1 /* $OpenBSD: unwind.c,v 1.61 2021/02/27 10:32:28 florian Exp $ */ 2 3 /* 4 * Copyright (c) 2018 Florian Obser <florian@openbsd.org> 5 * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> 6 * Copyright (c) 2004 Esben Norby <norby@openbsd.org> 7 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 8 * 9 * Permission to use, copy, modify, and distribute this software for any 10 * purpose with or without fee is hereby granted, provided that the above 11 * copyright notice and this permission notice appear in all copies. 12 * 13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 */ 21 #include <sys/types.h> 22 #include <sys/queue.h> 23 #include <sys/socket.h> 24 #include <sys/stat.h> 25 #include <sys/syslog.h> 26 #include <sys/wait.h> 27 28 #include <net/if.h> 29 #include <net/route.h> 30 31 #include <err.h> 32 #include <errno.h> 33 #include <event.h> 34 #include <fcntl.h> 35 #include <imsg.h> 36 #include <netdb.h> 37 #include <asr.h> 38 #include <pwd.h> 39 #include <stdio.h> 40 #include <stdlib.h> 41 #include <string.h> 42 #include <signal.h> 43 #include <unistd.h> 44 45 #include "log.h" 46 #include "unwind.h" 47 #include "frontend.h" 48 #include "resolver.h" 49 #include "control.h" 50 51 #define TRUST_ANCHOR_FILE "/var/db/unwind.key" 52 53 enum uw_process { 54 PROC_MAIN, 55 PROC_RESOLVER, 56 PROC_FRONTEND, 57 }; 58 59 __dead void usage(void); 60 __dead void main_shutdown(void); 61 62 void main_sig_handler(int, short, void *); 63 64 static pid_t start_child(enum uw_process, char *, int, int, int); 65 66 void main_dispatch_frontend(int, short, void *); 67 void main_dispatch_resolver(int, short, void *); 68 69 static int main_imsg_send_ipc_sockets(struct imsgbuf *, struct imsgbuf *); 70 static int main_imsg_send_config(struct uw_conf *); 71 72 int main_reload(void); 73 int main_sendall(enum imsg_type, void *, uint16_t); 74 void open_ports(void); 75 void solicit_dns_proposals(void); 76 void send_blocklist_fd(void); 77 78 struct uw_conf *main_conf; 79 static struct imsgev *iev_frontend; 80 static struct imsgev *iev_resolver; 81 char *conffile; 82 pid_t frontend_pid; 83 pid_t resolver_pid; 84 uint32_t cmd_opts; 85 int routesock; 86 87 void 88 main_sig_handler(int sig, short event, void *arg) 89 { 90 /* 91 * Normal signal handler rules don't apply because libevent 92 * decouples for us. 93 */ 94 95 switch (sig) { 96 case SIGTERM: 97 case SIGINT: 98 main_shutdown(); 99 break; 100 case SIGHUP: 101 if (main_reload() == -1) 102 log_warnx("configuration reload failed"); 103 else 104 log_debug("configuration reloaded"); 105 break; 106 default: 107 fatalx("unexpected signal"); 108 } 109 } 110 111 __dead void 112 usage(void) 113 { 114 extern char *__progname; 115 116 fprintf(stderr, "usage: %s [-dnv] [-f file] [-s socket]\n", 117 __progname); 118 exit(1); 119 } 120 121 int 122 main(int argc, char *argv[]) 123 { 124 struct event ev_sigint, ev_sigterm, ev_sighup; 125 int ch, debug = 0, resolver_flag = 0, frontend_flag = 0; 126 int frontend_routesock, rtfilter; 127 int pipe_main2frontend[2], pipe_main2resolver[2]; 128 int control_fd, ta_fd; 129 char *csock, *saved_argv0; 130 131 csock = _PATH_UNWIND_SOCKET; 132 133 log_init(1, LOG_DAEMON); /* Log to stderr until