1 /* 2 * services/listen_dnsport.c - listen on port 53 for incoming DNS queries. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file has functions to get queries from clients. 40 */ 41 #include "config.h" 42 #ifdef HAVE_SYS_TYPES_H 43 # include <sys/types.h> 44 #endif 45 #include <sys/time.h> 46 #include <limits.h> 47 #ifdef USE_TCP_FASTOPEN 48 #include <netinet/tcp.h> 49 #endif 50 #include <ctype.h> 51 #include "services/listen_dnsport.h" 52 #include "services/outside_network.h" 53 #include "util/netevent.h" 54 #include "util/log.h" 55 #include "util/config_file.h" 56 #include "util/net_help.h" 57 #include "sldns/sbuffer.h" 58 #include "sldns/parseutil.h" 59 #include "services/mesh.h" 60 #include "util/fptr_wlist.h" 61 #include "util/locks.h" 62 63 #ifdef HAVE_NETDB_H 64 #include <netdb.h> 65 #endif 66 #include <fcntl.h> 67 68 #ifdef HAVE_SYS_UN_H 69 #include <sys/un.h> 70 #endif 71 72 #ifdef HAVE_SYSTEMD 73 #include <systemd/sd-daemon.h> 74 #endif 75 76 #ifdef HAVE_IFADDRS_H 77 #include <ifaddrs.h> 78 #endif 79 #ifdef HAVE_NET_IF_H 80 #include <net/if.h> 81 #endif 82 83 /** number of queued TCP connections for listen() */ 84 #define TCP_BACKLOG 256 85 86 #ifndef THREADS_DISABLED 87 /** lock on the counter of stream buffer memory */ 88 static lock_basic_type stream_wait_count_lock; 89 /** lock on the counter of HTTP2 query buffer memory */ 90 static lock_basic_type http2_query_buffer_count_lock; 91 /** lock on the counter of HTTP2 response buffer memory */ 92 static lock_basic_type http2_response_buffer_count_lock; 93 #endif 94 /** size (in bytes) of stream wait buffers */ 95 static size_t stream_wait_count = 0; 96 /** is the lock initialised for stream wait buffers */ 97 static int stream_wait_lock_inited = 0; 98 /** size (in bytes) of HTTP2 query buffers */ 99 static size_t http2_query_buffer_count = 0; 100 /** is the lock initialised for HTTP2 query buffers */ 101 static int http2_query_buffer_lock_inited = 0; 102 /** size (in bytes) of HTTP2 response buffers */ 103 static size_t http2_response_buffer_count = 0; 104 /** is the lock initialised for HTTP2 response buffers */ 105 static int http2_response_buffer_lock_inited = 0; 106 107 /** 108 * Debug print of the getaddrinfo returned address. 109 * @param addr: the address returned. 110 */ 111 static void 112 verbose_print_addr(struct addrinfo *addr) 113 { 114 if(verbosity >= VERB_ALGO) { 115 char buf[100]; 116 void* sinaddr = &((struct sockaddr_in*)addr->ai_addr)->sin_addr; 117 #ifdef INET6 118 if(addr->ai_family == AF_INET6) 119 sinaddr = &((struct sockaddr_in6*)addr->ai_addr)-> 120 sin6_addr; 121 #endif /* INET6 */ 122 if(inet_ntop(addr->ai_family, sinaddr, buf, 123 (socklen_t)sizeof(buf)) == 0) { 124 (void)strlcpy(buf, "(null)", sizeof(buf)); 125 } 126 buf[sizeof(buf)-1] = 0; 127 verbose(VERB_ALGO, "creating %s%s socket %s %d", 128 addr->ai_socktype==SOCK_DGRAM?"udp": 129 addr->ai_socktype==SOCK_STREAM?"tcp":"otherproto", 130 addr->ai_family==AF_INET?"4": 131 addr->ai_family==AF_INET6?"6": 132 "_otherfam", buf, 133 ntohs(((struct sockaddr_in*)addr->ai_addr)->sin_port)); 134 } 135 } 136 137 void 138 verbose_print_unbound_socket(struct unbound_socket* ub_sock) 139 { 140 if(verbosity >= VERB_ALGO) { 141 log_info("listing of unbound_socket structure:"); 142 verbose_print_addr(ub_sock->addr); 143 log_info("s is: %d, fam is: %s", ub_sock->s, ub_sock->fam == AF_INET?"AF_INET":"AF_INET6"); 144 } 145 } 146 147 #ifdef HAVE_SYSTEMD 148 static int 149 systemd_get_activated(int family, int socktype, int listen, 150 struct sockaddr *addr, socklen_t addrlen, 151 const char *path) 152 { 153 int i = 0; 154 int r = 0; 155 int s = -1; 156 const char* listen_pid, *listen_fds; 157 158 /* We should use "listen" option only for stream protocols. For UDP it should be -1 */ 159 160 if((r = sd_booted()) < 1) { 161 if(r == 0) 162 log_warn("systemd is not running"); 163 else 164 log_err("systemd sd_booted(): %s", strerror(-r)); 165 return -1; 166 } 167 168 listen_pid = getenv("LISTEN_PID"); 169 listen_fds = getenv("LISTEN_FDS"); 170 171 if (!listen_pid) { 172 log_warn("Systemd mandatory ENV variable is not defined: LISTEN_PID"); 173 return -1; 174 } 175 176 if (!listen_fds) { 177 log_warn("Systemd mandatory ENV variable is not defined: LISTEN_FDS"); 178 return -1; 179 } 180 181 if((r = sd_listen_fds(0)) < 1) { 182 if(r == 0) 183 log_warn("systemd: did not return socket, check unit configuration"); 184 else 185 log_err("systemd sd_listen_fds(): %s", strerror(-r)); 186 return -1; 187 } 188 189 for(i = 0; i < r; i++) { 190 if(sd_is_socket(SD_LISTEN_FDS_START + i, family, socktype, listen)) { 191 s = SD_LISTEN_FDS_START + i; 192 break; 193 } 194 } 195 if (s == -1) { 196 if (addr) 197 log_err_addr("systemd sd_listen_fds()", 198 "no such socket", 199 (struct sockaddr_storage *)addr, addrlen); 200 else 201 log_err("systemd sd_listen_fds(): %s", path); 202 } 203 return s; 204 } 205 #endif 206 207 int 208 create_udp_sock(int family, int socktype, struct sockaddr* addr, 209 socklen_t addrlen, int v6only, int* inuse, int* noproto, 210 int rcv, int snd, int listen, int* reuseport, int transparent, 211 int freebind, int use_systemd, int dscp) 212 { 213 int s; 214 char* err; 215 #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined (SO_BINDANY) 216 int on=1; 217 #endif 218 #ifdef IPV6_MTU 219 int mtu = IPV6_MIN_MTU; 220 #endif 221 #if !defined(SO_RCVBUFFORCE) && !defined(SO_RCVBUF) 222 (void)rcv; 223 #endif 224 #if !defined(SO_SNDBUFFORCE) && !defined(SO_SNDBUF) 225 (void)snd; 226 #endif 227 #ifndef IPV6_V6ONLY 228 (void)v6only; 229 #endif 230 #if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) && !defined(SO_BINDANY) 231 (void)transparent; 232 #endif 233 #if !defined(IP_FREEBIND) 234 (void)freebind; 235 #endif 236 #ifdef HAVE_SYSTEMD 237 int got_fd_from_systemd = 0; 238 239 if (!use_systemd 240 || (use_systemd 241 && (s = systemd_get_activated(family, socktype, -1, addr, 242 addrlen, NULL)) == -1)) { 243 #else 244 (void)use_systemd; 245 #endif 246 if((s = socket(family, socktype, 0)) == -1) { 247 *inuse = 0; 248 #ifndef USE_WINSOCK 249 if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) { 250 *noproto = 1; 251 return -1; 252 } 253 #else 254 if(WSAGetLastError() == WSAEAFNOSUPPORT || 255 WSAGetLastError() == WSAEPROTONOSUPPORT) { 256 *noproto = 1; 257 return -1; 258 } 259 #endif 260 log_err("can't create socket: %s", sock_strerror(errno)); 261 *noproto = 0; 262 return -1; 263 } 264 #ifdef HAVE_SYSTEMD 265 } else { 266 got_fd_from_systemd = 1; 267 } 268 #endif 269 if(listen) { 270 #ifdef SO_REUSEADDR 271 if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, 272 (socklen_t)sizeof(on)) < 0) { 273 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", 274 sock_strerror(errno)); 275 #ifndef USE_WINSOCK 276 if(errno != ENOSYS) { 277 close(s); 278 *noproto = 0; 279 *inuse = 0; 280 return -1; 281 } 282 #else 283 closesocket(s); 284 *noproto = 0; 285 *inuse = 0; 286 return -1; 287 #endif 288 } 289 #endif /* SO_REUSEADDR */ 290 #ifdef SO_REUSEPORT 291 # ifdef SO_REUSEPORT_LB 292 /* on FreeBSD 12 we have SO_REUSEPORT_LB that does loadbalance 293 * like SO_REUSEPORT on Linux. This is what the users want 294 * with the config option in unbound.conf; if we actually 295 * need local address and port reuse they'll also need to 296 * have SO_REUSEPORT set for them, assume it was _LB they want. 297 */ 298 if (reuseport && *reuseport && 299 setsockopt(s, SOL_SOCKET, SO_REUSEPORT_LB, (void*)&on, 300 (socklen_t)sizeof(on)) < 0) { 301 #ifdef ENOPROTOOPT 302 if(errno != ENOPROTOOPT || verbosity >= 3) 303 log_warn("setsockopt(.. SO_REUSEPORT_LB ..) failed: %s", 304 strerror(errno)); 305 #endif 306 /* this option is not essential, we can continue */ 307 *reuseport = 0; 308 } 309 # else /* no SO_REUSEPORT_LB */ 310 311 /* try to set SO_REUSEPORT so that incoming 312 * queries are distributed evenly among the receiving threads. 313 * Each thread must have its own socket bound to the same port, 314 * with SO_REUSEPORT set on each socket. 315 */ 316 if (reuseport && *reuseport && 317 setsockopt(s, SOL_SOCKET, SO_REUSEPORT, (void*)&on, 318 (socklen_t)sizeof(on)) < 0) { 319 #ifdef ENOPROTOOPT 320 if(errno != ENOPROTOOPT || verbosity >= 3) 321 log_warn("setsockopt(.. SO_REUSEPORT ..) failed: %s", 322 strerror(errno)); 323 #endif 324 /* this option is not essential, we can continue */ 325 *reuseport = 0; 326 } 327 # endif /* SO_REUSEPORT_LB */ 328 #else 329 (void)reuseport; 330 #endif /* defined(SO_REUSEPORT) */ 331 #ifdef IP_TRANSPARENT 332 if (transparent && 333 setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on, 334 (socklen_t)sizeof(on)) < 0) { 335 log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s", 336 strerror(errno)); 337 } 338 #elif defined(IP_BINDANY) 339 if (transparent && 340 setsockopt(s, (family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP), 341 (family == AF_INET6? IPV6_BINDANY:IP_BINDANY), 342 (void*)&on, (socklen_t)sizeof(on)) < 0) { 343 log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s", 344 (family==AF_INET6?"V6":""), strerror(errno)); 345 } 346 #elif defined(SO_BINDANY) 347 if (transparent && 348 setsockopt(s, SOL_SOCKET, SO_BINDANY, (void*)&on, 349 (socklen_t)sizeof(on)) < 0) { 350 log_warn("setsockopt(.. SO_BINDANY ..) failed: %s", 351 strerror(errno)); 352 } 353 #endif /* IP_TRANSPARENT || IP_BINDANY || SO_BINDANY */ 354 } 355 #ifdef IP_FREEBIND 356 if(freebind && 357 setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on, 358 (socklen_t)sizeof(on)) < 0) { 359 log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s", 360 strerror(errno)); 361 } 362 #endif /* IP_FREEBIND */ 363 if(rcv) { 364 #ifdef SO_RCVBUF 365 int got; 366 socklen_t slen = (socklen_t)sizeof(got); 367 # ifdef SO_RCVBUFFORCE 368 /* Linux specific: try to use root permission to override 369 * system limits on rcvbuf. The limit is stored in 370 * /proc/sys/net/core/rmem_max or sysctl net.core.rmem_max */ 371 if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv, 372 (socklen_t)sizeof(rcv)) < 0) { 373 if(errno != EPERM) { 374 log_err("setsockopt(..., SO_RCVBUFFORCE, " 375 "...) failed: %s", sock_strerror(errno)); 376 sock_close(s); 377 *noproto = 0; 378 *inuse = 0; 379 return -1; 380 } 381 # endif /* SO_RCVBUFFORCE */ 382 if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv, 383 (socklen_t)sizeof(rcv)) < 0) { 384 log_err("setsockopt(..., SO_RCVBUF, " 385 "...) failed: %s", sock_strerror(errno)); 386 sock_close(s); 387 *noproto = 0; 388 *inuse = 0; 389 return -1; 390 } 391 /* check if we got the right thing or if system 392 * reduced to some system max. Warn if so */ 393 if(getsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&got, 394 &slen) >= 0 && got < rcv/2) { 395 log_warn("so-rcvbuf %u was not granted. " 396 "Got %u. To fix: start with " 397 "root permissions(linux) or sysctl " 398 "bigger net.core.rmem_max(linux) or " 399 "kern.ipc.maxsockbuf(bsd) values.", 400 (unsigned)rcv, (unsigned)got); 401 } 402 # ifdef SO_RCVBUFFORCE 403 } 404 # endif 405 #endif /* SO_RCVBUF */ 406 } 407 /* first do RCVBUF as the receive buffer is more important */ 408 if(snd) { 409 #ifdef SO_SNDBUF 410 int got; 411 socklen_t slen = (socklen_t)sizeof(got); 412 # ifdef SO_SNDBUFFORCE 413 /* Linux specific: try to use root permission to override 414 * system limits on sndbuf. The limit is stored in 415 * /proc/sys/net/core/wmem_max or sysctl net.core.wmem_max */ 416 if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd, 417 (socklen_t)sizeof(snd)) < 0) { 418 if(errno != EPERM) { 419 log_err("setsockopt(..., SO_SNDBUFFORCE, " 420 "...) failed: %s", sock_strerror(errno)); 421 sock_close(s); 422 *noproto = 0; 423 *inuse = 0; 424 return -1; 425 } 426 # endif /* SO_SNDBUFFORCE */ 427 if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd, 428 (socklen_t)sizeof(snd)) < 0) { 429 log_err("setsockopt(..., SO_SNDBUF, " 430 "...) failed: %s", sock_strerror(errno)); 431 sock_close(s); 432 *noproto = 0; 433 *inuse = 0; 434 return -1; 435 } 436 /* check if we got the