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/test_cert.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/10-unbound-anchor.tpkg delete external/bsd/unbound/dist/testdata/autotrust_10key.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_addpend_2exceed.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_addpend_early.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_addpend_nosign.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_addpend_nosignnew.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_addpend_once.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_addpend_twice.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_init.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_init_ds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_init_fail.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_init_failsig.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_init_legacy.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_init_sigs.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_init_zsk.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_missing.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_missing_all.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_missing_returns.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_probefail.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_probefailsig.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_revoked_use.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_revoked_with_invalid.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_revtp.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_revtp_read.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_revtp_use.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_rollalgo.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_rollalgo_unknown.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_rollover.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/autotrust_valid_use.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/black_data.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/black_dnskey.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/black_ds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/black_ds_entry.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/black_ent.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/black_key_entry.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/black_prime.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/black_prime_entry.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/chaos_trustanchor.rpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/common.sh: up to 1.1.1.2 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/bad_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/bad_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/bad_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/bad_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/ctrl_itr.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/ctrl_itr.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/ctrl_itr.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/ctrl_itr.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/ctrl_itr.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/ctrl_itr.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/unbound_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/unbound_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/unbound_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tdir/unbound_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_itr.tpkg delete external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._bad_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._bad_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._bad_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._bad_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._ctrl_pipe.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._ctrl_pipe.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._ctrl_pipe.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._ctrl_pipe.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._ctrl_pipe.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._ctrl_pipe.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._unbound_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._unbound_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._unbound_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/._unbound_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/bad_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/bad_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/bad_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/bad_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/ctrl_pipe.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/ctrl_pipe.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/ctrl_pipe.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/ctrl_pipe.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/ctrl_pipe.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/ctrl_pipe.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/unbound_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/unbound_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/unbound_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tdir/unbound_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ctrl_pipe.tpkg delete external/bsd/unbound/dist/testdata/dlv_anchor.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_ask_higher.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_below_ta.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_delegation.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_ds_lookup.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_insecure.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_insecure_negcache.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_keyretry.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_negnx.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_optout.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_remove.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_remove_empty.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_remove_nodel.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_remove_pos.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dlv_unused.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/1.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/1.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/1_chacha.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/1_salsa.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/2.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/2.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/2_chacha.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/2_salsa.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/dnscrypt_cert.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/dnscrypt_cert.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/dnscrypt_cert.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/dnscrypt_cert.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/dnscrypt_cert.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/dnscrypt_cert.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert.tdir/precheck.sh: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/1.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/1.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/1_chacha.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/1_salsa.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/2.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/2.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/2_chacha.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/2_salsa.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_cert_chacha.tdir/precheck.sh: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/1.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/1.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/1_chacha.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/1_salsa.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/2.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/2.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/2_chacha.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/2_salsa.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries.tdir/dnscrypt_queries.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/1.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/2.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/2_salsa.cert: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/dnscrypt_queries_chacha.tdir/precheck.sh: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_cache.tdir/edns_cache.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_cache.tdir/edns_cache.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_cache.tdir/edns_cache.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_cache.tdir/edns_cache.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_cache.tdir/edns_cache.stub1: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_cache.tdir/edns_cache.stub2: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_cache.tdir/edns_cache.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_cache.tpkg delete external/bsd/unbound/dist/testdata/edns_lame.tdir/edns_lame.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_lame.tdir/edns_lame.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_lame.tdir/edns_lame.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_lame.tdir/edns_lame.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_lame.tdir/edns_lame.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_lame.tdir/edns_lame.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/edns_lame.tpkg delete external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ancil.tpkg delete external/bsd/unbound/dist/testdata/fwd_bogus.tdir/fwd_bogus.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/fwd_bogus.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/fwd_bogus.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/fwd_bogus.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/fwd_bogus.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/fwd_bogus.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/unbound_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/unbound_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/unbound_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_bogus.tdir/unbound_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_bogus.tpkg delete external/bsd/unbound/dist/testdata/fwd_capsid.tdir/fwd_capsid.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid.tdir/fwd_capsid.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid.tdir/fwd_capsid.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid.tdir/fwd_capsid.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid.tdir/fwd_capsid.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid.tdir/fwd_capsid.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid.tpkg delete external/bsd/unbound/dist/testdata/fwd_capsid_fallback.tdir/fwd_capsid_fallback.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_fallback.tdir/fwd_capsid_fallback.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_fallback.tdir/fwd_capsid_fallback.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_fallback.tdir/fwd_capsid_fallback.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_fallback.tdir/fwd_capsid_fallback.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_fallback.tdir/fwd_capsid_fallback.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_fallback.tpkg delete external/bsd/unbound/dist/testdata/fwd_capsid_strip.tdir/fwd_capsid_strip.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_strip.tdir/fwd_capsid_strip.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_strip.tdir/fwd_capsid_strip.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_strip.tdir/fwd_capsid_strip.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_strip.tdir/fwd_capsid_strip.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_strip.tdir/fwd_capsid_strip.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_strip.tdir/fwd_capsid_strip.testns2: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_strip.tpkg delete external/bsd/unbound/dist/testdata/fwd_capsid_white.tdir/fwd_capsid_white.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_white.tdir/fwd_capsid_white.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_white.tdir/fwd_capsid_white.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_white.tdir/fwd_capsid_white.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_white.tdir/fwd_capsid_white.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_white.tdir/fwd_capsid_white.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_white.tdir/fwd_capsid_white.testns2: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_capsid_white.tpkg delete external/bsd/unbound/dist/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.good: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_compress_c00c.tpkg delete external/bsd/unbound/dist/testdata/fwd_edns_bksec.tdir/fwd_edns_bksec.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_bksec.tdir/fwd_edns_bksec.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_bksec.tdir/fwd_edns_bksec.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_bksec.tdir/fwd_edns_bksec.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_bksec.tdir/fwd_edns_bksec.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_bksec.tdir/fwd_edns_bksec.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_bksec.tpkg delete external/bsd/unbound/dist/testdata/fwd_edns_probe.tdir/fwd_edns_probe.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_probe.tdir/fwd_edns_probe.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_probe.tdir/fwd_edns_probe.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_probe.tdir/fwd_edns_probe.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_probe.tdir/fwd_edns_probe.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_probe.tdir/fwd_edns_probe.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_edns_probe.tpkg delete external/bsd/unbound/dist/testdata/fwd_malformed.tdir/fwd_malformed.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_malformed.tdir/fwd_malformed.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_malformed.tdir/fwd_malformed.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_malformed.tdir/fwd_malformed.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_malformed.tdir/fwd_malformed.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_malformed.tdir/fwd_malformed.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_no_edns.tdir/fwd_no_edns.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_no_edns.tdir/fwd_no_edns.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_no_edns.tdir/fwd_no_edns.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_no_edns.tdir/fwd_no_edns.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_no_edns.tdir/fwd_no_edns.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_no_edns.tdir/fwd_no_edns.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_no_edns.tpkg delete external/bsd/unbound/dist/testdata/fwd_oneport.tdir/fwd_oneport.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_oneport.tdir/fwd_oneport.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_oneport.tdir/fwd_oneport.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_oneport.tdir/fwd_oneport.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_oneport.tdir/fwd_oneport.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_oneport.tdir/fwd_oneport.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_oneport.tpkg delete external/bsd/unbound/dist/testdata/fwd_tcp.tdir/fwd_tcp.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp.tdir/fwd_tcp.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp.tdir/fwd_tcp.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp.tdir/fwd_tcp.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp.tdir/fwd_tcp.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp.tdir/fwd_tcp.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp.tpkg delete external/bsd/unbound/dist/testdata/fwd_tcp_tc.tdir/fwd_tcp_tc.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc.tdir/fwd_tcp_tc.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc.tdir/fwd_tcp_tc.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc.tdir/fwd_tcp_tc.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc.tdir/fwd_tcp_tc.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc.tdir/fwd_tcp_tc.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc.tpkg delete external/bsd/unbound/dist/testdata/fwd_tcp_tc6.tdir/fwd_tcp_tc6.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc6.tdir/fwd_tcp_tc6.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc6.tdir/fwd_tcp_tc6.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc6.tdir/fwd_tcp_tc6.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc6.tdir/fwd_tcp_tc6.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc6.tdir/fwd_tcp_tc6.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_tcp_tc6.tpkg delete external/bsd/unbound/dist/testdata/fwd_three.tdir/fwd_three.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three.tdir/fwd_three.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three.tdir/fwd_three.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three.tdir/fwd_three.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three.tdir/fwd_three.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three.tdir/fwd_three.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three.tpkg delete external/bsd/unbound/dist/testdata/fwd_three_service.tdir/fwd_three_service.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three_service.tdir/fwd_three_service.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three_service.tdir/fwd_three_service.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three_service.tdir/fwd_three_service.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three_service.tdir/fwd_three_service.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three_service.tdir/fwd_three_service.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_three_service.tpkg delete external/bsd/unbound/dist/testdata/fwd_ttlexpire.tdir/fwd_ttlexpire.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ttlexpire.tdir/fwd_ttlexpire.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ttlexpire.tdir/fwd_ttlexpire.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ttlexpire.tdir/fwd_ttlexpire.