- Add trustanchor.unbound CH TXT that gets a response with a number

of TXT RRs with a string like "example.com. 2345 1234" with the trust anchors and their keytags. git-svn-id: file:///svn/unbound/trunk@4051 be551aaa-1e26-0410-a405-d3ace91eadb9
2024-09-21 06:37:08 +00:00 · 2017-03-16 09:17:58 +00:00 · 2017-03-16 09:17:58 +00:00 · 6c456aa15e
commit 6c456aa15e
parent bf1b3c1166
13 changed files with 2565 additions and 2265 deletions
--- a/daemon/worker.c
+++ b/daemon/worker.c
@ -69,10 +69,12 @@
 #include "iterator/iter_hints.h"
 #include "validator/autotrust.h"
 #include "validator/val_anchor.h"
 #include "validator/val_sigcrypt.h"
 #include "respip/respip.h"
 #include "libunbound/context.h"
 #include "libunbound/libworker.h"
 #include "sldns/sbuffer.h"
 #include "sldns/wire2str.h"
 #include "util/shm_side/shm_main.h"
 #ifdef HAVE_SYS_TYPES_H
@ -728,36 +730,41 @@ reply_and_prefetch(struct worker* worker, struct query_info* qinfo,
 * Fill CH class answer into buffer. Keeps query.
 * @param pkt: buffer
 * @param str: string to put into text record (<255).
 * 	array of strings, every string becomes a text record.
 * @param num: number of strings in array.
 * @param edns: edns reply information.
 * @param worker: worker with scratch region.
 */
 static void
-chaos_replystr(sldns_buffer* pkt, const char* str, struct edns_data* edns,
+chaos_replystr(sldns_buffer* pkt, char** str, int num, struct edns_data* edns,
 	struct worker* worker)
 {
-	size_t len = strlen(str);
+	int i;
 	unsigned int rd = LDNS_RD_WIRE(sldns_buffer_begin(pkt));
 	unsigned int cd = LDNS_CD_WIRE(sldns_buffer_begin(pkt));
 	if(len>255) len=255; /* cap size of TXT record */
 	sldns_buffer_clear(pkt);
 	sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip id */
 	sldns_buffer_write_u16(pkt, (uint16_t)(BIT_QR|BIT_RA));
 	if(rd) LDNS_RD_SET(sldns_buffer_begin(pkt));
 	if(cd) LDNS_CD_SET(sldns_buffer_begin(pkt));
 	sldns_buffer_write_u16(pkt, 1); /* qdcount */
-	sldns_buffer_write_u16(pkt, 1); /* ancount */
+	sldns_buffer_write_u16(pkt, (uint16_t)num); /* ancount */
 	sldns_buffer_write_u16(pkt, 0); /* nscount */
 	sldns_buffer_write_u16(pkt, 0); /* arcount */
 	(void)query_dname_len(pkt); /* skip qname */
 	sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qtype */
 	sldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qclass */
-	sldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */
+	for(i=0; i<num; i++) {
-	sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT);
+		size_t len = strlen(str[i]);
-	sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH);
+		if(len>255) len=255; /* cap size of TXT record */
-	sldns_buffer_write_u32(pkt, 0); /* TTL */
+		sldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */
-	sldns_buffer_write_u16(pkt, sizeof(uint8_t) + len);
+		sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT);
-	sldns_buffer_write_u8(pkt, len);
+		sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH);
-	sldns_buffer_write(pkt, str, len);
+		sldns_buffer_write_u32(pkt, 0); /* TTL */
 		sldns_buffer_write_u16(pkt, sizeof(uint8_t) + len);
 		sldns_buffer_write_u8(pkt, len);
 		sldns_buffer_write(pkt, str[i], len);
 	}
 	sldns_buffer_flip(pkt);
 	edns->edns_version = EDNS_ADVERTISED_VERSION;
 	edns->udp_size = EDNS_ADVERTISED_SIZE;
@ -768,6 +775,79 @@ chaos_replystr(sldns_buffer* pkt, const char* str, struct edns_data* edns,
 	attach_edns_record(pkt, edns);
 }
 /**
 * Create CH class trustanchor answer.
