1999-07-24 01:17:44 +00:00
|
|
|
/*
|
2018-02-23 09:53:12 +01:00
|
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
2000-08-01 01:33:37 +00:00
|
|
|
*
|
2016-06-27 14:56:38 +10:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
2018-02-23 09:53:12 +01:00
|
|
|
*
|
|
|
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
* information regarding copyright ownership.
|
1999-07-24 01:17:44 +00:00
|
|
|
*/
|
|
|
|
|
|
2018-03-28 14:19:37 +02:00
|
|
|
#include <inttypes.h>
|
2018-04-17 08:29:14 -07:00
|
|
|
#include <stdbool.h>
|
2018-03-28 14:19:37 +02:00
|
|
|
|
2015-07-06 09:44:24 +10:00
|
|
|
#include <isc/aes.h>
|
2001-08-08 22:54:55 +00:00
|
|
|
#include <isc/formatcheck.h>
|
2017-09-08 13:39:09 -07:00
|
|
|
#include <isc/fuzz.h>
|
2018-03-20 17:20:50 +00:00
|
|
|
#include <isc/hmac.h>
|
2000-08-25 01:08:07 +00:00
|
|
|
#include <isc/mutex.h>
|
2001-05-25 07:39:48 +00:00
|
|
|
#include <isc/once.h>
|
2018-05-28 15:22:23 +02:00
|
|
|
#include <isc/nonce.h>
|
2005-06-04 05:32:50 +00:00
|
|
|
#include <isc/platform.h>
|
2001-01-22 18:58:36 +00:00
|
|
|
#include <isc/print.h>
|
2011-10-10 22:57:14 +00:00
|
|
|
#include <isc/queue.h>
|
2014-02-19 12:53:42 +11:00
|
|
|
#include <isc/random.h>
|
2015-08-17 18:26:44 -07:00
|
|
|
#include <isc/safe.h>
|
2014-02-19 12:53:42 +11:00
|
|
|
#include <isc/serial.h>
|
2009-01-27 22:30:00 +00:00
|
|
|
#include <isc/stats.h>
|
2001-05-25 07:39:48 +00:00
|
|
|
#include <isc/stdio.h>
|
2000-05-08 14:38:29 +00:00
|
|
|
#include <isc/string.h>
|
2001-01-22 18:58:36 +00:00
|
|
|
#include <isc/task.h>
|
1999-07-24 01:17:44 +00:00
|
|
|
#include <isc/timer.h>
|
1999-12-16 22:24:22 +00:00
|
|
|
#include <isc/util.h>
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2016-05-05 11:46:11 +02:00
|
|
|
#include <dns/adb.h>
|
2014-09-03 23:28:14 -07:00
|
|
|
#include <dns/badcache.h>
|
2000-10-11 17:44:18 +00:00
|
|
|
#include <dns/db.h>
|
1999-07-24 01:17:44 +00:00
|
|
|
#include <dns/dispatch.h>
|
2015-10-02 12:32:42 -07:00
|
|
|
#include <dns/dnstap.h>
|
2016-05-05 11:46:11 +02:00
|
|
|
#include <dns/cache.h>
|
2014-09-10 15:31:40 +10:00
|
|
|
#include <dns/edns.h>
|
1999-07-24 01:17:44 +00:00
|
|
|
#include <dns/events.h>
|
|
|
|
|
#include <dns/message.h>
|
2006-01-05 00:01:46 +00:00
|
|
|
#include <dns/peer.h>
|
2002-03-05 00:36:44 +00:00
|
|
|
#include <dns/rcode.h>
|
1999-09-02 01:52:31 +00:00
|
|
|
#include <dns/rdata.h>
|
2000-11-15 19:15:25 +00:00
|
|
|
#include <dns/rdataclass.h>
|
1999-09-02 01:52:31 +00:00
|
|
|
#include <dns/rdatalist.h>
|
|
|
|
|
#include <dns/rdataset.h>
|
2006-01-05 00:01:46 +00:00
|
|
|
#include <dns/resolver.h>
|
2008-04-03 05:55:52 +00:00
|
|
|
#include <dns/stats.h>
|
2000-09-12 07:48:28 +00:00
|
|
|
#include <dns/tsig.h>
|
1999-08-05 22:14:43 +00:00
|
|
|
#include <dns/view.h>
|
2000-01-27 01:00:16 +00:00
|
|
|
#include <dns/zone.h>
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
#include <ns/interfacemgr.h>
|
|
|
|
|
#include <ns/log.h>
|
|
|
|
|
#include <ns/notify.h>
|
|
|
|
|
#include <ns/server.h>
|
|
|
|
|
#include <ns/stats.h>
|
|
|
|
|
#include <ns/update.h>
|
2000-02-10 22:16:56 +00:00
|
|
|
|
|
|
|
|
/***
|
|
|
|
|
*** Client
|
|
|
|
|
***/
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*! \file
|
|
|
|
|
* Client Routines
|
|
|
|
|
*
|
2000-02-10 22:16:56 +00:00
|
|
|
* Important note!
|
|
|
|
|
*
|
|
|
|
|
* All client state changes, other than that from idle to listening, occur
|
|
|
|
|
* as a result of events. This guarantees serialization and avoids the
|
|
|
|
|
* need for locking.
|
|
|
|
|
*
|
|
|
|
|
* If a routine is ever created that allows someone other than the client's
|
|
|
|
|
* task to change the client, then the client will have to be locked.
|
|
|
|
|
*/
|
1999-07-24 01:17:44 +00:00
|
|
|
|
|
|
|
|
#define NS_CLIENT_TRACE
|
|
|
|
|
#ifdef NS_CLIENT_TRACE
|
2000-04-04 18:28:51 +00:00
|
|
|
#define CTRACE(m) ns_client_log(client, \
|
1999-10-22 19:35:19 +00:00
|
|
|
NS_LOGCATEGORY_CLIENT, \
|
|
|
|
|
NS_LOGMODULE_CLIENT, \
|
1999-11-23 20:55:02 +00:00
|
|
|
ISC_LOG_DEBUG(3), \
|
2000-04-04 18:28:51 +00:00
|
|
|
"%s", (m))
|
2017-09-08 13:39:09 -07:00
|
|
|
#define MTRACE(m) isc_log_write(ns_lctx, \
|
|
|
|
|
NS_LOGCATEGORY_CLIENT, \
|
1999-10-22 19:35:19 +00:00
|
|
|
NS_LOGMODULE_CLIENT, \
|
1999-11-23 20:55:02 +00:00
|
|
|
ISC_LOG_DEBUG(3), \
|
2000-04-04 18:28:51 +00:00
|
|
|
"clientmgr @%p: %s", manager, (m))
|
2000-03-29 18:57:36 +00:00
|
|
|
#else
|
|
|
|
|
#define CTRACE(m) ((void)(m))
|
|
|
|
|
#define MTRACE(m) ((void)(m))
|
1999-07-24 01:17:44 +00:00
|
|
|
#endif
|
|
|
|
|
|
1999-08-05 01:51:32 +00:00
|
|
|
#define TCP_CLIENT(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
|
|
|
|
|
|
2000-06-22 00:05:11 +00:00
|
|
|
#define TCP_BUFFER_SIZE (65535 + 2)
|
2000-11-16 00:18:13 +00:00
|
|
|
#define SEND_BUFFER_SIZE 4096
|
|
|
|
|
#define RECV_BUFFER_SIZE 4096
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2005-10-16 23:21:25 +00:00
|
|
|
#define NMCTXS 100
|
|
|
|
|
/*%<
|
|
|
|
|
* Number of 'mctx pools' for clients. (Should this be configurable?)
|
|
|
|
|
* When enabling threads, we use a pool of memory contexts shared by
|
|
|
|
|
* client objects, since concurrent access to a shared context would cause
|
|
|
|
|
* heavy contentions. The above constant is expected to be enough for
|
|
|
|
|
* completely avoiding contentions among threads for an authoritative-only
|
|
|
|
|
* server.
|
|
|
|
|
*/
|
|
|
|
|
|
2015-07-06 09:44:24 +10:00
|
|
|
#define COOKIE_SIZE 24U /* 8 + 4 + 4 + 8 */
|
2014-08-28 22:05:57 -07:00
|
|
|
#define ECS_SIZE 20U /* 2 + 1 + 1 + [0..16] */
|
2014-02-19 12:53:42 +11:00
|
|
|
|
2016-02-27 11:23:50 +11:00
|
|
|
#define WANTNSID(x) (((x)->attributes & NS_CLIENTATTR_WANTNSID) != 0)
|
|
|
|
|
#define WANTEXPIRE(x) (((x)->attributes & NS_CLIENTATTR_WANTEXPIRE) != 0)
|
2017-01-04 09:16:30 -08:00
|
|
|
#define WANTPAD(x) (((x)->attributes & NS_CLIENTATTR_WANTPAD) != 0)
|
|
|
|
|
#define USEKEEPALIVE(x) (((x)->attributes & NS_CLIENTATTR_USEKEEPALIVE) != 0)
|
2016-02-27 11:23:50 +11:00
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*% nameserver client manager structure */
|
1999-07-24 01:17:44 +00:00
|
|
|
struct ns_clientmgr {
|
|
|
|
|
/* Unlocked. */
|
|
|
|
|
unsigned int magic;
|
2011-10-10 22:57:14 +00:00
|
|
|
|
|
|
|
|
/* The queue object has its own locks */
|
|
|
|
|
client_queue_t inactive; /*%< To be recycled */
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
isc_mem_t * mctx;
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_server_t * sctx;
|
1999-07-24 01:17:44 +00:00
|
|
|
isc_taskmgr_t * taskmgr;
|
|
|
|
|
isc_timermgr_t * timermgr;
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_task_t * excl;
|
2011-10-10 22:57:14 +00:00
|
|
|
|
|
|
|
|
/* Lock covers manager state. */
|
1999-07-24 01:17:44 +00:00
|
|
|
isc_mutex_t lock;
|
2018-04-17 08:29:14 -07:00
|
|
|
bool exiting;
|
2011-10-10 22:57:14 +00:00
|
|
|
|
|
|
|
|
/* Lock covers the clients list */
|
|
|
|
|
isc_mutex_t listlock;
|
|
|
|
|
client_list_t clients; /*%< All active clients */
|
|
|
|
|
|
|
|
|
|
/* Lock covers the recursing list */
|
|
|
|
|
isc_mutex_t reclock;
|
|
|
|
|
client_list_t recursing; /*%< Recursing clients */
|
|
|
|
|
|
2005-10-16 23:21:25 +00:00
|
|
|
#if NMCTXS > 0
|
|
|
|
|
/*%< mctx pool for clients. */
|
|
|
|
|
unsigned int nextmctx;
|
|
|
|
|
isc_mem_t * mctxpool[NMCTXS];
|
|
|
|
|
#endif
|
1999-07-24 01:17:44 +00:00
|
|
|
};
|
|
|
|
|
|
2001-06-04 19:33:39 +00:00
|
|
|
#define MANAGER_MAGIC ISC_MAGIC('N', 'S', 'C', 'm')
|
|
|
|
|
#define VALID_MANAGER(m) ISC_MAGIC_VALID(m, MANAGER_MAGIC)
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2008-01-18 23:46:58 +00:00
|
|
|
/*!
|
2000-02-10 22:16:56 +00:00
|
|
|
* Client object states. Ordering is significant: higher-numbered
|
|
|
|
|
* states are generally "more active", meaning that the client can
|
|
|
|
|
* have more dynamically allocated data, outstanding events, etc.
|
|
|
|
|
* In the list below, any such properties listed for state N
|
|
|
|
|
* also apply to any state > N.
|
|
|
|
|
*
|
|
|
|
|
* To force the client into a less active state, set client->newstate
|
|
|
|
|
* to that state and call exit_check(). This will cause any
|
|
|
|
|
* activities defined for higher-numbered states to be aborted.
|
|
|
|
|
*/
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
#define NS_CLIENTSTATE_FREED 0
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%<
|
2000-02-10 22:16:56 +00:00
|
|
|
* The client object no longer exists.
|
|
|
|
|
*/
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
#define NS_CLIENTSTATE_INACTIVE 1
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%<
|
2000-08-01 01:33:37 +00:00
|
|
|
* The client object exists and has a task and timer.
|
2000-02-10 22:16:56 +00:00
|
|
|
* Its "query" struct and sendbuf are initialized.
|
|
|
|
|
* It is on the client manager's list of inactive clients.
|
|
|
|
|
* It has a message and OPT, both in the reset state.
|
|
|
|
|
*/
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
#define NS_CLIENTSTATE_READY 2
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%<
|
2000-02-10 22:16:56 +00:00
|
|
|
* The client object is either a TCP or a UDP one, and
|
|
|
|
|
* it is associated with a network interface. It is on the
|
|
|
|
|
* client manager's list of active clients.
|
1999-07-24 01:17:44 +00:00
|
|
|
*
|
2000-02-10 22:16:56 +00:00
|
|
|
* If it is a TCP client object, it has a TCP listener socket
|
2001-01-27 02:08:07 +00:00
|
|
|
* and an outstanding TCP listen request.
|
1999-07-24 01:17:44 +00:00
|
|
|
*
|
2001-01-27 02:08:07 +00:00
|
|
|
* If it is a UDP client object, it has a UDP listener socket
|
|
|
|
|
* and an outstanding UDP receive request.
|
1999-07-24 01:17:44 +00:00
|
|
|
*/
|
|
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
#define NS_CLIENTSTATE_READING 3
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%<
|
2000-02-10 22:16:56 +00:00
|
|
|
* The client object is a TCP client object that has received
|
2000-08-01 01:33:37 +00:00
|
|
|
* a connection. It has a tcpsocket, tcpmsg, TCP quota, and an
|
2000-02-10 22:16:56 +00:00
|
|
|
* outstanding TCP read request. This state is not used for
|
|
|
|
|
* UDP client objects.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#define NS_CLIENTSTATE_WORKING 4
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%<
|
2000-02-10 22:16:56 +00:00
|
|
|
* The client object has received a request and is working
|
2001-10-12 23:54:03 +00:00
|
|
|
* on it. It has a view, and it may have any of a non-reset OPT,
|
2001-01-27 02:08:07 +00:00
|
|
|
* recursion quota, and an outstanding write request.
|
2000-08-01 01:33:37 +00:00
|
|
|
*/
|
2000-02-10 22:16:56 +00:00
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
#define NS_CLIENTSTATE_RECURSING 5
|
|
|
|
|
/*%<
|
|
|
|
|
* The client object is recursing. It will be on the 'recursing'
|
|
|
|
|
* list.
|
|
|
|
|
*/
|
|
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
#define NS_CLIENTSTATE_MAX 9
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%<
|
2000-02-10 22:16:56 +00:00
|
|
|
* Sentinel value used to indicate "no state". When client->newstate
|
|
|
|
|
* has this value, we are not attempting to exit the current state.
|
|
|
|
|
* Must be greater than any valid state.
|
|
|
|
|
*/
|
|
|
|
|
|
2006-01-04 05:06:10 +00:00
|
|
|
/*
|
|
|
|
|
* Enable ns_client_dropport() by default.
|
|
|
|
|
*/
|
|
|
|
|
#ifndef NS_CLIENT_DROPPORT
|
|
|
|
|
#define NS_CLIENT_DROPPORT 1
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
LIBNS_EXTERNAL_DATA unsigned int ns_client_requests;
|
2000-02-10 22:16:56 +00:00
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
static void read_settimeout(ns_client_t *client, bool newconn);
|
|
|
|
|
static void client_read(ns_client_t *client, bool newconn);
|
2000-02-10 22:16:56 +00:00
|
|
|
static void client_accept(ns_client_t *client);
|
2001-01-27 02:08:07 +00:00
|
|
|
static void client_udprecv(ns_client_t *client);
|
2000-02-10 22:16:56 +00:00
|
|
|
static void clientmgr_destroy(ns_clientmgr_t *manager);
|
2018-04-17 08:29:14 -07:00
|
|
|
static bool exit_check(ns_client_t *client);
|
2000-02-10 22:16:56 +00:00
|
|
|
static void ns_client_endrequest(ns_client_t *client);
|
2000-07-26 17:39:12 +00:00
|
|
|
static void client_start(isc_task_t *task, isc_event_t *event);
|
2001-05-25 07:39:48 +00:00
|
|
|
static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
|
2011-10-04 16:04:22 +00:00
|
|
|
static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
|
2019-02-06 11:27:11 -08:00
|
|
|
dns_dispatch_t *disp, bool tcp);
|
2015-01-20 16:10:30 -08:00
|
|
|
static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp,
|
2019-01-04 12:50:51 +01:00
|
|
|
isc_socket_t *sock, ns_client_t *oldclient);
|
2018-03-28 14:19:37 +02:00
|
|
|
static void compute_cookie(ns_client_t *client, uint32_t when,
|
|
|
|
|
uint32_t nonce, const unsigned char *secret,
|
2017-09-05 09:19:45 +10:00
|
|
|
isc_buffer_t *buf);
|
2000-01-15 00:36:26 +00:00
|
|
|
|
2001-10-24 03:10:18 +00:00
|
|
|
void
|
2005-07-27 02:29:01 +00:00
|
|
|
ns_client_recursing(ns_client_t *client) {
|
2001-10-24 03:10:18 +00:00
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
2011-10-10 22:57:14 +00:00
|
|
|
REQUIRE(client->state == NS_CLIENTSTATE_WORKING);
|
2001-10-24 03:10:18 +00:00
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
LOCK(&client->manager->reclock);
|
2012-03-15 11:33:43 +11:00
|
|
|
client->newstate = client->state = NS_CLIENTSTATE_RECURSING;
|
2011-11-09 22:05:09 +00:00
|
|
|
ISC_LIST_APPEND(client->manager->recursing, client, rlink);
|
2011-10-10 22:57:14 +00:00
|
|
|
UNLOCK(&client->manager->reclock);
|
2001-10-24 03:10:18 +00:00
|
|
|
}
|
|
|
|
|
|
2005-07-27 02:29:01 +00:00
|
|
|
void
|
|
|
|
|
ns_client_killoldestquery(ns_client_t *client) {
|
|
|
|
|
ns_client_t *oldest;
|
|
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
LOCK(&client->manager->reclock);
|
2005-07-27 02:29:01 +00:00
|
|
|
oldest = ISC_LIST_HEAD(client->manager->recursing);
|
|
|
|
|
if (oldest != NULL) {
|
2011-10-10 22:57:14 +00:00
|
|
|
ISC_LIST_UNLINK(client->manager->recursing, oldest, rlink);
|
|
|
|
|
UNLOCK(&client->manager->reclock);
|
2005-07-27 02:29:01 +00:00
|
|
|
ns_query_cancel(oldest);
|
2011-10-10 22:57:14 +00:00
|
|
|
} else
|
|
|
|
|
UNLOCK(&client->manager->reclock);
|
2005-07-27 02:29:01 +00:00
|
|
|
}
|
|
|
|
|
|
2001-01-29 19:49:52 +00:00
|
|
|
void
|
|
|
|
|
ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
|
2000-02-14 23:56:47 +00:00
|
|
|
isc_result_t result;
|
|
|
|
|
isc_interval_t interval;
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-02-14 23:56:47 +00:00
|
|
|
isc_interval_set(&interval, seconds, 0);
|
|
|
|
|
result = isc_timer_reset(client->timer, isc_timertype_once, NULL,
|
2018-04-17 08:29:14 -07:00
|
|
|
&interval, false);
|
|
|
|
|
client->timerset = true;
|
2000-02-14 23:56:47 +00:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2000-04-04 18:28:51 +00:00
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
2000-02-14 23:56:47 +00:00
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
|
2000-07-13 00:21:27 +00:00
|
|
|
"setting timeout: %s",
|
2000-02-14 23:56:47 +00:00
|
|
|
isc_result_totext(result));
|
|
|
|
|
/* Continue anyway. */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-04 09:16:30 -08:00
|
|
|
static void
|
2018-04-17 08:29:14 -07:00
|
|
|
read_settimeout(ns_client_t *client, bool newconn) {
|
2017-01-04 09:16:30 -08:00
|
|
|
isc_result_t result;
|
|
|
|
|
isc_interval_t interval;
|
|
|
|
|
unsigned int ds;
|
|
|
|
|
|
|
|
|
|
if (newconn)
|
2017-09-08 13:39:09 -07:00
|
|
|
ds = client->sctx->initialtimo;
|
2017-01-04 09:16:30 -08:00
|
|
|
else if (USEKEEPALIVE(client))
|
2017-09-08 13:39:09 -07:00
|
|
|
ds = client->sctx->keepalivetimo;
|
2017-01-04 09:16:30 -08:00
|
|
|
else
|
2017-09-08 13:39:09 -07:00
|
|
|
ds = client->sctx->idletimo;
|
2017-01-04 09:16:30 -08:00
|
|
|
|
|
|
|
|
isc_interval_set(&interval, ds / 10, 100000000 * (ds % 10));
|
|
|
|
|
result = isc_timer_reset(client->timer, isc_timertype_once, NULL,
|
2018-04-17 08:29:14 -07:00
|
|
|
&interval, false);
|
|
|
|
|
client->timerset = true;
|
2017-01-04 09:16:30 -08:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
|
|
|
|
|
"setting timeout: %s",
|
|
|
|
|
isc_result_totext(result));
|
|
|
|
|
/* Continue anyway. */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-17 15:53:38 +01:00
|
|
|
/*%
|
2019-02-06 11:27:11 -08:00
|
|
|
* Allocate a reference-counted object that will maintain a single pointer to
|
|
|
|
|
* the (also reference-counted) TCP client quota, shared between all the
|
|
|
|
|
* clients processing queries on a single TCP connection, so that all
|
|
|
|
|
* clients sharing the one socket will together consume only one slot in
|
|
|
|
|
* the 'tcp-clients' quota.
|
2019-01-17 15:53:38 +01:00
|
|
|
*/
|
2019-02-06 11:27:11 -08:00
|
|
|
static isc_result_t
|
|
|
|
|
tcpconn_init(ns_client_t *client, bool force) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
isc_quota_t *quota = NULL;
|
|
|
|
|
ns_tcpconn_t *tconn = NULL;
|
2019-01-17 15:53:38 +01:00
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
REQUIRE(client->tcpconn == NULL);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Try to attach to the quota first, so we won't pointlessly
|
|
|
|
|
* allocate memory for a tcpconn object if we can't get one.
|
|
|
|
|
*/
|
|
|
|
|
if (force) {
|
|
|
|
|
result = isc_quota_force(&client->sctx->tcpquota, "a);
|
|
|
|
|
} else {
|
|
|
|
|
result = isc_quota_attach(&client->sctx->tcpquota, "a);
|
|
|
|
|
}
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
2019-01-17 15:53:38 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* A global memory context is used for the allocation as different
|
|
|
|
|
* client structures may have different memory contexts assigned and a
|
|
|
|
|
* reference counter allocated here might need to be freed by a
|
|
|
|
|
* different client. The performance impact caused by memory context
|
|
|
|
|
* contention here is expected to be negligible, given that this code
|
|
|
|
|
* is only executed for TCP connections.
|
|
|
|
|
*/
|
2019-02-06 11:27:11 -08:00
|
|
|
tconn = isc_mem_allocate(client->sctx->mctx, sizeof(*tconn));
|
|
|
|
|
|
|
|
|
|
isc_refcount_init(&tconn->refs, 1);
|
|
|
|
|
tconn->tcpquota = quota;
|
|
|
|
|
quota = NULL;
|
|
|
|
|
tconn->pipelined = false;
|
|
|
|
|
|
|
|
|
|
client->tcpconn = tconn;
|
|
|
|
|
|
|
|
|
|
return (ISC_R_SUCCESS);
|
2019-01-17 15:53:38 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*%
|
2019-02-06 11:27:11 -08:00
|
|
|
* Increase the count of client structures sharing the TCP connection
|
|
|
|
|
* that 'source' is associated with; add a pointer to the same tcpconn
|
|
|
|
|
* to 'target', thus associating it with the same TCP connection.
|
2019-01-17 15:53:38 +01:00
|
|
|
*/
|
|
|
|
|
static void
|
2019-02-06 11:27:11 -08:00
|
|
|
tcpconn_attach(ns_client_t *source, ns_client_t *target) {
|
2019-01-17 15:53:38 +01:00
|
|
|
int old_refs;
|
|
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
REQUIRE(source->tcpconn != NULL);
|
|
|
|
|
REQUIRE(target->tcpconn == NULL);
|
|
|
|
|
REQUIRE(source->tcpconn->pipelined);
|
2019-01-17 15:53:38 +01:00
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
old_refs = isc_refcount_increment(&source->tcpconn->refs);
|
2019-01-17 15:53:38 +01:00
|
|
|
INSIST(old_refs > 0);
|
2019-02-06 11:27:11 -08:00
|
|
|
target->tcpconn = source->tcpconn;
|
2019-01-17 15:53:38 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*%
|
2019-02-06 11:27:11 -08:00
|
|
|
* Decrease the count of client structures sharing the TCP connection that
|
2019-01-17 15:53:38 +01:00
|
|
|
* 'client' is associated with. If this is the last client using this TCP
|
2019-02-06 11:27:11 -08:00
|
|
|
* connection, we detach from the TCP quota and free the tcpconn
|
|
|
|
|
* object. Either way, client->tcpconn is set to NULL.
|
2019-01-17 15:53:38 +01:00
|
|
|
*/
|
2019-02-06 11:27:11 -08:00
|
|
|
static void
|
|
|
|
|
tcpconn_detach(ns_client_t *client) {
|
|
|
|
|
ns_tcpconn_t *tconn = NULL;
|
2019-01-17 15:53:38 +01:00
|
|
|
int old_refs;
|
|
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
REQUIRE(client->tcpconn != NULL);
|
2019-01-17 15:53:38 +01:00
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
tconn = client->tcpconn;
|
|
|
|
|
client->tcpconn = NULL;
|
2019-01-17 15:53:38 +01:00
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
old_refs = isc_refcount_decrement(&tconn->refs);
|
2019-01-17 15:53:38 +01:00
|
|
|
INSIST(old_refs > 0);
|
|
|
|
|
|
|
|
|
|
if (old_refs == 1) {
|
2019-02-06 11:27:11 -08:00
|
|
|
isc_quota_detach(&tconn->tcpquota);
|
|
|
|
|
isc_mem_free(client->sctx->mctx, tconn);
|
2019-01-17 15:53:38 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
/*%
|
|
|
|
|
* Mark a client as active and increment the interface's 'ntcpactive'
|
|
|
|
|
* counter, as a signal that there is at least one client servicing
|
|
|
|
|
* TCP queries for the interface. If we reach the TCP client quota at
|
|
|
|
|
* some point, this will be used to determine whether a quota overrun
|
|
|
|
|
* should be permitted.
|
2019-02-06 11:26:36 -08:00
|
|
|
*
|
2019-02-06 11:27:11 -08:00
|
|
|
* Marking the client active with the 'tcpactive' flag ensures proper
|
|
|
|
|
* accounting, by preventing us from incrementing or decrementing
|
|
|
|
|
* 'ntcpactive' more than once per client.
|
2019-02-06 11:26:36 -08:00
|
|
|
*/
|
|
|
|
|
static void
|
2019-02-06 11:27:11 -08:00
|
|
|
mark_tcp_active(ns_client_t *client, bool active) {
|
|
|
|
|
if (active && !client->tcpactive) {
|
|
|
|
|
atomic_fetch_add(&client->interface->ntcpactive, 1);
|
|
|
|
|
client->tcpactive = active;
|
|
|
|
|
} else if (!active && client->tcpactive) {
|
|
|
|
|
uint32_t old =
|
|
|
|
|
atomic_fetch_sub(&client->interface->ntcpactive, 1);
|
|
|
|
|
INSIST(old > 0);
|
|
|
|
|
client->tcpactive = active;
|
2019-02-06 11:26:36 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2000-02-10 22:16:56 +00:00
|
|
|
* Check for a deactivation or shutdown request and take appropriate
|
2018-04-17 08:29:14 -07:00
|
|
|
* action. Returns true if either is in progress; in this case
|
2000-02-10 22:16:56 +00:00
|
|
|
* the caller must no longer use the client object as it may have been
|
|
|
|
|
* freed.
|
|
|
|
|
*/
|
2018-04-17 08:29:14 -07:00
|
|
|
static bool
|
2000-02-10 22:16:56 +00:00
|
|
|
exit_check(ns_client_t *client) {
|
2018-04-17 08:29:14 -07:00
|
|
|
bool destroy_manager = false;
|
2011-10-10 22:57:14 +00:00
|
|
|
ns_clientmgr_t *manager = NULL;
|
2001-11-14 22:00:22 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
2011-10-10 22:57:14 +00:00
|
|
|
manager = client->manager;
|
2000-02-10 22:16:56 +00:00
|
|
|
|
|
|
|
|
if (client->state <= client->newstate)
|
2018-04-17 08:29:14 -07:00
|
|
|
return (false); /* Business as usual. */
|
2000-02-10 22:16:56 +00:00
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
INSIST(client->newstate < NS_CLIENTSTATE_RECURSING);
|
2000-02-14 23:56:47 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
/*
|
|
|
|
|
* We need to detach from the view early when shutting down
|
|
|
|
|
* the server to break the following vicious circle:
|
|
|
|
|
*
|
|
|
|
|
* - The resolver will not shut down until the view refcount is zero
|
|
|
|
|
* - The view refcount does not go to zero until all clients detach
|
2000-02-11 20:56:19 +00:00
|
|
|
* - The client does not detach from the view until references is zero
|
|
|
|
|
* - references does not go to zero until the resolver has shut down
|
2000-02-10 22:16:56 +00:00
|
|
|
*
|
2004-07-23 02:57:27 +00:00
|
|
|
* Keep the view attached until any outstanding updates complete.
|
2000-02-10 22:16:56 +00:00
|
|
|
*/
|
2008-01-18 23:46:58 +00:00
|
|
|
if (client->nupdates == 0 &&
|
2004-07-23 02:57:27 +00:00
|
|
|
client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL)
|
2000-08-01 01:33:37 +00:00
|
|
|
dns_view_detach(&client->view);
|
2000-02-10 22:16:56 +00:00
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
if (client->state == NS_CLIENTSTATE_WORKING ||
|
|
|
|
|
client->state == NS_CLIENTSTATE_RECURSING)
|
|
|
|
|
{
|
2000-02-10 22:16:56 +00:00
|
|
|
INSIST(client->newstate <= NS_CLIENTSTATE_READING);
|
2004-07-23 02:57:27 +00:00
|
|
|
/*
|
|
|
|
|
* Let the update processing complete.
|
|
|
|
|
*/
|
|
|
|
|
if (client->nupdates > 0)
|
2018-04-17 08:29:14 -07:00
|
|
|
return (true);
|
2011-10-10 22:57:14 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
/*
|
|
|
|
|
* We are trying to abort request processing.
|
|
|
|
|
*/
|
|
|
|
|
if (client->nsends > 0) {
|
2015-02-27 10:55:55 +11:00
|
|
|
isc_socket_t *sock;
|
2000-02-10 22:16:56 +00:00
|
|
|
if (TCP_CLIENT(client))
|
2015-02-27 10:55:55 +11:00
|
|
|
sock = client->tcpsocket;
|
2000-02-10 22:16:56 +00:00
|
|
|
else
|
2015-02-27 10:55:55 +11:00
|
|
|
sock = client->udpsocket;
|
|
|
|
|
isc_socket_cancel(sock, client->task,
|
2000-02-10 22:16:56 +00:00
|
|
|
ISC_SOCKCANCEL_SEND);
|
|
|
|
|
}
|
2000-02-14 23:56:47 +00:00
|
|
|
|
2001-01-27 02:08:07 +00:00
|
|
|
if (! (client->nsends == 0 && client->nrecvs == 0 &&
|
|
|
|
|
client->references == 0))
|
|
|
|
|
{
|
2000-02-10 22:16:56 +00:00
|
|
|
/*
|
|
|
|
|
* Still waiting for I/O cancel completion.
|
|
|
|
|
* or lingering references.
|
|
|
|
|
*/
|
2018-04-17 08:29:14 -07:00
|
|
|
return (true);
|
2000-02-10 22:16:56 +00:00
|
|
|
}
|
2011-10-10 22:57:14 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
/*
|
|
|
|
|
* I/O cancel is complete. Burn down all state
|
2006-06-04 23:59:33 +00:00
|
|
|
* related to the current request. Ensure that
|
2011-10-10 22:57:14 +00:00
|
|
|
* the client is no longer on the recursing list.
|
2011-11-07 23:03:09 +00:00
|
|
|
*
|
|
|
|
|
* We need to check whether the client is still linked,
|
|
|
|
|
* because it may already have been removed from the
|
|
|
|
|
* recursing list by ns_client_killoldestquery()
|
2000-02-10 22:16:56 +00:00
|
|
|
*/
|
2011-10-10 22:57:14 +00:00
|
|
|
if (client->state == NS_CLIENTSTATE_RECURSING) {
|
|
|
|
|
LOCK(&manager->reclock);
|
2011-11-07 23:03:09 +00:00
|
|
|
if (ISC_LINK_LINKED(client, rlink))
|
|
|
|
|
ISC_LIST_UNLINK(manager->recursing,
|
|
|
|
|
client, rlink);
|
2011-10-10 22:57:14 +00:00
|
|
|
UNLOCK(&manager->reclock);
|
2006-06-04 23:59:33 +00:00
|
|
|
}
|
2000-02-10 22:16:56 +00:00
|
|
|
ns_client_endrequest(client);
|
|
|
|
|
|
|
|
|
|
client->state = NS_CLIENTSTATE_READING;
|
2000-11-27 23:54:12 +00:00
|
|
|
INSIST(client->recursionquota == NULL);
|
2011-10-10 22:57:14 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
if (NS_CLIENTSTATE_READING == client->newstate) {
|
2019-02-06 11:27:11 -08:00
|
|
|
INSIST(client->tcpconn != NULL);
|
|
|
|
|
if (!client->tcpconn->pipelined) {
|
2018-04-17 08:29:14 -07:00
|
|
|
client_read(client, false);
|
2015-01-20 16:10:30 -08:00
|
|
|
client->newstate = NS_CLIENTSTATE_MAX;
|
2018-04-17 08:29:14 -07:00
|
|
|
return (true); /* We're done. */
|
2015-01-20 16:10:30 -08:00
|
|
|
} else if (client->mortal) {
|
|
|
|
|
client->newstate = NS_CLIENTSTATE_INACTIVE;
|
2015-08-14 08:34:54 -07:00
|
|
|
} else
|
2018-04-17 08:29:14 -07:00
|
|
|
return (false);
|
2000-02-10 22:16:56 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (client->state == NS_CLIENTSTATE_READING) {
|
|
|
|
|
/*
|
|
|
|
|
* We are trying to abort the current TCP connection,
|
|
|
|
|
* if any.
