mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- spelling fixes from Igor Sobrado Delgado.
git-svn-id: file:///svn/unbound/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
87a7408250
commit
152458c40b
@ -139,7 +139,7 @@ getentropy(void *buf, size_t len)
|
||||
* Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
|
||||
* sysctl is a failsafe API, so it guarantees a result. This
|
||||
* should work inside a chroot, or when file descriptors are
|
||||
* exhuasted.
|
||||
* exhausted.
|
||||
*
|
||||
* However this can fail if the Linux kernel removes support
|
||||
* for sysctl. Starting in 2007, there have been efforts to
|
||||
|
@ -70,7 +70,7 @@ unsigned char *SHA512(void *data, unsigned int data_len, unsigned char *digest);
|
||||
* Please make sure that your system defines BYTE_ORDER. If your
|
||||
* architecture is little-endian, make sure it also defines
|
||||
* LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
|
||||
* equivilent.
|
||||
* equivalent.
|
||||
*
|
||||
* If your system does not define the above, then you can do so by
|
||||
* hand like this:
|
||||
|
@ -312,7 +312,7 @@
|
||||
+ /**
|
||||
* Each time a delegation point changes for a given query or a
|
||||
* query times out and/or wakes up, this state is (re)visited.
|
||||
* This state is reponsible for iterating through a list of
|
||||
* This state is responsible for iterating through a list of
|
||||
@@ -309,6 +320,13 @@ struct iter_qstate {
|
||||
*/
|
||||
int refetch_glue;
|
||||
|
@ -273,7 +273,7 @@ fi
|
||||
- Change make/configure lines to attempt to fix -lphtread linking issue
|
||||
|
||||
* Thu Feb 18 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-2
|
||||
- Removed dependancy for dnssec-conf
|
||||
- Removed dependency for dnssec-conf
|
||||
- Added ISC DLV key (formerly in dnssec-conf)
|
||||
- Fixup old DLV locations in unbound.conf file via %%post
|
||||
- Fix parent child disagreement handling and no-ipv6 present [svn r1953]
|
||||
@ -312,7 +312,7 @@ fi
|
||||
- Re-enabled glob.patch
|
||||
|
||||
* Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-7
|
||||
- unbound-iterator.patch was not commited
|
||||
- unbound-iterator.patch was not committed
|
||||
|
||||
* Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-6
|
||||
- Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793
|
||||
@ -338,11 +338,11 @@ fi
|
||||
|
||||
* Wed Jan 14 2009 Paul Wouters <paul@xelerance.com - 1.2.0-1
|
||||
- Updated to 1.2.0
|
||||
- Added dependancy on minimum SSL for CVE-2008-5077
|
||||
- Added dependancy on bc for unbound-munin
|
||||
- Added dependency on minimum SSL for CVE-2008-5077
|
||||
- Added dependency on bc for unbound-munin
|
||||
- Added minimum requirement of libevent 1.4.5. Crashes with older versions
|
||||
(note: libevent is stale in EL-4 and not in EL-5, needs fixing there)
|
||||
- Removed dependancy on selinux-policy (will get used when available)
|
||||
- Removed dependency on selinux-policy (will get used when available)
|
||||
- Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt
|
||||
- Enable unwanted-reply-threshold to mitigate against a Kaminsky attack
|
||||
- Enable val-clean-additional to drop addition unsigned data from signed
|
||||
@ -423,7 +423,7 @@ fi
|
||||
- Build against ldns-1.3.0
|
||||
|
||||
* Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-1
|
||||
- Split of -devel package, fixed dependancies, make rpmlint happy
|
||||
- Split of -devel package, fixed dependencies, make rpmlint happy
|
||||
|
||||
* Thu Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12
|
||||
- Using parts from ports collection entry by Jaap Akkerhuis.
|
||||
|
@ -105,7 +105,7 @@ message Message {
|
||||
|
||||
enum Type {
|
||||
// AUTH_QUERY is a DNS query message received from a resolver by an
|
||||
// authoritative name server, from the perspective of the authorative
|
||||
// authoritative name server, from the perspective of the authoritative
|
||||
// name server.
|
||||
AUTH_QUERY = 1;
|
||||
|
||||
|
@ -1,5 +1,6 @@
|
||||
18 November 2015: Wouter
|
||||
- newer acx_nlnetlabs.m4.
|
||||
- spelling fixes from Igor Sobrado Delgado.
|
||||
|
||||
17 November 2015: Wouter
|
||||
- Fix #594. libunbound: optionally use libnettle for crypto.
