Maintained by: NLnet Labs

[Unbound-users] [PATCH] support for remote control over local sockets

W.C.A. Wijngaards
Tue Jan 6 14:28:41 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Dag-Erling,

On 05/01/15 16:37, Dag-Erling Smørgrav wrote:
> (sounds like an oxymoron, but by "local socket" I mean AF_LOCAL,
> which is the correct name for AF_UNIX.)
> 
> I just committed a heavily modified version of Ilya Bakulin's
> patch (contrib/unbound_unixsock.diff) to FreeBSD 11.  I have
> attached a version of the patch relative to Unbound 1.5.1.  It also
> applies cleanly to trunk at 3302, but I have not tested the result.

Thank you for the patch, it looks very good, and I'll put its
inclusion on todo (I need a bit more time to spend on looking it over).

Best regards,
   Wouter

> Here is a summary:
> 
> Add support for using a local socket for the remote control
> connection by specifying its path instead of (or in addition to) an
> IP address as an argument to the control-interface configuration
> variable.
> 
> Add support for unencrypted and unauthenticated control
> connections through a new configuration variable, control-use-cert.
> To avoid the complexity of supporting both SSL socket and plain
> socket descriptors in the same code, we just use an unencrypted SSL
> context and forego authentication.  The downside is that we still
> have to perform DH kex when establishing the connection.
> 
> This patch was derived (with significant modifications) from the 
> contrib/unbound_unixsock.diff patch originally submitted by Ilya 
> Bakulin of Genua mbH.
> 
> Note that my patch does not update generated files, so remember to
> run autoreconf and regenerate the configuration parser and lexer.
> 
> Genua have already released Ilya's part of the patch under the BSD 
> license.  I release my version under the same license.
> 
> DES
> 
> 
> 
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUq+MJAAoJEJ9vHC1+BF+NjbQP/1vsHPb6FFOlTfq/fKrPgiLz
NzdQd7F+ZGi/lRyrt+YD/VuiHG0Sx9pltJBolH6PxTA3WNcNtE4yKYMByiLeuJoB
coJJHZelN6hD+0l4I0joY7E1WPA4wcrEHH0x9uYYIkunsdTzUYIOz+sQEx/E6GLp
nYisFHNPrQwyrkbTH9PyB3vqUyukg1hjbvqWSZxApD/FdsT38xyrvt8H52UIMdYo
QvNPLdpccfsRWzAvrMY9vDi7QXshDLEO5bKzw2iRTkztjmk/O+Fx05JdR3/blgz1
ft7bqGp3LrRimYHn8yKAur3D112jYQZ4zTaZrqeXO2QufrLuKGs0lySv4tcSuxH7
N6htw/DSWAYeX/ru6TyJwMEvPOJ7uk/JXadE7Dz1CdxfuYPxu5TEybkCRyotsZfQ
zBsHd2VgMZIAzPWt3NtexK15wrbu3RWme7m3j8eAdQ/XGaC1zvQLNIf7NpPoE00b
hBo4xdovTTmeJ7yPvDTzmgaqtQasrYi3pi0CglS1Yg16GUEjS1d+RegGSA5T54pe
rOcBF1be0PjhJ+zHyqTk3Gh5XxmloS4dhLNyO6q5dLy3DEfVfjBFmesEF4pxHvaw
/KwNea/pkZZXPbdqHUqm2Ovt0t/9nmUC1VwdPRIRx5gfI96Dtd8bogwbFrdu/I6j
hFCvkQSHJ3/TC7e627zw
=QuqL
-----END PGP SIGNATURE-----