1/* 2 * daemon/daemon.c - collection of workers that handles requests. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36/** 37 * \file 38 * 39 * The daemon consists of global settings and a number of workers. 40 */ 41 42#include "config.h" 43#ifdef HAVE_OPENSSL_ERR_H 44#include <openssl/err.h> 45#endif 46 47#ifdef HAVE_OPENSSL_RAND_H 48#include <openssl/rand.h> 49#endif 50 51#ifdef HAVE_OPENSSL_CONF_H 52#include <openssl/conf.h> 53#endif 54 55#ifdef HAVE_OPENSSL_ENGINE_H 56#include <openssl/engine.h> 57#endif 58 59#ifdef HAVE_TIME_H 60#include <time.h> 61#endif 62#include <sys/time.h> 63 64#ifdef HAVE_NSS 65/* nss3 */ 66#include "nss.h" 67#endif 68 69#include "daemon/daemon.h" 70#include "daemon/worker.h" 71#include "daemon/remote.h" 72#include "daemon/acl_list.h" 73#include "util/log.h" 74#include "util/config_file.h" 75#include "util/data/msgreply.h" 76#include "util/shm_side/shm_main.h" 77#include "util/storage/lookup3.h" 78#include "util/storage/slabhash.h" 79#include "util/tcp_conn_limit.h" 80#include "util/edns.h" 81#include "services/listen_dnsport.h" 82#include "services/cache/rrset.h" 83#include "services/cache/infra.h" 84#include "services/localzone.h" 85#include "services/view.h" 86#include "services/modstack.h" 87#include "services/authzone.h" 88#include "util/module.h" 89#include "util/random.h" 90#include "util/tube.h" 91#include "util/net_help.h" 92#include "sldns/keyraw.h" 93#include "respip/respip.h" 94#include <signal.h> 95 96#ifdef HAVE_SYSTEMD 97#include <systemd/sd-daemon.h> 98#endif 99#ifdef HAVE_NETDB_H 100#include <netdb.h> 101#endif 102 103/** How many quit requests happened. */ 104static int sig_record_quit = 0; 105/** How many reload requests happened. */ 106static int sig_record_reload = 0; 107 108#if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS 109/** cleaner ssl memory freeup */ 110static void* comp_meth = NULL; 111#endif 112/** remove buffers for parsing and init */ 113int ub_c_lex_destroy(void); 114 115/** used when no other sighandling happens, so we don't die 116 * when multiple signals in quick succession are sent to us. 117 * @param sig: signal number. 118 * @return signal handler return type (void or int). 119 */ 120static RETSIGTYPE record_sigh(int sig) 121{ 122#ifdef LIBEVENT_SIGNAL_PROBLEM 123 /* cannot log, verbose here because locks may be held */ 124 /* quit on signal, no cleanup and statistics, 125 because installed libevent version is not threadsafe */ 126 exit(0); 127#endif 128 switch(sig) 129 { 130 case SIGTERM: 131#ifdef SIGQUIT 132 case SIGQUIT: 133#endif 134#ifdef SIGBREAK 135 case SIGBREAK: 136#endif 137 case SIGINT: 138 sig_record_quit++; 139 break; 140#ifdef SIGHUP 141 case SIGHUP: 142 sig_record_reload++; 143 break; 144#endif 145#ifdef SIGPIPE 146 case SIGPIPE: 147 break; 148#endif 149 default: 150 /* ignoring signal */ 151 break; 152 } 153} 154 155/** 156 * Signal handling during the time when netevent is disabled. 157 * Stores signals to replay later. 158 */ 159static void 160signal_handling_record(void) 161{ 162 if( signal(SIGTERM, record_sigh) == SIG_ERR || 163#ifdef SIGQUIT 164 signal(SIGQUIT, record_sigh) == SIG_ERR || 165#endif 166#ifdef SIGBREAK 167 signal(SIGBREAK, record_sigh) == SIG_ERR || 168#endif 169#ifdef SIGHUP 170 signal(SIGHUP, record_sigh) == SIG_ERR || 171#endif 172#ifdef SIGPIPE 173 signal(SIGPIPE, SIG_IGN) == SIG_ERR || 174#endif 175 signal(SIGINT, record_sigh) == SIG_ERR 176 ) 177 log_err("install sighandler: %s", strerror(errno)); 178} 179 180/** 181 * Replay old signals. 182 * @param wrk: worker that handles signals. 