![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / unwind
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.68 / (download) - annotate - [select for diffs], Wed Feb 15 13:47:00 2023 UTC (15 months, 3 weeks ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
HEAD
Changes since 1.67: +2 -2 lines
Diff to previous 1.67 (colored)
Use correct order of arguments for shutdown(2). Luckily routesock would never be <= 2 so shutdown would always failing with EINVAL and not shutting down random other sockets. The kernel was just uselessly piling up route messages that we were never reading. This mistake first showed up in slaacd(8) and then was copied to the other daemons. Reported & fixed by Josiah Frentsos (jfrent at tilde.team), thanks! OK kn
Revision 1.67 / (download) - annotate - [select for diffs], Sat Dec 18 10:34:19 2021 UTC (2 years, 5 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.66: +3 -3 lines
Diff to previous 1.66 (colored)
Make sure we receive what we expect over imsg. Instead of repairing potential garbage ensure that we receive proper C strings. Inspired by a similar diff by deraadt@ for ldapd.
Revision 1.66 / (download) - annotate - [select for diffs], Fri Oct 22 15:11:51 2021 UTC (2 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.65: +1 -2 lines
Diff to previous 1.65 (colored)
oops, missed unused variable in previous
Revision 1.65 / (download) - annotate - [select for diffs], Fri Oct 22 15:03:28 2021 UTC (2 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.64: +1 -15 lines
Diff to previous 1.64 (colored)
config_new_empty() should give us a completely empty config, let parse_config() handle the case of defaults. This prevents the resolver process from spinning up resolver strategies before the config has been parsed and tearing them down immediately after if they are not listed in the config files preferences section. OK kn
Revision 1.64 / (download) - annotate - [select for diffs], Fri Oct 22 13:38:07 2021 UTC (2 years, 7 months ago) by kn
Branch: MAIN
Changes since 1.63: +4 -1 lines
Diff to previous 1.63 (colored)
Honour enabled resolvers to keep unused forwarders actually disabled
An unwind.conf like the following would still query forwarders,
both "." periodically and any explicit "example.com." queries:
preference { recursor autoconf stub }
forwarder { 2001:db8::1 }
force accept bogus forwarder { example.com. }
That's because the forwarder and resolver children processes start with
the default configuration and main later sends them the effective user
configuration; merging them, however, would ignore the list of enabled
resolvers, i.e. those listed in the `preference {}' block and thusly
cause children to always have all forwarders enabled (as is by default).
Copy the resolvers list during merge to fix this and restore expected
behaviour.
(Noticed during tests with "forwarder" temporarily removed from
`preference {}' while leaving the rest as is: my VPN interface serving
that forwarder showed DNS traffic while it was supposed to be silent.)
OK florian
Revision 1.63 / (download) - annotate - [select for diffs], Tue Aug 31 20:18:03 2021 UTC (2 years, 9 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.62: +3 -3 lines
Diff to previous 1.62 (colored)
Say autoconf not dhcp
Do not abuse "dhcp" to say "DHCP and SLAAC".
unwind.conf(5) does so but unwindctl(8) does not; in fact, the latter
already has `status autoconf' to
Show nameservers learned from dhclient(8), dhcpleased(8) or slaacd(8).
Adjust unwind's config manual and internal code accordingly; still accept
the old keyword but do not document it.
hostname.if(5) already advises for `inet[6] autoconf' instead of `dhcp' and
other related daemons don't abuse the word "dhcp" like unwind does.
Feedback sthen
OK florian
Revision 1.62 / (download) - annotate - [select for diffs], Sun Jul 25 08:34:43 2021 UTC (2 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.61: +4 -1 lines
Diff to previous 1.61 (colored)
We store a list of resolver strategies in order of their preference in the configuration struct. This is also an implicit list of enabled resolver strategies. We have also stored an explict lookup array of enabled strategies outside of the configuration to be able to quickly answer "is this strategy enabled" without traversing the preferences list. Move this table into the configuration so that we don't need to "repair" it on config reload. This fixes a bug where on startup the preferences list and enabled lookup table were not in sync. It didn't matter in practice since we do a config reload and then pass in DNSSEC trustanchors on startup. Both actions combined repaired things. OK benno
Revision 1.61 / (download) - annotate - [select for diffs], Sat Feb 27 10:32:28 2021 UTC (3 years, 3 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored)
Path #defines are traditionally prefixed with _PATH. Pointed out by deraadt
Revision 1.60 / (download) - annotate - [select for diffs], Sat Feb 6 18:01:02 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.59: +9 -44 lines
Diff to previous 1.59 (colored)
Revert delayed opening of trust anchor file. The code was somewhat ugly and the underlying problem (dhclient and unwind playing well together) should be solved differently. Final straw was jca reporting that it breaks his setup.
