1 /* 2 * options.h -- nsd.conf options definitions and prototypes 3 * 4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 * 8 */ 9 10 #ifndef OPTIONS_H 11 #define OPTIONS_H 12 13 #include "config.h" 14 #include <stdarg.h> 15 #include "region-allocator.h" 16 #include "rbtree.h" 17 struct query; 18 struct dname; 19 struct tsig_key; 20 struct buffer; 21 struct nsd; 22 23 typedef struct nsd_options nsd_options_type; 24 typedef struct pattern_options pattern_options_type; 25 typedef struct zone_options zone_options_type; 26 typedef struct ip_address_option ip_address_option_type; 27 typedef struct acl_options acl_options_type; 28 typedef struct key_options key_options_type; 29 typedef struct config_parser_state config_parser_state_type; 30 /* 31 * Options global for nsd. 32 */ 33 struct nsd_options { 34 /* config file name */ 35 char* configfile; 36 /* options for zones, by apex, contains zone_options */ 37 rbtree_type* zone_options; 38 /* patterns, by name, contains pattern_options */ 39 rbtree_type* patterns; 40 41 /* free space in zonelist file, contains zonelist_bucket */ 42 rbtree_type* zonefree; 43 /* number of free space lines in zonelist file */ 44 size_t zonefree_number; 45 /* zonelist file if open */ 46 FILE* zonelist; 47 /* last offset in file (or 0 if none) */ 48 off_t zonelist_off; 49 50 /* tree of zonestat names and their id values, entries are struct 51 * zonestatname with malloced key=stringname. The number of items 52 * is the max statnameid, no items are freed from this. 53 * kept correct in the xfrd process, and on startup. */ 54 rbtree_type* zonestatnames; 55 56 /* rbtree of keys defined, by name */ 57 rbtree_type* keys; 58 59 /* list of ip addresses to bind to (or NULL for all) */ 60 struct ip_address_option* ip_addresses; 61 62 int ip_transparent; 63 int ip_freebind; 64 int send_buffer_size; 65 int receive_buffer_size; 66 int debug_mode; 67 int verbosity; 68 int hide_version; 69 int hide_identity; 70 int do_ip4; 71 int do_ip6; 72 const char* database; 73 const char* identity; 74 const char* version; 75 const char* logfile; 76 int server_count; 77 int tcp_count; 78 int tcp_reject_overflow; 79 int confine_to_zone; 80 int tcp_query_count; 81 int tcp_timeout; 82 int tcp_mss; 83 int outgoing_tcp_mss; 84 size_t ipv4_edns_size; 85 size_t ipv6_edns_size; 86 const char* pidfile; 87 const char* port; 88 int statistics; 89 const char* chroot; 90 const char* username; 91 const char* zonesdir; 92 const char* xfrdfile; 93 const char* xfrdir; 94 const char* zonelistfile; 95 const char* nsid; 96 int xfrd_reload_timeout; 97 int zonefiles_check; 98 int zonefiles_write; 99 int log_time_ascii; 100 int round_robin; 101 int minimal_responses; 102 int refuse_any; 103 int reuseport; 104 105 /* private key file for TLS */ 106 char* tls_service_key; 107 /* ocsp stapling file for TLS */ 108 char* tls_service_ocsp; 109 /* certificate file for TLS */ 110 char* tls_service_pem; 111 /* TLS dedicated port */ 112 const char* tls_port; 113 114 /** remote control section. enable toggle. */ 115 int control_enable; 116 /** the interfaces the remote control should listen on */ 117 struct ip_address_option* control_interface; 118 /** port number for the control port */ 119 int control_port; 120 /** private key file for server */ 121 char* server_key_file; 122 /** certificate file for server */ 123 char* server_cert_file; 124 /** private key file for nsd-control */ 125 char* control_key_file; 126 /** certificate file for nsd-control */ 127 char* control_cert_file; 128 129 #ifdef RATELIMIT 130 /** number of buckets in rrl hashtable */ 131 size_t rrl_size; 132 /** max qps for queries, 0 is nolimit */ 133 size_t rrl_ratelimit; 134 /** ratio of slipped responses, 0 is noslip */ 135 size_t rrl_slip; 136 /** ip prefix length */ 137 size_t rrl_ipv4_prefix_length; 138 size_t