1ae8c6e27Sflorian /* 2ae8c6e27Sflorian * unbound.h - unbound validating resolver public API 3ae8c6e27Sflorian * 4ae8c6e27Sflorian * Copyright (c) 2007, NLnet Labs. All rights reserved. 5ae8c6e27Sflorian * 6ae8c6e27Sflorian * This software is open source. 7ae8c6e27Sflorian * 8ae8c6e27Sflorian * Redistribution and use in source and binary forms, with or without 9ae8c6e27Sflorian * modification, are permitted provided that the following conditions 10ae8c6e27Sflorian * are met: 11ae8c6e27Sflorian * 12ae8c6e27Sflorian * Redistributions of source code must retain the above copyright notice, 13ae8c6e27Sflorian * this list of conditions and the following disclaimer. 14ae8c6e27Sflorian * 15ae8c6e27Sflorian * Redistributions in binary form must reproduce the above copyright notice, 16ae8c6e27Sflorian * this list of conditions and the following disclaimer in the documentation 17ae8c6e27Sflorian * and/or other materials provided with the distribution. 18ae8c6e27Sflorian * 19ae8c6e27Sflorian * Neither the name of the NLNET LABS nor the names of its contributors may 20ae8c6e27Sflorian * be used to endorse or promote products derived from this software without 21ae8c6e27Sflorian * specific prior written permission. 22ae8c6e27Sflorian * 23ae8c6e27Sflorian * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24ae8c6e27Sflorian * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25ae8c6e27Sflorian * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26ae8c6e27Sflorian * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27ae8c6e27Sflorian * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28ae8c6e27Sflorian * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29ae8c6e27Sflorian * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30ae8c6e27Sflorian * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31ae8c6e27Sflorian * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32ae8c6e27Sflorian * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33ae8c6e27Sflorian * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34ae8c6e27Sflorian */ 35ae8c6e27Sflorian 36ae8c6e27Sflorian /** 37ae8c6e27Sflorian * \file 38ae8c6e27Sflorian * 39ae8c6e27Sflorian * This file contains functions to resolve DNS queries and 40ae8c6e27Sflorian * validate the answers. Synchronously and asynchronously. 41ae8c6e27Sflorian * 42ae8c6e27Sflorian * Several ways to use this interface from an application wishing 43ae8c6e27Sflorian * to perform (validated) DNS lookups. 44ae8c6e27Sflorian * 45ae8c6e27Sflorian * All start with 46ae8c6e27Sflorian * ctx = ub_ctx_create(); 47ae8c6e27Sflorian * err = ub_ctx_add_ta(ctx, "..."); 48ae8c6e27Sflorian * err = ub_ctx_add_ta(ctx, "..."); 49ae8c6e27Sflorian * ... some lookups 50ae8c6e27Sflorian * ... call ub_ctx_delete(ctx); when you want to stop. 51ae8c6e27Sflorian * 52ae8c6e27Sflorian * Application not threaded. Blocking. 53ae8c6e27Sflorian * int err = ub_resolve(ctx, "www.example.com", ... 54ae8c6e27Sflorian * if(err) fprintf(stderr, "lookup error: %s\n", ub_strerror(err)); 55ae8c6e27Sflorian * ... use the answer 56ae8c6e27Sflorian * 57ae8c6e27Sflorian * Application not threaded. Non-blocking ('asynchronous'). 58ae8c6e27Sflorian * err = ub_resolve_async(ctx, "www.example.com", ... my_callback); 59ae8c6e27Sflorian * ... application resumes processing ... 60ae8c6e27Sflorian * ... and when either ub_poll(ctx) is true 61ae8c6e27Sflorian * ... or when the file descriptor ub_fd(ctx) is readable, 62ae8c6e27Sflorian * ... or whenever, the app calls ... 63ae8c6e27Sflorian * ub_process(ctx); 64ae8c6e27Sflorian * ... if no result is ready, the app resumes processing above, 65ae8c6e27Sflorian * ... or process() calls my_callback() with results. 66ae8c6e27Sflorian * 67ae8c6e27Sflorian * ... if the application has nothing more to do, wait for answer 68ae8c6e27Sflorian * ub_wait(ctx); 69ae8c6e27Sflorian * 70ae8c6e27Sflorian * Application threaded. Blocking. 71ae8c6e27Sflorian * Blocking, same as above. The current thread does the work. 72ae8c6e27Sflorian * Multiple threads can use the *same context*, each does work and uses 73ae8c6e27Sflorian * shared cache data from the context. 74ae8c6e27Sflorian * 75ae8c6e27Sflorian * Application threaded. Non-blocking ('asynchronous'). 76ae8c6e27Sflorian * ... setup threaded-asynchronous config option 77ae8c6e27Sflorian * err = ub_ctx_async(ctx, 1); 78ae8c6e27Sflorian * ... same as async for non-threaded 79ae8c6e27Sflorian * ... the callbacks are called in the thread that calls process(ctx) 80ae8c6e27Sflorian * 81ae8c6e27Sflorian * Openssl needs to have locking in place, and the application must set 82ae8c6e27Sflorian * it up, because a mere library cannot do this, use the calls 83ae8c6e27Sflorian * CRYPTO_set_id_callback and CRYPTO_set_locking_callback. 84ae8c6e27Sflorian * 85ae8c6e27Sflorian * If no threading is compiled in, the above async example uses fork(2) to 86ae8c6e27Sflorian * create a process to perform the work. The forked process exits when the 87ae8c6e27Sflorian * calling process exits, or ctx_delete() is called. 88ae8c6e27Sflorian * Otherwise, for asynchronous with threading, a worker thread is created. 89ae8c6e27Sflorian * 90ae8c6e27Sflorian * The blocking calls use shared ctx-cache when threaded. Thus 91ae8c6e27Sflorian * ub_resolve() and ub_resolve_async() && ub_wait() are 92ae8c6e27Sflorian * not the same. The first makes the current thread do the work, setting 93ae8c6e27Sflorian * up buffers, etc, to perform the work (but using shared cache data). 94ae8c6e27Sflorian * The second calls another worker thread (or process) to perform the work. 95ae8c6e27Sflorian * And no buffers need to be set up, but a context-switch happens. 