From f1b25764170d830215c154ab4f1ab79aca03df6f Mon Sep 17 00:00:00 2001 From: purplerain Date: Fri, 30 Jun 2023 10:13:54 +0000 Subject: [PATCH] sync --- lib/libc/stdlib/malloc.3 | 26 +- lib/libc/stdlib/malloc.c | 57 ++- sbin/disklabel/editor.c | 11 +- sys/dev/acpi/acpi.c | 25 +- sys/dev/acpi/acpibtn.c | 13 +- sys/dev/acpi/acpivar.h | 5 +- sys/kern/uipc_socket.c | 4 +- sys/net/pf_if.c | 4 +- sys/net/pf_ioctl.c | 136 ++++---- sys/net/pf_ruleset.c | 6 +- sys/sys/malloc.h | 6 +- usr.bin/tmux/cmd-resize-window.c | 5 +- usr.bin/tmux/format.c | 4 +- usr.bin/tmux/hyperlinks.c | 4 +- usr.bin/tmux/input.c | 6 +- usr.bin/tmux/notify.c | 6 +- usr.bin/tmux/tty-keys.c | 4 +- usr.bin/tmux/tty-term.c | 6 +- usr.sbin/btrace/bt.5 | 6 +- usr.sbin/nsd/Makefile.bsd-wrapper | 5 +- usr.sbin/nsd/Makefile.in | 344 +++++++++++-------- usr.sbin/nsd/README.md | 6 +- usr.sbin/nsd/acx_nlnetlabs.m4 | 36 +- usr.sbin/nsd/answer.h | 6 +- usr.sbin/nsd/axfr.c | 14 + usr.sbin/nsd/axfr.h | 6 +- usr.sbin/nsd/bitset.h | 6 +- usr.sbin/nsd/buffer.h | 6 +- usr.sbin/nsd/config.h.in | 3 - usr.sbin/nsd/configlexer.lex | 6 + usr.sbin/nsd/configparser.y | 18 + usr.sbin/nsd/configure | 51 ++- usr.sbin/nsd/configure.ac | 20 +- usr.sbin/nsd/dname.h | 6 +- usr.sbin/nsd/dns.h | 6 +- usr.sbin/nsd/dnstap/dnstap.c | 457 ++++++++++++++++++++++++- usr.sbin/nsd/dnstap/dnstap.h | 19 +- usr.sbin/nsd/dnstap/dnstap_collector.c | 11 +- usr.sbin/nsd/doc/ChangeLog | 83 +++++ usr.sbin/nsd/doc/README | 10 +- usr.sbin/nsd/doc/RELNOTES | 41 +++ usr.sbin/nsd/edns.h | 6 +- usr.sbin/nsd/ixfr.c | 49 ++- usr.sbin/nsd/ixfr.h | 6 +- usr.sbin/nsd/ixfrcreate.c | 4 +- usr.sbin/nsd/ixfrcreate.h | 6 +- usr.sbin/nsd/namedb.h | 6 +- usr.sbin/nsd/netio.h | 6 +- usr.sbin/nsd/nsd-checkconf.8.in | 2 +- usr.sbin/nsd/nsd-checkconf.c | 19 +- usr.sbin/nsd/nsd-checkzone.8.in | 2 +- usr.sbin/nsd/nsd-control.8.in | 2 +- usr.sbin/nsd/nsd-control.c | 67 +++- usr.sbin/nsd/nsd.8.in | 4 +- usr.sbin/nsd/nsd.c | 2 + usr.sbin/nsd/nsd.conf.5.in | 19 +- usr.sbin/nsd/nsd.conf.sample.in | 7 + usr.sbin/nsd/nsd.h | 6 +- usr.sbin/nsd/options.c | 6 + usr.sbin/nsd/options.h | 12 + usr.sbin/nsd/packet.h | 6 +- usr.sbin/nsd/popen3.h | 6 +- usr.sbin/nsd/query.h | 6 +- usr.sbin/nsd/rbtree.h | 6 +- usr.sbin/nsd/rdata.h | 6 +- usr.sbin/nsd/region-allocator.h | 6 +- usr.sbin/nsd/remote.c | 66 +++- usr.sbin/nsd/server.c | 19 +- usr.sbin/nsd/tsig-openssl.h | 6 +- usr.sbin/nsd/tsig.h | 6 +- usr.sbin/nsd/util.h | 6 +- usr.sbin/nsd/verify.c | 9 +- usr.sbin/nsd/verify.h | 6 +- usr.sbin/nsd/xfrd-disk.c | 12 +- usr.sbin/nsd/xfrd-tcp.c | 19 +- usr.sbin/nsd/xfrd.c | 29 +- usr.sbin/nsd/zonec.c | 8 - usr.sbin/nsd/zonec.h | 6 +- usr.sbin/relayd/pfe_filter.c | 5 +- 79 files changed, 1435 insertions(+), 523 deletions(-) diff --git a/lib/libc/stdlib/malloc.3 b/lib/libc/stdlib/malloc.3 index 79e85f39e..88a8264da 100644 --- a/lib/libc/stdlib/malloc.3 +++ b/lib/libc/stdlib/malloc.3 @@ -30,9 +30,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: malloc.3,v 1.135 2023/06/23 05:26:45 otto Exp $ +.\" $OpenBSD: malloc.3,v 1.136 2023/06/30 06:24:58 otto Exp $ .\" -.Dd $Mdocdate: June 23 2023 $ +.Dd $Mdocdate: June 30 2023 $ .Dt MALLOC 3 .Os .Sh NAME @@ -294,6 +294,17 @@ To record the dump: To view the leak report: .Pp .Dl $ kdump -u malloc ... +.Pp +By default, the immediate caller of a +.Nm +function will be recorded. +Use malloc options +.Cm 2 +or +.Cm 3 +to record the caller one or two stack frames deeper instead. +These malloc options imply +.Cm D . .It Cm F .Dq Freecheck . Enable more extensive double free and use after free detection. @@ -813,3 +824,14 @@ and .Fn realloc to avoid these problems on .Ox . +.Pp +The mechanism to record caller functions when using malloc options +.Cm 2 +or +.Cm 3 +is not guaranteed to work for all platforms, compilers or compilation +options, +and might even crash your program. +Use +.Em only +for debugging purposes. diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c index 34b2bb5e6..c09e1541e 100644 --- a/lib/libc/stdlib/malloc.c +++ b/lib/libc/stdlib/malloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: malloc.c,v 1.288 2023/06/23 05:26:45 otto Exp $ */ +/* $OpenBSD: malloc.c,v 1.289 2023/06/30 06:24:58 otto Exp $ */ /* * Copyright (c) 2008, 2010, 2011, 2016, 2023 Otto Moerbeek * Copyright (c) 2012 Matthew Dempsky @@ -255,7 +255,37 @@ void malloc_dump(void); PROTO_NORMAL(malloc_dump); static void malloc_exit(void); #endif -#define CALLER (DO_STATS ? __builtin_return_address(0) : NULL) + +#if defined(__aarch64__) || \ + defined(__amd64__) || \ + defined(__arm__) +static inline void* caller(void) +{ + void *p; + + switch (DO_STATS) { + case 0: + default: + return NULL; + case 1: + p = __builtin_return_address(0); + break; + case 2: + p = __builtin_return_address(1); + break; + case 3: + p = __builtin_return_address(2); + break; + } + return __builtin_extract_return_addr(p); +} +#else +static inline void* caller(void) +{ + return DO_STATS == 0 ? NULL : + __builtin_extract_return_addr(__builtin_return_address(0)); +} +#endif /* low bits of r->p determine size: 0 means >= page size and r->size holding * real size, otherwise low bits is the bucket + 1 @@ -365,8 +395,15 @@ omalloc_parseopt(char opt) mopts.malloc_stats = 0; break; case 'D': + case '1': mopts.malloc_stats = 1; break; + case '2': + mopts.malloc_stats = 2; + break; + case '3': + mopts.malloc_stats = 3; + break; #endif /* MALLOC_STATS */ case 'f': mopts.malloc_freecheck = 0; @@ -1436,7 +1473,7 @@ malloc(size_t size) int saved_errno = errno; PROLOGUE(getpool(), "malloc") - r = omalloc(d, size, 0, CALLER); + r = omalloc(d, size, 0, caller()); EPILOGUE() return r; } @@ -1450,7 +1487,7 @@ malloc_conceal(size_t size) int saved_errno = errno; PROLOGUE(mopts.malloc_pool[0], "malloc_conceal") - r = omalloc(d, size, 0, CALLER); + r = omalloc(d, size, 0, caller()); EPILOGUE() return r; } @@ -1860,7 +1897,7 @@ realloc(void *ptr, size_t size) int saved_errno = errno; PROLOGUE(getpool(), "realloc") - r = orealloc(&d, ptr, size, CALLER); + r = orealloc(&d, ptr, size, caller()); EPILOGUE() return r; } @@ -1891,7 +1928,7 @@ calloc(size_t nmemb, size_t size) } size *= nmemb; - r = omalloc(d, size, 1, CALLER); + r = omalloc(d, size, 1, caller()); EPILOGUE() return r; } @@ -1916,7 +1953,7 @@ calloc_conceal(size_t nmemb, size_t size) } size *= nmemb; - r = omalloc(d, size, 1, CALLER); + r = omalloc(d, size, 1, caller()); EPILOGUE() return r; } @@ -2072,7 +2109,7 @@ recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size) oldsize = oldnmemb * size; } - r = orecallocarray(&d, ptr, oldsize, newsize, CALLER); + r = orecallocarray(&d, ptr, oldsize, newsize, caller()); EPILOGUE() return r; } @@ -2204,7 +2241,7 @@ posix_memalign(void **memptr, size_t alignment, size_t size) malloc_recurse(d); goto err; } - r = omemalign(d, alignment, size, 0, CALLER); + r = omemalign(d, alignment, size, 0, caller()); d->active--; _MALLOC_UNLOCK(d->mutex); if (r == NULL) { @@ -2242,7 +2279,7 @@ aligned_alloc(size_t alignment, size_t size) } PROLOGUE(getpool(), "aligned_alloc") - r = omemalign(d, alignment, size, 0, CALLER); + r = omemalign(d, alignment, size, 0, caller()); EPILOGUE() return r; } diff --git a/sbin/disklabel/editor.c b/sbin/disklabel/editor.c index a84900331..998f994aa 100644 --- a/sbin/disklabel/editor.c +++ b/sbin/disklabel/editor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: editor.c,v 1.412 2023/06/28 12:12:48 krw Exp $ */ +/* $OpenBSD: editor.c,v 1.413 2023/06/29 20:10:11 krw Exp $ */ /* * Copyright (c) 1997-2000 Todd C. Miller @@ -677,11 +677,12 @@ allocate_space(struct disklabel *lp, const struct alloc_table *alloc_table) mpfree(mountpoints, KEEP); for (i = 0; i < alloc_table->sz; i++) { - if (sa[i].rate < 100) { + if (sa[i].rate == 100) + maxsz = sa[i].minsz + xtrablks; + else maxsz = sa[i].minsz + (xtrablks / 100) * sa[i].rate; - if (maxsz < sa[i].maxsz) - sa[i].maxsz = maxsz; - } + if (maxsz < sa[i].maxsz) + sa[i].maxsz = maxsz; if (allocate_partition(lp, &sa[i])) { mpfree(mountpoints, KEEP); return 1; diff --git a/sys/dev/acpi/acpi.c b/sys/dev/acpi/acpi.c index 3bedd6967..42cd7bfdb 100644 --- a/sys/dev/acpi/acpi.c +++ b/sys/dev/acpi/acpi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: acpi.c,v 1.420 2023/03/15 13:01:40 kettenis Exp $ */ +/* $OpenBSD: acpi.c,v 1.421 2023/06/29 20:58:08 dv Exp $ */ /* * Copyright (c) 2005 Thorsten Lockert * Copyright (c) 2005 Jordan Hargrave @@ -2264,7 +2264,7 @@ acpi_enable_wakegpes(struct acpi_softc *sc, int state) dnprintf(10, "%.4s(S%d) gpe %.2x\n", wentry->q_node->name, wentry->q_state, wentry->q_gpe); - if (state <= wentry->q_state) + if (wentry->q_enabled && state <= wentry->q_state) acpi_enable_onegpe(sc, wentry->q_gpe); } } @@ -2354,11 +2354,32 @@ acpi_foundprw(struct aml_node *node, void *arg) wq->q_gpe = wq->q_wakepkg->v_package[0]->v_integer; if (wq->q_wakepkg->v_package[1]->type == AML_OBJTYPE_INTEGER) wq->q_state = wq->q_wakepkg->v_package[1]->v_integer; + wq->q_enabled = 0; } SIMPLEQ_INSERT_TAIL(&sc->sc_wakedevs, wq, q_next); return 0; } +int +acpi_toggle_wakedev(struct acpi_softc *sc, struct aml_node *node, int enable) +{ + struct acpi_wakeq *wentry; + int ret = -1; + + SIMPLEQ_FOREACH(wentry, &sc->sc_wakedevs, q_next) { + if (wentry->q_node == node) { + wentry->q_enabled = enable ? 1 : 0; + dnprintf(10, "%.4s(S%d) gpe %.2x %sabled\n", + wentry->q_node->name, wentry->q_state, + wentry->q_gpe, enable ? "en" : "dis"); + ret = 0; + break; + } + } + + return ret; +} + struct gpe_block * acpi_find_gpe(struct acpi_softc *sc, int gpe) { diff --git a/sys/dev/acpi/acpibtn.c b/sys/dev/acpi/acpibtn.c index a16cb32ab..373f05e13 100644 --- a/sys/dev/acpi/acpibtn.c +++ b/sys/dev/acpi/acpibtn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: acpibtn.c,v 1.50 2023/04/03 13:38:18 millert Exp $ */ +/* $OpenBSD: acpibtn.c,v 1.51 2023/06/29 20:58:08 dv Exp $ */ /* * Copyright (c) 2005 Marco Peereboom * @@ -168,7 +168,7 @@ acpibtn_attach(struct device *parent, struct device *self, void *aux) sc->sc_acpi = (struct acpi_softc *)parent; sc->sc_devnode = aa->aaa_node; - printf(": %s\n", sc->sc_devnode->name); + printf(": %s", sc->sc_devnode->name); if (aml_evalinteger(sc->sc_acpi, sc->sc_devnode, "_STA", 0, NULL, &st)) st = STA_PRESENT | STA_ENABLED | STA_DEV_OK; @@ -203,6 +203,15 @@ acpibtn_attach(struct device *parent, struct device *self, void *aux) sc->sc_sens.value = lid_open; } + /* Enable any related GPEs for wake. */ + if (acpi_toggle_wakedev(sc->sc_acpi, sc->sc_devnode, 1) == 0) { +#ifdef SUSPEND + device_register_wakeup(self); + printf("(wakeup)"); +#endif /* SUSPEND */ + } + + printf("\n"); aml_register_notify(sc->sc_devnode, aa->aaa_dev, acpibtn_notify, sc, ACPIDEV_NOPOLL); } diff --git a/sys/dev/acpi/acpivar.h b/sys/dev/acpi/acpivar.h index a9b4a2ae9..d783dd26d 100644 --- a/sys/dev/acpi/acpivar.h +++ b/sys/dev/acpi/acpivar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: acpivar.h,v 1.122 2022/09/13 17:14:54 kettenis Exp $ */ +/* $OpenBSD: acpivar.h,v 1.123 2023/06/29 20:58:08 dv Exp $ */ /* * Copyright (c) 2005 Thorsten Lockert * @@ -105,6 +105,7 @@ struct acpi_wakeq { struct aml_value *q_wakepkg; int q_gpe; int q_state; + int q_enabled; }; #if NACPIPWRRES > 0 @@ -415,6 +416,8 @@ struct acpi_q *acpi_maptable(struct acpi_softc *sc, paddr_t, bus_dma_tag_t acpi_iommu_device_map(struct aml_node *, bus_dma_tag_t); +int acpi_toggle_wakedev(struct acpi_softc *, struct aml_node *, int); + #endif #endif /* !_ACPI_WAKECODE */ diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 0c3b5bb52..978bfff87 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_socket.c,v 1.303 2023/04/28 12:53:42 bluhm Exp $ */ +/* $OpenBSD: uipc_socket.c,v 1.304 2023/06/30 11:52:11 mvs Exp $ */ /* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */ /* @@ -406,7 +406,7 @@ drop: while (so->so_newconn > 0) { so->so_state |= SS_NEWCONN_WAIT; sosleep_nsec(so, &so->so_newconn, PSOCK, - "netlck", INFSLP); + "newcon", INFSLP); } } diff --git a/sys/net/pf_if.c b/sys/net/pf_if.c index 746615074..046cc818b 100644 --- a/sys/net/pf_if.c +++ b/sys/net/pf_if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_if.c,v 1.110 2023/05/18 14:11:18 kn Exp $ */ +/* $OpenBSD: pf_if.c,v 1.111 2023/06/30 09:58:30 mvs Exp $ */ /* * Copyright 2005 Henning Brauer @@ -92,7 +92,7 @@ RB_PROTOTYPE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare); RB_GENERATE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare); #define PFI_BUFFER_MAX 0x10000 -#define PFI_MTYPE M_IFADDR +#define PFI_MTYPE M_PF struct pfi_kif * pfi_kif_alloc(const char *kif_name, int mflags) diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 6ec6d273b..521a3d916 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.410 2023/06/28 21:33:35 sashan Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.411 2023/06/30 09:58:30 mvs Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -661,7 +661,7 @@ pf_create_queues(void) if (ifp == NULL) continue; - qif = malloc(sizeof(*qif), M_TEMP, M_WAITOK); + qif = malloc(sizeof(*qif), M_PF, M_WAITOK); qif->ifp = ifp; if (q->flags & PFQS_ROOTCLASS) { @@ -716,7 +716,7 @@ pf_create_queues(void) ifp = qif->ifp; ifq_attach(&ifp->if_snd, qif->ifqops, qif->disc); - free(qif, M_TEMP, sizeof(*qif)); + free(qif, M_PF, sizeof(*qif)); } return (0); @@ -727,7 +727,7 @@ error: list = qif->next; qif->pfqops->pfq_free(qif->disc); - free(qif, M_TEMP, sizeof(*qif)); + free(qif, M_PF, sizeof(*qif)); } return (error); @@ -2486,8 +2486,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = ENODEV; goto fail; } - ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK); - table = malloc(sizeof(*table), M_TEMP, M_WAITOK); + ioe = malloc(sizeof(*ioe), M_PF, M_WAITOK); + table = malloc(sizeof(*table), M_PF, M_WAITOK); NET_LOCK(); PF_LOCK(); pf_default_rule_new = pf_default_rule; @@ -2496,15 +2496,15 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) memset(&pf_trans_set, 0, sizeof(pf_trans_set)); for (i = 0; i < io->size; i++) { if (copyin(io->array+i, ioe, sizeof(*ioe))) { - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EFAULT; goto fail; } if (strnlen(ioe->anchor, sizeof(ioe->anchor)) == sizeof(ioe->anchor)) { - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = ENAMETOOLONG; goto fail; } @@ -2519,8 +2519,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) &ioe->ticket, NULL, 0))) { PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); goto fail; } break; @@ -2529,30 +2529,30 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) ioe->anchor))) { PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); goto fail; } break; default: PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EINVAL; goto fail; } PF_UNLOCK(); NET_UNLOCK(); if (copyout(ioe, io->array+i, sizeof(io->array[i]))) { - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EFAULT; goto fail; } } - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); break; } @@ -2566,19 +2566,19 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = ENODEV; goto fail; } - ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK); - table = malloc(sizeof(*table), M_TEMP, M_WAITOK); + ioe = malloc(sizeof(*ioe), M_PF, M_WAITOK); + table = malloc(sizeof(*table), M_PF, M_WAITOK); for (i = 0; i < io->size; i++) { if (copyin(io->array+i, ioe, sizeof(*ioe))) { - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EFAULT; goto fail; } if (strnlen(ioe->anchor, sizeof(ioe->anchor)) == sizeof(ioe->anchor)) { - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = ENAMETOOLONG; goto fail; } @@ -2593,8 +2593,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) ioe->ticket, NULL, 0))) { PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); goto fail; /* really bad */ } break; @@ -2604,16 +2604,16 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) default: PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EINVAL; goto fail; /* really bad */ } PF_UNLOCK(); NET_UNLOCK(); } - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); break; } @@ -2628,20 +2628,20 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) error = ENODEV; goto fail; } - ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK); - table = malloc(sizeof(*table), M_TEMP, M_WAITOK); + ioe = malloc(sizeof(*ioe), M_PF, M_WAITOK); + table = malloc(sizeof(*table), M_PF, M_WAITOK); /* first makes sure everything will succeed */ for (i = 0; i < io->size; i++) { if (copyin(io->array+i, ioe, sizeof(*ioe))) { - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EFAULT; goto fail; } if (strnlen(ioe->anchor, sizeof(ioe->anchor)) == sizeof(ioe->anchor)) { - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = ENAMETOOLONG; goto fail; } @@ -2654,8 +2654,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) rs->tticket) { PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EBUSY; goto fail; } @@ -2668,8 +2668,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) ioe->ticket) { PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EBUSY; goto fail; } @@ -2677,8 +2677,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) default: PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EINVAL; goto fail; } @@ -2697,8 +2697,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) pf_pool_limits[i].limit_new) { PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EBUSY; goto fail; } @@ -2708,15 +2708,15 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) PF_UNLOCK(); NET_UNLOCK(); if (copyin(io->array+i, ioe, sizeof(*ioe))) { - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EFAULT; goto fail; } if (strnlen(ioe->anchor, sizeof(ioe->anchor)) == sizeof(ioe->anchor)) { - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = ENAMETOOLONG; goto fail; } @@ -2731,8 +2731,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) NULL, NULL, 0))) { PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); goto fail; /* really bad */ } break; @@ -2741,16 +2741,16 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) ioe->anchor))) { PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); goto fail; /* really bad */ } break; default: PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EINVAL; goto fail; /* really bad */ } @@ -2762,8 +2762,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) pf_pool_limits[i].limit_new, NULL, 0) != 0) { PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); error = EBUSY; goto fail; /* really bad */ } @@ -2782,8 +2782,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) pf_trans_set_commit(); PF_UNLOCK(); NET_UNLOCK(); - free(table, M_TEMP, sizeof(*table)); - free(ioe, M_TEMP, sizeof(*ioe)); + free(table, M_PF, sizeof(*table)); + free(ioe, M_PF, sizeof(*ioe)); break; } @@ -2793,7 +2793,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) u_int32_t nr = 0; size_t space = psn->psn_len; - pstore = malloc(sizeof(*pstore), M_TEMP, M_WAITOK); + pstore = malloc(sizeof(*pstore), M_PF, M_WAITOK); NET_LOCK(); PF_LOCK(); @@ -2803,7 +2803,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) psn->psn_len = sizeof(struct pf_src_node) * nr; PF_UNLOCK(); NET_UNLOCK(); - free(pstore, M_TEMP, sizeof(*pstore)); + free(pstore, M_PF, sizeof(*pstore)); goto fail; } @@ -2838,7 +2838,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) if (error) { PF_UNLOCK(); NET_UNLOCK(); - free(pstore, M_TEMP, sizeof(*pstore)); + free(pstore, M_PF, sizeof(*pstore)); goto fail; } p++; @@ -2848,7 +2848,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) PF_UNLOCK(); NET_UNLOCK(); - free(pstore, M_TEMP, sizeof(*pstore)); + free(pstore, M_PF, sizeof(*pstore)); break; } @@ -2941,7 +2941,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) } if ((kif_buf = mallocarray(sizeof(*kif_buf), apfiio_size, - M_TEMP, M_WAITOK|M_CANFAIL)) == NULL) { + M_PF, M_WAITOK|M_CANFAIL)) == NULL) { error = EINVAL; goto fail; } @@ -2954,7 +2954,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) if (copyout(kif_buf, io->pfiio_buffer, sizeof(*kif_buf) * io->pfiio_size)) error = EFAULT; - free(kif_buf, M_TEMP, sizeof(*kif_buf) * apfiio_size); + free(kif_buf, M_PF, sizeof(*kif_buf) * apfiio_size); break; } @@ -3264,7 +3264,7 @@ pf_open_trans(uint32_t unit) rw_assert_wrlock(&pfioctl_rw); - t = malloc(sizeof(*t), M_TEMP, M_WAITOK|M_ZERO); + t = malloc(sizeof(*t), M_PF, M_WAITOK|M_ZERO); t->pft_unit = unit; t->pft_ticket = ticket++; @@ -3320,7 +3320,7 @@ pf_free_trans(struct pf_trans *t) log(LOG_ERR, "%s unknown transaction type: %d\n", __func__, t->pft_type); } - free(t, M_TEMP, sizeof(*t)); + free(t, M_PF, sizeof(*t)); } void diff --git a/sys/net/pf_ruleset.c b/sys/net/pf_ruleset.c index 01b752237..34673cf21 100644 --- a/sys/net/pf_ruleset.c +++ b/sys/net/pf_ruleset.