SecBSD/src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

Browse Source
This commit is contained in:
purplerain 2023-12-21 17:12:07 +00:00
parent 659ea2942e
commit 0f27a61c5c
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
131 changed files with 2461 additions and 5218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/pax/tar.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tar.c,v 1.74 2023/12/09 23:00:11 jca Exp $ */
/* $OpenBSD: tar.c,v 1.75 2023/12/21 01:20:54 jca Exp $ */
/* $NetBSD: tar.c,v 1.5 1995/03/21 09:07:49 cgd Exp $ */
/*-
@ -1072,7 +1072,7 @@ wr_ustar_or_pax(ARCHD *arcn, int ustar)
#ifndef SMALL
else if (xheader_add(&xhdr, "path", arcn->name) == -1) {
paxwarn(1, "File name too long for pax %s",
arcn->ln_name);
arcn->name);
xheader_free(&xhdr);
return(1);
}

5
distrib/sets/lists/base/mi
View File

@ -292,14 +292,9 @@
./etc/rmt
./etc/rpc
./etc/rpki
./etc/rpki/afrinic.constraints
./etc/rpki/afrinic.tal
./etc/rpki/apnic.constraints
./etc/rpki/apnic.tal
./etc/rpki/arin.constraints
./etc/rpki/lacnic.constraints
./etc/rpki/lacnic.tal
./etc/rpki/ripe.constraints
./etc/rpki/ripe.tal
./etc/services
./etc/signify

5
distrib/sets/lists/etc/mi
View File

@ -27,6 +27,11 @@
./etc/ppp/options
./etc/ppp/pap-secrets
./etc/pwd.db
./etc/rpki/afrinic.constraints
./etc/rpki/apnic.constraints
./etc/rpki/arin.constraints
./etc/rpki/lacnic.constraints
./etc/rpki/ripe.constraints
./etc/shells
./etc/skel/.Xdefaults
./etc/skel/.cshrc

2
etc/rpki/afrinic.constraints
View File

@ -1,3 +1,5 @@
# $OpenBSD: afrinic.constraints,v 1.3 2023/12/19 08:10:19 job Exp $
# From https://www.iana.org/assignments/ipv4-address-space/
allow 41.0.0.0/8
allow 102.0.0.0/8

2
etc/rpki/apnic.constraints
View File

@ -1,3 +1,5 @@
# $OpenBSD: apnic.constraints,v 1.3 2023/12/19 08:10:19 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:200::/23
allow 2001:c00::/23

2
etc/rpki/arin.constraints
View File

@ -1,3 +1,5 @@
# $OpenBSD: arin.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:400::/23
allow 2001:1800::/23

2
etc/rpki/lacnic.constraints
View File

@ -1,3 +1,5 @@
# $OpenBSD: lacnic.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:1200::/23
allow 2800::/12

2
etc/rpki/ripe.constraints
View File

@ -1,3 +1,5 @@
# $OpenBSD: ripe.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:600::/23
allow 2001:800::/22

2
etc/skel/dot.version
View File

@ -1 +1 @@
# SecBSD 1.4-990f2b2: Fri Dec 15 04:12:50 UTC 2023 (Mictlantecuhtli)
# SecBSD 1.4-babd3ac: Tue Dec 19 00:03:02 UTC 2023 (Mictlantecuhtli)

56
lib/libc/stdlib/malloc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: malloc.c,v 1.294 2023/12/04 07:01:45 otto Exp $ */
/* $OpenBSD: malloc.c,v 1.295 2023/12/19 06:59:28 otto Exp $ */
/*
* Copyright (c) 2008, 2010, 2011, 2016, 2023 Otto Moerbeek <otto@drijf.net>
* Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
@ -288,6 +288,7 @@ caller(struct dir_info *d)
{
struct btnode p;
int level = DO_STATS;
if (level == 0)
return NULL;
@ -1165,8 +1166,7 @@ fill_canary(char *ptr, size_t sz, size_t allocated)
static void *
malloc_bytes(struct dir_info *d, size_t size)
{
u_int i, k, r, bucket, listnum;
int j;
u_int i, j, k, r, bucket, listnum;
u_short *lp;
struct chunk_info *bp;
void *p;
@ -1177,7 +1177,7 @@ malloc_bytes(struct dir_info *d, size_t size)
bucket = find_bucket(size);
r = ((u_int)getrbyte(d) << 8) | getrbyte(d);
r = getrbyte(d);
listnum = r % MALLOC_CHUNK_LISTS;
/* If it's empty, make a page more of that size chunks */
@ -1190,39 +1190,39 @@ malloc_bytes(struct dir_info *d, size_t size)
if (bp->canary != (u_short)d->canary1 || bucket != bp->bucket)
wrterror(d, "chunk info corrupted");
r /= MALLOC_CHUNK_LISTS;
/* do we need more random bits? */
if (bp->total > 256 / MALLOC_CHUNK_LISTS)
r = r << 8 | getrbyte(d);
/* bias, as bp->total is not a power of 2 */
i = (r / MALLOC_CHUNK_LISTS) % bp->total;
i = r % bp->total;
/* potentially start somewhere in a short */
lp = &bp->bits[i / MALLOC_BITS];
j = i % MALLOC_BITS; /* j must be signed */
if (*lp >> j) {
k = ffs(*lp >> j);
if (k != 0) {
k += j - 1;
goto found;
}
}
/* no bit halfway, go to next full short */
j = i % MALLOC_BITS;
i /= MALLOC_BITS;
for (;;) {
if (++i >= bp->offset)
i = 0;
lp = &bp->bits[i];
if (*lp) {
k = ffs(*lp) - 1;
break;
lp = &bp->bits[i];
/* potentially start somewhere in a short */
if (j > 0 && *lp >> j)
k = ffs(*lp >> j) + j;
else {
/* no bit halfway, go to next full short */
for (;;) {
if (*lp) {
k = ffs(*lp);
break;
}
if (++i >= bp->offset)
i = 0;
lp = &bp->bits[i];
}
}
found:
*lp ^= 1 << k;
*lp ^= 1 << --k;
/* If there are no more free, remove from free-list */
if (--bp->free == 0)
LIST_REMOVE(bp, entries);
/* Adjust to the real offset of that chunk */
k += (lp - bp->bits) * MALLOC_BITS;
k += i * MALLOC_BITS;
if (mopts.chunk_canaries && size > 0)
bp->bits[bp->offset + k] = size;
@ -1232,9 +1232,7 @@ found:
STATS_SETFN(r, k, d->caller);
}
k *= B2ALLOC(bucket);
p = (char *)bp->page + k;
p = (char *)bp->page + k * B2ALLOC(bucket);
if (bucket > 0) {
validate_junk(d, p, B2SIZE(bucket));
if (mopts.chunk_canaries)

44
lib/libc/sys/pinsyscalls.2
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: pinsyscalls.2,v 1.1 2023/12/11 00:34:24 deraadt Exp $
.\" $OpenBSD: pinsyscalls.2,v 1.4 2023/12/19 19:39:52 deraadt Exp $
.\"
.\" Copyright (c) 2023 Theo de Raadt <deraadt@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 11 2023 $
.Dd $Mdocdate: December 19 2023 $
.Dt PINSYSCALLS 2
.Os
.Sh NAME
@ -23,7 +23,7 @@
.Sh SYNOPSIS
.In sys/types.h
.Ft int
.Fn pinsyscalls "void *start" "size_t len" "uint *pintable" "size_t pintablesize"
.Fn pinsyscalls "void *start" "size_t len" "u_int *pintable" "int npins"
.Sh DESCRIPTION
The
.Fn pinsyscalls
@ -31,17 +31,24 @@ system call specifies the
.Va start
to
.Va start + len
range in the address space where the system call entry instructions are found,
and furthermore provides a table of uint offsets from that
.Va start
(indexed by the system call number) to
provide the precise location for the system call instruction required
for that system call number.
address space range where the system call entry instructions are found,
and a
.Va npins Ns
-sized array of u_int entries (indexed by the system call number)
which are offsets from the
.Va start .
.Pp
This provides the precise location for the system call instruction
required for each system call number.
Attempting to use a different system call entry instruction to perform
a non-corresponding system call operation will fail with signal
.Dv SIGABRT .
.Pp
.Fn pinsyscalls
is only called by the shared library linker
.Xr ld.so 1
to tell the kernel where system calls are found in the dynamic library
to tell the kernel where the text / executable region containing
system calls is found in the dynamic library
.Pa libc.so
(the filename is actually /usr/lib/libc.so.major.minor).
.Pp
@ -49,25 +56,22 @@ A similar setup operation is done automatically by the kernel for
the system calls found in
.Xr ld.so 1
and in static executables.
.Pp
Once the kernel knows the specific location in the address space where
a specific system call must be entered from, any attempt to use a different
system call entry instruction to perform a non-corresponding system call
operation will fail with signal
.Dv SIGABRT .
.Sh RETURN VALUES
.Rv -std
.Sh ERRORS
.Fn pinsyscalls
will fail if:
.Bl -tag -width Er
.It Bq Er EINVAL
Process already has a system call pinning table loaded.
.It Bq Er E2BIG
Implausible number of system calls provided.
.It Bq Er ENOMEM
Insufficient memory to service the request.
.It Bq Er EPERM
A static binary tried to call
.Fn pinsyscalls .
.Fn pinsyscalls , or it was called a second time.
.It Bq Er ERANGE
At least one system call offset is out of bounds.
At least one system call offset is beyond the bounds of
.Ar len .
.El
.Sh HISTORY
The

8
lib/libcrypto/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.156 2023/11/12 10:49:27 robert Exp $
# $OpenBSD: Makefile,v 1.159 2023/12/20 13:52:17 tb Exp $
LIB= crypto
LIBREBUILD=y
@ -284,7 +284,6 @@ SRCS+= ofb64enc.c
SRCS+= ofb_enc.c
SRCS+= pcbc_enc.c
SRCS+= qud_cksm.c
SRCS+= rand_key.c
SRCS+= set_key.c
SRCS+= str2key.c
SRCS+= xcbc_enc.c
@ -393,11 +392,8 @@ SRCS+= m_wp.c
SRCS+= names.c
SRCS+= p5_crpt.c
SRCS+= p5_crpt2.c
SRCS+= p_dec.c
SRCS+= p_enc.c
SRCS+= p_legacy.c
SRCS+= p_lib.c
SRCS+= p_open.c
SRCS+= p_seal.c
SRCS+= p_sign.c
SRCS+= p_verify.c
SRCS+= pmeth_fn.c

14
lib/libcrypto/asn1/tasn_prn.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tasn_prn.c,v 1.25 2023/07/05 21:23:36 beck Exp $ */
/* $OpenBSD: tasn_prn.c,v 1.26 2023/12/20 14:26:47 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
@ -395,15 +395,9 @@ static int
asn1_print_fsname(BIO *out, int indent, const char *fname, const char *sname,
const ASN1_PCTX *pctx)
{
static char spaces[] = " ";
const int nspaces = sizeof(spaces) - 1;
while (indent > nspaces) {
if (BIO_write(out, spaces, nspaces) != nspaces)
return 0;
indent -= nspaces;
}
if (BIO_write(out, spaces, indent) != indent)
if (indent < 0)
return 0;
if (!BIO_indent(out, indent, indent))
return 0;
if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
sname = NULL;

18
lib/libcrypto/cms/cms_pwri.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cms_pwri.c,v 1.29 2023/07/08 08:26:26 beck Exp $ */
/* $OpenBSD: cms_pwri.c,v 1.30 2023/12/20 18:38:19 tb Exp $ */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
@ -52,18 +52,20 @@
* ====================================================================
*/
#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include "cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/asn1.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/cms.h>
#include <openssl/rand.h>
#include <openssl/aes.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "cms_local.h"
#include "asn1/asn1_local.h"
#include "evp_local.h"
int
CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,

68
lib/libcrypto/des/rand_key.c
View File

@ -1,68 +0,0 @@
/* $OpenBSD: rand_key.c,v 1.9 2023/07/08 07:11:07 beck Exp $ */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdlib.h>
#include <openssl/des.h>
int
DES_random_key(DES_cblock *ret)
{
do {
arc4random_buf(ret, sizeof(DES_cblock));
DES_set_odd_parity(ret);
} while (DES_is_weak_key(ret));
return (1);
}

29
lib/libcrypto/des/set_key.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: set_key.c,v 1.23 2023/07/08 07:34:34 jsing Exp $ */
/* $OpenBSD: set_key.c,v 1.26 2023/12/20 06:30:04 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -56,14 +56,10 @@
* [including the GNU Public Licence.]
*/
/* set_key.c v 1.4 eay 24/9/91
* 1.4 Speed up by 400% :-)
* 1.3 added register declarations.
* 1.2 unrolled make_key_sched a bit more
* 1.1 added norm_expand_bits
* 1.0 First working version
*/
#include <stdlib.h>
#include <openssl/crypto.h>
#include "des_local.h"
int DES_check_key = 0; /* defaults to false */
@ -398,10 +394,13 @@ DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
{
return (DES_set_key(key, schedule));
}
/*
#undef des_fixup_key_parity
void des_fixup_key_parity(des_cblock *key)
{
des_set_odd_parity(key);
}
*/
int
DES_random_key(DES_cblock *ret)
{
do {
arc4random_buf(ret, sizeof(DES_cblock));
DES_set_odd_parity(ret);
} while (DES_is_weak_key(ret));
return (1);
}

9
lib/libcrypto/evp/cipher_method_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cipher_method_lib.c,v 1.10 2023/07/07 19:37:53 beck Exp $ */
/* $OpenBSD: cipher_method_lib.c,v 1.11 2023/12/20 14:05:58 tb Exp $ */
/*
* Written by Richard Levitte (levitte@openssl.org) for the OpenSSL project
* 2015.
@ -68,6 +68,13 @@ EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
{
EVP_CIPHER *cipher;
if (cipher_type < 0 || key_len < 0)
return NULL;
/* EVP_CipherInit() will fail for any other value. */
if (block_size != 1 && block_size != 8 && block_size != 16)
return NULL;
if ((cipher = calloc(1, sizeof(*cipher))) == NULL)
return NULL;

289
lib/libcrypto/evp/evp_enc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_enc.c,v 1.63 2023/12/16 17:40:22 tb Exp $ */
/* $OpenBSD: evp_enc.c,v 1.73 2023/12/20 14:15:19 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -78,7 +78,7 @@ EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
}
int
EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine,
const unsigned char *key, const unsigned char *iv, int enc)
{
if (enc == -1)
@ -122,7 +122,8 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
EVPerror(EVP_R_NO_CIPHER_SET);
return 0;
}
/* we assume block size is a power of 2 in *cryptUpdate */
/* Block sizes must be a power of 2 due to the use of block_mask. */
if (ctx->cipher->block_size != 1 &&
ctx->cipher->block_size != 8 &&
ctx->cipher->block_size != 16) {
@ -184,38 +185,39 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
if (!ctx->cipher->init(ctx, key, iv, enc))
return 0;
}
ctx->buf_len = 0;
ctx->partial_len = 0;
ctx->final_used = 0;
ctx->block_mask = ctx->cipher->block_size - 1;
return 1;
}
int
EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len,
const unsigned char *in, int in_len)
{
if (ctx->encrypt)
return EVP_EncryptUpdate(ctx, out, outl, in, inl);
return EVP_EncryptUpdate(ctx, out, out_len, in, in_len);
return EVP_DecryptUpdate(ctx, out, outl, in, inl);
return EVP_DecryptUpdate(ctx, out, out_len, in, in_len);
}
int
EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
{
if (ctx->encrypt)
return EVP_EncryptFinal_ex(ctx, out, outl);
return EVP_EncryptFinal_ex(ctx, out, out_len);
return EVP_DecryptFinal_ex(ctx, out, outl);
return EVP_DecryptFinal_ex(ctx, out, out_len);
}
int
EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
{
if (ctx->encrypt)
return EVP_EncryptFinal_ex(ctx, out, outl);
return EVP_EncryptFinal_ex(ctx, out, out_len);
return EVP_DecryptFinal_ex(ctx, out, outl);
return EVP_DecryptFinal_ex(ctx, out, out_len);
}
int
@ -226,7 +228,7 @@ EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
}
int
EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine,
const unsigned char *key, const unsigned char *iv)
{
return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1);
@ -240,7 +242,7 @@ EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
}
int
EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine,
const unsigned char *key, const unsigned char *iv)
{
return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
@ -260,9 +262,9 @@ EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
*/
int
EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
unsigned int inl)
unsigned int in_len)
{
return ctx->cipher->do_cipher(ctx, out, in, inl);
return ctx->cipher->do_cipher(ctx, out, in, in_len);
}
static int
@ -293,245 +295,254 @@ evp_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len,
}
int
EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len,
const unsigned char *in, int in_len)
{
const int block_size = ctx->cipher->block_size;
const int block_mask = ctx->block_mask;
int buf_offset = ctx->buf_len;
const int block_mask = block_size - 1;
int partial_len = ctx->partial_len;
int len = 0, total_len = 0;
*outl = 0;
*out_len = 0;
if (inl < 0)
if ((block_size & block_mask) != 0)
return 0;
if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)
if (in_len < 0)
return 0;
if (in_len == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)
return 1;
if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
return evp_cipher(ctx, out, outl, in, inl);
return evp_cipher(ctx, out, out_len, in, in_len);
if (buf_offset == 0 && (inl & block_mask) == 0)
return evp_cipher(ctx, out, outl, in, inl);
if (partial_len == 0 && (in_len & block_mask) == 0)
return evp_cipher(ctx, out, out_len, in, in_len);
/* XXX - check that block_size > buf_offset. */
/* XXX - check that block_size > partial_len. */
if (block_size > sizeof(ctx->buf)) {
EVPerror(EVP_R_BAD_BLOCK_LENGTH);
return 0;
}
if (buf_offset != 0) {
int buf_avail;
if (partial_len != 0) {
int partial_needed;
if ((buf_avail = block_size - buf_offset) > inl) {
memcpy(&ctx->buf[buf_offset], in, inl);
ctx->buf_len += inl;
if ((partial_needed = block_size - partial_len) > in_len) {
memcpy(&ctx->buf[partial_len], in, in_len);
ctx->partial_len += in_len;
return 1;
}
/*
* Once the first buf_avail bytes from in are processed, the
* amount of data left that is a multiple of the block length is
* (inl - buf_avail) & ~block_mask. Ensure that this plus the
* block processed from ctx->buf doesn't overflow.
* Once the first partial_needed bytes from in are processed,
* the number of multiples of block_size of data remaining is
* (in_len - partial_needed) & ~block_mask. Ensure that this
* plus the block processed from ctx->buf doesn't overflow.
*/
if (((inl - buf_avail) & ~block_mask) > INT_MAX - block_size) {
if (((in_len - partial_needed) & ~block_mask) > INT_MAX - block_size) {
EVPerror(EVP_R_TOO_LARGE);
return 0;
}
memcpy(&ctx->buf[buf_offset], in, buf_avail);
memcpy(&ctx->buf[partial_len], in, partial_needed);
len = 0;
if (!evp_cipher(ctx, out, &len, ctx->buf, block_size))
return 0;
total_len = len;
inl -= buf_avail;
in += buf_avail;
in_len -= partial_needed;
in += partial_needed;
out += len;
}
buf_offset = inl & block_mask;
if ((inl -= buf_offset) > 0) {
if (INT_MAX - inl < total_len)
partial_len = in_len & block_mask;
if ((in_len -= partial_len) > 0) {
if (INT_MAX - in_len < total_len)
return 0;
len = 0;
if (!evp_cipher(ctx, out, &len, in, inl))
if (!evp_cipher(ctx, out, &len, in, in_len))
return 0;
if (INT_MAX - len < total_len)
return 0;
total_len += len;
}
if (buf_offset != 0)
memcpy(ctx->buf, &in[inl], buf_offset);
ctx->buf_len = buf_offset;
if (partial_len != 0)
memcpy(ctx->buf, &in[in_len], partial_len);
ctx->partial_len = partial_len;
*outl = total_len;
*out_len = total_len;
return 1;
}
int
EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
{
return EVP_EncryptFinal_ex(ctx, out, outl);
return EVP_EncryptFinal_ex(ctx, out, out_len);
}
int
EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
{
int n;
unsigned int i, b, bl;
const int block_size = ctx->cipher->block_size;
int partial_len = ctx->partial_len;
int pad;
*outl = 0;
*out_len = 0;
if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
return evp_cipher(ctx, out, outl, NULL, 0);
return evp_cipher(ctx, out, out_len, NULL, 0);
b = ctx->cipher->block_size;
if (b > sizeof ctx->buf) {
/* XXX - check that block_size > partial_len. */
if (block_size > sizeof(ctx->buf)) {
EVPerror(EVP_R_BAD_BLOCK_LENGTH);
return 0;
}
if (b == 1) {
*outl = 0;
if (block_size == 1)
return 1;
}
bl = ctx->buf_len;
if (ctx->flags & EVP_CIPH_NO_PADDING) {
if (bl) {
if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {
if (partial_len != 0) {
EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
return 0;
}
*outl = 0;
return 1;
}
n = b - bl;
for (i = bl; i < b; i++)
ctx->buf[i] = n;
pad = block_size - partial_len;
memset(&ctx->buf[partial_len], pad, pad);
return evp_cipher(ctx, out, outl, ctx->buf, b);
return evp_cipher(ctx, out, out_len, ctx->buf, block_size);
}
int
EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len,
const unsigned char *in, int in_len)
{
int fix_len;
unsigned int b;
const int block_size = ctx->cipher->block_size;
const int block_mask = block_size - 1;
int len = 0, total_len = 0;
*outl = 0;
*out_len = 0;
if (inl < 0)
if ((block_size & block_mask) != 0)
return 0;
if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)
if (in_len < 0)
return 0;
if (in_len == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)
return 1;
if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
return evp_cipher(ctx, out, outl, in, inl);
return evp_cipher(ctx, out, out_len, in, in_len);
if (ctx->flags & EVP_CIPH_NO_PADDING)
return EVP_EncryptUpdate(ctx, out, outl, in, inl);
if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0)
return EVP_EncryptUpdate(ctx, out, out_len, in, in_len);
b = ctx->cipher->block_size;
if (b > sizeof ctx->final) {
if (block_size > sizeof(ctx->final)) {
EVPerror(EVP_R_BAD_BLOCK_LENGTH);
return 0;
}
if (ctx->final_used) {
/*
* final_used is only ever set if buf_len is 0. Therefore the
* maximum length output we will ever see from EVP_EncryptUpdate
* is inl & ~(b - 1). Since final_used is set, the final output
* length is (inl & ~(b - 1)) + b. Ensure it doesn't overflow.
* final_used is only set if partial_len is 0. Therefore the
* output from EVP_EncryptUpdate() is in_len & ~block_mask.
* Ensure (in_len & ~block_mask) + block_size doesn't overflow.
*/
if ((inl & ~(b - 1)) > INT_MAX - b) {
if ((in_len & ~block_mask) > INT_MAX - block_size) {
EVPerror(EVP_R_TOO_LARGE);
return 0;
}
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
} else
fix_len = 0;
memcpy(out, ctx->final, block_size);
out += block_size;
total_len = block_size;
}
ctx->final_used = 0;
if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
len = 0;
if (!EVP_EncryptUpdate(ctx, out, &len, in, in_len))
return 0;
/* if we have 'decrypted' a multiple of block size, make sure
* we have a copy of this last block */
if (b > 1 && !ctx->buf_len) {
*outl -= b;
/* Keep copy of last block if a multiple of block_size was decrypted. */
if (block_size > 1 && ctx->partial_len == 0) {
if (len < block_size)
return 0;
len -= block_size;
memcpy(ctx->final, &out[len], block_size);
ctx->final_used = 1;
memcpy(ctx->final, &out[*outl], b);
} else
ctx->final_used = 0;
}
if (fix_len)
*outl += b;
if (len > INT_MAX - total_len)
return 0;
total_len += len;
*out_len = total_len;
return 1;
}
int
EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
{
return EVP_DecryptFinal_ex(ctx, out, outl);
return EVP_DecryptFinal_ex(ctx, out, out_len);
}
int
EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len)
{
int i, n;
unsigned int b;
const int block_size = ctx->cipher->block_size;
int partial_len = ctx->partial_len;
int i, pad, plain_len;
*outl = 0;
*out_len = 0;
if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
return evp_cipher(ctx, out, outl, NULL, 0);
return evp_cipher(ctx, out, out_len, NULL, 0);
b = ctx->cipher->block_size;
if (ctx->flags & EVP_CIPH_NO_PADDING) {
if (ctx->buf_len) {
if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {
if (partial_len != 0) {
EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
return 0;
}
*outl = 0;
return 1;
}
if (b > 1) {
if (ctx->buf_len || !ctx->final_used) {
EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH);
return (0);
}
if (b > sizeof ctx->final) {
EVPerror(EVP_R_BAD_BLOCK_LENGTH);
if (block_size == 1)
return 1;
if (partial_len != 0 || !ctx->final_used) {
EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH);
return 0;
}
if (block_size > sizeof(ctx->final)) {
EVPerror(EVP_R_BAD_BLOCK_LENGTH);
return 0;
}
pad = ctx->final[block_size - 1];
if (pad <= 0 || pad > block_size) {
EVPerror(EVP_R_BAD_DECRYPT);
return 0;
}
plain_len = block_size - pad;
for (i = plain_len; i < block_size; i++) {
if (ctx->final[i] != pad) {
EVPerror(EVP_R_BAD_DECRYPT);
return 0;
}
n = ctx->final[b - 1];
if (n == 0 || n > (int)b) {
EVPerror(EVP_R_BAD_DECRYPT);
return (0);
}
for (i = 0; i < n; i++) {
if (ctx->final[--b] != n) {
EVPerror(EVP_R_BAD_DECRYPT);
return (0);
}
}
n = ctx->cipher->block_size - n;
for (i = 0; i < n; i++)
out[i] = ctx->final[i];
*outl = n;
} else
*outl = 0;
return (1);
}
memcpy(out, ctx->final, plain_len);
*out_len = plain_len;
return 1;
}
EVP_CIPHER_CTX *

