diff options
author | Cy Schubert <cy@FreeBSD.org> | 2024-03-16 23:58:33 +0000 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2024-03-17 00:00:52 +0000 |
commit | 5a33598e88ad8fbc0affa74dee0a2d8cc4010fbc (patch) | |
tree | 211c17b0e7eeb34cdd84e378e3720514e8987b8c /services | |
parent | 217a625642d38bfc0d3d03192b013d4bc7a32458 (diff) | |
download | src-5a33598e88ad8fbc0affa74dee0a2d8cc4010fbc.tar.gz src-5a33598e88ad8fbc0affa74dee0a2d8cc4010fbc.zip |
unbound: Vendor import 1.19.3vendor/unbound/1.19.3
Release notes at
https://www.nlnetlabs.nl/news/2024/Mar/14/unbound-1.19.3-released/
Diffstat (limited to 'services')
-rw-r--r-- | services/authzone.c | 2 | ||||
-rw-r--r-- | services/cache/dns.c | 12 | ||||
-rw-r--r-- | services/localzone.c | 6 | ||||
-rw-r--r-- | services/mesh.c | 10 | ||||
-rw-r--r-- | services/outside_network.c | 46 |
5 files changed, 52 insertions, 24 deletions
diff --git a/services/authzone.c b/services/authzone.c index 9d02cfbffe4c..93fef8ef1c29 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -2702,7 +2702,7 @@ create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region, if(!d) return 0; /* out of memory */ (*cname)->entry.data = d; - d->ttl = 0; /* 0 for synthesized CNAME TTL */ + d->ttl = dname->data->ttl; /* RFC6672: synth CNAME TTL == DNAME TTL */ d->count = 1; d->rrsig_count = 0; d->trust = rrset_trust_ans_noAA; diff --git a/services/cache/dns.c b/services/cache/dns.c index 7bc1b7b47bf1..6a980548d72f 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -80,6 +80,7 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now, struct regional* region, time_t qstarttime) { size_t i; + time_t ttl, min_ttl = rep->ttl; /* see if rrset already exists in cache, if not insert it. */ for(i=0; i<rep->rrset_count; i++) { rep->ref[i].key = rep->rrsets[i]; @@ -112,6 +113,15 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now, case 1: /* ref updated, item inserted */ rep->rrsets[i] = rep->ref[i].key; } + /* if ref was updated make sure the message ttl is updated to + * the minimum of the current rrsets. */ + ttl = ((struct packed_rrset_data*)rep->rrsets[i]->entry.data)->ttl; + if(ttl < min_ttl) min_ttl = ttl; + } + if(min_ttl < rep->ttl) { + rep->ttl = min_ttl; + rep->prefetch_ttl = PREFETCH_TTL_CALC(rep->ttl); + rep->serve_expired_ttl = rep->ttl + SERVE_EXPIRED_TTL; } } @@ -818,7 +828,7 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region, if(!newd) return NULL; ck->entry.data = newd; - newd->ttl = 0; /* 0 for synthesized CNAME TTL */ + newd->ttl = d->ttl - now; /* RFC6672: synth CNAME TTL == DNAME TTL */ newd->count = 1; newd->rrsig_count = 0; newd->trust = rrset_trust_ans_noAA; diff --git a/services/localzone.c b/services/localzone.c index 44da22d785d9..9c8e3c7acb16 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1532,7 +1532,7 @@ local_data_answer(struct local_zone* z, struct module_env* env, return 0; /* invalid cname */ if(dname_is_wild(ctarget)) { /* synthesize cname target */ - struct packed_rrset_data* d; + struct packed_rrset_data* d, *lr_d; /* -3 for wildcard label and root label from qname */ size_t newtargetlen = qinfo->qname_len + ctargetlen - 3; @@ -1560,8 +1560,10 @@ local_data_answer(struct local_zone* z, struct module_env* env, + newtargetlen); if(!d) return 0; /* out of memory */ + lr_d = (struct packed_rrset_data*)lr->rrset->entry.data; qinfo->local_alias->rrset->entry.data = d; - d->ttl = 0; /* 0 for synthesized CNAME TTL */ + d->ttl = lr_d->rr_ttl[0]; /* RFC6672-like behavior: + synth CNAME TTL uses original TTL*/ d->count = 1; d->rrsig_count = 0; d->trust = rrset_trust_ans_noAA; diff --git a/services/mesh.c b/services/mesh.c index 509bee36a2c4..47cfb04249b5 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -69,6 +69,12 @@ #include "edns-subnet/subnetmod.h" #include "edns-subnet/edns-subnet.h" #endif +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif /** * Compare two response-ip client info entries for the purpose of mesh state @@ -1429,7 +1435,9 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, if(m->s.env->cfg->log_replies) { log_reply_info(NO_VERBOSE, &m->s.qinfo, &r->query_reply.client_addr, - r->query_reply.client_addrlen, duration, 0, r_buffer); + r->query_reply.client_addrlen, duration, 0, r_buffer, + (m->s.env->cfg->log_destaddr?