1 /* 2 * options.h -- nsd.conf options definitions and prototypes 3 * 4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 * 8 */ 9 10 #ifndef OPTIONS_H 11 #define OPTIONS_H 12 13 #include "config.h" 14 #include <stdarg.h> 15 #include "region-allocator.h" 16 #include "rbtree.h" 17 struct query; 18 struct dname; 19 struct tsig_key; 20 struct buffer; 21 struct nsd; 22 23 typedef struct nsd_options nsd_options_t; 24 typedef struct pattern_options pattern_options_t; 25 typedef struct zone_options zone_options_t; 26 typedef struct ipaddress_option ip_address_option_t; 27 typedef struct acl_options acl_options_t; 28 typedef struct key_options key_options_t; 29 typedef struct config_parser_state config_parser_state_t; 30 /* 31 * Options global for nsd. 32 */ 33 struct nsd_options { 34 /* config file name */ 35 char* configfile; 36 /* options for zones, by apex, contains zone_options_t */ 37 rbtree_t* zone_options; 38 /* patterns, by name, contains pattern_options_t */ 39 rbtree_t* patterns; 40 41 /* free space in zonelist file, contains zonelist_bucket */ 42 rbtree_t* zonefree; 43 /* number of free space lines in zonelist file */ 44 size_t zonefree_number; 45 /* zonelist file if open */ 46 FILE* zonelist; 47 /* last offset in file (or 0 if none) */ 48 off_t zonelist_off; 49 50 /* rbtree of keys defined, by name */ 51 rbtree_t* keys; 52 53 /* list of ip adresses to bind to (or NULL for all) */ 54 ip_address_option_t* ip_addresses; 55 56 int ip_transparent; 57 int debug_mode; 58 int verbosity; 59 int hide_version; 60 int do_ip4; 61 int do_ip6; 62 const char* database; 63 const char* identity; 64 const char* logfile; 65 int server_count; 66 int tcp_count; 67 int tcp_query_count; 68 int tcp_timeout; 69 size_t ipv4_edns_size; 70 size_t ipv6_edns_size; 71 const char* pidfile; 72 const char* port; 73 int statistics; 74 const char* chroot; 75 const char* username; 76 const char* zonesdir; 77 const char* xfrdfile; 78 const char* xfrdir; 79 const char* zonelistfile; 80 const char* nsid; 81 int xfrd_reload_timeout; 82 int zonefiles_check; 83 84 /** remote control section. enable toggle. */ 85 int control_enable; 86 /** the interfaces the remote control should listen on */ 87 ip_address_option_t* control_interface; 88 /** port number for the control port */ 89 int control_port; 90 /** private key file for server */ 91 char* server_key_file; 92 /** certificate file for server */ 93 char* server_cert_file; 94 /** private key file for nsd-control */ 95 char* control_key_file; 96 /** certificate file for nsd-control */ 97 char* control_cert_file; 98 99 #ifdef RATELIMIT 100 /** number of buckets in rrl hashtable */ 101 size_t rrl_size; 102 /** max qps for queries, 0 is nolimit */ 103 size_t rrl_ratelimit; 104 /** ratio of slipped responses, 0 is noslip */ 105 size_t rrl_slip; 106 /** ip prefix length */ 107 size_t rrl_ipv4_prefix_length; 108 size_t rrl_ipv6_prefix_length; 109 /** max qps for whitelisted queries, 0 is nolimit */ 110 size_t rrl_whitelist_ratelimit; 111 #endif 112 113 region_type* region; 114 }; 115 116 struct ipaddress_option { 117 ip_address_option_t* next; 118 char* address; 119 }; 120 121 /* 122 * Pattern of zone options, used to contain options for zone(s). 123 */ 124 struct pattern_options { 125 rbnode_t node; 126 const char* pname; /* name of the pattern, key of rbtree */ 127 const char* zonefile; 128 acl_options_t* allow_notify; 129 acl_options_t* request_xfr; 130 acl_options_t* notify; 131 acl_options_t* provide_xfr; 132 acl_options_t* outgoing_interface; 133 #ifdef RATELIMIT 134 uint16_t rrl_whitelist; /* bitmap with rrl types */ 135 #endif 136 uint8_t allow_axfr_fallback; 137 uint8_t allow_axfr_fallback_is_default; 138 uint8_t notify_retry; 139 uint8_t notify_retry_is_default; 140 uint8_t implicit; /* pattern is implicit, part_of_config zone used */ 141 uint8_t xfrd_flags; 142 }; 143 144 #define PATTERN_IMPLICIT_MARKER "_implicit_" 145 146 /* 147 * Options for a zone 148 */ 149 struct zone_options { 150 /* key is dname of apex */ 151 rbnode_t node; 152 153 /* is apex of the zone */ 154 const char* name; 155 /* if not part of config, the offset and linesize of zonelist entry */ 156 off_t off; 157 int linesize; 158 /* pattern for the zone options, if zone is part_of_config, this is 159 * a anonymous pattern created in-place */ 160 pattern_options_t* pattern; 161 /* zone is fixed into the main config, not in zonelist, cannot delete */ 162 uint8_t part_of_config; 163 }; 164 165 union acl_addr_storage { 166 #ifdef INET6 167 struct in_addr addr; 168 struct in6_addr addr6; 169 #else 170 struct in_addr addr; 171 #endif 172 }; 173 174 /* 175 * Access control list element 176 */ 177 struct acl_options { 178 acl_options_t* next; 179 180 /* options */ 181 time_t ixfr_disabled; 182 int bad_xfr_count; 183 uint8_t use_axfr_only; 184 uint8_t allow_udp; 185 186 /* ip address range */ 187 const char* ip_address_spec; 188 uint8_t is_ipv6; 189 unsigned int port; /* is 0(no port) or suffix @port value */ 190 union acl_addr_storage addr; 191 union acl_addr_storage range_mask; 192 enum { 193 acl_range_single = 0, /* single adress */ 194 acl_range_mask = 1, /* 10.20.30.40&255.255.255.0 */ 195 acl_range_subnet = 2, /* 10.20.30.40/28 */ 196 acl_range_minmax = 3 /* 10.20.30.40-10.20.30.60 (mask=max) */ 197 } rangetype; 198 199 /* key */ 200 uint8_t nokey; 201 uint8_t blocked; 202 const char* key_name; 203 key_options_t* key_options; 204 }; 205 206 /* 207 * Key definition 208 */ 209 struct key_options { 210 rbnode_t node; /* key of tree is name */ 211 char* name; 212 char* algorithm; 213 char* secret; 214 struct tsig_key* tsig_key; 215 }; 216 217 /** zone list free space */ 218 struct zonelist_free { 219 struct zonelist_free* next; 220 off_t off; 221 }; 222 /** zonelist free bucket for a particular line length */ 223 struct zonelist_bucket { 224 rbnode_t node; /* key is ptr to linesize */ 225 int linesize; 226 struct zonelist_free* list; 227 }; 228 229 /* 230 * Used during options parsing 231 */ 232 struct config_parser_state { 233 const char* filename; 234 const char* chroot; 235 int line; 236 int errors; 237 int server_settings_seen; 238 nsd_options_t* opt; 239 pattern_options_t* current_pattern; 240 zone_options_t* current_zone; 241 key_options_t* current_key; 242 ip_address_option_t* current_ip_address_option; 243 acl_options_t* current_allow_notify; 244 acl_options_t* current_request_xfr; 245 acl_options_t* current_notify; 246 acl_options_t* current_provide_xfr; 247 acl_options_t* current_outgoing_interface; 248 void (*err)(void*,const char*); 249 void* err_arg; 250 }; 251 252 extern config_parser_state_t* cfg_parser; 253 254 /* region will be put in nsd_options struct. Returns empty options struct. */ 255 nsd_options_t* nsd_options_create(region_type* region); 256 /* the number of zones that are configured */ 257 static inline size_t nsd_options_num_zones(nsd_options_t* opt) 258 { return opt->zone_options->count; } 259 /* insert a zone into the main options tree, returns 0 on error */ 260 int nsd_options_insert_zone(nsd_options_t* opt, zone_options_t* zone); 261 /* insert a pattern into the main options tree, returns 0 on error */ 262 int nsd_options_insert_pattern(nsd_options_t* opt, pattern_options_t* pat); 263 264 /* parses options file. Returns false on failure. callback, if nonNULL, 265 * gets called with error strings, default prints. */ 266 int parse_options_file(nsd_options_t* opt, const char* file, 267 void (*err)(void*,const char*), void* err_arg); 268 zone_options_t* zone_options_create(region_type* region); 269 void zone_options_delete(nsd_options_t* opt, zone_options_t* zone); 270 /* find a zone by apex domain name, or NULL if not found. */ 271 zone_options_t* zone_options_find(nsd_options_t* opt, const struct dname* apex); 272 pattern_options_t* pattern_options_create(region_type* region); 273 pattern_options_t* pattern_options_find(nsd_options_t* opt, const char* name); 274 int