File: | src/sbin/unwind/frontend.c |
Warning: | line 1749, column 20 Use of memory after it is freed |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: frontend.c,v 1.69 2021/11/16 16:45:23 kn Exp $ */ | |||
2 | ||||
3 | /* | |||
4 | * Copyright (c) 2018 Florian Obser <florian@openbsd.org> | |||
5 | * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> | |||
6 | * Copyright (c) 2004 Esben Norby <norby@openbsd.org> | |||
7 | * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> | |||
8 | * | |||
9 | * Permission to use, copy, modify, and distribute this software for any | |||
10 | * purpose with or without fee is hereby granted, provided that the above | |||
11 | * copyright notice and this permission notice appear in all copies. | |||
12 | * | |||
13 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |||
14 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |||
15 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |||
16 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |||
17 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |||
18 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |||
19 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |||
20 | */ | |||
21 | ||||
22 | #include <sys/types.h> | |||
23 | #include <sys/queue.h> | |||
24 | #include <sys/socket.h> | |||
25 | #include <sys/syslog.h> | |||
26 | #include <sys/tree.h> | |||
27 | #include <sys/uio.h> | |||
28 | ||||
29 | #include <netinet/in.h> | |||
30 | #include <net/if.h> | |||
31 | #include <net/route.h> | |||
32 | ||||
33 | #include <errno(*__errno()).h> | |||
34 | #include <event.h> | |||
35 | #include <ifaddrs.h> | |||
36 | #include <imsg.h> | |||
37 | #include <netdb.h> | |||
38 | #include <pwd.h> | |||
39 | #include <signal.h> | |||
40 | #include <stdint.h> | |||
41 | #include <stdio.h> | |||
42 | #include <stdlib.h> | |||
43 | #include <string.h> | |||
44 | #include <time.h> | |||
45 | #include <unistd.h> | |||
46 | ||||
47 | #include "libunbound/config.h" | |||
48 | #include "libunbound/sldns/pkthdr.h" | |||
49 | #include "libunbound/sldns/sbuffer.h" | |||
50 | #include "libunbound/sldns/str2wire.h" | |||
51 | #include "libunbound/sldns/wire2str.h" | |||
52 | #include "libunbound/util/alloc.h" | |||
53 | #include "libunbound/util/net_help.h" | |||
54 | #include "libunbound/util/regional.h" | |||
55 | #include "libunbound/util/data/dname.h" | |||
56 | #include "libunbound/util/data/msgencode.h" | |||
57 | #include "libunbound/util/data/msgparse.h" | |||
58 | #include "libunbound/util/data/msgreply.h" | |||
59 | ||||
60 | #include "log.h" | |||
61 | #include "unwind.h" | |||
62 | #include "frontend.h" | |||
63 | #include "control.h" | |||
64 | #include "dns64_synth.h" | |||
65 | ||||
66 | #define ROUTE_SOCKET_BUF_SIZE16384 16384 | |||
67 | ||||
68 | /* | |||
69 | * size of a resource record with name a two octed pointer to qname | |||
70 | * 2 octets pointer to qname | |||
71 | * 2 octets TYPE | |||
72 | * 2 octets CLASS | |||
73 | * 4 octets TTL | |||
74 | * 2 octets RDLENGTH | |||
75 | */ | |||
76 | #define COMPRESSED_RR_SIZE12 12 | |||
77 | #define MINIMIZE_ANSWER1 1 | |||
78 | ||||
79 | #define FD_RESERVE5 5 | |||
80 | #define TCP_TIMEOUT15 15 | |||
81 | #define DEFAULT_TCP_SIZE512 512 | |||
82 | ||||
83 | struct udp_ev { | |||
84 | struct event ev; | |||
85 | uint8_t query[65536]; | |||
86 | struct msghdr rcvmhdr; | |||
87 | struct iovec rcviov[1]; | |||
88 | struct sockaddr_storage from; | |||
89 | } udp4ev, udp6ev; | |||
90 | ||||
91 | struct tcp_accept_ev { | |||
92 | struct event ev; | |||
93 | struct event pause; | |||
94 | } tcp4ev, tcp6ev; | |||
95 | ||||
96 | struct pending_query { | |||
97 | TAILQ_ENTRY(pending_query)struct { struct pending_query *tqe_next; struct pending_query **tqe_prev; } entry; | |||
98 | struct sockaddr_storage from; | |||
99 | struct sldns_buffer *qbuf; | |||
100 | struct sldns_buffer *abuf; | |||
101 | struct regional *region; | |||
102 | struct query_info qinfo; | |||
103 | struct msg_parse *qmsg; | |||
104 | struct edns_data edns; | |||
105 | struct event ev; /* for tcp */ | |||
106 | struct event resp_ev; /* for tcp */ | |||
107 | struct event tmo_ev; /* for tcp */ | |||
108 | uint64_t imsg_id; | |||
109 | int fd; | |||
110 | int tcp; | |||
111 | int dns64_synthesize; | |||
112 | }; | |||
113 | ||||
114 | TAILQ_HEAD(, pending_query)struct { struct pending_query *tqh_first; struct pending_query **tqh_last; } pending_queries; | |||
115 | ||||
116 | struct bl_node { | |||
117 | RB_ENTRY(bl_node)struct { struct bl_node *rbe_left; struct bl_node *rbe_right; struct bl_node *rbe_parent; int rbe_color; } entry; | |||
118 | char *domain; | |||
119 | }; | |||
120 | ||||
121 | __dead__attribute__((__noreturn__)) void frontend_shutdown(void); | |||
122 | void frontend_sig_handler(int, short, void *); | |||
123 | void frontend_startup(void); | |||
124 | void udp_receive(int, short, void *); | |||
125 | void handle_query(struct pending_query *); | |||
126 | void free_pending_query(struct pending_query *); | |||
127 | void tcp_accept(int, short, void *); | |||
128 | int accept_reserve(int, struct sockaddr *, socklen_t *); | |||
129 | void accept_paused(int, short, void *); | |||
130 | void tcp_request(int, short, void *); | |||
131 | void tcp_response(int, short, void *); | |||
132 | void tcp_timeout(int, short, void *); | |||
133 | int check_query(sldns_buffer*); | |||
134 | void noerror_answer(struct pending_query *); | |||
135 | void synthesize_dns64_answer(struct pending_query *); | |||
136 | void resend_dns64_query(struct pending_query *); | |||
137 | void chaos_answer(struct pending_query *); | |||
138 | void error_answer(struct pending_query *, int rcode); | |||
139 | void send_answer(struct pending_query *); | |||
140 | void route_receive(int, short, void *); | |||
141 | void handle_route_message(struct rt_msghdr *, | |||
142 | struct sockaddr **); | |||
143 | void get_rtaddrs(int, struct sockaddr *, | |||
144 | struct sockaddr **); | |||
145 | void rtmget_default(void); | |||
146 | struct pending_query *find_pending_query(uint64_t); | |||
147 | void parse_trust_anchor(struct trust_anchor_head *, int); | |||
148 | void send_trust_anchors(struct trust_anchor_head *); | |||
149 | void write_trust_anchors(struct trust_anchor_head *, int); | |||
150 | void parse_blocklist(int); | |||
151 | int bl_cmp(struct bl_node *, struct bl_node *); | |||
152 | void free_bl(void); | |||
153 | int pending_query_cnt(void); | |||
154 | void check_available_af(void); | |||
155 | ||||
156 | struct uw_conf *frontend_conf; | |||
157 | static struct imsgev *iev_main; | |||
158 | static struct imsgev *iev_resolver; | |||
159 | struct event ev_route; | |||
160 | int udp4sock = -1, udp6sock = -1; | |||
161 | int tcp4sock = -1, tcp6sock = -1; | |||
162 | int ta_fd = -1; | |||
163 | ||||
164 | static struct trust_anchor_head trust_anchors, new_trust_anchors; | |||
165 | ||||
166 | RB_HEAD(bl_tree, bl_node)struct bl_tree { struct bl_node *rbh_root; } bl_head = RB_INITIALIZER(&bl_head){ ((void*)0) }; | |||
167 | RB_PROTOTYPE(bl_tree, bl_node, entry, bl_cmp)void bl_tree_RB_INSERT_COLOR(struct bl_tree *, struct bl_node *); void bl_tree_RB_REMOVE_COLOR(struct bl_tree *, struct bl_node *, struct bl_node *); struct bl_node *bl_tree_RB_REMOVE(struct bl_tree *, struct bl_node *); struct bl_node *bl_tree_RB_INSERT (struct bl_tree *, struct bl_node *); struct bl_node *bl_tree_RB_FIND (struct bl_tree *, struct bl_node *); struct bl_node *bl_tree_RB_NFIND (struct bl_tree *, struct bl_node *); struct bl_node *bl_tree_RB_NEXT (struct bl_node *); struct bl_node *bl_tree_RB_PREV(struct bl_node *); struct bl_node *bl_tree_RB_MINMAX(struct bl_tree *, int) ; | |||
168 | RB_GENERATE(bl_tree, bl_node, entry, bl_cmp)void bl_tree_RB_INSERT_COLOR(struct bl_tree *head, struct bl_node *elm) { struct bl_node *parent, *gparent, *tmp; while ((parent = (elm)->entry.rbe_parent) && (parent)->entry. rbe_color == 1) { gparent = (parent)->entry.rbe_parent; if (parent == (gparent)->entry.rbe_left) { tmp = (gparent)-> entry.rbe_right; if (tmp && (tmp)->entry.rbe_color == 1) { (tmp)->entry.rbe_color = 0; do { (parent)->entry .rbe_color = 0; (gparent)->entry.rbe_color = 1; } while (0 ); elm = gparent; continue; } if ((parent)->entry.rbe_right == elm) { do { (tmp) = (parent)->entry.rbe_right; if (((parent )->entry.rbe_right = (tmp)->entry.rbe_left)) { ((tmp)-> entry.rbe_left)->entry.rbe_parent = (parent); } do {} while (0); if (((tmp)->entry.rbe_parent = (parent)->entry.rbe_parent )) { if ((parent) == ((parent)->entry.rbe_parent)->entry .rbe_left) ((parent)->entry.rbe_parent)->entry.rbe_left = (tmp); else ((parent)->entry.rbe_parent)->entry.rbe_right = (tmp); } else (head)->rbh_root = (tmp); (tmp)->entry .rbe_left = (parent); (parent)->entry.rbe_parent = (tmp); do {} while (0); if (((tmp)->entry.rbe_parent)) do {} while ( 0); } while (0); tmp = parent; parent = elm; elm = tmp; } do { (parent)->entry.rbe_color = 0; (gparent)->entry.rbe_color = 1; } while (0); do { (tmp) = (gparent)->entry.rbe_left; if (((gparent)->entry.rbe_left = (tmp)->entry.rbe_right )) { ((tmp)->entry.rbe_right)->entry.rbe_parent = (gparent ); } do {} while (0); if (((tmp)->entry.rbe_parent = (gparent )->entry.rbe_parent)) { if ((gparent) == ((gparent)->entry .rbe_parent)->entry.rbe_left) ((gparent)->entry.rbe_parent )->entry.rbe_left = (tmp); else ((gparent)->entry.rbe_parent )->entry.rbe_right = (tmp); } else (head)->rbh_root = ( tmp); (tmp)->entry.rbe_right = (gparent); (gparent)->entry .rbe_parent = (tmp); do {} while (0); if (((tmp)->entry.rbe_parent )) do {} while (0); } while (0); } else { tmp = (gparent)-> entry.rbe_left; if (tmp && (tmp)->entry.rbe_color == 1) { (tmp)->entry.rbe_color = 0; do { (parent)->entry. rbe_color = 0; (gparent)->entry.rbe_color = 1; } while (0) ; elm = gparent; continue; } if ((parent)->entry.rbe_left == elm) { do { (tmp) = (parent)->entry.rbe_left; if (((parent )->entry.rbe_left = (tmp)->entry.rbe_right)) { ((tmp)-> entry.rbe_right)->entry.rbe_parent = (parent); } do {} while (0); if (((tmp)->entry.rbe_parent = (parent)->entry.rbe_parent )) { if ((parent) == ((parent)->entry.rbe_parent)->entry .rbe_left) ((parent)->entry.rbe_parent)->entry.rbe_left = (tmp); else ((parent)->entry.rbe_parent)->entry.rbe_right = (tmp); } else (head)->rbh_root = (tmp); (tmp)->entry .rbe_right = (parent); (parent)->entry.rbe_parent = (tmp); do {} while (0); if (((tmp)->entry.rbe_parent)) do {} while (0); } while (0); tmp = parent; parent = elm; elm = tmp; } do { (parent)->entry.rbe_color = 0; (gparent)->entry.rbe_color = 1; } while (0); do { (tmp) = (gparent)->entry.rbe_right ; if (((gparent)->entry.rbe_right = (tmp)->entry.rbe_left )) { ((tmp)->entry.rbe_left)->entry.rbe_parent = (gparent ); } do {} while (0); if (((tmp)->entry.rbe_parent = (gparent )->entry.rbe_parent)) { if ((gparent) == ((gparent)->entry .rbe_parent)->entry.rbe_left) ((gparent)->entry.rbe_parent )->entry.rbe_left = (tmp); else ((gparent)->entry.rbe_parent )->entry.rbe_right = (tmp); } else (head)->rbh_root = ( tmp); (tmp)->entry.rbe_left = (gparent); (gparent)->entry .rbe_parent = (tmp); do {} while (0); if (((tmp)->entry.rbe_parent )) do {} while (0); } while (0); } } (head->rbh_root)-> entry.rbe_color = 0; } void bl_tree_RB_REMOVE_COLOR(struct bl_tree *head, struct bl_node *parent, struct bl_node *elm) { struct bl_node *tmp; while ((elm == ((void*)0) || (elm)->entry.rbe_color == 0) && elm != (head)->rbh_root) { if ((parent)-> entry.rbe_left == elm) { tmp = (parent)->entry.rbe_right; if ((tmp)->entry.rbe_color == 1) { do { (tmp)->entry.rbe_color = 0; (parent)->entry.rbe_color = 1; } while (0); do { (tmp ) = (parent)->entry.rbe_right; if (((parent)->entry.rbe_right = (tmp)->entry.rbe_left)) { ((tmp)->entry.rbe_left)-> entry.rbe_parent = (parent); } do {} while (0); if (((tmp)-> entry.rbe_parent = (parent)->entry.rbe_parent)) { if ((parent ) == ((parent)->entry.rbe_parent)->entry.rbe_left) ((parent )->entry.rbe_parent)->entry.rbe_left = (tmp); else ((parent )->entry.rbe_parent)->entry.rbe_right = (tmp); } else ( head)->rbh_root = (tmp); (tmp)->entry.rbe_left = (parent ); (parent)->entry.rbe_parent = (tmp); do {} while (0); if (((tmp)->entry.rbe_parent)) do {} while (0); } while (0); tmp = (parent)->entry.rbe_right; } if (((tmp)->entry.rbe_left == ((void*)0) || ((tmp)->entry.rbe_left)->entry.rbe_color == 0) && ((tmp)->entry.rbe_right == ((void*)0) || ((tmp)->entry.rbe_right)->entry.rbe_color == 0)) { (tmp )->entry.rbe_color = 1; elm = parent; parent = (elm)->entry .rbe_parent; } else { if ((tmp)->entry.rbe_right == ((void *)0) || ((tmp)->entry.rbe_right)->entry.rbe_color == 0) { struct bl_node *oleft; if ((oleft = (tmp)->entry.rbe_left )) (oleft)->entry.rbe_color = 0; (tmp)->entry.rbe_color = 1; do { (oleft) = (tmp)->entry.rbe_left; if (((tmp)-> entry.rbe_left = (oleft)->entry.rbe_right)) { ((oleft)-> entry.rbe_right)->entry.rbe_parent = (tmp); } do {} while ( 0); if (((oleft)->entry.rbe_parent = (tmp)->entry.rbe_parent )) { if ((tmp) == ((tmp)->entry.rbe_parent)->entry.rbe_left ) ((tmp)->entry.rbe_parent)->entry.rbe_left = (oleft); else ((tmp)->entry.rbe_parent)->entry.rbe_right = (oleft); } else (head)->rbh_root = (oleft); (oleft)->entry.rbe_right = (tmp); (tmp)->entry.rbe_parent = (oleft); do {} while ( 0); if (((oleft)->entry.rbe_parent)) do {} while (0); } while (0); tmp = (parent)->entry.rbe_right; } (tmp)->entry.rbe_color = (parent)->entry.rbe_color; (parent)->entry.rbe_color = 0; if ((tmp)->entry.rbe_right) ((tmp)->entry.rbe_right )->entry.rbe_color = 0; do { (tmp) = (parent)->entry.rbe_right ; if (((parent)->entry.rbe_right = (tmp)->entry.rbe_left )) { ((tmp)->entry.rbe_left)->entry.rbe_parent = (parent ); } do {} while (0); if (((tmp)->entry.rbe_parent = (parent )->entry.rbe_parent)) { if ((parent) == ((parent)->entry .rbe_parent)->entry.rbe_left) ((parent)->entry.rbe_parent )->entry.rbe_left = (tmp); else ((parent)->entry.rbe_parent )->entry.rbe_right = (tmp); } else (head)->rbh_root = ( tmp); (tmp)->entry.rbe_left = (parent); (parent)->entry .rbe_parent = (tmp); do {} while (0); if (((tmp)->entry.rbe_parent )) do {} while (0); } while (0); elm = (head)->rbh_root; break ; } } else { tmp = (parent)->entry.rbe_left; if ((tmp)-> entry.rbe_color == 1) { do { (tmp)->entry.rbe_color = 0; ( parent)->entry.rbe_color = 1; } while (0); do { (tmp) = (parent )->entry.rbe_left; if (((parent)->entry.rbe_left = (tmp )->entry.rbe_right)) { ((tmp)->entry.rbe_right)->entry .rbe_parent = (parent); } do {} while (0); if (((tmp)->entry .rbe_parent = (parent)->entry.rbe_parent)) { if ((parent) == ((parent)->entry.rbe_parent)->entry.rbe_left) ((parent )->entry.rbe_parent)->entry.rbe_left = (tmp); else ((parent )->entry.rbe_parent)->entry.rbe_right = (tmp); } else ( head)->rbh_root = (tmp); (tmp)->entry.rbe_right = (parent ); (parent)->entry.rbe_parent = (tmp); do {} while (0); if (((tmp)->entry.rbe_parent)) do {} while (0); } while (0); tmp = (parent)->entry.rbe_left; } if (((tmp)->entry.rbe_left == ((void*)0) || ((tmp)->entry.rbe_left)->entry.rbe_color == 0) && ((tmp)->entry.rbe_right == ((void*)0) || ((tmp)->entry.rbe_right)->entry.rbe_color == 0)) { (tmp )->entry.rbe_color = 1; elm = parent; parent = (elm)->entry .rbe_parent; } else { if ((tmp)->entry.rbe_left == ((void* )0) || ((tmp)->entry.rbe_left)->entry.rbe_color == 0) { struct bl_node *oright; if ((oright = (tmp)->entry.rbe_right )) (oright)->entry.rbe_color = 0; (tmp)->entry.rbe_color = 1; do { (oright) = (tmp)->entry.rbe_right; if (((tmp)-> entry.rbe_right = (oright)->entry.rbe_left)) { ((oright)-> entry.rbe_left)->entry.rbe_parent = (tmp); } do {} while ( 0); if (((oright)->entry.rbe_parent = (tmp)->entry.rbe_parent )) { if ((tmp) == ((tmp)->entry.rbe_parent)->entry.rbe_left ) ((tmp)->entry.rbe_parent)->entry.rbe_left = (oright); else ((tmp)->entry.rbe_parent)->entry.rbe_right = (oright ); } else (head)->rbh_root = (oright); (oright)->entry. rbe_left = (tmp); (tmp)->entry.rbe_parent = (oright); do { } while (0); if (((oright)->entry.rbe_parent)) do {} while (0); } while (0); tmp = (parent)->entry.rbe_left; } (tmp) ->entry.rbe_color = (parent)->entry.rbe_color; (parent) ->entry.rbe_color = 0; if ((tmp)->entry.rbe_left) ((tmp )->entry.rbe_left)->entry.rbe_color = 0; do { (tmp) = ( parent)->entry.rbe_left; if (((parent)->entry.rbe_left = (tmp)->entry.rbe_right)) { ((tmp)->entry.rbe_right)-> entry.rbe_parent = (parent); } do {} while (0); if (((tmp)-> entry.rbe_parent = (parent)->entry.rbe_parent)) { if ((parent ) == ((parent)->entry.rbe_parent)->entry.rbe_left) ((parent )->entry.rbe_parent)->entry.rbe_left = (tmp); else ((parent )->entry.rbe_parent)->entry.rbe_right = (tmp); } else ( head)->rbh_root = (tmp); (tmp)->entry.rbe_right = (parent ); (parent)->entry.rbe_parent = (tmp); do {} while (0); if (((tmp)->entry.rbe_parent)) do {} while (0); } while (0); elm = (head)->rbh_root; break; } } } if (elm) (elm)->entry .rbe_color = 0; } struct bl_node * bl_tree_RB_REMOVE(struct bl_tree *head, struct bl_node *elm) { struct bl_node *child, *parent , *old = elm; int color; if ((elm)->entry.rbe_left == ((void *)0)) child = (elm)->entry.rbe_right; else if ((elm)->entry .rbe_right == ((void*)0)) child = (elm)->entry.rbe_left; else { struct bl_node *left; elm = (elm)->entry.rbe_right; while ((left = (elm)->entry.rbe_left)) elm = left; child = (elm )->entry.rbe_right; parent = (elm)->entry.rbe_parent; color = (elm)->entry.rbe_color; if (child) (child)->entry.rbe_parent = parent; if (parent) { if ((parent)->entry.rbe_left == elm ) (parent)->entry.rbe_left = child; else (parent)->entry .rbe_right = child; do {} while (0); } else (head)->rbh_root = child; if ((elm)->entry.rbe_parent == old) parent = elm ; (elm)->entry = (old)->entry; if ((old)->entry.rbe_parent ) { if (((old)->entry.rbe_parent)->entry.rbe_left == old ) ((old)->entry.rbe_parent)->entry.rbe_left = elm; else ((old)->entry.rbe_parent)->entry.rbe_right = elm; do { } while (0); } else (head)->rbh_root = elm; ((old)->entry .rbe_left)->entry.rbe_parent = elm; if ((old)->entry.rbe_right ) ((old)->entry.rbe_right)->entry.rbe_parent = elm; if ( parent) { left = parent; do { do {} while (0); } while ((left = (left)->entry.rbe_parent)); } goto color; } parent = (elm )->entry.rbe_parent; color = (elm)->entry.rbe_color; if (child) (child)->entry.rbe_parent = parent; if (parent) { if ((parent)->entry.rbe_left == elm) (parent)->entry.rbe_left = child; else (parent)->entry.rbe_right = child; do {} while (0); } else (head)->rbh_root = child; color: if (color == 0) bl_tree_RB_REMOVE_COLOR(head, parent, child); return (old ); } struct bl_node * bl_tree_RB_INSERT(struct bl_tree *head, struct bl_node *elm) { struct bl_node *tmp; struct bl_node * parent = ((void*)0); int comp = 0; tmp = (head)->rbh_root; while (tmp) { parent = tmp; comp = (bl_cmp)(elm, parent); if (comp < 0) tmp = (tmp)->entry.rbe_left; else if (comp > 0) tmp = (tmp)->entry.rbe_right; else return (tmp); } do { (elm)->entry.rbe_parent = parent; (elm)->entry.rbe_left = (elm)->entry.rbe_right = ((void*)0); (elm)->entry.rbe_color = 1; } while (0); if (parent != ((void*)0)) { if (comp < 0 ) (parent)->entry.rbe_left = elm; else (parent)->entry. rbe_right = elm; do {} while (0); } else (head)->rbh_root = elm; bl_tree_RB_INSERT_COLOR(head, elm); return (((void*)0)) ; } struct bl_node * bl_tree_RB_FIND(struct bl_tree *head, struct bl_node *elm) { struct bl_node *tmp = (head)->rbh_root; int comp; while (tmp) { comp = bl_cmp(elm, tmp); if (comp < 0 ) tmp = (tmp)->entry.rbe_left; else if (comp > 0) tmp = (tmp)->entry.rbe_right; else return (tmp); } return (((void *)0)); } struct bl_node * bl_tree_RB_NFIND(struct bl_tree *head , struct bl_node *elm) { struct bl_node *tmp = (head)->rbh_root ; struct bl_node *res = ((void*)0); int comp; while (tmp) { comp = bl_cmp(elm, tmp); if (comp < 0) { res = tmp; tmp = (tmp )->entry.rbe_left; } else if (comp > 0) tmp = (tmp)-> entry.rbe_right; else return (tmp); } return (res); } struct bl_node * bl_tree_RB_NEXT(struct bl_node *elm) { if ((elm)->entry .rbe_right) { elm = (elm)->entry.rbe_right; while ((elm)-> entry.rbe_left) elm = (elm)->entry.rbe_left; } else { if ( (elm)->entry.rbe_parent && (elm == ((elm)->entry .rbe_parent)->entry.rbe_left)) elm = (elm)->entry.rbe_parent ; else { while ((elm)->entry.rbe_parent && (elm == ((elm)->entry.rbe_parent)->entry.rbe_right)) elm = (elm )->entry.rbe_parent; elm = (elm)->entry.rbe_parent; } } return (elm); } struct bl_node * bl_tree_RB_PREV(struct bl_node *elm) { if ((elm)->entry.rbe_left) { elm = (elm)->entry .rbe_left; while ((elm)->entry.rbe_right) elm = (elm)-> entry.rbe_right; } else { if ((elm)->entry.rbe_parent && (elm == ((elm)->entry.rbe_parent)->entry.rbe_right)) elm = (elm)->entry.rbe_parent; else { while ((elm)->entry. rbe_parent && (elm == ((elm)->entry.rbe_parent)-> entry.rbe_left)) elm = (elm)->entry.rbe_parent; elm = (elm )->entry.rbe_parent; } } return (elm); } struct bl_node * bl_tree_RB_MINMAX (struct bl_tree *head, int val) { struct bl_node *tmp = (head )->rbh_root; struct bl_node *parent = ((void*)0); while (tmp ) { parent = tmp; if (val < 0) tmp = (tmp)->entry.rbe_left ; else tmp = (tmp)->entry.rbe_right; } return (parent); } | |||
169 | ||||
170 | struct dns64_prefix *dns64_prefixes; | |||
171 | int dns64_prefix_count; | |||
172 | ||||
173 | void | |||
174 | frontend_sig_handler(int sig, short event, void *bula) | |||
175 | { | |||
176 | /* | |||
177 | * Normal signal handler rules don't apply because libevent | |||
178 | * decouples for us. | |||
179 | */ | |||
180 | ||||
181 | switch (sig) { | |||
182 | case SIGINT2: | |||
183 | case SIGTERM15: | |||
184 | frontend_shutdown(); | |||
185 | default: | |||
186 | fatalx("unexpected signal"); | |||
187 | } | |||
188 | } | |||
189 | ||||
190 | void | |||
191 | frontend(int debug, int verbose) | |||
192 | { | |||
193 | struct event ev_sigint, ev_sigterm; | |||
194 | struct passwd *pw; | |||
195 | ||||
196 | frontend_conf = config_new_empty(); | |||
197 | ||||
198 | log_init(debug, LOG_DAEMON)uw_log_init(debug, (3<<3)); | |||
199 | log_setverbose(verbose); | |||
200 | ||||
201 | if ((pw = getpwnam(UNWIND_USER"_unwind")) == NULL((void*)0)) | |||
