1 /* 2 * util/netevent.c - event notification 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains event notification functions. 40 */ 41 #include "config.h" 42 #include "util/netevent.h" 43 #include "util/ub_event.h" 44 #include "util/log.h" 45 #include "util/net_help.h" 46 #include "util/tcp_conn_limit.h" 47 #include "util/fptr_wlist.h" 48 #include "sldns/pkthdr.h" 49 #include "sldns/sbuffer.h" 50 #include "sldns/str2wire.h" 51 #include "dnstap/dnstap.h" 52 #include "dnscrypt/dnscrypt.h" 53 #include "services/listen_dnsport.h" 54 #ifdef HAVE_OPENSSL_SSL_H 55 #include <openssl/ssl.h> 56 #endif 57 #ifdef HAVE_OPENSSL_ERR_H 58 #include <openssl/err.h> 59 #endif 60 61 /* -------- Start of local definitions -------- */ 62 /** if CMSG_ALIGN is not defined on this platform, a workaround */ 63 #ifndef CMSG_ALIGN 64 # ifdef __CMSG_ALIGN 65 # define CMSG_ALIGN(n) __CMSG_ALIGN(n) 66 # elif defined(CMSG_DATA_ALIGN) 67 # define CMSG_ALIGN _CMSG_DATA_ALIGN 68 # else 69 # define CMSG_ALIGN(len) (((len)+sizeof(long)-1) & ~(sizeof(long)-1)) 70 # endif 71 #endif 72 73 /** if CMSG_LEN is not defined on this platform, a workaround */ 74 #ifndef CMSG_LEN 75 # define CMSG_LEN(len) (CMSG_ALIGN(sizeof(struct cmsghdr))+(len)) 76 #endif 77 78 /** if CMSG_SPACE is not defined on this platform, a workaround */ 79 #ifndef CMSG_SPACE 80 # ifdef _CMSG_HDR_ALIGN 81 # define CMSG_SPACE(l) (CMSG_ALIGN(l)+_CMSG_HDR_ALIGN(sizeof(struct cmsghdr))) 82 # else 83 # define CMSG_SPACE(l) (CMSG_ALIGN(l)+CMSG_ALIGN(sizeof(struct cmsghdr))) 84 # endif 85 #endif 86 87 /** The TCP writing query timeout in milliseconds */ 88 #define TCP_QUERY_TIMEOUT 120000 89 /** The minimum actual TCP timeout to use, regardless of what we advertise, 90 * in msec */ 91 #define TCP_QUERY_TIMEOUT_MINIMUM 200 92 93 #ifndef NONBLOCKING_IS_BROKEN 94 /** number of UDP reads to perform per read indication from select */ 95 #define NUM_UDP_PER_SELECT 100 96 #else 97 #define NUM_UDP_PER_SELECT 1 98 #endif 99 100 /** 101 * The internal event structure for keeping ub_event info for the event. 102 * Possibly other structures (list, tree) this is part of. 103 */ 104 struct internal_event { 105 /** the comm base */ 106 struct comm_base* base; 107 /** ub_event event type */ 108 struct ub_event* ev; 109 }; 110 111 /** 112 * Internal base structure, so that every thread has its own events. 113 */ 114 struct internal_base { 115 /** ub_event event_base type. */ 116 struct ub_event_base* base; 117 /** seconds time pointer points here */ 118 time_t secs; 119 /** timeval with current time */ 120 struct timeval now; 121 /** the event used for slow_accept timeouts */ 122 struct ub_event* slow_accept; 123 /** true if slow_accept is enabled */ 124 int slow_accept_enabled; 125 }; 126 127 /** 128 * Internal timer structure, to store timer event in. 129 */ 130 struct internal_timer { 131 /** the super struct from which derived */ 132 struct comm_timer super; 133 /** the comm base */ 134 struct comm_base* base; 135 /** ub_event event type */ 136 struct ub_event* ev; 137 /** is timer enabled */ 138 uint8_t enabled; 139 }; 140 141 /** 142 * Internal signal structure, to store signal event in. 143 */ 144 struct internal_signal { 145 /** ub_event event type */ 146 struct ub_event* ev; 147 /** next in signal list */ 148 struct internal_signal* next; 149 }; 150 151 /** create a tcp handler with a parent */ 152 static struct comm_point* comm_point_create_tcp_handler( 153 struct comm_base *base, struct comm_point* parent, size_t bufsize, 154 struct sldns_buffer* spoolbuf, comm_point_callback_type* callback, 155 void* callback_arg); 156 157 /* -------- End of local definitions -------- */ 158 159 struct comm_base* 160 comm_base_create(int sigs) 161 { 162 struct comm_base* b = (struct comm_base*)calloc(1, 163 sizeof(struct comm_base)); 164 const char *evnm="event", *evsys="", *evmethod=""; 165 166 if(!b) 167 return NULL; 168 b->eb = (struct internal_base*)calloc(1, sizeof(struct internal_base)); 169 if(!b->eb) { 170 free(b); 171 return NULL; 172 } 173 b->eb->base = ub_default_event_base(sigs, &b->eb->secs, &b->eb->now); 174 if(!b->eb->base) { 175 free(b->eb); 176 free(b); 177 return NULL; 178 } 179 ub_comm_base_now(b); 180 ub_get_event_sys(b->eb->base, &evnm, &evsys, &evmethod); 181 verbose(VERB_ALGO, "%s %s uses %s method.", evnm, evsys, evmethod); 182 return b; 183 } 184 185 struct comm_base* 186 comm_base_create_event(struct ub_event_base* base) 187 { 188 struct comm_base* b = (struct comm_base*)calloc(1, 189 sizeof(struct comm_base)); 190 if(!b) 191 return NULL; 192 b->eb = (struct internal_base*)calloc(1, sizeof(struct internal_base)); 193 if(!b->eb) { 194 free(b); 195 return NULL; 196 } 197 b->eb->base = base; 198 ub_comm_base_now(b); 199 return b; 200 } 201 202 void 203 comm_base_delete(struct comm_base* b) 204 { 205 if(!b) 206 return; 207 if(b->eb->slow_accept_enabled) { 208 if(ub_event_del(b->eb->slow_accept) != 0) { 209 log_err("could not event_del slow_accept"); 210 } 211 ub_event_free(b->eb->slow_accept); 212 } 213 ub_event_base_free(b->eb->base); 214 b->eb->base = NULL; 215 free(b->eb); 216 free(b); 217 } 218 219 void 220 comm_base_delete_no_base(struct comm_base* b) 221 { 222 if(!b) 223 return; 224 if(b->eb->slow_accept_enabled) { 225 if(ub_event_del(b->eb->slow_accept) != 0) { 226 log_err("could not event_del slow_accept"); 227 } 228 ub_event_free(b->eb->slow_accept); 229 } 230 b->eb->base = NULL; 231 free(b->eb); 232 free(b); 233 } 234 235 void 236 comm_base_timept(struct comm_base* b, time_t** tt, struct timeval** tv) 237 { 238 *tt = &b->eb->secs; 239 *tv = &b->eb->now; 240 } 241 242 void 243 comm_base_dispatch(struct comm_base* b) 244 { 245 int retval; 246 retval = ub_event_base_dispatch(b->eb->base); 247 if(retval < 0) { 248 fatal_exit("event_dispatch returned error %d, " 249 "errno is %s", retval, strerror(errno)); 250 } 251 } 252 253 void comm_base_exit(struct comm_base* b) 254 { 255 if(ub_event_base_loopexit(b->eb->base) != 0) { 256 log_err("Could not loopexit"); 257 } 258 } 259 260 void comm_base_set_slow_accept_handlers(struct comm_base* b, 261 void (*stop_acc)(void*), void (*start_acc)(void*), void* arg) 262 { 263 b->stop_accept = stop_acc; 264 b->start_accept = start_acc; 265 b->cb_arg = arg; 266 } 267 268 struct ub_event_base* comm_base_internal(struct comm_base* b) 269 { 270 return b->eb->base; 271 } 272 273 /** see if errno for udp has to be logged or not uses globals */ 274 static int 275 udp_send_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) 276 { 277 /* do not log transient errors (unless high verbosity) */ 278 #if defined(ENETUNREACH) || defined(EHOSTDOWN) || defined(EHOSTUNREACH) || defined(ENETDOWN) 279 switch(errno) { 280 # ifdef ENETUNREACH 281 case ENETUNREACH: 282 # endif 283 # ifdef EHOSTDOWN 284 case EHOSTDOWN: 285 # endif 286 # ifdef EHOSTUNREACH 287 case EHOSTUNREACH: 288 # endif 289 # ifdef ENETDOWN 290 case ENETDOWN: 291 # endif 292 if(verbosity < VERB_ALGO) 293 return 0; 294 default: 295 break; 296 } 297 #endif 298 /* permission denied is gotten for every send if the 299 * network is disconnected (on some OS), squelch it */ 300 if( ((errno == EPERM) 301 # ifdef EADDRNOTAVAIL 302 /* 'Cannot assign requested address' also when disconnected */ 303 || (errno == EADDRNOTAVAIL) 304 # endif 305 ) && verbosity < VERB_DETAIL) 306 return 0; 307 # ifdef EADDRINUSE 308 /* If SO_REUSEADDR is set, we could try to connect to the same server 309 * from the same source port twice. */ 310 if(errno == EADDRINUSE && verbosity < VERB_DETAIL) 311 return 0; 312 # endif 313 /* squelch errors where people deploy AAAA ::ffff:bla for 314 * authority servers, which we try for intranets. */ 315 if(errno == EINVAL && addr_is_ip4mapped( 316 (struct sockaddr_storage*)addr, addrlen) && 317 verbosity < VERB_DETAIL) 318 return 0; 319 /* SO_BROADCAST sockopt can give access to 255.255.255.255, 320 * but a dns cache does not need it. */ 321 if(errno == EACCES && addr_is_broadcast( 322 (struct sockaddr_storage*)addr, addrlen) && 323 verbosity < VERB_DETAIL) 324 return 0; 325 return 1; 326 } 327 328 int tcp_connect_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) 329 { 330 return udp_send_errno_needs_log(addr, addrlen); 331 } 332 333 /* send a UDP reply */ 334 int 335 comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, 336 struct sockaddr* addr, socklen_t addrlen) 337 { 338 ssize_t sent; 339 log_assert(c->fd != -1); 340 #ifdef UNBOUND_DEBUG 341 if(sldns_buffer_remaining(packet) == 0) 342 log_err("error: send empty UDP packet"); 343 #endif 344 log_assert(addr && addrlen > 0); 345 sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), 346 sldns_buffer_remaining(packet), 0, 347 addr, addrlen); 348 if(sent == -1) { 349 /* try again and block, waiting for IO to complete, 350 * we want to send the answer, and we will wait for 351 * the ethernet interface buffer to have space. */ 352 #ifndef USE_WINSOCK 353 if(errno == EAGAIN || 354 # ifdef EWOULDBLOCK 355 errno == EWOULDBLOCK || 356 # endif 357 errno == ENOBUFS) { 358 #else 359 if(WSAGetLastError() == WSAEINPROGRESS || 360 WSAGetLastError() == WSAENOBUFS || 361 WSAGetLastError() == WSAEWOULDBLOCK) { 362 #endif 363 int e; 364 fd_set_block(c->fd); 365 sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), 366 sldns_buffer_remaining(packet), 0, 367 addr, addrlen); 368 e = errno; 369 fd_set_nonblock(c->fd); 370 errno = e; 371 } 372 } 373 if(sent == -1) { 374 if(!udp_send_errno_needs_log(addr, addrlen)) 375 return 0; 376 #ifndef USE_WINSOCK 377 verbose(VERB_OPS, "sendto failed: %s", strerror(errno)); 378 #else 379 verbose(VERB_OPS, "sendto failed: %s", 380 wsa_strerror(WSAGetLastError())); 381 #endif 382 log_addr(VERB_OPS, "remote address is", 383 (struct sockaddr_storage*)addr, addrlen); 384 return 0; 385 } else if((size_t)sent != sldns_buffer_remaining(packet)) { 386 log_err("sent %d in place of %d bytes", 387 (int)sent, (int)sldns_buffer_remaining(packet)); 388 return 0; 389 } 390 return 1; 391 } 392 393 #if defined(AF_INET6) && defined(IPV6_PKTINFO) && (defined(HAVE_RECVMSG) || defined(HAVE_SENDMSG)) 394 /** print debug ancillary info */ 395 static void p_ancil(const char* str, struct comm_reply* r) 396 { 397 if(r->srctype != 4 && r->srctype != 6) { 398 log_info("%s: unknown srctype %d", str, r->srctype); 399 return; 400 } 401 if(r->srctype == 6) { 402 char buf[1024]; 403 if(inet_ntop(AF_INET6, &r->pktinfo.v6info.ipi6_addr, 404 buf, (socklen_t)sizeof(buf)) == 0) { 405 (void)strlcpy(buf, "(inet_ntop error)", sizeof(buf)); 406 } 407 buf[sizeof(buf)-1]=0; 408 log_info("%s: %s %d", str, buf, r->pktinfo.v6info.ipi6_ifindex); 409 } else if(r->srctype == 4) { 410 #ifdef IP_PKTINFO 411 char buf1[1024], buf2[1024]; 412 if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_addr, 413 buf1, (socklen_t)sizeof(buf1)) == 0) { 414 (void)strlcpy(buf1, "(inet_ntop error)", sizeof(buf1)); 415 } 416 buf1[sizeof(buf1)-1]=0; 417 #ifdef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST 418 if(inet_ntop(AF_INET, &r->pktinfo.v4info.ipi_spec_dst, 419 buf2, (socklen_t)sizeof(buf2)) == 0) { 420 (void)strlcpy(buf2, "(inet_ntop error)", sizeof(buf2)); 421 } 422 buf2[sizeof(buf2)-1]=0; 423 #else 424 buf2[0]=0; 425 #endif 426 log_info("%s: %d %s %s", str, r->pktinfo.v4info.ipi_ifindex, 427 buf1, buf2); 428 #elif defined(IP_RECVDSTADDR) 429 char buf1[1024]; 430 if(inet_ntop(AF_INET, &r->pktinfo.v4addr, 431 buf1, (socklen_t)sizeof(buf1)) == 0) { 432 (void)strlcpy(buf1, "(inet_ntop error)", sizeof(buf1)); 433 } 434 buf1[sizeof(buf1)-1]=0; 435 log_info("%s: %s", str, buf1); 436 #endif /* IP_PKTINFO or PI_RECVDSTDADDR */ 437 } 438 } 439 #endif /* AF_INET6 && IPV6_PKTINFO && HAVE_RECVMSG||HAVE_SENDMSG */ 440 441 /** send a UDP reply over specified interface*/ 442 static int 443 comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, 444 struct sockaddr* addr, socklen_t addrlen, struct comm_reply* r) 445 { 446 #if defined(AF_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_SENDMSG) 447 ssize_t sent; 448 struct msghdr msg; 449 struct iovec iov[1]; 450 union { 451 struct cmsghdr hdr; 452 char buf[256]; 453 } control; 454 #ifndef S_SPLINT_S 455 struct cmsghdr *cmsg; 456 #endif /* S_SPLINT_S */ 457 458 log_assert(c->fd != -1); 459 #ifdef UNBOUND_DEBUG 460 if(sldns_buffer_remaining(packet) == 0) 461 log_err("error: send empty UDP packet"); 462 #endif 463 log_assert(addr && addrlen > 0); 464 465 msg.msg_name = addr; 466 msg.msg_namelen = addrlen; 467 iov[0].iov_base = sldns_buffer_begin(packet); 468 iov[0].iov_len = sldns_buffer_remaining(packet); 469 msg.msg_iov = iov; 470 msg.msg_iovlen = 1; 471 msg.msg_control = control.buf; 472 #ifndef S_SPLINT_S 473 msg.msg_controllen = sizeof(control); 474 #endif /* S_SPLINT_S */ 475 msg.msg_flags = 0; 476 477 #ifndef S_SPLINT_S 478 cmsg = CMSG_FIRSTHDR(&msg); 479 if(r->srctype == 4) { 480 #ifdef IP_PKTINFO 481 void* cmsg_data; 482 msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo)); 483 log_assert(msg.msg_controllen <= sizeof(control)); 484 cmsg->cmsg_level = IPPROTO_IP; 485 cmsg->cmsg_type = IP_PKTINFO; 486 memmove(CMSG_DATA(cmsg), &r->pktinfo.v4info, 487 sizeof(struct in_pktinfo)); 488 /* unset the ifindex to not bypass the routing tables */ 489 cmsg_data = CMSG_DATA(cmsg); 490 ((struct in_pktinfo *) cmsg_data)->ipi_ifindex = 0; 491 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); 492 #elif defined(IP_SENDSRCADDR) 493 msg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr)); 494 log_assert(msg.msg_controllen <= sizeof(control)); 495 cmsg->cmsg_level = IPPROTO_IP; 496 cmsg->cmsg_type = IP_SENDSRCADDR; 497 memmove(CMSG_DATA(cmsg), &r->pktinfo.v4addr, 498 sizeof(struct in_addr)); 499 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr)); 500 #else 501 verbose(VERB_ALGO, "no IP_PKTINFO or IP_SENDSRCADDR"); 502 msg.msg_control = NULL; 503 #endif /* IP_PKTINFO or IP_SENDSRCADDR */ 504 } else if(r->srctype == 6) { 505 void* cmsg_data; 506 msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); 507 log_assert(msg.msg_controllen <= sizeof(control)); 508 cmsg->cmsg_level = IPPROTO_IPV6; 509 cmsg->cmsg_type = IPV6_PKTINFO; 510 memmove(CMSG_DATA(cmsg), &r->pktinfo.v6info, 511 sizeof(struct in6_pktinfo)); 512 /* unset the ifindex to not bypass the routing tables */ 513 cmsg_data = CMSG_DATA(cmsg); 514 ((struct in6_pktinfo *) cmsg_data)->ipi6_ifindex = 0; 515 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); 516 } else { 517 /* try to pass all 0 to use default route */ 518 msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); 519 log_assert(msg.msg_controllen <= sizeof(control)); 520 cmsg->cmsg_level = IPPROTO_IPV6; 521 cmsg->cmsg_type = IPV6_PKTINFO; 522 memset(CMSG_DATA(cmsg), 0, sizeof(struct in6_pktinfo)); 523 cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); 524 } 525 #endif /* S_SPLINT_S */ 526 if(verbosity >= VERB_ALGO) 527 p_ancil("send_udp over interface", r); 528 sent = sendmsg(c->fd, &msg, 0); 529 if(sent == -1) { 530 /* try again and block, waiting for IO to complete, 531 * we want to send the answer, and we will wait for 532 * the ethernet interface buffer to have space. */ 533 #ifndef USE_WINSOCK 534 if(errno == EAGAIN || 535 # ifdef EWOULDBLOCK 536 errno == EWOULDBLOCK || 537 # endif 538 errno == ENOBUFS) { 539 #else 540 if(WSAGetLastError() == WSAEINPROGRESS || 541 WSAGetLastError() == WSAENOBUFS || 542 WSAGetLastError() == WSAEWOULDBLOCK) { 543 #endif 544 int e; 545 fd_set_block(c->fd); 546 sent = sendmsg(c->fd, &msg, 0); 547 e = errno; 548 fd_set_nonblock(c->fd); 549 errno = e; 550 } 551 } 552 if(sent == -1) { 553 if(!udp_send_errno_needs_log(addr, addrlen)) 554 return 0; 555 verbose(VERB_OPS, "sendmsg failed: %s", strerror(errno)); 556 log_addr(VERB_OPS, "remote address is", 557 (struct sockaddr_storage*)addr, addrlen); 558 #ifdef __NetBSD__ 559 /* netbsd 7 has IP_PKTINFO for recv but not send */ 560 if(errno == EINVAL && r->srctype == 4) 561 log_err("sendmsg: No support for sendmsg(IP_PKTINFO). " 562 "Please disable interface-automatic"); 563 #endif 564 return 0; 565 } else if((size_t)sent != sldns_buffer_remaining(packet)) { 566 log_err("sent %d in place of %d bytes", 567 (int)sent, (int)sldns_buffer_remaining(packet)); 568 return 0; 569 } 570 return 1; 571 #else 572 (void)c; 573 (void)packet; 574 (void)addr; 575 (void)addrlen; 576 (void)r; 577 log_err("sendmsg: IPV6_PKTINFO not supported"); 578 return 0; 579 #endif /* AF_INET6 && IPV6_PKTINFO && HAVE_SENDMSG */ 580 } 581 582 void 583 comm_point_udp_ancil_callback(int fd, short event, void* arg) 584 { 585 #if defined(AF_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_RECVMSG) 586 struct comm_reply rep; 587 struct msghdr msg; 588 struct iovec iov[1]; 589 ssize_t rcv; 590 union { 591 struct cmsghdr hdr; 592 char buf[256]; 593 } ancil; 594 int i; 595 #ifndef S_SPLINT_S 596 struct cmsghdr* cmsg; 597 #endif /* S_SPLINT_S */ 598 599 rep.c = (struct comm_point*)arg; 600 log_assert(rep.c->type == comm_udp); 601 602 if(!(event&UB_EV_READ)) 603 return; 604 log_assert(rep.c && rep.c->buffer && rep.c->fd == fd); 605 ub_comm_base_now(rep.c->ev->base); 606 for(i=0; i<NUM_UDP_PER_SELECT; i++) { 607 sldns_buffer_clear(rep.c->buffer); 608 rep.addrlen = (socklen_t)sizeof(rep.addr); 609 log_assert(fd != -1); 610 log_assert(sldns_buffer_remaining(rep.c->buffer) > 0); 611 msg.msg_name = &rep.addr; 612 msg.msg_namelen = (socklen_t)sizeof(rep.addr); 613 iov[0].iov_base = sldns_buffer_begin(rep.c->buffer); 614 iov[0].iov_len = sldns_buffer_remaining(rep.c->buffer); 615 msg.msg_iov = iov; 616 msg.msg_iovlen = 1; 617 msg.msg_control = ancil.buf; 618 #ifndef S_SPLINT_S 619 msg.msg_controllen = sizeof(ancil); 620 #endif /* S_SPLINT_S */ 621 msg.msg_flags = 0; 622 rcv = recvmsg(fd, &msg, 0); 623 if(rcv == -1) { 624 if(errno != EAGAIN && errno != EINTR) { 625 log_err("recvmsg failed: %s", strerror(errno)); 626 } 627 return; 628 } 629 rep.addrlen = msg.msg_namelen; 630 sldns_buffer_skip(rep.c->buffer, rcv); 631 sldns_buffer_flip(rep.c->buffer); 632 rep.srctype = 0; 633 #ifndef S_SPLINT_S 634 for(cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; 635 cmsg = CMSG_NXTHDR(&msg, cmsg)) { 636 if( cmsg->cmsg_level == IPPROTO_IPV6 && 637 cmsg->cmsg_type == IPV6_PKTINFO) { 638 rep.srctype = 6; 639 memmove(&rep.pktinfo.v6info, CMSG_DATA(cmsg), 640 sizeof(struct in6_pktinfo)); 641 break; 642 #ifdef IP_PKTINFO 643 } else if( cmsg->cmsg_level == IPPROTO_IP && 644 cmsg->cmsg_type == IP_PKTINFO) { 645 rep.srctype = 4; 646 memmove(&rep.pktinfo.v4info, CMSG_DATA(cmsg), 647 sizeof(struct in_pktinfo)); 648 break; 649 #elif defined(IP_RECVDSTADDR) 650 } else if( cmsg->cmsg_level == IPPROTO_IP && 651 cmsg->cmsg_type == IP_RECVDSTADDR) { 652 rep.srctype = 4; 653 memmove(&rep.pktinfo.v4addr, CMSG_DATA(cmsg), 654 sizeof(struct in_addr)); 655 break; 656 #endif /* IP_PKTINFO or IP_RECVDSTADDR */ 657 } 658 } 659 if(verbosity >= VERB_ALGO) 660 p_ancil("receive_udp on interface", &rep); 661 #endif /* S_SPLINT_S */ 662 fptr_ok(fptr_whitelist_comm_point(rep.c->callback)); 663 if((*rep.c->callback)(rep.c, rep.c->cb_arg, NETEVENT_NOERROR, &rep)) { 664 /* send back immediate reply */ 665 (void)comm_point_send_udp_msg_if(rep.c, rep.c->buffer, 666 (struct sockaddr*)&rep.addr, rep.addrlen, &rep); 667 } 668 if(!rep.c || rep.c->fd == -1) /* commpoint closed */ 669 break; 670 } 671 #else 672 (void)fd; 673 (void)event; 674 (void)arg; 675 fatal_exit("recvmsg: No support for IPV6_PKTINFO; IP_PKTINFO or IP_RECVDSTADDR. " 676 "Please disable interface-automatic"); 677 #endif /* AF_INET6 && IPV6_PKTINFO && HAVE_RECVMSG */ 678 } 679 680 void 681 comm_point_udp_callback(int fd, short event, void* arg) 682 { 683 struct comm_reply rep; 684 ssize_t rcv; 685 int i; 686 struct sldns_buffer *buffer; 687 688 rep.c = (struct comm_point*)arg; 689 log_assert(rep.c->type == comm_udp); 690 691 if(!(event&UB_EV_READ)) 692 return; 693 log_assert(rep.c && rep.c->buffer && rep.c->fd == fd); 694 ub_comm_base_now(rep.c->ev->base); 695 for(i=0; i<NUM_UDP_PER_SELECT; i++) { 696 sldns_buffer_clear(rep.c->buffer); 697 rep.addrlen = (socklen_t)sizeof(rep.addr); 698 log_assert(fd != -1); 699 log_assert(sldns_buffer_remaining(rep.c->buffer) > 0); 700 rcv = recvfrom(fd, (void*)sldns_buffer_begin(rep.c->buffer), 701 sldns_buffer_remaining(rep.c->buffer), 0, 702 (struct sockaddr*)&rep.addr, &rep.addrlen); 703 if(rcv == -1) { 704 #ifndef USE_WINSOCK 705 if(errno != EAGAIN && errno != EINTR) 706 log_err("recvfrom %d failed: %s", 707 fd, strerror(errno)); 708 #else 709 if(WSAGetLastError() != WSAEINPROGRESS && 710 WSAGetLastError() != WSAECONNRESET && 711 WSAGetLastError()!= WSAEWOULDBLOCK) 712 log_err("recvfrom failed: %s", 713 wsa_strerror(WSAGetLastError())); 714 #endif 715 return; 716 } 717 sldns_buffer_skip(rep.c->buffer, rcv); 718 sldns_buffer_flip(rep.c->buffer); 719 rep.srctype = 0; 720 fptr_ok(fptr_whitelist_comm_point(rep.c->callback)); 721 if((*rep.c->callback)(rep.c, rep.c->cb_arg, NETEVENT_NOERROR, &rep)) { 722 /* send back immediate reply */ 723 #ifdef USE_DNSCRYPT 724 buffer = rep.c->dnscrypt_buffer; 725 #else 726 buffer = rep.c->buffer; 727 #endif 728 (void)comm_point_send_udp_msg(rep.c, buffer, 729 (struct sockaddr*)&rep.addr, rep.addrlen); 730 } 731 if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for 732 another UDP port. Note rep.c cannot be reused with TCP fd. */ 733 break; 734 } 735 } 736 737 /** Use a new tcp handler for new query fd, set to read query */ 738 static void 739 setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) 740 { 741 int handler_usage; 742 log_assert(c->type == comm_tcp); 743 log_assert(c->fd == -1); 744 sldns_buffer_clear(c->buffer); 745 #ifdef USE_DNSCRYPT 746 if (c->dnscrypt) 747 sldns_buffer_clear(c->dnscrypt_buffer); 748 #endif 749 c->tcp_is_reading = 1; 750 c->tcp_byte_count = 0; 751 /* if more than half the tcp handlers are in use, use a shorter 752 * timeout for this TCP connection, we need to make space for 753 * other connections to be able to get attention */ 754 /* If > 50% TCP handler structures in use, set timeout to 1/100th 755 * configured value. 756 * If > 65%TCP handler structures in use, set to 1/500th configured 757 * value. 758 * If > 80% TCP handler structures in use, set to 0. 759 * 760 * If the timeout to use falls below 200 milliseconds, an actual 761 * timeout of 200ms is used. 762 */ 763 handler_usage = (cur * 100) / max; 764 if(handler_usage > 50 && handler_usage <= 65) 765 c->tcp_timeout_msec /= 100; 766 else if (handler_usage > 65 && handler_usage <= 80) 767 c->tcp_timeout_msec /= 500; 768 else if (handler_usage > 80) 769 c->tcp_timeout_msec = 0; 770 comm_point_start_listening(c, fd, 771 c->tcp_timeout_msec < TCP_QUERY_TIMEOUT_MINIMUM 772 ? TCP_QUERY_TIMEOUT_MINIMUM 773 : c->tcp_timeout_msec); 774 } 775 776 void comm_base_handle_slow_accept(int ATTR_UNUSED(fd), 777 short ATTR_UNUSED(event), void* arg) 778 { 779 struct comm_base* b = (struct comm_base*)arg; 780 /* timeout for the slow accept, re-enable accepts again */ 781 if(b->start_accept) { 782 verbose(VERB_ALGO, "wait is over, slow accept disabled"); 783 fptr_ok(fptr_whitelist_start_accept(b->start_accept)); 784 (*b->start_accept)(b->cb_arg); 785 b->eb->slow_accept_enabled = 0; 786 } 787 } 788 789 int comm_point_perform_accept(struct comm_point* c, 790 struct sockaddr_storage* addr, socklen_t* addrlen) 791 { 792 int new_fd; 793 *addrlen = (socklen_t)sizeof(*addr); 794 #ifndef HAVE_ACCEPT4 795 new_fd = accept(c->fd, (struct sockaddr*)addr, addrlen); 796 #else 797 /* SOCK_NONBLOCK saves extra calls to fcntl for the same result */ 798 new_fd = accept4(c->fd, (struct sockaddr*)addr, addrlen, SOCK_NONBLOCK); 799 #endif 800 if(new_fd == -1) { 801 #ifndef USE_WINSOCK 802 /* EINTR is signal interrupt. others are closed connection. */ 803 if( errno == EINTR || errno == EAGAIN 804 #ifdef EWOULDBLOCK 805 || errno == EWOULDBLOCK 806 #endif 807 #ifdef ECONNABORTED 808 || errno == ECONNABORTED 809 #endif 810 #ifdef EPROTO 811 || errno == EPROTO 812 #endif /* EPROTO */ 813 ) 814 return -1; 815 #if defined(ENFILE) && defined(EMFILE) 816 if(errno == ENFILE || errno == EMFILE) { 817 /* out of file descriptors, likely outside of our 818 * control. stop accept() calls for some time */ 819 if(c->ev->base->stop_accept) { 820 struct comm_base* b = c->ev->base; 821 struct timeval tv; 822 verbose(VERB_ALGO, "out of file descriptors: " 823 "slow accept"); 824 b->eb->slow_accept_enabled = 1; 825 fptr_ok(fptr_whitelist_stop_accept( 826 b->stop_accept)); 827 (*b->stop_accept)(b->cb_arg); 828 /* set timeout, no mallocs */ 829 tv.tv_sec = NETEVENT_SLOW_ACCEPT_TIME/1000; 830 tv.tv_usec = (NETEVENT_SLOW_ACCEPT_TIME%1000)*1000; 831 b->eb->slow_accept = ub_event_new(b->eb->base, 832 -1, UB_EV_TIMEOUT, 833 comm_base_handle_slow_accept, b); 834 if(b->eb->slow_accept == NULL) { 835 /* we do not want to log here, because 836 * that would spam the logfiles. 