1 /* 2 * remote.c - remote control for the NSD daemon. 3 * 4 * Copyright (c) 2008, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains the remote control functionality for the daemon. 40 * The remote control can be performed using either the commandline 41 * nsd-control tool, or a SSLv3/TLS capable web browser. 42 * The channel is secured using SSLv3 or TLSv1, and certificates. 43 * Both the server and the client(control tool) have their own keys. 44 */ 45 #include "config.h" 46 #ifdef HAVE_SSL 47 48 #ifdef HAVE_OPENSSL_SSL_H 49 #include "openssl/ssl.h" 50 #endif 51 #ifdef HAVE_OPENSSL_ERR_H 52 #include <openssl/err.h> 53 #endif 54 #ifdef HAVE_OPENSSL_RAND_H 55 #include <openssl/rand.h> 56 #endif 57 #include <ctype.h> 58 #include <unistd.h> 59 #include <assert.h> 60 #include <fcntl.h> 61 #ifndef USE_MINI_EVENT 62 # ifdef HAVE_EVENT_H 63 # include <event.h> 64 # else 65 # include <event2/event.h> 66 # include "event2/event_struct.h" 67 # include "event2/event_compat.h" 68 # endif 69 #else 70 # include "mini_event.h" 71 #endif 72 #include "remote.h" 73 #include "util.h" 74 #include "xfrd.h" 75 #include "xfrd-notify.h" 76 #include "xfrd-tcp.h" 77 #include "nsd.h" 78 #include "options.h" 79 #include "difffile.h" 80 #include "xfrd.h" 81 #include "ipc.h" 82 83 #ifdef HAVE_SYS_TYPES_H 84 # include <sys/types.h> 85 #endif 86 #ifdef HAVE_NETDB_H 87 #include <netdb.h> 88 #endif 89 90 /** number of seconds timeout on incoming remote control handshake */ 91 #define REMOTE_CONTROL_TCP_TIMEOUT 120 92 93 /** repattern to master or slave */ 94 #define REPAT_SLAVE 1 95 #define REPAT_MASTER 2 96 97 /** if you want zero to be inhibited in stats output. 98 * it omits zeroes for types that have no acronym and unused-rcodes */ 99 const int inhibit_zero = 1; 100 101 /** 102 * a busy control command connection, SSL state 103 * Defined here to keep the definition private, and keep SSL out of the .h 104 */ 105 struct rc_state { 106 /** the next item in list */ 107 struct rc_state* next, *prev; 108 /* if the event was added to the event_base */ 109 int event_added; 110 /** the commpoint */ 111 struct event c; 112 /** timeout for this state */ 113 struct timeval tval; 114 /** in the handshake part */ 115 enum { rc_none, rc_hs_read, rc_hs_write } shake_state; 116 /** the ssl state */ 117 SSL* ssl; 118 /** the rc this is part of */ 119 struct daemon_remote* rc; 120 /** stats list next item */ 121 struct rc_state* stats_next; 122 /** stats list indicator (0 is not part of stats list, 1 is stats, 123 * 2 is stats_noreset. */ 124 int in_stats_list; 125 }; 126 127 /** 128 * list of events for accepting connections 129 */ 130 struct acceptlist { 131 struct acceptlist* next; 132 int event_added; 133 struct event c; 134 }; 135 136 /** 137 * The remote control state. 138 */ 139 struct daemon_remote { 140 /** the master process for this remote control */ 141 struct xfrd_state* xfrd; 142 /** commpoints for accepting remote control connections */ 143 struct acceptlist* accept_list; 144 /** number of active commpoints that are handling remote control */ 145 int active; 146 /** max active commpoints */ 147 int max_active; 148 /** current commpoints busy; double linked, malloced */ 149 struct rc_state* busy_list; 150 /** commpoints waiting for stats to complete (also in busy_list) */ 151 struct rc_state* stats_list; 152 /** last time stats was reported */ 153 struct timeval stats_time, boot_time; 154 /** the SSL context for creating new SSL streams */ 155 SSL_CTX* ctx; 156 }; 157 158 /** 159 * Print fixed line of text over ssl connection in blocking mode 160 * @param ssl: print to 161 * @param text: the text. 162 * @return false on connection failure. 163 */ 164 static int ssl_print_text(SSL* ssl, const char* text); 165 166 /** 167 * printf style printing to the ssl connection 168 * @param ssl: the SSL connection to print to. Blocking. 169 * @param format: printf style format string. 170 * @return success or false on a network failure. 171 */ 172 static int ssl_printf(SSL* ssl, const char* format, ...) 173 ATTR_FORMAT(printf, 2, 3); 174 175 /** 176 * Read until \n is encountered 177 * If SSL signals EOF, the string up to then is returned (without \n). 178 * @param ssl: the SSL connection to read from. blocking. 179 * @param buf: buffer to read to. 180 * @param max: size of buffer. 181 * @return false on connection failure. 182 */ 183 static int ssl_read_line(SSL* ssl, char* buf, size_t max); 184 185 /** perform the accept of a new remote control connection */ 186 static void 187 remote_accept_callback(int fd, short event, void* arg); 188 189 /** perform remote control */ 190 static void 191 remote_control_callback(int fd, short event, void* arg); 192 193 194 /** ---- end of private defines ---- **/ 195 196 197 /** log ssl crypto err */ 198 static void 199 log_crypto_err(const char* str) 200 { 201 /* error:[error code]:[library name]:[function name]:[reason string] */ 202 char buf[128]; 203 unsigned long e; 204 ERR_error_string_n(ERR_get_error(), buf, sizeof(buf)); 205 log_msg(LOG_ERR, "%s crypto %s", str, buf); 206 while( (e=ERR_get_error()) ) { 207 ERR_error_string_n(e, buf, sizeof(buf)); 208 log_msg(LOG_ERR, "and additionally crypto %s", buf); 209 } 210 } 211 212 #ifdef BIND8_STATS 213 /** subtract timers and the values do not overflow or become negative */ 214 static void 215 timeval_subtract(struct timeval* d, const struct timeval* end, 216 const struct timeval* start) 217 { 218 #ifndef S_SPLINT_S 219 time_t end_usec = end->tv_usec; 220 d->tv_sec = end->tv_sec - start->tv_sec; 221 if(end_usec < start->tv_usec) { 222 end_usec += 1000000; 223 d->tv_sec--; 224 } 225 d->tv_usec = end_usec - start->tv_usec; 226 #endif 227 } 228 #endif /* BIND8_STATS */ 229 230 struct daemon_remote* 231 daemon_remote_create(nsd_options_t* cfg) 232 { 233 char* s_cert; 234 char* s_key; 235 struct daemon_remote* rc = (struct daemon_remote*)xalloc_zero( 236 sizeof(*rc)); 237 rc->max_active = 10; 238 assert(cfg->control_enable); 239 240 /* init SSL library */ 241 ERR_load_crypto_strings(); 242 ERR_load_SSL_strings(); 243 OpenSSL_add_all_algorithms(); 244 (void)SSL_library_init(); 245 246 if(!RAND_status()) { 247 /* try to seed it */ 248 unsigned char buf[256]; 249 unsigned int v, seed=(unsigned)time(NULL) ^ (unsigned)getpid(); 250 size_t i; 251 v = seed; 252 for(i=0; i<256/sizeof(v); i++) { 253 memmove(buf+i*sizeof(v), &v, sizeof(v)); 254 v = v*seed + (unsigned int)i; 255 } 256 RAND_seed(buf, 256); 257 log_msg(LOG_WARNING, "warning: no entropy, seeding openssl PRNG with time"); 258 } 259 260 rc->ctx = SSL_CTX_new(SSLv23_server_method()); 261 if(!rc->ctx) { 262 log_crypto_err("could not SSL_CTX_new"); 263 free(rc); 264 return NULL; 265 } 266 /* no SSLv2 because has defects */ 267 if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ 268 log_crypto_err("could not set SSL_OP_NO_SSLv2"); 269 daemon_remote_delete(rc); 270 return NULL; 271 } 272 s_cert = cfg->server_cert_file; 273 s_key = cfg->server_key_file; 274 VERBOSITY(2, (LOG_INFO, "setup SSL certificates")); 275 if (!SSL_CTX_use_certificate_file(rc->ctx,s_cert,SSL_FILETYPE_PEM)) { 276 log_msg(LOG_ERR, "Error for server-cert-file: %s", s_cert); 277 