Ralph Dolmans
31f81adadb
- Check for existence 'EVP_MAC_CTX_set_params' function (openssl >=
...
3.0.0-alpha5)
2020-08-10 17:29:06 +02:00
Ralph Dolmans
afd49e897f
Merge branch 'openssl-3.0' of https://github.com/ciz/unbound into ciz-openssl-3.0
2020-08-06 17:27:27 +02:00
W.C.A. Wijngaards
2fade6f970
Merge branch 'master' into dlv-removal
2020-08-06 14:20:42 +02:00
W.C.A. Wijngaards
4ec55910c4
dlv removal, free unused variable.
2020-08-06 08:14:14 +02:00
Ralph Dolmans
74ec8a758b
Merge pull request #272 from NLnetLabs/edns-client-tag
...
Add EDNS client tag functionality
2020-08-05 16:07:49 +02:00
Ralph Dolmans
70c8d09edd
- Process EDNS client tag review feedback
2020-08-05 15:56:45 +02:00
W.C.A. Wijngaards
c0c722cd97
DLV removal
2020-08-04 09:05:09 +02:00
W.C.A. Wijngaards
4770359384
Merge branch 'master' into stream-reuse
2020-08-04 08:45:15 +02:00
W.C.A. Wijngaards
6983189528
Merge branch 'master' into infra-keep-probing
2020-08-04 08:45:04 +02:00
W.C.A. Wijngaards
fc55345dcb
- Fix mini_event.h on OpenBSD cannot find fd_set.
2020-08-04 08:14:25 +02:00
Vitezslav Cizek
61100b6463
net_help: Rename EVP_MAC_set_ctx_params to EVP_MAC_CTX_set_params
...
This fixes build with OpenSSL 3.0.0 Alpha 5.
EVP_MAC_set_ctx_params got renamed back to EVP_MAC_CTX_set_params
in https://github.com/openssl/openssl/pull/12186
2020-07-31 14:48:44 +02:00
W.C.A. Wijngaards
2f9050dde8
Merge branch 'master' into stream-reuse
2020-07-31 09:11:35 +02:00
W.C.A. Wijngaards
1cfa21f23d
Merge branch 'master' into infra-keep-probing
2020-07-31 09:11:20 +02:00
W.C.A. Wijngaards
e855d5779a
- Fix doxygen comment for no ssl for tls session ticket key callback
...
routine.
2020-07-31 09:10:40 +02:00
Ralph Dolmans
2fe398f4bf
EDNS client tags - insert configured tags into tree
2020-07-24 16:00:13 +02:00
Ralph Dolmans
64806a0d14
Add edns-client-tag configuration option
2020-07-24 14:52:04 +02:00
Ralph Dolmans
16029281a8
Start of EDNS client tags implementation.
2020-07-23 17:17:44 +02:00
W.C.A. Wijngaards
8b43b94b22
Merge branch 'master' into stream-reuse
2020-07-22 09:53:57 +02:00
W.C.A. Wijngaards
63b92ea1e8
Merge branch 'master' into infra-keep-probing
2020-07-22 09:53:30 +02:00
W.C.A. Wijngaards
7d4445c03d
- Fix libnettle compile for session ticket key callback function
...
changes.
2020-07-17 16:53:52 +02:00
Ralph Dolmans
14a0433470
- Merge PR #234 - Ensure proper alignment of cmsg buffers by Jérémie
...
Courrèges-Anglas.
- Fix PR #234 log_assert sizeof to use union buffer.
2020-07-17 13:07:03 +02:00
Ralph Dolmans
7d364f1111
Merge branch 'align-cmsg-buffers' of https://github.com/jcourreges/unbound into jcourreges-align-cmsg-buffers
2020-07-17 13:01:44 +02:00
W.C.A. Wijngaards
3d1383bed3
Merge branch 'master' into infra-keep-probing
2020-07-16 16:00:06 +02:00
W.C.A. Wijngaards
ff5d0ce327
Merge branch 'master' into stream-reuse
2020-07-16 14:13:24 +02:00
George Thessalonikefs
833ab1aab3
Merge branch 'master' into include-toplevel
2020-07-16 12:53:29 +02:00
George Thessalonikefs
7f802b07ef
Merge branch 'master' into include-toplevel
2020-07-15 15:17:48 +02:00
Ralph Dolmans
d4bcfbe996
Merge branch 'master' into fstrm-bidi
2020-07-13 17:30:36 +02:00
Ralph Dolmans
9cebc13150
- Add option to send DNSTAP messages over bidirectional frame streams
2020-07-13 17:28:50 +02:00
W.C.A. Wijngaards
766005a356
stream reuse, in callbacks, removed whitespace.
