1 /*
2 * daemon/daemon.c - collection of workers that handles requests.
3 *
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36 /**
37 * \file
38 *
39 * The daemon consists of global settings and a number of workers.
40 */
41
42 #include "config.h"
43 #ifdef HAVE_OPENSSL_ERR_H
44 #include <openssl/err.h>
45 #endif
46
47 #ifdef HAVE_OPENSSL_RAND_H
48 #include <openssl/rand.h>
49 #endif
50
51 #ifdef HAVE_OPENSSL_CONF_H
52 #include <openssl/conf.h>
53 #endif
54
55 #ifdef HAVE_OPENSSL_ENGINE_H
56 #include <openssl/engine.h>
57 #endif
58
59 #ifdef HAVE_TIME_H
60 #include <time.h>
61 #endif
62 #include <sys/time.h>
63
64 #ifdef HAVE_NSS
65 /* nss3 */
66 #include "nss.h"
67 #endif
68
69 #include "daemon/daemon.h"
70 #include "daemon/worker.h"
71 #include "daemon/remote.h"
72 #include "daemon/acl_list.h"
73 #include "util/log.h"
74 #include "util/config_file.h"
75 #include "util/data/msgreply.h"
76 #include "util/shm_side/shm_main.h"
77 #include "util/storage/lookup3.h"
78 #include "util/storage/slabhash.h"
79 #include "util/tcp_conn_limit.h"
80 #include "util/edns.h"
81 #include "services/listen_dnsport.h"
82 #include "services/cache/rrset.h"
83 #include "services/cache/infra.h"
84 #include "services/localzone.h"
85 #include "services/view.h"
86 #include "services/modstack.h"
87 #include "services/authzone.h"
88 #include "util/module.h"
89 #include "util/random.h"
90 #include "util/tube.h"
91 #include "util/net_help.h"
92 #include "sldns/keyraw.h"
93 #include "respip/respip.h"
94 #include <signal.h>
95
96 #ifdef HAVE_SYSTEMD
97 #include <systemd/sd-daemon.h>
98 #endif
99 #ifdef HAVE_NETDB_H
100 #include <netdb.h>
101 #endif
102
103 /** How many quit requests happened. */
104 static int sig_record_quit = 0;
105 /** How many reload requests happened. */
106 static int sig_record_reload = 0;
107
108 #if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
109 /** cleaner ssl memory freeup */
110 static void* comp_meth = NULL;
111 #endif
112 /** remove buffers for parsing and init */
113 int ub_c_lex_destroy(void);
114
115 /** used when no other sighandling happens, so we don't die
116 * when multiple signals in quick succession are sent to us.
117 * @param sig: signal number.
118 * @return signal handler return type (void or int).
119 */
record_sigh(int sig)120 static RETSIGTYPE record_sigh(int sig)
121 {
122 #ifdef LIBEVENT_SIGNAL_PROBLEM
123 /* cannot log, verbose here because locks may be held */
124 /* quit on signal, no cleanup and statistics,
125 because installed libevent version is not threadsafe */
126 exit(0);
127 #endif
128 switch(sig)
129 {
130 case SIGTERM:
131 #ifdef SIGQUIT
132 case SIGQUIT:
133 #endif
134 #ifdef SIGBREAK
135 case SIGBREAK:
136 #endif
137 case SIGINT:
138 sig_record_quit++;
139 break;
140 #ifdef SIGHUP
141 case SIGHUP:
142 sig_record_reload++;
143 break;
144 #endif
145 #ifdef SIGPIPE
146 case SIGPIPE:
147 break;
148 #endif
149 default:
150 /* ignoring signal */
151 break;
152 }
153 }
154
155 /**
156 * Signal handling during the time when netevent is disabled.
157 * Stores signals to replay later.
158 */
159 static void
signal_handling_record(void)160 signal_handling_record(void)
161 {
162 if( signal(SIGTERM, record_sigh) == SIG_ERR ||
163 #ifdef SIGQUIT
164 signal(SIGQUIT, record_sigh) == SIG_ERR ||
165 #endif
166 #ifdef SIGBREAK
167 signal(SIGBREAK, record_sigh) == SIG_ERR ||
168 #endif
169 #ifdef SIGHUP
170 signal(SIGHUP, record_sigh) == SIG_ERR ||
171 #endif
172 #ifdef SIGPIPE
173 signal(SIGPIPE, SIG_IGN) == SIG_ERR ||
174 #endif
175 signal(SIGINT, record_sigh) == SIG_ERR
176 )
177 log_err("install sighandler: %s", strerror(errno));
178 }
179
180 /**
181 * Replay old signals.
