mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-23 10:39:16 +00:00
Code Issues Releases Wiki Activity
bind/lib/ns/server.c

243 lines
5.8 KiB
C
Raw Normal View History

[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
/*
Update license headers to not include years in copyright in all applicable files
2018-02-23 09:53:12 +01:00
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
*
Update the copyright information in all files in the repository This commit converts the license handling to adhere to the REUSE specification. It specifically: 1. Adds used licnses to LICENSES/ directory 2. Add "isc" template for adding the copyright boilerplate 3. Changes all source files to include copyright and SPDX license header, this includes all the C sources, documentation, zone files, configuration files. There are notes in the doc/dev/copyrights file on how to add correct headers to the new files. 4. Handle the rest that can't be modified via .reuse/dep5 file. The binary (or otherwise unmodifiable) files could have license places next to them in <foo>.license file, but this would lead to cluttered repository and most of the files handled in the .reuse/dep5 file are system test files.
2021-06-03 08:37:05 +02:00
* SPDX-License-Identifier: MPL-2.0
*
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
update all copyright headers to eliminate the typo
2020-09-14 16:20:40 -07:00
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
Update license headers to not include years in copyright in all applicable files
2018-02-23 09:53:12 +01:00
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
*/
/*! \file */
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
#include <stdbool.h>
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
#include <isc/mem.h>
#include <isc/stats.h>
4774. [bug] <isc/util.h> was incorrectly included in several header files. [RT #46311]
2017-10-19 12:26:32 +11:00
#include <isc/util.h>
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
#include <dns/stats.h>
Use clang-format to reformat the source files
2020-02-12 13:59:18 +01:00
#include <dns/tkey.h>
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
refactor filter-aaaa implementation - the goal of this change is for AAAA filtering to be fully contained in the query logic, and implemented at discrete points that can be replaced with hook callouts later on. - the new code may be slightly less efficient than the old filter-aaaa implementation, but maximum efficiency was never a priority for AAAA filtering anyway. - we now use the rdataset RENDERED attribute to indicate that an AAAA rdataset should not be included when rendering the message. (this flag was originally meant to indicate that an rdataset has already been rendered and should not be repeated, but it can also be used to prevent rendering in the first place.) - the DNS_MESSAGERENDER_FILTER_AAAA, NS_CLIENTATTR_FILTER_AAAA, and DNS_RDATASETGLUE_FILTERAAAA flags are all now unnecessary and have been removed.
2018-08-06 19:34:20 -07:00
#include <ns/query.h>
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
#include <ns/server.h>
#include <ns/stats.h>
apply the modified style
2020-02-13 14:44:37 -08:00
#define SCTX_MAGIC ISC_MAGIC('S', 'c', 't', 'x')
Use clang-format to reformat the source files
2020-02-12 13:59:18 +01:00
#define SCTX_VALID(s) ISC_MAGIC_VALID(s, SCTX_MAGIC)
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
Use clang-format to reformat the source files
2020-02-12 13:59:18 +01:00
#define CHECKFATAL(op) \
do { \
result = (op); \
RUNTIME_CHECK(result == ISC_R_SUCCESS); \
} while (0)
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_result_t
Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. The three functions has been modeled after the arc4random family of functions, and they will always return random bytes. The isc_random family of functions internally use these CSPRNG (if available): 1. getrandom() libc call (might be available on Linux and Solaris) 2. SYS_getrandom syscall (might be available on Linux, detected at runtime) 3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X) 4. crypto library function: 4a. RAND_bytes in case OpenSSL 4b. pkcs_C_GenerateRandom() in case PKCS#11 library
2018-04-22 14:56:28 +02:00
ns_server_create(isc_mem_t *mctx, ns_matchview_t matchingview,
apply the modified style
2020-02-13 14:44:37 -08:00
ns_server_t **sctxp) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
ns_server_t *sctx;
isc_result_t result;
REQUIRE(sctxp != NULL && *sctxp == NULL);