log_crypto_err("Error in SSL_CTX use_certificate_file"); 278 goto setup_error; 279 } 280 if(!SSL_CTX_use_PrivateKey_file(rc->ctx,s_key,SSL_FILETYPE_PEM)) { 281 log_msg(LOG_ERR, "Error for server-key-file: %s", s_key); 282 log_crypto_err("Error in SSL_CTX use_PrivateKey_file"); 283 goto setup_error; 284 } 285 if(!SSL_CTX_check_private_key(rc->ctx)) { 286 log_msg(LOG_ERR, "Error for server-key-file: %s", s_key); 287 log_crypto_err("Error in SSL_CTX check_private_key"); 288 goto setup_error; 289 } 290 if(!SSL_CTX_load_verify_locations(rc->ctx, s_cert, NULL)) { 291 log_crypto_err("Error setting up SSL_CTX verify locations"); 292 setup_error: 293 daemon_remote_delete(rc); 294 return NULL; 295 } 296 SSL_CTX_set_client_CA_list(rc->ctx, SSL_load_client_CA_file(s_cert)); 297 SSL_CTX_set_verify(rc->ctx, SSL_VERIFY_PEER, NULL); 298 299 /* and try to open the ports */ 300 if(!daemon_remote_open_ports(rc, cfg)) { 301 log_msg(LOG_ERR, "could not open remote control port"); 302 goto setup_error; 303 } 304 305 if(gettimeofday(&rc->boot_time, NULL) == -1) 306 log_msg(LOG_ERR, "gettimeofday: %s", strerror(errno)); 307 rc->stats_time = rc->boot_time; 308 309 return rc; 310 } 311 312 void daemon_remote_close(struct daemon_remote* rc) 313 { 314 struct rc_state* p, *np; 315 struct acceptlist* h, *nh; 316 if(!rc) return; 317 318 /* close listen sockets */ 319 h = rc->accept_list; 320 while(h) { 321 nh = h->next; 322 if(h->event_added) 323 event_del(&h->c); 324 close(h->c.ev_fd); 325 free(h); 326 h = nh; 327 } 328 rc->accept_list = NULL; 329 330 /* close busy connection sockets */ 331 p = rc->busy_list; 332 while(p) { 333 np = p->next; 334 if(p->event_added) 335 event_del(&p->c); 336 if(p->ssl) 337 SSL_free(p->ssl); 338 close(p->c.ev_fd); 339 free(p); 340 p = np; 341 } 342 rc->busy_list = NULL; 343 rc->active = 0; 344 } 345 346 void daemon_remote_delete(struct daemon_remote* rc) 347 { 348 if(!rc) return; 349 daemon_remote_close(rc); 350 if(rc->ctx) { 351 SSL_CTX_free(rc->ctx); 352 } 353 free(rc); 354 } 355 356 static int 357 create_tcp_accept_sock(struct addrinfo* addr, int* noproto) 358 { 359 #if defined(SO_REUSEADDR) || (defined(INET6) && (defined(IPV6_V6ONLY) || defined(IPV6_USE_MIN_MTU) || defined(IPV6_MTU))) 360 int on = 1; 361 #endif 362 int s; 363 *noproto = 0; 364 if ((s = socket(addr->ai_family, addr->ai_socktype, 0)) == -1) { 365 #if defined(INET6) 366 if (addr->ai_family == AF_INET6 && 367 errno == EAFNOSUPPORT) { 368 *noproto = 1; 369 log_msg(LOG_WARNING, "fallback to TCP4, no IPv6: not supported"); 370 return -1; 371 } 372 #endif /* INET6 */ 373 log_msg(LOG_ERR, "can't create a socket: %s", strerror(errno)); 374 return -1; 375 } 376 #ifdef SO_REUSEADDR 377 if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) { 378 log_msg(LOG_ERR, "setsockopt(..., SO_REUSEADDR, ...) failed: %s", strerror(errno)); 379 } 380 #endif /* SO_REUSEADDR */ 381 #if defined(INET6) && defined(IPV6_V6ONLY) 382 if (addr->ai_family == AF_INET6 && 383 setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0) 384 { 385 log_msg(LOG_ERR, "setsockopt(..., IPV6_V6ONLY, ...) failed: %s", strerror(errno)); 386 return -1; 387 } 388 #endif 389 /* set it nonblocking */ 390 /* (StevensUNP p463), if tcp listening socket is blocking, then 391 it may block in accept, even if select() says readable. */ 392 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) { 393 log_msg(LOG_ERR, "cannot fcntl tcp: %s", strerror(errno)); 394 } 395 /* Bind it... */ 396 if (bind(s, (struct sockaddr *)addr->ai_addr, addr->ai_addrlen) != 0) { 397 log_msg(LOG_ERR, "can't bind tcp socket: %s", strerror(errno)); 398 return -1; 399 } 400 /* Listen to it... */ 401 if (listen(s, TCP_BACKLOG_REMOTE) == -1) { 402 log_msg(LOG_ERR, "can't listen: %s", strerror(errno)); 403 return -1; 404 } 405 return s; 406 } 407 408 /** 409 * Add and open a new control port 410 * @param rc: rc with result list. 411 * @param ip: ip str 412 * @param nr: port nr 413 * @param noproto_is_err: if lack of protocol support is an error. 414 * @return false on failure. 415 */ 416 static int 417 add_open(struct daemon_remote* rc, const char* ip, int nr, int noproto_is_err) 418 { 419 struct addrinfo hints; 420 struct addrinfo* res; 421 struct acceptlist* hl; 422 int noproto; 423 int fd, r; 424 char port[15]; 425 snprintf(port, sizeof(port), "%d", nr); 426 port[sizeof(port)-1]=0; 427 memset(&hints, 0, sizeof(hints)); 428 hints.ai_socktype = SOCK_STREAM; 429 hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; 430 if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) { 431 log_msg(LOG_ERR, "control interface %s:%s getaddrinfo: %s %s", 432 ip?ip:"default", port, gai_strerror(r), 433 #ifdef EAI_SYSTEM 434 r==EAI_SYSTEM?(char*)strerror(errno):"" 435 #else 436 "" 437 #endif 438 ); 439 return 0; 440 } 441 442 /* open fd */ 443 fd = create_tcp_accept_sock(res, &noproto); 444 freeaddrinfo(res); 445 if(fd == -1 && noproto) { 446 if(!noproto_is_err) 447 return 1; /* return success, but do nothing */ 448 log_msg(LOG_ERR, "cannot open control interface %s %d : " 449 "protocol not supported", ip, nr); 450 return 0; 451 } 452 if(fd == -1) { 453 log_msg(LOG_ERR, "cannot open control interface %s %d", ip, nr); 454 return 0; 455 } 456 457 /* alloc */ 458 hl = (struct acceptlist*)xalloc_zero(sizeof(*hl)); 459 hl->next = rc->accept_list; 460 rc->accept_list = hl; 461 462 hl->c.ev_fd = fd; 463 hl->event_added = 0; 464 return 1; 465 } 466 467 int 468 daemon_remote_open_ports(struct daemon_remote* rc, nsd_options_t* cfg) 469 { 470 assert(cfg->control_enable && cfg->control_port); 471 if(cfg->control_interface) { 472 ip_address_option_t* p; 473 for(p = cfg->control_interface; p; p = p->next) { 474 if(!add_open(rc, p->address, cfg->control_port, 1)) { 475 return 0; 476 } 477 } 478 } else { 479 /* defaults */ 480 if(cfg->do_ip6 && !add_open(rc, "::1", cfg->control_port, 0)) { 481 return 0; 482 } 483 if(cfg->do_ip4 && 484 !add_open(rc, "127.0.0.1", cfg->control_port, 1)) { 485 return 0; 486 } 487 } 488 return 1; 489 } 490 491 void 492 daemon_remote_attach(struct daemon_remote* rc, struct xfrd_state* xfrd) 493 { 494 int fd; 495 struct acceptlist* p; 496 if(!rc) return; 497 rc->xfrd = xfrd; 498 for(p = rc->accept_list; p; p = p->next) { 499 /* add event */ 500 fd = p->c.ev_fd; 501 event_set(&p->c, fd, EV_PERSIST|EV_READ, remote_accept_callback, 502 rc); 503 if(event_base_set(xfrd->event_base, &p->c) != 0) 504 log_msg(LOG_ERR, "remote: cannot set event_base"); 505 if(event_add(&p->c, NULL) != 0) 506 log_msg(LOG_ERR, "remote: cannot add event"); 507 p->event_added = 1; 508 } 509 } 510 511 static void 512 remote_accept_callback(int fd, short event, void* arg) 513 { 514 struct daemon_remote *rc = (struct daemon_remote*)arg; 515 struct sockaddr_storage addr; 516 socklen_t addrlen; 517 int newfd; 518 struct rc_state* n; 519 520 if (!