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ruleset.c,v 1.20 2023/04/28 14:08:38 sashan Exp $ */ +/* $OpenBSD: pf_ruleset.c,v 1.21 2023/06/30 09:58:30 mvs Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -57,8 +57,8 @@ #ifdef _KERNEL -#define rs_malloc(x) malloc(x, M_TEMP, M_WAITOK|M_CANFAIL|M_ZERO) -#define rs_free(x, siz) free(x, M_TEMP, siz) +#define rs_malloc(x) malloc(x, M_PF, M_WAITOK|M_CANFAIL|M_ZERO) +#define rs_free(x, siz) free(x, M_PF, siz) #define rs_pool_get_anchor() pool_get(&pf_anchor_pl, \ PR_WAITOK|PR_LIMITFAIL|PR_ZERO) #define rs_pool_put_anchor(x) pool_put(&pf_anchor_pl, x) diff --git a/sys/sys/malloc.h b/sys/sys/malloc.h index 832fec21c..14a6ff918 100644 --- a/sys/sys/malloc.h +++ b/sys/sys/malloc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: malloc.h,v 1.123 2023/06/27 21:02:13 mvs Exp $ */ +/* $OpenBSD: malloc.h,v 1.124 2023/06/30 09:58:30 mvs Exp $ */ /* $NetBSD: malloc.h,v 1.39 1998/07/12 19:52:01 augustss Exp $ */ /* @@ -68,7 +68,7 @@ /* 3 - free */ #define M_PCB 4 /* protocol control block */ #define M_RTABLE 5 /* routing tables */ -/* 6 - free */ +#define M_PF 6 /* packet filter structures */ /* 7 - free */ /* 8 - free */ #define M_IFADDR 9 /* interface address */ @@ -186,7 +186,7 @@ NULL, \ "pcb", /* 4 M_PCB */ \ "rtable", /* 5 M_RTABLE */ \ - NULL, /* 6 */ \ + "pf", /* 6 M_PF */ \ NULL, \ NULL, \ "ifaddr", /* 9 M_IFADDR */ \ diff --git a/usr.bin/tmux/cmd-resize-window.c b/usr.bin/tmux/cmd-resize-window.c index 980bb3543..a89750607 100644 --- a/usr.bin/tmux/cmd-resize-window.c +++ b/usr.bin/tmux/cmd-resize-window.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmd-resize-window.c,v 1.9 2021/08/27 17:15:57 nicm Exp $ */ +/* $OpenBSD: cmd-resize-window.c,v 1.10 2023/06/30 13:19:32 nicm Exp $ */ /* * Copyright (c) 2018 Nicholas Marriott @@ -53,8 +53,7 @@ cmd_resize_window_exec(struct cmd *self, struct cmdq_item *item) struct session *s = target->s; const char *errstr; char *cause; - u_int adjust, sx, sy; - int xpixel = -1, ypixel = -1; + u_int adjust, sx, sy, xpixel = 0, ypixel = 0; if (args_count(args) == 0) adjust = 1; diff --git a/usr.bin/tmux/format.c b/usr.bin/tmux/format.c index 7420ec114..404a6080a 100644 --- a/usr.bin/tmux/format.c +++ b/usr.bin/tmux/format.c @@ -1,4 +1,4 @@ -/* $OpenBSD: format.c,v 1.313 2023/05/19 07:46:34 nicm Exp $ */ +/* $OpenBSD: format.c,v 1.314 2023/06/30 13:19:32 nicm Exp $ */ /* * Copyright (c) 2011 Nicholas Marriott @@ -3813,7 +3813,7 @@ format_build_modifiers(struct format_expand_state *es, const char **s, argc = 0; /* Single argument with no wrapper character. */ - if (!ispunct(cp[1]) || cp[1] == '-') { + if (!ispunct((u_char)cp[1]) || cp[1] == '-') { end = format_skip(cp + 1, ":;"); if (end == NULL) break; diff --git a/usr.bin/tmux/hyperlinks.c b/usr.bin/tmux/hyperlinks.c index 4f2585e9e..ea0e7db73 100644 --- a/usr.bin/tmux/hyperlinks.c +++ b/usr.bin/tmux/hyperlinks.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hyperlinks.c,v 1.2 2022/07/06 07:36:36 nicm Exp $ */ +/* $OpenBSD: hyperlinks.c,v 1.3 2023/06/30 13:19:32 nicm Exp $ */ /* * Copyright (c) 2021 Will @@ -43,7 +43,7 @@ #define MAX_HYPERLINKS 5000 -static uint64_t hyperlinks_next_external_id = 1; +static long long hyperlinks_next_external_id = 1; static u_int global_hyperlinks_count; struct hyperlinks_uri { diff --git a/usr.bin/tmux/input.c b/usr.bin/tmux/input.c index 422e1ceb5..ebb3847dc 100644 --- a/usr.bin/tmux/input.c +++ b/usr.bin/tmux/input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: input.c,v 1.215 2023/06/25 15:53:07 nicm Exp $ */ +/* $OpenBSD: input.c,v 1.216 2023/06/30 13:19:32 nicm Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott @@ -2842,9 +2842,11 @@ input_reply_clipboard(struct bufferevent *bev, const char *buf, size_t len, const char *end) { char *out = NULL; - size_t outlen = 0; + int outlen = 0; if (buf != NULL && len != 0) { + if (len >= ((size_t)INT_MAX * 3 / 4) - 1) + return; outlen = 4 * ((len + 2) / 3) + 1; out = xmalloc(outlen); if ((outlen = b64_ntop(buf, len, out, outlen)) == -1) { diff --git a/usr.bin/tmux/notify.c b/usr.bin/tmux/notify.c index 8fc370442..c019d7240 100644 --- a/usr.bin/tmux/notify.c +++ b/usr.bin/tmux/notify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: notify.c,v 1.43 2022/10/28 13:00:02 nicm Exp $ */ +/* $OpenBSD: notify.c,v 1.44 2023/06/30 13:19:32 nicm Exp $ */ /* * Copyright (c) 2012 George Nachman @@ -194,7 +194,7 @@ notify_add(const char *name, struct cmd_find_state *fs, struct client *c, ne->client = c; ne->session = s; ne->window = w; - ne->pane = (wp != NULL ? wp->id : -1); + ne->pane = (wp != NULL ? (int)wp->id : -1); ne->pbname = (pbname != NULL ? xstrdup(pbname) : NULL); ne->formats = format_create(NULL, NULL, 0, FORMAT_NOJOBS); @@ -241,7 +241,7 @@ notify_hook(struct cmdq_item *item, const char *name) ne.client = cmdq_get_client(item); ne.session = target->s; ne.window = target->w; - ne.pane = (target->wp != NULL ? target->wp->id : -1); + ne.pane = (target->wp != NULL ? (int)target->wp->id : -1); ne.formats = format_create(NULL, NULL, 0, FORMAT_NOJOBS); format_add(ne.formats, "hook", "%s", name); diff --git a/usr.bin/tmux/tty-keys.c b/usr.bin/tmux/tty-keys.c index 6d86f14b8..f72c6b36f 100644 --- a/usr.bin/tmux/tty-keys.c +++ b/usr.bin/tmux/tty-keys.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tty-keys.c,v 1.166 2023/04/17 17:57:35 nicm Exp $ */ +/* $OpenBSD: tty-keys.c,v 1.167 2023/06/30 13:19:32 nicm Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott @@ -1160,7 +1160,7 @@ tty_keys_clipboard(struct tty *tty, const char *buf, size_t len, size_t *size) { struct client *c = tty->client; struct window_pane *wp; - size_t end, terminator, needed; + size_t end, terminator = 0, needed; char *copy, *out; int outlen; u_int i; diff --git a/usr.bin/tmux/tty-term.c b/usr.bin/tmux/tty-term.c index fc0f4762f..6ca24f4a2 100644 --- a/usr.bin/tmux/tty-term.c +++ b/usr.bin/tmux/tty-term.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tty-term.c,v 1.98 2023/04/28 05:59:35 nicm Exp $ */ +/* $OpenBSD: tty-term.c,v 1.99 2023/06/30 13:19:32 nicm Exp $ */ /* * Copyright (c) 2008 Nicholas Marriott @@ -709,7 +709,7 @@ tty_term_read_list(const char *name, int fd, char ***caps, u_int *ncaps, s = tmp; break; case TTYCODE_FLAG: - n = tigetflag((char *) ent->name); + n = tigetflag((char *)ent->name); if (n == -1) continue; if (n) @@ -717,6 +717,8 @@ tty_term_read_list(const char *name, int fd, char ***caps, u_int *ncaps, else s = "0"; break; + default: + fatalx("unknown capability type"); } *caps = xreallocarray(*caps, (*ncaps) + 1, sizeof **caps); xasprintf(&(*caps)[*ncaps], "%s=%s", ent->name, s); diff --git a/usr.sbin/btrace/bt.5 b/usr.sbin/btrace/bt.5 index 12ae54c71..76ae8e6ef 100644 --- a/usr.sbin/btrace/bt.5 +++ b/usr.sbin/btrace/bt.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bt.5,v 1.15 2023/06/27 14:13:33 claudio Exp $ +.\" $OpenBSD: bt.5,v 1.16 2023/06/30 13:31:37 jsg Exp $ .\" .\" Copyright (c) 2019 Martin Pieuchot .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 27 2023 $ +.Dd $Mdocdate: June 30 2023 $ .Dt BT 5 .Os .Sh NAME @@ -167,7 +167,7 @@ Set all values from to 0. .El .Pp -The following functions only work on a sepcific map entry. +The following functions only work on a specific map entry. .Bl -tag -width "lhist(value, min, max, step)" .It "@map[key]" = Fn count Increase the stored value for diff --git a/usr.sbin/nsd/Makefile.bsd-wrapper b/usr.sbin/nsd/Makefile.bsd-wrapper index f5042fc31..bf3c46a87 100644 --- a/usr.sbin/nsd/Makefile.bsd-wrapper +++ b/usr.sbin/nsd/Makefile.bsd-wrapper @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.bsd-wrapper,v 1.19 2021/06/30 11:50:22 deraadt Exp $ +# $OpenBSD: Makefile.bsd-wrapper,v 1.20 2023/06/29 19:38:49 florian Exp $ .include @@ -21,8 +21,7 @@ CONFIGURE_OPTS= --prefix=/usr \ --with-xfrdir=${CHROOTDIR}/run/xfr \ --with-xfrdfile=${CHROOTDIR}/run/xfrd.state \ --with-libevent=/usr \ - --enable-ratelimit \ - --enable-root-server + --enable-ratelimit PROG= nsd nsd-checkconf nsd-checkzone nsd-control diff --git a/usr.sbin/nsd/Makefile.in b/usr.sbin/nsd/Makefile.in index 96d0784f6..9b6c8b593 100644 --- a/usr.sbin/nsd/Makefile.in +++ b/usr.sbin/nsd/Makefile.in @@ -356,6 +356,15 @@ configlexer.c: $(srcdir)/configlexer.lex configparser.c configparser.h: $(srcdir)/configparser.y $(YACC) -d -p c_ -o configparser.c $(srcdir)/configparser.y +# for build to run flex and bison before compiling code that needs the headers +configlexer.o: configlexer.c config.h configparser.h +configparser.o: configparser.c config.h configparser.h +options.o: $(srcdir)/options.c config.h configparser.h +zlexer.o: zlexer.c config.h zparser.h +zparser.o: zparser.c config.h zparser.h +dns.o: $(srcdir)/dns.c config.h zparser.h +zonec.o: $(srcdir)/zonec.c config.h zparser.h + # dnstap dnstap.o: $(srcdir)/dnstap/dnstap.c config.h dnstap/dnstap_config.h \ dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h $(srcdir)/dnstap/dnstap.h \ @@ -367,7 +376,7 @@ dnstap_collector.o: $(srcdir)/dnstap/dnstap_collector.c config.h \ $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/region-allocator.h \ $(srcdir)/buffer.h $(srcdir)/namedb.h $(srcdir)/dname.h \ $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h \ - $(srcdir)/options.h + $(srcdir)/options.h $(srcdir)/remote.h dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto @-if test ! -d dnstap; then $(INSTALL) -d dnstap; fi $(PROTOC_C) --c_out=. --proto_path=$(srcdir) $(srcdir)/dnstap/dnstap.proto @@ -414,134 +423,159 @@ depend: rm -f $(DEPEND_TMP) $(DEPEND_TMP2) # Dependencies -answer.o: $(srcdir)/answer.c config.h $(srcdir)/answer.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/query.h $(srcdir)/nsd.h \ - $(srcdir)/edns.h $(srcdir)/tsig.h -ixfr.o: $(srcdir)/ixfr.c config.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/rdata.h $(srcdir)/axfr.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/nsd.h $(srcdir)/tsig.h $(srcdir)/dns.h $(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/buffer.h $(srcdir)/util.h -ixfrcreate.o: $(srcdir)/ixfrcreate.c config.h $(srcdir)/ixfrcreate.h $(srcdir)/namedb.h $(srcdir)/ixfr.h $(srcdir)/options.h $(srcdir)/dname.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/buffer.h $(srcdir)/util.h -axfr.o: $(srcdir)/axfr.c config.h $(srcdir)/axfr.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/rbtree.h \ - $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/options.h $(srcdir)/ixfr.h -buffer.o: $(srcdir)/buffer.c config.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h +answer.o: $(srcdir)/answer.c config.h $(srcdir)/answer.h $(srcdir)/dns.h $(srcdir)/namedb.h \ + $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h \ + $(srcdir)/query.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/tsig.h +axfr.o: $(srcdir)/axfr.c config.h $(srcdir)/axfr.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/options.h $(srcdir)/ixfr.h +bitset.o: $(srcdir)/bitset.c config.h $(srcdir)/bitset.h +buffer.o: $(srcdir)/buffer.c config.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \ + $(srcdir)/util.h configlexer.o: configlexer.c config.h $(srcdir)/options.h \ $(srcdir)/region-allocator.h $(srcdir)/rbtree.h configparser.h -configparser.o: configparser.c config.h $(srcdir)/options.h $(srcdir)/region-allocator.h \ - $(srcdir)/rbtree.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/tsig.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dns.h \ - $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h -dbaccess.o: $(srcdir)/dbaccess.c config.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/options.h $(srcdir)/rdata.h $(srcdir)/udb.h \ - $(srcdir)/udbradtree.h $(srcdir)/udbzone.h $(srcdir)/zonec.h $(srcdir)/nsec3.h $(srcdir)/difffile.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/ixfr.h $(srcdir)/ixfrcreate.h +configparser.o: configparser.c config.h $(srcdir)/options.h \ + $(srcdir)/region-allocator.h $(srcdir)/rbtree.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/tsig.h $(srcdir)/rrl.h $(srcdir)/query.h \ + $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h configparser.h +dbaccess.o: $(srcdir)/dbaccess.c config.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/options.h $(srcdir)/rdata.h \ + $(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/udbzone.h $(srcdir)/zonec.h $(srcdir)/nsec3.h $(srcdir)/difffile.h $(srcdir)/nsd.h $(srcdir)/edns.h \ + $(srcdir)/bitset.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/ixfrcreate.h dbcreate.o: $(srcdir)/dbcreate.c config.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/udb.h $(srcdir)/udbradtree.h \ - $(srcdir)/udbzone.h $(srcdir)/options.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/ixfr.h -difffile.o: $(srcdir)/difffile.c config.h $(srcdir)/difffile.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h \ - $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/udb.h \ - $(srcdir)/xfrd-disk.h $(srcdir)/packet.h $(srcdir)/rdata.h $(srcdir)/udbzone.h $(srcdir)/udbradtree.h $(srcdir)/nsec3.h $(srcdir)/nsd.h $(srcdir)/edns.h \ - $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/tsig.h $(srcdir)/ixfr.h $(srcdir)/zonec.h -dname.o: $(srcdir)/dname.c config.h $(srcdir)/dns.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \ - $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h $(srcdir)/tsig.h -dns.o: $(srcdir)/dns.c config.h $(srcdir)/dns.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h zparser.h -edns.o: $(srcdir)/edns.c config.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h \ - $(srcdir)/nsd.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/tsig.h -ipc.o: $(srcdir)/ipc.c config.h $(srcdir)/ipc.h $(srcdir)/netio.h $(srcdir)/region-allocator.h $(srcdir)/buffer.h $(srcdir)/util.h \ - $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h \ - $(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/xfrd-notify.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/rrl.h $(srcdir)/query.h \ - $(srcdir)/packet.h -iterated_hash.o: $(srcdir)/iterated_hash.c config.h $(srcdir)/iterated_hash.h + $(srcdir)/udbzone.h $(srcdir)/options.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/tsig.h +difffile.o: $(srcdir)/difffile.c config.h $(srcdir)/difffile.h $(srcdir)/rbtree.h \ + $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h \ + $(srcdir)/options.h $(srcdir)/udb.h $(srcdir)/xfrd-disk.h $(srcdir)/packet.h $(srcdir)/rdata.h $(srcdir)/udbzone.h $(srcdir)/udbradtree.h \ + $(srcdir)/nsec3.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/tsig.h $(srcdir)/ixfr.h $(srcdir)/zonec.h +dname.o: $(srcdir)/dname.c config.h $(srcdir)/dns.h $(srcdir)/dname.h $(srcdir)/buffer.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h \ + $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h +dns.o: $(srcdir)/dns.c config.h $(srcdir)/dns.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h zparser.h +edns.o: $(srcdir)/edns.c config.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/bitset.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/tsig.h +ipc.o: $(srcdir)/ipc.c config.h $(srcdir)/ipc.h $(srcdir)/netio.h $(srcdir)/region-allocator.h \ + $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/xfrd-notify.h \ + $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/packet.h +iterated_hash.o: $(srcdir)/iterated_hash.c config.h $(srcdir)/iterated_hash.h \ + $(srcdir)/util.h +ixfr.o: $(srcdir)/ixfr.c config.