1 /* $OpenBSD: frontend.c,v 1.61 2021/01/19 16:50:23 florian Exp $ */ 2 3 /* 4 * Copyright (c) 2018 Florian Obser <florian@openbsd.org> 5 * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> 6 * Copyright (c) 2004 Esben Norby <norby@openbsd.org> 7 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 8 * 9 * Permission to use, copy, modify, and distribute this software for any 10 * purpose with or without fee is hereby granted, provided that the above 11 * copyright notice and this permission notice appear in all copies. 12 * 13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 */ 21 22 #include <sys/types.h> 23 #include <sys/queue.h> 24 #include <sys/socket.h> 25 #include <sys/syslog.h> 26 #include <sys/tree.h> 27 #include <sys/uio.h> 28 29 #include <netinet/in.h> 30 #include <net/if.h> 31 #include <net/route.h> 32 33 #include <errno.h> 34 #include <event.h> 35 #include <imsg.h> 36 #include <netdb.h> 37 #include <pwd.h> 38 #include <signal.h> 39 #include <stdint.h> 40 #include <stdio.h> 41 #include <stdlib.h> 42 #include <string.h> 43 #include <time.h> 44 #include <unistd.h> 45 46 #include "libunbound/config.h" 47 #include "libunbound/sldns/pkthdr.h" 48 #include "libunbound/sldns/sbuffer.h" 49 #include "libunbound/sldns/str2wire.h" 50 #include "libunbound/sldns/wire2str.h" 51 #include "libunbound/util/alloc.h" 52 #include "libunbound/util/net_help.h" 53 #include "libunbound/util/regional.h" 54 #include "libunbound/util/data/dname.h" 55 #include "libunbound/util/data/msgencode.h" 56 #include "libunbound/util/data/msgparse.h" 57 #include "libunbound/util/data/msgreply.h" 58 59 #include "log.h" 60 #include "unwind.h" 61 #include "frontend.h" 62 #include "control.h" 63 64 #define ROUTE_SOCKET_BUF_SIZE 16384 65 66 /* 67 * size of a resource record with name a two octed pointer to qname 68 * 2 octets pointer to qname 69 * 2 octets TYPE 70 * 2 octets CLASS 71 * 4 octets TTL 72 * 2 octets RDLENGTH 73 */ 74 #define COMPRESSED_RR_SIZE 12 75 #define MINIMIZE_ANSWER 1 76 77 #define FD_RESERVE 5 78 #define TCP_TIMEOUT 15 79 #define DEFAULT_TCP_SIZE 512 80 81 struct udp_ev { 82 struct event ev; 83 uint8_t query[65536]; 84 struct msghdr rcvmhdr; 85 struct iovec rcviov[1]; 86 struct sockaddr_storage from; 87 } udp4ev, udp6ev; 88 89 struct tcp_accept_ev { 90 struct event ev; 91 struct event pause; 92 } tcp4ev, tcp6ev; 93 94 struct pending_query { 95 TAILQ_ENTRY(pending_query) entry; 96 struct sockaddr_storage from; 97 struct sldns_buffer *qbuf; 98 struct sldns_buffer *abuf; 99 struct regional *region; 100 struct query_info qinfo; 101 struct msg_parse *qmsg; 102 struct edns_data edns; 103 struct event ev; /* for tcp */ 104 struct event resp_ev; /* for tcp */ 105 struct event tmo_ev; /* for tcp */ 106 uint64_t imsg_id; 107 int fd; 108 int tcp; 109 }; 110 111 TAILQ_HEAD(, pending_query) pending_queries; 112 113 struct bl_node { 114 RB_ENTRY(bl_node) entry; 115 char *domain; 116 }; 117 118 __dead void frontend_shutdown(void); 119 void frontend_sig_handler(int, short, void *); 120 void frontend_startup(void); 121 void udp_receive(int, short, void *); 122 void handle_query(struct pending_query *); 123 void free_pending_query(struct pending_query *); 124 void tcp_accept(int, short, void *); 125 int accept_reserve(int, struct sockaddr *, socklen_t *); 126 void accept_paused(int, short, void *); 127 void tcp_request(int, short, void *); 128 void tcp_response(int, short, void *); 129 void tcp_timeout(int, short, void *); 130 int check_query(sldns_buffer*); 131 void noerror_answer(struct pending_query *); 132 void chaos_answer(struct pending_query *); 133 void error_answer(struct pending_query *, int rcode); 134 void send_answer(struct pending_query *); 135 void route_receive(int, short, void *); 136 void handle_route_message(struct rt_msghdr *, 137 struct sockaddr **); 138 void get_rtaddrs(int, struct sockaddr *, 139 struct sockaddr **); 140 void rtmget_default(void); 141 struct pending_query *find_pending_query(uint64_t); 142 void parse_trust_anchor(struct trust_anchor_head *, int); 143 void send_trust_anchors(struct trust_anchor_head *); 144 void write_trust_anchors(struct trust_anchor_head *, int); 145 void parse_blocklist(int); 146 int bl_cmp(struct bl_node *, struct bl_node *); 147 void free_bl(void); 148 int pending_query_cnt(void); 149 150 struct uw_conf *frontend_conf; 151 struct imsgev *iev_main; 152 struct imsgev *iev_resolver; 153 struct event ev_route; 154 int udp4sock = -1, udp6sock = -1, routesock = -1; 155 int tcp4sock = -1, tcp6sock = -1; 156 int ta_fd = -1; 157 158 static struct trust_anchor_head trust_anchors, new_trust_anchors; 159 160 RB_HEAD(bl_tree, bl_node) bl_head = RB_INITIALIZER(&bl_head); 161 RB_PROTOTYPE(bl_tree, bl_node, entry, bl_cmp) 162 RB_GENERATE(bl_tree, bl_node, entry, bl_cmp) 163 164 void 165 frontend_sig_handler(int sig, short event, void *bula) 166 { 167 /* 168 * Normal signal handler rules don't apply because libevent 169 * decouples for us. 170 */ 171 172 switch (sig) { 173 case SIGINT: 174 case SIGTERM: 175 