|
||||
@ -801,7 +802,7 @@
|
||||
existence in 4592. NSEC empty non-terminals exist and thus the
|
||||
RCODE should have been NOERROR. If this occurs, and the RRsets
|
||||
are secure, we set the RCODE to NOERROR and the security status
|
||||
of the reponse is also considered secure.
|
||||
of the response is also considered secure.
|
||||
|
||||
14 February 2014: Wouter
|
||||
- Works on Minix (3.2.1).
|
||||
@ -1573,7 +1574,7 @@
|
||||
- Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc.
|
||||
- Fix warnings with gcc 4.6 in compat/inet_ntop.c.
|
||||
- Fix warning unused in compat/strptime.c.
|
||||
- Fix malloc detection and double defintion.
|
||||
- Fix malloc detection and double definition.
|
||||
|
||||
2 December 2011: Wouter
|
||||
- configure generated with autoconf 2.68.
|
||||
@ -5018,7 +5019,7 @@
|
||||
- Advertise builtin select libevent alternative when no libevent
|
||||
is found.
|
||||
- signit can generate NSEC3 hashes, for generating tests.
|
||||
- multiple nsec3 paramaters in message test.
|
||||
- multiple nsec3 parameters in message test.
|
||||
- too high nsec3 iterations becomes insecure test.
|
||||
|
||||
21 September 2007: Wouter
|
||||
@ -5089,7 +5090,7 @@
|
||||
- testbound can replay a TCP query (set MATCH TCP in the QUERY).
|
||||
- DS and noDS referral validation test.
|
||||
- if you configure many trust anchors, parent trust anchors can
|
||||
securely deny existance of child trust anchors, if validated.
|
||||
securely deny existence of child trust anchors, if validated.
|
||||
- not all *.name NSECs are present because a wildcard was matched,
|
||||
and *.name NSECs can prove nodata for empty nonterminals.
|
||||
Also, for wildcard name NSECs, check they are not from the parent
|
||||
@ -5396,7 +5397,7 @@
|
||||
|
||||
17 July 2007: Wouter
|
||||
- forward zone options in config file.
|
||||
- forward per zone in iterator. takes precendence over stubs.
|
||||
- forward per zone in iterator. takes precedence over stubs.
|
||||
- fixup commithooks.
|
||||
- removed forward-to and forward-to-port features, subsumed by
|
||||
new forward zones.
|
||||
@ -5497,7 +5498,7 @@
|
||||
ldns and libevent are linked statically. Default is off.
|
||||
- make install and make uninstall. Works with static-exe and without.
|
||||
installation of unbound binary and manual pages.
|
||||
- alignement problem fix on solaris 64.
|
||||
- alignment problem fix on solaris 64.
|
||||
- fixup address in case of TCP error.
|
||||
|
||||
12 June 2007: Wouter
|
||||
@ -5580,7 +5581,7 @@
|
||||
- removed FLAG_CD from message and rrset caches. This was useful for
|
||||
an agnostic forwarder, but not for a sophisticated (trust value per
|
||||
rrset enabled) cache.
|
||||
- iterator reponse typing.
|
||||
- iterator response typing.
|
||||
- iterator cname handle.
|
||||
- iterator prime start.
|
||||
- subquery work.
|
||||
@ -5600,7 +5601,7 @@
|
||||
- Acknowledge use of unbound-java code in iterator. Nicer readme.
|
||||
- services/cache/dns.c DNS Cache. Hybrid cache uses msgcache and
|
||||
rrset cache from module environment.
|
||||
- packed rrset key has type and class as easily accessable struct
|
||||
- packed rrset key has type and class as easily accessible struct
|
||||
members. They are still kept in network format for fast msg encode.
|
||||
- dns cache find_delegation routine.
|
||||
- iterator main functions setup.
|
||||
@ -5684,7 +5685,7 @@
|
||||
- EDNS read from query, used to make reply smaller.
|
||||
- advertised edns value constants.
|
||||
- EDNS BADVERS response, if asked for too high edns version.
|
||||
- EDNS extended error reponses once the EDNS record from the query
|
||||
- EDNS extended error responses once the EDNS record from the query
|
||||
has successfully been parsed.
|
||||
|
||||
4 May 2007: Wouter
|
||||
|
@ -169,7 +169,7 @@ therefore not flushed. The option must end with a ':' and whitespace
|
||||
must be between the option and the value. Some values may not have an
|
||||
effect if set this way, the new values are not written to the config file,
|
||||
not all options are supported. This is different from the set_option call
|
||||
in libunbound, where all values work because unbound has not been inited.
|
||||
in libunbound, where all values work because unbound has not been initialized.