daemonized. */ 134 log_setverbose(1); 135 136 saved_argv0 = argv[0]; 137 if (saved_argv0 == NULL) 138 saved_argv0 = "unwind"; 139 140 while ((ch = getopt(argc, argv, "dEFf:ns:v")) != -1) { 141 switch (ch) { 142 case 'd': 143 debug = 1; 144 break; 145 case 'E': 146 resolver_flag = 1; 147 break; 148 case 'F': 149 frontend_flag = 1; 150 break; 151 case 'f': 152 conffile = optarg; 153 break; 154 case 'n': 155 cmd_opts |= OPT_NOACTION; 156 break; 157 case 's': 158 csock = optarg; 159 break; 160 case 'v': 161 if (cmd_opts & OPT_VERBOSE2) 162 cmd_opts |= OPT_VERBOSE3; 163 if (cmd_opts & OPT_VERBOSE) 164 cmd_opts |= OPT_VERBOSE2; 165 cmd_opts |= OPT_VERBOSE; 166 break; 167 default: 168 usage(); 169 } 170 } 171 172 argc -= optind; 173 argv += optind; 174 if (argc > 0 || (resolver_flag && frontend_flag)) 175 usage(); 176 177 if (resolver_flag) 178 resolver(debug, cmd_opts & (OPT_VERBOSE | OPT_VERBOSE2 | 179 OPT_VERBOSE3)); 180 else if (frontend_flag) 181 frontend(debug, cmd_opts & (OPT_VERBOSE | OPT_VERBOSE2 | 182 OPT_VERBOSE3)); 183 184 if ((main_conf = parse_config(conffile)) == NULL) 185 exit(1); 186 187 if (cmd_opts & OPT_NOACTION) { 188 if (cmd_opts & OPT_VERBOSE) 189 print_config(main_conf); 190 else 191 fprintf(stderr, "configuration OK\n"); 192 exit(0); 193 } 194 195 /* Check for root privileges. */ 196 if (geteuid()) 197 errx(1, "need root privileges"); 198 199 /* Check for assigned daemon user */ 200 if (getpwnam(UNWIND_USER) == NULL) 201 errx(1, "unknown user %s", UNWIND_USER); 202 203 log_init(debug, LOG_DAEMON); 204 log_setverbose(cmd_opts & (OPT_VERBOSE | OPT_VERBOSE2 | OPT_VERBOSE3)); 205 206 if (!debug) 207 daemon(1, 0); 208 209 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 210 PF_UNSPEC, pipe_main2frontend) == -1) 211 fatal("main2frontend socketpair"); 212 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 213 PF_UNSPEC, pipe_main2resolver) == -1) 214 fatal("main2resolver socketpair"); 215 216 /* Start children. */ 217 resolver_pid = start_child(PROC_RESOLVER, saved_argv0, 218 pipe_main2resolver[1], debug, cmd_opts & (OPT_VERBOSE | 219 OPT_VERBOSE2 | OPT_VERBOSE3)); 220 frontend_pid = start_child(PROC_FRONTEND, saved_argv0, 221 pipe_main2frontend[1], debug, cmd_opts & (OPT_VERBOSE | 222 OPT_VERBOSE2 | OPT_VERBOSE3)); 223 224 log_procinit("main"); 225 226 event_init(); 227 228 /* Setup signal handler. */ 229 signal_set(&ev_sigint, SIGINT, main_sig_handler, NULL); 230 signal_set(&ev_sigterm, SIGTERM, main_sig_handler, NULL); 231 signal_set(&ev_sighup, SIGHUP, main_sig_handler, NULL); 232 signal_add(&ev_sigint, NULL); 233 signal_add(&ev_sigterm, NULL); 234 signal_add(&ev_sighup, NULL); 235 signal(SIGPIPE, SIG_IGN); 236 237 /* Setup pipes to children. */ 238 239 if ((iev_frontend = malloc(sizeof(struct imsgev))) == NULL || 240 (iev_resolver = malloc(sizeof(struct imsgev))) == NULL) 241 fatal(NULL); 242 imsg_init(&iev_frontend->ibuf, pipe_main2frontend[0]); 243 iev_frontend->handler = main_dispatch_frontend; 244 imsg_init(&iev_resolver->ibuf, pipe_main2resolver[0]); 245 iev_resolver->handler = main_dispatch_resolver; 246 247 /* Setup event handlers for pipes. */ 248 iev_frontend->events = EV_READ; 249 event_set(&iev_frontend->ev, iev_frontend->ibuf.fd, 