41,42c41,42
< * unbound-control tool, or a SSLv3/TLS capable web browser.
< * The channel is secured using SSLv3 or TLSv1, and certificates.
---
> * unbound-control tool, or a TLS capable web browser.
> * The channel is secured using TLSv1, and certificates.
157c157
< /* no SSLv2 because has defects */
---
> /* no SSLv2, SSLv3 because has defects */
162a163,167
> if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){
> log_crypto_err("could not set SSL_OP_NO_SSLv3");
> daemon_remote_delete(rc);
> return NULL;
> }
561c566
< while( isspace(*str) )
---
> while( isspace((unsigned char)*str) )
608,611c613,616
< if(!ssl_printf(ssl, "%s.num.queries"SQ"%u\n", nm,
< (unsigned)s->svr.num_queries)) return 0;
< if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%u\n", nm,
< (unsigned)(s->svr.num_queries
---
> if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm,
> (unsigned long)s->svr.num_queries)) return 0;
> if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%lu\n", nm,
> (unsigned long)(s->svr.num_queries
613,618c618,623
< if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%u\n", nm,
< (unsigned)s->svr.num_queries_missed_cache)) return 0;
< if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%u\n", nm,
< (unsigned)s->svr.num_queries_prefetch)) return 0;
< if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%u\n", nm,
< (unsigned)s->mesh_replies_sent)) return 0;
---
> if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%lu\n", nm,
> (unsigned long)s->svr.num_queries_missed_cache)) return 0;
> if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%lu\n", nm,
> (unsigned long)s->svr.num_queries_prefetch)) return 0;
> if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm,
> (unsigned long)s->mesh_replies_sent)) return 0;
624,633c629,638
< if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%u\n", nm,
< (unsigned)s->svr.max_query_list_size)) return 0;
< if(!ssl_printf(ssl, "%s.requestlist.overwritten"SQ"%u\n", nm,
< (unsigned)s->mesh_jostled)) return 0;
< if(!ssl_printf(ssl, "%s.requestlist.exceeded"SQ"%u\n", nm,
< (unsigned)s->mesh_dropped)) return 0;
< if(!ssl_printf(ssl, "%s.requestlist.current.all"SQ"%u\n", nm,
< (unsigned)s->mesh_num_states)) return 0;
< if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%u\n", nm,
< (unsigned)s->mesh_num_reply_states)) return 0;
---
> if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%lu\n", nm,
> (unsigned long)s->svr.max_query_list_size)) return 0;
> if(!ssl_printf(ssl, "%s.requestlist.overwritten"SQ"%lu\n", nm,
> (unsigned long)s->mesh_jostled)) return 0;
> if(!ssl_printf(ssl, "%s.requestlist.exceeded"SQ"%lu\n", nm,
> (unsigned long)s->mesh_dropped)) return 0;
> if(!ssl_printf(ssl, "%s.requestlist.current.all"SQ"%lu\n", nm,
> (unsigned long)s->mesh_num_states)) return 0;
> if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%lu\n", nm,
> (unsigned long)s->mesh_num_reply_states)) return 0;
663c668
< return ssl_printf(ssl, "%s%u\n", desc, (unsigned)x);
---
> return ssl_printf(ssl, "%s%lu\n", desc, (unsigned long)x);
742c747
< "histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%u\n",
---
> "histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%lu\n",
747c752
< (unsigned)hist->buckets[i].count)) {
---
> (unsigned long)hist->buckets[i].count)) {
784,785c789,790
< if(!ssl_printf(ssl, "num.query.type.%s"SQ"%u\n",
< nm, (unsigned)s->svr.qtype[i])) return 0;
---
> if(!ssl_printf(ssl, "num.query.type.%s"SQ"%lu\n",
> nm, (unsigned long)s->svr.qtype[i])) return 0;
788,789c793,794
< if(!ssl_printf(ssl, "num.query.type.other"SQ"%u\n",
< (unsigned)s->svr.qtype_big)) return 0;
---
> if(!ssl_printf(ssl, "num.query.type.other"SQ"%lu\n",
> (unsigned long)s->svr.qtype_big)) return 0;
801,802c806,807
< if(!ssl_printf(ssl, "num.query.class.%s"SQ"%u\n",
