SecBSD
/
src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync

This commit is contained in:
purplerain 2023-06-30 10:13:54 +00:00
parent 91df569df5
commit f1b2576417
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
79 changed files with 1435 additions and 523 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lib/libc/stdlib/malloc.3
View File

@ -30,9 +30,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $OpenBSD: malloc.3,v 1.135 2023/06/23 05:26:45 otto Exp $
.\" $OpenBSD: malloc.3,v 1.136 2023/06/30 06:24:58 otto Exp $
.\"
.Dd $Mdocdate: June 23 2023 $
.Dd $Mdocdate: June 30 2023 $
.Dt MALLOC 3
.Os
.Sh NAME
@ -294,6 +294,17 @@ To record the dump:
To view the leak report:
.Pp
.Dl $ kdump -u malloc ...
.Pp
By default, the immediate caller of a
.Nm
function will be recorded.
Use malloc options
.Cm 2
or
.Cm 3
to record the caller one or two stack frames deeper instead.
These malloc options imply
.Cm D .
.It Cm F
.Dq Freecheck .
Enable more extensive double free and use after free detection.
@ -813,3 +824,14 @@ and
.Fn realloc
to avoid these problems on
.Ox .
.Pp
The mechanism to record caller functions when using malloc options
.Cm 2
or
.Cm 3
is not guaranteed to work for all platforms, compilers or compilation
options,
and might even crash your program.
Use
.Em only
for debugging purposes.

57
lib/libc/stdlib/malloc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: malloc.c,v 1.288 2023/06/23 05:26:45 otto Exp $ */
/* $OpenBSD: malloc.c,v 1.289 2023/06/30 06:24:58 otto Exp $ */
/*
* Copyright (c) 2008, 2010, 2011, 2016, 2023 Otto Moerbeek <otto@drijf.net>
* Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
@ -255,7 +255,37 @@ void malloc_dump(void);
PROTO_NORMAL(malloc_dump);
static void malloc_exit(void);
#endif
#define CALLER (DO_STATS ? __builtin_return_address(0) : NULL)
#if defined(__aarch64__) || \
defined(__amd64__) || \
defined(__arm__)
static inline void* caller(void)
{
void *p;
switch (DO_STATS) {
case 0:
default:
return NULL;
case 1:
p = __builtin_return_address(0);
break;
case 2:
p = __builtin_return_address(1);
break;
case 3:
p = __builtin_return_address(2);
break;
}
return __builtin_extract_return_addr(p);
}
#else
static inline void* caller(void)
{
return DO_STATS == 0 ? NULL :
__builtin_extract_return_addr(__builtin_return_address(0));
}
#endif
/* low bits of r->p determine size: 0 means >= page size and r->size holding
* real size, otherwise low bits is the bucket + 1
@ -365,8 +395,15 @@ omalloc_parseopt(char opt)
mopts.malloc_stats = 0;
break;
case 'D':
case '1':
mopts.malloc_stats = 1;
break;
case '2':
mopts.malloc_stats = 2;
break;
case '3':
mopts.malloc_stats = 3;
break;
#endif /* MALLOC_STATS */
case 'f':
mopts.malloc_freecheck = 0;
@ -1436,7 +1473,7 @@ malloc(size_t size)
int saved_errno = errno;
PROLOGUE(getpool(), "malloc")
r = omalloc(d, size, 0, CALLER);
r = omalloc(d, size, 0, caller());
EPILOGUE()
return r;
}
@ -1450,7 +1487,7 @@ malloc_conceal(size_t size)
int saved_errno = errno;
PROLOGUE(mopts.malloc_pool[0], "malloc_conceal")
r = omalloc(d, size, 0, CALLER);
r = omalloc(d, size, 0, caller());
EPILOGUE()
return r;
}
@ -1860,7 +1897,7 @@ realloc(void *ptr, size_t size)
int saved_errno = errno;
PROLOGUE(getpool(), "realloc")
r = orealloc(&d, ptr, size, CALLER);
r = orealloc(&d, ptr, size, caller());
EPILOGUE()
return r;
}
@ -1891,7 +1928,7 @@ calloc(size_t nmemb, size_t size)
}
size *= nmemb;
r = omalloc(d, size, 1, CALLER);
r = omalloc(d, size, 1, caller());
EPILOGUE()
return r;
}
@ -1916,7 +1953,7 @@ calloc_conceal(size_t nmemb, size_t size)
}
size *= nmemb;
r = omalloc(d, size, 1, CALLER);
r = omalloc(d, size, 1, caller());
EPILOGUE()
return r;
}
@ -2072,7 +2109,7 @@ recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size)
oldsize = oldnmemb * size;
}
r = orecallocarray(&d, ptr, oldsize, newsize, CALLER);
r = orecallocarray(&d, ptr, oldsize, newsize, caller());
EPILOGUE()
return r;
}
@ -2204,7 +2241,7 @@ posix_memalign(void **memptr, size_t alignment, size_t size)
malloc_recurse(d);
goto err;
}
r = omemalign(d, alignment, size, 0, CALLER);
r = omemalign(d, alignment, size, 0, caller());
d->active--;
_MALLOC_UNLOCK(d->mutex);
if (r == NULL) {
@ -2242,7 +2279,7 @@ aligned_alloc(size_t alignment, size_t size)
}
PROLOGUE(getpool(), "aligned_alloc")
r = omemalign(d, alignment, size, 0, CALLER);
r = omemalign(d, alignment, size, 0, caller());
EPILOGUE()
return r;
}

11
sbin/disklabel/editor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: editor.c,v 1.412 2023/06/28 12:12:48 krw Exp $ */
/* $OpenBSD: editor.c,v 1.413 2023/06/29 20:10:11 krw Exp $ */
/*
* Copyright (c) 1997-2000 Todd C. Miller <millert@openbsd.org>
@ -677,11 +677,12 @@ allocate_space(struct disklabel *lp, const struct alloc_table *alloc_table)
mpfree(mountpoints, KEEP);
for (i = 0; i < alloc_table->sz; i++) {
if (sa[i].rate < 100) {
if (sa[i].rate == 100)
maxsz = sa[i].minsz + xtrablks;
else
maxsz = sa[i].minsz + (xtrablks / 100) * sa[i].rate;
if (maxsz < sa[i].maxsz)
sa[i].maxsz = maxsz;
}
if (maxsz < sa[i].maxsz)
sa[i].maxsz = maxsz;
if (allocate_partition(lp, &sa[i])) {
mpfree(mountpoints, KEEP);
return 1;

25
sys/dev/acpi/acpi.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: acpi.c,v 1.420 2023/03/15 13:01:40 kettenis Exp $ */
/* $OpenBSD: acpi.c,v 1.421 2023/06/29 20:58:08 dv Exp $ */
/*
* Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
* Copyright (c) 2005 Jordan Hargrave <jordan@openbsd.org>
@ -2264,7 +2264,7 @@ acpi_enable_wakegpes(struct acpi_softc *sc, int state)
dnprintf(10, "%.4s(S%d) gpe %.2x\n", wentry->q_node->name,
wentry->q_state,
wentry->q_gpe);
if (state <= wentry->q_state)
if (wentry->q_enabled && state <= wentry->q_state)
acpi_enable_onegpe(sc, wentry->q_gpe);
}
}
@ -2354,11 +2354,32 @@ acpi_foundprw(struct aml_node *node, void *arg)
wq->q_gpe = wq->q_wakepkg->v_package[0]->v_integer;
if (wq->q_wakepkg->v_package[1]->type == AML_OBJTYPE_INTEGER)
wq->q_state = wq->q_wakepkg->v_package[1]->v_integer;
wq->q_enabled = 0;
}
SIMPLEQ_INSERT_TAIL(&sc->sc_wakedevs, wq, q_next);
return 0;
}
int
acpi_toggle_wakedev(struct acpi_softc *sc, struct aml_node *node, int enable)
{
struct acpi_wakeq *wentry;
int ret = -1;
SIMPLEQ_FOREACH(wentry, &sc->sc_wakedevs, q_next) {
if (wentry->q_node == node) {
wentry->q_enabled = enable ? 1 : 0;
dnprintf(10, "%.4s(S%d) gpe %.2x %sabled\n",
wentry->q_node->name, wentry->q_state,
wentry->q_gpe, enable ? "en" : "dis");
ret = 0;
break;
}
}
return ret;
}
struct gpe_block *
acpi_find_gpe(struct acpi_softc *sc, int gpe)
{

13
sys/dev/acpi/acpibtn.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: acpibtn.c,v 1.50 2023/04/03 13:38:18 millert Exp $ */
/* $OpenBSD: acpibtn.c,v 1.51 2023/06/29 20:58:08 dv Exp $ */
/*
* Copyright (c) 2005 Marco Peereboom <marco@openbsd.org>
*
@ -168,7 +168,7 @@ acpibtn_attach(struct device *parent, struct device *self, void *aux)
sc->sc_acpi = (struct acpi_softc *)parent;
sc->sc_devnode = aa->aaa_node;
printf(": %s\n", sc->sc_devnode->name);
printf(": %s", sc->sc_devnode->name);
if (aml_evalinteger(sc->sc_acpi, sc->sc_devnode, "_STA", 0, NULL, &st))
st = STA_PRESENT | STA_ENABLED | STA_DEV_OK;
@ -203,6 +203,15 @@ acpibtn_attach(struct device *parent, struct device *self, void *aux)
sc->sc_sens.value = lid_open;
}
/* Enable any related GPEs for wake. */
if (acpi_toggle_wakedev(sc->sc_acpi, sc->sc_devnode, 1) == 0) {
#ifdef SUSPEND
device_register_wakeup(self);
printf("(wakeup)");
#endif /* SUSPEND */
}
printf("\n");
aml_register_notify(sc->sc_devnode, aa->aaa_dev, acpibtn_notify,
sc, ACPIDEV_NOPOLL);
}

5
sys/dev/acpi/acpivar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: acpivar.h,v 1.122 2022/09/13 17:14:54 kettenis Exp $ */
/* $OpenBSD: acpivar.h,v 1.123 2023/06/29 20:58:08 dv Exp $ */
/*
* Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
*
@ -105,6 +105,7 @@ struct acpi_wakeq {
struct aml_value *q_wakepkg;
int q_gpe;
int q_state;
int q_enabled;
};
#if NACPIPWRRES > 0
@ -415,6 +416,8 @@ struct acpi_q *acpi_maptable(struct acpi_softc *sc, paddr_t,
bus_dma_tag_t acpi_iommu_device_map(struct aml_node *, bus_dma_tag_t);
int acpi_toggle_wakedev(struct acpi_softc *, struct aml_node *, int);
#endif
#endif /* !_ACPI_WAKECODE */

4
sys/kern/uipc_socket.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: uipc_socket.c,v 1.303 2023/04/28 12:53:42 bluhm Exp $ */
/* $OpenBSD: uipc_socket.c,v 1.304 2023/06/30 11:52:11 mvs Exp $ */
/* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */
/*
@ -406,7 +406,7 @@ drop:
while (so->so_newconn > 0) {
so->so_state |= SS_NEWCONN_WAIT;
sosleep_nsec(so, &so->so_newconn, PSOCK,
"netlck", INFSLP);
"newcon", INFSLP);
}
}

4
sys/net/pf_if.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pf_if.c,v 1.110 2023/05/18 14:11:18 kn Exp $ */
/* $OpenBSD: pf_if.c,v 1.111 2023/06/30 09:58:30 mvs Exp $ */
/*
* Copyright 2005 Henning Brauer <henning@openbsd.org>
@ -92,7 +92,7 @@ RB_PROTOTYPE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare);
RB_GENERATE(pfi_ifhead, pfi_kif, pfik_tree, pfi_if_compare);
#define PFI_BUFFER_MAX 0x10000
#define PFI_MTYPE M_IFADDR
#define PFI_MTYPE M_PF
struct pfi_kif *
pfi_kif_alloc(const char *kif_name, int mflags)

136
sys/net/pf_ioctl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pf_ioctl.c,v 1.410 2023/06/28 21:33:35 sashan Exp $ */
/* $OpenBSD: pf_ioctl.c,v 1.411 2023/06/30 09:58:30 mvs Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@ -661,7 +661,7 @@ pf_create_queues(void)
if (ifp == NULL)
continue;
qif = malloc(sizeof(*qif), M_TEMP, M_WAITOK);
qif = malloc(sizeof(*qif), M_PF, M_WAITOK);
qif->ifp = ifp;
if (q->flags & PFQS_ROOTCLASS) {
@ -716,7 +716,7 @@ pf_create_queues(void)
ifp = qif->ifp;
ifq_attach(&ifp->if_snd, qif->ifqops, qif->disc);
free(qif, M_TEMP, sizeof(*qif));
free(qif, M_PF, sizeof(*qif));
}
return (0);
@ -727,7 +727,7 @@ error:
list = qif->next;
qif->pfqops->pfq_free(qif->disc);
free(qif, M_TEMP, sizeof(*qif));
free(qif, M_PF, sizeof(*qif));
}
return (error);
@ -2486,8 +2486,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
error = ENODEV;
goto fail;
}
ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK);
table = malloc(sizeof(*table), M_TEMP, M_WAITOK);
ioe = malloc(sizeof(*ioe), M_PF, M_WAITOK);
table = malloc(sizeof(*table), M_PF, M_WAITOK);
NET_LOCK();
PF_LOCK();
pf_default_rule_new = pf_default_rule;
@ -2496,15 +2496,15 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
memset(&pf_trans_set, 0, sizeof(pf_trans_set));
for (i = 0; i < io->size; i++) {
if (copyin(io->array+i, ioe, sizeof(*ioe))) {
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EFAULT;
goto fail;
}
if (strnlen(ioe->anchor, sizeof(ioe->anchor)) ==
sizeof(ioe->anchor)) {
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = ENAMETOOLONG;
goto fail;
}
@ -2519,8 +2519,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
&ioe->ticket, NULL, 0))) {
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
goto fail;
}
break;
@ -2529,30 +2529,30 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
ioe->anchor))) {
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
goto fail;
}
break;
default:
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EINVAL;
goto fail;
}
PF_UNLOCK();
NET_UNLOCK();
if (copyout(ioe, io->array+i, sizeof(io->array[i]))) {
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EFAULT;
goto fail;
}
}
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
break;
}
@ -2566,19 +2566,19 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
error = ENODEV;
goto fail;
}
ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK);
table = malloc(sizeof(*table), M_TEMP, M_WAITOK);
ioe = malloc(sizeof(*ioe), M_PF, M_WAITOK);
table = malloc(sizeof(*table), M_PF, M_WAITOK);
for (i = 0; i < io->size; i++) {
if (copyin(io->array+i, ioe, sizeof(*ioe))) {
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EFAULT;
goto fail;
}
if (strnlen(ioe->anchor, sizeof(ioe->anchor)) ==
sizeof(ioe->anchor)) {
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = ENAMETOOLONG;
goto fail;
}
@ -2593,8 +2593,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
ioe->ticket, NULL, 0))) {
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
goto fail; /* really bad */
}
break;
@ -2604,16 +2604,16 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
default:
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EINVAL;
goto fail; /* really bad */
}
PF_UNLOCK();
NET_UNLOCK();
}
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
break;
}
@ -2628,20 +2628,20 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
error = ENODEV;
goto fail;
}
ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK);
table = malloc(sizeof(*table), M_TEMP, M_WAITOK);
ioe = malloc(sizeof(*ioe), M_PF, M_WAITOK);
table = malloc(sizeof(*table), M_PF, M_WAITOK);
/* first makes sure everything will succeed */
for (i = 0; i < io->size; i++) {
if (copyin(io->array+i, ioe, sizeof(*ioe))) {
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EFAULT;
goto fail;
}
if (strnlen(ioe->anchor, sizeof(ioe->anchor)) ==
sizeof(ioe->anchor)) {
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = ENAMETOOLONG;
goto fail;
}
@ -2654,8 +2654,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
rs->tticket) {
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EBUSY;
goto fail;
}
@ -2668,8 +2668,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
ioe->ticket) {
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EBUSY;
goto fail;
}
@ -2677,8 +2677,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
default:
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EINVAL;
goto fail;
}
@ -2697,8 +2697,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
pf_pool_limits[i].limit_new) {
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EBUSY;
goto fail;
}
@ -2708,15 +2708,15 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
PF_UNLOCK();
NET_UNLOCK();
if (copyin(io->array+i, ioe, sizeof(*ioe))) {
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EFAULT;
goto fail;
}
if (strnlen(ioe->anchor, sizeof(ioe->anchor)) ==
sizeof(ioe->anchor)) {
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = ENAMETOOLONG;
goto fail;
}
@ -2731,8 +2731,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
NULL, NULL, 0))) {
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
goto fail; /* really bad */
}
break;
@ -2741,16 +2741,16 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
ioe->anchor))) {
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
goto fail; /* really bad */
}
break;
default:
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EINVAL;
goto fail; /* really bad */
}
@ -2762,8 +2762,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
pf_pool_limits[i].limit_new, NULL, 0) != 0) {
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
error = EBUSY;
goto fail; /* really bad */
}
@ -2782,8 +2782,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
pf_trans_set_commit();
PF_UNLOCK();
NET_UNLOCK();
free(table, M_TEMP, sizeof(*table));
free(ioe, M_TEMP, sizeof(*ioe));
free(table, M_PF, sizeof(*table));
free(ioe, M_PF, sizeof(*ioe));
break;
}
@ -2793,7 +2793,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
u_int32_t nr = 0;
size_t space = psn->psn_len;
pstore = malloc(sizeof(*pstore), M_TEMP, M_WAITOK);
pstore = malloc(sizeof(*pstore), M_PF, M_WAITOK);
NET_LOCK();
PF_LOCK();
@ -2803,7 +2803,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
psn->psn_len = sizeof(struct pf_src_node) * nr;
PF_UNLOCK();
NET_UNLOCK();
free(pstore, M_TEMP, sizeof(*pstore));
free(pstore, M_PF, sizeof(*pstore));
goto fail;
}
@ -2838,7 +2838,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
if (error) {
PF_UNLOCK();
NET_UNLOCK();
free(pstore, M_TEMP, sizeof(*pstore));
free(pstore, M_PF, sizeof(*pstore));
goto fail;
}
p++;
@ -2848,7 +2848,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
PF_UNLOCK();
NET_UNLOCK();
free(pstore, M_TEMP, sizeof(*pstore));
free(pstore, M_PF, sizeof(*pstore));
break;
}
@ -2941,7 +2941,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
}
if ((kif_buf = mallocarray(sizeof(*kif_buf), apfiio_size,
M_TEMP, M_WAITOK|M_CANFAIL)) == NULL) {
M_PF, M_WAITOK|M_CANFAIL)) == NULL) {
error = EINVAL;
goto fail;
}
@ -2954,7 +2954,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
if (copyout(kif_buf, io->pfiio_buffer, sizeof(*kif_buf) *
io->pfiio_size))
error = EFAULT;
free(kif_buf, M_TEMP, sizeof(*kif_buf) * apfiio_size);
free(kif_buf, M_PF, sizeof(*kif_buf) * apfiio_size);
break;
}
@ -3264,7 +3264,7 @@ pf_open_trans(uint32_t unit)
rw_assert_wrlock(&pfioctl_rw);
t = malloc(sizeof(*t), M_TEMP, M_WAITOK|M_ZERO);
t = malloc(sizeof(*t), M_PF, M_WAITOK|M_ZERO);
t->pft_unit = unit;
t->pft_ticket = ticket++;
@ -3320,7 +3320,7 @@ pf_free_trans(struct pf_trans *t)
log(LOG_ERR, "%s unknown transaction type: %d\n",
__func__, t->pft_type);
}
free(t, M_TEMP, sizeof(*t));
free(t, M_PF, sizeof(*t));
}
void

