1 /* 2 * options.h -- nsd.conf options definitions and prototypes 3 * 4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 * 8 */ 9 10 #ifndef OPTIONS_H 11 #define OPTIONS_H 12 13 #include <stdarg.h> 14 #include "region-allocator.h" 15 #include "rbtree.h" 16 struct query; 17 struct dname; 18 struct tsig_key; 19 struct buffer; 20 struct nsd; 21 22 typedef struct nsd_options nsd_options_type; 23 typedef struct pattern_options pattern_options_type; 24 typedef struct zone_options zone_options_type; 25 typedef struct range_option range_option_type; 26 typedef struct ip_address_option ip_address_option_type; 27 typedef struct cpu_option cpu_option_type; 28 typedef struct cpu_map_option cpu_map_option_type; 29 typedef struct acl_options acl_options_type; 30 typedef struct key_options key_options_type; 31 typedef struct config_parser_state config_parser_state_type; 32 33 /* 34 * Options global for nsd. 35 */ 36 struct nsd_options { 37 /* config file name */ 38 char* configfile; 39 /* options for zones, by apex, contains zone_options */ 40 rbtree_type* zone_options; 41 /* patterns, by name, contains pattern_options */ 42 rbtree_type* patterns; 43 44 /* free space in zonelist file, contains zonelist_bucket */ 45 rbtree_type* zonefree; 46 /* number of free space lines in zonelist file */ 47 size_t zonefree_number; 48 /* zonelist file if open */ 49 FILE* zonelist; 50 /* last offset in file (or 0 if none) */ 51 off_t zonelist_off; 52 53 /* tree of zonestat names and their id values, entries are struct 54 * zonestatname with malloced key=stringname. The number of items 55 * is the max statnameid, no items are freed from this. 56 * kept correct in the xfrd process, and on startup. */ 57 rbtree_type* zonestatnames; 58 59 /* rbtree of keys defined, by name */ 60 rbtree_type* keys; 61 62 /* list of ip addresses to bind to (or NULL for all) */ 63 struct ip_address_option* ip_addresses; 64 65 int ip_transparent; 66 int ip_freebind; 67 int send_buffer_size; 68 int receive_buffer_size; 69 int debug_mode; 70 int verbosity; 71 int hide_version; 72 int hide_identity; 73 int drop_updates; 74 int do_ip4; 75 int do_ip6; 76 const char* database; 77 const char* identity; 78 const char* version; 79 const char* logfile; 80 int log_only_syslog; 81 int server_count; 82 struct cpu_option* cpu_affinity; 83 struct cpu_map_option* service_cpu_affinity; 84 int tcp_count; 85 int tcp_reject_overflow; 86 int confine_to_zone; 87 int tcp_query_count; 88 int tcp_timeout; 89 int tcp_mss; 90 int outgoing_tcp_mss; 91 size_t ipv4_edns_size; 92 size_t ipv6_edns_size; 93 const char* pidfile; 94 const char* port; 95 int statistics; 96 const char* chroot; 97 const char* username; 98 const char* zonesdir; 99 const char* xfrdfile; 100 const char* xfrdir; 101 const char* zonelistfile; 102 const char* nsid; 103 int xfrd_reload_timeout; 104 int zonefiles_check; 105 int zonefiles_write; 106 int log_time_ascii; 107 int round_robin; 108 int minimal_responses; 109 int refuse_any; 110 int reuseport; 111 112 /* private key file for TLS */ 113 char* tls_service_key; 114 /* ocsp stapling file for TLS */ 115 char* tls_service_ocsp; 116 /* certificate file for TLS */ 117 char* tls_service_pem; 118 /* TLS dedicated port */ 119 const char* tls_port; 120 121 /** remote control section. enable toggle. */ 122 int control_enable; 123 /** the interfaces the remote control should listen on */ 124 struct ip_address_option* control_interface; 125 /** port number for the control port */ 126 int control_port; 127 /** private key file for server */ 128 char* server_key_file; 129 /** certificate file for server */ 130 char* server_cert_file; 131 /** private key file for nsd-control */ 132 char* control_key_file; 133 /** certificate file for nsd-control */ 134 char* control_cert_file; 135 136 #ifdef RATELIMIT 137 /** number of buckets in rrl hashtable */ 138 size_t rrl_size; 139 /** max qps for queries, 0 is nolimit */ 140 size_t rrl_ratelimit; 141 /** ratio of slipped responses, 0 is noslip */ 142 size_t rrl_slip; 143 /** ip prefix length */ 144 size_t rrl_ipv4_prefix_length; 145 size_t rrl_ipv6_prefix_length; 146 /** max qps for whitelisted queries, 0 is nolimit */ 147 size_t rrl_whitelist_ratelimit; 148 #endif 149 /** if dnstap is enabled */ 150 int