Lines Matching defs:ssl
307 if(p->ssl)
308 SSL_free(p->ssl);
553 n->ssl = SSL_new(rc->ctx);
554 if(!n->ssl) {
560 SSL_set_accept_state(n->ssl);
561 (void)SSL_set_mode(n->ssl, SSL_MODE_AUTO_RETRY);
562 if(!SSL_set_fd(n->ssl, newfd)) {
564 SSL_free(n->ssl);
600 if(s->ssl) {
601 SSL_shutdown(s->ssl);
602 SSL_free(s->ssl);
609 ssl_print_text(SSL* ssl, const char* text)
612 if(!ssl)
615 if((r=SSL_write(ssl, text, (int)strlen(text))) <= 0) {
616 if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
627 /** print text over the ssl connection */
629 ssl_print_vmsg(SSL* ssl, const char* format, va_list args)
633 return ssl_print_text(ssl, msg);
636 /** printf style printing to the ssl connection */
637 int ssl_printf(SSL* ssl, const char* format, ...)
642 ret = ssl_print_vmsg(ssl, format, args);
648 ssl_read_line(SSL* ssl, char* buf, size_t max)
652 if(!ssl)
656 if((r=SSL_read(ssl, buf+len, 1)) <= 0) {
657 if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
687 static void send_ok(SSL* ssl)
689 (void)ssl_printf(ssl, "ok\n");
694 do_stop(SSL* ssl, struct daemon_remote* rc)
698 send_ok(ssl);
703 do_reload(SSL* ssl, struct daemon_remote* rc)
707 send_ok(ssl);
712 do_verbosity(SSL* ssl, char* str)
716 ssl_printf(ssl, "error in verbosity number syntax: %s\n", str);
720 send_ok(ssl);
725 print_stats(SSL* ssl, const char* nm, struct stats_info* s)
728 if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm,
730 if(!ssl_printf(ssl, "%s.num.cachehits"SQ"%lu\n", nm,
733 if(!ssl_printf(ssl, "%s.num.cachemiss"SQ"%lu\n", nm,
735 if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%lu\n", nm,
737 if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm,
739 if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm,
744 if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%lu\n", nm,
746 if(!ssl_printf(ssl, "%s.requestlist.overwritten"SQ"%lu\n", nm,
748 if(!ssl_printf(ssl, "%s.requestlist.exceeded"SQ"%lu\n", nm,
750 if(!ssl_printf(ssl, "%s.requestlist.current.all"SQ"%lu\n", nm,
752 if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%lu\n", nm,
755 if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ ARG_LL "d.%6.6d\n", nm,
757 if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm,
759 if(!ssl_printf(ssl, "%s.tcpusage"SQ"%lu\n", nm,
766 print_thread_stats(SSL* ssl, int i, struct stats_info* s)
771 return print_stats(ssl, nm, s);
776 print_longnum(SSL* ssl, const char* desc, size_t x)
782 return ssl_printf(ssl, "%s%u%6.6u\n", desc,
785 return ssl_printf(ssl, "%s%lu\n", desc, (unsigned long)x);
791 print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
798 if(!print_longnum(ssl, "mem.total.sbrk"SQ,
820 if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset))
822 if(!print_longnum(ssl, "mem.cache.message"SQ, msg))
824 if(!print_longnum(ssl, "mem.mod.iterator"SQ, iter))
826 if(!print_longnum(ssl, "mem.mod.validator"SQ, val))
833 print_uptime(SSL* ssl, struct worker* worker, int reset)
841 if(!ssl_printf(ssl, "time.now"SQ ARG_LL "d.%6.6d\n",
843 if(!ssl_printf(ssl, "time.up"SQ ARG_LL "d.%6.6d\n",
