1/* 2 * nsd.h -- nsd(8) definitions and prototypes 3 * 4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 * 8 */ 9 10#ifndef NSD_H 11#define NSD_H 12 13#include <signal.h> 14#include <net/if.h> 15#ifndef IFNAMSIZ 16# ifdef IF_NAMESIZE 17# define IFNAMSIZ IF_NAMESIZE 18# else 19# define IFNAMSIZ 16 20# endif 21#endif 22#ifdef HAVE_OPENSSL_SSL_H 23#include <openssl/ssl.h> 24#endif 25 26#include "dns.h" 27#include "edns.h" 28#include "bitset.h" 29struct netio_handler; 30struct nsd_options; 31struct udb_base; 32struct daemon_remote; 33#ifdef USE_DNSTAP 34struct dt_collector; 35#endif 36 37/* The NSD runtime states and NSD ipc command values */ 38#define NSD_RUN 0 39#define NSD_RELOAD 1 40#define NSD_SHUTDOWN 2 41#define NSD_STATS 3 42#define NSD_REAP_CHILDREN 4 43#define NSD_QUIT 5 44/* 45 * PASS_TO_XFRD is followed by the u16(len in network order) and 46 * then network packet contents. packet is a notify(acl checked), or 47 * xfr reply from a master(acl checked). 48 * followed by u32(acl number that matched from notify/xfr acl). 49 */ 50#define NSD_PASS_TO_XFRD 6 51/* 52 * RELOAD_REQ is sent when parent receives a SIGHUP and tells 53 * xfrd that it wants to initiate a reload (and thus task swap). 54 */ 55#define NSD_RELOAD_REQ 7 56/* 57 * RELOAD_DONE is sent at the end of a reload pass. 58 * xfrd then knows that reload phase is over. 59 */ 60#define NSD_RELOAD_DONE 8 61/* 62 * QUIT_SYNC is sent to signify a synchronisation of ipc 63 * channel content during reload 64 */ 65#define NSD_QUIT_SYNC 9 66/* 67 * QUIT_CHILD is sent at exit, to make sure the child has exited so that 68 * port53 is free when all of nsd's processes have exited at shutdown time 69 */ 70#define NSD_QUIT_CHILD 11 71/* 72 * This is the exit code of a nsd "new master" child process to indicate to 73 * the master process that some zones failed verification and that it should 74 * reload again, reprocessing the difffiles. The master process will resend 75 * the command to xfrd so it will not reload from xfrd yet. 76 */ 77#define NSD_RELOAD_FAILED 14 78 79#define NSD_SERVER_MAIN 0x0U 80#define NSD_SERVER_UDP 0x1U 81#define NSD_SERVER_TCP 0x2U 82#define NSD_SERVER_BOTH (NSD_SERVER_UDP | NSD_SERVER_TCP) 83 84#ifdef INET6 85#define DEFAULT_AI_FAMILY AF_UNSPEC 86#else 87#define DEFAULT_AI_FAMILY AF_INET 88#endif 89 90#ifdef BIND8_STATS 91/* Counter for statistics */ 92typedef unsigned long stc_type; 93 94#define LASTELEM(arr) (sizeof(arr) / sizeof(arr[0]) - 1) 95 96#define STATUP(nsd, stc) nsd->st->stc++ 97/* #define STATUP2(nsd, stc, i) ((i) <= (LASTELEM(nsd->st->stc) - 1)) ? nsd->st->stc[(i)]++ : \ 98 nsd->st.stc[LASTELEM(nsd->st->stc)]++ */ 99 100#define STATUP2(nsd, stc, i) nsd->st->stc[(i) <= (LASTELEM(nsd->st->stc) - 1) ? i : LASTELEM(nsd->st->stc)]++ 101#else /* BIND8_STATS */ 102 103#define STATUP(nsd, stc) /* Nothing */ 104#define STATUP2(nsd, stc, i) /* Nothing */ 105 106#endif /* BIND8_STATS */ 107 108#ifdef USE_ZONE_STATS 109/* increment zone statistic, checks if zone-nonNULL and zone array bounds */ 110#define ZTATUP(nsd, zone, stc) ( \ 111 (zone && zone->zonestatid < nsd->zonestatsizenow) ? \ 112 nsd->zonestatnow[zone->zonestatid].stc++ \ 113 : 0) 114#define ZTATUP2(nsd, zone, stc, i) ( \ 115 (zone && zone->zonestatid < nsd->zonestatsizenow) ? \ 116 (nsd->zonestatnow[zone->zonestatid].stc[(i) <= (LASTELEM(nsd->zonestatnow[zone->zonestatid].stc) - 1) ? i : LASTELEM(nsd->zonestatnow[zone->zonestatid].stc)]++ ) \ 117 : 0) 118#else /* USE_ZONE_STATS */ 119#define ZTATUP(nsd, zone, stc) /* Nothing */ 120#define ZTATUP2(nsd, zone, stc, i) /* Nothing */ 121#endif /* USE_ZONE_STATS */ 122 123#ifdef BIND8_STATS 124/* Data structure to keep track of statistics */ 125struct nsdst { 126 time_t boot; 127 stc_type qtype[257]; /* Counters per qtype */ 128 stc_type qclass[4]; /* Class IN or Class CH or other */ 129 stc_type qudp, qudp6; /* Number of queries udp and udp6 */ 130 stc_type ctcp, ctcp6; /* Number of tcp and tcp6 connections */ 131 stc_type ctls, ctls6; /* Number of tls and tls6 connections */ 132 stc_type rcode[17], opcode[6]; /* Rcodes & opcodes */ 133 /* Dropped, truncated, queries for nonconfigured zone, tx errors */ 134 stc_type dropped, truncated, wrongzone, txerr, rxerr; 135 stc_type edns, ednserr, raxfr, nona, rixfr; 136 uint64_t db_disk, db_mem; 137}; 138#endif /* BIND8_STATS */ 139 140#define NSD_SOCKET_IS_OPTIONAL (1<<0) 141#define NSD_BIND_DEVICE (1<<1) 142 143struct nsd_addrinfo 144{ 145 int ai_flags; 146 int ai_family; 147 int ai_socktype; 148 socklen_t ai_addrlen; 149 struct sockaddr_storage ai_addr; 150}; 151 152struct nsd_socket 153{ 154 struct nsd_addrinfo addr; 155 int s; 156 int flags; 157 struct nsd_bitset *servers; 158 char device[IFNAMSIZ]; 159 int fib; 160}; 161 162struct nsd_child 163{ 164#ifdef HAVE_CPUSET_T 165 /* Processor(s) that child process must run on (if applicable). */ 166 cpuset_t *cpuset; 167#endif 168 169 /* The type of child process (UDP or TCP handler). */ 170 int kind; 171 172 /* The child's process id. */ 173 pid_t pid; 174 175 /* child number in child array */ 176 int child_num; 177 178 /* 179 * Socket used by the parent process to send commands and 180 * receive responses to/from this child process. 181 */ 182 int child_fd; 183 184 /* 185 * Socket used by the child process to receive commands and 186 * send responses from/to the parent process. 187 */ 188 int parent_fd; 189 190 /* 191 * IPC info, buffered for nonblocking writes to the child 192 */ 193 uint8_t need_to_send_STATS, need_to_send_QUIT; 194 uint8_t need_to_exit, has_exited; 195 196 /* 197 * The handler for handling the commands from the child. 198 */ 199 struct netio_handler* handler; 200 201#ifdef BIND8_STATS 202 stc_type query_count; 203#endif 204}; 205 206#define NSD_COOKIE_HISTORY_SIZE 2 207#define NSD_COOKIE_SECRET_SIZE 16 208 209typedef struct cookie_secret cookie_secret_type; 210struct cookie_secret { 211 /** cookie secret */ 212 uint8_t cookie_secret[NSD_COOKIE_SECRET_SIZE]; 213}; 214 215/* NSD configuration and run-time variables */ 216typedef struct nsd nsd_type; 217struct nsd 218{ 219 /* 220 * Global region that is not deallocated until NSD shuts down. 221 */ 222 region_type *region; 223 224 /* Run-time variables */ 225 pid_t pid; 226 volatile sig_atomic_t mode; 227 volatile sig_atomic_t signal_hint_reload_hup; 228 volatile sig_atomic_t signal_hint_reload; 229 volatile sig_atomic_t signal_hint_child; 230 volatile sig_atomic_t signal_hint_quit; 231 volatile sig_atomic_t signal_hint_shutdown; 232 volatile sig_atomic_t signal_hint_stats; 233 volatile sig_atomic_t signal_hint_statsusr; 234 volatile sig_atomic_t quit_sync_done; 