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ttlexpire.tdir/fwd_ttlexpire.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ttlexpire.tdir/fwd_ttlexpire.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_ttlexpire.tpkg delete external/bsd/unbound/dist/testdata/fwd_udp.tdir/fwd_udp.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp.tdir/fwd_udp.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp.tdir/fwd_udp.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp.tdir/fwd_udp.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp.tdir/fwd_udp.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp.tdir/fwd_udp.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udp.tpkg delete external/bsd/unbound/dist/testdata/fwd_udptmout.tdir/fwd_udptmout.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udptmout.tdir/fwd_udptmout.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udptmout.tdir/fwd_udptmout.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udptmout.tdir/fwd_udptmout.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udptmout.tdir/fwd_udptmout.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udptmout.tdir/fwd_udptmout.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_udptmout.tpkg delete external/bsd/unbound/dist/testdata/fwd_waitudp.tdir/fwd_waitudp.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_waitudp.tdir/fwd_waitudp.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_waitudp.tdir/fwd_waitudp.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_waitudp.tdir/fwd_waitudp.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_waitudp.tdir/fwd_waitudp.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_waitudp.tdir/fwd_waitudp.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_waitudp.tpkg delete external/bsd/unbound/dist/testdata/fwd_zero.tdir/fwd_zero.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_zero.tdir/fwd_zero.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_zero.tdir/fwd_zero.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_zero.tdir/fwd_zero.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_zero.tdir/fwd_zero.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_zero.tdir/fwd_zero.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/fwd_zero.tpkg delete external/bsd/unbound/dist/testdata/fwddlv_parse.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/hostsfileosx.tdir/hostsfileosx.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/hostsfileosx.tdir/hostsfileosx.hosts: up to 1.1.1.1 external/bsd/unbound/dist/testdata/hostsfileosx.tdir/hostsfileosx.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/hostsfileosx.tdir/hostsfileosx.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/hostsfileosx.tdir/hostsfileosx.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/hostsfileosx.tdir/hostsfileosx.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/hostsfileosx.tpkg delete external/bsd/unbound/dist/testdata/ipsecmod_bogus_ipseckey.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ipsecmod_enabled.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ipsecmod_hook.sh: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ipsecmod_ignore_bogus_ipseckey.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ipsecmod_max_ttl.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ipsecmod_strict.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/ipsecmod_whitelist.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_class_any.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_dname_insec.rpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_dname_yx.rpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_dnsseclame_bug.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_dnsseclame_ds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_dnsseclame_ds_ok.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_dnsseclame_ta.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_dnsseclame_ta_ok.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_emptydp.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_emptydp_for_glue.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_primenoglue.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_resolve_minimised.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_resolve_minimised_nx.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_resolve_minimised_refused.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_resolve_minimised_timeout.rpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/iter_scrub_dname_rev.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_scrub_dname_sec.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/iter_stub_leak.rpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_acl_override.rpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_acl_taglist.rpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_acl_taglist_action.rpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_cname.rpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_ds.rpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nodefault.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/local_nodefault.tdir/local_nodefault.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nodefault.tdir/local_nodefault.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nodefault.tdir/local_nodefault.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nodefault.tdir/local_nodefault.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nodefault.tdir/local_nodefault.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nodefault.tdir/local_nodefault.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nodefault.tpkg delete external/bsd/unbound/dist/testdata/local_norec.tdir/local_norec.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_norec.tdir/local_norec.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_norec.tdir/local_norec.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_norec.tdir/local_norec.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_norec.tdir/local_norec.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_norec.tdir/local_norec.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_norec.tpkg delete external/bsd/unbound/dist/testdata/local_nosnoop.tdir/local_nosnoop.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nosnoop.tdir/local_nosnoop.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nosnoop.tdir/local_nosnoop.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nosnoop.tdir/local_nosnoop.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nosnoop.tdir/local_nosnoop.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nosnoop.tdir/local_nosnoop.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/local_nosnoop.tpkg delete external/bsd/unbound/dist/testdata/net_signed_servfail.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/nomem_cnametopos.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/nss_compile.tdir/nss_compile.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/nss_compile.tdir/nss_compile.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/nss_compile.tpkg delete external/bsd/unbound/dist/testdata/pylib.tdir/pylib.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.lookup.py: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.py: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pylib.tdir/pylib.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pylib.tpkg delete external/bsd/unbound/dist/testdata/pymod.tdir/pymod.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod.tdir/pymod.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod.tdir/pymod.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod.tdir/pymod.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod.tdir/pymod.py: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod.tdir/pymod.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod.tdir/pymod.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod.tpkg delete external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.py: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/pymod_thread.tpkg delete external/bsd/unbound/dist/testdata/remote-threaded.tdir/bad_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/bad_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/bad_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/bad_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/remote-threaded.tpkg delete external/bsd/unbound/dist/testdata/root_anchor.tdir/root_anchor.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_anchor.tdir/root_anchor.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_anchor.tpkg delete external/bsd/unbound/dist/testdata/root_hints.tdir/root_hints.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_hints.tdir/root_hints.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/root_hints.tpkg delete external/bsd/unbound/dist/testdata/speed_cache.tdir/makeqs.c: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_cache.tdir/makeqs.sh: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_cache.tdir/speed_cache.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_cache.tdir/speed_cache.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_cache.tdir/speed_cache.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_cache.tdir/speed_cache.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_cache.tdir/speed_cache.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_cache.tdir/speed_cache.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_cache.tpkg delete external/bsd/unbound/dist/testdata/speed_local.tdir/speed_local.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_local.tdir/speed_local.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_local.tdir/speed_local.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_local.tdir/speed_local.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_local.tdir/speed_local.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_local.tdir/speed_local.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/speed_local.tpkg delete external/bsd/unbound/dist/testdata/stat_timer.tdir/stat_timer.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_timer.tdir/stat_timer.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_timer.tdir/stat_timer.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_timer.tdir/stat_timer.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_timer.tdir/stat_timer.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_timer.tdir/stat_timer.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stat_timer.tpkg delete external/bsd/unbound/dist/testdata/stop_nxdomain.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/stop_nxdomain_minimised.rpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_ssl.tdir/stream_ssl.clie.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_ssl.tdir/stream_ssl.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_ssl.tdir/stream_ssl.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_ssl.tdir/stream_ssl.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_ssl.tdir/stream_ssl.serv.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_ssl.tdir/stream_ssl.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_ssl.tdir/unbound_control.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_ssl.tdir/unbound_control.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_ssl.tdir/unbound_server.key: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_ssl.tdir/unbound_server.pem: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_ssl.tpkg delete external/bsd/unbound/dist/testdata/stream_tcp.tdir/stream_tcp.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_tcp.tdir/stream_tcp.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_tcp.tdir/stream_tcp.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_tcp.tdir/stream_tcp.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_tcp.tdir/stream_tcp.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_tcp.tdir/stream_tcp.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stream_tcp.tpkg delete external/bsd/unbound/dist/testdata/stub_udp.tdir/stub_udp.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp.tdir/stub_udp.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp.tdir/stub_udp.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp.tdir/stub_udp.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp.tdir/stub_udp.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp.tdir/stub_udp.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp.tpkg delete external/bsd/unbound/dist/testdata/stub_udp6.tdir/stub_udp6.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp6.tdir/stub_udp6.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp6.tdir/stub_udp6.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp6.tdir/stub_udp6.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp6.tdir/stub_udp6.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp6.tdir/stub_udp6.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/stub_udp6.tpkg delete external/bsd/unbound/dist/testdata/subnet_cached.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_derived.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_format_ip4.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_max_source.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_not_whitelisted.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_val_positive.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_val_positive_client.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/subnet_without_validator.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_sigpipe.tdir/tcp_sigpipe.conf: up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_sigpipe.tdir/tcp_sigpipe.dsc: up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_sigpipe.tdir/tcp_sigpipe.post: up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_sigpipe.tdir/tcp_sigpipe.pre: up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_sigpipe.tdir/tcp_sigpipe.test: up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_sigpipe.tdir/tcp_sigpipe.testns: up to 1.1.1.1 external/bsd/unbound/dist/testdata/tcp_sigpipe.tpkg delete external/bsd/unbound/dist/testdata/test_ldnsrr.5: up to 1.1.1.2 external/bsd/unbound/dist/testdata/test_ldnsrr.c5: up to 1.1.1.2 external/bsd/unbound/dist/testdata/test_sigs.ed25519: up to 1.1.1.1 external/bsd/unbound/dist/testdata/val_adbit.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_adcopy.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_anchor_nx.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_anchor_nx_nosig.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ans_dsent.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ans_nx.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_any.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_any_cname.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_any_dname.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cname_loop1.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cname_loop2.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cname_loop3.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnameinsectopos.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnamenx_dblnsec.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnamenx_rcodenx.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnameqtype.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametocloser.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametocloser_nosig.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametocnamewctoposwc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametodname.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametodnametocnametopos.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametoinsecure.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametonodata.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametonodata_nonsec.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametonsec.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametonx.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametooptin.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametooptout.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametopos.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametoposnowc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnametoposwc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnamewctonodata.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnamewctonx.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_cnamewctoposwc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_deleg_nons.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_dnametoolong.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_dnametopos.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_dnametoposwc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_dnamewc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ds_afterprime.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ds_cname.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ds_cnamesub.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ds_gost.crpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ds_gost_downgrade.crpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ds_sha2.crpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ds_sha2_downgrade.crpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ds_sha2_lenient.crpl: up to 1.1.1.1 external/bsd/unbound/dist/testdata/val_dsnsec.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_entds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_faildnskey.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_faildnskey_ok.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_fwdds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_keyprefetch.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_keyprefetch_verify.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_mal_wc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_negcache_ds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_negcache_dssoa.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_noadwhennodo.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nodata.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nodata_ent.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nodata_entnx.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nodata_entwc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nodata_failsig.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nodata_hasdata.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nodata_zonecut.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nodatawc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nodatawc_badce.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nodatawc_nodeny.