183 */ 184static void 185signal_handling_playback(struct worker* wrk) 186{ 187#ifdef SIGHUP 188 if(sig_record_reload) 189 worker_sighandler(SIGHUP, wrk); 190#endif 191 if(sig_record_quit) 192 worker_sighandler(SIGTERM, wrk); 193 sig_record_quit = 0; 194 sig_record_reload = 0; 195} 196 197struct daemon* 198daemon_init(void) 199{ 200 struct daemon* daemon = (struct daemon*)calloc(1, 201 sizeof(struct daemon)); 202#ifdef USE_WINSOCK 203 int r; 204 WSADATA wsa_data; 205#endif 206 if(!daemon) 207 return NULL; 208#ifdef USE_WINSOCK 209 r = WSAStartup(MAKEWORD(2,2), &wsa_data); 210 if(r != 0) { 211 fatal_exit("could not init winsock. WSAStartup: %s", 212 wsa_strerror(r)); 213 } 214#endif /* USE_WINSOCK */ 215 signal_handling_record(); 216#ifdef HAVE_SSL 217# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS 218 ERR_load_crypto_strings(); 219# endif 220#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 221 ERR_load_SSL_strings(); 222#endif 223# ifdef USE_GOST 224 (void)sldns_key_EVP_load_gost_id(); 225# endif 226# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) 227# ifndef S_SPLINT_S 228 OpenSSL_add_all_algorithms(); 229# endif 230# else 231 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS 232 | OPENSSL_INIT_ADD_ALL_DIGESTS 233 | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); 234# endif 235# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS 236 /* grab the COMP method ptr because openssl leaks it */ 237 comp_meth = (void*)SSL_COMP_get_compression_methods(); 238# endif 239# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) 240 (void)SSL_library_init(); 241# else 242 (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); 243# endif 244# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) 245 if(!ub_openssl_lock_init()) 246 fatal_exit("could not init openssl locks"); 247# endif 248#elif defined(HAVE_NSS) 249 if(NSS_NoDB_Init(NULL) != SECSuccess) 250 fatal_exit("could not init NSS"); 251#endif /* HAVE_SSL or HAVE_NSS */ 252#ifdef HAVE_TZSET 253 /* init timezone info while we are not chrooted yet */ 254 tzset(); 255#endif 256 daemon->need_to_exit = 0; 257 modstack_init(&daemon->mods); 258 if(!(daemon->env = (struct module_env*)calloc(1, 259 sizeof(*daemon->env)))) { 260 free(daemon); 261 return NULL; 262 } 263 /* init edns_known_options */ 264 if(!edns_known_options_init(daemon->env)) { 265 free(daemon->env); 266 free(daemon); 267 return NULL; 268 } 269 alloc_init(&daemon->superalloc, NULL, 0); 270 daemon->acl = acl_list_create(); 271 if(!daemon->acl) { 272 edns_known_options_delete(daemon->env); 273 free(daemon->env); 274 free(daemon); 275 return NULL; 276 } 277 daemon->acl_interface = acl_list_create(); 278 if(!daemon->acl_interface) { 279 acl_list_delete(daemon->acl); 280 edns_known_options_delete(daemon->env); 281 free(daemon->env); 282 free(daemon); 283 return NULL; 284 } 285 daemon->tcl = tcl_list_create(); 286 if(!daemon->tcl) { 287 acl_list_delete(daemon->acl_interface); 288 acl_list_delete(daemon->acl); 289 edns_known_options_delete(daemon->env); 290 free(daemon->env); 291 free(daemon); 292 return NULL; 293 } 294 listen_setup_locks(); 295 if(gettimeofday(&daemon->time_boot, NULL) < 0) 296 log_err("gettimeofday: %s", strerror(errno)); 297 daemon->time_last_stat = daemon->time_boot; 298 if((daemon->env->auth_zones = auth_zones_create()) == 0) { 299 acl_list_delete(daemon->acl_interface); 300 acl_list_delete(daemon->acl); 301 tcl_list_delete(daemon->tcl); 302 edns_known_options_delete(daemon->env); 303 free(daemon->env); 304 free(daemon); 305 return NULL; 306 } 307 if(!(daemon->env->edns_strings = edns_strings_create())) { 308 auth_zones_delete(daemon->env->auth_zones); 309 acl_list_delete(daemon->acl_interface); 310 acl_list_delete(daemon->acl); 311 tcl_list_delete(daemon->tcl); 312 edns_known_options_delete(daemon->env); 313 free(daemon->env); 314 free(daemon); 315 return NULL; 316 } 317 return daemon; 318} 319 320static int setup_acl_for_ports(struct acl_list* list, 321 struct listen_port* port_list) 322{ 323 struct acl_addr* acl_node; 324 struct addrinfo* addr; 325 for(; port_list; port_list=port_list->next) { 326 if(!port_list->socket) { 327 /* This is mainly for testbound where port_list is 328 * empty. */ 329 continue; 330 } 331 addr = port_list->socket->addr; 332 if(!