1 /* 2 * services/listen_dnsport.c - listen on port 53 for incoming DNS queries. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file has functions to get queries from clients. 40 */ 41 #include "config.h" 42 #ifdef HAVE_SYS_TYPES_H 43 # include <sys/types.h> 44 #endif 45 #include <sys/time.h> 46 #ifdef USE_TCP_FASTOPEN 47 #include <netinet/tcp.h> 48 #endif 49 #include "services/listen_dnsport.h" 50 #include "services/outside_network.h" 51 #include "util/netevent.h" 52 #include "util/log.h" 53 #include "util/config_file.h" 54 #include "util/net_help.h" 55 #include "sldns/sbuffer.h" 56 57 #ifdef HAVE_NETDB_H 58 #include <netdb.h> 59 #endif 60 #include <fcntl.h> 61 62 #ifdef HAVE_SYS_UN_H 63 #include <sys/un.h> 64 #endif 65 66 #ifdef HAVE_SYSTEMD 67 #include <systemd/sd-daemon.h> 68 #endif 69 70 /** number of queued TCP connections for listen() */ 71 #define TCP_BACKLOG 256 72 73 /** 74 * Debug print of the getaddrinfo returned address. 75 * @param addr: the address returned. 76 */ 77 static void 78 verbose_print_addr(struct addrinfo *addr) 79 { 80 if(verbosity >= VERB_ALGO) { 81 char buf[100]; 82 void* sinaddr = &((struct sockaddr_in*)addr->ai_addr)->sin_addr; 83 #ifdef INET6 84 if(addr->ai_family == AF_INET6) 85 sinaddr = &((struct sockaddr_in6*)addr->ai_addr)-> 86 sin6_addr; 87 #endif /* INET6 */ 88 if(inet_ntop(addr->ai_family, sinaddr, buf, 89 (socklen_t)sizeof(buf)) == 0) { 90 (void)strlcpy(buf, "(null)", sizeof(buf)); 91 } 92 buf[sizeof(buf)-1] = 0; 93 verbose(VERB_ALGO, "creating %s%s socket %s %d", 94 addr->ai_socktype==SOCK_DGRAM?"udp": 95 addr->ai_socktype==SOCK_STREAM?"tcp":"otherproto", 96 addr->ai_family==AF_INET?"4": 97 addr->ai_family==AF_INET6?"6": 98 "_otherfam", buf, 99 ntohs(((struct sockaddr_in*)addr->ai_addr)->sin_port)); 100 } 101 } 102 103 #ifdef HAVE_SYSTEMD 104 static int 105 systemd_get_activated(int family, int socktype, int listen, 106 struct sockaddr *addr, socklen_t addrlen, 107 const char *path) 108 { 109 int i = 0; 110 int r = 0; 111 int s = -1; 112 const char* listen_pid, *listen_fds; 113 114 /* We should use "listen" option only for stream protocols. For UDP it should be -1 */ 115 116 if((r = sd_booted()) < 1) { 117 if(r == 0) 118 log_warn("systemd is not running"); 119 else 120 log_err("systemd sd_booted(): %s", strerror(-r)); 121 return -1; 122 } 123 124 listen_pid = getenv("LISTEN_PID"); 125 listen_fds = getenv("LISTEN_FDS"); 126 127 if (!listen_pid) { 128 log_warn("Systemd mandatory ENV variable is not defined: LISTEN_PID"); 129 return -1; 130 } 131 132 if (!listen_fds) { 133 log_warn("Systemd mandatory ENV variable is not defined: LISTEN_FDS"); 134 return -1; 135 } 136 137 if((r = sd_listen_fds(0)) < 1) { 138 if(r == 0) 139 log_warn("systemd: did not return socket, check unit configuration"); 140 else 141 log_err("systemd sd_listen_fds(): %s", strerror(-r)); 142 return -1; 143 } 144 145 for(i = 0; i < r; i++) { 146 if(sd_is_socket(SD_LISTEN_FDS_START + i, family, socktype, listen)) { 147 s = SD_LISTEN_FDS_START + i; 148 break; 149 } 150 } 151 if (s == -1) { 152 if (addr) 153 log_err_addr("systemd sd_listen_fds()", 154 "no such socket", 155 (struct sockaddr_storage *)addr, addrlen); 156 else 157 log_err("systemd sd_listen_fds(): %s", path); 158 } 159 return s; 160 } 161 #endif 162 163 int 164 create_udp_sock(int family, int socktype, struct sockaddr* addr, 165 socklen_t addrlen, int v6only, int* inuse, int* noproto, 166 int rcv, int snd, int listen, int* reuseport, int transparent, 167 int freebind, int use_systemd) 168 { 169 int s; 170 #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined (SO_BINDANY) 171 int on=1; 172 #endif 173 #ifdef IPV6_MTU 174 int mtu = IPV6_MIN_MTU; 175 #endif 176 #if !defined(SO_RCVBUFFORCE) && !defined(SO_RCVBUF) 177 (void)rcv; 178 #endif 179 #if !defined(SO_SNDBUFFORCE) && !defined(SO_SNDBUF) 180 (void)snd; 181 #endif 182 #ifndef IPV6_V6ONLY 183 (void)v6only; 184 #endif 185 #if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) && !defined(SO_BINDANY) 186 (void)transparent; 187 #endif 188 #if !defined(IP_FREEBIND) 189 (void)freebind; 190 #endif 191 #ifdef HAVE_SYSTEMD 192 int got_fd_from_systemd = 0; 193 194 if (!use_systemd 195 || (use_systemd 196 && (s = systemd_get_activated(family, socktype, -1, addr, 197 addrlen, NULL)) == -1)) { 198 #else 199 (void)use_systemd; 200 #endif 201 if((s = socket(family, socktype, 0)) == -1) { 202 *inuse = 0; 203 #ifndef USE_WINSOCK 204 if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) { 205 *noproto = 1; 206 return -1; 207 } 208 log_err("can't create socket: %s", strerror(errno)); 209 #else 210 if(WSAGetLastError() == WSAEAFNOSUPPORT || 211 WSAGetLastError() == WSAEPROTONOSUPPORT) { 212 *noproto = 1; 213 return -1; 214 } 215 log_err("can't create socket: %s", 216 wsa_strerror(WSAGetLastError())); 217 #endif 218 *noproto = 0; 219 return -1; 220 } 221 #ifdef HAVE_SYSTEMD 222 } else { 223 got_fd_from_systemd = 1; 224 } 225 #endif 226 if(listen) { 227 #ifdef SO_REUSEADDR 228 if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, 229 (socklen_t)sizeof(on)) < 0) { 230 #ifndef USE_WINSOCK 231 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", 232 strerror(errno)); 233 if(errno != ENOSYS) { 234 close(s); 235 *noproto = 0; 236 *inuse = 0; 237 return -1; 238 } 239 #else 240 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", 241 wsa_strerror(WSAGetLastError())); 242 closesocket(s); 243 *noproto = 0; 244 *inuse = 0; 245 return -1; 246 #endif 247 } 248 #endif /* SO_REUSEADDR */ 249 #ifdef SO_REUSEPORT 250 /* try to set SO_REUSEPORT so that incoming 251 * queries are distributed evenly among the receiving threads. 