frontend_shutdown(); 176 default: 177 fatalx("unexpected signal"); 178 } 179 } 180 181 void 182 frontend(int debug, int verbose) 183 { 184 struct event ev_sigint, ev_sigterm; 185 struct passwd *pw; 186 187 frontend_conf = config_new_empty(); 188 control_state.fd = -1; 189 190 log_init(debug, LOG_DAEMON); 191 log_setverbose(verbose); 192 193 if ((pw = getpwnam(UNWIND_USER)) == NULL) 194 fatal("getpwnam"); 195 196 if (chroot(pw->pw_dir) == -1) 197 fatal("chroot"); 198 if (chdir("/") == -1) 199 fatal("chdir(\"/\")"); 200 201 setproctitle("%s", "frontend"); 202 log_procinit("frontend"); 203 204 if (setgroups(1, &pw->pw_gid) || 205 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || 206 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) 207 fatal("can't drop privileges"); 208 209 if (pledge("stdio unix recvfd", NULL) == -1) 210 fatal("pledge"); 211 212 event_init(); 213 214 /* Setup signal handler. */ 215 signal_set(&ev_sigint, SIGINT, frontend_sig_handler, NULL); 216 signal_set(&ev_sigterm, SIGTERM, frontend_sig_handler, NULL); 217 signal_add(&ev_sigint, NULL); 218 signal_add(&ev_sigterm, NULL); 219 signal(SIGPIPE, SIG_IGN); 220 signal(SIGHUP, SIG_IGN); 221 222 /* Setup pipe and event handler to the parent process. */ 223 if (iev_main != NULL) 224 fatal("iev_main"); 225 if ((iev_main = malloc(sizeof(struct imsgev))) == NULL) 226 fatal(NULL); 227 imsg_init(&iev_main->ibuf, 3); 228 iev_main->handler = frontend_dispatch_main; 229 iev_main->events = EV_READ; 230 event_set(&iev_main->ev, iev_main->ibuf.fd, iev_main->events, 231 iev_main->handler, iev_main); 232 event_add(&iev_main->ev, NULL); 233 234 udp4ev.rcviov[0].iov_base = (caddr_t)udp4ev.query; 235 udp4ev.rcviov[0].iov_len = sizeof(udp4ev.query); 236 udp4ev.rcvmhdr.msg_name = (caddr_t)&udp4ev.from; 237 udp4ev.rcvmhdr.msg_namelen = sizeof(udp4ev.from); 238 udp4ev.rcvmhdr.msg_iov = udp4ev.rcviov; 239 udp4ev.rcvmhdr.msg_iovlen = 1; 240 241 udp6ev.rcviov[0].iov_base = (caddr_t)udp6ev.query; 242 udp6ev.rcviov[0].iov_len = sizeof(udp6ev.query); 243 udp6ev.rcvmhdr.msg_name = (caddr_t)&udp6ev.from; 244 udp6ev.rcvmhdr.msg_namelen = sizeof(udp6ev.from); 245 udp6ev.rcvmhdr.msg_iov = udp6ev.rcviov; 246 udp6ev.rcvmhdr.msg_iovlen = 1; 247 248 TAILQ_INIT(&pending_queries); 249 250 TAILQ_INIT(&trust_anchors); 251 TAILQ_INIT(&new_trust_anchors); 252 253 add_new_ta(&trust_anchors, KSK2017); 254 255 event_dispatch(); 256 257 frontend_shutdown(); 258 } 259 260 __dead void 261 frontend_shutdown(void) 262 { 263 /* Close pipes. */ 264 msgbuf_write(&iev_resolver->ibuf.w); 265 msgbuf_clear(&iev_resolver->ibuf.w); 266 close(iev_resolver->ibuf.fd); 267 msgbuf_write(&iev_main->ibuf.w); 268 msgbuf_clear(&iev_main->ibuf.w); 269 close(iev_main->ibuf.fd); 270 271 config_clear(frontend_conf); 272 273 free(iev_resolver); 274 free(iev_main); 275 276 log_info("frontend exiting"); 277 exit(0); 278 } 279 280 int 281 frontend_imsg_compose_main(int type, pid_t pid, void *data, uint16_t datalen) 282 { 283 return (imsg_compose_event(iev_main, type, 0, pid, -1, data, datalen)); 284 } 285 286 int 287 frontend_imsg_compose_resolver(int type, pid_t pid, void *data, 288 uint16_t datalen) 289 { 290 return (imsg_compose_event(iev_resolver, type, 0, pid, -1, data, 291 datalen)); 292 } 293 294 void 295 frontend_dispatch_main(int fd, short event, void *bula) 296 { 297 static struct uw_conf *nconf; 298 struct imsg imsg; 299 struct imsgev *iev = bula; 300 struct imsgbuf *ibuf = &iev->ibuf; 301 int n, shut = 0; 302 303 if (event & EV_READ) { 304 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 305 fatal("imsg_read error"); 306 if (n == 0) /* Connection closed. */ 307 shut = 1; 308 } 309 if (event & EV_WRITE) { 310 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) 311 fatal("msgbuf_write"); 312 if (n == 0) /* Connection closed. */ 313 shut = 1; 314 } 315 316 for (;;) { 317 if ((n = imsg_get(ibuf, &imsg)) == -1) 318 fatal("%s: imsg_get error", __func__); 319 if (n == 0) /* No more messages. */ 320 break; 321 322 switch (imsg.hdr.type) { 323 case IMSG_SOCKET_IPC_RESOLVER: 324 /* 325 * Setup pipe and event handler to the resolver 326 * process. 327 */ 328 if (iev_resolver) { 329 fatalx("%s: received unexpected imsg fd " 330 "to frontend", __func__); 331 break; 332 } 333 if ((fd = imsg.fd) == -1) { 334 fatalx("%s: expected to receive imsg fd to " 335 "frontend but didn't receive any", 336 __func__); 337 break; 338 } 339 340 if (iev_resolver != NULL) 341 fatal("iev_resolver"); 342 iev_resolver = malloc(sizeof(struct imsgev)); 343 if (iev_resolver == NULL) 344 fatal(NULL); 345 346 imsg_init(&iev_resolver->ibuf, fd); 347 iev_resolver->handler = frontend_dispatch_resolver; 348 iev_resolver->events = EV_READ; 349 350 event_set(&iev_resolver->ev, iev_resolver->ibuf.fd, 351 iev_resolver->events, iev_resolver->handler, 352 iev_resolver); 353 event_add(&iev_resolver->ev, NULL); 354 break; 355 case IMSG_RECONF_CONF: 356 case IMSG_RECONF_BLOCKLIST_FILE: 357 case IMSG_RECONF_FORWARDER: 358 case IMSG_RECONF_DOT_FORWARDER: 359 case IMSG_RECONF_FORCE: 