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h \ + $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/rdata.h $(srcdir)/axfr.h $(srcdir)/options.h $(srcdir)/zonec.h +ixfrcreate.o: $(srcdir)/ixfrcreate.c config.h $(srcdir)/ixfrcreate.h $(srcdir)/dns.h \ + $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h \ + $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/options.h lookup3.o: $(srcdir)/lookup3.c config.h $(srcdir)/lookup3.h -mini_event.o: $(srcdir)/mini_event.c config.h -namedb.o: $(srcdir)/namedb.c config.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \ - $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsec3.h -netio.o: $(srcdir)/netio.c config.h $(srcdir)/netio.h $(srcdir)/region-allocator.h $(srcdir)/util.h -nsd.o: $(srcdir)/nsd.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \ - $(srcdir)/util.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/tsig.h $(srcdir)/dname.h $(srcdir)/remote.h $(srcdir)/xfrd-disk.h \ - $(srcdir)/dnstap/dnstap_collector.h +mini_event.o: $(srcdir)/mini_event.c config.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h +namedb.o: $(srcdir)/namedb.c config.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsec3.h +netio.o: $(srcdir)/netio.c config.h $(srcdir)/netio.h $(srcdir)/region-allocator.h \ + $(srcdir)/util.h +nsd.o: $(srcdir)/nsd.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/tsig.h $(srcdir)/dname.h \ + $(srcdir)/remote.h $(srcdir)/xfrd-disk.h $(srcdir)/dnstap/dnstap_collector.h nsd-checkconf.o: $(srcdir)/nsd-checkconf.c config.h $(srcdir)/tsig.h $(srcdir)/buffer.h \ $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/rrl.h $(srcdir)/query.h \ - $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h -nsd-checkzone.o: $(srcdir)/nsd-checkzone.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h \ - $(srcdir)/radtree.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/ixfrcreate.h $(srcdir)/difffile.h $(srcdir)/udb.h -nsd-control.o: $(srcdir)/nsd-control.c config.h $(srcdir)/util.h $(srcdir)/tsig.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/zonec.h + $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h +nsd-checkzone.o: $(srcdir)/nsd-checkzone.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h \ + $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/options.h $(srcdir)/rbtree.h \ + $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/tsig.h \ + $(srcdir)/ixfrcreate.h $(srcdir)/difffile.h $(srcdir)/udb.h +nsd-control.o: $(srcdir)/nsd-control.c config.h $(srcdir)/util.h $(srcdir)/tsig.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/zonec.h $(srcdir)/namedb.h \ + $(srcdir)/dns.h $(srcdir)/radtree.h nsd-mem.o: $(srcdir)/nsd-mem.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/tsig.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/namedb.h \ - $(srcdir)/radtree.h $(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/udbradtree.h -nsec3.o: $(srcdir)/nsec3.c config.h $(srcdir)/nsec3.h $(srcdir)/iterated_hash.h $(srcdir)/namedb.h $(srcdir)/dname.h \ - $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h \ - $(srcdir)/answer.h $(srcdir)/packet.h $(srcdir)/query.h $(srcdir)/tsig.h $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/options.h -options.o: $(srcdir)/options.c config.h $(srcdir)/options.h $(srcdir)/region-allocator.h $(srcdir)/rbtree.h \ - $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h \ - $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/rrl.h configparser.h -packet.o: $(srcdir)/packet.c config.h $(srcdir)/packet.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/query.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/tsig.h \ - $(srcdir)/rdata.h -popen3.o: $(srcdir)/popen3.c $(srcdir)/popen3.h -query.o: $(srcdir)/query.c config.h $(srcdir)/answer.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/query.h $(srcdir)/nsd.h \ - $(srcdir)/edns.h $(srcdir)/tsig.h $(srcdir)/axfr.h $(srcdir)/options.h $(srcdir)/nsec3.h -radtree.o: $(srcdir)/radtree.c config.h $(srcdir)/radtree.h $(srcdir)/util.h $(srcdir)/region-allocator.h + $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/tsig.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h \ + $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/udbradtree.h +nsec3.o: $(srcdir)/nsec3.c config.h $(srcdir)/nsec3.h $(srcdir)/iterated_hash.h \ + $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h \ + $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/answer.h $(srcdir)/packet.h $(srcdir)/query.h $(srcdir)/tsig.h \ + $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/options.h +options.o: $(srcdir)/options.c config.h $(srcdir)/options.h \ + $(srcdir)/region-allocator.h $(srcdir)/rbtree.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h \ + $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/ixfr.h $(srcdir)/difffile.h \ + $(srcdir)/udb.h $(srcdir)/rrl.h configparser.h +packet.o: $(srcdir)/packet.c config.h $(srcdir)/packet.h $(srcdir)/dns.h $(srcdir)/namedb.h \ + $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/query.h \ + $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/tsig.h $(srcdir)/rdata.h +popen3.o: $(srcdir)/popen3.c config.h $(srcdir)/popen3.h +query.o: $(srcdir)/query.c config.h $(srcdir)/answer.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/query.h \ + $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/tsig.h $(srcdir)/axfr.h $(srcdir)/options.h $(srcdir)/nsec3.h +radtree.o: $(srcdir)/radtree.c config.h $(srcdir)/radtree.h $(srcdir)/util.h \ + $(srcdir)/region-allocator.h rbtree.o: $(srcdir)/rbtree.c config.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h -rdata.o: $(srcdir)/rdata.c config.h $(srcdir)/rdata.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/zonec.h -region-allocator.o: $(srcdir)/region-allocator.c config.h $(srcdir)/region-allocator.h $(srcdir)/util.h -remote.o: $(srcdir)/remote.c config.h $(srcdir)/remote.h $(srcdir)/util.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h \ - $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h \ - $(srcdir)/tsig.h $(srcdir)/xfrd-notify.h $(srcdir)/xfrd-tcp.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/ipc.h \ - $(srcdir)/netio.h -rrl.o: $(srcdir)/rrl.c config.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h \ - $(srcdir)/tsig.h $(srcdir)/lookup3.h $(srcdir)/options.h -server.o: $(srcdir)/server.c config.h $(srcdir)/axfr.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/rbtree.h \ - $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/netio.h $(srcdir)/xfrd.h $(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd-disk.h \ - $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/nsec3.h $(srcdir)/ipc.h $(srcdir)/remote.h $(srcdir)/lookup3.h $(srcdir)/dnstap/dnstap_collector.h $(srcdir)/rrl.h $(srcdir)/ixfr.h $(srcdir)/verify.h +rdata.o: $(srcdir)/rdata.c config.h $(srcdir)/rdata.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/zonec.h +region-allocator.o: $(srcdir)/region-allocator.c config.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h +remote.o: $(srcdir)/remote.c config.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \ + $(srcdir)/region-allocator.h $(srcdir)/remote.h $(srcdir)/util.h $(srcdir)/xfrd.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ + $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/xfrd-notify.h $(srcdir)/xfrd-tcp.h $(srcdir)/nsd.h $(srcdir)/edns.h \ + $(srcdir)/bitset.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/ipc.h $(srcdir)/netio.h +rrl.o: $(srcdir)/rrl.c config.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h \ + $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/lookup3.h $(srcdir)/options.h +server.o: $(srcdir)/server.c config.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \ + $(srcdir)/region-allocator.h $(srcdir)/axfr.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/bitset.h \ + $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/netio.h $(srcdir)/xfrd.h \ + $(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd-disk.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/nsec3.h $(srcdir)/ipc.h $(srcdir)/remote.h \ + $(srcdir)/lookup3.h $(srcdir)/rrl.h $(srcdir)/ixfr.h $(srcdir)/dnstap/dnstap_collector.h $(srcdir)/verify.h siphash.o: $(srcdir)/siphash.c -tsig.o: $(srcdir)/tsig.c config.h $(srcdir)/tsig.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h \ - $(srcdir)/tsig-openssl.h $(srcdir)/dns.h $(srcdir)/packet.h $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/query.h $(srcdir)/nsd.h \ - $(srcdir)/edns.h -tsig-openssl.o: $(srcdir)/tsig-openssl.c config.h $(srcdir)/tsig-openssl.h $(srcdir)/region-allocator.h \ - $(srcdir)/tsig.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dname.h +tsig.o: $(srcdir)/tsig.c config.h $(srcdir)/tsig.h $(srcdir)/buffer.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/tsig-openssl.h $(srcdir)/dns.h $(srcdir)/packet.h $(srcdir)/namedb.h \ + $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/query.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h +tsig-openssl.o: $(srcdir)/tsig-openssl.c config.h $(srcdir)/tsig-openssl.h \ + $(srcdir)/region-allocator.h $(srcdir)/tsig.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dname.h udb.o: $(srcdir)/udb.c config.h $(srcdir)/udb.h $(srcdir)/lookup3.h $(srcdir)/util.h -udbradtree.o: $(srcdir)/udbradtree.c config.h $(srcdir)/udbradtree.h $(srcdir)/udb.h $(srcdir)/radtree.h -udbzone.o: $(srcdir)/udbzone.c config.h $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/dns.h $(srcdir)/udbradtree.h $(srcdir)/util.h \ - $(srcdir)/iterated_hash.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/difffile.h $(srcdir)/rbtree.h \ - $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/options.h -util.o: $(srcdir)/util.c config.h $(srcdir)/util.h $(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/buffer.h \ - $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/zonec.h -bitset.o: $(srcdir)/bitset.c $(srcdir)/bitset.h -verify.o: $(srcdir)/verify.c config.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ - $(srcdir)/util.h config.h $(srcdir)/dns.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/options.h $(srcdir)/difffile.h \ - $(srcdir)/netio.h $(srcdir)/verify.h -xfrd.o: $(srcdir)/xfrd.c config.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h \ - $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/xfrd-tcp.h \ - $(srcdir)/xfrd-disk.h $(srcdir)/xfrd-notify.h $(srcdir)/netio.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h $(srcdir)/rdata.h \ - $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/ipc.h $(srcdir)/remote.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/dnstap/dnstap_collector.h -xfrd-disk.o: $(srcdir)/xfrd-disk.c config.h $(srcdir)/xfrd-disk.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h \ +udbradtree.o: $(srcdir)/udbradtree.c config.h $(srcdir)/udbradtree.h $(srcdir)/udb.h \ + $(srcdir)/radtree.h +udbzone.o: $(srcdir)/udbzone.c config.h $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/dns.h \ + $(srcdir)/udbradtree.h $(srcdir)/util.h $(srcdir)/iterated_hash.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \ + $(srcdir)/difffile.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/options.h +util.o: $(srcdir)/util.c config.h $(srcdir)/util.h $(srcdir)/region-allocator.h $(srcdir)/dname.h \ + $(srcdir)/buffer.h $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/zonec.h $(srcdir)/nsd.h $(srcdir)/edns.h \ + $(srcdir)/bitset.h +verify.o: $(srcdir)/verify.c config.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h \ + $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h \ + $(srcdir)/options.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/verify.h $(srcdir)/mini_event.h $(srcdir)/popen3.h +xfrd.o: $(srcdir)/xfrd.c config.h $(srcdir)/xfrd.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \ $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h \ - $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h -xfrd-notify.o: $(srcdir)/xfrd-notify.c config.h $(srcdir)/xfrd-notify.h $(srcdir)/tsig.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/rbtree.h $(srcdir)/xfrd.h $(srcdir)/namedb.h $(srcdir)/dns.h \ - $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/packet.h -xfrd-tcp.o: $(srcdir)/xfrd-tcp.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h \ - $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/packet.h $(srcdir)/xfrd-disk.h -xfr-inspect.o: $(srcdir)/xfr-inspect.c config.h $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/dns.h $(srcdir)/udbradtree.h \ - $(srcdir)/util.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/packet.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h \ - $(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/difffile.h $(srcdir)/options.h -zlexer.o: zlexer.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h zparser.h -zonec.o: $(srcdir)/zonec.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h zparser.h \ - $(srcdir)/options.h $(srcdir)/nsec3.h -zparser.o: zparser.c config.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h \ - $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/zonec.h + $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd-disk.h $(srcdir)/xfrd-notify.h $(srcdir)/netio.h $(srcdir)/nsd.h \ + $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/rdata.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/ipc.h $(srcdir)/remote.h $(srcdir)/rrl.h \ + $(srcdir)/query.h $(srcdir)/dnstap/dnstap_collector.h +xfrd-disk.o: $(srcdir)/xfrd-disk.c config.h $(srcdir)/xfrd-disk.h $(srcdir)/xfrd.h \ + $(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ + $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h +xfrd-notify.o: $(srcdir)/xfrd-notify.c config.h $(srcdir)/xfrd-notify.h \ + $(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/tsig.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dname.h \ + $(srcdir)/xfrd.h $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/packet.h +xfrd-tcp.o: $(srcdir)/xfrd-tcp.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h \ + $(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h \ + $(srcdir)/packet.h $(srcdir)/xfrd-disk.h +xfr-inspect.o: $(srcdir)/xfr-inspect.c config.h $(srcdir)/udbzone.h $(srcdir)/udb.h \ + $(srcdir)/dns.h $(srcdir)/udbradtree.h $(srcdir)/util.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/packet.h $(srcdir)/namedb.h \ + $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/difffile.h $(srcdir)/options.h +zlexer.o: zlexer.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h zparser.h +zonec.o: $(srcdir)/zonec.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h \ + zparser.h $(srcdir)/options.h $(srcdir)/nsec3.h +zparser.o: zparser.c config.h $(srcdir)/dname.h $(srcdir)/buffer.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/zonec.h \ + zparser.h b64_ntop.o: $(srcdir)/compat/b64_ntop.c config.h b64_pton.o: $(srcdir)/compat/b64_pton.c config.h basename.o: $(srcdir)/compat/basename.c -fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h -cpuset.o: $(srcdir)/compat/cpuset.c $(srcdir)/compat/cpuset.h config.h +cpuset.o: $(srcdir)/compat/cpuset.c config.h +explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h +fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h \ + inet_aton.o: $(srcdir)/compat/inet_aton.c config.h inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h inet_pton.o: $(srcdir)/compat/inet_pton.c config.h @@ -550,29 +584,39 @@ memcmp.o: $(srcdir)/compat/memcmp.c config.h memmove.o: $(srcdir)/compat/memmove.c config.h pselect.o: $(srcdir)/compat/pselect.c config.h reallocarray.o: $(srcdir)/compat/reallocarray.c config.h +setproctitle.o: $(srcdir)/compat/setproctitle.c config.h snprintf.o: $(srcdir)/compat/snprintf.c config.h strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.o: $(srcdir)/compat/strlcpy.c config.h strptime.o: $(srcdir)/compat/strptime.c -setproctitle.o: $(srcdir)/compat/setproctitle.c config.h -explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h -cutest.o: $(srcdir)/tpkg/cutest/cutest.c config.h $(srcdir)/tpkg/cutest/cutest.h -cutest_dname.o: $(srcdir)/tpkg/cutest/cutest_dname.c config.h $(srcdir)/tpkg/cutest/cutest.h \ - $(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h -cutest_dns.o: $(srcdir)/tpkg/cutest/cutest_dns.c config.h $(srcdir)/tpkg/cutest/cutest.h \ - $(srcdir)/region-allocator.h $(srcdir)/dns.h +cutest_bitset.o: $(srcdir)/tpkg/cutest/cutest_bitset.c $(srcdir)/bitset.h \ + $(srcdir)/tpkg/cutest/cutest.h +cutest.o: $(srcdir)/tpkg/cutest/cutest.c config.h \ + $(srcdir)/tpkg/cutest/cutest.h +cutest_dname.o: $(srcdir)/tpkg/cutest/cutest_dname.c config.h \ + $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/buffer.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h +cutest_dns.o: $(srcdir)/tpkg/cutest/cutest_dns.c config.h \ + $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/dns.h +cutest_event.o: $(srcdir)/tpkg/cutest/cutest_event.c config.h \ + $(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \ + $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/tpkg/cutest/cutest.h cutest_iterated_hash.o: $(srcdir)/tpkg/cutest/cutest_iterated_hash.c config.h \ - $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/iterated_hash.h $(srcdir)/dname.h \ - $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h + $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/util.h \ + $(srcdir)/iterated_hash.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h +cutest_iter.o: $(srcdir)/tpkg/cutest/cutest_iter.c config.h $(srcdir)/nsd.h \ + $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/options.h \ + $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/tpkg/cutest/cutest.h cutest_namedb.o: $(srcdir)/tpkg/cutest/cutest_namedb.c config.h \ - $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/options.h config.h \ - $(srcdir)/region-allocator.