1 /* $OpenBSD: resolver.c,v 1.125 2020/09/12 17:01:03 florian Exp $ */ 2 3 /* 4 * Copyright (c) 2018 Florian Obser <florian@openbsd.org> 5 * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org> 6 * Copyright (c) 2004 Esben Norby <norby@openbsd.org> 7 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 8 * 9 * Permission to use, copy, modify, and distribute this software for any 10 * purpose with or without fee is hereby granted, provided that the above 11 * copyright notice and this permission notice appear in all copies. 12 * 13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 */ 21 22 #include <sys/types.h> 23 #include <sys/queue.h> 24 #include <sys/socket.h> 25 #include <sys/syslog.h> 26 #include <sys/time.h> 27 28 #include <net/route.h> 29 30 #include <errno.h> 31 #include <event.h> 32 #include <imsg.h> 33 #include <limits.h> 34 #include <netdb.h> 35 #include <asr.h> 36 #include <pwd.h> 37 #include <signal.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <time.h> 42 #include <tls.h> 43 #include <unistd.h> 44 45 #include "libunbound/config.h" 46 #include "libunbound/libunbound/context.h" 47 #include "libunbound/libunbound/libworker.h" 48 #include "libunbound/libunbound/unbound.h" 49 #include "libunbound/libunbound/unbound-event.h" 50 #include "libunbound/services/cache/rrset.h" 51 #include "libunbound/sldns/sbuffer.h" 52 #include "libunbound/sldns/rrdef.h" 53 #include "libunbound/sldns/pkthdr.h" 54 #include "libunbound/sldns/wire2str.h" 55 #include "libunbound/util/config_file.h" 56 #include "libunbound/util/module.h" 57 #include "libunbound/util/regional.h" 58 #include "libunbound/util/storage/slabhash.h" 59 #include "libunbound/validator/validator.h" 60 #include "libunbound/validator/val_kcache.h" 61 #include "libunbound/validator/val_neg.h" 62 63 #include <openssl/crypto.h> 64 65 #include "log.h" 66 #include "frontend.h" 67 #include "unwind.h" 68 #include "resolver.h" 69 70 #define TLS_DEFAULT_CA_CERT_FILE "/etc/ssl/cert.pem" 71 #define UB_LOG_VERBOSE 4 72 #define UB_LOG_BRIEF 0 73 74 /* maximum size of a libunbound forwarder definition: IP@PORT#AUTHNAME */ 75 #define FWD_MAX (INET6_ADDRSTRLEN + NI_MAXHOST + 2 + 5) 76 77 /* 78 * The prefered resolver type can be this many ms slower than the next 79 * best and still be picked 80 */ 81 #define PREF_RESOLVER_MEDIAN_SKEW 200 /* 200 ms */ 82 #define NEXT_RES_MAX 2000 /* 2000 ms */ 83 84 #define DOUBT_NXDOMAIN_SEC (5 * 60) /* 5 minutes */ 85 86 #define RESOLVER_CHECK_SEC 1 87 #define RESOLVER_CHECK_MAXSEC 1024 /* ~17 minutes */ 88 #define DECAY_PERIOD 60 89 #define DECAY_NOMINATOR 9 90 #define DECAY_DENOMINATOR 10 91 92 #define TRUST_ANCHOR_RETRY_INTERVAL 8640 93 #define TRUST_ANCHOR_QUERY_INTERVAL 43200 94 95 /* in libworker_event_done_cb() enum sec_status gets mapped to 0, 1 and 2 */ 96 #define INSECURE 0 97 #define BOGUS 1 98 #define SECURE 2 99 100 struct uw_resolver { 101 struct event check_ev; 102 struct event free_ev; 103 struct ub_ctx *ctx; 104 void *asr_ctx; 105 struct timeval check_tv; 106 int ref_cnt; 107 int stop; 108 enum uw_resolver_state state; 109 enum uw_resolver_type type; 110 int check_running; 111 int64_t median; 112 int64_t histogram[nitems(histogram_limits)]; 113 int64_t latest_histogram[nitems(histogram_limits)]; 114 }; 115 116 struct running_query { 117 TAILQ_ENTRY(running_query) entry; 118 struct query_imsg *query_imsg; 119 struct event timer_ev; 120 struct timespec tp; 121 struct resolver_preference res_pref; 122 int next_resolver; 123 int running; 124 }; 125 126 TAILQ_HEAD(, running_query) running_queries; 127 128 typedef void (*resolve_cb_t)(struct uw_resolver *, void *, int, void *, int, 129 int, char *); 130 131 struct resolver_cb_data { 132 resolve_cb_t cb; 133 void *data; 134 struct uw_resolver *res; 135 }; 136 137 __dead void resolver_shutdown(void); 138 void resolver_sig_handler(int sig, short, void *); 139 void resolver_dispatch_frontend(int, short, void *); 140 void resolver_dispatch_main(int, short, void *); 141 int sort_resolver_types(struct resolver_preference *); 142 void setup_query(struct query_imsg *); 143 struct running_query *find_running_query(uint64_t); 144 void try_resolver_timo(int, short, void *); 145 int try_next_resolver(struct running_query *); 146 147 int resolve(struct uw_resolver *, const char*, int, int, 148 void*, resolve_cb_t); 149 void resolve_done(struct uw_resolver *, void *, int, void *, 150 int, int, char *); 151 void ub_resolve_done(void *, int, void *, int, int, char *, 152 int); 153 void asr_resolve_done(struct asr_result *, void *); 154 void new_resolver(enum uw_resolver_type, 155 enum uw_resolver_state); 156 struct uw_resolver *create_resolver(enum uw_resolver_type); 157 void setup_unified_caches(void); 158 void set_unified_cache(struct uw_resolver *); 159 void free_resolver(struct uw_resolver *); 160 void set_forwarders(struct uw_resolver *, 161 struct uw_forwarder_head *, int); 162 void resolver_check_timo(int, short, void *); 163 void resolver_free_timo(int, short, void *); 164 void check_resolver(struct uw_resolver *); 165 void check_resolver_done(struct uw_resolver *, void *, int, 166 void *, int, int, char *); 167 void schedule_recheck_all_resolvers(void); 168 int check_forwarders_changed(struct uw_forwarder_head *, 169 struct uw_forwarder_head *); 170 void replace_forwarders(struct uw_forwarder_head *, 171 struct uw_forwarder_head *); 172 void resolver_ref(struct uw_resolver *); 173 void resolver_unref(struct uw_resolver *); 174 int resolver_cmp(const void *, const void *); 175 void restart_ub_resolvers(void); 176 void show_status(pid_t); 177 void show_autoconf(pid_t); 178 void show_mem(pid_t); 179 void send_resolver_info(struct uw_resolver *, pid_t); 180 void send_detailed_resolver_info(struct uw_resolver *, 181 pid_t); 182 void trust_anchor_resolve(void); 183 void trust_anchor_timo(int, short, void *); 184 void trust_anchor_resolve_done(struct uw_resolver *, void *, 185 int, void *, int, int, char *); 186 void replace_autoconf_forwarders(struct 187 imsg_rdns_proposal *); 188 int force_tree_cmp(struct force_tree_entry *, 189 struct force_tree_entry *); 190 int find_force(struct force_tree *, char *, 191 struct uw_resolver **); 192 int64_t histogram_median(int64_t *); 193 void decay_latest_histograms(int, short, void *); 194 int running_query_cnt(void); 195 int *resolvers_to_restart(struct uw_conf *, 196 struct uw_conf *); 197 198 struct uw_conf *resolver_conf; 199 struct imsgev *iev_frontend; 200 struct imsgev *iev_main; 201 struct uw_forwarder_head autoconf_forwarder_list; 202 struct uw_resolver *resolvers[UW_RES_NONE]; 203 int enabled_resolvers[UW_RES_NONE]; 204 struct timespec last_network_change; 205 206 struct event trust_anchor_timer; 207 struct event decay_timer; 208 209 static struct trust_anchor_head trust_anchors, new_trust_anchors; 210 211 struct event_base *ev_base; 212 213 RB_GENERATE(force_tree, force_tree_entry, entry, force_tree_cmp) 214 215 int val_id = -1; 216 struct slabhash *unified_msg_cache; 217 struct rrset_cache *unified_rrset_cache; 218 struct key_cache *unified_key_cache; 219 struct val_neg_cache *unified_neg_cache; 220 221 static const char * const as112_zones[] = { 222 /* RFC1918 */ 223 "10.in-addr.arpa. transparent", 224 "16.172.in-addr.arpa. transparent", 225 "31.172.in-addr.arpa. transparent", 226 "168.192.in-addr.arpa. transparent", 227 228 /* RFC3330 */ 229 "0.in-addr.arpa. transparent", 230 "254.169.in-addr.arpa. transparent", 231 "2.0.192.in-addr.arpa. transparent", 232 "100.51.198.in-addr.arpa. transparent", 233 "113.0.203.in-addr.arpa. transparent", 