Lines Matching defs:client
1 /* $NetBSD: client.c,v 1.23 2025/01/27 02:16:05 christos Exp $ */
61 #include <ns/client.h>
78 * All client state changes, other than that from idle to listening, occur
82 * If a routine is ever created that allows someone other than the client's
83 * loop to change the client, then the client will have to be locked.
88 ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, \
144 ns_client_dumpmessage(ns_client_t *client, const char *reason);
148 compute_cookie(ns_client_t *client, uint32_t when, const unsigned char *secret,
153 ns_client_transport_type(const ns_client_t *client) {
159 if (!TCP_CLIENT(client)) {
163 INSIST(client->handle != NULL);
165 switch (isc_nm_socket_type(client->handle)) {
182 if (isc_nm_has_encryption(client->handle)) {
199 ns_client_recursing(ns_client_t *client) {
200 REQUIRE(NS_CLIENT_VALID(client));
201 REQUIRE(client->state == NS_CLIENTSTATE_WORKING);
203 LOCK(&client->manager->reclock);
204 client->state = NS_CLIENTSTATE_RECURSING;
205 ISC_LIST_APPEND(client->manager->recursing, client, rlink);
206 UNLOCK(&client->manager->reclock);
210 ns_client_killoldestquery(ns_client_t *client) {
212 REQUIRE(NS_CLIENT_VALID(client));
214 LOCK(&client->manager->reclock);
215 oldest = ISC_LIST_HEAD(client->manager->recursing);
217 ISC_LIST_UNLINK(client->manager->recursing, oldest, rlink);
219 ns_stats_increment(client->manager->sctx->nsstats,
222 UNLOCK(&client->manager->reclock);
226 ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
227 UNUSED(client);
233 client_extendederror_reset(ns_client_t *client) {
234 if (client->ede == NULL) {
237 isc_mem_put(client->manager->mctx, client->ede->value,
238 client->ede->length);
239 isc_mem_put(client->manager->mctx, client->ede, sizeof(dns_ednsopt_t));
240 client->ede = NULL;
244 ns_client_extendederror(ns_client_t *client, uint16_t code, const char *text) {
249 REQUIRE(NS_CLIENT_VALID(client));
251 if (client->ede != NULL) {
252 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
259 ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT,
270 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
276 client->ede = isc_mem_get(client->manager->mctx, sizeof(dns_ednsopt_t));
277 client->ede->code = DNS_OPT_EDE;
278 client->ede->length = len;
279 client->ede->value = isc_mem_get(client->manager->mctx, len);
280 memmove(client->ede->value, ede, len);
284 ns_client_endrequest(ns_client_t *client) {
285 INSIST(client->state == NS_CLIENTSTATE_WORKING ||
286 client->state == NS_CLIENTSTATE_RECURSING);
290 if (client->state == NS_CLIENTSTATE_RECURSING) {
291 LOCK(&client->manager->reclock);
292 if (ISC_LINK_LINKED(client, rlink)) {
293 ISC_LIST_UNLINK(client->manager->recursing, client,
296 UNLOCK(&client->manager->reclock);
299 if (client->cleanup != NULL) {
300 (client->cleanup)(client);
301 client->cleanup = NULL;
304 if (client->view != NULL) {
306 if (client->manager->sctx->fuzztype == isc_fuzz_resolver) {
308 dns_view_getadb(client->view, &adb);
315 dns_view_detach(&client->view);
317 if (client->opt != NULL) {
318 INSIST(dns_rdataset_isassociated(client->opt));
319 dns_rdataset_disassociate(client->opt);
320 dns_message_puttemprdataset(client->message, &client->opt);
323 client_extendederror_reset(client);
324 client->signer = NULL;
325 client->udpsize = 512;
326 client->extflags = 0;
327 client->ednsversion = -1;
328 client->additionaldepth = 0;
329 dns_ecs_init(&client->ecs);
330 dns_message_reset(client->message, DNS_MESSAGE_INTENTPARSE);
333 * Clear all client attributes that are specific to the request
335 client->attributes = 0;
337 if (client->manager->sctx->fuzznotify != NULL &&
338 (client->manager->sctx->fuzztype == isc_fuzz_client ||
339 client->manager->sctx->fuzztype == isc_fuzz_tcpclient ||
340 client->manager->sctx->fuzztype == isc_fuzz_resolver))
342 client->manager->sctx->fuzznotify();
348 ns_client_drop(ns_client_t *client, isc_result_t result) {
349 REQUIRE(NS_CLIENT_VALID(client));
350 REQUIRE(client->state == NS_CLIENTSTATE_WORKING ||
351 client->state == NS_CLIENTSTATE_RECURSING);
355 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
363 ns_client_t *client = cbarg;
365 REQUIRE(client->sendhandle == handle);
376 client->sendhandle = NULL;
379 if (!TCP_CLIENT(client) && result == ISC_R_MAXSIZE) {
380 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
383 client->query.attributes &= ~NS_QUERYATTR_ANSWERED;
384 client->rcode_override = dns_rcode_noerror;
385 ns_client_error(client, ISC_R_MAXSIZE);
387 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
399 client_setup_tcp_buffer(ns_client_t *client) {
400 REQUIRE(client->tcpbuf == NULL);
402 client->tcpbuf = client->manager->tcp_buffer;
403 client->tcpbuf_size = NS_CLIENT_TCP_BUFFER_SIZE;
407 client_put_tcp_buffer(ns_client_t *client) {
408 if (client->tcpbuf == NULL) {
412 if (client->tcpbuf != client->manager->tcp_buffer) {
