Vendor import of Unbound 1.6.4.vendor/unbound/1.6.4

3 files changed, 86 insertions, 58 deletions

diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c
index 2828088d9fd6..19ee85b1aaaa 100644
--- a/smallapp/unbound-anchor.c
+++ b/smallapp/unbound-anchor.c
@@ -241,6 +241,8 @@ static const char*
 get_builtin_ds(void)
 {
 	return
+/* The anchors must start on a new line with ". IN DS and end with \n"[;]
+ * because the makedist script greps on the source here */
 /* anchor 19036 is from 2010 */
 /* anchor 20326 is from 2017 */
 ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n"
diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c
index ddf8b3a750b1..11df4415c5c5 100644
--- a/smallapp/unbound-checkconf.c
+++ b/smallapp/unbound-checkconf.c
@@ -4,22 +4,22 @@
  * Copyright (c) 2007, NLnet Labs. All rights reserved.
  *
  * This software is open source.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 
+ *
  * Redistributions of source code must retain the above copyright notice,
  * this list of conditions and the following disclaimer.
- * 
+ *
  * Redistributions in binary form must reproduce the above copyright notice,
  * this list of conditions and the following disclaimer in the documentation
  * and/or other materials provided with the distribution.
- * 
+ *
  * Neither the name of the NLNET LABS nor the names of its contributors may
  * be used to endorse or promote products derived from this software without
  * specific prior written permission.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
@@ -88,10 +88,10 @@ usage(void)
 	exit(1);
 }
 
-/** 
- * Print given option to stdout 
+/**
+ * Print given option to stdout
  * @param cfg: config
- * @param opt: option name without trailing :. 
+ * @param opt: option name without trailing :.
  *	This is different from config_set_option.
  * @param final: if final pathname with chroot applied has to be printed.
  */
@@ -156,9 +156,9 @@ view_and_respipchecks(struct config_file* cfg)
 		fatal_exit("Could not create respip set: out of memory");
 	if(!views_apply_cfg(views, cfg))
 		fatal_exit("Could not set up views");
-        if(!respip_global_apply_cfg(respip, cfg))
+	if(!respip_global_apply_cfg(respip, cfg))
 		fatal_exit("Could not setup respip set");
-        if(!respip_views_apply_cfg(views, cfg, &ignored))
+	if(!respip_views_apply_cfg(views, cfg, &ignored))
 		fatal_exit("Could not setup per-view respip sets");
 	views_delete(views);
 	respip_set_delete(respip);
@@ -178,7 +178,7 @@ warn_hosts(const char* typ, struct config_stub* list)
 				fprintf(stderr, "unbound-checkconf: warning:"
 				  " %s %s: \"%s\" is an IP%s address, "
 				  "and when looked up as a host name "
-				  "during use may not resolve.\n", 
+				  "during use may not resolve.\n",
 				  s->name, typ, h->str,
 				  addr_is_ip6(&a, alen)?"6":"4");
 			}
@@ -230,7 +230,7 @@ aclchecks(struct config_file* cfg)
 	socklen_t alen;
 	struct config_str2list* acl;
 	for(acl=cfg->acls; acl; acl = acl->next) {
-		if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen, 
+		if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen,
 			&d)) {
 			fatal_exit("cannot parse access control address %s %s",
 				acl->str, acl->str2);
@@ -240,7 +240,7 @@ aclchecks(struct config_file* cfg)
 
 /** true if fname is a file */
 static int
-is_file(const char* fname) 
+is_file(const char* fname)
 {
 	struct stat buf;
 	if(stat(fname, &buf) < 0) {
@@ -260,7 +260,7 @@ is_file(const char* fname)
 