96ae8c6e27Sflorian */ 97*d500c338Sflorian #ifndef UB_UNBOUND_H 98*d500c338Sflorian #define UB_UNBOUND_H 99ae8c6e27Sflorian 100ae8c6e27Sflorian #ifdef __cplusplus 101ae8c6e27Sflorian extern "C" { 102ae8c6e27Sflorian #endif 103ae8c6e27Sflorian 104ae8c6e27Sflorian /** the version of this header file */ 105ae8c6e27Sflorian #define UNBOUND_VERSION_MAJOR @UNBOUND_VERSION_MAJOR@ 106ae8c6e27Sflorian #define UNBOUND_VERSION_MINOR @UNBOUND_VERSION_MINOR@ 107ae8c6e27Sflorian #define UNBOUND_VERSION_MICRO @UNBOUND_VERSION_MICRO@ 108ae8c6e27Sflorian 109ae8c6e27Sflorian /** 110ae8c6e27Sflorian * The validation context is created to hold the resolver status, 111ae8c6e27Sflorian * validation keys and a small cache (containing messages, rrsets, 112ae8c6e27Sflorian * roundtrip times, trusted keys, lameness information). 113ae8c6e27Sflorian * 114ae8c6e27Sflorian * Its contents are internally defined. 115ae8c6e27Sflorian */ 116ae8c6e27Sflorian struct ub_ctx; 117ae8c6e27Sflorian 118ae8c6e27Sflorian /** 119ae8c6e27Sflorian * The validation and resolution results. 120ae8c6e27Sflorian * Allocated by the resolver, and need to be freed by the application 121ae8c6e27Sflorian * with ub_resolve_free(). 122ae8c6e27Sflorian */ 123ae8c6e27Sflorian struct ub_result { 124ae8c6e27Sflorian /** The original question, name text string. */ 125ae8c6e27Sflorian char* qname; 126ae8c6e27Sflorian /** the type asked for */ 127ae8c6e27Sflorian int qtype; 128ae8c6e27Sflorian /** the class asked for */ 129ae8c6e27Sflorian int qclass; 130ae8c6e27Sflorian 131ae8c6e27Sflorian /** 132ae8c6e27Sflorian * a list of network order DNS rdata items, terminated with a 133ae8c6e27Sflorian * NULL pointer, so that data[0] is the first result entry, 134ae8c6e27Sflorian * data[1] the second, and the last entry is NULL. 135ae8c6e27Sflorian * If there was no data, data[0] is NULL. 136ae8c6e27Sflorian */ 137ae8c6e27Sflorian char** data; 138ae8c6e27Sflorian 139ae8c6e27Sflorian /** the length in bytes of the data items, len[i] for data[i] */ 140ae8c6e27Sflorian int* len; 141ae8c6e27Sflorian 142ae8c6e27Sflorian /** 143ae8c6e27Sflorian * canonical name for the result (the final cname). 144ae8c6e27Sflorian * zero terminated string. 145ae8c6e27Sflorian * May be NULL if no canonical name exists. 146ae8c6e27Sflorian */ 147ae8c6e27Sflorian char* canonname; 148ae8c6e27Sflorian 149ae8c6e27Sflorian /** 150ae8c6e27Sflorian * DNS RCODE for the result. May contain additional error code if 151ae8c6e27Sflorian * there was no data due to an error. 0 (NOERROR) if okay. 152ae8c6e27Sflorian */ 153ae8c6e27Sflorian int rcode; 154ae8c6e27Sflorian 155ae8c6e27Sflorian /** 156ae8c6e27Sflorian * The DNS answer packet. Network formatted. Can contain DNSSEC types. 157ae8c6e27Sflorian */ 158ae8c6e27Sflorian void* answer_packet; 159ae8c6e27Sflorian /** length of the answer packet in octets. */ 160ae8c6e27Sflorian int answer_len; 161ae8c6e27Sflorian 162ae8c6e27Sflorian /** 163ae8c6e27Sflorian * If there is any data, this is true. 164ae8c6e27Sflorian * If false, there was no data (nxdomain may be true, rcode can be set). 165ae8c6e27Sflorian */ 166ae8c6e27Sflorian int havedata; 167ae8c6e27Sflorian 168ae8c6e27Sflorian /** 169ae8c6e27Sflorian * If there was no data, and the domain did not exist, this is true. 170ae8c6e27Sflorian * If it is false, and there was no data, then the domain name 171ae8c6e27Sflorian * is purported to exist, but the requested data type is not available. 172ae8c6e27Sflorian */ 173ae8c6e27Sflorian int nxdomain; 174ae8c6e27Sflorian 175ae8c6e27Sflorian /** 176ae8c6e27Sflorian * True, if the result is validated securely. 177ae8c6e27Sflorian * False, if validation failed or domain queried has no security info. 178ae8c6e27Sflorian * 179ae8c6e27Sflorian * It is possible to get a result with no data (havedata is false), 180ae8c6e27Sflorian * and secure is true. This means that the non-existence of the data 181ae8c6e27Sflorian * was cryptographically proven (with signatures). 182ae8c6e27Sflorian */ 183ae8c6e27Sflorian int secure; 184ae8c6e27Sflorian 185ae8c6e27Sflorian /** 186ae8c6e27Sflorian * If the result was not secure (secure==0), and this result is due 187ae8c6e27Sflorian * to a security failure, bogus is true. 188ae8c6e27Sflorian * This means the data has been actively tampered with, signatures 189ae8c6e27Sflorian * failed, expected signatures were not present, timestamps on 190ae8c6e27Sflorian * signatures were out of date and so on. 191ae8c6e27Sflorian * 192ae8c6e27Sflorian * If !secure and !bogus, this can happen if the data is not secure 193ae8c6e27Sflorian * because security is disabled for that domain name. 194ae8c6e27Sflorian * This means the data is from a domain where data is not signed. 195ae8c6e27Sflorian */ 196ae8c6e27Sflorian int bogus; 197ae8c6e27Sflorian 198ae8c6e27Sflorian /** 199ae8c6e27Sflorian * If the result is bogus this contains a string (zero terminated) 200ae8c6e27Sflorian * that describes the failure. There may be other errors as well 201ae8c6e27Sflorian * as the one described, the description may not be perfectly accurate. 202ae8c6e27Sflorian * Is NULL if the result is not bogus. 203ae8c6e27Sflorian */ 204ae8c6e27Sflorian char* why_bogus; 205ae8c6e27Sflorian 206ae8c6e27Sflorian /** 207ae8c6e27Sflorian * If the query or one of its subqueries was ratelimited. Useful if 208d32eb43cSflorian * ratelimiting is enabled and answer to the client is SERVFAIL as a 209d32eb43cSflorian * result. 210ae8c6e27Sflorian */ 211ae8c6e27Sflorian int was_ratelimited; 212ae8c6e27Sflorian 213ae8c6e27Sflorian /** 214ae8c6e27Sflorian * TTL for the result, in seconds. If the security is bogus, then 215ae8c6e27Sflorian * you also cannot trust this value. 216ae8c6e27Sflorian */ 217ae8c6e27Sflorian int ttl; 218ae8c6e27Sflorian }; 219ae8c6e27Sflorian 220ae8c6e27Sflorian /** 221ae8c6e27Sflorian * Callback for results of async queries. 222ae8c6e27Sflorian * The readable function definition looks like: 223ae8c6e27Sflorian * void my_callback(void* my_arg, int err, struct ub_result* result); 224ae8c6e27Sflorian * It is called with 225ae8c6e27Sflorian * void* my_arg: your pointer to a (struct of) data of your choice, 226ae8c6e27Sflorian * or NULL. 227a1a7ba80Sflorian * int err: if 0 all is OK, otherwise an error occurred and no results 228ae8c6e27Sflorian * are forthcoming. 