413 isc_mem_put(client->manager->mctx, client->tcpbuf,
414 client->tcpbuf_size);
417 client->tcpbuf = NULL;
418 client->tcpbuf_size = 0;
422 client_allocsendbuf(ns_client_t *client, isc_buffer_t *buffer,
429 if (TCP_CLIENT(client)) {
430 client_setup_tcp_buffer(client);
431 data = client->tcpbuf;
432 isc_buffer_init(buffer, data, client->tcpbuf_size);
434 data = client->sendbuf;
435 if ((client->attributes & NS_CLIENTATTR_HAVECOOKIE) == 0) {
436 if (client->view != NULL) {
437 bufsize = client->view->nocookieudp;
442 bufsize = client->udpsize;
444 if (bufsize > client->udpsize) {
445 bufsize = client->udpsize;
456 client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
461 REQUIRE(client->sendhandle == NULL);
463 if (isc_buffer_base(buffer) == client->tcpbuf) {
465 INSIST(client->tcpbuf_size == NS_CLIENT_TCP_BUFFER_SIZE);
478 isc_mem_get(client->manager->mctx, used);
485 client_put_tcp_buffer(client);
490 client->tcpbuf = new_tcpbuf;
491 client->tcpbuf_size = used;
499 memmove(client->sendbuf, buffer->base, used);
504 client_put_tcp_buffer(client);
506 r.base = client->sendbuf;
512 isc_nmhandle_attach(client->handle, &client->sendhandle);
514 if (isc_nm_is_http_handle(client->handle)) {
515 result = dns_message_response_minttl(client->message, &min_ttl);
517 isc_nm_set_maxage(client->handle, min_ttl);
520 isc_nm_send(client->handle, &r, client_senddone, client);
524 ns_client_sendraw(ns_client_t *client, dns_message_t *message) {
535 REQUIRE(NS_CLIENT_VALID(client));
545 client_allocsendbuf(client, &buffer, &data);
560 r.base[0] = (client->message->id >> 8) & 0xff;
561 r.base[1] = client->message->id & 0xff;
564 if (client->view != NULL) {
565 transport_type = ns_client_transport_type(client);
567 if (client->message->opcode == dns_opcode_update) {
569 } else if ((client->message->flags & DNS_MESSAGEFLAG_RD) != 0) {
574 dns_dt_send(client->view, dtmsgtype, &client->peeraddr,
575 &client->destsockaddr, transport_type, NULL,
576 &client->requesttime, NULL, &buffer);
580 client_sendpkg(client, &buffer);
584 if (client->tcpbuf != NULL) {
585 client_put_tcp_buffer(client);
588 ns_client_drop(client, result);
592 ns_client_send(ns_client_t *client) {
612 REQUIRE(NS_CLIENT_VALID(client));
614 if ((client->query.attributes & NS_QUERYATTR_ANSWERED) != 0) {
623 env = client->manager->aclenv;
627 if (client->message->opcode == dns_opcode_query &&
628 (client->attributes & NS_CLIENTATTR_RA) != 0)
630 client->message->flags |= DNS_MESSAGEFLAG_RA;
633 if ((client->attributes & NS_CLIENTATTR_WANTDNSSEC) != 0) {
640 if (client->view != NULL) {
641 if (client->view->preferred_glue == dns_rdatatype_a) {
643 } else if (client->view->preferred_glue == dns_rdatatype_aaaa) {
648 if (isc_sockaddr_pf(&client->peeraddr) == AF_INET) {
658 if ((client->attributes & NS_CLIENTATTR_WANTOPT) != 0) {
659 result = ns_client_addopt(client, client->message,
660 &client->opt);
666 client_allocsendbuf(client, &buffer, &data);
668 if (client->peeraddr_valid && client->view != NULL) {
672 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
673 if (client->message->tsigkey != NULL) {
674 name = client->message->tsigkey->name;
677 if (client->view->nocasecompress == NULL ||
679 client->view->nocasecompress, env))
684 if (!client->view->msgcompression) {
688 dns_compress_init(&cctx, client->manager->mctx, compflags);
691 result = dns_message_renderbegin(client->message, &cctx, &buffer);
696 if (client->opt != NULL) {
697 result = dns_message_setopt(client->message, client->opt);
699 client->opt = NULL;
704 result = dns_message_rendersection(client->message,
707 client->message->flags |= DNS_MESSAGEFLAG_TC;
716 if ((client->message->flags & DNS_MESSAGEFLAG_TC) != 0) {
719 result = dns_message_rendersection(client->message, DNS_SECTION_ANSWER,
723 client->message->flags |= DNS_MESSAGEFLAG_TC;
730 client->message, DNS_SECTION_AUTHORITY,
733 client->message->flags |= DNS_MESSAGEFLAG_TC;
739 result = dns_message_rendersection(client->message,
746 result = dns_message_renderend(client->message);
753 if (((client->message->flags & DNS_MESSAGEFLAG_AA) != 0) &&
754 (client->query.authzone != NULL))
758 dns_name_t *zo = dns_zone_getorigin(client->query.authzone);
768 if (client->message->opcode == dns_opcode_update) {
770 } else if ((client->message->flags & DNS_MESSAGEFLAG_RD) != 0) {
776 transport_type = ns_client_transport_type(client);
783 if (client->sendcb != NULL) {
784 client->sendcb(&buffer);
785 } else if (TCP_CLIENT(client)) {
788 if (client->view != NULL) {
789 dns_dt_send(client->view, dtmsgtype, &client->peeraddr,
790 &client->destsockaddr, transport_type, &zr,
791 &client->requesttime, NULL, &buffer);
797 client_sendpkg(client, &buffer);
799 switch (isc_sockaddr_pf(&client->peeraddr)) {
801 isc_histomulti_inc(client->manager->sctx->tcpoutstats4,
805 isc_histomulti_inc(client->manager->sctx->tcpoutstats6,
815 * leave client->view set to NULL.