 /** true if fname is a directory */
 static int
-is_dir(const char* fname) 
+is_dir(const char* fname)
 {
 	struct stat buf;
 	if(stat(fname, &buf) < 0) {
@@ -305,7 +305,7 @@ check_chroot_string(const char* desc, char** ss,
 				fatal_exit("%s: \"%s\" does not exist in "
 					"chrootdir %s", desc, str, chrootdir);
 			else
-				fatal_exit("%s: \"%s\" does not exist", 
+				fatal_exit("%s: \"%s\" does not exist",
 					desc, str);
 		}
 		/* put in a new full path for continued checking */
@@ -332,8 +332,8 @@ check_chroot_filelist_wild(const char* desc, struct config_strlist* list,
 	struct config_strlist* p;
 	for(p=list; p; p=p->next) {
 #ifdef HAVE_GLOB
-		if(strchr(p->str, '*') || strchr(p->str, '[') || 
-			strchr(p->str, '?') || strchr(p->str, '{') || 
+		if(strchr(p->str, '*') || strchr(p->str, '[') ||
+			strchr(p->str, '?') || strchr(p->str, '{') ||
 			strchr(p->str, '~')) {
 			char* s = p->str;
 			/* adjust whole pattern for chroot and check later */
@@ -370,11 +370,11 @@ morechecks(struct config_file* cfg, const char* fname)
 #ifdef UB_ON_WINDOWS
 	w_config_adjust_directory(cfg);
 #endif
-	if(cfg->chrootdir && cfg->chrootdir[0] && 
+	if(cfg->chrootdir && cfg->chrootdir[0] &&
 		cfg->chrootdir[strlen(cfg->chrootdir)-1] == '/')
 		fatal_exit("chootdir %s has trailing slash '/' please remove.",
 			cfg->chrootdir);
-	if(cfg->chrootdir && cfg->chrootdir[0] && 
+	if(cfg->chrootdir && cfg->chrootdir[0] &&
 		!is_dir(cfg->chrootdir)) {
 		fatal_exit("bad chroot directory");
 	}
@@ -416,16 +416,20 @@ morechecks(struct config_file* cfg, const char* fname)
 		}
 	}
 