Revision 1.59 / (download) - annotate - [select for diffs], Sat Jan 30 10:31:52 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.58: +44 -9 lines
Diff to previous 1.58 (colored)
Re-try to open DNSSEC trust anchor file if /var is not mounted yet. This is a step towards starting unwind earlier, before the network is up and partitions are mounted. OK kn
Revision 1.58 / (download) - annotate - [select for diffs], Fri Jan 29 17:46:04 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.57: +4 -4 lines
Diff to previous 1.57 (colored)
Don't filter by address family on the route socket. While here also set SOCK_NONBLOCK on the frontend routesock.
Revision 1.57 / (download) - annotate - [select for diffs], Wed Jan 27 08:30:50 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.56: +3 -2 lines
Diff to previous 1.56 (colored)
Determine available address families (and monitor when this changes) to configure libunbound accordingly. This way it no longer tries to talk to IPv6 nameservers when only IPv4 is available and vice versa. input deraadt OK kn
Revision 1.56 / (download) - annotate - [select for diffs], Tue Jan 19 16:52:40 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.55: +9 -12 lines
Diff to previous 1.55 (colored)
Make imsg event structs static to fix -fno-common. Follows claudio's lead in ospfd et al. Problem reported by mortimer.
Revision 1.55 / (download) - annotate - [select for diffs], Tue Jan 19 16:50:23 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.54: +10 -5 lines
Diff to previous 1.54 (colored)
No need for a global uw_process; unbreaks -fno-common. Problem reported by mortimer
Revision 1.54 / (download) - annotate - [select for diffs], Mon Jan 18 15:26:04 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.53: +2 -3 lines
Diff to previous 1.53 (colored)
Remove c++ comment that snuck in and remove useless debug output.
Revision 1.53 / (download) - annotate - [select for diffs], Tue Jan 12 16:40:33 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.52: +64 -3 lines
Diff to previous 1.52 (colored)
Implement listening on 53/TCP Since we are only serving localhost we could get away with doing serving over UDP only because we have a huge MTU on lo0, it's still not correct behavior. This also enables sending truncated answers with TC set if the answer does not fit into the edns announced udp size. Testing at least by matthieu, jca, otto, phessler OK phessler
Revision 1.46.4.1 / (download) - annotate - [select for diffs], Mon Nov 9 16:55:01 2020 UTC (3 years, 6 months ago) by tb
Branch: OPENBSD_6_7
Changes since 1.46: +8 -2 lines
Diff to previous 1.46 (colored) next main 1.47 (colored)
Handle DNS answers that are larger than the maximum imsg size (about 16k) by splitting them up. Previously unwind would send meta-data about the finished query from the resolver process to the frontend process and then silently fail to send the actual answer because it was too big for imsg. When receiving the meta-data for the next query the frontend process would then exit via fatal() because it was still expecting an answer. This likely fixes rare crashes observed by Leo Unglaub. Note that even with DNSSEC signatures, answers this big are very rare. OK tb, benno original commit: florian This is errata/6.7/028_unwind.patch.sig
Revision 1.49.4.1 / (download) - annotate - [select for diffs], Mon Nov 9 16:54:53 2020 UTC (3 years, 6 months ago) by tb
Branch: OPENBSD_6_8
Changes since 1.49: +8 -2 lines
Diff to previous 1.49 (colored) next main 1.50 (colored)