sctx = isc_mem_get(mctx, sizeof(*sctx));
memset(sctx, 0, sizeof(*sctx));
isc_mem_attach(mctx, &sctx->mctx);
isc_refcount_init() now doesn't return isc_result_t and asserts on failed initialization
2018-08-01 11:46:11 +02:00
isc_refcount_init(&sctx->references, 1);
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_quota_init now returns 'void'
2018-11-16 15:45:01 +01:00
isc_quota_init(&sctx->xfroutquota, 10);
isc_quota_init(&sctx->tcpquota, 10);
isc_quota_init(&sctx->recursionquota, 100);
Add (http-)listener-clients option (DoH quota mechanism) This commit adds support for http-listener-clients global options as well as ability to override the default in an HTTP server description, like: http local-http-server { ... listener-clients 100; ... }; This way we have ability to specify per-listener active connections quota globally and then override it when required. This is exactly what AT&T requested us: they wanted a functionality to specify quota globally and then override it for specific IPs. This change functionality makes such a configuration possible. It makes sense: for example, one could have different quotas for internal and external clients. Or, for example, one could use BIND's internal ability to serve encrypted DoH with some sane quota value for internal clients, while having un-encrypted DoH listener without quota to put BIND behind a load balancer doing TLS offloading for external clients. Moreover, the code no more shares the quota with TCP, which makes little sense anyway (see tcp-clients option), because of the nature of interaction of DoH clients: they tend to keep idle opened connections for longer periods of time, preventing the TCP and TLS client from being served. Thus, the need to have a separate, generally larger, quota for them. Also, the change makes any option within "http <name> { ... };" statement optional, making it easier to override only required default options. By default, the DoH connections are limited to 300 per listener. I hope that it is a good initial guesstimate.
2021-05-14 14:18:57 +03:00
ISC_LIST_INIT(sctx->http_quotas);
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. The three functions has been modeled after the arc4random family of functions, and they will always return random bytes. The isc_random family of functions internally use these CSPRNG (if available): 1. getrandom() libc call (might be available on Linux and Solaris) 2. SYS_getrandom syscall (might be available on Linux, detected at runtime) 3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X) 4. crypto library function: 4a. RAND_bytes in case OpenSSL 4b. pkcs_C_GenerateRandom() in case PKCS#11 library
2018-04-22 14:56:28 +02:00
CHECKFATAL(dns_tkeyctx_create(mctx, &sctx->tkeyctx));
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
CHECKFATAL(ns_stats_create(mctx, ns_statscounter_max, &sctx->nsstats));
CHECKFATAL(dns_rdatatypestats_create(mctx, &sctx->rcvquerystats));
CHECKFATAL(dns_opcodestats_create(mctx, &sctx->opcodestats));
CHECKFATAL(dns_rcodestats_create(mctx, &sctx->rcodestats));
CHECKFATAL(isc_stats_create(mctx, &sctx->udpinstats4,
dns_sizecounter_in_max));
CHECKFATAL(isc_stats_create(mctx, &sctx->udpoutstats4,
dns_sizecounter_out_max));
CHECKFATAL(isc_stats_create(mctx, &sctx->udpinstats6,
dns_sizecounter_in_max));
CHECKFATAL(isc_stats_create(mctx, &sctx->udpoutstats6,
dns_sizecounter_out_max));
CHECKFATAL(isc_stats_create(mctx, &sctx->tcpinstats4,
dns_sizecounter_in_max));
CHECKFATAL(isc_stats_create(mctx, &sctx->tcpoutstats4,
dns_sizecounter_out_max));
CHECKFATAL(isc_stats_create(mctx, &sctx->tcpinstats6,
dns_sizecounter_in_max));
CHECKFATAL(isc_stats_create(mctx, &sctx->tcpoutstats6,
dns_sizecounter_out_max));
Simplify the EDNS buffer size logic for DNS Flag Day 2020 The DNS Flag Day 2020 aims to remove the IP fragmentation problem from the UDP DNS communication. In this commit, we implement the required changes and simplify the logic for picking the EDNS Buffer Size. 1. The defaults for `edns-udp-size`, `max-udp-size` and `nocookie-udp-size` have been changed to `1232` (the value picked by DNS Flag Day 2020). 2. The probing heuristics that would try 512->4096->1432->1232 buffer sizes has been removed and the resolver will always use just the `edns-udp-size` value. 3. Instead of just disabling the PMTUD mechanism on the UDP sockets, we now set IP_DONTFRAG (IPV6_DONTFRAG) flag. That means that the UDP packets won't get ever fragmented. If the ICMP packets are lost the UDP will just timeout and eventually be retried over TCP.