right thing or if system 437 * reduced to some system max. Warn if so */ 438 if(getsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&got, 439 &slen) >= 0 && got < snd/2) { 440 log_warn("so-sndbuf %u was not granted. " 441 "Got %u. To fix: start with " 442 "root permissions(linux) or sysctl " 443 "bigger net.core.wmem_max(linux) or " 444 "kern.ipc.maxsockbuf(bsd) values.", 445 (unsigned)snd, (unsigned)got); 446 } 447 # ifdef SO_SNDBUFFORCE 448 } 449 # endif 450 #endif /* SO_SNDBUF */ 451 } 452 err = set_ip_dscp(s, family, dscp); 453 if(err != NULL) 454 log_warn("error setting IP DiffServ codepoint %d on UDP socket: %s", dscp, err); 455 if(family == AF_INET6) { 456 # if defined(IPV6_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) 457 int omit6_set = 0; 458 int action; 459 # endif 460 # if defined(IPV6_V6ONLY) 461 if(v6only) { 462 int val=(v6only==2)?0:1; 463 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, 464 (void*)&val, (socklen_t)sizeof(val)) < 0) { 465 log_err("setsockopt(..., IPV6_V6ONLY" 466 ", ...) failed: %s", sock_strerror(errno)); 467 sock_close(s); 468 *noproto = 0; 469 *inuse = 0; 470 return -1; 471 } 472 } 473 # endif 474 # if defined(IPV6_USE_MIN_MTU) 475 /* 476 * There is no fragmentation of IPv6 datagrams 477 * during forwarding in the network. Therefore 478 * we do not send UDP datagrams larger than 479 * the minimum IPv6 MTU of 1280 octets. The 480 * EDNS0 message length can be larger if the 481 * network stack supports IPV6_USE_MIN_MTU. 482 */ 483 if (setsockopt(s, IPPROTO_IPV6, IPV6_USE_MIN_MTU, 484 (void*)&on, (socklen_t)sizeof(on)) < 0) { 485 log_err("setsockopt(..., IPV6_USE_MIN_MTU, " 486 "...) failed: %s", sock_strerror(errno)); 487 sock_close(s); 488 *noproto = 0; 489 *inuse = 0; 490 return -1; 491 } 492 # elif defined(IPV6_MTU) 493 /* 494 * On Linux, to send no larger than 1280, the PMTUD is 495 * disabled by default for datagrams anyway, so we set 496 * the MTU to use. 497 */ 498 if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU, 499 (void*)&mtu, (socklen_t)sizeof(mtu)) < 0) { 500 log_err("setsockopt(..., IPV6_MTU, ...) failed: %s", 501 sock_strerror(errno)); 502 sock_close(s); 503 *noproto = 0; 504 *inuse = 0; 505 return -1; 506 } 507 # endif /* IPv6 MTU */ 508 # if defined(IPV6_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) 509 # if defined(IP_PMTUDISC_OMIT) 510 action = IP_PMTUDISC_OMIT; 511 if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU_DISCOVER, 512 &action, (socklen_t)sizeof(action)) < 0) { 513 514 if (errno != EINVAL) { 515 log_err("setsockopt(..., IPV6_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s", 516 strerror(errno)); 517 sock_close(s); 518 *noproto = 0; 519 *inuse = 0; 520 return -1; 521 } 522 } 523 else 524 { 525 omit6_set = 1; 526 } 527 # endif 528 if (omit6_set == 0) { 529 action = IP_PMTUDISC_DONT; 530 if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU_DISCOVER, 531 &action, (socklen_t)sizeof(action)) < 0) { 532 log_err("setsockopt(..., IPV6_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s", 533 strerror(errno)); 534 sock_close(s); 535 *noproto = 0; 536 *inuse = 0; 537 return -1; 538 } 539 } 540 # endif /* IPV6_MTU_DISCOVER */ 541 } else if(family == AF_INET) { 542 # if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) 543 /* linux 3.15 has IP_PMTUDISC_OMIT, Hannes Frederic Sowa made it so that 544 * PMTU information is not accepted, but fragmentation is allowed 545 * if and only if the packet size exceeds the outgoing interface MTU 546 * (and also uses the interface mtu to determine the size of the packets). 547 * So there won't be any EMSGSIZE error. Against DNS fragmentation attacks. 548 * FreeBSD already has same semantics without setting the option. */ 549 int omit_set = 0; 550 int action; 551 # if defined(IP_PMTUDISC_OMIT) 552 action = IP_PMTUDISC_OMIT; 553 if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, 554 &action, (socklen_t)sizeof(action)) < 0) { 555 556 if (errno != EINVAL) { 557 log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s", 558 strerror(errno)); 559 sock_close(s); 560 *noproto = 0; 561 *inuse = 0; 562 return -1; 563 } 564 } 565 else 566 { 567 omit_set = 1; 568 } 569 # endif 570 if (omit_set == 0) { 571 action = IP_PMTUDISC_DONT; 572 if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, 573 &action, (socklen_t)sizeof(action)) < 0) { 574 log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s", 575 strerror(errno)); 576 sock_close(s); 577 *noproto = 0; 578 *inuse = 0; 579 return -1; 580 } 581 } 582 # elif defined(IP_DONTFRAG) && !defined(__APPLE__) 583 /* the IP_DONTFRAG option if defined in the 11.0 OSX headers, 584 * but does not work on that version, so we exclude it */ 585 int off = 0; 586 if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG, 587 &off, (socklen_t)sizeof(off)) < 0) { 588 log_err("setsockopt(..., IP_DONTFRAG, ...) failed: %s", 589 strerror(errno)); 590 sock_close(s); 591 *noproto = 0; 592 *inuse = 0; 593 return -1; 594 } 595 # endif /* IPv4 MTU */ 596 } 597 if( 598 #ifdef HAVE_SYSTEMD 599 !got_fd_from_systemd && 600 #endif 601 bind(s, (struct sockaddr*)addr, addrlen) != 0) { 602 *noproto = 0; 603 *inuse = 0; 604 #ifndef USE_WINSOCK 605 #ifdef EADDRINUSE 606 *inuse = (errno == EADDRINUSE); 607 /* detect freebsd jail with no ipv6 permission */ 608 if(family==AF_INET6 && errno==EINVAL) 609 *noproto = 1; 610 else if(errno != EADDRINUSE && 611 !(errno == EACCES && verbosity < 4 && !listen) 612 #ifdef EADDRNOTAVAIL 613 && !(errno == EADDRNOTAVAIL && verbosity < 4 && !listen) 614 #endif 615 ) { 616 log_err_addr("can't bind socket", strerror(errno), 617 (struct sockaddr_storage*)addr, addrlen); 618 } 619 #endif /* EADDRINUSE */ 620 #else /* USE_WINSOCK */ 621 if(WSAGetLastError() != WSAEADDRINUSE && 622 WSAGetLastError() != WSAEADDRNOTAVAIL && 623 !(WSAGetLastError() == WSAEACCES && verbosity < 4 && !listen)) { 624 log_err_addr("can't bind socket", 625 wsa_strerror(WSAGetLastError()), 626 (struct sockaddr_storage*)addr, addrlen); 627 } 628 #endif /* USE_WINSOCK */ 629 sock_close(s); 630 return -1; 631 } 632 if(!fd_set_nonblock(s)) { 633 *noproto = 0; 634 *inuse = 0; 635 sock_close(s); 636 return -1; 637 } 638 return s; 639 } 640 641 int 642 create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, 643 int* reuseport, int transparent, int mss, int nodelay, int freebind, 644 int use_systemd, int dscp) 645 { 646 int s; 647 char* err; 648 #if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined(SO_BINDANY) 649 int on = 1; 650 #endif 651 #ifdef HAVE_SYSTEMD 652 int got_fd_from_systemd = 0; 653 #endif 654 #ifdef USE_TCP_FASTOPEN 655 int qlen; 656 #endif 657 #if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) && !defined(SO_BINDANY) 658 (void)transparent; 659 #endif 660 #if !defined(IP_FREEBIND) 661 (void)freebind; 662 #endif 663 verbose_print_addr(addr); 664 *noproto = 0; 665 #ifdef HAVE_SYSTEMD 666 if (!use_systemd || 667 (use_systemd 668 && (s = systemd_get_activated(addr->ai_family, addr->ai_socktype, 1, 669 addr->ai_addr, addr->ai_addrlen, 670 NULL)) == -1)) { 671 #else 672 (void)use_systemd; 673 #endif 674 if((s = socket(addr->ai_family, addr->ai_socktype, 0)) == -1) { 675 #ifndef USE_WINSOCK 676 if(errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) { 677 *noproto = 1; 678 return -1; 679 } 680 #else 681 if(WSAGetLastError() == WSAEAFNOSUPPORT || 682 WSAGetLastError() == WSAEPROTONOSUPPORT) { 683 *noproto = 1; 684 return -1; 685 } 686 #endif 687 log_err("can't create socket: %s", sock_strerror(errno)); 688 return -1; 689 } 690 if(nodelay) { 691 #if defined(IPPROTO_TCP) && defined(TCP_NODELAY) 692 if(setsockopt(s, IPPROTO_TCP, TCP_NODELAY, (void*)&on, 693 (socklen_t)sizeof(on)) < 0) { 694 #ifndef USE_WINSOCK 695 log_err(" setsockopt(.. TCP_NODELAY ..) failed: %s", 696 strerror(errno)); 697 #else 698 log_err(" setsockopt(.. TCP_NODELAY ..) failed: %s", 699 wsa_strerror(WSAGetLastError())); 700 #endif 701 } 702 #else 703 log_warn(" setsockopt(TCP_NODELAY) unsupported"); 704 #endif /* defined(IPPROTO_TCP) && defined(TCP_NODELAY) */ 705 } 706 if (mss > 0) { 707 #if defined(IPPROTO_TCP) && defined(TCP_MAXSEG) 708 if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, (void*)&mss, 709 (socklen_t)sizeof(mss)) < 0) { 710 log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s", 711 sock_strerror(errno)); 712 } else { 713 verbose(VERB_ALGO, 714 " tcp socket mss set to %d", mss); 715 } 716 #else 717 log_warn(" setsockopt(TCP_MAXSEG) unsupported"); 718 #endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */ 719 } 720 #ifdef HAVE_SYSTEMD 721 } else { 722 got_fd_from_systemd = 1; 723 } 724 #endif 725 #ifdef SO_REUSEADDR 726 if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, 727 (socklen_t)sizeof(on)) < 0) { 728 log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", 729 sock_strerror(errno)); 730 sock_close(s); 731 return -1; 732 } 733 #endif /* SO_REUSEADDR */ 734 #ifdef IP_FREEBIND 735 if (freebind && setsockopt(s, IPPROTO_IP, IP_FREEBIND, (void*)&on, 736 (socklen_t)sizeof(on)) < 0) { 737 log_warn("setsockopt(.. IP_FREEBIND ..) failed: %s", 738 strerror(errno)); 739 } 740 #endif /* IP_FREEBIND */ 741 #ifdef SO_REUSEPORT 742 /* try to set SO_REUSEPORT so that incoming 743 * connections are distributed evenly among the receiving threads. 744 * Each thread must have its own socket bound to the same port, 745 * with SO_REUSEPORT set on each socket. 746 */ 747 if (reuseport && *reuseport && 748 setsockopt(s, SOL_SOCKET, SO_REUSEPORT, (void*)&on, 749 (socklen_t)sizeof(on)) < 0) { 750 #ifdef ENOPROTOOPT 751 if(errno != ENOPROTOOPT || verbosity >= 3) 752 log_warn("setsockopt(.. SO_REUSEPORT ..) failed: %s", 753 strerror(errno)); 754 #endif 755 /* this option is not essential, we can continue */ 756 *reuseport = 0; 757 } 758 #else 759 (void)reuseport; 760 #endif /* defined(SO_REUSEPORT) */ 761 #if defined(IPV6_V6ONLY) 762 if(addr->ai_family == AF_INET6 && v6only) { 763 if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, 764 (void*)&on, (socklen_t)sizeof(on)) < 0) { 765 log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s", 766 sock_strerror(errno)); 767 sock_close(s); 768 return -1; 769 } 770 } 771 #else 772 (void)v6only; 773 #endif /* IPV6_V6ONLY */ 774 #ifdef IP_TRANSPARENT 775 if (transparent && 776 setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on, 777 (socklen_t)sizeof(on)) < 0) { 778 log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s", 779 strerror(errno)); 780 } 781 #elif defined(IP_BINDANY) 782 if (transparent && 783 setsockopt(s, (addr->ai_family==AF_INET6? IPPROTO_IPV6:IPPROTO_IP), 784 (addr->ai_family == AF_INET6? IPV6_BINDANY:IP_BINDANY), 785 (void*)&on, (socklen_t)sizeof(on)) < 0) { 786 log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s", 787 (addr->ai_family==AF_INET6?"V6":""), strerror(errno)); 788 } 789 #elif defined(SO_BINDANY) 790 if (transparent && 791 setsockopt(s, SOL_SOCKET, SO_BINDANY, (void*)&on, (socklen_t) 792 sizeof(on)) < 0) { 793 log_warn("setsockopt(.. SO_BINDANY ..) failed: %s", 794 strerror(errno)); 795 } 796 #endif /* IP_TRANSPARENT || IP_BINDANY || SO_BINDANY */ 797 err = set_ip_dscp(s, addr->ai_family, dscp); 798 if(err != NULL) 799 log_warn("error setting IP DiffServ codepoint %d on TCP socket: %s", dscp, err); 800 if( 801 #ifdef HAVE_SYSTEMD 802 !got_fd_from_systemd && 803 #endif 804 bind(s, addr->ai_addr, addr->ai_addrlen) != 0) { 805 #ifndef USE_WINSOCK 806 /* detect freebsd jail with no ipv6 permission */ 807 if(addr->ai_family==AF_INET6 && errno==EINVAL) 808 *noproto = 1; 809 else { 810 log_err_addr("can't bind socket", strerror(errno), 811 (struct sockaddr_storage*)addr->ai_addr, 812 addr->ai_addrlen); 813 } 814 #else 815 log_err_addr("can't bind socket", 816 wsa_strerror(WSAGetLastError()), 817 (struct sockaddr_storage*)addr->ai_addr, 818 addr->ai_addrlen); 819 #endif 820 sock_close(s); 821 return -1; 822 } 823 if(!fd_set_nonblock(s)) { 824 sock_close(s); 825 return -1; 826 } 827 if(listen(s, TCP_BACKLOG) == -1) { 828 