Handle DNS answers that are larger than the maximum imsg size (about 16k) by splitting them up. Previously unwind would send meta-data about the finished query from the resolver process to the frontend process and then silently fail to send the actual answer because it was too big for imsg. When receiving the meta-data for the next query the frontend process would then exit via fatal() because it was still expecting an answer. This likely fixes rare crashes observed by Leo Unglaub. Note that even with DNSSEC signatures, answers this big are very rare. OK tb, benno original commit: florian This is errata/6.8/005_unwind.patch.sig
Revision 1.52 / (download) - annotate - [select for diffs], Mon Nov 9 04:22:05 2020 UTC (3 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.51: +3 -5 lines
Diff to previous 1.51 (colored)
Use RB_FOREACH_SAFE instead of handrolling it No binary change on amd64. ok florian
Revision 1.51 / (download) - annotate - [select for diffs], Mon Nov 9 04:20:46 2020 UTC (3 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.50: +6 -2 lines
Diff to previous 1.50 (colored)
Check for and handle duplicates on RB_INSERT If the configuration contains duplicate domains in the block list file or a force list, the nodes would leak in the frontend process each time the config is reloaded. Also add a check when copying the force list over imsg and fatal if a duplicate is encountered. This should never happen. ok florian
Revision 1.50 / (download) - annotate - [select for diffs], Thu Nov 5 16:22:59 2020 UTC (3 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.49: +8 -2 lines
Diff to previous 1.49 (colored)
Handle DNS answers that are larger than the maximum imsg size (about 16k) by splitting them up. Previously unwind would send meta-data about the finished query from the resolver process to the frontend process and then silently fail to send the actual answer because it was too big for imsg. When receiving the meta-data for the next query the frontend process would then exit via fatal() because it was still expecting an answer. This likely fixes rare crashes observed by Leo Unglaub. Note that even with DNSSEC signatures, answers this big are very rare. OK tb, benno
Revision 1.49 / (download) - annotate - [select for diffs], Sat Sep 12 17:01:03 2020 UTC (3 years, 8 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE
Branch point for: OPENBSD_6_8
Changes since 1.48: +3 -2 lines
Diff to previous 1.48 (colored)
When an interface disapears we need to forget the learned autoconf resolvers. OK kn
Revision 1.48 / (download) - annotate - [select for diffs], Sat Aug 29 22:29:27 2020 UTC (3 years, 9 months ago) by jca
Branch: MAIN
Changes since 1.47: +8 -1 lines
Diff to previous 1.47 (colored)
Use SO_REUSEADDR on the listening sockets Lets unwind(8) run when another name server listens on the wildcard address. Conflict with unbound(8) spotted by sthen@, ok florian@ deraadt@
Revision 1.47 / (download) - annotate - [select for diffs], Mon May 25 16:52:15 2020 UTC (4 years ago) by florian
Branch: MAIN
Changes since 1.46: +1 -3 lines
Diff to previous 1.46 (colored)
Do not log "startup" to syslog. slaacd and unwind start very early in the boot process and syslog is not fully available yet so these messages tend to get lost. But they are also not particularly useful. Prompted by a report by Jason Mader on bugs@ OK deraadt, claudio, bluhm Note that this code has been copied around to all our privsep daemons and also lives in usr.sbin. Leave it alone there because multiple people said they find it useful for those daemons.