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h \ - $(srcdir)/radtree.h $(srcdir)/nsec3.h $(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/difffile.h $(srcdir)/namedb.h \ - $(srcdir)/options.h $(srcdir)/zonec.h $(srcdir)/nsd.h $(srcdir)/edns.h + $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/options.h $(srcdir)/region-allocator.h \ + $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsec3.h $(srcdir)/udb.h \ + $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/difffile.h $(srcdir)/namedb.h $(srcdir)/options.h $(srcdir)/zonec.h $(srcdir)/nsd.h \ + $(srcdir)/edns.h $(srcdir)/bitset.h cutest_options.o: $(srcdir)/tpkg/cutest/cutest_options.c config.h \ - $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/options.h config.h \ - $(srcdir)/region-allocator.h $(srcdir)/rbtree.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/dns.h \ - $(srcdir)/edns.h + $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/options.h $(srcdir)/region-allocator.h \ + $(srcdir)/rbtree.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/bitset.h +cutest_popen3.o: $(srcdir)/tpkg/cutest/cutest_popen3.c config.h \ + $(srcdir)/popen3.h $(srcdir)/tpkg/cutest/cutest.h cutest_radtree.o: $(srcdir)/tpkg/cutest/cutest_radtree.c config.h \ $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/radtree.h $(srcdir)/region-allocator.h $(srcdir)/util.h cutest_rbtree.o: $(srcdir)/tpkg/cutest/cutest_rbtree.c config.h \ @@ -580,23 +624,27 @@ cutest_rbtree.o: $(srcdir)/tpkg/cutest/cutest_rbtree.c config.h \ cutest_region.o: $(srcdir)/tpkg/cutest/cutest_region.c config.h \ $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/rbtree.h \ $(srcdir)/region-allocator.h -cutest_rrl.o: $(srcdir)/tpkg/cutest/cutest_rrl.c config.h $(srcdir)/tpkg/cutest/cutest.h \ - $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h \ - $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h $(srcdir)/tsig.h -cutest_run.o: $(srcdir)/tpkg/cutest/cutest_run.c config.h $(srcdir)/tpkg/cutest/cutest.h \ - $(srcdir)/tpkg/cutest/qtest.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/dns.h \ - $(srcdir)/edns.h $(srcdir)/buffer.h -cutest_udb.o: $(srcdir)/tpkg/cutest/cutest_udb.c config.h $(srcdir)/tpkg/cutest/cutest.h \ - $(srcdir)/udb.h +cutest_rrl.o: $(srcdir)/tpkg/cutest/cutest_rrl.c config.h \ + $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h \ + $(srcdir)/packet.h $(srcdir)/tsig.h +cutest_run.o: $(srcdir)/tpkg/cutest/cutest_run.c config.h \ + $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/tpkg/cutest/qtest.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \ + $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/bitset.h +cutest_udb.o: $(srcdir)/tpkg/cutest/cutest_udb.c config.h \ + $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/udb.h cutest_udbrad.o: $(srcdir)/tpkg/cutest/cutest_udbrad.c config.h \ $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/udbradtree.h $(srcdir)/udb.h -cutest_util.o: $(srcdir)/tpkg/cutest/cutest_util.c config.h $(srcdir)/tpkg/cutest/cutest.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h -qtest.o: $(srcdir)/tpkg/cutest/qtest.c config.h $(srcdir)/tpkg/cutest/qtest.h $(srcdir)/buffer.h \ - $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/dns.h \ - $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/namedb.h $(srcdir)/util.h $(srcdir)/nsec3.h \ - $(srcdir)/options.h config.h $(srcdir)/packet.h $(srcdir)/dname.h $(srcdir)/rdata.h -udb-inspect.o: $(srcdir)/tpkg/cutest/udb-inspect.c config.h $(srcdir)/udb.h $(srcdir)/udbradtree.h \ - $(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/dns.h $(srcdir)/udbradtree.h $(srcdir)/util.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \ - $(srcdir)/util.h $(srcdir)/packet.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h \ - $(srcdir)/namedb.h $(srcdir)/difffile.h $(srcdir)/options.h config.h +cutest_util.o: $(srcdir)/tpkg/cutest/cutest_util.c config.h \ + $(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h \ + $(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ + $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h +popen3_echo.o: $(srcdir)/tpkg/cutest/popen3_echo.c +qtest.o: $(srcdir)/tpkg/cutest/qtest.c config.h $(srcdir)/tpkg/cutest/qtest.h \ + $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ + $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/namedb.h \ + $(srcdir)/util.h $(srcdir)/nsec3.h $(srcdir)/options.h $(srcdir)/packet.h $(srcdir)/dname.h $(srcdir)/rdata.h +udb-inspect.o: $(srcdir)/tpkg/cutest/udb-inspect.c config.h $(srcdir)/udb.h \ + $(srcdir)/udbradtree.h $(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/dns.h $(srcdir)/udbradtree.h $(srcdir)/util.h $(srcdir)/buffer.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/packet.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/radtree.h \ + $(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/namedb.h $(srcdir)/difffile.h $(srcdir)/options.h diff --git a/usr.sbin/nsd/README.md b/usr.sbin/nsd/README.md index 3fa56a21f..4f1dfd8a2 100644 --- a/usr.sbin/nsd/README.md +++ b/usr.sbin/nsd/README.md @@ -1,9 +1,9 @@ # NSD -[![Travis Build Status](https://travis-ci.org/NLnetLabs/nsd.svg?branch=master)](https://travis-ci.org/NLnetLabs/nsd) -[![Cirrus Build Status](https://api.cirrus-ci.com/github/NLnetLabs/nsd.svg)](https://cirrus-ci.com/github/NLnetLabs/nsd) +[![Cirrus Build Status](https://api.cirrus-ci.com/github/NLnetLabs/nsd.svg?branch=master)](https://cirrus-ci.com/github/NLnetLabs/nsd) [![Packaging status](https://repology.org/badge/tiny-repos/nsd.svg)](https://repology.org/project/nsd/versions) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1462/badge)](https://bestpractices.coreinfrastructure.org/projects/1462) +[![Mastodon Follow](https://img.shields.io/mastodon/follow/109262826617293067?domain=https%3A%2F%2Ffosstodon.org&style=social)](https://fosstodon.org/@nlnetlabs) The NLnet Labs Name Server Daemon (NSD) is an authoritative DNS name server. It has been developed for operations in environments where speed, @@ -28,7 +28,7 @@ The repository does not contain `./configure`, but you can generate it like this (note that the `./configure` is included in release tarballs so they do not have to be generated): ``` -aclocal && autoconf && autoheader +autoreconf -fi ``` NSD can be compiled and installed using: diff --git a/usr.sbin/nsd/acx_nlnetlabs.m4 b/usr.sbin/nsd/acx_nlnetlabs.m4 index cf436ec54..f27615bd8 100644 --- a/usr.sbin/nsd/acx_nlnetlabs.m4 +++ b/usr.sbin/nsd/acx_nlnetlabs.m4 @@ -2,7 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 44 +# Version 46 +# 2023-05-04 fix to remove unused whitespace. +# 2023-01-26 fix -Wstrict-prototypes. # 2022-09-01 fix checking if nonblocking sockets work on OpenBSD. # 2021-08-17 fix sed script in ssldir split handling. # 2021-08-17 fix for openssl to detect split version, with ssldir_include @@ -187,7 +189,7 @@ dnl cache=`echo $1 | sed 'y%.=/+- %___p__%'` AC_CACHE_VAL(cv_prog_cc_flag_needed_$cache, [ echo '$2' > conftest.c -echo 'void f(){}' >>conftest.c +echo 'void f(void){}' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else @@ -233,7 +235,7 @@ dnl DEPFLAG: set to flag that generates dependencies. AC_DEFUN([ACX_DEPFLAG], [ AC_MSG_CHECKING([$CC dependency flag]) -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then DEPFLAG="-MM" else @@ -272,7 +274,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAUL #include #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -309,7 +311,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAUL #include #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -335,7 +337,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG, [ #include #include -int test() { +int test(void) { int a = 0; return a; } @@ -345,7 +347,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE -D_DEFAULT_SOURCE, [ #include -int test() { +int test(void) { int a; a = isascii(32); return a; @@ -356,7 +358,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE, [ #include -int test() { +int test(void) { struct in6_pktinfo inf; int a = (int)sizeof(inf); return a; @@ -370,7 +372,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE -D_FRSRESGID, [ #include -int test() { +int test(void) { int a = setresgid(0,0,0); a = setresuid(0,0,0); return a; @@ -385,7 +387,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_POSIX_C_SOURCE=200112, #endif #include -int test() { +int test(void) { int a = 0; char *t; time_t time = 0; @@ -413,7 +415,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D__EXTENSIONS__, #include #endif -int test() { +int test(void) { int a; char **opts = NULL; struct timeval tv; @@ -475,7 +477,7 @@ fi dnl Setup ATTR_FORMAT config.h parts. dnl make sure you call ACX_CHECK_FORMAT_ATTRIBUTE also. AC_DEFUN([AHX_CONFIG_FORMAT_ATTRIBUTE], -[ +[ #ifdef HAVE_ATTR_FORMAT # define ATTR_FORMAT(archetype, string_index, first_to_check) \ __attribute__ ((format (archetype, string_index, first_to_check))) @@ -834,7 +836,7 @@ dnl try to see if an additional _LARGEFILE_SOURCE 1 is needed to get fseeko ACX_CHECK_COMPILER_FLAG_NEEDED(-D_LARGEFILE_SOURCE=1, [ #include -int test() { +int test(void) { int a = fseeko(stdin, 0, 0); return a; } @@ -859,7 +861,7 @@ char* (*f) () = getaddrinfo; #ifdef __cplusplus } #endif -int main() { +int main(void) { ; return 0; } @@ -923,7 +925,7 @@ cache=`echo $1 | sed 'y%.=/+-%___p_%'` AC_CACHE_VAL(cv_cc_deprecated_$cache, [ echo '$3' >conftest.c -echo 'void f(){ $2 }' >>conftest.c +echo 'void f(void){ $2 }' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then eval "cv_cc_deprecated_$cache=no" else @@ -1317,7 +1319,7 @@ AC_DEFUN([AHX_CONFIG_W32_FD_SET_T], #ifdef HAVE_WINSOCK2_H #define FD_SET_T (u_int) #else -#define FD_SET_T +#define FD_SET_T #endif ]) @@ -1355,7 +1357,7 @@ dnl $3: define value, 1 AC_DEFUN([AHX_CONFIG_FLAG_OMITTED], [#if defined($1) && !defined($2) #define $2 $3 -[#]endif ]) +[#]endif]) dnl Wrapper for AHX_CONFIG_FLAG_OMITTED for -D style flags dnl $1: the -DNAME or -DNAME=value string. diff --git a/usr.sbin/nsd/answer.h b/usr.sbin/nsd/answer.h index acb3665af..43ae584b9 100644 --- a/usr.sbin/nsd/answer.h +++ b/usr.sbin/nsd/answer.h @@ -7,8 +7,8 @@ * */ -#ifndef _ANSWER_H_ -#define _ANSWER_H_ +#ifndef ANSWER_H +#define ANSWER_H #include @@ -44,4 +44,4 @@ int answer_add_rrset(answer_type *answer, rr_section_type section, domain_type *domain, rrset_type *rrset); -#endif /* _ANSWER_H_ */ +#endif /* ANSWER_H */ diff --git a/usr.sbin/nsd/axfr.c b/usr.sbin/nsd/axfr.c index dbf3eef91..10f3802f1 100644 --- a/usr.sbin/nsd/axfr.c +++ b/usr.sbin/nsd/axfr.c @@ -116,11 +116,25 @@ query_axfr(struct nsd *nsd, struct query *query, int wstats) && query->axfr_current_rrset->zone == query->axfr_zone) { while (query->axfr_current_rr < query->axfr_current_rrset->rr_count) { + size_t oldmaxlen = query->maxlen; + if(total_added == 0) + /* RR > 16K can be first RR */ + query->maxlen = (query->tcp?TCP_MAX_MESSAGE_LEN:UDP_MAX_MESSAGE_LEN); added = packet_encode_rr( query, query->axfr_current_domain, &query->axfr_current_rrset->rrs[query->axfr_current_rr], query->axfr_current_rrset->rrs[query->axfr_current_rr].ttl); + if(total_added == 0) { + query->maxlen = oldmaxlen; + if(query_overflow(query)) { + if(added) { + ++total_added; + ++query->axfr_current_rr; + goto return_answer; + } + } + } if (!added) goto return_answer; ++total_added; diff --git a/usr.sbin/nsd/axfr.h b/usr.sbin/nsd/axfr.h index 105cd5362..7f80d1838 100644 --- a/usr.sbin/nsd/axfr.h +++ b/usr.sbin/nsd/axfr.h @@ -7,8 +7,8 @@ * */ -#ifndef _AXFR_H_ -#define _AXFR_H_ +#ifndef AXFR_H +#define AXFR_H #include "nsd.h" #include "query.h" @@ -22,4 +22,4 @@ query_state_type answer_axfr_ixfr(struct nsd *nsd, struct query *q); query_state_type query_axfr(struct nsd *nsd, struct query *query, int wstats); -#endif /* _AXFR_H_ */ +#endif /* AXFR_H */ diff --git a/usr.sbin/nsd/bitset.h b/usr.sbin/nsd/bitset.h index 85ed3bfb1..ddd974765 100644 --- a/usr.sbin/nsd/bitset.h +++ b/usr.sbin/nsd/bitset.h @@ -6,8 +6,8 @@ * See LICENSE for the license. * */ -#ifndef _BITSET_H_ -#define _BITSET_H_ +#ifndef BITSET_H +#define BITSET_H #include #include @@ -37,4 +37,4 @@ void nsd_bitset_or( struct nsd_bitset *srcset1, struct nsd_bitset *srcset2); -#endif /* _BITSET_H_ */ +#endif /* BITSET_H */ diff --git a/usr.sbin/nsd/buffer.h b/usr.sbin/nsd/buffer.h index 9e17bc958..9cf532147 100644 --- a/usr.sbin/nsd/buffer.h +++ b/usr.sbin/nsd/buffer.h @@ -10,8 +10,8 @@ * the java.nio.Buffer interface. */ -#ifndef _BUFFER_H_ -#define _BUFFER_H_ +#ifndef BUFFER_H +#define BUFFER_H #include #include @@ -411,4 +411,4 @@ buffer_read_u64(buffer_type *buffer) int buffer_printf(buffer_type *buffer, const char *format, ...) ATTR_FORMAT(printf, 2, 3); -#endif /* _BUFFER_H_ */ +#endif /* BUFFER_H */ diff --git a/usr.sbin/nsd/config.h.in b/usr.sbin/nsd/config.h.in index 741669c83..96b7fa15c 100644 --- a/usr.sbin/nsd/config.h.in +++ b/usr.sbin/nsd/config.h.in @@ -592,9 +592,6 @@ safely assume C89 semantics that RETSIGTYPE is void.' */ #undef RETSIGTYPE -/* Define this to configure as a root server. */ -#undef ROOT_SERVER - /* The size of `off_t', as computed by sizeof. */ #undef SIZEOF_OFF_T diff --git a/usr.sbin/nsd/configlexer.lex b/usr.sbin/nsd/configlexer.lex index 65b635cbc..836dd8009 100644 --- a/usr.sbin/nsd/configlexer.lex +++ b/usr.sbin/nsd/configlexer.lex @@ -272,6 +272,12 @@ zonefiles-write{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ZONEFILES_WRITE; dnstap{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP;} dnstap-enable{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_ENABLE;} dnstap-socket-path{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_SOCKET_PATH; } +dnstap-ip{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_IP; } +dnstap-tls{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_TLS; } +dnstap-tls-server-name{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_TLS_SERVER_NAME; } +dnstap-tls-cert-bundle{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_TLS_CERT_BUNDLE; } +dnstap-tls-client-key-file{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_TLS_CLIENT_KEY_FILE; } +dnstap-tls-client-cert-file{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_TLS_CLIENT_CERT_FILE; } dnstap-send-identity{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_SEND_IDENTITY; } dnstap-send-version{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_SEND_VERSION; } dnstap-identity{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_IDENTITY; } diff --git a/usr.sbin/nsd/configparser.y b/usr.sbin/nsd/configparser.y index f0d165c07..901c1ca2c 100644 --- a/usr.sbin/nsd/configparser.y +++ b/usr.sbin/nsd/configparser.y @@ -136,6 +136,12 @@ struct component { %token VAR_DNSTAP %token VAR_DNSTAP_ENABLE %token VAR_DNSTAP_SOCKET_PATH +%token VAR_DNSTAP_IP +%token VAR_DNSTAP_TLS +%token VAR_DNSTAP_TLS_SERVER_NAME +%token VAR_DNSTAP_TLS_CERT_BUNDLE +%token VAR_DNSTAP_TLS_CLIENT_KEY_FILE +%token VAR_DNSTAP_TLS_CLIENT_CERT_FILE %token VAR_DNSTAP_SEND_IDENTITY %token VAR_DNSTAP_SEND_VERSION %token VAR_DNSTAP_IDENTITY @@ -615,6 +621,18 @@ dnstap_option: { cfg_parser->opt->dnstap_enable = $2; } | VAR_DNSTAP_SOCKET_PATH STRING { cfg_parser->opt->dnstap_socket_path = region_strdup(cfg_parser->opt->region, $2); } + | VAR_DNSTAP_IP STRING + { cfg_parser->opt->dnstap_ip = region_strdup(cfg_parser->opt->region, $2); } + | VAR_DNSTAP_TLS boolean + { cfg_parser->opt->dnstap_tls = $2; } + | VAR_DNSTAP_TLS_SERVER_NAME STRING + { cfg_parser->opt->dnstap_tls_server_name = region_strdup(cfg_parser->opt->region, $2); } + | VAR_DNSTAP_TLS_CERT_BUNDLE STRING + { cfg_parser->opt->dnstap_tls_cert_bundle = region_strdup(cfg_parser->opt->region, $2); } + | VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING + { cfg_parser->opt->dnstap_tls_client_key_file = region_strdup(cfg_parser->opt->region, $2); } + | VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING + { cfg_parser->opt->dnstap_tls_client_cert_file = region_strdup(cfg_parser->opt->region, $2); } | VAR_DNSTAP_SEND_IDENTITY boolean { cfg_parser->opt->dnstap_send_identity = $2; } | VAR_DNSTAP_SEND_VERSION boolean diff --git a/usr.sbin/nsd/configure b/usr.sbin/nsd/configure index f73475c2c..950d5849d 100644 --- a/usr.sbin/nsd/configure +++ b/usr.sbin/nsd/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for NSD 4.6.1. +# Generated by GNU Autoconf 2.69 for NSD 4.7.0. # # Report bugs to . # @@ -580,8 +580,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='NSD' PACKAGE_TARNAME='nsd' -PACKAGE_VERSION='4.6.1' -PACKAGE_STRING='NSD 4.6.1' +PACKAGE_VERSION='4.7.0' +PACKAGE_STRING='NSD 4.7.0' PACKAGE_BUGREPORT='nsd-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -1328,7 +1328,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures NSD 4.6.1 to adapt to many kinds of systems. +\`configure' configures NSD 4.7.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1390,7 +1390,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of NSD 4.6.1:";; + short | recursive ) echo "Configuration of NSD 4.7.0:";; esac cat <<\_ACEOF @@ -1407,7 +1407,7 @@ Optional Features: --enable-recvmmsg Enable recvmmsg and sendmmsg compilation, faster but some kernel versions may have implementation problems for IPv6 - --enable-root-server Configure NSD as a root server + --enable-root-server Configure NSD as a root server (obsolete) --disable-ipv6 Disables IPv6 support --enable-bind8-stats Enables BIND8 like NSTATS & XSTATS and statistics in nsd-control @@ -1563,7 +1563,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -NSD configure 4.6.1 +NSD configure 4.7.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2272,7 +2272,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by NSD $as_me 4.6.1, which was +It was created by NSD $as_me 4.7.