837 * error: "event_base_set failed." */ 838 } 839 else if(ub_event_add(b->eb->slow_accept, &tv) 840 != 0) { 841 /* we do not want to log here, 842 * error: "event_add failed." */ 843 } 844 } 845 return -1; 846 } 847 #endif 848 log_err_addr("accept failed", strerror(errno), addr, *addrlen); 849 #else /* USE_WINSOCK */ 850 if(WSAGetLastError() == WSAEINPROGRESS || 851 WSAGetLastError() == WSAECONNRESET) 852 return -1; 853 if(WSAGetLastError() == WSAEWOULDBLOCK) { 854 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); 855 return -1; 856 } 857 log_err_addr("accept failed", wsa_strerror(WSAGetLastError()), 858 addr, *addrlen); 859 #endif 860 return -1; 861 } 862 if(c->tcp_conn_limit && c->type == comm_tcp_accept) { 863 c->tcl_addr = tcl_addr_lookup(c->tcp_conn_limit, addr, *addrlen); 864 if(!tcl_new_connection(c->tcl_addr)) { 865 if(verbosity >= 3) 866 log_err_addr("accept rejected", 867 "connection limit exceeded", addr, *addrlen); 868 close(new_fd); 869 return -1; 870 } 871 } 872 #ifndef HAVE_ACCEPT4 873 fd_set_nonblock(new_fd); 874 #endif 875 return new_fd; 876 } 877 878 #ifdef USE_WINSOCK 879 static long win_bio_cb(BIO *b, int oper, const char* ATTR_UNUSED(argp), 880 int ATTR_UNUSED(argi), long argl, long retvalue) 881 { 882 int wsa_err = WSAGetLastError(); /* store errcode before it is gone */ 883 verbose(VERB_ALGO, "bio_cb %d, %s %s %s", oper, 884 (oper&BIO_CB_RETURN)?"return":"before", 885 (oper&BIO_CB_READ)?"read":((oper&BIO_CB_WRITE)?"write":"other"), 886 wsa_err==WSAEWOULDBLOCK?"wsawb":""); 887 /* on windows, check if previous operation caused EWOULDBLOCK */ 888 if( (oper == (BIO_CB_READ|BIO_CB_RETURN) && argl == 0) || 889 (oper == (BIO_CB_GETS|BIO_CB_RETURN) && argl == 0)) { 890 if(wsa_err == WSAEWOULDBLOCK) 891 ub_winsock_tcp_wouldblock((struct ub_event*) 892 BIO_get_callback_arg(b), UB_EV_READ); 893 } 894 if( (oper == (BIO_CB_WRITE|BIO_CB_RETURN) && argl == 0) || 895 (oper == (BIO_CB_PUTS|BIO_CB_RETURN) && argl == 0)) { 896 if(wsa_err == WSAEWOULDBLOCK) 897 ub_winsock_tcp_wouldblock((struct ub_event*) 898 BIO_get_callback_arg(b), UB_EV_WRITE); 899 } 900 /* return original return value */ 901 return retvalue; 902 } 903 904 /** set win bio callbacks for nonblocking operations */ 905 void 906 comm_point_tcp_win_bio_cb(struct comm_point* c, void* thessl) 907 { 908 SSL* ssl = (SSL*)thessl; 909 /* set them both just in case, but usually they are the same BIO */ 910 BIO_set_callback(SSL_get_rbio(ssl), &win_bio_cb); 911 BIO_set_callback_arg(SSL_get_rbio(ssl), (char*)c->ev->ev); 912 BIO_set_callback(SSL_get_wbio(ssl), &win_bio_cb); 913 BIO_set_callback_arg(SSL_get_wbio(ssl), (char*)c->ev->ev); 914 } 915 #endif 916 917 void 918 comm_point_tcp_accept_callback(int fd, short event, void* arg) 919 { 920 struct comm_point* c = (struct comm_point*)arg, *c_hdl; 921 int new_fd; 922 log_assert(c->type == comm_tcp_accept); 923 if(!(event & UB_EV_READ)) { 924 log_info("ignoring tcp accept event %d", (int)event); 925 return; 926 } 927 ub_comm_base_now(c->ev->base); 928 /* find free tcp handler. */ 929 if(!c->tcp_free) { 930 log_warn("accepted too many tcp, connections full"); 931 return; 932 } 933 /* accept incoming connection. */ 934 c_hdl = c->tcp_free; 935 /* clear leftover flags from previous use, and then set the 936 * correct event base for the event structure for libevent */ 937 ub_event_free(c_hdl->ev->ev); 938 c_hdl->ev->ev = ub_event_new(c_hdl->ev->base->eb->base, -1, UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT, comm_point_tcp_handle_callback, c_hdl); 939 if(!c_hdl->ev->ev) { 940 log_warn("could not ub_event_new, dropped tcp"); 941 return; 942 } 943 log_assert(fd != -1); 944 (void)fd; 945 new_fd = comm_point_perform_accept(c, &c_hdl->repinfo.addr, 946 &c_hdl->repinfo.addrlen); 947 if(new_fd == -1) 948 return; 949 if(c->ssl) { 950 c_hdl->ssl = incoming_ssl_fd(c->ssl, new_fd); 951 if(!c_hdl->ssl) { 952 c_hdl->fd = new_fd; 953 comm_point_close(c_hdl); 954 return; 955 } 956 c_hdl->ssl_shake_state = comm_ssl_shake_read; 957 #ifdef USE_WINSOCK 958 comm_point_tcp_win_bio_cb(c_hdl, c_hdl->ssl); 959 #endif 960 } 961 962 /* grab the tcp handler buffers */ 963 c->cur_tcp_count++; 964 c->tcp_free = c_hdl->tcp_free; 965 if(!c->tcp_free) { 966 /* stop accepting incoming queries for now. */ 967 comm_point_stop_listening(c); 968 } 969 setup_tcp_handler(c_hdl, new_fd, c->cur_tcp_count, c->max_tcp_count); 970 } 971 972 /** Make tcp handler free for next assignment */ 973 static void 974 reclaim_tcp_handler(struct comm_point* c) 975 { 976 log_assert(c->type == comm_tcp); 977 if(c->ssl) { 978 #ifdef HAVE_SSL 979 SSL_shutdown(c->ssl); 980 SSL_free(c->ssl); 981 c->ssl = NULL; 982 #endif 983 } 984 comm_point_close(c); 985 if(c->tcp_parent) { 986 c->tcp_parent->cur_tcp_count--; 987 c->tcp_free = c->tcp_parent->tcp_free; 988 c->tcp_parent->tcp_free = c; 989 if(!c->tcp_free) { 990 /* re-enable listening on accept socket */ 991 comm_point_start_listening(c->tcp_parent, -1, -1); 992 } 993 } 994 } 995 996 /** do the callback when writing is done */ 997 static void 998 tcp_callback_writer(struct comm_point* c) 999 { 1000 log_assert(c->type == comm_tcp); 1001 sldns_buffer_clear(c->buffer); 1002 if(c->tcp_do_toggle_rw) 1003 c->tcp_is_reading = 1; 1004 c->tcp_byte_count = 0; 1005 /* switch from listening(write) to listening(read) */ 1006 if(c->tcp_req_info) { 1007 tcp_req_info_handle_writedone(c->tcp_req_info); 1008 } else { 1009 comm_point_stop_listening(c); 1010 comm_point_start_listening(c, -1, c->tcp_timeout_msec); 1011 } 1012 } 1013 1014 /** do the callback when reading is done */ 1015 static void 1016 tcp_callback_reader(struct comm_point* c) 1017 { 1018 log_assert(c->type == comm_tcp || c->type == comm_local); 1019 sldns_buffer_flip(c->buffer); 1020 if(c->tcp_do_toggle_rw) 1021 c->tcp_is_reading = 0; 1022 c->tcp_byte_count = 0; 1023 if(c->tcp_req_info) { 1024 tcp_req_info_handle_readdone(c->tcp_req_info); 1025 } else { 1026 if(c->type == comm_tcp) 1027 comm_point_stop_listening(c); 1028 fptr_ok(fptr_whitelist_comm_point(c->callback)); 1029 if( (*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &c->repinfo) ) { 1030 comm_point_start_listening(c, -1, c->tcp_timeout_msec); 1031 } 1032 } 1033 } 1034 1035 #ifdef HAVE_SSL 1036 /** log certificate details */ 1037 static void 1038 log_cert(unsigned level, const char* str, X509* cert) 1039 { 1040 BIO* bio; 1041 char nul = 0; 1042 char* pp = NULL; 1043 long len; 1044 if(verbosity < level) return; 1045 bio = BIO_new(BIO_s_mem()); 1046 if(!bio) return; 1047 X509_print_ex(bio, cert, 0, (unsigned long)-1 1048 ^(X509_FLAG_NO_SUBJECT 1049 |X509_FLAG_NO_ISSUER|X509_FLAG_NO_VALIDITY 1050 |X509_FLAG_NO_EXTENSIONS|X509_FLAG_NO_AUX 1051 |X509_FLAG_NO_ATTRIBUTES)); 1052 BIO_write(bio, &nul, (int)sizeof(nul)); 1053 len = BIO_get_mem_data(bio, &pp); 1054 if(len != 0 && pp) { 1055 verbose(level, "%s: \n%s", str, pp); 1056 } 1057 BIO_free(bio); 1058 } 1059 #endif /* HAVE_SSL */ 1060 1061 #ifdef HAVE_SSL 1062 /** true if the ssl handshake error has to be squelched from the logs */ 1063 static int 1064 squelch_err_ssl_handshake(unsigned long err) 1065 { 1066 if(verbosity >= VERB_QUERY) 1067 return 0; /* only squelch on low verbosity */ 1068 /* this is very specific, we could filter on ERR_GET_REASON() 1069 * (the third element in ERR_PACK) */ 1070 if(err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, SSL_R_HTTPS_PROXY_REQUEST) || 1071 err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, SSL_R_HTTP_REQUEST) || 1072 err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER) || 1073 err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_BYTES, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE) 1074 #ifdef SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 1075 || err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER) 1076 #endif 1077 #ifdef SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 1078 || err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL) 1079 || err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL) 1080 # ifdef SSL_R_VERSION_TOO_LOW 1081 || err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_VERSION_TOO_LOW) 1082 # endif 1083 #endif 1084 ) 1085 return 1; 1086 return 0; 1087 } 1088 #endif /* HAVE_SSL */ 1089 1090 /** continue ssl handshake */ 1091 #ifdef HAVE_SSL 1092 static int 1093 ssl_handshake(struct comm_point* c) 1094 { 1095 int r; 1096 if(c->ssl_shake_state == comm_ssl_shake_hs_read) { 1097 /* read condition satisfied back to writing */ 1098 comm_point_listen_for_rw(c, 1, 1); 1099 c->ssl_shake_state = comm_ssl_shake_none; 1100 return 1; 1101 } 1102 if(c->ssl_shake_state == comm_ssl_shake_hs_write) { 1103 /* write condition satisfied, back to reading */ 1104 comm_point_listen_for_rw(c, 1, 0); 1105 c->ssl_shake_state = comm_ssl_shake_none; 1106 return 1; 1107 } 1108 1109 ERR_clear_error(); 1110 r = SSL_do_handshake(c->ssl); 1111 if(r != 1) { 1112 int want = SSL_get_error(c->ssl, r); 1113 if(want == SSL_ERROR_WANT_READ) { 1114 if(c->ssl_shake_state == comm_ssl_shake_read) 1115 return 1; 1116 c->ssl_shake_state = comm_ssl_shake_read; 1117 comm_point_listen_for_rw(c, 1, 0); 1118 return 1; 1119 } else if(want == SSL_ERROR_WANT_WRITE) { 1120 if(c->ssl_shake_state == comm_ssl_shake_write) 1121 return 1; 1122 c->ssl_shake_state = comm_ssl_shake_write; 1123 comm_point_listen_for_rw(c, 0, 1); 1124 return 1; 1125 } else if(r == 0) { 1126 return 0; /* closed */ 1127 } else if(want == SSL_ERROR_SYSCALL) { 1128 /* SYSCALL and errno==0 means closed uncleanly */ 1129 #ifdef EPIPE 1130 if(errno == EPIPE && verbosity < 2) 1131 return 0; /* silence 'broken pipe' */ 1132 #endif 1133 #ifdef ECONNRESET 1134 if(errno == ECONNRESET && verbosity < 2) 1135 return 0; /* silence reset by peer */ 1136 #endif 1137 if(errno != 0) 1138 log_err("SSL_handshake syscall: %s", 1139 strerror(errno)); 1140 return 0; 1141 } else { 1142 unsigned long err = ERR_get_error(); 1143 if(!squelch_err_ssl_handshake(err)) { 1144 log_crypto_err_code("ssl handshake failed", err); 1145 log_addr(VERB_OPS, "ssl handshake failed", &c->repinfo.addr, 1146 c->repinfo.addrlen); 1147 } 1148 return 0; 1149 } 1150 } 1151 /* this is where peer verification could take place */ 1152 if((SSL_get_verify_mode(c->ssl)&SSL_VERIFY_PEER)) { 1153 /* verification */ 1154 if(SSL_get_verify_result(c->ssl) == X509_V_OK) { 1155 X509* x = SSL_get_peer_certificate(c->ssl); 1156 if(!x) { 1157 log_addr(VERB_ALGO, "SSL connection failed: " 1158 "no certificate", 1159 &c->repinfo.addr, c->repinfo.addrlen); 1160 return 0; 1161 } 1162 log_cert(VERB_ALGO, "peer certificate", x); 1163 #ifdef HAVE_SSL_GET0_PEERNAME 1164 if(SSL_get0_peername(c->ssl)) { 1165 char buf[255]; 1166 snprintf(buf, sizeof(buf), "SSL connection " 1167 "to %s authenticated", 1168 SSL_get0_peername(c->ssl)); 1169 log_addr(VERB_ALGO, buf, &c->repinfo.addr, 1170 c->repinfo.addrlen); 1171 } else { 1172 #endif 1173 log_addr(VERB_ALGO, "SSL connection " 1174 "authenticated", &c->repinfo.addr, 1175 c->repinfo.addrlen); 1176 #ifdef HAVE_SSL_GET0_PEERNAME 1177 } 1178 #endif 1179 X509_free(x); 1180 } else { 1181 X509* x = SSL_get_peer_certificate(c->ssl); 1182 if(x) { 1183 log_cert(VERB_ALGO, "peer certificate", x); 1184 X509_free(x); 1185 } 1186 log_addr(VERB_ALGO, "SSL connection failed: " 1187 "failed to authenticate", 1188 &c->repinfo.addr, c->repinfo.addrlen); 1189 return 0; 1190 } 1191 } else { 1192 /* unauthenticated, the verify peer flag was not set 1193 * in c->ssl when the ssl object was created from ssl_ctx */ 1194 log_addr(VERB_ALGO, "SSL connection", &c->repinfo.addr, 1195 c->repinfo.addrlen); 1196 } 1197 1198 /* setup listen rw correctly */ 1199 if(c->tcp_is_reading) { 1200 if(c->ssl_shake_state != comm_ssl_shake_read) 1201 comm_point_listen_for_rw(c, 1, 0); 1202 } else { 1203 comm_point_listen_for_rw(c, 1, 1); 1204 } 1205 c->ssl_shake_state = comm_ssl_shake_none; 1206 return 1; 1207 } 1208 #endif /* HAVE_SSL */ 1209 1210 /** ssl read callback on TCP */ 1211 static int 1212 ssl_handle_read(struct comm_point* c) 1213 { 1214 #ifdef HAVE_SSL 1215 int r; 1216 if(c->ssl_shake_state != comm_ssl_shake_none) { 1217 if(!ssl_handshake(c)) 1218 return 0; 1219 if(c->ssl_shake_state != comm_ssl_shake_none) 1220 return 1; 1221 } 1222 if(c->tcp_byte_count < sizeof(uint16_t)) { 1223 /* read length bytes */ 1224 ERR_clear_error(); 1225 if((r=SSL_read(c->ssl, (void*)sldns_buffer_at(c->buffer, 1226 c->tcp_byte_count), (int)(sizeof(uint16_t) - 1227 c->tcp_byte_count))) <= 0) { 1228 int want = SSL_get_error(c->ssl, r); 1229 if(want == SSL_ERROR_ZERO_RETURN) { 1230 if(c->tcp_req_info) 1231 return tcp_req_info_handle_read_close(c->tcp_req_info); 1232 return 0; /* shutdown, closed */ 1233 } else if(want == SSL_ERROR_WANT_READ) { 1234 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); 1235 return 1; /* read more later */ 1236 } else if(want == SSL_ERROR_WANT_WRITE) { 1237 c->ssl_shake_state = comm_ssl_shake_hs_write; 1238 comm_point_listen_for_rw(c, 0, 1); 1239 return 1; 1240 } else if(want == SSL_ERROR_SYSCALL) { 1241 #ifdef ECONNRESET 1242 if(errno == ECONNRESET && verbosity < 2) 1243 return 0; /* silence reset by peer */ 1244 #endif 1245 if(errno != 0) 1246 log_err("SSL_read syscall: %s", 1247 strerror(errno)); 1248 return 0; 1249 } 1250 log_crypto_err("could not SSL_read"); 1251 return 0; 1252 } 1253 c->tcp_byte_count += r; 1254 if(c->tcp_byte_count < sizeof(uint16_t)) 1255 return 1; 1256 if(sldns_buffer_read_u16_at(c->buffer, 0) > 1257 sldns_buffer_capacity(c->buffer)) { 1258 verbose(VERB_QUERY, "ssl: dropped larger than buffer"); 1259 return 0; 1260 } 1261 sldns_buffer_set_limit(c->buffer, 1262 sldns_buffer_read_u16_at(c->buffer, 0)); 1263 if(sldns_buffer_limit(c->buffer) < LDNS_HEADER_SIZE) { 1264 verbose(VERB_QUERY, "ssl: dropped bogus too short."); 1265 return 0; 1266 } 1267 sldns_buffer_skip(c->buffer, (ssize_t)(c->tcp_byte_count-sizeof(uint16_t))); 1268 verbose(VERB_ALGO, "Reading ssl tcp query of length %d", 1269 (int)sldns_buffer_limit(c->buffer)); 1270 } 1271 if(sldns_buffer_remaining(c->buffer) > 0) { 1272 ERR_clear_error(); 1273 r = SSL_read(c->ssl, (void*)sldns_buffer_current(c->buffer), 1274 (int)sldns_buffer_remaining(c->buffer)); 1275 if(r <= 0) { 1276 int want = SSL_get_error(c->ssl, r); 1277 if(want == SSL_ERROR_ZERO_RETURN) { 