-	check_chroot_filelist("file with root-hints", 
+	check_chroot_filelist("file with root-hints",
 		cfg->root_hints, cfg->chrootdir, cfg);
-	check_chroot_filelist("trust-anchor-file", 
+	check_chroot_filelist("trust-anchor-file",
 		cfg->trust_anchor_file_list, cfg->chrootdir, cfg);
-	check_chroot_filelist("auto-trust-anchor-file", 
+	check_chroot_filelist("auto-trust-anchor-file",
 		cfg->auto_trust_anchor_file_list, cfg->chrootdir, cfg);
-	check_chroot_filelist_wild("trusted-keys-file", 
+	check_chroot_filelist_wild("trusted-keys-file",
 		cfg->trusted_keys_file_list, cfg->chrootdir, cfg);
-	check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file, 
+	check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file,
 		cfg->chrootdir, cfg);
+#ifdef USE_IPSECMOD
+	check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook, cfg->chrootdir,
+		cfg);
+#endif
 	/* remove chroot setting so that modules are not stripping pathnames*/
 	free(cfg->chrootdir);
 	cfg->chrootdir = NULL;
@@ -434,21 +438,21 @@ morechecks(struct config_file* cfg, const char* fname)
 	 * dns64, but it's not explicitly confirmed,  so the combination is
 	 * excluded below.   It's simply unknown yet for the combination of
 	 * respip and other modules. */
-	if(strcmp(cfg->module_conf, "iterator") != 0 
+	if(strcmp(cfg->module_conf, "iterator") != 0
 		&& strcmp(cfg->module_conf, "validator iterator") != 0
 		&& strcmp(cfg->module_conf, "dns64 validator iterator") != 0
 		&& strcmp(cfg->module_conf, "dns64 iterator") != 0
 		&& strcmp(cfg->module_conf, "respip iterator") != 0
 		&& strcmp(cfg->module_conf, "respip validator iterator") != 0
 #ifdef WITH_PYTHONMODULE
-		&& strcmp(cfg->module_conf, "python iterator") != 0 
-		&& strcmp(cfg->module_conf, "python validator iterator") != 0 
+		&& strcmp(cfg->module_conf, "python iterator") != 0
+		&& strcmp(cfg->module_conf, "python validator iterator") != 0
 		&& strcmp(cfg->module_conf, "validator python iterator") != 0
-		&& strcmp(cfg->module_conf, "dns64 python iterator") != 0 
-		&& strcmp(cfg->module_conf, "dns64 python validator iterator") != 0 
+		&& strcmp(cfg->module_conf, "dns64 python iterator") != 0
+		&& strcmp(cfg->module_conf, "dns64 python validator iterator") != 0
 		&& strcmp(cfg->module_conf, "dns64 validator python iterator") != 0
-		&& strcmp(cfg->module_conf, "python dns64 iterator") != 0 
-		&& strcmp(cfg->module_conf, "python dns64 validator iterator") != 0 
+		&& strcmp(cfg->module_conf, "python dns64 iterator") != 0
+		&& strcmp(cfg->module_conf, "python dns64 validator iterator") != 0
 #endif
 #ifdef USE_CACHEDB
 		&& strcmp(cfg->module_conf, "validator cachedb iterator") != 0
@@ -468,17 +472,29 @@ morechecks(struct config_file* cfg, const char* fname)
 		&& strcmp(cfg->module_conf, "validator python cachedb iterator") != 0
 #endif
 #ifdef CLIENT_SUBNET
-		&& strcmp(cfg->module_conf, "subnetcache iterator") != 0 
+		&& strcmp(cfg->module_conf, "subnetcache iterator") != 0
 		&& strcmp(cfg->module_conf, "subnetcache validator iterator") != 0
 #endif
 #if defined(WITH_PYTHONMODULE) && defined(CLIENT_SUBNET)
 		&& strcmp(cfg->module_conf, "python subnetcache iterator") != 0
-		&& strcmp(cfg->module_conf, "subnetcache python iterator") != 0 
+		&& strcmp(cfg->module_conf, "subnetcache python iterator") != 0
 		&& strcmp(cfg->module_conf, "subnetcache validator iterator") != 0
 		&& strcmp(cfg->module_conf, "python subnetcache validator iterator") != 0
 		&& strcmp(cfg->module_conf, "subnetcache python validator iterator") != 0
 		&& strcmp(cfg->module_conf, "subnetcache validator python iterator") != 0
 #endif
+#ifdef USE_IPSECMOD
+		&& strcmp(cfg->module_conf, "ipsecmod iterator") != 0
+		&& strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0
+#endif
+#if defined(WITH_PYTHONMODULE) && defined(USE_IPSECMOD)
+		&& strcmp(cfg->module_conf, "python ipsecmod iterator") != 0
+		&& strcmp(cfg->module_conf, "ipsecmod python iterator") != 0
+		&& strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0
+		&& strcmp(cfg->module_conf, "python ipsecmod validator iterator") != 0
+		&& strcmp(cfg->module_conf, "ipsecmod python validator iterator") != 0
+		&& strcmp(cfg->module_conf, "ipsecmod validator python iterator") != 0
+#endif
 		) {
 		fatal_exit("module conf '%s' is not known to work",
 			cfg->module_conf);
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index 6cd4e70861f0..aa2db4a61dfb 100644
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -161,7 +161,7 @@ usage(void)
 static const int inhibit_zero = 1;
 /** divide sum of timers to get average */
 static void
-timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
+timeval_divide(struct timeval* avg, const struct timeval* sum, long long d)
 {
 #ifndef S_SPLINT_S
 	size_t leftover;
@@ -184,12 +184,14 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
 #define PR_UL_SUB(str, nm, var) printf(str".%s"SQ"%lu\n", nm, (unsigned long)(var));
 #define PR_TIMEVAL(str, var) printf(str SQ ARG_LL "d.%6.6d\n", \
 	(long long)var.tv_sec, (int)var.tv_usec);
+#define PR_STATSTIME(str, var) printf(str SQ ARG_LL "d.%6.6d\n", \
+	(long long)var ## _sec, (int)var ## _usec);
 #define PR_LL(str, var) printf(str SQ ARG_LL"d\n", (long long)(var));
 