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -8057,6 +8057,9 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#ifdef HAVE_UNISTD_H +#include +#endif #include #include int main(void) @@ -8093,6 +8096,9 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#ifdef HAVE_UNISTD_H +#include +#endif #include #include int main(void) @@ -8836,17 +8842,6 @@ if test "${enable_root_server+set}" = set; then : enableval=$enable_root_server; fi -case "$enable_root_server" in - yes) - -cat >>confdefs.h <<_ACEOF -#define ROOT_SERVER /**/ -_ACEOF - - ;; - no|*) - ;; -esac # Check whether --enable-ipv6 was given. if test "${enable_ipv6+set}" = set; then : @@ -8921,7 +8916,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then : $as_echo_n "(cached) " >&6 else -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test -z "`$CC -W -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else @@ -8952,7 +8947,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then : $as_echo_n "(cached) " >&6 else -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test -z "`$CC -Wall -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else @@ -8983,7 +8978,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then : $as_echo_n "(cached) " >&6 else -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test -z "`$CC -Wextra -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else @@ -9014,7 +9009,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then : $as_echo_n "(cached) " >&6 else -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test -z "`$CC -Wdeclaration-after-statement -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else @@ -9426,7 +9421,7 @@ else echo ' #include ' >conftest.c -echo 'void f(){ (void)SHA1_Init(NULL); }' >>conftest.c +echo 'void f(void){ (void)SHA1_Init(NULL); }' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then eval "cv_cc_deprecated_$cache=no" else @@ -9554,7 +9549,7 @@ else echo ' #include ' >conftest.c -echo 'void f(){ (void)ERR_load_SSL_strings(); }' >>conftest.c +echo 'void f(void){ (void)ERR_load_SSL_strings(); }' >>conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then eval "cv_cc_deprecated_$cache=no" else @@ -9585,8 +9580,6 @@ fi LIBS="$BAKLIBS" else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: No SSL, therefore remote-control is disabled" >&5 -$as_echo "$as_me: WARNING: No SSL, therefore remote-control is disabled" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: No SSL, therefore TLS is disabled" >&5 $as_echo "$as_me: WARNING: No SSL, therefore TLS is disabled" >&2;} fi @@ -10916,7 +10909,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by NSD $as_me 4.6.1, which was +This file was extended by NSD $as_me 4.7.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -10978,7 +10971,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -NSD config.status 4.6.1 +NSD config.status 4.7.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/usr.sbin/nsd/configure.ac b/usr.sbin/nsd/configure.ac index 337fd1a75..bd880566f 100644 --- a/usr.sbin/nsd/configure.ac +++ b/usr.sbin/nsd/configure.ac @@ -5,7 +5,7 @@ dnl sinclude(acx_nlnetlabs.m4) sinclude(dnstap/dnstap.m4) -AC_INIT([NSD],[4.6.1],[nsd-bugs@nlnetlabs.nl]) +AC_INIT([NSD],[4.7.0],[nsd-bugs@nlnetlabs.nl]) AC_CONFIG_HEADERS([config.h]) # @@ -296,7 +296,7 @@ AC_MSG_CHECKING(whether $CC supports -$1) cache=`echo $1 | $SED 'y%.=/+-%___p_%'` AC_CACHE_VAL(cv_prog_cc_flag_$cache, [ -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test -z "`$CC -$1 -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else @@ -698,6 +698,9 @@ case "$enable_recvmmsg" in yes) AC_CHECK_FUNC([recvmmsg], [ AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#ifdef HAVE_UNISTD_H +#include +#endif #include #include int main(void) @@ -714,6 +717,9 @@ AC_DEFINE([HAVE_RECVMMSG], [1], [Define if recvmmsg exists])] )]) AC_CHECK_FUNC([sendmmsg], [ AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#ifdef HAVE_UNISTD_H +#include +#endif #include #include int main(void) @@ -965,14 +971,7 @@ AC_DEFINE_UNQUOTED([TCP_TIMEOUT], $tcp_timeout, [Define to the default tcp timeo dnl dnl Features dnl -AC_ARG_ENABLE(root-server, AS_HELP_STRING([--enable-root-server],[Configure NSD as a root server])) -case "$enable_root_server" in - yes) - AC_DEFINE_UNQUOTED([ROOT_SERVER], [], [Define this to configure as a root server.]) - ;; - no|*) - ;; -esac +AC_ARG_ENABLE(root-server, AS_HELP_STRING([--enable-root-server],[Configure NSD as a root server (obsolete)])) AC_ARG_ENABLE(ipv6, AS_HELP_STRING([--disable-ipv6],[Disables IPv6 support])) case "$enable_ipv6" in @@ -1122,7 +1121,6 @@ AC_INCLUDES_DEFAULT LIBS="$BAKLIBS" else - AC_MSG_WARN([No SSL, therefore remote-control is disabled]) AC_MSG_WARN([No SSL, therefore TLS is disabled]) fi diff --git a/usr.sbin/nsd/dname.h b/usr.sbin/nsd/dname.h index 188ade18d..0d5dc4ac8 100644 --- a/usr.sbin/nsd/dname.h +++ b/usr.sbin/nsd/dname.h @@ -7,8 +7,8 @@ * */ -#ifndef _DNAME_H_ -#define _DNAME_H_ +#ifndef DNAME_H +#define DNAME_H #include #include @@ -381,4 +381,4 @@ char* wirelabel2str(const uint8_t* label); /** check if two uncompressed dnames of the same total length are equal */ int dname_equal_nocase(uint8_t* a, uint8_t* b, uint16_t len); -#endif /* _DNAME_H_ */ +#endif /* DNAME_H */ diff --git a/usr.sbin/nsd/dns.h b/usr.sbin/nsd/dns.h index 344e8cc48..924db3de0 100644 --- a/usr.sbin/nsd/dns.h +++ b/usr.sbin/nsd/dns.h @@ -7,8 +7,8 @@ * */ -#ifndef _DNS_H_ -#define _DNS_H_ +#ifndef DNS_H +#define DNS_H enum rr_section { QUESTION_SECTION, @@ -305,4 +305,4 @@ operator++(rr_section_type &lhs) } #endif /* __cplusplus */ -#endif /* _DNS_H_ */ +#endif /* DNS_H */ diff --git a/usr.sbin/nsd/dnstap/dnstap.c b/usr.sbin/nsd/dnstap/dnstap.c index 1f4dabff1..19543d755 100644 --- a/usr.sbin/nsd/dnstap/dnstap.c +++ b/usr.sbin/nsd/dnstap/dnstap.c @@ -53,6 +53,15 @@ #include "dnstap/dnstap.h" #include "dnstap/dnstap.pb-c.h" +#ifdef HAVE_SSL +#ifdef HAVE_OPENSSL_SSL_H +#include +#endif +#ifdef HAVE_OPENSSL_ERR_H +#include +#endif +#endif + #define DNSTAP_CONTENT_TYPE "protobuf:dnstap.Dnstap" #define DNSTAP_INITIAL_BUF_SIZE 256 @@ -120,6 +129,380 @@ dt_msg_init(const struct dt_env *env, } } +#ifdef HAVE_SSL +/** TLS writer object for fstrm. */ +struct dt_tls_writer { + /* ip address */ + char* ip; + /* if connected already */ + int connected; + /* file descriptor */ + int fd; + /* TLS context */ + SSL_CTX* ctx; + /* SSL transport */ + SSL* ssl; + /* the server name to authenticate */ + char* tls_server_name; +}; + +void log_crypto_err(const char* str); /* in server.c */ + +/* Create TLS writer object for fstrm. */ +static struct dt_tls_writer* +tls_writer_init(char* ip, char* tls_server_name, char* tls_cert_bundle, + char* tls_client_key_file, char* tls_client_cert_file) +{ + struct dt_tls_writer* dtw = (struct dt_tls_writer*)calloc(1, + sizeof(*dtw)); + if(!dtw) return NULL; + dtw->fd = -1; + dtw->ip = strdup(ip); + if(!dtw->ip) { + free(dtw); + return NULL; + } + dtw->ctx = SSL_CTX_new(SSLv23_client_method()); + if(!dtw->ctx) { + log_msg(LOG_ERR, "dnstap: SSL_CTX_new failed"); + free(dtw->ip); + free(dtw); + return NULL; + } +#if SSL_OP_NO_SSLv2 != 0 + if((SSL_CTX_set_options(dtw->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) + != SSL_OP_NO_SSLv2) { + log_msg(LOG_ERR, "dnstap: could not set SSL_OP_NO_SSLv2"); + SSL_CTX_free(dtw->ctx); + free(dtw->ip); + free(dtw); + return NULL; + } +#endif + if((SSL_CTX_set_options(dtw->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) + != SSL_OP_NO_SSLv3) { + log_msg(LOG_ERR, "dnstap: could not set SSL_OP_NO_SSLv3"); + SSL_CTX_free(dtw->ctx); + free(dtw->ip); + free(dtw); + return NULL; + } +#if defined(SSL_OP_NO_RENEGOTIATION) + /* disable client renegotiation */ + if((SSL_CTX_set_options(dtw->ctx, SSL_OP_NO_RENEGOTIATION) & + SSL_OP_NO_RENEGOTIATION) != SSL_OP_NO_RENEGOTIATION) { + log_msg(LOG_ERR, "dnstap: could not set SSL_OP_NO_RENEGOTIATION"); + SSL_CTX_free(dtw->ctx); + free(dtw->ip); + free(dtw); + return NULL; + } +#endif + if(tls_client_key_file && tls_client_key_file[0]) { + if(!SSL_CTX_use_certificate_chain_file(dtw->ctx, + tls_client_cert_file)) { + log_msg(LOG_ERR, "dnstap: SSL_CTX_use_certificate_chain_file failed for %s", tls_client_cert_file); + SSL_CTX_free(dtw->ctx); + free(dtw->ip); + free(dtw); + return NULL; + } + if(!SSL_CTX_use_PrivateKey_file(dtw->ctx, tls_client_key_file, + SSL_FILETYPE_PEM)) { + log_msg(LOG_ERR, "dnstap: SSL_CTX_use_PrivateKey_file failed for %s", tls_client_key_file); + SSL_CTX_free(dtw->ctx); + free(dtw->ip); + free(dtw); + return NULL; + } + if(!SSL_CTX_check_private_key(dtw->ctx)) { + log_msg(LOG_ERR, "dnstap: SSL_CTX_check_private_key failed for %s", tls_client_key_file); + SSL_CTX_free(dtw->ctx); + free(dtw->ip); + free(dtw); + return NULL; + } + } + if(tls_cert_bundle && tls_cert_bundle[0]) { + if(!SSL_CTX_load_verify_locations(dtw->ctx, tls_cert_bundle, NULL)) { + log_msg(LOG_ERR, "dnstap: SSL_CTX_load_verify_locations failed for %s", tls_cert_bundle); + SSL_CTX_free(dtw->ctx); + free(dtw->ip); + free(dtw); + return NULL; + } + if(SSL_CTX_set_default_verify_paths(dtw->ctx) != 1) { + log_msg(LOG_ERR, "dnstap: SSL_CTX_set_default_verify_paths failed"); + SSL_CTX_free(dtw->ctx); + free(dtw->ip); + free(dtw); + return NULL; + } + SSL_CTX_set_verify(dtw->ctx, SSL_VERIFY_PEER, NULL); + } + if(tls_server_name) { + dtw->tls_server_name = strdup(tls_server_name); + if(!dtw->tls_server_name) { + log_msg(LOG_ERR, "dnstap: strdup failed"); + SSL_CTX_free(dtw->ctx); + free(dtw->ip); + free(dtw); + return NULL; + } + } + return dtw; +} + +/* Delete TLS writer object */ +static void +tls_writer_delete(struct dt_tls_writer* dtw) +{ + if(!dtw) + return; + if(dtw->ssl) + SSL_shutdown(dtw->ssl); + SSL_free(dtw->ssl); + dtw->ssl = NULL; + SSL_CTX_free(dtw->ctx); + if(dtw->fd != -1) { + close(dtw->fd); + dtw->fd = -1; + } + free(dtw->ip); + free(dtw->tls_server_name); + free(dtw); +} + +/* The fstrm writer destroy callback for TLS */ +static fstrm_res +dt_tls_writer_destroy(void* obj) +{ + struct dt_tls_writer* dtw = (struct dt_tls_writer*)obj; + tls_writer_delete(dtw); + return fstrm_res_success; +} + +/* The fstrm writer open callback for TLS */ +static fstrm_res +dt_tls_writer_open(void* obj) +{ + struct sockaddr_storage addr; + socklen_t addrlen; + char* svr, *at = NULL; + int port = 3333; + int addrfamily; + struct dt_tls_writer* dtw = (struct dt_tls_writer*)obj; + X509* x; + + /* skip action if already connected */ + if(dtw->connected) + return fstrm_res_success; + + /* figure out port number */ + svr = dtw->ip; + at = strchr(svr, '@'); + if(at != NULL) { + *at = 0; + port = atoi(at+1); + } + + /* parse addr */ + memset(&addr, 0, sizeof(addr)); +#ifdef INET6 + if(strchr(svr, ':')) { + struct sockaddr_in6 sa; + addrlen = (socklen_t)sizeof(struct sockaddr_in6); + memset(&sa, 0, addrlen); + sa.sin6_family = AF_INET6; + sa.sin6_port = (in_port_t)htons((uint16_t)port); + if(inet_pton((int)sa.sin6_family, svr, &sa.sin6_addr) <= 0) { + log_msg(LOG_ERR, "dnstap: could not parse IP: %s", svr); + if(at != NULL) + *at = '@'; + return fstrm_res_failure; + } + memcpy(&addr, &sa, addrlen); + addrfamily = AF_INET6; + } else +#else + if(1) +#endif + { + struct sockaddr_in sa; + addrlen = (socklen_t)sizeof(struct sockaddr_in); + memset(&sa, 0, addrlen); + sa.sin_family = AF_INET; + sa.sin_port = (in_port_t)htons((uint16_t)port); + if(inet_pton((int)sa.sin_family, svr, &sa.sin_addr) <= 0) { + log_msg(LOG_ERR, "dnstap: could not parse IP: %s", svr); + if(at != NULL) + *at = '@'; + return fstrm_res_failure; + } + memcpy(&addr, &sa, addrlen); + addrfamily = AF_INET; + } + if(at != NULL) + *at = '@'; + + /* open socket */ + dtw->fd = socket(addrfamily, SOCK_STREAM, 0); + if(dtw->fd == -1) { + log_msg(LOG_ERR, "dnstap: socket failed: %s", strerror(errno)); + return fstrm_res_failure; + } + if(connect(dtw->fd, (struct sockaddr*)&addr, addrlen) < 0) { + log_msg(LOG_ERR, "dnstap: connect failed: %s", strerror(errno)); + return fstrm_res_failure; + } + dtw->connected = 1; + + /* setup SSL */ + dtw->ssl = SSL_new(dtw->ctx); + if(!dtw->ssl) { + log_msg(LOG_ERR, "dnstap: SSL_new failed"); + return fstrm_res_failure; + } + SSL_set_connect_state(dtw->ssl); + (void)SSL_set_mode(dtw->ssl, SSL_MODE_AUTO_RETRY); + if(!SSL_set_fd(dtw->ssl, dtw->fd)) { + log_msg(LOG_ERR, "dnstap: SSL_set_fd failed"); + return fstrm_res_failure; + } + if(dtw->tls_server_name && dtw->tls_server_name[0]) { + if(!SSL_set1_host(dtw->ssl, dtw->tls_server_name)) { + log_msg(LOG_ERR, "dnstap: TLS setting of hostname %s failed to %s", + dtw->tls_server_name, dtw->ip); + return fstrm_res_failure; + } + } + + /* handshake */ + while(1) { + int r; + ERR_clear_error(); + if( (r=SSL_do_handshake(dtw->ssl)) == 1) + break; + r = SSL_get_error(dtw->ssl, r); + if(r != SSL_ERROR_WANT_READ && r != SSL_ERROR_WANT_WRITE) { + if(r == SSL_ERROR_ZERO_RETURN) { + log_msg(LOG_ERR, "dnstap: EOF on SSL_do_handshake"); + return fstrm_res_failure; + } + if(r == SSL_ERROR_SYSCALL) { + log_msg(LOG_ERR, "dnstap: SSL_do_handshake failed: %s", strerror(errno)); + return fstrm_res_failure; + } + log_crypto_err("dnstap: SSL_do_handshake failed"); + return fstrm_res_failure; + } + /* wants to be called again */ + } + + /* check authenticity of server */ + if(SSL_get_verify_result(dtw->ssl) != X509_V_OK) { + log_crypto_err("SSL verification failed"); + return fstrm_res_failure; + } + x = SSL_get_peer_certificate(dtw->ssl); + if(!x) { + log_crypto_err("Server presented no peer certificate"); + return fstrm_res_failure; + } + X509_free(x); + + return fstrm_res_success; +} + +/* The fstrm writer close callback for TLS */ +static fstrm_res +dt_tls_writer_close(void* obj) +{ + struct dt_tls_writer* dtw = (struct dt_tls_writer*)obj; + if(dtw->connected) { + dtw->connected = 0; + if(dtw->ssl) + SSL_shutdown(dtw->ssl); + SSL_free(dtw->ssl); + dtw->ssl = NULL; + if(dtw->fd != -1) { + close(dtw->fd); + dtw->fd = -1; + } + return fstrm_res_success; + } + return fstrm_res_failure; +} + +/* The fstrm writer read callback for TLS */ +static fstrm_res +dt_tls_writer_read(void* obj, void* buf, size_t nbytes) +{ + /* want to read nbytes of data */ + struct dt_tls_writer* dtw = (struct dt_tls_writer*)obj; + size_t nread = 0; + if(!dtw->connected) + return fstrm_res_failure; + while(nread < nbytes) { + int r; + ERR_clear_error(); + if((r = SSL_read(dtw->ssl, ((char*)buf)+nread, nbytes-nread)) <= 0) { + r = SSL_get_error(dtw->ssl, r); + if(r == SSL_ERROR_ZERO_RETURN) { + log_msg(LOG_ERR, "dnstap: EOF from %s", + dtw->ip); + return fstrm_res_failure; + } + if(r == SSL_ERROR_SYSCALL) { + log_msg(LOG_ERR, "dnstap: read %s: %s", + dtw->ip, strerror(errno)); + return fstrm_res_failure; + } + if(r == SSL_ERROR_SSL) { + log_crypto_err("dnstap: could not SSL_read"); + return fstrm_res_failure; + } + log_msg(LOG_ERR, "dnstap: SSL_read failed with err %d", + r); + return fstrm_res_failure; + } + nread += r; + } + return fstrm_res_success; +} + +/* The fstrm writer write callback for TLS */ +static fstrm_res +dt_tls_writer_write(void* obj, const struct iovec* iov, int iovcnt) +{ + struct dt_tls_writer* dtw = (struct dt_tls_writer*)obj; + int i; + if(!dtw->connected) + return fstrm_res_failure; + for(i=0; issl, iov[i].iov_base, (int)(iov[i].iov_len)) <= 0) { + log_crypto_err("dnstap: could not SSL_write"); + return fstrm_res_failure; + } + } + return fstrm_res_success; +} + +/* Create the fstrm writer object for TLS */ +static struct fstrm_writer* +dt_tls_make_writer(struct fstrm_writer_options* fwopt, + struct dt_tls_writer* dtw) +{ + struct fstrm_rdwr* rdwr = fstrm_rdwr_init(dtw); + fstrm_rdwr_set_destroy(rdwr, dt_tls_writer_destroy); + fstrm_rdwr_set_open(rdwr, dt_tls_writer_open); + fstrm_rdwr_set_close(rdwr, dt_tls_writer_close); + fstrm_rdwr_set_read(rdwr, dt_tls_writer_read); + fstrm_rdwr_set_write(rdwr, dt_tls_writer_write); + return fstrm_writer_init(fwopt, &rdwr); +} +#endif /* HAVE_SSL */ + /* check that the socket file can be opened and exists, print error if not */ static void check_socket_file(const char* socket_path) @@ -133,22 +516,30 @@ check_socket_file(const char* socket_path) } struct dt_env * -dt_create(const char *socket_path, unsigned num_workers) +dt_create(const char *socket_path, char* ip, unsigned num_workers, + int tls, char* tls_server_name, char* tls_cert_bundle, + char* tls_client_key_file, char* tls_client_cert_file) { #ifndef NDEBUG fstrm_res res; #endif struct dt_env *env; struct fstrm_iothr_options *fopt; - struct fstrm_unix_writer_options *fuwopt; + struct fstrm_unix_writer_options *fuwopt = NULL; + struct fstrm_tcp_writer_options *ftwopt = NULL; struct fstrm_writer *fw; struct fstrm_writer_options *fwopt; - VERBOSITY(1, (LOG_INFO, "attempting to connect to dnstap socket %s", - socket_path)); - assert(socket_path != NULL); assert(num_workers > 0); - check_socket_file(socket_path); + if(ip == NULL || ip[0] == 0) { + VERBOSITY(1, (LOG_INFO, "attempting to connect to dnstap socket %s", + socket_path)); + assert(socket_path != NULL); + check_socket_file(socket_path); + } else { + VERBOSITY(1, (LOG_INFO, "attempting to connect to dnstap %ssocket %s", + (tls?"tls ":""), ip)); + } env = (struct dt_env *) calloc(1, sizeof(struct dt_env)); if (!env) @@ -164,10 +555,50 @@ dt_create(const char *socket_path, unsigned num_workers) DNSTAP_CONTENT_TYPE, sizeof(DNSTAP_CONTENT_TYPE) - 1); assert(res == fstrm_res_success); - fuwopt = fstrm_unix_writer_options_init(); - fstrm_unix_writer_options_set_socket_path(fuwopt, socket_path); - - fw = fstrm_unix_writer_init(fuwopt, fwopt); + if(ip == NULL || ip[0] == 0) { + fuwopt = fstrm_unix_writer_options_init(); + fstrm_unix_writer_options_set_socket_path(fuwopt, socket_path); + } else { + char* at = strchr(ip, '@'); + if(!tls) { + ftwopt = fstrm_tcp_writer_options_init(); + if(at == NULL) { + fstrm_tcp_writer_options_set_socket_address(ftwopt, ip); + fstrm_tcp_writer_options_set_socket_port(ftwopt, "3333"); + } else { + *at = 0; + fstrm_tcp_writer_options_set_socket_address(ftwopt, ip); + fstrm_tcp_writer_options_set_socket_port(ftwopt, at+1); + *at = '@'; + } + } else { +#ifdef HAVE_SSL + env->tls_writer = tls_writer_init(ip, tls_server_name, + tls_cert_bundle, tls_client_key_file, + tls_client_cert_file); +#else + (void)tls_server_name; + (void)tls_cert_bundle; + (void)tls_client_key_file; + (void)tls_client_cert_file; + log_msg(LOG_ERR, "dnstap: tls enabled but compiled without ssl."); +#endif + if(!env->tls_writer) { + log_msg(LOG_ERR, "dt_create: tls_writer_init() failed"); + fstrm_writer_options_destroy(&fwopt); + free(env); + return NULL; + } + } + } + if(ip == NULL || ip[0] == 