5
lib/libcrypto/evp/evp_local.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_local.h,v 1.6 2023/11/29 21:35:57 tb Exp $ */
/* $OpenBSD: evp_local.h,v 1.8 2023/12/20 14:10:03 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
@ -168,7 +168,7 @@ struct evp_cipher_st {
struct evp_cipher_ctx_st {
const EVP_CIPHER *cipher;
int encrypt; /* encrypt or decrypt */
int buf_len; /* number we have left */
int partial_len; /* number of bytes written to buf */
unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
@ -180,7 +180,6 @@ struct evp_cipher_ctx_st {
unsigned long flags; /* Various flags */
void *cipher_data; /* per EVP data */
int final_used;
int block_mask;
unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
} /* EVP_CIPHER_CTX */;

94
lib/libcrypto/evp/p_dec.c
View File

@ -1,94 +0,0 @@
/* $OpenBSD: p_dec.c,v 1.15 2023/07/07 19:37:54 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <openssl/opensslconf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
#include "evp_local.h"
int
EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
EVP_PKEY *priv)
{
int ret = -1;
#ifndef OPENSSL_NO_RSA
if (priv->type != EVP_PKEY_RSA) {
#endif
EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
#ifndef OPENSSL_NO_RSA
goto err;
}
ret = RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa,
RSA_PKCS1_PADDING);
err:
#endif
return (ret);
}

91
lib/libcrypto/evp/p_enc.c
View File

@ -1,91 +0,0 @@
/* $OpenBSD: p_enc.c,v 1.15 2023/07/07 19:37:54 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <openssl/opensslconf.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
#include "evp_local.h"
int
EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len,
EVP_PKEY *pubk)
{
int ret = 0;
#ifndef OPENSSL_NO_RSA
if (pubk->type != EVP_PKEY_RSA) {
#endif
EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
#ifndef OPENSSL_NO_RSA
goto err;
}
ret = RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa, RSA_PKCS1_PADDING);
err:
#endif
return (ret);
}

86
lib/libcrypto/evp/p_open.c → lib/libcrypto/evp/p_legacy.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p_open.c,v 1.23 2023/07/07 19:37:54 beck Exp $ */
/* $OpenBSD: p_legacy.c,v 1.2 2023/12/20 13:52:17 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -56,21 +56,41 @@
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_RSA
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include "evp_local.h"
int
EVP_PKEY_decrypt_old(unsigned char *to, const unsigned char *from, int from_len,
EVP_PKEY *pkey)
{
if (pkey->type != EVP_PKEY_RSA) {
EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
return -1;
}
return RSA_private_decrypt(from_len, from, to, pkey->pkey.rsa,
RSA_PKCS1_PADDING);
}
int
EVP_PKEY_encrypt_old(unsigned char *to, const unsigned char *from, int from_len,
EVP_PKEY *pkey)
{
if (pkey->type != EVP_PKEY_RSA) {
EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA);
return 0;
}
return RSA_public_encrypt(from_len, from, to, pkey->pkey.rsa,
RSA_PKCS1_PADDING);
}
int
EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv)
@ -125,4 +145,48 @@ EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
return (i);
}
#endif
int
EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
{
unsigned char key[EVP_MAX_KEY_LENGTH];
int i, iv_len;
if (type) {
EVP_CIPHER_CTX_init(ctx);
if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
return 0;
}
if ((npubk <= 0) || !pubk)
return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0;
/* XXX - upper bound? */
if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
return 0;
if (iv_len > 0)
arc4random_buf(iv, iv_len);
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
return 0;
for (i = 0; i < npubk; i++) {
ekl[i] = EVP_PKEY_encrypt_old(ek[i], key,
EVP_CIPHER_CTX_key_length(ctx), pubk[i]);
if (ekl[i] <= 0)
return (-1);
}
return (npubk);
}
int
EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int i;
i = EVP_EncryptFinal_ex(ctx, out, outl);
if (i)
i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
return i;
}

127
lib/libcrypto/evp/p_seal.c
View File

@ -1,127 +0,0 @@
/* $OpenBSD: p_seal.c,v 1.17 2023/11/18 09:37:15 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <openssl/opensslconf.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
int
EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
{
unsigned char key[EVP_MAX_KEY_LENGTH];
int i, iv_len;
if (type) {
EVP_CIPHER_CTX_init(ctx);
if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
return 0;
}
if ((npubk <= 0) || !pubk)
return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0;
/* XXX - upper bound? */
if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
return 0;
if (iv_len > 0)
arc4random_buf(iv, iv_len);
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
return 0;
for (i = 0; i < npubk; i++) {
ekl[i] = EVP_PKEY_encrypt_old(ek[i], key,
EVP_CIPHER_CTX_key_length(ctx), pubk[i]);
if (ekl[i] <= 0)
return (-1);
}
return (npubk);
}
/* MACRO
void EVP_SealUpdate(ctx,out,outl,in,inl)
EVP_CIPHER_CTX *ctx;
unsigned char *out;
int *outl;
unsigned char *in;
int inl;
{
EVP_EncryptUpdate(ctx,out,outl,in,inl);
}
*/
int
EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
int i;
i = EVP_EncryptFinal_ex(ctx, out, outl);
if (i)
i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
return i;
}

5
libexec/ld.so/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.85 2023/07/08 11:03:45 jasper Exp $
# $OpenBSD: Makefile,v 1.86 2023/12/20 14:54:29 deraadt Exp $
SUBDIR=ldconfig ldd
MAN= ld.so.1
@ -29,7 +29,8 @@ SRCS+= malloc.c reallocarray.c tib.c ffs.c
syscall=close exit fstat getdents getentropy getthrid issetugid kbind \
mimmutable mmap mprotect munmap msyscall open pledge pinsyscall \
read __realpath sendsyslog __set_tcb sysctl thrkill utrace write
pinsyscalls read __realpath sendsyslog __set_tcb sysctl thrkill \
utrace write
.if (${MACHINE_ARCH} == "i386")
syscall+=mquery

6
libexec/ld.so/aarch64/ld.script
View File

@ -1,8 +1,8 @@
PHDRS
{
rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
text PT_LOAD FLAGS (1);
btext PT_LOAD FLAGS (0x08000001);
text PT_LOAD FLAGS (1);
data PT_LOAD;
random PT_OPENBSD_RANDOMIZE;
syscalls PT_OPENBSD_SYSCALLS;
@ -23,8 +23,6 @@ SECTIONS
/* TEXT */
. = ALIGN(0x10000);
.text : { *(.text .text.*) } :text
. = ALIGN(0x1000);
.boot.text :
{
. = ALIGN(0x1000);
@ -33,6 +31,8 @@ SECTIONS
. = ALIGN(0x1000);
boot_text_end = .;
} :btext
. = ALIGN(0x1000);
.text : { *(.text .text.*) } :text
/* RELRO DATA */
. = DATA_SEGMENT_ALIGN (0x10000, 0x1000);

4
libexec/ld.so/alpha/ld.script
View File

@ -23,8 +23,6 @@ SECTIONS
/* TEXT */
. = ALIGN(0x10000);
.text : { *(.text .text.*) } :text
. = ALIGN(0x2000);
.boot.text :
{
. = ALIGN(0x2000);
@ -33,6 +31,8 @@ SECTIONS
*(.boot.text)
boot_text_end = .;
} :btext
. = ALIGN(0x2000);
.text : { *(.text .text.*) } :text
/* RELRO DATA */
. = DATA_SEGMENT_ALIGN (0x10000, 0x2000);

2
libexec/ld.so/amd64/ld.script
View File

@ -1,8 +1,8 @@
PHDRS
{
rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
text PT_LOAD FLAGS (1);
btext PT_LOAD FLAGS (0x08000005);
text PT_LOAD FLAGS (1);
data PT_LOAD;
random PT_OPENBSD_RANDOMIZE;
syscalls PT_OPENBSD_SYSCALLS;

6
libexec/ld.so/arm/ld.script
View File

@ -1,8 +1,8 @@
PHDRS
{
rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
text PT_LOAD;
btext PT_LOAD FLAGS (0x08000005);
text PT_LOAD;
data PT_LOAD;
random PT_OPENBSD_RANDOMIZE;
syscalls PT_OPENBSD_SYSCALLS;
@ -24,8 +24,6 @@ SECTIONS
/* TEXT */
. = ALIGN(0x10000);
.text : { *(.text .text.*) } :text
. = ALIGN(0x1000);
.boot.text :
{
. = ALIGN(0x1000);
@ -34,6 +32,8 @@ SECTIONS
. = ALIGN(0x1000);
boot_text_end = .;
} :btext
. = ALIGN(0x1000);
.text : { *(.text .text.*) } :text
/* RELRO DATA */
. = DATA_SEGMENT_ALIGN (0x10000, 0x1000);

4
libexec/ld.so/dlfcn.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dlfcn.c,v 1.115 2023/08/15 06:26:34 guenther Exp $ */
/* $OpenBSD: dlfcn.c,v 1.116 2023/12/19 16:13:22 deraadt Exp $ */
/*
* Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@ -44,7 +44,7 @@ static int _dl_real_close(void *handle);
static lock_cb *_dl_thread_fnc = NULL;
static elf_object_t *obj_from_addr(const void *addr);
#define OK_FLAGS (0 \
#define OK_FLAGS (0 \
| RTLD_TRACE \
| RTLD_LAZY \
| RTLD_NOW \

6
libexec/ld.so/hppa/ld.script
View File

@ -1,8 +1,8 @@
PHDRS
{
rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
text PT_LOAD FLAGS (1);
btext PT_LOAD FLAGS (0x08000005);
text PT_LOAD FLAGS (1);
pltgot PT_LOAD;
data PT_LOAD;
random PT_OPENBSD_RANDOMIZE;
@ -24,8 +24,6 @@ SECTIONS
/* TEXT */
. = ALIGN(0x1000);
.text : { *(.text .text.*) } :text
. = ALIGN(0x1000);
.boot.text :
{
. = ALIGN(0x1000);
@ -34,6 +32,8 @@ SECTIONS
. = ALIGN(0x1000);
boot_text_end = .;
} :btext
. = ALIGN(0x1000);
.text : { *(.text .text.*) } :text
/* PLT and GOT */
. = ALIGN(0x1000);

2
libexec/ld.so/i386/ld.script
View File

@ -1,8 +1,8 @@
PHDRS
{
rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
text PT_LOAD FLAGS (1);
btext PT_LOAD FLAGS (0x08000005);
text PT_LOAD FLAGS (1);
data PT_LOAD;
random PT_OPENBSD_RANDOMIZE;
syscalls PT_OPENBSD_SYSCALLS;

3
libexec/ld.so/library.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: library.c,v 1.92 2023/08/15 06:23:31 guenther Exp $ */
/* $OpenBSD: library.c,v 1.93 2023/12/19 16:13:22 deraadt Exp $ */
/*
* Copyright (c) 2002 Dale Rahn
@ -316,7 +316,6 @@ _dl_tryload_shlib(const char *libname, int type, int flags, int nodelete)
_dl_push_range_size(&mut, phdp->p_vaddr + loff,
phdp->p_memsz);
break;
default:
break;
}

4
libexec/ld.so/library_mquery.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: library_mquery.c,v 1.72 2023/08/15 06:23:31 guenther Exp $ */
/* $OpenBSD: library_mquery.c,v 1.73 2023/12/19 16:13:22 deraadt Exp $ */
/*
* Copyright (c) 2002 Dale Rahn
@ -60,7 +60,6 @@ _dl_load_list_free(struct load_list *load_list)
}
}
void
_dl_unload_shlib(elf_object_t *object)
{
@ -99,7 +98,6 @@ unload:
}
}
elf_object_t *
_dl_tryload_shlib(const char *libname, int type, int flags, int nodelete)
{

6
libexec/ld.so/loader.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: loader.c,v 1.216 2023/12/18 17:19:07 deraadt Exp $ */
/* $OpenBSD: loader.c,v 1.218 2023/12/19 16:13:22 deraadt Exp $ */
/*
* Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@ -171,7 +171,6 @@ _dl_run_all_dtors(void)
}
}
for (node = _dl_objects;
node != NULL;
node = node->next ) {
@ -483,8 +482,8 @@ __asm__(".pushsection .openbsd.syscalls,\"\",%progbits;"
".popsection");
#else
__asm__(".pushsection .openbsd.syscalls,\"\",@progbits;"
".long 0;"
".p2align 2;"
".long 0;"
".long " STRINGIFY(SYS_kbind) ";"
".popsection");
#endif
@ -1139,5 +1138,4 @@ _dl_apply_immutable(elf_object_t *object)
}
}
}

2
libexec/ld.so/m88k/ld.script
View File

@ -1,8 +1,8 @@
PHDRS
{
rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
text PT_LOAD;
btext PT_LOAD FLAGS (0x08000005);
text PT_LOAD;
data PT_LOAD;
random PT_OPENBSD_RANDOMIZE;
syscalls PT_OPENBSD_SYSCALLS;

2
libexec/ld.so/mips64/ld.script
View File

@ -1,8 +1,8 @@
PHDRS
{
rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
text PT_LOAD FLAGS (1);
btext PT_LOAD FLAGS (0x08000005);
text PT_LOAD FLAGS (1);
data PT_LOAD;
random PT_OPENBSD_RANDOMIZE;
syscalls PT_OPENBSD_SYSCALLS;

2
libexec/ld.so/powerpc/ld.script
View File

@ -1,8 +1,8 @@
PHDRS
{
rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
text PT_LOAD FLAGS (1);
btext PT_LOAD FLAGS (0x08000005);
text PT_LOAD FLAGS (1);
data PT_LOAD;
random PT_OPENBSD_RANDOMIZE;
syscalls PT_OPENBSD_SYSCALLS;

4
libexec/ld.so/resolve.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: resolve.h,v 1.105 2023/08/15 06:26:34 guenther Exp $ */
/* $OpenBSD: resolve.h,v 1.106 2023/12/19 16:13:22 deraadt Exp $ */
/*
* Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@ -73,7 +73,7 @@ typedef struct elf_object elf_object_t;
struct object_vector {
int len;
int alloc;
elf_object_t **vec;
elf_object_t **vec;
};
void object_vec_grow(struct object_vector *_vec, int _more);

6
libexec/ld.so/riscv64/ld.script
View File

@ -1,8 +1,8 @@
PHDRS
{
rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
text PT_LOAD FLAGS (1);
btext PT_LOAD FLAGS (0x08000005);
text PT_LOAD FLAGS (1);
data PT_LOAD;
random PT_OPENBSD_RANDOMIZE;
syscalls PT_OPENBSD_SYSCALLS;
@ -23,8 +23,6 @@ SECTIONS
/* TEXT */
. = ALIGN(0x10000);
.text : { *(.text .text.*) } :text
. = ALIGN(0x1000);
.boot.text :
{
. = ALIGN(0x1000);
@ -33,6 +31,8 @@ SECTIONS
. = ALIGN(0x1000);
boot_text_end = .;
} :btext
. = ALIGN(0x1000);
.text : { *(.text .text.*) } :text
/* RELRO DATA */
. = DATA_SEGMENT_ALIGN (0x10000, 0x1000);

6
libexec/ld.so/sh/ld.script
View File

@ -1,8 +1,8 @@
PHDRS
{
rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
text PT_LOAD FLAGS (5); /* architecturally required data islands */
btext PT_LOAD FLAGS (0x08000005);
text PT_LOAD FLAGS (5); /* architecturally required data islands */
data PT_LOAD;
random PT_OPENBSD_RANDOMIZE;
syscalls PT_OPENBSD_SYSCALLS;
@ -23,14 +23,14 @@ SECTIONS
/* TEXT */
. = ALIGN (0x1000);
.text : { *(.text .text.*) } :text =0xc3c3c3c3
. = ALIGN (0x1000);
.boot.text :
{
boot_text_start = .;
*(.boot.text)
boot_text_end = .;
} :btext
. = ALIGN (0x1000);
.text : { *(.text .text.*) } :text =0xc3c3c3c3
/* RELRO DATA */
. = DATA_SEGMENT_ALIGN (0x10000, 0x1000);

4
libexec/ld.so/sparc64/ld.script
View File

@ -1,8 +1,8 @@
PHDRS
{
rodata PT_LOAD FILEHDR PHDRS FLAGS (4);
text PT_LOAD FLAGS (1);
btext PT_LOAD FLAGS (0x08000005);
text PT_LOAD FLAGS (1);
data PT_LOAD;
random PT_OPENBSD_RANDOMIZE;
syscalls PT_OPENBSD_SYSCALLS;
@ -31,7 +31,7 @@ SECTIONS
. = ALIGN(0x2000);
boot_text_end = .;
} :btext =0
. = ALIGN(0x100000);
. = ALIGN(0x2000);
.text : { *(.text .text.*) } :text =0
/* RELRO DATA */

3
libexec/ld.so/syscall.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: syscall.h,v 1.5 2023/12/12 17:39:14 deraadt Exp $ */
/* $OpenBSD: syscall.h,v 1.6 2023/12/20 14:54:29 deraadt Exp $ */
/*
* Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@ -52,6 +52,7 @@ int _dl_mprotect(const void *, size_t, int);
void *_dl_mquery(void *, size_t, int, int, int, off_t);
int _dl_msyscall(void *addr, size_t len);
int _dl_pinsyscall(int, void *addr, size_t len);
int _dl_pinsyscalls(void *base, size_t len, u_int *pin, int pinlen);
int _dl_munmap(const void *, size_t);
int _dl_mimmutable(const void *, size_t);
int _dl_open(const char *, int);

5
regress/usr.sbin/btrace/arithm.bt
View File

@ -3,7 +3,7 @@ BEGIN
@a = 10;
@b = 5;
printf("a + b = %d\n", @a + @b);
printf("a + b + 0xf = %d\n", @a + @b + 0xf);
}
END
@ -11,5 +11,6 @@ END
printf("a - b = %d\n", @a - @b);
$c = @a + 2 * @b;
printf("c = %d, total = %d\n", $c, ($c - @b) / 5);
$d = @a + 0xf5;
printf("c = %d, d = 0x%x, total = %d\n", $c, $d, ($c - @b) / 5);
}

4
regress/usr.sbin/btrace/arithm.ok
View File

@ -1,3 +1,3 @@
a + b = 15
a + b + 0xf = 30
a - b = 5
c = 20, total = 3
c = 20, d = 0xff, total = 3

4
sbin/isakmpd/ipsec.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ipsec.c,v 1.153 2023/08/07 04:01:29 dlg Exp $ */
/* $OpenBSD: ipsec.c,v 1.154 2023/12/20 00:34:13 tobhe Exp $ */
/* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */
/*
@ -393,8 +393,6 @@ ipsec_sa_iface(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
char *section, *value;
const char *errstr = NULL;
sa->tag = NULL;
if (exchange->name == NULL ||
(section = exchange->name) == NULL ||
(value = conf_get_str(section, "Interface")) == NULL)

6
share/man/man5/python-module.5
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: python-module.5,v 1.7 2022/12/06 16:18:51 sthen Exp $
.\" $OpenBSD: python-module.5,v 1.8 2023/12/20 13:30:51 sthen Exp $
.\"
.\" Copyright (c) 2008 Marc Espie
.\"
@ -24,7 +24,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 6 2022 $
.Dd $Mdocdate: December 20 2023 $
.Dt PYTHON-MODULE 5
.Os
.Sh NAME
@ -127,7 +127,7 @@ and sets
In rare cases, the build backend is distributed with the software
itself and
.Ev MODPY_PYBUILD
can be set to Yes to use this mechanism without adding a dependency
can be set to bootstrap to use this mechanism without adding a dependency
for another backend.
.Pp
Older ports using setuptools still set

7
share/man/man9/malloc.9
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: malloc.9,v 1.70 2023/07/03 06:45:44 guenther Exp $
.\" $OpenBSD: malloc.9,v 1.71 2023/12/19 14:40:04 deraadt Exp $
.\" $NetBSD: malloc.9,v 1.2 1996/10/30 05:29:54 lukem Exp $
.\"
.\" Copyright (c) 1996 The NetBSD Foundation, Inc.
@ -28,7 +28,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 3 2023 $
.Dd $Mdocdate: December 19 2023 $
.Dt MALLOC 9
.Os
.Sh NAME
@ -238,6 +238,9 @@ Argument lists & other mem used by exec.
Miscellaneous FS mount structures.
.It Dv M_FUSEFS
FUSE FS mount structures.
.It Dv M_PINSYSCALL
.Xr pinsyscall 2
related data.
.It Dv M_PFKEY
Pfkey data.
.It Dv M_TDB

37
sys/dev/ic/nvme.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: nvme.c,v 1.106 2022/11/25 03:20:09 dlg Exp $ */
/* $OpenBSD: nvme.c,v 1.107 2023/12/20 13:37:25 krw Exp $ */
/*
* Copyright (c) 2014 David Gwynne <dlg@openbsd.org>
@ -83,6 +83,7 @@ void nvme_scsi_cmd(struct scsi_xfer *);
void nvme_minphys(struct buf *, struct scsi_link *);
int nvme_scsi_probe(struct scsi_link *);
void nvme_scsi_free(struct scsi_link *);
uint64_t nvme_scsi_size(struct nvm_identify_namespace *);
#ifdef HIBERNATE
#include <uvm/uvm_extern.h>
@ -470,7 +471,7 @@ nvme_scsi_probe(struct scsi_link *link)
identify = NVME_DMA_KVA(mem);
if (rv == 0) {
if (lemtoh64(&identify->nsze) > 0) {
if (nvme_scsi_size(identify) > 0) {
/* Commit namespace if it has a size greater than zero. */
identify = malloc(sizeof(*identify), M_DEVBUF, M_WAITOK);
memcpy(identify, NVME_DMA_KVA(mem), sizeof(*identify));
@ -812,7 +813,7 @@ nvme_scsi_capacity16(struct scsi_xfer *xs)
struct nvme_softc *sc = link->bus->sb_adapter_softc;
struct nvm_identify_namespace *ns;
struct nvm_namespace_format *f;
u_int64_t nsze;
u_int64_t addr;
u_int16_t tpe = READ_CAP_16_TPE;
ns = sc->sc_namespaces[link->target].ident;
@ -823,12 +824,11 @@ nvme_scsi_capacity16(struct scsi_xfer *xs)
return;
}
/* sd_read_cap_16() will add one */
nsze = lemtoh64(&ns->nsze) - 1;
addr = nvme_scsi_size(ns) - 1;
f = &ns->lbaf[NVME_ID_NS_FLBAS(ns->flbas)];
memset(&rcd, 0, sizeof(rcd));
_lto8b(nsze, rcd.addr);
_lto8b(addr, rcd.addr);
_lto4b(1 << f->lbads, rcd.length);
_lto2b(tpe, rcd.lowest_aligned);
@ -846,7 +846,7 @@ nvme_scsi_capacity(struct scsi_xfer *xs)
struct nvme_softc *sc = link->bus->sb_adapter_softc;
struct nvm_identify_namespace *ns;
struct nvm_namespace_format *f;
u_int64_t nsze;
u_int64_t addr;
ns = sc->sc_namespaces[link->target].ident;
@ -856,15 +856,14 @@ nvme_scsi_capacity(struct scsi_xfer *xs)
return;
}
/* sd_read_cap_10() will add one */
nsze = lemtoh64(&ns->nsze) - 1;
if (nsze > 0xffffffff)
nsze = 0xffffffff;
addr = nvme_scsi_size(ns) - 1;
if (addr > 0xffffffff)
addr = 0xffffffff;
f = &ns->lbaf[NVME_ID_NS_FLBAS(ns->flbas)];
memset(&rcd, 0, sizeof(rcd));
_lto4b(nsze, rcd.addr);
_lto4b(addr, rcd.addr);
_lto4b(1 << f->lbads, rcd.length);
memcpy(xs->data, &rcd, MIN(sizeof(rcd), xs->datalen));
@ -885,6 +884,20 @@ nvme_scsi_free(struct scsi_link *link)
free(identify, M_DEVBUF, sizeof(*identify));
}
uint64_t
nvme_scsi_size(struct nvm_identify_namespace *ns)
{
uint64_t ncap, nsze;
ncap = lemtoh64(&ns->ncap); /* Max allowed allocation. */
nsze = lemtoh64(&ns->nsze);
if ((ns->nsfeat & NVME_ID_NS_NSFEAT_THIN_PROV) && ncap < nsze)
return ncap;
else
return nsze;
}
uint32_t
nvme_op_sq_enter(struct nvme_softc *sc,
struct nvme_queue *q, struct nvme_ccb *ccb)