817 if (client->view != NULL) {
818 dns_dt_send(client->view, dtmsgtype, &client->peeraddr,
819 &client->destsockaddr, transport_type, &zr,
820 &client->requesttime, NULL, &buffer);
826 client_sendpkg(client, &buffer);
828 switch (isc_sockaddr_pf(&client->peeraddr)) {
830 isc_histomulti_inc(client->manager->sctx->udpoutstats4,
834 isc_histomulti_inc(client->manager->sctx->udpoutstats6,
843 ns_stats_increment(client->manager->sctx->nsstats,
846 dns_rcodestats_increment(client->manager->sctx->rcodestats,
847 client->message->rcode);
849 ns_stats_increment(client->manager->sctx->nsstats,
852 if (client->message->tsigkey != NULL) {
853 ns_stats_increment(client->manager->sctx->nsstats,
856 if (client->message->sig0key != NULL) {
857 ns_stats_increment(client->manager->sctx->nsstats,
860 if ((client->message->flags & DNS_MESSAGEFLAG_TC) != 0) {
861 ns_stats_increment(client->manager->sctx->nsstats,
865 client->query.attributes |= NS_QUERYATTR_ANSWERED;
870 if (client->tcpbuf != NULL) {
871 client_put_tcp_buffer(client);
908 ns_client_error(ns_client_t *client, isc_result_t result) {
913 REQUIRE(NS_CLIENT_VALID(client));
917 message = client->message;
919 if (client->rcode_override == -1) {
922 rcode = (dns_rcode_t)(client->rcode_override & 0xfff);
934 ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) !=
944 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
948 ns_client_drop(client, ISC_R_SUCCESS);
956 if (client->view != NULL && client->view->rrl != NULL) {
962 if ((client->manager->sctx->options & NS_SERVER_LOGQUERIES) !=
970 rrl_result = dns_rrl(client->view, NULL, &client->peeraddr,
971 TCP_CLIENT(client), dns_rdataclass_in,
973 client->now, wouldlog, log_buf,
983 ns_client_log(client,
992 if (!client->view->rrl->log_only) {
994 client->manager->sctx->nsstats,
997 client->manager->sctx->nsstats,
999 ns_client_drop(client, DNS_R_DROP);
1024 ns_client_drop(client, result);
1037 * with the same ID to the same client less than two
1044 if (isc_sockaddr_equal(&client->peeraddr,
1045 &client->formerrcache.addr) &&
1046 message->id == client->formerrcache.id &&
1047 (isc_time_seconds(&client->requesttime) -
1048 client->formerrcache.time) < 2)
1051 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1055 ns_client_drop(client, result);
1058 client->formerrcache.addr = client->peeraddr;
1059 client->formerrcache.time =
1060 isc_time_seconds(&client->requesttime);
1061 client->formerrcache.id = message->id;
1062 } else if (rcode == dns_rcode_servfail && client->query.qname != NULL &&
1063 client->view != NULL && client->view->fail_ttl != 0 &&
1064 ((client->attributes & NS_CLIENTATTR_NOSETFC) == 0))
1077 isc_interval_set(&i, client->view->fail_ttl, 0);
1080 dns_badcache_add(client->view->failcache,
1081 client->query.qname,
1082 client->query.qtype, flags,
1087 ns_client_send(client);
1091 ns_client_addopt(ns_client_t *client, dns_message_t *message,
1106 REQUIRE(NS_CLIENT_VALID(client));
1110 env = client->manager->aclenv;
1111 view = client->view;
1115 udpsize = client->manager->sctx->udpsize;
1118 flags = client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE;
1121 if (WANTNSID(client)) {
1122 if (client->manager->sctx->server_id != NULL) {
1123 nsidp = client->manager->sctx->server_id;
1124 } else if (client->manager->sctx->usehostname) {
1140 if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) {
1146 compute_cookie(client, now, client->manager->sctx->secret,
1155 if ((client->attributes & NS_CLIENTATTR_HAVEEXPIRE) != 0) {
1161 isc_buffer_putuint32(&buf, client->expire);
1167 if (((client->attributes & NS_CLIENTATTR_HAVEECS) != 0) &&
1168 (client->ecs.addr.family == AF_INET ||
1169 client->ecs.addr.family == AF_INET6 ||