rrl_ipv6_prefix_length; 139 /** max qps for whitelisted queries, 0 is nolimit */ 140 size_t rrl_whitelist_ratelimit; 141 #endif 142 /** if dnstap is enabled */ 143 int dnstap_enable; 144 /** dnstap socket path */ 145 char* dnstap_socket_path; 146 /** true to send "identity" via dnstap */ 147 int dnstap_send_identity; 148 /** true to send "version" via dnstap */ 149 int dnstap_send_version; 150 /** dnstap "identity", hostname is used if "". */ 151 char* dnstap_identity; 152 /** dnstap "version", package version is used if "". */ 153 char* dnstap_version; 154 /** true to log dnstap AUTH_QUERY message events */ 155 int dnstap_log_auth_query_messages; 156 /** true to log dnstap AUTH_RESPONSE message events */ 157 int dnstap_log_auth_response_messages; 158 159 region_type* region; 160 }; 161 162 struct ip_address_option { 163 struct ip_address_option* next; 164 char* address; 165 }; 166 167 /* 168 * Pattern of zone options, used to contain options for zone(s). 169 */ 170 struct pattern_options { 171 rbnode_type node; 172 const char* pname; /* name of the pattern, key of rbtree */ 173 const char* zonefile; 174 struct acl_options* allow_notify; 175 struct acl_options* request_xfr; 176 struct acl_options* notify; 177 struct acl_options* provide_xfr; 178 struct acl_options* outgoing_interface; 179 const char* zonestats; 180 #ifdef RATELIMIT 181 uint16_t rrl_whitelist; /* bitmap with rrl types */ 182 #endif 183 uint8_t allow_axfr_fallback; 184 uint8_t allow_axfr_fallback_is_default; 185 uint8_t notify_retry; 186 uint8_t notify_retry_is_default; 187 uint8_t implicit; /* pattern is implicit, part_of_config zone used */ 188 uint8_t xfrd_flags; 189 uint32_t max_refresh_time; 190 uint8_t max_refresh_time_is_default; 191 uint32_t min_refresh_time; 192 uint8_t min_refresh_time_is_default; 193 uint32_t max_retry_time; 194 uint8_t max_retry_time_is_default; 195 uint32_t min_retry_time; 196 uint8_t min_retry_time_is_default; 197 uint64_t size_limit_xfr; 198 uint8_t multi_master_check; 199 } ATTR_PACKED; 200 201 #define PATTERN_IMPLICIT_MARKER "_implicit_" 202 203 /* 204 * Options for a zone 205 */ 206 struct zone_options { 207 /* key is dname of apex */ 208 rbnode_type node; 209 210 /* is apex of the zone */ 211 const char* name; 212 /* if not part of config, the offset and linesize of zonelist entry */ 213 off_t off; 214 int linesize; 215 /* pattern for the zone options, if zone is part_of_config, this is 216 * a anonymous pattern created in-place */ 217 struct pattern_options* pattern; 218 /* zone is fixed into the main config, not in zonelist, cannot delete */ 219 uint8_t part_of_config; 220 } ATTR_PACKED; 221 222 union acl_addr_storage { 223 #ifdef INET6 224 struct in_addr addr; 225 struct in6_addr addr6; 226 #else 227 struct in_addr addr; 228 #endif 229 }; 230 231 /* 232 * Access control list element 233 */ 234 struct acl_options { 235 struct acl_options* next; 236 237 /* options */ 238 time_t ixfr_disabled; 239 int bad_xfr_count; 240 uint8_t use_axfr_only; 241 uint8_t allow_udp; 242 243 /* ip address range */ 244 const char* ip_address_spec; 245 uint8_t is_ipv6; 246 unsigned int port; /* is 0(no port) or suffix @port value */ 247 union acl_addr_storage addr; 248 union acl_addr_storage range_mask; 249 enum { 250 acl_range_single = 0, /* single address */ 251 acl_range_mask = 1, /* 10.20.30.40&255.255.255.0 */ 252 acl_range_subnet = 2, /* 10.20.30.40/28 */ 253 acl_range_minmax = 3 /* 10.20.30.40-10.20.30.60 (mask=max) */ 254 } rangetype; 255 256 /* key */ 257 uint8_t nokey; 258 uint8_t blocked; 259 const char* key_name; 260 struct key_options* key_options; 261 } ATTR_PACKED; 262 263 /* 264 * Key definition 265 */ 266 struct key_options { 267 rbnode_type node; /* key of tree is name */ 268 char* name; 269 char* algorithm; 270 char* secret; 271 struct tsig_key* tsig_key; 272 } ATTR_PACKED; 