3
sys/dev/ic/nvmereg.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: nvmereg.h,v 1.12 2023/12/11 14:27:09 krw Exp $ */
/* $OpenBSD: nvmereg.h,v 1.13 2023/12/20 13:37:25 krw Exp $ */
/*
* Copyright (c) 2014 David Gwynne <dlg@openbsd.org>
@ -363,6 +363,7 @@ struct nvm_identify_namespace {
u_int64_t nuse; /* Namespace Utilization */
u_int8_t nsfeat; /* Namespace Features */
#define NVME_ID_NS_NSFEAT_THIN_PROV (1 << 0)
u_int8_t nlbaf; /* Number of LBA Formats */
u_int8_t flbas; /* Formatted LBA Size */
#define NVME_ID_NS_FLBAS(_f) ((_f) & 0x0f)

3
sys/dev/pci/if_iwm.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: if_iwm.c,v 1.412 2023/11/06 08:34:41 stsp Exp $ */
/* $OpenBSD: if_iwm.c,v 1.413 2023/12/20 07:32:05 stsp Exp $ */
/*
* Copyright (c) 2014, 2016 genua gmbh <info@genua.de>
@ -7704,6 +7704,7 @@ iwm_fill_probe_req(struct iwm_softc *sc, struct iwm_scan_probe_req *preq)
return ENOBUFS;
frm = ieee80211_add_vhtcaps(frm, ic);
remain -= frm - pos;
preq->band_data[1].len = htole16(frm - pos);
}
}

38
sys/dev/pci/if_iwx.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: if_iwx.c,v 1.177 2023/10/06 15:15:29 stsp Exp $ */
/* $OpenBSD: if_iwx.c,v 1.179 2023/12/20 07:33:32 stsp Exp $ */
/*
* Copyright (c) 2014, 2016 genua gmbh <info@genua.de>
@ -402,7 +402,6 @@ void iwx_tx_update_byte_tbl(struct iwx_softc *, struct iwx_tx_ring *, int,
uint16_t, uint16_t);
int iwx_tx(struct iwx_softc *, struct mbuf *, struct ieee80211_node *);
int iwx_flush_sta_tids(struct iwx_softc *, int, uint16_t);
int iwx_wait_tx_queues_empty(struct iwx_softc *);
int iwx_drain_sta(struct iwx_softc *sc, struct iwx_node *, int);
int iwx_flush_sta(struct iwx_softc *, struct iwx_node *);
int iwx_beacon_filter_send_cmd(struct iwx_softc *,
@ -6387,10 +6386,7 @@ iwx_flush_sta_tids(struct iwx_softc *sc, int sta_id, uint16_t tids)
}
resp_len = iwx_rx_packet_payload_len(pkt);
/* Some firmware versions don't provide a response. */
if (resp_len == 0)
goto out;
else if (resp_len != sizeof(*resp)) {
if (resp_len != sizeof(*resp)) {
err = EIO;
goto out;
}
@ -6431,28 +6427,6 @@ out:
#define IWX_FLUSH_WAIT_MS 2000
int
iwx_wait_tx_queues_empty(struct iwx_softc *sc)
{
int i, err;
for (i = 0; i < nitems(sc->txq); i++) {
struct iwx_tx_ring *ring = &sc->txq[i];
if (i == IWX_DQA_CMD_QUEUE)
continue;
while (ring->queued > 0) {
err = tsleep_nsec(ring, 0, "iwxflush",
MSEC_TO_NSEC(IWX_FLUSH_WAIT_MS));
if (err)
return err;
}
}
return 0;
}
int
iwx_drain_sta(struct iwx_softc *sc, struct iwx_node* in, int drain)
{
@ -6510,13 +6484,6 @@ iwx_flush_sta(struct iwx_softc *sc, struct iwx_node *in)
goto done;
}
err = iwx_wait_tx_queues_empty(sc);
if (err) {
printf("%s: Could not empty Tx queues (error %d)\n",
DEVNAME(sc), err);
goto done;
}
err = iwx_drain_sta(sc, in, 0);
done:
sc->sc_flags &= ~IWX_FLAG_TXFLUSH;
@ -6977,6 +6944,7 @@ iwx_fill_probe_req(struct iwx_softc *sc, struct iwx_scan_probe_req *preq)
return ENOBUFS;
frm = ieee80211_add_vhtcaps(frm, ic);
remain -= frm - pos;
preq->band_data[1].len = htole16(frm - pos);
}
}

11
sys/dev/pv/if_vio.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: if_vio.c,v 1.28 2023/12/11 09:40:42 jan Exp $ */
/* $OpenBSD: if_vio.c,v 1.29 2023/12/20 09:51:06 jan Exp $ */
/*
* Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg.
@ -47,6 +47,7 @@
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <netinet/ip.h>
#include <netinet/ip6.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
@ -592,7 +593,8 @@ vio_attach(struct device *parent, struct device *self, void *aux)
ifp->if_ioctl = vio_ioctl;
ifp->if_capabilities = IFCAP_VLAN_MTU;
if (virtio_has_feature(vsc, VIRTIO_NET_F_CSUM))
ifp->if_capabilities |= IFCAP_CSUM_TCPv4|IFCAP_CSUM_UDPv4;
ifp->if_capabilities |= IFCAP_CSUM_TCPv4|IFCAP_CSUM_UDPv4|
IFCAP_CSUM_TCPv6|IFCAP_CSUM_UDPv6;
ifq_init_maxlen(&ifp->if_snd, vsc->sc_vqs[1].vq_num - 1);
ifmedia_init(&sc->sc_media, 0, vio_media_change, vio_media_status);
ifmedia_add(&sc->sc_media, IFM_ETHER | IFM_AUTO, 0, NULL);
@ -764,7 +766,10 @@ again:
if (ext.ip4)
hdr->csum_start += ext.ip4->ip_hl << 2;
#ifdef INET6
else if (ext.ip6)
hdr->csum_start += sizeof(*ext.ip6);
#endif
hdr->flags = VIRTIO_NET_HDR_F_NEEDS_CSUM;
}

4
sys/kern/init_sysent.c
View File

@ -1,10 +1,10 @@
/* $OpenBSD: init_sysent.c,v 1.272 2023/12/12 15:32:59 deraadt Exp $ */
/* $OpenBSD: init_sysent.c,v 1.273 2023/12/19 06:59:17 deraadt Exp $ */
/*
* System call switch table.
*
* DO NOT EDIT-- this file is automatically generated.
* created from; OpenBSD: syscalls.master,v 1.254 2023/12/12 15:30:55 deraadt Exp
* created from; OpenBSD: syscalls.master,v 1.255 2023/12/19 06:58:36 deraadt Exp
*/
#include <sys/param.h>

4
sys/kern/syscalls.c
View File

@ -1,10 +1,10 @@
/* $OpenBSD: syscalls.c,v 1.270 2023/12/12 15:32:59 deraadt Exp $ */
/* $OpenBSD: syscalls.c,v 1.271 2023/12/19 06:59:17 deraadt Exp $ */
/*
* System call names.
*
* DO NOT EDIT-- this file is automatically generated.
* created from; OpenBSD: syscalls.master,v 1.254 2023/12/12 15:30:55 deraadt Exp
* created from; OpenBSD: syscalls.master,v 1.255 2023/12/19 06:58:36 deraadt Exp
*/
const char *const syscallnames[] = {

4
sys/kern/syscalls.master
View File

@ -1,4 +1,4 @@
; $OpenBSD: syscalls.master,v 1.254 2023/12/12 15:30:55 deraadt Exp $
; $OpenBSD: syscalls.master,v 1.255 2023/12/19 06:58:36 deraadt Exp $
; $NetBSD: syscalls.master,v 1.32 1996/04/23 10:24:21 mycroft Exp $
; @(#)syscalls.master 8.2 (Berkeley) 1/13/94
@ -307,7 +307,7 @@
156 OBSOL ogetdirentries
157 OBSOL statfs25
158 STD { int sys_pinsyscalls(void *base, size_t len, \
uint *pins, size_t pinslen); }
u_int *pins, int npins); }
159 STD { int sys_mimmutable(void *addr, size_t len); }
160 STD { int sys_waitid(int idtype, id_t id, \
siginfo_t *info, int options); }

10
sys/kern/uipc_socket.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uipc_socket.c,v 1.310 2023/12/18 13:11:20 bluhm Exp $ */
/* $OpenBSD: uipc_socket.c,v 1.312 2023/12/19 21:34:22 bluhm Exp $ */
/* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */
/*
@ -832,13 +832,12 @@ bad:
*mp = NULL;
solock_shared(so);
pru_lock(so);
restart:
if ((error = sblock(so, &so->so_rcv, SBLOCKWAIT(flags))) != 0) {
pru_unlock(so);
sounlock_shared(so);
return (error);
}
pru_lock(so);
m = so->so_rcv.sb_mb;
#ifdef SOCKET_SPLICE
@ -908,7 +907,6 @@ restart:
sounlock_shared(so);
return (error);
}
pru_lock(so);
goto restart;
}
dontblock:
@ -1141,13 +1139,14 @@ dontblock:
break;
SBLASTRECORDCHK(&so->so_rcv, "soreceive sbwait 2");
SBLASTMBUFCHK(&so->so_rcv, "soreceive sbwait 2");
pru_unlock(so);
error = sbwait(so, &so->so_rcv);
if (error) {
sbunlock(so, &so->so_rcv);
pru_unlock(so);
sounlock_shared(so);
return (0);
}
pru_lock(so);
if ((m = so->so_rcv.sb_mb) != NULL)
nextrecord = m->m_nextpkt;
}
@ -1181,6 +1180,7 @@ dontblock:
(flags & MSG_EOR) == 0 &&
(so->so_rcv.sb_state & SS_CANTRCVMORE) == 0) {
sbunlock(so, &so->so_rcv);
pru_unlock(so);
goto restart;
}

6
sys/net/if_pflow.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: if_pflow.c,v 1.106 2023/12/16 22:16:02 mvs Exp $ */
/* $OpenBSD: if_pflow.c,v 1.107 2023/12/19 20:34:10 mvs Exp $ */
/*
* Copyright (c) 2011 Florian Obser <florian@narrans.de>
@ -277,12 +277,12 @@ pflow_clone_create(struct if_clone *ifc, int unit)
timeout_set_proc(&pflowif->sc_tmo6, pflow_timeout6, pflowif);
timeout_set_proc(&pflowif->sc_tmo_tmpl, pflow_timeout_tmpl, pflowif);
task_set(&pflowif->sc_outputtask, pflow_output_process, pflowif);
if_counters_alloc(ifp);
if_attach(ifp);
if_alloc_sadl(ifp);
task_set(&pflowif->sc_outputtask, pflow_output_process, pflowif);
/* Insert into list of pflows */
KERNEL_ASSERT_LOCKED();
SMR_SLIST_INSERT_HEAD_LOCKED(&pflowif_list, pflowif, sc_next);

6
sys/sys/malloc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: malloc.h,v 1.125 2023/07/03 06:45:44 guenther Exp $ */
/* $OpenBSD: malloc.h,v 1.126 2023/12/19 14:40:04 deraadt Exp $ */
/* $NetBSD: malloc.h,v 1.39 1998/07/12 19:52:01 augustss Exp $ */
/*
@ -134,7 +134,7 @@
/* 93-97 - free */
#define M_UVMAMAP 98 /* UVM amap and related */
#define M_UVMAOBJ 99 /* UVM aobj and related */
/* 100 - free */
#define M_PINSYSCALL 100 /* pinsyscall */
#define M_USB 101 /* USB general */
#define M_USBDEV 102 /* USB device driver */
#define M_USBHC 103 /* USB host controller */
@ -270,7 +270,7 @@
NULL, NULL, NULL, NULL, NULL, \
"UVM amap", /* 98 M_UVMAMAP */ \
"UVM aobj", /* 99 M_UVMAOBJ */ \
NULL, \
"pinsyscall", /* 100 M_PINSYSCALL */ \
"USB", /* 101 M_USB */ \
"USB device", /* 102 M_USBDEV */ \
"USB HC", /* 103 M_USBHC */ \

6
sys/sys/syscall.h
View File

@ -1,10 +1,10 @@
/* $OpenBSD: syscall.h,v 1.269 2023/12/12 15:32:58 deraadt Exp $ */
/* $OpenBSD: syscall.h,v 1.270 2023/12/19 06:59:17 deraadt Exp $ */
/*
* System call numbers.
*
* DO NOT EDIT-- this file is automatically generated.
* created from; OpenBSD: syscalls.master,v 1.254 2023/12/12 15:30:55 deraadt Exp
* created from; OpenBSD: syscalls.master,v 1.255 2023/12/19 06:58:36 deraadt Exp
*/
/* syscall: "exit" ret: "void" args: "int" */
@ -443,7 +443,7 @@
/* 156 is obsolete ogetdirentries */
/* 157 is obsolete statfs25 */
/* syscall: "pinsyscalls" ret: "int" args: "void *" "size_t" "uint *" "size_t" */
/* syscall: "pinsyscalls" ret: "int" args: "void *" "size_t" "u_int *" "int" */
#define SYS_pinsyscalls 158
/* syscall: "mimmutable" ret: "int" args: "void *" "size_t" */

8
sys/sys/syscallargs.h
View File

@ -1,10 +1,10 @@
/* $OpenBSD: syscallargs.h,v 1.272 2023/12/12 15:32:58 deraadt Exp $ */
/* $OpenBSD: syscallargs.h,v 1.273 2023/12/19 06:59:17 deraadt Exp $ */
/*
* System call argument lists.
*
* DO NOT EDIT-- this file is automatically generated.
* created from; OpenBSD: syscalls.master,v 1.254 2023/12/12 15:30:55 deraadt Exp
* created from; OpenBSD: syscalls.master,v 1.255 2023/12/19 06:58:36 deraadt Exp
*/
#ifdef syscallarg
@ -753,8 +753,8 @@ struct sys_nfssvc_args {
struct sys_pinsyscalls_args {
syscallarg(void *) base;
syscallarg(size_t) len;
syscallarg(uint *) pins;
syscallarg(size_t) pinslen;
syscallarg(u_int *) pins;
syscallarg(int) npins;
};
struct sys_mimmutable_args {

5
usr.bin/ktrace/ktrace.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ktrace.h,v 1.10 2016/03/06 20:25:27 guenther Exp $ */
/* $OpenBSD: ktrace.h,v 1.11 2023/12/19 16:31:50 deraadt Exp $ */
/*-
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
@ -32,7 +32,8 @@
#define DEF_POINTS (KTRFAC_SYSCALL | KTRFAC_SYSRET | KTRFAC_NAMEI | \
KTRFAC_GENIO | KTRFAC_PSIG | KTRFAC_STRUCT | \
KTRFAC_USER | KTRFAC_EXECARGS | KTRFAC_PLEDGE)
KTRFAC_USER | KTRFAC_EXECARGS | KTRFAC_PLEDGE | \
KTRFAC_PINSYSCALL)
/* any KTRFAC_* not included in DEF_POINTS should be added here */
#define ALL_POINTS (DEF_POINTS | KTRFAC_EXECENV)

10
usr.bin/ssh/PROTOCOL
View File

@ -137,12 +137,12 @@ than as a named global or channel request to allow pings with very
short packet lengths, which would not be possible with other
approaches.
1.9 transport: strict key exchange extension
1.10 transport: strict key exchange extension
OpenSSH supports a number of transport-layer hardening measures under
a "strict KEX" feature. This feature is signalled similarly to the
RFC8308 ext-info feature: by including a additional algorithm in the
initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
initial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server
may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms
are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored
@ -150,7 +150,7 @@ if they are present in subsequent SSH2_MSG_KEXINIT packets.
When an endpoint that supports this extension observes this algorithm
name in a peer's KEXINIT packet, it MUST make the following changes to
the the protocol:
the protocol:
a) During initial KEX, terminate the connection if any unexpected or
out-of-sequence packet is received. This includes terminating the
@ -163,7 +163,7 @@ b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the
duration of the connection (i.e. not just the first
SSH2_MSG_NEWKEYS).
1.10 transport: SSH2_MSG_EXT_INFO during user authentication
1.11 transport: SSH2_MSG_EXT_INFO during user authentication
This protocol extension allows the SSH2_MSG_EXT_INFO to be sent
during user authentication. RFC8308 does allow a second
@ -790,4 +790,4 @@ master instance and later clients.
OpenSSH extends the usual agent protocol. These changes are documented
in the PROTOCOL.agent file.
$OpenBSD: PROTOCOL,v 1.51 2023/12/18 14:45:49 djm Exp $
$OpenBSD: PROTOCOL,v 1.53 2023/12/20 00:06:25 jsg Exp $

4
usr.bin/ssh/PROTOCOL.agent
View File

@ -91,7 +91,7 @@ with private keys as they are loaded from a PKCS#11 token.
bool certs_only
string certsblob
Where "certsblob" constists of one or more certificates encoded as public
Where "certsblob" consists of one or more certificates encoded as public
key blobs:
string[] certificates
@ -112,4 +112,4 @@ A SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED will return SSH_AGENT_SUCCESS
if any key (plain private or certificate) was successfully loaded, or
SSH_AGENT_FAILURE if no key was loaded.
$OpenBSD: PROTOCOL.agent,v 1.21 2023/12/18 14:46:56 djm Exp $
$OpenBSD: PROTOCOL.agent,v 1.22 2023/12/20 00:06:25 jsg Exp $

14
usr.bin/ssh/ssh-add.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-add.1,v 1.85 2023/12/18 14:46:56 djm Exp $
.\" $OpenBSD: ssh-add.1,v 1.86 2023/12/19 06:57:34 jmc Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 18 2023 $
.Dd $Mdocdate: December 19 2023 $
.Dt SSH-ADD 1
.Os
.Sh NAME
@ -43,7 +43,7 @@
.Nd adds private key identities to the OpenSSH authentication agent
.Sh SYNOPSIS
.Nm ssh-add
.Op Fl cCDdKkLlqvXx
.Op Fl CcDdKkLlqvXx
.Op Fl E Ar fingerprint_hash
.Op Fl H Ar hostkey_file
.Op Fl h Ar destination_constraint
@ -52,7 +52,7 @@
.Op Ar
.Nm ssh-add
.Fl s Ar pkcs11
.Op Fl vC
.Op Fl Cv
.Op Ar certificate ...
.Nm ssh-add
.Fl e Ar pkcs11
@ -94,6 +94,9 @@ to work.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl C
When loading keys into or deleting keys from the agent, process
certificates only and skip plain keys.
.It Fl c
Indicates that added identities should be subject to confirmation before
being used for authentication.
@ -102,9 +105,6 @@ Confirmation is performed by
Successful confirmation is signaled by a zero exit status from
.Xr ssh-askpass 1 ,
rather than text entered into the requester.
.It Fl C
When loading keys into or deleting keys from the agent, process
certificates only and skip plain keys.
.It Fl D
Deletes all identities from the agent.
.It Fl d

6
usr.bin/ssh/ssh-add.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-add.c,v 1.169 2023/12/18 14:46:56 djm Exp $ */
/* $OpenBSD: ssh-add.c,v 1.170 2023/12/19 06:57:34 jmc Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -783,13 +783,13 @@ static void
usage(void)
{
fprintf(stderr,
"usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file]\n"
"usage: ssh-add [-CcDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file]\n"
" [-h destination_constraint] [-S provider] [-t life]\n"
#ifdef WITH_XMSS
" [-M maxsign] [-m minleft]\n"
#endif
" [file ...]\n"
" ssh-add -s pkcs11\n"
" ssh-add -s pkcs11 [-Cv] [certificate ...]\n"
" ssh-add -e pkcs11\n"
" ssh-add -T pubkey ...\n"
);

6
usr.bin/ssh/ssh-keyscan.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keyscan.c,v 1.153 2023/06/21 05:06:04 djm Exp $ */
/* $OpenBSD: ssh-keyscan.c,v 1.154 2023/12/20 00:06:25 jsg Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@ -478,11 +478,11 @@ congreet(int s)
/*
* Read the server banner as per RFC4253 section 4.2. The "SSH-"
* protocol identification string may be preceeded by an arbitrarily
* protocol identification string may be preceded by an arbitrarily
* large banner which we must read and ignore. Loop while reading
* newline-terminated lines until we have one starting with "SSH-".
* The ID string cannot be longer than 255 characters although the
* preceeding banner lines may (in which case they'll be discarded
* preceding banner lines may (in which case they'll be discarded
* in multiple iterations of the outer loop).
*/
for (;;) {

4
usr.bin/ssh/sshkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.c,v 1.140 2023/10/16 08:40:00 dtucker Exp $ */
/* $OpenBSD: sshkey.c,v 1.141 2023/12/20 00:06:25 jsg Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@ -1894,7 +1894,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
goto out;
}
if (sshkey_type_is_cert(type)) {
/* Skip nonce that preceeds all certificates */
/* Skip nonce that precedes all certificates */
if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {
ret = SSH_ERR_INVALID_FORMAT;
goto out;

4
usr.bin/ssh/xmss_hash.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: xmss_hash.c,v 1.3 2022/04/20 16:00:25 millert Exp $ */
/* $OpenBSD: xmss_hash.c,v 1.4 2023/12/20 00:06:25 jsg Exp $ */
/*
hash.c version 20160722
Andreas Hülsing
@ -70,7 +70,7 @@ int prf(unsigned char *out, const unsigned char *in, const unsigned char *key, u
}
/*
* Implemts H_msg
* Implements H_msg
*/
int h_msg(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int n)
{

6
usr.sbin/bgpctl/output.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: output.c,v 1.42 2023/11/20 14:18:21 claudio Exp $ */
/* $OpenBSD: output.c,v 1.43 2023/12/19 10:32:20 claudio Exp $ */
/*
* Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@ -1176,8 +1176,8 @@ show_rtr(struct ctl_show_rtr *rtr)
if (rtr->local_addr.aid != AID_UNSPEC)
printf(" Local Address: %s\n", log_addr(&rtr->local_addr));
if (rtr->session_id != -1)
printf(" Session ID: %d Serial #: %u\n",
rtr->session_id, rtr->serial);
printf("Version: %u Session ID: %d Serial #: %u\n",
rtr->version, rtr->session_id, rtr->serial);
printf(" Refresh: %u, Retry: %u, Expire: %u\n",
rtr->refresh, rtr->retry, rtr->expire);

3
usr.sbin/bgpctl/output_json.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: output_json.c,v 1.36 2023/11/20 14:18:21 claudio Exp $ */
/* $OpenBSD: output_json.c,v 1.37 2023/12/19 10:32:20 claudio Exp $ */
/*
* Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@ -1009,6 +1009,7 @@ json_rtr(struct ctl_show_rtr *rtr)
json_do_string("local_addr", log_addr(&rtr->local_addr));
if (rtr->session_id != -1) {
json_do_uint("version", rtr->version);
json_do_uint("session_id", rtr->session_id);
json_do_uint("serial", rtr->serial);
}