360 imsg_receive_config(&imsg, &nconf); 361 break; 362 case IMSG_RECONF_END: 363 if (nconf == NULL) 364 fatalx("%s: IMSG_RECONF_END without " 365 "IMSG_RECONF_CONF", __func__); 366 merge_config(frontend_conf, nconf); 367 if (frontend_conf->blocklist_file == NULL) 368 free_bl(); 369 nconf = NULL; 370 break; 371 case IMSG_UDP6SOCK: 372 if (udp6sock != -1) 373 fatalx("%s: received unexpected udp6sock", 374 __func__); 375 if ((udp6sock = imsg.fd) == -1) 376 fatalx("%s: expected to receive imsg " 377 "UDP6 fd but didn't receive any", __func__); 378 event_set(&udp6ev.ev, udp6sock, EV_READ | EV_PERSIST, 379 udp_receive, &udp6ev); 380 event_add(&udp6ev.ev, NULL); 381 break; 382 case IMSG_UDP4SOCK: 383 if (udp4sock != -1) 384 fatalx("%s: received unexpected udp4sock", 385 __func__); 386 if ((udp4sock = imsg.fd) == -1) 387 fatalx("%s: expected to receive imsg " 388 "UDP4 fd but didn't receive any", __func__); 389 event_set(&udp4ev.ev, udp4sock, EV_READ | EV_PERSIST, 390 udp_receive, &udp4ev); 391 event_add(&udp4ev.ev, NULL); 392 break; 393 case IMSG_TCP4SOCK: 394 if (tcp4sock != -1) 395 fatalx("%s: received unexpected tcp4sock", 396 __func__); 397 if ((tcp4sock = imsg.fd) == -1) 398 fatalx("%s: expected to receive imsg " 399 "TCP4 fd but didn't receive any", __func__); 400 event_set(&tcp4ev.ev, tcp4sock, EV_READ | EV_PERSIST, 401 tcp_accept, &tcp4ev); 402 event_add(&tcp4ev.ev, NULL); 403 evtimer_set(&tcp4ev.pause, accept_paused, &tcp4ev); 404 break; 405 case IMSG_TCP6SOCK: 406 if (tcp6sock != -1) 407 fatalx("%s: received unexpected tcp6sock", 408 __func__); 409 if ((tcp6sock = imsg.fd) == -1) 410 fatalx("%s: expected to receive imsg " 411 "TCP6 fd but didn't receive any", __func__); 412 event_set(&tcp6ev.ev, tcp6sock, EV_READ | EV_PERSIST, 413 tcp_accept, &tcp6ev); 414 event_add(&tcp6ev.ev, NULL); 415 evtimer_set(&tcp6ev.pause, accept_paused, &tcp6ev); 416 break; 417 case IMSG_ROUTESOCK: 418 if (routesock != -1) 419 fatalx("%s: received unexpected routesock", 420 __func__); 421 if ((fd = imsg.fd) == -1) 422 fatalx("%s: expected to receive imsg " 423 "routesocket fd but didn't receive any", 424 __func__); 425 routesock = fd; 426 event_set(&ev_route, fd, EV_READ | EV_PERSIST, 427 route_receive, NULL); 428 break; 429 case IMSG_STARTUP: 430 frontend_startup(); 431 break; 432 case IMSG_CONTROLFD: 433 if (control_state.fd != -1) 434 fatalx("%s: received unexpected controlsock", 435 __func__); 436 if ((fd = imsg.fd) == -1) 437 fatalx("%s: expected to receive imsg control " 438 "fd but didn't receive any", __func__); 439 control_state.fd = fd; 440 /* Listen on control socket. */ 441 TAILQ_INIT(&ctl_conns); 442 control_listen(); 443 break; 444 case IMSG_TAFD: 445 if ((ta_fd = imsg.fd) != -1) 446 parse_trust_anchor(&trust_anchors, ta_fd); 447 if (!TAILQ_EMPTY(&trust_anchors)) 448 send_trust_anchors(&trust_anchors); 449 break; 450 case IMSG_BLFD: 451 if ((fd = imsg.fd) == -1) 452 fatalx("%s: expected to receive imsg block " 453 "list fd but didn't receive any", __func__); 454 parse_blocklist(fd); 455 break; 456 default: 457 log_debug("%s: error handling imsg %d", __func__, 458 imsg.hdr.type); 459 break; 460 } 461 imsg_free(&imsg); 462 } 463 if (!shut) 464 imsg_event_add(iev); 465 else { 466 /* This pipe is dead. Remove its event handler. */ 467 event_del(&iev->ev); 468 event_loopexit(NULL); 469 } 470 } 471 472 void 473 frontend_dispatch_resolver(int fd, short event, void *bula) 474 { 475 struct pending_query *pq; 476 struct imsgev *iev = bula; 477 struct imsgbuf *ibuf = &iev->ibuf; 478 struct imsg imsg; 479 int n, shut = 0, chg; 480 481 if (event & EV_READ) { 482 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 483 fatal("imsg_read error"); 484 if (n == 0) /* Connection closed. */ 485 shut = 1; 486 } 487 if (event & EV_WRITE) { 488 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) 489 fatal("msgbuf_write"); 490 if (n == 0) /* Connection closed. */ 491 shut = 1; 492 } 493 494 for (;;) { 495 if ((n = imsg_get(ibuf, &imsg)) == -1) 496 fatal("%s: imsg_get error", __func__); 497 if (n == 0) /* No more messages. */ 498 break; 499 500 switch (imsg.hdr.type) { 501 case IMSG_ANSWER: { 502 struct answer_header *answer_header; 503 int data_len; 504 uint8_t *data; 505 506 if (IMSG_DATA_SIZE(imsg) < sizeof(*answer_header)) 507 fatalx("%s: IMSG_ANSWER wrong length: " 508 "%lu", __func__, IMSG_DATA_SIZE(imsg)); 509 answer_header = (struct answer_header *)imsg.data; 510 data = (uint8_t *)imsg.data + sizeof(*answer_header); 511 if (answer_header->answer_len > UINT16_MAX) 512 fatalx("%s: IMSG_ANSWER answer too big: %d", 513 __func__, answer_header->answer_len); 514 data_len = IMSG_DATA_SIZE(imsg) - 515 sizeof(*answer_header); 516 517 if ((pq = find_pending_query(answer_header->id)) == 518 NULL) { 519 log_warnx("%s: cannot find pending query %llu", 520 __func__, answer_header->id); 521 break; 522 } 523 524 if (answer_header->srvfail) { 525 error_answer(pq, LDNS_RCODE_SERVFAIL); 526 send_answer(pq); 527 break; 528 } 529 530 if (answer_header->bogus && !