1278 if(c->tcp_req_info) 1279 return tcp_req_info_handle_read_close(c->tcp_req_info); 1280 return 0; /* shutdown, closed */ 1281 } else if(want == SSL_ERROR_WANT_READ) { 1282 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); 1283 return 1; /* read more later */ 1284 } else if(want == SSL_ERROR_WANT_WRITE) { 1285 c->ssl_shake_state = comm_ssl_shake_hs_write; 1286 comm_point_listen_for_rw(c, 0, 1); 1287 return 1; 1288 } else if(want == SSL_ERROR_SYSCALL) { 1289 #ifdef ECONNRESET 1290 if(errno == ECONNRESET && verbosity < 2) 1291 return 0; /* silence reset by peer */ 1292 #endif 1293 if(errno != 0) 1294 log_err("SSL_read syscall: %s", 1295 strerror(errno)); 1296 return 0; 1297 } 1298 log_crypto_err("could not SSL_read"); 1299 return 0; 1300 } 1301 sldns_buffer_skip(c->buffer, (ssize_t)r); 1302 } 1303 if(sldns_buffer_remaining(c->buffer) <= 0) { 1304 tcp_callback_reader(c); 1305 } 1306 return 1; 1307 #else 1308 (void)c; 1309 return 0; 1310 #endif /* HAVE_SSL */ 1311 } 1312 1313 /** ssl write callback on TCP */ 1314 static int 1315 ssl_handle_write(struct comm_point* c) 1316 { 1317 #ifdef HAVE_SSL 1318 int r; 1319 if(c->ssl_shake_state != comm_ssl_shake_none) { 1320 if(!ssl_handshake(c)) 1321 return 0; 1322 if(c->ssl_shake_state != comm_ssl_shake_none) 1323 return 1; 1324 } 1325 /* ignore return, if fails we may simply block */ 1326 (void)SSL_set_mode(c->ssl, (long)SSL_MODE_ENABLE_PARTIAL_WRITE); 1327 if(c->tcp_byte_count < sizeof(uint16_t)) { 1328 uint16_t len = htons(sldns_buffer_limit(c->buffer)); 1329 ERR_clear_error(); 1330 if(sizeof(uint16_t)+sldns_buffer_remaining(c->buffer) < 1331 LDNS_RR_BUF_SIZE) { 1332 /* combine the tcp length and the query for write, 1333 * this emulates writev */ 1334 uint8_t buf[LDNS_RR_BUF_SIZE]; 1335 memmove(buf, &len, sizeof(uint16_t)); 1336 memmove(buf+sizeof(uint16_t), 1337 sldns_buffer_current(c->buffer), 1338 sldns_buffer_remaining(c->buffer)); 1339 r = SSL_write(c->ssl, (void*)(buf+c->tcp_byte_count), 1340 (int)(sizeof(uint16_t)+ 1341 sldns_buffer_remaining(c->buffer) 1342 - c->tcp_byte_count)); 1343 } else { 1344 r = SSL_write(c->ssl, 1345 (void*)(((uint8_t*)&len)+c->tcp_byte_count), 1346 (int)(sizeof(uint16_t)-c->tcp_byte_count)); 1347 } 1348 if(r <= 0) { 1349 int want = SSL_get_error(c->ssl, r); 1350 if(want == SSL_ERROR_ZERO_RETURN) { 1351 return 0; /* closed */ 1352 } else if(want == SSL_ERROR_WANT_READ) { 1353 c->ssl_shake_state = comm_ssl_shake_hs_read; 1354 comm_point_listen_for_rw(c, 1, 0); 1355 return 1; /* wait for read condition */ 1356 } else if(want == SSL_ERROR_WANT_WRITE) { 1357 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); 1358 return 1; /* write more later */ 1359 } else if(want == SSL_ERROR_SYSCALL) { 1360 #ifdef EPIPE 1361 if(errno == EPIPE && verbosity < 2) 1362 return 0; /* silence 'broken pipe' */ 1363 #endif 1364 if(errno != 0) 1365 log_err("SSL_write syscall: %s", 1366 strerror(errno)); 1367 return 0; 1368 } 1369 log_crypto_err("could not SSL_write"); 1370 return 0; 1371 } 1372 c->tcp_byte_count += r; 1373 if(c->tcp_byte_count < sizeof(uint16_t)) 1374 return 1; 1375 sldns_buffer_set_position(c->buffer, c->tcp_byte_count - 1376 sizeof(uint16_t)); 1377 if(sldns_buffer_remaining(c->buffer) == 0) { 1378 tcp_callback_writer(c); 1379 return 1; 1380 } 1381 } 1382 log_assert(sldns_buffer_remaining(c->buffer) > 0); 1383 ERR_clear_error(); 1384 r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer), 1385 (int)sldns_buffer_remaining(c->buffer)); 1386 if(r <= 0) { 1387 int want = SSL_get_error(c->ssl, r); 1388 if(want == SSL_ERROR_ZERO_RETURN) { 1389 return 0; /* closed */ 1390 } else if(want == SSL_ERROR_WANT_READ) { 1391 c->ssl_shake_state = comm_ssl_shake_hs_read; 1392 comm_point_listen_for_rw(c, 1, 0); 1393 return 1; /* wait for read condition */ 1394 } else if(want == SSL_ERROR_WANT_WRITE) { 1395 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); 1396 return 1; /* write more later */ 1397 } else if(want == SSL_ERROR_SYSCALL) { 1398 #ifdef EPIPE 1399 if(errno == EPIPE && verbosity < 2) 1400 return 0; /* silence 'broken pipe' */ 1401 #endif 1402 if(errno != 0) 1403 log_err("SSL_write syscall: %s", 1404 strerror(errno)); 1405 return 0; 1406 } 1407 log_crypto_err("could not SSL_write"); 1408 return 0; 1409 } 1410 sldns_buffer_skip(c->buffer, (ssize_t)r); 1411 1412 if(sldns_buffer_remaining(c->buffer) == 0) { 1413 tcp_callback_writer(c); 1414 } 1415 return 1; 1416 #else 1417 (void)c; 1418 return 0; 1419 #endif /* HAVE_SSL */ 1420 } 1421 1422 /** handle ssl tcp connection with dns contents */ 1423 static int 1424 ssl_handle_it(struct comm_point* c) 1425 { 1426 if(c->tcp_is_reading) 1427 return ssl_handle_read(c); 1428 return ssl_handle_write(c); 1429 } 1430 1431 /** Handle tcp reading callback. 1432 * @param fd: file descriptor of socket. 1433 * @param c: comm point to read from into buffer. 1434 * @param short_ok: if true, very short packets are OK (for comm_local). 1435 * @return: 0 on error 1436 */ 1437 static int 1438 comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) 1439 { 1440 ssize_t r; 1441 log_assert(c->type == comm_tcp || c->type == comm_local); 1442 if(c->ssl) 1443 return ssl_handle_it(c); 1444 if(!c->tcp_is_reading) 1445 return 0; 1446 1447 log_assert(fd != -1); 1448 if(c->tcp_byte_count < sizeof(uint16_t)) { 1449 /* read length bytes */ 1450 r = recv(fd,(void*)sldns_buffer_at(c->buffer,c->tcp_byte_count), 1451 sizeof(uint16_t)-c->tcp_byte_count, 0); 1452 if(r == 0) { 1453 if(c->tcp_req_info) 1454 return tcp_req_info_handle_read_close(c->tcp_req_info); 1455 return 0; 1456 } else if(r == -1) { 1457 #ifndef USE_WINSOCK 1458 if(errno == EINTR || errno == EAGAIN) 1459 return 1; 1460 #ifdef ECONNRESET 1461 if(errno == ECONNRESET && verbosity < 2) 1462 return 0; /* silence reset by peer */ 1463 #endif 1464 log_err_addr("read (in tcp s)", strerror(errno), 1465 &c->repinfo.addr, c->repinfo.addrlen); 1466 #else /* USE_WINSOCK */ 1467 if(WSAGetLastError() == WSAECONNRESET) 1468 return 0; 1469 if(WSAGetLastError() == WSAEINPROGRESS) 1470 return 1; 1471 if(WSAGetLastError() == WSAEWOULDBLOCK) { 1472 ub_winsock_tcp_wouldblock(c->ev->ev, 1473 UB_EV_READ); 1474 return 1; 1475 } 1476 log_err_addr("read (in tcp s)", 1477 wsa_strerror(WSAGetLastError()), 1478 &c->repinfo.addr, c->repinfo.addrlen); 1479 #endif 1480 return 0; 1481 } 1482 c->tcp_byte_count += r; 1483 if(c->tcp_byte_count != sizeof(uint16_t)) 1484 return 1; 1485 if(sldns_buffer_read_u16_at(c->buffer, 0) > 1486 sldns_buffer_capacity(c->buffer)) { 1487 verbose(VERB_QUERY, "tcp: dropped larger than buffer"); 1488 return 0; 1489 } 1490 sldns_buffer_set_limit(c->buffer, 1491 sldns_buffer_read_u16_at(c->buffer, 0)); 1492 if(!short_ok && 1493 sldns_buffer_limit(c->buffer) < LDNS_HEADER_SIZE) { 1494 verbose(VERB_QUERY, "tcp: dropped bogus too short."); 1495 return 0; 1496 } 1497 verbose(VERB_ALGO, "Reading tcp query of length %d", 1498 (int)sldns_buffer_limit(c->buffer)); 1499 } 1500 1501 log_assert(sldns_buffer_remaining(c->buffer) > 0); 1502 r = recv(fd, (void*)sldns_buffer_current(c->buffer), 1503 sldns_buffer_remaining(c->buffer), 0); 1504 if(r == 0) { 1505 if(c->tcp_req_info) 1506 return tcp_req_info_handle_read_close(c->tcp_req_info); 1507 return 0; 1508 } else if(r == -1) { 1509 #ifndef USE_WINSOCK 1510 if(errno == EINTR || errno == EAGAIN) 1511 return 1; 1512 log_err_addr("read (in tcp r)", strerror(errno), 1513 &c->repinfo.addr, c->repinfo.addrlen); 1514 #else /* USE_WINSOCK */ 1515 if(WSAGetLastError() == WSAECONNRESET) 1516 return 0; 1517 if(WSAGetLastError() == WSAEINPROGRESS) 1518 return 1; 1519 if(WSAGetLastError() == WSAEWOULDBLOCK) { 1520 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); 1521 return 1; 1522 } 1523 log_err_addr("read (in tcp r)", 1524 wsa_strerror(WSAGetLastError()), 1525 &c->repinfo.addr, c->repinfo.addrlen); 1526 #endif 1527 return 0; 1528 } 1529 sldns_buffer_skip(c->buffer, r); 1530 if(sldns_buffer_remaining(c->buffer) <= 0) { 1531 tcp_callback_reader(c); 1532 } 1533 return 1; 1534 } 1535 1536 /** 1537 * Handle tcp writing callback. 1538 * @param fd: file descriptor of socket. 1539 * @param c: comm point to write buffer out of. 1540 * @return: 0 on error 1541 */ 1542 static int 1543 comm_point_tcp_handle_write(int fd, struct comm_point* c) 1544 { 1545 ssize_t r; 1546 struct sldns_buffer *buffer; 1547 log_assert(c->type == comm_tcp); 1548 #ifdef USE_DNSCRYPT 1549 buffer = c->dnscrypt_buffer; 1550 #else 1551 buffer = c->buffer; 1552 #endif 1553 if(c->tcp_is_reading && !c->ssl) 1554 return 0; 1555 log_assert(fd != -1); 1556 if(c->tcp_byte_count == 0 && c->tcp_check_nb_connect) { 1557 /* check for pending error from nonblocking connect */ 1558 /* from Stevens, unix network programming, vol1, 3rd ed, p450*/ 1559 int error = 0; 1560 socklen_t len = (socklen_t)sizeof(error); 1561 if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, 1562 &len) < 0){ 1563 #ifndef USE_WINSOCK 1564 error = errno; /* on solaris errno is error */ 1565 #else /* USE_WINSOCK */ 1566 error = WSAGetLastError(); 1567 #endif 1568 } 1569 #ifndef USE_WINSOCK 1570 #if defined(EINPROGRESS) && defined(EWOULDBLOCK) 1571 if(error == EINPROGRESS || error == EWOULDBLOCK) 1572 return 1; /* try again later */ 1573 else 1574 #endif 1575 if(error != 0 && verbosity < 2) 1576 return 0; /* silence lots of chatter in the logs */ 1577 else if(error != 0) { 1578 log_err_addr("tcp connect", strerror(error), 1579 &c->repinfo.addr, c->repinfo.addrlen); 1580 #else /* USE_WINSOCK */ 1581 /* examine error */ 1582 if(error == WSAEINPROGRESS) 1583 return 1; 1584 else if(error == WSAEWOULDBLOCK) { 1585 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); 1586 return 1; 1587 } else if(error != 0 && verbosity < 2) 1588 return 0; 1589 else if(error != 0) { 1590 log_err_addr("tcp connect", wsa_strerror(error), 1591 &c->repinfo.addr, c->repinfo.addrlen); 1592 #endif /* USE_WINSOCK */ 1593 return 0; 1594 } 1595 } 1596 if(c->ssl) 1597 return ssl_handle_it(c); 1598 1599 #ifdef USE_MSG_FASTOPEN 1600 /* Only try this on first use of a connection that uses tfo, 1601 otherwise fall through to normal write */ 1602 /* Also, TFO support on WINDOWS not implemented at the moment */ 1603 if(c->tcp_do_fastopen == 1) { 1604 /* this form of sendmsg() does both a connect() and send() so need to 1605 look for various flavours of error*/ 1606 uint16_t len = htons(sldns_buffer_limit(buffer)); 1607 struct msghdr msg; 1608 struct iovec iov[2]; 1609 c->tcp_do_fastopen = 0; 1610 memset(&msg, 0, sizeof(msg)); 1611 iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; 1612 iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; 1613 iov[1].iov_base = sldns_buffer_begin(buffer); 1614 iov[1].iov_len = sldns_buffer_limit(buffer); 1615 log_assert(iov[0].iov_len > 0); 1616 msg.msg_name = &c->repinfo.addr; 1617 msg.msg_namelen = c->repinfo.addrlen; 1618 msg.msg_iov = iov; 1619 msg.msg_iovlen = 2; 1620 r = sendmsg(fd, &msg, MSG_FASTOPEN); 1621 if (r == -1) { 1622 #if defined(EINPROGRESS) && defined(EWOULDBLOCK) 1623 /* Handshake is underway, maybe because no TFO cookie available. 1624 Come back to write the message*/ 1625 if(errno == EINPROGRESS || errno == EWOULDBLOCK) 1626 return 1; 1627 #endif 1628 if(errno == EINTR || errno == EAGAIN) 1629 return 1; 1630 /* Not handling EISCONN here as shouldn't ever hit that case.