1/*
2 * nsd.h -- nsd(8) definitions and prototypes
3 *
4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
5 *
6 * See LICENSE for the license.
7 *
8 */
9
10#ifndef	NSD_H
11#define	NSD_H
12
13#include <signal.h>
14#include <net/if.h>
15#ifndef IFNAMSIZ
16#  ifdef IF_NAMESIZE
17#    define IFNAMSIZ IF_NAMESIZE
18#  else
19#    define IFNAMSIZ 16
20#  endif
21#endif
22#ifdef HAVE_OPENSSL_SSL_H
23#include <openssl/ssl.h>
24#endif
25
26#include "dns.h"
27#include "edns.h"
28#include "bitset.h"
29struct netio_handler;
30struct nsd_options;
31struct udb_base;
32struct daemon_remote;
33#ifdef USE_DNSTAP
34struct dt_collector;
35#endif
36
37/* The NSD runtime states and NSD ipc command values */
38#define	NSD_RUN	0
39#define	NSD_RELOAD 1
40#define	NSD_SHUTDOWN 2
41#define	NSD_STATS 3
42#define	NSD_REAP_CHILDREN 4
43#define	NSD_QUIT 5
44/*
45 * PASS_TO_XFRD is followed by the u16(len in network order) and
46 * then network packet contents.  packet is a notify(acl checked), or
47 * xfr reply from a master(acl checked).
48 * followed by u32(acl number that matched from notify/xfr acl).
49 */
50#define NSD_PASS_TO_XFRD 6
51/*
52 * RELOAD_REQ is sent when parent receives a SIGHUP and tells
53 * xfrd that it wants to initiate a reload (and thus task swap).
54 */
55#define NSD_RELOAD_REQ 7
56/*
57 * RELOAD_DONE is sent at the end of a reload pass.
58 * xfrd then knows that reload phase is over.
59 */
60#define NSD_RELOAD_DONE 8
61/*
62 * QUIT_SYNC is sent to signify a synchronisation of ipc
63 * channel content during reload
64 */
65#define NSD_QUIT_SYNC 9
66/*
67 * QUIT_CHILD is sent at exit, to make sure the child has exited so that
68 * port53 is free when all of nsd's processes have exited at shutdown time
69 */
70#define NSD_QUIT_CHILD 11
71/*
72 * This is the exit code of a nsd "new master" child process to indicate to
73 * the master process that some zones failed verification and that it should
74 * reload again, reprocessing the difffiles. The master process will resend
75 * the command to xfrd so it will not reload from xfrd yet.
76 */
77#define NSD_RELOAD_FAILED 14
78
79#define NSD_SERVER_MAIN 0x0U
80#define NSD_SERVER_UDP  0x1U
81#define NSD_SERVER_TCP  0x2U
82#define NSD_SERVER_BOTH (NSD_SERVER_UDP | NSD_SERVER_TCP)
83
84#ifdef INET6
85#define DEFAULT_AI_FAMILY AF_UNSPEC
86#else
87#define DEFAULT_AI_FAMILY AF_INET
88#endif
89
90#ifdef BIND8_STATS
91/* Counter for statistics */
92typedef	unsigned long stc_type;
93
94#define	LASTELEM(arr)	(sizeof(arr) / sizeof(arr[0]) - 1)
95
96#define	STATUP(nsd, stc) nsd->st->stc++
97/* #define	STATUP2(nsd, stc, i)  ((i) <= (LASTELEM(nsd->st->stc) - 1)) ? nsd->st->stc[(i)]++ : \
98				nsd->st.stc[LASTELEM(nsd->st->stc)]++ */
99
100#define	STATUP2(nsd, stc, i) nsd->st->stc[(i) <= (LASTELEM(nsd->st->stc) - 1) ? i : LASTELEM(nsd->st->stc)]++
101#else	/* BIND8_STATS */
102
103#define	STATUP(nsd, stc) /* Nothing */
104#define	STATUP2(nsd, stc, i) /* Nothing */
105
106#endif /* BIND8_STATS */
107
108#ifdef USE_ZONE_STATS
109/* increment zone statistic, checks if zone-nonNULL and zone array bounds */
110#define ZTATUP(nsd, zone, stc) ( \