2020-09-23 14:47:26 +02:00
sctx->udpsize = 1232;
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
sctx->transfer_tcp_message_size = 20480;
sctx->fuzztype = isc_fuzz_none;
sctx->fuzznotify = NULL;
sctx->gethostname = NULL;
sctx->matchingview = matchingview;
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
sctx->answercookie = true;
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
ISC_LIST_INIT(sctx->altsecrets);
sctx->magic = SCTX_MAGIC;
*sctxp = sctx;
return (ISC_R_SUCCESS);
}
void
apply the modified style
2020-02-13 14:44:37 -08:00
ns_server_attach(ns_server_t *src, ns_server_t **dest) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
REQUIRE(SCTX_VALID(src));
REQUIRE(dest != NULL && *dest == NULL);
Rewrite isc_refcount API to fetch_and_<op>, instead of former <op>_and_<fetch>
2018-08-17 15:16:59 +02:00
isc_refcount_increment(&src->references);
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
*dest = src;
}
void
apply the modified style
2020-02-13 14:44:37 -08:00
ns_server_detach(ns_server_t **sctxp) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
ns_server_t *sctx;
Refactor *_destroy and *_detach functions to unified order of actions. This properly orders clearing the freed pointer and calling isc_refcount_destroy as early as possible to have ability to put proper memory barrier when cleaning up reference counting.
2018-08-28 10:18:59 +02:00
REQUIRE(sctxp != NULL && SCTX_VALID(*sctxp));
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
sctx = *sctxp;
Refactor *_destroy and *_detach functions to unified order of actions. This properly orders clearing the freed pointer and calling isc_refcount_destroy as early as possible to have ability to put proper memory barrier when cleaning up reference counting.
2018-08-28 10:18:59 +02:00
*sctxp = NULL;
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
Rewrite isc_refcount API to fetch_and_<op>, instead of former <op>_and_<fetch>
2018-08-17 15:16:59 +02:00
if (isc_refcount_decrement(&sctx->references) == 1) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
ns_altsecret_t *altsecret;
Add (http-)listener-clients option (DoH quota mechanism) This commit adds support for http-listener-clients global options as well as ability to override the default in an HTTP server description, like: http local-http-server { ... listener-clients 100; ... }; This way we have ability to specify per-listener active connections quota globally and then override it when required. This is exactly what AT&T requested us: they wanted a functionality to specify quota globally and then override it for specific IPs. This change functionality makes such a configuration possible. It makes sense: for example, one could have different quotas for internal and external clients. Or, for example, one could use BIND's internal ability to serve encrypted DoH with some sane quota value for internal clients, while having un-encrypted DoH listener without quota to put BIND behind a load balancer doing TLS offloading for external clients. Moreover, the code no more shares the quota with TCP, which makes little sense anyway (see tcp-clients option), because of the nature of interaction of DoH clients: they tend to keep idle opened connections for longer periods of time, preventing the TCP and TLS client from being served. Thus, the need to have a separate, generally larger, quota for them. Also, the change makes any option within "http <name> { ... };" statement optional, making it easier to override only required default options. By default, the DoH connections are limited to 300 per listener. I hope that it is a good initial guesstimate.
2021-05-14 14:18:57 +03:00
isc_quota_t *http_quota;
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
while ((altsecret = ISC_LIST_HEAD(sctx->altsecrets)) != NULL) {
ISC_LIST_UNLINK(sctx->altsecrets, altsecret, link);
isc_mem_put(sctx->mctx, altsecret, sizeof(*altsecret));
}
isc_quota_destroy(&sctx->recursionquota);
isc_quota_destroy(&sctx->tcpquota);
isc_quota_destroy(&sctx->xfroutquota);
Add (http-)listener-clients option (DoH quota mechanism) This commit adds support for http-listener-clients global options as well as ability to override the default in an HTTP server description, like: http local-http-server { ... listener-clients 100; ... }; This way we have ability to specify per-listener active connections quota globally and then override it when required. This is exactly what AT&T requested us: they wanted a functionality to specify quota globally and then override it for specific IPs. This change functionality makes such a configuration possible. It makes sense: for example, one could have different quotas for internal and external clients. Or, for example, one could use BIND's internal ability to serve encrypted DoH with some sane quota value for internal clients, while having un-encrypted DoH listener without quota to put BIND behind a load balancer doing TLS offloading for external clients. Moreover, the code no more shares the quota with TCP, which makes little sense anyway (see tcp-clients option), because of the nature of interaction of DoH clients: they tend to keep idle opened connections for longer periods of time, preventing the TCP and TLS client from being served. Thus, the need to have a separate, generally larger, quota for them. Also, the change makes any option within "http <name> { ... };" statement optional, making it easier to override only required default options. By default, the DoH connections are limited to 300 per listener. I hope that it is a good initial guesstimate.