6
sys/net/pf_ruleset.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pf_ruleset.c,v 1.20 2023/04/28 14:08:38 sashan Exp $ */
/* $OpenBSD: pf_ruleset.c,v 1.21 2023/06/30 09:58:30 mvs Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@ -57,8 +57,8 @@
#ifdef _KERNEL
#define rs_malloc(x) malloc(x, M_TEMP, M_WAITOK|M_CANFAIL|M_ZERO)
#define rs_free(x, siz) free(x, M_TEMP, siz)
#define rs_malloc(x) malloc(x, M_PF, M_WAITOK|M_CANFAIL|M_ZERO)
#define rs_free(x, siz) free(x, M_PF, siz)
#define rs_pool_get_anchor() pool_get(&pf_anchor_pl, \
PR_WAITOK|PR_LIMITFAIL|PR_ZERO)
#define rs_pool_put_anchor(x) pool_put(&pf_anchor_pl, x)

6
sys/sys/malloc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: malloc.h,v 1.123 2023/06/27 21:02:13 mvs Exp $ */
/* $OpenBSD: malloc.h,v 1.124 2023/06/30 09:58:30 mvs Exp $ */
/* $NetBSD: malloc.h,v 1.39 1998/07/12 19:52:01 augustss Exp $ */
/*
@ -68,7 +68,7 @@
/* 3 - free */
#define M_PCB 4 /* protocol control block */
#define M_RTABLE 5 /* routing tables */
/* 6 - free */
#define M_PF 6 /* packet filter structures */
/* 7 - free */
/* 8 - free */
#define M_IFADDR 9 /* interface address */
@ -186,7 +186,7 @@
NULL, \
"pcb", /* 4 M_PCB */ \
"rtable", /* 5 M_RTABLE */ \
NULL, /* 6 */ \
"pf", /* 6 M_PF */ \
NULL, \
NULL, \
"ifaddr", /* 9 M_IFADDR */ \

5
usr.bin/tmux/cmd-resize-window.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cmd-resize-window.c,v 1.9 2021/08/27 17:15:57 nicm Exp $ */
/* $OpenBSD: cmd-resize-window.c,v 1.10 2023/06/30 13:19:32 nicm Exp $ */
/*
* Copyright (c) 2018 Nicholas Marriott <nicholas.marriott@gmail.com>
@ -53,8 +53,7 @@ cmd_resize_window_exec(struct cmd *self, struct cmdq_item *item)
struct session *s = target->s;
const char *errstr;
char *cause;
u_int adjust, sx, sy;
int xpixel = -1, ypixel = -1;
u_int adjust, sx, sy, xpixel = 0, ypixel = 0;
if (args_count(args) == 0)
adjust = 1;

4
usr.bin/tmux/format.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: format.c,v 1.313 2023/05/19 07:46:34 nicm Exp $ */
/* $OpenBSD: format.c,v 1.314 2023/06/30 13:19:32 nicm Exp $ */
/*
* Copyright (c) 2011 Nicholas Marriott <nicholas.marriott@gmail.com>
@ -3813,7 +3813,7 @@ format_build_modifiers(struct format_expand_state *es, const char **s,
argc = 0;
/* Single argument with no wrapper character. */
if (!ispunct(cp[1]) || cp[1] == '-') {
if (!ispunct((u_char)cp[1]) || cp[1] == '-') {
end = format_skip(cp + 1, ":;");
if (end == NULL)
break;

4
usr.bin/tmux/hyperlinks.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: hyperlinks.c,v 1.2 2022/07/06 07:36:36 nicm Exp $ */
/* $OpenBSD: hyperlinks.c,v 1.3 2023/06/30 13:19:32 nicm Exp $ */
/*
* Copyright (c) 2021 Will <author@will.party>
@ -43,7 +43,7 @@
#define MAX_HYPERLINKS 5000
static uint64_t hyperlinks_next_external_id = 1;
static long long hyperlinks_next_external_id = 1;
static u_int global_hyperlinks_count;
struct hyperlinks_uri {

6
usr.bin/tmux/input.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: input.c,v 1.215 2023/06/25 15:53:07 nicm Exp $ */
/* $OpenBSD: input.c,v 1.216 2023/06/30 13:19:32 nicm Exp $ */
/*
* Copyright (c) 2007 Nicholas Marriott <nicholas.marriott@gmail.com>
@ -2842,9 +2842,11 @@ input_reply_clipboard(struct bufferevent *bev, const char *buf, size_t len,
const char *end)
{
char *out = NULL;
size_t outlen = 0;
int outlen = 0;
if (buf != NULL && len != 0) {
if (len >= ((size_t)INT_MAX * 3 / 4) - 1)
return;
outlen = 4 * ((len + 2) / 3) + 1;
out = xmalloc(outlen);
if ((outlen = b64_ntop(buf, len, out, outlen)) == -1) {

6
usr.bin/tmux/notify.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: notify.c,v 1.43 2022/10/28 13:00:02 nicm Exp $ */
/* $OpenBSD: notify.c,v 1.44 2023/06/30 13:19:32 nicm Exp $ */
/*
* Copyright (c) 2012 George Nachman <tmux@georgester.com>
@ -194,7 +194,7 @@ notify_add(const char *name, struct cmd_find_state *fs, struct client *c,
ne->client = c;
ne->session = s;
ne->window = w;
ne->pane = (wp != NULL ? wp->id : -1);
ne->pane = (wp != NULL ? (int)wp->id : -1);
ne->pbname = (pbname != NULL ? xstrdup(pbname) : NULL);
ne->formats = format_create(NULL, NULL, 0, FORMAT_NOJOBS);
@ -241,7 +241,7 @@ notify_hook(struct cmdq_item *item, const char *name)
ne.client = cmdq_get_client(item);
ne.session = target->s;
ne.window = target->w;
ne.pane = (target->wp != NULL ? target->wp->id : -1);
ne.pane = (target->wp != NULL ? (int)target->wp->id : -1);
ne.formats = format_create(NULL, NULL, 0, FORMAT_NOJOBS);
format_add(ne.formats, "hook", "%s", name);

4
usr.bin/tmux/tty-keys.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tty-keys.c,v 1.166 2023/04/17 17:57:35 nicm Exp $ */
/* $OpenBSD: tty-keys.c,v 1.167 2023/06/30 13:19:32 nicm Exp $ */
/*
* Copyright (c) 2007 Nicholas Marriott <nicholas.marriott@gmail.com>
@ -1160,7 +1160,7 @@ tty_keys_clipboard(struct tty *tty, const char *buf, size_t len, size_t *size)
{
struct client *c = tty->client;
struct window_pane *wp;
size_t end, terminator, needed;
size_t end, terminator = 0, needed;
char *copy, *out;
int outlen;
u_int i;

6
usr.bin/tmux/tty-term.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tty-term.c,v 1.98 2023/04/28 05:59:35 nicm Exp $ */
/* $OpenBSD: tty-term.c,v 1.99 2023/06/30 13:19:32 nicm Exp $ */
/*
* Copyright (c) 2008 Nicholas Marriott <nicholas.marriott@gmail.com>
@ -709,7 +709,7 @@ tty_term_read_list(const char *name, int fd, char ***caps, u_int *ncaps,
s = tmp;
break;
case TTYCODE_FLAG:
n = tigetflag((char *) ent->name);
n = tigetflag((char *)ent->name);
if (n == -1)
continue;
if (n)
@ -717,6 +717,8 @@ tty_term_read_list(const char *name, int fd, char ***caps, u_int *ncaps,
else
s = "0";
break;
default:
fatalx("unknown capability type");
}
*caps = xreallocarray(*caps, (*ncaps) + 1, sizeof **caps);
xasprintf(&(*caps)[*ncaps], "%s=%s", ent->name, s);

6
usr.sbin/btrace/bt.5
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: bt.5,v 1.15 2023/06/27 14:13:33 claudio Exp $
.\" $OpenBSD: bt.5,v 1.16 2023/06/30 13:31:37 jsg Exp $
.\"
.\" Copyright (c) 2019 Martin Pieuchot <mpi@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: June 27 2023 $
.Dd $Mdocdate: June 30 2023 $
.Dt BT 5
.Os
.Sh NAME
@ -167,7 +167,7 @@ Set all values from
to 0.
.El
.Pp
The following functions only work on a sepcific map entry.
The following functions only work on a specific map entry.
.Bl -tag -width "lhist(value, min, max, step)"
.It "@map[key]" = Fn count
Increase the stored value for

5
usr.sbin/nsd/Makefile.bsd-wrapper
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.bsd-wrapper,v 1.19 2021/06/30 11:50:22 deraadt Exp $
# $OpenBSD: Makefile.bsd-wrapper,v 1.20 2023/06/29 19:38:49 florian Exp $
.include <bsd.own.mk>
@ -21,8 +21,7 @@ CONFIGURE_OPTS= --prefix=/usr \
--with-xfrdir=${CHROOTDIR}/run/xfr \
--with-xfrdfile=${CHROOTDIR}/run/xfrd.state \
--with-libevent=/usr \
--enable-ratelimit \
--enable-root-server
--enable-ratelimit
PROG= nsd nsd-checkconf nsd-checkzone nsd-control