229ae8c6e27Sflorian * struct result: pointer to more detailed result structure. 230ae8c6e27Sflorian * This structure is allocated on the heap and needs to be 231ae8c6e27Sflorian * freed with ub_resolve_free(result); 232ae8c6e27Sflorian */ 233ae8c6e27Sflorian typedef void (*ub_callback_type)(void*, int, struct ub_result*); 234ae8c6e27Sflorian 235ae8c6e27Sflorian /** 236a1a7ba80Sflorian * The error constants 237a1a7ba80Sflorian */ 238a1a7ba80Sflorian enum ub_ctx_err { 239a1a7ba80Sflorian /** no error */ 240a1a7ba80Sflorian UB_NOERROR = 0, 241a1a7ba80Sflorian /** socket operation. Set to -1, so that if an error from _fd() is 242a1a7ba80Sflorian * passed (-1) it gives a socket error. */ 243a1a7ba80Sflorian UB_SOCKET = -1, 244a1a7ba80Sflorian /** alloc failure */ 245a1a7ba80Sflorian UB_NOMEM = -2, 246a1a7ba80Sflorian /** syntax error */ 247a1a7ba80Sflorian UB_SYNTAX = -3, 248a1a7ba80Sflorian /** DNS service failed */ 249a1a7ba80Sflorian UB_SERVFAIL = -4, 250a1a7ba80Sflorian /** fork() failed */ 251a1a7ba80Sflorian UB_FORKFAIL = -5, 252a1a7ba80Sflorian /** cfg change after finalize() */ 253a1a7ba80Sflorian UB_AFTERFINAL = -6, 254a1a7ba80Sflorian /** initialization failed (bad settings) */ 255a1a7ba80Sflorian UB_INITFAIL = -7, 256a1a7ba80Sflorian /** error in pipe communication with async bg worker */ 257a1a7ba80Sflorian UB_PIPE = -8, 258a1a7ba80Sflorian /** error reading from file (resolv.conf) */ 259a1a7ba80Sflorian UB_READFILE = -9, 260a1a7ba80Sflorian /** error async_id does not exist or result already been delivered */ 261a1a7ba80Sflorian UB_NOID = -10 262a1a7ba80Sflorian }; 263a1a7ba80Sflorian 264a1a7ba80Sflorian /** 265ae8c6e27Sflorian * Create a resolving and validation context. 266ae8c6e27Sflorian * The information from /etc/resolv.conf and /etc/hosts is not utilised by 267ae8c6e27Sflorian * default. Use ub_ctx_resolvconf and ub_ctx_hosts to read them. 268ae8c6e27Sflorian * @return a new context. default initialisation. 269ae8c6e27Sflorian * returns NULL on error. 270ae8c6e27Sflorian */ 271ae8c6e27Sflorian struct ub_ctx* ub_ctx_create(void); 272ae8c6e27Sflorian 273ae8c6e27Sflorian /** 274ae8c6e27Sflorian * Destroy a validation context and free all its resources. 275ae8c6e27Sflorian * Outstanding async queries are killed and callbacks are not called for them. 276ae8c6e27Sflorian * @param ctx: context to delete. 277ae8c6e27Sflorian */ 278ae8c6e27Sflorian void ub_ctx_delete(struct ub_ctx* ctx); 279ae8c6e27Sflorian 280ae8c6e27Sflorian /** 281ae8c6e27Sflorian * Set an option for the context. 282ae8c6e27Sflorian * @param ctx: context. 283ae8c6e27Sflorian * @param opt: option name from the unbound.conf config file format. 284ae8c6e27Sflorian * (not all settings applicable). The name includes the trailing ':' 285ae8c6e27Sflorian * for example ub_ctx_set_option(ctx, "logfile:", "mylog.txt"); 286ae8c6e27Sflorian * This is a power-users interface that lets you specify all sorts 287ae8c6e27Sflorian * of options. 288ae8c6e27Sflorian * For some specific options, such as adding trust anchors, special 289ae8c6e27Sflorian * routines exist. 290ae8c6e27Sflorian * @param val: value of the option. 291ae8c6e27Sflorian * @return: 0 if OK, else error. 292ae8c6e27Sflorian */ 293ae8c6e27Sflorian int ub_ctx_set_option(struct ub_ctx* ctx, const char* opt, const char* val); 294ae8c6e27Sflorian 295ae8c6e27Sflorian /** 296ae8c6e27Sflorian * Get an option from the context. 297ae8c6e27Sflorian * @param ctx: context. 298ae8c6e27Sflorian * @param opt: option name from the unbound.conf config file format. 299ae8c6e27Sflorian * (not all settings applicable). The name excludes the trailing ':' 300ae8c6e27Sflorian * for example ub_ctx_get_option(ctx, "logfile", &result); 301ae8c6e27Sflorian * This is a power-users interface that lets you specify all sorts 302ae8c6e27Sflorian * of options. 303ae8c6e27Sflorian * @param str: the string is malloced and returned here. NULL on error. 304ae8c6e27Sflorian * The caller must free() the string. In cases with multiple 305ae8c6e27Sflorian * entries (auto-trust-anchor-file), a newline delimited list is 306ae8c6e27Sflorian * returned in the string. 307ae8c6e27Sflorian * @return 0 if OK else an error code (malloc failure, syntax error). 308ae8c6e27Sflorian */ 309ae8c6e27Sflorian int ub_ctx_get_option(struct ub_ctx* ctx, const char* opt, char** str); 310ae8c6e27Sflorian 311ae8c6e27Sflorian /** 312ae8c6e27Sflorian * setup configuration for the given context. 313ae8c6e27Sflorian * @param ctx: context. 314ae8c6e27Sflorian * @param fname: unbound config file (not all settings applicable). 315ae8c6e27Sflorian * This is a power-users interface that lets you specify all sorts 316ae8c6e27Sflorian * of options. 317ae8c6e27Sflorian * For some specific options, such as adding trust anchors, special 318ae8c6e27Sflorian * routines exist. 319ae8c6e27Sflorian * @return: 0 if OK, else error. 320ae8c6e27Sflorian */ 321ae8c6e27Sflorian int ub_ctx_config(struct ub_ctx* ctx, const char* fname); 322ae8c6e27Sflorian 323ae8c6e27Sflorian /** 324ae8c6e27Sflorian * Set machine to forward DNS queries to, the caching resolver to use. 325ae8c6e27Sflorian * IP4 or IP6 address. Forwards all DNS requests to that machine, which 326ae8c6e27Sflorian * is expected to run a recursive resolver. If the proxy is not 327ae8c6e27Sflorian * DNSSEC-capable, validation may fail. Can be called several times, in 328ae8c6e27Sflorian * that case the addresses are used as backup servers. 329ae8c6e27Sflorian * 330ae8c6e27Sflorian * To read the list of nameservers from /etc/resolv.conf (from DHCP or so), 331ae8c6e27Sflorian * use the call ub_ctx_resolvconf. 332ae8c6e27Sflorian * 333ae8c6e27Sflorian * @param ctx: context. 334ae8c6e27Sflorian * At this time it is only possible to set configuration before the 335ae8c6e27Sflorian * first resolve is done. 336ae8c6e27Sflorian * @param addr: address, IP4 or IP6 in string format. 