Up to [local] / src / sbin / unwind
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.29 / (download) - annotate - [select for diffs], Fri Oct 22 15:03:28 2021 UTC (2 years, 7 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
HEAD
Changes since 1.28: +17 -2 lines
Diff to previous 1.28 (colored)
config_new_empty() should give us a completely empty config, let parse_config() handle the case of defaults. This prevents the resolver process from spinning up resolver strategies before the config has been parsed and tearing them down immediately after if they are not listed in the config files preferences section. OK kn
Revision 1.28 / (download) - annotate - [select for diffs], Fri Oct 15 15:01:27 2021 UTC (2 years, 7 months ago) by naddy
Branch: MAIN
Changes since 1.27: +8 -8 lines
Diff to previous 1.27 (colored)
Don't declare variables as "unsigned char *" that are passed to functions that take "char *" arguments. Where such chars are assigned to int or passed to ctype functions, explicitly cast them to unsigned char. For OpenBSD's clang, -Wpointer-sign has been disabled by default, but when the parse.y code was built elsewhere, the compiler would complain. With help from millert@ ok benno@ deraadt@
Revision 1.27 / (download) - annotate - [select for diffs], Tue Aug 31 20:18:03 2021 UTC (2 years, 9 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.26: +9 -5 lines
Diff to previous 1.26 (colored)
Say autoconf not dhcp Do not abuse "dhcp" to say "DHCP and SLAAC". unwind.conf(5) does so but unwindctl(8) does not; in fact, the latter already has `status autoconf' to Show nameservers learned from dhclient(8), dhcpleased(8) or slaacd(8). Adjust unwind's config manual and internal code accordingly; still accept the old keyword but do not document it. hostname.if(5) already advises for `inet[6] autoconf' instead of `dhcp' and other related daemons don't abuse the word "dhcp" like unwind does. Feedback sthen OK florian
Revision 1.26 / (download) - annotate - [select for diffs], Sun Jul 25 08:34:43 2021 UTC (2 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.25: +7 -2 lines
Diff to previous 1.25 (colored)
We store a list of resolver strategies in order of their preference in the configuration struct. This is also an implicit list of enabled resolver strategies. We have also stored an explict lookup array of enabled strategies outside of the configuration to be able to quickly answer "is this strategy enabled" without traversing the preferences list. Move this table into the configuration so that we don't need to "repair" it on config reload. This fixes a bug where on startup the preferences list and enabled lookup table were not in sync. It didn't matter in practice since we do a config reload and then pass in DNSSEC trustanchors on startup. Both actions combined repaired things. OK benno
Revision 1.25 / (download) - annotate - [select for diffs], Sat Feb 27 10:32:28 2021 UTC (3 years, 3 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
Path #defines are traditionally prefixed with _PATH. Pointed out by deraadt
Revision 1.24 / (download) - annotate - [select for diffs], Mon Nov 9 04:22:05 2020 UTC (3 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.23: +2 -4 lines
Diff to previous 1.23 (colored)
Use RB_FOREACH_SAFE instead of handrolling it No binary change on amd64. ok florian
Revision 1.23 / (download) - annotate - [select for diffs], Mon Nov 9 04:20:46 2020 UTC (3 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.22: +5 -2 lines
Diff to previous 1.22 (colored)
Check for and handle duplicates on RB_INSERT If the configuration contains duplicate domains in the block list file or a force list, the nodes would leak in the frontend process each time the config is reloaded. Also add a check when copying the force list over imsg and fatal if a duplicate is encountered. This should never happen. ok florian
Revision 1.22 / (download) - annotate - [select for diffs], Sun Dec 8 09:47:50 2019 UTC (4 years, 5 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.21: +11 -7 lines
Diff to previous 1.21 (colored)
Turn opportunistic DoT into their own strategies. This is beneficial since we prefer strategies according to their performance. Previously name servers were upgraded to opportunistic DoT if it was available even if the round trip times went through the roof and there was no way to got back to plain udp/53 DNS. To make up a bit of space in the unwindctl status output, name servers learned via DHCP or SLAAC are printed in a new subcommand. The status output will be further improved shortly. Input & OK otto
Revision 1.21 / (download) - annotate - [select for diffs], Sun Dec 1 14:37:34 2019 UTC (4 years, 6 months ago) by otto
Branch: MAIN
Changes since 1.20: +68 -5 lines
Diff to previous 1.20 (colored)
Allow forcing specific domains to be resolved by specific resolvers; Handles typical split-horzizon setups. ok florian@
Revision 1.20 / (download) - annotate - [select for diffs], Thu Nov 28 10:02:44 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.19: +23 -26 lines
Diff to previous 1.19 (colored)
Track all elements of a forwarder configuration individually: IP address, port and authentication name. This makes print_config less awkward and fixes a bug were an alternative port number was not printed.