28
usr.sbin/btrace/bt_parse.y
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bt_parse.y,v 1.54 2023/10/12 15:16:44 cheloha Exp $ */
/* $OpenBSD: bt_parse.y,v 1.56 2023/12/20 14:00:17 dv Exp $ */
/*
* Copyright (c) 2019-2023 Martin Pieuchot <mpi@openbsd.org>
@ -34,6 +34,7 @@
#include <assert.h>
#include <ctype.h>
#include <err.h>
#include <errno.h>
#include <limits.h>
#include <stdarg.h>
#include <stdint.h>
@ -897,7 +898,7 @@ again:
}
*p++ = c;
if (p == ebuf) {
yyerror("too long line");
yyerror("line too long");
return ERROR;
}
}
@ -922,20 +923,23 @@ again:
do {
*p++ = c;
if (p == ebuf) {
yyerror("too long line");
yyerror("line too long");
return ERROR;
}
} while ((c = lgetc()) != EOF && isdigit(c));
} while ((c = lgetc()) != EOF &&
(isxdigit(c) || c == 'x' || c == 'X'));
lungetc();
if (c == EOF || allowed_to_end_number(c)) {
const char *errstr = NULL;
*p = '\0';
yylval.v.number = strtonum(buf, LONG_MIN, LONG_MAX,
&errstr);
if (errstr) {
yyerror("invalid number '%s' (%s)", buf,
errstr);
errno = 0;
yylval.v.number = strtol(buf, NULL, 0);
if (errno == ERANGE) {
/*
* Characters are already validated, so only
* check ERANGE.
*/
yyerror("%sflow", (yylval.v.number == LONG_MIN)
? "under" : "over");
return ERROR;
}
return NUMBER;
@ -956,7 +960,7 @@ again:
do {
*p++ = c;
if (p == ebuf) {
yyerror("too long line");
yyerror("line too long");
return ERROR;
}
} while ((c = lgetc()) != EOF && (allowed_in_string(c)));

105
usr.sbin/nsd/Makefile.in
View File

@ -79,14 +79,14 @@ EDIT = $(SED) \
TARGETS=nsd nsd-checkconf nsd-checkzone nsd-control nsd.conf.sample nsd-control-setup.sh
MANUALS=nsd.8 nsd-checkconf.8 nsd-checkzone.8 nsd-control.8 nsd.conf.5
COMMON_OBJ=answer.o axfr.o ixfr.o ixfrcreate.o buffer.o configlexer.o configparser.o dname.o dns.o edns.o iterated_hash.o lookup3.o namedb.o nsec3.o options.o packet.o query.o rbtree.o radtree.o rdata.o region-allocator.o rrl.o siphash.o tsig.o tsig-openssl.o udb.o udbradtree.o udbzone.o util.o bitset.o popen3.o
COMMON_OBJ=answer.o axfr.o ixfr.o ixfrcreate.o buffer.o configlexer.o configparser.o dname.o dns.o edns.o iterated_hash.o lookup3.o namedb.o nsec3.o options.o packet.o query.o rbtree.o radtree.o rdata.o region-allocator.o rrl.o siphash.o tsig.o tsig-openssl.o udb.o util.o bitset.o popen3.o proxy_protocol.o
XFRD_OBJ=xfrd-disk.o xfrd-notify.o xfrd-tcp.o xfrd.o remote.o $(DNSTAP_OBJ)
NSD_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) difffile.o ipc.o mini_event.o netio.o nsd.o server.o dbaccess.o dbcreate.o zlexer.o zonec.o zparser.o verify.o
ALL_OBJ=$(NSD_OBJ) nsd-checkconf.o nsd-checkzone.o nsd-control.o nsd-mem.o xfr-inspect.o
NSD_CHECKCONF_OBJ=$(COMMON_OBJ) nsd-checkconf.o
NSD_CHECKZONE_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o server.o zonec.o zparser.o zlexer.o nsd-checkzone.o verify.o
NSD_CONTROL_OBJ=$(COMMON_OBJ) nsd-control.o
CUTEST_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o server.o verify.o zonec.o zparser.o zlexer.o cutest_dname.o cutest_dns.o cutest_iterated_hash.o cutest_run.o cutest_radtree.o cutest_rbtree.o cutest_namedb.o cutest_options.o cutest_region.o cutest_rrl.o cutest_udb.o cutest_udbrad.o cutest_util.o cutest_bitset.o cutest_popen3.o cutest_iter.o cutest_event.o cutest.o qtest.o
CUTEST_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o server.o verify.o zonec.o zparser.o zlexer.o cutest_dname.o cutest_dns.o cutest_iterated_hash.o cutest_run.o cutest_radtree.o cutest_rbtree.o cutest_namedb.o cutest_options.o cutest_region.o cutest_rrl.o cutest_udb.o cutest_util.o cutest_bitset.o cutest_popen3.o cutest_iter.o cutest_event.o cutest.o qtest.o
NSD_MEM_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o verify.o server.o zonec.o zparser.o zlexer.o nsd-mem.o
all: $(TARGETS) $(MANUALS)
@ -174,9 +174,6 @@ nsd-mem: $(NSD_MEM_OBJ) $(LIBOBJS)
cutest: $(CUTEST_OBJ) $(LIBOBJS) popen3_echo
$(LINK) -o $@ $(CUTEST_OBJ) $(LIBOBJS) $(SSL_LIBS) $(LIBS)
udb-inspect: udb-inspect.o $(COMMON_OBJ) zonec.o zparser.o zlexer.o $(LIBOBJS)
$(LINK) -o $@ udb-inspect.o $(COMMON_OBJ) zonec.o zparser.o zlexer.o $(LIBOBJS) $(LIBS)
xfr-inspect: xfr-inspect.o $(COMMON_OBJ) zonec.o zparser.o zlexer.o $(LIBOBJS)
$(LINK) -o $@ xfr-inspect.o $(COMMON_OBJ) zonec.o zparser.o zlexer.o $(LIBOBJS) $(LIBS)
@ -195,7 +192,7 @@ audit: nsd nsd-checkconf nsd-checkzone nsd-control nsd-mem checksec
./checksec --file=nsd-mem
clean:
rm -f *.o $(TARGETS) $(MANUALS) cutest popen3_echo udb-inspect xfr-inspect nsd-mem
rm -f *.o $(TARGETS) $(MANUALS) cutest popen3_echo xfr-inspect nsd-mem
distclean: clean
rm -f Makefile config.h config.log config.status dnstap/dnstap_config.h
@ -333,9 +330,6 @@ cutest.o: $(srcdir)/tpkg/cutest/cutest.c
qtest.o: $(srcdir)/tpkg/cutest/qtest.c
$(COMPILE) -c $(srcdir)/tpkg/cutest/qtest.c
udb-inspect.o: $(srcdir)/tpkg/cutest/udb-inspect.c
$(COMPILE) -c $(srcdir)/tpkg/cutest/udb-inspect.c
zlexer.c: $(srcdir)/zlexer.lex
if test "$(LEX)" != ":"; then rm -f $@ ;\
echo '#include "config.h"' > $@ ;\
@ -422,6 +416,8 @@ depend:
fi
rm -f $(DEPEND_TMP) $(DEPEND_TMP2)
proxy_protocol.o: $(srcdir)/util/proxy_protocol.c config.h $(srcdir)/util/proxy_protocol.h
# Dependencies
answer.o: $(srcdir)/answer.c config.h $(srcdir)/answer.h $(srcdir)/dns.h $(srcdir)/namedb.h \
$(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h \
@ -439,14 +435,14 @@ configparser.o: configparser.c config.h $(srcdir)/options.h \
$(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h configparser.h
dbaccess.o: $(srcdir)/dbaccess.c config.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/options.h $(srcdir)/rdata.h \
$(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/udbzone.h $(srcdir)/zonec.h $(srcdir)/nsec3.h $(srcdir)/difffile.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/udb.h $(srcdir)/zonec.h $(srcdir)/nsec3.h $(srcdir)/difffile.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/bitset.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/ixfrcreate.h
dbcreate.o: $(srcdir)/dbcreate.c config.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/udb.h $(srcdir)/udbradtree.h \
$(srcdir)/udbzone.h $(srcdir)/options.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/tsig.h
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/udb.h \
$(srcdir)/options.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/tsig.h
difffile.o: $(srcdir)/difffile.c config.h $(srcdir)/difffile.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h \
$(srcdir)/options.h $(srcdir)/udb.h $(srcdir)/xfrd-disk.h $(srcdir)/packet.h $(srcdir)/rdata.h $(srcdir)/udbzone.h $(srcdir)/udbradtree.h \
$(srcdir)/options.h $(srcdir)/udb.h $(srcdir)/xfrd-disk.h $(srcdir)/packet.h $(srcdir)/rdata.h \
$(srcdir)/nsec3.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/tsig.h $(srcdir)/ixfr.h $(srcdir)/zonec.h
dname.o: $(srcdir)/dname.c config.h $(srcdir)/dns.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h \
@ -457,8 +453,8 @@ edns.o: $(srcdir)/edns.c config.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buf
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/bitset.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/tsig.h
ipc.o: $(srcdir)/ipc.c config.h $(srcdir)/ipc.h $(srcdir)/netio.h $(srcdir)/region-allocator.h \
$(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/xfrd-notify.h \
$(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/dns.h \
$(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/xfrd-notify.h \
$(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/packet.h
iterated_hash.o: $(srcdir)/iterated_hash.c config.h $(srcdir)/iterated_hash.h \
$(srcdir)/util.h
@ -469,15 +465,15 @@ ixfrcreate.o: $(srcdir)/ixfrcreate.c config.h $(srcdir)/ixfrcreate.h $(srcdir)/d
$(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h \
$(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/options.h
lookup3.o: $(srcdir)/lookup3.c config.h $(srcdir)/lookup3.h
mini_event.o: $(srcdir)/mini_event.c config.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h
mini_event.o: $(srcdir)/mini_event.c config.h
namedb.o: $(srcdir)/namedb.c config.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsec3.h
netio.o: $(srcdir)/netio.c config.h $(srcdir)/netio.h $(srcdir)/region-allocator.h \
$(srcdir)/util.h
nsd.o: $(srcdir)/nsd.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/tsig.h $(srcdir)/dname.h \
$(srcdir)/remote.h $(srcdir)/xfrd-disk.h $(srcdir)/dnstap/dnstap_collector.h
$(srcdir)/remote.h $(srcdir)/xfrd-disk.h $(srcdir)/dnstap/dnstap_collector.h $(srcdir)/util/proxy_protocol.h \
config.h
nsd-checkconf.o: $(srcdir)/nsd-checkconf.c config.h $(srcdir)/tsig.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/rrl.h $(srcdir)/query.h \
$(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h
@ -490,11 +486,11 @@ nsd-control.o: $(srcdir)/nsd-control.c config.h $(srcdir)/util.h $(srcdir)/tsig.
$(srcdir)/dns.h $(srcdir)/radtree.h
nsd-mem.o: $(srcdir)/nsd-mem.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/tsig.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h \
$(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/udbradtree.h
$(srcdir)/namedb.h $(srcdir)/radtree.h
nsec3.o: $(srcdir)/nsec3.c config.h $(srcdir)/nsec3.h $(srcdir)/iterated_hash.h \
$(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h \
$(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/answer.h $(srcdir)/packet.h $(srcdir)/query.h $(srcdir)/tsig.h \
$(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/options.h
$(srcdir)/udb.h $(srcdir)/options.h
options.o: $(srcdir)/options.c config.h $(srcdir)/options.h \
$(srcdir)/region-allocator.h $(srcdir)/rbtree.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h \
$(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/ixfr.h $(srcdir)/difffile.h \
@ -513,53 +509,48 @@ rdata.o: $(srcdir)/rdata.c config.h $(srcdir)/rdata.h $(srcdir)/dns.h $(srcdir)/
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/zonec.h
region-allocator.o: $(srcdir)/region-allocator.c config.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h
remote.o: $(srcdir)/remote.c config.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h $(srcdir)/remote.h $(srcdir)/util.h $(srcdir)/xfrd.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/xfrd-notify.h $(srcdir)/xfrd-tcp.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/bitset.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/ipc.h $(srcdir)/netio.h
remote.o: $(srcdir)/remote.c config.h $(srcdir)/remote.h $(srcdir)/util.h $(srcdir)/xfrd.h \
$(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/dns.h $(srcdir)/radtree.h \
$(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/xfrd-notify.h $(srcdir)/xfrd-tcp.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h \
$(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/ipc.h $(srcdir)/netio.h
rrl.o: $(srcdir)/rrl.c config.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/lookup3.h $(srcdir)/options.h
server.o: $(srcdir)/server.c config.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h $(srcdir)/axfr.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/bitset.h \
$(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/netio.h $(srcdir)/xfrd.h \
$(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd-disk.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/nsec3.h $(srcdir)/ipc.h $(srcdir)/remote.h \
$(srcdir)/lookup3.h $(srcdir)/rrl.h $(srcdir)/ixfr.h $(srcdir)/dnstap/dnstap_collector.h $(srcdir)/verify.h
server.o: $(srcdir)/server.c config.h $(srcdir)/axfr.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/netio.h $(srcdir)/xfrd.h $(srcdir)/options.h $(srcdir)/xfrd-tcp.h \
$(srcdir)/xfrd-disk.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/nsec3.h $(srcdir)/ipc.h $(srcdir)/remote.h $(srcdir)/lookup3.h $(srcdir)/rrl.h \
$(srcdir)/ixfr.h $(srcdir)/dnstap/dnstap_collector.h $(srcdir)/verify.h $(srcdir)/util/proxy_protocol.h config.h
siphash.o: $(srcdir)/siphash.c
tsig.o: $(srcdir)/tsig.c config.h $(srcdir)/tsig.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/tsig-openssl.h $(srcdir)/dns.h $(srcdir)/packet.h $(srcdir)/namedb.h \
$(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/query.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h
tsig-openssl.o: $(srcdir)/tsig-openssl.c config.h $(srcdir)/tsig-openssl.h \
$(srcdir)/region-allocator.h $(srcdir)/tsig.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dname.h
udb.o: $(srcdir)/udb.c config.h $(srcdir)/udb.h $(srcdir)/lookup3.h $(srcdir)/util.h
udbradtree.o: $(srcdir)/udbradtree.c config.h $(srcdir)/udbradtree.h $(srcdir)/udb.h \
udb.o: $(srcdir)/udb.c config.h $(srcdir)/udb.h $(srcdir)/lookup3.h $(srcdir)/util.h \
$(srcdir)/radtree.h
udbzone.o: $(srcdir)/udbzone.c config.h $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/dns.h \
$(srcdir)/udbradtree.h $(srcdir)/util.h $(srcdir)/iterated_hash.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \
$(srcdir)/difffile.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/options.h
util.o: $(srcdir)/util.c config.h $(srcdir)/util.h $(srcdir)/region-allocator.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/zonec.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/bitset.h
verify.o: $(srcdir)/verify.c config.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h \
$(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h \
$(srcdir)/options.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/verify.h $(srcdir)/mini_event.h $(srcdir)/popen3.h
xfrd.o: $(srcdir)/xfrd.c config.h $(srcdir)/xfrd.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \
$(srcdir)/options.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/verify.h $(srcdir)/popen3.h
xfrd.o: $(srcdir)/xfrd.c config.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h \
$(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd-disk.h $(srcdir)/xfrd-notify.h $(srcdir)/netio.h $(srcdir)/nsd.h \
$(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/rdata.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/ipc.h $(srcdir)/remote.h $(srcdir)/rrl.h \
$(srcdir)/query.h $(srcdir)/dnstap/dnstap_collector.h
xfrd-disk.o: $(srcdir)/xfrd-disk.c config.h $(srcdir)/xfrd-disk.h $(srcdir)/xfrd.h \
$(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h
$(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h \
$(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h
xfrd-notify.o: $(srcdir)/xfrd-notify.c config.h $(srcdir)/xfrd-notify.h \
$(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/tsig.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dname.h \
$(srcdir)/xfrd.h $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/packet.h
$(srcdir)/tsig.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/rbtree.h $(srcdir)/xfrd.h \
$(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/packet.h
xfrd-tcp.o: $(srcdir)/xfrd-tcp.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h \
$(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h \
$(srcdir)/packet.h $(srcdir)/xfrd-disk.h
xfr-inspect.o: $(srcdir)/xfr-inspect.c config.h $(srcdir)/udbzone.h $(srcdir)/udb.h \
$(srcdir)/dns.h $(srcdir)/udbradtree.h $(srcdir)/util.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/packet.h $(srcdir)/namedb.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h \
$(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/packet.h $(srcdir)/xfrd-disk.h
xfr-inspect.o: $(srcdir)/xfr-inspect.c config.h $(srcdir)/udb.h \
$(srcdir)/dns.h $(srcdir)/util.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/packet.h $(srcdir)/namedb.h \
$(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/difffile.h $(srcdir)/options.h
zlexer.o: zlexer.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h zparser.h
@ -567,15 +558,13 @@ zonec.o: $(srcdir)/zonec.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdi
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h \
zparser.h $(srcdir)/options.h $(srcdir)/nsec3.h
zparser.o: zparser.c config.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/zonec.h \
zparser.h
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/zonec.h
b64_ntop.o: $(srcdir)/compat/b64_ntop.c config.h
b64_pton.o: $(srcdir)/compat/b64_pton.c config.h
basename.o: $(srcdir)/compat/basename.c
cpuset.o: $(srcdir)/compat/cpuset.c config.h
explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h \
fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h
inet_aton.o: $(srcdir)/compat/inet_aton.c config.h
inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
@ -598,9 +587,9 @@ cutest_dname.o: $(srcdir)/tpkg/cutest/cutest_dname.c config.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h
cutest_dns.o: $(srcdir)/tpkg/cutest/cutest_dns.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/dns.h
cutest_event.o: $(srcdir)/tpkg/cutest/cutest_event.c config.h \
$(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \
$(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/tpkg/cutest/cutest.h
cutest_event.o: $(srcdir)/tpkg/cutest/cutest_event.c config.h $(srcdir)/nsd.h \
$(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h \
$(srcdir)/tpkg/cutest/cutest.h
cutest_iterated_hash.o: $(srcdir)/tpkg/cutest/cutest_iterated_hash.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/util.h \
$(srcdir)/iterated_hash.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h
@ -610,7 +599,7 @@ cutest_iter.o: $(srcdir)/tpkg/cutest/cutest_iter.c config.h $(srcdir)/nsd.h \
cutest_namedb.o: $(srcdir)/tpkg/cutest/cutest_namedb.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/options.h $(srcdir)/region-allocator.h \
$(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsec3.h $(srcdir)/udb.h \
$(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/difffile.h $(srcdir)/namedb.h $(srcdir)/options.h $(srcdir)/zonec.h $(srcdir)/nsd.h \
$(srcdir)/udb.h $(srcdir)/difffile.h $(srcdir)/namedb.h $(srcdir)/options.h $(srcdir)/zonec.h $(srcdir)/nsd.h \
$(srcdir)/edns.h $(srcdir)/bitset.h
cutest_options.o: $(srcdir)/tpkg/cutest/cutest_options.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/options.h $(srcdir)/region-allocator.h \
@ -633,18 +622,12 @@ cutest_run.o: $(srcdir)/tpkg/cutest/cutest_run.c config.h \
$(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/bitset.h
cutest_udb.o: $(srcdir)/tpkg/cutest/cutest_udb.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/udb.h
cutest_udbrad.o: $(srcdir)/tpkg/cutest/cutest_udbrad.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/udbradtree.h $(srcdir)/udb.h
cutest_util.o: $(srcdir)/tpkg/cutest/cutest_util.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h \
$(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h
$(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h \
$(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h
popen3_echo.o: $(srcdir)/tpkg/cutest/popen3_echo.c
qtest.o: $(srcdir)/tpkg/cutest/qtest.c config.h $(srcdir)/tpkg/cutest/qtest.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/namedb.h \
$(srcdir)/util.h $(srcdir)/nsec3.h $(srcdir)/options.h $(srcdir)/packet.h $(srcdir)/dname.h $(srcdir)/rdata.h
udb-inspect.o: $(srcdir)/tpkg/cutest/udb-inspect.c config.h $(srcdir)/udb.h \
$(srcdir)/udbradtree.h $(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/dns.h $(srcdir)/udbradtree.h $(srcdir)/util.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/packet.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/radtree.h \
$(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/namedb.h $(srcdir)/difffile.h $(srcdir)/options.h

2
usr.sbin/nsd/answer.c
View File

@ -67,7 +67,7 @@ encode_answer(query_type *q, const answer_type *answer)
int done = 0;
#if defined(INET6) && defined(MINIMAL_RESPONSES)
if (q->addr.ss_family == AF_INET6)
if (q->client_addr.ss_family == AF_INET6)
minimal_respsize = IPV6_MINIMAL_RESPONSE_SIZE;
#endif

27
usr.sbin/nsd/axfr.c
View File

@ -188,12 +188,35 @@ static int axfr_ixfr_can_admit_query(struct nsd* nsd, struct query* q)
struct acl_options *acl = NULL;
struct zone_options* zone_opt;
zone_opt = zone_options_find(nsd->options, q->qname);
if(zone_opt && q->is_proxied && acl_check_incoming_block_proxy(
zone_opt->pattern->provide_xfr, q, &acl) == -1) {
/* the proxy address is blocked */
if (verbosity >= 2) {
char address[128], proxy[128];
addr2str(&q->client_addr, address, sizeof(address));
addr2str(&q->remote_addr, proxy, sizeof(proxy));
VERBOSITY(2, (LOG_INFO, "%s for %s from %s via proxy %s refused because of proxy, %s %s",
(q->qtype==TYPE_AXFR?"axfr":"ixfr"),
dname_to_string(q->qname, NULL),
address, proxy,
(acl?acl->ip_address_spec:"."),
(acl ? ( acl->nokey ? "NOKEY"
: acl->blocked ? "BLOCKED"
: acl->key_name )
: "no acl matches")));
}
RCODE_SET(q->packet, RCODE_REFUSE);
/* RFC8914 - Extended DNS Errors
* 4.19. Extended DNS Error Code 18 - Prohibited */
q->edns.ede = EDE_PROHIBITED;
return 0;
}
if(!zone_opt ||
acl_check_incoming(zone_opt->pattern->provide_xfr, q, &acl)==-1)
{
if (verbosity >= 2) {
char a[128];
addr2str(&q->addr, a, sizeof(a));
addr2str(&q->client_addr, a, sizeof(a));
VERBOSITY(2, (LOG_INFO, "%s for %s from %s refused, %s",
(q->qtype==TYPE_AXFR?"axfr":"ixfr"),
dname_to_string(q->qname, NULL), a, acl?"blocked":"no acl matches"));
@ -216,7 +239,7 @@ static int axfr_ixfr_can_admit_query(struct nsd* nsd, struct query* q)
acl->ip_address_spec, acl->key_name?acl->key_name:"NOKEY"));
if (verbosity >= 1) {
char a[128];
addr2str(&q->addr, a, sizeof(a));
addr2str(&q->client_addr, a, sizeof(a));
VERBOSITY(1, (LOG_INFO, "%s for %s from %s",
(q->qtype==TYPE_AXFR?"axfr":"ixfr"),
dname_to_string(q->qname, NULL), a));

4
usr.sbin/nsd/config.h.in
View File

@ -28,9 +28,6 @@
*/
#undef DARWIN_BROKEN_SETREUID
/* Pathname to the NSD database */
#undef DBFILE
/* Whether ERR_load_SSL_strings is deprecated */
#undef DEPRECATED_ERR_LOAD_SSL_STRINGS
@ -863,6 +860,7 @@
#include <sys/types.h>
#include <stdlib.h>
#include <stddef.h>
#include <string.h>
#ifdef HAVE_TIME_H
#include <time.h>

1
usr.sbin/nsd/configlexer.lex
View File

@ -304,6 +304,7 @@ tls-service-ocsp{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_TLS_SERVICE_OCS
tls-service-pem{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_TLS_SERVICE_PEM;}
tls-port{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_TLS_PORT;}
tls-cert-bundle{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_TLS_CERT_BUNDLE; }
proxy-protocol-port{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_PROXY_PROTOCOL_PORT; }
answer-cookie{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ANSWER_COOKIE;}
cookie-secret{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_COOKIE_SECRET;}
cookie-secret-file{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_COOKIE_SECRET_FILE;}