(event & EV_READ)) { 521 return; 522 } 523 524 /* perform the accept */ 525 addrlen = sizeof(addr); 526 newfd = accept(fd, (struct sockaddr*)&addr, &addrlen); 527 if(newfd == -1) { 528 if ( errno != EINTR 529 && errno != EWOULDBLOCK 530 #ifdef ECONNABORTED 531 && errno != ECONNABORTED 532 #endif /* ECONNABORTED */ 533 #ifdef EPROTO 534 && errno != EPROTO 535 #endif /* EPROTO */ 536 ) { 537 log_msg(LOG_ERR, "accept failed: %s", strerror(errno)); 538 } 539 return; 540 } 541 542 /* create new commpoint unless we are servicing already */ 543 if(rc->active >= rc->max_active) { 544 log_msg(LOG_WARNING, "drop incoming remote control: " 545 "too many connections"); 546 close_exit: 547 close(newfd); 548 return; 549 } 550 if (fcntl(newfd, F_SETFL, O_NONBLOCK) == -1) { 551 log_msg(LOG_ERR, "fcntl failed: %s", strerror(errno)); 552 goto close_exit; 553 } 554 555 /* setup state to service the remote control command */ 556 n = (struct rc_state*)calloc(1, sizeof(*n)); 557 if(!n) { 558 log_msg(LOG_ERR, "out of memory"); 559 goto close_exit; 560 } 561 562 n->tval.tv_sec = REMOTE_CONTROL_TCP_TIMEOUT; 563 n->tval.tv_usec = 0L; 564 565 event_set(&n->c, newfd, EV_PERSIST|EV_TIMEOUT|EV_READ, 566 remote_control_callback, n); 567 if(event_base_set(xfrd->event_base, &n->c) != 0) 568 log_msg(LOG_ERR, "remote_accept: cannot set event_base"); 569 if(event_add(&n->c, &n->tval) != 0) 570 log_msg(LOG_ERR, "remote_accept: cannot add event"); 571 n->event_added = 1; 572 573 if(2 <= verbosity) { 574 char s[128]; 575 addr2str(&addr, s, sizeof(s)); 576 VERBOSITY(2, (LOG_INFO, "new control connection from %s", s)); 577 } 578 579 n->shake_state = rc_hs_read; 580 n->ssl = SSL_new(rc->ctx); 581 if(!n->ssl) { 582 log_crypto_err("could not SSL_new"); 583 event_del(&n->c); 584 free(n); 585 goto close_exit; 586 } 587 SSL_set_accept_state(n->ssl); 588 (void)SSL_set_mode(n->ssl, SSL_MODE_AUTO_RETRY); 589 if(!SSL_set_fd(n->ssl, newfd)) { 590 log_crypto_err("could not SSL_set_fd"); 591 event_del(&n->c); 592 SSL_free(n->ssl); 593 free(n); 594 goto close_exit; 595 } 596 597 n->rc = rc; 598 n->stats_next = NULL; 599 n->in_stats_list = 0; 600 n->prev = NULL; 601 n->next = rc->busy_list; 602 if(n->next) n->next->prev = n; 603 rc->busy_list = n; 604 rc->active ++; 605 606 /* perform the first nonblocking read already, for windows, 607 * so it can return wouldblock. could be faster too. */ 608 remote_control_callback(newfd, EV_READ, n); 609 } 610 611 /** delete from list */ 612 static void 613 state_list_remove_elem(struct rc_state** list, struct rc_state* todel) 614 { 615 if(todel->prev) todel->prev->next = todel->next; 616 else *list = todel->next; 617 if(todel->next) todel->next->prev = todel->prev; 618 } 619 620 /** delete from stats list */ 621 static void 622 stats_list_remove_elem(struct rc_state** list, struct rc_state* todel) 623 { 624 while(*list) { 625 if( (*list) == todel) { 626 *list = (*list)->stats_next; 627 return; 628 } 629 list = &(*list)->stats_next; 630 } 631 } 632 633 /** decrease active count and remove commpoint from busy list */ 634 static void 635 clean_point(struct daemon_remote* rc, struct rc_state* s) 636 { 637 if(s->in_stats_list) 638 stats_list_remove_elem(&rc->stats_list, s); 639 state_list_remove_elem(&rc->busy_list, s); 640 rc->active --; 641 if(s->event_added) 642 event_del(&s->c); 643 if(s->ssl) { 644 SSL_shutdown(s->ssl); 645 SSL_free(s->ssl); 646 } 647 close(s->c.ev_fd); 648 free(s); 649 } 650 651 static int 652 ssl_print_text(SSL* ssl, const char* text) 653 { 654 int r; 655 if(!ssl) 656 return 0; 657 ERR_clear_error(); 658 if((r=SSL_write(ssl, text, (int)strlen(text))) <= 0) { 659 if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) { 660 VERBOSITY(2, (LOG_WARNING, "in SSL_write, peer " 661 "closed connection")); 662 return 0; 663 } 664 log_crypto_err("could not SSL_write"); 665 return 0; 666 } 667 return 1; 668 } 669 670 /** print text over the ssl connection */ 671 static int 672 ssl_print_vmsg(SSL* ssl, const char* format, va_list args) 673 { 674 char msg[1024]; 675 vsnprintf(msg, sizeof(msg), format, args); 676 return ssl_print_text(ssl, msg); 677 } 678 679 /** printf style printing to the ssl connection */ 680 static int 681 ssl_printf(SSL* ssl, const char* format, ...) 682 { 683 va_list args; 684 int ret; 685 va_start(args, format); 686 ret = ssl_print_vmsg(ssl, format, args); 687 va_end(args); 688 return ret; 689 } 690 691 static int 692 ssl_read_line(SSL* ssl, char* buf, size_t max) 693 { 694 int r; 695 size_t len = 0; 696 if(!ssl) 697 return 0; 698 while(len < max) { 699 ERR_clear_error(); 700 if((r=SSL_read(ssl, buf+len, 1)) <= 0) { 701 if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) { 702 buf[len] = 0; 703 return 1; 704 } 705 log_crypto_err("could not SSL_read"); 706 return 0; 707 } 708 if(buf[len] == '\n') { 709 /* return string without \n */ 710 buf[len] = 0; 711 return 1; 712 } 713 len++; 714 } 715 buf[max-1] = 0; 716 log_msg(LOG_ERR, "control line too long (%d): %s", (int)max, buf); 717 return 0; 718 } 719 720 /** skip whitespace, return new pointer into string */ 721 static char* 722 skipwhite(char* str) 723 { 724 /* EOS \0 is not a space */ 725 while( isspace(*str) ) 726 str++; 727 return str; 728 } 729 730 /** send the OK to the control client */ 731 static void 732 send_ok(SSL* ssl) 733 { 734 (void)ssl_printf(ssl, "ok\n"); 735 } 736 737 /** get zone argument (if any) or NULL, false on error */ 738 static int 739 get_zone_arg(SSL* ssl, xfrd_state_t* xfrd, char* arg, 740 zone_options_t** zo) 741 { 742 const dname_type* dname; 743 if(!arg[0]) { 744 /* no argument present, return NULL */ 745 *zo = NULL; 746 return 1; 747 } 748 dname = dname_parse(xfrd->region, arg); 749 if(!dname) { 750 ssl_printf(ssl, "error cannot parse zone name '%s'\n", arg); 751 *zo = NULL; 752 return 0; 753 } 754 *zo = zone_options_find(xfrd->nsd->options, dname); 755 region_recycle(xfrd->region, (void*)dname, dname_total_size(dname)); 756 if(!*zo) { 757 ssl_printf(ssl, "error zone %s not configured\n", arg); 758 return 0; 759 } 760 return 1; 761 } 762 763 /** do the stop command */ 764 static void 765 do_stop(SSL* ssl, xfrd_state_t* xfrd) 766 { 767 xfrd->need_to_send_shutdown = 1; 768 769 if(!(xfrd->ipc_handler_flags&EV_WRITE)) { 770 ipc_xfrd_set_listening(xfrd, EV_PERSIST|EV_READ|EV_WRITE); 771 } 772 773 send_ok(ssl); 774 } 775 776 /** do the log_reopen command, it only needs reload_now */ 777 static void 778 do_log_reopen(SSL* ssl, xfrd_state_t* xfrd) 779 { 780 xfrd_set_reload_now(xfrd); 781 send_ok(ssl); 782 } 783 784 /** do the reload command */ 785 static void 786 do_reload(SSL* ssl, xfrd_state_t* xfrd, char* arg) 787 { 788 zone_options_t* zo; 789 if(!get_zone_arg(ssl, xfrd, arg, &zo)) 790 return; 791 task_new_check_zonefiles(xfrd->nsd->task[xfrd->nsd->mytask], 792 xfrd->last_task, zo?(const dname_type*)zo->node.key:NULL); 793 xfrd_set_reload_now(xfrd); 794 send_ok(ssl); 795 } 796 797 /** do the write command */ 798 static void 799 do_write(SSL* ssl, xfrd_state_t* xfrd, char* arg) 800 { 801 zone_options_t* zo; 802 if(!get_zone_arg(ssl, xfrd, arg, &zo)) 803 return; 804 task_new_write_zonefiles(xfrd->nsd->task[xfrd->nsd->mytask], 805 xfrd->last_task, zo?