344
usr.sbin/nsd/Makefile.in
View File

@ -356,6 +356,15 @@ configlexer.c: $(srcdir)/configlexer.lex
configparser.c configparser.h: $(srcdir)/configparser.y
$(YACC) -d -p c_ -o configparser.c $(srcdir)/configparser.y
# for build to run flex and bison before compiling code that needs the headers
configlexer.o: configlexer.c config.h configparser.h
configparser.o: configparser.c config.h configparser.h
options.o: $(srcdir)/options.c config.h configparser.h
zlexer.o: zlexer.c config.h zparser.h
zparser.o: zparser.c config.h zparser.h
dns.o: $(srcdir)/dns.c config.h zparser.h
zonec.o: $(srcdir)/zonec.c config.h zparser.h
# dnstap
dnstap.o: $(srcdir)/dnstap/dnstap.c config.h dnstap/dnstap_config.h \
dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h $(srcdir)/dnstap/dnstap.h \
@ -367,7 +376,7 @@ dnstap_collector.o: $(srcdir)/dnstap/dnstap_collector.c config.h \
$(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/region-allocator.h \
$(srcdir)/buffer.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h \
$(srcdir)/options.h
$(srcdir)/options.h $(srcdir)/remote.h
dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto
@-if test ! -d dnstap; then $(INSTALL) -d dnstap; fi
$(PROTOC_C) --c_out=. --proto_path=$(srcdir) $(srcdir)/dnstap/dnstap.proto
@ -414,134 +423,159 @@ depend:
rm -f $(DEPEND_TMP) $(DEPEND_TMP2)
# Dependencies
answer.o: $(srcdir)/answer.c config.h $(srcdir)/answer.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/query.h $(srcdir)/nsd.h \
$(srcdir)/edns.h $(srcdir)/tsig.h
ixfr.o: $(srcdir)/ixfr.c config.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/rdata.h $(srcdir)/axfr.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/nsd.h $(srcdir)/tsig.h $(srcdir)/dns.h $(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/buffer.h $(srcdir)/util.h
ixfrcreate.o: $(srcdir)/ixfrcreate.c config.h $(srcdir)/ixfrcreate.h $(srcdir)/namedb.h $(srcdir)/ixfr.h $(srcdir)/options.h $(srcdir)/dname.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/buffer.h $(srcdir)/util.h
axfr.o: $(srcdir)/axfr.c config.h $(srcdir)/axfr.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/rbtree.h \
$(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/options.h $(srcdir)/ixfr.h
buffer.o: $(srcdir)/buffer.c config.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h
answer.o: $(srcdir)/answer.c config.h $(srcdir)/answer.h $(srcdir)/dns.h $(srcdir)/namedb.h \
$(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h \
$(srcdir)/query.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/tsig.h
axfr.o: $(srcdir)/axfr.c config.h $(srcdir)/axfr.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/options.h $(srcdir)/ixfr.h
bitset.o: $(srcdir)/bitset.c config.h $(srcdir)/bitset.h
buffer.o: $(srcdir)/buffer.c config.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \
$(srcdir)/util.h
configlexer.o: configlexer.c config.h $(srcdir)/options.h \
$(srcdir)/region-allocator.h $(srcdir)/rbtree.h configparser.h
configparser.o: configparser.c config.h $(srcdir)/options.h $(srcdir)/region-allocator.h \
$(srcdir)/rbtree.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/tsig.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dns.h \
$(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h
dbaccess.o: $(srcdir)/dbaccess.c config.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/options.h $(srcdir)/rdata.h $(srcdir)/udb.h \
$(srcdir)/udbradtree.h $(srcdir)/udbzone.h $(srcdir)/zonec.h $(srcdir)/nsec3.h $(srcdir)/difffile.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/ixfr.h $(srcdir)/ixfrcreate.h
configparser.o: configparser.c config.h $(srcdir)/options.h \
$(srcdir)/region-allocator.h $(srcdir)/rbtree.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/tsig.h $(srcdir)/rrl.h $(srcdir)/query.h \
$(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h configparser.h
dbaccess.o: $(srcdir)/dbaccess.c config.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/options.h $(srcdir)/rdata.h \
$(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/udbzone.h $(srcdir)/zonec.h $(srcdir)/nsec3.h $(srcdir)/difffile.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/bitset.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/ixfrcreate.h
dbcreate.o: $(srcdir)/dbcreate.c config.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/udb.h $(srcdir)/udbradtree.h \
$(srcdir)/udbzone.h $(srcdir)/options.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/ixfr.h
difffile.o: $(srcdir)/difffile.c config.h $(srcdir)/difffile.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h \
$(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/udb.h \
$(srcdir)/xfrd-disk.h $(srcdir)/packet.h $(srcdir)/rdata.h $(srcdir)/udbzone.h $(srcdir)/udbradtree.h $(srcdir)/nsec3.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/tsig.h $(srcdir)/ixfr.h $(srcdir)/zonec.h
dname.o: $(srcdir)/dname.c config.h $(srcdir)/dns.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \
$(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h $(srcdir)/tsig.h
dns.o: $(srcdir)/dns.c config.h $(srcdir)/dns.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h zparser.h
edns.o: $(srcdir)/edns.c config.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h \
$(srcdir)/nsd.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/tsig.h
ipc.o: $(srcdir)/ipc.c config.h $(srcdir)/ipc.h $(srcdir)/netio.h $(srcdir)/region-allocator.h $(srcdir)/buffer.h $(srcdir)/util.h \
$(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h \
$(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/xfrd-notify.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/rrl.h $(srcdir)/query.h \
$(srcdir)/packet.h
iterated_hash.o: $(srcdir)/iterated_hash.c config.h $(srcdir)/iterated_hash.h
$(srcdir)/udbzone.h $(srcdir)/options.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/tsig.h
difffile.o: $(srcdir)/difffile.c config.h $(srcdir)/difffile.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h \
$(srcdir)/options.h $(srcdir)/udb.h $(srcdir)/xfrd-disk.h $(srcdir)/packet.h $(srcdir)/rdata.h $(srcdir)/udbzone.h $(srcdir)/udbradtree.h \
$(srcdir)/nsec3.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/tsig.h $(srcdir)/ixfr.h $(srcdir)/zonec.h
dname.o: $(srcdir)/dname.c config.h $(srcdir)/dns.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h \
$(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h
dns.o: $(srcdir)/dns.c config.h $(srcdir)/dns.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h zparser.h
edns.o: $(srcdir)/edns.c config.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/bitset.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/tsig.h
ipc.o: $(srcdir)/ipc.c config.h $(srcdir)/ipc.h $(srcdir)/netio.h $(srcdir)/region-allocator.h \
$(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/xfrd-notify.h \
$(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/packet.h
iterated_hash.o: $(srcdir)/iterated_hash.c config.h $(srcdir)/iterated_hash.h \
$(srcdir)/util.h
ixfr.o: $(srcdir)/ixfr.c config.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/rdata.h $(srcdir)/axfr.h $(srcdir)/options.h $(srcdir)/zonec.h
ixfrcreate.o: $(srcdir)/ixfrcreate.c config.h $(srcdir)/ixfrcreate.h $(srcdir)/dns.h \
$(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h \
$(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/options.h
lookup3.o: $(srcdir)/lookup3.c config.h $(srcdir)/lookup3.h
mini_event.o: $(srcdir)/mini_event.c config.h
namedb.o: $(srcdir)/namedb.c config.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \
$(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsec3.h
netio.o: $(srcdir)/netio.c config.h $(srcdir)/netio.h $(srcdir)/region-allocator.h $(srcdir)/util.h
nsd.o: $(srcdir)/nsd.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \
$(srcdir)/util.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/tsig.h $(srcdir)/dname.h $(srcdir)/remote.h $(srcdir)/xfrd-disk.h \
$(srcdir)/dnstap/dnstap_collector.h
mini_event.o: $(srcdir)/mini_event.c config.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h
namedb.o: $(srcdir)/namedb.c config.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsec3.h
netio.o: $(srcdir)/netio.c config.h $(srcdir)/netio.h $(srcdir)/region-allocator.h \
$(srcdir)/util.h
nsd.o: $(srcdir)/nsd.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/tsig.h $(srcdir)/dname.h \
$(srcdir)/remote.h $(srcdir)/xfrd-disk.h $(srcdir)/dnstap/dnstap_collector.h
nsd-checkconf.o: $(srcdir)/nsd-checkconf.c config.h $(srcdir)/tsig.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/rrl.h $(srcdir)/query.h \
$(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h
nsd-checkzone.o: $(srcdir)/nsd-checkzone.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/radtree.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/ixfrcreate.h $(srcdir)/difffile.h $(srcdir)/udb.h
nsd-control.o: $(srcdir)/nsd-control.c config.h $(srcdir)/util.h $(srcdir)/tsig.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/zonec.h
$(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h
nsd-checkzone.o: $(srcdir)/nsd-checkzone.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h \
$(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/options.h $(srcdir)/rbtree.h \
$(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/ixfr.h $(srcdir)/query.h $(srcdir)/packet.h $(srcdir)/tsig.h \
$(srcdir)/ixfrcreate.h $(srcdir)/difffile.h $(srcdir)/udb.h
nsd-control.o: $(srcdir)/nsd-control.c config.h $(srcdir)/util.h $(srcdir)/tsig.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/zonec.h $(srcdir)/namedb.h \
$(srcdir)/dns.h $(srcdir)/radtree.h
nsd-mem.o: $(srcdir)/nsd-mem.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/tsig.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h $(srcdir)/namedb.h \
$(srcdir)/radtree.h $(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/udbradtree.h
nsec3.o: $(srcdir)/nsec3.c config.h $(srcdir)/nsec3.h $(srcdir)/iterated_hash.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/answer.h $(srcdir)/packet.h $(srcdir)/query.h $(srcdir)/tsig.h $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/options.h
options.o: $(srcdir)/options.c config.h $(srcdir)/options.h $(srcdir)/region-allocator.h $(srcdir)/rbtree.h \
$(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/rrl.h configparser.h
packet.o: $(srcdir)/packet.c config.h $(srcdir)/packet.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/query.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/tsig.h \
$(srcdir)/rdata.h
popen3.o: $(srcdir)/popen3.c $(srcdir)/popen3.h
query.o: $(srcdir)/query.c config.h $(srcdir)/answer.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/query.h $(srcdir)/nsd.h \
$(srcdir)/edns.h $(srcdir)/tsig.h $(srcdir)/axfr.h $(srcdir)/options.h $(srcdir)/nsec3.h
radtree.o: $(srcdir)/radtree.c config.h $(srcdir)/radtree.h $(srcdir)/util.h $(srcdir)/region-allocator.h
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/tsig.h $(srcdir)/dname.h $(srcdir)/options.h $(srcdir)/rbtree.h \
$(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/udbradtree.h
nsec3.o: $(srcdir)/nsec3.c config.h $(srcdir)/nsec3.h $(srcdir)/iterated_hash.h \
$(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h \
$(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/answer.h $(srcdir)/packet.h $(srcdir)/query.h $(srcdir)/tsig.h \
$(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/options.h
options.o: $(srcdir)/options.c config.h $(srcdir)/options.h \
$(srcdir)/region-allocator.h $(srcdir)/rbtree.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h \
$(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/ixfr.h $(srcdir)/difffile.h \
$(srcdir)/udb.h $(srcdir)/rrl.h configparser.h
packet.o: $(srcdir)/packet.c config.h $(srcdir)/packet.h $(srcdir)/dns.h $(srcdir)/namedb.h \
$(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/query.h \
$(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/tsig.h $(srcdir)/rdata.h
popen3.o: $(srcdir)/popen3.c config.h $(srcdir)/popen3.h
query.o: $(srcdir)/query.c config.h $(srcdir)/answer.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/packet.h $(srcdir)/query.h \
$(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/tsig.h $(srcdir)/axfr.h $(srcdir)/options.h $(srcdir)/nsec3.h
radtree.o: $(srcdir)/radtree.c config.h $(srcdir)/radtree.h $(srcdir)/util.h \
$(srcdir)/region-allocator.h
rbtree.o: $(srcdir)/rbtree.c config.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h
rdata.o: $(srcdir)/rdata.c config.h $(srcdir)/rdata.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/zonec.h
region-allocator.o: $(srcdir)/region-allocator.c config.h $(srcdir)/region-allocator.h $(srcdir)/util.h
remote.o: $(srcdir)/remote.c config.h $(srcdir)/remote.h $(srcdir)/util.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h \
$(srcdir)/tsig.h $(srcdir)/xfrd-notify.h $(srcdir)/xfrd-tcp.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/ipc.h \
$(srcdir)/netio.h
rrl.o: $(srcdir)/rrl.c config.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h \
$(srcdir)/tsig.h $(srcdir)/lookup3.h $(srcdir)/options.h
server.o: $(srcdir)/server.c config.h $(srcdir)/axfr.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/rbtree.h \
$(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/netio.h $(srcdir)/xfrd.h $(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd-disk.h \
$(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/nsec3.h $(srcdir)/ipc.h $(srcdir)/remote.h $(srcdir)/lookup3.h $(srcdir)/dnstap/dnstap_collector.h $(srcdir)/rrl.h $(srcdir)/ixfr.h $(srcdir)/verify.h
rdata.o: $(srcdir)/rdata.c config.h $(srcdir)/rdata.h $(srcdir)/dns.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/zonec.h
region-allocator.o: $(srcdir)/region-allocator.c config.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h
remote.o: $(srcdir)/remote.c config.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h $(srcdir)/remote.h $(srcdir)/util.h $(srcdir)/xfrd.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/xfrd-notify.h $(srcdir)/xfrd-tcp.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/bitset.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/ipc.h $(srcdir)/netio.h
rrl.o: $(srcdir)/rrl.c config.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/lookup3.h $(srcdir)/options.h
server.o: $(srcdir)/server.c config.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h $(srcdir)/axfr.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/bitset.h \
$(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/netio.h $(srcdir)/xfrd.h \
$(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd-disk.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/nsec3.h $(srcdir)/ipc.h $(srcdir)/remote.h \
$(srcdir)/lookup3.h $(srcdir)/rrl.h $(srcdir)/ixfr.h $(srcdir)/dnstap/dnstap_collector.h $(srcdir)/verify.h
siphash.o: $(srcdir)/siphash.c
tsig.o: $(srcdir)/tsig.c config.h $(srcdir)/tsig.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h \
$(srcdir)/tsig-openssl.h $(srcdir)/dns.h $(srcdir)/packet.h $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/query.h $(srcdir)/nsd.h \
$(srcdir)/edns.h
tsig-openssl.o: $(srcdir)/tsig-openssl.c config.h $(srcdir)/tsig-openssl.h $(srcdir)/region-allocator.h \
$(srcdir)/tsig.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dname.h
tsig.o: $(srcdir)/tsig.c config.h $(srcdir)/tsig.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/tsig-openssl.h $(srcdir)/dns.h $(srcdir)/packet.h $(srcdir)/namedb.h \
$(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/query.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h
tsig-openssl.o: $(srcdir)/tsig-openssl.c config.h $(srcdir)/tsig-openssl.h \
$(srcdir)/region-allocator.h $(srcdir)/tsig.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dname.h
udb.o: $(srcdir)/udb.c config.h $(srcdir)/udb.h $(srcdir)/lookup3.h $(srcdir)/util.h
udbradtree.o: $(srcdir)/udbradtree.c config.h $(srcdir)/udbradtree.h $(srcdir)/udb.h $(srcdir)/radtree.h
udbzone.o: $(srcdir)/udbzone.c config.h $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/dns.h $(srcdir)/udbradtree.h $(srcdir)/util.h \
$(srcdir)/iterated_hash.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/difffile.h $(srcdir)/rbtree.h \
$(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/options.h
util.o: $(srcdir)/util.c config.h $(srcdir)/util.h $(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/zonec.h
bitset.o: $(srcdir)/bitset.c $(srcdir)/bitset.h
verify.o: $(srcdir)/verify.c config.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/util.h config.h $(srcdir)/dns.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/options.h $(srcdir)/difffile.h \
$(srcdir)/netio.h $(srcdir)/verify.h
xfrd.o: $(srcdir)/xfrd.c config.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h \
$(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/xfrd-tcp.h \
$(srcdir)/xfrd-disk.h $(srcdir)/xfrd-notify.h $(srcdir)/netio.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h $(srcdir)/rdata.h \
$(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/ipc.h $(srcdir)/remote.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/dnstap/dnstap_collector.h
xfrd-disk.o: $(srcdir)/xfrd-disk.c config.h $(srcdir)/xfrd-disk.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h \
udbradtree.o: $(srcdir)/udbradtree.c config.h $(srcdir)/udbradtree.h $(srcdir)/udb.h \
$(srcdir)/radtree.h
udbzone.o: $(srcdir)/udbzone.c config.h $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/dns.h \
$(srcdir)/udbradtree.h $(srcdir)/util.h $(srcdir)/iterated_hash.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \
$(srcdir)/difffile.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/radtree.h $(srcdir)/options.h
util.o: $(srcdir)/util.c config.h $(srcdir)/util.h $(srcdir)/region-allocator.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/zonec.h $(srcdir)/nsd.h $(srcdir)/edns.h \
$(srcdir)/bitset.h
verify.o: $(srcdir)/verify.c config.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h \
$(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h \
$(srcdir)/options.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/verify.h $(srcdir)/mini_event.h $(srcdir)/popen3.h
xfrd.o: $(srcdir)/xfrd.c config.h $(srcdir)/xfrd.h $(srcdir)/mini_event.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h \
$(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h
xfrd-notify.o: $(srcdir)/xfrd-notify.c config.h $(srcdir)/xfrd-notify.h $(srcdir)/tsig.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/rbtree.h $(srcdir)/xfrd.h $(srcdir)/namedb.h $(srcdir)/dns.h \
$(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/packet.h
xfrd-tcp.o: $(srcdir)/xfrd-tcp.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/packet.h $(srcdir)/xfrd-disk.h
xfr-inspect.o: $(srcdir)/xfr-inspect.c config.h $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/dns.h $(srcdir)/udbradtree.h \
$(srcdir)/util.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/packet.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h \
$(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/difffile.h $(srcdir)/options.h
zlexer.o: zlexer.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h zparser.h
zonec.o: $(srcdir)/zonec.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h zparser.h \
$(srcdir)/options.h $(srcdir)/nsec3.h
zparser.o: zparser.c config.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h \
$(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/zonec.h
$(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd-disk.h $(srcdir)/xfrd-notify.h $(srcdir)/netio.h $(srcdir)/nsd.h \
$(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/rdata.h $(srcdir)/difffile.h $(srcdir)/udb.h $(srcdir)/ipc.h $(srcdir)/remote.h $(srcdir)/rrl.h \
$(srcdir)/query.h $(srcdir)/dnstap/dnstap_collector.h
xfrd-disk.o: $(srcdir)/xfrd-disk.c config.h $(srcdir)/xfrd-disk.h $(srcdir)/xfrd.h \
$(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h
xfrd-notify.o: $(srcdir)/xfrd-notify.c config.h $(srcdir)/xfrd-notify.h \
$(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/tsig.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dname.h \
$(srcdir)/xfrd.h $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/packet.h
xfrd-tcp.o: $(srcdir)/xfrd-tcp.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h \
$(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h \
$(srcdir)/packet.h $(srcdir)/xfrd-disk.h
xfr-inspect.o: $(srcdir)/xfr-inspect.c config.h $(srcdir)/udbzone.h $(srcdir)/udb.h \
$(srcdir)/dns.h $(srcdir)/udbradtree.h $(srcdir)/util.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/packet.h $(srcdir)/namedb.h \
$(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/difffile.h $(srcdir)/options.h
zlexer.o: zlexer.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h zparser.h
zonec.o: $(srcdir)/zonec.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h \
zparser.h $(srcdir)/options.h $(srcdir)/nsec3.h
zparser.o: zparser.c config.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/namedb.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/zonec.h \
zparser.h
b64_ntop.o: $(srcdir)/compat/b64_ntop.c config.h
b64_pton.o: $(srcdir)/compat/b64_pton.c config.h
basename.o: $(srcdir)/compat/basename.c
fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h
cpuset.o: $(srcdir)/compat/cpuset.c $(srcdir)/compat/cpuset.h config.h
cpuset.o: $(srcdir)/compat/cpuset.c config.h
explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h \
inet_aton.o: $(srcdir)/compat/inet_aton.c config.h
inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
@ -550,29 +584,39 @@ memcmp.o: $(srcdir)/compat/memcmp.c config.h
memmove.o: $(srcdir)/compat/memmove.c config.h
pselect.o: $(srcdir)/compat/pselect.c config.h
reallocarray.o: $(srcdir)/compat/reallocarray.c config.h
setproctitle.o: $(srcdir)/compat/setproctitle.c config.h
snprintf.o: $(srcdir)/compat/snprintf.c config.h
strlcat.o: $(srcdir)/compat/strlcat.c config.h
strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
strptime.o: $(srcdir)/compat/strptime.c
setproctitle.o: $(srcdir)/compat/setproctitle.c config.h
explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
cutest.o: $(srcdir)/tpkg/cutest/cutest.c config.h $(srcdir)/tpkg/cutest/cutest.h
cutest_dname.o: $(srcdir)/tpkg/cutest/cutest_dname.c config.h $(srcdir)/tpkg/cutest/cutest.h \
$(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h
cutest_dns.o: $(srcdir)/tpkg/cutest/cutest_dns.c config.h $(srcdir)/tpkg/cutest/cutest.h \
$(srcdir)/region-allocator.h $(srcdir)/dns.h
cutest_bitset.o: $(srcdir)/tpkg/cutest/cutest_bitset.c $(srcdir)/bitset.h \
$(srcdir)/tpkg/cutest/cutest.h
cutest.o: $(srcdir)/tpkg/cutest/cutest.c config.h \
$(srcdir)/tpkg/cutest/cutest.h
cutest_dname.o: $(srcdir)/tpkg/cutest/cutest_dname.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h
cutest_dns.o: $(srcdir)/tpkg/cutest/cutest_dns.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/dns.h
cutest_event.o: $(srcdir)/tpkg/cutest/cutest_event.c config.h \
$(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \
$(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/tpkg/cutest/cutest.h
cutest_iterated_hash.o: $(srcdir)/tpkg/cutest/cutest_iterated_hash.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/iterated_hash.h $(srcdir)/dname.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/util.h \
$(srcdir)/iterated_hash.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h
cutest_iter.o: $(srcdir)/tpkg/cutest/cutest_iter.c config.h $(srcdir)/nsd.h \
$(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/bitset.h $(srcdir)/options.h \
$(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/radtree.h $(srcdir)/tpkg/cutest/cutest.h
cutest_namedb.o: $(srcdir)/tpkg/cutest/cutest_namedb.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/options.h config.h \
$(srcdir)/region-allocator.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h \
$(srcdir)/radtree.h $(srcdir)/nsec3.h $(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/difffile.h $(srcdir)/namedb.h \
$(srcdir)/options.h $(srcdir)/zonec.h $(srcdir)/nsd.h $(srcdir)/edns.h
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/options.h $(srcdir)/region-allocator.h \
$(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/nsec3.h $(srcdir)/udb.h \
$(srcdir)/udbzone.h $(srcdir)/udb.h $(srcdir)/udbradtree.h $(srcdir)/difffile.h $(srcdir)/namedb.h $(srcdir)/options.h $(srcdir)/zonec.h $(srcdir)/nsd.h \
$(srcdir)/edns.h $(srcdir)/bitset.h
cutest_options.o: $(srcdir)/tpkg/cutest/cutest_options.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/options.h config.h \
$(srcdir)/region-allocator.h $(srcdir)/rbtree.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/dns.h \
$(srcdir)/edns.h
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/options.h $(srcdir)/region-allocator.h \
$(srcdir)/rbtree.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/bitset.h
cutest_popen3.o: $(srcdir)/tpkg/cutest/cutest_popen3.c config.h \
$(srcdir)/popen3.h $(srcdir)/tpkg/cutest/cutest.h
cutest_radtree.o: $(srcdir)/tpkg/cutest/cutest_radtree.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/radtree.h $(srcdir)/region-allocator.h $(srcdir)/util.h
cutest_rbtree.o: $(srcdir)/tpkg/cutest/cutest_rbtree.c config.h \
@ -580,23 +624,27 @@ cutest_rbtree.o: $(srcdir)/tpkg/cutest/cutest_rbtree.c config.h \
cutest_region.o: $(srcdir)/tpkg/cutest/cutest_region.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/rbtree.h \
$(srcdir)/region-allocator.h
cutest_rrl.o: $(srcdir)/tpkg/cutest/cutest_rrl.c config.h $(srcdir)/tpkg/cutest/cutest.h \
$(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h \
$(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h $(srcdir)/tsig.h
cutest_run.o: $(srcdir)/tpkg/cutest/cutest_run.c config.h $(srcdir)/tpkg/cutest/cutest.h \
$(srcdir)/tpkg/cutest/qtest.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/dns.h \
$(srcdir)/edns.h $(srcdir)/buffer.h
cutest_udb.o: $(srcdir)/tpkg/cutest/cutest_udb.c config.h $(srcdir)/tpkg/cutest/cutest.h \
$(srcdir)/udb.h
cutest_rrl.o: $(srcdir)/tpkg/cutest/cutest_rrl.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/rrl.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h \
$(srcdir)/packet.h $(srcdir)/tsig.h
cutest_run.o: $(srcdir)/tpkg/cutest/cutest_run.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/tpkg/cutest/qtest.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \
$(srcdir)/util.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h $(srcdir)/bitset.h
cutest_udb.o: $(srcdir)/tpkg/cutest/cutest_udb.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/udb.h
cutest_udbrad.o: $(srcdir)/tpkg/cutest/cutest_udbrad.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/udbradtree.h $(srcdir)/udb.h
cutest_util.o: $(srcdir)/tpkg/cutest/cutest_util.c config.h $(srcdir)/tpkg/cutest/cutest.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h
qtest.o: $(srcdir)/tpkg/cutest/qtest.c config.h $(srcdir)/tpkg/cutest/qtest.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/dns.h \
$(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/namedb.h $(srcdir)/util.h $(srcdir)/nsec3.h \
$(srcdir)/options.h config.h $(srcdir)/packet.h $(srcdir)/dname.h $(srcdir)/rdata.h
udb-inspect.o: $(srcdir)/tpkg/cutest/udb-inspect.c config.h $(srcdir)/udb.h $(srcdir)/udbradtree.h \
$(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/dns.h $(srcdir)/udbradtree.h $(srcdir)/util.h $(srcdir)/buffer.h $(srcdir)/region-allocator.h \
$(srcdir)/util.h $(srcdir)/packet.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/rdata.h \
$(srcdir)/namedb.h $(srcdir)/difffile.h $(srcdir)/options.h config.h
cutest_util.o: $(srcdir)/tpkg/cutest/cutest_util.c config.h \
$(srcdir)/tpkg/cutest/cutest.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h \
$(srcdir)/mini_event.h $(srcdir)/rbtree.h $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h
popen3_echo.o: $(srcdir)/tpkg/cutest/popen3_echo.c
qtest.o: $(srcdir)/tpkg/cutest/qtest.c config.h $(srcdir)/tpkg/cutest/qtest.h \
$(srcdir)/buffer.h $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/query.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \
$(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h $(srcdir)/nsd.h $(srcdir)/edns.h $(srcdir)/bitset.h $(srcdir)/packet.h $(srcdir)/tsig.h $(srcdir)/namedb.h \
$(srcdir)/util.h $(srcdir)/nsec3.h $(srcdir)/options.h $(srcdir)/packet.h $(srcdir)/dname.h $(srcdir)/rdata.h
udb-inspect.o: $(srcdir)/tpkg/cutest/udb-inspect.c config.h $(srcdir)/udb.h \
$(srcdir)/udbradtree.h $(srcdir)/udb.h $(srcdir)/udbzone.h $(srcdir)/dns.h $(srcdir)/udbradtree.h $(srcdir)/util.h $(srcdir)/buffer.h \
$(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/packet.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/radtree.h \
$(srcdir)/rbtree.h $(srcdir)/rdata.h $(srcdir)/namedb.h $(srcdir)/difffile.h $(srcdir)/options.h

6
usr.sbin/nsd/README.md
View File

@ -1,9 +1,9 @@
# NSD
[![Travis Build Status](https://travis-ci.org/NLnetLabs/nsd.svg?branch=master)](https://travis-ci.org/NLnetLabs/nsd)
[![Cirrus Build Status](https://api.cirrus-ci.com/github/NLnetLabs/nsd.svg)](https://cirrus-ci.com/github/NLnetLabs/nsd)
[![Cirrus Build Status](https://api.cirrus-ci.com/github/NLnetLabs/nsd.svg?branch=master)](https://cirrus-ci.com/github/NLnetLabs/nsd)
[![Packaging status](https://repology.org/badge/tiny-repos/nsd.svg)](https://repology.org/project/nsd/versions)
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1462/badge)](https://bestpractices.coreinfrastructure.org/projects/1462)
[![Mastodon Follow](https://img.shields.io/mastodon/follow/109262826617293067?domain=https%3A%2F%2Ffosstodon.org&style=social)](https://fosstodon.org/@nlnetlabs)
The NLnet Labs Name Server Daemon (NSD) is an authoritative DNS name server.
It has been developed for operations in environments where speed,
@ -28,7 +28,7 @@ The repository does not contain `./configure`, but you can generate it like
this (note that the `./configure` is included in release tarballs so they do not have to be generated):
```
aclocal && autoconf && autoheader
autoreconf -fi
```
NSD can be compiled and installed using:

