Merge branch 'master' of github.com:NLnetLabs/unbound

daemon/daemon.c

@@ -633,6 +633,25 @@ static void close_other_pipes(struct daemon* daemon, int thr)
 }
 #endif /* THREADS_DISABLED */
 
+/**
+ * Function to set the thread local log ID.
+ * Either the internal thread number, or the LWP ID on Linux based on
+ * configuration.
+ */
+static void
+set_log_thread_id(struct worker* worker, struct config_file* cfg)
+{
+	(void)cfg;
+	log_assert(worker);
+#if defined(HAVE_GETTID) && !defined(THREADS_DISABLED)
+	worker->thread_tid = gettid();
+	if(cfg->log_thread_id)
+		log_thread_set(&worker->thread_tid);
+	else
+#endif
+		log_thread_set(&worker->thread_num);
+}
+
 /**
  * Function to start one thread. 
  * @param arg: user argument.
@@ -643,7 +662,7 @@ thread_start(void* arg)
 {
 	struct worker* worker = (struct worker*)arg;
 	int port_num = 0;
-	log_thread_set(&worker->thread_num);
+	set_log_thread_id(worker, worker->daemon->cfg);
 	ub_thread_blocksigs();
 #ifdef THREADS_DISABLED
 	/* close pipe ends used by main */
@@ -803,9 +822,13 @@ daemon_fork(struct daemon* daemon)
 		fatal_exit("RPZ requires the respip module");
 
 	/* first create all the worker structures, so we can pass
-	 * them to the newly created threads. 
+	 * them to the newly created threads.
 	 */
 	daemon_create_workers(daemon);
+	/* Set it for the first (main) worker since it does not take part in
+	 * the thread_start() procedure.
+	 */
+	set_log_thread_id(daemon->workers[0], daemon->cfg);
 
 #if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)
 	/* in libev the first inited base gets signals */

daemon/remote.c

@@ -5972,6 +5972,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg,
 	COPY_VAR_int(log_servfail);
 	COPY_VAR_ptr(log_identity);
 	COPY_VAR_int(log_destaddr);
+	COPY_VAR_int(log_thread_id);
 	COPY_VAR_int(hide_identity);
 	COPY_VAR_int(hide_version);
 	COPY_VAR_int(hide_trustanchor);
@@ -6634,7 +6635,14 @@ static void* fast_reload_thread_main(void* arg)
 	struct fast_reload_thread* fast_reload_thread = (struct fast_reload_thread*)arg;
 	struct timeval time_start, time_read, time_construct, time_reload,
 		time_end;
-	log_thread_set(&fast_reload_thread->threadnum);
+
+#if defined(HAVE_GETTID) && !defined(THREADS_DISABLED)
+	fast_reload_thread->thread_tid = gettid();
+	if(fast_reload_thread->thread_tid_log)
+		log_thread_set(&fast_reload_thread->thread_tid);
+	else
+#endif
+		log_thread_set(&fast_reload_thread->threadnum);
 
 	verbose(VERB_ALGO, "start fast reload thread");
 	if(fast_reload_thread->fr_verb >= 1) {
@@ -7022,6 +7030,9 @@ fast_reload_thread_setup(struct worker* worker, int fr_verb, int fr_nopause,
 	lock_basic_init(&fr->fr_output_lock);
 	lock_protect(&fr->fr_output_lock, fr->fr_output,
 		sizeof(*fr->fr_output));
+#ifdef HAVE_GETTID
+	fr->thread_tid_log = worker->env.cfg->log_thread_id;
+#endif
 	return 1;
 }
 

daemon/remote.h

@@ -206,6 +206,12 @@ struct fast_reload_thread {
 	int commpair[2];
 	/** thread id, of the io thread */
 	ub_thread_type tid;
+#ifdef HAVE_GETTID
+	/** thread tid, the LWP id */
+	pid_t thread_tid;
+	/** if logging should include the LWP id */
+	int thread_tid_log;
+#endif
 	/** if the io processing has started */
 	int started;
 	/** if the thread has to quit */

daemon/worker.c

@@ -2202,9 +2202,6 @@ worker_init(struct worker* worker, struct config_file *cfg,
 	struct dt_env* dtenv = &worker->dtenv;
 #else
 	void* dtenv = NULL;
-#endif
-#ifdef HAVE_GETTID
-	worker->thread_tid = gettid();
 #endif
 	worker->need_to_exit = 0;
 	worker->base = comm_base_create(do_sigs);

dnstap/dtstream.c

@@ -448,6 +448,9 @@ int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, struct config_file *cfg)
 		dtio->tls_use_sni = cfg->tls_use_sni;
 #endif /* HAVE_SSL */
 	}
+#ifdef HAVE_GETTID
+	dtio->thread_tid_log = cfg->log_thread_id;
+#endif
 	return 1;
 }
 