< nm, (unsigned)s->svr.qclass[i])) return 0;
---
> if(!ssl_printf(ssl, "num.query.class.%s"SQ"%lu\n",
> nm, (unsigned long)s->svr.qclass[i])) return 0;
805,806c810,811
< if(!ssl_printf(ssl, "num.query.class.other"SQ"%u\n",
< (unsigned)s->svr.qclass_big)) return 0;
---
> if(!ssl_printf(ssl, "num.query.class.other"SQ"%lu\n",
> (unsigned long)s->svr.qclass_big)) return 0;
818,819c823,824
< if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%u\n",
< nm, (unsigned)s->svr.qopcode[i])) return 0;
---
> if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%lu\n",
> nm, (unsigned long)s->svr.qopcode[i])) return 0;
822,825c827,832
< if(!ssl_printf(ssl, "num.query.tcp"SQ"%u\n",
< (unsigned)s->svr.qtcp)) return 0;
< if(!ssl_printf(ssl, "num.query.ipv6"SQ"%u\n",
< (unsigned)s->svr.qipv6)) return 0;
---
> if(!ssl_printf(ssl, "num.query.tcp"SQ"%lu\n",
> (unsigned long)s->svr.qtcp)) return 0;
> if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n",
> (unsigned long)s->svr.qtcp_outgoing)) return 0;
> if(!ssl_printf(ssl, "num.query.ipv6"SQ"%lu\n",
> (unsigned long)s->svr.qipv6)) return 0;
827,846c834,853
< if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%u\n",
< (unsigned)s->svr.qbit_QR)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%u\n",
< (unsigned)s->svr.qbit_AA)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%u\n",
< (unsigned)s->svr.qbit_TC)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%u\n",
< (unsigned)s->svr.qbit_RD)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%u\n",
< (unsigned)s->svr.qbit_RA)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%u\n",
< (unsigned)s->svr.qbit_Z)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%u\n",
< (unsigned)s->svr.qbit_AD)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%u\n",
< (unsigned)s->svr.qbit_CD)) return 0;
< if(!ssl_printf(ssl, "num.query.edns.present"SQ"%u\n",
< (unsigned)s->svr.qEDNS)) return 0;
< if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%u\n",
< (unsigned)s->svr.qEDNS_DO)) return 0;
---
> if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n",
> (unsigned long)s->svr.qbit_QR)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%lu\n",
> (unsigned long)s->svr.qbit_AA)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%lu\n",
> (unsigned long)s->svr.qbit_TC)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%lu\n",
> (unsigned long)s->svr.qbit_RD)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%lu\n",
> (unsigned long)s->svr.qbit_RA)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%lu\n",
> (unsigned long)s->svr.qbit_Z)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%lu\n",
> (unsigned long)s->svr.qbit_AD)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%lu\n",
> (unsigned long)s->svr.qbit_CD)) return 0;
> if(!ssl_printf(ssl, "num.query.edns.present"SQ"%lu\n",
> (unsigned long)s->svr.qEDNS)) return 0;
> if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%lu\n",
> (unsigned long)s->svr.qEDNS_DO)) return 0;
850c857,858
< if(inhibit_zero && s->svr.ans_rcode[i] == 0)
---
> /* Always include RCODEs 0-5 */
> if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0)
858,859c866,867
< if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%u\n",
< nm, (unsigned)s->svr.ans_rcode[i])) return 0;
---
> if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%lu\n",
> nm, (unsigned long)s->svr.ans_rcode[i])) return 0;
862,863c870,871
< if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%u\n",
< (unsigned)s->svr.ans_rcode_nodata)) return 0;
---
> if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%lu\n",
> (unsigned long)s->svr.ans_rcode_nodata)) return 0;
866,871c874,879
< if(!ssl_printf(ssl, "num.answer.secure"SQ"%u\n",
< (unsigned)s->svr.ans_secure)) return 0;