pattern_options_equal(pattern_options_t* p, pattern_options_t* q); 275 void pattern_options_remove(nsd_options_t* opt, const char* name); 276 void pattern_options_add_modify(nsd_options_t* opt, pattern_options_t* p); 277 void pattern_options_marshal(struct buffer* buffer, pattern_options_t* p); 278 pattern_options_t* pattern_options_unmarshal(region_type* r, struct buffer* b); 279 key_options_t* key_options_create(region_type* region); 280 void key_options_insert(nsd_options_t* opt, key_options_t* key); 281 key_options_t* key_options_find(nsd_options_t* opt, const char* name); 282 void key_options_remove(nsd_options_t* opt, const char* name); 283 int key_options_equal(key_options_t* p, key_options_t* q); 284 void key_options_add_modify(nsd_options_t* opt, key_options_t* key); 285 /* read in zone list file. Returns false on failure */ 286 int parse_zone_list_file(nsd_options_t* opt); 287 /* create zone entry and add to the zonelist file */ 288 zone_options_t* zone_list_add(nsd_options_t* opt, const char* zname, 289 const char* pname); 290 /* create zonelist entry, do not insert in file (called by _add) */ 291 zone_options_t* zone_list_zone_insert(nsd_options_t* opt, const char* nm, 292 const char* patnm, int linesize, off_t off); 293 void zone_list_del(nsd_options_t* opt, zone_options_t* zone); 294 void zone_list_compact(nsd_options_t* opt); 295 void zone_list_close(nsd_options_t* opt); 296 297 #if defined(HAVE_SSL) 298 /* tsig must be inited, adds all keys in options to tsig. */ 299 void key_options_tsig_add(nsd_options_t* opt); 300 #endif 301 302 /* check acl list, acl number that matches if passed(0..), 303 * or failure (-1) if dropped */ 304 /* the reason why (the acl) is returned too (or NULL) */ 305 int acl_check_incoming(acl_options_t* acl, struct query* q, 306 acl_options_t** reason); 307 int acl_addr_matches_host(acl_options_t* acl, acl_options_t* host); 308 int acl_addr_matches(acl_options_t* acl, struct query* q); 309 int acl_key_matches(acl_options_t* acl, struct query* q); 310 int acl_addr_match_mask(uint32_t* a, uint32_t* b, uint32_t* mask, size_t sz); 311 int acl_addr_match_range(uint32_t* minval, uint32_t* x, uint32_t* maxval, size_t sz); 312 313 /* returns true if acls are both from the same host */ 314 int acl_same_host(acl_options_t* a, acl_options_t* b); 315 /* find acl by number in the list */ 316 acl_options_t* acl_find_num(acl_options_t* acl, int num); 317 318 /* see if two acl lists are the same (same elements in same order, or empty) */ 319 int acl_list_equal(acl_options_t* p, acl_options_t* q); 320 /* see if two acl are the same */ 321 int acl_equal(acl_options_t* p, acl_options_t* q); 322 323 /* see if a zone is a slave or a master zone */ 324 int zone_is_slave(zone_options_t* opt); 325 /* create zonefile name, returns static pointer (perhaps to options data) */ 326 const char* config_make_zonefile(zone_options_t* zone, struct nsd* nsd); 327 328 #define ZONEC_PCT_TIME 5 /* seconds, then it starts to print pcts */ 329 #define ZONEC_PCT_COUNT 100000 /* elements before pct check is done */ 330 331 /* parsing helpers */ 332 void c_error(const char* msg); 333 void c_error_msg(const char* fmt, ...) ATTR_FORMAT(printf, 1, 2); 334 acl_options_t* parse_acl_info(region_type* region, char* ip, const char* key); 335 /* true if ipv6 address, false if ipv4 */ 336 int parse_acl_is_ipv6(const char* p); 337 /* returns range type. mask is the 2nd part of the range */ 338 int parse_acl_range_type(char* ip, char** mask); 339 /* parses subnet mask, fills 0 mask as well */ 340 void parse_acl_range_subnet(char* p, void* addr, int maxbits); 341 /* clean up options */ 342 void nsd_options_destroy(nsd_options_t* opt); 343 /* replace occurrences of one with two in buf, pass length of buffer */ 344 void replace_str(char* buf, size_t len, const char* one, const char* two); 345 /* apply pattern to the existing pattern in the parser */ 346 void config_apply_pattern(const char* name); 347 348 #endif /* OPTIONS_H */ 349