22
usr.sbin/nsd/configparser.y
View File

@ -125,6 +125,7 @@ struct component {
%token VAR_TLS_SERVICE_OCSP
%token VAR_TLS_PORT
%token VAR_TLS_CERT_BUNDLE
%token VAR_PROXY_PROTOCOL_PORT
%token VAR_CPU_AFFINITY
%token VAR_XFRD_CPU_AFFINITY
%token <llng> VAR_SERVER_CPU_AFFINITY
@ -280,7 +281,7 @@ server_option:
| VAR_DEBUG_MODE boolean
{ cfg_parser->opt->debug_mode = $2; }
| VAR_USE_SYSTEMD boolean
{ /* ignored, deprecated */ }
{ /* ignored, obsolete */ }
| VAR_HIDE_VERSION boolean
{ cfg_parser->opt->hide_version = $2; }
| VAR_HIDE_IDENTITY boolean
@ -296,14 +297,7 @@ server_option:
| VAR_DO_IP6 boolean
{ cfg_parser->opt->do_ip6 = $2; }
| VAR_DATABASE STRING
{
cfg_parser->opt->database = region_strdup(cfg_parser->opt->region, $2);
if(cfg_parser->opt->database[0] == 0 &&
cfg_parser->opt->zonefiles_write == 0)
{
cfg_parser->opt->zonefiles_write = ZONEFILES_WRITE_INTERVAL;
}
}
{ /* ignored, obsolete */ }
| VAR_IDENTITY STRING
{ cfg_parser->opt->identity = region_strdup(cfg_parser->opt->region, $2); }
| VAR_VERSION STRING
@ -386,7 +380,7 @@ server_option:
| VAR_ZONELISTFILE STRING
{ cfg_parser->opt->zonelistfile = region_strdup(cfg_parser->opt->region, $2); }
| VAR_DIFFFILE STRING
{ /* ignored, deprecated */ }
{ /* ignored, obsolete */ }
| VAR_XFRDFILE STRING
{ cfg_parser->opt->xfrdfile = region_strdup(cfg_parser->opt->region, $2); }
| VAR_XFRDIR STRING
@ -481,6 +475,14 @@ server_option:
}
| VAR_TLS_CERT_BUNDLE STRING
{ cfg_parser->opt->tls_cert_bundle = region_strdup(cfg_parser->opt->region, $2); }
| VAR_PROXY_PROTOCOL_PORT number
{
struct proxy_protocol_port_list* elem = region_alloc_zero(
cfg_parser->opt->region, sizeof(*elem));
elem->port = $2;
elem->next = cfg_parser->opt->proxy_protocol_port;
cfg_parser->opt->proxy_protocol_port = elem;
}
| VAR_ANSWER_COOKIE boolean
{ cfg_parser->opt->answer_cookie = $2; }
| VAR_COOKIE_SECRET STRING

59
usr.sbin/nsd/configure vendored
View File

@ -1,8 +1,8 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for NSD 4.7.0.
# Generated by GNU Autoconf 2.69 for NSD 4.8.0.
#
# Report bugs to <nsd-bugs@nlnetlabs.nl>.
# Report bugs to <https://github.com/NLnetLabs/nsd/issues or nsd-bugs@nlnetlabs.nl>.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@ -267,6 +267,7 @@ fi
$as_echo "$0: be upgraded to zsh 4.3.4 or later."
else
$as_echo "$0: Please tell bug-autoconf@gnu.org and
$0: https://github.com/NLnetLabs/nsd/issues or
$0: nsd-bugs@nlnetlabs.nl about your system, including any
$0: error possibly output before this message. Then install
$0: a modern shell, or manually run the script under such a
@ -580,9 +581,9 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='NSD'
PACKAGE_TARNAME='nsd'
PACKAGE_VERSION='4.7.0'
PACKAGE_STRING='NSD 4.7.0'
PACKAGE_BUGREPORT='nsd-bugs@nlnetlabs.nl'
PACKAGE_VERSION='4.8.0'
PACKAGE_STRING='NSD 4.8.0'
PACKAGE_BUGREPORT='https://github.com/NLnetLabs/nsd/issues or nsd-bugs@nlnetlabs.nl'
PACKAGE_URL=''
# Factoring default headers for most tests.
@ -653,8 +654,6 @@ zonelistfile
xfrdfile
zonesdir
piddir
dbdir
dbfile
pidfile
logfile
nsd_conf_file
@ -1328,7 +1327,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures NSD 4.7.0 to adapt to many kinds of systems.
\`configure' configures NSD 4.8.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1390,7 +1389,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of NSD 4.7.0:";;
short | recursive ) echo "Configuration of NSD 4.8.0:";;
esac
cat <<\_ACEOF
@ -1441,7 +1440,7 @@ Optional Packages:
Pathname to the NSD configuration file
--with-logfile=path Pathname to the default log file
--with-pidfile=path Pathname to the NSD pidfile
--with-dbfile=path Pathname to the NSD database
--with-dbfile=path Pathname to the NSD database (obsolete)
--with-zonesdir=dir NSD default location for zone files
--with-xfrdfile=path Pathname to the NSD xfrd zone timer state file
--with-zonelistfile=path
@ -1500,7 +1499,7 @@ Some influential environment variables:
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
Report bugs to <nsd-bugs@nlnetlabs.nl>.
Report bugs to <https://github.com/NLnetLabs/nsd/issues or nsd-bugs@nlnetlabs.nl>.
_ACEOF
ac_status=$?
fi
@ -1563,7 +1562,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
NSD configure 4.7.0
NSD configure 4.8.0
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -1722,9 +1721,9 @@ $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
( $as_echo "## ------------------------------------ ##
## Report this to nsd-bugs@nlnetlabs.nl ##
## ------------------------------------ ##"
( $as_echo "## ------------------------------------------------------------------------------- ##
## Report this to https://github.com/NLnetLabs/nsd/issues or nsd-bugs@nlnetlabs.nl ##
## ------------------------------------------------------------------------------- ##"
) | sed "s/^/$as_me: WARNING: /" >&2
;;
esac
@ -2272,7 +2271,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by NSD $as_me 4.7.0, which was
It was created by NSD $as_me 4.8.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -3985,25 +3984,10 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
#
# Determine location of nsd.db
#
dbfile=${dbdir}/nsd.db
# Check whether --with-dbfile was given.
if test "${with_dbfile+set}" = set; then :
withval=$with_dbfile; dbfile=$withval
fi
cat >>confdefs.h <<_ACEOF
#define DBFILE "`eval echo $dbfile`"
_ACEOF
if test -n "$dbfile"; then
dbdir=`dirname $dbfile`
withval=$with_dbfile;
fi
@ -6274,10 +6258,7 @@ fi
$as_echo_n "checking whether strptime works... " >&6; }
if test c${cross_compiling} = cno; then
if test "$cross_compiling" = yes; then :
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot run test program while cross compiling
See \`config.log' for more details" "$LINENO" 5; }
eval "ac_cv_c_strptime_works=maybe"
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@ -10909,7 +10890,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by NSD $as_me 4.7.0, which was
This file was extended by NSD $as_me 4.8.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -10965,13 +10946,13 @@ $config_files
Configuration headers:
$config_headers
Report bugs to <nsd-bugs@nlnetlabs.nl>."
Report bugs to <https://github.com/NLnetLabs/nsd/issues or nsd-bugs@nlnetlabs.nl>."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
NSD config.status 4.7.0
NSD config.status 4.8.0
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

20
usr.sbin/nsd/configure.ac
View File

@ -5,7 +5,7 @@ dnl
sinclude(acx_nlnetlabs.m4)
sinclude(dnstap/dnstap.m4)
AC_INIT([NSD],[4.7.0],[nsd-bugs@nlnetlabs.nl])
AC_INIT([NSD],[4.8.0],[https://github.com/NLnetLabs/nsd/issues or nsd-bugs@nlnetlabs.nl])
AC_CONFIG_HEADERS([config.h])
#
@ -96,20 +96,8 @@ AC_ARG_WITH([pidfile],
AC_SUBST(pidfile)
AC_DEFINE_UNQUOTED(PIDFILE, ["`eval echo $pidfile`"], [Pathname to the NSD pidfile])
#
# Determine location of nsd.db
#
dbfile=${dbdir}/nsd.db
AC_ARG_WITH([dbfile],
AS_HELP_STRING([--with-dbfile=path],[Pathname to the NSD database]),
[dbfile=$withval])
AC_SUBST(dbfile)
AC_DEFINE_UNQUOTED(DBFILE, ["`eval echo $dbfile`"], [Pathname to the NSD database])
if test -n "$dbfile"; then
dbdir=`dirname $dbfile`
fi
AC_SUBST(dbdir)
AS_HELP_STRING([--with-dbfile=path],[Pathname to the NSD database (obsolete)]),[])
piddir=`dirname $pidfile`
AC_SUBST(piddir)
@ -569,7 +557,8 @@ AC_RUN_IFELSE([AC_LANG_SOURCE([[
int main(void) { struct tm tm; char *res;
res = strptime("20070207111842", "%Y%m%d%H%M%S", &tm);
if (!res) return 1; return 0; }
]])] , [eval "ac_cv_c_strptime_works=yes"], [eval "ac_cv_c_strptime_works=no"])
]])] , [eval "ac_cv_c_strptime_works=yes"], [eval "ac_cv_c_strptime_works=no"],
[eval "ac_cv_c_strptime_works=maybe"])
else
eval "ac_cv_c_strptime_works=maybe"
fi
@ -1261,6 +1250,7 @@ AH_BOTTOM([
#include <sys/types.h>
#include <stdlib.h>
#include <stddef.h>
#include <string.h>
#ifdef HAVE_TIME_H
#include <time.h>

383
usr.sbin/nsd/dbaccess.c
View File

@ -24,8 +24,6 @@
#include "options.h"
#include "rdata.h"
#include "udb.h"
#include "udbradtree.h"
#include "udbzone.h"
#include "zonec.h"
#include "nsec3.h"
#include "difffile.h"
@ -33,36 +31,15 @@
#include "ixfr.h"
#include "ixfrcreate.h"
static time_t udb_time = 0;
static unsigned long udb_rrsets = 0;
static unsigned long udb_rrset_count = 0;
void
namedb_close(struct namedb* db)
{
if(db) {
if(db->udb) {
udb_base_close(db->udb);
udb_base_free(db->udb);
db->udb = NULL;
}
zonec_desetup_parser();
region_destroy(db->region);
}
}
void
namedb_close_udb(struct namedb* db)
{
if(db) {
/* we cannot actually munmap the data, because other
* processes still need to access the udb, so cleanup the
* udb */
udb_base_free_keep_mmap(db->udb);
db->udb = NULL;
}
}
void
namedb_free_ixfr(struct namedb* db)
{
@ -72,148 +49,6 @@ namedb_free_ixfr(struct namedb* db)
}
}
/** read rr */
static void
read_rr(namedb_type* db, rr_type* rr, udb_ptr* urr, domain_type* domain)
{
buffer_type buffer;
ssize_t c;
assert(udb_ptr_get_type(urr) == udb_chunk_type_rr);
rr->owner = domain;
rr->type = RR(urr)->type;
rr->klass = RR(urr)->klass;
rr->ttl = RR(urr)->ttl;
buffer_create_from(&buffer, RR(urr)->wire, RR(urr)->len);
c = rdata_wireformat_to_rdata_atoms(db->region, db->domains,
rr->type, RR(urr)->len, &buffer, &rr->rdatas);
if(c == -1) {
/* safe on error */
rr->rdata_count = 0;
rr->rdatas = NULL;
return;
}
rr->rdata_count = c;
}
/** calculate rr count */
static uint16_t
calculate_rr_count(udb_base* udb, udb_ptr* rrset)
{
udb_ptr rr;
uint16_t num = 0;
udb_ptr_new(&rr, udb, &RRSET(rrset)->rrs);
while(rr.data) {
num++;
udb_ptr_set_rptr(&rr, udb, &RR(&rr)->next);
}
udb_ptr_unlink(&rr, udb);
return num;
}
/** read rrset */
static void
read_rrset(udb_base* udb, namedb_type* db, zone_type* zone,
domain_type* domain, udb_ptr* urrset)
{
rrset_type* rrset;
udb_ptr urr;
unsigned i;
assert(udb_ptr_get_type(urrset) == udb_chunk_type_rrset);
/* if no RRs, do not create anything (robust) */
if(RRSET(urrset)->rrs.data == 0)
return;
rrset = (rrset_type *) region_alloc(db->region, sizeof(rrset_type));
rrset->zone = zone;
rrset->rr_count = calculate_rr_count(udb, urrset);
rrset->rrs = (rr_type *) region_alloc_array(
db->region, rrset->rr_count, sizeof(rr_type));
/* add the RRs */
udb_ptr_new(&urr, udb, &RRSET(urrset)->rrs);
for(i=0; i<rrset->rr_count; i++) {
read_rr(db, &rrset->rrs[i], &urr, domain);
udb_ptr_set_rptr(&urr, udb, &RR(&urr)->next);
}
udb_ptr_unlink(&urr, udb);
domain_add_rrset(domain, rrset);
if(domain == zone->apex)
apex_rrset_checks(db, rrset, domain);
}
/** read one elem from db, of type domain_d */
static void read_node_elem(udb_base* udb, namedb_type* db,
region_type* dname_region, zone_type* zone, struct domain_d* d)
{
const dname_type* dname;
domain_type* domain;
udb_ptr urrset;
dname = dname_make(dname_region, d->name, 0);
if(!dname) return;
domain = domain_table_insert(db->domains, dname);
assert(domain); /* domain_table_insert should always return non-NULL */
/* add rrsets */
udb_ptr_init(&urrset, udb);
udb_ptr_set_rptr(&urrset, udb, &d->rrsets);
while(urrset.data) {
read_rrset(udb, db, zone, domain, &urrset);
udb_ptr_set_rptr(&urrset, udb, &RRSET(&urrset)->next);
if(++udb_rrsets % ZONEC_PCT_COUNT == 0 && time(NULL) > udb_time + ZONEC_PCT_TIME) {
udb_time = time(NULL);
VERBOSITY(1, (LOG_INFO, "read %s %d %%",
zone->opts->name,
(int)(udb_rrsets*((unsigned long)100)/udb_rrset_count)));
}
}
region_free_all(dname_region);
udb_ptr_unlink(&urrset, udb);
}
/** recurse read radix from disk. This radix tree is by domain name, so max of
* 256 depth, and thus the stack usage is small. */
static void read_zone_recurse(udb_base* udb, namedb_type* db,
region_type* dname_region, zone_type* zone, struct udb_radnode_d* node)
{
if(node->elem.data) {
/* pre-order process of node->elem, for radix tree this is
* also in-order processing (identical to order tree_next()) */
read_node_elem(udb, db, dname_region, zone, (struct domain_d*)
((char*)udb->base + node->elem.data));
}
if(node->lookup.data) {
uint16_t i;
struct udb_radarray_d* a = (struct udb_radarray_d*)
((char*)udb->base + node->lookup.data);
/* we do not care for what the exact radix key is, we want
* to add all of them and the read routine does not need
* the radix-key, it has it stored */
for(i=0; i<a->len; i++) {
if(a->array[i].node.data) {
read_zone_recurse(udb, db, dname_region, zone,
(struct udb_radnode_d*)((char*)udb->base +
a->array[i].node.data));
}
}
}
}
/** read zone data */
static void
read_zone_data(udb_base* udb, namedb_type* db, region_type* dname_region,
udb_ptr* z, zone_type* zone)
{
udb_ptr dtree;
/* recursively read domains, we only read so ptrs stay valid */
udb_ptr_new(&dtree, udb, &ZONE(z)->domains);
if(RADTREE(&dtree)->root.data)
read_zone_recurse(udb, db, dname_region, zone,
(struct udb_radnode_d*)
((char*)udb->base + RADTREE(&dtree)->root.data));
udb_ptr_unlink(&dtree, udb);
}
/** create a zone */
zone_type*
namedb_zone_create(namedb_type* db, const dname_type* dname,
@ -294,103 +129,8 @@ namedb_zone_delete(namedb_type* db, zone_type* zone)
region_recycle(db->region, zone, sizeof(zone_type));
}
#ifdef HAVE_MMAP
/** read a zone */
static void
read_zone(udb_base* udb, namedb_type* db, struct nsd_options* opt,
region_type* dname_region, udb_ptr* z)
{
/* construct dname */
const dname_type* dname = dname_make(dname_region, ZONE(z)->name, 0);
struct zone_options* zo = dname?zone_options_find(opt, dname):NULL;
zone_type* zone;
if(!dname) return;
if(!zo) {
/* deleted from the options, remove it from the nsd.db too */
VERBOSITY(2, (LOG_WARNING, "zone %s is deleted",
dname_to_string(dname, NULL)));
udb_zone_delete(udb, z);
region_free_all(dname_region);
return;
}
assert(udb_ptr_get_type(z) == udb_chunk_type_zone);
udb_rrsets = 0;
udb_rrset_count = ZONE(z)->rrset_count;
zone = namedb_zone_create(db, dname, zo);
region_free_all(dname_region);
read_zone_data(udb, db, dname_region, z, zone);
zone->is_changed = (ZONE(z)->is_changed != 0);
#ifdef NSEC3
prehash_zone_complete(db, zone);
#endif
}
#endif /* HAVE_MMAP */
#ifdef HAVE_MMAP
/** read zones from nsd.db */
static void
read_zones(udb_base* udb, namedb_type* db, struct nsd_options* opt,
region_type* dname_region)
{
udb_ptr ztree, n, z;
udb_ptr_init(&z, udb);
udb_ptr_new(&ztree, udb, udb_base_get_userdata(udb));
udb_radix_first(udb,&ztree,&n);
udb_time = time(NULL);
while(n.data) {
udb_ptr_set_rptr(&z, udb, &RADNODE(&n)->elem);
udb_radix_next(udb, &n); /* store in case n is deleted */
read_zone(udb, db, opt, dname_region, &z);
udb_ptr_zero(&z, udb);
if(nsd.signal_hint_shutdown) break;
}
udb_ptr_unlink(&ztree, udb);
udb_ptr_unlink(&n, udb);
udb_ptr_unlink(&z, udb);
}
#endif /* HAVE_MMAP */
#ifdef HAVE_MMAP
/** try to read the udb file or fail */
static int
try_read_udb(namedb_type* db, int fd, const char* filename,
struct nsd_options* opt)
{
/*
* Temporary region used while loading domain names from the
* database. The region is freed after each time a dname is
* read from the database.
*/
region_type* dname_region;
assert(fd != -1);
if(!(db->udb=udb_base_create_fd(filename, fd, &namedb_walkfunc,
NULL))) {
/* fd is closed by failed udb create call */
VERBOSITY(1, (LOG_ERR, "can not use %s, "
"will create anew", filename));
return 0;
}
/* sanity check if can be opened */
if(udb_base_get_userflags(db->udb) != 0) {
log_msg(LOG_ERR, "%s was not closed properly, it might "
"be corrupted, will create anew", filename);
udb_base_free(db->udb);
db->udb = NULL;
return 0;
}
/* read if it can be opened */
dname_region = region_create(xalloc, free);
/* this operation does not fail, we end up with
* something, even if that is an empty namedb */
read_zones(db->udb, db, opt, dname_region);
region_destroy(dname_region);
return 1;
}
#endif /* HAVE_MMAP */
struct namedb *
namedb_open (const char* filename, struct nsd_options* opt)
namedb_open (struct nsd_options* opt)
{
namedb_type* db;
@ -399,7 +139,8 @@ namedb_open (const char* filename, struct nsd_options* opt)
* freed in namedb_close.
*/
region_type* db_region;
int fd;
(void)opt;
#ifdef USE_MMAP_ALLOC
db_region = region_create_custom(mmap_alloc, mmap_free, MMAP_ALLOC_CHUNK_SIZE,
@ -417,54 +158,12 @@ namedb_open (const char* filename, struct nsd_options* opt)
zonec_setup_parser(db);
if (gettimeofday(&(db->diff_timestamp), NULL) != 0) {
log_msg(LOG_ERR, "unable to load %s: cannot initialize"
"timestamp", filename);
log_msg(LOG_ERR, "unable to load namedb: cannot initialize timestamp");
region_destroy(db_region);
return NULL;
}
/* in dbless mode there is no file to read or mmap */
if(filename == NULL || filename[0] == 0) {
db->udb = NULL;
return db;
}
#ifndef HAVE_MMAP
/* no mmap() system call, use dbless mode */
VERBOSITY(1, (LOG_INFO, "no mmap(), ignoring database %s", filename));
db->udb = NULL;
(void)fd; (void)opt;
return db;
#else /* HAVE_MMAP */
/* attempt to open, if does not exist, create a new one */
fd = open(filename, O_RDWR);
if(fd == -1) {
if(errno != ENOENT) {
log_msg(LOG_ERR, "%s: %s", filename, strerror(errno));
region_destroy(db_region);
return NULL;
}
}
/* attempt to read the file (if it exists) */
if(fd != -1) {
if(!try_read_udb(db, fd, filename, opt))
fd = -1;
}
/* attempt to create the file (if necessary or failed read) */
if(fd == -1) {
if(!(db->udb=udb_base_create_new(filename, &namedb_walkfunc,
NULL))) {
region_destroy(db_region);
return NULL;
}
if(!udb_dns_init_file(db->udb)) {
region_destroy(db->region);
return NULL;
}
}
return db;
#endif /* HAVE_MMAP */
}
/** get the file mtime stat (or nonexist or error) */
@ -527,15 +226,6 @@ namedb_read_zonefile(struct nsd* nsd, struct zone* zone, udb_base* taskudb,
} else {
const char* zone_fname = zone->filename;
struct timespec zone_mtime = zone->mtime;
if(nsd->db->udb) {
zone_fname = udb_zone_get_file_str(nsd->db->udb,
dname_name(domain_dname(zone->apex)),
domain_dname(zone->apex)->name_size);
udb_zone_get_mtime(nsd->db->udb,
dname_name(domain_dname(zone->apex)),
domain_dname(zone->apex)->name_size,
&zone_mtime);
}
/* if no zone_fname, then it was acquired in zone transfer,
* see if the file is newer than the zone transfer
* (regardless if this is a different file), because the
@ -582,60 +272,29 @@ namedb_read_zonefile(struct nsd* nsd, struct zone* zone, udb_base* taskudb,
zone->nsec3_param = NULL;
#endif
delete_zone_rrs(nsd->db, zone);
if(nsd->db->udb) {
region_type* dname_region;
udb_ptr z;
/* see if we can revert to the udb stored version */
if(!udb_zone_search(nsd->db->udb, &z, dname_name(domain_dname(
zone->apex)), domain_dname(zone->apex)->name_size)) {
/* tell that zone contents has been lost */
if(taskudb) task_new_soainfo(taskudb, last_task, zone, 0);
ixfr_create_cancel(ixfrcr);
return;
}
/* read from udb */
dname_region = region_create(xalloc, free);
udb_rrsets = 0;
udb_rrset_count = ZONE(&z)->rrset_count;
udb_time = time(NULL);
read_zone_data(nsd->db->udb, nsd->db, dname_region, &z, zone);
region_destroy(dname_region);
udb_ptr_unlink(&z, nsd->db->udb);
} else {
if(zone->filename)
region_recycle(nsd->db->region, zone->filename,
strlen(zone->filename)+1);
zone->filename = NULL;
if(zone->logstr)
region_recycle(nsd->db->region, zone->logstr,
strlen(zone->logstr)+1);
zone->logstr = NULL;
}
if(zone->filename)
region_recycle(nsd->db->region, zone->filename,
strlen(zone->filename)+1);
zone->filename = NULL;
if(zone->logstr)
region_recycle(nsd->db->region, zone->logstr,
strlen(zone->logstr)+1);
zone->logstr = NULL;
} else {
VERBOSITY(1, (LOG_INFO, "zone %s read with success",
zone->opts->name));
zone->is_ok = 1;
zone->is_changed = 0;
/* store zone into udb */
if(nsd->db->udb) {
if(!write_zone_to_udb(nsd->db->udb, zone, &mtime,
fname)) {
log_msg(LOG_ERR, "failed to store zone in db");
} else {
VERBOSITY(2, (LOG_INFO, "zone %s written to db",
zone->opts->name));
}
} else {
zone->mtime = mtime;
if(zone->filename)
region_recycle(nsd->db->region, zone->filename,
strlen(zone->filename)+1);
zone->filename = region_strdup(nsd->db->region, fname);
if(zone->logstr)
region_recycle(nsd->db->region, zone->logstr,
strlen(zone->logstr)+1);
zone->logstr = NULL;
}
zone->mtime = mtime;
if(zone->filename)
region_recycle(nsd->db->region, zone->filename,
strlen(zone->filename)+1);
zone->filename = region_strdup(nsd->db->region, fname);
if(zone->logstr)
region_recycle(nsd->db->region, zone->logstr,
strlen(zone->logstr)+1);
zone->logstr = NULL;
if(ixfr_create_already_done) {
ixfr_readup_exist(zone, nsd, fname);
} else if(ixfrcr) {

