src - FreeBSD source tree

diff options


context:
space:
mode:

author	Cy Schubert <cy@FreeBSD.org>	2024-03-16 23:58:33 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2024-03-17 00:00:52 +0000
commit	5a33598e88ad8fbc0affa74dee0a2d8cc4010fbc (patch)
tree	211c17b0e7eeb34cdd84e378e3720514e8987b8c /services
parent	217a625642d38bfc0d3d03192b013d4bc7a32458 (diff)
download	src-5a33598e88ad8fbc0affa74dee0a2d8cc4010fbc.tar.gz src-5a33598e88ad8fbc0affa74dee0a2d8cc4010fbc.zip

unbound: Vendor import 1.19.3vendor/unbound/1.19.3

Release notes at https://www.nlnetlabs.nl/news/2024/Mar/14/unbound-1.19.3-released/

Diffstat (limited to 'services')

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

services/outside_network.c

5 files changed, 52 insertions, 24 deletions

diff --git a/services/authzone.c b/services/authzone.c
index 9d02cfbffe4c..93fef8ef1c29 100644
--- a/services/authzone.c
+++ b/services/authzone.c

@@ -2702,7 +2702,7 @@ create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region,

if(!d)

return 0; /* out of memory */

(*cname)->entry.data = d;

- d->ttl = 0; /* 0 for synthesized CNAME TTL */

+ d->ttl = dname->data->ttl; /* RFC6672: synth CNAME TTL == DNAME TTL */

d->count = 1;

d->rrsig_count = 0;

d->trust = rrset_trust_ans_noAA;

diff --git a/services/cache/dns.c b/services/cache/dns.c
index 7bc1b7b47bf1..6a980548d72f 100644
--- a/services/cache/dns.c
+++ b/services/cache/dns.c

@@ -80,6 +80,7 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now,

struct regional* region, time_t qstarttime)

{

size_t i;

+ time_t ttl, min_ttl = rep->ttl;

/* see if rrset already exists in cache, if not insert it. */

for(i=0; i<rep->rrset_count; i++) {

rep->ref[i].key = rep->rrsets[i];

@@ -112,6 +113,15 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now,

case 1: /* ref updated, item inserted */

rep->rrsets[i] = rep->ref[i].key;

}

+ /* if ref was updated make sure the message ttl is updated to

+ * the minimum of the current rrsets. */

+ ttl = ((struct packed_rrset_data*)rep->rrsets[i]->entry.data)->ttl;

+ if(ttl < min_ttl) min_ttl = ttl;

+ }

+ if(min_ttl < rep->ttl) {

+ rep->ttl = min_ttl;

+ rep->prefetch_ttl = PREFETCH_TTL_CALC(rep->ttl);

+ rep->serve_expired_ttl = rep->ttl + SERVE_EXPIRED_TTL;

}

@@ -818,7 +828,7 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region,

if(!newd)

return NULL;

ck->entry.data = newd;

- newd->ttl = 0; /* 0 for synthesized CNAME TTL */

+ newd->ttl = d->ttl - now; /* RFC6672: synth CNAME TTL == DNAME TTL */

newd->count = 1;

newd->rrsig_count = 0;

newd->trust = rrset_trust_ans_noAA;

diff --git a/services/localzone.c b/services/localzone.c
index 44da22d785d9..9c8e3c7acb16 100644
--- a/services/localzone.c
+++ b/services/localzone.c

@@ -1532,7 +1532,7 @@ local_data_answer(struct local_zone* z, struct module_env* env,

return 0; /* invalid cname */

if(dname_is_wild(ctarget)) {

/* synthesize cname target */

- struct packed_rrset_data* d;

+ struct packed_rrset_data* d, *lr_d;

/* -3 for wildcard label and root label from qname */

size_t newtargetlen = qinfo->qname_len + ctargetlen - 3;

@@ -1560,8 +1560,10 @@ local_data_answer(struct local_zone* z, struct module_env* env,

+ newtargetlen);

if(!d)

return 0; /* out of memory */

+ lr_d = (struct packed_rrset_data*)lr->rrset->entry.data;

qinfo->local_alias->rrset->entry.data = d;

- d->ttl = 0; /* 0 for synthesized CNAME TTL */

+ d->ttl = lr_d->rr_ttl[0]; /* RFC6672-like behavior:

+ synth CNAME TTL uses original TTL*/

d->count = 1;

d->rrsig_count = 0;

d->trust = rrset_trust_ans_noAA;

diff --git a/services/mesh.c b/services/mesh.c
index 509bee36a2c4..47cfb04249b5 100644
--- a/services/mesh.c
+++ b/services/mesh.c

@@ -69,6 +69,12 @@

#include "edns-subnet/subnetmod.h"

#include "edns-subnet/edns-subnet.h"

#endif

+#ifdef HAVE_SYS_TYPES_H

+# include <sys/types.h>

+#endif

+#ifdef HAVE_NETDB_H

+#include <netdb.h>

+#endif

/**

* Compare two response-ip client info entries for the purpose of mesh state

@@ -1429,7 +1435,9 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,

if(m->s.env->cfg->log_replies) {

log_reply_info(NO_VERBOSE, &m->s.qinfo,

&r->query_reply.client_addr,

- r->query_reply.client_addrlen, duration, 0, r_buffer);

+ r->query_reply.client_addrlen, duration, 0, r_buffer,

+ (m->s.env->cfg->log_destaddr?(void*)r->query_reply.c->socket->addr->ai_addr:NULL),

+ r->query_reply.c->type);