250 iev_frontend->events, iev_frontend->handler, iev_frontend); 251 event_add(&iev_frontend->ev, NULL); 252 253 iev_resolver->events = EV_READ; 254 event_set(&iev_resolver->ev, iev_resolver->ibuf.fd, 255 iev_resolver->events, iev_resolver->handler, iev_resolver); 256 event_add(&iev_resolver->ev, NULL); 257 258 if (main_imsg_send_ipc_sockets(&iev_frontend->ibuf, 259 &iev_resolver->ibuf)) 260 fatal("could not establish imsg links"); 261 262 open_ports(); 263 264 if ((control_fd = control_init(csock)) == -1) 265 fatalx("control socket setup failed"); 266 267 if ((frontend_routesock = socket(AF_ROUTE, SOCK_RAW | SOCK_CLOEXEC | 268 SOCK_NONBLOCK, 0)) == -1) 269 fatal("route socket"); 270 271 rtfilter = ROUTE_FILTER(RTM_IFINFO) | ROUTE_FILTER(RTM_PROPOSAL) 272 | ROUTE_FILTER(RTM_IFANNOUNCE) | ROUTE_FILTER(RTM_NEWADDR) 273 | ROUTE_FILTER(RTM_DELADDR); 274 if (setsockopt(frontend_routesock, AF_ROUTE, ROUTE_MSGFILTER, 275 &rtfilter, sizeof(rtfilter)) == -1) 276 fatal("setsockopt(ROUTE_MSGFILTER)"); 277 278 if ((routesock = socket(AF_ROUTE, SOCK_RAW | SOCK_CLOEXEC | 279 SOCK_NONBLOCK, 0)) == -1) 280 fatal("route socket"); 281 shutdown(SHUT_RD, routesock); 282 283 if ((ta_fd = open(TRUST_ANCHOR_FILE, O_RDWR | O_CREAT, 0644)) == -1) 284 log_warn("%s", TRUST_ANCHOR_FILE); 285 286 /* receiver handles failed open correctly */ 287 main_imsg_compose_frontend_fd(IMSG_TAFD, 0, ta_fd); 288 289 main_imsg_compose_frontend_fd(IMSG_CONTROLFD, 0, control_fd); 290 main_imsg_compose_frontend_fd(IMSG_ROUTESOCK, 0, frontend_routesock); 291 main_imsg_send_config(main_conf); 292 293 if (main_conf->blocklist_file != NULL) 294 send_blocklist_fd(); 295 296 if (pledge("stdio rpath sendfd", NULL) == -1) 297 fatal("pledge"); 298 299 main_imsg_compose_frontend(IMSG_STARTUP, 0, NULL, 0); 300 main_imsg_compose_resolver(IMSG_STARTUP, 0, NULL, 0); 301 302 event_dispatch(); 303 304 main_shutdown(); 305 return (0); 306 } 307 308 __dead void 309 main_shutdown(void) 310 { 311 pid_t pid; 312 int status; 313 314 /* Close pipes. */ 315 msgbuf_clear(&iev_frontend->ibuf.w); 316 close(iev_frontend->ibuf.fd); 317 msgbuf_clear(&iev_resolver->ibuf.w); 318 close(iev_resolver->ibuf.fd); 319 320 config_clear(main_conf); 321 322 log_debug("waiting for children to terminate"); 323 do { 324 pid = wait(&status); 325 if (pid == -1) { 326 if (errno != EINTR && errno != ECHILD) 327 fatal("wait"); 328 } else if (WIFSIGNALED(status)) 329 log_warnx("%s terminated; signal %d", 330 (pid == resolver_pid) ? "resolver" : 331 "frontend", WTERMSIG(status)); 332 } while (pid != -1 || (pid == -1 && errno == EINTR)); 333 334 free(iev_frontend); 335 free(iev_resolver); 336 337 log_info("terminating"); 338 exit(0); 339 } 340 341 static pid_t 342 start_child(enum uw_process p, char *argv0, int fd, int debug, int verbose) 343 { 344 char *argv[7]; 345 int argc = 0; 346 pid_t pid; 347 348 switch (pid = fork()) { 349 case -1: 350 fatal("cannot fork"); 351 case 0: 352 break; 353 default: 354 close(fd); 355 return (pid); 356 } 357 358 if (fd != 3) { 359 if (dup2(fd, 3) == -1) 360 fatal("cannot setup imsg fd"); 361 } else if (fcntl(fd, F_SETFD, 0) == -1) 362 fatal("cannot setup imsg fd"); 363 364 argv[argc++] = argv0; 365 