164
usr.sbin/nsd/dbcreate.c
View File

@ -19,8 +19,6 @@
#include "namedb.h"
#include "udb.h"
#include "udbradtree.h"
#include "udbzone.h"
#include "options.h"
#include "nsd.h"
#include "ixfr.h"
@ -66,121 +64,6 @@ rr_marshal_rdata(rr_type* rr, uint8_t* rdata, size_t sz)
return len;
}
/** delete an RR */
void
udb_del_rr(udb_base* udb, udb_ptr* z, rr_type* rr)
{
/* marshal the rdata (uncompressed) into a buffer */
uint8_t rdata[MAX_RDLENGTH];
size_t rdatalen = rr_marshal_rdata(rr, rdata, sizeof(rdata));
assert(udb);
udb_zone_del_rr(udb, z, dname_name(domain_dname(rr->owner)),
domain_dname(rr->owner)->name_size, rr->type, rr->klass,
rdata, rdatalen);
}
/** write rr */
int
udb_write_rr(udb_base* udb, udb_ptr* z, rr_type* rr)
{
/* marshal the rdata (uncompressed) into a buffer */
uint8_t rdata[MAX_RDLENGTH];
size_t rdatalen = 0;
unsigned i;
assert(rr);
for(i=0; i<rr->rdata_count; i++) {
rdatalen += add_rdata(rr, i, rdata+rdatalen,
sizeof(rdata)-rdatalen);
}
assert(udb);
return udb_zone_add_rr(udb, z, dname_name(domain_dname(rr->owner)),
domain_dname(rr->owner)->name_size, rr->type, rr->klass,
rr->ttl, rdata, rdatalen);
}
/** write rrset */
static int
write_rrset(udb_base* udb, udb_ptr* z, rrset_type* rrset)
{
unsigned i;
for(i=0; i<rrset->rr_count; i++) {
if(!udb_write_rr(udb, z, &rrset->rrs[i]))
return 0;
}
return 1;
}
/** write a zone */
static int
write_zone(udb_base* udb, udb_ptr* z, zone_type* zone)
{
/* write all domains in the zone */
domain_type* walk;
rrset_type* rrset;
unsigned long n = 0, c = 0;
time_t t = time(NULL);
/* count domains: for pct logging */
for(walk=zone->apex; walk && domain_is_subdomain(walk, zone->apex);
walk=domain_next(walk)) {
n++;
}
/* write them */
for(walk=zone->apex; walk && domain_is_subdomain(walk, zone->apex);
walk=domain_next(walk)) {
/* write all rrsets (in the zone) for this domain */
for(rrset=walk->rrsets; rrset; rrset=rrset->next) {
if(rrset->zone == zone) {
if(!write_rrset(udb, z, rrset))
return 0;
}
}
/* only check every ... domains, and print pct */
if(++c % ZONEC_PCT_COUNT == 0 && time(NULL) > t + ZONEC_PCT_TIME) {
t = time(NULL);
VERBOSITY(1, (LOG_INFO, "write %s %d %%",
zone->opts->name, (n==0)?0:(int)(c*((unsigned long)100)/n)));
}
}
return 1;
}
/** create and write a zone */
int
write_zone_to_udb(udb_base* udb, zone_type* zone, struct timespec* mtime,
const char* file_str)
{
udb_ptr z;
/* make udb dirty */
udb_base_set_userflags(udb, 1);
/* find or create zone */
if(udb_zone_search(udb, &z, dname_name(domain_dname(zone->apex)),
domain_dname(zone->apex)->name_size)) {
/* wipe existing contents */
udb_zone_clear(udb, &z);
} else {
if(!udb_zone_create(udb, &z, dname_name(domain_dname(
zone->apex)), domain_dname(zone->apex)->name_size)) {
udb_base_set_userflags(udb, 0);
return 0;
}
}
/* set mtime */
ZONE(&z)->mtime = (uint64_t)mtime->tv_sec;
ZONE(&z)->mtime_nsec = (uint64_t)mtime->tv_nsec;
ZONE(&z)->is_changed = 0;
udb_zone_set_log_str(udb, &z, NULL);
udb_zone_set_file_str(udb, &z, file_str);
/* write zone */
if(!write_zone(udb, &z, zone)) {
udb_base_set_userflags(udb, 0);
return 0;
}
udb_ptr_unlink(&z, udb);
udb_base_set_userflags(udb, 0);
return 1;
}
int
print_rrs(FILE* out, struct zone* zone)
{
@ -354,36 +237,21 @@ namedb_write_zonefile(struct nsd* nsd, struct zone_options* zopt)
char logs[4096];
char bakfile[4096];
struct timespec mtime;
udb_ptr zudb;
if(nsd->db->udb) {
if(!udb_zone_search(nsd->db->udb, &zudb,
dname_name(domain_dname(zone->apex)),
domain_dname(zone->apex)->name_size))
return; /* zone does not exist in db */
}
/* write to zfile~ first, then rename if that works */
snprintf(bakfile, sizeof(bakfile), "%s~", zfile);
if(nsd->db->udb && ZONE(&zudb)->log_str.data) {
udb_ptr s;
udb_ptr_new(&s, nsd->db->udb, &ZONE(&zudb)->log_str);
strlcpy(logs, (char*)udb_ptr_data(&s), sizeof(logs));
udb_ptr_unlink(&s, nsd->db->udb);
} else if(zone->logstr) {
if(zone->logstr)
strlcpy(logs, zone->logstr, sizeof(logs));
} else logs[0] = 0;
else
logs[0] = 0;
VERBOSITY(1, (LOG_INFO, "writing zone %s to file %s",
zone->opts->name, zfile));
if(!write_to_zonefile(zone, bakfile, logs)) {
if(nsd->db->udb)
udb_ptr_unlink(&zudb, nsd->db->udb);
(void)unlink(bakfile); /* delete failed file */
return; /* error already printed */
}
if(rename(bakfile, zfile) == -1) {
log_msg(LOG_ERR, "rename(%s to %s) failed: %s",
bakfile, zfile, strerror(errno));
if(nsd->db->udb)
udb_ptr_unlink(&zudb, nsd->db->udb);
(void)unlink(bakfile); /* delete failed file */
return;
}
@ -393,23 +261,15 @@ namedb_write_zonefile(struct nsd* nsd, struct zone_options* zopt)
if(!file_get_mtime(zfile, &mtime, &notexist)) {
get_time(&mtime);
}
if(nsd->db->udb) {
ZONE(&zudb)->mtime = (uint64_t)mtime.tv_sec;
ZONE(&zudb)->mtime_nsec = (uint64_t)mtime.tv_nsec;
ZONE(&zudb)->is_changed = 0;
udb_zone_set_log_str(nsd->db->udb, &zudb, NULL);
udb_ptr_unlink(&zudb, nsd->db->udb);
} else {
zone->mtime = mtime;
if(zone->filename)
region_recycle(nsd->db->region, zone->filename,
strlen(zone->filename)+1);
zone->filename = region_strdup(nsd->db->region, zfile);
if(zone->logstr)
region_recycle(nsd->db->region, zone->logstr,
strlen(zone->logstr)+1);
zone->logstr = NULL;
}
zone->mtime = mtime;
if(zone->filename)
region_recycle(nsd->db->region, zone->filename,
strlen(zone->filename)+1);
zone->filename = region_strdup(nsd->db->region, zfile);
if(zone->logstr)
region_recycle(nsd->db->region, zone->logstr,
strlen(zone->logstr)+1);
zone->logstr = NULL;
if(zone_is_ixfr_enabled(zone) && zone->ixfr)
ixfr_write_to_file(zone, zfile);
}

459
usr.sbin/nsd/difffile.c
View File

@ -19,7 +19,6 @@
#include "packet.h"
#include "rdata.h"
#include "udb.h"
#include "udbzone.h"
#include "nsec3.h"
#include "nsd.h"
#include "rrl.h"
@ -462,8 +461,7 @@ find_rr_num(rrset_type* rrset, uint16_t type, uint16_t klass,
#ifdef NSEC3
/* see if nsec3 deletion triggers need action */
static void
nsec3_delete_rr_trigger(namedb_type* db, rr_type* rr, zone_type* zone,
udb_ptr* udbz)
nsec3_delete_rr_trigger(namedb_type* db, rr_type* rr, zone_type* zone)
{
/* the RR has not actually been deleted yet, so we can inspect it */
if(!zone->nsec3_param)
@ -494,7 +492,7 @@ nsec3_delete_rr_trigger(namedb_type* db, rr_type* rr, zone_type* zone,
/* clear trees, wipe hashes, wipe precompile */
nsec3_clear_precompile(db, zone);
/* pick up new nsec3param (from udb, or avoid deleted rr) */
nsec3_find_zone_param(db, zone, udbz, rr, 0);
nsec3_find_zone_param(db, zone, rr, 0);
/* if no more NSEC3, done */
if(!zone->nsec3_param)
return;
@ -583,8 +581,7 @@ nsec3_delete_rrset_trigger(namedb_type* db, domain_type* domain,
/* see if nsec3 addition triggers need action */
static void
nsec3_add_rr_trigger(namedb_type* db, rr_type* rr, zone_type* zone,
udb_ptr* udbz)
nsec3_add_rr_trigger(namedb_type* db, rr_type* rr, zone_type* zone)
{
/* the RR has been added in full, also to UDB (and thus NSEC3PARAM
* in the udb has been adjusted) */
@ -606,7 +603,7 @@ nsec3_add_rr_trigger(namedb_type* db, rr_type* rr, zone_type* zone,
prehash_add(db->domains, rr->owner);
} else if(!zone->nsec3_param && rr->type == TYPE_NSEC3PARAM) {
/* see if this means NSEC3 chain can be used */
nsec3_find_zone_param(db, zone, udbz, NULL, 0);
nsec3_find_zone_param(db, zone, NULL, 0);
if(!zone->nsec3_param)
return;
nsec3_zone_trees_create(db->region, zone);
@ -669,7 +666,7 @@ int
delete_RR(namedb_type* db, const dname_type* dname,
uint16_t type, uint16_t klass,
buffer_type* packet, size_t rdatalen, zone_type *zone,
region_type* temp_region, udb_ptr* udbz, int* softfail)
region_type* temp_region, int* softfail)
{
domain_type *domain;
rrset_type *rrset;
@ -715,12 +712,9 @@ delete_RR(namedb_type* db, const dname_type* dname,
*softfail = 1;
return 1; /* not fatal error */
}
/* delete the normalized RR from the udb */
if(db->udb)
udb_del_rr(db->udb, udbz, &rrset->rrs[rrnum]);
#ifdef NSEC3
/* process triggers for RR deletions */
nsec3_delete_rr_trigger(db, &rrset->rrs[rrnum], zone, udbz);
nsec3_delete_rr_trigger(db, &rrset->rrs[rrnum], zone);
#endif
/* lower usage (possibly deleting other domains, and thus
* invalidating the current RR's domain pointers) */
@ -785,7 +779,7 @@ delete_RR(namedb_type* db, const dname_type* dname,
int
add_RR(namedb_type* db, const dname_type* dname,
uint16_t type, uint16_t klass, uint32_t ttl,
buffer_type* packet, size_t rdatalen, zone_type *zone, udb_ptr* udbz,
buffer_type* packet, size_t rdatalen, zone_type *zone,
int* softfail)
{
domain_type* domain;
@ -879,13 +873,6 @@ add_RR(namedb_type* db, const dname_type* dname,
#endif /* NSEC3 */
}
/* write the just-normalized RR to the udb */
if(db->udb) {
if(!udb_write_rr(db->udb, udbz, &rrset->rrs[rrset->rr_count - 1])) {
log_msg(LOG_ERR, "could not add RR to nsd.db, disk-space?");
return 0;
}
}
#ifdef NSEC3
if(rrset_added) {
domain_type* p = domain->parent;
@ -897,7 +884,7 @@ add_RR(namedb_type* db, const dname_type* dname,
p = p->parent;
}
}
nsec3_add_rr_trigger(db, &rrset->rrs[rrset->rr_count - 1], zone, udbz);
nsec3_add_rr_trigger(db, &rrset->rrs[rrset->rr_count - 1], zone);
#endif /* NSEC3 */
return 1;
}
@ -1003,20 +990,16 @@ delete_zone_rrs(namedb_type* db, zone_type* zone)
/* return value 0: syntaxerror,badIXFR, 1:OK, 2:done_and_skip_it */
static int
apply_ixfr(namedb_type* db, FILE *in, const char* zone, uint32_t serialno,
struct nsd_options* opt, uint32_t seq_nr, uint32_t seq_total,
apply_ixfr(nsd_type* nsd, FILE *in, uint32_t serialno,
uint32_t seq_nr, uint32_t seq_total,
int* is_axfr, int* delete_mode, int* rr_count,
udb_ptr* udbz, struct zone** zone_res, const char* patname, int* bytes,
struct zone* zone, int* bytes,
int* softfail, struct ixfr_store* ixfr_store)
{
uint32_t msglen, checklen, pkttype;
int qcount, ancount, counter;
int qcount, ancount;
buffer_type* packet;
region_type* region;
int i;
uint16_t rrlen;
const dname_type *dname_zone, *dname;
zone_type* zone_db;
/* note that errors could not really happen due to format of the
* packet since xfrd has checked all dnames and RRs before commit,
@ -1066,15 +1049,6 @@ apply_ixfr(namedb_type* db, FILE *in, const char* zone, uint32_t serialno,
}
*bytes += msglen;
dname_zone = dname_parse(region, zone);
zone_db = find_or_create_zone(db, dname_zone, opt, zone, patname);
if(!zone_db) {
log_msg(LOG_ERR, "could not create zone %s %s", zone, patname);
region_destroy(region);
return 0;
}
*zone_res = zone_db;
/* only answer section is really used, question, additional and
authority section RRs are skipped */
qcount = QDCOUNT(packet);
@ -1088,79 +1062,24 @@ apply_ixfr(namedb_type* db, FILE *in, const char* zone, uint32_t serialno,
}
/* skip queries */
for(i=0; i<qcount; ++i)
for(int i=0; i < qcount; ++i) {
if(!packet_skip_rr(packet, 1)) {
log_msg(LOG_ERR, "bad RR in question section");
region_destroy(region);
return 0;
}
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: started packet for zone %s",
dname_to_string(dname_zone, 0)));
/* first RR: check if SOA and correct zone & serialno */
if(*rr_count == 0) {
size_t ttlpos;
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s parse first RR",
dname_to_string(dname_zone, 0)));
dname = dname_make_from_packet(region, packet, 1, 1);
if(!dname) {
log_msg(LOG_ERR, "could not parse dname");
region_destroy(region);
return 0;
}
if(dname_compare(dname_zone, dname) != 0) {
log_msg(LOG_ERR, "SOA dname %s not equal to zone",
dname_to_string(dname,0));
log_msg(LOG_ERR, "zone dname is %s",
dname_to_string(dname_zone,0));
region_destroy(region);
return 0;
}
if(!buffer_available(packet, 10)) {
log_msg(LOG_ERR, "bad SOA RR");
region_destroy(region);
return 0;
}
if(buffer_read_u16(packet) != TYPE_SOA ||
buffer_read_u16(packet) != CLASS_IN) {
log_msg(LOG_ERR, "first RR not SOA IN");
region_destroy(region);
return 0;
}
ttlpos = buffer_position(packet);
buffer_skip(packet, sizeof(uint32_t)); /* ttl */
if(!buffer_available(packet, buffer_read_u16(packet)) ||
!packet_skip_dname(packet) /* skip prim_ns */ ||
!packet_skip_dname(packet) /* skip email */) {
log_msg(LOG_ERR, "bad SOA RR");
region_destroy(region);
return 0;
}
if(buffer_read_u32(packet) != serialno) {
buffer_skip(packet, -4);
log_msg(LOG_ERR, "SOA serial %u different from commit %u",
(unsigned)buffer_read_u32(packet), (unsigned)serialno);
region_destroy(region);
return 0;
}
buffer_skip(packet, sizeof(uint32_t)*4);
counter = 1;
*rr_count = 1;
*is_axfr = 0;
*delete_mode = 0;
if(ixfr_store)
ixfr_store_add_newsoa(ixfr_store, packet, ttlpos);
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s start count %d, ax %d, delmode %d",
dname_to_string(dname_zone, 0), *rr_count, *is_axfr, *delete_mode));
}
else counter = 0;
for(; counter < ancount; ++counter,++(*rr_count))
{
uint16_t type, klass;
DEBUG(DEBUG_XFRD, 2, (LOG_INFO, "diff: started packet for zone %s",
domain_to_string(zone->apex)));
for(int i=0; i < ancount; ++i, ++(*rr_count)) {
const dname_type *owner;
uint16_t type, klass, rrlen;
uint32_t ttl;
if(!(dname=dname_make_from_packet(region, packet, 1,1))) {
owner = dname_make_from_packet(region, packet, 1, 1);
if(!owner) {
log_msg(LOG_ERR, "bad xfr RR dname %d", *rr_count);
region_destroy(region);
return 0;
@ -1180,79 +1099,119 @@ apply_ixfr(namedb_type* db, FILE *in, const char* zone, uint32_t serialno,
region_destroy(region);
return 0;
}
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s parsed count %d, ax %d, delmode %d",
dname_to_string(dname_zone, 0), *rr_count, *is_axfr, *delete_mode));
if(*rr_count == 1 && type != TYPE_SOA) {
/* second RR: if not SOA: this is an AXFR; delete all zone contents */
#ifdef NSEC3
nsec3_clear_precompile(db, zone_db);
zone_db->nsec3_param = NULL;
#endif
delete_zone_rrs(db, zone_db);
if(db->udb)
udb_zone_clear(db->udb, udbz);
/* add everything else (incl end SOA) */
*delete_mode = 0;
*is_axfr = 1;
if(ixfr_store) {
ixfr_store_cancel(ixfr_store);
ixfr_store_delixfrs(zone_db);
}
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s sawAXFR count %d, ax %d, delmode %d",
dname_to_string(dname_zone, 0), *rr_count, *is_axfr, *delete_mode));
}
if(*rr_count == 1 && type == TYPE_SOA) {
/* if the serial no of the SOA equals the serialno, then AXFR */
size_t bufpos = buffer_position(packet);
uint32_t thisserial;
if(!packet_skip_dname(packet) ||
!packet_skip_dname(packet) ||
buffer_remaining(packet) < sizeof(uint32_t)*5)
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s parsed count %d, ax %d, delmode %d",
domain_to_string(zone->apex), *rr_count, *is_axfr, *delete_mode));
if (type == TYPE_SOA) {
size_t position;
uint32_t serial;
position = buffer_position(packet);
if (!packet_skip_dname(packet) ||
!packet_skip_dname(packet) ||
buffer_remaining(packet) < sizeof(uint32_t) * 5)
{
log_msg(LOG_ERR, "bad xfr SOA RR formerr.");
region_destroy(region);
return 0;
}
thisserial = buffer_read_u32(packet);
if(thisserial == serialno) {
/* AXFR */
#ifdef NSEC3
nsec3_clear_precompile(db, zone_db);
zone_db->nsec3_param = NULL;
#endif
delete_zone_rrs(db, zone_db);
if(db->udb)
udb_zone_clear(db->udb, udbz);
*delete_mode = 0;
*is_axfr = 1;
serial = buffer_read_u32(packet);
buffer_set_position(packet, position);
/* first RR: check if SOA and correct zone & serialno */
if (*rr_count == 0) {
assert(!*is_axfr);
assert(!*delete_mode);
if (klass != CLASS_IN) {
log_msg(LOG_ERR, "first RR not SOA IN");
region_destroy(region);
return 0;
}
if(dname_compare(domain_dname(zone->apex), owner) != 0) {
log_msg(LOG_ERR, "SOA dname not equal to zone %s",
domain_to_string(zone->apex));
region_destroy(region);
return 0;
}
if(serial != serialno) {
log_msg(LOG_ERR, "SOA serial %u different from commit %u",
(unsigned)serial, (unsigned)serialno);
region_destroy(region);
return 0;
}
buffer_skip(packet, rrlen);
if(ixfr_store)
ixfr_store_cancel(ixfr_store);
ixfr_store_add_newsoa(ixfr_store, ttl, packet, rrlen);
continue;
} else if (*rr_count == 1) {
assert(!*is_axfr);
assert(!*delete_mode);
/* if the serial no of the SOA equals the serialno, then AXFR */
if (serial == serialno)
goto axfr;
*delete_mode = 1;
/* must have stuff in memory for a successful IXFR,
* the serial number of the SOA has been checked
* previously (by check_for_bad_serial) if it exists */
if(!domain_find_rrset(zone->apex, zone, TYPE_SOA)) {
log_msg(LOG_ERR, "%s SOA serial %u is not "
"in memory, skip IXFR", domain_to_string(zone->apex), serialno);
region_destroy(region);
/* break out and stop the IXFR, ignore it */
return 2;
}
if(ixfr_store)
ixfr_store_add_oldsoa(ixfr_store, ttl, packet, rrlen);
} else if (!*is_axfr) {
/* do not delete final SOA RR for IXFR */
if (i == ancount - 1 && seq_nr == seq_total - 1) {
if (ixfr_store) {
ixfr_store_add_newsoa(ixfr_store, ttl, packet, rrlen);
}
*delete_mode = 0;
buffer_skip(packet, rrlen);
continue;
} else
*delete_mode = !*delete_mode;
if (ixfr_store && *delete_mode) {
ixfr_store_add_newsoa(ixfr_store, ttl, packet, rrlen);
ixfr_store_finish(ixfr_store, nsd, NULL);
ixfr_store_start(zone, ixfr_store);
ixfr_store_add_oldsoa(ixfr_store, ttl, packet, rrlen);
}
/* switch from delete-part to add-part and back again,
just before soa - so it gets deleted and added too */
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s IXFRswapdel count %d, ax %d, delmode %d",
domain_to_string(zone->apex), *rr_count, *is_axfr, *delete_mode));
}
/* must have stuff in memory for a successful IXFR,
* the serial number of the SOA has been checked
* previously (by check_for_bad_serial) if it exists */
if(!*is_axfr && !domain_find_rrset(zone_db->apex,
zone_db, TYPE_SOA)) {
log_msg(LOG_ERR, "%s SOA serial %u is not "
"in memory, skip IXFR", zone, serialno);
} else {
if (*rr_count == 0) {
log_msg(LOG_ERR, "first RR not SOA IN");
region_destroy(region);
/* break out and stop the IXFR, ignore it */
return 2;
return 0;
/* second RR: if not SOA: this is an AXFR; delete all zone contents */
} else if (*rr_count == 1) {
axfr:
*is_axfr = 1;
#ifdef NSEC3
nsec3_clear_precompile(nsd->db, zone);
zone->nsec3_param = NULL;
#endif
delete_zone_rrs(nsd->db, zone);
if(ixfr_store) {
ixfr_store_cancel(ixfr_store);
ixfr_store_delixfrs(zone);
}
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s sawAXFR count %d, ax %d, delmode %d",
domain_to_string(zone->apex), *rr_count, *is_axfr, *delete_mode));
}
buffer_set_position(packet, bufpos);
if(!*is_axfr && ixfr_store)
ixfr_store_add_oldsoa(ixfr_store, ttl, packet,
rrlen);
}
if(type == TYPE_SOA && !*is_axfr) {
/* switch from delete-part to add-part and back again,
just before soa - so it gets deleted and added too */
/* this means we switch to delete mode for the final SOA */
*delete_mode = !*delete_mode;
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s IXFRswapdel count %d, ax %d, delmode %d",
dname_to_string(dname_zone, 0), *rr_count, *is_axfr, *delete_mode));
}
if(type == TYPE_TSIG || type == TYPE_OPT) {
/* ignore pseudo RRs */
buffer_skip(packet, rrlen);
@ -1261,30 +1220,25 @@ apply_ixfr(namedb_type* db, FILE *in, const char* zone, uint32_t serialno,
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "xfr %s RR dname is %s type %s",
*delete_mode?"del":"add",
dname_to_string(dname,0), rrtype_to_string(type)));
dname_to_string(owner, 0), rrtype_to_string(type)));
if(*delete_mode) {
assert(!*is_axfr);
/* delete this rr */
if(!*is_axfr && type == TYPE_SOA && counter==ancount-1
&& seq_nr == seq_total-1) {
continue; /* do not delete final SOA RR for IXFR */
}
if(ixfr_store)
ixfr_store_delrr(ixfr_store, dname, type,
ixfr_store_delrr(ixfr_store, owner, type,
klass, ttl, packet, rrlen, region);
if(!delete_RR(db, dname, type, klass, packet,
rrlen, zone_db, region, udbz, softfail)) {
if(!delete_RR(nsd->db, owner, type, klass, packet,
rrlen, zone, region, softfail)) {
region_destroy(region);
return 0;
}
}
else
{
} else {
/* add this rr */
if(ixfr_store)
ixfr_store_addrr(ixfr_store, dname, type,
ixfr_store_addrr(ixfr_store, owner, type,
klass, ttl, packet, rrlen, region);
if(!add_RR(db, dname, type, klass, ttl, packet,
rrlen, zone_db, udbz, softfail)) {
if(!add_RR(nsd->db, owner, type, klass, ttl, packet,
rrlen, zone, softfail)) {
region_destroy(region);
return 0;
}
@ -1320,8 +1274,8 @@ check_for_bad_serial(namedb_type* db, const char* zone_str, uint32_t old_serial)
}
static int
apply_ixfr_for_zone(nsd_type* nsd, zone_type* zonedb, FILE* in,
struct nsd_options* opt, udb_base* taskudb, udb_ptr* last_task,
apply_ixfr_for_zone(nsd_type* nsd, zone_type* zone, FILE* in,
struct nsd_options* ATTR_UNUSED(opt), udb_base* taskudb, udb_ptr* last_task,
uint32_t xfrfilenr)
{
char zone_buf[3072];
@ -1335,7 +1289,7 @@ apply_ixfr_for_zone(nsd_type* nsd, zone_type* zonedb, FILE* in,
uint32_t i;
int num_bytes = 0;
(void)last_task;
assert(zonedb);
assert(zone);
/* read zone name and serial */
if(!diff_read_32(in, &type)) {
@ -1366,9 +1320,9 @@ apply_ixfr_for_zone(nsd_type* nsd, zone_type* zonedb, FILE* in,
}
/* has been read in completely */
if(strcmp(zone_buf, domain_to_string(zonedb->apex)) != 0) {
if(strcmp(zone_buf, domain_to_string(zone->apex)) != 0) {
log_msg(LOG_ERR, "file %s does not match task %s",
zone_buf, domain_to_string(zonedb->apex));
zone_buf, domain_to_string(zone->apex));
return 0;
}
switch(committed) {
@ -1397,50 +1351,22 @@ apply_ixfr_for_zone(nsd_type* nsd, zone_type* zonedb, FILE* in,
return 1;
}
if(!zonedb->is_skipped)
if(!zone->is_skipped)
{
int is_axfr=0, delete_mode=0, rr_count=0, softfail=0;
const dname_type* apex = domain_dname_const(zonedb->apex);
udb_ptr z;
struct ixfr_store* ixfr_store = NULL, ixfr_store_mem;
DEBUG(DEBUG_XFRD,1, (LOG_INFO, "processing xfr: %s", zone_buf));
if(zone_is_ixfr_enabled(zonedb))
ixfr_store = ixfr_store_start(zonedb, &ixfr_store_mem,
old_serial, new_serial);
memset(&z, 0, sizeof(z)); /* if udb==NULL, have &z defined */
if(nsd->db->udb) {
if(udb_base_get_userflags(nsd->db->udb) != 0) {
diff_update_commit(
zone_buf, DIFF_CORRUPT, nsd, xfrfilenr);
log_msg(LOG_ERR, "database corrupted, cannot update");
exit(1);
}
/* all parts were checked by xfrd before commit */
if(!udb_zone_search(nsd->db->udb, &z, dname_name(apex),
apex->name_size)) {
/* create it */
if(!udb_zone_create(nsd->db->udb, &z, dname_name(apex),
apex->name_size)) {
/* out of disk space perhaps */
log_msg(LOG_ERR, "could not udb_create_zone "
"%s, disk space full?", zone_buf);
ixfr_store_free(ixfr_store);
return 0;
}
}
/* set the udb dirty until we are finished applying changes */
udb_base_set_userflags(nsd->db->udb, 1);
}
if(zone_is_ixfr_enabled(zone))
ixfr_store = ixfr_store_start(zone, &ixfr_store_mem);
/* read and apply all of the parts */
for(i=0; i<num_parts; i++) {
int ret;
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "processing xfr: apply part %d", (int)i));
ret = apply_ixfr(nsd->db, in, zone_buf, new_serial, opt,
ret = apply_ixfr(nsd, in, new_serial,
i, num_parts, &is_axfr, &delete_mode,
&rr_count, (nsd->db->udb?&z:NULL), &zonedb,
patname_buf, &num_bytes, &softfail, ixfr_store);
assert(zonedb);
&rr_count, zone,
&num_bytes, &softfail, ixfr_store);
if(ret == 0) {
log_msg(LOG_ERR, "bad ixfr packet part %d in diff file for %s", (int)i, zone_buf);
diff_update_commit(
@ -1451,8 +1377,6 @@ apply_ixfr_for_zone(nsd_type* nsd, zone_type* zonedb, FILE* in,
break;
}
}
if(nsd->db->udb)
udb_base_set_userflags(nsd->db->udb, 0);
/* read the final log_str: but do not fail on it */
if(!diff_read_str(in, log_buf, sizeof(log_buf))) {
log_msg(LOG_ERR, "could not read log for transfer %s",
@ -1460,32 +1384,21 @@ apply_ixfr_for_zone(nsd_type* nsd, zone_type* zonedb, FILE* in,
snprintf(log_buf, sizeof(log_buf), "error reading log");
}
#ifdef NSEC3
if(zonedb) prehash_zone(nsd->db, zonedb);
prehash_zone(nsd->db, zone);
#endif /* NSEC3 */
zonedb->is_changed = 1;
zonedb->is_updated = 1;
zonedb->is_checked = (committed == DIFF_VERIFIED);
if(nsd->db->udb) {
assert(z.base);
ZONE(&z)->is_changed = 1;
/* FIXME: need to set is_updated here? */
ZONE(&z)->mtime = time_end_0;
ZONE(&z)->mtime_nsec = time_end_1*1000;
udb_zone_set_log_str(nsd->db->udb, &z, log_buf);
udb_zone_set_file_str(nsd->db->udb, &z, NULL);
udb_ptr_unlink(&z, nsd->db->udb);
} else {
zonedb->mtime.tv_sec = time_end_0;
zonedb->mtime.tv_nsec = time_end_1*1000;
if(zonedb->logstr)
region_recycle(nsd->db->region, zonedb->logstr,
strlen(zonedb->logstr)+1);
zonedb->logstr = region_strdup(nsd->db->region, log_buf);
if(zonedb->filename)
region_recycle(nsd->db->region, zonedb->filename,
strlen(zonedb->filename)+1);
zonedb->filename = NULL;
}
zone->is_changed = 1;
zone->is_updated = 1;
zone->is_checked = (committed == DIFF_VERIFIED);
zone->mtime.tv_sec = time_end_0;
zone->mtime.tv_nsec = time_end_1*1000;
if(zone->logstr)
region_recycle(nsd->db->region, zone->logstr,
strlen(zone->logstr)+1);
zone->logstr = region_strdup(nsd->db->region, log_buf);
if(zone->filename)
region_recycle(nsd->db->region, zone->filename,
strlen(zone->filename)+1);
zone->filename = NULL;
if(softfail && taskudb && !is_axfr) {
log_msg(LOG_ERR, "Failed to apply IXFR cleanly "
"(deletes nonexistent RRs, adds existing RRs). "
@ -1513,9 +1426,31 @@ apply_ixfr_for_zone(nsd_type* nsd, zone_type* zonedb, FILE* in,
return 1;
}
static void udb_task_walk_chunk(void* base, void* d, uint64_t s, udb_walk_relptr_cb* cb, void *arg)
{
struct task_list_d* p = (struct task_list_d*)d;
assert(s >= p->size);
(void)s;
(*cb)(base, &p->next, arg);
}
void udb_walkfunc(void* base, void* warg, uint8_t t, void* d, uint64_t s,
udb_walk_relptr_cb* cb, void *arg)
{
(void)warg;
switch(t) {
case udb_chunk_type_task:
udb_task_walk_chunk(base, d, s, cb, arg);
break;
default:
/* no rel ptrs */
break;
}
}
struct udb_base* task_file_create(const char* file)
{
return udb_base_create_new(file, &namedb_walkfunc, NULL);
return udb_base_create_new(file, &udb_walkfunc, NULL);
}
static int
@ -1703,26 +1638,6 @@ void task_new_set_verbosity(udb_base* udb, udb_ptr* last, int v)
udb_ptr_unlink(&e, udb);
}
#ifdef BIND8_STATS
void* task_new_stat_info(udb_base* udb, udb_ptr* last, struct nsdst* stat,
size_t child_count)
{
void* p;
udb_ptr e;
DEBUG(DEBUG_IPC,1, (LOG_INFO, "add task stat_info"));
if(!task_create_new_elem(udb, last, &e, sizeof(struct task_list_d)+
sizeof(*stat) + sizeof(stc_type)*child_count, NULL)) {
log_msg(LOG_ERR, "tasklist: out of space, cannot add stati");
return NULL;
}
TASKLIST(&e)->task_type = task_stat_info;
p = TASKLIST(&e)->zname;
memcpy(p, stat, sizeof(*stat));
udb_ptr_unlink(&e, udb);
return (char*)p + sizeof(*stat);
}
#endif /* BIND8_STATS */
void
task_new_add_zone(udb_base* udb, udb_ptr* last, const char* zone,
const char* pattern, unsigned zonestatid)
@ -1967,7 +1882,7 @@ task_process_set_verbosity(struct task_list_d* task)
}
static void
task_process_checkzones(struct nsd* nsd, udb_base* udb, udb_ptr* last_task,
task_process_checkzones(struct nsd* nsd, udb_base* taskudb, udb_ptr* last_task,
struct task_list_d* task)
{
/* on SIGHUP check if zone-text-files changed and if so,
@ -1976,10 +1891,10 @@ task_process_checkzones(struct nsd* nsd, udb_base* udb, udb_ptr* last_task,
struct zone_options* zo = zone_options_find(nsd->options,
task->zname);
if(zo)
namedb_check_zonefile(nsd, udb, last_task, zo);
namedb_check_zonefile(nsd, taskudb, last_task, zo);
} else {
/* check all zones */
namedb_check_zonefiles(nsd, nsd->options, udb, last_task);
namedb_check_zonefiles(nsd, nsd->options, taskudb, last_task);
}
}
@ -2041,14 +1956,6 @@ task_process_del_zone(struct nsd* nsd, struct task_list_d* task)
zone->nsec3_param = NULL;
#endif
delete_zone_rrs(nsd->db, zone);
if(nsd->db->udb) {
udb_ptr udbz;
if(udb_zone_search(nsd->db->udb, &udbz, dname_name(task->zname),
task->zname->name_size)) {
udb_zone_delete(nsd->db->udb, &udbz);
udb_ptr_unlink(&udbz, nsd->db->udb);
}
}
/* remove from zonetree, apex, soa */
zopt = zone->opts;