36
usr.sbin/nsd/acx_nlnetlabs.m4
View File

@ -2,7 +2,9 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 44
# Version 46
# 2023-05-04 fix to remove unused whitespace.
# 2023-01-26 fix -Wstrict-prototypes.
# 2022-09-01 fix checking if nonblocking sockets work on OpenBSD.
# 2021-08-17 fix sed script in ssldir split handling.
# 2021-08-17 fix for openssl to detect split version, with ssldir_include
@ -187,7 +189,7 @@ dnl cache=`echo $1 | sed 'y%.=/+- %___p__%'`
AC_CACHE_VAL(cv_prog_cc_flag_needed_$cache,
[
echo '$2' > conftest.c
echo 'void f(){}' >>conftest.c
echo 'void f(void){}' >>conftest.c
if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then
eval "cv_prog_cc_flag_needed_$cache=no"
else
@ -233,7 +235,7 @@ dnl DEPFLAG: set to flag that generates dependencies.
AC_DEFUN([ACX_DEPFLAG],
[
AC_MSG_CHECKING([$CC dependency flag])
echo 'void f(){}' >conftest.c
echo 'void f(void){}' >conftest.c
if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then
DEPFLAG="-MM"
else
@ -272,7 +274,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAUL
#include <getopt.h>
#endif
int test() {
int test(void) {
int a;
char **opts = NULL;
struct timeval tv;
@ -309,7 +311,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAUL
#include <getopt.h>
#endif
int test() {
int test(void) {
int a;
char **opts = NULL;
struct timeval tv;
@ -335,7 +337,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG,
[
#include <stdbool.h>
#include <ctype.h>
int test() {
int test(void) {
int a = 0;
return a;
}
@ -345,7 +347,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE -D_DEFAULT_SOURCE,
[
#include <ctype.h>
int test() {
int test(void) {
int a;
a = isascii(32);
return a;
@ -356,7 +358,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE,
[
#include <netinet/in.h>
int test() {
int test(void) {
struct in6_pktinfo inf;
int a = (int)sizeof(inf);
return a;
@ -370,7 +372,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE -D_FRSRESGID,
[
#include <unistd.h>
int test() {
int test(void) {
int a = setresgid(0,0,0);
a = setresuid(0,0,0);
return a;
@ -385,7 +387,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D_POSIX_C_SOURCE=200112,
#endif
#include <netdb.h>
int test() {
int test(void) {
int a = 0;
char *t;
time_t time = 0;
@ -413,7 +415,7 @@ ACX_CHECK_COMPILER_FLAG_NEEDED(-D__EXTENSIONS__,
#include <getopt.h>
#endif
int test() {
int test(void) {
int a;
char **opts = NULL;
struct timeval tv;
@ -475,7 +477,7 @@ fi
dnl Setup ATTR_FORMAT config.h parts.
dnl make sure you call ACX_CHECK_FORMAT_ATTRIBUTE also.
AC_DEFUN([AHX_CONFIG_FORMAT_ATTRIBUTE],
[
[
#ifdef HAVE_ATTR_FORMAT
# define ATTR_FORMAT(archetype, string_index, first_to_check) \
__attribute__ ((format (archetype, string_index, first_to_check)))
@ -834,7 +836,7 @@ dnl try to see if an additional _LARGEFILE_SOURCE 1 is needed to get fseeko
ACX_CHECK_COMPILER_FLAG_NEEDED(-D_LARGEFILE_SOURCE=1,
[
#include <stdio.h>
int test() {
int test(void) {
int a = fseeko(stdin, 0, 0);
return a;
}
@ -859,7 +861,7 @@ char* (*f) () = getaddrinfo;
#ifdef __cplusplus
}
#endif
int main() {
int main(void) {
;
return 0;
}
@ -923,7 +925,7 @@ cache=`echo $1 | sed 'y%.=/+-%___p_%'`
AC_CACHE_VAL(cv_cc_deprecated_$cache,
[
echo '$3' >conftest.c
echo 'void f(){ $2 }' >>conftest.c
echo 'void f(void){ $2 }' >>conftest.c
if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then
eval "cv_cc_deprecated_$cache=no"
else
@ -1317,7 +1319,7 @@ AC_DEFUN([AHX_CONFIG_W32_FD_SET_T],
#ifdef HAVE_WINSOCK2_H
#define FD_SET_T (u_int)
#else
#define FD_SET_T
#define FD_SET_T
#endif
])
@ -1355,7 +1357,7 @@ dnl $3: define value, 1
AC_DEFUN([AHX_CONFIG_FLAG_OMITTED],
[#if defined($1) && !defined($2)
#define $2 $3
[#]endif ])
[#]endif])
dnl Wrapper for AHX_CONFIG_FLAG_OMITTED for -D style flags
dnl $1: the -DNAME or -DNAME=value string.

6
usr.sbin/nsd/answer.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _ANSWER_H_
#define _ANSWER_H_
#ifndef ANSWER_H
#define ANSWER_H
#include <sys/types.h>
@ -44,4 +44,4 @@ int answer_add_rrset(answer_type *answer, rr_section_type section,
domain_type *domain, rrset_type *rrset);
#endif /* _ANSWER_H_ */
#endif /* ANSWER_H */

14
usr.sbin/nsd/axfr.c
View File

@ -116,11 +116,25 @@ query_axfr(struct nsd *nsd, struct query *query, int wstats)
&& query->axfr_current_rrset->zone == query->axfr_zone)
{
while (query->axfr_current_rr < query->axfr_current_rrset->rr_count) {
size_t oldmaxlen = query->maxlen;
if(total_added == 0)
/* RR > 16K can be first RR */
query->maxlen = (query->tcp?TCP_MAX_MESSAGE_LEN:UDP_MAX_MESSAGE_LEN);
added = packet_encode_rr(
query,
query->axfr_current_domain,
&query->axfr_current_rrset->rrs[query->axfr_current_rr],
query->axfr_current_rrset->rrs[query->axfr_current_rr].ttl);
if(total_added == 0) {
query->maxlen = oldmaxlen;
if(query_overflow(query)) {
if(added) {
++total_added;
++query->axfr_current_rr;
goto return_answer;
}
}
}
if (!added)
goto return_answer;
++total_added;

6
usr.sbin/nsd/axfr.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _AXFR_H_
#define _AXFR_H_
#ifndef AXFR_H
#define AXFR_H
#include "nsd.h"
#include "query.h"
@ -22,4 +22,4 @@
query_state_type answer_axfr_ixfr(struct nsd *nsd, struct query *q);
query_state_type query_axfr(struct nsd *nsd, struct query *query, int wstats);
#endif /* _AXFR_H_ */
#endif /* AXFR_H */

6
usr.sbin/nsd/bitset.h
View File

@ -6,8 +6,8 @@
* See LICENSE for the license.
*
*/
#ifndef _BITSET_H_
#define _BITSET_H_
#ifndef BITSET_H
#define BITSET_H
#include <assert.h>
#include <limits.h>
@ -37,4 +37,4 @@ void nsd_bitset_or(
struct nsd_bitset *srcset1,
struct nsd_bitset *srcset2);
#endif /* _BITSET_H_ */
#endif /* BITSET_H */

6
usr.sbin/nsd/buffer.h
View File

@ -10,8 +10,8 @@
* the java.nio.Buffer interface.
*/
#ifndef _BUFFER_H_
#define _BUFFER_H_
#ifndef BUFFER_H
#define BUFFER_H
#include <assert.h>
#include <stdarg.h>
@ -411,4 +411,4 @@ buffer_read_u64(buffer_type *buffer)
int buffer_printf(buffer_type *buffer, const char *format, ...)
ATTR_FORMAT(printf, 2, 3);
#endif /* _BUFFER_H_ */
#endif /* BUFFER_H */

3
usr.sbin/nsd/config.h.in
View File

@ -592,9 +592,6 @@
safely assume C89 semantics that RETSIGTYPE is void.' */
#undef RETSIGTYPE
/* Define this to configure as a root server. */
#undef ROOT_SERVER
/* The size of `off_t', as computed by sizeof. */
#undef SIZEOF_OFF_T

6
usr.sbin/nsd/configlexer.lex
View File

@ -272,6 +272,12 @@ zonefiles-write{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ZONEFILES_WRITE;
dnstap{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP;}
dnstap-enable{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_ENABLE;}
dnstap-socket-path{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_SOCKET_PATH; }
dnstap-ip{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_IP; }
dnstap-tls{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_TLS; }
dnstap-tls-server-name{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_TLS_SERVER_NAME; }
dnstap-tls-cert-bundle{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_TLS_CERT_BUNDLE; }
dnstap-tls-client-key-file{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_TLS_CLIENT_KEY_FILE; }
dnstap-tls-client-cert-file{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_TLS_CLIENT_CERT_FILE; }
dnstap-send-identity{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_SEND_IDENTITY; }
dnstap-send-version{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_SEND_VERSION; }
dnstap-identity{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_DNSTAP_IDENTITY; }

18
usr.sbin/nsd/configparser.y
View File

@ -136,6 +136,12 @@ struct component {
%token VAR_DNSTAP
%token VAR_DNSTAP_ENABLE
%token VAR_DNSTAP_SOCKET_PATH
%token VAR_DNSTAP_IP
%token VAR_DNSTAP_TLS
%token VAR_DNSTAP_TLS_SERVER_NAME
%token VAR_DNSTAP_TLS_CERT_BUNDLE
%token VAR_DNSTAP_TLS_CLIENT_KEY_FILE
%token VAR_DNSTAP_TLS_CLIENT_CERT_FILE
%token VAR_DNSTAP_SEND_IDENTITY
%token VAR_DNSTAP_SEND_VERSION
%token VAR_DNSTAP_IDENTITY
@ -615,6 +621,18 @@ dnstap_option:
{ cfg_parser->opt->dnstap_enable = $2; }
| VAR_DNSTAP_SOCKET_PATH STRING
{ cfg_parser->opt->dnstap_socket_path = region_strdup(cfg_parser->opt->region, $2); }
| VAR_DNSTAP_IP STRING
{ cfg_parser->opt->dnstap_ip = region_strdup(cfg_parser->opt->region, $2); }
| VAR_DNSTAP_TLS boolean
{ cfg_parser->opt->dnstap_tls = $2; }
| VAR_DNSTAP_TLS_SERVER_NAME STRING
{ cfg_parser->opt->dnstap_tls_server_name = region_strdup(cfg_parser->opt->region, $2); }
| VAR_DNSTAP_TLS_CERT_BUNDLE STRING
{ cfg_parser->opt->dnstap_tls_cert_bundle = region_strdup(cfg_parser->opt->region, $2); }
| VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING
{ cfg_parser->opt->dnstap_tls_client_key_file = region_strdup(cfg_parser->opt->region, $2); }
| VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING
{ cfg_parser->opt->dnstap_tls_client_cert_file = region_strdup(cfg_parser->opt->region, $2); }
| VAR_DNSTAP_SEND_IDENTITY boolean
{ cfg_parser->opt->dnstap_send_identity = $2; }
| VAR_DNSTAP_SEND_VERSION boolean

51
usr.sbin/nsd/configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for NSD 4.6.1.
# Generated by GNU Autoconf 2.69 for NSD 4.7.0.
#
# Report bugs to <nsd-bugs@nlnetlabs.nl>.
#
@ -580,8 +580,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='NSD'
PACKAGE_TARNAME='nsd'
PACKAGE_VERSION='4.6.1'
PACKAGE_STRING='NSD 4.6.1'
PACKAGE_VERSION='4.7.0'
PACKAGE_STRING='NSD 4.7.0'
PACKAGE_BUGREPORT='nsd-bugs@nlnetlabs.nl'
PACKAGE_URL=''
@ -1328,7 +1328,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures NSD 4.6.1 to adapt to many kinds of systems.
\`configure' configures NSD 4.7.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1390,7 +1390,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of NSD 4.6.1:";;
short | recursive ) echo "Configuration of NSD 4.7.0:";;
esac
cat <<\_ACEOF
@ -1407,7 +1407,7 @@ Optional Features:
--enable-recvmmsg Enable recvmmsg and sendmmsg compilation, faster but
some kernel versions may have implementation
problems for IPv6
--enable-root-server Configure NSD as a root server
--enable-root-server Configure NSD as a root server (obsolete)
--disable-ipv6 Disables IPv6 support
--enable-bind8-stats Enables BIND8 like NSTATS & XSTATS and statistics in
nsd-control
@ -1563,7 +1563,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
NSD configure 4.6.1
NSD configure 4.7.0
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2272,7 +2272,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by NSD $as_me 4.6.1, which was
It was created by NSD $as_me 4.7.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -8057,6 +8057,9 @@ else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <sys/socket.h>
#include <errno.h>
int main(void)
@ -8093,6 +8096,9 @@ else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <sys/socket.h>
#include <errno.h>
int main(void)
@ -8836,17 +8842,6 @@ if test "${enable_root_server+set}" = set; then :
enableval=$enable_root_server;
fi
case "$enable_root_server" in
yes)
cat >>confdefs.h <<_ACEOF
#define ROOT_SERVER /**/
_ACEOF
;;
no|*)
;;
esac
# Check whether --enable-ipv6 was given.
if test "${enable_ipv6+set}" = set; then :
@ -8921,7 +8916,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then :
$as_echo_n "(cached) " >&6
else
echo 'void f(){}' >conftest.c
echo 'void f(void){}' >conftest.c
if test -z "`$CC -W -c conftest.c 2>&1`"; then
eval "cv_prog_cc_flag_$cache=yes"
else
@ -8952,7 +8947,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then :
$as_echo_n "(cached) " >&6
else
echo 'void f(){}' >conftest.c
echo 'void f(void){}' >conftest.c
if test -z "`$CC -Wall -c conftest.c 2>&1`"; then
eval "cv_prog_cc_flag_$cache=yes"
else
@ -8983,7 +8978,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then :
$as_echo_n "(cached) " >&6
else
echo 'void f(){}' >conftest.c
echo 'void f(void){}' >conftest.c
if test -z "`$CC -Wextra -c conftest.c 2>&1`"; then
eval "cv_prog_cc_flag_$cache=yes"
else
@ -9014,7 +9009,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then :
$as_echo_n "(cached) " >&6
else
echo 'void f(){}' >conftest.c
echo 'void f(void){}' >conftest.c
if test -z "`$CC -Wdeclaration-after-statement -c conftest.c 2>&1`"; then
eval "cv_prog_cc_flag_$cache=yes"
else
@ -9426,7 +9421,7 @@ else
echo '
#include <openssl/sha.h>
' >conftest.c
echo 'void f(){ (void)SHA1_Init(NULL); }' >>conftest.c
echo 'void f(void){ (void)SHA1_Init(NULL); }' >>conftest.c
if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then
eval "cv_cc_deprecated_$cache=no"
else
@ -9554,7 +9549,7 @@ else
echo '
#include <openssl/ssl.h>
' >conftest.c
echo 'void f(){ (void)ERR_load_SSL_strings(); }' >>conftest.c
echo 'void f(void){ (void)ERR_load_SSL_strings(); }' >>conftest.c
if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then
eval "cv_cc_deprecated_$cache=no"
else
@ -9585,8 +9580,6 @@ fi
LIBS="$BAKLIBS"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: No SSL, therefore remote-control is disabled" >&5
$as_echo "$as_me: WARNING: No SSL, therefore remote-control is disabled" >&2;}
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: No SSL, therefore TLS is disabled" >&5
$as_echo "$as_me: WARNING: No SSL, therefore TLS is disabled" >&2;}
fi
@ -10916,7 +10909,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by NSD $as_me 4.6.1, which was
This file was extended by NSD $as_me 4.7.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -10978,7 +10971,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
NSD config.status 4.6.1
NSD config.status 4.7.0
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

20
usr.sbin/nsd/configure.ac
View File

@ -5,7 +5,7 @@ dnl
sinclude(acx_nlnetlabs.m4)
sinclude(dnstap/dnstap.m4)
AC_INIT([NSD],[4.6.1],[nsd-bugs@nlnetlabs.nl])
AC_INIT([NSD],[4.7.0],[nsd-bugs@nlnetlabs.nl])
AC_CONFIG_HEADERS([config.h])
#
@ -296,7 +296,7 @@ AC_MSG_CHECKING(whether $CC supports -$1)
cache=`echo $1 | $SED 'y%.=/+-%___p_%'`
AC_CACHE_VAL(cv_prog_cc_flag_$cache,
[
echo 'void f(){}' >conftest.c
echo 'void f(void){}' >conftest.c
if test -z "`$CC -$1 -c conftest.c 2>&1`"; then
eval "cv_prog_cc_flag_$cache=yes"
else
@ -698,6 +698,9 @@ case "$enable_recvmmsg" in
yes)
AC_CHECK_FUNC([recvmmsg], [
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <sys/socket.h>
#include <errno.h>
int main(void)
@ -714,6 +717,9 @@ AC_DEFINE([HAVE_RECVMMSG], [1], [Define if recvmmsg exists])]
)])
AC_CHECK_FUNC([sendmmsg], [
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <sys/socket.h>
#include <errno.h>
int main(void)
@ -965,14 +971,7 @@ AC_DEFINE_UNQUOTED([TCP_TIMEOUT], $tcp_timeout, [Define to the default tcp timeo
dnl
dnl Features
dnl
AC_ARG_ENABLE(root-server, AS_HELP_STRING([--enable-root-server],[Configure NSD as a root server]))
case "$enable_root_server" in
yes)
AC_DEFINE_UNQUOTED([ROOT_SERVER], [], [Define this to configure as a root server.])
;;
no|*)
;;
esac
AC_ARG_ENABLE(root-server, AS_HELP_STRING([--enable-root-server],[Configure NSD as a root server (obsolete)]))
AC_ARG_ENABLE(ipv6, AS_HELP_STRING([--disable-ipv6],[Disables IPv6 support]))
case "$enable_ipv6" in
@ -1122,7 +1121,6 @@ AC_INCLUDES_DEFAULT
LIBS="$BAKLIBS"
else
AC_MSG_WARN([No SSL, therefore remote-control is disabled])
AC_MSG_WARN([No SSL, therefore TLS is disabled])
fi

6
usr.sbin/nsd/dname.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _DNAME_H_
#define _DNAME_H_
#ifndef DNAME_H
#define DNAME_H
#include <assert.h>
#include <stdio.h>
@ -381,4 +381,4 @@ char* wirelabel2str(const uint8_t* label);
/** check if two uncompressed dnames of the same total length are equal */
int dname_equal_nocase(uint8_t* a, uint8_t* b, uint16_t len);
#endif /* _DNAME_H_ */
#endif /* DNAME_H */

6
usr.sbin/nsd/dns.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _DNS_H_
#define _DNS_H_
#ifndef DNS_H
#define DNS_H
enum rr_section {
QUESTION_SECTION,
@ -305,4 +305,4 @@ operator++(rr_section_type &lhs)
}
#endif /* __cplusplus */
#endif /* _DNS_H_ */
#endif /* DNS_H */