845 if(!ssl_printf(ssl, "time.elapsed"SQ ARG_LL "d.%6.6d\n",
852 print_hist(SSL* ssl, struct stats_info* s)
863 if(!ssl_printf(ssl,
880 print_ext(SSL* ssl, struct stats_info* s)
906 if(!ssl_printf(ssl, "num.query.type.%s"SQ"%lu\n",
910 if(!ssl_printf(ssl, "num.query.type.other"SQ"%lu\n",
923 if(!ssl_printf(ssl, "num.query.class.%s"SQ"%lu\n",
927 if(!ssl_printf(ssl, "num.query.class.other"SQ"%lu\n",
940 if(!ssl_printf(ssl, "num.query.opcode.%s"SQ"%lu\n",
944 if(!ssl_printf(ssl, "num.query.tcp"SQ"%lu\n",
946 if(!ssl_printf(ssl, "num.query.tcpout"SQ"%lu\n",
948 if(!ssl_printf(ssl, "num.query.ipv6"SQ"%lu\n",
951 if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n",
953 if(!ssl_printf(ssl, "num.query.flags.AA"SQ"%lu\n",
955 if(!ssl_printf(ssl, "num.query.flags.TC"SQ"%lu\n",
957 if(!ssl_printf(ssl, "num.query.flags.RD"SQ"%lu\n",
959 if(!ssl_printf(ssl, "num.query.flags.RA"SQ"%lu\n",
961 if(!ssl_printf(ssl, "num.query.flags.Z"SQ"%lu\n",
963 if(!ssl_printf(ssl, "num.query.flags.AD"SQ"%lu\n",
965 if(!ssl_printf(ssl, "num.query.flags.CD"SQ"%lu\n",
967 if(!ssl_printf(ssl, "num.query.edns.present"SQ"%lu\n",
969 if(!ssl_printf(ssl, "num.query.edns.DO"SQ"%lu\n",
983 if(!ssl_printf(ssl, "num.answer.rcode.%s"SQ"%lu\n",
987 if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%lu\n",
991 if(!ssl_printf(ssl, "num.answer.secure"SQ"%lu\n",
993 if(!ssl_printf(ssl, "num.answer.bogus"SQ"%lu\n",
995 if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n",
998 if(!ssl_printf(ssl, "unwanted.queries"SQ"%lu\n",
1000 if(!ssl_printf(ssl, "unwanted.replies"SQ"%lu\n",
1003 if(!ssl_printf(ssl, "msg.cache.count"SQ"%u\n",
1005 if(!ssl_printf(ssl, "rrset.cache.count"SQ"%u\n",
1007 if(!ssl_printf(ssl, "infra.cache.count"SQ"%u\n",
1009 if(!ssl_printf(ssl, "key.cache.count"SQ"%u\n",
1016 do_stats(SSL* ssl, struct daemon_remote* rc, int reset)
1026 if(!print_thread_stats(ssl, i, &s))
1034 if(!print_stats(ssl, "total", &total))
1036 if(!print_uptime(ssl, rc->worker, reset))
1039 if(!print_mem(ssl, rc->worker, daemon))
1041 if(!print_hist(ssl, &total))
1043 if(!print_ext(ssl, &total))
1050 parse_arg_name(SSL* ssl, char* str, uint8_t** res, size_t* len, int* labs)
1060 ssl_printf(ssl, "error cannot parse name %s at %d: %s\n", str,
1067 ssl_printf(ssl, "error out of memory\n");
1076 find_arg2(SSL* ssl, char* arg, char** arg2)
1092 ssl_printf(ssl, "error could not find next argument "
1101 do_zone_add(SSL* ssl, struct worker* worker, char* arg)
1109 if(!find_arg2(ssl, arg, &arg2))
1111 if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
1114 ssl_printf(ssl, "error not a zone type. %s\n", arg2);
1127 send_ok(ssl);
1133 ssl_printf(ssl, "error out of memory\n");
1137 send_ok(ssl);
1142 do_zone_remove(SSL* ssl, struct worker* worker, char* arg)
1148 if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
1158 send_ok(ssl);
1163 do_data_add(SSL* ssl, struct worker* worker, char* arg)
1166 ssl_printf(ssl,"error in syntax or out of memory, %s\n", arg);
1169 send_ok(ssl);
1174 do_data_remove(SSL* ssl, struct worker* worker, char* arg)
1179 if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