|
||||
.IP
|
||||
The values that work are: statistics\-interval, statistics\-cumulative,
|
||||
do\-not\-query\-localhost, harden\-short\-bufsize, harden\-large\-queries,
|
||||
|
@ -588,7 +588,7 @@ Can be given multiple times, for different domains.
|
||||
.B private\-address: \fI<IP address or subnet>
|
||||
Give IPv4 of IPv6 addresses or classless subnets. These are addresses
|
||||
on your private network, and are not allowed to be returned for
|
||||
public internet names. Any occurence of such addresses are removed
|
||||
public internet names. Any occurrence of such addresses are removed
|
||||
from DNS answers. Additionally, the DNSSEC validator may mark the
|
||||
answers bogus. This protects against so\-called DNS Rebinding, where
|
||||
a user browser is turned into a network proxy, allowing remote access
|
||||
@ -747,7 +747,7 @@ Instruct the validator to remove data from the additional section of secure
|
||||
messages that are not signed properly. Messages that are insecure, bogus,
|
||||
indeterminate or unchecked are not affected. Default is yes. Use this setting
|
||||
to protect the users that rely on this validator for authentication from
|
||||
protentially bad data in the additional section.
|
||||
potentially bad data in the additional section.
|
||||
.TP
|
||||
.B val\-log\-level: \fI<number>
|
||||
Have the validator print validation failures to the log. Regardless of
|
||||
@ -1034,7 +1034,7 @@ If set to 0, all queries are dropped for domains where the limit is
|
||||
exceeded. If set to another value, 1 in that number is allowed through
|
||||
to complete. Default is 10, allowing 1/10 traffic to flow normally.
|
||||
This can make ordinary queries complete (if repeatedly queried for),
|
||||
and enter the cache, whilst also mitigiting the traffic flow by the
|
||||
and enter the cache, whilst also mitigating the traffic flow by the
|
||||
factor given.
|
||||
.TP 5
|
||||
.B ratelimit\-for\-domain: \fI<domain> <number qps>
|
||||
|
@ -674,7 +674,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
|
||||
* children of the originating zone. The idea here is that,
|
||||
* as far as we know, the server that we contacted is ONLY
|
||||
* authoritative for the originating zone. It, of course, MAY
|
||||
* be authoriative for any other zones, and of course, MAY
|
||||
* be authoritative for any other zones, and of course, MAY
|
||||
* NOT be authoritative for some subdomains of the originating
|
||||
* zone. */
|
||||
prev = NULL;
|
||||
|
@ -255,7 +255,7 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env,
|
||||
return -1; /* server is lame */
|
||||
else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT)
|
||||
/* server is unresponsive,
|
||||
* we used to return TOP_TIMOUT, but fairly useless,
|
||||
* we used to return TOP_TIMEOUT, but fairly useless,
|
||||
* because if == TOP_TIMEOUT is dropped because
|
||||
* blacklisted later, instead, remove it here, so
|
||||
* other choices (that are not blacklisted) can be
|
||||
@ -306,7 +306,7 @@ iter_fill_rtt(struct iter_env* iter_env, struct module_env* env,
|
||||
return got_it;
|
||||
}
|
||||
|
||||
/** filter the addres list, putting best targets at front,
|
||||
/** filter the address list, putting best targets at front,
|
||||
* returns number of best targets (or 0, no suitable targets) */
|
||||
static int
|
||||
iter_filter_order(struct iter_env* iter_env, struct module_env* env,
|
||||
|
@ -176,7 +176,7 @@ next_state(struct iter_qstate* iq, enum iter_state nextstate)
|
||||
/**
|
||||
* Transition an event to its final state. Final states always either return
|
||||
* a result up the module chain, or reactivate a dependent event. Which
|
||||
* final state to transtion to is set in the module state for the event when
|
||||
* final state to transition to is set in the module state for the event when
|
||||
* it was created, and depends on the original purpose of the event.
|
||||
*
|
||||
* The response is stored in the qstate->buf buffer.
|
||||
@ -506,7 +506,7 @@ target_count_increase(struct iter_qstate* iq, int num)
|
||||
/**
|
||||
* Generate a subrequest.
|
||||
* Generate a local request event. Local events are tied to this module, and
|
||||
* have a correponding (first tier) event that is waiting for this event to
|
||||
* have a corresponding (first tier) event that is waiting for this event to
|
||||
* resolve to continue.
|
||||
*
|
||||
* @param qname The query name for this request.