< if(!ssl_printf(ssl, "num.answer.bogus"SQ"%u\n",
< (unsigned)s->svr.ans_bogus)) return 0;
< if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%u\n",
< (unsigned)s->svr.rrset_bogus)) return 0;
---
> if(!ssl_printf(ssl, "num.answer.secure"SQ"%lu\n",
> (unsigned long)s->svr.ans_secure)) return 0;
> if(!ssl_printf(ssl, "num.answer.bogus"SQ"%lu\n",
> (unsigned long)s->svr.ans_bogus)) return 0;
> if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n",
> (unsigned long)s->svr.rrset_bogus)) return 0;
873,876c881,893
< if(!ssl_printf(ssl, "unwanted.queries"SQ"%u\n",
< (unsigned)s->svr.unwanted_queries)) return 0;
< if(!ssl_printf(ssl, "unwanted.replies"SQ"%u\n",
< (unsigned)s->svr.unwanted_replies)) return 0;
---
> if(!ssl_printf(ssl, "unwanted.queries"SQ"%lu\n",
> (unsigned long)s->svr.unwanted_queries)) return 0;
> if(!ssl_printf(ssl, "unwanted.replies"SQ"%lu\n",
> (unsigned long)s->svr.unwanted_replies)) return 0;
> /* cache counts */
> if(!ssl_printf(ssl, "msg.cache.count"SQ"%u\n",
> (unsigned)s->svr.msg_cache_count)) return 0;
> if(!ssl_printf(ssl, "rrset.cache.count"SQ"%u\n",
> (unsigned)s->svr.rrset_cache_count)) return 0;
> if(!ssl_printf(ssl, "infra.cache.count"SQ"%u\n",
> (unsigned)s->svr.infra_cache_count)) return 0;
> if(!ssl_printf(ssl, "key.cache.count"SQ"%u\n",
> (unsigned)s->svr.key_cache_count)) return 0;
1081c1098
< h = query_info_hash(&k);
---
> h = query_info_hash(&k, 0);
1082a1100,1104
> if(t == LDNS_RR_TYPE_AAAA) {
> /* for AAAA also flush dns64 bit_cd packet */
> h = query_info_hash(&k, BIT_CD);
> slabhash_remove(worker->env.msg_cache, h, &k);
> }
1289,1291c1311,1313
< (void)ssl_printf(ssl, "ok removed %u rrsets, %u messages "
< "and %u key entries\n", (unsigned)inf.num_rrsets,
< (unsigned)inf.num_msgs, (unsigned)inf.num_keys);
---
> (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
> "and %lu key entries\n", (unsigned long)inf.num_rrsets,
> (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys);
1333c1355
< /** remove all rrsets and keys from zone from cache */
---
> /** remove all bogus rrsets, msgs and keys from cache */
1357,1359c1379,1381
< (void)ssl_printf(ssl, "ok removed %u rrsets, %u messages "
< "and %u key entries\n", (unsigned)inf.num_rrsets,
< (unsigned)inf.num_msgs, (unsigned)inf.num_keys);
---
> (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
> "and %lu key entries\n", (unsigned long)inf.num_rrsets,
> (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys);
1361a1384,1459
> /** callback to delete negative and servfail rrsets */
> static void
> negative_del_rrset(struct lruhash_entry* e, void* arg)
> {
> /* entry is locked */
> struct del_info* inf = (struct del_info*)arg;
> struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)e->key;
> struct packed_rrset_data* d = (struct packed_rrset_data*)e->data;
> /* delete the parentside negative cache rrsets,
> * these are namerserver rrsets that failed lookup, rdata empty */
> if((k->rk.flags & PACKED_RRSET_PARENT_SIDE) && d->count == 1 &&
> d->rrsig_count == 0 && d->rr_len[0] == 0) {
> d->ttl = inf->expired;
> inf->num_rrsets++;
> }
> }
>
> /** callback to delete negative and servfail messages */
> static void
> negative_del_msg(struct lruhash_entry* e, void* arg)
> {
> /* entry is locked */
> struct del_info* inf = (struct del_info*)arg;
> struct reply_info* d = (struct reply_info*)e->data;
> /* rcode not NOERROR: NXDOMAIN, SERVFAIL, ..: an nxdomain or error
> * or NOERROR rcode with ANCOUNT==0: a NODATA answer */
> if(FLAGS_GET_RCODE(d->flags) != 0 || d->an_numrrsets == 0) {
> d->ttl = inf->expired;
> inf->num_msgs++;
> }
> }
>
> /** callback to delete negative key entries */
> static void
> negative_del_kcache(struct lruhash_entry* e, void* arg)
> {
> /* entry is locked */
> struct del_info* inf = (struct del_info*)arg;
