1 /* 2 * nsd.h -- nsd(8) definitions and prototypes 3 * 4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 * 8 */ 9 10 #ifndef NSD_H 11 #define NSD_H 12 13 #include <signal.h> 14 #include <net/if.h> 15 #ifndef IFNAMSIZ 16 # ifdef IF_NAMESIZE 17 # define IFNAMSIZ IF_NAMESIZE 18 # else 19 # define IFNAMSIZ 16 20 # endif 21 #endif 22 #ifdef HAVE_OPENSSL_SSL_H 23 #include <openssl/ssl.h> 24 #endif 25 26 #include "dns.h" 27 #include "edns.h" 28 #include "bitset.h" 29 struct netio_handler; 30 struct nsd_options; 31 struct udb_base; 32 struct daemon_remote; 33 #ifdef USE_DNSTAP 34 struct dt_collector; 35 #endif 36 37 /* The NSD runtime states and NSD ipc command values */ 38 #define NSD_RUN 0 39 #define NSD_RELOAD 1 40 #define NSD_SHUTDOWN 2 41 #define NSD_STATS 3 42 #define NSD_REAP_CHILDREN 4 43 #define NSD_QUIT 5 44 /* 45 * PASS_TO_XFRD is followed by the u16(len in network order) and 46 * then network packet contents. packet is a notify(acl checked), or 47 * xfr reply from a master(acl checked). 48 * followed by u32(acl number that matched from notify/xfr acl). 49 */ 50 #define NSD_PASS_TO_XFRD 6 51 /* 52 * RELOAD_REQ is sent when parent receives a SIGHUP and tells 53 * xfrd that it wants to initiate a reload (and thus task swap). 54 */ 55 #define NSD_RELOAD_REQ 7 56 /* 57 * RELOAD_DONE is sent at the end of a reload pass. 58 * xfrd then knows that reload phase is over. 59 */ 60 #define NSD_RELOAD_DONE 8 61 /* 62 * QUIT_SYNC is sent to signify a synchronisation of ipc 63 * channel content during reload 64 */ 65 #define NSD_QUIT_SYNC 9 66 /* 67 * QUIT_CHILD is sent at exit, to make sure the child has exited so that 68 * port53 is free when all of nsd's processes have exited at shutdown time 69 */ 70 #define NSD_QUIT_CHILD 11 71 /* 72 * This is the exit code of a nsd "new master" child process to indicate to 73 * the master process that some zones failed verification and that it should 74 * reload again, reprocessing the difffiles. The master process will resend 75 * the command to xfrd so it will not reload from xfrd yet. 76 */ 77 #define NSD_RELOAD_FAILED 14 78 79 #define NSD_SERVER_MAIN 0x0U 80 #define NSD_SERVER_UDP 0x1U 81 #define NSD_SERVER_TCP 0x2U 82 #define NSD_SERVER_BOTH (NSD_SERVER_UDP | NSD_SERVER_TCP) 83 84 #ifdef INET6 85 #define DEFAULT_AI_FAMILY AF_UNSPEC 86 #else 87 #define DEFAULT_AI_FAMILY AF_INET 88 #endif 89 90 #ifdef BIND8_STATS 91 /* Counter for statistics */ 92 typedef unsigned long stc_type; 93 94 #define LASTELEM(arr) (sizeof(arr) / sizeof(arr[0]) - 1) 95 96 #define STATUP(nsd, stc) nsd->st->stc++ 97 /* #define STATUP2(nsd, stc, i) ((i) <= (LASTELEM(nsd->st->stc) - 1)) ? nsd->st->stc[(i)]++ : \ 98 nsd->st.stc[LASTELEM(nsd->st->stc)]++ */ 99 100 #define STATUP2(nsd, stc, i) nsd->st->stc[(i) <= (LASTELEM(nsd->st->stc) - 1) ? i : LASTELEM(nsd->st->stc)]++ 101 #else /* BIND8_STATS */ 102 103 #define STATUP(nsd, stc) /* Nothing */ 104 #define STATUP2(nsd, stc, i) /* Nothing */ 105 106 #endif /* BIND8_STATS */ 107 108 #ifdef USE_ZONE_STATS 109 /* increment zone statistic, checks if zone-nonNULL and zone array bounds */ 110 #define ZTATUP(nsd, zone, stc) ( \ 111 (zone && zone->zonestatid < nsd->zonestatsizenow) ? \ 112 nsd->zonestatnow[zone->zonestatid].stc++ \ 113 : 0) 114 #define ZTATUP2(nsd, zone, stc, i) ( \ 115 (zone && zone->zonestatid < nsd->zonestatsizenow) ? \ 116 (nsd->zonestatnow[zone->zonestatid].stc[(i) <= (LASTELEM(nsd->zonestatnow[zone->zonestatid].stc) - 1) ? i : LASTELEM(nsd->zonestatnow[zone->zonestatid].stc)]++ ) \ 117 : 0) 118 #else /* USE_ZONE_STATS */ 119 #define ZTATUP(nsd, zone, stc) /* Nothing */ 120 #define ZTATUP2(nsd, zone, stc, i) /* Nothing */ 121 #endif /* USE_ZONE_STATS */ 122 123 #ifdef BIND8_STATS 124 /* Data structure to keep track of statistics */ 125 struct nsdst { 126 time_t boot; 127 stc_type qtype[257]; /* Counters per qtype */ 128 stc_type qclass[4]; /* Class IN or Class CH or other */ 129 stc_type qudp, qudp6; /* Number of queries udp and udp6 */ 130 stc_type ctcp, ctcp6; /* Number of tcp and tcp6 connections */ 131 stc_type ctls, ctls6; /* Number of tls and tls6 connections */ 132 stc_type rcode[17], opcode[6]; /* Rcodes & opcodes */ 133 /* Dropped, truncated, queries for nonconfigured zone, tx errors */ 134 stc_type dropped, truncated, wrongzone, txerr, rxerr; 135 stc_type edns, ednserr, raxfr, nona, rixfr; 136 uint64_t db_disk, db_mem; 137 }; 138 #endif /* BIND8_STATS */ 139 140 #define NSD_SOCKET_IS_OPTIONAL (1<<0) 141 #define NSD_BIND_DEVICE (1<<1) 142 143 struct nsd_addrinfo 144 { 145 int ai_flags; 146 int ai_family; 147 int ai_socktype; 148 socklen_t ai_addrlen; 149 struct sockaddr_storage ai_addr; 150 }; 151 152 struct nsd_socket 153 { 154 struct nsd_addrinfo addr; 155 int s; 156 int flags; 157 struct nsd_bitset *servers; 158 char device[IFNAMSIZ]; 159 int fib; 160 }; 161 162 struct nsd_child 163 { 164 #ifdef HAVE_CPUSET_T 165 /* Processor(s) that child process must run on (if applicable). */ 166 cpuset_t *cpuset; 167 #endif 168 169 /* The type of child process (UDP or TCP handler). */ 170 int kind; 171 172 /* The child's process id. */ 173 pid_t pid; 174 175 /* child number in child array */ 176 int child_num; 177 178 /* 179 * Socket used by the parent process to send commands and 180 * receive responses to/from this child process. 181 */ 182 int child_fd; 183 184 /* 185 * Socket used by the child process to receive commands and 186 * send responses from/to the parent process. 187 */ 188 int parent_fd; 189 190 /* 191 * IPC info, buffered for nonblocking writes to the child 192 */ 193 uint8_t need_to_send_STATS, need_to_send_QUIT; 194 uint8_t need_to_exit, has_exited; 195 196 /* 197 * The handler for handling the commands from the child. 198 */ 199 struct netio_handler* handler; 200 201 #ifdef BIND8_STATS 202 stc_type query_count; 203 #endif 204 }; 205 206 #define NSD_COOKIE_HISTORY_SIZE 2 207 #define NSD_COOKIE_SECRET_SIZE 16 208 209 typedef struct cookie_secret cookie_secret_type; 210 struct cookie_secret { 211 /** cookie secret */ 212 uint8_t cookie_secret[NSD_COOKIE_SECRET_SIZE]; 213 }; 214 215 /* NSD configuration and run-time variables */ 216 typedef struct nsd nsd_type; 217 struct nsd 218 { 219 /* 220 * Global region that is not deallocated until NSD shuts down. 221 */ 222 region_type *region; 223 224 /* Run-time variables */ 225 pid_t pid; 226 volatile sig_atomic_t mode; 227 volatile sig_atomic_t signal_hint_reload_hup; 228 volatile sig_atomic_t signal_hint_reload; 229 volatile sig_atomic_t signal_hint_child; 230 volatile sig_atomic_t signal_hint_quit; 231 volatile sig_atomic_t signal_hint_shutdown; 232 volatile sig_atomic_t signal_hint_stats; 233 volatile sig_atomic_t signal_hint_statsusr; 234 volatile