235 unsigned server_kind; 236 struct namedb *db; 237 int debug; 238 239 size_t child_count; 240 struct nsd_child *children; 241 int restart_children; 242 int reload_failed; 243 244 /* NULL if this is the parent process. */ 245 struct nsd_child *this_child; 246 247 /* mmaps with data exchange from xfrd and reload */ 248 struct udb_base* task[2]; 249 int mytask; 250 /* the base used by this (child)process */ 251 struct event_base* event_base; 252 /* the server_region used by this (child)process */ 253 region_type* server_region; 254 struct netio_handler* xfrd_listener; 255 struct daemon_remote* rc; 256 257 /* Configuration */ 258 const char *pidfile; 259 const char *log_filename; 260 const char *username; 261 uid_t uid; 262 gid_t gid; 263 const char *chrootdir; 264 const char *version; 265 const char *identity; 266 uint16_t nsid_len; 267 unsigned char *nsid; 268 uint8_t file_rotation_ok; 269 270#ifdef HAVE_CPUSET_T 271 int use_cpu_affinity; 272 cpuset_t* cpuset; 273 cpuset_t* xfrd_cpuset; 274#endif 275 276 /* number of interfaces */ 277 size_t ifs; 278 /* non0 if so_reuseport is in use, if so, tcp, udp array increased */ 279 int reuseport; 280 281 /* TCP specific configuration (array size ifs) */ 282 struct nsd_socket* tcp; 283 284 /* UDP specific configuration (array size ifs) */ 285 struct nsd_socket* udp; 286 287 /* Interfaces used for zone verification */ 288 size_t verify_ifs; 289 struct nsd_socket *verify_tcp; 290 struct nsd_socket *verify_udp; 291 292 struct zone *next_zone_to_verify; 293 size_t verifier_count; /* Number of active verifiers */ 294 size_t verifier_limit; /* Maximum number of active verifiers */ 295 int verifier_pipe[2]; /* Pipe to trigger verifier exit handler */ 296 struct verifier *verifiers; 297 298 edns_data_type edns_ipv4; 299#if defined(INET6) 300 edns_data_type edns_ipv6; 301#endif 302 303 int maximum_tcp_count; 304 int current_tcp_count; 305 int tcp_query_count; 306 int tcp_timeout; 307 int tcp_mss; 308 int outgoing_tcp_mss; 309 size_t ipv4_edns_size; 310 size_t ipv6_edns_size; 311 312#ifdef BIND8_STATS 313 /* statistics for this server */ 314 struct nsdst* st; 315 /* Produce statistics dump every st_period seconds */ 316 int st_period; 317 /* per zone stats, each an array per zone-stat-idx, stats per zone is 318 * add of [0][zoneidx] and [1][zoneidx]. */ 319 struct nsdst* zonestat[2]; 320 /* fd for zonestat mapping (otherwise mmaps cannot be shared between 321 * processes and resized) */ 322 int zonestatfd[2]; 323 /* filenames */ 324 char* zonestatfname[2]; 325 /* size of the mmapped zone stat array (number of array entries) */ 326 size_t zonestatsize[2], zonestatdesired, zonestatsizenow; 327 /* current zonestat array to use */ 328 struct nsdst* zonestatnow; 329 /* filenames for stat file mappings */ 330 char* statfname; 331 /* fd for stat mapping (otherwise mmaps cannot be shared between 332 * processes and resized) */ 333 int statfd; 334 /* statistics array, of size child_count*2, twice for old and new 335 * server processes. */ 336 struct nsdst* stat_map; 337 /* statistics array of size child_count, twice */ 338 struct nsdst* stats_per_child[2]; 339 /* current stats_per_child array that is in use for the child set */ 340 int stat_current; 341 /* start value for per process statistics printout, to clear it */ 342 struct