1170 client->ecs.addr.family == AF_UNSPEC))
1179 plen = client->ecs.source;
1184 switch (client->ecs.addr.family) {
1192 memmove(addr, &client->ecs.addr.type, addrl);
1197 memmove(addr, &client->ecs.addr.type, addrl);
1207 isc_buffer_putuint8(&buf, client->ecs.source);
1209 isc_buffer_putuint8(&buf, client->ecs.scope);
1225 if (TCP_CLIENT(client) && USEKEEPALIVE(client)) {
1231 isc_nm_gettimeouts(isc_nmhandle_netmgr(client->handle), NULL,
1242 if (client->ede != NULL) {
1245 ednsopts[count].length = client->ede->length;
1246 ednsopts[count].value = client->ede->value;
1251 if ((view != NULL) && (view->padding > 0) && WANTPAD(client) &&
1252 (TCP_CLIENT(client) ||
1253 ((client->attributes & NS_CLIENTATTR_HAVECOOKIE) != 0)))
1258 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
1279 compute_cookie(ns_client_t *client, uint32_t when, const unsigned char *secret,
1285 switch (client->manager->sctx->cookiealg) {
1292 isc_buffer_putmem(buf, client->cookie, 8);
1300 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
1326 process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
1337 if ((!client->manager->sctx->answercookie) ||
1338 (client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0)
1344 client->attributes |= NS_CLIENTATTR_WANTCOOKIE;
1346 ns_stats_increment(client->manager->sctx->nsstats,
1354 memmove(client->cookie, isc_buffer_current(buf), 8);
1358 ns_stats_increment(client->manager->sctx->nsstats,
1361 ns_stats_increment(client->manager->sctx->nsstats,
1363 client->attributes |= NS_CLIENTATTR_BADCOOKIE;
1372 memmove(client->cookie, old, 8);
1380 * Only accept COOKIE if we have talked to the client in the last hour.
1386 client->attributes |= NS_CLIENTATTR_BADCOOKIE;
1387 ns_stats_increment(client->manager->sctx->nsstats,
1393 compute_cookie(client, when, client->manager->sctx->secret, &db);
1396 ns_stats_increment(client->manager->sctx->nsstats,
1398 client->attributes |= NS_CLIENTATTR_HAVECOOKIE;
1402 for (altsecret = ISC_LIST_HEAD(client->manager->sctx->altsecrets);
1406 compute_cookie(client, when, altsecret->secret, &db);
1408 ns_stats_increment(client->manager->sctx->nsstats,
1410 client->attributes |= NS_CLIENTATTR_HAVECOOKIE;
1415 client->attributes |= NS_CLIENTATTR_BADCOOKIE;
1416 ns_stats_increment(client->manager->sctx->nsstats,
1421 process_ecs(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
1429 if ((client->attributes & NS_CLIENTATTR_HAVEECS) != 0) {
1441 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1443 "EDNS client-subnet option too short");
1453 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1455 "EDNS client-subnet option: invalid scope");
1469 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1471 "EDNS client-subnet option: invalid "
1480 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1482 "EDNS client-subnet option: invalid "
1491 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1493 "EDNS client-subnet option: invalid "
1501 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1503 "EDNS client-subnet option: invalid family");
1509 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
1511 "EDNS client-subnet option: address too short");
1530 memmove(&client->ecs.addr, &caddr, sizeof(caddr));
1531 client->ecs.source = addrlen;
1532 client->ecs.scope = 0;
1533 client->attributes |= NS_CLIENTATTR_HAVEECS;
1540 process_keytag(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
1547 if (client->keytag != NULL) {
1552 client->keytag = isc_mem_get(client->manager->mctx, optlen);
1554 client->keytag_len = (uint16_t)optlen;
1555 memmove(client->keytag, isc_buffer_current(buf), optlen);
1562 process_opt(ns_client_t *client, dns_rdataset_t *opt) {
1570 * Set the client's UDP buffer size.
