1 /* 2 * nsd.h -- nsd(8) definitions and prototypes 3 * 4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 * 8 */ 9 10 #ifndef _NSD_H_ 11 #define _NSD_H_ 12 13 #include <signal.h> 14 #include <net/if.h> 15 #ifndef IFNAMSIZ 16 # ifdef IF_NAMESIZE 17 # define IFNAMSIZ IF_NAMESIZE 18 # else 19 # define IFNAMSIZ 16 20 # endif 21 #endif 22 #ifdef HAVE_OPENSSL_SSL_H 23 #include <openssl/ssl.h> 24 #endif 25 26 #include "dns.h" 27 #include "edns.h" 28 #include "bitset.h" 29 struct netio_handler; 30 struct nsd_options; 31 struct udb_base; 32 struct daemon_remote; 33 #ifdef USE_DNSTAP 34 struct dt_collector; 35 #endif 36 37 /* The NSD runtime states and NSD ipc command values */ 38 #define NSD_RUN 0 39 #define NSD_RELOAD 1 40 #define NSD_SHUTDOWN 2 41 #define NSD_STATS 3 42 #define NSD_REAP_CHILDREN 4 43 #define NSD_QUIT 5 44 /* 45 * PASS_TO_XFRD is followed by the u16(len in network order) and 46 * then network packet contents. packet is a notify(acl checked), or 47 * xfr reply from a master(acl checked). 48 * followed by u32(acl number that matched from notify/xfr acl). 49 */ 50 #define NSD_PASS_TO_XFRD 6 51 /* 52 * RELOAD_REQ is sent when parent receives a SIGHUP and tells 53 * xfrd that it wants to initiate a reload (and thus task swap). 54 */ 55 #define NSD_RELOAD_REQ 7 56 /* 57 * RELOAD_DONE is sent at the end of a reload pass. 58 * xfrd then knows that reload phase is over. 59 */ 60 #define NSD_RELOAD_DONE 8 61 /* 62 * QUIT_SYNC is sent to signify a synchronisation of ipc 63 * channel content during reload 64 */ 65 #define NSD_QUIT_SYNC 9 66 /* 67 * QUIT_WITH_STATS is sent during a reload when BIND8_STATS is defined, 68 * from parent to children. The stats are transferred too from child to 69 * parent with this commandvalue, when the child is exiting. 70 */ 71 #define NSD_QUIT_WITH_STATS 10 72 /* 73 * QUIT_CHILD is sent at exit, to make sure the child has exited so that 74 * port53 is free when all of nsd's processes have exited at shutdown time 75 */ 76 #define NSD_QUIT_CHILD 11 77 /* 78 * This is the exit code of a nsd "new master" child process to indicate to 79 * the master process that some zones failed verification and that it should 80 * reload again, reprocessing the difffiles. The master process will resend 81 * the command to xfrd so it will not reload from xfrd yet. 82 */ 83 #define NSD_RELOAD_FAILED 14 84 85 #define NSD_SERVER_MAIN 0x0U 86 #define NSD_SERVER_UDP 0x1U 87 #define NSD_SERVER_TCP 0x2U 88 #define NSD_SERVER_BOTH (NSD_SERVER_UDP | NSD_SERVER_TCP) 89 90 #ifdef INET6 91 #define DEFAULT_AI_FAMILY AF_UNSPEC 92 #else 93 #define DEFAULT_AI_FAMILY AF_INET 94 #endif 95 96 #ifdef BIND8_STATS 97 /* Counter for statistics */ 98 typedef unsigned long stc_type; 99 100 #define LASTELEM(arr) (sizeof(arr) / sizeof(arr[0]) - 1) 101 102 #define STATUP(nsd, stc) nsd->st.stc++ 103 /* #define STATUP2(nsd, stc, i) ((i) <= (LASTELEM(nsd->st.stc) - 1)) ? nsd->st.stc[(i)]++ : \ 104 nsd->st.stc[LASTELEM(nsd->st.stc)]++ */ 105 106 #define STATUP2(nsd, stc, i) nsd->st.stc[(i) <= (LASTELEM(nsd->st.stc) - 1) ? i : LASTELEM(nsd->st.stc)]++ 107 #else /* BIND8_STATS */ 108 109 #define STATUP(nsd, stc) /* Nothing */ 110 #define STATUP2(nsd, stc, i) /* Nothing */ 111 112 #endif /* BIND8_STATS */ 113 114 #ifdef USE_ZONE_STATS 115 /* increment zone statistic, checks if zone-nonNULL and zone array bounds */ 116 #define ZTATUP(nsd, zone, stc) ( \ 117 (zone && zone->zonestatid < nsd->zonestatsizenow) ? \ 118 nsd->zonestatnow[zone->zonestatid].stc++ \ 119 : 0) 120 #define ZTATUP2(nsd, zone, stc, i) ( \ 121 (zone && zone->zonestatid < nsd->zonestatsizenow) ? \ 122 (nsd->zonestatnow[zone->zonestatid].stc[(i) <= (LASTELEM(nsd->zonestatnow[zone->zonestatid].stc) - 1) ? i : LASTELEM(nsd->zonestatnow[zone->zonestatid].stc)]++ ) \ 123 : 0) 124 #else /* USE_ZONE_STATS */ 125 #define ZTATUP(nsd, zone, stc) /* Nothing */ 126 #define ZTATUP2(nsd, zone, stc, i) /* Nothing */ 127 #endif /* USE_ZONE_STATS */ 128 129 #define NSD_SOCKET_IS_OPTIONAL (1<<0) 130 #define NSD_BIND_DEVICE (1<<1) 131 132 struct nsd_addrinfo 133 { 134 int ai_flags; 135 int ai_family; 136 int ai_socktype; 137 socklen_t ai_addrlen; 138 struct sockaddr_storage ai_addr; 139 }; 140 141 struct nsd_socket 142 { 143 struct nsd_addrinfo addr; 144 int s; 145 int flags; 146 struct nsd_bitset *servers; 147 char device[IFNAMSIZ]; 148 int fib; 149 }; 150 151 struct nsd_child 152 { 153 #ifdef HAVE_CPUSET_T 154 /* Processor(s) that child process must run on (if applicable). */ 155 cpuset_t *cpuset; 156 #endif 157 158 /* The type of child process (UDP or TCP handler). */ 159 int kind; 160 161 /* The child's process id. */ 162 pid_t pid; 163 164 /* child number in child array */ 165 int child_num; 166 167 /* 168 * Socket used by the parent process to send commands and 169 * receive responses to/from this child process. 170 */ 171 int child_fd; 172 173 /* 174 * Socket used by the child process to receive commands and 175 * send responses from/to the parent process. 176 */ 177 int parent_fd; 178 179 /* 180 * IPC info, buffered for nonblocking writes to the child 181 */ 182 uint8_t need_to_send_STATS, need_to_send_QUIT; 183 uint8_t need_to_exit, has_exited; 184 185 /* 186 * The handler for handling the commands from the child. 187 */ 188 struct netio_handler* handler; 189 190 #ifdef BIND8_STATS 191 stc_type query_count; 192 #endif 193 }; 194 195 #define NSD_COOKIE_HISTORY_SIZE 2 196 #define NSD_COOKIE_SECRET_SIZE 16 197 198 typedef struct cookie_secret cookie_secret_type; 199 struct cookie_secret { 200 /** cookie secret */ 201 uint8_t cookie_secret[NSD_COOKIE_SECRET_SIZE]; 202 }; 203 204 /* NSD configuration and run-time variables */ 205 typedef struct nsd nsd_type; 206 struct nsd 207 { 208 /* 209 * Global region that is not deallocated until NSD shuts down. 210 */ 211 region_type *region; 212 213 /* Run-time variables */ 214 pid_t pid; 215 volatile sig_atomic_t mode; 216 volatile sig_atomic_t signal_hint_reload_hup; 217 volatile sig_atomic_t signal_hint_reload; 218 volatile sig_atomic_t signal_hint_child; 219 volatile sig_atomic_t signal_hint_quit; 220 volatile sig_atomic_t signal_hint_shutdown; 221 volatile sig_atomic_t signal_hint_stats; 222 volatile sig_atomic_t signal_hint_statsusr; 223 volatile sig_atomic_t quit_sync_done; 224 unsigned server_kind; 225 struct namedb *db; 226 int debug; 227 228 size_t child_count; 229 struct nsd_child *children; 230 int restart_children; 231 int reload_failed; 232 233 /* NULL if this is the parent process. */ 234 struct nsd_child *this_child; 235 236 /* mmaps with data exchange from xfrd and reload */ 237 struct udb_base* task[2]; 238 int mytask; 239 /* the base used by this (child)process */ 240 struct event_base* event_base; 241 /* the server_region used by this (child)process */ 242 region_type* server_region; 243 struct netio_handler* xfrd_listener; 244 struct daemon_remote* rc; 245 246 /* Configuration */ 247 const char *dbfile; 248 const char *pidfile; 249 const char *log_filename; 250 const char *username; 251 uid_t uid; 252 gid_t gid; 253 const char *chrootdir; 254 const char *version; 255 const char *identity; 256 uint16_t nsid_len; 257 unsigned char *nsid; 258 uint8_t file_rotation_ok; 259 260 #ifdef HAVE_CPUSET_T 261 int use_cpu_affinity; 262 cpuset_t* cpuset; 263 cpuset_t* xfrd_cpuset; 264 #endif 265 266 /* number of interfaces */ 267 size_t ifs; 268 /* non0 if so_reuseport is in use, if so, tcp, udp array increased */ 269 int reuseport; 270 271 /* TCP specific configuration (array size ifs) */ 272 struct nsd_socket* tcp; 273 274 /* UDP specific configuration (array size ifs) */ 275 struct nsd_socket* udp; 276 277 /* Interfaces used for zone verification */ 278 size_t verify_ifs; 279 struct nsd_socket *verify_tcp; 280 struct nsd_socket *verify_udp; 281 282 struct zone *next_zone_to_verify; 283 size_t verifier_count; /* Number of active verifiers */ 284 size_t verifier_limit; /* Maximum number of active verifiers */ 285 int verifier_pipe[2]; /* Pipe to trigger verifier exit handler */ 286 struct verifier *verifiers; 287 288 edns_data_type edns_ipv4; 289 #if defined(INET6) 290 edns_data_type edns_ipv6; 291 #endif 292 293 int maximum_tcp_count; 294 int current_tcp_count; 295 int tcp_query_count; 296 int tcp_timeout; 297 int tcp_mss; 298 int outgoing_tcp_mss; 299 size_t ipv4_edns_size; 300 size_t ipv6_edns_size; 301 302 #ifdef BIND8_STATS 303 304 struct nsdst { 305 time_t boot; 306 int period; /* Produce statistics dump every st_period seconds */ 307 stc_type qtype[257]; /* Counters per qtype */ 308 stc_type qclass[4]; /* Class IN or Class CH or other */ 309 stc_type qudp, qudp6; /* Number of queries udp and udp6 */ 310 stc_type ctcp, ctcp6; /* Number of tcp and tcp6 connections */ 311 stc_type ctls, ctls6; /* Number of tls and tls6 connections */ 312 stc_type rcode[17], opcode[6]; /* Rcodes & opcodes */ 313 /* Dropped, truncated, queries for nonconfigured zone, tx errors */ 314 stc_type dropped, truncated, wrongzone, txerr, rxerr; 315 stc_type edns, ednserr, raxfr, nona, rixfr; 316 uint64_t db_disk, db_mem; 317 } st; 318 /* per zone stats, each an array per zone-stat-idx, stats per zone is 319 * add of [0][zoneidx] and [1][zoneidx]. */ 320 struct nsdst* zonestat[2]; 321 /* fd for zonestat mapping (otherwise mmaps cannot be shared between 322 * processes and resized) */ 323 int zonestatfd[2]; 324 /* filenames */ 325 char* zonestatfname[2]; 326 /* size of the mmapped zone stat array (number of array entries) */ 327 size_t zonestatsize[2], zonestatdesired, zonestatsizenow; 328 /* current zonestat array to use */ 329 struct