1184 send_ok(ssl);
1189 do_lookup(SSL* ssl, struct worker* worker, char* arg)
1194 if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
1196 (void)print_deleg_lookup(ssl, worker, nm, nmlen, nmlabs);
1226 do_flush_type(SSL* ssl, struct worker* worker, char* arg)
1233 if(!find_arg2(ssl, arg, &arg2))
1235 if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
1241 send_ok(ssl);
1246 do_flush_stats(SSL* ssl, struct worker* worker)
1249 send_ok(ssl);
1301 do_flush_infra(SSL* ssl, struct worker* worker, char* arg)
1308 send_ok(ssl);
1312 (void)ssl_printf(ssl, "error parsing ip addr: '%s'\n", arg);
1330 send_ok(ssl);
1335 do_flush_requestlist(SSL* ssl, struct worker* worker)
1338 send_ok(ssl);
1392 do_flush_zone(SSL* ssl, struct worker* worker, char* arg)
1398 if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
1424 (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
1470 do_flush_bogus(SSL* ssl, struct worker* worker)
1491 (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
1545 do_flush_negative(SSL* ssl, struct worker* worker)
1566 (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
1573 do_flush_name(SSL* ssl, struct worker* w, char* arg)
1578 if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
1592 send_ok(ssl);
1597 ssl_print_name_dp(SSL* ssl, const char* str, uint8_t* nm, uint16_t dclass,
1607 if(!ssl_printf(ssl, "%s %s %s ", buf, (c?c:"CLASS??"), str)) {
1615 if(!ssl_printf(ssl, "%s%s", (f?" ":""), buf))
1621 if(!ssl_printf(ssl, "%s%s", (f?" ":""), buf))
1625 return ssl_printf(ssl, "\n");
1631 print_root_fwds(SSL* ssl, struct iter_forwards* fwds, uint8_t* root)
1636 return ssl_printf(ssl, "off (using root hints)\n");
1639 return ssl_print_name_dp(ssl, NULL, root, LDNS_RR_CLASS_IN, dp);
1644 parse_delegpt(SSL* ssl, char* args, uint8_t* nm, int allow_names)
1653 (void)ssl_printf(ssl, "error out of memory\n");
1669 if(!parse_arg_name(ssl, todo, &n, &ln, &lb)) {
1670 (void)ssl_printf(ssl, "error cannot "
1677 (void)ssl_printf(ssl, "error out of memory\n");
1685 (void)ssl_printf(ssl, "error cannot parse"
1693 (void)ssl_printf(ssl, "error out of memory\n");
1705 do_forward(SSL* ssl, struct worker* worker, char* args)
1710 (void)ssl_printf(ssl, "error: structure not allocated\n");
1714 (void)print_root_fwds(ssl, fwd, root);
1725 if(!(dp = parse_delegpt(ssl, args, root, 0)))
1728 (void)ssl_printf(ssl, "error out of memory\n");
1732 send_ok(ssl);
1736 parse_fs_args(SSL* ssl, char* args, uint8_t** nm, struct delegpt** dp,
1745 if(!find_arg2(ssl, args, &rest))
1753 (void)ssl_printf(ssl, "error: unknown option %s\n", args);
1761 if(!find_arg2(ssl, args, &rest))
1766 if(!parse_arg_name(ssl, zonename, nm, &nmlen, &nmlabs))
1771 if(!(*dp = parse_delegpt(ssl, args, *nm, 1))) {
1781 do_forward_add(SSL* ssl, struct worker* worker, char* args)
1787 if(!parse_fs_args(ssl, args, &nm, &dp, &insecure, NULL))
1792 (void)ssl_printf(ssl, "error out of memory\n");
1799 (void)ssl_printf(ssl, "error out of memory\n");
1804 send_ok(ssl);
1809 do_forward_remove(SSL* ssl, struct worker* worker, char* args)