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nodatawc_one.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nokeyprime.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b1_nameerror.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b1_nameerror_noce.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b1_nameerror_nonc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b1_nameerror_nowc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b21_nodataent.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b21_nodataent_wr.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b2_nodata.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b2_nodata_nons.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b3_optout.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b3_optout_negcache.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b3_optout_noce.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b3_optout_nonc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b4_wild.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b4_wild_wr.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b5_wcnodata.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b5_wcnodata_noce.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b5_wcnodata_nonc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_b5_wcnodata_nowc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_cname_ds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_cname_par.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_cname_sub.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_cnametocnamewctoposwc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_entnodata_optout.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_entnodata_optout_badopt.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_entnodata_optout_match.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_iter_high.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_nodatawccname.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_nods.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_nods_badopt.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_nods_badsig.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_nods_negcache.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_nods_soa.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_optout_ad.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_optout_cache.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_wcany.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nsec3_wcany_nodeny.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nx.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nx_nodeny.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nx_nowc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nx_nsec3_collision.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nx_nsec3_params.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_nx_overreach.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_pos_truncns.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_positive.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_positive_nosigs.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_positive_wc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_positive_wc_nodeny.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_qds_badanc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_qds_oneanc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_qds_twoanc.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_refer_unsignadd.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_referd.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_referglue.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_rrsig.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_secds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_secds_nosig.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_spurious_ns.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_stub_noroot.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_stubds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ta_algo_dnskey.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ta_algo_dnskey_dp.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ta_algo_missing.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_ta_algo_missing_dp.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_twocname.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_unalgo_anchor.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_unalgo_dlv.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_unalgo_ds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_unsec_cname.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_unsecds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_unsecds_negcache.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_unsecds_qtypeds.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/val_wild_pos.rpl: up to 1.1.1.2 external/bsd/unbound/dist/testdata/views.rpl: up to 1.1.1.1 external/bsd/unbound/dist/util/alloc.c: up to 1.1.1.2 external/bsd/unbound/dist/util/alloc.h: up to 1.1.1.2 external/bsd/unbound/dist/util/config_file.c: up to 1.1.1.2 external/bsd/unbound/dist/util/config_file.h: up to 1.1.1.2 external/bsd/unbound/dist/util/configlexer.c: up to 1.1.1.2 external/bsd/unbound/dist/util/configlexer.lex: up to 1.1.1.2 external/bsd/unbound/dist/util/configparser.c: up to 1.1.1.2 external/bsd/unbound/dist/util/configparser.h: up to 1.1.1.2 external/bsd/unbound/dist/util/configparser.y: up to 1.1.1.2 external/bsd/unbound/dist/util/data/dname.c: up to 1.1.1.2 external/bsd/unbound/dist/util/data/dname.h: up to 1.1.1.2 external/bsd/unbound/dist/util/data/msgencode.c: up to 1.1.1.2 external/bsd/unbound/dist/util/data/msgparse.c: up to 1.1.1.2 external/bsd/unbound/dist/util/data/msgparse.h: up to 1.1.1.2 external/bsd/unbound/dist/util/data/msgreply.c: up to 1.1.1.2 external/bsd/unbound/dist/util/data/msgreply.h: up to 1.1.1.2 external/bsd/unbound/dist/util/data/packed_rrset.c: up to 1.1.1.2 external/bsd/unbound/dist/util/data/packed_rrset.h: up to 1.1.1.2 external/bsd/unbound/dist/util/fptr_wlist.c: up to 1.1.1.2 external/bsd/unbound/dist/util/fptr_wlist.h: up to 1.1.1.2 external/bsd/unbound/dist/util/iana_ports.inc: up to 1.1.1.2 external/bsd/unbound/dist/util/locks.c: up to 1.1.1.2 external/bsd/unbound/dist/util/locks.h: up to 1.1.1.2 external/bsd/unbound/dist/util/log.c: up to 1.1.1.2 external/bsd/unbound/dist/util/mini_event.c: up to 1.1.1.2 external/bsd/unbound/dist/util/mini_event.h: up to 1.1.1.2 external/bsd/unbound/dist/util/module.c: up to 1.1.1.2 external/bsd/unbound/dist/util/module.h: up to 1.1.1.2 external/bsd/unbound/dist/util/net_help.c: up to 1.1.1.2 external/bsd/unbound/dist/util/net_help.h: up to 1.1.1.2 external/bsd/unbound/dist/util/netevent.c: up to 1.1.1.2 external/bsd/unbound/dist/util/netevent.h: up to 1.1.1.2 external/bsd/unbound/dist/util/rbtree.c: up to 1.1.1.2 external/bsd/unbound/dist/util/rbtree.h: up to 1.1.1.2 external/bsd/unbound/dist/util/shm_side/shm_main.c: up to 1.1.1.1 external/bsd/unbound/dist/util/shm_side/shm_main.h: up to 1.1.1.1 external/bsd/unbound/dist/util/storage/dnstree.c: up to 1.1.1.2 external/bsd/unbound/dist/util/storage/dnstree.h: up to 1.1.1.2 external/bsd/unbound/dist/util/storage/lookup3.c: up to 1.1.1.2 external/bsd/unbound/dist/util/storage/lruhash.c: up to 1.1.1.2 external/bsd/unbound/dist/util/storage/lruhash.h: up to 1.1.1.2 external/bsd/unbound/dist/util/storage/slabhash.c: up to 1.1.1.2 external/bsd/unbound/dist/util/storage/slabhash.h: up to 1.1.1.2 external/bsd/unbound/dist/util/timehist.c: up to 1.1.1.2 external/bsd/unbound/dist/util/timehist.h: up to 1.1.1.2 external/bsd/unbound/dist/util/tube.c: up to 1.1.1.2 external/bsd/unbound/dist/util/tube.h: up to 1.1.1.2 external/bsd/unbound/dist/util/ub_event.c: up to 1.1.1.2 external/bsd/unbound/dist/util/ub_event.h: up to 1.1.1.2 external/bsd/unbound/dist/util/ub_event_pluggable.c: up to 1.1.1.2 external/bsd/unbound/dist/util/winsock_event.c: up to 1.1.1.2 external/bsd/unbound/dist/util/winsock_event.h: up to 1.1.1.2 external/bsd/unbound/dist/validator/autotrust.c: up to 1.1.1.2 external/bsd/unbound/dist/validator/autotrust.h: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_anchor.c: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_anchor.h: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_neg.c: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_neg.h: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_nsec.c: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_nsec.h: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_nsec3.c: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_nsec3.h: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_secalgo.c: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_sigcrypt.c: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_sigcrypt.h: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_utils.c: up to 1.1.1.2 external/bsd/unbound/dist/validator/val_utils.h: up to 1.1.1.2 external/bsd/unbound/dist/validator/validator.c: up to 1.1.1.2 external/bsd/unbound/dist/validator/validator.h: up to 1.1.1.2 external/bsd/unbound/dist/winrc/setup.nsi: up to 1.1.1.2 external/bsd/unbound/dist/winrc/unbound-control-setup.cmd: up to 1.1.1.2 external/bsd/unbound/dist/winrc/w_inst.c: up to 1.1.1.2 external/bsd/unbound/dist/winrc/win_svc.c: up to 1.1.1.2 external/bsd/unbound/etc/rc.d/unbound: up to 1.2 external/bsd/unbound/include/config-1.0.h: up to 1.2 external/bsd/unbound/include/config-1.1.h: up to 1.2 external/bsd/unbound/include/config.h: up to 1.4 external/bsd/unbound/include/dnscrypt/dnscrypt_config.h: up to 1.1 external/bsd/unbound/lib/libunbound/Makefile: up to 1.3 external/bsd/unbound/lib/libunbound/shlib_version: up to 1.2 external/bsd/unbound/sbin/Makefile.inc: up to 1.4 share/mk/bsd.own.mk: patch Update unbound to 1.6.8. @ text @a0 3552 =================================================================== RCS file: ./RCS/Makefile.in,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./Makefile.in --- ./Makefile.in +++ ./Makefile.in @@@@ -23,6 +23,8 @@@@ CHECKLOCK_OBJ=@@CHECKLOCK_OBJ@@ DNSTAP_SRC=@@DNSTAP_SRC@@ DNSTAP_OBJ=@@DNSTAP_OBJ@@ +FASTRPZ_SRC=@@FASTRPZ_SRC@@ +FASTRPZ_OBJ=@@FASTRPZ_OBJ@@ DNSCRYPT_SRC=@@DNSCRYPT_SRC@@ DNSCRYPT_OBJ=@@DNSCRYPT_OBJ@@ WITH_PYTHONMODULE=@@WITH_PYTHONMODULE@@ @@@@ -125,7 +127,7 @@@@ edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ cachedb/cachedb.c respip/respip.c $(CHECKLOCK_SRC) \ -$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) +$(DNSTAP_SRC) $(FASTRPZ_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ @@@@ -137,7 +139,7 @@@@ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ -$(IPSECMOD_OBJ) +$(FASTRPZ_OBJ) $(DNSCRYPT_OBJ) COMMON_OBJ_WITHOUT_NETCALL+=respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo @@@@ -398,6 +401,11 @@@@ $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h +# fastrpz +rpz.lo rpz.o: $(srcdir)/fastrpz/rpz.c config.h fastrpz/rpz.h fastrpz/librpz.h \ + $(srcdir)/util/config_file.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/util/log.h + # Python Module pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ =================================================================== RCS file: ./RCS/config.h.in,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./config.h.in --- ./config.h.in +++ ./config.h.in @@@@ -1199,4 +1199,11 @@@@ /** the version of unbound-control that this software implements */ #define UNBOUND_CONTROL_VERSION 1 - +/* have __attribute__s used in librpz.h */ +#undef LIBRPZ_HAVE_ATTR +/** fastrpz librpz.so */ +#undef FASTRPZ_LIBRPZ_PATH +/** 0=no fastrpz 1=static link 2=dlopen() */ +#undef FASTRPZ_LIB_OPEN +/** turn on fastrpz response policy zones */ +#undef ENABLE_FASTRPZ =================================================================== RCS file: ./RCS/configure.ac,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./configure.ac --- ./configure.ac +++ ./configure.ac @@@@ -6,6 +6,7 @@@@ sinclude(acx_python.m4) sinclude(ac_pkg_swig.m4) sinclude(dnstap/dnstap.m4) +sinclude(fastrpz/rpz.m4) sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing @@@@ -1352,6 +1353,9 @@@@ ;; esac +# check for Fastrpz with fastrpz/rpz.m4 +ck_FASTRPZ + AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). =================================================================== RCS file: ./daemon/RCS/daemon.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.c --- ./daemon/daemon.c +++ ./daemon/daemon.c @@@@ -89,6 +89,9 @@@@ #include "sldns/keyraw.h" #include "respip/respip.h" #include +#ifdef ENABLE_FASTRPZ +#include "fastrpz/rpz.h" +#endif #ifdef HAVE_SYSTEMD #include @@@@ -451,6 +454,14 @@@@ fatal_exit("dnstap enabled in config but not built with dnstap support"); #endif } + if(daemon->cfg->rpz_enable) { +#ifdef ENABLE_FASTRPZ + rpz_init(&daemon->rpz_clist, &daemon->rpz_client, daemon->cfg); +#else + fatal_exit("fastrpz enabled in config" + " but not built with fastrpz"); +#endif + } for(i=0; inum; i++) { if(!(daemon->workers[i] = worker_create(daemon, i, shufport+numport*i/daemon->num, @@@@ -691,6 +702,9 @@@@ #ifdef USE_DNSTAP dt_delete(daemon->dtenv); #endif +#ifdef ENABLE_FASTRPZ + rpz_delete(&daemon->rpz_clist, &daemon->rpz_client); +#endif daemon->cfg = NULL; } =================================================================== RCS file: ./daemon/RCS/daemon.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.h --- ./daemon/daemon.h +++ ./daemon/daemon.h @@@@ -134,6 +134,11 @@@@ /** the dnscrypt environment */ struct dnsc_env* dnscenv; #endif +#ifdef ENABLE_FASTRPZ + /** global opaque rpz handles */ + struct librpz_clist *rpz_clist; + struct librpz_client *rpz_client; +#endif }; /** =================================================================== RCS file: ./daemon/RCS/worker.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c --- ./daemon/worker.c +++ ./daemon/worker.c @@@@ -73,6 +73,9 @@@@ #include "libunbound/context.h" #include "libunbound/libworker.h" #include "sldns/sbuffer.h" +#ifdef ENABLE_FASTRPZ +#include "fastrpz/rpz.h" +#endif #include "sldns/wire2str.h" #include "util/shm_side/shm_main.h" #include "dnscrypt/dnscrypt.h" @@@@ -526,8 +529,27 @@@@ /* not secure */ secure = 0; break; +#ifdef ENABLE_FASTRPZ + case sec_status_rpz_rewritten: + case sec_status_rpz_drop: + fatal_exit("impossible cached RPZ sec_status"); + break; +#endif } } +#ifdef ENABLE_FASTRPZ + if(repinfo->rpz) { + /* Scan the cached answer for RPZ hits. + * ret=1 use cache entry + * ret=-1 rewritten response already sent or dropped + * ret=0 deny a cached entry exists + */ + int ret = rpz_worker_cache(worker, msg->rep, qinfo, + id, flags, edns, repinfo); + if(ret != 1) + return ret; + } +#endif /* return this delegation from the cache */ edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; @@@@ -688,6 +710,23 @@@@ secure = 0; } } else secure = 0; +#ifdef ENABLE_FASTRPZ + if(repinfo->rpz) { + /* Scan the cached answer for RPZ hits. + * ret=1 use cache entry + * ret=-1 rewritten response already sent or dropped + * ret=0 deny a cached entry exists + */ + int ret = rpz_worker_cache(worker, rep, qinfo, id, flags, edns, + repinfo); + if(ret != 1) { + rrset_array_unlock_touch(worker->env.rrset_cache, + worker->scratchpad, rep->ref, + rep->rrset_count); + return ret; + } + } +#endif edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; @@@@ -1267,6 +1306,15 @@@@ log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", &repinfo->addr, repinfo->addrlen); goto send_reply; +#ifdef ENABLE_FASTRPZ + } else { + /* Start to rewrite for response policy zones. + * This can hit a qname trigger and be done. */ + if(rpz_start(worker, &qinfo, repinfo, &edns)) { + regional_free_all(worker->scratchpad); + return 0; + } +#endif } /* If we've found a local alias, replace the qname with the alias @@@@ -1315,12 +1363,21 @@@@ h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { /* answer from cache - we have acquired a readlock on it */ - if(answer_from_cache(worker, &qinfo, + ret = answer_from_cache(worker, &qinfo, cinfo, &need_drop, &alias_rrset, &partial_rep, (struct reply_info*)e->data, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), repinfo, - &edns)) { + &edns); +#ifdef ENABLE_FASTRPZ + if(ret < 0) { + /* RPZ already dropped or sent a response. */ + lock_rw_unlock(&e->lock); + regional_free_all(worker->scratchpad); + return 0; + } +#endif + if(ret) { /* prefetch it if the prefetch TTL expired. * Note that if there is more than one pass * its qname must be that used for cache @@@@ -1371,11 +1428,19 @@@@ lock_rw_unlock(&e->lock); } if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { - if(answer_norec_from_cache(worker, &qinfo, + ret = answer_norec_from_cache(worker, &qinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), repinfo, - &edns)) { + &edns); + if(ret) { regional_free_all(worker->scratchpad); +#ifdef ENABLE_FASTRPZ + if(ret < 0) { + /* RPZ already dropped + * or sent a response. */ + return 0; + } +#endif goto send_reply; } verbose(VERB_ALGO, "answer norec from cache -- " =================================================================== RCS file: ./doc/RCS/unbound.conf.5.in,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./doc/unbound.conf.5.in --- ./doc/unbound.conf.5.in +++ ./doc/unbound.conf.5.in @@@@ -1446,6 +1446,81 @@@@ .B dns64\-synthall: \fI\fR Debug option, default no. If enabled, synthesize all AAAA records despite the presence of actual AAAA records. +.SS "Response Policy Zone Rewriting" +.LP +Response policy zone rewriting is controlled with the +.B rpz +clause. +It must contain a +.B rpz\-enable: +option, and one or more +.B rpz\-zone: +options. +It will usually also contain +.B rpz\-option: +clauses with general rewriting options or specifying dnsrpzd parameters. +Beneath the surface, the text in +.B rpz\-zone: \fI<"domain">\fR +is converted to \fI"zone domain\\n"\fR and added to the configuration string +given to +\fIlibrpz\fR(3). +The text in +.B rpz-option \fI<"text">\fR +is also added to that configuration string. +.LP +If using chroot, then the chroot directory must contain the \fIdnsrpzd\fR(3) +command and the shared libraries that it uses. +Those can be found with the \fIldd\fR(1) command. +.LP +Resolver zone and rewriting options and response policy zone triggers and +actions are described in \fIlibrpz\fR(3). +The separate control file that specifies the policy zones maintained by +the dnsrpzd daemon is described in \fIdnsrpzd\fR(8). +.LP +Many installations need a local whitelist that exempts local +domains from rewriting. +Whitelist records can be in zones transferred by dnsrpzd from +authorities or in a local zone file. +.TP +.B rpz-enable: \fI +enables Fastrpz. +If not enabled, the other options in the +.B rpz: +clause are ignored. +.TP +.B rpz-zone: \fI<"zone and options"> +specifies a policy zone and optional per-zone rewriting parameters. +.TP +.B rpz-option: \fI<"option"> +specifies general Fastrpz options. +.LP +Fastrpz is available only on POSIX compliant UNIX-like systems with the +\fImmap\fR(2) system call. +.LP +Fastrpz in Unbound differs from rpz and fastrpz in BIND by +.RS 3 +.HP 4 +RPZ-CLIENT-IP triggers can only be used in the first policy zone +specified with +.B rpz-zone: +.HP +Policy zone rewriting is disabled by the DO bit in DNS requests +even when no DNSSEC signatures are supplied by authorities. +.HP +Unbound local zones are not subject to rpz rewriting. +.HP +Like Fastrpz with BIND but unlike classic BIND rpz, +the ADDITIONAL sections of rewritten responses contain the SOA record from +the policy zone used to rewrite the response. +.RE +.P +.nf +# example Fastrpz settings for use with chroot on Freebsd +rpz: + rpz-zone: "rpz.example.org" + rpz-zone: "other.rpz.example.org ip-as-ns yes" + rpz-option: "dnsrpzd ./dnsrpzd" +.fi .SS "DNSCrypt Options" .LP The =================================================================== RCS file: ./fastrpz/RCS/librpz.