log_err("can't listen: %s", sock_strerror(errno)); 829 sock_close(s); 830 return -1; 831 } 832 #ifdef USE_TCP_FASTOPEN 833 /* qlen specifies how many outstanding TFO requests to allow. Limit is a defense 834 against IP spoofing attacks as suggested in RFC7413 */ 835 #ifdef __APPLE__ 836 /* OS X implementation only supports qlen of 1 via this call. Actual 837 value is configured by the net.inet.tcp.fastopen_backlog kernel parm. */ 838 qlen = 1; 839 #else 840 /* 5 is recommended on linux */ 841 qlen = 5; 842 #endif 843 if ((setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN, &qlen, 844 sizeof(qlen))) == -1 ) { 845 #ifdef ENOPROTOOPT 846 /* squelch ENOPROTOOPT: freebsd server mode with kernel support 847 disabled, except when verbosity enabled for debugging */ 848 if(errno != ENOPROTOOPT || verbosity >= 3) { 849 #endif 850 if(errno == EPERM) { 851 log_warn("Setting TCP Fast Open as server failed: %s ; this could likely be because sysctl net.inet.tcp.fastopen.enabled, net.inet.tcp.fastopen.server_enable, or net.ipv4.tcp_fastopen is disabled", strerror(errno)); 852 } else { 853 log_err("Setting TCP Fast Open as server failed: %s", strerror(errno)); 854 } 855 #ifdef ENOPROTOOPT 856 } 857 #endif 858 } 859 #endif 860 return s; 861 } 862 863 char* 864 set_ip_dscp(int socket, int addrfamily, int dscp) 865 { 866 int ds; 867 868 if(dscp == 0) 869 return NULL; 870 ds = dscp << 2; 871 switch(addrfamily) { 872 case AF_INET6: 873 #ifdef IPV6_TCLASS 874 if(setsockopt(socket, IPPROTO_IPV6, IPV6_TCLASS, (void*)&ds, 875 sizeof(ds)) < 0) 876 return sock_strerror(errno); 877 break; 878 #else 879 return "IPV6_TCLASS not defined on this system"; 880 #endif 881 default: 882 if(setsockopt(socket, IPPROTO_IP, IP_TOS, (void*)&ds, sizeof(ds)) < 0) 883 return sock_strerror(errno); 884 break; 885 } 886 return NULL; 887 } 888 889 int 890 create_local_accept_sock(const char *path, int* noproto, int use_systemd) 891 { 892 #ifdef HAVE_SYSTEMD 893 int ret; 894 895 if (use_systemd && (ret = systemd_get_activated(AF_LOCAL, SOCK_STREAM, 1, NULL, 0, path)) != -1) 896 return ret; 897 else { 898 #endif 899 #ifdef HAVE_SYS_UN_H 900 int s; 901 struct sockaddr_un usock; 902 #ifndef HAVE_SYSTEMD 903 (void)use_systemd; 904 #endif 905 906 verbose(VERB_ALGO, "creating unix socket %s", path); 907 #ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN 908 /* this member exists on BSDs, not Linux */ 909 usock.sun_len = (unsigned)sizeof(usock); 910 #endif 911 usock.sun_family = AF_LOCAL; 912 /* length is 92-108, 104 on FreeBSD */ 913 (void)strlcpy(usock.sun_path, path, sizeof(usock.sun_path)); 914 915 if ((s = socket(AF_LOCAL, SOCK_STREAM, 0)) == -1) { 916 log_err("Cannot create local socket %s (%s)", 917 path, strerror(errno)); 918 return -1; 919 } 920 921 if (unlink(path) && errno != ENOENT) { 922 /* The socket already exists and cannot be removed */ 923 log_err("Cannot remove old local socket %s (%s)", 924 path, strerror(errno)); 925 goto err; 926 } 927 928 if (bind(s, (struct sockaddr *)&usock, 929 (socklen_t)sizeof(struct sockaddr_un)) == -1) { 930 log_err("Cannot bind local socket %s (%s)", 931 path, strerror(errno)); 932 goto err; 933 } 934 935 if (!fd_set_nonblock(s)) { 936 log_err("Cannot set non-blocking mode"); 937 goto err; 938 } 939 940 if (listen(s, TCP_BACKLOG) == -1) { 941 log_err("can't listen: %s", strerror(errno)); 942 goto err; 943 } 944 945 (void)noproto; /*unused*/ 946 return s; 947 948 err: 949 sock_close(s); 950 return -1; 951 952 #ifdef HAVE_SYSTEMD 953 } 954 #endif 955 #else 956 (void)use_systemd; 957 (void)path; 958 log_err("Local sockets are not supported"); 959 *noproto = 1; 960 return -1; 961 #endif 962 } 963 964 965 /** 966 * Create socket from getaddrinfo results 967 */ 968 static int 969 make_sock(int stype, const char* ifname, const char* port, 970 struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, 971 int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, 972 int use_systemd, int dscp, struct unbound_socket* ub_sock) 973 { 974 struct addrinfo *res = NULL; 975 int r, s, inuse, noproto; 976 hints->ai_socktype = stype; 977 *noip6 = 0; 978 if((r=getaddrinfo(ifname, port, hints, &res)) != 0 || !res) { 979 #ifdef USE_WINSOCK 980 if(r == EAI_NONAME && hints->ai_family == AF_INET6){ 981 *noip6 = 1; /* 'Host not found' for IP6 on winXP */ 982 return -1; 983 } 984 #endif 985 log_err("node %s:%s getaddrinfo: %s %s", 986 ifname?ifname:"default", port, gai_strerror(r), 987 #ifdef EAI_SYSTEM 988 r==EAI_SYSTEM?(char*)strerror(errno):"" 989 #else 990 "" 991 #endif 992 ); 993 return -1; 994 } 995 if(stype == SOCK_DGRAM) { 996 verbose_print_addr(res); 997 s = create_udp_sock(res->ai_family, res->ai_socktype, 998 (struct sockaddr*)res->ai_addr, res->ai_addrlen, 999 v6only, &inuse, &noproto, (int)rcv, (int)snd, 1, 1000 reuseport, transparent, freebind, use_systemd, dscp); 1001 if(s == -1 && inuse) { 1002 log_err("bind: address already in use"); 1003 } else if(s == -1 && noproto && hints->ai_family == AF_INET6){ 1004 *noip6 = 1; 1005 } 1006 } else { 1007 s = create_tcp_accept_sock(res, v6only, &noproto, reuseport, 1008 transparent, tcp_mss, nodelay, freebind, use_systemd, 1009 dscp); 1010 if(s == -1 && noproto && hints->ai_family == AF_INET6){ 1011 *noip6 = 1; 1012 } 1013 } 1014 1015 ub_sock->addr = res; 1016 ub_sock->s = s; 1017 ub_sock->fam = hints->ai_family; 1018 1019 return s; 1020 } 1021 1022 /** make socket and first see if ifname contains port override info */ 1023 static int 1024 make_sock_port(int stype, const char* ifname, const char* port, 1025 struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, 1026 int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, 1027 int use_systemd, int dscp, struct unbound_socket* ub_sock) 1028 { 1029 char* s = strchr(ifname, '@'); 1030 if(s) { 1031 /* override port with ifspec@port */ 1032 char p[16]; 1033 char newif[128]; 1034 if((size_t)(s-ifname) >= sizeof(newif)) { 1035 log_err("ifname too long: %s", ifname); 1036 *noip6 = 0; 1037 return -1; 1038 } 1039 if(strlen(s+1) >= sizeof(p)) { 1040 log_err("portnumber too long: %s", ifname); 1041 *noip6 = 0; 1042 return -1; 1043 } 1044 (void)strlcpy(newif, ifname, sizeof(newif)); 1045 newif[s-ifname] = 0; 1046 (void)strlcpy(p, s+1, sizeof(p)); 1047 p[strlen(s+1)]=0; 1048 return make_sock(stype, newif, p, hints, v6only, noip6, rcv, 1049 snd, reuseport, transparent, tcp_mss, nodelay, freebind, 1050 use_systemd, dscp, ub_sock); 1051 } 1052 return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd, 1053 reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, 1054 dscp, ub_sock); 1055 } 1056 1057 /** 1058 * Add port to open ports list. 1059 * @param list: list head. changed. 1060 * @param s: fd. 1061 * @param ftype: if fd is UDP. 1062 * @param ub_sock: socket with address. 1063 * @return false on failure. list in unchanged then. 1064 */ 1065 static int 1066 port_insert(struct listen_port** list, int s, enum listen_type ftype, struct unbound_socket* ub_sock) 1067 { 1068 struct listen_port* item = (struct listen_port*)malloc( 1069 sizeof(struct listen_port)); 1070 if(!item) 1071 return 0; 1072 item->next = *list; 1073 item->fd = s; 1074 item->ftype = ftype; 1075 item->socket = ub_sock; 1076 *list = item; 1077 return 1; 1078 } 1079 1080 /** set fd to receive source address packet info */ 1081 static int 1082 set_recvpktinfo(int s, int family) 1083 { 1084 #if defined(IPV6_RECVPKTINFO) || defined(IPV6_PKTINFO) || (defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR)) || defined(IP_PKTINFO) 1085 int on = 1; 1086 #else 1087 (void)s; 1088 #endif 1089 if(family == AF_INET6) { 1090 # ifdef IPV6_RECVPKTINFO 1091 if(setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, 1092 (void*)&on, (socklen_t)sizeof(on)) < 0) { 1093 log_err("setsockopt(..., IPV6_RECVPKTINFO, ...) failed: %s", 1094 strerror(errno)); 1095 return 0; 1096 } 1097 # elif defined(IPV6_PKTINFO) 1098 if(setsockopt(s, IPPROTO_IPV6, IPV6_PKTINFO, 1099 (void*)&on, (socklen_t)sizeof(on)) < 0) { 1100 log_err("setsockopt(..., IPV6_PKTINFO, ...) failed: %s", 1101 strerror(errno)); 1102 return 0; 1103 } 1104 # else 1105 log_err("no IPV6_RECVPKTINFO and IPV6_PKTINFO options, please " 1106 "disable interface-automatic or do-ip6 in config"); 1107 return 0; 1108 # endif /* defined IPV6_RECVPKTINFO */ 1109 1110 } else if(family == AF_INET) { 1111 # ifdef IP_PKTINFO 1112 if(setsockopt(s, IPPROTO_IP, IP_PKTINFO, 1113 (void*)&on, (socklen_t)sizeof(on)) < 0) { 1114 log_err("setsockopt(..., IP_PKTINFO, ...) failed: %s", 1115 strerror(errno)); 1116 return 0; 1117 } 1118 # elif defined(IP_RECVDSTADDR) && defined(IP_SENDSRCADDR) 1119 if(setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR, 1120 (void*)&on, (socklen_t)sizeof(on)) < 0) { 1121 log_err("setsockopt(..., IP_RECVDSTADDR, ...) failed: %s", 1122 strerror(errno)); 1123 return 0; 1124 } 1125 # else 1126 log_err("no IP_SENDSRCADDR or IP_PKTINFO option, please disable " 1127 "interface-automatic or do-ip4 in config"); 1128 return 0; 1129 # endif /* IP_PKTINFO */ 1130 1131 } 1132 return 1; 1133 } 1134 1135 /** see if interface is ssl, its port number == the ssl port number */ 1136 static int 1137 if_is_ssl(const char* ifname, const char* port, int ssl_port, 1138 struct config_strlist* tls_additional_port) 1139 { 1140 struct config_strlist* s; 1141 char* p = strchr(ifname, '@'); 1142 if(!p && atoi(port) == ssl_port) 1143 return 1; 1144 if(p && atoi(p+1) == ssl_port) 1145 return 1; 1146 for(s = tls_additional_port; s; s = s->next) { 1147 if(p && atoi(p+1) == atoi(s->str)) 1148 return 1; 1149 if(!p && atoi(port) == atoi(s->str)) 1150 return 1; 1151 } 1152 return 0; 1153 } 1154 1155 /** 1156 * Helper for ports_open. Creates one interface (or NULL for default). 1157 * @param ifname: The interface ip address. 1158 * @param do_auto: use automatic interface detection. 1159 * If enabled, then ifname must be the wildcard name. 1160 * @param do_udp: if udp should be used. 1161 * @param do_tcp: if tcp should be used. 1162 * @param hints: for getaddrinfo. family and flags have to be set by caller. 1163 * @param port: Port number to use (as string). 1164 * @param list: list of open ports, appended to, changed to point to list head. 1165 * @param rcv: receive buffer size for UDP 1166 * @param snd: send buffer size for UDP 1167 * @param ssl_port: ssl service port number 1168 * @param tls_additional_port: list of additional ssl service port numbers. 1169 * @param https_port: DoH service port number 1170 * @param reuseport: try to set SO_REUSEPORT if nonNULL and true. 1171 * set to false on exit if reuseport failed due to no kernel support. 1172 * @param transparent: set IP_TRANSPARENT socket option. 1173 * @param tcp_mss: maximum segment size of tcp socket. default if zero. 1174 * @param freebind: set IP_FREEBIND socket option. 1175 * @param http2_nodelay: set TCP_NODELAY on HTTP/2 connection 1176 * @param use_systemd: if true, fetch sockets from systemd. 1177 * @param dnscrypt_port: dnscrypt service port number 1178 * @param dscp: DSCP to use. 1179 * @return: returns false on error. 