> struct key_entry_data* d = (struct key_entry_data*)e->data;
> /* could be bad because of lookup failure on the DS, DNSKEY, which
> * was nxdomain or servfail, and thus a result of negative lookups */
> if(d->isbad) {
> d->ttl = inf->expired;
> inf->num_keys++;
> }
> }
>
> /** remove all negative(NODATA,NXDOMAIN), and servfail messages from cache */
> static void
> do_flush_negative(SSL* ssl, struct worker* worker)
> {
> struct del_info inf;
> /* what we do is to set them all expired */
> inf.worker = worker;
> inf.now = *worker->env.now;
> inf.expired = *worker->env.now;
> inf.expired -= 3; /* handle 3 seconds skew between threads */
> inf.num_rrsets = 0;
> inf.num_msgs = 0;
> inf.num_keys = 0;
> slabhash_traverse(&worker->env.rrset_cache->table, 1,
> &negative_del_rrset, &inf);
>
> slabhash_traverse(worker->env.msg_cache, 1, &negative_del_msg, &inf);
>
> /* and validator cache */
> if(worker->env.key_cache) {
> slabhash_traverse(worker->env.key_cache->slab, 1,
> &negative_del_kcache, &inf);
> }
>
> (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
> "and %lu key entries\n", (unsigned long)inf.num_rrsets,
> (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys);
> }
>
1398c1496
< if(!ssl_printf(ssl, "%s %s %s: ", buf, (c?c:"CLASS??"), str)) {
---
> if(!ssl_printf(ssl, "%s %s %s ", buf, (c?c:"CLASS??"), str)) {
1732a1831,1834
> if(!ssl_printf(ssl, "options:%s%s\n" ,
> (worker->daemon->reuseport?" reuseport":""),
> (worker->daemon->rc->accept_list?" control(ssl)":"")))
> return;
1854a1957,1959
> /** ssl failure? stop writing and skip the rest. If the tcp
> * connection is broken, and writes fail, we then stop writing. */
> int ssl_failed;
1865a1971,1972
> if(a->ssl_failed)
> return;
1872c1979,1982
< name, d->rtt.rto)) return;
---
> name, d->rtt.rto)) {
> a->ssl_failed = 1;
> return;
> }
1876c1986
< if(!ssl_printf(a->ssl, "%s %s ttl %d ping %d var %d rtt %d rto %d "
---
> if(!ssl_printf(a->ssl, "%s %s ttl %lu ping %d var %d rtt %d rto %d "
1879c1989
< "other %d\n", ip_str, name, (int)(d->ttl - a->now),
---
> "other %d\n", ip_str, name, (unsigned long)(d->ttl - a->now),
1885c1995,1996
< (int)d->lame_other))
---
> (int)d->lame_other)) {
> a->ssl_failed = 1;
1886a1998
> }
1896a2009
> arg.ssl_failed = 0;
1948a2062,2063
> struct trust_anchor* a;
> int insecure;
1951,1952c2066,2078
< if(!ssl_print_name_dp(ssl, "forward", z->name, z->dclass,
< z->dp))
---
>
> /* see if it is insecure */
> insecure = 0;
> if(worker->env.anchors &&
> (a=anchor_find(worker->env.anchors, z->name,
> z->namelabs, z->namelen, z->dclass))) {
> if(!a->keylist && !a->numDS && !a->numDNSKEY)
> insecure = 1;
> lock_basic_unlock(&a->lock);
> }
>
> if(!ssl_print_name_dp(ssl, (insecure?"forward +i":"forward"),
> z->name, z->dclass, z->dp))
1961a2088,2090
> struct trust_anchor* a;
> int insecure;
> char str[32];
1963,1964c2092,2105
< if(!ssl_print_name_dp(ssl,
< z->noprime?"stub noprime":"stub prime", z->node.name,
---
>
> /* see if it is insecure */
> insecure = 0;
> if(worker->env.anchors &&
> (a=anchor_find(worker->env.anchors, z->node.name,
> z->node.labs, z->node.len, z->node.dclass))) {
> if(!a->keylist && !a->numDS && !a->numDNSKEY)
> insecure = 1;
> lock_basic_unlock(&a->lock);
> }
>
> snprintf(str, sizeof(str), "stub %sprime%s",
> (z->noprime?"no":""), (insecure?" +i":""));
> if(!ssl_print_name_dp(ssl, str, z->node.name,
1981,1982c2122,2128
< (void)ssl_printf(ssl, "%s %s\n", buf,
< local_zone_type2str(z->type));
---
> if(!ssl_printf(ssl, "%s %s\n", buf,
> local_zone_type2str(z->type))) {
> /* failure to print */
> lock_rw_unlock(&z->lock);
> lock_rw_unlock(&zones->lock);
> return;
> }
2175a2322,2323
> } else if(cmdcmp(p, "flush_negative", 14)) {
> do_flush_negative(ssl, worker);
< * unbound-control tool, or a SSLv3/TLS capable web browser.