|
|
|
|
|
*/
|
2000-11-27 23:54:12 +00:00
|
|
|
INSIST(client->recursionquota == NULL);
|
2000-02-10 22:16:56 +00:00
|
|
|
INSIST(client->newstate <= NS_CLIENTSTATE_READY);
|
2019-01-04 12:50:51 +01:00
|
|
|
|
|
|
|
|
if (client->nreads > 0) {
|
2000-02-10 22:16:56 +00:00
|
|
|
dns_tcpmsg_cancelread(&client->tcpmsg);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
|
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
/* Still waiting for read cancel completion. */
|
|
|
|
|
if (client->nreads > 0) {
|
2018-04-17 08:29:14 -07:00
|
|
|
return (true);
|
2000-02-10 22:16:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (client->tcpmsg_valid) {
|
|
|
|
|
dns_tcpmsg_invalidate(&client->tcpmsg);
|
2018-04-17 08:29:14 -07:00
|
|
|
client->tcpmsg_valid = false;
|
2000-02-10 22:16:56 +00:00
|
|
|
}
|
2019-01-04 12:50:51 +01:00
|
|
|
|
2019-02-06 11:26:36 -08:00
|
|
|
/*
|
2019-02-06 11:27:11 -08:00
|
|
|
* Soon the client will be ready to accept a new TCP
|
|
|
|
|
* connection or UDP request, but we may have enough
|
|
|
|
|
* clients doing that already. Check whether this client
|
|
|
|
|
* needs to remain active and allow it go inactive if
|
|
|
|
|
* not.
|
2019-02-06 11:26:36 -08:00
|
|
|
*
|
2019-02-06 11:27:11 -08:00
|
|
|
* UDP clients always go inactive at this point, but a TCP
|
|
|
|
|
* client may need to stay active and return to READY
|
|
|
|
|
* state if no other clients are available to listen
|
|
|
|
|
* for TCP requests on this interface.
|
2019-02-06 11:26:36 -08:00
|
|
|
*
|
2019-02-06 11:27:11 -08:00
|
|
|
* Regardless, if we're going to FREED state, that means
|
|
|
|
|
* the system is shutting down and we don't need to
|
|
|
|
|
* retain clients.
|
2019-02-06 11:26:36 -08:00
|
|
|
*/
|
2019-02-06 11:27:11 -08:00
|
|
|
if (client->mortal && TCP_CLIENT(client) &&
|
|
|
|
|
client->newstate != NS_CLIENTSTATE_FREED &&
|
|
|
|
|
(client->sctx->options & NS_SERVER_CLIENTTEST) == 0 &&
|
|
|
|
|
atomic_load(&client->interface->ntcpaccepting) == 0)
|
|
|
|
|
{
|
|
|
|
|
/* Nobody else is accepting */
|
|
|
|
|
client->mortal = false;
|
|
|
|
|
client->newstate = NS_CLIENTSTATE_READY;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Detach from TCP connection and TCP client quota,
|
|
|
|
|
* if appropriate. If this is the last reference to
|
|
|
|
|
* the TCP connection in our pipeline group, the
|
|
|
|
|
* TCP quota slot will be released.
|
|
|
|
|
*/
|
|
|
|
|
if (client->tcpconn) {
|
|
|
|
|
tcpconn_detach(client);
|
2019-01-17 15:53:38 +01:00
|
|
|
}
|
|
|
|
|
|
2000-04-20 17:07:46 +00:00
|
|
|
if (client->tcpsocket != NULL) {
|
|
|
|
|
CTRACE("closetcp");
|
2000-02-10 22:16:56 +00:00
|
|
|
isc_socket_detach(&client->tcpsocket);
|
2019-02-06 11:27:11 -08:00
|
|
|
mark_tcp_active(client, false);
|
2000-04-20 17:07:46 +00:00
|
|
|
}
|
2000-02-10 22:16:56 +00:00
|
|
|
|
2001-01-29 19:49:52 +00:00
|
|
|
if (client->timerset) {
|
2001-11-14 19:11:06 +00:00
|
|
|
(void)isc_timer_reset(client->timer,
|
|
|
|
|
isc_timertype_inactive,
|
2018-04-17 08:29:14 -07:00
|
|
|
NULL, NULL, true);
|
|
|
|
|
client->timerset = false;
|
2001-01-29 19:49:52 +00:00
|
|
|
}
|
2000-03-06 17:35:13 +00:00
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
client->peeraddr_valid = false;
|
2000-04-04 18:28:51 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
client->state = NS_CLIENTSTATE_READY;
|
2019-02-06 11:26:36 -08:00
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
/*
|
|
|
|
|
* We don't need the client; send it to the inactive
|
|
|
|
|
* queue for recycling.
|
|
|
|
|
*/
|
|
|
|
|
if (client->mortal) {
|
2019-01-04 12:50:51 +01:00
|
|
|
if (client->newstate > NS_CLIENTSTATE_INACTIVE) {
|
2011-10-10 22:57:14 +00:00
|
|
|
client->newstate = NS_CLIENTSTATE_INACTIVE;
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
2011-10-10 22:57:14 +00:00
|
|
|
}
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
if (NS_CLIENTSTATE_READY == client->newstate) {
|
|
|
|
|
if (TCP_CLIENT(client)) {
|
|
|
|
|
client_accept(client);
|
2019-01-04 12:50:51 +01:00
|
|
|
} else {
|
2001-01-27 02:08:07 +00:00
|
|
|
client_udprecv(client);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
2000-02-10 22:16:56 +00:00
|
|
|
client->newstate = NS_CLIENTSTATE_MAX;
|
2018-04-17 08:29:14 -07:00
|
|
|
return (true);
|
2000-02-10 22:16:56 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (client->state == NS_CLIENTSTATE_READY) {
|
2000-08-01 01:33:37 +00:00
|
|
|
INSIST(client->newstate <= NS_CLIENTSTATE_INACTIVE);
|
2011-10-10 22:57:14 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
/*
|
|
|
|
|
* We are trying to enter the inactive state.
|
|
|
|
|
*/
|
2019-01-04 12:50:51 +01:00
|
|
|
if (client->naccepts > 0) {
|
2000-02-10 22:16:56 +00:00
|
|
|
isc_socket_cancel(client->tcplistener, client->task,
|
|
|
|
|
ISC_SOCKCANCEL_ACCEPT);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
/* Still waiting for accept cancel completion. */
|
2019-02-06 11:27:11 -08:00
|
|
|
if (client->naccepts > 0) {
|
2018-04-17 08:29:14 -07:00
|
|
|
return (true);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
2001-01-27 02:08:07 +00:00
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
/* Accept cancel is complete. */
|
2019-01-04 12:50:51 +01:00
|
|
|
if (client->nrecvs > 0) {
|
2001-01-27 02:08:07 +00:00
|
|
|
isc_socket_cancel(client->udpsocket, client->task,
|
|
|
|
|
ISC_SOCKCANCEL_RECV);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
2011-10-10 22:57:14 +00:00
|
|
|
|
|
|
|
|
/* Still waiting for recv cancel completion. */
|
2019-02-06 11:27:11 -08:00
|
|
|
if (client->nrecvs > 0) {
|
2018-04-17 08:29:14 -07:00
|
|
|
return (true);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
2001-01-27 02:08:07 +00:00
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
/* Still waiting for control event to be delivered */
|
2019-01-04 12:50:51 +01:00
|
|
|
if (client->nctls > 0) {
|
2018-04-17 08:29:14 -07:00
|
|
|
return (true);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
2001-11-14 22:00:22 +00:00
|
|
|
|
|
|
|
|
INSIST(client->naccepts == 0);
|
|
|
|
|
INSIST(client->recursionquota == NULL);
|
2019-01-04 12:50:51 +01:00
|
|
|
if (client->tcplistener != NULL) {
|
2001-11-14 22:00:22 +00:00
|
|
|
isc_socket_detach(&client->tcplistener);
|
2019-02-06 11:27:11 -08:00
|
|
|
mark_tcp_active(client, false);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
|
|
|
|
if (client->udpsocket != NULL) {
|
2001-11-14 22:00:22 +00:00
|
|
|
isc_socket_detach(&client->udpsocket);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Deactivate the client. */
|
|
|
|
|
if (client->interface != NULL) {
|
|
|
|
|
ns_interface_detach(&client->interface);
|
|
|
|
|
}
|
2001-11-14 22:00:22 +00:00
|
|
|
|
2019-01-04 12:50:51 +01:00
|
|
|
if (client->dispatch != NULL) {
|
2001-11-14 22:00:22 +00:00
|
|
|
dns_dispatch_detach(&client->dispatch);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
2001-11-14 22:00:22 +00:00
|
|
|
|
|
|
|
|
client->attributes = 0;
|
2018-04-17 08:29:14 -07:00
|
|
|
client->mortal = false;
|
2017-09-08 13:39:09 -07:00
|
|
|
client->sendcb = NULL;
|
2001-11-14 22:00:22 +00:00
|
|
|
|
2017-10-06 13:01:14 +11:00
|
|
|
if (client->keytag != NULL) {
|
|
|
|
|
isc_mem_put(client->mctx, client->keytag,
|
|
|
|
|
client->keytag_len);
|
|
|
|
|
client->keytag_len = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2001-11-14 22:00:22 +00:00
|
|
|
/*
|
|
|
|
|
* Put the client on the inactive list. If we are aiming for
|
|
|
|
|
* the "freed" state, it will be removed from the inactive
|
|
|
|
|
* list shortly, and we need to keep the manager locked until
|
|
|
|
|
* that has been done, lest the manager decide to reactivate
|
|
|
|
|
* the dying client inbetween.
|
|
|
|
|
*/
|
2011-11-09 22:05:09 +00:00
|
|
|
client->state = NS_CLIENTSTATE_INACTIVE;
|
2000-11-27 23:54:12 +00:00
|
|
|
INSIST(client->recursionquota == NULL);
|
2001-11-14 22:00:22 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
if (client->state == client->newstate) {
|
|
|
|
|
client->newstate = NS_CLIENTSTATE_MAX;
|
2017-09-08 13:39:09 -07:00
|
|
|
if ((client->sctx->options &
|
|
|
|
|
NS_SERVER_CLIENTTEST) == 0 &&
|
|
|
|
|
manager != NULL && !manager->exiting)
|
|
|
|
|
{
|
2012-08-22 19:19:30 +10:00
|
|
|
ISC_QUEUE_PUSH(manager->inactive, client,
|
|
|
|
|
ilink);
|
2017-09-08 13:39:09 -07:00
|
|
|
}
|
2019-01-04 12:50:51 +01:00
|
|
|
if (client->needshutdown) {
|
2008-01-02 05:03:07 +00:00
|
|
|
isc_task_shutdown(client->task);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
2018-04-17 08:29:14 -07:00
|
|
|
return (true);
|
2000-02-10 22:16:56 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (client->state == NS_CLIENTSTATE_INACTIVE) {
|
|
|
|
|
INSIST(client->newstate == NS_CLIENTSTATE_FREED);
|
|
|
|
|
/*
|
|
|
|
|
* We are trying to free the client.
|
2001-11-14 22:00:22 +00:00
|
|
|
*
|
|
|
|
|
* When "shuttingdown" is true, either the task has received
|
|
|
|
|
* its shutdown event or no shutdown event has ever been
|
|
|
|
|
* set up. Thus, we have no outstanding shutdown
|
|
|
|
|
* event at this point.
|
2000-02-10 22:16:56 +00:00
|
|
|
*/
|
2001-11-14 22:00:22 +00:00
|
|
|
REQUIRE(client->state == NS_CLIENTSTATE_INACTIVE);
|
|
|
|
|
|
|
|
|
|
INSIST(client->recursionquota == NULL);
|
2012-08-22 19:19:30 +10:00
|
|
|
INSIST(!ISC_QLINK_LINKED(client, ilink));
|
2001-11-14 22:00:22 +00:00
|
|
|
|
2015-02-03 11:42:58 +05:30
|
|
|
if (manager != NULL) {
|
|
|
|
|
LOCK(&manager->listlock);
|
|
|
|
|
ISC_LIST_UNLINK(manager->clients, client, link);
|
|
|
|
|
LOCK(&manager->lock);
|
|
|
|
|
if (manager->exiting &&
|
|
|
|
|
ISC_LIST_EMPTY(manager->clients))
|
2018-04-17 08:29:14 -07:00
|
|
|
destroy_manager = true;
|
2015-02-03 11:42:58 +05:30
|
|
|
UNLOCK(&manager->lock);
|
|
|
|
|
UNLOCK(&manager->listlock);
|
|
|
|
|
}
|
|
|
|
|
|
2001-11-14 22:00:22 +00:00
|
|
|
ns_query_free(client);
|
|
|
|
|
isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
|
|
|
|
|
isc_event_free((isc_event_t **)&client->sendevent);
|
|
|
|
|
isc_event_free((isc_event_t **)&client->recvevent);
|
|
|
|
|
isc_timer_detach(&client->timer);
|
2012-09-29 13:07:09 +10:00
|
|
|
if (client->delaytimer != NULL)
|
|
|
|
|
isc_timer_detach(&client->delaytimer);
|
2001-11-14 22:00:22 +00:00
|
|
|
|
|
|
|
|
if (client->tcpbuf != NULL)
|
2011-10-10 22:57:14 +00:00
|
|
|
isc_mem_put(client->mctx, client->tcpbuf,
|
|
|
|
|
TCP_BUFFER_SIZE);
|
2001-11-14 22:00:22 +00:00
|
|
|
if (client->opt != NULL) {
|
|
|
|
|
INSIST(dns_rdataset_isassociated(client->opt));
|
|
|
|
|
dns_rdataset_disassociate(client->opt);
|
2011-10-10 22:57:14 +00:00
|
|
|
dns_message_puttemprdataset(client->message,
|
|
|
|
|
&client->opt);
|
2001-11-14 22:00:22 +00:00
|
|
|
}
|
2017-10-06 13:01:14 +11:00
|
|
|
if (client->keytag != NULL) {
|
|
|
|
|
isc_mem_put(client->mctx, client->keytag,
|
|
|
|
|
client->keytag_len);
|
|
|
|
|
client->keytag_len = 0;
|
|
|
|
|
}
|
2011-10-10 22:57:14 +00:00
|
|
|
|
2001-11-14 22:00:22 +00:00
|
|
|
dns_message_destroy(&client->message);
|
2011-10-10 22:57:14 +00:00
|
|
|
|
2001-11-14 22:00:22 +00:00
|
|
|
/*
|
|
|
|
|
* Detaching the task must be done after unlinking from
|
|
|
|
|
* the manager's lists because the manager accesses
|
|
|
|
|
* client->task.
|
|
|
|
|
*/
|
|
|
|
|
if (client->task != NULL)
|
|
|
|
|
isc_task_detach(&client->task);
|
|
|
|
|
|
|
|
|
|
CTRACE("free");
|
|
|
|
|
client->magic = 0;
|
2011-10-10 22:57:14 +00:00
|
|
|
|
2008-01-02 05:03:07 +00:00
|
|
|
/*
|
|
|
|
|
* Check that there are no other external references to
|
|
|
|
|
* the memory context.
|
|
|
|
|
*/
|
2017-09-08 13:39:09 -07:00
|
|
|
if ((client->sctx->options & NS_SERVER_CLIENTTEST) != 0 &&
|
|
|
|
|
isc_mem_references(client->mctx) != 1)
|
|
|
|
|
{
|
2008-01-02 05:03:07 +00:00
|
|
|
isc_mem_stats(client->mctx, stderr);
|
|
|
|
|
INSIST(0);
|
2018-11-07 15:00:07 +07:00
|
|
|
ISC_UNREACHABLE();
|
2008-01-02 05:03:07 +00:00
|
|
|
}
|
2015-02-03 11:42:58 +05:30
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Destroy the fetchlock mutex that was created in
|
|
|
|
|
* ns_query_init().
|
|
|
|
|
*/
|
2018-11-19 10:31:09 +00:00
|
|
|
isc_mutex_destroy(&client->query.fetchlock);
|
2015-02-03 11:42:58 +05:30
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
if (client->sctx != NULL)
|
|
|
|
|
ns_server_detach(&client->sctx);
|
|
|
|
|
|
2005-06-04 05:32:50 +00:00
|
|
|
isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
|
2000-02-10 22:16:56 +00:00
|
|
|
}
|
|
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
if (destroy_manager && manager != NULL)
|
|
|
|
|
clientmgr_destroy(manager);
|
2001-11-14 22:00:22 +00:00
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
return (true);
|
2000-02-10 22:16:56 +00:00
|
|
|
}
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2000-07-26 17:39:12 +00:00
|
|
|
* The client's task has received the client's control event
|
|
|
|
|
* as part of the startup process.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
client_start(isc_task_t *task, isc_event_t *event) {
|
|
|
|
|
ns_client_t *client = (ns_client_t *) event->ev_arg;
|
|
|
|
|
|
|
|
|
|
INSIST(task == client->task);
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-07-26 17:39:12 +00:00
|
|
|
UNUSED(task);
|
|
|
|
|
|
2001-11-14 22:00:22 +00:00
|
|
|
INSIST(client->nctls == 1);
|
|
|
|
|
client->nctls--;
|
|
|
|
|
|
|
|
|
|
if (exit_check(client))
|
|
|
|
|
return;
|
|
|
|
|
|
2000-07-26 17:39:12 +00:00
|
|
|
if (TCP_CLIENT(client)) {
|
2019-02-06 11:27:11 -08:00
|
|
|
if (client->tcpconn != NULL) {
|
2018-04-17 08:29:14 -07:00
|
|
|
client_read(client, false);
|
2015-01-20 16:10:30 -08:00
|
|
|
} else {
|
|
|
|
|
client_accept(client);
|
|
|
|
|
}
|
2000-07-26 17:39:12 +00:00
|
|
|
} else {
|
2001-01-27 02:08:07 +00:00
|
|
|
client_udprecv(client);
|
2000-07-26 17:39:12 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
1999-12-22 16:59:05 +00:00
|
|
|
* The client's task has received a shutdown event.
|
|
|
|
|
*/
|
1999-07-24 01:17:44 +00:00
|
|
|
static void
|
|
|
|
|
client_shutdown(isc_task_t *task, isc_event_t *event) {
|
|
|
|
|
ns_client_t *client;
|
|
|
|
|
|
|
|
|
|
REQUIRE(event != NULL);
|
2000-04-17 19:22:44 +00:00
|
|
|
REQUIRE(event->ev_type == ISC_TASKEVENT_SHUTDOWN);
|
|
|
|
|
client = event->ev_arg;
|
1999-07-24 01:17:44 +00:00
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
REQUIRE(task == client->task);
|
|
|
|
|
|
2000-05-02 01:16:21 +00:00
|
|
|
UNUSED(task);
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
CTRACE("shutdown");
|
|
|
|
|
|
|
|
|
|
isc_event_free(&event);
|
|
|
|
|
|
2000-02-14 23:56:47 +00:00
|
|
|
if (client->shutdown != NULL) {
|
|
|
|
|
(client->shutdown)(client->shutdown_arg, ISC_R_SHUTTINGDOWN);
|
|
|
|
|
client->shutdown = NULL;
|
|
|
|
|
client->shutdown_arg = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-22 19:19:30 +10:00
|
|
|
if (ISC_QLINK_LINKED(client, ilink))
|
|
|
|
|
ISC_QUEUE_UNLINK(client->manager->inactive, client, ilink);
|
|
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
client->newstate = NS_CLIENTSTATE_FREED;
|
2018-04-17 08:29:14 -07:00
|
|
|
client->needshutdown = false;
|
2000-04-17 19:22:44 +00:00
|
|
|
(void)exit_check(client);
|
2000-02-10 22:16:56 +00:00
|
|
|
}
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
static void
|
|
|
|
|
ns_client_endrequest(ns_client_t *client) {
|
2000-01-28 23:35:53 +00:00
|
|
|
INSIST(client->naccepts == 0);
|
|
|
|
|
INSIST(client->nreads == 0);
|
|
|
|
|
INSIST(client->nsends == 0);
|
2001-01-27 02:08:07 +00:00
|
|
|
INSIST(client->nrecvs == 0);
|
2004-07-23 02:57:27 +00:00
|
|
|
INSIST(client->nupdates == 0);
|
2011-10-10 22:57:14 +00:00
|
|
|
INSIST(client->state == NS_CLIENTSTATE_WORKING ||
|
|
|
|
|
client->state == NS_CLIENTSTATE_RECURSING);
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2000-05-02 01:16:21 +00:00
|
|
|
CTRACE("endrequest");
|
|
|
|
|
|
1999-08-03 01:21:00 +00:00
|
|
|
if (client->next != NULL) {
|
2000-02-10 22:16:56 +00:00
|
|
|
(client->next)(client);
|
1999-08-03 01:21:00 +00:00
|
|
|
client->next = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-05 11:46:11 +02:00
|
|
|
if (client->view != NULL) {
|
|
|
|
|
#ifdef ENABLE_AFL
|
2017-09-08 13:39:09 -07:00
|
|
|
if (client->sctx->fuzztype == isc_fuzz_resolver) {
|
2016-05-05 11:46:11 +02:00
|
|
|
dns_cache_clean(client->view->cache, INT_MAX);
|
|
|
|
|
dns_adb_flush(client->view->adb);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
1999-08-05 22:14:43 +00:00
|
|
|
dns_view_detach(&client->view);
|
2016-05-05 11:46:11 +02:00
|
|
|
}
|
1999-11-24 21:05:45 +00:00
|
|
|
if (client->opt != NULL) {
|
|
|
|
|
INSIST(dns_rdataset_isassociated(client->opt));
|
|
|
|
|
dns_rdataset_disassociate(client->opt);
|
|
|
|
|
dns_message_puttemprdataset(client->message, &client->opt);
|
|
|
|
|
}
|
2000-01-07 19:20:25 +00:00
|
|
|
|
2011-05-05 23:44:52 +00:00
|
|
|
client->signer = NULL;
|
1999-10-07 19:43:18 +00:00
|
|
|
client->udpsize = 512;
|
2000-11-13 21:34:03 +00:00
|
|
|
client->extflags = 0;
|
2005-06-07 00:16:01 +00:00
|
|
|
client->ednsversion = -1;
|
2019-02-17 20:32:07 +01:00
|
|
|
dns_ecs_init(&client->ecs);
|
1999-07-24 01:17:44 +00:00
|
|
|
dns_message_reset(client->message, DNS_MESSAGE_INTENTPARSE);
|
2000-01-15 00:36:26 +00:00
|
|
|
|
2012-05-14 10:06:05 -07:00
|
|
|
if (client->recursionquota != NULL) {
|
2000-02-10 22:16:56 +00:00
|
|
|
isc_quota_detach(&client->recursionquota);
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_decrement(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_recursclients);
|
2012-05-14 10:06:05 -07:00
|
|
|
}
|
2000-07-17 23:19:14 +00:00
|
|
|
|
|
|
|
|
/*
|
2000-08-01 01:33:37 +00:00
|
|
|
* Clear all client attributes that are specific to
|
2000-07-17 23:19:14 +00:00
|
|
|
* the request; that's all except the TCP flag.
|
|
|
|
|
*/
|
|
|
|
|
client->attributes &= NS_CLIENTATTR_TCP;
|
2016-05-05 11:46:11 +02:00
|
|
|
#ifdef ENABLE_AFL
|
2017-09-08 13:39:09 -07:00
|
|
|
if (client->sctx->fuzznotify != NULL &&
|
|
|
|
|
(client->sctx->fuzztype == isc_fuzz_client ||
|
|
|
|
|
client->sctx->fuzztype == isc_fuzz_tcpclient ||
|
|
|
|
|
client->sctx->fuzztype == isc_fuzz_resolver))
|
|
|
|
|
{
|
|
|
|
|
client->sctx->fuzznotify();
|
2016-05-05 11:46:11 +02:00
|
|
|
}
|
|
|
|
|
#endif /* ENABLE_AFL */
|
|
|
|
|
|
2000-03-06 17:35:13 +00:00
|
|
|
}
|
2000-01-15 00:36:26 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
void
|
|
|
|
|
ns_client_next(ns_client_t *client, isc_result_t result) {
|
|
|
|
|
int newstate;
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
2003-07-04 04:38:54 +00:00
|
|
|
REQUIRE(client->state == NS_CLIENTSTATE_WORKING ||
|
2011-10-10 22:57:14 +00:00
|
|
|
client->state == NS_CLIENTSTATE_RECURSING ||
|
2003-07-04 04:38:54 +00:00
|
|
|
client->state == NS_CLIENTSTATE_READING);
|
2000-05-02 01:16:21 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
CTRACE("next");
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-05-22 16:03:31 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
2000-04-04 18:28:51 +00:00
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
2000-02-10 22:16:56 +00:00
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
|
|
|
|
|
"request failed: %s", isc_result_totext(result));
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* An error processing a TCP request may have left
|
|
|
|
|
* the connection out of sync. To be safe, we always
|
|
|
|
|
* sever the connection when result != ISC_R_SUCCESS.
|
|
|
|
|
*/
|
|
|
|
|
if (result == ISC_R_SUCCESS && TCP_CLIENT(client))
|
|
|
|
|
newstate = NS_CLIENTSTATE_READING;
|
|
|
|
|
else
|
|
|
|
|
newstate = NS_CLIENTSTATE_READY;
|
|
|
|
|
|
|
|
|
|
if (client->newstate > newstate)
|
|
|
|
|
client->newstate = newstate;
|
2001-11-14 19:11:06 +00:00
|
|
|
(void)exit_check(client);
|
1999-07-24 01:17:44 +00:00
|
|
|
}
|
|
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
static void
|
|
|
|
|
client_senddone(isc_task_t *task, isc_event_t *event) {
|
|
|
|
|
ns_client_t *client;
|
2000-01-28 23:35:53 +00:00
|
|
|
isc_socketevent_t *sevent = (isc_socketevent_t *) event;
|
1999-07-24 01:17:44 +00:00
|
|
|
|
|
|
|
|
REQUIRE(sevent != NULL);
|
2000-04-17 19:22:44 +00:00
|
|
|
REQUIRE(sevent->ev_type == ISC_SOCKEVENT_SENDDONE);
|
|
|
|
|
client = sevent->ev_arg;
|
1999-07-24 01:17:44 +00:00
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
REQUIRE(task == client->task);
|
2001-02-12 21:45:37 +00:00
|
|
|
REQUIRE(sevent == client->sendevent);
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2000-07-26 17:39:12 +00:00
|
|
|
UNUSED(task);
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
CTRACE("senddone");
|
|
|
|
|
|
2000-05-22 16:03:31 +00:00
|
|
|
if (sevent->result != ISC_R_SUCCESS)
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
|
|
|
|
|
"error sending response: %s",
|
|
|
|
|
isc_result_totext(sevent->result));
|
|
|
|
|
|
1999-07-24 03:02:57 +00:00
|
|
|
INSIST(client->nsends > 0);
|
1999-07-24 01:17:44 +00:00
|
|
|
client->nsends--;
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-06-22 00:05:11 +00:00
|
|
|
if (client->tcpbuf != NULL) {
|
2000-06-22 02:21:06 +00:00
|
|
|
INSIST(TCP_CLIENT(client));
|
2000-06-22 00:05:11 +00:00
|
|
|
isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
|
|
|
|
|
client->tcpbuf = NULL;
|
|
|
|
|
}
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2000-01-28 23:35:53 +00:00
|
|
|
ns_client_next(client, ISC_R_SUCCESS);
|
1999-07-24 01:17:44 +00:00
|
|
|
}
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*%
|
2001-03-06 04:18:42 +00:00
|
|
|
* We only want to fail with ISC_R_NOSPACE when called from
|
|
|
|
|
* ns_client_sendraw() and not when called from ns_client_send(),
|
|
|
|
|
* tcpbuffer is NULL when called from ns_client_sendraw() and
|
|
|
|
|
* length != 0. tcpbuffer != NULL when called from ns_client_send()
|
|
|
|
|
* and length == 0.
|
|
|
|
|
*/
|
|
|
|
|
|
2000-09-13 03:15:01 +00:00
|
|
|
static isc_result_t
|
|
|
|
|
client_allocsendbuf(ns_client_t *client, isc_buffer_t *buffer,
|
2018-03-28 14:19:37 +02:00
|
|
|
isc_buffer_t *tcpbuffer, uint32_t length,
|
2001-03-06 01:24:40 +00:00
|
|
|
unsigned char *sendbuf, unsigned char **datap)
|
2000-09-13 03:15:01 +00:00
|
|
|
{
|
2000-09-13 01:30:34 +00:00
|
|
|
unsigned char *data;
|
2018-03-28 14:19:37 +02:00
|
|
|
uint32_t bufsize;
|
2000-09-13 03:15:01 +00:00
|
|
|
isc_result_t result;
|
2000-09-13 01:30:34 +00:00
|
|
|
|
2000-09-13 03:15:01 +00:00
|
|
|
INSIST(datap != NULL);
|
2001-03-06 04:18:42 +00:00
|
|
|
INSIST((tcpbuffer == NULL && length != 0) ||
|
|
|
|
|
(tcpbuffer != NULL && length == 0));
|
2000-09-13 01:30:34 +00:00
|
|
|
|
|
|
|
|
if (TCP_CLIENT(client)) {
|
|
|
|
|
INSIST(client->tcpbuf == NULL);
|
2001-03-06 04:18:42 +00:00
|
|
|
if (length + 2 > TCP_BUFFER_SIZE) {
|
2000-09-13 01:30:34 +00:00
|
|
|
result = ISC_R_NOSPACE;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
client->tcpbuf = isc_mem_get(client->mctx, TCP_BUFFER_SIZE);
|
|
|
|
|
if (client->tcpbuf == NULL) {
|
|
|
|
|
result = ISC_R_NOMEMORY;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
data = client->tcpbuf;
|
2000-09-13 03:15:01 +00:00
|
|
|
if (tcpbuffer != NULL) {
|
|
|
|
|
isc_buffer_init(tcpbuffer, data, TCP_BUFFER_SIZE);
|
|
|
|
|
isc_buffer_init(buffer, data + 2, TCP_BUFFER_SIZE - 2);
|
|
|
|
|
} else {
|
|
|
|
|
isc_buffer_init(buffer, data, TCP_BUFFER_SIZE);
|
2001-03-12 22:27:15 +00:00
|
|
|
INSIST(length <= 0xffff);
|
2018-03-28 14:19:37 +02:00
|
|
|
isc_buffer_putuint16(buffer, (uint16_t)length);
|
2000-09-13 03:15:01 +00:00
|
|
|
}
|
2000-09-13 01:30:34 +00:00
|
|
|
} else {
|
2001-03-06 01:24:40 +00:00
|
|
|
data = sendbuf;
|
2015-07-06 09:44:24 +10:00
|
|
|
if ((client->attributes & NS_CLIENTATTR_HAVECOOKIE) == 0) {
|
2014-02-19 12:53:42 +11:00
|
|
|
if (client->view != NULL)
|
2015-07-06 09:44:24 +10:00
|
|
|
bufsize = client->view->nocookieudp;
|
2014-02-19 12:53:42 +11:00
|
|
|
else
|
|
|
|
|
bufsize = 512;
|
|
|
|
|
} else
|
|
|
|
|
bufsize = client->udpsize;
|
|
|
|
|
if (bufsize > client->udpsize)
|
|
|
|
|
bufsize = client->udpsize;
|
|
|
|
|
if (bufsize > SEND_BUFFER_SIZE)
|
|
|
|
|
bufsize = SEND_BUFFER_SIZE;
|
2001-03-06 04:18:42 +00:00
|
|
|
if (length > bufsize) {
|
2000-09-13 01:30:34 +00:00
|
|
|
result = ISC_R_NOSPACE;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
2000-09-13 03:15:01 +00:00
|
|
|
isc_buffer_init(buffer, data, bufsize);
|
2000-09-13 01:30:34 +00:00
|
|
|
}
|
2000-09-13 03:15:01 +00:00
|
|
|
*datap = data;
|
|
|
|
|
result = ISC_R_SUCCESS;
|
2000-09-13 01:30:34 +00:00
|
|
|
|
2000-09-13 03:15:01 +00:00
|
|
|
done:
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
|
|
|
|
client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
|
|
|
|
|
struct in6_pktinfo *pktinfo;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
isc_region_t r;
|
|
|
|
|
isc_sockaddr_t *address;
|
2015-02-27 10:55:55 +11:00
|
|
|
isc_socket_t *sock;
|
2000-11-03 02:45:55 +00:00
|
|
|
isc_netaddr_t netaddr;
|
|
|
|
|
int match;
|
2001-03-06 01:24:40 +00:00
|
|
|
unsigned int sockflags = ISC_SOCKFLAG_IMMEDIATE;
|
2013-03-22 12:27:54 -07:00
|
|
|
isc_dscp_t dispdscp = -1;
|
2000-09-13 01:30:34 +00:00
|
|
|
|
|
|
|
|
if (TCP_CLIENT(client)) {
|
2015-02-27 10:55:55 +11:00
|
|
|
sock = client->tcpsocket;
|
2000-09-13 01:30:34 +00:00
|
|
|
address = NULL;
|
|
|
|
|
} else {
|
2017-09-08 13:39:09 -07:00
|
|
|
dns_aclenv_t *env =
|
|
|
|
|
ns_interfacemgr_getaclenv(client->interface->mgr);
|
|
|
|
|
|
2015-02-27 10:55:55 +11:00
|
|
|
sock = client->udpsocket;
|
2001-01-27 02:08:07 +00:00
|
|
|
address = &client->peeraddr;
|
2000-11-03 02:45:55 +00:00
|
|
|
|
|
|
|
|
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
|
2017-09-08 13:39:09 -07:00
|
|
|
if (client->sctx->blackholeacl != NULL &&
|
2018-04-26 20:57:41 -07:00
|
|
|
(dns_acl_match(&netaddr, NULL, client->sctx->blackholeacl,
|
|
|
|
|
env, &match, NULL) == ISC_R_SUCCESS) &&
|
2000-11-03 02:45:55 +00:00
|
|
|
match > 0)
|
2018-04-26 20:57:41 -07:00
|
|
|
{
|
2000-11-03 02:45:55 +00:00
|
|
|
return (DNS_R_BLACKHOLED);
|
2018-04-26 20:57:41 -07:00
|
|
|
}
|
2001-03-06 01:24:40 +00:00
|
|
|
sockflags |= ISC_SOCKFLAG_NORETRY;
|
2000-09-13 01:30:34 +00:00
|
|
|
}
|
2000-09-13 03:15:01 +00:00
|
|
|
|
2001-10-09 02:39:03 +00:00
|
|
|
if ((client->attributes & NS_CLIENTATTR_PKTINFO) != 0 &&
|
2001-10-13 00:44:24 +00:00
|
|
|
(client->attributes & NS_CLIENTATTR_MULTICAST) == 0)
|
2000-09-13 01:30:34 +00:00
|
|
|
pktinfo = &client->pktinfo;
|
|
|
|
|
else
|
|
|
|
|
pktinfo = NULL;
|
2000-09-13 03:15:01 +00:00
|
|
|
|
2013-03-22 12:27:54 -07:00
|
|
|
if (client->dispatch != NULL) {
|
|
|
|
|
dispdscp = dns_dispatch_getdscp(client->dispatch);
|
|
|
|
|
if (dispdscp != -1)
|
|
|
|
|
client->dscp = dispdscp;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (client->dscp == -1) {
|
|
|
|
|
client->sendevent->attributes &= ~ISC_SOCKEVENTATTR_DSCP;
|
|
|
|
|
client->sendevent->dscp = 0;
|
|
|
|
|
} else {
|
|
|
|
|
client->sendevent->attributes |= ISC_SOCKEVENTATTR_DSCP;
|
|
|
|
|
client->sendevent->dscp = client->dscp;
|
|
|
|
|
}
|
|
|
|
|
|
2000-09-13 03:15:01 +00:00
|
|
|
isc_buffer_usedregion(buffer, &r);
|
|
|
|
|
|
2016-08-12 09:41:59 +10:00
|
|
|
/*
|
|
|
|
|
* If this is a UDP client and the IPv6 packet can't be
|
|
|
|
|
* encapsulated without generating a PTB on a 1500 octet
|
|
|
|
|
* MTU link force fragmentation at 1280 if it is a IPv6
|
|
|
|
|
* response.