nsdst stat_proc; 343#endif /* BIND8_STATS */ 344#ifdef USE_DNSTAP 345 /* the dnstap collector process info */ 346 struct dt_collector* dt_collector; 347 /* the pipes from server processes to the dt_collector, 348 * arrays of size child_count * 2. Kept open for (re-)forks. */ 349 int *dt_collector_fd_send, *dt_collector_fd_recv; 350 /* the pipes from server processes to the dt_collector. Initially 351 * these point halfway into dt_collector_fd_send, but during reload 352 * the pointer is swapped with dt_collector_fd_send in order to 353 * to prevent writing to the dnstap collector by old serve childs 354 * simultaneous with new serve childs. */ 355 int *dt_collector_fd_swap; 356#endif /* USE_DNSTAP */ 357 /* ratelimit for errors, time value */ 358 time_t err_limit_time; 359 /* ratelimit for errors, packet count */ 360 unsigned int err_limit_count; 361 362 /** do answer with server cookie when request contained cookie option */ 363 int do_answer_cookie; 364 365 /** how many cookies are there in the cookies array */ 366 size_t cookie_count; 367 368 /* keep track of the last `NSD_COOKIE_HISTORY_SIZE` 369 * cookies as per rfc requirement .*/ 370 cookie_secret_type cookie_secrets[NSD_COOKIE_HISTORY_SIZE]; 371 372 struct nsd_options* options; 373 374#ifdef HAVE_SSL 375 /* TLS specific configuration */ 376 SSL_CTX *tls_ctx; 377#endif 378}; 379 380extern struct nsd nsd; 381 382/* nsd.c */ 383pid_t readpid(const char *file); 384int writepid(struct nsd *nsd); 385void unlinkpid(const char* file); 386void sig_handler(int sig); 387void bind8_stats(struct nsd *nsd); 388 389/* server.c */ 390int server_init(struct nsd *nsd); 391int server_prepare(struct nsd *nsd); 392void server_main(struct nsd *nsd); 393void server_child(struct nsd *nsd); 394void server_shutdown(struct nsd *nsd) ATTR_NORETURN; 395void server_close_all_sockets(struct nsd_socket sockets[], size_t n); 396const char* nsd_event_vs(void); 397const char* nsd_event_method(void); 398struct event_base* nsd_child_event_base(void); 399void service_remaining_tcp(struct nsd* nsd); 400/* extra domain numbers for temporary domains */ 401#define EXTRA_DOMAIN_NUMBERS 1024 402#define SLOW_ACCEPT_TIMEOUT 2 /* in seconds */ 403/* ratelimit for error responses */ 404#define ERROR_RATELIMIT 100 /* qps */ 405/* allocate zonestat structures */ 406void server_zonestat_alloc(struct nsd* nsd); 407/* remap the mmaps for zonestat isx, to bytesize sz. Caller has to set 408 * the zonestatsize */ 409void zonestat_remap(struct nsd* nsd, int idx, size_t sz); 410/* allocate stat structures */ 411void server_stat_alloc(struct nsd* nsd); 412/* free stat mmap file, unlinks it */ 413void server_stat_free(struct nsd* nsd); 414/* allocate and init xfrd variables */ 415void server_prepare_xfrd(struct nsd *nsd); 416/* start xfrdaemon (again) */ 417void server_start_xfrd(struct nsd *nsd, int del_db, int reload_active); 418/* send SOA serial numbers to xfrd */ 419void server_send_soa_xfrd(struct nsd *nsd, int shortsoa); 420#ifdef HAVE_SSL 421SSL_CTX* server_tls_ctx_setup(char* key, char* pem, char* verifypem); 422SSL_CTX* server_tls_ctx_create(struct nsd *nsd, char* verifypem, char* ocspfile); 423void perform_openssl_init(void); 424#endif 425ssize_t block_read(struct nsd* nsd, int s, void* p, ssize_t sz, int timeout); 426 427#endif /* NSD_H */ 428