182 * @param wrk: worker that handles signals.
183 */
184 static void
signal_handling_playback(struct worker * wrk)185 signal_handling_playback(struct worker* wrk)
186 {
187 #ifdef SIGHUP
188 if(sig_record_reload)
189 worker_sighandler(SIGHUP, wrk);
190 #endif
191 if(sig_record_quit)
192 worker_sighandler(SIGTERM, wrk);
193 sig_record_quit = 0;
194 sig_record_reload = 0;
195 }
196
197 struct daemon*
daemon_init(void)198 daemon_init(void)
199 {
200 struct daemon* daemon = (struct daemon*)calloc(1,
201 sizeof(struct daemon));
202 #ifdef USE_WINSOCK
203 int r;
204 WSADATA wsa_data;
205 #endif
206 if(!daemon)
207 return NULL;
208 #ifdef USE_WINSOCK
209 r = WSAStartup(MAKEWORD(2,2), &wsa_data);
210 if(r != 0) {
211 fatal_exit("could not init winsock. WSAStartup: %s",
212 wsa_strerror(r));
213 }
214 #endif /* USE_WINSOCK */
215 signal_handling_record();
216 #ifdef HAVE_SSL
217 # ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
218 ERR_load_crypto_strings();
219 # endif
220 #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
221 ERR_load_SSL_strings();
222 #endif
223 # ifdef USE_GOST
224 (void)sldns_key_EVP_load_gost_id();
225 # endif
226 # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO)
227 # ifndef S_SPLINT_S
228 OpenSSL_add_all_algorithms();
229 # endif
230 # else
231 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
232 | OPENSSL_INIT_ADD_ALL_DIGESTS
233 | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
234 # endif
235 # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
236 /* grab the COMP method ptr because openssl leaks it */
237 comp_meth = (void*)SSL_COMP_get_compression_methods();
238 # endif
239 # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
240 (void)SSL_library_init();
241 # else
242 (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
243 # endif
244 # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
245 if(!ub_openssl_lock_init())
246 fatal_exit("could not init openssl locks");
247 # endif
248 #elif defined(HAVE_NSS)
249 if(NSS_NoDB_Init(NULL) != SECSuccess)
250 fatal_exit("could not init NSS");
251 #endif /* HAVE_SSL or HAVE_NSS */
252 #ifdef HAVE_TZSET
253 /* init timezone info while we are not chrooted yet */
254 tzset();
255 #endif
256 daemon->need_to_exit = 0;
257 modstack_init(&daemon->mods);
258 if(!(daemon->env = (struct module_env*)calloc(1,
259 sizeof(*daemon->env)))) {
260 free(daemon);
261 return NULL;
262 }
263 /* init edns_known_options */
264 if(!edns_known_options_init(daemon->env)) {
265 free(daemon->env);
266 free(daemon);
267 return NULL;
268 }
269 alloc_init(&daemon->superalloc, NULL, 0);
270 daemon->acl = acl_list_create();
271 if(!daemon->acl) {
272 edns_known_options_delete(daemon->env);
273 free(daemon->env);
274 free(daemon);
275 return NULL;
276 }
277 daemon->acl_interface = acl_list_create();
278 if(!daemon->acl_interface) {
279 acl_list_delete(daemon->acl);
280 edns_known_options_delete(daemon->env);
281 free(daemon->env);
282 free(daemon);
283 return NULL;
284 }
285 daemon->tcl = tcl_list_create();
286 if(!daemon->tcl) {
287 acl_list_delete(daemon->acl_interface);
288 acl_list_delete(daemon->acl);
289 edns_known_options_delete(daemon->env);
290 free(daemon->env);
291 free(daemon);
292 return NULL;
293 }
294 listen_setup_locks();
295 if(gettimeofday(&daemon->time_boot, NULL) < 0)
296 log_err("gettimeofday: %s", strerror(errno));
297 daemon->time_last_stat = daemon->time_boot;
298 if((daemon->env->auth_zones = auth_zones_create()) == 0) {
299 acl_list_delete(daemon->acl_interface);
300 acl_list_delete(daemon->acl);
301 tcl_list_delete(daemon->tcl);
302 edns_known_options_delete(daemon->env);
303 free(daemon->env);
304 free(daemon);
305 return NULL;
306 }
307 if(!(daemon->env->edns_strings = edns_strings_create())) {
308 auth_zones_delete(daemon->env->auth_zones);
309 acl_list_delete(daemon->acl_interface);
310 acl_list_delete(daemon->acl);
311 tcl_list_delete(daemon->tcl);