252 * Each thread must have its own socket bound to the same port, 253 * with SO_REUSEPORT set on each socket. 254 */ 255 if (reuseport && *reuseport && 256 setsockopt(s, SOL_SOCKET, SO_REUSEPORT, (void*)&on, 257 (socklen_t)sizeof(on)) < 0) { 258 #ifdef ENOPROTOOPT 259 if(errno != ENOPROTOOPT || verbosity >= 3) 260 log_warn("setsockopt(.. SO_REUSEPORT ..) failed: %s", 261 strerror(errno)); 262 #endif 263 /* this option is not essential, we can continue */ 264 *reuseport = 0; 265 } 266 #else 267 (void)reuseport; 268 #endif /* defined(SO_REUSEPORT) */ 269 #ifdef IP_TRANSPARENT 270 if (transparent && 271 setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on, 272 (socklen_t)sizeof(on)) < 0) { 273 log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s", 274 strerror(errno)); 275 } 276 #elif defined(IP_BINDANY) 277 if (transparent && 278 setsockopt(s, (family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP), 279 (family == AF_INET6? IPV6_BINDANY:IP_BINDANY), 280 (void*)&on, (socklen_t)sizeof(on)) < 0) { 281 log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s", 282 (family==AF_INET6?"V6":""), strerror(errno)); 283 } 284 #elif defined(SO_BINDANY) 285 if (transparent && 286 setsockopt(s, SOL_SOCKET, SO_BINDANY, (void*)&on, 287 (socklen_t)sizeof(on)) < 0) { 288 log_warn("setsockopt(.. SO_BINDANY ..) failed: %s", 289 strerror(errno)); 290 } 291 #endif /* IP_TRANSPARENT || IP_BINDANY || SO_BINDANY */ 292 } 293 #ifdef IP_FREEBIND 294 if(freebind && 295 setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on, 296 (socklen_t)sizeof(on)) < 0) { 297 log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s", 298 strerror(errno)); 299 } 300 #endif /* IP_FREEBIND */ 301 if(rcv) { 302 #ifdef SO_RCVBUF 303 int got; 304 socklen_t slen = (socklen_t)sizeof(got); 305 # ifdef SO_RCVBUFFORCE 306 /* Linux specific: try to use root permission to override 307 * system limits on rcvbuf. The limit is stored in 308 * /proc/sys/net/core/rmem_max or sysctl net.core.rmem_max */ 309 if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv, 310 (socklen_t)sizeof(rcv)) < 0) { 311 if(errno != EPERM) { 312 # ifndef USE_WINSOCK 313 log_err("setsockopt(..., SO_RCVBUFFORCE, " 314 "...) failed: %s", strerror(errno)); 315 close(s); 316 # else 317 log_err("setsockopt(..., SO_RCVBUFFORCE, " 318 "...) failed: %s", 319 wsa_strerror(WSAGetLastError())); 320 closesocket(s); 321 # endif 322 *noproto = 0; 323 *inuse = 0; 324 return -1; 325 } 326 # endif /* SO_RCVBUFFORCE */ 327 if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv, 328 (socklen_t)sizeof(rcv)) < 0) { 329 # ifndef USE_WINSOCK 330 log_err("setsockopt(..., SO_RCVBUF, " 331 "...) failed: %s", strerror(errno)); 332 close(s); 333 # else 334 log_err("setsockopt(..., SO_RCVBUF, " 335 "...) failed: %s", 336 wsa_strerror(WSAGetLastError())); 337 closesocket(s); 338 # endif 339 *noproto = 0; 340 *inuse = 0; 341 return -1; 342 } 343 /* check if we got the right thing or if system 344 * reduced to some system max. Warn if so */ 345 if(getsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&got, 346 &slen) >= 0 && got < rcv/2) { 347 log_warn("so-rcvbuf %u was not granted. " 348 "Got %u. To fix: start with " 349 "root permissions(linux) or sysctl " 350 "bigger net.core.rmem_max(linux) or " 351 "kern.ipc.maxsockbuf(bsd) values.", 352 (unsigned)rcv, (unsigned)got); 353 } 354 # ifdef SO_RCVBUFFORCE 355 } 356 # endif 357 #endif /* SO_RCVBUF */ 358 } 359 /* first do RCVBUF as the receive buffer is more important */ 360 if(snd) { 361 #ifdef SO_SNDBUF 362 int got; 363 socklen_t slen = (socklen_t)sizeof(got); 364 # ifdef SO_SNDBUFFORCE 365 /* Linux specific: try to use root permission to override 366 * system limits on sndbuf. The limit is stored in 367 * /proc/sys/net/core/wmem_max or sysctl net.core.wmem_max */ 368 if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd, 369 (socklen_t)sizeof(snd)) < 0) { 370 if(errno != EPERM) { 371 # ifndef USE_WINSOCK 372 log_err("setsockopt(..., SO_SNDBUFFORCE, " 373 "...) failed: %s", strerror(errno)); 374 close(s); 375 # else 376 log_err("setsockopt(..., SO_SNDBUFFORCE, " 377 "...) failed: %s", 378 wsa_strerror(WSAGetLastError())); 379 closesocket(s); 380 # endif 381 *noproto = 0; 382 *inuse = 0; 383 return -1; 384 } 385 # endif /* SO_SNDBUFFORCE */ 386 if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd, 387 (socklen_t)sizeof(snd)) < 0) { 388 # ifndef USE_WINSOCK 389 log_err("setsockopt(..., SO_SNDBUF, " 390 "...) failed: %s", strerror(errno)); 391 close(s); 392 # else 393 log_err("setsockopt(..., SO_SNDBUF, " 394 "...) failed: %s", 395 wsa_strerror(WSAGetLastError())); 396 closesocket(s); 397 # endif 398 *noproto = 0; 399 *inuse = 0; 400 return -1; 401 } 402 /* check if we got the right thing or if system 403 * reduced to some system max. Warn if so */ 404 if(getsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&got, 405 &slen) >= 