diff options
| -rw-r--r-- | usr.sbin/nsd/config.h.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/configlexer.lex | 10 | ||||
| -rw-r--r-- | usr.sbin/nsd/configure | 18 | ||||
| -rw-r--r-- | usr.sbin/nsd/configure.ac | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/dname.c | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/dns.c | 9 | ||||
| -rw-r--r-- | usr.sbin/nsd/dns.h | 1 | ||||
| -rw-r--r-- | usr.sbin/nsd/doc/ChangeLog | 42 | ||||
| -rw-r--r-- | usr.sbin/nsd/doc/RELNOTES | 25 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-checkconf.8.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-checkzone.8.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-control.8.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.8.in | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.c | 33 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.conf.5.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsec3.c | 11 | ||||
| -rw-r--r-- | usr.sbin/nsd/options.h | 1 | ||||
| -rw-r--r-- | usr.sbin/nsd/packet.h | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/query.c | 23 | ||||
| -rw-r--r-- | usr.sbin/nsd/query.h | 6 | ||||
| -rw-r--r-- | usr.sbin/nsd/server.c | 8 | ||||
| -rw-r--r-- | usr.sbin/nsd/util.h | 10 | ||||
| -rw-r--r-- | usr.sbin/nsd/zparser.y | 14 |
23 files changed, 179 insertions, 56 deletions
diff --git a/usr.sbin/nsd/config.h.in b/usr.sbin/nsd/config.h.in index 4940c8e28ec..c528729cc75 100644 --- a/usr.sbin/nsd/config.h.in +++ b/usr.sbin/nsd/config.h.in @@ -946,7 +946,7 @@ char *nsd_strptime(const char *s, const char *format, struct tm *tm); #ifdef __linux__ #define HAVE_SETPROCTITLE 1 #include <stdarg.h> -void setproctitle(char *fmt, ...); +void setproctitle(const char *fmt, ...); #endif #endif diff --git a/usr.sbin/nsd/configlexer.lex b/usr.sbin/nsd/configlexer.lex index bb4dd3499c4..7ed3deb2f1f 100644 --- a/usr.sbin/nsd/configlexer.lex +++ b/usr.sbin/nsd/configlexer.lex @@ -36,16 +36,6 @@ struct inc_state { }; static struct inc_state* config_include_stack = NULL; static int inc_depth = 0; -static int inc_prev = 0; -static int num_args = 0; - -void init_cfg_parse(void) -{ - config_include_stack = NULL; - inc_depth = 0; - inc_prev = 0; - num_args = 0; -} static void config_start_include(const char* filename) { diff --git a/usr.sbin/nsd/configure b/usr.sbin/nsd/configure index 1e8b73a0cd6..349068f5d0c 100644 --- a/usr.sbin/nsd/configure +++ b/usr.sbin/nsd/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for NSD 4.3.3. +# Generated by GNU Autoconf 2.69 for NSD 4.3.4. # # Report bugs to <nsd-bugs@nlnetlabs.nl>. # @@ -580,8 +580,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='NSD' PACKAGE_TARNAME='nsd' -PACKAGE_VERSION='4.3.3' -PACKAGE_STRING='NSD 4.3.3' +PACKAGE_VERSION='4.3.4' +PACKAGE_STRING='NSD 4.3.4' PACKAGE_BUGREPORT='nsd-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -1314,7 +1314,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures NSD 4.3.3 to adapt to many kinds of systems. +\`configure' configures NSD 4.3.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1376,7 +1376,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of NSD 4.3.3:";; + short | recursive ) echo "Configuration of NSD 4.3.4:";; esac cat <<\_ACEOF @@ -1536,7 +1536,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -NSD configure 4.3.3 +NSD configure 4.3.