(const dname_type*)zo->node.key:NULL); 806 xfrd_set_reload_now(xfrd); 807 send_ok(ssl); 808 } 809 810 /** do the notify command */ 811 static void 812 do_notify(SSL* ssl, xfrd_state_t* xfrd, char* arg) 813 { 814 zone_options_t* zo; 815 if(!get_zone_arg(ssl, xfrd, arg, &zo)) 816 return; 817 if(zo) { 818 struct notify_zone_t* n = (struct notify_zone_t*)rbtree_search( 819 xfrd->notify_zones, (const dname_type*)zo->node.key); 820 if(n) { 821 xfrd_notify_start(n); 822 send_ok(ssl); 823 } else { 824 ssl_printf(ssl, "error zone does not have notify\n"); 825 } 826 } else { 827 struct notify_zone_t* n; 828 RBTREE_FOR(n, struct notify_zone_t*, xfrd->notify_zones) { 829 xfrd_notify_start(n); 830 } 831 send_ok(ssl); 832 } 833 } 834 835 /** do the transfer command */ 836 static void 837 do_transfer(SSL* ssl, xfrd_state_t* xfrd, char* arg) 838 { 839 zone_options_t* zo; 840 xfrd_zone_t* zone; 841 if(!get_zone_arg(ssl, xfrd, arg, &zo)) 842 return; 843 if(zo) { 844 zone = (xfrd_zone_t*)rbtree_search(xfrd->zones, (const 845 dname_type*)zo->node.key); 846 if(zone) { 847 xfrd_handle_notify_and_start_xfr(zone, NULL); 848 send_ok(ssl); 849 } else { 850 ssl_printf(ssl, "error zone not slave\n"); 851 } 852 } else { 853 RBTREE_FOR(zone, xfrd_zone_t*, xfrd->zones) { 854 xfrd_handle_notify_and_start_xfr(zone, NULL); 855 } 856 ssl_printf(ssl, "ok, %u zones\n", (unsigned)xfrd->zones->count); 857 } 858 } 859 860 /** force transfer a zone */ 861 static void 862 force_transfer_zone(xfrd_zone_t* zone) 863 { 864 /* if in TCP transaction, stop it immediately. */ 865 if(zone->tcp_conn != -1) 866 xfrd_tcp_release(xfrd->tcp_set, zone); 867 else if(zone->zone_handler.ev_fd != -1) 868 xfrd_udp_release(zone); 869 /* pretend we not longer have it and force any 870 * zone to be downloaded (even same serial, w AXFR) */ 871 zone->soa_disk_acquired = 0; 872 xfrd_handle_notify_and_start_xfr(zone, NULL); 873 } 874 875 /** do the force transfer command */ 876 static void 877 do_force_transfer(SSL* ssl, xfrd_state_t* xfrd, char* arg) 878 { 879 zone_options_t* zo; 880 xfrd_zone_t* zone; 881 if(!get_zone_arg(ssl, xfrd, arg, &zo)) 882 return; 883 if(zo) { 884 zone = (xfrd_zone_t*)rbtree_search(xfrd->zones, (const 885 dname_type*)zo->node.key); 886 if(zone) { 887 force_transfer_zone(zone); 888 send_ok(ssl); 889 } else { 890 ssl_printf(ssl, "error zone not slave\n"); 891 } 892 } else { 893 RBTREE_FOR(zone, xfrd_zone_t*, xfrd->zones) { 894 force_transfer_zone(zone); 895 } 896 ssl_printf(ssl, "ok, %u zones\n", (unsigned)xfrd->zones->count); 897 } 898 } 899 900 static int 901 print_soa_status(SSL* ssl, const char* str, xfrd_soa_t* soa, time_t acq) 902 { 903 if(acq) { 904 if(!ssl_printf(ssl, " %s: \"%u since %s\"\n", str, 905 (unsigned)ntohl(soa->serial), xfrd_pretty_time(acq))) 906 return 0; 907 } else { 908 if(!ssl_printf(ssl, " %s: none\n", str)) 909 return 0; 910 } 911 return 1; 912 } 913 914 /** print zonestatus for one domain */ 915 static int 916 print_zonestatus(SSL* ssl, xfrd_state_t* xfrd, zone_options_t* zo) 917 { 918 xfrd_zone_t* xz = (xfrd_zone_t*)rbtree_search(xfrd->zones, 919 (const dname_type*)zo->node.key); 920 struct notify_zone_t* nz = (struct notify_zone_t*)rbtree_search( 921 xfrd->notify_zones, (const dname_type*)zo->node.key); 922 if(!ssl_printf(ssl, "zone: %s\n", zo->name)) 923 return 0; 924 if(!zo->part_of_config) { 925 if(!ssl_printf(ssl, " pattern: %s\n", zo->pattern->pname)) 926 return 0; 927 } 928 if(nz) { 929 if(nz->is_waiting) { 930 if(!ssl_printf(ssl, " notify: \"waiting-for-fd\"\n")) 931 return 0; 932 } else if(nz->notify_send_enable) { 933 if(!ssl_printf(ssl, " notify: \"sent try %d " 934 "to %s with serial %u\"\n", nz->notify_retry, 935 nz->notify_current->ip_address_spec, 936 (unsigned)ntohl(nz->current_soa->serial))) 937 return 0; 938 } 939 } 940 if(!xz) { 941 if(!ssl_printf(ssl, " state: master\n")) 942 return 0; 943 return 1; 944 } 945 if(!ssl_printf(ssl, " state: %s\n", 946 (xz->state == xfrd_zone_ok)?"ok":( 947 (xz->state == xfrd_zone_expired)?"expired":"refreshing"))) 948 return 0; 949 if(!print_soa_status(ssl, "served-serial", &xz->soa_nsd, 950 xz->soa_nsd_acquired)) 951 return 0; 952 if(!print_soa_status(ssl, "commit-serial", &xz->soa_disk, 953 xz->soa_disk_acquired)) 954 return 0; 955 if(xz->round_num != -1) { 956 if(!print_soa_status(ssl, "notified-serial", &xz->soa_notified, 957 xz->soa_notified_acquired)) 958 return 0; 959 } 960 961 /* UDP */ 962 if(xz->udp_waiting) { 963 if(!ssl_printf(ssl, " transfer: \"waiting-for-UDP-fd\"\n")) 964 return 0; 965 } else if(xz->zone_handler.ev_fd != -1 && xz->tcp_conn == -1) { 966 if(!ssl_printf(ssl, " transfer: \"sent UDP to %s\"\n", 967 xz->master->ip_address_spec)) 968 return 0; 969 } 970 971 /* TCP */ 972 if(xz->tcp_waiting) { 973 if(!ssl_printf(ssl, " transfer: \"waiting-for-TCP-fd\"\n")) 974 return 0; 975 } else if(xz->tcp_conn != -1) { 976 if(!ssl_printf(ssl, " transfer: \"TCP connected to %s\"\n", 977 xz->master->ip_address_spec)) 978 return 0; 979 } 980 981 return 1; 982 } 983 984 /** do the zonestatus command */ 985 static void 986 do_zonestatus(SSL* ssl, xfrd_state_t* xfrd, char* arg) 987 { 988 zone_options_t* zo; 989 if(!get_zone_arg(ssl, xfrd, arg, &zo)) 990 return; 991 if(zo) (void)print_zonestatus(ssl, xfrd, zo); 992 else { 993 RBTREE_FOR(zo, zone_options_t*, 994 xfrd->nsd->options->zone_options) { 995 if(!print_zonestatus(ssl, xfrd, zo)) 996 return; 997 } 998 } 999 } 1000 1001 /** do the verbosity command */ 1002 static void 1003 do_verbosity(SSL* ssl, char* str) 1004 { 1005 int val = atoi(str); 1006 if(strcmp(str, "") == 0) { 1007 ssl_printf(ssl, "verbosity %d\n", verbosity); 1008 return; 1009 } 1010 if(val == 0 && strcmp(str, "0") != 0) { 1011 ssl_printf(ssl, "error in verbosity number syntax: %s\n", str); 1012 return; 1013 } 1014 verbosity = val; 1015 task_new_set_verbosity(xfrd->nsd->task[xfrd->nsd->mytask], 1016 xfrd->last_task, val); 1017 xfrd_set_reload_now(xfrd); 1018 send_ok(ssl); 1019 } 1020 1021 /** find second argument, modifies string */ 1022 static int 1023 find_arg2(SSL* ssl, char* arg, char** arg2) 1024 { 1025 char* as = strrchr(arg, ' '); 1026 if(as) { 1027 as[0]=0; 1028 *arg2 = as+1; 1029 while(isspace(*as) && as > arg) 1030 as--; 1031 as[0]=0; 1032 return 1; 1033 } 1034 ssl_printf(ssl, "error could not find next argument " 1035 "after %s\n", arg); 1036 return 0; 1037 } 1038 1039 /** do the status command */ 1040 static void 1041 do_status(SSL* ssl, xfrd_state_t* xfrd) 1042 { 1043 if(!ssl_printf(ssl, "version: %s\n", PACKAGE_VERSION)) 1044 return; 1045 if(!ssl_printf(ssl, "verbosity: %d\n", verbosity)) 1046 return; 1047 #ifdef RATELIMIT 1048 if(!ssl_printf(ssl, "ratelimit: %d\n", 1049 (int)xfrd->nsd->options->rrl_ratelimit)) 1050 return; 1051 #else 1052 (void)xfrd; 1053 #endif 1054 } 1055 1056 /** do the stats command */ 1057 static void 1058 do_stats(struct daemon_remote* rc, int peek, struct rc_state* rs) 1059 { 1060 #ifdef BIND8_STATS 1061 /* queue up to get stats after a reload is done (to gather statistics 1062 * from the servers) */ 1063 assert(!rs->in_stats_list); 1064 if(peek) rs->in_stats_list = 2; 1065 else rs->in_stats_list = 1; 1066 rs->stats_next = rc->stats_list; 1067 rc->stats_list = rs; 1068 /* block the tcp waiting for the reload */ 1069 event_del(&rs->c); 1070 rs->event_added = 0; 1071 /* force a reload */ 1072 xfrd_set_reload_now(xfrd); 1073 #else 1074 (void)rc; (void)peek; 1075 (void)ssl_printf(rs->ssl, "error no stats enabled at compile time\n"); 1076 #endif /* BIND8_STATS */ 1077 } 1078 1079 /** do the