0 && got < snd/2) { 406 log_warn("so-sndbuf %u was not granted. " 407 "Got %u. To fix: start with " 408 "root permissions(linux) or sysctl " 409 "bigger net.core.wmem_max(linux) or " 410 "kern.ipc.maxsockbuf(bsd) values.", 411 (unsigned)snd, (unsigned)got); 412 } 413 # ifdef SO_SNDBUFFORCE 414 } 415 # endif 416 #endif /* SO_SNDBUF */ 417 } 418 if(family == AF_INET6) { 419 # if defined(IPV6_V6ONLY) 420 if(v6only) { 421 int val=(v6only==2)?0:1; 422 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, 423 (void*)&val, (socklen_t)sizeof(val)) < 0) { 424 #ifndef USE_WINSOCK 425 log_err("setsockopt(..., IPV6_V6ONLY" 426 ", ...) failed: %s", strerror(errno)); 427 close(s); 428 #else 429 log_err("setsockopt(..., IPV6_V6ONLY" 430 ", ...) failed: %s", 431 wsa_strerror(WSAGetLastError())); 432 closesocket(s); 433 #endif 434 *noproto = 0; 435 *inuse = 0; 436 return -1; 437 } 438 } 439 # endif 440 # if defined(IPV6_USE_MIN_MTU) 441 /* 442 * There is no fragmentation of IPv6 datagrams 443 * during forwarding in the network. Therefore 444 * we do not send UDP datagrams larger than 445 * the minimum IPv6 MTU of 1280 octets. The 446 * EDNS0 message length can be larger if the 447 * network stack supports IPV6_USE_MIN_MTU. 448 */ 449 if (setsockopt(s, IPPROTO_IPV6, IPV6_USE_MIN_MTU, 450 (void*)&on, (socklen_t)sizeof(on)) < 0) { 451 # ifndef USE_WINSOCK 452 log_err("setsockopt(..., IPV6_USE_MIN_MTU, " 453 "...) failed: %s", strerror(errno)); 454 close(s); 455 # else 456 log_err("setsockopt(..., IPV6_USE_MIN_MTU, " 457 "...) failed: %s", 458 wsa_strerror(WSAGetLastError())); 459 closesocket(s); 460 # endif 461 *noproto = 0; 462 *inuse = 0; 463 return -1; 464 } 465 # elif defined(IPV6_MTU) 466 /* 467 * On Linux, to send no larger than 1280, the PMTUD is 468 * disabled by default for datagrams anyway, so we set 469 * the MTU to use. 470 */ 471 if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU, 472 (void*)&mtu, (socklen_t)sizeof(mtu)) < 0) { 473 # ifndef USE_WINSOCK 474 log_err("setsockopt(..., IPV6_MTU, ...) failed: %s", 475 strerror(errno)); 476 close(s); 477 # else 478 log_err("setsockopt(..., IPV6_MTU, ...) failed: %s", 479 wsa_strerror(WSAGetLastError())); 480 closesocket(s); 481 # endif 482 *noproto = 0; 483 *inuse = 0; 484 return -1; 485 } 486 # endif /* IPv6 MTU */ 487 } else if(family == AF_INET) { 488 # if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) 489 /* linux 3.15 has IP_PMTUDISC_OMIT, Hannes Frederic Sowa made it so that 490 * PMTU information is not accepted, but fragmentation is allowed 491 * if and only if the packet size exceeds the outgoing interface MTU 492 * (and also uses the interface mtu to determine the size of the packets). 493 * So there won't be any EMSGSIZE error. Against DNS fragmentation attacks. 494 * FreeBSD already has same semantics without setting the option. */ 495 int omit_set = 0; 496 int action; 497 # if defined(IP_PMTUDISC_OMIT) 498 action = IP_PMTUDISC_OMIT; 499 if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, 500 &action, (socklen_t)sizeof(action)) < 0) { 501 502 if (errno != EINVAL) { 503 log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s", 504 strerror(errno)); 505 506 # ifndef USE_WINSOCK 507 close(s); 508 # else 509 closesocket(s); 510 # endif 511 *noproto = 0; 512 *inuse = 0; 513 return -1; 514 } 515 } 516 else 517 { 518 omit_set = 1; 519 } 520 # endif 521 if (omit_set == 0) { 522 action = IP_PMTUDISC_DONT; 523 if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, 524 &action, (socklen_t)sizeof(action)) < 0) { 525 log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s", 526 strerror(errno)); 527 # ifndef USE_WINSOCK 528 close(s); 529 # else 530 closesocket(s); 531 # endif 532 *noproto = 0; 533 *inuse = 0; 534 return -1; 535 } 536 } 537 # elif defined(IP_DONTFRAG) 538 int off = 0; 539 if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG, 540 &off, (socklen_t)sizeof(off)) < 0) { 541 log_err("setsockopt(..., IP_DONTFRAG, ...) failed: %s", 542 strerror(errno)); 543 # ifndef USE_WINSOCK 544 close(s); 545 # else 546 closesocket(s); 547 # endif 548 *noproto = 0; 549 *inuse = 0; 550 return -1; 551 } 552 # endif /* IPv4 MTU */ 553 } 554 if( 555 #ifdef HAVE_SYSTEMD 556 !got_fd_from_systemd && 557 #endif 558 bind(s, (struct sockaddr*)addr, addrlen) != 0) { 559 *noproto = 0; 560 *inuse = 0; 561 #ifndef USE_WINSOCK 562 #ifdef EADDRINUSE 563 *inuse = (errno == EADDRINUSE); 564 /* detect freebsd jail with no ipv6 permission */ 565 if(family==AF_INET6 && errno==EINVAL) 566 *noproto = 1; 567 else if(errno != EADDRINUSE && 568 !(errno == EACCES && verbosity < 4 && !listen)) { 569 log_err_addr("can't bind socket", strerror(errno), 570 (struct sockaddr_storage*)addr, addrlen); 571 } 572 #endif /* EADDRINUSE */ 573 close(s); 574 #else /* USE_WINSOCK */ 575 if(WSAGetLastError() != WSAEADDRINUSE && 576 WSAGetLastError() != WSAEADDRNOTAVAIL && 577 !