202 | fatal("getpwnam"); | |||
203 | ||||
204 | if (chroot(pw->pw_dir) == -1) | |||
205 | fatal("chroot"); | |||
206 | if (chdir("/") == -1) | |||
207 | fatal("chdir(\"/\")"); | |||
208 | ||||
209 | setproctitle("%s", "frontend"); | |||
210 | log_procinit("frontend"); | |||
211 | ||||
212 | if (setgroups(1, &pw->pw_gid) || | |||
213 | setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || | |||
214 | setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) | |||
215 | fatal("can't drop privileges"); | |||
216 | ||||
217 | if (pledge("stdio dns unix recvfd", NULL((void*)0)) == -1) | |||
218 | fatal("pledge"); | |||
219 | ||||
220 | event_init(); | |||
221 | ||||
222 | /* Setup signal handler. */ | |||
223 | signal_set(&ev_sigint, SIGINT, frontend_sig_handler, NULL)event_set(&ev_sigint, 2, 0x08|0x10, frontend_sig_handler, ((void*)0)); | |||
224 | signal_set(&ev_sigterm, SIGTERM, frontend_sig_handler, NULL)event_set(&ev_sigterm, 15, 0x08|0x10, frontend_sig_handler , ((void*)0)); | |||
225 | signal_add(&ev_sigint, NULL)event_add(&ev_sigint, ((void*)0)); | |||
226 | signal_add(&ev_sigterm, NULL)event_add(&ev_sigterm, ((void*)0)); | |||
227 | signal(SIGPIPE13, SIG_IGN(void (*)(int))1); | |||
228 | signal(SIGHUP1, SIG_IGN(void (*)(int))1); | |||
229 | ||||
230 | /* Setup pipe and event handler to the parent process. */ | |||
231 | if (iev_main != NULL((void*)0)) | |||
232 | fatal("iev_main"); | |||
233 | if ((iev_main = malloc(sizeof(struct imsgev))) == NULL((void*)0)) | |||
234 | fatal(NULL((void*)0)); | |||
235 | imsg_init(&iev_main->ibuf, 3); | |||
236 | iev_main->handler = frontend_dispatch_main; | |||
237 | iev_main->events = EV_READ0x02; | |||
238 | event_set(&iev_main->ev, iev_main->ibuf.fd, iev_main->events, | |||
239 | iev_main->handler, iev_main); | |||
240 | event_add(&iev_main->ev, NULL((void*)0)); | |||
241 | ||||
242 | udp4ev.rcviov[0].iov_base = (caddr_t)udp4ev.query; | |||
243 | udp4ev.rcviov[0].iov_len = sizeof(udp4ev.query); | |||
244 | udp4ev.rcvmhdr.msg_name = (caddr_t)&udp4ev.from; | |||
245 | udp4ev.rcvmhdr.msg_namelen = sizeof(udp4ev.from); | |||
246 | udp4ev.rcvmhdr.msg_iov = udp4ev.rcviov; | |||
247 | udp4ev.rcvmhdr.msg_iovlen = 1; | |||
248 | ||||
249 | udp6ev.rcviov[0].iov_base = (caddr_t)udp6ev.query; | |||
250 | udp6ev.rcviov[0].iov_len = sizeof(udp6ev.query); | |||
251 | udp6ev.rcvmhdr.msg_name = (caddr_t)&udp6ev.from; | |||
252 | udp6ev.rcvmhdr.msg_namelen = sizeof(udp6ev.from); | |||
253 | udp6ev.rcvmhdr.msg_iov = udp6ev.rcviov; | |||
254 | udp6ev.rcvmhdr.msg_iovlen = 1; | |||
255 | ||||
256 | TAILQ_INIT(&pending_queries)do { (&pending_queries)->tqh_first = ((void*)0); (& pending_queries)->tqh_last = &(&pending_queries)-> tqh_first; } while (0); | |||
257 | ||||
258 | TAILQ_INIT(&trust_anchors)do { (&trust_anchors)->tqh_first = ((void*)0); (&trust_anchors )->tqh_last = &(&trust_anchors)->tqh_first; } while (0); | |||
259 | TAILQ_INIT(&new_trust_anchors)do { (&new_trust_anchors)->tqh_first = ((void*)0); (& new_trust_anchors)->tqh_last = &(&new_trust_anchors )->tqh_first; } while (0); | |||
260 | ||||
261 | add_new_ta(&trust_anchors, KSK2017". 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU="); | |||
262 | ||||
263 | event_dispatch(); | |||
264 | ||||
265 | frontend_shutdown(); | |||
266 | } | |||
267 | ||||
268 | __dead__attribute__((__noreturn__)) void | |||
269 | frontend_shutdown(void) | |||
270 | { | |||
271 | /* Close pipes. */ | |||
272 | msgbuf_write(&iev_resolver->ibuf.w); | |||
273 | msgbuf_clear(&iev_resolver->ibuf.w); | |||
274 | close(iev_resolver->ibuf.fd); | |||
275 | msgbuf_write(&iev_main->ibuf.w); | |||
276 | msgbuf_clear(&iev_main->ibuf.w); | |||
277 | close(iev_main->ibuf.fd); | |||
278 | ||||
279 | config_clear(frontend_conf); | |||
280 | ||||
281 | free(iev_resolver); | |||
282 | free(iev_main); | |||
283 | ||||
284 | log_info("frontend exiting")uw_log_info("frontend exiting"); | |||
285 | exit(0); | |||
286 | } | |||
287 | ||||
288 | int | |||
289 | frontend_imsg_compose_main(int type, pid_t pid, void *data, uint16_t datalen) | |||
290 | { | |||
291 | return (imsg_compose_event(iev_main, type, 0, pid, -1, data, datalen)); | |||
292 | } | |||
293 | ||||
294 | int | |||
295 | frontend_imsg_compose_resolver(int type, pid_t pid, void *data, | |||
296 | uint16_t datalen) | |||
297 | { | |||
298 | return (imsg_compose_event(iev_resolver, type, 0, pid, -1, data, | |||
299 | datalen)); | |||
300 | } | |||
301 | ||||
302 | void | |||
303 | frontend_dispatch_main(int fd, short event, void *bula) | |||
304 | { | |||
305 | static struct uw_conf *nconf; | |||
306 | struct imsg imsg; | |||
307 | struct imsgev *iev = bula; | |||
308 | struct imsgbuf *ibuf = &iev->ibuf; | |||
309 | int n, shut = 0; | |||
310 | ||||
311 | if (event & EV_READ0x02) { | |||
312 | if ((n = imsg_read(ibuf)) == -1 && errno(*__errno()) != EAGAIN35) | |||
313 | fatal("imsg_read error"); | |||
314 | if (n == 0) /* Connection closed. */ | |||
315 | shut = 1; | |||
316 | } | |||
317 | if (event & EV_WRITE0x04) { | |||
318 | if ((n = msgbuf_write(&ibuf->w)) == -1 && errno(*__errno()) != EAGAIN35) | |||
319 | fatal("msgbuf_write"); | |||
320 | if (n == 0) /* Connection closed. */ | |||
321 | shut = 1; | |||
322 | } | |||
323 | ||||
324 | for (;;) { | |||
325 | if ((n = imsg_get(ibuf, &imsg)) == -1) | |||
326 | fatal("%s: imsg_get error", __func__); | |||
327 | if (n == 0) /* No more messages. */ | |||
328 | break; | |||
329 | ||||
330 | switch (imsg.hdr.type) { | |||
331 | case IMSG_SOCKET_IPC_RESOLVER: | |||
332 | /* | |||
333 | * Setup pipe and event handler to the resolver | |||
334 | * process. | |||
335 | */ | |||
336 | if (iev_resolver) { | |||
337 | fatalx("%s: received unexpected imsg fd " | |||
338 | "to frontend", __func__); | |||
339 | break; | |||
340 | } | |||
341 | if ((fd = imsg.fd) == -1) { | |||
342 | fatalx("%s: expected to receive imsg fd to " | |||
343 | "frontend but didn't receive any", | |||
344 | __func__); | |||
345 | break; | |||
346 | } | |||
347 | ||||
348 | if (iev_resolver != NULL((void*)0)) | |||
349 | fatal("iev_resolver"); | |||
350 | iev_resolver = malloc(sizeof(struct imsgev)); | |||
351 | if (iev_resolver == NULL((void*)0)) | |||
352 | fatal(NULL((void*)0)); | |||
353 | ||||
354 | imsg_init(&iev_resolver->ibuf, fd); | |||
355 | iev_resolver->handler = frontend_dispatch_resolver; | |||
356 | iev_resolver->events = EV_READ0x02; | |||
357 | ||||
358 | event_set(&iev_resolver->ev, iev_resolver->ibuf.fd, | |||
359 | iev_resolver->events, iev_resolver->handler, | |||
360 | iev_resolver); | |||
361 | event_add(&iev_resolver->ev, NULL((void*)0)); | |||
362 | break; | |||
363 | case IMSG_RECONF_CONF: | |||
364 | case IMSG_RECONF_BLOCKLIST_FILE: | |||
365 | case IMSG_RECONF_FORWARDER: | |||
366 | case IMSG_RECONF_DOT_FORWARDER: | |||
367 | case IMSG_RECONF_FORCE: | |||
368 | imsg_receive_config(&imsg, &nconf); | |||
369 | break; | |||
370 | case IMSG_RECONF_END: | |||
371 | if (nconf == NULL((void*)0)) | |||
372 | fatalx("%s: IMSG_RECONF_END without " | |||
373 | "IMSG_RECONF_CONF", __func__); | |||
374 | merge_config(frontend_conf, nconf); | |||
375 | if (frontend_conf->blocklist_file == NULL((void*)0)) | |||
376 | free_bl(); | |||
377 | nconf = NULL((void*)0); | |||
378 | break; | |||
379 | case IMSG_UDP6SOCK: | |||
380 | if (udp6sock != -1) | |||
381 | fatalx("%s: received unexpected udp6sock", | |||
382 | __func__); | |||
383 | if ((udp6sock = imsg.fd) == -1) | |||
384 | fatalx("%s: expected to receive imsg " | |||
385 | "UDP6 fd but didn't receive any", __func__); | |||
386 | event_set(&udp6ev.ev, udp6sock, EV_READ0x02 | EV_PERSIST0x10, | |||
387 | udp_receive, &udp6ev); | |||
388 | event_add(&udp6ev.ev, NULL((void*)0)); | |||
389 | break; | |||
390 | case IMSG_UDP4SOCK: | |||
391 | if (udp4sock != -1) | |||
392 | fatalx("%s: received unexpected udp4sock", | |||
393 | __func__); | |||
394 | if ((udp4sock = imsg.fd) == -1) | |||
395 | fatalx("%s: expected to receive imsg " | |||
396 | "UDP4 fd but didn't receive any", __func__); | |||
397 | event_set(&udp4ev.ev, udp4sock, EV_READ0x02 | EV_PERSIST0x10, | |||
398 | udp_receive, &udp4ev); | |||
399 | event_add(&udp4ev.ev, NULL((void*)0)); | |||
400 | break; | |||
401 | case IMSG_TCP4SOCK: | |||
402 | if (tcp4sock != -1) | |||
403 | fatalx("%s: received unexpected tcp4sock", | |||
404 | __func__); | |||
405 | if ((tcp4sock = imsg.fd) == -1) | |||
406 | fatalx("%s: expected to receive imsg " | |||
407 | "TCP4 fd but didn't receive any", __func__); | |||
408 | event_set(&tcp4ev.ev, tcp4sock, EV_READ0x02 | EV_PERSIST0x10, | |||
409 | tcp_accept, &tcp4ev); | |||
410 | event_add(&tcp4ev.ev, NULL((void*)0)); | |||
411 | evtimer_set(&tcp4ev.pause, accept_paused, &tcp4ev)event_set(&tcp4ev.pause, -1, 0, accept_paused, &tcp4ev ); | |||
412 | break; | |||
413 | case IMSG_TCP6SOCK: | |||
414 | if (tcp6sock != -1) | |||
415 | fatalx("%s: received unexpected tcp6sock", | |||
416 | __func__); | |||
417 | if ((tcp6sock = imsg.fd) == -1) | |||
418 | fatalx("%s: expected to receive imsg " | |||
419 | "TCP6 fd but didn't receive any", __func__); | |||
420 | event_set(&tcp6ev.ev, tcp6sock, EV_READ0x02 | EV_PERSIST0x10, | |||
421 | tcp_accept, &tcp6ev); | |||
422 | event_add(&tcp6ev.ev, NULL((void*)0)); | |||
423 | evtimer_set(&tcp6ev.pause, accept_paused, &tcp6ev)event_set(&tcp6ev.pause, -1, 0, accept_paused, &tcp6ev ); | |||
424 | break; | |||
425 | case IMSG_ROUTESOCK: { | |||
426 | static int routesock = -1; | |||
427 | ||||
428 | if (routesock != -1) | |||
429 | fatalx("%s: received unexpected routesock", | |||
430 | __func__); | |||
431 | if ((fd = imsg.fd) == -1) | |||
432 | fatalx("%s: expected to receive imsg " | |||
433 | "routesocket fd but didn't receive any", | |||
434 | __func__); | |||
435 | routesock = fd; | |||
436 | event_set(&ev_route, fd, EV_READ0x02 | EV_PERSIST0x10, | |||
437 | route_receive, NULL((void*)0)); | |||
438 | break; | |||
439 | } | |||
440 | case IMSG_STARTUP: | |||
441 | frontend_startup(); | |||
442 | break; | |||
443 | case IMSG_CONTROLFD: | |||
444 | if ((fd = imsg.fd) == -1) | |||
445 | fatalx("%s: expected to receive imsg control " | |||
446 | "fd but didn't receive any", __func__); | |||
447 | /* Listen on control socket. */ | |||
448 | control_listen(fd); | |||
449 | break; | |||
450 | case IMSG_TAFD: | |||
451 | if ((ta_fd = imsg.fd) != -1) | |||
452 | parse_trust_anchor(&trust_anchors, ta_fd); | |||
453 | if (!TAILQ_EMPTY(&trust_anchors)(((&trust_anchors)->tqh_first) == ((void*)0))) | |||
454 | send_trust_anchors(&trust_anchors); | |||
455 | break; | |||
456 | case IMSG_BLFD: | |||
457 | if ((fd = imsg.fd) == -1) | |||
458 | fatalx("%s: expected to receive imsg block " | |||
459 | "list fd but didn't receive any", __func__); | |||
460 | parse_blocklist(fd); | |||
461 | break; | |||
462 | default: | |||
463 | log_debug("%s: error handling imsg %d", __func__, | |||
464 | imsg.hdr.type); | |||
465 | break; | |||
466 | } | |||
467 | imsg_free(&imsg); | |||
468 | } | |||
469 | if (!shut) | |||
470 | imsg_event_add(iev); | |||