|
|
|
|
|
*/
|
2016-12-14 10:42:38 +11:00
|
|
|
client->sendevent->attributes &= ~ISC_SOCKEVENTATTR_USEMINMTU;
|
2016-08-12 09:41:59 +10:00
|
|
|
if (!TCP_CLIENT(client) && r.length > 1432)
|
|
|
|
|
client->sendevent->attributes |= ISC_SOCKEVENTATTR_USEMINMTU;
|
|
|
|
|
|
2000-09-13 03:15:01 +00:00
|
|
|
CTRACE("sendto");
|
2008-01-18 23:46:58 +00:00
|
|
|
|
2015-02-27 10:55:55 +11:00
|
|
|
result = isc_socket_sendto2(sock, &r, client->task,
|
2001-02-12 21:45:37 +00:00
|
|
|
address, pktinfo,
|
2001-03-06 01:24:40 +00:00
|
|
|
client->sendevent, sockflags);
|
2001-02-12 21:45:37 +00:00
|
|
|
if (result == ISC_R_SUCCESS || result == ISC_R_INPROGRESS) {
|
2000-09-13 01:30:34 +00:00
|
|
|
client->nsends++;
|
2001-02-12 21:45:37 +00:00
|
|
|
if (result == ISC_R_SUCCESS)
|
|
|
|
|
client_senddone(client->task,
|
|
|
|
|
(isc_event_t *)client->sendevent);
|
2001-02-14 01:46:59 +00:00
|
|
|
result = ISC_R_SUCCESS;
|
2000-09-13 01:30:34 +00:00
|
|
|
}
|
2000-09-13 03:15:01 +00:00
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ns_client_sendraw(ns_client_t *client, dns_message_t *message) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
unsigned char *data;
|
|
|
|
|
isc_buffer_t buffer;
|
|
|
|
|
isc_region_t r;
|
|
|
|
|
isc_region_t *mr;
|
2001-03-06 01:24:40 +00:00
|
|
|
unsigned char sendbuf[SEND_BUFFER_SIZE];
|
2000-09-13 03:15:01 +00:00
|
|
|
|
|
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
|
|
|
|
|
CTRACE("sendraw");
|
|
|
|
|
|
|
|
|
|
mr = dns_message_getrawmessage(message);
|
|
|
|
|
if (mr == NULL) {
|
|
|
|
|
result = ISC_R_UNEXPECTEDEND;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
2001-03-06 01:24:40 +00:00
|
|
|
result = client_allocsendbuf(client, &buffer, NULL, mr->length,
|
|
|
|
|
sendbuf, &data);
|
2000-09-13 03:15:01 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Copy message to buffer and fixup id.
|
|
|
|
|
*/
|
|
|
|
|
isc_buffer_availableregion(&buffer, &r);
|
|
|
|
|
result = isc_buffer_copyregion(&buffer, mr);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto done;
|
|
|
|
|
r.base[0] = (client->message->id >> 8) & 0xff;
|
|
|
|
|
r.base[1] = client->message->id & 0xff;
|
|
|
|
|
|
|
|
|
|
result = client_sendpkg(client, &buffer);
|
|
|
|
|
if (result == ISC_R_SUCCESS)
|
|
|
|
|
return;
|
2000-09-13 01:30:34 +00:00
|
|
|
|
|
|
|
|
done:
|
|
|
|
|
if (client->tcpbuf != NULL) {
|
|
|
|
|
isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
|
|
|
|
|
client->tcpbuf = NULL;
|
|
|
|
|
}
|
|
|
|
|
ns_client_next(client, result);
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-29 13:07:09 +10:00
|
|
|
static void
|
|
|
|
|
client_send(ns_client_t *client) {
|
1999-07-24 01:17:44 +00:00
|
|
|
isc_result_t result;
|
|
|
|
|
unsigned char *data;
|
|
|
|
|
isc_buffer_t buffer;
|
1999-08-05 01:51:32 +00:00
|
|
|
isc_buffer_t tcpbuffer;
|
1999-07-24 01:17:44 +00:00
|
|
|
isc_region_t r;
|
2001-03-05 21:15:47 +00:00
|
|
|
dns_compress_t cctx;
|
2018-04-17 08:29:14 -07:00
|
|
|
bool cleanup_cctx = false;
|
2001-03-06 01:24:40 +00:00
|
|
|
unsigned char sendbuf[SEND_BUFFER_SIZE];
|
2009-10-26 23:14:54 +00:00
|
|
|
unsigned int render_opts;
|
2002-04-26 00:40:37 +00:00
|
|
|
unsigned int preferred_glue;
|
2018-04-17 08:29:14 -07:00
|
|
|
bool opt_included = false;
|
2015-07-06 22:20:03 -07:00
|
|
|
size_t respsize;
|
2017-09-08 13:39:09 -07:00
|
|
|
dns_aclenv_t *env = ns_interfacemgr_getaclenv(client->interface->mgr);
|
2015-10-02 12:32:42 -07:00
|
|
|
#ifdef HAVE_DNSTAP
|
|
|
|
|
unsigned char zone[DNS_NAME_MAXWIRE];
|
|
|
|
|
dns_dtmsgtype_t dtmsgtype;
|
|
|
|
|
isc_region_t zr;
|
|
|
|
|
#endif /* HAVE_DNSTAP */
|
1999-07-24 01:17:44 +00:00
|
|
|
|
|
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
|
|
|
|
|
CTRACE("send");
|
|
|
|
|
|
2016-12-13 16:27:18 +11:00
|
|
|
if (client->message->opcode == dns_opcode_query &&
|
|
|
|
|
(client->attributes & NS_CLIENTATTR_RA) != 0)
|
1999-12-10 23:58:04 +00:00
|
|
|
client->message->flags |= DNS_MESSAGEFLAG_RA;
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2002-01-23 08:46:40 +00:00
|
|
|
if ((client->attributes & NS_CLIENTATTR_WANTDNSSEC) != 0)
|
2009-10-26 23:14:54 +00:00
|
|
|
render_opts = 0;
|
2002-01-23 08:46:40 +00:00
|
|
|
else
|
2009-10-26 23:14:54 +00:00
|
|
|
render_opts = DNS_MESSAGERENDER_OMITDNSSEC;
|
2012-01-31 06:58:39 +00:00
|
|
|
|
|
|
|
|
preferred_glue = 0;
|
|
|
|
|
if (client->view != NULL) {
|
|
|
|
|
if (client->view->preferred_glue == dns_rdatatype_a)
|
|
|
|
|
preferred_glue = DNS_MESSAGERENDER_PREFER_A;
|
|
|
|
|
else if (client->view->preferred_glue == dns_rdatatype_aaaa)
|
|
|
|
|
preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA;
|
|
|
|
|
}
|
2015-09-11 13:27:58 +10:00
|
|
|
if (preferred_glue == 0) {
|
|
|
|
|
if (isc_sockaddr_pf(&client->peeraddr) == AF_INET)
|
|
|
|
|
preferred_glue = DNS_MESSAGERENDER_PREFER_A;
|
|
|
|
|
else
|
|
|
|
|
preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA;
|
|
|
|
|
}
|
2012-01-31 06:58:39 +00:00
|
|
|
|
2014-02-20 14:56:20 +11:00
|
|
|
/*
|
|
|
|
|
* Create an OPT for our reply.
|
|
|
|
|
*/
|
|
|
|
|
if ((client->attributes & NS_CLIENTATTR_WANTOPT) != 0) {
|
2014-02-20 17:51:31 +11:00
|
|
|
result = ns_client_addopt(client, client->message,
|
|
|
|
|
&client->opt);
|
2014-02-20 14:56:20 +11:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
1999-07-28 02:20:36 +00:00
|
|
|
/*
|
2000-10-13 23:38:45 +00:00
|
|
|
* XXXRTH The following doesn't deal with TCP buffer resizing.
|
1999-07-28 02:20:36 +00:00
|
|
|
*/
|
2001-03-06 01:24:40 +00:00
|
|
|
result = client_allocsendbuf(client, &buffer, &tcpbuffer, 0,
|
|
|
|
|
sendbuf, &data);
|
2000-09-13 03:15:01 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto done;
|
1999-08-05 01:51:32 +00:00
|
|
|
|
2001-03-05 21:15:47 +00:00
|
|
|
result = dns_compress_init(&cctx, -1, client->mctx);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto done;
|
2014-02-06 19:37:26 -08:00
|
|
|
if (client->peeraddr_valid && client->view != NULL) {
|
|
|
|
|
isc_netaddr_t netaddr;
|
|
|
|
|
dns_name_t *name = NULL;
|
|
|
|
|
|
|
|
|
|
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
|
|
|
|
|
if (client->message->tsigkey != NULL)
|
|
|
|
|
name = &client->message->tsigkey->name;
|
2015-11-05 12:19:04 +01:00
|
|
|
|
2014-02-06 19:37:26 -08:00
|
|
|
if (client->view->nocasecompress == NULL ||
|
2018-04-26 20:57:41 -07:00
|
|
|
!dns_acl_allowed(&netaddr, name,
|
2017-09-08 13:39:09 -07:00
|
|
|
client->view->nocasecompress, env))
|
2014-02-06 19:37:26 -08:00
|
|
|
{
|
2018-04-17 08:29:14 -07:00
|
|
|
dns_compress_setsensitive(&cctx, true);
|
2014-02-06 19:37:26 -08:00
|
|
|
}
|
2015-11-05 12:19:04 +01:00
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
if (client->view->msgcompression == false) {
|
2015-11-05 12:19:04 +01:00
|
|
|
dns_compress_disable(&cctx);
|
|
|
|
|
}
|
2014-02-06 19:37:26 -08:00
|
|
|
}
|
2018-04-17 08:29:14 -07:00
|
|
|
cleanup_cctx = true;
|
2001-03-05 21:15:47 +00:00
|
|
|
|
|
|
|
|
result = dns_message_renderbegin(client->message, &cctx, &buffer);
|
1999-07-24 01:17:44 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto done;
|
2008-04-03 02:01:08 +00:00
|
|
|
|
1999-09-02 01:52:31 +00:00
|
|
|
if (client->opt != NULL) {
|
|
|
|
|
result = dns_message_setopt(client->message, client->opt);
|
2018-04-17 08:29:14 -07:00
|
|
|
opt_included = true;
|
1999-11-24 21:05:45 +00:00
|
|
|
client->opt = NULL;
|
2001-02-14 02:51:12 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto done;
|
1999-09-02 01:52:31 +00:00
|
|
|
}
|
1999-07-24 01:17:44 +00:00
|
|
|
result = dns_message_rendersection(client->message,
|
1999-12-22 03:22:59 +00:00
|
|
|
DNS_SECTION_QUESTION, 0);
|
2001-01-08 20:36:14 +00:00
|
|
|
if (result == ISC_R_NOSPACE) {
|
|
|
|
|
client->message->flags |= DNS_MESSAGEFLAG_TC;
|
|
|
|
|
goto renderend;
|
|
|
|
|
}
|
1999-07-24 01:17:44 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto done;
|
2013-02-25 10:49:30 -08:00
|
|
|
/*
|
|
|
|
|
* Stop after the question if TC was set for rate limiting.
|
|
|
|
|
*/
|
|
|
|
|
if ((client->message->flags & DNS_MESSAGEFLAG_TC) != 0)
|
|
|
|
|
goto renderend;
|
1999-07-28 02:20:36 +00:00
|
|
|
result = dns_message_rendersection(client->message,
|
2001-06-05 09:02:16 +00:00
|
|
|
DNS_SECTION_ANSWER,
|
2002-01-23 08:46:40 +00:00
|
|
|
DNS_MESSAGERENDER_PARTIAL |
|
2009-10-26 23:14:54 +00:00
|
|
|
render_opts);
|
1999-09-01 18:25:05 +00:00
|
|
|
if (result == ISC_R_NOSPACE) {
|
|
|
|
|
client->message->flags |= DNS_MESSAGEFLAG_TC;
|
|
|
|
|
goto renderend;
|
|
|
|
|
}
|
1999-07-28 02:20:36 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto done;
|
|
|
|
|
result = dns_message_rendersection(client->message,
|
2001-06-05 09:02:16 +00:00
|
|
|
DNS_SECTION_AUTHORITY,
|
2002-01-23 08:46:40 +00:00
|
|
|
DNS_MESSAGERENDER_PARTIAL |
|
2009-10-26 23:14:54 +00:00
|
|
|
render_opts);
|
1999-09-01 18:25:05 +00:00
|
|
|
if (result == ISC_R_NOSPACE) {
|
|
|
|
|
client->message->flags |= DNS_MESSAGEFLAG_TC;
|
|
|
|
|
goto renderend;
|
|
|
|
|
}
|
1999-07-28 02:20:36 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto done;
|
|
|
|
|
result = dns_message_rendersection(client->message,
|
2002-01-23 08:46:40 +00:00
|
|
|
DNS_SECTION_ADDITIONAL,
|
2009-10-26 23:14:54 +00:00
|
|
|
preferred_glue | render_opts);
|
1999-07-28 02:20:36 +00:00
|
|
|
if (result != ISC_R_SUCCESS && result != ISC_R_NOSPACE)
|
|
|
|
|
goto done;
|
1999-09-01 18:25:05 +00:00
|
|
|
renderend:
|
1999-07-24 01:17:44 +00:00
|
|
|
result = dns_message_renderend(client->message);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto done;
|
1999-08-05 01:51:32 +00:00
|
|
|
|
2015-10-02 12:32:42 -07:00
|
|
|
#ifdef HAVE_DNSTAP
|
|
|
|
|
memset(&zr, 0, sizeof(zr));
|
|
|
|
|
if (((client->message->flags & DNS_MESSAGEFLAG_AA) != 0) &&
|
|
|
|
|
(client->query.authzone != NULL))
|
|
|
|
|
{
|
|
|
|
|
isc_buffer_t b;
|
|
|
|
|
dns_name_t *zo =
|
|
|
|
|
dns_zone_getorigin(client->query.authzone);
|
|
|
|
|
|
|
|
|
|
isc_buffer_init(&b, zone, sizeof(zone));
|
|
|
|
|
dns_compress_setmethods(&cctx, DNS_COMPRESS_NONE);
|
|
|
|
|
result = dns_name_towire(zo, &cctx, &b);
|
|
|
|
|
if (result == ISC_R_SUCCESS)
|
|
|
|
|
isc_buffer_usedregion(&b, &zr);
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-02 14:13:14 -07:00
|
|
|
if (client->message->opcode == dns_opcode_update) {
|
|
|
|
|
dtmsgtype = DNS_DTTYPE_UR;
|
|
|
|
|
} else if ((client->message->flags & DNS_MESSAGEFLAG_RD) != 0) {
|
2015-10-02 12:32:42 -07:00
|
|
|
dtmsgtype = DNS_DTTYPE_CR;
|
2018-10-02 14:13:14 -07:00
|
|
|
} else {
|
2015-10-02 12:32:42 -07:00
|
|
|
dtmsgtype = DNS_DTTYPE_AR;
|
2018-10-02 14:13:14 -07:00
|
|
|
}
|
2015-10-02 12:32:42 -07:00
|
|
|
#endif /* HAVE_DNSTAP */
|
|
|
|
|
|
2001-03-05 21:15:47 +00:00
|
|
|
if (cleanup_cctx) {
|
|
|
|
|
dns_compress_invalidate(&cctx);
|
2018-04-17 08:29:14 -07:00
|
|
|
cleanup_cctx = false;
|
2001-03-05 21:15:47 +00:00
|
|
|
}
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
if (client->sendcb != NULL) {
|
|
|
|
|
client->sendcb(&buffer);
|
|
|
|
|
} else if (TCP_CLIENT(client)) {
|
103. [func] libisc buffer API changes for <isc/buffer.h>:
Added:
isc_buffer_base(b) (pointer)
isc_buffer_current(b) (pointer)
isc_buffer_active(b) (pointer)
isc_buffer_used(b) (pointer)
isc_buffer_length(b) (int)
isc_buffer_usedlength(b) (int)
isc_buffer_consumedlength(b) (int)
isc_buffer_remaininglength(b) (int)
isc_buffer_activelength(b) (int)
isc_buffer_availablelength(b) (int)
Removed:
ISC_BUFFER_USEDCOUNT(b)
ISC_BUFFER_AVAILABLECOUNT(b)
isc_buffer_type(b)
Changed names:
isc_buffer_used(b, r) ->
isc_buffer_usedregion(b, r)
isc_buffer_available(b, r) ->
isc_buffer_available_region(b, r)
isc_buffer_consumed(b, r) ->
isc_buffer_consumedregion(b, r)
isc_buffer_active(b, r) ->
isc_buffer_activeregion(b, r)
isc_buffer_remaining(b, r) ->
isc_buffer_remainingregion(b, r)
Buffer types were removed, so the ISC_BUFFERTYPE_*
macros are no more, and the type argument to
isc_buffer_init and isc_buffer_allocate were removed.
isc_buffer_putstr is now void (instead of isc_result_t)
and requires that the caller ensure that there
is enough available buffer space for the string.
2000-04-27 00:03:12 +00:00
|
|
|
isc_buffer_usedregion(&buffer, &r);
|
2018-03-28 14:19:37 +02:00
|
|
|
isc_buffer_putuint16(&tcpbuffer, (uint16_t) r.length);
|
1999-08-05 01:51:32 +00:00
|
|
|
isc_buffer_add(&tcpbuffer, r.length);
|
2015-10-02 12:32:42 -07:00
|
|
|
#ifdef HAVE_DNSTAP
|
|
|
|
|
if (client->view != NULL) {
|
|
|
|
|
dns_dt_send(client->view, dtmsgtype,
|
2018-04-09 18:07:47 +01:00
|
|
|
&client->peeraddr, &client->destsockaddr,
|
2018-04-17 08:29:14 -07:00
|
|
|
true, &zr, &client->requesttime, NULL,
|
2017-02-03 17:05:58 -08:00
|
|
|
&buffer);
|
2015-10-02 12:32:42 -07:00
|
|
|
}
|
|
|
|
|
#endif /* HAVE_DNSTAP */
|
|
|
|
|
|
2016-07-13 16:56:11 +10:00
|
|
|
/* don't count the 2-octet length header */
|
|
|
|
|
respsize = isc_buffer_usedlength(&tcpbuffer) - 2;
|
|
|
|
|
result = client_sendpkg(client, &tcpbuffer);
|
2016-06-22 23:45:21 +00:00
|
|
|
|
2016-06-23 08:44:54 +10:00
|
|
|
switch (isc_sockaddr_pf(&client->peeraddr)) {
|
|
|
|
|
case AF_INET:
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_stats_increment(client->sctx->tcpoutstats4,
|
2016-06-23 08:44:54 +10:00
|
|
|
ISC_MIN((int)respsize / 16, 256));
|
|
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_stats_increment(client->sctx->tcpoutstats6,
|
2016-06-23 08:44:54 +10:00
|
|
|
ISC_MIN((int)respsize / 16, 256));
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
INSIST(0);
|
2018-11-07 15:00:07 +07:00
|
|
|
ISC_UNREACHABLE();
|
2016-06-23 08:44:54 +10:00
|
|
|
}
|
2015-07-06 22:20:03 -07:00
|
|
|
} else {
|
2015-10-02 12:32:42 -07:00
|
|
|
#ifdef HAVE_DNSTAP
|
2018-10-02 14:13:14 -07:00
|
|
|
/*
|
|
|
|
|
* Log dnstap data first, because client_sendpkg() may
|
|
|
|
|
* leave client->view set to NULL.
|
|
|
|
|
*/
|
2015-10-02 12:32:42 -07:00
|
|
|
if (client->view != NULL) {
|
|
|
|
|
dns_dt_send(client->view, dtmsgtype,
|
2017-02-03 17:05:58 -08:00
|
|
|
&client->peeraddr,
|
2018-04-09 18:07:47 +01:00
|
|
|
&client->destsockaddr,
|
2018-04-17 08:29:14 -07:00
|
|
|
false, &zr,
|
2015-10-02 12:32:42 -07:00
|
|
|
&client->requesttime, NULL, &buffer);
|
|
|
|
|
}
|
|
|
|
|
#endif /* HAVE_DNSTAP */
|
|
|
|
|
|
2018-10-02 14:13:14 -07:00
|
|
|
respsize = isc_buffer_usedlength(&buffer);
|
|
|
|
|
result = client_sendpkg(client, &buffer);
|
|
|
|
|
|
2016-06-23 08:44:54 +10:00
|
|
|
switch (isc_sockaddr_pf(&client->peeraddr)) {
|
|
|
|
|
case AF_INET:
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_stats_increment(client->sctx->udpoutstats4,
|
2016-06-23 08:44:54 +10:00
|
|
|
ISC_MIN((int)respsize / 16, 256));
|
|
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_stats_increment(client->sctx->udpoutstats6,
|
2016-06-23 08:44:54 +10:00
|
|
|
ISC_MIN((int)respsize / 16, 256));
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
INSIST(0);
|
2018-11-07 15:00:07 +07:00
|
|
|
ISC_UNREACHABLE();
|
2016-06-23 08:44:54 +10:00
|
|
|
}
|
2015-07-06 22:20:03 -07:00
|
|
|
}
|
|
|
|
|
|
2008-04-03 05:55:52 +00:00
|
|
|
/* update statistics (XXXJT: is it okay to access message->xxxkey?) */
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats, ns_statscounter_response);
|
2015-07-06 22:20:03 -07:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
dns_rcodestats_increment(client->sctx->rcodestats,
|
2016-06-23 08:44:54 +10:00
|
|
|
client->message->rcode);
|
2008-04-03 05:55:52 +00:00
|
|
|
if (opt_included) {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_edns0out);
|
2008-04-03 05:55:52 +00:00
|
|
|
}
|
|
|
|
|
if (client->message->tsigkey != NULL) {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_tsigout);
|
2008-04-03 05:55:52 +00:00
|
|
|
}
|
|
|
|
|
if (client->message->sig0key != NULL) {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_sig0out);
|
2008-04-03 05:55:52 +00:00
|
|
|
}
|
|
|
|
|
if ((client->message->flags & DNS_MESSAGEFLAG_TC) != 0)
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_truncatedresp);
|
2008-04-03 05:55:52 +00:00
|
|
|
|
2000-09-13 03:15:01 +00:00
|
|
|
if (result == ISC_R_SUCCESS)
|
2000-01-28 23:35:53 +00:00
|
|
|
return;
|
2000-06-22 00:05:11 +00:00
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
done:
|
2000-06-22 00:05:11 +00:00
|
|
|
if (client->tcpbuf != NULL) {
|
|
|
|
|
isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
|
|
|
|
|
client->tcpbuf = NULL;
|
|
|
|
|
}
|
2001-03-05 21:15:47 +00:00
|
|
|
|
|
|
|
|
if (cleanup_cctx)
|
|
|
|
|
dns_compress_invalidate(&cctx);
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
ns_client_next(client, result);
|
|
|
|
|
}
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2012-09-29 13:07:09 +10:00
|
|
|
/*
|
|
|
|
|
* Completes the sending of a delayed client response.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
client_delay(isc_task_t *task, isc_event_t *event) {
|
2012-09-29 23:46:01 +00:00
|
|
|
ns_client_t *client;
|
2012-09-29 13:07:09 +10:00
|
|
|
|
2012-09-29 23:46:01 +00:00
|
|
|
REQUIRE(event != NULL);
|
|
|
|
|
REQUIRE(event->ev_type == ISC_TIMEREVENT_LIFE ||
|
|
|
|
|
event->ev_type == ISC_TIMEREVENT_IDLE);
|
|
|
|
|
client = event->ev_arg;
|
|
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
REQUIRE(task == client->task);
|
|
|
|
|
REQUIRE(client->delaytimer != NULL);
|
2012-09-29 13:07:09 +10:00
|
|
|
|
|
|
|
|
UNUSED(task);
|
|
|
|
|
|
|
|
|
|
CTRACE("client_delay");
|
|
|
|
|
|
|
|
|
|
isc_event_free(&event);
|
|
|
|
|
isc_timer_detach(&client->delaytimer);
|
|
|
|
|
|
|
|
|
|
client_send(client);
|
|
|
|
|
ns_client_detach(&client);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ns_client_send(ns_client_t *client) {
|
|
|
|
|
/*
|
2017-09-08 13:39:09 -07:00
|
|
|
* Delay the response according to the -T delay option
|
2012-09-29 13:07:09 +10:00
|
|
|
*/
|
2017-09-08 13:39:09 -07:00
|
|
|
if (client->sctx->delay != 0) {
|
2012-09-29 13:07:09 +10:00
|
|
|
ns_client_t *dummy = NULL;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
isc_interval_t interval;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Replace ourselves if we have not already been replaced.
|
|
|
|
|
*/
|
|
|
|
|
if (!client->mortal) {
|
|
|
|
|
result = ns_client_replace(client);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto nodelay;
|
|
|
|
|
}
|
2012-09-29 23:46:01 +00:00
|
|
|
|
2012-09-29 13:07:09 +10:00
|
|
|
ns_client_attach(client, &dummy);
|
2017-09-08 13:39:09 -07:00
|
|
|
if (client->sctx->delay >= 1000)
|
|
|
|
|
isc_interval_set(&interval, client->sctx->delay / 1000,
|
|
|
|
|
(client->sctx->delay % 1000) * 1000000);
|
2012-09-29 13:07:09 +10:00
|
|
|
else
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_interval_set(&interval, 0,
|
|
|
|
|
client->sctx->delay * 1000000);
|
2012-09-29 13:07:09 +10:00
|
|
|
result = isc_timer_create(client->manager->timermgr,
|
|
|
|
|
isc_timertype_once, NULL, &interval,
|
|
|
|
|
client->task, client_delay,
|
|
|
|
|
client, &client->delaytimer);
|
|
|
|
|
if (result == ISC_R_SUCCESS)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
ns_client_detach(&dummy);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nodelay:
|
|
|
|
|
client_send(client);
|
|
|
|
|
}
|
|
|
|
|
|
2006-01-04 05:06:10 +00:00
|
|
|
#if NS_CLIENT_DROPPORT
|
|
|
|
|
#define DROPPORT_NO 0
|
|
|
|
|
#define DROPPORT_REQUEST 1
|
|
|
|
|
#define DROPPORT_RESPONSE 2
|
|
|
|
|
/*%
|
|
|
|
|
* ns_client_dropport determines if certain requests / responses
|
|
|
|
|
* should be dropped based on the port number.
|
|
|
|
|
*
|
|
|
|
|
* Returns:
|
|
|
|
|
* \li 0: Don't drop.
|
|
|
|
|
* \li 1: Drop request.
|
|
|
|
|
* \li 2: Drop (error) response.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
ns_client_dropport(in_port_t port) {
|
|
|
|
|
switch (port) {
|
|
|
|
|
case 7: /* echo */
|
|
|
|
|
case 13: /* daytime */
|
|
|
|
|
case 19: /* chargen */
|
|
|
|
|
case 37: /* time */
|
|
|
|
|
return (DROPPORT_REQUEST);
|
|
|
|
|
case 464: /* kpasswd */
|
|
|
|
|
return (DROPPORT_RESPONSE);
|
|
|
|
|
}
|
|
|
|
|
return (DROPPORT_NO);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
void
|
|
|
|
|
ns_client_error(ns_client_t *client, isc_result_t result) {
|
|
|
|
|
dns_rcode_t rcode;
|
1999-08-03 01:21:00 +00:00
|
|
|
dns_message_t *message;
|
1999-07-24 01:17:44 +00:00
|
|
|
|
|
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
|
|
|
|
|
CTRACE("error");
|
|
|
|
|
|
1999-08-03 01:21:00 +00:00
|
|
|
message = client->message;
|
2019-04-22 17:19:23 -07:00
|
|
|
|
|
|
|
|
if (client->rcode_override == -1) {
|
|
|
|
|
rcode = dns_result_torcode(result);
|
|
|
|
|
} else {
|
|
|
|
|
rcode = (dns_rcode_t)(client->rcode_override & 0xfff);
|
|
|
|
|
}
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2006-01-04 05:06:10 +00:00
|
|
|
#if NS_CLIENT_DROPPORT
|
|
|
|
|
/*
|
|
|
|
|
* Don't send FORMERR to ports on the drop port list.
|
|
|
|
|
*/
|
|
|
|
|
if (rcode == dns_rcode_formerr &&
|
|
|
|
|
ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) !=
|
2019-04-22 17:19:23 -07:00
|
|
|
DROPPORT_NO)
|
|
|
|
|
{
|
2006-01-04 05:06:10 +00:00
|
|
|
char buf[64];
|
|
|
|
|
isc_buffer_t b;
|
|
|
|
|
|
|
|
|
|
isc_buffer_init(&b, buf, sizeof(buf) - 1);
|
2019-04-22 17:19:23 -07:00
|
|
|
if (dns_rcode_totext(rcode, &b) != ISC_R_SUCCESS) {
|
2006-01-04 05:06:10 +00:00
|
|
|
isc_buffer_putstr(&b, "UNKNOWN RCODE");
|
2019-04-22 17:19:23 -07:00
|
|
|
}
|
2006-01-04 05:06:10 +00:00
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
|
|
|
|
|
"dropped error (%.*s) response: suspicious port",
|
|
|
|
|
(int)isc_buffer_usedlength(&b), buf);
|
|
|
|
|
ns_client_next(client, ISC_R_SUCCESS);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-02-25 10:49:30 -08:00
|
|
|
/*
|
|
|
|
|
* Try to rate limit error responses.
|
|
|
|
|
*/
|
|
|
|
|
if (client->view != NULL && client->view->rrl != NULL) {
|
2018-04-17 08:29:14 -07:00
|
|
|
bool wouldlog;
|
2013-02-25 10:49:30 -08:00
|
|
|
char log_buf[DNS_RRL_LOG_BUF_LEN];
|
|
|
|
|
dns_rrl_result_t rrl_result;
|
2015-02-25 16:44:43 -08:00
|
|
|
int loglevel;
|
2013-02-25 10:49:30 -08:00
|
|
|
|
|
|
|
|
INSIST(rcode != dns_rcode_noerror &&
|
|
|
|
|
rcode != dns_rcode_nxdomain);
|
2019-04-22 17:19:23 -07:00
|
|
|
if ((client->sctx->options & NS_SERVER_LOGQUERIES) != 0) {
|
2015-02-25 16:44:43 -08:00
|
|
|
loglevel = DNS_RRL_LOG_DROP;
|
2019-04-22 17:19:23 -07:00
|
|
|
} else {
|
2015-02-25 16:44:43 -08:00
|
|
|
loglevel = ISC_LOG_DEBUG(1);
|
2019-04-22 17:19:23 -07:00
|
|
|
}
|
2017-09-08 13:39:09 -07:00
|
|
|
wouldlog = isc_log_wouldlog(ns_lctx, loglevel);
|
2013-02-25 10:49:30 -08:00
|
|
|
rrl_result = dns_rrl(client->view, &client->peeraddr,
|
|
|
|
|
TCP_CLIENT(client),
|
|
|
|
|
dns_rdataclass_in, dns_rdatatype_none,
|
|
|
|
|
NULL, result, client->now,
|
|
|
|
|
wouldlog, log_buf, sizeof(log_buf));
|
|
|
|
|
if (rrl_result != DNS_RRL_RESULT_OK) {
|
|
|
|
|
/*
|
|
|
|
|
* Log dropped errors in the query category
|
|
|
|
|
* so that they are not lost in silence.