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2245,7 +2245,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by NSD $as_me 4.3.3, which was +It was created by NSD $as_me 4.3.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -10835,7 +10835,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by NSD $as_me 4.3.3, which was +This file was extended by NSD $as_me 4.3.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -10897,7 +10897,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -NSD config.status 4.3.3 +NSD config.status 4.3.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/usr.sbin/nsd/configure.ac b/usr.sbin/nsd/configure.ac index cc13d344127..06e2f0e3b7e 100644 --- a/usr.sbin/nsd/configure.ac +++ b/usr.sbin/nsd/configure.ac @@ -5,7 +5,7 @@ dnl sinclude(acx_nlnetlabs.m4) sinclude(dnstap/dnstap.m4) -AC_INIT(NSD,4.3.3,nsd-bugs@nlnetlabs.nl) +AC_INIT(NSD,4.3.4,nsd-bugs@nlnetlabs.nl) AC_CONFIG_HEADER([config.h]) # @@ -1344,7 +1344,7 @@ char *nsd_strptime(const char *s, const char *format, struct tm *tm); #ifdef __linux__ #define HAVE_SETPROCTITLE 1 #include <stdarg.h> -void setproctitle(char *fmt, ...); +void setproctitle(const char *fmt, ...); #endif #endif ]) diff --git a/usr.sbin/nsd/dname.c b/usr.sbin/nsd/dname.c index 2432f65f62e..6b9e964e147 100644 --- a/usr.sbin/nsd/dname.c +++ b/usr.sbin/nsd/dname.c @@ -109,7 +109,9 @@ dname_make_wire_from_packet(uint8_t *buf, buffer_type *packet, const uint8_t *label; ssize_t mark = -1; - memset(visited, 0, (buffer_limit(packet)+7)/8); + if(sizeof(visited)<(buffer_limit(packet)+7)/8) + memset(visited, 0, sizeof(visited)); + else memset(visited, 0, (buffer_limit(packet)+7)/8); while (!done) { if (!buffer_available(packet, 1)) { diff --git a/usr.sbin/nsd/dns.c b/usr.sbin/nsd/dns.c index a5e4ad4c9a0..7375b296b04 100644 --- a/usr.sbin/nsd/dns.c +++ b/usr.sbin/nsd/dns.c @@ -308,8 +308,13 @@ static rrtype_descriptor_type rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+1)] /* 62 - CSYNC */ { TYPE_CSYNC, "CSYNC", T_CSYNC, 3, 3, { RDATA_WF_LONG, RDATA_WF_SHORT, RDATA_WF_BINARY }, { RDATA_ZF_LONG, RDATA_ZF_SHORT, RDATA_ZF_NSEC } }, - /* 63 */ - { 63, NULL, T_UTYPE, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, + /* 63 - ZONEMD */ + { TYPE_ZONEMD, "ZONEMD", T_ZONEMD, 4, 4, + { RDATA_WF_LONG, /* serial */ + RDATA_WF_BYTE, /* scheme */ + RDATA_WF_BYTE, /* hash Algorithm */ + RDATA_WF_BINARY }, /* digest */ + { RDATA_ZF_PERIOD, RDATA_ZF_BYTE, RDATA_ZF_BYTE, RDATA_ZF_HEX } }, /* 64 */ { 64, NULL, T_UTYPE, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, /* 65 */ diff --git a/usr.sbin/nsd/dns.h b/usr.sbin/nsd/dns.h index 7caea75eebe..b7d4a280cf3 100644 --- a/usr.sbin/nsd/dns.h +++ b/usr.sbin/nsd/dns.h @@ -141,6 +141,7 @@ typedef enum nsd_rc nsd_rc_type; #define TYPE_CDNSKEY 60 /* RFC 7344 */ #define TYPE_OPENPGPKEY 61 /* RFC 7929 */ #define TYPE_CSYNC 62 /* RFC 7477 */ +#define TYPE_ZONEMD 63 /* draft-ietf-dnsop-dns-zone-digest */ #define TYPE_SPF 99 /* RFC 4408 */ diff --git a/usr.sbin/nsd/doc/ChangeLog b/usr.sbin/nsd/doc/ChangeLog index 9bcf7de6ab6..018c484aac3 100644 --- a/usr.sbin/nsd/doc/ChangeLog +++ b/usr.sbin/nsd/doc/ChangeLog @@ -1,3 +1,45 @@ +24 November 2020: Wouter + - Merge PR #141: ZONEMD RR type. + - tag for 4.3.4rc1. + +23 November 2020: Wouter + - Fix #142: NODATA answers missin SOA in authority section after + CNAME chain. + - Fix for CVE-2020-28935 : Fix that symlink does not interfere + with chown of pidfile. + - fix writepid for retvalue 0. + +9 November 