(pq->qmsg->flags & 531 BIT_CD)) { 532 error_answer(pq, LDNS_RCODE_SERVFAIL); 533 send_answer(pq); 534 break; 535 } 536 537 if (sldns_buffer_position(pq->abuf) == 0 && 538 !sldns_buffer_set_capacity(pq->abuf, 539 answer_header->answer_len)) { 540 error_answer(pq, LDNS_RCODE_SERVFAIL); 541 send_answer(pq); 542 break; 543 } 544 545 if (sldns_buffer_position(pq->abuf) + data_len > 546 sldns_buffer_capacity(pq->abuf)) 547 fatalx("%s: IMSG_ANSWER answer too big: %d", 548 __func__, data_len); 549 sldns_buffer_write(pq->abuf, data, data_len); 550 551 if (sldns_buffer_position(pq->abuf) == 552 sldns_buffer_capacity(pq->abuf)) { 553 sldns_buffer_flip(pq->abuf); 554 noerror_answer(pq); 555 send_answer(pq); 556 } 557 break; 558 } 559 case IMSG_CTL_RESOLVER_INFO: 560 case IMSG_CTL_AUTOCONF_RESOLVER_INFO: 561 case IMSG_CTL_MEM_INFO: 562 case IMSG_CTL_END: 563 control_imsg_relay(&imsg); 564 break; 565 case IMSG_NEW_TA: 566 /* make sure this is a string */ 567 ((char *)imsg.data)[IMSG_DATA_SIZE(imsg) - 1] = '\0'; 568 add_new_ta(&new_trust_anchors, imsg.data); 569 break; 570 case IMSG_NEW_TAS_ABORT: 571 free_tas(&new_trust_anchors); 572 break; 573 case IMSG_NEW_TAS_DONE: 574 chg = merge_tas(&new_trust_anchors, &trust_anchors); 575 if (chg) 576 send_trust_anchors(&trust_anchors); 577 578 /* 579 * always write trust anchors, the modify date on 580 * the file is an indication when we made progress 581 */ 582 if (ta_fd != -1) 583 write_trust_anchors(&trust_anchors, ta_fd); 584 break; 585 default: 586 log_debug("%s: error handling imsg %d", __func__, 587 imsg.hdr.type); 588 break; 589 } 590 imsg_free(&imsg); 591 } 592 if (!shut) 593 imsg_event_add(iev); 594 else { 595 /* This pipe is dead. Remove its event handler. */ 596 event_del(&iev->ev); 597 event_loopexit(NULL); 598 } 599 } 600 601 void 602 frontend_startup(void) 603 { 604 if (!event_initialized(&ev_route)) 605 fatalx("%s: did not receive a route socket from the main " 606 "process", __func__); 607 608 event_add(&ev_route, NULL); 609 610 frontend_imsg_compose_main(IMSG_STARTUP_DONE, 0, NULL, 0); 611 } 612 613 void 614 free_pending_query(struct pending_query *pq) 615 { 616 if (!pq) 617 return; 618 619 TAILQ_REMOVE(&pending_queries, pq, entry); 620 regional_destroy(pq->region); 621 sldns_buffer_free(pq->qbuf); 622 sldns_buffer_free(pq->abuf); 623 if (pq->tcp) { 624 if (event_initialized(&pq->ev)) 625 event_del(&pq->ev); 626 if (event_initialized(&pq->resp_ev)) 627 event_del(&pq->resp_ev); 628 if (event_initialized(&pq->tmo_ev)) 629 event_del(&pq->tmo_ev); 630 if (pq->fd != -1) 631 close(pq->fd); 632 } 633 free(pq); 634 } 635 636 void 637 udp_receive(int fd, short events, void *arg) 638 { 639 struct udp_ev *udpev = (struct udp_ev *)arg; 640 struct pending_query *pq = NULL; 641 ssize_t len; 642 643 if ((len = recvmsg(fd, &udpev->rcvmhdr, 0)) == -1) { 644 log_warn("recvmsg"); 645 return; 646 } 647 648 if ((pq = calloc(1, sizeof(*pq))) == NULL) { 649 log_warn(NULL); 650 return; 651 } 652 653 do { 654 arc4random_buf(&pq->imsg_id, sizeof(pq->imsg_id)); 655 } while(find_pending_query(pq->imsg_id) != NULL); 656 657 TAILQ_INSERT_TAIL(&pending_queries, pq, entry); 658 659 pq->from = udpev->from; 660 pq->fd = fd; 661 pq->qbuf = sldns_buffer_new(len); 662 pq->abuf = sldns_buffer_new(len); /* make sure we can send errors */ 663 pq->region = regional_create(); 664 pq->qmsg = regional_alloc(pq->region, sizeof(*pq->qmsg)); 665 666 if (!pq->qbuf || !pq->abuf || !pq->region || !pq->qmsg) { 667 log_warnx("out of memory"); 668 free_pending_query(pq); 669 return; 670 } 671 672 memset(pq->qmsg, 0, sizeof(*pq->qmsg)); 673 sldns_buffer_write(pq->qbuf, udpev->query, len); 674 sldns_buffer_flip(pq->qbuf); 675 handle_query(pq); 676 } 677 678 void 679 handle_query(struct pending_query *pq) 680 { 681 struct query_imsg query_imsg; 682 struct bl_node find; 683 int rcode; 684 char *str; 685 char dname[LDNS_MAX_DOMAINLEN + 1]; 686 char qclass_buf[16]; 687 char qtype_buf[16]; 688 689 if (log_getverbose() & OPT_VERBOSE2 && (str = 690 sldns_wire2str_pkt(sldns_buffer_begin(pq->qbuf), 691 sldns_buffer_limit(pq->qbuf))) != NULL) { 692 log_debug("from: %s\n%s", ip_port((struct sockaddr *) 693 &pq->from), str); 694 free(str); 695 } 696 697 if (!query_info_parse(&pq->qinfo, pq->qbuf)) { 698 log_warnx("query_info_parse failed"); 699 goto drop; 700 } 701 702 sldns_buffer_rewind(pq->qbuf); 703 704 if (parse_packet(pq->qbuf, pq->qmsg, pq->region) != 705 LDNS_RCODE_NOERROR) { 706 log_warnx("parse_packet failed"); 707 goto drop; 708 } 709 710 rcode = check_query(pq->qbuf); 711 switch (rcode) { 712 case LDNS_RCODE_NOERROR: 713 break; 714 case -1: 715 goto drop; 716 default: 717 error_answer(pq, rcode); 718 goto send_answer; 719 } 720 721 rcode = parse_extract_edns(pq->qmsg, &pq->edns, pq->region); 722 if (rcode != LDNS_RCODE_NOERROR) { 723 error_answer(pq, rcode); 724 goto send_answer; 725 } 726 727 if (!dname_valid(pq->qinfo.qname, pq->qinfo.qname_len)) { 728 error_answer(pq, LDNS_RCODE_FORMERR); 729 goto send_answer; 730 } 731 dname_str(pq->qinfo.qname, dname); 