(acl_node = acl_interface_insert(list, 333 (struct sockaddr_storage*)addr->ai_addr, 334 (socklen_t)addr->ai_addrlen, 335 acl_refuse))) { 336 return 0; 337 } 338 port_list->socket->acl = acl_node; 339 } 340 return 1; 341} 342 343int 344daemon_open_shared_ports(struct daemon* daemon) 345{ 346 log_assert(daemon); 347 if(daemon->cfg->port != daemon->listening_port) { 348 char** resif = NULL; 349 int num_resif = 0; 350 size_t i; 351 struct listen_port* p0; 352 daemon->reuseport = 0; 353 /* free and close old ports */ 354 if(daemon->ports != NULL) { 355 for(i=0; i<daemon->num_ports; i++) 356 listening_ports_free(daemon->ports[i]); 357 free(daemon->ports); 358 daemon->ports = NULL; 359 } 360 /* clean acl_interface */ 361 acl_interface_init(daemon->acl_interface); 362 if(!resolve_interface_names(daemon->cfg->ifs, 363 daemon->cfg->num_ifs, NULL, &resif, &num_resif)) 364 return 0; 365 /* see if we want to reuseport */ 366#ifdef SO_REUSEPORT 367 if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0) 368 daemon->reuseport = 1; 369#endif 370 /* try to use reuseport */ 371 p0 = listening_ports_open(daemon->cfg, resif, num_resif, 372 &daemon->reuseport); 373 if(!p0) { 374 listening_ports_free(p0); 375 config_del_strarray(resif, num_resif); 376 return 0; 377 } 378 if(daemon->reuseport) { 379 /* reuseport was successful, allocate for it */ 380 daemon->num_ports = (size_t)daemon->cfg->num_threads; 381 } else { 382 /* do the normal, singleportslist thing, 383 * reuseport not enabled or did not work */ 384 daemon->num_ports = 1; 385 } 386 if(!(daemon->ports = (struct listen_port**)calloc( 387 daemon->num_ports, sizeof(*daemon->ports)))) { 388 listening_ports_free(p0); 389 config_del_strarray(resif, num_resif); 390 return 0; 391 } 392 daemon->ports[0] = p0; 393 if(!setup_acl_for_ports(daemon->acl_interface, 394 daemon->ports[0])) { 395 listening_ports_free(p0); 396 config_del_strarray(resif, num_resif); 397 return 0; 398 } 399 if(daemon->reuseport) { 400 /* continue to use reuseport */ 401 for(i=1; i<daemon->num_ports; i++) { 402 if(!(daemon->ports[i]= 403 listening_ports_open(daemon->cfg, 404 resif, num_resif, 405 &daemon->reuseport)) 406 || !daemon->reuseport ) { 407 for(i=0; i<daemon->num_ports; i++) 408 listening_ports_free(daemon->ports[i]); 409 free(daemon->ports); 410 daemon->ports = NULL; 411 config_del_strarray(resif, num_resif); 412 return 0; 413 } 414 if(!setup_acl_for_ports(daemon->acl_interface, 415 daemon->ports[i])) { 416 for(i=0; i<daemon->num_ports; i++) 417 listening_ports_free(daemon->ports[i]); 418 free(daemon->ports); 419 daemon->ports = NULL; 420 config_del_strarray(resif, num_resif); 421 return 0; 422 } 423 } 424 } 425 config_del_strarray(resif, num_resif); 426 daemon->listening_port = daemon->cfg->port; 427 } 428 if(!daemon->cfg->remote_control_enable && daemon->rc_port) { 429 listening_ports_free(daemon->rc_ports); 430 daemon->rc_ports = NULL; 431 daemon->rc_port = 0; 432 } 433 if(daemon->cfg->remote_control_enable && 434 daemon->cfg->control_port != daemon->rc_port) { 435 listening_ports_free(daemon->rc_ports); 436 if(!(daemon->rc_ports=daemon_remote_open_ports(daemon->cfg))) 437 return 0; 438 daemon->rc_port = daemon->cfg->control_port; 439 } 440 return 1; 441} 442 443/** 444 * Setup modules. setup module stack. 