|
|
|
|
|
* Starts of rate-limited bursts are logged in
|
|
|
|
|
* NS_LOGCATEGORY_RRL.
|
|
|
|
|
*/
|
|
|
|
|
if (wouldlog) {
|
2013-05-21 12:20:54 -07:00
|
|
|
ns_client_log(client,
|
2015-09-29 15:02:49 +10:00
|
|
|
NS_LOGCATEGORY_QUERY_ERRORS,
|
2013-02-25 10:49:30 -08:00
|
|
|
NS_LOGMODULE_CLIENT,
|
2015-02-25 16:44:43 -08:00
|
|
|
loglevel,
|
2013-02-25 10:49:30 -08:00
|
|
|
"%s", log_buf);
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* Some error responses cannot be 'slipped',
|
2013-04-25 14:40:32 -07:00
|
|
|
* so don't try to slip any error responses.
|
2013-02-25 10:49:30 -08:00
|
|
|
*/
|
|
|
|
|
if (!client->view->rrl->log_only) {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_ratedropped);
|
|
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_dropped);
|
2013-02-25 10:49:30 -08:00
|
|
|
ns_client_next(client, DNS_R_DROP);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
1999-07-28 02:20:36 +00:00
|
|
|
/*
|
2000-06-22 23:04:27 +00:00
|
|
|
* Message may be an in-progress reply that we had trouble
|
1999-07-28 02:20:36 +00:00
|
|
|
* with, in which case QR will be set. We need to clear QR before
|
|
|
|
|
* calling dns_message_reply() to avoid triggering an assertion.
|
|
|
|
|
*/
|
1999-08-03 01:21:00 +00:00
|
|
|
message->flags &= ~DNS_MESSAGEFLAG_QR;
|
1999-10-07 19:43:18 +00:00
|
|
|
/*
|
|
|
|
|
* AA and AD shouldn't be set.
|
|
|
|
|
*/
|
|
|
|
|
message->flags &= ~(DNS_MESSAGEFLAG_AA | DNS_MESSAGEFLAG_AD);
|
2018-04-17 08:29:14 -07:00
|
|
|
result = dns_message_reply(message, true);
|
1999-07-24 01:17:44 +00:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
1999-08-03 01:21:00 +00:00
|
|
|
/*
|
|
|
|
|
* It could be that we've got a query with a good header,
|
|
|
|
|
* but a bad question section, so we try again with
|
2018-04-17 08:29:14 -07:00
|
|
|
* want_question_section set to false.
|
1999-08-03 01:21:00 +00:00
|
|
|
*/
|
2018-04-17 08:29:14 -07:00
|
|
|
result = dns_message_reply(message, false);
|
1999-08-03 01:21:00 +00:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
ns_client_next(client, result);
|
|
|
|
|
return;
|
|
|
|
|
}
|
1999-07-24 01:17:44 +00:00
|
|
|
}
|
1999-08-03 01:21:00 +00:00
|
|
|
message->rcode = rcode;
|
2001-03-19 20:52:21 +00:00
|
|
|
|
|
|
|
|
if (rcode == dns_rcode_formerr) {
|
2014-09-03 23:28:14 -07:00
|
|
|
/*
|
|
|
|
|
* FORMERR loop avoidance: If we sent a FORMERR message
|
|
|
|
|
* with the same ID to the same client less than two
|
|
|
|
|
* seconds ago, assume that we are in an infinite error
|
|
|
|
|
* packet dialog with a server for some protocol whose
|
|
|
|
|
* error responses look enough like DNS queries to
|
|
|
|
|
* elicit a FORMERR response. Drop a packet to break
|
|
|
|
|
* the loop.
|
|
|
|
|
*/
|
2001-03-19 20:52:21 +00:00
|
|
|
if (isc_sockaddr_equal(&client->peeraddr,
|
|
|
|
|
&client->formerrcache.addr) &&
|
|
|
|
|
message->id == client->formerrcache.id &&
|
2015-10-02 12:32:42 -07:00
|
|
|
(isc_time_seconds(&client->requesttime) -
|
|
|
|
|
client->formerrcache.time) < 2)
|
|
|
|
|
{
|
2001-03-19 20:52:21 +00:00
|
|
|
/* Drop packet. */
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
|
|
|
|
|
"possible error packet loop, "
|
|
|
|
|
"FORMERR dropped");
|
|
|
|
|
ns_client_next(client, result);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
client->formerrcache.addr = client->peeraddr;
|
2015-10-02 12:32:42 -07:00
|
|
|
client->formerrcache.time =
|
|
|
|
|
isc_time_seconds(&client->requesttime);
|
2001-03-19 20:52:21 +00:00
|
|
|
client->formerrcache.id = message->id;
|
2014-10-01 07:24:16 +10:00
|
|
|
} else if (rcode == dns_rcode_servfail && client->query.qname != NULL &&
|
2014-09-03 23:28:14 -07:00
|
|
|
client->view != NULL && client->view->fail_ttl != 0 &&
|
|
|
|
|
((client->attributes & NS_CLIENTATTR_NOSETFC) == 0))
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* SERVFAIL caching: store qname/qtype of failed queries
|
|
|
|
|
*/
|
|
|
|
|
isc_time_t expire;
|
|
|
|
|
isc_interval_t i;
|
2018-03-28 14:19:37 +02:00
|
|
|
uint32_t flags = 0;
|
2014-09-03 23:28:14 -07:00
|
|
|
|
|
|
|
|
if ((message->flags & DNS_MESSAGEFLAG_CD) != 0)
|
|
|
|
|
flags = NS_FAILCACHE_CD;
|
|
|
|
|
|
|
|
|
|
isc_interval_set(&i, client->view->fail_ttl, 0);
|
|
|
|
|
result = isc_time_nowplusinterval(&expire, &i);
|
2019-04-22 17:19:23 -07:00
|
|
|
if (result == ISC_R_SUCCESS) {
|
2014-09-03 23:28:14 -07:00
|
|
|
dns_badcache_add(client->view->failcache,
|
|
|
|
|
client->query.qname,
|
|
|
|
|
client->query.qtype,
|
2018-04-17 08:29:14 -07:00
|
|
|
true, flags, &expire);
|
2019-04-22 17:19:23 -07:00
|
|
|
}
|
2001-03-19 20:52:21 +00:00
|
|
|
}
|
2019-04-22 17:19:23 -07:00
|
|
|
|
1999-07-28 02:20:36 +00:00
|
|
|
ns_client_send(client);
|
1999-07-24 01:17:44 +00:00
|
|
|
}
|
|
|
|
|
|
2014-02-20 17:51:31 +11:00
|
|
|
isc_result_t
|
|
|
|
|
ns_client_addopt(ns_client_t *client, dns_message_t *message,
|
|
|
|
|
dns_rdataset_t **opt)
|
|
|
|
|
{
|
2014-08-28 22:05:57 -07:00
|
|
|
unsigned char ecs[ECS_SIZE];
|
2013-08-15 12:01:12 +10:00
|
|
|
char nsid[BUFSIZ], *nsidp;
|
2015-07-06 09:44:24 +10:00
|
|
|
unsigned char cookie[COOKIE_SIZE];
|
1999-09-02 01:52:31 +00:00
|
|
|
isc_result_t result;
|
2003-02-26 02:04:00 +00:00
|
|
|
dns_view_t *view;
|
|
|
|
|
dns_resolver_t *resolver;
|
2018-03-28 14:19:37 +02:00
|
|
|
uint16_t udpsize;
|
2014-02-20 14:00:54 +11:00
|
|
|
dns_ednsopt_t ednsopts[DNS_EDNSOPTIONS];
|
2013-08-15 12:01:12 +10:00
|
|
|
int count = 0;
|
|
|
|
|
unsigned int flags;
|
2014-02-20 14:56:20 +11:00
|
|
|
unsigned char expire[4];
|
2017-01-04 09:16:30 -08:00
|
|
|
unsigned char advtimo[2];
|
2017-09-08 13:39:09 -07:00
|
|
|
dns_aclenv_t *env = ns_interfacemgr_getaclenv(client->interface->mgr);
|
1999-09-02 01:52:31 +00:00
|
|
|
|
2014-02-20 17:51:31 +11:00
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
REQUIRE(opt != NULL && *opt == NULL);
|
|
|
|
|
REQUIRE(message != NULL);
|
1999-09-02 01:52:31 +00:00
|
|
|
|
2003-02-26 02:04:00 +00:00
|
|
|
view = client->view;
|
|
|
|
|
resolver = (view != NULL) ? view->resolver : NULL;
|
|
|
|
|
if (resolver != NULL)
|
|
|
|
|
udpsize = dns_resolver_getudpsize(resolver);
|
|
|
|
|
else
|
2017-09-08 13:39:09 -07:00
|
|
|
udpsize = client->sctx->udpsize;
|
1999-09-02 01:52:31 +00:00
|
|
|
|
2013-08-15 12:01:12 +10:00
|
|
|
flags = client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE;
|
1999-09-02 01:52:31 +00:00
|
|
|
|
2008-04-03 02:01:08 +00:00
|
|
|
/* Set EDNS options if applicable */
|
2017-09-08 13:39:09 -07:00
|
|
|
if (WANTNSID(client)) {
|
|
|
|
|
if (client->sctx->server_id != NULL) {
|
|
|
|
|
nsidp = client->sctx->server_id;
|
|
|
|
|
} else if (client->sctx->gethostname != NULL) {
|
|
|
|
|
result = client->sctx->gethostname(nsid, sizeof(nsid));
|
2008-04-03 02:01:08 +00:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
goto no_nsid;
|
|
|
|
|
}
|
2008-11-16 20:57:55 +00:00
|
|
|
nsidp = nsid;
|
2017-09-08 13:39:09 -07:00
|
|
|
} else {
|
|
|
|
|
goto no_nsid;
|
|
|
|
|
}
|
2008-04-03 02:01:08 +00:00
|
|
|
|
2014-02-20 14:00:54 +11:00
|
|
|
INSIST(count < DNS_EDNSOPTIONS);
|
2013-08-15 12:01:12 +10:00
|
|
|
ednsopts[count].code = DNS_OPT_NSID;
|
2018-03-28 14:19:37 +02:00
|
|
|
ednsopts[count].length = (uint16_t)strlen(nsidp);
|
2013-08-15 12:01:12 +10:00
|
|
|
ednsopts[count].value = (unsigned char *)nsidp;
|
|
|
|
|
count++;
|
2008-04-03 02:01:08 +00:00
|
|
|
}
|
2013-08-15 12:01:12 +10:00
|
|
|
no_nsid:
|
2015-07-06 09:44:24 +10:00
|
|
|
if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) {
|
2014-02-19 12:53:42 +11:00
|
|
|
isc_buffer_t buf;
|
|
|
|
|
isc_stdtime_t now;
|
2018-03-28 14:19:37 +02:00
|
|
|
uint32_t nonce;
|
2014-02-19 12:53:42 +11:00
|
|
|
|
2015-07-06 09:44:24 +10:00
|
|
|
isc_buffer_init(&buf, cookie, sizeof(cookie));
|
2014-02-19 12:53:42 +11:00
|
|
|
isc_stdtime_get(&now);
|
2017-09-28 10:09:22 -07:00
|
|
|
|
2018-10-12 11:59:33 +00:00
|
|
|
isc_random_buf(&nonce, sizeof(nonce));
|
2014-02-19 12:53:42 +11:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
compute_cookie(client, now, nonce, client->sctx->secret, &buf);
|
2014-02-19 12:53:42 +11:00
|
|
|
|
2014-02-20 14:00:54 +11:00
|
|
|
INSIST(count < DNS_EDNSOPTIONS);
|
2015-07-06 09:44:24 +10:00
|
|
|
ednsopts[count].code = DNS_OPT_COOKIE;
|
|
|
|
|
ednsopts[count].length = COOKIE_SIZE;
|
|
|
|
|
ednsopts[count].value = cookie;
|
2014-02-19 12:53:42 +11:00
|
|
|
count++;
|
|
|
|
|
}
|
2014-02-20 14:56:20 +11:00
|
|
|
if ((client->attributes & NS_CLIENTATTR_HAVEEXPIRE) != 0) {
|
|
|
|
|
isc_buffer_t buf;
|
|
|
|
|
|
|
|
|
|
INSIST(count < DNS_EDNSOPTIONS);
|
|
|
|
|
|
|
|
|
|
isc_buffer_init(&buf, expire, sizeof(expire));
|
|
|
|
|
isc_buffer_putuint32(&buf, client->expire);
|
|
|
|
|
ednsopts[count].code = DNS_OPT_EXPIRE;
|
|
|
|
|
ednsopts[count].length = 4;
|
|
|
|
|
ednsopts[count].value = expire;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
2014-08-28 22:05:57 -07:00
|
|
|
if (((client->attributes & NS_CLIENTATTR_HAVEECS) != 0) &&
|
2017-02-02 11:54:28 -08:00
|
|
|
(client->ecs.addr.family == AF_INET ||
|
|
|
|
|
client->ecs.addr.family == AF_INET6 ||
|
|
|
|
|
client->ecs.addr.family == AF_UNSPEC))
|
2014-08-28 22:05:57 -07:00
|
|
|
{
|
|
|
|
|
isc_buffer_t buf;
|
2018-03-28 14:19:37 +02:00
|
|
|
uint8_t addr[16];
|
|
|
|
|
uint32_t plen, addrl;
|
2018-06-04 13:41:09 +02:00
|
|
|
uint16_t family = 0;
|
2016-09-14 08:22:15 +10:00
|
|
|
|
|
|
|
|
/* Add CLIENT-SUBNET option. */
|
|
|
|
|
|
2017-02-02 11:54:28 -08:00
|
|
|
plen = client->ecs.source;
|
2016-09-14 08:22:15 +10:00
|
|
|
|
|
|
|
|
/* Round up prefix len to a multiple of 8 */
|
|
|
|
|
addrl = (plen + 7) / 8;
|
|
|
|
|
|
2017-02-02 11:54:28 -08:00
|
|
|
switch (client->ecs.addr.family) {
|
2016-09-14 08:22:15 +10:00
|
|
|
case AF_UNSPEC:
|
|
|
|
|
INSIST(plen == 0);
|
|
|
|
|
family = 0;
|
|
|
|
|
break;
|
|
|
|
|
case AF_INET:
|
|
|
|
|
INSIST(plen <= 32);
|
|
|
|
|
family = 1;
|
2017-02-02 11:54:28 -08:00
|
|
|
memmove(addr, &client->ecs.addr.type, addrl);
|
2016-09-14 08:22:15 +10:00
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
|
|
|
|
INSIST(plen <= 128);
|
|
|
|
|
family = 2;
|
2017-02-02 11:54:28 -08:00
|
|
|
memmove(addr, &client->ecs.addr.type, addrl);
|
2016-09-14 08:22:15 +10:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
INSIST(0);
|
2018-11-07 15:00:07 +07:00
|
|
|
ISC_UNREACHABLE();
|
2016-09-14 08:22:15 +10:00
|
|
|
}
|
2014-08-28 22:05:57 -07:00
|
|
|
|
|
|
|
|
isc_buffer_init(&buf, ecs, sizeof(ecs));
|
2016-09-14 08:22:15 +10:00
|
|
|
/* family */
|
|
|
|
|
isc_buffer_putuint16(&buf, family);
|
|
|
|
|
/* source prefix-length */
|
2017-02-02 11:54:28 -08:00
|
|
|
isc_buffer_putuint8(&buf, client->ecs.source);
|
2016-09-14 08:22:15 +10:00
|
|
|
/* scope prefix-length */
|
2017-02-02 11:54:28 -08:00
|
|
|
isc_buffer_putuint8(&buf, client->ecs.scope);
|
2014-08-28 22:05:57 -07:00
|
|
|
|
2016-09-14 08:22:15 +10:00
|
|
|
/* address */
|
|
|
|
|
if (addrl > 0) {
|
|
|
|
|
/* Mask off last address byte */
|
|
|
|
|
if ((plen % 8) != 0)
|
|
|
|
|
addr[addrl - 1] &=
|
|
|
|
|
~0U << (8 - (plen % 8));
|
|
|
|
|
isc_buffer_putmem(&buf, addr,
|
|
|
|
|
(unsigned) addrl);
|
2014-08-28 22:05:57 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ednsopts[count].code = DNS_OPT_CLIENT_SUBNET;
|
2016-09-14 08:22:15 +10:00
|
|
|
ednsopts[count].length = addrl + 4;
|
2014-08-28 22:05:57 -07:00
|
|
|
ednsopts[count].value = ecs;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
2017-01-04 09:16:30 -08:00
|
|
|
if (TCP_CLIENT(client) && USEKEEPALIVE(client)) {
|
|
|
|
|
isc_buffer_t buf;
|
|
|
|
|
|
|
|
|
|
INSIST(count < DNS_EDNSOPTIONS);
|
|
|
|
|
|
|
|
|
|
isc_buffer_init(&buf, advtimo, sizeof(advtimo));
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_buffer_putuint16(&buf,
|
2018-03-28 14:19:37 +02:00
|
|
|
(uint16_t) client->sctx->advertisedtimo);
|
2017-01-04 09:16:30 -08:00
|
|
|
ednsopts[count].code = DNS_OPT_TCP_KEEPALIVE;
|
|
|
|
|
ednsopts[count].length = 2;
|
|
|
|
|
ednsopts[count].value = advtimo;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Padding must be added last */
|
|
|
|
|
if ((view != NULL) && (view->padding > 0) && WANTPAD(client) &&
|
|
|
|
|
(TCP_CLIENT(client) ||
|
|
|
|
|
((client->attributes & NS_CLIENTATTR_HAVECOOKIE) != 0)))
|
|
|
|
|
{
|
|
|
|
|
isc_netaddr_t netaddr;
|
|
|
|
|
int match;
|
|
|
|
|
|
|
|
|
|
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
|
2018-04-26 20:57:41 -07:00
|
|
|
result = dns_acl_match(&netaddr, NULL, view->pad_acl,
|
|
|
|
|
env, &match, NULL);
|
2017-01-04 09:16:30 -08:00
|
|
|
if (result == ISC_R_SUCCESS && match > 0) {
|
|
|
|
|
INSIST(count < DNS_EDNSOPTIONS);
|
|
|
|
|
|
|
|
|
|
ednsopts[count].code = DNS_OPT_PAD;
|
|
|
|
|
ednsopts[count].length = 0;
|
|
|
|
|
ednsopts[count].value = NULL;
|
|
|
|
|
count++;
|
|
|
|
|
|
|
|
|
|
dns_message_setpadding(message, view->padding);
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-02-19 12:53:42 +11:00
|
|
|
|
2014-02-20 17:51:31 +11:00
|
|
|
result = dns_message_buildopt(message, opt, 0, udpsize, flags,
|
|
|
|
|
ednsopts, count);
|
2013-08-15 12:01:12 +10:00
|
|
|
return (result);
|
1999-09-02 01:52:31 +00:00
|
|
|
}
|
|
|
|
|
|
2014-02-19 12:53:42 +11:00
|
|
|
static void
|
2018-03-28 14:19:37 +02:00
|
|
|
compute_cookie(ns_client_t *client, uint32_t when, uint32_t nonce,
|
2017-09-05 09:19:45 +10:00
|
|
|
const unsigned char *secret, isc_buffer_t *buf)
|
2014-02-19 12:53:42 +11:00
|
|
|
{
|
2017-09-08 13:39:09 -07:00
|
|
|
switch (client->sctx->cookiealg) {
|
2015-07-06 09:44:24 +10:00
|
|
|
case ns_cookiealg_aes: {
|
|
|
|
|
unsigned char digest[ISC_AES_BLOCK_LENGTH];
|
|
|
|
|
unsigned char input[4 + 4 + 16];
|
|
|
|
|
isc_netaddr_t netaddr;
|
|
|
|
|
unsigned char *cp;
|
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
|
|
memset(input, 0, sizeof(input));
|
|
|
|
|
cp = isc_buffer_used(buf);
|
|
|
|
|
isc_buffer_putmem(buf, client->cookie, 8);
|
|
|
|
|
isc_buffer_putuint32(buf, nonce);
|
|
|
|
|
isc_buffer_putuint32(buf, when);
|
|
|
|
|
memmove(input, cp, 16);
|
2017-09-05 09:19:45 +10:00
|
|
|
isc_aes128_crypt(secret, input, digest);
|
2014-02-19 12:53:42 +11:00
|
|
|
for (i = 0; i < 8; i++)
|
2015-07-06 09:44:24 +10:00
|
|
|
input[i] = digest[i] ^ digest[i + 8];
|
|
|
|
|
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
|
|
|
|
|
switch (netaddr.family) {
|
|
|
|
|
case AF_INET:
|
|
|
|
|
cp = (unsigned char *)&netaddr.type.in;
|
|
|
|
|
memmove(input + 8, cp, 4);
|
|
|
|
|
memset(input + 12, 0, 4);
|
2017-09-05 09:19:45 +10:00
|
|
|
isc_aes128_crypt(secret, input, digest);
|
2015-07-06 09:44:24 +10:00
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
|
|
|
|
cp = (unsigned char *)&netaddr.type.in6;
|
|
|
|
|
memmove(input + 8, cp, 16);
|
2017-09-05 09:19:45 +10:00
|
|
|
isc_aes128_crypt(secret, input, digest);
|
2015-07-06 09:44:24 +10:00
|
|
|
for (i = 0; i < 8; i++)
|
|
|
|
|
input[i + 8] = digest[i] ^ digest[i + 8];
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_aes128_crypt(client->sctx->secret, input + 8,
|
2015-07-06 09:44:24 +10:00
|
|
|
digest);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
for (i = 0; i < 8; i++)
|
|
|
|
|
digest[i] ^= digest[i + 8];
|
|
|
|
|
isc_buffer_putmem(buf, digest, 8);
|
2014-02-19 12:53:42 +11:00
|
|
|
break;
|
|
|
|
|
}
|
2015-07-06 09:44:24 +10:00
|
|
|
|
2018-03-20 17:20:50 +00:00
|
|
|
case ns_cookiealg_sha1:
|
|
|
|
|
case ns_cookiealg_sha256: {
|
|
|
|
|
unsigned char digest[ISC_MAX_MD_SIZE];
|
|
|
|
|
unsigned char input[8 + 4 + 4 + 16];
|
2015-07-06 09:44:24 +10:00
|
|
|
isc_netaddr_t netaddr;
|
|
|
|
|
unsigned char *cp;
|
2018-03-20 17:20:50 +00:00
|
|
|
unsigned int length = 0;
|
|
|
|
|
isc_md_type_t md_type =
|
|
|
|
|
(client->sctx->cookiealg == ns_cookiealg_sha1)
|
|
|
|
|
? ISC_MD_SHA1
|
|
|
|
|
: ISC_MD_SHA256;
|
|
|
|
|
unsigned int secret_len = isc_md_type_get_size(md_type);
|
2015-07-06 09:44:24 +10:00
|
|
|
|
|
|
|
|
cp = isc_buffer_used(buf);
|
|
|
|
|
isc_buffer_putmem(buf, client->cookie, 8);
|
|
|
|
|
isc_buffer_putuint32(buf, nonce);
|
|
|
|
|
isc_buffer_putuint32(buf, when);
|
2018-03-20 17:20:50 +00:00
|
|
|
memmove(input, cp, 16);
|
2015-07-06 09:44:24 +10:00
|
|
|
|
|
|
|
|
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
|
|
|
|
|
switch (netaddr.family) {
|
|
|
|
|
case AF_INET:
|
2018-03-20 17:20:50 +00:00
|
|
|
memmove(input + 16,
|
|
|
|
|
(unsigned char *)&netaddr.type.in, 4);
|
|
|
|
|
length = 16 + 4;
|
2015-07-06 09:44:24 +10:00
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
2018-03-20 17:20:50 +00:00
|
|
|
memmove(input + 16,
|
|
|
|
|
(unsigned char *)&netaddr.type.in6, 16);
|
|
|
|
|
length = 16 + 16;
|
2015-07-06 09:44:24 +10:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
INSIST(0);
|
2018-11-07 15:00:07 +07:00
|
|
|
ISC_UNREACHABLE();
|
2015-07-06 09:44:24 +10:00
|
|
|
}
|
|
|
|
|
|
2018-03-20 17:20:50 +00:00
|
|
|
/*
|
|
|
|
|
* XXXOND: Feels wrong to assert on cookie calculation failure
|
|
|
|
|
*/
|
|
|
|
|
RUNTIME_CHECK(isc_hmac(md_type, secret, secret_len,
|
|
|
|
|
input, length,
|
|
|
|
|
digest, NULL) == ISC_R_SUCCESS);
|
2015-07-06 09:44:24 +10:00
|
|
|
|
|
|
|
|
isc_buffer_putmem(buf, digest, 8);
|
2014-02-19 12:53:42 +11:00
|
|
|
break;
|
|
|
|
|
}
|
2018-03-20 17:20:50 +00:00
|
|
|
|
2015-07-06 09:44:24 +10:00
|
|
|
default:
|
|
|
|
|
INSIST(0);
|
2018-11-07 15:00:07 +07:00
|
|
|
ISC_UNREACHABLE();
|
2015-07-06 09:44:24 +10:00
|
|
|
}
|
2014-02-19 12:53:42 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2015-07-06 09:44:24 +10:00
|
|
|
process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
|
2017-09-05 09:19:45 +10:00
|
|
|
ns_altsecret_t *altsecret;
|
2015-07-06 09:44:24 +10:00
|
|
|
unsigned char dbuf[COOKIE_SIZE];
|
2014-02-19 12:53:42 +11:00
|
|
|
unsigned char *old;
|
|
|
|
|
isc_stdtime_t now;
|
2018-03-28 14:19:37 +02:00
|
|
|
uint32_t when;
|
|
|
|
|
uint32_t nonce;
|
2014-02-19 12:53:42 +11:00
|
|
|
isc_buffer_t db;
|
|
|
|
|
|
2015-07-06 09:44:24 +10:00
|
|
|
/*
|
|
|
|
|
* If we have already seen a cookie option skip this cookie option.
|
|
|
|
|
*/
|
2018-03-19 18:09:05 +05:30
|
|
|
if ((!client->sctx->answercookie) ||
|
|
|
|
|
(client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0)
|
|
|
|
|
{
|
2015-07-06 09:44:24 +10:00
|
|
|
isc_buffer_forward(buf, (unsigned int)optlen);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2014-02-19 12:53:42 +11:00
|
|
|
|
2015-07-06 09:44:24 +10:00
|
|
|
client->attributes |= NS_CLIENTATTR_WANTCOOKIE;
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats, ns_statscounter_cookiein);
|
2014-02-19 12:53:42 +11:00
|
|
|
|
2015-07-06 09:44:24 +10:00
|
|
|
if (optlen != COOKIE_SIZE) {
|
2014-02-19 12:53:42 +11:00
|
|
|
/*
|
|
|
|
|
* Not our token.
|
|
|
|
|
*/
|
2015-07-06 09:44:24 +10:00
|
|
|
INSIST(optlen >= 8U);
|
|
|
|
|
memmove(client->cookie, isc_buffer_current(buf), 8);
|
2014-02-19 23:17:52 +01:00
|
|
|
isc_buffer_forward(buf, (unsigned int)optlen);
|
2014-02-19 12:53:42 +11:00
|
|
|
|
2014-03-16 11:14:26 +11:00
|
|
|
if (optlen == 8U)
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_cookienew);
|
2014-02-19 12:53:42 +11:00
|
|
|
else
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_cookiebadsize);
|
2014-02-19 12:53:42 +11:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Process all of the incoming buffer.
|
|
|
|
|
*/
|
|
|
|
|
old = isc_buffer_current(buf);
|
2014-02-24 09:29:49 +11:00
|
|
|
memmove(client->cookie, old, 8);
|
2014-02-19 12:53:42 +11:00
|
|
|
isc_buffer_forward(buf, 8);
|
|
|
|
|
nonce = isc_buffer_getuint32(buf);
|
|
|
|
|
when = isc_buffer_getuint32(buf);
|
|
|
|
|
isc_buffer_forward(buf, 8);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Allow for a 5 minute clock skew between servers sharing a secret.
|
2015-07-06 09:44:24 +10:00
|
|
|
* Only accept COOKIE if we have talked to the client in the last hour.
|
2014-02-19 12:53:42 +11:00
|
|
|
*/
|
|
|
|
|
isc_stdtime_get(&now);
|
|
|
|
|
if (isc_serial_gt(when, (now + 300)) || /* In the future. */
|
|
|
|
|
isc_serial_lt(when, (now - 3600))) { /* In the past. */
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_cookiebadtime);
|
2014-02-19 12:53:42 +11:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_buffer_init(&db, dbuf, sizeof(dbuf));
|
2017-09-08 13:39:09 -07:00
|
|
|
compute_cookie(client, when, nonce, client->sctx->secret, &db);
|
2014-02-19 12:53:42 +11:00
|
|
|
|
2017-09-05 09:19:45 +10:00
|
|
|
if (isc_safe_memequal(old, dbuf, COOKIE_SIZE)) {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_cookiematch);
|
2017-09-05 09:19:45 +10:00
|
|
|
client->attributes |= NS_CLIENTATTR_HAVECOOKIE;
|
2014-02-19 12:53:42 +11:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
for (altsecret = ISC_LIST_HEAD(client->sctx->altsecrets);
|
2017-09-05 09:19:45 +10:00
|
|
|
altsecret != NULL;
|
|
|
|
|
altsecret = ISC_LIST_NEXT(altsecret, link))
|
|
|
|
|
{
|
|
|
|
|
isc_buffer_init(&db, dbuf, sizeof(dbuf));
|
|
|
|
|
compute_cookie(client, when, nonce, altsecret->secret, &db);
|
|
|
|
|
if (isc_safe_memequal(old, dbuf, COOKIE_SIZE)) {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_cookiematch);
|
2017-09-05 09:19:45 +10:00
|
|
|
client->attributes |= NS_CLIENTATTR_HAVECOOKIE;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_cookienomatch);
|
2014-02-19 12:53:42 +11:00
|
|
|
}
|
|
|
|
|
|
2014-08-28 22:05:57 -07:00
|
|
|
static isc_result_t
|
|
|
|
|
process_ecs(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
|
2018-03-28 14:19:37 +02:00
|
|
|
uint16_t family;
|
|
|
|
|
uint8_t addrlen, addrbytes, scope, *paddr;
|
2014-08-28 22:05:57 -07:00
|
|
|
isc_netaddr_t caddr;
|
|
|
|
|
|
2016-02-27 11:23:50 +11:00
|
|
|
/*
|
|
|
|
|
* If we have already seen a ECS option skip this ECS option.
|
|
|
|
|
*/
|
|
|
|
|
if ((client->attributes & NS_CLIENTATTR_HAVEECS) != 0) {
|
2016-05-17 17:22:51 +10:00
|
|
|
isc_buffer_forward(buf, (unsigned int)optlen);
|
2016-02-27 11:23:50 +11:00
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-06 12:52:37 +10:00
|
|
|
/*
|
|
|
|
|
* XXXMUKS: Is there any need to repeat these checks here
|
|
|
|
|
* (except query's scope length) when they are done in the OPT
|
|
|
|
|
* RDATA fromwire code?
|
|
|
|
|
*/
|
|
|
|
|
|
2014-09-16 23:46:37 +10:00
|
|
|
if (optlen < 4U) {
|
2014-08-28 22:05:57 -07:00
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
|
2015-07-06 12:52:37 +10:00
|
|
|
"EDNS client-subnet option too short");
|
2014-08-28 22:05:57 -07:00
|
|
|
return (DNS_R_FORMERR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
family = isc_buffer_getuint16(buf);
|
|
|
|
|
addrlen = isc_buffer_getuint8(buf);
|
|
|
|
|
scope = isc_buffer_getuint8(buf);
|
|
|
|
|
optlen -= 4;
|
|
|
|
|
|
|
|
|
|
if (scope != 0U) {
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
|
2015-07-06 12:52:37 +10:00
|
|
|
"EDNS client-subnet option: invalid scope");
|
|
|
|
|
return (DNS_R_OPTERR);
|
2014-08-28 22:05:57 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset(&caddr, 0, sizeof(caddr));
|
|
|
|
|
switch (family) {
|
2016-03-23 08:54:46 -07:00
|
|
|
case 0:
|
|
|
|
|
/*
|
|
|
|
|
* XXXMUKS: In queries, if FAMILY is set to 0, SOURCE
|
|
|
|
|
* PREFIX-LENGTH must be 0 and ADDRESS should not be
|
|
|
|
|
* present as the address and prefix lengths don't make
|
|
|
|
|
* sense because the family is unknown.
