[Unbound-users] [PATCH] support for remote control over local sockets
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Tue Jan 6 13:28:41 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi Dag-Erling,
On 05/01/15 16:37, Dag-Erling Smørgrav wrote:
> (sounds like an oxymoron, but by "local socket" I mean AF_LOCAL,
> which is the correct name for AF_UNIX.)
>
> I just committed a heavily modified version of Ilya Bakulin's
> patch (contrib/unbound_unixsock.diff) to FreeBSD 11. I have
> attached a version of the patch relative to Unbound 1.5.1. It also
> applies cleanly to trunk at 3302, but I have not tested the result.
Thank you for the patch, it looks very good, and I'll put its
inclusion on todo (I need a bit more time to spend on looking it over).
Best regards,
Wouter
> Here is a summary:
>
> Add support for using a local socket for the remote control
> connection by specifying its path instead of (or in addition to) an
> IP address as an argument to the control-interface configuration
> variable.
>
> Add support for unencrypted and unauthenticated control
> connections through a new configuration variable, control-use-cert.
> To avoid the complexity of supporting both SSL socket and plain
> socket descriptors in the same code, we just use an unencrypted SSL
> context and forego authentication. The downside is that we still
> have to perform DH kex when establishing the connection.
>
> This patch was derived (with significant modifications) from the
> contrib/unbound_unixsock.diff patch originally submitted by Ilya
> Bakulin of Genua mbH.
>
> Note that my patch does not update generated files, so remember to
> run autoreconf and regenerate the configuration parser and lexer.
>
> Genua have already released Ilya's part of the patch under the BSD
> license. I release my version under the same license.
>
> DES
>
>
>
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUq+MJAAoJEJ9vHC1+BF+NjbQP/1vsHPb6FFOlTfq/fKrPgiLz
NzdQd7F+ZGi/lRyrt+YD/VuiHG0Sx9pltJBolH6PxTA3WNcNtE4yKYMByiLeuJoB
coJJHZelN6hD+0l4I0joY7E1WPA4wcrEHH0x9uYYIkunsdTzUYIOz+sQEx/E6GLp
nYisFHNPrQwyrkbTH9PyB3vqUyukg1hjbvqWSZxApD/FdsT38xyrvt8H52UIMdYo
QvNPLdpccfsRWzAvrMY9vDi7QXshDLEO5bKzw2iRTkztjmk/O+Fx05JdR3/blgz1
ft7bqGp3LrRimYHn8yKAur3D112jYQZ4zTaZrqeXO2QufrLuKGs0lySv4tcSuxH7
N6htw/DSWAYeX/ru6TyJwMEvPOJ7uk/JXadE7Dz1CdxfuYPxu5TEybkCRyotsZfQ
zBsHd2VgMZIAzPWt3NtexK15wrbu3RWme7m3j8eAdQ/XGaC1zvQLNIf7NpPoE00b
hBo4xdovTTmeJ7yPvDTzmgaqtQasrYi3pi0CglS1Yg16GUEjS1d+RegGSA5T54pe
rOcBF1be0PjhJ+zHyqTk3Gh5XxmloS4dhLNyO6q5dLy3DEfVfjBFmesEF4pxHvaw
/KwNea/pkZZXPbdqHUqm2Ovt0t/9nmUC1VwdPRIRx5gfI96Dtd8bogwbFrdu/I6j
hFCvkQSHJ3/TC7e627zw
=QuqL
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list