312 edns_known_options_delete(daemon->env);
313 free(daemon->env);
314 free(daemon);
315 return NULL;
316 }
317 return daemon;
318 }
319
setup_acl_for_ports(struct acl_list * list,struct listen_port * port_list)320 static int setup_acl_for_ports(struct acl_list* list,
321 struct listen_port* port_list)
322 {
323 struct acl_addr* acl_node;
324 struct addrinfo* addr;
325 for(; port_list; port_list=port_list->next) {
326 if(!port_list->socket) {
327 /* This is mainly for testbound where port_list is
328 * empty. */
329 continue;
330 }
331 addr = port_list->socket->addr;
332 if(!(acl_node = acl_interface_insert(list,
333 (struct sockaddr_storage*)addr->ai_addr,
334 (socklen_t)addr->ai_addrlen,
335 acl_refuse))) {
336 return 0;
337 }
338 port_list->socket->acl = acl_node;
339 }
340 return 1;
341 }
342
343 int
daemon_open_shared_ports(struct daemon * daemon)344 daemon_open_shared_ports(struct daemon* daemon)
345 {
346 log_assert(daemon);
347 if(daemon->cfg->port != daemon->listening_port) {
348 char** resif = NULL;
349 int num_resif = 0;
350 size_t i;
351 struct listen_port* p0;
352 daemon->reuseport = 0;
353 /* free and close old ports */
354 if(daemon->ports != NULL) {
355 for(i=0; i<daemon->num_ports; i++)
356 listening_ports_free(daemon->ports[i]);
357 free(daemon->ports);
358 daemon->ports = NULL;
359 }
360 /* clean acl_interface */
361 acl_interface_init(daemon->acl_interface);
362 if(!resolve_interface_names(daemon->cfg->ifs,
363 daemon->cfg->num_ifs, NULL, &resif, &num_resif))
364 return 0;
365 /* see if we want to reuseport */
366 #ifdef SO_REUSEPORT
367 if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0)
368 daemon->reuseport = 1;
369 #endif
370 /* try to use reuseport */
371 p0 = listening_ports_open(daemon->cfg, resif, num_resif,
372 &daemon->reuseport);
373 if(!p0) {
374 listening_ports_free(p0);
375 config_del_strarray(resif, num_resif);
376 return 0;
377 }
378 if(daemon->reuseport) {
379 /* reuseport was successful, allocate for it */
380 daemon->num_ports = (size_t)daemon->cfg->num_threads;
381 } else {
382 /* do the normal, singleportslist thing,
383 * reuseport not enabled or did not work */
384 daemon->num_ports = 1;
385 }
386 if(!(daemon->ports = (struct listen_port**)calloc(
387 daemon->num_ports, sizeof(*daemon->ports)))) {
388 listening_ports_free(p0);
389 config_del_strarray(resif, num_resif);
390 return 0;
391 }
392 daemon->ports[0] = p0;
393 if(!setup_acl_for_ports(daemon->acl_interface,
394 daemon->ports[0])) {
395 listening_ports_free(p0);
396 config_del_strarray(resif, num_resif);
397 return 0;
398 }
399 if(daemon->reuseport) {
400 /* continue to use reuseport */
401 for(i=1; i<daemon->num_ports; i++) {
402 if(!(daemon->ports[i]=
403 listening_ports_open(daemon->cfg,
404 resif, num_resif,
405 &daemon->reuseport))
406 || !daemon->reuseport ) {
407 for(i=0; i<daemon->num_ports; i++)
408 listening_ports_free(daemon->ports[i]);
409 free(daemon->ports);
410 daemon->ports = NULL;
411 config_del_strarray(resif, num_resif);
412 return 0;
413 }
414 if(!setup_acl_for_ports(daemon->acl_interface,
415 daemon->ports[i])) {
416 for(i=0; i<daemon->num_ports; i++)
417 listening_ports_free(daemon->ports[i]);
418 free(daemon->ports);
419 daemon->ports = NULL;
420 config_del_strarray(resif, num_resif);
421 return 0;
422 }
423 }
424 }
425 config_del_strarray(resif, num_resif);
426 daemon->listening_port = daemon->cfg->port;
427 }
428 if(!daemon->cfg->remote_control_enable && daemon->rc_port) {
429 listening_ports_free(daemon->rc_ports);
430 daemon->rc_ports = NULL;
431 daemon->rc_port = 0;
432 }
433 if(daemon->cfg->remote_control_enable &&
434 daemon->cfg->control_port != daemon->rc_port) {
435 listening_ports_free(daemon->rc_ports);
436 if(!(daemon->rc_ports=daemon_remote_open_ports(daemon->cfg)))
437 return 0;
438 daemon->rc_port = daemon->cfg->control_port;
439 }
440 return 1;
441 }
442
443 /**
444 * Setup modules. setup module stack.