0) + fw = fstrm_unix_writer_init(fuwopt, fwopt); + else if(!tls) + fw = fstrm_tcp_writer_init(ftwopt, fwopt); +#ifdef HAVE_SSL + else + fw = dt_tls_make_writer(fwopt, env->tls_writer); +#endif assert(fw != NULL); fopt = fstrm_iothr_options_init(); @@ -180,7 +611,11 @@ dt_create(const char *socket_path, unsigned num_workers) env = NULL; } fstrm_iothr_options_destroy(&fopt); - fstrm_unix_writer_options_destroy(&fuwopt); + + if(ip == NULL || ip[0] == 0) + fstrm_unix_writer_options_destroy(&fuwopt); + else if(!tls) + fstrm_tcp_writer_options_destroy(&ftwopt); fstrm_writer_options_destroy(&fwopt); return env; diff --git a/usr.sbin/nsd/dnstap/dnstap.h b/usr.sbin/nsd/dnstap/dnstap.h index e5eaa2a13..8c84928cb 100644 --- a/usr.sbin/nsd/dnstap/dnstap.h +++ b/usr.sbin/nsd/dnstap/dnstap.h @@ -42,6 +42,7 @@ struct nsd_options; struct fstrm_io; struct fstrm_queue; +struct dt_tls_writer; struct dt_env { /** dnstap I/O thread */ @@ -66,6 +67,9 @@ struct dt_env { unsigned log_auth_query_messages : 1; /** whether to log Message/AUTH_RESPONSE */ unsigned log_auth_response_messages : 1; + + /** tls writer object, or NULL */ + struct dt_tls_writer* tls_writer; }; /** @@ -75,12 +79,23 @@ struct dt_env { * of the structure) to ensure lock-free access to its own per-worker circular * queue. Duplicate the environment object if more than one worker needs to * share access to the dnstap I/O socket. - * @param socket_path: path to dnstap logging socket, must be non-NULL. + * @param socket_path: path to dnstap logging socket, must be non-NULL if used. + * @param ip: if NULL or "" use socket path, otherwise IP or IP@port. * @param num_workers: number of worker threads, must be > 0. + * @param tls: set to true to use TLS, otherwise, TCP. Used when ip is set. + * @param tls_server_name: name for authenticating the upstream server, or + * NULL or "". + * @param tls_cert_bundle: pem bundle to verify server with. Or NULL or "". + * @param tls_client_key_file: key file for client authentication. Or NULL + * or "". + * @param tls_client_cert_file: cert file for client authentication. Or NULL + * or "". * @return dt_env object, NULL on failure. */ struct dt_env * -dt_create(const char *socket_path, unsigned num_workers); +dt_create(const char *socket_path, char* ip, unsigned num_workers, + int tls, char* tls_server_name, char* tls_cert_bundle, + char* tls_client_key_file, char* tls_client_cert_file); /** * Apply config settings. diff --git a/usr.sbin/nsd/dnstap/dnstap_collector.c b/usr.sbin/nsd/dnstap/dnstap_collector.c index 5ee1e5f78..1578bdfb0 100644 --- a/usr.sbin/nsd/dnstap/dnstap_collector.c +++ b/usr.sbin/nsd/dnstap/dnstap_collector.c @@ -32,6 +32,7 @@ #include "buffer.h" #include "namedb.h" #include "options.h" +#include "remote.h" #include "udb.h" #include "rrl.h" @@ -279,7 +280,12 @@ static void dt_init_dnstap(struct dt_collector* dt_col, struct nsd* nsd) nsd->options->dnstap_socket_path += l; } #endif - dt_col->dt_env = dt_create(nsd->options->dnstap_socket_path, num_workers); + dt_col->dt_env = dt_create(nsd->options->dnstap_socket_path, + nsd->options->dnstap_ip, num_workers, nsd->options->dnstap_tls, + nsd->options->dnstap_tls_server_name, + nsd->options->dnstap_tls_cert_bundle, + nsd->options->dnstap_tls_client_key_file, + nsd->options->dnstap_tls_client_cert_file); if(!dt_col->dt_env) { log_msg(LOG_ERR, "could not create dnstap env"); return; @@ -308,6 +314,9 @@ static void dt_collector_cleanup(struct dt_collector* dt_col, struct nsd* nsd) free(dt_col->inputs); } dt_collector_destroy(dt_col, nsd); + daemon_remote_delete(nsd->rc); /* ssl-delete secret keys */ + nsd_options_destroy(nsd->options); + region_destroy(nsd->region); #endif } diff --git a/usr.sbin/nsd/doc/ChangeLog b/usr.sbin/nsd/doc/ChangeLog index fac449dbb..c37f0839c 100644 --- a/usr.sbin/nsd/doc/ChangeLog +++ b/usr.sbin/nsd/doc/ChangeLog @@ -1,3 +1,86 @@ +31 May 2023: Wouter + - Add missing items to doc/RELNOTES. + - Tag for 4.7.0rc1. + +30 May 2023: Jeroen + - Fix #240: Prefix messages originating from verifier. + - Fix #275: Drop unnecessary root server checks. + +30 May 2023: Wouter + - Next version is 4.7.0, instead of 4.6.2, because of the added + features, like TLS for DNSTAP. + - Fix unused variable warning in unit test, from clang compile. + +24 May 2023: Wouter + - For #279: Note that autoreconf -fi creates the configure script + and also the needed auxiliary files, for autoconf 2.69 and 2.71. + +4 May 2023: Wouter + - Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h. + +1 May 2023: Wouter + - make depend. + - Fix for build to run flex and bison before compiling code that needs + the headers. + +13 April 2023: Wouter + - Fix cirrus script for submit to coverity scan to libtoolize + the configure script components config.guess and config.sub. + - Fix readme status badge links. + +28 March 2023: Wouter + - Fix #273: Large TXT record breaks AXFR. + - Fix ixfr create from adding too many record types. + +16 March 2023: Wouter + - Fix include brackets for ssl.h include statements, instead of quotes. + - Fix static analyzer warning about nsd_event_method initialization. + +15 March 2023: Wouter + - Dnstap tls code fixes. + +14 March 2023: Wouter + - Fix dnstap to not check socket path when using IP address. + - dnstap over TLS, default enabled. Configured with the + options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle, + dnstap-tls-client-key-file and dnstap-tls-client-cert-file. + - Fix to compile without ssl with dnstap-tls code. + +9 March 2023: Wouter + - Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333". + - Fix to clean more memory on exit of dnstap collector. + +23 February 2023: Wouter + - Fix #270: reserved identifier violation. + +20 February 2023: Wouter + - Merge #269 from Fale: Add systemd service unit. + +16 February 2023: Wouter + - Fix #266: Fix build with --without-ssl. + - Fix #267: Allow unencrypted local operation of nsd-control. + - Fix for #267: neater variable definitions. + +2 February 2023: Wouter + - Merge #265: Fix C99 compatibility issue. + +30 January 2023: Wouter + - Merge #263: Add bash autocompletion script for nsd-control. + - Fix for #262: More error logging for SSL read failures for zone + transfers. + +27 January 2023: Wouter + - Fix #262: Zone(s) not synchronizing properly via TLS. + - Fix ixfr_and_restart test to wait for processes to come to a stop. + +26 January 2023: Wouter + - Fix configure for -Wstrict-prototypes. + +10 November 2022: Wouter + - Tag for NSD 4.6.1, the repository continues with version 4.6.2. + - Fix #239: -Wincompatible-pointer-types warning in remote.c. + - Fix unit tests to succeed with --disable-bind8-stats. + 1 November 2022: Wouter - Fixup for non-trailing newline lexer change warnings. - Update doc/RELNOTES for changes. diff --git a/usr.sbin/nsd/doc/README b/usr.sbin/nsd/doc/README index ccb54551f..bb737c781 100644 --- a/usr.sbin/nsd/doc/README +++ b/usr.sbin/nsd/doc/README @@ -21,7 +21,7 @@ 1.0 Introduction -This is NSD Name Server Daemon (NSD) version 4.6.1. +This is NSD Name Server Daemon (NSD) version 4.7.0. The NLnet Labs Name Server Daemon (NSD) is an authoritative RFC compliant DNS nameserver. It was first conceived to allow for more genetic @@ -57,7 +57,7 @@ and uses a simple configuration file 'nsd.conf'. 1.2 Quick build and install -Step 1: Unpack the source with gtar -xzvf nsd-4.6.1.tar.gz +Step 1: Unpack the source with gtar -xzvf nsd-4.7.0.tar.gz Step 2: Create user nsd or any other unprivileged user of your choice. In case of later make sure to use @@ -111,9 +111,9 @@ Step 11: If desired add 'nsd-control write' to your superuser crontab to Use your favorite combination of tar and gnu zip to unpack the source, for example -$ gtar -xzvf nsd-4.6.1.tar.gz +$ gtar -xzvf nsd-4.7.0.tar.gz -will unpack the source into the ./nsd-4.6.1 directory... +will unpack the source into the ./nsd-4.7.0 directory... 2.2 Configuring NSD @@ -927,4 +927,4 @@ larger and regular donations please contact us at users@NLnetLabs.nl. Also see http://www.nlnetlabs.nl/labs/contributors/. -$Id: README,v 1.5 2022/11/14 21:09:32 sthen Exp $ +$Id: README,v 1.6 2023/06/29 19:38:50 florian Exp $ diff --git a/usr.sbin/nsd/doc/RELNOTES b/usr.sbin/nsd/doc/RELNOTES index c14587857..10cfea94f 100644 --- a/usr.sbin/nsd/doc/RELNOTES +++ b/usr.sbin/nsd/doc/RELNOTES @@ -1,5 +1,46 @@ NSD RELEASE NOTES +4.7.0 +================ +FEATURES: + - Merge #263: Add bash autocompletion script for nsd-control. + - Fix #267: Allow unencrypted local operation of nsd-control. + - Merge #269 from Fale: Add systemd service unit. + - Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333". + - dnstap over TLS, default enabled. Configured with the + options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle, + dnstap-tls-client-key-file and dnstap-tls-client-cert-file. +BUG FIXES: + - Fix #239: -Wincompatible-pointer-types warning in remote.c. + - Fix configure for -Wstrict-prototypes. + - Fix #262: Zone(s) not synchronizing properly via TLS. + - Fix for #262: More error logging for SSL read failures for zone + transfers. + - Merge #265: Fix C99 compatibility issue. + - Fix #266: Fix build with --without-ssl. + - Fix for #267: neater variable definitions. + - Fix #270: reserved identifier violation. + - Fix to clean more memory on exit of dnstap collector. + - Fix dnstap to not check socket path when using IP address. + - Fix to compile without ssl with dnstap-tls code. + - Dnstap tls code fixes. + - Fix include brackets for ssl.h include statements, instead of quotes. + - Fix static analyzer warning about nsd_event_method initialization. + - Fix #273: Large TXT record breaks AXFR. + - Fix ixfr create from adding too many record types. + - Fix cirrus script for submit to coverity scan to libtoolize + the configure script components config.guess and config.sub. + - Fix readme status badge links. + - make depend. + - Fix for build to run flex and bison before compiling code that needs + the headers. + - Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h. + - For #279: Note that autoreconf -fi creates the configure script + and also the needed auxiliary files, for autoconf 2.69 and 2.71. + - Fix unused variable warning in unit test, from clang compile. + - Fix #240: Prefix messages originating from verifier. + - Fix #275: Drop unnecessary root server checks. + 4.6.1 ================ FEATURES: diff --git a/usr.sbin/nsd/edns.h b/usr.sbin/nsd/edns.h index 942312c03..45d7c6361 100644 --- a/usr.sbin/nsd/edns.h +++ b/usr.sbin/nsd/edns.h @@ -7,8 +7,8 @@ * */ -#ifndef _EDNS_H_ -#define _EDNS_H_ +#ifndef EDNS_H +#define EDNS_H #include "buffer.h" struct nsd; @@ -103,4 +103,4 @@ void edns_init_nsid(edns_data_type *data, uint16_t nsid_len); void cookie_verify(struct query *q, struct nsd* nsd, uint32_t *now_p); void cookie_create(struct query *q, struct nsd* nsd, uint32_t *now_p); -#endif /* _EDNS_H_ */ +#endif /* EDNS_H */ diff --git a/usr.sbin/nsd/ixfr.c b/usr.sbin/nsd/ixfr.c index b054122b8..5a7efc0bf 100644 --- a/usr.sbin/nsd/ixfr.c +++ b/usr.sbin/nsd/ixfr.c @@ -261,7 +261,8 @@ static int pktcompression_write_dname(struct buffer* packet, /* write an RR into the packet with compression for domain names, * return 0 and resets position if it does not fit in the packet. */ static int ixfr_write_rr_pkt(struct query* query, struct buffer* packet, - struct pktcompression* pcomp, const uint8_t* rr, size_t rrlen) + struct pktcompression* pcomp, const uint8_t* rr, size_t rrlen, + uint16_t total_added) { size_t oldpos = buffer_position(packet); size_t rdpos; @@ -271,10 +272,21 @@ static int ixfr_write_rr_pkt(struct query* query, struct buffer* packet, size_t i; rrtype_descriptor_type* descriptor; - if(buffer_position(packet) > MAX_COMPRESSION_OFFSET - || query_overflow(query)) { - /* we are past the maximum length */ - return 0; + if(total_added == 0) { + size_t oldmaxlen = query->maxlen; + /* RR > 16K can be first RR */ + query->maxlen = (query->tcp?TCP_MAX_MESSAGE_LEN:UDP_MAX_MESSAGE_LEN); + if(query_overflow(query)) { + query->maxlen = oldmaxlen; + return 0; + } + query->maxlen = oldmaxlen; + } else { + if(buffer_position(packet) > MAX_COMPRESSION_OFFSET + || query_overflow(query)) { + /* we are past the maximum length */ + return 0; + } } /* write owner */ @@ -401,10 +413,21 @@ static int ixfr_write_rr_pkt(struct query* query, struct buffer* packet, } /* write compressed rdata length */ buffer_write_u16_at(packet, rdpos, buffer_position(packet)-rdpos-2); - if(query_overflow(query)) { - /* we are past the maximum length */ - buffer_set_position(packet, oldpos); - return 0; + if(total_added == 0) { + size_t oldmaxlen = query->maxlen; + query->maxlen = (query->tcp?TCP_MAX_MESSAGE_LEN:UDP_MAX_MESSAGE_LEN); + if(query_overflow(query)) { + query->maxlen = oldmaxlen; + buffer_set_position(packet, oldpos); + return 0; + } + query->maxlen = oldmaxlen; + } else { + if(query_overflow(query)) { + /* we are past the maximum length */ + buffer_set_position(packet, oldpos); + return 0; + } } return 1; } @@ -658,7 +681,7 @@ static uint16_t ixfr_copy_rrs_into_packet(struct query* query, * the final SOA of the result of the IXFR */ if(ixfr_write_rr_pkt(query, query->packet, pcomp, query->ixfr_end_data->newsoa, - query->ixfr_end_data->newsoa_len)) { + query->ixfr_end_data->newsoa_len, total_added)) { query->ixfr_count_newsoa = query->ixfr_end_data->newsoa_len; total_added++; query->ixfr_pos_of_newsoa = buffer_position(query->packet); @@ -672,7 +695,7 @@ static uint16_t ixfr_copy_rrs_into_packet(struct query* query, if(query->ixfr_count_oldsoa < query->ixfr_data->oldsoa_len) { if(ixfr_write_rr_pkt(query, query->packet, pcomp, query->ixfr_data->oldsoa, - query->ixfr_data->oldsoa_len)) { + query->ixfr_data->oldsoa_len, total_added)) { query->ixfr_count_oldsoa = query->ixfr_data->oldsoa_len; total_added++; } else { @@ -687,7 +710,7 @@ static uint16_t ixfr_copy_rrs_into_packet(struct query* query, query->ixfr_data->del_len, query->ixfr_count_del); if(rrlen && ixfr_write_rr_pkt(query, query->packet, pcomp, query->ixfr_data->del + query->ixfr_count_del, - rrlen)) { + rrlen, total_added)) { query->ixfr_count_del += rrlen; total_added++; } else { @@ -703,7 +726,7 @@ static uint16_t ixfr_copy_rrs_into_packet(struct query* query, query->ixfr_data->add_len, query->ixfr_count_add); if(rrlen && ixfr_write_rr_pkt(query, query->packet, pcomp, query->ixfr_data->add + query->ixfr_count_add, - rrlen)) { + rrlen, total_added)) { query->ixfr_count_add += rrlen; total_added++; } else { diff --git a/usr.sbin/nsd/ixfr.h b/usr.sbin/nsd/ixfr.h index 0f201038b..0920dc132 100644 --- a/usr.sbin/nsd/ixfr.h +++ b/usr.sbin/nsd/ixfr.h @@ -7,8 +7,8 @@ * */ -#ifndef _IXFR_H_ -#define _IXFR_H_ +#ifndef IXFR_H +#define IXFR_H struct nsd; #include "query.h" #include "rbtree.h" @@ -265,4 +265,4 @@ int ixfr_unlink_it(const char* zname, const char* zfile, int file_num, void ixfr_delete_superfluous_files(struct zone* zone, const char* zfile, int dest_num_files); -#endif /* _IXFR_H_ */ +#endif /* IXFR_H */ diff --git a/usr.sbin/nsd/ixfrcreate.c b/usr.sbin/nsd/ixfrcreate.c index 6841f004b..33855ebbc 100644 --- a/usr.sbin/nsd/ixfrcreate.c +++ b/usr.sbin/nsd/ixfrcreate.c @@ -533,16 +533,14 @@ static int process_marktypes(struct ixfr_store* store, struct zone* zone, /* walk through the rrsets in the zone, if it is not in the * marktypes list, then it is new and an added RRset */ rrset_type* s; - size_t atmarktype = 0; qsort(marktypes, marktypes_used, sizeof(marktypes[0]), &sort_uint16); for(s=domain->rrsets; s; s=s->next) { uint16_t tp; if(s->zone != zone) continue; tp = rrset_rrtype(s); - if(atmarktype < marktypes_used && marktypes[atmarktype]==tp) { + if(bsearch(&tp, marktypes, marktypes_used, sizeof(marktypes[0]), &sort_uint16)) { /* the item is in the marked list, skip it */ - atmarktype++; continue; } if(!process_add_rrset(store, domain, s)) diff --git a/usr.sbin/nsd/ixfrcreate.h b/usr.sbin/nsd/ixfrcreate.h index c09e0b1b7..0446d2cb0 100644 --- a/usr.sbin/nsd/ixfrcreate.h +++ b/usr.sbin/nsd/ixfrcreate.h @@ -7,8 +7,8 @@ * */ -#ifndef _IXFRCREATE_H_ -#define _IXFRCREATE_H_ +#ifndef IXFRCREATE_H +#define IXFRCREATE_H #include "dns.h" struct zone; struct nsd; @@ -83,4 +83,4 @@ struct spool_dname_iterator { char* file_name; }; -#endif /* _IXFRCREATE_H_ */ +#endif /* IXFRCREATE_H */ diff --git a/usr.sbin/nsd/namedb.h b/usr.sbin/nsd/namedb.h index e20d1cac6..3143e867d 100644 --- a/usr.sbin/nsd/namedb.h +++ b/usr.sbin/nsd/namedb.h @@ -7,8 +7,8 @@ * */ -#ifndef _NAMEDB_H_ -#define _NAMEDB_H_ +#ifndef NAMEDB_H +#define NAMEDB_H #include @@ -466,4 +466,4 @@ void zone_rr_iter_init(zone_rr_iter_type *iter, zone_type *zone); rr_type *zone_rr_iter_next(zone_rr_iter_type *iter); -#endif /* _NAMEDB_H_ */ +#endif /* NAMEDB_H */ diff --git a/usr.sbin/nsd/netio.h b/usr.sbin/nsd/netio.h index a0e805e9e..485435248 100644 --- a/usr.sbin/nsd/netio.h +++ b/usr.sbin/nsd/netio.h @@ -38,8 +38,8 @@ * blocked in pselect(2). */ -#ifndef _NETIO_H_ -#define _NETIO_H_ +#ifndef NETIO_H +#define NETIO_H #ifdef HAVE_SYS_SELECT_H #include @@ -187,4 +187,4 @@ operator |= (netio_event_types_type &lhs, netio_event_types_type rhs) { } #endif /* __cplusplus */ -#endif /* _NETIO_H_ */ +#endif /* NETIO_H */ diff --git a/usr.sbin/nsd/nsd-checkconf.8.in b/usr.sbin/nsd/nsd-checkconf.8.in index 331d89679..ac23b1bb7 100644 --- a/usr.sbin/nsd/nsd-checkconf.8.in +++ b/usr.sbin/nsd/nsd-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-checkconf" "8" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1" +.TH "nsd\-checkconf" "8" "Jun 7, 2023" "NLnet Labs" "nsd 4.7.0" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-checkconf.c b/usr.sbin/nsd/nsd-checkconf.c index a286b5cff..970f4014e 100644 --- a/usr.sbin/nsd/nsd-checkconf.c +++ b/usr.sbin/nsd/nsd-checkconf.c @@ -468,6 +468,12 @@ config_print_zone(nsd_options_type* opt, const char* k, int s, const char *o, #ifdef USE_DNSTAP SERV_GET_BIN(dnstap_enable, o); SERV_GET_STR(dnstap_socket_path, o); + SERV_GET_STR(dnstap_ip, o); + SERV_GET_BIN(dnstap_tls, o); + SERV_GET_STR(dnstap_tls_server_name, o); + SERV_GET_STR(dnstap_tls_cert_bundle, o); + SERV_GET_STR(dnstap_tls_client_key_file, o); + SERV_GET_STR(dnstap_tls_client_cert_file, o); SERV_GET_BIN(dnstap_send_identity, o); SERV_GET_BIN(dnstap_send_version, o); SERV_GET_STR(dnstap_identity, o); @@ -699,6 +705,12 @@ config_test_print_server(nsd_options_type* opt) printf("\ndnstap:\n"); printf("\tdnstap-enable: %s\n", opt->dnstap_enable?"yes":"no"); print_string_var("dnstap-socket-path:", opt->dnstap_socket_path); + print_string_var("dnstap-ip:", opt->dnstap_ip); + printf("\tdnstap-tls: %s\n", opt->dnstap_tls?"yes":"no"); + print_string_var("dnstap-tls-server-name:", opt->dnstap_tls_server_name); + print_string_var("dnstap-tls-cert-bundle:", opt->dnstap_tls_cert_bundle); + print_string_var("dnstap-tls-client-key-file:", opt->dnstap_tls_client_key_file); + print_string_var("dnstap-tls-client-cert-file:", opt->dnstap_tls_client_cert_file); printf("\tdnstap-send-identity: %s\n", opt->dnstap_send_identity?"yes":"no"); printf("\tdnstap-send-version: %s\n", opt->dnstap_send_version?"yes":"no"); print_string_var("dnstap-identity:", opt->dnstap_identity); @@ -779,13 +791,6 @@ additional_checks(nsd_options_type* opt, const char* filename) errors ++; continue; } -#ifndef ROOT_SERVER - /* Is it a root zone? Are we a root server then? Idiot proof. */ - if(dname->label_count == 1) { - fprintf(stderr, "%s: not configured as a root server.