Revision 1.46 / (download) - annotate - [select for diffs], Fri Dec 20 08:30:27 2019 UTC (4 years, 5 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE
Branch point for: OPENBSD_6_7
Changes since 1.45: +4 -3 lines
Diff to previous 1.45 (colored)
Try to bind to port 53 before opening the control socket. The bind might fail if another daemon is running while the control socket opening will succeed. Then we end up with an overwritten control socket, unwind exiting and no control socket to the already running unwind. Found the hard way by deraadt OK deraadt, mestre, kn, pamela
Revision 1.45 / (download) - annotate - [select for diffs], Sun Dec 8 09:47:50 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.44: +3 -1 lines
Diff to previous 1.44 (colored)
Turn opportunistic DoT into their own strategies. This is beneficial since we prefer strategies according to their performance. Previously name servers were upgraded to opportunistic DoT if it was available even if the round trip times went through the roof and there was no way to got back to plain udp/53 DNS. To make up a bit of space in the unwindctl status output, name servers learned via DHCP or SLAAC are printed in a new subcommand. The status output will be further improved shortly. Input & OK otto
Revision 1.44 / (download) - annotate - [select for diffs], Tue Dec 3 16:16:25 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.43: +12 -6 lines
Diff to previous 1.43 (colored)
Add one more debug level and enable very detailed libunbound logging with this. Currently only available as a command line flag (-vvv). With this we now have two debug levels available in unwind proper, to be used shortly. looks good to otto
Revision 1.43 / (download) - annotate - [select for diffs], Sun Dec 1 14:37:34 2019 UTC (4 years, 6 months ago) by otto
Branch: MAIN
Changes since 1.42: +41 -5 lines
Diff to previous 1.42 (colored)
Allow forcing specific domains to be resolved by specific resolvers; Handles typical split-horzizon setups. ok florian@
Revision 1.42 / (download) - annotate - [select for diffs], Fri Nov 29 16:39:23 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.41: +5 -14 lines
Diff to previous 1.41 (colored)
Don't hand-roll TAILQ_CONCAT in a slow way. Pointed out by & OK otto
Revision 1.41 / (download) - annotate - [select for diffs], Wed Nov 27 17:11:00 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.40: +3 -4 lines
Diff to previous 1.40 (colored)
Move resolver preference storage to a struct which makes it easier to reuse in the future. OK otto
Revision 1.40 / (download) - annotate - [select for diffs], Wed Nov 27 17:09:12 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.39: +7 -238 lines
Diff to previous 1.39 (colored)
Nuke http captive portal detection; something better is coming. OK otto
Revision 1.39 / (download) - annotate - [select for diffs], Tue Nov 26 19:35:13 2019 UTC (4 years, 6 months ago) by kn
Branch: MAIN
Changes since 1.38: +4 -6 lines
Diff to previous 1.38 (colored)
Improve previous Avoid an extra parameter and set NULL initialised conffile conditionally. From Matthew Martin <phy1729 at gmail dot com>, thanks!
Revision 1.38 / (download) - annotate - [select for diffs], Tue Nov 26 18:09:15 2019 UTC (4 years, 6 months ago) by kn
Branch: MAIN
Changes since 1.37: +6 -5 lines
Diff to previous 1.37 (colored)
Fail on nonexistent config file iff -c is given Default /etc/unwind.conf is optional and may be missing, but explicitly specified files should exist. OK florian
Revision 1.37 / (download) - annotate - [select for diffs], Tue Nov 19 14:46:33 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.36: +2 -43 lines
Diff to previous 1.36 (colored)
Stop dhcp lease file parsing now that dhclient sends proposals. Tested by deraadt as part of a larger diff.
Revision 1.36 / (download) - annotate - [select for diffs], Thu Nov 14 08:34:17 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.35: +34 -56 lines
Diff to previous 1.35 (colored)
With the stub resolver we have since some time we can resolve the captive portal host internaly via the resolver process. deraadt and me observed weird captive portal checking hangs inside of unwind if only 127.0.0.1 was listed as a nameserver in resolv.conf with the old code.
Revision 1.35 / (download) - annotate - [select for diffs], Mon Nov 11 05:51:06 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.34: +34 -1 lines
Diff to previous 1.34 (colored)
Implement DNS proposals to learn nameservers from network autoconfiguration daemons. Currently only slaacd is switched over so we need to keep the lease file parsing.
Revision 1.34 / (download) - annotate - [select for diffs], Sat Nov 9 16:28:10 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.33: +20 -19 lines
Diff to previous 1.33 (colored)
Mechanically change the forwarder SIMPLEQ to a TAILQ. Needed for future work to be able to easily delete elements while iterating. OK kn
Revision 1.33 / (download) - annotate - [select for diffs], Thu Oct 31 12:54:40 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.32: +2 -4 lines
Diff to previous 1.32 (colored)
With the asr fallback we can skip the service port up & down dance,
unwind should now be able to work in networks with crappy middle boxes.
We also need to switch to the ASR resolver, not DHCP when we are behind
a captive portal. Some captive portals let through DNS queries with edns0
options but the "click here to accept the terms of service page" is not
resolvable with edns0.