234 "255.255.255.255.in-addr.arpa. transparent", 235 236 /* RFC6598 */ 237 "64.100.in-addr.arpa. transparent", 238 "65.100.in-addr.arpa. transparent", 239 "66.100.in-addr.arpa. transparent", 240 "67.100.in-addr.arpa. transparent", 241 "68.100.in-addr.arpa. transparent", 242 "69.100.in-addr.arpa. transparent", 243 "70.100.in-addr.arpa. transparent", 244 "71.100.in-addr.arpa. transparent", 245 "72.100.in-addr.arpa. transparent", 246 "73.100.in-addr.arpa. transparent", 247 "74.100.in-addr.arpa. transparent", 248 "75.100.in-addr.arpa. transparent", 249 "76.100.in-addr.arpa. transparent", 250 "77.100.in-addr.arpa. transparent", 251 "78.100.in-addr.arpa. transparent", 252 "79.100.in-addr.arpa. transparent", 253 "80.100.in-addr.arpa. transparent", 254 "81.100.in-addr.arpa. transparent", 255 "82.100.in-addr.arpa. transparent", 256 "83.100.in-addr.arpa. transparent", 257 "84.100.in-addr.arpa. transparent", 258 "85.100.in-addr.arpa. transparent", 259 "86.100.in-addr.arpa. transparent", 260 "87.100.in-addr.arpa. transparent", 261 "88.100.in-addr.arpa. transparent", 262 "89.100.in-addr.arpa. transparent", 263 "90.100.in-addr.arpa. transparent", 264 "91.100.in-addr.arpa. transparent", 265 "92.100.in-addr.arpa. transparent", 266 "93.100.in-addr.arpa. transparent", 267 "94.100.in-addr.arpa. transparent", 268 "95.100.in-addr.arpa. transparent", 269 "96.100.in-addr.arpa. transparent", 270 "97.100.in-addr.arpa. transparent", 271 "98.100.in-addr.arpa. transparent", 272 "99.100.in-addr.arpa. transparent", 273 "100.100.in-addr.arpa. transparent", 274 "101.100.in-addr.arpa. transparent", 275 "102.100.in-addr.arpa. transparent", 276 "103.100.in-addr.arpa. transparent", 277 "104.100.in-addr.arpa. transparent", 278 "105.100.in-addr.arpa. transparent", 279 "106.100.in-addr.arpa. transparent", 280 "107.100.in-addr.arpa. transparent", 281 "108.100.in-addr.arpa. transparent", 282 "109.100.in-addr.arpa. transparent", 283 "110.100.in-addr.arpa. transparent", 284 "111.100.in-addr.arpa. transparent", 285 "112.100.in-addr.arpa. transparent", 286 "113.100.in-addr.arpa. transparent", 287 "114.100.in-addr.arpa. transparent", 288 "115.100.in-addr.arpa. transparent", 289 "116.100.in-addr.arpa. transparent", 290 "117.100.in-addr.arpa. transparent", 291 "118.100.in-addr.arpa. transparent", 292 "119.100.in-addr.arpa. transparent", 293 "120.100.in-addr.arpa. transparent", 294 "121.100.in-addr.arpa. transparent", 295 "122.100.in-addr.arpa. transparent", 296 "123.100.in-addr.arpa. transparent", 297 "124.100.in-addr.arpa. transparent", 298 "125.100.in-addr.arpa. transparent", 299 "126.100.in-addr.arpa. transparent", 300 "127.100.in-addr.arpa. transparent", 301 302 /* RFC4291 */ 303 "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0." 304 "ip6.arpa. transparent", 305 306 /* RFC4193 */ 307 "D.F.ip6.arpa. transparent", 308 309 /* RFC4291 */ 310 "8.E.F.ip6.arpa. transparent", 311 "9.E.F.ip6.arpa. transparent", 312 "A.E.F.ip6.arpa. transparent", 313 "B.E.F.ip6.arpa. transparent", 314 315 /* RFC3849 */ 316 "8.B.D.0.1.0.0.2.ip6.arpa. transparent" 317 }; 318 319 const char bogus_past[] = "validation failure <. NS IN>: signature " 320 "expired"; 321 const char bogus_future[] = "validation failure <. NS IN>: signature " 322 "before inception date"; 323 324 void 325 resolver_sig_handler(int sig, short event, void *arg) 326 { 327 /* 328 * Normal signal handler rules don't apply because libevent 329 * decouples for us. 330 */ 331 332 switch (sig) { 333 case SIGINT: 334 case SIGTERM: 335 resolver_shutdown(); 336 default: 337 fatalx("unexpected signal"); 338 } 339 } 340 341 void 342 resolver(int debug, int verbose) 343 { 344 struct event ev_sigint, ev_sigterm; 345 struct passwd *pw; 346 struct timeval tv = {DECAY_PERIOD, 0}; 347 struct alloc_cache cache_alloc_test; 348 349 resolver_conf = config_new_empty(); 350 351 log_init(debug, LOG_DAEMON); 352 log_setverbose(verbose); 353 354 if ((pw = getpwnam(UNWIND_USER)) == NULL) 355 fatal("getpwnam"); 356 357 uw_process = PROC_RESOLVER; 358 setproctitle("%s", log_procnames[uw_process]); 359 log_procinit(log_procnames[uw_process]); 360 361 if (setgroups(1, &pw->pw_gid) || 362 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || 363 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) 364 fatal("can't drop privileges"); 365 366 if (unveil(TLS_DEFAULT_CA_CERT_FILE, "r") == -1) 367 fatal("unveil"); 368 369 if (pledge("stdio inet dns rpath recvfd", NULL) == -1) 370 fatal("pledge"); 371 372 ev_base = event_init(); 373 374 /* Setup signal handler(s). */ 375 signal_set(&ev_sigint, SIGINT, resolver_sig_handler, NULL); 376 signal_set(&ev_sigterm, SIGTERM, resolver_sig_handler, NULL); 377 signal_add(&ev_sigint, NULL); 378 signal_add(&ev_sigterm, NULL); 379 signal(SIGPIPE, SIG_IGN); 380 signal(SIGHUP, SIG_IGN); 381 382 /* Setup pipe and event handler to the main process. */ 383 if ((iev_main = malloc(sizeof(struct imsgev))) == NULL) 384 fatal(NULL); 385 386 imsg_init(&iev_main->ibuf, 3); 387 iev_main->handler = resolver_dispatch_main; 388 389 /* Setup event handlers. */ 390 iev_main->events = EV_READ; 391 event_set(&iev_main->ev, iev_main->ibuf.fd, iev_main->events, 392 iev_main->handler, iev_main); 393 event_add(&iev_main->ev, NULL); 394 395 evtimer_set(&trust_anchor_timer, trust_anchor_timo, NULL); 396 evtimer_set(&decay_timer, decay_latest_histograms, NULL); 397 evtimer_add(&decay_timer, &tv); 398 399 clock_gettime(CLOCK_MONOTONIC, &last_network_change); 400 401 alloc_init(&cache_alloc_test, NULL, 0); 402 if (cache_alloc_test.max_reg_blocks != 10) 403 fatalx("local libunbound/util/alloc.c diff lost"); 404 alloc_clear(&cache_alloc_test); 405 406 setup_unified_caches(); 407 408 TAILQ_INIT(&autoconf_forwarder_list); 409 TAILQ_INIT(&trust_anchors); 410 TAILQ_INIT(&new_trust_anchors); 411 TAILQ_INIT(&running_queries); 412 413 event_dispatch(); 414 415 resolver_shutdown(); 416 } 417 418 __dead void 419 resolver_shutdown(void) 420 { 421 /* Close pipes. */ 422 msgbuf_clear(&iev_frontend->ibuf.w); 423 close(iev_frontend->ibuf.fd); 424 msgbuf_clear(&iev_main->ibuf.w); 425 close(iev_main->ibuf.fd); 426 427 config_clear(resolver_conf); 428 429 free(iev_frontend); 430 free(iev_main); 431 432 log_info("resolver exiting"); 433 exit(0); 434 } 435 436 int 437 resolver_imsg_compose_main(int type, pid_t pid, void *data, uint16_t datalen) 438 { 439 return (imsg_compose_event(iev_main, type, 0, pid, -1, data, datalen)); 440 } 441 442 int 443 resolver_imsg_compose_frontend(int type, pid_t pid, void *data, 444 uint16_t datalen) 445 { 446 return (imsg_compose_event(iev_frontend, type, 0, pid, -1, 447 data, datalen)); 448 } 449 450 void 451 resolver_dispatch_frontend(int fd, short event, void *bula) 452 { 453 struct imsgev *iev = bula; 454 struct imsgbuf *ibuf; 455 struct imsg imsg; 456 struct query_imsg *query_imsg; 457 ssize_t n; 458 int shut = 0, verbose, i; 459 char *ta; 460 461 ibuf = &iev->ibuf; 462 463 if (event & EV_READ) { 464 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 465 fatal("imsg_read error"); 466 if (n == 0) /* Connection closed. */ 467 shut = 1; 468 } 469 if (event & EV_WRITE) { 470 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) 471 fatal("msgbuf_write"); 472 if (n == 0) /* Connection closed. */ 473 shut = 1; 474 } 475 476 for (;;) { 477 if ((n = imsg_get(ibuf, &imsg)) == -1) 478 fatal("%s: imsg_get error", __func__); 479 if (n == 0) /* No more messages. */ 480 break; 481 482 switch (imsg.hdr.type) { 483 case IMSG_CTL_LOG_VERBOSE: 484 if (IMSG_DATA_SIZE(imsg) != sizeof(verbose)) 485 fatalx("%s: IMSG_CTL_LOG_VERBOSE wrong length: " 486 "%lu", __func__, 487 IMSG_DATA_SIZE(imsg)); 488 memcpy(&verbose, imsg.data, sizeof(verbose)); 489 if ((log_getverbose() & OPT_VERBOSE3) 490 != (verbose & OPT_VERBOSE3)) 491 restart_ub_resolvers(); 492 log_setverbose(verbose); 493 break; 494 case IMSG_QUERY: 495 if (IMSG_DATA_SIZE(imsg) != sizeof(*query_imsg)) 496 fatalx("%s: IMSG_QUERY wrong length: %lu", 497 __func__, IMSG_DATA_SIZE(imsg)); 498 if ((query_imsg = malloc(sizeof(*query_imsg))) == 499 NULL) { 500 log_warn("cannot allocate query"); 501 break; 502 } 503 memcpy(query_imsg, imsg.data, sizeof(*query_imsg)); 504 setup_query(query_imsg); 505 break; 506 case IMSG_CTL_STATUS: 507 if (IMSG_DATA_SIZE(imsg) != 0) 508 fatalx("%s: IMSG_CTL_STATUS wrong length: %lu", 509 __func__, IMSG_DATA_SIZE(imsg)); 510 show_status(imsg.hdr.pid); 511 break; 512 case IMSG_CTL_AUTOCONF: 513 if (IMSG_DATA_SIZE(imsg) != 0) 514 fatalx("%s: IMSG_CTL_AUTOCONF wrong length: " 515 "%lu", __func__, IMSG_DATA_SIZE(imsg)); 516 show_autoconf(imsg.hdr.pid); 517 break; 518 case IMSG_CTL_MEM: 519 if (IMSG_DATA_SIZE(imsg) != 0) 520 fatalx("%s: IMSG_CTL_AUTOCONF wrong length: " 521 "%lu", __func__, IMSG_DATA_SIZE(imsg)); 522 show_mem(imsg.hdr.pid); 523 break; 524 case IMSG_NEW_TA: 525 /* make sure this is a string */ 526 ((char *)imsg.data)[IMSG_DATA_SIZE(imsg) - 1] = '\0'; 527 ta = imsg.data; 528 add_new_ta(&new_trust_anchors, ta); 529 break; 530 case IMSG_NEW_TAS_ABORT: 531 free_tas(&new_trust_anchors); 532 break; 533 case IMSG_NEW_TAS_DONE: 534 if (merge_tas(&new_trust_anchors, &trust_anchors)) 535 restart_ub_resolvers(); 536 break; 537 case IMSG_NETWORK_CHANGED: 538 clock_gettime(CLOCK_MONOTONIC, &last_network_change); 539 schedule_recheck_all_resolvers(); 540 for (i = 0; i < UW_RES_NONE; i++) { 541 if (resolvers[i] == NULL) 542 continue; 543 memset(resolvers[i]->latest_histogram, 0, 544 sizeof(resolvers[i]->latest_histogram)); 545 resolvers[i]->median = histogram_median( 546 resolvers[i]->latest_histogram); 547 } 548 549 break; 550 case IMSG_REPLACE_DNS: 551 if (IMSG_DATA_SIZE(imsg) != 552 sizeof(struct imsg_rdns_proposal)) 553 fatalx("%s: IMSG_ADD_DNS wrong length: %lu", 554 __func__, IMSG_DATA_SIZE(imsg)); 555 replace_autoconf_forwarders((struct 556 imsg_rdns_proposal *)imsg.data); 557 break; 558 default: 559 log_debug("%s: unexpected imsg %d", __func__, 560 imsg.hdr.type); 561 break; 562 } 563 imsg_free(&imsg); 564 } 565 if (!shut) 566 imsg_event_add(iev); 567 else { 568 /* This pipe is dead. Remove its event handler. */ 569 event_del(&iev->ev); 570 event_loopexit(NULL); 571 } 572 } 573 574 void 575 resolver_dispatch_main(int fd, short event, void *bula) 576 { 577 static struct uw_conf *nconf; 578 struct imsg imsg; 579 struct imsgev *iev = bula; 580 struct imsgbuf *ibuf; 581 ssize_t n; 582 int shut = 0, i, *restart; 583 584 ibuf = &iev->ibuf; 585 586 if (event & EV_READ) { 587 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 588 fatal("imsg_read error"); 589 if (n == 0) /* Connection closed. */ 590 shut = 1; 591 } 592 if (event & EV_WRITE) { 593 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) 594 fatal("msgbuf_write"); 595 if (n == 0) /* Connection closed. */ 596 shut = 1; 597 } 598 599 for (;;) { 600 if ((n = imsg_get(ibuf, &imsg)) == -1) 601 fatal("%s: imsg_get error", __func__); 602 if (n == 0) /* No more messages. */ 603 break; 604 605 switch (imsg.hdr.type) { 606 case IMSG_SOCKET_IPC_FRONTEND: 607 /* 608 * Setup pipe and event handler to the frontend 609 * process. 610 */ 611 if (iev_frontend) 612 fatalx("%s: received unexpected imsg fd " 613 "to resolver", __func__); 614 615 if ((fd = imsg.fd) == -1) 616 fatalx("%s: expected to receive imsg fd to " 617 "resolver but didn't receive any", __func__); 618 619 iev_frontend = malloc(sizeof(struct imsgev)); 620 if (iev_frontend == NULL) 621 fatal(NULL); 622 623 imsg_init(&iev_frontend->ibuf, fd); 624 iev_frontend->handler = resolver_dispatch_frontend; 625 iev_frontend->events = EV_READ; 626 627 event_set(&iev_frontend->ev, iev_frontend->ibuf.fd, 628 iev_frontend->events, iev_frontend->handler, 629 iev_frontend); 630 event_add(&iev_frontend->ev, NULL); 631 break; 632 633 case IMSG_STARTUP: 634 if (pledge("stdio inet dns rpath", NULL) == -1) 635 fatal("pledge"); 636 break; 637 case IMSG_RECONF_CONF: 638 case IMSG_RECONF_BLOCKLIST_FILE: 639 case IMSG_RECONF_FORWARDER: 640 case IMSG_RECONF_DOT_FORWARDER: 641 case IMSG_RECONF_FORCE: 642 imsg_receive_config(&imsg, &nconf); 643 break; 644 case IMSG_RECONF_END: 645 if (nconf == NULL) 646 fatalx("%s: IMSG_RECONF_END without " 647 "IMSG_RECONF_CONF", __func__); 648 restart = resolvers_to_restart(resolver_conf, nconf); 649 merge_config(resolver_conf, nconf); 650 memset(enabled_resolvers, 0, sizeof(enabled_resolvers)); 651 for (i = 0; i < resolver_conf->res_pref.len; i++) 652 enabled_resolvers[ 653 resolver_conf->res_pref.types[i]] = 1; 654 nconf = NULL; 655 for (i = 0; i < UW_RES_NONE; i++) 656 if (restart[i]) 657 new_resolver(i, UNKNOWN); 658 break; 659 default: 660 log_debug("%s: unexpected imsg %d", __func__, 661 imsg.hdr.type); 662 break; 663 } 664 imsg_free(&imsg); 665 } 666 if (!shut) 667 imsg_event_add(iev); 668 else { 669 /* This pipe is dead. Remove its event handler. */ 670 event_del(&iev->ev); 671 event_loopexit(NULL); 672 } 673 } 674 675 int 676 sort_resolver_types(struct resolver_preference *dst) 677 { 678 memcpy(dst, &resolver_conf->res_pref, sizeof(*dst)); 679 680 /* 681 * Sort by resolver quality, validating > resolving etc. 682 * mergesort is stable and keeps the configured preference order 683 */ 684 return mergesort(dst->types, dst->len, sizeof(dst->types[0]), 685 resolver_cmp); 686 } 687 688 void 689 setup_query(struct query_imsg *query_imsg) 690 { 691 struct running_query *rq; 692 struct uw_resolver *res; 693 694 if (find_running_query(query_imsg->id) != NULL) { 695 free(query_imsg); 696 return; 697 } 698 699 if ((rq = calloc(1, sizeof(*rq))) == NULL) { 700 log_warnx(NULL); 701 free(query_imsg); 702 return; 703 } 704 705 clock_gettime(CLOCK_MONOTONIC, &rq->tp); 706 rq->query_imsg = query_imsg; 707 rq->next_resolver = 0; 708 709 find_force(&resolver_conf->force, query_imsg->qname, &res); 710 711 if (res != NULL && res->state != DEAD && res->state != UNKNOWN) { 712 rq->res_pref.len = 1; 713 rq->res_pref.types[0] = res->type; 714 } else if (sort_resolver_types(&rq->res_pref) == -1) { 715 log_warn("mergesort"); 716 free(rq->query_imsg); 717 free(rq); 718 return; 719 } 720 721 evtimer_set(&rq->timer_ev, try_resolver_timo, rq); 722 723 TAILQ_INSERT_TAIL(&running_queries, rq, entry); 724 try_next_resolver(rq); 725 } 726 727 struct running_query * 728 find_running_query(uint64_t id) 729 { 730 struct running_query *rq; 731 732 TAILQ_FOREACH(rq, &running_queries, entry) { 733 if (rq->query_imsg->id == id) 734 return rq; 735 } 736 return NULL; 737 } 738 739 void 740 try_resolver_timo(int fd, short events, void *arg) 741 { 742 struct running_query *rq = arg; 743 744 try_next_resolver(rq); 745 } 746 747 int 748 try_next_resolver(struct running_query *rq) 749 { 750 struct uw_resolver *res = NULL; 751 struct query_imsg *query_imsg = NULL; 752 struct timespec tp, elapsed; 753 struct timeval tv = {0, 0}; 754 int64_t ms; 755 char qclass_buf[16]; 756 char qtype_buf[16]; 757 758 while(rq->next_resolver < rq->res_pref.len && 759 ((res = resolvers[rq->res_pref.types[rq->next_resolver]]) == NULL || 760 res->state == DEAD || res->state == UNKNOWN)) 761 rq->next_resolver++; 762 763 if (res == NULL) { 764 evtimer_del(&rq->timer_ev); /* we are not going to find one */ 765 log_debug("%s: could not