337ae8c6e27Sflorian * If the addr is NULL, forwarding is disabled. 338ae8c6e27Sflorian * @return 0 if OK, else error. 339ae8c6e27Sflorian */ 340ae8c6e27Sflorian int ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr); 341ae8c6e27Sflorian 342ae8c6e27Sflorian /** 3435319ea63Sflorian * Use DNS over TLS to send queries to machines set with ub_ctx_set_fwd(). 3445319ea63Sflorian * 3455319ea63Sflorian * @param ctx: context. 3465319ea63Sflorian * At this time it is only possible to set configuration before the 3475319ea63Sflorian * first resolve is done. 3485319ea63Sflorian * @param tls: enable or disable DNS over TLS 3495319ea63Sflorian * @return 0 if OK, else error. 3505319ea63Sflorian */ 3515319ea63Sflorian int ub_ctx_set_tls(struct ub_ctx* ctx, int tls); 3525319ea63Sflorian 3535319ea63Sflorian /** 354ae8c6e27Sflorian * Add a stub zone, with given address to send to. This is for custom 355ae8c6e27Sflorian * root hints or pointing to a local authoritative dns server. 356ae8c6e27Sflorian * For dns resolvers and the 'DHCP DNS' ip address, use ub_ctx_set_fwd. 357ae8c6e27Sflorian * This is similar to a stub-zone entry in unbound.conf. 358ae8c6e27Sflorian * 359ae8c6e27Sflorian * @param ctx: context. 360ae8c6e27Sflorian * It is only possible to set configuration before the 361ae8c6e27Sflorian * first resolve is done. 362ae8c6e27Sflorian * @param zone: name of the zone, string. 363ae8c6e27Sflorian * @param addr: address, IP4 or IP6 in string format. 364ae8c6e27Sflorian * The addr is added to the list of stub-addresses if the entry exists. 365ae8c6e27Sflorian * If the addr is NULL the stub entry is removed. 366ae8c6e27Sflorian * @param isprime: set to true to set stub-prime to yes for the stub. 367ae8c6e27Sflorian * For local authoritative servers, people usually set it to false, 368ae8c6e27Sflorian * For root hints it should be set to true. 369ae8c6e27Sflorian * @return 0 if OK, else error. 370ae8c6e27Sflorian */ 371ae8c6e27Sflorian int ub_ctx_set_stub(struct ub_ctx* ctx, const char* zone, const char* addr, 372ae8c6e27Sflorian int isprime); 373ae8c6e27Sflorian 374ae8c6e27Sflorian /** 375ae8c6e27Sflorian * Read list of nameservers to use from the filename given. 376ae8c6e27Sflorian * Usually "/etc/resolv.conf". Uses those nameservers as caching proxies. 377ae8c6e27Sflorian * If they do not support DNSSEC, validation may fail. 378ae8c6e27Sflorian * 379ae8c6e27Sflorian * Only nameservers are picked up, the searchdomain, ndots and other 380ae8c6e27Sflorian * settings from resolv.conf(5) are ignored. 381ae8c6e27Sflorian * 382ae8c6e27Sflorian * @param ctx: context. 383ae8c6e27Sflorian * At this time it is only possible to set configuration before the 384ae8c6e27Sflorian * first resolve is done. 385ae8c6e27Sflorian * @param fname: file name string. If NULL "/etc/resolv.conf" is used. 386ae8c6e27Sflorian * @return 0 if OK, else error. 387ae8c6e27Sflorian */ 388ae8c6e27Sflorian int ub_ctx_resolvconf(struct ub_ctx* ctx, const char* fname); 389ae8c6e27Sflorian 390ae8c6e27Sflorian /** 391ae8c6e27Sflorian * Read list of hosts from the filename given. 392ae8c6e27Sflorian * Usually "/etc/hosts". 393ae8c6e27Sflorian * These addresses are not flagged as DNSSEC secure when queried for. 394ae8c6e27Sflorian * 395ae8c6e27Sflorian * @param ctx: context. 396ae8c6e27Sflorian * At this time it is only possible to set configuration before the 397ae8c6e27Sflorian * first resolve is done. 398ae8c6e27Sflorian * @param fname: file name string. If NULL "/etc/hosts" is used. 399ae8c6e27Sflorian * @return 0 if OK, else error. 400ae8c6e27Sflorian */ 401ae8c6e27Sflorian int ub_ctx_hosts(struct ub_ctx* ctx, const char* fname); 402ae8c6e27Sflorian 403ae8c6e27Sflorian /** 404ae8c6e27Sflorian * Add a trust anchor to the given context. 405ae8c6e27Sflorian * The trust anchor is a string, on one line, that holds a valid DNSKEY or 406ae8c6e27Sflorian * DS RR. 407ae8c6e27Sflorian * @param ctx: context. 408ae8c6e27Sflorian * At this time it is only possible to add trusted keys before the 409ae8c6e27Sflorian * first resolve is done. 410ae8c6e27Sflorian * @param ta: string, with zone-format RR on one line. 411ae8c6e27Sflorian * [domainname] [TTL optional] [type] [class optional] [rdata contents] 412ae8c6e27Sflorian * @return 0 if OK, else error. 413ae8c6e27Sflorian */ 414ae8c6e27Sflorian int ub_ctx_add_ta(struct ub_ctx* ctx, const char* ta); 415ae8c6e27Sflorian 416ae8c6e27Sflorian /** 417ae8c6e27Sflorian * Add trust anchors to the given context. 418ae8c6e27Sflorian * Pass name of a file with DS and DNSKEY records (like from dig or drill). 419ae8c6e27Sflorian * @param ctx: context. 420ae8c6e27Sflorian * At this time it is only possible to add trusted keys before the 421ae8c6e27Sflorian * first resolve is done. 422ae8c6e27Sflorian * @param fname: filename of file with keyfile with trust anchors. 423ae8c6e27Sflorian * @return 0 if OK, else error. 424ae8c6e27Sflorian */ 425ae8c6e27Sflorian int ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname); 426ae8c6e27Sflorian 427ae8c6e27Sflorian /** 428ae8c6e27Sflorian * Add trust anchor to the given context that is tracked with RFC5011 429ae8c6e27Sflorian * automated trust anchor maintenance. The file is written to when the 430ae8c6e27Sflorian * trust anchor is changed. 431ae8c6e27Sflorian * Pass the name of a file that was output from eg. unbound-anchor, 432ae8c6e27Sflorian * or you can start it by providing a trusted DNSKEY or DS record on one 433ae8c6e27Sflorian * line in the file. 434ae8c6e27Sflorian * @param ctx: context. 435ae8c6e27Sflorian * At this time it is only possible to add trusted keys before the 436ae8c6e27Sflorian * first resolve is done. 437ae8c6e27Sflorian * @param fname: filename of file with trust anchor. 438ae8c6e27Sflorian * @return 0 if OK, else error. 439ae8c6e27Sflorian */ 440ae8c6e27Sflorian int ub_ctx_add_ta_autr(struct ub_ctx* ctx, const char* fname); 441ae8c6e27Sflorian 442ae8c6e27Sflorian /** 443ae8c6e27Sflorian * Add trust anchors to the given context. 