\n", filename); - errors ++; - } -#endif if(zone->pattern->allow_notify && !zone->pattern->request_xfr) { fprintf(stderr, "%s: zone %s has allow-notify but no request-xfr" " items. Where can it get a zone transfer when a notify " diff --git a/usr.sbin/nsd/nsd-checkzone.8.in b/usr.sbin/nsd/nsd-checkzone.8.in index e88f01b3f..6c7b62e3a 100644 --- a/usr.sbin/nsd/nsd-checkzone.8.in +++ b/usr.sbin/nsd/nsd-checkzone.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-checkzone" "8" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1" +.TH "nsd\-checkzone" "8" "Jun 7, 2023" "NLnet Labs" "nsd 4.7.0" .\" Copyright (c) 2014, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-control.8.in b/usr.sbin/nsd/nsd-control.8.in index e66d7b893..76734e1b3 100644 --- a/usr.sbin/nsd/nsd-control.8.in +++ b/usr.sbin/nsd/nsd-control.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-control" "8" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1" +.TH "nsd\-control" "8" "Jun 7, 2023" "NLnet Labs" "nsd 4.7.0" .\" Copyright (c) 2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-control.c b/usr.sbin/nsd/nsd-control.c index c58eff6fc..ddd380d08 100644 --- a/usr.sbin/nsd/nsd-control.c +++ b/usr.sbin/nsd/nsd-control.c @@ -44,10 +44,24 @@ #include "config.h" #include #include -#ifdef HAVE_SSL + +struct region; +struct domain_table; +struct zone; +struct domain; +int zonec_parse_string(struct region* ATTR_UNUSED(region), + struct domain_table* ATTR_UNUSED(domains), + struct zone* ATTR_UNUSED(zone), char* ATTR_UNUSED(str), + struct domain** ATTR_UNUSED(parsed), int* ATTR_UNUSED(num_rrs)) +{ + return 0; +} + #include #include #include +#include +#ifdef HAVE_SSL #ifdef HAVE_OPENSSL_SSL_H #include #endif @@ -57,6 +71,7 @@ #ifdef HAVE_OPENSSL_RAND_H #include #endif +#endif /* HAVE_SSL */ #ifdef HAVE_SYS_UN_H #include #endif @@ -70,20 +85,17 @@ #include "zonec.h" static void usage(void) ATTR_NORETURN; +#ifdef HAVE_SSL static void ssl_err(const char* s) ATTR_NORETURN; static void ssl_path_err(const char* s, const char *path) ATTR_NORETURN; +#else +/* define SSL to use as a boolean to turn it off in function calls. */ +#define SSL int +#endif /** timeout to wait for connection over stream, in msec */ #define NSD_CONTROL_CONNECT_TIMEOUT 5000 -int zonec_parse_string(region_type* ATTR_UNUSED(region), - domain_table_type* ATTR_UNUSED(domains), zone_type* ATTR_UNUSED(zone), - char* ATTR_UNUSED(str), domain_type** ATTR_UNUSED(parsed), - int* ATTR_UNUSED(num_rrs)) -{ - return 0; -} - /** Give nsd-control usage, and exit (1). */ static void usage() @@ -130,6 +142,7 @@ usage() exit(1); } +#ifdef HAVE_SSL /** exit with ssl error */ static void ssl_err(const char* s) { @@ -203,6 +216,7 @@ setup_ctx(struct nsd_options* cfg) return ctx; } +#endif /* HAVE_SSL */ /** check connect error */ static void @@ -355,6 +369,7 @@ contact_server(const char* svr, struct nsd_options* cfg, int statuscmd) return fd; } +#ifdef HAVE_SSL /** setup SSL on the connection */ static SSL* setup_ssl(SSL_CTX* ctx, int fd) @@ -390,12 +405,14 @@ setup_ssl(SSL_CTX* ctx, int fd) X509_free(x); return ssl; } +#endif /* HAVE_SSL */ /** read from ssl or fd, fatalexit on error, 0 EOF, 1 success */ static int remote_read(SSL* ssl, int fd, char* buf, size_t len) { if(ssl) { +#ifdef HAVE_SSL int r; ERR_clear_error(); if((r = SSL_read(ssl, buf, (int)len-1)) <= 0) { @@ -406,6 +423,7 @@ remote_read(SSL* ssl, int fd, char* buf, size_t len) ssl_err("could not SSL_read"); } buf[r] = 0; +#endif /* HAVE_SSL */ } else { ssize_t rr = read(fd, buf, len-1); if(rr <= 0) { @@ -427,8 +445,10 @@ static void remote_write(SSL* ssl, int fd, const char* buf, size_t len) { if(ssl) { +#ifdef HAVE_SSL if(SSL_write(ssl, buf, (int)len) <= 0) ssl_err("could not SSL_write"); +#endif /* HAVE_SSL */ } else { if(write(fd, buf, len) < (ssize_t)len) { fprintf(stderr, "could not write: %s\n", @@ -492,8 +512,10 @@ go(const char* cfgfile, char* svr, int argc, char* argv[]) { struct nsd_options* opt; int fd, ret; - SSL_CTX* ctx; - SSL* ssl; +#ifdef HAVE_SSL + SSL_CTX* ctx = NULL; +#endif + SSL* ssl = NULL; /* read config */ if(!(opt = nsd_options_create(region_create(xalloc, free)))) { @@ -508,18 +530,31 @@ go(const char* cfgfile, char* svr, int argc, char* argv[]) if(!opt->control_enable) fprintf(stderr, "warning: control-enable is 'no' in the config file.\n"); resolve_interface_names(opt); +#ifdef HAVE_SSL ctx = setup_ctx(opt); +#else + if(options_remote_is_address(opt)) { + fprintf(stderr, "error: NSD was compiled without SSL.\n"); + exit(1); + } +#endif /* HAVE_SSL */ /* contact server */ fd = contact_server(svr, opt, argc>0&&strcmp(argv[0],"status")==0); +#ifdef HAVE_SSL ssl = setup_ssl(ctx, fd); +#endif /* send command */ ret = go_cmd(ssl, fd, argc, argv); +#ifdef HAVE_SSL if(ssl) SSL_free(ssl); +#endif close(fd); +#ifdef HAVE_SSL if(ctx) SSL_CTX_free(ctx); +#endif region_destroy(opt->region); return ret; } @@ -537,6 +572,7 @@ int main(int argc, char* argv[]) char* svr = NULL; log_init("nsd-control"); +#ifdef HAVE_SSL #ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); #endif @@ -569,6 +605,7 @@ int main(int argc, char* argv[]) RAND_seed(buf, 256); fprintf(stderr, "warning: no entropy, seeding openssl PRNG with time\n"); } +#endif /* HAVE_SSL */ /* parse the options */ while( (c=getopt(argc, argv, "c:s:h")) != -1) { @@ -603,11 +640,3 @@ int main(int argc, char* argv[]) return go(cfgfile, svr, argc, argv); } - -#else /* HAVE_SSL */ -int main(void) -{ - printf("error: NSD was compiled without SSL.\n"); - return 1; -} -#endif /* HAVE_SSL */ diff --git a/usr.sbin/nsd/nsd.8.in b/usr.sbin/nsd/nsd.8.in index c7705a8dd..38b36e648 100644 --- a/usr.sbin/nsd/nsd.8.in +++ b/usr.sbin/nsd/nsd.8.in @@ -1,9 +1,9 @@ -.TH "NSD" "8" "Nov 10, 2022" "NLnet Labs" "NSD 4.6.1" +.TH "NSD" "8" "Jun 7, 2023" "NLnet Labs" "NSD 4.7.0" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" .B nsd -\- Name Server Daemon (NSD) version 4.6.1. +\- Name Server Daemon (NSD) version 4.7.0. .SH "SYNOPSIS" .B nsd .RB [ \-4 ] diff --git a/usr.sbin/nsd/nsd.c b/usr.sbin/nsd/nsd.c index abf658a62..81dfe2e85 100644 --- a/usr.sbin/nsd/nsd.c +++ b/usr.sbin/nsd/nsd.c @@ -1556,11 +1556,13 @@ main(int argc, char *argv[]) if(nsd.options->control_enable || (nsd.options->tls_service_key && nsd.options->tls_service_key[0])) { perform_openssl_init(); } +#endif /* HAVE_SSL */ if(nsd.options->control_enable) { /* read ssl keys while superuser and outside chroot */ if(!(nsd.rc = daemon_remote_create(nsd.options))) error("could not perform remote control setup"); } +#if defined(HAVE_SSL) if(nsd.options->tls_service_key && nsd.options->tls_service_key[0] && nsd.options->tls_service_pem && nsd.options->tls_service_pem[0]) { if(!(nsd.tls_ctx = server_tls_ctx_create(&nsd, NULL, diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in index f8c5987e9..6780ea7e8 100644 --- a/usr.sbin/nsd/nsd.conf.5.in +++ b/usr.sbin/nsd/nsd.conf.5.in @@ -1,4 +1,4 @@ -.TH "nsd.conf" "5" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1" +.TH "nsd.conf" "5" "Jun 7, 2023" "NLnet Labs" "nsd 4.7.0" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" @@ -1071,6 +1071,23 @@ for those messages to the server. Sets the unix socket file name for connecting to the server that is listening on that socket. Default is "@dnstap_socket_path@". .TP +.B dnstap-ip:\fR <"" or addr[@port]> +If disabled with "", the socket path is used. With a value, like address or +address@port, like "127.0.0.1@3333" TCP or TLS is used. Default is "". +.TP +.B dnstap-tls:\fR +If enabled, TLS is used to the address specified in \fBdnstap-ip\fR. Otherwise, +TCP is used. Default is yes. +.TP +.B dnstap-tls-server-name:\fR +The name for authenticating the upstream server. With "" disabled. +.TP +.B dnstap-tls-client-key-file:\fR +The key file for client authentication, or "" disabled. +.TP +.B dnstap-tls-client-cert-file:\fR +The cert file for client authentication, or "" disabled. +.TP .B dnstap-send-identity:\fR If enabled, the server identity is included in the log messages. Default is no. diff --git a/usr.sbin/nsd/nsd.conf.sample.in b/usr.sbin/nsd/nsd.conf.sample.in index 93bc80bde..67fdf4cb1 100644 --- a/usr.sbin/nsd/nsd.conf.sample.in +++ b/usr.sbin/nsd/nsd.conf.sample.in @@ -301,6 +301,13 @@ verify: # set this to yes and set one or more of dnstap-log-..-messages to yes. # dnstap-enable: no # dnstap-socket-path: "@dnstap_socket_path@" + # for dnstap-ip, "" is disabled, use TCP or TLS with like 127.0.0.1@3333 + # dnstap-ip: "" + # dnstap-tls: yes + # dnstap-tls-server-name: "" + # dnstap-tls-cert-bundle: "path/to/bundle.pem" + # dnstap-tls-client-key-file: "" + # dnstap-tls-client-cert-file: "" # dnstap-send-identity: no # dnstap-send-version: no # dnstap-identity: "" diff --git a/usr.sbin/nsd/nsd.h b/usr.sbin/nsd/nsd.h index f7cd53817..8fea49d6d 100644 --- a/usr.sbin/nsd/nsd.h +++ b/usr.sbin/nsd/nsd.h @@ -7,8 +7,8 @@ * */ -#ifndef _NSD_H_ -#define _NSD_H_ +#ifndef NSD_H +#define NSD_H #include #include @@ -407,4 +407,4 @@ void perform_openssl_init(void); #endif ssize_t block_read(struct nsd* nsd, int s, void* p, ssize_t sz, int timeout); -#endif /* _NSD_H_ */ +#endif /* NSD_H */ diff --git a/usr.sbin/nsd/options.c b/usr.sbin/nsd/options.c index b3d2d5304..7f435adcb 100644 --- a/usr.sbin/nsd/options.c +++ b/usr.sbin/nsd/options.c @@ -117,6 +117,12 @@ nsd_options_create(region_type* region) #ifdef USE_DNSTAP opt->dnstap_enable = 0; opt->dnstap_socket_path = DNSTAP_SOCKET_PATH; + opt->dnstap_ip = ""; + opt->dnstap_tls = 1; + opt->dnstap_tls_server_name = NULL; + opt->dnstap_tls_cert_bundle = NULL; + opt->dnstap_tls_client_key_file = NULL; + opt->dnstap_tls_client_cert_file = NULL; opt->dnstap_send_identity = 0; opt->dnstap_send_version = 0; opt->dnstap_identity = NULL; diff --git a/usr.sbin/nsd/options.h b/usr.sbin/nsd/options.h index b447b401b..a95409111 100644 --- a/usr.sbin/nsd/options.h +++ b/usr.sbin/nsd/options.h @@ -164,6 +164,18 @@ struct nsd_options { int dnstap_enable; /** dnstap socket path */ char* dnstap_socket_path; + /** dnstap IP, if "", it uses socket path. */ + char* dnstap_ip; + /** dnstap TLS enable */ + int dnstap_tls; + /** dnstap tls server authentication name */ + char* dnstap_tls_server_name; + /** dnstap server cert bundle */ + char* dnstap_tls_cert_bundle; + /** dnstap client key for client authentication */ + char* dnstap_tls_client_key_file; + /** dnstap client cert for client authentication */ + char* dnstap_tls_client_cert_file; /** true to send "identity" via dnstap */ int dnstap_send_identity; /** true to send "version" via dnstap */ diff --git a/usr.sbin/nsd/packet.h b/usr.sbin/nsd/packet.h index ed08dfae1..9b4a524cd 100644 --- a/usr.sbin/nsd/packet.h +++ b/usr.sbin/nsd/packet.h @@ -7,8 +7,8 @@ * */ -#ifndef _PACKET_H_ -#define _PACKET_H_ +#ifndef PACKET_H +#define PACKET_H #include @@ -202,4 +202,4 @@ int packet_read_query_section(buffer_type *packet, * returns false on no-serial found or parse failure. */ int packet_find_notify_serial(buffer_type *packet, uint32_t* serial); -#endif /* _PACKET_H_ */ +#endif /* PACKET_H */ diff --git a/usr.sbin/nsd/popen3.h b/usr.sbin/nsd/popen3.h index ed95b500f..82d84d878 100644 --- a/usr.sbin/nsd/popen3.h +++ b/usr.sbin/nsd/popen3.h @@ -6,8 +6,8 @@ * See LICENSE for the license. * */ -#ifndef _POPEN3_H_ -#define _POPEN3_H_ +#ifndef POPEN3_H +#define POPEN3_H #include #include @@ -24,4 +24,4 @@ pid_t popen3(char *const *command, int *fdoutptr, int *fderrptr); -#endif /* _POPEN3_H_ */ +#endif /* POPEN3_H */ diff --git a/usr.sbin/nsd/query.h b/usr.sbin/nsd/query.h index 2f47c9371..e68229019 100644 --- a/usr.sbin/nsd/query.h +++ b/usr.sbin/nsd/query.h @@ -7,8 +7,8 @@ * */ -#ifndef _QUERY_H_ -#define _QUERY_H_ +#ifndef QUERY_H +#define QUERY_H #include #include @@ -230,4 +230,4 @@ query_overflow(query_type *q) { return buffer_position(q->packet) > (q->maxlen - q->reserved_space); } -#endif /* _QUERY_H_ */ +#endif /* QUERY_H */ diff --git a/usr.sbin/nsd/rbtree.h b/usr.sbin/nsd/rbtree.h index eb9b39412..0dea2097c 100644 --- a/usr.sbin/nsd/rbtree.h +++ b/usr.sbin/nsd/rbtree.h @@ -7,8 +7,8 @@ * */ -#ifndef _RBTREE_H_ -#define _RBTREE_H_ +#ifndef RBTREE_H +#define RBTREE_H #include "region-allocator.h" @@ -73,4 +73,4 @@ rbnode_type *rbtree_previous(rbnode_type *rbtree); (rbnode_type*)node != RBTREE_NULL; \ node = (type)rbtree_next((rbnode_type*)node)) -#endif /* _RBTREE_H_ */ +#endif /* RBTREE_H */ diff --git a/usr.sbin/nsd/rdata.h b/usr.sbin/nsd/rdata.h index 457d940ec..deaa6eff7 100644 --- a/usr.sbin/nsd/rdata.h +++ b/usr.sbin/nsd/rdata.h @@ -7,8 +7,8 @@ * */ -#ifndef _RDATA_H_ -#define _RDATA_H_ +#ifndef RDATA_H +#define RDATA_H #include "dns.h" #include "namedb.h" @@ -58,4 +58,4 @@ int rdata_atoms_to_unknown_string(buffer_type *out, int print_rdata(buffer_type *output, rrtype_descriptor_type *descriptor, rr_type *record); -#endif /* _DNS_H_ */ +#endif /* RDATA_H */ diff --git a/usr.sbin/nsd/region-allocator.h b/usr.sbin/nsd/region-allocator.h index b305f1c9b..99af23350 100644 --- a/usr.sbin/nsd/region-allocator.h +++ b/usr.sbin/nsd/region-allocator.h @@ -7,8 +7,8 @@ * */ -#ifndef _REGION_ALLOCATOR_H_ -#define _REGION_ALLOCATOR_H_ +#ifndef REGION_ALLOCATOR_H +#define REGION_ALLOCATOR_H #include @@ -150,4 +150,4 @@ size_t region_get_mem_unused(region_type* region); /* Debug print REGION statistics to LOG. */ void region_log_stats(region_type *region); -#endif /* _REGION_ALLOCATOR_H_ */ +#endif /* REGION_ALLOCATOR_H */ diff --git a/usr.sbin/nsd/remote.c b/usr.sbin/nsd/remote.c index 2b2064aa6..5cdee68db 100644 --- a/usr.sbin/nsd/remote.c +++ b/usr.sbin/nsd/remote.c @@ -43,10 +43,10 @@ * Both the server and the client(control tool) have their own keys. */ #include "config.h" -#ifdef HAVE_SSL +#ifdef HAVE_SSL #ifdef HAVE_OPENSSL_SSL_H -#include "openssl/ssl.h" +#include #endif #ifdef HAVE_OPENSSL_ERR_H #include @@ -54,10 +54,12 @@ #ifdef HAVE_OPENSSL_RAND_H #include #endif +#endif /* HAVE_SSL */ #include #include #include #include +#include #ifndef USE_MINI_EVENT # ifdef HAVE_EVENT_H # include @@ -121,8 +123,10 @@ struct rc_state { struct timeval tval; /** in the handshake part */ enum { rc_none, rc_hs_read, rc_hs_write } shake_state; +#ifdef HAVE_SSL /** the ssl state */ SSL* ssl; +#endif /** file descriptor */ int fd; /** the rc this is part of */ @@ -165,16 +169,20 @@ struct daemon_remote { struct rc_state* stats_list; /** last time stats was reported */ struct timeval stats_time, boot_time; +#ifdef HAVE_SSL /** the SSL context for creating new SSL streams */ SSL_CTX* ctx; +#endif }; /** * Connection to print to, either SSL or plain over fd */ struct remote_stream { +#ifdef HAVE_SSL /** SSL structure, nonNULL if using SSL */ SSL* ssl; +#endif /** file descriptor for plain transfer */ int fd; }; @@ -218,7 +226,7 @@ remote_control_callback(int fd, short event, void* arg); /** ---- end of private defines ---- **/ - +#ifdef HAVE_SSL /** log ssl crypto err */ static void log_crypto_err(const char* str) @@ -233,6 +241,7 @@ log_crypto_err(const char* str) log_msg(LOG_ERR, "and additionally crypto %s", buf); } } +#endif /* HAVE_SSL */ #ifdef BIND8_STATS /** subtract timers and the values do not overflow or become negative */ @@ -252,6 +261,7 @@ timeval_subtract(struct timeval* d, const struct timeval* end, } #endif /* BIND8_STATS */ +#ifdef HAVE_SSL static int remote_setup_ctx(struct daemon_remote* rc, struct nsd_options* cfg) { @@ -264,6 +274,7 @@ remote_setup_ctx(struct daemon_remote* rc, struct nsd_options* cfg) } return 1; } +#endif /* HAVE_SSL */ struct daemon_remote* daemon_remote_create(struct nsd_options* cfg) @@ -274,14 +285,20 @@ daemon_remote_create(struct nsd_options* cfg) assert(cfg->control_enable); if(options_remote_is_address(cfg)) { +#ifdef HAVE_SSL if(!remote_setup_ctx(rc, cfg)) { daemon_remote_delete(rc); return NULL; } rc->use_cert = 1; +#else + log_msg(LOG_ERR, "Could not setup remote control: NSD was compiled without SSL."); +#endif /* HAVE_SSL */ } else { struct ip_address_option* o; +#ifdef HAVE_SSL rc->ctx = NULL; +#endif rc->use_cert = 0; for(o = cfg->control_interface; o; o = o->next) { if(o->address && o->address[0] != '/') @@ -328,8 +345,10 @@ void daemon_remote_close(struct daemon_remote* rc) np = p->next; if(p->event_added) event_del(&p->c); +#ifdef HAVE_SSL if(p->ssl) SSL_free(p->ssl); +#endif close(p->c.ev_fd); free(p); p = np; @@ -342,9 +361,11 @@ void daemon_remote_delete(struct daemon_remote* rc) { if(!rc) return; daemon_remote_close(rc); +#ifdef HAVE_SSL if(rc->ctx) { SSL_CTX_free(rc->ctx); } +#endif free(rc); } @@ -639,6 +660,7 @@ remote_accept_callback(int fd, short event, void* arg) } } +#ifdef HAVE_SSL