1180 */ 1181 static int 1182 ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, 1183 struct addrinfo *hints, const char* port, struct listen_port** list, 1184 size_t rcv, size_t snd, int ssl_port, 1185 struct config_strlist* tls_additional_port, int https_port, 1186 int* reuseport, int transparent, int tcp_mss, int freebind, 1187 int http2_nodelay, int use_systemd, int dnscrypt_port, int dscp) 1188 { 1189 int s, noip6=0; 1190 int is_https = if_is_https(ifname, port, https_port); 1191 int nodelay = is_https && http2_nodelay; 1192 struct unbound_socket* ub_sock; 1193 #ifdef USE_DNSCRYPT 1194 int is_dnscrypt = ((strchr(ifname, '@') && 1195 atoi(strchr(ifname, '@')+1) == dnscrypt_port) || 1196 (!strchr(ifname, '@') && atoi(port) == dnscrypt_port)); 1197 #else 1198 int is_dnscrypt = 0; 1199 (void)dnscrypt_port; 1200 #endif 1201 1202 if(!do_udp && !do_tcp) 1203 return 0; 1204 1205 if(do_auto) { 1206 ub_sock = calloc(1, sizeof(struct unbound_socket)); 1207 if(!ub_sock) 1208 return 0; 1209 if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, 1210 &noip6, rcv, snd, reuseport, transparent, 1211 tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { 1212 freeaddrinfo(ub_sock->addr); 1213 free(ub_sock); 1214 if(noip6) { 1215 log_warn("IPv6 protocol not available"); 1216 return 1; 1217 } 1218 return 0; 1219 } 1220 /* getting source addr packet info is highly non-portable */ 1221 if(!set_recvpktinfo(s, hints->ai_family)) { 1222 sock_close(s); 1223 freeaddrinfo(ub_sock->addr); 1224 free(ub_sock); 1225 return 0; 1226 } 1227 if(!port_insert(list, s, 1228 is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil, ub_sock)) { 1229 sock_close(s); 1230 freeaddrinfo(ub_sock->addr); 1231 free(ub_sock); 1232 return 0; 1233 } 1234 } else if(do_udp) { 1235 ub_sock = calloc(1, sizeof(struct unbound_socket)); 1236 if(!ub_sock) 1237 return 0; 1238 /* regular udp socket */ 1239 if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, 1240 &noip6, rcv, snd, reuseport, transparent, 1241 tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { 1242 freeaddrinfo(ub_sock->addr); 1243 free(ub_sock); 1244 if(noip6) { 1245 log_warn("IPv6 protocol not available"); 1246 return 1; 1247 } 1248 return 0; 1249 } 1250 if(!port_insert(list, s, 1251 is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp, ub_sock)) { 1252 sock_close(s); 1253 freeaddrinfo(ub_sock->addr); 1254 free(ub_sock); 1255 return 0; 1256 } 1257 } 1258 if(do_tcp) { 1259 int is_ssl = if_is_ssl(ifname, port, ssl_port, 1260 tls_additional_port); 1261 enum listen_type port_type; 1262 ub_sock = calloc(1, sizeof(struct unbound_socket)); 1263 if(!ub_sock) 1264 return 0; 1265 if(is_ssl) 1266 port_type = listen_type_ssl; 1267 else if(is_https) 1268 port_type = listen_type_http; 1269 else if(is_dnscrypt) 1270 port_type = listen_type_tcp_dnscrypt; 1271 else 1272 port_type = listen_type_tcp; 1273 if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, 1274 &noip6, 0, 0, reuseport, transparent, tcp_mss, nodelay, 1275 freebind, use_systemd, dscp, ub_sock)) == -1) { 1276 freeaddrinfo(ub_sock->addr); 1277 free(ub_sock); 1278 if(noip6) { 1279 /*log_warn("IPv6 protocol not available");*/ 1280 return 1; 1281 } 1282 return 0; 1283 } 1284 if(is_ssl) 1285 verbose(VERB_ALGO, "setup TCP for SSL service"); 1286 if(!port_insert(list, s, port_type, ub_sock)) { 1287 sock_close(s); 1288 freeaddrinfo(ub_sock->addr); 1289 free(ub_sock); 1290 return 0; 1291 } 1292 } 1293 return 1; 1294 } 1295 1296 /** 1297 * Add items to commpoint list in front. 1298 * @param c: commpoint to add. 1299 * @param front: listen struct. 1300 * @return: false on failure. 1301 */ 1302 static int 1303 listen_cp_insert(struct comm_point* c, struct listen_dnsport* front) 1304 { 1305 struct listen_list* item = (struct listen_list*)malloc( 1306 sizeof(struct listen_list)); 1307 if(!item) 1308 return 0; 1309 item->com = c; 1310 item->next = front->cps; 1311 front->cps = item; 1312 return 1; 1313 } 1314 1315 void listen_setup_locks(void) 1316 { 1317 if(!stream_wait_lock_inited) { 1318 lock_basic_init(&stream_wait_count_lock); 1319 stream_wait_lock_inited = 1; 1320 } 1321 if(!http2_query_buffer_lock_inited) { 1322 lock_basic_init(&http2_query_buffer_count_lock); 1323 http2_query_buffer_lock_inited = 1; 1324 } 1325 if(!http2_response_buffer_lock_inited) { 1326 lock_basic_init(&http2_response_buffer_count_lock); 1327 http2_response_buffer_lock_inited = 1; 1328 } 1329 } 1330 1331 void listen_desetup_locks(void) 1332 { 1333 if(stream_wait_lock_inited) { 1334 stream_wait_lock_inited = 0; 1335 lock_basic_destroy(&stream_wait_count_lock); 1336 } 1337 if(http2_query_buffer_lock_inited) { 1338 http2_query_buffer_lock_inited = 0; 1339 lock_basic_destroy(&http2_query_buffer_count_lock); 1340 } 1341 if(http2_response_buffer_lock_inited) { 1342 http2_response_buffer_lock_inited = 0; 1343 lock_basic_destroy(&http2_response_buffer_count_lock); 1344 } 1345 } 1346 1347 struct listen_dnsport* 1348 listen_create(struct comm_base* base, struct listen_port* ports, 1349 size_t bufsize, int tcp_accept_count, int tcp_idle_timeout, 1350 int harden_large_queries, uint32_t http_max_streams, 1351 char* http_endpoint, int http_notls, struct tcl_list* tcp_conn_limit, 1352 void* sslctx, struct dt_env* dtenv, comm_point_callback_type* cb, 1353 void *cb_arg) 1354 { 1355 struct listen_dnsport* front = (struct listen_dnsport*) 1356 malloc(sizeof(struct listen_dnsport)); 1357 if(!front) 1358 return NULL; 1359 front->cps = NULL; 1360 front->udp_buff = sldns_buffer_new(bufsize); 1361 #ifdef USE_DNSCRYPT 1362 front->dnscrypt_udp_buff = NULL; 1363 #endif 1364 if(!front->udp_buff) { 1365 free(front); 1366 return NULL; 1367 } 1368 1369 /* create comm points as needed */ 1370 while(ports) { 1371 struct comm_point* cp = NULL; 1372 if(ports->ftype == listen_type_udp || 1373 ports->ftype == listen_type_udp_dnscrypt) { 1374 cp = comm_point_create_udp(base, ports->fd, 1375 front->udp_buff, cb, cb_arg, ports->socket); 1376 } else if(ports->ftype == listen_type_tcp || 1377 ports->ftype == listen_type_tcp_dnscrypt) { 1378 cp = comm_point_create_tcp(base, ports->fd, 1379 tcp_accept_count, tcp_idle_timeout, 1380 harden_large_queries, 0, NULL, 1381 tcp_conn_limit, bufsize, front->udp_buff, 1382 ports->ftype, cb, cb_arg, ports->socket); 1383 } else if(ports->ftype == listen_type_ssl || 1384 ports->ftype == listen_type_http) { 1385 cp = comm_point_create_tcp(base, ports->fd, 1386 tcp_accept_count, tcp_idle_timeout, 1387 harden_large_queries, 1388 http_max_streams, http_endpoint, 1389 tcp_conn_limit, bufsize, front->udp_buff, 1390 ports->ftype, cb, cb_arg, ports->socket); 1391 if(ports->ftype == listen_type_http) { 1392 if(!sslctx && !http_notls) { 1393 log_warn("HTTPS port configured, but " 1394 "no TLS tls-service-key or " 1395 "tls-service-pem set"); 1396 } 1397 #ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB 1398 if(!http_notls) { 1399 log_warn("Unbound is not compiled " 1400 "with an OpenSSL version " 1401 "supporting ALPN " 1402 "(OpenSSL >= 1.0.2). This " 1403 "is required to use " 1404 "DNS-over-HTTPS"); 1405 } 1406 #endif 1407 #ifndef HAVE_NGHTTP2_NGHTTP2_H 1408 log_warn("Unbound is not compiled with " 1409 "nghttp2. This is required to use " 1410 "DNS-over-HTTPS."); 1411 #endif 1412 } 1413 } else if(ports->ftype == listen_type_udpancil || 1414 ports->ftype == listen_type_udpancil_dnscrypt) { 1415 cp = comm_point_create_udp_ancil(base, ports->fd, 1416 front->udp_buff, cb, cb_arg, ports->socket); 1417 } 1418 if(!cp) { 1419 log_err("can't create commpoint"); 1420 listen_delete(front); 1421 return NULL; 1422 } 1423 if((http_notls && ports->ftype == listen_type_http) || 1424 (ports->ftype == listen_type_tcp) || 1425 (ports->ftype == listen_type_udp) || 1426 (ports->ftype == listen_type_udpancil) || 1427 (ports->ftype == listen_type_tcp_dnscrypt) || 1428 (ports->ftype == listen_type_udp_dnscrypt) || 1429 (ports->ftype == listen_type_udpancil_dnscrypt)) 1430 cp->ssl = NULL; 1431 else 1432 cp->ssl = sslctx; 1433 cp->dtenv = dtenv; 1434 cp->do_not_close = 1; 1435 #ifdef USE_DNSCRYPT 1436 if (ports->ftype == listen_type_udp_dnscrypt || 1437 ports->ftype == listen_type_tcp_dnscrypt || 1438 ports->ftype == listen_type_udpancil_dnscrypt) { 1439 cp->dnscrypt = 1; 1440 cp->dnscrypt_buffer = sldns_buffer_new(bufsize); 1441 if(!cp->dnscrypt_buffer) { 1442 log_err("can't alloc dnscrypt_buffer"); 1443 comm_point_delete(cp); 1444 listen_delete(front); 1445 return NULL; 1446 } 1447 front->dnscrypt_udp_buff = cp->dnscrypt_buffer; 1448 } 1449 #endif 1450 if(!listen_cp_insert(cp, front)) { 1451 log_err("malloc failed"); 1452 comm_point_delete(cp); 1453 listen_delete(front); 1454 return NULL; 1455 } 1456 ports = ports->next; 1457 } 1458 if(!front->cps) { 1459 log_err("Could not open sockets to accept queries."); 1460 listen_delete(front); 1461 return NULL; 1462 } 1463 1464 return front; 1465 } 1466 1467 void 1468 listen_list_delete(struct listen_list* list) 1469 { 1470 struct listen_list *p = list, *pn; 1471 while(p) { 1472 pn = p->next; 1473 comm_point_delete(p->com); 1474 free(p); 1475 p = pn; 1476 } 1477 } 1478 1479 void 1480 listen_delete(struct listen_dnsport* front) 1481 { 1482 if(!front) 1483 return; 1484 listen_list_delete(front->cps); 1485 #ifdef USE_DNSCRYPT 1486 if(front->dnscrypt_udp_buff && 1487 front->udp_buff != front->dnscrypt_udp_buff) { 1488 sldns_buffer_free(front->dnscrypt_udp_buff); 1489 } 1490 #endif 1491 sldns_buffer_free(front->udp_buff); 1492 free(front); 1493 } 1494 1495 #ifdef HAVE_GETIFADDRS 1496 static int 1497 resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addresses, int *ip_addresses_size) 1498 { 1499 struct ifaddrs *ifa; 1500 void *tmpbuf; 1501 int last_ip_addresses_size = *ip_addresses_size; 1502 1503 for(ifa = ifas; ifa != NULL; ifa = ifa->ifa_next) { 1504 sa_family_t family; 1505 const char* atsign; 1506 #ifdef INET6 /* | address ip | % | ifa name | @ | port | nul */ 1507 char addr_buf[INET6_ADDRSTRLEN + 1 + IF_NAMESIZE + 1 + 16 + 1]; 1508 #else 1509 char addr_buf[INET_ADDRSTRLEN + 1 + 16 + 1]; 1510 #endif 1511 1512 if((atsign=strrchr(search_ifa, '@')) != NULL) { 1513 if(strlen(ifa->ifa_name) != (size_t)(atsign-search_ifa) 1514 || strncmp(ifa->ifa_name, search_ifa, 1515 atsign-search_ifa) != 0) 1516 continue; 1517 } else { 1518 if(strcmp(ifa->ifa_name, search_ifa) != 0) 1519 continue; 1520 atsign = ""; 1521 } 1522 1523 if(ifa->ifa_addr == NULL) 1524 continue; 1525 1526 family = ifa->ifa_addr->sa_family; 1527 if(family == AF_INET) { 1528 char a4[INET_ADDRSTRLEN + 1]; 1529 struct sockaddr_in *in4 = (struct sockaddr_in *) 1530 ifa->ifa_addr; 1531 if(!inet_ntop(family, &in4->sin_addr, a4, sizeof(a4))) { 1532 log_err("inet_ntop failed"); 1533 return 0; 1534 } 1535 snprintf(addr_buf, sizeof(addr_buf), "%s%s", 1536 a4, atsign); 1537 } 1538 #ifdef INET6 1539 else if(family == AF_INET6) { 1540 struct sockaddr_in6 *in6 = (struct sockaddr_in6 *) 1541 ifa->ifa_addr; 1542 char a6[INET6_ADDRSTRLEN + 1]; 1543 char if_index_name[IF_NAMESIZE + 1]; 1544 if_index_name[0] = 0; 1545 if(!inet_ntop(family, &in6->sin6_addr, a6, sizeof(a6))) { 1546 log_err("inet_ntop failed"); 1547 return 0; 1548 } 1549 (void)if_indextoname(in6->sin6_scope_id, 1550 (char *)if_index_name); 1551 if (strlen(if_index_name) != 0) { 1552 snprintf(addr_buf, sizeof(addr_buf), 1553 "%s%%%s%s", a6, if_index_name, atsign); 1554 } else { 1555 snprintf(addr_buf, sizeof(addr_buf), "%s%s", 1556 a6, atsign); 1557 } 1558 } 1559 #endif 1560 else { 1561 continue; 1562 } 1563 verbose(4, "interface %s has address %s", search_ifa, addr_buf); 1564 1565 tmpbuf = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1)); 1566 if(!tmpbuf) { 1567 log_err("realloc failed: out of memory"); 1568 return 0; 1569 } else { 1570 *ip_addresses = tmpbuf; 1571 } 1572 (*ip_addresses)[*ip_addresses_size] = strdup(addr_buf); 1573 if(!(*ip_addresses)[*ip_addresses_size]) { 1574 log_err("strdup failed: out of memory"); 1575 return 0; 1576 } 1577 (*ip_addresses_size)++; 1578 } 1579 1580 if (*ip_addresses_size == last_ip_addresses_size) { 1581 tmpbuf = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1)); 1582 if(!tmpbuf) { 1583 log_err("realloc failed: out of memory"); 1584 return 0; 1585 } else { 1586 *ip_addresses = tmpbuf; 1587 } 1588 (*ip_addresses)[*ip_addresses_size] = strdup(search_ifa); 1589 if(!