}

diff --git a/services/outside_network.c b/services/outside_network.c
index 12923f07d788..1f89740da360 100644
--- a/services/outside_network.c
+++ b/services/outside_network.c

@@ -1009,7 +1009,7 @@ use_free_buffer(struct outside_network* outnet)

sldns_buffer tmp;

sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len);

dt_msg_send_outside_query(outnet->dtenv, &w->sq->addr,

- &pend_tcp->pi->addr, comm_tcp, w->sq->zone,

+ &pend_tcp->pi->addr, comm_tcp, NULL, w->sq->zone,

w->sq->zonelen, &tmp);

}

#endif

@@ -2237,7 +2237,7 @@ randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout)

outnet->dtenv->log_forwarder_query_messages)) {

log_addr(VERB_ALGO, "from local addr", &pend->pc->pif->addr, pend->pc->pif->addrlen);

log_addr(VERB_ALGO, "request to upstream", &pend->addr, pend->addrlen);

- dt_msg_send_outside_query(outnet->dtenv, &pend->addr, &pend->pc->pif->addr, comm_udp,

+ dt_msg_send_outside_query(outnet->dtenv, &pend->addr, &pend->pc->pif->addr, comm_udp, NULL,

pend->sq->zone, pend->sq->zonelen, packet);

}

#endif

@@ -2517,7 +2517,7 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet,

sldns_buffer tmp;

sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len);

dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr,

- &pend->pi->addr, comm_tcp, sq->zone,

+ &pend->pi->addr, comm_tcp, NULL, sq->zone,

sq->zonelen, &tmp);

}

#endif

@@ -2820,6 +2820,25 @@ serviced_perturb_qname(struct ub_randstate* rnd, uint8_t* qbuf, size_t len)

}

+static uint16_t

+serviced_query_udp_size(struct serviced_query* sq, enum serviced_query_status status) {

+ uint16_t udp_size;

+ if(status == serviced_query_UDP_EDNS_FRAG) {

+ if(addr_is_ip6(&sq->addr, sq->addrlen)) {

+ if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE)

+ udp_size = EDNS_FRAG_SIZE_IP6;

+ else udp_size = EDNS_ADVERTISED_SIZE;

+ } else {

+ if(EDNS_FRAG_SIZE_IP4 < EDNS_ADVERTISED_SIZE)

+ udp_size = EDNS_FRAG_SIZE_IP4;

+ else udp_size = EDNS_ADVERTISED_SIZE;

+ }

+ } else {

+ udp_size = EDNS_ADVERTISED_SIZE;

+ }

+ return udp_size;

/** put serviced query into a buffer */

static void

serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns)

@@ -2843,19 +2862,7 @@ serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns)

edns.opt_list_in = NULL;

edns.opt_list_out = sq->opt_list;

edns.opt_list_inplace_cb_out = NULL;

- if(sq->status == serviced_query_UDP_EDNS_FRAG) {

- if(addr_is_ip6(&sq->addr, sq->addrlen)) {

- if(EDNS_FRAG_SIZE_IP6 < EDNS_ADVERTISED_SIZE)

- edns.udp_size = EDNS_FRAG_SIZE_IP6;

- else edns.udp_size = EDNS_ADVERTISED_SIZE;

- } else {

- if(EDNS_FRAG_SIZE_IP4 < EDNS_ADVERTISED_SIZE)

- edns.udp_size = EDNS_FRAG_SIZE_IP4;

- else edns.udp_size = EDNS_ADVERTISED_SIZE;

- }

- } else {

- edns.udp_size = EDNS_ADVERTISED_SIZE;

- }

+ edns.udp_size = serviced_query_udp_size(sq, sq->status);

edns.bits = 0;

if(sq->dnssec & EDNS_DO)

edns.bits = EDNS_DO;

@@ -3083,7 +3090,7 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error,

log_addr(VERB_ALGO, "response from upstream", &sq->addr, sq->addrlen);

log_addr(VERB_ALGO, "to local addr", &pi->addr, pi->addrlen);

dt_msg_send_outside_response(sq->outnet->dtenv, &sq->addr,

- &pi->addr, c->type, sq->zone, sq->zonelen, sq->qbuf,

+ &pi->addr, c->type, c->ssl, sq->zone, sq->zonelen, sq->qbuf,

sq->qbuflen, &sq->last_sent_time, sq->outnet->now_tv,

c->buffer);

}

@@ -3252,7 +3259,8 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,

sq->pending = NULL; /* removed after callback */

if(error == NETEVENT_TIMEOUT) {

- if(sq->status == serviced_query_UDP_EDNS && sq->last_rtt < 5000) {

+ if(sq->status == serviced_query_UDP_EDNS && sq->last_rtt < 5000 &&

+ (serviced_query_udp_size(sq, serviced_query_UDP_EDNS_FRAG) < serviced_query_udp_size(sq, serviced_query_UDP_EDNS))) {

/* fallback to 1480/1280 */

sq->status = serviced_query_UDP_EDNS_FRAG;

log_name_addr(VERB_ALGO, "try edns1xx0", sq->qbuf+10,

@@ -3296,7 +3304,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,

log_addr(VERB_ALGO, "to local addr", &p->pc->pif->addr,

p->pc->pif->addrlen);

dt_msg_send_outside_response(outnet->dtenv, &sq->addr,

- &p->pc->pif->addr, c->type, sq->zone, sq->zonelen,

+ &p->pc->pif->addr, c->type, c->ssl, sq->zone, sq->zonelen,

sq->qbuf, sq->qbuflen, &sq->last_sent_time,

sq->outnet->now_tv, c->buffer);

}