*/ 1631 if(errno != EPIPE && errno != 0 && verbosity < 2) 1632 return 0; /* silence lots of chatter in the logs */ 1633 if(errno != EPIPE && errno != 0) { 1634 log_err_addr("tcp sendmsg", strerror(errno), 1635 &c->repinfo.addr, c->repinfo.addrlen); 1636 return 0; 1637 } 1638 /* fallthrough to nonFASTOPEN 1639 * (MSG_FASTOPEN on Linux 3 produces EPIPE) 1640 * we need to perform connect() */ 1641 if(connect(fd, (struct sockaddr *)&c->repinfo.addr, c->repinfo.addrlen) == -1) { 1642 #ifdef EINPROGRESS 1643 if(errno == EINPROGRESS) 1644 return 1; /* wait until connect done*/ 1645 #endif 1646 #ifdef USE_WINSOCK 1647 if(WSAGetLastError() == WSAEINPROGRESS || 1648 WSAGetLastError() == WSAEWOULDBLOCK) 1649 return 1; /* wait until connect done*/ 1650 #endif 1651 if(tcp_connect_errno_needs_log( 1652 (struct sockaddr *)&c->repinfo.addr, c->repinfo.addrlen)) { 1653 log_err_addr("outgoing tcp: connect after EPIPE for fastopen", 1654 strerror(errno), &c->repinfo.addr, c->repinfo.addrlen); 1655 } 1656 return 0; 1657 } 1658 1659 } else { 1660 c->tcp_byte_count += r; 1661 if(c->tcp_byte_count < sizeof(uint16_t)) 1662 return 1; 1663 sldns_buffer_set_position(buffer, c->tcp_byte_count - 1664 sizeof(uint16_t)); 1665 if(sldns_buffer_remaining(buffer) == 0) { 1666 tcp_callback_writer(c); 1667 return 1; 1668 } 1669 } 1670 } 1671 #endif /* USE_MSG_FASTOPEN */ 1672 1673 if(c->tcp_byte_count < sizeof(uint16_t)) { 1674 uint16_t len = htons(sldns_buffer_limit(buffer)); 1675 #ifdef HAVE_WRITEV 1676 struct iovec iov[2]; 1677 iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; 1678 iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; 1679 iov[1].iov_base = sldns_buffer_begin(buffer); 1680 iov[1].iov_len = sldns_buffer_limit(buffer); 1681 log_assert(iov[0].iov_len > 0); 1682 r = writev(fd, iov, 2); 1683 #else /* HAVE_WRITEV */ 1684 r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_byte_count), 1685 sizeof(uint16_t)-c->tcp_byte_count, 0); 1686 #endif /* HAVE_WRITEV */ 1687 if(r == -1) { 1688 #ifndef USE_WINSOCK 1689 # ifdef EPIPE 1690 if(errno == EPIPE && verbosity < 2) 1691 return 0; /* silence 'broken pipe' */ 1692 #endif 1693 if(errno == EINTR || errno == EAGAIN) 1694 return 1; 1695 #ifdef ECONNRESET 1696 if(errno == ECONNRESET && verbosity < 2) 1697 return 0; /* silence reset by peer */ 1698 #endif 1699 # ifdef HAVE_WRITEV 1700 log_err_addr("tcp writev", strerror(errno), 1701 &c->repinfo.addr, c->repinfo.addrlen); 1702 # else /* HAVE_WRITEV */ 1703 log_err_addr("tcp send s", strerror(errno), 1704 &c->repinfo.addr, c->repinfo.addrlen); 1705 # endif /* HAVE_WRITEV */ 1706 #else 1707 if(WSAGetLastError() == WSAENOTCONN) 1708 return 1; 1709 if(WSAGetLastError() == WSAEINPROGRESS) 1710 return 1; 1711 if(WSAGetLastError() == WSAEWOULDBLOCK) { 1712 ub_winsock_tcp_wouldblock(c->ev->ev, 1713 UB_EV_WRITE); 1714 return 1; 1715 } 1716 if(WSAGetLastError() == WSAECONNRESET && verbosity < 2) 1717 return 0; /* silence reset by peer */ 1718 log_err_addr("tcp send s", 1719 wsa_strerror(WSAGetLastError()), 1720 &c->repinfo.addr, c->repinfo.addrlen); 1721 #endif 1722 return 0; 1723 } 1724 c->tcp_byte_count += r; 1725 if(c->tcp_byte_count < sizeof(uint16_t)) 1726 return 1; 1727 sldns_buffer_set_position(buffer, c->tcp_byte_count - 1728 sizeof(uint16_t)); 1729 if(sldns_buffer_remaining(buffer) == 0) { 1730 tcp_callback_writer(c); 1731 return 1; 1732 } 1733 } 1734 log_assert(sldns_buffer_remaining(buffer) > 0); 1735 r = send(fd, (void*)sldns_buffer_current(buffer), 1736 sldns_buffer_remaining(buffer), 0); 1737 if(r == -1) { 1738 #ifndef USE_WINSOCK 1739 if(errno == EINTR || errno == EAGAIN) 1740 return 1; 1741 #ifdef ECONNRESET 1742 if(errno == ECONNRESET && verbosity < 2) 1743 return 0; /* silence reset by peer */ 1744 #endif 1745 log_err_addr("tcp send r", strerror(errno), 1746 &c->repinfo.addr, c->repinfo.addrlen); 1747 #else 1748 if(WSAGetLastError() == WSAEINPROGRESS) 1749 return 1; 1750 if(WSAGetLastError() == WSAEWOULDBLOCK) { 1751 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); 1752 return 1; 1753 } 1754 if(WSAGetLastError() == WSAECONNRESET && verbosity < 2) 1755 return 0; /* silence reset by peer */ 1756 log_err_addr("tcp send r", wsa_strerror(WSAGetLastError()), 1757 &c->repinfo.addr, c->repinfo.addrlen); 1758 #endif 1759 return 0; 1760 } 1761 sldns_buffer_skip(buffer, r); 1762 1763 if(sldns_buffer_remaining(buffer) == 0) { 1764 tcp_callback_writer(c); 1765 } 1766 1767 return 1; 1768 } 1769 1770 /** read again to drain buffers when there could be more to read */ 1771 static void 1772 tcp_req_info_read_again(int fd, struct comm_point* c) 1773 { 1774 while(c->tcp_req_info->read_again) { 1775 int r; 1776 c->tcp_req_info->read_again = 0; 1777 if(c->tcp_is_reading) 1778 r = comm_point_tcp_handle_read(fd, c, 0); 1779 else r = comm_point_tcp_handle_write(fd, c); 1780 if(!r) { 1781 reclaim_tcp_handler(c); 1782 if(!c->tcp_do_close) { 1783 fptr_ok(fptr_whitelist_comm_point( 1784 c->callback)); 1785 (void)(*c->callback)(c, c->cb_arg, 1786 NETEVENT_CLOSED, NULL); 1787 } 1788 return; 1789 } 1790 } 1791 } 1792 1793 void 1794 comm_point_tcp_handle_callback(int fd, short event, void* arg) 1795 { 1796 struct comm_point* c = (struct comm_point*)arg; 1797 log_assert(c->type == comm_tcp); 1798 ub_comm_base_now(c->ev->base); 1799 1800 #ifdef USE_DNSCRYPT 1801 /* Initialize if this is a dnscrypt socket */ 1802 if(c->tcp_parent) { 1803 c->dnscrypt = c->tcp_parent->dnscrypt; 1804 } 1805 if(c->dnscrypt && c->dnscrypt_buffer == c->buffer) { 1806 c->dnscrypt_buffer = sldns_buffer_new(sldns_buffer_capacity(c->buffer)); 1807 if(!c->dnscrypt_buffer) { 1808 log_err("Could not allocate dnscrypt buffer"); 1809 reclaim_tcp_handler(c); 1810 if(!c->tcp_do_close) { 1811 fptr_ok(fptr_whitelist_comm_point( 1812 c->callback)); 1813 (void)(*c->callback)(c, c->cb_arg, 1814 NETEVENT_CLOSED, NULL); 1815 } 1816 return; 1817 } 1818 } 1819 #endif 1820 1821 if(event&UB_EV_TIMEOUT) { 1822 verbose(VERB_QUERY, "tcp took too long, dropped"); 1823 reclaim_tcp_handler(c); 1824 if(!c->tcp_do_close) { 1825 fptr_ok(fptr_whitelist_comm_point(c->callback)); 1826 (void)(*c->callback)(c, c->cb_arg, 1827 NETEVENT_TIMEOUT, NULL); 1828 } 1829 return; 1830 } 1831 if(event&UB_EV_READ) { 1832 int has_tcpq = (c->tcp_req_info != NULL); 1833 if(!comm_point_tcp_handle_read(fd, c, 0)) { 1834 reclaim_tcp_handler(c); 1835 if(!c->tcp_do_close) { 1836 fptr_ok(fptr_whitelist_comm_point( 1837 c->callback)); 1838 (void)(*c->callback)(c, c->cb_arg, 1839 NETEVENT_CLOSED, NULL); 1840 } 1841 } 1842 if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) 1843 tcp_req_info_read_again(fd, c); 1844 return; 1845 } 1846 if(event&UB_EV_WRITE) { 1847 int has_tcpq = (c->tcp_req_info != NULL); 1848 if(!comm_point_tcp_handle_write(fd, c)) { 1849 reclaim_tcp_handler(c); 1850 if(!c->tcp_do_close) { 1851 fptr_ok(fptr_whitelist_comm_point( 1852 c->callback)); 1853 (void)(*c->callback)(c, c->cb_arg, 1854 NETEVENT_CLOSED, NULL); 1855 } 1856 } 1857 if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) 1858 tcp_req_info_read_again(fd, c); 1859 return; 1860 } 1861 log_err("Ignored event %d for tcphdl.", event); 1862 } 1863 1864 /** Make http handler free for next assignment */ 1865 static void 1866 reclaim_http_handler(struct comm_point* c) 1867 { 1868 log_assert(c->type == comm_http); 1869 if(c->ssl) { 1870 #ifdef HAVE_SSL 1871 SSL_shutdown(c->ssl); 1872 SSL_free(c->ssl); 1873 c->ssl = NULL; 1874 #endif 1875 } 1876 comm_point_close(c); 1877 if(c->tcp_parent) { 1878 c->tcp_parent->cur_tcp_count--; 1879 c->tcp_free = c->tcp_parent->tcp_free; 1880 c->tcp_parent->tcp_free = c; 1881 if(!c->tcp_free) { 1882 /* re-enable listening on accept socket */ 1883 comm_point_start_listening(c->tcp_parent, -1, -1); 1884 } 1885 } 1886 } 1887 1888 /** read more data for http (with ssl) */ 1889 static int 1890 ssl_http_read_more(struct comm_point* c) 1891 { 1892 #ifdef HAVE_SSL 1893 int r; 1894 log_assert(sldns_buffer_remaining(c->buffer) > 0); 1895 ERR_clear_error(); 1896 r = SSL_read(c->ssl, (void*)sldns_buffer_current(c->buffer), 1897 (int)sldns_buffer_remaining(c->buffer)); 1898 if(r <= 0) { 1899 int want = SSL_get_error(c->ssl, r); 1900 if(want == SSL_ERROR_ZERO_RETURN) { 1901 return 0; /* shutdown, closed */ 1902 } else if(want == SSL_ERROR_WANT_READ) { 1903 return 1; /* read more later */ 1904 } else if(want == SSL_ERROR_WANT_WRITE) { 1905 c->ssl_shake_state = comm_ssl_shake_hs_write; 1906 comm_point_listen_for_rw(c, 0, 1); 1907 return 1; 1908 } else if(want == SSL_ERROR_SYSCALL) { 1909 #ifdef ECONNRESET 1910 if(errno == ECONNRESET && verbosity < 2) 1911 return 0; /* silence reset by peer */ 1912 #endif 1913 if(errno != 0) 1914 log_err("SSL_read syscall: %s", 1915 strerror(errno)); 1916 return 0; 1917 } 1918 log_crypto_err("could not SSL_read"); 1919 return 0; 1920 } 1921 sldns_buffer_skip(c->buffer, (ssize_t)r); 1922 return 1; 1923 #else 1924 (void)c; 1925 return 0; 1926 #endif /* HAVE_SSL */ 1927 } 1928 1929 /** read more data for http */ 1930 static int 1931 http_read_more(int fd, struct comm_point* c) 1932 { 1933 ssize_t r; 1934 log_assert(sldns_buffer_remaining(c->buffer) > 0); 1935 r = recv(fd, (void*)sldns_buffer_current(c->buffer), 1936 sldns_buffer_remaining(c->buffer), 0); 1937 if(r == 0) { 1938 return 0; 1939 } else if(r == -1) { 1940 #ifndef USE_WINSOCK 1941 if(errno == EINTR || errno == EAGAIN) 1942 return 1; 1943 log_err_addr("read (in http r)", strerror(errno), 1944 &c->repinfo.addr, c->repinfo.addrlen); 1945 #else /* USE_WINSOCK */ 1946 if(WSAGetLastError() == WSAECONNRESET) 1947 return 0; 1948 if(WSAGetLastError() == WSAEINPROGRESS) 1949 return 1; 1950 if(WSAGetLastError() == WSAEWOULDBLOCK) { 1951 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); 1952 return 1; 1953 } 1954 log_err_addr("read (in http r)", 1955 wsa_strerror(WSAGetLastError()), 1956 &c->repinfo.addr, c->repinfo.addrlen); 1957 #endif 1958 return 0; 1959 } 1960 sldns_buffer_skip(c->buffer, r); 1961 return 1; 1962 } 1963 1964 /** return true if http header has been read (one line complete) */ 1965 static int 1966 http_header_done(sldns_buffer* buf) 1967 { 1968 size_t i; 1969 for(i=sldns_buffer_position(buf); i<sldns_buffer_limit(buf); i++) { 1970 /* there was a \r before the \n, but we ignore that */ 1971 if((char)sldns_buffer_read_u8_at(buf, i) == '\n') 1972 return 1; 1973 } 1974 return 0; 1975 } 1976 1977 /** return character string into buffer for header line, moves buffer 1978 * past that line and puts zero terminator into linefeed-newline */ 1979 static char* 1980 http_header_line(sldns_buffer* buf) 1981 { 1982 char* result = (char*)sldns_buffer_current(buf); 1983 size_t i; 1984 for(i=sldns_buffer_position(buf); i<sldns_buffer_limit(buf); i++) { 1985 /* terminate the string on the \r */ 1986 if((char)sldns_buffer_read_u8_at(buf, i) == '\r') 1987 sldns_buffer_write_u8_at(buf, i, 0); 1988 /* terminate on the \n and skip past the it and done */ 1989 if((char)sldns_buffer_read_u8_at(buf, i) == '\n') { 1990 sldns_buffer_write_u8_at(buf, i, 0); 1991 sldns_buffer_set_position(buf, i+1); 1992 return result; 1993 } 1994 } 1995 return NULL; 1996 } 1997 1998 /** move unread buffer to start and clear rest for putting the rest into it */ 1999 static void 2000 http_moveover_buffer(sldns_buffer* buf) 2001 { 2002 size_t pos = sldns_buffer_position(buf); 2003 size_t len = sldns_buffer_remaining(buf); 2004 sldns_buffer_clear(buf); 2005 memmove(sldns_buffer_begin(buf), sldns_buffer_at(buf, pos), len); 2006 sldns_buffer_set_position(buf, len); 2007 } 2008 2009 /** a http header is complete, process it */ 2010 static int 2011 http_process_initial_header(struct comm_point* c) 2012 { 2013 char* line = http_header_line(c->buffer); 2014 if(!line) return 1; 2015 verbose(VERB_ALGO, "http header: %s", line); 2016 if(strncasecmp(line, "HTTP/1.1 ", 9) == 0) { 2017 /* check returncode */ 2018 if(line[9] != '2') { 2019 verbose(VERB_ALGO, "http bad status %s", line+9); 2020 return 0; 2021 } 2022 } else if(strncasecmp(line, "Content-Length: ", 16) == 0) { 2023 if(!c->http_is_chunked) 2024 c->tcp_byte_count = (size_t)atoi(line+16); 2025 } else if(strncasecmp(line, "Transfer-Encoding: chunked", 19+7) == 0) { 2026 c->tcp_byte_count = 0; 2027 c->http_is_chunked = 1; 2028 } else if(line[0] == 0) { 2029 /* end of initial headers */ 2030 c->http_in_headers = 0; 2031 if(c->http_is_chunked) 2032 c->http_in_chunk_headers = 1; 2033 /* remove header text from front of buffer 2034 * the buffer is going to be used to return the data segment 2035 * itself and we don't want the header to get returned 2036 * prepended with it */ 2037 http_moveover_buffer(c->buffer); 2038 sldns_buffer_flip(c->buffer); 2039 return 1; 2040 } 2041 /* ignore other headers */ 2042 return 1; 2043 } 2044 2045 /** a chunk header is complete, process it, return 0=fail, 1=continue next 2046 * header line, 2=done with chunked transfer*/ 2047 static int 2048 http_process_chunk_header(struct comm_point* c) 2049 { 2050 char* line = http_header_line(c->buffer); 2051 if(!line) return 1; 2052 if(c->http_in_chunk_headers == 3) { 2053 verbose(VERB_ALGO, "http chunk trailer: %s", line); 2054 /* are we done ? */ 2055 if(line[0] == 0 && c->tcp_byte_count == 0) { 2056 /* callback of http reader when NETEVENT_DONE, 2057 * end of data, with no data in buffer */ 2058 sldns_buffer_set_position(c->buffer, 0); 2059 sldns_buffer_set_limit(c->buffer, 0); 2060 fptr_ok(fptr_whitelist_comm_point(c->callback)); 2061 (void)(*c->callback)(c, c->cb_arg, NETEVENT_DONE, NULL); 2062 /* return that we are done */ 2063 return 2; 2064 } 2065 if(line[0] == 0) { 2066 /* continue with header of the next chunk */ 2067 c->http_in_chunk_headers = 1; 2068 /* remove header text from front of buffer */ 2069 http_moveover_buffer(c->buffer); 2070 sldns_buffer_flip(c->buffer); 2071 return 1; 2072 } 2073 /* ignore further trail headers */ 2074 return 1; 2075 } 2076 verbose(VERB_ALGO, "http chunk header: %s", line); 2077 if(c->http_in_chunk_headers == 1) { 2078 /* read chunked start line */ 2079 char* end = NULL; 2080 c->tcp_byte_count = (size_t)strtol(line, &end, 16); 2081 if(end == line) 2082 return 0; 2083 c->http_in_chunk_headers = 0; 2084 /* remove header text from front of buffer */ 2085 http_moveover_buffer(c->buffer); 2086 sldns_buffer_flip(c->buffer); 2087 if(c->tcp_byte_count == 0) { 2088 /* done with chunks, process chunk_trailer lines */ 2089 c->http_in_chunk_headers = 3; 2090 } 2091 return 1; 2092 } 2093 /* ignore other headers */ 2094 return 1; 2095 } 2096 2097 /** handle nonchunked data segment */ 2098 static int 2099 http_nonchunk_segment(struct comm_point* c) 2100 { 2101 /* c->buffer at position..limit has new data we read in. 2102 * the buffer itself is full of nonchunked data. 2103 * we are looking to read tcp_byte_count more data 2104 * and then the transfer is done. */ 2105 size_t remainbufferlen; 2106 size_t got_now = sldns_buffer_limit(c->buffer) - c->http_stored; 2107 if(c->tcp_byte_count <= got_now) { 2108 /* done, this is the last data fragment */ 2109 c->http_stored = 0; 2110 sldns_buffer_set_position(c->buffer, 0); 2111 fptr_ok(fptr_whitelist_comm_point(c->callback)); 2112 (void)(*c->callback)(c, c->cb_arg, NETEVENT_DONE, NULL); 2113 return 1; 2114 } 2115 c->tcp_byte_count -= got_now; 2116 /* if we have the buffer space, 2117 * read more data collected into the buffer */ 2118 remainbufferlen = sldns_buffer_capacity(c->buffer) - 2119 sldns_buffer_limit(c->buffer); 2120 if(remainbufferlen >= c->tcp_byte_count || 2121 remainbufferlen >= 2048) { 2122 size_t total = sldns_buffer_limit(c->buffer); 2123 sldns_buffer_clear(c->buffer); 2124 sldns_buffer_set_position(c->buffer, total); 2125 c->http_stored = total; 2126 /* return and wait to read more */ 2127 return 1; 2128 } 2129 /* call callback with this data amount, then 2130 * wait for more */ 2131 c->http_stored = 0; 2132 sldns_buffer_set_position(c->buffer, 0); 2133 fptr_ok(fptr_whitelist_comm_point(c->callback)); 2134 (void)(*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, NULL); 2135 /* c->callback has to buffer_clear(c->buffer). */ 2136 /* return and wait to read more */ 2137 return 1; 2138 } 2139 2140 /** handle nonchunked data segment, return 0=fail, 1=wait, 2=process more */ 2141 static int 2142 http_chunked_segment(struct comm_point* c) 2143 { 2144 /* the c->buffer has from position..limit new data we read. */ 2145 /* the current chunk has length tcp_byte_count. 