(*ip_addresses)[*ip_addresses_size]) { 1590 log_err("strdup failed: out of memory"); 1591 return 0; 1592 } 1593 (*ip_addresses_size)++; 1594 } 1595 return 1; 1596 } 1597 #endif /* HAVE_GETIFADDRS */ 1598 1599 int resolve_interface_names(char** ifs, int num_ifs, 1600 struct config_strlist* list, char*** resif, int* num_resif) 1601 { 1602 #ifdef HAVE_GETIFADDRS 1603 struct ifaddrs *addrs = NULL; 1604 if(num_ifs == 0 && list == NULL) { 1605 *resif = NULL; 1606 *num_resif = 0; 1607 return 1; 1608 } 1609 if(getifaddrs(&addrs) == -1) { 1610 log_err("failed to list interfaces: getifaddrs: %s", 1611 strerror(errno)); 1612 freeifaddrs(addrs); 1613 return 0; 1614 } 1615 if(ifs) { 1616 int i; 1617 for(i=0; i<num_ifs; i++) { 1618 if(!resolve_ifa_name(addrs, ifs[i], resif, num_resif)) { 1619 freeifaddrs(addrs); 1620 config_del_strarray(*resif, *num_resif); 1621 *resif = NULL; 1622 *num_resif = 0; 1623 return 0; 1624 } 1625 } 1626 } 1627 if(list) { 1628 struct config_strlist* p; 1629 for(p = list; p; p = p->next) { 1630 if(!resolve_ifa_name(addrs, p->str, resif, num_resif)) { 1631 freeifaddrs(addrs); 1632 config_del_strarray(*resif, *num_resif); 1633 *resif = NULL; 1634 *num_resif = 0; 1635 return 0; 1636 } 1637 } 1638 } 1639 freeifaddrs(addrs); 1640 return 1; 1641 #else 1642 struct config_strlist* p; 1643 if(num_ifs == 0 && list == NULL) { 1644 *resif = NULL; 1645 *num_resif = 0; 1646 return 1; 1647 } 1648 *num_resif = num_ifs; 1649 for(p = list; p; p = p->next) { 1650 (*num_resif)++; 1651 } 1652 *resif = calloc(*num_resif, sizeof(**resif)); 1653 if(!*resif) { 1654 log_err("out of memory"); 1655 return 0; 1656 } 1657 if(ifs) { 1658 int i; 1659 for(i=0; i<num_ifs; i++) { 1660 (*resif)[i] = strdup(ifs[i]); 1661 if(!((*resif)[i])) { 1662 log_err("out of memory"); 1663 config_del_strarray(*resif, *num_resif); 1664 *resif = NULL; 1665 *num_resif = 0; 1666 return 0; 1667 } 1668 } 1669 } 1670 if(list) { 1671 int idx = num_ifs; 1672 for(p = list; p; p = p->next) { 1673 (*resif)[idx] = strdup(p->str); 1674 if(!((*resif)[idx])) { 1675 log_err("out of memory"); 1676 config_del_strarray(*resif, *num_resif); 1677 *resif = NULL; 1678 *num_resif = 0; 1679 return 0; 1680 } 1681 idx++; 1682 } 1683 } 1684 return 1; 1685 #endif /* HAVE_GETIFADDRS */ 1686 } 1687 1688 struct listen_port* 1689 listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, 1690 int* reuseport) 1691 { 1692 struct listen_port* list = NULL; 1693 struct addrinfo hints; 1694 int i, do_ip4, do_ip6; 1695 int do_tcp, do_auto; 1696 char portbuf[32]; 1697 snprintf(portbuf, sizeof(portbuf), "%d", cfg->port); 1698 do_ip4 = cfg->do_ip4; 1699 do_ip6 = cfg->do_ip6; 1700 do_tcp = cfg->do_tcp; 1701 do_auto = cfg->if_automatic && cfg->do_udp; 1702 if(cfg->incoming_num_tcp == 0) 1703 do_tcp = 0; 1704 1705 /* getaddrinfo */ 1706 memset(&hints, 0, sizeof(hints)); 1707 hints.ai_flags = AI_PASSIVE; 1708 /* no name lookups on our listening ports */ 1709 if(num_ifs > 0) 1710 hints.ai_flags |= AI_NUMERICHOST; 1711 hints.ai_family = AF_UNSPEC; 1712 #ifndef INET6 1713 do_ip6 = 0; 1714 #endif 1715 if(!do_ip4 && !do_ip6) { 1716 return NULL; 1717 } 1718 /* create ip4 and ip6 ports so that return addresses are nice. */ 1719 if(do_auto || num_ifs == 0) { 1720 if(do_auto && cfg->if_automatic_ports && 1721 cfg->if_automatic_ports[0]!=0) { 1722 char* now = cfg->if_automatic_ports; 1723 while(now && *now) { 1724 char* after; 1725 int extraport; 1726 while(isspace((unsigned char)*now)) 1727 now++; 1728 if(!*now) 1729 break; 1730 after = now; 1731 extraport = (int)strtol(now, &after, 10); 1732 if(extraport < 0 || extraport > 65535) { 1733 log_err("interface-automatic-ports port number out of range, at position %d of '%s'", (int)(now-cfg->if_automatic_ports)+1, cfg->if_automatic_ports); 1734 listening_ports_free(list); 1735 return NULL; 1736 } 1737 if(extraport == 0 && now == after) { 1738 log_err("interface-automatic-ports could not be parsed, at position %d of '%s'", (int)(now-cfg->if_automatic_ports)+1, cfg->if_automatic_ports); 1739 listening_ports_free(list); 1740 return NULL; 1741 } 1742 now = after; 1743 snprintf(portbuf, sizeof(portbuf), "%d", extraport); 1744 if(do_ip6) { 1745 hints.ai_family = AF_INET6; 1746 if(!ports_create_if("::0", 1747 do_auto, cfg->do_udp, do_tcp, 1748 &hints, portbuf, &list, 1749 cfg->so_rcvbuf, cfg->so_sndbuf, 1750 cfg->ssl_port, cfg->tls_additional_port, 1751 cfg->https_port, reuseport, cfg->ip_transparent, 1752 cfg->tcp_mss, cfg->ip_freebind, 1753 cfg->http_nodelay, cfg->use_systemd, 1754 cfg->dnscrypt_port, cfg->ip_dscp)) { 1755 listening_ports_free(list); 1756 return NULL; 1757 } 1758 } 1759 if(do_ip4) { 1760 hints.ai_family = AF_INET; 1761 if(!ports_create_if("0.0.0.0", 1762 do_auto, cfg->do_udp, do_tcp, 1763 &hints, portbuf, &list, 1764 cfg->so_rcvbuf, cfg->so_sndbuf, 1765 cfg->ssl_port, cfg->tls_additional_port, 1766 cfg->https_port, reuseport, cfg->ip_transparent, 1767 cfg->tcp_mss, cfg->ip_freebind, 1768 cfg->http_nodelay, cfg->use_systemd, 1769 cfg->dnscrypt_port, cfg->ip_dscp)) { 1770 listening_ports_free(list); 1771 return NULL; 1772 } 1773 } 1774 } 1775 return list; 1776 } 1777 if(do_ip6) { 1778 hints.ai_family = AF_INET6; 1779 if(!ports_create_if(do_auto?"::0":"::1", 1780 do_auto, cfg->do_udp, do_tcp, 1781 &hints, portbuf, &list, 1782 cfg->so_rcvbuf, cfg->so_sndbuf, 1783 cfg->ssl_port, cfg->tls_additional_port, 1784 cfg->https_port, reuseport, cfg->ip_transparent, 1785 cfg->tcp_mss, cfg->ip_freebind, 1786 cfg->http_nodelay, cfg->use_systemd, 1787 cfg->dnscrypt_port, cfg->ip_dscp)) { 1788 listening_ports_free(list); 1789 return NULL; 1790 } 1791 } 1792 if(do_ip4) { 1793 hints.ai_family = AF_INET; 1794 if(!ports_create_if(do_auto?"0.0.0.0":"127.0.0.1", 1795 do_auto, cfg->do_udp, do_tcp, 1796 &hints, portbuf, &list, 1797 cfg->so_rcvbuf, cfg->so_sndbuf, 1798 cfg->ssl_port, cfg->tls_additional_port, 1799 cfg->https_port, reuseport, cfg->ip_transparent, 1800 cfg->tcp_mss, cfg->ip_freebind, 1801 cfg->http_nodelay, cfg->use_systemd, 1802 cfg->dnscrypt_port, cfg->ip_dscp)) { 1803 listening_ports_free(list); 1804 return NULL; 1805 } 1806 } 1807 } else for(i = 0; i<num_ifs; i++) { 1808 if(str_is_ip6(ifs[i])) { 1809 if(!do_ip6) 1810 continue; 1811 hints.ai_family = AF_INET6; 1812 if(!ports_create_if(ifs[i], 0, cfg->do_udp, 1813 do_tcp, &hints, portbuf, &list, 1814 cfg->so_rcvbuf, cfg->so_sndbuf, 1815 cfg->ssl_port, cfg->tls_additional_port, 1816 cfg->https_port, reuseport, cfg->ip_transparent, 1817 cfg->tcp_mss, cfg->ip_freebind, 1818 cfg->http_nodelay, cfg->use_systemd, 1819 cfg->dnscrypt_port, cfg->ip_dscp)) { 1820 listening_ports_free(list); 1821 return NULL; 1822 } 1823 } else { 1824 if(!do_ip4) 1825 continue; 1826 hints.ai_family = AF_INET; 1827 if(!ports_create_if(ifs[i], 0, cfg->do_udp, 1828 do_tcp, &hints, portbuf, &list, 1829 cfg->so_rcvbuf, cfg->so_sndbuf, 1830 cfg->ssl_port, cfg->tls_additional_port, 1831 cfg->https_port, reuseport, cfg->ip_transparent, 1832 cfg->tcp_mss, cfg->ip_freebind, 1833 cfg->http_nodelay, cfg->use_systemd, 1834 cfg->dnscrypt_port, cfg->ip_dscp)) { 1835 listening_ports_free(list); 1836 return NULL; 1837 } 1838 } 1839 } 1840 1841 return list; 1842 } 1843 1844 void listening_ports_free(struct listen_port* list) 1845 { 1846 struct listen_port* nx; 1847 while(list) { 1848 nx = list->next; 1849 if(list->fd != -1) { 1850 sock_close(list->fd); 1851 } 1852 /* rc_ports don't have ub_socket */ 1853 if(list->socket) { 1854 freeaddrinfo(list->socket->addr); 1855 free(list->socket); 1856 } 1857 free(list); 1858 list = nx; 1859 } 1860 } 1861 1862 size_t listen_get_mem(struct listen_dnsport* listen) 1863 { 1864 struct listen_list* p; 1865 size_t s = sizeof(*listen) + sizeof(*listen->base) + 1866 sizeof(*listen->udp_buff) + 1867 sldns_buffer_capacity(listen->udp_buff); 1868 #ifdef USE_DNSCRYPT 1869 s += sizeof(*listen->dnscrypt_udp_buff); 1870 if(listen->udp_buff != listen->dnscrypt_udp_buff){ 1871 s += sldns_buffer_capacity(listen->dnscrypt_udp_buff); 1872 } 1873 #endif 1874 for(p = listen->cps; p; p = p->next) { 1875 s += sizeof(*p); 1876 s += comm_point_get_mem(p->com); 1877 } 1878 return s; 1879 } 1880 1881 void listen_stop_accept(struct listen_dnsport* listen) 1882 { 1883 /* do not stop the ones that have no tcp_free list 1884 * (they have already stopped listening) */ 1885 struct listen_list* p; 1886 for(p=listen->cps; p; p=p->next) { 1887 if(p->com->type == comm_tcp_accept && 1888 p->com->tcp_free != NULL) { 1889 comm_point_stop_listening(p->com); 1890 } 1891 } 1892 } 1893 1894 void listen_start_accept(struct listen_dnsport* listen) 1895 { 1896 /* do not start the ones that have no tcp_free list, it is no 1897 * use to listen to them because they have no free tcp handlers */ 1898 struct listen_list* p; 1899 for(p=listen->cps; p; p=p->next) { 1900 if(p->com->type == comm_tcp_accept && 1901 p->com->tcp_free != NULL) { 1902 comm_point_start_listening(p->com, -1, -1); 1903 } 1904 } 1905 } 1906 1907 struct tcp_req_info* 1908 tcp_req_info_create(struct sldns_buffer* spoolbuf) 1909 { 1910 struct tcp_req_info* req = (struct tcp_req_info*)malloc(sizeof(*req)); 1911 if(!req) { 1912 log_err("malloc failure for new stream outoforder processing structure"); 1913 return NULL; 1914 } 1915 memset(req, 0, sizeof(*req)); 1916 req->spool_buffer = spoolbuf; 1917 return req; 1918 } 1919 1920 void 1921 tcp_req_info_delete(struct tcp_req_info* req) 1922 { 1923 if(!req) return; 1924 tcp_req_info_clear(req); 1925 /* cp is pointer back to commpoint that owns this struct and 1926 * called delete on us */ 1927 /* spool_buffer is shared udp buffer, not deleted here */ 1928 free(req); 1929 } 1930 1931 void tcp_req_info_clear(struct tcp_req_info* req) 1932 { 1933 struct tcp_req_open_item* open, *nopen; 1934 struct tcp_req_done_item* item, *nitem; 1935 if(!req) return; 1936 1937 /* free outstanding request mesh reply entries */ 1938 open = req->open_req_list; 1939 while(open) { 1940 nopen = open->next; 1941 mesh_state_remove_reply(open->mesh, open->mesh_state, req->cp); 1942 free(open); 1943 open = nopen; 1944 } 1945 req->open_req_list = NULL; 1946 req->num_open_req = 0; 1947 1948 /* free pending writable result packets */ 1949 item = req->done_req_list; 1950 while(item) { 1951 nitem = item->next; 1952 lock_basic_lock(&stream_wait_count_lock); 1953 stream_wait_count -= (sizeof(struct tcp_req_done_item) 1954 +item->len); 1955 lock_basic_unlock(&stream_wait_count_lock); 1956 free(item->buf); 1957 free(item); 1958 item = nitem; 1959 } 1960 req->done_req_list = NULL; 1961 req->num_done_req = 0; 1962 req->read_is_closed = 0; 1963 } 1964 1965 void 1966 tcp_req_info_remove_mesh_state(struct tcp_req_info* req, struct mesh_state* m) 1967 { 1968 struct tcp_req_open_item* open, *prev = NULL; 1969 if(!req || !m) return; 1970 open = req->open_req_list; 1971 while(open) { 1972 if(open->mesh_state == m) { 1973 struct tcp_req_open_item* next; 1974 if(prev) prev->next = open->next; 1975 else req->open_req_list = open->next; 1976 /* caller has to manage the mesh state reply entry */ 1977 next = open->next; 1978 free(open); 1979 req->num_open_req --; 1980 1981 /* prev = prev; */ 1982 open = next; 1983 continue; 1984 } 1985 prev = open; 1986 open = open->next; 1987 } 1988 } 1989 1990 /** setup listening for read or write */ 1991 static void 1992 tcp_req_info_setup_listen(struct tcp_req_info* req) 1993 { 1994 int wr = 0; 1995 int rd = 0; 1996 1997 if(req->cp->tcp_byte_count != 0) { 1998 /* cannot change, halfway through */ 1999 return; 2000 } 2001 2002 if(!req->cp->tcp_is_reading) 2003 wr = 1; 2004 if(!req->read_is_closed) 2005 rd = 1; 2006 2007 if(wr) { 2008 req->cp->tcp_is_reading = 0; 2009 comm_point_stop_listening(req->cp); 2010 comm_point_start_listening(req->cp, -1, 2011 adjusted_tcp_timeout(req->cp)); 2012 } else if(rd) { 2013 req->cp->tcp_is_reading = 1; 2014 comm_point_stop_listening(req->cp); 2015 comm_point_start_listening(req->cp, -1, 2016 adjusted_tcp_timeout(req->cp)); 2017 /* and also read it (from SSL stack buffers), so 2018 * no event read event is expected since the remainder of 2019 * the TLS frame is sitting in the buffers. */ 2020 req->read_again = 1; 2021 } else { 2022 comm_point_stop_listening(req->cp); 2023 comm_point_start_listening(req->cp, -1, 2024 adjusted_tcp_timeout(req->cp)); 2025 comm_point_listen_for_rw(req->cp, 0, 0); 2026 } 2027 } 2028 2029 /** remove first item from list of pending results */ 2030 static struct tcp_req_done_item* 2031 tcp_req_info_pop_done(struct tcp_req_info* req) 2032 { 2033 struct tcp_req_done_item* item; 2034 log_assert(req->num_done_req > 0 && req->done_req_list); 2035 item = req->done_req_list; 2036 lock_basic_lock(&stream_wait_count_lock); 2037 