1572 client->udpsize = opt->rdclass;
1578 if (client->udpsize < 512) {
1579 client->udpsize = 512;
1585 client->extflags = (uint16_t)(opt->ttl & 0xFFFF);
1592 client->ednsversion = (opt->ttl & 0x00FF0000) >> 16;
1593 if (client->ednsversion > DNS_EDNS_VERSION) {
1594 ns_stats_increment(client->manager->sctx->nsstats,
1596 result = ns_client_addopt(client, client->message,
1597 &client->opt);
1601 ns_client_error(client, result);
1617 if (!WANTNSID(client)) {
1619 client->manager->sctx->nsstats,
1622 client->attributes |= NS_CLIENTATTR_WANTNSID;
1626 process_cookie(client, &optbuf, optlen);
1629 if (!WANTEXPIRE(client)) {
1631 client->manager->sctx->nsstats,
1634 client->attributes |= NS_CLIENTATTR_WANTEXPIRE;
1638 result = process_ecs(client, &optbuf, optlen);
1640 ns_client_error(client, result);
1644 client->manager->sctx->nsstats,
1648 if (!USEKEEPALIVE(client)) {
1650 client->manager->sctx->nsstats,
1653 client->attributes |=
1655 isc_nmhandle_keepalive(client->handle, true);
1659 client->attributes |= NS_CLIENTATTR_WANTPAD;
1661 client->manager->sctx->nsstats,
1666 result = process_keytag(client, &optbuf,
1669 ns_client_error(client, result);
1673 client->manager->sctx->nsstats,
1678 client->manager->sctx->nsstats,
1686 ns_stats_increment(client->manager->sctx->nsstats,
1688 client->attributes |= NS_CLIENTATTR_WANTOPT;
1694 ns_client_async_reset(ns_client_t *client) {
1695 if (client->async) {
1696 client->async = false;
1697 if (client->handle != NULL) {
1698 isc_nmhandle_unref(client->handle);
1705 ns_client_t *client = client0;
1707 ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
1708 ISC_LOG_DEBUG(3), "reset client");
1711 * We never started processing this client, possible if we're
1714 if (client->state == NS_CLIENTSTATE_READY) {
1718 ns_client_endrequest(client);
1719 if (client->tcpbuf != NULL) {
1720 client_put_tcp_buffer(client);
1723 if (client->keytag != NULL) {
1724 isc_mem_put(client->manager->mctx, client->keytag,
1725 client->keytag_len);
1726 client->keytag_len = 0;
1729 ns_client_async_reset(client);
1731 client->state = NS_CLIENTSTATE_READY;
1740 ns_client_t *client = client0;
1743 REQUIRE(NS_CLIENT_VALID(client));
1745 manager = client->manager;
1747 ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
1748 ISC_LOG_DEBUG(3), "freeing client");
1751 * Call this first because it requires a valid client.
1753 ns_query_free(client);
1754 client_extendederror_reset(client);
1756 client->magic = 0;
1758 if (client->opt != NULL) {
1759 INSIST(dns_rdataset_isassociated(client->opt));
1760 dns_rdataset_disassociate(client->opt);
1761 dns_message_puttemprdataset(client->message, &client->opt);
1764 ns_client_async_reset(client);
1766 dns_message_detach(&client->message);
1772 isc_mutex_destroy(&client->query.fetchlock);
1774 isc_mem_put(manager->mctx, client, sizeof(*client));
1780 ns_client_setup_view(ns_client_t *client, isc_netaddr_t *netaddr) {
1783 client->sigresult = client->viewmatchresult = ISC_R_UNSET;
1785 if (client->async) {
1786 isc_nmhandle_ref(client->handle);
1789 result = client->manager->sctx->matchingview(
1790 netaddr, &client->destaddr, client->message,
1791 client->manager->aclenv, client->manager->sctx,
1792 client->async ? client->manager->loop : NULL,
1793 ns_client_request_continue, client, &client->sigresult,
1794 &client->viewmatchresult, &client->view);
1798 INSIST(client->async == true);
1805 * 'client->viewmatchresult'.
1807 INSIST(result == client->viewmatchresult);
1810 ns_client_async_reset(client);
1822 ns_client_t *client = NULL;
1837 client = isc_nmhandle_getdata(handle);
1838 if (client == NULL) {
1846 client = isc_mem_get(clientmgr->mctx, sizeof(*client));
1848 ns__client_setup(client, clientmgr, true);
1850 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1852 "allocate new client");
1854 ns__client_setup(client, NULL, false);
1857 client->state = NS_CLIENTSTATE_READY;
1859 if (client->handle == NULL) {
1860 isc_nmhandle_setdata(handle, client, ns__client_reset_cb,
1862 client->handle = handle;
1866 client->attributes |= NS_CLIENTATTR_TCP;
1869 INSIST(client->state == NS_CLIENTSTATE_READY);
1873 isc_buffer_init(&client->tbuffer, region->base, region->length);
1874 isc_buffer_add(&client->tbuffer, region->length);
1875 client->buffer = &client->tbuffer;
1877 client->peeraddr = isc_nmhandle_peeraddr(handle);
1878 client->peeraddr_valid = true;
1880 reqsize = isc_buffer_usedlength(client->buffer);
1882 client->state = NS_CLIENTSTATE_WORKING;
1884 client->requesttime = isc_time_now();
1885 client->tnow = client->requesttime;
1886 client->now = isc_time_seconds(&client->tnow);
1888 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
1891 if (ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) ==
1894 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1902 env = client->manager->aclenv;
1903 if (client->manager->sctx->blackholeacl != NULL &&
1904 (dns_acl_match(&netaddr, NULL, client->manager->sctx->blackholeacl,
1908 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1915 ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT,
1917 TCP_CLIENT(client) ? "TCP" : "UDP");
1919 result = dns_message_peekheader(client->buffer, &id, &flags);
1925 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1939 * The client object handles requests, not responses.