|
||||
|
@ -36,7 +36,7 @@
|
||||
help:
|
||||
@echo "Please use \`make <target>' where <target> is one of"
|
||||
@echo " testenv to make test environment and run bash "
|
||||
@echo " usefull in case you don't want to install unbound but want to test examples"
|
||||
@echo " useful in case you don't want to install unbound but want to test examples"
|
||||
@echo " doc to make documentation"
|
||||
@echo " clean clean all"
|
||||
|
||||
|
@ -22,7 +22,7 @@ You need GNU make to compile sources; SWIG and Python devel libraries to compile
|
||||
|
||||
**Testing**
|
||||
|
||||
If the compilation is successfull, you can test the python LDNS extension module by::
|
||||
If the compilation is successful, you can test the python LDNS extension module by::
|
||||
|
||||
> cd contrib/python
|
||||
> make testenv
|
||||
|
@ -42,7 +42,7 @@ Class ub_result
|
||||
False, if validation failed or domain queried has no security info.
|
||||
|
||||
It is possible to get a result with no data (havedata is false),
|
||||
and secure is true. This means that the non-existance of the data
|
||||
and secure is true. This means that the non-existence of the data
|
||||
was cryptographically proven (with signatures).
|
||||
|
||||
.. attribute:: bogus
|
||||
|
@ -44,7 +44,7 @@ ctx.debugout(fw)
|
||||
ctx.debuglevel(2)
|
||||
|
||||
if os.path.isfile("keys"):
|
||||
ctx.add_ta_file("keys") #read public keys for DNSSEC verificatio
|
||||
ctx.add_ta_file("keys") #read public keys for DNSSEC verification
|
||||
|
||||
status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* libounbound.i: pyUnbound module (libunbound wrapper for Python)
|
||||
* libunbound.i: pyUnbound module (libunbound wrapper for Python)
|
||||
*
|
||||
* Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz)
|
||||
* Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz)
|
||||
@ -455,7 +455,7 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104']
|
||||
#_UB_CTX_METHODS#
|
||||
|
||||
def zone_print(self):
|
||||
"""Print local zones using debougout"""
|
||||
"""Print local zones using debugout"""
|
||||
_unbound.ub_ctx_print_local_zones(self)
|
||||
|
||||
def zone_add(self,zonename,zonetype):
|
||||
|
@ -4394,7 +4394,7 @@ EOF
|
||||
{
|
||||
/* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
|
||||
namespace, but it is not one of the ones we know about and
|
||||
have already dealt with, above (inluding dump-script), then
|
||||
have already dealt with, above (including dump-script), then
|
||||
report an error. Otherwise, targets might begin to believe
|
||||
they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
|
||||
namespace. The first time any user complains about this, we'll
|
||||
|
@ -24,7 +24,7 @@ DNS query and word lookup
|
||||
|
||||
Let's define the following format od DNS queries: ``word1[.]word2[.] ... wordN[.]{en,cs}[._dict_.cz.]``.
|
||||
Word lookup is done by simple ``dict`` lookup from broken DNS request.
|
||||
Query name is divided into a list of labels. This list is accesible as qname_list attribute.
|
||||
Query name is divided into a list of labels. This list is accessible as qname_list attribute.
|
||||
::
|
||||
|
||||
aword = ' '.join(qstate.qinfo.qname_list[0:-4]) #skip last four labels
|
||||
|
@ -311,7 +311,7 @@ config_file
|
||||
|
||||
.. attribute:: local_data
|
||||
|
||||
Local data RRs configged.
|
||||
Local data RRs configured.
|
||||
|
||||
.. attribute:: remote_control_enable
|
||||
|
||||
|
@ -68,7 +68,7 @@ Module event
|
||||
|
||||
.. data:: module_event_error
|
||||
|
||||
Error occured.
|
||||
Error occurred.
|
||||
|
||||
Security status
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
@ -347,12 +347,12 @@ DNSMessage
|
||||
|
||||
.. method:: __init__(self, rr_name, rr_type, rr_class = RR_CLASS_IN, query_flags = 0, default_ttl = 0)
|
||||
|
||||
Prepares an answer (DNS packet) from qiven information. Query flags are combination of PKT_xx contants.
|
||||
Prepares an answer (DNS packet) from given information. Query flags are combination of PKT_xx constants.
|
||||
|
||||
.. method:: set_return_msg(self, qstate)
|
||||
|
||||
This method fills qstate return message according to the given informations.
|
||||
It takes lists of RRs in each section of answer, created necessray RRsets in wire format and store the result in :attr:`qstate.return_msg`.
|
||||
It takes lists of RRs in each section of answer, created necessary RRsets in wire format and store the result in :attr:`qstate.return_msg`.
|
||||
Returns 1 if OK.
|
||||
|
||||
.. attribute:: rr_name
|
||||
|
@ -9,7 +9,7 @@ Synchronized with database engine, for example *MySQL*.
