diff options
299 files changed, 46811 insertions, 8292 deletions
diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc index 8cbe08e31b12..a6df35f70b1b 100644 --- a/ObsoleteFiles.inc +++ b/ObsoleteFiles.inc @@ -626,6 +626,16 @@ OLD_FILES+=usr/include/pcap/export-defs.h OLD_FILES+=usr/share/dtrace/watch_execve OLD_FILES+=usr/share/dtrace/watch_kill OLD_FILES+=usr/share/dtrace/watch_vop_remove +# 20180512: Rename Unbound tools +OLD_FILES+=usr/sbin/unbound +OLD_FILES+=usr/sbin/unbound-anchor +OLD_FILES+=usr/sbin/unbound-checkconf +OLD_FILES+=usr/sbin/unbound-control +OLD_FILES+=usr/share/man/man5/unbound.conf.5.gz +OLD_FILES+=usr/share/man/man8/unbound-anchor.8.gz +OLD_FILES+=usr/share/man/man8/unbound-checkconf.8.gz +OLD_FILES+=usr/share/man/man8/unbound-control.8.gz +OLD_FILES+=usr/share/man/man8/unbound.8.gz # 20180331: new clang import which bumps version from 5.0.1 to 6.0.0. OLD_FILES+=usr/lib/clang/5.0.1/include/sanitizer/allocator_interface.h OLD_FILES+=usr/lib/clang/5.0.1/include/sanitizer/asan_interface.h diff --git a/contrib/ldns/freebsd-configure.sh b/contrib/ldns/freebsd-configure.sh index 3ad644664196..4e141140fa5d 100755 --- a/contrib/ldns/freebsd-configure.sh +++ b/contrib/ldns/freebsd-configure.sh @@ -5,15 +5,26 @@ set -e +error() { + echo "$@" >&2 + exit 1 +} + ldns=$(dirname $(realpath $0)) cd $ldns -libtoolize --copy -autoheader -autoconf +# Run autotools before we drop LOCALBASE out of PATH +(cd $ldns && libtoolize --copy && autoheader && autoconf) +(cd $ldns/drill && aclocal && autoheader && autoconf) + +# Ensure we use the correct toolchain and clean our environment +export CC=$(echo ".include <bsd.lib.mk>" | make -f /dev/stdin -VCC) +export CPP=$(echo ".include <bsd.lib.mk>" | make -f /dev/stdin -VCPP) +unset CFLAGS CPPFLAGS LDFLAGS LD_LIBRARY_PATH LIBS +export PATH=/bin:/sbin:/usr/bin:/usr/sbin + +cd $ldns ./configure --prefix= --exec-prefix=/usr cd $ldns/drill -autoheader -autoconf ./configure --prefix= --exec-prefix=/usr diff --git a/contrib/unbound/.gitattributes b/contrib/unbound/.gitattributes new file mode 100644 index 000000000000..6414a0ab5302 --- /dev/null +++ b/contrib/unbound/.gitattributes @@ -0,0 +1 @@ +testdata/*.[0-9] linguist-documentation diff --git a/contrib/unbound/.travis.yml b/contrib/unbound/.travis.yml new file mode 100644 index 000000000000..45a7cb153501 --- /dev/null +++ b/contrib/unbound/.travis.yml @@ -0,0 +1,16 @@ +sudo: false +language: c +compiler: + - gcc +addons: + apt: + packages: + - libssl-dev + - libevent-dev + - libexpat-dev + - clang +script: + - ./configure --enable-debug --disable-flto + - make + - make test + - (cd testdata/clang-analysis.tdir; bash clang-analysis.test) diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in index 77e38eaa5142..1a2e2c548169 100644 --- a/contrib/unbound/Makefile.in +++ b/contrib/unbound/Makefile.in @@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c CHECKLOCK_OBJ=@CHECKLOCK_OBJ@ DNSTAP_SRC=@DNSTAP_SRC@ DNSTAP_OBJ=@DNSTAP_OBJ@ +DNSCRYPT_SRC=@DNSCRYPT_SRC@ +DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ WITH_PYUNBOUND=@WITH_PYUNBOUND@ PY_MAJOR_VERSION=@PY_MAJOR_VERSION@ @@ -55,7 +57,7 @@ STRIP=@STRIP@ CC=@CC@ CPPFLAGS=-I. @CPPFLAGS@ PYTHON_CPPFLAGS=-I. @PYTHON_CPPFLAGS@ -CFLAGS=@CFLAGS@ +CFLAGS=-DSRCDIR=$(srcdir) @CFLAGS@ LDFLAGS=@LDFLAGS@ LIBS=@LIBS@ LIBOBJS=@LIBOBJS@ @@ -81,7 +83,7 @@ LINTFLAGS+=@NETBSD_LINTFLAGS@ # compat with OpenBSD LINTFLAGS+="-Dsigset_t=long" # FreeBSD -LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=int" "-D__va_list=va_list" "-D__uint32_t=uint32_t" +LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=int" "-D__va_list=va_list" "-D__uint32_t=uint32_t" "-D_Alignof(x)=x" "-D__aligned(x)=" "-D__requires_exclusive(x)=" "-D__requires_unlocked(x)=" "-D__locks_exclusive(x)=" "-D__trylocks_exclusive(x)=" "-D__unlocks(x)=" "-D__locks_shared(x)=" "-D__trylocks_shared(x)=" INSTALL=$(SHELL) $(srcdir)/install-sh @@ -95,36 +97,49 @@ PYTHONMOD_HEADER=@PYTHONMOD_HEADER@ PYUNBOUND_SRC= # libunbound_wrap.lo if python libunbound wrapper enabled. PYUNBOUND_OBJ=@PYUNBOUND_OBJ@ +SUBNET_SRC=edns-subnet/edns-subnet.c edns-subnet/subnetmod.c edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c +SUBNET_OBJ=@SUBNET_OBJ@ +SUBNET_HEADER=@SUBNET_HEADER@ +IPSECMOD_SRC=ipsecmod/ipsecmod.c ipsecmod/ipsecmod-whitelist.c +IPSECMOD_OBJ=@IPSECMOD_OBJ@ +IPSECMOD_HEADER=@IPSECMOD_HEADER@ COMMON_SRC=services/cache/dns.c services/cache/infra.c services/cache/rrset.c \ util/as112.c util/data/dname.c util/data/msgencode.c util/data/msgparse.c \ util/data/msgreply.c util/data/packed_rrset.c iterator/iterator.c \ iterator/iter_delegpt.c iterator/iter_donotq.c iterator/iter_fwd.c \ iterator/iter_hints.c iterator/iter_priv.c iterator/iter_resptype.c \ iterator/iter_scrub.c iterator/iter_utils.c services/listen_dnsport.c \ -services/localzone.c services/mesh.c services/modstack.c \ +services/localzone.c services/mesh.c services/modstack.c services/view.c \ services/outbound_list.c services/outside_network.c util/alloc.c \ util/config_file.c util/configlexer.c util/configparser.c \ +util/shm_side/shm_main.c services/authzone.c \ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \ util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \ -util/rtt.c util/storage/dnstree.c util/storage/lookup3.c \ -util/storage/lruhash.c util/storage/slabhash.c util/timehist.c util/tube.c \ +util/rtt.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \ +util/storage/lruhash.c util/storage/slabhash.c util/tcp_conn_limit.c \ +util/timehist.c util/tube.c \ util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \ validator/autotrust.c validator/val_anchor.c validator/validator.c \ validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \ validator/val_nsec3.c validator/val_nsec.c validator/val_secalgo.c \ -validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c cachedb/cachedb.c $(CHECKLOCK_SRC) \ -$(DNSTAP_SRC) +validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ +edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ +edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ +cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ +$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ -iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo \ +iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo view.lo \ outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \ -fptr_wlist.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \ +fptr_wlist.lo edns.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \ random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \ -slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \ +slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \ +autotrust.lo val_anchor.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ -val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo \ -$(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) +val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ +$(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ +$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo @@ -133,7 +148,7 @@ COMMON_OBJ_ALL_SYMBOLS=@COMMON_OBJ_ALL_SYMBOLS@ COMPAT_SRC=compat/ctime_r.c compat/fake-rfc2553.c compat/gmtime_r.c \ compat/inet_aton.c compat/inet_ntop.c compat/inet_pton.c compat/malloc.c \ compat/memcmp.c compat/memmove.c compat/snprintf.c compat/strlcat.c \ -compat/strlcpy.c compat/strptime.c compat/getentropy_linux.c \ +compat/strlcpy.c compat/strptime.c compat/getentropy_freebsd.c compat/getentropy_linux.c \ compat/getentropy_osx.c compat/getentropy_solaris.c compat/getentropy_win.c \ compat/explicit_bzero.c compat/arc4random.c compat/arc4random_uniform.c \ compat/arc4_lock.c compat/sha512.c compat/reallocarray.c compat/isblank.c \ @@ -145,18 +160,21 @@ SLDNS_SRC=sldns/keyraw.c sldns/sbuffer.c sldns/wire2str.c sldns/parse.c \ sldns/parseutil.c sldns/rrdef.c sldns/str2wire.c SLDNS_OBJ=keyraw.lo sbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \ str2wire.lo +SLDNS_ALLOCCHECK_EXTRA_OBJ=@SLDNS_ALLOCCHECK_EXTRA_OBJ@ UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \ testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \ testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \ -testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c +testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \ +testcode/unitecs.c testcode/unitauth.c UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \ unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \ -readhex.lo testpkts.lo unitldns.lo +readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \ $(COMPAT_OBJ) DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \ daemon/remote.c daemon/stats.c daemon/unbound.c daemon/worker.c @WIN_DAEMON_SRC@ -DAEMON_OBJ=acl_list.lo cachedump.lo daemon.lo remote.lo stats.lo unbound.lo \ +DAEMON_OBJ=acl_list.lo cachedump.lo daemon.lo \ +shm_main.lo remote.lo stats.lo unbound.lo \ worker.lo @WIN_DAEMON_OBJ@ DAEMON_OBJ_LINK=$(DAEMON_OBJ) $(COMMON_OBJ_ALL_SYMBOLS) $(SLDNS_OBJ) \ $(COMPAT_OBJ) @WIN_DAEMON_OBJ_LINK@ @@ -170,17 +188,18 @@ CONTROL_OBJ_LINK=$(CONTROL_OBJ) worker_cb.lo $(COMMON_OBJ_ALL_SYMBOLS) \ $(SLDNS_OBJ) $(COMPAT_OBJ) @WIN_CONTROL_OBJ_LINK@ HOST_SRC=smallapp/unbound-host.c HOST_OBJ=unbound-host.lo -HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) @WIN_HOST_OBJ_LINK@ +HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) $(SLDNS_ALLOCCHECK_EXTRA_OBJ) @WIN_HOST_OBJ_LINK@ UBANCHOR_SRC=smallapp/unbound-anchor.c UBANCHOR_OBJ=unbound-anchor.lo UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) parseutil.lo \ -$(COMPAT_OBJ_WITHOUT_CTIME) @WIN_UBANCHOR_OBJ_LINK@ +$(COMPAT_OBJ_WITHOUT_CTIME) $(SLDNS_ALLOCCHECK_EXTRA_OBJ) @WIN_UBANCHOR_OBJ_LINK@ TESTBOUND_SRC=testcode/testbound.c testcode/testpkts.c \ -daemon/worker.c daemon/acl_list.c daemon/daemon.c daemon/stats.c \ +daemon/worker.c daemon/acl_list.c \ +daemon/daemon.c daemon/stats.c \ testcode/replay.c testcode/fake_event.c TESTBOUND_OBJ=testbound.lo replay.lo fake_event.lo TESTBOUND_OBJ_LINK=$(TESTBOUND_OBJ) testpkts.lo worker.lo acl_list.lo \ -daemon.lo stats.lo $(COMMON_OBJ_WITHOUT_NETCALL) ub_event.lo $(SLDNS_OBJ) \ +daemon.lo stats.lo shm_main.lo $(COMMON_OBJ_WITHOUT_NETCALL) ub_event.lo $(SLDNS_OBJ) \ $(COMPAT_OBJ) LOCKVERIFY_SRC=testcode/lock_verify.c LOCKVERIFY_OBJ=lock_verify.lo @@ -199,7 +218,7 @@ MEMSTATS_OBJ_LINK=$(MEMSTATS_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ $(SLDNS_OBJ) ASYNCLOOK_SRC=testcode/asynclook.c ASYNCLOOK_OBJ=asynclook.lo -ASYNCLOOK_OBJ_LINK=$(ASYNCLOOK_OBJ) log.lo locks.lo $(COMPAT_OBJ) +ASYNCLOOK_OBJ_LINK=$(ASYNCLOOK_OBJ) log.lo locks.lo $(COMPAT_OBJ) @ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ@ STREAMTCP_SRC=testcode/streamtcp.c STREAMTCP_OBJ=streamtcp.lo STREAMTCP_OBJ_LINK=$(STREAMTCP_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ @@ -211,6 +230,8 @@ DELAYER_SRC=testcode/delayer.c DELAYER_OBJ=delayer.lo DELAYER_OBJ_LINK=$(DELAYER_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ $(SLDNS_OBJ) +IPSET_SRC=@IPSET_SRC@ +IPSET_OBJ=@IPSET_OBJ@ LIBUNBOUND_SRC=libunbound/context.c libunbound/libunbound.c \ libunbound/libworker.c LIBUNBOUND_OBJ=context.lo libunbound.lo libworker.lo ub_event_pluggable.lo @@ -238,8 +259,9 @@ ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \ $(MEMSTATS_SRC) $(CHECKCONF_SRC) $(LIBUNBOUND_SRC) $(HOST_SRC) \ $(ASYNCLOOK_SRC) $(STREAMTCP_SRC) $(PERF_SRC) $(DELAYER_SRC) \ $(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) \ - $(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC)\ + $(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \ $(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) + ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ $(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \ $(MEMSTATS_OBJ) $(CHECKCONF_OBJ) $(LIBUNBOUND_OBJ) $(HOST_OBJ) \ @@ -250,7 +272,7 @@ ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -LINK_LIB=$(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(staticexe) -version-info @LIBUNBOUND_CURRENT@:@LIBUNBOUND_REVISION@:@LIBUNBOUND_AGE@ -no-undefined +LINK_LIB=$(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -version-info @LIBUNBOUND_CURRENT@:@LIBUNBOUND_REVISION@:@LIBUNBOUND_AGE@ -no-undefined .PHONY: clean realclean doc lint all install uninstall tests test strip lib longtest longcheck check alltargets @@ -292,10 +314,11 @@ longcheck: longtest test: unittest$(EXEEXT) testbound$(EXEEXT) ./unittest$(EXEEXT) ./testbound$(EXEEXT) -s - for x in testdata/*.rpl; do echo -n "$$x "; if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then echo OK; else echo failed; exit 1; fi done + for x in $(srcdir)/testdata/*.rpl; do echo -n "$$x "; if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then echo OK; else echo failed; exit 1; fi done @echo test OK longtest: tests + if test ! $(srcdir)/testdata -ef ./testdata; then rm -rf testcode testdata; mkdir testcode testdata; cp -R $(srcdir)/testdata/*.sh $(srcdir)/testdata/*.tdir $(srcdir)/testdata/*.rpl $(srcdir)/testdata/*.crpl testdata; cp $(srcdir)/testcode/*.sh testcode; if test ! -d util; then mkdir util; fi; cp $(srcdir)/util/iana_ports.inc util; fi if test -x "`which bash`"; then bash testcode/do-tests.sh; else sh testcode/do-tests.sh; fi lib: libunbound.la unbound.h @@ -313,7 +336,7 @@ unbound-control$(EXEEXT): $(CONTROL_OBJ_LINK) libunbound.la $(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) unbound-host$(EXEEXT): $(HOST_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(LIBS) + $(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS) unbound-anchor$(EXEEXT): $(UBANCHOR_OBJ_LINK) libunbound.la $(LINK) -o $@ $(UBANCHOR_OBJ_LINK) -L. -L.libs -lunbound -lexpat $(SSLLIB) $(LIBS) @@ -346,7 +369,7 @@ memstats$(EXEEXT): $(MEMSTATS_OBJ_LINK) $(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS) asynclook$(EXEEXT): $(ASYNCLOOK_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) $(LIBS) -L. -L.libs -lunbound + $(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS) streamtcp$(EXEEXT): $(STREAMTCP_OBJ_LINK) $(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS) @@ -375,10 +398,17 @@ dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h dnstap/dnstap_config.h \ dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto @-if test ! -d dnstap; then $(INSTALL) -d dnstap; fi - $(PROTOC_C) --c_out=. $(srcdir)/dnstap/dnstap.proto + $(PROTOC_C) --c_out=. --proto_path=$(srcdir) $(srcdir)/dnstap/dnstap.proto dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h +# dnscrypt +dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ + dnscrypt/dnscrypt_config.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ + $(srcdir)/util/netevent.h + # Python Module pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ @@ -404,7 +434,7 @@ libunbound/python/libunbound_wrap.c: $(srcdir)/libunbound/python/libunbound.i un # Pyunbound python unbound wrapper _unbound.la: libunbound_wrap.lo libunbound.la - $(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@ libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) L. -L.libs -lunbound + $(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@ libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) -L. -L.libs -lunbound util/config_file.c: util/configparser.h util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h @@ -426,14 +456,19 @@ clean: rm -f _unbound.la libunbound/python/libunbound_wrap.c libunbound/python/unbound.py pythonmod/interface.h pythonmod/unboundmodule.py rm -rf autom4te.cache .libs build doc/html doc/xml -realclean: clean - rm -f config.status config.log config.h.in config.h - rm -f configure config.sub config.guess ltmain.sh aclocal.m4 libtool - rm -f util/configlexer.c util/configparser.c util/configparser.h - rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5 +distclean: clean + rm -f config.status config.log config.h + rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5 doc/unbound-host.1 + rm -f smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service rm -f $(TEST_BIN) rm -f Makefile +maintainer-clean: distclean + rm -f util/configlexer.c util/configparser.c util/configparser.h + +realclean: maintainer-clean + rm -f configure config.h.in config.sub config.guess ltmain.sh aclocal.m4 libtool + .SUFFIXES: .lint .c.lint: $(LINT) $(LINTFLAGS) -I. -I$(srcdir) $< @@ -456,9 +491,9 @@ doc: if test -n "$(doxygen)"; then \ $(doxygen) $(srcdir)/doc/unbound.doxygen; fi if test "$(WITH_PYUNBOUND)" = "yes" -o "$(WITH_PYTHONMODULE)" = "yes"; \ - then if test -x "`which sphinx-build 2>&1`"; then \ - sphinx-build -b html pythonmod/doc doc/html/pythonmod; \ - sphinx-build -b html libunbound/python/doc doc/html/pyunbound;\ + then if test -x "`which sphinx-build-$(PY_MAJOR_VERSION) 2>&1`"; then \ + sphinx-build-$(PY_MAJOR_VERSION) -b html pythonmod/doc doc/html/pythonmod; \ + sphinx-build-$(PY_MAJOR_VERSION) -b html libunbound/python/doc doc/html/pyunbound;\ fi ;\ fi @@ -511,6 +546,8 @@ install-all: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL) $(UNBOUND_EVENT_INSTA $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man8 $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man5 $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man1 + $(INSTALL) -m 755 -d $(DESTDIR)$(libdir)/pkgconfig + $(INSTALL) -m 644 contrib/libunbound.pc $(DESTDIR)$(libdir)/pkgconfig $(LIBTOOL) --mode=install cp -f unbound$(EXEEXT) $(DESTDIR)$(sbindir)/unbound$(EXEEXT) $(LIBTOOL) --mode=install cp -f unbound-checkconf$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-checkconf$(EXEEXT) $(LIBTOOL) --mode=install cp -f unbound-control$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control$(EXEEXT) @@ -564,7 +601,7 @@ iana_update: DEPEND_TMP=depend1073.tmp DEPEND_TMP2=depend1074.tmp DEPEND_TARGET=Makefile -DEPEND_TARGET2=Makefile.in +DEPEND_TARGET2=$(srcdir)/Makefile.in # actions: generate deplines from gcc, # then, filter out home/xx, /usr/xx and /opt/xx lines (some cc already do this) # then, remove empty " \" lines @@ -572,7 +609,8 @@ DEPEND_TARGET2=Makefile.in # then, remove srcdir from the (generated) parser and lexer. # and mention the .lo depend: - (cd $(srcdir) ; $(CC) $(DEPFLAG) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ $(ALL_SRC) $(COMPAT_SRC)) | \ + (BUILDDIR=$$PWD; cd $(srcdir) ; $(CC) $(DEPFLAG) $(CPPFLAGS) $(CFLAGS) -I$$BUILDDIR @PTHREAD_CFLAGS_ONLY@ $(ALL_SRC) $(COMPAT_SRC)) | \ + sed -e 's?'$$PWD'/config.h?config.h?g' | \ sed -e 's!'$$HOME'[^ ]* !!g' -e 's!'$$HOME'[^ ]*$$!!g' \ -e 's!/usr[^ ]* !!g' -e 's!/usr[^ ]*$$!!g' \ -e 's!/opt[^ ]* !!g' -e 's!/opt[^ ]*$$!!g' | \ @@ -584,7 +622,12 @@ depend: -e 's?$$(srcdir)/util/configparser.c?util/configparser.c?g' \ -e 's?$$(srcdir)/util/configparser.h?util/configparser.h?g' \ -e 's?$$(srcdir)/dnstap/dnstap_config.h??g' \ + -e 's?$$(srcdir)/dnstap/dnstap.pb-c.c?dnstap/dnstap.pb-c.c?g' \ + -e 's?$$(srcdir)/dnstap/dnstap.pb-c.h?dnstap/dnstap.pb-c.h?g' \ + -e 's?$$(srcdir)/dnscrypt/dnscrypt_config.h??g' \ -e 's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \ + -e 's?$$(srcdir)/edns-subnet/subnetmod.h $$(srcdir)/edns-subnet/subnet-whitelist.h $$(srcdir)/edns-subnet/edns-subnet.h $$(srcdir)/edns-subnet/addrtree.h?$$(SUBNET_HEADER)?g' \ + -e 's?$$(srcdir)/ipsecmod/ipsecmod.h $$(srcdir)/ipsecmod/ipsecmod-whitelist.h?$$(IPSECMOD_HEADER)?g' \ -e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \ > $(DEPEND_TMP) cp $(DEPEND_TARGET) $(DEPEND_TMP2) @@ -601,22 +644,25 @@ depend: # Dependencies dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ - $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/val_nsec.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h + $(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ @@ -625,7 +671,8 @@ msgencode.lo msgencode.o: $(srcdir)/util/data/msgencode.c config.h $(srcdir)/uti $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/sbuffer.h + $(srcdir)/sldns/sbuffer.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/services/view.h msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ @@ -633,9 +680,12 @@ msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/d $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/module.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \ @@ -648,10 +698,12 @@ iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterato $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \ $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/config_file.h $(srcdir)/util/random.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/config_file.h $(srcdir)/util/random.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \ $(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \ @@ -692,152 +744,229 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_hints.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/dns.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ + $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/str2wire.h listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ $(srcdir)/util/as112.h mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/util/edns.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/util/data/dname.h $(srcdir)/respip/respip.h \ + $(srcdir)/services/listen_dnsport.h modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h $(PYTHONMOD_HEADER) $(srcdir)/cachedb/cachedb.h + $(srcdir)/validator/val_utils.h $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/ipset/ipset.h +view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/netevent.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/dnstap/dnstap.h \ + alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/util/iana_ports.inc + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h +shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h +authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/random.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_secalgo.h fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \ - $(PYTHONMOD_HEADER) $(srcdir)/cachedb/cachedb.h + $(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \ + $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \ + $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \ + $(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h \ + $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h -mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h +mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h -netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/util/ub_event.h \ - $(srcdir)/util/log.h $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/dnstap/dnstap.h + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h +netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/tcp_conn_limit.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/services/listen_dnsport.h \ + net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ + random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h -rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h +rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h +edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/regional.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/net_help.h lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/storage/lookup3.h lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h +tcp_conn_limit.lo tcp_conn_limit.o: $(srcdir)/util/tcp_conn_limit.c config.h $(srcdir)/util/regional.h \ + $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/tcp_conn_limit.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h \ $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/tube.h \ + ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ - $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h \ + winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h + $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/modstack.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \ + val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/as112.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/as112.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/sldns/str2wire.h validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/validator/validator.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ @@ -845,10 +974,11 @@ validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/val $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_kcache.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_nsec.h \ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h \ - $(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ - $(srcdir)/sldns/wire2str.h + $(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/modstack.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ @@ -857,10 +987,12 @@ val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/ val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h -val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ + +val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \ + $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ + $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h @@ -873,45 +1005,84 @@ val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/val $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/validator/val_nsec.h $(srcdir)/sldns/sbuffer.h val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/validator/val_nsec.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \ $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/sbuffer.h + $(srcdir)/sldns/sbuffer.h \ + val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_secalgo.h \ + $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ + val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_kentry.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \ $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h + $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/sldns/parseutil.h dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h -cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h $(srcdir)/validator/val_neg.h \ - $(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h $(srcdir)/iterator/iter_utils.h \ - $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h +edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h +subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h +addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h +subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h +cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h +redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h +respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/respip/respip.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h +dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/locks.h $(srcdir)/dnstap/dnstap.h \ + dnstap/dnstap.pb-c.h +dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h \ + +dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/storage/lookup3.h +ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h +ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \ + $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \ + $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h +ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h @@ -920,11 +1091,16 @@ unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h -unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ +unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/random.h + $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/libunbound/unbound.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/random.h $(srcdir)/respip/respip.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/view.h unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ @@ -941,10 +1117,10 @@ unitslabhash.lo unitslabhash.o: $(srcdir)/testcode/unitslabhash.c config.h $(src $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h unitverify.lo unitverify.o: $(srcdir)/testcode/unitverify.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/validator/val_secalgo.h \ - $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h \ - $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h \ + $(srcdir)/util/rbtree.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ $(srcdir)/testcode/testpkts.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h \ $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/keyraw.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h @@ -955,43 +1131,62 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h +unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h +unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/services/modstack.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/locks.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h -cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ - $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h +cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \ + $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \ - $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h -remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \ +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h \ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/random.h \ + $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h +remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \ + $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ @@ -999,102 +1194,124 @@ remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \ $(srcdir)/sldns/wire2str.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/authzone.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h \ + unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/ub_event.h + $(srcdir)/daemon/remote.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/libworker.h + $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h \ + $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ - $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c \ - $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h + $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/daemon/remote.h \ + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \ + $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/libworker.h + $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h \ + $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/locks.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \ - $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/random.h \ + $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/authzone.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h \ + replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h + $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \ + $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/rrdef.h fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ @@ -1103,7 +1320,8 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h @@ -1114,7 +1332,8 @@ pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h @@ -1125,20 +1344,27 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \ - $(srcdir)/sldns/sbuffer.h $(PYTHONMOD_HEADER) + $(srcdir)/services/view.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h + $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/mesh.h $(srcdir)/sldns/sbuffer.h libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ @@ -1146,58 +1372,71 @@ libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbou $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \ $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/sldns/sbuffer.h -libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \ +libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \ + $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/authzone.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/config_file.h \ $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \ + asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/sldns/rrdef.h + $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \ + streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ + perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h -unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h +unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \ + $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h -petal.lo petal.o: $(srcdir)/testcode/petal.c config.h + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ + +petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \ + pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \ - + $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/util/regional.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h + $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ $(srcdir)/winrc/w_inst.h @@ -1205,11 +1444,14 @@ unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-serv $(srcdir)/winrc/w_inst.h anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h -keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h +keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/rrdef.h \ + sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/keyraw.h + $(srcdir)/sldns/keyraw.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \ $(srcdir)/sldns/sbuffer.h parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h @@ -1229,9 +1471,12 @@ snprintf.lo snprintf.o: $(srcdir)/compat/snprintf.c config.h strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h -getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h -getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h -getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h +getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c +getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \ + +getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c +getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \ + getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h diff --git a/contrib/unbound/README.md b/contrib/unbound/README.md new file mode 100644 index 000000000000..ee6e4f4885a8 --- /dev/null +++ b/contrib/unbound/README.md @@ -0,0 +1,38 @@ +# Unbound + +[](https://travis-ci.org/NLnetLabs/unbound) +[](https://repology.org/project/unbound/versions) +[](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound) + +Unbound is a validating, recursive, caching DNS resolver. It is designed to be +fast and lean and incorporates modern features based on open standards. If you +have any feedback, we would love to hear from you. Don’t hesitate to +[create an issue on Github](https://github.com/NLnetLabs/unbound/issues/new) +or post a message on the [Unbound mailing list](https://nlnetlabs.nl/mailman/listinfo/unbound-users). +You can lean more about Unbound by reading our +[documentation](https://nlnetlabs.nl/documentation/unbound/). + +## Compiling + +Make sure you have the C toolchain, OpenSSL and its include files, and libexpat +installed. Unbound can be compiled and installed using: + +``` +./configure && make && make install +``` + +You can use libevent if you want. libevent is useful when using many (10000) +outgoing ports. By default max 256 ports are opened at the same time and the +builtin alternative is equally capable and a little faster. + +Use the `--with-libevent=dir` configure option to compile Unbound with libevent +support. + +## Unbound configuration + +All of Unbound's configuration options are described in the man pages, which +will be installed and are available on the Unbound +[documentation page](https://nlnetlabs.nl/documentation/unbound/). + +An example configuration file is located in +[doc/example.conf](https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in). diff --git a/contrib/unbound/ac_pkg_swig.m4 b/contrib/unbound/ac_pkg_swig.m4 index 738f69d45eac..87f99fb2fe98 100644 --- a/contrib/unbound/ac_pkg_swig.m4 +++ b/contrib/unbound/ac_pkg_swig.m4 @@ -103,9 +103,20 @@ AC_DEFUN([AC_PROG_SWIG],[ if test -z "$available_patch" ; then [available_patch=0] fi - if test $available_major -ne $required_major \ - -o $available_minor -ne $required_minor \ - -o $available_patch -lt $required_patch ; then + [badversion=0] + if test $available_major -lt $required_major ; then + [badversion=1] + fi + if test $available_major -eq $required_major \ + -a $available_minor -lt $required_minor ; then + [badversion=1] + fi + if test $available_major -eq $required_major \ + -a $available_minor -eq $required_minor \ + -a $available_patch -lt $required_patch ; then + [badversion=1] + fi + if test $badversion -eq 1 ; then AC_MSG_WARN([SWIG version >= $1 is required. You have $swig_version. You should look at http://www.swig.org]) SWIG='echo "Error: SWIG version >= $1 is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' else diff --git a/contrib/unbound/aclocal.m4 b/contrib/unbound/aclocal.m4 index ea5d6e9f8684..181e25817a7e 100644 --- a/contrib/unbound/aclocal.m4 +++ b/contrib/unbound/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.15 -*- Autoconf -*- +# generated automatically by aclocal 1.15.1 -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -736,7 +736,6 @@ _LT_CONFIG_SAVE_COMMANDS([ cat <<_LT_EOF >> "$cfgfile" #! $SHELL # Generated automatically by $as_me ($PACKAGE) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # Provide generalized library-building support services. @@ -2873,9 +2872,6 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) # before this can be enabled. hardcode_into_libs=yes - # Add ABI-specific directories to the system library path. - sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" - # Ideally, we could use ldconfig to report *all* directores which are # searched for libraries, however this is still not possible. Aside from not # being certain /sbin/ldconfig is available, command @@ -2884,7 +2880,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -2896,6 +2892,18 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) dynamic_linker='GNU/Linux ld.so' ;; +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + netbsd*) version_type=sunos need_lib_prefix=no @@ -3555,7 +3563,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; -netbsd*) +netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else @@ -4433,7 +4441,7 @@ m4_if([$1], [CXX], [ ;; esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise @@ -4945,6 +4953,9 @@ m4_if([$1], [CXX], [ ;; esac ;; + linux* | k*bsd*-gnu | gnu*) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; @@ -5007,6 +5018,9 @@ dnl Note also adjust exclude_expsyms for C++ above. openbsd* | bitrig*) with_gnu_ld=no ;; + linux* | k*bsd*-gnu | gnu*) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes @@ -5261,7 +5275,7 @@ _LT_EOF fi ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= @@ -5782,6 +5796,7 @@ _LT_EOF if test yes = "$lt_cv_irix_exported_symbol"; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + _LT_TAGVAR(link_all_deplibs, $1)=no else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' @@ -5803,7 +5818,7 @@ _LT_EOF esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else @@ -9044,3 +9059,329 @@ m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) +dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +dnl serial 11 (pkg-config-0.29.1) +dnl +dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>. +dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com> +dnl +dnl This program is free software; you can redistribute it and/or modify +dnl it under the terms of the GNU General Public License as published by +dnl the Free Software Foundation; either version 2 of the License, or +dnl (at your option) any later version. +dnl +dnl This program is distributed in the hope that it will be useful, but +dnl WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl General Public License for more details. +dnl +dnl You should have received a copy of the GNU General Public License +dnl along with this program; if not, write to the Free Software +dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +dnl 02111-1307, USA. +dnl +dnl As a special exception to the GNU General Public License, if you +dnl distribute this file as part of a program that contains a +dnl configuration script generated by Autoconf, you may include it under +dnl the same distribution terms that you use for the rest of that +dnl program. + +dnl PKG_PREREQ(MIN-VERSION) +dnl ----------------------- +dnl Since: 0.29 +dnl +dnl Verify that the version of the pkg-config macros are at least +dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's +dnl installed version of pkg-config, this checks the developer's version +dnl of pkg.m4 when generating configure. +dnl +dnl To ensure that this macro is defined, also add: +dnl m4_ifndef([PKG_PREREQ], +dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) +dnl +dnl See the "Since" comment for each macro you use to see what version +dnl of the macros you require. +m4_defun([PKG_PREREQ], +[m4_define([PKG_MACROS_VERSION], [0.29.1]) +m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, + [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) +])dnl PKG_PREREQ + +dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) +dnl ---------------------------------- +dnl Since: 0.16 +dnl +dnl Search for the pkg-config tool and set the PKG_CONFIG variable to +dnl first found in the path. Checks that the version of pkg-config found +dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is +dnl used since that's the first version where most current features of +dnl pkg-config existed. +AC_DEFUN([PKG_PROG_PKG_CONFIG], +[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) +m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) +m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) +AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) +AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) +AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=m4_default([$1], [0.9.0]) + AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + PKG_CONFIG="" + fi +fi[]dnl +])dnl PKG_PROG_PKG_CONFIG + +dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------------------------------- +dnl Since: 0.18 +dnl +dnl Check to see whether a particular set of modules exists. Similar to +dnl PKG_CHECK_MODULES(), but does not set variables or print errors. +dnl +dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +dnl only at the first occurence in configure.ac, so if the first place +dnl it's called might be skipped (such as if it is within an "if", you +dnl have to call PKG_CHECK_EXISTS manually +AC_DEFUN([PKG_CHECK_EXISTS], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +if test -n "$PKG_CONFIG" && \ + AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then + m4_default([$2], [:]) +m4_ifvaln([$3], [else + $3])dnl +fi]) + +dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) +dnl --------------------------------------------- +dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting +dnl pkg_failed based on the result. +m4_define([_PKG_CONFIG], +[if test -n "$$1"; then + pkg_cv_[]$1="$$1" + elif test -n "$PKG_CONFIG"; then + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes ], + [pkg_failed=yes]) + else + pkg_failed=untried +fi[]dnl +])dnl _PKG_CONFIG + +dnl _PKG_SHORT_ERRORS_SUPPORTED +dnl --------------------------- +dnl Internal check to see if pkg-config supports short errors. +AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi[]dnl +])dnl _PKG_SHORT_ERRORS_SUPPORTED + + +dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl -------------------------------------------------------------- +dnl Since: 0.4.0 +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES might not happen, you should be sure to include an +dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac +AC_DEFUN([PKG_CHECK_MODULES], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl +AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl + +pkg_failed=no +AC_MSG_CHECKING([for $1]) + +_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) +_PKG_CONFIG([$1][_LIBS], [libs], [$2]) + +m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS +and $1[]_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details.]) + +if test $pkg_failed = yes; then + AC_MSG_RESULT([no]) + _PKG_SHORT_ERRORS_SUPPORTED + if test $_pkg_short_errors_supported = yes; then + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` + else + $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD + + m4_default([$4], [AC_MSG_ERROR( +[Package requirements ($2) were not met: + +$$1_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +_PKG_TEXT])[]dnl + ]) +elif test $pkg_failed = untried; then + AC_MSG_RESULT([no]) + m4_default([$4], [AC_MSG_FAILURE( +[The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +_PKG_TEXT + +To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl + ]) +else + $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS + $1[]_LIBS=$pkg_cv_[]$1[]_LIBS + AC_MSG_RESULT([yes]) + $3 +fi[]dnl +])dnl PKG_CHECK_MODULES + + +dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl --------------------------------------------------------------------- +dnl Since: 0.29 +dnl +dnl Checks for existence of MODULES and gathers its build flags with +dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags +dnl and VARIABLE-PREFIX_LIBS from --libs. +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to +dnl include an explicit call to PKG_PROG_PKG_CONFIG in your +dnl configure.ac. +AC_DEFUN([PKG_CHECK_MODULES_STATIC], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +_save_PKG_CONFIG=$PKG_CONFIG +PKG_CONFIG="$PKG_CONFIG --static" +PKG_CHECK_MODULES($@) +PKG_CONFIG=$_save_PKG_CONFIG[]dnl +])dnl PKG_CHECK_MODULES_STATIC + + +dnl PKG_INSTALLDIR([DIRECTORY]) +dnl ------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable pkgconfigdir as the location where a module +dnl should install pkg-config .pc files. By default the directory is +dnl $libdir/pkgconfig, but the default can be changed by passing +dnl DIRECTORY. The user can override through the --with-pkgconfigdir +dnl parameter. +AC_DEFUN([PKG_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([pkgconfigdir], + [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, + [with_pkgconfigdir=]pkg_default) +AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_INSTALLDIR + + +dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) +dnl -------------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable noarch_pkgconfigdir as the location where a +dnl module should install arch-independent pkg-config .pc files. By +dnl default the directory is $datadir/pkgconfig, but the default can be +dnl changed by passing DIRECTORY. The user can override through the +dnl --with-noarch-pkgconfigdir parameter. +AC_DEFUN([PKG_NOARCH_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([noarch-pkgconfigdir], + [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, + [with_noarch_pkgconfigdir=]pkg_default) +AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_NOARCH_INSTALLDIR + + +dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, +dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------- +dnl Since: 0.28 +dnl +dnl Retrieves the value of the pkg-config variable for the given module. +AC_DEFUN([PKG_CHECK_VAR], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl + +_PKG_CONFIG([$1], [variable="][$3]["], [$2]) +AS_VAR_COPY([$1], [pkg_cv_][$1]) + +AS_VAR_IF([$1], [""], [$5], [$4])dnl +])dnl PKG_CHECK_VAR + +# AM_CONDITIONAL -*- Autoconf -*- + +# Copyright (C) 1997-2017 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_CONDITIONAL(NAME, SHELL-CONDITION) +# ------------------------------------- +# Define a conditional. +AC_DEFUN([AM_CONDITIONAL], +[AC_PREREQ([2.52])dnl + m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +AC_SUBST([$1_TRUE])dnl +AC_SUBST([$1_FALSE])dnl +_AM_SUBST_NOTMAKE([$1_TRUE])dnl +_AM_SUBST_NOTMAKE([$1_FALSE])dnl +m4_define([_AM_COND_VALUE_$1], [$2])dnl +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi +AC_CONFIG_COMMANDS_PRE( +[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then + AC_MSG_ERROR([[conditional "$1" was never defined. +Usually this means the macro was only invoked conditionally.]]) +fi])]) + +# Copyright (C) 2006-2017 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_SUBST_NOTMAKE(VARIABLE) +# --------------------------- +# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. +# This macro is traced by Automake. +AC_DEFUN([_AM_SUBST_NOTMAKE]) + +# AM_SUBST_NOTMAKE(VARIABLE) +# -------------------------- +# Public sister of _AM_SUBST_NOTMAKE. +AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) + diff --git a/contrib/unbound/acx_nlnetlabs.m4 b/contrib/unbound/acx_nlnetlabs.m4 index a6c174f1c421..8eccc15b0d80 100644 --- a/contrib/unbound/acx_nlnetlabs.m4 +++ b/contrib/unbound/acx_nlnetlabs.m4 @@ -688,8 +688,8 @@ AC_DEFUN([ACX_SSL_CHECKS], [ # check if -lwsock32 or -lgdi32 are needed. BAKLIBS="$LIBS" BAKSSLLIBS="$LIBSSL_LIBS" - LIBS="$LIBS -lgdi32" - LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32" + LIBS="$LIBS -lgdi32 -lws2_32" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32" AC_MSG_CHECKING([if -lcrypto needs -lgdi32]) AC_TRY_LINK([], [ int HMAC_Update(void); @@ -839,7 +839,11 @@ dnl see if on windows if test "$ac_cv_header_windows_h" = "yes"; then AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used]) USE_WINSOCK="1" - LIBS="$LIBS -lws2_32" + if echo $LIBS | grep 'lws2_32' >/dev/null; then + : + else + LIBS="$LIBS -lws2_32" + fi fi ], dnl no quick getaddrinfo, try mingw32 and winsock2 library. diff --git a/contrib/unbound/acx_python.m4 b/contrib/unbound/acx_python.m4 index 4e83d7764bcd..2940971f1a4e 100644 --- a/contrib/unbound/acx_python.m4 +++ b/contrib/unbound/acx_python.m4 @@ -22,8 +22,7 @@ AC_DEFUN([AC_PYTHON_DEVEL],[ # Check if you have distutils, else fail # AC_MSG_CHECKING([for the distutils Python package]) - ac_distutils_result=`$PYTHON -c "import distutils" 2>&1` - if test -z "$ac_distutils_result"; then + if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) diff --git a/contrib/unbound/cachedb/cachedb.c b/contrib/unbound/cachedb/cachedb.c index 76d9afa47c8f..d5cd8dc553b8 100644 --- a/contrib/unbound/cachedb/cachedb.c +++ b/contrib/unbound/cachedb/cachedb.c @@ -43,6 +43,7 @@ #include "config.h" #ifdef USE_CACHEDB #include "cachedb/cachedb.h" +#include "cachedb/redis.h" #include "util/regional.h" #include "util/net_help.h" #include "util/config_file.h" @@ -56,11 +57,39 @@ #include "sldns/wire2str.h" #include "sldns/sbuffer.h" -#define CACHEDB_HASHSIZE 256 /* bit hash */ +/* header file for htobe64 */ +#ifdef HAVE_ENDIAN_H +# include <endian.h> +#endif +#ifdef HAVE_SYS_ENDIAN_H +# include <sys/endian.h> +#endif +#ifdef HAVE_LIBKERN_OSBYTEORDER_H +/* In practice this is specific to MacOS X. We assume it doesn't have +* htobe64/be64toh but has alternatives with a different name. */ +# include <libkern/OSByteOrder.h> +# define htobe64(x) OSSwapHostToBigInt64(x) +# define be64toh(x) OSSwapBigToHostInt64(x) +#endif + +/* Some compilers do not define __BYTE_ORDER__, like IBM XLC on AIX */ +#ifndef be64toh +#if defined(__sun) || defined(_AIX) +# if __BIG_ENDIAN__ +# define be64toh(n) (n) +# define htobe64(n) (n) +# else +# define be64toh(n) (((uint64_t)htonl((n) & 0xFFFFFFFF) << 32) | htonl((n) >> 32)) +# define htobe64(n) (((uint64_t)htonl((n) & 0xFFFFFFFF) << 32) | htonl((n) >> 32)) +# endif +#endif +#endif /* be64toh */ /** the unit test testframe for cachedb, its module state contains * a cache for a couple queries (in memory). */ struct testframe_moddata { + /** lock for mutex */ + lock_basic_type lock; /** key for single stored data element, NULL if none */ char* stored_key; /** data for single stored data element, NULL if none */ @@ -72,14 +101,18 @@ struct testframe_moddata { static int testframe_init(struct module_env* env, struct cachedb_env* cachedb_env) { + struct testframe_moddata* d; (void)env; verbose(VERB_ALGO, "testframe_init"); - cachedb_env->backend_data = (void*)calloc(1, + d = (struct testframe_moddata*)calloc(1, sizeof(struct testframe_moddata)); + cachedb_env->backend_data = (void*)d; if(!cachedb_env->backend_data) { log_err("out of memory"); return 0; } + lock_basic_init(&d->lock); + lock_protect(&d->lock, d, sizeof(*d)); return 1; } @@ -92,6 +125,7 @@ testframe_deinit(struct module_env* env, struct cachedb_env* cachedb_env) verbose(VERB_ALGO, "testframe_deinit"); if(!d) return; + lock_basic_destroy(&d->lock); free(d->stored_key); free(d->stored_data); free(d); @@ -105,17 +139,22 @@ testframe_lookup(struct module_env* env, struct cachedb_env* cachedb_env, cachedb_env->backend_data; (void)env; verbose(VERB_ALGO, "testframe_lookup of %s", key); + lock_basic_lock(&d->lock); if(d->stored_key && strcmp(d->stored_key, key) == 0) { - if(d->stored_datalen > sldns_buffer_capacity(result_buffer)) + if(d->stored_datalen > sldns_buffer_capacity(result_buffer)) { + lock_basic_unlock(&d->lock); return 0; /* too large */ + } verbose(VERB_ALGO, "testframe_lookup found %d bytes", (int)d->stored_datalen); sldns_buffer_clear(result_buffer); sldns_buffer_write(result_buffer, d->stored_data, d->stored_datalen); sldns_buffer_flip(result_buffer); + lock_basic_unlock(&d->lock); return 1; } + lock_basic_unlock(&d->lock); return 0; } @@ -126,6 +165,7 @@ testframe_store(struct module_env* env, struct cachedb_env* cachedb_env, struct testframe_moddata* d = (struct testframe_moddata*) cachedb_env->backend_data; (void)env; + lock_basic_lock(&d->lock); verbose(VERB_ALGO, "testframe_store %s (%d bytes)", key, (int)data_len); /* free old data element (if any) */ @@ -137,6 +177,7 @@ testframe_store(struct module_env* env, struct cachedb_env* cachedb_env, d->stored_data = memdup(data, data_len); if(!d->stored_data) { + lock_basic_unlock(&d->lock); log_err("out of memory"); return; } @@ -146,8 +187,10 @@ testframe_store(struct module_env* env, struct cachedb_env* cachedb_env, free(d->stored_data); d->stored_data = NULL; d->stored_datalen = 0; + lock_basic_unlock(&d->lock); return; } + lock_basic_unlock(&d->lock); /* (key,data) successfully stored */ } @@ -160,6 +203,10 @@ static struct cachedb_backend testframe_backend = { "testframe", static struct cachedb_backend* cachedb_find_backend(const char* str) { +#ifdef USE_REDIS + if(strcmp(str, redis_backend.name) == 0) + return &redis_backend; +#endif if(strcmp(str, testframe_backend.name) == 0) return &testframe_backend; /* TODO add more backends here */ @@ -170,15 +217,17 @@ cachedb_find_backend(const char* str) static int cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg) { - const char* backend_str = "testframe"; /* TODO get from cfg */ - if(backend_str && backend_str[0]) { - cachedb_env->backend = cachedb_find_backend(backend_str); - if(!cachedb_env->backend) { - log_err("cachedb: cannot find backend name '%s", - backend_str); - return NULL; - } + const char* backend_str = cfg->cachedb_backend; + + /* If unspecified we use the in-memory test DB. */ + if(!backend_str) + backend_str = "testframe"; + cachedb_env->backend = cachedb_find_backend(backend_str); + if(!cachedb_env->backend) { + log_err("cachedb: cannot find backend name '%s'", backend_str); + return 0; } + /* TODO see if more configuration needs to be applied or not */ return 1; } @@ -195,6 +244,8 @@ cachedb_init(struct module_env* env, int id) env->modinfo[id] = (void*)cachedb_env; if(!cachedb_apply_cfg(cachedb_env, env->cfg)) { log_err("cachedb: could not apply configuration settings."); + free(cachedb_env); + env->modinfo[id] = NULL; return 0; } /* see if a backend is selected */ @@ -203,6 +254,8 @@ cachedb_init(struct module_env* env, int id) if(!(*cachedb_env->backend->init)(env, cachedb_env)) { log_err("cachedb: could not init %s backend", cachedb_env->backend->name); + free(cachedb_env); + env->modinfo[id] = NULL; return 0; } cachedb_env->enabled = 1; @@ -276,9 +329,10 @@ calc_hash(struct module_qstate* qstate, char* buf, size_t len) size_t clen = 0; uint8_t hash[CACHEDB_HASHSIZE/8]; const char* hex = "0123456789ABCDEF"; - const char* secret = "default"; /* TODO: from qstate->env->cfg */ + const char* secret = qstate->env->cfg->cachedb_secret ? + qstate->env->cfg->cachedb_secret : "default"; size_t i; - + /* copy the hash info into the clear buffer */ if(clen + qstate->qinfo.qname_len < sizeof(clear)) { memmove(clear+clen, qstate->qinfo.qname, @@ -299,7 +353,11 @@ calc_hash(struct module_qstate* qstate, char* buf, size_t len) /* hash the buffer */ secalgo_hash_sha256(clear, clen, hash); +#ifdef HAVE_EXPLICIT_BZERO + explicit_bzero(clear, clen); +#else memset(clear, 0, clen); +#endif /* hex encode output for portability (some online dbs need * no nulls, no control characters, and so on) */ @@ -328,6 +386,13 @@ prep_data(struct module_qstate* qstate, struct sldns_buffer* buf) if(!qstate->return_msg || !qstate->return_msg->rep) return 0; + /* We don't store the reply if its TTL is 0 unless serve-expired is + * enabled. Such a reply won't be reusable and simply be a waste for + * the backend. It's also compatible with the default behavior of + * dns_cache_store_msg(). */ + if(qstate->return_msg->rep->ttl == 0 && + !qstate->env->cfg->serve_expired) + return 0; if(verbosity >= VERB_ALGO) log_dns_msg("cachedb encoding", &qstate->return_msg->qinfo, qstate->return_msg->rep); @@ -368,12 +433,48 @@ good_expiry_and_qinfo(struct module_qstate* qstate, struct sldns_buffer* buf) &expiry, sizeof(expiry)); expiry = be64toh(expiry); - if((time_t)expiry < *qstate->env->now) + if((time_t)expiry < *qstate->env->now && + !qstate->env->cfg->serve_expired) return 0; return 1; } +/* Adjust the TTL of the given RRset by 'subtract'. If 'subtract' is + * negative, set the TTL to 0. */ +static void +packed_rrset_ttl_subtract(struct packed_rrset_data* data, time_t subtract) +{ + size_t i; + size_t total = data->count + data->rrsig_count; + if(subtract >= 0 && data->ttl > subtract) + data->ttl -= subtract; + else data->ttl = 0; + for(i=0; i<total; i++) { + if(subtract >= 0 && data->rr_ttl[i] > subtract) + data->rr_ttl[i] -= subtract; + else data->rr_ttl[i] = 0; + } +} + +/* Adjust the TTL of a DNS message and its RRs by 'adjust'. If 'adjust' is + * negative, set the TTLs to 0. */ +static void +adjust_msg_ttl(struct dns_msg* msg, time_t adjust) +{ + size_t i; + if(adjust >= 0 && msg->rep->ttl > adjust) + msg->rep->ttl -= adjust; + else msg->rep->ttl = 0; + msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); + msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL; + + for(i=0; i<msg->rep->rrset_count; i++) { + packed_rrset_ttl_subtract((struct packed_rrset_data*)msg-> + rep->rrsets[i]->entry.data, adjust); + } +} + /** convert dns message in buffer to return_msg */ static int parse_data(struct module_qstate* qstate, struct sldns_buffer* buf) @@ -420,24 +521,34 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf) qstate->return_rcode = LDNS_RCODE_NOERROR; /* see how much of the TTL expired, and remove it */ + if(*qstate->env->now <= (time_t)timestamp) { + verbose(VERB_ALGO, "cachedb msg adjust by zero"); + return 1; /* message from the future (clock skew?) */ + } adjust = *qstate->env->now - (time_t)timestamp; + if(qstate->return_msg->rep->ttl < adjust) { + verbose(VERB_ALGO, "cachedb msg expired"); + /* If serve-expired is enabled, we still use an expired message + * setting the TTL to 0. */ + if(qstate->env->cfg->serve_expired) + adjust = -1; + else + return 0; /* message expired */ + } verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust); - /*adjust_msg(qstate->return_msg, adjust);*/ - /* TODO: - msg->rep->ttl = r->ttl - adjust; - msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); - for(i=0; i<d->count + d->rrsig_count; i++) { - if(d->rr_ttl[i] < adjust) - d->rr_ttl[i] = 0; - else d->rr_ttl[i] -= adjust; - } - if(d->ttl < adjust) - d->ttl = 0; - else d->ttl -= adjust; - */ - /* TODO */ + adjust_msg_ttl(qstate->return_msg, adjust); + + /* Similar to the unbound worker, if serve-expired is enabled and + * the msg would be considered to be expired, mark the state so a + * refetch will be scheduled. The comparison between 'expiry' and + * 'now' should be redundant given how these values were calculated, + * but we check it just in case as does good_expiry_and_qinfo(). */ + if(qstate->env->cfg->serve_expired && + (adjust == -1 || (time_t)expiry < *qstate->env->now)) { + qstate->need_refetch = 1; + } - return 0; + return 1; } /** @@ -497,14 +608,18 @@ cachedb_intcache_lookup(struct module_qstate* qstate) msg = dns_cache_lookup(qstate->env, qstate->qinfo.qname, qstate->qinfo.qname_len, qstate->qinfo.qtype, qstate->qinfo.qclass, qstate->query_flags, - qstate->region, qstate->env->scratch); - if(!msg && qstate->env->neg_cache) { + qstate->region, qstate->env->scratch, + 1 /* no partial messages with only a CNAME */ + ); + if(!msg && qstate->env->neg_cache && + iter_qname_indicates_dnssec(qstate->env, &qstate->qinfo)) { /* lookup in negative cache; may result in * NOERROR/NODATA or NXDOMAIN answers that need validation */ msg = val_neg_getmsg(qstate->env->neg_cache, &qstate->qinfo, qstate->region, qstate->env->rrset_cache, qstate->env->scratch_buffer, - *qstate->env->now, 1/*add SOA*/, NULL); + *qstate->env->now, 1/*add SOA*/, NULL, + qstate->env->cfg); } if(!msg) return 0; @@ -520,11 +635,15 @@ cachedb_intcache_lookup(struct module_qstate* qstate) static void cachedb_intcache_store(struct module_qstate* qstate) { + uint32_t store_flags = qstate->query_flags; + + if(qstate->env->cfg->serve_expired) + store_flags |= DNSCACHE_STORE_ZEROTTL; if(!qstate->return_msg) return; (void)dns_cache_store(qstate->env, &qstate->qinfo, qstate->return_msg->rep, 0, qstate->prefetch_leeway, 0, - qstate->region, qstate->query_flags); + qstate->region, store_flags); } /** @@ -547,8 +666,8 @@ cachedb_handle_query(struct module_qstate* qstate, return; } - if(qstate->blacklist) { - /* cache is blacklisted */ + if(qstate->blacklist || qstate->no_cache_lookup) { + /* cache is blacklisted or we are instructed from edns to not look */ /* pass request to next module */ qstate->ext_state[id] = module_wait_module; return; @@ -556,10 +675,15 @@ cachedb_handle_query(struct module_qstate* qstate, /* lookup inside unbound's internal cache */ if(cachedb_intcache_lookup(qstate)) { - if(verbosity >= VERB_ALGO) - log_dns_msg("cachedb internal cache lookup", - &qstate->return_msg->qinfo, - qstate->return_msg->rep); + if(verbosity >= VERB_ALGO) { + if(qstate->return_msg->rep) + log_dns_msg("cachedb internal cache lookup", + &qstate->return_msg->qinfo, + qstate->return_msg->rep); + else log_info("cachedb internal cache lookup: rcode %s", + sldns_lookup_by_id(sldns_rcodes, qstate->return_rcode)? + sldns_lookup_by_id(sldns_rcodes, qstate->return_rcode)->name:"??"); + } /* we are done with the query */ qstate->ext_state[id] = module_finished; return; @@ -595,8 +719,8 @@ static void cachedb_handle_response(struct module_qstate* qstate, struct cachedb_qstate* ATTR_UNUSED(iq), struct cachedb_env* ie, int id) { - /* check if we are enabled, and skip if not */ - if(!ie->enabled) { + /* check if we are not enabled or instructed to not cache, and skip */ + if(!ie->enabled || qstate->no_cache_store) { /* we are done with the query */ qstate->ext_state[id] = module_finished; return; @@ -649,6 +773,11 @@ cachedb_operate(struct module_qstate* qstate, enum module_ev event, int id, (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); return; } + if(!iq && (event == module_event_moddone)) { + /* during priming, module done but we never started */ + qstate->ext_state[id] = module_finished; + return; + } log_err("bad event for cachedb"); (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); diff --git a/contrib/unbound/cachedb/cachedb.h b/contrib/unbound/cachedb/cachedb.h index d477e90a7dee..27187dc56dc6 100644 --- a/contrib/unbound/cachedb/cachedb.h +++ b/contrib/unbound/cachedb/cachedb.h @@ -87,6 +87,8 @@ struct cachedb_backend { uint8_t*, size_t); }; +#define CACHEDB_HASHSIZE 256 /* bit hash */ + /** Init the cachedb module */ int cachedb_init(struct module_env* env, int id); /** Deinit the cachedb module */ diff --git a/contrib/unbound/cachedb/redis.c b/contrib/unbound/cachedb/redis.c new file mode 100644 index 000000000000..3dfbf8f7a25c --- /dev/null +++ b/contrib/unbound/cachedb/redis.c @@ -0,0 +1,283 @@ +/* + * cachedb/redis.c - cachedb redis module + * + * Copyright (c) 2018, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains a module that uses the redis database to cache + * dns responses. + */ + +#include "config.h" +#ifdef USE_CACHEDB +#include "cachedb/redis.h" +#include "cachedb/cachedb.h" +#include "util/alloc.h" +#include "util/config_file.h" +#include "sldns/sbuffer.h" + +#ifdef USE_REDIS +#include "hiredis/hiredis.h" + +struct redis_moddata { + redisContext** ctxs; /* thread-specific redis contexts */ + int numctxs; /* number of ctx entries */ + const char* server_host; /* server's IP address or host name */ + int server_port; /* server's TCP port */ + struct timeval timeout; /* timeout for connection setup and commands */ +}; + +static redisContext* +redis_connect(const struct redis_moddata* moddata) +{ + redisContext* ctx; + + ctx = redisConnectWithTimeout(moddata->server_host, + moddata->server_port, moddata->timeout); + if(!ctx || ctx->err) { + const char *errstr = "out of memory"; + if(ctx) + errstr = ctx->errstr; + log_err("failed to connect to redis server: %s", errstr); + goto fail; + } + if(redisSetTimeout(ctx, moddata->timeout) != REDIS_OK) { + log_err("failed to set redis timeout"); + goto fail; + } + return ctx; + + fail: + if(ctx) + redisFree(ctx); + return NULL; +} + +static int +redis_init(struct module_env* env, struct cachedb_env* cachedb_env) +{ + int i; + struct redis_moddata* moddata = NULL; + + verbose(VERB_ALGO, "redis_init"); + + moddata = calloc(1, sizeof(struct redis_moddata)); + if(!moddata) { + log_err("out of memory"); + return 0; + } + moddata->numctxs = env->cfg->num_threads; + moddata->ctxs = calloc(env->cfg->num_threads, sizeof(redisContext*)); + if(!moddata->ctxs) { + log_err("out of memory"); + free(moddata); + return 0; + } + /* note: server_host is a shallow reference to configured string. + * we don't have to free it in this module. */ + moddata->server_host = env->cfg->redis_server_host; + moddata->server_port = env->cfg->redis_server_port; + moddata->timeout.tv_sec = env->cfg->redis_timeout / 1000; + moddata->timeout.tv_usec = (env->cfg->redis_timeout % 1000) * 1000; + for(i = 0; i < moddata->numctxs; i++) + moddata->ctxs[i] = redis_connect(moddata); + cachedb_env->backend_data = moddata; + return 1; +} + +static void +redis_deinit(struct module_env* env, struct cachedb_env* cachedb_env) +{ + struct redis_moddata* moddata = (struct redis_moddata*) + cachedb_env->backend_data; + (void)env; + + verbose(VERB_ALGO, "redis_deinit"); + + if(!moddata) + return; + if(moddata->ctxs) { + int i; + for(i = 0; i < moddata->numctxs; i++) { + if(moddata->ctxs[i]) + redisFree(moddata->ctxs[i]); + } + free(moddata->ctxs); + } + free(moddata); +} + +/* + * Send a redis command and get a reply. Unified so that it can be used for + * both SET and GET. If 'data' is non-NULL the command is supposed to be + * SET and GET otherwise, but the implementation of this function is agnostic + * about the semantics (except for logging): 'command', 'data', and 'data_len' + * are opaquely passed to redisCommand(). + * This function first checks whether a connection with a redis server has + * been established; if not it tries to set up a new one. + * It returns redisReply returned from redisCommand() or NULL if some low + * level error happens. The caller is responsible to check the return value, + * if it's non-NULL, it has to free it with freeReplyObject(). + */ +static redisReply* +redis_command(struct module_env* env, struct cachedb_env* cachedb_env, + const char* command, const uint8_t* data, size_t data_len) +{ + redisContext* ctx; + redisReply* rep; + struct redis_moddata* d = (struct redis_moddata*) + cachedb_env->backend_data; + + /* We assume env->alloc->thread_num is a unique ID for each thread + * in [0, num-of-threads). We could treat it as an error condition + * if the assumption didn't hold, but it seems to be a fundamental + * assumption throughout the unbound architecture, so we simply assert + * it. */ + log_assert(env->alloc->thread_num < d->numctxs); + ctx = d->ctxs[env->alloc->thread_num]; + + /* If we've not established a connection to the server or we've closed + * it on a failure, try to re-establish a new one. Failures will be + * logged in redis_connect(). */ + if(!ctx) { + ctx = redis_connect(d); + d->ctxs[env->alloc->thread_num] = ctx; + } + if(!ctx) + return NULL; + + /* Send the command and get a reply, synchronously. */ + rep = (redisReply*)redisCommand(ctx, command, data, data_len); + if(!rep) { + /* Once an error as a NULL-reply is returned the context cannot + * be reused and we'll need to set up a new connection. */ + log_err("redis_command: failed to receive a reply, " + "closing connection: %s", ctx->errstr); + redisFree(ctx); + d->ctxs[env->alloc->thread_num] = NULL; + return NULL; + } + + /* Check error in reply to unify logging in that case. + * The caller may perform context-dependent checks and logging. */ + if(rep->type == REDIS_REPLY_ERROR) + log_err("redis: %s resulted in an error: %s", + data ? "set" : "get", rep->str); + + return rep; +} + +static int +redis_lookup(struct module_env* env, struct cachedb_env* cachedb_env, + char* key, struct sldns_buffer* result_buffer) +{ + redisReply* rep; + char cmdbuf[4+(CACHEDB_HASHSIZE/8)*2+1]; /* "GET " + key */ + int n; + int ret = 0; + + verbose(VERB_ALGO, "redis_lookup of %s", key); + + n = snprintf(cmdbuf, sizeof(cmdbuf), "GET %s", key); + if(n < 0 || n >= (int)sizeof(cmdbuf)) { + log_err("redis_lookup: unexpected failure to build command"); + return 0; + } + + rep = redis_command(env, cachedb_env, cmdbuf, NULL, 0); + if(!rep) + return 0; + switch (rep->type) { + case REDIS_REPLY_NIL: + verbose(VERB_ALGO, "redis_lookup: no data cached"); + break; + case REDIS_REPLY_STRING: + verbose(VERB_ALGO, "redis_lookup found %d bytes", + (int)rep->len); + if((size_t)rep->len > sldns_buffer_capacity(result_buffer)) { + log_err("redis_lookup: replied data too long: %lu", + (size_t)rep->len); + break; + } + sldns_buffer_clear(result_buffer); + sldns_buffer_write(result_buffer, rep->str, rep->len); + sldns_buffer_flip(result_buffer); + ret = 1; + break; + case REDIS_REPLY_ERROR: + break; /* already logged */ + default: + log_err("redis_lookup: unexpected type of reply for (%d)", + rep->type); + break; + } + freeReplyObject(rep); + return ret; +} + +static void +redis_store(struct module_env* env, struct cachedb_env* cachedb_env, + char* key, uint8_t* data, size_t data_len) +{ + redisReply* rep; + char cmdbuf[4+(CACHEDB_HASHSIZE/8)*2+3+1]; /* "SET " + key + " %b" */ + int n; + + verbose(VERB_ALGO, "redis_store %s (%d bytes)", key, (int)data_len); + + /* build command to set to a binary safe string */ + n = snprintf(cmdbuf, sizeof(cmdbuf), "SET %s %%b", key); + if(n < 0 || n >= (int)sizeof(cmdbuf)) { + log_err("redis_store: unexpected failure to build command"); + return; + } + + rep = redis_command(env, cachedb_env, cmdbuf, data, data_len); + if(rep) { + verbose(VERB_ALGO, "redis_store set completed"); + if(rep->type != REDIS_REPLY_STATUS && + rep->type != REDIS_REPLY_ERROR) { + log_err("redis_store: unexpected type of reply (%d)", + rep->type); + } + freeReplyObject(rep); + } +} + +struct cachedb_backend redis_backend = { "redis", + redis_init, redis_deinit, redis_lookup, redis_store +}; +#endif /* USE_REDIS */ +#endif /* USE_CACHEDB */ diff --git a/contrib/unbound/cachedb/redis.h b/contrib/unbound/cachedb/redis.h new file mode 100644 index 000000000000..2da2a64f2db9 --- /dev/null +++ b/contrib/unbound/cachedb/redis.h @@ -0,0 +1,45 @@ +/* + * cachedb/redis.h - cachedb redis module + * + * Copyright (c) 2018, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains a module that uses the redis database to cache + * dns responses. + */ + +/** the redis backend definition, contains callable functions + * and name string */ +extern struct cachedb_backend redis_backend; diff --git a/contrib/unbound/compat/arc4_lock.c b/contrib/unbound/compat/arc4_lock.c index faa743d15baa..a78f75232350 100644 --- a/contrib/unbound/compat/arc4_lock.c +++ b/contrib/unbound/compat/arc4_lock.c @@ -33,6 +33,9 @@ */ #include "config.h" #define LOCKRET(func) func +#ifdef ENABLE_LOCK_CHECKS +#undef ENABLE_LOCK_CHECKS +#endif #include "util/locks.h" void _ARC4_LOCK(void); @@ -46,9 +49,13 @@ void _ARC4_LOCK(void) void _ARC4_UNLOCK(void) { } + +void _ARC4_LOCK_DESTROY(void) +{ +} #else /* !THREADS_DISABLED */ -static lock_quick_t arc4lock; +static lock_quick_type arc4lock; static int arc4lockinit = 0; void _ARC4_LOCK(void) @@ -64,4 +71,12 @@ void _ARC4_UNLOCK(void) { lock_quick_unlock(&arc4lock); } + +void _ARC4_LOCK_DESTROY(void) +{ + if(arc4lockinit) { + arc4lockinit = 0; + lock_quick_destroy(&arc4lock); + } +} #endif /* THREADS_DISABLED */ diff --git a/contrib/unbound/compat/arc4random.c b/contrib/unbound/compat/arc4random.c index a09665c5df22..b536d3143d42 100644 --- a/contrib/unbound/compat/arc4random.c +++ b/contrib/unbound/compat/arc4random.c @@ -71,9 +71,76 @@ static struct { static inline void _rs_rekey(u_char *dat, size_t datlen); +/* + * Basic sanity checking; wish we could do better. + */ +static int +fallback_gotdata(char *buf, size_t len) +{ + char any_set = 0; + size_t i; + + for (i = 0; i < len; ++i) + any_set |= buf[i]; + if (any_set == 0) + return -1; + return 0; +} + +/* fallback for getentropy in case libc returns failure */ +static int +fallback_getentropy_urandom(void *buf, size_t len) +{ + size_t i; + int fd, flags; + int save_errno = errno; + +start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif +#ifdef O_CLOEXEC + flags |= O_CLOEXEC; +#endif + fd = open("/dev/urandom", flags, 0); + if (fd == -1) { + if (errno == EINTR) + goto start; + goto nodevrandom; + } +#ifndef O_CLOEXEC +# ifdef HAVE_FCNTL + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +# endif +#endif + for (i = 0; i < len; ) { + size_t wanted = len - i; + ssize_t ret = read(fd, (char*)buf + i, wanted); + + if (ret == -1) { + if (errno == EAGAIN || errno == EINTR) + continue; + close(fd); + goto nodevrandom; + } + i += ret; + } + close(fd); + if (fallback_gotdata(buf, len) == 0) { + errno = save_errno; + return 0; /* satisfied */ + } +nodevrandom: + errno = EIO; + return -1; +} + static inline void _rs_init(u_char *buf, size_t n) { + assert(buf); if (n < KEYSZ + IVSZ) return; @@ -114,11 +181,14 @@ _rs_stir(void) u_char rnd[KEYSZ + IVSZ]; if (getentropy(rnd, sizeof rnd) == -1) { + if(errno != ENOSYS || + fallback_getentropy_urandom(rnd, sizeof rnd) == -1) { #ifdef SIGKILL - raise(SIGKILL); + raise(SIGKILL); #else - exit(9); /* windows */ + exit(9); /* windows */ #endif + } } if (!rs) diff --git a/contrib/unbound/compat/ctime_r.c b/contrib/unbound/compat/ctime_r.c index 2594dc17e76f..87c2609a8408 100644 --- a/contrib/unbound/compat/ctime_r.c +++ b/contrib/unbound/compat/ctime_r.c @@ -6,7 +6,7 @@ #include "util/locks.h" /** the lock for ctime buffer */ -static lock_basic_t ctime_lock; +static lock_basic_type ctime_lock; /** has it been inited */ static int ctime_r_init = 0; diff --git a/contrib/unbound/compat/getentropy_freebsd.c b/contrib/unbound/compat/getentropy_freebsd.c new file mode 100644 index 000000000000..30cd68e97d6a --- /dev/null +++ b/contrib/unbound/compat/getentropy_freebsd.c @@ -0,0 +1,62 @@ +/* $OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */ + +/* + * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org> + * Copyright (c) 2014 Brent Cook <bcook@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include <sys/types.h> +#include <sys/sysctl.h> + +#include <errno.h> +#include <stddef.h> + +/* + * Derived from lib/libc/gen/arc4random.c from FreeBSD. + */ +static size_t +getentropy_sysctl(u_char *buf, size_t size) +{ + int mib[2]; + size_t len, done; + + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + done = 0; + + do { + len = size; + if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) + return (done); + done += len; + buf += len; + size -= len; + } while (size > 0); + + return (done); +} + +int +getentropy(void *buf, size_t len) +{ + if (len <= 256 && getentropy_sysctl(buf, len) == len) + return (0); + + errno = EIO; + return (-1); +} diff --git a/contrib/unbound/compat/getentropy_linux.c b/contrib/unbound/compat/getentropy_linux.c index b86c0fba2a1f..82cdb78b8047 100644 --- a/contrib/unbound/compat/getentropy_linux.c +++ b/contrib/unbound/compat/getentropy_linux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_linux.c,v 1.20 2014/07/12 15:43:49 beck Exp $ */ +/* $OpenBSD: getentropy_linux.c,v 1.46 2018/11/20 08:04:28 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -15,20 +15,23 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ -#include "config.h" +#include "config.h" /* -#define _POSIX_C_SOURCE 199309L -#define _GNU_SOURCE 1 +#define _POSIX_C_SOURCE 199309L +#define _GNU_SOURCE 1 */ #include <sys/types.h> #include <sys/param.h> #include <sys/ioctl.h> #include <sys/resource.h> #include <sys/syscall.h> -#ifdef HAVE_SYS_SYSCTL_H -#include <sys/sysctl.h> +#ifdef SYS__sysctl +#include <linux/sysctl.h> #endif #include <sys/statvfs.h> #include <sys/socket.h> @@ -39,6 +42,7 @@ #include <stdlib.h> #include <stdint.h> #include <stdio.h> +#include <link.h> #include <termios.h> #include <fcntl.h> #include <signal.h> @@ -46,16 +50,18 @@ #include <errno.h> #include <unistd.h> #include <time.h> - -#if defined(HAVE_SSL) +#ifndef HAVE_NETTLE #include <openssl/sha.h> -#elif defined(HAVE_NETTLE) +#else #include <nettle/sha.h> +#define SHA512_CTX struct sha512_ctx +#define SHA512_Init(x) sha512_init(x) +#define SHA512_Update(x, b, s) sha512_update(x, s, b) +#define SHA512_Final(r, c) sha512_digest(c, SHA512_DIGEST_SIZE, r) #endif #include <linux/types.h> #include <linux/random.h> -#include <linux/sysctl.h> #ifdef HAVE_GETAUXVAL #include <sys/auxv.h> #endif @@ -75,29 +81,13 @@ HD(b); \ } while (0) -#if defined(HAVE_SSL) -#define CRYPTO_SHA512_CTX SHA512_CTX -#define CRYPTO_SHA512_INIT(x) SHA512_Init(x) -#define CRYPTO_SHA512_FINAL(r, c) SHA512_Final(r, c) #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) #define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) -#elif defined(HAVE_NETTLE) -#define CRYPTO_SHA512_CTX struct sha512_ctx -#define CRYPTO_SHA512_INIT(x) sha512_init(x) -#define CRYPTO_SHA512_FINAL(r, c) sha512_digest(c, SHA512_DIGEST_SIZE, r) -#define HR(x, l) (sha512_update(&ctx, (l), (uint8_t *)(x))) -#define HD(x) (sha512_update(&ctx, sizeof (x), (uint8_t *)&(x))) -#define HF(x) (sha512_update(&ctx, sizeof (void*), (uint8_t *)&(x))) -#endif int getentropy(void *buf, size_t len); -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif -static int gotdata(char *buf, size_t len); -#if defined(SYS_getrandom) && defined(__NR_getrandom) +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) static int getentropy_getrandom(void *buf, size_t len); #endif static int getentropy_urandom(void *buf, size_t len); @@ -105,6 +95,7 @@ static int getentropy_urandom(void *buf, size_t len); static int getentropy_sysctl(void *buf, size_t len); #endif static int getentropy_fallback(void *buf, size_t len); +static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); int getentropy(void *buf, size_t len) @@ -113,18 +104,21 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } -#if defined(SYS_getrandom) && defined(__NR_getrandom) +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) /* - * Try descriptor-less getrandom() + * Try descriptor-less getrandom(), in non-blocking mode. + * + * The design of Linux getrandom is broken. It has an + * uninitialized phase coupled with blocking behaviour, which + * is unacceptable from within a library at boot time without + * possible recovery. See http://bugs.python.org/issue26839#msg267745 */ ret = getentropy_getrandom(buf, len); if (ret != -1) return (ret); - if (errno != ENOSYS) - return (-1); #endif /* @@ -178,7 +172,7 @@ getentropy(void *buf, size_t len) * - Do the best under the circumstances.... * * This code path exists to bring light to the issue that Linux - * does not provide a failsafe API for entropy collection. + * still does not provide a failsafe API for entropy collection. * * We hope this demonstrates that Linux should either retain their * sysctl ABI, or consider providing a new failsafe API which @@ -196,23 +190,7 @@ getentropy(void *buf, size_t len) return (ret); } -/* - * Basic sanity checking; wish we could do better. - */ -static int -gotdata(char *buf, size_t len) -{ - char any_set = 0; - size_t i; - - for (i = 0; i < len; ++i) - any_set |= buf[i]; - if (any_set == 0) - return -1; - return 0; -} - -#if defined(SYS_getrandom) && defined(__NR_getrandom) +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) static int getentropy_getrandom(void *buf, size_t len) { @@ -221,7 +199,7 @@ getentropy_getrandom(void *buf, size_t len) if (len > 256) return (-1); do { - ret = syscall(SYS_getrandom, buf, len, 0); + ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK); } while (ret == -1 && errno == EINTR); if (ret != (int)len) @@ -269,7 +247,7 @@ start: } for (i = 0; i < len; ) { size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); + ssize_t ret = read(fd, (char *)buf + i, wanted); if (ret == -1) { if (errno == EAGAIN || errno == EINTR) @@ -280,13 +258,11 @@ start: i += ret; } close(fd); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } + errno = save_errno; + return (0); /* satisfied */ nodevrandom: errno = EIO; - return -1; + return (-1); } #ifdef SYS__sysctl @@ -311,17 +287,15 @@ getentropy_sysctl(void *buf, size_t len) goto sysctlfailed; i += chunk; } - if (gotdata(buf, len) == 0) { - errno = save_errno; - return (0); /* satisfied */ - } + errno = save_errno; + return (0); /* satisfied */ sysctlfailed: errno = EIO; - return -1; + return (-1); } #endif /* SYS__sysctl */ -static int cl[] = { +static const int cl[] = { CLOCK_REALTIME, #ifdef CLOCK_MONOTONIC CLOCK_MONOTONIC, @@ -347,6 +321,15 @@ static int cl[] = { }; static int +getentropy_phdr(struct dl_phdr_info *info, size_t ATTR_UNUSED(size), void *data) +{ + SHA512_CTX *ctx = data; + + SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); + return (0); +} + +static int getentropy_fallback(void *buf, size_t len) { uint8_t results[SHA512_DIGEST_LENGTH]; @@ -357,7 +340,7 @@ getentropy_fallback(void *buf, size_t len) struct rusage ru; sigset_t sigset; struct stat st; - CRYPTO_SHA512_CTX ctx; + SHA512_CTX ctx; static pid_t lastpid; pid_t pid; size_t i, ii, m; @@ -374,7 +357,7 @@ getentropy_fallback(void *buf, size_t len) } for (i = 0; i < len; ) { int j; - CRYPTO_SHA512_INIT(&ctx); + SHA512_Init(&ctx); for (j = 0; j < repeat; j++) { HX((e = gettimeofday(&tv, NULL)) == -1, tv); if (e != -1) { @@ -382,6 +365,8 @@ getentropy_fallback(void *buf, size_t len) cnt += (int)tv.tv_usec; } + dl_iterate_phdr(getentropy_phdr, &ctx); + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) HX(clock_gettime(cl[ii], &ts) == -1, ts); @@ -401,9 +386,6 @@ getentropy_fallback(void *buf, size_t len) HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; @@ -528,33 +510,30 @@ getentropy_fallback(void *buf, size_t len) HD(cnt); } #ifdef HAVE_GETAUXVAL -# ifdef AT_RANDOM +#ifdef AT_RANDOM /* Not as random as you think but we take what we are given */ p = (char *) getauxval(AT_RANDOM); if (p) HR(p, 16); -# endif -# ifdef AT_SYSINFO_EHDR +#endif +#ifdef AT_SYSINFO_EHDR p = (char *) getauxval(AT_SYSINFO_EHDR); if (p) HR(p, pgs); -# endif -# ifdef AT_BASE +#endif +#ifdef AT_BASE p = (char *) getauxval(AT_BASE); if (p) HD(p); -# endif -#endif /* HAVE_GETAUXVAL */ +#endif +#endif - CRYPTO_SHA512_FINAL(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } - errno = EIO; - return -1; + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ } diff --git a/contrib/unbound/compat/getentropy_osx.c b/contrib/unbound/compat/getentropy_osx.c index d5a64ab363ab..26dcc824dee7 100644 --- a/contrib/unbound/compat/getentropy_osx.c +++ b/contrib/unbound/compat/getentropy_osx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_osx.c,v 1.3 2014/07/12 14:48:00 deraadt Exp $ */ +/* $OpenBSD: getentropy_osx.c,v 1.12 2018/11/20 08:04:28 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -15,9 +15,12 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ -#include "config.h" +#include <TargetConditionals.h> #include <sys/types.h> #include <sys/param.h> #include <sys/ioctl.h> @@ -43,14 +46,18 @@ #include <mach/mach_time.h> #include <mach/mach_host.h> #include <mach/host_info.h> +#if TARGET_OS_OSX #include <sys/socketvar.h> #include <sys/vmmeter.h> +#endif #include <netinet/in.h> #include <netinet/tcp.h> +#if TARGET_OS_OSX #include <netinet/udp.h> #include <netinet/ip_var.h> #include <netinet/tcp_var.h> #include <netinet/udp_var.h> +#endif #include <CommonCrypto/CommonDigest.h> #define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c))) #define SHA512_Init(xxx) (CC_SHA512_Init((xxx))) @@ -75,10 +82,6 @@ int getentropy(void *buf, size_t len); -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif -static int gotdata(char *buf, size_t len); static int getentropy_urandom(void *buf, size_t len); static int getentropy_fallback(void *buf, size_t len); @@ -89,7 +92,7 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } /* @@ -138,22 +141,6 @@ getentropy(void *buf, size_t len) return (ret); } -/* - * Basic sanity checking; wish we could do better. - */ -static int -gotdata(char *buf, size_t len) -{ - char any_set = 0; - size_t i; - - for (i = 0; i < len; ++i) - any_set |= buf[i]; - if (any_set == 0) - return -1; - return 0; -} - static int getentropy_urandom(void *buf, size_t len) { @@ -188,7 +175,7 @@ start: } for (i = 0; i < len; ) { size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); + ssize_t ret = read(fd, (char *)buf + i, wanted); if (ret == -1) { if (errno == EAGAIN || errno == EINTR) @@ -199,18 +186,18 @@ start: i += ret; } close(fd); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } + errno = save_errno; + return (0); /* satisfied */ nodevrandom: errno = EIO; - return -1; + return (-1); } +#if TARGET_OS_OSX static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS }; static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS }; static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS }; +#endif static int kmib[] = { CTL_KERN, KERN_USRSTACK }; static int hwmib[] = { CTL_HW, HW_USERMEM }; @@ -230,9 +217,11 @@ getentropy_fallback(void *buf, size_t len) pid_t pid; size_t i, ii, m; char *p; +#if TARGET_OS_OSX struct tcpstat tcpstat; struct udpstat udpstat; struct ipstat ipstat; +#endif u_int64_t mach_time; unsigned int idata; void *addr; @@ -267,6 +256,7 @@ getentropy_fallback(void *buf, size_t len) HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]), &idata, &ii, NULL, 0) == -1, idata); +#if TARGET_OS_OSX ii = sizeof(tcpstat); HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]), &tcpstat, &ii, NULL, 0) == -1, tcpstat); @@ -278,6 +268,7 @@ getentropy_fallback(void *buf, size_t len) ii = sizeof(ipstat); HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]), &ipstat, &ii, NULL, 0) == -1, ipstat); +#endif HX((pid = getpid()) == -1, pid); HX((pid = getsid(pid)) == -1, pid); @@ -295,9 +286,6 @@ getentropy_fallback(void *buf, size_t len) HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; @@ -419,14 +407,11 @@ getentropy_fallback(void *buf, size_t len) } SHA512_Final(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } - errno = EIO; - return -1; + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ } diff --git a/contrib/unbound/compat/getentropy_solaris.c b/contrib/unbound/compat/getentropy_solaris.c index 810098a8d8e4..0a03046d4681 100644 --- a/contrib/unbound/compat/getentropy_solaris.c +++ b/contrib/unbound/compat/getentropy_solaris.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_solaris.c,v 1.3 2014/07/12 14:46:31 deraadt Exp $ */ +/* $OpenBSD: getentropy_solaris.c,v 1.13 2018/11/20 08:04:28 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -15,9 +15,12 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ -#include "config.h" +#include "config.h" #include <sys/types.h> #include <sys/param.h> #include <sys/ioctl.h> @@ -34,6 +37,7 @@ #include <stdint.h> #endif #include <stdio.h> +#include <link.h> #include <termios.h> #include <fcntl.h> #include <signal.h> @@ -67,17 +71,14 @@ #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) -#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) int getentropy(void *buf, size_t len); -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif -static int gotdata(char *buf, size_t len); static int getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck); static int getentropy_fallback(void *buf, size_t len); +static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); int getentropy(void *buf, size_t len) @@ -86,7 +87,7 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } /* @@ -153,22 +154,6 @@ getentropy(void *buf, size_t len) return (ret); } -/* - * Basic sanity checking; wish we could do better. - */ -static int -gotdata(char *buf, size_t len) -{ - char any_set = 0; - size_t i; - - for (i = 0; i < len; ++i) - any_set |= buf[i]; - if (any_set == 0) - return -1; - return 0; -} - static int getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) { @@ -204,7 +189,7 @@ start: } for (i = 0; i < len; ) { size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); + ssize_t ret = read(fd, (char *)buf + i, wanted); if (ret == -1) { if (errno == EAGAIN || errno == EINTR) @@ -215,13 +200,11 @@ start: i += ret; } close(fd); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } + errno = save_errno; + return (0); /* satisfied */ nodevrandom: errno = EIO; - return -1; + return (-1); } static const int cl[] = { @@ -250,6 +233,15 @@ static const int cl[] = { }; static int +getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) +{ + SHA512_CTX *ctx = data; + + SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); + return (0); +} + +static int getentropy_fallback(void *buf, size_t len) { uint8_t results[SHA512_DIGEST_LENGTH]; @@ -286,6 +278,8 @@ getentropy_fallback(void *buf, size_t len) cnt += (int)tv.tv_usec; } + dl_iterate_phdr(getentropy_phdr, &ctx); + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) HX(clock_gettime(cl[ii], &ts) == -1, ts); @@ -306,9 +300,6 @@ getentropy_fallback(void *buf, size_t len) HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; @@ -428,14 +419,11 @@ getentropy_fallback(void *buf, size_t len) HD(cnt); } SHA512_Final(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } - errno = EIO; - return -1; + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ } diff --git a/contrib/unbound/compat/getentropy_win.c b/contrib/unbound/compat/getentropy_win.c index 71fb955e7f90..2abeb27bc624 100644 --- a/contrib/unbound/compat/getentropy_win.c +++ b/contrib/unbound/compat/getentropy_win.c @@ -1,4 +1,4 @@ -/* $OpenBSD$ */ +/* $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */ /* * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> @@ -15,6 +15,9 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ #include <windows.h> @@ -37,7 +40,7 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, diff --git a/contrib/unbound/compat/malloc.c b/contrib/unbound/compat/malloc.c index 559aa100dd2b..d8097b13e024 100644 --- a/contrib/unbound/compat/malloc.c +++ b/contrib/unbound/compat/malloc.c @@ -5,7 +5,12 @@ #undef malloc #include <sys/types.h> +#ifndef USE_WINSOCK void *malloc (); +#else +/* provide a prototype */ +void *malloc (size_t n); +#endif /* Allocate an N-byte block of memory from the heap. If N is zero, allocate a 1-byte block. */ diff --git a/contrib/unbound/compat/snprintf.c b/contrib/unbound/compat/snprintf.c index 97cd7061f5c9..bab873e30793 100644 --- a/contrib/unbound/compat/snprintf.c +++ b/contrib/unbound/compat/snprintf.c @@ -658,7 +658,7 @@ int vsnprintf(char* str, size_t size, const char* format, va_list arg) * are not their own functions. */ /* printout designation: - * conversion specifier: x, d, u, s, c, n, m, p + * conversion specifier: x, d, u, s, c, m, p * flags: # not supported * 0 zeropad (on the left) * - left adjust (right by default) @@ -798,7 +798,10 @@ int vsnprintf(char* str, size_t size, const char* format, va_list arg) minw, minus); break; case 'n': - *va_arg(arg, int*) = ret; + /* unsupported to harden against format string + * exploitation, + * handled like an unknown format specifier. */ + /* *va_arg(arg, int*) = ret; */ break; case 'm': print_str(&at, &left, &ret, strerror(errno), diff --git a/contrib/unbound/config.guess b/contrib/unbound/config.guess index b79252d6b103..f50dcdb6de2a 100755 --- a/contrib/unbound/config.guess +++ b/contrib/unbound/config.guess @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright 1992-2018 Free Software Foundation, Inc. -timestamp='2013-06-10' +timestamp='2018-02-24' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -15,7 +15,7 @@ timestamp='2013-06-10' # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see <http://www.gnu.org/licenses/>. +# along with this program; if not, see <https://www.gnu.org/licenses/>. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -24,12 +24,12 @@ timestamp='2013-06-10' # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # -# Originally written by Per Bothner. +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess # -# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# Please send patches to <config-patches@gnu.org>. me=`echo "$0" | sed -e 's,.*/,,'` @@ -39,7 +39,7 @@ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. -Operation modes: +Options: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit @@ -50,7 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -107,9 +107,9 @@ trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; + ,,) echo "int x;" > "$dummy.c" ; for c in cc gcc c89 c99 ; do - if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + if ($c -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; @@ -132,14 +132,14 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "${UNAME_SYSTEM}" in +case "$UNAME_SYSTEM" in Linux|GNU|GNU/*) # If the system lacks a compiler, then just pick glibc. # We could probably try harder. LIBC=gnu - eval $set_cc_for_build - cat <<-EOF > $dummy.c + eval "$set_cc_for_build" + cat <<-EOF > "$dummy.c" #include <features.h> #if defined(__UCLIBC__) LIBC=uclibc @@ -149,13 +149,20 @@ Linux|GNU|GNU/*) LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + + # If ldd exists, use it to detect musl libc. + if command -v ldd >/dev/null && \ + ldd --version 2>&1 | grep -q ^musl + then + LIBC=musl + fi ;; esac # Note: order is significant - the case branches are not exclusive. -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in +case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, @@ -168,21 +175,31 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` - case "${UNAME_MACHINE_ARCH}" in + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + "/sbin/$sysctl" 2>/dev/null || \ + "/usr/sbin/$sysctl" 2>/dev/null || \ + echo unknown)` + case "$UNAME_MACHINE_ARCH" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + earmv*) + arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` + machine="${arch}${endian}"-unknown + ;; + *) machine="$UNAME_MACHINE_ARCH"-unknown ;; esac # The Operating System including object format, if it has switched - # to ELF recently, or will in the future. - case "${UNAME_MACHINE_ARCH}" in + # to ELF recently (or will in the future) and ABI. + case "$UNAME_MACHINE_ARCH" in + earm*) + os=netbsdelf + ;; arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build + eval "$set_cc_for_build" if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then @@ -197,44 +214,67 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in os=netbsd ;; esac + # Determine ABI tags. + case "$UNAME_MACHINE_ARCH" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` + ;; + esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. - case "${UNAME_VERSION}" in + case "$UNAME_VERSION" in Debian*) release='-gnu' ;; *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" + echo "$machine-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" + exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" + exit ;; + *:MidnightBSD:*:*) + echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" exit ;; *:ekkoBSD:*:*) - echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" exit ;; *:SolidBSD:*:*) - echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" exit ;; macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd${UNAME_RELEASE} + echo powerpc-unknown-mirbsd"$UNAME_RELEASE" exit ;; *:MirBSD:*:*) - echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" exit ;; + *:Sortix:*:*) + echo "$UNAME_MACHINE"-unknown-sortix + exit ;; + *:Redox:*:*) + echo "$UNAME_MACHINE"-unknown-redox + exit ;; + mips:OSF1:*.*) + echo mips-dec-osf1 + exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) @@ -251,63 +291,54 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; + UNAME_MACHINE=alphaev5 ;; "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; + UNAME_MACHINE=alphaev56 ;; "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; + UNAME_MACHINE=alphapca56 ;; "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; + UNAME_MACHINE=alphapca57 ;; "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; + UNAME_MACHINE=alphaev6 ;; "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; + UNAME_MACHINE=alphaev67 ;; "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; + UNAME_MACHINE=alphaev69 ;; "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; + UNAME_MACHINE=alphaev7 ;; "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; + UNAME_MACHINE=alphaev79 ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 exit $exitcode ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix - exit ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos + echo "$UNAME_MACHINE"-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos + echo "$UNAME_MACHINE"-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition @@ -319,7 +350,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} + echo arm-acorn-riscix"$UNAME_RELEASE" exit ;; arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos @@ -346,38 +377,38 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) - echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" exit ;; sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux${UNAME_RELEASE} + echo i386-pc-auroraux"$UNAME_RELEASE" exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - eval $set_cc_for_build - SUN_ARCH="i386" + eval "$set_cc_for_build" + SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then - SUN_ARCH="x86_64" + SUN_ARCH=x86_64 fi fi - echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in @@ -386,25 +417,25 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" exit ;; sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} + echo m68k-sun-sunos"$UNAME_RELEASE" exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) - echo m68k-sun-sunos${UNAME_RELEASE} + echo m68k-sun-sunos"$UNAME_RELEASE" ;; sun4) - echo sparc-sun-sunos${UNAME_RELEASE} + echo sparc-sun-sunos"$UNAME_RELEASE" ;; esac exit ;; aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} + echo sparc-auspex-sunos"$UNAME_RELEASE" exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not @@ -415,44 +446,44 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} + echo m68k-milan-mint"$UNAME_RELEASE" exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} + echo m68k-hades-mint"$UNAME_RELEASE" exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} + echo m68k-unknown-mint"$UNAME_RELEASE" exit ;; m68k:machten:*:*) - echo m68k-apple-machten${UNAME_RELEASE} + echo m68k-apple-machten"$UNAME_RELEASE" exit ;; powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} + echo powerpc-apple-machten"$UNAME_RELEASE" exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} + echo mips-dec-ultrix"$UNAME_RELEASE" exit ;; VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} + echo vax-dec-ultrix"$UNAME_RELEASE" exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} + echo clipper-intergraph-clix"$UNAME_RELEASE" exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #ifdef __cplusplus #include <stdio.h> /* for printf() prototype */ int main (int argc, char *argv[]) { @@ -461,23 +492,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && - dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && - SYSTEM_NAME=`$dummy $dummyarg` && + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && + dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`"$dummy" "$dummyarg"` && { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} + echo mips-mips-riscos"$UNAME_RELEASE" exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax @@ -503,17 +534,17 @@ EOF AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ - [ ${TARGET_BINARY_INTERFACE}x = x ] + if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ + [ "$TARGET_BINARY_INTERFACE"x = x ] then - echo m88k-dg-dgux${UNAME_RELEASE} + echo m88k-dg-dgux"$UNAME_RELEASE" else - echo m88k-dg-dguxbcs${UNAME_RELEASE} + echo m88k-dg-dguxbcs"$UNAME_RELEASE" fi else - echo i586-dg-dgux${UNAME_RELEASE} + echo i586-dg-dgux"$UNAME_RELEASE" fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) @@ -530,7 +561,7 @@ EOF echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id @@ -542,14 +573,14 @@ EOF if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #include <sys/systemcfg.h> main() @@ -560,7 +591,7 @@ EOF exit(0); } EOF - if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` then echo "$SYSTEM_NAME" else @@ -574,26 +605,27 @@ EOF exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} + echo "$IBM_ARCH"-ibm-aix"$IBM_REV" exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) + ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx @@ -608,28 +640,28 @@ EOF echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + case "$UNAME_MACHINE" in + 9000/31?) HP_ARCH=m68000 ;; + 9000/[34]??) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + case "$sc_cpu_version" in + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + case "$sc_kernel_bits" in + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi - if [ "${HP_ARCH}" = "" ]; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + if [ "$HP_ARCH" = "" ]; then + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #define _HPUX_SOURCE #include <stdlib.h> @@ -662,13 +694,13 @@ EOF exit (0); } EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ ${HP_ARCH} = "hppa2.0w" ] + if [ "$HP_ARCH" = hppa2.0w ] then - eval $set_cc_for_build + eval "$set_cc_for_build" # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler @@ -679,23 +711,23 @@ EOF # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then - HP_ARCH="hppa2.0w" + HP_ARCH=hppa2.0w else - HP_ARCH="hppa64" + HP_ARCH=hppa64 fi fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} + echo "$HP_ARCH"-hp-hpux"$HPUX_REV" exit ;; ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux"$HPUX_REV" exit ;; 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #include <unistd.h> int main () @@ -720,11 +752,11 @@ EOF exit (0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) @@ -733,7 +765,7 @@ EOF *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) @@ -741,9 +773,9 @@ EOF exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk + echo "$UNAME_MACHINE"-unknown-osf1mk else - echo ${UNAME_MACHINE}-unknown-osf1 + echo "$UNAME_MACHINE"-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) @@ -768,127 +800,109 @@ EOF echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" exit ;; sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} + echo sparc-unknown-bsdi"$UNAME_RELEASE" exit ;; *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` - case ${UNAME_PROCESSOR} in + case "$UNAME_PROCESSOR" in amd64) - echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - *) - echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + UNAME_PROCESSOR=x86_64 ;; + i386) + UNAME_PROCESSOR=i586 ;; esac + echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" exit ;; i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin + echo "$UNAME_MACHINE"-pc-cygwin exit ;; *:MINGW64*:*) - echo ${UNAME_MACHINE}-pc-mingw64 + echo "$UNAME_MACHINE"-pc-mingw64 exit ;; *:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 - exit ;; - i*:MSYS*:*) - echo ${UNAME_MACHINE}-pc-msys + echo "$UNAME_MACHINE"-pc-mingw32 exit ;; - i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 + *:MSYS*:*) + echo "$UNAME_MACHINE"-pc-msys exit ;; i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 + echo "$UNAME_MACHINE"-pc-pw32 exit ;; *:Interix*:*) - case ${UNAME_MACHINE} in + case "$UNAME_MACHINE" in x86) - echo i586-pc-interix${UNAME_RELEASE} + echo i586-pc-interix"$UNAME_RELEASE" exit ;; authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix${UNAME_RELEASE} + echo x86_64-unknown-interix"$UNAME_RELEASE" exit ;; IA64) - echo ia64-unknown-interix${UNAME_RELEASE} + echo ia64-unknown-interix"$UNAME_RELEASE" exit ;; esac ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks - exit ;; - 8664:Windows_NT:*) - echo x86_64-pc-mks - exit ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix - exit ;; i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin + echo "$UNAME_MACHINE"-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin - exit ;; prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" exit ;; i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix + echo "$UNAME_MACHINE"-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -901,58 +915,64 @@ EOF EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="gnulibc1" ; fi - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; arc:Linux:*:* | arceb:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; arm*:Linux:*:*) - eval $set_cc_for_build + eval "$set_cc_for_build" if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi else - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + e2k:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; i*86:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + k1om:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; mips:Linux:*:* | mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el @@ -966,64 +986,74 @@ EOF #endif #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`" + test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; } ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + mips64el:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; - or32:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + openrisc*:Linux:*:*) + echo or1k-unknown-linux-"$LIBC" + exit ;; + or32:Linux:*:* | or1k*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-${LIBC} + echo sparc-unknown-linux-"$LIBC" exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-${LIBC} + echo hppa64-unknown-linux-"$LIBC" exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; - PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; - *) echo hppa-unknown-linux-${LIBC} ;; + PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; + PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; + *) echo hppa-unknown-linux-"$LIBC" ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-${LIBC} + echo powerpc64-unknown-linux-"$LIBC" exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-${LIBC} + echo powerpc-unknown-linux-"$LIBC" exit ;; ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-${LIBC} + echo powerpc64le-unknown-linux-"$LIBC" exit ;; ppcle:Linux:*:*) - echo powerpcle-unknown-linux-${LIBC} + echo powerpcle-unknown-linux-"$LIBC" + exit ;; + riscv32:Linux:*:* | riscv64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux-${LIBC} + echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-${LIBC} + echo "$UNAME_MACHINE"-dec-linux-"$LIBC" exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + if objdump -f /bin/sh | grep -q elf32-x86-64; then + echo "$UNAME_MACHINE"-pc-linux-"$LIBC"x32 + else + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + fi exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1037,34 +1067,34 @@ EOF # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx + echo "$UNAME_MACHINE"-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop + echo "$UNAME_MACHINE"-unknown-stop exit ;; i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos + echo "$UNAME_MACHINE"-unknown-atheos exit ;; i*86:syllable:*:*) - echo ${UNAME_MACHINE}-pc-syllable + echo "$UNAME_MACHINE"-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} + echo i386-unknown-lynxos"$UNAME_RELEASE" exit ;; i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp + echo "$UNAME_MACHINE"-pc-msdosdjgpp exit ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + i*86:*:4.*:*) + UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" fi exit ;; i*86:*:5:[678]*) @@ -1074,12 +1104,12 @@ EOF *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}" exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` - echo ${UNAME_MACHINE}-pc-isc$UNAME_REL + echo "$UNAME_MACHINE"-pc-isc"$UNAME_REL" elif /bin/uname -X 2>/dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 @@ -1089,9 +1119,9 @@ EOF && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" else - echo ${UNAME_MACHINE}-pc-sysv32 + echo "$UNAME_MACHINE"-pc-sysv32 fi exit ;; pc:*:*:*) @@ -1099,7 +1129,7 @@ EOF # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configury will decide that + # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; @@ -1111,9 +1141,9 @@ EOF exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) @@ -1133,9 +1163,9 @@ EOF test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; @@ -1144,28 +1174,28 @@ EOF test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} + echo m68k-unknown-lynxos"$UNAME_RELEASE" exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} + echo sparc-unknown-lynxos"$UNAME_RELEASE" exit ;; rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} + echo rs6000-unknown-lynxos"$UNAME_RELEASE" exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} + echo powerpc-unknown-lynxos"$UNAME_RELEASE" exit ;; SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} + echo mips-dde-sysv"$UNAME_RELEASE" exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 @@ -1176,7 +1206,7 @@ EOF *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 + echo "$UNAME_MACHINE"-sni-sysv4 else echo ns32k-sni-sysv fi @@ -1196,23 +1226,23 @@ EOF exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. - echo ${UNAME_MACHINE}-stratus-vos + echo "$UNAME_MACHINE"-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} + echo m68k-apple-aux"$UNAME_RELEASE" exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} + echo mips-nec-sysv"$UNAME_RELEASE" else - echo mips-unknown-sysv${UNAME_RELEASE} + echo mips-unknown-sysv"$UNAME_RELEASE" fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. @@ -1231,67 +1261,93 @@ EOF echo x86_64-unknown-haiku exit ;; SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} + echo sx4-nec-superux"$UNAME_RELEASE" exit ;; SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} + echo sx5-nec-superux"$UNAME_RELEASE" exit ;; SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} + echo sx6-nec-superux"$UNAME_RELEASE" exit ;; SX-7:SUPER-UX:*:*) - echo sx7-nec-superux${UNAME_RELEASE} + echo sx7-nec-superux"$UNAME_RELEASE" exit ;; SX-8:SUPER-UX:*:*) - echo sx8-nec-superux${UNAME_RELEASE} + echo sx8-nec-superux"$UNAME_RELEASE" exit ;; SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux${UNAME_RELEASE} + echo sx8r-nec-superux"$UNAME_RELEASE" + exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux"$UNAME_RELEASE" exit ;; Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} + echo powerpc-apple-rhapsody"$UNAME_RELEASE" exit ;; *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - eval $set_cc_for_build + eval "$set_cc_for_build" if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac + if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc + if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_PPC >/dev/null + then + UNAME_PROCESSOR=powerpc + fi fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 fi - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then + if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; - NEO-?:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk${UNAME_RELEASE} + NEO-*:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk"$UNAME_RELEASE" exit ;; NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk${UNAME_RELEASE} + echo nse-tandem-nsk"$UNAME_RELEASE" exit ;; - NSR-?:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} + NSR-*:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSV-*:NONSTOP_KERNEL:*:*) + echo nsv-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSX-*:NONSTOP_KERNEL:*:*) + echo nsx-tandem-nsk"$UNAME_RELEASE" exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux @@ -1300,18 +1356,18 @@ EOF echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - if test "$cputype" = "386"; then + if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi - echo ${UNAME_MACHINE}-unknown-plan9 + echo "$UNAME_MACHINE"-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 @@ -1332,14 +1388,14 @@ EOF echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} + echo mips-sei-seiux"$UNAME_RELEASE" exit ;; *:DragonFly:*:*) - echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "${UNAME_MACHINE}" in + case "$UNAME_MACHINE" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; @@ -1348,182 +1404,48 @@ EOF echo i386-pc-xenix exit ;; i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" exit ;; i*86:rdos:*:*) - echo ${UNAME_MACHINE}-pc-rdos + echo "$UNAME_MACHINE"-pc-rdos exit ;; i*86:AROS:*:*) - echo ${UNAME_MACHINE}-pc-aros + echo "$UNAME_MACHINE"-pc-aros exit ;; x86_64:VMkernel:*:*) - echo ${UNAME_MACHINE}-unknown-esx + echo "$UNAME_MACHINE"-unknown-esx + exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs exit ;; esac -eval $set_cc_for_build -cat >$dummy.c <<EOF -#ifdef _SEQUENT_ -# include <sys/types.h> -# include <sys/utsname.h> -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include <sys/param.h> - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include <sys/param.h> -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif +echo "$0: unable to guess system type" >&2 -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif +case "$UNAME_MACHINE:$UNAME_SYSTEM" in + mips:Linux | mips64:Linux) + # If we got here on MIPS GNU/Linux, output extra information. + cat >&2 <<EOF - exit (1); -} +NOTE: MIPS GNU/Linux systems require a C compiler to fully recognize +the system type. Please install a C compiler and try again. EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi + ;; +esac cat >&2 <<EOF -$0: unable to guess system type -This script, last modified $timestamp, has failed to recognize -the operating system you are using. It is advised that you -download the most up to date version of the config scripts from +This script (version $timestamp), has failed to recognize the +operating system you are using. If your script is old, overwrite *all* +copies of config.guess and config.sub with the latest versions from: - http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD + https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess and - http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub -If the version you run ($0) is already up to date, please -send the following data and any information you think might be -pertinent to <config-patches@gnu.org> in order to provide the needed -information to handle your system. +If $0 has already been updated, send the following data and any +information you think might be pertinent to config-patches@gnu.org to +provide the necessary information to handle your system. config.guess timestamp = $timestamp @@ -1542,16 +1464,16 @@ hostinfo = `(hostinfo) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` -UNAME_MACHINE = ${UNAME_MACHINE} -UNAME_RELEASE = ${UNAME_RELEASE} -UNAME_SYSTEM = ${UNAME_SYSTEM} -UNAME_VERSION = ${UNAME_VERSION} +UNAME_MACHINE = "$UNAME_MACHINE" +UNAME_RELEASE = "$UNAME_RELEASE" +UNAME_SYSTEM = "$UNAME_SYSTEM" +UNAME_VERSION = "$UNAME_VERSION" EOF exit 1 # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'write-file-functions 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff --git a/contrib/unbound/config.h b/contrib/unbound/config.h index c8c0cf76f311..c7542b5e31b0 100644 --- a/contrib/unbound/config.h +++ b/contrib/unbound/config.h @@ -1,12 +1,24 @@ /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ +/* apply the noreturn attribute to a function that exits the program */ +#define ATTR_NORETURN __attribute__((__noreturn__)) + +/* apply the weak attribute to a symbol */ +#define ATTR_WEAK __attribute__((weak)) + /* Directory to chroot to */ #define CHROOT_DIR "/var/unbound" +/* Define this to enable client subnet option. */ +/* #undef CLIENT_SUBNET */ + /* Do sha512 definitions in config.h */ /* #undef COMPAT_SHA512 */ +/* Command line arguments used with configure */ +#define CONFCMDLINE "--with-ssl=/usr --with-libexpat=/usr --disable-dnscrypt --disable-dnstap --enable-ecdsa --disable-event-api --enable-gost --with-libevent --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads--prefix=/usr --localstatedir=/var/unbound --mandir=/usr/share/man --build=freebsd" + /* Pathname to the Unbound configuration file */ #define CONFIGFILE "/var/unbound/unbound.conf" @@ -28,6 +40,9 @@ internal symbols */ /* #undef EXPORT_ALL_SYMBOLS */ +/* Define to 1 if you have the `accept4' function. */ +#define HAVE_ACCEPT4 1 + /* Define to 1 if you have the `arc4random' function. */ #define HAVE_ARC4RANDOM 1 @@ -40,6 +55,9 @@ /* Whether the C compiler accepts the "format" attribute */ #define HAVE_ATTR_FORMAT 1 +/* Whether the C compiler accepts the "noreturn" attribute */ +#define HAVE_ATTR_NORETURN 1 + /* Whether the C compiler accepts the "unused" attribute */ #define HAVE_ATTR_UNUSED 1 @@ -55,6 +73,9 @@ /* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ #define HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1 +/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */ +/* #undef HAVE_CRYPTO_THREADID_SET_CALLBACK */ + /* Define to 1 if you have the `ctime_r' function. */ #define HAVE_CTIME_R 1 @@ -69,6 +90,26 @@ if you don't. */ /* #undef HAVE_DECL_ARC4RANDOM_UNIFORM */ +/* Define to 1 if you have the declaration of `evsignal_assign', and to 0 if + you don't. */ +/* #undef HAVE_DECL_EVSIGNAL_ASSIGN */ + +/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you + don't. */ +#define HAVE_DECL_INET_NTOP 1 + +/* Define to 1 if you have the declaration of `inet_pton', and to 0 if you + don't. */ +#define HAVE_DECL_INET_PTON 1 + +/* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you + don't. */ +#define HAVE_DECL_NID_ED25519 1 + +/* Define to 1 if you have the declaration of `NID_ED448', and to 0 if you + don't. */ +#define HAVE_DECL_NID_ED448 1 + /* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you don't. */ #define HAVE_DECL_NID_SECP384R1 1 @@ -81,6 +122,10 @@ don't. */ /* #undef HAVE_DECL_REALLOCARRAY */ +/* Define to 1 if you have the declaration of `redisConnect', and to 0 if you + don't. */ +/* #undef HAVE_DECL_REDISCONNECT */ + /* Define to 1 if you have the declaration of `sk_SSL_COMP_pop_free', and to 0 if you don't. */ #define HAVE_DECL_SK_SSL_COMP_POP_FREE 1 @@ -108,6 +153,9 @@ /* Define to 1 if you have the <dlfcn.h> header file. */ #define HAVE_DLFCN_H 1 +/* Define to 1 if you have the `DSA_SIG_set0' function. */ +/* #undef HAVE_DSA_SIG_SET0 */ + /* Define to 1 if you have the <endian.h> header file. */ /* #undef HAVE_ENDIAN_H */ @@ -126,6 +174,9 @@ /* Define to 1 if you have the `ERR_load_crypto_strings' function. */ #define HAVE_ERR_LOAD_CRYPTO_STRINGS 1 +/* Define to 1 if you have the `event_assign' function. */ +/* #undef HAVE_EVENT_ASSIGN */ + /* Define to 1 if you have the `event_base_free' function. */ /* #undef HAVE_EVENT_BASE_FREE */ @@ -141,9 +192,21 @@ /* Define to 1 if you have the <event.h> header file. */ /* #undef HAVE_EVENT_H */ +/* Define to 1 if you have the `EVP_aes_256_cbc' function. */ +#define HAVE_EVP_AES_256_CBC 1 + /* Define to 1 if you have the `EVP_cleanup' function. */ #define HAVE_EVP_CLEANUP 1 +/* Define to 1 if you have the `EVP_DigestVerify' function. */ +/* #undef HAVE_EVP_DIGESTVERIFY */ + +/* Define to 1 if you have the `EVP_dss1' function. */ +/* #undef HAVE_EVP_DSS1 */ + +/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */ +/* #undef HAVE_EVP_ENCRYPTINIT_EX */ + /* Define to 1 if you have the `EVP_MD_CTX_new' function. */ /* #undef HAVE_EVP_MD_CTX_NEW */ @@ -165,6 +228,9 @@ /* Define to 1 if you have the <expat.h> header file. */ #define HAVE_EXPAT_H 1 +/* Define to 1 if you have the `explicit_bzero' function. */ +#define HAVE_EXPLICIT_BZERO 1 + /* Define to 1 if you have the `fcntl' function. */ #define HAVE_FCNTL 1 @@ -210,6 +276,12 @@ /* Define to 1 if you have the <grp.h> header file. */ #define HAVE_GRP_H 1 +/* Define to 1 if you have the <hiredis/hiredis.h> header file. */ +/* #undef HAVE_HIREDIS_HIREDIS_H */ + +/* Define to 1 if you have the `HMAC_Init_ex' function. */ +#define HAVE_HMAC_INIT_EX 1 + /* If you have HMAC_Update */ #define HAVE_HMAC_UPDATE 1 @@ -240,6 +312,9 @@ /* Define to 1 if you have the `kill' function. */ #define HAVE_KILL 1 +/* Define to 1 if you have the <libkern/OSByteOrder.h> header file. */ +/* #undef HAVE_LIBKERN_OSBYTEORDER_H */ + /* Define if we have LibreSSL */ /* #undef HAVE_LIBRESSL */ @@ -273,6 +348,9 @@ /* Define to 1 if you have the <nettle/dsa-compat.h> header file. */ /* #undef HAVE_NETTLE_DSA_COMPAT_H */ +/* Define to 1 if you have the <nettle/eddsa.h> header file. */ +/* #undef HAVE_NETTLE_EDDSA_H */ + /* Use libnss for crypto */ /* #undef HAVE_NSS */ @@ -339,15 +417,12 @@ /* Define to 1 if you have the `RAND_cleanup' function. */ #define HAVE_RAND_CLEANUP 1 -/* Define to 1 if you have the `reallocarray' function. */ +/* If we have reallocarray(3) */ #define HAVE_REALLOCARRAY 1 /* Define to 1 if you have the `recvmsg' function. */ #define HAVE_RECVMSG 1 -/* define if you have the sbrk() call */ -/* #undef HAVE_SBRK */ - /* Define to 1 if you have the `sendmsg' function. */ #define HAVE_SENDMSG 1 @@ -375,6 +450,9 @@ /* Define to 1 if you have the `SHA512_Update' function. */ /* #undef HAVE_SHA512_UPDATE */ +/* Define to 1 if you have the `shmget' function. */ +#define HAVE_SHMGET 1 + /* Define to 1 if you have the `sigprocmask' function. */ #define HAVE_SIGPROCMASK 1 @@ -396,6 +474,21 @@ /* Define if you have the SSL libraries installed. */ #define HAVE_SSL /**/ +/* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */ +/* #undef HAVE_SSL_CTX_SET_CIPHERSUITES */ + +/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */ +/* #undef HAVE_SSL_CTX_SET_SECURITY_LEVEL */ + +/* Define to 1 if you have the `SSL_CTX_set_tlsext_ticket_key_cb' function. */ +/* #undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_CB */ + +/* Define to 1 if you have the `SSL_get0_peername' function. */ +/* #undef HAVE_SSL_GET0_PEERNAME */ + +/* Define to 1 if you have the `SSL_set1_host' function. */ +/* #undef HAVE_SSL_SET1_HOST */ + /* Define to 1 if you have the <stdarg.h> header file. */ #define HAVE_STDARG_H 1 @@ -441,6 +534,15 @@ /* Define to 1 if you have the <syslog.h> header file. */ #define HAVE_SYSLOG_H 1 +/* Define to 1 if systemd should be used */ +/* #undef HAVE_SYSTEMD */ + +/* Define to 1 if you have the <sys/endian.h> header file. */ +#define HAVE_SYS_ENDIAN_H 1 + +/* Define to 1 if you have the <sys/ipc.h> header file. */ +#define HAVE_SYS_IPC_H 1 + /* Define to 1 if you have the <sys/param.h> header file. */ #define HAVE_SYS_PARAM_H 1 @@ -450,6 +552,9 @@ /* Define to 1 if you have the <sys/sha2.h> header file. */ /* #undef HAVE_SYS_SHA2_H */ +/* Define to 1 if you have the <sys/shm.h> header file. */ +#define HAVE_SYS_SHM_H 1 + /* Define to 1 if you have the <sys/socket.h> header file. */ #define HAVE_SYS_SOCKET_H 1 @@ -510,9 +615,15 @@ /* Define to 1 if you have the <ws2tcpip.h> header file. */ /* #undef HAVE_WS2TCPIP_H */ +/* Define to 1 if you have the `X509_VERIFY_PARAM_set1_host' function. */ +#define HAVE_X509_VERIFY_PARAM_SET1_HOST 1 + /* Define to 1 if you have the `_beginthreadex' function. */ /* #undef HAVE__BEGINTHREADEX */ +/* If HMAC_Init_ex() returns void */ +/* #undef HMAC_INIT_EX_RETURNS_VOID */ + /* if lex has yylex_destroy */ #define LEX_HAS_YYLEX_DESTROY 1 @@ -560,13 +671,13 @@ /* #undef OMITTED__D__EXTENSIONS__ */ /* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "unbound-bugs@nlnetlabs.nl" +#define PACKAGE_BUGREPORT "unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues" /* Define to the full name of this package. */ #define PACKAGE_NAME "unbound" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "unbound 1.5.10" +#define PACKAGE_STRING "unbound 1.9.6" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "unbound" @@ -575,7 +686,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.5.10" +#define PACKAGE_VERSION "1.9.6" /* default pidfile location */ #define PIDFILE "/var/unbound/unbound.pid" @@ -587,6 +698,9 @@ /* Define as the return type of signal handlers (`int' or `void'). */ #define RETSIGTYPE void +/* if REUSEPORT is enabled by default */ +#define REUSEPORT_DEFAULT 0 + /* default rootkey location */ #define ROOT_ANCHOR_FILE "/var/unbound/root.key" @@ -594,7 +708,7 @@ #define ROOT_CERT_FILE "/var/unbound/icannbundle.pem" /* version number for resource files */ -#define RSRC_PACKAGE_VERSION 1,5,10,0 +#define RSRC_PACKAGE_VERSION 1,9,6,0 /* Directory to chdir to */ #define RUN_DIR "/var/unbound" @@ -602,12 +716,26 @@ /* Shared data */ #define SHARE_DIR "/var/unbound" +/* The size of `size_t'. */ +#ifdef __LP64__ +#define SIZEOF_SIZE_T 8 +#else +#define SIZEOF_SIZE_T 4 +#endif + /* The size of `time_t', as computed by sizeof. */ +#ifdef __i386__ +#define SIZEOF_TIME_T 4 +#else #define SIZEOF_TIME_T 8 +#endif /* define if (v)snprintf does not return length needed, (but length used) */ /* #undef SNPRINTF_RET_BROKEN */ +/* Define to 1 if libsodium supports sodium_set_misuse_handler */ +/* #undef SODIUM_MISUSE_HANDLER */ + /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 @@ -617,6 +745,9 @@ /* Use win32 resources and API */ /* #undef UB_ON_WINDOWS */ +/* the SYSLOG_FACILITY to use, default LOG_DAEMON */ +#define UB_SYSLOG_FACILITY LOG_DAEMON + /* default username */ #define UB_USERNAME "unbound" @@ -635,6 +766,12 @@ /* Define to 1 to use cachedb support */ /* #undef USE_CACHEDB */ +/* Define to 1 to enable dnscrypt support */ +/* #undef USE_DNSCRYPT */ + +/* Define to 1 to enable dnscrypt with xchacha20 support */ +/* #undef USE_DNSCRYPT_XCHACHA20 */ + /* Define to 1 to enable dnstap support */ /* #undef USE_DNSTAP */ @@ -647,8 +784,20 @@ /* Define this to enable an EVP workaround for older openssl */ /* #undef USE_ECDSA_EVP_WORKAROUND */ +/* Define this to enable ED25519 support. */ +#define USE_ED25519 1 + +/* Define this to enable ED448 support. */ +#define USE_ED448 1 + /* Define this to enable GOST support. */ -#define USE_GOST 1 +/* #undef USE_GOST */ + +/* Define to 1 to use ipsecmod support. */ +/* #undef USE_IPSECMOD */ + +/* Define to 1 to use ipset support */ +/* #undef USE_IPSET */ /* Define if you want to use internal select based events */ #define USE_MINI_EVENT 1 @@ -659,6 +808,12 @@ /* Define this to enable client TCP Fast Open. */ /* #undef USE_OSX_MSG_FASTOPEN */ +/* Define this to use hiredis client. */ +/* #undef USE_REDIS */ + +/* Define this to enable SHA1 support. */ +#define USE_SHA1 1 + /* Define this to enable SHA256 and SHA512 support. */ #define USE_SHA2 1 @@ -841,8 +996,14 @@ +#ifndef _OPENBSD_SOURCE +#define _OPENBSD_SOURCE 1 +#endif + #ifndef UNBOUND_DEBUG +# ifndef NDEBUG # define NDEBUG +# endif #endif /** Use small-ldns codebase */ @@ -1056,12 +1217,29 @@ char *strsep(char **stringp, const char *delim); int isblank(int c); #endif +#ifndef HAVE_EXPLICIT_BZERO +#define explicit_bzero unbound_explicit_bzero +void explicit_bzero(void* buf, size_t len); +#endif + +#if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP +const char *inet_ntop(int af, const void *src, char *dst, size_t size); +#endif + +#if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON +int inet_pton(int af, const char* src, void* dst); +#endif + #if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) #define strptime unbound_strptime struct tm; char *strptime(const char *s, const char *format, struct tm *tm); #endif +#if !HAVE_DECL_REALLOCARRAY +void *reallocarray(void *ptr, size_t nmemb, size_t size); +#endif + #ifdef HAVE_LIBRESSL # if !HAVE_DECL_STRLCPY size_t strlcpy(char *dst, const char *src, size_t siz); @@ -1075,17 +1253,14 @@ uint32_t arc4random(void); # if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) uint32_t arc4random_uniform(uint32_t upper_bound); # endif -# if !HAVE_DECL_REALLOCARRAY -void *reallocarray(void *ptr, size_t nmemb, size_t size); -# endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM -void explicit_bzero(void* buf, size_t len); int getentropy(void* buf, size_t len); uint32_t arc4random(void); void arc4random_buf(void* buf, size_t n); void _ARC4_LOCK(void); void _ARC4_UNLOCK(void); +void _ARC4_LOCK_DESTROY(void); #endif #ifndef HAVE_ARC4RANDOM_UNIFORM uint32_t arc4random_uniform(uint32_t upper_bound); @@ -1151,6 +1326,8 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, /** default port for DNS traffic. */ #define UNBOUND_DNS_PORT 53 +/** default port for DNS over TLS traffic. */ +#define UNBOUND_DNS_OVER_TLS_PORT 853 /** default port for unbound control traffic, registered port with IANA, ub-dns-control 8953/tcp unbound dns nameserver control */ #define UNBOUND_CONTROL_PORT 8953 diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in index 04fc74396e95..8c2aa3b94aee 100644 --- a/contrib/unbound/config.h.in +++ b/contrib/unbound/config.h.in @@ -1,11 +1,23 @@ /* config.h.in. Generated from configure.ac by autoheader. */ +/* apply the noreturn attribute to a function that exits the program */ +#undef ATTR_NORETURN + +/* apply the weak attribute to a symbol */ +#undef ATTR_WEAK + /* Directory to chroot to */ #undef CHROOT_DIR +/* Define this to enable client subnet option. */ +#undef CLIENT_SUBNET + /* Do sha512 definitions in config.h */ #undef COMPAT_SHA512 +/* Command line arguments used with configure */ +#undef CONFCMDLINE + /* Pathname to the Unbound configuration file */ #undef CONFIGFILE @@ -27,6 +39,9 @@ internal symbols */ #undef EXPORT_ALL_SYMBOLS +/* Define to 1 if you have the `accept4' function. */ +#undef HAVE_ACCEPT4 + /* Define to 1 if you have the `arc4random' function. */ #undef HAVE_ARC4RANDOM @@ -39,6 +54,9 @@ /* Whether the C compiler accepts the "format" attribute */ #undef HAVE_ATTR_FORMAT +/* Whether the C compiler accepts the "noreturn" attribute */ +#undef HAVE_ATTR_NORETURN + /* Whether the C compiler accepts the "unused" attribute */ #undef HAVE_ATTR_UNUSED @@ -54,6 +72,9 @@ /* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ #undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA +/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */ +#undef HAVE_CRYPTO_THREADID_SET_CALLBACK + /* Define to 1 if you have the `ctime_r' function. */ #undef HAVE_CTIME_R @@ -68,6 +89,26 @@ if you don't. */ #undef HAVE_DECL_ARC4RANDOM_UNIFORM +/* Define to 1 if you have the declaration of `evsignal_assign', and to 0 if + you don't. */ +#undef HAVE_DECL_EVSIGNAL_ASSIGN + +/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you + don't. */ +#undef HAVE_DECL_INET_NTOP + +/* Define to 1 if you have the declaration of `inet_pton', and to 0 if you + don't. */ +#undef HAVE_DECL_INET_PTON + +/* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you + don't. */ +#undef HAVE_DECL_NID_ED25519 + +/* Define to 1 if you have the declaration of `NID_ED448', and to 0 if you + don't. */ +#undef HAVE_DECL_NID_ED448 + /* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you don't. */ #undef HAVE_DECL_NID_SECP384R1 @@ -80,6 +121,10 @@ don't. */ #undef HAVE_DECL_REALLOCARRAY +/* Define to 1 if you have the declaration of `redisConnect', and to 0 if you + don't. */ +#undef HAVE_DECL_REDISCONNECT + /* Define to 1 if you have the declaration of `sk_SSL_COMP_pop_free', and to 0 if you don't. */ #undef HAVE_DECL_SK_SSL_COMP_POP_FREE @@ -107,6 +152,9 @@ /* Define to 1 if you have the <dlfcn.h> header file. */ #undef HAVE_DLFCN_H +/* Define to 1 if you have the `DSA_SIG_set0' function. */ +#undef HAVE_DSA_SIG_SET0 + /* Define to 1 if you have the <endian.h> header file. */ #undef HAVE_ENDIAN_H @@ -125,6 +173,9 @@ /* Define to 1 if you have the `ERR_load_crypto_strings' function. */ #undef HAVE_ERR_LOAD_CRYPTO_STRINGS +/* Define to 1 if you have the `event_assign' function. */ +#undef HAVE_EVENT_ASSIGN + /* Define to 1 if you have the `event_base_free' function. */ #undef HAVE_EVENT_BASE_FREE @@ -140,9 +191,21 @@ /* Define to 1 if you have the <event.h> header file. */ #undef HAVE_EVENT_H +/* Define to 1 if you have the `EVP_aes_256_cbc' function. */ +#undef HAVE_EVP_AES_256_CBC + /* Define to 1 if you have the `EVP_cleanup' function. */ #undef HAVE_EVP_CLEANUP +/* Define to 1 if you have the `EVP_DigestVerify' function. */ +#undef HAVE_EVP_DIGESTVERIFY + +/* Define to 1 if you have the `EVP_dss1' function. */ +#undef HAVE_EVP_DSS1 + +/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */ +#undef HAVE_EVP_ENCRYPTINIT_EX + /* Define to 1 if you have the `EVP_MD_CTX_new' function. */ #undef HAVE_EVP_MD_CTX_NEW @@ -164,6 +227,9 @@ /* Define to 1 if you have the <expat.h> header file. */ #undef HAVE_EXPAT_H +/* Define to 1 if you have the `explicit_bzero' function. */ +#undef HAVE_EXPLICIT_BZERO + /* Define to 1 if you have the `fcntl' function. */ #undef HAVE_FCNTL @@ -209,6 +275,12 @@ /* Define to 1 if you have the <grp.h> header file. */ #undef HAVE_GRP_H +/* Define to 1 if you have the <hiredis/hiredis.h> header file. */ +#undef HAVE_HIREDIS_HIREDIS_H + +/* Define to 1 if you have the `HMAC_Init_ex' function. */ +#undef HAVE_HMAC_INIT_EX + /* If you have HMAC_Update */ #undef HAVE_HMAC_UPDATE @@ -239,6 +311,9 @@ /* Define to 1 if you have the `kill' function. */ #undef HAVE_KILL +/* Define to 1 if you have the <libkern/OSByteOrder.h> header file. */ +#undef HAVE_LIBKERN_OSBYTEORDER_H + /* Define if we have LibreSSL */ #undef HAVE_LIBRESSL @@ -272,6 +347,9 @@ /* Define to 1 if you have the <nettle/dsa-compat.h> header file. */ #undef HAVE_NETTLE_DSA_COMPAT_H +/* Define to 1 if you have the <nettle/eddsa.h> header file. */ +#undef HAVE_NETTLE_EDDSA_H + /* Use libnss for crypto */ #undef HAVE_NSS @@ -338,15 +416,12 @@ /* Define to 1 if you have the `RAND_cleanup' function. */ #undef HAVE_RAND_CLEANUP -/* Define to 1 if you have the `reallocarray' function. */ +/* If we have reallocarray(3) */ #undef HAVE_REALLOCARRAY /* Define to 1 if you have the `recvmsg' function. */ #undef HAVE_RECVMSG -/* define if you have the sbrk() call */ -#undef HAVE_SBRK - /* Define to 1 if you have the `sendmsg' function. */ #undef HAVE_SENDMSG @@ -374,6 +449,9 @@ /* Define to 1 if you have the `SHA512_Update' function. */ #undef HAVE_SHA512_UPDATE +/* Define to 1 if you have the `shmget' function. */ +#undef HAVE_SHMGET + /* Define to 1 if you have the `sigprocmask' function. */ #undef HAVE_SIGPROCMASK @@ -395,6 +473,21 @@ /* Define if you have the SSL libraries installed. */ #undef HAVE_SSL +/* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */ +#undef HAVE_SSL_CTX_SET_CIPHERSUITES + +/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */ +#undef HAVE_SSL_CTX_SET_SECURITY_LEVEL + +/* Define to 1 if you have the `SSL_CTX_set_tlsext_ticket_key_cb' function. */ +#undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_CB + +/* Define to 1 if you have the `SSL_get0_peername' function. */ +#undef HAVE_SSL_GET0_PEERNAME + +/* Define to 1 if you have the `SSL_set1_host' function. */ +#undef HAVE_SSL_SET1_HOST + /* Define to 1 if you have the <stdarg.h> header file. */ #undef HAVE_STDARG_H @@ -440,6 +533,15 @@ /* Define to 1 if you have the <syslog.h> header file. */ #undef HAVE_SYSLOG_H +/* Define to 1 if systemd should be used */ +#undef HAVE_SYSTEMD + +/* Define to 1 if you have the <sys/endian.h> header file. */ +#undef HAVE_SYS_ENDIAN_H + +/* Define to 1 if you have the <sys/ipc.h> header file. */ +#undef HAVE_SYS_IPC_H + /* Define to 1 if you have the <sys/param.h> header file. */ #undef HAVE_SYS_PARAM_H @@ -449,6 +551,9 @@ /* Define to 1 if you have the <sys/sha2.h> header file. */ #undef HAVE_SYS_SHA2_H +/* Define to 1 if you have the <sys/shm.h> header file. */ +#undef HAVE_SYS_SHM_H + /* Define to 1 if you have the <sys/socket.h> header file. */ #undef HAVE_SYS_SOCKET_H @@ -509,9 +614,15 @@ /* Define to 1 if you have the <ws2tcpip.h> header file. */ #undef HAVE_WS2TCPIP_H +/* Define to 1 if you have the `X509_VERIFY_PARAM_set1_host' function. */ +#undef HAVE_X509_VERIFY_PARAM_SET1_HOST + /* Define to 1 if you have the `_beginthreadex' function. */ #undef HAVE__BEGINTHREADEX +/* If HMAC_Init_ex() returns void */ +#undef HMAC_INIT_EX_RETURNS_VOID + /* if lex has yylex_destroy */ #undef LEX_HAS_YYLEX_DESTROY @@ -586,6 +697,9 @@ /* Define as the return type of signal handlers (`int' or `void'). */ #undef RETSIGTYPE +/* if REUSEPORT is enabled by default */ +#undef REUSEPORT_DEFAULT + /* default rootkey location */ #undef ROOT_ANCHOR_FILE @@ -601,12 +715,18 @@ /* Shared data */ #undef SHARE_DIR +/* The size of `size_t', as computed by sizeof. */ +#undef SIZEOF_SIZE_T + /* The size of `time_t', as computed by sizeof. */ #undef SIZEOF_TIME_T /* define if (v)snprintf does not return length needed, (but length used) */ #undef SNPRINTF_RET_BROKEN +/* Define to 1 if libsodium supports sodium_set_misuse_handler */ +#undef SODIUM_MISUSE_HANDLER + /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS @@ -616,6 +736,9 @@ /* Use win32 resources and API */ #undef UB_ON_WINDOWS +/* the SYSLOG_FACILITY to use, default LOG_DAEMON */ +#undef UB_SYSLOG_FACILITY + /* default username */ #undef UB_USERNAME @@ -634,6 +757,12 @@ /* Define to 1 to use cachedb support */ #undef USE_CACHEDB +/* Define to 1 to enable dnscrypt support */ +#undef USE_DNSCRYPT + +/* Define to 1 to enable dnscrypt with xchacha20 support */ +#undef USE_DNSCRYPT_XCHACHA20 + /* Define to 1 to enable dnstap support */ #undef USE_DNSTAP @@ -646,9 +775,21 @@ /* Define this to enable an EVP workaround for older openssl */ #undef USE_ECDSA_EVP_WORKAROUND +/* Define this to enable ED25519 support. */ +#undef USE_ED25519 + +/* Define this to enable ED448 support. */ +#undef USE_ED448 + /* Define this to enable GOST support. */ #undef USE_GOST +/* Define to 1 to use ipsecmod support. */ +#undef USE_IPSECMOD + +/* Define to 1 to use ipset support */ +#undef USE_IPSET + /* Define if you want to use internal select based events */ #undef USE_MINI_EVENT @@ -658,6 +799,12 @@ /* Define this to enable client TCP Fast Open. */ #undef USE_OSX_MSG_FASTOPEN +/* Define this to use hiredis client. */ +#undef USE_REDIS + +/* Define this to enable SHA1 support. */ +#undef USE_SHA1 + /* Define this to enable SHA256 and SHA512 support. */ #undef USE_SHA2 @@ -840,8 +987,14 @@ +#ifndef _OPENBSD_SOURCE +#define _OPENBSD_SOURCE 1 +#endif + #ifndef UNBOUND_DEBUG +# ifndef NDEBUG # define NDEBUG +# endif #endif /** Use small-ldns codebase */ @@ -1055,12 +1208,29 @@ char *strsep(char **stringp, const char *delim); int isblank(int c); #endif +#ifndef HAVE_EXPLICIT_BZERO +#define explicit_bzero unbound_explicit_bzero +void explicit_bzero(void* buf, size_t len); +#endif + +#if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP +const char *inet_ntop(int af, const void *src, char *dst, size_t size); +#endif + +#if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON +int inet_pton(int af, const char* src, void* dst); +#endif + #if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) #define strptime unbound_strptime struct tm; char *strptime(const char *s, const char *format, struct tm *tm); #endif +#if !HAVE_DECL_REALLOCARRAY +void *reallocarray(void *ptr, size_t nmemb, size_t size); +#endif + #ifdef HAVE_LIBRESSL # if !HAVE_DECL_STRLCPY size_t strlcpy(char *dst, const char *src, size_t siz); @@ -1074,17 +1244,14 @@ uint32_t arc4random(void); # if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) uint32_t arc4random_uniform(uint32_t upper_bound); # endif -# if !HAVE_DECL_REALLOCARRAY -void *reallocarray(void *ptr, size_t nmemb, size_t size); -# endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM -void explicit_bzero(void* buf, size_t len); int getentropy(void* buf, size_t len); uint32_t arc4random(void); void arc4random_buf(void* buf, size_t n); void _ARC4_LOCK(void); void _ARC4_UNLOCK(void); +void _ARC4_LOCK_DESTROY(void); #endif #ifndef HAVE_ARC4RANDOM_UNIFORM uint32_t arc4random_uniform(uint32_t upper_bound); @@ -1150,6 +1317,8 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, /** default port for DNS traffic. */ #define UNBOUND_DNS_PORT 53 +/** default port for DNS over TLS traffic. */ +#define UNBOUND_DNS_OVER_TLS_PORT 853 /** default port for unbound control traffic, registered port with IANA, ub-dns-control 8953/tcp unbound dns nameserver control */ #define UNBOUND_CONTROL_PORT 8953 diff --git a/contrib/unbound/config.sub b/contrib/unbound/config.sub index d2a961303304..1d8e98bcee23 100755 --- a/contrib/unbound/config.sub +++ b/contrib/unbound/config.sub @@ -1,8 +1,8 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright 1992-2018 Free Software Foundation, Inc. -timestamp='2013-08-10' +timestamp='2018-02-22' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -15,7 +15,7 @@ timestamp='2013-08-10' # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see <http://www.gnu.org/licenses/>. +# along with this program; if not, see <https://www.gnu.org/licenses/>. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -25,7 +25,7 @@ timestamp='2013-08-10' # of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# Please send patches to <config-patches@gnu.org>. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -33,7 +33,7 @@ timestamp='2013-08-10' # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases @@ -53,12 +53,11 @@ timestamp='2013-08-10' me=`echo "$0" | sed -e 's,.*/,,'` usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS +Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS Canonicalize a configuration name. -Operation modes: +Options: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit @@ -68,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>." version="\ GNU config.sub ($timestamp) -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -95,7 +94,7 @@ while test $# -gt 0 ; do *local*) # First pass through any local machine types. - echo $1 + echo "$1" exit ;; * ) @@ -113,24 +112,24 @@ esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ - kopensolaris*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ + kopensolaris*-gnu* | cloudabi*-eabi* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; android-linux) os=-linux-android - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ;; *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` + basic_machine=`echo "$1" | sed 's/-[^-]*$//'` + if [ "$basic_machine" != "$1" ] + then os=`echo "$1" | sed 's/.*-/-/'` else os=; fi ;; esac @@ -179,44 +178,44 @@ case $os in ;; -sco6) os=-sco5v6 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -lynx*178) os=-lynxos178 @@ -228,10 +227,7 @@ case $os in os=-lynxos ;; -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` - ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'` ;; -psos*) os=-psos @@ -255,16 +251,18 @@ case $basic_machine in | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ + | ba \ | be32 | be64 \ | bfin \ | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ - | epiphany \ - | fido | fr30 | frv \ + | e2k | epiphany \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ - | i370 | i860 | i960 | ia64 \ + | i370 | i860 | i960 | ia16 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ @@ -282,8 +280,10 @@ case $basic_machine in | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipsr5900 | mipsr5900el \ @@ -295,14 +295,15 @@ case $basic_machine in | nds32 | nds32le | nds32be \ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | open8 \ - | or1k | or32 \ - | pdp10 | pdp11 | pj | pjl \ + | open8 | or1k | or1knd | or32 \ + | pdp10 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pru \ | pyramid \ + | riscv32 | riscv64 \ | rl78 | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ @@ -310,7 +311,8 @@ case $basic_machine in | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ - | we32k \ + | visium \ + | wasm32 \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown @@ -324,11 +326,14 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65) ;; ms1) basic_machine=mt-unknown @@ -357,7 +362,7 @@ case $basic_machine in ;; # Object if more than one company name word. *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. @@ -369,18 +374,20 @@ case $basic_machine in | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | ba-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ + | e2k-* | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hexagon-* \ - | i*86-* | i860-* | i960-* | ia64-* \ + | i*86-* | i860-* | i960-* | ia16-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ @@ -400,8 +407,10 @@ case $basic_machine in | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipsr5900-* | mipsr5900el-* \ @@ -413,16 +422,19 @@ case $basic_machine in | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pru-* \ | pyramid-* \ + | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ @@ -430,6 +442,8 @@ case $basic_machine in | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ + | wasm32-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -443,7 +457,7 @@ case $basic_machine in # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) - basic_machine=i386-unknown + basic_machine=i386-pc os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) @@ -477,7 +491,7 @@ case $basic_machine in basic_machine=x86_64-pc ;; amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl @@ -506,6 +520,9 @@ case $basic_machine in basic_machine=i386-pc os=-aros ;; + asmjs) + basic_machine=asmjs-unknown + ;; aux) basic_machine=m68k-apple os=-aux @@ -519,7 +536,7 @@ case $basic_machine in os=-linux ;; blackfin-*) - basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) @@ -527,13 +544,13 @@ case $basic_machine in os=-cnk ;; c54x-*) - basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c55x-*) - basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c6x-*) - basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c90) basic_machine=c90-cray @@ -622,10 +639,18 @@ case $basic_machine in basic_machine=rs6000-bull os=-bosx ;; - dpx2* | dpx2*-bull) + dpx2*) basic_machine=m68k-bull os=-sysv3 ;; + e500v[12]) + basic_machine=powerpc-unknown + os=$os"spe" + ;; + e500v[12]-*) + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=$os"spe" + ;; ebmon29k) basic_machine=a29k-amd os=-ebmon @@ -715,9 +740,6 @@ case $basic_machine in hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; - hppa-next) - os=-nextstep3 - ;; hppaosf) basic_machine=hppa1.1-hp os=-osf @@ -730,26 +752,26 @@ case $basic_machine in basic_machine=i370-ibm ;; i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; - i386-vsta | vsta) + vsta) basic_machine=i386-unknown os=-vsta ;; @@ -767,17 +789,17 @@ case $basic_machine in basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) - basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; - m88k-omron*) - basic_machine=m88k-omron - ;; magnum | m3230) basic_machine=mips-mips os=-sysv @@ -809,10 +831,10 @@ case $basic_machine in os=-mint ;; mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'` ;; mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k @@ -822,12 +844,16 @@ case $basic_machine in basic_machine=powerpc-unknown os=-morphos ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; msdos) basic_machine=i386-pc os=-msdos ;; ms1-*) - basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'` ;; msys) basic_machine=i686-pc @@ -869,7 +895,7 @@ case $basic_machine in basic_machine=v70-nec os=-sysv ;; - next | m*-next ) + next | m*-next) basic_machine=m68k-next case $os in -nextstep* ) @@ -914,6 +940,12 @@ case $basic_machine in nsr-tandem) basic_machine=nsr-tandem ;; + nsv-tandem) + basic_machine=nsv-tandem + ;; + nsx-tandem) + basic_machine=nsx-tandem + ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf @@ -946,7 +978,7 @@ case $basic_machine in os=-linux ;; parisc-*) - basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; pbd) @@ -962,7 +994,7 @@ case $basic_machine in basic_machine=i386-pc ;; pc98-*) - basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc @@ -977,16 +1009,16 @@ case $basic_machine in basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould @@ -996,23 +1028,23 @@ case $basic_machine in ppc | ppcbe) basic_machine=powerpc-unknown ;; ppc-* | ppcbe-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - ppcle | powerpclittle | ppc-le | powerpc-little) + ppcle | powerpclittle) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpcle-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; - ppc64-* | ppc64p7-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) + ppc64le | powerpc64little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpc64le-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm @@ -1066,17 +1098,10 @@ case $basic_machine in sequent) basic_machine=i386-sequent ;; - sh) - basic_machine=sh-hitachi - os=-hms - ;; sh5el) basic_machine=sh5le-unknown ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) + simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; @@ -1095,7 +1120,7 @@ case $basic_machine in os=-sysv4 ;; strongarm-* | thumb-*) - basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=arm-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; sun2) basic_machine=m68000-sun @@ -1217,6 +1242,9 @@ case $basic_machine in basic_machine=hppa1.1-winbond os=-proelf ;; + x64) + basic_machine=x86_64-pc + ;; xbox) basic_machine=i686-pc os=-mingw32 @@ -1225,20 +1253,12 @@ case $basic_machine in basic_machine=xps100-honeywell ;; xscale-* | xscalee[bl]-*) - basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + basic_machine=`echo "$basic_machine" | sed 's/^xscale/arm/'` ;; ymp) basic_machine=ymp-cray os=-unicos ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim - ;; - z80-*-coff) - basic_machine=z80-unknown - os=-sim - ;; none) basic_machine=none-none os=-none @@ -1267,10 +1287,6 @@ case $basic_machine in vax) basic_machine=vax-dec ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; pdp11) basic_machine=pdp11-dec ;; @@ -1280,9 +1296,6 @@ case $basic_machine in sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; - sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) - basic_machine=sparc-sun - ;; cydra) basic_machine=cydra-cydrome ;; @@ -1302,7 +1315,7 @@ case $basic_machine in # Make sure to match an already-canonicalized machine name. ;; *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 exit 1 ;; esac @@ -1310,10 +1323,10 @@ esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'` ;; *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'` ;; *) ;; @@ -1324,8 +1337,8 @@ esac if [ x"$os" != x"" ] then case $os in - # First match some system type aliases - # that might get confused with valid system types. + # First match some system type aliases that might get confused + # with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux @@ -1336,45 +1349,48 @@ case $os in -solaris) os=-solaris2 ;; - -svr4*) - os=-sysv4 - ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; - # First accept the basic system types. + # es1800 is here to avoid being matched by es* (a different OS) + -es1800*) + os=-ose + ;; + # Now accept the basic system types. # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. + # Each alternative MUST end in a * to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ + | -aos* | -aros* | -cloudabi* | -sortix* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -bitrig* | -openbsd* | -solidbsd* \ + | -hiux* | -knetbsd* | -mirbsd* | -netbsd* \ + | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* | -cegcc* \ + | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -morphos* | -superux* | -rtmk* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ + | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox* | -bme* \ + | -midnightbsd*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1391,12 +1407,12 @@ case $os in -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + -sim | -xray | -os68k* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) - os=`echo $os | sed -e 's|mac|macos|'` + os=`echo "$os" | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc @@ -1405,10 +1421,10 @@ case $os in os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` + os=`echo "$os" | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` + os=`echo "$os" | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition @@ -1419,12 +1435,6 @@ case $os in -wince*) os=-wince ;; - -osfrose*) - os=-osfrose - ;; - -osf*) - os=-osf - ;; -utek*) os=-bsd ;; @@ -1449,7 +1459,7 @@ case $os in -nova*) os=-rtmk-nova ;; - -ns2 ) + -ns2) os=-nextstep2 ;; -nsk*) @@ -1471,7 +1481,7 @@ case $os in -oss*) os=-sysv3 ;; - -svr4) + -svr4*) os=-sysv4 ;; -svr3) @@ -1486,32 +1496,38 @@ case $os in -ose*) os=-ose ;; - -es1800*) - os=-ose - ;; - -xenix) - os=-xenix - ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; - -aros*) - os=-aros - ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; + -pikeos*) + # Until real need of OS specific support for + # particular features comes up, bare metal + # configurations are quite functional. + case $basic_machine in + arm*) + os=-eabi + ;; + *) + os=-elf + ;; + esac + ;; -nacl*) ;; + -ios) + ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2 exit 1 ;; esac @@ -1592,9 +1608,6 @@ case $basic_machine in mips*-*) os=-elf ;; - or1k-*) - os=-elf - ;; or32-*) os=-coff ;; @@ -1604,12 +1617,12 @@ case $basic_machine in sparc-* | *-sun) os=-sunos4.1.1 ;; + pru-*) + os=-elf + ;; *-be) os=-beos ;; - *-haiku) - os=-haiku - ;; *-ibm) os=-aix ;; @@ -1649,7 +1662,7 @@ case $basic_machine in m88k-omron*) os=-luna ;; - *-next ) + *-next) os=-nextstep ;; *-sequent) @@ -1664,9 +1677,6 @@ case $basic_machine in i370-*) os=-mvs ;; - *-next) - os=-nextstep3 - ;; *-gould) os=-sysv ;; @@ -1776,15 +1786,15 @@ case $basic_machine in vendor=stratus ;; esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"` ;; esac -echo $basic_machine$os +echo "$basic_machine$os" exit # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'write-file-functions 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff --git a/contrib/unbound/configure b/contrib/unbound/configure index 54f93db12417..d140a1f538ee 100755 --- a/contrib/unbound/configure +++ b/contrib/unbound/configure @@ -1,8 +1,8 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.5.10. +# Generated by GNU Autoconf 2.69 for unbound 1.9.6. # -# Report bugs to <unbound-bugs@nlnetlabs.nl>. +# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -275,10 +275,11 @@ fi $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org and -$0: unbound-bugs@nlnetlabs.nl about your system, including -$0: any error possibly output before this message. Then -$0: install a modern shell, or manually run the script -$0: under such a shell if you do have one." +$0: unbound-bugs@nlnetlabs.nl or +$0: https://github.com/NLnetLabs/unbound/issues about your +$0: system, including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." fi exit 1 fi @@ -590,9 +591,9 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.5.10' -PACKAGE_STRING='unbound 1.5.10' -PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' +PACKAGE_VERSION='1.9.6' +PACKAGE_STRING='unbound 1.9.6' +PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' # Factoring default headers for most tests. @@ -638,6 +639,14 @@ INSTALLTARGET ALLTARGET SOURCEFILE SOURCEDETERMINE +IPSET_OBJ +IPSET_SRC +IPSECMOD_HEADER +IPSECMOD_OBJ +DNSCRYPT_OBJ +DNSCRYPT_SRC +ENABLE_DNSCRYPT +ENABLE_DNSCRYPT_XCHACHA20 DNSTAP_OBJ DNSTAP_SRC opt_dnstap_socket_path @@ -659,8 +668,11 @@ WINAPPS WINDRES CHECKLOCK_OBJ staticexe +PC_LIBEVENT_DEPENDENCY UNBOUND_EVENT_UNINSTALL UNBOUND_EVENT_INSTALL +SUBNET_HEADER +SUBNET_OBJ SSLLIB HAVE_SSL CONFIG_DATE @@ -678,6 +690,7 @@ WITH_PYTHONMODULE swig SWIG_LIB SWIG +PC_PY_DEPENDENCY PY_MAJOR_VERSION PYTHON_SITE_PKG PYTHON_LDFLAGS @@ -689,8 +702,19 @@ PTHREAD_CFLAGS PTHREAD_LIBS PTHREAD_CC ax_pthread_config +ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ +SLDNS_ALLOCCHECK_EXTRA_OBJ +USE_SYSTEMD_FALSE +USE_SYSTEMD_TRUE +SYSTEMD_DAEMON_LIBS +SYSTEMD_DAEMON_CFLAGS +SYSTEMD_LIBS +SYSTEMD_CFLAGS RUNTIME_PATH LIBOBJS +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH +PKG_CONFIG LT_SYS_LIBRARY_PATH OTOOL64 OTOOL @@ -739,6 +763,9 @@ UNBOUND_CHROOT_DIR UNBOUND_RUN_DIR ub_conf_dir ub_conf_file +UNBOUND_LOCALSTATE_DIR +UNBOUND_SYSCONF_DIR +UNBOUND_SBIN_DIR EGREP GREP CPP @@ -774,6 +801,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -819,33 +847,47 @@ with_sysroot enable_libtool_lock enable_rpath enable_largefile +enable_systemd enable_alloc_checks enable_alloc_lite enable_alloc_nonregional with_pthreads with_solaris_threads +with_syslog_facility with_pyunbound with_pythonmodule +enable_swig_version_check with_nss with_nettle with_ssl +enable_sha1 enable_sha2 +enable_subnet enable_gost enable_ecdsa enable_dsa +enable_ed25519 +enable_ed448 enable_event_api enable_tfo_client enable_tfo_server with_libevent with_libexpat +with_libhiredis enable_static_exe +enable_fully_static enable_lock_checks enable_allsymbols enable_dnstap with_dnstap_socket_path with_protobuf_c with_libfstrm +enable_dnscrypt +with_libsodium enable_cachedb +enable_ipsecmod +enable_ipset +with_libmnl with_libunbound_only ' ac_precious_vars='build_alias @@ -860,6 +902,13 @@ CPP YACC YFLAGS LT_SYS_LIBRARY_PATH +PKG_CONFIG +PKG_CONFIG_PATH +PKG_CONFIG_LIBDIR +SYSTEMD_CFLAGS +SYSTEMD_LIBS +SYSTEMD_DAEMON_CFLAGS +SYSTEMD_DAEMON_LIBS PYTHON_VERSION' @@ -899,6 +948,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1151,6 +1201,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1288,7 +1347,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1401,7 +1460,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.5.10 to adapt to many kinds of systems. +\`configure' configures unbound 1.9.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1441,6 +1500,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1466,7 +1526,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.5.10:";; + short | recursive ) echo "Configuration of unbound 1.9.6:";; esac cat <<\_ACEOF @@ -1488,6 +1548,7 @@ Optional Features: --disable-libtool-lock avoid locking (might break parallel builds) --disable-rpath disable hardcoded rpath (default=enabled) --disable-largefile omit support for large files + --enable-systemd compile with systemd support --enable-alloc-checks enable to memory allocation statistics, for debug purposes --enable-alloc-lite enable for lightweight alloc assertions, for debug @@ -1496,24 +1557,37 @@ Optional Features: enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes + --disable-swig-version-check + Disable swig version check to build python modules + with older swig even though that is unreliable + --disable-sha1 Disable SHA1 RRSIG support, does not disable nsec3 + support --disable-sha2 Disable SHA256 and SHA512 RRSIG support + --enable-subnet Enable client subnet --disable-gost Disable GOST support --disable-ecdsa Disable ECDSA support --disable-dsa Disable DSA support + --disable-ed25519 Disable ED25519 support + --disable-ed448 Disable ED448 support --enable-event-api Enable (experimental) pluggable event base libunbound API installed to unbound-event.h --enable-tfo-client Enable TCP Fast Open for client mode --enable-tfo-server Enable TCP Fast Open for server mode --enable-static-exe enable to compile executables statically against - (event) libs, for debug purposes + (event) uninstalled libs, for debug purposes + --enable-fully-static enable to compile fully static --enable-lock-checks enable to check lock and unlock calls, for debug purposes --enable-allsymbols export all symbols from libunbound and link binaries to it, smaller install size but libunbound export table is polluted by internal symbols --enable-dnstap Enable dnstap support (requires fstrm, protobuf-c) + --enable-dnscrypt Enable dnscrypt support (requires libsodium) --enable-cachedb enable cachedb module that can use external cache storage + --enable-ipsecmod Enable ipsecmod module that facilitates + opportunistic IPsec + --enable-ipset enable ipset module Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -1547,6 +1621,8 @@ Optional Packages: --with-pthreads use pthreads library, or --without-pthreads to disable threading support. --with-solaris-threads use solaris native thread library. + --with-syslog-facility=LOCAL0 - LOCAL7 + set SYSLOG_FACILITY, default DAEMON --with-pyunbound build PyUnbound, or --without-pyunbound to skip it. (default=no) --with-pythonmodule build Python module, or --without-pythonmodule to @@ -1562,10 +1638,13 @@ Optional Packages: an explicit path). Slower, but allows use of large outgoing port ranges. --with-libexpat=path specify explicit path for libexpat. + --with-libhiredis=path specify explicit path for libhiredis. --with-dnstap-socket-path=pathname set default dnstap socket path --with-protobuf-c=path Path where protobuf-c is installed, for dnstap --with-libfstrm=path Path where libfstrm is installed, for dnstap + --with-libsodium=path Path where libsodium is installed, for dnscrypt + --with-libmnl=path specify explicit path for libmnl. --with-libunbound-only do not build daemon and tool programs Some influential environment variables: @@ -1585,6 +1664,19 @@ Some influential environment variables: default value of `-d' given by some make applications. LT_SYS_LIBRARY_PATH User-defined run-time library search path. + PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path + PKG_CONFIG_LIBDIR + path overriding pkg-config's built-in search path + SYSTEMD_CFLAGS + C compiler flags for SYSTEMD, overriding pkg-config + SYSTEMD_LIBS + linker flags for SYSTEMD, overriding pkg-config + SYSTEMD_DAEMON_CFLAGS + C compiler flags for SYSTEMD_DAEMON, overriding pkg-config + SYSTEMD_DAEMON_LIBS + linker flags for SYSTEMD_DAEMON, overriding pkg-config PYTHON_VERSION The installed Python version to use, for example '2.3'. This string will be appended to the Python interpreter canonical @@ -1593,7 +1685,7 @@ Some influential environment variables: Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. -Report bugs to <unbound-bugs@nlnetlabs.nl>. +Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>. _ACEOF ac_status=$? fi @@ -1656,7 +1748,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.5.10 +unbound configure 1.9.6 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1815,9 +1907,9 @@ $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} -( $as_echo "## ---------------------------------------- ## -## Report this to unbound-bugs@nlnetlabs.nl ## -## ---------------------------------------- ##" +( $as_echo "## --------------------------------------------------------------------------------------- ## +## Report this to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues ## +## --------------------------------------------------------------------------------------- ##" ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac @@ -2365,7 +2457,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.5.10, which was +It was created by unbound $as_me 1.9.6, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2715,14 +2807,14 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu UNBOUND_VERSION_MAJOR=1 -UNBOUND_VERSION_MINOR=5 +UNBOUND_VERSION_MINOR=9 -UNBOUND_VERSION_MICRO=10 +UNBOUND_VERSION_MICRO=6 -LIBUNBOUND_CURRENT=6 -LIBUNBOUND_REVISION=2 -LIBUNBOUND_AGE=4 +LIBUNBOUND_CURRENT=9 +LIBUNBOUND_REVISION=6 +LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 # 1.0.2 had 0:14:0 @@ -2771,6 +2863,30 @@ LIBUNBOUND_AGE=4 # 1.5.8 had 6:0:4 # adds ub_ctx_set_stub # 1.5.9 had 6:1:4 # 1.5.10 had 6:2:4 +# 1.6.0 had 6:3:4 +# 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type +# 1.6.2 had 7:1:5 +# 1.6.3 had 7:2:5 +# 1.6.4 had 7:3:5 +# 1.6.5 had 7:4:5 +# 1.6.6 had 7:5:5 +# 1.6.7 had 7:6:5 +# 1.6.8 had 7:7:5 +# 1.7.0 had 7:8:5 +# 1.7.1 had 7:9:5 +# 1.7.2 had 7:10:5 +# 1.7.3 had 7:11:5 +# 1.8.0 had 8:0:0 # changes the event callback function signature +# 1.8.1 had 8:1:0 +# 1.8.2 had 8:2:0 +# 1.8.3 had 8:3:0 +# 1.9.0 had 9:0:1 # add ub_ctx_set_tls +# 1.9.1 had 9:1:1 +# 1.9.2 had 9:2:1 +# 1.9.3 had 9:3:1 +# 1.9.4 had 9:4:1 +# 1.9.5 had 9:5:1 +# 1.9.6 had 9:6:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -2786,7 +2902,7 @@ LIBUNBOUND_AGE=4 # Current and Age. Set Revision to 0, since this is the first # implementation of the new API. # -# Otherwise, we're changing the binary API and breaking bakward +# Otherwise, we're changing the binary API and breaking backward # compatibility with old binaries. Increment Current. Set Age to 0, # since we're backward compatible with no previous APIs. Set Revision # to 0 too. @@ -2794,6 +2910,14 @@ LIBUNBOUND_AGE=4 + +cmdln="`echo $@ | sed -e 's/\\\\/\\\\\\\\/g' | sed -e 's/"/\\\\"/'g`" + +cat >>confdefs.h <<_ACEOF +#define CONFCMDLINE "$cmdln" +_ACEOF + + CFLAGS="$CFLAGS" ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -4055,6 +4179,11 @@ case "$prefix" in prefix="/usr/local" ;; esac +case "$exec_prefix" in + NONE) + exec_prefix="$prefix" + ;; +esac # are we on MinGW? if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" @@ -4066,10 +4195,16 @@ fi # # Determine configuration file # the eval is to evaluate shell expansion twice +UNBOUND_SBIN_DIR=`eval echo "${sbindir}"` + +UNBOUND_SYSCONF_DIR=`eval echo "${sysconfdir}"` + +UNBOUND_LOCALSTATE_DIR=`eval echo "${localstatedir}"` + if test $on_mingw = "no"; then ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` else - ub_conf_file="C:\\Program Files (x86)\\Unbound\\service.conf" + ub_conf_file="C:\\Program Files\\Unbound\\service.conf" fi # Check whether --with-conf_file was given. @@ -4200,7 +4335,7 @@ else if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" else - UNBOUND_ROOTKEY_FILE="C:\\Program Files (x86)\\Unbound\\root.key" + UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" fi fi @@ -4222,7 +4357,7 @@ else if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" else - UNBOUND_ROOTCERT_FILE="C:\\Program Files (x86)\\Unbound\\icannbundle.pem" + UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" fi fi @@ -4351,6 +4486,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu # allow user to override the -g -O2 flags. +default_cflags=no if test "x$CFLAGS" = "x" ; then @@ -4414,6 +4550,7 @@ $as_echo "no" >&6; } fi +default_cflags=yes fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -5867,6 +6004,10 @@ $as_echo "#define UNBOUND_DEBUG /**/" >>confdefs.h # nothing to do. ;; esac +if test "$default_cflags" = "yes"; then + # only when CFLAGS was "" at the start, if the users wants to + # override we shouldn't add default cflags, because they wouldn't + # be able to turn off these options and set the CFLAGS wanted. # Check whether --enable-flto was given. if test "${enable_flto+set}" = set; then : @@ -6001,6 +6142,7 @@ rm -f core conftest.err conftest.$ac_objext \ fi +fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 $as_echo_n "checking for inline... " >&6; } @@ -6167,6 +6309,54 @@ if test $ac_cv_c_weak_attribute = yes; then $as_echo "#define HAVE_ATTR_WEAK 1" >>confdefs.h + +$as_echo "#define ATTR_WEAK __attribute__((weak))" >>confdefs.h + +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler (${CC-cc}) accepts the \"noreturn\" attribute" >&5 +$as_echo_n "checking whether the C compiler (${CC-cc}) accepts the \"noreturn\" attribute... " >&6; } +if ${ac_cv_c_noreturn_attribute+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_noreturn_attribute=no +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include <stdio.h> +__attribute__((noreturn)) void f(int x) { printf("%d", x); } + +int +main () +{ + + f(1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_noreturn_attribute="yes" +else + ac_cv_c_noreturn_attribute="no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_noreturn_attribute" >&5 +$as_echo "$ac_cv_c_noreturn_attribute" >&6; } +if test $ac_cv_c_noreturn_attribute = yes; then + +$as_echo "#define HAVE_ATTR_NORETURN 1" >>confdefs.h + + +$as_echo "#define ATTR_NORETURN __attribute__((__noreturn__))" >>confdefs.h + fi @@ -6176,6 +6366,8 @@ fi + + for ac_prog in flex lex do # Extract the first word of "$ac_prog", so it can be a program name with args. @@ -6335,6 +6527,7 @@ fi rm -f conftest.l $LEX_OUTPUT_ROOT.c fi +if test "$LEX" != "" -a "$LEX" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for yylex_destroy" >&5 $as_echo_n "checking for yylex_destroy... " >&6; } @@ -6345,8 +6538,27 @@ $as_echo "#define LEX_HAS_YYLEX_DESTROY 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; }; fi +$as_echo "no" >&6; }; + LEX=":" + fi + +fi +if test "$LEX" != "" -a "$LEX" != ":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lex %option" >&5 +$as_echo_n "checking for lex %option... " >&6; } + if cat <<EOF | $LEX -t 2>&1 | grep yy_delete_buffer >/dev/null 2>&1; then +%option nounput +%% +EOF + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; + LEX=":" + fi + +fi for ac_prog in 'bison -y' byacc do # Extract the first word of "$ac_prog", so it can be a program name with args. @@ -7849,7 +8061,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; -netbsd*) +netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' else @@ -11314,6 +11526,9 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie openbsd* | bitrig*) with_gnu_ld=no ;; + linux* | k*bsd*-gnu | gnu*) + link_all_deplibs=no + ;; esac ld_shlibs=yes @@ -11568,7 +11783,7 @@ _LT_EOF fi ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= @@ -12238,6 +12453,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } if test yes = "$lt_cv_irix_exported_symbol"; then archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + link_all_deplibs=no else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' @@ -12259,7 +12475,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else @@ -13354,9 +13570,6 @@ fi # before this can be enabled. hardcode_into_libs=yes - # Add ABI-specific directories to the system library path. - sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" - # Ideally, we could use ldconfig to report *all* directores which are # searched for libraries, however this is still not possible. Aside from not # being certain /sbin/ldconfig is available, command @@ -13365,7 +13578,7 @@ fi # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -13377,6 +13590,18 @@ fi dynamic_linker='GNU/Linux ld.so' ;; +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + netbsd*) version_type=sunos need_lib_prefix=no @@ -14386,8 +14611,129 @@ CC=$lt_save_CC + + + + + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi + # Checks for header files. -for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h +for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default @@ -14750,6 +15096,39 @@ cat >>confdefs.h <<_ACEOF _ACEOF +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5 +$as_echo_n "checking size of size_t... " >&6; } +if ${ac_cv_sizeof_size_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_size_t" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (size_t) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_size_t=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5 +$as_echo "$ac_cv_sizeof_size_t" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_SIZE_T $ac_cv_sizeof_size_t +_ACEOF + + # add option to disable the evil rpath @@ -15289,7 +15668,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15335,7 +15714,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15359,7 +15738,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15404,7 +15783,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15428,7 +15807,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15797,6 +16176,208 @@ fi done +# check if we can use SO_REUSEPORT +if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then + +$as_echo "#define REUSEPORT_DEFAULT 1" >>confdefs.h + +else + +$as_echo "#define REUSEPORT_DEFAULT 0" >>confdefs.h + +fi + +# Include systemd.m4 - begin +# macros for configuring systemd +# Copyright 2015, Sami Kerola, CloudFlare. +# BSD licensed. +# Check whether --enable-systemd was given. +if test "${enable_systemd+set}" = set; then : + enableval=$enable_systemd; +else + enable_systemd=no +fi + +have_systemd=no +if test "x$enable_systemd" != xno; then : + + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5 +$as_echo_n "checking for SYSTEMD... " >&6; } + +if test -n "$SYSTEMD_CFLAGS"; then + pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "libsystemd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$SYSTEMD_LIBS"; then + pkg_cv_SYSTEMD_LIBS="$SYSTEMD_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_LIBS=`$PKG_CONFIG --libs "libsystemd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd" 2>&1` + else + SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$SYSTEMD_PKG_ERRORS" >&5 + + have_systemd=no +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + have_systemd=no +else + SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS + SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + have_systemd=yes +fi + if test "x$have_systemd" != "xyes"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD_DAEMON" >&5 +$as_echo_n "checking for SYSTEMD_DAEMON... " >&6; } + +if test -n "$SYSTEMD_DAEMON_CFLAGS"; then + pkg_cv_SYSTEMD_DAEMON_CFLAGS="$SYSTEMD_DAEMON_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_DAEMON_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-daemon" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$SYSTEMD_DAEMON_LIBS"; then + pkg_cv_SYSTEMD_DAEMON_LIBS="$SYSTEMD_DAEMON_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-daemon\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd-daemon") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_DAEMON_LIBS=`$PKG_CONFIG --libs "libsystemd-daemon" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-daemon" 2>&1` + else + SYSTEMD_DAEMON_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-daemon" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$SYSTEMD_DAEMON_PKG_ERRORS" >&5 + + have_systemd_daemon=no +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + have_systemd_daemon=no +else + SYSTEMD_DAEMON_CFLAGS=$pkg_cv_SYSTEMD_DAEMON_CFLAGS + SYSTEMD_DAEMON_LIBS=$pkg_cv_SYSTEMD_DAEMON_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + have_systemd_daemon=yes +fi + if test "x$have_systemd_daemon" = "xyes"; then : + have_systemd=yes +fi + +fi + case $enable_systemd:$have_systemd in #( + yes:no) : + as_fn_error $? "systemd enabled but libsystemd not found" "$LINENO" 5 ;; #( + *:yes) : + +$as_echo "#define HAVE_SYSTEMD 1" >>confdefs.h + + LIBS="$LIBS $SYSTEMD_LIBS" + + ;; #( + *) : + ;; +esac + + +fi + if test "x$have_systemd" = xyes; then + USE_SYSTEMD_TRUE= + USE_SYSTEMD_FALSE='#' +else + USE_SYSTEMD_TRUE='#' + USE_SYSTEMD_FALSE= +fi + + +# Include systemd.m4 - end + # set memory allocation checking if requested # Check whether --enable-alloc-checks was given. if test "${enable_alloc_checks+set}" = set; then : @@ -15822,6 +16403,10 @@ if test x_$enable_alloc_checks = x_yes; then $as_echo "#define UNBOUND_ALLOC_STATS 1" >>confdefs.h + SLDNS_ALLOCCHECK_EXTRA_OBJ="alloc.lo log.lo" + + ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ="alloc.lo" + else if test x_$enable_alloc_lite = x_yes; then @@ -16389,7 +16974,9 @@ if test x"$ax_pthread_ok" = xyes; then $as_echo "#define HAVE_PTHREAD 1" >>confdefs.h - LIBS="$PTHREAD_LIBS $LIBS" + if test -n "$PTHREAD_LIBS"; then + LIBS="$PTHREAD_LIBS $LIBS" + fi CFLAGS="$CFLAGS $PTHREAD_CFLAGS" CC="$PTHREAD_CC" ub_have_pthreads=yes @@ -16583,6 +17170,26 @@ fi fi # end of non-mingw check of thread libraries +# Check for SYSLOG_FACILITY + +# Check whether --with-syslog-facility was given. +if test "${with_syslog_facility+set}" = set; then : + withval=$with_syslog_facility; UNBOUND_SYSLOG_FACILITY="$withval" +fi + +case "${UNBOUND_SYSLOG_FACILITY}" in + + LOCAL[0-7]) UNBOUND_SYSLOG_FACILITY="LOG_${UNBOUND_SYSLOG_FACILITY}" ;; + + *) UNBOUND_SYSLOG_FACILITY="LOG_DAEMON" ;; + +esac + +cat >>confdefs.h <<_ACEOF +#define UB_SYSLOG_FACILITY ${UNBOUND_SYSLOG_FACILITY} +_ACEOF + + # Check for PyUnbound # Check whether --with-pyunbound was given. @@ -16682,8 +17289,7 @@ fi # { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5 $as_echo_n "checking for the distutils Python package... " >&6; } - ac_distutils_result=`$PYTHON -c "import distutils" 2>&1` - if test -z "$ac_distutils_result"; then + if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else @@ -16820,12 +17426,154 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu $as_echo "#define HAVE_PYTHON 1" >>confdefs.h - LIBS="$PYTHON_LDFLAGS $LIBS" - CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" + if test -n "$LIBS"; then + LIBS="$PYTHON_LDFLAGS $LIBS" + else + LIBS="$PYTHON_LDFLAGS" + fi + if test -n "$CPPFLAGS"; then + CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" + else + CPPFLAGS="$PYTHON_CPPFLAGS" + fi ub_have_python=yes + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\"python\${PY_MAJOR_VERSION}\"\""; } >&5 + ($PKG_CONFIG --exists --print-errors ""python${PY_MAJOR_VERSION}"") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + PC_PY_DEPENDENCY="python${PY_MAJOR_VERSION}" +else + PC_PY_DEPENDENCY="python" +fi + # Check for SWIG ub_have_swig=no + # Check whether --enable-swig-version-check was given. +if test "${enable_swig_version_check+set}" = set; then : + enableval=$enable_swig_version_check; +fi + + if test "$enable_swig_version_check" = "yes"; then + + # Extract the first word of "swig", so it can be a program name with args. +set dummy swig; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_SWIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $SWIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_SWIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +SWIG=$ac_cv_path_SWIG +if test -n "$SWIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5 +$as_echo "$SWIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test -z "$SWIG" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&5 +$as_echo "$as_me: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&2;} + SWIG='echo "Error: SWIG is not installed. You should look at http://www.swig.org" ; false' + elif test -n "2.0.1" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SWIG version" >&5 +$as_echo_n "checking for SWIG version... " >&6; } + swig_version=`$SWIG -version 2>&1 | grep 'SWIG Version' | sed 's/.*\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/g'` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $swig_version" >&5 +$as_echo "$swig_version" >&6; } + if test -n "$swig_version" ; then + # Calculate the required version number components + required=2.0.1 + required_major=`echo $required | sed 's/[^0-9].*//'` + if test -z "$required_major" ; then + required_major=0 + fi + required=`echo $required | sed 's/[0-9]*[^0-9]//'` + required_minor=`echo $required | sed 's/[^0-9].*//'` + if test -z "$required_minor" ; then + required_minor=0 + fi + required=`echo $required | sed 's/[0-9]*[^0-9]//'` + required_patch=`echo $required | sed 's/[^0-9].*//'` + if test -z "$required_patch" ; then + required_patch=0 + fi + # Calculate the available version number components + available=$swig_version + available_major=`echo $available | sed 's/[^0-9].*//'` + if test -z "$available_major" ; then + available_major=0 + fi + available=`echo $available | sed 's/[0-9]*[^0-9]//'` + available_minor=`echo $available | sed 's/[^0-9].*//'` + if test -z "$available_minor" ; then + available_minor=0 + fi + available=`echo $available | sed 's/[0-9]*[^0-9]//'` + available_patch=`echo $available | sed 's/[^0-9].*//'` + if test -z "$available_patch" ; then + available_patch=0 + fi + badversion=0 + if test $available_major -lt $required_major ; then + badversion=1 + fi + if test $available_major -eq $required_major \ + -a $available_minor -lt $required_minor ; then + badversion=1 + fi + if test $available_major -eq $required_major \ + -a $available_minor -eq $required_minor \ + -a $available_patch -lt $required_patch ; then + badversion=1 + fi + if test $badversion -eq 1 ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SWIG version >= 2.0.1 is required. You have $swig_version. You should look at http://www.swig.org" >&5 +$as_echo "$as_me: WARNING: SWIG version >= 2.0.1 is required. You have $swig_version. You should look at http://www.swig.org" >&2;} + SWIG='echo "Error: SWIG version >= 2.0.1 is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: SWIG executable is '$SWIG'" >&5 +$as_echo "$as_me: SWIG executable is '$SWIG'" >&6;} + SWIG_LIB=`$SWIG -swiglib` + { $as_echo "$as_me:${as_lineno-$LINENO}: SWIG library directory is '$SWIG_LIB'" >&5 +$as_echo "$as_me: SWIG library directory is '$SWIG_LIB'" >&6;} + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot determine SWIG version" >&5 +$as_echo "$as_me: WARNING: cannot determine SWIG version" >&2;} + SWIG='echo "Error: Cannot determine SWIG version. You should look at http://www.swig.org" ; false' + fi + fi + + + else # Extract the first word of "swig", so it can be a program name with args. set dummy swig; ac_word=$2 @@ -16910,9 +17658,20 @@ $as_echo "$swig_version" >&6; } if test -z "$available_patch" ; then available_patch=0 fi - if test $available_major -ne $required_major \ - -o $available_minor -ne $required_minor \ - -o $available_patch -lt $required_patch ; then + badversion=0 + if test $available_major -lt $required_major ; then + badversion=1 + fi + if test $available_major -eq $required_major \ + -a $available_minor -lt $required_minor ; then + badversion=1 + fi + if test $available_major -eq $required_major \ + -a $available_minor -eq $required_minor \ + -a $available_patch -lt $required_patch ; then + badversion=1 + fi + if test $badversion -eq 1 ; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SWIG version >= is required. You have $swig_version. You should look at http://www.swig.org" >&5 $as_echo "$as_me: WARNING: SWIG version >= is required. You have $swig_version. You should look at http://www.swig.org" >&2;} SWIG='echo "Error: SWIG version >= is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' @@ -16931,6 +17690,7 @@ $as_echo "$as_me: WARNING: cannot determine SWIG version" >&2;} fi + fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking SWIG" >&5 $as_echo_n "checking SWIG... " >&6; } if test ! -x "$SWIG"; then @@ -17163,8 +17923,8 @@ $as_echo "no" >&6; } # check if -lwsock32 or -lgdi32 are needed. BAKLIBS="$LIBS" BAKSSLLIBS="$LIBSSL_LIBS" - LIBS="$LIBS -lgdi32" - LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32" + LIBS="$LIBS -lgdi32 -lws2_32" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -lgdi32" >&5 $as_echo_n "checking if -lcrypto needs -lgdi32... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -17506,16 +18266,6 @@ fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_ARC4RANDOM_UNIFORM $ac_have_decl _ACEOF -ac_fn_c_check_decl "$LINENO" "reallocarray" "ac_cv_have_decl_reallocarray" "$ac_includes_default" -if test "x$ac_cv_have_decl_reallocarray" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_REALLOCARRAY $ac_have_decl -_ACEOF else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 @@ -17535,7 +18285,7 @@ fi done -for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup +for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -17551,12 +18301,13 @@ done # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -for ac_func in OPENSSL_init_ssl +for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites do : - ac_fn_c_check_func "$LINENO" "OPENSSL_init_ssl" "ac_cv_func_OPENSSL_init_ssl" -if test "x$ac_cv_func_OPENSSL_init_ssl" = xyes; then : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_INIT_SSL 1 +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi @@ -17655,10 +18406,83 @@ cat >>confdefs.h <<_ACEOF #define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO $ac_have_decl _ACEOF + +if test "$ac_cv_func_HMAC_Init_ex" = "yes"; then +# check function return type. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the return type of HMAC_Init_ex" >&5 +$as_echo_n "checking the return type of HMAC_Init_ex... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_OPENSSL_ERR_H +#include <openssl/err.h> +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include <openssl/rand.h> +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include <openssl/conf.h> +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include <openssl/engine.h> +#endif +#include <openssl/ssl.h> +#include <openssl/evp.h> + +int +main () +{ + + HMAC_CTX* hmac_ctx = NULL; + void* hmac_key = NULL; + const EVP_MD* digest = NULL; + int x = HMAC_Init_ex(hmac_ctx, hmac_key, 32, digest, NULL); + (void)x; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: int" >&5 +$as_echo "int" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: void" >&5 +$as_echo "void" >&6; } + +$as_echo "#define HMAC_INIT_EX_RETURNS_VOID 1" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + fi +# Check whether --enable-sha1 was given. +if test "${enable_sha1+set}" = set; then : + enableval=$enable_sha1; +fi + +case "$enable_sha1" in + no) + ;; + yes|*) + +$as_echo "#define USE_SHA1 1" >>confdefs.h + + ;; +esac + + # Check whether --enable-sha2 was given. if test "${enable_sha2+set}" = set; then : enableval=$enable_sha2; @@ -17674,6 +18498,25 @@ $as_echo "#define USE_SHA2 1" >>confdefs.h ;; esac +# Check whether --enable-subnet was given. +if test "${enable_subnet+set}" = set; then : + enableval=$enable_subnet; +fi + +case "$enable_subnet" in + yes) + +$as_echo "#define CLIENT_SUBNET 1" >>confdefs.h + + SUBNET_OBJ="edns-subnet.lo subnetmod.lo addrtree.lo subnet-whitelist.lo" + + SUBNET_HEADER='$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/edns-subnet/addrtree.h' + + ;; + no|*) + ;; +esac + # check wether gost also works # Check whether --enable-gost was given. @@ -17925,13 +18768,36 @@ if test "${enable_dsa+set}" = set; then : fi use_dsa="no" -case "$enable_ecdsa" in +case "$enable_dsa" in no) ;; *) # detect if DSA is supported, and turn it off if not. - ac_fn_c_check_func "$LINENO" "EVP_dss1" "ac_cv_func_EVP_dss1" -if test "x$ac_cv_func_EVP_dss1" = xyes; then : + if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then + ac_fn_c_check_func "$LINENO" "DSA_SIG_new" "ac_cv_func_DSA_SIG_new" +if test "x$ac_cv_func_DSA_SIG_new" = xyes; then : + + as_ac_Type=`$as_echo "ac_cv_type_DSA_SIG*" | $as_tr_sh` +ac_fn_c_check_type "$LINENO" "DSA_SIG*" "$as_ac_Type" " +$ac_includes_default +#ifdef HAVE_OPENSSL_ERR_H +#include <openssl/err.h> +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include <openssl/rand.h> +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include <openssl/conf.h> +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include <openssl/engine.h> +#endif + +" +if eval test \"x\$"$as_ac_Type"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF @@ -17944,9 +18810,124 @@ else fi fi + +else + if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5 + fi +fi + + else + +cat >>confdefs.h <<_ACEOF +#define USE_DSA 1 +_ACEOF + + fi + ;; +esac + +# Check whether --enable-ed25519 was given. +if test "${enable_ed25519+set}" = set; then : + enableval=$enable_ed25519; +fi + +use_ed25519="no" +case "$enable_ed25519" in + no) + ;; + *) + if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then + ac_fn_c_check_decl "$LINENO" "NID_ED25519" "ac_cv_have_decl_NID_ED25519" "$ac_includes_default +#include <openssl/evp.h> + +" +if test "x$ac_cv_have_decl_NID_ED25519" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_NID_ED25519 $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + use_ed25519="yes" + +else + if test "x$enable_ed25519" = "xyes"; then as_fn_error $? "OpenSSL does not support ED25519 and you used --enable-ed25519." "$LINENO" 5 + fi +fi + + fi + if test $USE_NETTLE = "yes"; then + for ac_header in nettle/eddsa.h +do : + ac_fn_c_check_header_compile "$LINENO" "nettle/eddsa.h" "ac_cv_header_nettle_eddsa_h" "$ac_includes_default +" +if test "x$ac_cv_header_nettle_eddsa_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETTLE_EDDSA_H 1 +_ACEOF + use_ed25519="yes" +fi + +done + + fi + if test $use_ed25519 = "yes"; then + +cat >>confdefs.h <<_ACEOF +#define USE_ED25519 1 +_ACEOF + + fi ;; esac +# Check whether --enable-ed448 was given. +if test "${enable_ed448+set}" = set; then : + enableval=$enable_ed448; +fi + +use_ed448="no" +case "$enable_ed448" in + no) + ;; + *) + if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then + ac_fn_c_check_decl "$LINENO" "NID_ED448" "ac_cv_have_decl_NID_ED448" "$ac_includes_default +#include <openssl/evp.h> + +" +if test "x$ac_cv_have_decl_NID_ED448" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_NID_ED448 $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + use_ed448="yes" + +else + if test "x$enable_ed448" = "xyes"; then as_fn_error $? "OpenSSL does not support ED448 and you used --enable-ed448." "$LINENO" 5 + fi +fi + + fi + if test $use_ed448 = "yes"; then + +cat >>confdefs.h <<_ACEOF +#define USE_ED448 1 +_ACEOF + + fi + ;; +esac # Check whether --enable-event-api was given. if test "${enable_event_api+set}" = set; then : @@ -18378,6 +19359,37 @@ _ACEOF fi done # only in libev. (tested on 4.00) + for ac_func in event_assign +do : + ac_fn_c_check_func "$LINENO" "event_assign" "ac_cv_func_event_assign" +if test "x$ac_cv_func_event_assign" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_EVENT_ASSIGN 1 +_ACEOF + +fi +done + # in libevent, for thread-safety + ac_fn_c_check_decl "$LINENO" "evsignal_assign" "ac_cv_have_decl_evsignal_assign" "$ac_includes_default +#ifdef HAVE_EVENT_H +# include <event.h> +#else +# include \"event2/event.h\" +#endif + +" +if test "x$ac_cv_have_decl_evsignal_assign" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_EVSIGNAL_ASSIGN $ac_have_decl +_ACEOF + + PC_LIBEVENT_DEPENDENCY="libevent" + if test -n "$BAK_LDFLAGS_SET"; then LDFLAGS="$BAK_LDFLAGS" fi @@ -18442,7 +19454,71 @@ cat >>confdefs.h <<_ACEOF _ACEOF -# set static linking if requested +# hiredis (redis C client for cachedb) + +# Check whether --with-libhiredis was given. +if test "${with_libhiredis+set}" = set; then : + withval=$with_libhiredis; +else + withval="no" +fi + +found_libhiredis="no" +if test x_$withval = x_yes -o x_$withval != x_no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libhiredis" >&5 +$as_echo_n "checking for libhiredis... " >&6; } + if test x_$withval = x_ -o x_$withval = x_yes; then + withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" + fi + for dir in $withval ; do + if test -f "$dir/include/hiredis/hiredis.h"; then + found_libhiredis="yes" + if test "$dir" != "/usr"; then + CPPFLAGS="$CPPFLAGS -I$dir/include" + LDFLAGS="$LDFLAGS -L$dir/lib" + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $dir" >&5 +$as_echo "found in $dir" >&6; } + +$as_echo "#define USE_REDIS 1" >>confdefs.h + + LIBS="$LIBS -lhiredis" + break; + fi + done + if test x_$found_libhiredis != x_yes; then + as_fn_error $? "Could not find libhiredis, hiredis.h" "$LINENO" 5 + fi + for ac_header in hiredis/hiredis.h +do : + ac_fn_c_check_header_compile "$LINENO" "hiredis/hiredis.h" "ac_cv_header_hiredis_hiredis_h" "$ac_includes_default +" +if test "x$ac_cv_header_hiredis_hiredis_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_HIREDIS_HIREDIS_H 1 +_ACEOF + +fi + +done + + ac_fn_c_check_decl "$LINENO" "redisConnect" "ac_cv_have_decl_redisConnect" "$ac_includes_default + #include <hiredis/hiredis.h> + +" +if test "x$ac_cv_have_decl_redisConnect" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_REDISCONNECT $ac_have_decl +_ACEOF + +fi + +# set static linking for uninstalled libraries if requested staticexe="" # Check whether --enable-static-exe was given. @@ -18455,7 +19531,31 @@ if test x_$enable_static_exe = x_yes; then if test "$on_mingw" = yes; then staticexe="-all-static" # for static compile, include gdi32 and zlib here. - LIBS="$LIBS -lgdi32 -lz" + if echo $LIBS | grep 'lgdi32' >/dev/null; then + : + else + LIBS="$LIBS -lgdi32" + fi + LIBS="$LIBS -lz" + fi +fi + +# set full static linking if requested +# Check whether --enable-fully-static was given. +if test "${enable_fully_static+set}" = set; then : + enableval=$enable_fully_static; +fi + +if test x_$enable_fully_static = x_yes; then + staticexe="-all-static" + if test "$on_mingw" = yes; then + # for static compile, include gdi32 and zlib here. + if echo $LIBS | grep 'lgdi32' >/dev/null; then + : + else + LIBS="$LIBS -lgdi32" + fi + LIBS="$LIBS -lz" fi fi @@ -18502,7 +19602,11 @@ if test "$ac_cv_header_windows_h" = "yes"; then $as_echo "#define USE_WINSOCK 1" >>confdefs.h USE_WINSOCK="1" - LIBS="$LIBS -lws2_32" + if echo $LIBS | grep 'lws2_32' >/dev/null; then + : + else + LIBS="$LIBS -lws2_32" + fi fi else @@ -18666,7 +19770,7 @@ else WINDRES="$ac_cv_prog_WINDRES" fi - LIBS="$LIBS -liphlpapi" + LIBS="$LIBS -liphlpapi -lcrypt32" WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe" WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c" @@ -18900,7 +20004,7 @@ if test "$ac_res" != no; then : fi -for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync +for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -18959,39 +20063,77 @@ fi done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sbrk" >&5 -$as_echo_n "checking for sbrk... " >&6; } -# catch the warning of deprecated sbrk -old_cflags="$CFLAGS" -CFLAGS="$CFLAGS -Werror" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default +# check if setreuid en setregid fail, on MacOSX10.4(darwin8). +if echo $target_os | grep darwin8 > /dev/null; then -int main(void) { void* cur = sbrk(0); printf("%u\n", (unsigned)(size_t)((char*)cur - (char*)sbrk(0))); return 0; } +$as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +fi +ac_fn_c_check_decl "$LINENO" "inet_pton" "ac_cv_have_decl_inet_pton" " +$ac_includes_default +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } +#ifdef HAVE_NETINET_TCP_H +#include <netinet/tcp.h> +#endif -$as_echo "#define HAVE_SBRK 1" >>confdefs.h +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_WINSOCK2_H +#include <winsock2.h> +#endif + +#ifdef HAVE_WS2TCPIP_H +#include <ws2tcpip.h> +#endif +" +if test "x$ac_cv_have_decl_inet_pton" = xyes; then : + ac_have_decl=1 else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -CFLAGS="$old_cflags" -# check if setreuid en setregid fail, on MacOSX10.4(darwin8). -if echo $build_os | grep darwin8 > /dev/null; then +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_INET_PTON $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "inet_ntop" "ac_cv_have_decl_inet_ntop" " +$ac_includes_default +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif -$as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h +#ifdef HAVE_NETINET_TCP_H +#include <netinet/tcp.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif + +#ifdef HAVE_WINSOCK2_H +#include <winsock2.h> +#endif + +#ifdef HAVE_WS2TCPIP_H +#include <ws2tcpip.h> +#endif + +" +if test "x$ac_cv_have_decl_inet_ntop" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_INET_NTOP $ac_have_decl +_ACEOF + ac_fn_c_check_func "$LINENO" "inet_aton" "ac_cv_func_inet_aton" if test "x$ac_cv_func_inet_aton" = xyes; then : $as_echo "#define HAVE_INET_ATON 1" >>confdefs.h @@ -19160,21 +20302,70 @@ esac fi +ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero" +if test "x$ac_cv_func_explicit_bzero" = xyes; then : + $as_echo "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h + +else + case " $LIBOBJS " in + *" explicit_bzero.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS explicit_bzero.$ac_objext" + ;; +esac + +fi + + LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" -ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray" -if test "x$ac_cv_func_reallocarray" = xyes; then : - $as_echo "#define HAVE_REALLOCARRAY 1" >>confdefs.h +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for reallocarray" >&5 +$as_echo_n "checking for reallocarray... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default + +#ifndef _OPENBSD_SOURCE +#define _OPENBSD_SOURCE 1 +#endif +#include <stdlib.h> +int main(void) { + void* p = reallocarray(NULL, 10, 100); + free(p); + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_REALLOCARRAY 1" >>confdefs.h + else - case " $LIBOBJS " in + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + case " $LIBOBJS " in *" reallocarray.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS reallocarray.$ac_objext" ;; esac + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +ac_fn_c_check_decl "$LINENO" "reallocarray" "ac_cv_have_decl_reallocarray" "$ac_includes_default" +if test "x$ac_cv_have_decl_reallocarray" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_REALLOCARRAY $ac_have_decl +_ACEOF if test "$USE_NSS" = "no"; then ac_fn_c_check_func "$LINENO" "arc4random" "ac_cv_func_arc4random" @@ -19207,12 +20398,6 @@ fi if test "$ac_cv_func_arc4random" = "no"; then case " $LIBOBJS " in - *" explicit_bzero.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS explicit_bzero.$ac_objext" - ;; -esac - - case " $LIBOBJS " in *" arc4_lock.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS arc4_lock.$ac_objext" ;; @@ -19236,8 +20421,8 @@ else esac else - case `uname` in - Darwin) + case "$host" in + Darwin|*darwin*) case " $LIBOBJS " in *" getentropy_osx.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getentropy_osx.$ac_objext" @@ -19245,7 +20430,7 @@ esac esac ;; - SunOS) + *solaris*|*sunos*|SunOS) case " $LIBOBJS " in *" getentropy_solaris.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getentropy_solaris.$ac_objext" @@ -19349,7 +20534,15 @@ if test "$ac_res" != no; then : fi ;; - Linux|*) + *freebsd*|*FreeBSD) + case " $LIBOBJS " in + *" getentropy_freebsd.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS getentropy_freebsd.$ac_objext" + ;; +esac + + ;; + *linux*|Linux|*) case " $LIBOBJS " in *" getentropy_linux.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getentropy_linux.$ac_objext" @@ -19781,12 +20974,242 @@ _ACEOF fi +# check for dnscrypt if requested + + # Check whether --enable-dnscrypt was given. +if test "${enable_dnscrypt+set}" = set; then : + enableval=$enable_dnscrypt; opt_dnscrypt=$enableval +else + opt_dnscrypt=no +fi + + + if test "x$opt_dnscrypt" != "xno"; then + +# Check whether --with-libsodium was given. +if test "${with_libsodium+set}" = set; then : + withval=$with_libsodium; + CFLAGS="$CFLAGS -I$withval/include" + LDFLAGS="$LDFLAGS -L$withval/lib" + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sodium_init" >&5 +$as_echo_n "checking for library containing sodium_init... " >&6; } +if ${ac_cv_search_sodium_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char sodium_init (); +int +main () +{ +return sodium_init (); + ; + return 0; +} +_ACEOF +for ac_lib in '' sodium; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_sodium_init=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_sodium_init+:} false; then : + break +fi +done +if ${ac_cv_search_sodium_init+:} false; then : + +else + ac_cv_search_sodium_init=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_init" >&5 +$as_echo "$ac_cv_search_sodium_init" >&6; } +ac_res=$ac_cv_search_sodium_init +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + as_fn_error $? "The sodium library was not found. Please install sodium!" "$LINENO" 5 +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypto_box_curve25519xchacha20poly1305_beforenm" >&5 +$as_echo_n "checking for library containing crypto_box_curve25519xchacha20poly1305_beforenm... " >&6; } +if ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char crypto_box_curve25519xchacha20poly1305_beforenm (); +int +main () +{ +return crypto_box_curve25519xchacha20poly1305_beforenm (); + ; + return 0; +} +_ACEOF +for ac_lib in '' sodium; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+:} false; then : + break +fi +done +if ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+:} false; then : + +else + ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm" >&5 +$as_echo "$ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm" >&6; } +ac_res=$ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + + ENABLE_DNSCRYPT_XCHACHA20=1 + + +$as_echo "#define USE_DNSCRYPT_XCHACHA20 1" >>confdefs.h + + +else + + ENABLE_DNSCRYPT_XCHACHA20=0 + + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sodium_set_misuse_handler" >&5 +$as_echo_n "checking for library containing sodium_set_misuse_handler... " >&6; } +if ${ac_cv_search_sodium_set_misuse_handler+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char sodium_set_misuse_handler (); +int +main () +{ +return sodium_set_misuse_handler (); + ; + return 0; +} +_ACEOF +for ac_lib in '' sodium; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_sodium_set_misuse_handler=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_sodium_set_misuse_handler+:} false; then : + break +fi +done +if ${ac_cv_search_sodium_set_misuse_handler+:} false; then : + +else + ac_cv_search_sodium_set_misuse_handler=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_set_misuse_handler" >&5 +$as_echo "$ac_cv_search_sodium_set_misuse_handler" >&6; } +ac_res=$ac_cv_search_sodium_set_misuse_handler +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + + +$as_echo "#define SODIUM_MISUSE_HANDLER 1" >>confdefs.h + + +fi + + + +$as_echo "#define USE_DNSCRYPT 1" >>confdefs.h + + ENABLE_DNSCRYPT=1 + + + DNSCRYPT_SRC="dnscrypt/dnscrypt.c" + + DNSCRYPT_OBJ="dnscrypt.lo" + + + else + ENABLE_DNSCRYPT_XCHACHA20=0 + + + ENABLE_DNSCRYPT=0 + + + + fi + + # check for cachedb if requested # Check whether --enable-cachedb was given. if test "${enable_cachedb+set}" = set; then : enableval=$enable_cachedb; fi +# turn on cachedb when hiredis support is enabled. +if test "$found_libhiredis" = "yes"; then enable_cachedb="yes"; fi case "$enable_cachedb" in yes) @@ -19798,6 +21221,80 @@ $as_echo "#define USE_CACHEDB 1" >>confdefs.h ;; esac +# check for ipsecmod if requested +# Check whether --enable-ipsecmod was given. +if test "${enable_ipsecmod+set}" = set; then : + enableval=$enable_ipsecmod; +fi + +case "$enable_ipsecmod" in + yes) + +$as_echo "#define USE_IPSECMOD 1" >>confdefs.h + + IPSECMOD_OBJ="ipsecmod.lo ipsecmod-whitelist.lo" + + IPSECMOD_HEADER='$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h' + + ;; + no|*) + # nothing + ;; +esac + +# check for ipset if requested +# Check whether --enable-ipset was given. +if test "${enable_ipset+set}" = set; then : + enableval=$enable_ipset; +fi + +case "$enable_ipset" in + yes) + +$as_echo "#define USE_IPSET 1" >>confdefs.h + + IPSET_SRC="ipset/ipset.c" + + IPSET_OBJ="ipset.lo" + + + # mnl + +# Check whether --with-libmnl was given. +if test "${with_libmnl+set}" = set; then : + withval=$with_libmnl; +else + withval="yes" +fi + + found_libmnl="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libmnl" >&5 +$as_echo_n "checking for libmnl... " >&6; } + if test x_$withval = x_ -o x_$withval = x_yes; then + withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" + fi + for dir in $withval ; do + if test -f "$dir/include/libmnl/libmnl.h"; then + found_libmnl="yes" + if test "$dir" != "/usr"; then + CPPFLAGS="$CPPFLAGS -I$dir/include" + LDFLAGS="$LDFLAGS -L$dir/lib" + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $dir" >&5 +$as_echo "found in $dir" >&6; } + LIBS="$LIBS -lmnl" + break; + fi + done + if test x_$found_libmnl != x_yes; then + as_fn_error $? "Could not find libmnl, libmnl.h" "$LINENO" 5 + fi + ;; + no|*) + # nothing + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5 $as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; } # on openBSD, the implicit rule make $< work. @@ -19850,6 +21347,15 @@ if test "${with_libunbound_only+set}" = set; then : fi +if test $ALLTARGET = "alltargets"; then + if test $USE_NSS = "yes"; then + as_fn_error $? "--with-nss can only be used in combination with --with-libunbound-only." "$LINENO" 5 + fi + if test $USE_NETTLE = "yes"; then + as_fn_error $? "--with-nettle can only be used in combination with --with-libunbound-only." "$LINENO" 5 + fi +fi + @@ -19929,7 +21435,12 @@ $as_echo "#define OMITTED__D_LARGEFILE_SOURCE_1 1" >>confdefs.h fi -LDFLAGS="$LATE_LDFLAGS $LDFLAGS" +if test -n "$LATE_LDFLAGS"; then + LDFLAGS="$LATE_LDFLAGS $LDFLAGS" +fi +# remove start spaces +LDFLAGS=`echo "$LDFLAGS"|sed -e 's/^ *//'` +LIBS=`echo "$LIBS"|sed -e 's/^ *//'` cat >>confdefs.h <<_ACEOF @@ -19939,12 +21450,12 @@ _ACEOF -version=1.5.10 +version=1.9.6 date=`date +'%b %e, %Y'` -ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc" +ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service" ac_config_headers="$ac_config_headers config.h" @@ -20057,6 +21568,10 @@ LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs +if test -z "${USE_SYSTEMD_TRUE}" && test -z "${USE_SYSTEMD_FALSE}"; then + as_fn_error $? "conditional \"USE_SYSTEMD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 @@ -20454,7 +21969,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.5.10, which was +This file was extended by unbound $as_me 1.9.6, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20514,13 +22029,13 @@ $config_headers Configuration commands: $config_commands -Report bugs to <unbound-bugs@nlnetlabs.nl>." +Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.5.10 +unbound config.status 1.9.6 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -20942,7 +22457,10 @@ do "doc/unbound-host.1") CONFIG_FILES="$CONFIG_FILES doc/unbound-host.1" ;; "smallapp/unbound-control-setup.sh") CONFIG_FILES="$CONFIG_FILES smallapp/unbound-control-setup.sh" ;; "dnstap/dnstap_config.h") CONFIG_FILES="$CONFIG_FILES dnstap/dnstap_config.h" ;; + "dnscrypt/dnscrypt_config.h") CONFIG_FILES="$CONFIG_FILES dnscrypt/dnscrypt_config.h" ;; "contrib/libunbound.pc") CONFIG_FILES="$CONFIG_FILES contrib/libunbound.pc" ;; + "contrib/unbound.socket") CONFIG_FILES="$CONFIG_FILES contrib/unbound.socket" ;; + "contrib/unbound.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound.service" ;; "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; @@ -21509,7 +23027,6 @@ $as_echo "$as_me: executing $ac_file commands" >&6;} cat <<_LT_EOF >> "$cfgfile" #! $SHELL # Generated automatically by $as_me ($PACKAGE) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # Provide generalized library-building support services. diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac index fc2c67684ad0..5276d441620e 100644 --- a/contrib/unbound/configure.ac +++ b/contrib/unbound/configure.ac @@ -6,19 +6,20 @@ sinclude(ax_pthread.m4) sinclude(acx_python.m4) sinclude(ac_pkg_swig.m4) sinclude(dnstap/dnstap.m4) +sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[5]) -m4_define([VERSION_MICRO],[10]) -AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) +m4_define([VERSION_MINOR],[9]) +m4_define([VERSION_MICRO],[6]) +AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) -LIBUNBOUND_CURRENT=6 -LIBUNBOUND_REVISION=2 -LIBUNBOUND_AGE=4 +LIBUNBOUND_CURRENT=9 +LIBUNBOUND_REVISION=6 +LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 # 1.0.2 had 0:14:0 @@ -67,6 +68,30 @@ LIBUNBOUND_AGE=4 # 1.5.8 had 6:0:4 # adds ub_ctx_set_stub # 1.5.9 had 6:1:4 # 1.5.10 had 6:2:4 +# 1.6.0 had 6:3:4 +# 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type +# 1.6.2 had 7:1:5 +# 1.6.3 had 7:2:5 +# 1.6.4 had 7:3:5 +# 1.6.5 had 7:4:5 +# 1.6.6 had 7:5:5 +# 1.6.7 had 7:6:5 +# 1.6.8 had 7:7:5 +# 1.7.0 had 7:8:5 +# 1.7.1 had 7:9:5 +# 1.7.2 had 7:10:5 +# 1.7.3 had 7:11:5 +# 1.8.0 had 8:0:0 # changes the event callback function signature +# 1.8.1 had 8:1:0 +# 1.8.2 had 8:2:0 +# 1.8.3 had 8:3:0 +# 1.9.0 had 9:0:1 # add ub_ctx_set_tls +# 1.9.1 had 9:1:1 +# 1.9.2 had 9:2:1 +# 1.9.3 had 9:3:1 +# 1.9.4 had 9:4:1 +# 1.9.5 had 9:5:1 +# 1.9.6 had 9:6:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -82,7 +107,7 @@ LIBUNBOUND_AGE=4 # Current and Age. Set Revision to 0, since this is the first # implementation of the new API. # -# Otherwise, we're changing the binary API and breaking bakward +# Otherwise, we're changing the binary API and breaking backward # compatibility with old binaries. Increment Current. Set Age to 0, # since we're backward compatible with no previous APIs. Set Revision # to 0 too. @@ -90,6 +115,10 @@ AC_SUBST(LIBUNBOUND_CURRENT) AC_SUBST(LIBUNBOUND_REVISION) AC_SUBST(LIBUNBOUND_AGE) + +cmdln="`echo $@ | sed -e 's/\\\\/\\\\\\\\/g' | sed -e 's/"/\\\\"/'g`" +AC_DEFINE_UNQUOTED(CONFCMDLINE, ["$cmdln"], [Command line arguments used with configure]) + CFLAGS="$CFLAGS" AC_AIX if test "$ac_cv_header_minix_config_h" = "yes"; then @@ -104,6 +133,11 @@ case "$prefix" in prefix="/usr/local" ;; esac +case "$exec_prefix" in + NONE) + exec_prefix="$prefix" + ;; +esac # are we on MinGW? if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" @@ -115,10 +149,16 @@ fi # # Determine configuration file # the eval is to evaluate shell expansion twice +UNBOUND_SBIN_DIR=`eval echo "${sbindir}"` +AC_SUBST(UNBOUND_SBIN_DIR) +UNBOUND_SYSCONF_DIR=`eval echo "${sysconfdir}"` +AC_SUBST(UNBOUND_SYSCONF_DIR) +UNBOUND_LOCALSTATE_DIR=`eval echo "${localstatedir}"` +AC_SUBST(UNBOUND_LOCALSTATE_DIR) if test $on_mingw = "no"; then ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` else - ub_conf_file="C:\\Program Files (x86)\\Unbound\\service.conf" + ub_conf_file="C:\\Program Files\\Unbound\\service.conf" fi AC_ARG_WITH([conf_file], AC_HELP_STRING([--with-conf-file=path], @@ -188,7 +228,7 @@ AC_ARG_WITH(rootkey-file, if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" else - UNBOUND_ROOTKEY_FILE="C:\\Program Files (x86)\\Unbound\\root.key" + UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" fi ) AC_SUBST(UNBOUND_ROOTKEY_FILE) @@ -202,7 +242,7 @@ AC_ARG_WITH(rootcert-file, if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" else - UNBOUND_ROOTCERT_FILE="C:\\Program Files (x86)\\Unbound\\icannbundle.pem" + UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" fi ) AC_SUBST(UNBOUND_ROOTCERT_FILE) @@ -225,9 +265,11 @@ AC_DEFINE_UNQUOTED(RSRC_PACKAGE_VERSION, [$wnvs], [version number for resource f AC_C_CONST AC_LANG_C # allow user to override the -g -O2 flags. +default_cflags=no if test "x$CFLAGS" = "x" ; then ACX_CHECK_COMPILER_FLAG(g, [CFLAGS="$CFLAGS -g"]) ACX_CHECK_COMPILER_FLAG(O2, [CFLAGS="$CFLAGS -O2"]) +default_cflags=yes fi AC_PROG_CC ACX_DEPFLAG @@ -251,9 +293,14 @@ case "$debug_enabled" in # nothing to do. ;; esac -ACX_CHECK_FLTO -ACX_CHECK_PIE -ACX_CHECK_RELRO_NOW +if test "$default_cflags" = "yes"; then + # only when CFLAGS was "" at the start, if the users wants to + # override we shouldn't add default cflags, because they wouldn't + # be able to turn off these options and set the CFLAGS wanted. + ACX_CHECK_FLTO + ACX_CHECK_PIE + ACX_CHECK_RELRO_NOW +fi AC_C_INLINE ACX_CHECK_FORMAT_ATTRIBUTE @@ -277,11 +324,36 @@ __attribute__((weak)) void f(int x) { printf("%d", x); } AC_MSG_RESULT($ac_cv_c_weak_attribute) if test $ac_cv_c_weak_attribute = yes; then AC_DEFINE(HAVE_ATTR_WEAK, 1, [Whether the C compiler accepts the "weak" attribute]) + AC_DEFINE(ATTR_WEAK, [__attribute__((weak))], [apply the weak attribute to a symbol]) fi ])dnl End of CHECK_WEAK_ATTRIBUTE CHECK_WEAK_ATTRIBUTE +AC_DEFUN([CHECK_NORETURN_ATTRIBUTE], +[AC_REQUIRE([AC_PROG_CC]) +AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "noreturn" attribute) +AC_CACHE_VAL(ac_cv_c_noreturn_attribute, +[ac_cv_c_noreturn_attribute=no +AC_TRY_COMPILE( +[ #include <stdio.h> +__attribute__((noreturn)) void f(int x) { printf("%d", x); } +], [ + f(1); +], +[ac_cv_c_noreturn_attribute="yes"], +[ac_cv_c_noreturn_attribute="no"]) +]) + +AC_MSG_RESULT($ac_cv_c_noreturn_attribute) +if test $ac_cv_c_noreturn_attribute = yes; then + AC_DEFINE(HAVE_ATTR_NORETURN, 1, [Whether the C compiler accepts the "noreturn" attribute]) + AC_DEFINE(ATTR_NORETURN, [__attribute__((__noreturn__))], [apply the noreturn attribute to a function that exits the program]) +fi +])dnl End of CHECK_NORETURN_ATTRIBUTE + +CHECK_NORETURN_ATTRIBUTE + if test "$srcdir" != "."; then CPPFLAGS="$CPPFLAGS -I$srcdir" fi @@ -291,18 +363,39 @@ AC_DEFUN([ACX_YYLEX_DESTROY], [ if echo %% | $LEX -t 2>&1 | grep yylex_destroy >/dev/null 2>&1; then AC_DEFINE(LEX_HAS_YYLEX_DESTROY, 1, [if lex has yylex_destroy]) AC_MSG_RESULT(yes) - else AC_MSG_RESULT(no); fi + else AC_MSG_RESULT(no); + LEX=":" + fi +]) + +AC_DEFUN([ACX_YYLEX_OPTION], [ + AC_MSG_CHECKING([for lex %option]) + if cat <<EOF | $LEX -t 2>&1 | grep yy_delete_buffer >/dev/null 2>&1; then +%option nounput +%% +EOF + AC_MSG_RESULT(yes) + else AC_MSG_RESULT(no); + LEX=":" + fi ]) AC_PROG_LEX +if test "$LEX" != "" -a "$LEX" != ":"; then ACX_YYLEX_DESTROY +fi +if test "$LEX" != "" -a "$LEX" != ":"; then +ACX_YYLEX_OPTION +fi AC_PROG_YACC AC_CHECK_PROG(doxygen, doxygen, doxygen) AC_CHECK_TOOL(STRIP, strip) ACX_LIBTOOL_C_ONLY +PKG_PROG_PKG_CONFIG + # Checks for header files. -AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h],,, [AC_INCLUDES_DEFAULT]) # check for types. # Using own tests for int64* because autoconf builtin only give 32bit. @@ -339,6 +432,7 @@ AC_INCLUDES_DEFAULT # endif #endif ]) +AC_CHECK_SIZEOF(size_t) # add option to disable the evil rpath ACX_ARG_RPATH @@ -383,6 +477,17 @@ ACX_CHECK_NONBLOCKING_BROKEN ACX_MKDIR_ONE_ARG AC_CHECK_FUNCS([strptime],[AC_CHECK_STRPTIME_WORKS],[AC_LIBOBJ([strptime])]) +# check if we can use SO_REUSEPORT +if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then + AC_DEFINE(REUSEPORT_DEFAULT, 1, [if REUSEPORT is enabled by default]) +else + AC_DEFINE(REUSEPORT_DEFAULT, 0, [if REUSEPORT is enabled by default]) +fi + +# Include systemd.m4 - begin +sinclude(systemd.m4) +# Include systemd.m4 - end + # set memory allocation checking if requested AC_ARG_ENABLE(alloc-checks, AC_HELP_STRING([--enable-alloc-checks], [ enable to memory allocation statistics, for debug purposes ]), @@ -398,6 +503,10 @@ if test x_$enable_alloc_nonregional = x_yes; then fi if test x_$enable_alloc_checks = x_yes; then AC_DEFINE(UNBOUND_ALLOC_STATS, 1, [use statistics for allocs and frees, for debug use]) + SLDNS_ALLOCCHECK_EXTRA_OBJ="alloc.lo log.lo" + AC_SUBST(SLDNS_ALLOCCHECK_EXTRA_OBJ) + ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ="alloc.lo" + AC_SUBST(ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ) else if test x_$enable_alloc_lite = x_yes; then AC_DEFINE(UNBOUND_ALLOC_LITE, 1, [use to enable lightweight alloc assertions, for debug use]) @@ -438,7 +547,9 @@ ub_have_pthreads=no if test x_$withval != x_no; then AX_PTHREAD([ AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]) - LIBS="$PTHREAD_LIBS $LIBS" + if test -n "$PTHREAD_LIBS"; then + LIBS="$PTHREAD_LIBS $LIBS" + fi CFLAGS="$CFLAGS $PTHREAD_CFLAGS" CC="$PTHREAD_CC" ub_have_pthreads=yes @@ -499,6 +610,18 @@ fi fi # end of non-mingw check of thread libraries +# Check for SYSLOG_FACILITY +AC_ARG_WITH(syslog-facility, AC_HELP_STRING([--with-syslog-facility=LOCAL0 - LOCAL7], [ set SYSLOG_FACILITY, default DAEMON ]), + [ UNBOUND_SYSLOG_FACILITY="$withval" ], []) +case "${UNBOUND_SYSLOG_FACILITY}" in + + LOCAL[[0-7]]) UNBOUND_SYSLOG_FACILITY="LOG_${UNBOUND_SYSLOG_FACILITY}" ;; + + *) UNBOUND_SYSLOG_FACILITY="LOG_DAEMON" ;; + +esac +AC_DEFINE_UNQUOTED(UB_SYSLOG_FACILITY,${UNBOUND_SYSLOG_FACILITY},[the SYSLOG_FACILITY to use, default LOG_DAEMON]) + # Check for PyUnbound AC_ARG_WITH(pyunbound, AC_HELP_STRING([--with-pyunbound], @@ -540,13 +663,30 @@ if test x_$ub_test_python != x_no; then AC_SUBST(PY_MAJOR_VERSION) # Have Python AC_DEFINE(HAVE_PYTHON,1,[Define if you have Python libraries and header files.]) - LIBS="$PYTHON_LDFLAGS $LIBS" - CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" + if test -n "$LIBS"; then + LIBS="$PYTHON_LDFLAGS $LIBS" + else + LIBS="$PYTHON_LDFLAGS" + fi + if test -n "$CPPFLAGS"; then + CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" + else + CPPFLAGS="$PYTHON_CPPFLAGS" + fi ub_have_python=yes + PKG_CHECK_EXISTS(["python${PY_MAJOR_VERSION}"], + [PC_PY_DEPENDENCY="python${PY_MAJOR_VERSION}"], + [PC_PY_DEPENDENCY="python"]) + AC_SUBST(PC_PY_DEPENDENCY) # Check for SWIG ub_have_swig=no - AC_PROG_SWIG + AC_ARG_ENABLE(swig-version-check, AC_HELP_STRING([--disable-swig-version-check], [Disable swig version check to build python modules with older swig even though that is unreliable])) + if test "$enable_swig_version_check" = "yes"; then + AC_PROG_SWIG(2.0.1) + else + AC_PROG_SWIG + fi AC_MSG_CHECKING(SWIG) if test ! -x "$SWIG"; then AC_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound]) @@ -668,17 +808,17 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/ AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) # libressl provides these compat functions, but they may also be # declared by the OS in libc. See if they have been declared. - AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform,reallocarray]) + AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform]) else AC_MSG_RESULT([no]) fi AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback]) # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -AC_CHECK_FUNCS([OPENSSL_init_ssl]) +AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites]) LIBS="$BAKLIBS" AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ @@ -701,10 +841,56 @@ AC_INCLUDES_DEFAULT #include <openssl/ssl.h> #include <openssl/evp.h> ]) + +if test "$ac_cv_func_HMAC_Init_ex" = "yes"; then +# check function return type. +AC_MSG_CHECKING(the return type of HMAC_Init_ex) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +#ifdef HAVE_OPENSSL_ERR_H +#include <openssl/err.h> +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include <openssl/rand.h> +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include <openssl/conf.h> +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include <openssl/engine.h> +#endif +#include <openssl/ssl.h> +#include <openssl/evp.h> +], [ + HMAC_CTX* hmac_ctx = NULL; + void* hmac_key = NULL; + const EVP_MD* digest = NULL; + int x = HMAC_Init_ex(hmac_ctx, hmac_key, 32, digest, NULL); + (void)x; +])], [ + AC_MSG_RESULT(int) +], [ + AC_MSG_RESULT(void) + AC_DEFINE([HMAC_INIT_EX_RETURNS_VOID], 1, [If HMAC_Init_ex() returns void]) +]) +fi + fi AC_SUBST(SSLLIB) +AC_ARG_ENABLE(sha1, AC_HELP_STRING([--disable-sha1], [Disable SHA1 RRSIG support, does not disable nsec3 support])) +case "$enable_sha1" in + no) + ;; + yes|*) + AC_DEFINE([USE_SHA1], [1], [Define this to enable SHA1 support.]) + ;; +esac + + AC_ARG_ENABLE(sha2, AC_HELP_STRING([--disable-sha2], [Disable SHA256 and SHA512 RRSIG support])) case "$enable_sha2" in no) @@ -714,6 +900,19 @@ case "$enable_sha2" in ;; esac +AC_ARG_ENABLE(subnet, AC_HELP_STRING([--enable-subnet], [Enable client subnet])) +case "$enable_subnet" in + yes) + AC_DEFINE([CLIENT_SUBNET], [1], [Define this to enable client subnet option.]) + SUBNET_OBJ="edns-subnet.lo subnetmod.lo addrtree.lo subnet-whitelist.lo" + AC_SUBST(SUBNET_OBJ) + SUBNET_HEADER='$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/edns-subnet/addrtree.h' + AC_SUBST(SUBNET_HEADER) + ;; + no|*) + ;; +esac + # check wether gost also works AC_DEFUN([AC_CHECK_GOST_WORKS], [AC_REQUIRE([AC_PROG_CC]) @@ -864,18 +1063,84 @@ esac AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support])) use_dsa="no" -case "$enable_ecdsa" in +case "$enable_dsa" in no) ;; *) # detect if DSA is supported, and turn it off if not. - AC_CHECK_FUNC(EVP_dss1, [ + if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then + AC_CHECK_FUNC(DSA_SIG_new, [ + AC_CHECK_TYPE(DSA_SIG*, [ AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.]) + fi ], [ +AC_INCLUDES_DEFAULT +#ifdef HAVE_OPENSSL_ERR_H +#include <openssl/err.h> +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include <openssl/rand.h> +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include <openssl/conf.h> +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include <openssl/engine.h> +#endif + ]) + ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.]) fi ]) + else + AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) + fi + ;; +esac + +AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable ED25519 support])) +use_ed25519="no" +case "$enable_ed25519" in + no) + ;; + *) + if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then + AC_CHECK_DECLS([NID_ED25519], [ + use_ed25519="yes" + ], [ if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.]) + fi ], [AC_INCLUDES_DEFAULT +#include <openssl/evp.h> + ]) + fi + if test $USE_NETTLE = "yes"; then + AC_CHECK_HEADERS([nettle/eddsa.h], use_ed25519="yes",, [AC_INCLUDES_DEFAULT]) + fi + if test $use_ed25519 = "yes"; then + AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.]) + fi ;; esac +AC_ARG_ENABLE(ed448, AC_HELP_STRING([--disable-ed448], [Disable ED448 support])) +use_ed448="no" +case "$enable_ed448" in + no) + ;; + *) + if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then + AC_CHECK_DECLS([NID_ED448], [ + use_ed448="yes" + ], [ if test "x$enable_ed448" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED448 and you used --enable-ed448.]) + fi ], [AC_INCLUDES_DEFAULT +#include <openssl/evp.h> + ]) + fi + if test $use_ed448 = "yes"; then + AC_DEFINE_UNQUOTED([USE_ED448], [1], [Define this to enable ED448 support.]) + fi + ;; +esac AC_ARG_ENABLE(event-api, AC_HELP_STRING([--enable-event-api], [Enable (experimental) pluggable event base libunbound API installed to unbound-event.h])) case "$enable_event_api" in @@ -1000,6 +1265,16 @@ large outgoing port ranges. ]) AC_CHECK_FUNCS([event_base_get_method]) # only in libevent 1.4.3 and later AC_CHECK_FUNCS([ev_loop]) # only in libev. (tested on 3.51) AC_CHECK_FUNCS([ev_default_loop]) # only in libev. (tested on 4.00) + AC_CHECK_FUNCS([event_assign]) # in libevent, for thread-safety + AC_CHECK_DECLS([evsignal_assign], [], [], [AC_INCLUDES_DEFAULT +#ifdef HAVE_EVENT_H +# include <event.h> +#else +# include "event2/event.h" +#endif + ]) + PC_LIBEVENT_DEPENDENCY="libevent" + AC_SUBST(PC_LIBEVENT_DEPENDENCY) if test -n "$BAK_LDFLAGS_SET"; then LDFLAGS="$BAK_LDFLAGS" fi @@ -1033,18 +1308,73 @@ AC_CHECK_DECLS([XML_StopParser], [], [], [AC_INCLUDES_DEFAULT #include <expat.h> ]) -# set static linking if requested +# hiredis (redis C client for cachedb) +AC_ARG_WITH(libhiredis, AC_HELP_STRING([--with-libhiredis=path], + [specify explicit path for libhiredis.]), + [ ],[ withval="no" ]) +found_libhiredis="no" +if test x_$withval = x_yes -o x_$withval != x_no; then + AC_MSG_CHECKING(for libhiredis) + if test x_$withval = x_ -o x_$withval = x_yes; then + withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" + fi + for dir in $withval ; do + if test -f "$dir/include/hiredis/hiredis.h"; then + found_libhiredis="yes" + dnl assume /usr is in default path. + if test "$dir" != "/usr"; then + CPPFLAGS="$CPPFLAGS -I$dir/include" + LDFLAGS="$LDFLAGS -L$dir/lib" + fi + AC_MSG_RESULT(found in $dir) + AC_DEFINE([USE_REDIS], [1], [Define this to use hiredis client.]) + LIBS="$LIBS -lhiredis" + break; + fi + done + if test x_$found_libhiredis != x_yes; then + AC_ERROR([Could not find libhiredis, hiredis.h]) + fi + AC_CHECK_HEADERS([hiredis/hiredis.h],,, [AC_INCLUDES_DEFAULT]) + AC_CHECK_DECLS([redisConnect], [], [], [AC_INCLUDES_DEFAULT + #include <hiredis/hiredis.h> + ]) +fi + +# set static linking for uninstalled libraries if requested AC_SUBST(staticexe) staticexe="" AC_ARG_ENABLE(static-exe, AC_HELP_STRING([--enable-static-exe], - [ enable to compile executables statically against (event) libs, for debug purposes ]), + [ enable to compile executables statically against (event) uninstalled libs, for debug purposes ]), , ) if test x_$enable_static_exe = x_yes; then staticexe="-static" if test "$on_mingw" = yes; then staticexe="-all-static" # for static compile, include gdi32 and zlib here. - LIBS="$LIBS -lgdi32 -lz" + if echo $LIBS | grep 'lgdi32' >/dev/null; then + : + else + LIBS="$LIBS -lgdi32" + fi + LIBS="$LIBS -lz" + fi +fi + +# set full static linking if requested +AC_ARG_ENABLE(fully-static, AC_HELP_STRING([--enable-fully-static], + [ enable to compile fully static ]), + , ) +if test x_$enable_fully_static = x_yes; then + staticexe="-all-static" + if test "$on_mingw" = yes; then + # for static compile, include gdi32 and zlib here. + if echo $LIBS | grep 'lgdi32' >/dev/null; then + : + else + LIBS="$LIBS -lgdi32" + fi + LIBS="$LIBS -lz" fi fi @@ -1065,7 +1395,7 @@ if test "$USE_WINSOCK" = 1; then #include <windows.h> ]) AC_CHECK_TOOL(WINDRES, windres) - LIBS="$LIBS -liphlpapi" + LIBS="$LIBS -liphlpapi -lcrypt32" WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe" AC_SUBST(WINAPPS) WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c" @@ -1138,27 +1468,36 @@ AC_INCLUDES_DEFAULT #endif ]) AC_SEARCH_LIBS([setusercontext], [util]) -AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync]) +AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4]) AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])]) AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])]) -AC_MSG_CHECKING([for sbrk]) -# catch the warning of deprecated sbrk -old_cflags="$CFLAGS" -CFLAGS="$CFLAGS -Werror" -AC_COMPILE_IFELSE([AC_LANG_SOURCE(AC_INCLUDES_DEFAULT -[[ -int main(void) { void* cur = sbrk(0); printf("%u\n", (unsigned)(size_t)((char*)cur - (char*)sbrk(0))); return 0; } -]])], [ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_SBRK, 1, [define if you have the sbrk() call]) - ], [AC_MSG_RESULT(no)]) -CFLAGS="$old_cflags" - # check if setreuid en setregid fail, on MacOSX10.4(darwin8). -if echo $build_os | grep darwin8 > /dev/null; then +if echo $target_os | grep darwin8 > /dev/null; then AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work]) fi +AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [ +AC_INCLUDES_DEFAULT +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#ifdef HAVE_NETINET_TCP_H +#include <netinet/tcp.h> +#endif + +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif + +#ifdef HAVE_WINSOCK2_H +#include <winsock2.h> +#endif + +#ifdef HAVE_WS2TCPIP_H +#include <ws2tcpip.h> +#endif +]) AC_REPLACE_FUNCS(inet_aton) AC_REPLACE_FUNCS(inet_pton) AC_REPLACE_FUNCS(inet_ntop) @@ -1182,25 +1521,43 @@ AC_REPLACE_FUNCS(strlcpy) AC_REPLACE_FUNCS(memmove) AC_REPLACE_FUNCS(gmtime_r) AC_REPLACE_FUNCS(isblank) +AC_REPLACE_FUNCS(explicit_bzero) dnl without CTIME, ARC4-functions and without reallocarray. LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" AC_SUBST(LIBOBJ_WITHOUT_CTIMEARC4) -AC_REPLACE_FUNCS(reallocarray) +AC_MSG_CHECKING([for reallocarray]) +AC_LINK_IFELSE([AC_LANG_SOURCE(AC_INCLUDES_DEFAULT +[[ +#ifndef _OPENBSD_SOURCE +#define _OPENBSD_SOURCE 1 +#endif +#include <stdlib.h> +int main(void) { + void* p = reallocarray(NULL, 10, 100); + free(p); + return 0; +} +]])], [AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_REALLOCARRAY, 1, [If we have reallocarray(3)]) +], [ + AC_MSG_RESULT(no) + AC_LIBOBJ(reallocarray) +]) +AC_CHECK_DECLS([reallocarray]) if test "$USE_NSS" = "no"; then AC_REPLACE_FUNCS(arc4random) AC_REPLACE_FUNCS(arc4random_uniform) if test "$ac_cv_func_arc4random" = "no"; then - AC_LIBOBJ(explicit_bzero) AC_LIBOBJ(arc4_lock) AC_CHECK_FUNCS([getentropy],,[ if test "$USE_WINSOCK" = 1; then AC_LIBOBJ(getentropy_win) else - case `uname` in - Darwin) + case "$host" in + Darwin|*darwin*) AC_LIBOBJ(getentropy_osx) ;; - SunOS) + *solaris*|*sunos*|SunOS) AC_LIBOBJ(getentropy_solaris) AC_CHECK_HEADERS([sys/sha2.h],, [ AC_CHECK_FUNCS([SHA512_Update],,[ @@ -1213,7 +1570,10 @@ if test "$USE_NSS" = "no"; then fi AC_SEARCH_LIBS([clock_gettime], [rt]) ;; - Linux|*) + *freebsd*|*FreeBSD) + AC_LIBOBJ(getentropy_freebsd) + ;; + *linux*|Linux|*) AC_LIBOBJ(getentropy_linux) AC_CHECK_FUNCS([SHA512_Update],,[ AC_DEFINE([COMPAT_SHA512], [1], [Do sha512 definitions in config.h]) @@ -1284,8 +1644,23 @@ dt_DNSTAP([$UNBOUND_RUN_DIR/dnstap.sock], ] ) +# check for dnscrypt if requested +dnsc_DNSCRYPT([ + AC_DEFINE([USE_DNSCRYPT], [1], [Define to 1 to enable dnscrypt support]) + AC_SUBST([ENABLE_DNSCRYPT], [1]) + + AC_SUBST([DNSCRYPT_SRC], ["dnscrypt/dnscrypt.c"]) + AC_SUBST([DNSCRYPT_OBJ], ["dnscrypt.lo"]) + ], + [ + AC_SUBST([ENABLE_DNSCRYPT], [0]) + ] +) + # check for cachedb if requested AC_ARG_ENABLE(cachedb, AC_HELP_STRING([--enable-cachedb], [enable cachedb module that can use external cache storage])) +# turn on cachedb when hiredis support is enabled. +if test "$found_libhiredis" = "yes"; then enable_cachedb="yes"; fi case "$enable_cachedb" in yes) AC_DEFINE([USE_CACHEDB], [1], [Define to 1 to use cachedb support]) @@ -1295,6 +1670,62 @@ case "$enable_cachedb" in ;; esac +# check for ipsecmod if requested +AC_ARG_ENABLE(ipsecmod, AC_HELP_STRING([--enable-ipsecmod], [Enable ipsecmod module that facilitates opportunistic IPsec])) +case "$enable_ipsecmod" in + yes) + AC_DEFINE([USE_IPSECMOD], [1], [Define to 1 to use ipsecmod support.]) + IPSECMOD_OBJ="ipsecmod.lo ipsecmod-whitelist.lo" + AC_SUBST(IPSECMOD_OBJ) + IPSECMOD_HEADER='$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h' + AC_SUBST(IPSECMOD_HEADER) + ;; + no|*) + # nothing + ;; +esac + +# check for ipset if requested +AC_ARG_ENABLE(ipset, AC_HELP_STRING([--enable-ipset], [enable ipset module])) +case "$enable_ipset" in + yes) + AC_DEFINE([USE_IPSET], [1], [Define to 1 to use ipset support]) + IPSET_SRC="ipset/ipset.c" + AC_SUBST(IPSET_SRC) + IPSET_OBJ="ipset.lo" + AC_SUBST(IPSET_OBJ) + + # mnl + AC_ARG_WITH(libmnl, AC_HELP_STRING([--with-libmnl=path], + [specify explicit path for libmnl.]), + [ ],[ withval="yes" ]) + found_libmnl="no" + AC_MSG_CHECKING(for libmnl) + if test x_$withval = x_ -o x_$withval = x_yes; then + withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" + fi + for dir in $withval ; do + if test -f "$dir/include/libmnl/libmnl.h"; then + found_libmnl="yes" + dnl assume /usr is in default path. + if test "$dir" != "/usr"; then + CPPFLAGS="$CPPFLAGS -I$dir/include" + LDFLAGS="$LDFLAGS -L$dir/lib" + fi + AC_MSG_RESULT(found in $dir) + LIBS="$LIBS -lmnl" + break; + fi + done + if test x_$found_libmnl != x_yes; then + AC_ERROR([Could not find libmnl, libmnl.h]) + fi + ;; + no|*) + # nothing + ;; +esac + AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). @@ -1341,11 +1772,25 @@ AC_ARG_WITH(libunbound-only, AC_HELP_STRING([--with-libunbound-only], INSTALLTARGET="install-lib" fi ]) +if test $ALLTARGET = "alltargets"; then + if test $USE_NSS = "yes"; then + AC_ERROR([--with-nss can only be used in combination with --with-libunbound-only.]) + fi + if test $USE_NETTLE = "yes"; then + AC_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.]) + fi +fi + AC_SUBST(ALLTARGET) AC_SUBST(INSTALLTARGET) ACX_STRIP_EXT_FLAGS -LDFLAGS="$LATE_LDFLAGS $LDFLAGS" +if test -n "$LATE_LDFLAGS"; then + LDFLAGS="$LATE_LDFLAGS $LDFLAGS" +fi +# remove start spaces +LDFLAGS=`echo "$LDFLAGS"|sed -e 's/^ *//'` +LIBS=`echo "$LIBS"|sed -e 's/^ *//'` AC_DEFINE_UNQUOTED([MAXSYSLOGMSGLEN], [10240], [Define to the maximum message length to pass to syslog.]) @@ -1355,8 +1800,14 @@ AHX_CONFIG_EXT_FLAGS dnl includes [ +#ifndef _OPENBSD_SOURCE +#define _OPENBSD_SOURCE 1 +#endif + #ifndef UNBOUND_DEBUG +# ifndef NDEBUG # define NDEBUG +# endif #endif /** Use small-ldns codebase */ @@ -1471,12 +1922,29 @@ char *strsep(char **stringp, const char *delim); int isblank(int c); #endif +#ifndef HAVE_EXPLICIT_BZERO +#define explicit_bzero unbound_explicit_bzero +void explicit_bzero(void* buf, size_t len); +#endif + +#if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP +const char *inet_ntop(int af, const void *src, char *dst, size_t size); +#endif + +#if defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON +int inet_pton(int af, const char* src, void* dst); +#endif + #if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS) #define strptime unbound_strptime struct tm; char *strptime(const char *s, const char *format, struct tm *tm); #endif +#if !HAVE_DECL_REALLOCARRAY +void *reallocarray(void *ptr, size_t nmemb, size_t size); +#endif + #ifdef HAVE_LIBRESSL # if !HAVE_DECL_STRLCPY size_t strlcpy(char *dst, const char *src, size_t siz); @@ -1490,17 +1958,14 @@ uint32_t arc4random(void); # if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) uint32_t arc4random_uniform(uint32_t upper_bound); # endif -# if !HAVE_DECL_REALLOCARRAY -void *reallocarray(void *ptr, size_t nmemb, size_t size); -# endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM -void explicit_bzero(void* buf, size_t len); int getentropy(void* buf, size_t len); uint32_t arc4random(void); void arc4random_buf(void* buf, size_t n); void _ARC4_LOCK(void); void _ARC4_UNLOCK(void); +void _ARC4_LOCK_DESTROY(void); #endif #ifndef HAVE_ARC4RANDOM_UNIFORM uint32_t arc4random_uniform(uint32_t upper_bound); @@ -1566,6 +2031,8 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, /** default port for DNS traffic. */ #define UNBOUND_DNS_PORT 53 +/** default port for DNS over TLS traffic. */ +#define UNBOUND_DNS_OVER_TLS_PORT 853 /** default port for unbound control traffic, registered port with IANA, ub-dns-control 8953/tcp unbound dns nameserver control */ #define UNBOUND_CONTROL_PORT 8953 @@ -1579,6 +2046,6 @@ dnl if this is a distro tarball, that was already done by makedist.sh AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO]) AC_SUBST(date, [`date +'%b %e, %Y'`]) -AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc]) +AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service]) AC_CONFIG_HEADER([config.h]) AC_OUTPUT diff --git a/contrib/unbound/contrib/README b/contrib/unbound/contrib/README index 8eae9b5b7cfc..f12e52f2554b 100644 --- a/contrib/unbound/contrib/README +++ b/contrib/unbound/contrib/README @@ -29,3 +29,23 @@ distribution but may be helpful. Patch from Stephane Lapie for ASAHI Net. * unbound_smf22.tar.gz: Solaris SMF installation/removal scripts. Contributed by Yuri Voinov. +* unbound.socket and unbound.service: systemd files for unbound, install them + in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov. +* redirect-bogus.patch: Return configured address for bogus A and AAAA answers, + instead of SERVFAIL. Contributed by SIDN. +* fastrpz.patch: fastrpz support from Farsight Security. +* libunbound.so.conf: ltrace.conf file, see ltrace.conf(5), for libunbound. +* unbound-querycachedb.py: utility to show data stored in cachedb backend + for a particular query name and type. It requires dnspython and (for + redis backend) redis Python modules. +* unbound-fuzzme.patch: adds unbound-fuzzme program that parses a packet from + stdin. Used with fuzzers, patch from Jacob Hoffman-Andrews. +* unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 + replacements for unbound-fuzzme.c that gets created after applying + the contrib/unbound-fuzzme.patch. They are contributed by + Eric Sesterhenn from X41 D-Sec. +* drop-tld.diff: adds option drop-tld: yesno that drops 2 label queries, + to stop random floods. Apply with patch -p1 < contrib/drop-tld.diff and + compile. From Saksham Manchanda (Secure64). Please note that we think + this will drop DNSKEY and DS lookups for tlds and hence break DNSSEC + lookups for downstream clients. diff --git a/contrib/unbound/contrib/aaaa-filter-iterator.patch b/contrib/unbound/contrib/aaaa-filter-iterator.patch index 0647f4979d25..b5c5268223d1 100644 --- a/contrib/unbound/contrib/aaaa-filter-iterator.patch +++ b/contrib/unbound/contrib/aaaa-filter-iterator.patch @@ -1,10 +1,10 @@ Index: trunk/doc/unbound.conf.5.in =================================================================== ---- trunk/doc/unbound.conf.5.in (revision 3587) +--- trunk/doc/unbound.conf.5.in (revision 4357) +++ trunk/doc/unbound.conf.5.in (working copy) -@@ -593,6 +593,13 @@ - possible. Best effort approach, full QNAME and original QTYPE will be sent when - upstream replies with a RCODE other than NOERROR. Default is off. +@@ -701,6 +701,13 @@ + this option in enabled. Only use if you know what you are doing. + This option only has effect when qname-minimisation is enabled. Default is off. .TP +.B aaaa\-filter: \fI<yes or no> +Activate behavior similar to BIND's AAAA-filter. @@ -18,7 +18,7 @@ Index: trunk/doc/unbound.conf.5.in on your private network, and are not allowed to be returned for Index: trunk/iterator/iter_scrub.c =================================================================== ---- trunk/iterator/iter_scrub.c (revision 3587) +--- trunk/iterator/iter_scrub.c (revision 4357) +++ trunk/iterator/iter_scrub.c (working copy) @@ -617,6 +617,32 @@ } @@ -75,10 +75,11 @@ Index: trunk/iterator/iter_scrub.c /* At this point, we brutally remove ALL rrsets that aren't * children of the originating zone. The idea here is that, * as far as we know, the server that we contacted is ONLY -@@ -681,6 +715,24 @@ +@@ -680,6 +714,24 @@ + prev = NULL; rrset = msg->rrset_first; while(rrset) { - ++ + /* ASN: For AAAA records only... */ + if((ie->aaaa_filter) && (rrset->type == LDNS_RR_TYPE_AAAA)) { + /* ASN: If this is not a AAAA query, then remove AAAA @@ -96,13 +97,12 @@ Index: trunk/iterator/iter_scrub.c + LDNS_RR_TYPE_AAAA, qinfo->qclass); + } + /* ASN: End of added code */ -+ + /* remove private addresses */ if( (rrset->type == LDNS_RR_TYPE_A || - rrset->type == LDNS_RR_TYPE_AAAA)) { Index: trunk/iterator/iter_utils.c =================================================================== ---- trunk/iterator/iter_utils.c (revision 3587) +--- trunk/iterator/iter_utils.c (revision 4357) +++ trunk/iterator/iter_utils.c (working copy) @@ -175,6 +175,7 @@ } @@ -114,9 +114,9 @@ Index: trunk/iterator/iter_utils.c Index: trunk/iterator/iterator.c =================================================================== ---- trunk/iterator/iterator.c (revision 3587) +--- trunk/iterator/iterator.c (revision 4357) +++ trunk/iterator/iterator.c (working copy) -@@ -1776,6 +1776,53 @@ +@@ -1847,6 +1847,53 @@ return 0; } @@ -170,7 +170,7 @@ Index: trunk/iterator/iterator.c /** * This is the request event state where the request will be sent to one of -@@ -1823,6 +1870,13 @@ +@@ -1894,6 +1941,13 @@ return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } @@ -184,7 +184,7 @@ Index: trunk/iterator/iterator.c /* Make sure we have a delegation point, otherwise priming failed * or another failure occurred */ if(!iq->dp) { -@@ -2922,6 +2976,61 @@ +@@ -3095,6 +3149,61 @@ return 0; } @@ -244,9 +244,9 @@ Index: trunk/iterator/iterator.c +/* ASN: End of added code */ + /* - * Return priming query results to interestes super querystates. + * Return priming query results to interested super querystates. * -@@ -2941,6 +3050,9 @@ +@@ -3114,6 +3223,9 @@ else if(super->qinfo.qtype == LDNS_RR_TYPE_DS && ((struct iter_qstate*) super->minfo[id])->state == DSNS_FIND_STATE) processDSNSResponse(qstate, id, super); @@ -256,7 +256,7 @@ Index: trunk/iterator/iterator.c else if(qstate->return_rcode != LDNS_RCODE_NOERROR) error_supers(qstate, id, super); else if(qstate->is_priming) -@@ -2978,6 +3090,9 @@ +@@ -3151,6 +3263,9 @@ case INIT_REQUEST_3_STATE: cont = processInitRequest3(qstate, iq, id); break; @@ -266,7 +266,7 @@ Index: trunk/iterator/iterator.c case QUERYTARGETS_STATE: cont = processQueryTargets(qstate, iq, ie, id); break; -@@ -3270,6 +3385,8 @@ +@@ -3460,6 +3575,8 @@ return "INIT REQUEST STATE (stage 2)"; case INIT_REQUEST_3_STATE: return "INIT REQUEST STATE (stage 3)"; @@ -275,7 +275,7 @@ Index: trunk/iterator/iterator.c case QUERYTARGETS_STATE : return "QUERY TARGETS STATE"; case PRIME_RESP_STATE : -@@ -3294,6 +3411,7 @@ +@@ -3484,6 +3601,7 @@ case INIT_REQUEST_STATE : case INIT_REQUEST_2_STATE : case INIT_REQUEST_3_STATE : @@ -285,19 +285,19 @@ Index: trunk/iterator/iterator.c return 0; Index: trunk/iterator/iterator.h =================================================================== ---- trunk/iterator/iterator.h (revision 3587) +--- trunk/iterator/iterator.h (revision 4357) +++ trunk/iterator/iterator.h (working copy) -@@ -113,6 +113,9 @@ +@@ -130,6 +130,9 @@ */ int* target_fetch_policy; + /** ASN: AAAA-filter flag */ + int aaaa_filter; + - /** ip6.arpa dname in wireformat, used for qname-minimisation */ - uint8_t* ip6arpa_dname; - }; -@@ -163,6 +166,14 @@ + /** lock on ratelimit counter */ + lock_basic_type queries_ratelimit_lock; + /** number of queries that have been ratelimited */ +@@ -182,6 +185,14 @@ INIT_REQUEST_3_STATE, /** @@ -311,26 +311,26 @@ Index: trunk/iterator/iterator.h + /** * Each time a delegation point changes for a given query or a * query times out and/or wakes up, this state is (re)visited. - * This state is reponsible for iterating through a list of -@@ -346,6 +357,13 @@ + * This state is responsible for iterating through a list of +@@ -364,6 +375,13 @@ + * be used when creating the state. A higher one will be attempted. */ int refetch_glue; - ++ + /** + * ASN: This is a flag that, if true, means that this query is + * for fetching A records to populate cache and determine if we must + * return AAAA records or not. + */ + int fetch_a_for_aaaa; -+ + /** list of pending queries to authoritative servers. */ struct outbound_list outlist; - Index: trunk/pythonmod/interface.i =================================================================== ---- trunk/pythonmod/interface.i (revision 3587) +--- trunk/pythonmod/interface.i (revision 4357) +++ trunk/pythonmod/interface.i (working copy) -@@ -632,6 +632,7 @@ +@@ -851,6 +851,7 @@ int harden_dnssec_stripped; int harden_referral_path; int use_caps_bits_for_id; @@ -340,9 +340,9 @@ Index: trunk/pythonmod/interface.i size_t unwanted_threshold; Index: trunk/util/config_file.c =================================================================== ---- trunk/util/config_file.c (revision 3587) +--- trunk/util/config_file.c (revision 4357) +++ trunk/util/config_file.c (working copy) -@@ -176,6 +176,7 @@ +@@ -195,6 +195,7 @@ cfg->harden_referral_path = 0; cfg->harden_algo_downgrade = 0; cfg->use_caps_bits_for_id = 0; @@ -352,9 +352,9 @@ Index: trunk/util/config_file.c cfg->private_domain = NULL; Index: trunk/util/config_file.h =================================================================== ---- trunk/util/config_file.h (revision 3587) +--- trunk/util/config_file.h (revision 4357) +++ trunk/util/config_file.h (working copy) -@@ -179,6 +179,8 @@ +@@ -209,6 +209,8 @@ int harden_algo_downgrade; /** use 0x20 bits in query as random ID bits */ int use_caps_bits_for_id; @@ -365,9 +365,9 @@ Index: trunk/util/config_file.h /** strip away these private addrs from answers, no DNS Rebinding */ Index: trunk/util/configlexer.lex =================================================================== ---- trunk/util/configlexer.lex (revision 3587) +--- trunk/util/configlexer.lex (revision 4357) +++ trunk/util/configlexer.lex (working copy) -@@ -267,6 +267,7 @@ +@@ -279,6 +279,7 @@ use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } @@ -377,9 +377,9 @@ Index: trunk/util/configlexer.lex prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } Index: trunk/util/configparser.y =================================================================== ---- trunk/util/configparser.y (revision 3587) +--- trunk/util/configparser.y (revision 4357) +++ trunk/util/configparser.y (working copy) -@@ -92,6 +92,7 @@ +@@ -95,6 +95,7 @@ %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS @@ -387,7 +387,7 @@ Index: trunk/util/configparser.y %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE -@@ -169,6 +170,7 @@ +@@ -203,6 +204,7 @@ server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size | server_harden_referral_path | server_private_address | server_private_domain | server_extended_statistics | @@ -395,10 +395,12 @@ Index: trunk/util/configparser.y server_local_data_ptr | server_jostle_timeout | server_unwanted_reply_threshold | server_log_time_ascii | server_domain_insecure | server_val_sig_skew_min | -@@ -893,6 +895,15 @@ +@@ -1183,6 +1185,15 @@ + OUTYY(("P(server_caps_whitelist:%s)\n", $2)); + if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2)) yyerror("out of memory"); - } - ; ++ } ++ ; +server_aaaa_filter: VAR_AAAA_FILTER STRING_ARG + { + OUTYY(("P(server_aaaa_filter:%s)\n", $2)); @@ -406,8 +408,6 @@ Index: trunk/util/configparser.y + yyerror("expected yes or no."); + else cfg_parser->cfg->aaaa_filter = (strcmp($2, "yes")==0); + free($2); -+ } -+ ; + } + ; server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG - { - OUTYY(("P(server_private_address:%s)\n", $2)); diff --git a/contrib/unbound/contrib/create_unbound_ad_servers.sh b/contrib/unbound/contrib/create_unbound_ad_servers.sh index d31f078b3d39..49fdbffedfaf 100755 --- a/contrib/unbound/contrib/create_unbound_ad_servers.sh +++ b/contrib/unbound/contrib/create_unbound_ad_servers.sh @@ -9,12 +9,13 @@ # Variables dst_dir="/etc/opt/csw/unbound" work_dir="/tmp" -list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" +list_addr="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" # OS commands CAT=`which cat` ECHO=`which echo` WGET=`which wget` +TR=`which tr` # Check Wget installed if [ ! -f $WGET ]; then @@ -22,8 +23,10 @@ if [ ! -f $WGET ]; then exit 1 fi +# remove special characters with tr to protect unbound.conf $WGET -O $work_dir/yoyo_ad_servers "$list_addr" && \ $CAT $work_dir/yoyo_ad_servers | \ +$TR -d '";$\\' | \ while read line ; \ do \ $ECHO "local-zone: \"$line\" redirect" ;\ @@ -36,4 +39,4 @@ echo "Done." # the unbound_ad_servers file: # # include: $dst_dir/unbound_ad_servers -#
\ No newline at end of file +# diff --git a/contrib/unbound/contrib/drop-tld.diff b/contrib/unbound/contrib/drop-tld.diff new file mode 100644 index 000000000000..173825b3722b --- /dev/null +++ b/contrib/unbound/contrib/drop-tld.diff @@ -0,0 +1,82 @@ +diff --git a/daemon/worker.c b/daemon/worker.c +index 263fcdd..f787b70 100644 +--- a/daemon/worker.c ++++ b/daemon/worker.c +@@ -1213,6 +1213,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, + addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); + log_query_in(ip, qinfo.qname, qinfo.qtype, qinfo.qclass); + } ++ ++ if(worker->env.cfg->drop_tld) { ++ int lab = dname_count_labels(qinfo.qname); ++ if (lab == 2) { ++ comm_point_drop_reply(repinfo); ++ verbose(VERB_ALGO, "Dropping one label query."); ++ return 0; ++ } ++ } + if(qinfo.qtype == LDNS_RR_TYPE_AXFR || + qinfo.qtype == LDNS_RR_TYPE_IXFR) { + verbose(VERB_ALGO, "worker request: refused zone transfer."); +diff --git a/util/config_file.h b/util/config_file.h +index b3ef930..2791541 100644 +--- a/util/config_file.h ++++ b/util/config_file.h +@@ -274,6 +274,8 @@ struct config_file { + int prefetch_key; + /** deny queries of type ANY with an empty answer */ + int deny_any; ++ /** Drop TLD queries from clients **/ ++ int drop_tld; + + /** chrootdir, if not "" or chroot will be done */ + char* chrootdir; +diff --git a/util/configlexer.lex b/util/configlexer.lex +index a86ddf5..9bbedbb 100644 +--- a/util/configlexer.lex ++++ b/util/configlexer.lex +@@ -299,6 +299,7 @@ private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } + prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } + prefetch{COLON} { YDVAR(1, VAR_PREFETCH) } + deny-any{COLON} { YDVAR(1, VAR_DENY_ANY) } ++drop-tld{COLON} { YDVAR(1, VAR_DROP_TLD) } + stub-zone{COLON} { YDVAR(0, VAR_STUB_ZONE) } + name{COLON} { YDVAR(1, VAR_NAME) } + stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) } +diff --git a/util/configparser.y b/util/configparser.y +index 10227a2..567d68e 100644 +--- a/util/configparser.y ++++ b/util/configparser.y +@@ -164,6 +164,7 @@ extern struct config_parser_state* cfg_parser; + %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM + %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT + %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY ++%token VAR_DROP_TLD + %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY + %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES + %token VAR_TLS_SESSION_TICKET_KEYS +@@ -266,6 +267,7 @@ content_server: server_num_threads | server_verbosity | server_port | + server_tls_cert_bundle | server_tls_additional_port | server_low_rtt | + server_fast_server_permil | server_fast_server_num | server_tls_win_cert | + server_tcp_connection_limit | server_log_servfail | server_deny_any | ++ server_drop_tld | + server_unknown_server_time_limit | server_log_tag_queryreply | + server_stream_wait_size | server_tls_ciphers | + server_tls_ciphersuites | server_tls_session_ticket_keys +@@ -1466,6 +1468,16 @@ server_deny_any: VAR_DENY_ANY STRING_ARG + free($2); + } + ; ++ ++server_drop_tld: VAR_DROP_TLD STRING_ARG ++ { ++ OUTYY(("P(server_drop_tld:%s)\n", $2)); ++ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) ++ yyerror("expected yes or no."); ++ else cfg_parser->cfg->drop_tld = (strcmp($2, "yes")==0); ++ free($2); ++ } ++ ; + server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG + { + OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2)); diff --git a/contrib/unbound/contrib/fastrpz.patch b/contrib/unbound/contrib/fastrpz.patch new file mode 100644 index 000000000000..c38ac22b984f --- /dev/null +++ b/contrib/unbound/contrib/fastrpz.patch @@ -0,0 +1,3504 @@ +Description: based on the included patch contrib/fastrpz.patch +Author: fastrpz@farsightsecurity.com +--- +diff --git a/Makefile.in b/Makefile.in +index 721c01b6..56bfb560 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c + CHECKLOCK_OBJ=@CHECKLOCK_OBJ@ + DNSTAP_SRC=@DNSTAP_SRC@ + DNSTAP_OBJ=@DNSTAP_OBJ@ ++FASTRPZ_SRC=@FASTRPZ_SRC@ ++FASTRPZ_OBJ=@FASTRPZ_OBJ@ + DNSCRYPT_SRC=@DNSCRYPT_SRC@ + DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ + WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ +@@ -126,7 +128,7 @@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ + edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ + edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ + cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ +-$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) ++$(DNSTAP_SRC) $(FASTRPZ_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC) + COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ + as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ + iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ +@@ -139,7 +141,7 @@ autotrust.lo val_anchor.lo \ + validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ + val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ + $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ +-$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo ++$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo + COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ + outside_network.lo + COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo +@@ -409,6 +411,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ + $(srcdir)/util/netevent.h + ++# fastrpz ++rpz.lo rpz.o: $(srcdir)/fastrpz/rpz.c config.h fastrpz/rpz.h fastrpz/librpz.h \ ++ $(srcdir)/util/config_file.h $(srcdir)/daemon/daemon.h \ ++ $(srcdir)/util/log.h ++ + # Python Module + pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ + pythonmod/interface.h \ +diff --git a/config.h.in b/config.h.in +index 8c2aa3b9..efaf6450 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -1325,4 +1325,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, + /** the version of unbound-control that this software implements */ + #define UNBOUND_CONTROL_VERSION 1 + +- ++/* have __attribute__s used in librpz.h */ ++#undef LIBRPZ_HAVE_ATTR ++/** fastrpz librpz.so */ ++#undef FASTRPZ_LIBRPZ_PATH ++/** 0=no fastrpz 1=static link 2=dlopen() */ ++#undef FASTRPZ_LIB_OPEN ++/** turn on fastrpz response policy zones */ ++#undef ENABLE_FASTRPZ +diff --git a/configure.ac b/configure.ac +index 5276d441..9d74592e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) + sinclude(acx_python.m4) + sinclude(ac_pkg_swig.m4) + sinclude(dnstap/dnstap.m4) ++sinclude(fastrpz/rpz.m4) + sinclude(dnscrypt/dnscrypt.m4) + + # must be numbers. ac_defun because of later processing +@@ -1726,6 +1727,9 @@ case "$enable_ipset" in + ;; + esac + ++# check for Fastrpz with fastrpz/rpz.m4 ++ck_FASTRPZ ++ + AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) + # on openBSD, the implicit rule make $< work. + # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). +diff --git a/daemon/daemon.c b/daemon/daemon.c +index 0b1200a2..5857c18b 100644 +--- a/daemon/daemon.c ++++ b/daemon/daemon.c +@@ -91,6 +91,9 @@ + #include "sldns/keyraw.h" + #include "respip/respip.h" + #include <signal.h> ++#ifdef ENABLE_FASTRPZ ++#include "fastrpz/rpz.h" ++#endif + + #ifdef HAVE_SYSTEMD + #include <systemd/sd-daemon.h> +@@ -458,6 +461,14 @@ daemon_create_workers(struct daemon* daemon) + dt_apply_cfg(daemon->dtenv, daemon->cfg); + #else + fatal_exit("dnstap enabled in config but not built with dnstap support"); ++#endif ++ } ++ if(daemon->cfg->rpz_enable) { ++#ifdef ENABLE_FASTRPZ ++ rpz_init(&daemon->rpz_clist, &daemon->rpz_client, daemon->cfg); ++#else ++ fatal_exit("fastrpz enabled in config" ++ " but not built with fastrpz"); + #endif + } + for(i=0; i<daemon->num; i++) { +@@ -724,6 +735,9 @@ daemon_cleanup(struct daemon* daemon) + #ifdef USE_DNSCRYPT + dnsc_delete(daemon->dnscenv); + daemon->dnscenv = NULL; ++#endif ++#ifdef ENABLE_FASTRPZ ++ rpz_delete(&daemon->rpz_clist, &daemon->rpz_client); + #endif + daemon->cfg = NULL; + } +diff --git a/daemon/daemon.h b/daemon/daemon.h +index 5749dbef..64ce230f 100644 +--- a/daemon/daemon.h ++++ b/daemon/daemon.h +@@ -136,6 +136,11 @@ struct daemon { + /** the dnscrypt environment */ + struct dnsc_env* dnscenv; + #endif ++#ifdef ENABLE_FASTRPZ ++ /** global opaque rpz handles */ ++ struct librpz_clist *rpz_clist; ++ struct librpz_client *rpz_client; ++#endif + }; + + /** +diff --git a/daemon/worker.c b/daemon/worker.c +index e2ce0e87..f031c656 100644 +--- a/daemon/worker.c ++++ b/daemon/worker.c +@@ -75,6 +75,9 @@ + #include "libunbound/context.h" + #include "libunbound/libworker.h" + #include "sldns/sbuffer.h" ++#ifdef ENABLE_FASTRPZ ++#include "fastrpz/rpz.h" ++#endif + #include "sldns/wire2str.h" + #include "util/shm_side/shm_main.h" + #include "dnscrypt/dnscrypt.h" +@@ -533,8 +536,27 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, + /* not secure */ + secure = 0; + break; ++#ifdef ENABLE_FASTRPZ ++ case sec_status_rpz_rewritten: ++ case sec_status_rpz_drop: ++ fatal_exit("impossible cached RPZ sec_status"); ++ break; ++#endif + } + } ++#ifdef ENABLE_FASTRPZ ++ if(repinfo->rpz) { ++ /* Scan the cached answer for RPZ hits. ++ * ret=1 use cache entry ++ * ret=-1 rewritten response already sent or dropped ++ * ret=0 deny a cached entry exists ++ */ ++ int ret = rpz_worker_cache(worker, msg->rep, qinfo, ++ id, flags, edns, repinfo); ++ if(ret != 1) ++ return ret; ++ } ++#endif + /* return this delegation from the cache */ + edns_bak = *edns; + edns->edns_version = EDNS_ADVERTISED_VERSION; +@@ -699,6 +721,23 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, + secure = 0; + } + } else secure = 0; ++#ifdef ENABLE_FASTRPZ ++ if(repinfo->rpz) { ++ /* Scan the cached answer for RPZ hits. ++ * ret=1 use cache entry ++ * ret=-1 rewritten response already sent or dropped ++ * ret=0 deny a cached entry exists ++ */ ++ int ret = rpz_worker_cache(worker, rep, qinfo, id, flags, edns, ++ repinfo); ++ if(ret != 1) { ++ rrset_array_unlock_touch(worker->env.rrset_cache, ++ worker->scratchpad, rep->ref, ++ rep->rrset_count); ++ return ret; ++ } ++ } ++#endif + + edns_bak = *edns; + edns->edns_version = EDNS_ADVERTISED_VERSION; +@@ -1410,6 +1449,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, + log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", + &repinfo->addr, repinfo->addrlen); + goto send_reply; ++#ifdef ENABLE_FASTRPZ ++ } else { ++ /* Start to rewrite for response policy zones. ++ * This can hit a qname trigger and be done. */ ++ if(rpz_start(worker, &qinfo, repinfo, &edns)) { ++ regional_free_all(worker->scratchpad); ++ return 0; ++ } ++#endif + } + + /* If we've found a local alias, replace the qname with the alias +@@ -1458,12 +1506,21 @@ lookup_cache: + h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); + if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { + /* answer from cache - we have acquired a readlock on it */ +- if(answer_from_cache(worker, &qinfo, ++ ret = answer_from_cache(worker, &qinfo, + cinfo, &need_drop, &alias_rrset, &partial_rep, + (struct reply_info*)e->data, + *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), repinfo, +- &edns)) { ++ &edns); ++#ifdef ENABLE_FASTRPZ ++ if(ret < 0) { ++ /* RPZ already dropped or sent a response. */ ++ lock_rw_unlock(&e->lock); ++ regional_free_all(worker->scratchpad); ++ return 0; ++ } ++#endif ++ if(ret) { + /* prefetch it if the prefetch TTL expired. + * Note that if there is more than one pass + * its qname must be that used for cache +@@ -1518,11 +1575,19 @@ lookup_cache: + lock_rw_unlock(&e->lock); + } + if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { +- if(answer_norec_from_cache(worker, &qinfo, ++ ret = answer_norec_from_cache(worker, &qinfo, + *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), repinfo, +- &edns)) { ++ &edns); ++ if(ret) { + regional_free_all(worker->scratchpad); ++#ifdef ENABLE_FASTRPZ ++ if(ret < 0) { ++ /* RPZ already dropped ++ * or sent a response. */ ++ return 0; ++ } ++#endif + goto send_reply; + } + verbose(VERB_ALGO, "answer norec from cache -- " +diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in +index 4bdfcd56..69e70627 100644 +--- a/doc/unbound.conf.5.in ++++ b/doc/unbound.conf.5.in +@@ -1801,6 +1801,81 @@ List domain for which the AAAA records are ignored and the A record is + used by dns64 processing instead. Can be entered multiple times, list a + new domain for which it applies, one per line. Applies also to names + underneath the name given. ++.SS "Response Policy Zone Rewriting" ++.LP ++Response policy zone rewriting is controlled with the ++.B rpz ++clause. ++It must contain a ++.B rpz\-enable: ++option, and one or more ++.B rpz\-zone: ++options. ++It will usually also contain ++.B rpz\-option: ++clauses with general rewriting options or specifying dnsrpzd parameters. ++Beneath the surface, the text in ++.B rpz\-zone: \fI<"domain">\fR ++is converted to \fI"zone domain\\n"\fR and added to the configuration string ++given to ++\fIlibrpz\fR(3). ++The text in ++.B rpz-option \fI<"text">\fR ++is also added to that configuration string. ++.LP ++If using chroot, then the chroot directory must contain the \fIdnsrpzd\fR(3) ++command and the shared libraries that it uses. ++Those can be found with the \fIldd\fR(1) command. ++.LP ++Resolver zone and rewriting options and response policy zone triggers and ++actions are described in \fIlibrpz\fR(3). ++The separate control file that specifies the policy zones maintained by ++the dnsrpzd daemon is described in \fIdnsrpzd\fR(8). ++.LP ++Many installations need a local whitelist that exempts local ++domains from rewriting. ++Whitelist records can be in zones transferred by dnsrpzd from ++authorities or in a local zone file. ++.TP ++.B rpz-enable: \fI<yes or no> ++enables Fastrpz. ++If not enabled, the other options in the ++.B rpz: ++clause are ignored. ++.TP ++.B rpz-zone: \fI<"zone and options"> ++specifies a policy zone and optional per-zone rewriting parameters. ++.TP ++.B rpz-option: \fI<"option"> ++specifies general Fastrpz options. ++.LP ++Fastrpz is available only on POSIX compliant UNIX-like systems with the ++\fImmap\fR(2) system call. ++.LP ++Fastrpz in Unbound differs from rpz and fastrpz in BIND by ++.RS 3 ++.HP 4 ++RPZ-CLIENT-IP triggers can only be used in the first policy zone ++specified with ++.B rpz-zone: ++.HP ++Policy zone rewriting is disabled by the DO bit in DNS requests ++even when no DNSSEC signatures are supplied by authorities. ++.HP ++Unbound local zones are not subject to rpz rewriting. ++.HP ++Like Fastrpz with BIND but unlike classic BIND rpz, ++the ADDITIONAL sections of rewritten responses contain the SOA record from ++the policy zone used to rewrite the response. ++.RE ++.P ++.nf ++# example Fastrpz settings for use with chroot on Freebsd ++rpz: ++ rpz-zone: "rpz.example.org" ++ rpz-zone: "other.rpz.example.org ip-as-ns yes" ++ rpz-option: "dnsrpzd ./dnsrpzd" ++.fi + .SS "DNSCrypt Options" + .LP + The +diff --git a/fastrpz/librpz.h b/fastrpz/librpz.h +new file mode 100644 +index 00000000..645279d1 +--- /dev/null ++++ b/fastrpz/librpz.h +@@ -0,0 +1,957 @@ ++/* ++ * Define the interface from a DNS resolver to the Response Policy Zone ++ * library, librpz. ++ * ++ * This file should be included only the interface functions between the ++ * resolver and librpz to avoid name space pollution. ++ * ++ * Copyright (c) 2016-2017 Farsight Security, Inc. ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ * ++ * Fastrpz version 1.2.10 ++ */ ++ ++#ifndef LIBRPZ_H ++#define LIBRPZ_H ++ ++#include <arpa/nameser.h> ++#include <netinet/in.h> ++#include <stdarg.h> ++#include <stdbool.h> ++#include <stdio.h> ++#include <sys/types.h> ++ ++ ++/* ++ * Allow either ordinary or dlopen() linking. ++ */ ++#ifdef LIBRPZ_INTERNAL ++#define LIBDEF(t,s) extern t s; ++#define LIBDEF_F(f) LIBDEF(librpz_##f##_t, librpz_##f) ++#else ++#define LIBDEF(t,s) ++#define LIBDEF_F(f) ++#endif ++ ++/* ++ * Response Policy Zone triggers. ++ * Comparisons of trigger precedences require ++ * LIBRPZ_TRIG_CLIENT_IP < LIBRPZ_TRIG_QNAME < LIBRPZ_TRIG_IP ++ * < LIBRPZ_TRIG_NSDNAME < LIBRPZ_TRIG_NSIP} ++ */ ++typedef enum { ++ LIBRPZ_TRIG_BAD =0, ++ LIBRPZ_TRIG_CLIENT_IP =1, ++ LIBRPZ_TRIG_QNAME =2, ++ LIBRPZ_TRIG_IP =3, ++ LIBRPZ_TRIG_NSDNAME =4, ++ LIBRPZ_TRIG_NSIP =5 ++} librpz_trig_t; ++#define LIBRPZ_TRIG_SIZE 3 /* sizeof librpz_trig_t in bits */ ++typedef uint8_t librpz_tbit_t; /* one bit for each of the TRIGS_NUM ++ * trigger types */ ++ ++ ++/* ++ * Response Policy Zone Actions or policies ++ */ ++typedef enum { ++ LIBRPZ_POLICY_UNDEFINED =0, /* an empty entry or no decision yet */ ++ LIBRPZ_POLICY_DELETED =1, /* placeholder for a deleted policy */ ++ ++ LIBRPZ_POLICY_PASSTHRU =2, /* 'passthru': do not rewrite */ ++ LIBRPZ_POLICY_DROP =3, /* 'drop': do not respond */ ++ LIBRPZ_POLICY_TCP_ONLY =4, /* 'tcp-only': answer UDP with TC=1 */ ++ LIBRPZ_POLICY_NXDOMAIN =5, /* 'nxdomain': answer with NXDOMAIN */ ++ LIBRPZ_POLICY_NODATA =6, /* 'nodata': answer with ANCOUNT=0 */ ++ LIBRPZ_POLICY_RECORD =7, /* rewrite with the policy's RR */ ++ ++ /* only in client configurations to override the zone */ ++ LIBRPZ_POLICY_GIVEN, /* 'given': what policy record says */ ++ LIBRPZ_POLICY_DISABLED, /* at most log */ ++ LIBRPZ_POLICY_CNAME, /* answer with 'cname x' */ ++} librpz_policy_t; ++#define LIBRPZ_POLICY_BITS 4 ++ ++/* ++ * Special policies that appear as targets of CNAMEs ++ * NXDOMAIN is signaled by a CNAME with a "." target. ++ * NODATA is signaled by a CNAME with a "*." target. ++ */ ++#define LIBRPZ_RPZ_PREFIX "rpz-" ++#define LIBRPZ_RPZ_PASSTHRU LIBRPZ_RPZ_PREFIX"passthru" ++#define LIBRPZ_RPZ_DROP LIBRPZ_RPZ_PREFIX"drop" ++#define LIBRPZ_RPZ_TCP_ONLY LIBRPZ_RPZ_PREFIX"tcp-only" ++ ++ ++typedef uint16_t librpz_dznum_t; /* dnsrpzd zone # in [0,DZNUM_MAX] */ ++typedef uint8_t librpz_cznum_t; /* client zone # in [0,CZNUM_MAX] */ ++ ++ ++/* ++ * CIDR block ++ */ ++typedef struct librpz_prefix { ++ union { ++ struct in_addr in; ++ struct in6_addr in6; ++ } addr; ++ uint8_t family; ++ uint8_t len; ++} librpz_prefix_t; ++ ++/* ++ * A domain ++ */ ++typedef uint8_t librpz_dsize_t; ++typedef struct librpz_domain { ++ librpz_dsize_t size; /* of only .d */ ++ uint8_t d[0]; /* variable length wire format */ ++} librpz_domain_t; ++ ++/* ++ * A maximal domain buffer ++ */ ++typedef struct librpz_domain_buf { ++ librpz_dsize_t size; ++ uint8_t d[NS_MAXCDNAME]; ++} librpz_domain_buf_t; ++ ++/* ++ * A resource record without the owner name. ++ * C compilers say that sizeof(librpz_rr_t)=12 instead of 10. ++ */ ++typedef struct { ++ uint16_t type; /* network byte order */ ++ uint16_t class; /* network byte order */ ++ uint32_t ttl; /* network byte order */ ++ uint16_t rdlength; /* network byte order */ ++ uint8_t rdata[0]; /* variable length */ ++} librpz_rr_t; ++ ++/* ++ * The database file might be mapped with different starting addresses ++ * by concurrent clients (resolvers), and so all pointers are offsets. ++ */ ++typedef uint32_t librpz_idx_t; ++#define LIBRPZ_IDX_NULL 0 ++#define LIBRPZ_IDX_MIN 1 ++#define LIBRPZ_IDX_BAD ((librpz_idx_t)-1) ++/** ++ * Partial decoded results of a set of RPZ queries for a single DNS response ++ * or interation through the mapped file. ++ */ ++typedef int16_t librpz_result_id_t; ++typedef struct librpz_result { ++ librpz_idx_t next_rr; ++ librpz_result_id_t hit_id; /* trigger ID from resolver */ ++ librpz_policy_t zpolicy; /* policy from zone */ ++ librpz_policy_t policy; /* adjusted by client configuration */ ++ librpz_dznum_t dznum; /* dnsrpzd zone number */ ++ librpz_cznum_t cznum; /* librpz client zone number */ ++ librpz_trig_t trig:LIBRPZ_TRIG_SIZE; ++ bool log:1; /* log rewrite given librpz_log_level */ ++} librpz_result_t; ++ ++ ++/** ++ * librpz trace or log levels. ++ */ ++typedef enum { ++ LIBRPZ_LOG_FATAL =0, /* always print fatal errors */ ++ LIBRPZ_LOG_ERROR =1, /* errors have this level */ ++ LIBRPZ_LOG_TRACE1 =2, /* big events such as dnsrpzd starts */ ++ LIBRPZ_LOG_TRACE2 =3, /* smaller dnsrpzd zone transfers */ ++ LIBRPZ_LOG_TRACE3 =4, /* librpz hits */ ++ LIBRPZ_LOG_TRACE4 =5, /* librpz lookups */ ++ LIBRPZ_LOG_INVALID =999, ++} librpz_log_level_t; ++typedef librpz_log_level_t (librpz_log_level_val_t)(librpz_log_level_t level); ++LIBDEF_F(log_level_val) ++ ++/** ++ * Logging function that can be supplied by the resolver. ++ * @param level is one of librpz_log_level_t ++ * @param ctx is for use by the resolver's logging system. ++ * NULL mean a context-free message. ++ */ ++typedef void(librpz_log_fnc_t)(librpz_log_level_t level, void *ctx, ++ const char *buf); ++ ++/** ++ * Point librpz logging functions to the resolver's choice. ++ */ ++typedef void (librpz_set_log_t)(librpz_log_fnc_t *new_log, const char *prog_nm); ++LIBDEF_F(set_log) ++ ++ ++/** ++ * librpz error messages are put in these buffers. ++ * Use a structure intead of naked char* to let the compiler check the length. ++ * A function defined with "foo(char buf[120])" can be called with ++ * "char sbuf[2]; foo(sbuf)" and suffer a buffer overrun. ++ */ ++typedef struct { ++ char c[120]; ++} librpz_emsg_t; ++ ++ ++#ifdef LIBRPZ_HAVE_ATTR ++#define LIBRPZ_UNUSED __attribute__((unused)) ++#define LIBRPZ_PF(f,l) __attribute__((format(printf,f,l))) ++#define LIBRPZ_NORET __attribute__((__noreturn__)) ++#else ++#define LIBRPZ_UNUSED ++#define LIBRPZ_PF(f,l) ++#define LIBRPZ_NORET ++#endif ++ ++#ifdef HAVE_BUILTIN_EXPECT ++#define LIBRPZ_LIKELY(c) __builtin_expect(!!(c), 1) ++#define LIBRPZ_UNLIKELY(c) __builtin_expect(!!(c), 0) ++#else ++#define LIBRPZ_LIKELY(c) (c) ++#define LIBRPZ_UNLIKELY(c) (c) ++#endif ++ ++typedef bool (librpz_parse_log_opt_t)(librpz_emsg_t *emsg, const char *arg); ++LIBDEF_F(parse_log_opt) ++ ++typedef void (librpz_vpemsg_t)(librpz_emsg_t *emsg, ++ const char *p, va_list args); ++LIBDEF_F(vpemsg) ++typedef void (librpz_pemsg_t)(librpz_emsg_t *emsg, ++ const char *p, ...) LIBRPZ_PF(2,3); ++LIBDEF_F(pemsg) ++ ++typedef void (librpz_vlog_t)(librpz_log_level_t level, void *ctx, ++ const char *p, va_list args); ++LIBDEF_F(vlog) ++typedef void (librpz_log_t)(librpz_log_level_t level, void *ctx, ++ const char *p, ...) LIBRPZ_PF(3,4); ++LIBDEF_F(log) ++ ++typedef void (librpz_fatal_t)(int ex_code, ++ const char *p, ...) LIBRPZ_PF(2,3); ++extern void librpz_fatal(int ex_code, ++ const char *p, ...) LIBRPZ_PF(2,3) LIBRPZ_NORET; ++ ++typedef void (librpz_rpz_assert_t)(const char *file, unsigned line, ++ const char *p, ...) LIBRPZ_PF(3,4); ++extern void librpz_rpz_assert(const char *file, unsigned line, ++ const char *p, ...) LIBRPZ_PF(3,4) LIBRPZ_NORET; ++ ++typedef void (librpz_rpz_vassert_t)(const char *file, uint line, ++ const char *p, va_list args); ++extern void librpz_rpz_vassert(const char *file, uint line, ++ const char *p, va_list args) LIBRPZ_NORET; ++ ++ ++/* ++ * As far as clients are concerned, all relative pointers or indexes in a ++ * version of the mapped file except trie node parent pointers remain valid ++ * forever. A client must release a version so that it can be garbage ++ * collected by the file system. When dnsrpzd needs to expand the file, ++ * it copies the old file to a new, larger file. Clients can continue ++ * using the old file. ++ * ++ * Versions can also appear in a single file. Old nodes and trie values ++ * within the file are not destroyed until all clients using the version ++ * that contained the old values release the version. ++ * ++ * A client is marked as using version by connecting to the deamon. It is ++ * marked as using all subsequent versions. A client releases all versions ++ * by closing the connection or a range of versions by updating is slot ++ * in the shared memory version table. ++ * ++ * As far as clients are concerned, there are the following possible librpz ++ * failures: ++ * - malloc() or other fatal internal librpz problems indicated by ++ * a failing return from a librpz function ++ * All operations will fail until client handle is destroyed and ++ * recreated with librpz_client_detach() and librpz_client_create(). ++ * - corrupt database detected by librpz code, corrupt database detected ++ * by dnsrpzd, or disconnection from the daemon. ++ * Current operations will fail. ++ * ++ * Clients assume that the file has already been unlinked before ++ * the corrupt flag is set so that they do not race with the server ++ * over the corruption of a single file. A client that finds the ++ * corrupt set knows that dnsrpzd has already crashed with ++ * abort() and is restarting. The client can re-connect to dnsrpzd ++ * and retransmit its configuration, backing off as usual if anything ++ * goes wrong. ++ * ++ * Searchs of the database by a client do not need locks against dnsrpzd or ++ * other clients, but a lock is used to protect changes to the connection ++ * by competing threads in the client. The client provides fuctions ++ * to serialize the conncurrent use of any single client handle. ++ * Functions that do nothing are appropriate for applications that are ++ * not "threaded" or that do not share client handles among threads. ++ * Otherwise, functions must be provided to librpz_clientcreate(). ++ * Something like the following works with pthreads: ++ * ++ * static void ++ * lock(void *mutex) { assert(pthread_mutex_lock(mutex) == 0); } ++ * ++ * static void ++ * unlock(void *mutex) { assert(pthread_mutex_unlock(mutex) == 0); } ++ * ++ * static void ++ * mutex_destroy(void *mutex) { assert(pthread_mutex_destroy(mutex) == 0); } ++ * ++ * ++ * ++ * At every instant, all of the data and pointers in the mapped file are valid. ++ * Changes to trie node or other data are always made so that it and ++ * all pointers in and to it remain valid for a time. Old versions are ++ * eventually discarded. ++ * ++ * Dnsrpzd periodically defines a new version by setting asside all changes ++ * made since the previous version was defined. Subsequent changes ++ * made (only!) by dnsrpzd will be part of the next version. ++ * ++ * To discard an old version, dnsrpzd must know that all clients have stopped ++ * using that version. Clients do that by using part of the mapped file ++ * to tell dnsrpzd the oldest version that each client is using. ++ * Dnsrpzd assigns each connecting client an entry in the cversions array ++ * in the mapped file. The client puts version numbers into that entry ++ * to signal to dnsrpzd which versions that can be discarded. ++ * Dnsrpzd is free, as far as that client is concerned, to discard all ++ * numerically smaller versions. A client can disclaim all versions with ++ * the version number VERSIONS_ALL or 0. ++ * ++ * The race between a client changing its entry and dnsrpzd discarding a ++ * version is resolved by allowing dnsrpzd to discard all versions ++ * smaller or equal to the client's version number. If dnsrpzd is in ++ * the midst of discarding or about to discard version N when the ++ * client asserts N, no harm is done. The client depends only on ++ * the consistency of version N+1. ++ * ++ * This version mechanism depends in part on not being exercised too frequently ++ * Version numbers are 32 bits long and dnsrpzd creates new versions ++ * at most once every 30 seconds. ++ */ ++ ++ ++/* ++ * Lock functions for concurrent use of a single librpz_client_t client handle. ++ */ ++typedef void(librpz_mutex_t)(void *mutex); ++ ++/* ++ * List of connections to dnsrpzd daemons. ++ */ ++typedef struct librpz_clist librpz_clist_t; ++ ++/* ++ * Client's handle on dnsrpzd. ++ */ ++typedef struct librpz_client librpz_client_t; ++ ++/** ++ * Create the list of connections to the dnsrpzd daemon. ++ * @param[out] emsg: error message ++ * @param lock: start exclusive access to the client handle ++ * @param unlock: end exclusive access to the client handle ++ * @param mutex_destroy: release the lock ++ * @param mutex: pointer to the lock for the client handle ++ * @param log_ctx: NULL or resolver's context log messages ++ */ ++typedef librpz_clist_t *(librpz_clist_create_t)(librpz_emsg_t *emsg, ++ librpz_mutex_t *lock, ++ librpz_mutex_t *unlock, ++ librpz_mutex_t *mutex_destroy, ++ void *mutex, void *log_ctx); ++LIBDEF_F(clist_create) ++ ++ ++/** ++ * Release the list of dnsrpzd connections. ++ */ ++typedef void (librpz_clist_detach_t)(librpz_clist_t **clistp); ++LIBDEF_F(clist_detach) ++ ++/** ++ * Create a librpz client handle. ++ * @param[out] emsg: error message ++ * @param: list of dnsrpzd connections ++ * @param cstr: string of configuration settings separated by ';' or '\n' ++ * @param use_expired: true to not ignore expired zones ++ * @return client handle or NULL if the handle could not be created ++ */ ++typedef librpz_client_t *(librpz_client_create_t)(librpz_emsg_t *emsg, ++ librpz_clist_t *clist, ++ const char *cstr, ++ bool use_expired); ++LIBDEF_F(client_create) ++ ++/** ++ * Start (if necessary) dnsrpzd and connect to it. ++ * @param[out] emsg: error message ++ * @param client handle ++ * @param optional: true if it is ok if starting the daemon is not allowed ++ */ ++typedef bool (librpz_connect_t)(librpz_emsg_t *emsg, librpz_client_t *client, ++ bool optional); ++LIBDEF_F(connect) ++ ++/** ++ * Start to destroy a librpz client handle. ++ * It will not be destroyed until the last set of RPZ queries represented ++ * by a librpz_rsp_t ends. ++ * @param client handle to be released ++ * @return false on error ++ */ ++typedef void (librpz_client_detach_t)(librpz_client_t **clientp); ++LIBDEF_F(client_detach) ++ ++/** ++ * State for a set of RPZ queries for a single DNS response ++ * or for listing the database. ++ */ ++typedef struct librpz_rsp librpz_rsp_t; ++ ++/** ++ * Start a set of RPZ queries for a single DNS response. ++ * @param[out] emsg: error message for false return or *rspp=NULL ++ * @param[out] rspp created context or NULL ++ * @param[out] min_ns_dotsp: NULL or pointer to configured MIN-NS-DOTS value ++ * @param client state ++ * @param have_rd: RD=1 in the DNS request ++ * @param have_do: DO=1 in the DNS request ++ * @return false on error ++ */ ++typedef bool (librpz_rsp_create_t)(librpz_emsg_t *emsg, librpz_rsp_t **rspp, ++ int *min_ns_dotsp, librpz_client_t *client, ++ bool have_rd, bool have_do); ++LIBDEF_F(rsp_create) ++ ++/** ++ * Finish RPZ work for a DNS response. ++ */ ++typedef void (librpz_rsp_detach_t)(librpz_rsp_t **rspp); ++LIBDEF_F(rsp_detach) ++ ++/** ++ * Get the final, accumulated result of a set of RPZ queries. ++ * Yield LIBRPZ_POLICY_UNDEFINED if ++ * - there were no hits, ++ * - there was a dispositive hit, be we have not recursed and are required ++ * to recurse so that evil DNS authories will not know we are using RPZ ++ * - we have a hit and have recursed, but later data such as NSIP could ++ * override ++ * @param[out] emsg ++ * @param[out] result describes the hit ++ * or result->policy=LIBRPZ_POLICY_UNDEFINED without a hit ++ * @param[out] result: current policy rewrite values ++ * @param recursed: recursion has now been done even if it was not done ++ * when the hit was found ++ * @param[in,out] rsp state from librpz_itr_start() ++ * @return false on error ++ */ ++typedef bool (librpz_rsp_result_t)(librpz_emsg_t *emsg, librpz_result_t *result, ++ bool recursed, const librpz_rsp_t *rsp); ++LIBDEF_F(rsp_result) ++ ++/** ++ * Might looking for a trigger be worthwhile? ++ * @param trig: look for this type of trigger ++ * @param ipv6: true if trig is LIBRPZ_TRIG_CLIENT_IP, LIBRPZ_TRIG_IP, ++ * or LIBRPZ_TRIG_NSIP and the IP address is IPv6 ++ * @return: true if looking could be worthwhile ++ */ ++typedef bool (librpz_have_trig_t)(librpz_trig_t trig, bool ipv6, ++ const librpz_rsp_t *rsp); ++LIBDEF_F(have_trig) ++ ++/** ++ * Might looking for NSDNAME and NSIP triggers be worthwhile? ++ * @return: true if looking could be worthwhile ++ */ ++typedef bool (librpz_have_ns_trig_t)(const librpz_rsp_t *rsp); ++LIBDEF_F(have_ns_trig) ++ ++/** ++ * Convert the found client IP trie key to a CIDR block ++ * @param[out] emsg ++ * @param[out] prefix trigger ++ * @param[in,out] rsp state from librpz_itr_start() ++ * @return false on error ++ */ ++typedef bool (librpz_rsp_clientip_prefix_t)(librpz_emsg_t *emsg, ++ librpz_prefix_t *prefix, ++ librpz_rsp_t *rsp); ++LIBDEF_F(rsp_clientip_prefix) ++ ++/** ++ * Compute the owner name of the found or result trie key, usually to log it. ++ * An IP address key might be returned as 8.0.0.0.127.rpz-client-ip. ++ * example.com. might be a qname trigger. example.com.rpz-nsdname. could ++ * be an NSDNAME trigger. ++ * @param[out] emsg ++ * @param[out] owner domain ++ * @param[in,out] rsp state from librpz_itr_start() ++ * @return false on error ++ */ ++typedef bool (librpz_rsp_domain_t)(librpz_emsg_t *emsg, ++ librpz_domain_buf_t *owner, ++ librpz_rsp_t *rsp); ++LIBDEF_F(rsp_domain) ++ ++/** ++ * Get the next RR of the LIBRPZ_POLICY_RECORD result after an initial use of ++ * librpz_rsp_result() or librpz_itr_node() or after a previous use of ++ * librpz_rsp_rr(). The RR is in uncompressed wire format including type, ++ * class, ttl and length in network byte order. ++ * @param[out] emsg ++ * @param[out] typep: optional host byte order record type or ns_t_invalid (0) ++ * @param[out] classp: class such as ns_c_in ++ * @param[out] ttlp: TTL ++ * @param[out] rrp: optionall malloc() buffer containting the next RR or ++ * NULL after the last RR ++ * @param[out] result: current policy rewrite values ++ * @param qname: used construct a wildcard CNAME ++ * @param qname_size ++ * @param[in,out] rsp state from librpz_itr_start() ++ * @return false on error ++ */ ++typedef bool (librpz_rsp_rr_t)(librpz_emsg_t *emsg, uint16_t *typep, ++ uint16_t *classp, uint32_t *ttlp, ++ librpz_rr_t **rrp, librpz_result_t *result, ++ const uint8_t *qname, size_t qname_size, ++ librpz_rsp_t *rsp); ++LIBDEF_F(rsp_rr) ++ ++/** ++ * Get the next RR of the LIBRPZ_POLICY_RECORD result. ++ * @param[out] emsg ++ * @param[out] ttlp: TTL ++ * @param[out] rrp: malloc() buffer with SOA RR without owner name ++ * @param[out] result: current policy rewrite values ++ * @param[out] origin: SOA owner name ++ * @param[out] origin_size ++ * @param[in,out] rsp state from librpz_itr_start() ++ * @return false on error ++ */ ++typedef bool (librpz_rsp_soa_t)(librpz_emsg_t *emsg, uint32_t *ttlp, ++ librpz_rr_t **rrp, librpz_domain_buf_t *origin, ++ librpz_result_t *result, librpz_rsp_t *rsp); ++LIBDEF_F(rsp_soa) ++ ++/** ++ * Get the SOA serial number for a policy zone to compare with a known value ++ * to check whether a zone tranfer is complete. ++ */ ++typedef bool (librpz_soa_serial_t)(librpz_emsg_t *emsg, uint32_t *serialp, ++ const char *domain_nm, librpz_rsp_t *rsp); ++LIBDEF_F(soa_serial) ++ ++/** ++ * Save the current policy checking state. ++ * @param[out] emsg ++ * @param[in,out] rsp state from librpz_itr_start() ++ * @return false on error ++ */ ++typedef bool (librpz_rsp_push_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); ++LIBDEF_F(rsp_push) ++#define LIBRPZ_RSP_STACK_DEPTH 3 ++ ++/** ++ * Restore the previous policy checking state. ++ * @param[out] emsg ++ * @param[out] result: NULL or restored policy rewrite values ++ * @param[in,out] rsp state from librpz_itr_start() ++ * @return false on error ++ */ ++typedef bool (librpz_rsp_pop_t)(librpz_emsg_t *emsg, librpz_result_t *result, ++ librpz_rsp_t *rsp); ++LIBDEF_F(rsp_pop) ++ ++/** ++ * Discard the most recently save policy checking state. ++ * @param[out] emsg ++ * @param[out] result: NULL or restored policy rewrite values ++ * @return false on error ++ */ ++typedef bool (librpz_rsp_pop_discard_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); ++LIBDEF_F(rsp_pop_discard) ++ ++/** ++ * Disable a zone. ++ * @param[out] emsg ++ * @param znum ++ * @param[in,out] rsp state from librpz_itr_start() ++ * @return false on error ++ */ ++typedef bool (librpz_rsp_forget_zone_t)(librpz_emsg_t *emsg, ++ librpz_cznum_t znum, librpz_rsp_t *rsp); ++LIBDEF_F(rsp_forget_zone) ++ ++/** ++ * Apply RPZ to an IP address. ++ * @param[out] emsg ++ * @param addr: address to check ++ * @param ipv6: true for 16 byte IPv6 instead of 4 byte IPv4 ++ * @param trig LIBRPZ_TRIG_CLIENT_IP, LIBRPZ_TRIG_IP, or LIBRPZ_TRIG_NSIP ++ * @param hit_id: caller chosen ++ * @param recursed: recursion has been done ++ * @param[in,out] rsp state from librpz_itr_start() ++ * @return false on error ++ */ ++typedef bool (librpz_ck_ip_t)(librpz_emsg_t *emsg, ++ const void *addr, uint family, ++ librpz_trig_t trig, librpz_result_id_t hit_id, ++ bool recursed, librpz_rsp_t *rsp); ++LIBDEF_F(ck_ip) ++ ++/** ++ * Apply RPZ to a wire-format domain. ++ * @param[out] emsg ++ * @param domain in wire format ++ * @param domain_size ++ * @param trig LIBRPZ_TRIG_QNAME or LIBRPZ_TRIG_NSDNAME ++ * @param hit_id: caller chosen ++ * @param recursed: recursion has been done ++ * @param[in,out] rsp state from librpz_itr_start() ++ * @return false on error ++ */ ++typedef bool (librpz_ck_domain_t)(librpz_emsg_t *emsg, ++ const uint8_t *domain, size_t domain_size, ++ librpz_trig_t trig, librpz_result_id_t hit_id, ++ bool recursed, librpz_rsp_t *rsp); ++LIBDEF_F(ck_domain) ++ ++/** ++ * Ask dnsrpzd to refresh a zone. ++ * @param[out] emsg error message ++ * @param librpz_domain_t domain to refresh ++ * @param client context ++ * @return false after error ++ */ ++typedef bool (librpz_zone_refresh_t)(librpz_emsg_t *emsg, const char *domain, ++ librpz_rsp_t *rsp); ++LIBDEF_F(zone_refresh) ++ ++/** ++ * Get a string describing the the databasse ++ * @param license: include the license ++ * @param cfiles: include the configuration file names ++ * @param listens: include the local notify IP addresses ++ * @param[out] emsg error message if the result is null ++ * @param client context ++ * @return malloc'ed string or NULL after error ++ */ ++typedef char *(librpz_db_info_t)(librpz_emsg_t *emsg, ++ bool license, bool cfiles, bool listens, ++ librpz_rsp_t *rsp); ++LIBDEF_F(db_info) ++ ++/** ++ * Start a context for listing the nodes and/or zones in the mapped file ++ * @param[out] emsg: error message for false return or *rspp=NULL ++ * @param[out[ rspp created context or NULL ++ * @param client context ++ * @return false after error ++ */ ++typedef bool (librpz_itr_start_t)(librpz_emsg_t *emsg, librpz_rsp_t **rspp, ++ librpz_client_t *client); ++LIBDEF_F(itr_start) ++ ++/** ++ * Get mapped file memory allocation statistics. ++ * @param[out] emsg: error message ++ * @param rsp state from librpz_itr_start() ++ * @return malloc'ed string or NULL after error ++ */ ++typedef char *(librpz_mf_stats_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); ++LIBDEF_F(mf_stats) ++ ++/** ++ * Get versions currently used by clients. ++ * @param[out] emsg: error message ++ * @param[in,out] rsp: state from librpz_itr_start() ++ * @return malloc'ed string or NULL after error ++ */ ++typedef char *(librpz_vers_stats_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); ++LIBDEF_F(vers_stats) ++ ++/** ++ * Allocate a string describing the next zone or "" after the last zone. ++ * @param[out] emsg ++ * @param all_zones to list all instead of only requested zones ++ * @param[in,out] rsp state from librpz_rsp_start() ++ * @return malloc'ed string or NULL after error ++ */ ++typedef char *(librpz_itr_zone_t)(librpz_emsg_t *emsg, bool all_zones, ++ librpz_rsp_t *rsp); ++LIBDEF_F(itr_zone) ++ ++/** ++ * Describe the next trie node while dumping the database. ++ * @param[out] emsg ++ * @param[out] result describes node ++ * or result->policy=LIBRPZ_POLICY_UNDEFINED after the last node. ++ * @param all_zones to list all instead of only requested zones ++ * @param[in,out] rsp state from librpz_itr_start() ++ * @return: false on error ++ */ ++typedef bool (librpz_itr_node_t)(librpz_emsg_t *emsg, librpz_result_t *result, ++ bool all_zones, librpz_rsp_t *rsp); ++LIBDEF_F(itr_node) ++ ++/** ++ * RPZ policy to string with a backup buffer of POLICY2STR_SIZE size ++ */ ++typedef const char *(librpz_policy2str_t)(librpz_policy_t policy, ++ char *buf, size_t buf_size); ++#define POLICY2STR_SIZE sizeof("policy xxxxxx") ++LIBDEF_F(policy2str) ++ ++/** ++ * Trigger type to string. ++ */ ++typedef const char *(librpz_trig2str_t)(librpz_trig_t trig); ++LIBDEF_F(trig2str) ++ ++/** ++ * Convert a number of seconds to a zone file duration string ++ */ ++typedef const char *(librpz_secs2str_t)(time_t secs, ++ char *buf, size_t buf_size); ++#define SECS2STR_SIZE sizeof("1234567w7d24h59m59s") ++LIBDEF_F(secs2str) ++ ++/** ++ * Parse a duration with 's', 'm', 'h', 'd', and 'w' units. ++ */ ++typedef bool (librpz_str2secs_t)(librpz_emsg_t *emsg, time_t *val, ++ const char *str0); ++LIBDEF_F(str2secs) ++ ++/** ++ * Translate selected rtypes to strings ++ */ ++typedef const char *(librpz_rtype2str_t)(uint type, char *buf, size_t buf_size); ++#define RTYPE2STR_SIZE sizeof("type xxxxx") ++LIBDEF_F(rtype2str) ++ ++/** ++ * Local version of ns_name_ntop() for portability. ++ */ ++typedef int (librpz_domain_ntop_t)(const u_char *src, char *dst, size_t dstsiz); ++LIBDEF_F(domain_ntop) ++ ++/** ++ * Local version of ns_name_pton(). ++ */ ++typedef int (librpz_domain_pton2_t)(const char *src, u_char *dst, size_t dstsiz, ++ size_t *dstlen, bool lower); ++LIBDEF_F(domain_pton2) ++ ++typedef union socku socku_t; ++typedef socku_t *(librpz_mk_inet_su_t)(socku_t *su, const struct in_addr *addrp, ++ in_port_t port); ++LIBDEF_F(mk_inet_su) ++ ++typedef socku_t *(librpz_mk_inet6_su_t)(socku_t *su, const ++ struct in6_addr *addrp, ++ uint32_t scope_id, in_port_t port); ++LIBDEF_F(mk_inet6_su) ++ ++typedef bool (librpz_str2su_t)(socku_t *sup, const char *str); ++LIBDEF_F(str2su) ++ ++typedef char *(librpz_su2str_t)(char *str, size_t str_len, const socku_t *su); ++LIBDEF_F(su2str) ++#define SU2STR_SIZE (INET6_ADDRSTRLEN+1+6+1) ++ ++ ++/** ++ * default path to dnsrpzd ++ */ ++const char *librpz_dnsrpzd_path; ++ ++ ++#undef LIBDEF ++ ++/* ++ * This is the dlopen() interface to librpz. ++ */ ++typedef const struct { ++ const char *dnsrpzd_path; ++ const char *version; ++ librpz_parse_log_opt_t *parse_log_opt; ++ librpz_log_level_val_t *log_level_val; ++ librpz_set_log_t *set_log; ++ librpz_vpemsg_t *vpemsg; ++ librpz_pemsg_t *pemsg; ++ librpz_vlog_t *vlog; ++ librpz_log_t *log; ++ librpz_fatal_t *fatal LIBRPZ_NORET; ++ librpz_rpz_assert_t *rpz_assert LIBRPZ_NORET; ++ librpz_rpz_vassert_t *rpz_vassert LIBRPZ_NORET; ++ librpz_clist_create_t *clist_create; ++ librpz_clist_detach_t *clist_detach; ++ librpz_client_create_t *client_create; ++ librpz_connect_t *connect; ++ librpz_client_detach_t *client_detach; ++ librpz_rsp_create_t *rsp_create; ++ librpz_rsp_detach_t *rsp_detach; ++ librpz_rsp_result_t *rsp_result; ++ librpz_have_trig_t *have_trig; ++ librpz_have_ns_trig_t *have_ns_trig; ++ librpz_rsp_clientip_prefix_t *rsp_clientip_prefix; ++ librpz_rsp_domain_t *rsp_domain; ++ librpz_rsp_rr_t *rsp_rr; ++ librpz_rsp_soa_t *rsp_soa; ++ librpz_soa_serial_t *soa_serial; ++ librpz_rsp_push_t *rsp_push; ++ librpz_rsp_pop_t *rsp_pop; ++ librpz_rsp_pop_discard_t *rsp_pop_discard; ++ librpz_rsp_forget_zone_t *rsp_forget_zone; ++ librpz_ck_ip_t *ck_ip; ++ librpz_ck_domain_t *ck_domain; ++ librpz_zone_refresh_t *zone_refresh; ++ librpz_db_info_t *db_info; ++ librpz_itr_start_t *itr_start; ++ librpz_mf_stats_t *mf_stats; ++ librpz_vers_stats_t *vers_stats; ++ librpz_itr_zone_t *itr_zone; ++ librpz_itr_node_t *itr_node; ++ librpz_policy2str_t *policy2str; ++ librpz_trig2str_t *trig2str; ++ librpz_secs2str_t *secs2str; ++ librpz_str2secs_t *str2secs; ++ librpz_rtype2str_t *rtype2str; ++ librpz_domain_ntop_t *domain_ntop; ++ librpz_domain_pton2_t *domain_pton2; ++ librpz_mk_inet_su_t *mk_inet_su; ++ librpz_mk_inet6_su_t *mk_inet6_su; ++ librpz_str2su_t *str2su; ++ librpz_su2str_t *su2str; ++} librpz_0_t; ++extern librpz_0_t librpz_def_0; ++ ++/* ++ * Future versions can be upward compatible by defining LIBRPZ_DEF as ++ * librpz_X_t. ++ */ ++#define LIBRPZ_DEF librpz_def_0 ++#define LIBRPZ_DEF_STR "librpz_def_0" ++ ++typedef librpz_0_t librpz_t; ++extern librpz_t *librpz; ++ ++ ++#if LIBRPZ_LIB_OPEN == 2 ++#include <dlfcn.h> ++ ++/** ++ * link-load librpz ++ * @param[out] emsg: error message ++ * @param[in,out] dl_handle: NULL or pointer to new dlopen handle ++ * @param[in] path: librpz.so path ++ * @return address of interface structure or NULL on failure ++ */ ++static inline librpz_t * ++librpz_lib_open(librpz_emsg_t *emsg, void **dl_handle, const char *path) ++{ ++ void *handle; ++ librpz_t *new_librpz; ++ ++ emsg->c[0] = '\0'; ++ ++ /* ++ * Close a previously opened handle on librpz.so. ++ */ ++ if (dl_handle != NULL && *dl_handle != NULL) { ++ if (dlclose(*dl_handle) != 0) { ++ snprintf(emsg->c, sizeof(librpz_emsg_t), ++ "dlopen(NULL): %s", dlerror()); ++ return (NULL); ++ } ++ *dl_handle = NULL; ++ } ++ ++ /* ++ * First try the main executable of the process in case it was ++ * linked to librpz. ++ * Do not worry if we cannot search the main executable of the process. ++ */ ++ handle = dlopen(NULL, RTLD_NOW | RTLD_LOCAL); ++ if (handle != NULL) { ++ new_librpz = dlsym(handle, LIBRPZ_DEF_STR); ++ if (new_librpz != NULL) { ++ if (dl_handle != NULL) ++ *dl_handle = handle; ++ return (new_librpz); ++ } ++ if (dlclose(handle) != 0) { ++ snprintf(emsg->c, sizeof(librpz_emsg_t), ++ "dlsym(NULL, "LIBRPZ_DEF_STR"): %s", ++ dlerror()); ++ return (NULL); ++ } ++ } ++ ++ if (path == NULL || path[0] == '\0') { ++ snprintf(emsg->c, sizeof(librpz_emsg_t), ++ "librpz not linked and no dlopen() path provided"); ++ return (NULL); ++ } ++ ++ handle = dlopen(path, RTLD_NOW | RTLD_LOCAL); ++ if (handle == NULL) { ++ snprintf(emsg->c, sizeof(librpz_emsg_t), "dlopen(%s): %s", ++ path, dlerror()); ++ return (NULL); ++ } ++ new_librpz = dlsym(handle, LIBRPZ_DEF_STR); ++ if (new_librpz != NULL) { ++ if (dl_handle != NULL) ++ *dl_handle = handle; ++ return (new_librpz); ++ } ++ snprintf(emsg->c, sizeof(librpz_emsg_t), ++ "dlsym(%s, "LIBRPZ_DEF_STR"): %s", ++ path, dlerror()); ++ dlclose(handle); ++ return (NULL); ++} ++ ++#elif defined(LIBRPZ_LIB_OPEN) ++ ++/* ++ * Statically link to the librpz.so DSO on systems without dlopen() ++ */ ++static inline librpz_t * ++librpz_lib_open(librpz_emsg_t *emsg, void **dl_handle, const char *path) ++{ ++ (void)(path); ++ ++ if (dl_handle != NULL) ++ *dl_handle = NULL; ++ ++#if LIBRPZ_LIB_OPEN == 1 ++ emsg->c[0] = '\0'; ++ return (&LIBRPZ_DEF); ++#else ++ snprintf(emsg->c, sizeof(librpz_emsg_t), ++ "librpz not available via ./configure"); ++ return (NULL); ++#endif /* LIBRPZ_LIB_OPEN */ ++} ++#endif /* LIBRPZ_LIB_OPEN */ ++ ++#endif /* LIBRPZ_H */ +diff --git a/fastrpz/rpz.c b/fastrpz/rpz.c +new file mode 100644 +index 00000000..c5ab7801 +--- /dev/null ++++ b/fastrpz/rpz.c +@@ -0,0 +1,1352 @@ ++/* ++ * fastrpz/rpz.c - interface to the fastrpz response policy zone library ++ * ++ * Optimize no-rewrite cases for speed but optimize rewriting for ++ * simplicity and size. ++ */ ++ ++#include "config.h" ++ ++#ifdef ENABLE_FASTRPZ ++#include "daemon/daemon.h" ++#define LIBRPZ_LIB_OPEN FASTRPZ_LIB_OPEN ++#include "fastrpz/rpz.h" ++#include "daemon/worker.h" ++#include "iterator/iter_delegpt.h" ++#include "iterator/iter_utils.h" ++#include "iterator/iterator.h" ++#include "util/data/dname.h" ++#include "util/data/msgencode.h" ++#include "util/data/msgparse.h" ++#include "util/data/msgreply.h" ++#include "util/log.h" ++#include "util/netevent.h" ++#include "util/net_help.h" ++#include "util/regional.h" ++#include "util/storage/slabhash.h" ++#include "services/cache/dns.h" ++#include "services/cache/rrset.h" ++#include "services/mesh.h" ++#include "sldns/sbuffer.h" ++#include "sldns/rrdef.h" ++ ++ ++typedef enum state { ++ /* No more rewriting */ ++ st_off = 1, ++ /* Send SERVFAIL */ ++ st_servfail, ++ /* No dispositive hit yet */ ++ st_unknown, ++ /* Let the iterator resolve a CNAME or get a delegation point. */ ++ st_iterate, ++ /* Let the iterator resolve NS to check NSIP or NSDNAME triggers. */ ++ st_ck_ns, ++ /* We have an answer */ ++ st_rewritten, ++} st_t; ++ ++ ++/* RPZ state pointed to by struct comm_reply */ ++typedef struct commreply_rpz { ++ /* librpz state */ ++ librpz_rsp_t* rsp; ++ /* ID for log messages */ ++ int log_id; ++ ++ /* from configuration */ ++ int min_ns_dots; ++ ++ /* Running in the iterator */ ++ bool iterating; ++ ++ /* current and previous state and librpz result */ ++ st_t st; ++ st_t saved_st[LIBRPZ_RSP_STACK_DEPTH-1]; ++ librpz_result_t result; ++ ++ /* Stop adding CNAMEs to the prepend list before this owner name. */ ++ librpz_domain_buf_t cname_hit; ++ /* It is not the first CNAME */ ++ bool cname_hit_2nd; ++ librpz_result_id_t hit_id; ++} commreply_rpz_t; ++ ++ ++/* Generate an ID for log messages. */ ++static int log_id; ++ ++librpz_t *librpz; ++ ++ ++static void LIBRPZ_NORET ++rpz_assert(const char *s) ++{ ++ fatal_exit("%s", s); ++ exit(1); ++} ++#define RPZ_ASSERT(c) ((c) ? (void)0 : rpz_assert(#c), (void)0) ++ ++/* ++ * librpz client handle locking ++ */ ++static void ++lock_destroy(void* mutex) ++{ ++ lock_basic_destroy(mutex); ++ free(mutex); ++} ++ ++static void ++lock(void* mutex) ++{ ++ lock_basic_lock(mutex); ++} ++ ++static void ++unlock(void* mutex) ++{ ++ lock_basic_unlock(mutex); ++} ++ ++ ++static void ++log_fnc(librpz_log_level_t level, void* ATTR_UNUSED(ctx), const char* buf) ++{ ++ /* Setting librpz_log_level overrides the unbound "verbose" level. */ ++ if(level > LIBRPZ_LOG_TRACE1 && ++ level <= librpz->log_level_val(LIBRPZ_LOG_INVALID)) ++ level = LIBRPZ_LOG_TRACE1; ++ ++ switch(level) { ++ case LIBRPZ_LOG_FATAL: ++ case LIBRPZ_LOG_ERROR: /* errors */ ++ default: ++ log_err("rpz: %s", buf); ++ break; ++ ++ case LIBRPZ_LOG_TRACE1: /* big events such as dnsrpzd starts */ ++ verbose(VERB_OPS, "rpz: %s", buf); ++ break; ++ ++ case LIBRPZ_LOG_TRACE2: /* smaller dnsrpzd zone transfers */ ++ verbose(VERB_DETAIL, "rpz: %s", buf); ++ break; ++ ++ case LIBRPZ_LOG_TRACE3: /* librpz hits */ ++ verbose(VERB_QUERY, "rpz: %s", buf); ++ break; ++ ++ case LIBRPZ_LOG_TRACE4: /* librpz lookups */ ++ verbose(VERB_CLIENT, "rpz: %s", buf); ++ break; ++ } ++} ++ ++ ++/* Release the librpz version. */ ++static void ++rpz_off(commreply_rpz_t* rpz, st_t st) ++{ ++ if(!rpz) ++ return; ++ rpz->st = st; ++ librpz->rsp_detach(&rpz->rsp); ++} ++ ++ ++static void LIBRPZ_PF(2,3) ++log_fail(commreply_rpz_t* rpz, const char* p, ...) ++{ ++ va_list args; ++ ++ if(rpz->st == st_servfail) ++ return; ++ ++ va_start(args, p); ++ librpz->vlog(LIBRPZ_LOG_ERROR, rpz, p, args); ++ va_end(args); ++ if(!rpz) ++ return; ++ rpz_off(rpz, st_servfail); ++} ++ ++ ++/* Announce a rewrite. */ ++static void ++log_rewrite(uint8_t* qname, librpz_policy_t policy, const char* msg, ++ commreply_rpz_t* rpz) ++{ ++ char policy_buf[POLICY2STR_SIZE]; ++ char qname_nm[LDNS_MAX_DOMAINLEN+1]; ++ librpz_domain_buf_t tdomain; ++ char tdomain_nm[LDNS_MAX_DOMAINLEN+1]; ++ librpz_emsg_t emsg; ++ ++ if(rpz->st == st_servfail || !rpz->result.log) ++ return; ++ if(librpz->log_level_val(LIBRPZ_LOG_INVALID) < LIBRPZ_LOG_TRACE1) ++ return; ++ ++ dname_str(qname, qname_nm); ++ ++ if(!librpz->rsp_domain(&emsg, &tdomain, rpz->rsp)) { ++ librpz->log(LIBRPZ_LOG_ERROR, rpz, "%s", emsg.c); ++ return; ++ } ++ dname_str(tdomain.d, tdomain_nm); ++ ++ librpz->log(LIBRPZ_LOG_TRACE3, rpz, "%srewriting %s via %s %s to %s", ++ msg, qname_nm, tdomain_nm, ++ librpz->trig2str(rpz->result.trig), ++ librpz->policy2str(policy, policy_buf, ++ sizeof(policy_buf))); ++} ++ ++ ++/* Connect to and start dnsrpzd if necessary for the unbound daemon. ++ * Require "rpz-conf: path" to specify the rpz configuration file. ++ * The unbound server directory name is the default rpz working ++ * directory. If unbound uses chroot, then the dnsrpzd working ++ * directory must be in the chroot tree. ++ * The database and socket are closed and re-opened. ++ */ ++void ++rpz_init(librpz_clist_t** pclist, librpz_client_t** pclient, ++ const struct config_file* cfg) ++{ ++ lock_basic_type* mutex; ++ librpz_emsg_t emsg; ++ ++ if(!librpz) { ++ librpz = librpz_lib_open(&emsg, NULL, FASTRPZ_LIBRPZ_PATH); ++ if(!librpz) ++ fatal_exit("rpz: %s", emsg.c); ++ } ++ ++ librpz->set_log(&log_fnc, NULL); ++ ++ if(!cfg->rpz_cstr) ++ fatal_exit("rpz: rpz-zone: not set"); ++ ++ librpz->client_detach(pclient); ++ librpz->clist_detach(pclist); ++ ++ mutex = malloc(sizeof(*mutex)); ++ if(!mutex) ++ fatal_exit("rpz: no memory for lock"); ++ lock_basic_init(mutex); ++ ++ *pclist = librpz->clist_create(&emsg, &lock, &unlock, &lock_destroy, ++ mutex, NULL); ++ if(!pclist) ++ fatal_exit("rpz: %s", emsg.c); ++ ++ *pclient = librpz->client_create(&emsg, *pclist, cfg->rpz_cstr, false); ++ if(!*pclient) ++ fatal_exit("rpz: %s", emsg.c); ++ ++ if(!librpz->connect(&emsg, *pclient, true)) ++ fatal_exit("rpz: %s", emsg.c); ++ ++ verbose(VERB_OPS, "rpz: librpz version %s", librpz->version); ++} ++ ++ ++/* Stop using librpz on behalf of a worker thread. */ ++void ++rpz_delete(librpz_clist_t** pclist, librpz_client_t** pclient) ++{ ++ if(librpz) { ++ librpz->client_detach(pclient); ++ librpz->clist_detach(pclist); ++ } ++} ++ ++ ++/* Release the librpz resources held for a DNS client request. */ ++void ++rpz_end(struct comm_reply* commreply) ++{ ++ if(!commreply->rpz) ++ return; ++ rpz_off(commreply->rpz, commreply->rpz->st); ++ free(commreply->rpz); ++ commreply->rpz = NULL; ++} ++ ++ ++static bool ++push_st(commreply_rpz_t* rpz) ++{ ++ librpz_emsg_t emsg; ++ ++ if(rpz->st == st_off || rpz->st == st_servfail) { ++ librpz->log(LIBRPZ_LOG_ERROR, rpz, ++ "state %d in push_st()", rpz->st); ++ return false; ++ } ++ if(!librpz->rsp_push(&emsg, rpz->rsp)) ++ log_fail(rpz, "%s", emsg.c); ++ memmove(&rpz->saved_st[1], &rpz->saved_st[0], ++ sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); ++ rpz->saved_st[0] = rpz->st; ++ return rpz->st != st_servfail; ++} ++ ++ ++static bool ++pop_st(commreply_rpz_t* rpz) ++{ ++ librpz_emsg_t emsg; ++ ++ if(rpz->rsp && !librpz->rsp_pop(&emsg, &rpz->result, rpz->rsp)) ++ log_fail(rpz, "%s", emsg.c); ++ if(rpz->st != st_servfail) ++ rpz->st = rpz->saved_st[0]; ++ memmove(&rpz->saved_st[0], &rpz->saved_st[1], ++ sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); ++ return rpz->st != st_servfail; ++} ++ ++static bool ++pop_discard_st(commreply_rpz_t* rpz) ++{ ++ librpz_emsg_t emsg; ++ ++ if(rpz->rsp && !librpz->rsp_pop_discard(&emsg, rpz->rsp)) ++ log_fail(rpz, "%s", emsg.c); ++ memmove(&rpz->saved_st[0], &rpz->saved_st[1], ++ sizeof(rpz->saved_st) - sizeof(rpz->saved_st[0])); ++ return rpz->st != st_servfail; ++} ++ ++/* Check a rewrite attempt for errors and a disabled zone. */ ++static bool /* true=repeat the check */ ++ck_after(uint8_t* qname, bool recursed, librpz_trig_t trig, ++ commreply_rpz_t* rpz) ++{ ++ librpz_emsg_t emsg; ++ ++ if(rpz->st == st_servfail) ++ return false; ++ ++ if(!librpz->rsp_result(&emsg, &rpz->result, recursed, rpz->rsp)) { ++ log_fail(rpz, "%s", emsg.c); ++ return false; ++ } ++ ++ if(rpz->result.policy == LIBRPZ_POLICY_DISABLED) { ++ /* Log the hit on the disabled zone, do not try the zone again, ++ * and restore the state from before the check to forget the hit ++ * before trying again. */ ++ log_rewrite(qname, rpz->result.zpolicy, "disabled ", rpz); ++ if(!librpz->rsp_forget_zone(&emsg, rpz->result.cznum, rpz->rsp)) ++ log_fail(rpz, "%s", emsg.c); ++ return pop_st(rpz); ++ } ++ ++ /* Complain about and forget client-IP address hit that is not ++ * dispositive. Client-IP triggers have the highest priority ++ * within a policy zone, but can be overridden by any hit in a policy ++ * earlier in the client's (resolver's) list of zones, including ++ * policies that cannot be hit until after recursion. If we allowed ++ * client-IP triggers in secondary zones, then than two DNS requests ++ * that differ only in DNS client-IP addresses could properly ++ * have differing results. The Unbound iterator treats identical ++ * DNS requests the same regardless of DNS client-IP address. ++ * struct query_info would need to be modified to have an optional ++ * librpz_prefix_t containing the prefix of the client-IP address hit ++ * from librpz->rsp_clientip_prefix(). Adding to struct query_info ++ * would require finding and changing the many and obscure places ++ * including the Unbound tests to memset(0) the struct query_info ++ * that they create. */ ++ if(trig == LIBRPZ_TRIG_CLIENT_IP) { ++ if(rpz->result.cznum != 0) { ++ log_rewrite(qname, rpz->result.policy, ++ "ignore secondary ", rpz); ++ if(!pop_st(rpz)) ++ log_fail(rpz, "%s", emsg.c); ++ return (false); ++ } ++ } ++ ++ /* Forget the state from before the check and keep the new state ++ * if we do not have a hit on a disabled policy zone. */ ++ pop_discard_st(rpz); ++ return false; ++} ++ ++ ++/* Get the next RR from the policy record. */ ++static bool ++next_rr(librpz_rr_t** rrp, const uint8_t* qname, size_t qname_len, ++ commreply_rpz_t* rpz) ++{ ++ librpz_emsg_t emsg; ++ ++ if(!librpz->rsp_rr(&emsg, NULL, NULL, NULL, rrp, &rpz->result, ++ qname, qname_len, rpz->rsp)) { ++ log_fail(rpz, "%s", emsg.c); ++ *rrp = NULL; ++ return false; ++ } ++ return true; ++} ++ ++ ++static bool /* false=fatal error to be logged */ ++add_rr(struct sldns_buffer* pkt, const uint8_t* owner, size_t owner_len, ++ librpz_rr_t* rr, commreply_rpz_t* rpz) ++{ ++ size_t rdlength; ++ ++ rdlength = ntohs(rr->rdlength); ++ ++ if(!sldns_buffer_available(pkt, owner_len + 10 + rdlength)) { ++ log_fail(rpz, "comm_reply buffer exhausted"); ++ free(rr); ++ return false; ++ } ++ sldns_buffer_write(pkt, owner, owner_len); ++ /* sizeof(librpz_rr_t)=12 instead of 10 */ ++ sldns_buffer_write(pkt, rr, 10 + rdlength); ++ return true; ++} ++ ++ ++/* Convert a fake incoming DNS message to an Unbound struct dns_msg */ ++static void ++pkt2dns_msg(struct dns_msg** dnsmsg, struct sldns_buffer* pkt, ++ commreply_rpz_t* rpz, struct regional* region) ++{ ++ struct msg_parse* msgparse; ++ ++ msgparse = regional_alloc(region, sizeof(*msgparse)); ++ if(!msgparse) { ++ log_fail(rpz, "out of memory for msgparse"); ++ *dnsmsg = NULL; ++ return; ++ } ++ memset(msgparse, 0, sizeof(*msgparse)); ++ if(parse_packet(pkt, msgparse, region) != LDNS_RCODE_NOERROR) { ++ log_fail(rpz, "packet parse error"); ++ *dnsmsg = NULL; ++ return; ++ } ++ *dnsmsg = dns_alloc_msg(pkt, msgparse, region); ++ if(!*dnsmsg) { ++ log_fail(rpz, "dns_alloc_msg() failed"); ++ *dnsmsg = NULL; ++ return; ++ } ++ (*dnsmsg)->rep->security = sec_status_rpz_rewritten; ++} ++ ++ ++static bool /* false=SERVFAIL */ ++ck_ip_rrset(const void* vdata, int family, librpz_trig_t trig, ++ uint8_t* qname, commreply_rpz_t* rpz) ++{ ++ const struct packed_rrset_data* data; ++ uint rr_n; ++ size_t len; ++ librpz_emsg_t emsg; ++ ++ data = vdata; ++ ++ /* Loop to ignore disabled zones. */ ++ do { ++ if(!push_st(rpz)) ++ return false; ++ for(rr_n = 0; rr_n < data->count; ++rr_n) { ++ len = data->rr_len[rr_n]; ++ /* Skip bogus including negative placeholding rdata. */ ++ if((family == AF_INET && ++ len != sizeof(struct in_addr)+2) || ++ (family == AF_INET6 && ++ len != sizeof(struct in6_addr)+2)) ++ continue; ++ if(!librpz->ck_ip(&emsg, data->rr_data[rr_n]+2, ++ family, trig, rpz->hit_id, true, ++ rpz->rsp)) { ++ log_fail(rpz, "%s", emsg.c); ++ return false; ++ } ++ } ++ } while(ck_after(qname, true, trig, rpz)); ++ return rpz->st != st_servfail; ++} ++ ++ ++static bool /* false=SERVFAIL */ ++ck_dname(uint8_t* dname, size_t dname_size, librpz_trig_t trig, ++ uint8_t* qname, bool recursed, commreply_rpz_t* rpz) ++{ ++ librpz_emsg_t emsg; ++ ++ /* Refuse to check the root. */ ++ if(dname_is_root(dname)) ++ return rpz->st != st_servfail; ++ ++ /* Loop to ignore disabled zones. */ ++ do { ++ if(!push_st(rpz)) ++ return false; ++ if(!librpz->ck_domain(&emsg, dname, dname_size, trig, ++ rpz->hit_id, recursed, rpz->rsp)) { ++ log_fail(rpz, "%s", emsg.c); ++ return false; ++ } ++ } while(ck_after(qname, recursed, trig, rpz)); ++ ++ return rpz->st != st_servfail; ++} ++ ++ ++/* Check the IPv4 or IPv6 addresses for one NS name. */ ++static bool /* false=st_servfail */ ++ck_1nsip(uint8_t* nsname, size_t nsname_size, int family, int qtype, ++ bool* have_ns, commreply_rpz_t* rpz, struct module_env* env) ++{ ++ struct ub_packed_rrset_key* akey; ++ ++ akey = rrset_cache_lookup(env->rrset_cache, nsname, nsname_size, ++ qtype, LDNS_RR_CLASS_IN, 0, 0, 0); ++ if(akey) { ++ *have_ns = true; ++ ++ if(!ck_ip_rrset(akey->entry.data, family, LIBRPZ_TRIG_NSIP, ++ nsname, rpz)) { ++ lock_rw_unlock(&akey->entry.lock); ++ return false; ++ } ++ lock_rw_unlock(&akey->entry.lock); ++ } ++ return true; ++} ++ ++ ++static bool /* false=st_servfail */ ++ck_qname(uint8_t* qname, size_t qname_len, ++ bool recursed, /* recursion done */ ++ bool wait_ns, /* willing to iterate for NS data */ ++ commreply_rpz_t* rpz, struct module_env* env) ++{ ++ uint8_t* dname; ++ size_t dname_size; ++ int cur_lab; ++ struct ub_packed_rrset_key* nskey; ++ const struct packed_rrset_data* nsdata; ++ uint8_t* nsname; ++ size_t nsname_size; ++ uint rr_n; ++ bool have_ns, tried_ns; ++ ++ if(!ck_dname(qname, qname_len, LIBRPZ_TRIG_QNAME, qname, false, rpz)) ++ return false; ++ ++ /* Do not waste time looking for NSDNAME and NSIP hits when there ++ * are no currently relevant triggers. */ ++ if(!librpz->have_ns_trig(rpz->rsp)) ++ return true; ++ ++ have_ns = false; ++ tried_ns = false; ++ dname = qname; ++ dname_size = qname_len; ++ for(cur_lab = dname_count_labels(dname) - 2; ++ cur_lab > rpz->min_ns_dots; ++ --cur_lab) { ++ tried_ns = true; ++ dname_remove_label(&dname, &dname_size); ++ nskey = rrset_cache_lookup(env->rrset_cache, dname, dname_size, ++ LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN, ++ 0, 0, 0); ++ if(!nskey) ++ continue; ++ ++ nsdata = (const struct packed_rrset_data*)nskey->entry.data; ++ for(rr_n = 0; ++ rr_n < nsdata->count && rpz->st == st_unknown; ++ ++rr_n) { ++ nsname = nsdata->rr_data[rr_n]+2; ++ nsname_size = nsdata->rr_len[rr_n]; ++ if(nsname_size <= 2) ++ continue; ++ nsname_size -= 2; ++ if(!ck_dname(nsname, nsname_size, LIBRPZ_TRIG_NSDNAME, ++ qname, recursed, rpz)) ++ return false; ++ if(!ck_1nsip(nsname, nsname_size, AF_INET, ++ LDNS_RR_TYPE_A, &have_ns, rpz, env)) ++ return false; ++ if(!ck_1nsip(nsname, nsname_size, AF_INET6, ++ LDNS_RR_TYPE_AAAA, &have_ns, rpz, env)) ++ return false; ++ } ++ lock_rw_unlock(&nskey->entry.lock); ++ } ++ ++ /* If we failed to find NS records, then stop building the response ++ * before a CNAME with this owner name. */ ++ if(!have_ns && tried_ns && (!recursed || wait_ns)) { ++ rpz->cname_hit.size = qname_len; ++ RPZ_ASSERT(rpz->cname_hit.size <= sizeof(rpz->cname_hit.d)); ++ memcpy(rpz->cname_hit.d, qname, qname_len); ++ rpz->result.hit_id = rpz->hit_id; ++ rpz->st = st_ck_ns; ++ } ++ return true; ++} ++ ++ ++/* ++ * Are we ready to rewrite the response? ++ */ ++static bool /* true=send rewritten response */ ++ck_result(uint8_t* qname, bool recursed, ++ commreply_rpz_t* rpz, const struct comm_point* commpoint) ++{ ++ librpz_emsg_t emsg; ++ ++ switch(rpz->st) { ++ case st_off: ++ case st_servfail: ++ case st_rewritten: ++ return false; ++ case st_unknown: ++ break; ++ case st_iterate: ++ return false; ++ case st_ck_ns: ++ /* An NSDNAME or NSIP check failed for lack of cached data. */ ++ return false; ++ default: ++ fatal_exit("impossible RPZ state %d in rpz_worker_cache()", ++ rpz->st); ++ } ++ ++ /* Wait for a trigger. */ ++ if(rpz->result.policy == LIBRPZ_POLICY_UNDEFINED) { ++ if(recursed && ++ rpz->result.zpolicy != LIBRPZ_POLICY_UNDEFINED && ++ !librpz->rsp_result(&emsg, &rpz->result, true, rpz->rsp)) { ++ log_fail(rpz, "%s", emsg.c); ++ return false; ++ } ++ if(rpz->result.policy == LIBRPZ_POLICY_UNDEFINED) ++ return false; ++ } ++ ++ if(rpz->result.policy == LIBRPZ_POLICY_PASSTHRU) { ++ log_rewrite(qname, rpz->result.policy, "", rpz); ++ rpz_off(rpz, st_off); ++ return false; ++ } ++ ++ /* The TCP-only policy answers UDP requests with truncated responses. */ ++ if(rpz->result.policy == LIBRPZ_POLICY_TCP_ONLY && ++ commpoint->type == comm_tcp) { ++ rpz_off(rpz, st_off); ++ return false; ++ } ++ ++ return true; ++} ++ ++ ++/* ++ * Convert an RPZ hit to a struct dns_msg ++ */ ++static void ++get_result_msg(struct dns_msg** dnsmsg, struct query_info* qinfo, ++ uint16_t id, uint16_t flags, bool recursed, commreply_rpz_t* rpz, ++ struct comm_point* commpoint, struct regional* region) ++{ ++ librpz_rr_t* rr; ++ librpz_domain_buf_t origin; ++ struct sldns_buffer* pkt; ++ uint16_t num_rrs; ++ librpz_emsg_t emsg; ++ ++ *dnsmsg = NULL; ++ if(!ck_result(qinfo->qname, recursed, rpz, commpoint)) ++ return; ++ ++ rpz->st = st_rewritten; ++ ++ if(rpz->result.policy == LIBRPZ_POLICY_DROP) { ++ log_rewrite(qinfo->qname, rpz->result.policy, "", rpz); ++ /* Make a fake cached message to carry ++ * sec_status_rpz_drop and be dropped. */ ++ error_encode(commpoint->buffer, LDNS_RCODE_NOERROR, ++ qinfo, id, flags, NULL); ++ pkt2dns_msg(dnsmsg, commpoint->buffer, rpz, region); ++ (*dnsmsg)->rep->security = sec_status_rpz_drop; ++ return; ++ } ++ ++ /* Create a DNS message of the RPZ data. ++ * In many cases that message could be sent directly to the DNS client, ++ * but sometimes iteration must be used to resolve a CNAME. ++ * This need not be fast, because rewriting responses should be rare. ++ * Therefore, use the simpler but slower tactic of generating a ++ * parsed version of the message. */ ++ ++ flags &= ~BIT_AA; ++ flags |= BIT_QR | BIT_RA; ++ rr = NULL; ++ ++ /* The TCP-only policy answers UDP requests with truncated responses. */ ++ if(rpz->result.policy == LIBRPZ_POLICY_TCP_ONLY) { ++ flags |= BIT_TC; ++ ++ } else if(rpz->result.policy == LIBRPZ_POLICY_NXDOMAIN) { ++ flags |= LDNS_RCODE_NXDOMAIN; ++ ++ } else if(rpz->result.policy == LIBRPZ_POLICY_CNAME) { ++ if(!rpz->iterating && ++ qinfo->qtype != LDNS_RR_TYPE_CNAME) { ++ /* The new DNS message would be a CNAME and ++ * the external request was not for a CNAME. ++ * The worker must punt to the iterator so that ++ * the iterator can resolve the CNAME. */ ++ rpz->st = st_iterate; ++ return; ++ } ++ next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); ++ ++ } else if(rpz->result.policy == LIBRPZ_POLICY_RECORD || ++ rpz->result.policy == LIBRPZ_POLICY_NODATA) { ++ next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); ++ /* Punt to the iterator if the new DNS message would ++ * be a CNAME that must be resolved. */ ++ if(!rpz->iterating && ++ qinfo->qtype != LDNS_RR_TYPE_CNAME && ++ rr && rr->type == ntohs(LDNS_RR_TYPE_CNAME)) { ++ free(rr); ++ rpz->st = st_iterate; ++ return; ++ } ++ } ++ log_rewrite(qinfo->qname, rpz->result.policy, "", rpz); ++ ++ /* Make a buffer containing a DNS message with the RPZ data. */ ++ pkt = commpoint->buffer; ++ sldns_buffer_clear(pkt); ++ if(sldns_buffer_remaining(pkt) < LDNS_HEADER_SIZE) { ++ log_fail(rpz, "comm_reply buffer too small for header"); ++ if(rr) ++ free(rr); ++ return; ++ } ++ ++ /* Install ID, flags, QDCOUNT=1, ANCOUNT=# of RPZ RRs, NSCOUNT=0, ++ * and ARCOUNT=1 for the RPZ SOA. */ ++ sldns_buffer_write_u16(pkt, id); ++ sldns_buffer_write_u16(pkt, flags); ++ sldns_buffer_write_u16(pkt, 1); /* QDCOUNT */ ++ sldns_buffer_write_u16(pkt, 0); /* ANCOUNT will be set later */ ++ sldns_buffer_write_u16(pkt, 0); /* NSCOUNT */ ++ sldns_buffer_write_u16(pkt, 1); /* ARCOUNT */ ++ ++ /* Install the question with the LDNS_RR_CLASS_RPZ bit to ++ * to distinguish this supposed cache entry from the real deal. */ ++ sldns_buffer_write(pkt, qinfo->qname, qinfo->qname_len); ++ sldns_buffer_write_u16(pkt, qinfo->qtype); ++ sldns_buffer_write_u16(pkt, LDNS_RR_CLASS_IN); ++ ++ /* Install the RPZ RRs in the answer section */ ++ num_rrs = 0; ++ while(rr) { ++ /* Include only the requested RRs. */ ++ if(qinfo->qtype == LDNS_RR_TYPE_ANY || ++ rr->type == htons(qinfo->qtype) || ++ rr->type == htons(LDNS_RR_TYPE_CNAME)) { ++ if(!add_rr(pkt, qinfo->qname, qinfo->qname_len, ++ rr, rpz)) ++ return; ++ ++ ++num_rrs; ++ } ++ free(rr); ++ ++ next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); ++ } ++ /* Finish ANCOUNT. */ ++ if(num_rrs != 0) ++ sldns_buffer_write_u16_at(pkt, 6, num_rrs); ++ ++ /* All rewritten responses have an identifying SOA record in the ++ * additional section. */ ++ if(!librpz->rsp_soa(&emsg, NULL, &rr, &origin, ++ &rpz->result, rpz->rsp)) { ++ log_fail(rpz, "no soa"); ++ return; ++ } ++ if(!add_rr(pkt, origin.d, origin.size, rr, rpz)) ++ return; ++ free(rr); ++ ++ /* Create a dns_msg representation of the fake incoming message. */ ++ sldns_buffer_flip(pkt); ++ pkt2dns_msg(dnsmsg, pkt, rpz, region); ++} ++ ++ ++/* Check the RRs in the ANSWER section of a reply_info. */ ++static void ++ck_reply(struct reply_info* reply, uint8_t* qname, bool wait_ns, ++ commreply_rpz_t* rpz, struct module_env* env) ++{ ++ struct ub_packed_rrset_key* rrset; ++ enum sldns_enum_rr_type type; ++ uint rrset_n; ++ ++ /* Check the RRs in the ANSWER section. */ ++ rpz->cname_hit.size = 0; ++ rpz->cname_hit_2nd = false; ++ for(rrset_n = 0; rrset_n < reply->an_numrrsets; ++rrset_n) { ++ /* Check all of the RRs before deciding. */ ++ if(rpz->st != st_unknown) ++ return; ++ ++ rrset = reply->rrsets[rrset_n]; ++ if(ntohs(rrset->rk.rrset_class) != LDNS_RR_CLASS_IN) ++ continue; ++ type = ntohs(rrset->rk.type); ++ ++ if(type == LDNS_RR_TYPE_A) { ++ if(!ck_ip_rrset(rrset->entry.data, AF_INET, ++ LIBRPZ_TRIG_IP, qname, rpz)) ++ break; ++ ++ } else if(type == LDNS_RR_TYPE_AAAA) { ++ if(!ck_ip_rrset(rrset->entry.data, AF_INET6, ++ LIBRPZ_TRIG_IP, qname, rpz)) ++ break; ++ ++ } else if(type == LDNS_RR_TYPE_CNAME) { ++ /* Check CNAME owners unless we already have a hit. */ ++ ++rpz->hit_id; ++ if(!ck_qname(rrset->rk.dname, rrset->rk.dname_len, ++ true, wait_ns, rpz, env)) ++ break; ++ ++ /* Do not worry about the CNAME if it did not hit, ++ * but note the miss so that it can be prepended ++ * if we do hit. */ ++ if(rpz->result.hit_id != rpz->hit_id) { ++ rpz->cname_hit_2nd = true; ++ continue; ++ } ++ ++ /* Stop after hitting a CNAME. ++ * The iterator must be used to include CNAMEs before ++ * the CNAME that hit in the rewritten response. */ ++ rpz->cname_hit.size = rrset->rk.dname_len; ++ RPZ_ASSERT(rpz->cname_hit.size <= sizeof(rpz->cname_hit.d)); ++ memcpy(rpz->cname_hit.d, rrset->rk.dname, ++ rpz->cname_hit.size); ++ break; ++ } ++ } ++} ++ ++ ++static void ++worker_servfail(struct worker* worker, struct query_info* qinfo, ++ uint16_t id, uint16_t flags, struct comm_reply* commreply) ++{ ++ error_encode(commreply->c->buffer, LDNS_RCODE_SERVFAIL, ++ qinfo, id, flags, NULL); ++ regional_free_all(worker->scratchpad); ++ comm_point_send_reply(commreply); ++} ++ ++ ++/* Send an RPZ answer before the iterator has started. ++ * @return: 1=continue normal unbound processing ++ * 0=punt to the iterator ++ * -1=rewritten response already sent or dropped. */ ++static int ++worker_send(struct dns_msg* dnsmsg, struct worker* worker, ++ struct query_info* qinfo, uint16_t id, uint16_t flags, ++ struct edns_data* edns, struct comm_reply* commreply) ++{ ++ switch (commreply->rpz->st) { ++ case st_off: ++ return 1; ++ case st_servfail: ++ worker_servfail(worker, qinfo, id, flags, commreply); ++ return -1; ++ case st_unknown: ++ return 1; ++ case st_iterate: ++ case st_ck_ns: ++ return 0; /* punt to the iterator */ ++ case st_rewritten: ++ break; ++ default: ++ fatal_exit("impossible RPZ state %d in worker_send()", ++ commreply->rpz->st); ++ } ++ ++ if(dnsmsg->rep->security == sec_status_rpz_drop) { ++ regional_free_all(worker->scratchpad); ++ comm_point_drop_reply(commreply); ++ return -1; ++ } ++ ++ edns->edns_version = EDNS_ADVERTISED_VERSION; ++ edns->udp_size = EDNS_ADVERTISED_SIZE; ++ edns->ext_rcode = 0; ++ edns->bits = 0; /* rewritten response cannot verify. */ ++ if(!reply_info_answer_encode(qinfo, dnsmsg->rep, ++ id, flags | BIT_QR, ++ commreply->c->buffer, 0, 1, ++ worker->scratchpad, ++ edns->udp_size, edns, 0, 0)) { ++ worker_servfail(worker, qinfo, id, flags, commreply); ++ } else { ++ regional_free_all(worker->scratchpad); ++ comm_point_send_reply(commreply); ++ } ++ return -1; ++} ++ ++ ++/* Set commreply to an RPZ context if the response might be rewritten. ++ * Try to answer now with a hit allowed before recursion (iteration). */ ++bool /* true=response sent or dropped */ ++rpz_start(struct worker* worker, struct query_info* qinfo, ++ struct comm_reply* commreply, struct edns_data* edns) ++{ ++ commreply_rpz_t* rpz; ++ uint16_t id, flags; ++ struct dns_msg* dnsmsg; ++ int family; ++ const void* addr; ++ librpz_emsg_t emsg; ++ ++ /* Quit if rpz not configured. */ ++ if(!worker->daemon->rpz_client) ++ return false; ++ ++ /* Rewrite only the Internet class */ ++ if(qinfo->qclass != LDNS_RR_CLASS_IN) ++ return false; ++ ++ rpz = commreply->rpz; ++ RPZ_ASSERT(!rpz); ++ ++ dnsmsg = NULL; ++ id = htons(sldns_buffer_read_u16_at(commreply->c->buffer, 0)); ++ flags = sldns_buffer_read_u16_at(commreply->c->buffer, 2); ++ ++ rpz = malloc(sizeof(*rpz)); ++ if(!rpz) { ++ librpz->log(LIBRPZ_LOG_ERROR, NULL, "no memory for rpz"); ++ return 0 > worker_send(dnsmsg, worker, qinfo, ++ id, flags, edns, commreply); ++ } ++ memset(rpz, 0, sizeof(*rpz)); ++ rpz->st = st_unknown; ++ commreply->rpz = rpz; ++ ++ /* Make a new ID for log messages */ ++ rpz->log_id = __sync_add_and_fetch(&log_id, 1); ++ ++ /* Get access to the librpz data. */ ++ if(!librpz->rsp_create(&emsg, &rpz->rsp, &rpz->min_ns_dots, ++ worker->daemon->rpz_client, ++ (flags & BIT_RD) != 0, ++ (edns->bits & EDNS_DO) != 0)) { ++ log_fail(rpz, "%s", emsg.c); ++ return false; ++ } ++ /* Quit if benign reasons prevent rewriting. */ ++ if(!rpz->rsp) { ++ rpz->st = st_off; ++ librpz->log(LIBRPZ_LOG_TRACE1, rpz, "%s", emsg.c); ++ return false; ++ } ++ ++ /* Check the client IP address. ++ * Do not use commreply->srctype because it is often 0. */ ++ family = ((struct sockaddr*)&commreply->addr)->sa_family; ++ switch(family) { ++ case AF_INET: ++ addr = &((struct sockaddr_in*)&commreply->addr)->sin_addr; ++ break; ++ case AF_INET6: ++ addr = &((struct sockaddr_in6*)&commreply->addr)->sin6_addr; ++ break; ++ default: ++ /* Maybe the client is on a UNIX domain socket. */ ++ librpz->log(LIBRPZ_LOG_TRACE2, rpz, ++ "unknown client address family %d", family); ++ addr = NULL; ++ break; ++ } ++ /* Loop to ignore disabled zones. */ ++ while(addr) { ++ if(!push_st(rpz)) ++ break; ++ if(!librpz->ck_ip(&emsg, addr, family, LIBRPZ_TRIG_CLIENT_IP, ++ rpz->hit_id, true, rpz->rsp)) { ++ log_fail(rpz, "%s", emsg.c); ++ break; ++ } ++ if(!ck_after(qinfo->qname, false, LIBRPZ_TRIG_CLIENT_IP, rpz)) ++ break; ++ } ++ if(rpz->st == st_servfail) ++ return 0 > worker_send(dnsmsg, worker, qinfo, ++ id, flags, edns, commreply); ++ ++ /* Check the QNAME and possibly replace a client-IP hit. */ ++ ck_qname(qinfo->qname, qinfo->qname_len, false, true, ++ rpz, &worker->env); ++ ++ get_result_msg(&dnsmsg, qinfo, id, flags, false, ++ rpz, commreply->c, worker->scratchpad); ++ return 0 > worker_send(dnsmsg, worker, qinfo, ++ id, flags, edns, commreply); ++} ++ ++ ++/* Check a cached reply before iteration. ++ * @return: 1=use cache entry ++ * 0=deny a cached entry exists in order to punt to the iterator ++ * -1=rewritten response already sent or dropped */ ++int ++rpz_worker_cache(struct worker* worker, struct reply_info* reply, ++ struct query_info* qinfo, uint16_t id, uint16_t flags, ++ struct edns_data* edns, struct comm_reply* commreply) ++{ ++ commreply_rpz_t* rpz; ++ struct dns_msg* dnsmsg; ++ st_t new_st; ++ librpz_rr_t* rr; ++ ++ dnsmsg = NULL; ++ ++ rpz = commreply->rpz; ++ switch(rpz->st) { ++ case st_off: ++ return 1; /* Send the cache entry. */ ++ case st_servfail: ++ return worker_send(dnsmsg, worker, qinfo, id, flags, ++ edns, commreply); ++ case st_unknown: ++ break; ++ case st_iterate: ++ case st_ck_ns: ++ return 0; /* Punt to the iterator. */ ++ case st_rewritten: ++ default: ++ fatal_exit("impossible RPZ state %d in rpz_worker_cache()", ++ rpz->st); ++ } ++ ++ /* Check the RRs in the ANSWER section. */ ++ if(!push_st(rpz)) ++ return worker_send(dnsmsg, worker, qinfo, id, flags, edns, ++ commreply); ++ ++ ck_reply(reply, qinfo->qname, true, rpz, &worker->env); ++ if(!ck_result(qinfo->qname, true, rpz, commreply->c)) ++ return worker_send(dnsmsg, worker, qinfo, id, flags, edns, ++ commreply); ++ ++ if(rpz->cname_hit.size != 0) { ++ /* Punt to the iterator if leading CNAMEs must be ++ * included in the rewritten response. */ ++ rpz->cname_hit.size = 0; ++ new_st = st_iterate; ++ ++ } else if(rpz->result.policy == LIBRPZ_POLICY_CNAME) { ++ /* Punt if the rewritten response is to a CNAME. */ ++ new_st = st_iterate; ++ ++ } else { ++ if(rpz->result.policy == LIBRPZ_POLICY_RECORD) { ++ next_rr(&rr, qinfo->qname, qinfo->qname_len, rpz); ++ if(rr) { ++ /* Punt we are rewriting to a CNAME. */ ++ if(rr->type == ntohs(LDNS_RR_TYPE_CNAME)) { ++ free(rr); ++ rpz->st = st_iterate; ++ } else { ++ free(rr); ++ } ++ } ++ } ++ get_result_msg(&dnsmsg, qinfo, id, flags, true, ++ rpz, commreply->c, worker->scratchpad); ++ new_st = rpz->st; ++ } ++ ++ switch(new_st) { ++ case st_off: ++ case st_servfail: ++ break; ++ case st_unknown: ++ pop_discard_st(rpz); ++ break; ++ case st_iterate: ++ case st_ck_ns: ++ if(pop_st(rpz)) ++ rpz->st = new_st; ++ break; ++ case st_rewritten: ++ pop_discard_st(rpz); ++ break; ++ default: ++ fatal_exit("impossible RPZ state %d in rpz_worker_cache()", ++ rpz->st); ++ } ++ ++ return worker_send(dnsmsg, worker, qinfo, id, flags, edns, commreply); ++} ++ ++ ++/* Check a cache hit or miss for the iterator. ++ * A cache miss can already have a QNAME hit that was ignored before checking ++ * the iterator because of "QNAME-WAIT-RECURSE yes". ++ * Cache hits are treated like responses from authorities. */ ++bool /* false=SERVFAIL */ ++rpz_iter_cache(struct dns_msg** msg, enum response_type* type, ++ struct module_qstate* qstate, struct iter_qstate* iq) ++{ ++ struct comm_reply* commreply; ++ commreply_rpz_t* rpz; ++ struct dns_msg* dnsmsg; ++ ++ commreply = &qstate->mesh_info->reply_list->query_reply; ++ rpz = commreply->rpz; ++ ++ rpz->iterating = true; ++ ++ switch(rpz->st) { ++ case st_off: ++ iq->rpz_rewritten = 1; /* RPZ has nothing to say. */ ++ return true; ++ case st_servfail: ++ return false; ++ case st_unknown: ++ break; ++ case st_iterate: ++ case st_ck_ns: ++ rpz->st = st_unknown; ++ if(!ck_qname(iq->qchase.qname, iq->qchase.qname_len, ++ *msg != NULL, true, rpz, qstate->env)) ++ return false; ++ /* If we must recurse regardless and if NSIP/NSDNAME ++ * checking failed, then delay in the hope that ++ * recursion will also get NS data. */ ++ if(rpz->st == st_ck_ns) ++ return true; ++ break; ++ case st_rewritten: ++ default: ++ fatal_exit("impossible RPZ state %d in rpz_iter_cache()", ++ rpz->st); ++ } ++ ++ push_st(rpz); ++ ++ /* Check the cache hit. */ ++ if(*msg) ++ ck_reply((*msg)->rep, iq->qchase.qname, true, rpz, qstate->env); ++ ++ /* The DNS ID does not matter, because the generated dns_msg ++ * is nominally from an authority and not to the DNS client. */ ++ get_result_msg(&dnsmsg, &iq->qchase, 1, qstate->query_flags, true, ++ rpz, commreply->c, qstate->region); ++ ++ switch(rpz->st) { ++ case st_off: ++ iq->rpz_rewritten = 1; /* RPZ has nothing to say. */ ++ return true; ++ case st_servfail: ++ return false; ++ case st_unknown: ++ /* RPZ has nothing to say yet. Maybe there will be a hit ++ * later in the CNAME chain. */ ++ return pop_discard_st(rpz); ++ case st_ck_ns: ++ /* Try to get NS data for a CNAME found by ck_reply() */ ++ *type = RESPONSE_TYPE_CNAME; ++ return pop_discard_st(rpz); ++ case st_iterate: ++ default: ++ fatal_exit("impossible RPZ state %d in rpz_iter_cache()", ++ rpz->st); ++ case st_rewritten: ++ break; ++ } ++ ++ if(*msg && rpz->cname_hit.size != 0 && rpz->cname_hit_2nd) { ++ /* We hit a CNAME owner in the cached msg after not hitting one ++ * or more CNAME owners. We need to add those leading CNAMEs ++ * to the prepend list. Tell the iterator to treat the cached ++ * message as a RESPONSE_TYPE_CNAME even if it contains answers. ++ * handle_cname_response() will stop prepending CNAMEs before ++ * the triggering CNAME. handle_cname_response() will cause ++ * a restart to resolve the target of the preceding CNAME, ++ * which is the same as the hit CNAME owner. */ ++ rpz->st = st_unknown; ++ *type = RESPONSE_TYPE_CNAME; ++ return pop_discard_st(rpz); ++ } ++ ++ *msg = dnsmsg; ++ iq->rpz_security = dnsmsg->rep->security; ++ ++ if(dnsmsg && dnsmsg->rep->an_numrrsets != 0 && ++ dnsmsg->rep->rrsets[0]->rk.type == htons(LDNS_RR_TYPE_CNAME)) { ++ /* The cached msg triggered a rule that rewrites to a ++ * CNAME that must be resolved. ++ * We have a replacement dns_msg with that CNAME and also ++ * an SOA RR in the ADDITIONAL section that the iterator ++ * will lose as it adds the CNAME to the prepend list. ++ * Save the SOA RR in iq->rpz_soa. */ ++ iq->rpz_soa = dnsmsg->rep->rrsets[1]; ++ iq->rpz_rewritten = 1; ++ *type = RESPONSE_TYPE_CNAME; ++ return true; ++ } ++ ++ /* Otherwise we have rewritten to zero or more non-CNAME RRs. ++ * (DNAMEs are not supported.) ++ * Tell the iterator to send the rewritten message. */ ++ *type = RESPONSE_TYPE_ANSWER; ++ iq->rpz_rewritten = 1; ++ return true; ++} ++ ++ ++/* Check a RESPONSE_TYPE_ANSWER response from an authority in the iterator. */ ++rpz_iter_resp_t ++rpz_iter_resp(struct module_qstate* qstate, struct iter_qstate* iq, ++ struct dns_msg** resp, bool* is_cname) ++{ ++ struct comm_reply* commreply; ++ commreply_rpz_t* rpz; ++ struct reply_info* rep; ++ ++ *is_cname = false; ++ ++ commreply = &qstate->mesh_info->reply_list->query_reply; ++ rpz = commreply->rpz; ++ switch(rpz->st) { ++ case st_off: ++ case st_servfail: ++ case st_iterate: ++ case st_rewritten: ++ default: ++ fatal_exit("impossible RPZ state %d in rpz_iter_resp()", ++ rpz->st); ++ case st_ck_ns: ++ case st_unknown: ++ break; ++ } ++ ++ /* We know !iq->rpz_rewritten and so the response was after a simple ++ * cache miss when the original QNAME did not trigger a response ++ * or after a CNAME whose owner name did hit but was then forgotten ++ * with pop_st(). ++ * In either case, it is necessary to check the QNAME here. ++ * Checking the QNAME will not lose a better hit. */ ++ rpz->st = st_unknown; ++ ck_qname(iq->qchase.qname, iq->qchase.qname_len, true, false, ++ rpz, qstate->env); ++ ++ /* Check the RRs in the ANSWER section. */ ++ if(!push_st(rpz)) ++ return rpz_iter_resp_fail; ++ ck_reply(iq->response->rep, iq->qchase.qname, false, rpz, qstate->env); ++ get_result_msg(resp, &qstate->qinfo, 1, qstate->query_flags, true, ++ rpz, commreply->c, qstate->region); ++ switch(rpz->st) { ++ case st_off: ++ iq->rpz_rewritten = 1; /* Do not come back. */ ++ return rpz_iter_resp_done; ++ case st_servfail: /* Send SERVFAIL */ ++ return rpz_iter_resp_fail; ++ case st_unknown: ++ case st_ck_ns: ++ return rpz_iter_resp_done; /* continue without change */ ++ case st_iterate: ++ default: ++ fatal_exit("impossible RPZ state %d in rpz_iter_resp()", ++ rpz->st); ++ case st_rewritten: ++ /* Tell the iterator to use handle_cname_response() to ++ * prepend any preceding CNAMEs. ++ * We have a replacement dns_msg that also has an SOA RR in the ++ * ADDITIONAL section that the iterator will lose if it is a ++ * CNAME. Save that SOA in that case. */ ++ rep = (*resp)->rep; ++ if(rep->an_numrrsets != 0 && ++ rep->rrsets[0]->rk.type == ntohs(LDNS_RR_TYPE_CNAME)) { ++ *is_cname = true; ++ iq->rpz_soa = rep->rrsets[1]; ++ } ++ return rpz_iter_resp_rewrite; ++ } ++} ++ ++ ++/* Tell handle_cname_response() to stop adding to the answer prepend list ++ * after adding CNAME with a target that hits a QNAME trigger. ++ * Do not change any RPZ state, but expect the call of handle_cname_response() ++ * to try to resolve the CNAME and hit the same QNAME trigger and rewrite ++ * the response. */ ++rpz_cname_t ++rpz_cname(struct module_qstate* qstate, ++ uint8_t* oname, size_t oname_size) ++{ ++ struct mesh_reply* reply_list; ++ struct comm_reply* commreply; ++ commreply_rpz_t* rpz; ++ rpz_cname_t ret; ++ ++ /* Quit if RPZ is off */ ++ reply_list = qstate->mesh_info->reply_list; ++ if(!reply_list) ++ return rpz_cname_prepend; ++ commreply = &reply_list->query_reply; ++ rpz = commreply->rpz; ++ ++ if(!rpz || rpz->st == st_off) ++ return rpz_cname_prepend; ++ ++ /* Stop on a 2nd or later CNAME for rpz_iter_resp(). */ ++ if(rpz->cname_hit.size != 0) { ++ if(!query_dname_compare(rpz->cname_hit.d, oname)) ++ return rpz_cname_stop; ++ return rpz_cname_prepend; ++ } ++ ++ if(rpz->st != st_unknown) ++ fatal_exit("impossible RPZ state %d in rpz_cname()", rpz->st); ++ ++ ret = rpz_cname_prepend; ++ if(!push_st(rpz)) ++ return rpz_cname_fail; ++ /* Stop before prepending a CNAME that would preempt a ++ * rewritten response or before a possible NSDNAME or NSIP trigger. */ ++ ++rpz->hit_id; ++ ck_qname(oname, oname_size, true, true, rpz, qstate->env); ++ if(rpz->st != st_unknown) ++ ret = rpz_cname_stop; ++ if(!pop_st(rpz)) ++ return rpz_cname_fail; ++ return ret; ++} ++ ++#endif /* ENABLE_FASTRPZ */ +diff --git a/fastrpz/rpz.h b/fastrpz/rpz.h +new file mode 100644 +index 00000000..5d7e31c5 +--- /dev/null ++++ b/fastrpz/rpz.h +@@ -0,0 +1,138 @@ ++/* ++ * fastrpz/rpz.h - interface to the fastrpz response policy zone library ++ * ++ * Copyright (c) 2016 Farsight Security, Inc. ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#ifndef UNBOUND_FASTRPZ_RPZ_H ++#define UNBOUND_FASTRPZ_RPZ_H ++ ++#ifndef PACKAGE_VERSION ++/* Ensure that config.h has been included to correctly set ENABLE_FASTRPZ */ ++#include "config.h" ++#endif ++ ++#ifdef ENABLE_FASTRPZ ++ ++#include "librpz.h" ++ ++#include "daemon/daemon.h" ++#include "util/config_file.h" ++ ++struct comm_point; /* forward references */ ++struct comm_reply; ++struct dns_msg; ++struct edns_data; ++struct iter_qstate; ++struct query_info; ++struct reply_info; ++enum response_type; /* iterator/iter_utils.h */ ++ ++ ++struct commreply_rpz; ++ ++/** ++ * Connect to the librpz database. ++ * @param pclist: future pointer to opaque librpz client data ++ * @param pclient: future pointer to opaque librpz client data ++ * @param cfg: parsed unbound configuration ++ */ ++void rpz_init(librpz_clist_t** pclist, librpz_client_t** pclient, ++ const struct config_file* cfg); ++ ++/** ++ * Disconnect from the librpz database ++ * @param client: opaque librpz client data ++ */ ++void rpz_delete(librpz_clist_t** pclist, librpz_client_t** pclient); ++ ++/** ++ * Start working on a DNS request and check for client IP address triggers. ++ * @param worker: the DNS request context ++ * @param qinfo: the DNS question ++ * @param[in,out] commreply: the answer ++ * @param c: where to send the response ++ * @param[in,out] edns for the DO flag ++ * @return true if response already sent or dropped ++ */ ++bool rpz_start(struct worker* worker, struct query_info* qinfo, ++ struct comm_reply* commreply, struct edns_data* edns); ++ ++/** ++ * Release resources held for a DNS request ++ * @param rspp: pointer to pointer to rpz client context. ++ */ ++void rpz_end(struct comm_reply* comm_rep); ++ ++/** ++ * Check a cached reply for RPZ hits before iteration ++ * @param worker: the DNS request context ++ * @param casheresp: cache reply ++ * @param qinfo: the DNS question ++ * @param id from the DNS request ++ * @param flags from the DNS request ++ * @param[in,out] edns for the DO flag ++ * @param[in,out] commreply: RPZ state ++ * @return 1=use cache entry, -1=rewritten response already sent or dropped, ++ * 0=deny a cached entry exists ++ */ ++int rpz_worker_cache(struct worker* worker, struct reply_info* cacheresp, ++ struct query_info* qinfo, uint16_t id, uint16_t flags, ++ struct edns_data* edns, struct comm_reply* commreply); ++ ++/** ++ * Check for an existing RPZ CNAME rewrite with "QNAME-WAIT-RECURSE no" ++ * that needs to be resolved before resolving the external request. ++ * @param[out] msg: rewritten CNAME response. ++ * @param qstate: query state. ++ * @param iq: iterator query state. ++ * @return false=send SERVFAIL ++ */ ++bool rpz_iter_cache(struct dns_msg** msg, enum response_type* type, ++ struct module_qstate* qstate, struct iter_qstate* iq); ++ ++/** ++ * Check a response from an authority in the iterator. ++ * @param[out] type: of the final response ++ * @param qstate: query state. ++ * @param iq: iterator query state. ++ * @param is_cname: true if the rewritten response is a CNAME ++ * @return one of rpz_resp_t ++ */ ++typedef enum { ++ rpz_iter_resp_fail, /* Send SERVFAIL. */ ++ rpz_iter_resp_rewrite, /* We rewrote the response. */ ++ rpz_iter_resp_done, /* Restart to refetch glue. */ ++} rpz_iter_resp_t; ++rpz_iter_resp_t rpz_iter_resp(struct module_qstate* qstate, ++ struct iter_qstate* iq, struct dns_msg** resp, ++ bool* is_cname); ++ ++/** ++ * Check a CNAME RR ++ * @param qstate: query state. ++ * @param oname: cname owner name ++ * @param oname_size: length of oname ++ * @return: one of rpz_cname_t ++ */ ++typedef enum { ++ rpz_cname_fail, /* send SERVFAIL */ ++ rpz_cname_prepend, /* prepend CNAME as usual */ ++ rpz_cname_stop, /* stop before prepending this CNAME */ ++} rpz_cname_t; ++rpz_cname_t rpz_cname(struct module_qstate* qstate, ++ uint8_t* oname, size_t oname_size); ++ ++#endif /* ENABLE_FASTRPZ */ ++#endif /* UNBOUND_FASTRPZ_RPZ_H */ +diff --git a/fastrpz/rpz.m4 b/fastrpz/rpz.m4 +new file mode 100644 +index 00000000..21235355 +--- /dev/null ++++ b/fastrpz/rpz.m4 +@@ -0,0 +1,64 @@ ++# fastrpz/rpz.m4 ++ ++# ck_FASTRPZ ++# -------------------------------------------------------------------------- ++# check for Fastrpz ++# --enable-fastrpz enable Fastrpz response policy zones ++# --enable-fastrpz-dl Fastrpz delayed link [default=have dlopen] ++# --with-fastrpz-dir directory containing librpz.so ++# ++# Fastrpz can be compiled into Unbound everywhere with a reasonably ++# modern C compiler. It is enabled on systems with dlopen() and librpz.so. ++ ++AC_DEFUN([ck_FASTRPZ], ++[ ++ fastrpz_avail=yes ++ AC_MSG_CHECKING([for librpz __attribute__s]) ++ AC_TRY_COMPILE(,[ ++ extern void f(char *p __attribute__((unused)), ...) ++ __attribute__((format(printf,1,2))) __attribute__((__noreturn__));], ++ librpz_have_attr=yes ++ AC_DEFINE([LIBRPZ_HAVE_ATTR], 1, [have __attribute__s used in librpz.h]) ++ AC_MSG_RESULT([yes]), ++ librpz_have_attr=no ++ AC_MSG_RESULT([no])) ++ ++ AC_SEARCH_LIBS(dlopen, dl) ++ librpz_dl=yes ++ AC_CHECK_FUNCS(dlopen dlclose dlsym,,librpz_dl=no) ++ AC_ARG_ENABLE([fastrpz-dl], ++ [ --enable-fastrpz-dl Fastrpz delayed link [[default=$librpz_dl]]], ++ [enable_librpz_dl="$enableval"], ++ [enable_librpz_dl="$librpz_dl"]) ++ AC_ARG_WITH([fastrpz-dir], ++ [ --with-fastrpz-dir directory containing librpz.so], ++ [librpz_path="$withval/librpz.so"], [librpz_path="librpz.so"]) ++ AC_DEFINE_UNQUOTED([FASTRPZ_LIBRPZ_PATH], ["$librpz_path"], ++ [fastrpz librpz.so]) ++ if test "x$enable_librpz_dl" = "xyes"; then ++ fastrpz_lib_open=2 ++ else ++ fastrpz_lib_open=1 ++ # Add librpz.so to linked libraries if we are not using dlopen() ++ AC_SEARCH_LIBS([librpz_client_create], [rpz], [], ++ [fastrpz_lib_open=0 ++ fastrpz_avail=no]) ++ fi ++ AC_DEFINE_UNQUOTED([FASTRPZ_LIB_OPEN], [$fastrpz_lib_open], ++ [0=no fastrpz 1=static link 2=dlopen()]) ++ ++ AC_ARG_ENABLE([fastrpz], ++ AS_HELP_STRING([--enable-fastrpz],[enable Fastrpz response policy zones]), ++ [enable_fastrpz=$enableval],[enable_fastrpz=$fastrpz_avail]) ++ if test "x$enable_fastrpz" = xyes; then ++ AC_DEFINE([ENABLE_FASTRPZ], [1], [Enable fastrpz]) ++ if test "x$fastrpz_lib_open" = "x0"; then ++ AC_MSG_ERROR([[dlopen and librpz.so needed for fastrpz]]) ++ fi ++ # used in Makefile.in ++ AC_SUBST([FASTRPZ_SRC], [fastrpz/rpz.c]) ++ AC_SUBST([FASTRPZ_OBJ], [rpz.lo]) ++ elif test "x$fastrpz_avail" = "x0"; then ++ AC_MSG_WARN([[dlopen and librpz.so needed for fastrpz]]) ++ fi ++]) +diff --git a/iterator/iterator.c b/iterator/iterator.c +index 1e0113a8..2fcbf547 100644 +--- a/iterator/iterator.c ++++ b/iterator/iterator.c +@@ -68,6 +68,9 @@ + #include "sldns/str2wire.h" + #include "sldns/parseutil.h" + #include "sldns/sbuffer.h" ++#ifdef ENABLE_FASTRPZ ++#include "fastrpz/rpz.h" ++#endif + + /* in msec */ + int UNKNOWN_SERVER_NICENESS = 376; +@@ -555,6 +558,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, + if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && + query_dname_compare(*mname, r->rk.dname) == 0 && + !iter_find_rrset_in_prepend_answer(iq, r)) { ++#ifdef ENABLE_FASTRPZ ++ /* Stop adding CNAME rrsets to the prepend list ++ * before defining an RPZ hit. */ ++ if(!iq->rpz_rewritten) { ++ switch (rpz_cname(qstate, *mname, *mname_len)) { ++ case rpz_cname_fail: ++ /* send SERVFAIL */ ++ return 0; ++ case rpz_cname_prepend: ++ /* save the CNAME. */ ++ break; ++ case rpz_cname_stop: ++ /* Pause before adding the CNAME. */ ++ goto stop_short; ++ } ++ } ++#endif + /* Add this relevant CNAME rrset to the prepend list.*/ + if(!iter_add_prepend_answer(qstate, iq, r)) + return 0; +@@ -563,6 +583,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, + + /* Other rrsets in the section are ignored. */ + } ++#ifdef ENABLE_FASTRPZ ++stop_short: ; ++#endif + /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ + for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets + + msg->rep->ns_numrrsets; i++) { +@@ -1199,6 +1222,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, + uint8_t* delname; + size_t delnamelen; + struct dns_msg* msg = NULL; ++ enum response_type type; + + log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); + /* check effort */ +@@ -1285,8 +1309,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, + } + if(msg) { + /* handle positive cache response */ +- enum response_type type = response_type_from_cache(msg, +- &iq->qchase); ++ type = response_type_from_cache(msg, &iq->qchase); + if(verbosity >= VERB_ALGO) { + log_dns_msg("msg from cache lookup", &msg->qinfo, + msg->rep); +@@ -1294,7 +1317,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, + (int)msg->rep->ttl, + (int)msg->rep->prefetch_ttl); + } ++#ifdef ENABLE_FASTRPZ ++ } ++ /* Check for an RPZ hit in the cached DNS message or an existing ++ * RPZ CNAME rewrite that can be resolved now after a hit on the QNAME ++ * or client IP address. This can involve a creating a fake cache ++ * hit. It can also involve overriding an RESPONSE_TYPE_ANSWER ++ * result from response_type_from_cache(). Or it can ignore ++ * the cached result to refetch glue. */ ++ if(!iq->rpz_rewritten && ++ qstate->mesh_info->reply_list && ++ qstate->mesh_info->reply_list->query_reply.rpz && ++ !rpz_iter_cache(&msg, &type, qstate, iq)) ++ return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + ++ if(msg) { ++#endif + if(type == RESPONSE_TYPE_CNAME) { + uint8_t* sname = 0; + size_t slen = 0; +@@ -2718,6 +2756,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, + sock_list_insert(&qstate->reply_origin, + &qstate->reply->addr, qstate->reply->addrlen, + qstate->region); ++#ifdef ENABLE_FASTRPZ ++ /* Check the response for an RPZ hit. The response has already ++ * been saved in the cache. This should have the same effect ++ * as finding that response in the cache. ++ * We have already used rpz_iter_cache() at least once. */ ++ if(!iq->rpz_rewritten && ++ qstate->mesh_info->reply_list && ++ qstate->mesh_info->reply_list->query_reply.rpz) { ++ struct dns_msg* resp; ++ bool is_cname; ++ uint8_t* sname; ++ size_t slen; ++ ++ switch (rpz_iter_resp(qstate, iq, &resp, &is_cname)) { ++ case rpz_iter_resp_fail: ++ return error_response(qstate, id, ++ LDNS_RCODE_SERVFAIL); ++ case rpz_iter_resp_rewrite: ++ /* Prepend any initial CNAMEs from the original ++ * response up to a hit. */ ++ if(!handle_cname_response(qstate, iq, ++ iq->response, ++ &sname, &slen)) ++ return error_response(qstate, id, ++ LDNS_RCODE_SERVFAIL); ++ if (resp) { ++ iq->response = resp; ++ iq->rpz_security = resp->rep->security; ++ iq->rpz_rewritten = 1; ++ ++ /* Send the rewritten record if it ++ * is not a CNAME. */ ++ if(!is_cname) ++ break; ++ ++ /* Prepend the new CNAME ++ * and restart to resolve it. */ ++ if(!handle_cname_response(qstate, iq, ++ resp, &sname, &slen)) ++ return error_response(qstate, id, ++ LDNS_RCODE_SERVFAIL); ++ } ++ iq->qchase.qname = sname; ++ iq->qchase.qname_len = slen; ++ iq->dp = NULL; ++ iq->refetch_glue = 0; ++ iq->query_restart_count++; ++ iq->sent_count = 0; ++ iq->state = INIT_REQUEST_STATE; ++ return 1; ++ ++ case rpz_iter_resp_done: ++ break; ++ } ++ } ++#endif + if(iq->minimisation_state != DONOT_MINIMISE_STATE + && !(iq->chase_flags & BIT_RD)) { + if(FLAGS_GET_RCODE(iq->response->rep->flags) != +@@ -3471,12 +3565,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, + * but only if we did recursion. The nonrecursion referral + * from cache does not need to be stored in the msg cache. */ + if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { ++#ifdef ENABLE_FASTRPZ ++ /* Do not save RPZ rewritten messages. */ ++ if(!iq->rpz_rewritten) ++#endif + iter_dns_store(qstate->env, &qstate->qinfo, + iq->response->rep, 0, qstate->prefetch_leeway, + iq->dp&&iq->dp->has_parent_side_NS, + qstate->region, qstate->query_flags); + } + } ++#ifdef ENABLE_FASTRPZ ++ if(iq->rpz_rewritten) { ++ /* Restore RPZ marks on a rewritten response. The marks ++ * are lost if the rewrite is to a CNAME. */ ++ iq->response->rep->security = iq->rpz_security; ++ ++ /* Append the RPZ SOA to rewritten CNAME chains. */ ++ if(iq->rpz_soa) { ++ struct ub_packed_rrset_key** sets; ++ uint n; ++ ++ n = iq->response->rep->rrset_count; ++ sets = regional_alloc(qstate->region, ++ (1+n) * sizeof(*sets)); ++ if(!sets) { ++ log_err("append RPZ SOA: out of memory"); ++ return error_response(qstate, id, ++ LDNS_RCODE_SERVFAIL); ++ } ++ memcpy(sets, iq->response->rep->rrsets, ++ n * sizeof(struct ub_packed_rrset_key*)); ++ sets[n] = iq->rpz_soa; ++ iq->response->rep->rrsets = sets; ++ ++iq->response->rep->rrset_count; ++ ++iq->response->rep->ar_numrrsets; ++ } ++ } ++#endif + qstate->return_rcode = LDNS_RCODE_NOERROR; + qstate->return_msg = iq->response; + return 0; +diff --git a/iterator/iterator.h b/iterator/iterator.h +index a2f1b570..e1e4a738 100644 +--- a/iterator/iterator.h ++++ b/iterator/iterator.h +@@ -386,6 +386,16 @@ struct iter_qstate { + */ + int minimise_count; + ++ ++#ifdef ENABLE_FASTRPZ ++ /** The response has been rewritten by RPZ. */ ++ int rpz_rewritten; ++ /** RPZ SOA RR for the ADDITIONAL section */ ++ struct ub_packed_rrset_key* rpz_soa; ++ /** sec_status_rpz_rewritten or sec_status_rpz_drop if rewritten. */ ++ enum sec_status rpz_security; ++#endif ++ + /** + * Count number of time-outs. Used to prevent resolving failures when + * the QNAME minimisation QTYPE is blocked. */ +diff --git a/services/cache/dns.c b/services/cache/dns.c +index aa4efec7..5dd3412e 100644 +--- a/services/cache/dns.c ++++ b/services/cache/dns.c +@@ -945,6 +945,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, + struct regional* region, uint32_t flags) + { + struct reply_info* rep = NULL; ++ ++#ifdef ENABLE_FASTRPZ ++ /* Never save RPZ rewritten data. */ ++ if (msgrep->security == sec_status_rpz_drop || ++ msgrep->security == sec_status_rpz_rewritten) ++ return 1; ++#endif ++ + /* alloc, malloc properly (not in region, like msg is) */ + rep = reply_info_copy(msgrep, env->alloc, NULL); + if(!rep) +diff --git a/services/mesh.c b/services/mesh.c +index d4f814d5..624a9d95 100644 +--- a/services/mesh.c ++++ b/services/mesh.c +@@ -60,6 +60,9 @@ + #include "sldns/wire2str.h" + #include "services/localzone.h" + #include "util/data/dname.h" ++#ifdef ENABLE_FASTRPZ ++#include "fastrpz/rpz.h" ++#endif + #include "respip/respip.h" + #include "services/listen_dnsport.h" + +@@ -1076,6 +1079,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, + else secure = 0; + if(!rep && rcode == LDNS_RCODE_NOERROR) + rcode = LDNS_RCODE_SERVFAIL; ++#ifdef ENABLE_FASTRPZ ++ /* Drop the response here for LIBRPZ_POLICY_DROP after iteration. */ ++ if(rep && rep->security == sec_status_rpz_drop) { ++ log_query_info(VERB_QUERY, "rpz drop", &m->s.qinfo); ++ secure = 0; ++ } else ++#endif + /* send the reply */ + /* We don't reuse the encoded answer if either the previous or current + * response has a local alias. We could compare the alias records +@@ -1255,6 +1265,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, + key.s.is_valrec = valrec; + key.s.qinfo = *qinfo; + key.s.query_flags = qflags; ++ key.reply_list = NULL; + /* We are searching for a similar mesh state when we DO want to + * aggregate the state. Thus unique is set to NULL. (default when we + * desire aggregation).*/ +@@ -1301,6 +1312,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, + if(!r) + return 0; + r->query_reply = *rep; ++#ifdef ENABLE_FASTRPZ ++ /* The new reply structure owns the RPZ state. */ ++ rep->rpz = NULL; ++#endif + r->edns = *edns; + if(edns->opt_list) { + r->edns.opt_list = edns_opt_copy_region(edns->opt_list, +diff --git a/util/config_file.c b/util/config_file.c +index 119b2223..ce43a234 100644 +--- a/util/config_file.c ++++ b/util/config_file.c +@@ -1434,6 +1434,8 @@ config_delete(struct config_file* cfg) + free(cfg->dnstap_socket_path); + free(cfg->dnstap_identity); + free(cfg->dnstap_version); ++ if (cfg->rpz_cstr) ++ free(cfg->rpz_cstr); + config_deldblstrlist(cfg->ratelimit_for_domain); + config_deldblstrlist(cfg->ratelimit_below_domain); + config_delstrlist(cfg->python_script); +diff --git a/util/config_file.h b/util/config_file.h +index b3ef930a..56173b80 100644 +--- a/util/config_file.h ++++ b/util/config_file.h +@@ -494,6 +494,11 @@ struct config_file { + /** true to disable DNSSEC lameness check in iterator */ + int disable_dnssec_lame_check; + ++ /** true to enable RPZ */ ++ int rpz_enable; ++ /** RPZ configuration */ ++ char* rpz_cstr; ++ + /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ + int ip_ratelimit; + /** number of slabs for ip_ratelimit cache */ +diff --git a/util/configlexer.lex b/util/configlexer.lex +index a86ddf55..b56bcfb4 100644 +--- a/util/configlexer.lex ++++ b/util/configlexer.lex +@@ -438,6 +438,10 @@ dnstap-log-forwarder-query-messages{COLON} { + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } + dnstap-log-forwarder-response-messages{COLON} { + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } ++rpz{COLON} { YDVAR(0, VAR_RPZ) } ++rpz-enable{COLON} { YDVAR(1, VAR_RPZ_ENABLE) } ++rpz-zone{COLON} { YDVAR(1, VAR_RPZ_ZONE) } ++rpz-option{COLON} { YDVAR(1, VAR_RPZ_OPTION) } + disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } + ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } + ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } +diff --git a/util/configparser.y b/util/configparser.y +index 10227a2f..cdbcf7cd 100644 +--- a/util/configparser.y ++++ b/util/configparser.y +@@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser; + %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES + %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES + %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES ++%token VAR_RPZ VAR_RPZ_ENABLE VAR_RPZ_ZONE VAR_RPZ_OPTION + %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA + %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT + %token VAR_DISABLE_DNSSEC_LAME_CHECK +@@ -171,7 +172,7 @@ extern struct config_parser_state* cfg_parser; + + %% + toplevelvars: /* empty */ | toplevelvars toplevelvar ; +-toplevelvar: serverstart contents_server | stubstart contents_stub | ++toplevelvar: serverstart contents_server | stubstart contents_stub | rpzstart contents_rpz | + forwardstart contents_forward | pythonstart contents_py | + rcstart contents_rc | dtstart contents_dt | viewstart contents_view | + dnscstart contents_dnsc | cachedbstart contents_cachedb | +@@ -2726,6 +2727,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES + free($2); + } + ; ++rpzstart: VAR_RPZ ++ { ++ OUTYY(("\nP(rpz:)\n")); ++ } ++ ; ++contents_rpz: contents_rpz content_rpz ++ | ; ++content_rpz: rpz_enable | rpz_zone | rpz_option ++ ; ++rpz_enable: VAR_RPZ_ENABLE STRING_ARG ++ { ++ OUTYY(("P(rpz_enable:%s)\n", $2)); ++ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) ++ yyerror("expected yes or no."); ++ else cfg_parser->cfg->rpz_enable = (strcmp($2, "yes")==0); ++ free($2); ++ } ++ ; ++rpz_zone: VAR_RPZ_ZONE STRING_ARG ++ { ++ char *new_cstr, *old_cstr; ++ ++ OUTYY(("P(rpz_zone:%s)\n", $2)); ++ old_cstr = cfg_parser->cfg->rpz_cstr; ++ if(asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2) == -1) {new_cstr = NULL; yyerror("out of memory");} ++ else if(!new_cstr) ++ yyerror("out of memory"); ++ free(old_cstr); ++ cfg_parser->cfg->rpz_cstr = new_cstr; ++ } ++ ; ++rpz_option: VAR_RPZ_OPTION STRING_ARG ++ { ++ char *new_cstr, *old_cstr; ++ ++ OUTYY(("P(rpz_option:%s)\n", $2)); ++ old_cstr = cfg_parser->cfg->rpz_cstr; ++ if(asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2) == -1) {new_cstr = NULL; yyerror("out of memory");} ++ else if(!new_cstr) ++ yyerror("out of memory"); ++ free(old_cstr); ++ cfg_parser->cfg->rpz_cstr = new_cstr; ++ } ++ ; + pythonstart: VAR_PYTHON + { + OUTYY(("\nP(python:)\n")); +diff --git a/util/data/msgencode.c b/util/data/msgencode.c +index a51a4b9b..475dfce9 100644 +--- a/util/data/msgencode.c ++++ b/util/data/msgencode.c +@@ -590,6 +590,35 @@ insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, + return RETVAL_OK; + } + ++#ifdef ENABLE_FASTRPZ ++/* Insert the RPZ SOA even with MINIMAL_RESPONSES */ ++static int ++insert_rpz_soa(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs, ++ sldns_buffer* pkt, size_t rrsets_before, time_t timenow, ++ struct regional* region, struct compress_tree_node** tree, ++ size_t rr_offset) ++{ ++ int r; ++ size_t i, setstart; ++ ++ *num_rrs = 0; ++ for(i=0; i<num_rrsets; i++) { ++ if (rep->rrsets[rrsets_before+i]->rk.type != LDNS_RR_TYPE_SOA) ++ continue; ++ setstart = sldns_buffer_position(pkt); ++ if((r=packed_rrset_encode(rep->rrsets[rrsets_before+i], ++ pkt, num_rrs, timenow, region, ++ 1, 0, tree, LDNS_SECTION_ADDITIONAL, ++ LDNS_RR_TYPE_ANY, 0, rr_offset)) ++ != RETVAL_OK) { ++ sldns_buffer_set_position(pkt, setstart); ++ return r; ++ } ++ } ++ return RETVAL_OK; ++} ++ ++#endif + /** store query section in wireformat buffer, return RETVAL */ + static int + insert_query(struct query_info* qinfo, struct compress_tree_node** tree, +@@ -777,6 +806,19 @@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, + } + sldns_buffer_write_u16_at(buffer, 10, arcount); + } ++#ifdef ENABLE_FASTRPZ ++ } else if(rep->security == sec_status_rpz_rewritten) { ++ /* Insert the RPZ SOA for rpz even with MINIMAL_RESPONSES */ ++ r = insert_rpz_soa(rep, rep->ar_numrrsets, &arcount, buffer, ++ rep->an_numrrsets + rep->ns_numrrsets, ++ timenow, region, &tree, rr_offset); ++ if(r!= RETVAL_OK) { ++ if(r != RETVAL_TRUNC) ++ return 0; ++ /* no need to set TC bit, this is the additional */ ++ sldns_buffer_write_u16_at(buffer, 10, arcount); ++ } ++#endif + } + sldns_buffer_flip(buffer); + return 1; +diff --git a/util/data/packed_rrset.c b/util/data/packed_rrset.c +index 7b9d5494..e44b2ce5 100644 +--- a/util/data/packed_rrset.c ++++ b/util/data/packed_rrset.c +@@ -255,6 +255,10 @@ sec_status_to_string(enum sec_status s) + case sec_status_insecure: return "sec_status_insecure"; + case sec_status_secure_sentinel_fail: return "sec_status_secure_sentinel_fail"; + case sec_status_secure: return "sec_status_secure"; ++#ifdef ENABLE_FASTRPZ ++ case sec_status_rpz_rewritten: return "sec_status_rpz_rewritten"; ++ case sec_status_rpz_drop: return "sec_status_rpz_drop"; ++#endif + } + return "unknown_sec_status_value"; + } +diff --git a/util/data/packed_rrset.h b/util/data/packed_rrset.h +index 3a5335dd..20113217 100644 +--- a/util/data/packed_rrset.h ++++ b/util/data/packed_rrset.h +@@ -193,7 +193,15 @@ enum sec_status { + sec_status_secure_sentinel_fail, + /** SECURE means that the object (RRset or message) validated + * according to local policy. */ +- sec_status_secure ++ sec_status_secure, ++#ifdef ENABLE_FASTRPZ ++ /** RPZ_REWRITTEN means that the response has been rewritten by ++ * rpz and so cannot be verified. */ ++ sec_status_rpz_rewritten, ++ /** RPZ_DROP means that the response has been rewritten by rpz ++ * as silence. */ ++ sec_status_rpz_drop ++#endif + }; + + /** +diff --git a/util/netevent.c b/util/netevent.c +index 980bb8be..d537d288 100644 +--- a/util/netevent.c ++++ b/util/netevent.c +@@ -57,6 +57,9 @@ + #ifdef HAVE_OPENSSL_ERR_H + #include <openssl/err.h> + #endif ++#ifdef ENABLE_FASTRPZ ++#include "fastrpz/rpz.h" ++#endif + + /* -------- Start of local definitions -------- */ + /** if CMSG_ALIGN is not defined on this platform, a workaround */ +@@ -590,6 +593,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) + struct cmsghdr* cmsg; + #endif /* S_SPLINT_S */ + ++#ifdef ENABLE_FASTRPZ ++ rep.rpz = NULL; ++#endif + rep.c = (struct comm_point*)arg; + log_assert(rep.c->type == comm_udp); + +@@ -679,6 +685,9 @@ comm_point_udp_callback(int fd, short event, void* arg) + int i; + struct sldns_buffer *buffer; + ++#ifdef ENABLE_FASTRPZ ++ rep.rpz = NULL; ++#endif + rep.c = (struct comm_point*)arg; + log_assert(rep.c->type == comm_udp); + +@@ -722,6 +731,9 @@ comm_point_udp_callback(int fd, short event, void* arg) + (void)comm_point_send_udp_msg(rep.c, buffer, + (struct sockaddr*)&rep.addr, rep.addrlen); + } ++#ifdef ENABLE_FASTRPZ ++ rpz_end(&rep); ++#endif + if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for + another UDP port. Note rep.c cannot be reused with TCP fd. */ + break; +@@ -3184,6 +3196,9 @@ comm_point_send_reply(struct comm_reply *repinfo) + repinfo->c->tcp_timeout_msec); + } + } ++#ifdef ENABLE_FASTRPZ ++ rpz_end(repinfo); ++#endif + } + + void +@@ -3193,6 +3208,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) + return; + log_assert(repinfo->c); + log_assert(repinfo->c->type != comm_tcp_accept); ++#ifdef ENABLE_FASTRPZ ++ rpz_end(repinfo); ++#endif + if(repinfo->c->type == comm_udp) + return; + if(repinfo->c->tcp_req_info) +@@ -3214,6 +3232,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) + { + verbose(VERB_ALGO, "comm point start listening %d (%d msec)", + c->fd==-1?newfd:c->fd, msec); ++#ifdef ENABLE_FASTRPZ ++ rpz_end(&c->repinfo); ++#endif + if(c->type == comm_tcp_accept && !c->tcp_free) { + /* no use to start listening no free slots. */ + return; +diff --git a/util/netevent.h b/util/netevent.h +index d80c72b3..0233292f 100644 +--- a/util/netevent.h ++++ b/util/netevent.h +@@ -120,6 +120,10 @@ struct comm_reply { + /** return type 0 (none), 4(IP4), 6(IP6) */ + int srctype; + /* DnsCrypt context */ ++#ifdef ENABLE_FASTRPZ ++ /** per-request RPZ state */ ++ struct commreply_rpz* rpz; ++#endif + #ifdef USE_DNSCRYPT + uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; + uint8_t nmkey[crypto_box_BEFORENMBYTES]; +diff --git a/validator/validator.c b/validator/validator.c +index 4c560a8e..71de3760 100644 +--- a/validator/validator.c ++++ b/validator/validator.c +@@ -2755,6 +2755,12 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, + default: + /* NSEC proof did not work, try next */ + break; ++#ifdef ENABLE_FASTRPZ ++ case sec_status_rpz_rewritten: ++ case sec_status_rpz_drop: ++ fatal_exit("impossible RPZ sec_status"); ++ break; ++#endif + } + + sec = nsec3_prove_nods(qstate->env, ve, +@@ -2788,6 +2794,12 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, + default: + /* NSEC3 proof did not work */ + break; ++#ifdef ENABLE_FASTRPZ ++ case sec_status_rpz_rewritten: ++ case sec_status_rpz_drop: ++ fatal_exit("impossible RPZ sec_status"); ++ break; ++#endif + } + + /* Apparently, no available NSEC/NSEC3 proved NODATA, so diff --git a/contrib/unbound/contrib/libunbound.pc.in b/contrib/unbound/contrib/libunbound.pc.in index c0d1286401cc..810c571343a4 100644 --- a/contrib/unbound/contrib/libunbound.pc.in +++ b/contrib/unbound/contrib/libunbound.pc.in @@ -7,7 +7,8 @@ Name: unbound Description: Library with validating, recursive, and caching DNS resolver URL: http://www.unbound.net Version: @PACKAGE_VERSION@ -Requires: -Libs: -L${libdir} -lunbound @SSLLIB@ @LIBS@ -Libs.private: @LDFLAGS@ +Requires: libcrypto libssl @PC_LIBEVENT_DEPENDENCY@ +Requires.private: @PC_PY_DEPENDENCY@ +Libs: -L${libdir} -lunbound -lssl -lcrypto +Libs.private: @SSLLIB@ @LIBS@ Cflags: -I${includedir} diff --git a/contrib/unbound/contrib/libunbound.so.conf b/contrib/unbound/contrib/libunbound.so.conf new file mode 100644 index 000000000000..7cf26fee492e --- /dev/null +++ b/contrib/unbound/contrib/libunbound.so.conf @@ -0,0 +1,42 @@ +# See ltrace.conf(5) for description of syntax of this file. +typedef ub_type = enum(TYPE_A=1,TYPE_NS=2,TYPE_SOA=6,TYPE_MX=15,TYPE_TXT=16,TYPE_AAAA=28,TYPE_DS=43,TYPE_DNSKEY=48,TYPE_TLSA=52,TYPE_ANY=255); +typedef ub_class = enum(CLASS_IN=1,CLASS_CH=3,CLASS_NONE=254,CLASS_ANY=255); +typedef ub_rcode = enum(RCODE_NOERROR,RCODE_FORMERR,RCODE_SERVFAIL,RCODE_NXDOMAIN,RCODE_NOTIMPL,RCODE_REFUSED,RCODE_YXDOMAIN,RCODE_YXRRSET,RCODE_NXRRSET,RCODE_NOTAUTH,RCODE_NOTZONE); +typedef ub_havedata = enum(no_data, have_data); +typedef ub_nxdomain = enum(name_exists, nxdomain); +typedef ub_secure = enum(not_secure, secure); +typedef ub_bogus = enum(not_bogus, bogus); +typedef ub_result = struct(string, ub_type, ub_class, array(void*,zero)*, array(int,zero)*, string, ub_rcode, void*, int, ub_havedata, ub_nxdomain, ub_secure, ub_bogus, string, int); +typedef ub_ctx = void; +ub_ctx* ub_ctx_create(void); +void ub_ctx_delete(ub_ctx*); +int ub_ctx_set_option(ub_ctx*, string, string); +int ub_ctx_get_option(ub_ctx*, string, +string*); +int ub_ctx_config(ub_ctx*, string); +int ub_ctx_set_fwd(ub_ctx*, string); +int ub_ctx_set_tls(ub_ctx*, bool(int)); +int ub_ctx_set_stub(ub_ctx*, string, string, bool(int)); +int ub_ctx_resolvconf(ub_ctx*, string); +int ub_ctx_hosts(ub_ctx*, string); +int ub_ctx_add_ta(ub_ctx*, string); +int ub_ctx_add_ta_file(ub_ctx*, string); +int ub_ctx_add_ta_autr(ub_ctx*, string); +int ub_ctx_trustedkeys(ub_ctx*, string); +int ub_ctx_debugout(ub_ctx*, void*); +int ub_ctx_debuglevel(ub_ctx*, int); +int ub_ctx_async(ub_ctx*, bool(int)); +int ub_poll(ub_ctx*); +int ub_wait(ub_ctx*); +int ub_fd(ub_ctx*); +int ub_process(ub_ctx*); +int ub_resolve(ub_ctx*, string, ub_type, ub_class, +ub_result**); +int ub_resolve_async(ub_ctx*, string, ub_type, ub_class, void*, void*, +int*); +int ub_cancel(ub_ctx*, int); +void ub_resolve_free(ub_result*); +string ub_strerror(int); +int ub_ctx_print_local_zones(ub_ctx*); +int ub_ctx_zone_add(ub_ctx*, string, string); +int ub_ctx_zone_remove(ub_ctx*, string); +int ub_ctx_data_add(ub_ctx*, string); +int ub_ctx_data_remove(ub_ctx*, string); +string ub_version(void); diff --git a/contrib/unbound/contrib/parseunbound.pl b/contrib/unbound/contrib/parseunbound.pl index 6a6a76d6fb21..1d294b13288d 100755 --- a/contrib/unbound/contrib/parseunbound.pl +++ b/contrib/unbound/contrib/parseunbound.pl @@ -91,7 +91,7 @@ while ( scalar keys %startstats < $numthreads || scalar keys %donestats < $numth $allstats{$inthread}->{outstandingexc} = $4; } elsif ( $line =~ m/info: average recursion processing time ([0-9\.]+) sec/ ) { - $allstats{$inthread}->{recursionavg} = int($1 * 1000); # change sec to milisec. + $allstats{$inthread}->{recursionavg} = int($1 * 1000); # change sec to millisec. } elsif ( $line =~ m/info: histogram of recursion processing times/ ) { next; @@ -103,7 +103,7 @@ while ( scalar keys %startstats < $numthreads || scalar keys %donestats < $numth } elsif ( $line =~ m/info: lower\(secs\) upper\(secs\) recursions/ ) { # since after this line we're unsure if we get these numbers - # at all, we sould consider this marker as the end of the + # at all, we should consider this marker as the end of the # block. Chances that we're parsing a file halfway written # at this stage are small. Bold statement. $donestats{$inthread} = 1; diff --git a/contrib/unbound/contrib/redirect-bogus.patch b/contrib/unbound/contrib/redirect-bogus.patch new file mode 100644 index 000000000000..8f8035c4f96e --- /dev/null +++ b/contrib/unbound/contrib/redirect-bogus.patch @@ -0,0 +1,344 @@ +Index: daemon/worker.c +=================================================================== +--- daemon/worker.c (revision 4191) ++++ daemon/worker.c (working copy) +@@ -663,8 +663,21 @@ + if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, rep, + LDNS_RCODE_SERVFAIL, edns, worker->scratchpad)) + goto bail_out; +- error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, +- qinfo, id, flags, edns); ++ if (qinfo->qtype == LDNS_RR_TYPE_A && ++ worker->env.cfg->redirect_bogus_ipv4) { ++ /* BAD cached */ ++ fixed_address_encode(repinfo->c->buffer, ++ LDNS_RCODE_NOERROR, qinfo, id, flags, edns, ++ worker->env.cfg->redirect_bogus_ipv4); ++ } else if (qinfo->qtype == LDNS_RR_TYPE_AAAA && ++ worker->env.cfg->redirect_bogus_ipv6) { ++ fixed_address_encode(repinfo->c->buffer, ++ LDNS_RCODE_NOERROR, qinfo, id, flags, edns, ++ worker->env.cfg->redirect_bogus_ipv6); ++ } else { ++ error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, ++ qinfo, id, flags, edns); ++ } + rrset_array_unlock_touch(worker->env.rrset_cache, + worker->scratchpad, rep->ref, rep->rrset_count); + if(worker->stats.extended) { +Index: doc/unbound.conf.5.in +=================================================================== +--- doc/unbound.conf.5.in (revision 4191) ++++ doc/unbound.conf.5.in (working copy) +@@ -1244,6 +1244,18 @@ + This can make ordinary queries complete (if repeatedly queried for), + and enter the cache, whilst also mitigating the traffic flow by the + factor given. ++.TP 5 ++.B redirect-bogus-ipv4: \fI<IPv4 address> ++Set a fixed address for DNSSEC failures that are cached ++Instead of responding to A queries with SERVFAIL, respond ++with NOERROR and the address specified here ++The TTL of the response will be 5 seconds ++.TP 5 ++.B redirect-bogus-ipv6: \fI<IPv4 address> ++Set a fixed address for DNSSEC failures that are cached ++Instead of responding to AAAA queries with SERVFAIL, respond ++with NOERROR and the address specified here ++The TTL of the response will be 5 seconds + .SS "Remote Control Options" + In the + .B remote\-control: +Index: services/mesh.c +=================================================================== +--- services/mesh.c (revision 4191) ++++ services/mesh.c (working copy) +@@ -1006,6 +1006,7 @@ + struct timeval end_time; + struct timeval duration; + int secure; ++ int bogus_override = 0; + /* Copy the client's EDNS for later restore, to make sure the edns + * compare is with the correct edns options. */ + struct edns_data edns_bak = r->edns; +@@ -1016,6 +1017,7 @@ + rcode = LDNS_RCODE_SERVFAIL; + if(m->s.env->cfg->stat_extended) + m->s.env->mesh->ans_bogus++; ++ bogus_override = 1; + } + if(rep && rep->security == sec_status_secure) + secure = 1; +@@ -1047,17 +1049,34 @@ + } else if(rcode) { + m->s.qinfo.qname = r->qname; + m->s.qinfo.local_alias = r->local_alias; +- if(rcode == LDNS_RCODE_SERVFAIL) { +- if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, +- rep, rcode, &r->edns, m->s.region)) +- r->edns.opt_list = NULL; +- } else { +- if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, +- &r->edns, m->s.region)) +- r->edns.opt_list = NULL; ++ if(bogus_override && m->s.qinfo.qtype == LDNS_RR_TYPE_A && ++ m->s.env->cfg->redirect_bogus_ipv4) { ++ fixed_address_encode(r->query_reply.c->buffer, ++ LDNS_RCODE_NOERROR, &m->s.qinfo, r->qid, ++ r->qflags, &r->edns, ++ m->s.env->cfg->redirect_bogus_ipv4); ++ } else if(bogus_override && ++ m->s.qinfo.qtype == LDNS_RR_TYPE_AAAA && ++ m->s.env->cfg->redirect_bogus_ipv6) { ++ fixed_address_encode(r->query_reply.c->buffer, ++ LDNS_RCODE_NOERROR, &m->s.qinfo, r->qid, ++ r->qflags, &r->edns, ++ m->s.env->cfg->redirect_bogus_ipv6); ++ } else { ++ if(rcode == LDNS_RCODE_SERVFAIL) { ++ if(!inplace_cb_reply_servfail_call(m->s.env, ++ &m->s.qinfo, &m->s, ++ rep, rcode, &r->edns, m->s.region)) ++ r->edns.opt_list = NULL; ++ } else { ++ if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, ++ &m->s, rep, rcode, &r->edns, ++ m->s.region)) ++ r->edns.opt_list = NULL; ++ } ++ error_encode(r->query_reply.c->buffer, rcode, ++ &m->s.qinfo, r->qid, r->qflags, &r->edns); + } +- error_encode(r->query_reply.c->buffer, rcode, &m->s.qinfo, +- r->qid, r->qflags, &r->edns); + comm_point_send_reply(&r->query_reply); + } else { + size_t udp_size = r->edns.udp_size; +Index: util/config_file.c +=================================================================== +--- util/config_file.c (revision 4191) ++++ util/config_file.c (working copy) +@@ -273,6 +273,8 @@ + cfg->ratelimit_factor = 10; + cfg->qname_minimisation = 0; + cfg->qname_minimisation_strict = 0; ++ cfg->redirect_bogus_ipv4 = NULL; ++ cfg->redirect_bogus_ipv6 = NULL; + cfg->shm_enable = 0; + cfg->shm_key = 11777; + cfg->dnscrypt = 0; +@@ -602,6 +604,10 @@ + } + oi[cfg->num_out_ifs++] = d; + cfg->out_ifs = oi; ++ } else if (strcmp(opt, "redirect-bogus-ipv4:") == 0) { ++ cfg->redirect_bogus_ipv4 = strdup(val); ++ } else if (strcmp(opt, "redirect-bogus-ipv6:") == 0) { ++ cfg->redirect_bogus_ipv6 = strdup(val); + } else { + /* unknown or unsupported (from the set_option interface): + * interface, outgoing-interface, access-control, +@@ -1250,6 +1256,12 @@ + free(cfg->dnstap_version); + config_deldblstrlist(cfg->ratelimit_for_domain); + config_deldblstrlist(cfg->ratelimit_below_domain); ++ if (cfg->redirect_bogus_ipv4) { ++ free(cfg->redirect_bogus_ipv4); ++ } ++ if (cfg->redirect_bogus_ipv6) { ++ free(cfg->redirect_bogus_ipv6); ++ } + #ifdef USE_IPSECMOD + free(cfg->ipsecmod_hook); + config_delstrlist(cfg->ipsecmod_whitelist); +Index: util/config_file.h +=================================================================== +--- util/config_file.h (revision 4191) ++++ util/config_file.h (working copy) +@@ -444,6 +444,9 @@ + /** minimise QNAME in strict mode, minimise according to RFC. + * Do not apply fallback */ + int qname_minimisation_strict; ++ /** construct fake responses for DNSSEC failures */ ++ char *redirect_bogus_ipv4; ++ char *redirect_bogus_ipv6; + /** SHM data - true if shm is enabled */ + int shm_enable; + /** SHM data - key for the shm */ +Index: util/configlexer.lex +=================================================================== +--- util/configlexer.lex (revision 4191) ++++ util/configlexer.lex (working copy) +@@ -410,6 +410,8 @@ + response-ip-tag{COLON} { YDVAR(2, VAR_RESPONSE_IP_TAG) } + response-ip{COLON} { YDVAR(2, VAR_RESPONSE_IP) } + response-ip-data{COLON} { YDVAR(2, VAR_RESPONSE_IP_DATA) } ++redirect-bogus-ipv4{COLON} { YDVAR(1, VAR_REDIRECT_BOGUS_IPV4) } ++redirect-bogus-ipv6{COLON} { YDVAR(1, VAR_REDIRECT_BOGUS_IPV6) } + dnscrypt{COLON} { YDVAR(0, VAR_DNSCRYPT) } + dnscrypt-enable{COLON} { YDVAR(1, VAR_DNSCRYPT_ENABLE) } + dnscrypt-port{COLON} { YDVAR(1, VAR_DNSCRYPT_PORT) } +Index: util/configparser.y +=================================================================== +--- util/configparser.y (revision 4191) ++++ util/configparser.y (working copy) +@@ -44,6 +44,7 @@ + #include <stdlib.h> + #include <assert.h> + ++#include "sldns/str2wire.h" + #include "util/configyyrename.h" + #include "util/config_file.h" + #include "util/net_help.h" |