2020: Wouter + - Fix #138: NSD returns non-EDNS answer when QUESTION is empty. + - Fix to check nscount in previous fix for EDNS in formerr response + when there is no question. + +28 October 2020: Wouter + - Remove unused init_cfg_parse routine from configlexer. + +20 October 2020: Wouter + - Fix to add missing closest encloser NSEC3 for wildcard nodata type + DS answer. + +14 October 2020: Wouter + - Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN. + +13 October 2020: Wouter + - Fix missing parenthesis on size of fix to init buffer. + +12 October 2020: Wouter + - Fix #127: two minor `-Wcast-qual` cleanups + - Fix #126: minor header hygiene + - Fix #125: include config.h in compat/setproctitle.c and fix prototype of `setproctitle` + - Fix #133: fix 0-init of local ( stack ) buffer. + +8 October 2020: Wouter + - tag for 4.3.3 release + - current repository contains 4.3.4 in development. + - Fix #129: ambiguous use of errno, in log message if sendmmsg fails. + - Fix #128: Fix that the invalid port number is logged for sendmmsg + failed: Invalid argument. + 1 October 2020: Wouter - tag for 4.3.3rc1 release. diff --git a/usr.sbin/nsd/doc/RELNOTES b/usr.sbin/nsd/doc/RELNOTES index def95dfd85d..9bb1202601f 100644 --- a/usr.sbin/nsd/doc/RELNOTES +++ b/usr.sbin/nsd/doc/RELNOTES @@ -1,5 +1,30 @@ NSD RELEASE NOTES +4.3.4 +================ +FEATURES: + - Merge PR #141: ZONEMD RR type. +BUG FIXES: + - Fix #129: ambiguous use of errno, in log message if sendmmsg fails. + - Fix #128: Fix that the invalid port number is logged for sendmmsg + failed: Invalid argument. + - Fix #127: two minor `-Wcast-qual` cleanups + - Fix #126: minor header hygiene + - Fix #125: include config.h in compat/setproctitle.c and fix + prototype of `setproctitle` + - Fix #133: fix 0-init of local ( stack ) buffer. + - Fix missing parenthesis on size of fix to init buffer. + - Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN. + - Fix to add missing closest encloser NSEC3 for wildcard nodata type + DS answer. + - Remove unused init_cfg_parse routine from configlexer. + - Fix #138: NSD returns non-EDNS answer when QUESTION is empty. + - Fix #142: NODATA answers missin SOA in authority section after + CNAME chain. + - Fix for CVE-2020-28935 : Fix that symlink does not interfere + with chown of pidfile. + + 4.3.3 ================ FEATURES: diff --git a/usr.sbin/nsd/nsd-checkconf.8.in b/usr.sbin/nsd/nsd-checkconf.8.in index 8f3dc7c2989..5355b408580 100644 --- a/usr.sbin/nsd/nsd-checkconf.8.in +++ b/usr.sbin/nsd/nsd-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-checkconf" "8" "Oct 8, 2020" "NLnet Labs" "nsd 4.3.3" +.TH "nsd\-checkconf" "8" "Dec 1, 2020" "NLnet Labs" "nsd 4.3.4" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-checkzone.8.in b/usr.sbin/nsd/nsd-checkzone.8.in index 88fb1d18744..27195a65517 100644 --- a/usr.sbin/nsd/nsd-checkzone.8.in +++ b/usr.sbin/nsd/nsd-checkzone.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-checkzone" "8" "Oct 8, 2020" "NLnet Labs" "nsd 4.3.3" +.TH "nsd\-checkzone" "8" "Dec 1, 2020" "NLnet Labs" "nsd 4.3.4" .\" Copyright (c) 2014, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-control.8.in b/usr.sbin/nsd/nsd-control.8.in index 7b695eaf225..56ef19386a9 100644 --- a/usr.sbin/nsd/nsd-control.8.in +++ b/usr.sbin/nsd/nsd-control.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-control" "8" "Oct 8, 2020" "NLnet Labs" "nsd 4.3.3" +.TH "nsd\-control" "8" "Dec 1, 2020" "NLnet Labs" "nsd 4.3.4" .