sig_atomic_t quit_sync_done; 235 unsigned server_kind; 236 struct namedb *db; 237 int debug; 238 239 size_t child_count; 240 struct nsd_child *children; 241 int restart_children; 242 int reload_failed; 243 244 /* NULL if this is the parent process. */ 245 struct nsd_child *this_child; 246 247 /* mmaps with data exchange from xfrd and reload */ 248 struct udb_base* task[2]; 249 int mytask; 250 /* the base used by this (child)process */ 251 struct event_base* event_base; 252 /* the server_region used by this (child)process */ 253 region_type* server_region; 254 struct netio_handler* xfrd_listener; 255 struct daemon_remote* rc; 256 257 /* Configuration */ 258 const char *pidfile; 259 const char *log_filename; 260 const char *username; 261 uid_t uid; 262 gid_t gid; 263 const char *chrootdir; 264 const char *version; 265 const char *identity; 266 uint16_t nsid_len; 267 unsigned char *nsid; 268 uint8_t file_rotation_ok; 269 270 #ifdef HAVE_CPUSET_T 271 int use_cpu_affinity; 272 cpuset_t* cpuset; 273 cpuset_t* xfrd_cpuset; 274 #endif 275 276 /* number of interfaces */ 277 size_t ifs; 278 /* non0 if so_reuseport is in use, if so, tcp, udp array increased */ 279 int reuseport; 280 281 /* TCP specific configuration (array size ifs) */ 282 struct nsd_socket* tcp; 283 284 /* UDP specific configuration (array size ifs) */ 285 struct nsd_socket* udp; 286 287 /* Interfaces used for zone verification */ 288 size_t verify_ifs; 289 struct nsd_socket *verify_tcp; 290 struct nsd_socket *verify_udp; 291 292 struct zone *next_zone_to_verify; 293 size_t verifier_count; /* Number of active verifiers */ 294 size_t verifier_limit; /* Maximum number of active verifiers */ 295 int verifier_pipe[2]; /* Pipe to trigger verifier exit handler */ 296 struct verifier *verifiers; 297 298 edns_data_type edns_ipv4; 299 #if defined(INET6) 300 edns_data_type edns_ipv6; 301 #endif 302 303 int maximum_tcp_count; 304 int current_tcp_count; 305 int tcp_query_count; 306 int tcp_timeout; 307 int tcp_mss; 308 int outgoing_tcp_mss; 309 size_t ipv4_edns_size; 310 size_t ipv6_edns_size; 311 312 #ifdef BIND8_STATS 313 /* statistics for this server */ 314 struct nsdst* st; 315 /* Produce statistics dump every st_period seconds */ 316 int st_period; 317 /* per zone stats, each an array per zone-stat-idx, stats per zone is 318 * add of [0][zoneidx] and [1][zoneidx]. */ 319 struct nsdst* zonestat[2]; 320 /* fd for zonestat mapping (otherwise mmaps cannot be shared between 321 * processes and resized) */ 322 int zonestatfd[2]; 323 /* filenames */ 324 char* zonestatfname[2]; 325 /* size of the mmapped zone stat array (number of array entries) */ 326 size_t zonestatsize[2], zonestatdesired, zonestatsizenow; 327 /* current zonestat array to use */ 328 struct nsdst* zonestatnow; 329 /* filenames for stat file mappings */ 330 char* statfname; 331 /* fd for stat mapping (otherwise mmaps cannot be shared between 332 * processes and resized) */ 333 int statfd; 334 /* statistics array, of size child_count*2, twice for old and new 335 * server processes. */ 336 struct nsdst* stat_map; 337 /* statistics array of size child_count, twice */ 338 struct nsdst* stats_per_child[2]; 339 /* current stats_per_child array that is in use for the child set */ 340 int stat_current; 341 /* start value for per process statistics printout, to clear it */ 342 struct nsdst