1 /* 2 * options.h -- nsd.conf options definitions and prototypes 3 * 4 * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 * 8 */ 9 10 #ifndef OPTIONS_H 11 #define OPTIONS_H 12 13 #include "config.h" 14 #include <stdarg.h> 15 #include "region-allocator.h" 16 #include "rbtree.h" 17 struct query; 18 struct dname; 19 struct tsig_key; 20 struct buffer; 21 struct nsd; 22 23 typedef struct nsd_options nsd_options_t; 24 typedef struct pattern_options pattern_options_t; 25 typedef struct zone_options zone_options_t; 26 typedef struct ipaddress_option ip_address_option_t; 27 typedef struct acl_options acl_options_t; 28 typedef struct key_options key_options_t; 29 typedef struct config_parser_state config_parser_state_t; 30 /* 31 * Options global for nsd. 32 */ 33 struct nsd_options { 34 /* config file name */ 35 char* configfile; 36 /* options for zones, by apex, contains zone_options_t */ 37 rbtree_t* zone_options; 38 /* patterns, by name, contains pattern_options_t */ 39 rbtree_t* patterns; 40 41 /* free space in zonelist file, contains zonelist_bucket */ 42 rbtree_t* zonefree; 43 /* number of free space lines in zonelist file */ 44 size_t zonefree_number; 45 /* zonelist file if open */ 46 FILE* zonelist; 47 /* last offset in file (or 0 if none) */ 48 off_t zonelist_off; 49 50 /* tree of zonestat names and their id values, entries are struct 51 * zonestatname with malloced key=stringname. The number of items 52 * is the max statnameid, no items are freed from this. 53 * kept correct in the xfrd process, and on startup. */ 54 rbtree_t* zonestatnames; 55 56 /* rbtree of keys defined, by name */ 57 rbtree_t* keys; 58 59 /* list of ip addresses to bind to (or NULL for all) */ 60 ip_address_option_t* ip_addresses; 61 62 int ip_transparent; 63 int ip_freebind; 64 int debug_mode; 65 int verbosity; 66 int hide_version; 67 int do_ip4; 68 int do_ip6; 69 const char* database; 70 const char* identity; 71 const char* version; 72 const char* logfile; 73 int server_count; 74 int tcp_count; 75 int tcp_query_count; 76 int tcp_timeout; 77 int tcp_mss; 78 int outgoing_tcp_mss; 79 size_t ipv4_edns_size; 80 size_t ipv6_edns_size; 81 const char* pidfile; 82 const char* port; 83 int statistics; 84 const char* chroot; 85 const char* username; 86 const char* zonesdir; 87 const char* xfrdfile; 88 const char* xfrdir; 89 const char* zonelistfile; 90 const char* nsid; 91 int xfrd_reload_timeout; 92 int zonefiles_check; 93 int zonefiles_write; 94 int log_time_ascii; 95 int round_robin; 96 int reuseport; 97 98 /** remote control section. enable toggle. */ 99 int control_enable; 100 /** the interfaces the remote control should listen on */ 101 ip_address_option_t* control_interface; 102 /** port number for the control port */ 103 int control_port; 104 /** private key file for server */ 105 char* server_key_file; 106 /** certificate file for server */ 107 char* server_cert_file; 108 /** private key file for nsd-control */ 109 char* control_key_file; 110 /** certificate file for nsd-control */ 111 char* control_cert_file; 112 113 #ifdef RATELIMIT 114 /** number of buckets in rrl hashtable */ 115 size_t rrl_size; 116 /** max qps for queries, 0 is nolimit */ 117 size_t rrl_ratelimit; 118 /** ratio of slipped responses, 0 is noslip */ 119 size_t rrl_slip; 120 /** ip prefix length */ 121 size_t rrl_ipv4_prefix_length; 122 size_t rrl_ipv6_prefix_length; 123 /** max qps for whitelisted queries, 0 is nolimit */ 124 size_t rrl_whitelist_ratelimit; 125 #endif 126 127 region_type* region; 128 }; 129 130 struct ipaddress_option { 131 ip_address_option_t* next; 132 char* address; 133 }; 134 135 /* 136 * Pattern of zone options, used to contain options for zone(s). 137 */ 138 struct pattern_options { 139 rbnode_t node; 140 const char* pname; /* name of the pattern, key of rbtree */ 141 const char* zonefile; 142 acl_options_t* allow_notify; 143 acl_options_t* request_xfr; 144 acl_options_t* notify; 145 acl_options_t* provide_xfr; 146 acl_options_t* outgoing_interface; 147 const char* zonestats; 148 #ifdef RATELIMIT 149 uint16_t rrl_whitelist; /* bitmap with rrl types */ 150 #endif 151 uint8_t allow_axfr_fallback; 152 uint8_t allow_axfr_fallback_is_default; 153 uint8_t notify_retry; 154 uint8_t notify_retry_is_default; 155 uint8_t implicit; /* pattern is implicit, part_of_config zone used */ 156 uint8_t xfrd_flags; 157 uint32_t max_refresh_time; 158 uint8_t max_refresh_time_is_default; 159 uint32_t min_refresh_time; 160 uint8_t min_refresh_time_is_default; 