445 * @param daemon: the daemon
446 */
daemon_setup_modules(struct daemon * daemon)447 static void daemon_setup_modules(struct daemon* daemon)
448 {
449 daemon->env->cfg = daemon->cfg;
450 daemon->env->alloc = &daemon->superalloc;
451 daemon->env->worker = NULL;
452 daemon->env->need_to_validate = 0; /* set by module init below */
453 if(!modstack_setup(&daemon->mods, daemon->cfg->module_conf,
454 daemon->env)) {
455 fatal_exit("failed to setup modules");
456 }
457 log_edns_known_options(VERB_ALGO, daemon->env);
458 }
459
460 /**
461 * Obtain allowed port numbers, concatenate the list, and shuffle them
462 * (ready to be handed out to threads).
463 * @param daemon: the daemon. Uses rand and cfg.
464 * @param shufport: the portlist output.
465 * @return number of ports available.
466 */
daemon_get_shufport(struct daemon * daemon,int * shufport)467 static int daemon_get_shufport(struct daemon* daemon, int* shufport)
468 {
469 int i, n, k, temp;
470 int avail = 0;
471 for(i=0; i<65536; i++) {
472 if(daemon->cfg->outgoing_avail_ports[i]) {
473 shufport[avail++] = daemon->cfg->
474 outgoing_avail_ports[i];
475 }
476 }
477 if(avail == 0)
478 fatal_exit("no ports are permitted for UDP, add "
479 "with outgoing-port-permit");
480 /* Knuth shuffle */
481 n = avail;
482 while(--n > 0) {
483 k = ub_random_max(daemon->rand, n+1); /* 0<= k<= n */
484 temp = shufport[k];
485 shufport[k] = shufport[n];
486 shufport[n] = temp;
487 }
488 return avail;
489 }
490
491 /**
492 * Clear and delete per-worker alloc caches, and free memory maintained in
493 * superalloc.
494 * The rrset and message caches must be empty at the time of call.
495 * @param daemon: the daemon that maintains the alloc caches to be cleared.
496 */
497 static void
daemon_clear_allocs(struct daemon * daemon)498 daemon_clear_allocs(struct daemon* daemon)
499 {
500 int i;
501
502 for(i=0; i<daemon->num; i++) {
503 alloc_clear(daemon->worker_allocs[i]);
504 free(daemon->worker_allocs[i]);
505 }
506 free(daemon->worker_allocs);
507 daemon->worker_allocs = NULL;
508
509 alloc_clear_special(&daemon->superalloc);
510 }
511
512 /**
513 * Allocate empty worker structures. With backptr and thread-number,
514 * from 0..numthread initialised. Used as user arguments to new threads.
515 * Creates the daemon random generator if it does not exist yet.
516 * The random generator stays existing between reloads with a unique state.
517 * @param daemon: the daemon with (new) config settings.
518 */
519 static void
daemon_create_workers(struct daemon * daemon)520 daemon_create_workers(struct daemon* daemon)
521 {
522 int i, numport;
523 int* shufport;
524 log_assert(daemon && daemon->cfg);
525 if(!daemon->rand) {
526 daemon->rand = ub_initstate(NULL);
527 if(!daemon->rand)
528 fatal_exit("could not init random generator");
529 hash_set_raninit((uint32_t)ub_random(daemon->rand));
530 }
531 shufport = (int*)calloc(65536, sizeof(int));
532 if(!shufport)
533 fatal_exit("out of memory during daemon init");
534 numport = daemon_get_shufport(daemon, shufport);
535 verbose(VERB_ALGO, "total of %d outgoing ports available", numport);
536
537 daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1);
538 if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) {
539 log_warn("cannot reduce num-threads to %d because so-reuseport "
540 "so continuing with %d threads.", (int)daemon->num,
541 (int)daemon->num_ports);
542 daemon->num = (int)daemon->num_ports;
543 }
544 daemon->workers = (struct worker**)calloc((size_t)daemon->num,
545 sizeof(struct worker*));
546 if(!daemon->workers)
547 fatal_exit("out of memory during daemon init");
548 if(daemon->cfg->dnstap) {
549 #ifdef USE_DNSTAP
550 daemon->dtenv = dt_create(daemon->cfg);
551 if (!daemon->dtenv)
552 fatal_exit("dt_create failed");
553 #else
554 fatal_exit("dnstap enabled in config but not built with dnstap support");
555 #endif
556 }
557 for(i=0; i<daemon->num; i++) {
558 if(!(daemon->workers[i] = worker_create(daemon, i,
559 shufport+numport*i/daemon->num,
560 numport*(i+1)/daemon->num - numport*i/daemon->num)))
561 /* the above is not ports/numthr, due to rounding */
562 fatal_exit("could not create worker");
563 }
564 /* create per-worker alloc caches if not reusing existing ones. */
565 if(!daemon->worker_allocs) {
566 daemon->worker_allocs = (struct alloc_cache**)calloc(
567 (size_t)daemon->num, sizeof(struct alloc_cache*));
568 if(!daemon->worker_allocs)
569 fatal_exit("could not allocate worker allocs");
570 for(i=0; i<daemon->num; i++) {
571 struct alloc_cache* alloc = calloc(1,
572 sizeof(struct alloc_cache));
573 if (!alloc)
574 fatal_exit("could not allocate worker alloc");
575 alloc_init(alloc, &daemon->superalloc, i);
576 daemon->worker_allocs[i] = alloc;
577 }
578 }
579 free(shufport);
580 }
581
582 #ifdef THREADS_DISABLED
583 /**
584 * Close all pipes except for the numbered thread.