445 * @param daemon: the daemon 446 */ 447static void daemon_setup_modules(struct daemon* daemon) 448{ 449 daemon->env->cfg = daemon->cfg; 450 daemon->env->alloc = &daemon->superalloc; 451 daemon->env->worker = NULL; 452 daemon->env->need_to_validate = 0; /* set by module init below */ 453 if(!modstack_setup(&daemon->mods, daemon->cfg->module_conf, 454 daemon->env)) { 455 fatal_exit("failed to setup modules"); 456 } 457 log_edns_known_options(VERB_ALGO, daemon->env); 458} 459 460/** 461 * Obtain allowed port numbers, concatenate the list, and shuffle them 462 * (ready to be handed out to threads). 463 * @param daemon: the daemon. Uses rand and cfg. 464 * @param shufport: the portlist output. 465 * @return number of ports available. 466 */ 467static int daemon_get_shufport(struct daemon* daemon, int* shufport) 468{ 469 int i, n, k, temp; 470 int avail = 0; 471 for(i=0; i<65536; i++) { 472 if(daemon->cfg->outgoing_avail_ports[i]) { 473 shufport[avail++] = daemon->cfg-> 474 outgoing_avail_ports[i]; 475 } 476 } 477 if(avail == 0) 478 fatal_exit("no ports are permitted for UDP, add " 479 "with outgoing-port-permit"); 480 /* Knuth shuffle */ 481 n = avail; 482 while(--n > 0) { 483 k = ub_random_max(daemon->rand, n+1); /* 0<= k<= n */ 484 temp = shufport[k]; 485 shufport[k] = shufport[n]; 486 shufport[n] = temp; 487 } 488 return avail; 489} 490 491/** 492 * Clear and delete per-worker alloc caches, and free memory maintained in 493 * superalloc. 494 * The rrset and message caches must be empty at the time of call. 495 * @param daemon: the daemon that maintains the alloc caches to be cleared. 496 */ 497static void 498daemon_clear_allocs(struct daemon* daemon) 499{ 500 int i; 501 502 for(i=0; i<daemon->num; i++) { 503 alloc_clear(daemon->worker_allocs[i]); 504 free(daemon->worker_allocs[i]); 505 } 506 free(daemon->worker_allocs); 507 daemon->worker_allocs = NULL; 508 509 alloc_clear_special(&daemon->superalloc); 510} 511 512/** 513 * Allocate empty worker structures. With backptr and thread-number, 514 * from 0..numthread initialised. Used as user arguments to new threads. 515 * Creates the daemon random generator if it does not exist yet. 516 * The random generator stays existing between reloads with a unique state. 517 * @param daemon: the daemon with (new) config settings. 518 */ 519static void 520daemon_create_workers(struct daemon* daemon) 521{ 522 int i, numport; 523 int* shufport; 524 log_assert(daemon && daemon->cfg); 525 if(!daemon->rand) { 526 daemon->rand = ub_initstate(NULL); 527 if(!daemon->rand) 528 fatal_exit("could not init random generator"); 529 hash_set_raninit((uint32_t)ub_random(daemon->rand)); 530 } 531 shufport = (int*)calloc(65536, sizeof(int)); 532 if(!shufport) 533 fatal_exit("out of memory during daemon init"); 534 numport = daemon_get_shufport(daemon, shufport); 535 verbose(VERB_ALGO, "total of %d outgoing ports available", numport); 536 537 daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1); 538 if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) { 539 log_warn("cannot reduce num-threads to %d because so-reuseport " 540 "so continuing with %d threads.", (int)daemon->num, 541 (int)daemon->num_ports); 542 daemon->num = (int)daemon->num_ports; 543 } 544 daemon->workers = (struct worker**)calloc((size_t)daemon->num, 545 sizeof(struct worker*)); 546 if(!daemon->workers) 547 fatal_exit("out of memory during daemon init"); 548 if(daemon->cfg->dnstap) { 549#ifdef USE_DNSTAP 550 daemon->dtenv = dt_create(daemon->cfg); 551 if (!daemon->dtenv) 552 fatal_exit("dt_create failed"); 553#else 554 fatal_exit("dnstap enabled in config but not built with dnstap support"); 555#endif 556 } 557 for(i=0; i<daemon->num; i++) { 558 if(!