|
||||
|
||||
Firewall control
|
||||
----------------
|
||||
Control firewall (e.g. enable incomming SSH connection) with DNS query signed with private key.
|
||||
Control firewall (e.g. enable incoming SSH connection) with DNS query signed with private key.
|
||||
So firewall can blocks every service during normal operation.
|
||||
|
||||
Scriptable DNS-based blacklist (DNS-BL_)
|
||||
|
@ -56,13 +56,13 @@ time_t sldns_mktime_from_utc(const struct tm *tm);
|
||||
|
||||
/**
|
||||
* The function interprets time as the number of seconds since epoch
|
||||
* with respect to now using serial arithmitics (rfc1982).
|
||||
* with respect to now using serial arithmetics (rfc1982).
|
||||
* That number of seconds is then converted to broken-out time information.
|
||||
* This is especially usefull when converting the inception and expiration
|
||||
* fields of RRSIG records.
|
||||
*
|
||||
* \param[in] time number of seconds since epoch (midnight, January 1st, 1970)
|
||||
* to be intepreted as a serial arithmitics number relative to now.
|
||||
* to be intepreted as a serial arithmetics number relative to now.
|
||||
* \param[in] now number of seconds since epoch (midnight, January 1st, 1970)
|
||||
* to which the time value is compared to determine the final value.
|
||||
* \param[out] result the struct with the broken-out time information
|
||||
|
@ -95,7 +95,7 @@
|
||||
* signed yet; avoids attacks on system clock). The
|
||||
* last-successful-RFC5011-probe (if available) has to be more than 30 days
|
||||
* in the past (otherwise, RFC5011 should have worked). This keeps
|
||||
* unneccesary https traffic down. If the main certificate is expired, it
|
||||
* unnecessary https traffic down. If the main certificate is expired, it
|
||||
* fails.
|
||||
*
|
||||
* The dates on the keys in the xml are checked (uses the libexpat xml
|
||||
|
@ -430,7 +430,7 @@ finish_acquire_lock(struct thr_check* thr, struct checked_lock* lock,
|
||||
* @param timedfunc: the pthread_mutex_timedlock or similar function.
|
||||
* Uses absolute timeout value.
|
||||
* @param arg: what to pass to tryfunc and timedlock.
|
||||
* @param exclusive: if lock must be exlusive (only one allowed).
|
||||
* @param exclusive: if lock must be exclusive (only one allowed).
|
||||
* @param getwr: if attempts to get writelock (or readlock) for rwlocks.
|
||||
*/
|
||||
static void
|
||||
|
@ -569,7 +569,7 @@ do_infra_rtt(struct replay_runtime* runtime)
|
||||
free(dp);
|
||||
}
|
||||
|
||||
/** perform exponential backoff on the timout */
|
||||
/** perform exponential backoff on the timeout */
|
||||
static void
|
||||
expon_timeout_backoff(struct replay_runtime* runtime)
|
||||
{
|
||||
|
@ -35,7 +35,7 @@
|
||||
*/
|
||||
/**
|
||||
* \file
|
||||
* Exits with code 1 on a failure. 0 if all unit tests are successfull.
|
||||
* Exits with code 1 on a failure. 0 if all unit tests are successful.
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
@ -214,7 +214,7 @@ void delete_entry(struct entry* list);
|
||||
* @param in: file to read from. Filepos must be at the start of a new line.
|
||||
* @param name: name of the file for prettier errors.
|
||||
* @param pstate: file parse state with lineno, default_ttl,
|
||||
* oirigin and prev_rr name.
|
||||
* origin and prev_rr name.
|
||||
* @param skip_whitespace: skip leftside whitespace.
|
||||
* @return: The entry read (malloced) or NULL if no entry could be read.
|
||||
*/
|
||||
|
@ -359,7 +359,7 @@ testlookup_unlim(struct lruhash* table, testdata_t** ref)
|
||||
static void
|
||||
test_long_table(struct lruhash* table)
|
||||
{
|
||||
/* assuming it all fits in the hastable, this check will work */
|
||||
/* assuming it all fits in the hashtable, this check will work */
|
||||
testdata_t* ref[HASHTESTMAX * 100];
|
||||
size_t i;
|
||||
memset(ref, 0, sizeof(ref));
|
||||
|
@ -36,7 +36,7 @@
|
||||
/**
|
||||
* \file
|
||||
* Unit test main program. Calls all the other unit tests.
|
||||
* Exits with code 1 on a failure. 0 if all unit tests are successfull.
|
||||
* Exits with code 1 on a failure. 0 if all unit tests are successful.