 * @param pkt: buffer
 * @param edns: edns reply information.
 * @param worker: worker with scratch region.
 */
 static void
 chaos_trustanchor(sldns_buffer* pkt, struct edns_data* edns, struct worker* w)
 {
 	int max_txt = 16;
 	int max_ids = 32;
 	char* str_array[16];
 	int num = 0;
 	struct trust_anchor* ta;
 	log_info("trustanchor.unbound CH TXT");
 	if(!w->env.need_to_validate) {
 		/* no validator module, reply no trustanchors */
 		chaos_replystr(pkt, NULL, 0, edns, w);
 	}
 	/* fill the string with contents */
 	lock_basic_lock(&w->env.anchors->lock);
 	RBTREE_FOR(ta, struct trust_anchor*, w->env.anchors->tree) {
 		int numid = 0;
 		char* str = (char*)regional_alloc(w->scratchpad, 255);
 		size_t str_len = 255;
 		if(!str || num == max_txt) continue;
 		lock_basic_lock(&ta->lock);
 		if(ta->numDS == 0 && ta->numDNSKEY == 0) {
 			/* empty, insecure point */
 			lock_basic_unlock(&ta->lock);
 			continue;
 		}
 		str_array[num] = str;
 		num++;
 		/* spool name of anchor */
 		(void)sldns_wire2str_dname_buf(ta->name, ta->namelen, str, str_len);
 		str_len -= strlen(str); str += strlen(str);
 		/* spool DS */
 		if(ta->numDS != 0 && ta->ds_rrset) {
 			struct packed_rrset_data* d=(struct packed_rrset_data*)
 				ta->ds_rrset->entry.data;
 			size_t i;
 			for(i=0; i<d->count; i++) {
 				uint16_t tag = ds_get_keytag(ta->ds_rrset, i);
 				if(numid++ > max_ids) continue;
 				snprintf(str, str_len, " %u", (unsigned)tag);
 				str_len -= strlen(str); str += strlen(str);
 			}
 		}
 		/* spool DNSKEY */
 		if(ta->numDNSKEY != 0 && ta->dnskey_rrset) {
 			struct packed_rrset_data* d=(struct packed_rrset_data*)
 				ta->dnskey_rrset->entry.data;
 			size_t i;
 			for(i=0; i<d->count; i++) {
 				uint16_t tag = dnskey_calc_keytag(ta->dnskey_rrset, i);
 				if(numid++ > max_ids) continue;
 				snprintf(str, str_len, " %u", (unsigned)tag);
 				str_len -= strlen(str); str += strlen(str);
 			}
 		}
 		log_info("insert string [%d] %s", num, str_array[num-1]);
 		lock_basic_unlock(&ta->lock);
 	}
 	lock_basic_unlock(&w->env.anchors->lock);
 	chaos_replystr(pkt, str_array, num, edns, w);
 	regional_free_all(w->scratchpad);
 }
 /**
 * Answer CH class queries.