732 733 sldns_wire2str_class_buf(pq->qinfo.qclass, qclass_buf, 734 sizeof(qclass_buf)); 735 sldns_wire2str_type_buf(pq->qinfo.qtype, qtype_buf, sizeof(qtype_buf)); 736 log_debug("%s: %s %s %s ?", ip_port((struct sockaddr *)&pq->from), 737 dname, qclass_buf, qtype_buf); 738 739 find.domain = dname; 740 if (RB_FIND(bl_tree, &bl_head, &find) != NULL) { 741 if (frontend_conf->blocklist_log) 742 log_info("blocking %s", dname); 743 error_answer(pq, LDNS_RCODE_REFUSED); 744 goto send_answer; 745 } 746 747 if (pq->qinfo.qtype == LDNS_RR_TYPE_AXFR || pq->qinfo.qtype == 748 LDNS_RR_TYPE_IXFR) { 749 error_answer(pq, LDNS_RCODE_REFUSED); 750 goto send_answer; 751 } 752 753 if(pq->qinfo.qtype == LDNS_RR_TYPE_OPT || 754 pq->qinfo.qtype == LDNS_RR_TYPE_TSIG || 755 pq->qinfo.qtype == LDNS_RR_TYPE_TKEY || 756 pq->qinfo.qtype == LDNS_RR_TYPE_MAILA || 757 pq->qinfo.qtype == LDNS_RR_TYPE_MAILB || 758 (pq->qinfo.qtype >= 128 && pq->qinfo.qtype <= 248)) { 759 error_answer(pq, LDNS_RCODE_FORMERR); 760 goto send_answer; 761 } 762 763 if (pq->qinfo.qclass == LDNS_RR_CLASS_CH) { 764 if (strcasecmp(dname, "version.server.") == 0 || 765 strcasecmp(dname, "version.bind.") == 0) { 766 chaos_answer(pq); 767 } else 768 error_answer(pq, LDNS_RCODE_REFUSED); 769 goto send_answer; 770 } 771 772 if (strlcpy(query_imsg.qname, dname, sizeof(query_imsg.qname)) >= 773 sizeof(query_imsg.qname)) { 774 log_warnx("qname too long"); 775 error_answer(pq, LDNS_RCODE_FORMERR); 776 goto send_answer; 777 } 778 query_imsg.id = pq->imsg_id; 779 query_imsg.t = pq->qinfo.qtype; 780 query_imsg.c = pq->qinfo.qclass; 781 782 if (frontend_imsg_compose_resolver(IMSG_QUERY, 0, &query_imsg, 783 sizeof(query_imsg)) == -1) { 784 error_answer(pq, LDNS_RCODE_SERVFAIL); 785 goto send_answer; 786 } 787 return; 788 789 send_answer: 790 send_answer(pq); 791 return; 792 793 drop: 794 free_pending_query(pq); 795 } 796 797 void 798 noerror_answer(struct pending_query *pq) 799 { 800 struct query_info skip, qinfo; 801 struct reply_info *rinfo = NULL; 802 struct alloc_cache alloc; 803 struct edns_data edns; 804 805 alloc_init(&alloc, NULL, 0); 806 memset(&qinfo, 0, sizeof(qinfo)); 807 /* read past query section, no memory is allocated */ 808 if (!query_info_parse(&skip, pq->abuf)) 809 goto srvfail; 810 811 if (reply_info_parse(pq->abuf, &alloc, &qinfo, &rinfo, pq->region, 812 &edns) != 0) 813 goto srvfail; 814 /* reply_info_parse() allocates memory */ 815 query_info_clear(&qinfo); 816 817 sldns_buffer_clear(pq->abuf); 818 if (reply_info_encode(&pq->qinfo, rinfo, pq->qmsg->id, rinfo->flags, 819 pq->abuf, 0, pq->region, pq->tcp ? UINT16_MAX : pq->edns.udp_size, 820 pq->edns.bits & EDNS_DO, MINIMIZE_ANSWER) == 0) 821 goto srvfail; 822 823 reply_info_parsedelete(rinfo, &alloc); 824 alloc_clear(&alloc); 825 return; 826 827 srvfail: 828 reply_info_parsedelete(rinfo, &alloc); 829 alloc_clear(&alloc); 830 error_answer(pq, LDNS_RCODE_SERVFAIL); 831 } 832 833 void 834 chaos_answer(struct pending_query *pq) 835 { 836 size_t len; 837 const char *name = "unwind"; 838 839 len = strlen(name); 840 if (!sldns_buffer_set_capacity(pq->abuf, 841 sldns_buffer_capacity(pq->qbuf) + COMPRESSED_RR_SIZE + 1 + len)) { 842 error_answer(pq, LDNS_RCODE_SERVFAIL); 843 return; 844 } 845 846 sldns_buffer_copy(pq->abuf, pq->qbuf); 847 848 sldns_buffer_clear(pq->abuf); 849 850 sldns_buffer_skip(pq->abuf, sizeof(uint16_t)); /* skip id */ 851 sldns_buffer_write_u16(pq->abuf, 0); /* clear flags */ 852 LDNS_QR_SET(sldns_buffer_begin(pq->abuf)); 853 LDNS_RA_SET(sldns_buffer_begin(pq->abuf)); 854 if (LDNS_RD_WIRE(sldns_buffer_begin(pq->qbuf))) 855 LDNS_RD_SET(sldns_buffer_begin(pq->abuf)); 856 if (LDNS_CD_WIRE(sldns_buffer_begin(pq->qbuf))) 857 LDNS_CD_SET(sldns_buffer_begin(pq->abuf)); 858 LDNS_RCODE_SET(sldns_buffer_begin(pq->abuf), LDNS_RCODE_NOERROR); 859 sldns_buffer_write_u16(pq->abuf, 1); /* qdcount */ 860 sldns_buffer_write_u16(pq->abuf, 1); /* ancount */ 861 sldns_buffer_write_u16(pq->abuf, 0); /* nscount */ 862 sldns_buffer_write_u16(pq->abuf, 0); /* arcount */ 863 (void)query_dname_len(pq->abuf); /* skip qname */ 864 sldns_buffer_skip(pq->abuf, sizeof(uint16_t)); /* skip qtype */ 865 sldns_buffer_skip(pq->abuf, sizeof(uint16_t)); /* skip qclass */ 866 867 sldns_buffer_write_u16(pq->abuf, 0xc00c); /* ptr to query */ 868 sldns_buffer_write_u16(pq->abuf, LDNS_RR_TYPE_TXT); 869 sldns_buffer_write_u16(pq->abuf, LDNS_RR_CLASS_CH); 870 sldns_buffer_write_u32(pq->abuf, 0); /* TTL */ 871 sldns_buffer_write_u16(pq->abuf, 1 + len); /* RDLENGTH */ 872 sldns_buffer_write_u8(pq->abuf, len); /* length octed */ 873 sldns_buffer_write(pq->abuf, name, len); 874 sldns_buffer_flip(pq->abuf); 875 } 876 877 void 878 error_answer(struct pending_query *pq, int rcode) 879 { 880 sldns_buffer_clear(pq->abuf); 881 error_encode(pq->abuf, rcode, &pq->qinfo, pq->qmsg->id, 882 pq->qmsg->flags, pq->edns.edns_present ? &pq->edns : NULL); 883 } 884 885 int 886 check_query(sldns_buffer* pkt) 887 { 888 if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) { 889 log_warnx("bad query: too short, dropped"); 890 return -1; 891 } 892 if(LDNS_QR_WIRE(sldns_buffer_begin(pkt))) { 893 log_warnx("bad query: QR set, dropped"); 894 return -1; 895 } 896 if(LDNS_TC_WIRE(sldns_buffer_begin(pkt))) { 897 LDNS_TC_CLR(sldns_buffer_begin(pkt)); 898 log_warnx("bad query: TC set"); 899 return (LDNS_RCODE_FORMERR); 900 } 901 if(!