Maintained by: NLnet Labs

[Unbound-users] [PATCH] support for remote control over local sockets

Dag-Erling Smørgrav
Mon Jan 5 16:37:06 CET 2015


(sounds like an oxymoron, but by "local socket" I mean AF_LOCAL, which
is the correct name for AF_UNIX.)

I just committed a heavily modified version of Ilya Bakulin's patch
(contrib/unbound_unixsock.diff) to FreeBSD 11.  I have attached a
version of the patch relative to Unbound 1.5.1.  It also applies cleanly
to trunk at 3302, but I have not tested the result.

Here is a summary:

  Add support for using a local socket for the remote control connection
  by specifying its path instead of (or in addition to) an IP address as
  an argument to the control-interface configuration variable.

  Add support for unencrypted and unauthenticated control connections
  through a new configuration variable, control-use-cert.  To avoid the
  complexity of supporting both SSL socket and plain socket descriptors
  in the same code, we just use an unencrypted SSL context and forego
  authentication.  The downside is that we still have to perform DH kex
  when establishing the connection.

  This patch was derived (with significant modifications) from the
  contrib/unbound_unixsock.diff patch originally submitted by Ilya
  Bakulin of Genua mbH.

Note that my patch does not update generated files, so remember to run
autoreconf and regenerate the configuration parser and lexer.

Genua have already released Ilya's part of the patch under the BSD
license.  I release my version under the same license.

DES
-- 
Dag-Erling Smørgrav - des at des.no

-------------- next part --------------
A non-text attachment was scrubbed...
Name: unbound-local-socket.diff
Type: text/x-patch
Size: 25191 bytes
Desc: not available
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20150105/1e95c8ee/attachment-0001.bin>