111	(zone && zone->zonestatid < nsd->zonestatsizenow) ? \
112		nsd->zonestatnow[zone->zonestatid].stc++ \
113		: 0)
114#define	ZTATUP2(nsd, zone, stc, i) ( \
115	(zone && zone->zonestatid < nsd->zonestatsizenow) ? \
116		(nsd->zonestatnow[zone->zonestatid].stc[(i) <= (LASTELEM(nsd->zonestatnow[zone->zonestatid].stc) - 1) ? i : LASTELEM(nsd->zonestatnow[zone->zonestatid].stc)]++ ) \
117		: 0)
118#else /* USE_ZONE_STATS */
119#define	ZTATUP(nsd, zone, stc) /* Nothing */
120#define	ZTATUP2(nsd, zone, stc, i) /* Nothing */
121#endif /* USE_ZONE_STATS */
122
123#ifdef	BIND8_STATS
124/* Data structure to keep track of statistics */
125struct nsdst {
126	time_t	boot;
127	stc_type qtype[257];	/* Counters per qtype */
128	stc_type qclass[4];	/* Class IN or Class CH or other */
129	stc_type qudp, qudp6;	/* Number of queries udp and udp6 */
130	stc_type ctcp, ctcp6;	/* Number of tcp and tcp6 connections */
131	stc_type ctls, ctls6;	/* Number of tls and tls6 connections */
132	stc_type rcode[17], opcode[6]; /* Rcodes & opcodes */
133	/* Dropped, truncated, queries for nonconfigured zone, tx errors */
134	stc_type dropped, truncated, wrongzone, txerr, rxerr;
135	stc_type edns, ednserr, raxfr, nona, rixfr;
136	uint64_t db_disk, db_mem;
137};
138#endif /* BIND8_STATS */
139
140#define NSD_SOCKET_IS_OPTIONAL (1<<0)
141#define NSD_BIND_DEVICE (1<<1)
142
143struct nsd_addrinfo
144{
145	int ai_flags;
146	int ai_family;
147	int ai_socktype;
148	socklen_t ai_addrlen;
149	struct sockaddr_storage ai_addr;
150};
151
152struct nsd_socket
153{
154	struct nsd_addrinfo addr;
155	int s;
156	int flags;
157	struct nsd_bitset *servers;
158	char device[IFNAMSIZ];
159	int fib;
160};
161
162struct nsd_child
163{
164#ifdef HAVE_CPUSET_T
165	/* Processor(s) that child process must run on (if applicable). */
166	cpuset_t *cpuset;
167#endif
168
169	/* The type of child process (UDP or TCP handler). */
170	int kind;
171
172	/* The child's process id.  */
173	pid_t pid;
174
175	/* child number in child array */
176	int child_num;
177
178	/*
179	 * Socket used by the parent process to send commands and
180	 * receive responses to/from this child process.
181	 */
182	int child_fd;
183
184	/*
185	 * Socket used by the child process to receive commands and
186	 * send responses from/to the parent process.
187	 */
188	int parent_fd;
189
190	/*
191	 * IPC info, buffered for nonblocking writes to the child
192	 */
193	uint8_t need_to_send_STATS, need_to_send_QUIT;
194	uint8_t need_to_exit, has_exited;
195
196	/*
197	 * The handler for handling the commands from the child.
198	 */
199	struct netio_handler* handler;
200
201#ifdef	BIND8_STATS
202	stc_type query_count;
203#endif
204};
205
206#define NSD_COOKIE_HISTORY_SIZE 2
207#define NSD_COOKIE_SECRET_SIZE 16
208
209typedef struct cookie_secret cookie_secret_type;
210struct cookie_secret {
211	/** cookie secret */
212	uint8_t cookie_secret[NSD_COOKIE_SECRET_SIZE];
213};
214
215/* NSD configuration and run-time variables */
216typedef struct nsd nsd_type;
217struct	nsd
218{
219	/*
220	 * Global region that is not deallocated until NSD shuts down.