Revision 1.19 / (download) - annotate - [select for diffs], Wed Nov 27 17:11:00 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.18: +6 -6 lines
Diff to previous 1.18 (colored)
Move resolver preference storage to a struct which makes it easier to reuse in the future. OK otto
Revision 1.18 / (download) - annotate - [select for diffs], Wed Nov 27 17:09:12 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.17: +4 -68 lines
Diff to previous 1.17 (colored)
Nuke http captive portal detection; something better is coming. OK otto
Revision 1.17 / (download) - annotate - [select for diffs], Tue Nov 26 19:35:13 2019 UTC (4 years, 6 months ago) by kn
Branch: MAIN
Changes since 1.16: +5 -4 lines
Diff to previous 1.16 (colored)
Improve previous Avoid an extra parameter and set NULL initialised conffile conditionally. From Matthew Martin <phy1729 at gmail dot com>, thanks!
Revision 1.16 / (download) - annotate - [select for diffs], Tue Nov 26 18:09:15 2019 UTC (4 years, 6 months ago) by kn
Branch: MAIN
Changes since 1.15: +3 -3 lines
Diff to previous 1.15 (colored)
Fail on nonexistent config file iff -c is given Default /etc/unwind.conf is optional and may be missing, but explicitly specified files should exist. OK florian
Revision 1.15 / (download) - annotate - [select for diffs], Sat Nov 9 16:28:10 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.14: +8 -7 lines
Diff to previous 1.14 (colored)
Mechanically change the forwarder SIMPLEQ to a TAILQ. Needed for future work to be able to easily delete elements while iterating. OK kn
Revision 1.14 / (download) - annotate - [select for diffs], Wed Nov 6 14:19:59 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.13: +4 -4 lines
Diff to previous 1.13 (colored)
Rename "asr" to "stub" in user visible parts. More people know what a "stub" resolver is then asr. Pointed out by & discussed with deraadt Input & OK otto
Revision 1.13 / (download) - annotate - [select for diffs], Sun Nov 3 09:46:11 2019 UTC (4 years, 6 months ago) by otto
Branch: MAIN
Changes since 1.12: +40 -21 lines
Diff to previous 1.12 (colored)
*** empty log message ***
Revision 1.12 / (download) - annotate - [select for diffs], Thu Oct 31 12:51:43 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.11: +4 -2 lines
Diff to previous 1.11 (colored)
Add asr resolver type which completely bypasses libunbound and uses the libc asynchronous resolver directly with DHCP provided nameservers. This is a last-ditch effort when we find ourself behind a completely broken middle-box. Input & OK otto OK benno
Revision 1.11 / (download) - annotate - [select for diffs], Mon Oct 21 07:16:09 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.10: +10 -4 lines
Diff to previous 1.10 (colored)
Optionally log blocked queries when using the block list. OK benno
Revision 1.10 / (download) - annotate - [select for diffs], Fri Oct 18 06:03:25 2019 UTC (4 years, 7 months ago) by otto
Branch: MAIN
Changes since 1.9: +3 -1 lines
Diff to previous 1.9 (colored)
Plug mem leak in error path; ok florian@ who also spotted the rad case
Revision 1.9 / (download) - annotate - [select for diffs], Fri Oct 18 06:00:46 2019 UTC (4 years, 7 months ago) by otto
Branch: MAIN
Changes since 1.8: +11 -36 lines
Diff to previous 1.8 (colored)
Another case of using yacc effectively to avoid repeating code; ok florian@
Revision 1.8 / (download) - annotate - [select for diffs], Fri Oct 18 04:53:22 2019 UTC (4 years, 7 months ago) by otto
Branch: MAIN
Changes since 1.7: +40 -164 lines
Diff to previous 1.7 (colored)
Reafctor forwarder clause to avoid having to write out the same code a couple of times by declaring optional stuff the proper way. ok @florian
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jul 3 03:24:02 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.6: +6 -6 lines
Diff to previous 1.6 (colored)
snprintf/vsnprintf return < 0 on error, rather than -1.