161 uint32_t max_retry_time; 162 uint8_t max_retry_time_is_default; 163 uint32_t min_retry_time; 164 uint8_t min_retry_time_is_default; 165 uint64_t size_limit_xfr; 166 }; 167 168 #define PATTERN_IMPLICIT_MARKER "_implicit_" 169 170 /* 171 * Options for a zone 172 */ 173 struct zone_options { 174 /* key is dname of apex */ 175 rbnode_t node; 176 177 /* is apex of the zone */ 178 const char* name; 179 /* if not part of config, the offset and linesize of zonelist entry */ 180 off_t off; 181 int linesize; 182 /* pattern for the zone options, if zone is part_of_config, this is 183 * a anonymous pattern created in-place */ 184 pattern_options_t* pattern; 185 /* zone is fixed into the main config, not in zonelist, cannot delete */ 186 uint8_t part_of_config; 187 }; 188 189 union acl_addr_storage { 190 #ifdef INET6 191 struct in_addr addr; 192 struct in6_addr addr6; 193 #else 194 struct in_addr addr; 195 #endif 196 }; 197 198 /* 199 * Access control list element 200 */ 201 struct acl_options { 202 acl_options_t* next; 203 204 /* options */ 205 time_t ixfr_disabled; 206 int bad_xfr_count; 207 uint8_t use_axfr_only; 208 uint8_t allow_udp; 209 210 /* ip address range */ 211 const char* ip_address_spec; 212 uint8_t is_ipv6; 213 unsigned int port; /* is 0(no port) or suffix @port value */ 214 union acl_addr_storage addr; 215 union acl_addr_storage range_mask; 216 enum { 217 acl_range_single = 0, /* single address */ 218 acl_range_mask = 1, /* 10.20.30.40&255.255.255.0 */ 219 acl_range_subnet = 2, /* 10.20.30.40/28 */ 220 acl_range_minmax = 3 /* 10.20.30.40-10.20.30.60 (mask=max) */ 221 } rangetype; 222 223 /* key */ 224 uint8_t nokey; 225 uint8_t blocked; 226 const char* key_name; 227 key_options_t* key_options; 228 }; 229 230 /* 231 * Key definition 232 */ 233 struct key_options { 234 rbnode_t node; /* key of tree is name */ 235 char* name; 236 char* algorithm; 237 char* secret; 238 struct tsig_key* tsig_key; 239 }; 240 241 /** zone list free space */ 242 struct zonelist_free { 243 struct zonelist_free* next; 244 off_t off; 245 }; 246 /** zonelist free bucket for a particular line length */ 247 struct zonelist_bucket { 248 rbnode_t node; /* key is ptr to linesize */ 249 int linesize; 250 struct zonelist_free* list; 251 }; 252 253 /* default zonefile write interval if database is "", in seconds */ 254 #define ZONEFILES_WRITE_INTERVAL 3600 255 256 struct zonestatname { 257 rbnode_t node; /* key is malloced string with cooked zonestat name */ 258 unsigned id; /* index in nsd.zonestat array */ 259 }; 260 261 /* 262 * Used during options parsing 263 */ 264 struct config_parser_state { 265 char* filename; 266 const char* chroot; 267 int line; 268 int errors; 269 int server_settings_seen; 270 nsd_options_t* opt; 271 pattern_options_t* current_pattern; 272 zone_options_t* current_zone; 273 key_options_t* current_key; 274 ip_address_option_t* current_ip_address_option; 275 acl_options_t* current_allow_notify; 276 acl_options_t* current_request_xfr; 277 acl_options_t* current_notify; 278 acl_options_t* current_provide_xfr; 279 acl_options_t* current_outgoing_interface; 280 void (*err)(void*,const char*); 281 void* err_arg; 282 }; 283 284 extern config_parser_state_t* cfg_parser; 285 286 /* region will be put in nsd_options struct. Returns empty options struct. */ 287 nsd_options_t* nsd_options_create(region_type* region); 288 /* the number of zones that are configured */ 289 static inline size_t nsd_options_num_zones(nsd_options_t* opt) 290 { return opt->zone_options->count; } 291 /* insert a zone into the main options tree, returns 0 on error */ 292 int nsd_options_insert_zone(nsd_options_t* opt, zone_options_t* zone); 293 /* insert a pattern into the main options tree, returns 0 on error */ 294 int nsd_options_insert_pattern(nsd_options_t* opt, pattern_options_t* pat); 295 296 /* parses options file. Returns false on failure. callback, if nonNULL, 297 * gets called with error strings, default prints. */ 298 int parse_options_file(nsd_options_t* opt, const char* file, 299 void (*err)(void*,const char*), void* err_arg); 300 zone_options_t* zone_options_create(region_type* region); 301 void zone_options_delete(nsd_options_t* opt, zone_options_t* zone); 302 /* find a zone by apex domain name, or NULL if not found. */ 303 zone_options_t* zone_options_find(nsd_options_t* opt, const struct dname* apex); 304 pattern_options_t* pattern_options_create(region_type* region); 305 pattern_options_t* pattern_options_find(nsd_options_t* opt, const