@@ -2130,7 +2133,14 @@ static void* dnstap_io(void* arg)
 	struct dt_io_thread* dtio = (struct dt_io_thread*)arg;
 	time_t secs = 0;
 	struct timeval now;
-	log_thread_set(&dtio->threadnum);
+
+#if defined(HAVE_GETTID) && !defined(THREADS_DISABLED)
+	dtio->thread_tid = gettid();
+	if(dtio->thread_tid_log)
+		log_thread_set(&dtio->thread_tid);
+	else
+#endif
+		log_thread_set(&dtio->threadnum);
 
 	/* setup */
 	verbose(VERB_ALGO, "start dnstap io thread");

dnstap/dtstream.h

@@ -131,6 +131,12 @@ struct dt_io_thread {
 	struct dt_io_list_item* io_list_iter;
 	/** thread id, of the io thread */
 	ub_thread_type tid;
+#ifdef HAVE_GETTID
+	/** thread tid, the LWP id */
+	pid_t thread_tid;
+	/** if logging should include the LWP id */
+	int thread_tid_log;
+#endif
 	/** if the io processing has started */
 	int started;
 	/** ssl context for the io thread, for tls connections. type SSL_CTX* */

doc/Changelog

@@ -2,6 +2,15 @@
 	- Fix that allow-notify entries with hostnames are copied after IPv4
 	  and IPv6 lookup.
 
+23 January 2026: Yorgos
+	- Merge #1396: Log Linux thread ID.
+	- On Linux systems log the system-wide unique thread ID instead of
+	  Unbound's internal thread counter.
+	- Introduce the 'log-thread-id' configuration option to manage logging
+	  the system-wide Linux thread ID for easier debugging with system
+	  tools.
+	- Update generated man pages.
+
 22 January 2026: Wouter
 	- Fix that fast reload copies the iter_scrub_ns, iter_scrub_cname
 	  and max_global_quota options.

doc/example.conf.in

@@ -496,6 +496,10 @@ server:
 	# print log lines that say why queries return SERVFAIL to clients.
 	# log-servfail: no
 
+	# log system-wide Linux thread ID, insted of Unbound's internal thread
+	# counter. Only on Linux and only when threads are available.
+	# log-thread-id: no
+
 	# the pid file. Can be an absolute path outside of chroot/work dir.
 	# pidfile: "@UNBOUND_PIDFILE@"
 

doc/libunbound.3.in

@@ -416,6 +416,6 @@ on a function return with file read failure.
 .SH AUTHOR
 Unbound developers are mentioned in the CREDITS file in the distribution.
 .SH COPYRIGHT
-1999-2025, NLnet Labs
+1999-2026, NLnet Labs
 .\" Generated by docutils manpage writer.
 .

doc/unbound-anchor.8.in

@@ -304,6 +304,6 @@ Signature on the root key information.
 .SH AUTHOR
 Unbound developers are mentioned in the CREDITS file in the distribution.
 .SH COPYRIGHT
-1999-2025, NLnet Labs
+1999-2026, NLnet Labs
 .\" Generated by docutils manpage writer.
 .

doc/unbound-checkconf.8.in

@@ -88,6 +88,6 @@ Unbound configuration file.
 .SH AUTHOR
 Unbound developers are mentioned in the CREDITS file in the distribution.
 .SH COPYRIGHT
-1999-2025, NLnet Labs
+1999-2026, NLnet Labs
 .\" Generated by docutils manpage writer.
 .

