From 04f4ab9b927e112f0bb74762ce0761cca4ce22e6 Mon Sep 17 00:00:00 2001
From: Eric Luehrsen <ericluehrsen@gmail.com>
Date: Tue, 23 Oct 2018 21:52:49 -0400
Subject: [PATCH] unbound: fix odhcpd link and axfr zone scripts

- fix AXFR zones to delay a potentially large download with ntp-hotplug
- fix odhcpd link script to properly delete expired lease data from DNS

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
---
 net/unbound/Makefile         |  2 +-
 net/unbound/files/odhcpd.awk | 63 ++++++++++++++--------------
 net/unbound/files/odhcpd.sh  | 81 ++++++++++++++++++++----------------
 net/unbound/files/unbound.sh |  4 +-
 4 files changed, 79 insertions(+), 71 deletions(-)

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index eaa905146..e89afc7e1 100644
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
 PKG_VERSION:=1.8.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
diff --git a/net/unbound/files/odhcpd.awk b/net/unbound/files/odhcpd.awk
index b97f2f1aa..85c15c2f2 100644
--- a/net/unbound/files/odhcpd.awk
+++ b/net/unbound/files/odhcpd.awk
@@ -18,11 +18,12 @@
 # function from dnsmasq and use DHCPv4 MAC to find IPV6 SLAAC hosts.
 #
 # External Parameters
-#   "hostfile" = where this script will cache host DNS data
+#   "conffile" = Unbound configuration left for a restart
+#   "pipefile" = DNS entries for unbound-control standard input
 #   "domain" = text domain suffix
 #   "bslaac" = boolean, use DHCPv4 MAC to find GA and ULA IPV6 SLAAC
 #   "bisolt" = boolean, format <host>.<network>.<domain>. so you can isolate
-#   "bconf"  = boolean, write conf file format rather than pipe records
+#   "bconf"  = boolean, write conf file with pipe records
 #
 ##############################################################################
 
@@ -66,15 +67,15 @@
     if ( bconf == 1 ) {
       x = ( "local-data: \"" fqdn ". 300 IN A " adr "\"" ) ;
       y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
-      print ( x "\n" y "\n" ) > hostfile ;
+      print ( x "\n" y "\n" ) > conffile ;
     }
 
-    else {
-      for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
-      x = ( fqdn ". 300 IN A " adr ) ;
-      y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ;
-      print ( x "\n" y ) > hostfile ;
-    }
+
+    # always create the pipe file
+    for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
+    x = ( fqdn ". 300 IN A " adr ) ;
+    y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ;
+    print ( x "\n" y ) > pipefile ;
 
 
     if (( bslaac == 1 ) && ( slaac != 0 )) {
@@ -100,15 +101,15 @@
           if ( bconf == 1 ) {
             x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
             y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
-            print ( x "\n" y "\n" ) > hostfile ;
+            print ( x "\n" y "\n" ) > conffile ;
           }
 
-          else {
-            qpr = ipv6_ptr( adr ) ;
-            x = ( fqdn ". 300 IN AAAA " adr ) ;
-            y = ( qpr ". 300 IN PTR " fqdn ) ;
-            print ( x "\n" y ) > hostfile ;
-          }
+
+          # always create the pipe file
+          qpr = ipv6_ptr( adr ) ;
+          x = ( fqdn ". 300 IN AAAA " adr ) ;
+          y = ( qpr ". 300 IN PTR " fqdn ) ;
+          print ( x "\n" y ) > pipefile ;
         }
       }
 
@@ -122,32 +123,30 @@
       if ( bconf == 1 ) {
         x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
         y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
-        print ( x "\n" y "\n" ) > hostfile ;
+        print ( x "\n" y "\n" ) > conffile ;
       }
 