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
@ -242,7 +242,7 @@ testlookup_unlim(struct slabhash* table, testdata_t** ref)
|
||||
static void
|
||||
test_long_table(struct slabhash* table)
|
||||
{
|
||||
/* assuming it all fits in the hastable, this check will work */
|
||||
/* assuming it all fits in the hashtable, this check will work */
|
||||
testdata_t* ref[HASHTESTMAX * 100];
|
||||
size_t i;
|
||||
memset(ref, 0, sizeof(ref));
|
||||
|
@ -283,7 +283,7 @@ struct config_file {
|
||||
struct config_str2list* local_zones;
|
||||
/** local zones nodefault list */
|
||||
struct config_strlist* local_zones_nodefault;
|
||||
/** local data RRs configged */
|
||||
/** local data RRs configured */
|
||||
struct config_strlist* local_data;
|
||||
/** unblock lan zones (reverse lookups for 10/8 and so on) */
|
||||
int unblock_lan_zones;
|
||||
|
@ -232,7 +232,7 @@ void ub_thread_create(ub_thread_t* thr, void* (*func)(void*), void* arg)
|
||||
0, /* default flags, run immediately */
|
||||
NULL); /* do not store thread identifier anywhere */
|
||||
#else
|
||||
/* the begintheadex routine setups for the C lib; aligns stack */
|
||||
/* the beginthreadex routine setups for the C lib; aligns stack */
|
||||
*thr=(ub_thread_t)_beginthreadex(NULL, 0, (void*)func, arg, 0, NULL);
|
||||
#endif
|
||||
if(*thr == NULL) {
|
||||
|
@ -68,7 +68,7 @@ static void rbtree_insert_fixup(rbtree_t *rbtree, rbnode_t *node);
|
||||
static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* child_parent);
|
||||
|
||||
/*
|
||||
* Creates a new red black tree, intializes and returns a pointer to it.
|
||||
* Creates a new red black tree, initializes and returns a pointer to it.
|
||||
*
|
||||
* Return NULL on failure.
|
||||
*
|
||||
|
@ -96,7 +96,7 @@ int rtt_notimeout(const struct rtt_info* rtt);
|
||||
void rtt_update(struct rtt_info* rtt, int ms);
|
||||
|
||||
/**
|
||||
* Update the statistics with a new timout expired observation.
|
||||
* Update the statistics with a new timeout expired observation.
|
||||
* @param rtt: round trip statistics structure.
|
||||
* @param orig: original rtt time given for the query that timed out.
|
||||
* Used to calculate the maximum responsible backed off time that
|
||||
|
@ -356,7 +356,7 @@ uint32_t hashlittle( const void *key, size_t length, uint32_t initval)
|
||||
* rest of the string. Every machine with memory protection I've seen
|
||||
* does it on word boundaries, so is OK with this. But VALGRIND will
|
||||
* still catch it and complain. The masking trick does make the hash
|
||||
* noticably faster for short strings (like English words).
|
||||
* noticeably faster for short strings (like English words).
|
||||
*/
|
||||
#ifndef VALGRIND
|
||||
|
||||
@ -544,7 +544,7 @@ void hashlittle2(
|
||||
* rest of the string. Every machine with memory protection I've seen
|
||||
* does it on word boundaries, so is OK with this. But VALGRIND will
|
||||
* still catch it and complain. The masking trick does make the hash
|
||||
* noticably faster for short strings (like English words).
|
||||
* noticeably faster for short strings (like English words).
|
||||
*/
|
||||
#ifndef VALGRIND
|
||||
|
||||
@ -725,7 +725,7 @@ uint32_t hashbig( const void *key, size_t length, uint32_t initval)
|
||||
* rest of the string. Every machine with memory protection I've seen
|
||||
* does it on word boundaries, so is OK with this. But VALGRIND will
|
||||
* still catch it and complain. The masking trick does make the hash
|
||||
* noticably faster for short strings (like English words).
|
||||
* noticeably faster for short strings (like English words).
|
||||
*/
|
||||
#ifndef VALGRIND
|
||||
|
||||
@ -858,7 +858,7 @@ void driver2()
|
||||
{
|
||||
for (j=0; j<8; ++j) /*------------------------ for each input bit, */
|
||||
{
|
||||
for (m=1; m<8; ++m) /*------------ for serveral possible initvals, */
|
||||
for (m=1; m<8; ++m) /*------------ for several possible initvals, */
|
||||
{
|
||||
for (l=0; l<HASHSTATE; ++l)
|
||||
e[l]=f[l]=g[l]=h[l]=x[l]=y[l]=~((uint32_t)0);
|
||||
|
@ -83,7 +83,7 @@ struct tube {
|
||||
|
||||
/** background write queue, commpoint to write results back */
|
||||
struct comm_point* res_com;
|
||||
/** are we curently writing a result, 0 if not, else bytecount into
|
||||
/** are we currently writing a result, 0 if not, else bytecount into
|
||||
* the res_list first entry. */
|
||||
size_t res_write;
|
||||
/** list of outstanding results to be written back */
|
||||
|
@ -201,7 +201,7 @@ struct event {
|
||||
int stick_events;
|
||||
|
||||
/** true if this event is a signaling WSAEvent by the user.