(daemon->workers[i] = worker_create(daemon, i, 559 shufport+numport*i/daemon->num, 560 numport*(i+1)/daemon->num - numport*i/daemon->num))) 561 /* the above is not ports/numthr, due to rounding */ 562 fatal_exit("could not create worker"); 563 } 564 /* create per-worker alloc caches if not reusing existing ones. */ 565 if(!daemon->worker_allocs) { 566 daemon->worker_allocs = (struct alloc_cache**)calloc( 567 (size_t)daemon->num, sizeof(struct alloc_cache*)); 568 if(!daemon->worker_allocs) 569 fatal_exit("could not allocate worker allocs"); 570 for(i=0; i<daemon->num; i++) { 571 struct alloc_cache* alloc = calloc(1, 572 sizeof(struct alloc_cache)); 573 if (!alloc) 574 fatal_exit("could not allocate worker alloc"); 575 alloc_init(alloc, &daemon->superalloc, i); 576 daemon->worker_allocs[i] = alloc; 577 } 578 } 579 free(shufport); 580} 581 582#ifdef THREADS_DISABLED 583/** 584 * Close all pipes except for the numbered thread. 585 * @param daemon: daemon to close pipes in. 586 * @param thr: thread number 0..num-1 of thread to skip. 587 */ 588static void close_other_pipes(struct daemon* daemon, int thr) 589{ 590 int i; 591 for(i=0; i<daemon->num; i++) 592 if(i!=thr) { 593 if(i==0) { 594 /* only close read part, need to write stats */ 595 tube_close_read(daemon->workers[i]->cmd); 596 } else { 597 /* complete close channel to others */ 598 tube_delete(daemon->workers[i]->cmd); 599 daemon->workers[i]->cmd = NULL; 600 } 601 } 602} 603#endif /* THREADS_DISABLED */ 604 605/** 606 * Function to start one thread. 607 * @param arg: user argument. 608 * @return: void* user return value could be used for thread_join results. 609 */ 610static void* 611thread_start(void* arg) 612{ 613 struct worker* worker = (struct worker*)arg; 614 int port_num = 0; 615 log_thread_set(&worker->thread_num); 616 ub_thread_blocksigs(); 617#ifdef THREADS_DISABLED 618 /* close pipe ends used by main */ 619 tube_close_write(worker->cmd); 620 close_other_pipes(worker->daemon, worker->thread_num); 621#endif 622#ifdef SO_REUSEPORT 623 if(worker->daemon->cfg->so_reuseport) 624 port_num = worker->thread_num % worker->daemon->num_ports; 625 else 626 port_num = 0; 627#endif 628 if(!worker_init(worker, worker->daemon->cfg, 629 worker->daemon->ports[port_num], 0)) 630 fatal_exit("Could not initialize thread"); 631 632 worker_work(worker); 633 return NULL; 634} 635 636/** 637 * Fork and init the other threads. Main thread returns for special handling. 638 * @param daemon: the daemon with other threads to fork. 639 */ 640static void 641daemon_start_others(struct daemon* daemon) 642{ 643 int i; 644 log_assert(daemon); 645 verbose(VERB_ALGO, "start threads"); 646 /* skip i=0, is this thread */ 647 for(i=1; i<daemon->num; i++) { 648 ub_thread_create(&daemon->workers[i]->thr_id, 649 thread_start, daemon->workers[i]); 650#ifdef THREADS_DISABLED 651 /* close pipe end of child */ 652 tube_close_read(daemon->workers[i]->cmd); 653#endif /* no threads */ 654 } 655} 656 657/** 658 * Stop the other threads. 659 * @param daemon: the daemon with other threads. 660 */ 661static void 662daemon_stop_others(struct daemon* daemon) 663{ 664 int i; 665 log_assert(daemon); 666 verbose(VERB_ALGO, "stop threads"); 667 /* skip i=0, is this thread */ 668 /* use i=0 buffer for sending cmds; because we are #0 */ 669 for(i=1; i<daemon->num; i++) { 670 worker_send_cmd(daemon->workers[i], worker_cmd_quit); 671 } 672 /* wait for them to quit */ 673 for(i=1; i<daemon->num; i++) { 674 /* join it to make sure its dead */ 675 verbose(VERB_ALGO, "join %d", i); 676 ub_thread_join(daemon->workers[i]->thr_id); 677 verbose(VERB_ALGO, "join success %d", i); 678 } 679} 680 681void 682daemon_fork(struct daemon* daemon) 683{ 684 int have_view_respip_cfg = 0; 685#ifdef HAVE_SYSTEMD 686 int ret; 687#endif 688 689 log_assert(daemon); 690 if(!