Upgrade unbound library

These files were pulled from the 1.6.3 release tarball.

This new version builds against OpenSSL version 1.1 which will be
the default in the new Debian Stable which is due to be released
RealSoonNow (tm).

1 files changed, 262 insertions, 2 deletions

diff --git a/external/unbound/util/config_file.h b/external/unbound/util/config_file.h
index 8fa163ed7..79b094894 100644
--- a/external/unbound/util/config_file.h
+++ b/external/unbound/util/config_file.h
@@ -42,11 +42,15 @@
 #ifndef UTIL_CONFIG_FILE_H
 #define UTIL_CONFIG_FILE_H
 struct config_stub;
+struct config_view;
 struct config_strlist;
 struct config_str2list;
+struct config_str3list;
+struct config_strbytelist;
 struct module_qstate;
 struct sock_list;
 struct ub_packed_rrset_key;
+struct regional;
 
 /**
  * The configuration options.
@@ -72,12 +76,18 @@ struct config_file {
 	int do_ip4;
 	/** do ip6 query support. */
 	int do_ip6;
+	/** prefer ip6 upstream queries. */
+	int prefer_ip6;
 	/** do udp query support. */
 	int do_udp;
 	/** do tcp query support. */
 	int do_tcp;
 	/** tcp upstream queries (no UDP upstream queries) */
 	int tcp_upstream;
+	/** maximum segment size of tcp socket which queries are answered */
+	int tcp_mss;
+	/** maximum segment size of tcp socket for outgoing queries */
+	int outgoing_tcp_mss;
 
 	/** private key file for dnstcp-ssl service (enabled if not NULL) */
 	char* ssl_service_key;
@@ -138,6 +148,8 @@ struct config_file {
 	int so_reuseport;
 	/** IP_TRANSPARENT socket option requested on port 53 sockets */
 	int ip_transparent;
+	/** IP_FREEBIND socket option request on port 53 sockets */
+	int ip_freebind;
 
 	/** number of interfaces to open. If 0 default all interfaces. */
 	int num_ifs;
@@ -156,8 +168,22 @@ struct config_file {
 	struct config_stub* stubs;
 	/** the forward zone definitions, linked list */
 	struct config_stub* forwards;
+	/** the views definitions, linked list */
+	struct config_view* views;
 	/** list of donotquery addresses, linked list */
 	struct config_strlist* donotqueryaddrs;
+#ifdef CLIENT_SUBNET
+	/** list of servers we send edns-client-subnet option to and 
+	 * accept option from, linked list */
+	struct config_strlist* client_subnet;
+	/** opcode assigned by IANA for edns0-client-subnet option */
+	uint16_t client_subnet_opcode;
+	/** Do not check whitelist if incoming query contains an ECS record */
+	int client_subnet_always_forward;
+	/** Subnet length we are willing to give up privacy for */
+	uint8_t max_client_subnet_ipv4;
+	uint8_t max_client_subnet_ipv6;
+#endif
 	/** list of access control entries, linked list */
 	struct config_str2list* acls;
 	/** use default localhost donotqueryaddr entries */
@@ -215,11 +241,17 @@ struct config_file {
 	int log_time_ascii;
 	/** log queries with one line per query */
 	int log_queries;
+	/** log replies with one line per reply */
+	int log_replies;
+	/** log identity to report */
+	char* log_identity;
 
 	/** do not report identity (id.server, hostname.bind) */
 	int hide_identity;
 	/** do not report version (version.server, version.bind) */
 	int hide_version;
+	/** do not report trustanchor (trustanchor.unbound) */
+	int hide_trustanchor;
 	/** identity, hostname is returned if "". */
 	char* identity;
 	/** version, package version returned if "". */
@@ -261,6 +293,8 @@ struct config_file {
 	int val_permissive_mode;
 	/** ignore the CD flag in incoming queries and refuse them bogus data */
 	int ignore_cd;
+	/** serve expired entries and prefetch them */
+	int serve_expired;
 	/** nsec3 maximum iterations per key size, string */
 	char* val_nsec3_key_iterations;
 	/** autotrust add holddown time, in seconds */
@@ -285,8 +319,32 @@ struct config_file {
 	struct config_strlist* local_zones_nodefault;
 	/** local data RRs configured */
 	struct config_strlist* local_data;
-	/** unblock lan zones (reverse lookups for 10/8 and so on) */
+	/** local zone override types per netblock */
+	struct config_str3list* local_zone_overrides;
+	/** unblock lan zones (reverse lookups for AS112 zones) */
 	int unblock_lan_zones;
+	/** insecure lan zones (don't validate AS112 zones) */
+	int insecure_lan_zones;
+	/** list of zonename, tagbitlist */
+	struct config_strbytelist* local_zone_tags;
+	/** list of aclname, tagbitlist */
+	struct config_strbytelist* acl_tags;
+	/** list of aclname, tagname, localzonetype */
+	struct config_str3list* acl_tag_actions;
+	/** list of aclname, tagname, redirectdata */
+	struct config_str3list* acl_tag_datas;
+	/** list of aclname, view*/
+	struct config_str2list* acl_view;
+	/** list of IP-netblock, tagbitlist */
+	struct config_strbytelist* respip_tags;
+	/** list of response-driven access control entries, linked list */
+	struct config_str2list* respip_actions;
+	/** RRs configured for response-driven access controls */
+	struct config_str2list* respip_data;
+	/** tag list, array with tagname[i] is malloced string */
+	char** tagname;
+	/** number of items in the taglist */
+	int num_tags;
 