2020-07-13 15:45:16 +02:00
W.C.A. Wijngaards
19a35fb839
stream reuse, write and read again if more data can go over the channel,
...
this amortizes the event loop mechanism for busy channels, for performance.
2020-07-13 15:16:59 +02:00
W.C.A. Wijngaards
9914b7216b
stream reuse, remove debug output
2020-07-10 16:06:17 +02:00
W.C.A. Wijngaards
7a69ff4182
fix that ssl_handle_it() uses tcp_is_reading in tcp_write_and_read mode.
...
fix that netevent tcp_write_and_read mode does not close due to error from
assert that not both write and read happen at the same time.
2020-07-10 15:37:30 +02:00
W.C.A. Wijngaards
e95edd3d36
debug prints in verbose output.
2020-07-09 13:41:50 +02:00
W.C.A. Wijngaards
ccc9e0749c
stream reuse toggle write and read to only read mode when write is done.
...
tcp callback from stream read without entry linked.
2020-07-09 13:41:03 +02:00
W.C.A. Wijngaards
80f21f48c5
Merge branch 'master' into stream-reuse
2020-07-09 08:55:19 +02:00
W.C.A. Wijngaards
abe7a01bf5
Merge branch 'master' into infra-keep-probing
2020-07-09 08:55:01 +02:00
W.C.A. Wijngaards
e99b5046eb
- Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL
...
3.0.0-alpha4.
- Longer keys for the test set, this avoids weak crypto errors.
2020-07-08 16:22:39 +02:00
W.C.A. Wijngaards
cfe009a31c
tcp read and write handling of write events in netevent for tcp and ssl.
2020-06-26 16:05:15 +02:00
W.C.A. Wijngaards
64c8d18814
in tcp write callback routine dont reset read byte count if write and read.
...
in tcp write callback and write and read and write is done perform callback.
tcp connection is selected to not toggle readwrite and give closed callback.
2020-06-26 10:54:13 +02:00
W.C.A. Wijngaards
39a50f30a3
tcp callback handle timeout event for read and reuse keepalive.
2020-06-25 14:26:29 +02:00
W.C.A. Wijngaards
5f5cdd3be1
comm point write and read structure members.
2020-06-25 13:06:21 +02:00
W.C.A. Wijngaards
75da272afe
reuse tcp id_cmp function. clear list and tree after delete. clear when
...
decommisioned. callbacks when closed for lru space, and when closed because
not kept open.
2020-06-24 16:28:42 +02:00
Ralph Dolmans
740da89578
Merge branch 'master' into doh
2020-06-24 14:18:47 +02:00
Ralph Dolmans
0fbfce4c99
- Add DoH tests
2020-06-24 14:04:34 +02:00
W.C.A. Wijngaards
dd096ccd22
Merge branch 'master' into stream-reuse
2020-06-24 13:39:13 +02:00
W.C.A. Wijngaards
445a066cbe
Merge branch 'master' into infra-keep-probing
2020-06-24 13:38:56 +02:00
W.C.A. Wijngaards
be1182c3db
- iana portlist updated.
2020-06-24 13:33:47 +02:00
W.C.A. Wijngaards
4fe2122890
Merge branch 'master' into infra-keep-probing
...
Remade yacc and lex files.
2020-06-24 13:21:14 +02:00
W.C.A. Wijngaards
658e5f1553
Merge branch 'master' into stream-reuse
2020-06-24 12:57:50 +02:00
W.C.A. Wijngaards
5203954068
- Fix display of event loop method with libev.
2020-06-17 14:32:57 +02:00
W.C.A. Wijngaards
a695ba447c
set timeout to wait for reuse
...
add comm_point indicator for write events for reuse stream writes.
2020-06-09 16:15:03 +02:00
W.C.A. Wijngaards
fd723aed27
tcp connection is stored and picked up for reuse
...
fix that comm_point_start_listening does not close the same fd that is started.
2020-06-03 17:24:26 +02:00
W.C.A. Wijngaards
a83f5d7260
Merge branch 'master' into stream-reuse
2020-05-20 15:39:50 +02:00
W.C.A. Wijngaards
ba0f382eee
- CVE-2020-12662 Unbound can be tricked into amplifying an incoming
...