addzone command */ 1080 static void 1081 do_addzone(SSL* ssl, xfrd_state_t* xfrd, char* arg) 1082 { 1083 zone_options_t* zopt; 1084 char* arg2 = NULL; 1085 if(!find_arg2(ssl, arg, &arg2)) 1086 return; 1087 1088 /* if we add it to the xfrd now, then xfrd could download AXFR and 1089 * store it and the NSD-reload would see it in the difffile before 1090 * it sees the add-config task. 1091 */ 1092 /* thus: AXFRs and IXFRs must store the pattern name in the 1093 * difffile, so that it can be added when the AXFR or IXFR is seen. 1094 */ 1095 1096 /* check that the pattern exists */ 1097 if(!rbtree_search(xfrd->nsd->options->patterns, arg2)) { 1098 (void)ssl_printf(ssl, "error pattern does not exist\n"); 1099 return; 1100 } 1101 1102 /* add to zonelist and adds to config in memory */ 1103 zopt = zone_list_add(xfrd->nsd->options, arg, arg2); 1104 if(!zopt) { 1105 /* also dname parse error here */ 1106 (void)ssl_printf(ssl, "error could not add zonelist entry\n"); 1107 return; 1108 } 1109 /* make addzone task and schedule reload */ 1110 task_new_add_zone(xfrd->nsd->task[xfrd->nsd->mytask], 1111 xfrd->last_task, arg, arg2); 1112 xfrd_set_reload_now(xfrd); 1113 /* add to xfrd - notify (for master and slaves) */ 1114 init_notify_send(xfrd->notify_zones, xfrd->region, zopt); 1115 /* add to xfrd - slave */ 1116 if(zone_is_slave(zopt)) { 1117 xfrd_init_slave_zone(xfrd, zopt); 1118 } 1119 1120 send_ok(ssl); 1121 } 1122 1123 /** do the delzone command */ 1124 static void 1125 do_delzone(SSL* ssl, xfrd_state_t* xfrd, char* arg) 1126 { 1127 const dname_type* dname; 1128 zone_options_t* zopt; 1129 1130 dname = dname_parse(xfrd->region, arg); 1131 if(!dname) { 1132 (void)ssl_printf(ssl, "error cannot parse zone name\n"); 1133 return; 1134 } 1135 1136 /* see if we have the zone in question */ 1137 zopt = zone_options_find(xfrd->nsd->options, dname); 1138 if(!zopt) { 1139 region_recycle(xfrd->region, (void*)dname, 1140 dname_total_size(dname)); 1141 /* nothing to do */ 1142 if(!ssl_printf(ssl, "warning zone %s not present\n", arg)) 1143 return; 1144 send_ok(ssl); 1145 return; 1146 } 1147 1148 /* see if it can be deleted */ 1149 if(zopt->part_of_config) { 1150 region_recycle(xfrd->region, (void*)dname, 1151 dname_total_size(dname)); 1152 (void)ssl_printf(ssl, "error zone defined in nsd.conf, " 1153 "cannot delete it in this manner: remove it from " 1154 "nsd.conf yourself and repattern\n"); 1155 return; 1156 } 1157 1158 /* create deletion task */ 1159 task_new_del_zone(xfrd->nsd->task[xfrd->nsd->mytask], 1160 xfrd->last_task, dname); 1161 xfrd_set_reload_now(xfrd); 1162 /* delete it in xfrd */ 1163 if(zone_is_slave(zopt)) { 1164 xfrd_del_slave_zone(xfrd, dname); 1165 } 1166 xfrd_del_notify(xfrd, dname); 1167 /* delete from config */ 1168 zone_list_del(xfrd->nsd->options, zopt); 1169 1170 region_recycle(xfrd->region, (void*)dname, dname_total_size(dname)); 1171 send_ok(ssl); 1172 } 1173 1174 /** remove TSIG key from config and add task so that reload does too */ 1175 static void remove_key(xfrd_state_t* xfrd, const char* kname) 1176 { 1177 /* add task before deletion because the name string could be deleted */ 1178 task_new_del_key(xfrd->nsd->task[xfrd->nsd->mytask], xfrd->last_task, 1179 kname); 1180 key_options_remove(xfrd->nsd->options, kname); 1181 xfrd_set_reload_now(xfrd); /* this is executed when the current control 1182 command ends, thus the entire config changes are bunched up */ 1183 } 1184 1185 /** add TSIG key to config and add task so that reload does too */ 1186 static void add_key(xfrd_state_t* xfrd, key_options_t* k) 1187 { 1188 key_options_add_modify(xfrd->nsd->options, k); 1189 task_new_add_key(xfrd->nsd->task[xfrd->nsd->mytask], xfrd->last_task, 1190 k); 1191 xfrd_set_reload_now(xfrd); 1192 } 1193 1194 /** check if keys have changed */ 1195 static void repat_keys(xfrd_state_t* xfrd, nsd_options_t* newopt) 1196 { 1197 nsd_options_t* oldopt = xfrd->nsd->options; 1198 key_options_t* k; 1199 /* find deleted keys */ 1200 k = (key_options_t*)rbtree_first(oldopt->keys); 1201 while((rbnode_t*)k != RBTREE_NULL) { 1202 key_options_t* next = (key_options_t*)rbtree_next( 1203 (rbnode_t*)k); 1204 if(!key_options_find(newopt, k->name)) 1205 remove_key(xfrd, k->name); 1206 k = next; 1207 } 1208 /* find added or changed keys */ 1209 RBTREE_FOR(k, key_options_t*, newopt->keys) { 1210 key_options_t* origk = key_options_find(oldopt, k->name); 1211 if(!origk) 1212 add_key(xfrd, k); 1213 else if(!key_options_equal(k, origk)) 1214 add_key(xfrd, k); 1215 } 1216 } 1217 1218 /** find zone given the implicit pattern */ 1219 static const dname_type* 1220 parse_implicit_name(xfrd_state_t* xfrd,const char* pname) 1221 { 1222 if(strncmp(pname, PATTERN_IMPLICIT_MARKER, 1223 strlen(PATTERN_IMPLICIT_MARKER)) != 0) 1224 return NULL; 1225 return dname_parse(xfrd->region, pname + 1226 strlen(PATTERN_IMPLICIT_MARKER)); 1227 } 1228 1229 /** remove cfgzone and add task so that reload does too */ 1230 static void 1231 remove_cfgzone(xfrd_state_t* xfrd, const char* pname) 1232 { 1233 /* dname and find the zone for the implicit pattern */ 1234 zone_options_t* zopt = NULL; 1235 const dname_type* dname = parse_implicit_name(xfrd, pname); 1236 if(!dname) { 1237 /* should have a parseable name, but it did not */ 1238 return; 1239 } 1240 1241 /* find the zone entry for the implicit pattern */ 1242 zopt = zone_options_find(xfrd->nsd->options, dname); 1243 if(!zopt) { 1244 /* this should not happen; implicit pattern has zone entry */ 1245 region_recycle(xfrd->region, (void*)dname, 1246 dname_total_size(dname)); 1247 return; 1248 } 1249 1250 /* create deletion task */ 1251 task_new_del_zone(xfrd->nsd->task[xfrd->nsd->mytask], 1252 xfrd->last_task, dname); 1253 xfrd_set_reload_now(xfrd); 1254 /* delete it in xfrd */ 1255 if(zone_is_slave(zopt)) { 1256 xfrd_del_slave_zone(xfrd, dname); 1257 } 1258 xfrd_del_notify(xfrd, dname); 1259 1260 /* delete from zoneoptions */ 1261 zone_options_delete(xfrd->nsd->options, zopt); 1262 1263 /* recycle parsed dname */ 1264 region_recycle(xfrd->region, (void*)dname, dname_total_size(dname)); 1265 } 1266 1267 /** add cfgzone and add task so that reload does too */ 1268 static void 1269 add_cfgzone(xfrd_state_t* xfrd, const char* pname) 1270 { 1271 /* add to our zonelist */ 1272 zone_options_t* zopt = zone_options_create(xfrd->nsd->options->region); 1273 if(!zopt) 1274 return; 1275 zopt->part_of_config = 1; 1276 zopt->name = region_strdup(xfrd->nsd->options->region, 1277 pname + strlen(PATTERN_IMPLICIT_MARKER)); 1278 zopt->pattern = pattern_options_find(xfrd->nsd->options, pname); 1279 if(!zopt->name || !zopt->pattern) 1280 return; 1281 if(!nsd_options_insert_zone(xfrd->nsd->options, zopt)) { 1282 log_msg(LOG_ERR, "bad domain name or duplicate zone '%s' " 1283 "pattern %s", zopt->name, pname); 1284 } 1285 1286 /* make addzone task and schedule reload */ 1287 task_new_add_zone(xfrd->nsd->task[xfrd->nsd->mytask], 1288 xfrd->last_task, zopt->name, pname); 1289 xfrd_set_reload_now(xfrd); 1290 /* add to xfrd - notify (for master and slaves) */ 1291 init_notify_send(xfrd->notify_zones, xfrd->region, zopt); 1292 /* add to xfrd - slave */ 1293 if(zone_is_slave(zopt)) { 1294 xfrd_init_slave_zone(xfrd, zopt); 1295 } 1296 } 1297 1298 /** remove pattern and add task so that reload does too */ 1299 static void 1300 remove_pat(xfrd_state_t* xfrd, const char* name) 1301 { 1302 /* add task before deletion, because name-string could be deleted */ 1303 task_new_del_pattern(xfrd->nsd->task[xfrd->nsd->mytask], 1304 xfrd->last_task, name); 1305 pattern_options_remove(xfrd->nsd->options, name); 1306 xfrd_set_reload_now(xfrd); 1307 } 1308 1309 /** add pattern and add task so that reload does too */ 1310 static void 1311 add_pat(xfrd_state_t* xfrd, pattern_options_t* p) 1312 { 1313 pattern_options_add_modify(xfrd->nsd->options, p); 1314 task_new_add_pattern(xfrd->nsd->task[xfrd->nsd->mytask], 1315 xfrd->last_task, p); 1316 xfrd_set_reload_now(xfrd); 1317 } 1318 1319 /** interrupt zones that are using changed or removed patterns */ 1320 static void 1321 repat_interrupt_zones(xfrd_state_t* xfrd, nsd_options_t* newopt) 1322 { 1323 /* if masterlist changed: 1324 * interrupt slave zone (UDP or TCP) transfers. 