1944 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
1954 if (isc_sockaddr_pf(&client->peeraddr) == PF_INET) {
1955 ns_stats_increment(client->manager->sctx->nsstats,
1958 ns_stats_increment(client->manager->sctx->nsstats,
1961 if (TCP_CLIENT(client)) {
1962 ns_stats_increment(client->manager->sctx->nsstats,
1964 switch (isc_sockaddr_pf(&client->peeraddr)) {
1966 isc_histomulti_inc(client->manager->sctx->tcpinstats4,
1970 isc_histomulti_inc(client->manager->sctx->tcpinstats6,
1977 switch (isc_sockaddr_pf(&client->peeraddr)) {
1979 isc_histomulti_inc(client->manager->sctx->udpinstats4,
1983 isc_histomulti_inc(client->manager->sctx->udpinstats6,
1994 result = dns_message_parse(client->message, client->buffer, 0);
2001 (void)ns_client_addopt(client, client->message,
2002 &client->opt);
2005 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2012 ns_client_error(client, result);
2016 dns_opcodestats_increment(client->manager->sctx->opcodestats,
2017 client->message->opcode);
2018 switch (client->message->opcode) {
2030 client->message->rcode = dns_rcode_noerror;
2031 client->ede = NULL;
2036 if ((client->manager->sctx->options & NS_SERVER_NOEDNS) != 0) {
2039 opt = dns_message_getopt(client->message);
2042 client->ecs.source = 0;
2043 client->ecs.scope = 0;
2050 if ((client->manager->sctx->options & NS_SERVER_EDNSFORMERR) !=
2053 ns_client_error(client, DNS_R_FORMERR);
2060 if ((client->manager->sctx->options & NS_SERVER_EDNSNOTIMP) !=
2063 ns_client_error(client, DNS_R_NOTIMP);
2070 if ((client->manager->sctx->options & NS_SERVER_EDNSREFUSED) !=
2073 ns_client_error(client, DNS_R_REFUSED);
2080 if ((client->manager->sctx->options & NS_SERVER_DROPEDNS) != 0)
2082 ns_client_drop(client, ISC_R_SUCCESS);
2086 result = process_opt(client, opt);
2092 if (client->message->rdclass == 0) {
2093 if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0 &&
2094 client->message->opcode == dns_opcode_query &&
2095 client->message->counts[DNS_SECTION_QUESTION] == 0U)
2097 result = dns_message_reply(client->message, true);
2099 ns_client_error(client, result);
2104 client->message->rcode = dns_rcode_notimp;
2107 ns_client_send(client);
2111 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2114 ns_client_dumpmessage(client, "message class could not be "
2116 ns_client_error(client, notimp ? DNS_R_NOTIMP : DNS_R_FORMERR);
2120 client->destsockaddr = isc_nmhandle_localaddr(handle);
2121 isc_netaddr_fromsockaddr(&client->destaddr, &client->destsockaddr);
2127 client->async = (client->message->tsigkey == NULL &&
2128 client->message->tsig == NULL &&
2129 client->message->sig0 != NULL);
2131 result = ns_client_setup_view(client, &netaddr);
2136 ns_client_request_continue(client);
2141 ns_client_t *client = arg;
2168 INSIST(client->viewmatchresult != ISC_R_UNSET);
2174 if (client->async) {
2175 client->tnow = isc_time_now();
2176 client->now = isc_time_seconds(&client->tnow);
2179 if (client->viewmatchresult != ISC_R_SUCCESS) {
2188 dns_message_resetsig(client->message);
2189 r = dns_message_getrawmessage(client->message);
2192 (void)dns_tsig_verify(&b, client->message, NULL, NULL);
2194 if (client->viewmatchresult == ISC_R_QUOTA) {
2195 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2200 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2204 client, "SIG(0) checks quota reached");
2209 dns_rdataclass_format(client->message->rdclass,
2212 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2216 ns_client_dumpmessage(client,
2220 ns_client_extendederror(client, DNS_EDE_PROHIBITED, NULL);
2221 ns_client_error(client, DNS_R_REFUSED);
2226 if (isc_nm_is_proxy_handle(client->handle)) {
2232 real_peer = isc_nmhandle_real_peeraddr(client->handle);
2234 real_local = isc_nmhandle_real_localaddr(client->handle);
2238 if (ns_client_checkaclsilent(client, &real_peer_addr,
2239 client->view->proxyacl,
2246 client, DNS_LOGCATEGORY_SECURITY,
2249 "for that client (real client address: "
2254 isc_nm_bad_request(client->handle);
2259 if (ns_client_checkaclsilent(client, &real_local_addr,
2260 client->view->proxyonacl,
2267 client, DNS_LOGCATEGORY_SECURITY,
2275 isc_nm_bad_request(client->handle);
2280 ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT,
2281 ISC_LOG_DEBUG(5), "using view '%s'", client->view->name);
2289 client->signer = NULL;
2290 dns_name_init(&client->signername, NULL);
2291 result = dns_message_signer(client->message, &client->signername);
2294 if (dns_message_gettsig(client->message, &signame) != NULL) {
2295 ns_stats_increment(client->manager->sctx->nsstats,
2298 ns_stats_increment(client->manager->sctx->nsstats,
2304 dns_name_format(&client->signername, namebuf, sizeof(namebuf));
2305 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2308 client->signer = &client->signername;
2310 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2314 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2324 ns_stats_increment(client->manager->sctx->nsstats,
2327 if (dns_message_gettsig(client->message, &signame) != NULL) {
2330 status = client->message->tsigstatus;
2335 if (client->message->tsigkey->generated) {
2337 client->message->tsigkey->creator,
2343 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2350 status = client->message->sig0status;
2355 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2366 if (!(client->message->tsigstatus == dns_tsigerror_badkey &&
2367 client->message->opcode == dns_opcode_update))
2369 ns_client_error(client, client->sigresult);
2375 * Decide whether recursive service is available to this client.
