diff options
Diffstat (limited to 'external/unbound/daemon')
-rw-r--r-- | external/unbound/daemon/cachedump.c | 2 | ||||
-rw-r--r-- | external/unbound/daemon/remote.c | 23 | ||||
-rw-r--r-- | external/unbound/daemon/unbound.c | 2 | ||||
-rw-r--r-- | external/unbound/daemon/worker.c | 2 |
4 files changed, 20 insertions, 9 deletions
diff --git a/external/unbound/daemon/cachedump.c b/external/unbound/daemon/cachedump.c index cf5b1a12c..20a46ae4d 100644 --- a/external/unbound/daemon/cachedump.c +++ b/external/unbound/daemon/cachedump.c @@ -664,7 +664,7 @@ load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker) if(!go_on) return 1; /* skip this one, not all references satisfied */ - if(!dns_cache_store(&worker->env, &qinf, &rep, 0, 0, 0, NULL)) { + if(!dns_cache_store(&worker->env, &qinf, &rep, 0, 0, 0, NULL, flags)) { log_warn("error out of memory"); return 0; } diff --git a/external/unbound/daemon/remote.c b/external/unbound/daemon/remote.c index 100aa8be1..ff3d769d4 100644 --- a/external/unbound/daemon/remote.c +++ b/external/unbound/daemon/remote.c @@ -38,8 +38,8 @@ * * This file contains the remote control functionality for the daemon. * The remote control can be performed using either the commandline - * unbound-control tool, or a SSLv3/TLS capable web browser. - * The channel is secured using SSLv3 or TLSv1, and certificates. + * unbound-control tool, or a TLS capable web browser. + * The channel is secured using TLSv1, and certificates. * Both the server and the client(control tool) have their own keys. */ #include "config.h" @@ -154,12 +154,17 @@ daemon_remote_create(struct config_file* cfg) free(rc); return NULL; } - /* no SSLv2 because has defects */ + /* no SSLv2, SSLv3 because has defects */ if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ log_crypto_err("could not set SSL_OP_NO_SSLv2"); daemon_remote_delete(rc); return NULL; } + if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){ + log_crypto_err("could not set SSL_OP_NO_SSLv3"); + daemon_remote_delete(rc); + return NULL; + } s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1); s_key = fname_after_chroot(cfg->server_key_file, cfg, 1); if(!s_cert || !s_key) { @@ -558,7 +563,7 @@ static char* skipwhite(char* str) { /* EOS \0 is not a space */ - while( isspace(*str) ) + while( isspace((unsigned char)*str) ) str++; return str; } @@ -849,7 +854,8 @@ print_ext(SSL* ssl, struct stats_info* s) /* RCODE */ for(i=0; i<STATS_RCODE_NUM; i++) { - if(inhibit_zero && s->svr.ans_rcode[i] == 0) + /* Always include RCODEs 0-5 */ + if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0) continue; lt = sldns_lookup_by_id(sldns_rcodes, i); if(lt && lt->name) { @@ -1089,8 +1095,13 @@ do_cache_remove(struct worker* worker, uint8_t* nm, size_t nmlen, k.qname_len = nmlen; k.qtype = t; k.qclass = c; - h = query_info_hash(&k); + h = query_info_hash(&k, 0); slabhash_remove(worker->env.msg_cache, h, &k); + if(t == LDNS_RR_TYPE_AAAA) { + /* for AAAA also flush dns64 bit_cd packet */ + h = query_info_hash(&k, BIT_CD); + slabhash_remove(worker->env.msg_cache, h, &k); + } } /** flush a type */ diff --git a/external/unbound/daemon/unbound.c b/external/unbound/daemon/unbound.c index a53fe954d..5ded5a964 100644 --- a/external/unbound/daemon/unbound.c +++ b/external/unbound/daemon/unbound.c @@ -287,7 +287,7 @@ checkrlimits(struct config_file* cfg) #ifdef HAVE_SETRLIMIT } #endif - log_warn("increased limit(open files) from %u to %u", + verbose(VERB_ALGO, "increased limit(open files) from %u to %u", (unsigned)avail, (unsigned)total+10); } #else diff --git a/external/unbound/daemon/worker.c b/external/unbound/daemon/worker.c index f90676213..59ae9dfce 100644 --- a/external/unbound/daemon/worker.c +++ b/external/unbound/daemon/worker.c @@ -935,7 +935,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, &repinfo->addr, repinfo->addrlen); goto send_reply; } - h = query_info_hash(&qinfo); + h = query_info_hash(&qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); if((e=slabhash_lookup(worker->env.msg_cache, h, &qinfo, 0))) { /* answer from cache - we have acquired a readlock on it */ if(answer_from_cache(worker, &qinfo, |