Merge remote-tracking branch 'nlnet/master'

* nlnet/master: Changelog note for NLnetLabs#612: - Merge PR NLnetLabs#612: TCP race condition. - Fix NLnetLabs#588: Unbound 1.13.2 crashes due to p->pc is NULL in serviced_udp_callback. - Better bookkeeping when reclaiming the TCP buffer. - Mark waiting_tcp and serviced_query as being in the cb_and_decommission stage to signal later code about their state; prevents premature item deletion. Changelog note for NLnetLabs#610 - Fix NLnetLabs#610: Undefine-shift in sldns_str2wire_hip_buf. - Fix NLnetLabs#610: Undefine-shift in sldns_str2wire_hip_buf. - Add serviced_query timer to send upstream queries outside of the mesh flow to prevent race conditions. - For dnstap, do not wakeupnow right there. Instead zero the timer to force the wakeup callback asap. - For NLnetLabs#602: Allow the module-config "subnetcache validator cachedb iterator". - Add rpz: for-downstream: yesno option, where the RPZ zone is authoritatively answered for, so the RPZ zone contents can be checked with DNS queries directed at the RPZ zone. Changelog note for NLnetLabs#605: - Merge PR NLnetLabs#605: Fix EDNS to upstream where the same option could be attached more than once. - Make sure callback changes for EDNS are not lost. - Fix EDNS to upstream where the same option could be attached more than once. - Add a region to serviced_query for allocations.
jedisct1 · Jan 25, 2022 · b28dbe0 · b28dbe0
2 parents e6d95d5 + 79e755e
commit b28dbe0
Show file tree

Hide file tree

Showing 15 changed files with 1,047 additions and 773 deletions.
diff --git a/dnstap/dtstream.c b/dnstap/dtstream.c
@@ -188,9 +188,9 @@ mq_wakeup_cb(void* arg)
 
 /** start timer to wakeup dtio because there is content in the queue */
 static void
-dt_msg_queue_start_timer(struct dt_msg_queue* mq)
+dt_msg_queue_start_timer(struct dt_msg_queue* mq, int wakeupnow)
 {
-	struct timeval tv;
+	struct timeval tv = {0};
 	/* Start a timer to process messages to be logged.
 	 * If we woke up the dtio thread for every message, the wakeup
 	 * messages take up too much processing power.  If the queue
@@ -204,19 +204,26 @@ dt_msg_queue_start_timer(struct dt_msg_queue* mq)
 
 	/* do not start the timer if a timer already exists, perhaps
 	 * in another worker.  So this variable is protected by a lock in
-	 * dtio */
+	 * dtio. */
+
+	/* If we need to wakeupnow, 0 the timer to force the callback. */
 	lock_basic_lock(&mq->dtio->wakeup_timer_lock);
 	if(mq->dtio->wakeup_timer_enabled) {
+		if(wakeupnow) {
+			comm_timer_set(mq->wakeup_timer, &tv);
+		}
 		lock_basic_unlock(&mq->dtio->wakeup_timer_lock);
 		return;
 	}
 	mq->dtio->wakeup_timer_enabled = 1; /* we are going to start one */
-	lock_basic_unlock(&mq->dtio->wakeup_timer_lock);
 
 	/* start the timer, in mq, in the event base of our worker */
-	tv.tv_sec = 1;
-	tv.tv_usec = 0;
+	if(!wakeupnow) {
+		tv.tv_sec = 1;
+		tv.tv_usec = 0;
+	}
 	comm_timer_set(mq->wakeup_timer, &tv);
+	lock_basic_unlock(&mq->dtio->wakeup_timer_lock);
 }
 
 void
@@ -283,10 +290,8 @@ dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len)
 	/* release lock */
 	lock_basic_unlock(&mq->lock);
 
-	if(wakeupnow) {
-		dtio_wakeup(mq->dtio);
-	} else if(wakeupstarttimer) {
-		dt_msg_queue_start_timer(mq);
+	if(wakeupnow || wakeupstarttimer) {
+		dt_msg_queue_start_timer(mq, wakeupnow);
 	}
 }
 

diff --git a/doc/Changelog b/doc/Changelog
@@ -1,3 +1,28 @@
+25 January 2022: George
+	- Fix #588: Unbound 1.13.2 crashes due to p->pc is NULL in
+	  serviced_udp_callback.
+	- Merge PR #612: TCP race condition.
+
+25 January 2022: Wouter
+	- Fix #610: Undefine-shift in sldns_str2wire_hip_buf.
+
+19 January 2022: George
+	- For dnstap, do not wakeupnow right there. Instead zero the timer to
+	  force the wakeup callback asap.
+
+14 January 2022: George
+	- Merge PR #605:
+	  - Fix EDNS to upstream where the same option could be attached
+	     more than once.
+	  - Add a region to serviced_query for allocations.
+
+14 January 2022: Wouter
+	- Add rpz: for-downstream: yesno option, where the RPZ zone is
+	  authoritatively answered for, so the RPZ zone contents can be
+	  checked with DNS queries directed at the RPZ zone.
+	- For #602: Allow the module-config "subnetcache validator cachedb
+	  iterator".
+
 11 January 2022: George
 	- Fix prematurely terminated TCP queries when a reply has the same ID.
 

diff --git a/doc/example.conf.in b/doc/example.conf.in
@@ -1180,4 +1180,5 @@ remote-control:
 #     rpz-log: yes
 #     rpz-log-name: "example policy"
 #     rpz-signal-nxdomain-ra: no
+#     for-downstream: no
 #     tags: "example"
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
@@ -2638,6 +2638,12 @@ Signal when a query is blocked by the RPZ with NXDOMAIN with an unset RA flag.
 This allows certain clients, like dnsmasq, to infer that the domain is
 externally blocked. Default is no.
 .TP
+.B for\-downstream: \fI<yes or no>
+If enabled the zone is authoritatively answered for and queries for the RPZ
+zone information are answered to downstream clients. This is useful for
+monitoring scripts, that can then access the SOA information to check if
+the rpz information is up to date. Default is no.
+.TP
 .B tags: \fI<list of tags>
 Limit the policies from this RPZ clause to clients with a matching tag. Tags
 need to be defined in \fBdefine\-tag\fR and can be assigned to client addresses