Revision 1.32 / (download) - annotate - [select for diffs], Thu Oct 31 12:51:43 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.31: +4 -3 lines
Diff to previous 1.31 (colored)
Add asr resolver type which completely bypasses libunbound and uses the libc asynchronous resolver directly with DHCP provided nameservers. This is a last-ditch effort when we find ourself behind a completely broken middle-box. Input & OK otto OK benno
Revision 1.31 / (download) - annotate - [select for diffs], Mon Oct 21 07:16:09 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored)
Optionally log blocked queries when using the block list. OK benno
Revision 1.30 / (download) - annotate - [select for diffs], Sun Sep 29 13:18:39 2019 UTC (4 years, 8 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)
annoying trailing whitespaces
Revision 1.29 / (download) - annotate - [select for diffs], Fri Jun 28 13:32:46 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.28: +3 -3 lines
Diff to previous 1.28 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.28 / (download) - annotate - [select for diffs], Tue May 14 14:51:31 2019 UTC (5 years ago) by florian
Branch: MAIN
Changes since 1.27: +87 -1 lines
Diff to previous 1.27 (colored)
Move common config passing code into a function. OK pamela
Revision 1.27 / (download) - annotate - [select for diffs], Mon May 13 23:13:24 2019 UTC (5 years ago) by florian
Branch: MAIN
Changes since 1.26: +1 -2 lines
Diff to previous 1.26 (colored)
Remove strict mode for now, it is in the way.
Revision 1.26 / (download) - annotate - [select for diffs], Fri May 10 14:10:38 2019 UTC (5 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.25: +29 -1 lines
Diff to previous 1.25 (colored)
Implement DNS block lists. If unwind is queried for a domain
in the block list it answers with rcode REFUSED.
Revision 1.25 / (download) - annotate - [select for diffs], Fri May 3 13:02:00 2019 UTC (5 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.24: +1 -4 lines
Diff to previous 1.24 (colored)
Revert previous, I got too excited and forgot about the config file :(
Revision 1.24 / (download) - annotate - [select for diffs], Tue Apr 30 11:09:11 2019 UTC (5 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.23: +4 -1 lines
Diff to previous 1.23 (colored)
Restrict file system access to /var/db for the dhclient lease files.
This and pledge("rpath") can go once we switch to RTM_PROPOSAL.
Revision 1.23 / (download) - annotate - [select for diffs], Tue Apr 2 07:47:23 2019 UTC (5 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.22: +14 -2 lines
Diff to previous 1.22 (colored)
Add a config option to specify the preference of name servers. Unfortunately the nameserver types enums needed to be renamed to not collide with yacc tokens.
Revision 1.22 / (download) - annotate - [select for diffs], Sun Mar 31 03:36:18 2019 UTC (5 years, 2 months ago) by yasuoka
Branch: MAIN
Changes since 1.21: +5 -2 lines
Diff to previous 1.21 (colored)
Avoid calling dup2(oldd, newd) when oldd == newd. In that case the descriptor keeps CLOEXEC flag then it will be closed unexpectedly by exec(). ok tedu florian
Revision 1.21 / (download) - annotate - [select for diffs], Sun Mar 31 00:57:06 2019 UTC (5 years, 2 months ago) by tedu
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
use AI_NUMERICHOST for ip conversion. ok florian
Revision 1.20 / (download) - annotate - [select for diffs], Sat Mar 30 12:52:03 2019 UTC (5 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.19: +66 -24 lines
Diff to previous 1.19 (colored)
Shuffle captive portal detection around. While we are behind a captive portal we have to ask the dhcp provided resolvers. However it is possible that those resolvers do not like to talk to unwind because of EDNS0. Unwind handles this case by closing its listening socket and hands over to asr. Except for the resolving of the captive portal host which it still tries to resolve via libunbound. Turns out there is no need for this we can just use getaddrinfo_async from asr which then either hits unwind which does the right thing or unwind closed its listening socket and asr moves on to talk directly to the dhcp resolvers.