(WSAGetLastError() == WSAEACCES && verbosity < 4 && !listen)) { 578 log_err_addr("can't bind socket", 579 wsa_strerror(WSAGetLastError()), 580 (struct sockaddr_storage*)addr, addrlen); 581 } 582 closesocket(s); 583 #endif /* USE_WINSOCK */ 584 return -1; 585 } 586 if(!fd_set_nonblock(s)) { 587 *noproto = 0; 588 *inuse = 0; 589 #ifndef USE_WINSOCK 590 close(s); 591 #else 592 closesocket(s); 593 #endif 594 return -1; 595 } 596 return s; 597 } 598 599 int 600 create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, 601 int* reuseport, int transparent, int mss, int freebind, int use_systemd) 602 { 603 int s; 604 #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined(SO_BINDANY) 605 int on = 1; 606 #endif 607 #ifdef HAVE_SYSTEMD 608 int got_fd_from_systemd = 0; 609 #endif 610 #ifdef USE_TCP_FASTOPEN 611 int qlen; 612 #endif 613 #if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) && !defined(SO_BINDANY) 614 (void)transparent; 615 #endif 616 #if !defined(IP_FREEBIND) 617 (void)freebind; 618 #endif 619 verbose_print_addr(addr); 620 *noproto = 0; 621 #ifdef HAVE_SYSTEMD 622 if (!use_systemd || 623 (use_systemd 624 && (s = systemd_get_activated(addr->ai_family, addr->ai_socktype, 1, 625 addr->ai_addr, addr->ai_addrlen, 626 NULL)) == -1)) { 627 #else 628 (void)use_systemd; 629 #endif 630 if((s = socket(addr->ai_family, addr->ai_socktype, 0)) == -1) { 631 #ifndef USE_WINSOCK 632 if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) { 633 *noproto = 1; 634 return -1; 635 } 636 log_err("can't create socket: %s", strerror(errno)); 637 #else 638 if(WSAGetLastError() == WSAEAFNOSUPPORT || 639 WSAGetLastError() == WSAEPROTONOSUPPORT) { 640 *noproto = 1; 641 return -1; 642 } 643 log_err("can't create socket: %s", 644 wsa_strerror(WSAGetLastError())); 645 #endif 646 return -1; 647 } 648 if (mss > 0) { 649 #if defined(IPPROTO_TCP) && defined(TCP_MAXSEG) 650 if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, (void*)&mss, 651 (socklen_t)sizeof(mss)) < 0) { 652 #ifndef USE_WINSOCK 653 log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s", 654 strerror(errno)); 655 #else 656 log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s", 657 wsa_strerror(WSAGetLastError())); 658 #endif 659 } else { 660 verbose(VERB_ALGO, 661 " tcp socket mss set to %d", mss); 662 } 663 #else 664 log_warn(" setsockopt(TCP_MAXSEG) unsupported"); 665 #endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */ 666 } 667 #ifdef HAVE_SYSTEMD 668 } else { 669 got_fd_from_systemd = 1; 670 } 671 #endif 672 #ifdef SO_REUSEADDR 673 if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, 674 (socklen_t)sizeof(on)) < 0) { 675 #ifndef USE_WINSOCK 676 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", 677 strerror(errno)); 678 close(s); 679 #else 680 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", 681 wsa_strerror(WSAGetLastError())); 682 closesocket(s); 683 #endif 684 return -1; 685 } 686 #endif /* SO_REUSEADDR */ 687 #ifdef IP_FREEBIND 688 if (freebind && setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on, 689 (socklen_t)sizeof(on)) < 0) { 690 log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s", 691 strerror(errno)); 692 } 693 #endif /* IP_FREEBIND */ 694 #ifdef SO_REUSEPORT 695 /* try to set SO_REUSEPORT so that incoming 696 * connections are distributed evenly among the receiving threads. 697 * Each thread must have its own socket bound to the same port, 698 * with SO_REUSEPORT set on each socket. 699 */ 700 if (reuseport && *reuseport && 701 setsockopt(s, SOL_SOCKET, SO_REUSEPORT, (void*)&on, 702 (socklen_t)sizeof(on)) < 0) { 703 #ifdef ENOPROTOOPT 704 if(errno != ENOPROTOOPT || verbosity >= 3) 705 log_warn("setsockopt(.. SO_REUSEPORT ..) failed: %s", 706 strerror(errno)); 707 #endif 708 /* this option is not essential, we can continue */ 709 *reuseport = 0; 710 } 711 #else 712 (void)reuseport; 713 #endif /* defined(SO_REUSEPORT) */ 714 #if defined(IPV6_V6ONLY) 715 if(addr->ai_family == AF_INET6 && v6only) { 716 if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, 717 (void*)&on, (socklen_t)sizeof(on)) < 0) { 718 #ifndef USE_WINSOCK 719 log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s", 720 strerror(errno)); 721 close(s); 722 #else 723 log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s", 724 wsa_strerror(WSAGetLastError())); 725 closesocket(s); 726 #endif 727 return -1; 728 } 729 } 730 #else 731 (void)v6only; 732 #endif /* IPV6_V6ONLY */ 733 #ifdef IP_TRANSPARENT 734 if (transparent && 735 setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on, 736 (socklen_t)sizeof(on)) < 0) { 737 log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s", 738 strerror(errno)); 739 } 740 #elif defined(IP_BINDANY) 741 if (transparent && 742 setsockopt(s, (addr->ai_family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP), 743 (addr->ai_family == AF_INET6? IPV6_BINDANY:IP_BINDANY), 744 (void*)&on, (socklen_t)sizeof(on)) < 0) { 745 log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s", 746 (addr->ai_family==AF_INET6?"V6":""), strerror(errno)); 747 } 748 #elif defined(SO_BINDANY) 749 if (transparent && 750 setsockopt(s, SOL_SOCKET, SO_BINDANY, (void*)&on, (socklen_t) 751 sizeof(on)) < 0) { 752 log_warn("setsockopt(.. SO_BINDANY ..) failed: %s", 753 strerror(errno)); 754 } 755 #endif /* IP_TRANSPARENT || IP_BINDANY || SO_BINDANY */ 756 if( 757 #ifdef HAVE_SYSTEMD 758 !got_fd_from_systemd && 759 #endif 760 bind(s, addr->ai_addr, addr->ai_addrlen) != 0) { 761 #ifndef USE_WINSOCK 762 /* detect freebsd jail with no ipv6 permission */ 763 if(addr->ai_family==AF_INET6 && errno==EINVAL) 764 *noproto = 1; 765 else { 766 