221	 */
222	region_type    *region;
223
224	/* Run-time variables */
225	pid_t		pid;
226	volatile sig_atomic_t mode;
227	volatile sig_atomic_t signal_hint_reload_hup;
228	volatile sig_atomic_t signal_hint_reload;
229	volatile sig_atomic_t signal_hint_child;
230	volatile sig_atomic_t signal_hint_quit;
231	volatile sig_atomic_t signal_hint_shutdown;
232	volatile sig_atomic_t signal_hint_stats;
233	volatile sig_atomic_t signal_hint_statsusr;
234	volatile sig_atomic_t quit_sync_done;
235	unsigned		server_kind;
236	struct namedb	*db;
237	int				debug;
238
239	size_t            child_count;
240	struct nsd_child *children;
241	int	restart_children;
242	int	reload_failed;
243
244	/* NULL if this is the parent process. */
245	struct nsd_child *this_child;
246
247	/* mmaps with data exchange from xfrd and reload */
248	struct udb_base* task[2];
249	int mytask;
250	/* the base used by this (child)process */
251	struct event_base* event_base;
252	/* the server_region used by this (child)process */
253	region_type* server_region;
254	struct netio_handler* xfrd_listener;
255	struct daemon_remote* rc;
256
257	/* Configuration */
258	const char		*pidfile;
259	const char		*log_filename;
260	const char		*username;
261	uid_t			uid;
262	gid_t			gid;
263	const char		*chrootdir;
264	const char		*version;
265	const char		*identity;
266	uint16_t		nsid_len;
267	unsigned char		*nsid;
268	uint8_t 		file_rotation_ok;
269
270#ifdef HAVE_CPUSET_T
271	int			use_cpu_affinity;
272	cpuset_t*		cpuset;
273	cpuset_t*		xfrd_cpuset;
274#endif
275
276	/* number of interfaces */
277	size_t	ifs;
278	/* non0 if so_reuseport is in use, if so, tcp, udp array increased */
279	int reuseport;
280
281	/* TCP specific configuration (array size ifs) */
282	struct nsd_socket* tcp;
283
284	/* UDP specific configuration (array size ifs) */
285	struct nsd_socket* udp;
286
287	/* Interfaces used for zone verification */
288	size_t verify_ifs;
289	struct nsd_socket *verify_tcp;
290	struct nsd_socket *verify_udp;
291
292	struct zone *next_zone_to_verify;
293	size_t verifier_count; /* Number of active verifiers */
294	size_t verifier_limit; /* Maximum number of active verifiers */
295	int verifier_pipe[2]; /* Pipe to trigger verifier exit handler */
296	struct verifier *verifiers;
297
298	edns_data_type edns_ipv4;
299#if defined(INET6)
300	edns_data_type edns_ipv6;
301#endif
302
303	int maximum_tcp_count;
304	int current_tcp_count;
305	int tcp_query_count;
306	int tcp_timeout;
307	int tcp_mss;
308	int outgoing_tcp_mss;
309	size_t ipv4_edns_size;
310	size_t ipv6_edns_size;
311
312#ifdef	BIND8_STATS
313	/* statistics for this server */
314	struct nsdst* st;
315	/* Produce statistics dump every st_period seconds */
316	int st_period;
317	/* per zone stats, each an array per zone-stat-idx, stats per zone is
318	 * add of [0][zoneidx] and [1][zoneidx]. */
319	struct nsdst* zonestat[2];
320	/* fd for zonestat mapping (otherwise mmaps cannot be shared between
321	 * processes and resized) */
322	int zonestatfd[2];
323	/* filenames */
324	char* zonestatfname[2];
325	/* size of the mmapped zone stat array (number of array entries) */
326	size_t zonestatsize[2], zonestatdesired, zonestatsizenow;
327	/* current zonestat array to use */
328	struct nsdst* zonestatnow;
329	/* filenames for stat file mappings */
330	char* statfname;
331	/* fd for stat mapping (otherwise mmaps cannot be shared between
332	 * processes and resized) */
333	int statfd;
334	/* statistics array, of size child_count*2, twice for old and new
335	 * server processes. */
336	struct nsdst* stat_map;