Revision 1.19 / (download) - annotate - [select for diffs], Fri Mar 22 10:42:26 2019 UTC (5 years, 2 months ago) by jca
Branch: MAIN
Changes since 1.18: +3 -2 lines
Diff to previous 1.18 (colored)
No need to log that the DHCP lease file doesn't exist. We still want to log other causes when failing to open the lease file, but then do so with a more helpful error message. ok florian@
Revision 1.18 / (download) - annotate - [select for diffs], Sat Mar 2 16:11:10 2019 UTC (5 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.17: +1 -4 lines
Diff to previous 1.17 (colored)
Unfortunately we cannot use unveil in the main process since this
breaks config reload.
We cannot simply unveil the config file since it might appear after startup
and the config file syntax allows to include other files.
This is a problem with all the other parse.y based privsep'ed daemons
as well.
pledge("rpath") has to be enough for now.
Revision 1.17 / (download) - annotate - [select for diffs], Fri Mar 1 08:02:25 2019 UTC (5 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
Due to the way we build libunbound inside of unwind .o files collide in the obj directory. Previously this was solved by keeping the libunbound file name (to be able to keep in sync with upstream) and prefixing the source filename of colliding .o files in unwind with uw_. However, these files are shared through out our tree (namely parse.y, log.c and log.h) and we try to keep them in sync. Move files back to their original name and instead symlink colliding source files in libunbound to unique filenames by prefixing them with the directory they live in: obj/sldns_parse.c -> /usr/src/sbin/unwind/libunbound/sldns/parse.c obj/util_log.c -> /usr/src/sbin/unwind/libunbound/util/log.c Idea to use symlinks deraadt@ via jsg@ OK benno
Revision 1.16 / (download) - annotate - [select for diffs], Mon Feb 18 07:50:14 2019 UTC (5 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.15: +7 -10 lines
Diff to previous 1.15 (colored)
Introduce IMSG_DATA_SIZE() macro to to replace reoccuring math on imsg.hdr.len and shorten code. Input & OK pamela
Revision 1.15 / (download) - annotate - [select for diffs], Sun Feb 17 14:49:15 2019 UTC (5 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.14: +81 -85 lines
Diff to previous 1.14 (colored)
s/unwind_/uw_/ to save screen real estate; fix style(9) issues while here
Revision 1.14 / (download) - annotate - [select for diffs], Mon Feb 11 13:38:53 2019 UTC (5 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
With the rewrite of the trust anchor handling code we no longer need a directory writable by group _unwind. Move the on-disk trustanchor to /var/db/unwind.key. OK sthen
Revision 1.13 / (download) - annotate - [select for diffs], Sun Feb 10 14:10:22 2019 UTC (5 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.12: +9 -80 lines
Diff to previous 1.12 (colored)
Simplify trust anchor handling. Open trust anchor file for reading and writing on startup and pass it to the frontend process. The frontend process seeks and truncates the file apropriately when writing out new trust anchors learned via DNS but never closes the file. On error the file is truncated to zero length. This is in turn handled on startup by switching to the built in trust anchor when no trustanchor can be read from disk. This side steps the need for an unveil'ed directory with "c" permission and also removes the wpath and cpath pledges from the parent process. deraadt@ pointed out that my previous design didn't make sense and I had confused myself along the way. (It did work, but was too complicated for no good reason). While here validate that we actually read a trust anchor from disk by trying to parse it and checking that it is a DNSKEY. Unfortunately ub_ctx_add_ta() accepts just any string as a trust anchor without any validation.
Revision 1.12 / (download) - annotate - [select for diffs], Fri Feb 8 08:21:05 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.11: +1 -2 lines
Diff to previous 1.11 (colored)
Oops, unbreak captive portal detection. The captive portal process needs to receive sockets from the main process to speak http to.
Revision 1.11 / (download) - annotate - [select for diffs], Thu Feb 7 17:20:35 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.10: +94 -8 lines
Diff to previous 1.10 (colored)
Rewrite trust anchor handling. Do not use the libunbound's auto trust anchor file feature since it then the resolver process needs rpath, wpath, and cpath pledges and permission on the trust anchor file. Instead configure the trust anchor as resource record strings. The parent process opens the file, passes a filedescriptor to the frontend process to parse the file and then passes trust anchors to the resolver process to (re-) configure the resolver contexts. The resolver process periodically probes for new trust anchors (DNSKEY records of the root zone) and passes those to the frontend process. This in turn requests a file descripter for writing from the parent process. Once the trust anchors have been written the parent process renames the tmp file to the final location. Also provide a built in trust anchor for boot strapping purposes if no file is found on disk. That way we can get rid of unbound-anchor in unwind's rc.d script.