switch (p) { 366 case PROC_MAIN: 367 fatalx("Can not start main process"); 368 case PROC_RESOLVER: 369 argv[argc++] = "-E"; 370 break; 371 case PROC_FRONTEND: 372 argv[argc++] = "-F"; 373 break; 374 } 375 if (debug) 376 argv[argc++] = "-d"; 377 if (verbose & OPT_VERBOSE) 378 argv[argc++] = "-v"; 379 if (verbose & OPT_VERBOSE2) 380 argv[argc++] = "-v"; 381 if (verbose & OPT_VERBOSE3) 382 argv[argc++] = "-v"; 383 argv[argc++] = NULL; 384 385 execvp(argv0, argv); 386 fatal("execvp"); 387 } 388 389 void 390 main_dispatch_frontend(int fd, short event, void *bula) 391 { 392 struct imsgev *iev = bula; 393 struct imsgbuf *ibuf; 394 struct imsg imsg; 395 ssize_t n; 396 int shut = 0, verbose; 397 398 ibuf = &iev->ibuf; 399 400 if (event & EV_READ) { 401 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 402 fatal("imsg_read error"); 403 if (n == 0) /* Connection closed. */ 404 shut = 1; 405 } 406 if (event & EV_WRITE) { 407 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) 408 fatal("msgbuf_write"); 409 if (n == 0) /* Connection closed. */ 410 shut = 1; 411 } 412 413 for (;;) { 414 if ((n = imsg_get(ibuf, &imsg)) == -1) 415 fatal("imsg_get"); 416 if (n == 0) /* No more messages. */ 417 break; 418 419 switch (imsg.hdr.type) { 420 case IMSG_STARTUP_DONE: 421 solicit_dns_proposals(); 422 break; 423 case IMSG_CTL_RELOAD: 424 if (main_reload() == -1) 425 log_warnx("configuration reload failed"); 426 else 427 log_warnx("configuration reloaded"); 428 break; 429 case IMSG_CTL_LOG_VERBOSE: 430 if (IMSG_DATA_SIZE(imsg) != sizeof(verbose)) 431 fatalx("%s: IMSG_CTL_LOG_VERBOSE wrong length: " 432 "%lu", __func__, IMSG_DATA_SIZE(imsg)); 433 memcpy(&verbose, imsg.data, sizeof(verbose)); 434 log_setverbose(verbose); 435 break; 436 default: 437 log_debug("%s: error handling imsg %d", __func__, 438 imsg.hdr.type); 439 break; 440 } 441 imsg_free(&imsg); 442 } 443 if (!shut) 444 imsg_event_add(iev); 445 else { 446 /* This pipe is dead. Remove its event handler */ 447 event_del(&iev->ev); 448 event_loopexit(NULL); 449 } 450 } 451 452 void 453 main_dispatch_resolver(int fd, short event, void *bula) 454 { 455 struct imsgev *iev = bula; 456 struct imsgbuf *ibuf; 457 struct imsg imsg; 458 ssize_t n; 459 int shut = 0; 460 461 ibuf = &iev->ibuf; 462 463 if (event & EV_READ) { 464 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 465 fatal("imsg_read error"); 466 if (n == 0) /* Connection closed. */ 467 shut = 1; 468 } 469 if (event & EV_WRITE) { 470 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) 471 fatal("msgbuf_write"); 472 if (n == 0) /* Connection closed. */ 473 shut = 1; 474 } 475 476 for (;;) { 477 if ((n = imsg_get(ibuf, &imsg)) == -1) 478 fatal("imsg_get"); 479 if (n == 0) /* No more messages. */ 480 break; 481 482 switch (imsg.hdr.type) { 483 default: 484 log_debug("%s: error handling imsg %d", __func__, 485 imsg.hdr.type); 486 break; 487 } 488 imsg_free(&imsg); 489 } 490 if (!shut) 491 imsg_event_add(iev); 492 else { 493 /* This pipe is dead. Remove its event handler. */ 494 event_del(&iev->ev); 495 event_loopexit(NULL); 496 } 497 } 498 499 void 500 main_imsg_compose_frontend(int type, pid_t pid, void *data, uint16_t datalen) 501 { 502 if (iev_frontend) 503 