stream_wait_count -= (sizeof(struct tcp_req_done_item)+item->len); 2038 lock_basic_unlock(&stream_wait_count_lock); 2039 req->done_req_list = req->done_req_list->next; 2040 req->num_done_req --; 2041 return item; 2042 } 2043 2044 /** Send given buffer and setup to write */ 2045 static void 2046 tcp_req_info_start_write_buf(struct tcp_req_info* req, uint8_t* buf, 2047 size_t len) 2048 { 2049 sldns_buffer_clear(req->cp->buffer); 2050 sldns_buffer_write(req->cp->buffer, buf, len); 2051 sldns_buffer_flip(req->cp->buffer); 2052 2053 req->cp->tcp_is_reading = 0; /* we are now writing */ 2054 } 2055 2056 /** pick up the next result and start writing it to the channel */ 2057 static void 2058 tcp_req_pickup_next_result(struct tcp_req_info* req) 2059 { 2060 if(req->num_done_req > 0) { 2061 /* unlist the done item from the list of pending results */ 2062 struct tcp_req_done_item* item = tcp_req_info_pop_done(req); 2063 tcp_req_info_start_write_buf(req, item->buf, item->len); 2064 free(item->buf); 2065 free(item); 2066 } 2067 } 2068 2069 /** the read channel has closed */ 2070 int 2071 tcp_req_info_handle_read_close(struct tcp_req_info* req) 2072 { 2073 verbose(VERB_ALGO, "tcp channel read side closed %d", req->cp->fd); 2074 /* reset byte count for (potential) partial read */ 2075 req->cp->tcp_byte_count = 0; 2076 /* if we still have results to write, pick up next and write it */ 2077 if(req->num_done_req != 0) { 2078 tcp_req_pickup_next_result(req); 2079 tcp_req_info_setup_listen(req); 2080 return 1; 2081 } 2082 /* if nothing to do, this closes the connection */ 2083 if(req->num_open_req == 0 && req->num_done_req == 0) 2084 return 0; 2085 /* otherwise, we must be waiting for dns resolve, wait with timeout */ 2086 req->read_is_closed = 1; 2087 tcp_req_info_setup_listen(req); 2088 return 1; 2089 } 2090 2091 void 2092 tcp_req_info_handle_writedone(struct tcp_req_info* req) 2093 { 2094 /* back to reading state, we finished this write event */ 2095 sldns_buffer_clear(req->cp->buffer); 2096 if(req->num_done_req == 0 && req->read_is_closed) { 2097 /* no more to write and nothing to read, close it */ 2098 comm_point_drop_reply(&req->cp->repinfo); 2099 return; 2100 } 2101 req->cp->tcp_is_reading = 1; 2102 /* see if another result needs writing */ 2103 tcp_req_pickup_next_result(req); 2104 2105 /* see if there is more to write, if not stop_listening for writing */ 2106 /* see if new requests are allowed, if so, start_listening 2107 * for reading */ 2108 tcp_req_info_setup_listen(req); 2109 } 2110 2111 void 2112 tcp_req_info_handle_readdone(struct tcp_req_info* req) 2113 { 2114 struct comm_point* c = req->cp; 2115 2116 /* we want to read up several requests, unless there are 2117 * pending answers */ 2118 2119 req->is_drop = 0; 2120 req->is_reply = 0; 2121 req->in_worker_handle = 1; 2122 sldns_buffer_set_limit(req->spool_buffer, 0); 2123 /* handle the current request */ 2124 /* this calls the worker handle request routine that could give 2125 * a cache response, or localdata response, or drop the reply, 2126 * or schedule a mesh entry for later */ 2127 fptr_ok(fptr_whitelist_comm_point(c->callback)); 2128 if( (*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &c->repinfo) ) { 2129 req->in_worker_handle = 0; 2130 /* there is an answer, put it up. It is already in the 2131 * c->buffer, just send it. */ 2132 /* since we were just reading a query, the channel is 2133 * clear to write to */ 2134 send_it: 2135 c->tcp_is_reading = 0; 2136 comm_point_stop_listening(c); 2137 comm_point_start_listening(c, -1, adjusted_tcp_timeout(c)); 2138 return; 2139 } 2140 req->in_worker_handle = 0; 2141 /* it should be waiting in the mesh for recursion. 2142 * If mesh failed to add a new entry and called commpoint_drop_reply. 2143 * Then the mesh state has been cleared. */ 2144 if(req->is_drop) { 2145 /* the reply has been dropped, stream has been closed. */ 2146 return; 2147 } 2148 /* If mesh failed(mallocfail) and called commpoint_send_reply with 2149 * something like servfail then we pick up that reply below. */ 2150 if(req->is_reply) { 2151 goto send_it; 2152 } 2153 2154 sldns_buffer_clear(c->buffer); 2155 /* if pending answers, pick up an answer and start sending it */ 2156 tcp_req_pickup_next_result(req); 2157 2158 /* if answers pending, start sending answers */ 2159 /* read more requests if we can have more requests */ 2160 tcp_req_info_setup_listen(req); 2161 } 2162 2163 int 2164 tcp_req_info_add_meshstate(struct tcp_req_info* req, 2165 struct mesh_area* mesh, struct mesh_state* m) 2166 { 2167 struct tcp_req_open_item* item; 2168 log_assert(req && mesh && m); 2169 item = (struct tcp_req_open_item*)malloc(sizeof(*item)); 2170 if(!item) return 0; 2171 item->next = req->open_req_list; 2172 item->mesh = mesh; 2173 item->mesh_state = m; 2174 req->open_req_list = item; 2175 req->num_open_req++; 2176 return 1; 2177 } 2178 2179 /** Add a result to the result list. At the end. */ 2180 static int 2181 tcp_req_info_add_result(struct tcp_req_info* req, uint8_t* buf, size_t len) 2182 { 2183 struct tcp_req_done_item* last = NULL; 2184 struct tcp_req_done_item* item; 2185 size_t space; 2186 2187 /* see if we have space */ 2188 space = sizeof(struct tcp_req_done_item) + len; 2189 lock_basic_lock(&stream_wait_count_lock); 2190 if(stream_wait_count + space > stream_wait_max) { 2191 lock_basic_unlock(&stream_wait_count_lock); 2192 verbose(VERB_ALGO, "drop stream reply, no space left, in stream-wait-size"); 2193 return 0; 2194 } 2195 stream_wait_count += space; 2196 lock_basic_unlock(&stream_wait_count_lock); 2197 2198 /* find last element */ 2199 last = req->done_req_list; 2200 while(last && last->next) 2201 last = last->next; 2202 2203 /* create new element */ 2204 item = (struct tcp_req_done_item*)malloc(sizeof(*item)); 2205 if(!item) { 2206 log_err("malloc failure, for stream result list"); 2207 return 0; 2208 } 2209 item->next = NULL; 2210 item->len = len; 2211 item->buf = memdup(buf, len); 2212 if(!item->buf) { 2213 free(item); 2214 log_err("malloc failure, adding reply to stream result list"); 2215 return 0; 2216 } 2217 2218 /* link in */ 2219 if(last) last->next = item; 2220 else req->done_req_list = item; 2221 req->num_done_req++; 2222 return 1; 2223 } 2224 2225 void 2226 tcp_req_info_send_reply(struct tcp_req_info* req) 2227 { 2228 if(req->in_worker_handle) { 2229 /* reply from mesh is in the spool_buffer */ 2230 /* copy now, so that the spool buffer is free for other tasks 2231 * before the callback is done */ 2232 sldns_buffer_clear(req->cp->buffer); 2233 sldns_buffer_write(req->cp->buffer, 2234 sldns_buffer_begin(req->spool_buffer), 2235 sldns_buffer_limit(req->spool_buffer)); 2236 sldns_buffer_flip(req->cp->buffer); 2237 req->is_reply = 1; 2238 return; 2239 } 2240 /* now that the query has been handled, that mesh_reply entry 2241 * should be removed, from the tcp_req_info list, 2242 * the mesh state cleanup removes then with region_cleanup and 2243 * replies_sent true. */ 2244 /* see if we can send it straight away (we are not doing 2245 * anything else). If so, copy to buffer and start */ 2246 if(req->cp->tcp_is_reading && req->cp->tcp_byte_count == 0) { 2247 /* buffer is free, and was ready to read new query into, 2248 * but we are now going to use it to send this answer */ 2249 tcp_req_info_start_write_buf(req, 2250 sldns_buffer_begin(req->spool_buffer), 2251 sldns_buffer_limit(req->spool_buffer)); 2252 /* switch to listen to write events */ 2253 comm_point_stop_listening(req->cp); 2254 comm_point_start_listening(req->cp, -1, 2255 adjusted_tcp_timeout(req->cp)); 2256 return; 2257 } 2258 /* queue up the answer behind the others already pending */ 2259 if(!tcp_req_info_add_result(req, sldns_buffer_begin(req->spool_buffer), 2260 sldns_buffer_limit(req->spool_buffer))) { 2261 /* drop the connection, we are out of resources */ 2262 comm_point_drop_reply(&req->cp->repinfo); 2263 } 2264 } 2265 2266 size_t tcp_req_info_get_stream_buffer_size(void) 2267 { 2268 size_t s; 2269 if(!stream_wait_lock_inited) 2270 return stream_wait_count; 2271 lock_basic_lock(&stream_wait_count_lock); 2272 s = stream_wait_count; 2273 lock_basic_unlock(&stream_wait_count_lock); 2274 return s; 2275 } 2276 2277 size_t http2_get_query_buffer_size(void) 2278 { 2279 size_t s; 2280 if(!http2_query_buffer_lock_inited) 2281 return http2_query_buffer_count; 2282 lock_basic_lock(&http2_query_buffer_count_lock); 2283 s = http2_query_buffer_count; 2284 lock_basic_unlock(&http2_query_buffer_count_lock); 2285 return s; 2286 } 2287 2288 size_t http2_get_response_buffer_size(void) 2289 { 2290 size_t s; 2291 if(!http2_response_buffer_lock_inited) 2292 return http2_response_buffer_count; 2293 lock_basic_lock(&http2_response_buffer_count_lock); 2294 s = http2_response_buffer_count; 2295 lock_basic_unlock(&http2_response_buffer_count_lock); 2296 return s; 2297 } 2298 2299 #ifdef HAVE_NGHTTP2 2300 /** nghttp2 callback. Used to copy response from rbuffer to nghttp2 session */ 2301 static ssize_t http2_submit_response_read_callback( 2302 nghttp2_session* ATTR_UNUSED(session), 2303 int32_t stream_id, uint8_t* buf, size_t length, uint32_t* data_flags, 2304 nghttp2_data_source* source, void* ATTR_UNUSED(cb_arg)) 2305 { 2306 struct http2_stream* h2_stream; 2307 struct http2_session* h2_session = source->ptr; 2308 size_t copylen = length; 2309 if(!(h2_stream = nghttp2_session_get_stream_user_data( 2310 h2_session->session, stream_id))) { 2311 verbose(VERB_QUERY, "http2: cannot get stream data, closing " 2312 "stream"); 2313 return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; 2314 } 2315 if(!h2_stream->rbuffer || 2316 sldns_buffer_remaining(h2_stream->rbuffer) == 0) { 2317 verbose(VERB_QUERY, "http2: cannot submit buffer. No data " 2318 "available in rbuffer"); 2319 /* rbuffer will be free'd in frame close cb */ 2320 return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; 2321 } 2322 2323 if(copylen > sldns_buffer_remaining(h2_stream->rbuffer)) 2324 copylen = sldns_buffer_remaining(h2_stream->rbuffer); 2325 if(copylen > SSIZE_MAX) 2326 copylen = SSIZE_MAX; /* will probably never happen */ 2327 2328 memcpy(buf, sldns_buffer_current(h2_stream->rbuffer), copylen); 2329 sldns_buffer_skip(h2_stream->rbuffer, copylen); 2330 2331 if(sldns_buffer_remaining(h2_stream->rbuffer) == 0) { 2332 *data_flags |= NGHTTP2_DATA_FLAG_EOF; 2333 lock_basic_lock(&http2_response_buffer_count_lock); 2334 http2_response_buffer_count -= 2335 sldns_buffer_capacity(h2_stream->rbuffer); 2336 lock_basic_unlock(&http2_response_buffer_count_lock); 2337 sldns_buffer_free(h2_stream->rbuffer); 2338 h2_stream->rbuffer = NULL; 2339 } 2340 2341 return copylen; 2342 } 2343 2344 /** 2345 * Send RST_STREAM frame for stream. 2346 * @param h2_session: http2 session to submit frame to 2347 * @param h2_stream: http2 stream containing frame ID to use in RST_STREAM 2348 * @return 0 on error, 1 otherwise 2349 */ 2350 static int http2_submit_rst_stream(struct http2_session* h2_session, 2351 struct http2_stream* h2_stream) 2352 { 2353 int ret = nghttp2_submit_rst_stream(h2_session->session, 2354 NGHTTP2_FLAG_NONE, h2_stream->stream_id, 2355 NGHTTP2_INTERNAL_ERROR); 2356 if(ret) { 2357 verbose(VERB_QUERY, "http2: nghttp2_submit_rst_stream failed, " 2358 "error: %s", nghttp2_strerror(ret)); 2359 return 0; 2360 } 2361 return 1; 2362 } 2363 2364 /** 2365 * DNS response ready to be submitted to nghttp2, to be prepared for sending 2366 * out. Response is stored in c->buffer. Copy to rbuffer because the c->buffer 2367 * might be used before this will be sent out. 2368 * @param h2_session: http2 session, containing c->buffer which contains answer 2369 * @return 0 on error, 1 otherwise 2370 */ 2371 int http2_submit_dns_response(struct http2_session* h2_session) 2372 { 2373 int ret; 2374 nghttp2_data_provider data_prd; 2375 char status[4]; 2376 nghttp2_nv headers[3]; 2377 struct http2_stream* h2_stream = h2_session->c->h2_stream; 2378 size_t rlen; 2379 char rlen_str[32]; 2380 2381 if(h2_stream->rbuffer) { 2382 log_err("http2 submit response error: rbuffer already " 2383 "exists"); 2384 return 0; 2385 } 2386 if(sldns_buffer_remaining(h2_session->c->buffer) == 0) { 2387 log_err("http2 submit response error: c->buffer not complete"); 2388 return 0; 2389 } 2390 2391 if(snprintf(status, 4, "%d", h2_stream->status) != 3) { 2392 verbose(VERB_QUERY, "http2: submit response error: " 2393 "invalid status"); 2394 return 0; 2395 } 2396 2397 rlen = sldns_buffer_remaining(h2_session->c->buffer); 2398 snprintf(rlen_str, sizeof(rlen_str), "%u", (unsigned)rlen); 2399 2400 lock_basic_lock(&http2_response_buffer_count_lock); 2401 if(http2_response_buffer_count + rlen > http2_response_buffer_max) { 2402 lock_basic_unlock(&http2_response_buffer_count_lock); 2403 verbose(VERB_ALGO, "reset HTTP2 stream, no space left, " 2404 "in https-response-buffer-size"); 2405 return http2_submit_rst_stream(h2_session, h2_stream); 2406 } 2407 http2_response_buffer_count += rlen; 2408 lock_basic_unlock(&http2_response_buffer_count_lock); 2409 2410 if(!