ipsechook and unbound-checkconf

Paul Wouters paul at nohats.ca
Sun Jul 2 11:57:24 UTC 2017


Hi,

The unbound-checkconf code checks for the ipsecmod hook to exist:

 	check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook, cfg->chrootdir
,
  		cfg);

I want to ship unbound with the ipsecmod module enabled via the
modules line, but activated via unbound-control. This means that
the unbound.conf needs no changes when switching from regular mode
to the mode where it uses the ipsec module for lookups. Currently,
the ipsecmod hook is checked for, but if people don't have libreswan
installed, unbound-checkconf fails, and with the systemd service,
it means unbound won't start.

I've patched this check out to prevent this.

Paul
ps. minor nit: you should rename check_chroot_string() if you use
it for multiple things, one of which does not involve chroot :)




More information about the Unbound-users mailing list