 /** print stat block */
-static void pr_stats(const char* nm, struct stats_info* s)
+static void pr_stats(const char* nm, struct ub_stats_info* s)
 {
-	struct timeval avg;
+	struct timeval sumwait, avg;
 	PR_UL_NM("num.queries", s->svr.num_queries);
 	PR_UL_NM("num.queries_ip_ratelimited", 
 		s->svr.num_queries_ip_ratelimited);
@@ -209,14 +211,18 @@ static void pr_stats(const char* nm, struct stats_info* s)
 	printf("%s.requestlist.avg"SQ"%g\n", nm,
 		(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
 			(double)s->svr.sum_query_list_size/
-			(s->svr.num_queries_missed_cache+
+			(double)(s->svr.num_queries_missed_cache+
 			s->svr.num_queries_prefetch) : 0.0);
 	PR_UL_NM("requestlist.max", s->svr.max_query_list_size);
 	PR_UL_NM("requestlist.overwritten", s->mesh_jostled);
 	PR_UL_NM("requestlist.exceeded", s->mesh_dropped);
 	PR_UL_NM("requestlist.current.all", s->mesh_num_states);
 	PR_UL_NM("requestlist.current.user", s->mesh_num_reply_states);
-	timeval_divide(&avg, &s->mesh_replies_sum_wait, s->mesh_replies_sent);
+#ifndef S_SPLINT_S
+	sumwait.tv_sec = s->mesh_replies_sum_wait_sec;
+	sumwait.tv_usec = s->mesh_replies_sum_wait_usec;
+#endif
+	timeval_divide(&avg, &sumwait, s->mesh_replies_sent);
 	printf("%s.", nm);
 	PR_TIMEVAL("recursion.time.avg", avg);
 	printf("%s.recursion.time.median"SQ"%g\n", nm, s->mesh_time_median);
@@ -224,27 +230,31 @@ static void pr_stats(const char* nm, struct stats_info* s)
 }
 
 /** print uptime */
-static void print_uptime(struct shm_stat_info* shm_stat)
+static void print_uptime(struct ub_shm_stat_info* shm_stat)
 {
-	PR_TIMEVAL("time.now", shm_stat->time.now);
-	PR_TIMEVAL("time.up", shm_stat->time.up);
-	PR_TIMEVAL("time.elapsed", shm_stat->time.elapsed);
+	PR_STATSTIME("time.now", shm_stat->time.now);
+	PR_STATSTIME("time.up", shm_stat->time.up);
+	PR_STATSTIME("time.elapsed", shm_stat->time.elapsed);
 }
 
 /** print memory usage */
-static void print_mem(struct shm_stat_info* shm_stat)
+static void print_mem(struct ub_shm_stat_info* shm_stat)
 {
 	PR_LL("mem.cache.rrset", shm_stat->mem.rrset);
 	PR_LL("mem.cache.message", shm_stat->mem.msg);
-	PR_LL("mem.cache.iterator", shm_stat->mem.iter);
-	PR_LL("mem.cache.validator", shm_stat->mem.val);
+	PR_LL("mem.mod.iterator", shm_stat->mem.iter);
+	PR_LL("mem.mod.validator", shm_stat->mem.val);
+	PR_LL("mem.mod.respip", shm_stat->mem.respip);
 #ifdef CLIENT_SUBNET
-	PR_LL("mem.cache.subnet", shm_stat->mem.subnet);
+	PR_LL("mem.mod.subnet", shm_stat->mem.subnet);
+#endif
+#ifdef USE_IPSECMOD
+	PR_LL("mem.mod.ipsecmod", shm_stat->mem.ipsecmod);
 #endif
 }
 