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
used to make Unbound unresponsive.
2020-05-19 10:27:27 +02:00
W.C.A. Wijngaards
2c8ebe6206
- Fixed conflicts for PR #93 and make configure, yacc, lex.
2020-05-15 14:55:36 +02:00
W.C.A. Wijngaards
edcef18274
Merge branch 'master' of git://github.com/PMunch/unbound into PMunch-master
...
Fixed conflicts in Makefile.in and configparser.y
2020-05-15 14:52:53 +02:00
Ralph Dolmans
8fc2320b5c
- Add mem.http.query_buffer and mem.http.response_buffer stats
...
- Add configurable limits for http-query-buffer-size and
http-response-buffer-size
- Make http endpoint, max_streams, and TCP_NODELAY for HTTP sockets
configurable.
2020-05-12 18:12:19 +02:00
Jeremie Courreges-Anglas
8175161059
Ensure proper alignment of cmsg buffers
...
The cmsg macros expect a control message buffer to be aligned like
a struct cmsghdr. The current layout around those stack-allocated
buffers probably provides the required alignment (usually 4 bytes).
Use a union to enforce proper alignment, in case future changes modify
the stack layout.
Spotted when chasing an unrelated bug with Otto Moerbeek (@omoerbeek).
2020-05-10 17:23:33 +02:00
Ralph Dolmans
e7601870cc
Merge branch 'master' into doh
2020-05-07 17:12:26 +02:00
Ralph Dolmans
8dae5d9f81
- Add DNS-over-HTTPS support
2020-05-07 16:36:26 +02:00
George Thessalonikefs
1bd4dbf302
- New include directive 'include-toplevel:'. It closes the previous
...
clause (if any) and requires that all included files explicitly
start a clause.
2020-04-29 11:23:12 +02:00
W.C.A. Wijngaards
055f5e68a3
Add infra-keep-probing: yes option. Hosts that are down are probed more
...
frequently.
2020-04-22 16:29:06 +02:00
George Thessalonikefs
226d66ca92
- Change default value for 'rrset-roundrobin' to yes.
2020-04-21 12:58:48 +02:00
George Thessalonikefs
e430e95d30
- Add SNI support on more TLS connections ( fixes #193 ).
...
- Add SNI support to unbound-anchor.
2020-04-16 14:39:05 +02:00
George Thessalonikefs
a601fd6d3c
Merge branch 'Talkabout-redis-expire-records'
2020-04-01 17:24:07 +02:00
George Thessalonikefs
557a309f9d
- Changes for PR #206 (formatting and remade lex and yacc output).
2020-04-01 17:14:58 +02:00
Talkabout
c25eb2c4c8
implemented review feedback
...
renamed option from 'redis-set-ttl' to 'redis-expire-records'
2020-03-31 23:10:45 +02:00
Talkabout
b130a8b459
added option 'redis-set-ttl' to define whether ttl should be added to redis records
...
added check for redis command 'setex' when initializing redis connection
updated documentation
minor improvements to previous changes
2020-03-31 12:47:13 +02:00
Willem Toorop
af0bd5b0b4
Send tcp_req_info->spool_buffer as dnstap CLIENT_RESPONSE
...
When tcp_req_info exists. This fixes that dnstap CLIENT_RESPONSE messages did not contain the response message when answering on statful transport for uncached responses.
2020-03-30 12:19:17 +02:00
Willem Toorop
9d9eee8402
Fix uncached CLIENT_RESPONSE'es on stateful transports
...
Because repinfo->c->buffer does not contain the response when the it did not came from cache.
Only after tcp_req_info_send_reply is called, is the response on the buffer which is used to fill the dnstap protobuf's.
2020-03-30 11:39:07 +02:00
W.C.A. Wijngaards
7459b1dceb
- Fixes for #200 : example.conf note and set_value for ip-dscp.
2020-03-24 09:36:27 +01:00
W.C.A. Wijngaards
311f163aed
Changelog for #200 and bison, flex regenerate.
...
- Merge PR #200 from yarikk: add ip-dscp option to specify the DSCP
tag for outgoing packets.
2020-03-24 09:25:05 +01:00
Yaroslav K
c0118410a2
add ip-dscp configuration option for setting IP DiffServ codepoint (DSCP, previously TOS) on sockets
2020-03-23 19:37:43 +00:00
Florian Obser
bdd245ff7d
Make log_ident_revert_to_default() a proper prototype.