|
|
|
|
|
*/
|
|
|
|
|
if (addrlen != 0U) {
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
|
|
|
|
|
"EDNS client-subnet option: invalid "
|
|
|
|
|
"address length (%u) for FAMILY=0",
|
|
|
|
|
addrlen);
|
|
|
|
|
return (DNS_R_OPTERR);
|
|
|
|
|
}
|
|
|
|
|
caddr.family = AF_UNSPEC;
|
|
|
|
|
break;
|
2014-08-28 22:05:57 -07:00
|
|
|
case 1:
|
2016-03-23 08:54:46 -07:00
|
|
|
if (addrlen > 32U) {
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
|
|
|
|
|
"EDNS client-subnet option: invalid "
|
|
|
|
|
"address length (%u) for IPv4",
|
|
|
|
|
addrlen);
|
|
|
|
|
return (DNS_R_OPTERR);
|
|
|
|
|
}
|
2014-08-28 22:05:57 -07:00
|
|
|
caddr.family = AF_INET;
|
|
|
|
|
break;
|
|
|
|
|
case 2:
|
|
|
|
|
if (addrlen > 128U) {
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
|
2015-07-06 12:52:37 +10:00
|
|
|
"EDNS client-subnet option: invalid "
|
2016-03-23 08:54:46 -07:00
|
|
|
"address length (%u) for IPv6",
|
|
|
|
|
addrlen);
|
2015-07-06 12:52:37 +10:00
|
|
|
return (DNS_R_OPTERR);
|
2014-08-28 22:05:57 -07:00
|
|
|
}
|
|
|
|
|
caddr.family = AF_INET6;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
|
2015-07-06 12:52:37 +10:00
|
|
|
"EDNS client-subnet option: invalid family");
|
|
|
|
|
return (DNS_R_OPTERR);
|
2014-08-28 22:05:57 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
addrbytes = (addrlen + 7) / 8;
|
|
|
|
|
if (isc_buffer_remaininglength(buf) < addrbytes) {
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
|
2015-07-06 12:52:37 +10:00
|
|
|
"EDNS client-subnet option: address too short");
|
|
|
|
|
return (DNS_R_OPTERR);
|
2014-08-28 22:05:57 -07:00
|
|
|
}
|
|
|
|
|
|
2018-03-28 14:19:37 +02:00
|
|
|
paddr = (uint8_t *) &caddr.type;
|
2016-03-23 08:54:46 -07:00
|
|
|
if (addrbytes != 0U) {
|
|
|
|
|
memmove(paddr, isc_buffer_current(buf), addrbytes);
|
|
|
|
|
isc_buffer_forward(buf, addrbytes);
|
|
|
|
|
optlen -= addrbytes;
|
|
|
|
|
|
|
|
|
|
if ((addrlen % 8) != 0) {
|
2018-03-28 14:19:37 +02:00
|
|
|
uint8_t bits = ~0U << (8 - (addrlen % 8));
|
2016-03-23 08:54:46 -07:00
|
|
|
bits &= paddr[addrbytes - 1];
|
|
|
|
|
if (bits != paddr[addrbytes - 1])
|
|
|
|
|
return (DNS_R_OPTERR);
|
|
|
|
|
}
|
2015-07-06 12:52:37 +10:00
|
|
|
}
|
|
|
|
|
|
2017-02-02 11:54:28 -08:00
|
|
|
memmove(&client->ecs.addr, &caddr, sizeof(caddr));
|
|
|
|
|
client->ecs.source = addrlen;
|
|
|
|
|
client->ecs.scope = 0;
|
2014-08-28 22:05:57 -07:00
|
|
|
client->attributes |= NS_CLIENTATTR_HAVEECS;
|
|
|
|
|
|
2015-04-17 11:39:26 +02:00
|
|
|
isc_buffer_forward(buf, (unsigned int)optlen);
|
2014-08-28 22:05:57 -07:00
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-06 13:01:14 +11:00
|
|
|
static isc_result_t
|
|
|
|
|
process_keytag(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
|
|
|
|
|
|
|
|
|
|
if (optlen == 0 || (optlen % 2) != 0) {
|
|
|
|
|
isc_buffer_forward(buf, (unsigned int)optlen);
|
|
|
|
|
return (DNS_R_OPTERR);
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-10 08:41:26 +11:00
|
|
|
/* Silently drop additional keytag options. */
|
|
|
|
|
if (client->keytag != NULL) {
|
|
|
|
|
isc_buffer_forward(buf, (unsigned int)optlen);
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-06 13:01:14 +11:00
|
|
|
client->keytag = isc_mem_get(client->mctx, optlen);
|
|
|
|
|
if (client->keytag != NULL) {
|
2018-03-28 14:19:37 +02:00
|
|
|
client->keytag_len = (uint16_t)optlen;
|
2017-10-06 13:01:14 +11:00
|
|
|
memmove(client->keytag, isc_buffer_current(buf), optlen);
|
|
|
|
|
}
|
|
|
|
|
isc_buffer_forward(buf, (unsigned int)optlen);
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-15 12:01:12 +10:00
|
|
|
static isc_result_t
|
|
|
|
|
process_opt(ns_client_t *client, dns_rdataset_t *opt) {
|
|
|
|
|
dns_rdata_t rdata;
|
|
|
|
|
isc_buffer_t optbuf;
|
|
|
|
|
isc_result_t result;
|
2018-03-28 14:19:37 +02:00
|
|
|
uint16_t optcode;
|
|
|
|
|
uint16_t optlen;
|
2013-08-15 12:01:12 +10:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set the client's UDP buffer size.
|
|
|
|
|
*/
|
|
|
|
|
client->udpsize = opt->rdclass;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If the requested UDP buffer size is less than 512,
|
|
|
|
|
* ignore it and use 512.
|
|
|
|
|
*/
|
|
|
|
|
if (client->udpsize < 512)
|
|
|
|
|
client->udpsize = 512;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get the flags out of the OPT record.
|
|
|
|
|
*/
|
2018-03-28 14:19:37 +02:00
|
|
|
client->extflags = (uint16_t)(opt->ttl & 0xFFFF);
|
2013-08-15 12:01:12 +10:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Do we understand this version of EDNS?
|
|
|
|
|
*
|
|
|
|
|
* XXXRTH need library support for this!
|
|
|
|
|
*/
|
|
|
|
|
client->ednsversion = (opt->ttl & 0x00FF0000) >> 16;
|
2014-09-10 15:31:40 +10:00
|
|
|
if (client->ednsversion > DNS_EDNS_VERSION) {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_badednsver);
|
2014-02-20 17:51:31 +11:00
|
|
|
result = ns_client_addopt(client, client->message,
|
|
|
|
|
&client->opt);
|
2013-08-15 12:01:12 +10:00
|
|
|
if (result == ISC_R_SUCCESS)
|
|
|
|
|
result = DNS_R_BADVERS;
|
|
|
|
|
ns_client_error(client, result);
|
2017-09-08 13:39:09 -07:00
|
|
|
return (result);
|
2013-08-15 12:01:12 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check for NSID request */
|
|
|
|
|
result = dns_rdataset_first(opt);
|
|
|
|
|
if (result == ISC_R_SUCCESS) {
|
|
|
|
|
dns_rdata_init(&rdata);
|
|
|
|
|
dns_rdataset_current(opt, &rdata);
|
|
|
|
|
isc_buffer_init(&optbuf, rdata.data, rdata.length);
|
|
|
|
|
isc_buffer_add(&optbuf, rdata.length);
|
|
|
|
|
while (isc_buffer_remaininglength(&optbuf) >= 4) {
|
|
|
|
|
optcode = isc_buffer_getuint16(&optbuf);
|
|
|
|
|
optlen = isc_buffer_getuint16(&optbuf);
|
|
|
|
|
switch (optcode) {
|
|
|
|
|
case DNS_OPT_NSID:
|
2016-02-27 11:23:50 +11:00
|
|
|
if (!WANTNSID(client))
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(
|
|
|
|
|
client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_nsidopt);
|
2013-08-15 12:01:12 +10:00
|
|
|
client->attributes |= NS_CLIENTATTR_WANTNSID;
|
|
|
|
|
isc_buffer_forward(&optbuf, optlen);
|
|
|
|
|
break;
|
2015-07-06 09:44:24 +10:00
|
|
|
case DNS_OPT_COOKIE:
|
|
|
|
|
process_cookie(client, &optbuf, optlen);
|
2014-02-19 12:53:42 +11:00
|
|
|
break;
|
2014-02-20 14:56:20 +11:00
|
|
|
case DNS_OPT_EXPIRE:
|
2016-02-27 11:23:50 +11:00
|
|
|
if (!WANTEXPIRE(client))
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(
|
|
|
|
|
client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_expireopt);
|
2014-02-20 14:56:20 +11:00
|
|
|
client->attributes |= NS_CLIENTATTR_WANTEXPIRE;
|
|
|
|
|
isc_buffer_forward(&optbuf, optlen);
|
|
|
|
|
break;
|
2014-08-28 22:05:57 -07:00
|
|
|
case DNS_OPT_CLIENT_SUBNET:
|
|
|
|
|
result = process_ecs(client, &optbuf, optlen);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
ns_client_error(client, result);
|
2017-09-08 13:39:09 -07:00
|
|
|
return (result);
|
2014-08-28 22:05:57 -07:00
|
|
|
}
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_ecsopt);
|
2014-08-28 22:05:57 -07:00
|
|
|
break;
|
2017-01-04 09:16:30 -08:00
|
|
|
case DNS_OPT_TCP_KEEPALIVE:
|
|
|
|
|
if (!USEKEEPALIVE(client))
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(
|
|
|
|
|
client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_keepaliveopt);
|
2017-01-04 09:16:30 -08:00
|
|
|
client->attributes |=
|
|
|
|
|
NS_CLIENTATTR_USEKEEPALIVE;
|
|
|
|
|
isc_buffer_forward(&optbuf, optlen);
|
|
|
|
|
break;
|
|
|
|
|
case DNS_OPT_PAD:
|
|
|
|
|
client->attributes |= NS_CLIENTATTR_WANTPAD;
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_padopt);
|
2017-01-04 09:16:30 -08:00
|
|
|
isc_buffer_forward(&optbuf, optlen);
|
|
|
|
|
break;
|
2017-10-06 13:01:14 +11:00
|
|
|
case DNS_OPT_KEY_TAG:
|
|
|
|
|
result = process_keytag(client, &optbuf,
|
|
|
|
|
optlen);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
ns_client_error(client, result);
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_keytagopt);
|
|
|
|
|
break;
|
2013-08-15 12:01:12 +10:00
|
|
|
default:
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_otheropt);
|
2013-08-15 12:01:12 +10:00
|
|
|
isc_buffer_forward(&optbuf, optlen);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats, ns_statscounter_edns0in);
|
2014-02-20 14:56:20 +11:00
|
|
|
client->attributes |= NS_CLIENTATTR_WANTOPT;
|
2013-08-15 12:01:12 +10:00
|
|
|
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2000-01-06 01:09:27 +00:00
|
|
|
/*
|
2001-01-27 02:08:07 +00:00
|
|
|
* Handle an incoming request event from the socket (UDP case)
|
2000-01-06 01:09:27 +00:00
|
|
|
* or tcpmsg (TCP case).
|
|
|
|
|
*/
|
2017-09-08 13:39:09 -07:00
|
|
|
void
|
|
|
|
|
ns__client_request(isc_task_t *task, isc_event_t *event) {
|
1999-07-24 01:17:44 +00:00
|
|
|
ns_client_t *client;
|
2001-01-27 02:08:07 +00:00
|
|
|
isc_socketevent_t *sevent;
|
1999-07-24 01:17:44 +00:00
|
|
|
isc_result_t result;
|
2001-12-06 04:38:51 +00:00
|
|
|
isc_result_t sigresult = ISC_R_SUCCESS;
|
1999-08-05 01:51:32 +00:00
|
|
|
isc_buffer_t *buffer;
|
2001-01-27 02:08:07 +00:00
|
|
|
isc_buffer_t tbuffer;
|
1999-09-02 01:52:31 +00:00
|
|
|
dns_rdataset_t *opt;
|
2016-12-30 15:45:08 +11:00
|
|
|
const dns_name_t *signame;
|
2018-04-17 08:29:14 -07:00
|
|
|
bool ra; /* Recursion available. */
|
2001-04-16 21:18:10 +00:00
|
|
|
isc_netaddr_t netaddr;
|
|
|
|
|
int match;
|
2001-05-09 23:13:03 +00:00
|
|
|
dns_messageid_t id;
|
|
|
|
|
unsigned int flags;
|
2018-04-17 08:29:14 -07:00
|
|
|
bool notimp;
|
2015-07-06 22:20:03 -07:00
|
|
|
size_t reqsize;
|
2018-02-05 20:24:14 +01:00
|
|
|
dns_aclenv_t *env;
|
2015-10-02 12:32:42 -07:00
|
|
|
#ifdef HAVE_DNSTAP
|
|
|
|
|
dns_dtmsgtype_t dtmsgtype;
|
|
|
|
|
#endif
|
1999-07-24 01:17:44 +00:00
|
|
|
|
1999-08-05 01:51:32 +00:00
|
|
|
REQUIRE(event != NULL);
|
2000-04-17 19:22:44 +00:00
|
|
|
client = event->ev_arg;
|
1999-07-24 01:17:44 +00:00
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
REQUIRE(task == client->task);
|
|
|
|
|
|
2000-01-15 00:36:26 +00:00
|
|
|
INSIST(client->recursionquota == NULL);
|
2000-01-27 01:00:16 +00:00
|
|
|
|
2012-10-23 22:04:06 -07:00
|
|
|
INSIST(client->state == (TCP_CLIENT(client) ?
|
2011-10-10 22:57:14 +00:00
|
|
|
NS_CLIENTSTATE_READING :
|
2012-10-23 22:04:06 -07:00
|
|
|
NS_CLIENTSTATE_READY));
|
2000-02-10 22:16:56 +00:00
|
|
|
|
2005-08-15 01:21:07 +00:00
|
|
|
ns_client_requests++;
|
|
|
|
|
|
2001-01-27 02:08:07 +00:00
|
|
|
if (event->ev_type == ISC_SOCKEVENT_RECVDONE) {
|
2000-03-14 03:30:52 +00:00
|
|
|
INSIST(!TCP_CLIENT(client));
|
2001-01-27 02:08:07 +00:00
|
|
|
sevent = (isc_socketevent_t *)event;
|
2001-02-12 21:45:37 +00:00
|
|
|
REQUIRE(sevent == client->recvevent);
|
2001-01-27 02:08:07 +00:00
|
|
|
isc_buffer_init(&tbuffer, sevent->region.base, sevent->n);
|
|
|
|
|
isc_buffer_add(&tbuffer, sevent->n);
|
|
|
|
|
buffer = &tbuffer;
|
|
|
|
|
result = sevent->result;
|
2001-05-14 21:12:32 +00:00
|
|
|
if (result == ISC_R_SUCCESS) {
|
|
|
|
|
client->peeraddr = sevent->address;
|
2018-04-17 08:29:14 -07:00
|
|
|
client->peeraddr_valid = true;
|
2001-05-14 21:12:32 +00:00
|
|
|
}
|
2013-03-22 12:27:54 -07:00
|
|
|
if ((sevent->attributes & ISC_SOCKEVENTATTR_DSCP) != 0) {
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(90),
|
|
|
|
|
"received DSCP %d", sevent->dscp);
|
|
|
|
|
if (client->dscp == -1)
|
|
|
|
|
client->dscp = sevent->dscp;
|
|
|
|
|
}
|
2001-01-27 02:08:07 +00:00
|
|
|
if ((sevent->attributes & ISC_SOCKEVENTATTR_PKTINFO) != 0) {
|
2000-03-14 03:30:52 +00:00
|
|
|
client->attributes |= NS_CLIENTATTR_PKTINFO;
|
2001-01-27 02:08:07 +00:00
|
|
|
client->pktinfo = sevent->pktinfo;
|
2000-03-14 03:30:52 +00:00
|
|
|
}
|
2001-01-27 02:08:07 +00:00
|
|
|
if ((sevent->attributes & ISC_SOCKEVENTATTR_MULTICAST) != 0)
|
2000-06-15 18:26:28 +00:00
|
|
|
client->attributes |= NS_CLIENTATTR_MULTICAST;
|
2001-01-27 02:08:07 +00:00
|
|
|
client->nrecvs--;
|
1999-08-05 01:51:32 +00:00
|
|
|
} else {
|
2000-03-14 03:30:52 +00:00
|
|
|
INSIST(TCP_CLIENT(client));
|
2019-02-06 11:27:11 -08:00
|
|
|
INSIST(client->tcpconn != NULL);
|
2000-04-17 19:22:44 +00:00
|
|
|
REQUIRE(event->ev_type == DNS_EVENT_TCPMSG);
|
|
|
|
|
REQUIRE(event->ev_sender == &client->tcpmsg);
|
1999-08-05 01:51:32 +00:00
|
|
|
buffer = &client->tcpmsg.buffer;
|
|
|
|
|
result = client->tcpmsg.result;
|
1999-12-22 16:59:05 +00:00
|
|
|
INSIST(client->nreads == 1);
|
2000-02-17 18:18:24 +00:00
|
|
|
/*
|
|
|
|
|
* client->peeraddr was set when the connection was accepted.
|
|
|
|
|
*/
|
1999-12-22 16:59:05 +00:00
|
|
|
client->nreads--;
|
1999-08-05 01:51:32 +00:00
|
|
|
}
|
|
|
|
|
|
2015-07-06 22:20:03 -07:00
|
|
|
reqsize = isc_buffer_usedlength(buffer);
|
2016-01-20 17:30:27 -08:00
|
|
|
/* don't count the length header */
|
|
|
|
|
if (TCP_CLIENT(client))
|
|
|
|
|
reqsize -= 2;
|
2015-07-06 22:20:03 -07:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
if (exit_check(client)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2000-06-22 01:14:38 +00:00
|
|
|
client->state = client->newstate = NS_CLIENTSTATE_WORKING;
|
2000-06-15 18:26:28 +00:00
|
|
|
|
2015-10-02 12:32:42 -07:00
|
|
|
isc_task_getcurrenttimex(task, &client->requesttime);
|
|
|
|
|
client->tnow = client->requesttime;
|
|
|
|
|
client->now = isc_time_seconds(&client->tnow);
|
1999-07-24 01:17:44 +00:00
|
|
|
|
1999-08-05 01:51:32 +00:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2001-05-14 21:12:32 +00:00
|
|
|
if (TCP_CLIENT(client)) {
|
1999-08-05 01:51:32 +00:00
|
|
|
ns_client_next(client, result);
|
2001-05-14 21:12:32 +00:00
|
|
|
} else {
|
2001-05-14 21:33:45 +00:00
|
|
|
if (result != ISC_R_CANCELED)
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(ns_lctx, NS_LOGCATEGORY_CLIENT,
|
2001-05-14 21:33:45 +00:00
|
|
|
NS_LOGMODULE_CLIENT,
|
|
|
|
|
ISC_LOG_ERROR,
|
|
|
|
|
"UDP client handler shutting "
|
|
|
|
|
"down due to fatal receive "
|
|
|
|
|
"error: %s",
|
|
|
|
|
isc_result_totext(result));
|
1999-08-05 01:51:32 +00:00
|
|
|
isc_task_shutdown(client->task);
|
2001-05-14 21:12:32 +00:00
|
|
|
}
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
1999-07-24 01:17:44 +00:00
|
|
|
}
|
|
|
|
|
|
2001-04-16 21:18:10 +00:00
|
|
|
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
|
|
|
|
|
|
2006-01-04 05:06:10 +00:00
|
|
|
#if NS_CLIENT_DROPPORT
|
|
|
|
|
if (ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) ==
|
|
|
|
|
DROPPORT_REQUEST) {
|
|
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
|
|
|
|
|
"dropped request: suspicious port");
|
|
|
|
|
ns_client_next(client, ISC_R_SUCCESS);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
2006-01-04 05:06:10 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2001-05-14 21:12:32 +00:00
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
|
|
|
|
|
"%s request",
|
|
|
|
|
TCP_CLIENT(client) ? "TCP" : "UDP");
|
|
|
|
|
|
2001-04-16 21:18:10 +00:00
|
|
|
/*
|
|
|
|
|
* Check the blackhole ACL for UDP only, since TCP is done in
|
|
|
|
|
* client_newconn.
|
|
|
|
|
*/
|
2018-02-05 20:24:14 +01:00
|
|
|
env = ns_interfacemgr_getaclenv(client->interface->mgr);
|
2001-04-16 21:18:10 +00:00
|
|
|
if (!TCP_CLIENT(client)) {
|
2017-09-08 13:39:09 -07:00
|
|
|
if (client->sctx->blackholeacl != NULL &&
|
2018-04-26 20:57:41 -07:00
|
|
|
(dns_acl_match(&netaddr, NULL, client->sctx->blackholeacl,
|
|
|
|
|
env, &match, NULL) == ISC_R_SUCCESS) &&
|
2001-04-16 21:18:10 +00:00
|
|
|
match > 0)
|
|
|
|
|
{
|
|
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
|
2001-04-16 22:10:44 +00:00
|
|
|
"blackholed UDP datagram");
|
2001-04-16 21:18:10 +00:00
|
|
|
ns_client_next(client, ISC_R_SUCCESS);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
2001-04-16 21:18:10 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-10-09 04:29:19 +00:00
|
|
|
/*
|
|
|
|
|
* Silently drop multicast requests for the present.
|
2009-05-07 09:41:23 +00:00
|
|
|
* XXXMPA revisit this as mDNS spec was published.
|
2001-10-09 04:29:19 +00:00
|
|
|
*/
|
|
|
|
|
if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0) {
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
|
|
|
|
|
"dropping multicast request");
|
|
|
|
|
ns_client_next(client, DNS_R_REFUSED);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
2001-10-09 04:29:19 +00:00
|
|
|
}
|
|
|
|
|
|
2001-05-09 23:13:03 +00:00
|
|
|
result = dns_message_peekheader(buffer, &id, &flags);
|
1999-07-24 01:17:44 +00:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2001-05-09 23:13:03 +00:00
|
|
|
/*
|
|
|
|
|
* There isn't enough header to determine whether
|
|
|
|
|
* this was a request or a response. Drop it.
|
|
|
|
|
*/
|
|
|
|
|
ns_client_next(client, result);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
1999-07-24 01:17:44 +00:00
|
|
|
}
|
1999-12-20 23:06:17 +00:00
|
|
|
|
|
|
|
|
/*
|
2001-05-09 23:13:03 +00:00
|
|
|
* The client object handles requests, not responses.
|
|
|
|
|
* If this is a UDP response, forward it to the dispatcher.
|
|
|
|
|
* If it's a TCP response, discard it here.
|
1999-12-20 23:06:17 +00:00
|
|
|
*/
|
2001-05-09 23:13:03 +00:00
|
|
|
if ((flags & DNS_MESSAGEFLAG_QR) != 0) {
|
2001-01-27 02:08:07 +00:00
|
|
|
if (TCP_CLIENT(client)) {
|
|
|
|
|
CTRACE("unexpected response");
|
|
|
|
|
ns_client_next(client, DNS_R_FORMERR);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
2001-01-27 02:08:07 +00:00
|
|
|
} else {
|
2001-02-10 02:00:11 +00:00
|
|
|
dns_dispatch_importrecv(client->dispatch, event);
|
2001-01-27 02:08:07 +00:00
|
|
|
ns_client_next(client, ISC_R_SUCCESS);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
2001-01-27 02:08:07 +00:00
|
|
|
}
|
1999-12-20 23:06:17 +00:00
|
|
|
}
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2008-04-03 05:55:52 +00:00
|
|
|
/*
|
|
|
|
|
* Update some statistics counters. Don't count responses.
|
|
|
|
|
*/
|
|
|
|
|
if (isc_sockaddr_pf(&client->peeraddr) == PF_INET) {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_requestv4);
|
2008-04-03 05:55:52 +00:00
|
|
|
} else {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_requestv6);
|
2008-04-03 05:55:52 +00:00
|
|
|
}
|
2015-07-06 22:20:03 -07:00
|
|
|
if (TCP_CLIENT(client)) {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_requesttcp);
|
2016-06-23 08:44:54 +10:00
|
|
|
switch (isc_sockaddr_pf(&client->peeraddr)) {
|
|
|
|
|
case AF_INET:
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_stats_increment(client->sctx->tcpinstats4,
|
2016-06-23 08:44:54 +10:00
|
|
|
ISC_MIN((int)reqsize / 16, 18));
|
|
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_stats_increment(client->sctx->tcpinstats6,
|
2016-06-23 08:44:54 +10:00
|
|
|
ISC_MIN((int)reqsize / 16, 18));
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
INSIST(0);
|
2018-11-07 15:00:07 +07:00
|
|
|
ISC_UNREACHABLE();
|
2016-06-23 08:44:54 +10:00
|
|
|
}
|
2015-07-06 22:20:03 -07:00
|
|
|
} else {
|
2016-06-23 08:44:54 +10:00
|
|
|
switch (isc_sockaddr_pf(&client->peeraddr)) {
|
|
|
|
|
case AF_INET:
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_stats_increment(client->sctx->udpinstats4,
|
2016-06-23 08:44:54 +10:00
|
|
|
ISC_MIN((int)reqsize / 16, 18));
|
|
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_stats_increment(client->sctx->udpinstats6,
|
2016-06-23 08:44:54 +10:00
|
|
|
ISC_MIN((int)reqsize / 16, 18));
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
INSIST(0);
|
2018-11-07 15:00:07 +07:00
|
|
|
ISC_UNREACHABLE();
|
2016-06-23 08:44:54 +10:00
|
|
|
}
|
2015-07-06 22:20:03 -07:00
|
|
|
}
|
2008-04-03 05:55:52 +00:00
|
|
|
|
2001-05-09 23:13:03 +00:00
|
|
|
/*
|
|
|
|
|
* It's a request. Parse it.
|
|
|
|
|
*/
|
|
|
|
|
result = dns_message_parse(client->message, buffer, 0);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
/*
|
|
|
|
|
* Parsing the request failed. Send a response
|
|
|
|
|
* (typically FORMERR or SERVFAIL).
|
|
|
|
|
*/
|
2019-01-07 14:05:43 +11:00
|
|
|
if (result == DNS_R_OPTERR) {
|
2015-07-06 09:44:24 +10:00
|
|
|
(void)ns_client_addopt(client, client->message,
|
|
|
|
|
&client->opt);
|
2019-01-07 14:05:43 +11:00
|
|
|
}
|
2015-07-08 22:53:39 -07:00
|
|
|
|
|
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
2016-01-04 13:05:23 -08:00
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
|
2015-07-08 22:53:39 -07:00
|
|
|
"message parsing failed: %s",
|
|
|
|
|
isc_result_totext(result));
|
2019-01-07 14:05:43 +11:00
|
|
|
if (result == ISC_R_NOSPACE) {
|
|
|
|
|
result = DNS_R_FORMERR;
|
|
|
|
|
}
|
2001-05-09 23:13:03 +00:00
|
|
|
ns_client_error(client, result);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
2001-05-09 23:13:03 +00:00
|
|
|
}
|
|
|
|
|
|
2015-01-20 16:10:30 -08:00
|
|
|
/*
|
|
|
|
|
* Pipeline TCP query processing.
|
|
|
|
|
*/
|
2019-02-06 11:27:11 -08:00
|
|
|
if (TCP_CLIENT(client) &&
|
|
|
|
|
client->message->opcode != dns_opcode_query)
|
|
|
|
|
{
|
|
|
|
|
client->tcpconn->pipelined = false;
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
2019-02-06 11:27:11 -08:00
|
|
|
if (TCP_CLIENT(client) && client->tcpconn->pipelined) {
|
2019-02-06 11:26:36 -08:00
|
|
|
/*
|
|
|
|
|
* We're pipelining. Replace the client; the
|
2019-02-06 11:27:11 -08:00
|
|
|
* replacement can read the TCP socket looking
|
|
|
|
|
* for new messages and this one can process the
|
2019-02-06 11:26:36 -08:00
|
|
|
* current message asynchronously.
|
|
|
|
|
*
|
2019-02-06 11:27:11 -08:00
|
|
|
* There will now be at least three clients using this
|
2019-02-06 11:26:36 -08:00
|
|
|
* TCP socket - one accepting new connections,
|
|
|
|
|
* one reading an existing connection to get new
|
|
|
|
|
* messages, and one answering the message already
|
|
|
|
|
* received.
|
|
|
|
|
*/
|
2019-01-04 12:50:51 +01:00
|
|
|
result = ns_client_replace(client);
|
2015-01-20 16:10:30 -08:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2019-02-06 11:27:11 -08:00
|
|
|
client->tcpconn->pipelined = false;
|
2015-01-20 16:10:30 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
dns_opcodestats_increment(client->sctx->opcodestats,
|
2008-04-03 05:55:52 +00:00
|
|
|
client->message->opcode);
|
2001-10-09 02:05:55 +00:00
|
|
|
switch (client->message->opcode) {
|
|
|
|
|
case dns_opcode_query:
|
|
|
|
|
case dns_opcode_update:
|
|
|
|
|
case dns_opcode_notify:
|
2018-04-17 08:29:14 -07:00
|
|
|
notimp = false;
|
2001-10-09 02:05:55 +00:00
|
|
|
break;
|
|
|
|
|
case dns_opcode_iquery:
|
|
|
|
|
default:
|
2018-04-17 08:29:14 -07:00
|
|
|
notimp = true;
|
2001-10-09 02:05:55 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2001-09-19 00:02:26 +00:00
|
|
|
client->message->rcode = dns_rcode_noerror;
|
|
|
|
|
|
2001-10-13 01:10:26 +00:00
|
|
|
/* RFC1123 section 6.1.3.2 */
|
|
|
|
|
if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0)
|
|
|
|
|
client->message->flags &= ~DNS_MESSAGEFLAG_RD;
|
|
|
|
|
|
1999-09-02 01:52:31 +00:00
|
|
|
/*
|
|
|
|
|
* Deal with EDNS.
|
|
|
|
|
*/
|
2017-09-08 13:39:09 -07:00
|
|
|
if ((client->sctx->options & NS_SERVER_NOEDNS) != 0)
|
2012-10-16 10:23:08 +11:00
|
|
|
opt = NULL;
|
|
|
|
|
else
|
|
|
|
|
opt = dns_message_getopt(client->message);
|
2014-08-28 22:05:57 -07:00
|
|
|
|
2017-02-02 11:54:28 -08:00
|
|
|
client->ecs.source = 0;
|
|
|
|
|
client->ecs.scope = 0;
|
2014-08-28 22:05:57 -07:00
|
|
|
|
1999-09-02 01:52:31 +00:00
|
|
|
if (opt != NULL) {
|
2018-07-26 17:53:15 +10:00
|
|
|
/*
|
|
|
|
|
* Are returning FORMERR to all EDNS queries?
|
|
|
|
|
* Simulate a STD13 compliant server.
|
|
|
|
|
*/
|
|
|
|
|
if ((client->sctx->options & NS_SERVER_EDNSFORMERR) != 0) {
|
|
|
|
|
ns_client_error(client, DNS_R_FORMERR);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Are returning NOTIMP to all EDNS queries?
|
|
|
|
|
*/
|
|
|
|
|
if ((client->sctx->options & NS_SERVER_EDNSNOTIMP) != 0) {
|
|
|
|
|
ns_client_error(client, DNS_R_NOTIMP);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Are returning REFUSED to all EDNS queries?
|
|
|
|
|
*/
|
|
|
|
|
if ((client->sctx->options & NS_SERVER_EDNSREFUSED) != 0) {
|
|
|
|
|
ns_client_error(client, DNS_R_REFUSED);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-16 10:23:08 +11:00
|
|
|
/*
|
|
|
|
|
* Are we dropping all EDNS queries?
|
|
|
|
|
*/
|
2017-09-08 13:39:09 -07:00
|
|
|
if ((client->sctx->options & NS_SERVER_DROPEDNS) != 0) {
|
2012-10-16 10:23:08 +11:00
|
|
|
ns_client_next(client, ISC_R_SUCCESS);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
2012-10-16 10:23:08 +11:00
|
|
|
}
|
2018-07-26 17:53:15 +10:00
|
|
|
|
2013-08-15 12:01:12 +10:00
|
|
|
result = process_opt(client, opt);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
1999-09-02 01:52:31 +00:00
|
|
|
}
|
|
|
|
|
|
2000-08-21 23:45:05 +00:00
|
|
|
if (client->message->rdclass == 0) {
|
2018-05-16 00:07:17 +05:30
|
|
|
if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0 &&
|
|
|
|
|
client->message->opcode == dns_opcode_query &&
|
|
|
|
|
client->message->counts[DNS_SECTION_QUESTION] == 0U)
|
|
|
|
|
{
|
2018-04-17 08:29:14 -07:00
|
|
|
result = dns_message_reply(client->message, true);
|
2015-07-06 09:44:24 +10:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
ns_client_error(client, result);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2015-07-24 13:35:29 +10:00
|
|
|
if (notimp)
|
|
|
|
|
client->message->rcode = dns_rcode_notimp;
|
2015-07-06 09:44:24 +10:00
|
|
|
ns_client_send(client);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2000-08-21 23:45:05 +00:00
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
2001-06-28 02:39:46 +00:00
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
|
2000-08-21 23:45:05 +00:00
|
|
|
"message class could not be determined");
|
2001-05-25 07:39:48 +00:00
|
|
|
ns_client_dumpmessage(client,
|
|
|
|
|
"message class could not be determined");
|
2001-10-09 02:05:55 +00:00
|
|
|
ns_client_error(client, notimp ? DNS_R_NOTIMP : DNS_R_FORMERR);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
2000-08-21 23:45:05 +00:00
|
|
|
}
|
|
|
|
|
|
2001-11-16 20:01:57 +00:00
|
|
|
/*
|
2004-04-29 01:37:14 +00:00
|
|
|
* Determine the destination address. If the receiving interface is
|
|
|
|
|
* bound to a specific address, we simply use it regardless of the
|
|
|
|
|
* address family. All IPv4 queries should fall into this case.
|
|
|
|
|
* Otherwise, if this is a TCP query, get the address from the
|
|
|
|
|
* receiving socket (this needs a system call and can be heavy).