 * @param w: worker
@ -794,13 +874,13 @@ answer_chaos(struct worker* w, struct query_info* qinfo,
 			char buf[MAXHOSTNAMELEN+1];
 			if (gethostname(buf, MAXHOSTNAMELEN) == 0) {
 				buf[MAXHOSTNAMELEN] = 0;
-				chaos_replystr(pkt, buf, edns, w);
+				chaos_replystr(pkt, (char**)&buf, 1, edns, w);
 			} else 	{
 				log_err("gethostname: %s", strerror(errno));
-				chaos_replystr(pkt, "no hostname", edns, w);
+				chaos_replystr(pkt, (char**)&"no hostname", 1, edns, w);
 			}
 		}
-		else 	chaos_replystr(pkt, cfg->identity, edns, w);
+		else 	chaos_replystr(pkt, &cfg->identity, 1, edns, w);
 		return 1;
 	}
 	if(query_dname_compare(qinfo->qname, 
@ -811,10 +891,19 @@ answer_chaos(struct worker* w, struct query_info* qinfo,
 		if(cfg->hide_version) 
 			return 0;
 		if(cfg->version==NULL || cfg->version[0]==0)
-			chaos_replystr(pkt, PACKAGE_STRING, edns, w);
+			chaos_replystr(pkt, (char**)&PACKAGE_STRING, 1, edns, w);
-		else 	chaos_replystr(pkt, cfg->version, edns, w);
+		else 	chaos_replystr(pkt, (char**)&cfg->version, 1, edns, w);
 		return 1;
 	}
 	if(query_dname_compare(qinfo->qname,
 		(uint8_t*)"\013trustanchor\007unbound") == 0)
 	{
 		if(cfg->hide_trustanchor)
 			return 0;
 		chaos_trustanchor(pkt, edns, w);
 		return 1;
 	}
 	return 0;
 }
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,9 @@
 16 March 2017: Wouter
 	- Fix that SHM is not inited if not enabled.
 	- Add trustanchor.unbound CH TXT that gets a response with a number
 	  of TXT RRs with a string like "example.com. 2345 1234" with
 	  the trust anchors and their keytags.
 13 March 2017: Wouter
 	- testbound understands Deckard MATCH rcode question answer commands.
 	- Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@ -316,6 +316,9 @@ server:
 	# enable to not answer version.server and version.bind queries.
 	# hide-version: no
 	# enable to not answer trustanchor.unbound queries.
 	# hide-trustanchor: no
 	# the identity to report. Leave "" or default to return hostname.
 	# identity: ""
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@ -596,6 +596,9 @@ If enabled version.server and version.bind queries are refused.
 Set the version to report. If set to "", the default, then the package
 version is returned.
 .TP
 .B hide\-trustanchor: \fI<yes or no>
 If enabled trustanchor.unbound queries are refused.
 .TP
 .B target\-fetch\-policy: \fI<"list of numbers">
 Set the target fetch policy used by unbound to determine if it should fetch
 nameserver target addresses opportunistically. The policy is described per
--- a/testdata/chaos_trustanchor.rpl
+++ b/testdata/chaos_trustanchor.rpl
@ -0,0 +1,145 @@
 ; config options
 ; The island of trust is at example.com
 server:
 	trust-anchor: "example.com.    3600    IN      DS      2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
 	hide-trustanchor: no
 	val-override-date: "20070916134226"
 	target-fetch-policy: "0 0 0 0 0"
 	fake-sha1: yes
 stub-zone:
 	name: "."
 	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
 CONFIG_END
 SCENARIO_BEGIN Test chaos trustanchor query
 ; K.ROOT-SERVERS.NET.
 RANGE_BEGIN 0 100
 	ADDRESS 193.0.14.129 
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
 REPLY QR NOERROR
 SECTION QUESTION
 . IN NS
 SECTION ANSWER
 . IN NS	K.ROOT-SERVERS.NET.
 SECTION ADDITIONAL
 K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
 ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
 REPLY QR NOERROR
 SECTION QUESTION
 www.example.com. IN A
 SECTION AUTHORITY
 com.	IN NS	a.gtld-servers.net.
 SECTION ADDITIONAL
 a.gtld-servers.net.	IN 	A	192.5.6.30
 ENTRY_END
 RANGE_END
 ; a.gtld-servers.net.
 RANGE_BEGIN 0 100
 	ADDRESS 192.5.6.30
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
 REPLY QR NOERROR
 SECTION QUESTION
 com. IN NS
 SECTION ANSWER
 com.    IN NS   a.gtld-servers.net.
 SECTION ADDITIONAL
 a.gtld-servers.net.     IN      A       192.5.6.30
 ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
 REPLY QR NOERROR
 SECTION QUESTION
 www.example.com. IN A
 SECTION AUTHORITY
 example.com.	IN NS	ns.example.com.