< * The channel is secured using SSLv3 or TLSv1, and certificates.
---
> * unbound-control tool, or a TLS capable web browser.
> * The channel is secured using TLSv1, and certificates.
157c157
< /* no SSLv2 because has defects */
---
> /* no SSLv2, SSLv3 because has defects */
162a163,167
> if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){
> log_crypto_err("could not set SSL_OP_NO_SSLv3");
> daemon_remote_delete(rc);
> return NULL;
> }
561c566
< while( isspace(*str) )
---
> while( isspace((unsigned char)*str) )
608,611c613,616
< if(!ssl_printf(ssl, "%s.num.queries"SQ"%u\n", nm,
< (unsigned)s->svr.num_queries)) return 0;
< if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%u\n", nm,
< (unsigned)(s->svr.num_queries
---
> if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm,
> (unsigned long)s->svr.num_queries)) return 0;
> if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%lu\n", nm,
> (unsigned long)(s->svr.num_queries
613,618c618,623
< if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%u\n", nm,
< (unsigned)s->svr.num_queries_missed_cache)) return 0;
< if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%u\n", nm,
< (unsigned)s->svr.num_queries_prefetch)) return 0;
< if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%u\n", nm,
< (unsigned)s->mesh_replies_sent)) return 0;
---
> if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%lu\n", nm,
> (unsigned long)s->svr.num_queries_missed_cache)) return 0;
> if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%lu\n", nm,
> (unsigned long)s->svr.num_queries_prefetch)) return 0;
> if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm,
> (unsigned long)s->mesh_replies_sent)) return 0;
624,633c629,638
< if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%u\n", nm,
< (unsigned)s->svr.max_query_list_size)) return 0;
< if(!ssl_printf(ssl, "%s.requestlist.overwritten"SQ"%u\n", nm,
< (unsigned)s->mesh_jostled)) return 0;
< if(!ssl_printf(ssl, "%s.requestlist.exceeded"SQ"%u\n", nm,
< (unsigned)s->mesh_dropped)) return 0;
< if(!ssl_printf(ssl, "%s.requestlist.current.all"SQ"%u\n", nm,
< (unsigned)s->mesh_num_states)) return 0;
< if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%u\n", nm,
< (unsigned)s->mesh_num_reply_states)) return 0;
---
> if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%lu\n", nm,
> (unsigned long)s->svr.max_query_list_size)) return 0;
> if(!ssl_printf(ssl, "%s.requestlist.overwritten"SQ"%lu\n", nm,
> (unsigned long)s->mesh_jostled)) return 0;
> if(!ssl_printf(ssl, "%s.requestlist.exceeded"SQ"%lu\n", nm,
> (unsigned long)s->mesh_dropped)) return 0;
> if(!ssl_printf(ssl, "%s.requestlist.current.all"SQ"%lu\n", nm,
> (unsigned long)s->mesh_num_states)) return 0;
> if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%lu\n", nm,
> (unsigned long)s->mesh_num_reply_states)) return 0;
663c668
< return ssl_printf(ssl, "%s%u\n", desc, (unsigned)x);
---
> return ssl_printf(ssl, "%s%lu\n", desc, (unsigned long)x);
742c747
< "histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%u\n",
---
> "histogram.%6.6d.%6.6d.to.%6.6d.%6.6d=%lu\n",
747c752
< (unsigned)hist->buckets[i].count)) {
---
> (unsigned long)hist->buckets[i].count)) {
784,785c789,790
< if(!ssl_printf(ssl, "num.query.type.%s"SQ"%u\n",
< nm, (unsigned)s->svr.qtype[i])) return 0;
---
> if(!ssl_printf(ssl, "num.query.type.%s"SQ"%lu\n",
> nm, (unsigned long)s->svr.qtype[i])) return 0;
788,789c793,794
< if(!ssl_printf(ssl, "num.query.type.other"SQ"%u\n",
< (unsigned)s->svr.qtype_big)) return 0;
---
> if(!ssl_printf(ssl, "num.query.type.other"SQ"%lu\n",
> (unsigned long)s->svr.qtype_big)) return 0;
801,802c806,807
< if(!ssl_printf(ssl, "num.query.class.%s"SQ"%u\n",
< nm, (unsigned)s->svr.qclass[i])) return 0;
---
