Maintained by: NLnet Labs

ipsechook and unbound-checkconf

Paul Wouters
Sun Jul 2 13:57:24 CEST 2017


The unbound-checkconf code checks for the ipsecmod hook to exist:

 	check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook, cfg->chrootdir

I want to ship unbound with the ipsecmod module enabled via the
modules line, but activated via unbound-control. This means that
the unbound.conf needs no changes when switching from regular mode
to the mode where it uses the ipsec module for lookups. Currently,
the ipsecmod hook is checked for, but if people don't have libreswan
installed, unbound-checkconf fails, and with the systemd service,
it means unbound won't start.

I've patched this check out to prevent this.

ps. minor nit: you should rename check_chroot_string() if you use
it for multiple things, one of which does not involve chroot :)