(LDNS_RD_WIRE(sldns_buffer_begin(pkt)))) { 902 log_warnx("bad query: RD not set"); 903 return (LDNS_RCODE_REFUSED); 904 } 905 if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY) { 906 log_warnx("bad query: unknown opcode %d", 907 LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt))); 908 return (LDNS_RCODE_NOTIMPL); 909 } 910 911 if (LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1 && 912 LDNS_ANCOUNT(sldns_buffer_begin(pkt))!= 0 && 913 LDNS_NSCOUNT(sldns_buffer_begin(pkt))!= 0 && 914 LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) { 915 log_warnx("bad query: qdcount: %d, ancount: %d " 916 "nscount: %d, arcount: %d", 917 LDNS_QDCOUNT(sldns_buffer_begin(pkt)), 918 LDNS_ANCOUNT(sldns_buffer_begin(pkt)), 919 LDNS_NSCOUNT(sldns_buffer_begin(pkt)), 920 LDNS_ARCOUNT(sldns_buffer_begin(pkt))); 921 return (LDNS_RCODE_FORMERR); 922 } 923 return 0; 924 } 925 926 void 927 send_answer(struct pending_query *pq) 928 { 929 char *str; 930 931 if (log_getverbose() & OPT_VERBOSE2 && (str = 932 sldns_wire2str_pkt(sldns_buffer_begin(pq->abuf), 933 sldns_buffer_limit(pq->abuf))) != NULL) { 934 log_debug("from: %s\n%s", ip_port((struct sockaddr *) 935 &pq->from), str); 936 free(str); 937 } 938 939 if (!pq->tcp) { 940 if(sendto(pq->fd, sldns_buffer_current(pq->abuf), 941 sldns_buffer_remaining(pq->abuf), 0, 942 (struct sockaddr *)&pq->from, pq->from.ss_len) == -1) 943 log_warn("sendto"); 944 free_pending_query(pq); 945 } else { 946 struct sldns_buffer *tmp; 947 948 tmp = sldns_buffer_new(sldns_buffer_limit(pq->abuf) + 2); 949 950 if (!tmp) { 951 free_pending_query(pq); 952 return; 953 } 954 955 sldns_buffer_write_u16(tmp, sldns_buffer_limit(pq->abuf)); 956 sldns_buffer_write(tmp, sldns_buffer_current(pq->abuf), 957 sldns_buffer_remaining(pq->abuf)); 958 sldns_buffer_flip(tmp); 959 sldns_buffer_free(pq->abuf); 960 pq->abuf = tmp; 961 event_add(&pq->resp_ev, NULL); 962 } 963 } 964 965 char* 966 ip_port(struct sockaddr *sa) 967 { 968 static char hbuf[NI_MAXHOST], buf[NI_MAXHOST]; 969 970 if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), NULL, 0, 971 NI_NUMERICHOST) != 0) { 972 snprintf(buf, sizeof(buf), "%s", "(unknown)"); 973 return buf; 974 } 975 976 if (sa->sa_family == AF_INET6) 977 snprintf(buf, sizeof(buf), "[%s]:%d", hbuf, ntohs( 978 ((struct sockaddr_in6 *)sa)->sin6_port)); 979 if (sa->sa_family == AF_INET) 980 snprintf(buf, sizeof(buf), "[%s]:%d", hbuf, ntohs( 981 ((struct sockaddr_in *)sa)->sin_port)); 982 983 return buf; 984 } 985 986 struct pending_query* 987 find_pending_query(uint64_t id) 988 { 989 struct pending_query *pq; 990 991 TAILQ_FOREACH(pq, &pending_queries, entry) 992 if (pq->imsg_id == id) 993 return pq; 994 return NULL; 995 } 996 997 void 998 route_receive(int fd, short events, void *arg) 999 { 1000 static uint8_t *buf; 1001 1002 struct rt_msghdr *rtm; 1003 struct sockaddr *sa, *rti_info[RTAX_MAX]; 1004 ssize_t n; 1005 1006 if (buf == NULL) { 1007 buf = malloc(ROUTE_SOCKET_BUF_SIZE); 1008 if (buf == NULL) 1009 fatal("malloc"); 1010 } 1011 rtm = (struct rt_msghdr *)buf; 1012 if ((n = read(fd, buf, ROUTE_SOCKET_BUF_SIZE)) == -1) { 1013 if (errno == EAGAIN || errno == EINTR) 1014 return; 1015 log_warn("dispatch_rtmsg: read error"); 1016 return; 1017 } 1018 1019 if (n == 0) 1020 fatal("routing socket closed"); 1021 1022 if (n < (ssize_t)sizeof(rtm->rtm_msglen) || n < rtm->rtm_msglen) { 1023 log_warnx("partial rtm of %zd in buffer", n); 1024 return; 1025 } 1026 1027 if (rtm->rtm_version != RTM_VERSION) 1028 return; 1029 1030 sa = (struct sockaddr *)(buf + rtm->rtm_hdrlen); 1031 get_rtaddrs(rtm->rtm_addrs, sa, rti_info); 1032 1033 handle_route_message(rtm, rti_info); 1034 } 1035 1036 #define ROUNDUP(a) \ 1037 ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) 1038 1039 void 1040 get_rtaddrs(int addrs, struct sockaddr *sa, struct sockaddr **rti_info) 1041 { 1042 int i; 1043 1044 for (i = 0; i < RTAX_MAX; i++) { 1045 if (addrs & (1 << i)) { 1046 rti_info[i] = sa; 1047 sa = (struct sockaddr *)((char *)(sa) + 1048 ROUNDUP(sa->sa_len)); 1049 } else 1050 rti_info[i] = NULL; 1051 } 1052 } 1053 1054 void 1055 handle_route_message(struct rt_msghdr *rtm, struct sockaddr **rti_info) 1056 { 1057 struct imsg_rdns_proposal rdns_proposal; 1058 struct sockaddr_rtdns *rtdns; 1059 struct if_announcemsghdr *ifan; 1060 1061 switch (rtm->rtm_type) { 1062 case RTM_IFANNOUNCE: 1063 ifan = (struct if_announcemsghdr *)rtm; 1064 if (ifan->ifan_what == IFAN_ARRIVAL) 1065 break; 1066 rdns_proposal.if_index = ifan->ifan_index; 1067 rdns_proposal.src = 0; 1068 rdns_proposal.rtdns.sr_family = AF_INET; 1069 rdns_proposal.rtdns.sr_len = offsetof(struct sockaddr_rtdns, 1070 sr_dns); 1071 frontend_imsg_compose_resolver(IMSG_REPLACE_DNS, 0, 1072 &rdns_proposal, sizeof(rdns_proposal)); 1073 break; 1074 case RTM_IFINFO: 1075 frontend_imsg_compose_resolver(IMSG_NETWORK_CHANGED, 0, NULL, 1076 0); 1077 break; 1078 case RTM_PROPOSAL: 1079 if (!