1814 if(!parse_fs_args(ssl, args, &nm, NULL, &insecure, NULL))
1821 send_ok(ssl);
1826 do_stub_add(SSL* ssl, struct worker* worker, char* args)
1832 if(!parse_fs_args(ssl, args, &nm, &dp, &insecure, &prime))
1837 (void)ssl_printf(ssl, "error out of memory\n");
1847 (void)ssl_printf(ssl, "error out of memory\n");
1853 (void)ssl_printf(ssl, "error out of memory\n");
1862 send_ok(ssl);
1867 do_stub_remove(SSL* ssl, struct worker* worker, char* args)
1872 if(!parse_fs_args(ssl, args, &nm, NULL, &insecure, NULL))
1880 send_ok(ssl);
1885 do_insecure_add(SSL* ssl, struct worker* worker, char* arg)
1890 if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
1895 (void)ssl_printf(ssl, "error out of memory\n");
1901 send_ok(ssl);
1906 do_insecure_remove(SSL* ssl, struct worker* worker, char* arg)
1911 if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
1917 send_ok(ssl);
1921 do_insecure_list(SSL* ssl, struct worker* worker)
1929 ssl_printf(ssl, "%s\n", buf);
1937 do_status(SSL* ssl, struct worker* worker)
1941 if(!ssl_printf(ssl, "version: %s\n", PACKAGE_VERSION))
1943 if(!ssl_printf(ssl, "verbosity: %d\n", verbosity))
1945 if(!ssl_printf(ssl, "threads: %d\n", worker->daemon->num))
1947 if(!ssl_printf(ssl, "modules: %d [", worker->daemon->mods.num))
1950 if(!ssl_printf(ssl, " %s", worker->daemon->mods.mod[i]->name))
1953 if(!ssl_printf(ssl, " ]\n"))
1956 if(!ssl_printf(ssl, "uptime: " ARG_LL "d seconds\n", (long long)uptime))
1958 if(!ssl_printf(ssl, "options:%s%s\n" ,
1960 (worker->daemon->rc->accept_list?" control(ssl)":"")))
1962 if(!ssl_printf(ssl, "unbound (pid %d) is running...\n",
2042 do_dump_requestlist(SSL* ssl, struct worker* worker)
2050 if(!ssl_printf(ssl, "thread #%d\n", worker->thread_num))
2052 if(!ssl_printf(ssl, "# type cl name seconds module status\n"))
2063 if(!ssl_printf(ssl, "%3d %4s %2s %s %s %s\n",
2081 SSL* ssl;
2084 /** ssl failure? stop writing and skip the rest. If the tcp
2105 if(!ssl_printf(a->ssl, "%s %s expired rto %d\n", ip_str,
2113 if(!ssl_printf(a->ssl, "%s %s ttl %lu ping %d var %d rtt %d rto %d "
2130 do_dump_infra(SSL* ssl, struct worker* worker)
2134 arg.ssl = ssl;
2142 do_log_reopen(SSL* ssl, struct worker* worker)
2145 send_ok(ssl);
2151 do_set_option(SSL* ssl, struct worker* worker, char* arg)
2154 if(!find_arg2(ssl, arg, &arg2))
2157 (void)ssl_printf(ssl, "error setting option\n");
2160 send_ok(ssl);
2166 SSL* ssl = (SSL*)arg;
2167 (void)ssl_printf(ssl, "%s\n", line);
2172 do_get_option(SSL* ssl, struct worker* worker, char* arg)
2175 r = config_get_option(worker->env.cfg, arg, remote_get_opt_ssl, ssl);
2177 (void)ssl_printf(ssl, "error unknown option\n");
2184 do_list_forwards(SSL* ssl, struct worker* worker)
2204 if(!ssl_print_name_dp(ssl, (insecure?"forward +i":"forward"),
2212 do_list_stubs(SSL* ssl, struct worker* worker)
2232 if(!ssl_print_name_dp(ssl, str, z->node.name,
2240 do_list_local_zones(SSL* ssl, struct worker* worker)
2249 if(!ssl_printf(ssl, "%s %s\n", buf,
2263 do_list_local_data(SSL* ssl, struct worker* worker)
2282 if(!ssl_printf(ssl, "BADRR\n")) {
2288 if(!ssl_printf(ssl, "%s\n", s)) {