444ae8c6e27Sflorian * Pass the name of a bind-style config file with trusted-keys{}. 445ae8c6e27Sflorian * @param ctx: context. 446ae8c6e27Sflorian * At this time it is only possible to add trusted keys before the 447ae8c6e27Sflorian * first resolve is done. 448ae8c6e27Sflorian * @param fname: filename of file with bind-style config entries with trust 449ae8c6e27Sflorian * anchors. 450ae8c6e27Sflorian * @return 0 if OK, else error. 451ae8c6e27Sflorian */ 452ae8c6e27Sflorian int ub_ctx_trustedkeys(struct ub_ctx* ctx, const char* fname); 453ae8c6e27Sflorian 454ae8c6e27Sflorian /** 455ae8c6e27Sflorian * Set debug output (and error output) to the specified stream. 456ae8c6e27Sflorian * Pass NULL to disable. Default is stderr. 457ae8c6e27Sflorian * @param ctx: context. 458ae8c6e27Sflorian * @param out: FILE* out file stream to log to. 459ae8c6e27Sflorian * Type void* to avoid stdio dependency of this header file. 460ae8c6e27Sflorian * @return 0 if OK, else error. 461ae8c6e27Sflorian */ 462ae8c6e27Sflorian int ub_ctx_debugout(struct ub_ctx* ctx, void* out); 463ae8c6e27Sflorian 464ae8c6e27Sflorian /** 465ae8c6e27Sflorian * Set debug verbosity for the context 466ae8c6e27Sflorian * Output is directed to stderr. 467ae8c6e27Sflorian * @param ctx: context. 468ae8c6e27Sflorian * @param d: debug level, 0 is off, 1 is very minimal, 2 is detailed, 469ae8c6e27Sflorian * and 3 is lots. 470ae8c6e27Sflorian * @return 0 if OK, else error. 471ae8c6e27Sflorian */ 472ae8c6e27Sflorian int ub_ctx_debuglevel(struct ub_ctx* ctx, int d); 473ae8c6e27Sflorian 474ae8c6e27Sflorian /** 475ae8c6e27Sflorian * Set a context behaviour for asynchronous action. 476ae8c6e27Sflorian * @param ctx: context. 477ae8c6e27Sflorian * @param dothread: if true, enables threading and a call to resolve_async() 478ae8c6e27Sflorian * creates a thread to handle work in the background. 479ae8c6e27Sflorian * If false, a process is forked to handle work in the background. 480ae8c6e27Sflorian * Changes to this setting after async() calls have been made have 481ae8c6e27Sflorian * no effect (delete and re-create the context to change). 482ae8c6e27Sflorian * @return 0 if OK, else error. 483ae8c6e27Sflorian */ 484ae8c6e27Sflorian int ub_ctx_async(struct ub_ctx* ctx, int dothread); 485ae8c6e27Sflorian 486ae8c6e27Sflorian /** 487ae8c6e27Sflorian * Poll a context to see if it has any new results 488ae8c6e27Sflorian * Do not poll in a loop, instead extract the fd below to poll for readiness, 489ae8c6e27Sflorian * and then check, or wait using the wait routine. 490ae8c6e27Sflorian * @param ctx: context. 491ae8c6e27Sflorian * @return: 0 if nothing to read, or nonzero if a result is available. 492ae8c6e27Sflorian * If nonzero, call ctx_process() to do callbacks. 493ae8c6e27Sflorian */ 494ae8c6e27Sflorian int ub_poll(struct ub_ctx* ctx); 495ae8c6e27Sflorian 496ae8c6e27Sflorian /** 497ae8c6e27Sflorian * Wait for a context to finish with results. Calls ub_process() after 498ae8c6e27Sflorian * the wait for you. After the wait, there are no more outstanding 499ae8c6e27Sflorian * asynchronous queries. 500ae8c6e27Sflorian * @param ctx: context. 501ae8c6e27Sflorian * @return: 0 if OK, else error. 502ae8c6e27Sflorian */ 503ae8c6e27Sflorian int ub_wait(struct ub_ctx* ctx); 504ae8c6e27Sflorian 505ae8c6e27Sflorian /** 506ae8c6e27Sflorian * Get file descriptor. Wait for it to become readable, at this point 507ae8c6e27Sflorian * answers are returned from the asynchronous validating resolver. 508ae8c6e27Sflorian * Then call the ub_process to continue processing. 509ae8c6e27Sflorian * This routine works immediately after context creation, the fd 510ae8c6e27Sflorian * does not change. 511ae8c6e27Sflorian * @param ctx: context. 512ae8c6e27Sflorian * @return: -1 on error, or file descriptor to use select(2) with. 513ae8c6e27Sflorian */ 514ae8c6e27Sflorian int ub_fd(struct ub_ctx* ctx); 515ae8c6e27Sflorian 516ae8c6e27Sflorian /** 517ae8c6e27Sflorian * Call this routine to continue processing results from the validating 518ae8c6e27Sflorian * resolver (when the fd becomes readable). 519ae8c6e27Sflorian * Will perform necessary callbacks. 520ae8c6e27Sflorian * @param ctx: context 521ae8c6e27Sflorian * @return: 0 if OK, else error. 522ae8c6e27Sflorian */ 523ae8c6e27Sflorian int ub_process(struct ub_ctx* ctx); 524ae8c6e27Sflorian 525ae8c6e27Sflorian /** 526ae8c6e27Sflorian * Perform resolution and validation of the target name. 527ae8c6e27Sflorian * @param ctx: context. 528ae8c6e27Sflorian * The context is finalized, and can no longer accept config changes. 529ae8c6e27Sflorian * @param name: domain name in text format (a zero terminated text string). 530ae8c6e27Sflorian * @param rrtype: type of RR in host order, 1 is A (address). 531ae8c6e27Sflorian * @param rrclass: class of RR in host order, 1 is IN (for internet). 532ae8c6e27Sflorian * @param result: the result data is returned in a newly allocated result 533ae8c6e27Sflorian * structure. May be NULL on return, return value is set to an error 534ae8c6e27Sflorian * in that case (out of memory). 535ae8c6e27Sflorian * @return 0 if OK, else error. 536ae8c6e27Sflorian */ 537ae8c6e27Sflorian int ub_resolve(struct ub_ctx* ctx, const char* name, int rrtype, 538ae8c6e27Sflorian int rrclass, struct ub_result** result); 539ae8c6e27Sflorian 540ae8c6e27Sflorian /** 541ae8c6e27Sflorian * Perform resolution and validation of the target name. 542ae8c6e27Sflorian * Asynchronous, after a while, the callback will be called with your 543ae8c6e27Sflorian * data and the result. 544ae8c6e27Sflorian * @param ctx: context. 545ae8c6e27Sflorian * If no thread or process has been created yet to perform the 546ae8c6e27Sflorian * work in the background, it is created now. 547ae8c6e27Sflorian * The context is finalized, and can no longer accept config changes. 548ae8c6e27Sflorian * @param name: domain name in text format (a string). 