> if(!ssl_printf(ssl, "num.query.class.%s"SQ"%lu\n",
> nm, (unsigned long)s->svr.qclass[i])) return 0;
805,806c810,811
< if(!ssl_printf(ssl, "num.query.class.other"SQ"%u\n",
< (unsigned)s->svr.qclass_big)) return 0;
---
> if(!ssl_printf(ssl, "num.query.class.other"SQ"%lu\n",
> (unsigned long)s->svr.qclass_big)) return 0;
818,819c823,824
< if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%u\n",
< nm, (unsigned)s->svr.qopcode[i])) return 0;
---
> if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%lu\n",
> nm, (unsigned long)s->svr.qopcode[i])) return 0;
822,825c827,832
< if(!ssl_printf(ssl, "num.query.tcp"SQ"%u\n",
< (unsigned)s->svr.qtcp)) return 0;
< if(!ssl_printf(ssl, "num.query.ipv6"SQ"%u\n",
< (unsigned)s->svr.qipv6)) return 0;
---
> if(!ssl_printf(ssl, "num.query.tcp"SQ"%lu\n",
> (unsigned long)s->svr.qtcp)) return 0;
> if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n",
> (unsigned long)s->svr.qtcp_outgoing)) return 0;
> if(!ssl_printf(ssl, "num.query.ipv6"SQ"%lu\n",
> (unsigned long)s->svr.qipv6)) return 0;
827,846c834,853
< if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%u\n",
< (unsigned)s->svr.qbit_QR)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%u\n",
< (unsigned)s->svr.qbit_AA)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%u\n",
< (unsigned)s->svr.qbit_TC)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%u\n",
< (unsigned)s->svr.qbit_RD)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%u\n",
< (unsigned)s->svr.qbit_RA)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%u\n",
< (unsigned)s->svr.qbit_Z)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%u\n",
< (unsigned)s->svr.qbit_AD)) return 0;
< if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%u\n",
< (unsigned)s->svr.qbit_CD)) return 0;
< if(!ssl_printf(ssl, "num.query.edns.present"SQ"%u\n",
< (unsigned)s->svr.qEDNS)) return 0;
< if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%u\n",
< (unsigned)s->svr.qEDNS_DO)) return 0;
---
> if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n",
> (unsigned long)s->svr.qbit_QR)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%lu\n",
> (unsigned long)s->svr.qbit_AA)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%lu\n",
> (unsigned long)s->svr.qbit_TC)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%lu\n",
> (unsigned long)s->svr.qbit_RD)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%lu\n",
> (unsigned long)s->svr.qbit_RA)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%lu\n",
> (unsigned long)s->svr.qbit_Z)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%lu\n",
> (unsigned long)s->svr.qbit_AD)) return 0;
> if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%lu\n",
> (unsigned long)s->svr.qbit_CD)) return 0;
> if(!ssl_printf(ssl, "num.query.edns.present"SQ"%lu\n",
> (unsigned long)s->svr.qEDNS)) return 0;
> if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%lu\n",
> (unsigned long)s->svr.qEDNS_DO)) return 0;
850c857,858
< if(inhibit_zero && s->svr.ans_rcode[i] == 0)
---
> /* Always include RCODEs 0-5 */
> if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0)
858,859c866,867
< if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%u\n",
< nm, (unsigned)s->svr.ans_rcode[i])) return 0;
---
> if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%lu\n",
> nm, (unsigned long)s->svr.ans_rcode[i])) return 0;
862,863c870,871
< if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%u\n",
< (unsigned)s->svr.ans_rcode_nodata)) return 0;
---
> if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%lu\n",
> (unsigned long)s->svr.ans_rcode_nodata)) return 0;
866,871c874,879
< if(!ssl_printf(ssl, "num.answer.secure"SQ"%u\n",
< (unsigned)s->svr.ans_secure)) return 0;