1325 * slave zones reset master to start of list. 1326 */ 1327 xfrd_zone_t* xz; 1328 struct notify_zone_t* nz; 1329 RBTREE_FOR(xz, xfrd_zone_t*, xfrd->zones) { 1330 pattern_options_t* oldp = xz->zone_options->pattern; 1331 pattern_options_t* newp = pattern_options_find(newopt, 1332 oldp->pname); 1333 if(!newp || !acl_list_equal(oldp->request_xfr, 1334 newp->request_xfr)) { 1335 /* interrupt transfer */ 1336 if(xz->tcp_conn != -1) { 1337 xfrd_tcp_release(xfrd->tcp_set, xz); 1338 xfrd_set_refresh_now(xz); 1339 } else if(xz->zone_handler.ev_fd != -1) { 1340 xfrd_udp_release(xz); 1341 xfrd_set_refresh_now(xz); 1342 } 1343 xz->master = 0; 1344 xz->master_num = 0; 1345 xz->next_master = -1; 1346 xz->round_num = 0; /* fresh set of retries */ 1347 } 1348 } 1349 /* if notify list changed: 1350 * interrupt notify that is busy. 1351 * reset notify to start of list. (clear all other reset_notify) 1352 */ 1353 RBTREE_FOR(nz, struct notify_zone_t*, xfrd->notify_zones) { 1354 pattern_options_t* oldp = nz->options->pattern; 1355 pattern_options_t* newp = pattern_options_find(newopt, 1356 oldp->pname); 1357 if(!newp || !acl_list_equal(oldp->notify, newp->notify)) { 1358 /* interrupt notify */ 1359 if(nz->notify_send_enable) { 1360 notify_disable(nz); 1361 /* set to restart the notify after the 1362 * pattern has been changed. */ 1363 nz->notify_restart = 2; 1364 } else { 1365 nz->notify_restart = 1; 1366 } 1367 } else { 1368 nz->notify_restart = 0; 1369 } 1370 } 1371 } 1372 1373 /** for notify, after the pattern changes, restart the affected notifies */ 1374 static void 1375 repat_interrupt_notify_start(xfrd_state_t* xfrd) 1376 { 1377 struct notify_zone_t* nz; 1378 RBTREE_FOR(nz, struct notify_zone_t*, xfrd->notify_zones) { 1379 if(nz->notify_restart) { 1380 if(nz->notify_current) 1381 nz->notify_current = nz->options->pattern->notify; 1382 if(nz->notify_restart == 2) { 1383 if(nz->notify_restart) 1384 xfrd_notify_start(nz); 1385 } 1386 } 1387 } 1388 } 1389 1390 /** check if patterns have changed */ 1391 static void 1392 repat_patterns(xfrd_state_t* xfrd, nsd_options_t* newopt) 1393 { 1394 /* zones that use changed patterns must have: 1395 * - their AXFR/IXFR interrupted: try again, acl may have changed. 1396 * if the old master/key still exists, OK, fix master-numptrs and 1397 * keep going. Otherwise, stop xfer and reset TSIG. 1398 * - send NOTIFY reset to start of NOTIFY list (and TSIG reset). 1399 */ 1400 nsd_options_t* oldopt = xfrd->nsd->options; 1401 pattern_options_t* p; 1402 int search_zones = 0; 1403 1404 repat_interrupt_zones(xfrd, newopt); 1405 /* find deleted patterns */ 1406 p = (pattern_options_t*)rbtree_first(oldopt->patterns); 1407 while((rbnode_t*)p != RBTREE_NULL) { 1408 pattern_options_t* next = (pattern_options_t*)rbtree_next( 1409 (rbnode_t*)p); 1410 if(!pattern_options_find(newopt, p->pname)) { 1411 if(p->implicit) { 1412 /* first remove its zone */ 1413 VERBOSITY(1, (LOG_INFO, "zone removed from config: %s", p->pname + strlen(PATTERN_IMPLICIT_MARKER))); 1414 remove_cfgzone(xfrd, p->pname); 1415 } 1416 remove_pat(xfrd, p->pname); 1417 } 1418 p = next; 1419 } 1420 /* find added or changed patterns */ 1421 RBTREE_FOR(p, pattern_options_t*, newopt->patterns) { 1422 pattern_options_t* origp = pattern_options_find(oldopt, 1423 p->pname); 1424 if(!origp) { 1425 /* no zones can use it, no zone_interrupt needed */ 1426 add_pat(xfrd, p); 1427 if(p->implicit) { 1428 VERBOSITY(1, (LOG_INFO, "zone added to config: %s", p->pname + strlen(PATTERN_IMPLICIT_MARKER))); 1429 add_cfgzone(xfrd, p->pname); 1430 } 1431 } else if(!pattern_options_equal(p, origp)) { 1432 uint8_t newstate = 0; 1433 if (p->request_xfr && !origp->request_xfr) { 1434 newstate = REPAT_SLAVE; 1435 } else if (!p->request_xfr && origp->request_xfr) { 1436 newstate = REPAT_MASTER; 1437 } 1438 add_pat(xfrd, p); 1439 if (p->implicit && newstate) { 1440 const dname_type* dname = 1441 parse_implicit_name(xfrd, p->pname); 1442 if (dname) { 1443 if (newstate == REPAT_SLAVE) { 1444 zone_options_t* zopt = 1445 zone_options_find( 1446 oldopt, dname); 1447 if (zopt) { 1448 xfrd_init_slave_zone( 1449 xfrd, zopt); 1450 } 1451 } else if (newstate == REPAT_MASTER) { 1452 xfrd_del_slave_zone(xfrd, 1453 dname); 1454 } 1455 region_recycle(xfrd->region, 1456 (void*)dname, 1457 dname_total_size(dname)); 1458 } 1459 } else if(!p->implicit && newstate) { 1460 /* search all zones with this pattern */ 1461 search_zones = 1; 1462 origp->xfrd_flags = newstate; 1463 } 1464 } 1465 } 1466 if (search_zones) { 1467 zone_options_t* zone_opt; 1468 /* search in oldopt because 1) it contains zonelist zones, 1469 * and 2) you need oldopt(existing) to call xfrd_init */ 1470 RBTREE_FOR(zone_opt, zone_options_t*, oldopt->zone_options) { 1471 pattern_options_t* oldp = zone_opt->pattern; 1472 if (!oldp->implicit) { 1473 if (oldp->xfrd_flags == REPAT_SLAVE) { 1474 /* xfrd needs stable reference so get 1475 * it from the oldopt(modified) tree */ 1476 xfrd_init_slave_zone(xfrd, zone_opt); 1477 } else if (oldp->xfrd_flags == REPAT_MASTER) { 1478 xfrd_del_slave_zone(xfrd, 1479 (const dname_type*) 1480 zone_opt->node.key); 1481 } 1482 oldp->xfrd_flags = 0; 1483 } 1484 } 1485 } 1486 repat_interrupt_notify_start(xfrd); 1487 } 1488 1489 /** true if options are different that can be set via repat. */ 1490 static int 1491 repat_options_changed(xfrd_state_t* xfrd, nsd_options_t* newopt) 1492 { 1493 #ifdef RATELIMIT 1494 if(xfrd->nsd->options->rrl_ratelimit != newopt->rrl_ratelimit) 1495 return 1; 1496 if(xfrd->nsd->options->rrl_whitelist_ratelimit != newopt->rrl_whitelist_ratelimit) 1497 return 1; 1498 if(xfrd->nsd->options->rrl_slip != newopt->rrl_slip) 1499 return 1; 1500 #else 1501 (void)xfrd; (void)newopt; 1502 #endif 1503 return 0; 1504 } 1505 1506 /** check if global options have changed */ 1507 static void 1508 repat_options(xfrd_state_t* xfrd, nsd_options_t* newopt) 1509 { 1510 if(repat_options_changed(xfrd, newopt)) { 1511 /* update our options */ 1512 #ifdef RATELIMIT 1513 xfrd->nsd->options->rrl_ratelimit = newopt->rrl_ratelimit; 1514 xfrd->nsd->options->rrl_whitelist_ratelimit = newopt->rrl_whitelist_ratelimit; 1515 xfrd->nsd->options->rrl_slip = newopt->rrl_slip; 1516 #endif 1517 task_new_opt_change(xfrd->nsd->task[xfrd->nsd->mytask], 1518 xfrd->last_task, newopt); 1519 xfrd_set_reload_now(xfrd); 1520 } 1521 } 1522 1523 /** print errors over ssl, gets pointer-to-pointer to ssl, so it can set 1524 * the pointer to NULL on failure and stop printing */ 1525 static void 1526 print_ssl_cfg_err(void* arg, const char* str) 1527 { 1528 SSL** ssl = (SSL**)arg; 1529 if(!