549ae8c6e27Sflorian * @param rrtype: type of RR in host order, 1 is A. 550ae8c6e27Sflorian * @param rrclass: class of RR in host order, 1 is IN (for internet). 551ae8c6e27Sflorian * @param mydata: this data is your own data (you can pass NULL), 552ae8c6e27Sflorian * and is passed on to the callback function. 553ae8c6e27Sflorian * @param callback: this is called on completion of the resolution. 554ae8c6e27Sflorian * It is called as: 555ae8c6e27Sflorian * void callback(void* mydata, int err, struct ub_result* result) 556ae8c6e27Sflorian * with mydata: the same as passed here, you may pass NULL, 557ae8c6e27Sflorian * with err: is 0 when a result has been found. 558ae8c6e27Sflorian * with result: a newly allocated result structure. 559ae8c6e27Sflorian * The result may be NULL, in that case err is set. 560ae8c6e27Sflorian * 561ae8c6e27Sflorian * If an error happens during processing, your callback will be called 562ae8c6e27Sflorian * with error set to a nonzero value (and result==NULL). 563ae8c6e27Sflorian * @param async_id: if you pass a non-NULL value, an identifier number is 564ae8c6e27Sflorian * returned for the query as it is in progress. It can be used to 565ae8c6e27Sflorian * cancel the query. 566ae8c6e27Sflorian * @return 0 if OK, else error. 567ae8c6e27Sflorian */ 568ae8c6e27Sflorian int ub_resolve_async(struct ub_ctx* ctx, const char* name, int rrtype, 569ae8c6e27Sflorian int rrclass, void* mydata, ub_callback_type callback, int* async_id); 570ae8c6e27Sflorian 571ae8c6e27Sflorian /** 572ae8c6e27Sflorian * Cancel an async query in progress. 573ae8c6e27Sflorian * Its callback will not be called. 574ae8c6e27Sflorian * 575ae8c6e27Sflorian * @param ctx: context. 576ae8c6e27Sflorian * @param async_id: which query to cancel. 577ae8c6e27Sflorian * @return 0 if OK, else error. 578ae8c6e27Sflorian * This routine can return an error if the async_id passed does not exist 579ae8c6e27Sflorian * or has already been delivered. If another thread is processing results 580ae8c6e27Sflorian * at the same time, the result may be delivered at the same time and the 581ae8c6e27Sflorian * cancel fails with an error. Also the cancel can fail due to a system 582ae8c6e27Sflorian * error, no memory or socket failures. 583ae8c6e27Sflorian */ 584ae8c6e27Sflorian int ub_cancel(struct ub_ctx* ctx, int async_id); 585ae8c6e27Sflorian 586ae8c6e27Sflorian /** 587ae8c6e27Sflorian * Free storage associated with a result structure. 588ae8c6e27Sflorian * @param result: to free 589ae8c6e27Sflorian */ 590ae8c6e27Sflorian void ub_resolve_free(struct ub_result* result); 591ae8c6e27Sflorian 592ae8c6e27Sflorian /** 593ae8c6e27Sflorian * Convert error value to a human readable string. 594ae8c6e27Sflorian * @param err: error code from one of the libunbound functions. 595a1a7ba80Sflorian * The error codes are from the type enum ub_ctx_err. 596ae8c6e27Sflorian * @return pointer to constant text string, zero terminated. 597ae8c6e27Sflorian */ 598ae8c6e27Sflorian const char* ub_strerror(int err); 599ae8c6e27Sflorian 600ae8c6e27Sflorian /** 601ae8c6e27Sflorian * Debug routine. Print the local zone information to debug output. 602ae8c6e27Sflorian * @param ctx: context. Is finalized by the routine. 603ae8c6e27Sflorian * @return 0 if OK, else error. 604ae8c6e27Sflorian */ 605ae8c6e27Sflorian int ub_ctx_print_local_zones(struct ub_ctx* ctx); 606ae8c6e27Sflorian 607ae8c6e27Sflorian /** 608ae8c6e27Sflorian * Add a new zone with the zonetype to the local authority info of the 609ae8c6e27Sflorian * library. 610ae8c6e27Sflorian * @param ctx: context. Is finalized by the routine. 611ae8c6e27Sflorian * @param zone_name: name of the zone in text, "example.com" 612ae8c6e27Sflorian * If it already exists, the type is updated. 613ae8c6e27Sflorian * @param zone_type: type of the zone (like for unbound.conf) in text. 614ae8c6e27Sflorian * @return 0 if OK, else error. 615ae8c6e27Sflorian */ 616ae8c6e27Sflorian int ub_ctx_zone_add(struct ub_ctx* ctx, const char *zone_name, 617ae8c6e27Sflorian const char *zone_type); 618ae8c6e27Sflorian 619ae8c6e27Sflorian /** 620ae8c6e27Sflorian * Remove zone from local authority info of the library. 621ae8c6e27Sflorian * @param ctx: context. Is finalized by the routine. 622ae8c6e27Sflorian * @param zone_name: name of the zone in text, "example.com" 623ae8c6e27Sflorian * If it does not exist, nothing happens. 624ae8c6e27Sflorian * @return 0 if OK, else error. 625ae8c6e27Sflorian */ 626ae8c6e27Sflorian int ub_ctx_zone_remove(struct ub_ctx* ctx, const char *zone_name); 627ae8c6e27Sflorian 628ae8c6e27Sflorian /** 629ae8c6e27Sflorian * Add localdata to the library local authority info. 630ae8c6e27Sflorian * Similar to local-data config statement. 631ae8c6e27Sflorian * @param ctx: context. Is finalized by the routine. 632ae8c6e27Sflorian * @param data: the resource record in text format, for example 633ae8c6e27Sflorian * "www.example.com IN A 127.0.0.1" 634ae8c6e27Sflorian * @return 0 if OK, else error. 635ae8c6e27Sflorian */ 636ae8c6e27Sflorian int ub_ctx_data_add(struct ub_ctx* ctx, const char *data); 637ae8c6e27Sflorian 638ae8c6e27Sflorian /** 639ae8c6e27Sflorian * Remove localdata from the library local authority info. 640ae8c6e27Sflorian * @param ctx: context. Is finalized by the routine. 641ae8c6e27Sflorian * @param data: the name to delete all data from, like "www.example.com". 642ae8c6e27Sflorian * @return 0 if OK, else error. 643ae8c6e27Sflorian */ 644ae8c6e27Sflorian int ub_ctx_data_remove(struct ub_ctx* ctx, const char *data); 645ae8c6e27Sflorian 646ae8c6e27Sflorian /** 647ae8c6e27Sflorian * Get a version string from the libunbound implementation. 648ae8c6e27Sflorian * @return a static constant string with the version number. 