(void*)r->query_reply.c->socket->addr->ai_addr:NULL), + r->query_reply.c->type); } } diff --git a/services/outside_network.c b/services/outside_network.c index 12923f07d788..1f89740da360 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -1009,7 +1009,7 @@ use_free_buffer(struct outside_network* outnet) sldns_buffer tmp; sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len); dt_msg_send_outside_query(outnet->dtenv, &w->sq->addr, - &pend_tcp->pi->addr, comm_tcp, w->sq->zone, + &pend_tcp->pi->addr, comm_tcp, NULL, w->sq->zone, w->sq->zonelen, &tmp); } #endif @@ -2237,7 +2237,7 @@ randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout) outnet->dtenv->log_forwarder_query_messages)) { log_addr(VERB_ALGO, "from local addr", &pend->pc->pif->addr, pend->pc->pif->addrlen); log_addr(VERB_ALGO, "request to upstream", &pend->addr, pend->addrlen); - dt_msg_send_outside_query(outnet->dtenv, &pend->addr, &pend->pc->pif->addr, comm_udp, + dt_msg_send_outside_query(outnet->dtenv, &pend->addr, &pend->pc->pif->addr, comm_udp, NULL, pend->sq->zone, pend->sq->zonelen, packet); } #endif @@ -2517,7 +2517,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, sldns_buffer tmp; sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len); dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr, - &pend->pi->addr, comm_tcp, sq->zone, + &pend->pi->addr, comm_tcp, NULL, sq->zone, sq->zonelen, &tmp); } #endif @@ -2820,6 +2820,25 @@ serviced_perturb_qname(struct ub_randstate* rnd, uint8_t* qbuf, size_t len) } } +static uint16_t +serviced_query_udp_size(struct serviced_query* sq, enum serviced_query_status status) { + uint16_t udp_size; + if(status == serviced_query_UDP_EDNS_FRAG) { + if(addr_is_ip6(&sq->addr, sq->addrlen)) { + if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE) + udp_size = EDNS_FRAG_SIZE_IP6; + else udp_size = EDNS_ADVERTISED_SIZE; + } else { + if(EDNS_FRAG_SIZE_IP4 < EDNS_ADVERTISED_SIZE) + udp_size = EDNS_FRAG_SIZE_IP4; + else udp_size = EDNS_ADVERTISED_SIZE; + } + } else { + udp_size = EDNS_ADVERTISED_SIZE; + } + return udp_size; +} + /** put serviced query into a buffer */ static void serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns) @@ -2843,19 +2862,7 @@ serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns) edns.opt_list_in = NULL; edns.opt_list_out = sq->opt_list; edns.opt_list_inplace_cb_out = NULL; - if(sq->status == serviced_query_UDP_EDNS_FRAG) { - if(addr_is_ip6(&sq->addr, sq->addrlen)) { - if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE) - edns.udp_size = EDNS_FRAG_SIZE_IP6; - else edns.udp_size = EDNS_ADVERTISED_SIZE; - } else { - if(EDNS_FRAG_SIZE_IP4 < EDNS_ADVERTISED_SIZE) - edns.udp_size = EDNS_FRAG_SIZE_IP4; - else edns.udp_size = EDNS_ADVERTISED_SIZE; - } - } else { - edns.udp_size = EDNS_ADVERTISED_SIZE; - } + edns.udp_size = serviced_query_udp_size(sq, sq->status); edns.bits = 0; if(sq->dnssec & EDNS_DO) edns.bits = EDNS_DO; @@ -3083,7 +3090,7 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error, log_addr(VERB_ALGO, "response from upstream", &sq->addr, sq->addrlen); log_addr(VERB_ALGO, "to local addr", &pi->addr, pi->addrlen); dt_msg_send_outside_response(sq->outnet->dtenv, &sq->addr, - &pi->addr, c->type, sq->zone, sq->zonelen, sq->qbuf, + &pi->addr, c->type, c->ssl, sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen, &sq->last_sent_time, sq->outnet->now_tv, c->buffer); } @@ -3252,7 +3259,8 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, sq->pending = NULL; /* removed after callback */ if(error == NETEVENT_TIMEOUT) { - if(sq->status == serviced_query_UDP_EDNS && sq->last_rtt < 5000) { + if(sq->status == serviced_query_UDP_EDNS && sq->last_rtt < 5000 && + (serviced_query_udp_size(sq, serviced_query_UDP_EDNS_FRAG) < serviced_query_udp_size(sq, serviced_query_UDP_EDNS))) { /* fallback to 1480/1280 */ sq->status = serviced_query_UDP_EDNS_FRAG; log_name_addr(VERB_ALGO, "try edns1xx0", sq->qbuf+10, @@ -3296,7 +3304,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, log_addr(VERB_ALGO, "to local addr", &p->pc->pif->addr, p->pc->pif->addrlen); dt_msg_send_outside_response(outnet->dtenv, &sq->addr, - &p->pc->pif->addr, c->type, sq->zone, sq->zonelen, + &p->pc->pif->addr, c->type, c->ssl, sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen, &sq->last_sent_time, sq->outnet->now_tv, c->buffer); } |