 	/** remote control section. enable toggle. */
 	int remote_control_enable;
@@ -308,6 +366,9 @@ struct config_file {
 	/** Python script file */
 	char* python_script;
 
+	/** Use systemd socket activation. */
+	int use_systemd;
+
 	/** daemonize, i.e. fork into the background. */
 	int do_daemonize;
 
@@ -352,7 +413,19 @@ struct config_file {
 	/** true to log dnstap FORWARDER_RESPONSE message events */
 	int dnstap_log_forwarder_response_messages;
 
-	/** ratelimit 0 is off, otherwise qps (unless overridden) */
+	/** true to disable DNSSEC lameness check in iterator */
+	int disable_dnssec_lame_check;
+
+	/** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */
+	int ip_ratelimit;
+	/** number of slabs for ip_ratelimit cache */
+	size_t ip_ratelimit_slabs;
+	/** memory size in bytes for ip_ratelimit cache */
+	size_t ip_ratelimit_size;
+	/** ip_ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */
+	int ip_ratelimit_factor;
+
+	/** ratelimit for domains. 0 is off, otherwise qps (unless overridden) */
 	int ratelimit;
 	/** number of slabs for ratelimit cache */
 	size_t ratelimit_slabs;
@@ -366,6 +439,25 @@ struct config_file {
 	int ratelimit_factor;
 	/** minimise outgoing QNAME and hide original QTYPE if possible */
 	int qname_minimisation;
+	/** minimise QNAME in strict mode, minimise according to RFC.
+	 *  Do not apply fallback */
+	int qname_minimisation_strict;
+	/** SHM data - true if shm is enabled */
+	int shm_enable;
+	/** SHM data - key for the shm */
+	int shm_key;
+
+	/** DNSCrypt */
+	/** true to enable dnscrypt */
+	int dnscrypt;
+	/** port on which to provide dnscrypt service */
+	int dnscrypt_port;
+	/** provider name 2.dnscrypt-cert.example.com */
+	char* dnscrypt_provider;
+	/** dnscrypt secret keys 1.key */
+	struct config_strlist* dnscrypt_secret_key;
+	/** dnscrypt provider certs 1.cert */
+	struct config_strlist* dnscrypt_provider_cert;
 };
 
 /** from cfg username, after daemonise setup performed */
@@ -391,6 +483,31 @@ struct config_stub {
 	int isprime;
 	/** if forward-first is set (failover to without if fails) */
 	int isfirst;
+	/** use SSL for queries to this stub */
+	int ssl_upstream;
+};
+
+/**
+ * View config options
+ */
+struct config_view {
+	/** next in list */
+	struct config_view* next;
+	/** view name */
+	char* name;
+	/** local zones */
+	struct config_str2list* local_zones;
+	/** local data RRs */
+	struct config_strlist* local_data;
+	/** local zones nodefault list */
+	struct config_strlist* local_zones_nodefault;
+	/** Fallback to global local_zones when there is no match in the view
+	 * view specific tree. 1 for yes, 0 for no */	
+	int isfirst;
+	/** predefined actions for particular IP address responses */
+	struct config_str2list* respip_actions;
+	/** data complementing the 'redirect' response IP actions */
+	struct config_str2list* respip_data;
 };
 
 /**
@@ -415,6 +532,34 @@ struct config_str2list {
 	char* str2;
 };
 
+/**
+ * List of three strings for config options
+ */
+struct config_str3list {
+	/** next item in list */
+	struct config_str3list* next;
+	/** first string */
+	char* str;
+	/** second string */
+	char* str2;
+	/** third string */
+	char* str3;
+};
+
+
+/**
+ * List of string, bytestring for config options
+ */
+struct config_strbytelist {
+	/** next item in list */
+	struct config_strbytelist* next;
+	/** first string */
+	char* str;
+	/** second bytestring */
+	uint8_t* str2;
+	size_t str2len;
+};
+
 /** List head for strlist processing, used for append operation. */
 struct config_strlist_head {
 	/** first in list of text items */
@@ -544,6 +689,10 @@ int cfg_strlist_append(struct config_strlist_head* list, char* item);
  */
 int cfg_strlist_insert(struct config_strlist** head, char* item);
 
+/** insert with region for allocation. */
+int cfg_region_strlist_insert(struct regional* region,
+	struct config_strlist** head, char* item);
+
 /**
  * Insert string into str2list.
  * @param head: pointer to str2list head variable.
@@ -554,6 +703,39 @@ int cfg_strlist_insert(struct config_strlist** head, char* item);
 int cfg_str2list_insert(struct config_str2list** head, char* item, char* i2);
 