(daemon->views = views_create())) 691 fatal_exit("Could not create views: out of memory"); 692 /* create individual views and their localzone/data trees */ 693 if(!views_apply_cfg(daemon->views, daemon->cfg)) 694 fatal_exit("Could not set up views"); 695 696 if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views)) 697 fatal_exit("Could not setup access control list"); 698 if(!acl_interface_apply_cfg(daemon->acl_interface, daemon->cfg, 699 daemon->views)) 700 fatal_exit("Could not setup interface control list"); 701 if(!tcl_list_apply_cfg(daemon->tcl, daemon->cfg)) 702 fatal_exit("Could not setup TCP connection limits"); 703 if(daemon->cfg->dnscrypt) { 704#ifdef USE_DNSCRYPT 705 daemon->dnscenv = dnsc_create(); 706 if (!daemon->dnscenv) 707 fatal_exit("dnsc_create failed"); 708 dnsc_apply_cfg(daemon->dnscenv, daemon->cfg); 709#else 710 fatal_exit("dnscrypt enabled in config but unbound was not built with " 711 "dnscrypt support"); 712#endif 713 } 714 /* create global local_zones */ 715 if(!(daemon->local_zones = local_zones_create())) 716 fatal_exit("Could not create local zones: out of memory"); 717 if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg)) 718 fatal_exit("Could not set up local zones"); 719 720 /* process raw response-ip configuration data */ 721 if(!(daemon->respip_set = respip_set_create())) 722 fatal_exit("Could not create response IP set"); 723 if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg)) 724 fatal_exit("Could not set up response IP set"); 725 if(!respip_views_apply_cfg(daemon->views, daemon->cfg, 726 &have_view_respip_cfg)) 727 fatal_exit("Could not set up per-view response IP sets"); 728 daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) || 729 have_view_respip_cfg; 730 731 /* setup modules */ 732 daemon_setup_modules(daemon); 733 734 /* read auth zonefiles */ 735 if(!auth_zones_apply_cfg(daemon->env->auth_zones, daemon->cfg, 1, 736 &daemon->use_rpz, daemon->env, &daemon->mods)) 737 fatal_exit("auth_zones could not be setup"); 738 739 /* Set-up EDNS strings */ 740 if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg)) 741 fatal_exit("Could not set up EDNS strings"); 742 743 /* response-ip-xxx options don't work as expected without the respip 744 * module. To avoid run-time operational surprise we reject such 745 * configuration. */ 746 if(daemon->use_response_ip && 747 modstack_find(&daemon->mods, "respip") < 0) 748 fatal_exit("response-ip options require respip module"); 749 /* RPZ response ip triggers don't work as expected without the respip 750 * module. To avoid run-time operational surprise we reject such 751 * configuration. */ 752 if(daemon->use_rpz && 753 modstack_find(&daemon->mods, "respip") < 0) 754 fatal_exit("RPZ requires the respip module"); 755 756 /* first create all the worker structures, so we can pass 757 * them to the newly created threads. 758 */ 759 daemon_create_workers(daemon); 760 761#if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) 762 /* in libev the first inited base gets signals */ 763 if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1)) 764 fatal_exit("Could not initialize main thread"); 765#endif 766 767 /* Now create the threads and init the workers. 768 * By the way, this is thread #0 (the main thread). 769 */ 770 daemon_start_others(daemon); 771 772 /* Special handling for the main thread. This is the thread 773 * that handles signals and remote control. 774 */ 775#if !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) 776 /* libevent has the last inited base get signals (or any base) */ 777 if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1)) 778 fatal_exit("Could not initialize main thread"); 779#endif 780 signal_handling_playback(daemon->workers[0]); 781 782 if (!shm_main_init(daemon)) 783 log_warn("SHM has failed"); 784 785 /* Start resolver service on main thread. */ 786#ifdef HAVE_SYSTEMD 787 ret = sd_notify(0, "READY=1"); 788 if(ret <= 0 && getenv("NOTIFY_SOCKET")) 789 fatal_exit("sd_notify failed %s: %s. Make sure that unbound has " 790 "access/permission to use the socket presented by systemd.", 791 getenv("NOTIFY_SOCKET"), 792 (ret==0?"no $NOTIFY_SOCKET": strerror(-ret))); 