imsg_compose_event(iev_frontend, type, 0, pid, -1, data, 504 datalen); 505 } 506 507 void 508 main_imsg_compose_frontend_fd(int type, pid_t pid, int fd) 509 { 510 if (iev_frontend) 511 imsg_compose_event(iev_frontend, type, 0, pid, fd, NULL, 0); 512 } 513 514 void 515 main_imsg_compose_resolver(int type, pid_t pid, void *data, uint16_t datalen) 516 { 517 if (iev_resolver) 518 imsg_compose_event(iev_resolver, type, 0, pid, -1, data, 519 datalen); 520 } 521 522 void 523 imsg_event_add(struct imsgev *iev) 524 { 525 iev->events = EV_READ; 526 if (iev->ibuf.w.queued) 527 iev->events |= EV_WRITE; 528 529 event_del(&iev->ev); 530 event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, iev); 531 event_add(&iev->ev, NULL); 532 } 533 534 int 535 imsg_compose_event(struct imsgev *iev, uint16_t type, uint32_t peerid, 536 pid_t pid, int fd, void *data, uint16_t datalen) 537 { 538 int ret; 539 540 if ((ret = imsg_compose(&iev->ibuf, type, peerid, pid, fd, data, 541 datalen)) != -1) 542 imsg_event_add(iev); 543 544 return (ret); 545 } 546 547 static int 548 main_imsg_send_ipc_sockets(struct imsgbuf *frontend_buf, 549 struct imsgbuf *resolver_buf) 550 { 551 int pipe_frontend2resolver[2]; 552 553 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 554 PF_UNSPEC, pipe_frontend2resolver) == -1) 555 return (-1); 556 557 if (imsg_compose(frontend_buf, IMSG_SOCKET_IPC_RESOLVER, 0, 0, 558 pipe_frontend2resolver[0], NULL, 0) == -1) 559 return (-1); 560 if (imsg_compose(resolver_buf, IMSG_SOCKET_IPC_FRONTEND, 0, 0, 561 pipe_frontend2resolver[1], NULL, 0) == -1) 562 return (-1); 563 564 return (0); 565 } 566 567 int 568 main_reload(void) 569 { 570 struct uw_conf *xconf; 571 572 if ((xconf = parse_config(conffile)) == NULL) 573 return (-1); 574 575 if (main_imsg_send_config(xconf) == -1) 576 return (-1); 577 578 merge_config(main_conf, xconf); 579 580 if (main_conf->blocklist_file != NULL) 581 send_blocklist_fd(); 582 583 return (0); 584 } 585 586 int 587 main_imsg_send_config(struct uw_conf *xconf) 588 { 589 struct uw_forwarder *uw_forwarder; 590 struct force_tree_entry *force_entry; 591 592 /* Send fixed part of config to children. */ 593 if (main_sendall(IMSG_RECONF_CONF, xconf, sizeof(*xconf)) == -1) 594 return (-1); 595 596 if (xconf->blocklist_file != NULL) { 597 if (main_sendall(IMSG_RECONF_BLOCKLIST_FILE, 598 xconf->blocklist_file, strlen(xconf->blocklist_file) + 1) 599 == -1) 600 return (-1); 601 } 602 603 /* send static forwarders to children */ 604 TAILQ_FOREACH(uw_forwarder, &xconf->uw_forwarder_list, entry) { 605 if (main_sendall(IMSG_RECONF_FORWARDER, uw_forwarder, 606 sizeof(*uw_forwarder)) == -1) 607 return (-1); 608 } 609 610 /* send static DoT forwarders to children */ 611 TAILQ_FOREACH(uw_forwarder, &xconf->uw_dot_forwarder_list, 612 entry) { 613 if (main_sendall(IMSG_RECONF_DOT_FORWARDER, uw_forwarder, 614 sizeof(*uw_forwarder)) == -1) 615 return (-1); 616 } 617 RB_FOREACH(force_entry, force_tree, &xconf->force) { 618 if (main_sendall(IMSG_RECONF_FORCE, force_entry, 619 sizeof(*force_entry)) == -1) 620 return (-1); 621 } 622 623 /* Tell children the revised config is now complete. */ 624 if (main_sendall(IMSG_RECONF_END, NULL, 0) == -1) 625 return (-1); 