273 274 /** zone list free space */ 275 struct zonelist_free { 276 struct zonelist_free* next; 277 off_t off; 278 }; 279 /** zonelist free bucket for a particular line length */ 280 struct zonelist_bucket { 281 rbnode_type node; /* key is ptr to linesize */ 282 int linesize; 283 struct zonelist_free* list; 284 }; 285 286 /* default zonefile write interval if database is "", in seconds */ 287 #define ZONEFILES_WRITE_INTERVAL 3600 288 289 struct zonestatname { 290 rbnode_type node; /* key is malloced string with cooked zonestat name */ 291 unsigned id; /* index in nsd.zonestat array */ 292 }; 293 294 /* 295 * Used during options parsing 296 */ 297 struct config_parser_state { 298 char* filename; 299 const char* chroot; 300 int line; 301 int errors; 302 struct nsd_options* opt; 303 /* pointer to memory where options for the configuration block that is 304 currently parsed must be stored. memory is dynamically allocated, 305 the block is promoted once it is closed. */ 306 struct pattern_options *pattern; 307 struct zone_options *zone; 308 struct key_options *key; 309 void (*err)(void*,const char*); 310 void* err_arg; 311 }; 312 313 extern config_parser_state_type* cfg_parser; 314 315 /* region will be put in nsd_options struct. Returns empty options struct. */ 316 struct nsd_options* nsd_options_create(region_type* region); 317 /* the number of zones that are configured */ 318 static inline size_t nsd_options_num_zones(struct nsd_options* opt) 319 { return opt->zone_options->count; } 320 /* insert a zone into the main options tree, returns 0 on error */ 321 int nsd_options_insert_zone(struct nsd_options* opt, struct zone_options* zone); 322 /* insert a pattern into the main options tree, returns 0 on error */ 323 int nsd_options_insert_pattern(struct nsd_options* opt, 324 struct pattern_options* pat); 325 326 /* parses options file. Returns false on failure. callback, if nonNULL, 327 * gets called with error strings, default prints. */ 328 int parse_options_file(struct nsd_options* opt, const char* file, 329 void (*err)(void*,const char*), void* err_arg); 330 struct zone_options* zone_options_create(region_type* region); 331 void zone_options_delete(struct nsd_options* opt, struct zone_options* zone); 332 /* find a zone by apex domain name, or NULL if not found. */ 333 struct zone_options* zone_options_find(struct nsd_options* opt, 334 const struct dname* apex); 335 struct pattern_options* pattern_options_create(region_type* region); 336 struct pattern_options* pattern_options_find(struct nsd_options* opt, const char* name); 337 int pattern_options_equal(struct pattern_options* p, struct pattern_options* q); 338 void pattern_options_remove(struct nsd_options* opt, const char* name); 339 void pattern_options_add_modify(struct nsd_options* opt, 340 struct pattern_options* p); 341 void pattern_options_marshal(struct buffer* buffer, struct pattern_options* p); 342 struct pattern_options* pattern_options_unmarshal(region_type* r, 343 struct buffer* b); 344 struct key_options* key_options_create(region_type* region); 345 void key_options_insert(struct nsd_options* opt, struct key_options* key); 346 struct key_options* key_options_find(struct nsd_options* opt, const char* name); 347 void key_options_remove(struct nsd_options* opt, const char* name); 348 int key_options_equal(struct key_options* p, struct key_options* q); 349 void key_options_add_modify(struct nsd_options* opt, struct key_options* key); 350 void key_options_setup(region_type* region, struct key_options* key); 351 void key_options_desetup(region_type* region, struct key_options* key); 352 /* read in zone list file. Returns false on failure */ 353 int parse_zone_list_file(struct nsd_options* opt); 354 /* create zone entry and add to the zonelist file */ 355 struct zone_options* zone_list_add(struct