log_err_addr("can't bind socket", strerror(errno), 767 (struct sockaddr_storage*)addr->ai_addr, 768 addr->ai_addrlen); 769 } 770 close(s); 771 #else 772 log_err_addr("can't bind socket", 773 wsa_strerror(WSAGetLastError()), 774 (struct sockaddr_storage*)addr->ai_addr, 775 addr->ai_addrlen); 776 closesocket(s); 777 #endif 778 return -1; 779 } 780 if(!fd_set_nonblock(s)) { 781 #ifndef USE_WINSOCK 782 close(s); 783 #else 784 closesocket(s); 785 #endif 786 return -1; 787 } 788 if(listen(s, TCP_BACKLOG) == -1) { 789 #ifndef USE_WINSOCK 790 log_err("can't listen: %s", strerror(errno)); 791 close(s); 792 #else 793 log_err("can't listen: %s", wsa_strerror(WSAGetLastError())); 794 closesocket(s); 795 #endif 796 return -1; 797 } 798 #ifdef USE_TCP_FASTOPEN 799 /* qlen specifies how many outstanding TFO requests to allow. Limit is a defense 800 against IP spoofing attacks as suggested in RFC7413 */ 801 #ifdef __APPLE__ 802 /* OS X implementation only supports qlen of 1 via this call. Actual 803 value is configured by the net.inet.tcp.fastopen_backlog kernel parm. */ 804 qlen = 1; 805 #else 806 /* 5 is recommended on linux */ 807 qlen = 5; 808 #endif 809 if ((setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &qlen, 810 sizeof(qlen))) == -1 ) { 811 #ifdef ENOPROTOOPT 812 /* squelch ENOPROTOOPT: freebsd server mode with kernel support 813 disabled, except when verbosity enabled for debugging */ 814 if(errno != ENOPROTOOPT || verbosity >= 3) 815 #endif 816 log_err("Setting TCP Fast Open as server failed: %s", strerror(errno)); 817 } 818 #endif 819 return s; 820 } 821 822 int 823 create_local_accept_sock(const char *path, int* noproto, int use_systemd) 824 { 825 #ifdef HAVE_SYSTEMD 826 int ret; 827 828 if (use_systemd && (ret = systemd_get_activated(AF_LOCAL, SOCK_STREAM, 1, NULL, 0, path)) != -1) 829 return ret; 830 else { 831 #endif 832 #ifdef HAVE_SYS_UN_H 833 int s; 834 struct sockaddr_un usock; 835 #ifndef HAVE_SYSTEMD 836 (void)use_systemd; 837 #endif 838 839 verbose(VERB_ALGO, "creating unix socket %s", path); 840 #ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN 841 /* this member exists on BSDs, not Linux */ 842 usock.sun_len = (unsigned)sizeof(usock); 843 #endif 844 usock.sun_family = AF_LOCAL; 845 /* length is 92-108, 104 on FreeBSD */ 846 (void)strlcpy(usock.sun_path, path, sizeof(usock.sun_path)); 847 848 if ((s = socket(AF_LOCAL, SOCK_STREAM, 0)) == -1) { 849 log_err("Cannot create local socket %s (%s)", 850 path, strerror(errno)); 851 return -1; 852 } 853 854 if (unlink(path) && errno != ENOENT) { 855 /* The socket already exists and cannot be removed */ 856 log_err("Cannot remove old local socket %s (%s)", 857 path, strerror(errno)); 858 goto err; 859 } 860 861 if (bind(s, (struct sockaddr *)&usock, 862 (socklen_t)sizeof(struct sockaddr_un)) == -1) { 863 log_err("Cannot bind local socket %s (%s)", 864 path, strerror(errno)); 865 goto err; 866 } 867 868 if (!fd_set_nonblock(s)) { 869 log_err("Cannot set non-blocking mode"); 870 goto err; 871 } 872 873 if (listen(s, TCP_BACKLOG) == -1) { 874 log_err("can't listen: %s", strerror(errno)); 875 goto err; 876 } 877 878 (void)noproto; /*unused*/ 879 return s; 880 881 err: 882 #ifndef USE_WINSOCK 883 close(s); 884 #else 885 closesocket(s); 886 #endif 887 return -1; 888 889 #ifdef HAVE_SYSTEMD 890 } 891 #endif 892 #else 893 (void)use_systemd; 894 (void)path; 895 log_err("Local sockets are not supported"); 896 *noproto = 1; 897 return -1; 898 #endif 899 } 900 901 902 /** 903 * Create socket from getaddrinfo results 904 */ 905 static int 906 make_sock(int stype, const char* ifname, const char* port, 907 struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, 908 int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd) 909 { 910 struct addrinfo *res = NULL; 911 int r, s, inuse, noproto; 912 hints->ai_socktype = stype; 913 *noip6 = 0; 914 if((r=getaddrinfo(ifname, port, hints, &res)) != 0 || !res) { 915 #ifdef USE_WINSOCK 916 if(r == EAI_NONAME && hints->ai_family == AF_INET6){ 917 *noip6 = 1; /* 'Host not found' for IP6 on winXP */ 918 return -1; 919 } 920 #endif 921 log_err("node %s:%s getaddrinfo: %s %s", 922 ifname?ifname:"default", port, gai_strerror(r), 923 #ifdef EAI_SYSTEM 924 r==EAI_SYSTEM?(char*)strerror(errno):"" 925 #else 926 "" 927 #endif 928 ); 929 return -1; 930 } 931 if(stype == SOCK_DGRAM) { 932 verbose_print_addr(res); 933 s = create_udp_sock(res->ai_family, res->ai_socktype, 934 (struct sockaddr*)res->ai_addr, res->ai_addrlen, 935 v6only, &inuse, &noproto, (int)rcv, (int)snd, 1, 936 reuseport, transparent, freebind, use_systemd); 937 if(s == -1 && inuse) { 938 log_err("bind: address already in use"); 939 } else if(s == -1 && noproto && hints->ai_family == AF_INET6){ 940 *noip6 = 1; 941 } 942 } else { 943 s = create_tcp_accept_sock(res, v6only, &noproto, reuseport, 944 transparent, tcp_mss, freebind, use_systemd); 945 if(s == -1 && noproto && hints->ai_family == AF_INET6){ 946 *noip6 = 1; 947 } 948 } 949 freeaddrinfo(res); 950 return s; 951 } 952 953 /** make socket and first see if ifname contains port override info */ 954 static int 955 make_sock_port(int stype, const char* ifname, const char* port, 956 struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, 957 int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd) 