2021-05-14 14:18:57 +03:00
http_quota = ISC_LIST_HEAD(sctx->http_quotas);
while (http_quota != NULL) {
isc_quota_t *next = NULL;
next = ISC_LIST_NEXT(http_quota, link);
ISC_LIST_DEQUEUE(sctx->http_quotas, http_quota, link);
isc_quota_destroy(http_quota);
isc_mem_put(sctx->mctx, http_quota,
sizeof(*http_quota));
http_quota = next;
}
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
if (sctx->server_id != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_mem_free(sctx->mctx, sctx->server_id);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
if (sctx->blackholeacl != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
dns_acl_detach(&sctx->blackholeacl);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
if (sctx->tkeyctx != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
dns_tkeyctx_destroy(&sctx->tkeyctx);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
if (sctx->nsstats != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
ns_stats_detach(&sctx->nsstats);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
if (sctx->rcvquerystats != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
dns_stats_detach(&sctx->rcvquerystats);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
if (sctx->opcodestats != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
dns_stats_detach(&sctx->opcodestats);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
if (sctx->rcodestats != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
dns_stats_detach(&sctx->rcodestats);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
if (sctx->udpinstats4 != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_stats_detach(&sctx->udpinstats4);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
if (sctx->tcpinstats4 != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_stats_detach(&sctx->tcpinstats4);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
if (sctx->udpoutstats4 != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_stats_detach(&sctx->udpoutstats4);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
if (sctx->tcpoutstats4 != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_stats_detach(&sctx->tcpoutstats4);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
if (sctx->udpinstats6 != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_stats_detach(&sctx->udpinstats6);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
if (sctx->tcpinstats6 != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_stats_detach(&sctx->tcpinstats6);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
if (sctx->udpoutstats6 != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_stats_detach(&sctx->udpoutstats6);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
if (sctx->tcpoutstats6 != NULL) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_stats_detach(&sctx->tcpoutstats6);
Make lib/ns Thread Sanitizer clean
2019-07-04 15:45:06 +02:00
}
sctx->magic = 0;
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
isc_mem_putanddetach(&sctx->mctx, sctx, sizeof(*sctx));
}
}
isc_result_t
apply the modified style
2020-02-13 14:44:37 -08:00
ns_server_setserverid(ns_server_t *sctx, const char *serverid) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
REQUIRE(SCTX_VALID(sctx));
if (sctx->server_id != NULL) {
isc_mem_free(sctx->mctx, sctx->server_id);
sctx->server_id = NULL;
}
if (serverid != NULL) {
sctx->server_id = isc_mem_strdup(sctx->mctx, serverid);
}
return (ISC_R_SUCCESS);
}
void
apply the modified style
2020-02-13 14:44:37 -08:00
ns_server_setoption(ns_server_t *sctx, unsigned int option, bool value) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
REQUIRE(SCTX_VALID(sctx));
if (value) {
sctx->options |= option;
} else {
sctx->options &= ~option;
}
}
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
bool
apply the modified style
2020-02-13 14:44:37 -08:00
ns_server_getoption(ns_server_t *sctx, unsigned int option) {
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
REQUIRE(SCTX_VALID(sctx));
Turn (int & flag) into (int & flag) != 0 when implicitly typed to bool
2018-10-11 11:57:57 +02:00
return ((sctx->options & option) != 0);
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
}
Reference in New Issue Copy Permalink