dnstap_enable; 151 /** dnstap socket path */ 152 char* dnstap_socket_path; 153 /** true to send "identity" via dnstap */ 154 int dnstap_send_identity; 155 /** true to send "version" via dnstap */ 156 int dnstap_send_version; 157 /** dnstap "identity", hostname is used if "". */ 158 char* dnstap_identity; 159 /** dnstap "version", package version is used if "". */ 160 char* dnstap_version; 161 /** true to log dnstap AUTH_QUERY message events */ 162 int dnstap_log_auth_query_messages; 163 /** true to log dnstap AUTH_RESPONSE message events */ 164 int dnstap_log_auth_response_messages; 165 166 region_type* region; 167 }; 168 169 struct range_option { 170 struct range_option* next; 171 int first; 172 int last; 173 }; 174 175 struct ip_address_option { 176 struct ip_address_option* next; 177 char* address; 178 struct range_option* servers; 179 int dev; 180 int fib; 181 }; 182 183 struct cpu_option { 184 struct cpu_option* next; 185 int cpu; 186 }; 187 188 struct cpu_map_option { 189 struct cpu_map_option* next; 190 int service; 191 int cpu; 192 }; 193 194 /* 195 * Defines for min_expire_time_expr value 196 */ 197 #define EXPIRE_TIME_HAS_VALUE 0 198 #define EXPIRE_TIME_IS_DEFAULT 1 199 #define REFRESHPLUSRETRYPLUS1 2 200 #define REFRESHPLUSRETRYPLUS1_STR "refresh+retry+1" 201 #define expire_time_is_default(x) (!( (x) == REFRESHPLUSRETRYPLUS1 \ 202 || (x) == EXPIRE_TIME_HAS_VALUE )) 203 204 205 /* 206 * Pattern of zone options, used to contain options for zone(s). 207 */ 208 struct pattern_options { 209 rbnode_type node; 210 const char* pname; /* name of the pattern, key of rbtree */ 211 const char* zonefile; 212 struct acl_options* allow_notify; 213 struct acl_options* request_xfr; 214 struct acl_options* notify; 215 struct acl_options* provide_xfr; 216 struct acl_options* allow_query; 217 struct acl_options* outgoing_interface; 218 const char* zonestats; 219 #ifdef RATELIMIT 220 uint16_t rrl_whitelist; /* bitmap with rrl types */ 221 #endif 222 uint8_t allow_axfr_fallback; 223 uint8_t allow_axfr_fallback_is_default; 224 uint8_t notify_retry; 225 uint8_t notify_retry_is_default; 226 uint8_t implicit; /* pattern is implicit, part_of_config zone used */ 227 uint8_t xfrd_flags; 228 uint32_t max_refresh_time; 229 uint8_t max_refresh_time_is_default; 230 uint32_t min_refresh_time; 231 uint8_t min_refresh_time_is_default; 232 uint32_t max_retry_time; 233 uint8_t max_retry_time_is_default; 234 uint32_t min_retry_time; 235 uint8_t min_retry_time_is_default; 236 uint32_t min_expire_time; 237 /* min_expir_time_expr is either a known value (REFRESHPLUSRETRYPLUS1 238 * or EXPIRE_EXPR_HAS_VALUE) or else min_expire_time is the default. 239 * This can be tested with expire_time_is_default(x) define. 240 */ 241 uint8_t min_expire_time_expr; 242 uint64_t size_limit_xfr; 243 uint8_t multi_master_check; 244 } ATTR_PACKED; 245 246 #define PATTERN_IMPLICIT_MARKER "_implicit_" 247 248 /* 249 * Options for a zone 250 */ 251 struct zone_options { 252 /* key is dname of apex */ 253 rbnode_type node; 254 255 /* is apex of the zone */ 256 const char* name; 257 /* if not part of config, the offset and linesize of zonelist entry */ 258 off_t off; 259 int linesize; 260 /* pattern for the zone options, if zone is part_of_config, this is 261 * a anonymous pattern created in-place */ 262 struct pattern_options* pattern; 263 /* zone is fixed into the main config, not in zonelist, cannot delete */ 264 uint8_t part_of_config; 265 } ATTR_PACKED; 266 267 union acl_addr_storage { 268 #ifdef INET6 269 struct in_addr addr; 270 struct in6_addr addr6; 271 #else 272 struct in_addr addr; 273 #endif 274 }; 275 276 /* 277 * Access control list element 278 */ 279 struct acl_options { 280 struct acl_options* next; 281 282 /* options */ 283 time_t ixfr_disabled; 284 int bad_xfr_count; 285 uint8_t use_axfr_only; 286 uint8_t allow_udp; 287 288 /* ip address range */ 289 const char* ip_address_spec; 290 uint8_t is_ipv6; 291 unsigned int port; /* is 0(no port) or suffix @port value */ 292 union acl_addr_storage addr; 293 union acl_addr_storage range_mask; 294 enum { 295 acl_range_single = 0, /* single address */ 296 acl_range_mask = 1, /* 10.20.30.40&255.255.255.0 */ 297 acl_range_subnet = 2, /* 10.20.30.40/28 */ 298 acl_range_minmax = 3 /* 10.20.30.40-10.20.30.60 (mask=max) */ 299 } rangetype; 300 301 /* key */ 302 uint8_t nokey; 303 uint8_t blocked; 304 const char* key_name; 305 struct key_options* key_options; 306 } ATTR_PACKED; 307 308 /* 309 * Key definition 310 */ 311 struct key_options { 312 rbnode_type node; /* key of tree is name */ 313 char* name; 314 char* algorithm; 315 char* secret; 316 struct tsig_key* tsig_key; 317 } ATTR_PACKED; 318 319 /** zone list free space */ 320 struct zonelist_free { 321 struct zonelist_free* next; 322 off_t off; 323 }; 324 /** zonelist free bucket for a particular line length */ 325 struct zonelist_bucket { 326 rbnode_type node; /* key is ptr to linesize */ 327 int linesize; 328 struct zonelist_free* list; 329 }; 330 331 /* default zonefile write interval if database is "", in seconds */ 332 #define ZONEFILES_WRITE_INTERVAL 3600 333 334 struct zonestatname { 335 rbnode_type node; /* key is malloced string with cooked zonestat name */ 336 unsigned id; /* index in nsd.zonestat array */ 337 }; 338 339 /* 340 * Used during options parsing 341 */ 342 struct config_parser_state { 343 char* filename; 344 const char* chroot; 345 int line; 346 int errors; 347 struct nsd_options* opt; 348 struct pattern_options *pattern; 349 struct zone_options *zone; 350 struct key_options *key; 351 struct ip_address_option *ip; 352 void (*err)(void*,const char*); 353 void* err_arg; 354 }; 355 356 extern config_parser_state_type* cfg_parser; 357 358 /* region will be put in nsd_options struct. Returns empty options struct. */ 359 struct nsd_options* nsd_options_create(region_type* region); 360 /* the number of zones that are configured */ 361 static inline size_t nsd_options_num_zones(struct nsd_options* opt) 362 { return opt->zone_options->count; } 363 /* insert a zone into the main options tree, returns 0 on error */ 364 int nsd_options_insert_zone(struct nsd_options* opt, struct zone_options* zone); 365 /* insert a pattern into the main options tree, returns 0 on error */ 366 int nsd_options_insert_pattern(struct nsd_options* opt, 367 struct pattern_options* pat); 368 369 /* parses options file. Returns false on failure. callback, if nonNULL, 370 * gets called with error strings, default prints. */ 371 int parse_options_file(struct nsd_options* opt, const char* file, 372 void (*err)(void*,const char*), void* err_arg); 373 struct zone_options* zone_options_create(region_type* region); 374 void zone_options_delete(struct nsd_options* opt, struct zone_options* zone); 375 /* find a zone by apex domain name, or NULL if not found. */ 376 struct zone_options* zone_options_find(struct nsd_options* opt, 377 const struct dname* apex); 378 struct pattern_options* pattern_options_create(region_type* region); 379 struct pattern_options* pattern_options_find(struct nsd_options* opt, const char* name); 380 int pattern_options_equal(struct pattern_options* p, struct pattern_options* q); 381 void pattern_options_remove(struct nsd_options* opt, const char* name); 382 void pattern_options_add_modify(struct nsd_options* opt, 383 struct pattern_options* p); 384 void pattern_options_marshal(struct buffer* buffer, struct pattern_options* p); 385 struct pattern_options* pattern_options_unmarshal(region_type* r, 386 struct buffer* b); 387 struct key_options* key_options_create(region_type* region); 388 void key_options_insert(struct nsd_options* opt, struct key_options* key); 389 struct key_options* key_options_find(struct nsd_options* opt, const char* name); 390 void key_options_remove(struct nsd_options* opt, const char* name); 391 int key_options_equal(struct key_options* p, struct key_options* q); 392 void key_options_add_modify(struct nsd_options* opt, struct key_options* key); 393 void key_options_setup(region_type* region, struct key_options* key); 394 void key_options_desetup(region_type* region, struct key_options* key); 395 /* read in zone list file. Returns false on failure */ 396 int parse_zone_list_file(struct nsd_options* opt); 397 /* create zone entry and add to the zonelist file */ 398 struct zone_options* zone_list_add(struct nsd_options* opt, const char* zname, 399 const char* pname); 400 /* create zonelist entry, do not insert in file (called by _add) */ 401 struct zone_options* zone_list_zone_insert(struct nsd_options* opt, 402 const char* nm, const char* patnm, int linesize, off_t off); 403 void zone_list_del(struct nsd_options* opt, struct zone_options* zone); 404 void zone_list_compact(struct nsd_options* opt); 405 void zone_list_close(struct nsd_options* opt); 406 407 /* create zonestat name tree , for initially created zones */ 408 void options_zonestatnames_create(struct nsd_options* opt); 409 /* Get zonestat id for zone options, add new entry if necessary. 