(h2_stream->rbuffer = sldns_buffer_new(rlen))) { 2411 lock_basic_lock(&http2_response_buffer_count_lock); 2412 http2_response_buffer_count -= rlen; 2413 lock_basic_unlock(&http2_response_buffer_count_lock); 2414 log_err("http2 submit response error: malloc failure"); 2415 return 0; 2416 } 2417 2418 headers[0].name = (uint8_t*)":status"; 2419 headers[0].namelen = 7; 2420 headers[0].value = (uint8_t*)status; 2421 headers[0].valuelen = 3; 2422 headers[0].flags = NGHTTP2_NV_FLAG_NONE; 2423 2424 headers[1].name = (uint8_t*)"content-type"; 2425 headers[1].namelen = 12; 2426 headers[1].value = (uint8_t*)"application/dns-message"; 2427 headers[1].valuelen = 23; 2428 headers[1].flags = NGHTTP2_NV_FLAG_NONE; 2429 2430 headers[2].name = (uint8_t*)"content-length"; 2431 headers[2].namelen = 14; 2432 headers[2].value = (uint8_t*)rlen_str; 2433 headers[2].valuelen = strlen(rlen_str); 2434 headers[2].flags = NGHTTP2_NV_FLAG_NONE; 2435 2436 sldns_buffer_write(h2_stream->rbuffer, 2437 sldns_buffer_current(h2_session->c->buffer), 2438 sldns_buffer_remaining(h2_session->c->buffer)); 2439 sldns_buffer_flip(h2_stream->rbuffer); 2440 2441 data_prd.source.ptr = h2_session; 2442 data_prd.read_callback = http2_submit_response_read_callback; 2443 ret = nghttp2_submit_response(h2_session->session, h2_stream->stream_id, 2444 headers, 3, &data_prd); 2445 if(ret) { 2446 verbose(VERB_QUERY, "http2: set_stream_user_data failed, " 2447 "error: %s", nghttp2_strerror(ret)); 2448 return 0; 2449 } 2450 return 1; 2451 } 2452 #else 2453 int http2_submit_dns_response(void* ATTR_UNUSED(v)) 2454 { 2455 return 0; 2456 } 2457 #endif 2458 2459 #ifdef HAVE_NGHTTP2 2460 /** HTTP status to descriptive string */ 2461 static char* http_status_to_str(enum http_status s) 2462 { 2463 switch(s) { 2464 case HTTP_STATUS_OK: 2465 return "OK"; 2466 case HTTP_STATUS_BAD_REQUEST: 2467 return "Bad Request"; 2468 case HTTP_STATUS_NOT_FOUND: 2469 return "Not Found"; 2470 case HTTP_STATUS_PAYLOAD_TOO_LARGE: 2471 return "Payload Too Large"; 2472 case HTTP_STATUS_URI_TOO_LONG: 2473 return "URI Too Long"; 2474 case HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE: 2475 return "Unsupported Media Type"; 2476 case HTTP_STATUS_NOT_IMPLEMENTED: 2477 return "Not Implemented"; 2478 } 2479 return "Status Unknown"; 2480 } 2481 2482 /** nghttp2 callback. Used to copy error message to nghttp2 session */ 2483 static ssize_t http2_submit_error_read_callback( 2484 nghttp2_session* ATTR_UNUSED(session), 2485 int32_t stream_id, uint8_t* buf, size_t length, uint32_t* data_flags, 2486 nghttp2_data_source* source, void* ATTR_UNUSED(cb_arg)) 2487 { 2488 struct http2_stream* h2_stream; 2489 struct http2_session* h2_session = source->ptr; 2490 char* msg; 2491 if(!(h2_stream = nghttp2_session_get_stream_user_data( 2492 h2_session->session, stream_id))) { 2493 verbose(VERB_QUERY, "http2: cannot get stream data, closing " 2494 "stream"); 2495 return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; 2496 } 2497 *data_flags |= NGHTTP2_DATA_FLAG_EOF; 2498 msg = http_status_to_str(h2_stream->status); 2499 if(length < strlen(msg)) 2500 return 0; /* not worth trying over multiple frames */ 2501 memcpy(buf, msg, strlen(msg)); 2502 return strlen(msg); 2503 2504 } 2505 2506 /** 2507 * HTTP error response ready to be submitted to nghttp2, to be prepared for 2508 * sending out. Message body will contain descriptive string for HTTP status. 2509 * @param h2_session: http2 session to submit to 2510 * @param h2_stream: http2 stream containing HTTP status to use for error 2511 * @return 0 on error, 1 otherwise 2512 */ 2513 static int http2_submit_error(struct http2_session* h2_session, 2514 struct http2_stream* h2_stream) 2515 { 2516 int ret; 2517 char status[4]; 2518 nghttp2_data_provider data_prd; 2519 nghttp2_nv headers[1]; /* will be copied by nghttp */ 2520 if(snprintf(status, 4, "%d", h2_stream->status) != 3) { 2521 verbose(VERB_QUERY, "http2: submit error failed, " 2522 "invalid status"); 2523 return 0; 2524 } 2525 headers[0].name = (uint8_t*)":status"; 2526 headers[0].namelen = 7; 2527 headers[0].value = (uint8_t*)status; 2528 headers[0].valuelen = 3; 2529 headers[0].flags = NGHTTP2_NV_FLAG_NONE; 2530 2531 data_prd.source.ptr = h2_session; 2532 data_prd.read_callback = http2_submit_error_read_callback; 2533 2534 ret = nghttp2_submit_response(h2_session->session, h2_stream->stream_id, 2535 headers, 1, &data_prd); 2536 if(ret) { 2537 verbose(VERB_QUERY, "http2: submit error failed, " 2538 "error: %s", nghttp2_strerror(ret)); 2539 return 0; 2540 } 2541 return 1; 2542 } 2543 2544 /** 2545 * Start query handling. Query is stored in the stream, and will be free'd here. 2546 * @param h2_session: http2 session, containing comm point 2547 * @param h2_stream: stream containing buffered query 2548 * @return: -1 on error, 1 if answer is stored in c->buffer, 0 if there is no 2549 * reply available (yet). 2550 */ 2551 static int http2_query_read_done(struct http2_session* h2_session, 2552 struct http2_stream* h2_stream) 2553 { 2554 log_assert(h2_stream->qbuffer); 2555 2556 if(h2_session->c->h2_stream) { 2557 verbose(VERB_ALGO, "http2_query_read_done failure: shared " 2558 "buffer already assigned to stream"); 2559 return -1; 2560 } 2561 2562 /* the c->buffer might be used by mesh_send_reply and no be cleard 2563 * need to be cleared before use */ 2564 sldns_buffer_clear(h2_session->c->buffer); 2565 if(sldns_buffer_remaining(h2_session->c->buffer) < 2566 sldns_buffer_remaining(h2_stream->qbuffer)) { 2567 /* qbuffer will be free'd in frame close cb */ 2568 sldns_buffer_clear(h2_session->c->buffer); 2569 verbose(VERB_ALGO, "http2_query_read_done failure: can't fit " 2570 "qbuffer in c->buffer"); 2571 return -1; 2572 } 2573 2574 sldns_buffer_write(h2_session->c->buffer, 2575 sldns_buffer_current(h2_stream->qbuffer), 2576 sldns_buffer_remaining(h2_stream->qbuffer)); 2577 2578 lock_basic_lock(&http2_query_buffer_count_lock); 2579 http2_query_buffer_count -= sldns_buffer_capacity(h2_stream->qbuffer); 2580 lock_basic_unlock(&http2_query_buffer_count_lock); 2581 sldns_buffer_free(h2_stream->qbuffer); 2582 h2_stream->qbuffer = NULL; 2583 2584 sldns_buffer_flip(h2_session->c->buffer); 2585 h2_session->c->h2_stream = h2_stream; 2586 fptr_ok(fptr_whitelist_comm_point(h2_session->c->callback)); 2587 if((*h2_session->c->callback)(h2_session->c, h2_session->c->cb_arg, 2588 NETEVENT_NOERROR, &h2_session->c->repinfo)) { 2589 return 1; /* answer in c->buffer */ 2590 } 2591 sldns_buffer_clear(h2_session->c->buffer); 2592 h2_session->c->h2_stream = NULL; 2593 return 0; /* mesh state added, or dropped */ 2594 } 2595 2596 /** nghttp2 callback. Used to check if the received frame indicates the end of a 2597 * stream. Gather collected request data and start query handling. */ 2598 static int http2_req_frame_recv_cb(nghttp2_session* session, 2599 const nghttp2_frame* frame, void* cb_arg) 2600 { 2601 struct http2_session* h2_session = (struct http2_session*)cb_arg; 2602 struct http2_stream* h2_stream; 2603 int query_read_done; 2604 2605 if((frame->hd.type != NGHTTP2_DATA && 2606 frame->hd.type != NGHTTP2_HEADERS) || 2607 !(frame->hd.flags & NGHTTP2_FLAG_END_STREAM)) { 2608 return 0; 2609 } 2610 2611 if(!(h2_stream = nghttp2_session_get_stream_user_data( 2612 session, frame->hd.stream_id))) 2613 return 0; 2614 2615 if(h2_stream->invalid_endpoint) { 2616 h2_stream->status = HTTP_STATUS_NOT_FOUND; 2617 goto submit_http_error; 2618 } 2619 2620 if(h2_stream->invalid_content_type) { 2621 h2_stream->status = HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE; 2622 goto submit_http_error; 2623 } 2624 2625 if(h2_stream->http_method != HTTP_METHOD_GET && 2626 h2_stream->http_method != HTTP_METHOD_POST) { 2627 h2_stream->status = HTTP_STATUS_NOT_IMPLEMENTED; 2628 goto submit_http_error; 2629 } 2630 2631 if(h2_stream->query_too_large) { 2632 if(h2_stream->http_method == HTTP_METHOD_POST) 2633 h2_stream->status = HTTP_STATUS_PAYLOAD_TOO_LARGE; 2634 else 2635 h2_stream->status = HTTP_STATUS_URI_TOO_LONG; 2636 goto submit_http_error; 2637 } 2638 2639 if(!h2_stream->qbuffer) { 2640 h2_stream->status = HTTP_STATUS_BAD_REQUEST; 2641 goto submit_http_error; 2642 } 2643 2644 if(h2_stream->status) { 2645 submit_http_error: 2646 verbose(VERB_QUERY, "http2 request invalid, returning :status=" 2647 "%d", h2_stream->status); 2648 if(!http2_submit_error(h2_session, h2_stream)) { 2649 return NGHTTP2_ERR_CALLBACK_FAILURE; 2650 } 2651 return 0; 2652 } 2653 h2_stream->status = HTTP_STATUS_OK; 2654 2655 sldns_buffer_flip(h2_stream->qbuffer); 2656 h2_session->postpone_drop = 1; 2657 query_read_done = http2_query_read_done(h2_session, h2_stream); 2658 if(query_read_done < 0) 2659 return NGHTTP2_ERR_CALLBACK_FAILURE; 2660 else if(!query_read_done) { 2661 if(h2_session->is_drop) { 2662 /* connection needs to be closed. Return failure to make 2663 * sure no other action are taken anymore on comm point. 2664 * failure will result in reclaiming (and closing) 2665 * of comm point. */ 2666 verbose(VERB_QUERY, "http2 query dropped in worker cb"); 2667 h2_session->postpone_drop = 0; 2668 return NGHTTP2_ERR_CALLBACK_FAILURE; 2669 } 2670 /* nothing to submit right now, query added to mesh. */ 2671 h2_session->postpone_drop = 0; 2672 return 0; 2673 } 2674 if(!http2_submit_dns_response(h2_session)) { 2675 sldns_buffer_clear(h2_session->c->buffer); 2676 h2_session->c->h2_stream = NULL; 2677 return NGHTTP2_ERR_CALLBACK_FAILURE; 2678 } 2679 verbose(VERB_QUERY, "http2 query submitted to session"); 2680 sldns_buffer_clear(h2_session->c->buffer); 2681 h2_session->c->h2_stream = NULL; 2682 return 0; 2683 } 2684 2685 /** nghttp2 callback. Used to detect start of new streams. */ 2686 static int http2_req_begin_headers_cb(nghttp2_session* session, 2687 const nghttp2_frame* frame, void* cb_arg) 2688 { 2689 struct http2_session* h2_session = (struct http2_session*)cb_arg; 2690 struct http2_stream* h2_stream; 2691 int ret; 2692 if(frame->hd.type != NGHTTP2_HEADERS || 2693 frame->headers.cat != NGHTTP2_HCAT_REQUEST) { 2694 /* only interested in request headers */ 2695 return 0; 2696 } 2697 if(!(h2_stream = http2_stream_create(frame->hd.stream_id))) { 2698 log_err("malloc failure while creating http2 stream"); 2699 return NGHTTP2_ERR_CALLBACK_FAILURE; 2700 } 2701 http2_session_add_stream(h2_session, h2_stream); 2702 ret = nghttp2_session_set_stream_user_data(session, 2703 frame->hd.stream_id, h2_stream); 2704 if(ret) { 2705 /* stream does not exist */ 2706 verbose(VERB_QUERY, "http2: set_stream_user_data failed, " 2707 "error: %s", nghttp2_strerror(ret)); 2708 return NGHTTP2_ERR_CALLBACK_FAILURE; 2709 } 2710 2711 return 0; 2712 } 2713 2714 /** 2715 * base64url decode, store in qbuffer 2716 * @param h2_session: http2 session 2717 * @param h2_stream: http2 stream 2718 * @param start: start of the base64 string 2719 * @param length: length of the base64 string 2720 * @return: 0 on error, 1 otherwise. query will be stored in h2_stream->qbuffer, 2721 * buffer will be NULL is unparseble. 