2384 if (client->view->resolver == NULL) {
2386 } else if (!client->view->recursion) {
2388 } else if (ns_client_checkaclsilent(client, NULL,
2389 client->view->recursionacl,
2393 } else if (ns_client_checkaclsilent(client, NULL,
2394 client->view->cacheacl,
2398 } else if (ns_client_checkaclsilent(client, &client->destaddr,
2399 client->view->recursiononacl,
2403 } else if (ns_client_checkaclsilent(client, &client->destaddr,
2404 client->view->cacheonacl,
2410 client->attributes |= NS_CLIENTATTR_RA;
2413 ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
2420 * Adjust maximum UDP response size for this client.
2422 if (client->udpsize > 512) {
2424 uint16_t udpsize = client->view->maxudp;
2427 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
2428 (void)dns_peerlist_peerbyaddr(client->view->peers, &netaddr,
2433 if (client->udpsize > udpsize) {
2434 client->udpsize = udpsize;
2439 transport_type = ns_client_transport_type(client);
2445 switch (client->message->opcode) {
2449 if (ra && (client->message->flags & DNS_MESSAGEFLAG_RD) != 0) {
2455 dns_dt_send(client->view, dtmsgtype, &client->peeraddr,
2456 &client->destsockaddr, transport_type, NULL,
2457 &client->requesttime, NULL, client->buffer);
2460 ns_query_start(client, client->handle);
2465 dns_dt_send(client->view, DNS_DTTYPE_UQ, &client->peeraddr,
2466 &client->destsockaddr, transport_type, NULL,
2467 &client->requesttime, NULL, client->buffer);
2469 ns_client_settimeout(client, 60);
2470 ns_update_start(client, client->handle, client->sigresult);
2474 ns_client_settimeout(client, 60);
2475 ns_notify_start(client, client->handle);
2479 ns_client_error(client, DNS_R_NOTIMP);
2483 ns_client_error(client, DNS_R_NOTIMP);
2487 ns_client_async_reset(client);
2525 ns__client_setup(ns_client_t *client, ns_clientmgr_t *mgr, bool new) {
2527 * Note: creating a client does not add the client to the
2528 * manager's client list, the caller is responsible for that.
2533 REQUIRE(client != NULL);
2536 *client = (ns_client_t){ .magic = 0 };
2538 ns_clientmgr_attach(mgr, &client->manager);
2540 dns_message_create(client->manager->mctx,
2541 client->manager->namepool,
2542 client->manager->rdspool,
2543 DNS_MESSAGE_INTENTPARSE, &client->message);
2549 client->magic = NS_CLIENT_MAGIC;
2550 ns_query_init(client);
2552 REQUIRE(NS_CLIENT_VALID(client));
2553 REQUIRE(client->manager->tid == isc_tid());
2556 * Retain these values from the existing client, but
2559 *client = (ns_client_t){
2561 .manager = client->manager,
2562 .message = client->message,
2563 .query = client->query,
2567 client->query.attributes &= ~NS_QUERYATTR_ANSWERED;
2568 client->state = NS_CLIENTSTATE_INACTIVE;
2569 client->udpsize = 512;
2570 client->ednsversion = -1;
2571 dns_name_init(&client->signername, NULL);
2572 dns_ecs_init(&client->ecs);
2573 isc_sockaddr_any(&client->formerrcache.addr);
2574 client->formerrcache.time = 0;
2575 client->formerrcache.id = 0;
2576 ISC_LINK_INIT(client, rlink);
2577 client->rcode_override = -1; /* not set */
2579 client->magic = NS_CLIENT_MAGIC;
2650 ns_client_t *client;
2657 for (client = ISC_LIST_HEAD(manager->recursing); client != NULL;
2658 client = ISC_LIST_NEXT(client, rlink))
2660 ns_query_cancel(client);
2666 ns_client_getsockaddr(ns_client_t *client) {
2667 return &client->peeraddr;
2671 ns_client_getdestaddr(ns_client_t *client) {
2672 return &client->destsockaddr;
2676 ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr,
2679 dns_aclenv_t *env = client->manager->aclenv;
2693 isc_netaddr_fromsockaddr(&tmpnetaddr, &client->peeraddr);
2697 local = isc_nmhandle_localaddr(client->handle);
2700 isc_nm_socket_type(client->handle),
2701 isc_nm_has_encryption(client->handle), client->signer, acl, env,
2721 ns_client_checkacl(ns_client_t *client, isc_sockaddr_t *sockaddr,
2731 result = ns_client_checkaclsilent(client, sockaddr ? &netaddr : NULL,
2735 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2739 ns_client_extendederror(client, DNS_EDE_PROHIBITED, NULL);
2740 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
2748 ns_client_name(ns_client_t *client, char *peerbuf, size_t len) {
2749 if (client->peeraddr_valid) {
2750 isc_sockaddr_format(&client->peeraddr, peerbuf,
2753 snprintf(peerbuf, len, "@%p", client);
2758 ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
2769 REQUIRE(client != NULL);
2773 if (client->signer != NULL) {
2774 dns_name_format(client->signer, signerbuf, sizeof(signerbuf));
2779 q = client->query.origqname != NULL ? client->query.origqname
2780 : client->query.qname;