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./fastrpz/librpz.h --- ./fastrpz/librpz.h +++ ./fastrpz/librpz.h @@@@ -0,0 +1,957 @@@@ +/* + * Define the interface from a DNS resolver to the Response Policy Zone + * library, librpz. + * + * This file should be included only the interface functions between the + * resolver and librpz to avoid name space pollution. + * + * Copyright (c) 2016-2017 Farsight Security, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Fastrpz version 1.2.10 + */ + +#ifndef LIBRPZ_H +#define LIBRPZ_H + +#include +#include +#include +#include +#include +#include + + +/* + * Allow either ordinary or dlopen() linking. + */ +#ifdef LIBRPZ_INTERNAL +#define LIBDEF(t,s) extern t s; +#define LIBDEF_F(f) LIBDEF(librpz_##f##_t, librpz_##f) +#else +#define LIBDEF(t,s) +#define LIBDEF_F(f) +#endif + +/* + * Response Policy Zone triggers. + * Comparisons of trigger precedences require + * LIBRPZ_TRIG_CLIENT_IP < LIBRPZ_TRIG_QNAME < LIBRPZ_TRIG_IP + * < LIBRPZ_TRIG_NSDNAME < LIBRPZ_TRIG_NSIP} + */ +typedef enum { + LIBRPZ_TRIG_BAD =0, + LIBRPZ_TRIG_CLIENT_IP =1, + LIBRPZ_TRIG_QNAME =2, + LIBRPZ_TRIG_IP =3, + LIBRPZ_TRIG_NSDNAME =4, + LIBRPZ_TRIG_NSIP =5 +} librpz_trig_t; +#define LIBRPZ_TRIG_SIZE 3 /* sizeof librpz_trig_t in bits */ +typedef uint8_t librpz_tbit_t; /* one bit for each of the TRIGS_NUM + * trigger types */ + + +/* + * Response Policy Zone Actions or policies + */ +typedef enum { + LIBRPZ_POLICY_UNDEFINED =0, /* an empty entry or no decision yet */ + LIBRPZ_POLICY_DELETED =1, /* placeholder for a deleted policy */ + + LIBRPZ_POLICY_PASSTHRU =2, /* 'passthru': do not rewrite */ + LIBRPZ_POLICY_DROP =3, /* 'drop': do not respond */ + LIBRPZ_POLICY_TCP_ONLY =4, /* 'tcp-only': answer UDP with TC=1 */ + LIBRPZ_POLICY_NXDOMAIN =5, /* 'nxdomain': answer with NXDOMAIN */ + LIBRPZ_POLICY_NODATA =6, /* 'nodata': answer with ANCOUNT=0 */ + LIBRPZ_POLICY_RECORD =7, /* rewrite with the policy's RR */ + + /* only in client configurations to override the zone */ + LIBRPZ_POLICY_GIVEN, /* 'given': what policy record says */ + LIBRPZ_POLICY_DISABLED, /* at most log */ + LIBRPZ_POLICY_CNAME, /* answer with 'cname x' */ +} librpz_policy_t; +#define LIBRPZ_POLICY_BITS 4 + +/* + * Special policies that appear as targets of CNAMEs + * NXDOMAIN is signaled by a CNAME with a "." target. + * NODATA is signaled by a CNAME with a "*." target. + */ +#define LIBRPZ_RPZ_PREFIX "rpz-" +#define LIBRPZ_RPZ_PASSTHRU LIBRPZ_RPZ_PREFIX"passthru" +#define LIBRPZ_RPZ_DROP LIBRPZ_RPZ_PREFIX"drop" +#define LIBRPZ_RPZ_TCP_ONLY LIBRPZ_RPZ_PREFIX"tcp-only" + + +typedef uint16_t librpz_dznum_t; /* dnsrpzd zone # in [0,DZNUM_MAX] */ +typedef uint8_t librpz_cznum_t; /* client zone # in [0,CZNUM_MAX] */ + + +/* + * CIDR block + */ +typedef struct librpz_prefix { + union { + struct in_addr in; + struct in6_addr in6; + } addr; + uint8_t family; + uint8_t len; +} librpz_prefix_t; + +/* + * A domain + */ +typedef uint8_t librpz_dsize_t; +typedef struct librpz_domain { + librpz_dsize_t size; /* of only .d */ + uint8_t d[0]; /* variable length wire format */ +} librpz_domain_t; + +/* + * A maximal domain buffer + */ +typedef struct librpz_domain_buf { + librpz_dsize_t size; + uint8_t d[NS_MAXCDNAME]; +} librpz_domain_buf_t; + +/* + * A resource record without the owner name. + * C compilers say that sizeof(librpz_rr_t)=12 instead of 10. + */ +typedef struct { + uint16_t type; /* network byte order */ + uint16_t class; /* network byte order */ + uint32_t ttl; /* network byte order */ + uint16_t rdlength; /* network byte order */ + uint8_t rdata[0]; /* variable length */ +} librpz_rr_t; + +/* + * The database file might be mapped with different starting addresses + * by concurrent clients (resolvers), and so all pointers are offsets. + */ +typedef uint32_t librpz_idx_t; +#define LIBRPZ_IDX_NULL 0 +#define LIBRPZ_IDX_MIN 1 +#define LIBRPZ_IDX_BAD ((librpz_idx_t)-1) +/** + * Partial decoded results of a set of RPZ queries for a single DNS response + * or interation through the mapped file. + */ +typedef int16_t librpz_result_id_t; +typedef struct librpz_result { + librpz_idx_t next_rr; + librpz_result_id_t hit_id; /* trigger ID from resolver */ + librpz_policy_t zpolicy; /* policy from zone */ + librpz_policy_t policy; /* adjusted by client configuration */ + librpz_dznum_t dznum; /* dnsrpzd zone number */ + librpz_cznum_t cznum; /* librpz client zone number */ + librpz_trig_t trig:LIBRPZ_TRIG_SIZE; + bool log:1; /* log rewrite given librpz_log_level */ +} librpz_result_t; + + +/** + * librpz trace or log levels. + */ +typedef enum { + LIBRPZ_LOG_FATAL =0, /* always print fatal errors */ + LIBRPZ_LOG_ERROR =1, /* errors have this level */ + LIBRPZ_LOG_TRACE1 =2, /* big events such as dnsrpzd starts */ + LIBRPZ_LOG_TRACE2 =3, /* smaller dnsrpzd zone transfers */ + LIBRPZ_LOG_TRACE3 =4, /* librpz hits */ + LIBRPZ_LOG_TRACE4 =5, /* librpz lookups */ + LIBRPZ_LOG_INVALID =999, +} librpz_log_level_t; +typedef librpz_log_level_t (librpz_log_level_val_t)(librpz_log_level_t level); +LIBDEF_F(log_level_val) + +/** + * Logging function that can be supplied by the resolver. + * @@param level is one of librpz_log_level_t + * @@param ctx is for use by the resolver's logging system. + * NULL mean a context-free message. + */ +typedef void(librpz_log_fnc_t)(librpz_log_level_t level, void *ctx, + const char *buf); + +/** + * Point librpz logging functions to the resolver's choice. + */ +typedef void (librpz_set_log_t)(librpz_log_fnc_t *new_log, const char *prog_nm); +LIBDEF_F(set_log) + + +/** + * librpz error messages are put in these buffers. + * Use a structure intead of naked char* to let the compiler check the length. + * A function defined with "foo(char buf[120])" can be called with + * "char sbuf[2]; foo(sbuf)" and suffer a buffer overrun. + */ +typedef struct { + char c[120]; +} librpz_emsg_t; + + +#ifdef LIBRPZ_HAVE_ATTR +#define LIBRPZ_UNUSED __attribute__((unused)) +#define LIBRPZ_PF(f,l) __attribute__((format(printf,f,l))) +#define LIBRPZ_NORET __attribute__((__noreturn__)) +#else +#define LIBRPZ_UNUSED +#define LIBRPZ_PF(f,l) +#define LIBRPZ_NORET +#endif + +#ifdef HAVE_BUILTIN_EXPECT +#define LIBRPZ_LIKELY(c) __builtin_expect(!!(c), 1) +#define LIBRPZ_UNLIKELY(c) __builtin_expect(!!(c), 0) +#else +#define LIBRPZ_LIKELY(c) (c) +#define LIBRPZ_UNLIKELY(c) (c) +#endif + +typedef bool (librpz_parse_log_opt_t)(librpz_emsg_t *emsg, const char *arg); +LIBDEF_F(parse_log_opt) + +typedef void (librpz_vpemsg_t)(librpz_emsg_t *emsg, + const char *p, va_list args); +LIBDEF_F(vpemsg) +typedef void (librpz_pemsg_t)(librpz_emsg_t *emsg, + const char *p, ...) LIBRPZ_PF(2,3); +LIBDEF_F(pemsg) + +typedef void (librpz_vlog_t)(librpz_log_level_t level, void *ctx, + const char *p, va_list args); +LIBDEF_F(vlog) +typedef void (librpz_log_t)(librpz_log_level_t level, void *ctx, + const char *p, ...) LIBRPZ_PF(3,4); +LIBDEF_F(log) + +typedef void (librpz_fatal_t)(int ex_code, + const char *p, ...) LIBRPZ_PF(2,3); +extern void librpz_fatal(int ex_code, + const char *p, ...) LIBRPZ_PF(2,3) LIBRPZ_NORET; + +typedef void (librpz_rpz_assert_t)(const char *file, unsigned line, + const char *p, ...) LIBRPZ_PF(3,4); +extern void librpz_rpz_assert(const char *file, unsigned line, + const char *p, ...) LIBRPZ_PF(3,4) LIBRPZ_NORET; + +typedef void (librpz_rpz_vassert_t)(const char *file, uint line, + const char *p, va_list args); +extern void librpz_rpz_vassert(const char *file, uint line, + const char *p, va_list args) LIBRPZ_NORET; + + +/* + * As far as clients are concerned, all relative pointers or indexes in a + * version of the mapped file except trie node parent pointers remain valid + * forever. A client must release a version so that it can be garbage + * collected by the file system. When dnsrpzd needs to expand the file, + * it copies the old file to a new, larger file. Clients can continue + * using the old file. + * + * Versions can also appear in a single file. Old nodes and trie values + * within the file are not destroyed until all clients using the version + * that contained the old values release the version. + * + * A client is marked as using version by connecting to the deamon. It is + * marked as using all subsequent versions. A client releases all versions + * by closing the connection or a range of versions by updating is slot + * in the shared memory version table. + * + * As far as clients are concerned, there are the following possible librpz + * failures: + * - malloc() or other fatal internal librpz problems indicated by + * a failing return from a librpz function + * All operations will fail until client handle is destroyed and + * recreated with librpz_client_detach() and librpz_client_create(). + * - corrupt database detected by librpz code, corrupt database detected + * by dnsrpzd, or disconnection from the daemon. + * Current operations will fail. + * + * Clients assume that the file has already been unlinked before + * the corrupt flag is set so that they do not race with the server + * over the corruption of a single file. A client that finds the + * corrupt set knows that dnsrpzd has already crashed with + * abort() and is restarting. The client can re-connect to dnsrpzd + * and retransmit its configuration, backing off as usual if anything + * goes wrong. + * + * Searchs of the database by a client do not need locks against dnsrpzd or + * other clients, but a lock is used to protect changes to the connection + * by competing threads in the client. The client provides fuctions + * to serialize the conncurrent use of any single client handle. + * Functions that do nothing are appropriate for applications that are + * not "threaded" or that do not share client handles among threads. + * Otherwise, functions must be provided to librpz_clientcreate(). + * Something like the following works with pthreads: + * + * static void + * lock(void *mutex) { assert(pthread_mutex_lock(mutex) == 0); } + * + * static void + * unlock(void *mutex) { assert(pthread_mutex_unlock(mutex) == 0); } + * + * static void + * mutex_destroy(void *mutex) { assert(pthread_mutex_destroy(mutex) == 0); } + * + * + * + * At every instant, all of the data and pointers in the mapped file are valid. + * Changes to trie node or other data are always made so that it and + * all pointers in and to it remain valid for a time. Old versions are + * eventually discarded. + * + * Dnsrpzd periodically defines a new version by setting asside all changes + * made since the previous version was defined. Subsequent changes + * made (only!) by dnsrpzd will be part of the next version. + * + * To discard an old version, dnsrpzd must know that all clients have stopped + * using that version. Clients do that by using part of the mapped file + * to tell dnsrpzd the oldest version that each client is using. + * Dnsrpzd assigns each connecting client an entry in the cversions array + * in the mapped file. The client puts version numbers into that entry + * to signal to dnsrpzd which versions that can be discarded. + * Dnsrpzd is free, as far as that client is concerned, to discard all + * numerically smaller versions. A client can disclaim all versions with + * the version number VERSIONS_ALL or 0. + * + * The race between a client changing its entry and dnsrpzd discarding a + * version is resolved by allowing dnsrpzd to discard all versions + * smaller or equal to the client's version number. If dnsrpzd is in + * the midst of discarding or about to discard version N when the + * client asserts N, no harm is done. The client depends only on + * the consistency of version N+1. + * + * This version mechanism depends in part on not being exercised too frequently + * Version numbers are 32 bits long and dnsrpzd creates new versions + * at most once every 30 seconds. + */ + + +/* + * Lock functions for concurrent use of a single librpz_client_t client handle. + */ +typedef void(librpz_mutex_t)(void *mutex); + +/* + * List of connections to dnsrpzd daemons. + */ +typedef struct librpz_clist librpz_clist_t; + +/* + * Client's handle on dnsrpzd. + */ +typedef struct librpz_client librpz_client_t; + +/** + * Create the list of connections to the dnsrpzd daemon. + * @@param[out] emsg: error message + * @@param lock: start exclusive access to the client handle + * @@param unlock: end exclusive access to the client handle + * @@param mutex_destroy: release the lock + * @@param mutex: pointer to the lock for the client handle + * @@param log_ctx: NULL or resolver's context log messages + */ +typedef librpz_clist_t *(librpz_clist_create_t)(librpz_emsg_t *emsg, + librpz_mutex_t *lock, + librpz_mutex_t *unlock, + librpz_mutex_t *mutex_destroy, + void *mutex, void *log_ctx); +LIBDEF_F(clist_create) + + +/** + * Release the list of dnsrpzd connections. + */ +typedef void (librpz_clist_detach_t)(librpz_clist_t **clistp); +LIBDEF_F(clist_detach) + +/** + * Create a librpz client handle. + * @@param[out] emsg: error message + * @@param: list of dnsrpzd connections + * @@param cstr: string of configuration settings separated by ';' or '\n' + * @@param use_expired: true to not ignore expired zones + * @@return client handle or NULL if the handle could not be created + */ +typedef librpz_client_t *(librpz_client_create_t)(librpz_emsg_t *emsg, + librpz_clist_t *clist, + const char *cstr, + bool use_expired); +LIBDEF_F(client_create) + +/** + * Start (if necessary) dnsrpzd and connect to it. + * @@param[out] emsg: error message + * @@param client handle + * @@param optional: true if it is ok if starting the daemon is not allowed + */ +typedef bool (librpz_connect_t)(librpz_emsg_t *emsg, librpz_client_t *client, + bool optional); +LIBDEF_F(connect) + +/** + * Start to destroy a librpz client handle. + * It will not be destroyed until the last set of RPZ queries represented + * by a librpz_rsp_t ends. + * @@param client handle to be released + * @@return false on error + */ +typedef void (librpz_client_detach_t)(librpz_client_t **clientp); +LIBDEF_F(client_detach) + +/** + * State for a set of RPZ queries for a single DNS response + * or for listing the database. + */ +typedef struct librpz_rsp librpz_rsp_t; + +/** + * Start a set of RPZ queries for a single DNS response. + * @@param[out] emsg: error message for false return or *rspp=NULL + * @@param[out] rspp created context or NULL + * @@param[out] min_ns_dotsp: NULL or pointer to configured MIN-NS-DOTS value + * @@param client state + * @@param have_rd: RD=1 in the DNS request + * @@param have_do: DO=1 in the DNS request + * @@return false on error + */ +typedef bool (librpz_rsp_create_t)(librpz_emsg_t *emsg, librpz_rsp_t **rspp, + int *min_ns_dotsp, librpz_client_t *client, + bool have_rd, bool have_do); +LIBDEF_F(rsp_create) + +/** + * Finish RPZ work for a DNS response. + */ +typedef void (librpz_rsp_detach_t)(librpz_rsp_t **rspp); +LIBDEF_F(rsp_detach) + +/** + * Get the final, accumulated result of a set of RPZ queries. + * Yield LIBRPZ_POLICY_UNDEFINED if + * - there were no hits, + * - there was a dispositive hit, be we have not recursed and are required + * to recurse so that evil DNS authories will not know we are using RPZ + * - we have a hit and have recursed, but later data such as NSIP could + * override + * @@param[out] emsg + * @@param[out] result describes the hit + * or result->policy=LIBRPZ_POLICY_UNDEFINED without a hit + * @@param[out] result: current policy rewrite values + * @@param recursed: recursion has now been done even if it was not done + * when the hit was found + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_result_t)(librpz_emsg_t *emsg, librpz_result_t *result, + bool recursed, const librpz_rsp_t *rsp); +LIBDEF_F(rsp_result) + +/** + * Might looking for a trigger be worthwhile? + * @@param trig: look for this type of trigger + * @@param ipv6: true if trig is LIBRPZ_TRIG_CLIENT_IP, LIBRPZ_TRIG_IP, + * or LIBRPZ_TRIG_NSIP and the IP address is IPv6 + * @@return: true if looking could be worthwhile + */ +typedef bool (librpz_have_trig_t)(librpz_trig_t trig, bool ipv6, + const librpz_rsp_t *rsp); +LIBDEF_F(have_trig) + +/** + * Might looking for NSDNAME and NSIP triggers be worthwhile? + * @@return: true if looking could be worthwhile + */ +typedef bool (librpz_have_ns_trig_t)(const librpz_rsp_t *rsp); +LIBDEF_F(have_ns_trig) + +/** + * Convert the found client IP trie key to a CIDR block + * @@param[out] emsg + * @@param[out] prefix trigger + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_clientip_prefix_t)(librpz_emsg_t *emsg, + librpz_prefix_t *prefix, + librpz_rsp_t *rsp); +LIBDEF_F(rsp_clientip_prefix) + +/** + * Compute the owner name of the found or result trie key, usually to log it. + * An IP address key might be returned as 8.0.0.0.127.rpz-client-ip. + * example.com. might be a qname trigger. example.com.rpz-nsdname. could + * be an NSDNAME trigger. + * @@param[out] emsg + * @@param[out] owner domain + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_domain_t)(librpz_emsg_t *emsg, + librpz_domain_buf_t *owner, + librpz_rsp_t *rsp); +LIBDEF_F(rsp_domain) + +/** + * Get the next RR of the LIBRPZ_POLICY_RECORD result after an initial use of + * librpz_rsp_result() or librpz_itr_node() or after a previous use of + * librpz_rsp_rr(). The RR is in uncompressed wire format including type, + * class, ttl and length in network byte order. + * @@param[out] emsg + * @@param[out] typep: optional host byte order record type or ns_t_invalid (0) + * @@param[out] classp: class such as ns_c_in + * @@param[out] ttlp: TTL + * @@param[out] rrp: optionall malloc() buffer containting the next RR or + * NULL after the last RR + * @@param[out] result: current policy rewrite values + * @@param qname: used construct a wildcard CNAME + * @@param qname_size + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_rr_t)(librpz_emsg_t *emsg, uint16_t *typep, + uint16_t *classp, uint32_t *ttlp, + librpz_rr_t **rrp, librpz_result_t *result, + const uint8_t *qname, size_t qname_size, + librpz_rsp_t *rsp); +LIBDEF_F(rsp_rr) + +/** + * Get the next RR of the LIBRPZ_POLICY_RECORD result. + * @@param[out] emsg + * @@param[out] ttlp: TTL + * @@param[out] rrp: malloc() buffer with SOA RR without owner name + * @@param[out] result: current policy rewrite values + * @@param[out] origin: SOA owner name + * @@param[out] origin_size + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_soa_t)(librpz_emsg_t *emsg, uint32_t *ttlp, + librpz_rr_t **rrp, librpz_domain_buf_t *origin, + librpz_result_t *result, librpz_rsp_t *rsp); +LIBDEF_F(rsp_soa) + +/** + * Get the SOA serial number for a policy zone to compare with a known value + * to check whether a zone tranfer is complete. + */ +typedef bool (librpz_soa_serial_t)(librpz_emsg_t *emsg, uint32_t *serialp, + const char *domain_nm, librpz_rsp_t *rsp); +LIBDEF_F(soa_serial) + +/** + * Save the current policy checking state. + * @@param[out] emsg + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_push_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); +LIBDEF_F(rsp_push) +#define LIBRPZ_RSP_STACK_DEPTH 3 + +/** + * Restore the previous policy checking state. + * @@param[out] emsg + * @@param[out] result: NULL or restored policy rewrite values + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_pop_t)(librpz_emsg_t *emsg, librpz_result_t *result, + librpz_rsp_t *rsp); +LIBDEF_F(rsp_pop) + +/** + * Discard the most recently save policy checking state. + * @@param[out] emsg + * @@param[out] result: NULL or restored policy rewrite values + * @@return false on error + */ +typedef bool (librpz_rsp_pop_discard_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); +LIBDEF_F(rsp_pop_discard) + +/** + * Disable a zone. + * @@param[out] emsg + * @@param znum + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_rsp_forget_zone_t)(librpz_emsg_t *emsg, + librpz_cznum_t znum, librpz_rsp_t *rsp); +LIBDEF_F(rsp_forget_zone) + +/** + * Apply RPZ to an IP address. + * @@param[out] emsg + * @@param addr: address to check + * @@param ipv6: true for 16 byte IPv6 instead of 4 byte IPv4 + * @@param trig LIBRPZ_TRIG_CLIENT_IP, LIBRPZ_TRIG_IP, or LIBRPZ_TRIG_NSIP + * @@param hit_id: caller chosen + * @@param recursed: recursion has been done + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_ck_ip_t)(librpz_emsg_t *emsg, + const void *addr, uint family, + librpz_trig_t trig, librpz_result_id_t hit_id, + bool recursed, librpz_rsp_t *rsp); +LIBDEF_F(ck_ip) + +/** + * Apply RPZ to a wire-format domain. + * @@param[out] emsg + * @@param domain in wire format + * @@param domain_size + * @@param trig LIBRPZ_TRIG_QNAME or LIBRPZ_TRIG_NSDNAME + * @@param hit_id: caller chosen + * @@param recursed: recursion has been done + * @@param[in,out] rsp state from librpz_itr_start() + * @@return false on error + */ +typedef bool (librpz_ck_domain_t)(librpz_emsg_t *emsg, + const uint8_t *domain, size_t domain_size, + librpz_trig_t trig, librpz_result_id_t hit_id, + bool recursed, librpz_rsp_t *rsp); +LIBDEF_F(ck_domain) + +/** + * Ask dnsrpzd to refresh a zone. + * @@param[out] emsg error message + * @@param librpz_domain_t domain to refresh + * @@param client context + * @@return false after error + */ +typedef bool (librpz_zone_refresh_t)(librpz_emsg_t *emsg, const char *domain, + librpz_rsp_t *rsp); +LIBDEF_F(zone_refresh) + +/** + * Get a string describing the the databasse + * @@param license: include the license + * @@param cfiles: include the configuration file names + * @@param listens: include the local notify IP addresses + * @@param[out] emsg error message if the result is null + * @@param client context + * @@return malloc'ed string or NULL after error + */ +typedef char *(librpz_db_info_t)(librpz_emsg_t *emsg, + bool license, bool cfiles, bool listens, + librpz_rsp_t *rsp); +LIBDEF_F(db_info) + +/** + * Start a context for listing the nodes and/or zones in the mapped file + * @@param[out] emsg: error message for false return or *rspp=NULL + * @@param[out[ rspp created context or NULL + * @@param client context + * @@return false after error + */ +typedef bool (librpz_itr_start_t)(librpz_emsg_t *emsg, librpz_rsp_t **rspp, + librpz_client_t *client); +LIBDEF_F(itr_start) + +/** + * Get mapped file memory allocation statistics. + * @@param[out] emsg: error message + * @@param rsp state from librpz_itr_start() + * @@return malloc'ed string or NULL after error + */ +typedef char *(librpz_mf_stats_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); +LIBDEF_F(mf_stats) + +/** + * Get versions currently used by clients. + * @@param[out] emsg: error message + * @@param[in,out] rsp: state from librpz_itr_start() + * @@return malloc'ed string or NULL after error + */ +typedef char *(librpz_vers_stats_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); +LIBDEF_F(vers_stats) + +/** + * Allocate a string describing the next zone or "" after the last zone. + * @@param[out] emsg + * @@param all_zones to list all instead of only requested zones + * @@param[in,out] rsp state from librpz_rsp_start() + * @@return malloc'ed string or NULL after error + */ +typedef char *(librpz_itr_zone_t)(librpz_emsg_t *emsg, bool all_zones, + librpz_rsp_t *rsp); +LIBDEF_F(itr_zone) + +/** + * Describe the next trie node while dumping the database. + * @@param[out] emsg + * @@param[out] result describes node + * or result->policy=LIBRPZ_POLICY_UNDEFINED after the last node. + * @@param all_zones to list all instead of only requested zones + * @@param[in,out] rsp state from librpz_itr_start() + * @@return: false on error + */ +typedef bool (librpz_itr_node_t)(librpz_emsg_t *emsg, librpz_result_t *result, + bool all_zones, librpz_rsp_t *rsp); +LIBDEF_F(itr_node) + +/** + * RPZ policy to string with a backup buffer of POLICY2STR_SIZE size + */ +typedef const char *(librpz_policy2str_t)(librpz_policy_t policy, + char *buf, size_t buf_size); +#define POLICY2STR_SIZE sizeof("policy xxxxxx") +LIBDEF_F(policy2str) + +/** + * Trigger type to string. + */ +typedef const char *(librpz_trig2str_t)(librpz_trig_t trig); +LIBDEF_F(trig2str) + +/** + * Convert a number of seconds to a zone file duration string + */ +typedef const char *(librpz_secs2str_t)(time_t secs, + char *buf, size_t buf_size); +#define SECS2STR_SIZE sizeof("1234567w7d24h59m59s") +LIBDEF_F(secs2str) + +/** + * Parse a duration with 's', 'm', 'h', 'd', and 'w' units. + */ +typedef bool (librpz_str2secs_t)(librpz_emsg_t *emsg, time_t *val, + const char *str0); +LIBDEF_F(str2secs) + +/** + * Translate selected rtypes to strings + */ +typedef const char *(librpz_rtype2str_t)(uint type, char *buf, size_t buf_size); +#define RTYPE2STR_SIZE sizeof("type xxxxx") +LIBDEF_F(rtype2str) + +/** + * Local version of ns_name_ntop() for portability. + */ +typedef int (librpz_domain_ntop_t)(const u_char *src, char *dst, size_t dstsiz); +LIBDEF_F(domain_ntop) + +/** + * Local version of ns_name_pton(). + */ +typedef int (librpz_domain_pton2_t)(const char *src, u_char *dst, size_t dstsiz, + size_t *dstlen, bool lower); +LIBDEF_F(domain_pton2) + +typedef union socku socku_t; +typedef socku_t *(librpz_mk_inet_su_t)(socku_t *su, const struct in_addr *addrp, + in_port_t port); +LIBDEF_F(mk_inet_su) + +typedef socku_t *(librpz_mk_inet6_su_t)(socku_t *su, const + struct in6_addr *addrp, + uint32_t scope_id, in_port_t port); +LIBDEF_F(mk_inet6_su) + +typedef bool (librpz_str2su_t)(socku_t *sup, const char *str); +LIBDEF_F(str2su) + +typedef char *(librpz_su2str_t)(char *str, size_t str_len, const socku_t *su); +LIBDEF_F(su2str) +#define SU2STR_SIZE (INET6_ADDRSTRLEN+1+6+1) + + +/** + * default path to dnsrpzd + */ +const char *librpz_dnsrpzd_path; + + +#undef LIBDEF + +/* + * This is the dlopen() interface to librpz. + */ +typedef const struct { + const char *dnsrpzd_path; + const char *version; + librpz_parse_log_opt_t *parse_log_opt; + librpz_log_level_val_t *log_level_val; + librpz_set_log_t *set_log; + librpz_vpemsg_t *vpemsg; + librpz_pemsg_t *pemsg; + librpz_vlog_t *vlog; + librpz_log_t *log; + librpz_fatal_t *fatal LIBRPZ_NORET; + librpz_rpz_assert_t *rpz_assert LIBRPZ_NORET; + librpz_rpz_vassert_t *rpz_vassert LIBRPZ_NORET; + librpz_clist_create_t *clist_create; + librpz_clist_detach_t *clist_detach; + librpz_client_create_t *client_create; + librpz_connect_t *connect; + librpz_client_detach_t *client_detach; + librpz_rsp_create_t *rsp_create; + librpz_rsp_detach_t *rsp_detach; + librpz_rsp_result_t *rsp_result; + librpz_have_trig_t *have_trig; + librpz_have_ns_trig_t *have_ns_trig; + librpz_rsp_clientip_prefix_t *rsp_clientip_prefix; + librpz_rsp_domain_t *rsp_domain; + librpz_rsp_rr_t *rsp_rr; + librpz_rsp_soa_t *rsp_soa; + librpz_soa_serial_t *soa_serial; + librpz_rsp_push_t *rsp_push; + librpz_rsp_pop_t *rsp_pop; + librpz_rsp_pop_discard_t *rsp_pop_discard; + librpz_rsp_forget_zone_t *rsp_forget_zone; + librpz_ck_ip_t *ck_ip; + librpz_ck_domain_t *ck_domain; + librpz_zone_refresh_t *zone_refresh; + librpz_db_info_t *db_info; + librpz_itr_start_t *itr_start; + librpz_mf_stats_t *mf_stats; + librpz_vers_stats_t *vers_stats; + librpz_itr_zone_t *itr_zone; + librpz_itr_node_t *itr_node; + librpz_policy2str_t *policy2str; + librpz_trig2str_t *trig2str; + librpz_secs2str_t *secs2str; + librpz_str2secs_t *str2secs; + librpz_rtype2str_t *rtype2str; + librpz_domain_ntop_t *domain_ntop; + librpz_domain_pton2_t *domain_pton2; + librpz_mk_inet_su_t *mk_inet_su; + librpz_mk_inet6_su_t *mk_inet6_su; + librpz_str2su_t *str2su; + librpz_su2str_t *su2str; +} librpz_0_t; +extern librpz_0_t librpz_def_0; + +/* + * Future versions can be upward compatible by defining LIBRPZ_DEF as + * librpz_X_t. + */ +#define LIBRPZ_DEF librpz_def_0 +#define LIBRPZ_DEF_STR "librpz_def_0" + +typedef librpz_0_t librpz_t; +extern librpz_t *librpz; + + +#if LIBRPZ_LIB_OPEN == 2 +#include + +/** + * link-load librpz + * @@param[out] emsg: error message + * @@param[in,out] dl_handle: NULL or pointer to new dlopen handle + * @@param[in] path: librpz.so path + * @@return address of interface structure or NULL on failure + */ +static inline librpz_t * +librpz_lib_open(librpz_emsg_t *emsg, void **dl_handle, const char *path) +{ + void *handle; + librpz_t *new_librpz; + + emsg->c[0] = '\0'; + + /* + * Close a previously opened handle on librpz.so. + */ + if (dl_handle != NULL && *dl_handle != NULL) { + if (dlclose(*dl_handle) != 0) { + snprintf(emsg->c, sizeof(librpz_emsg_t), + "dlopen(NULL): %s", dlerror()); + return (NULL); + } + *dl_handle = NULL; + } + + /* + * First try the main executable of the process in case it was + * linked to librpz. + * Do not worry if we cannot search the main executable of the process. + */ + handle = dlopen(NULL, RTLD_NOW | RTLD_LOCAL); + if (handle != NULL) { + new_librpz = dlsym(handle, LIBRPZ_DEF_STR); + if (new_librpz != NULL) { + if (dl_handle != NULL) + *dl_handle = handle; + return (new_librpz); + } + if (dlclose(handle) != 0) { + snprintf(emsg->c, sizeof(librpz_emsg_t), + "dlsym(NULL, "LIBRPZ_DEF_STR"): %s", + dlerror()); + return (NULL); + } + } + + if (path == NULL || path[0] == '\0') { + snprintf(emsg->c, sizeof(librpz_emsg_t), + "librpz not linked and no dlopen() path provided"); + return (NULL); + } + + handle = dlopen(path, RTLD_NOW | RTLD_LOCAL); + if (handle == NULL) { + snprintf(emsg->c, sizeof(librpz_emsg_t), "dlopen(%s): %s", + path, dlerror()); + return (NULL); + } + new_librpz = dlsym(handle, LIBRPZ_DEF_STR); + if (new_librpz != NULL) { + if (dl_handle != NULL) + *dl_handle = handle; + return (new_librpz); + } + snprintf(emsg->c, sizeof(librpz_emsg_t), + "dlsym(%s, "LIBRPZ_DEF_STR"): %s", + path, dlerror()); + dlclose(handle); + return (NULL); +} + +#elif defined(LIBRPZ_LIB_OPEN) + +/* + * Statically link to the librpz.so DSO on systems without dlopen() + */ +static inline librpz_t * +librpz_lib_open(librpz_emsg_t *emsg, void **dl_handle, const char *path) +{ + (void)(path); + + if (dl_handle != NULL) + *dl_handle = NULL; + +#if LIBRPZ_LIB_OPEN == 1 + emsg->c[0] = '\0'; + return (&LIBRPZ_DEF); +#else + snprintf(emsg->c, sizeof(librpz_emsg_t), + "librpz not available via ./configure"); + return (NULL); +#endif /* LIBRPZ_LIB_OPEN */ +} +#endif /* LIBRPZ_LIB_OPEN */ + +#endif /* LIBRPZ_H */ =================================================================== RCS file: ./fastrpz/RCS/rpz.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.c --- ./fastrpz/rpz.c +++ ./fastrpz/rpz.c @@@@ -0,0 +1,1357 @@@@ +/* + * fastrpz/rpz.c - interface to the fastrpz response policy zone library + * + * Optimize no-rewrite cases for speed but optimize rewriting for + * simplicity and size. + */ + +#include "config.h" + +#ifdef ENABLE_FASTRPZ +#include "daemon/daemon.h" +#define LIBRPZ_LIB_OPEN FASTRPZ_LIB_OPEN +#include "fastrpz/rpz.h" +#include "daemon/worker.h" +#include "iterator/iter_delegpt.h" +#include "iterator/iter_utils.h" +#include "iterator/iterator.h" +#include "util/data/dname.h" +#include "util/data/msgencode.h" +#include "util/data/msgparse.h" +#include "util/data/msgreply.h" +#include "util/log.h" +#include "util/netevent.h" +#include "util/net_help.h" +#include "util/regional.h" +#include "util/storage/slabhash.h" +#include "services/cache/dns.h" +#include "services/cache/rrset.h" +#include "services/mesh.h" +#include "sldns/sbuffer.h" +#include "sldns/rrdef.h" + + +typedef enum state { + /* No more rewriting */ + st_off = 1, + /* Send SERVFAIL */ + st_servfail, + /* No dispositive hit yet */ + st_unknown, + /* Let the iterator resolve a CNAME or get a delegation point. */ + st_iterate, + /* Let the iterator resolve NS to check NSIP or NSDNAME triggers. */ + st_ck_ns, + /* We have an answer */ + st_rewritten, +} st_t; + + +/* RPZ state pointed to by struct comm_reply */ +typedef struct commreply_rpz { + /* librpz state */ + librpz_rsp_t* rsp; + /* ID for log messages */ + int log_id; + + /* from configuration */ + int min_ns_dots; + + /* Running in the iterator */ + bool iterating; + + /* current and previous state and librpz result */ + st_t st; + st_t saved_st[LIBRPZ_RSP_STACK_DEPTH-1]; + librpz_result_t result; + + /* Stop adding CNAMEs to the prepend list before this owner name. */ + librpz_domain_buf_t cname_hit; + /* It is not the first CNAME */ + bool cname_hit_2nd; + librpz_result_id_t hit_id; +} commreply_rpz_t; + + +/* Generate an ID for log messages. */ +static int log_id; + +librpz_t *librpz; + + +static void LIBRPZ_NORET +rpz_assert(const char *s) +{ + fatal_exit("%s", s); + exit(1); +} +#define RPZ_ASSERT(c) ((c) ? (void)0 : rpz_assert(#c), (void)0) + +/* + * librpz client handle locking + */ +static void +lock_destroy(void* mutex) +{ + lock_basic_destroy(mutex); + free(mutex); +} + +static void +lock(void* mutex) +{ + lock_basic_lock(mutex); +} + +static void +unlock(void* mutex) +{ + lock_basic_unlock(mutex); +} + + +static void +log_fnc(librpz_log_level_t level, void* ATTR_UNUSED(ctx), const char* buf) +{ + char label_buf[sizeof("rpz ")+8]; + + /* Setting librpz_log_level overrides the unbound "verbose" level. */ + if(level > LIBRPZ_LOG_TRACE1 && + level <= librpz->log_level_val(LIBRPZ_LOG_INVALID)) + level = LIBRPZ_LOG_TRACE1; + + switch(level) { + case LIBRPZ_LOG_FATAL: + case LIBRPZ_LOG_ERROR: /* errors */ + default: + log_err("rpz: %s", buf); + break; + + case LIBRPZ_LOG_TRACE1: /* big events such as dnsrpzd starts */ + verbose(VERB_OPS, "rpz: %s", buf); + break; + + case LIBRPZ_LOG_TRACE2: /* smaller dnsrpzd zone transfers */ + verbose(VERB_DETAIL, "rpz: %s", buf); + break; + + case LIBRPZ_LOG_TRACE3: /* librpz hits */ + verbose(VERB_QUERY, "rpz: %s", buf); + break; + + case LIBRPZ_LOG_TRACE4: /* librpz lookups */ + verbose(VERB_CLIENT, "rpz: %s", buf); + break; + } +} + + +/* Release the librpz version. */ +static void +rpz_off(commreply_rpz_t* rpz, st_t st) +{ + if(!rpz) + return; + rpz->st = st; + librpz->rsp_detach(&rpz->rsp); +} + + +static void LIBRPZ_PF(2,3) +log_fail(commreply_rpz_t* rpz, const char* p, ...) +{ + va_list args; + + if(rpz->st == st_servfail) + return; + + va_start(args, p); + librpz->vlog(LIBRPZ_LOG_ERROR, rpz, p, args); + va_end(args); + if(!rpz) + return; + rpz_off(rpz, st_servfail); +} + + +/* Announce a rewrite. */ +static void +log_rewrite(uint8_t* qname, librpz_policy_t policy, const char* msg, + commreply_rpz_t* rpz) +{ + char policy_buf[POLICY2STR_SIZE]; + char qname_nm[LDNS_MAX_DOMAINLEN+1]; + librpz_domain_buf_t tdomain; + char tdomain_nm[LDNS_MAX_DOMAINLEN+1]; + librpz_emsg_t emsg; + + if(rpz->st == st_servfail || !rpz->result.log) + return; + if(librpz->log_level_val(LIBRPZ_LOG_INVALID) < LIBRPZ_LOG_TRACE1) + return; + + dname_str(qname, qname_nm); + + if(!librpz->rsp_domain(&emsg, &tdomain, rpz->rsp)) { + librpz->log(LIBRPZ_LOG_ERROR, rpz, "%s", emsg.c); + return; + } + dname_str(tdomain.d, tdomain_nm); + + librpz->log(LIBRPZ_LOG_TRACE3, rpz, "%srewriting %s via %s %s to %s", + msg, qname_nm, tdomain_nm, + librpz->trig2str(rpz->result.trig), + librpz->policy2str(policy, policy_buf, + sizeof(policy_buf))); +} + + +/* Connect to and start dnsrpzd if necessary for the unbound daemon. + * Require "rpz-conf: path" to specify the rpz configuration file. + * The unbound server directory name is the default rpz working + * directory. If unbound uses chroot, then the dnsrpzd working + * directory must be in the chroot tree. + * The database and socket are closed and re-opened. + */ +void +rpz_init(librpz_clist_t** pclist, librpz_client_t** pclient, + const struct config_file* cfg) +{ + lock_basic_type* mutex; + librpz_emsg_t emsg; + + if(!librpz) { + librpz = librpz_lib_open(&emsg, NULL, FASTRPZ_LIBRPZ_PATH); + if(!librpz) + fatal_exit("rpz: %s", emsg.c); + } + + librpz->set_log(&log_fnc, NULL); + + if(!cfg->rpz_cstr) + fatal_exit("rpz: rpz-zone: not set"); + + librpz->client_detach(pclient); + librpz->clist_detach(pclist); + + mutex = malloc(sizeof(*mutex)); + if(!mutex) + fatal_exit("rpz: no memory for lock"); + lock_basic_init(mutex); + + *pclist = librpz->clist_create(&emsg, &lock, &unlock, &lock_destroy, + mutex, NULL); + if(!pclist) + fatal_exit("rpz: %s", emsg.c); + + *pclient = librpz->client_create(&emsg, *pclist, cfg->rpz_cstr, false); + if(!