457
usr.sbin/nsd/dnstap/dnstap.c
View File

@ -53,6 +53,15 @@
#include "dnstap/dnstap.h"
#include "dnstap/dnstap.pb-c.h"
#ifdef HAVE_SSL
#ifdef HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
#ifdef HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
#endif
#endif
#define DNSTAP_CONTENT_TYPE "protobuf:dnstap.Dnstap"
#define DNSTAP_INITIAL_BUF_SIZE 256
@ -120,6 +129,380 @@ dt_msg_init(const struct dt_env *env,
}
}
#ifdef HAVE_SSL
/** TLS writer object for fstrm. */
struct dt_tls_writer {
/* ip address */
char* ip;
/* if connected already */
int connected;
/* file descriptor */
int fd;
/* TLS context */
SSL_CTX* ctx;
/* SSL transport */
SSL* ssl;
/* the server name to authenticate */
char* tls_server_name;
};
void log_crypto_err(const char* str); /* in server.c */
/* Create TLS writer object for fstrm. */
static struct dt_tls_writer*
tls_writer_init(char* ip, char* tls_server_name, char* tls_cert_bundle,
char* tls_client_key_file, char* tls_client_cert_file)
{
struct dt_tls_writer* dtw = (struct dt_tls_writer*)calloc(1,
sizeof(*dtw));
if(!dtw) return NULL;
dtw->fd = -1;
dtw->ip = strdup(ip);
if(!dtw->ip) {
free(dtw);
return NULL;
}
dtw->ctx = SSL_CTX_new(SSLv23_client_method());
if(!dtw->ctx) {
log_msg(LOG_ERR, "dnstap: SSL_CTX_new failed");
free(dtw->ip);
free(dtw);
return NULL;
}
#if SSL_OP_NO_SSLv2 != 0
if((SSL_CTX_set_options(dtw->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
!= SSL_OP_NO_SSLv2) {
log_msg(LOG_ERR, "dnstap: could not set SSL_OP_NO_SSLv2");
SSL_CTX_free(dtw->ctx);
free(dtw->ip);
free(dtw);
return NULL;
}
#endif
if((SSL_CTX_set_options(dtw->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
!= SSL_OP_NO_SSLv3) {
log_msg(LOG_ERR, "dnstap: could not set SSL_OP_NO_SSLv3");
SSL_CTX_free(dtw->ctx);
free(dtw->ip);
free(dtw);
return NULL;
}
#if defined(SSL_OP_NO_RENEGOTIATION)
/* disable client renegotiation */
if((SSL_CTX_set_options(dtw->ctx, SSL_OP_NO_RENEGOTIATION) &
SSL_OP_NO_RENEGOTIATION) != SSL_OP_NO_RENEGOTIATION) {
log_msg(LOG_ERR, "dnstap: could not set SSL_OP_NO_RENEGOTIATION");
SSL_CTX_free(dtw->ctx);
free(dtw->ip);
free(dtw);
return NULL;
}
#endif
if(tls_client_key_file && tls_client_key_file[0]) {
if(!SSL_CTX_use_certificate_chain_file(dtw->ctx,
tls_client_cert_file)) {
log_msg(LOG_ERR, "dnstap: SSL_CTX_use_certificate_chain_file failed for %s", tls_client_cert_file);
SSL_CTX_free(dtw->ctx);
free(dtw->ip);
free(dtw);
return NULL;
}
if(!SSL_CTX_use_PrivateKey_file(dtw->ctx, tls_client_key_file,
SSL_FILETYPE_PEM)) {
log_msg(LOG_ERR, "dnstap: SSL_CTX_use_PrivateKey_file failed for %s", tls_client_key_file);
SSL_CTX_free(dtw->ctx);
free(dtw->ip);
free(dtw);
return NULL;
}
if(!SSL_CTX_check_private_key(dtw->ctx)) {
log_msg(LOG_ERR, "dnstap: SSL_CTX_check_private_key failed for %s", tls_client_key_file);
SSL_CTX_free(dtw->ctx);
free(dtw->ip);
free(dtw);
return NULL;
}
}
if(tls_cert_bundle && tls_cert_bundle[0]) {
if(!SSL_CTX_load_verify_locations(dtw->ctx, tls_cert_bundle, NULL)) {
log_msg(LOG_ERR, "dnstap: SSL_CTX_load_verify_locations failed for %s", tls_cert_bundle);
SSL_CTX_free(dtw->ctx);
free(dtw->ip);
free(dtw);
return NULL;
}
if(SSL_CTX_set_default_verify_paths(dtw->ctx) != 1) {
log_msg(LOG_ERR, "dnstap: SSL_CTX_set_default_verify_paths failed");
SSL_CTX_free(dtw->ctx);
free(dtw->ip);
free(dtw);
return NULL;
}
SSL_CTX_set_verify(dtw->ctx, SSL_VERIFY_PEER, NULL);
}
if(tls_server_name) {
dtw->tls_server_name = strdup(tls_server_name);
if(!dtw->tls_server_name) {
log_msg(LOG_ERR, "dnstap: strdup failed");
SSL_CTX_free(dtw->ctx);
free(dtw->ip);
free(dtw);
return NULL;
}
}
return dtw;
}
/* Delete TLS writer object */
static void
tls_writer_delete(struct dt_tls_writer* dtw)
{
if(!dtw)
return;
if(dtw->ssl)
SSL_shutdown(dtw->ssl);
SSL_free(dtw->ssl);
dtw->ssl = NULL;
SSL_CTX_free(dtw->ctx);
if(dtw->fd != -1) {
close(dtw->fd);
dtw->fd = -1;
}
free(dtw->ip);
free(dtw->tls_server_name);
free(dtw);
}
/* The fstrm writer destroy callback for TLS */
static fstrm_res
dt_tls_writer_destroy(void* obj)
{
struct dt_tls_writer* dtw = (struct dt_tls_writer*)obj;
tls_writer_delete(dtw);
return fstrm_res_success;
}
/* The fstrm writer open callback for TLS */
static fstrm_res
dt_tls_writer_open(void* obj)
{
struct sockaddr_storage addr;
socklen_t addrlen;
char* svr, *at = NULL;
int port = 3333;
int addrfamily;
struct dt_tls_writer* dtw = (struct dt_tls_writer*)obj;
X509* x;
/* skip action if already connected */
if(dtw->connected)
return fstrm_res_success;
/* figure out port number */
svr = dtw->ip;
at = strchr(svr, '@');
if(at != NULL) {
*at = 0;
port = atoi(at+1);
}
/* parse addr */
memset(&addr, 0, sizeof(addr));
#ifdef INET6
if(strchr(svr, ':')) {
struct sockaddr_in6 sa;
addrlen = (socklen_t)sizeof(struct sockaddr_in6);
memset(&sa, 0, addrlen);
sa.sin6_family = AF_INET6;
sa.sin6_port = (in_port_t)htons((uint16_t)port);
if(inet_pton((int)sa.sin6_family, svr, &sa.sin6_addr) <= 0) {
log_msg(LOG_ERR, "dnstap: could not parse IP: %s", svr);
if(at != NULL)
*at = '@';
return fstrm_res_failure;
}
memcpy(&addr, &sa, addrlen);
addrfamily = AF_INET6;
} else
#else
if(1)
#endif
{
struct sockaddr_in sa;
addrlen = (socklen_t)sizeof(struct sockaddr_in);
memset(&sa, 0, addrlen);
sa.sin_family = AF_INET;
sa.sin_port = (in_port_t)htons((uint16_t)port);
if(inet_pton((int)sa.sin_family, svr, &sa.sin_addr) <= 0) {
log_msg(LOG_ERR, "dnstap: could not parse IP: %s", svr);
if(at != NULL)
*at = '@';
return fstrm_res_failure;
}
memcpy(&addr, &sa, addrlen);
addrfamily = AF_INET;
}
if(at != NULL)
*at = '@';
/* open socket */
dtw->fd = socket(addrfamily, SOCK_STREAM, 0);
if(dtw->fd == -1) {
log_msg(LOG_ERR, "dnstap: socket failed: %s", strerror(errno));
return fstrm_res_failure;
}
if(connect(dtw->fd, (struct sockaddr*)&addr, addrlen) < 0) {
log_msg(LOG_ERR, "dnstap: connect failed: %s", strerror(errno));
return fstrm_res_failure;
}
dtw->connected = 1;
/* setup SSL */
dtw->ssl = SSL_new(dtw->ctx);
if(!dtw->ssl) {
log_msg(LOG_ERR, "dnstap: SSL_new failed");
return fstrm_res_failure;
}
SSL_set_connect_state(dtw->ssl);
(void)SSL_set_mode(dtw->ssl, SSL_MODE_AUTO_RETRY);
if(!SSL_set_fd(dtw->ssl, dtw->fd)) {
log_msg(LOG_ERR, "dnstap: SSL_set_fd failed");
return fstrm_res_failure;
}
if(dtw->tls_server_name && dtw->tls_server_name[0]) {
if(!SSL_set1_host(dtw->ssl, dtw->tls_server_name)) {
log_msg(LOG_ERR, "dnstap: TLS setting of hostname %s failed to %s",
dtw->tls_server_name, dtw->ip);
return fstrm_res_failure;
}
}
/* handshake */
while(1) {
int r;
ERR_clear_error();
if( (r=SSL_do_handshake(dtw->ssl)) == 1)
break;
r = SSL_get_error(dtw->ssl, r);
if(r != SSL_ERROR_WANT_READ && r != SSL_ERROR_WANT_WRITE) {
if(r == SSL_ERROR_ZERO_RETURN) {
log_msg(LOG_ERR, "dnstap: EOF on SSL_do_handshake");
return fstrm_res_failure;
}
if(r == SSL_ERROR_SYSCALL) {
log_msg(LOG_ERR, "dnstap: SSL_do_handshake failed: %s", strerror(errno));
return fstrm_res_failure;
}
log_crypto_err("dnstap: SSL_do_handshake failed");
return fstrm_res_failure;
}
/* wants to be called again */
}
/* check authenticity of server */
if(SSL_get_verify_result(dtw->ssl) != X509_V_OK) {
log_crypto_err("SSL verification failed");
return fstrm_res_failure;
}
x = SSL_get_peer_certificate(dtw->ssl);
if(!x) {
log_crypto_err("Server presented no peer certificate");
return fstrm_res_failure;
}
X509_free(x);
return fstrm_res_success;
}
/* The fstrm writer close callback for TLS */
static fstrm_res
dt_tls_writer_close(void* obj)
{
struct dt_tls_writer* dtw = (struct dt_tls_writer*)obj;
if(dtw->connected) {
dtw->connected = 0;
if(dtw->ssl)
SSL_shutdown(dtw->ssl);
SSL_free(dtw->ssl);
dtw->ssl = NULL;
if(dtw->fd != -1) {
close(dtw->fd);
dtw->fd = -1;
}
return fstrm_res_success;
}
return fstrm_res_failure;
}
/* The fstrm writer read callback for TLS */
static fstrm_res
dt_tls_writer_read(void* obj, void* buf, size_t nbytes)
{
/* want to read nbytes of data */
struct dt_tls_writer* dtw = (struct dt_tls_writer*)obj;
size_t nread = 0;
if(!dtw->connected)
return fstrm_res_failure;
while(nread < nbytes) {
int r;
ERR_clear_error();
if((r = SSL_read(dtw->ssl, ((char*)buf)+nread, nbytes-nread)) <= 0) {
r = SSL_get_error(dtw->ssl, r);
if(r == SSL_ERROR_ZERO_RETURN) {
log_msg(LOG_ERR, "dnstap: EOF from %s",
dtw->ip);
return fstrm_res_failure;
}
if(r == SSL_ERROR_SYSCALL) {
log_msg(LOG_ERR, "dnstap: read %s: %s",
dtw->ip, strerror(errno));
return fstrm_res_failure;
}
if(r == SSL_ERROR_SSL) {
log_crypto_err("dnstap: could not SSL_read");
return fstrm_res_failure;
}
log_msg(LOG_ERR, "dnstap: SSL_read failed with err %d",
r);
return fstrm_res_failure;
}
nread += r;
}
return fstrm_res_success;
}
/* The fstrm writer write callback for TLS */
static fstrm_res
dt_tls_writer_write(void* obj, const struct iovec* iov, int iovcnt)
{
struct dt_tls_writer* dtw = (struct dt_tls_writer*)obj;
int i;
if(!dtw->connected)
return fstrm_res_failure;
for(i=0; i<iovcnt; i++) {
if(SSL_write(dtw->ssl, iov[i].iov_base, (int)(iov[i].iov_len)) <= 0) {
log_crypto_err("dnstap: could not SSL_write");
return fstrm_res_failure;
}
}
return fstrm_res_success;
}
/* Create the fstrm writer object for TLS */
static struct fstrm_writer*
dt_tls_make_writer(struct fstrm_writer_options* fwopt,
struct dt_tls_writer* dtw)
{
struct fstrm_rdwr* rdwr = fstrm_rdwr_init(dtw);
fstrm_rdwr_set_destroy(rdwr, dt_tls_writer_destroy);
fstrm_rdwr_set_open(rdwr, dt_tls_writer_open);
fstrm_rdwr_set_close(rdwr, dt_tls_writer_close);
fstrm_rdwr_set_read(rdwr, dt_tls_writer_read);
fstrm_rdwr_set_write(rdwr, dt_tls_writer_write);
return fstrm_writer_init(fwopt, &rdwr);
}
#endif /* HAVE_SSL */
/* check that the socket file can be opened and exists, print error if not */
static void
check_socket_file(const char* socket_path)
@ -133,22 +516,30 @@ check_socket_file(const char* socket_path)
}
struct dt_env *
dt_create(const char *socket_path, unsigned num_workers)
dt_create(const char *socket_path, char* ip, unsigned num_workers,
int tls, char* tls_server_name, char* tls_cert_bundle,
char* tls_client_key_file, char* tls_client_cert_file)
{
#ifndef NDEBUG
fstrm_res res;
#endif
struct dt_env *env;
struct fstrm_iothr_options *fopt;
struct fstrm_unix_writer_options *fuwopt;
struct fstrm_unix_writer_options *fuwopt = NULL;
struct fstrm_tcp_writer_options *ftwopt = NULL;
struct fstrm_writer *fw;
struct fstrm_writer_options *fwopt;
VERBOSITY(1, (LOG_INFO, "attempting to connect to dnstap socket %s",
socket_path));
assert(socket_path != NULL);
assert(num_workers > 0);
check_socket_file(socket_path);
if(ip == NULL || ip[0] == 0) {
VERBOSITY(1, (LOG_INFO, "attempting to connect to dnstap socket %s",
socket_path));
assert(socket_path != NULL);
check_socket_file(socket_path);
} else {
VERBOSITY(1, (LOG_INFO, "attempting to connect to dnstap %ssocket %s",
(tls?"tls ":""), ip));
}
env = (struct dt_env *) calloc(1, sizeof(struct dt_env));
if (!env)
@ -164,10 +555,50 @@ dt_create(const char *socket_path, unsigned num_workers)
DNSTAP_CONTENT_TYPE, sizeof(DNSTAP_CONTENT_TYPE) - 1);
assert(res == fstrm_res_success);
fuwopt = fstrm_unix_writer_options_init();
fstrm_unix_writer_options_set_socket_path(fuwopt, socket_path);
fw = fstrm_unix_writer_init(fuwopt, fwopt);
if(ip == NULL || ip[0] == 0) {
fuwopt = fstrm_unix_writer_options_init();
fstrm_unix_writer_options_set_socket_path(fuwopt, socket_path);
} else {
char* at = strchr(ip, '@');
if(!tls) {
ftwopt = fstrm_tcp_writer_options_init();
if(at == NULL) {
fstrm_tcp_writer_options_set_socket_address(ftwopt, ip);
fstrm_tcp_writer_options_set_socket_port(ftwopt, "3333");
} else {
*at = 0;
fstrm_tcp_writer_options_set_socket_address(ftwopt, ip);
fstrm_tcp_writer_options_set_socket_port(ftwopt, at+1);
*at = '@';
}
} else {
#ifdef HAVE_SSL
env->tls_writer = tls_writer_init(ip, tls_server_name,
tls_cert_bundle, tls_client_key_file,
tls_client_cert_file);
#else
(void)tls_server_name;
(void)tls_cert_bundle;
(void)tls_client_key_file;
(void)tls_client_cert_file;
log_msg(LOG_ERR, "dnstap: tls enabled but compiled without ssl.");
#endif
if(!env->tls_writer) {
log_msg(LOG_ERR, "dt_create: tls_writer_init() failed");
fstrm_writer_options_destroy(&fwopt);
free(env);
return NULL;
}
}
}
if(ip == NULL || ip[0] == 0)
fw = fstrm_unix_writer_init(fuwopt, fwopt);
else if(!tls)
fw = fstrm_tcp_writer_init(ftwopt, fwopt);
#ifdef HAVE_SSL
else
fw = dt_tls_make_writer(fwopt, env->tls_writer);
#endif
assert(fw != NULL);
fopt = fstrm_iothr_options_init();
@ -180,7 +611,11 @@ dt_create(const char *socket_path, unsigned num_workers)
env = NULL;
}
fstrm_iothr_options_destroy(&fopt);
fstrm_unix_writer_options_destroy(&fuwopt);
if(ip == NULL || ip[0] == 0)
fstrm_unix_writer_options_destroy(&fuwopt);
else if(!tls)
fstrm_tcp_writer_options_destroy(&ftwopt);
fstrm_writer_options_destroy(&fwopt);
return env;

19
usr.sbin/nsd/dnstap/dnstap.h
View File

@ -42,6 +42,7 @@
struct nsd_options;
struct fstrm_io;
struct fstrm_queue;
struct dt_tls_writer;
struct dt_env {
/** dnstap I/O thread */
@ -66,6 +67,9 @@ struct dt_env {
unsigned log_auth_query_messages : 1;
/** whether to log Message/AUTH_RESPONSE */
unsigned log_auth_response_messages : 1;
/** tls writer object, or NULL */
struct dt_tls_writer* tls_writer;
};
/**
@ -75,12 +79,23 @@ struct dt_env {
* of the structure) to ensure lock-free access to its own per-worker circular
* queue. Duplicate the environment object if more than one worker needs to
* share access to the dnstap I/O socket.
* @param socket_path: path to dnstap logging socket, must be non-NULL.
* @param socket_path: path to dnstap logging socket, must be non-NULL if used.
* @param ip: if NULL or "" use socket path, otherwise IP or IP@port.
* @param num_workers: number of worker threads, must be > 0.
* @param tls: set to true to use TLS, otherwise, TCP. Used when ip is set.
* @param tls_server_name: name for authenticating the upstream server, or
* NULL or "".
* @param tls_cert_bundle: pem bundle to verify server with. Or NULL or "".
* @param tls_client_key_file: key file for client authentication. Or NULL
* or "".
* @param tls_client_cert_file: cert file for client authentication. Or NULL
* or "".
* @return dt_env object, NULL on failure.
*/
struct dt_env *
dt_create(const char *socket_path, unsigned num_workers);
dt_create(const char *socket_path, char* ip, unsigned num_workers,
int tls, char* tls_server_name, char* tls_cert_bundle,
char* tls_client_key_file, char* tls_client_cert_file);
/**
* Apply config settings.