(rtm->rtm_addrs & RTA_DNS)) 1080 break; 1081 1082 rtdns = (struct sockaddr_rtdns*)rti_info[RTAX_DNS]; 1083 switch (rtdns->sr_family) { 1084 case AF_INET: 1085 if ((rtdns->sr_len - 2) % sizeof(struct in_addr) != 0) { 1086 log_warnx("ignoring invalid RTM_PROPOSAL"); 1087 return; 1088 } 1089 break; 1090 case AF_INET6: 1091 if ((rtdns->sr_len - 2) % sizeof(struct in6_addr) != 0) { 1092 log_warnx("ignoring invalid RTM_PROPOSAL"); 1093 return; 1094 } 1095 break; 1096 default: 1097 log_warnx("ignoring invalid RTM_PROPOSAL"); 1098 return; 1099 } 1100 rdns_proposal.if_index = rtm->rtm_index; 1101 rdns_proposal.src = rtm->rtm_priority; 1102 memcpy(&rdns_proposal.rtdns, rtdns, sizeof(rdns_proposal.rtdns)); 1103 frontend_imsg_compose_resolver(IMSG_REPLACE_DNS, 0, 1104 &rdns_proposal, sizeof(rdns_proposal)); 1105 break; 1106 default: 1107 break; 1108 } 1109 } 1110 1111 void 1112 add_new_ta(struct trust_anchor_head *tah, char *val) 1113 { 1114 struct trust_anchor *ta, *i; 1115 int cmp; 1116 1117 if ((ta = malloc(sizeof(*ta))) == NULL) 1118 fatal("%s", __func__); 1119 if ((ta->ta = strdup(val)) == NULL) 1120 fatal("%s", __func__); 1121 1122 /* keep the list sorted to prevent churn if the order changes in DNS */ 1123 TAILQ_FOREACH(i, tah, entry) { 1124 cmp = strcmp(i->ta, ta->ta); 1125 if ( cmp == 0) { 1126 /* duplicate */ 1127 free(ta->ta); 1128 free(ta); 1129 return; 1130 } else if (cmp > 0) { 1131 TAILQ_INSERT_BEFORE(i, ta, entry); 1132 return; 1133 } 1134 } 1135 TAILQ_INSERT_TAIL(tah, ta, entry); 1136 } 1137 1138 void 1139 free_tas(struct trust_anchor_head *tah) 1140 { 1141 struct trust_anchor *ta; 1142 1143 while ((ta = TAILQ_FIRST(tah))) { 1144 TAILQ_REMOVE(tah, ta, entry); 1145 free(ta->ta); 1146 free(ta); 1147 } 1148 } 1149 1150 int 1151 merge_tas(struct trust_anchor_head *newh, struct trust_anchor_head *oldh) 1152 { 1153 struct trust_anchor *i, *j; 1154 int chg = 0; 1155 1156 j = TAILQ_FIRST(oldh); 1157 1158 TAILQ_FOREACH(i, newh, entry) { 1159 if (j == NULL || strcmp(i->ta, j->ta) != 0) { 1160 chg = 1; 1161 break; 1162 } 1163 j = TAILQ_NEXT(j, entry); 1164 } 1165 if (j != NULL) 1166 chg = 1; 1167 1168 if (chg) { 1169 free_tas(oldh); 1170 TAILQ_CONCAT(oldh, newh, entry); 1171 } else { 1172 free_tas(newh); 1173 } 1174 return (chg); 1175 } 1176 1177 void 1178 parse_trust_anchor(struct trust_anchor_head *tah, int fd) 1179 { 1180 size_t len, dname_len; 1181 ssize_t n, sz; 1182 uint8_t rr[LDNS_RR_BUF_SIZE]; 1183 char *str, *p, buf[512], *line; 1184 1185 sz = 0; 1186 str = NULL; 1187 1188 while ((n = read(fd, buf, sizeof(buf))) > 0) { 1189 p = recallocarray(str, sz, sz + n, 1); 1190 if (p == NULL) { 1191 log_warn("%s", __func__); 1192 goto out; 1193 } 1194 str = p; 1195 memcpy(str + sz, buf, n); 1196 sz += n; 1197 } 1198 1199 if (n == -1) { 1200 log_warn("%s", __func__); 1201 goto out; 1202 } 1203 1204 /* make it a string */ 1205 p = recallocarray(str, sz, sz + 1, 1); 1206 if (p == NULL) { 1207 log_warn("%s", __func__); 1208 goto out; 1209 } 1210 str = p; 1211 sz++; 1212 1213 len = sizeof(rr); 1214 1215 while ((line = strsep(&p, "\n")) != NULL) { 1216 if (sldns_str2wire_rr_buf(line, rr, &len, &dname_len, 1217 ROOT_DNSKEY_TTL, NULL, 0, NULL, 0) != 0) 1218 continue; 1219 if (sldns_wirerr_get_type(rr, len, dname_len) == 1220 LDNS_RR_TYPE_DNSKEY) 1221 add_new_ta(tah, line); 1222 } 1223 1224 out: 1225 free(str); 1226 return; 1227 } 1228 1229 void 1230 send_trust_anchors(struct trust_anchor_head *tah) 1231 { 1232 struct trust_anchor *ta; 1233 1234 TAILQ_FOREACH(ta, tah, entry) 1235 frontend_imsg_compose_resolver(IMSG_NEW_TA, 0, ta->ta, 1236 strlen(ta->ta) + 1); 1237 frontend_imsg_compose_resolver(IMSG_NEW_TAS_DONE, 0, NULL, 0); 1238 } 1239 1240 void 1241 write_trust_anchors(struct trust_anchor_head *tah, int fd) 1242 { 1243 struct trust_anchor *ta; 1244 size_t len = 0; 1245 ssize_t n; 1246 char *str; 1247 1248 if (lseek(fd, 0, SEEK_SET) == -1) { 1249 log_warn("%s", __func__); 1250 goto out; 1251 } 1252 1253 TAILQ_FOREACH(ta, tah, entry) { 1254 if ((n = asprintf(&str, "%s\n", ta->ta)) == -1) { 1255 log_warn("%s", __func__); 1256 len = 0; 1257 goto out; 1258 } 1259 len += n; 1260 if (write(fd, str, n) != n) { 1261 log_warn("%s", __func__); 1262 free(str); 1263 len = 0; 1264 goto out; 1265 } 1266 free(str); 1267 } 1268 out: 1269 ftruncate(fd, len); 1270 fsync(fd); 1271 } 1272 1273 void 1274 parse_blocklist(int fd) 1275 { 1276 FILE *f; 1277 struct bl_node *bl_node; 1278 char *line = NULL; 1279 size_t linesize = 0; 1280 ssize_t linelen; 1281 1282 if((f = fdopen(fd, "r")) == NULL) { 1283 log_warn("cannot read block list"); 1284 close(fd); 1285 return; 1286 } 1287 1288 free_bl(); 1289 1290 while ((linelen = getline(&line, &linesize, f)) != -1) { 1291 if (line[linelen - 1] == '\n') { 1292 if (linelen >= 2 && line[linelen - 2] != '.') 