471 | else { | |||
472 | /* This pipe is dead. Remove its event handler. */ | |||
473 | event_del(&iev->ev); | |||
474 | event_loopexit(NULL((void*)0)); | |||
475 | } | |||
476 | } | |||
477 | ||||
478 | void | |||
479 | frontend_dispatch_resolver(int fd, short event, void *bula) | |||
480 | { | |||
481 | static struct dns64_prefix *new_dns64_prefixes = NULL((void*)0); | |||
482 | static int new_dns64_prefix_count = 0; | |||
483 | static int new_dns64_prefix_pos = 0; | |||
484 | struct pending_query *pq; | |||
485 | struct imsgev *iev = bula; | |||
486 | struct imsgbuf *ibuf = &iev->ibuf; | |||
487 | struct imsg imsg; | |||
488 | int n, shut = 0, chg; | |||
489 | ||||
490 | if (event & EV_READ0x02) { | |||
491 | if ((n = imsg_read(ibuf)) == -1 && errno(*__errno()) != EAGAIN35) | |||
492 | fatal("imsg_read error"); | |||
493 | if (n == 0) /* Connection closed. */ | |||
494 | shut = 1; | |||
495 | } | |||
496 | if (event & EV_WRITE0x04) { | |||
497 | if ((n = msgbuf_write(&ibuf->w)) == -1 && errno(*__errno()) != EAGAIN35) | |||
498 | fatal("msgbuf_write"); | |||
499 | if (n == 0) /* Connection closed. */ | |||
500 | shut = 1; | |||
501 | } | |||
502 | ||||
503 | for (;;) { | |||
504 | if ((n = imsg_get(ibuf, &imsg)) == -1) | |||
505 | fatal("%s: imsg_get error", __func__); | |||
506 | if (n == 0) /* No more messages. */ | |||
507 | break; | |||
508 | ||||
509 | switch (imsg.hdr.type) { | |||
510 | case IMSG_ANSWER: { | |||
511 | struct answer_header *answer_header; | |||
512 | int data_len; | |||
513 | uint8_t *data; | |||
514 | ||||
515 | if (IMSG_DATA_SIZE(imsg)((imsg).hdr.len - sizeof(struct imsg_hdr)) < sizeof(*answer_header)) | |||
516 | fatalx("%s: IMSG_ANSWER wrong length: " | |||
517 | "%lu", __func__, IMSG_DATA_SIZE(imsg)((imsg).hdr.len - sizeof(struct imsg_hdr))); | |||
518 | answer_header = (struct answer_header *)imsg.data; | |||
519 | data = (uint8_t *)imsg.data + sizeof(*answer_header); | |||
520 | if (answer_header->answer_len > UINT16_MAX0xffff) | |||
521 | fatalx("%s: IMSG_ANSWER answer too big: %d", | |||
522 | __func__, answer_header->answer_len); | |||
523 | data_len = IMSG_DATA_SIZE(imsg)((imsg).hdr.len - sizeof(struct imsg_hdr)) - | |||
524 | sizeof(*answer_header); | |||
525 | ||||
526 | if ((pq = find_pending_query(answer_header->id)) == | |||
527 | NULL((void*)0)) { | |||
528 | log_warnx("%s: cannot find pending query %llu", | |||
529 | __func__, answer_header->id); | |||
530 | break; | |||
531 | } | |||
532 | ||||
533 | if (answer_header->srvfail) { | |||
534 | error_answer(pq, LDNS_RCODE_SERVFAIL); | |||
535 | send_answer(pq); | |||
536 | break; | |||
537 | } | |||
538 | ||||
539 | if (answer_header->bogus && !(pq->qmsg->flags & | |||
540 | BIT_CD0x0010)) { | |||
541 | error_answer(pq, LDNS_RCODE_SERVFAIL); | |||
542 | send_answer(pq); | |||
543 | break; | |||
544 | } | |||
545 | ||||
546 | if (sldns_buffer_position(pq->abuf) == 0 && | |||
547 | !sldns_buffer_set_capacity(pq->abuf, | |||
548 | answer_header->answer_len)) { | |||
549 | error_answer(pq, LDNS_RCODE_SERVFAIL); | |||
550 | send_answer(pq); | |||
551 | break; | |||
552 | } | |||
553 | ||||
554 | if (sldns_buffer_position(pq->abuf) + data_len > | |||
555 | sldns_buffer_capacity(pq->abuf)) | |||
556 | fatalx("%s: IMSG_ANSWER answer too big: %d", | |||
557 | __func__, data_len); | |||
558 | sldns_buffer_write(pq->abuf, data, data_len); | |||
559 | ||||
560 | if (sldns_buffer_position(pq->abuf) == | |||
561 | sldns_buffer_capacity(pq->abuf)) { | |||
562 | sldns_buffer_flip(pq->abuf); | |||
563 | if (pq->dns64_synthesize) { | |||
564 | synthesize_dns64_answer(pq); | |||
565 | send_answer(pq); | |||
566 | } else { | |||
567 | noerror_answer(pq); | |||
568 | if (pq->dns64_synthesize) | |||
569 | /* we did not find a answer */ | |||
570 | resend_dns64_query(pq); | |||
571 | else | |||
572 | send_answer(pq); | |||
573 | } | |||
574 | } | |||
575 | break; | |||
576 | } | |||
577 | case IMSG_CTL_RESOLVER_INFO: | |||
578 | case IMSG_CTL_AUTOCONF_RESOLVER_INFO: | |||
579 | case IMSG_CTL_MEM_INFO: | |||
580 | case IMSG_CTL_END: | |||
581 | control_imsg_relay(&imsg); | |||
582 | break; | |||
583 | case IMSG_NEW_TA: | |||
584 | /* make sure this is a string */ | |||
585 | ((char *)imsg.data)[IMSG_DATA_SIZE(imsg)((imsg).hdr.len - sizeof(struct imsg_hdr)) - 1] = '\0'; | |||
586 | add_new_ta(&new_trust_anchors, imsg.data); | |||
587 | break; | |||
588 | case IMSG_NEW_TAS_ABORT: | |||
589 | free_tas(&new_trust_anchors); | |||
590 | break; | |||
591 | case IMSG_NEW_TAS_DONE: | |||
592 | chg = merge_tas(&new_trust_anchors, &trust_anchors); | |||
593 | if (chg) | |||
594 | send_trust_anchors(&trust_anchors); | |||
595 | ||||
596 | /* | |||
597 | * always write trust anchors, the modify date on | |||
598 | * the file is an indication when we made progress | |||
599 | */ | |||
600 | if (ta_fd != -1) | |||
601 | write_trust_anchors(&trust_anchors, ta_fd); | |||
602 | break; | |||
603 | case IMSG_NEW_DNS64_PREFIXES_START: | |||
604 | if (IMSG_DATA_SIZE(imsg)((imsg).hdr.len - sizeof(struct imsg_hdr)) != | |||
605 | sizeof(new_dns64_prefix_count)) | |||
606 | fatalx("%s: IMSG_NEW_DNS64_PREFIXES_START " | |||
607 | "wrong length: %lu", __func__, | |||
608 | IMSG_DATA_SIZE(imsg)((imsg).hdr.len - sizeof(struct imsg_hdr))); | |||
609 | memcpy(&new_dns64_prefix_count, imsg.data, | |||
610 | sizeof(new_dns64_prefix_count)); | |||
611 | free(new_dns64_prefixes); | |||
612 | new_dns64_prefixes = NULL((void*)0); | |||
613 | if (new_dns64_prefix_count > 0) | |||
614 | new_dns64_prefixes = | |||
615 | calloc(new_dns64_prefix_count, | |||
616 | sizeof(struct dns64_prefix)); | |||
617 | new_dns64_prefix_pos = 0; | |||
618 | break; | |||
619 | case IMSG_NEW_DNS64_PREFIX: { | |||
620 | if (IMSG_DATA_SIZE(imsg)((imsg).hdr.len - sizeof(struct imsg_hdr)) != sizeof(struct dns64_prefix)) | |||
621 | fatalx("%s: IMSG_NEW_DNS64_PREFIX wrong " | |||
622 | "length: %lu", __func__, | |||
623 | IMSG_DATA_SIZE(imsg)((imsg).hdr.len - sizeof(struct imsg_hdr))); | |||
624 | if (new_dns64_prefixes == NULL((void*)0)) | |||
625 | break; | |||
626 | if (new_dns64_prefix_pos >= new_dns64_prefix_count) | |||
627 | fatalx("%s: IMSG_NEW_DNS64_PREFIX: too many " | |||
628 | "prefixes", __func__); | |||
629 | memcpy(&new_dns64_prefixes[new_dns64_prefix_pos++], | |||
630 | imsg.data, sizeof(struct dns64_prefix)); | |||
631 | break; | |||
632 | } | |||
633 | case IMSG_NEW_DNS64_PREFIXES_DONE: | |||
634 | free(dns64_prefixes); | |||
635 | dns64_prefixes = new_dns64_prefixes; | |||
636 | dns64_prefix_count = new_dns64_prefix_count; | |||
637 | new_dns64_prefixes = NULL((void*)0); | |||
638 | break; | |||
639 | default: | |||
640 | log_debug("%s: error handling imsg %d", __func__, | |||
641 | imsg.hdr.type); | |||
642 | break; | |||
643 | } | |||
644 | imsg_free(&imsg); | |||
645 | } | |||
646 | if (!shut) | |||
647 | imsg_event_add(iev); | |||
648 | else { | |||
649 | /* This pipe is dead. Remove its event handler. */ | |||
650 | event_del(&iev->ev); | |||
651 | event_loopexit(NULL((void*)0)); | |||
652 | } | |||
653 | } | |||
654 | ||||
655 | void | |||
656 | frontend_startup(void) | |||
657 | { | |||
658 | if (!event_initialized(&ev_route)((&ev_route)->ev_flags & 0x80)) | |||
659 | fatalx("%s: did not receive a route socket from the main " | |||
660 | "process", __func__); | |||
661 | ||||
662 | event_add(&ev_route, NULL((void*)0)); | |||
663 | ||||
664 | frontend_imsg_compose_main(IMSG_STARTUP_DONE, 0, NULL((void*)0), 0); | |||
665 | check_available_af(); | |||
666 | } | |||
667 | ||||
668 | void | |||
669 | free_pending_query(struct pending_query *pq) | |||
670 | { | |||
671 | if (!pq
| |||
672 | return; | |||
673 | ||||
674 | TAILQ_REMOVE(&pending_queries, pq, entry)do { if (((pq)->entry.tqe_next) != ((void*)0)) (pq)->entry .tqe_next->entry.tqe_prev = (pq)->entry.tqe_prev; else ( &pending_queries)->tqh_last = (pq)->entry.tqe_prev; *(pq)->entry.tqe_prev = (pq)->entry.tqe_next; ; ; } while (0); | |||
675 | regional_destroy(pq->region); | |||
676 | sldns_buffer_free(pq->qbuf); | |||
677 | sldns_buffer_free(pq->abuf); | |||
678 | if (pq->tcp) { | |||
679 | if (event_initialized(&pq->ev)((&pq->ev)->ev_flags & 0x80)) | |||
680 | event_del(&pq->ev); | |||
681 | if (event_initialized(&pq->resp_ev)((&pq->resp_ev)->ev_flags & 0x80)) | |||
682 | event_del(&pq->resp_ev); | |||
683 | if (event_initialized(&pq->tmo_ev)((&pq->tmo_ev)->ev_flags & 0x80)) | |||
684 | event_del(&pq->tmo_ev); | |||
685 | if (pq->fd != -1) | |||
686 | close(pq->fd); | |||
687 | } | |||
688 | free(pq); | |||
689 | } | |||
690 | ||||
691 | void | |||
692 | udp_receive(int fd, short events, void *arg) | |||
693 | { | |||
694 | struct udp_ev *udpev = (struct udp_ev *)arg; | |||
695 | struct pending_query *pq = NULL((void*)0); | |||
696 | ssize_t len; | |||
697 | ||||
698 | if ((len = recvmsg(fd, &udpev->rcvmhdr, 0)) == -1) { | |||
699 | log_warn("recvmsg")uw_log_warn("recvmsg"); | |||
700 | return; | |||
701 | } | |||
702 | ||||
703 | if ((pq = calloc(1, sizeof(*pq))) == NULL((void*)0)) { | |||
704 | log_warn(NULL)uw_log_warn(((void*)0)); | |||
705 | return; | |||
706 | } | |||
707 | ||||
708 | do { | |||
709 | arc4random_buf(&pq->imsg_id, sizeof(pq->imsg_id)); | |||
710 | } while(find_pending_query(pq->imsg_id) != NULL((void*)0)); | |||
711 | ||||
712 | TAILQ_INSERT_TAIL(&pending_queries, pq, entry)do { (pq)->entry.tqe_next = ((void*)0); (pq)->entry.tqe_prev = (&pending_queries)->tqh_last; *(&pending_queries )->tqh_last = (pq); (&pending_queries)->tqh_last = & (pq)->entry.tqe_next; } while (0); | |||
713 | ||||
714 | pq->from = udpev->from; | |||
715 | pq->fd = fd; | |||
716 | pq->qbuf = sldns_buffer_new(len); | |||
717 | pq->abuf = sldns_buffer_new(len); /* make sure we can send errors */ | |||
718 | pq->region = regional_create(); | |||
719 | pq->qmsg = regional_alloc(pq->region, sizeof(*pq->qmsg)); | |||
720 | ||||
721 | if (!pq->qbuf || !pq->abuf || !pq->region || !pq->qmsg) { | |||
722 | log_warnx("out of memory"); | |||
723 | free_pending_query(pq); | |||
724 | return; | |||
725 | } | |||
726 | ||||
727 | memset(pq->qmsg, 0, sizeof(*pq->qmsg)); | |||
728 | sldns_buffer_write(pq->qbuf, udpev->query, len); | |||
729 | sldns_buffer_flip(pq->qbuf); | |||
730 | handle_query(pq); | |||
731 | } | |||
732 | ||||
733 | void | |||
734 | handle_query(struct pending_query *pq) | |||
735 | { | |||
736 | struct query_imsg query_imsg; | |||
737 | struct bl_node find; | |||
738 | int rcode; | |||
739 | char *str; | |||
740 | char dname[LDNS_MAX_DOMAINLEN255 + 1]; | |||
741 | char qclass_buf[16]; | |||
742 | char qtype_buf[16]; | |||
743 | ||||
744 | if (log_getverbose() & OPT_VERBOSE20x00000002 && (str = | |||
745 | sldns_wire2str_pkt(sldns_buffer_begin(pq->qbuf), | |||
746 | sldns_buffer_limit(pq->qbuf))) != NULL((void*)0)) { | |||
747 | log_debug("from: %s\n%s", ip_port((struct sockaddr *) | |||
748 | &pq->from), str); | |||
749 | free(str); | |||
750 | } | |||
751 | ||||
752 | if (!query_info_parse(&pq->qinfo, pq->qbuf)) { | |||
753 | log_warnx("query_info_parse failed"); | |||