8
usr.sbin/nsd/difffile.h
View File

@ -59,12 +59,12 @@ void delete_zone_rrs(namedb_type* db, zone_type* zone);
int delete_RR(namedb_type* db, const dname_type* dname,
uint16_t type, uint16_t klass,
buffer_type* packet, size_t rdatalen, zone_type *zone,
region_type* temp_region, struct udb_ptr* udbz, int* softfail);
region_type* temp_region, int* softfail);
/* add an RR */
int add_RR(namedb_type* db, const dname_type* dname,
uint16_t type, uint16_t klass, uint32_t ttl,
buffer_type* packet, size_t rdatalen, zone_type *zone,
struct udb_ptr* udbz, int* softfail);
int* softfail);
enum soainfo_hint {
soainfo_ok,
@ -90,8 +90,6 @@ struct task_list_d {
task_write_zonefiles,
/** set verbosity */
task_set_verbosity,
/** statistic info */
task_stat_info,
/** add a zone */
task_add_zone,
/** delete zone */
@ -134,8 +132,6 @@ void task_clear(udb_base* udb);
void task_new_soainfo(udb_base* udb, udb_ptr* last, struct zone* z, enum soainfo_hint hint);
void task_new_expire(udb_base* udb, udb_ptr* last,
const struct dname* z, int expired);
void* task_new_stat_info(udb_base* udb, udb_ptr* last, struct nsdst* stat,
size_t child_count);
void task_new_check_zonefiles(udb_base* udb, udb_ptr* last,
const dname_type* zone);
void task_new_write_zonefiles(udb_base* udb, udb_ptr* last,

17
usr.sbin/nsd/dnstap/dnstap_collector.c
View File

@ -65,10 +65,24 @@ struct dt_collector* dt_collector_create(struct nsd* nsd)
int bufsz = buffer_capacity(dt_col->send_buffer);
sv[0] = -1; /* For receiving by parent (dnstap-collector) */
sv[1] = -1; /* For sending by child (server childs) */
if(socketpair(AF_UNIX, SOCK_DGRAM | SOCK_NONBLOCK, 0, sv) < 0) {
if(socketpair(AF_UNIX, SOCK_DGRAM
#ifdef SOCK_NONBLOCK
| SOCK_NONBLOCK
#endif
, 0, sv) < 0) {
error("dnstap_collector: cannot create communication channel: %s",
strerror(errno));
}
#ifndef SOCK_NONBLOCK
if (fcntl(sv[0], F_SETFL, O_NONBLOCK) == -1) {
log_msg(LOG_ERR, "dnstap_collector receive fd fcntl "
"failed: %s", strerror(errno));
}
if (fcntl(sv[1], F_SETFL, O_NONBLOCK) == -1) {
log_msg(LOG_ERR, "dnstap_collector send fd fcntl "
"failed: %s", strerror(errno));
}
#endif
if(setsockopt(sv[0], SOL_SOCKET, SO_RCVBUF, &bufsz, sizeof(bufsz))) {
log_msg(LOG_ERR, "setting dnstap_collector "
"receive buffer size failed: %s", strerror(errno));
@ -422,7 +436,6 @@ void dt_collector_start(struct dt_collector* dt_col, struct nsd* nsd)
#endif
udb_base_free_keep_mmap(nsd->task[0]);
udb_base_free_keep_mmap(nsd->task[1]);
namedb_close_udb(nsd->db); /* keeps mmap */
namedb_close(nsd->db);
dt_collector_run(dt_col, nsd);

69
usr.sbin/nsd/doc/ChangeLog
View File

@ -1,6 +1,73 @@
29 November 2023: Wouter
- Tag for 4.8.0rc1.
28 November 2023: Wouter
- Set up doc/RELNOTES for upcoming release.
- Fix unit test kill_from_pidfile function for nonexistent files
because the argument is evaluated before the test expression.
- Fix rr-test to also convert the contents of the just written output
file.
- Fix test set to remove -f nsd.db and rm nsd.db commands.
- Fix test set to remove difffile option.
27 November 2023: Jeroen
- Fix #14: Set timeout to 3s when servicing remaining TCP connections.
- Fix: Always instate write handler after reading queries from TCP.
- Answer first query on connections accepted just before reload.
27 November 2023: Wouter
- Merge #305: faster stats. Statistics can be gathered while a reload
is in progress.
27 November 2023: Willem
- Merge #302: Test package fixes. Correct Auxfiles, kill_from_pidfile
function and fix drop_updates, rr-test and xfr_update tests.
1 November 2023: Jeroen
- Remove on-disk database.
31 October 2023: Wouter
- Merge #301: improve the logging of ixfr fallbacks to axfr.
30 October 2023: Jeroen
- Fix processing of consolidated IXFRs.
30 October 2023: Wouter
- Fix for interprocess communication to set quit sync command from
main process explicitly.
3 October 2023: Wouter
- Merge #281: Proxy protocol. An implementation of PROXYv2 for NSD.
It can be configured with proxy-protocol-port: portnum with the
port number of the interface on which proxy traffic is handled.
The interface can support proxy traffic for UDP, TCP and TLS.
21 September 2023: Wouter
- Merge #295: Update e-mail addresses, add ref to support contracts
31 August 2023: Wouter
- Fix autoconf 2.69 warnings in configure.
14 July 2023: Wouter
- Merge #287: Update nsd.conf.5.in.
11 July 2023: Wouter
- Fix unused variable warning in unit test of udb.
22 June 2023: Wouter
- Fix #284: dnstap_collector.c: SOCK_NONBLOCK is not available on
Mac/Darwin.
7 June 2023: Wouter
- Merge #282: Improve nsd.conf man page.
- Fix unused but set variable warning.
- Fix #283: Compile failure in remote.c when --disable-bind8-stats
and --without-ssl are specified.
31 May 2023: Wouter
- Add missing items to doc/RELNOTES.
- Tag for 4.7.0rc1.
- Tag for 4.7.0rc1. It became release 4.7.0 on 7 june 2023. The code
repository continues with 4.7.1.
30 May 2023: Jeroen
- Fix #240: Prefix messages originating from verifier.

29
usr.sbin/nsd/doc/README
View File

@ -21,7 +21,7 @@
1.0 Introduction
This is NSD Name Server Daemon (NSD) version 4.7.0.
This is NSD Name Server Daemon (NSD) version 4.8.0.
The NLnet Labs Name Server Daemon (NSD) is an authoritative RFC compliant
DNS nameserver. It was first conceived to allow for more genetic
@ -57,7 +57,7 @@ and uses a simple configuration file 'nsd.conf'.
1.2 Quick build and install
Step 1: Unpack the source with gtar -xzvf nsd-4.7.0.tar.gz
Step 1: Unpack the source with gtar -xzvf nsd-4.8.0.tar.gz
Step 2: Create user nsd or any other unprivileged user of your
choice. In case of later make sure to use
@ -111,9 +111,9 @@ Step 11: If desired add 'nsd-control write' to your superuser crontab to
Use your favorite combination of tar and gnu zip to unpack the source,
for example
$ gtar -xzvf nsd-4.7.0.tar.gz
$ gtar -xzvf nsd-4.8.0.tar.gz
will unpack the source into the ./nsd-4.7.0 directory...
will unpack the source into the ./nsd-4.8.0 directory...
2.2 Configuring NSD
@ -194,10 +194,6 @@ addition to standard configure options, one may use the following:
Pathname to the NSD pidfile, default is platform specific,
mostly /var/run/nsd.pid
--with-dbfile=path
Pathname to the NSD database, default is /etc/nsd/nsd.db
--with-zonesdir=dir
NSD default location for master zone files, default /etc/nsd/
@ -875,7 +871,7 @@ offered through a mailing lists and the 'bugzilla' web interface.
If for any reason NLnet Labs would stop community support of NSD such
would be announced on our web pages at least two years in advance.
The community mailing list nsd-users@nlnetlabs.nl can be used to discuss
The community mailing list nsd-users@lists.NLnetLabs.nl can be used to discuss
issues with other users of NSD. Subscribe here
http://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
@ -885,9 +881,7 @@ community support is not sufficient and that support needs to be codified.
We therefore offer paid support contracts that come in 3 varieties.
More information about these support varieties can be found at
<url on support varieties on www.nlnetlabs.nl>
Alternatively you can contact mailto:nsd-support@nlnetlabs.nl .
https://nlnetlabs.nl/services/contracts/
Support goes two ways. By acquiring one of the support contracts you
also support NLnet Labs to continue to participate in the development
@ -896,11 +890,10 @@ the (IETF) standards process and by developing and maintaining
reference implementations of standards and tools to support operation
and deployment of new and existing Internet technology.
We are interested in our users and in the environment you use NSD. Please
drop us a mail when you use NSD. Indicate in what kind of operation you
deploy NSD and let us know what your positive and negative experiences are.
http://www.nlnetlabs.nl/nsd and mailto:nsd-info@nlnetlabs.nl
We are interested in our users and in the environment you use NSD. Please drop
us a mail when you use NSD at users@NLnetLabs.nl. Indicate in what kind of
operation you deploy NSD and let us know what your positive and negative
experiences are.
4.1 Your Support
@ -927,4 +920,4 @@ larger and regular donations please contact us at users@NLnetLabs.nl. Also
see http://www.nlnetlabs.nl/labs/contributors/.
$Id: README,v 1.6 2023/06/29 19:38:50 florian Exp $
$Id: README,v 1.7 2023/12/20 17:29:02 florian Exp $

37
usr.sbin/nsd/doc/RELNOTES
View File

@ -1,5 +1,42 @@
NSD RELEASE NOTES
4.8.0
================
FEATURES:
- Merge #281: Proxy protocol. An implementation of PROXYv2 for NSD.
It can be configured with proxy-protocol-port: portnum with the
port number of the interface on which proxy traffic is handled.
The interface can support proxy traffic for UDP, TCP and TLS.
- Merge #301: improve the logging of ixfr fallbacks to axfr.
- Merge #305: faster stats. Statistics can be gathered while a reload
is in progress.
BUG FIXES:
- Merge #282: Improve nsd.conf man page.
- Fix unused but set variable warning.
- Fix #283: Compile failure in remote.c when --disable-bind8-stats
and --without-ssl are specified.
- Fix #284: dnstap_collector.c: SOCK_NONBLOCK is not available on
Mac/Darwin.
- Fix unused variable warning in unit test of udb.
- Merge #287: Update nsd.conf.5.in.
- Fix autoconf 2.69 warnings in configure.
- Merge #295: Update e-mail addresses, add ref to support contracts
- Fix for interprocess communication to set quit sync command from
main process explicitly.
- Fix processing of consolidated IXFRs.
- Remove on-disk database.
- Answer first query for connections accepted just before reload.
- Fix: Always instate write handler after reading a query over TCP.
- Fix #14: Set timeout to 3s when servicing remaining TCP connections.
- Merge #302: Test package fixes. Correct Auxfiles, kill_from_pidfile
function and fix drop_updates, rr-test and xfr_update tests.
- Fix unit test kill_from_pidfile function for nonexistent files
because the argument is evaluated before the test expression.
- Fix rr-test to also convert the contents of the just written output
file.
- Fix test set to remove -f nsd.db and rm nsd.db commands.
- Fix test set to remove difffile option.
4.7.0
================
FEATURES:

16
usr.sbin/nsd/edns.c
View File

@ -270,15 +270,15 @@ void cookie_verify(query_type *q, struct nsd* nsd, uint32_t *now_p) {
memcpy(hash2verify, q->edns.cookie + 16, 8);
#ifdef INET6
if(q->addr.ss_family == AF_INET6) {
memcpy(q->edns.cookie + 16, &((struct sockaddr_in6 *)&q->addr)->sin6_addr, 16);
if(q->client_addr.ss_family == AF_INET6) {
memcpy(q->edns.cookie + 16, &((struct sockaddr_in6 *)&q->client_addr)->sin6_addr, 16);
verify_size = 32;
} else {
memcpy(q->edns.cookie + 16, &((struct sockaddr_in *)&q->addr)->sin_addr, 4);
memcpy(q->edns.cookie + 16, &((struct sockaddr_in *)&q->client_addr)->sin_addr, 4);
verify_size = 20;
}
#else
memcpy( q->edns.cookie + 16, &q->addr.sin_addr, 4);
memcpy( q->edns.cookie + 16, &q->client_addr.sin_addr, 4);
verify_size = 20;
#endif
@ -323,17 +323,17 @@ void cookie_create(query_type *q, struct nsd* nsd, uint32_t *now_p)
q->edns.cookie[14] = (now_uint32 & 0x0000FF00) >> 8;
q->edns.cookie[15] = now_uint32 & 0x000000FF;
#ifdef INET6
if (q->addr.ss_family == AF_INET6) {
if (q->client_addr.ss_family == AF_INET6) {
memcpy( q->edns.cookie + 16
, &((struct sockaddr_in6 *)&q->addr)->sin6_addr, 16);
, &((struct sockaddr_in6 *)&q->client_addr)->sin6_addr, 16);
siphash(q->edns.cookie, 32, nsd->cookie_secrets[0].cookie_secret, hash, 8);
} else {
memcpy( q->edns.cookie + 16
, &((struct sockaddr_in *)&q->addr)->sin_addr, 4);
, &((struct sockaddr_in *)&q->client_addr)->sin_addr, 4);
siphash(q->edns.cookie, 20, nsd->cookie_secrets[0].cookie_secret, hash, 8);
}
#else
memcpy( q->edns.cookie + 16, &q->addr.sin_addr, 4);
memcpy( q->edns.cookie + 16, &q->client_addr.sin_addr, 4);
siphash(q->edns.cookie, 20, nsd->cookie_secrets[0].cookie_secret, hash, 8);
#endif
memcpy(q->edns.cookie + 16, hash, 8);