793#endif 794 log_info("start of service (%s).", PACKAGE_STRING); 795 worker_work(daemon->workers[0]); 796#ifdef HAVE_SYSTEMD 797 if (daemon->workers[0]->need_to_exit) 798 sd_notify(0, "STOPPING=1"); 799 else 800 sd_notify(0, "RELOADING=1"); 801#endif 802 log_info("service stopped (%s).", PACKAGE_STRING); 803 804 /* we exited! a signal happened! Stop other threads */ 805 daemon_stop_others(daemon); 806 807 /* Shutdown SHM */ 808 shm_main_shutdown(daemon); 809 810 daemon->reuse_cache = daemon->workers[0]->reuse_cache; 811 daemon->need_to_exit = daemon->workers[0]->need_to_exit; 812} 813 814void 815daemon_cleanup(struct daemon* daemon) 816{ 817 int i; 818 log_assert(daemon); 819 /* before stopping main worker, handle signals ourselves, so we 820 don't die on multiple reload signals for example. */ 821 signal_handling_record(); 822 log_thread_set(NULL); 823 /* clean up caches because 824 * a) RRset IDs will be recycled after a reload, causing collisions 825 * b) validation config can change, thus rrset, msg, keycache clear 826 * 827 * If we are trying to keep the cache as long as possible, we should 828 * defer the cleanup until we know whether the new configuration allows 829 * the reuse. (If we're exiting, cleanup should be done here). */ 830 if(!daemon->reuse_cache || daemon->need_to_exit) { 831 slabhash_clear(&daemon->env->rrset_cache->table); 832 slabhash_clear(daemon->env->msg_cache); 833 } 834 daemon->old_num = daemon->num; /* save the current num */ 835 local_zones_delete(daemon->local_zones); 836 daemon->local_zones = NULL; 837 respip_set_delete(daemon->respip_set); 838 daemon->respip_set = NULL; 839 views_delete(daemon->views); 840 daemon->views = NULL; 841 if(daemon->env->auth_zones) 842 auth_zones_cleanup(daemon->env->auth_zones); 843 /* key cache is cleared by module desetup during next daemon_fork() */ 844 daemon_remote_clear(daemon->rc); 845 for(i=0; i<daemon->num; i++) 846 worker_delete(daemon->workers[i]); 847 free(daemon->workers); 848 daemon->workers = NULL; 849 /* Unless we're trying to keep the cache, worker alloc_caches should be 850 * cleared and freed here. We do this after deleting workers to 851 * guarantee that the alloc caches are valid throughout the lifetime 852 * of workers. */ 853 if(!daemon->reuse_cache || daemon->need_to_exit) 854 daemon_clear_allocs(daemon); 855 daemon->num = 0; 856#ifdef USE_DNSTAP 857 dt_delete(daemon->dtenv); 858 daemon->dtenv = NULL; 859#endif 860#ifdef USE_DNSCRYPT 861 dnsc_delete(daemon->dnscenv); 862 daemon->dnscenv = NULL; 863#endif 864 daemon->cfg = NULL; 865} 866 867void 868daemon_delete(struct daemon* daemon) 869{ 870 size_t i; 871 if(!daemon) 872 return; 873 modstack_desetup(&daemon->mods, daemon->env); 874 daemon_remote_delete(daemon->rc); 875 for(i = 0; i < daemon->num_ports; i++) 876 listening_ports_free(daemon->ports[i]); 877 free(daemon->ports); 878 listening_ports_free(daemon->rc_ports); 879 if(daemon->env) { 880 slabhash_delete(daemon->env->msg_cache); 881 rrset_cache_delete(daemon->env->rrset_cache); 882 infra_delete(daemon->env->infra_cache); 883 edns_known_options_delete(daemon->env); 884 edns_strings_delete(daemon->env->edns_strings); 885 auth_zones_delete(daemon->env->auth_zones); 886 } 887 ub_randfree(daemon->rand); 888 alloc_clear(&daemon->superalloc); 889 acl_list_delete(daemon->acl); 890 acl_list_delete(daemon->acl_interface); 891 tcl_list_delete(daemon->tcl); 892 listen_desetup_locks(); 893 free(daemon->chroot); 894 free(daemon->pidfile); 895 free(daemon->env); 896#ifdef HAVE_SSL 897 listen_sslctx_delete_ticket_keys(); 898 SSL_CTX_free((SSL_CTX*)daemon->listen_sslctx); 899 SSL_CTX_free((SSL_CTX*)daemon->connect_sslctx); 900#endif 901 free(daemon); 902 /* lex cleanup */ 903 ub_c_lex_destroy(); 904 /* libcrypto cleanup */ 905#ifdef HAVE_SSL 906# if defined(USE_GOST) 