\" Copyright (c) 2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd.8.in b/usr.sbin/nsd/nsd.8.in index eacac97dfa1..cec7a9761eb 100644 --- a/usr.sbin/nsd/nsd.8.in +++ b/usr.sbin/nsd/nsd.8.in @@ -1,9 +1,9 @@ -.TH "NSD" "8" "Oct 8, 2020" "NLnet Labs" "NSD 4.3.3" +.TH "NSD" "8" "Dec 1, 2020" "NLnet Labs" "NSD 4.3.4" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" .B nsd -\- Name Server Daemon (NSD) version 4.3.3. +\- Name Server Daemon (NSD) version 4.3.4. .SH "SYNOPSIS" .B nsd .RB [ \-4 ] diff --git a/usr.sbin/nsd/nsd.c b/usr.sbin/nsd/nsd.c index 14561e5e361..28b294e8903 100644 --- a/usr.sbin/nsd/nsd.c +++ b/usr.sbin/nsd/nsd.c @@ -744,26 +744,43 @@ readpid(const char *file) int writepid(struct nsd *nsd) { - FILE * fd; + int fd; char pidbuf[32]; + size_t count = 0; if(!nsd->pidfile || !nsd->pidfile[0]) return 0; snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long) nsd->pid); - if ((fd = fopen(nsd->pidfile, "w")) == NULL ) { + if((fd = open(nsd->pidfile, O_WRONLY | O_CREAT | O_TRUNC +#ifdef O_NOFOLLOW + | O_NOFOLLOW +#endif + , 0644)) == -1) { log_msg(LOG_ERR, "cannot open pidfile %s: %s", nsd->pidfile, strerror(errno)); return -1; } - if (!write_data(fd, pidbuf, strlen(pidbuf))) { - log_msg(LOG_ERR, "cannot write pidfile %s: %s", - nsd->pidfile, strerror(errno)); - fclose(fd); - return -1; + while(count < strlen(pidbuf)) { + ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count); + if(r == -1) { + if(errno == EAGAIN || errno == EINTR) + continue; + log_msg(LOG_ERR, "cannot write pidfile %s: %s", + nsd->pidfile, strerror(errno)); + close(fd); + return -1; + } else if(r == 0) { + log_msg(LOG_ERR, "cannot write any bytes to " + "pidfile %s: write returns 0 bytes written", + nsd->pidfile); + close(fd); + return -1; + } + count += r; } - fclose(fd); + close(fd); if (chown(nsd->pidfile, nsd->uid, nsd->gid) == -1) { log_msg(LOG_ERR, "cannot chown %u.%u %s: %s", diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in index e705586952f..bd8589d6978 100644 --- a/usr.sbin/nsd/nsd.conf.5.in +++ b/usr.sbin/nsd/nsd.conf.5.in @@ -1,4 +1,4 @@ -.TH "nsd.conf" "5" "Oct 8, 2020" "NLnet Labs" "nsd 4.3.3" +.TH "nsd.conf" "5" "Dec 1, 2020" "NLnet Labs" "nsd 4.3.4" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsec3.c b/usr.sbin/nsd/nsec3.c index ef7c5ee6f96..c49014016cd 100644 --- a/usr.sbin/nsd/nsec3.c +++ b/usr.sbin/nsd/nsec3.c @@ -1077,6 +1077,17 @@ nsec3_answer_nodata(struct query* query, struct answer* answer, } /* query->zone must be the parent zone */ nsec3_add_ds_proof(query, answer, original, 0); + /* if the DS is from a wildcard match */ + if (original==original->wildcard_child_closest_match + && label_is_wildcard(dname_name(domain_dname(original)))) { + /* denial for wildcard is already there */ + /* add parent proof to have a closest encloser proof for wildcard parent */ + /* in other words: nsec3 matching closest encloser */ + if(original->parent && original->parent->nsec3 && + original->parent->nsec3->nsec3_is_exact) + nsec3_add_rrset(query, answer, AUTHORITY_SECTION, + original->parent->nsec3->nsec3_cover); + } } /* the nodata is result from a wildcard match */ else if (original==original->wildcard_child_closest_match diff --git a/usr.sbin/nsd/options.h b/usr.sbin/nsd/options.h index fdbd1c5f20b..14a7f88bfef 100644 --- a/usr.sbin/nsd/options.h +++ b/usr.sbin/nsd/options.h @@ -10,7 +10,6 @@ #ifndef OPTIONS_H #define OPTIONS_H -#include "config.h" #include <stdarg.h> #include "region-allocator.h" #include "rbtree.h" diff --git a/usr.sbin/nsd/packet.h b/usr.sbin/nsd/packet.h index 097e9660f31..ed08dfae1d6 100644 --- a/usr.sbin/nsd/packet.h +++ b/usr.sbin/nsd/packet.h @@ -140,7 +140,7 @@ struct query; #define MAXRRSPP 10240 /* Maximum number of rr's per packet */ #define MAX_COMPRESSED_DNAMES MAXRRSPP /* Maximum number of compressed domains. */ #define MAX_COMPRESSION_OFFSET 16383 /* Compression pointers are 14 bit. */ -#define IPV4_MINIMAL_RESPONSE_SIZE 1460 /* Recommended minimal edns size for IPv4 */ +#define IPV4_MINIMAL_RESPONSE_SIZE 1232 /* Recommended minimal edns size for IPv4 */ #define IPV6_MINIMAL_RESPONSE_SIZE 1220 /* Recommended minimal edns size for IPv6 */ /* use round robin rotation */ diff --git a/usr.sbin/nsd/query.c b/usr.sbin/nsd/query.c index 56eabd6ab19..5cdc877753d 100644 --- a/usr.sbin/nsd/query.c +++ b/usr.sbin/nsd/query.c @@ -918,9 +918,7 @@ answer_soa(struct query *query, answer_type *answer) static void answer_nodata(struct query *query, answer_type *answer, domain_type *original) { - if (query->cname_count == 0) { - answer_soa(query, answer); - } + answer_soa(query, answer); #ifdef NSEC3 if (query->edns.dnssec_ok && query->zone->nsec3_param) { @@ -1450,6 +1448,25 @@ query_process(query_type *q, nsd_type *nsd) /* Dont bother to answer more than one question at once... */ if (QDCOUNT(q->packet) != 1) { + if(QDCOUNT(q->packet) == 0 && ANCOUNT(q->packet) == 0 && + NSCOUNT(q->packet) == 0 && ARCOUNT(q->packet) == 1 && + buffer_limit(q->packet) >= QHEADERSZ+OPT_LEN+ + OPT_RDATA) { + /* add edns section to answer */ + buffer_set_position(q->packet, QHEADERSZ); + if (edns_parse_record(&q->edns, q->packet, q, nsd)) { + if(process_edns(nsd, q) == NSD_RC_OK) { + int opcode = OPCODE(q->packet); + (void)query_error(q, NSD_RC_FORMAT); + query_add_optional(q, nsd); + FLAGS_SET(q->packet, FLAGS(q->packet) & 0x0100U); + /* Preserve the RD flag. Clear the rest. */ + OPCODE_SET(q->packet, opcode); + QR_SET(q->packet); + return QUERY_PROCESSED; + } + } + } FLAGS_SET(q->packet, 0); return query_formerr(q, nsd); } diff --git a/usr.sbin/nsd/query.h b/usr.sbin/nsd/query.h index 0a511f5931b..2497f6f5fa9 100644 --- a/usr.sbin/nsd/query.h +++ b/usr.sbin/nsd/query.h @@ -87,9 +87,9 @@ struct query { /* * The number of CNAMES followed. After a CNAME is followed - * we no longer change the RCODE to NXDOMAIN and no longer add - * SOA records to the authority section in case of NXDOMAIN - * and NODATA. + * we no longer clear AA for a delegation and do not REFUSE + * or SERVFAIL if the destination zone of the CNAME does not exist, + * or is configured but not present. * Also includes number of DNAMES followed. */ int cname_count; diff --git a/usr.sbin/nsd/server.c b/usr.sbin/nsd/server.c index aaeaa6db574..b666d0c63d9 100644 --- a/usr.sbin/nsd/server.c +++ b/usr.sbin/nsd/server.c @@ -3373,7 +3373,7 @@ handle_udp(int fd, short event, void* arg) #endif errno == EAGAIN) { /* block to wait until send buffer avail */ - int flag; + int flag, errstore; if((flag = fcntl(fd, F_GETFL)) == -1) { log_msg(LOG_ERR, "cannot fcntl F_GETFL: %s", strerror(errno)); flag = 0; @@ -3382,6 +3382,7 @@ handle_udp(int fd, short event, void* arg) if(fcntl(fd, F_SETFL, flag) == -1) log_msg(LOG_ERR, "cannot fcntl F_SETFL 0: %s", strerror(errno)); sent = nsd_sendmmsg(fd, &msgs[i], recvcount-i, 