|
||||
* User created and user closed WSAEvent. Only signaled/unsigneled,
|
||||
* User created and user closed WSAEvent. Only signaled/unsignaled,
|
||||
* no read/write/distinctions needed. */
|
||||
int is_signal;
|
||||
/** used during callbacks to see which events were just checked */
|
||||
|
@ -2170,7 +2170,7 @@ int autr_process_prime(struct module_env* env, struct val_env* ve,
|
||||
if(!verify_dnskey(env, ve, tp, dnskey_rrset)) {
|
||||
verbose(VERB_ALGO, "autotrust: dnskey did not verify.");
|
||||
/* only increase failure count if this is not the first prime,
|
||||
* this means there was a previous succesful probe */
|
||||
* this means there was a previous successful probe */
|
||||
if(tp->autr->last_success) {
|
||||
tp->autr->query_failed += 1;
|
||||
autr_write_file(env, tp);
|
||||
|
@ -38,7 +38,7 @@
|
||||
*
|
||||
* This file contains helper functions for the validator module.
|
||||
* The functions help with aggressive negative caching.
|
||||
* This creates new denials of existance, and proofs for absence of types
|
||||
* This creates new denials of existence, and proofs for absence of types
|
||||
* from cached NSEC records.
|
||||
*/
|
||||
#include "config.h"
|
||||
|
@ -38,7 +38,7 @@
|
||||
*
|
||||
* This file contains helper functions for the validator module.
|
||||
* The functions help with aggressive negative caching.
|
||||
* This creates new denials of existance, and proofs for absence of types
|
||||
* This creates new denials of existence, and proofs for absence of types
|
||||
* from cached NSEC records.
|
||||
*/
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* validator/val_nsec.c - validator NSEC denial of existance functions.
|
||||
* validator/val_nsec.c - validator NSEC denial of existence functions.
|
||||
*
|
||||
* Copyright (c) 2007, NLnet Labs. All rights reserved.
|
||||
*
|
||||
@ -38,7 +38,7 @@
|
||||
*
|
||||
* This file contains helper functions for the validator module.
|
||||
* The functions help with NSEC checking, the different NSEC proofs
|
||||
* for denial of existance, and proofs for presence of types.
|
||||
* for denial of existence, and proofs for presence of types.
|
||||
*/
|
||||
#include "config.h"
|
||||
#include "validator/val_nsec.h"
|
||||
@ -279,7 +279,7 @@ val_nsec_prove_nodata_dsreply(struct module_env* env, struct val_env* ve,
|
||||
return sec_status_insecure;
|
||||
}
|
||||
|
||||
/* NSEC proof did not conlusively point to DS or no DS */
|
||||
/* NSEC proof did not conclusively point to DS or no DS */
|
||||
return sec_status_unchecked;
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* validator/val_nsec.h - validator NSEC denial of existance functions.
|
||||
* validator/val_nsec.h - validator NSEC denial of existence functions.
|
||||
*
|
||||
* Copyright (c) 2007, NLnet Labs. All rights reserved.
|
||||
*
|
||||
@ -38,7 +38,7 @@
|
||||
*
|
||||
* This file contains helper functions for the validator module.
|
||||
* The functions help with NSEC checking, the different NSEC proofs
|
||||
* for denial of existance, and proofs for presence of types.
|
||||
* for denial of existence, and proofs for presence of types.
|
||||
*/
|
||||
|
||||
#ifndef VALIDATOR_VAL_NSEC_H
|
||||
@ -54,7 +54,7 @@ struct key_entry_key;
|
||||
/**
|
||||
* Check DS absence.
|
||||
* There is a NODATA reply to a DS that needs checking.
|
||||
* NSECs can prove this is not a delegation point, or sucessfully prove
|
||||
* NSECs can prove this is not a delegation point, or successfully prove
|
||||
* that there is no DS. Or this fails.
|
||||
*
|
||||
* @param env: module env for rrsig verification routines.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* validator/val_nsec3.c - validator NSEC3 denial of existance functions.
|
||||
* validator/val_nsec3.c - validator NSEC3 denial of existence functions.