*ssl) return; 1530 if(!ssl_printf(*ssl, "%s", str)) 1531 *ssl = NULL; /* failed, stop printing */ 1532 } 1533 1534 /** do the repattern command: reread config file and apply keys, patterns */ 1535 static void 1536 do_repattern(SSL* ssl, xfrd_state_t* xfrd) 1537 { 1538 region_type* region = region_create(xalloc, free); 1539 nsd_options_t* opt; 1540 const char* cfgfile = xfrd->nsd->options->configfile; 1541 1542 /* check chroot and configfile, if possible to reread */ 1543 if(xfrd->nsd->chrootdir) { 1544 size_t l = strlen(xfrd->nsd->chrootdir); 1545 while(l>0 && xfrd->nsd->chrootdir[l-1] == '/') 1546 --l; 1547 if(strncmp(xfrd->nsd->chrootdir, cfgfile, l) != 0) { 1548 ssl_printf(ssl, "error %s is not relative to %s: " 1549 "chroot prevents reread of config\n", 1550 cfgfile, xfrd->nsd->chrootdir); 1551 region_destroy(region); 1552 return; 1553 } 1554 cfgfile += l; 1555 } 1556 1557 ssl_printf(ssl, "reconfig start, read %s\n", cfgfile); 1558 opt = nsd_options_create(region); 1559 if(!parse_options_file(opt, cfgfile, &print_ssl_cfg_err, &ssl)) { 1560 /* error already printed */ 1561 region_destroy(region); 1562 return; 1563 } 1564 /* check for differences in TSIG keys and patterns, and apply, 1565 * first the keys, so that pattern->keyptr can be set right. */ 1566 repat_keys(xfrd, opt); 1567 repat_patterns(xfrd, opt); 1568 repat_options(xfrd, opt); 1569 send_ok(ssl); 1570 region_destroy(region); 1571 } 1572 1573 /** do the serverpid command: printout pid of server process */ 1574 static void 1575 do_serverpid(SSL* ssl, xfrd_state_t* xfrd) 1576 { 1577 (void)ssl_printf(ssl, "%u\n", (unsigned)xfrd->reload_pid); 1578 } 1579 1580 /** check for name with end-of-string, space or tab after it */ 1581 static int 1582 cmdcmp(char* p, const char* cmd, size_t len) 1583 { 1584 return strncmp(p,cmd,len)==0 && (p[len]==0||p[len]==' '||p[len]=='\t'); 1585 } 1586 1587 /** execute a remote control command */ 1588 static void 1589 execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd, struct rc_state* rs) 1590 { 1591 char* p = skipwhite(cmd); 1592 /* compare command */ 1593 if(cmdcmp(p, "stop", 4)) { 1594 do_stop(ssl, rc->xfrd); 1595 } else if(cmdcmp(p, "reload", 6)) { 1596 do_reload(ssl, rc->xfrd, skipwhite(p+6)); 1597 } else if(cmdcmp(p, "write", 5)) { 1598 do_write(ssl, rc->xfrd, skipwhite(p+5)); 1599 } else if(cmdcmp(p, "status", 6)) { 1600 do_status(ssl, rc->xfrd); 1601 } else if(cmdcmp(p, "stats_noreset", 13)) { 1602 do_stats(rc, 1, rs); 1603 } else if(cmdcmp(p, "stats", 5)) { 1604 do_stats(rc, 0, rs); 1605 } else if(cmdcmp(p, "log_reopen", 10)) { 1606 do_log_reopen(ssl, rc->xfrd); 1607 } else if(cmdcmp(p, "addzone", 7)) { 1608 do_addzone(ssl, rc->xfrd, skipwhite(p+7)); 1609 } else if(cmdcmp(p, "delzone", 7)) { 1610 do_delzone(ssl, rc->xfrd, skipwhite(p+7)); 1611 } else if(cmdcmp(p, "notify", 6)) { 1612 do_notify(ssl, rc->xfrd, skipwhite(p+6)); 1613 } else if(cmdcmp(p, "transfer", 8)) { 1614 do_transfer(ssl, rc->xfrd, skipwhite(p+8)); 1615 } else if(cmdcmp(p, "force_transfer", 14)) { 1616 do_force_transfer(ssl, rc->xfrd, skipwhite(p+14)); 1617 } else if(cmdcmp(p, "zonestatus", 10)) { 1618 do_zonestatus(ssl, rc->xfrd, skipwhite(p+10)); 1619 } else if(cmdcmp(p, "verbosity", 9)) { 1620 do_verbosity(ssl, skipwhite(p+9)); 1621 } else if(cmdcmp(p, "repattern", 9)) { 1622 do_repattern(ssl, rc->xfrd); 1623 } else if(cmdcmp(p, "reconfig", 8)) { 1624 do_repattern(ssl, rc->xfrd); 1625 } else if(cmdcmp(p, "serverpid", 9)) { 1626 do_serverpid(ssl, rc->xfrd); 1627 } else { 1628 (void)ssl_printf(ssl, "error unknown command '%s'\n", p); 1629 } 1630 } 1631 1632 /** handle remote control request */ 1633 static void 1634 handle_req(struct daemon_remote* rc, struct rc_state* s, SSL* ssl) 1635 { 1636 int r; 1637 char pre[10]; 1638 char magic[8]; 1639 char buf[1024]; 1640 if (fcntl(s->c.ev_fd, F_SETFL, 0) == -1) { /* set blocking */ 1641 log_msg(LOG_ERR, "cannot fcntl rc: %s", strerror(errno)); 1642 } 1643 1644 /* try to read magic UBCT[version]_space_ string */ 1645 ERR_clear_error(); 1646 if((r=SSL_read(ssl, magic, (int)sizeof(magic)-1)) <= 0) { 1647 if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) 1648 return; 1649 log_crypto_err("could not SSL_read"); 1650 return; 1651 } 1652 magic[7] = 0; 1653 if( r != 7 || strncmp(magic, "NSDCT", 5) != 0) { 1654 VERBOSITY(2, (LOG_INFO, "control connection has bad header")); 1655 /* probably wrong tool connected, ignore it completely */ 1656 return; 1657 } 1658 1659 /* read the command line */ 1660 if(!ssl_read_line(ssl, buf, sizeof(buf))) { 1661 return; 1662 } 1663 snprintf(pre, sizeof(pre), "NSDCT%d ", NSD_CONTROL_VERSION); 1664 if(strcmp(magic, pre) != 0) { 1665 VERBOSITY(2, (LOG_INFO, "control connection had bad " 1666 "version %s, cmd: %s", magic, buf)); 1667 ssl_printf(ssl, "error version mismatch\n"); 1668 return; 1669 } 1670 VERBOSITY(2, (LOG_INFO, "control cmd: %s", buf)); 1671 1672 /* figure out what to do */ 1673 execute_cmd(rc, ssl, buf, s); 1674 } 1675 1676 static void 1677 remote_control_callback(int fd, short event, void* arg) 1678 { 1679 struct rc_state* s = (struct rc_state*)arg; 1680 struct daemon_remote* rc = s->rc; 1681 int r; 1682 if( (event&EV_TIMEOUT) ) { 1683 log_msg(LOG_ERR, "remote control timed out"); 1684 clean_point(rc, s); 1685 return; 1686 } 1687 /* (continue to) setup the SSL connection */ 1688 ERR_clear_error(); 1689 r = SSL_do_handshake(s->ssl); 1690 if(r != 1) { 1691 int r2 = SSL_get_error(s->ssl, r); 1692 if(r2 == SSL_ERROR_WANT_READ) { 1693 if(s->shake_state == rc_hs_read) { 1694 /* try again later */ 1695 return; 1696 } 1697 s->shake_state = rc_hs_read; 1698 event_del(&s->c); 1699 event_set(&s->c, fd, EV_PERSIST|EV_TIMEOUT|EV_READ, 1700 remote_control_callback, s); 1701 if(event_base_set(xfrd->event_base, &s->c) != 0) 1702 log_msg(LOG_ERR, "remote_accept: cannot set event_base"); 1703 if(event_add(&s->c, &s->tval) != 0) 1704 log_msg(LOG_ERR, "remote_accept: cannot add event"); 1705 return; 1706 } else if(r2 == SSL_ERROR_WANT_WRITE) { 1707 if(s->shake_state == rc_hs_write) { 1708 /* try again later */ 1709 return; 1710 } 1711 s->shake_state = rc_hs_write; 1712 event_del(&s->c); 1713 event_set(&s->c, fd, EV_PERSIST|EV_TIMEOUT|EV_WRITE, 1714 remote_control_callback, s); 1715 if(event_base_set(xfrd->event_base, &s->c) != 0) 1716 log_msg(LOG_ERR, "remote_accept: cannot set event_base"); 1717 if(event_add(&s->c, &s->tval) != 0) 1718 log_msg(LOG_ERR, "remote_accept: cannot add event"); 1719 return; 1720 } else { 1721 if(r == 0) 1722 log_msg(LOG_ERR, "remote control connection closed prematurely"); 1723 log_crypto_err("remote control failed ssl"); 1724 clean_point(rc, s); 1725 return; 1726 } 1727 } 1728 s->shake_state = rc_none; 1729 1730 /* once