1293 line[linelen - 1] = '.'; 1294 else 1295 line[linelen - 1] = '\0'; 1296 } 1297 1298 bl_node = malloc(sizeof *bl_node); 1299 if (bl_node == NULL) 1300 fatal("%s: malloc", __func__); 1301 if ((bl_node->domain = strdup(line)) == NULL) 1302 fatal("%s: strdup", __func__); 1303 if (RB_INSERT(bl_tree, &bl_head, bl_node) != NULL) { 1304 log_warnx("duplicate blocked domain \"%s\"", line); 1305 free(bl_node->domain); 1306 free(bl_node); 1307 } 1308 } 1309 free(line); 1310 if (ferror(f)) 1311 log_warn("getline"); 1312 fclose(f); 1313 } 1314 1315 int 1316 bl_cmp(struct bl_node *e1, struct bl_node *e2) { 1317 return (strcasecmp(e1->domain, e2->domain)); 1318 } 1319 1320 void 1321 free_bl(void) 1322 { 1323 struct bl_node *n, *nxt; 1324 1325 RB_FOREACH_SAFE(n, bl_tree, &bl_head, nxt) { 1326 RB_REMOVE(bl_tree, &bl_head, n); 1327 free(n->domain); 1328 free(n); 1329 } 1330 } 1331 1332 int 1333 pending_query_cnt(void) 1334 { 1335 struct pending_query *e; 1336 int cnt = 0; 1337 1338 TAILQ_FOREACH(e, &pending_queries, entry) 1339 cnt++; 1340 return cnt; 1341 } 1342 1343 void 1344 accept_paused(int fd, short events, void *arg) 1345 { 1346 struct tcp_accept_ev *tcpev = arg; 1347 event_add(&tcpev->ev, NULL); 1348 } 1349 1350 int 1351 accept_reserve(int sockfd, struct sockaddr *addr, socklen_t *addrlen) 1352 { 1353 if (getdtablecount() + FD_RESERVE >= getdtablesize()) { 1354 log_debug("%s: inflight fds exceeded", __func__); 1355 errno = EMFILE; 1356 return -1; 1357 } 1358 return accept4(sockfd, addr, addrlen, SOCK_NONBLOCK | SOCK_CLOEXEC); 1359 } 1360 1361 void 1362 tcp_accept(int fd, short events, void *arg) 1363 { 1364 static struct timeval timeout = {TCP_TIMEOUT, 0}; 1365 static struct timeval backoff = {1, 0}; 1366 struct pending_query *pq; 1367 struct tcp_accept_ev *tcpev; 1368 struct sockaddr_storage ss; 1369 socklen_t len; 1370 int s; 1371 1372 tcpev = arg; 1373 len = sizeof(ss); 1374 1375 if ((s = accept_reserve(fd, (struct sockaddr *)&ss, &len)) == -1) { 1376 switch (errno) { 1377 case EINTR: 1378 case EWOULDBLOCK: 1379 case ECONNABORTED: 1380 return; 1381 case EMFILE: 1382 case ENFILE: 1383 event_del(&tcpev->ev); 1384 evtimer_add(&tcpev->pause, &backoff); 1385 return; 1386 default: 1387 fatal("accept"); 1388 } 1389 } 1390 1391 if ((pq = calloc(1, sizeof(*pq))) == NULL) { 1392 log_warn(NULL); 1393 close(s); 1394 return; 1395 } 1396 1397 do { 1398 arc4random_buf(&pq->imsg_id, sizeof(pq->imsg_id)); 1399 } while(find_pending_query(pq->imsg_id) != NULL); 1400 1401 TAILQ_INSERT_TAIL(&pending_queries, pq, entry); 1402 1403 pq->from = ss; 1404 pq->fd = s; 1405 pq->tcp = 1; 1406 pq->qbuf = sldns_buffer_new(DEFAULT_TCP_SIZE); 1407 pq->region = regional_create(); 1408 pq->qmsg = regional_alloc(pq->region, sizeof(*pq->qmsg)); 1409 1410 if (!pq->qbuf || !pq->region || !pq->qmsg) { 1411 free_pending_query(pq); 1412 return; 1413 } 1414 1415 memset(pq->qmsg, 0, sizeof(*pq->qmsg)); 1416 1417 event_set(&pq->ev, s, EV_READ | EV_PERSIST, tcp_request, pq); 1418 event_add(&pq->ev, NULL); 1419 event_set(&pq->resp_ev, s, EV_WRITE | EV_PERSIST, tcp_response, pq); 1420 1421 evtimer_set(&pq->tmo_ev, tcp_timeout, pq); 1422 evtimer_add(&pq->tmo_ev, &timeout); 1423 } 1424 1425 void 1426 tcp_request(int fd, short events, void *arg) 1427 { 1428 struct pending_query *pq; 1429 ssize_t n; 1430 1431 pq = arg; 1432 1433 n = read(fd, sldns_buffer_current(pq->qbuf), 1434 sldns_buffer_remaining(pq->qbuf)); 1435 1436 switch (n) { 1437 case -1: 1438 switch (errno) { 1439 case EINTR: 1440 case EAGAIN: 1441 return; 1442 default: 1443 goto fail; 1444 } 1445 break; 1446 case 0: 1447 log_debug("closed connection"); 1448 goto fail; 1449 default: 1450 break; 1451 } 1452 1453 sldns_buffer_skip(pq->qbuf, n); 1454 1455 if (sldns_buffer_position(pq->qbuf) >= 2 && !pq->abuf) { 1456 struct sldns_buffer *tmp; 1457 uint16_t len; 1458 1459 sldns_buffer_flip(pq->qbuf); 1460 len = sldns_buffer_read_u16(pq->qbuf); 1461 tmp = sldns_buffer_new(len); 1462 pq->abuf = sldns_buffer_new(len); 1463 1464 if (!tmp || !pq->abuf) 1465 goto fail; 1466 1467 sldns_buffer_write(tmp, sldns_buffer_current(pq->qbuf), 1468 sldns_buffer_remaining(pq->qbuf)); 1469 sldns_buffer_free(pq->qbuf); 1470 pq->qbuf = tmp; 1471 } 1472 if (sldns_buffer_remaining(pq->qbuf) == 0) { 1473 sldns_buffer_flip(pq->qbuf); 1474 shutdown(fd, SHUT_RD); 1475 event_del(&pq->ev); 1476 handle_query(pq); 1477 } 1478 return; 1479 fail: 1480 free_pending_query(pq); 1481 } 1482 1483 void 1484 tcp_response(int fd, short events, void *arg) 1485 { 1486 struct pending_query *pq; 1487 ssize_t n; 1488 1489 pq = arg; 1490 1491 n = write(fd, sldns_buffer_current(pq->abuf), 1492 sldns_buffer_remaining(pq->abuf)); 1493 1494 if (n == -1) { 1495 if (errno == EAGAIN || errno == EINTR) 1496 return; 1497 free_pending_query(pq); 1498 } 1499 sldns_buffer_skip(pq->abuf, n); 1500 if (sldns_buffer_remaining(pq->abuf) == 0) 1501 free_pending_query(pq); 1502 } 1503 1504 void 1505 tcp_timeout(int fd, short events, void *arg) 1506 { 1507 free_pending_query(arg); 1508 } 1509