|
||||
*
|
||||
* Copyright (c) 2007, NLnet Labs. All rights reserved.
|
||||
*
|
||||
@ -38,7 +38,7 @@
|
||||
*
|
||||
* This file contains helper functions for the validator module.
|
||||
* The functions help with NSEC3 checking, the different NSEC3 proofs
|
||||
* for denial of existance, and proofs for presence of types.
|
||||
* for denial of existence, and proofs for presence of types.
|
||||
*/
|
||||
#include "config.h"
|
||||
#include <ctype.h>
|
||||
@ -364,8 +364,8 @@ filter_next(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum)
|
||||
/**
|
||||
* Start iterating over NSEC3 records.
|
||||
* @param filter: the filter structure, must have been filter_init-ed.
|
||||
* @param rrsetnum: can be undefined on call, inited.
|
||||
* @param rrnum: can be undefined on call, inited.
|
||||
* @param rrsetnum: can be undefined on call, initialised.
|
||||
* @param rrnum: can be undefined on call, initialised.
|
||||
* @return first rrset of an NSEC3, together with rrnum this points to
|
||||
* the first RR to examine. Is NULL on empty list.
|
||||
*/
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* validator/val_nsec3.h - validator NSEC3 denial of existance functions.
|
||||
* validator/val_nsec3.h - validator NSEC3 denial of existence functions.
|
||||
*
|
||||
* Copyright (c) 2007, NLnet Labs. All rights reserved.
|
||||
*
|
||||
@ -38,7 +38,7 @@
|
||||
*
|
||||
* This file contains helper functions for the validator module.
|
||||
* The functions help with NSEC3 checking, the different NSEC3 proofs
|
||||
* for denial of existance, and proofs for presence of types.
|
||||
* for denial of existence, and proofs for presence of types.
|
||||
*
|
||||
* NSEC3
|
||||
* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
|
||||
@ -256,7 +256,7 @@ int nsec3_hash_cmp(const void* c1, const void* c2);
|
||||
* Used internally by the nsec3 proof functions in this file.
|
||||
* published to enable unit testing of hash algorithms and cache.
|
||||
*
|
||||
* @param table: the cache table. Must be inited at start.
|
||||
* @param table: the cache table. Must be initialised at start.
|
||||
* @param region: scratch region to use for allocation.
|
||||
* This region holds the tree, if you wipe the region, reinit the tree.
|
||||
* @param buf: temporary buffer.
|
||||
|
@ -391,7 +391,7 @@ int val_favorite_ds_algo(struct ub_packed_rrset_key* ds_rrset);
|
||||
* Find DS denial message in cache. Saves new qstate allocation and allows
|
||||
* the validator to use partial content which is not enough to construct a
|
||||
* message for network (or user) consumption. Without SOA for example,
|
||||
* which is a common occurence in the unbound code since the referrals contain
|
||||
* which is a common occurrence in the unbound code since the referrals contain
|
||||
* NSEC/NSEC3 rrs without the SOA element, thus do not allow synthesis of a
|
||||
* full negative reply, but do allow synthesis of sufficient proof.
|
||||
* @param env: query env with caches and time.
|
||||
|
@ -749,7 +749,7 @@ validate_nodata_response(struct module_env* env, struct val_env* ve,
|
||||
/* Since we are here, there must be nothing in the ANSWER section to
|
||||
* validate. */
|
||||
/* (Note: CNAME/DNAME responses will not directly get here --
|
||||
* instead, they are chased down into indiviual CNAME validations,
|
||||
* instead, they are chased down into individual CNAME validations,
|
||||
* and at the end of the cname chain a POSITIVE, or CNAME_NOANSWER
|
||||
* validation.) */
|
||||
|
||||
@ -1597,7 +1597,7 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
|
||||
target_key_name) != 0) {
|
||||
/* check if there is a cache entry : pick up an NSEC if
|
||||
* there is no DS, check if that NSEC has DS-bit unset, and
|
||||
* thus can disprove the secure delagation we seek.
|
||||
* thus can disprove the secure delegation we seek.
|
||||
* We can then use that NSEC even in the absence of a SOA
|
||||
* record that would be required by the iterator to supply
|
||||
* a completely protocol-correct response.
|
||||
@ -1829,7 +1829,7 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq,
|
||||
* @return true if there is no DLV.
|
||||
* false: processing is finished for the validator operate().
|
||||
* This function may exit in three ways:
|
||||
* o no DLV (agressive cache), so insecure. (true)
|
||||
* o no DLV (aggressive cache), so insecure. (true)
|
||||
* o error - stop processing (false)
|
||||
* o DLV lookup was started, stop processing (false)
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user