754 | goto drop; | |||
755 | } | |||
756 | ||||
757 | sldns_buffer_rewind(pq->qbuf); | |||
758 | ||||
759 | if (parse_packet(pq->qbuf, pq->qmsg, pq->region) != | |||
760 | LDNS_RCODE_NOERROR) { | |||
761 | log_warnx("parse_packet failed"); | |||
762 | goto drop; | |||
763 | } | |||
764 | ||||
765 | rcode = check_query(pq->qbuf); | |||
766 | switch (rcode) { | |||
767 | case LDNS_RCODE_NOERROR: | |||
768 | break; | |||
769 | case -1: | |||
770 | goto drop; | |||
771 | default: | |||
772 | error_answer(pq, rcode); | |||
773 | goto send_answer; | |||
774 | } | |||
775 | ||||
776 | rcode = parse_extract_edns(pq->qmsg, &pq->edns, pq->region); | |||
777 | if (rcode != LDNS_RCODE_NOERROR) { | |||
778 | error_answer(pq, rcode); | |||
779 | goto send_answer; | |||
780 | } | |||
781 | ||||
782 | if (!dname_valid(pq->qinfo.qname, pq->qinfo.qname_len)) { | |||
783 | error_answer(pq, LDNS_RCODE_FORMERR); | |||
784 | goto send_answer; | |||
785 | } | |||
786 | dname_str(pq->qinfo.qname, dname); | |||
787 | ||||
788 | sldns_wire2str_class_buf(pq->qinfo.qclass, qclass_buf, | |||
789 | sizeof(qclass_buf)); | |||
790 | sldns_wire2str_type_buf(pq->qinfo.qtype, qtype_buf, sizeof(qtype_buf)); | |||
791 | log_debug("%s: %s %s %s ?", ip_port((struct sockaddr *)&pq->from), | |||
792 | dname, qclass_buf, qtype_buf); | |||
793 | ||||
794 | find.domain = dname; | |||
795 | if (RB_FIND(bl_tree, &bl_head, &find)bl_tree_RB_FIND(&bl_head, &find) != NULL((void*)0)) { | |||
796 | if (frontend_conf->blocklist_log) | |||
797 | log_info("blocking %s", dname)uw_log_info("blocking %s", dname); | |||
798 | error_answer(pq, LDNS_RCODE_REFUSED); | |||
799 | goto send_answer; | |||
800 | } | |||
801 | ||||
802 | if (pq->qinfo.qtype == LDNS_RR_TYPE_AXFR || pq->qinfo.qtype == | |||
803 | LDNS_RR_TYPE_IXFR) { | |||
804 | error_answer(pq, LDNS_RCODE_REFUSED); | |||
805 | goto send_answer; | |||
806 | } | |||
807 | ||||
808 | if(pq->qinfo.qtype == LDNS_RR_TYPE_OPT || | |||
809 | pq->qinfo.qtype == LDNS_RR_TYPE_TSIG || | |||
810 | pq->qinfo.qtype == LDNS_RR_TYPE_TKEY || | |||
811 | pq->qinfo.qtype == LDNS_RR_TYPE_MAILA || | |||
812 | pq->qinfo.qtype == LDNS_RR_TYPE_MAILB || | |||
813 | (pq->qinfo.qtype >= 128 && pq->qinfo.qtype <= 248)) { | |||
814 | error_answer(pq, LDNS_RCODE_FORMERR); | |||
815 | goto send_answer; | |||
816 | } | |||
817 | ||||
818 | if (pq->qinfo.qclass == LDNS_RR_CLASS_CH) { | |||
819 | if (strcasecmp(dname, "version.server.") == 0 || | |||
820 | strcasecmp(dname, "version.bind.") == 0) { | |||
821 | chaos_answer(pq); | |||
822 | } else | |||
823 | error_answer(pq, LDNS_RCODE_REFUSED); | |||
824 | goto send_answer; | |||
825 | } | |||
826 | ||||
827 | if (strlcpy(query_imsg.qname, dname, sizeof(query_imsg.qname)) >= | |||
828 | sizeof(query_imsg.qname)) { | |||
829 | log_warnx("qname too long"); | |||
830 | error_answer(pq, LDNS_RCODE_FORMERR); | |||
831 | goto send_answer; | |||
832 | } | |||
833 | query_imsg.id = pq->imsg_id; | |||
834 | query_imsg.t = pq->qinfo.qtype; | |||
835 | query_imsg.c = pq->qinfo.qclass; | |||
836 | ||||
837 | if (frontend_imsg_compose_resolver(IMSG_QUERY, 0, &query_imsg, | |||
838 | sizeof(query_imsg)) == -1) { | |||
839 | error_answer(pq, LDNS_RCODE_SERVFAIL); | |||
840 | goto send_answer; | |||
841 | } | |||
842 | return; | |||
843 | ||||
844 | send_answer: | |||
845 | send_answer(pq); | |||
846 | return; | |||
847 | ||||
848 | drop: | |||
849 | free_pending_query(pq); | |||
850 | } | |||
851 | ||||
852 | void | |||
853 | noerror_answer(struct pending_query *pq) | |||
854 | { | |||
855 | struct query_info skip, qinfo; | |||
856 | struct reply_info *rinfo = NULL((void*)0); | |||
857 | struct alloc_cache alloc; | |||
858 | struct edns_data edns; | |||
859 | struct ub_packed_rrset_key *an_rrset = NULL((void*)0); | |||
860 | struct packed_rrset_data *an_rrset_data = NULL((void*)0); | |||
861 | ||||
862 | alloc_init(&alloc, NULL((void*)0), 0); | |||
863 | memset(&qinfo, 0, sizeof(qinfo)); | |||
864 | /* read past query section, no memory is allocated */ | |||
865 | if (!query_info_parse(&skip, pq->abuf)) | |||
866 | goto srvfail; | |||
867 | ||||
868 | if (reply_info_parse(pq->abuf, &alloc, &qinfo, &rinfo, pq->region, | |||
869 | &edns) != 0) | |||
870 | goto srvfail; | |||
871 | ||||
872 | if ((an_rrset = reply_find_answer_rrset(&qinfo, rinfo)) != NULL((void*)0)) | |||
873 | an_rrset_data = (struct packed_rrset_data*)an_rrset->entry.data; | |||
874 | ||||
875 | /* reply_info_parse() allocates memory */ | |||
876 | query_info_clear(&qinfo); | |||
877 | ||||
878 | /* XXX check that there a no AAAA records in answer section? */ | |||
879 | if ((an_rrset_data == NULL((void*)0) || an_rrset_data->count == 0) && | |||
880 | !pq->dns64_synthesize && pq->qinfo.qtype == LDNS_RR_TYPE_AAAA && | |||
881 | pq->qinfo.qclass == LDNS_RR_CLASS_IN && dns64_prefix_count > 0) { | |||
882 | pq->dns64_synthesize = 1; | |||
883 | return; | |||
884 | } | |||
885 | ||||
886 | sldns_buffer_clear(pq->abuf); | |||
887 | if (reply_info_encode(&pq->qinfo, rinfo, pq->qmsg->id, rinfo->flags, | |||
888 | pq->abuf, 0, pq->region, pq->tcp ? UINT16_MAX0xffff : pq->edns.udp_size, | |||
889 | pq->edns.bits & EDNS_DO0x8000, MINIMIZE_ANSWER1) == 0) | |||
890 | goto srvfail; | |||
891 | ||||
892 | reply_info_parsedelete(rinfo, &alloc); | |||
893 | alloc_clear(&alloc); | |||
894 | return; | |||
895 | ||||
896 | srvfail: | |||
897 | reply_info_parsedelete(rinfo, &alloc); | |||
898 | alloc_clear(&alloc); | |||
899 | error_answer(pq, LDNS_RCODE_SERVFAIL); | |||
900 | } | |||
901 | ||||
902 | void | |||
903 | synthesize_dns64_answer(struct pending_query *pq) | |||
904 | { | |||
905 | struct query_info skip, qinfo; | |||
906 | struct reply_info *rinfo = NULL((void*)0), *synth_rinfo = NULL((void*)0); | |||
907 | struct alloc_cache alloc; | |||
908 | struct edns_data edns; | |||
909 | size_t i; | |||
910 | ||||
911 | pq->dns64_synthesize = 0; | |||
912 | ||||
913 | alloc_init(&alloc, NULL((void*)0), 0); | |||
914 | memset(&qinfo, 0, sizeof(qinfo)); | |||
915 | /* read past query section, no memory is allocated */ | |||
916 | if (!query_info_parse(&skip, pq->abuf)) | |||
917 | goto srvfail; | |||
918 | ||||
919 | if (reply_info_parse(pq->abuf, &alloc, &qinfo, &rinfo, pq->region, | |||
920 | &edns) != 0) | |||
921 | goto srvfail; | |||
922 | ||||
923 | /* reply_info_parse() allocates memory */ | |||
924 | query_info_clear(&qinfo); | |||
925 | ||||
926 | synth_rinfo = construct_reply_info_base(pq->region, rinfo->flags, | |||
927 | rinfo->qdcount, rinfo->ttl, rinfo->prefetch_ttl, | |||
928 | rinfo->serve_expired_ttl, rinfo->an_numrrsets, | |||
929 | rinfo->ns_numrrsets, rinfo->ar_numrrsets, rinfo->rrset_count, | |||
930 | rinfo->security); | |||
931 | ||||
932 | if (!synth_rinfo) | |||
933 | goto srvfail; | |||
934 | ||||
935 | if(!reply_info_alloc_rrset_keys(synth_rinfo, NULL((void*)0), pq->region)) | |||
936 | goto srvfail; | |||
937 | ||||
938 | for (i = 0; i < synth_rinfo->rrset_count; i++) { | |||
939 | struct ub_packed_rrset_key *src_rrset_key, *dst_rrset_key; | |||
940 | struct packed_rrset_data *src_rrset_data; | |||
941 | struct packed_rrset_data *dst_rrset_data; | |||
942 | ||||
943 | src_rrset_key = rinfo->rrsets[i]; | |||
944 | src_rrset_data = | |||
945 | (struct packed_rrset_data *)src_rrset_key->entry.data; | |||
946 | dst_rrset_key = synth_rinfo->rrsets[i]; | |||
947 | ||||
948 | dst_rrset_key->id = src_rrset_key->id; | |||
949 | dst_rrset_key->rk = src_rrset_key->rk; | |||
950 | ||||
951 | if (i < rinfo->an_numrrsets && src_rrset_key->rk.type == | |||
952 | htons(LDNS_RR_TYPE_A)(__uint16_t)(__builtin_constant_p(LDNS_RR_TYPE_A) ? (__uint16_t )(((__uint16_t)(LDNS_RR_TYPE_A) & 0xffU) << 8 | ((__uint16_t )(LDNS_RR_TYPE_A) & 0xff00U) >> 8) : __swap16md(LDNS_RR_TYPE_A ))) { | |||
953 | dns64_synth_aaaa_data(src_rrset_key, src_rrset_data, | |||
954 | dst_rrset_key, &dst_rrset_data, pq->region); | |||
955 | if (dst_rrset_data == NULL((void*)0)) | |||
956 | goto srvfail; | |||
957 | } else { | |||
958 | dst_rrset_key->entry.hash = src_rrset_key->entry.hash; | |||
959 | dst_rrset_key->rk.dname = regional_alloc_init( | |||
960 | pq->region, src_rrset_key->rk.dname, | |||
961 | src_rrset_key->rk.dname_len); | |||
962 | if (dst_rrset_key->rk.dname == NULL((void*)0)) | |||
963 | goto srvfail; | |||
964 | ||||
965 | dst_rrset_data = regional_alloc_init(pq->region, | |||
966 | src_rrset_data, | |||
967 | packed_rrset_sizeof(src_rrset_data)); | |||
968 | if (dst_rrset_data == NULL((void*)0)) | |||
969 | goto srvfail; | |||
970 | } | |||
971 | ||||
972 | packed_rrset_ptr_fixup(dst_rrset_data); | |||
973 | dst_rrset_key->entry.data = dst_rrset_data; | |||
974 | } | |||
975 | ||||
976 | if (!sldns_buffer_set_capacity(pq->abuf, pq->tcp ? UINT16_MAX0xffff : | |||
977 | pq->edns.udp_size)) | |||
978 | goto srvfail; | |||
979 | ||||
980 | sldns_buffer_clear(pq->abuf); | |||
981 | ||||
982 | if (reply_info_encode(&pq->qinfo, synth_rinfo, pq->qmsg->id, | |||
983 | synth_rinfo->flags, pq->abuf, 0, pq->region, | |||
984 | pq->tcp ? UINT16_MAX0xffff : pq->edns.udp_size, | |||
985 | pq->edns.bits & EDNS_DO0x8000, MINIMIZE_ANSWER1) == 0) | |||
986 | goto srvfail; | |||
987 | ||||
988 | reply_info_parsedelete(rinfo, &alloc); | |||
989 | alloc_clear(&alloc); | |||
990 | return; | |||
991 | ||||
992 | srvfail: | |||
993 | reply_info_parsedelete(rinfo, &alloc); | |||
994 | alloc_clear(&alloc); | |||
995 | error_answer(pq, LDNS_RCODE_SERVFAIL); | |||
996 | } | |||
997 | ||||
998 | void | |||
999 | resend_dns64_query(struct pending_query *opq) { | |||
1000 | struct pending_query *pq; | |||
1001 | struct query_imsg query_imsg; | |||
1002 | int rcode; | |||
1003 | char dname[LDNS_MAX_DOMAINLEN255 + 1]; | |||
1004 | ||||
1005 | if ((pq = calloc(1, sizeof(*pq))) == NULL((void*)0)) { | |||
1006 | log_warn(NULL)uw_log_warn(((void*)0)); | |||
1007 | return; | |||
1008 | } | |||
1009 | ||||
1010 | do { | |||
1011 | arc4random_buf(&pq->imsg_id, sizeof(pq->imsg_id)); | |||
1012 | } while(find_pending_query(pq->imsg_id) != NULL((void*)0)); | |||
1013 | ||||
1014 | TAILQ_INSERT_TAIL(&pending_queries, pq, entry)do { (pq)->entry.tqe_next = ((void*)0); (pq)->entry.tqe_prev = (&pending_queries)->tqh_last; *(&pending_queries )->tqh_last = (pq); (&pending_queries)->tqh_last = & (pq)->entry.tqe_next; } while (0); | |||
1015 | ||||
1016 | pq->from = opq->from; | |||
1017 | pq->fd = opq->fd; | |||
1018 | opq->fd = -1; | |||
1019 | pq->tcp = opq->tcp; | |||
1020 | pq->qbuf = sldns_buffer_new(sldns_buffer_capacity(opq->qbuf)); | |||
1021 | pq->abuf = sldns_buffer_new(sldns_buffer_capacity(opq->abuf)); | |||
1022 | pq->region = regional_create(); | |||
1023 | pq->qmsg = regional_alloc(pq->region, sizeof(*pq->qmsg)); | |||
1024 | ||||
1025 | if (!pq->qbuf || !pq->abuf || !pq->region || !pq->qmsg) { | |||
1026 | log_warnx("out of memory"); | |||
1027 | free_pending_query(pq); | |||
1028 | free_pending_query(opq); | |||
1029 | return; | |||
1030 | } | |||
1031 | ||||
1032 | sldns_buffer_rewind(opq->qbuf); | |||
1033 | sldns_buffer_write(pq->qbuf, sldns_buffer_current(opq->qbuf), | |||