649ae8c6e27Sflorian */ 650ae8c6e27Sflorian const char* ub_version(void); 651ae8c6e27Sflorian 652ae8c6e27Sflorian /** 653ae8c6e27Sflorian * Some global statistics that are not in struct stats_info, 654ae8c6e27Sflorian * this struct is shared on a shm segment (shm-key in unbound.conf) 655ae8c6e27Sflorian */ 656ae8c6e27Sflorian struct ub_shm_stat_info { 657ae8c6e27Sflorian int num_threads; 658ae8c6e27Sflorian 659ae8c6e27Sflorian struct { 660ae8c6e27Sflorian long long now_sec, now_usec; 661ae8c6e27Sflorian long long up_sec, up_usec; 662ae8c6e27Sflorian long long elapsed_sec, elapsed_usec; 663ae8c6e27Sflorian } time; 664ae8c6e27Sflorian 665ae8c6e27Sflorian struct { 666ae8c6e27Sflorian long long msg; 667ae8c6e27Sflorian long long rrset; 668ae8c6e27Sflorian long long val; 669ae8c6e27Sflorian long long iter; 670ae8c6e27Sflorian long long subnet; 671ae8c6e27Sflorian long long ipsecmod; 672ae8c6e27Sflorian long long respip; 673ae8c6e27Sflorian long long dnscrypt_shared_secret; 674ae8c6e27Sflorian long long dnscrypt_nonce; 675e47fef9eSflorian long long dynlib; 676ae8c6e27Sflorian } mem; 677ae8c6e27Sflorian }; 678ae8c6e27Sflorian 679ae8c6e27Sflorian /** number of qtype that is stored for in array */ 680ae8c6e27Sflorian #define UB_STATS_QTYPE_NUM 256 681ae8c6e27Sflorian /** number of qclass that is stored for in array */ 682ae8c6e27Sflorian #define UB_STATS_QCLASS_NUM 256 683ae8c6e27Sflorian /** number of rcodes in stats */ 684ae8c6e27Sflorian #define UB_STATS_RCODE_NUM 16 685ae8c6e27Sflorian /** number of opcodes in stats */ 686ae8c6e27Sflorian #define UB_STATS_OPCODE_NUM 16 687ae8c6e27Sflorian /** number of histogram buckets */ 688ae8c6e27Sflorian #define UB_STATS_BUCKET_NUM 40 689d32eb43cSflorian /** number of RPZ actions */ 690d32eb43cSflorian #define UB_STATS_RPZ_ACTION_NUM 10 691ae8c6e27Sflorian 692ae8c6e27Sflorian /** per worker statistics. */ 693ae8c6e27Sflorian struct ub_server_stats { 694ae8c6e27Sflorian /** number of queries from clients received. */ 695ae8c6e27Sflorian long long num_queries; 696ae8c6e27Sflorian /** number of queries that have been dropped/ratelimited by ip. */ 697ae8c6e27Sflorian long long num_queries_ip_ratelimited; 698*d500c338Sflorian /** number of queries with a valid DNS Cookie. */ 699*d500c338Sflorian long long num_queries_cookie_valid; 700*d500c338Sflorian /** number of queries with only the client part of the DNS Cookie. */ 701*d500c338Sflorian long long num_queries_cookie_client; 702*d500c338Sflorian /** number of queries with invalid DNS Cookie. */ 703*d500c338Sflorian long long num_queries_cookie_invalid; 704ae8c6e27Sflorian /** number of queries that had a cache-miss. */ 705ae8c6e27Sflorian long long num_queries_missed_cache; 706ae8c6e27Sflorian /** number of prefetch queries - cachehits with prefetch */ 707ae8c6e27Sflorian long long num_queries_prefetch; 708*d500c338Sflorian /** number of queries which are too late to process */ 709*d500c338Sflorian long long num_queries_timed_out; 710*d500c338Sflorian /** the longest wait time in the queue */ 711*d500c338Sflorian long long max_query_time_us; 712ae8c6e27Sflorian /** 713ae8c6e27Sflorian * Sum of the querylistsize of the worker for 714ae8c6e27Sflorian * every query that missed cache. To calculate average. 715ae8c6e27Sflorian */ 716ae8c6e27Sflorian long long sum_query_list_size; 717ae8c6e27Sflorian /** max value of query list size reached. */ 718ae8c6e27Sflorian long long max_query_list_size; 719ae8c6e27Sflorian 720ae8c6e27Sflorian /** Extended stats below (bool) */ 721ae8c6e27Sflorian int extended; 722ae8c6e27Sflorian 723ae8c6e27Sflorian /** qtype stats */ 724ae8c6e27Sflorian long long qtype[UB_STATS_QTYPE_NUM]; 725ae8c6e27Sflorian /** bigger qtype values not in array */ 726ae8c6e27Sflorian long long qtype_big; 727ae8c6e27Sflorian /** qclass stats */ 728ae8c6e27Sflorian long long qclass[UB_STATS_QCLASS_NUM]; 729ae8c6e27Sflorian /** bigger qclass values not in array */ 730ae8c6e27Sflorian long long qclass_big; 731ae8c6e27Sflorian /** query opcodes */ 732ae8c6e27Sflorian long long qopcode[UB_STATS_OPCODE_NUM]; 733ae8c6e27Sflorian /** number of queries over TCP */ 734ae8c6e27Sflorian long long qtcp; 735ae8c6e27Sflorian /** number of outgoing queries over TCP */ 736ae8c6e27Sflorian long long qtcp_outgoing; 7376d08cb1bSflorian /** number of outgoing queries over UDP */ 7386d08cb1bSflorian long long qudp_outgoing; 739ae8c6e27Sflorian /** number of queries over (DNS over) TLS */ 740ae8c6e27Sflorian long long qtls; 741f4f0f0ceSflorian /** number of queries over (DNS over) HTTPS */ 742f4f0f0ceSflorian long long qhttps; 743ae8c6e27Sflorian /** number of queries over IPv6 */ 744ae8c6e27Sflorian long long qipv6; 745ae8c6e27Sflorian /** number of queries with QR bit */ 746ae8c6e27Sflorian long long qbit_QR; 747ae8c6e27Sflorian /** number of queries with AA bit */ 748ae8c6e27Sflorian long long qbit_AA; 749ae8c6e27Sflorian /** number of queries with TC bit */ 750ae8c6e27Sflorian long long qbit_TC; 751ae8c6e27Sflorian /** number of queries with RD bit */ 752ae8c6e27Sflorian long long qbit_RD; 753ae8c6e27Sflorian /** number of queries with RA bit */ 754ae8c6e27Sflorian long long qbit_RA; 755ae8c6e27Sflorian /** number of queries with Z bit */ 756ae8c6e27Sflorian long long qbit_Z; 757ae8c6e27Sflorian /** number of queries with AD bit */ 758ae8c6e27Sflorian long long qbit_AD; 759ae8c6e27Sflorian /** number of queries with CD bit */ 760ae8c6e27Sflorian long long qbit_CD; 761ae8c6e27Sflorian /** number of queries with EDNS OPT record */ 762ae8c6e27Sflorian long long qEDNS; 763ae8c6e27Sflorian /** number of queries with EDNS with DO flag */ 764ae8c6e27Sflorian long long qEDNS_DO; 765ae8c6e27Sflorian /** answer rcodes */ 766ae8c6e27Sflorian long long ans_rcode[UB_STATS_RCODE_NUM]; 767ae8c6e27Sflorian /** answers with pseudo rcode 'nodata' */ 768ae8c6e27Sflorian long long ans_rcode_nodata; 769ae8c6e27Sflorian /** answers that were secure (AD) */ 770ae8c6e27Sflorian long long ans_secure; 771ae8c6e27Sflorian /** answers that were bogus (withheld as SERVFAIL) */ 772ae8c6e27Sflorian long long ans_bogus; 773ae8c6e27Sflorian /** rrsets marked bogus by validator */ 774ae8c6e27Sflorian long long rrset_bogus; 775ae8c6e27Sflorian /** number of queries that have been ratelimited by domain recursion. */ 776ae8c6e27Sflorian long long queries_ratelimited; 777ae8c6e27Sflorian /** unwanted traffic received on server-facing ports */ 778ae8c6e27Sflorian long long unwanted_replies; 779ae8c6e27Sflorian /** unwanted traffic received on client-facing ports */ 780ae8c6e27Sflorian long long unwanted_queries; 781ae8c6e27Sflorian /** usage of tcp accept list */ 782ae8c6e27Sflorian long long tcp_accept_usage; 783d32eb43cSflorian /** expired answers served from cache */ 784d32eb43cSflorian long long ans_expired; 785ae8c6e27Sflorian /** histogram data exported to array 786ae8c6e27Sflorian * if the array is the same size, no data is lost, and 787ae8c6e27Sflorian * if all histograms are same size (is so by default) then 788ae8c6e27Sflorian * adding up works well. */ 789ae8c6e27Sflorian long long hist[UB_STATS_BUCKET_NUM]; 790ae8c6e27Sflorian 791ae8c6e27Sflorian /** number of message cache entries */ 792ae8c6e27Sflorian long long msg_cache_count; 793ae8c6e27Sflorian /** number of rrset cache entries */ 794ae8c6e27Sflorian long long rrset_cache_count; 795ae8c6e27Sflorian /** number of infra cache entries */ 796ae8c6e27Sflorian long long infra_cache_count; 797ae8c6e27Sflorian /** number of key cache entries */ 798ae8c6e27Sflorian long long key_cache_count; 799ae8c6e27Sflorian 800*d500c338Sflorian /** maximum number of collisions in the msg cache */ 801*d500c338Sflorian long long msg_cache_max_collisions; 802*d500c338Sflorian /** maximum number of collisions in the rrset cache */ 803*d500c338Sflorian long long rrset_cache_max_collisions; 804*d500c338Sflorian 805ae8c6e27Sflorian /** number of queries that used dnscrypt */ 806ae8c6e27Sflorian long long num_query_dnscrypt_crypted; 807ae8c6e27Sflorian /** number of queries that queried dnscrypt certificates */ 808ae8c6e27Sflorian long long num_query_dnscrypt_cert; 809ae8c6e27Sflorian /** number of queries in clear text and not asking for the certificates */ 810ae8c6e27Sflorian long long num_query_dnscrypt_cleartext; 811ae8c6e27Sflorian /** number of malformed encrypted queries */ 812ae8c6e27Sflorian long long num_query_dnscrypt_crypted_malformed; 813ae8c6e27Sflorian /** number of queries which did not have a shared secret in cache */ 814ae8c6e27Sflorian long long num_query_dnscrypt_secret_missed_cache; 815ae8c6e27Sflorian /** number of dnscrypt shared secret cache entries */ 816ae8c6e27Sflorian long long shared_secret_cache_count; 817ae8c6e27Sflorian /** number of queries which are replays */ 818ae8c6e27Sflorian long long num_query_dnscrypt_replay; 819ae8c6e27Sflorian /** number of dnscrypt nonces cache entries */ 820ae8c6e27Sflorian long long nonce_cache_count; 821ae8c6e27Sflorian /** number of queries for unbound's auth_zones, upstream query */ 822ae8c6e27Sflorian long long num_query_authzone_up; 823ae8c6e27Sflorian /** number of queries for unbound's auth_zones, downstream answers */ 824ae8c6e27Sflorian long long num_query_authzone_down; 825ae8c6e27Sflorian /** number of times neg cache records were used to generate NOERROR 826ae8c6e27Sflorian * responses. */ 827ae8c6e27Sflorian long long num_neg_cache_noerror; 828ae8c6e27Sflorian /** number of times neg cache records were used to generate NXDOMAIN 829ae8c6e27Sflorian * responses. */ 830ae8c6e27Sflorian long long num_neg_cache_nxdomain; 831ae8c6e27Sflorian /** number of queries answered from edns-subnet specific data */ 832ae8c6e27Sflorian long long num_query_subnet; 833ae8c6e27Sflorian /** number of queries answered from edns-subnet specific data, and 834ae8c6e27Sflorian * the answer was from the edns-subnet cache. */ 835ae8c6e27Sflorian long long num_query_subnet_cache; 836*d500c338Sflorian /** number of queries served from cachedb */ 837*d500c338Sflorian long long num_query_cachedb; 838e97c6e54Ssthen /** number of bytes in the stream wait buffers */ 839e97c6e54Ssthen long long mem_stream_wait; 840f4f0f0ceSflorian /** number of bytes in the HTTP2 query buffers */ 841f4f0f0ceSflorian long long mem_http2_query_buffer; 842f4f0f0ceSflorian /** number of bytes in the HTTP2 response buffers */ 843f4f0f0ceSflorian long long mem_http2_response_buffer; 844e97c6e54Ssthen /** number of TLS connection resume */ 845e97c6e54Ssthen long long qtls_resume; 846d32eb43cSflorian /** RPZ action stats */ 847d32eb43cSflorian long long rpz_action[UB_STATS_RPZ_ACTION_NUM]; 848ae8c6e27Sflorian }; 849ae8c6e27Sflorian 850ae8c6e27Sflorian /** 851ae8c6e27Sflorian * Statistics to send over the control pipe when asked 852ae8c6e27Sflorian * This struct is made to be memcopied, sent in binary. 853ae8c6e27Sflorian * shm mapped with (number+1) at num_threads+1, with first as total 854ae8c6e27Sflorian */ 855ae8c6e27Sflorian struct ub_stats_info { 856ae8c6e27Sflorian /** the thread stats */ 857ae8c6e27Sflorian struct ub_server_stats svr; 858ae8c6e27Sflorian 859ae8c6e27Sflorian /** mesh stats: current number of states */ 860ae8c6e27Sflorian long long mesh_num_states; 861ae8c6e27Sflorian /** mesh stats: current number of reply (user) states */ 862ae8c6e27Sflorian long long mesh_num_reply_states; 863ae8c6e27Sflorian /** mesh stats: number of reply states overwritten with a new one */ 864ae8c6e27Sflorian long long mesh_jostled; 865ae8c6e27Sflorian /** mesh stats: number of incoming queries dropped */ 866ae8c6e27Sflorian long long mesh_dropped; 867ae8c6e27Sflorian /** mesh stats: replies sent */ 868ae8c6e27Sflorian long long mesh_replies_sent; 869ae8c6e27Sflorian /** mesh stats: sum of waiting times for the replies */ 870ae8c6e27Sflorian long long mesh_replies_sum_wait_sec, mesh_replies_sum_wait_usec; 871ae8c6e27Sflorian /** mesh stats: median of waiting times for replies (in sec) */ 872ae8c6e27Sflorian double mesh_time_median; 873ae8c6e27Sflorian }; 874ae8c6e27Sflorian 875ae8c6e27Sflorian #ifdef __cplusplus 876ae8c6e27Sflorian } 877ae8c6e27Sflorian #endif 878ae8c6e27Sflorian 879*d500c338Sflorian #endif /* UB_UNBOUND_H */ 880