11
usr.sbin/nsd/dnstap/dnstap_collector.c
View File

@ -32,6 +32,7 @@
#include "buffer.h"
#include "namedb.h"
#include "options.h"
#include "remote.h"
#include "udb.h"
#include "rrl.h"
@ -279,7 +280,12 @@ static void dt_init_dnstap(struct dt_collector* dt_col, struct nsd* nsd)
nsd->options->dnstap_socket_path += l;
}
#endif
dt_col->dt_env = dt_create(nsd->options->dnstap_socket_path, num_workers);
dt_col->dt_env = dt_create(nsd->options->dnstap_socket_path,
nsd->options->dnstap_ip, num_workers, nsd->options->dnstap_tls,
nsd->options->dnstap_tls_server_name,
nsd->options->dnstap_tls_cert_bundle,
nsd->options->dnstap_tls_client_key_file,
nsd->options->dnstap_tls_client_cert_file);
if(!dt_col->dt_env) {
log_msg(LOG_ERR, "could not create dnstap env");
return;
@ -308,6 +314,9 @@ static void dt_collector_cleanup(struct dt_collector* dt_col, struct nsd* nsd)
free(dt_col->inputs);
}
dt_collector_destroy(dt_col, nsd);
daemon_remote_delete(nsd->rc); /* ssl-delete secret keys */
nsd_options_destroy(nsd->options);
region_destroy(nsd->region);
#endif
}

83
usr.sbin/nsd/doc/ChangeLog
View File

@ -1,3 +1,86 @@
31 May 2023: Wouter
- Add missing items to doc/RELNOTES.
- Tag for 4.7.0rc1.
30 May 2023: Jeroen
- Fix #240: Prefix messages originating from verifier.
- Fix #275: Drop unnecessary root server checks.
30 May 2023: Wouter
- Next version is 4.7.0, instead of 4.6.2, because of the added
features, like TLS for DNSTAP.
- Fix unused variable warning in unit test, from clang compile.
24 May 2023: Wouter
- For #279: Note that autoreconf -fi creates the configure script
and also the needed auxiliary files, for autoconf 2.69 and 2.71.
4 May 2023: Wouter
- Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
1 May 2023: Wouter
- make depend.
- Fix for build to run flex and bison before compiling code that needs
the headers.
13 April 2023: Wouter
- Fix cirrus script for submit to coverity scan to libtoolize
the configure script components config.guess and config.sub.
- Fix readme status badge links.
28 March 2023: Wouter
- Fix #273: Large TXT record breaks AXFR.
- Fix ixfr create from adding too many record types.
16 March 2023: Wouter
- Fix include brackets for ssl.h include statements, instead of quotes.
- Fix static analyzer warning about nsd_event_method initialization.
15 March 2023: Wouter
- Dnstap tls code fixes.
14 March 2023: Wouter
- Fix dnstap to not check socket path when using IP address.
- dnstap over TLS, default enabled. Configured with the
options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
- Fix to compile without ssl with dnstap-tls code.
9 March 2023: Wouter
- Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
- Fix to clean more memory on exit of dnstap collector.
23 February 2023: Wouter
- Fix #270: reserved identifier violation.
20 February 2023: Wouter
- Merge #269 from Fale: Add systemd service unit.
16 February 2023: Wouter
- Fix #266: Fix build with --without-ssl.
- Fix #267: Allow unencrypted local operation of nsd-control.
- Fix for #267: neater variable definitions.
2 February 2023: Wouter
- Merge #265: Fix C99 compatibility issue.
30 January 2023: Wouter
- Merge #263: Add bash autocompletion script for nsd-control.
- Fix for #262: More error logging for SSL read failures for zone
transfers.
27 January 2023: Wouter
- Fix #262: Zone(s) not synchronizing properly via TLS.
- Fix ixfr_and_restart test to wait for processes to come to a stop.
26 January 2023: Wouter
- Fix configure for -Wstrict-prototypes.
10 November 2022: Wouter
- Tag for NSD 4.6.1, the repository continues with version 4.6.2.
- Fix #239: -Wincompatible-pointer-types warning in remote.c.
- Fix unit tests to succeed with --disable-bind8-stats.
1 November 2022: Wouter
- Fixup for non-trailing newline lexer change warnings.
- Update doc/RELNOTES for changes.

10
usr.sbin/nsd/doc/README
View File

@ -21,7 +21,7 @@
1.0 Introduction
This is NSD Name Server Daemon (NSD) version 4.6.1.
This is NSD Name Server Daemon (NSD) version 4.7.0.
The NLnet Labs Name Server Daemon (NSD) is an authoritative RFC compliant
DNS nameserver. It was first conceived to allow for more genetic
@ -57,7 +57,7 @@ and uses a simple configuration file 'nsd.conf'.
1.2 Quick build and install
Step 1: Unpack the source with gtar -xzvf nsd-4.6.1.tar.gz
Step 1: Unpack the source with gtar -xzvf nsd-4.7.0.tar.gz
Step 2: Create user nsd or any other unprivileged user of your
choice. In case of later make sure to use
@ -111,9 +111,9 @@ Step 11: If desired add 'nsd-control write' to your superuser crontab to
Use your favorite combination of tar and gnu zip to unpack the source,
for example
$ gtar -xzvf nsd-4.6.1.tar.gz
$ gtar -xzvf nsd-4.7.0.tar.gz
will unpack the source into the ./nsd-4.6.1 directory...
will unpack the source into the ./nsd-4.7.0 directory...
2.2 Configuring NSD
@ -927,4 +927,4 @@ larger and regular donations please contact us at users@NLnetLabs.nl. Also
see http://www.nlnetlabs.nl/labs/contributors/.
$Id: README,v 1.5 2022/11/14 21:09:32 sthen Exp $
$Id: README,v 1.6 2023/06/29 19:38:50 florian Exp $

41
usr.sbin/nsd/doc/RELNOTES
View File

@ -1,5 +1,46 @@
NSD RELEASE NOTES
4.7.0
================
FEATURES:
- Merge #263: Add bash autocompletion script for nsd-control.
- Fix #267: Allow unencrypted local operation of nsd-control.
- Merge #269 from Fale: Add systemd service unit.
- Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
- dnstap over TLS, default enabled. Configured with the
options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
BUG FIXES:
- Fix #239: -Wincompatible-pointer-types warning in remote.c.
- Fix configure for -Wstrict-prototypes.
- Fix #262: Zone(s) not synchronizing properly via TLS.
- Fix for #262: More error logging for SSL read failures for zone
transfers.
- Merge #265: Fix C99 compatibility issue.
- Fix #266: Fix build with --without-ssl.
- Fix for #267: neater variable definitions.
- Fix #270: reserved identifier violation.
- Fix to clean more memory on exit of dnstap collector.
- Fix dnstap to not check socket path when using IP address.
- Fix to compile without ssl with dnstap-tls code.
- Dnstap tls code fixes.
- Fix include brackets for ssl.h include statements, instead of quotes.
- Fix static analyzer warning about nsd_event_method initialization.
- Fix #273: Large TXT record breaks AXFR.
- Fix ixfr create from adding too many record types.
- Fix cirrus script for submit to coverity scan to libtoolize
the configure script components config.guess and config.sub.
- Fix readme status badge links.
- make depend.
- Fix for build to run flex and bison before compiling code that needs
the headers.
- Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
- For #279: Note that autoreconf -fi creates the configure script
and also the needed auxiliary files, for autoconf 2.69 and 2.71.
- Fix unused variable warning in unit test, from clang compile.
- Fix #240: Prefix messages originating from verifier.
- Fix #275: Drop unnecessary root server checks.
4.6.1
================
FEATURES:

6
usr.sbin/nsd/edns.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _EDNS_H_
#define _EDNS_H_
#ifndef EDNS_H
#define EDNS_H
#include "buffer.h"
struct nsd;
@ -103,4 +103,4 @@ void edns_init_nsid(edns_data_type *data, uint16_t nsid_len);
void cookie_verify(struct query *q, struct nsd* nsd, uint32_t *now_p);
void cookie_create(struct query *q, struct nsd* nsd, uint32_t *now_p);
#endif /* _EDNS_H_ */
#endif /* EDNS_H */

49
usr.sbin/nsd/ixfr.c
View File

@ -261,7 +261,8 @@ static int pktcompression_write_dname(struct buffer* packet,
/* write an RR into the packet with compression for domain names,
* return 0 and resets position if it does not fit in the packet. */
static int ixfr_write_rr_pkt(struct query* query, struct buffer* packet,
struct pktcompression* pcomp, const uint8_t* rr, size_t rrlen)
struct pktcompression* pcomp, const uint8_t* rr, size_t rrlen,
uint16_t total_added)
{
size_t oldpos = buffer_position(packet);
size_t rdpos;
@ -271,10 +272,21 @@ static int ixfr_write_rr_pkt(struct query* query, struct buffer* packet,
size_t i;
rrtype_descriptor_type* descriptor;
if(buffer_position(packet) > MAX_COMPRESSION_OFFSET
|| query_overflow(query)) {
/* we are past the maximum length */
return 0;
if(total_added == 0) {
size_t oldmaxlen = query->maxlen;
/* RR > 16K can be first RR */
query->maxlen = (query->tcp?TCP_MAX_MESSAGE_LEN:UDP_MAX_MESSAGE_LEN);
if(query_overflow(query)) {
query->maxlen = oldmaxlen;
return 0;
}
query->maxlen = oldmaxlen;
} else {
if(buffer_position(packet) > MAX_COMPRESSION_OFFSET
|| query_overflow(query)) {
/* we are past the maximum length */
return 0;
}
}
/* write owner */
@ -401,10 +413,21 @@ static int ixfr_write_rr_pkt(struct query* query, struct buffer* packet,
}
/* write compressed rdata length */
buffer_write_u16_at(packet, rdpos, buffer_position(packet)-rdpos-2);
if(query_overflow(query)) {
/* we are past the maximum length */
buffer_set_position(packet, oldpos);
return 0;
if(total_added == 0) {
size_t oldmaxlen = query->maxlen;
query->maxlen = (query->tcp?TCP_MAX_MESSAGE_LEN:UDP_MAX_MESSAGE_LEN);
if(query_overflow(query)) {
query->maxlen = oldmaxlen;
buffer_set_position(packet, oldpos);
return 0;
}
query->maxlen = oldmaxlen;
} else {
if(query_overflow(query)) {
/* we are past the maximum length */
buffer_set_position(packet, oldpos);
return 0;
}
}
return 1;
}
@ -658,7 +681,7 @@ static uint16_t ixfr_copy_rrs_into_packet(struct query* query,
* the final SOA of the result of the IXFR */
if(ixfr_write_rr_pkt(query, query->packet, pcomp,
query->ixfr_end_data->newsoa,
query->ixfr_end_data->newsoa_len)) {
query->ixfr_end_data->newsoa_len, total_added)) {
query->ixfr_count_newsoa = query->ixfr_end_data->newsoa_len;
total_added++;
query->ixfr_pos_of_newsoa = buffer_position(query->packet);
@ -672,7 +695,7 @@ static uint16_t ixfr_copy_rrs_into_packet(struct query* query,
if(query->ixfr_count_oldsoa < query->ixfr_data->oldsoa_len) {
if(ixfr_write_rr_pkt(query, query->packet, pcomp,
query->ixfr_data->oldsoa,
query->ixfr_data->oldsoa_len)) {
query->ixfr_data->oldsoa_len, total_added)) {
query->ixfr_count_oldsoa = query->ixfr_data->oldsoa_len;
total_added++;
} else {
@ -687,7 +710,7 @@ static uint16_t ixfr_copy_rrs_into_packet(struct query* query,
query->ixfr_data->del_len, query->ixfr_count_del);
if(rrlen && ixfr_write_rr_pkt(query, query->packet, pcomp,
query->ixfr_data->del + query->ixfr_count_del,
rrlen)) {
rrlen, total_added)) {
query->ixfr_count_del += rrlen;
total_added++;
} else {
@ -703,7 +726,7 @@ static uint16_t ixfr_copy_rrs_into_packet(struct query* query,
query->ixfr_data->add_len, query->ixfr_count_add);
if(rrlen && ixfr_write_rr_pkt(query, query->packet, pcomp,
query->ixfr_data->add + query->ixfr_count_add,
rrlen)) {
rrlen, total_added)) {
query->ixfr_count_add += rrlen;
total_added++;
} else {

6
usr.sbin/nsd/ixfr.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _IXFR_H_
#define _IXFR_H_
#ifndef IXFR_H
#define IXFR_H
struct nsd;
#include "query.h"
#include "rbtree.h"
@ -265,4 +265,4 @@ int ixfr_unlink_it(const char* zname, const char* zfile, int file_num,
void ixfr_delete_superfluous_files(struct zone* zone, const char* zfile,
int dest_num_files);
#endif /* _IXFR_H_ */
#endif /* IXFR_H */

4
usr.sbin/nsd/ixfrcreate.c
View File

@ -533,16 +533,14 @@ static int process_marktypes(struct ixfr_store* store, struct zone* zone,
/* walk through the rrsets in the zone, if it is not in the
* marktypes list, then it is new and an added RRset */
rrset_type* s;
size_t atmarktype = 0;
qsort(marktypes, marktypes_used, sizeof(marktypes[0]), &sort_uint16);
for(s=domain->rrsets; s; s=s->next) {
uint16_t tp;
if(s->zone != zone)
continue;
tp = rrset_rrtype(s);
if(atmarktype < marktypes_used && marktypes[atmarktype]==tp) {
if(bsearch(&tp, marktypes, marktypes_used, sizeof(marktypes[0]), &sort_uint16)) {
/* the item is in the marked list, skip it */
atmarktype++;
continue;
}
if(!process_add_rrset(store, domain, s))

6
usr.sbin/nsd/ixfrcreate.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _IXFRCREATE_H_
#define _IXFRCREATE_H_
#ifndef IXFRCREATE_H
#define IXFRCREATE_H
#include "dns.h"
struct zone;
struct nsd;
@ -83,4 +83,4 @@ struct spool_dname_iterator {
char* file_name;
};
#endif /* _IXFRCREATE_H_ */
#endif /* IXFRCREATE_H */

6
usr.sbin/nsd/namedb.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _NAMEDB_H_
#define _NAMEDB_H_
#ifndef NAMEDB_H
#define NAMEDB_H
#include <stdio.h>
@ -466,4 +466,4 @@ void zone_rr_iter_init(zone_rr_iter_type *iter, zone_type *zone);
rr_type *zone_rr_iter_next(zone_rr_iter_type *iter);
#endif /* _NAMEDB_H_ */
#endif /* NAMEDB_H */

6
usr.sbin/nsd/netio.h
View File

@ -38,8 +38,8 @@
* blocked in pselect(2).
*/
#ifndef _NETIO_H_
#define _NETIO_H_
#ifndef NETIO_H
#define NETIO_H
#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
@ -187,4 +187,4 @@ operator |= (netio_event_types_type &lhs, netio_event_types_type rhs) {
}
#endif /* __cplusplus */
#endif /* _NETIO_H_ */
#endif /* NETIO_H */

2
usr.sbin/nsd/nsd-checkconf.8.in
View File

@ -1,4 +1,4 @@
.TH "nsd\-checkconf" "8" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1"
.TH "nsd\-checkconf" "8" "Jun 7, 2023" "NLnet Labs" "nsd 4.7.0"
.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"

19
usr.sbin/nsd/nsd-checkconf.c
View File

@ -468,6 +468,12 @@ config_print_zone(nsd_options_type* opt, const char* k, int s, const char *o,
#ifdef USE_DNSTAP
SERV_GET_BIN(dnstap_enable, o);
SERV_GET_STR(dnstap_socket_path, o);
SERV_GET_STR(dnstap_ip, o);
SERV_GET_BIN(dnstap_tls, o);
SERV_GET_STR(dnstap_tls_server_name, o);
SERV_GET_STR(dnstap_tls_cert_bundle, o);
SERV_GET_STR(dnstap_tls_client_key_file, o);
SERV_GET_STR(dnstap_tls_client_cert_file, o);
SERV_GET_BIN(dnstap_send_identity, o);
SERV_GET_BIN(dnstap_send_version, o);
SERV_GET_STR(dnstap_identity, o);
@ -699,6 +705,12 @@ config_test_print_server(nsd_options_type* opt)
printf("\ndnstap:\n");
printf("\tdnstap-enable: %s\n", opt->dnstap_enable?"yes":"no");
print_string_var("dnstap-socket-path:", opt->dnstap_socket_path);
print_string_var("dnstap-ip:", opt->dnstap_ip);
printf("\tdnstap-tls: %s\n", opt->dnstap_tls?"yes":"no");
print_string_var("dnstap-tls-server-name:", opt->dnstap_tls_server_name);
print_string_var("dnstap-tls-cert-bundle:", opt->dnstap_tls_cert_bundle);
print_string_var("dnstap-tls-client-key-file:", opt->dnstap_tls_client_key_file);
print_string_var("dnstap-tls-client-cert-file:", opt->dnstap_tls_client_cert_file);
printf("\tdnstap-send-identity: %s\n", opt->dnstap_send_identity?"yes":"no");
printf("\tdnstap-send-version: %s\n", opt->dnstap_send_version?"yes":"no");
print_string_var("dnstap-identity:", opt->dnstap_identity);
@ -779,13 +791,6 @@ additional_checks(nsd_options_type* opt, const char* filename)
errors ++;
continue;
}
#ifndef ROOT_SERVER
/* Is it a root zone? Are we a root server then? Idiot proof. */
if(dname->label_count == 1) {
fprintf(stderr, "%s: not configured as a root server.\n", filename);
errors ++;
}
#endif
if(zone->pattern->allow_notify && !zone->pattern->request_xfr) {
fprintf(stderr, "%s: zone %s has allow-notify but no request-xfr"
" items. Where can it get a zone transfer when a notify "

2
usr.sbin/nsd/nsd-checkzone.8.in
View File

@ -1,4 +1,4 @@
.TH "nsd\-checkzone" "8" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1"
.TH "nsd\-checkzone" "8" "Jun 7, 2023" "NLnet Labs" "nsd 4.7.0"
.\" Copyright (c) 2014, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"

2
usr.sbin/nsd/nsd-control.8.in
View File

@ -1,4 +1,4 @@
.TH "nsd\-control" "8" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1"
.TH "nsd\-control" "8" "Jun 7, 2023" "NLnet Labs" "nsd 4.7.0"
.\" Copyright (c) 2011, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"