|
|
|
|
|
* For IPv6 UDP queries, we get this from the pktinfo structure (if
|
|
|
|
|
* supported).
|
|
|
|
|
* If all the attempts fail (this can happen due to memory shortage,
|
2008-01-18 23:46:58 +00:00
|
|
|
* etc), we regard this as an error for safety.
|
2001-11-16 20:01:57 +00:00
|
|
|
*/
|
2004-04-29 01:37:14 +00:00
|
|
|
if ((client->interface->flags & NS_INTERFACEFLAG_ANYADDR) == 0)
|
2009-03-03 01:36:17 +00:00
|
|
|
isc_netaddr_fromsockaddr(&client->destaddr,
|
|
|
|
|
&client->interface->addr);
|
2004-04-29 01:37:14 +00:00
|
|
|
else {
|
2009-03-03 01:36:17 +00:00
|
|
|
isc_sockaddr_t sockaddr;
|
2004-04-29 01:37:14 +00:00
|
|
|
result = ISC_R_FAILURE;
|
|
|
|
|
|
2009-03-03 01:36:17 +00:00
|
|
|
if (TCP_CLIENT(client))
|
2004-04-29 01:37:14 +00:00
|
|
|
result = isc_socket_getsockname(client->tcpsocket,
|
2009-03-03 01:36:17 +00:00
|
|
|
&sockaddr);
|
|
|
|
|
if (result == ISC_R_SUCCESS)
|
|
|
|
|
isc_netaddr_fromsockaddr(&client->destaddr, &sockaddr);
|
2004-04-29 01:37:14 +00:00
|
|
|
if (result != ISC_R_SUCCESS &&
|
|
|
|
|
client->interface->addr.type.sa.sa_family == AF_INET6 &&
|
|
|
|
|
(client->attributes & NS_CLIENTATTR_PKTINFO) != 0) {
|
2002-10-24 03:52:35 +00:00
|
|
|
/*
|
|
|
|
|
* XXXJT technically, we should convert the receiving
|
|
|
|
|
* interface ID to a proper scope zone ID. However,
|
|
|
|
|
* due to the fact there is no standard API for this,
|
|
|
|
|
* we only handle link-local addresses and use the
|
|
|
|
|
* interface index as link ID. Despite the assumption,
|
|
|
|
|
* it should cover most typical cases.
|
|
|
|
|
*/
|
2009-03-03 01:36:17 +00:00
|
|
|
isc_netaddr_fromin6(&client->destaddr,
|
2002-10-24 03:52:35 +00:00
|
|
|
&client->pktinfo.ipi6_addr);
|
2009-03-03 01:36:17 +00:00
|
|
|
if (IN6_IS_ADDR_LINKLOCAL(&client->pktinfo.ipi6_addr))
|
|
|
|
|
isc_netaddr_setzone(&client->destaddr,
|
2009-03-03 23:48:02 +00:00
|
|
|
client->pktinfo.ipi6_ifindex);
|
2004-04-29 01:37:14 +00:00
|
|
|
result = ISC_R_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
UNEXPECTED_ERROR(__FILE__, __LINE__,
|
|
|
|
|
"failed to get request's "
|
|
|
|
|
"destination: %s",
|
|
|
|
|
isc_result_totext(result));
|
2007-02-26 00:57:03 +00:00
|
|
|
ns_client_next(client, ISC_R_SUCCESS);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
2004-04-29 01:37:14 +00:00
|
|
|
}
|
2001-11-16 20:01:57 +00:00
|
|
|
}
|
|
|
|
|
|
2018-01-13 00:31:30 +05:30
|
|
|
isc_sockaddr_fromnetaddr(&client->destsockaddr, &client->destaddr, 0);
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
result = client->sctx->matchingview(&netaddr, &client->destaddr,
|
2018-04-26 20:57:41 -07:00
|
|
|
client->message, env,
|
2017-09-08 13:39:09 -07:00
|
|
|
&sigresult, &client->view);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
2000-11-15 19:15:25 +00:00
|
|
|
char classname[DNS_RDATACLASS_FORMATSIZE];
|
|
|
|
|
|
2000-09-18 22:54:08 +00:00
|
|
|
/*
|
|
|
|
|
* Do a dummy TSIG verification attempt so that the
|
|
|
|
|
* response will have a TSIG if the query did, as
|
|
|
|
|
* required by RFC2845.
|
|
|
|
|
*/
|
2000-09-12 07:48:28 +00:00
|
|
|
isc_buffer_t b;
|
|
|
|
|
isc_region_t *r;
|
2001-12-06 04:38:51 +00:00
|
|
|
|
|
|
|
|
dns_message_resetsig(client->message);
|
|
|
|
|
|
2000-09-12 07:48:28 +00:00
|
|
|
r = dns_message_getrawmessage(client->message);
|
|
|
|
|
isc_buffer_init(&b, r->base, r->length);
|
|
|
|
|
isc_buffer_add(&b, r->length);
|
|
|
|
|
(void)dns_tsig_verify(&b, client->message, NULL, NULL);
|
|
|
|
|
|
2000-11-15 19:15:25 +00:00
|
|
|
dns_rdataclass_format(client->message->rdclass, classname,
|
|
|
|
|
sizeof(classname));
|
2000-04-06 17:29:47 +00:00
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
2001-06-28 02:39:46 +00:00
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
|
2000-11-15 19:15:25 +00:00
|
|
|
"no matching view in class '%s'", classname);
|
2001-05-25 07:39:48 +00:00
|
|
|
ns_client_dumpmessage(client, "no matching view in class");
|
2001-10-09 02:05:55 +00:00
|
|
|
ns_client_error(client, notimp ? DNS_R_NOTIMP : DNS_R_REFUSED);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
2000-01-21 20:24:49 +00:00
|
|
|
}
|
|
|
|
|
|
2000-04-06 20:26:39 +00:00
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(5),
|
2017-09-08 13:39:09 -07:00
|
|
|
"using view '%s'", client->view->name);
|
2000-08-01 01:33:37 +00:00
|
|
|
|
1999-12-10 18:14:49 +00:00
|
|
|
/*
|
2000-08-01 01:33:37 +00:00
|
|
|
* Check for a signature. We log bad signatures regardless of
|
1999-12-10 18:14:49 +00:00
|
|
|
* whether they ultimately cause the request to be rejected or
|
|
|
|
|
* not. We do not log the lack of a signature unless we are
|
|
|
|
|
* debugging.
|
|
|
|
|
*/
|
|
|
|
|
client->signer = NULL;
|
2000-01-21 20:24:49 +00:00
|
|
|
dns_name_init(&client->signername, NULL);
|
1999-12-10 18:14:49 +00:00
|
|
|
result = dns_message_signer(client->message, &client->signername);
|
2008-04-03 05:55:52 +00:00
|
|
|
if (result != ISC_R_NOTFOUND) {
|
|
|
|
|
signame = NULL;
|
|
|
|
|
if (dns_message_gettsig(client->message, &signame) != NULL) {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_tsigin);
|
2008-04-03 05:55:52 +00:00
|
|
|
} else {
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_sig0in);
|
2008-04-03 05:55:52 +00:00
|
|
|
}
|
2008-04-03 06:09:05 +00:00
|
|
|
|
2008-04-03 05:55:52 +00:00
|
|
|
}
|
2000-04-06 22:03:35 +00:00
|
|
|
if (result == ISC_R_SUCCESS) {
|
2011-01-10 05:32:04 +00:00
|
|
|
char namebuf[DNS_NAME_FORMATSIZE];
|
|
|
|
|
dns_name_format(&client->signername, namebuf, sizeof(namebuf));
|
2000-04-04 18:28:51 +00:00
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
1999-12-10 18:14:49 +00:00
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
|
2011-01-10 05:32:04 +00:00
|
|
|
"request has valid signature: %s", namebuf);
|
1999-12-10 18:14:49 +00:00
|
|
|
client->signer = &client->signername;
|
2000-04-06 22:03:35 +00:00
|
|
|
} else if (result == ISC_R_NOTFOUND) {
|
2000-04-04 18:28:51 +00:00
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
1999-12-10 18:14:49 +00:00
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
|
|
|
|
|
"request is not signed");
|
2000-01-21 20:24:49 +00:00
|
|
|
} else if (result == DNS_R_NOIDENTITY) {
|
2000-04-04 18:28:51 +00:00
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
2000-01-21 20:24:49 +00:00
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
|
|
|
|
|
"request is signed by a nonauthoritative key");
|
1999-12-10 18:14:49 +00:00
|
|
|
} else {
|
2002-03-05 00:36:44 +00:00
|
|
|
char tsigrcode[64];
|
|
|
|
|
isc_buffer_t b;
|
2007-08-22 00:42:42 +00:00
|
|
|
dns_rcode_t status;
|
|
|
|
|
isc_result_t tresult;
|
2002-03-05 00:36:44 +00:00
|
|
|
|
1999-12-10 18:14:49 +00:00
|
|
|
/* There is a signature, but it is bad. */
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_stats_increment(client->sctx->nsstats,
|
|
|
|
|
ns_statscounter_invalidsig);
|
2008-04-03 05:55:52 +00:00
|
|
|
signame = NULL;
|
|
|
|
|
if (dns_message_gettsig(client->message, &signame) != NULL) {
|
2004-02-09 23:25:22 +00:00
|
|
|
char namebuf[DNS_NAME_FORMATSIZE];
|
2006-12-04 01:54:53 +00:00
|
|
|
char cnamebuf[DNS_NAME_FORMATSIZE];
|
2008-04-03 05:55:52 +00:00
|
|
|
dns_name_format(signame, namebuf, sizeof(namebuf));
|
2007-08-22 00:42:42 +00:00
|
|
|
status = client->message->tsigstatus;
|
|
|
|
|
isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
|
|
|
|
|
tresult = dns_tsigrcode_totext(status, &b);
|
|
|
|
|
INSIST(tresult == ISC_R_SUCCESS);
|
|
|
|
|
tsigrcode[isc_buffer_usedlength(&b)] = '\0';
|
2006-12-04 01:54:53 +00:00
|
|
|
if (client->message->tsigkey->generated) {
|
|
|
|
|
dns_name_format(client->message->tsigkey->creator,
|
|
|
|
|
cnamebuf, sizeof(cnamebuf));
|
|
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
|
|
|
|
NS_LOGMODULE_CLIENT,
|
|
|
|
|
ISC_LOG_ERROR,
|
|
|
|
|
"request has invalid signature: "
|
|
|
|
|
"TSIG %s (%s): %s (%s)", namebuf,
|
|
|
|
|
cnamebuf,
|
|
|
|
|
isc_result_totext(result),
|
|
|
|
|
tsigrcode);
|
|
|
|
|
} else {
|
|
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
|
|
|
|
NS_LOGMODULE_CLIENT,
|
|
|
|
|
ISC_LOG_ERROR,
|
|
|
|
|
"request has invalid signature: "
|
|
|
|
|
"TSIG %s: %s (%s)", namebuf,
|
|
|
|
|
isc_result_totext(result),
|
|
|
|
|
tsigrcode);
|
|
|
|
|
}
|
2004-02-09 23:25:22 +00:00
|
|
|
} else {
|
2007-08-22 00:42:42 +00:00
|
|
|
status = client->message->sig0status;
|
|
|
|
|
isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
|
|
|
|
|
tresult = dns_tsigrcode_totext(status, &b);
|
|
|
|
|
INSIST(tresult == ISC_R_SUCCESS);
|
|
|
|
|
tsigrcode[isc_buffer_usedlength(&b)] = '\0';
|
2004-02-09 23:25:22 +00:00
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
|
|
|
|
|
"request has invalid signature: %s (%s)",
|
|
|
|
|
isc_result_totext(result), tsigrcode);
|
|
|
|
|
}
|
2001-10-12 04:01:40 +00:00
|
|
|
/*
|
|
|
|
|
* Accept update messages signed by unknown keys so that
|
|
|
|
|
* update forwarding works transparently through slaves
|
|
|
|
|
* that don't have all the same keys as the master.
|
|
|
|
|
*/
|
2000-11-03 04:45:03 +00:00
|
|
|
if (!(client->message->tsigstatus == dns_tsigerror_badkey &&
|
|
|
|
|
client->message->opcode == dns_opcode_update)) {
|
2000-09-13 01:30:34 +00:00
|
|
|
ns_client_error(client, sigresult);
|
2017-09-08 13:39:09 -07:00
|
|
|
return;
|
2000-09-13 01:30:34 +00:00
|
|
|
}
|
1999-12-10 18:14:49 +00:00
|
|
|
}
|
|
|
|
|
|
1999-12-10 23:58:04 +00:00
|
|
|
/*
|
|
|
|
|
* Decide whether recursive service is available to this client.
|
|
|
|
|
* We do this here rather than in the query code so that we can
|
|
|
|
|
* set the RA bit correctly on all kinds of responses, not just
|
2006-07-22 01:00:04 +00:00
|
|
|
* responses to ordinary queries. Note if you can't query the
|
|
|
|
|
* cache there is no point in setting RA.
|
1999-12-10 23:58:04 +00:00
|
|
|
*/
|
2018-04-17 08:29:14 -07:00
|
|
|
ra = false;
|
2000-04-06 20:26:39 +00:00
|
|
|
if (client->view->resolver != NULL &&
|
2018-04-17 08:29:14 -07:00
|
|
|
client->view->recursion == true &&
|
2007-03-29 06:36:31 +00:00
|
|
|
ns_client_checkaclsilent(client, NULL,
|
|
|
|
|
client->view->recursionacl,
|
2018-04-17 08:29:14 -07:00
|
|
|
true) == ISC_R_SUCCESS &&
|
2007-03-29 06:36:31 +00:00
|
|
|
ns_client_checkaclsilent(client, NULL,
|
2010-09-24 05:09:03 +00:00
|
|
|
client->view->cacheacl,
|
2018-04-17 08:29:14 -07:00
|
|
|
true) == ISC_R_SUCCESS &&
|
2009-03-03 01:36:17 +00:00
|
|
|
ns_client_checkaclsilent(client, &client->destaddr,
|
2007-03-29 06:36:31 +00:00
|
|
|
client->view->recursiononacl,
|
2018-04-17 08:29:14 -07:00
|
|
|
true) == ISC_R_SUCCESS &&
|
2009-03-03 01:36:17 +00:00
|
|
|
ns_client_checkaclsilent(client, &client->destaddr,
|
2010-09-24 05:09:03 +00:00
|
|
|
client->view->cacheonacl,
|
2018-04-17 08:29:14 -07:00
|
|
|
true) == ISC_R_SUCCESS)
|
|
|
|
|
ra = true;
|
2000-04-06 20:26:39 +00:00
|
|
|
|
2019-03-27 17:45:45 +01:00
|
|
|
if (ra == true) {
|
1999-12-10 23:58:04 +00:00
|
|
|
client->attributes |= NS_CLIENTATTR_RA;
|
2019-03-27 17:45:45 +01:00
|
|
|
}
|
2000-01-07 19:20:25 +00:00
|
|
|
|
2002-05-16 04:05:42 +00:00
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
|
|
|
|
|
ISC_LOG_DEBUG(3), ra ? "recursion available" :
|
2007-03-29 06:36:31 +00:00
|
|
|
"recursion not available");
|
2002-05-16 04:05:42 +00:00
|
|
|
|
2006-01-05 00:01:46 +00:00
|
|
|
/*
|
|
|
|
|
* Adjust maximum UDP response size for this client.
|
|
|
|
|
*/
|
|
|
|
|
if (client->udpsize > 512) {
|
|
|
|
|
dns_peer_t *peer = NULL;
|
2018-03-28 14:19:37 +02:00
|
|
|
uint16_t udpsize = client->view->maxudp;
|
2017-09-08 13:39:09 -07:00
|
|
|
(void) dns_peerlist_peerbyaddr(client->view->peers,
|
|
|
|
|
&netaddr, &peer);
|
2006-01-05 00:01:46 +00:00
|
|
|
if (peer != NULL)
|
|
|
|
|
dns_peer_getmaxudp(peer, &udpsize);
|
|
|
|
|
if (client->udpsize > udpsize)
|
|
|
|
|
client->udpsize = udpsize;
|
|
|
|
|
}
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
/*
|
|
|
|
|
* Dispatch the request.
|
|
|
|
|
*/
|
|
|
|
|
switch (client->message->opcode) {
|
|
|
|
|
case dns_opcode_query:
|
|
|
|
|
CTRACE("query");
|
2015-10-02 12:32:42 -07:00
|
|
|
#ifdef HAVE_DNSTAP
|
2019-03-27 17:45:45 +01:00
|
|
|
if (ra && (client->message->flags & DNS_MESSAGEFLAG_RD) != 0) {
|
2015-10-02 12:32:42 -07:00
|
|
|
dtmsgtype = DNS_DTTYPE_CQ;
|
2019-03-27 17:45:45 +01:00
|
|
|
} else {
|
2015-10-02 12:32:42 -07:00
|
|
|
dtmsgtype = DNS_DTTYPE_AQ;
|
2019-03-27 17:45:45 +01:00
|
|
|
}
|
2015-10-02 12:32:42 -07:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
dns_dt_send(client->view, dtmsgtype, &client->peeraddr,
|
2018-04-09 18:07:47 +01:00
|
|
|
&client->destsockaddr, TCP_CLIENT(client), NULL,
|
2015-10-02 12:32:42 -07:00
|
|
|
&client->requesttime, NULL, buffer);
|
|
|
|
|
#endif /* HAVE_DNSTAP */
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
ns_query_start(client);
|
|
|
|
|
break;
|
1999-08-20 06:03:02 +00:00
|
|
|
case dns_opcode_update:
|
|
|
|
|
CTRACE("update");
|
2018-10-02 14:13:14 -07:00
|
|
|
#ifdef HAVE_DNSTAP
|
|
|
|
|
dns_dt_send(client->view, DNS_DTTYPE_UQ, &client->peeraddr,
|
|
|
|
|
&client->destsockaddr, TCP_CLIENT(client), NULL,
|
|
|
|
|
&client->requesttime, NULL, buffer);
|
|
|
|
|
#endif /* HAVE_DNSTAP */
|
2001-01-29 19:49:52 +00:00
|
|
|
ns_client_settimeout(client, 60);
|
2000-09-13 01:30:34 +00:00
|
|
|
ns_update_start(client, sigresult);
|
1999-08-20 06:03:02 +00:00
|
|
|
break;
|
|
|
|
|
case dns_opcode_notify:
|
|
|
|
|
CTRACE("notify");
|
2001-01-29 19:49:52 +00:00
|
|
|
ns_client_settimeout(client, 60);
|
1999-12-16 01:23:17 +00:00
|
|
|
ns_notify_start(client);
|
1999-08-20 06:03:02 +00:00
|
|
|
break;
|
1999-07-24 01:17:44 +00:00
|
|
|
case dns_opcode_iquery:
|
|
|
|
|
CTRACE("iquery");
|
1999-11-30 22:35:43 +00:00
|
|
|
ns_client_error(client, DNS_R_NOTIMP);
|
2000-02-04 00:46:58 +00:00
|
|
|
break;
|
1999-07-24 01:17:44 +00:00
|
|
|
default:
|
|
|
|
|
CTRACE("unknown opcode");
|
|
|
|
|
ns_client_error(client, DNS_R_NOTIMP);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
client_timeout(isc_task_t *task, isc_event_t *event) {
|
|
|
|
|
ns_client_t *client;
|
|
|
|
|
|
|
|
|
|
REQUIRE(event != NULL);
|
2000-04-17 19:22:44 +00:00
|
|
|
REQUIRE(event->ev_type == ISC_TIMEREVENT_LIFE ||
|
|
|
|
|
event->ev_type == ISC_TIMEREVENT_IDLE);
|
|
|
|
|
client = event->ev_arg;
|
1999-07-24 01:17:44 +00:00
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
REQUIRE(task == client->task);
|
|
|
|
|
REQUIRE(client->timer != NULL);
|
|
|
|
|
|
2000-04-28 01:24:18 +00:00
|
|
|
UNUSED(task);
|
2000-08-01 01:33:37 +00:00
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
CTRACE("timeout");
|
|
|
|
|
|
|
|
|
|
isc_event_free(&event);
|
|
|
|
|
|
2000-02-14 23:56:47 +00:00
|
|
|
if (client->shutdown != NULL) {
|
|
|
|
|
(client->shutdown)(client->shutdown_arg, ISC_R_TIMEDOUT);
|
|
|
|
|
client->shutdown = NULL;
|
|
|
|
|
client->shutdown_arg = NULL;
|
|
|
|
|
}
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
if (client->newstate > NS_CLIENTSTATE_READY)
|
|
|
|
|
client->newstate = NS_CLIENTSTATE_READY;
|
2001-11-14 19:11:06 +00:00
|
|
|
(void)exit_check(client);
|
1999-07-24 01:17:44 +00:00
|
|
|
}
|
|
|
|
|
|
2005-10-16 23:21:25 +00:00
|
|
|
static isc_result_t
|
|
|
|
|
get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) {
|
|
|
|
|
isc_mem_t *clientmctx;
|
|
|
|
|
isc_result_t result;
|
2011-10-25 16:21:21 +00:00
|
|
|
#if NMCTXS > 0
|
|
|
|
|
unsigned int nextmctx;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
MTRACE("clientmctx");
|
2005-10-16 23:21:25 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Caller must be holding the manager lock.
|
|
|
|
|
*/
|
2017-09-08 13:39:09 -07:00
|
|
|
if ((manager->sctx->options & NS_SERVER_CLIENTTEST) != 0) {
|
2008-03-31 05:00:30 +00:00
|
|
|
result = isc_mem_create(0, 0, mctxp);
|
|
|
|
|
if (result == ISC_R_SUCCESS)
|
|
|
|
|
isc_mem_setname(*mctxp, "client", NULL);
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
2006-05-29 01:27:58 +00:00
|
|
|
#if NMCTXS > 0
|
2011-10-25 16:21:21 +00:00
|
|
|
nextmctx = manager->nextmctx++;
|
|
|
|
|
if (manager->nextmctx == NMCTXS)
|
|
|
|
|
manager->nextmctx = 0;
|
|
|
|
|
|
|
|
|
|
INSIST(nextmctx < NMCTXS);
|
|
|
|
|
|
|
|
|
|
clientmctx = manager->mctxpool[nextmctx];
|
2005-10-16 23:21:25 +00:00
|
|
|
if (clientmctx == NULL) {
|
|
|
|
|
result = isc_mem_create(0, 0, &clientmctx);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
return (result);
|
2008-03-31 05:00:30 +00:00
|
|
|
isc_mem_setname(clientmctx, "client", NULL);
|
2005-10-16 23:21:25 +00:00
|
|
|
|
2011-10-25 16:21:21 +00:00
|
|
|
manager->mctxpool[nextmctx] = clientmctx;
|
2005-10-16 23:21:25 +00:00
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
clientmctx = manager->mctx;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
isc_mem_attach(clientmctx, mctxp);
|
|
|
|
|
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
static isc_result_t
|
2005-03-15 00:46:29 +00:00
|
|
|
client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
|
1999-07-24 01:17:44 +00:00
|
|
|
ns_client_t *client;
|
|
|
|
|
isc_result_t result;
|
2005-06-04 05:32:50 +00:00
|
|
|
isc_mem_t *mctx = NULL;
|
1999-07-24 01:17:44 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Caller must be holding the manager lock.
|
|
|
|
|
*
|
2000-08-01 01:33:37 +00:00
|
|
|
* Note: creating a client does not add the client to the
|
1999-12-22 16:59:05 +00:00
|
|
|
* manager's client list or set the client's manager pointer.
|
|
|
|
|
* The caller is responsible for that.
|
1999-07-24 01:17:44 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
REQUIRE(clientp != NULL && *clientp == NULL);
|
|
|
|
|
|
2005-10-16 23:21:25 +00:00
|
|
|
result = get_clientmctx(manager, &mctx);
|
2005-06-04 05:32:50 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
return (result);
|
|
|
|
|
|
|
|
|
|
client = isc_mem_get(mctx, sizeof(*client));
|
|
|
|
|
if (client == NULL) {
|
|
|
|
|
isc_mem_detach(&mctx);
|
1999-07-24 01:17:44 +00:00
|
|
|
return (ISC_R_NOMEMORY);
|
2005-06-04 05:32:50 +00:00
|
|
|
}
|
|
|
|
|
client->mctx = mctx;
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
client->sctx = NULL;
|
|
|
|
|
ns_server_attach(manager->sctx, &client->sctx);
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
client->task = NULL;
|
2018-11-21 09:50:50 +00:00
|
|
|
result = isc_task_create(manager->taskmgr, 0, &client->task);
|
1999-07-24 01:17:44 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto cleanup_client;
|
2000-01-25 19:31:23 +00:00
|
|
|
isc_task_setname(client->task, "client", client);
|
1999-07-24 01:17:44 +00:00
|
|
|
|
|
|
|
|
client->timer = NULL;
|
|
|
|
|
result = isc_timer_create(manager->timermgr, isc_timertype_inactive,
|
|
|
|
|
NULL, NULL, client->task, client_timeout,
|
|
|
|
|
client, &client->timer);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto cleanup_task;
|
2018-04-17 08:29:14 -07:00
|
|
|
client->timerset = false;
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2012-09-29 13:07:09 +10:00
|
|
|
client->delaytimer = NULL;
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
client->message = NULL;
|
2005-06-04 05:32:50 +00:00
|
|
|
result = dns_message_create(client->mctx, DNS_MESSAGE_INTENTPARSE,
|
1999-07-24 01:17:44 +00:00
|
|
|
&client->message);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto cleanup_timer;
|
|
|
|
|
|
|
|
|
|
/* XXXRTH Hardwired constants */
|
|
|
|
|
|
2013-03-22 12:27:54 -07:00
|
|
|
client->sendevent = isc_socket_socketevent(client->mctx, client,
|
|
|
|
|
ISC_SOCKEVENT_SENDDONE,
|
|
|
|
|
client_senddone, client);
|
2001-02-22 23:16:59 +00:00
|
|
|
if (client->sendevent == NULL) {
|
|
|
|
|
result = ISC_R_NOMEMORY;
|
2001-03-06 01:24:40 +00:00
|
|
|
goto cleanup_message;
|
2001-02-22 23:16:59 +00:00
|
|
|
}
|
2001-02-12 21:45:37 +00:00
|
|
|
|
2005-06-04 05:32:50 +00:00
|
|
|
client->recvbuf = isc_mem_get(client->mctx, RECV_BUFFER_SIZE);
|
2001-02-22 23:16:59 +00:00
|
|
|
if (client->recvbuf == NULL) {
|
|
|
|
|
result = ISC_R_NOMEMORY;
|
2001-02-12 21:45:37 +00:00
|
|
|
goto cleanup_sendevent;
|
2001-02-22 23:16:59 +00:00
|
|
|
}
|
2001-02-12 21:45:37 +00:00
|
|
|
|
2013-03-22 12:27:54 -07:00
|
|
|
client->recvevent = isc_socket_socketevent(client->mctx, client,
|
|
|
|
|
ISC_SOCKEVENT_RECVDONE,
|
2017-09-08 13:39:09 -07:00
|
|
|
ns__client_request, client);
|
2001-02-22 23:16:59 +00:00
|
|
|
if (client->recvevent == NULL) {
|
|
|
|
|
result = ISC_R_NOMEMORY;
|
2001-02-12 21:45:37 +00:00
|
|
|
goto cleanup_recvbuf;
|
2001-02-22 23:16:59 +00:00
|
|
|
}
|
2001-01-27 02:08:07 +00:00
|
|
|
|
1999-07-28 02:20:36 +00:00
|
|
|
client->magic = NS_CLIENT_MAGIC;
|
1999-12-22 16:59:05 +00:00
|
|
|
client->manager = NULL;
|
2000-02-10 22:16:56 +00:00
|
|
|
client->state = NS_CLIENTSTATE_INACTIVE;
|
|
|
|
|
client->newstate = NS_CLIENTSTATE_MAX;
|
1999-12-22 16:59:05 +00:00
|
|
|
client->naccepts = 0;
|
|
|
|
|
client->nreads = 0;
|
|
|
|
|
client->nsends = 0;
|
2001-01-27 02:08:07 +00:00
|
|
|
client->nrecvs = 0;
|
2004-07-23 02:57:27 +00:00
|
|
|
client->nupdates = 0;
|
2001-11-14 22:00:22 +00:00
|
|
|
client->nctls = 0;
|
2000-02-11 20:56:19 +00:00
|
|
|
client->references = 0;
|
1999-07-24 01:17:44 +00:00
|
|
|
client->attributes = 0;
|
1999-08-05 22:14:43 +00:00
|
|
|
client->view = NULL;
|
1999-07-24 01:17:44 +00:00
|
|
|
client->dispatch = NULL;
|
2001-01-27 02:08:07 +00:00
|
|
|
client->udpsocket = NULL;
|
1999-08-05 01:51:32 +00:00
|
|
|
client->tcplistener = NULL;
|
|
|
|
|
client->tcpsocket = NULL;
|
2018-04-17 08:29:14 -07:00
|
|
|
client->tcpmsg_valid = false;
|
2000-06-22 00:05:11 +00:00
|
|
|
client->tcpbuf = NULL;
|
1999-09-02 01:52:31 +00:00
|
|
|
client->opt = NULL;
|
1999-10-07 19:43:18 +00:00
|
|
|
client->udpsize = 512;
|
2013-03-22 12:27:54 -07:00
|
|
|
client->dscp = -1;
|
2000-11-13 21:34:03 +00:00
|
|
|
client->extflags = 0;
|
2005-06-07 00:16:01 +00:00
|
|
|
client->ednsversion = -1;
|
1999-08-03 01:21:00 +00:00
|
|
|
client->next = NULL;
|
2000-01-12 18:01:12 +00:00
|
|
|
client->shutdown = NULL;
|
|
|
|
|
client->shutdown_arg = NULL;
|
2011-05-05 23:44:52 +00:00
|
|
|
client->signer = NULL;
|
1999-12-10 18:14:49 +00:00
|
|
|
dns_name_init(&client->signername, NULL);
|
2018-04-17 08:29:14 -07:00
|
|
|
client->mortal = false;
|
2017-09-08 13:39:09 -07:00
|
|
|
client->sendcb = NULL;
|
2019-02-06 11:27:11 -08:00
|
|
|
client->tcpconn = NULL;
|
2000-01-15 00:36:26 +00:00
|
|
|
client->recursionquota = NULL;
|
2000-01-11 21:18:22 +00:00
|
|
|
client->interface = NULL;
|
2018-04-17 08:29:14 -07:00
|
|
|
client->peeraddr_valid = false;
|
2017-02-02 11:54:28 -08:00
|
|
|
dns_ecs_init(&client->ecs);
|
2018-08-07 01:05:55 -07:00
|
|
|
client->needshutdown = ((client->sctx->options &
|
|
|
|
|
NS_SERVER_CLIENTTEST) != 0);
|
2019-01-04 12:50:51 +01:00
|
|
|
client->tcpactive = false;
|
2012-08-22 19:19:30 +10:00
|
|
|
|
2000-07-26 17:39:12 +00:00
|
|
|
ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
|
2000-07-26 23:45:55 +00:00
|
|
|
NS_EVENT_CLIENTCONTROL, client_start, client, client,
|
2000-07-26 17:39:12 +00:00
|
|
|
NULL, NULL);
|
2001-03-19 20:52:21 +00:00
|
|
|
/*
|
|
|
|
|
* Initialize FORMERR cache to sentinel value that will not match
|
|
|
|
|
* any actual FORMERR response.
|
|
|
|
|
*/
|
|
|
|
|
isc_sockaddr_any(&client->formerrcache.addr);
|
|
|
|
|
client->formerrcache.time = 0;
|
|
|
|
|
client->formerrcache.id = 0;
|
1999-07-24 01:17:44 +00:00
|
|
|
ISC_LINK_INIT(client, link);
|
2011-10-10 22:57:14 +00:00
|
|
|
ISC_LINK_INIT(client, rlink);
|
|
|
|
|
ISC_QLINK_INIT(client, ilink);
|
2017-10-06 13:01:14 +11:00
|
|
|
client->keytag = NULL;
|
|
|
|
|
client->keytag_len = 0;
|
2019-04-22 17:19:23 -07:00
|
|
|
client->rcode_override = -1; /* not set */
|
1999-07-28 02:20:36 +00:00
|
|
|
|
1999-07-29 00:55:35 +00:00
|
|
|
/*
|
|
|
|
|
* We call the init routines for the various kinds of client here,
|
|
|
|
|
* after we have created an otherwise valid client, because some
|
|
|
|
|
* of them call routines that REQUIRE(NS_CLIENT_VALID(client)).