*pclient) + fatal_exit("rpz: %s", emsg.c); + + if(!librpz->connect(&emsg, *pclient, true)) + fatal_exit("rpz: %s", emsg.c); + + verbose(VERB_OPS, "rpz: librpz version %s", librpz->version); +} + + +/* Stop using librpz on behalf of a worker thread. */ +void +rpz_delete(librpz_clist_t** pclist, librpz_client_t** pclient) +{ + if(librpz) { + librpz->client_detach(pclient); + librpz->clist_detach(pclist); + } +} + + +/* Release the librpz resources held for a DNS client request. */ +void +rpz_end(struct comm_reply* commreply) +{ + if(!commreply->rpz) + return; + rpz_off(commreply->rpz, commreply->rpz->st); + free(commreply->rpz); + commreply->rpz = NULL; +} + + +static bool +push_st(commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + if(rpz->st == st_off || rpz->st == st_servfail) { + librpz->log(LIBRPZ_LOG_ERROR, rpz, + "state %d in push_st()", rpz->st); + return false; + } + if(!librpz->rsp_push(&emsg, rpz->rsp)) + log_fail(rpz, "%s", emsg.c); + memmove(&rpz->saved_st[1], &rpz->saved_st[0], + sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); + rpz->saved_st[0] = rpz->st; + return rpz->st != st_servfail; +} + + +static bool +pop_st(commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + if(rpz->rsp && !librpz->rsp_pop(&emsg, &rpz->result, rpz->rsp)) + log_fail(rpz, "%s", emsg.c); + if(rpz->st != st_servfail) + rpz->st = rpz->saved_st[0]; + memmove(&rpz->saved_st[0], &rpz->saved_st[1], + sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); + return rpz->st != st_servfail; +} + +static bool +pop_discard_st(commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + if(rpz->rsp && !librpz->rsp_pop_discard(&emsg, rpz->rsp)) + log_fail(rpz, "%s", emsg.c); + memmove(&rpz->saved_st[0], &rpz->saved_st[1], + sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); + return rpz->st != st_servfail; +} + +/* Check a rewrite attempt for errors and a disabled zone. */ +static bool /* true=repeat the check */ +ck_after(uint8_t* qname, bool recursed, librpz_trig_t trig, + commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + if(rpz->st == st_servfail) + return false; + + if(!librpz->rsp_result(&emsg, &rpz->result, recursed, rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + return false; + } + + if(rpz->result.policy == LIBRPZ_POLICY_DISABLED) { + /* Log the hit on the disabled zone, do not try the zone again, + * and restore the state from before the check to forget the hit + * before trying again. */ + log_rewrite(qname, rpz->result.zpolicy, "disabled ", rpz); + if(!librpz->rsp_forget_zone(&emsg, rpz->result.cznum, rpz->rsp)) + log_fail(rpz, "%s", emsg.c); + return pop_st(rpz); + } + + /* Complain about and forget client-IP address hit that is not + * dispositive. Client-IP triggers have the highest priority + * within a policy zone, but can be overridden by any hit in a policy + * earlier in the client's (resolver's) list of zones, including + * policies that cannot be hit until after recursion. If we allowed + * client-IP triggers in secondary zones, then than two DNS requests + * that differ only in DNS client-IP addresses could properly + * have differing results. The Unbound iterator treats identical + * DNS requests the same regardless of DNS client-IP address. + * struct query_info would need to be modified to have an optional + * librpz_prefix_t containing the prefix of the client-IP address hit + * from librpz->rsp_clientip_prefix(). Adding to struct query_info + * would require finding and changing the many and obscure places + * including the Unbound tests to memset(0) the struct query_info + * that they create. */ + if(trig == LIBRPZ_TRIG_CLIENT_IP) { + if(rpz->result.cznum != 0) { + log_rewrite(qname, rpz->result.policy, + "ignore secondary ", rpz); + if(!pop_st(rpz)) + log_fail(rpz, "%s", emsg.c); + return (false); + } + } + + /* Forget the state from before the check and keep the new state + * if we do not have a hit on a disabled policy zone. */ + pop_discard_st(rpz); + return false; +} + + +/* Get the next RR from the policy record. */ +static bool +next_rr(librpz_rr_t** rrp, const uint8_t* qname, size_t qname_len, + commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + if(!librpz->rsp_rr(&emsg, NULL, NULL, NULL, rrp, &rpz->result, + qname, qname_len, rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + *rrp = NULL; + return false; + } + return true; +} + + +static bool /* false=fatal error to be logged */ +add_rr(struct sldns_buffer* pkt, const uint8_t* owner, size_t owner_len, + librpz_rr_t* rr, commreply_rpz_t* rpz) +{ + size_t rdlength; + + rdlength = ntohs(rr->rdlength); + + if(!sldns_buffer_available(pkt, owner_len + 10 + rdlength)) { + log_fail(rpz, "comm_reply buffer exhausted"); + free(rr); + return false; + } + sldns_buffer_write(pkt, owner, owner_len); + /* sizeof(librpz_rr_t)=12 instead of 10 */ + sldns_buffer_write(pkt, rr, 10 + rdlength); + return true; +} + + +/* Convert a fake incoming DNS message to an Unbound struct dns_msg */ +static void +pkt2dns_msg(struct dns_msg** dnsmsg, struct sldns_buffer* pkt, + commreply_rpz_t* rpz, struct regional* region) +{ + struct msg_parse* msgparse; + + msgparse = regional_alloc(region, sizeof(*msgparse)); + if(!msgparse) { + log_fail(rpz, "out of memory for msgparse"); + *dnsmsg = NULL; + return; + } + memset(msgparse, 0, sizeof(*msgparse)); + if(parse_packet(pkt, msgparse, region) != LDNS_RCODE_NOERROR) { + log_fail(rpz, "packet parse error"); + *dnsmsg = NULL; + return; + } + *dnsmsg = dns_alloc_msg(pkt, msgparse, region); + if(!*dnsmsg) { + log_fail(rpz, "dns_alloc_msg() failed"); + *dnsmsg = NULL; + return; + } + (*dnsmsg)->rep->security = sec_status_rpz_rewritten; +} + + +static bool /* false=SERVFAIL */ +ck_ip_rrset(const void* vdata, int family, librpz_trig_t trig, + uint8_t* qname, commreply_rpz_t* rpz) +{ + const struct packed_rrset_data* data; + uint rr_n; + size_t len; + librpz_emsg_t emsg; + + data = vdata; + + /* Loop to ignore disabled zones. */ + do { + if(!push_st(rpz)) + return false; + for(rr_n = 0; rr_n < data->count; ++rr_n) { + len = data->rr_len[rr_n]; + /* Skip bogus including negative placeholding rdata. */ + if((family == AF_INET && + len != sizeof(struct in_addr)+2) || + (family == AF_INET6 && + len != sizeof(struct in6_addr)+2)) + continue; + if(!librpz->ck_ip(&emsg, data->rr_data[rr_n]+2, + family, trig, rpz->hit_id, true, + rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + return false; + } + } + } while(ck_after(qname, true, trig, rpz)); + return rpz->st != st_servfail; +} + + +static bool /* false=SERVFAIL */ +ck_dname(uint8_t* dname, size_t dname_size, librpz_trig_t trig, + uint8_t* qname, bool recursed, commreply_rpz_t* rpz) +{ + librpz_emsg_t emsg; + + /* Refuse to check the root. */ + if(dname_is_root(dname)) + return rpz->st != st_servfail; + + /* Loop to ignore disabled zones. */ + do { + if(!push_st(rpz)) + return false; + if(!librpz->ck_domain(&emsg, dname, dname_size, trig, + rpz->hit_id, recursed, rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + return false; + } + } while(ck_after(qname, recursed, trig, rpz)); + + return rpz->st != st_servfail; +} + + +/* Check the IPv4 or IPv6 addresses for one NS name. */ +static bool /* false=st_servfail */ +ck_1nsip(uint8_t* nsname, size_t nsname_size, int family, int qtype, + bool* have_ns, commreply_rpz_t* rpz, struct module_env* env) +{ + struct ub_packed_rrset_key* akey; + + akey = rrset_cache_lookup(env->rrset_cache, nsname, nsname_size, + qtype, LDNS_RR_CLASS_IN, 0, 0, 0); + if(akey) { + *have_ns = true; + + if(!ck_ip_rrset(akey->entry.data, family, LIBRPZ_TRIG_NSIP, + nsname, rpz)) { + lock_rw_unlock(&akey->entry.lock); + return false; + } + lock_rw_unlock(&akey->entry.lock); + } + return true; +} + + +static bool /* false=st_servfail */ +ck_qname(uint8_t* qname, size_t qname_len, + bool recursed, /* recursion done */ + bool wait_ns, /* willing to iterate for NS data */ + commreply_rpz_t* rpz, struct module_env* env) +{ + uint8_t* dname; + size_t dname_size; + int cur_lab; + struct ub_packed_rrset_key* nskey; + const struct packed_rrset_data* nsdata; + uint8_t* nsname; + size_t nsname_size; + uint rr_n; + bool have_ns, tried_ns; + + if(!ck_dname(qname, qname_len, LIBRPZ_TRIG_QNAME, qname, false, rpz)) + return false; + + /* Do not waste time looking for NSDNAME and NSIP hits when there + * are no currently relevant triggers. */ + if(!librpz->have_ns_trig(rpz->rsp)) + return true; + + have_ns = false; + tried_ns = false; + dname = qname; + dname_size = qname_len; + for(cur_lab = dname_count_labels(dname) - 2; + cur_lab > rpz->min_ns_dots; + --cur_lab) { + tried_ns = true; + dname_remove_label(&dname, &dname_size); + nskey = rrset_cache_lookup(env->rrset_cache, dname, dname_size, + LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN, + 0, 0, 0); + if(!nskey) + continue; + + nsdata = (const struct packed_rrset_data*)nskey->entry.data; + for(rr_n = 0; + rr_n < nsdata->count && rpz->st == st_unknown; + ++rr_n) { + nsname = nsdata->rr_data[rr_n]+2; + nsname_size = nsdata->rr_len[rr_n]; + if(nsname_size <= 2) + continue; + nsname_size -= 2; + if(!ck_dname(nsname, nsname_size, LIBRPZ_TRIG_NSDNAME, + qname, recursed, rpz)) + return false; + if(!ck_1nsip(nsname, nsname_size, AF_INET, + LDNS_RR_TYPE_A, &have_ns, rpz, env)) + return false; + if(!ck_1nsip(nsname, nsname_size, AF_INET6, + LDNS_RR_TYPE_AAAA, &have_ns, rpz, env)) + return false; + } + lock_rw_unlock(&nskey->entry.lock); + } + + /* If we failed to find NS records, then stop building the response + * before a CNAME with this owner name. */ + if(!have_ns && tried_ns && (!recursed || wait_ns)) { + rpz->cname_hit.size = qname_len; + RPZ_ASSERT(rpz->cname_hit.size <= sizeof(rpz->cname_hit.d)); + memcpy(rpz->cname_hit.d, qname, qname_len); + rpz->result.hit_id = rpz->hit_id; + rpz->st = st_ck_ns; + } + return true; +} + + +/* + * Are we ready to rewrite the response? + */ +static bool /* true=send rewritten response */ +ck_result(uint8_t* qname, bool recursed, + commreply_rpz_t* rpz, const struct comm_point* commpoint) +{ + librpz_emsg_t emsg; + + switch(rpz->st) { + case st_off: + case st_servfail: + case st_rewritten: + return false; + case st_unknown: + break; + case st_iterate: + return false; + case st_ck_ns: + /* An NSDNAME or NSIP check failed for lack of cached data. */ + return false; +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wunreachable-code" + default: + fatal_exit("impossible RPZ state %d in rpz_worker_cache()", + rpz->st); +#pragma clang diagnostic pop + } + + /* Wait for a trigger. */ + if(rpz->result.policy == LIBRPZ_POLICY_UNDEFINED) { + if(recursed && + rpz->result.zpolicy != LIBRPZ_POLICY_UNDEFINED && + !librpz->rsp_result(&emsg, &rpz->result, true, rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + return false; + } + if(rpz->result.policy == LIBRPZ_POLICY_UNDEFINED) + return false; + } + + if(rpz->result.policy == LIBRPZ_POLICY_PASSTHRU) { + log_rewrite(qname, rpz->result.policy, "", rpz); + rpz_off(rpz, st_off); + return false; + } + + /* The TCP-only policy answers UDP requests with truncated responses. */ + if(rpz->result.policy == LIBRPZ_POLICY_TCP_ONLY && + commpoint->type == comm_tcp) { + rpz_off(rpz, st_off); + return false; + } + + return true; +} + + +/* + * Convert an RPZ hit to a struct dns_msg + */ +static void +get_result_msg(struct dns_msg** dnsmsg, struct query_info* qinfo, + uint16_t id, uint16_t flags, bool recursed, commreply_rpz_t* rpz, + struct comm_point* commpoint, struct regional* region) +{ + librpz_rr_t* rr; + librpz_domain_buf_t origin; + struct sldns_buffer* pkt; + uint16_t num_rrs; + librpz_emsg_t emsg; + + *dnsmsg = NULL; + if(!ck_result(qinfo->qname, recursed, rpz, commpoint)) + return; + + rpz->st = st_rewritten; + + if(rpz->result.policy == LIBRPZ_POLICY_DROP) { + log_rewrite(qinfo->qname, rpz->result.policy, "", rpz); + /* Make a fake cached message to carry + * sec_status_rpz_drop and be dropped. */ + error_encode(commpoint->buffer, LDNS_RCODE_NOERROR, + qinfo, id, flags, NULL); + pkt2dns_msg(dnsmsg, commpoint->buffer, rpz, region); + (*dnsmsg)->rep->security = sec_status_rpz_drop; + return; + } + + /* Create a DNS message of the RPZ data. + * In many cases that message could be sent directly to the DNS client, + * but sometimes iteration must be used to resolve a CNAME. + * This need not be fast, because rewriting responses should be rare. + * Therefore, use the simpler but slower tactic of generating a + * parsed version of the message. */ + + flags &= ~BIT_AA; + flags |= BIT_QR | BIT_RA; + rr = NULL; + + /* The TCP-only policy answers UDP requests with truncated responses. */ + if(rpz->result.policy == LIBRPZ_POLICY_TCP_ONLY) { + flags |= BIT_TC; + + } else if(rpz->result.policy == LIBRPZ_POLICY_NXDOMAIN) { + flags |= LDNS_RCODE_NXDOMAIN; + + } else if(rpz->result.policy == LIBRPZ_POLICY_CNAME) { + if(!rpz->iterating && + qinfo->qtype != LDNS_RR_TYPE_CNAME) { + /* The new DNS message would be a CNAME and + * the external request was not for a CNAME. + * The worker must punt to the iterator so that + * the iterator can resolve the CNAME. */ + rpz->st = st_iterate; + return; + } + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); + + } else if(rpz->result.policy == LIBRPZ_POLICY_RECORD || + rpz->result.policy == LIBRPZ_POLICY_NODATA) { + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); + /* Punt to the iterator if the new DNS message would + * be a CNAME that must be resolved. */ + if(!rpz->iterating && + qinfo->qtype != LDNS_RR_TYPE_CNAME && + rr && rr->type == ntohs(LDNS_RR_TYPE_CNAME)) { + free(rr); + rpz->st = st_iterate; + return; + } + } + log_rewrite(qinfo->qname, rpz->result.policy, "", rpz); + + /* Make a buffer containing a DNS message with the RPZ data. */ + pkt = commpoint->buffer; + sldns_buffer_clear(pkt); + if(sldns_buffer_remaining(pkt) < LDNS_HEADER_SIZE) { + log_fail(rpz, "comm_reply buffer too small for header"); + if(rr) + free(rr); + return; + } + + /* Install ID, flags, QDCOUNT=1, ANCOUNT=# of RPZ RRs, NSCOUNT=0, + * and ARCOUNT=1 for the RPZ SOA. */ + sldns_buffer_write_u16(pkt, id); + sldns_buffer_write_u16(pkt, flags); + sldns_buffer_write_u16(pkt, 1); /* QDCOUNT */ + sldns_buffer_write_u16(pkt, 0); /* ANCOUNT will be set later */ + sldns_buffer_write_u16(pkt, 0); /* NSCOUNT */ + sldns_buffer_write_u16(pkt, 1); /* ARCOUNT */ + + /* Install the question with the LDNS_RR_CLASS_RPZ bit to + * to distinguish this supposed cache entry from the real deal. */ + sldns_buffer_write(pkt, qinfo->qname, qinfo->qname_len); + sldns_buffer_write_u16(pkt, qinfo->qtype); + sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_IN); + + /* Install the RPZ RRs in the answer section */ + num_rrs = 0; + while(rr) { + /* Include only the requested RRs. */ + if(qinfo->qtype == LDNS_RR_TYPE_ANY || + rr->type == htons(qinfo->qtype) || + rr->type == htons(LDNS_RR_TYPE_CNAME)) { + if(!add_rr(pkt, qinfo->qname, qinfo->qname_len, + rr, rpz)) + return; + + ++num_rrs; + } + free(rr); + + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); + } + /* Finish ANCOUNT. */ + if(num_rrs != 0) + sldns_buffer_write_u16_at(pkt, 6, num_rrs); + + /* All rewritten responses have an identifying SOA record in the + * additional section. */ + if(!librpz->rsp_soa(&emsg, NULL, &rr, &origin, + &rpz->result, rpz->rsp)) { + log_fail(rpz, "no soa"); + return; + } + if(!add_rr(pkt, origin.d, origin.size, rr, rpz)) + return; + free(rr); + + /* Create a dns_msg representation of the fake incoming message. */ + sldns_buffer_flip(pkt); + pkt2dns_msg(dnsmsg, pkt, rpz, region); +} + + +/* Check the RRs in the ANSWER section of a reply_info. */ +static void +ck_reply(struct reply_info* reply, uint8_t* qname, bool wait_ns, + commreply_rpz_t* rpz, struct module_env* env) +{ + struct ub_packed_rrset_key* rrset; + enum sldns_enum_rr_type type; + uint rrset_n; + + /* Check the RRs in the ANSWER section. */ + rpz->cname_hit.size = 0; + rpz->cname_hit_2nd = false; + for(rrset_n = 0; rrset_n < reply->an_numrrsets; ++rrset_n) { + /* Check all of the RRs before deciding. */ + if(rpz->st != st_unknown) + return; + + rrset = reply->rrsets[rrset_n]; + if(ntohs(rrset->rk.rrset_class) != LDNS_RR_CLASS_IN) + continue; + type = ntohs(rrset->rk.type); + + if(type == LDNS_RR_TYPE_A) { + if(!ck_ip_rrset(rrset->entry.data, AF_INET, + LIBRPZ_TRIG_IP, qname, rpz)) + break; + + } else if(type == LDNS_RR_TYPE_AAAA) { + if(!ck_ip_rrset(rrset->entry.data, AF_INET6, + LIBRPZ_TRIG_IP, qname, rpz)) + break; + + } else if(type == LDNS_RR_TYPE_CNAME) { + /* Check CNAME owners unless we already have a hit. */ + ++rpz->hit_id; + if(!ck_qname(rrset->rk.dname, rrset->rk.dname_len, + true, wait_ns, rpz, env)) + break; + + /* Do not worry about the CNAME if it did not hit, + * but note the miss so that it can be prepended + * if we do hit. */ + if(rpz->result.hit_id != rpz->hit_id) { + rpz->cname_hit_2nd = true; + continue; + } + + /* Stop after hitting a CNAME. + * The iterator must be used to include CNAMEs before + * the CNAME that hit in the rewritten response. */ + rpz->cname_hit.size = rrset->rk.dname_len; + RPZ_ASSERT(rpz->cname_hit.size <= sizeof(rpz->cname_hit.d)); + memcpy(rpz->cname_hit.d, rrset->rk.dname, + rpz->cname_hit.size); + break; + } + } +} + + +static void +worker_servfail(struct worker* worker, struct query_info* qinfo, + uint16_t id, uint16_t flags, struct comm_reply* commreply) +{ + error_encode(commreply->c->buffer, LDNS_RCODE_SERVFAIL, + qinfo, id, flags, NULL); + regional_free_all(worker->scratchpad); + comm_point_send_reply(commreply); +} + + +/* Send an RPZ answer before the iterator has started. + * @@return: 1=continue normal unbound processing + * 0=punt to the iterator + * -1=rewritten response already sent or dropped. */ +static int +worker_send(struct dns_msg* dnsmsg, struct worker* worker, + struct query_info* qinfo, uint16_t id, uint16_t flags, + struct edns_data* edns, struct comm_reply* commreply) +{ + switch (commreply->rpz->st) { + case st_off: + return 1; + case st_servfail: + worker_servfail(worker, qinfo, id, flags, commreply); + return -1; + case st_unknown: + return 1; + case st_iterate: + case st_ck_ns: + return 0; /* punt to the iterator */ + case st_rewritten: + break; + default: + fatal_exit("impossible RPZ state %d in worker_send()", + commreply->rpz->st); + } + + if(dnsmsg->rep->security == sec_status_rpz_drop) { + regional_free_all(worker->scratchpad); + comm_point_drop_reply(commreply); + return -1; + } + + edns->edns_version = EDNS_ADVERTISED_VERSION; + edns->udp_size = EDNS_ADVERTISED_SIZE; + edns->ext_rcode = 0; + edns->bits = 0; /* rewritten response cannot verify. */ + if(!reply_info_answer_encode(qinfo, dnsmsg->rep, + id, flags | BIT_QR, + commreply->c->buffer, 0, 1, + worker->scratchpad, + edns->udp_size, edns, 0, 0)) { + worker_servfail(worker, qinfo, id, flags, commreply); + } else { + regional_free_all(worker->scratchpad); + comm_point_send_reply(commreply); + } + return -1; +} + + +/* Set commreply to an RPZ context if the response might be rewritten. + * Try to answer now with a hit allowed before recursion (iteration). */ +bool /* true=response sent or dropped */ +rpz_start(struct worker* worker, struct query_info* qinfo, + struct comm_reply* commreply, struct edns_data* edns) +{ + commreply_rpz_t* rpz; + uint16_t id, flags; + struct dns_msg* dnsmsg; + int family; + const void* addr; + librpz_emsg_t emsg; + + /* Quit if rpz not configured. */ + if(!worker->daemon->rpz_client) + return false; + + /* Rewrite only the Internet class */ + if(qinfo->qclass != LDNS_RR_CLASS_IN) + return false; + + rpz = commreply->rpz; + RPZ_ASSERT(!rpz); + + dnsmsg = NULL; + id = htons(sldns_buffer_read_u16_at(commreply->c->buffer, 0)); + flags = sldns_buffer_read_u16_at(commreply->c->buffer, 2); + + rpz = malloc(sizeof(*rpz)); + if(!rpz) { + librpz->log(LIBRPZ_LOG_ERROR, NULL, "no memory for rpz"); + return 0 > worker_send(dnsmsg, worker, qinfo, + id, flags, edns, commreply); + } + memset(rpz, 0, sizeof(*rpz)); + rpz->st = st_unknown; + commreply->rpz = rpz; + + /* Make a new ID for log messages */ + rpz->log_id = __sync_add_and_fetch(&log_id, 1); + + /* Get access to the librpz data. */ + if(!librpz->rsp_create(&emsg, &rpz->rsp, &rpz->min_ns_dots, + worker->daemon->rpz_client, + (flags & BIT_RD) != 0, + (edns->bits & EDNS_DO) != 0)) { + log_fail(rpz, "%s", emsg.c); + return false; + } + /* Quit if benign reasons prevent rewriting. */ + if(!rpz->rsp) { + rpz->st = st_off; + librpz->log(LIBRPZ_LOG_TRACE1, rpz, "%s", emsg.c); + return false; + } + + /* Check the client IP address. + * Do not use commreply->srctype because it is often 0. */ + family = ((struct sockaddr*)&commreply->addr)->sa_family; + switch(family) { + case AF_INET: + addr = &((struct sockaddr_in*)&commreply->addr)->sin_addr; + break; + case AF_INET6: + addr = &((struct sockaddr_in6*)&commreply->addr)->sin6_addr; + break; + default: + /* Maybe the client is on a UNIX domain socket. */ + librpz->log(LIBRPZ_LOG_TRACE2, rpz, + "unknown client address family %d", family); + addr = NULL; + break; + } + /* Loop to ignore disabled zones. */ + while(addr) { + if(!push_st(rpz)) + break; + if(!librpz->ck_ip(&emsg, addr, family, LIBRPZ_TRIG_CLIENT_IP, + rpz->hit_id, true, rpz->rsp)) { + log_fail(rpz, "%s", emsg.c); + break; + } + if(!ck_after(qinfo->qname, false, LIBRPZ_TRIG_CLIENT_IP, rpz)) + break; + } + if(rpz->st == st_servfail) + return 0 > worker_send(dnsmsg, worker, qinfo, + id, flags, edns, commreply); + + /* Check the QNAME and possibly replace a client-IP hit. */ + ck_qname(qinfo->qname, qinfo->qname_len, false, true, + rpz, &worker->env); + + get_result_msg(&dnsmsg, qinfo, id, flags, false, + rpz, commreply->c, worker->scratchpad); + return 0 > worker_send(dnsmsg, worker, qinfo, + id, flags, edns, commreply); +} + + +/* Check a cached reply before iteration. + * @@return: 1=use cache entry + * 0=deny a cached entry exists in order to punt to the iterator + * -1=rewritten response already sent or dropped */ +int +rpz_worker_cache(struct worker* worker, struct reply_info* reply, + struct query_info* qinfo, uint16_t id, uint16_t flags, + struct edns_data* edns, struct comm_reply* commreply) +{ + commreply_rpz_t* rpz; + struct dns_msg* dnsmsg; + st_t new_st; + librpz_rr_t* rr; + + dnsmsg = NULL; + + rpz = commreply->rpz; + switch(rpz->st) { + case st_off: + return 1; /* Send the cache entry. */ + case st_servfail: + return worker_send(dnsmsg, worker, qinfo, id, flags, + edns, commreply); + case st_unknown: + break; + case st_iterate: + case st_ck_ns: + return 0; /* Punt to the iterator. */ + case st_rewritten: + default: + fatal_exit("impossible RPZ state %d in rpz_worker_cache()", + rpz->st); + } + + /* Check the RRs in the ANSWER section. */ + if(!push_st(rpz)) + return worker_send(dnsmsg, worker, qinfo, id, flags, edns, + commreply); + + ck_reply(reply, qinfo->qname, true, rpz, &worker->env); + if(!ck_result(qinfo->qname, true, rpz, commreply->c)) + return worker_send(dnsmsg, worker, qinfo, id, flags, edns, + commreply); + + if(rpz->cname_hit.size != 0) { + /* Punt to the iterator if leading CNAMEs must be + * included in the rewritten response. */ + rpz->cname_hit.size = 0; + new_st = st_iterate; + + } else if(rpz->result.policy == LIBRPZ_POLICY_CNAME) { + /* Punt if the rewritten response is to a CNAME. */ + new_st = st_iterate; + + } else { + if(rpz->result.policy == LIBRPZ_POLICY_RECORD) { + next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); + if(rr) { + /* Punt we are rewriting to a CNAME. */ + if(rr->type == ntohs(LDNS_RR_TYPE_CNAME)) { + free(rr); + rpz->st = st_iterate; + } else { + free(rr); + } + } + } + get_result_msg(&dnsmsg, qinfo, id, flags, true, + rpz, commreply->c, worker->scratchpad); + new_st = rpz->st; + } + + switch(new_st) { + case st_off: + case st_servfail: + break; + case st_unknown: + pop_discard_st(rpz); + break; + case st_iterate: + case st_ck_ns: + if(pop_st(rpz)) + rpz->st = new_st; + break; + case st_rewritten: + pop_discard_st(rpz); + break; + default: + fatal_exit("impossible RPZ state %d in rpz_worker_cache()", + rpz->st); + } + + return worker_send(dnsmsg, worker, qinfo, id, flags, edns, commreply); +} + + +/* Check a cache hit or miss for the iterator. + * A cache miss can already have a QNAME hit that was ignored before checking + * the iterator because of "QNAME-WAIT-RECURSE yes". + * Cache hits are treated like responses from authorities. */ +bool /* false=SERVFAIL */ +rpz_iter_cache(struct dns_msg** msg, enum response_type* type, + struct module_qstate* qstate, struct iter_qstate* iq) +{ + struct comm_reply* commreply; + commreply_rpz_t* rpz; + struct dns_msg* dnsmsg; + + commreply = &qstate->mesh_info->reply_list->query_reply; + rpz = commreply->rpz; + + rpz->iterating = true; + + switch(rpz->st) { + case st_off: + iq->rpz_rewritten = 1; /* RPZ has nothing to say. */ + return true; + case st_servfail: + return false; + case st_unknown: + break; + case st_iterate: + case st_ck_ns: + rpz->st = st_unknown; + if(!ck_qname(iq->qchase.qname, iq->qchase.qname_len, + *msg != NULL, true, rpz, qstate->env)) + return false; + /* If we must recurse regardless and if NSIP/NSDNAME + * checking failed, then delay in the hope that + * recursion will also get NS data. */ + if(rpz->st == st_ck_ns) + return true; + break; + case st_rewritten: + default: + fatal_exit("impossible RPZ state %d in rpz_iter_cache()", + rpz->st); + } + + push_st(rpz); + + /* Check the cache hit. */ + if(*msg) + ck_reply((*msg)->rep, iq->qchase.qname, true, rpz, qstate->env); + + /* The DNS ID does not matter, because the generated dns_msg + * is nominally from an authority and not to the DNS client. */ + get_result_msg(&dnsmsg, &iq->qchase, 1, qstate->query_flags, true, + rpz, commreply->c, qstate->region); + + switch(rpz->st) { + case st_off: + iq->rpz_rewritten = 1; /* RPZ has nothing to say. */ + return true; + case st_servfail: + return false; + case st_unknown: + /* RPZ has nothing to say yet. Maybe there will be a hit + * later in the CNAME chain. */ + return pop_discard_st(rpz); + case st_ck_ns: + /* Try to get NS data for a CNAME found by ck_reply() */ + *type = RESPONSE_TYPE_CNAME; + return pop_discard_st(rpz); + case st_iterate: + default: + fatal_exit("impossible RPZ state %d in rpz_iter_cache()", + rpz->st); + case st_rewritten: + break; + } + + if(*msg && rpz->cname_hit.size != 0 && rpz->cname_hit_2nd) { + /* We hit a CNAME owner in the cached msg after not hitting one + * or more CNAME owners. We need to add those leading CNAMEs + * to the prepend list. Tell the iterator to treat the cached + * message as a RESPONSE_TYPE_CNAME even if it contains answers. + * handle_cname_response() will stop prepending CNAMEs before + * the triggering CNAME. handle_cname_response() will cause + * a restart to resolve the target of the preceding CNAME, + * which is the same as the hit CNAME owner. */ + rpz->st = st_unknown; + *type = RESPONSE_TYPE_CNAME; + return pop_discard_st(rpz); + } + + *msg = dnsmsg; + iq->rpz_security = dnsmsg->rep->security; + + if(dnsmsg && dnsmsg->rep->an_numrrsets != 0 && + dnsmsg->rep->rrsets[0]->rk.type == htons(LDNS_RR_TYPE_CNAME)) { + /* The cached msg triggered a rule that rewrites to a + * CNAME that must be resolved. + * We have a replacement dns_msg with that CNAME and also + * an SOA RR in the ADDITIONAL section that the iterator + * will lose as it adds the CNAME to the prepend list. + * Save the SOA RR in iq->rpz_soa. */ + iq->rpz_soa = dnsmsg->rep->rrsets[1]; + iq->rpz_rewritten = 1; + *type = RESPONSE_TYPE_CNAME; + return true; + } + + /* Otherwise we have rewritten to zero or more non-CNAME RRs. + * (DNAMEs are not supported.) + * Tell the iterator to send the rewritten message. */ + *type = RESPONSE_TYPE_ANSWER; + iq->rpz_rewritten = 1; + return true; +} + + +/* Check a RESPONSE_TYPE_ANSWER response from an authority in the iterator. */ +rpz_iter_resp_t +rpz_iter_resp(struct module_qstate* qstate, struct iter_qstate* iq, + struct dns_msg** resp, bool* is_cname) +{ + struct comm_reply* commreply; + commreply_rpz_t* rpz; + struct reply_info* rep; + + *is_cname = false; + + commreply = &qstate->mesh_info->reply_list->query_reply; + rpz = commreply->rpz; + switch(rpz->st) { + case st_off: + case st_servfail: + case st_iterate: + case st_rewritten: + default: + fatal_exit("impossible RPZ state %d in rpz_iter_resp()", + rpz->st); + case st_ck_ns: + case st_unknown: + break; + } + + /* We know !iq->rpz_rewritten and so the response was after a simple + * cache miss when the original QNAME did not trigger a response + * or after a CNAME whose owner name did hit but was then forgotten + * with pop_st(). + * In either case, it is necessary to check the QNAME here. + * Checking the QNAME will not lose a better hit. */ + rpz->st = st_unknown; + ck_qname(iq->qchase.qname, iq->qchase.qname_len, true, false, + rpz, qstate->env); + + /* Check the RRs in the ANSWER section. */ + if(!push_st(rpz)) + return rpz_iter_resp_fail; + ck_reply(iq->response->rep, iq->qchase.qname, false, rpz, qstate->env); + get_result_msg(resp, &qstate->qinfo, 1, qstate->query_flags, true, + rpz, commreply->c, qstate->region); + switch(rpz->st) { + case st_off: + iq->rpz_rewritten = 1; /* Do not come back. */ + return rpz_iter_resp_done; + case st_servfail: /* Send SERVFAIL */ + return rpz_iter_resp_fail; + case st_unknown: + case st_ck_ns: + return rpz_iter_resp_done; /* continue without change */ + case st_iterate: + default: + fatal_exit("impossible RPZ state %d in rpz_iter_resp()", + rpz->st); + case st_rewritten: + /* Tell the iterator to use handle_cname_response() to + * prepend any preceding CNAMEs. + * We have a replacement dns_msg that also has an SOA RR in the + * ADDITIONAL section that the iterator will lose if it is a + * CNAME. Save that SOA in that case. */ + rep = (*resp)->rep; + if(rep->an_numrrsets != 0 && + rep->rrsets[0]->rk.type == ntohs(LDNS_RR_TYPE_CNAME)) { + *is_cname = true; + iq->rpz_soa = rep->rrsets[1]; + } + return rpz_iter_resp_rewrite; + } +} + + +/* Tell handle_cname_response() to stop adding to the answer prepend list + * after adding CNAME with a target that hits a QNAME trigger. + * Do not change any RPZ state, but expect the call of handle_cname_response() + * to try to resolve the CNAME and hit the same QNAME trigger and rewrite + * the response. */ +rpz_cname_t +rpz_cname(struct module_qstate* qstate, + uint8_t* oname, size_t oname_size) +{ + struct mesh_reply* reply_list; + struct comm_reply* commreply; + commreply_rpz_t* rpz; + rpz_cname_t ret; + + /* Quit if RPZ is off */ + reply_list = qstate->mesh_info->reply_list; + if(!reply_list) + return rpz_cname_prepend; + commreply = &reply_list->query_reply; + rpz = commreply->rpz; + + if(!rpz || rpz->st == st_off) + return rpz_cname_prepend; + + /* Stop on a 2nd or later CNAME for rpz_iter_resp(). */ + if(rpz->cname_hit.size != 0) { + if(!query_dname_compare(rpz->cname_hit.d, oname)) + return rpz_cname_stop; + return rpz_cname_prepend; + } + + if(rpz->st != st_unknown) + fatal_exit("impossible RPZ state %d in rpz_cname()", rpz->st); + + ret = rpz_cname_prepend; + if(!push_st(rpz)) + return rpz_cname_fail; + /* Stop before prepending a CNAME that would preempt a + * rewritten response or before a possible NSDNAME or NSIP trigger. */ + ++rpz->hit_id; + ck_qname(oname, oname_size, true, true, rpz, qstate->env); + if(rpz->st != st_unknown) + ret = rpz_cname_stop; + if(!pop_st(rpz)) + return rpz_cname_fail; + return ret; +} + +#endif /* ENABLE_FASTRPZ */ =================================================================== RCS file: ./fastrpz/RCS/rpz.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.h --- ./fastrpz/rpz.h +++ ./fastrpz/rpz.h @@@@ -0,0 +1,138 @@@@ +/* + * fastrpz/rpz.h - interface to the fastrpz response policy zone library + * + * Copyright (c) 2016 Farsight Security, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef UNBOUND_FASTRPZ_RPZ_H +#define UNBOUND_FASTRPZ_RPZ_H + +#ifndef PACKAGE_VERSION +/* Ensure that config.h has been included to correctly set ENABLE_FASTRPZ */ +#include "config.h" +#endif + +#ifdef ENABLE_FASTRPZ + +#include "librpz.h" + +#include "daemon/daemon.h" +#include "util/config_file.h" + +struct comm_point; /* forward references */ +struct comm_reply; +struct dns_msg; +struct edns_data; +struct iter_qstate; +struct query_info; +struct reply_info; +enum response_type; /* iterator/iter_utils.h */ + + +struct commreply_rpz; + +/** + * Connect to the librpz database. + * @@param pclist: future pointer to opaque librpz client data + * @@param pclient: future pointer to opaque librpz client data + * @@param cfg: parsed unbound configuration + */ +void rpz_init(librpz_clist_t** pclist, librpz_client_t** pclient, + const struct config_file* cfg); + +/** + * Disconnect from the librpz database + * @@param client: opaque librpz client data + */ +void rpz_delete(librpz_clist_t** pclist, librpz_client_t** pclient); + +/** + * Start working on a DNS request and check for client IP address triggers. + * @@param worker: the DNS request context + * @@param qinfo: the DNS question + * @@param[in,out] commreply: the answer + * @@param c: where to send the response + * @@param[in,out] edns for the DO flag + * @@return true if response already sent or dropped + */ +bool rpz_start(struct worker* worker, struct query_info* qinfo, + struct comm_reply* commreply, struct edns_data* edns); + +/** + * Release resources held for a DNS request + * @@param rspp: pointer to pointer to rpz client context. + */ +void rpz_end(struct comm_reply* comm_rep); + +/** + * Check a cached reply for RPZ hits before iteration + * @@param worker: the DNS request context + * @@param casheresp: cache reply + * @@param qinfo: the DNS question + * @@param id from the DNS request + * @@param flags from the DNS request + * @@param[in,out] edns for the DO flag + * @@param[in,out] commreply: RPZ state + * @@return 1=use cache entry, -1=rewritten response already sent or dropped, + * 0=deny a cached entry exists + */ +int rpz_worker_cache(struct worker* worker, struct reply_info* cacheresp, + struct query_info* qinfo, uint16_t id, uint16_t flags, + struct edns_data* edns, struct comm_reply* commreply); + +/** + * Check for an existing RPZ CNAME rewrite with "QNAME-WAIT-RECURSE no" + * that needs to be resolved before resolving the external request. + * @@param[out] msg: rewritten CNAME response. + * @@param qstate: query state. + * @@param iq: iterator query state. + * @@return false=send SERVFAIL + */ +bool rpz_iter_cache(struct dns_msg** msg, enum response_type* type, + struct module_qstate* qstate, struct iter_qstate* iq); + +/** + * Check a response from an authority in the iterator. + * @@param[out] type: of the final response + * @@param qstate: query state. + * @@param iq: iterator query state. + * @@param is_cname: true if the rewritten response is a CNAME + * @@return one of rpz_resp_t + */ +typedef enum { + rpz_iter_resp_fail, /* Send SERVFAIL. */ + rpz_iter_resp_rewrite, /* We rewrote the response. */ + rpz_iter_resp_done, /* Restart to refetch glue. */ +} rpz_iter_resp_t; +rpz_iter_resp_t rpz_iter_resp(struct module_qstate* qstate, + struct iter_qstate* iq, struct dns_msg** resp, + bool* is_cname); + +/** + * Check a CNAME RR + * @@param qstate: query state. + * @@param oname: cname owner name + * @@param oname_size: length of oname + * @@return: one of rpz_cname_t + */ +typedef enum { + rpz_cname_fail, /* send SERVFAIL */ + rpz_cname_prepend, /* prepend CNAME as usual */ + rpz_cname_stop, /* stop before prepending this CNAME */ +} rpz_cname_t; +rpz_cname_t rpz_cname(struct module_qstate* qstate, + uint8_t* oname, size_t oname_size); + +#endif /* ENABLE_FASTRPZ */ +#endif /* UNBOUND_FASTRPZ_RPZ_H */ =================================================================== RCS file: ./fastrpz/RCS/rpz.m4,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.m4 --- ./fastrpz/rpz.m4 +++ ./fastrpz/rpz.m4 @@@@ -0,0 +1,64 @@@@ +# fastrpz/rpz.m4 + +# ck_FASTRPZ +# -------------------------------------------------------------------------- +# check for Fastrpz +# --enable-fastrpz enable Fastrpz response policy zones +# --enable-fastrpz-dl Fastrpz delayed link [default=have dlopen] +# --with-fastrpz-dir directory containing librpz.so +# +# Fastrpz can be compiled into Unbound everywhere with a reasonably +# modern C compiler. It is enabled on systems with dlopen() and librpz.so. + +AC_DEFUN([ck_FASTRPZ], +[ + fastrpz_avail=yes + AC_MSG_CHECKING([for librpz __attribute__s]) + AC_TRY_COMPILE(,[ + extern void f(char *p __attribute__((unused)), ...) + __attribute__((format(printf,1,2))) __attribute__((__noreturn__));], + librpz_have_attr=yes + AC_DEFINE([LIBRPZ_HAVE_ATTR], 1, [have __attribute__s used in librpz.h]) + AC_MSG_RESULT([yes]), + librpz_have_attr=no + AC_MSG_RESULT([no])) + + AC_SEARCH_LIBS(dlopen, dl) + librpz_dl=yes + AC_CHECK_FUNCS(dlopen dlclose dlsym,,librpz_dl=no) + AC_ARG_ENABLE([fastrpz-dl], + [ --enable-fastrpz-dl Fastrpz delayed link [[default=$librpz_dl]]], + [enable_librpz_dl="$enableval"], + [enable_librpz_dl="$librpz_dl"]) + AC_ARG_WITH([fastrpz-dir], + [ --with-fastrpz-dir directory containing librpz.so], + [librpz_path="$withval/librpz.so"], [librpz_path="librpz.so"]) + AC_DEFINE_UNQUOTED([FASTRPZ_LIBRPZ_PATH], ["$librpz_path"], + [fastrpz librpz.so]) + if test "x$enable_librpz_dl" = "xyes"; then + fastrpz_lib_open=2 + else + fastrpz_lib_open=1 + # Add librpz.so to linked libraries if we are not using dlopen() + AC_SEARCH_LIBS([librpz_client_create], [rpz], [], + [fastrpz_lib_open=0 + fastrpz_avail=no]) + fi + AC_DEFINE_UNQUOTED([FASTRPZ_LIB_OPEN], [$fastrpz_lib_open], + [0=no fastrpz 1=static link 2=dlopen()]) + + AC_ARG_ENABLE([fastrpz], + AS_HELP_STRING([--enable-fastrpz],[enable Fastrpz response policy zones]), + [enable_fastrpz=$enableval],[enable_fastrpz=$fastrpz_avail]) + if test "x$enable_fastrpz" = xyes; then + AC_DEFINE([ENABLE_FASTRPZ], [1], [Enable fastrpz]) + if test "x$fastrpz_lib_open" = "x0"; then + AC_MSG_ERROR([[dlopen and librpz.so needed for fastrpz]]) + fi + # used in Makefile.in + AC_SUBST([FASTRPZ_SRC], [fastrpz/rpz.c]) + AC_SUBST([FASTRPZ_OBJ], [rpz.lo]) + elif test "x$fastrpz_avail" = "x0"; then + AC_MSG_WARN([[dlopen and librpz.so needed for fastrpz]]) + fi +]) =================================================================== RCS file: ./iterator/RCS/iterator.