Revision 1.10 / (download) - annotate - [select for diffs], Sun Feb 3 12:02:30 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.9: +206 -19 lines
Diff to previous 1.9 (colored)
Captive portal detection for unwind(8).
Revision 1.9 / (download) - annotate - [select for diffs], Fri Feb 1 15:52:35 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.8: +5 -3 lines
Diff to previous 1.8 (colored)
Don't send udp sockets that we failed to open to the frontend, it will crash when it sees a -1 FD. Found the hard way by solene on a box without ::1
Revision 1.8 / (download) - annotate - [select for diffs], Tue Jan 29 20:03:49 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.7: +3 -9 lines
Diff to previous 1.7 (colored)
Get rid of ugly access(2) and still be able to run without a config file. Prodded by deraadt
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jan 29 19:13:01 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.6: +9 -2 lines
Diff to previous 1.6 (colored)
Make imsg processing much more paranoid. If it comes from one of our processes and the size does not match what we expect call fatalx to crash and burn. We either hit a logic bug or something is fishy on the other end and we can't trust that process any longer. Not that we trust those processes to begin with. This also applies to receiving resources that we don't expect. For example if we have an open UDP listen socket and get a new one passed from the main process something is wrong and we should crash and burn. The only place where we are more lenient is on the control socket. We just ignore wrong sized messages so that users can't bring down unwind.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jan 29 15:37:29 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.5: +2 -9 lines
Diff to previous 1.5 (colored)
We don't need IMSG_SHUTDOWN, we can just close the sockets. pointed out by deraadt
Revision 1.5 / (download) - annotate - [select for diffs], Sun Jan 27 12:40:54 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.4: +23 -2 lines
Diff to previous 1.4 (colored)
Implement DNS over TLS (DoT).
Revision 1.4 / (download) - annotate - [select for diffs], Sun Jan 27 07:46:49 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.3: +1 -7 lines
Diff to previous 1.3 (colored)
unwind(8) traces its ancestry to rad(8) and inherited all of its include directives, some of them no longer necessary. Cleanup by Caspar Schutijser, thank you very much!
Revision 1.3 / (download) - annotate - [select for diffs], Fri Jan 25 08:06:15 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.2: +3 -3 lines
Diff to previous 1.2 (colored)
The correct spelling is AF_ROUTE; from Caspar Schutijser, thanks!
Revision 1.2 / (download) - annotate - [select for diffs], Thu Jan 24 17:39:43 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.1: +52 -42 lines
Diff to previous 1.1 (colored)
Open and close listening sockets on localhost:53 depending on if we can resolve at all. We come up without listening and open IPv4 and IPv6 sockets once the resolver process has determinded that we can speak DNS to the outside world. Furthermore close the listening sockets when the resolver process notices that we can no longer speak DNS to the outside. This is a last-ditch effort to get out of libc resolver's way and let it speak directly to e.g. dhcp provided resolvers. With the recomended configuration of having 127.0.0.1 first in /etc/resolv.conf and then add dhcp provided resolvers after that our libc resolver will receive a port unreachable error and immediately switch to the next one if unwind is not listening on port 53. (Networks have been observed in the wild that intercept DNS packets and answer NXDOMAIN if an edns0 option is send with the query.)
Revision 1.1 / (download) - annotate - [select for diffs], Wed Jan 23 13:11:00 2019 UTC (5 years, 4 months ago) by florian
Branch: MAIN
Import unwind(8). unwind(8) is a hybrid validating stub & recursive resolver. It actively observes the local net to decide how to best resolve names. It can chose to recurse on it's own or talk to dhcp provided forwardes or statically defined forwarders in the config file. The intention is to be able to run it on localhost on every machine. "toss it in man" deraadt@