0); + errstore = errno; flag |= O_NONBLOCK; if(fcntl(fd, F_SETFL, flag) == -1) log_msg(LOG_ERR, "cannot fcntl F_SETFL O_NONBLOCK: %s", strerror(errno)); @@ -3389,6 +3390,7 @@ handle_udp(int fd, short event, void* arg) i += sent; continue; } + errno = errstore; } /* don't log transient network full errors, unless * on higher verbosity */ @@ -3398,8 +3400,8 @@ handle_udp(int fd, short event, void* arg) #endif errno != EAGAIN) { const char* es = strerror(errno); - char a[48]; - addr2str(&queries[i]->addr, a, sizeof(a)); + char a[64]; + addrport2str(&queries[i]->addr, a, sizeof(a)); log_msg(LOG_ERR, "sendmmsg [0]=%s count=%d failed: %s", a, (int)(recvcount-i), es); } #ifdef BIND8_STATS diff --git a/usr.sbin/nsd/util.h b/usr.sbin/nsd/util.h index 9d243a311ba..d0b942869a2 100644 --- a/usr.sbin/nsd/util.h +++ b/usr.sbin/nsd/util.h @@ -230,9 +230,9 @@ static inline uint16_t read_uint16(const void *src) { #ifdef ALLOW_UNALIGNED_ACCESSES - return ntohs(* (uint16_t *) src); + return ntohs(* (const uint16_t *) src); #else - uint8_t *p = (uint8_t *) src; + const uint8_t *p = (const uint8_t *) src; return (p[0] << 8) | p[1]; #endif } @@ -241,9 +241,9 @@ static inline uint32_t read_uint32(const void *src) { #ifdef ALLOW_UNALIGNED_ACCESSES - return ntohl(* (uint32_t *) src); + return ntohl(* (const uint32_t *) src); #else - uint8_t *p = (uint8_t *) src; + const uint8_t *p = (const uint8_t *) src; return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; #endif } @@ -251,7 +251,7 @@ read_uint32(const void *src) static inline uint64_t read_uint64(const void *src) { - uint8_t *p = (uint8_t *) src; + const uint8_t *p = (const uint8_t *) src; return ((uint64_t)p[0] << 56) | ((uint64_t)p[1] << 48) | diff --git a/usr.sbin/nsd/zparser.y b/usr.sbin/nsd/zparser.y index 0b2e9554f25..7306ac13216 100644 --- a/usr.sbin/nsd/zparser.y +++ b/usr.sbin/nsd/zparser.y @@ -68,7 +68,7 @@ nsec3_add_params(const char* hash_algo_str, const char* flag_str, %token <type> T_AXFR T_MAILB T_MAILA T_DS T_DLV T_SSHFP T_RRSIG T_NSEC T_DNSKEY %token <type> T_SPF T_NSEC3 T_IPSECKEY T_DHCID T_NSEC3PARAM T_TLSA T_URI %token <type> T_NID T_L32 T_L64 T_LP T_EUI48 T_EUI64 T_CAA T_CDS T_CDNSKEY -%token <type> T_OPENPGPKEY T_CSYNC T_AVC T_SMIMEA +%token <type> T_OPENPGPKEY T_CSYNC T_ZONEMD T_AVC T_SMIMEA /* other tokens */ %token DOLLAR_TTL DOLLAR_ORIGIN NL SP @@ -670,6 +670,8 @@ type_and_rdata: | T_OPENPGPKEY sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); } | T_CSYNC sp rdata_csync | T_CSYNC sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); } + | T_ZONEMD sp rdata_zonemd + | T_ZONEMD sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); } | T_URI sp rdata_uri | T_URI sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); } | T_UTYPE sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); } @@ -1122,6 +1124,16 @@ rdata_csync: STR sp STR nsec_seq } ; +/* draft-ietf-dnsop-dns-zone-digest */ +rdata_zonemd: STR sp STR sp STR sp str_sp_seq trail + { + zadd_rdata_wireformat(zparser_conv_serial(parser->region, $1.str)); /* serial */ + zadd_rdata_wireformat(zparser_conv_byte(parser->region, $3.str)); /* scheme */ + zadd_rdata_wireformat(zparser_conv_byte(parser->region, $5.str)); /* hash algorithm */ + zadd_rdata_wireformat(zparser_conv_hex(parser->region, $7.str, $7.len)); /* digest */ + } + ; + rdata_unknown: URR sp STR sp str_sp_seq trail { /* $2 is the number of octets, currently ignored */ |