nsd_options* opt, const char* zname, 356 const char* pname); 357 /* create zonelist entry, do not insert in file (called by _add) */ 358 struct zone_options* zone_list_zone_insert(struct nsd_options* opt, 359 const char* nm, const char* patnm, int linesize, off_t off); 360 void zone_list_del(struct nsd_options* opt, struct zone_options* zone); 361 void zone_list_compact(struct nsd_options* opt); 362 void zone_list_close(struct nsd_options* opt); 363 364 /* create zonestat name tree , for initially created zones */ 365 void options_zonestatnames_create(struct nsd_options* opt); 366 /* Get zonestat id for zone options, add new entry if necessary. 367 * instantiates the pattern's zonestat string */ 368 unsigned getzonestatid(struct nsd_options* opt, struct zone_options* zopt); 369 /* create string, same options as zonefile but no chroot changes */ 370 const char* config_cook_string(struct zone_options* zone, const char* input); 371 372 /** check if config for remote control turns on IP-address interface 373 * with certificates or a named pipe without certificates. */ 374 int options_remote_is_address(struct nsd_options* cfg); 375 376 #if defined(HAVE_SSL) 377 /* tsig must be inited, adds all keys in options to tsig. */ 378 void key_options_tsig_add(struct nsd_options* opt); 379 #endif 380 381 /* check acl list, acl number that matches if passed(0..), 382 * or failure (-1) if dropped */ 383 /* the reason why (the acl) is returned too (or NULL) */ 384 int acl_check_incoming(struct acl_options* acl, struct query* q, 385 struct acl_options** reason); 386 int acl_addr_matches_host(struct acl_options* acl, struct acl_options* host); 387 int acl_addr_matches(struct acl_options* acl, struct query* q); 388 int acl_key_matches(struct acl_options* acl, struct query* q); 389 int acl_addr_match_mask(uint32_t* a, uint32_t* b, uint32_t* mask, size_t sz); 390 int acl_addr_match_range(uint32_t* minval, uint32_t* x, uint32_t* maxval, size_t sz); 391 392 /* returns true if acls are both from the same host */ 393 int acl_same_host(struct acl_options* a, struct acl_options* b); 394 /* find acl by number in the list */ 395 struct acl_options* acl_find_num(struct acl_options* acl, int num); 396 397 /* see if two acl lists are the same (same elements in same order, or empty) */ 398 int acl_list_equal(struct acl_options* p, struct acl_options* q); 399 /* see if two acl are the same */ 400 int acl_equal(struct acl_options* p, struct acl_options* q); 401 402 /* see if a zone is a slave or a master zone */ 403 int zone_is_slave(struct zone_options* opt); 404 /* create zonefile name, returns static pointer (perhaps to options data) */ 405 const char* config_make_zonefile(struct zone_options* zone, struct nsd* nsd); 406 407 #define ZONEC_PCT_TIME 5 /* seconds, then it starts to print pcts */ 408 #define ZONEC_PCT_COUNT 100000 /* elements before pct check is done */ 409 410 /* parsing helpers */ 411 void c_error(const char* msg, ...) ATTR_FORMAT(printf, 1,2); 412 int c_wrap(void); 413 struct acl_options* parse_acl_info(region_type* region, char* ip, 414 const char* key); 415 /* true if ipv6 address, false if ipv4 */ 416 int parse_acl_is_ipv6(const char* p); 417 /* returns range type. mask is the 2nd part of the range */ 418 int parse_acl_range_type(char* ip, char** mask); 419 /* parses subnet mask, fills 0 mask as well */ 420 void parse_acl_range_subnet(char* p, void* addr, int maxbits); 421 /* clean up options */ 422 void nsd_options_destroy(struct nsd_options* opt); 423 /* replace occurrences of one with two in buf, pass length of buffer */ 424 void replace_str(char* buf, size_t len, const char* one, const char* two); 425 /* apply pattern to the existing pattern in the parser */ 426 void config_apply_pattern(struct pattern_options *dest, const char* name); 427 428 #endif /* OPTIONS_H */ 429