43
usr.sbin/nsd/ipc.c
View File

@ -95,20 +95,6 @@ child_handle_parent_command(int fd, short event, void* arg)
}
ipc_child_quit(data->nsd);
break;
case NSD_QUIT_WITH_STATS:
#ifdef BIND8_STATS
DEBUG(DEBUG_IPC, 2, (LOG_INFO, "quit QUIT_WITH_STATS"));
/* reply with ack and stats and then quit */
if(!write_socket(fd, &mode, sizeof(mode))) {
log_msg(LOG_ERR, "cannot write quitwst to parent");
}
if(!write_socket(fd, &data->nsd->st, sizeof(data->nsd->st))) {
log_msg(LOG_ERR, "cannot write stats to parent");
}
fsync(fd);
#endif /* BIND8_STATS */
ipc_child_quit(data->nsd);
break;
default:
log_msg(LOG_ERR, "handle_parent_command: bad mode %d",
(int) mode);
@ -208,11 +194,7 @@ debug_print_fwd_name(int ATTR_UNUSED(len), buffer_type* packet, int acl_num)
static void
send_quit_to_child(struct main_ipc_handler_data* data, int fd)
{
#ifdef BIND8_STATS
sig_atomic_t cmd = NSD_QUIT_WITH_STATS;
#else
sig_atomic_t cmd = NSD_QUIT;
#endif
if(write(fd, &cmd, sizeof(cmd)) == -1) {
if(errno == EAGAIN || errno == EINTR)
return; /* try again later */
@ -320,26 +302,6 @@ stats_subtract(struct nsdst* total, struct nsdst* s)
total->nona -= s->nona;
total->rixfr -= s->rixfr;
}
#define FINAL_STATS_TIMEOUT 10 /* seconds */
static void
read_child_stats(struct nsd* nsd, struct nsd_child* child, int fd)
{
struct nsdst s;
errno=0;
if(block_read(nsd, fd, &s, sizeof(s), FINAL_STATS_TIMEOUT)!=sizeof(s)) {
log_msg(LOG_ERR, "problems reading finalstats from server "
"%d: %s", (int)child->pid, strerror(errno));
} else {
stats_add(&nsd->st, &s);
child->query_count = s.qudp + s.qudp6 + s.ctcp + s.ctcp6
+ s.ctls + s.ctls6;
/* we know that the child is going to close the connection
* now (this is an ACK of the QUIT_W_STATS so we know the
* child is done, no longer sending e.g. NOTIFY contents) */
child_is_done(nsd, fd);
}
}
#endif /* BIND8_STATS */
void
@ -475,11 +437,6 @@ parent_handle_child_command(netio_type *ATTR_UNUSED(netio),
case NSD_QUIT:
data->nsd->mode = mode;
break;
#ifdef BIND8_STATS
case NSD_QUIT_WITH_STATS:
read_child_stats(data->nsd, data->child, handler->fd);
break;
#endif /* BIND8_STATS */
case NSD_STATS:
data->nsd->signal_hint_stats = 1;
break;

76
usr.sbin/nsd/ixfr.c
View File

@ -820,6 +820,8 @@ query_state_type query_ixfr(struct nsd *nsd, struct query *query)
/* we have no ixfr information for the zone, make an AXFR */
if(query->tsig_prepare_it)
query->tsig_sign_it = 1;
VERBOSITY(2, (LOG_INFO, "ixfr fallback to axfr, no ixfr info for zone: %s",
dname_to_string(query->qname, NULL)));
return query_axfr(nsd, query, 0);
}
ixfr_data = zone_ixfr_find_serial(zone->ixfr, qserial);
@ -827,6 +829,8 @@ query_state_type query_ixfr(struct nsd *nsd, struct query *query)
/* the specific version is not available, make an AXFR */
if(query->tsig_prepare_it)
query->tsig_sign_it = 1;
VERBOSITY(2, (LOG_INFO, "ixfr fallback to axfr, no history for serial for zone: %s",
dname_to_string(query->qname, NULL)));
return query_axfr(nsd, query, 0);
}
/* see if the IXFRs connect to the next IXFR, and if it ends
@ -835,6 +839,8 @@ query_state_type query_ixfr(struct nsd *nsd, struct query *query)
end_serial != current_serial) {
if(query->tsig_prepare_it)
query->tsig_sign_it = 1;
VERBOSITY(2, (LOG_INFO, "ixfr fallback to axfr, incomplete history from this serial for zone: %s",
dname_to_string(query->qname, NULL)));
return query_axfr(nsd, query, 0);
}
@ -942,15 +948,12 @@ size_t ixfr_data_size(struct ixfr_data* data)
}
struct ixfr_store* ixfr_store_start(struct zone* zone,
struct ixfr_store* ixfr_store_mem, uint32_t old_serial,
uint32_t new_serial)
struct ixfr_store* ixfr_store_mem)
{
struct ixfr_store* ixfr_store = ixfr_store_mem;
memset(ixfr_store, 0, sizeof(*ixfr_store));
ixfr_store->zone = zone;
ixfr_store->data = xalloc_zero(sizeof(*ixfr_store->data));
ixfr_store->data->oldserial = old_serial;
ixfr_store->data->newserial = new_serial;
return ixfr_store;
}
@ -1139,12 +1142,12 @@ static void store_soa(uint8_t* soa, struct zone* zone, uint32_t ttl,
write_uint32(sp, minimum);
}
void ixfr_store_add_newsoa(struct ixfr_store* ixfr_store,
struct buffer* packet, size_t ttlpos)
void ixfr_store_add_newsoa(struct ixfr_store* ixfr_store, uint32_t ttl,
struct buffer* packet, size_t rrlen)
{
size_t oldpos, sz = 0;
uint32_t ttl, serial, refresh, retry, expire, minimum;
uint16_t rdlen_uncompressed, rdlen_wire;
uint32_t serial, refresh, retry, expire, minimum;
uint16_t rdlen_uncompressed;
int primns_len = 0, email_len = 0;
uint8_t primns[MAXDOMAINLEN + 1], email[MAXDOMAINLEN + 1];
@ -1156,24 +1159,11 @@ void ixfr_store_add_newsoa(struct ixfr_store* ixfr_store,
ixfr_store->data->newsoa_len = 0;
}
oldpos = buffer_position(packet);
buffer_set_position(packet, ttlpos);
/* calculate the length */
sz = domain_dname(ixfr_store->zone->apex)->name_size;
sz += 2 /* type */ + 2 /* class */;
/* read ttl */
if(!buffer_available(packet, 4/*ttl*/+2/*rdlen*/)) {
/* not possible already parsed, but fail nicely anyway */
log_msg(LOG_ERR, "ixfr_store: not enough space in packet");
ixfr_store_cancel(ixfr_store);
buffer_set_position(packet, oldpos);
return;
}
ttl = buffer_read_u32(packet);
sz += 4;
rdlen_wire = buffer_read_u16(packet);
sz += 2;
if(!buffer_available(packet, rdlen_wire)) {
sz += 2 /* type */ + 2 /* class */ + 4 /* ttl */ + 2 /* rdlen */;
if(!buffer_available(packet, rrlen)) {
/* not possible already parsed, but fail nicely anyway */
log_msg(LOG_ERR, "ixfr_store: not enough rdata space in packet");
ixfr_store_cancel(ixfr_store);
@ -1189,6 +1179,8 @@ void ixfr_store_add_newsoa(struct ixfr_store* ixfr_store,
}
rdlen_uncompressed = primns_len + email_len + 4 + 4 + 4 + 4 + 4;
ixfr_store->data->newserial = serial;
/* store the soa record */
ixfr_store->data->newsoa = xalloc(sz);
ixfr_store->data->newsoa_len = sz;
@ -1241,6 +1233,8 @@ void ixfr_store_add_oldsoa(struct ixfr_store* ixfr_store, uint32_t ttl,
}
rdlen_uncompressed = primns_len + email_len + 4 + 4 + 4 + 4 + 4;
ixfr_store->data->oldserial = serial;
/* store the soa record */
ixfr_store->data->oldsoa = xalloc(sz);
ixfr_store->data->oldsoa_len = sz;
@ -1385,8 +1379,13 @@ int ixfr_store_add_newsoa_rdatas(struct ixfr_store* ixfr_store,
uint32_t ttl, rdata_atom_type* rdatas, ssize_t rdata_num)
{
size_t capacity = 0;
uint32_t serial;
if(ixfr_store->cancelled)
return 1;
if(rdata_num < 2 || rdata_atom_size(rdatas[2]) < 4)
return 0;
memcpy(&serial, rdata_atom_data(rdatas[2]), sizeof(serial));
ixfr_store->data->newserial = ntohl(serial);
if(!ixfr_putrr(dname, type, klass, ttl, rdatas, rdata_num,
&ixfr_store->data->newsoa, &ixfr_store->data->newsoa_len,
&ixfr_store->add_capacity))
@ -1443,6 +1442,23 @@ int ixfr_store_delrr_uncompressed(struct ixfr_store* ixfr_store,
&ixfr_store->data->del_len, &ixfr_store->del_capacity);
}
static size_t skip_dname(uint8_t* rdata, size_t rdata_len)
{
for (size_t index=0; index < rdata_len; ) {
uint8_t label_size = rdata[index];
if (label_size == 0) {
return index + 1;
} else if ((label_size & 0xc0) != 0) {
return (index + 1 < rdata_len) ? index + 2 : 0;
} else {
/* loop breaks if index exceeds rdata_len */
index += label_size + 1;
}
}
return 0;
}
int ixfr_store_oldsoa_uncompressed(struct ixfr_store* ixfr_store,
uint8_t* dname, size_t dname_len, uint16_t type, uint16_t klass,
uint32_t ttl, uint8_t* rdata, size_t rdata_len)
@ -1454,6 +1470,20 @@ int ixfr_store_oldsoa_uncompressed(struct ixfr_store* ixfr_store,
ttl, rdata, rdata_len, &ixfr_store->data->oldsoa,
&ixfr_store->data->oldsoa_len, &capacity))
return 0;
{
uint32_t serial;
size_t index, count = 0;
if (!(count = skip_dname(rdata, rdata_len)))
return 0;
index = count;
if (!(count = skip_dname(rdata+index, rdata_len-index)))
return 0;
index += count;
if (rdata_len - index < 4)
return 0;
memcpy(&serial, rdata+index, sizeof(serial));
ixfr_store->data->oldserial = ntohl(serial);
}
ixfr_trim_capacity(&ixfr_store->data->oldsoa,
&ixfr_store->data->oldsoa_len, &capacity);
return 1;

12
usr.sbin/nsd/ixfr.h
View File

@ -133,8 +133,7 @@ struct ixfr_store {
* IXFR with this serial number. The NULL is on error.
*/
struct ixfr_store* ixfr_store_start(struct zone* zone,
struct ixfr_store* ixfr_store_mem, uint32_t old_serial,
uint32_t new_serial);
struct ixfr_store* ixfr_store_mem);
/*
* Cancel the ixfr store in progress. The pointer remains valid, no store done.
@ -163,14 +162,13 @@ void ixfr_store_finish_data(struct ixfr_store* ixfr_store);
/*
* Add the new SOA record to the ixfr store.
* ixfr_store: stores ixfr data that is collected.
* ttl: the TTL of the SOA record
* packet: DNS packet that contains the SOA. position restored on function
* exit.
* ttlpos: position, just before the ttl, rdatalen, rdata of the SOA record.
* we do not need to pass the name, because that is the zone name, or
* the type or class of the record, because we already know.
* rrlen: wire rdata length of the SOA.
*/
void ixfr_store_add_newsoa(struct ixfr_store* ixfr_store,
struct buffer* packet, size_t ttlpos);
void ixfr_store_add_newsoa(struct ixfr_store* ixfr_store, uint32_t ttl,
struct buffer* packet, size_t rrlen);
/*
* Add the old SOA record to the ixfr store.

3
usr.sbin/nsd/ixfrcreate.c
View File

@ -945,8 +945,7 @@ static int ixfr_perform_init(struct ixfr_create* ixfrcr, struct zone* zone,
return 0;
}
ixfrcr->new_serial = zone_get_current_serial(zone);
*store = ixfr_store_start(zone, store_mem, ixfrcr->old_serial,
ixfrcr->new_serial);
*store = ixfr_store_start(zone, store_mem);
if(!ixfr_create_store_newsoa(*store, zone)) {
fclose(*spool);
ixfr_store_free(*store);

9
usr.sbin/nsd/namedb.h
View File

@ -329,7 +329,6 @@ struct namedb
region_type* region;
domain_table_type* domains;
struct radtree* zonetree;
struct udb_base* udb;
/* the timestamp on the ixfr.db file */
struct timeval diff_timestamp;
/* if diff_skip=1, diff_pos contains the nsd.diff place to continue */
@ -369,12 +368,7 @@ zone_type *namedb_find_zone(namedb_type *db, const dname_type *dname);
*/
void domain_table_deldomain(namedb_type* db, domain_type* domain);
/** dbcreate.c */
int udb_write_rr(struct udb_base* udb, struct udb_ptr* z, rr_type* rr);
void udb_del_rr(struct udb_base* udb, struct udb_ptr* z, rr_type* rr);
int write_zone_to_udb(struct udb_base* udb, zone_type* zone,
struct timespec* mtime, const char* file_str);
int print_rrs(FILE* out, struct zone* zone);
/** marshal rdata into buffer, must be MAX_RDLENGTH in size */
size_t rr_marshal_rdata(rr_type* rr, uint8_t* rdata, size_t sz);
@ -384,8 +378,7 @@ int namedb_lookup (struct namedb* db,
domain_type **closest_match,
domain_type **closest_encloser);
/* pass number of children (to alloc in dirty array */
struct namedb *namedb_open(const char *filename, struct nsd_options* opt);
void namedb_close_udb(struct namedb* db);
struct namedb *namedb_open(struct nsd_options* opt);
void namedb_close(struct namedb* db);
/* free ixfr data stored for zones */
void namedb_free_ixfr(struct namedb* db);

2
usr.sbin/nsd/nsd-checkconf.8.in
View File

@ -1,4 +1,4 @@
.TH "nsd\-checkconf" "8" "Jun 7, 2023" "NLnet Labs" "nsd 4.7.0"
.TH "nsd\-checkconf" "8" "Dec 6, 2023" "NLnet Labs" "nsd 4.8.0"
.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"

18
usr.sbin/nsd/nsd-checkconf.c
View File

@ -420,7 +420,6 @@ config_print_zone(nsd_options_type* opt, const char* k, int s, const char *o,
SERV_GET_BIN(tcp_reject_overflow, o);
SERV_GET_BIN(log_only_syslog, o);
/* str */
SERV_GET_PATH(final, database, o);
SERV_GET_STR(identity, o);
SERV_GET_STR(version, o);
SERV_GET_STR(nsid, o);
@ -503,6 +502,12 @@ config_print_zone(nsd_options_type* opt, const char* k, int s, const char *o,
quote(p->pname);
return;
}
if(strcasecmp(o, "proxy_protocol_port") == 0) {
struct proxy_protocol_port_list* p;
for(p = opt->proxy_protocol_port; p; p = p->next)
printf("%d\n", p->port);
return;
}
printf("Server option not handled: %s\n", o);
exit(1);
}
@ -606,7 +611,6 @@ config_test_print_server(nsd_options_type* opt)
printf("\tdrop-updates: %s\n", opt->drop_updates?"yes":"no");
printf("\ttcp-reject-overflow: %s\n",
opt->tcp_reject_overflow ? "yes" : "no");
print_string_var("database:", opt->database);
print_string_var("identity:", opt->identity);
print_string_var("version:", opt->version);
print_string_var("nsid:", opt->nsid);
@ -700,6 +704,11 @@ config_test_print_server(nsd_options_type* opt)
print_string_var("cookie-secret:", opt->cookie_secret);
if (opt->cookie_secret_file)
print_string_var("cookie-secret-file:", opt->cookie_secret_file);
if(opt->proxy_protocol_port) {
struct proxy_protocol_port_list* p;
for(p = opt->proxy_protocol_port; p; p = p->next)
printf("\tproxy-protocol-port: %d\n", p->port);
}
#ifdef USE_DNSTAP
printf("\ndnstap:\n");
@ -853,11 +862,6 @@ additional_checks(nsd_options_type* opt, const char* filename)
filename, opt->pidfile, opt->chroot);
errors ++;
}
if (!file_inside_chroot(opt->database, opt->chroot)) {
fprintf(stderr, "%s: database %s is not relative to chroot %s.\n",
filename, opt->database, opt->chroot);
errors ++;
}
if (!file_inside_chroot(opt->xfrdfile, opt->chroot)) {
fprintf(stderr, "%s: xfrdfile %s is not relative to chroot %s.\n",
filename, opt->xfrdfile, opt->chroot);

2
usr.sbin/nsd/nsd-checkzone.8.in
View File

@ -1,4 +1,4 @@
.TH "nsd\-checkzone" "8" "Jun 7, 2023" "NLnet Labs" "nsd 4.7.0"
.TH "nsd\-checkzone" "8" "Dec 6, 2023" "NLnet Labs" "nsd 4.8.0"
.\" Copyright (c) 2014, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"

2
usr.sbin/nsd/nsd-checkzone.c
View File

@ -54,7 +54,7 @@ check_zone(struct nsd* nsd, const char* name, const char* fname, FILE *out,
struct ixfr_create* ixfrcr = NULL;
/* init*/
nsd->db = namedb_open("", nsd->options);
nsd->db = namedb_open(nsd->options);
dname = dname_parse(nsd->options->region, name);
if(!dname) {
/* parse failure */

2
usr.sbin/nsd/nsd-control.8.in
View File

@ -1,4 +1,4 @@
.TH "nsd\-control" "8" "Jun 7, 2023" "NLnet Labs" "nsd 4.7.0"
.TH "nsd\-control" "8" "Dec 6, 2023" "NLnet Labs" "nsd 4.8.0"
.\" Copyright (c) 2011, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"

49
usr.sbin/nsd/nsd-mem.c
View File

@ -21,8 +21,7 @@
#include "tsig.h"
#include "options.h"
#include "namedb.h"
#include "udb.h"
#include "udbzone.h"
#include "difffile.h"
#include "util.h"
struct nsd nsd;
@ -45,10 +44,6 @@ struct zone_mem {
size_t data;
/* unused space (in db.region) due to alignment */
size_t data_unused;
/* udb data allocated */
size_t udb_data;
/* udb overhead (chunk2**x - data) */
size_t udb_overhead;
/* count of number of domains */
size_t domaincount;
@ -60,10 +55,6 @@ struct tot_mem {
size_t data;
/* unused space (in db.region) due to alignment */
size_t data_unused;
/* udb data allocated */
size_t udb_data;
/* udb overhead (chunk2**x - data) */
size_t udb_overhead;
/* count of number of domains */
size_t domaincount;
@ -81,8 +72,6 @@ struct tot_mem {
/* total ram usage */
size_t ram;
/* total nsd.db disk usage */
size_t disk;
};
static void
@ -90,11 +79,6 @@ account_zone(struct namedb* db, struct zone_mem* zmem)
{
zmem->data = region_get_mem(db->region);
zmem->data_unused = region_get_mem_unused(db->region);
if(db->udb) {
zmem->udb_data = (size_t)db->udb->alloc->disk->stat_data;
zmem->udb_overhead = (size_t)(db->udb->alloc->disk->stat_alloc -
db->udb->alloc->disk->stat_data);
}
zmem->domaincount = domain_table_count(db->domains);
}
@ -119,8 +103,6 @@ print_zone_mem(struct zone_mem* z)
{
pretty_mem(z->data, "zone data");
pretty_mem(z->data_unused, "zone unused space (due to alignment)");
pretty_mem(z->udb_data, "data in nsd.db");
pretty_mem(z->udb_overhead, "overhead in nsd.db");
}
static void
@ -143,7 +125,6 @@ account_total(struct nsd_options* opt, struct tot_mem* t)
#ifdef RATELIMIT
t->ram += t->rrl;
#endif
t->disk = t->udb_data + t->udb_overhead;
}
static void
@ -158,12 +139,9 @@ print_tot_mem(struct tot_mem* t)
#ifdef RATELIMIT
pretty_mem(t->rrl, "RRL table (depends on servercount)");
#endif
pretty_mem(t->udb_data, "data in nsd.db");
pretty_mem(t->udb_overhead, "overhead in nsd.db");
printf("\nsummary\n");
pretty_mem(t->ram, "ram usage (excl space for buffers)");
pretty_mem(t->disk, "disk usage (excl 12% space claimed for growth)");
}
static void
@ -171,13 +149,11 @@ add_mem(struct tot_mem* t, struct zone_mem* z)
{
t->data += z->data;
t->data_unused += z->data_unused;
t->udb_data += z->udb_data;
t->udb_overhead += z->udb_overhead;
t->domaincount += z->domaincount;
}
static void
check_zone_mem(const char* tf, const char* df, struct zone_options* zo,
check_zone_mem(const char* tf, struct zone_options* zo,
struct nsd_options* opt, struct tot_mem* totmem)
{
struct nsd nsd;
@ -193,10 +169,10 @@ check_zone_mem(const char* tf, const char* df, struct zone_options* zo,
/* init*/
memset(&zmem, 0, sizeof(zmem));
memset(&nsd, 0, sizeof(nsd));
nsd.db = db = namedb_open(df, opt);
if(!db) error("cannot open %s: %s", df, strerror(errno));
nsd.db = db = namedb_open(opt);
if(!db) error("cannot open namedb");
zone = namedb_zone_create(db, dname, zo);
taskudb = udb_base_create_new(tf, &namedb_walkfunc, NULL);
taskudb = task_file_create(tf);
udb_ptr_init(&last_task, taskudb);
/* read the zone */
@ -211,7 +187,6 @@ check_zone_mem(const char* tf, const char* df, struct zone_options* zo,
/* delete the zone from memory */
namedb_close(db);
udb_base_free(taskudb);
unlink(df);
unlink(tf);
/* add up totals */
@ -224,30 +199,18 @@ check_mem(struct nsd_options* opt)
struct tot_mem totmem;
struct zone_options* zo;
char tf[512];
char df[512];
memset(&totmem, 0, sizeof(totmem));
snprintf(tf, sizeof(tf), "./nsd-mem-task-%u.db", (unsigned)getpid());
if(opt->database == NULL || opt->database[0] == 0)
df[0] = 0;
else snprintf(df, sizeof(df), "./nsd-mem-db-%u.db", (unsigned)getpid());
/* read all zones and account memory */
RBTREE_FOR(zo, struct zone_options*, opt->zone_options) {
check_zone_mem(tf, df, zo, opt, &totmem);
check_zone_mem(tf, zo, opt, &totmem);
}
/* calculate more total statistics */
account_total(opt, &totmem);
/* print statistics */
print_tot_mem(&totmem);
/* final advice */
if(opt->database != NULL && opt->database[0] != 0) {
printf("\nFinal advice estimate:\n");
printf("(The partial mmap causes reload&AXFR to take longer(disk access))\n");
pretty_mem(totmem.ram + totmem.disk, "data and big mmap");
pretty_mem(totmem.ram + totmem.disk/6, "data and partial mmap");
}
}
/* dummy functions to link */

19
usr.sbin/nsd/nsd.8.in
View File

@ -1,9 +1,9 @@
.TH "NSD" "8" "Jun 7, 2023" "NLnet Labs" "NSD 4.7.0"
.TH "NSD" "8" "Dec 6, 2023" "NLnet Labs" "NSD 4.8.0"
.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
.B nsd
\- Name Server Daemon (NSD) version 4.7.0.
\- Name Server Daemon (NSD) version 4.8.0.
.SH "SYNOPSIS"
.B nsd
.RB [ \-4 ]
@ -111,16 +111,6 @@ For format description see nsd.conf(5).
.B \-d
Do not fork, stay in the foreground.
.TP
.B \-f\fI database
Use the specified
.I database
instead of the default of
.IR '@dbfile@' .
If a
.B zonesdir:
is specified in the config file this path can be relative to that
directory.
.TP
.B \-h
Print help information and exit.
.TP
@ -224,11 +214,6 @@ SIGUSR1
Dump BIND8\-style statistics into the log. Ignored otherwise.
.SH "FILES"
.TP
"@dbfile@"
default
.B NSD
database
.TP
@pidfile@
the process id of the name server.
.TP

Some files were not shown because too many files have changed in this diff Show More