626 627 return (0); 628 } 629 630 int 631 main_sendall(enum imsg_type type, void *buf, uint16_t len) 632 { 633 if (imsg_compose_event(iev_frontend, type, 0, 0, -1, buf, len) == -1) 634 return (-1); 635 if (imsg_compose_event(iev_resolver, type, 0, 0, -1, buf, len) == -1) 636 return (-1); 637 return (0); 638 } 639 640 void 641 merge_config(struct uw_conf *conf, struct uw_conf *xconf) 642 { 643 struct uw_forwarder *uw_forwarder; 644 struct force_tree_entry *n, *nxt; 645 646 /* Remove & discard existing forwarders. */ 647 while ((uw_forwarder = TAILQ_FIRST(&conf->uw_forwarder_list)) != 648 NULL) { 649 TAILQ_REMOVE(&conf->uw_forwarder_list, uw_forwarder, entry); 650 free(uw_forwarder); 651 } 652 while ((uw_forwarder = TAILQ_FIRST(&conf->uw_dot_forwarder_list)) != 653 NULL) { 654 TAILQ_REMOVE(&conf->uw_dot_forwarder_list, uw_forwarder, entry); 655 free(uw_forwarder); 656 } 657 658 /* Remove & discard existing force tree. */ 659 RB_FOREACH_SAFE(n, force_tree, &conf->force, nxt) { 660 RB_REMOVE(force_tree, &conf->force, n); 661 free(n); 662 } 663 664 memcpy(&conf->res_pref, &xconf->res_pref, 665 sizeof(conf->res_pref)); 666 667 free(conf->blocklist_file); 668 conf->blocklist_file = xconf->blocklist_file; 669 conf->blocklist_log = xconf->blocklist_log; 670 671 /* Add new forwarders. */ 672 TAILQ_CONCAT(&conf->uw_forwarder_list, &xconf->uw_forwarder_list, 673 entry); 674 TAILQ_CONCAT(&conf->uw_dot_forwarder_list, 675 &xconf->uw_dot_forwarder_list, entry); 676 677 RB_FOREACH_SAFE(n, force_tree, &xconf->force, nxt) { 678 RB_REMOVE(force_tree, &xconf->force, n); 679 RB_INSERT(force_tree, &conf->force, n); 680 } 681 682 free(xconf); 683 } 684 685 struct uw_conf * 686 config_new_empty(void) 687 { 688 static enum uw_resolver_type default_res_pref[] = { 689 UW_RES_DOT, 690 UW_RES_ODOT_FORWARDER, 691 UW_RES_FORWARDER, 692 UW_RES_RECURSOR, 693 UW_RES_ODOT_DHCP, 694 UW_RES_DHCP, 695 UW_RES_ASR}; 696 struct uw_conf *xconf; 697 698 xconf = calloc(1, sizeof(*xconf)); 699 if (xconf == NULL) 700 fatal(NULL); 701 702 memcpy(&xconf->res_pref.types, &default_res_pref, 703 sizeof(default_res_pref)); 704 xconf->res_pref.len = nitems(default_res_pref); 705 706 TAILQ_INIT(&xconf->uw_forwarder_list); 707 TAILQ_INIT(&xconf->uw_dot_forwarder_list); 708 709 RB_INIT(&xconf->force); 710 711 return (xconf); 712 } 713 714 void 715 config_clear(struct uw_conf *conf) 716 { 717 struct uw_conf *xconf; 718 719 /* Merge current config with an empty config. */ 720 xconf = config_new_empty(); 721 merge_config(conf, xconf); 722 723 free(conf); 724 } 725 726 void 727 open_ports(void) 728 { 729 struct addrinfo hints, *res0; 730 int udp4sock = -1, udp6sock = -1, error, bsize = 65535; 731 int tcp4sock = -1, tcp6sock = -1; 732 int opt = 1; 733 734 memset(&hints, 0, sizeof(hints)); 735 hints.ai_family = AF_INET; 736 hints.ai_socktype = SOCK_DGRAM; 737 hints.ai_flags = AI_NUMERICHOST | AI_PASSIVE; 738 739 error = getaddrinfo("127.0.0.1", "domain", &hints, &res0); 740 if (!error && res0) { 741 if ((udp4sock = socket(res0->ai_family, res0->ai_socktype, 742 res0->ai_protocol)) != -1) { 743 if (setsockopt(udp4sock, SOL_SOCKET, SO_REUSEADDR, 744 &opt, sizeof(opt)) == -1) 745 log_warn("setting SO_REUSEADDR on