1034 | sldns_buffer_remaining(opq->qbuf)); | |||
1035 | sldns_buffer_flip(pq->qbuf); | |||
1036 | memset(pq->qmsg, 0, sizeof(*pq->qmsg)); | |||
1037 | ||||
1038 | if (pq->tcp) { | |||
1039 | struct timeval timeout = {TCP_TIMEOUT15, 0}; | |||
1040 | ||||
1041 | event_set(&pq->ev, pq->fd, EV_READ0x02 | EV_PERSIST0x10, tcp_request, | |||
1042 | pq); | |||
1043 | event_set(&pq->resp_ev, pq->fd, EV_WRITE0x04 | EV_PERSIST0x10, | |||
1044 | tcp_response, pq); | |||
1045 | evtimer_set(&pq->tmo_ev, tcp_timeout, pq)event_set(&pq->tmo_ev, -1, 0, tcp_timeout, pq); | |||
1046 | evtimer_add(&pq->tmo_ev, &timeout)event_add(&pq->tmo_ev, &timeout); | |||
1047 | } | |||
1048 | ||||
1049 | if (!query_info_parse(&pq->qinfo, pq->qbuf)) { | |||
1050 | log_warnx("query_info_parse failed"); | |||
1051 | goto drop; | |||
1052 | } | |||
1053 | ||||
1054 | sldns_buffer_rewind(pq->qbuf); | |||
1055 | ||||
1056 | if (parse_packet(pq->qbuf, pq->qmsg, pq->region) != | |||
1057 | LDNS_RCODE_NOERROR) { | |||
1058 | log_warnx("parse_packet failed"); | |||
1059 | goto drop; | |||
1060 | } | |||
1061 | ||||
1062 | rcode = parse_extract_edns(pq->qmsg, &pq->edns, pq->region); | |||
1063 | if (rcode != LDNS_RCODE_NOERROR) { | |||
1064 | error_answer(pq, rcode); | |||
1065 | goto send_answer; | |||
1066 | } | |||
1067 | ||||
1068 | dname_str(pq->qinfo.qname, dname); | |||
1069 | strlcpy(query_imsg.qname, dname, sizeof(query_imsg.qname)); | |||
1070 | query_imsg.id = pq->imsg_id; | |||
1071 | query_imsg.t = LDNS_RR_TYPE_A; | |||
1072 | query_imsg.c = pq->qinfo.qclass; | |||
1073 | ||||
1074 | pq->dns64_synthesize = 1; | |||
1075 | ||||
1076 | if (frontend_imsg_compose_resolver(IMSG_QUERY, 0, &query_imsg, | |||
1077 | sizeof(query_imsg)) == -1) { | |||
1078 | error_answer(pq, LDNS_RCODE_SERVFAIL); | |||
1079 | goto send_answer; | |||
1080 | } | |||
1081 | ||||
1082 | free_pending_query(opq); | |||
1083 | return; | |||
1084 | ||||
1085 | send_answer: | |||
1086 | free_pending_query(opq); | |||
1087 | send_answer(pq); | |||
1088 | return; | |||
1089 | ||||
1090 | drop: | |||
1091 | free_pending_query(opq); | |||
1092 | free_pending_query(pq); | |||
1093 | } | |||
1094 | ||||
1095 | void | |||
1096 | chaos_answer(struct pending_query *pq) | |||
1097 | { | |||
1098 | size_t len; | |||
1099 | const char *name = "unwind"; | |||
1100 | ||||
1101 | len = strlen(name); | |||
1102 | if (!sldns_buffer_set_capacity(pq->abuf, | |||
1103 | sldns_buffer_capacity(pq->qbuf) + COMPRESSED_RR_SIZE12 + 1 + len)) { | |||
1104 | error_answer(pq, LDNS_RCODE_SERVFAIL); | |||
1105 | return; | |||
1106 | } | |||
1107 | ||||
1108 | sldns_buffer_copy(pq->abuf, pq->qbuf); | |||
1109 | ||||
1110 | sldns_buffer_clear(pq->abuf); | |||
1111 | ||||
1112 | sldns_buffer_skip(pq->abuf, sizeof(uint16_t)); /* skip id */ | |||
1113 | sldns_buffer_write_u16(pq->abuf, 0); /* clear flags */ | |||
1114 | LDNS_QR_SET(sldns_buffer_begin(pq->abuf))(*(sldns_buffer_begin(pq->abuf)+2) |= 0x80U); | |||
1115 | LDNS_RA_SET(sldns_buffer_begin(pq->abuf))(*(sldns_buffer_begin(pq->abuf)+3) |= 0x80U); | |||
1116 | if (LDNS_RD_WIRE(sldns_buffer_begin(pq->qbuf))(*(sldns_buffer_begin(pq->qbuf)+2) & 0x01U)) | |||
1117 | LDNS_RD_SET(sldns_buffer_begin(pq->abuf))(*(sldns_buffer_begin(pq->abuf)+2) |= 0x01U); | |||
1118 | if (LDNS_CD_WIRE(sldns_buffer_begin(pq->qbuf))(*(sldns_buffer_begin(pq->qbuf)+3) & 0x10U)) | |||
1119 | LDNS_CD_SET(sldns_buffer_begin(pq->abuf))(*(sldns_buffer_begin(pq->abuf)+3) |= 0x10U); | |||
1120 | LDNS_RCODE_SET(sldns_buffer_begin(pq->abuf), LDNS_RCODE_NOERROR)(*(sldns_buffer_begin(pq->abuf)+3) = ((*(sldns_buffer_begin (pq->abuf)+3)) & ~0x0fU) | (LDNS_RCODE_NOERROR)); | |||
1121 | sldns_buffer_write_u16(pq->abuf, 1); /* qdcount */ | |||
1122 | sldns_buffer_write_u16(pq->abuf, 1); /* ancount */ | |||
1123 | sldns_buffer_write_u16(pq->abuf, 0); /* nscount */ | |||
1124 | sldns_buffer_write_u16(pq->abuf, 0); /* arcount */ | |||
1125 | (void)query_dname_len(pq->abuf); /* skip qname */ | |||
1126 | sldns_buffer_skip(pq->abuf, sizeof(uint16_t)); /* skip qtype */ | |||
1127 | sldns_buffer_skip(pq->abuf, sizeof(uint16_t)); /* skip qclass */ | |||
1128 | ||||
1129 | sldns_buffer_write_u16(pq->abuf, 0xc00c); /* ptr to query */ | |||
1130 | sldns_buffer_write_u16(pq->abuf, LDNS_RR_TYPE_TXT); | |||
1131 | sldns_buffer_write_u16(pq->abuf, LDNS_RR_CLASS_CH); | |||
1132 | sldns_buffer_write_u32(pq->abuf, 0); /* TTL */ | |||
1133 | sldns_buffer_write_u16(pq->abuf, 1 + len); /* RDLENGTH */ | |||
1134 | sldns_buffer_write_u8(pq->abuf, len); /* length octed */ | |||
1135 | sldns_buffer_write(pq->abuf, name, len); | |||
1136 | sldns_buffer_flip(pq->abuf); | |||
1137 | } | |||
1138 | ||||
1139 | void | |||
1140 | error_answer(struct pending_query *pq, int rcode) | |||
1141 | { | |||
1142 | sldns_buffer_clear(pq->abuf); | |||
1143 | error_encode(pq->abuf, rcode, &pq->qinfo, pq->qmsg->id, | |||
1144 | pq->qmsg->flags, pq->edns.edns_present ? &pq->edns : NULL((void*)0)); | |||
1145 | } | |||
1146 | ||||
1147 | int | |||
1148 | check_query(sldns_buffer* pkt) | |||
1149 | { | |||
1150 | if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE12) { | |||
1151 | log_warnx("bad query: too short, dropped"); | |||
1152 | return -1; | |||
1153 | } | |||
1154 | if(LDNS_QR_WIRE(sldns_buffer_begin(pkt))(*(sldns_buffer_begin(pkt)+2) & 0x80U)) { | |||
1155 | log_warnx("bad query: QR set, dropped"); | |||
1156 | return -1; | |||
1157 | } | |||
1158 | if(LDNS_TC_WIRE(sldns_buffer_begin(pkt))(*(sldns_buffer_begin(pkt)+2) & 0x02U)) { | |||
1159 | LDNS_TC_CLR(sldns_buffer_begin(pkt))(*(sldns_buffer_begin(pkt)+2) &= ~0x02U); | |||
1160 | log_warnx("bad query: TC set"); | |||
1161 | return (LDNS_RCODE_FORMERR); | |||
1162 | } | |||
1163 | if(!(LDNS_RD_WIRE(sldns_buffer_begin(pkt))(*(sldns_buffer_begin(pkt)+2) & 0x01U))) { | |||
1164 | log_warnx("bad query: RD not set"); | |||
1165 | return (LDNS_RCODE_REFUSED); | |||
1166 | } | |||
1167 | if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt))((*(sldns_buffer_begin(pkt)+2) & 0x78U) >> 3) != LDNS_PACKET_QUERY) { | |||
1168 | log_warnx("bad query: unknown opcode %d", | |||
1169 | LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt))((*(sldns_buffer_begin(pkt)+2) & 0x78U) >> 3)); | |||
1170 | return (LDNS_RCODE_NOTIMPL); | |||
1171 | } | |||
1172 | ||||
1173 | if (LDNS_QDCOUNT(sldns_buffer_begin(pkt))(sldns_read_uint16(sldns_buffer_begin(pkt)+4)) != 1 && | |||
1174 | LDNS_ANCOUNT(sldns_buffer_begin(pkt))(sldns_read_uint16(sldns_buffer_begin(pkt)+6))!= 0 && | |||
1175 | LDNS_NSCOUNT(sldns_buffer_begin(pkt))(sldns_read_uint16(sldns_buffer_begin(pkt)+8))!= 0 && | |||
1176 | LDNS_ARCOUNT(sldns_buffer_begin(pkt))(sldns_read_uint16(sldns_buffer_begin(pkt)+10)) > 1) { | |||
1177 | log_warnx("bad query: qdcount: %d, ancount: %d " | |||
1178 | "nscount: %d, arcount: %d", | |||
1179 | LDNS_QDCOUNT(sldns_buffer_begin(pkt))(sldns_read_uint16(sldns_buffer_begin(pkt)+4)), | |||
1180 | LDNS_ANCOUNT(sldns_buffer_begin(pkt))(sldns_read_uint16(sldns_buffer_begin(pkt)+6)), | |||
1181 | LDNS_NSCOUNT(sldns_buffer_begin(pkt))(sldns_read_uint16(sldns_buffer_begin(pkt)+8)), | |||
1182 | LDNS_ARCOUNT(sldns_buffer_begin(pkt))(sldns_read_uint16(sldns_buffer_begin(pkt)+10))); | |||
1183 | return (LDNS_RCODE_FORMERR); | |||
1184 | } | |||
1185 | return 0; | |||
1186 | } | |||
1187 | ||||
1188 | void | |||
1189 | send_answer(struct pending_query *pq) | |||
1190 | { | |||
1191 | char *str; | |||
1192 | ||||
1193 | if (log_getverbose() & OPT_VERBOSE20x00000002 && (str = | |||
1194 | sldns_wire2str_pkt(sldns_buffer_begin(pq->abuf), | |||
1195 | sldns_buffer_limit(pq->abuf))) != NULL((void*)0)) { | |||
1196 | log_debug("from: %s\n%s", ip_port((struct sockaddr *) | |||
1197 | &pq->from), str); | |||
1198 | free(str); | |||
1199 | } | |||
1200 | ||||
1201 | if (!pq->tcp) { | |||
1202 | if(sendto(pq->fd, sldns_buffer_current(pq->abuf), | |||
1203 | sldns_buffer_remaining(pq->abuf), 0, | |||
1204 | (struct sockaddr *)&pq->from, pq->from.ss_len) == -1) | |||
1205 | log_warn("sendto")uw_log_warn("sendto"); | |||
1206 | free_pending_query(pq); | |||
1207 | } else { | |||
1208 | struct sldns_buffer *tmp; | |||
1209 | ||||
1210 | tmp = sldns_buffer_new(sldns_buffer_limit(pq->abuf) + 2); | |||
1211 | ||||
1212 | if (!tmp) { | |||
1213 | free_pending_query(pq); | |||
1214 | return; | |||
1215 | } | |||
1216 | ||||
1217 | sldns_buffer_write_u16(tmp, sldns_buffer_limit(pq->abuf)); | |||
1218 | sldns_buffer_write(tmp, sldns_buffer_current(pq->abuf), | |||
1219 | sldns_buffer_remaining(pq->abuf)); | |||
1220 | sldns_buffer_flip(tmp); | |||
1221 | sldns_buffer_free(pq->abuf); | |||
1222 | pq->abuf = tmp; | |||
1223 | event_add(&pq->resp_ev, NULL((void*)0)); | |||
1224 | } | |||
1225 | } | |||
1226 | ||||
1227 | char* | |||
1228 | ip_port(struct sockaddr *sa) | |||
1229 | { | |||
1230 | static char hbuf[NI_MAXHOST256], buf[NI_MAXHOST256]; | |||
1231 | ||||
1232 | if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), NULL((void*)0), 0, | |||
1233 | NI_NUMERICHOST1) != 0) { | |||
1234 | snprintf(buf, sizeof(buf), "%s", "(unknown)"); | |||
1235 | return buf; | |||
1236 | } | |||
1237 | ||||
1238 | if (sa->sa_family == AF_INET624) | |||
1239 | snprintf(buf, sizeof(buf), "[%s]:%d", hbuf, ntohs((__uint16_t)(__builtin_constant_p(((struct sockaddr_in6 *)sa) ->sin6_port) ? (__uint16_t)(((__uint16_t)(((struct sockaddr_in6 *)sa)->sin6_port) & 0xffU) << 8 | ((__uint16_t) (((struct sockaddr_in6 *)sa)->sin6_port) & 0xff00U) >> 8) : __swap16md(((struct sockaddr_in6 *)sa)->sin6_port)) | |||
1240 | ((struct sockaddr_in6 *)sa)->sin6_port)(__uint16_t)(__builtin_constant_p(((struct sockaddr_in6 *)sa) ->sin6_port) ? (__uint16_t)(((__uint16_t)(((struct sockaddr_in6 *)sa)->sin6_port) & 0xffU) << 8 | ((__uint16_t) (((struct sockaddr_in6 *)sa)->sin6_port) & 0xff00U) >> 8) : __swap16md(((struct sockaddr_in6 *)sa)->sin6_port))); | |||
1241 | if (sa->sa_family == AF_INET2) | |||
1242 | snprintf(buf, sizeof(buf), "[%s]:%d", hbuf, ntohs((__uint16_t)(__builtin_constant_p(((struct sockaddr_in *)sa)-> sin_port) ? (__uint16_t)(((__uint16_t)(((struct sockaddr_in * )sa)->sin_port) & 0xffU) << 8 | ((__uint16_t)((( struct sockaddr_in *)sa)->sin_port) & 0xff00U) >> 8) : __swap16md(((struct sockaddr_in *)sa)->sin_port)) | |||
1243 | ((struct sockaddr_in *)sa)->sin_port)(__uint16_t)(__builtin_constant_p(((struct sockaddr_in *)sa)-> sin_port) ? (__uint16_t)(((__uint16_t)(((struct sockaddr_in * )sa)->sin_port) & 0xffU) << 8 | ((__uint16_t)((( struct sockaddr_in *)sa)->sin_port) & 0xff00U) >> 8) : __swap16md(((struct sockaddr_in *)sa)->sin_port))); | |||
1244 | ||||
1245 | return buf; | |||
1246 | } | |||
1247 | ||||
1248 | struct pending_query* | |||
1249 | find_pending_query(uint64_t id) | |||
1250 | { | |||
1251 | struct pending_query *pq; | |||
1252 | ||||
1253 | TAILQ_FOREACH(pq, &pending_queries, entry)for((pq) = ((&pending_queries)->tqh_first); (pq) != (( void*)0); (pq) = ((pq)->entry.tqe_next)) | |||
1254 | if (pq->imsg_id == id) | |||
1255 | return pq; | |||
1256 | return NULL((void*)0); | |||