2306 SSL* ssl;
2328 ssl_printf(a->ssl, "%s %d limit %d\n", buf, max, lim);
2333 do_ratelimit_list(SSL* ssl, struct worker* worker, char* arg)
2339 a.ssl = ssl;
2351 distribute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd)
2354 if(!cmd || !ssl)
2362 ssl_printf(ssl, "error could not distribute cmd\n");
2377 execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
2383 do_stop(ssl, rc);
2386 do_reload(ssl, rc);
2389 do_stats(ssl, rc, 0);
2392 do_stats(ssl, rc, 1);
2395 do_status(ssl, worker);
2398 (void)dump_cache(ssl, worker);
2401 if(load_cache(ssl, worker)) send_ok(ssl);
2404 do_list_forwards(ssl, worker);
2407 do_list_stubs(ssl, worker);
2410 do_insecure_list(ssl, worker);
2413 do_list_local_zones(ssl, worker);
2416 do_list_local_data(ssl, worker);
2419 do_ratelimit_list(ssl, worker, p+14);
2423 if(rc) distribute_cmd(rc, ssl, cmd);
2424 do_stub_add(ssl, worker, skipwhite(p+8));
2428 if(rc) distribute_cmd(rc, ssl, cmd);
2429 do_stub_remove(ssl, worker, skipwhite(p+11));
2433 if(rc) distribute_cmd(rc, ssl, cmd);
2434 do_forward_add(ssl, worker, skipwhite(p+11));
2438 if(rc) distribute_cmd(rc, ssl, cmd);
2439 do_forward_remove(ssl, worker, skipwhite(p+14));
2443 if(rc) distribute_cmd(rc, ssl, cmd);
2444 do_insecure_add(ssl, worker, skipwhite(p+12));
2448 if(rc) distribute_cmd(rc, ssl, cmd);
2449 do_insecure_remove(ssl, worker, skipwhite(p+15));
2453 if(rc) distribute_cmd(rc, ssl, cmd);
2454 do_forward(ssl, worker, skipwhite(p+7));
2458 if(rc) distribute_cmd(rc, ssl, cmd);
2459 do_flush_stats(ssl, worker);
2463 if(rc) distribute_cmd(rc, ssl, cmd);
2464 do_flush_requestlist(ssl, worker);
2467 do_lookup(ssl, worker, skipwhite(p+6));
2476 distribute_cmd(rc, ssl, cmd);
2480 do_verbosity(ssl, skipwhite(p+9));
2482 do_zone_remove(ssl, worker, skipwhite(p+17));
2484 do_zone_add(ssl, worker, skipwhite(p+10));
2486 do_data_remove(ssl, worker, skipwhite(p+17));
2488 do_data_add(ssl, worker, skipwhite(p+10));
2490 do_flush_zone(ssl, worker, skipwhite(p+10));
2492 do_flush_type(ssl, worker, skipwhite(p+10));
2494 do_flush_infra(ssl, worker, skipwhite(p+11));
2496 do_flush_name(ssl, worker, skipwhite(p+5));
2498 do_dump_requestlist(ssl, worker);
2500 do_dump_infra(ssl, worker);
2502 do_log_reopen(ssl, worker);
2504 do_set_option(ssl, worker, skipwhite(p+10));
2506 do_get_option(ssl, worker, skipwhite(p+10));
2508 do_flush_bogus(ssl, worker);
2510 do_flush_negative(ssl, worker);
2512 (void)ssl_printf(ssl, "error unknown command '%s'\n", p);
2533 handle_req(struct daemon_remote* rc, struct rc_state* s, SSL* ssl)
2548 if((r=SSL_read(ssl, magic, (int)sizeof(magic)-1)) <= 0) {
2549 if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN)
2562 if(!ssl_read_line(ssl, buf, sizeof(buf))) {
2569 ssl_printf(ssl, "error version mismatch\n");
2575 execute_cmd(rc, ssl, buf, rc->worker);
2592 r = SSL_do_handshake(s->ssl);
2594 int r2 = SSL_get_error(s->ssl, r);
2616 log_crypto_err("remote control failed ssl");
2626 } else if(SSL_get_verify_result(s->ssl) == X509_V_OK) {
2627 X509* x = SSL_get_peer_certificate(s->ssl);
2644 handle_req(rc, s, s->ssl);