337	/* statistics array of size child_count, twice */
338	struct nsdst* stats_per_child[2];
339	/* current stats_per_child array that is in use for the child set */
340	int stat_current;
341	/* start value for per process statistics printout, to clear it */
342	struct nsdst stat_proc;
343#endif /* BIND8_STATS */
344#ifdef USE_DNSTAP
345	/* the dnstap collector process info */
346	struct dt_collector* dt_collector;
347	/* the pipes from server processes to the dt_collector,
348	 * arrays of size child_count * 2.  Kept open for (re-)forks. */
349	int *dt_collector_fd_send, *dt_collector_fd_recv;
350	/* the pipes from server processes to the dt_collector. Initially
351	 * these point halfway into dt_collector_fd_send, but during reload
352	 * the pointer is swapped with dt_collector_fd_send in order to
353	 * to prevent writing to the dnstap collector by old serve childs
354	 * simultaneous with new serve childs. */
355	int *dt_collector_fd_swap;
356#endif /* USE_DNSTAP */
357	/* ratelimit for errors, time value */
358	time_t err_limit_time;
359	/* ratelimit for errors, packet count */
360	unsigned int err_limit_count;
361
362	/** do answer with server cookie when request contained cookie option */
363	int do_answer_cookie;
364
365	/** how many cookies are there in the cookies array */
366	size_t cookie_count;
367
368	/* keep track of the last `NSD_COOKIE_HISTORY_SIZE`
369	 * cookies as per rfc requirement .*/
370	cookie_secret_type cookie_secrets[NSD_COOKIE_HISTORY_SIZE];
371
372	struct nsd_options* options;
373
374#ifdef HAVE_SSL
375	/* TLS specific configuration */
376	SSL_CTX *tls_ctx;
377#endif
378};
379
380extern struct nsd nsd;
381
382/* nsd.c */
383pid_t readpid(const char *file);
384int writepid(struct nsd *nsd);
385void unlinkpid(const char* file);
386void sig_handler(int sig);
387void bind8_stats(struct nsd *nsd);
388
389/* server.c */
390int server_init(struct nsd *nsd);
391int server_prepare(struct nsd *nsd);
392void server_main(struct nsd *nsd);
393void server_child(struct nsd *nsd);
394void server_shutdown(struct nsd *nsd) ATTR_NORETURN;
395void server_close_all_sockets(struct nsd_socket sockets[], size_t n);
396const char* nsd_event_vs(void);
397const char* nsd_event_method(void);
398struct event_base* nsd_child_event_base(void);
399void service_remaining_tcp(struct nsd* nsd);
400/* extra domain numbers for temporary domains */
401#define EXTRA_DOMAIN_NUMBERS 1024
402#define SLOW_ACCEPT_TIMEOUT 2 /* in seconds */
403/* ratelimit for error responses */
404#define ERROR_RATELIMIT 100 /* qps */
405/* allocate zonestat structures */
406void server_zonestat_alloc(struct nsd* nsd);
407/* remap the mmaps for zonestat isx, to bytesize sz.  Caller has to set
408 * the zonestatsize */
409void zonestat_remap(struct nsd* nsd, int idx, size_t sz);
410/* allocate stat structures */
411void server_stat_alloc(struct nsd* nsd);
412/* free stat mmap file, unlinks it */
413void server_stat_free(struct nsd* nsd);
414/* allocate and init xfrd variables */
415void server_prepare_xfrd(struct nsd *nsd);
416/* start xfrdaemon (again) */
417void server_start_xfrd(struct nsd *nsd, int del_db, int reload_active);
418/* send SOA serial numbers to xfrd */
419void server_send_soa_xfrd(struct nsd *nsd, int shortsoa);
420#ifdef HAVE_SSL
421SSL_CTX* server_tls_ctx_setup(char* key, char* pem, char* verifypem);
422SSL_CTX* server_tls_ctx_create(struct nsd *nsd, char* verifypem, char* ocspfile);
423void perform_openssl_init(void);
424#endif
425ssize_t block_read(struct nsd* nsd, int s, void* p, ssize_t sz, int timeout);
426
427#endif	/* NSD_H */
428