if(rc->ctx) { n->shake_state = rc_hs_read; n->ssl = SSL_new(rc->ctx); @@ -660,6 +682,7 @@ remote_accept_callback(int fd, short event, void* arg) } else { n->ssl = NULL; } +#endif /* HAVE_SSL */ n->rc = rc; n->stats_next = NULL; @@ -717,10 +740,12 @@ clean_point(struct daemon_remote* rc, struct rc_state* s) rc->active --; if(s->event_added) event_del(&s->c); +#ifdef HAVE_SSL if(s->ssl) { SSL_shutdown(s->ssl); SSL_free(s->ssl); } +#endif /* HAVE_SSL */ close(s->c.ev_fd); free(s); } @@ -728,10 +753,11 @@ clean_point(struct daemon_remote* rc, struct rc_state* s) static int ssl_print_text(RES* res, const char* text) { - int r; if(!res) return 0; +#ifdef HAVE_SSL if(res->ssl) { + int r; ERR_clear_error(); if((r=SSL_write(res->ssl, text, (int)strlen(text))) <= 0) { if(SSL_get_error(res->ssl, r) == SSL_ERROR_ZERO_RETURN) { @@ -743,12 +769,15 @@ ssl_print_text(RES* res, const char* text) return 0; } } else { +#endif /* HAVE_SSL */ if(write_socket(res->fd, text, strlen(text)) <= 0) { log_msg(LOG_ERR, "could not write: %s", strerror(errno)); return 0; } +#ifdef HAVE_SSL } +#endif /* HAVE_SSL */ return 1; } @@ -776,14 +805,15 @@ ssl_printf(RES* ssl, const char* format, ...) static int ssl_read_line(RES* res, char* buf, size_t max) { - int r; size_t len = 0; if(!res) return 0; while(len < max) { buf[len] = 0; /* terminate for safety and please checkers */ /* this byte is written if we read a byte from the input */ +#ifdef HAVE_SSL if(res->ssl) { + int r; ERR_clear_error(); if((r=SSL_read(res->ssl, buf+len, 1)) <= 0) { if(SSL_get_error(res->ssl, r) == SSL_ERROR_ZERO_RETURN) { @@ -794,6 +824,7 @@ ssl_read_line(RES* res, char* buf, size_t max) return 0; } } else { +#endif /* HAVE_SSL */ while(1) { ssize_t rr = read(res->fd, buf+len, 1); if(rr <= 0) { @@ -809,7 +840,9 @@ ssl_read_line(RES* res, char* buf, size_t max) } break; } +#ifdef HAVE_SSL } +#endif /* HAVE_SSL */ if(buf[len] == '\n') { /* return string without \n */ buf[len] = 0; @@ -1212,8 +1245,11 @@ do_stats(struct daemon_remote* rc, int peek, struct rc_state* rs) /* force a reload */ xfrd_set_reload_now(xfrd); #else + RES res; + res.ssl = rs->ssl; + res.fd = rs->fd; (void)rc; (void)peek; - (void)ssl_printf(rs->ssl, "error no stats enabled at compile time\n"); + (void)ssl_printf(&res, "error no stats enabled at compile time\n"); #endif /* BIND8_STATS */ } @@ -2403,6 +2439,7 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res) } /* try to read magic UBCT[version]_space_ string */ +#ifdef HAVE_SSL if(res->ssl) { ERR_clear_error(); if((r=SSL_read(res->ssl, magic, (int)sizeof(magic)-1)) <= 0) { @@ -2412,6 +2449,7 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res) return; } } else { +#endif /* HAVE_SSL */ while(1) { ssize_t rr = read(res->fd, magic, sizeof(magic)-1); if(rr <= 0) { @@ -2424,7 +2462,9 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res) r = (int)rr; break; } +#ifdef HAVE_SSL } +#endif /* HAVE_SSL */ magic[7] = 0; if( r != 7 || strncmp(magic, "NSDCT", 5) != 0) { VERBOSITY(2, (LOG_INFO, "control connection has bad header")); @@ -2450,6 +2490,7 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res) execute_cmd(rc, res, buf, s); } +#ifdef HAVE_SSL /** handle SSL_do_handshake changes to the file descriptor to wait for later */ static void remote_handshake_later(struct daemon_remote* rc, struct rc_state* s, int fd, @@ -2492,6 +2533,7 @@ remote_handshake_later(struct daemon_remote* rc, struct rc_state* s, int fd, clean_point(rc, s); } } +#endif /* HAVE_SSL */ static void remote_control_callback(int fd, short event, void* arg) @@ -2499,14 +2541,15 @@ remote_control_callback(int fd, short event, void* arg) RES res; struct rc_state* s = (struct rc_state*)arg; struct daemon_remote* rc = s->rc; - int r; if( (event&EV_TIMEOUT) ) { log_msg(LOG_ERR, "remote control timed out"); clean_point(rc, s); return; } +#ifdef HAVE_SSL if(s->ssl) { /* (continue to) setup the SSL connection */ + int r; ERR_clear_error(); r = SSL_do_handshake(s->ssl); if(r != 1) { @@ -2516,10 +2559,12 @@ remote_control_callback(int fd, short event, void* arg) } s->shake_state = rc_none; } +#endif /* HAVE_SSL */ /* once handshake has completed, check authentication */ if (!rc->use_cert) { VERBOSITY(3, (LOG_INFO, "unauthenticated remote control connection")); +#ifdef HAVE_SSL } else if(SSL_get_verify_result(s->ssl) == X509_V_OK) { X509* x = SSL_get_peer_certificate(s->ssl); if(!x) { @@ -2530,6 +2575,7 @@ remote_control_callback(int fd, short event, void* arg) } VERBOSITY(3, (LOG_INFO, "remote control connection authenticated")); X509_free(x); +#endif /* HAVE_SSL */ } else { VERBOSITY(2, (LOG_INFO, "remote control connection failed to " "authenticate with client certificate")); @@ -2538,7 +2584,9 @@ remote_control_callback(int fd, short event, void* arg) } /* if OK start to actually handle the request */ +#ifdef HAVE_SSL res.ssl = s->ssl; +#endif /* HAVE_SSL */ res.fd = fd; handle_req(rc, s, &res); @@ -2833,7 +2881,9 @@ daemon_remote_process_stats(struct daemon_remote* rc) /* pop one and give it stats */ while((s = rc->stats_list)) { assert(s->in_stats_list); +#ifdef HAVE_SSL res.ssl = s->ssl; +#endif res.fd = s->fd; print_stats(&res, rc->xfrd, &now, (s->in_stats_list == 1)); if(s->in_stats_list == 1) { @@ -2908,5 +2958,3 @@ err: return -1; #endif } - -#endif /* HAVE_SSL */ diff --git a/usr.sbin/nsd/server.c b/usr.sbin/nsd/server.c index 18fc6d4c0..529edcf40 100644 --- a/usr.sbin/nsd/server.c +++ b/usr.sbin/nsd/server.c @@ -1532,8 +1532,8 @@ server_shutdown(struct nsd *nsd) } tsig_finalize(); -#ifdef HAVE_SSL daemon_remote_delete(nsd->rc); /* ssl-delete secret keys */ +#ifdef HAVE_SSL if (nsd->tls_ctx) SSL_CTX_free(nsd->tls_ctx); #endif @@ -1709,9 +1709,7 @@ server_send_soa_xfrd(struct nsd* nsd, int shortsoa) log_msg(LOG_WARNING, "signal received, shutting down..."); server_close_all_sockets(nsd->udp, nsd->ifs); server_close_all_sockets(nsd->tcp, nsd->ifs); -#ifdef HAVE_SSL daemon_remote_close(nsd->rc); -#endif /* Unlink it if possible... */ unlinkpid(nsd->pidfile); unlink(nsd->task[0]->fname); @@ -2810,9 +2808,7 @@ server_main(struct nsd *nsd) /* close opened ports to avoid race with restart of nsd */ server_close_all_sockets(nsd->udp, nsd->ifs); server_close_all_sockets(nsd->tcp, nsd->ifs); -#ifdef HAVE_SSL daemon_remote_close(nsd->rc); -#endif send_children_quit_and_wait(nsd); /* Unlink it if possible... */ @@ -2926,11 +2922,13 @@ nsd_event_method(void) return "select"; #else struct event_base* b = nsd_child_event_base(); - const char* m = "?"; + const char* m; # ifdef EV_FEATURE_BACKENDS m = ub_ev_backend2str(ev_backend((struct ev_loop*)b)); # elif defined(HAVE_EVENT_BASE_GET_METHOD) m = event_base_get_method(b); +# else + m = "?"; # endif # ifdef MEMCLEAN event_base_free(b); @@ -3040,7 +3038,11 @@ void server_verify(struct nsd *nsd, int cmdsocket) nsd->verifier_count = 0; nsd->verifier_limit = nsd->options->verifier_count; size = sizeof(struct verifier) * nsd->verifier_limit; - pipe(nsd->verifier_pipe); + if(pipe(nsd->verifier_pipe) == -1) { + log_msg(LOG_ERR, "verify: could not create pipe: %s", + strerror(errno)); + goto fail_pipe; + } fcntl(nsd->verifier_pipe[0], F_SETFD, FD_CLOEXEC); fcntl(nsd->verifier_pipe[1], F_SETFD, FD_CLOEXEC); nsd->verifiers = region_alloc_zero(nsd->server_region, size); @@ -3130,9 +3132,10 @@ void server_verify(struct nsd *nsd, int cmdsocket) assert(nsd->next_zone_to_verify == NULL || nsd->mode == NSD_QUIT); assert(nsd->verifier_count == 0 || nsd->mode == NSD_QUIT); fail: - event_base_free(nsd->event_base); close(nsd->verifier_pipe[0]); close(nsd->verifier_pipe[1]); +fail_pipe: + event_base_free(nsd->event_base); region_destroy(nsd->server_region); nsd->event_base = NULL; diff --git a/usr.sbin/nsd/tsig-openssl.h b/usr.sbin/nsd/tsig-openssl.h index c3c9b2359..13824a5e6 100644 --- a/usr.sbin/nsd/tsig-openssl.h +++ b/usr.sbin/nsd/tsig-openssl.h @@ -7,8 +7,8 @@ * */ -#ifndef _TSIG_OPENSSL_H_ -#define _TSIG_OPENSSL_H_ +#ifndef TSIG_OPENSSL_H +#define TSIG_OPENSSL_H #if defined(HAVE_SSL) @@ -26,4 +26,4 @@ void tsig_openssl_finalize(void); #endif /* defined(HAVE_SSL) */ -#endif /* _TSIG_H_ */ +#endif /* TSIG_OPENSSL_H */ diff --git a/usr.sbin/nsd/tsig.h b/usr.sbin/nsd/tsig.h index 1c2c12117..4f74dd276 100644 --- a/usr.sbin/nsd/tsig.h +++ b/usr.sbin/nsd/tsig.h @@ -7,8 +7,8 @@ * */ -#ifndef _TSIG_H_ -#define _TSIG_H_ +#ifndef TSIG_H +#define TSIG_H #include #include @@ -289,4 +289,4 @@ int tsig_strlowercmp(const char* str1, const char* str2); */ void tsig_finalize(void); -#endif /* _TSIG_H_ */ +#endif /* TSIG_H */ diff --git a/usr.sbin/nsd/util.h b/usr.sbin/nsd/util.h index 332d5d30d..97b7ba0cf 100644 --- a/usr.sbin/nsd/util.h +++ b/usr.sbin/nsd/util.h @@ -7,8 +7,8 @@ * */ -#ifndef _UTIL_H_ -#define _UTIL_H_ +#ifndef UTIL_H +#define UTIL_H #include #include @@ -451,4 +451,4 @@ void activate_cookie_secret(struct nsd* nsd); /* Drop a cookie secret. Drops the staging secret. An active secret will not * be dropped. */ void drop_cookie_secret(struct nsd* nsd); -#endif /* _UTIL_H_ */ +#endif /* UTIL_H */ diff --git a/usr.sbin/nsd/verify.c b/usr.sbin/nsd/verify.c index 06d72d30e..df9b8e80e 100644 --- a/usr.sbin/nsd/verify.c +++ b/usr.sbin/nsd/verify.c @@ -112,11 +112,11 @@ static inline size_t print_line(struct verifier_stream *stream, int eof) return 0; if (len > LOGLINELEN) { - fmt = stream->cut ? ".. %.*s .." : "%.*s .."; + fmt = stream->cut ? "verifier: .. %.*s .." : "verifier: %.*s .."; len = LOGLINELEN; // remainder printed next iteration stream->cut = 1; } else { - fmt = stream->cut ? ".. %.*s" : "%.*s"; + fmt = stream->cut ? "verifier: .. %.*s" : "verifier: %.*s"; stream->cut = 0; } log_msg(stream->priority, fmt, len, stream->buf + stream->off); @@ -274,7 +274,10 @@ void verify_handle_signal(int sig, short event, void *arg) assert(arg != NULL); nsd = (struct nsd *)arg; - (void)write(nsd->verifier_pipe[1], buf, sizeof(buf)); + if(write(nsd->verifier_pipe[1], buf, sizeof(buf)) == -1) { + log_msg(LOG_ERR, "verify_handle_signal: write failed: %s", + strerror(errno)); + } } /* diff --git a/usr.sbin/nsd/verify.h b/usr.sbin/nsd/verify.h index 7333b9188..1d50f622f 100644 --- a/usr.sbin/nsd/verify.h +++ b/usr.sbin/nsd/verify.h @@ -5,8 +5,8 @@ * * See LICENSE for the license. */ -#ifndef _VERIFY_H_ -#define _VERIFY_H_ +#ifndef VERIFY_H +#define VERIFY_H #ifndef USE_MINI_EVENT # ifdef HAVE_EVENT_H @@ -77,4 +77,4 @@ void verify_handle_exit(int fd, short event, void *arg); void verify_handle_command(int fd, short event, void *arg); -#endif /* _VERIFY_H_ */ +#endif /* VERIFY_H */ diff --git a/usr.sbin/nsd/xfrd-disk.c b/usr.sbin/nsd/xfrd-disk.c index 325405d81..274d5a2dd 100644 --- a/usr.sbin/nsd/xfrd-disk.c +++ b/usr.sbin/nsd/xfrd-disk.c @@ -329,13 +329,13 @@ xfrd_read_state(struct xfrd_state* xfrd) incoming_soa = zone->soa_nsd; incoming_acquired = zone->soa_nsd_acquired; zone->soa_nsd = soa_nsd_read; - zone->soa_disk = soa_disk_read; - zone->soa_notified = soa_notified_read; zone->soa_nsd_acquired = soa_nsd_acquired_read; - /* we had better use what we got from starting NSD, not - * what we store in this file, because the actual zone - * contents trumps the contents of this cache */ - /* zone->soa_disk_acquired = soa_disk_acquired_read; */ + /* use soa and soa_acquired from starting NSD, not what is stored in + * the state file, because the actual zone contents trumps the contents + * of this cache */ + zone->soa_disk = incoming_soa; + zone->soa_disk_acquired = incoming_acquired; + zone->soa_notified = soa_notified_read; zone->soa_notified_acquired = soa_notified_acquired_read; if (zone->state == xfrd_zone_expired) { diff --git a/usr.sbin/nsd/xfrd-tcp.c b/usr.sbin/nsd/xfrd-tcp.c index b5910b33e..5b1d80bb5 100644 --- a/usr.sbin/nsd/xfrd-tcp.c +++ b/usr.sbin/nsd/xfrd-tcp.c @@ -1268,9 +1268,12 @@ conn_read_ssl(struct xfrd_tcp* tcp, SSL* ssl) } if(err == SSL_ERROR_ZERO_RETURN) { /* EOF */ - return 0; + return -1; } - log_msg(LOG_ERR, "ssl_read returned error %d with received %zd", err, received); + if(err == SSL_ERROR_SYSCALL) + log_msg(LOG_ERR, "ssl_read returned error SSL_ERROR_SYSCALL with received %zd: %s", received, strerror(errno)); + else + log_msg(LOG_ERR, "ssl_read returned error %d with received %zd", err, received); } if(received == -1) { if(errno == EAGAIN || errno == EINTR) { @@ -1317,9 +1320,12 @@ conn_read_ssl(struct xfrd_tcp* tcp, SSL* ssl) int err = SSL_get_error(ssl, received); if(err == SSL_ERROR_ZERO_RETURN) { /* EOF */ - return 0; + return -1; } - log_msg(LOG_ERR, "ssl_read returned error %d with received %zd", err, received); + if(err == SSL_ERROR_SYSCALL) + log_msg(LOG_ERR, "ssl_read returned error SSL_ERROR_SYSCALL with received %zd: %s", received, strerror(errno)); + else + log_msg(LOG_ERR, "ssl_read returned error %d with received %zd", err, received); } if(received == -1) { if(errno == EAGAIN || errno == EINTR) { @@ -1462,7 +1468,10 @@ xfrd_tcp_read(struct xfrd_tcp_pipeline* tp) #endif ret = conn_read(tcp); if(ret == -1) { - log_msg(LOG_ERR, "xfrd: failed reading tcp %s", strerror(errno)); + if(errno != 0) + log_msg(LOG_ERR, "xfrd: failed reading tcp %s", strerror(errno)); + else + log_msg(LOG_ERR, "xfrd: failed reading tcp: closed"); xfrd_tcp_pipe_stop(tp); return; } diff --git a/usr.sbin/nsd/xfrd.c b/usr.sbin/nsd/xfrd.c index f2a29169a..b7e1628c7 100644 --- a/usr.sbin/nsd/xfrd.c +++ b/usr.sbin/nsd/xfrd.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "xfrd.h" #include "xfrd-tcp.h" #include "xfrd-disk.h" @@ -196,9 +197,7 @@ xfrd_init(int socket, struct nsd* nsd, int shortsoa, int reload_active, xfrd->notify_waiting_last = NULL; xfrd->notify_udp_num = 0; -#ifdef HAVE_SSL daemon_remote_attach(xfrd->nsd->rc, xfrd); -#endif xfrd->tcp_set = xfrd_tcp_set_create(xfrd->region, nsd->options->tls_cert_bundle, nsd->options->xfrd_tcp_max, nsd->options->xfrd_tcp_pipeline); xfrd->tcp_set->tcp_timeout = nsd->tcp_timeout; @@ -357,9 +356,7 @@ xfrd_shutdown() if(xfrd->nsd->options->zonefiles_write) { event_del(&xfrd->write_timer); } -#ifdef HAVE_SSL daemon_remote_close(xfrd->nsd->rc); /* close sockets of rc */ -#endif /* close sockets */ RBTREE_FOR(zone, xfrd_zone_type*, xfrd->zones) { @@ -406,8 +403,8 @@ xfrd_shutdown() /* unlink xfr files in not-yet-done task file */ xfrd_clean_pending_tasks(xfrd->nsd, xfrd->nsd->task[xfrd->nsd->mytask]); xfrd_del_tempdir(xfrd->nsd); -#ifdef HAVE_SSL daemon_remote_delete(xfrd->nsd->rc); /* ssl-delete secret keys */ +#ifdef HAVE_SSL if (xfrd->nsd->tls_ctx) SSL_CTX_free(xfrd->nsd->tls_ctx); # ifdef HAVE_TLS_1_3 @@ -1300,7 +1297,7 @@ xfrd_handle_incoming_soa(xfrd_zone_type* zone, return; if(zone->soa_disk_acquired) { - int cmp = compare_serial(soa->serial, zone->soa_disk.serial); + int cmp = compare_serial(ntohl(soa->serial), ntohl(zone->soa_disk.serial)); /* soa is from an update if serial equals soa_disk.serial or serial is less than soa_disk.serial and the acquired time is @@ -1317,9 +1314,17 @@ xfrd_handle_incoming_soa(xfrd_zone_type* zone, } /* soa in disk has been loaded in memory */ - log_msg(LOG_INFO, "zone %s serial %u is updated to %u", - zone->apex_str, (unsigned)ntohl(zone->soa_nsd.serial), - (unsigned)ntohl(soa->serial)); + { + uint32_t soa_serial, soa_nsd_serial; + soa_serial = ntohl(soa->serial); + soa_nsd_serial = ntohl(zone->soa_nsd.serial); + if (compare_serial(soa_serial, soa_nsd_serial) > 0) + log_msg(LOG_INFO, "zone %s serial %"PRIu32" is updated to %"PRIu32, + zone->apex_str, soa_nsd_serial, soa_serial); + else + log_msg(LOG_INFO, "zone %s serial is updated to %"PRIu32, + zone->apex_str, soa_serial); + } zone->soa_nsd = *soa; zone->soa_nsd_acquired = acquired; xfrd->write_zonefile_needed = 1; @@ -2356,8 +2361,8 @@ xfrd_handle_received_xfr_packet(xfrd_zone_type* zone, buffer_type* packet) zone->soa_disk = soa; if(zone->soa_notified_acquired && ( zone->soa_notified.serial == 0 || - compare_serial(htonl(zone->soa_disk.serial), - htonl(zone->soa_notified.serial)) >= 0)) + compare_serial(ntohl(zone->soa_disk.serial), + ntohl(zone->soa_notified.serial)) >= 0)) { zone->soa_notified_acquired = 0; } @@ -2691,9 +2696,7 @@ xfrd_process_stat_info_task(xfrd_state_type* xfrd, struct task_list_d* task) xfrd->nsd->children[i].query_count += *p++; } /* got total, now see if users are interested in these statistics */ -#ifdef HAVE_SSL daemon_remote_process_stats(xfrd->nsd->rc); -#endif } #endif /* BIND8_STATS */ diff --git a/usr.sbin/nsd/zonec.c b/usr.sbin/nsd/zonec.c index d9090ff86..c01fc51b3 100644 --- a/usr.sbin/nsd/zonec.c +++ b/usr.sbin/nsd/zonec.c @@ -2209,14 +2209,6 @@ zonec_read(const char* name, const char* zonefile, zone_type* zone) return 1; } -#ifndef ROOT_SERVER - /* Is it a root zone? Are we a root server then? Idiot proof. */ - if (dname->label_count == 1) { - zc_error("not configured as a root server"); - return 1; - } -#endif - /* Open the zone file */ if (!zone_open(zonefile, 3600, CLASS_IN, dname)) { zc_error("cannot open '%s': %s", zonefile, strerror(errno)); diff --git a/usr.sbin/nsd/zonec.h b/usr.sbin/nsd/zonec.h index e1b1fdd54..d4db32e0f 100644 --- a/usr.sbin/nsd/zonec.h +++ b/usr.sbin/nsd/zonec.h @@ -7,8 +7,8 @@ * */ -#ifndef _ZONEC_H_ -#define _ZONEC_H_ +#ifndef ZONEC_H +#define ZONEC_H #include "namedb.h" @@ -150,4 +150,4 @@ void check_sshfp(void); void apex_rrset_checks(struct namedb* db, rrset_type* rrset, domain_type* domain); -#endif /* _ZONEC_H_ */ +#endif /* ZONEC_H */ diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c index 347048ece..f884ac5ae 100644 --- a/usr.sbin/relayd/pfe_filter.c +++ b/usr.sbin/relayd/pfe_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe_filter.c,v 1.62 2017/05/28 10:39:15 benno Exp $ */ +/* $OpenBSD: pfe_filter.c,v 1.63 2023/06/30 12:16:00 sashan Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard @@ -632,7 +632,8 @@ check_table(struct relayd *env, struct rdr *rdr, struct table *table) goto toolong; if (ioctl(env->sc_pf->dev, DIOCRGETTSTATS, &io) == -1) - fatal("%s: cannot get table stats", __func__); + fatal("%s: cannot get table stats for %s@%s", __func__, + io.pfrio_table.pfrt_name, io.pfrio_table.pfrt_anchor); return (tstats.pfrts_match);