char* name); 306 int pattern_options_equal(pattern_options_t* p, pattern_options_t* q); 307 void pattern_options_remove(nsd_options_t* opt, const char* name); 308 void pattern_options_add_modify(nsd_options_t* opt, pattern_options_t* p); 309 void pattern_options_marshal(struct buffer* buffer, pattern_options_t* p); 310 pattern_options_t* pattern_options_unmarshal(region_type* r, struct buffer* b); 311 key_options_t* key_options_create(region_type* region); 312 void key_options_insert(nsd_options_t* opt, key_options_t* key); 313 key_options_t* key_options_find(nsd_options_t* opt, const char* name); 314 void key_options_remove(nsd_options_t* opt, const char* name); 315 int key_options_equal(key_options_t* p, key_options_t* q); 316 void key_options_add_modify(nsd_options_t* opt, key_options_t* key); 317 /* read in zone list file. Returns false on failure */ 318 int parse_zone_list_file(nsd_options_t* opt); 319 /* create zone entry and add to the zonelist file */ 320 zone_options_t* zone_list_add(nsd_options_t* opt, const char* zname, 321 const char* pname); 322 /* create zonelist entry, do not insert in file (called by _add) */ 323 zone_options_t* zone_list_zone_insert(nsd_options_t* opt, const char* nm, 324 const char* patnm, int linesize, off_t off); 325 void zone_list_del(nsd_options_t* opt, zone_options_t* zone); 326 void zone_list_compact(nsd_options_t* opt); 327 void zone_list_close(nsd_options_t* opt); 328 329 /* create zonestat name tree , for initially created zones */ 330 void options_zonestatnames_create(nsd_options_t* opt); 331 /* Get zonestat id for zone options, add new entry if necessary. 332 * instantiates the pattern's zonestat string */ 333 unsigned getzonestatid(nsd_options_t* opt, zone_options_t* zopt); 334 /* create string, same options as zonefile but no chroot changes */ 335 const char* config_cook_string(zone_options_t* zone, const char* input); 336 337 #if defined(HAVE_SSL) 338 /* tsig must be inited, adds all keys in options to tsig. */ 339 void key_options_tsig_add(nsd_options_t* opt); 340 #endif 341 342 /* check acl list, acl number that matches if passed(0..), 343 * or failure (-1) if dropped */ 344 /* the reason why (the acl) is returned too (or NULL) */ 345 int acl_check_incoming(acl_options_t* acl, struct query* q, 346 acl_options_t** reason); 347 int acl_addr_matches_host(acl_options_t* acl, acl_options_t* host); 348 int acl_addr_matches(acl_options_t* acl, struct query* q); 349 int acl_key_matches(acl_options_t* acl, struct query* q); 350 int acl_addr_match_mask(uint32_t* a, uint32_t* b, uint32_t* mask, size_t sz); 351 int acl_addr_match_range(uint32_t* minval, uint32_t* x, uint32_t* maxval, size_t sz); 352 353 /* returns true if acls are both from the same host */ 354 int acl_same_host(acl_options_t* a, acl_options_t* b); 355 /* find acl by number in the list */ 356 acl_options_t* acl_find_num(acl_options_t* acl, int num); 357 358 /* see if two acl lists are the same (same elements in same order, or empty) */ 359 int acl_list_equal(acl_options_t* p, acl_options_t* q); 360 /* see if two acl are the same */ 361 int acl_equal(acl_options_t* p, acl_options_t* q); 362 363 /* see if a zone is a slave or a master zone */ 364 int zone_is_slave(zone_options_t* opt); 365 /* create zonefile name, returns static pointer (perhaps to options data) */ 366 const char* config_make_zonefile(zone_options_t* zone, struct nsd* nsd); 367 368 #define ZONEC_PCT_TIME 5 /* seconds, then it starts to print pcts */ 369 #define ZONEC_PCT_COUNT 100000 /* elements before pct check is done */ 370 371 /* parsing helpers */ 372 void c_error(const char* msg); 373 void c_error_msg(const char* fmt, ...) ATTR_FORMAT(printf, 1, 2); 374 acl_options_t* parse_acl_info(region_type* region, char* ip, const char* key); 375 /* true if ipv6 address, false if ipv4 */ 376 int parse_acl_is_ipv6(const char* p); 377 /* returns range type. mask is the 2nd part of the range */ 378 int parse_acl_range_type(char* ip, char** mask); 379 /* parses subnet mask, fills 0 mask as well */ 380 void parse_acl_range_subnet(char* p, void* addr, int maxbits); 381 /* clean up options */ 382 void nsd_options_destroy(nsd_options_t* opt); 383 /* replace occurrences of one with two in buf, pass length of buffer */ 384 void replace_str(char* buf, size_t len, const char* one, const char* two); 385 /* apply pattern to the existing pattern in the parser */ 386 void config_apply_pattern(const char* name); 387 388 #endif /* OPTIONS_H */ 389