 /**
+ * Insert string into str3list.
+ * @param head: pointer to str3list head variable.
+ * @param item: new item. malloced by caller. If NULL the insertion fails.
+ * @param i2: 2nd string, malloced by caller. If NULL the insertion fails.
+ * @param i3: 3rd string, malloced by caller. If NULL the insertion fails.
+ * @return: true on success.
+ */
+int cfg_str3list_insert(struct config_str3list** head, char* item, char* i2,
+	char* i3);
+
+/**
+ * Insert string into strbytelist.
+ * @param head: pointer to strbytelist head variable.
+ * @param item: new item. malloced by caller. If NULL the insertion fails.
+ * @param i2: 2nd string, malloced by caller. If NULL the insertion fails.
+ * @param i2len: length of the i2 bytestring.
+ * @return: true on success.
+ */
+int cfg_strbytelist_insert(struct config_strbytelist** head, char* item,
+	uint8_t* i2, size_t i2len);
+
+/**
+ * Find stub in config list, also returns prevptr (for deletion).
+ * @param pp: call routine with pointer to a pointer to the start of the list,
+ * 	if the stub is found, on exit, the value contains a pointer to the
+ * 	next pointer that points to the found element (or to the list start
+ * 	pointer if it is the first element).
+ * @param nm: name of stub to find.
+ * @return: pointer to config_stub if found, or NULL if not found.
+ */
+struct config_stub* cfg_stub_find(struct config_stub*** pp, const char* nm);
+
+/**
  * Delete items in config string list.
  * @param list: list.
  */
@@ -566,12 +748,39 @@ void config_delstrlist(struct config_strlist* list);
 void config_deldblstrlist(struct config_str2list* list);
 
 /**
+ * Delete items in config triple string list.
+ * @param list: list.
+ */
+void config_deltrplstrlist(struct config_str3list* list);
+
+/** delete stringbytelist */
+void config_del_strbytelist(struct config_strbytelist* list);
+
+/**
+ * Delete a stub item
+ * @param p: stub item
+ */
+void config_delstub(struct config_stub* p);
+
+/**
  * Delete items in config stub list.
  * @param list: list.
  */
 void config_delstubs(struct config_stub* list);
 
 /**
+ * Delete a view item
+ * @param p: view item
+ */
+void config_delview(struct config_view* p);
+
+/**
+ * Delete items in config view list.
+ * @param list: list.
+ */
+void config_delviews(struct config_view* list);
+
+/**
  * Convert 14digit to time value
  * @param str: string of 14 digits
  * @return time value or 0 for error.
@@ -602,6 +811,54 @@ int cfg_count_numbers(const char* str);
 int cfg_parse_memsize(const char* str, size_t* res);
 
 /**
+ * Add a tag name to the config.  It is added at the end with a new ID value.
+ * @param cfg: the config structure.
+ * @param tag: string (which is copied) with the name.
+ * @return: false on alloc failure.
+ */
+int config_add_tag(struct config_file* cfg, const char* tag);
+
+/**
+ * Find tag ID in the tag list.
+ * @param cfg: the config structure.
+ * @param tag: string with tag name to search for.
+ * @return: 0..(num_tags-1) with tag ID, or -1 if tagname is not found.
+ */
+int find_tag_id(struct config_file* cfg, const char* tag);
+
+/**
+ * parse taglist from string into bytestring with bitlist.
+ * @param cfg: the config structure (with tagnames)
+ * @param str: the string to parse.  Parse puts 0 bytes in string. 
+ * @param listlen: returns length of in bytes.
+ * @return malloced bytes with a bitlist of the tags.  or NULL on parse error
+ * or malloc failure.
+ */
+uint8_t* config_parse_taglist(struct config_file* cfg, char* str,
+	size_t* listlen);
+
+/**
+ * convert tag bitlist to a malloced string with tag names.  For debug output.
+ * @param cfg: the config structure (with tagnames)
+ * @param taglist: the tag bitlist.
+ * @param len: length of the tag bitlist.
+ * @return malloced string or NULL.
+ */
+char* config_taglist2str(struct config_file* cfg, uint8_t* taglist,
+	size_t len);
+
+/**
+ * see if two taglists intersect (have tags in common).
+ * @param list1: first tag bitlist.
+ * @param list1len: length in bytes of first list.
+ * @param list2: second tag bitlist.
+ * @param list2len: length in bytes of second list.
+ * @return true if there are tags in common, 0 if not.
+ */
+int taglist_intersect(uint8_t* list1, size_t list1len, uint8_t* list2,
+	size_t list2len);
+
+/**
  * Parse local-zone directive into two strings and register it in the config.
  * @param cfg: to put it in.
  * @param val: argument strings to local-zone, "example.com nodefault".
@@ -746,4 +1003,7 @@ char* w_lookup_reg_str(const char* key, const char* name);
 void w_config_adjust_directory(struct config_file* cfg);
 #endif /* UB_ON_WINDOWS */
 
+/** debug option for unit tests. */
+extern int fake_dsa, fake_sha1;
+
 #endif /* UTIL_CONFIG_FILE_H */