2722 */ 2723 static int http2_buffer_uri_query(struct http2_session* h2_session, 2724 struct http2_stream* h2_stream, const uint8_t* start, size_t length) 2725 { 2726 size_t expectb64len; 2727 int b64len; 2728 if(h2_stream->http_method == HTTP_METHOD_POST) 2729 return 1; 2730 if(length == 0) 2731 return 1; 2732 if(h2_stream->qbuffer) { 2733 verbose(VERB_ALGO, "http2_req_header fail, " 2734 "qbuffer already set"); 2735 return 0; 2736 } 2737 2738 /* calculate size, might be a bit bigger than the real 2739 * decoded buffer size */ 2740 expectb64len = sldns_b64_pton_calculate_size(length); 2741 log_assert(expectb64len > 0); 2742 if(expectb64len > 2743 h2_session->c->http2_stream_max_qbuffer_size) { 2744 h2_stream->query_too_large = 1; 2745 return 1; 2746 } 2747 2748 lock_basic_lock(&http2_query_buffer_count_lock); 2749 if(http2_query_buffer_count + expectb64len > http2_query_buffer_max) { 2750 lock_basic_unlock(&http2_query_buffer_count_lock); 2751 verbose(VERB_ALGO, "reset HTTP2 stream, no space left, " 2752 "in http2-query-buffer-size"); 2753 return http2_submit_rst_stream(h2_session, h2_stream); 2754 } 2755 http2_query_buffer_count += expectb64len; 2756 lock_basic_unlock(&http2_query_buffer_count_lock); 2757 if(!(h2_stream->qbuffer = sldns_buffer_new(expectb64len))) { 2758 lock_basic_lock(&http2_query_buffer_count_lock); 2759 http2_query_buffer_count -= expectb64len; 2760 lock_basic_unlock(&http2_query_buffer_count_lock); 2761 log_err("http2_req_header fail, qbuffer " 2762 "malloc failure"); 2763 return 0; 2764 } 2765 2766 if(sldns_b64_contains_nonurl((char const*)start, length)) { 2767 char buf[65536+4]; 2768 verbose(VERB_ALGO, "HTTP2 stream contains wrong b64 encoding"); 2769 /* copy to the scratch buffer temporarily to terminate the 2770 * string with a zero */ 2771 if(length+1 > sizeof(buf)) { 2772 /* too long */ 2773 lock_basic_lock(&http2_query_buffer_count_lock); 2774 http2_query_buffer_count -= expectb64len; 2775 lock_basic_unlock(&http2_query_buffer_count_lock); 2776 sldns_buffer_free(h2_stream->qbuffer); 2777 h2_stream->qbuffer = NULL; 2778 return 1; 2779 } 2780 memmove(buf, start, length); 2781 buf[length] = 0; 2782 if(!(b64len = sldns_b64_pton(buf, sldns_buffer_current( 2783 h2_stream->qbuffer), expectb64len)) || b64len < 0) { 2784 lock_basic_lock(&http2_query_buffer_count_lock); 2785 http2_query_buffer_count -= expectb64len; 2786 lock_basic_unlock(&http2_query_buffer_count_lock); 2787 sldns_buffer_free(h2_stream->qbuffer); 2788 h2_stream->qbuffer = NULL; 2789 return 1; 2790 } 2791 } else { 2792 if(!(b64len = sldns_b64url_pton( 2793 (char const *)start, length, 2794 sldns_buffer_current(h2_stream->qbuffer), 2795 expectb64len)) || b64len < 0) { 2796 lock_basic_lock(&http2_query_buffer_count_lock); 2797 http2_query_buffer_count -= expectb64len; 2798 lock_basic_unlock(&http2_query_buffer_count_lock); 2799 sldns_buffer_free(h2_stream->qbuffer); 2800 h2_stream->qbuffer = NULL; 2801 /* return without error, method can be an 2802 * unknown POST */ 2803 return 1; 2804 } 2805 } 2806 sldns_buffer_skip(h2_stream->qbuffer, (size_t)b64len); 2807 return 1; 2808 } 2809 2810 /** nghttp2 callback. Used to parse headers from HEADER frames. */ 2811 static int http2_req_header_cb(nghttp2_session* session, 2812 const nghttp2_frame* frame, const uint8_t* name, size_t namelen, 2813 const uint8_t* value, size_t valuelen, uint8_t ATTR_UNUSED(flags), 2814 void* cb_arg) 2815 { 2816 struct http2_stream* h2_stream = NULL; 2817 struct http2_session* h2_session = (struct http2_session*)cb_arg; 2818 /* nghttp2 deals with CONTINUATION frames and provides them as part of 2819 * the HEADER */ 2820 if(frame->hd.type != NGHTTP2_HEADERS || 2821 frame->headers.cat != NGHTTP2_HCAT_REQUEST) { 2822 /* only interested in request headers */ 2823 return 0; 2824 } 2825 if(!(h2_stream = nghttp2_session_get_stream_user_data(session, 2826 frame->hd.stream_id))) 2827 return 0; 2828 2829 /* earlier checks already indicate we can stop handling this query */ 2830 if(h2_stream->http_method == HTTP_METHOD_UNSUPPORTED || 2831 h2_stream->invalid_content_type || 2832 h2_stream->invalid_endpoint) 2833 return 0; 2834 2835 2836 /* nghttp2 performs some sanity checks in the headers, including: 2837 * name and value are guaranteed to be null terminated 2838 * name is guaranteed to be lowercase 2839 * content-length value is guaranteed to contain digits 2840 */ 2841 2842 if(!h2_stream->http_method && namelen == 7 && 2843 memcmp(":method", name, namelen) == 0) { 2844 /* Case insensitive check on :method value to be on the safe 2845 * side. I failed to find text about case sensitivity in specs. 2846 */ 2847 if(valuelen == 3 && strcasecmp("GET", (const char*)value) == 0) 2848 h2_stream->http_method = HTTP_METHOD_GET; 2849 else if(valuelen == 4 && 2850 strcasecmp("POST", (const char*)value) == 0) { 2851 h2_stream->http_method = HTTP_METHOD_POST; 2852 if(h2_stream->qbuffer) { 2853 /* POST method uses query from DATA frames */ 2854 lock_basic_lock(&http2_query_buffer_count_lock); 2855 http2_query_buffer_count -= 2856 sldns_buffer_capacity(h2_stream->qbuffer); 2857 lock_basic_unlock(&http2_query_buffer_count_lock); 2858 sldns_buffer_free(h2_stream->qbuffer); 2859 h2_stream->qbuffer = NULL; 2860 } 2861 } else 2862 h2_stream->http_method = HTTP_METHOD_UNSUPPORTED; 2863 return 0; 2864 } 2865 if(namelen == 5 && memcmp(":path", name, namelen) == 0) { 2866 /* :path may contain DNS query, depending on method. Method might 2867 * not be known yet here, so check after finishing receiving 2868 * stream. */ 2869 #define HTTP_QUERY_PARAM "?dns=" 2870 size_t el = strlen(h2_session->c->http_endpoint); 2871 size_t qpl = strlen(HTTP_QUERY_PARAM); 2872 2873 if(valuelen < el || memcmp(h2_session->c->http_endpoint, 2874 value, el) != 0) { 2875 h2_stream->invalid_endpoint = 1; 2876 return 0; 2877 } 2878 /* larger than endpoint only allowed if it is for the query 2879 * parameter */ 2880 if(valuelen <= el+qpl || 2881 memcmp(HTTP_QUERY_PARAM, value+el, qpl) != 0) { 2882 if(valuelen != el) 2883 h2_stream->invalid_endpoint = 1; 2884 return 0; 2885 } 2886 2887 if(!http2_buffer_uri_query(h2_session, h2_stream, 2888 value+(el+qpl), valuelen-(el+qpl))) { 2889 return NGHTTP2_ERR_CALLBACK_FAILURE; 2890 } 2891 return 0; 2892 } 2893 /* Content type is a SHOULD (rfc7231#section-3.1.1.5) when using POST, 2894 * and not needed when using GET. Don't enfore. 2895 * If set only allow lowercase "application/dns-message". 2896 * 2897 * Clients SHOULD (rfc8484#section-4.1) set an accept header, but MUST 2898 * be able to handle "application/dns-message". Since that is the only 2899 * content-type supported we can ignore the accept header. 2900 */ 2901 if((namelen == 12 && memcmp("content-type", name, namelen) == 0)) { 2902 if(valuelen != 23 || memcmp("application/dns-message", value, 2903 valuelen) != 0) { 2904 h2_stream->invalid_content_type = 1; 2905 } 2906 } 2907 2908 /* Only interested in content-lentg for POST (on not yet known) method. 2909 */ 2910 if((!h2_stream->http_method || 2911 h2_stream->http_method == HTTP_METHOD_POST) && 2912 !h2_stream->content_length && namelen == 14 && 2913 memcmp("content-length", name, namelen) == 0) { 2914 if(valuelen > 5) { 2915 h2_stream->query_too_large = 1; 2916 return 0; 2917 } 2918 /* guaranteed to only contain digits and be null terminated */ 2919 h2_stream->content_length = atoi((const char*)value); 2920 if(h2_stream->content_length > 2921 h2_session->c->http2_stream_max_qbuffer_size) { 2922 h2_stream->query_too_large = 1; 2923 return 0; 2924 } 2925 } 2926 return 0; 2927 } 2928 2929 /** nghttp2 callback. Used to get data from DATA frames, which can contain 2930 * queries in POST requests. */ 2931 static int http2_req_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session), 2932 uint8_t ATTR_UNUSED(flags), int32_t stream_id, const uint8_t* data, 2933 size_t len, void* cb_arg) 2934 { 2935 struct http2_session* h2_session = (struct http2_session*)cb_arg; 2936 struct http2_stream* h2_stream; 2937 size_t qlen = 0; 2938 2939 if(!(h2_stream = nghttp2_session_get_stream_user_data( 2940 h2_session->session, stream_id))) { 2941 return 0; 2942 } 2943 2944 if(h2_stream->query_too_large) 2945 return 0; 2946 2947 if(!h2_stream->qbuffer) { 2948 if(h2_stream->content_length) { 2949 if(h2_stream->content_length < len) 2950 /* getting more data in DATA frame than 2951 * advertised in content-length header. */ 2952 return NGHTTP2_ERR_CALLBACK_FAILURE; 2953 qlen = h2_stream->content_length; 2954 } else if(len <= h2_session->c->http2_stream_max_qbuffer_size) { 2955 /* setting this to msg-buffer-size can result in a lot 2956 * of memory consuption. Most queries should fit in a 2957 * single DATA frame, and most POST queries will 2958 * contain content-length which does not impose this 2959 * limit. */ 2960 qlen = len; 2961 } 2962 } 2963 if(!h2_stream->qbuffer && qlen) { 2964 lock_basic_lock(&http2_query_buffer_count_lock); 2965 if(http2_query_buffer_count + qlen > http2_query_buffer_max) { 2966 lock_basic_unlock(&http2_query_buffer_count_lock); 2967 verbose(VERB_ALGO, "reset HTTP2 stream, no space left, " 2968 "in http2-query-buffer-size"); 2969 return http2_submit_rst_stream(h2_session, h2_stream); 2970 } 2971 http2_query_buffer_count += qlen; 2972 lock_basic_unlock(&http2_query_buffer_count_lock); 2973 if(!(h2_stream->qbuffer = sldns_buffer_new(qlen))) { 2974 lock_basic_lock(&http2_query_buffer_count_lock); 2975 http2_query_buffer_count -= qlen; 2976 lock_basic_unlock(&http2_query_buffer_count_lock); 2977 } 2978 } 2979 2980 if(!h2_stream->qbuffer || 2981 sldns_buffer_remaining(h2_stream->qbuffer) < len) { 2982 verbose(VERB_ALGO, "http2 data_chunck_recv failed. Not enough " 2983 "buffer space for POST query. Can happen on multi " 2984 "frame requests without content-length header"); 2985 h2_stream->query_too_large = 1; 2986 return 0; 2987 } 2988 2989 sldns_buffer_write(h2_stream->qbuffer, data, len); 2990 2991 return 0; 2992 } 2993 2994 void http2_req_stream_clear(struct http2_stream* h2_stream) 2995 { 2996 if(h2_stream->qbuffer) { 2997 lock_basic_lock(&http2_query_buffer_count_lock); 2998 http2_query_buffer_count -= 2999 sldns_buffer_capacity(h2_stream->qbuffer); 3000 lock_basic_unlock(&http2_query_buffer_count_lock); 3001 sldns_buffer_free(h2_stream->qbuffer); 3002 h2_stream->qbuffer = NULL; 3003 } 3004 if(h2_stream->rbuffer) { 3005 lock_basic_lock(&http2_response_buffer_count_lock); 3006 http2_response_buffer_count -= 3007 sldns_buffer_capacity(h2_stream->rbuffer); 3008 lock_basic_unlock(&http2_response_buffer_count_lock); 3009 sldns_buffer_free(h2_stream->rbuffer); 3010 h2_stream->rbuffer = NULL; 3011 } 3012 } 3013 3014 nghttp2_session_callbacks* http2_req_callbacks_create(void) 3015 { 3016 nghttp2_session_callbacks *callbacks; 3017 if(nghttp2_session_callbacks_new(&callbacks) == NGHTTP2_ERR_NOMEM) { 3018 log_err("failed to initialize nghttp2 callback"); 3019 return NULL; 3020 } 3021 /* reception of header block started, used to create h2_stream */ 3022 nghttp2_session_callbacks_set_on_begin_headers_callback(callbacks, 3023 http2_req_begin_headers_cb); 3024 /* complete frame received, used to get data from stream if frame 3025 * has end stream flag, and start processing query */ 3026 nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks, 3027 http2_req_frame_recv_cb); 3028 /* get request info from headers */ 3029 nghttp2_session_callbacks_set_on_header_callback(callbacks, 3030 http2_req_header_cb); 3031 /* get data from DATA frames, containing POST query */ 3032 nghttp2_session_callbacks_set_on_data_chunk_recv_callback(callbacks, 3033 http2_req_data_chunk_recv_cb); 3034 3035 /* generic HTTP2 callbacks */ 3036 nghttp2_session_callbacks_set_recv_callback(callbacks, http2_recv_cb); 3037 nghttp2_session_callbacks_set_send_callback(callbacks, http2_send_cb); 3038 nghttp2_session_callbacks_set_on_stream_close_callback(callbacks, 3039 http2_stream_close_cb); 3040 3041 return callbacks; 3042 } 3043 #endif /* HAVE_NGHTTP2 */ 3044