tangled
alpha
login
or
join now
jcs.org
/
openbsd-src
0
fork
atom
jcs's openbsd hax
openbsd
0
fork
atom
overview
issues
pulls
pipelines
openbsd-src
/
sbin
/
unwind
/
at
jcs
1 folder
17 files
libunbound
Sync to unbound
4 months ago
Makefile
Dynamically link these /sbin daemons: dhcpleased, mountd, nfsd, pflogd, resolvd, slaacd, unwind. The mitigation story is way better: syscalls are in a randomly located libc, and every syscall stub is randomly located inside that due to random relinking. As opposed to fixed offset inside a release binary. There is one known consequence: /usr nfs mounting must use statically configured IP addresses. ok kettenis florian, others
3 years ago
control.c
Convert sbin and usr.bin to check for imsgbuf_init failure and add imsgbuf_allow_fdpass where needed.
1 year ago
control.h
Move control_state and ctl_conns to control.c, it's not needed elsewhere and unbreaks -fno-common. Inspired by claudio Problem reported by mortimer
5 years ago
dns64_synth.c
Implement DNS64 synthesis. When unwind(8) learns new autoconf resolvers (from dhcp or router advertisements) it checks if a DNS64 is present in this network location and tries to recover the IPv6 prefix used according to RFC7050. The learned autoconf resolvers are then prevented from upgrading to the validating state since DNS64 breaks DNSSEC. unwind(8) can now perform its own synthesis. If a query for a AAAA record results in no answer we re-send the query for A and if that leads to an answer we synthesize an AAAA answer using the learned prefixes.
5 years ago
dns64_synth.h
Implement DNS64 synthesis. When unwind(8) learns new autoconf resolvers (from dhcp or router advertisements) it checks if a DNS64 is present in this network location and tries to recover the IPv6 prefix used according to RFC7050. The learned autoconf resolvers are then prevented from upgrading to the validating state since DNS64 breaks DNSSEC. unwind(8) can now perform its own synthesis. If a query for a AAAA record results in no answer we re-send the query for A and if that leads to an answer we synthesize an AAAA answer using the learned prefixes.
5 years ago
frontend.c
Make sure the qname is a string.
11 months ago
frontend.h
Determine available address families (and monitor when this changes) to configure libunbound accordingly. This way it no longer tries to talk to IPv6 nameservers when only IPv4 is available and vice versa. input deraadt OK kn
5 years ago
log.c
Due to the way we build libunbound inside of unwind .o files collide in the obj directory. Previously this was solved by keeping the libunbound file name (to be able to keep in sync with upstream) and prefixing the source filename of colliding .o files in unwind with uw_.
7 years ago
log.h
including sys/cdefs.h manually started as a result of netbsd trying to macro-build a replacement for sccsid, and was done without any concern for namespace damage. Unfortunately this practice started infecting other code as others were unaware they didn't need the file. ok millert guenther
4 years ago
parse.y
Disable aggressive-nsec when "force" is in use.
6 months ago
printconf.c
Allow forcing specific domains to be resolved by specific resolvers; Handles typical split-horzizon setups. ok florian@
6 years ago
resolver.c
Disable aggressive-nsec when "force" is in use.
6 months ago
resolver.h
Implement unwindctl status memory to show chache memory usage. testing by otto & pamela as part of a larger diff
6 years ago
unwind.8
some nameserver proposal bits:
3 years ago
unwind.c
Disable aggressive-nsec when "force" is in use.
6 months ago
unwind.conf.5
Make internal hyperlinking work by moving custom sections from .Sh to .Ss and the titles from all caps to sentence case such that they match the table of contents, and switch from .Sy to .Sx as needed. OK florian@
9 months ago
unwind.h
Disable aggressive-nsec when "force" is in use.
6 months ago
jcs.org