585 * @param daemon: daemon to close pipes in.
586 * @param thr: thread number 0..num-1 of thread to skip.
587 */
close_other_pipes(struct daemon * daemon,int thr)588 static void close_other_pipes(struct daemon* daemon, int thr)
589 {
590 int i;
591 for(i=0; i<daemon->num; i++)
592 if(i!=thr) {
593 if(i==0) {
594 /* only close read part, need to write stats */
595 tube_close_read(daemon->workers[i]->cmd);
596 } else {
597 /* complete close channel to others */
598 tube_delete(daemon->workers[i]->cmd);
599 daemon->workers[i]->cmd = NULL;
600 }
601 }
602 }
603 #endif /* THREADS_DISABLED */
604
605 /**
606 * Function to start one thread.
607 * @param arg: user argument.
608 * @return: void* user return value could be used for thread_join results.
609 */
610 static void*
thread_start(void * arg)611 thread_start(void* arg)
612 {
613 struct worker* worker = (struct worker*)arg;
614 int port_num = 0;
615 log_thread_set(&worker->thread_num);
616 ub_thread_blocksigs();
617 #ifdef THREADS_DISABLED
618 /* close pipe ends used by main */
619 tube_close_write(worker->cmd);
620 close_other_pipes(worker->daemon, worker->thread_num);
621 #endif
622 #ifdef SO_REUSEPORT
623 if(worker->daemon->cfg->so_reuseport)
624 port_num = worker->thread_num % worker->daemon->num_ports;
625 else
626 port_num = 0;
627 #endif
628 if(!worker_init(worker, worker->daemon->cfg,
629 worker->daemon->ports[port_num], 0))
630 fatal_exit("Could not initialize thread");
631
632 worker_work(worker);
633 return NULL;
634 }
635
636 /**
637 * Fork and init the other threads. Main thread returns for special handling.
638 * @param daemon: the daemon with other threads to fork.
639 */
640 static void
daemon_start_others(struct daemon * daemon)641 daemon_start_others(struct daemon* daemon)
642 {
643 int i;
644 log_assert(daemon);
645 verbose(VERB_ALGO, "start threads");
646 /* skip i=0, is this thread */
647 for(i=1; i<daemon->num; i++) {
648 ub_thread_create(&daemon->workers[i]->thr_id,
649 thread_start, daemon->workers[i]);
650 #ifdef THREADS_DISABLED
651 /* close pipe end of child */
652 tube_close_read(daemon->workers[i]->cmd);
653 #endif /* no threads */
654 }
655 }
656
657 /**
658 * Stop the other threads.
659 * @param daemon: the daemon with other threads.