2146 * once we read that read more chunk headers. 2147 */ 2148 size_t remainbufferlen; 2149 size_t got_now = sldns_buffer_limit(c->buffer) - c->http_stored; 2150 if(c->tcp_byte_count <= got_now) { 2151 /* the chunk has completed (with perhaps some extra data 2152 * from next chunk header and next chunk) */ 2153 /* save too much info into temp buffer */ 2154 size_t fraglen; 2155 struct comm_reply repinfo; 2156 c->http_stored = 0; 2157 sldns_buffer_skip(c->buffer, (ssize_t)c->tcp_byte_count); 2158 sldns_buffer_clear(c->http_temp); 2159 sldns_buffer_write(c->http_temp, 2160 sldns_buffer_current(c->buffer), 2161 sldns_buffer_remaining(c->buffer)); 2162 sldns_buffer_flip(c->http_temp); 2163 2164 /* callback with this fragment */ 2165 fraglen = sldns_buffer_position(c->buffer); 2166 sldns_buffer_set_position(c->buffer, 0); 2167 sldns_buffer_set_limit(c->buffer, fraglen); 2168 repinfo = c->repinfo; 2169 fptr_ok(fptr_whitelist_comm_point(c->callback)); 2170 (void)(*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &repinfo); 2171 /* c->callback has to buffer_clear(). */ 2172 2173 /* is commpoint deleted? */ 2174 if(!repinfo.c) { 2175 return 1; 2176 } 2177 /* copy waiting info */ 2178 sldns_buffer_clear(c->buffer); 2179 sldns_buffer_write(c->buffer, 2180 sldns_buffer_begin(c->http_temp), 2181 sldns_buffer_remaining(c->http_temp)); 2182 sldns_buffer_flip(c->buffer); 2183 /* process end of chunk trailer header lines, until 2184 * an empty line */ 2185 c->http_in_chunk_headers = 3; 2186 /* process more data in buffer (if any) */ 2187 return 2; 2188 } 2189 c->tcp_byte_count -= got_now; 2190 2191 /* if we have the buffer space, 2192 * read more data collected into the buffer */ 2193 remainbufferlen = sldns_buffer_capacity(c->buffer) - 2194 sldns_buffer_limit(c->buffer); 2195 if(remainbufferlen >= c->tcp_byte_count || 2196 remainbufferlen >= 2048) { 2197 size_t total = sldns_buffer_limit(c->buffer); 2198 sldns_buffer_clear(c->buffer); 2199 sldns_buffer_set_position(c->buffer, total); 2200 c->http_stored = total; 2201 /* return and wait to read more */ 2202 return 1; 2203 } 2204 2205 /* callback of http reader for a new part of the data */ 2206 c->http_stored = 0; 2207 sldns_buffer_set_position(c->buffer, 0); 2208 fptr_ok(fptr_whitelist_comm_point(c->callback)); 2209 (void)(*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, NULL); 2210 /* c->callback has to buffer_clear(c->buffer). */ 2211 /* return and wait to read more */ 2212 return 1; 2213 } 2214 2215 /** 2216 * Handle http reading callback. 2217 * @param fd: file descriptor of socket. 2218 * @param c: comm point to read from into buffer. 2219 * @return: 0 on error 2220 */ 2221 static int 2222 comm_point_http_handle_read(int fd, struct comm_point* c) 2223 { 2224 log_assert(c->type == comm_http); 2225 log_assert(fd != -1); 2226 2227 /* if we are in ssl handshake, handle SSL handshake */ 2228 #ifdef HAVE_SSL 2229 if(c->ssl && c->ssl_shake_state != comm_ssl_shake_none) { 2230 if(!ssl_handshake(c)) 2231 return 0; 2232 if(c->ssl_shake_state != comm_ssl_shake_none) 2233 return 1; 2234 } 2235 #endif /* HAVE_SSL */ 2236 2237 if(!c->tcp_is_reading) 2238 return 1; 2239 /* read more data */ 2240 if(c->ssl) { 2241 if(!ssl_http_read_more(c)) 2242 return 0; 2243 } else { 2244 if(!http_read_more(fd, c)) 2245 return 0; 2246 } 2247 2248 sldns_buffer_flip(c->buffer); 2249 while(sldns_buffer_remaining(c->buffer) > 0) { 2250 /* if we are reading headers, read more headers */ 2251 if(c->http_in_headers || c->http_in_chunk_headers) { 2252 /* if header is done, process the header */ 2253 if(!http_header_done(c->buffer)) { 2254 /* copy remaining data to front of buffer 2255 * and set rest for writing into it */ 2256 http_moveover_buffer(c->buffer); 2257 /* return and wait to read more */ 2258 return 1; 2259 } 2260 if(!c->http_in_chunk_headers) { 2261 /* process initial headers */ 2262 if(!http_process_initial_header(c)) 2263 return 0; 2264 } else { 2265 /* process chunk headers */ 2266 int r = http_process_chunk_header(c); 2267 if(r == 0) return 0; 2268 if(r == 2) return 1; /* done */ 2269 /* r == 1, continue */ 2270 } 2271 /* see if we have more to process */ 2272 continue; 2273 } 2274 2275 if(!c->http_is_chunked) { 2276 /* if we are reading nonchunks, process that*/ 2277 return http_nonchunk_segment(c); 2278 } else { 2279 /* if we are reading chunks, read the chunk */ 2280 int r = http_chunked_segment(c); 2281 if(r == 0) return 0; 2282 if(r == 1) return 1; 2283 continue; 2284 } 2285 } 2286 /* broke out of the loop; could not process header instead need 2287 * to read more */ 2288 /* moveover any remaining data and read more data */ 2289 http_moveover_buffer(c->buffer); 2290 /* return and wait to read more */ 2291 return 1; 2292 } 2293 2294 /** check pending connect for http */ 2295 static int 2296 http_check_connect(int fd, struct comm_point* c) 2297 { 2298 /* check for pending error from nonblocking connect */ 2299 /* from Stevens, unix network programming, vol1, 3rd ed, p450*/ 2300 int error = 0; 2301 socklen_t len = (socklen_t)sizeof(error); 2302 if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, 2303 &len) < 0){ 2304 #ifndef USE_WINSOCK 2305 error = errno; /* on solaris errno is error */ 2306 #else /* USE_WINSOCK */ 2307 error = WSAGetLastError(); 2308 #endif 2309 } 2310 #ifndef USE_WINSOCK 2311 #if defined(EINPROGRESS) && defined(EWOULDBLOCK) 2312 if(error == EINPROGRESS || error == EWOULDBLOCK) 2313 return 1; /* try again later */ 2314 else 2315 #endif 2316 if(error != 0 && verbosity < 2) 2317 return 0; /* silence lots of chatter in the logs */ 2318 else if(error != 0) { 2319 log_err_addr("http connect", strerror(error), 2320 &c->repinfo.addr, c->repinfo.addrlen); 2321 #else /* USE_WINSOCK */ 2322 /* examine error */ 2323 if(error == WSAEINPROGRESS) 2324 return 1; 2325 else if(error == WSAEWOULDBLOCK) { 2326 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); 2327 return 1; 2328 } else if(error != 0 && verbosity < 2) 2329 return 0; 2330 else if(error != 0) { 2331 log_err_addr("http connect", wsa_strerror(error), 2332 &c->repinfo.addr, c->repinfo.addrlen); 2333 #endif /* USE_WINSOCK */ 2334 return 0; 2335 } 2336 /* keep on processing this socket */ 2337 return 2; 2338 } 2339 2340 /** write more data for http (with ssl) */ 2341 static int 2342 ssl_http_write_more(struct comm_point* c) 2343 { 2344 #ifdef HAVE_SSL 2345 int r; 2346 log_assert(sldns_buffer_remaining(c->buffer) > 0); 2347 ERR_clear_error(); 2348 r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer), 2349 (int)sldns_buffer_remaining(c->buffer)); 2350 if(r <= 0) { 2351 int want = SSL_get_error(c->ssl, r); 2352 if(want == SSL_ERROR_ZERO_RETURN) { 2353 return 0; /* closed */ 2354 } else if(want == SSL_ERROR_WANT_READ) { 2355 c->ssl_shake_state = comm_ssl_shake_hs_read; 2356 comm_point_listen_for_rw(c, 1, 0); 2357 return 1; /* wait for read condition */ 2358 } else if(want == SSL_ERROR_WANT_WRITE) { 2359 return 1; /* write more later */ 2360 } else if(want == SSL_ERROR_SYSCALL) { 2361 #ifdef EPIPE 2362 if(errno == EPIPE && verbosity < 2) 2363 return 0; /* silence 'broken pipe' */ 2364 #endif 2365 if(errno != 0) 2366 log_err("SSL_write syscall: %s", 2367 strerror(errno)); 2368 return 0; 2369 } 2370 log_crypto_err("could not SSL_write"); 2371 return 0; 2372 } 2373 sldns_buffer_skip(c->buffer, (ssize_t)r); 2374 return 1; 2375 #else 2376 (void)c; 2377 return 0; 2378 #endif /* HAVE_SSL */ 2379 } 2380 2381 /** write more data for http */ 2382 static int 2383 http_write_more(int fd, struct comm_point* c) 2384 { 2385 ssize_t r; 2386 log_assert(sldns_buffer_remaining(c->buffer) > 0); 2387 r = send(fd, (void*)sldns_buffer_current(c->buffer), 2388 sldns_buffer_remaining(c->buffer), 0); 2389 if(r == -1) { 2390 #ifndef USE_WINSOCK 2391 if(errno == EINTR || errno == EAGAIN) 2392 return 1; 2393 log_err_addr("http send r", strerror(errno), 2394 &c->repinfo.addr, c->repinfo.addrlen); 2395 #else 2396 if(WSAGetLastError() == WSAEINPROGRESS) 2397 return 1; 2398 if(WSAGetLastError() == WSAEWOULDBLOCK) { 2399 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); 2400 return 1; 2401 } 2402 log_err_addr("http send r", wsa_strerror(WSAGetLastError()), 2403 &c->repinfo.addr, c->repinfo.addrlen); 2404 #endif 2405 return 0; 2406 } 2407 sldns_buffer_skip(c->buffer, r); 2408 return 1; 2409 } 2410 2411 /** 2412 * Handle http writing callback. 2413 * @param fd: file descriptor of socket. 2414 * @param c: comm point to write buffer out of. 2415 * @return: 0 on error 2416 */ 2417 static int 2418 comm_point_http_handle_write(int fd, struct comm_point* c) 2419 { 2420 log_assert(c->type == comm_http); 2421 log_assert(fd != -1); 2422 2423 /* check pending connect errors, if that fails, we wait for more, 2424 * or we can continue to write contents */ 2425 if(c->tcp_check_nb_connect) { 2426 int r = http_check_connect(fd, c); 2427 if(r == 0) return 0; 2428 if(r == 1) return 1; 2429 c->tcp_check_nb_connect = 0; 2430 } 2431 /* if we are in ssl handshake, handle SSL handshake */ 2432 #ifdef HAVE_SSL 2433 if(c->ssl && c->ssl_shake_state != comm_ssl_shake_none) { 2434 if(!ssl_handshake(c)) 2435 return 0; 2436 if(c->ssl_shake_state != comm_ssl_shake_none) 2437 return 1; 2438 } 2439 #endif /* HAVE_SSL */ 2440 if(c->tcp_is_reading) 2441 return 1; 2442 /* if we are writing, write more */ 2443 if(c->ssl) { 2444 if(!ssl_http_write_more(c)) 2445 return 0; 2446 } else { 2447 if(!http_write_more(fd, c)) 2448 return 0; 2449 } 2450 2451 /* we write a single buffer contents, that can contain 2452 * the http request, and then flip to read the results */ 2453 /* see if write is done */ 2454 if(sldns_buffer_remaining(c->buffer) == 0) { 2455 sldns_buffer_clear(c->buffer); 2456 if(c->tcp_do_toggle_rw) 2457 c->tcp_is_reading = 1; 2458 c->tcp_byte_count = 0; 2459 /* switch from listening(write) to listening(read) */ 2460 comm_point_stop_listening(c); 2461 comm_point_start_listening(c, -1, -1); 2462 } 2463 return 1; 2464 } 2465 2466 void 2467 comm_point_http_handle_callback(int fd, short event, void* arg) 2468 { 2469 struct comm_point* c = (struct comm_point*)arg; 2470 log_assert(c->type == comm_http); 2471 ub_comm_base_now(c->ev->base); 2472 2473 if(event&UB_EV_TIMEOUT) { 2474 verbose(VERB_QUERY, "http took too long, dropped"); 2475 reclaim_http_handler(c); 2476 if(!c->tcp_do_close) { 2477 fptr_ok(fptr_whitelist_comm_point(c->callback)); 2478 (void)(*c->callback)(c, c->cb_arg, 2479 NETEVENT_TIMEOUT, NULL); 2480 } 2481 return; 2482 } 2483 if(event&UB_EV_READ) { 2484 if(!comm_point_http_handle_read(fd, c)) { 2485 reclaim_http_handler(c); 2486 if(!c->tcp_do_close) { 2487 fptr_ok(fptr_whitelist_comm_point( 2488 c->callback)); 2489 (void)(*c->callback)(c, c->cb_arg, 2490 NETEVENT_CLOSED, NULL); 2491 } 2492 } 2493 return; 2494 } 2495 if(event&UB_EV_WRITE) { 2496 if(!comm_point_http_handle_write(fd, c)) { 2497 reclaim_http_handler(c); 2498 if(!c->tcp_do_close) { 2499 fptr_ok(fptr_whitelist_comm_point( 2500 c->callback)); 2501 (void)(*c->callback)(c, c->cb_arg, 2502 NETEVENT_CLOSED, NULL); 2503 } 2504 } 2505 return; 2506 } 2507 log_err("Ignored event %d for httphdl.", event); 2508 } 2509 2510 void comm_point_local_handle_callback(int fd, short event, void* arg) 2511 { 2512 struct comm_point* c = (struct comm_point*)arg; 2513 log_assert(c->type == comm_local); 2514 ub_comm_base_now(c->ev->base); 2515 2516 if(event&UB_EV_READ) { 2517 