handshake has completed, check authentication */ 1731 if(SSL_get_verify_result(s->ssl) == X509_V_OK) { 1732 X509* x = SSL_get_peer_certificate(s->ssl); 1733 if(!x) { 1734 VERBOSITY(2, (LOG_INFO, "remote control connection " 1735 "provided no client certificate")); 1736 clean_point(rc, s); 1737 return; 1738 } 1739 VERBOSITY(3, (LOG_INFO, "remote control connection authenticated")); 1740 X509_free(x); 1741 } else { 1742 VERBOSITY(2, (LOG_INFO, "remote control connection failed to " 1743 "authenticate with client certificate")); 1744 clean_point(rc, s); 1745 return; 1746 } 1747 1748 /* if OK start to actually handle the request */ 1749 handle_req(rc, s, s->ssl); 1750 1751 if(!s->in_stats_list) { 1752 VERBOSITY(3, (LOG_INFO, "remote control operation completed")); 1753 clean_point(rc, s); 1754 } 1755 } 1756 1757 #ifdef BIND8_STATS 1758 static const char* 1759 opcode2str(int o) 1760 { 1761 switch(o) { 1762 case OPCODE_QUERY: return "QUERY"; 1763 case OPCODE_IQUERY: return "IQUERY"; 1764 case OPCODE_STATUS: return "STATUS"; 1765 case OPCODE_NOTIFY: return "NOTIFY"; 1766 case OPCODE_UPDATE: return "UPDATE"; 1767 default: return "OTHER"; 1768 } 1769 } 1770 1771 /** print long number */ 1772 static int 1773 print_longnum(SSL* ssl, char* desc, uint64_t x) 1774 { 1775 if(x > (uint64_t)1024*1024*1024) { 1776 /* more than a Gb */ 1777 size_t front = (size_t)(x / (uint64_t)1000000); 1778 size_t back = (size_t)(x % (uint64_t)1000000); 1779 return ssl_printf(ssl, "%s%u%6.6u\n", desc, 1780 (unsigned)front, (unsigned)back); 1781 } else { 1782 return ssl_printf(ssl, "%s%u\n", desc, (unsigned)x); 1783 } 1784 } 1785 1786 static void 1787 print_stats(SSL* ssl, xfrd_state_t* xfrd, struct timeval* now) 1788 { 1789 const char* rcstr[] = {"NOERROR", "FORMERR", "SERVFAIL", "NXDOMAIN", 1790 "NOTIMP", "REFUSED", "YXDOMAIN", "YXRRSET", "NXRRSET", "NOTAUTH", 1791 "NOTZONE", "RCODE11", "RCODE12", "RCODE13", "RCODE14", "RCODE15", 1792 "BADVERS" 1793 }; 1794 size_t i; 1795 stc_t total = 0; 1796 struct timeval elapsed, uptime; 1797 1798 /* per CPU and total */ 1799 for(i=0; i<xfrd->nsd->child_count; i++) { 1800 if(!ssl_printf(ssl, "server%d.queries=%u\n", (int)i, 1801 (unsigned)xfrd->nsd->children[i].query_count)) 1802 return; 1803 total += xfrd->nsd->children[i].query_count; 1804 } 1805 if(!ssl_printf(ssl, "num.queries=%u\n", (unsigned)total)) 1806 return; 1807 1808 /* time elapsed and uptime (in seconds) */ 1809 timeval_subtract(&uptime, now, &xfrd->nsd->rc->boot_time); 1810 timeval_subtract(&elapsed, now, &xfrd->nsd->rc->stats_time); 1811 if(!ssl_printf(ssl, "time.boot=%u.%6.6u\n", 1812 (unsigned)uptime.tv_sec, (unsigned)uptime.tv_usec)) 1813 return; 1814 if(!ssl_printf(ssl, "time.elapsed=%u.%6.6u\n", 1815 (unsigned)elapsed.tv_sec, (unsigned)elapsed.tv_usec)) 1816 return; 1817 1818 /* mem info, database on disksize */ 1819 if(!print_longnum(ssl, "size.db.disk=", xfrd->nsd->st.db_disk)) 1820 return; 1821 if(!print_longnum(ssl, "size.db.mem=", xfrd->nsd->st.db_mem)) 1822 return; 1823 if(!print_longnum(ssl, "size.xfrd.mem=", region_get_mem(xfrd->region))) 1824 return; 1825 if(!print_longnum(ssl, "size.config.disk=", 1826 xfrd->nsd->options->zonelist_off)) 1827 return; 1828 if(!print_longnum(ssl, "size.config.mem=", region_get_mem( 1829 xfrd->nsd->options->region))) 1830 return; 1831 1832 for(i=0; i<= 255; i++) { 1833 if(inhibit_zero && xfrd->nsd->st.qtype[i] == 0 && 1834 strncmp(rrtype_to_string(i), "TYPE", 4) == 0) 1835 continue; 1836 if(!ssl_printf(ssl, "num.type.%s=%u\n", 1837 rrtype_to_string(i), (unsigned)xfrd->nsd->st.qtype[i])) 1838 return; 1839 } 1840 1841 /* opcode */ 1842 for(i=0; i<6; i++) { 1843 if(inhibit_zero && xfrd->nsd->st.opcode[i] == 0 && 1844 i != OPCODE_QUERY) 1845 continue; 1846 if(!ssl_printf(ssl, "num.opcode.%s=%u\n", opcode2str(i), 1847 (unsigned)xfrd->nsd->st.opcode[i])) 1848 return; 1849 } 1850 1851 /* qclass */ 1852 for(i=0; i<4; i++) { 1853 if(inhibit_zero && xfrd->nsd->st.qclass[i] == 0 && 1854 i != CLASS_IN) 1855 continue; 1856 if(!ssl_printf(ssl, "num.class.%s=%u\n", rrclass_to_string(i), 1857 (unsigned)xfrd->nsd->st.qclass[i])) 1858 return; 1859 } 1860 1861 /* rcode */ 1862 for(i=0; i<17; i++) { 1863 if(inhibit_zero && xfrd->nsd->st.rcode[i] == 0 && 1864 i > RCODE_YXDOMAIN) /* NSD does not use larger */ 1865 continue; 1866 if(!ssl_printf(ssl, "num.rcode.%s=%u\n", rcstr[i], 1867 (unsigned)xfrd->nsd->st.rcode[i])) 1868 return; 1869 } 1870 1871 /* edns */ 1872 if(!ssl_printf(ssl, "num.edns=%u\n", (unsigned)xfrd->nsd->st.edns)) 1873 return; 1874 1875 /* ednserr */ 1876 if(!ssl_printf(ssl, "num.ednserr=%u\n", 1877 (unsigned)xfrd->nsd->st.ednserr)) 1878 return; 1879 1880 /* qudp */ 1881 if(!ssl_printf(ssl, "num.udp=%u\n", (unsigned)xfrd->nsd->st.qudp)) 1882 return; 1883 /* qudp6 */ 1884 if(!ssl_printf(ssl, "num.udp6=%u\n", (unsigned)xfrd->nsd->st.qudp6)) 1885 return; 1886 /* ctcp */ 1887 if(!ssl_printf(ssl, "num.tcp=%u\n", (unsigned)xfrd->nsd->st.ctcp)) 1888 return; 1889 /* ctcp6 */ 1890 if(!ssl_printf(ssl, "num.tcp6=%u\n", (unsigned)xfrd->nsd->st.ctcp6)) 1891 return; 1892 1893 /* nona */ 1894 if(!ssl_printf(ssl, "num.answer_wo_aa=%u\n", 1895 (unsigned)xfrd->nsd->st.nona)) 1896 return; 1897 1898 /* rxerr */ 1899 if(!ssl_printf(ssl, "num.rxerr=%u\n", (unsigned)xfrd->nsd->st.rxerr)) 1900 return; 1901 1902 /* txerr */ 1903 if(!ssl_printf(ssl, "num.txerr=%u\n", (unsigned)xfrd->nsd->st.txerr)) 1904 return; 1905 1906 /* number of requested-axfr, number of times axfr served to clients */ 1907 if(!ssl_printf(ssl, "num.raxfr=%u\n", (unsigned)xfrd->nsd->st.raxfr)) 1908 return; 1909 1910 /* truncated */ 1911 if(!ssl_printf(ssl, "num.truncated=%u\n", 1912 (unsigned)xfrd->nsd->st.truncated)) 1913 return; 1914 1915 /* dropped */ 1916 if(!ssl_printf(ssl, "num.dropped=%u\n", 1917 (unsigned)xfrd->nsd->st.dropped)) 1918 return; 1919 1920 /* zone statistics */ 1921 if(!ssl_printf(ssl, "zone.master=%u\n", 1922 (unsigned)(xfrd->notify_zones->count - xfrd->zones->count))) 1923 return; 1924 if(!ssl_printf(ssl, "zone.slave=%u\n", (unsigned)xfrd->zones->count)) 1925 return; 1926 } 1927 1928 static void 1929 clear_stats(xfrd_state_t* xfrd) 1930 { 1931 size_t i; 1932 uint64_t dbd = xfrd->nsd->st.db_disk; 1933 uint64_t dbm = xfrd->nsd->st.db_mem; 1934 for(i=0; i<xfrd->nsd->child_count; i++) { 1935 xfrd->nsd->children[i].query_count = 0; 1936 } 1937 memset(&xfrd->nsd->st, 0, sizeof(struct nsdst)); 1938 xfrd->nsd->st.db_disk = dbd; 1939 xfrd->nsd->st.db_mem = dbm; 1940 } 1941 1942 void 1943 daemon_remote_process_stats(struct daemon_remote* rc) 1944 { 1945 struct rc_state* s; 1946 struct timeval now; 1947 if(!rc) return; 1948 if(gettimeofday(&now, NULL) == -1) 1949 log_msg(LOG_ERR, "gettimeofday: %s", strerror(errno)); 1950 /* pop one and give it stats */ 1951 while((s = rc->stats_list)) { 1952 assert(s->in_stats_list); 1953 print_stats(s->ssl, rc->xfrd, &now); 1954 if(s->in_stats_list == 1) { 1955 clear_stats(rc->xfrd); 1956 rc->stats_time = now; 1957 } 1958 VERBOSITY(3, (LOG_INFO, "remote control stats printed")); 1959 rc->stats_list = s->next; 1960 s->in_stats_list = 0; 1961 clean_point(rc, s); 1962 } 1963 } 1964 #endif /* BIND8_STATS */ 1965 1966 #endif /* HAVE_SSL */ 1967