660 */
661 static void
daemon_stop_others(struct daemon * daemon)662 daemon_stop_others(struct daemon* daemon)
663 {
664 int i;
665 log_assert(daemon);
666 verbose(VERB_ALGO, "stop threads");
667 /* skip i=0, is this thread */
668 /* use i=0 buffer for sending cmds; because we are #0 */
669 for(i=1; i<daemon->num; i++) {
670 worker_send_cmd(daemon->workers[i], worker_cmd_quit);
671 }
672 /* wait for them to quit */
673 for(i=1; i<daemon->num; i++) {
674 /* join it to make sure its dead */
675 verbose(VERB_ALGO, "join %d", i);
676 ub_thread_join(daemon->workers[i]->thr_id);
677 verbose(VERB_ALGO, "join success %d", i);
678 }
679 }
680
681 void
daemon_fork(struct daemon * daemon)682 daemon_fork(struct daemon* daemon)
683 {
684 int have_view_respip_cfg = 0;
685 #ifdef HAVE_SYSTEMD
686 int ret;
687 #endif
688
689 log_assert(daemon);
690 if(!(daemon->views = views_create()))
691 fatal_exit("Could not create views: out of memory");
692 /* create individual views and their localzone/data trees */
693 if(!views_apply_cfg(daemon->views, daemon->cfg))
694 fatal_exit("Could not set up views");
695
696 if(!acl_list_apply_cfg(daemon->acl, daemon->cfg, daemon->views))
697 fatal_exit("Could not setup access control list");
698 if(!acl_interface_apply_cfg(daemon->acl_interface, daemon->cfg,
699 daemon->views))
700 fatal_exit("Could not setup interface control list");
701 if(!tcl_list_apply_cfg(daemon->tcl, daemon->cfg))
702 fatal_exit("Could not setup TCP connection limits");
703 if(daemon->cfg->dnscrypt) {
704 #ifdef USE_DNSCRYPT
705 daemon->dnscenv = dnsc_create();
706 if (!daemon->dnscenv)
707 fatal_exit("dnsc_create failed");
708 dnsc_apply_cfg(daemon->dnscenv, daemon->cfg);
709 #else
710 fatal_exit("dnscrypt enabled in config but unbound was not built with "
711 "dnscrypt support");
712 #endif
713 }
714 /* create global local_zones */
715 if(!(daemon->local_zones = local_zones_create()))
716 fatal_exit("Could not create local zones: out of memory");
717 if(!local_zones_apply_cfg(daemon->local_zones, daemon->cfg))
718 fatal_exit("Could not set up local zones");
719
720 /* process raw response-ip configuration data */
721 if(!(daemon->respip_set = respip_set_create()))
722 fatal_exit("Could not create response IP set");
723 if(!respip_global_apply_cfg(daemon->respip_set, daemon->cfg))
724 fatal_exit("Could not set up response IP set");
725 if(!respip_views_apply_cfg(daemon->views, daemon->cfg,
726 &have_view_respip_cfg))
727 fatal_exit("Could not set up per-view response IP sets");
728 daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) ||
729 have_view_respip_cfg;
730
731 /* setup modules */
732 daemon_setup_modules(daemon);
733
734 /* read auth zonefiles */
735 if(!auth_zones_apply_cfg(daemon->env->auth_zones, daemon->cfg, 1,
736 &daemon->use_rpz, daemon->env, &daemon->mods))
737 fatal_exit("auth_zones could not be setup");
738
739 /* Set-up EDNS strings */
740 if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg))
741 fatal_exit("Could not set up EDNS strings");
742
743 /* response-ip-xxx options don't work as expected without the respip
744 * module. To avoid run-time operational surprise we reject such
745 * configuration. */
746 if(daemon->use_response_ip &&
747 modstack_find(&daemon->mods, "respip") < 0)
748 fatal_exit("response-ip options require respip module");
749 /* RPZ response ip triggers don't work as expected without the respip
750 * module. To avoid run-time operational surprise we reject such
751 * configuration. */
752 if(daemon->use_rpz &&
753 modstack_find(&daemon->mods, "respip") < 0)
754 fatal_exit("RPZ requires the respip module");
755
756 /* first create all the worker structures, so we can pass
757 * them to the newly created threads.
758 */
759 daemon_create_workers(daemon);
760
761 #if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)
762 /* in libev the first inited base gets signals */
763 if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1))
764 fatal_exit("Could not initialize main thread");
765 #endif
766
767 /* Now create the threads and init the workers.
768 * By the way, this is thread #0 (the main thread).
769 */
770 daemon_start_others(daemon);
771
772 /* Special handling for the main thread. This is the thread
773 * that handles signals and remote control.