if(!comm_point_tcp_handle_read(fd, c, 1)) { 2518 fptr_ok(fptr_whitelist_comm_point(c->callback)); 2519 (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, 2520 NULL); 2521 } 2522 return; 2523 } 2524 log_err("Ignored event %d for localhdl.", event); 2525 } 2526 2527 void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), 2528 short event, void* arg) 2529 { 2530 struct comm_point* c = (struct comm_point*)arg; 2531 int err = NETEVENT_NOERROR; 2532 log_assert(c->type == comm_raw); 2533 ub_comm_base_now(c->ev->base); 2534 2535 if(event&UB_EV_TIMEOUT) 2536 err = NETEVENT_TIMEOUT; 2537 fptr_ok(fptr_whitelist_comm_point_raw(c->callback)); 2538 (void)(*c->callback)(c, c->cb_arg, err, NULL); 2539 } 2540 2541 struct comm_point* 2542 comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, 2543 comm_point_callback_type* callback, void* callback_arg) 2544 { 2545 struct comm_point* c = (struct comm_point*)calloc(1, 2546 sizeof(struct comm_point)); 2547 short evbits; 2548 if(!c) 2549 return NULL; 2550 c->ev = (struct internal_event*)calloc(1, 2551 sizeof(struct internal_event)); 2552 if(!c->ev) { 2553 free(c); 2554 return NULL; 2555 } 2556 c->ev->base = base; 2557 c->fd = fd; 2558 c->buffer = buffer; 2559 c->timeout = NULL; 2560 c->tcp_is_reading = 0; 2561 c->tcp_byte_count = 0; 2562 c->tcp_parent = NULL; 2563 c->max_tcp_count = 0; 2564 c->cur_tcp_count = 0; 2565 c->tcp_handlers = NULL; 2566 c->tcp_free = NULL; 2567 c->type = comm_udp; 2568 c->tcp_do_close = 0; 2569 c->do_not_close = 0; 2570 c->tcp_do_toggle_rw = 0; 2571 c->tcp_check_nb_connect = 0; 2572 #ifdef USE_MSG_FASTOPEN 2573 c->tcp_do_fastopen = 0; 2574 #endif 2575 #ifdef USE_DNSCRYPT 2576 c->dnscrypt = 0; 2577 c->dnscrypt_buffer = buffer; 2578 #endif 2579 c->inuse = 0; 2580 c->callback = callback; 2581 c->cb_arg = callback_arg; 2582 evbits = UB_EV_READ | UB_EV_PERSIST; 2583 /* ub_event stuff */ 2584 c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, 2585 comm_point_udp_callback, c); 2586 if(c->ev->ev == NULL) { 2587 log_err("could not baseset udp event"); 2588 comm_point_delete(c); 2589 return NULL; 2590 } 2591 if(fd!=-1 && ub_event_add(c->ev->ev, c->timeout) != 0 ) { 2592 log_err("could not add udp event"); 2593 comm_point_delete(c); 2594 return NULL; 2595 } 2596 return c; 2597 } 2598 2599 struct comm_point* 2600 comm_point_create_udp_ancil(struct comm_base *base, int fd, 2601 sldns_buffer* buffer, 2602 comm_point_callback_type* callback, void* callback_arg) 2603 { 2604 struct comm_point* c = (struct comm_point*)calloc(1, 2605 sizeof(struct comm_point)); 2606 short evbits; 2607 if(!c) 2608 return NULL; 2609 c->ev = (struct internal_event*)calloc(1, 2610 sizeof(struct internal_event)); 2611 if(!c->ev) { 2612 free(c); 2613 return NULL; 2614 } 2615 c->ev->base = base; 2616 c->fd = fd; 2617 c->buffer = buffer; 2618 c->timeout = NULL; 2619 c->tcp_is_reading = 0; 2620 c->tcp_byte_count = 0; 2621 c->tcp_parent = NULL; 2622 c->max_tcp_count = 0; 2623 c->cur_tcp_count = 0; 2624 c->tcp_handlers = NULL; 2625 c->tcp_free = NULL; 2626 c->type = comm_udp; 2627 c->tcp_do_close = 0; 2628 c->do_not_close = 0; 2629 #ifdef USE_DNSCRYPT 2630 c->dnscrypt = 0; 2631 c->dnscrypt_buffer = buffer; 2632 #endif 2633 c->inuse = 0; 2634 c->tcp_do_toggle_rw = 0; 2635 c->tcp_check_nb_connect = 0; 2636 #ifdef USE_MSG_FASTOPEN 2637 c->tcp_do_fastopen = 0; 2638 #endif 2639 c->callback = callback; 2640 c->cb_arg = callback_arg; 2641 evbits = UB_EV_READ | UB_EV_PERSIST; 2642 /* ub_event stuff */ 2643 c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, 2644 comm_point_udp_ancil_callback, c); 2645 if(c->ev->ev == NULL) { 2646 log_err("could not baseset udp event"); 2647 comm_point_delete(c); 2648 return NULL; 2649 } 2650 if(fd!=-1 && ub_event_add(c->ev->ev, c->timeout) != 0 ) { 2651 log_err("could not add udp event"); 2652 comm_point_delete(c); 2653 return NULL; 2654 } 2655 return c; 2656 } 2657 2658 static struct comm_point* 2659 comm_point_create_tcp_handler(struct comm_base *base, 2660 struct comm_point* parent, size_t bufsize, 2661 struct sldns_buffer* spoolbuf, comm_point_callback_type* callback, 2662 void* callback_arg) 2663 { 2664 struct comm_point* c = (struct comm_point*)calloc(1, 2665 sizeof(struct comm_point)); 2666 short evbits; 2667 if(!c) 2668 return NULL; 2669 c->ev = (struct internal_event*)calloc(1, 2670 sizeof(struct internal_event)); 2671 if(!c->ev) { 2672 free(c); 2673 return NULL; 2674 } 2675 c->ev->base = base; 2676 c->fd = -1; 2677 c->buffer = sldns_buffer_new(bufsize); 2678 if(!c->buffer) { 2679 free(c->ev); 2680 free(c); 2681 return NULL; 2682 } 2683 c->timeout = (struct timeval*)malloc(sizeof(struct timeval)); 2684 if(!c->timeout) { 2685 sldns_buffer_free(c->buffer); 2686 free(c->ev); 2687 free(c); 2688 return NULL; 2689 } 2690 c->tcp_is_reading = 0; 2691 c->tcp_byte_count = 0; 2692 c->tcp_parent = parent; 2693 c->tcp_timeout_msec = parent->tcp_timeout_msec; 2694 c->tcp_conn_limit = parent->tcp_conn_limit; 2695 c->tcl_addr = NULL; 2696 c->tcp_keepalive = 0; 2697 c->max_tcp_count = 0; 2698 c->cur_tcp_count = 0; 2699 c->tcp_handlers = NULL; 2700 c->tcp_free = NULL; 2701 c->type = comm_tcp; 2702 c->tcp_do_close = 0; 2703 c->do_not_close = 0; 2704 c->tcp_do_toggle_rw = 1; 2705 c->tcp_check_nb_connect = 0; 2706 #ifdef USE_MSG_FASTOPEN 2707 c->tcp_do_fastopen = 0; 2708 #endif 2709 #ifdef USE_DNSCRYPT 2710 c->dnscrypt = 0; 2711 /* We don't know just yet if this is a dnscrypt channel. Allocation 2712 * will be done when handling the callback. */ 2713 c->dnscrypt_buffer = c->buffer; 2714 #endif 2715 c->repinfo.c = c; 2716 c->callback = callback; 2717 c->cb_arg = callback_arg; 2718 if(spoolbuf) { 2719 c->tcp_req_info = tcp_req_info_create(spoolbuf); 2720 if(!c->tcp_req_info) { 2721 log_err("could not create tcp commpoint"); 2722 sldns_buffer_free(c->buffer); 2723 free(c->timeout); 2724 free(c->ev); 2725 free(c); 2726 return NULL; 2727 } 2728 c->tcp_req_info->cp = c; 2729 c->tcp_do_close = 1; 2730 c->tcp_do_toggle_rw = 0; 2731 } 2732 /* add to parent free list */ 2733 c->tcp_free = parent->tcp_free; 2734 parent->tcp_free = c; 2735 /* ub_event stuff */ 2736 evbits = UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT; 2737 c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, 2738 comm_point_tcp_handle_callback, c); 2739 if(c->ev->ev == NULL) 2740 { 2741 log_err("could not basetset tcphdl event"); 2742 parent->tcp_free = c->tcp_free; 2743 tcp_req_info_delete(c->tcp_req_info); 2744 sldns_buffer_free(c->buffer); 2745 free(c->timeout); 2746 free(c->ev); 2747 free(c); 2748 return NULL; 2749 } 2750 return c; 2751 } 2752 2753 struct comm_point* 2754 comm_point_create_tcp(struct comm_base *base, int fd, int num, 2755 int idle_timeout, struct tcl_list* tcp_conn_limit, size_t bufsize, 2756 struct sldns_buffer* spoolbuf, comm_point_callback_type* callback, 2757 void* callback_arg) 2758 { 2759 struct comm_point* c = (struct comm_point*)calloc(1, 2760 sizeof(struct comm_point)); 2761 short evbits; 2762 int i; 2763 /* first allocate the TCP accept listener */ 2764 if(!c) 2765 return NULL; 2766 c->ev = (struct internal_event*)calloc(1, 2767 sizeof(struct internal_event)); 2768 if(!c->ev) { 2769 free(c); 2770 return NULL; 2771 } 2772 c->ev->base = base; 2773 c->fd = fd; 2774 c->buffer = NULL; 2775 c->timeout = NULL; 2776 c->tcp_is_reading = 0; 2777 c->tcp_byte_count = 0; 2778 c->tcp_timeout_msec = idle_timeout; 2779 c->tcp_conn_limit = tcp_conn_limit; 2780 c->tcl_addr = NULL; 2781 c->tcp_keepalive = 0; 2782 c->tcp_parent = NULL; 2783 c->max_tcp_count = num; 2784 c->cur_tcp_count = 0; 2785 c->tcp_handlers = (struct comm_point**)calloc((size_t)num, 2786 sizeof(struct comm_point*)); 2787 if(!c->tcp_handlers) { 2788 free(c->ev); 2789 free(c); 2790 return NULL; 2791 } 2792 c->tcp_free = NULL; 2793 c->type = comm_tcp_accept; 2794 c->tcp_do_close = 0; 2795 c->do_not_close = 0; 2796 c->tcp_do_toggle_rw = 0; 2797 c->tcp_check_nb_connect = 0; 2798 #ifdef USE_MSG_FASTOPEN 2799 c->tcp_do_fastopen = 0; 2800 #endif 2801 #ifdef USE_DNSCRYPT 2802 c->dnscrypt = 0; 2803 c->dnscrypt_buffer = NULL; 2804 #endif 2805 c->callback = NULL; 2806 c->cb_arg = NULL; 2807 evbits = UB_EV_READ | UB_EV_PERSIST; 2808 /* ub_event stuff */ 2809 c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, 2810 comm_point_tcp_accept_callback, c); 2811 if(c->ev->ev == NULL) { 2812 log_err("could not baseset tcpacc event"); 2813 comm_point_delete(c); 2814 return NULL; 2815 } 2816 if (ub_event_add(c->ev->ev, c->timeout) != 0) { 2817 log_err("could not add tcpacc event"); 2818 comm_point_delete(c); 2819 return NULL; 2820 } 2821 /* now prealloc the tcp handlers */ 2822 for(i=0; i<num; i++) { 2823 c->tcp_handlers[i] = comm_point_create_tcp_handler(base, 2824 c, bufsize, spoolbuf, callback, callback_arg); 2825 if(!c->tcp_handlers[i]) { 2826 comm_point_delete(c); 2827 return NULL; 2828 } 2829 } 2830 2831 return c; 2832 } 2833 2834 struct comm_point* 2835 comm_point_create_tcp_out(struct comm_base *base, size_t bufsize, 2836 comm_point_callback_type* callback, void* callback_arg) 2837 { 2838 struct comm_point* c = (struct comm_point*)calloc(1, 2839 sizeof(struct comm_point)); 2840 short evbits; 2841 if(!c) 2842 return NULL; 2843 c->ev = (struct internal_event*)calloc(1, 2844 sizeof(struct internal_event)); 2845 if(!c->ev) { 2846 free(c); 2847 return NULL; 2848 } 2849 c->ev->base = base; 2850 c->fd = -1; 2851 c->buffer = sldns_buffer_new(bufsize); 2852 if(!c->buffer) { 2853 free(c->ev); 2854 free(c); 2855 return NULL; 2856 } 2857 c->timeout = NULL; 2858 c->tcp_is_reading = 0; 2859 c->tcp_byte_count = 0; 2860 c->tcp_timeout_msec = TCP_QUERY_TIMEOUT; 2861 c->tcp_conn_limit = NULL; 2862 c->tcl_addr = NULL; 2863 c->tcp_keepalive = 0; 2864 c->tcp_parent = NULL; 2865 c->max_tcp_count = 0; 2866 c->cur_tcp_count = 0; 2867 c->tcp_handlers = NULL; 2868 c->tcp_free = NULL; 2869 c->type = comm_tcp; 2870 c->tcp_do_close = 0; 2871 c->do_not_close = 0; 2872 c->tcp_do_toggle_rw = 1; 2873 c->tcp_check_nb_connect = 1; 2874 #ifdef USE_MSG_FASTOPEN 2875 c->tcp_do_fastopen = 1; 2876 #endif 2877 #ifdef USE_DNSCRYPT 2878 c->dnscrypt = 0; 2879 c->dnscrypt_buffer = c->buffer; 2880 #endif 2881 c->repinfo.c = c; 2882 c->callback = callback; 2883 c->cb_arg = callback_arg; 2884 evbits = UB_EV_PERSIST | UB_EV_WRITE; 2885 c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, 2886 comm_point_tcp_handle_callback, c); 2887 if(c->ev->ev == NULL) 2888 { 2889 log_err("could not baseset tcpout event"); 2890 sldns_buffer_free(c->buffer); 2891 free(c->ev); 2892 free(c); 2893 return NULL; 2894 } 2895 2896 return c; 2897 } 2898 2899 struct comm_point* 2900 comm_point_create_http_out(struct comm_base *base, size_t bufsize, 2901 comm_point_callback_type* callback, void* callback_arg, 2902 sldns_buffer* temp) 2903 { 2904 struct comm_point* c = (struct comm_point*)calloc(1, 2905 sizeof(struct comm_point)); 2906 short evbits; 2907 if(!c) 2908 return NULL; 2909 c->ev = (struct internal_event*)calloc(1, 2910 sizeof(struct internal_event)); 2911 if(!c->ev) { 2912 free(c); 2913 return NULL; 2914 } 2915 c->ev->base = base; 2916 c->fd = -1; 2917 c->buffer = sldns_buffer_new(bufsize); 2918 if(!c->buffer) { 2919 free(c->ev); 2920 free(c); 2921 return NULL; 2922 } 2923 c->timeout = NULL; 2924 c->tcp_is_reading = 0; 2925 c->tcp_byte_count = 0; 2926 c->tcp_parent = NULL; 2927 c->max_tcp_count = 0; 2928 c->cur_tcp_count = 0; 2929 c->tcp_handlers = NULL; 2930 c->tcp_free = NULL; 2931 c->type = comm_http; 2932 c->tcp_do_close = 0; 2933 c->do_not_close = 0; 2934 c->tcp_do_toggle_rw = 1; 2935 c->tcp_check_nb_connect = 1; 2936 c->http_in_headers = 1; 2937 c->http_in_chunk_headers = 0; 2938 c->http_is_chunked = 0; 2939 c->http_temp = temp; 2940 #ifdef USE_MSG_FASTOPEN 2941 c->tcp_do_fastopen = 1; 2942 #endif 2943 #ifdef USE_DNSCRYPT 2944 c->dnscrypt = 0; 2945 c->dnscrypt_buffer = c->buffer; 2946 #endif 2947 c->repinfo.c = c; 2948 c->callback = callback; 2949 c->cb_arg = callback_arg; 2950 evbits = UB_EV_PERSIST | UB_EV_WRITE; 2951 c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, 2952 comm_point_http_handle_callback, c); 2953 if(c->ev->ev == NULL) 2954 { 2955 log_err("could not baseset tcpout event"); 2956 #ifdef HAVE_SSL 2957 SSL_free(c->ssl); 2958 #endif 2959 sldns_buffer_free(c->buffer); 2960 free(c->ev); 2961 free(c); 2962 return NULL; 2963 } 2964 2965 return c; 2966 } 2967 2968 struct comm_point* 2969 comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, 2970 comm_point_callback_type* callback, void* callback_arg) 2971 { 2972 struct comm_point* c = (struct comm_point*)calloc(1, 2973 sizeof(struct comm_point)); 2974 short evbits; 2975 if(!c) 2976 return NULL; 2977 c->ev = (struct internal_event*)calloc(1, 2978 sizeof(struct internal_event)); 2979 if(!c->ev) { 2980 free(c); 2981 return NULL; 2982 } 2983 c->ev->base = base; 2984 c->fd = fd; 2985 c->buffer = sldns_buffer_new(bufsize); 2986 if(!c->buffer) { 2987 free(c->ev); 2988 free(c); 2989 return NULL; 2990 } 2991 c->timeout = NULL; 2992 c->tcp_is_reading = 1; 2993 c->tcp_byte_count = 0; 2994 