1257 | } | |||
1258 | ||||
1259 | void | |||
1260 | route_receive(int fd, short events, void *arg) | |||
1261 | { | |||
1262 | static uint8_t *buf; | |||
1263 | ||||
1264 | struct rt_msghdr *rtm; | |||
1265 | struct sockaddr *sa, *rti_info[RTAX_MAX15]; | |||
1266 | ssize_t n; | |||
1267 | ||||
1268 | if (buf == NULL((void*)0)) { | |||
1269 | buf = malloc(ROUTE_SOCKET_BUF_SIZE16384); | |||
1270 | if (buf == NULL((void*)0)) | |||
1271 | fatal("malloc"); | |||
1272 | } | |||
1273 | rtm = (struct rt_msghdr *)buf; | |||
1274 | if ((n = read(fd, buf, ROUTE_SOCKET_BUF_SIZE16384)) == -1) { | |||
1275 | if (errno(*__errno()) == EAGAIN35 || errno(*__errno()) == EINTR4) | |||
1276 | return; | |||
1277 | log_warn("dispatch_rtmsg: read error")uw_log_warn("dispatch_rtmsg: read error"); | |||
1278 | return; | |||
1279 | } | |||
1280 | ||||
1281 | if (n == 0) | |||
1282 | fatal("routing socket closed"); | |||
1283 | ||||
1284 | if (n < (ssize_t)sizeof(rtm->rtm_msglen) || n < rtm->rtm_msglen) { | |||
1285 | log_warnx("partial rtm of %zd in buffer", n); | |||
1286 | return; | |||
1287 | } | |||
1288 | ||||
1289 | if (rtm->rtm_version != RTM_VERSION5) | |||
1290 | return; | |||
1291 | ||||
1292 | sa = (struct sockaddr *)(buf + rtm->rtm_hdrlen); | |||
1293 | get_rtaddrs(rtm->rtm_addrs, sa, rti_info); | |||
1294 | ||||
1295 | handle_route_message(rtm, rti_info); | |||
1296 | } | |||
1297 | ||||
1298 | #define ROUNDUP(a)((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof (long)) \ | |||
1299 | ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) | |||
1300 | ||||
1301 | void | |||
1302 | get_rtaddrs(int addrs, struct sockaddr *sa, struct sockaddr **rti_info) | |||
1303 | { | |||
1304 | int i; | |||
1305 | ||||
1306 | for (i = 0; i < RTAX_MAX15; i++) { | |||
1307 | if (addrs & (1 << i)) { | |||
1308 | rti_info[i] = sa; | |||
1309 | sa = (struct sockaddr *)((char *)(sa) + | |||
1310 | ROUNDUP(sa->sa_len)((sa->sa_len) > 0 ? (1 + (((sa->sa_len) - 1) | (sizeof (long) - 1))) : sizeof(long))); | |||
1311 | } else | |||
1312 | rti_info[i] = NULL((void*)0); | |||
1313 | } | |||
1314 | } | |||
1315 | ||||
1316 | void | |||
1317 | handle_route_message(struct rt_msghdr *rtm, struct sockaddr **rti_info) | |||
1318 | { | |||
1319 | struct imsg_rdns_proposal rdns_proposal; | |||
1320 | struct sockaddr_rtdns *rtdns; | |||
1321 | struct if_announcemsghdr *ifan; | |||
1322 | ||||
1323 | switch (rtm->rtm_type) { | |||
1324 | case RTM_IFANNOUNCE0xf: | |||
1325 | ifan = (struct if_announcemsghdr *)rtm; | |||
1326 | if (ifan->ifan_what == IFAN_ARRIVAL0) | |||
1327 | break; | |||
1328 | rdns_proposal.if_index = ifan->ifan_index; | |||
1329 | rdns_proposal.src = 0; | |||
1330 | rdns_proposal.rtdns.sr_family = AF_INET2; | |||
1331 | rdns_proposal.rtdns.sr_len = offsetof(struct sockaddr_rtdns,__builtin_offsetof(struct sockaddr_rtdns, sr_dns) | |||
1332 | sr_dns)__builtin_offsetof(struct sockaddr_rtdns, sr_dns); | |||
1333 | frontend_imsg_compose_resolver(IMSG_REPLACE_DNS, 0, | |||
1334 | &rdns_proposal, sizeof(rdns_proposal)); | |||
1335 | break; | |||
1336 | case RTM_IFINFO0xe: | |||
1337 | frontend_imsg_compose_resolver(IMSG_NETWORK_CHANGED, 0, NULL((void*)0), | |||
1338 | 0); | |||
1339 | break; | |||
1340 | case RTM_PROPOSAL0x13: | |||
1341 | if (!(rtm->rtm_addrs & RTA_DNS0x1000)) | |||
1342 | break; | |||
1343 | ||||
1344 | rtdns = (struct sockaddr_rtdns*)rti_info[RTAX_DNS12]; | |||
1345 | rdns_proposal.if_index = rtm->rtm_index; | |||
1346 | rdns_proposal.src = rtm->rtm_priority; | |||
1347 | memcpy(&rdns_proposal.rtdns, rtdns, sizeof(rdns_proposal.rtdns)); | |||
1348 | frontend_imsg_compose_resolver(IMSG_REPLACE_DNS, 0, | |||
1349 | &rdns_proposal, sizeof(rdns_proposal)); | |||
1350 | break; | |||
1351 | case RTM_NEWADDR0xc: | |||
1352 | case RTM_DELADDR0xd: | |||
1353 | case RTM_DESYNC0x10: | |||
1354 | check_available_af(); | |||
1355 | break; | |||
1356 | default: | |||
1357 | break; | |||
1358 | } | |||
1359 | } | |||
1360 | ||||
1361 | void | |||
1362 | add_new_ta(struct trust_anchor_head *tah, char *val) | |||
1363 | { | |||
1364 | struct trust_anchor *ta, *i; | |||
1365 | int cmp; | |||
1366 | ||||
1367 | if ((ta = malloc(sizeof(*ta))) == NULL((void*)0)) | |||
1368 | fatal("%s", __func__); | |||
1369 | if ((ta->ta = strdup(val)) == NULL((void*)0)) | |||
1370 | fatal("%s", __func__); | |||
1371 | ||||
1372 | /* keep the list sorted to prevent churn if the order changes in DNS */ | |||
1373 | TAILQ_FOREACH(i, tah, entry)for((i) = ((tah)->tqh_first); (i) != ((void*)0); (i) = ((i )->entry.tqe_next)) { | |||
1374 | cmp = strcmp(i->ta, ta->ta); | |||
1375 | if ( cmp == 0) { | |||
1376 | /* duplicate */ | |||
1377 | free(ta->ta); | |||
1378 | free(ta); | |||
1379 | return; | |||
1380 | } else if (cmp > 0) { | |||
1381 | TAILQ_INSERT_BEFORE(i, ta, entry)do { (ta)->entry.tqe_prev = (i)->entry.tqe_prev; (ta)-> entry.tqe_next = (i); *(i)->entry.tqe_prev = (ta); (i)-> entry.tqe_prev = &(ta)->entry.tqe_next; } while (0); | |||
1382 | return; | |||
1383 | } | |||
1384 | } | |||
1385 | TAILQ_INSERT_TAIL(tah, ta, entry)do { (ta)->entry.tqe_next = ((void*)0); (ta)->entry.tqe_prev = (tah)->tqh_last; *(tah)->tqh_last = (ta); (tah)-> tqh_last = &(ta)->entry.tqe_next; } while (0); | |||
1386 | } | |||
1387 | ||||
1388 | void | |||
1389 | free_tas(struct trust_anchor_head *tah) | |||
1390 | { | |||
1391 | struct trust_anchor *ta; | |||
1392 | ||||
1393 | while ((ta = TAILQ_FIRST(tah)((tah)->tqh_first))) { | |||
1394 | TAILQ_REMOVE(tah, ta, entry)do { if (((ta)->entry.tqe_next) != ((void*)0)) (ta)->entry .tqe_next->entry.tqe_prev = (ta)->entry.tqe_prev; else ( tah)->tqh_last = (ta)->entry.tqe_prev; *(ta)->entry. tqe_prev = (ta)->entry.tqe_next; ; ; } while (0); | |||
1395 | free(ta->ta); | |||
1396 | free(ta); | |||
1397 | } | |||
1398 | } | |||
1399 | ||||
1400 | int | |||
1401 | merge_tas(struct trust_anchor_head *newh, struct trust_anchor_head *oldh) | |||
1402 | { | |||
1403 | struct trust_anchor *i, *j; | |||
1404 | int chg = 0; | |||
1405 | ||||
1406 | j = TAILQ_FIRST(oldh)((oldh)->tqh_first); | |||
1407 | ||||
1408 | TAILQ_FOREACH(i, newh, entry)for((i) = ((newh)->tqh_first); (i) != ((void*)0); (i) = (( i)->entry.tqe_next)) { | |||
1409 | if (j == NULL((void*)0) || strcmp(i->ta, j->ta) != 0) { | |||
1410 | chg = 1; | |||
1411 | break; | |||
1412 | } | |||
1413 | j = TAILQ_NEXT(j, entry)((j)->entry.tqe_next); | |||
1414 | } | |||
1415 | if (j != NULL((void*)0)) | |||
1416 | chg = 1; | |||
1417 | ||||
1418 | if (chg) { | |||
1419 | free_tas(oldh); | |||
1420 | TAILQ_CONCAT(oldh, newh, entry)do { if (!(((newh)->tqh_first) == ((void*)0))) { *(oldh)-> tqh_last = (newh)->tqh_first; (newh)->tqh_first->entry .tqe_prev = (oldh)->tqh_last; (oldh)->tqh_last = (newh) ->tqh_last; do { ((newh))->tqh_first = ((void*)0); ((newh ))->tqh_last = &((newh))->tqh_first; } while (0); } } while (0); | |||
1421 | } else { | |||
1422 | free_tas(newh); | |||
1423 | } | |||
1424 | return (chg); | |||
1425 | } | |||
1426 | ||||
1427 | void | |||
1428 | parse_trust_anchor(struct trust_anchor_head *tah, int fd) | |||
1429 | { | |||
1430 | size_t len, dname_len; | |||
1431 | ssize_t n, sz; | |||
1432 | uint8_t rr[LDNS_RR_BUF_SIZE65535]; | |||
1433 | char *str, *p, buf[512], *line; | |||
1434 | ||||
1435 | sz = 0; | |||
1436 | str = NULL((void*)0); | |||
1437 | ||||
1438 | while ((n = read(fd, buf, sizeof(buf))) > 0) { | |||
1439 | p = recallocarray(str, sz, sz + n, 1); | |||
1440 | if (p == NULL((void*)0)) { | |||
1441 | log_warn("%s", __func__)uw_log_warn("%s", __func__); | |||
1442 | goto out; | |||
1443 | } | |||
1444 | str = p; | |||
1445 | memcpy(str + sz, buf, n); | |||
1446 | sz += n; | |||
1447 | } | |||
1448 | ||||
1449 | if (n == -1) { | |||
1450 | log_warn("%s", __func__)uw_log_warn("%s", __func__); | |||
1451 | goto out; | |||
1452 | } | |||
1453 | ||||
1454 | /* make it a string */ | |||
1455 | p = recallocarray(str, sz, sz + 1, 1); | |||
1456 | if (p == NULL((void*)0)) { | |||
1457 | log_warn("%s", __func__)uw_log_warn("%s", __func__); | |||
1458 | goto out; | |||
1459 | } | |||
1460 | str = p; | |||
1461 | sz++; | |||
1462 | ||||
1463 | len = sizeof(rr); | |||
1464 | ||||
1465 | while ((line = strsep(&p, "\n")) != NULL((void*)0)) { | |||
1466 | if (sldns_str2wire_rr_buf(line, rr, &len, &dname_len, | |||
1467 | ROOT_DNSKEY_TTL172800, NULL((void*)0), 0, NULL((void*)0), 0) != 0) | |||
1468 | continue; | |||
1469 | if (sldns_wirerr_get_type(rr, len, dname_len) == | |||
1470 | LDNS_RR_TYPE_DNSKEY) | |||
1471 | add_new_ta(tah, line); | |||
1472 | } | |||
1473 | ||||
1474 | out: | |||
1475 | free(str); | |||
1476 | return; | |||
1477 | } | |||
1478 | ||||
1479 | void | |||
1480 | send_trust_anchors(struct trust_anchor_head *tah) | |||
1481 | { | |||
1482 | struct trust_anchor *ta; | |||
1483 | ||||
1484 | TAILQ_FOREACH(ta, tah, entry)for((ta) = ((tah)->tqh_first); (ta) != ((void*)0); (ta) = ( (ta)->entry.tqe_next)) | |||
1485 | frontend_imsg_compose_resolver(IMSG_NEW_TA, 0, ta->ta, | |||
1486 | strlen(ta->ta) + 1); | |||
1487 | frontend_imsg_compose_resolver(IMSG_NEW_TAS_DONE, 0, NULL((void*)0), 0); | |||
1488 | } | |||
1489 | ||||
1490 | void | |||
1491 | write_trust_anchors(struct trust_anchor_head *tah, int fd) | |||
1492 | { | |||
1493 | struct trust_anchor *ta; | |||
1494 | size_t len = 0; | |||
1495 | ssize_t n; | |||
1496 | char *str; | |||
1497 | ||||
1498 | if (lseek(fd, 0, SEEK_SET0) == -1) { | |||
1499 | log_warn("%s", __func__)uw_log_warn("%s", __func__); | |||
1500 | goto out; | |||
1501 | } | |||
1502 | ||||
1503 | TAILQ_FOREACH(ta, tah, entry)for((ta) = ((tah)->tqh_first); (ta) != ((void*)0); (ta) = ( (ta)->entry.tqe_next)) { | |||
1504 | if ((n = asprintf(&str, "%s\n", ta->ta)) == -1) { | |||
1505 | log_warn("%s", __func__)uw_log_warn("%s", __func__); | |||
1506 | len = 0; | |||
1507 | goto out; | |||
1508 | } | |||
1509 | len += n; | |||
1510 | if (write(fd, str, n) != n) { | |||
1511 | log_warn("%s", __func__)uw_log_warn("%s", __func__); | |||
1512 | free(str); | |||
1513 | len = 0; | |||
1514 | goto out; | |||
1515 | } | |||
1516 | free(str); | |||
1517 | } | |||
1518 | out: | |||
1519 | ftruncate(fd, len); | |||
1520 | fsync(fd); | |||
1521 | } | |||
1522 | ||||
1523 | void | |||
1524 | parse_blocklist(int fd) | |||
1525 | { | |||
1526 | FILE *f; | |||
1527 | struct bl_node *bl_node; | |||
1528 | char *line = NULL((void*)0); | |||
1529 | size_t linesize = 0; | |||
1530 | ssize_t linelen; | |||
1531 | ||||
1532 | if((f = fdopen(fd, "r")) == NULL((void*)0)) { | |||
1533 | log_warn("cannot read block list")uw_log_warn("cannot read block list"); | |||
1534 | close(fd); | |||
1535 | return; | |||
1536 | } | |||
1537 | ||||
1538 | free_bl(); | |||
1539 | ||||
1540 | while ((linelen = getline(&line, &linesize, f)) != -1) { | |||
1541 | if (line[linelen - 1] == '\n') { | |||
1542 | if (linelen >= 2 && line[linelen - 2] != '.') | |||
1543 | line[linelen - 1] = '.'; | |||
1544 | else | |||
1545 | line[linelen - 1] = '\0'; | |||
1546 | } | |||
1547 | ||||
1548 | bl_node = malloc(sizeof *bl_node); | |||