67
usr.sbin/nsd/nsd-control.c
View File

@ -44,10 +44,24 @@
#include "config.h"
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_SSL
struct region;
struct domain_table;
struct zone;
struct domain;
int zonec_parse_string(struct region* ATTR_UNUSED(region),
struct domain_table* ATTR_UNUSED(domains),
struct zone* ATTR_UNUSED(zone), char* ATTR_UNUSED(str),
struct domain** ATTR_UNUSED(parsed), int* ATTR_UNUSED(num_rrs))
{
return 0;
}
#include <sys/types.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#ifdef HAVE_SSL
#ifdef HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
@ -57,6 +71,7 @@
#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
#endif
#endif /* HAVE_SSL */
#ifdef HAVE_SYS_UN_H
#include <sys/un.h>
#endif
@ -70,20 +85,17 @@
#include "zonec.h"
static void usage(void) ATTR_NORETURN;
#ifdef HAVE_SSL
static void ssl_err(const char* s) ATTR_NORETURN;
static void ssl_path_err(const char* s, const char *path) ATTR_NORETURN;
#else
/* define SSL to use as a boolean to turn it off in function calls. */
#define SSL int
#endif
/** timeout to wait for connection over stream, in msec */
#define NSD_CONTROL_CONNECT_TIMEOUT 5000
int zonec_parse_string(region_type* ATTR_UNUSED(region),
domain_table_type* ATTR_UNUSED(domains), zone_type* ATTR_UNUSED(zone),
char* ATTR_UNUSED(str), domain_type** ATTR_UNUSED(parsed),
int* ATTR_UNUSED(num_rrs))
{
return 0;
}
/** Give nsd-control usage, and exit (1). */
static void
usage()
@ -130,6 +142,7 @@ usage()
exit(1);
}
#ifdef HAVE_SSL
/** exit with ssl error */
static void ssl_err(const char* s)
{
@ -203,6 +216,7 @@ setup_ctx(struct nsd_options* cfg)
return ctx;
}
#endif /* HAVE_SSL */
/** check connect error */
static void
@ -355,6 +369,7 @@ contact_server(const char* svr, struct nsd_options* cfg, int statuscmd)
return fd;
}
#ifdef HAVE_SSL
/** setup SSL on the connection */
static SSL*
setup_ssl(SSL_CTX* ctx, int fd)
@ -390,12 +405,14 @@ setup_ssl(SSL_CTX* ctx, int fd)
X509_free(x);
return ssl;
}
#endif /* HAVE_SSL */
/** read from ssl or fd, fatalexit on error, 0 EOF, 1 success */
static int
remote_read(SSL* ssl, int fd, char* buf, size_t len)
{
if(ssl) {
#ifdef HAVE_SSL
int r;
ERR_clear_error();
if((r = SSL_read(ssl, buf, (int)len-1)) <= 0) {
@ -406,6 +423,7 @@ remote_read(SSL* ssl, int fd, char* buf, size_t len)
ssl_err("could not SSL_read");
}
buf[r] = 0;
#endif /* HAVE_SSL */
} else {
ssize_t rr = read(fd, buf, len-1);
if(rr <= 0) {
@ -427,8 +445,10 @@ static void
remote_write(SSL* ssl, int fd, const char* buf, size_t len)
{
if(ssl) {
#ifdef HAVE_SSL
if(SSL_write(ssl, buf, (int)len) <= 0)
ssl_err("could not SSL_write");
#endif /* HAVE_SSL */
} else {
if(write(fd, buf, len) < (ssize_t)len) {
fprintf(stderr, "could not write: %s\n",
@ -492,8 +512,10 @@ go(const char* cfgfile, char* svr, int argc, char* argv[])
{
struct nsd_options* opt;
int fd, ret;
SSL_CTX* ctx;
SSL* ssl;
#ifdef HAVE_SSL
SSL_CTX* ctx = NULL;
#endif
SSL* ssl = NULL;
/* read config */
if(!(opt = nsd_options_create(region_create(xalloc, free)))) {
@ -508,18 +530,31 @@ go(const char* cfgfile, char* svr, int argc, char* argv[])
if(!opt->control_enable)
fprintf(stderr, "warning: control-enable is 'no' in the config file.\n");
resolve_interface_names(opt);
#ifdef HAVE_SSL
ctx = setup_ctx(opt);
#else
if(options_remote_is_address(opt)) {
fprintf(stderr, "error: NSD was compiled without SSL.\n");
exit(1);
}
#endif /* HAVE_SSL */
/* contact server */
fd = contact_server(svr, opt, argc>0&&strcmp(argv[0],"status")==0);
#ifdef HAVE_SSL
ssl = setup_ssl(ctx, fd);
#endif
/* send command */
ret = go_cmd(ssl, fd, argc, argv);
#ifdef HAVE_SSL
if(ssl) SSL_free(ssl);
#endif
close(fd);
#ifdef HAVE_SSL
if(ctx) SSL_CTX_free(ctx);
#endif
region_destroy(opt->region);
return ret;
}
@ -537,6 +572,7 @@ int main(int argc, char* argv[])
char* svr = NULL;
log_init("nsd-control");
#ifdef HAVE_SSL
#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
ERR_load_crypto_strings();
#endif
@ -569,6 +605,7 @@ int main(int argc, char* argv[])
RAND_seed(buf, 256);
fprintf(stderr, "warning: no entropy, seeding openssl PRNG with time\n");
}
#endif /* HAVE_SSL */
/* parse the options */
while( (c=getopt(argc, argv, "c:s:h")) != -1) {
@ -603,11 +640,3 @@ int main(int argc, char* argv[])
return go(cfgfile, svr, argc, argv);
}
#else /* HAVE_SSL */
int main(void)
{
printf("error: NSD was compiled without SSL.\n");
return 1;
}
#endif /* HAVE_SSL */

4
usr.sbin/nsd/nsd.8.in
View File

@ -1,9 +1,9 @@
.TH "NSD" "8" "Nov 10, 2022" "NLnet Labs" "NSD 4.6.1"
.TH "NSD" "8" "Jun 7, 2023" "NLnet Labs" "NSD 4.7.0"
.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
.B nsd
\- Name Server Daemon (NSD) version 4.6.1.
\- Name Server Daemon (NSD) version 4.7.0.
.SH "SYNOPSIS"
.B nsd
.RB [ \-4 ]

2
usr.sbin/nsd/nsd.c
View File

@ -1556,11 +1556,13 @@ main(int argc, char *argv[])
if(nsd.options->control_enable || (nsd.options->tls_service_key && nsd.options->tls_service_key[0])) {
perform_openssl_init();
}
#endif /* HAVE_SSL */
if(nsd.options->control_enable) {
/* read ssl keys while superuser and outside chroot */
if(!(nsd.rc = daemon_remote_create(nsd.options)))
error("could not perform remote control setup");
}
#if defined(HAVE_SSL)
if(nsd.options->tls_service_key && nsd.options->tls_service_key[0]
&& nsd.options->tls_service_pem && nsd.options->tls_service_pem[0]) {
if(!(nsd.tls_ctx = server_tls_ctx_create(&nsd, NULL,

19
usr.sbin/nsd/nsd.conf.5.in
View File

@ -1,4 +1,4 @@
.TH "nsd.conf" "5" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1"
.TH "nsd.conf" "5" "Jun 7, 2023" "NLnet Labs" "nsd 4.7.0"
.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
@ -1071,6 +1071,23 @@ for those messages to the server.
Sets the unix socket file name for connecting to the server that is
listening on that socket. Default is "@dnstap_socket_path@".
.TP
.B dnstap-ip:\fR <"" or addr[@port]>
If disabled with "", the socket path is used. With a value, like address or
address@port, like "127.0.0.1@3333" TCP or TLS is used. Default is "".
.TP
.B dnstap-tls:\fR <yes or no>
If enabled, TLS is used to the address specified in \fBdnstap-ip\fR. Otherwise,
TCP is used. Default is yes.
.TP
.B dnstap-tls-server-name:\fR <string>
The name for authenticating the upstream server. With "" disabled.
.TP
.B dnstap-tls-client-key-file:\fR <file name>
The key file for client authentication, or "" disabled.
.TP
.B dnstap-tls-client-cert-file:\fR <file name>
The cert file for client authentication, or "" disabled.
.TP
.B dnstap-send-identity:\fR <yes or no>
If enabled, the server identity is included in the log messages.
Default is no.

7
usr.sbin/nsd/nsd.conf.sample.in
View File

@ -301,6 +301,13 @@ verify:
# set this to yes and set one or more of dnstap-log-..-messages to yes.
# dnstap-enable: no
# dnstap-socket-path: "@dnstap_socket_path@"
# for dnstap-ip, "" is disabled, use TCP or TLS with like 127.0.0.1@3333
# dnstap-ip: ""
# dnstap-tls: yes
# dnstap-tls-server-name: ""
# dnstap-tls-cert-bundle: "path/to/bundle.pem"
# dnstap-tls-client-key-file: ""
# dnstap-tls-client-cert-file: ""
# dnstap-send-identity: no
# dnstap-send-version: no
# dnstap-identity: ""

6
usr.sbin/nsd/nsd.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _NSD_H_
#define _NSD_H_
#ifndef NSD_H
#define NSD_H
#include <signal.h>
#include <net/if.h>
@ -407,4 +407,4 @@ void perform_openssl_init(void);
#endif
ssize_t block_read(struct nsd* nsd, int s, void* p, ssize_t sz, int timeout);
#endif /* _NSD_H_ */
#endif /* NSD_H */

6
usr.sbin/nsd/options.c
View File

@ -117,6 +117,12 @@ nsd_options_create(region_type* region)
#ifdef USE_DNSTAP
opt->dnstap_enable = 0;
opt->dnstap_socket_path = DNSTAP_SOCKET_PATH;
opt->dnstap_ip = "";
opt->dnstap_tls = 1;
opt->dnstap_tls_server_name = NULL;
opt->dnstap_tls_cert_bundle = NULL;
opt->dnstap_tls_client_key_file = NULL;
opt->dnstap_tls_client_cert_file = NULL;
opt->dnstap_send_identity = 0;
opt->dnstap_send_version = 0;
opt->dnstap_identity = NULL;

12
usr.sbin/nsd/options.h
View File

@ -164,6 +164,18 @@ struct nsd_options {
int dnstap_enable;
/** dnstap socket path */
char* dnstap_socket_path;
/** dnstap IP, if "", it uses socket path. */
char* dnstap_ip;
/** dnstap TLS enable */
int dnstap_tls;
/** dnstap tls server authentication name */
char* dnstap_tls_server_name;
/** dnstap server cert bundle */
char* dnstap_tls_cert_bundle;
/** dnstap client key for client authentication */
char* dnstap_tls_client_key_file;
/** dnstap client cert for client authentication */
char* dnstap_tls_client_cert_file;
/** true to send "identity" via dnstap */
int dnstap_send_identity;
/** true to send "version" via dnstap */

6
usr.sbin/nsd/packet.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _PACKET_H_
#define _PACKET_H_
#ifndef PACKET_H
#define PACKET_H
#include <sys/types.h>
@ -202,4 +202,4 @@ int packet_read_query_section(buffer_type *packet,
* returns false on no-serial found or parse failure. */
int packet_find_notify_serial(buffer_type *packet, uint32_t* serial);
#endif /* _PACKET_H_ */
#endif /* PACKET_H */

6
usr.sbin/nsd/popen3.h
View File

@ -6,8 +6,8 @@
* See LICENSE for the license.
*
*/
#ifndef _POPEN3_H_
#define _POPEN3_H_
#ifndef POPEN3_H
#define POPEN3_H
#include <stdio.h>
#include <sys/types.h>
@ -24,4 +24,4 @@ pid_t popen3(char *const *command,
int *fdoutptr,
int *fderrptr);
#endif /* _POPEN3_H_ */
#endif /* POPEN3_H */

6
usr.sbin/nsd/query.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _QUERY_H_
#define _QUERY_H_
#ifndef QUERY_H
#define QUERY_H
#include <assert.h>
#include <string.h>
@ -230,4 +230,4 @@ query_overflow(query_type *q)
{
return buffer_position(q->packet) > (q->maxlen - q->reserved_space);
}
#endif /* _QUERY_H_ */
#endif /* QUERY_H */

6
usr.sbin/nsd/rbtree.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _RBTREE_H_
#define _RBTREE_H_
#ifndef RBTREE_H
#define RBTREE_H
#include "region-allocator.h"
@ -73,4 +73,4 @@ rbnode_type *rbtree_previous(rbnode_type *rbtree);
(rbnode_type*)node != RBTREE_NULL; \
node = (type)rbtree_next((rbnode_type*)node))
#endif /* _RBTREE_H_ */
#endif /* RBTREE_H */

6
usr.sbin/nsd/rdata.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _RDATA_H_
#define _RDATA_H_
#ifndef RDATA_H
#define RDATA_H
#include "dns.h"
#include "namedb.h"
@ -58,4 +58,4 @@ int rdata_atoms_to_unknown_string(buffer_type *out,
int print_rdata(buffer_type *output, rrtype_descriptor_type *descriptor,
rr_type *record);
#endif /* _DNS_H_ */
#endif /* RDATA_H */

6
usr.sbin/nsd/region-allocator.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _REGION_ALLOCATOR_H_
#define _REGION_ALLOCATOR_H_
#ifndef REGION_ALLOCATOR_H
#define REGION_ALLOCATOR_H
#include <stdio.h>
@ -150,4 +150,4 @@ size_t region_get_mem_unused(region_type* region);
/* Debug print REGION statistics to LOG. */
void region_log_stats(region_type *region);
#endif /* _REGION_ALLOCATOR_H_ */
#endif /* REGION_ALLOCATOR_H */

66
usr.sbin/nsd/remote.c
View File

@ -43,10 +43,10 @@
* Both the server and the client(control tool) have their own keys.
*/
#include "config.h"
#ifdef HAVE_SSL
#ifdef HAVE_SSL
#ifdef HAVE_OPENSSL_SSL_H
#include "openssl/ssl.h"
#include <openssl/ssl.h>
#endif
#ifdef HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
@ -54,10 +54,12 @@
#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
#endif
#endif /* HAVE_SSL */
#include <ctype.h>
#include <unistd.h>
#include <assert.h>
#include <fcntl.h>
#include <errno.h>
#ifndef USE_MINI_EVENT
# ifdef HAVE_EVENT_H
# include <event.h>
@ -121,8 +123,10 @@ struct rc_state {
struct timeval tval;
/** in the handshake part */
enum { rc_none, rc_hs_read, rc_hs_write } shake_state;
#ifdef HAVE_SSL
/** the ssl state */
SSL* ssl;
#endif
/** file descriptor */
int fd;
/** the rc this is part of */
@ -165,16 +169,20 @@ struct daemon_remote {
struct rc_state* stats_list;
/** last time stats was reported */
struct timeval stats_time, boot_time;
#ifdef HAVE_SSL
/** the SSL context for creating new SSL streams */
SSL_CTX* ctx;
#endif
};
/**
* Connection to print to, either SSL or plain over fd
*/
struct remote_stream {
#ifdef HAVE_SSL
/** SSL structure, nonNULL if using SSL */
SSL* ssl;
#endif
/** file descriptor for plain transfer */
int fd;
};
@ -218,7 +226,7 @@ remote_control_callback(int fd, short event, void* arg);
/** ---- end of private defines ---- **/
#ifdef HAVE_SSL
/** log ssl crypto err */
static void
log_crypto_err(const char* str)
@ -233,6 +241,7 @@ log_crypto_err(const char* str)
log_msg(LOG_ERR, "and additionally crypto %s", buf);
}
}
#endif /* HAVE_SSL */
#ifdef BIND8_STATS
/** subtract timers and the values do not overflow or become negative */
@ -252,6 +261,7 @@ timeval_subtract(struct timeval* d, const struct timeval* end,
}
#endif /* BIND8_STATS */
#ifdef HAVE_SSL
static int
remote_setup_ctx(struct daemon_remote* rc, struct nsd_options* cfg)
{
@ -264,6 +274,7 @@ remote_setup_ctx(struct daemon_remote* rc, struct nsd_options* cfg)
}
return 1;
}
#endif /* HAVE_SSL */
struct daemon_remote*
daemon_remote_create(struct nsd_options* cfg)
@ -274,14 +285,20 @@ daemon_remote_create(struct nsd_options* cfg)
assert(cfg->control_enable);
if(options_remote_is_address(cfg)) {
#ifdef HAVE_SSL
if(!remote_setup_ctx(rc, cfg)) {
daemon_remote_delete(rc);
return NULL;
}
rc->use_cert = 1;
#else
log_msg(LOG_ERR, "Could not setup remote control: NSD was compiled without SSL.");
#endif /* HAVE_SSL */
} else {
struct ip_address_option* o;
#ifdef HAVE_SSL
rc->ctx = NULL;
#endif
rc->use_cert = 0;
for(o = cfg->control_interface; o; o = o->next) {
if(o->address && o->address[0] != '/')
@ -328,8 +345,10 @@ void daemon_remote_close(struct daemon_remote* rc)
np = p->next;
if(p->event_added)
event_del(&p->c);
#ifdef HAVE_SSL
if(p->ssl)
SSL_free(p->ssl);
#endif
close(p->c.ev_fd);
free(p);
p = np;
@ -342,9 +361,11 @@ void daemon_remote_delete(struct daemon_remote* rc)
{
if(!rc) return;
daemon_remote_close(rc);
#ifdef HAVE_SSL
if(rc->ctx) {
SSL_CTX_free(rc->ctx);
}
#endif
free(rc);
}
@ -639,6 +660,7 @@ remote_accept_callback(int fd, short event, void* arg)
}
}
#ifdef HAVE_SSL
if(rc->ctx) {
n->shake_state = rc_hs_read;
n->ssl = SSL_new(rc->ctx);
@ -660,6 +682,7 @@ remote_accept_callback(int fd, short event, void* arg)
} else {
n->ssl = NULL;
}
#endif /* HAVE_SSL */
n->rc = rc;
n->stats_next = NULL;
@ -717,10 +740,12 @@ clean_point(struct daemon_remote* rc, struct rc_state* s)
rc->active --;
if(s->event_added)
event_del(&s->c);
#ifdef HAVE_SSL
if(s->ssl) {
SSL_shutdown(s->ssl);
SSL_free(s->ssl);
}
#endif /* HAVE_SSL */
close(s->c.ev_fd);
free(s);
}
@ -728,10 +753,11 @@ clean_point(struct daemon_remote* rc, struct rc_state* s)
static int
ssl_print_text(RES* res, const char* text)
{
int r;
if(!res)
return 0;
#ifdef HAVE_SSL
if(res->ssl) {
int r;
ERR_clear_error();
if((r=SSL_write(res->ssl, text, (int)strlen(text))) <= 0) {
if(SSL_get_error(res->ssl, r) == SSL_ERROR_ZERO_RETURN) {
@ -743,12 +769,15 @@ ssl_print_text(RES* res, const char* text)
return 0;
}
} else {
#endif /* HAVE_SSL */
if(write_socket(res->fd, text, strlen(text)) <= 0) {
log_msg(LOG_ERR, "could not write: %s",
strerror(errno));
return 0;
}
#ifdef HAVE_SSL
}
#endif /* HAVE_SSL */
return 1;
}
@ -776,14 +805,15 @@ ssl_printf(RES* ssl, const char* format, ...)
static int
ssl_read_line(RES* res, char* buf, size_t max)
{
int r;
size_t len = 0;
if(!res)
return 0;
while(len < max) {
buf[len] = 0; /* terminate for safety and please checkers */
/* this byte is written if we read a byte from the input */
#ifdef HAVE_SSL
if(res->ssl) {
int r;
ERR_clear_error();
if((r=SSL_read(res->ssl, buf+len, 1)) <= 0) {
if(SSL_get_error(res->ssl, r) == SSL_ERROR_ZERO_RETURN) {
@ -794,6 +824,7 @@ ssl_read_line(RES* res, char* buf, size_t max)
return 0;
}
} else {
#endif /* HAVE_SSL */
while(1) {
ssize_t rr = read(res->fd, buf+len, 1);
if(rr <= 0) {
@ -809,7 +840,9 @@ ssl_read_line(RES* res, char* buf, size_t max)
}
break;
}
#ifdef HAVE_SSL
}
#endif /* HAVE_SSL */
if(buf[len] == '\n') {
/* return string without \n */
buf[len] = 0;
@ -1212,8 +1245,11 @@ do_stats(struct daemon_remote* rc, int peek, struct rc_state* rs)
/* force a reload */
xfrd_set_reload_now(xfrd);
#else
RES res;
res.ssl = rs->ssl;
res.fd = rs->fd;
(void)rc; (void)peek;
(void)ssl_printf(rs->ssl, "error no stats enabled at compile time\n");
(void)ssl_printf(&res, "error no stats enabled at compile time\n");
#endif /* BIND8_STATS */
}
@ -2403,6 +2439,7 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res)
}
/* try to read magic UBCT[version]_space_ string */
#ifdef HAVE_SSL
if(res->ssl) {
ERR_clear_error();
if((r=SSL_read(res->ssl, magic, (int)sizeof(magic)-1)) <= 0) {
@ -2412,6 +2449,7 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res)
return;
}
} else {
#endif /* HAVE_SSL */
while(1) {
ssize_t rr = read(res->fd, magic, sizeof(magic)-1);
if(rr <= 0) {
@ -2424,7 +2462,9 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res)
r = (int)rr;
break;
}
#ifdef HAVE_SSL
}
#endif /* HAVE_SSL */
magic[7] = 0;
if( r != 7 || strncmp(magic, "NSDCT", 5) != 0) {
VERBOSITY(2, (LOG_INFO, "control connection has bad header"));
@ -2450,6 +2490,7 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res)
execute_cmd(rc, res, buf, s);
}
#ifdef HAVE_SSL
/** handle SSL_do_handshake changes to the file descriptor to wait for later */
static void
remote_handshake_later(struct daemon_remote* rc, struct rc_state* s, int fd,
@ -2492,6 +2533,7 @@ remote_handshake_later(struct daemon_remote* rc, struct rc_state* s, int fd,
clean_point(rc, s);
}
}
#endif /* HAVE_SSL */
static void
remote_control_callback(int fd, short event, void* arg)
@ -2499,14 +2541,15 @@ remote_control_callback(int fd, short event, void* arg)
RES res;
struct rc_state* s = (struct rc_state*)arg;
struct daemon_remote* rc = s->rc;
int r;
if( (event&EV_TIMEOUT) ) {
log_msg(LOG_ERR, "remote control timed out");
clean_point(rc, s);
return;
}
#ifdef HAVE_SSL
if(s->ssl) {
/* (continue to) setup the SSL connection */
int r;
ERR_clear_error();
r = SSL_do_handshake(s->ssl);
if(r != 1) {
@ -2516,10 +2559,12 @@ remote_control_callback(int fd, short event, void* arg)
}
s->shake_state = rc_none;
}
#endif /* HAVE_SSL */
/* once handshake has completed, check authentication */
if (!rc->use_cert) {
VERBOSITY(3, (LOG_INFO, "unauthenticated remote control connection"));
#ifdef HAVE_SSL
} else if(SSL_get_verify_result(s->ssl) == X509_V_OK) {
X509* x = SSL_get_peer_certificate(s->ssl);
if(!x) {
@ -2530,6 +2575,7 @@ remote_control_callback(int fd, short event, void* arg)
}
VERBOSITY(3, (LOG_INFO, "remote control connection authenticated"));
X509_free(x);
#endif /* HAVE_SSL */
} else {
VERBOSITY(2, (LOG_INFO, "remote control connection failed to "
"authenticate with client certificate"));
@ -2538,7 +2584,9 @@ remote_control_callback(int fd, short event, void* arg)
}
/* if OK start to actually handle the request */
#ifdef HAVE_SSL
res.ssl = s->ssl;
#endif /* HAVE_SSL */
res.fd = fd;
handle_req(rc, s, &res);
@ -2833,7 +2881,9 @@ daemon_remote_process_stats(struct daemon_remote* rc)
/* pop one and give it stats */
while((s = rc->stats_list)) {
assert(s->in_stats_list);
#ifdef HAVE_SSL
res.ssl = s->ssl;
#endif
res.fd = s->fd;
print_stats(&res, rc->xfrd, &now, (s->in_stats_list == 1));
if(s->in_stats_list == 1) {
@ -2908,5 +2958,3 @@ err:
return -1;
#endif
}
#endif /* HAVE_SSL */