Revision 1.6 / (download) - annotate - [select for diffs], Mon May 13 23:13:24 2019 UTC (5 years ago) by florian
Branch: MAIN
Changes since 1.5: +2 -8 lines
Diff to previous 1.5 (colored)
Remove strict mode for now, it is in the way.
Revision 1.5 / (download) - annotate - [select for diffs], Fri May 10 14:10:38 2019 UTC (5 years ago) by florian
Branch: MAIN
Changes since 1.4: +20 -1 lines
Diff to previous 1.4 (colored)
Implement DNS block lists. If unwind is queried for a domain in the block list it answers with rcode REFUSED.
Revision 1.4 / (download) - annotate - [select for diffs], Wed Apr 3 03:48:45 2019 UTC (5 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.3: +6 -4 lines
Diff to previous 1.3 (colored)
Default to port 853 if DoT is used; pointed out by tedu
Revision 1.3 / (download) - annotate - [select for diffs], Tue Apr 2 07:47:22 2019 UTC (5 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.2: +75 -2 lines
Diff to previous 1.2 (colored)
Add a config option to specify the preference of name servers. Unfortunately the nameserver types enums needed to be renamed to not collide with yacc tokens.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Apr 1 03:31:55 2019 UTC (5 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.1: +68 -2 lines
Diff to previous 1.1 (colored)
Implement "Authentication Domain Names" configuration as per RFC 8310 section 7.1 for DoT servers. We are setting the CA cert bundle path (/etc/ssl/cert.pem) directly in libunbound so we need to losen pledge(2) a bit and allow rpath. At the same time we unveil only /etc/ssl/cert.pem. We can drop the chroot(2) since pledge(2) and unveil(2) give us more fine grained isolation. prodding by tb@. p.s. for portable it might be necessary to pass in a file descriptor from the parent, slurp in the file and then use X509_STORE_load_mem() (pointed out by sthen) in the guts of libunbound.
Revision 1.1 / (download) - annotate - [select for diffs], Fri Mar 1 08:02:25 2019 UTC (5 years, 3 months ago) by florian
Branch: MAIN
Due to the way we build libunbound inside of unwind .o files collide in the obj directory. Previously this was solved by keeping the libunbound file name (to be able to keep in sync with upstream) and prefixing the source filename of colliding .o files in unwind with uw_. However, these files are shared through out our tree (namely parse.y, log.c and log.h) and we try to keep them in sync. Move files back to their original name and instead symlink colliding source files in libunbound to unique filenames by prefixing them with the directory they live in: obj/sldns_parse.c -> /usr/src/sbin/unwind/libunbound/sldns/parse.c obj/util_log.c -> /usr/src/sbin/unwind/libunbound/util/log.c Idea to use symlinks deraadt@ via jsg@ OK benno