find (any more) working resolvers", 766 __func__); 767 goto err; 768 } 769 770 rq->next_resolver++; 771 clock_gettime(CLOCK_MONOTONIC, &tp); 772 timespecsub(&tp, &rq->tp, &elapsed); 773 ms = elapsed.tv_sec * 1000 + elapsed.tv_nsec / 1000000; 774 775 sldns_wire2str_class_buf(rq->query_imsg->c, qclass_buf, 776 sizeof(qclass_buf)); 777 sldns_wire2str_type_buf(rq->query_imsg->t, qtype_buf, 778 sizeof(qtype_buf)); 779 log_debug("%s[+%lldms]: %s[%s] %s %s %s", __func__, ms, 780 uw_resolver_type_str[res->type], uw_resolver_state_str[res->state], 781 rq->query_imsg->qname, qclass_buf, qtype_buf); 782 783 if ((query_imsg = malloc(sizeof(*query_imsg))) == NULL) { 784 log_warnx("%s", __func__); 785 goto err; 786 } 787 memcpy(query_imsg, rq->query_imsg, sizeof(*query_imsg)); 788 clock_gettime(CLOCK_MONOTONIC, &query_imsg->tp); 789 790 ms = res->median; 791 if (ms > NEXT_RES_MAX) 792 ms = NEXT_RES_MAX; 793 if (res->type == resolver_conf->res_pref.types[0]) 794 tv.tv_usec = 1000 * (PREF_RESOLVER_MEDIAN_SKEW + ms); 795 else 796 tv.tv_usec = 1000 * ms; 797 798 while (tv.tv_usec >= 1000000) { 799 tv.tv_sec++; 800 tv.tv_usec -= 1000000; 801 } 802 evtimer_add(&rq->timer_ev, &tv); 803 804 rq->running++; 805 if (resolve(res, query_imsg->qname, query_imsg->t, 806 query_imsg->c, query_imsg, resolve_done) != 0) { 807 rq->running--; 808 goto err; 809 } 810 811 return 0; 812 813 err: 814 free(query_imsg); 815 if (rq->running == 0) { 816 TAILQ_REMOVE(&running_queries, rq, entry); 817 evtimer_del(&rq->timer_ev); 818 free(rq->query_imsg); 819 free(rq); 820 } 821 return 1; 822 } 823 824 int 825 resolve(struct uw_resolver *res, const char* name, int rrtype, int rrclass, 826 void *mydata, resolve_cb_t cb) 827 { 828 struct resolver_cb_data *cb_data = NULL; 829 struct asr_query *aq = NULL; 830 int err; 831 832 resolver_ref(res); 833 834 if ((cb_data = malloc(sizeof(*cb_data))) == NULL) 835 goto err; 836 cb_data->cb = cb; 837 cb_data->data = mydata; 838 cb_data->res = res; 839 840 switch(res->type) { 841 case UW_RES_ASR: 842 if ((aq = res_query_async(name, rrclass, rrtype, res->asr_ctx)) 843 == NULL) { 844 log_warn("%s: res_query_async", __func__); 845 goto err; 846 } 847 if (event_asr_run(aq, asr_resolve_done, cb_data) == NULL) { 848 log_warn("%s: res_query_async", __func__); 849 goto err; 850 } 851 break; 852 case UW_RES_RECURSOR: 853 case UW_RES_DHCP: 854 case UW_RES_ODOT_DHCP: 855 case UW_RES_FORWARDER: 856 case UW_RES_ODOT_FORWARDER: 857 case UW_RES_DOT: 858 if ((err = ub_resolve_event(res->ctx, name, rrtype, rrclass, 859 cb_data, ub_resolve_done, NULL)) != 0) { 860 log_warn("%s: ub_resolve_event: err: %d, %s", __func__, 861 err, ub_strerror(err)); 862 goto err; 863 } 864 break; 865 default: 866 fatalx("unknown resolver type %d", res->type); 867 break; 868 } 869 870 return 0; 871 err: 872 free(cb_data); 873 free(aq); 874 resolver_unref(res); 875 return 1; 876 } 877 878 void 879 resolve_done(struct uw_resolver *res, void *arg, int rcode, 880 void *answer_packet, int answer_len, int sec, char *why_bogus) 881 { 882 struct uw_resolver *tmp_res; 883 struct ub_result *result = NULL; 884 sldns_buffer *buf = NULL; 885 struct regional *region = NULL; 886 struct query_imsg *query_imsg; 887 struct running_query *rq; 888 struct timespec tp, elapsed; 889 int64_t ms; 890 size_t i; 891 int running_res, asr_pref_pos, force_acceptbogus; 892 char *str; 893 char rcode_buf[16]; 894 char qclass_buf[16]; 895 char qtype_buf[16]; 896 897 clock_gettime(CLOCK_MONOTONIC, &tp); 898 899 query_imsg = (struct query_imsg *)arg; 900 901 timespecsub(&tp, &query_imsg->tp, &elapsed); 902 903 ms = elapsed.tv_sec * 1000 + elapsed.tv_nsec / 1000000; 904 905 for (i = 0; i < nitems(histogram_limits); i++) { 906 if (ms < histogram_limits[i]) 907 break; 908 } 909 if (i == nitems(histogram_limits)) 910 log_debug("histogram bucket error"); 911 else { 912 res->histogram[i]++; 913 /* latest_histogram is in units of 1000 to avoid rounding 914 down when decaying */ 915 res->latest_histogram[i] += 1000; 916 res->median = histogram_median(res->latest_histogram); 917 } 918 919 if ((rq = find_running_query(query_imsg->id)) == NULL) 920 goto out; 921 922 running_res = --rq->running; 923 924 if (answer_len < LDNS_HEADER_SIZE) { 925 log_warnx("bad packet: too short"); 926 goto servfail; 927 } 928 929 if (rcode == LDNS_RCODE_SERVFAIL) { 930 if (res->stop != 1) 931 check_resolver(res); 932 goto servfail; 933 } 934 935 if ((result = calloc(1, sizeof(*result))) == NULL) 936 goto servfail; 937 if ((buf = sldns_buffer_new(answer_len)) == NULL) 938 goto servfail; 939 if ((region = regional_create()) == NULL) 940 goto servfail; 941 942 result->rcode = LDNS_RCODE_SERVFAIL; 943 944 sldns_buffer_clear(buf); 945 sldns_buffer_write(buf, answer_packet, answer_len); 946 sldns_buffer_flip(buf); 947 libworker_enter_result(result, buf, region, sec); 948 result->answer_packet = NULL; 949 result->answer_len = 0; 950 951 sldns_wire2str_rcode_buf(result->rcode, rcode_buf, sizeof(rcode_buf)); 952 sldns_wire2str_class_buf(query_imsg->c, qclass_buf, sizeof(qclass_buf)); 953 sldns_wire2str_type_buf(query_imsg->t, qtype_buf, sizeof(qtype_buf)); 954 log_debug("%s[%s]: %s %s %s rcode: %s[%d], elapsed: %lldms, running: %d", 955 __func__, uw_resolver_type_str[res->type], query_imsg->qname, 956 qclass_buf, qtype_buf, rcode_buf, result->rcode, ms, 957 running_query_cnt()); 958 959 force_acceptbogus = find_force(&resolver_conf->force, query_imsg->qname, 960 &tmp_res); 961 if (tmp_res != NULL && tmp_res->type != res->type) 962 force_acceptbogus = 0; 963 964 timespecsub(&tp, &last_network_change, &elapsed); 965 if ((result->rcode == LDNS_RCODE_NXDOMAIN || sec == BOGUS) && 966 !force_acceptbogus && res->type != UW_RES_ASR && elapsed.tv_sec < 967 DOUBT_NXDOMAIN_SEC) { 968 /* 969 * Doubt NXDOMAIN or BOGUS if we just switched networks, we 970 * might be behind a captive portal. 971 */ 972 log_debug("%s: doubt NXDOMAIN or BOGUS from %s, network change" 973 " %llds ago", __func__, uw_resolver_type_str[res->type], 974 elapsed.tv_sec); 975 976 /* search for ASR */ 977 asr_pref_pos = -1; 978 for (i = 0; i < (size_t)rq->res_pref.len; i++) 979 if (rq->res_pref.types[i] == UW_RES_ASR) { 980 asr_pref_pos = i; 981 break; 982 } 983 984 if (asr_pref_pos != -1 && resolvers[UW_RES_ASR] != NULL) { 985 /* go to ASR if not yet scheduled */ 986 if (asr_pref_pos >= rq->next_resolver) { 987 rq->next_resolver = asr_pref_pos; 988 try_next_resolver(rq); 989 } 990 goto out; 991 } 992 log_debug("%s: using NXDOMAIN or BOGUS, couldn't find working " 993 "ASR", __func__); 994 } 995 996 if (log_getverbose() & OPT_VERBOSE2 && (str = 997 sldns_wire2str_pkt(answer_packet, answer_len)) != NULL) { 998 log_debug("%s", str); 999 free(str); 1000 } 1001 1002 if (result->rcode == LDNS_RCODE_SERVFAIL) 1003 goto servfail; 1004 1005 query_imsg->err = 0; 1006 1007 if (sec == SECURE) 1008 res->state = VALIDATING; 1009 1010 if (res->state == VALIDATING && sec == BOGUS) { 1011 query_imsg->bogus = !force_acceptbogus; 1012 if (query_imsg->bogus && why_bogus != NULL) 1013 log_warnx("%s", why_bogus); 1014 } else 1015 query_imsg->bogus = 0; 1016 1017 resolver_imsg_compose_frontend(IMSG_ANSWER_HEADER, 0, query_imsg, 1018 sizeof(*query_imsg)); 1019 1020 /* XXX imsg overflow */ 1021 resolver_imsg_compose_frontend(IMSG_ANSWER, 0, answer_packet, 1022 answer_len); 1023 1024 TAILQ_REMOVE(&running_queries, rq, entry); 1025 evtimer_del(&rq->timer_ev); 1026 free(rq->query_imsg); 1027 free(rq); 1028 goto out; 1029 1030 servfail: 1031 /* try_next_resolver() might free rq */ 1032 if (try_next_resolver(rq) != 0 && running_res == 0) { 1033 /* we are the last one, send SERVFAIL */ 1034 query_imsg->err = -4; /* UB_SERVFAIL */ 1035 resolver_imsg_compose_frontend(IMSG_ANSWER_HEADER, 0, 1036 query_imsg, sizeof(*query_imsg)); 1037 } 1038 out: 1039 free(query_imsg); 1040 sldns_buffer_free(buf); 1041 regional_destroy(region); 1042 ub_resolve_free(result); 1043 } 1044 1045 void 1046 new_resolver(enum uw_resolver_type type, enum uw_resolver_state state) 1047 { 1048 free_resolver(resolvers[type]); 1049 resolvers[type] = NULL; 1050 1051 if (!enabled_resolvers[type]) 1052 return; 1053 1054 switch (type) { 1055 case UW_RES_ASR: 1056 case UW_RES_DHCP: 1057 case UW_RES_ODOT_DHCP: 1058 if (TAILQ_EMPTY(&autoconf_forwarder_list)) 1059 return; 1060 break; 1061 case UW_RES_RECURSOR: 1062 break; 1063 case UW_RES_FORWARDER: 1064 case UW_RES_ODOT_FORWARDER: 1065 if (TAILQ_EMPTY(&resolver_conf->uw_forwarder_list)) 1066 return; 1067 break; 1068 case UW_RES_DOT: 1069 if (TAILQ_EMPTY(&resolver_conf->uw_dot_forwarder_list)) 1070 return; 1071 break; 1072 case UW_RES_NONE: 1073 fatalx("cannot create UW_RES_NONE resolver"); 1074 } 1075 1076 switch (type) { 1077 case UW_RES_RECURSOR: 1078 case UW_RES_DHCP: 1079 case UW_RES_ODOT_DHCP: 1080 case UW_RES_FORWARDER: 1081 case UW_RES_ODOT_FORWARDER: 1082 case UW_RES_DOT: 1083 if (TAILQ_EMPTY(&trust_anchors)) 1084 return; 1085 break; 1086 case UW_RES_ASR: 1087 break; 1088 case UW_RES_NONE: 1089 fatalx("cannot create UW_RES_NONE resolver"); 1090 } 1091 1092 if ((resolvers[type] = create_resolver(type)) == NULL) 1093 return; 1094 1095 switch (state) { 1096 case UNKNOWN: 1097 check_resolver(resolvers[type]); 1098 break; 1099 case VALIDATING: 1100 set_unified_cache(resolvers[type]); 1101 /* FALLTHROUGH */ 1102 case RESOLVING: 1103 resolvers[type]->state = state; 1104 break; 1105 default: 1106 fatalx("%s: invalid resolver state: %s", __func__, 1107 uw_resolver_state_str[state]); 1108 } 1109 } 1110 1111 void 1112 set_unified_cache(struct uw_resolver *res) 1113 { 1114 if (res == NULL || res->ctx == NULL) 1115 return; 1116 1117 if (res->ctx->env->msg_cache != NULL) { 1118 /* XXX we are currently not using this */ 1119 if (res->ctx->env->msg_cache != unified_msg_cache || 1120 res->ctx->env->rrset_cache != unified_rrset_cache || 1121 res->ctx->env->key_cache != unified_key_cache || 1122 res->ctx->env->neg_cache != unified_neg_cache) 1123 fatalx("wrong unified cache set on resolver"); 1124 else 1125 /* we are upgrading from UNKNOWN back to VALIDATING */ 1126 return; 1127 } 1128 1129 res->ctx->env->msg_cache = unified_msg_cache; 1130 res->ctx->env->rrset_cache = unified_rrset_cache; 1131 res->ctx->env->key_cache = unified_key_cache; 1132 res->ctx->env->neg_cache = unified_neg_cache; 1133 1134 context_finalize(res->ctx); 1135 1136 if (res->ctx->env->msg_cache != unified_msg_cache || 1137 res->ctx->env->rrset_cache != unified_rrset_cache || 1138 res->ctx->env->key_cache != unified_key_cache || 1139 res->ctx->env->neg_cache != unified_neg_cache) 1140 fatalx("failed to set unified caches, libunbound/validator/" 1141 "validator.c diff lost"); 1142 } 1143 1144 static const struct { 1145 const char *name; 1146 const char *value; 1147 } options[] = { 1148 { "aggressive-nsec:", "yes" }, 1149 { "fast-server-permil:", "950" }, 1150 { "edns-buffer-size:", "1232" }, 1151 { "target-fetch-policy:", "0 0 0 0 0" }, 1152 { "outgoing-range:", "64" } 1153 }; 1154 1155 struct uw_resolver * 1156 create_resolver(enum uw_resolver_type type) 1157 { 1158 struct uw_resolver *res; 1159 struct trust_anchor *ta; 1160 struct uw_forwarder *uw_forwarder; 1161 size_t i; 1162 int err; 1163 char *resolv_conf = NULL, *tmp = NULL; 1164 1165 if ((res = calloc(1, sizeof(*res))) == NULL) { 1166 log_warn("%s", __func__); 1167 return (NULL); 1168 } 1169 1170 res->type = type; 1171 res->state = UNKNOWN; 1172 res->check_tv.tv_sec = RESOLVER_CHECK_SEC; 1173 res->check_tv.tv_usec = arc4random() % 1000000; /* modulo bias is ok */ 1174 1175 switch (type) { 1176 case UW_RES_ASR: 1177 if (TAILQ_EMPTY(&autoconf_forwarder_list)) { 1178 free(res); 1179 return (NULL); 1180 } 1181 TAILQ_FOREACH(uw_forwarder, &autoconf_forwarder_list, entry) { 1182 tmp = resolv_conf; 1183 if (asprintf(&resolv_conf, "%snameserver %s\n", tmp == 1184 NULL ? "" : tmp, uw_forwarder->ip) == -1) { 1185 free(tmp); 1186 free(res); 1187 log_warnx("could not create asr context"); 1188 return (NULL); 1189 } 1190 free(tmp); 1191 } 1192 1193 if ((res->asr_ctx = asr_resolver_from_string(resolv_conf)) == 1194 NULL) { 1195 free(res); 1196 free(resolv_conf); 1197 log_warnx("could not create asr context"); 1198 return (NULL); 1199 } 1200 free(resolv_conf); 1201 break; 1202 case UW_RES_RECURSOR: 1203 case UW_RES_DHCP: 1204 case UW_RES_ODOT_DHCP: 1205 case UW_RES_FORWARDER: 1206 case UW_RES_ODOT_FORWARDER: 1207 case UW_RES_DOT: 1208 if ((res->ctx = ub_ctx_create_event(ev_base)) == NULL) { 1209 free(res); 1210 log_warnx("could not create unbound context"); 1211 return (NULL); 1212 } 1213 1214 ub_ctx_debuglevel(res->ctx, log_getverbose() & OPT_VERBOSE3 ? 1215 UB_LOG_VERBOSE : UB_LOG_BRIEF); 1216 1217 TAILQ_FOREACH(ta, &trust_anchors, entry) { 1218 if ((err = ub_ctx_add_ta(res->ctx, ta->ta)) != 0) { 1219 ub_ctx_delete(res->ctx); 1220 free(res); 1221 log_warnx("error adding trust anchor: %s", 1222 ub_strerror(err)); 1223 return (NULL); 1224 } 1225 } 1226 1227 for (i = 0; i < nitems(options); i++) { 1228 if ((err = ub_ctx_set_option(res->ctx, options[i].name, 1229 options[i].value)) != 0) { 1230 ub_ctx_delete(res->ctx); 1231 free(res); 1232 log_warnx("error setting %s: %s: %s", 1233 options[i].name, options[i].value, 1234 ub_strerror(err)); 1235 return (NULL); 1236 } 1237 } 1238 1239 if (!log_getdebug()) { 1240 if((err = ub_ctx_set_option(res->ctx, "use-syslog:", 1241 "yes")) != 0) { 1242 ub_ctx_delete(res->ctx); 1243 free(res); 1244 log_warnx("error setting use-syslog: yes: %s", 1245 ub_strerror(err)); 1246 return (NULL); 1247 } 1248 } 1249 1250 break; 1251 default: 1252 fatalx("unknown resolver type %d", type); 1253 break; 1254 } 1255 1256 evtimer_set(&res->check_ev, resolver_check_timo, res); 1257 1258 switch(res->type) { 1259 case UW_RES_ASR: 1260 break; 1261 case UW_RES_RECURSOR: 1262 break; 1263 case UW_RES_DHCP: 1264 set_forwarders(res, &autoconf_forwarder_list, 0); 1265 break; 1266 case UW_RES_ODOT_DHCP: 1267 set_forwarders(res, &autoconf_forwarder_list, 853); 1268 ub_ctx_set_option(res->ctx, "tls-cert-bundle:", 1269 TLS_DEFAULT_CA_CERT_FILE); 1270 ub_ctx_set_tls(res->ctx, 1); 1271 break; 1272 case UW_RES_FORWARDER: 1273 set_forwarders(res, &resolver_conf->uw_forwarder_list, 0); 1274 break; 1275 case UW_RES_ODOT_FORWARDER: 1276 set_forwarders(res, &resolver_conf->uw_forwarder_list, 853); 1277 ub_ctx_set_option(res->ctx, "tls-cert-bundle:", 1278 TLS_DEFAULT_CA_CERT_FILE); 1279 ub_ctx_set_tls(res->ctx, 1); 1280 break; 1281 case UW_RES_DOT: 1282 set_forwarders(res, &resolver_conf->uw_dot_forwarder_list, 0); 1283 ub_ctx_set_option(res->ctx, "tls-cert-bundle:", 1284 TLS_DEFAULT_CA_CERT_FILE); 1285 ub_ctx_set_tls(res->ctx, 1); 1286 break; 1287 default: 1288 fatalx("unknown resolver type %d", type); 1289 break; 1290 } 1291 1292 /* for the forwarder cases allow AS112 zones */ 1293 switch(res->type) { 1294 case UW_RES_DHCP: 1295 case UW_RES_ODOT_DHCP: 1296 case UW_RES_FORWARDER: 1297 case UW_RES_ODOT_FORWARDER: 1298 case UW_RES_DOT: 1299 for (i = 0; i < nitems(as112_zones); i++) { 1300 if((err = ub_ctx_set_option(res->ctx, "local-zone:", 1301 as112_zones[i])) != 0) { 1302 ub_ctx_delete(res->ctx); 1303 free(res); 1304 log_warnx("error