Git-Mirrors/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2025-12-15 19:18:51 -05:00
Code Issues Projects Releases Packages Wiki Activity

update unbound

Browse source
This commit is contained in:
Riccardo Spagni 2015-08-14 19:12:19 +02:00
parent 7792255968
commit 93944333c5
No known key found for this signature in database
GPG key ID: 55432DF31CCD4FCD
45 changed files with 2290 additions and 3300 deletions
Download patch file Download diff file Expand all files Collapse all files

31
external/unbound/validator/autotrust.c vendored
View file

@ -1225,7 +1225,7 @@ verify_dnskey(struct module_env* env, struct val_env* ve,
{
char* reason = NULL;
uint8_t sigalg[ALGO_NEEDS_MAX+1];
int downprot = 1;
int downprot = env->cfg->harden_algo_downgrade;
enum sec_status sec = val_verify_DNSKEY_with_TA(env, ve, rrset,
tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason);
/* sigalg is ignored, it returns algorithms signalled to exist, but
@ -1447,9 +1447,11 @@ set_tp_times(struct trust_anchor* tp, time_t rrsig_exp_interval,
if(rrsig_exp_interval/2 < x)
x = rrsig_exp_interval/2;
/* MAX(1hr, x) */
if(x < 3600)
tp->autr->query_interval = 3600;
else tp->autr->query_interval = x;
if(!autr_permit_small_holddown) {
if(x < 3600)
tp->autr->query_interval = 3600;
else tp->autr->query_interval = x;
} else tp->autr->query_interval = x;
/* x= MIN(1day, ttl/10, expire/10) */
x = 24 * 3600;
@ -1458,9 +1460,11 @@ set_tp_times(struct trust_anchor* tp, time_t rrsig_exp_interval,
if(rrsig_exp_interval/10 < x)
x = rrsig_exp_interval/10;
/* MAX(1hr, x) */
if(x < 3600)
tp->autr->retry_time = 3600;
else tp->autr->retry_time = x;
if(!autr_permit_small_holddown) {
if(x < 3600)
tp->autr->retry_time = 3600;
else tp->autr->retry_time = x;
} else tp->autr->retry_time = x;
if(qi != tp->autr->query_interval || rt != tp->autr->retry_time) {
*changed = 1;
@ -1959,8 +1963,12 @@ calc_next_probe(struct module_env* env, time_t wait)
{
/* make it random, 90-100% */
time_t rnd, rest;
if(wait < 3600)
wait = 3600;
if(!autr_permit_small_holddown) {
if(wait < 3600)
wait = 3600;
} else {
if(wait == 0) wait = 1;
}
rnd = wait/10;
rest = wait-rnd;
rnd = (time_t)ub_random_max(env->rnd, (long int)rnd);
@ -2349,6 +2357,8 @@ todo_probe(struct module_env* env, time_t* next)
if( (el=rbtree_first(&env->anchors->autr->probe)) == RBTREE_NULL) {
/* in case of revoked anchors */
lock_basic_unlock(&env->anchors->lock);
/* signal that there are no anchors to probe */
*next = 0;
return NULL;
}
tp = (struct trust_anchor*)el->key;
@ -2378,6 +2388,7 @@ autr_probe_timer(struct module_env* env)
struct trust_anchor* tp;
time_t next_probe = 3600;
int num = 0;
if(autr_permit_small_holddown) next_probe = 1;
verbose(VERB_ALGO, "autotrust probe timer callback");
/* while there are still anchors to probe */
while( (tp = todo_probe(env, &next_probe)) ) {
@ -2386,7 +2397,7 @@ autr_probe_timer(struct module_env* env)
num++;
}
regional_free_all(env->scratch);
if(num == 0)
if(next_probe == 0)
return 0; /* no trust points to probe */
verbose(VERB_ALGO, "autotrust probe timer %d callbacks done", num);
return next_probe;