doc/unbound-control.8.in

@@ -978,6 +978,10 @@ Number of requests in the request list that were overwritten by newer
 entries.
 This happens if there is a flood of queries that recursive processing and
 the server has a hard time.
+The counter is increased when during the flood the
+\fI\%jostle\-timeout\fP
+allows a query to be removed in favor of a new incoming query.
+The older query is then dropped to make space.
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -985,6 +989,12 @@ the server has a hard time.
 Queries that were dropped because the request list was full.
 This happens if a flood of queries need recursive processing, and the
 server can not keep up.
+The counter is increased when during the flood there is no space
+to be made with the jostle out of an older query, and the new query
+is dropped.
+Since no older queries are removed, see
+\fI\%jostle\-timeout\fP setting, there
+is no space for the new query.
 .UNINDENT
 .INDENT 0.0
 .TP
@@ -1570,6 +1580,6 @@ directory with private keys (\fBunbound_server.key\fP and
 .SH AUTHOR
 Unbound developers are mentioned in the CREDITS file in the distribution.
 .SH COPYRIGHT
-1999-2025, NLnet Labs
+1999-2026, NLnet Labs
 .\" Generated by docutils manpage writer.
 .

doc/unbound-host.1.in

@@ -185,6 +185,6 @@ encountered a fatal error.
 .SH AUTHOR
 Unbound developers are mentioned in the CREDITS file in the distribution.
 .SH COPYRIGHT
-1999-2025, NLnet Labs
+1999-2026, NLnet Labs
 .\" Generated by docutils manpage writer.
 .

doc/unbound.8.in

@@ -32,7 +32,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 unbound \- Unbound DNS validating resolver @version@.
 .SH SYNOPSIS
 .sp
-\fBunbound\fP [\fB\-hdpv\fP] [\fB\-c <cfgfile>\fP]
+\fBunbound\fP [\fB\-hdpVv\fP] [\fB\-c <cfgfile>\fP]
 .SH DESCRIPTION
 .sp
 \fBunbound\fP is a caching DNS resolver.
@@ -118,6 +118,6 @@ Show the version number and build options, and exit.
 .SH AUTHOR
 Unbound developers are mentioned in the CREDITS file in the distribution.
 .SH COPYRIGHT
-1999-2025, NLnet Labs
+1999-2026, NLnet Labs
 .\" Generated by docutils manpage writer.
 .

doc/unbound.conf.5.in

@@ -1450,6 +1450,9 @@ The port number on which to provide DNS\-over\-QUIC service.
 Only interfaces configured with that port number as @number get the QUIC
 service.
 The interface uses QUIC for the UDP traffic on that port number.
+If it is set to 0, the server does not init QUIC code, and QUIC is
+disabled.
+This is similar to if QUIC is not in use, but then explicitly.
 .sp
 Default: 853
 .UNINDENT
@@ -1927,6 +1930,16 @@ Default: no
 .UNINDENT
 .INDENT 0.0
 .TP
+.B log\-thread\-id: \fI<yes or no>\fP 
+(Only on Linux and only when threads are available)
+Logs the system\-wide Linux thread ID instead of Unbound\(aqs internal thread
+counter.
+Can be useful when debugging with system tools.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
 .B pidfile: \fI<filename>\fP 
 The process id is written to the file.
 Default is \fB\(dq@UNBOUND_PIDFILE@\(dq\fP\&.
@@ -5918,6 +5931,6 @@ Default is to log to \fIsyslog(3)\fP\&.
 .SH AUTHOR
 Unbound developers are mentioned in the CREDITS file in the distribution.
 .SH COPYRIGHT
-1999-2025, NLnet Labs
+1999-2026, NLnet Labs
 .\" Generated by docutils manpage writer.
 .

doc/unbound.conf.rst

@@ -1306,9 +1306,9 @@ These options are part of the ``server:`` section.
     Only interfaces configured with that port number as @number get the QUIC
     service.
     The interface uses QUIC for the UDP traffic on that port number.
-    If the quic-port is set to 0, the server does not init quic code,
-    and quic is disabled.
-    This is similar to if quic is not in use, but then explicitly.
+    If it is set to 0, the server does not init QUIC code, and QUIC is
+    disabled.
+    This is similar to if QUIC is not in use, but then explicitly.
 