 SECTION ADDITIONAL
 ns.example.com.		IN 	A	1.2.3.4
 ENTRY_END
 RANGE_END
 ; ns.example.com.
 RANGE_BEGIN 0 100
 	ADDRESS 1.2.3.4
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
 REPLY QR NOERROR
 SECTION QUESTION
 example.com. IN NS
 SECTION ANSWER
 example.com.    IN NS   ns.example.com.
 example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
 SECTION ADDITIONAL
 ns.example.com.         IN      A       1.2.3.4
 ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
 ENTRY_END
 ; response to DNSKEY priming query
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
 REPLY QR NOERROR
 SECTION QUESTION
 example.com. IN DNSKEY
 SECTION ANSWER
 example.com.    3600    IN      DNSKEY  256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
 example.com.    3600    IN      RRSIG   DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
 SECTION AUTHORITY
 example.com.	IN NS	ns.example.com.
 example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
 SECTION ADDITIONAL
 ns.example.com.		IN 	A	1.2.3.4
 ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
 ENTRY_END
 ; response to query of interest
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
 REPLY QR NOERROR
 SECTION QUESTION
 www.example.com. IN A
 SECTION ANSWER
 www.example.com. IN A	10.20.30.40
 ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
 SECTION AUTHORITY
 example.com.	IN NS	ns.example.com.
 example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
 SECTION ADDITIONAL
 ns.example.com.		IN 	A	1.2.3.4
 www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
 ENTRY_END
 RANGE_END
 STEP 1 QUERY
 ENTRY_BEGIN
 REPLY RD DO
 SECTION QUESTION
 trustanchor.unbound. CH TXT
 ENTRY_END
 ; recursion happens here.
 STEP 10 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
 REPLY QR RD RA DO NOERROR
 SECTION QUESTION
 trustanchor.unbound. CH TXT
 SECTION ANSWER
 trustanchor.unbound. CH TXT "example.com. 2854"
 ENTRY_END
 SCENARIO_END
--- a/util/config_file.c
+++ b/util/config_file.c
@ -189,6 +189,7 @@ config_create(void)
 	cfg->unwanted_threshold = 0;
 	cfg->hide_identity = 0;
 	cfg->hide_version = 0;
 	cfg->hide_trustanchor = 0;
 	cfg->identity = NULL;
 	cfg->version = NULL;
 	cfg->auto_trust_anchor_file_list = NULL;
@ -437,6 +438,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	else S_STR("pidfile:", pidfile)
 	else S_YNO("hide-identity:", hide_identity)
 	else S_YNO("hide-version:", hide_version)
 	else S_YNO("hide-trustanchor:", hide_trustanchor)
 	else S_STR("identity:", identity)
 	else S_STR("version:", version)
 	else S_STRLIST("root-hints:", root_hints)
@ -759,6 +761,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_STR(opt, "pidfile", pidfile)
 	else O_YNO(opt, "hide-identity", hide_identity)
 	else O_YNO(opt, "hide-version", hide_version)
 	else O_YNO(opt, "hide-trustanchor", hide_trustanchor)
 	else O_STR(opt, "identity", identity)
 	else O_STR(opt, "version", version)
 	else O_STR(opt, "target-fetch-policy", target_fetch_policy)
--- a/util/config_file.h
+++ b/util/config_file.h
@ -238,6 +238,8 @@ struct config_file {
 	int hide_identity;
 	/** do not report version (version.server, version.bind) */
 	int hide_version;
 	/** do not report trustanchor (trustanchor.unbound) */
 	int hide_trustanchor;
 	/** identity, hostname is returned if "". */
 	char* identity;