 /** print histogram */
-static void print_hist(struct stats_info* s)
+static void print_hist(struct ub_stats_info* s)
 {
 	struct timehist* hist;
 	size_t i;
@@ -264,13 +274,13 @@ static void print_hist(struct stats_info* s)
 }
 
 /** print extended */
-static void print_extended(struct stats_info* s)
+static void print_extended(struct ub_stats_info* s)
 {
 	int i;
 	char nm[16];
 
 	/* TYPE */
-	for(i=0; i<STATS_QTYPE_NUM; i++) {
+	for(i=0; i<UB_STATS_QTYPE_NUM; i++) {
 		if(inhibit_zero && s->svr.qtype[i] == 0)
 			continue;
 		sldns_wire2str_type_buf((uint16_t)i, nm, sizeof(nm));
@@ -281,7 +291,7 @@ static void print_extended(struct stats_info* s)
 	}
 
 	/* CLASS */
-	for(i=0; i<STATS_QCLASS_NUM; i++) {
+	for(i=0; i<UB_STATS_QCLASS_NUM; i++) {
 		if(inhibit_zero && s->svr.qclass[i] == 0)
 			continue;
 		sldns_wire2str_class_buf((uint16_t)i, nm, sizeof(nm));
@@ -292,7 +302,7 @@ static void print_extended(struct stats_info* s)
 	}
 
 	/* OPCODE */
-	for(i=0; i<STATS_OPCODE_NUM; i++) {
+	for(i=0; i<UB_STATS_OPCODE_NUM; i++) {
 		if(inhibit_zero && s->svr.qopcode[i] == 0)
 			continue;
 		sldns_wire2str_opcode_buf(i, nm, sizeof(nm));
@@ -317,7 +327,7 @@ static void print_extended(struct stats_info* s)
 	PR_UL("num.query.edns.DO", s->svr.qEDNS_DO);
 
 	/* RCODE */
-	for(i=0; i<STATS_RCODE_NUM; i++) {
+	for(i=0; i<UB_STATS_RCODE_NUM; i++) {
 		/* Always include RCODEs 0-5 */
 		if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0)
 			continue;
@@ -342,8 +352,8 @@ static void print_extended(struct stats_info* s)
 }
 
 /** print statistics out of memory structures */
-static void do_stats_shm(struct config_file* cfg, struct stats_info* stats,
-	struct shm_stat_info* shm_stat)
+static void do_stats_shm(struct config_file* cfg, struct ub_stats_info* stats,
+	struct ub_shm_stat_info* shm_stat)
 {
 	int i;
 	char nm[16];
@@ -366,8 +376,8 @@ static void print_stats_shm(const char* cfgfile)
 {
 #ifdef HAVE_SHMGET
 	struct config_file* cfg;
-	struct stats_info* stats;
-	struct shm_stat_info* shm_stat;
+	struct ub_stats_info* stats;
+	struct ub_shm_stat_info* shm_stat;
 	int id_ctl, id_arr;
 	/* read config */
 	if(!(cfg = config_create()))
@@ -383,11 +393,11 @@ static void print_stats_shm(const char* cfgfile)
 	if(id_arr == -1) {
 		fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno));
 	}
-	shm_stat = (struct shm_stat_info*)shmat(id_ctl, NULL, 0);
+	shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, 0);
 	if(shm_stat == (void*)-1) {
 		fatal_exit("shmat(%d): %s", id_ctl, strerror(errno));
 	}
-	stats = (struct stats_info*)shmat(id_arr, NULL, 0);
+	stats = (struct ub_stats_info*)shmat(id_arr, NULL, 0);
 	if(stats == (void*)-1) {
 		fatal_exit("shmat(%d): %s", id_arr, strerror(errno));
 	}