-      else {
-        # only for provided hostnames and full /128 assignments
-        qpr = ipv6_ptr( adr ) ;
-        x = ( fqdn ". 300 IN AAAA " adr ) ;
-        y = ( qpr ". 300 IN PTR " fqdn ) ;
-        print ( x "\n" y ) > hostfile ;
-      }
+
+      # only for provided hostnames and full /128 assignments
+      qpr = ipv6_ptr( adr ) ;
+      x = ( fqdn ". 300 IN AAAA " adr ) ;
+      y = ( qpr ". 300 IN PTR " fqdn ) ;
+      print ( x "\n" y ) > pipefile ;
     }
 
     if (cdr2 == 128) {
       if ( bconf == 1 ) {
         x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr2 "\"" ) ;
         y = ( "local-data-ptr: \"" adr2 " 300 " fqdn "\"" ) ;
-        print ( x "\n" y "\n" ) > hostfile ;
+        print ( x "\n" y "\n" ) > conffile ;
       }
 
-      else {
-        # odhcp puts GA and ULA on the same line (position 9 and 10)
-        qpr2 = ipv6_ptr( adr2 ) ;
-        x = ( fqdn ". 300 IN AAAA " adr2 ) ;
-        y = ( qpr2 ". 300 IN PTR " fqdn ) ;
-        print ( x "\n" y ) > hostfile ;
-      }
+
+      # odhcp puts GA and ULA on the same line (position 9 and 10)
+      qpr2 = ipv6_ptr( adr2 ) ;
+      x = ( fqdn ". 300 IN AAAA " adr2 ) ;
+      y = ( qpr2 ". 300 IN PTR " fqdn ) ;
+      print ( x "\n" y ) > pipefile ;
     }
   }
 
diff --git a/net/unbound/files/odhcpd.sh b/net/unbound/files/odhcpd.sh
index 721198d70..da6f1afe0 100644
--- a/net/unbound/files/odhcpd.sh
+++ b/net/unbound/files/odhcpd.sh
@@ -29,14 +29,6 @@
 ##############################################################################
 
 odhcpd_zonedata() {
-  local longconf dateconf
-  local dns_ls_add=$UB_VARDIR/dhcp_dns.add
-  local dns_ls_del=$UB_VARDIR/dhcp_dns.del
-  local dhcp_ls_new=$UB_VARDIR/dhcp_lease.new
-  local dhcp_ls_old=$UB_VARDIR/dhcp_lease.old
-  local dhcp_ls_add=$UB_VARDIR/dhcp_lease.add
-  local dhcp_ls_del=$UB_VARDIR/dhcp_lease.del
-
   local dhcp_link=$( uci_get unbound.@unbound[0].dhcp_link )
   local dhcp4_slaac6=$( uci_get unbound.@unbound[0].dhcp4_slaac6 )
   local dhcp_domain=$( uci_get unbound.@unbound[0].domain )
@@ -45,52 +37,68 @@ odhcpd_zonedata() {
 
   if [ -f "$UB_TOTAL_CONF" -a -f "$dhcp_origin" \
        -a "$dhcp_link" = "odhcpd" -a -n "$dhcp_domain" ] ; then
+    local longconf dateconf
+    local dns_ls_add=$UB_VARDIR/dhcp_dns.add
+    local dns_ls_del=$UB_VARDIR/dhcp_dns.del
+    local dns_ls_new=$UB_VARDIR/dhcp_dns.new
+    local dns_ls_old=$UB_VARDIR/dhcp_dns.old
+    local dhcp_ls_new=$UB_VARDIR/dhcp_lease.new
+
     # Capture the lease file which could be changing often
     sort $dhcp_origin > $dhcp_ls_new
 
 
-    if [ ! -f $UB_DHCP_CONF -o ! -f $dhcp_ls_old ] ; then
-      longconf=2
+    if [ ! -f $UB_DHCP_CONF -o ! -f $dns_ls_old ] ; then
+      # no old files laying around
+      longconf=freshstart
 
     else
+      # incremental at high load or full refresh about each 5 minutes
       dateconf=$(( $( date +%s ) - $( date -r $UB_DHCP_CONF +%s ) ))
 