 	/** version, package version returned if "". */
--- a/util/configlexer.c
+++ b/util/configlexer.c
--- a/util/configlexer.lex
+++ b/util/configlexer.lex
@ -302,6 +302,7 @@ do-not-query-localhost{COLON}	{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) }
 access-control{COLON}		{ YDVAR(2, VAR_ACCESS_CONTROL) }
 hide-identity{COLON}		{ YDVAR(1, VAR_HIDE_IDENTITY) }
 hide-version{COLON}		{ YDVAR(1, VAR_HIDE_VERSION) }
 hide-trustanchor{COLON}		{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) }
 identity{COLON}			{ YDVAR(1, VAR_IDENTITY) }
 version{COLON}			{ YDVAR(1, VAR_VERSION) }
 module-config{COLON}     	{ YDVAR(1, VAR_MODULE_CONF) }
--- a/util/configparser.c
+++ b/util/configparser.c
--- a/util/configparser.h
+++ b/util/configparser.h
@ -235,9 +235,10 @@ extern int yydebug;
    VAR_FAKE_DSA = 445,
    VAR_FAKE_SHA1 = 446,
    VAR_LOG_IDENTITY = 447,
-    VAR_USE_SYSTEMD = 448,
+    VAR_HIDE_TRUSTANCHOR = 448,
-    VAR_SHM_ENABLE = 449,
+    VAR_USE_SYSTEMD = 449,
-    VAR_SHM_KEY = 450
+    VAR_SHM_ENABLE = 450,
    VAR_SHM_KEY = 451
  };
 #endif
 /* Tokens.  */
@ -431,9 +432,10 @@ extern int yydebug;
 #define VAR_FAKE_DSA 445
 #define VAR_FAKE_SHA1 446
 #define VAR_LOG_IDENTITY 447
-#define VAR_USE_SYSTEMD 448
+#define VAR_HIDE_TRUSTANCHOR 448
-#define VAR_SHM_ENABLE 449
+#define VAR_USE_SYSTEMD 449
-#define VAR_SHM_KEY 450
+#define VAR_SHM_ENABLE 450
 #define VAR_SHM_KEY 451
 /* Value type.  */
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -444,7 +446,7 @@ union YYSTYPE
 	char*	str;
-#line 448 "util/configparser.h" /* yacc.c:1909  */
+#line 450 "util/configparser.h" /* yacc.c:1909  */
 };
 typedef union YYSTYPE YYSTYPE;
--- a/util/configparser.y
+++ b/util/configparser.y
@ -137,7 +137,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_LOCAL_ZONE_OVERRIDE VAR_ACCESS_CONTROL_TAG_ACTION
 %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
 %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1
-%token VAR_LOG_IDENTITY
+%token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR
 %token VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY
 %%
@ -218,7 +218,8 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_qname_minimisation_strict | server_serve_expired |
 	server_fake_dsa | server_log_identity | server_use_systemd |
 	server_response_ip_tag | server_response_ip | server_response_ip_data |
-	server_shm_enable | server_shm_key | server_fake_sha1
+	server_shm_enable | server_shm_key | server_fake_sha1 |
 	server_hide_trustanchor
 	;
 stubstart: VAR_STUB_ZONE
 	{
@ -726,6 +727,15 @@ server_hide_version: VAR_HIDE_VERSION STRING_ARG
 		free($2);
 	}
 	;
 server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG
 	{
 		OUTYY(("P(server_hide_trustanchor:%s)\n", $2));
 		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
 			yyerror("expected yes or no.");
 		else cfg_parser->cfg->hide_trustanchor = (strcmp($2, "yes")==0);
 		free($2);
 	}
 	;
 server_identity: VAR_IDENTITY STRING_ARG
 	{
 		OUTYY(("P(server_identity:%s)\n", $2));
--- a/util/shm_side/shm_main.c
+++ b/util/shm_side/shm_main.c
@ -89,6 +89,8 @@ int shm_main_init(struct daemon* daemon)
 	/* sanitize */
 	if(!daemon)
 		return 0;
 	if(!daemon->cfg->shm_enable)
 		return 1;
 	if(daemon->cfg->stat_interval == 0)
 		log_warn("shm-enable is yes but statistics-interval is 0");