1549 | if (bl_node == NULL((void*)0)) | |||
1550 | fatal("%s: malloc", __func__); | |||
1551 | if ((bl_node->domain = strdup(line)) == NULL((void*)0)) | |||
1552 | fatal("%s: strdup", __func__); | |||
1553 | if (RB_INSERT(bl_tree, &bl_head, bl_node)bl_tree_RB_INSERT(&bl_head, bl_node) != NULL((void*)0)) { | |||
1554 | log_warnx("duplicate blocked domain \"%s\"", line); | |||
1555 | free(bl_node->domain); | |||
1556 | free(bl_node); | |||
1557 | } | |||
1558 | } | |||
1559 | free(line); | |||
1560 | if (ferror(f)(!__isthreaded ? (((f)->_flags & 0x0040) != 0) : (ferror )(f))) | |||
1561 | log_warn("getline")uw_log_warn("getline"); | |||
1562 | fclose(f); | |||
1563 | } | |||
1564 | ||||
1565 | int | |||
1566 | bl_cmp(struct bl_node *e1, struct bl_node *e2) { | |||
1567 | return (strcasecmp(e1->domain, e2->domain)); | |||
1568 | } | |||
1569 | ||||
1570 | void | |||
1571 | free_bl(void) | |||
1572 | { | |||
1573 | struct bl_node *n, *nxt; | |||
1574 | ||||
1575 | RB_FOREACH_SAFE(n, bl_tree, &bl_head, nxt)for ((n) = bl_tree_RB_MINMAX(&bl_head, -1); ((n) != ((void *)0)) && ((nxt) = bl_tree_RB_NEXT(n), 1); (n) = (nxt) ) { | |||
1576 | RB_REMOVE(bl_tree, &bl_head, n)bl_tree_RB_REMOVE(&bl_head, n); | |||
1577 | free(n->domain); | |||
1578 | free(n); | |||
1579 | } | |||
1580 | } | |||
1581 | ||||
1582 | int | |||
1583 | pending_query_cnt(void) | |||
1584 | { | |||
1585 | struct pending_query *e; | |||
1586 | int cnt = 0; | |||
1587 | ||||
1588 | TAILQ_FOREACH(e, &pending_queries, entry)for((e) = ((&pending_queries)->tqh_first); (e) != ((void *)0); (e) = ((e)->entry.tqe_next)) | |||
1589 | cnt++; | |||
1590 | return cnt; | |||
1591 | } | |||
1592 | ||||
1593 | void | |||
1594 | accept_paused(int fd, short events, void *arg) | |||
1595 | { | |||
1596 | struct tcp_accept_ev *tcpev = arg; | |||
1597 | event_add(&tcpev->ev, NULL((void*)0)); | |||
1598 | } | |||
1599 | ||||
1600 | int | |||
1601 | accept_reserve(int sockfd, struct sockaddr *addr, socklen_t *addrlen) | |||
1602 | { | |||
1603 | if (getdtablecount() + FD_RESERVE5 >= getdtablesize()) { | |||
1604 | log_debug("%s: inflight fds exceeded", __func__); | |||
1605 | errno(*__errno()) = EMFILE24; | |||
1606 | return -1; | |||
1607 | } | |||
1608 | return accept4(sockfd, addr, addrlen, SOCK_NONBLOCK0x4000 | SOCK_CLOEXEC0x8000); | |||
1609 | } | |||
1610 | ||||
1611 | void | |||
1612 | tcp_accept(int fd, short events, void *arg) | |||
1613 | { | |||
1614 | static struct timeval timeout = {TCP_TIMEOUT15, 0}; | |||
1615 | static struct timeval backoff = {1, 0}; | |||
1616 | struct pending_query *pq; | |||
1617 | struct tcp_accept_ev *tcpev; | |||
1618 | struct sockaddr_storage ss; | |||
1619 | socklen_t len; | |||
1620 | int s; | |||
1621 | ||||
1622 | tcpev = arg; | |||
1623 | len = sizeof(ss); | |||
1624 | ||||
1625 | if ((s = accept_reserve(fd, (struct sockaddr *)&ss, &len)) == -1) { | |||
1626 | switch (errno(*__errno())) { | |||
1627 | case EINTR4: | |||
1628 | case EWOULDBLOCK35: | |||
1629 | case ECONNABORTED53: | |||
1630 | return; | |||
1631 | case EMFILE24: | |||
1632 | case ENFILE23: | |||
1633 | event_del(&tcpev->ev); | |||
1634 | evtimer_add(&tcpev->pause, &backoff)event_add(&tcpev->pause, &backoff); | |||
1635 | return; | |||
1636 | default: | |||
1637 | fatal("accept"); | |||
1638 | } | |||
1639 | } | |||
1640 | ||||
1641 | if ((pq = calloc(1, sizeof(*pq))) == NULL((void*)0)) { | |||
1642 | log_warn(NULL)uw_log_warn(((void*)0)); | |||
1643 | close(s); | |||
1644 | return; | |||
1645 | } | |||
1646 | ||||
1647 | do { | |||
1648 | arc4random_buf(&pq->imsg_id, sizeof(pq->imsg_id)); | |||
1649 | } while(find_pending_query(pq->imsg_id) != NULL((void*)0)); | |||
1650 | ||||
1651 | TAILQ_INSERT_TAIL(&pending_queries, pq, entry)do { (pq)->entry.tqe_next = ((void*)0); (pq)->entry.tqe_prev = (&pending_queries)->tqh_last; *(&pending_queries )->tqh_last = (pq); (&pending_queries)->tqh_last = & (pq)->entry.tqe_next; } while (0); | |||
1652 | ||||
1653 | pq->from = ss; | |||
1654 | pq->fd = s; | |||
1655 | pq->tcp = 1; | |||
1656 | pq->qbuf = sldns_buffer_new(DEFAULT_TCP_SIZE512); | |||
1657 | pq->region = regional_create(); | |||
1658 | pq->qmsg = regional_alloc(pq->region, sizeof(*pq->qmsg)); | |||
1659 | ||||
1660 | if (!pq->qbuf || !pq->region || !pq->qmsg) { | |||
1661 | free_pending_query(pq); | |||
1662 | return; | |||
1663 | } | |||
1664 | ||||
1665 | memset(pq->qmsg, 0, sizeof(*pq->qmsg)); | |||
1666 | ||||
1667 | event_set(&pq->ev, s, EV_READ0x02 | EV_PERSIST0x10, tcp_request, pq); | |||
1668 | event_add(&pq->ev, NULL((void*)0)); | |||
1669 | event_set(&pq->resp_ev, s, EV_WRITE0x04 | EV_PERSIST0x10, tcp_response, pq); | |||
1670 | ||||
1671 | evtimer_set(&pq->tmo_ev, tcp_timeout, pq)event_set(&pq->tmo_ev, -1, 0, tcp_timeout, pq); | |||
1672 | evtimer_add(&pq->tmo_ev, &timeout)event_add(&pq->tmo_ev, &timeout); | |||
1673 | } | |||
1674 | ||||
1675 | void | |||
1676 | tcp_request(int fd, short events, void *arg) | |||
1677 | { | |||
1678 | struct pending_query *pq; | |||
1679 | ssize_t n; | |||
1680 | ||||
1681 | pq = arg; | |||
1682 | ||||
1683 | n = read(fd, sldns_buffer_current(pq->qbuf), | |||
1684 | sldns_buffer_remaining(pq->qbuf)); | |||
1685 | ||||
1686 | switch (n) { | |||
1687 | case -1: | |||
1688 | switch (errno(*__errno())) { | |||
1689 | case EINTR4: | |||
1690 | case EAGAIN35: | |||
1691 | return; | |||
1692 | default: | |||
1693 | goto fail; | |||
1694 | } | |||
1695 | break; | |||
1696 | case 0: | |||
1697 | log_debug("closed connection"); | |||
1698 | goto fail; | |||
1699 | default: | |||
1700 | break; | |||
1701 | } | |||
1702 | ||||
1703 | sldns_buffer_skip(pq->qbuf, n); | |||
1704 | ||||
1705 | if (sldns_buffer_position(pq->qbuf) >= 2 && !pq->abuf) { | |||
1706 | struct sldns_buffer *tmp; | |||
1707 | uint16_t len; | |||
1708 | ||||
1709 | sldns_buffer_flip(pq->qbuf); | |||
1710 | len = sldns_buffer_read_u16(pq->qbuf); | |||
1711 | tmp = sldns_buffer_new(len); | |||
1712 | pq->abuf = sldns_buffer_new(len); | |||
1713 | ||||
1714 | if (!tmp || !pq->abuf) | |||
1715 | goto fail; | |||
1716 | ||||
1717 | sldns_buffer_write(tmp, sldns_buffer_current(pq->qbuf), | |||
1718 | sldns_buffer_remaining(pq->qbuf)); | |||
1719 | sldns_buffer_free(pq->qbuf); | |||
1720 | pq->qbuf = tmp; | |||
1721 | } | |||
1722 | if (sldns_buffer_remaining(pq->qbuf) == 0) { | |||
1723 | sldns_buffer_flip(pq->qbuf); | |||
1724 | shutdown(fd, SHUT_RD0); | |||
1725 | event_del(&pq->ev); | |||
1726 | handle_query(pq); | |||
1727 | } | |||
1728 | return; | |||
1729 | fail: | |||
1730 | free_pending_query(pq); | |||
1731 | } | |||
1732 | ||||
1733 | void | |||
1734 | tcp_response(int fd, short events, void *arg) | |||
1735 | { | |||
1736 | struct pending_query *pq; | |||
1737 | ssize_t n; | |||
1738 | ||||
1739 | pq = arg; | |||
1740 | ||||
1741 | n = write(fd, sldns_buffer_current(pq->abuf), | |||
1742 | sldns_buffer_remaining(pq->abuf)); | |||
1743 | ||||
1744 | if (n == -1) { | |||
| ||||
1745 | if (errno(*__errno()) == EAGAIN35 || errno(*__errno()) == EINTR4) | |||
1746 | return; | |||
1747 | free_pending_query(pq); | |||
1748 | } | |||
1749 | sldns_buffer_skip(pq->abuf, n); | |||
| ||||
1750 | if (sldns_buffer_remaining(pq->abuf) == 0) | |||
1751 | free_pending_query(pq); | |||
1752 | } | |||
1753 | ||||
1754 | void | |||
1755 | tcp_timeout(int fd, short events, void *arg) | |||
1756 | { | |||
1757 | free_pending_query(arg); | |||
1758 | } | |||
1759 | ||||
1760 | void | |||
1761 | check_available_af() | |||
1762 | { | |||
1763 | static int available_af = HAVE_IPV41 | HAVE_IPV62; | |||
1764 | static int rtable = -1; | |||
1765 | struct ifaddrs *ifap, *ifa; | |||
1766 | struct if_data *ifa_data; | |||
1767 | struct sockaddr_in *sin4; | |||
1768 | struct sockaddr_in6 *sin6; | |||
1769 | int new_available_af = 0, ifa_rtable = -1; | |||
1770 | ||||
1771 | if (rtable == -1) | |||
1772 | rtable = getrtable(); | |||
1773 | ||||
1774 | if (getifaddrs(&ifap) != 0) { | |||
1775 | log_warn("getifaddrs")uw_log_warn("getifaddrs"); | |||
1776 | return; | |||
1777 | } | |||
1778 | ||||
1779 | for (ifa = ifap; ifa != NULL((void*)0); ifa = ifa->ifa_next) { | |||
1780 | if (ifa->ifa_addr == NULL((void*)0)) | |||
1781 | continue; | |||
1782 | switch(ifa->ifa_addr->sa_family) { | |||
1783 | case AF_LINK18: | |||
1784 | /* AF_LINK comes before inet / inet6 on an interface */ | |||
1785 | ifa_data = (struct if_data *)ifa->ifa_data; | |||
1786 | ifa_rtable = ifa_data->ifi_rdomain; | |||
1787 | break; | |||
1788 | case AF_INET2: | |||
1789 | if (ifa_rtable != rtable) | |||
1790 | continue; | |||
1791 | ||||
1792 | sin4 = (struct sockaddr_in *)ifa->ifa_addr; | |||
1793 | if ((ntohl(sin4->sin_addr.s_addr)(__uint32_t)(__builtin_constant_p(sin4->sin_addr.s_addr) ? (__uint32_t)(((__uint32_t)(sin4->sin_addr.s_addr) & 0xff ) << 24 | ((__uint32_t)(sin4->sin_addr.s_addr) & 0xff00) << 8 | ((__uint32_t)(sin4->sin_addr.s_addr) & 0xff0000) >> 8 | ((__uint32_t)(sin4->sin_addr .s_addr) & 0xff000000) >> 24) : __swap32md(sin4-> sin_addr.s_addr)) >> 24) == | |||
1794 | IN_LOOPBACKNET127) | |||
1795 | continue; | |||
1796 | new_available_af |= HAVE_IPV41; | |||
1797 | break; | |||
1798 | case AF_INET624: | |||
1799 | if (ifa_rtable != rtable) | |||
1800 | continue; | |||
1801 | ||||
1802 | sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; | |||
1803 | if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr)((*(const u_int32_t *)(const void *)(&(&sin6->sin6_addr )->__u6_addr.__u6_addr8[0]) == 0) && (*(const u_int32_t *)(const void *)(&(&sin6->sin6_addr)->__u6_addr .__u6_addr8[4]) == 0) && (*(const u_int32_t *)(const void *)(&(&sin6->sin6_addr)->__u6_addr.__u6_addr8[8 ]) == 0) && (*(const u_int32_t *)(const void *)(& (&sin6->sin6_addr)->__u6_addr.__u6_addr8[12]) == (__uint32_t )(__builtin_constant_p(1) ? (__uint32_t)(((__uint32_t)(1) & 0xff) << 24 | ((__uint32_t)(1) & 0xff00) << 8 | ((__uint32_t)(1) & 0xff0000) >> 8 | ((__uint32_t )(1) & 0xff000000) >> 24) : __swap32md(1)))) || | |||
1804 | IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)(((&sin6->sin6_addr)->__u6_addr.__u6_addr8[0] == 0xfe ) && (((&sin6->sin6_addr)->__u6_addr.__u6_addr8 [1] & 0xc0) == 0x80)) || | |||
1805 | IN6_IS_ADDR_MC_LINKLOCAL(&sin6->sin6_addr)(((&sin6->sin6_addr)->__u6_addr.__u6_addr8[0] == 0xff ) && (((&sin6->sin6_addr)->__u6_addr.__u6_addr8 [1] & 0x0f) == 0x02)) || | |||
1806 | IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr)(((&sin6->sin6_addr)->__u6_addr.__u6_addr8[0] == 0xff ) && (((&sin6->sin6_addr)->__u6_addr.__u6_addr8 [1] & 0x0f) == 0x01))) | |||
1807 | continue; | |||
1808 | new_available_af |= HAVE_IPV62; | |||
1809 | break; | |||
1810 | default: | |||
1811 | break; | |||
1812 | } | |||
1813 | if (new_available_af == (HAVE_IPV41 | HAVE_IPV62)) | |||
1814 | break; | |||
1815 | } | |||
1816 | freeifaddrs(ifap); | |||
1817 | if (new_available_af != available_af) { | |||
1818 | available_af = new_available_af; | |||
1819 | frontend_imsg_compose_resolver(IMSG_CHANGE_AFS, 0, | |||
1820 | &available_af, sizeof(available_af)); | |||
1821 | } | |||
1822 | } |