stat_proc; 343 #endif /* BIND8_STATS */ 344 #ifdef USE_DNSTAP 345 /* the dnstap collector process info */ 346 struct dt_collector* dt_collector; 347 /* the pipes from server processes to the dt_collector, 348 * arrays of size child_count * 2. Kept open for (re-)forks. */ 349 int *dt_collector_fd_send, *dt_collector_fd_recv; 350 /* the pipes from server processes to the dt_collector. Initially 351 * these point halfway into dt_collector_fd_send, but during reload 352 * the pointer is swapped with dt_collector_fd_send in order to 353 * to prevent writing to the dnstap collector by old serve childs 354 * simultaneous with new serve childs. */ 355 int *dt_collector_fd_swap; 356 #endif /* USE_DNSTAP */ 357 /* ratelimit for errors, time value */ 358 time_t err_limit_time; 359 /* ratelimit for errors, packet count */ 360 unsigned int err_limit_count; 361 362 /** do answer with server cookie when request contained cookie option */ 363 int do_answer_cookie; 364 365 /** how many cookies are there in the cookies array */ 366 size_t cookie_count; 367 368 /* keep track of the last `NSD_COOKIE_HISTORY_SIZE` 369 * cookies as per rfc requirement .*/ 370 cookie_secret_type cookie_secrets[NSD_COOKIE_HISTORY_SIZE]; 371 372 struct nsd_options* options; 373 374 #ifdef HAVE_SSL 375 /* TLS specific configuration */ 376 SSL_CTX *tls_ctx; 377 #endif 378 }; 379 380 extern struct nsd nsd; 381 382 /* nsd.c */ 383 pid_t readpid(const char *file); 384 int writepid(struct nsd *nsd); 385 void unlinkpid(const char* file); 386 void sig_handler(int sig); 387 void bind8_stats(struct nsd *nsd); 388 389 /* server.c */ 390 int server_init(struct nsd *nsd); 391 int server_prepare(struct nsd *nsd); 392 void server_main(struct nsd *nsd); 393 void server_child(struct nsd *nsd); 394 void server_shutdown(struct nsd *nsd) ATTR_NORETURN; 395 void server_close_all_sockets(struct nsd_socket sockets[], size_t n); 396 const char* nsd_event_vs(void); 397 const char* nsd_event_method(void); 398 struct event_base* nsd_child_event_base(void); 399 void service_remaining_tcp(struct nsd* nsd); 400 /* extra domain numbers for temporary domains */ 401 #define EXTRA_DOMAIN_NUMBERS 1024 402 #define SLOW_ACCEPT_TIMEOUT 2 /* in seconds */ 403 /* ratelimit for error responses */ 404 #define ERROR_RATELIMIT 100 /* qps */ 405 /* allocate zonestat structures */ 406 void server_zonestat_alloc(struct nsd* nsd); 407 /* remap the mmaps for zonestat isx, to bytesize sz. Caller has to set 408 * the zonestatsize */ 409 void zonestat_remap(struct nsd* nsd, int idx, size_t sz); 410 /* allocate stat structures */ 411 void server_stat_alloc(struct nsd* nsd); 412 /* free stat mmap file, unlinks it */ 413 void server_stat_free(struct nsd* nsd); 414 /* allocate and init xfrd variables */ 415 void server_prepare_xfrd(struct nsd *nsd); 416 /* start xfrdaemon (again) */ 417 void server_start_xfrd(struct nsd *nsd, int del_db, int reload_active); 418 /* send SOA serial numbers to xfrd */ 419 void server_send_soa_xfrd(struct nsd *nsd, int shortsoa); 420 #ifdef HAVE_SSL 421 SSL_CTX* server_tls_ctx_setup(char* key, char* pem, char* verifypem); 422 SSL_CTX* server_tls_ctx_create(struct nsd *nsd, char* verifypem, char* ocspfile); 423 void perform_openssl_init(void); 424 #endif 425 ssize_t block_read(struct nsd* nsd, int s, void* p, ssize_t sz, int timeout); 426 427 #endif /* NSD_H */ 428