setting local-zone: %s: %s", 1305 as112_zones[i], ub_strerror(err)); 1306 return (NULL); 1307 } 1308 } 1309 break; 1310 default: 1311 break; 1312 } 1313 1314 return (res); 1315 } 1316 1317 void 1318 free_resolver(struct uw_resolver *res) 1319 { 1320 struct val_env *val_env; 1321 1322 if (res == NULL) 1323 return; 1324 1325 if (res->ref_cnt > 0) 1326 res->stop = 1; 1327 else { 1328 evtimer_del(&res->check_ev); 1329 if (res->ctx != NULL) { 1330 if (res->ctx->env->msg_cache == unified_msg_cache) { 1331 val_env = (struct val_env*) 1332 res->ctx->env->modinfo[val_id]; 1333 res->ctx->env->msg_cache = NULL; 1334 res->ctx->env->rrset_cache = NULL; 1335 val_env->kcache = NULL; 1336 res->ctx->env->key_cache = NULL; 1337 val_env->neg_cache = NULL; 1338 res->ctx->env->neg_cache = NULL; 1339 } 1340 } 1341 ub_ctx_delete(res->ctx); 1342 asr_resolver_free(res->asr_ctx); 1343 free(res); 1344 } 1345 } 1346 1347 void 1348 setup_unified_caches(void) 1349 { 1350 struct ub_ctx *ctx; 1351 struct val_env *val_env; 1352 size_t i; 1353 int err, j; 1354 1355 if ((ctx = ub_ctx_create_event(ev_base)) == NULL) 1356 fatalx("could not create unbound context"); 1357 1358 for (i = 0; i < nitems(options); i++) { 1359 if ((err = ub_ctx_set_option(ctx, options[i].name, 1360 options[i].value)) != 0) { 1361 fatalx("error setting %s: %s: %s", options[i].name, 1362 options[i].value, ub_strerror(err)); 1363 } 1364 } 1365 1366 context_finalize(ctx); 1367 1368 if (ctx->env->msg_cache == NULL || ctx->env->rrset_cache == NULL || 1369 ctx->env->key_cache == NULL || ctx->env->neg_cache == NULL) 1370 fatalx("could not setup unified caches"); 1371 1372 unified_msg_cache = ctx->env->msg_cache; 1373 unified_rrset_cache = ctx->env->rrset_cache; 1374 unified_key_cache = ctx->env->key_cache; 1375 unified_neg_cache = ctx->env->neg_cache; 1376 1377 if (val_id == -1) { 1378 for (j = 0; j < ctx->mods.num; j++) { 1379 if (strcmp(ctx->mods.mod[j]->name, "validator") == 0) { 1380 val_id = j; 1381 break; 1382 } 1383 } 1384 if (val_id == -1) 1385 fatalx("cannot find validator module"); 1386 } 1387 1388 val_env = (struct val_env*)ctx->env->modinfo[val_id]; 1389 ctx->env->msg_cache = NULL; 1390 ctx->env->rrset_cache = NULL; 1391 ctx->env->key_cache = NULL; 1392 val_env->kcache = NULL; 1393 ctx->env->neg_cache = NULL; 1394 val_env->neg_cache = NULL; 1395 ub_ctx_delete(ctx); 1396 } 1397 1398 void 1399 set_forwarders(struct uw_resolver *res, struct uw_forwarder_head 1400 *uw_forwarder_list, int port_override) 1401 { 1402 struct uw_forwarder *uw_forwarder; 1403 int ret; 1404 char fwd[FWD_MAX]; 1405 1406 TAILQ_FOREACH(uw_forwarder, uw_forwarder_list, entry) { 1407 if (uw_forwarder->auth_name[0] != '\0') 1408 ret = snprintf(fwd, sizeof(fwd), "%s@%d#%s", 1409 uw_forwarder->ip, port_override ? port_override : 1410 uw_forwarder->port, uw_forwarder->auth_name); 1411 else 1412 ret = snprintf(fwd, sizeof(fwd), "%s@%d", 1413 uw_forwarder->ip, port_override ? port_override : 1414 uw_forwarder->port); 1415 1416 if (ret < 0 || (size_t)ret >= sizeof(fwd)) { 1417 log_warnx("forwarder too long"); 1418 continue; 1419 } 1420 1421 ub_ctx_set_fwd(res->ctx, fwd); 1422 } 1423 } 1424 1425 void 1426 resolver_check_timo(int fd, short events, void *arg) 1427 { 1428 check_resolver((struct uw_resolver *)arg); 1429 } 1430 1431 void 1432 resolver_free_timo(int fd, short events, void *arg) 1433 { 1434 free_resolver((struct uw_resolver *)arg); 1435 } 1436 1437 void 1438 check_resolver(struct uw_resolver *resolver_to_check) 1439 { 1440 struct uw_resolver *res; 1441 1442 if (resolver_to_check == NULL) 1443 return; 1444 1445 if (resolver_to_check->check_running) 1446 return; 1447 1448 if ((res = create_resolver(resolver_to_check->type)) == NULL) 1449 return; 1450 1451 resolver_ref(resolver_to_check); 1452 1453 resolver_to_check->check_running++; 1454 if (resolve(res, ".", LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN, 1455 resolver_to_check, check_resolver_done) != 0) { 1456 resolver_to_check->check_running--; 1457 resolver_to_check->state = UNKNOWN; 1458 resolver_unref(resolver_to_check); 1459 resolver_to_check->check_tv.tv_sec = RESOLVER_CHECK_SEC; 1460 evtimer_add(&resolver_to_check->check_ev, 1461 &resolver_to_check->check_tv); 1462 } 1463 1464 1465 } 1466 1467 void 1468 check_resolver_done(struct uw_resolver *res, void *arg, int rcode, 1469 void *answer_packet, int answer_len, int sec, char *why_bogus) 1470 { 1471 struct uw_resolver *checked_resolver = arg; 1472 struct timeval tv = {0, 1}; 1473 enum uw_resolver_state prev_state; 1474 int bogus_time = 0; 1475 char *str; 1476 1477 checked_resolver->check_running--; 1478 1479 prev_state = checked_resolver->state; 1480 1481 if (answer_len < LDNS_HEADER_SIZE) { 1482 checked_resolver->state = DEAD; 1483 log_warnx("%s: bad packet: too short", __func__); 1484 goto out; 1485 } 1486 1487 if (rcode == LDNS_RCODE_SERVFAIL) { 1488 log_debug("%s: %s rcode: SERVFAIL", __func__, 1489 uw_resolver_type_str[checked_resolver->type]); 1490 1491 checked_resolver->state = DEAD; 1492 goto out; 1493 } 1494 1495 if (sec == SECURE) { 1496 if (prev_state != VALIDATING) 1497 new_resolver(checked_resolver->type, VALIDATING); 1498 if (!(evtimer_pending(&trust_anchor_timer, NULL))) 1499 evtimer_add(&trust_anchor_timer, &tv); 1500 } else if (rcode == LDNS_RCODE_NOERROR && 1501 LDNS_RCODE_WIRE((uint8_t*)answer_packet) == LDNS_RCODE_NOERROR) { 1502 if (why_bogus) { 1503 bogus_time = strncmp(why_bogus, bogus_past, 1504 sizeof(bogus_past) - 1) == 0 || strncmp(why_bogus, 1505 bogus_future, sizeof(bogus_future) - 1) == 0; 1506 1507 log_warnx("%s: %s", uw_resolver_type_str[ 1508 checked_resolver->type], why_bogus); 1509 } 1510 if (prev_state != RESOLVING) 1511 new_resolver(checked_resolver->type, RESOLVING); 1512 } else 1513 checked_resolver->state = DEAD; /* we know the root exists */ 1514 1515 log_debug("%s: %s: %s", __func__, 1516 uw_resolver_type_str[checked_resolver->type], 1517 uw_resolver_state_str[checked_resolver->state]); 1518 1519 if (log_getverbose() & OPT_VERBOSE2 && (str = 1520 sldns_wire2str_pkt(answer_packet, answer_len)) != NULL) { 1521 log_debug("%s", str); 1522 free(str); 1523 } 1524 1525 out: 1526 if (!checked_resolver->stop && (checked_resolver->state == DEAD || 1527 bogus_time)) { 1528 if (prev_state == DEAD || bogus_time) 1529 checked_resolver->check_tv.tv_sec *= 2; 1530 else 1531 checked_resolver->check_tv.tv_sec = RESOLVER_CHECK_SEC; 1532 1533 if (checked_resolver->check_tv.tv_sec > RESOLVER_CHECK_MAXSEC) 1534 checked_resolver->check_tv.tv_sec = 1535 RESOLVER_CHECK_MAXSEC; 1536 1537 evtimer_add(&checked_resolver->check_ev, 1538 &checked_resolver->check_tv); 1539 } 1540 1541 resolver_unref(checked_resolver); 1542 res->stop = 1; /* do not free in callback */ 1543 } 1544 1545 void 1546 asr_resolve_done(struct asr_result *ar, void *arg) 1547 { 1548 struct resolver_cb_data *cb_data = arg; 1549 cb_data->cb(cb_data->res, cb_data->data, ar->ar_rcode, ar->ar_data, 1550 ar->ar_datalen, 0, NULL); 1551 free(ar->ar_data); 1552 resolver_unref(cb_data->res); 1553 free(cb_data); 1554 } 1555 1556 void 1557 ub_resolve_done(void *arg, int rcode, void *answer_packet, int answer_len, 1558 int sec, char *why_bogus, int was_ratelimited) 1559 { 1560 struct resolver_cb_data *cb_data = arg; 1561 cb_data->cb(cb_data->res, cb_data->data, rcode, answer_packet, 1562 answer_len, sec, why_bogus); 1563 resolver_unref(cb_data->res); 1564 free(cb_data); 1565 } 1566 1567 void 1568 schedule_recheck_all_resolvers(void) 1569 { 1570 struct timeval tv; 1571 int i; 1572 1573 tv.tv_sec = 0; 1574 1575 for (i = 0; i < UW_RES_NONE; i++) { 1576 if (resolvers[i] == NULL) 1577 continue; 1578 tv.tv_usec = arc4random() % 1000000; /* modulo bias is ok */ 1579 resolvers[i]->state = UNKNOWN; 1580 evtimer_add(&resolvers[i]->check_ev, &tv); 1581 } 1582 } 1583 1584 int 1585 check_forwarders_changed(struct uw_forwarder_head *list_a, 1586 struct uw_forwarder_head *list_b) 1587 { 1588 struct uw_forwarder *a, *b; 1589 1590 a = TAILQ_FIRST(list_a); 1591 b = TAILQ_FIRST(list_b); 1592 1593 while(a != NULL && b != NULL) { 1594 if (strcmp(a->ip, b->ip) != 0) 1595 return 1; 1596 if (a->port != b->port) 1597 return 1; 1598 if (strcmp(a->auth_name, b->auth_name) != 0) 1599 return 1; 1600 a = TAILQ_NEXT(a, entry); 1601 b = TAILQ_NEXT(b, entry); 1602 } 1603 1604 if (a != NULL || b != NULL) 1605 return 1; 1606 return 0; 1607 } 1608 1609 void 1610 resolver_ref(struct uw_resolver *res) 1611 { 1612 if (res->ref_cnt == INT_MAX) 1613 fatalx("%s: INT_MAX references", __func__); 1614 res->ref_cnt++; 1615 } 1616 1617 void 1618 resolver_unref(struct uw_resolver *res) 1619 { 1620 struct timeval tv = { 0, 1}; 1621 1622 if (res->ref_cnt == 0) 1623 fatalx("%s: unreferenced resolver", __func__); 1624 1625 res->ref_cnt--; 1626 1627 /* 1628 * Decouple from libunbound event callback. 1629 * If we free the ctx inside of resolve_done or check_resovler_done 1630 * we are cutting of the branch we are sitting on and hit a 1631 * user-after-free 1632 */ 1633 if (res->stop && res->ref_cnt == 0) { 1634 evtimer_set(&res->free_ev, resolver_free_timo, res); 1635 evtimer_add(&res->free_ev, &tv); 1636 } 1637 } 1638 1639 void 1640 replace_forwarders(struct uw_forwarder_head *new_list, struct 1641 uw_forwarder_head *old_list) 1642 { 1643 struct uw_forwarder *uw_forwarder; 1644 1645 while ((uw_forwarder = 1646 TAILQ_FIRST(old_list)) != NULL) { 1647 TAILQ_REMOVE(old_list, uw_forwarder, entry); 1648 free(uw_forwarder); 1649 } 1650 1651 TAILQ_CONCAT(old_list, new_list, entry); 1652 } 1653 1654 int 1655 resolver_cmp(const void *_a, const void *_b) 1656 { 1657 const enum uw_resolver_type a = *(const enum uw_resolver_type *)_a; 1658 const enum uw_resolver_type b = *(const enum uw_resolver_type *)_b; 1659 int64_t a_median, b_median; 1660 1661 if (resolvers[a] == NULL && resolvers[b] == NULL) 1662 return 0; 1663 1664 if (resolvers[b] == NULL) 1665 return -1; 1666 1667 if (resolvers[a] == NULL) 1668 return 1; 1669 1670 if (resolvers[a]->state < resolvers[b]->state) 1671 return 1; 1672 else if (resolvers[a]->state > resolvers[b]->state) 1673 return -1; 1674 else { 1675 a_median = resolvers[a]->median; 1676 b_median = resolvers[b]->median; 1677 if (resolvers[a]->type == resolver_conf->res_pref.types[0]) 1678 a_median -= PREF_RESOLVER_MEDIAN_SKEW; 1679 else if (resolvers[b]->type == resolver_conf->res_pref.types[0]) 1680 b_median -= PREF_RESOLVER_MEDIAN_SKEW; 1681 if (a_median < b_median) 1682 return -1; 1683 else if (a_median > b_median) 1684 return 1; 1685 else 1686 return 0; 1687 } 1688 } 1689 1690 void 1691 restart_ub_resolvers(void) 1692 { 1693 int i; 1694 1695 for (i = 0; i < UW_RES_NONE; i++) 1696 if (i != UW_RES_ASR) 1697 new_resolver(i, resolvers[i] != NULL ? 1698 resolvers[i]->state : UNKNOWN); 1699 } 1700 1701 void 1702 show_status(pid_t pid) 1703 { 1704 struct resolver_preference res_pref; 1705 int i; 1706 1707 if (sort_resolver_types(&res_pref) == -1) 1708 log_warn("mergesort"); 1709 1710 for (i = 0; i < resolver_conf->res_pref.len; i++) 1711 send_resolver_info(resolvers[res_pref.types[i]], pid); 1712 1713 resolver_imsg_compose_frontend(IMSG_CTL_END, pid, NULL, 0); 1714 } 1715 1716 void 1717 show_autoconf(pid_t pid) 1718 { 1719 struct uw_forwarder *uw_forwarder; 1720 struct ctl_forwarder_info cfi; 1721 1722 TAILQ_FOREACH(uw_forwarder, &autoconf_forwarder_list, entry) { 1723 memset(&cfi, 0, sizeof(cfi)); 1724 cfi.if_index = uw_forwarder->if_index; 1725 cfi.src = uw_forwarder->src; 1726 /* no truncation, structs are in sync */ 1727 memcpy(cfi.ip, uw_forwarder->ip, sizeof(cfi.ip)); 1728 resolver_imsg_compose_frontend( 1729 IMSG_CTL_AUTOCONF_RESOLVER_INFO, 1730 pid, &cfi, sizeof(cfi)); 1731 } 1732 1733 resolver_imsg_compose_frontend(IMSG_CTL_END, pid, NULL, 0); 1734 } 1735 1736 void 1737 show_mem(pid_t pid) 1738 { 1739 struct ctl_mem_info cmi; 1740 1741 memset(&cmi, 0, sizeof(cmi)); 1742 cmi.msg_cache_used = slabhash_get_mem(unified_msg_cache); 1743 cmi.msg_cache_max = slabhash_get_size(unified_msg_cache); 1744 cmi.rrset_cache_used = slabhash_get_mem(&unified_rrset_cache->table); 1745 cmi.rrset_cache_max = slabhash_get_size(&unified_rrset_cache->table); 1746 cmi.key_cache_used = slabhash_get_mem(unified_key_cache->slab); 1747 cmi.key_cache_max = slabhash_get_size(unified_key_cache->slab); 1748 cmi.neg_cache_used = unified_neg_cache->use; 1749 cmi.neg_cache_max = unified_neg_cache->max; 1750 resolver_imsg_compose_frontend(IMSG_CTL_MEM_INFO, pid, &cmi, 1751 sizeof(cmi)); 1752 1753 } 1754 1755 void 1756 send_resolver_info(struct uw_resolver *res, pid_t pid) 1757 { 1758 struct ctl_resolver_info cri; 1759 size_t i; 1760 1761 if (res == NULL) 1762 return; 1763 1764 cri.state = res->state; 1765 cri.type = res->type; 1766 cri.median = res->median; 1767 1768 memcpy(cri.histogram, res->histogram, sizeof(cri.histogram)); 1769 memcpy(cri.latest_histogram, res->latest_histogram, 1770 sizeof(cri.latest_histogram)); 1771 for (i = 0; i < nitems(histogram_limits); i++) 1772 cri.latest_histogram[i] = 1773 (cri.latest_histogram[i] + 500) / 1000; 1774 1775 resolver_imsg_compose_frontend(IMSG_CTL_RESOLVER_INFO, pid, &cri, 1776 sizeof(cri)); 1777 } 1778 1779 void 1780 trust_anchor_resolve(void) 1781 { 1782 struct resolver_preference res_pref; 1783 struct uw_resolver *res; 1784 struct timeval tv = {TRUST_ANCHOR_RETRY_INTERVAL, 0}; 1785 1786 if (sort_resolver_types(&res_pref) == -1) 1787 log_warn("mergesort"); 1788 1789 res = resolvers[res_pref.types[0]]; 1790 1791 if (res == NULL || res->state < VALIDATING) 1792 goto err; 1793 1794 if (resolve(res, ".", LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, NULL, 1795 trust_anchor_resolve_done) != 0) 1796 goto err; 1797 1798 return; 1799 err: 1800 evtimer_add(&trust_anchor_timer, &tv); 1801 } 1802 1803 void 1804 trust_anchor_timo(int fd, short events, void *arg) 1805 { 1806 trust_anchor_resolve(); 1807 } 1808 1809 void 1810 trust_anchor_resolve_done(struct uw_resolver *res, void *arg, int rcode, 1811 void *answer_packet, int answer_len, int sec, char *why_bogus) 1812 { 1813 struct ub_result *result = NULL; 1814 sldns_buffer *buf = NULL; 1815 struct regional *region = NULL; 1816 struct timeval tv = {TRUST_ANCHOR_RETRY_INTERVAL, 0}; 1817 int i, tas, n; 1818 uint16_t dnskey_flags; 1819 char rdata_buf[1024], *ta; 1820 1821 if (answer_len < LDNS_HEADER_SIZE) { 1822 log_warnx("bad packet: too short"); 1823 goto out; 1824 } 1825 1826 if ((result = calloc(1, sizeof(*result))) == NULL) 1827 goto out; 1828 1829 if (sec != SECURE) 1830 goto out; 1831 1832 if ((buf = sldns_buffer_new(answer_len)) == NULL) 1833 goto out; 1834 if ((region = regional_create()) == NULL) 1835 goto out; 1836 result->rcode = LDNS_RCODE_SERVFAIL; 1837 1838 sldns_buffer_clear(buf); 1839 sldns_buffer_write(buf, answer_packet, answer_len); 1840 sldns_buffer_flip(buf); 1841 libworker_enter_result(result, buf, region, sec); 1842 result->answer_packet = NULL; 1843 result->answer_len = 0; 1844 1845 if (result->rcode != LDNS_RCODE_NOERROR) 1846 goto out; 1847 1848 i = 0; 1849 tas = 0; 1850 while(result->data[i] != NULL) { 1851 if (result->len[i] < 2) { 1852 if (tas > 0) 1853 resolver_imsg_compose_frontend( 1854 IMSG_NEW_TAS_ABORT, 0, NULL, 0); 1855 goto out; 1856 } 1857 n = sldns_wire2str_rdata_buf(result->data[i], result->len[i], 1858 rdata_buf, sizeof(rdata_buf), LDNS_RR_TYPE_DNSKEY); 1859 1860 if (n < 0 || (size_t)n >= sizeof(rdata_buf)) { 1861 log_warnx("trust anchor buffer to small"); 1862 resolver_imsg_compose_frontend(IMSG_NEW_TAS_ABORT, 0, 1863 NULL, 0); 1864 goto out; 1865 } 1866 1867 memcpy(&dnskey_flags, result->data[i], 2); 1868 dnskey_flags = ntohs(dnskey_flags); 1869 if ((dnskey_flags & LDNS_KEY_SEP_KEY) && !