774 */
775 #if !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP))
776 /* libevent has the last inited base get signals (or any base) */
777 if(!worker_init(daemon->workers[0], daemon->cfg, daemon->ports[0], 1))
778 fatal_exit("Could not initialize main thread");
779 #endif
780 signal_handling_playback(daemon->workers[0]);
781
782 if (!shm_main_init(daemon))
783 log_warn("SHM has failed");
784
785 /* Start resolver service on main thread. */
786 #ifdef HAVE_SYSTEMD
787 ret = sd_notify(0, "READY=1");
788 if(ret <= 0 && getenv("NOTIFY_SOCKET"))
789 fatal_exit("sd_notify failed %s: %s. Make sure that unbound has "
790 "access/permission to use the socket presented by systemd.",
791 getenv("NOTIFY_SOCKET"),
792 (ret==0?"no $NOTIFY_SOCKET": strerror(-ret)));
793 #endif
794 log_info("start of service (%s).", PACKAGE_STRING);
795 worker_work(daemon->workers[0]);
796 #ifdef HAVE_SYSTEMD
797 if (daemon->workers[0]->need_to_exit)
798 sd_notify(0, "STOPPING=1");
799 else
800 sd_notify(0, "RELOADING=1");
801 #endif
802 log_info("service stopped (%s).", PACKAGE_STRING);
803
804 /* we exited! a signal happened! Stop other threads */
805 daemon_stop_others(daemon);
806
807 /* Shutdown SHM */
808 shm_main_shutdown(daemon);
809
810 daemon->reuse_cache = daemon->workers[0]->reuse_cache;
811 daemon->need_to_exit = daemon->workers[0]->need_to_exit;
812 }
813
814 void
daemon_cleanup(struct daemon * daemon)815 daemon_cleanup(struct daemon* daemon)
816 {
817 int i;
818 log_assert(daemon);
819 /* before stopping main worker, handle signals ourselves, so we
820 don't die on multiple reload signals for example. */
821 signal_handling_record();
822 log_thread_set(NULL);
823 /* clean up caches because
824 * a) RRset IDs will be recycled after a reload, causing collisions
825 * b) validation config can change, thus rrset, msg, keycache clear
826 *
827 * If we are trying to keep the cache as long as possible, we should
828 * defer the cleanup until we know whether the new configuration allows
829 * the reuse. (If we're exiting, cleanup should be done here). */
830 if(!daemon->reuse_cache || daemon->need_to_exit) {
831 slabhash_clear(&daemon->env->rrset_cache->table);
832 slabhash_clear(daemon->env->msg_cache);
833 }
834 daemon->old_num = daemon->num; /* save the current num */
835 local_zones_delete(daemon->local_zones);
836 daemon->local_zones = NULL;
837 respip_set_delete(daemon->respip_set);
838 daemon->respip_set = NULL;
839 views_delete(daemon->views);
840 daemon->views = NULL;
841 if(daemon->env->auth_zones)
842 auth_zones_cleanup(daemon->env->auth_zones);
843 /* key cache is cleared by module desetup during next daemon_fork() */
844 daemon_remote_clear(daemon->rc);
845 for(i=0; i<daemon->num; i++)
846 worker_delete(daemon->workers[i]);
847 free(daemon->workers);
848 daemon->workers = NULL;
849 /* Unless we're trying to keep the cache, worker alloc_caches should be
850 * cleared and freed here. We do this after deleting workers to
851 * guarantee that the alloc caches are valid throughout the lifetime
852 * of workers. */
853 if(!daemon->reuse_cache || daemon->need_to_exit)
854 daemon_clear_allocs(daemon);
855 daemon->num = 0;
856 #ifdef USE_DNSTAP
857 dt_delete(daemon->dtenv);
858 daemon->dtenv = NULL;
859 #endif
860 #ifdef USE_DNSCRYPT
861 dnsc_delete(daemon->dnscenv);
862 daemon->dnscenv = NULL;
863 #endif
864 daemon->cfg = NULL;
865 }
866
867 void
daemon_delete(struct daemon * daemon)868 daemon_delete(struct daemon* daemon)
869 {
870 size_t i;
871 if(!daemon)
872 return;
873 modstack_desetup(&daemon->mods, daemon->env);
874 daemon_remote_delete(daemon->rc);
875 for(i = 0; i < daemon->num_ports; i++)
876 listening_ports_free(daemon->ports[i]);
877 free(daemon->ports);
878 listening_ports_free(daemon->rc_ports);
879 if(daemon->env) {
880 slabhash_delete(daemon->env->msg_cache);
881 rrset_cache_delete(daemon->env->rrset_cache);
882 infra_delete(daemon->env->infra_cache);
883 edns_known_options_delete(daemon->env);
884 edns_strings_delete(daemon->env->edns_strings);
885 auth_zones_delete(daemon->env->auth_zones);
886 }
887 ub_randfree(daemon->rand);
888 alloc_clear(&daemon->superalloc);
889 acl_list_delete(daemon->acl);
890 acl_list_delete(daemon->acl_interface);
891 tcl_list_delete(daemon->tcl);
892 listen_desetup_locks();