2788 if (client->view != NULL && strcmp(client->view->name, "_bind") != 0 &&
2789 strcmp(client->view->name, "_default") != 0)
2792 viewname = client->view->name;
2795 if (client->peeraddr_valid) {
2796 isc_sockaddr_format(&client->peeraddr, peerbuf,
2803 "client @%p %s%s%s%s%s%s%s%s: %s", client, peerbuf, sep1,
2808 ns_client_log(ns_client_t *client, isc_logcategory_t *category,
2817 ns_client_logv(client, category, module, level, fmt, ap);
2836 ns_client_dumpmessage(ns_client_t *client, const char *reason) {
2852 buf = isc_mem_get(client->manager->mctx, len);
2855 client->message, &dns_master_style_debug, 0, &buffer);
2857 isc_mem_put(client->manager->mctx, buf, len);
2860 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
2868 isc_mem_put(client->manager->mctx, buf, len);
2874 ns_client_t *client;
2888 client = ISC_LIST_HEAD(manager->recursing);
2889 while (client != NULL) {
2890 INSIST(client->state == NS_CLIENTSTATE_RECURSING);
2892 ns_client_name(client, peerbuf, sizeof(peerbuf));
2893 if (client->view != NULL &&
2894 strcmp(client->view->name, "_bind") != 0 &&
2895 strcmp(client->view->name, "_default") != 0)
2897 name = client->view->name;
2904 LOCK(&client->query.fetchlock);
2905 INSIST(client->query.qname != NULL);
2906 dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
2907 if (client->query.qname != client->query.origqname &&
2908 client->query.origqname != NULL)
2911 dns_name_format(client->query.origqname, original,
2917 rdataset = ISC_LIST_HEAD(client->query.qname->list);
2918 if (rdataset == NULL && client->query.origqname != NULL) {
2919 rdataset = ISC_LIST_HEAD(client->query.origqname->list);
2930 UNLOCK(&client->query.fetchlock);
2932 "; client %s%s%s: id %u '%s/%s/%s'%s%s "
2934 peerbuf, sep, name, client->message->id, namebuf,
2936 isc_time_seconds(&client->requesttime));
2937 client = ISC_LIST_NEXT(client, rlink);
2943 ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) {
2944 LOCK(&client->query.fetchlock);
2945 if (client->query.restarts > 0) {
2947 * client->query.qname was dynamically allocated.
2949 dns_message_puttempname(client->message, &client->query.qname);
2951 client->query.qname = name;
2952 client->query.attributes &= ~NS_QUERYATTR_REDIRECT;
2953 UNLOCK(&client->query.fetchlock);
2958 ns_client_t *client = (ns_client_t *)ci->data;
2960 REQUIRE(NS_CLIENT_VALID(client));
2963 *addrp = &client->peeraddr;
2968 ns_client_newrdataset(ns_client_t *client) {
2971 REQUIRE(NS_CLIENT_VALID(client));
2974 dns_message_gettemprdataset(client->message, &rdataset);
2980 ns_client_putrdataset(ns_client_t *client, dns_rdataset_t **rdatasetp) {
2983 REQUIRE(NS_CLIENT_VALID(client));
2992 dns_message_puttemprdataset(client->message, rdatasetp);
2997 ns_client_newnamebuf(ns_client_t *client) {
3002 isc_buffer_allocate(client->manager->mctx, &dbuf, 1024);
3003 ISC_LIST_APPEND(client->query.namebufs, dbuf, link);
3010 ns_client_newname(ns_client_t *client, isc_buffer_t *dbuf, isc_buffer_t *nbuf) {
3014 REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) == 0);
3018 dns_message_gettempname(client->message, &name);
3023 client->query.attributes |= NS_QUERYATTR_NAMEBUFUSED;
3030 ns_client_getnamebuf(ns_client_t *client) {
3040 if (ISC_LIST_EMPTY(client->query.namebufs)) {
3041 ns_client_newnamebuf(client);
3044 dbuf = ISC_LIST_TAIL(client->query.namebufs);
3048 ns_client_newnamebuf(client);
3049 dbuf = ISC_LIST_TAIL(client->query.namebufs);
3058 ns_client_keepname(ns_client_t *client, dns_name_t *name, isc_buffer_t *dbuf) {
3067 REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) != 0);
3072 client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
3076 ns_client_releasename(ns_client_t *client, dns_name_t **namep) {
3084 client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
3085 dns_message_puttempname(client->message, namep);
3090 ns_client_newdbversion(ns_client_t *client, unsigned int n) {
3095 dbversion = isc_mem_get(client->manager->mctx,
3098 ISC_LIST_INITANDAPPEND(client->query.freeversions, dbversion,
3106 client_getdbversion(ns_client_t *client) {
3109 if (ISC_LIST_EMPTY(client->query.freeversions)) {
3110 ns_client_newdbversion(client, 1);
3112 dbversion = ISC_LIST_HEAD(client->query.freeversions);
3114 ISC_LIST_UNLINK(client->query.freeversions, dbversion, link);
3120 ns_client_findversion(ns_client_t *client, dns_db_t *db) {
3123 for (dbversion = ISC_LIST_HEAD(client->query.activeversions);
3136 dbversion = client_getdbversion(client);
3144 ISC_LIST_APPEND(client->query.activeversions, dbversion, link);