(dnskey_flags & 1870 LDNS_KEY_REVOKE_KEY)) { 1871 asprintf(&ta, ".\t%d\tIN\tDNSKEY\t%s", ROOT_DNSKEY_TTL, 1872 rdata_buf); 1873 resolver_imsg_compose_frontend(IMSG_NEW_TA, 0, ta, 1874 strlen(ta) + 1); 1875 tas++; 1876 free(ta); 1877 } 1878 i++; 1879 } 1880 if (tas > 0) { 1881 resolver_imsg_compose_frontend(IMSG_NEW_TAS_DONE, 0, NULL, 0); 1882 tv.tv_sec = TRUST_ANCHOR_QUERY_INTERVAL; 1883 } 1884 out: 1885 sldns_buffer_free(buf); 1886 regional_destroy(region); 1887 ub_resolve_free(result); 1888 evtimer_add(&trust_anchor_timer, &tv); 1889 } 1890 1891 void 1892 replace_autoconf_forwarders(struct imsg_rdns_proposal *rdns_proposal) 1893 { 1894 struct uw_forwarder_head new_forwarder_list; 1895 struct uw_forwarder *uw_forwarder, *tmp; 1896 int i, rdns_count, af, changed = 0; 1897 char ntopbuf[INET6_ADDRSTRLEN], *src; 1898 const char *ns; 1899 1900 TAILQ_INIT(&new_forwarder_list); 1901 af = rdns_proposal->rtdns.sr_family; 1902 src = rdns_proposal->rtdns.sr_dns; 1903 1904 switch (af) { 1905 case AF_INET: 1906 rdns_count = (rdns_proposal->rtdns.sr_len - 1907 offsetof(struct sockaddr_rtdns, sr_dns)) / 1908 sizeof(struct in_addr); 1909 break; 1910 case AF_INET6: 1911 rdns_count = (rdns_proposal->rtdns.sr_len - 1912 offsetof(struct sockaddr_rtdns, sr_dns)) / 1913 sizeof(struct in6_addr); 1914 break; 1915 default: 1916 log_warnx("%s: unsupported address family: %d", __func__, af); 1917 return; 1918 } 1919 1920 for (i = 0; i < rdns_count; i++) { 1921 struct in_addr addr4; 1922 struct in6_addr addr6; 1923 1924 switch (af) { 1925 case AF_INET: 1926 memcpy(&addr4, src, sizeof(struct in_addr)); 1927 if (addr4.s_addr == INADDR_LOOPBACK) 1928 continue; 1929 ns = inet_ntop(af, &addr4, ntopbuf, 1930 INET6_ADDRSTRLEN); 1931 src += sizeof(struct in_addr); 1932 break; 1933 case AF_INET6: 1934 memcpy(&addr6, src, sizeof(struct in6_addr)); 1935 if (IN6_IS_ADDR_LOOPBACK(&addr6)) 1936 continue; 1937 ns = inet_ntop(af, &addr6, ntopbuf, 1938 INET6_ADDRSTRLEN); 1939 src += sizeof(struct in6_addr); 1940 } 1941 1942 if ((uw_forwarder = calloc(1, sizeof(struct uw_forwarder))) == 1943 NULL) 1944 fatal(NULL); 1945 if (strlcpy(uw_forwarder->ip, ns, sizeof(uw_forwarder->ip)) 1946 >= sizeof(uw_forwarder->ip)) 1947 fatalx("strlcpy"); 1948 uw_forwarder->port = 53; 1949 uw_forwarder->if_index = rdns_proposal->if_index; 1950 uw_forwarder->src = rdns_proposal->src; 1951 TAILQ_INSERT_TAIL(&new_forwarder_list, uw_forwarder, entry); 1952 } 1953 1954 TAILQ_FOREACH(tmp, &autoconf_forwarder_list, entry) { 1955 /* 1956 * if_index of zero signals to clear all proposals 1957 * src of zero signals interface gone 1958 */ 1959 if ((rdns_proposal->src == 0 || rdns_proposal->src == 1960 tmp->src) && (rdns_proposal->if_index == 0 || 1961 rdns_proposal->if_index == tmp->if_index)) 1962 continue; 1963 if ((uw_forwarder = calloc(1, sizeof(struct uw_forwarder))) == 1964 NULL) 1965 fatal(NULL); 1966 if (strlcpy(uw_forwarder->ip, tmp->ip, 1967 sizeof(uw_forwarder->ip)) >= sizeof(uw_forwarder->ip)) 1968 fatalx("strlcpy"); 1969 uw_forwarder->port = tmp->port; 1970 uw_forwarder->src = tmp->src; 1971 uw_forwarder->if_index = tmp->if_index; 1972 TAILQ_INSERT_TAIL(&new_forwarder_list, uw_forwarder, entry); 1973 } 1974 1975 changed = check_forwarders_changed(&new_forwarder_list, 1976 &autoconf_forwarder_list); 1977 1978 if (changed) { 1979 replace_forwarders(&new_forwarder_list, 1980 &autoconf_forwarder_list); 1981 new_resolver(UW_RES_ASR, UNKNOWN); 1982 new_resolver(UW_RES_DHCP, UNKNOWN); 1983 new_resolver(UW_RES_ODOT_DHCP, UNKNOWN); 1984 } else { 1985 while ((tmp = TAILQ_FIRST(&new_forwarder_list)) != NULL) { 1986 TAILQ_REMOVE(&new_forwarder_list, tmp, entry); 1987 free(tmp); 1988 } 1989 } 1990 } 1991 1992 int 1993 force_tree_cmp(struct force_tree_entry *a, struct force_tree_entry *b) 1994 { 1995 return strcasecmp(a->domain, b->domain); 1996 } 1997 1998 int 1999 find_force(struct force_tree *tree, char *qname, struct uw_resolver **res) 2000 { 2001 struct force_tree_entry *n, e; 2002 char *p; 2003 2004 if (res) 2005 *res = NULL; 2006 if (RB_EMPTY(tree)) 2007 return 0; 2008 2009 p = qname; 2010 do { 2011 if (strlcpy(e.domain, p, sizeof(e.domain)) >= sizeof(e.domain)) 2012 fatal("qname too large"); 2013 n = RB_FIND(force_tree, tree, &e); 2014 if (n != NULL) { 2015 log_debug("%s: %s -> %s[%s]", __func__, qname, p, 2016 uw_resolver_type_str[n->type]); 2017 if (res) 2018 *res = resolvers[n->type]; 2019 return n->acceptbogus; 2020 } 2021 if (*p == '.') 2022 p++; 2023 p = strchr(p, '.'); 2024 if (p != NULL && p[1] != '\0') 2025 p++; 2026 } while (p != NULL); 2027 return 0; 2028 2029 } 2030 2031 int64_t 2032 histogram_median(int64_t *histogram) 2033 { 2034 size_t i; 2035 int64_t sample_count = 0, running_count = 0; 2036 2037 /* skip first bucket, it contains cache hits */ 2038 for (i = 1; i < nitems(histogram_limits); i++) 2039 sample_count += histogram[i]; 2040 2041 if (sample_count == 0) 2042 return 0; 2043 2044 for (i = 1; i < nitems(histogram_limits); i++) { 2045 running_count += histogram[i]; 2046 if (running_count >= sample_count / 2) 2047 break; 2048 } 2049 2050 if (i >= nitems(histogram_limits) - 1) 2051 return INT64_MAX; 2052 return (histogram_limits[i - 1] + histogram_limits[i]) / 2; 2053 } 2054 2055 void 2056 decay_latest_histograms(int fd, short events, void *arg) 2057 { 2058 enum uw_resolver_type i; 2059 size_t j; 2060 struct uw_resolver *res; 2061 struct timeval tv = {DECAY_PERIOD, 0}; 2062 2063 for (i = 0; i < UW_RES_NONE; i++) { 2064 res = resolvers[i]; 2065 if (res == NULL) 2066 continue; 2067 for (j = 0; j < nitems(res->latest_histogram); j++) 2068 /* multiply then divide, avoiding truncating to 0 */ 2069 res->latest_histogram[j] = res->latest_histogram[j] * 2070 DECAY_NOMINATOR / DECAY_DENOMINATOR; 2071 res->median = histogram_median(res->latest_histogram); 2072 } 2073 evtimer_add(&decay_timer, &tv); 2074 } 2075 2076 int 2077 running_query_cnt(void) 2078 { 2079 struct running_query *e; 2080 int cnt = 0; 2081 2082 TAILQ_FOREACH(e, &running_queries, entry) 2083 cnt++; 2084 return cnt; 2085 } 2086 2087 int * 2088 resolvers_to_restart(struct uw_conf *oconf, struct uw_conf *nconf) 2089 { 2090 static int restart[UW_RES_NONE]; 2091 int o_enabled[UW_RES_NONE]; 2092 int n_enabled[UW_RES_NONE]; 2093 int i; 2094 2095 memset(&restart, 0, sizeof(restart)); 2096 if (check_forwarders_changed(&oconf->uw_forwarder_list, 2097 &nconf->uw_forwarder_list)) { 2098 restart[UW_RES_FORWARDER] = 1; 2099 restart[UW_RES_ODOT_FORWARDER] = 1; 2100 } 2101 if (check_forwarders_changed(&oconf->uw_dot_forwarder_list, 2102 &nconf->uw_dot_forwarder_list)) { 2103 restart[UW_RES_DOT] = 1; 2104 } 2105 memset(o_enabled, 0, sizeof(o_enabled)); 2106 memset(n_enabled, 0, sizeof(n_enabled)); 2107 for (i = 0; i < oconf->res_pref.len; i++) 2108 o_enabled[oconf->res_pref.types[i]] = 1; 2109 2110 for (i = 0; i < nconf->res_pref.len; i++) 2111 n_enabled[nconf->res_pref.types[i]] = 1; 2112 2113 for (i = 0; i < UW_RES_NONE; i++) { 2114 if (n_enabled[i] != o_enabled[i]) 2115 restart[i] = 1; 2116 } 2117 return restart; 2118 } 2119