|
|
|
|
|
*/
|
|
|
|
|
result = ns_query_init(client);
|
1999-07-28 02:20:36 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
2001-02-12 21:45:37 +00:00
|
|
|
goto cleanup_recvevent;
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2001-10-30 00:48:25 +00:00
|
|
|
result = isc_task_onshutdown(client->task, client_shutdown, client);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
goto cleanup_query;
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
CTRACE("create");
|
|
|
|
|
|
|
|
|
|
*clientp = client;
|
|
|
|
|
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
2001-10-30 00:48:25 +00:00
|
|
|
cleanup_query:
|
|
|
|
|
ns_query_free(client);
|
|
|
|
|
|
2001-02-12 21:45:37 +00:00
|
|
|
cleanup_recvevent:
|
|
|
|
|
isc_event_free((isc_event_t **)&client->recvevent);
|
|
|
|
|
|
2001-01-27 02:08:07 +00:00
|
|
|
cleanup_recvbuf:
|
2005-06-04 05:32:50 +00:00
|
|
|
isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
|
2001-01-27 02:08:07 +00:00
|
|
|
|
2001-02-12 21:45:37 +00:00
|
|
|
cleanup_sendevent:
|
|
|
|
|
isc_event_free((isc_event_t **)&client->sendevent);
|
|
|
|
|
|
1999-07-29 00:55:35 +00:00
|
|
|
client->magic = 0;
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
cleanup_message:
|
|
|
|
|
dns_message_destroy(&client->message);
|
|
|
|
|
|
|
|
|
|
cleanup_timer:
|
|
|
|
|
isc_timer_detach(&client->timer);
|
|
|
|
|
|
|
|
|
|
cleanup_task:
|
|
|
|
|
isc_task_detach(&client->task);
|
|
|
|
|
|
|
|
|
|
cleanup_client:
|
2017-09-08 13:39:09 -07:00
|
|
|
if (client->sctx != NULL)
|
|
|
|
|
ns_server_detach(&client->sctx);
|
2005-06-04 05:32:50 +00:00
|
|
|
isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
|
1999-07-24 01:17:44 +00:00
|
|
|
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
1999-08-05 01:51:32 +00:00
|
|
|
static void
|
2018-04-17 08:29:14 -07:00
|
|
|
client_read(ns_client_t *client, bool newconn) {
|
1999-08-05 01:51:32 +00:00
|
|
|
isc_result_t result;
|
2000-08-01 01:33:37 +00:00
|
|
|
|
1999-08-05 01:51:32 +00:00
|
|
|
CTRACE("read");
|
|
|
|
|
|
|
|
|
|
result = dns_tcpmsg_readmessage(&client->tcpmsg, client->task,
|
2017-09-08 13:39:09 -07:00
|
|
|
ns__client_request, client);
|
1999-08-05 01:51:32 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
2000-02-10 22:16:56 +00:00
|
|
|
goto fail;
|
|
|
|
|
|
2000-02-14 23:56:47 +00:00
|
|
|
/*
|
|
|
|
|
* Set a timeout to limit the amount of time we will wait
|
|
|
|
|
* for a request on this TCP connection.
|
|
|
|
|
*/
|
2017-01-04 09:16:30 -08:00
|
|
|
read_settimeout(client, newconn);
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
client->state = client->newstate = NS_CLIENTSTATE_READING;
|
1999-12-22 16:59:05 +00:00
|
|
|
INSIST(client->nreads == 0);
|
2000-11-27 23:54:12 +00:00
|
|
|
INSIST(client->recursionquota == NULL);
|
1999-12-22 16:59:05 +00:00
|
|
|
client->nreads++;
|
2000-02-10 22:16:56 +00:00
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
fail:
|
2000-08-01 01:33:37 +00:00
|
|
|
ns_client_next(client, result);
|
1999-08-05 01:51:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
client_newconn(isc_task_t *task, isc_event_t *event) {
|
2019-02-06 11:27:11 -08:00
|
|
|
isc_result_t result;
|
2000-04-17 19:22:44 +00:00
|
|
|
ns_client_t *client = event->ev_arg;
|
1999-08-05 01:51:32 +00:00
|
|
|
isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
|
2017-09-08 13:39:09 -07:00
|
|
|
dns_aclenv_t *env = ns_interfacemgr_getaclenv(client->interface->mgr);
|
2019-02-06 11:27:11 -08:00
|
|
|
uint32_t old;
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-04-17 19:22:44 +00:00
|
|
|
REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
|
1999-08-05 01:51:32 +00:00
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
REQUIRE(client->task == task);
|
|
|
|
|
|
2000-04-28 01:24:18 +00:00
|
|
|
UNUSED(task);
|
|
|
|
|
|
2000-02-10 22:16:56 +00:00
|
|
|
INSIST(client->state == NS_CLIENTSTATE_READY);
|
2000-07-26 17:39:12 +00:00
|
|
|
|
2019-01-04 12:50:51 +01:00
|
|
|
/*
|
|
|
|
|
* The accept() was successful and we're now establishing a new
|
|
|
|
|
* connection. We need to make note of it in the client and
|
|
|
|
|
* interface objects so client objects can do the right thing
|
|
|
|
|
* when going inactive in exit_check() (see comments in
|
|
|
|
|
* client_accept() for details).
|
|
|
|
|
*/
|
1999-12-22 16:59:05 +00:00
|
|
|
INSIST(client->naccepts == 1);
|
|
|
|
|
client->naccepts--;
|
2000-01-11 21:18:22 +00:00
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
old = atomic_fetch_sub(&client->interface->ntcpaccepting, 1);
|
|
|
|
|
INSIST(old > 0);
|
2000-01-11 21:18:22 +00:00
|
|
|
|
2000-02-10 00:28:36 +00:00
|
|
|
/*
|
|
|
|
|
* We must take ownership of the new socket before the exit
|
2000-02-17 18:18:24 +00:00
|
|
|
* check to make sure it gets destroyed if we decide to exit.
|
2000-02-10 00:28:36 +00:00
|
|
|
*/
|
2000-02-17 18:18:24 +00:00
|
|
|
if (nevent->result == ISC_R_SUCCESS) {
|
|
|
|
|
client->tcpsocket = nevent->newsocket;
|
2007-02-13 02:49:08 +00:00
|
|
|
isc_socket_setname(client->tcpsocket, "client-tcp", NULL);
|
2000-02-17 18:18:24 +00:00
|
|
|
client->state = NS_CLIENTSTATE_READING;
|
2000-11-27 23:54:12 +00:00
|
|
|
INSIST(client->recursionquota == NULL);
|
2000-02-17 18:18:24 +00:00
|
|
|
|
2001-11-14 19:11:06 +00:00
|
|
|
(void)isc_socket_getpeername(client->tcpsocket,
|
|
|
|
|
&client->peeraddr);
|
2018-04-17 08:29:14 -07:00
|
|
|
client->peeraddr_valid = true;
|
2000-04-04 18:28:51 +00:00
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
|
|
|
|
|
"new TCP connection");
|
2000-02-17 18:18:24 +00:00
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* XXXRTH What should we do? We're trying to accept but
|
2007-03-29 06:36:31 +00:00
|
|
|
* it didn't work. If we just give up, then TCP
|
2000-02-17 18:18:24 +00:00
|
|
|
* service may eventually stop.
|
|
|
|
|
*
|
|
|
|
|
* For now, we just go idle.
|
|
|
|
|
*
|
|
|
|
|
* Going idle is probably the right thing if the
|
|
|
|
|
* I/O was canceled.
|
|
|
|
|
*/
|
2000-04-04 18:28:51 +00:00
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
2000-02-17 18:18:24 +00:00
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
|
2000-04-04 18:28:51 +00:00
|
|
|
"accept failed: %s",
|
2000-02-17 18:18:24 +00:00
|
|
|
isc_result_totext(nevent->result));
|
2019-02-06 11:27:11 -08:00
|
|
|
tcpconn_detach(client);
|
2000-02-17 18:18:24 +00:00
|
|
|
}
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-02-17 18:18:24 +00:00
|
|
|
if (exit_check(client))
|
|
|
|
|
goto freeevent;
|
|
|
|
|
|
|
|
|
|
if (nevent->result == ISC_R_SUCCESS) {
|
2000-11-03 02:45:55 +00:00
|
|
|
int match;
|
|
|
|
|
isc_netaddr_t netaddr;
|
|
|
|
|
|
2001-04-16 21:18:10 +00:00
|
|
|
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
if (client->sctx->blackholeacl != NULL &&
|
2018-04-26 20:57:41 -07:00
|
|
|
(dns_acl_match(&netaddr, NULL, client->sctx->blackholeacl,
|
|
|
|
|
env, &match, NULL) == ISC_R_SUCCESS) &&
|
2001-04-16 21:18:10 +00:00
|
|
|
match > 0)
|
|
|
|
|
{
|
|
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
|
|
|
|
|
"blackholed connection attempt");
|
2002-04-03 05:30:03 +00:00
|
|
|
client->newstate = NS_CLIENTSTATE_READY;
|
|
|
|
|
(void)exit_check(client);
|
2001-04-16 21:18:10 +00:00
|
|
|
goto freeevent;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
INSIST(client->tcpmsg_valid == false);
|
1999-08-05 01:51:32 +00:00
|
|
|
dns_tcpmsg_init(client->mctx, client->tcpsocket,
|
|
|
|
|
&client->tcpmsg);
|
2018-04-17 08:29:14 -07:00
|
|
|
client->tcpmsg_valid = true;
|
2000-01-07 19:20:25 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Let a new client take our place immediately, before
|
|
|
|
|
* we wait for a request packet. If we don't,
|
2000-11-03 02:45:55 +00:00
|
|
|
* telnetting to port 53 (once per CPU) will
|
2009-01-17 11:04:25 +00:00
|
|
|
* deny service to legitimate TCP clients.
|
2000-01-07 19:20:25 +00:00
|
|
|
*/
|
2019-01-04 12:50:51 +01:00
|
|
|
result = ns_client_replace(client);
|
|
|
|
|
if (result == ISC_R_SUCCESS &&
|
|
|
|
|
(client->sctx->keepresporder == NULL ||
|
|
|
|
|
!dns_acl_allowed(&netaddr, NULL,
|
|
|
|
|
client->sctx->keepresporder, env)))
|
2017-09-08 13:39:09 -07:00
|
|
|
{
|
2019-02-06 11:27:11 -08:00
|
|
|
client->tcpconn->pipelined = true;
|
2000-01-11 21:18:22 +00:00
|
|
|
}
|
2000-11-03 02:45:55 +00:00
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
client_read(client, true);
|
1999-08-05 01:51:32 +00:00
|
|
|
}
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-02-17 18:18:24 +00:00
|
|
|
freeevent:
|
1999-08-05 01:51:32 +00:00
|
|
|
isc_event_free(&event);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
client_accept(ns_client_t *client) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
|
|
|
|
|
CTRACE("accept");
|
|
|
|
|
|
2019-01-04 12:50:51 +01:00
|
|
|
/*
|
2019-02-06 11:27:11 -08:00
|
|
|
* Set up a new TCP connection. This means try to attach to the
|
|
|
|
|
* TCP client quota (tcp-clients), but fail if we're over quota.
|
2019-01-04 12:50:51 +01:00
|
|
|
*/
|
2019-02-06 11:27:11 -08:00
|
|
|
result = tcpconn_init(client, false);
|
2019-01-04 12:50:51 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2019-02-06 11:27:11 -08:00
|
|
|
bool exit;
|
2019-01-04 12:50:51 +01:00
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
|
|
|
|
|
"TCP client quota reached: %s",
|
|
|
|
|
isc_result_totext(result));
|
2019-01-04 12:50:51 +01:00
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
/*
|
|
|
|
|
* We have exceeded the system-wide TCP client quota. But,
|
|
|
|
|
* we can't just block this accept in all cases, because if
|
|
|
|
|
* we did, a heavy TCP load on other interfaces might cause
|
|
|
|
|
* this interface to be starved, with no clients able to
|
|
|
|
|
* accept new connections.
|
|
|
|
|
*
|
|
|
|
|
* So, we check here to see if any other clients are
|
|
|
|
|
* already servicing TCP queries on this interface (whether
|
2019-02-22 14:53:30 -08:00
|
|
|
* accepting, reading, or processing). If we find that at
|
|
|
|
|
* least one client other than this one is active, then
|
|
|
|
|
* it's okay *not* to call accept - we can let this
|
2019-02-06 11:27:11 -08:00
|
|
|
* client go inactive and another will take over when it's
|
|
|
|
|
* done.
|
|
|
|
|
*
|
|
|
|
|
* If there aren't enough active clients on the interface,
|
|
|
|
|
* then we can be a little bit flexible about the quota.
|
|
|
|
|
* We'll allow *one* extra client through to ensure we're
|
|
|
|
|
* listening on every interface; we do this by setting the
|
|
|
|
|
* 'force' option to tcpconn_init().
|
|
|
|
|
*
|
|
|
|
|
* (Note: In practice this means that the real TCP client
|
|
|
|
|
* quota is tcp-clients plus the number of listening
|
|
|
|
|
* interfaces plus 1.)
|
|
|
|
|
*/
|
2019-02-22 14:53:30 -08:00
|
|
|
exit = (atomic_load(&client->interface->ntcpactive) >
|
|
|
|
|
(client->tcpactive ? 1U : 0U));
|
2019-02-06 11:27:11 -08:00
|
|
|
if (exit) {
|
|
|
|
|
client->newstate = NS_CLIENTSTATE_INACTIVE;
|
|
|
|
|
(void)exit_check(client);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2019-02-06 11:26:36 -08:00
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
result = tcpconn_init(client, true);
|
|
|
|
|
RUNTIME_CHECK(result == ISC_R_SUCCESS);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2019-02-06 11:27:11 -08:00
|
|
|
* If this client was set up using get_client() or get_worker(),
|
|
|
|
|
* then TCP is already marked active. However, if it was restarted
|
|
|
|
|
* from exit_check(), it might not be, so we take care of it now.
|
2019-01-04 12:50:51 +01:00
|
|
|
*/
|
2019-02-06 11:27:11 -08:00
|
|
|
mark_tcp_active(client, true);
|
2019-01-04 12:50:51 +01:00
|
|
|
|
1999-08-05 01:51:32 +00:00
|
|
|
result = isc_socket_accept(client->tcplistener, client->task,
|
|
|
|
|
client_newconn, client);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
/*
|
|
|
|
|
* XXXRTH What should we do? We're trying to accept but
|
2007-03-29 06:36:31 +00:00
|
|
|
* it didn't work. If we just give up, then TCP
|
1999-08-05 01:51:32 +00:00
|
|
|
* service may eventually stop.
|
|
|
|
|
*
|
|
|
|
|
* For now, we just go idle.
|
|
|
|
|
*/
|
2019-01-04 12:50:51 +01:00
|
|
|
UNEXPECTED_ERROR(__FILE__, __LINE__,
|
|
|
|
|
"isc_socket_accept() failed: %s",
|
|
|
|
|
isc_result_totext(result));
|
2019-02-06 11:26:36 -08:00
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
tcpconn_detach(client);
|
|
|
|
|
mark_tcp_active(client, false);
|
1999-08-05 01:51:32 +00:00
|
|
|
return;
|
|
|
|
|
}
|
2019-01-04 12:50:51 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The client's 'naccepts' counter indicates that this client has
|
|
|
|
|
* called accept() and is waiting for a new connection. It should
|
|
|
|
|
* never exceed 1.
|
|
|
|
|
*/
|
1999-12-22 16:59:05 +00:00
|
|
|
INSIST(client->naccepts == 0);
|
|
|
|
|
client->naccepts++;
|
2019-01-04 12:50:51 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The interface's 'ntcpaccepting' counter is incremented when
|
|
|
|
|
* any client calls accept(), and decremented in client_newconn()
|
|
|
|
|
* once the connection is established.
|
|
|
|
|
*
|
|
|
|
|
* When the client object is shutting down after handling a TCP
|
2019-02-06 11:26:36 -08:00
|
|
|
* request (see exit_check()), if this value is at least one, that
|
|
|
|
|
* means another client has called accept() and is waiting to
|
|
|
|
|
* establish the next connection. That means the client may be
|
|
|
|
|
* be free to become inactive; otherwise it may need to start
|
|
|
|
|
* listening for connections itself to prevent the interface
|
|
|
|
|
* going dead.
|
2019-01-04 12:50:51 +01:00
|
|
|
*/
|
2019-02-06 11:27:11 -08:00
|
|
|
atomic_fetch_add(&client->interface->ntcpaccepting, 1);
|
1999-12-22 16:59:05 +00:00
|
|
|
}
|
|
|
|
|
|
2001-01-27 02:08:07 +00:00
|
|
|
static void
|
|
|
|
|
client_udprecv(ns_client_t *client) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
isc_region_t r;
|
|
|
|
|
|
|
|
|
|
CTRACE("udprecv");
|
|
|
|
|
|
|
|
|
|
r.base = client->recvbuf;
|
|
|
|
|
r.length = RECV_BUFFER_SIZE;
|
2001-02-12 21:45:37 +00:00
|
|
|
result = isc_socket_recv2(client->udpsocket, &r, 1,
|
|
|
|
|
client->task, client->recvevent, 0);
|
2001-01-27 02:08:07 +00:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
UNEXPECTED_ERROR(__FILE__, __LINE__,
|
2004-09-26 22:34:32 +00:00
|
|
|
"isc_socket_recv2() failed: %s",
|
2001-01-27 02:08:07 +00:00
|
|
|
isc_result_totext(result));
|
|
|
|
|
/*
|
2001-02-23 22:38:28 +00:00
|
|
|
* This cannot happen in the current implementation, since
|
2001-11-14 02:03:43 +00:00
|
|
|
* isc_socket_recv2() cannot fail if flags == 0.
|
2001-01-27 02:08:07 +00:00
|
|
|
*
|
2001-02-23 22:38:28 +00:00
|
|
|
* If this does fail, we just go idle.
|
2001-01-27 02:08:07 +00:00
|
|
|
*/
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
INSIST(client->nrecvs == 0);
|
|
|
|
|
client->nrecvs++;
|
|
|
|
|
}
|
|
|
|
|
|
1999-12-22 16:59:05 +00:00
|
|
|
void
|
2000-02-11 20:56:19 +00:00
|
|
|
ns_client_attach(ns_client_t *source, ns_client_t **targetp) {
|
|
|
|
|
REQUIRE(NS_CLIENT_VALID(source));
|
|
|
|
|
REQUIRE(targetp != NULL && *targetp == NULL);
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-02-11 20:56:19 +00:00
|
|
|
source->references++;
|
2000-09-13 01:30:34 +00:00
|
|
|
ns_client_log(source, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
|
|
|
|
|
"ns_client_attach: ref = %d", source->references);
|
2000-02-11 20:56:19 +00:00
|
|
|
*targetp = source;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ns_client_detach(ns_client_t **clientp) {
|
|
|
|
|
ns_client_t *client = *clientp;
|
2000-08-01 01:33:37 +00:00
|
|
|
|
2000-02-11 20:56:19 +00:00
|
|
|
client->references--;
|
|
|
|
|
INSIST(client->references >= 0);
|
|
|
|
|
*clientp = NULL;
|
2000-09-13 01:30:34 +00:00
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
|
|
|
|
|
"ns_client_detach: ref = %d", client->references);
|
2001-11-14 19:11:06 +00:00
|
|
|
(void)exit_check(client);
|
1999-12-22 16:59:05 +00:00
|
|
|
}
|
|
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
bool
|
2000-01-06 01:09:27 +00:00
|
|
|
ns_client_shuttingdown(ns_client_t *client) {
|
2018-04-17 08:29:14 -07:00
|
|
|
return (client->newstate == NS_CLIENTSTATE_FREED);
|
2000-01-06 01:09:27 +00:00
|
|
|
}
|
|
|
|
|
|
2000-01-11 21:18:22 +00:00
|
|
|
isc_result_t
|
2000-01-15 00:36:26 +00:00
|
|
|
ns_client_replace(ns_client_t *client) {
|
2000-01-07 19:20:25 +00:00
|
|
|
isc_result_t result;
|
2018-04-17 08:29:14 -07:00
|
|
|
bool tcp;
|
2000-05-02 01:16:21 +00:00
|
|
|
|
2000-01-07 19:20:25 +00:00
|
|
|
CTRACE("replace");
|
|
|
|
|
|
2012-10-06 14:20:45 +10:00
|
|
|
REQUIRE(client != NULL);
|
|
|
|
|
REQUIRE(client->manager != NULL);
|
|
|
|
|
|
2015-01-20 16:10:30 -08:00
|
|
|
tcp = TCP_CLIENT(client);
|
2019-02-06 11:27:11 -08:00
|
|
|
if (tcp && client->tcpconn != NULL && client->tcpconn->pipelined) {
|
2015-01-20 16:10:30 -08:00
|
|
|
result = get_worker(client->manager, client->interface,
|
2019-01-04 12:50:51 +01:00
|
|
|
client->tcpsocket, client);
|
2015-01-20 16:10:30 -08:00
|
|
|
} else {
|
|
|
|
|
result = get_client(client->manager, client->interface,
|
2019-02-06 11:27:11 -08:00
|
|
|
client->dispatch, tcp);
|
2019-02-06 11:26:36 -08:00
|
|
|
|
2015-01-20 16:10:30 -08:00
|
|
|
}
|
2019-01-04 12:50:51 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2000-01-07 19:20:25 +00:00
|
|
|
return (result);
|
2019-01-04 12:50:51 +01:00
|
|
|
}
|
2000-01-07 19:20:25 +00:00
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
/*
|
|
|
|
|
* The responsibility for listening for new requests is hereby
|
|
|
|
|
* transferred to the new client. Therefore, the old client
|
|
|
|
|
* should refrain from listening for any more requests.
|
|
|
|
|
*/
|
|
|
|
|
client->mortal = true;
|
|
|
|
|
|
2000-01-07 19:20:25 +00:00
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
/***
|
|
|
|
|
*** Client Manager
|
|
|
|
|
***/
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
clientmgr_destroy(ns_clientmgr_t *manager) {
|
2005-10-16 23:21:25 +00:00
|
|
|
#if NMCTXS > 0
|
|
|
|
|
int i;
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
REQUIRE(ISC_LIST_EMPTY(manager->clients));
|
1999-07-24 01:17:44 +00:00
|
|
|
|
|
|
|
|
MTRACE("clientmgr_destroy");
|
|
|
|
|
|
2005-10-16 23:21:25 +00:00
|
|
|
#if NMCTXS > 0
|
|
|
|
|
for (i = 0; i < NMCTXS; i++) {
|
|
|
|
|
if (manager->mctxpool[i] != NULL)
|
|
|
|
|
isc_mem_detach(&manager->mctxpool[i]);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
ISC_QUEUE_DESTROY(manager->inactive);
|
2017-09-08 13:39:09 -07:00
|
|
|
|
2018-11-19 10:31:09 +00:00
|
|
|
isc_mutex_destroy(&manager->lock);
|
|
|
|
|
isc_mutex_destroy(&manager->listlock);
|
|
|
|
|
isc_mutex_destroy(&manager->reclock);
|
2017-09-08 13:39:09 -07:00
|
|
|
|
|
|
|
|
if (manager->excl != NULL)
|
|
|
|
|
isc_task_detach(&manager->excl);
|
|
|
|
|
|
|
|
|
|
ns_server_detach(&manager->sctx);
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
manager->magic = 0;
|
2001-09-19 23:08:24 +00:00
|
|
|
isc_mem_put(manager->mctx, manager, sizeof(*manager));
|
1999-07-24 01:17:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_clientmgr_create(isc_mem_t *mctx, ns_server_t *sctx, isc_taskmgr_t *taskmgr,
|
1999-07-24 01:17:44 +00:00
|
|
|
isc_timermgr_t *timermgr, ns_clientmgr_t **managerp)
|
|
|
|
|
{
|
|
|
|
|
ns_clientmgr_t *manager;
|
|
|
|
|
isc_result_t result;
|
2005-10-16 23:21:25 +00:00
|
|
|
#if NMCTXS > 0
|
|
|
|
|
int i;
|
|
|
|
|
#endif
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2001-09-19 23:08:24 +00:00
|
|
|
manager = isc_mem_get(mctx, sizeof(*manager));
|
1999-07-24 01:17:44 +00:00
|
|
|
if (manager == NULL)
|
|
|
|
|
return (ISC_R_NOMEMORY);
|
|
|
|
|
|
2018-11-16 15:33:22 +01:00
|
|
|
isc_mutex_init(&manager->lock);
|
|
|
|
|
isc_mutex_init(&manager->listlock);
|
|
|
|
|
isc_mutex_init(&manager->reclock);
|
2011-10-10 22:57:14 +00:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
manager->excl = NULL;
|
|
|
|
|
result = isc_taskmgr_excltask(taskmgr, &manager->excl);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
goto cleanup_reclock;
|
|
|
|
|
}
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
manager->mctx = mctx;
|
|
|
|
|
manager->taskmgr = taskmgr;
|
|
|
|
|
manager->timermgr = timermgr;
|
2018-04-17 08:29:14 -07:00
|
|
|
manager->exiting = false;
|
2017-09-08 13:39:09 -07:00
|
|
|
|
|
|
|
|
manager->sctx = NULL;
|
|
|
|
|
ns_server_attach(sctx, &manager->sctx);
|
|
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
ISC_LIST_INIT(manager->clients);
|
2001-10-24 03:10:18 +00:00
|
|
|
ISC_LIST_INIT(manager->recursing);
|
2011-10-10 22:57:14 +00:00
|
|
|
ISC_QUEUE_INIT(manager->inactive, ilink);
|
2005-10-16 23:21:25 +00:00
|
|
|
#if NMCTXS > 0
|
|
|
|
|
manager->nextmctx = 0;
|
|
|
|
|
for (i = 0; i < NMCTXS; i++)
|
|
|
|
|
manager->mctxpool[i] = NULL; /* will be created on-demand */
|
|
|
|
|
#endif
|
1999-07-24 01:17:44 +00:00
|
|
|
manager->magic = MANAGER_MAGIC;
|
|
|
|
|
|
|
|
|
|
MTRACE("create");
|
|
|
|
|
|
|
|
|
|
*managerp = manager;
|
|
|
|
|
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
cleanup_reclock:
|
2018-11-19 10:31:09 +00:00
|
|
|
isc_mutex_destroy(&manager->reclock);
|
|
|
|
|
isc_mutex_destroy(&manager->listlock);
|
|
|
|
|
isc_mutex_destroy(&manager->lock);
|
2011-10-10 22:57:14 +00:00
|
|
|
|
2001-09-19 23:08:24 +00:00
|
|
|
isc_mem_put(manager->mctx, manager, sizeof(*manager));
|
1999-07-24 01:17:44 +00:00
|
|
|
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
|
2012-08-22 19:19:30 +10:00
|
|
|
isc_result_t result;
|
1999-07-24 01:17:44 +00:00
|
|
|
ns_clientmgr_t *manager;
|
|
|
|
|
ns_client_t *client;
|
2018-04-17 08:29:14 -07:00
|
|
|
bool need_destroy = false, unlock = false;
|
2000-08-01 01:33:37 +00:00
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
REQUIRE(managerp != NULL);
|
|
|
|
|
manager = *managerp;
|
|
|
|
|
REQUIRE(VALID_MANAGER(manager));
|
|
|
|
|
|
|
|
|
|
MTRACE("destroy");
|
|
|
|
|
|
2012-08-22 19:19:30 +10:00
|
|
|
/*
|
|
|
|
|
* Check for success because we may already be task-exclusive
|
|
|
|
|
* at this point. Only if we succeed at obtaining an exclusive
|
|
|
|
|
* lock now will we need to relinquish it later.
|
|
|
|
|
*/
|
2017-09-08 13:39:09 -07:00
|
|
|
result = isc_task_beginexclusive(manager->excl);
|
2012-08-22 19:19:30 +10:00
|
|
|
if (result == ISC_R_SUCCESS)
|
2018-04-17 08:29:14 -07:00
|
|
|
unlock = true;
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
manager->exiting = true;
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
for (client = ISC_LIST_HEAD(manager->clients);
|
2000-01-28 23:35:53 +00:00
|
|
|
client != NULL;
|
|
|
|
|
client = ISC_LIST_NEXT(client, link))
|
|
|
|
|
isc_task_shutdown(client->task);
|
|
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
if (ISC_LIST_EMPTY(manager->clients))
|
2018-04-17 08:29:14 -07:00
|
|
|
need_destroy = true;
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2012-08-22 19:19:30 +10:00
|
|
|
if (unlock)
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_task_endexclusive(manager->excl);
|
1999-07-24 01:17:44 +00:00
|
|
|
|
|
|
|
|
if (need_destroy)
|
|
|
|
|
clientmgr_destroy(manager);
|
|
|
|
|
|
|
|
|
|
*managerp = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2011-10-04 16:04:22 +00:00
|
|
|
static isc_result_t
|
|
|
|
|
get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
|
2019-02-06 11:27:11 -08:00
|
|
|
dns_dispatch_t *disp, bool tcp)
|
2011-10-04 16:04:22 +00:00
|
|
|
{
|
|
|
|
|
isc_result_t result = ISC_R_SUCCESS;
|
|
|
|
|
isc_event_t *ev;
|
|
|
|
|
ns_client_t *client;
|
|
|
|
|
MTRACE("get client");
|
|
|
|
|
|
2012-10-23 22:04:06 -07:00
|
|
|
REQUIRE(manager != NULL);
|
|
|
|
|
|
|
|
|
|
if (manager->exiting)
|
2012-08-22 19:19:30 +10:00
|
|
|
return (ISC_R_SHUTTINGDOWN);
|
|
|
|
|
|
2011-10-04 16:04:22 +00:00
|
|
|
/*
|
|
|
|
|
* Allocate a client. First try to get a recycled one;
|
|
|
|
|
* if that fails, make a new one.
|
|
|
|
|
*/
|
|
|
|
|
client = NULL;
|
2019-04-22 17:19:23 -07:00
|
|
|
if ((manager->sctx->options & NS_SERVER_CLIENTTEST) == 0) {
|
2011-10-10 22:57:14 +00:00
|
|
|
ISC_QUEUE_POP(manager->inactive, ilink, client);
|
2019-04-22 17:19:23 -07:00
|
|
|
}
|
2011-10-10 22:57:14 +00:00
|
|
|
|
2019-04-22 17:19:23 -07:00
|
|
|
if (client != NULL) {
|
2011-10-04 16:04:22 +00:00
|
|
|
MTRACE("recycle");
|
2019-04-22 17:19:23 -07:00
|
|
|
} else {
|
2011-10-04 16:04:22 +00:00
|
|
|
MTRACE("create new");
|
2011-10-10 22:57:14 +00:00
|
|
|
|
2011-10-25 16:21:21 +00:00
|
|
|
LOCK(&manager->lock);
|
2011-10-04 16:04:22 +00:00
|
|
|
result = client_create(manager, &client);
|
2011-10-25 16:21:21 +00:00
|
|
|
UNLOCK(&manager->lock);
|
2011-10-04 16:04:22 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
return (result);
|
2011-10-10 22:57:14 +00:00
|
|
|
|
|
|
|
|
LOCK(&manager->listlock);
|
|
|
|
|
ISC_LIST_APPEND(manager->clients, client, link);
|
|
|
|
|
UNLOCK(&manager->listlock);
|
2011-10-04 16:04:22 +00:00
|
|
|
}
|
|
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
client->manager = manager;
|
2011-10-04 16:04:22 +00:00
|
|
|
ns_interface_attach(ifp, &client->interface);
|
|
|
|
|
client->state = NS_CLIENTSTATE_READY;
|
2017-09-08 13:39:09 -07:00
|
|
|
client->sctx = manager->sctx;
|
2011-10-04 16:04:22 +00:00
|
|
|
INSIST(client->recursionquota == NULL);
|
|
|
|
|
|
2013-03-22 12:27:54 -07:00
|
|
|
client->dscp = ifp->dscp;
|
2019-04-22 17:19:23 -07:00
|
|
|
client->rcode_override = -1; /* not set */
|
2013-03-22 12:27:54 -07:00
|
|
|
|
2011-10-04 16:04:22 +00:00
|
|
|
if (tcp) {
|
2019-02-06 11:27:11 -08:00
|
|
|
mark_tcp_active(client, true);
|
2019-02-06 11:26:36 -08:00
|
|
|
|
2011-10-04 16:04:22 +00:00
|
|
|
client->attributes |= NS_CLIENTATTR_TCP;
|
|
|
|
|
isc_socket_attach(ifp->tcpsocket,
|
|
|
|
|
&client->tcplistener);
|
2019-01-04 12:50:51 +01:00
|
|
|
|
2011-10-04 16:04:22 +00:00
|
|
|
} else {
|
|
|
|
|
isc_socket_t *sock;
|
|
|
|
|
|
|
|
|
|
dns_dispatch_attach(disp, &client->dispatch);
|
|
|
|
|
sock = dns_dispatch_getsocket(client->dispatch);
|
|
|
|
|
isc_socket_attach(sock, &client->udpsocket);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
INSIST(client->nctls == 0);
|
|
|
|
|
client->nctls++;
|
|
|
|
|
ev = &client->ctlevent;
|
|
|
|
|
isc_task_send(client->task, &ev);
|
|
|
|
|
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-20 16:10:30 -08:00
|
|
|
static isc_result_t
|
2019-01-04 12:50:51 +01:00
|
|
|
get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
|
|
|
|
|
ns_client_t *oldclient)
|
|
|
|
|
{
|
2015-01-20 16:10:30 -08:00
|
|
|
isc_result_t result = ISC_R_SUCCESS;
|
|
|
|
|
isc_event_t *ev;
|
|
|
|
|
ns_client_t *client;
|
|
|
|
|
MTRACE("get worker");
|
|
|
|
|
|
|
|
|
|
REQUIRE(manager != NULL);
|
2019-01-04 12:50:51 +01:00
|
|
|
REQUIRE(oldclient != NULL);
|
2015-01-20 16:10:30 -08:00
|
|
|
|
|
|
|
|
if (manager->exiting)
|
|
|
|
|
return (ISC_R_SHUTTINGDOWN);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Allocate a client. First try to get a recycled one;
|
|
|
|
|
* if that fails, make a new one.