958 { 959 char* s = strchr(ifname, '@'); 960 if(s) { 961 /* override port with ifspec@port */ 962 char p[16]; 963 char newif[128]; 964 if((size_t)(s-ifname) >= sizeof(newif)) { 965 log_err("ifname too long: %s", ifname); 966 *noip6 = 0; 967 return -1; 968 } 969 if(strlen(s+1) >= sizeof(p)) { 970 log_err("portnumber too long: %s", ifname); 971 *noip6 = 0; 972 return -1; 973 } 974 (void)strlcpy(newif, ifname, sizeof(newif)); 975 newif[s-ifname] = 0; 976 (void)strlcpy(p, s+1, sizeof(p)); 977 p[strlen(s+1)]=0; 978 return make_sock(stype, newif, p, hints, v6only, noip6, 979 rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd); 980 } 981 return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd, 982 reuseport, transparent, tcp_mss, freebind, use_systemd); 983 } 984 985 /** 986 * Add port to open ports list. 987 * @param list: list head. changed. 988 * @param s: fd. 989 * @param ftype: if fd is UDP. 990 * @return false on failure. list in unchanged then. 991 */ 992 static int 993 port_insert(struct listen_port** list, int s, enum listen_type ftype) 994 { 995 struct listen_port* item = (struct listen_port*)malloc( 996 sizeof(struct listen_port)); 997 if(!item) 998 return 0; 999 item->next = *list; 1000 item->fd = s; 1001 item->ftype = ftype; 1002 *list = item; 1003 return 1; 1004 } 1005 1006 /** set fd to receive source address packet info */ 1007 static int 1008 set_recvpktinfo(int s, int family) 1009 { 1010 #if defined(IPV6_RECVPKTINFO) || defined(IPV6_PKTINFO) || (defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR)) || defined(IP_PKTINFO) 1011 int on = 1; 1012 #else 1013 (void)s; 1014 #endif 1015 if(family == AF_INET6) { 1016 # ifdef IPV6_RECVPKTINFO 1017 if(setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, 1018 (void*)&on, (socklen_t)sizeof(on)) < 0) { 1019 log_err("setsockopt(..., IPV6_RECVPKTINFO, ...) failed: %s", 1020 strerror(errno)); 1021 return 0; 1022 } 1023 # elif defined(IPV6_PKTINFO) 1024 if(setsockopt(s, IPPROTO_IPV6, IPV6_PKTINFO, 1025 (void*)&on, (socklen_t)sizeof(on)) < 0) { 1026 log_err("setsockopt(..., IPV6_PKTINFO, ...) failed: %s", 1027 strerror(errno)); 1028 return 0; 1029 } 1030 # else 1031 log_err("no IPV6_RECVPKTINFO and no IPV6_PKTINFO option, please " 1032 "disable interface-automatic or do-ip6 in config"); 1033 return 0; 1034 # endif /* defined IPV6_RECVPKTINFO */ 1035 1036 } else if(family == AF_INET) { 1037 # ifdef IP_PKTINFO 1038 if(setsockopt(s, IPPROTO_IP, IP_PKTINFO, 1039 (void*)&on, (socklen_t)sizeof(on)) < 0) { 1040 log_err("setsockopt(..., IP_PKTINFO, ...) failed: %s", 1041 strerror(errno)); 1042 return 0; 1043 } 1044 # elif defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR) 1045 if(setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR, 1046 (void*)&on, (socklen_t)sizeof(on)) < 0) { 1047 log_err("setsockopt(..., IP_RECVDSTADDR, ...) failed: %s", 1048 strerror(errno)); 1049 return 0; 1050 } 1051 # else 1052 log_err("no IP_SENDSRCADDR or IP_PKTINFO option, please disable " 1053 "interface-automatic or do-ip4 in config"); 1054 return 0; 1055 # endif /* IP_PKTINFO */ 1056 1057 } 1058 return 1; 1059 } 1060 1061 /** see if interface is ssl, its port number == the ssl port number */ 1062 static int 1063 if_is_ssl(const char* ifname, const char* port, int ssl_port, 1064 struct config_strlist* tls_additional_port) 1065 { 1066 struct config_strlist* s; 1067 char* p = strchr(ifname, '@'); 1068 if(!p && atoi(port) == ssl_port) 1069 return 1; 1070 if(p && atoi(p+1) == ssl_port) 1071 return 1; 1072 for(s = tls_additional_port; s; s = s->next) { 1073 if(p && atoi(p+1) == atoi(s->str)) 1074 return 1; 1075 if(!p && atoi(port) == atoi(s->str)) 1076 return 1; 1077 } 1078 return 0; 1079 } 1080 1081 /** 1082 * Helper for ports_open. Creates one interface (or NULL for default). 1083 * @param ifname: The interface ip address. 1084 * @param do_auto: use automatic interface detection. 1085 * If enabled, then ifname must be the wildcard name. 1086 * @param do_udp: if udp should be used. 1087 * @param do_tcp: if udp should be used. 1088 * @param hints: for getaddrinfo. family and flags have to be set by caller. 1089 * @param port: Port number to use (as string). 1090 * @param list: list of open ports, appended to, changed to point to list head. 1091 * @param rcv: receive buffer size for UDP 1092 * @param snd: send buffer size for UDP 1093 * @param ssl_port: ssl service port number 1094 * @param tls_additional_port: list of additional ssl service port numbers. 1095 * @param reuseport: try to set SO_REUSEPORT if nonNULL and true. 1096 * set to false on exit if reuseport failed due to no kernel support. 1097 * @param transparent: set IP_TRANSPARENT socket option. 1098 * @param tcp_mss: maximum segment size of tcp socket. default if zero. 1099 * @param freebind: set IP_FREEBIND socket option. 1100 * @param use_systemd: if true, fetch sockets from systemd. 1101 * @param dnscrypt_port: dnscrypt service port number 1102 * @return: returns false on error. 