19
usr.sbin/nsd/server.c
View File

@ -1532,8 +1532,8 @@ server_shutdown(struct nsd *nsd)
}
tsig_finalize();
#ifdef HAVE_SSL
daemon_remote_delete(nsd->rc); /* ssl-delete secret keys */
#ifdef HAVE_SSL
if (nsd->tls_ctx)
SSL_CTX_free(nsd->tls_ctx);
#endif
@ -1709,9 +1709,7 @@ server_send_soa_xfrd(struct nsd* nsd, int shortsoa)
log_msg(LOG_WARNING, "signal received, shutting down...");
server_close_all_sockets(nsd->udp, nsd->ifs);
server_close_all_sockets(nsd->tcp, nsd->ifs);
#ifdef HAVE_SSL
daemon_remote_close(nsd->rc);
#endif
/* Unlink it if possible... */
unlinkpid(nsd->pidfile);
unlink(nsd->task[0]->fname);
@ -2810,9 +2808,7 @@ server_main(struct nsd *nsd)
/* close opened ports to avoid race with restart of nsd */
server_close_all_sockets(nsd->udp, nsd->ifs);
server_close_all_sockets(nsd->tcp, nsd->ifs);
#ifdef HAVE_SSL
daemon_remote_close(nsd->rc);
#endif
send_children_quit_and_wait(nsd);
/* Unlink it if possible... */
@ -2926,11 +2922,13 @@ nsd_event_method(void)
return "select";
#else
struct event_base* b = nsd_child_event_base();
const char* m = "?";
const char* m;
# ifdef EV_FEATURE_BACKENDS
m = ub_ev_backend2str(ev_backend((struct ev_loop*)b));
# elif defined(HAVE_EVENT_BASE_GET_METHOD)
m = event_base_get_method(b);
# else
m = "?";
# endif
# ifdef MEMCLEAN
event_base_free(b);
@ -3040,7 +3038,11 @@ void server_verify(struct nsd *nsd, int cmdsocket)
nsd->verifier_count = 0;
nsd->verifier_limit = nsd->options->verifier_count;
size = sizeof(struct verifier) * nsd->verifier_limit;
pipe(nsd->verifier_pipe);
if(pipe(nsd->verifier_pipe) == -1) {
log_msg(LOG_ERR, "verify: could not create pipe: %s",
strerror(errno));
goto fail_pipe;
}
fcntl(nsd->verifier_pipe[0], F_SETFD, FD_CLOEXEC);
fcntl(nsd->verifier_pipe[1], F_SETFD, FD_CLOEXEC);
nsd->verifiers = region_alloc_zero(nsd->server_region, size);
@ -3130,9 +3132,10 @@ void server_verify(struct nsd *nsd, int cmdsocket)
assert(nsd->next_zone_to_verify == NULL || nsd->mode == NSD_QUIT);
assert(nsd->verifier_count == 0 || nsd->mode == NSD_QUIT);
fail:
event_base_free(nsd->event_base);
close(nsd->verifier_pipe[0]);
close(nsd->verifier_pipe[1]);
fail_pipe:
event_base_free(nsd->event_base);
region_destroy(nsd->server_region);
nsd->event_base = NULL;

6
usr.sbin/nsd/tsig-openssl.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _TSIG_OPENSSL_H_
#define _TSIG_OPENSSL_H_
#ifndef TSIG_OPENSSL_H
#define TSIG_OPENSSL_H
#if defined(HAVE_SSL)
@ -26,4 +26,4 @@ void tsig_openssl_finalize(void);
#endif /* defined(HAVE_SSL) */
#endif /* _TSIG_H_ */
#endif /* TSIG_OPENSSL_H */

6
usr.sbin/nsd/tsig.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _TSIG_H_
#define _TSIG_H_
#ifndef TSIG_H
#define TSIG_H
#include <sys/types.h>
#include <sys/socket.h>
@ -289,4 +289,4 @@ int tsig_strlowercmp(const char* str1, const char* str2);
*/
void tsig_finalize(void);
#endif /* _TSIG_H_ */
#endif /* TSIG_H */

6
usr.sbin/nsd/util.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _UTIL_H_
#define _UTIL_H_
#ifndef UTIL_H
#define UTIL_H
#include <sys/time.h>
#include <stdarg.h>
@ -451,4 +451,4 @@ void activate_cookie_secret(struct nsd* nsd);
/* Drop a cookie secret. Drops the staging secret. An active secret will not
* be dropped. */
void drop_cookie_secret(struct nsd* nsd);
#endif /* _UTIL_H_ */
#endif /* UTIL_H */

9
usr.sbin/nsd/verify.c
View File

@ -112,11 +112,11 @@ static inline size_t print_line(struct verifier_stream *stream, int eof)
return 0;
if (len > LOGLINELEN) {
fmt = stream->cut ? ".. %.*s .." : "%.*s ..";
fmt = stream->cut ? "verifier: .. %.*s .." : "verifier: %.*s ..";
len = LOGLINELEN; // remainder printed next iteration
stream->cut = 1;
} else {
fmt = stream->cut ? ".. %.*s" : "%.*s";
fmt = stream->cut ? "verifier: .. %.*s" : "verifier: %.*s";
stream->cut = 0;
}
log_msg(stream->priority, fmt, len, stream->buf + stream->off);
@ -274,7 +274,10 @@ void verify_handle_signal(int sig, short event, void *arg)
assert(arg != NULL);
nsd = (struct nsd *)arg;
(void)write(nsd->verifier_pipe[1], buf, sizeof(buf));
if(write(nsd->verifier_pipe[1], buf, sizeof(buf)) == -1) {
log_msg(LOG_ERR, "verify_handle_signal: write failed: %s",
strerror(errno));
}
}
/*

6
usr.sbin/nsd/verify.h
View File

@ -5,8 +5,8 @@
*
* See LICENSE for the license.
*/
#ifndef _VERIFY_H_
#define _VERIFY_H_
#ifndef VERIFY_H
#define VERIFY_H
#ifndef USE_MINI_EVENT
# ifdef HAVE_EVENT_H
@ -77,4 +77,4 @@ void verify_handle_exit(int fd, short event, void *arg);
void verify_handle_command(int fd, short event, void *arg);
#endif /* _VERIFY_H_ */
#endif /* VERIFY_H */

12
usr.sbin/nsd/xfrd-disk.c
View File

@ -329,13 +329,13 @@ xfrd_read_state(struct xfrd_state* xfrd)
incoming_soa = zone->soa_nsd;
incoming_acquired = zone->soa_nsd_acquired;
zone->soa_nsd = soa_nsd_read;
zone->soa_disk = soa_disk_read;
zone->soa_notified = soa_notified_read;
zone->soa_nsd_acquired = soa_nsd_acquired_read;
/* we had better use what we got from starting NSD, not
* what we store in this file, because the actual zone
* contents trumps the contents of this cache */
/* zone->soa_disk_acquired = soa_disk_acquired_read; */
/* use soa and soa_acquired from starting NSD, not what is stored in
* the state file, because the actual zone contents trumps the contents
* of this cache */
zone->soa_disk = incoming_soa;
zone->soa_disk_acquired = incoming_acquired;
zone->soa_notified = soa_notified_read;
zone->soa_notified_acquired = soa_notified_acquired_read;
if (zone->state == xfrd_zone_expired)
{

19
usr.sbin/nsd/xfrd-tcp.c
View File

@ -1268,9 +1268,12 @@ conn_read_ssl(struct xfrd_tcp* tcp, SSL* ssl)
}
if(err == SSL_ERROR_ZERO_RETURN) {
/* EOF */
return 0;
return -1;
}
log_msg(LOG_ERR, "ssl_read returned error %d with received %zd", err, received);
if(err == SSL_ERROR_SYSCALL)
log_msg(LOG_ERR, "ssl_read returned error SSL_ERROR_SYSCALL with received %zd: %s", received, strerror(errno));
else
log_msg(LOG_ERR, "ssl_read returned error %d with received %zd", err, received);
}
if(received == -1) {
if(errno == EAGAIN || errno == EINTR) {
@ -1317,9 +1320,12 @@ conn_read_ssl(struct xfrd_tcp* tcp, SSL* ssl)
int err = SSL_get_error(ssl, received);
if(err == SSL_ERROR_ZERO_RETURN) {
/* EOF */
return 0;
return -1;
}
log_msg(LOG_ERR, "ssl_read returned error %d with received %zd", err, received);
if(err == SSL_ERROR_SYSCALL)
log_msg(LOG_ERR, "ssl_read returned error SSL_ERROR_SYSCALL with received %zd: %s", received, strerror(errno));
else
log_msg(LOG_ERR, "ssl_read returned error %d with received %zd", err, received);
}
if(received == -1) {
if(errno == EAGAIN || errno == EINTR) {
@ -1462,7 +1468,10 @@ xfrd_tcp_read(struct xfrd_tcp_pipeline* tp)
#endif
ret = conn_read(tcp);
if(ret == -1) {
log_msg(LOG_ERR, "xfrd: failed reading tcp %s", strerror(errno));
if(errno != 0)
log_msg(LOG_ERR, "xfrd: failed reading tcp %s", strerror(errno));
else
log_msg(LOG_ERR, "xfrd: failed reading tcp: closed");
xfrd_tcp_pipe_stop(tp);
return;
}

29
usr.sbin/nsd/xfrd.c
View File

@ -15,6 +15,7 @@
#include <errno.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <inttypes.h>
#include "xfrd.h"
#include "xfrd-tcp.h"
#include "xfrd-disk.h"
@ -196,9 +197,7 @@ xfrd_init(int socket, struct nsd* nsd, int shortsoa, int reload_active,
xfrd->notify_waiting_last = NULL;
xfrd->notify_udp_num = 0;
#ifdef HAVE_SSL
daemon_remote_attach(xfrd->nsd->rc, xfrd);
#endif
xfrd->tcp_set = xfrd_tcp_set_create(xfrd->region, nsd->options->tls_cert_bundle, nsd->options->xfrd_tcp_max, nsd->options->xfrd_tcp_pipeline);
xfrd->tcp_set->tcp_timeout = nsd->tcp_timeout;
@ -357,9 +356,7 @@ xfrd_shutdown()
if(xfrd->nsd->options->zonefiles_write) {
event_del(&xfrd->write_timer);
}
#ifdef HAVE_SSL
daemon_remote_close(xfrd->nsd->rc); /* close sockets of rc */
#endif
/* close sockets */
RBTREE_FOR(zone, xfrd_zone_type*, xfrd->zones)
{
@ -406,8 +403,8 @@ xfrd_shutdown()
/* unlink xfr files in not-yet-done task file */
xfrd_clean_pending_tasks(xfrd->nsd, xfrd->nsd->task[xfrd->nsd->mytask]);
xfrd_del_tempdir(xfrd->nsd);
#ifdef HAVE_SSL
daemon_remote_delete(xfrd->nsd->rc); /* ssl-delete secret keys */
#ifdef HAVE_SSL
if (xfrd->nsd->tls_ctx)
SSL_CTX_free(xfrd->nsd->tls_ctx);
# ifdef HAVE_TLS_1_3
@ -1300,7 +1297,7 @@ xfrd_handle_incoming_soa(xfrd_zone_type* zone,
return;
if(zone->soa_disk_acquired) {
int cmp = compare_serial(soa->serial, zone->soa_disk.serial);
int cmp = compare_serial(ntohl(soa->serial), ntohl(zone->soa_disk.serial));
/* soa is from an update if serial equals soa_disk.serial or
serial is less than soa_disk.serial and the acquired time is
@ -1317,9 +1314,17 @@ xfrd_handle_incoming_soa(xfrd_zone_type* zone,
}
/* soa in disk has been loaded in memory */
log_msg(LOG_INFO, "zone %s serial %u is updated to %u",
zone->apex_str, (unsigned)ntohl(zone->soa_nsd.serial),
(unsigned)ntohl(soa->serial));
{
uint32_t soa_serial, soa_nsd_serial;
soa_serial = ntohl(soa->serial);
soa_nsd_serial = ntohl(zone->soa_nsd.serial);
if (compare_serial(soa_serial, soa_nsd_serial) > 0)
log_msg(LOG_INFO, "zone %s serial %"PRIu32" is updated to %"PRIu32,
zone->apex_str, soa_nsd_serial, soa_serial);
else
log_msg(LOG_INFO, "zone %s serial is updated to %"PRIu32,
zone->apex_str, soa_serial);
}
zone->soa_nsd = *soa;
zone->soa_nsd_acquired = acquired;
xfrd->write_zonefile_needed = 1;
@ -2356,8 +2361,8 @@ xfrd_handle_received_xfr_packet(xfrd_zone_type* zone, buffer_type* packet)
zone->soa_disk = soa;
if(zone->soa_notified_acquired && (
zone->soa_notified.serial == 0 ||
compare_serial(htonl(zone->soa_disk.serial),
htonl(zone->soa_notified.serial)) >= 0))
compare_serial(ntohl(zone->soa_disk.serial),
ntohl(zone->soa_notified.serial)) >= 0))
{
zone->soa_notified_acquired = 0;
}
@ -2691,9 +2696,7 @@ xfrd_process_stat_info_task(xfrd_state_type* xfrd, struct task_list_d* task)
xfrd->nsd->children[i].query_count += *p++;
}
/* got total, now see if users are interested in these statistics */
#ifdef HAVE_SSL
daemon_remote_process_stats(xfrd->nsd->rc);
#endif
}
#endif /* BIND8_STATS */

8
usr.sbin/nsd/zonec.c
View File

@ -2209,14 +2209,6 @@ zonec_read(const char* name, const char* zonefile, zone_type* zone)
return 1;
}
#ifndef ROOT_SERVER
/* Is it a root zone? Are we a root server then? Idiot proof. */
if (dname->label_count == 1) {
zc_error("not configured as a root server");
return 1;
}
#endif
/* Open the zone file */
if (!zone_open(zonefile, 3600, CLASS_IN, dname)) {
zc_error("cannot open '%s': %s", zonefile, strerror(errno));

6
usr.sbin/nsd/zonec.h
View File

@ -7,8 +7,8 @@
*
*/
#ifndef _ZONEC_H_
#define _ZONEC_H_
#ifndef ZONEC_H
#define ZONEC_H
#include "namedb.h"
@ -150,4 +150,4 @@ void check_sshfp(void);
void apex_rrset_checks(struct namedb* db, rrset_type* rrset,
domain_type* domain);
#endif /* _ZONEC_H_ */
#endif /* ZONEC_H */

5
usr.sbin/relayd/pfe_filter.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pfe_filter.c,v 1.62 2017/05/28 10:39:15 benno Exp $ */
/* $OpenBSD: pfe_filter.c,v 1.63 2023/06/30 12:16:00 sashan Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@ -632,7 +632,8 @@ check_table(struct relayd *env, struct rdr *rdr, struct table *table)
goto toolong;
if (ioctl(env->sc_pf->dev, DIOCRGETTSTATS, &io) == -1)
fatal("%s: cannot get table stats", __func__);
fatal("%s: cannot get table stats for %s@%s", __func__,
io.pfrio_table.pfrt_name, io.pfrio_table.pfrt_anchor);
return (tstats.pfrts_match);