|
|
|
|
|
*/
|
|
|
|
|
client = NULL;
|
2017-09-20 12:12:02 -07:00
|
|
|
if ((manager->sctx->options & NS_SERVER_CLIENTTEST) == 0)
|
2015-01-20 16:10:30 -08:00
|
|
|
ISC_QUEUE_POP(manager->inactive, ilink, client);
|
|
|
|
|
|
|
|
|
|
if (client != NULL)
|
|
|
|
|
MTRACE("recycle");
|
|
|
|
|
else {
|
|
|
|
|
MTRACE("create new");
|
|
|
|
|
|
|
|
|
|
LOCK(&manager->lock);
|
|
|
|
|
result = client_create(manager, &client);
|
|
|
|
|
UNLOCK(&manager->lock);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
return (result);
|
|
|
|
|
|
|
|
|
|
LOCK(&manager->listlock);
|
|
|
|
|
ISC_LIST_APPEND(manager->clients, client, link);
|
|
|
|
|
UNLOCK(&manager->listlock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
client->manager = manager;
|
|
|
|
|
ns_interface_attach(ifp, &client->interface);
|
|
|
|
|
client->newstate = client->state = NS_CLIENTSTATE_WORKING;
|
|
|
|
|
INSIST(client->recursionquota == NULL);
|
2017-09-08 13:39:09 -07:00
|
|
|
client->sctx = manager->sctx;
|
2015-01-20 16:10:30 -08:00
|
|
|
|
|
|
|
|
client->dscp = ifp->dscp;
|
|
|
|
|
|
|
|
|
|
client->attributes |= NS_CLIENTATTR_TCP;
|
2018-04-17 08:29:14 -07:00
|
|
|
client->mortal = true;
|
2017-09-08 13:39:09 -07:00
|
|
|
client->sendcb = NULL;
|
2019-04-22 17:19:23 -07:00
|
|
|
client->rcode_override = -1; /* not set */
|
2015-01-20 16:10:30 -08:00
|
|
|
|
2019-02-06 11:27:11 -08:00
|
|
|
tcpconn_attach(oldclient, client);
|
|
|
|
|
mark_tcp_active(client, true);
|
2019-01-17 15:53:38 +01:00
|
|
|
|
2015-01-20 16:10:30 -08:00
|
|
|
isc_socket_attach(ifp->tcpsocket, &client->tcplistener);
|
2015-02-27 10:55:55 +11:00
|
|
|
isc_socket_attach(sock, &client->tcpsocket);
|
2015-01-20 16:10:30 -08:00
|
|
|
isc_socket_setname(client->tcpsocket, "worker-tcp", NULL);
|
|
|
|
|
(void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr);
|
2018-04-17 08:29:14 -07:00
|
|
|
client->peeraddr_valid = true;
|
2015-01-20 16:10:30 -08:00
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
INSIST(client->tcpmsg_valid == false);
|
2015-01-20 16:10:30 -08:00
|
|
|
dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg);
|
2018-04-17 08:29:14 -07:00
|
|
|
client->tcpmsg_valid = true;
|
2015-01-20 16:10:30 -08:00
|
|
|
|
|
|
|
|
INSIST(client->nctls == 0);
|
|
|
|
|
client->nctls++;
|
|
|
|
|
ev = &client->ctlevent;
|
|
|
|
|
isc_task_send(client->task, &ev);
|
|
|
|
|
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_result_t
|
|
|
|
|
ns__clientmgr_getclient(ns_clientmgr_t *manager, ns_interface_t *ifp,
|
2018-04-17 08:29:14 -07:00
|
|
|
bool tcp, ns_client_t **clientp)
|
2017-09-08 13:39:09 -07:00
|
|
|
{
|
|
|
|
|
isc_result_t result = ISC_R_SUCCESS;
|
|
|
|
|
ns_client_t *client;
|
|
|
|
|
MTRACE("getclient");
|
|
|
|
|
|
|
|
|
|
REQUIRE(VALID_MANAGER(manager));
|
|
|
|
|
REQUIRE(clientp != NULL && *clientp == NULL);
|
|
|
|
|
|
|
|
|
|
if (manager->exiting)
|
|
|
|
|
return (ISC_R_SHUTTINGDOWN);
|
|
|
|
|
|
|
|
|
|
client = NULL;
|
|
|
|
|
ISC_QUEUE_POP(manager->inactive, ilink, client);
|
|
|
|
|
if (client != NULL)
|
|
|
|
|
MTRACE("getclient (recycle)");
|
|
|
|
|
else {
|
|
|
|
|
MTRACE("getclient (create)");
|
|
|
|
|
|
|
|
|
|
LOCK(&manager->lock);
|
|
|
|
|
result = client_create(manager, &client);
|
|
|
|
|
UNLOCK(&manager->lock);
|
|
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
return (result);
|
|
|
|
|
|
|
|
|
|
LOCK(&manager->listlock);
|
|
|
|
|
ISC_LIST_APPEND(manager->clients, client, link);
|
|
|
|
|
UNLOCK(&manager->listlock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
client->manager = manager;
|
|
|
|
|
ns_interface_attach(ifp, &client->interface);
|
|
|
|
|
client->state = NS_CLIENTSTATE_READY;
|
|
|
|
|
INSIST(client->recursionquota == NULL);
|
|
|
|
|
|
|
|
|
|
client->dscp = ifp->dscp;
|
|
|
|
|
client->references++;
|
|
|
|
|
|
|
|
|
|
if (tcp) {
|
|
|
|
|
client->attributes |= NS_CLIENTATTR_TCP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*clientp = client;
|
|
|
|
|
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
1999-07-24 01:17:44 +00:00
|
|
|
isc_result_t
|
2000-01-17 23:48:15 +00:00
|
|
|
ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
|
2018-04-17 08:29:14 -07:00
|
|
|
ns_interface_t *ifp, bool tcp)
|
1999-07-24 01:17:44 +00:00
|
|
|
{
|
|
|
|
|
isc_result_t result = ISC_R_SUCCESS;
|
2011-07-28 04:04:37 +00:00
|
|
|
unsigned int disp;
|
1999-07-24 01:17:44 +00:00
|
|
|
|
|
|
|
|
REQUIRE(VALID_MANAGER(manager));
|
|
|
|
|
REQUIRE(n > 0);
|
|
|
|
|
|
2000-01-17 23:48:15 +00:00
|
|
|
MTRACE("createclients");
|
1999-07-24 01:17:44 +00:00
|
|
|
|
2011-07-28 04:04:37 +00:00
|
|
|
for (disp = 0; disp < n; disp++) {
|
2019-02-06 11:27:11 -08:00
|
|
|
result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp);
|
2011-10-04 16:04:22 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
|
|
|
|
break;
|
1999-08-05 01:51:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
1999-11-30 02:49:38 +00:00
|
|
|
isc_sockaddr_t *
|
|
|
|
|
ns_client_getsockaddr(ns_client_t *client) {
|
2000-02-17 18:18:24 +00:00
|
|
|
return (&client->peeraddr);
|
1999-11-30 02:49:38 +00:00
|
|
|
}
|
2000-02-22 21:24:24 +00:00
|
|
|
|
2018-01-13 00:31:30 +05:30
|
|
|
isc_sockaddr_t *
|
|
|
|
|
ns_client_getdestaddr(ns_client_t *client) {
|
|
|
|
|
return (&client->destsockaddr);
|
|
|
|
|
}
|
|
|
|
|
|
2000-02-22 21:24:24 +00:00
|
|
|
isc_result_t
|
2009-03-03 01:36:17 +00:00
|
|
|
ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr,
|
2018-04-17 08:29:14 -07:00
|
|
|
dns_acl_t *acl, bool default_allow)
|
2000-02-22 21:24:24 +00:00
|
|
|
{
|
|
|
|
|
isc_result_t result;
|
2017-09-08 13:39:09 -07:00
|
|
|
dns_aclenv_t *env = ns_interfacemgr_getaclenv(client->interface->mgr);
|
2009-03-03 01:36:17 +00:00
|
|
|
isc_netaddr_t tmpnetaddr;
|
2000-02-22 21:24:24 +00:00
|
|
|
int match;
|
|
|
|
|
|
|
|
|
|
if (acl == NULL) {
|
|
|
|
|
if (default_allow)
|
|
|
|
|
goto allow;
|
|
|
|
|
else
|
|
|
|
|
goto deny;
|
|
|
|
|
}
|
|
|
|
|
|
2009-03-03 01:36:17 +00:00
|
|
|
if (netaddr == NULL) {
|
|
|
|
|
isc_netaddr_fromsockaddr(&tmpnetaddr, &client->peeraddr);
|
|
|
|
|
netaddr = &tmpnetaddr;
|
|
|
|
|
}
|
2008-01-18 23:46:58 +00:00
|
|
|
|
2018-04-26 20:57:41 -07:00
|
|
|
result = dns_acl_match(netaddr, client->signer, acl,
|
2018-04-03 13:09:45 +02:00
|
|
|
env, &match, NULL);
|
2000-04-06 22:03:35 +00:00
|
|
|
if (result != ISC_R_SUCCESS)
|
2000-02-22 21:24:24 +00:00
|
|
|
goto deny; /* Internal error, already logged. */
|
2014-08-28 22:05:57 -07:00
|
|
|
|
2000-02-22 21:24:24 +00:00
|
|
|
if (match > 0)
|
|
|
|
|
goto allow;
|
|
|
|
|
goto deny; /* Negative match or no match. */
|
|
|
|
|
|
|
|
|
|
allow:
|
2000-04-06 22:03:35 +00:00
|
|
|
return (ISC_R_SUCCESS);
|
2000-02-22 21:24:24 +00:00
|
|
|
|
|
|
|
|
deny:
|
|
|
|
|
return (DNS_R_REFUSED);
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-15 23:28:29 +00:00
|
|
|
isc_result_t
|
2007-03-29 06:36:31 +00:00
|
|
|
ns_client_checkacl(ns_client_t *client, isc_sockaddr_t *sockaddr,
|
2001-06-15 23:28:29 +00:00
|
|
|
const char *opname, dns_acl_t *acl,
|
2018-04-17 08:29:14 -07:00
|
|
|
bool default_allow, int log_level)
|
2001-06-15 23:28:29 +00:00
|
|
|
{
|
2009-03-03 01:36:17 +00:00
|
|
|
isc_result_t result;
|
|
|
|
|
isc_netaddr_t netaddr;
|
2009-03-03 23:48:02 +00:00
|
|
|
|
2009-03-03 01:36:17 +00:00
|
|
|
if (sockaddr != NULL)
|
|
|
|
|
isc_netaddr_fromsockaddr(&netaddr, sockaddr);
|
|
|
|
|
|
|
|
|
|
result = ns_client_checkaclsilent(client, sockaddr ? &netaddr : NULL,
|
|
|
|
|
acl, default_allow);
|
2001-06-15 23:28:29 +00:00
|
|
|
|
2008-01-18 23:46:58 +00:00
|
|
|
if (result == ISC_R_SUCCESS)
|
2001-06-15 23:28:29 +00:00
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
|
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
|
|
|
|
|
"%s approved", opname);
|
|
|
|
|
else
|
|
|
|
|
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
|
|
|
|
NS_LOGMODULE_CLIENT,
|
|
|
|
|
log_level, "%s denied", opname);
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
2001-05-25 07:39:48 +00:00
|
|
|
static void
|
|
|
|
|
ns_client_name(ns_client_t *client, char *peerbuf, size_t len) {
|
|
|
|
|
if (client->peeraddr_valid)
|
2013-12-04 12:47:23 +11:00
|
|
|
isc_sockaddr_format(&client->peeraddr, peerbuf,
|
|
|
|
|
(unsigned int)len);
|
2001-05-25 07:39:48 +00:00
|
|
|
else
|
|
|
|
|
snprintf(peerbuf, len, "@%p", client);
|
|
|
|
|
}
|
|
|
|
|
|
2001-12-10 23:09:24 +00:00
|
|
|
void
|
2000-04-04 18:28:51 +00:00
|
|
|
ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
|
2007-03-29 06:36:31 +00:00
|
|
|
isc_logmodule_t *module, int level, const char *fmt, va_list ap)
|
2000-04-04 18:28:51 +00:00
|
|
|
{
|
2013-02-20 13:54:52 -08:00
|
|
|
char msgbuf[4096];
|
2011-11-03 21:14:22 +00:00
|
|
|
char signerbuf[DNS_NAME_FORMATSIZE], qnamebuf[DNS_NAME_FORMATSIZE];
|
2016-09-22 14:45:20 -07:00
|
|
|
char peerbuf[ISC_SOCKADDR_FORMATSIZE];
|
2011-05-05 20:04:24 +00:00
|
|
|
const char *viewname = "";
|
2011-11-03 21:14:22 +00:00
|
|
|
const char *sep1 = "", *sep2 = "", *sep3 = "", *sep4 = "";
|
|
|
|
|
const char *signer = "", *qname = "";
|
|
|
|
|
dns_name_t *q = NULL;
|
2000-04-04 18:28:51 +00:00
|
|
|
|
|
|
|
|
vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);
|
2011-05-05 20:04:24 +00:00
|
|
|
|
|
|
|
|
if (client->signer != NULL) {
|
|
|
|
|
dns_name_format(client->signer, signerbuf, sizeof(signerbuf));
|
|
|
|
|
sep1 = "/key ";
|
|
|
|
|
signer = signerbuf;
|
|
|
|
|
}
|
|
|
|
|
|
2011-11-03 21:14:22 +00:00
|
|
|
q = client->query.origqname != NULL
|
|
|
|
|
? client->query.origqname : client->query.qname;
|
|
|
|
|
if (q != NULL) {
|
|
|
|
|
dns_name_format(q, qnamebuf, sizeof(qnamebuf));
|
|
|
|
|
sep2 = " (";
|
|
|
|
|
sep3 = ")";
|
|
|
|
|
qname = qnamebuf;
|
|
|
|
|
}
|
|
|
|
|
|
2002-05-24 06:22:30 +00:00
|
|
|
if (client->view != NULL && strcmp(client->view->name, "_bind") != 0 &&
|
|
|
|
|
strcmp(client->view->name, "_default") != 0) {
|
2011-11-03 21:14:22 +00:00
|
|
|
sep4 = ": view ";
|
2011-05-05 20:04:24 +00:00
|
|
|
viewname = client->view->name;
|
2002-05-24 06:22:30 +00:00
|
|
|
}
|
2000-04-04 18:28:51 +00:00
|
|
|
|
2016-08-29 11:56:36 -07:00
|
|
|
if (client->peeraddr_valid) {
|
|
|
|
|
isc_sockaddr_format(&client->peeraddr,
|
|
|
|
|
peerbuf, sizeof(peerbuf));
|
|
|
|
|
} else {
|
2016-09-22 14:45:20 -07:00
|
|
|
snprintf(peerbuf, sizeof(peerbuf), "(no-peer)");
|
2016-08-29 11:56:36 -07:00
|
|
|
}
|
2016-09-22 14:45:20 -07:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(ns_lctx, category, module, level,
|
2016-09-22 14:45:20 -07:00
|
|
|
"client @%p %s%s%s%s%s%s%s%s: %s",
|
|
|
|
|
client, peerbuf, sep1, signer, sep2, qname, sep3,
|
|
|
|
|
sep4, viewname, msgbuf);
|
2000-04-04 18:28:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ns_client_log(ns_client_t *client, isc_logcategory_t *category,
|
|
|
|
|
isc_logmodule_t *module, int level, const char *fmt, ...)
|
|
|
|
|
{
|
2000-05-02 01:16:21 +00:00
|
|
|
va_list ap;
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
if (! isc_log_wouldlog(ns_lctx, level))
|
2000-07-13 00:21:27 +00:00
|
|
|
return;
|
|
|
|
|
|
2000-04-04 18:28:51 +00:00
|
|
|
va_start(ap, fmt);
|
|
|
|
|
ns_client_logv(client, category, module, level, fmt, ap);
|
|
|
|
|
va_end(ap);
|
|
|
|
|
}
|
|
|
|
|
|
2001-03-11 06:19:39 +00:00
|
|
|
void
|
2016-12-30 15:45:08 +11:00
|
|
|
ns_client_aclmsg(const char *msg, const dns_name_t *name, dns_rdatatype_t type,
|
2008-01-18 23:46:58 +00:00
|
|
|
dns_rdataclass_t rdclass, char *buf, size_t len)
|
2001-03-11 06:19:39 +00:00
|
|
|
{
|
2007-03-29 06:36:31 +00:00
|
|
|
char namebuf[DNS_NAME_FORMATSIZE];
|
|
|
|
|
char typebuf[DNS_RDATATYPE_FORMATSIZE];
|
|
|
|
|
char classbuf[DNS_RDATACLASS_FORMATSIZE];
|
|
|
|
|
|
|
|
|
|
dns_name_format(name, namebuf, sizeof(namebuf));
|
|
|
|
|
dns_rdatatype_format(type, typebuf, sizeof(typebuf));
|
|
|
|
|
dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
|
|
|
|
|
(void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
|
2003-01-21 06:11:46 +00:00
|
|
|
classbuf);
|
2001-03-11 06:19:39 +00:00
|
|
|
}
|
2001-05-25 07:39:48 +00:00
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
ns_client_dumpmessage(ns_client_t *client, const char *reason) {
|
|
|
|
|
isc_buffer_t buffer;
|
|
|
|
|
char *buf = NULL;
|
|
|
|
|
int len = 1024;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
if (!isc_log_wouldlog(ns_lctx, ISC_LOG_DEBUG(1)))
|
2014-05-27 12:16:04 +10:00
|
|
|
return;
|
|
|
|
|
|
2001-05-28 05:17:05 +00:00
|
|
|
/*
|
2001-06-15 22:35:42 +00:00
|
|
|
* Note that these are multiline debug messages. We want a newline
|
2001-05-28 05:17:05 +00:00
|
|
|
* to appear in the log after each message.
|
|
|
|
|
*/
|
2001-05-25 07:39:48 +00:00
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
buf = isc_mem_get(client->mctx, len);
|
|
|
|
|
if (buf == NULL)
|
|
|
|
|
break;
|
|
|
|
|
isc_buffer_init(&buffer, buf, len);
|
|
|
|
|
result = dns_message_totext(client->message,
|
|
|
|
|
&dns_master_style_debug,
|
|
|
|
|
0, &buffer);
|
|
|
|
|
if (result == ISC_R_NOSPACE) {
|
|
|
|
|
isc_mem_put(client->mctx, buf, len);
|
|
|
|
|
len += 1024;
|
|
|
|
|
} else if (result == ISC_R_SUCCESS)
|
2017-09-08 13:39:09 -07:00
|
|
|
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
|
2001-06-28 02:39:46 +00:00
|
|
|
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
|
2001-05-28 05:17:05 +00:00
|
|
|
"%s\n%.*s", reason,
|
|
|
|
|
(int)isc_buffer_usedlength(&buffer),
|
|
|
|
|
buf);
|
2001-05-25 07:39:48 +00:00
|
|
|
} while (result == ISC_R_NOSPACE);
|
|
|
|
|
|
|
|
|
|
if (buf != NULL)
|
|
|
|
|
isc_mem_put(client->mctx, buf, len);
|
|
|
|
|
}
|
2002-09-10 04:45:54 +00:00
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
|
|
|
|
|
ns_client_t *client;
|
|
|
|
|
char namebuf[DNS_NAME_FORMATSIZE];
|
2010-09-13 03:37:43 +00:00
|
|
|
char original[DNS_NAME_FORMATSIZE];
|
2002-09-10 04:45:54 +00:00
|
|
|
char peerbuf[ISC_SOCKADDR_FORMATSIZE];
|
2010-09-13 03:37:43 +00:00
|
|
|
char typebuf[DNS_RDATATYPE_FORMATSIZE];
|
|
|
|
|
char classbuf[DNS_RDATACLASS_FORMATSIZE];
|
2002-09-10 04:45:54 +00:00
|
|
|
const char *name;
|
|
|
|
|
const char *sep;
|
2010-09-13 03:37:43 +00:00
|
|
|
const char *origfor;
|
|
|
|
|
dns_rdataset_t *rdataset;
|
2002-09-10 04:45:54 +00:00
|
|
|
|
|
|
|
|
REQUIRE(VALID_MANAGER(manager));
|
2007-03-29 06:36:31 +00:00
|
|
|
|
2011-10-10 22:57:14 +00:00
|
|
|
LOCK(&manager->reclock);
|
2002-09-10 04:45:54 +00:00
|
|
|
client = ISC_LIST_HEAD(manager->recursing);
|
|
|
|
|
while (client != NULL) {
|
2011-11-09 22:05:09 +00:00
|
|
|
INSIST(client->state == NS_CLIENTSTATE_RECURSING);
|
|
|
|
|
|
2002-09-10 04:45:54 +00:00
|
|
|
ns_client_name(client, peerbuf, sizeof(peerbuf));
|
|
|
|
|
if (client->view != NULL &&
|
|
|
|
|
strcmp(client->view->name, "_bind") != 0 &&
|
|
|
|
|
strcmp(client->view->name, "_default") != 0) {
|
|
|
|
|
name = client->view->name;
|
|
|
|
|
sep = ": view ";
|
|
|
|
|
} else {
|
|
|
|
|
name = "";
|
|
|
|
|
sep = "";
|
|
|
|
|
}
|
2011-10-10 22:57:14 +00:00
|
|
|
|
|
|
|
|
LOCK(&client->query.fetchlock);
|
2011-11-09 22:05:09 +00:00
|
|
|
INSIST(client->query.qname != NULL);
|
2002-09-10 04:45:54 +00:00
|
|
|
dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
|
2010-09-13 03:37:43 +00:00
|
|
|
if (client->query.qname != client->query.origqname &&
|
|
|
|
|
client->query.origqname != NULL) {
|
|
|
|
|
origfor = " for ";
|
|
|
|
|
dns_name_format(client->query.origqname, original,
|
|
|
|
|
sizeof(original));
|
|
|
|
|
} else {
|
|
|
|
|
origfor = "";
|
|
|
|
|
original[0] = '\0';
|
|
|
|
|
}
|
|
|
|
|
rdataset = ISC_LIST_HEAD(client->query.qname->list);
|
|
|
|
|
if (rdataset == NULL && client->query.origqname != NULL)
|
|
|
|
|
rdataset = ISC_LIST_HEAD(client->query.origqname->list);
|
|
|
|
|
if (rdataset != NULL) {
|
|
|
|
|
dns_rdatatype_format(rdataset->type, typebuf,
|
|
|
|
|
sizeof(typebuf));
|
|
|
|
|
dns_rdataclass_format(rdataset->rdclass, classbuf,
|
|
|
|
|
sizeof(classbuf));
|
|
|
|
|
} else {
|
2017-09-13 00:14:37 -07:00
|
|
|
strlcpy(typebuf, "-", sizeof(typebuf));
|
|
|
|
|
strlcpy(classbuf, "-", sizeof(classbuf));
|
2010-09-13 03:37:43 +00:00
|
|
|
}
|
2011-10-10 22:57:14 +00:00
|
|
|
UNLOCK(&client->query.fetchlock);
|
2010-09-13 03:37:43 +00:00
|
|
|
fprintf(f, "; client %s%s%s: id %u '%s/%s/%s'%s%s "
|
2018-02-15 13:43:13 +11:00
|
|
|
"requesttime %u\n", peerbuf, sep, name,
|
2010-09-13 03:37:43 +00:00
|
|
|
client->message->id, namebuf, typebuf, classbuf,
|
2015-10-02 12:32:42 -07:00
|
|
|
origfor, original,
|
|
|
|
|
isc_time_seconds(&client->requesttime));
|
2011-11-09 22:05:09 +00:00
|
|
|
client = ISC_LIST_NEXT(client, rlink);
|
2002-09-10 04:45:54 +00:00
|
|
|
}
|
2011-10-10 22:57:14 +00:00
|
|
|
UNLOCK(&manager->reclock);
|
2002-09-10 04:45:54 +00:00
|
|
|
}
|
2006-06-04 23:59:33 +00:00
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) {
|
2011-10-10 22:57:14 +00:00
|
|
|
LOCK(&client->query.fetchlock);
|
2006-06-04 23:59:33 +00:00
|
|
|
if (client->query.restarts > 0) {
|
|
|
|
|
/*
|
|
|
|
|
* client->query.qname was dynamically allocated.
|
|
|
|
|
*/
|
|
|
|
|
dns_message_puttempname(client->message,
|
|
|
|
|
&client->query.qname);
|
|
|
|
|
}
|
|
|
|
|
client->query.qname = name;
|
2015-04-23 16:57:15 +10:00
|
|
|
client->query.attributes &= ~NS_QUERYATTR_REDIRECT;
|
2011-10-10 22:57:14 +00:00
|
|
|
UNLOCK(&client->query.fetchlock);
|
2006-06-04 23:59:33 +00:00
|
|
|
}
|
2011-10-11 00:09:03 +00:00
|
|
|
|
|
|
|
|
isc_result_t
|
|
|
|
|
ns_client_sourceip(dns_clientinfo_t *ci, isc_sockaddr_t **addrp) {
|
|
|
|
|
ns_client_t *client = (ns_client_t *) ci->data;
|
2011-10-11 23:46:45 +00:00
|
|
|
|
2011-10-11 00:09:03 +00:00
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
REQUIRE(addrp != NULL);
|
|
|
|
|
|
|
|
|
|
*addrp = &client->peeraddr;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
2018-08-10 15:54:14 -07:00
|
|
|
|
|
|
|
|
dns_rdataset_t *
|
|
|
|
|
ns_client_newrdataset(ns_client_t *client) {
|
|
|
|
|
dns_rdataset_t *rdataset;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
|
|
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
|
|
|
|
|
rdataset = NULL;
|
|
|
|
|
result = dns_message_gettemprdataset(client->message, &rdataset);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
return (NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (rdataset);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ns_client_putrdataset(ns_client_t *client, dns_rdataset_t **rdatasetp) {
|
|
|
|
|
dns_rdataset_t *rdataset;
|
|
|
|
|
|
|
|
|
|
REQUIRE(NS_CLIENT_VALID(client));
|
|
|
|
|
REQUIRE(rdatasetp != NULL);
|
|
|
|
|
|
|
|
|
|
rdataset = *rdatasetp;
|
|
|
|
|
|
|
|
|
|
if (rdataset != NULL) {
|
|
|
|
|
if (dns_rdataset_isassociated(rdataset)) {
|
|
|
|
|
dns_rdataset_disassociate(rdataset);
|
|
|
|
|
}
|
|
|
|
|
dns_message_puttemprdataset(client->message, rdatasetp);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
|
|
|
|
ns_client_newnamebuf(ns_client_t *client) {
|
|
|
|
|
isc_buffer_t *dbuf;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
|
|
|
|
|
CTRACE("ns_client_newnamebuf");
|
|
|
|
|
|
|
|
|
|
dbuf = NULL;
|
|
|
|
|
result = isc_buffer_allocate(client->mctx, &dbuf, 1024);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
CTRACE("ns_client_newnamebuf: "
|
|
|
|
|
"isc_buffer_allocate failed: done");
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
ISC_LIST_APPEND(client->query.namebufs, dbuf, link);
|
|
|
|
|
|
|
|
|
|
CTRACE("ns_client_newnamebuf: done");
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dns_name_t *
|
|
|
|
|
ns_client_newname(ns_client_t *client, isc_buffer_t *dbuf, isc_buffer_t *nbuf) {
|
|
|
|
|
dns_name_t *name;
|
|
|
|
|
isc_region_t r;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
|
|
|
|
|
REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) == 0);
|
|
|
|
|
|
|
|
|
|
CTRACE("ns_client_newname");
|
2018-09-14 12:32:36 -07:00
|
|
|
|
2018-08-10 15:54:14 -07:00
|
|
|
name = NULL;
|
|
|
|
|
result = dns_message_gettempname(client->message, &name);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
CTRACE("ns_client_newname: "
|
|
|
|
|
"dns_message_gettempname failed: done");
|
|
|
|
|
return (NULL);
|
|
|
|
|
}
|
|
|
|
|
isc_buffer_availableregion(dbuf, &r);
|
|
|
|
|
isc_buffer_init(nbuf, r.base, r.length);
|
|
|
|
|
dns_name_init(name, NULL);
|
|
|
|
|
dns_name_setbuffer(name, nbuf);
|
|
|
|
|
client->query.attributes |= NS_QUERYATTR_NAMEBUFUSED;
|
|
|
|
|
|
|
|
|
|
CTRACE("ns_client_newname: done");
|
|
|
|
|
return (name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_buffer_t *
|
|
|
|
|
ns_client_getnamebuf(ns_client_t *client) {
|
|
|
|
|
isc_buffer_t *dbuf;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
isc_region_t r;
|
|
|
|
|
|
|
|
|
|
CTRACE("ns_client_getnamebuf");
|
|
|
|
|
|
|
|
|
|
/*%
|
|
|
|
|
* Return a name buffer with space for a maximal name, allocating
|
|
|
|
|
* a new one if necessary.
|
|
|
|
|
*/
|
|
|
|
|
if (ISC_LIST_EMPTY(client->query.namebufs)) {
|
|
|
|
|
result = ns_client_newnamebuf(client);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
CTRACE("ns_client_getnamebuf: "
|
|
|
|
|
"ns_client_newnamebuf failed: done");
|
|
|
|
|
return (NULL);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dbuf = ISC_LIST_TAIL(client->query.namebufs);
|
|
|
|
|
INSIST(dbuf != NULL);
|
|
|
|
|
isc_buffer_availableregion(dbuf, &r);
|
|
|
|
|
if (r.length < DNS_NAME_MAXWIRE) {
|
|
|
|
|
result = ns_client_newnamebuf(client);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
CTRACE("ns_client_getnamebuf: "
|
|
|
|
|
"ns_client_newnamebuf failed: done");
|
|
|
|
|
return (NULL);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
dbuf = ISC_LIST_TAIL(client->query.namebufs);
|
|
|
|
|
isc_buffer_availableregion(dbuf, &r);
|
|
|
|
|
INSIST(r.length >= 255);
|
|
|
|
|
}
|
|
|
|
|
CTRACE("ns_client_getnamebuf: done");
|
|
|
|
|
return (dbuf);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ns_client_keepname(ns_client_t *client, dns_name_t *name, isc_buffer_t *dbuf) {
|
|
|
|
|
isc_region_t r;
|
|
|
|
|
|
|
|
|
|
CTRACE("ns_client_keepname");
|
|
|
|
|
|
|
|
|
|
/*%
|
|
|
|
|
* 'name' is using space in 'dbuf', but 'dbuf' has not yet been
|
|
|
|
|
* adjusted to take account of that. We do the adjustment.
|
|
|
|
|
*/
|
|
|
|
|
REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) != 0);
|
|
|
|
|
|
|
|
|
|
dns_name_toregion(name, &r);
|
|
|
|
|
isc_buffer_add(dbuf, r.length);
|
|
|
|
|
dns_name_setbuffer(name, NULL);
|
|
|
|
|
client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ns_client_releasename(ns_client_t *client, dns_name_t **namep) {
|
|
|
|
|
dns_name_t *name = *namep;
|
|
|
|
|
|
|
|
|
|
/*%
|
|
|
|
|
* 'name' is no longer needed. Return it to our pool of temporary
|
|
|
|
|
* names. If it is using a name buffer, relinquish its exclusive
|
|
|
|
|
* rights on the buffer.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
CTRACE("ns_client_releasename");
|
|
|
|
|
if (dns_name_hasbuffer(name)) {
|
|
|
|
|
INSIST((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
|
|
|
|
|
!= 0);
|
|
|
|
|
client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
|
|
|
|
|
}
|
|
|
|
|
dns_message_puttempname(client->message, namep);
|
|
|
|
|
CTRACE("ns_client_releasename: done");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
|
|
|
|
ns_client_newdbversion(ns_client_t *client, unsigned int n) {
|
|
|
|
|
unsigned int i;
|
|
|
|
|
ns_dbversion_t *dbversion;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < n; i++) {
|
|
|
|
|
dbversion = isc_mem_get(client->mctx, sizeof(*dbversion));
|
|
|
|
|
if (dbversion != NULL) {
|
|
|
|
|
dbversion->db = NULL;
|
|
|
|
|
dbversion->version = NULL;
|
|
|
|
|
ISC_LIST_INITANDAPPEND(client->query.freeversions,
|
|
|
|
|
dbversion, link);
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* We only return ISC_R_NOMEMORY if we couldn't
|
|
|
|
|
* allocate anything.
|
|
|
|
|
*/
|
|
|
|
|
if (i == 0) {
|
|
|
|
|
return (ISC_R_NOMEMORY);
|
|
|
|
|
} else {
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline ns_dbversion_t *
|
|
|
|
|
client_getdbversion(ns_client_t *client) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
ns_dbversion_t *dbversion;
|
|
|
|
|
|
|
|
|
|
if (ISC_LIST_EMPTY(client->query.freeversions)) {
|
|
|
|
|
result = ns_client_newdbversion(client, 1);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
return (NULL);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
dbversion = ISC_LIST_HEAD(client->query.freeversions);
|
|
|
|
|
INSIST(dbversion != NULL);
|
|
|
|
|
ISC_LIST_UNLINK(client->query.freeversions, dbversion, link);
|
|
|
|
|
|
|
|
|
|
return (dbversion);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ns_dbversion_t *
|
|
|
|
|
ns_client_findversion(ns_client_t *client, dns_db_t *db) {
|
|
|
|
|
ns_dbversion_t *dbversion;
|
|
|
|
|
|
|
|
|
|
for (dbversion = ISC_LIST_HEAD(client->query.activeversions);
|
|
|
|
|
dbversion != NULL;
|
|
|
|
|
dbversion = ISC_LIST_NEXT(dbversion, link))
|
|
|
|
|
{
|
|
|
|
|
if (dbversion->db == db) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (dbversion == NULL) {
|
|
|
|
|
/*
|
|
|
|
|
* This is a new zone for this query. Add it to
|
|
|
|
|
* the active list.
|
|
|
|
|
*/
|
|
|
|
|
dbversion = client_getdbversion(client);
|
|
|
|
|
if (dbversion == NULL) {
|
|
|
|
|
return (NULL);
|
|
|
|
|
}
|
|
|
|
|
dns_db_attach(db, &dbversion->db);
|
|
|
|
|
dns_db_currentversion(db, &dbversion->version);
|
|
|
|
|
dbversion->acl_checked = false;
|
|
|
|
|
dbversion->queryok = false;
|
|
|
|
|
ISC_LIST_APPEND(client->query.activeversions,
|
|
|
|
|
dbversion, link);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (dbversion);
|
|
|
|
|
}
|