     Default: 853
 
@@ -1717,6 +1717,15 @@ These options are part of the ``server:`` section.
     Default: no
 
 
+@@UAHL@unbound.conf@log-thread-id@@: *<yes or no>*
+    (Only on Linux and only when threads are available)
+    Logs the system-wide Linux thread ID instead of Unbound's internal thread
+    counter.
+    Can be useful when debugging with system tools.
+
+    Default: no
+
+
 @@UAHL@unbound.conf@pidfile@@: *<filename>*
     The process id is written to the file.
     Default is :file:`"@UNBOUND_PIDFILE@"`.

util/config_file.c

@@ -148,6 +148,7 @@ config_create(void)
 	cfg->log_local_actions = 0;
 	cfg->log_servfail = 0;
 	cfg->log_destaddr = 0;
+	cfg->log_thread_id = 0;
 #ifndef USE_WINSOCK
 #  ifdef USE_MINI_EVENT
 	/* select max 1024 sockets */
@@ -748,6 +749,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	else S_YNO("log-local-actions:", log_local_actions)
 	else S_YNO("log-servfail:", log_servfail)
 	else S_YNO("log-destaddr:", log_destaddr)
+	else S_YNO("log-thread-id:", log_thread_id)
 	else S_YNO("val-permissive-mode:", val_permissive_mode)
 	else S_YNO("aggressive-nsec:", aggressive_nsec)
 	else S_YNO("ignore-cd-flag:", ignore_cd)
@@ -1205,6 +1207,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_YNO(opt, "log-local-actions", log_local_actions)
 	else O_YNO(opt, "log-servfail", log_servfail)
 	else O_YNO(opt, "log-destaddr", log_destaddr)
+	else O_YNO(opt, "log-thread-id", log_thread_id)
 	else O_STR(opt, "pidfile", pidfile)
 	else O_YNO(opt, "hide-identity", hide_identity)
 	else O_YNO(opt, "hide-version", hide_version)

util/config_file.h

@@ -367,6 +367,8 @@ struct config_file {
 	char* log_identity;
 	/** log dest addr for log_replies */
 	int log_destaddr;
+	/** log linux thread ID */
+	int log_thread_id;
 
 	/** do not report identity (id.server, hostname.bind) */
 	int hide_identity;

util/configlexer.lex

@@ -441,6 +441,7 @@ log-tag-queryreply{COLON}	{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) }
 log-local-actions{COLON}       { YDVAR(1, VAR_LOG_LOCAL_ACTIONS) }
 log-servfail{COLON}		{ YDVAR(1, VAR_LOG_SERVFAIL) }
 log-destaddr{COLON}		{ YDVAR(1, VAR_LOG_DESTADDR) }
+log-thread-id{COLON}		{ YDVAR(1, VAR_LOG_THREAD_ID) }
 local-zone{COLON}		{ YDVAR(2, VAR_LOCAL_ZONE) }
 local-data{COLON}		{ YDVAR(1, VAR_LOCAL_DATA) }
 local-data-ptr{COLON}		{ YDVAR(1, VAR_LOCAL_DATA_PTR) }

util/configparser.y

@@ -216,7 +216,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_LOG_DESTADDR VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED
 %token VAR_COOKIE_SECRET_FILE VAR_ITER_SCRUB_NS VAR_ITER_SCRUB_CNAME
 %token VAR_MAX_GLOBAL_QUOTA VAR_HARDEN_UNVERIFIED_GLUE VAR_LOG_TIME_ISO
-%token VAR_ITER_SCRUB_PROMISCUOUS
+%token VAR_ITER_SCRUB_PROMISCUOUS VAR_LOG_THREAD_ID
 
 %%
 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -288,7 +288,7 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_edns_buffer_size | server_prefetch | server_prefetch_key |
 	server_so_sndbuf | server_harden_below_nxdomain | server_ignore_cd_flag |
 	server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream |
-	server_log_local_actions |
+	server_log_local_actions | server_log_thread_id |
 	server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
 	server_https_port | server_http_endpoint | server_http_max_streams |
 	server_http_query_buffer_size | server_http_response_buffer_size |
@@ -1350,6 +1350,15 @@ server_log_destaddr: VAR_LOG_DESTADDR STRING_ARG
 		free($2);
 	}
 	;
+server_log_thread_id: VAR_LOG_THREAD_ID STRING_ARG
+	{
+		OUTYY(("P(server_log_thread_id:%s)\n", $2));
+		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+			yyerror("expected yes or no.");
+		else cfg_parser->cfg->log_thread_id = (strcmp($2, "yes")==0);
+		free($2);
+	}
+	;
 server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG
 	{
 		OUTYY(("P(server_log_local_actions:%s)\n", $2));

util/log.c

@@ -174,10 +174,10 @@ void log_thread_set(int* num)
 
 int log_thread_get(void)
 {
-	unsigned int* tid;
+	int* tid;
 	if(!key_created) return 0;
-	tid = (unsigned int*)ub_thread_key_get(logkey);
-	return (int)(tid?*tid:0);
+	tid = ub_thread_key_get(logkey);
+	return (tid?*tid:0);
 }
 