1103 */ 1104 static int 1105 ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, 1106 struct addrinfo *hints, const char* port, struct listen_port** list, 1107 size_t rcv, size_t snd, int ssl_port, 1108 struct config_strlist* tls_additional_port, int* reuseport, 1109 int transparent, int tcp_mss, int freebind, int use_systemd, 1110 int dnscrypt_port) 1111 { 1112 int s, noip6=0; 1113 #ifdef USE_DNSCRYPT 1114 int is_dnscrypt = ((strchr(ifname, '@') && 1115 atoi(strchr(ifname, '@')+1) == dnscrypt_port) || 1116 (!strchr(ifname, '@') && atoi(port) == dnscrypt_port)); 1117 #else 1118 int is_dnscrypt = 0; 1119 (void)dnscrypt_port; 1120 #endif 1121 1122 if(!do_udp && !do_tcp) 1123 return 0; 1124 if(do_auto) { 1125 if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, 1126 &noip6, rcv, snd, reuseport, transparent, 1127 tcp_mss, freebind, use_systemd)) == -1) { 1128 if(noip6) { 1129 log_warn("IPv6 protocol not available"); 1130 return 1; 1131 } 1132 return 0; 1133 } 1134 /* getting source addr packet info is highly non-portable */ 1135 if(!set_recvpktinfo(s, hints->ai_family)) { 1136 #ifndef USE_WINSOCK 1137 close(s); 1138 #else 1139 closesocket(s); 1140 #endif 1141 return 0; 1142 } 1143 if(!port_insert(list, s, 1144 is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) { 1145 #ifndef USE_WINSOCK 1146 close(s); 1147 #else 1148 closesocket(s); 1149 #endif 1150 return 0; 1151 } 1152 } else if(do_udp) { 1153 /* regular udp socket */ 1154 if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, 1155 &noip6, rcv, snd, reuseport, transparent, 1156 tcp_mss, freebind, use_systemd)) == -1) { 1157 if(noip6) { 1158 log_warn("IPv6 protocol not available"); 1159 return 1; 1160 } 1161 return 0; 1162 } 1163 if(!port_insert(list, s, 1164 is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) { 1165 #ifndef USE_WINSOCK 1166 close(s); 1167 #else 1168 closesocket(s); 1169 #endif 1170 return 0; 1171 } 1172 } 1173 if(do_tcp) { 1174 int is_ssl = if_is_ssl(ifname, port, ssl_port, 1175 tls_additional_port); 1176 if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, 1177 &noip6, 0, 0, reuseport, transparent, tcp_mss, 1178 freebind, use_systemd)) == -1) { 1179 if(noip6) { 1180 /*log_warn("IPv6 protocol not available");*/ 1181 return 1; 1182 } 1183 return 0; 1184 } 1185 if(is_ssl) 1186 verbose(VERB_ALGO, "setup TCP for SSL service"); 1187 if(!port_insert(list, s, is_ssl?listen_type_ssl: 1188 (is_dnscrypt?listen_type_tcp_dnscrypt:listen_type_tcp))) { 1189 #ifndef USE_WINSOCK 1190 close(s); 1191 #else 1192 closesocket(s); 1193 #endif 1194 return 0; 1195 } 1196 } 1197 return 1; 1198 } 1199 1200 /** 1201 * Add items to commpoint list in front. 1202 * @param c: commpoint to add. 1203 * @param front: listen struct. 1204 * @return: false on failure. 1205 */ 1206 static int 1207 listen_cp_insert(struct comm_point* c, struct listen_dnsport* front) 1208 { 1209 struct listen_list* item = (struct listen_list*)malloc( 1210 sizeof(struct listen_list)); 1211 if(!item) 1212 return 0; 1213 item->com = c; 1214 item->next = front->cps; 1215 front->cps = item; 1216 return 1; 1217 } 1218 1219 struct listen_dnsport* 1220 listen_create(struct comm_base* base, struct listen_port* ports, 1221 size_t bufsize, int tcp_accept_count, int tcp_idle_timeout, 1222 struct tcl_list* tcp_conn_limit, void* sslctx, 1223 struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg) 1224 { 1225 struct listen_dnsport* front = (struct listen_dnsport*) 1226 malloc(sizeof(struct listen_dnsport)); 1227 if(!front) 1228 return NULL; 1229 front->cps = NULL; 1230 front->udp_buff = sldns_buffer_new(bufsize); 1231 #ifdef USE_DNSCRYPT 1232 front->dnscrypt_udp_buff = NULL; 1233 #endif 1234 if(!front->udp_buff) { 1235 free(front); 1236 return NULL; 1237 } 1238 1239 /* create comm points as needed */ 1240 while(ports) { 1241 struct comm_point* cp = NULL; 1242 if(ports->ftype == listen_type_udp || 1243 ports->ftype == listen_type_udp_dnscrypt) 1244 cp = comm_point_create_udp(base, ports->fd, 1245 front->udp_buff, cb, cb_arg); 1246 else if(ports->ftype == listen_type_tcp || 1247 ports->ftype == listen_type_tcp_dnscrypt) 1248 cp = comm_point_create_tcp(base, ports->fd, 1249 tcp_accept_count, tcp_idle_timeout, 1250 tcp_conn_limit, bufsize, cb, cb_arg); 1251 else if(ports->ftype == listen_type_ssl) { 1252 cp = comm_point_create_tcp(base, ports->fd, 1253 tcp_accept_count, tcp_idle_timeout, 1254 tcp_conn_limit, bufsize, cb, cb_arg); 1255 cp->ssl = sslctx; 1256 } else if(ports->ftype == listen_type_udpancil || 1257 ports->ftype == listen_type_udpancil_dnscrypt) 1258 cp = comm_point_create_udp_ancil(base, ports->fd, 1259 front->udp_buff, cb, cb_arg); 1260 if(!cp) { 1261 log_err("can't create commpoint"); 1262 listen_delete(front); 1263 return NULL; 1264 } 1265 cp->dtenv = dtenv; 1266 cp->do_not_close = 1; 1267 #ifdef USE_DNSCRYPT 1268 if (ports->ftype == listen_type_udp_dnscrypt || 1269 ports->ftype == listen_type_tcp_dnscrypt || 1270 ports->ftype == listen_type_udpancil_dnscrypt) { 1271 cp->dnscrypt = 1; 1272 cp->dnscrypt_buffer = sldns_buffer_new(bufsize); 1273 if(!cp->dnscrypt_buffer) { 1274 log_err("can't alloc dnscrypt_buffer"); 1275 comm_point_delete(cp); 1276 listen_delete(front); 1277 return NULL; 1278 } 1279 front->dnscrypt_udp_buff = cp->dnscrypt_buffer; 1280 } 1281 #endif 1282 if(!listen_cp_insert(cp, front)) { 1283 log_err("malloc failed"); 1284 comm_point_delete(cp); 1285 listen_delete(front); 1286 return NULL; 1287 } 1288 ports = ports->next; 1289 } 1290 if(!front->cps) { 1291 log_err("Could