 
-      if [ $dateconf > 150 ] ; then
-        longconf=1
+      if [ $dateconf -gt 300 ] ; then
+        longconf=longtime
       else
-        longconf=0
+        longconf=increment
       fi
     fi
 
 
-    if [ $longconf -gt 0 ] ; then
-      # Go through the messy business of coding up A, AAAA, and PTR records
-      # This static conf will be available if Unbound restarts asynchronously
-      awk -v hostfile=$UB_DHCP_CONF -v domain=$dhcp_domain \
-          -v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=1 \
+    case $longconf in
+    freshstart)
+      awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \
+          -v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \
+          -v bisolt=0 -v bconf=1 \
           -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
-    fi
-
 
-    if [ $longconf -lt 2 ] ; then
-      # Deleting and adding all records into Unbound can be a burden in a
-      # high density environment. Use unbound-control incrementally.
-      sort $dhcp_ls_old $dhcp_ls_new $dhcp_ls_new | uniq -u > $dhcp_ls_del
-      awk -v hostfile=$dns_ls_del -v domain=$dhcp_domain \
-          -v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=0 \
-          -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_del
+      cp $dns_ls_new $dns_ls_add
+      cp $dns_ls_new $dns_ls_old
+      ;;
 
-      sort $dhcp_ls_new $dhcp_ls_old $dhcp_ls_old | uniq -u > $dhcp_ls_add
-      awk -v hostfile=$dns_ls_add -v domain=$dhcp_domain \
-          -v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=0 \
-          -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_add
+    longtime)
+      awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \
+          -v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \
+          -v bisolt=0 -v bconf=1 \
+          -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
 
-    else
-      awk -v hostfile=$dns_ls_add -v domain=$dhcp_domain \
-          -v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=0 \
+      awk '{ print $1 }' $dns_ls_old | sort | uniq > $dns_ls_del
+      cp $dns_ls_new $dns_ls_add
+      cp $dns_ls_new $dns_ls_old
+      ;;
+
+    *)
+      # incremental add and prepare the old list for delete later
+      # unbound-control can be slow so high DHCP rates cannot run a full list
+      awk -v conffile=$UB_DHCP_CONF -v pipefile=$dns_ls_new \
+          -v domain=$dhcp_domain -v bslaac=$dhcp4_slaac6 \
+          -v bisolt=0 -v bconf=0 \
           -f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
-    fi
+
+      sort $dns_ls_new $dns_ls_old $dns_ls_old | uniq -u > $dns_ls_add
+      sort $dns_ls_new $dns_ls_old | uniq > $dns_ls_old
+      ;;
+    esac
 
 
     if [ -f "$dns_ls_del" ] ; then
@@ -104,8 +112,7 @@ odhcpd_zonedata() {
 
 
     # prepare next round
-    mv $dhcp_ls_new $dhcp_ls_old
-    rm -f $dns_ls_del $dns_ls_add $dhcp_ls_del $dhcp_ls_add
+    rm -f $dns_ls_new $dns_ls_del $dns_ls_add $dhcp_ls_new
   fi
 }
 
diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index 68b3c92b4..759616136 100644
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -422,8 +422,10 @@ unbound_zone() {
 
   case $zone_type in
     auth_zone)
-      if [ -n "$UB_LIST_ZONE_NAMES" \
+      if [ "$UB_B_NTP_BOOT" -eq 0 -a -n "$UB_LIST_ZONE_NAMES" \
            -a \( -n "$url_dir" -o -n "$UB_LIST_ZONE_SERVERS" \) ] ; then
+        # Note AXFR may have large downloads. If NTP restart is configured,
+        # then this can cause procd to force a process kill.
         for zone_name in $UB_LIST_ZONE_NAMES ; do
           if [ "$zone_name" = "." ] ; then
             zone_sym=.