socket"); 746 if (setsockopt(udp4sock, SOL_SOCKET, SO_SNDBUF, &bsize, 747 sizeof(bsize)) == -1) 748 log_warn("setting SO_SNDBUF on socket"); 749 if (bind(udp4sock, res0->ai_addr, res0->ai_addrlen) 750 == -1) { 751 close(udp4sock); 752 udp4sock = -1; 753 } 754 } 755 } 756 if (res0) 757 freeaddrinfo(res0); 758 759 hints.ai_family = AF_INET6; 760 error = getaddrinfo("::1", "domain", &hints, &res0); 761 if (!error && res0) { 762 if ((udp6sock = socket(res0->ai_family, res0->ai_socktype, 763 res0->ai_protocol)) != -1) { 764 if (setsockopt(udp6sock, SOL_SOCKET, SO_REUSEADDR, 765 &opt, sizeof(opt)) == -1) 766 log_warn("setting SO_REUSEADDR on socket"); 767 if (setsockopt(udp6sock, SOL_SOCKET, SO_SNDBUF, &bsize, 768 sizeof(bsize)) == -1) 769 log_warn("setting SO_SNDBUF on socket"); 770 if (bind(udp6sock, res0->ai_addr, res0->ai_addrlen) 771 == -1) { 772 close(udp6sock); 773 udp6sock = -1; 774 } 775 } 776 } 777 if (res0) 778 freeaddrinfo(res0); 779 780 hints.ai_family = AF_INET; 781 hints.ai_socktype = SOCK_STREAM; 782 783 error = getaddrinfo("127.0.0.1", "domain", &hints, &res0); 784 if (!error && res0) { 785 if ((tcp4sock = socket(res0->ai_family, 786 res0->ai_socktype | SOCK_NONBLOCK, 787 res0->ai_protocol)) != -1) { 788 if (setsockopt(tcp4sock, SOL_SOCKET, SO_REUSEADDR, 789 &opt, sizeof(opt)) == -1) 790 log_warn("setting SO_REUSEADDR on socket"); 791 if (setsockopt(tcp4sock, SOL_SOCKET, SO_SNDBUF, &bsize, 792 sizeof(bsize)) == -1) 793 log_warn("setting SO_SNDBUF on socket"); 794 if (bind(tcp4sock, res0->ai_addr, res0->ai_addrlen) 795 == -1) { 796 close(tcp4sock); 797 tcp4sock = -1; 798 } 799 if (listen(tcp4sock, 5) == -1) { 800 close(tcp4sock); 801 tcp4sock = -1; 802 } 803 } 804 } 805 if (res0) 806 freeaddrinfo(res0); 807 808 hints.ai_family = AF_INET6; 809 error = getaddrinfo("::1", "domain", &hints, &res0); 810 if (!error && res0) { 811 if ((tcp6sock = socket(res0->ai_family, 812 res0->ai_socktype | SOCK_NONBLOCK, 813 res0->ai_protocol)) != -1) { 814 if (setsockopt(tcp6sock, SOL_SOCKET, SO_REUSEADDR, 815 &opt, sizeof(opt)) == -1) 816 log_warn("setting SO_REUSEADDR on socket"); 817 if (setsockopt(tcp6sock, SOL_SOCKET, SO_SNDBUF, &bsize, 818 sizeof(bsize)) == -1) 819 log_warn("setting SO_SNDBUF on socket"); 820 if (bind(tcp6sock, res0->ai_addr, res0->ai_addrlen) 821 == -1) { 822 close(tcp6sock); 823 tcp6sock = -1; 824 } 825 if (listen(tcp6sock, 5) == -1) { 826 close(tcp6sock); 827 tcp6sock = -1; 828 } 829 } 830 } 831 if (res0) 832 freeaddrinfo(res0); 833 834 if ((udp4sock == -1 || tcp4sock == -1) && (udp6sock == -1 || 835 tcp6sock == -1)) 836 fatalx("could not bind to 127.0.0.1 or ::1 on port 53"); 837 838 if (udp4sock != -1) 839 main_imsg_compose_frontend_fd(IMSG_UDP4SOCK, 0, udp4sock); 840 if (udp6sock != -1) 841 main_imsg_compose_frontend_fd(IMSG_UDP6SOCK, 0, udp6sock); 842 if (tcp4sock != -1) 843 main_imsg_compose_frontend_fd(IMSG_TCP4SOCK, 0, tcp4sock); 844 if (tcp6sock != -1) 845 main_imsg_compose_frontend_fd(IMSG_TCP6SOCK, 0, tcp6sock); 846 } 847 848 void 849 solicit_dns_proposals(void) 850 { 851 struct rt_msghdr rtm; 852 struct iovec iov[1]; 853 int iovcnt = 0; 854 855 memset(&rtm, 0, sizeof(rtm)); 856 857 rtm.rtm_version = RTM_VERSION; 858 rtm.rtm_type = RTM_PROPOSAL; 859 rtm.rtm_msglen = sizeof(rtm); 860 rtm.rtm_tableid = 0; 861 rtm.rtm_index = 0; 862 rtm.rtm_seq = arc4random(); 863 rtm.rtm_priority = RTP_PROPOSAL_SOLICIT; 864 865 iov[iovcnt].iov_base = &rtm; 866 iov[iovcnt++].iov_len = sizeof(rtm); 867 868 if (writev(routesock, iov, iovcnt) == -1) 869 log_warn("failed to send solicitation"); 870 } 871 872 void 873 send_blocklist_fd(void) 874 { 875 int bl_fd; 876 877 if ((bl_fd = open(main_conf->blocklist_file, O_RDONLY)) != -1) 878 main_imsg_compose_frontend_fd(IMSG_BLFD, 0, bl_fd); 879 else 880 log_warn("%s", main_conf->blocklist_file); 881 } 882 883 void 884 imsg_receive_config(struct imsg *imsg, struct uw_conf **xconf) 885 { 886 struct uw_conf *nconf; 887 struct uw_forwarder *uw_forwarder; 888 struct force_tree_entry *force_entry; 889 890 nconf = *xconf; 891 892 switch (imsg->hdr.type) { 893 case IMSG_RECONF_CONF: 894 if (nconf != NULL) 895 fatalx("%s: IMSG_RECONF_CONF already in " 896 "progress", __func__); 897 if (IMSG_DATA_SIZE(*imsg) != sizeof(struct uw_conf)) 898 fatalx("%s: IMSG_RECONF_CONF wrong length: %lu", 899 __func__, IMSG_DATA_SIZE(*imsg)); 900 if ((*xconf = malloc(sizeof(struct uw_conf))) == NULL) 901 fatal(NULL); 902 nconf = *xconf; 903 memcpy(nconf, imsg->data, sizeof(struct uw_conf)); 904 TAILQ_INIT(&nconf->uw_forwarder_list); 905 TAILQ_INIT(&nconf->uw_dot_forwarder_list); 906 RB_INIT(&nconf->force); 907 break; 908 case IMSG_RECONF_BLOCKLIST_FILE: 909 /* make sure this is a string */ 910 ((char *)imsg->data)[IMSG_DATA_SIZE(*imsg) - 1] = '\0'; 911 if ((nconf->blocklist_file = strdup(imsg->data)) == 912 NULL) 913 fatal("%s: strdup", __func__); 914 break; 915 case IMSG_RECONF_FORWARDER: 916 if (IMSG_DATA_SIZE(*imsg) != sizeof(struct uw_forwarder)) 917 fatalx("%s: IMSG_RECONF_FORWARDER wrong length:" 918 " %lu", __func__, IMSG_DATA_SIZE(*imsg)); 919 if ((uw_forwarder = malloc(sizeof(struct 920 uw_forwarder))) == NULL) 921 fatal(NULL); 922 memcpy(uw_forwarder, imsg->data, sizeof(struct 923 uw_forwarder)); 924 TAILQ_INSERT_TAIL(&nconf->uw_forwarder_list, 925 uw_forwarder, entry); 926 break; 927 case IMSG_RECONF_DOT_FORWARDER: 928 if (IMSG_DATA_SIZE(*imsg) != sizeof(struct uw_forwarder)) 929 fatalx("%s: IMSG_RECONF_DOT_FORWARDER wrong " 930 "length: %lu", __func__, 931 IMSG_DATA_SIZE(*imsg)); 932 if ((uw_forwarder = malloc(sizeof(struct 933 uw_forwarder))) == NULL) 934 fatal(NULL); 935 memcpy(uw_forwarder, imsg->data, sizeof(struct 936 uw_forwarder)); 937 TAILQ_INSERT_TAIL(&nconf->uw_dot_forwarder_list, 938 uw_forwarder, entry); 939 break; 940 case IMSG_RECONF_FORCE: 941 if (IMSG_DATA_SIZE(*imsg) != sizeof(struct force_tree_entry)) 942 fatalx("%s: IMSG_RECONF_FORCE wrong " 943 "length: %lu", __func__, 944 IMSG_DATA_SIZE(*imsg)); 945 if ((force_entry = malloc(sizeof(struct 946 force_tree_entry))) == NULL) 947 fatal(NULL); 948 memcpy(force_entry, imsg->data, sizeof(struct 949 force_tree_entry)); 950 if (RB_INSERT(force_tree, &nconf->force, force_entry) != NULL) { 951 free(force_entry); 952 fatalx("%s: IMSG_RECONF_FORCE duplicate entry", 953 __func__); 954 } 955 break; 956 default: 957 log_debug("%s: error handling imsg %d", __func__, 958 imsg->hdr.type); 959 break; 960 } 961 } 962