not open sockets to accept queries."); 1292 listen_delete(front); 1293 return NULL; 1294 } 1295 1296 return front; 1297 } 1298 1299 void 1300 listen_list_delete(struct listen_list* list) 1301 { 1302 struct listen_list *p = list, *pn; 1303 while(p) { 1304 pn = p->next; 1305 comm_point_delete(p->com); 1306 free(p); 1307 p = pn; 1308 } 1309 } 1310 1311 void 1312 listen_delete(struct listen_dnsport* front) 1313 { 1314 if(!front) 1315 return; 1316 listen_list_delete(front->cps); 1317 #ifdef USE_DNSCRYPT 1318 if(front->dnscrypt_udp_buff && 1319 front->udp_buff != front->dnscrypt_udp_buff) { 1320 sldns_buffer_free(front->dnscrypt_udp_buff); 1321 } 1322 #endif 1323 sldns_buffer_free(front->udp_buff); 1324 free(front); 1325 } 1326 1327 struct listen_port* 1328 listening_ports_open(struct config_file* cfg, int* reuseport) 1329 { 1330 struct listen_port* list = NULL; 1331 struct addrinfo hints; 1332 int i, do_ip4, do_ip6; 1333 int do_tcp, do_auto; 1334 char portbuf[32]; 1335 snprintf(portbuf, sizeof(portbuf), "%d", cfg->port); 1336 do_ip4 = cfg->do_ip4; 1337 do_ip6 = cfg->do_ip6; 1338 do_tcp = cfg->do_tcp; 1339 do_auto = cfg->if_automatic && cfg->do_udp; 1340 if(cfg->incoming_num_tcp == 0) 1341 do_tcp = 0; 1342 1343 /* getaddrinfo */ 1344 memset(&hints, 0, sizeof(hints)); 1345 hints.ai_flags = AI_PASSIVE; 1346 /* no name lookups on our listening ports */ 1347 if(cfg->num_ifs > 0) 1348 hints.ai_flags |= AI_NUMERICHOST; 1349 hints.ai_family = AF_UNSPEC; 1350 #ifndef INET6 1351 do_ip6 = 0; 1352 #endif 1353 if(!do_ip4 && !do_ip6) { 1354 return NULL; 1355 } 1356 /* create ip4 and ip6 ports so that return addresses are nice. */ 1357 if(do_auto || cfg->num_ifs == 0) { 1358 if(do_ip6) { 1359 hints.ai_family = AF_INET6; 1360 if(!ports_create_if(do_auto?"::0":"::1", 1361 do_auto, cfg->do_udp, do_tcp, 1362 &hints, portbuf, &list, 1363 cfg->so_rcvbuf, cfg->so_sndbuf, 1364 cfg->ssl_port, cfg->tls_additional_port, 1365 reuseport, cfg->ip_transparent, 1366 cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, 1367 cfg->dnscrypt_port)) { 1368 listening_ports_free(list); 1369 return NULL; 1370 } 1371 } 1372 if(do_ip4) { 1373 hints.ai_family = AF_INET; 1374 if(!ports_create_if(do_auto?"0.0.0.0":"127.0.0.1", 1375 do_auto, cfg->do_udp, do_tcp, 1376 &hints, portbuf, &list, 1377 cfg->so_rcvbuf, cfg->so_sndbuf, 1378 cfg->ssl_port, cfg->tls_additional_port, 1379 reuseport, cfg->ip_transparent, 1380 cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, 1381 cfg->dnscrypt_port)) { 1382 listening_ports_free(list); 1383 return NULL; 1384 } 1385 } 1386 } else for(i = 0; i<cfg->num_ifs; i++) { 1387 if(str_is_ip6(cfg->ifs[i])) { 1388 if(!do_ip6) 1389 continue; 1390 hints.ai_family = AF_INET6; 1391 if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, 1392 do_tcp, &hints, portbuf, &list, 1393 cfg->so_rcvbuf, cfg->so_sndbuf, 1394 cfg->ssl_port, cfg->tls_additional_port, 1395 reuseport, cfg->ip_transparent, 1396 cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, 1397 cfg->dnscrypt_port)) { 1398 listening_ports_free(list); 1399 return NULL; 1400 } 1401 } else { 1402 if(!do_ip4) 1403 continue; 1404 hints.ai_family = AF_INET; 1405 if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, 1406 do_tcp, &hints, portbuf, &list, 1407 cfg->so_rcvbuf, cfg->so_sndbuf, 1408 cfg->ssl_port, cfg->tls_additional_port, 1409 reuseport, cfg->ip_transparent, 1410 cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, 1411 cfg->dnscrypt_port)) { 1412 listening_ports_free(list); 1413 return NULL; 1414 } 1415 } 1416 } 1417 return list; 1418 } 1419 1420 void listening_ports_free(struct listen_port* list) 1421 { 1422 struct listen_port* nx; 1423 while(list) { 1424 nx = list->next; 1425 if(list->fd != -1) { 1426 #ifndef USE_WINSOCK 1427 close(list->fd); 1428 #else 1429 closesocket(list->fd); 1430 #endif 1431 } 1432 free(list); 1433 list = nx; 1434 } 1435 } 1436 1437 size_t listen_get_mem(struct listen_dnsport* listen) 1438 { 1439 struct listen_list* p; 1440 size_t s = sizeof(*listen) + sizeof(*listen->base) + 1441 sizeof(*listen->udp_buff) + 1442 sldns_buffer_capacity(listen->udp_buff); 1443 #ifdef USE_DNSCRYPT 1444 s += sizeof(*listen->dnscrypt_udp_buff); 1445 if(listen->udp_buff != listen->dnscrypt_udp_buff){ 1446 s += sldns_buffer_capacity(listen->dnscrypt_udp_buff); 1447 } 1448 #endif 1449 for(p = listen->cps; p; p = p->next) { 1450 s += sizeof(*p); 1451 s += comm_point_get_mem(p->com); 1452 } 1453 return s; 1454 } 1455 1456 void listen_stop_accept(struct listen_dnsport* listen) 1457 { 1458 /* do not stop the ones that have no tcp_free list 1459 * (they have already stopped listening) */ 1460 struct listen_list* p; 1461 for(p=listen->cps; p; p=p->next) { 1462 if(p->com->type == comm_tcp_accept && 1463 p->com->tcp_free != NULL) { 1464 comm_point_stop_listening(p->com); 1465 } 1466 } 1467 } 1468 1469 void listen_start_accept(struct listen_dnsport* listen) 1470 { 1471 /* do not start the ones that have no tcp_free list, it is no 1472 * use to listen to them because they have no free tcp handlers */ 1473 struct listen_list* p; 1474 for(p=listen->cps; p; p=p->next) { 1475 if(p->com->type == comm_tcp_accept && 1476 p->com->tcp_free != NULL) { 1477 comm_point_start_listening(p->com, -1, -1); 1478 } 1479 } 1480 } 1481 1482