< if(!ssl_printf(ssl, "num.answer.bogus"SQ"%u\n",
< (unsigned)s->svr.ans_bogus)) return 0;
< if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%u\n",
< (unsigned)s->svr.rrset_bogus)) return 0;
---
> if(!ssl_printf(ssl, "num.answer.secure"SQ"%lu\n",
> (unsigned long)s->svr.ans_secure)) return 0;
> if(!ssl_printf(ssl, "num.answer.bogus"SQ"%lu\n",
> (unsigned long)s->svr.ans_bogus)) return 0;
> if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n",
> (unsigned long)s->svr.rrset_bogus)) return 0;
873,876c881,893
< if(!ssl_printf(ssl, "unwanted.queries"SQ"%u\n",
< (unsigned)s->svr.unwanted_queries)) return 0;
< if(!ssl_printf(ssl, "unwanted.replies"SQ"%u\n",
< (unsigned)s->svr.unwanted_replies)) return 0;
---
> if(!ssl_printf(ssl, "unwanted.queries"SQ"%lu\n",
> (unsigned long)s->svr.unwanted_queries)) return 0;
> if(!ssl_printf(ssl, "unwanted.replies"SQ"%lu\n",
> (unsigned long)s->svr.unwanted_replies)) return 0;
> /* cache counts */
> if(!ssl_printf(ssl, "msg.cache.count"SQ"%u\n",
> (unsigned)s->svr.msg_cache_count)) return 0;
> if(!ssl_printf(ssl, "rrset.cache.count"SQ"%u\n",
> (unsigned)s->svr.rrset_cache_count)) return 0;
> if(!ssl_printf(ssl, "infra.cache.count"SQ"%u\n",
> (unsigned)s->svr.infra_cache_count)) return 0;
> if(!ssl_printf(ssl, "key.cache.count"SQ"%u\n",
> (unsigned)s->svr.key_cache_count)) return 0;
1081c1098
< h = query_info_hash(&k);
---
> h = query_info_hash(&k, 0);
1082a1100,1104
> if(t == LDNS_RR_TYPE_AAAA) {
> /* for AAAA also flush dns64 bit_cd packet */
> h = query_info_hash(&k, BIT_CD);
> slabhash_remove(worker->env.msg_cache, h, &k);
> }
1289,1291c1311,1313
< (void)ssl_printf(ssl, "ok removed %u rrsets, %u messages "
< "and %u key entries\n", (unsigned)inf.num_rrsets,
< (unsigned)inf.num_msgs, (unsigned)inf.num_keys);
---
> (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
> "and %lu key entries\n", (unsigned long)inf.num_rrsets,
> (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys);
1333c1355
< /** remove all rrsets and keys from zone from cache */
---
> /** remove all bogus rrsets, msgs and keys from cache */
1357,1359c1379,1381
< (void)ssl_printf(ssl, "ok removed %u rrsets, %u messages "
< "and %u key entries\n", (unsigned)inf.num_rrsets,
< (unsigned)inf.num_msgs, (unsigned)inf.num_keys);
---
> (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
> "and %lu key entries\n", (unsigned long)inf.num_rrsets,
> (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys);
1361a1384,1459
> /** callback to delete negative and servfail rrsets */
> static void
> negative_del_rrset(struct lruhash_entry* e, void* arg)
> {
> /* entry is locked */
> struct del_info* inf = (struct del_info*)arg;
> struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)e->key;
> struct packed_rrset_data* d = (struct packed_rrset_data*)e->data;
> /* delete the parentside negative cache rrsets,
> * these are namerserver rrsets that failed lookup, rdata empty */
> if((k->rk.flags & PACKED_RRSET_PARENT_SIDE) && d->count == 1 &&
> d->rrsig_count == 0 && d->rr_len[0] == 0) {
> d->ttl = inf->expired;
> inf->num_rrsets++;
> }
> }
>
> /** callback to delete negative and servfail messages */
> static void
> negative_del_msg(struct lruhash_entry* e, void* arg)
> {
> /* entry is locked */
> struct del_info* inf = (struct del_info*)arg;
> struct reply_info* d = (struct reply_info*)e->data;
> /* rcode not NOERROR: NXDOMAIN, SERVFAIL, ..: an nxdomain or error
> * or NOERROR rcode with ANCOUNT==0: a NODATA answer */
> if(FLAGS_GET_RCODE(d->flags) != 0 || d->an_numrrsets == 0) {
> d->ttl = inf->expired;
> inf->num_msgs++;
> }
> }
>
> /** callback to delete negative key entries */
> static void
> negative_del_kcache(struct lruhash_entry* e, void* arg)
> {
> /* entry is locked */