c->tcp_parent = NULL; 2995 c->max_tcp_count = 0; 2996 c->cur_tcp_count = 0; 2997 c->tcp_handlers = NULL; 2998 c->tcp_free = NULL; 2999 c->type = comm_local; 3000 c->tcp_do_close = 0; 3001 c->do_not_close = 1; 3002 c->tcp_do_toggle_rw = 0; 3003 c->tcp_check_nb_connect = 0; 3004 #ifdef USE_MSG_FASTOPEN 3005 c->tcp_do_fastopen = 0; 3006 #endif 3007 #ifdef USE_DNSCRYPT 3008 c->dnscrypt = 0; 3009 c->dnscrypt_buffer = c->buffer; 3010 #endif 3011 c->callback = callback; 3012 c->cb_arg = callback_arg; 3013 /* ub_event stuff */ 3014 evbits = UB_EV_PERSIST | UB_EV_READ; 3015 c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, 3016 comm_point_local_handle_callback, c); 3017 if(c->ev->ev == NULL) { 3018 log_err("could not baseset localhdl event"); 3019 free(c->ev); 3020 free(c); 3021 return NULL; 3022 } 3023 if (ub_event_add(c->ev->ev, c->timeout) != 0) { 3024 log_err("could not add localhdl event"); 3025 ub_event_free(c->ev->ev); 3026 free(c->ev); 3027 free(c); 3028 return NULL; 3029 } 3030 return c; 3031 } 3032 3033 struct comm_point* 3034 comm_point_create_raw(struct comm_base* base, int fd, int writing, 3035 comm_point_callback_type* callback, void* callback_arg) 3036 { 3037 struct comm_point* c = (struct comm_point*)calloc(1, 3038 sizeof(struct comm_point)); 3039 short evbits; 3040 if(!c) 3041 return NULL; 3042 c->ev = (struct internal_event*)calloc(1, 3043 sizeof(struct internal_event)); 3044 if(!c->ev) { 3045 free(c); 3046 return NULL; 3047 } 3048 c->ev->base = base; 3049 c->fd = fd; 3050 c->buffer = NULL; 3051 c->timeout = NULL; 3052 c->tcp_is_reading = 0; 3053 c->tcp_byte_count = 0; 3054 c->tcp_parent = NULL; 3055 c->max_tcp_count = 0; 3056 c->cur_tcp_count = 0; 3057 c->tcp_handlers = NULL; 3058 c->tcp_free = NULL; 3059 c->type = comm_raw; 3060 c->tcp_do_close = 0; 3061 c->do_not_close = 1; 3062 c->tcp_do_toggle_rw = 0; 3063 c->tcp_check_nb_connect = 0; 3064 #ifdef USE_MSG_FASTOPEN 3065 c->tcp_do_fastopen = 0; 3066 #endif 3067 #ifdef USE_DNSCRYPT 3068 c->dnscrypt = 0; 3069 c->dnscrypt_buffer = c->buffer; 3070 #endif 3071 c->callback = callback; 3072 c->cb_arg = callback_arg; 3073 /* ub_event stuff */ 3074 if(writing) 3075 evbits = UB_EV_PERSIST | UB_EV_WRITE; 3076 else evbits = UB_EV_PERSIST | UB_EV_READ; 3077 c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, 3078 comm_point_raw_handle_callback, c); 3079 if(c->ev->ev == NULL) { 3080 log_err("could not baseset rawhdl event"); 3081 free(c->ev); 3082 free(c); 3083 return NULL; 3084 } 3085 if (ub_event_add(c->ev->ev, c->timeout) != 0) { 3086 log_err("could not add rawhdl event"); 3087 ub_event_free(c->ev->ev); 3088 free(c->ev); 3089 free(c); 3090 return NULL; 3091 } 3092 return c; 3093 } 3094 3095 void 3096 comm_point_close(struct comm_point* c) 3097 { 3098 if(!c) 3099 return; 3100 if(c->fd != -1) { 3101 if(ub_event_del(c->ev->ev) != 0) { 3102 log_err("could not event_del on close"); 3103 } 3104 } 3105 tcl_close_connection(c->tcl_addr); 3106 if(c->tcp_req_info) 3107 tcp_req_info_clear(c->tcp_req_info); 3108 /* close fd after removing from event lists, or epoll.. is messed up */ 3109 if(c->fd != -1 && !c->do_not_close) { 3110 if(c->type == comm_tcp || c->type == comm_http) { 3111 /* delete sticky events for the fd, it gets closed */ 3112 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); 3113 ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); 3114 } 3115 verbose(VERB_ALGO, "close fd %d", c->fd); 3116 #ifndef USE_WINSOCK 3117 close(c->fd); 3118 #else 3119 closesocket(c->fd); 3120 #endif 3121 } 3122 c->fd = -1; 3123 } 3124 3125 void 3126 comm_point_delete(struct comm_point* c) 3127 { 3128 if(!c) 3129 return; 3130 if((c->type == comm_tcp || c->type == comm_http) && c->ssl) { 3131 #ifdef HAVE_SSL 3132 SSL_shutdown(c->ssl); 3133 SSL_free(c->ssl); 3134 #endif 3135 } 3136 comm_point_close(c); 3137 if(c->tcp_handlers) { 3138 int i; 3139 for(i=0; i<c->max_tcp_count; i++) 3140 comm_point_delete(c->tcp_handlers[i]); 3141 free(c->tcp_handlers); 3142 } 3143 free(c->timeout); 3144 if(c->type == comm_tcp || c->type == comm_local || c->type == comm_http) { 3145 sldns_buffer_free(c->buffer); 3146 #ifdef USE_DNSCRYPT 3147 if(c->dnscrypt && c->dnscrypt_buffer != c->buffer) { 3148 sldns_buffer_free(c->dnscrypt_buffer); 3149 } 3150 #endif 3151 if(c->tcp_req_info) { 3152 tcp_req_info_delete(c->tcp_req_info); 3153 } 3154 } 3155 ub_event_free(c->ev->ev); 3156 free(c->ev); 3157 free(c); 3158 } 3159 3160 void 3161 comm_point_send_reply(struct comm_reply *repinfo) 3162 { 3163 struct sldns_buffer* buffer; 3164 log_assert(repinfo && repinfo->c); 3165 #ifdef USE_DNSCRYPT 3166 buffer = repinfo->c->dnscrypt_buffer; 3167 if(!dnsc_handle_uncurved_request(repinfo)) { 3168 return; 3169 } 3170 #else 3171 buffer = repinfo->c->buffer; 3172 #endif 3173 if(repinfo->c->type == comm_udp) { 3174 if(repinfo->srctype) 3175 comm_point_send_udp_msg_if(repinfo->c, 3176 buffer, (struct sockaddr*)&repinfo->addr, 3177 repinfo->addrlen, repinfo); 3178 else 3179 comm_point_send_udp_msg(repinfo->c, buffer, 3180 (struct sockaddr*)&repinfo->addr, repinfo->addrlen); 3181 #ifdef USE_DNSTAP 3182 if(repinfo->c->dtenv != NULL && 3183 repinfo->c->dtenv->log_client_response_messages) 3184 dt_msg_send_client_response(repinfo->c->dtenv, 3185 &repinfo->addr, repinfo->c->type, repinfo->c->buffer); 3186 #endif 3187 } else { 3188 #ifdef USE_DNSTAP 3189 if(repinfo->c->tcp_parent->dtenv != NULL && 3190 repinfo->c->tcp_parent->dtenv->log_client_response_messages) 3191 dt_msg_send_client_response(repinfo->c->tcp_parent->dtenv, 3192 &repinfo->addr, repinfo->c->type, repinfo->c->buffer); 3193 #endif 3194 if(repinfo->c->tcp_req_info) { 3195 tcp_req_info_send_reply(repinfo->c->tcp_req_info); 3196 } else { 3197 comm_point_start_listening(repinfo->c, -1, 3198 repinfo->c->tcp_timeout_msec); 3199 } 3200 } 3201 } 3202 3203 void 3204 comm_point_drop_reply(struct comm_reply* repinfo) 3205 { 3206 if(!repinfo) 3207 return; 3208 log_assert(repinfo->c); 3209 log_assert(repinfo->c->type != comm_tcp_accept); 3210 if(repinfo->c->type == comm_udp) 3211 return; 3212 if(repinfo->c->tcp_req_info) 3213 repinfo->c->tcp_req_info->is_drop = 1; 3214 reclaim_tcp_handler(repinfo->c); 3215 } 3216 3217 void 3218 comm_point_stop_listening(struct comm_point* c) 3219 { 3220 verbose(VERB_ALGO, "comm point stop listening %d", c->fd); 3221 if(ub_event_del(c->ev->ev) != 0) { 3222 log_err("event_del error to stoplisten"); 3223 } 3224 } 3225 3226 void 3227 comm_point_start_listening(struct comm_point* c, int newfd, int msec) 3228 { 3229 verbose(VERB_ALGO, "comm point start listening %d (%d msec)", 3230 c->fd==-1?newfd:c->fd, msec); 3231 if(c->type == comm_tcp_accept && !c->tcp_free) { 3232 /* no use to start listening no free slots. */ 3233 return; 3234 } 3235 if(msec != -1 && msec != 0) { 3236 if(!c->timeout) { 3237 c->timeout = (struct timeval*)malloc(sizeof( 3238 struct timeval)); 3239 if(!c->timeout) { 3240 log_err("cpsl: malloc failed. No net read."); 3241 return; 3242 } 3243 } 3244 ub_event_add_bits(c->ev->ev, UB_EV_TIMEOUT); 3245 #ifndef S_SPLINT_S /* splint fails on struct timeval. */ 3246 c->timeout->tv_sec = msec/1000; 3247 c->timeout->tv_usec = (msec%1000)*1000; 3248 #endif /* S_SPLINT_S */ 3249 } 3250 if(c->type == comm_tcp || c->type == comm_http) { 3251 ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); 3252 if(c->tcp_is_reading) 3253 ub_event_add_bits(c->ev->ev, UB_EV_READ); 3254 else ub_event_add_bits(c->ev->ev, UB_EV_WRITE); 3255 } 3256 if(newfd != -1) { 3257 if(c->fd != -1) { 3258 #ifndef USE_WINSOCK 3259 close(c->fd); 3260 #else 3261 closesocket(c->fd); 3262 #endif 3263 } 3264 c->fd = newfd; 3265 ub_event_set_fd(c->ev->ev, c->fd); 3266 } 3267 if(ub_event_add(c->ev->ev, msec==0?NULL:c->timeout) != 0) { 3268 log_err("event_add failed. in cpsl."); 3269 } 3270 } 3271 3272 void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr) 3273 { 3274 verbose(VERB_ALGO, "comm point listen_for_rw %d %d", c->fd, wr); 3275 if(ub_event_del(c->ev->ev) != 0) { 3276 log_err("event_del error to cplf"); 3277 } 3278 ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); 3279 if(rd) ub_event_add_bits(c->ev->ev, UB_EV_READ); 3280 if(wr) ub_event_add_bits(c->ev->ev, UB_EV_WRITE); 3281 if(ub_event_add(c->ev->ev, c->timeout) != 0) { 3282 log_err("event_add failed. in cplf."); 3283 } 3284 } 3285 3286 size_t comm_point_get_mem(struct comm_point* c) 3287 { 3288 size_t s; 3289 if(!c) 3290 return 0; 3291 s = sizeof(*c) + sizeof(*c->ev); 3292 if(c->timeout) 3293 s += sizeof(*c->timeout); 3294 if(c->type == comm_tcp || c->type == comm_local) { 3295 s += sizeof(*c->buffer) + sldns_buffer_capacity(c->buffer); 3296 #ifdef USE_DNSCRYPT 3297 s += sizeof(*c->dnscrypt_buffer); 3298 if(c->buffer != c->dnscrypt_buffer) { 3299 s += sldns_buffer_capacity(c->dnscrypt_buffer); 3300 } 3301 #endif 3302 } 3303 if(c->type == comm_tcp_accept) { 3304 int i; 3305 for(i=0; i<c->max_tcp_count; i++) 3306 s += comm_point_get_mem(c->tcp_handlers[i]); 3307 } 3308 return s; 3309 } 3310 3311 struct comm_timer* 3312 comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) 3313 { 3314 struct internal_timer *tm = (struct internal_timer*)calloc(1, 3315 sizeof(struct internal_timer)); 3316 if(!tm) { 3317 log_err("malloc failed"); 3318 return NULL; 3319 } 3320 tm->super.ev_timer = tm; 3321 tm->base = base; 3322 tm->super.callback = cb; 3323 tm->super.cb_arg = cb_arg; 3324 tm->ev = ub_event_new(base->eb->base, -1, UB_EV_TIMEOUT, 3325 comm_timer_callback, &tm->super); 3326 if(tm->ev == NULL) { 3327 log_err("timer_create: event_base_set failed."); 3328 free(tm); 3329 return NULL; 3330 } 3331 return &tm->super; 3332 } 3333 3334 void 3335 comm_timer_disable(struct comm_timer* timer) 3336 { 3337 if(!timer) 3338 return; 3339 ub_timer_del(timer->ev_timer->ev); 3340 timer->ev_timer->enabled = 0; 3341 } 3342 3343 void 3344 comm_timer_set(struct comm_timer* timer, struct timeval* tv) 3345 { 3346 log_assert(tv); 3347 if(timer->ev_timer->enabled) 3348 comm_timer_disable(timer); 3349 if(ub_timer_add(timer->ev_timer->ev, timer->ev_timer->base->eb->base, 3350 comm_timer_callback, timer, tv) != 0) 3351 log_err("comm_timer_set: evtimer_add failed."); 3352 timer->ev_timer->enabled = 1; 3353 } 3354 3355 void 3356 comm_timer_delete(struct comm_timer* timer) 3357 { 3358 if(!timer) 3359 return; 3360 comm_timer_disable(timer); 3361 /* Free the sub struct timer->ev_timer derived from the super struct timer. 3362 * i.e. assert(timer == timer->ev_timer) 3363 */ 3364 ub_event_free(timer->ev_timer->ev); 3365 free(timer->ev_timer); 3366 } 3367 3368 void 3369 comm_timer_callback(int ATTR_UNUSED(fd), short event, void* arg) 3370 { 3371 struct comm_timer* tm = (struct comm_timer*)arg; 3372 if(!(event&UB_EV_TIMEOUT)) 3373 return; 3374 ub_comm_base_now(tm->ev_timer->base); 3375 tm->ev_timer->enabled = 0; 3376 fptr_ok(fptr_whitelist_comm_timer(tm->callback)); 3377 (*tm->callback)(tm->cb_arg); 3378 } 3379 3380 int 3381 comm_timer_is_set(struct comm_timer* timer) 3382 { 3383 return (int)timer->ev_timer->enabled; 3384 } 3385 3386 size_t 3387 comm_timer_get_mem(struct comm_timer* ATTR_UNUSED(timer)) 3388 { 3389 return sizeof(struct internal_timer); 3390 } 3391 3392 struct comm_signal* 3393 comm_signal_create(struct comm_base* base, 3394 void (*callback)(int, void*), void* cb_arg) 3395 { 3396 struct comm_signal* com = (struct comm_signal*)malloc( 3397 sizeof(struct comm_signal)); 3398 if(!com) { 3399 log_err("malloc failed"); 3400 return NULL; 3401 } 3402 com->base = base; 3403 com->callback = callback; 3404 com->cb_arg = cb_arg; 3405 com->ev_signal = NULL; 3406 return com; 3407 } 3408 3409 void 3410 comm_signal_callback(int sig, short event, void* arg) 3411 { 3412 struct comm_signal* comsig = (struct comm_signal*)arg; 3413 if(!(event & UB_EV_SIGNAL)) 3414 return; 3415 ub_comm_base_now(comsig->base); 3416 fptr_ok(fptr_whitelist_comm_signal(comsig->callback)); 3417 (*comsig->callback)(sig, comsig->cb_arg); 3418 } 3419 3420 int 3421 comm_signal_bind(struct comm_signal* comsig, int sig) 3422 { 3423 struct internal_signal* entry = (struct internal_signal*)calloc(1, 3424 sizeof(struct internal_signal)); 3425 if(!entry) { 3426 log_err("malloc failed"); 3427 return 0; 3428 } 3429 log_assert(comsig); 3430 /* add signal event */ 3431 entry->ev = ub_signal_new(comsig->base->eb->base, sig, 3432 comm_signal_callback, comsig); 3433 if(entry->ev == NULL) { 3434 log_err("Could not create signal event"); 3435 free(entry); 3436 return 0; 3437 } 3438 if(ub_signal_add(entry->ev, NULL) != 0) { 3439 log_err("Could not add signal handler"); 3440 ub_event_free(entry->ev); 3441 free(entry); 3442 return 0; 3443 } 3444 /* link into list */ 3445 entry->next = comsig->ev_signal; 3446 comsig->ev_signal = entry; 3447 return 1; 3448 } 3449 3450 void 3451 comm_signal_delete(struct comm_signal* comsig) 3452 { 3453 struct internal_signal* p, *np; 3454 if(!comsig) 3455 return; 3456 p=comsig->ev_signal; 3457 while(p) { 3458 np = p->next; 3459 ub_signal_del(p->ev); 3460 ub_event_free(p->ev); 3461 free(p); 3462 p = np; 3463 } 3464 free(comsig); 3465 } 3466