 void log_ident_set(const char* id)
@@ -229,7 +229,7 @@ log_vmsg(int pri, const char* type,
 	const char *format, va_list args)
 {
 	char message[MAXSYSLOGMSGLEN];
-	unsigned int* tid = (unsigned int*)ub_thread_key_get(logkey);
+	int tid = log_thread_get();
 	time_t now;
 #if defined(HAVE_STRFTIME) && defined(HAVE_LOCALTIME_R) 
 	char tmbuf[32];
@@ -241,8 +241,8 @@ log_vmsg(int pri, const char* type,
 	vsnprintf(message, sizeof(message), format, args);
 #ifdef HAVE_SYSLOG_H
 	if(logging_to_syslog) {
-		syslog(pri, "[%d:%x] %s: %s", 
-			(int)getpid(), tid?*tid:0, type, message);
+		syslog(pri, "[%d:%d] %s: %s",
+			(int)getpid(), tid, type, message);
 		return;
 	}
 #elif defined(UB_ON_WINDOWS)
@@ -263,8 +263,8 @@ log_vmsg(int pri, const char* type,
 			tp=MSG_GENERIC_SUCCESS;
 			wt=EVENTLOG_SUCCESS;
 		}
-		snprintf(m, sizeof(m), "[%s:%x] %s: %s", 
-			ident, tid?*tid:0, type, message);
+		snprintf(m, sizeof(m), "[%s:%d] %s: %s",
+			ident, tid, type, message);
 		s = RegisterEventSource(NULL, SERVICE_NAME);
 		if(!s) return;
 		ReportEvent(s, wt, 0, tp, NULL, 1, 0, &str, NULL);
@@ -294,9 +294,9 @@ log_vmsg(int pri, const char* type,
 			tzbuf[3] = ':';
 			tzbuf[6] = 0;
 		}
-		fprintf(logfile, "%s.%3.3d%s %s[%d:%x] %s: %s\n",
+		fprintf(logfile, "%s.%3.3d%s %s[%d:%d] %s: %s\n",
 			tmbuf, (int)tv.tv_usec/1000, tzbuf,
-			ident, (int)getpid(), tid?*tid:0, type, message);
+			ident, (int)getpid(), tid, type, message);
 #ifdef UB_ON_WINDOWS
 		/* line buffering does not work on windows */
 		fflush(logfile);
@@ -310,19 +310,19 @@ log_vmsg(int pri, const char* type,
 	if(log_time_asc && strftime(tmbuf, sizeof(tmbuf), "%b %d %H:%M:%S",
 		localtime_r(&now, &tm))%(sizeof(tmbuf)) != 0) {
 		/* %sizeof buf!=0 because old strftime returned max on error */
-		fprintf(logfile, "%s %s[%d:%x] %s: %s\n", tmbuf, 
-			ident, (int)getpid(), tid?*tid:0, type, message);
+		fprintf(logfile, "%s %s[%d:%d] %s: %s\n", tmbuf,
+			ident, (int)getpid(), tid, type, message);
 	} else
 #elif defined(UB_ON_WINDOWS)
 	if(log_time_asc && GetTimeFormat(LOCALE_USER_DEFAULT, 0, NULL, NULL,
 		tmbuf, sizeof(tmbuf)) && GetDateFormat(LOCALE_USER_DEFAULT, 0,
 		NULL, NULL, dtbuf, sizeof(dtbuf))) {
-		fprintf(logfile, "%s %s %s[%d:%x] %s: %s\n", dtbuf, tmbuf, 
-			ident, (int)getpid(), tid?*tid:0, type, message);
+		fprintf(logfile, "%s %s %s[%d:%d] %s: %s\n", dtbuf, tmbuf,
+			ident, (int)getpid(), tid, type, message);
 	} else
 #endif
-	fprintf(logfile, "[" ARG_LL "d] %s[%d:%x] %s: %s\n", (long long)now, 
-		ident, (int)getpid(), tid?*tid:0, type, message);
+	fprintf(logfile, "[" ARG_LL "d] %s[%d:%d] %s: %s\n", (long long)now,
+		ident, (int)getpid(), tid, type, message);
 #ifdef UB_ON_WINDOWS
 	/* line buffering does not work on windows */
 	fflush(logfile);