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c --- ./iterator/iterator.c +++ ./iterator/iterator.c @@@@ -67,6 +67,9 @@@@ #include "sldns/str2wire.h" #include "sldns/parseutil.h" #include "sldns/sbuffer.h" +#ifdef ENABLE_FASTRPZ +#include "fastrpz/rpz.h" +#endif int iter_init(struct module_env* env, int id) @@@@ -487,6 +490,23 @@@@ if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && query_dname_compare(*mname, r->rk.dname) == 0 && !iter_find_rrset_in_prepend_answer(iq, r)) { +#ifdef ENABLE_FASTRPZ + /* Stop adding CNAME rrsets to the prepend list + * before defining an RPZ hit. */ + if(!iq->rpz_rewritten) { + switch (rpz_cname(qstate, *mname, *mname_len)) { + case rpz_cname_fail: + /* send SERVFAIL */ + return 0; + case rpz_cname_prepend: + /* save the CNAME. */ + break; + case rpz_cname_stop: + /* Pause before adding the CNAME. */ + goto stop_short; + } + } +#endif /* Add this relevant CNAME rrset to the prepend list.*/ if(!iter_add_prepend_answer(qstate, iq, r)) return 0; @@@@ -495,6 +515,9 @@@@ /* Other rrsets in the section are ignored. */ } +#ifdef ENABLE_FASTRPZ +stop_short: ; +#endif /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ for(i=msg->rep->an_numrrsets; irep->an_numrrsets + msg->rep->ns_numrrsets; i++) { @@@@ -996,6 +1019,7 @@@@ uint8_t* delname; size_t delnamelen; struct dns_msg* msg = NULL; + enum response_type type; log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); /* check effort */ @@@@ -1056,8 +1080,7 @@@@ } if(msg) { /* handle positive cache response */ - enum response_type type = response_type_from_cache(msg, - &iq->qchase); + type = response_type_from_cache(msg, &iq->qchase); if(verbosity >= VERB_ALGO) { log_dns_msg("msg from cache lookup", &msg->qinfo, msg->rep); @@@@ -1065,7 +1088,22 @@@@ (int)msg->rep->ttl, (int)msg->rep->prefetch_ttl); } +#ifdef ENABLE_FASTRPZ + } + /* Check for an RPZ hit in the cached DNS message or an existing + * RPZ CNAME rewrite that can be resolved now after a hit on the QNAME + * or client IP address. This can involve a creating a fake cache + * hit. It can also involve overriding an RESPONSE_TYPE_ANSWER + * result from response_type_from_cache(). Or it can ignore + * the cached result to refetch glue. */ + if(!iq->rpz_rewritten && + qstate->mesh_info->reply_list && + qstate->mesh_info->reply_list->query_reply.rpz && + !rpz_iter_cache(&msg, &type, qstate, iq)) + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + if(msg) { +#endif if(type == RESPONSE_TYPE_CNAME) { uint8_t* sname = 0; size_t slen = 0; @@@@ -2321,6 +2359,62 @@@@ sock_list_insert(&qstate->reply_origin, &qstate->reply->addr, qstate->reply->addrlen, qstate->region); +#ifdef ENABLE_FASTRPZ + /* Check the response for an RPZ hit. The response has already + * been saved in the cache. This should have the same effect + * as finding that response in the cache. + * We have already used rpz_iter_cache() at least once. */ + if(!iq->rpz_rewritten && + qstate->mesh_info->reply_list && + qstate->mesh_info->reply_list->query_reply.rpz) { + struct dns_msg* resp; + bool is_cname; + uint8_t* sname; + size_t slen; + + switch (rpz_iter_resp(qstate, iq, &resp, &is_cname)) { + case rpz_iter_resp_fail: + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + case rpz_iter_resp_rewrite: + /* Prepend any initial CNAMEs from the original + * response up to a hit. */ + if(!handle_cname_response(qstate, iq, + iq->response, + &sname, &slen)) + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + if (resp) { + iq->response = resp; + iq->rpz_security = resp->rep->security; + iq->rpz_rewritten = 1; + + /* Send the rewritten record if it + * is not a CNAME. */ + if(!is_cname) + break; + + /* Prepend the new CNAME + * and restart to resolve it. */ + if(!handle_cname_response(qstate, iq, + resp, &sname, &slen)) + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + } + iq->qchase.qname = sname; + iq->qchase.qname_len = slen; + iq->dp = NULL; + iq->refetch_glue = 0; + iq->query_restart_count++; + iq->sent_count = 0; + iq->state = INIT_REQUEST_STATE; + return 1; + + case rpz_iter_resp_done: + break; + } + } +#endif if(iq->minimisation_state != DONOT_MINIMISE_STATE) { if(FLAGS_GET_RCODE(iq->response->rep->flags) != LDNS_RCODE_NOERROR) { @@@@ -3022,12 +3116,44 @@@@ * but only if we did recursion. The nonrecursion referral * from cache does not need to be stored in the msg cache. */ if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { +#ifdef ENABLE_FASTRPZ + /* Do not save RPZ rewritten messages. */ + if(!iq->rpz_rewritten) +#endif iter_dns_store(qstate->env, &qstate->qinfo, iq->response->rep, 0, qstate->prefetch_leeway, iq->dp&&iq->dp->has_parent_side_NS, qstate->region, qstate->query_flags); } } +#ifdef ENABLE_FASTRPZ + if(iq->rpz_rewritten) { + /* Restore RPZ marks on a rewritten response. The marks + * are lost if the rewrite is to a CNAME. */ + iq->response->rep->security = iq->rpz_security; + + /* Append the RPZ SOA to rewritten CNAME chains. */ + if(iq->rpz_soa) { + struct ub_packed_rrset_key** sets; + uint n; + + n = iq->response->rep->rrset_count; + sets = regional_alloc(qstate->region, + (1+n) * sizeof(*sets)); + if(!sets) { + log_err("append RPZ SOA: out of memory"); + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + } + memcpy(sets, iq->response->rep->rrsets, + n * sizeof(struct ub_packed_rrset_key*)); + sets[n] = iq->rpz_soa; + iq->response->rep->rrsets = sets; + ++iq->response->rep->rrset_count; + ++iq->response->rep->ar_numrrsets; + } + } +#endif qstate->return_rcode = LDNS_RCODE_NOERROR; qstate->return_msg = iq->response; return 0; =================================================================== RCS file: ./iterator/RCS/iterator.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.h --- ./iterator/iterator.h +++ ./iterator/iterator.h @@@@ -381,6 +381,16 @@@@ */ int minimise_count; + +#ifdef ENABLE_FASTRPZ + /** The response has been rewritten by RPZ. */ + int rpz_rewritten; + /** RPZ SOA RR for the ADDITIONAL section */ + struct ub_packed_rrset_key* rpz_soa; + /** sec_status_rpz_rewritten or sec_status_rpz_drop if rewritten. */ + enum sec_status rpz_security; +#endif + /** * Count number of time-outs. Used to prevent resolving failures when * the QNAME minimisation QTYPE is blocked. */ =================================================================== RCS file: ./services/cache/RCS/dns.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./services/cache/dns.c --- ./services/cache/dns.c +++ ./services/cache/dns.c @@@@ -838,6 +838,14 @@@@ struct regional* region, uint16_t flags) { struct reply_info* rep = NULL; + +#ifdef ENABLE_FASTRPZ + /* Never save RPZ rewritten data. */ + if (msgrep->security == sec_status_rpz_drop || + msgrep->security == sec_status_rpz_rewritten) + return 1; +#endif + /* alloc, malloc properly (not in region, like msg is) */ rep = reply_info_copy(msgrep, env->alloc, NULL); if(!rep) =================================================================== RCS file: ./services/RCS/mesh.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./services/mesh.c --- ./services/mesh.c +++ ./services/mesh.c @@@@ -59,6 +59,9 @@@@ #include "sldns/wire2str.h" #include "services/localzone.h" #include "util/data/dname.h" +#ifdef ENABLE_FASTRPZ +#include "fastrpz/rpz.h" +#endif #include "respip/respip.h" /** subtract timers and the values do not overflow or become negative */ @@@@ -1011,6 +1014,13 @@@@ else secure = 0; if(!rep && rcode == LDNS_RCODE_NOERROR) rcode = LDNS_RCODE_SERVFAIL; +#ifdef ENABLE_FASTRPZ + /* Drop the response here for LIBRPZ_POLICY_DROP after iteration. */ + if(rep && rep->security == sec_status_rpz_drop) { + log_query_info(VERB_QUERY, "rpz drop", &m->s.qinfo); + secure = 0; + } else +#endif /* send the reply */ /* We don't reuse the encoded answer if either the previous or current * response has a local alias. We could compare the alias records @@@@ -1160,6 +1170,7 @@@@ key.s.is_valrec = valrec; key.s.qinfo = *qinfo; key.s.query_flags = qflags; + key.reply_list = NULL; /* We are searching for a similar mesh state when we DO want to * aggregate the state. Thus unique is set to NULL. (default when we * desire aggregation).*/ @@@@ -1206,6 +1217,10 @@@@ if(!r) return 0; r->query_reply = *rep; +#ifdef ENABLE_FASTRPZ + /* The new reply structure owns the RPZ state. */ + rep->rpz = NULL; +#endif r->edns = *edns; if(edns->opt_list) { r->edns.opt_list = edns_opt_copy_region(edns->opt_list, =================================================================== RCS file: ./util/RCS/config_file.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/config_file.c --- ./util/config_file.c +++ ./util/config_file.c @@@@ -1167,6 +1167,8 @@@@ free(cfg->dnstap_socket_path); free(cfg->dnstap_identity); free(cfg->dnstap_version); + if (cfg->rpz_cstr) + free(cfg->rpz_cstr); config_deldblstrlist(cfg->ratelimit_for_domain); config_deldblstrlist(cfg->ratelimit_below_domain); free(cfg); =================================================================== RCS file: ./util/RCS/config_file.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/config_file.h --- ./util/config_file.h +++ ./util/config_file.h @@@@ -416,6 +416,11 @@@@ /** true to disable DNSSEC lameness check in iterator */ int disable_dnssec_lame_check; + /** true to enable RPZ */ + int rpz_enable; + /** RPZ configuration */ + char* rpz_cstr; + /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ int ip_ratelimit; /** number of slabs for ip_ratelimit cache */ =================================================================== RCS file: ./util/RCS/configlexer.lex,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/configlexer.lex --- ./util/configlexer.lex +++ ./util/configlexer.lex @@@@ -395,6 +395,10 @@@@ YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } +rpz{COLON} { YDVAR(0, VAR_RPZ) } +rpz-enable{COLON} { YDVAR(1, VAR_RPZ_ENABLE) } +rpz-zone{COLON} { YDVAR(1, VAR_RPZ_ZONE) } +rpz-option{COLON} { YDVAR(1, VAR_RPZ_OPTION) } disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } =================================================================== RCS file: ./util/RCS/configparser.y,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/configparser.y --- ./util/configparser.y +++ ./util/configparser.y @@@@ -124,6 +124,7 @@@@ %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES +%token VAR_RPZ VAR_RPZ_ENABLE VAR_RPZ_ZONE VAR_RPZ_OPTION %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT %token VAR_DISABLE_DNSSEC_LAME_CHECK @@@@ -153,7 +154,7 @@@@ toplevelvar: serverstart contents_server | stubstart contents_stub | forwardstart contents_forward | pythonstart contents_py | rcstart contents_rc | dtstart contents_dt | viewstart - contents_view | + contents_view | rpzstart contents_rpz | dnscstart contents_dnsc | cachedbstart contents_cachedb ; @@@@ -2160,6 +2161,50 @@@@ (strcmp($2, "yes")==0); } ; +rpzstart: VAR_RPZ + { + OUTYY(("\nP(rpz:)\n")); + } + ; +contents_rpz: contents_rpz content_rpz + | ; +content_rpz: rpz_enable | rpz_zone | rpz_option + ; +rpz_enable: VAR_RPZ_ENABLE STRING_ARG + { + OUTYY(("P(rpz_enable:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->rpz_enable = (strcmp($2, "yes")==0); + free($2); + } + ; +rpz_zone: VAR_RPZ_ZONE STRING_ARG + { + char *new_cstr, *old_cstr; + + OUTYY(("P(rpz_zone:%s)\n", $2)); + old_cstr = cfg_parser->cfg->rpz_cstr; + asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2); + if(!new_cstr) + yyerror("out of memory"); + free(old_cstr); + cfg_parser->cfg->rpz_cstr = new_cstr; + } + ; +rpz_option: VAR_RPZ_OPTION STRING_ARG + { + char *new_cstr, *old_cstr; + + OUTYY(("P(rpz_option:%s)\n", $2)); + old_cstr = cfg_parser->cfg->rpz_cstr; + asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2); + if(!new_cstr) + yyerror("out of memory"); + free(old_cstr); + cfg_parser->cfg->rpz_cstr = new_cstr; + } + ; pythonstart: VAR_PYTHON { OUTYY(("\nP(python:)\n")); =================================================================== RCS file: ./util/data/RCS/msgencode.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/data/msgencode.c --- ./util/data/msgencode.c +++ ./util/data/msgencode.c @@@@ -585,6 +585,35 @@@@ return RETVAL_OK; } +#ifdef ENABLE_FASTRPZ +/* Insert the RPZ SOA even with MINIMAL_RESPONSES */ +static int +insert_rpz_soa(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, + sldns_buffer* pkt, size_t rrsets_before, time_t timenow, + struct regional* region, struct compress_tree_node** tree, + size_t rr_offset) +{ + int r; + size_t i, setstart; + + *num_rrs = 0; + for(i=0; irrsets[rrsets_before+i]->rk.type != LDNS_RR_TYPE_SOA) + continue; + setstart = sldns_buffer_position(pkt); + if((r=packed_rrset_encode(rep->rrsets[rrsets_before+i], + pkt, num_rrs, timenow, region, + 1, 0, tree, LDNS_SECTION_ADDITIONAL, + LDNS_RR_TYPE_ANY, 0, rr_offset)) + != RETVAL_OK) { + sldns_buffer_set_position(pkt, setstart); + return r; + } + } + return RETVAL_OK; +} + +#endif /** store query section in wireformat buffer, return RETVAL */ static int insert_query(struct query_info* qinfo, struct compress_tree_node** tree, @@@@ -748,6 +777,19 @@@@ return 0; } sldns_buffer_write_u16_at(buffer, 10, arcount); +#ifdef ENABLE_FASTRPZ + } else if(rep->security == sec_status_rpz_rewritten) { + /* Insert the RPZ SOA for rpz even with MINIMAL_RESPONSES */ + r = insert_rpz_soa(rep, rep->ar_numrrsets, &arcount, buffer, + rep->an_numrrsets + rep->ns_numrrsets, + timenow, region, &tree, rr_offset); + if(r!= RETVAL_OK) { + if(r != RETVAL_TRUNC) + return 0; + /* no need to set TC bit, this is the additional */ + sldns_buffer_write_u16_at(buffer, 10, arcount); + } +#endif } sldns_buffer_flip(buffer); return 1; =================================================================== RCS file: ./util/data/RCS/packed_rrset.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.c --- ./util/data/packed_rrset.c +++ ./util/data/packed_rrset.c @@@@ -254,6 +254,10 @@@@ case sec_status_indeterminate: return "sec_status_indeterminate"; case sec_status_insecure: return "sec_status_insecure"; case sec_status_secure: return "sec_status_secure"; +#ifdef ENABLE_FASTRPZ + case sec_status_rpz_rewritten: return "sec_status_rpz_rewritten"; + case sec_status_rpz_drop: return "sec_status_rpz_drop"; +#endif } return "unknown_sec_status_value"; } =================================================================== RCS file: ./util/data/RCS/packed_rrset.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.h --- ./util/data/packed_rrset.h +++ ./util/data/packed_rrset.h @@@@ -189,7 +189,15 @@@@ sec_status_insecure, /** SECURE means that the object (RRset or message) validated * according to local policy. */ - sec_status_secure + sec_status_secure, +#ifdef ENABLE_FASTRPZ + /** RPZ_REWRITTEN means that the response has been rewritten by + * rpz and so cannot be verified. */ + sec_status_rpz_rewritten, + /** RPZ_DROP means that the response has been rewritten by rpz + * as silence. */ + sec_status_rpz_drop +#endif }; /** =================================================================== RCS file: ./util/RCS/netevent.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/netevent.c --- ./util/netevent.c +++ ./util/netevent.c @@@@ -54,6 +54,9 @@@@ #ifdef HAVE_OPENSSL_ERR_H #include #endif +#ifdef ENABLE_FASTRPZ +#include "fastrpz/rpz.h" +#endif /* -------- Start of local definitions -------- */ /** if CMSG_ALIGN is not defined on this platform, a workaround */ @@@@ -579,6 +582,9 @@@@ struct cmsghdr* cmsg; #endif /* S_SPLINT_S */ +#ifdef ENABLE_FASTRPZ + rep.rpz = NULL; +#endif rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); @@@@ -668,6 +674,9 @@@@ int i; struct sldns_buffer *buffer; +#ifdef ENABLE_FASTRPZ + rep.rpz = NULL; +#endif rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); @@@@ -711,6 +720,9 @@@@ (void)comm_point_send_udp_msg(rep.c, buffer, (struct sockaddr*)&rep.addr, rep.addrlen); } +#ifdef ENABLE_FASTRPZ + rpz_end(&rep); +#endif if(rep.c->fd != fd) /* commpoint closed to -1 or reused for another UDP port. Note rep.c cannot be reused with TCP fd. */ break; @@@@ -2145,6 +2157,9 @@@@ comm_point_start_listening(repinfo->c, -1, repinfo->c->tcp_timeout_msec); } +#ifdef ENABLE_FASTRPZ + rpz_end(repinfo); +#endif } void @@@@ -2154,6 +2169,9 @@@@ return; log_assert(repinfo && repinfo->c); log_assert(repinfo->c->type != comm_tcp_accept); +#ifdef ENABLE_FASTRPZ + rpz_end(repinfo); +#endif if(repinfo->c->type == comm_udp) return; reclaim_tcp_handler(repinfo->c); @@@@ -2173,6 +2191,9 @@@@ { verbose(VERB_ALGO, "comm point start listening %d", c->fd==-1?newfd:c->fd); +#ifdef ENABLE_FASTRPZ + rpz_end(&c->repinfo); +#endif if(c->type == comm_tcp_accept && !c->tcp_free) { /* no use to start listening no free slots. */ return; =================================================================== RCS file: ./util/RCS/netevent.h,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./util/netevent.h --- ./util/netevent.h +++ ./util/netevent.h @@@@ -117,6 +117,10 @@@@ /** return type 0 (none), 4(IP4), 6(IP6) */ int srctype; /* DnsCrypt context */ +#ifdef ENABLE_FASTRPZ + /** per-request RPZ state */ + struct commreply_rpz* rpz; +#endif #ifdef USE_DNSCRYPT uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; uint8_t nmkey[crypto_box_BEFORENMBYTES]; =================================================================== RCS file: ./validator/RCS/validator.c,v retrieving revision 1.1 diff -u --unidirectional-new-file -r1.1 ./validator/validator.c --- ./validator/validator.c +++ ./validator/validator.c @@@@ -2552,6 +2552,12 @@@@ default: /* NSEC proof did not work, try next */ break; +#ifdef ENABLE_FASTRPZ + case sec_status_rpz_rewritten: + case sec_status_rpz_drop: + fatal_exit("impossible RPZ sec_status"); + break; +#endif } sec = nsec3_prove_nods(qstate->env, ve, @@@@ -2584,6 +2590,12 @@@@ default: /* NSEC3 proof did not work */ break; +#ifdef ENABLE_FASTRPZ + case sec_status_rpz_rewritten: + case sec_status_rpz_drop: + fatal_exit("impossible RPZ sec_status"); + break; +#endif } /* Apparently, no available NSEC/NSEC3 proved NODATA, so @