893 free(daemon->chroot);
894 free(daemon->pidfile);
895 free(daemon->env);
896 #ifdef HAVE_SSL
897 listen_sslctx_delete_ticket_keys();
898 SSL_CTX_free((SSL_CTX*)daemon->listen_sslctx);
899 SSL_CTX_free((SSL_CTX*)daemon->connect_sslctx);
900 #endif
901 free(daemon);
902 /* lex cleanup */
903 ub_c_lex_destroy();
904 /* libcrypto cleanup */
905 #ifdef HAVE_SSL
906 # if defined(USE_GOST)
907 sldns_key_EVP_unload_gost();
908 # endif
909 # if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE
910 # ifndef S_SPLINT_S
911 # if OPENSSL_VERSION_NUMBER < 0x10100000
912 sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free);
913 # endif
914 # endif
915 # endif
916 # ifdef HAVE_OPENSSL_CONFIG
917 EVP_cleanup();
918 # if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) && defined(HAVE_ENGINE_CLEANUP)
919 ENGINE_cleanup();
920 # endif
921 CONF_modules_free();
922 # endif
923 # ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
924 CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */
925 # endif
926 # ifdef HAVE_ERR_FREE_STRINGS
927 ERR_free_strings();
928 # endif
929 # if OPENSSL_VERSION_NUMBER < 0x10100000
930 RAND_cleanup();
931 # endif
932 # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
933 ub_openssl_lock_delete();
934 # endif
935 #ifndef HAVE_ARC4RANDOM
936 _ARC4_LOCK_DESTROY();
937 #endif
938 #elif defined(HAVE_NSS)
939 NSS_Shutdown();
940 #endif /* HAVE_SSL or HAVE_NSS */
941 checklock_stop();
942 #ifdef USE_WINSOCK
943 if(WSACleanup() != 0) {
944 log_err("Could not WSACleanup: %s",
945 wsa_strerror(WSAGetLastError()));
946 }
947 #endif
948 }
949
daemon_apply_cfg(struct daemon * daemon,struct config_file * cfg)950 void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg)
951 {
952 int new_num = cfg->num_threads?cfg->num_threads:1;
953
954 daemon->cfg = cfg;
955 config_apply(cfg);
956
957 /* If this is a reload and we deferred the decision on whether to
958 * reuse the alloc, RRset, and message caches, then check to see if
959 * it's safe to keep the caches:
960 * - changing the number of threads is obviously incompatible with
961 * keeping the per-thread alloc caches. It also means we have to
962 * clear RRset and message caches. (note that 'new_num' may be
963 * adjusted in daemon_create_workers, but for our purpose we can
964 * simply compare it with 'old_num'; if they are equal here,
965 * 'new_num' won't be adjusted to a different value than 'old_num').
966 * - changing RRset cache size effectively clears any remaining cache
967 * entries. We could keep their keys in alloc caches, but it would
968 * be more consistent with the sense of the change to clear allocs
969 * and free memory. To do so we also have to clear message cache.
970 * - only changing message cache size does not necessarily affect
971 * RRset or alloc cache. But almost all new subsequent queries will
972 * require recursive resolution anyway, so it doesn't help much to
973 * just keep RRset and alloc caches. For simplicity we clear/free
974 * the other two, too. */
975 if(daemon->worker_allocs &&
976 (new_num != daemon->old_num ||
977 !slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
978 cfg->msg_cache_slabs) ||
979 !slabhash_is_size(&daemon->env->rrset_cache->table,
980 cfg->rrset_cache_size, cfg->rrset_cache_slabs)))
981 {
982 log_warn("cannot reuse caches due to critical config change");
983 slabhash_clear(&daemon->env->rrset_cache->table);
984 slabhash_clear(daemon->env->msg_cache);
985 daemon_clear_allocs(daemon);
986 }
987
988 if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
989 cfg->msg_cache_slabs)) {
990 slabhash_delete(daemon->env->msg_cache);
991 daemon->env->msg_cache = slabhash_create(cfg->msg_cache_slabs,
992 HASH_DEFAULT_STARTARRAY, cfg->msg_cache_size,
993 msgreply_sizefunc, query_info_compare,
994 query_entry_delete, reply_info_delete, NULL);
995 if(!daemon->env->msg_cache) {
996 fatal_exit("malloc failure updating config settings");
997 }
998 }
999 if((daemon->env->rrset_cache = rrset_cache_adjust(
1000 daemon->env->rrset_cache, cfg, &daemon->superalloc)) == 0)
1001 fatal_exit("malloc failure updating config settings");
1002 if((daemon->env->infra_cache = infra_adjust(daemon->env->infra_cache,
1003 cfg))==0)
1004 fatal_exit("malloc failure updating config settings");
1005 }
1006