nsdst* zonestatnow; 330 #endif /* BIND8_STATS */ 331 #ifdef USE_DNSTAP 332 /* the dnstap collector process info */ 333 struct dt_collector* dt_collector; 334 /* the pipes from server processes to the dt_collector, 335 * arrays of size child_count * 2. Kept open for (re-)forks. */ 336 int *dt_collector_fd_send, *dt_collector_fd_recv; 337 /* the pipes from server processes to the dt_collector. Initially 338 * these point halfway into dt_collector_fd_send, but during reload 339 * the pointer is swapped with dt_collector_fd_send in order to 340 * to prevent writing to the dnstap collector by old serve childs 341 * simultaneous with new serve childs. */ 342 int *dt_collector_fd_swap; 343 #endif /* USE_DNSTAP */ 344 /* ratelimit for errors, time value */ 345 time_t err_limit_time; 346 /* ratelimit for errors, packet count */ 347 unsigned int err_limit_count; 348 349 /** do answer with server cookie when request contained cookie option */ 350 int do_answer_cookie; 351 352 /** how many cookies are there in the cookies array */ 353 size_t cookie_count; 354 355 /* keep track of the last `NSD_COOKIE_HISTORY_SIZE` 356 * cookies as per rfc requirement .*/ 357 cookie_secret_type cookie_secrets[NSD_COOKIE_HISTORY_SIZE]; 358 359 struct nsd_options* options; 360 361 #ifdef HAVE_SSL 362 /* TLS specific configuration */ 363 SSL_CTX *tls_ctx; 364 #endif 365 }; 366 367 extern struct nsd nsd; 368 369 /* nsd.c */ 370 pid_t readpid(const char *file); 371 int writepid(struct nsd *nsd); 372 void unlinkpid(const char* file); 373 void sig_handler(int sig); 374 void bind8_stats(struct nsd *nsd); 375 376 /* server.c */ 377 int server_init(struct nsd *nsd); 378 int server_prepare(struct nsd *nsd); 379 void server_main(struct nsd *nsd); 380 void server_child(struct nsd *nsd); 381 void server_shutdown(struct nsd *nsd) ATTR_NORETURN; 382 void server_close_all_sockets(struct nsd_socket sockets[], size_t n); 383 const char* nsd_event_vs(void); 384 const char* nsd_event_method(void); 385 struct event_base* nsd_child_event_base(void); 386 void service_remaining_tcp(struct nsd* nsd); 387 /* extra domain numbers for temporary domains */ 388 #define EXTRA_DOMAIN_NUMBERS 1024 389 #define SLOW_ACCEPT_TIMEOUT 2 /* in seconds */ 390 /* ratelimit for error responses */ 391 #define ERROR_RATELIMIT 100 /* qps */ 392 /* allocate zonestat structures */ 393 void server_zonestat_alloc(struct nsd* nsd); 394 /* remap the mmaps for zonestat isx, to bytesize sz. Caller has to set 395 * the zonestatsize */ 396 void zonestat_remap(struct nsd* nsd, int idx, size_t sz); 397 /* allocate and init xfrd variables */ 398 void server_prepare_xfrd(struct nsd *nsd); 399 /* start xfrdaemon (again) */ 400 void server_start_xfrd(struct nsd *nsd, int del_db, int reload_active); 401 /* send SOA serial numbers to xfrd */ 402 void server_send_soa_xfrd(struct nsd *nsd, int shortsoa); 403 #ifdef HAVE_SSL 404 SSL_CTX* server_tls_ctx_setup(char* key, char* pem, char* verifypem); 405 SSL_CTX* server_tls_ctx_create(struct nsd *nsd, char* verifypem, char* ocspfile); 406 void perform_openssl_init(void); 407 #endif 408 ssize_t block_read(struct nsd* nsd, int s, void* p, ssize_t sz, int timeout); 409 410 #endif /* _NSD_H_ */ 411