> struct del_info* inf = (struct del_info*)arg;
> struct key_entry_data* d = (struct key_entry_data*)e->data;
> /* could be bad because of lookup failure on the DS, DNSKEY, which
> * was nxdomain or servfail, and thus a result of negative lookups */
> if(d->isbad) {
> d->ttl = inf->expired;
> inf->num_keys++;
> }
> }
>
> /** remove all negative(NODATA,NXDOMAIN), and servfail messages from cache */
> static void
> do_flush_negative(SSL* ssl, struct worker* worker)
> {
> struct del_info inf;
> /* what we do is to set them all expired */
> inf.worker = worker;
> inf.now = *worker->env.now;
> inf.expired = *worker->env.now;
> inf.expired -= 3; /* handle 3 seconds skew between threads */
> inf.num_rrsets = 0;
> inf.num_msgs = 0;
> inf.num_keys = 0;
> slabhash_traverse(&worker->env.rrset_cache->table, 1,
> &negative_del_rrset, &inf);
>
> slabhash_traverse(worker->env.msg_cache, 1, &negative_del_msg, &inf);
>
> /* and validator cache */
> if(worker->env.key_cache) {
> slabhash_traverse(worker->env.key_cache->slab, 1,
> &negative_del_kcache, &inf);
> }
>
> (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
> "and %lu key entries\n", (unsigned long)inf.num_rrsets,
> (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys);
> }
>
1398c1496
< if(!ssl_printf(ssl, "%s %s %s: ", buf, (c?c:"CLASS??"), str)) {
---
> if(!ssl_printf(ssl, "%s %s %s ", buf, (c?c:"CLASS??"), str)) {
1732a1831,1834
> if(!ssl_printf(ssl, "options:%s%s\n" ,
> (worker->daemon->reuseport?" reuseport":""),
> (worker->daemon->rc->accept_list?" control(ssl)":"")))
> return;
1854a1957,1959
> /** ssl failure? stop writing and skip the rest. If the tcp
> * connection is broken, and writes fail, we then stop writing. */
> int ssl_failed;
1865a1971,1972
> if(a->ssl_failed)
> return;
1872c1979,1982
< name, d->rtt.rto)) return;
---
> name, d->rtt.rto)) {
> a->ssl_failed = 1;
> return;
> }
1876c1986
< if(!ssl_printf(a->ssl, "%s %s ttl %d ping %d var %d rtt %d rto %d "
---
> if(!ssl_printf(a->ssl, "%s %s ttl %lu ping %d var %d rtt %d rto %d "
1879c1989
< "other %d\n", ip_str, name, (int)(d->ttl - a->now),
---
> "other %d\n", ip_str, name, (unsigned long)(d->ttl - a->now),
1885c1995,1996
< (int)d->lame_other))
---
> (int)d->lame_other)) {
> a->ssl_failed = 1;
1886a1998
> }
1896a2009
> arg.ssl_failed = 0;
1948a2062,2063
> struct trust_anchor* a;
> int insecure;
1951,1952c2066,2078
< if(!ssl_print_name_dp(ssl, "forward", z->name, z->dclass,
< z->dp))
---
>
> /* see if it is insecure */
> insecure = 0;
> if(worker->env.anchors &&
> (a=anchor_find(worker->env.anchors, z->name,
> z->namelabs, z->namelen, z->dclass))) {
> if(!a->keylist && !a->numDS && !a->numDNSKEY)
> insecure = 1;
> lock_basic_unlock(&a->lock);
> }
>
> if(!ssl_print_name_dp(ssl, (insecure?"forward +i":"forward"),
> z->name, z->dclass, z->dp))
1961a2088,2090
> struct trust_anchor* a;
> int insecure;
> char str[32];
1963,1964c2092,2105
< if(!ssl_print_name_dp(ssl,
< z->noprime?"stub noprime":"stub prime", z->node.name,
---
>
> /* see if it is insecure */
> insecure = 0;
> if(worker->env.anchors &&
> (a=anchor_find(worker->env.anchors, z->node.name,
> z->node.labs, z->node.len, z->node.dclass))) {
> if(!a->keylist && !a->numDS && !a->numDNSKEY)
> insecure = 1;
> lock_basic_unlock(&a->lock);
> }
>
> snprintf(str, sizeof(str), "stub %sprime%s",
> (z->noprime?"no":""), (insecure?" +i":""));
> if(!ssl_print_name_dp(ssl, str, z->node.name,
1981,1982c2122,2128
< (void)ssl_printf(ssl, "%s %s\n", buf,
< local_zone_type2str(z->type));
---
> if(!ssl_printf(ssl, "%s %s\n", buf,
> local_zone_type2str(z->type))) {
> /* failure to print */
> lock_rw_unlock(&z->lock);
> lock_rw_unlock(&zones->lock);
> return;
> }
2175a2322,2323
> } else if(cmdcmp(p, "flush_negative", 14)) {
> do_flush_negative(ssl, worker);