907 sldns_key_EVP_unload_gost(); 908# endif 909# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE 910# ifndef S_SPLINT_S 911# if OPENSSL_VERSION_NUMBER < 0x10100000 912 sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free); 913# endif 914# endif 915# endif 916# ifdef HAVE_OPENSSL_CONFIG 917 EVP_cleanup(); 918# if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) && defined(HAVE_ENGINE_CLEANUP) 919 ENGINE_cleanup(); 920# endif 921 CONF_modules_free(); 922# endif 923# ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 924 CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */ 925# endif 926# ifdef HAVE_ERR_FREE_STRINGS 927 ERR_free_strings(); 928# endif 929# if OPENSSL_VERSION_NUMBER < 0x10100000 930 RAND_cleanup(); 931# endif 932# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) 933 ub_openssl_lock_delete(); 934# endif 935#ifndef HAVE_ARC4RANDOM 936 _ARC4_LOCK_DESTROY(); 937#endif 938#elif defined(HAVE_NSS) 939 NSS_Shutdown(); 940#endif /* HAVE_SSL or HAVE_NSS */ 941 checklock_stop(); 942#ifdef USE_WINSOCK 943 if(WSACleanup() != 0) { 944 log_err("Could not WSACleanup: %s", 945 wsa_strerror(WSAGetLastError())); 946 } 947#endif 948} 949 950void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg) 951{ 952 int new_num = cfg->num_threads?cfg->num_threads:1; 953 954 daemon->cfg = cfg; 955 config_apply(cfg); 956 957 /* If this is a reload and we deferred the decision on whether to 958 * reuse the alloc, RRset, and message caches, then check to see if 959 * it's safe to keep the caches: 960 * - changing the number of threads is obviously incompatible with 961 * keeping the per-thread alloc caches. It also means we have to 962 * clear RRset and message caches. (note that 'new_num' may be 963 * adjusted in daemon_create_workers, but for our purpose we can 964 * simply compare it with 'old_num'; if they are equal here, 965 * 'new_num' won't be adjusted to a different value than 'old_num'). 966 * - changing RRset cache size effectively clears any remaining cache 967 * entries. We could keep their keys in alloc caches, but it would 968 * be more consistent with the sense of the change to clear allocs 969 * and free memory. To do so we also have to clear message cache. 970 * - only changing message cache size does not necessarily affect 971 * RRset or alloc cache. But almost all new subsequent queries will 972 * require recursive resolution anyway, so it doesn't help much to 973 * just keep RRset and alloc caches. For simplicity we clear/free 974 * the other two, too. */ 975 if(daemon->worker_allocs && 976 (new_num != daemon->old_num || 977 !slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size, 978 cfg->msg_cache_slabs) || 979 !slabhash_is_size(&daemon->env->rrset_cache->table, 980 cfg->rrset_cache_size, cfg->rrset_cache_slabs))) 981 { 982 log_warn("cannot reuse caches due to critical config change"); 983 slabhash_clear(&daemon->env->rrset_cache->table); 984 slabhash_clear(daemon->env->msg_cache); 985 daemon_clear_allocs(daemon); 986 } 987 988 if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size, 989 cfg->msg_cache_slabs)) { 990 slabhash_delete(daemon->env->msg_cache); 991 daemon->env->msg_cache = slabhash_create(cfg->msg_cache_slabs, 992 HASH_DEFAULT_STARTARRAY, cfg->msg_cache_size, 993 msgreply_sizefunc, query_info_compare, 994 query_entry_delete, reply_info_delete, NULL); 995 if(!daemon->env->msg_cache) { 996 fatal_exit("malloc failure updating config settings"); 997 } 998 } 999 if((daemon->env->rrset_cache = rrset_cache_adjust( 1000 daemon->env->rrset_cache, cfg, &daemon->superalloc)) == 0) 1001 fatal_exit("malloc failure updating config settings"); 1002 if((daemon->env->infra_cache = infra_adjust(daemon->env->infra_cache, 1003 cfg))==0) 1004 fatal_exit("malloc failure updating config settings"); 1005} 1006