410 * instantiates the pattern's zonestat string */ 411 unsigned getzonestatid(struct nsd_options* opt, struct zone_options* zopt); 412 /* create string, same options as zonefile but no chroot changes */ 413 const char* config_cook_string(struct zone_options* zone, const char* input); 414 415 /** check if config for remote control turns on IP-address interface 416 * with certificates or a named pipe without certificates. */ 417 int options_remote_is_address(struct nsd_options* cfg); 418 419 #if defined(HAVE_SSL) 420 /* tsig must be inited, adds all keys in options to tsig. */ 421 void key_options_tsig_add(struct nsd_options* opt); 422 #endif 423 424 /* check acl list, acl number that matches if passed(0..), 425 * or failure (-1) if dropped */ 426 /* the reason why (the acl) is returned too (or NULL) */ 427 int acl_check_incoming(struct acl_options* acl, struct query* q, 428 struct acl_options** reason); 429 int acl_addr_matches_host(struct acl_options* acl, struct acl_options* host); 430 int acl_addr_matches(struct acl_options* acl, struct query* q); 431 int acl_key_matches(struct acl_options* acl, struct query* q); 432 int acl_addr_match_mask(uint32_t* a, uint32_t* b, uint32_t* mask, size_t sz); 433 int acl_addr_match_range_v6(uint32_t* minval, uint32_t* x, uint32_t* maxval, size_t sz); 434 int acl_addr_match_range_v4(uint32_t* minval, uint32_t* x, uint32_t* maxval, size_t sz); 435 436 /* returns true if acls are both from the same host */ 437 int acl_same_host(struct acl_options* a, struct acl_options* b); 438 /* find acl by number in the list */ 439 struct acl_options* acl_find_num(struct acl_options* acl, int num); 440 441 /* see if two acl lists are the same (same elements in same order, or empty) */ 442 int acl_list_equal(struct acl_options* p, struct acl_options* q); 443 /* see if two acl are the same */ 444 int acl_equal(struct acl_options* p, struct acl_options* q); 445 446 /* see if a zone is a slave or a master zone */ 447 int zone_is_slave(struct zone_options* opt); 448 /* create zonefile name, returns static pointer (perhaps to options data) */ 449 const char* config_make_zonefile(struct zone_options* zone, struct nsd* nsd); 450 451 #define ZONEC_PCT_TIME 5 /* seconds, then it starts to print pcts */ 452 #define ZONEC_PCT_COUNT 100000 /* elements before pct check is done */ 453 454 /* parsing helpers */ 455 void c_error(const char* msg, ...) ATTR_FORMAT(printf, 1,2); 456 int c_wrap(void); 457 struct acl_options* parse_acl_info(region_type* region, char* ip, 458 const char* key); 459 /* true if ipv6 address, false if ipv4 */ 460 int parse_acl_is_ipv6(const char* p); 461 /* returns range type. mask is the 2nd part of the range */ 462 int parse_acl_range_type(char* ip, char** mask); 463 /* parses subnet mask, fills 0 mask as well */ 464 void parse_acl_range_subnet(char* p, void* addr, int maxbits); 465 /* clean up options */ 466 void nsd_options_destroy(struct nsd_options* opt); 467 /* replace occurrences of one with two in buf, pass length of buffer */ 468 void replace_str(char* buf, size_t len, const char* one, const char* two); 469 /* apply pattern to the existing pattern in the parser */ 470 void config_apply_pattern(struct pattern_options *dest, const char* name); 471 /* if the file is a directory, print a warning, because flex just exit()s 472 * when a fileread fails because it is a directory, helps the user figure 473 * out what just happened */ 474 void warn_if_directory(const char* filetype, FILE* f, const char* fname); 475 /* resolve interface names in the options "ip-address:" (or "interface:") 476 * and "control-interface:" into the ip-addresses associated with those 477 * names. */ 478 void resolve_interface_names(struct nsd_options* options); 479 480 #endif /* OPTIONS_H */ 481