...
Pointed out by clang with -Wstrict-prototypes.
2020-03-20 11:44:38 +01:00
Ralph Dolmans
4504dd3737
- Log warning when using outgoing-port-permit and outgoing-port-avoid
...
while explicit port randomisation is disabled.
2020-03-19 17:34:46 +01:00
Ralph Dolmans
2c03028fa3
- Fix #158 : open tls-session-ticket-keys as binary, for Windows. By Daisuke
...
HIGASHI.
2020-03-19 14:00:33 +01:00
Jeffrey Walton
6ab0db6e25
Fix NetBSD compile (GH #189 )
2020-03-11 03:35:28 -04:00
W.C.A. Wijngaards
614ed2717b
Merge branch 'master' into framestreams
...
Fixed bison and flex conflicts by regenerating the files.
2020-02-28 14:31:24 +01:00
W.C.A. Wijngaards
e13dfc743d
For incoming ssl context with verifypem != NULL, we can set
...
SSL_VERIFY_FAIL_IF_NO_PEER_CERT that can reject client
connections without peer cert during the handshake, which is nicer
than just a connection drop to the client (when we then check
for no peer certificate afterwards).
2020-02-28 11:10:12 +01:00
W.C.A. Wijngaards
b63032b4dd
dnstap io, fixup fptr_wlist for unbound_dnstap_socket tool.
2020-02-28 08:55:10 +01:00
W.C.A. Wijngaards
5b61afd38c
Return 0 when ssl authentication is not available
2020-02-28 08:11:11 +01:00
W.C.A. Wijngaards
398e260145
Fixup ssl authentication not available with check for it.
2020-02-27 16:57:24 +01:00
W.C.A. Wijngaards
f03245c362
Document log check functions.
2020-02-27 16:28:36 +01:00
W.C.A. Wijngaards
f469049198
- iana portlist updated.
2020-02-26 14:32:14 +01:00
W.C.A. Wijngaards
6a51e9e037
Add dnstap io callbacks to fptr whitelist event.
2020-02-26 12:14:52 +01:00
W.C.A. Wijngaards
318d4e91cc
- Fix #165 : Add prefer-ip4: yesno config option to prefer ipv4 for
...
using ipv4 filters, because the hosts ip6 netblock /64 is not owned
by one operator, and thus reputation is shared.
2020-02-25 09:55:59 +01:00
W.C.A. Wijngaards
184f26355a
Fix ifdef of X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, and
...
Merge branch 'master' into framestreams
2020-02-18 08:33:58 +01:00
W.C.A. Wijngaards
465af58457
dnstap io, fix to compile without ssl.
2020-02-14 13:23:58 +01:00
W.C.A. Wijngaards
6d1b4e050d
dnstap io, dnstap tls default is yes, and man page documentation.
2020-02-14 10:01:37 +01:00
W.C.A. Wijngaards
00700bbe13
dnstap io, config entries parse and lex.
2020-02-14 09:40:37 +01:00
W.C.A. Wijngaards
78e6060858
dnstap io, example.conf example, config_file entries for tcp and tls.
2020-02-14 09:03:09 +01:00
W.C.A. Wijngaards
25a88d6d54
dnstap io, check peer verification in dtstream dtio_ssl_handshake.
2020-02-12 15:23:58 +01:00
W.C.A. Wijngaards
6c14c7520b
Merge branch 'master' into stream-reuse
2020-02-12 11:58:17 +01:00
W.C.A. Wijngaards
e5e72eb398
Merge branch 'master' into framestreams
2020-02-12 11:58:01 +01:00
W.C.A. Wijngaards
2916cfb3b0
- Fix with libnettle make test with dsa disabled.
2020-02-12 11:15:24 +01:00
George Thessalonikefs
da2bda6f4d
- Clean debug comments.
2020-02-10 15:54:41 +01:00
George Thessalonikefs
adda4f6ace
- Fix use after free on log-identity after a reload; Fixes #163 .
2020-02-10 13:56:22 +01:00
W.C.A. Wijngaards
ad180402ea
dnstap io, set tls auth name in outgoing ssl
2020-02-05 16:17:21 +01:00
W.C.A. Wijngaards
58fdcf06e8
Merge branch 'master' into framestreams
2020-02-05 14:25:47 +01:00
gthess
f7fe95ad7b
Serve stale ( #159 )
...
- Added serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107 .
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
2020-02-05 14:20:27 +01:00